From nobody Wed Feb 8 11:33:03 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8609A129FC6; Wed, 8 Feb 2017 11:32:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mGvvLvU9_R87; Wed, 8 Feb 2017 11:32:52 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1BD8129418; Wed, 8 Feb 2017 11:32:52 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7CE3D203AE; Wed, 8 Feb 2017 14:53:57 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7EDE7636BB; Wed, 8 Feb 2017 14:32:51 -0500 (EST) From: Michael Richardson to: 6tisch@ietf.org In-Reply-To: <855.1482509287@obiwan.sandelman.ca> References: <14596.1479347046@dooku.sandelman.ca> <360614422818437292b671f00cb498d3@XCH-RCD-001.cisco.com> <855.1482509287@obiwan.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: 6tisch-security@ietf.org, 6lo@ietf.org Subject: [6tisch-security] 6lo-ra-in-ie becoming X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: 6tisch@ietf.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2017 19:32:54 -0000 --=-=-= Content-Type: text/plain {6lo is CC'ed to close this question up, but Reply-To: set to 6tisch, as there isn't anything that is not 6tisch specific left at this point} I have just posted: draft-richardson-6tisch-join-enhanced-beacon https://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enhanced-beacon/ The diff isn't very interesting, as it's mostly a forklift upgrade. This is the result of ongoing discussion to make the zero-touch and one-touch join processes work together, and to achieve a level of interoperation such that a zero-touch capable device, which has received a one-touch, could actually recognize that it needs to do zero-touch. Further, we are trying to accomodate both one-touch and zero-touch bootstrap using both pledge initiated communications (the one-touch preference), and Join Registrar/Coordinator initiated communications. The network shall know which way it will operate, and the network will announce this in the proposed enhanced beacon. (ENHANCED. I hope I stamped out all the occurances of that other E-word, which I will not write here) This text could go into 6tisch-minimal-security, or it could be a seperate document. It would have been nice to put it into 6tisch-minimal; but I sure hope that ship has sailed. Maybe it should Update that? The R flag is for host-operation of nodes which would otherwise want to listen for a multicast Router-Advertisement, or initiate one with a multicast RS. It is hard for me to construct a scenario where the R bit would be zero, and yet the device is alive enough that it thinks it ought to send beacons. It could be that some networks do not wish to support attachment of leaf nodes to all routers though. {previous paragraph probably belongs in document?} The core is: 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TBD-XXX |J|I|R| R E S V | network ID | +-+-+-+-+-+-+-+-+-+-+-+---------+ | | network ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | network ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ J : the Join Proxy flag is set if the sending node will operate as a Join Proxy according to {{I-D.ietf-6tisch-minimal-security}}. I : the Initiate Join flag is set if this network supports pledges initiating the join process themselves according to {{I-D.ietf-6tisch-minimal-security}}. If not set, then the pledge should do an NS DAD operation ({{RFC6775}} section 4.3, explained in {{I-D.ietf-6tisch-dtsecurity-secure-join}}) and then remain silent, to wait to be contacted. R : the Router Advertisement flag is set if the sending node will act as a Router for host-only nodes that need addressing via unicast Router Solicitation messages. network ID : this is an opaque 16-byte identifier that uniquely identifies this network, potentially among many networks that are operating in the same frequencies in overlapping physical space. In a 6tisch network, where RPL is used as the mesh routing protocol, the network ID SHOULD be constructed from a SHA256 hash of the DODAGID of the network. The result will be a 32-byte hash, and the lower 16-bytes should be used. {oh. I show only 8 bytes of network-ID in the picture. Oops. I will grow the diagram} -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlibcmMACgkQgItw+93Q 3WWh6QgAoMRsUjWGNa1I9vl3PgpIufhSdBUO9sHqwUyj/DSmQuUi4kR2V0X+F/91 35efGp3A3aO9Xyqaz5vkOKCFSzAuPZSBeMINc+ZGE37g+N2CDJ2E9u6MU/srN5ox DfTt01lIXjcsxwyPAx7+/gMF2KUdPHGYetyBB4b+vbpcsQwEsaIVuR9YopflKwU1 GtpRbMv0/wOi/7soWWJRhiJwHFTL3RDL9iP45fiz3Rwf8AnJdzomWrTSFtlTRdCE y2SzK4t7yIz6nDqJTxfYj0uReVhcyng+2BAVDgdO/qGfnqE5UEWcuZNRIxRfOoNl GZomFidx1e5tI/okWrVbMFSDGDjECw== =CkxW -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Feb 9 01:06:17 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810DB1294AC for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 01:06:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zs0cUWO8UbYw for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 01:06:15 -0800 (PST) Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0EDD128E18 for <6tisch-security@ietf.org>; Thu, 9 Feb 2017 01:06:14 -0800 (PST) Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:216]) by smtp-cloud3.xs4all.net with ESMTP id iZ6C1u00H25pRQy01Z6CV5; Thu, 09 Feb 2017 10:06:12 +0100 Received: from AMontpellier-654-1-241-185.w92-133.abo.wanadoo.fr ([92.133.12.185]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Thu, 09 Feb 2017 10:06:12 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 09 Feb 2017 10:06:12 +0100 From: peter van der Stok To: 6tisch Security <6tisch-security@ietf.org> Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org Message-ID: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> X-Sender: stokcons@xs4all.nl User-Agent: XS4ALL Webmail Archived-At: Subject: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 09:06:16 -0000 Dear authors, For the transport of the link-layer keys have you thought about using a specific format? Will you specify a content-format in the CoAP registry? We should like to use that content format also in the est-coaps draft. If you do, will it be possible to use CBOR and specifically binary arrays? Greetings, Peter -- Peter van der Stok vanderstok consultancy mailto: consultancy@vanderstok.org www: www.vanderstok.org tel NL: +31(0)492474673 F: +33(0)966015248 From nobody Thu Feb 9 01:45:24 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB03129488 for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 01:45:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ta6cSwsiOdGX for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 01:45:22 -0800 (PST) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4663129636 for <6tisch-security@ietf.org>; Thu, 9 Feb 2017 01:45:21 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.35,349,1484002800"; d="scan'208";a="212604446" Received: from unknown (HELO [128.93.85.17]) ([128.93.85.17]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Feb 2017 10:45:17 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: =?utf-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= In-Reply-To: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> Date: Thu, 9 Feb 2017 10:45:17 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> References: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> To: consultancy@vanderstok.org X-Mailer: Apple Mail (2.3124) Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org> Subject: Re: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 09:45:24 -0000 Hello Peter, We use COSE Key Set structure to transport link-layer keys. Key set is a = CBOR array, while each key in the array is specified as a CBOR map = object. This is quite flexible and relies on the already standardized = document (COSE). We then bundle Key Set object together with a short = 15.4 address to create a response that fits within a single 15.4 frame. = For more details refer to Section 4.4 of minimal-security draft. For the content-format question, doesn=E2=80=99t it suffice to use = application/cbor as content type? I don=E2=80=99t have much experience = with content-format registration so please correct me if I am missing = something. Regards, Mali=C5=A1a > On 09 Feb 2017, at 10:06, peter van der Stok = wrote: >=20 > Dear authors, >=20 > For the transport of the link-layer keys have you thought about using = a specific format? > Will you specify a content-format in the CoAP registry? > We should like to use that content format also in the est-coaps draft. >=20 > If you do, will it be possible to use CBOR and specifically binary = arrays? >=20 > Greetings, >=20 > Peter >=20 > --=20 > Peter van der Stok > vanderstok consultancy > mailto: consultancy@vanderstok.org > www: www.vanderstok.org > tel NL: +31(0)492474673 F: +33(0)966015248 >=20 > _______________________________________________ > 6tisch-security mailing list > 6tisch-security@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch-security From nobody Thu Feb 9 05:15:42 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A2DD129A04 for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 05:15:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.12 X-Spam-Level: X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mYeOFWg-HOWF for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 05:15:40 -0800 (PST) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A10CB1299FD for <6tisch-security@ietf.org>; Thu, 9 Feb 2017 05:15:39 -0800 (PST) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v19DFZTS011997 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 9 Feb 2017 15:15:35 +0200 (EET) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v19DFYal001564; Thu, 9 Feb 2017 15:15:34 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable Message-ID: <22684.27510.499873.955382@fireball.acr.fi> Date: Thu, 9 Feb 2017 15:15:34 +0200 From: Tero Kivinen To: =?utf-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= In-Reply-To: <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> References: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 2 min X-Total-Time: 1 min Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org>, consultancy@vanderstok.org Subject: Re: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 13:15:40 -0000 Mali=B9a Vu=E8ini=E6 writes: > Hello Peter, >=20 > We use COSE Key Set structure to transport link-layer keys. Key set > is a CBOR array, while each key in the array is specified as a CBOR > map object. This is quite flexible and relies on the already > standardized document (COSE). We then bundle Key Set object together > with a short 15.4 address to create a response that fits within a > single 15.4 frame. For more details refer to Section 4.4 of > minimal-security draft.=20 You would also need to have 802.15.4 specific key identification information, i.e. the KeyIdMode, KeyIndex (if KeyIdMode is not 0) and KeySource (if KeyIdMode is 2 or 3). --=20 kivinen@iki.fi From nobody Thu Feb 9 05:58:34 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14B6F129A28 for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 05:58:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hp7SyPCSaBM2 for <6tisch-security@ietfa.amsl.com>; Thu, 9 Feb 2017 05:58:31 -0800 (PST) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F184C129A11 for <6tisch-security@ietf.org>; Thu, 9 Feb 2017 05:58:30 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.35,349,1484002800"; d="scan'208,217";a="212644993" Received: from unknown (HELO [128.93.85.17]) ([128.93.85.17]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Feb 2017 14:58:29 +0100 Content-Type: multipart/alternative; boundary="Apple-Mail=_E44440DB-7262-49D4-9FCA-5F996568EE18" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: =?utf-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= In-Reply-To: <22684.27510.499873.955382@fireball.acr.fi> Date: Thu, 9 Feb 2017 14:58:28 +0100 Message-Id: <44AF5DF7-CA08-403F-ABD1-5E6E07B83797@inria.fr> References: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> <22684.27510.499873.955382@fireball.acr.fi> To: Tero Kivinen X-Mailer: Apple Mail (2.3124) Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org>, consultancy@vanderstok.org Subject: Re: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 13:58:33 -0000 --Apple-Mail=_E44440DB-7262-49D4-9FCA-5F996568EE18 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Thanks, Tero. I created an issue in the bitbucket so we will resolve = this with the next published version. For minimal, I propose that we limit the document to either implicit or = KeyIndex mode and use the kid parameter of COSE_Key struct to identify = the value of the index. If kid is not present -> use implicit mode, if = kid is present use it for KeyIndex mode. What do you think? Mali=C5=A1a > On 09 Feb 2017, at 14:15, Tero Kivinen wrote: >=20 > You would also need to have 802.15.4 specific key identification > information, i.e. the KeyIdMode, KeyIndex (if KeyIdMode is not 0) and > KeySource (if KeyIdMode is 2 or 3). --Apple-Mail=_E44440DB-7262-49D4-9FCA-5F996568EE18 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Thanks, Tero. I created an issue in the bitbucket so we will = resolve this with the next published version.

For minimal, I propose that we limit = the document to either implicit or KeyIndex mode and use the kid = parameter of COSE_Key struct to identify the value of the index. If kid = is not present -> use implicit mode, if kid is present use it for = KeyIndex mode. What do you think?

Mali=C5=A1a

On = 09 Feb 2017, at 14:15, Tero Kivinen <kivinen@iki.fi> wrote:

You would also need to have 802.15.4 specific = key identification
information, i.e. the KeyIdMode, KeyIndex (if = KeyIdMode is not 0) and
KeySource (if KeyIdMode is 2 or = 3).

= --Apple-Mail=_E44440DB-7262-49D4-9FCA-5F996568EE18-- From nobody Thu Feb 9 08:59:32 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D00C5129C0C; Thu, 9 Feb 2017 08:59:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t-jLeO1zkjOO; Thu, 9 Feb 2017 08:59:29 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3186B129C0D; Thu, 9 Feb 2017 08:59:29 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 99A6FE1E2; Thu, 9 Feb 2017 12:20:34 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 846FF6381A; Thu, 9 Feb 2017 11:59:25 -0500 (EST) From: Michael Richardson To: anima@ietf.org In-Reply-To: <269DFF6F-9F5B-4D10-AB36-D2638CB9C1AE@cisco.com> References: <269DFF6F-9F5B-4D10-AB36-D2638CB9C1AE@cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: 6tisch-security@ietf.org, "hackathon@ietf.org" Subject: [6tisch-security] planning for ANIMA hackathon work X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: anima@ietf.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 16:59:31 -0000 --=-=-= Content-Type: text/plain In the last two ANIMA-bootstrap weekly design team calls we had some discussion about hackathon work. We are mere milimeters away from a pretty firm voucher specification: with that part nailed down the bootstrap protocol is essentially done. We have identified a few places in the bootstrap process where we think that we will benefit from some interoperation and working together. They are: 1) voucher creation, exchange and validation. (even if we are doing this with RSA keys and PKCS#7 S/MIME-like wrapping of JSON rather than the ideal "modern" EdDSA signed CWT objects) 2) Join Registrar / MASA interaction (we recognize we aren't close for March) 3) pledge / Join Registrar interaction (using EST) 4) Join Proxy/Join Registrar discovery (ACP and GRASP things) 5) Pledge/Join proxy discovery (GRASP DULL, but we still have advocates for using straight mDNS here) I know that Brian had other things, and he already put some stuff at: https://www.ietf.org/registration/MeetingWiki/wiki/98hackathon and I've extended it with the above five points. I note that the COSE/JOSE people lead by Jim Schaad, are also planning work, and we have identified CWT as being an important voucher format, probably it will be *the* format for the 6tisch version of bootstrap. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlicn+0ACgkQgItw+93Q 3WXSYggAltF6yC63ZR4uxL9UDzQFhNBo7m5Da4EYyPe36DqsSBTs2ClJyfONxkUb CzY4DL9mgGkaxsFSEtYeH1rYCo9svWQlUWIzYlW0iDMipUY2g8/XV9/eqZk5KW/a /99vDAKH7a7k7OXlXpiiEObLAGpMWcOuZXN9BgZyKw/VhB16jrz4jvGQhCtDJO0+ RMGb0Vq3UGPvgEYvWlx3e7ZPLXWRn+ibs2lfQaO9HehduqxaMhHYVxuolw6fHLEB qbgLQVnfDBcYhdlKSbvhPbgpcB32rWB/fydfDTdR7wypakkAv5xu1bbFrLoRf1+M 45kUO35py7EuohGqQdKWD2ctfvQWqQ== =Frdn -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Feb 10 00:12:33 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8C0E1297C1 for <6tisch-security@ietfa.amsl.com>; Fri, 10 Feb 2017 00:12:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.621 X-Spam-Level: X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxDbSARXzGNT for <6tisch-security@ietfa.amsl.com>; Fri, 10 Feb 2017 00:12:29 -0800 (PST) Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C5211294FB for <6tisch-security@ietf.org>; Fri, 10 Feb 2017 00:12:29 -0800 (PST) Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:215]) by smtp-cloud3.xs4all.net with ESMTP id iwCT1u00T13if5201wCT7R; Fri, 10 Feb 2017 09:12:27 +0100 Received: from AMontpellier-654-1-241-185.w92-133.abo.wanadoo.fr ([92.133.12.185]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Fri, 10 Feb 2017 09:12:27 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Fri, 10 Feb 2017 09:12:27 +0100 From: peter van der Stok To: =?UTF-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> References: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> Message-ID: X-Sender: stokcons@xs4all.nl User-Agent: XS4ALL Webmail Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org>, consultancy@vanderstok.org Subject: Re: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2017 08:12:31 -0000 Hi Malisa, thanks for the info. > > For the content-format question, doesn’t it suffice to use > application/cbor as content type? I don’t have much experience with > content-format registration so please correct me if I am missing > something. > When several applications use the same format, it is better to define it at one place. est-coaps probably wants to transport the same keys in the same format. Also in the future, new formats can be added without changing the bootstrap protocol. If you agree, I may do a proposal. Peter From nobody Fri Feb 10 00:52:15 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 116201294CA for <6tisch-security@ietfa.amsl.com>; Fri, 10 Feb 2017 00:52:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmJGlbDmc1Ul for <6tisch-security@ietfa.amsl.com>; Fri, 10 Feb 2017 00:52:13 -0800 (PST) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC5C129493 for <6tisch-security@ietf.org>; Fri, 10 Feb 2017 00:52:12 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.35,140,1484002800"; d="scan'208,217";a="212739282" Received: from unknown (HELO [128.93.85.17]) ([128.93.85.17]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Feb 2017 09:52:10 +0100 Content-Type: multipart/alternative; boundary="Apple-Mail=_FB0B5218-F406-4C5D-831B-5E9B13923094" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: =?utf-8?Q?Mali=C5=A1a_Vu=C4=8Dini=C4=87?= In-Reply-To: Date: Fri, 10 Feb 2017 09:52:13 +0100 Message-Id: <04026268-307C-46FE-B55C-7D47B0912ADC@inria.fr> References: <1f99708ffbacaa7235d05b535f669291@xs4all.nl> <6D6AE790-1234-403B-9429-992B4E168AF3@inria.fr> To: consultancy@vanderstok.org X-Mailer: Apple Mail (2.3124) Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org> Subject: Re: [6tisch-security] minimal security draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2017 08:52:14 -0000 --Apple-Mail=_FB0B5218-F406-4C5D-831B-5E9B13923094 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Yes, please, go ahead. Mali=C5=A1a > On 10 Feb 2017, at 09:12, peter van der Stok = wrote: >=20 > If you agree, I may do a proposal. --Apple-Mail=_FB0B5218-F406-4C5D-831B-5E9B13923094 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Yes, please, go ahead.

Mali=C5=A1a

On = 10 Feb 2017, at 09:12, peter van der Stok <stokcons@xs4all.nl> = wrote:

If you agree, I may do a proposal.

= --Apple-Mail=_FB0B5218-F406-4C5D-831B-5E9B13923094-- From nobody Mon Feb 13 03:20:18 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 561CF1295E2 for <6tisch-security@ietfa.amsl.com>; Mon, 13 Feb 2017 03:20:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.621 X-Spam-Level: X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xNSt1D6oBELn for <6tisch-security@ietfa.amsl.com>; Mon, 13 Feb 2017 03:20:15 -0800 (PST) Received: from lb2-smtp-cloud6.xs4all.net (lb2-smtp-cloud6.xs4all.net [194.109.24.28]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EFF61295E1 for <6tisch-security@ietf.org>; Mon, 13 Feb 2017 03:20:15 -0800 (PST) Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:215]) by smtp-cloud6.xs4all.net with ESMTP id kBLD1u00G13if5201BLDbu; Mon, 13 Feb 2017 12:20:13 +0100 Received: from AMontpellier-654-1-241-185.w92-133.abo.wanadoo.fr ([92.133.12.185]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Mon, 13 Feb 2017 12:20:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 13 Feb 2017 12:20:13 +0100 From: peter van der Stok To: Michael Richardson Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <7c735780-8a71-4100-a492-55fc9a77ac89@sandelman.ca> References: <9376fa080ad8d67c8b44641c2d62a958@xs4all.nl> <7c735780-8a71-4100-a492-55fc9a77ac89@sandelman.ca> Message-ID: <76d91fe6d76dd9f32bfb6909d006ffd7@xs4all.nl> X-Sender: stokcons@xs4all.nl User-Agent: XS4ALL Webmail Archived-At: Cc: 6tisch Security <6tisch-security@ietf.org> Subject: Re: [6tisch-security] secure join bootstrap X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 11:20:17 -0000 Hi Michael, thanks for your answer; below some requests for additional information. -- changed 6tisch to 6tisch-security -- Michael Richardson schreef op 2017-02-10 13:23: > see inline. > > On 02/08/17 04:10, peter van der Stok wrote: >> Hi 6tisch security, >> >> Having re-read RPLinfo and reading the secure-join draft, I do have a >> suggestion about the traffic from pledge to registrar. The draft >> already >> mentions the IP-in-IP encapsulation specified in RPLinfo draft. Why >> not >> rely on the RPLinfo draft for the pledge to Registrar communication >> completely? > > This was always my intention: leverage the IPIP compression mechanism > and source route forwarding... no new code! I'm glad you came up with > the idea too, which means it must be a good one! My hope is making the protocol general and leave details to local routing protocol. > > I had a number of thoughts about how to do this. Thanks for the thoughts, but let me ask some questions such that I am sure to understand the reasons for the thoughts. Suppose the pledge has address P6 and the join proxy has address J6. When the encapsulated packet arrives at a RPL aware registrar, first the the encapsulating header is removed; losing address J6 or losing the LL address of the last router. (correct?) and then the Registrar receives the packet with address P6. The main question to be solved is how can RPL route a packet to P6 which is unknown. Therefore you suggest the two thoughts below? (correct?) > a) have the Join Proxy send a DAO about the pledge. This is simplest > in > many ways, and for non-storing networks, this has no impact on the > mesh. > For storing networks, this would be an issue, and I'd suggest having > another non-storing instance for joining... (but, mixed mode) The above looks efficient to me for non-storing mode. For storing networks, Creating a new DODAG instance sounds work intensive for every pledge. Instead, Encapsulating at Join Proxy with source address P6 instead of J6 might work? > b) use another signal from Join Proxy to JRC/root. This is what I'm > currently proposing, although I used GRASP which may demand TCP. The > DAO > mechanism has the downside of not providing any ACK. This I do not understand completely; GRASP is anima oriented at L3, and only comes after securing L2, I thought. > >> The pledge can be considered a non-RPL aware node, one hop away from a >> DODAG node. >> >> The pledge may receive (allocate itself) a "temporary" routable IPv6 >> address. > > I'm not convinced the pledge *needs* that routable address if all the > traffic is IPIP encapsulated. I'm pretty sure that I'd rather not > expose the prefix of the network to the unauthenticated pledge if we > can > avoid that. It also implies that the pledge needs to hear a RA. IMO, a routable address is needed when other routing protocols (not RPL) need to fill in their routing tables for the return messages from Registrar to Pledge. > >> When it sends requests to the Registrar the join-proxy (first 6lri in >> RPLinfo) will add the necessary IP-in-IP headers. Also for the message >> from Registrar to pledge the same RPLinfo specification will be used. >> The Registrar does not need to be part of the DODAG, because RPLinfo >> prescribes what to do. >> >> I don't think allocating a temporary routable address will make the >> network more vulnerable. >> Communication between pledge and assistant is still over an insecure >> link with a permission to allow traffic from this one routable address >> (instead of link-local address) to the registrar. > > I agree with you: it can be made to work. Are you thinking that the > temporary address would not be from the network's prefix, but entirely > different? Why do we even need that, I wonder. Equally not sure about what prefix to use. Most routing protocols do not care about prefixes, do they? They only care about routes to IPv6 addresses expressed in L2 addresses. > > Do you think there is any increased risk of one pledge attacking > another > one? > In general, an attacker will use a routable address or an LL address depending on its purpose. In the 6tisch case, the acceptance of packets is independent of the address but depends on the link being secured. So I don't see any preferences for LL or global addresses. Then we come to a malicious node taking over the IP address of the bona-fide pledge. The malicious node needs the identity information of the bona fide pledge to be effective. Why bother stealing the IP address when this identity information is already stolen? Do you know of other opportunities? > Peter From nobody Tue Feb 14 04:25:31 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 483941295F2 for <6tisch-security@ietfa.amsl.com>; Tue, 14 Feb 2017 04:25:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohtBg-0_1tx7 for <6tisch-security@ietfa.amsl.com>; Tue, 14 Feb 2017 04:25:28 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F20B61295E2 for <6tisch-security@ietf.org>; Tue, 14 Feb 2017 04:25:27 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 3E658203AF for <6tisch-security@ietf.org>; Tue, 14 Feb 2017 07:46:52 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 86FBD6381A for <6tisch-security@ietf.org>; Tue, 14 Feb 2017 07:25:26 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [6tisch-security] reminder call this "morning" -- 1400UTC X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2017 12:25:30 -0000 --=-=-= Content-Type: text/plain Link: https://ietf.webex.com/ietf/j.php?MTID=me98f12cebda5e6b55c1b8c66c095d0a9 http://etherpad.tools.ietf.org:9000/p/6tischSecurity?useMonospaceFont=true Tuesday, 9:00 am Eastern Standard Time (GMT-05:00) (1400UTC) Meeting number: 641 335 839 Meeting password: pledge Agenda: 1) additions to minimal to include jump to zero-touch 2) Enhanced Beacon issues 3) rekey of minimal. 4) CoMI for rekeying? Diagrams and materiel: http://www.sandelman.ca/SSW/ietf/ see pledge-join-states_EB.svg (or .png) https://www.ietf.org/rfcdiff?url1=draft-ietf-6tisch-minimal-security-00&url2=draft-ietf-6tisch-minimal-security-01 https://www.ietf.org/rfcdiff?url1=draft-richardson-6lo-ra-in-ie-00&url2=draft-richardson-6tisch-join-enhanced-beacon-00 https://bitbucket.org/6tisch/draft-richardson-6tisch-dtsecurity-secure-join/raw/fe6b53be997741d3a18a57a77e7048d7b1f7013a/dtsecurity-secure-join.mkd and https://bitbucket.org/6tisch/draft-richardson-6tisch-dtsecurity-secure-join/src above links are in the etherpad. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlii9zUACgkQgItw+93Q 3WVWBwgAm9AEWBPCXJMPb1woZvbkpOiapQ0GNZKZs2lGCJfqzNwPlfgrxrihPpyQ ILmP5nQiiyE9Y3SAUZ6PrDArqfc7U5gP825i8HDL0AHwBy41yk+HjwV9KLobZ6vt e6BUtiJfjZiyerHO1oUeye/aM7nt8SLU1W+E5xT11tSv8/be0ildK//AB90DRsM9 nrf+8UC+4U94t7QtyF4D9DfuhJ9z/ZPqErPcTJ1LXE8/wxPL1iWr+ThVh3gBBll2 F/MuAe7RPYr6e1PttU9XFwC0RO4+PW5nrLtGP3eqR03LyIFZmsTiOXAKTG9V92vY ydTf+PvVwXaZAMFTpUeufbmEcoSVeg== =j1+B -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Feb 15 07:21:11 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D36CC129557 for <6tisch-security@ietfa.amsl.com>; Wed, 15 Feb 2017 07:21:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUqF5pm2u3em for <6tisch-security@ietfa.amsl.com>; Wed, 15 Feb 2017 07:21:08 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3412D12009C for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 07:21:08 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EC4E1E1D4 for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 10:42:34 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 63A376381A for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 10:21:05 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [6tisch-security] enhanced-beacon draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2017 15:21:10 -0000 --=-=-= Content-Type: text/plain WG Chairs, Would you prefer to us to keep: https://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enhanced-beacon/ as a seperate document (updating 6tisch-minimal?), or should this be wrapped up into 6tisch-minimal-security? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlikceEACgkQgItw+93Q 3WX3NQf/YNsEr0IAGCX5n2kuRIR7oslgP2ZmcvcsBnRuIrMsBdgOcJgTEMLqJRw7 u33JGv/WUK1NY30G31gme3u9HVj433USMySh/VZ+T86UjZZX/C/rDaAKWZD+JCur k53a0uUCw+ynsGONYV9rwvIsf5UaBSmhc0QGXXJQHfXvi4jHx6l1IPoBCtb3opSF jq2tiPdXQ/1SI8sNCR8uDcy+SFnQDYpN/7GAzQIJb0JvJlf3CbCe/HfBfUfOPA9o wLHZP8+kpQkNK6zadYevjKjM90sW0CcFSnuPGtcIR55qqKEUssXbxSaiHfHDwk8w WdkkXBeH8MXclRqHxrUHyBCzCxTsvA== =0cHe -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Feb 15 18:36:52 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF45C129C60 for <6tisch-security@ietfa.amsl.com>; Wed, 15 Feb 2017 18:36:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPJc7EnbEGEh for <6tisch-security@ietfa.amsl.com>; Wed, 15 Feb 2017 18:36:48 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CBFC129B22 for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 18:36:47 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A6F73E1DC for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 21:58:17 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 615906381A for <6tisch-security@ietf.org>; Wed, 15 Feb 2017 21:36:46 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [6tisch-security] minutes from winter 2017 meetings X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 02:36:51 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable These are the minutes from the 6tisch-security design team conference calls of 2017-01-17, 2017-01-31, and 2017-02-14. We need every two weeks at 1400UTC via webex. Note that we will have additional meeting on 2017-02-21, and then again on 2017-02-28. Attendance: 2017-01-17: present: Michael Richardson, Tero Kivinen, Pascal Thubert, Thomas Watteyne, Mali=C5=A1a Vu=C4=8Dini=C4=87 2017-01-31: present: Michael Richardson, Mali=C5=A1a Vu=C4=8Dini=C4=87, Tero Kivinen 2017-02-14: present: Michael Richardson, Mali=C5=A1a Vu=C4=8Dini=C4=87, Tero Kivinen The 17th was the first meeting of 2017. The table of contents of the two documents were placed into the etherpad and common items were identified. A plan was formulated to organize the zero-touch and one-touch documents. Some details: 1. Introduction <--- make this common, refer to each 2. Terminology . . . <-- make this in one document only. move all ter= ms to terminology draft. 3.1. Step 1 - Enhanced Beacon . . . . <-- common text 1. Introduction . <--- make this common, refer to each 1.1. Terminology . <-- make this in one document only. 1.2. Credentials 1.2.1. One-Touch Assumptions . .<- move this to 6tisch-minimal. 1.3.4. Size of packets, number of fragments . Phase one, and phase= two results. We worked on the terminology section, and made the following suggestions, which were previously posted. The suggestions were brought to the ANIMA bootstrap design team, and that team agreed upon them: o JN: Joining node - the device attempting to join a particular 6TiSCH network. -> BECOMES pledge o JCE: Join coordinating entity - central entity responsible for authentication and authorization of joining nodes. -> BECOMES Join Registrar and Coordinator o JA: Join assistant - the device within radio range of the JN that generates Enhanced Beacons (EBs) and facilitates end-to-end communications between the JN and JCE. -> BECOMES Join Proxy The new terminology is now: pledge : the prospective device, which has the identity provided to at the factory. Neither the device nor the network knows if the device yet knows if this device belongs with this network. Joined Node : the prospective device, after having completing the join process, often just called a Node. Join Proxy (JP): : a stateless relay that provides connectivity between the pledge and the join registrar/coordinator. Join Registrar/Coordinator (JRC): : central entity responsible for authentication and authorization of joini= ng nodes. We discussed some of the terms used in 802.15.10: "mesh root", 802.15.10 definition is: "mesh root: Device in the layer 2 routing mesh with depth zero that manages the mesh." We discussed the question about whether the Registrar and Coordinator always co-located. We did not come up with a conclusion. In addition, a weekly document working session was agreed to among the auth= ors. At the 2017-01-31 meeting, we spent some time discussing the various options for key modes and rekeying. Tero Kivinen suggested the mechanism for rekeying: a new key would deployed by the JRC to all nodes. It can do this over an extended period of time. When it thinks that it has reached as many nodes as it can, then it starts using the new key. Nodes, upon seeing a new key in use on the receive side, switch to sending with the new key, and the key change ripples through the mesh. We also discussed pair-wise keying, and decided it was out-of-scope for minimal. We would use KEYIDMODE=3D1 keys only, which are identified by a keyid. There are 255 of these. We later decided that we would pair the multicast keys ("K1") as used by the Enhanced Beacons and the unicast keys ("K2") used for regular traffic, in an odd/even fashion such that two keys would also be provisioned, and whenever there was a switch, it would switch both keys at the same time. We discussed the question about if we could do the rekey operation via an OBSERVE CoAP method, but we did not determine if OBSERVE is confirmable. We noted that the JRC sets the short address for the node, so it knows how to reach the node after it has joined, and thus it can easily reach out to all the nodes. We discussed if we should use a time-(ASN!)-based time to rekey or switch keys, and concurred that we may not always be able to predict when a rekey = is needed (emergency rekeys due to node compromise for instance), or how long = it will take to reach all nodes to do the rekey, so we are better off not going this direction. A reason for the rekey optimization is to avoid redoing public key operatio= ns! At the 2017-02-14 meeting, Michael and Mali=C5=A1a presented a FSM for the pledge to join the network. The diagram is at: http://www.sandelman.ca/SSW/ietf/6tisch/pledge-join-states_EB.svg Some discussion that ensued involved the question of how long a pledge would have to wait in order to hear the Enhanced Beacon. We continue to have some concern that without some attention to the parameters that it could take a pledge minutes to hours to be on the right channel at the right time to hear the EB. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlilED4ACgkQgItw+93Q 3WWROAf+Pnz55J94blMKEQYsci9SxXUYPGF4ZlrOnldpHg1iCtH+v89jczMwQEh7 8p8+LQB76Ap27z98uLpdyHpvQkNetCRVDtGvy57hsa44LBmFyX+dM8MGOEqZnyi/ B6ZT0+/qnFC+IqQyYKGdT0lqVz+piWjlN2vBFuqExGQNsXcCl4omm9riqmiBQnX1 TiSJ25C7qUN86nOdggrSFSNIvv68SY2tWhn2qBzZybrN086s2qzs5vNj2DonIe9L uy/rwsXJWSzF7ESeIAwBTv3WhmORlqlNcwVvBGzB9sSBpP5KnaS3t+IG6ovwJc4x 1Or7icr9IbrrRAPuUzxjeDfHM+aAfQ== =YHKg -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Feb 19 18:43:43 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B2812962E for <6tisch-security@ietfa.amsl.com>; Sun, 19 Feb 2017 18:43:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzHnuOkElL_1 for <6tisch-security@ietfa.amsl.com>; Sun, 19 Feb 2017 18:43:40 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C27FB129623 for <6tisch-security@ietf.org>; Sun, 19 Feb 2017 18:43:40 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 0915EE1FE for <6tisch-security@ietf.org>; Sun, 19 Feb 2017 22:05:24 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EFAFD636BB for <6tisch-security@ietf.org>; Sun, 19 Feb 2017 21:43:38 -0500 (EST) From: Michael Richardson To: 6tisch-security <6tisch-security@ietf.org> X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [6tisch-security] extra meeting this week X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Feb 2017 02:43:42 -0000 --=-=-= Content-Type: text/plain As agreed at the last telecon, we will have an extra meeting this week. Details are the same as other meetings: Tuesday, February 21, 2017 9:00 am Eastern Standard Time (GMT-05:00) Host: Michael Richardson Meeting number: 641 335 839 Meeting password: pledge Meeting link: https://ietf.webex.com/ietf/j.php?MTID=m939bbf9c639334e66387e22b1c6b957a Audio connection: 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) The agenda: 1) continued discussion of pledge state machine: - should we keep the passive version? - should we have a hybrid approach? 2) CoMI and rekeying process 3) zero-touch interface on top of CoMI -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAliqV9oACgkQgItw+93Q 3WXC3ggAvQT/R5RRZv15ymho3LgNWBa/aA4o00OgC5/sk+RLaMleSLWsiflTFz8n A/9C9pglCwiaHNh2HSCruUUMR+CcSE0O4hJ00uIwsPTwbI556Ho0qCItuC+XtG1G Eftq4PBYPrOqGjj+w5AXeudAtF0C3axKufNrhbuuMnCXukgbFJicuyGydjKFYnFM W0CSsq39+NjpOn2j0uRgHb5pDvuhwobGhJiYIKfIgZQTZo9KQlfFfS7Tmnz6jkrJ wBr1vzGxrqWSYNpbcJ3DKKqfm6YRrCRBFkZHGeFFiMkFniIj3ycCN6p3a7vswTvY JOImDvGnSq4eZ8GZ2AkKiZ0PfJp0Uw== =epMB -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Feb 21 06:03:18 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD8F129BC7 for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 06:03:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzeEYCMnSZXO for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 06:03:15 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C199B129BC2 for <6tisch-security@ietf.org>; Tue, 21 Feb 2017 06:03:15 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7C671203AF; Tue, 21 Feb 2017 09:25:03 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 65AC4636BB; Tue, 21 Feb 2017 09:03:13 -0500 (EST) From: Michael Richardson To: Tero Kivinen In-Reply-To: <22592.7216.968126.340725@fireball.acr.fi> References: <22592.7216.968126.340725@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: 6tisch-security@ietf.org Subject: Re: [6tisch-security] Short address assignment, nonces, and TSCH X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 14:03:17 -0000 --=-=-= Content-Type: text/plain Tero Kivinen wrote: > When using TSCH the situation is bit different as Frame counter is > replaced with network global ASN. This means that Source address part > needs to be unique for that timeslot. This means that coordinator > assigining the short address must make sure that same short address is > not given to multiple nodes at the same time, but it can give short > address to node A, and when it is sure that node A does not use the > short address anymore, it can give the same short address to node B. > This means it can reuse the short addresses and it will not run out of > short addresses unless it has more than 65k nodes in network. If the coordinator rekeyed the network, and knew that it had not rekeyed node A, that would also work, would it not? > Easiest way would be to send the lifetime along the short address. As > we do have global time in the network (ASN), we can use that as a > global time frame, so the coordinator can send node A a short address Agreed. Could we set a minimum lifetime, such that we could send just the upper 24 bits of ASN or something like that? (5 bytes of ASN pushes us into 8-byte integers, I think, wasting 3 bytes every time) -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlisSKAACgkQgItw+93Q 3WXL/Qf/ZhpdrgWIoZZOZn69Yxu+VZW4dRc9lXaGHLn8tGgnOyHnZ9AcgcMlC5Kw Q2AtDO3/jcUV+5p4BsrcEfkJp3ezMrGSB3L4yNXil2KtSqqiE2oe2yjKJQu9ZwpY q6iANF2KEB5K73rrkCI7Q9tSTA9dI0eCuKHYUKmACb9VuwlGsEVHVex46C6Q1xr8 RCPHtCmeJrfdfoCY8IZuDDYC+DE4adk/mW72F5bF3/O0yXDExvTxYiqe5ZkrOCMr EO6yZxofbA0fBlOjMA+eidRO7cTduXKyqNuXOLvKnreONY7+OgS2setgpJwyp6O6 I+JCWPCAOhLIhDfeGt//ED7+gGA6Qg== =ZfET -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Feb 21 08:50:46 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6089E129517 for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 08:50:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPupA-rbMDqO for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 08:50:43 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 017DD129515 for <6tisch-security@ietf.org>; Tue, 21 Feb 2017 08:50:41 -0800 (PST) X-AuditID: c1b4fb3a-f72d4980000021e0-50-58ac6fdf664a Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.183.84]) by (Symantec Mail Security) with SMTP id 79.31.08672.FDF6CA85; Tue, 21 Feb 2017 17:50:40 +0100 (CET) Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC022.ericsson.se ([153.88.183.84]) with mapi id 14.03.0319.002; Tue, 21 Feb 2017 17:50:17 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Michael Richardson Thread-Topic: slides you presented Thread-Index: AQHSjFGOCRvaNIlflEikL4sMm1HKEKFzrIQA Date: Tue, 21 Feb 2017 16:50:17 +0000 Message-ID: References: <21361.1487688501@obiwan.sandelman.ca> In-Reply-To: <21361.1487688501@obiwan.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.1.161129 x-originating-ip: [153.88.183.147] Content-Type: multipart/mixed; boundary="_002_D4D228CE766F3goranselanderericssoncom_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLIsWRmVeSWpSXmKPExsUyM2J7iO6D/DURBt/2CFg0r1zEbjGv4TKT A5PHkiU/mTxa5uxhDmCK4rJJSc3JLEst0rdL4Mp4/6KbvWD/RfaK69M6WRoYu3ewdzFyckgI mEjM7vjHBmILCaxjlOg8ptPFyAVkL2GUuNq1gxEkwSbgIvGg4RETiC0ioClxZGY7mM0sYCnR /vkOM4gtLKAoMb9tElSNksTk7g42CNtIYvLzrWBzWARUJR7vvQNm8wpYSKzovAy12Ehi2ecv rCA2p4CxxOXJB8BmMgqISXw/tQZql7jErSfzmSCOFpF4ePE0G4QtKvHy8T+wXlEBPYnlz9cA 9XIAxZUkpm1Ng2gNl3j4/xfUWkGJkzOfsExgFJ2FZOosJGWzkJTNAprEDPTx+l36ECXWEt3n F7JA2IoSU7ofskPYVhJrlt2GimtKfLo7kXUWMBSZBTYxSvzqXc0O03y09wIjsuYFjNyrGEWL U4uLc9ONjPRSizKTi4vz8/TyUks2MQIj+uCW31Y7GA8+dzzEKMDBqMTD+yF0TYQQa2JZcWXu IUYVoDmPNqy+wCjFkpefl6okwluUDZTmTUmsrEotyo8vKs1JLT7EKM3BoiTOa7byfriQQHpi SWp2ampBahFMlomDU6qBkXtzN4O3y5+Eby8eVbM5+X/TnL+m89Q0nmeBPXtYPOo1UqO29uao J5d+ufXhzPqU4lNmpxy0Dl2I3rg96DjHIlGZ90c7Odgt3Tyjg1v4UrfsZbN57r6BQ3TtDdnL yz69abWWD28v83OM4pC7WqVTPXFt9qH+j4tWz3I7tyW/p++PN/eTFWbflViKMxINtZiLihMB tLIxuvACAAA= Archived-At: Cc: "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 16:50:44 -0000 --_002_D4D228CE766F3goranselanderericssoncom_ Content-Type: text/plain; charset="utf-8" Content-ID: <95C7EB0A36B01A44827F1CE6A4705AE4@ericsson.com> Content-Transfer-Encoding: base64 SGkgTWljaGFlbCwNCg0KSSBlZGl0ZWQgdGhlIHByZXNlbnRhdGlvbiBkdXJpbmcgYW5kIGFmdGVy IHRoZSBtZWV0aW5nIHRvIHN1bW1hcmlzZSBzb21lDQpwb2ludHMgbWFkZS4gVGhlIHByb3RvY29s cyBhcmUgYXMgcHJlc2VudGVkLCB0aGUgYW5ub3RhdGlvbiBJ4oCZdmUgYWRkZWQuDQoNCkfDtnJh bg0KDQpPbiAyMDE3LTAyLTIxIDE1OjQ4LCAiTWljaGFlbCBSaWNoYXJkc29uIiA8bWNyQHNhbmRl bG1hbi5jYT4gd3JvdGU6DQoNCj4NCj5DYW4gSSBnZXQgYSBjb3B5IHBvc3RlZCB0byB0aGUgbGlz dCBmb3IgdGhlIHJlY29yZHM/DQo+VGhhbmtzLg0KPg0KPi0tDQo+XSAgICAgICAgICAgICAgIE5l dmVyIHRlbGwgbWUgdGhlIG9kZHMhICAgICAgICAgICAgICAgICB8IGlwdjYgbWVzaA0KPm5ldHdv cmtzIFsNCj5dICAgTWljaGFlbCBSaWNoYXJkc29uLCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3Mg ICAgICAgIHwgbmV0d29yaw0KPmFyY2hpdGVjdCAgWw0KPl0gICAgIG1jckBzYW5kZWxtYW4uY2Eg IGh0dHA6Ly93d3cuc2FuZGVsbWFuLmNhLyAgICAgICAgfCAgIHJ1Ynkgb24gcmFpbHMNCj4gICBb DQo+DQoNCg== --_002_D4D228CE766F3goranselanderericssoncom_ Content-Type: application/pdf; name="6tisch-dt-170221.pdf" Content-Description: 6tisch-dt-170221.pdf Content-Disposition: attachment; filename="6tisch-dt-170221.pdf"; size=90363; creation-date="Tue, 21 Feb 2017 16:50:17 GMT"; modification-date="Tue, 21 Feb 2017 16:50:17 GMT" Content-ID: <85289748554ECC47B08818E7B8B4A820@ericsson.com> Content-Transfer-Encoding: base64 JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQgMCBvYmoKPDwgL0xlbmd0aCA1IDAgUiAvRmlsdGVyIC9G bGF0ZURlY29kZSA+PgpzdHJlYW0KeAGtV8lu2zAQvfMrpmqrykktU7vUvVm65BZAQA9NTkaDIkgK pPl/oEOK80hZkpOitQ+SyeHM45t5Q/qOzumOap12dVEXlDdppbsspybr0o4/VJWafv+gb/SLNsf3 GW3vKbPf+61fVtV2nbqlprWuKnJDdOOH4PzGrwzGftLVgYmRcwylyXw5xh0HM68cVJdpxiip4kV5 W9L2lo56Kks7z49c12lZ6IbW/KO/pU3f55Sp/oq+U/JkRWudFpRET1ek05KSZ+bJA8/d7/iFNcko uUjMEL9EFysZG6xU4kfY/JL6MzrtLYcTmGXRpB2T6XBydK11Tv2WitxCto91kStgJcaaHByuqL8e 3Arl++gI4ijmwzvPyzTv6rYljuH4KJlHE4PZCEIYxi2iJcYlhBoo9yFKzfViduVDMOUmBFP+0nJX UbI2dPIztQM5JZuVYjo4BxOCKdHWiOeQDkmYJCoTi3x4UUihT06MWLurvU0hfkr7wqVQCS5vJEGB prbGvAlUiYNBiYQanh5WJYF8iTWGEnbS2inmBjYYEZOos6jYZqniSieMomPR+orzadJhfpTkZ7rJ 5S0BVfzKyeX1wINaRCVyLeosRLWogy6tG+44O2p485dqCKItqsFFerwm1EwXCgKZNuTJDjQxDjQo Q7Ey3koNSXVJ5cTvZOb9B8eziAcFuLEmTjxGR9yoxM9UPFJFKNIYb1xYpicOhWX8qCTCZPxRwohv VOiRnRn1SQw5KSlfz8AdwUGIcraFoqCzypbOpO+MChoNZw49tC2iRCUfR7uoAxUC9YkTKujAehaL suRjCouEMq+wOELawLr3tLIKZ0bhauoBzidt9dRA9O1B7R5Iwmbe1KEQfcXOsGlU3V8vuyraR7vi ej8xTHG3m2xP6l62u7xJzDTOVySNCDNgeOINVe0TMtiomeMmRsnAM04KwQuTWGKhGnyP/2TyEt44 kHAsnwHGQS/VzLVCspg9qslDE6xjd9YiOnQoNyDPCnY8NXZng0pQvwAPPU9XSQg4PnB6OhRYp756 h16GQ0ioFdIh18+2ATGzwBQhDwgkq7FbcQPysRHpkc9NaXFjxZI4ALe3UWXjM25HWuMjLez/X6SV fj0LQo17egxCwBk2yS/7ceXFHp2OcQ2SX7zOtuWyp/mjm8HJJXPu/Bw6CN897TV+L2UPQOO/HNrc e+Qvwb/4WnNnY2dt9x9wrbnhGl/zuB4k7fwPLS+M5gplbmRzdHJlYW0KZW5kb2JqCjUgMCBvYmoK OTIyCmVuZG9iagoyIDAgb2JqCjw8IC9UeXBlIC9QYWdlIC9QYXJlbnQgMyAwIFIgL1Jlc291cmNl cyA2IDAgUiAvQ29udGVudHMgNCAwIFIgL01lZGlhQm94IFswIDAgODQyIDU5NV0KPj4KZW5kb2Jq CjYgMCBvYmoKPDwgL1Byb2NTZXQgWyAvUERGIC9UZXh0IF0gL0NvbG9yU3BhY2UgPDwgL0NzMSA3 IDAgUiAvQ3MyIDggMCBSID4+IC9Gb250IDw8Ci9UVDQgMTIgMCBSIC9UVDIgMTAgMCBSID4+ID4+ CmVuZG9iagoxMyAwIG9iago8PCAvTGVuZ3RoIDE0IDAgUiAvTiAzIC9BbHRlcm5hdGUgL0Rldmlj ZVJHQiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAGFVVuIG1UY/pM5yQq7ztPa1S2k Q710KbtLthXdpbSaW5O0axqy2dUWQbOTk2TM7CTOTNILfSqC4ourvklBvL0tCILSesHWB/tSqVBW d+siKD60eEEo9EW38TuTZCZZaptlz3zz/d/5b+efGaKBtUK9rvsVoiXDNnPJqPLc0WPKwDr56SEa pFEaLKhWPZLNzhJ+Qiuu/b9bP5BPMFcn7mzvV2+5GyxySyXy3Qe+VrTUJeATRIGzat20iQaGwU8f t+sCixyGTSQI/KLA5TaGjYYX2/g1R5PPxaA5CyyrlUIReAV4fLGHL/fgdg5QwE+SG9zUVEX0ImvW SprOHUN7uYe5R3k3uKQ3ULPz24F1yKrOHcZ1DLW/UizEBZ4EXlELiTngR4CvNbWFTAffrtvRHPBj RP6djep8BHg3cKpkHpwHhh+/WWmkuvidU5X8s+C3gf/GWMwc6exdU60Yekk7wd+u8LTob4hIUjQ7 nQeGH+mAWcsJPXKQSkUeTwCPA79erR0WOcCn9JnVnBO8yGftVCUm8hT85ZcKh7LAo8C/cj0p9Igl /Vu3s50cWMjQMyIuYrE4t5x64YeF7Eo+BR5xmW6b+c5etlzSDqY7+k8qZkrwYu+1uu7MKHIL+M1G TtSOWIHJgplIAsNnIMuNedFPgZu04CsQpxotYlXJoE1SKEdJiuJaJxOWEmmkg+GwcjAcd13NhLPP oip4jZqOzcKadZTtnV2tQmWwBl13tCrFQh9RA54q9AfYiutToRjuGuDK/+OnncuNjp8aG2Fhthf/ +9gs28+m2Qwp7Cn2NDvA4mBn2D7XdxZ7uhWJfG4gStvPy4jIHd0Car+IGm0qYP0FihpZroe+riyP NsY8yxnzBU298sbfPb3SsLPqKib6OnrkXj0P/Ba4HljFuh7YcH0ogZ8CG/hbR2+8WmqevdNlcVIa TrTWp9t6Fl1VBJXqzs4ldEFDzbyn5oleH5dOf/mgF22VnXv+6tCl0yVjedRjRRf4q5lbGToz7rHh H8N/hlfD74U/DP8uvS19Kn0lnZc+ly6TIl2QLkpfS99KH0tfuPq7zZB79iQyF3Ml8hbT1a2wt9eY WDkqb5cfluPyDvlRedZVKfKIPCWn5F2wbHfPzZtvpbdy9OUoonX7c+dY4lnRXE84A9/9mADNi9g3 A/PIWKPj8Gmi32LeDDoJbe+T16mIhdgUS2+Z7mkx813fwUQwHoyQEtwdnAlOBQ8J3H2Wg7tgm8Ga 6M0N8+Eq+irlNj8hvicUq9VPmlq5Yit7wuEnlQg+fVxJG+rkuFLQdcUxWYrJLW42eXGSxHdT7CO6 mXO+h75tVzzOfoZo/194933vcccaRCsW0cjjHjeGd+UD7xKde0JtmM22P/L5viOySnv3OPe+oSje Xz+3WjfxHht4i2jzzVbrn/dbrc0P4H+D6IL+H6CffFUKZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9i agoxMDc5CmVuZG9iago3IDAgb2JqClsgL0lDQ0Jhc2VkIDEzIDAgUiBdCmVuZG9iagoxNSAwIG9i ago8PCAvTGVuZ3RoIDE2IDAgUiAvTiAzIC9BbHRlcm5hdGUgL0RldmljZVJHQiAvRmlsdGVyIC9G bGF0ZURlY29kZSA+PgpzdHJlYW0KeAGdlndUU9kWh8+9N73QEiIgJfQaegkg0jtIFQRRiUmAUAKG hCZ2RAVGFBEpVmRUwAFHhyJjRRQLg4Ji1wnyEFDGwVFEReXdjGsJ7601896a/cdZ39nnt9fZZ+99 17oAUPyCBMJ0WAGANKFYFO7rwVwSE8vE9wIYEAEOWAHA4WZmBEf4RALU/L09mZmoSMaz9u4ugGS7 2yy/UCZz1v9/kSI3QyQGAApF1TY8fiYX5QKUU7PFGTL/BMr0lSkyhjEyFqEJoqwi48SvbPan5iu7 yZiXJuShGlnOGbw0noy7UN6aJeGjjAShXJgl4GejfAdlvVRJmgDl9yjT0/icTAAwFJlfzOcmoWyJ MkUUGe6J8gIACJTEObxyDov5OWieAHimZ+SKBIlJYqYR15hp5ejIZvrxs1P5YjErlMNN4Yh4TM/0 tAyOMBeAr2+WRQElWW2ZaJHtrRzt7VnW5mj5v9nfHn5T/T3IevtV8Sbsz55BjJ5Z32zsrC+9FgD2 JFqbHbO+lVUAtG0GQOXhrE/vIADyBQC03pzzHoZsXpLE4gwnC4vs7GxzAZ9rLivoN/ufgm/Kv4Y5 95nL7vtWO6YXP4EjSRUzZUXlpqemS0TMzAwOl89k/fcQ/+PAOWnNycMsnJ/AF/GF6FVR6JQJhIlo u4U8gViQLmQKhH/V4X8YNicHGX6daxRodV8AfYU5ULhJB8hvPQBDIwMkbj96An3rWxAxCsi+vGit ka9zjzJ6/uf6Hwtcim7hTEEiU+b2DI9kciWiLBmj34RswQISkAd0oAo0gS4wAixgDRyAM3AD3iAA hIBIEAOWAy5IAmlABLJBPtgACkEx2AF2g2pwANSBetAEToI2cAZcBFfADXALDIBHQAqGwUswAd6B aQiC8BAVokGqkBakD5lC1hAbWgh5Q0FQOBQDxUOJkBCSQPnQJqgYKoOqoUNQPfQjdBq6CF2D+qAH 0CA0Bv0BfYQRmALTYQ3YALaA2bA7HAhHwsvgRHgVnAcXwNvhSrgWPg63whfhG/AALIVfwpMIQMgI A9FGWAgb8URCkFgkAREha5EipAKpRZqQDqQbuY1IkXHkAwaHoWGYGBbGGeOHWYzhYlZh1mJKMNWY Y5hWTBfmNmYQM4H5gqVi1bGmWCesP3YJNhGbjS3EVmCPYFuwl7ED2GHsOxwOx8AZ4hxwfrgYXDJu Na4Etw/XjLuA68MN4SbxeLwq3hTvgg/Bc/BifCG+Cn8cfx7fjx/GvyeQCVoEa4IPIZYgJGwkVBAa COcI/YQRwjRRgahPdCKGEHnEXGIpsY7YQbxJHCZOkxRJhiQXUiQpmbSBVElqIl0mPSa9IZPJOmRH chhZQF5PriSfIF8lD5I/UJQoJhRPShxFQtlOOUq5QHlAeUOlUg2obtRYqpi6nVpPvUR9Sn0vR5Mz l/OX48mtk6uRa5Xrl3slT5TXl3eXXy6fJ18hf0r+pvy4AlHBQMFTgaOwVqFG4bTCPYVJRZqilWKI YppiiWKD4jXFUSW8koGStxJPqUDpsNIlpSEaQtOledK4tE20Otpl2jAdRzek+9OT6cX0H+i99All JWVb5SjlHOUa5bPKUgbCMGD4M1IZpYyTjLuMj/M05rnP48/bNq9pXv+8KZX5Km4qfJUilWaVAZWP qkxVb9UU1Z2qbapP1DBqJmphatlq+9Uuq43Pp893ns+dXzT/5PyH6rC6iXq4+mr1w+o96pMamhq+ GhkaVRqXNMY1GZpumsma5ZrnNMe0aFoLtQRa5VrntV4wlZnuzFRmJbOLOaGtru2nLdE+pN2rPa1j qLNYZ6NOs84TXZIuWzdBt1y3U3dCT0svWC9fr1HvoT5Rn62fpL9Hv1t/ysDQINpgi0GbwaihiqG/ YZ5ho+FjI6qRq9Eqo1qjO8Y4Y7ZxivE+41smsImdSZJJjclNU9jU3lRgus+0zwxr5mgmNKs1u8ei sNxZWaxG1qA5wzzIfKN5m/krCz2LWIudFt0WXyztLFMt6ywfWSlZBVhttOqw+sPaxJprXWN9x4Zq 42Ozzqbd5rWtqS3fdr/tfTuaXbDdFrtOu8/2DvYi+yb7MQc9h3iHvQ732HR2KLuEfdUR6+jhuM7x jOMHJ3snsdNJp9+dWc4pzg3OowsMF/AX1C0YctFx4bgccpEuZC6MX3hwodRV25XjWuv6zE3Xjed2 xG3E3dg92f24+ysPSw+RR4vHlKeT5xrPC16Il69XkVevt5L3Yu9q76c+Oj6JPo0+E752vqt9L/hh /QL9dvrd89fw5/rX+08EOASsCegKpARGBFYHPgsyCRIFdQTDwQHBu4IfL9JfJFzUFgJC/EN2hTwJ NQxdFfpzGC4sNKwm7Hm4VXh+eHcELWJFREPEu0iPyNLIR4uNFksWd0bJR8VF1UdNRXtFl0VLl1gs WbPkRoxajCCmPRYfGxV7JHZyqffS3UuH4+ziCuPuLjNclrPs2nK15anLz66QX8FZcSoeGx8d3xD/ iRPCqeVMrvRfuXflBNeTu4f7kufGK+eN8V34ZfyRBJeEsoTRRJfEXYljSa5JFUnjAk9BteB1sl/y geSplJCUoykzqdGpzWmEtPi000IlYYqwK10zPSe9L8M0ozBDuspp1e5VE6JA0ZFMKHNZZruYjv5M 9UiMJJslg1kLs2qy3mdHZZ/KUcwR5vTkmuRuyx3J88n7fjVmNXd1Z752/ob8wTXuaw6thdauXNu5 Tnddwbrh9b7rj20gbUjZ8MtGy41lG99uit7UUaBRsL5gaLPv5sZCuUJR4b0tzlsObMVsFWzt3Waz rWrblyJe0fViy+KK4k8l3JLr31l9V/ndzPaE7b2l9qX7d+B2CHfc3em681iZYlle2dCu4F2t5czy ovK3u1fsvlZhW3FgD2mPZI+0MqiyvUqvakfVp+qk6oEaj5rmvep7t+2d2sfb17/fbX/TAY0DxQc+ HhQcvH/I91BrrUFtxWHc4azDz+ui6rq/Z39ff0TtSPGRz0eFR6XHwo911TvU1zeoN5Q2wo2SxrHj ccdv/eD1Q3sTq+lQM6O5+AQ4ITnx4sf4H++eDDzZeYp9qukn/Z/2ttBailqh1tzWibakNml7THvf 6YDTnR3OHS0/m/989Iz2mZqzymdLz5HOFZybOZ93fvJCxoXxi4kXhzpXdD66tOTSna6wrt7LgZev XvG5cqnbvfv8VZerZ645XTt9nX297Yb9jdYeu56WX+x+aem172296XCz/ZbjrY6+BX3n+l37L972 un3ljv+dGwOLBvruLr57/17cPel93v3RB6kPXj/Mejj9aP1j7OOiJwpPKp6qP6391fjXZqm99Oyg 12DPs4hnj4a4Qy//lfmvT8MFz6nPK0a0RupHrUfPjPmM3Xqx9MXwy4yX0+OFvyn+tveV0auffnf7 vWdiycTwa9HrmT9K3qi+OfrW9m3nZOjk03dp76anit6rvj/2gf2h+2P0x5Hp7E/4T5WfjT93fAn8 8ngmbWbm3/eE8/sKZW5kc3RyZWFtCmVuZG9iagoxNiAwIG9iagoyNjEyCmVuZG9iago4IDAgb2Jq ClsgL0lDQ0Jhc2VkIDE1IDAgUiBdCmVuZG9iagoxOCAwIG9iago8PCAvTGVuZ3RoIDE5IDAgUiAv RmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAGtl9luXEUQhu/PUzQmNuMQt3tfkBAQgxCb RMhIXBAuopEjHHkItgO8Pl/12WZznEh4ZJ+eOtXVf1X9VdW+Uc/UjUpG1+STVy7raKp1KtuqKz8q BqNuL9Wv6k91fnFn1epO2fa5W83bYmr7urXKpZmKahCp61k0Gb+ed27I/lCvHqvzny9vV5d/vf37 5XV3ewU0740u2WVl+Dinq+HDompbbFHeeG2yK2q1Vuffra36+g0eOVAb9S84X6vzXy6vX769+ufy 4s31m9ur9eXb26uV2G7uXDxXRntTi/GVVTSxFBdY5WBtTlE9vwCE0YafXHIwlpfy2ZI473SJ2Slv g442+A44Z0Zb64rLYNfG+Wwq9tbK1xIMDtmabdG1EKLnYH4njI5ox1B0DCFzSMLnVLAVg9UmuKi8 MzoYHzF2WIZvKTS1lGvooie/cdgYbfRKJCmn1HSMT1Vx5J4M88iIrsCoOsbS28J4RYI/gZ2EH1je N0nKsAYRkckRpIJeYiVIUUsVWNZrwpK7AzLR48hYvRzpiWnpMfgIVuvIGUeLSrZJMuAIdnVdj35L tq91QHJgn8DCfq245q3Fa58a+GTbd19j4DupKA2TlUCK07uUVrdX3S6lvXZUXoLSVnuXqUE8CLa4 gdKup/S9NL4Ror2bno05FvI5F3Uib2Ja6OmTsSU1A0VWKVPCJMInPKXuCoyHET1BJ5L3Vhz0cyTQ +9LKsdYoVN4VETsRFcvplLKjrhBYHZqrSKgR6hlJNgRPCjv5KOTbkzVTloqhVFsDoFabVnE0AH4p D3ESWz7E3CQuSSA5Ounipgi4wdSgRlcZwU9bt2TDAQ6K5f6AAYTT1kTXbUAl965I7vdl7yGBtfta EsExYJDERishHGJK3ddCn57jbrU4jaWefRd3BOCub1qKNnJDV5QOBnWliTopv5i0czQPaPF0qSiw piCPM1u6Ja11uXTsWL5Sv6nFl6dwI6jFmTyjWnx+KgxyavGkLZB80hZWLX54LDq8+rE9O3nzu1p+ r75ZtsGzBwV+UEU0xYNQ1ASl+3AoPw1QtiDszRuZe5Rj3+VdJZ0UZNU0xKAs7YfRkobK9A9W5n5h 7tQqUdehMG+ZCDqX2oqeXc5lEiM1yJRLJVnq0nrek7VkKRk/FOUGfpqLJHcbfxuYtnVfCpzJ7QOT KiQZUMzL8A4XensPujA1F8aQZmIWMT33FvbbXDnW0C96F7Q44UiyGZyYKWkrDT4zHEKExiFbMQYl +7AFtVztsnOmxMjOCvmg3rHpn4+Oh4R3O5yLxD4mqEbTIPaM6Qc4NxzwxfFp1/j/SAjl1aKMtH9x OvL+5GN5R40cjYst1m04nLk5ceug63pds6+Dwy3s8X38fUIZ4u499mOmYcqFzleZKrYlnoD+X/at CdrK+Irc5ByXgT6Goa8fHtKMmRxBnfFlKt8hlFPDGFuJbgGkX5yfduRcAjgH9XiIqSS2vcNnFjj/ YiGvJOmDyhj1p71Gt/i2LUjWpHp0MipPZkZBHA8YzYRxd22w6HBZDgLn3paTexJhPVecaApNhAoM TK7VuiMRctnk0x5n/N0N0Yb/cyTcCHCG0VNyVpmcGrv1JDia3NsP5BeDVjc5OB11Mq2OpMJa558W nw1xnw+ZtE++GlO5F6shOweTso9txN0tDrzbPG5gx5S0MYtTnV6MSMwIDdyHxtKUtML1gZyNE/Ke pHVtQkopLl/vTrjJVMzN1Nhttk1xiY3yX9dy3c0j9wGD/FMk2A4bFEK9v6mz2G4Xrk24g+T8AFtM GrmqcBdqLXzb0Q/ElRgL2AoHbQ1B276nHA6at3RsbpeBSc6EbRdh/Dx840nTjeejRnj6y5HwnPKH Un3naTMAAYxCQEOQ+u9X0mlk1S2GqkSN6xCiTf1PR/XRUt8TscQZMyef/QddkSZKCmVuZHN0cmVh bQplbmRvYmoKMTkgMCBvYmoKMTQ0MwplbmRvYmoKMTcgMCBvYmoKPDwgL1R5cGUgL1BhZ2UgL1Bh cmVudCAzIDAgUiAvUmVzb3VyY2VzIDIwIDAgUiAvQ29udGVudHMgMTggMCBSIC9NZWRpYUJveApb MCAwIDg0MiA1OTVdID4+CmVuZG9iagoyMCAwIG9iago8PCAvUHJvY1NldCBbIC9QREYgL1RleHQg L0ltYWdlQiAvSW1hZ2VDIC9JbWFnZUkgXSAvQ29sb3JTcGFjZSA8PCAvQ3MxIDcgMCBSCi9DczIg OCAwIFIgPj4gL0ZvbnQgPDwgL1RUNiAzMCAwIFIgL1RUMiAxMCAwIFIgPj4gL1hPYmplY3QgPDwg L0ltMyAyNSAwIFIKL0ltNCAyNyAwIFIgL0ltMSAyMSAwIFIgL0ltMiAyMyAwIFIgPj4gPj4KZW5k b2JqCjI1IDAgb2JqCjw8IC9MZW5ndGggMjYgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9J bWFnZSAvV2lkdGggNjEgL0hlaWdodCA4OTEgL0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3BhY2Ug NyAwIFIgL1NNYXNrIDMxIDAgUiAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRlRGVj b2RlCj4+CnN0cmVhbQp4Ae3QgQAAAADDoPlTH+SFUGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgxc Dwx9CwABCmVuZHN0cmVhbQplbmRvYmoKMjYgMCBvYmoKNzMzCmVuZG9iagoyNyAwIG9iago8PCAv TGVuZ3RoIDI4IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDYxIC9I ZWlnaHQgODk1IC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9TTWFzayAzMyAw IFIgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeAHt 0AENAAAAwqD3T20PBxEoDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBwODH/nAAEKZW5kc3Ry ZWFtCmVuZG9iagoyOCAwIG9iago3MzcKZW5kb2JqCjIxIDAgb2JqCjw8IC9MZW5ndGggMjIgMCBS IC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMTAxMSAvSGVpZ2h0IDcwIC9J bnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9TTWFzayAzNSAwIFIgL0JpdHNQZXJD b21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeAHt0IEAAAAAw6D5Ux/k hVBhwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwZeBgY9gwABCmVuZHN0cmVhbQplbmRvYmoKMjIgMCBvYmoKOTQ4CmVuZG9i agoyMyAwIG9iago8PCAvTGVuZ3RoIDI0IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1h Z2UgL1dpZHRoIDEwMTEgL0hlaWdodCA3MSAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSA3 IDAgUiAvU01hc2sgMzcgMCBSIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNv ZGUKPj4Kc3RyZWFtCngB7dABDQAAAMKg909tDjeIQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDg ZmBJXAABCmVuZHN0cmVhbQplbmRvYmoKMjQgMCBvYmoKOTYyCmVuZG9iagozNyAwIG9iago8PCAv TGVuZ3RoIDM4IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDEwMTEg L0hlaWdodCA3MSAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAvSW50ZXJwb2xhdGUgdHJ1ZSAvQml0 c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae3daVMaWxCA Ya8iILIjqyCiLKIIqKCssgtE3DUa4/3/f+P2GTTJxyFVVs113v6QWBUDMw+2p8/MOT1LSwQCCCCA AAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAAC CCCAAAIIIIAAAqYW+OdXmJqBk0fAHAKS78vLyysr8od8aY5z5iwRMK2ASviVFcuqhEXSnpw37U8C J24KAS3hLatWm31tzW6zWsh5U3zsnKRpBdQIb1m1ra073W63a33Ntio5b1oNThyBLy6g5vBawrt9 gWAwGPC5HJLzlPZf/GPn9MwqMK/prfZ1tz8Y2UxsJWJhv9thtTDMm/UngvP+2gJaTW+1O1y+YDSR SmdzmZ1E2Oe0r3IF72t/8JydOQU+JvFO70YksZM7KJZKhb2dzQ33mpXZvDl/JDjrryyg1fRy1c7p CYTjqexBuXJ6Vj0uZLZCXq2yl38nEEDAkAJ/8ZtJzkOu02uT+FBsO7Nfrtab7VajWsolw751m9yo U0tyCAQQMKzAQnn/XtNrk/itdL5Uqbe7vV6neSopH5HJvFUtySEQQMCgAgsuk5VfW8sr85peJvF7 xZN6uzccjQbdZrWYTUb87nW7zWYlEEDAoAJqmawqxHUO9H/U9JupXOG41u6PJtPJeNhpnBSyyWjQ 53Y51wkEEDCmgMOx4DJZbRa/5vQGY8nMwdFZu3cxnV3NLifD8/pJIZdKREMbAT+BAALGFPD5vB6X U5bJyvoZXeO8VtQ73P5wYjdfqjZ7F9+ubu/ubmaTYadeKe5nd7a34psEAggYUyAWi0bCGz6Zfqul 8TpyXsp6i9XhDkSSmcJxvTOcXt89PD4+3F1PR93m2UmpsL+Xy2YIBBAwpkA6vZtKxiMBj7qzpivl 5crdmssfSWYPq83+eHb7+P3l5fnp4eZyPOg0a6eV46NyuUQggIAxBYrFw4O93WQ0oNbM6Uh5Ncjb HJ5gIl2otAbT6/unl9fX1x/Pj3dX3y4G3fNWs1GvEQggYFSBs7PqSWk/nQh5ZZjXsRtGUn7V5vRF tveO6t3x1f33l59vbz9fX57uby4nF4N+t9M5JxBAwLAC7VazVintpaJ+p13PBTyV8nanP5rKHzf6 0+uH5x8/3/59e335fn8zm45Hg36v1yUQQMCwAp3zVuO0nN+JScrr2QCnFfbaKF+uySh/J3X971F+ NOh11SDfJhBAwKACrVajVinubS8wyssFe08wLnP5Zn9yJXP5H+9z+elFv9NWU/kzAgEEjCpwKpfY i3n9c/kldVve7vSFtzKFk0bv4vLm4elZrtjLVH7cP2/KZrqjcqlIIICAQQUODw/yuZ2tiN+l74r9 kqrsreou3Vb64Kh2Pphc3d6r+/JX6r786XFRXi6Tllt/BAIIGFNAVstthgNuh7pgr2MpjhrmVc77 QvFUrlhpdEbT2c3t7bWsvjuX1Xf5TCqZ2JQFPgQCCBhTIBL+aFKpL+Xfc1564URl32y52uyOppez 2bfxQK2xz6bikVDA7yMQQMCYAl6v51craj2D/JIq7aWprdbxTrpjyMaaVm84nkwuZCdd5VB20sny XdlI5yAQQMCYAuqBE2r7rK6yXttgK0n/3hJHemDlDo/PWt3BcPh7v7xDnmBBIICAMQXUU6UW2i8v WT8f6KXxnep0uStNMmqtTvfPrjg0xTFoNxQOCwERkKY4MsTrq+o/2mhoA/28uo8m03lJ+karVdd6 36mlu/S+M2zHMw4MgbnARy7r/Vv+10d1H9qUhpelk+pp9Uh1uPXMO9zqfSG+DwEE/h8Cqrp/b4En U/pM/rBYPMilVB97nlD1//gEOUoEFhSYV/c2h0um9PHt3Uw2nYqrp9Xo2ZK34Fvx7QggYASB9+pe JX04Fk/EYyFtGZ+OXbhGOHqOAQEEFhXQpvSr8gwLl9e/EdwIeOXJs/ra6yz6Tnw/AggYQkBN6S2S 9A6nSzWz5vnyhvhUOAgEPlFgPqW32uwSCy7q+cSj4qURQOCzBLTqfsVi+YtFPZ91SLwuAgh8poBK +veQLz/znXhtBBAwhoCk+jyMcTgcBQIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAA AggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAgNkE/gPhNQGJCmVuZHN0cmVh bQplbmRvYmoKMzggMCBvYmoKMTY1NAplbmRvYmoKMzUgMCBvYmoKPDwgL0xlbmd0aCAzNiAwIFIg L1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxMDExIC9IZWlnaHQgNzAgL0Nv bG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQg OCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHtnQlb2kwXhlsXZAcRURABBQUXEJQd Afeltvq6tVX7/f+/8Z1JiGByBiYQMMI5vUoWYkIecvOcmcxMvn2jIAVIAVKAFCAFSAFSgBQgBUgB UoAUIAVIAVKAFCAFSAFSgBQgBUgBUoAUIAVIAVKAFCAFSAFSgBQgBUgBUoAUIAVIAVKAFCAFSAFS gBQgBUgBUoAUIAVIAVKAFCAFSAFSgBQgBUyjwHcWpvk09EFIAVJgmApIvMsvwzwM7ZsUIAVMocD3 71NT0yympsjqTfGN0IcgBYapABA/PTM7a7HMzs5I1A/zYLRvUoAU+GQFgPiZ2TmrzW63WecsBP0n fx10eFJgyApIxFvtLrfX63E77VYGPaX3Qxaddk8KfJ4CkNXPWh0e3+LSUmDR53Ha51h6T7X3n/eN 0JFJgaEqAGn9nN3jD4ajsehqKLDgcdoAelaRN9TD0s5JAVLgUxT4/h1M3rUQjMSTqdRmPBoK+NwO m2WWsvtP+TrooKTAkBVgtfUWu2cxHN/KZHPZ3VQiGlqcdzuoSD9k4Wn3pIARCnQ0qRGehbze4V2K JjMHpXK5sJ9OxSNBv9dFRXojvhDahwkVEEZjDDacwgLyeuf8ciy1V6zWG/VqcX83uR5epiK9Ca/V z/tIY3Dxi58CRsmI10kN44b0MjMza7EB8tHkXrHWPDk5btSKud3NtRVWpKfsfgDIxC+xMdhyxERg hxsSIO3dzhgbs32Gpd+Yew+rzeFeWI5uZgq1o9Pzi/OTZq2Y3dlgRXqXcpd+gCtf15+OwcUvfArY ZTvide3LeUhzxkICLUT7jMEpecdFYMYqHDahsPcOh1A4W+Fywz35UHQzfVBpnl1e/7i+PGtWC3tb UpGe3bDTeZNe+JrXv+GIicAONyQ22rv96pRYBJjANhHFRAgSaEnaM4QgcSiUdJu6eoabGx5+ePkx 3yV8/FhQwr+4FIqsJwH5xunVza/bXzdXZ83KQSa5Fl7yuaEaTw/zwLGGlPb1PJy5SaVkThATwyix G4ZJT0hcLoMp8Q5IiUJLx9SPxyI3Algs4bGMRRCLEBYreITlWI1E1+LJnb08uPzVz7v7h/u7n1en 9XIOsvug3+OwMubF8nMG/PQ0ICiagPWbcfXrJXOCmEwOJR6+l/RJia+DCvUsDonfb35KWrAok1Uk ImhEtRHTxhoW69qIayOBxYY2NtuRTKa2dtLZfPnw+PzH7f3T8/PTw93NxXGtAEYfAubnZqbFmuIx 4KE6kHHFY6ZnvgUbGOYlzt5m0sVL3NycyxSUcDHBrCSAW8kSZiXLmJUEgzq8ZEUB48MUgWR1FaUk YkJKFF6SWKRUsYXHtjZ2sNjFIq2NTDqjjT0ssh8jl8vtHxRKlcOj06uf/z3+/vvy98/zw+31Wb20 l4oFF1w2i5jNS8RbrHYHJGVqXL4gJRxMUEpwTDBKQnjGNQRKooJesibkJXFBL9lQ2GhPMUigqac6 UEy0kGxjkOxgkOxqIcEYyWQwSPY+QiItASna2NfEAS/yvCjwosiLUqlYwqPMj0o7qtXaYb15fHYJ Jv/85/Xt7fXl9+Pdj7N6MbMZCXjB5oUye+bxczanZ35hMfCRFxQT1ExMR0kMy7gQSta1GRdKSUKb cSGUbGKYqBmBZQyTr0jJ/j4HEx4keR4kBR4kRR4jJWiCxo02JOq5KidqveJQR9Trh3Ud0ag3BKPZ bB4dn5xdXP+8A5N//ffv39vL74fbq+NKbiu2PO+0CiEPJj9jsbvmF4PhCDiMGhWtl4yAEsRMMEwG ogQxE226BWvEvSQr4iVgLjgm+inhY4IbCazlMgJvqOF4X+ZAAo7TI3RAAogMiRIGE5AiEkfNoyP4 D5uyV2lJfoHVZonj45PT88trlte/vP37H0P+EZCvAvJBnyjyrBeuy7cUXkskt9rpl3DKhSRdKCVI ypXLIZTkNBkXW4FiwqWkDzPpQgkflHcq1DN9U1LTh4kOKxF2EtlwRBBpbcMYYZTIE7OwYcTnkE9J /6ugZ0ubQdtZPdEAmz89v7q5e3j++/r27+3179N/NxfN0l4ysiSY2Msm7w2E11Pp7H4egYWbcnEL JuXyRFLSaLJ/OkKyFNP5yGCs6Dj9D5sOjxKWQOiKbrlLtcb9NVf/7LeXu+RWXKfhUFcqV6qHzZPz 61/3T39eXl9f/jDijyq57fUVv9tuEUnsGfJzTl8wBh10ipUa4jJ6foPqOr1ENyUdKddgl6aZ/rp1 Uh8Q6LEgCacHk4Y+MxkNJdU2Fqo5/ZRAmZ+DSbHIrUHg5oloVnmAJqDa4hysQWoR0dwXLUsi9ZdS 0p2GjBpsuVRtnFwym//95/cTq7BvlHPb8TDU3ondmAfkoYPOQmh9K1esHkLa8DVCpqSVTPbAo/X2 F6IEfEa/mXApgZQLN5OxoSSd4VGiLp+i9w2QOiGsghWph8Wqa5Ptmx7vc0jlL3YrJYFUJndUpsXj iY3kdma/WDtiNv/4+Hh/K9+WT0HvGq9TjPhvzOVl5LOFyiFW02EWL+mWb0nvjYISYMdAL8mjZiLq JVARojUT1Ev2tGYyICU7WkxMSYkCjLpWWlrW3g6NaZoW4C0QIhGsucKH9gzvC5zbu+hNLvR2mHLj DBpZrKzGElsZufXd7d3d7c3lSb3UanznhO50QoNiSYm9A/rkbe7m8qVKpcWNKs9qL3K9BN7AvaQv Sgr6Ui6Ukn1tyoVSkkUx0VICa7RmorYReXkAM/l0LxmYkigHE4yS1XcyOmcMo0ShRZpy2jUFsOC1 K+S1Q/SrGyx2LvObz/u6tCfWtImZh9voUMve6lbz4+bm+vK0UT5IJ6UOtHYrjIMn1PaOIQ/j6/hX Ypvb6T2sBh3zkoEoSaOYGEtJCku53vOs9owxGdfglHAwGWtKumHSHyXzGkzaK9StzDqWuW05ezcD dXXruKO8J9YutXcLV6fL6w9CT7p8tXl2cXl5cdKo5jOp9VVpmAx5EDyhFvbSKHpO72IospbY0LYl adOhzCGUbGAFE6RcElfYaE/RjGtNm3JpMq6oSSlZxs0Es5JAwEgz6UKJLjMRoARaafIwMRkldl4T 8o/rBXs6YX0Jhdb12ymls9OLBVrIunxKf/mz0+NGtZDdTkSDi3oHw5Js3ub0LgSCoXC4bSudidb7 PCfjWsEKJmi5JPgh1VIWcEqWUEzGjxJ3b0wUv+g2NcpL4FkoQiGGiRAR2Eb9UgIPb+ovDO7ZaXz3 0xkLDIQFY9/BqDiNoyaMhJXb2Yx1DoojZPFsI4l5q8PlmYfOVHJZpbMgopofoZdA6sXzEgFKRFIu okQGqz9G4K+MxcR4SlR71HQQH/0K/cNNKH/B2sXLw13my9VapZDbZf3k5aHvWEd5wW6z0u8CdJVn j7qCrnDdTKT1HlFiKkpmVBe14Yujh0J7ROWin4Qp16nBmdmg1oHVxE72IH+QUwa4ZY+v0DM0how8 25v0QEsswdKsG3nGZbCXDJ0SeCbop8ck0KGcI5eS8XqDVbrZXAshqGff3d1OwrMrYBj7vse8A+an 2HOruXma4eah3uGnMyI9sFu5iMZ+Ol4wTMjZsHayDm9gJbqeiK9FBn1YjXyN6+Zu7NHoPMEJubDo NM2qAMvsbdDldTm0EloOwHMoB34kXeflbdC8WcWjz0UKfD0FpHp2NrCFb8E3D0+blh4xr6vW7uud M31iUmCSFWBVbmz4KqhJd9hawOupp59k7ejcSYEvqIBczS6NGWth1fRi7Wu/4InSRyYFSAFJAShv y0NRw10nAp4uClJgAhRg0EsBMxNwunSKpAApoNSskxKkAClACpACpAApQAqQAqQAKUAKkAKkAClA CpACpAApQAqQAqQAKUAKkAKkAClACpACpAApQAqQAqQAKUAKkAKkAClACpACpAApQAqQAqQAKUAK kAKkAClACpACpAApgCjwf2AjAYUKZW5kc3RyZWFtCmVuZG9iagozNiAwIG9iagoyOTUxCmVuZG9i agozMyAwIG9iago8PCAvTGVuZ3RoIDM0IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1h Z2UgL1dpZHRoIDYxIC9IZWlnaHQgODk1IC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBv bGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3Ry ZWFtCngB7V1rV+rKElReISAoIA95bEFRUVERVFRE+P+/6nTPJCGy7iLpntwMWQwf9j5nsXsFMUzR VV3VR0eJfxzDg/dDYKV8kOuhLJVKwyOVgv+klYvSTBYeGainVUNtOpOz8radt3IZYjXUZi27WCqX S0XbykJ1+Bd+fJzOWIVSpVav1yrlAlQTXjhcOGeXq812t9dp1sqFXCb8peEnzuRPKs3e1fDmqteq nuQJl4ZXnbXL9e71aDy+H/Yap4Vc+NeNr7pw1uqPnqezl/vBRaVIeN1YXKy2r8ez+efb0023dmKF /6HhR7ZOat2b54/vxXxy969eypOLbyefy+X39P6yUc5nQ7/d8sq9u9ev39Xi7aHfOLVZxeuf98dB k17cxStD8VgUp8PeoM4bdovFy4/xVevMhrsk5N0Nvyp8t28nXnGBVlysdpzip+uLM1ox3CSdm5dP fNlQXMH7M+zLPsY7zCmeP3OK20Nx5fnzsA03d+hPBnyqcsVKe/g8/13/cooLoni5/v18GbarhCsf wZULlYvrp7kovumQi8+g+AOLJ7I4/CcjnYXD4EoUf01uO/CBDn+AwjGExWO8MhTjaUAqts9ag/H7 z3r19XpHPUqy9mlTFn+/3vXOaeeQKH7EKzOL+49vWDwd9c5LpBMwmy83+g9O8T9icUYWL9arxXRE Pj6h+PLhbbFeL2b3jOL65f1sscLiy3qZdnDnS/V/svjtAQ9u0qnvFf/gwU0stkrn/0bT79X65+2R fuqXznuy+P2xTz/1zwFv8Mo8yHCLx4MW4E3441NiLEAGXlkjZFypQcaZPsggfJnSDxnP6pDxwoGM CwkZnwAZ1SLt1FeFjCsHMgTeEI4S+M7sQgYXb9QgQ+ANAzLs04aHN0zIALCSkEECK8QbARkrBcgQ eMOFDCxmQ8YaTn0lyBDFtEbBgwzAm5ghw8Mb2WWE/wooIQNaFAEZg3i7jJOa12VAf8PoMiZul8GH DFaL4u8y4oQM2aIodBl8yNhuUcLfYtgoOC0KdhnxQ4ZoUV45kKHYoqhAxkAWT6G/IXYZKpCh3KK4 kMFpUUSXAWDF6zKwRVHCG+hvGC2Kr8tgQcamRWFBhuhvWF2GBxlsVosFGYIG9BFTpP7Gz2o9xQkZ gvp0iSkWZLjFLqsVkhPzdxlLDjHlQQanGIkpLZABLHVErBaHmPrDatG6DFVWy4MMIruefFZrxocM SUwRFYV8WeJN/KxWdJBB1jKgRbnTDxmIdAxWS5sQIrsMRVYraUIIdBk8yEAVRUuLEhVkxC6EAKu1 PCghxFYXQjxWi6goRMBqJVgIwRaFKH97rJYRQoJlbCm8b1gtI4QEvGfY3yhr5/wWxYMMI4QE/KLg 6eNUBF2GEUKC32jxL3BITGrnRggJ9ZaJiSmP1TJCSOCbJrglb9yKxWpFIISosVrccSs+ZEQihHBn tVTGrQSrBeNWBySENNna+UYIQe2cKMH4tXM+q6VRCAHtnDyrFR2rlVQhhMNqbSZ0SZTYgQohVT/e EIZsNyoKm9UyQogRQnZ9o4LmKKLxXpYQ0vDJ3wkSQuqu/K2onRshZNe9Cc9F4whJuhDCmtViQ4Z+ IYTFaml0hEQghMB4by9+7ZzNaiVaCGGOW5X3wBGSPCHEmdClN0fgA9TjCPGP9xohJAig9QohyGoJ EyELMowjhNAcCRWl74z30k2EKuO9jonQ086NI2TnpxIVhY2JkNWiOCZC4wjZ+UaLJ7e180NzhBgh JPgegUZW3XduhJDw5h0fq6VNCOFO6PooMaJ13O87j10IUYQM/eO9LNP6XgghlKlkf1QJSztXcYQY ISRHShvx55wYR0gQzspBL087JzsQ9Qsh2kzrXBOhEUIoZ680EWqMxjJCSNAZIp9P9HivXiEESBr6 rJac0HVztQ5LCFGMxtIAGapCyGgm0q0EMUUhILdZrWQ5QpIthLBYLS9NkZ9z4vrOw53bR3I22D9u xdLOwbKZMBNhgoUQ0G8YkGGisSAQ0QghO88F/UJIBKxWwhwhbnpvrDknGINrHCHhc4P/Z3pveHbd F42lzRHipvcSvkAiZOiPxsLoX9rBjfbFCFitwxNCRJqiEUJ2YiQ8KRyINQx8d6KxNDlCMPpXLU2R QsYpQ0ZChRBvvJeR2a5gItQYjbWd3kuDDBONRe4yIC0eWS0FR4gGVksl8N2CYiezXYnVUgt8Z6z5 8HznimmKuqKx6F2GJXaEGCEk6EuBfN4IIbwdIdzA9wMXQmA7CWPNh+bAd552Lme1QAgRy52Ig15b 471GCNl5mimbCP2OEFaLYoSQkLnBLjGllnOizRHi7qRiz2olTwhxA9+NI2TnGYRPAs+yicZiRJV4 xTpyThTXSvGFkJq7VkqxRSHuCNkOfKcRU741hvQWRWgZunaEeKwWbCKMUzv3At9NNFbgQSLsJLCJ UCHwfQ+EENwRQt+BqFUIQQcii9XyZ7ZTc05K/mJioxABZMACRWcnVcxrpfiQERWrpcsRknAhJMT5 Jb4OCdXeP6sVbzRWlEJI6BXcaJf30nsVN9+Su4yDFUK4OSd6HSGqm2+ZOSdGCCHyabCy3NPOmULI SnVZOr3LMEIIddN6YgPfjSOEIPmr5pxEE43F6jI0CyGAN3xWy+syKL8q4wghslr+AF56lwGs1mZH iBFCAvoczdq5VkeIshDySzcRanaEGCEk/AC5XwiBtbkNHqslIINcvKWd5xPDahkhBAwOAWeu+zRI /qqOkMQJIRJvNAW+b5alG0eIexPu+PvPTiojhOx4p5ynUDuPYPOtiiNEixCyH5tvjRAScIdK37kH GdcX9LW5eyCEDNtVggTjzmo9ybW5DDvJ3gghpFAuEN4HblQJSjAUwkJsIhTF3+gDZBR7m9YZxRFo 5zihS7Qv+tJ7uazWbCG0DMZscBTaOYfVko6QDWRQbhI/q6XmCOnTY9ej0s51CSEMVss4QginvmZW y4MMVuC7EUIo55D0nXO184iWpXMhQzoQ7xMEGc6slhFCAr5ry6cd0/oe7AgxQkjAL0wzZGgVQpQ3 3yZXCOHknDS8FoXaZWzWGGLOSSKjsYwQEnCQuFEl++EIMZtvd/66BCVWwSFbZpoi2xEi8SaxQkgE 2rk0rRO+6+9HNJYRQnZ+osSTiRZC3JCURzoxlWAhBHO1lh9ITLEhg85qbZsItUZjBd/W8t7eF0dI UoWQDsgRJC1j2xFCKjZCCC3H0Qgh1EEv36zW4QkhP+8xQ8YBO0J+178JC3xXE0Kczbdfk9vYIcNE Y5HmZF07Cc93rtkRohKNpa6dH9SydOFAXMYOGcYRkhzt3Agh9FktlXEr1xFihJDA/l9GY20231Ib hQhyTjY7qYwjZNfvyxXe92LzrR5HiDPeG9KMcqBCiMacExONRSOm/mrnjPHey4c3EY2lOm5FjcaS jhDoMsBEWI/fRLhpUaiQYYQQipXPl6ZohJBd2LxRUYTwvtTEaul3hMTOahlHSLyslk5HCI/VMo4Q zlopZydVvNp5hEJI8jbfGiEkEGHhHxzjDsS/AbxU7ZwrhPhmtdBEyHEgqrBa7oQug9USWsZitQIT IXUHImrnQA99r2AemlEs9jN9LZef9O2L6Mbr3U7mi++Pl1uq3xNTxDvD8Ww+n42HnSrN7wkRFpVW f/Q8nb6MBi1MqwuPsXB/2uV693r0OL6/7tZPbcpyUGTjTirN3mA4vOq1qieYkRKS7MAR3XTOLlUb 7W633ayWC7nwY4hQjOxSoXRWO6/XKqWClUmHv7C4dNayi6VyuVS0rWz4tws/8XDpdCZn5W07b+Uy UBv6J3aqoTwLj0yaWovXPk6l0vBIwWVJ18VrY7nzEP9L/4NxTfpF/u8V/wHoSeRjCmVuZHN0cmVh bQplbmRvYmoKMzQgMCBvYmoKMjg5NAplbmRvYmoKMzEgMCBvYmoKPDwgL0xlbmd0aCAzMiAwIFIg L1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA2MSAvSGVpZ2h0IDg5MSAvQ29s b3JTcGFjZQovRGV2aWNlR3JheSAvSW50ZXJwb2xhdGUgdHJ1ZSAvQml0c1BlckNvbXBvbmVudCA4 IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae1d6VriShCVfUdARBCRTQVFlMWdEXn/ p7pVnYVEQVPV+dLkpvkzEKamMwH6pOrUOXV0FOFHzH6QLwJExs1HLEaMxtBEMplKJZOJOPxDlHCI TSTTmWw2m0mnMJwUHE+kMrlCsVQq5rPpZIKydCwGsflSpVY/qR0Xc+kknLnntWPxZDpfrjVa7Xbz tFrMpggnjgtnS7WzTn846LUblUKGsDQEp/PHjc5wPLkb9c/rJVja83nDWWcK1VZ//DCfT2+6Z5U8 4bwxuHjSvpouX18Wk0GrWkh7/09DcLZU74xmLx8fzw/X7ZMi/qc9Xm4MLp9ejufvn//eZjedeokc 3L1dfKzXH4vxJSt4ufr6Wi1uL09LWdppl04vb0Xw8rZ7WuYFb/493XUbxOBMqX45Xnx8YXAPglOU qw3BHTN40js7ztGCi/A5i5WfJ3168ElnNMfT5gVfjObvGHzfb1Zy8Mvw/g2D7/bFzex9vfl8uR8Q gxOO4CkEw8/K+8qJdKHWvp694crTYauST5ODHzH4FYKrlGDYSXBlI/jBDPZ43rgNFarnVw+vuPLD 1TnuBl73oW3w52b99nh1XiMG56ut4cOrCL5uU4KPcPeE4Kkz2PsvI5HKVyD4BVeeGSvTgpuDewx+ n91cwA5I2D4TqVzFHUzYhyD4uNm/f/63+Xqfj3BlQnAcgs/6Ewz+mI86dalg2saNK/cmT7jyYkzd 9VPZcqN3h8Er1q7f6N49rSB4Oabv+uXTLuz6m82Kt+tLBSPebKIFGYA3GjI8I51z1w8nZHDwRhlk pKUhQ+BNZCGDjjc+QAYvUfANMqhZhiTeiBRls1KQZVgpCiPLwGySn2X4BhmQHBFu1zGD9iXLwBRF LsugnLZSyKidX5kpikSWoSHDw/0B1KXksoyKX1lG0CmKOsiAFMWXLCOCkNGgFqZCDBlY1ZIsTIUc MjzsX/hXRG1JIWRgSYxR1dpZmPJaTxPBsoUpdpaRlypMacggFeOACMGqFhsyGqK2BFUtBpehMMsA 8keCy7CCJ72QQgayKOQsYy7PZdAhIwOMwo3JZQyAy6CctiPLQCJEnssIFjLWmzUvywg9ZCCbS+Iy vkMGKRhSFDkuQxAh8lxGmApTJmQAEUJmsMtQ1TK5DEawPBHyxSxMuSGDQnglHdw5DzIMsHpmVLWQ O/eFy2BChnSWQae//x+QgcQ7mTuHREEJZPC5czvLeOTR31aWEThkDO6fP/n0t8Wdd4IvTAninUF/ 5yz6m8llSEKGkaKwswzY9fncOQ8ystCrNV5uO6Y0ZPx2/2x0A17cmO1WMh1TSrMMUrvVzo6p366S 472fhSkWZKjKMqIJGaJjSvRqUXYD0TGlIcPj7dCRaO+1uXM2ZDDbraCxGDt0WVmGX5CBHbrEJlu7 Q1dBlgEpitlky2jvVQUZ0LputvdOJQtTGjIcsLbrqdlkqwoyWgM7y6gVgi1MQZbBggx3h260sgzs 0GU12SqDDEPUAXjD6JhCyBB4Y+oyKPcVzsKUhoxdO4/rGAjLvrVb0egICN5CBqvdSvQtkUUdB5Fl sEQdeaEIkaC/+ZCBog6hy2AVpkzIAHEZyEmChgw4bdBlULMMhIwzOSJERtTRM4I5hanjht1uxVDj OUQdpzQ5CXLnlqgj6CzDhowlXcpnQoYQdaCUTwYygtYB8rkMmwi554gI2TpA1ZDB0wGGFzIMEaGG DNedy94Xrg7dsEGGKSLUkLH347XfEHJ5kShIZRlKdYDcwpQPog4NGfY3ad8Tg46w1N+sdiunLoPJ ZbCyDMWQIS0dBymfmixjzcsyJNutZLIMCzJAd06714fkiJ9laOl4yLIMPmRotxE1biMg5dOQsQ+b jeNwry8tHY+u28iCAxlbtxFqYUpDRmQgwy5Msdyt2IUp36Tj9A7daBtU8Tp0FRlUabcROYMqJaIO xQZVVOl4SU7UoQ2qvHvGCctNB2RwdIA+eBrSO3S/QwZTBxi8p6FC6biGDAKzKaxKfKK/gxd1hN3T kAoZvkjHVdjgbqXj5FZX7TZCa7c6KMj4vTRjv/tT1EF0srW5DF6WEXrpONkG97t0XEOG/WXc8SQW 3xam5HSAzA5dNKPVbiM7Ppkfh1BQdxiQwZSOSzun07MMQzoufE6AwdZuIz++VK4DCFbSHbou53Sv indfDaoCl47LZRnabYSqA1TpNsJrt8qgdNxhUEW4KRG7vhUs5zbC6JP1i8tgQoZ2G3Ft0Pte/Mwy WNy5dhvZd4HdxwXx7h62QTWo8sFtJFwGVYrdRlRChoR0XDlk8IY78UUdJ1sugw0ZMNwptG4jCj0N WZCh3Ubc0LDvlT+QwZKOG/OZtNsINcuQNKhiuo0Y3LkEZPhgUKWl4/t+xvZxX6XjcoUp7TZifyq7 n2i3EY50fCvq0G4ju79X26NqDaps6bh2G9l+JPueIYtSRFFHuA2qtNvIvg/YPO4LlxFJtxG+QZV2 GyHV9bXbSOBTx/mFKZsIkZCOfwZemJI2qIqa24g0/R1JyBAjy7XbyB+3JPC2kSiAczp6GophG+Th TtqgiqSOsG1wn5jDNvjScT8gA7iMfrNCGu70PzCoUuU2whq2YXfovj1endcI7b3WSD85yIic24jC LCPkbiPBexqKYYLcSR0R1AEeiNsITZfh8NANq3Rcu438ee96EG4jTBvcLZeBchJKkUZ46KoyqDoA txE+ZKCoo3tKNKMFJ1sNGaT8RnAZOJPqWbuN/L2HxR0jZIOXjgvzc1DBcKR87CzDIEK0dJyw67uH baiEDDpY2c7pZENEY3C4WZgiuimazunsSR3OXZ8qHVcMGTAZypzUkSJt3IdQmJKFDEVuI/JZhnYb +Q0rNWTMGB1TslPH7SyDn6Kgp6GGjN++2iYF48Qbeopiz2fq8jwN+ZCx1QFqt5HfP2ag2uSIEO02 UiVwGd/arYzZ3yT1N85ncnIZpGB76vhMbup49NxGlEEG020E6G92ltFw1JaoWYYPBlUy0nE/IKMB t+vUFGXkA/0tmWUwdYDhdRvxpzD1Bzxab+PGXZD3NFSlA1QPGdptxPoq7fsTPKZgEqEPhSkmZJjt VkyDqjtV0nEjy+CMkDXcRraQQSh9RtptRBoy6IUpw6DqDVeWnToeNul4iN1GJLOMwCEjcm4jNpeh IWMfKjuOC2dBNKhSDRnabcTxqex8ilWtQg2mjmvI2Hl9fhz8VpgKukPXLkyxpo43B2JkOc4DBFKA 5DH13QaXFJyrgLsVTwcYZbcRW9RBm8B9CDpApnR8vJSHjNC6jTQ59LepO1dhUGXY4A6028gPkHAf CDVktMIHGY52K/Q05NPfEMyivxHpIFEgd0z54GkowWXcqTKo4hemoL33MtKQQWbtiycXN2ogQ1o6 /mikKGi7ThghK+gIa+r4w7BFr2qpmjqupePEFEUiy0DIUKgD7Bm9WhzIkJg6jk22UZWO2022XC4D s4wsmf42PduZ0nHtNuK+sd77Cqpaot1KQ4Znk1Kc1CEr6kDbjjdWYcrMMt6gMFUr0AtTVlWL3G4l IEO7jez9IbnfiLbbiIYM97dhzyvDEHFru67dRvZcKOvwz46pIJ3T2TpAf9xGJCBjaO36LMi4F7u+ ocvgcBlfa2BRiFI+I8uYPK2+PgHpiMFIhMDt+vLj898rYCy1qpUtQ6lk/rr6eJ5ewQVLk+57s6X6 xfX06fVlMRm0sI2b1PZZqLX6t4+L+XTUPcPc3XswOi0fNzrD8eRuNGjXy+hb5PmOBgwGssVas9Mf DnsXjUoBdfpeg9FYK50v1xrnF+1Wo1rKEc4aJCGxRDKTL1VO6vVapZjDa+15YRSUJFKZXKFULhUL 2XTS++XCDSUG0cl0JguPTApjCQuLaAhPpVJJCCXGYnQsHo8nIBJCSeuKrRBizIe1M0byz/8A7iva jAplbmRzdHJlYW0KZW5kb2JqCjMyIDAgb2JqCjI5MzMKZW5kb2JqCjQwIDAgb2JqCjw8IC9MZW5n dGggNDEgMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Aa2ZXW8dxw2G7/dXTBXb kdJ4Pd8f6IWdqCmQXrRxrKIXSS8CVUFdWE390fbv9yF3dnZ1zpFsoLUAa8XD5ZAcDt93eN6al+at yXZuOeRgfJmTbc6b4trc+GdStObdjfmz+Yd5dvnemev3xunP++vttZT1venWlKqmkuki82YTDeNv tjd3sr+Zn78wz767eXd9888P//rpzfTuNa6FWmaHb8by48PscTMb1/IcU0wm5CyiaK5vzbNvb5P5 7S9E5PHamv/g59/Ns+9v3vz04fW/by5/efPLu9e3Nx/evb4W2xrO5Stj52BbtaHxlGyq1UeeSnSu 5GReXeKEnS3/Si3ROj7k5+ldkbf83Sr+lDbH1uKEP4hCiCmnIOrOeldcNrcmZsms2liFb8wr3H7Q k4mEp+JJhm1jGaylHOdcrUeWZhdSJuX3ybwNDr0411TClHKYU7NV37SuRt4Lc3A+qyS2lAxrHsnE fiC2GFSvFZ/UlmspIslzqpHCQSfzkUpqZmGxVWfXXEG2pEl9XfUqweH/tNhf3u2yrresgCy6UHde VNzx2atk8R9JssFPe/+77FjrhOTEe92vJWPYkprhzTgvWa1xdpHq2HKPTo/7ntImVVrNWtp+bpYf SpvUGN8o++pqr+u81PW9tfz2sCDF5N0S1dqppN5Ri+ytWKbgQsjsiL4eUkg+Fk4xResCh9/hk08E tdSnd45tL5TaYqNQft7VOblCSbrIQ0jorrLpQNZYVURFSsDTYbIt1BCSHGxWSa0UsEhc4phfD5ma UhnmPRFkzmtwUjocUpFY6yU4KiFHr+8ln0Ti51JTU1sJrRyxpSko6mqbFz1LC1vdPyEbK6DnydPw YsL1OXvfhq9GJC4mNu+ETOJeoly1Volauvc9SeuaMZvmnGtFUunSJBVBskVSuOwGptIa9lJ8l++9 9G6tC0MreUtzlD/oB4kMSauXh5AqB/XWfH1lKD5VkF9PXZ2u6LBXV543rn42P5jzxxfUTzTn4UKq h4ev1odZH7w5f/75hfmLufq9+eaK9nbU28mpp+QXR4Icz6W3pzkW2Uw559WrP/T28tEzcLfgxfn7 2jQHdbax6fHatWkeUwvJ2cAhoMU0Fo+lciRrPwK7GIzi01EMVQ6xop8c35Tm4Om1CzzVB0JYzH00 hPUYx1Ck5ynQEOV6jsloDS4pzmgAINlBCNvOu9zY+RhBJK/1I26y80vWorm6PiwCc1gELxp77SgG u/x+9Lhv+aRbvq2VIucmAlOx4HisVOOpKjta4Pnji0mr65GUWzDnVYsrmfMfL/SJxZ981kvxbH14 uO4CLgAvRevbr43XSweQPYNP0JAGp2gPbNrCUY437a5k9E0fwT/vwtJ7wadsI8Ao+Y4tsG7V5ltt 8xUgKAFEH5XX2deDJEFONtA+F+njPtIvKkApJAGa5KVrJQqfPko5n5bRNuAnquebEx6nrCJM8qbz pSAR/sCp9Yn2q0hyQraQkFSlL6IH9RF4pvfHnLFFvaWW1brHT3S8VC48DhlVmaAS6n/O0qbFC0Ki wVFG1rmdiDA3EfaLYEvMcwl28RUog9gigdB17xvY4iNNlP6iKxIRMkx1mcZ4R+tYIp4u7222Fk9d CU1tubyEWKqkFOOQSEkpm5HZYZH4WsSFQ4awdIPAZ9LGdrxXyIFLZS45lN5VnH2gQhdDB31QbN4t US2a2IpxBQKfmtqmmaTEnietUDibpz0KgeWY4DsmGlAqfPGAH6xGdvxgctBTSnzPD1jsjkygTEQZ MrqhnUhiZDMHTjoYrNxX9vg6ZDt+ILJY2YPBD9iZGRa/8QPcEhJ8hx+MHBCWrKn8wEFdh/snZJ0f TKJn444fGMflKIY9P6AsyHFfs7OBIduiXLVWCZYeeG/HD0QP2Br8AKdgmlL9Kz9QUz3sj/ID+iI3 JM4jFDeFBqn+pM79CfzgRe/t30j/pqXTtqlUOvof9IFun/QBcvHjuejwUVYJ5GIo94+mwUhWFHgy iMiLDhBHC20gMnDlkTi1X/rIylj5N0e+3AGeDf2UqXItMnJRdDEqbB9zrCP0eyAPw4l8MZE0EjJS tGb+OA/PP56A6XxF2pH7kYDj1//YE/s7+U3S4rpxftm4afNq0MND977rNvbZ3FjjlsRBV5yvoFnr daiNLH0KWfny6QXsVQrnlPnM7cbXGgwNDXqdtQWyR/8v+7XNAfADBgU361oC0C9px/yClcRCn3vK 8yHP+rbnE7Izns6Ee/VzIyVAaGfjwydH6R7b+bW+hvYomLMhilpM++ofdXY2DAjXU052Tya3SK07 GSnUBiiEVJ8K9VQMo6w+6x1jnNbLve/i1oHv204fUXcHGxvXj0EDU3FwYbmH2xk2qN2O2wecQ0dL PxgQLzNdKpmzTCFZ89fTM6ZPJfTce5zcVBkjzNVmJ2UNHbIRUi8BwRly4cocQFOQP0QmNnfEC/iu 07kT/JB+to6zhB8eLij8kGAzV2OcgKEynxKCdVLGBKCGNIleFBYPEZxz464rEsiMChrLISgkUOgV KnuJmIbtJQ8tE2wBGyeR6ODRcysu/LcYZqKCDmgWURbXqZsmdLHnSt3EgUXPqesypxGn9jLVGyuw sY0b0s4L+mdpTHNWT2UIw0xN50eHsmOtE5Jd1MNW90uSJbJABvRNSahKHBswsi4qPWxF6GIbpSA0 aK0Tpq2cr4Sivq3KjFvvkdmod4pGjmg1wFBkRjAcmUTiZEtWd0n3sYzJrWSmLECmORMlqwMRHiSv agraCMnCFS0mMQX5Za4zvGdH5M2u13f4hIzd3K3Qa2NzYimfzdNRdMP3Lln/pnK1LNe/caiX6aFk WViztNa25FbzuJY/sfYdEEmP9WOEikvRzASM/ATMFUZgSqgmSK8ggf5i4HKEASvWvlzb7+iK4+F7 hdLpfCD2wIMxpRn9/D7I3uHCV4oGsK9DyD6iEavCk4Epv169XOH984tpa8Ybqgc6r6Wlraj74FyA yb9On6bzX60gdiYhwx0hO3RFUE3pCwJcQgAverKE3BnSIuu8D7UvNMa9/uI56qulL1dLrHEqBOkQ DCTpgVwILXf6PTPxn8JMXtUrpSb4TATzhquTfD2zTuq2daKMOa1+6/EJLPJPy+5M54MwjIci2SPU Ddy3te+O7BY448YaB2YKgOrExCVutNwpZJC7jKQEMX1HzP8dIwFcEIzmtE5uJcGMAwLzJL6l4c4f AbEQmS1xIx8iHyqjMP6Ub2RoPeufntYuk4ZFMDVupTKdoiV1lQbEMx5yTNL4gioYWCHfmFBcisbN AUF2EzIl64rTUOyGuHxaMAugW9auMcp1UFCxS0LL0CWwZyzOPY0JSEvTiIdVwU9mLnkNeie51q+O Xv4XKjKjhgplbmRzdHJlYW0KZW5kb2JqCjQxIDAgb2JqCjI1MzEKZW5kb2JqCjM5IDAgb2JqCjw8 IC9UeXBlIC9QYWdlIC9QYXJlbnQgMyAwIFIgL1Jlc291cmNlcyA0MiAwIFIgL0NvbnRlbnRzIDQw IDAgUiAvTWVkaWFCb3gKWzAgMCA4NDIgNTk1XSA+PgplbmRvYmoKNDIgMCBvYmoKPDwgL1Byb2NT ZXQgWyAvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQyAvSW1hZ2VJIF0gL0NvbG9yU3BhY2UgPDwg L0NzMSA3IDAgUgovQ3MyIDggMCBSID4+IC9Gb250IDw8IC9UVDYgMzAgMCBSIC9UVDIgMTAgMCBS ID4+IC9YT2JqZWN0IDw8IC9JbTEwIDUzIDAgUgovSW0xMSA1NSAwIFIgL0ltOCA0OSAwIFIgL0lt NSA0MyAwIFIgL0ltNyA0NyAwIFIgL0ltMTIgNTcgMCBSIC9JbTYgNDUgMCBSCi9JbTkgNTEgMCBS ID4+ID4+CmVuZG9iago1MyAwIG9iago8PCAvTGVuZ3RoIDU0IDAgUiAvVHlwZSAvWE9iamVjdCAv U3VidHlwZSAvSW1hZ2UgL1dpZHRoIDExNTUgL0hlaWdodCA3MSAvSW50ZXJwb2xhdGUKdHJ1ZSAv Q29sb3JTcGFjZSA3IDAgUiAvU01hc2sgNTkgMCBSIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRl ciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCngB7dAxAQAAAMKg9U9tDQ+IQGHAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMHA0MMEsAAEKZW5kc3RyZWFtCmVuZG9iago1 NCAwIG9iagoxMDk2CmVuZG9iago1NSAwIG9iago8PCAvTGVuZ3RoIDU2IDAgUiAvVHlwZSAvWE9i amVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDQ1NSAvSGVpZ2h0IDcwIC9JbnRlcnBvbGF0ZQp0 cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9TTWFzayA2MSAwIFIgL0JpdHNQZXJDb21wb25lbnQgOCAv RmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeAHt0DEBAAAAwqD1T20KP4hAYcCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYOA1MHVNAAEKZW5kc3RyZWFtCmVuZG9iago1NiAwIG9iago0NDAKZW5kb2JqCjQ5IDAg b2JqCjw8IC9MZW5ndGggNTAgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lk dGggNjIgL0hlaWdodCAxMTczIC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9T TWFzayA2MyAwIFIgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZQo+Pgpz dHJlYW0KeAHt0AENAAAAwqD3T20ON4hAYcCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCA AQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMG DBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgwYMCAAQMGDBgw YMCAAQMfAwNUbwABCmVuZHN0cmVhbQplbmRvYmoKNTAgMCBvYmoKOTc1CmVuZG9iago0MyAwIG9i ago8PCAvTGVuZ3RoIDQ0IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRo IDExODMgL0hlaWdodCA3MSAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSA3IDAgUiAvU01h c2sgNjUgMCBSIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3Ry ZWFtCngB7dABDQAAAMKg909tDjeIQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYuBkY2HgAAQplbmRzdHJlYW0KZW5k b2JqCjQ0IDAgb2JqCjExMjIKZW5kb2JqCjQ3IDAgb2JqCjw8IC9MZW5ndGggNDggMCBSIC9UeXBl IC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggNjIgL0hlaWdodCAxMTcyIC9JbnRlcnBv bGF0ZQp0cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9TTWFzayA2NyAwIFIgL0JpdHNQZXJDb21wb25l bnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeAHt0IEAAAAAw6D5Ux/khVBhwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwICBr4EBU7UAAQplbmRzdHJlYW0KZW5kb2Jq CjQ4IDAgb2JqCjk3MwplbmRvYmoKNTcgMCBvYmoKPDwgL0xlbmd0aCA1OCAwIFIgL1R5cGUgL1hP YmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxMzkgL0hlaWdodCA0NTQgL0ludGVycG9sYXRl CnRydWUgL0NvbG9yU3BhY2UgNyAwIFIgL1NNYXNrIDY5IDAgUiAvQml0c1BlckNvbXBvbmVudCA4 IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4Ae3QAQ0AAADCoPdPbQ8HESgMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBg4Gdg46QAAQplbmRzdHJlYW0KZW5kb2JqCjU4IDAgb2JqCjg0OApl bmRvYmoKNDUgMCBvYmoKPDwgL0xlbmd0aCA0NiAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUg L0ltYWdlIC9XaWR0aCAxMTUwIC9IZWlnaHQgNzAgL0ludGVycG9sYXRlCnRydWUgL0NvbG9yU3Bh Y2UgNyAwIFIgL1NNYXNrIDcxIDAgUiAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRl RGVjb2RlCj4+CnN0cmVhbQp4Ae3QMQEAAADCoPVP7WkJiEBhwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYM GDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBg wIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIABAwYMGDBgwIAB AwYMGPjAAK+JAAEKZW5kc3RyZWFtCmVuZG9iago0NiAwIG9iagoxMDc3CmVuZG9iago1MSAwIG9i ago8PCAvTGVuZ3RoIDUyIDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRo IDExNTQgL0hlaWdodCA3MCAvSW50ZXJwb2xhdGUKdHJ1ZSAvQ29sb3JTcGFjZSA3IDAgUiAvU01h c2sgNzMgMCBSIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3Ry ZWFtCngB7dAxAQAAAMKg9U9tCU+IQGHAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwY MGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDA gAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAED BgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAgAEDBgwYMGDAwHNgstEA AQplbmRzdHJlYW0KZW5kb2JqCjUyIDAgb2JqCjEwODAKZW5kb2JqCjY3IDAgb2JqCjw8IC9MZW5n dGggNjggMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggNjIgL0hlaWdo dCAxMTcyIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVlIC9CaXRzUGVy Q29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7V1ZW+JKEFWRVVYR VAQFrgKjoOKCu/L/f9Wt6k5C9KmrOh9Nk/Ll3oep6cAgOTlb7exswc+u/mG9Ehzd29vD/5Dn1WgG f9RfQJvHYzP72Vwul91X86TxXZjN5YulUqmYz8E86eJ3d2G4eFCt1WvVgyJ1fHcPhiv1Zvu4fVSv wDjp8N1MtlButDu9816n3SgXshnCpcOrzpVqrbPB1ehq0G3XS5TD4Q3fL5QPO4PxdDadDDrNSgEu 3fR0mM4Wq63e1fTh6WE26rWqxSxlOpMt1o4vJveL18X8X/+4XoIXbnr2DrxppfrJ4Obx7fP9aTo8 bZRy5Onh9Pnj+3Nxe9lpHJCnT4fTxefP18vd5dkhTJv/i6srPx3OFl/L79e7K870iZ5+ux91m+U8 9ewTuHI4mzVdrIfTc3U24ZMOr7tYOxlMnz+XP2/zMV45ZRo+a7XjwQ1Ov8/HPbvpI8bZfX32w6R3 VKFfef/mCa+cM12otvvXwfQ59ez9aPrjcXLeUr/gpl+r+O1QbV9cP30sfz4e/3GmWxf/HvX0Bf3s ip5ewtkXrSp+NVGuvNI6h7N/lh9P1xdt9vTn03WfPJ2vHJ1PHuDsYBq+FglXrqffcfqm367hlypt ujd5wOnnm/4xebp81BvP9fSAMd20m+6O52945VN1tvl9ED6p+XKzOwqmhyf1IuEuCvdQNX3/9r38 WkxhGm9F5u95fHrGmD44PBvps2f/nVLPzsH01d0rXrmahhuZ8ZXvZlbTLzCtbqK86dtg2vRwAFxw dudSXfkL9Rasphudy9uX7+U3a7qkptUt+LKDN3Bj6IFnlxqn/92+xG7gxtMAXNT0jD9dP/3PBjyE 0ON+BNBjreABAJst9NDggQU9jpOCHhzwsAIunOkQPIw50KMdTjOASwQeALiwoEcAHmC6RQRNbqFH 1S30mCBwYUKPFkAPBR4UcCGDh3CaAx4qAB4C6MEBD3bQI5rW4IEGmgA8RNDjBEAT4SYaQY8QPNCm 4+CBBz0i8ECHHur2f88DD0A8/IIeCYAHGvSIgwfK038cPHyxwMOBI+gRgocEoQfh1wSASwQ97lm8 hTvoseItNGdCeZYE3gKYJjveIpx2wFsE0OMBwAOL9WDzFsVkeAuH0AOZBz7rweQtNPQA3mL9rEce OBMb6IGsRwQ92LwFsB505sEp9EDWI8ZbEL5TNXiIpqm8hWY9VrxFCqFHQryFX9ADmAcWcOGzHglB D67oYQ09VpLJWcokEwU9UDLh3P7teIsY9CA+/aPY45K3WAkujngLffsnyzWbIJmwBBfPJRNnrEeM t0DQxOEtlODiUDLhsB5KMtG8xTC9kokL1sOdZGLBekS8Bc9vEQouPNZjBT2cuDU2QTJx4dbQvIV/ kglAD3RMeCqZ8HkLdIo4dGtEvEVh3ZLJFrg1uJLJT+C3oAEXe8mkG/ot7CUTEuTyWjJJwK3hLW8R d2sQ6L24ZMKEHoFRdP1uDWvJBOy1XyyrpzIGWwoukVF0/ayHBW9RrG2CW0MZRWkW14TcGkzWw6Fb I1HJZO3Qw51bQyQTe+hBsXrG3RoimRiqPdrqiTZTDuuRkGSSAPSw5S3cSSZpdmusVzJJ0K1hK5mQ oUfcrLl2ySTgLR5tUiYeSyYstwamTLyVTDx1aziTTAR6YNCTlTJxDD24bg2I5notmah4rARcTVGy iuZasB7WKRPt1khnwHUpAVfTzOGOiolGOZEbTkZFAq72vIWNZAIFFwSPiwRc2dBDAq6pdWu4kExU rwenHWMzJBN3bg3/JJOCZcpEAq4s4CIBVzCKUsBDnLfAbo3UBVzT7NbgSSZBwBWqtUQyMWIPsEIu XutlAT0k4Gr0ju/gUzDWeoXFXGsPuOqMCt8oalHrpdwasWIuSgwcopqq1isyiq434OpWMpGAKy9l kkC3hrg1TL/XVLWWp5KJBFzZnaAScCU6RfD271wyYfIWSQRcE5BM6I2iEnB95gkuK95CAq4md0Js BP9VzEVjPTZKMuEGXHntGLrWi2P19L4TNGgU5bEeEnB1UOtlVUe+CSkTTyUTJ7wFSiYqHsvsBP1V zLX2lEmKA66uOkEl4NohbQRRnaAScKW3esZ4i9QFXNkRVQm4OtqEEu4y4daRB7tMbCUTckbFdcDV nWQSNopKJ6jJs78S9/7sMll3t8YG1JGLZGL2YdmRgCuwPeLWMPy0gHMgUbcGUbbYnk5QvwKugd9C Aq6GvyZhysTvgOvXM/Zy0sCD2zpyCbjiGjWuZGKzCYUvmXjq1tiCgCvsYGWtUbPdhBIVc7noBLVI mWxAHbkEXA3vwMrimoBkslrCZtEJKhtcTf7VvN7g+neNmqOAa7iD1eT9xj+jRY9ge+xLOG2apvZX MtGshwRcJeBq9JuSBOshbg36+vdfoodPkoltwNWtW8NdMVfUzCEbXI2+mADmaqtnAikTCbiaveUi mahyLAm4mn5ckpVMvN3guvZOUOcBV0iZwAbXdrVAC5lGVk9mJyi2Y6x4C9rZEnB9toYeKZNMEoAe 3ro1LFMmssHV8B4KReoguKxSJu66NdxIJhJwJTpFJODKAg8R9ICUCR24SMBVAq6GX+jAW+SduTUk 4JrGTlAdcEWr5+FBPkNZ4fYLeqRWMvHMrSEB1wuu4OIs4DrB/a8ScDW8h6LHBZIeUMyFhWTW0IO7 wVUCrtw68tBvYfzvrYBL5/IO194r7oBs9ZSAqwRczT5uwLjA/lcJuB4RmYes1Rq1bFTM9Q7tGNSz 4ztYfQu4JlHrxVwe77gTVAKufqVMyk0JuDpLmfgpmaR4gyszZWIBPbTfQkkm0CjqoJhroBMuWEdO Bg+1TUiZeFfMlRB4sAq4eiyZpG+D62j+hpyJBFwNHwbjjaLeujUk4Gqa7NF+C683uGLQUwKuZr/e WBr0q1uDzDzY8xbO68h/0KxJl0ySgB4J1JH3yTZTz90aNqJHUpKJr3XkM283uPIkEwm4gucBFt8R bv+5UgNu/3HegjYdrX/3rRMUbabTIOFC93qAZDIMmAdWt8YxW3BJLmUCnAlnCVtCAVcH0CPoBE0r 68GxekrAlee3SC7gykqZzN9cuTU2QDKRgKvh06B0gkonKCk2mGgnqJcB1w8+eACeCpgHTqG404Ar doLaBVyXaPXkpEwk4Mpa/57ODa72KZM0B1wtJRM/3Rr49P/K4C1im1Bs16hJwNUIqyZRzOW9W+MR rZ7UjglY/3799MGGHi21PF42uJozqr+Wx9/0PesEjXiLtG5wZUgmEnDlZVQaWAn+vbTs1ni9u+yQ RI+0d4LO2KKHSCapk0zArYHggc96pBN6SMC1ViQWqac34JqgZGJTR672iRg9jcEf0pXgf/0WtGkJ uCbg1qD0W8R4CwbrgZtQhgo8vHK7NSz9FjHgQpEttiPgiikTjySTlVEUwQM1HxMEXJVkwmU9XG1w 1dtItGTSYneCpk0yqQDz4G6NWjolEwm4Olyj5qdkEjeKMqFHyiQTCbhO6PFY63aMIGWSSt4Ca70Y fott6ASVgKvhI3i4hO3ekVHU3q2hyrHQ6lnHcizDl/2Ht4Bpv1iPQDKxdGswJZNog6uu1qLlRCBl chsHD+RpzTwweQvdCfpqCz3oORG3kgm/1utPysTbTlAy87DiLbjFXGkNuAZOEY7Vc2NSJp65NZx3 gvK6NTLQZtodraBHiSZbxKYZbg3Z4MpiHg4U9ADDJGu6FE6ToQc0VKiIqiV44EOPrQm4kiUT7wOu bMnEYnn8qo7cAnq4kkz8NoqyJBPH0KM3UaIHi7dwKplERlE3a9RSHXBNazGX/9AjdZLJPacdY0sk E4/cGrE1ai4kk40IuPIlk4QCrkTDZOXX8niq3RLAgwX0KItbA6q1imzeAvtIqayHvWQiAVdKOZay uIa8hZ/QgxtwRatnQpKJBFyNpEkJuGJElWv19Jm3YO4y2Qa3xvNNH5s1CQ9FuAgtYh5YEVW76WZ3 HBSKq2YOgu9ArXDrsuvInUomEnBl3f61ZCIBV+oOVtuUiQRcGcxD0I7hbcCVK5k4d2s47NawgB4O A642vEXEeli2erKgh3O3hqNO0MOzK2QePhcM1kO5Ne5evn70DhciZwLTYFpcfH5/PJHP1r6D4fTp /fPt8ZoK92CrZql+3P83X7wu7icX6CsigEV8Gqy2eqPZw+N8etU9qhYoIBm8vYVyszMYT2c34/7p Ie1uANOQE211B5ejy/5ZqwbuWnOADsHgTLZQbrQ7vfNep9UoFwgvGx6U8fBipd5stVvNermYI3gW 1HQGxg8qtVqtclDI7ROK0PEhfXcPxvPFUqlYyGf3Sa8ap3f3YD6by+Vwds/c34pH4zjO4w/OGvuZ 9bCeh78AR+mzwfnc0egaNuV//gdSO2WTCmVuZHN0cmVhbQplbmRvYmoKNjggMCBvYmoKMzI4Nwpl bmRvYmoKNjkgMCBvYmoKPDwgL0xlbmd0aCA3MCAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUg L0ltYWdlIC9XaWR0aCAxMzkgL0hlaWdodCA0NTQgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0lu dGVycG9sYXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+ PgpzdHJlYW0KeAHtnel2FEcShTGopd73fe/qfd/3vRswMmAY28C8/5PMjaxqooXTZ+yjEpw5E/nD hFKy8urLqMqU/nzPnskQAtcEfnowrj/zHeoHa6sPnpvD/MR3TWCt/Pz5iz+N58+R5wnDWBjMBGr1 GxoOGrfmuMNA5bh58QJhniSLmYJCIIK5PFbEuk6n0+VyuTE8NLwYHo/b5bx1PEkWynEJQT8/BcDq tLDP5/cHAoFgMBQKhTEiGOFQ0O9139mf5RID+4AQQOD2UABaHQtHY7F4PJFMplLpdDqTyWSz2Uwm lYyF/R4nZbFvi1QO7IiZAiEQAQmiMSyfSmPhXL5QKJZKRrlcqVSq1WqtVqtWjGI2GQm4727si0JB VI47oPD5EQIZkqkMAhSxeqVaqzcazVa73el0u71ev98fYPR77UYlnwz7XI4XdnUuBQEPp4tihKMU AhmMMhJg/U631x8MR6PxZDKdzmbz+XyBsVws5rNxv1XJxgLuW5uwUKfeOO6cbl8ghBiZXKFUriJD p9sfYH1afbFcrlbr9Waz2WLsrLFdLya9eiER8ti1Q4Tk1unxByOJVLZgVOrNdrc/RAYkoPXV4nsa h+ux3+82i2m/XkzaFgVJHHduXyiazBbLtWYHKaazxRII8ONfr6/SEBAis91uNuvlbNSp5uNBmzbo p5+QxBOIJLOlarM7GE/nSEEhLAIIQItjb9br1WqJFlmgW2az2XQ6GfU79VI66nfd2vE0o1FukCSW LlZb/fEMMUBCpVAREGClGhQLj8ej4RDPTb/X63W73U6n3axXipl40IsXiw3vFWzPrTsQzRiN3nix 3lopwAEZ8IggwGiIp7bbabeazUa9XqtW8V4pl8uGUSoV8plkNOi1C8oLh9MXSRvN4Wy9OxyPh8Me KZaL2XQ8GvS7nRbWr1XLWLdYyOdz9IrF2zaVSiWTyUQ8Fgn5kQSP8uOpEBRPMFlsDBbbw+l03O/W y/l0POx3281GrVKmANlMGgsn4vFYNIpzJxzGKRQKYgT8fp8H5+GNHZ3yjDrFF8lWe7Pt8Xw+7tbz ybCHHqgapUIuiwiJGC2PlWldnzqNcR7TwDHtcjrv6GC2BQoeH1cgXmiOVwck2S4n/Xa9ghSZFGUI hwIBP9bH2rSs07qj0IVFXV0cuESoII/fHkBB0waTRme2PZ1Pu8WoUzPQivFoGBR8iKB+cFyRaGWs i5WvBl1qbLvEqVYJpyv9xf583i9H7Uo+FQvjEkJ3IsBHhMvy5rrm0jg9r4Y91wO0yq0nkqkOlgds z7RbzSXCuAypEGYGleBqXbO0Z/UH34W61hvJ1oarw+mwGjVxnvhcd0CBbXgA4MH/9SQfqCjRXH20 Ohx3i34tSy9x6kQ8EzSeZFH9N+Uo++N23i2nwzjvcQ36vilUtqsoh+2sYyRxyL54ro/9xLPXUTbT tpEMuBz2XVP/UfhvopQSEgX8hIquiYSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER 0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSK UNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHd nPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgV HQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1J rwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER0M1JrwgVHQHdnPSKUNER 0M1Jr/wvUInlG6PV/gB3w48UJkAz5fQhynh9+JFRSOYBD4srkCg2J+vD8YdQoRAYcPfdOJzeUMpo T7fH7xvFTKBCkEIQ/sI7F4xXuWpvsTsdN5NWMe5/Ks/H17WtQmlvTI8h7H2Q93l8wVjaaEEJQ1Ga hbjfaZdy5Nu1aRcugxxEJCOyFIJkEIQoLpEtNQbz3el8XI8a+ZjPaYuNjnJY616pj8z1ySWpZI6m StFL9r5IDKK4YqU5mG3gmdovB7VsxGuLjU71oaWQVCYoUkIplaTpkrRkjspjSArBdDZPorjuaL6B Z+q0nUGUE/Lc2qALRBISBZJBUg1lyTIdlj5yOcKkaKkUYVLMFYpGpdZoQxQ3W8ICdj7tl8NGIQ4l zOOjqCB4IIAeBktIJJXEEhZLqCTJJUkqScgc88gAjWGjpeR95Kvb7o/wke1W43Y5HbGjVcBEiQJD SiGJdUliCYslOSxzeQQwXY4wOSqLIQSCyxWkefsDckCMtlmOO9VcHA7FR9vOVBKXNxglcSIZLDFI YkkKy3qjaakchyPoAynDDiTOL1/ReHk+HXar2bBdzSdCaNpH7w+ZAvHejGeKZaWQNBWWcFgOhlgf IkdlUQQGUHj56uc397+8xfjl/s3rl6f9ZjHuN8s5JLFD/alUZ/DzleqdPn50OCShsIS/0rQ4qn04 n1+9Vhne//rh479ofPz13f3r8349H3XrRjYB95YdXjy6jXlCyUKtOyJlodJXkrbwSBvx0srwToX4 7fc/Pn36/Pnzpz9++/D+/tVxYyUJ++AgffT2WEqicKrU6E+Xm52KcDqdVQqF4pe31zm+/Bvjy6ff P76/f3lYTwetSiENbaGTevbR/i91R1VRJoiicODRuMry9h1n+fwFWb58vkSZDdrVQjpGUezwFqoN Ciby1fZggkfE0oySZdPco2+3CHv0x++/fXiHDdouxr1mOQ9JrEfJc3X3zn8yR23r8kdSBZg2+2Rf HV/8q+jdFWk36Q2C5/c1PTzvfkXnfvzw4f1btO1hs5j0m9DoRfxKWPvYHaL3CmSb0VSuVKmSkxav khZ5aaGlpSfaeqARCplO5rN0f3//5ufXr86HLV4rnVoBWeyQXNIB5HB6AuEYTrkcXq9w9RaK6l1H Lzp6zZnC2uGITK140SpK1ExnetmSJbaYCvtI/WkDFhKzeqHMNQ8dUhjHE5bEmDS+9PInj2+j2e70 ILClV/+a3nnqCFpDE1tIBD3Uuf+kM3Rfq7hA4IsbEaTKGH6Mr2pnU6+s9MbkFi7jVG5RoAneQjvo OU94prvVbBRYHh/lGWUx9cqm7BoqS3VdwGVBXRVIOq2kz1Gc0nRNIMdvC7eE+XqPm9NhNW4VE2TT e/QO4TWHMOa9la6NNNQFii5vpglbeajVLUL5lxMwH+PIavWnq93p5Wk371WUY9CGKCoMxXkwrKul lcwMRXZuslKHo4l0rlTvTkgXelgO67moPRdKs4PogvvncXXlVbSUqxt+ajxyqUKth1+DcM0eN227 Zuu6meYeJFOh1N0fl887lxcK4mJjuNqr34Ps/OXjr9J8nb/EokTo8ts7tz+SqXTnO/rt8Cl/Jfua 4NvCTIQ0UDMHk6X2dPODfme2giGPOrrgucWv7z/yLwkUiO6h5h81fvjfV9Q9R3lUJQo3sVBhFlwJ FWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbB lVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBh FlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJ FWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbB lVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBh FlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJ FWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlwJFWbBlVBhFlw9oDLr GMmg2w5VDi/w96urKMftrFNOhZQ67tEKob+f4OtXcpTD0VTleJ03pATD+PpF36cwo2TrZKSEe7Ge iwXc8HC9gKZFxfmOiSiKJ5KtDRHlsB63SnBfeZx3t46bG5WHEz05JUS59YQz1cFyf4bMCL6pVDTo 97hdFAd5EIgI0bhQevivfZtHUhh3KF3pzfeQGa0n3Voxm4yFgwGfV+W5u0UiKxKnMrNxOFvykJzQ BVVOZ7qFZm6/mvSa1VI+k4rHIqFgwE+BQMgJexV8TMoXRXomGpatyeoqG8LAleNw+iHdHWKHIMhc z0a9dr1qFPPZdDIRj0bClAiRvB4K5UIsFQzZKBziIRRtnh1Z0LfecLrcma5hcTvut6v5ZNjvtBq1 ilEs5LKZFBLFohFkCgWDAYqF4cWA1kshu3Oop//xWVSzBOJ5+KbgBDsdD/vtZjmfTUaDXqfdbNSq ZaNULOSRKZ1KJhOIFYtFo4gWCYcpXcDncSkLnw1c8Aw5veFksd4jPeHheDgc9rvtekV5xqNBH4la zUa9Vq2UDaRCrHwul8tms5kMpYtHglA2Oh4t9ySoSqzkgxOw1hlOFzDJQZaINIiz3SDQYj6bItIQ mbrdThuxmo1GvV6v1WpVpEOLx6GPtEM3p7Lc3Lr94WSuXO9A8EqqPdIkWoFUIkRCpvkMqSbj8Wg0 Gg4Hg0EfxFp1w9J72tG5eIjgi/aFYum8USORnPLsqTxmICACpB1CbTebzXq9Xq0QbblYLNBSvaaR wWHxeP2qanuVRQkKIQOGhFdp9mAiNJWNIGQxUqBUrku0zWo+7tbgX7VFCKjaBVwgjfb6oUhOZwsl S/tHakTTv7reXByk17mAarOEm7CYDHls8RdbWeAEhLAXwuZIXCmKDcgkSYrbg94SSlhkAqblCtZN 5MJQu7VezhQVezSJaouUFJAEhdBYQ94IcTPyZEwxIvSWpkCyZ5pq4dxEMnLGoovHw27DyERt6xWr YfBUm1JlpbNWGsK4khdTJMMggWSdrJtKudnpwLqJh7tZIy0tCXLteIJMLkq6p7R2puRbySSVVVqp jaE1hlGZrJumctP0CxulQi5t43vlEsU0AOL8J+M25YF1HHpLUjUqfSQ806bpGcZNki7DuYyTIGbj 25aTXDYKDzflMQOZ/khkolBk3bwYN8lFjfPR7/U4b+m9b8MZ9E0U+tC8p9H9iC4luJvQRQUXAroZ 0CWB/dy4NiCITSezJok5dbk3UiIzk0plBVO3KOuGZ9d95S+jWJ+4JMK/Zijzv4RLDXxIX/Lfvo2t n7/K9KfS1oXkm/1/EPgPBGhpnQplbmRzdHJlYW0KZW5kb2JqCjcwIDAgb2JqCjQwNTcKZW5kb2Jq CjcxIDAgb2JqCjw8IC9MZW5ndGggNzIgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFn ZSAvV2lkdGggMTE1MCAvSGVpZ2h0IDcwIC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBv bGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3Ry ZWFtCngB7d3ZUiJJFIBhW2VfZN9ERARFQBFkUdlRXLBx33Xe/zXmZMlMx/SFVUx0RxP4nyuNKDHz I+JEZtbJzLk5AgEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEE EEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIEpF/imYsrbSPMQQGDmBLTUM08Cmrkvlg4hMOUC knXm5xdUzKsMNOWtpXkIIDArAir3LCyaTGaz2bSo5Z9Z6Rn9QACBaRYY5x6L1Wa3220Ws+QfBj/T /IXRNgRmReBj3GOxOVxLHs+Sy2EzL8rka1Z6Rz8QQGBaBdR6z6LJYnMueQOhcDjk9zi19DOt7aVd CCAwGwLapMtktjncvlB0ZTW5uhILepxW0wKDn9n4gukFAlMq8LHgY7Y6XN5gLJHayG5lM8lYwG0z s/IzpV8ZzUJgNgTGCz52lycQTaxvFoqlUjGfSYS9DgsrP7PxFdMLBKZS4MeCjz8ST20WStX6fr1S zK5FfWrq9VF3KKMjAgEEEPhEYOL8Jp8lFT4y6ZIFn+XkRn63etBstxv1Ui4V87us6q07gQACCOgK aHlpkgw0zj12teCzms7tVg/bvX6/26qXttZifrfdYjItEggggICOwMT7I9TAR3vL7glEEutbO5WD dn9wcnLca9Z2s2uxwJLTbrNaCAQQQEBPYML9ET8mXeH42ub2nuSek/Ph+dmg16jKuk887JeiQ5fL SSCAAAI6Ag7ZH6H2Zxks0tFWfGxOmXQlM/nyfqt/OhxdXn4/H3QPq8Wt9OpyJBwMEAgggICOgN/v 83rcan+EwSKdb99kudnu9oVX1reKtWbv5OLy+vb2+nIoY59aqZDNpJKriRUCAQQQ0BGIx5ej4YDH ZTNYpKPWfMw2ly+SyBT2DjqD4eXN/cPjw93VxWm/fVAtFwv5rWw2u0kggAACnwtsbKRTq8shr8tg hbIMfUxWpzecyGxXGv3T0c390/PL89P9zeh80Gs39mvVvb1yuVwiEEAAgc8Fdos7+c1UPOQxWKEs qz5mmzuwvJ7fa/TPLm8fn1/f3l6fH2Xwczbod9utZuOQQAABBHQFDg7qtfKOvCeXGkGTkXVnNfGy L4USG8V65+T7zcPz6/v7+9vL0/31aHg6OOr3ut0OgQACCOgKtNvNw1o5n44H3TZDW9Ml+1gcnn+z z+PL2/tfWva5GQ3PBsf9nqQfAgEEENAV6LRbjXq5MEn2WZCxTzCe3q62jodX90+Sft5fXx7vrr+f nxz1uu12q9UkEEAAAV2BxuF+ZTeXWpaDMQyOfWTV2eWLJrPFelvSz93j88vry9PD7eXwpN9pHcpM rlYlEEAAAT2BSmWvtJNLy7kYTquhczHUG3eLfSkQW8sWa62js9H1/ePT04MMfc6OOo16pVTc2S4U 8gQCCCCgI5CTI8FSiYhsDVXnMRvYaiovvUxWh6Sf5IbssugMzkc3d3d3NzL06TXr5Z3cZmY9lVoj EEAAgc8FklKYHI+F/W6HxdDEa25ObfNS6ccf0YqdG72T4ejq6krKfbqyzyuXWUssRyORMIEAAgjo CISCAZ/HZddOBDMw9BmnH4t2uoZs9CrVZbPF+cWFvPCS7LOTTa1EgrJ3Y4lAAAEEdATcbpfTbpWR j5FqHy09/XeTe0E2mvYGp6en6oQN2eMeC3rdDrnYi0AAAQR0BKxWi3YFqcEt7pKAJP2MD/iR6Vcq u7O33+oeHR/1/jldzGGVQzsIBBBAQEdADh/7uH7d0Lzr4yFt+GPSpl/RRDpXrBw0O91Oc//jZFW1 YZ6jVXWPlOQBBBAQAXW26gTJRw1/tGN+xgc7Z/K7lf3DxkFtd4tT5ZUlgQAChgUmSj3aw2r6taDd YuqXMw438sVypVLa3lyNcKPO5Jj8BQIITCQwnn7ZnHK+80pqY0uKDGW3fHDJzm2CEznyMAIITC4w nn6pt+/RlWQqvZ6Mh32yWZ6blCe35C8QQGAiAZnZje/18gbC0eVYNOST+3SMFU1P9I94GAEEEPhJ QC3/qOt1HC6P1+/3St2iVjr001P8igACCPx6gfHyj9XukLsz1PUYxusWf31j+EQEEPhKAh/TL5NZ 3Rs2Yd3iV2Kirwgg8BsEVP6R9Z//U7f4G1rDRyKAwFcSUIVFWt2m+uErdZy+IoDAnxdQeUfFn28J LUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBA AAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQOAzgb8BtXxDOwplbmRzdHJlYW0KZW5kb2JqCjcyIDAg b2JqCjE3NDAKZW5kb2JqCjYzIDAgb2JqCjw8IC9MZW5ndGggNjQgMCBSIC9UeXBlIC9YT2JqZWN0 IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggNjIgL0hlaWdodCAxMTczIC9Db2xvclNwYWNlCi9EZXZp Y2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9uZW50IDggL0ZpbHRlciAvRmxh dGVEZWNvZGUgPj4Kc3RyZWFtCngB7V3ZViJJEFXZd0RRFBVERQU3FPeN//+qicisKgrnoTMi65Ak FT7NnEN00rSQl7vFxkbqfzb1D+d1wMkt/MH/oP4BOJrJZLPZTAb/ANo4DGeyuXyhUMjnshnqOAzn 8sVypVIpF/PUcRwulKuN5nazUS0VcnC6+XOH550tlOut9n5nv71dK+eztOlMrlRr7R/1+r3ufqtW pByujq4094/PhlfDwdFes0I5HKeLtZ3u4Pr2/vZqcLhTKxKeOkznSvW9k+Hd0/PT7fC4XS/lMsYv 2+ZmJldu7vevJ6/vr5Pr/n4Dp03HYTpfbnYG4+nH18f0ZtBplvPE6e2Ds9vnr5+vl9uzg23W9MvX 7/fr3flhq0I4ewOfOZ798j37ebu/6NpPm/+2qdc8PPtBn02c7gzUM39/GB7tVAuE94k6uzO4wb83 a7oE/944/fs+UWdTflXhLdbonN48f+H0JT5zyjT8njf2T8c4/TG5PLab3mWc3ddnP14d79boz7w/ nuIz50wX63v9UTB9Qj07G01/Pl2dtGkfLvDJVN/rjaafs9/Pp2vOdLt3/aSne/Sza3p6Bmf32nXS xyJ+prZP4Ozf2ed01NtjT39NR33ydKG2e3L1CGcH0znC+xuuMTX9gdPj/h58JFOnj68ecfp5rD7Q adPV3ePLiZ4+xeuAOL1jN310OXnHZ36jziZcZPCqVXeOhsE0XEWka3Aro6Yf3n9m3y/qIqNcogvT t3gN0qbzlVb34uENz4ZrkDV9P5+Ga9AUNeEFjmer6de74Aq2mzY9XJ99eB6cfX64TbnA1fT24fnd K1xkeP2Tp8vh9Ns9ETwo2APgQZ3NBw/4zHnTzRA8BMCF8BZFuHegwcPbwxBgz1LBA4JFS+ihwQML euwnBT044GEOXDjTIXi45ECPvXCaAVwi8ADAhQU9AvAA020iaHILPepuoccVAhcm9GgD9FDgQQEX 4gUehx70678G4CGAHhzwYAc9omkNHgifiho8RNCjo74FG1+DEfQIwcOyoUd3qIFLAtCDAh62YuAh +v5u/KolAD3i4IHKHVTU9Q//YizwoKeXDz1C3iJB6EF4myDbE0IPW96i64i3CFkPCvMAvEXTlrcI WQ8HvEUAPR4BPLBYDzZvAbxkErwFQg9b8EDjaxT0CHkLPuvB5C3i0IPMPNixHgXgTOK8BeVdssBb IPSgcgcAHgLgwuUtnEEPZD1ivAXhM/Uv9CDyFpr1mPMWy4UewB0MA95iwOMtYqwHF3q8htKBb9CD x1t4Dj3iggvhbbIe0MONZKKgB0omnOvfjreIQQ/it38Ue1zyFhq4fCYAPaiyRfz691YyoQsunksm 7qCH/5IJR3Cxhx5JSCbJQA++ZMJlPSyhR/okE+0UAccETzJx6tZYBcnEnVvDP8kEoAc6JtxBD/R6 MNwaGriA34Lp1kCniEO3hjvJZA3cGr5JJkfJSSYMr0cEPZTl0RveohUXXHxxa6yOZOKbWyO0ei5f MkGj6Bq4NRh+i7hkQvd6JOXWUEZRhmQyCqyetpIJ3aTqzq3hWDIJvR4cycSpWyOlkkl1ZwXcGt5K JuLWMOWKFOzx3q3BTJmsiVvDS8nEiVsjfv2TwYNOmVjzFk82KRNWRmU1JBPIqNCNopgySZ9k4rtb I+ItVNDTmLeIG0XTCj2YkkmQcCFPJ8R6cN0amDIJwrW2RlEnAVcLycTWKOp/wJWcE8lZ8xaBWyOV AdeZBFzNvxSh3TLKiYw5GRUJuErA1Qj5SMBVAq60Zg4luFhAD68lE/x7s9oxSo10B1y134LMeizY TNntGCzeAjMqNgFX7NZw59Zwx1tEwMU64MpKmUyidozlpkxWQjKRgKsR6NnY0O0YjnmLeLdG6lIm uhSMEt2TgCsTekjAlVfMpUrBFHCRgKvJ5yp2W7qVTCTgKgFXo99U7PVIc7cGVzJZi24NCbiavEfg MdjauxIBV3eSCZO3WJFO0NQFXC06QSPegie4+B9wZRRzFSTgiq2eEnA1uFCwzDzyW7hJmaQ+4Lr8 bg2rOnKRTNgBV/BbMAOujuvI3UkmEnAlCi72deQJpkwk4PrPO9hlHXlCVs8EJBM30MOyUBz5mmAT yvIkEwm4ouDiwCga7jLhNoq6CrjaZlQsoIfjgKtNJ6gEXLFaK4VujbSmTFhl5vxNKKsDPWxTJu7q yFmSiQRcGd0aSaVMEijmIndrOA24BuDBKuAKu0x8lUwk4PrP77/6AcqlAkvY/K0jZwZcF3aZJNMJ aviSK7tlZaGYiyuZWHZrkCOqf4yizB2slptQuG4NCbimboPrXDJxwFv4GnC1TZkERlEOeIg2oTDX qMkGV1Y8du7W4HaCqv2vDniLELgw3BqywZXFPHi+yyQumWyaZ9DduzX4ksnfDa5kyWQQLEJL3wZX CbgudxOKLfSwkEwk4PrMsnpGRlEJuJp9/98MqrXSvEbNkrdgAReRTGATimxwNXmT6qRHYmvUZIOr wYsORDSIPYo7wF0mtnXkjHaMlQm4ste/ywZXg180eEggekT7X6l+C987QQV6pGwTygpIJu6gB8ut 0bDtBJUNrsQqdLz+nUsmEnA150QXlseP+3sN9vL4Z24duQRcy7SkR6EaeT0YkokEXFnMQ9itIRtc zT9cMujWGKiI6ptscDX7WhM0VCTCWzBXz0vAlb7+fUH0kE5Qg991/P5eixpFOeABUiZhwJXjmIhE D5ZkklgdOdet8TP7fvE8ZUKDPcrrERlF/drgmuZirrhbY6mdoLbQg+/WkA2uj7D+3SPJxH4TigRc yY2iHgdcpRPUDnpweIuVqCOXgKsBtMeH/EmZnB+2KHKNBFzn7RiMXSaqW4MlmSQTcP1gMg+JsB4I PYiyxYp0giYQcF2u1TOJTlCs9WJEVOMpEwm4Gn0oK8eEJesxT5ng7tmMOReMReogW0zeeSkT390a EW9B2+AqAdfZDzPgenBmF1G1m9aiB7OYSza4gsWVknBRpd5z8GA3zeMtEkmZSMDV9CIrLgguTKMo rJ7nBlxXYo2aZ24N55IJD3rYd4KuSMB16ZJJ90LBnte7swN6ofhCtwaFO1izTtCUBFytJRMJuDJY D6fdGoFkkkrWw3fogd/+CWKu8nocywZX6QQ1APjqAm/9BQ8Gg+ohevrwPIAeFrtMJOBqTu/FuzX8 7QSVDa6G7zLrNWqlMCfCqSOPpUzcgQdHAVdsx9CbUMh+i0Aymc3cdoKmMOCKG2Ceb05ZVk8JuNIk k6CZQ1//Ke0EZSVcnHdrSMCVJHrgLhPbgOtYyRbg1li+ZBLINf66NVK5wRWgB1cyAeAC1yBnWudE 9HQfYA+ZeTjROREoFPdMMvHUreFUMpGAK+v6l4Ar060hAVdn4IFpM00o4OrArSGSCYv1WAm3hmeS iXO3hgRcCfbaBaNo6LcwJHNXZ5cJC7g45y0k4ErlLSxSJjHWA1MmzqCHtwHXT5BMqE4R1eo5mn7N QPTADa7klMlebxTIFpzp+BI2htVzLpm0mdNs3qINzMOctyBZmuPtGCmUTHROhNPrsTPPqPjVCSoB 1ztxa5hhNoB75e2Ds1tn0KOjWQ9Y4O5ZJ6gF9NApE+kEJYZrY24NNniYfiL0sC4UJwOXhAKuHNFj HQKu7E7QR+WYYBVzeSqZSMD1O63dGhJwNQM9UCqCjaJz6HEE3/5p7Rh/16jRplVGBR0T76xuDZ/d Gv5KJs7ryBG49OiciS30wE0ovqdMPHNrOJdMJOC6XMnkb0bFNC/x/4yKBFwNMACyHk1gPWyMopZu DYedoN4HXB1IJo1EAq4OJROPWQ+m1TNByYRuFA0KxcEo6plbI2I9ZIOrwUUCD5ENruCvYfkt1mh5 PCHBHocebgKuCvaA4EJnPay7NU6D5fGXeDZJxcZmzWha3BpGn016i2rAW3gXcLXlLUK3hr+doGlz a8z9FqxOUAm4SsDV4HNxDWq9bHiLhDpBPXNr+CyZhAHXK1/ryFPp1rCQTMKAK0ZUSSA5sHrOjaIS cP3nhfB3/TsLerDryCXgmpRbY9mSyc9MNriavubab2G7Ro3PW7h1a8x5Cx7rEXVrcArF52XmnGn3 bg1XkonPRlEL6OEw4JpayQTAww+/1mv48P7zq0rBGJ2g6Dv45k3DFtXD87uXr++PqbbXEhwTWK0F qYOb6fvn2+O1ksgI00q97/SvJy+vz/eXJ+06aX8MNg7W28cXN5PHh/FZd4dm5UZKtdo66A9HN6OL Xme7QmKxUSsqN9rd/tn5We9wt17KE3yDmK7NFavN9kH3qNvZbcDR5i+aEqqy+VK10dpt7243KsUc 5Whcw7aVzRfL1Xq9Vi0Xc/C1xPjyRwi+ubWVzeWLpVKxkMeTScPq9Ew2Bz/ZLH1YjW9tZTKZLTiY eLJ68jClf/D/OD8wzRlbwZn/AF6+ZYcKZW5kc3RyZWFtCmVuZG9iago2NCAwIG9iagozMzEwCmVu ZG9iago3MyAwIG9iago8PCAvTGVuZ3RoIDc0IDAgUiAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAv SW1hZ2UgL1dpZHRoIDExNTQgL0hlaWdodCA3MCAvQ29sb3JTcGFjZQovRGV2aWNlR3JheSAvSW50 ZXJwb2xhdGUgdHJ1ZSAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+ CnN0cmVhbQp4Ae2dCVvaTBeG336iIiCLIooLgiIoKgouKCooKq22am37Wru8//9vfGcSAgnMZCNI iM+5vMxkEkLmCffMmTX//AODAlAACkABKAAFoAAUgAJQAApAASgABaAAFIACUAAKQAEoAAWgABSA AlAACkABKAAFoAAUgAJQAApAASgABaAAFIACUAAKQAEoAAWgABSAAlAACkABKAAFoAAUgAJQAApA ASgABaAAFIAC3lXgg2TeTR9SBgWggGsVYLnP/8jY1rU3iRuDAlDAmwqw7GdMMikT8mYikSooAAXc qQBlQGO+8Qmycd/YGHOE3HmfuCsoAAU8qABlQL7xyalAMBiY8rNMiPIgDyYTSYICUMCNCrAMaMIf nI7EYtHIdJDyoDFWF3PjreKeoAAU8JwCVAUb9wcjs4mFhYVEPBamPEhyg5AHee5RI0FQwIUKkAs0 GYjEkyvpTGZ1eSEemw608iAX3ixuCQpAAY8p8IFcoOmZhVR2s1DY3MhQHhQNTU2iOchjjxnJgQLu VIAqYRNT4bnl9a1iqVwqFnKZ5fnZCMuD0BzkzieGu4ICrlCAjR50wqgdOhBNpHK7B5XT08rBXmEj vZSYQXOQKx4ybmJ0FHACRu9dgw10NrAx32QwOp/KFY+qF7Xa2cnh3lY2tTiH5qDR+e278k69B5MT KTKAcYiH5SHJb/nf17LxCX8oRjnQ7tFZ/eq6cXl+clDcXF9RmoPQM+8M3078fL13jSESZ/DVb4mi /F0KkIPYjvdvbMRynzbJN/9UMDwzn9rYOTitX982mzdXFyfl3Tw1B81EglNyz7wzEKqv4j2YnEiR ARVDPAwguxjuE0b2cT6Pwlh/3zZlwQKmLWjFQhybprGIc8lUdrt8Urtu3t3ff7q9Oq+UtjfSiwmq ilGvmKXxiU6AqFxjiMQZfDWAHDqQLVL7wNICj1OmeaSpBRaMwyMnatqChXUtYmBRA4sZ2IyRzXIs Hp+bT65kctulykXj4/3D4+OX++bV+fF+IZtKxiNsgKL5LIjyDondgRM6CFdVuWYXXHZ2376E1BSd trAcGSAZo2aZ1OUxbMBjxIDHaNQAyJgdINWMxjs2Z80SApvXMRqTzLWkyBZFtiS25R5bWUmtZtZz heIB+UCfvjw9f/v29eH+9rJ6SFWxpbloyD9BM8XUNShhmOU/Y2M+Xw+zQwZSptMilgCyh083AdlC 0yyWAh4TOjzOc2mkSBGPSRGPi2Iel3p4VCJW1JYyY6tcS/MtI7A1vq1zLSuyDa7luJbP5zc3t7Z3 9w4qZ5c3d4/PP15eXn48P3y6vqjsF9aXE9Ggn4YGmcmCmP9Dc+wn/X6i15zbasFhDQY5/qkgymwJ Oa1bREYi+oWkC4GUuTTGcsSBbMGpjyWXx1U+jzQfQGDDAJKY1NimZFuWrMC1bYHtiGyXa0WR7Yls n2+l/ZJk5fLB0fHpef364+en7y+vv369vnx/+nxbPy0V1pbi4QCrhwkdn84BtsjHhD8QnCZweXS+ ocvacV6VkC6VIiD1ikgXlZCq0lIMJR9IAZECHDMZNwAp0SlTSYWnOePyWBDwuC3icYfL466Ix2LR JpAylsr/MrMDi3YotKPDwyNdO9a1ip6dnFROdO2Ua9Vq9ez8onZ13bx/fP739fefv39+v/74SllQ ZS+/uhALTfrGTORA0iT7qVAkRg1LHQ/WUZdV6LOqGNQGhUSOKJA5TeGo2lGIbG0NuHQISD6RAway VJKQlP+Z5VLIIzugy+ORLo/HejxWKvaAbFFKXLbtzJadn53bsAtbVqvRcELrVlfs8qpx07z7Qi7Q rz9//6Ms6Of3x7vGWbmQSc6EqBpmJgdi8zumY3MLy6m0pqzkViHXRVXILLcKucGtQubMAilzKcTS M0CaxXLUgWyRaRHLNwfSOpMKjz3bS671nNaO4J7u5sirxvXtx7svX+Uc6L+/dnIgtspHNLGUzuYL sh9r0Wd1xGXVlJCqwlLXj/UIkBa5HGUgW6RxkGozqAlwTvRGlCaV/e7UpAtYd2TYJ+w4TucXkovG Plqr0Xjo20+fn769vP7+26qFNVu1sKCpWhhbZ2gqHF/M5Hf2y+TY8pzXN3JZ275rO2CmsHxbINkz s/yo63X5N2L0S1PDJZ97qf2I+gQvhrWptbtHYrM/W9YHkFYqTmZ+2NI5bRS4AW7rTDtSt2WHDupg TbVUXkbQjpMqwLRXqZxWz+uN27uH5x8/f/3+/fpCzUDNS0st0WypRXKBaHB1+fiU6p9WHoH0jAcH pOoX2CLxsk4B9veeTCWDreAIACnBa4ZKLoftyDZ73MCggdRvlqKjapfdTEOYpiqg2lGaunu2/I4r UR1lj9/wRw30/EoQp51/t7hXOqxUaw3WF/bvz5/UG/94d1OrlKz0xrOVzoLRhdV88fDknH6sI8E2 y4a63APTcNoEUsporWTPyrktl9VKCSmfO2AiXQWkDKc+lioGNcEeEJWINwdSZlTUU0fxnYZLYdum cqCri6K1q+rD0Ab57a38tllhUy6/5Zffj8pi17Mb+cJu6fjs8vb+4fnb9+/Pj/dNGpFYpBGJCRqR aG44kOwDza/maZmP6rlpzxVAdnxYUy6rsIRUl4y9YTGUGgpVOwp/PVs3AymjqdDH2Q4DyCyXSAGQ ooEQ6XSmZyxTq0NX2OHLOaDtKlbtKSMhu7c6oymFIzCFHeD8ISzJ5NJKOrtVpJmpN3dfHp+eHu6b DeuzMthSZ4EIW+psr3xEowJaDuzQSsheCNUxHgayUz6qQxwYWZQjQOa4RaSwhHQEyF4cJT47gyw4 9HGiVAhqg90gKvt2gFwUEckHkmJ1hmp3jV3THefWPqiMiuNv1fNAeGGjuSVGA/14gwPVcbGZ+PxS Osfmxt98uv/8+a7ZoNnxOzlaqCwWNj8z9QNb7jVEy72ub9II6+5y0mIdkmqWpuuQBi6rGsNO2BKQ m1pHtbPHd1kdAXKdX0SKSkhDIM0Vl1oKVXsKgN1btwEp89kmTxDgg6jE8iBUxw0ayGjPdJiuCO1I ftMTALQnCqYT8KKtzFwwNxeCnUUTJyQL0BjmyOzCam73sFq/bn78eNuonR4WN9fYYq2WVueQlrwP zy4sr65lNcN3uCXkhrCI5LqsAwJS4pJTNLaiVAhqg90gKvvuBJJhKWBRilbQ429nZ+Nq/nrCLgOy hacWNxN7PPT4cYMFUgFTd2ttjqNm1rKtHQcmdvZMFm1HTPhpGKG0RuJZvXFzfVWrSqskJuPRabZg vfkVylh3/GQgHIvPJ9lUPAalDpBLliuRDrisHQ/2vQEpcWmCw/YpfPh4sQDSDp9t/mwHlKUcBrId +OIWqi/wsXGE8iqt1LtzcXq0Ly8NFLb60h42MZ7evRoKR2hRgnZJOdwSkmaoaV3Wrr02cEYBHnr8 uHcI5KQdBLWfsc1h54MDIVG5qAqYtwkaLFA1zMPK8l0ObWk6OzUgJ1Y2WBdW9eSotMPelkHLI0ov T6Uv6cw8NQqxLMg3Qe9/plWa2nQOBsh2JVLXV20dfGuXFUA6D+kwiTP4bodA9NhljDKL9nHJcZHf 1rNXPijv7+TX7C8RTRejPGh8nIo3dW1TW9rZ2esUdLZDSmE2kK3zxBld0YCKIR72GEkOJacNHALd CihdWKvZre3trdxaKtnHazLocVEeNAQbInEGX+3QL9hjl+n+FWL/HSsgdWHRW5tTNJ89vZLs81Vh MiliKj1GkkPJecc/PyT93SvA2o/9ochsIrmYnJ+bkV6XaqEHjKNf31hyrokoKAAFvKkAVZxoZcNg OBqbiUXDQbwy3puPGamCAm5VgGVB1IseCIaCASX/sdAD5tZk4b6gABQYDQUoC6IeLOq+mpgY99Gi 9FZ64EcjhbhLKAAFXKyA3IPl81EnFvIfFz8n3BoU8KgCrO2Y9V+xrUeTiGRBASjgYgVY3kPm4jvE rUEBKAAFoAAUgAJQAApAASgABaAAFIACUAAKQAEoAAWgABSAAlAACkABKAAFoAAUgAJQAApAASgA BaAAFIACUAAKQAEoAAWgABSAAlAACkABKAAFoAAUgAJQAApAASgABaAAFOhLgf8DYwdOiwplbmRz dHJlYW0KZW5kb2JqCjc0IDAgb2JqCjMwNjUKZW5kb2JqCjU5IDAgb2JqCjw8IC9MZW5ndGggNjAg MCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMTE1NSAvSGVpZ2h0IDcx IC9Db2xvclNwYWNlCi9EZXZpY2VHcmF5IC9JbnRlcnBvbGF0ZSB0cnVlIC9CaXRzUGVyQ29tcG9u ZW50IDggL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB7d1pUxpLFIBh72XfdxQQFxYF VDaVRREGBSGKF+IlGjX3//+N2z2AQSsJjQnf3q6yArGdqXo+nOruOefM2hoDAQQQQAABBBBAAAEE EEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBA AAEEEEAAAQQQQAABBFYp8NdsrPImXBsBBBD4gYAIP3+LYRA/4uMPJvBfCCCAwMoEZAAyGI0mk8lo NIggtLIbcWEEEEDgvYAegExmi9Vqs1rMJmLQeyC+I4DA6gTkHsxgMlvtTpfb7XLaLSYj66DVcXNl BBCYF9ADkFEEIJfXHwyFgj63wyrXQfNz+IwAAgisRkCugIwmiwhAgfXoZjwe2wh6HBaWQavR5qoI IPBGQB4CiQBkc3oC65s7yfReOrEVCbhsLIPeMPEFAQRWITDbgznc/nBsJ509zBeOsql42Oswi2XQ Ku7INRFAAIGZgL4Hk4dAvlB0O5XNl08rleN8ZmfD79R3YiJCMRBAAIGFArOYstS/00Mgm9MbjMST mfxx9azROKuWcomo3yUPpGWKIgMBBBBQFFgyAMkH8dNDoMT+Ubl63tLaWqMmQ5A4DBIP5g0MBBBA QE1g2bKK6R5scgi0d1CqNrSrTrfTvqgWs7tR8UzMZrGYGQgggICKgCyrMCyT0iwjkP4gPhTZTuWK lXOt0+v3e912o1LI7MbCfo/L6WAggAACCgJ2u33JsgoRgUQuosMT2IgnMvmTM63Tvx0Mbj91tfPT fCa5FV0PBvx+v4+BAAIILBbwesWiRZ7eKJZV6BFIHEOHojt7h8f1Zqc/GI4+D+9uZAgqHuwnd7Y2 Y7EoAwEEEFAQiEQ2wq9lFSrZPGIXZrY6feHNZLZYubjsDUb34/H4fnh73b6onRSPcpm9dDrFQAAB BFQEkond7U29rMJkUOmyIRdBFodXRKCDcr3VvRnef3n8+vgwHg36Ha1Rr5yUS8VCIc9AAAEEVASO DnOZ5HYk6LablapL5VG0zRWIJnLlunY9+Dx+fHp+fvr65f6f216n3Wyc1+u1Wq3KQAABBFQEKifH hVx6a92nV5cuzg6SZ9F2Tziezlea3dvR+PH55du3l6eHf0eDT9edS01rNcW4YCCAAAIqAo2z2mkh q+c0G1V2YjIEiX3Y1n6hpvUG9w9PL9/+EyHocTy6u+l1ry7bbY2BAAIIKAq0mo2zSimXjAVkWYXC YdCiVVBLroJUYh9zEEAAgYsLsQo6EQmFsrJLcRU0OQvazZbenQXd9K40eRbEUZDKBpg5CCCgC4hH WIVcaomzoIVPxMQDMZ6IqTwJYA4CCOTz4onYflI0GlN9Irb2Ji+oIfKChnN5QcfkBalkQjAHAQSm AkmZFzRpt6p0FLS29jY7uta8ktnRo+GdXqAxy45WyIlkCgIIIBCNLp0dPYlBczVirUmNWP9tjdji yhBmIIAAAj6frBET3TWUa8T0dZBsFuTyTirlT18r5c9PqZRXqAxmCgIIvAqIQnm9Un6pl6CKvZhB FstPmkYflES7jkvZL6hBvyCV7ijMQQCBeYGl+wXJdZCs05h2TdzdPxRdE5vzXRPNdE1UaxbHLAQQ EALLdk0UZRz6QkgGIW9wQ/aOLuu9o0WSYyJC72jFXrlMQwCB7wKLq8PezZjuxniDxndDPiGAwAcE 3oUW5a/iVnNHQineI6Ysx0QEEPgjAiIGvb5NNbbN21T/CCoXQQABdYHpkdDcO+UDvFNenY+ZCCDw mwKz3Zjd5fEHQ6HXFrC/eVn+HAEEEFAT0IOQSbzZ2eFyu11O+zJJjmp3YBYCCCDwCwF5JCRSFS1W 65KvA/rFNfkVAgggoCwwCULGDyQ5Kt+CiQgggMBPBWQugEhw/EiS40+vyS8QQAABdQEZhfSh/ifM RAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAA AQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgY8K/A/uYUWwCmVuZHN0cmVhbQplbmRvYmoK NjAgMCBvYmoKMTU0MQplbmRvYmoKNjEgMCBvYmoKPDwgL0xlbmd0aCA2MiAwIFIgL1R5cGUgL1hP YmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA0NTUgL0hlaWdodCA3MCAvQ29sb3JTcGFjZQov RGV2aWNlR3JheSAvSW50ZXJwb2xhdGUgdHJ1ZSAvQml0c1BlckNvbXBvbmVudCA4IC9GaWx0ZXIg L0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae1aZXtbORPdtnHsmJmZMWZ27DA13EDTdv//33jPSJd8 fdNtqPu8W+lLEmcszZyRBo70119iCAQEAgIBgYBAQCAgEBAICAQEAgIBgYBAQCAgEBAICAQEAgIB gYBAQCAgEPhjEPhA44+x9v0NZXj+ZkBpzY8fP9KP9zfwT1jh3wCUXPiJDebJPwHm97WRDsXvBpQ5 cc20jmFa+0SOfF8b//uzkxPXTISoiRD9HSGObZy1dfOG1WqzbpjXadn/PtDvaiF50bRuAaLWDYuZ O/JdF/xLcqLFane63W6X07axviaO4ysxJy+aNziiDtvG+zuSn36z1e7yBkLhcNDvtjM/vtKOP/zr Hz6uma1OD0fUg6NhNr1nrqKkuEb7xuULRhPpTDoZDbjtFtMnkR1fsxHpMG44vKFYKp1OxSMBr9Nm YbnqXWCV46nN6Q1GU7lipVIupKN+58a6yI6v8eJfdBht7mA8S5AWs8lIwOOwSo581cRGX2bxdN1i dXgC0WSuXG912s1aIRly2yg7Gn1DfPZLCABYk8XujaRLDYZpKZsIU7JCinzzLkBKiht2tz+cyJYb nf5oPOw1y+mwx2Y2cCOO7uowtmpVDp8YihpKvo+o4fpU4K2O14rymOqP5artAYHaqhUz8ZDXheoR KRLrGS/wgk8xFy+mXL5QPFOqtweTrfl8OmxXMhGvXe9GZikoHv1gny+v/npRg0k52vrVOeWkx+QJ BQxmfUKScNYj/YSogSSr/D+urW84/fF8vTuezeezcb9VRbYKotZ528gqxVNKirF0odYeTOc7u7vb s2GrnJbcqIEH0ozjWVseRFLogwSJ4uNlwbU1SVIzJzf33xXlxJVOV6bqcscFbz3PKlSNNlcgnqt1 xwzXrXGvWcknI363w/p2zQdphZWsDncgkspXW/3JYu/g8HB/ZzZollJhL5WqmuQIccZImPWDcz6a rcvMJTZIL2mWyQzl6P5MFF7X4kjrQ4HVWVc5p39QVTMrucZw0uepquvsJVXNVHAE4wiqo/kuQ3Y+ 7m6WkSJ9LkqRS+YpkDzzF2bAugVNBiXFzR6ceHRyenq8vz3pNYqpiM+xxABAHD63WG12u92hDvxl s0oMhawAQwZs0IqozbZhAc+nwsh1MBQF78FTiDQriTJGBLOqyzvY+hLnJJ9yWdRmKMogX1b1aat+ SVVmlcYnslU2u9ODiiNXbQ23dg+Pge3h7taoUy9mYkHefKjTywo99yezFUfRE4xlSo3uaL53/Pn8 4uLshLmxlIkF3DbNcYT4GpWzLo/X59cOn9fjclCwV1T68OETkoLN6TYUpYpbFZVpDq9PP6vbaUfk UcCR1AUjol/f54Uo39scA1LV9ISqbkZPKf0wt8r2S1bh1DKrVlX1uJZURaPByRuPzx+KxJGtWoPZ zuHp2cXF+enhLlJWNZ9CZOUEi7z3nus/SZ6ODCgGXziZr7axW47OLq9vbq4uTg+2p8jFtJDLSkUO W4dQXGf0QCQWTySS8kgk4rFI0KdViUFDlW9oVTQc9Lk0m4NEaSf5Q1HtrAnMGg1Tt8z8yBRm0CCJ B8JRrK8oQOtHQ370Y4qqDEWLDUxGWDtpkqkaWkJPVtUXXFUVViHyUessAwAvPqnqslXwIpE34Wgi mUEfvtkZAd/PF8D3+uL0EPgissaDnuVw9yI/MgvgxUiq2OhNtg8/X97c3t/f3Vx+PsLB7zWr+WTY 69iQsyNOmMlsd6OzzOSLpVJZHqVSMZ+VOR+eSAlwix2HPJUt6EUzyO8ucg7fg2xvgOaIp3Na0VKp VMil42GfkzlHciPfdCSK/2vWJ9EQVFXIClLV5vJHVlUtZFOxoEfN+VxVsiq7YlWGWUWqcjfCKngR jMySqmVSNZOQt7ysKipUlP7pXLFcqTVa3cF0sX98fvXl7v7+9vriZH8+atfyiZBGkxf5EF9iFji8 4VRxsz/bOz6/vnt4fPz6cHt9fnKwg5IK5zERdLPWEWbA6TiMTn80Xaw2mu2OOtqtRhWxPuCySrGS 7w9XAKG6ttnSiraajUohHfEp9BCJmm2eUCJXXhZtt5p1lHS8ymIw0jZCK43QUak3tbO2W5u1cg6Q yKqSZTg22J+FSqPZUjXtkCglCyXIqKrCKu2kIEBglcJkcQAkRmbVKqjKKglpy3NVmVV1QNXrD8ez xe7h6eUNg/j+9urscHvSreXjKr4v9SKMXVu3ohrO13uzvZOLL/eP375///b1/svl5+P9nfm436xk oz6HxcSCigx4slBvQ62JOsbDfrteTElkgWww5y6ISlAlJyPqgAvJoFs+Y5jVZHH4oiiwOmiQVdEx RJuVXJw2B6Ia33XrVieK90qzN1wWHXQQolRVyTKz1R1MICVBVJ10Mh71O40SdVIWniskq7CVDa0q pNTNIakayehVZVbRluf7mFTFjsOOj2Urze5gNJnOthY7e4cn51e3D4/fCeO767Oj7TFrzYGvkqdf 5Ep2ENyhZKk5XByeXd89fv/x94/vjw+3V0jD+ztbo249H/M7pWWYwfBNptzsj2db84U8pK4WMAIb phHbjA5YAe5igq5XllzMt6bom0APeeWDww0OJPL1znCqEZ1DdNRtFEEILrkR6hZRjE3BUMizkuiw U88nAk4kADq4sm/S5WZvDFFZcgFVJ4N2NRvzy+Bh/TWLHduo0oJV6qRQFb16syxTIGxWRAP4Jl9r D/VWjXqbpZTKXWJWHBBso3p3SOtv7+zuHx4jM949fPsBkL99vb063d/q1/Nx8NZy1nqREymoUpAg N462j85v7rVuPIIbx3AjX0bBxu6NZmAwrFhsy2MhYUNulGGEwXBjjgwmK+QBUcLGwI0FcqNGlBAf oelhvK56GkldJPIRAa5OytxYMHQj+UaR3IZzJsN2LQc3Kh6nSE1uZDtOKzqb9FuVTJQzWZIbGSNT 06kKq0Z9uDHMExA/jeTGZIHtOPLinuTGr99+/E1uvLv6DDc23siNLKgWGv2t/dPLLzjwP3AaEVTP Tg5255NBq8oj1dIWRz3UGYwRKOQxnY4H3U0WqaRSUT24m93heKoRnYwGiL9JbaTi4Yci5UgjOp1O Rn0UAXGKVKobgU0cp6GPQKXMivVRj1Xgm+XTSB4HtUgxTR4QHaL5piOmDaos/m92B5r1Z9PJeNBB 76xNFbQ5yeMI6hpRSVWkCm1QZRwc2kVSFbFre3f/6PT8moLqjx/fHu9vLo53J12G7+tPI1Vevghi z3BOfrz/+vjt8eGOKuIdeLFd06UGihRUt9SbnW5PHd1Os07VM8KfmnDWcT2DugXE/pIobk5Kmajf JReV3OMeqlsaba1ot9vexPrEQMh1AysUqW6pbba7mlm7nXaDqiEPY4DlNErVGEqsZlsj2et2Wg1U Q2phQeuvI43Gs2UDq0oZOTeroTpEquqt2qyhGtKoKlVjqUIVqvYG8PrW9t4RWgEJ4pvz491Zv8Eu kdQ26WVRlUFodcHacnMw20U5fHv38HD35ersaA8FDth4qKbUlCxvsy4inSuVK9WaPKrVcinPCn6F KqAamC5L45l8qVLViOLOLZeOBd32pYaDmp5EtqAVrVZJlPcm2BvMQFa4UBdBRbw6K0RLhWwC5a98 bpEvqOFwgyVmorKmNRLN0xWD2ptI5Tpag3yprE5aw/olUpV1BErDgTPmDScyBqqmcMuOhK+0Uaix SNVssVytN5qo9Gbb+yc4jvcP93eoIVGoEk9GDZ3SJb3Mi5QcESbQXqGHaHTHiwOUUjdfvuAwHuxM B8yLAXR4vGzhhQN1v4FwLJHEZbYyUslELEzXoQo3wzcIut9IPJHSiUbZhRuJct8wxNGoR+JJrWgq lYxHQ2i/lb3B1QVxGIquilKnzppRxeNgKnDxhu57af1UAlfwHt6MMlF+HH9ilUpHUjmEnt4LVfVW QVWQChbFIxKyUDWRyuQK5Vqzy9r/S+B7c3V2vLc1bLO2XKPJS73IWkHyIxhV5Kb+dAc18cUlyLgD 7JXNUnapTyY/EhcFktDnDwS1I+D3gYzagMMl3zDE6UGIxxdYFdWRYdhLxM17V0W97iWKjyFusUFU v34AbBzdGKjrS2Sgx0CUqaoRJSqLqaqfFVaB4sOTC34Y+baHqi5DVdnVk4ZiZGQgVAWRlMwUcXVE ZNz5JeA93l+Muw20ryBxtEq/zo9EhQWiyDjt4Wzn4Pj0s0yNU5uunjAsgj1Grx9tdofT6XTJA787 iBvnT0y4LkAcokQ3G4jS3bcCON9LxLc7tKKYFLPikaWORafnQlY2qaIASToYN49J+WHkqkLUcH1D VY1Fwc3rVSWrnlJVbxVUBQEcQBqotgZbOCUSuOjIc7jjYPylRulX+RFw020jXRmD+NvZPzxC0wjO b/WiCs6Bd0zrZgvGhjzoDzMudcheGUXmHJI0ENW/Y2Yu14vSpBb9pMqs7L//tP6bqIpT+09WaVRd FbVs2DQXVUdHh3vbyFfVAlIpO4pv9JaDPEM7XLqrQp+ztb27t8evjVH7SQ29tE+kW1Ncr5q0g65b mbmKFykC40CyS+MVyVVRuoqlSYxFNZuUbaRfElVVNZoV/1Vn5aL69U1k1KqqP7dKnZS2HNtISFp0 bdzBtfHe3u4CzyrqRZRO6hM5zXde8SvBzW6OUZCglkb7hoZ5PtM84tBYTN6BegaD/rGsxVOS2LI6 UfrAYEp89G6iK6oaK7CyPtuehrquiNIHgBYEIn/EsbVY4G0MuMAsGH92Z/xGR5HbIq3GIms0Xaii uZ1M0G/gLY7RkyrSznAsI0N/GYrhw1XJf130KVUNdH1K1NAq6rxA4OE0EqjE/VIX9aYvOJR1oRiV i4is1OoVa+juu0R2gySk3lSRE788FwEU94z5ITq9B0IDFyFIisp7qreGlh1/ciS9ccwUK7W6fPWk Fl/PNUHIAwHGW/N7uHqtnE/H3uV1owo1j+P0AMgfjqezOeV21TAGqt8Tv/0UAYQ5uj8OJ9K5XCYV Iz6DNVGamvan33/2P1lkZc0HHlREonhBIb0wePZM4gsqAoz5odckhCheurzfy39lTRxI1nyw50V4 JcV4GXEYFXxe8gurOhDj8LaM3p3JzMNbJ8Vl1XiKZOyLnpdZFhR//SoCzI/8+ab0CPLd4qmqEo+s /D2vjpdRhcRvz0FAOhp4dq2nr54zy3NlyZGcU2EPtt/39D9Xuf9LeS2gv+EkyhjBkZzSwE/5M/Hz FQhoAf2tiNLCGK9QXXxViwCHUwCqxUT8LhAQCAgEBAICAYGAQEAgIBAQCAgEBAICAYGAQEAgIBAQ CAgEBAICAYHAfxyB/wELsLvoCmVuZHN0cmVhbQplbmRvYmoKNjIgMCBvYmoKMzk4NQplbmRvYmoK NjUgMCBvYmoKPDwgL0xlbmd0aCA2NiAwIFIgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdl IC9XaWR0aCAxMTgzIC9IZWlnaHQgNzEgL0NvbG9yU3BhY2UKL0RldmljZUdyYXkgL0ludGVycG9s YXRlIHRydWUgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJl YW0KeAHt3WlTGlsQgOFE2fcdZBFkUwREFgEREBEVXHFf4v3/f+P2gcRb+RLHGm+FKt/+kNIKJeOD 1XXOmZ7ub98IBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBA AAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEBgcQS+SyzO1XAlCCCAwFxA5aZ5IIIA AggskIAkpqWlZYmlpSX5eoGujEtBAIGvLSDJaXnZYDSajEaDZCjy09f+c+C3R2CBBFR2MpjMVqvN ajGbjLKGIkEt0MfDpSDwlQUkOxnNVofL7Xa7HDaLJCh2eF/574HfHYHFEZDFk8Fsc3oDoXAo6Pc4 JUHJFo8jqMX5hLgSBL6sgCyeTFanLxRLJJOJWDggCcqszqDY4X3ZPwl+cQQWRUAtnuyeUHwtt7GR z6biYb/bYZUExRn5onxCXAcCX1Xg+/dlo8XpW0mtlyrV7XIhl4qFfC67rh3evIKKfxFAAAF9Ampv 5wrEM8XqTrvVrG0Vsslo0Pt2BPXBtP3zWqSAikAAAQR0CkhRgc0dTORK9d1ur7fXqm9tZBKRgGe2 w/voEZRkp3mBpxRSEQgggIBOAZPFLukpW2p0+gfDg/1uq1ZeX/t1BPWxe3izEiqD0WQymQkEEEBA t4BVqgpC8WyxttsfHh0dHQ66rWox/9sRlMYdnqpRMJosVpvd7iAQQAAB3QJOtzcQSWQ3q+3+8Hg8 mZyMBnvN7c1sciXocco9PM0bPJWdTBab0+3x+vwEAgggoFsgEAytxFO5YrXVGx6fnl9cnI1H+53G 1kY6EfHLPTyt+Unt7ExWh9sfikRjsTiBAAII6BVIJFZT6VyhXGv3hidnl9fX11fn41G/XS/lU1E5 IrdIDZSWGk31cIzF4QlGV9cyuVyeQAABBPQKrK9vFDZLlVqzsz8aX0xv7+/vbqfnJ8Nus1JIx4Ke +frp3eOn2eLJ5g5EU7lCaauyTSCAAAJ6BarVaq3eaLb35Ojp9PLm/vHp6fH+5ur0aL9dlfwUcNvM WpZP6uTJ7PBFkvlStdFqt3cJBBBAQL9Ap7PX7Q+Gx5Pz6d3j88uPl+fHu+mZ5Kft9VTEK9u75fd3 d1J+brA4/dH05vaOVFD1CQQQQEC3wL7E4GB4eDSWk6f7x5cfr68/Xh5vryaH3UYxE/M7rep0/L3d 3fzpmEBMys+bnV5/f0AggAACnyEg2Wl0LOnp5v7p5fX1n9eXp7vp6ai3U8rEAi6rSVN6Ups7f3St UGm0ZTXWIxBAAIFPEOjLamc4Ojm9uJbNnVo9PT/cXI6HndpmOup3atzcqdYH3nAiW9iq1hs7TQIB BBDQL9BqtTvd/sFofD69fXh6eXl+ur+5lL3dTjm/GvbYzUYtlQWqsMDq8kdW0/mNzWKJQAABBHQL lMtblWq9uds7OJpcXt89PD4+qMqCg71GOZ9ckaMnk9y5e+/o6du32a07m8sXjiaSqbW1NIEAAgjo Fchkc+uF0nZjt38oy6eb27ub6cXksN+uFXOrK36X1BVouHE3S0/StNzm9PikL3A4QiCAAAJ6BVZW pI9vZr1Uk4dapGr8anp1PjkazJ5qiYd9qrWvhoNxtbhShZkyVMHucMpYBQ+BAAII6BXw+gLhaDL7 85m7s/OzydHB7Jng1RXV9Wk+GOH9vd3P/CQtC8wWK4EAAgjoFrDZ7A63T+63FWuqY8HJ+Hh0oDqq qKa+3remvpqy02z9pCZ6ykhPAgEEENArIJ3jrA6ZhJAt1Tv94Wgk7Z7av/rR2a3zoXcak9Ns/SQ7 PBVqJDqBAAII6BIwGM2qW2auLN0yB4P9bltXN1+1giIQQACBzxBQA8xtrqBaPUmtd6fVqOibhaB9 pcUrEUAAgT8KzIopnf5YulCp7zRqlc3PmCT1x3fkPxFAAAFNAqqY0uLwRpLSpalcKuTehiAwh1OT Hy9CAIH/T0A1CFdd5FbT2WwmFZcRUkwx//+0+ckIIPABgVkPXrsnoBqER8OB/wZwaniO5QNvw0sR QACBjwqo3Z2MunN5ZaaCz+OU8eWz2Qckp49C8noEEPh0gXl+kupMp8Nuk+Rk0Dw56tMvhR+IAAII /Cag5o7Loyhmi9lMcvpNhm8QQOBvC8j6ST2KIrG8JJ2d2Nf97Q+E90cAgTcBSUmzR1FUbiI5vbHw BQIILIKAyksqFuFauAYEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBA AAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQOBvCvwLw9GUwgplbmRzdHJl YW0KZW5kb2JqCjY2IDAgb2JqCjE3NTYKZW5kb2JqCjMgMCBvYmoKPDwgL1R5cGUgL1BhZ2VzIC9N ZWRpYUJveCBbMCAwIDg0MiA1OTVdIC9Db3VudCAzIC9LaWRzIFsgMiAwIFIgMTcgMCBSIDM5IDAg UgpdID4+CmVuZG9iago3NSAwIG9iago8PCAvVHlwZSAvQ2F0YWxvZyAvUGFnZXMgMyAwIFIgL1Zl cnNpb24gLzEuNCA+PgplbmRvYmoKMzAgMCBvYmoKPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1Ry dWVUeXBlIC9CYXNlRm9udCAvTEtUQ0REK0NhbGlicmktSXRhbGljIC9Gb250RGVzY3JpcHRvcgo3 NiAwIFIgL1RvVW5pY29kZSA3NyAwIFIgL0ZpcnN0Q2hhciAzMyAvTGFzdENoYXIgNDQgL1dpZHRo cyBbIDQ1MiA1MjAgMjI2CjQ3OCAzODkgMzM1IDUxNCA1MTQgMjI5IDIyOSA1MTQgNTE0IF0gPj4K ZW5kb2JqCjc3IDAgb2JqCjw8IC9MZW5ndGggNzggMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+ CnN0cmVhbQp4AV2RzWrDMBCE73oKHdND8Nr5B2MIKQEf+kPdPoAtrYOgloWsHPz2HSlpCj3M4dvZ Ebur7FQ/19YEmb37UTUcZG+s9jyNV69YdnwxVuSF1EaFO6WaGlonMoSbeQo81LYfZVkKKbMPRKbg Z7k46rHjp1h785q9sRe5+Do1qdJcnfvmgW2QJKpKau7x3EvrXtuBZZaiy1rDN2FeIvXX8Tk7lpgI ifw2kho1T65V7Ft7YVESVeX5XAm2+p+V0y3R9ffWIq/KKKLNqhJlUQAhonUXcQWEiOgQcQ2EiLab iBvgNuIuZXfAfXLz6B6AEJpVxBYIAdNTHRAC7qOrgBBwneb+HTCuEE/9OI26eo+rpP9IB4uHMJYf X+ZGFxdP+gEOS41JCmVuZHN0cmVhbQplbmRvYmoKNzggMCBvYmoKMjg5CmVuZG9iago3NiAwIG9i ago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IgL0ZvbnROYW1lIC9MS1RDREQrQ2FsaWJyaS1JdGFs aWMgL0ZsYWdzIDY4IC9Gb250QkJveApbLTcyNSAtMjc2IDEyNTkgMTAxNF0gL0l0YWxpY0FuZ2xl IC01IC9Bc2NlbnQgOTUyIC9EZXNjZW50IC0yNjkgL0NhcEhlaWdodAo2MzMgL1N0ZW1WIDAgL1hI ZWlnaHQgNDY3IC9BdmdXaWR0aCA1MjEgL01heFdpZHRoIDEzMjggL0ZvbnRGaWxlMiA3OSAwIFIg Pj4KZW5kb2JqCjc5IDAgb2JqCjw8IC9MZW5ndGggODAgMCBSIC9MZW5ndGgxIDEyMTU2IC9GaWx0 ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4AdWaCXgcxZWAq7vnvm9pNJKmxy3JkkbS6D5sWWod M9bhQ9fgGZ+6LRufsgXYIKxw2ZGBAAYSCBhycCQK0GpziCPBARM2AcdAWCcL4ciGkIMo5IANmEja V/0kWXKSXb5v99vv29G8/uu9elVd/epVdbek/YNDfcRIRghH8nt2du0hyoefAOT3XLKfR92xkRC1 q3/P1p2oJ4Cf3rl1x4F+1AMqQixrBvq6elEnfwOWDoABdaYYmDawc/9lqPPXAIt37O6Zred/A3ry zq7LZs9Pfg46v6trZx/6hzqAmXsG+2brmRghdlaps/WICvMPint+lTZC5RqQkssthDBQY2Z4YiO/ IFrCAkOkE0Y+yawhKqil9erjE+Mpl/xui7XyY+LVgYGQpz+44mXKFw8/ePRc8dRLBpcuGVrrQfAD 7bTHp94gxHDvueJzRqgnzJ2zdQjzuJ6bYA/KqVX+CfYA4jI51QjapYhL5NRloA0h9qPLPjl1ORgH 5dRKwF7EHsRuOXUFGHchdmKDHYiL5ZQaqNuO2Can1II2IKfUAbYi+hF9iF5EDzboxgZdiE6s24LY LCeHoZdNiI2IDYj1iDgihliHuAgRRXQg2hCtiBbEWsQaObkeTrQatVWIZkQTohHRgFiJiCDCiHrZ 1wi91Mm+JkAtogYhyr5mMFYjqmTfKtBWICoRyxHLEO2ICuyzHFGGnZUiShDF2GcRohDbFSDyESFE HiIXO8vB5kFsl411WYhMxFL0zECkY4M0hIDtlqBnAMEj/IhURIqctAauNhnhk5PWgpaE8CISsS4B 4UGjG+FCOLHOgbCj0YaaFWFBoxlhQhgRBoRe9rbA2XWytxWgRWgQaoQKXTjUWASDIAqYGcQ0Ykpp wPwNtc8Q5xCfIj5B/BXxH3Jiu3+C+RjxkZzYAdpfEH9G/AnxR3T5EPEHNE4ifo/4APE7dPkt4jeI X2Pd+4hfId5D/BJd/h3xCzS+i3gH8TbiLTnhIhjgzxFvygnrQHsD8W9o/Bnip2g8i/hXxOuIn6DL a6i9itoriDNo/DHiNOJlxEuIH6HnDxH/gsYXET9AvIA4JXtg52Oelz3VgOcQ35c9G0A7iXgW8T3E dxHPIJ5GPIXtnkRMoPEJxOOIxxCPIk4gZMQ4tpNwLI+g9jDiIXT5DmIM8W3EtxAPYrsHsMH9aLwP 8U3ENxBfR3wNcS/iHsRx2d0NF3034i7Z3QPaV2V3L+BO2d0HuEN29wO+gvgy4nbEbYhbEccQt8ju LmhwM/Z5E/b5JezzRsQN2PX12OAoYhQ9v4guR2R3FHo5jJ1dh51di7gGPa/GXq7C5l9AjCAOIa5E DCOuQFyOOCi74d7BHMAzXIZdX4q4BM8whGPZj9iH5xvE5nsRexC7EbsQOxE7EBfjpWzH821DDMju Ujj7VkS/7LoKtD7ZRddRr+w6BOiRXTQE3Wjskl0iaJ1o3ILGzbLrSjBukl1XAzbKrmsBG2Qn3IuZ 9bIzFRBHxGSnAbR1iItkJ9ztmajshNs804FoR7TJTrjNM62yE27zTAtireygwVojOyKA1YhVaGxG NKGxEdGAWCk74L7JRNAljMZ6RJ1sXwl1tbKdbhc1sj0GEGV7HFAt29cDqhArZDtdm5WI5YhliArZ HoS6ctmeAyiT7RWAUkSJbKfDLcYTFSEKZTsNawEiX7bTkIcQeTiWXEQODimIQ8pGZOGQMhFLcRAZ iHREGkLABkvQM4BD4nEQfjxfKiIFPZMRPmyehPAiEtEzAeHBAboRLhynE0/kQNixnQ1hRVgQZnQx oWaUbZsgBAbZthmgl21bADqEFqFBqNFThZ4cGlkEgyDiDLSfgR6ngVMgfwP5DOQc2D6FU3wC5b+C /AfIxyAfWbv9fwH5s7XH/ydrr/+PIB+C/AFkEuy/B/kA6n4H+m9BfgPya5D3wf4rkPeg/Evgv4P8 AvzeBf0dkLdB3gL5OcibIG9Ytvr/zTLg/xnIT0HOgvwr2F4H/gTkNZBXQX8FeAbkxyCnQV4GeQnk RyA/BPkX88X+F807/D8wZ/tfAJ4y5/ifB9tzUP6+eadfnDlp3u5/1rzN/z3zgP+7UPOMucD/NMhT IE+a9vonTIP+J0z7/I+b9vsfA3kU5AToMnAcfCSQR0AeBnkI5DsgYyDfBvmW8Ur/g8aD/geMB/z3 A+8zXuH/pnHY/w2wfx3kayD3gtwDchzkbpC7QL4Kcqcx138HyFcMD/i/bLjPfzvwNpBbQY6B3GIY 8N9suMp/k+Gr/i8Z7vbfaLjHfwPYrwe5lkv3X8OV+69myv1XRUeiXxgbiR6KDkevHBuOGocZ47Bv uHn48uGx4TeHRYfGcEX0YPTysYPRA9FLo5eNXRp9iv0i6WePiJXRS8aGoqoh19D+Ie6jIWZsiKkf YvKHGJYM2Yb4Ic60PzoY3Tc2GCWDLYMjg9Kgark0+O4gSwYZw8TMyRODvtQIULxi0GyL7I3uju4Z 2x3d1b8zuh0GuK18a3RgbGu0v7w32jfWG+0p7452lXdGt5Rvim4e2xTdWL4+umFsfTReHouuA/+L yjui0bGOaHt5a7RtrDW6tnxNdA3YV5c3R1eNNUebyhuijWMN0ZXlkWgYLp4k25L5ZM5GB7AmGUZC fExtvk/0vev7o09FfJLvpI9zWJP8SWyW1cvUrfUyu72HvF/yctbEM4msmJiVE7EmnEl4J+HDBJVT TMjKixCPzcN7ODe9Ns/qDnptJzzV9ciCEuVaV3uEjIjVzVjdfjcb9rsZYn/X/kc7537WdsbGWq2M 1TpjZUUruFstfgtLDzMWTrQUlEWsZr+ZpYcZM+cRzWChg19qaumIWI1+IxutNq41sqKxui4iGnPz I4RjeAZePm0ATkdHw7j9kQmGnPAwamaCuWm8oz0YbJ7QzrQ1S7qWDRJzREpvp0exdb2kOSKR6PoN sXGGuTE+zrB1HZKruXU96tfecAOpTWmWUtpj0r0p8WZpBAoiLcxAgaSMe0htPLh539C+YHD/Zjhs 3rc/qHxBY4aoBh+ogO++/aDTHwDohNb88w+6gd+WffBRusHe/3mT/881zP/nwf8fjD1xy2b6ixDt cUKmjy36zUgL2U72kRH4uY7cQI6RZ8mbpJtcDaU7yL3kfvItIpHvkx+Sny5q9T9Upg+odxIT9wTR ECchM+dmJqfvB5lQWxZYjoHmVPHnLTO2mT9cYPvD9LEZ2/SExkEMSlsz+xr09hdmauYcWw0tzTOl VGcPQ9mqnOlP2uPTj0w/sOgCmsgq0kGi5CKyjsTJWrIGpIW0ktVkE9lCukgP6SV9pJ9sJQNkG8Tr YrKD7CS7QPrJbrKH7CWDEMP9ZIhcAuX9sxbULyMHyEEyTJCXkyugfACOB5XSleQQRP4LZI5XzepX LbBcTa6F+bgGjteRw+QI+SKQHhfbFmuj5Ci5HubzRvIlMlc+X1popeWbyG0gN5NbYNZvhfJXYO7v JF8ldynWY+R28mVFu4d8HepvX+RL6877302Ok3sgb74Gnt+A7HngAl/qeQ95hnwXcuoH5HuQbc9C 6TnyJJSfI++Qd8l75NfkN+S3TJApZVaSP5OPyBmIfj9EncZ8j3LcBset8xG/FGJ7kGBkr4RYLozU KMwI1mGEr1KihlEcJZdCTA/DbFy1oM2oMl90lmhfNKpzUT8fUYwVjdR5G0bu2LzlfDzn5uG85bZF MVscwTsh6rcviOhc7BdGdmH5a2ShtrD8DXIfzME34Ujn4UJtzv4grHAq3yZj5DtQwuN5fa70EHmY PAJ7wTg5QR4jj5MnyMS8/iho5+tl8Hh03ucf258iTytZ8Cw5qcz/8+QUobZnyfOQC1iLmfE8aM+A /TnyIuxCL5GXyWnyAuTOi4q8RH4M+fEqeQ12rZ+Tt2cz6KySQQITJK+QV1UZ5GdqC6PmTpLn2DXk MtB/yt4BuU7U7xGLGNmyedPGDevjsWhHe1try9o1q1c1NzU2rIyE6+tqa8TqqhWVy5dVlJeVloTy cnMyM9LThCX+RJfdZjUbDXqdVqNWcSxDcsJCpJOXMjolVYbQ0JBLdaELDF0LDJ0SD6bIYh+Jp+26 oGqRpwie/Rd4iugpznsyNr6SVObm8GGBl07XCzy8A7fGoHxDvRDnpUmlvFopqzIUxQxKIAAt+HDi QD0vMZ18WIpcMjAa7qzPzWHGjYY6oa7PkJtDxg1GKBqhJGUKe8aZzCpGKbCZ4WXjLNGZ6WklLj3c 1Su1tMbC9b5AIK7YSJ3Sl6Spk7RKX/w2CcZMjvLjOSdHr5+wke7OoKlX6O3aGJO4Lmg0yoVHRw9L 9qCUJdRLWQffS4QA9kk5Qn1YCgowsOa2+RMwkjrdJvCjHxMYvDD5exj1AkvXrEWTbvuY0Ep6ifNh kpiuuTKBscEI4foCATqWoxMi6QZFGmmNoc6Tbp9MxFAwLrGdtObkXI07SmtG5mrmm3cKENmwEO6c /V4ykCiNdPO5OTCzyjddUqVDPS9xGZ3dPQOUXX2jQj1cIcSSdMDDYT0UxK7ZYIbH80Pg39UJF7GN hqE1JoWEPZJLqMVogwE6SQ9va48pTdAallx1EunsmW0lhcLQFlIkPEonhg6Q9iW0xp4kRTPvjhfz vhNFpJjE6TgkTx1MSkZ4NNbbL/k7fb2Qn/18zBeQxDiELy7E+uJ0lgSblPUunA4+MIFKK7i2C7zn nOGyJW26jo+xPi5OZwsMfAQOQm0lVNgkDap0Rmsr+RjjI3NucJZZD1pa1A8oXHpdAzQGQtO6Bl8A klv5/BdD8uEFwDAk3fyYVDAI9fkx4Xn+6dDQmw4oiw/31S8Y4KJOQVEGONvbPx4nS2MxGwwYgo5O ZwO9htwcFso8VOskFq5TMdFZTOQl0sLHhD4hLkAOiS0xOjk01sr8NrcL9AVEme3ZLOlYpGF9OdZJ JNDcEZtT4PUlJkWCyrzSaVX0lYo+rzZcUN04V82P6oTm9lF6cmG2Q8LDCoLJ0WQ0dh0tdxTDYo3A RilEugTexkdGuyZmRrpHx0VxdE+4c2AZLINRobF3VGiPVcJcKut+2HeQntpBmpnmjtrcHNh7ascF 5kjruMgcaV8fe9IGf5o80hGTWXj56qyNj6dBXexJnhBRsbLUSo3UhacK7akNFJ3i73tSJGREqVUp BkXvgfc/xYZOYGNIzwSLNtucHws2FdpExRaHD6ywxAGYAtiHw3wvnZ4r4gOjnXG6uIgHphK+jMQI VURihSp4ZdSYJIPQVysZhVpqr6b2arRrqF0r1EqMh4HgTMCeNNopwD4FKReDV/E4ZIeNZj+bzk/M zHTEAqd9k/EALImNIOtjkj4I9wF1ehP4raTSCeaV0khPFx0HicJSpyuzsScOa2GuQ3BplPTQg362 B/CIKG1oOkKjHpgbmECl/Qgo0khcigfpSWPb6Ih43iaRBmEZTDv2qc6gJwrFRx1CIU1scJUM6Ycp 9DA2Ai/DisUHKpwMNlx6RVoTjLxHgKqeTh5mQEV62iHVcS810HkDSx9siaqMPkUMvtlKQi+LSzea DZI+DzqELy0b86BD+GrjEBR68Yp2eNYBzm2TjDCijAWhnG0A0YGqRjoW+B6GwVPX79NuWidIm3AZ bI100MqptFAtmdMbu2Dzx/ZGsAjlc42hL106NdE+TqFVS6/cBHHn0jsmZh4QDtAdYO6TmyPQmwNN TOJ7EhKbxEcvNEgbgrk5ugutZsU8Oqoz/+MGGC+deZ7QC1HRP9WfIUSVSdq440SlSiGtICsoudfI amA1cxaFSyF69mF464Em8EM/JnjXWgIMQIkjLFi18B8NJpgsNTHAX+11UE8/D5IH4Rn/E/YYJ3Jv qfar7err1D/WXK1dCn5keh/3BrzRcdB2ufJmtvaxXE+uR1dZY2AmSSPRMr3QNc9cD90xTK/oULHp ZRqu1We272llWuu1bAepfuvttza9/dZp4Gkm9Nbk2Unb1NlJR0VFKFSQz9gDdkVcFlar1WiEJXls WVlpaVFRYRVbUpzHCkssIBklxVVsWRVXVJjKMtQVPRUrOFMr98bfNnBrpzTs5f7wrjVprN9ncZnU DK/2J+hWrM1zWgMlmZliyK81aFi1TqPLWla/pH7zsqTpxzitUWvgPZ4ki1qlNen0vNfptaimI2rL uT+rLZ/VqXZ8ditXULy1rVT9FYOOVWk0z/gS0pdHAt4g77Q6bSaL2ulxaLROhzFjRdPUUV1CUoLW YNCabAZ9YqJHpzdoTLapcpiBtplzqkNqF9zkL32KHWavJLEg/V1VNCZmqJxqhyNVlc0FndmuLFeW PzW/LdXlUDuzg/4svTetzRs1RzODidXV1Y6Eimom9IPCIjsE8VShvcheESqyFxXA7wNd/2Wjgvw4 49JoGcbjcUMQaayXMpyFU4LuxOhqOQYLqkNuz9SvmXa9VucUfMmC26iaPj7CGD1LEr0Bh4b9hDFB MRGKzD62VOf0piUm8Q6t6i/mVPfUR1P32d06vUUHETXr2eumDuhMWrUaoqt6U4sl7dRJtkpv1qrU OhPNWtXMJHeHOkCayKnFsXkG/qeliFSTUrZCNCdVww9Jt5dm1vsbn2ZoYqYxRLTkEK1Ny5o4bY42 p8A0waTJ9e0FE0zmCdF/EY1a0urJ6kk7zTkCbxq2Sduk3RGsqGBCp6iN6hC+x/63ulUCbVHRuNL8 dbtSNbMB5yBlVTRfZ/NbQ1MYdBV3B6vWGsw649IVHWUrNlb5l1a3drRVL4184fE9K7Z1LEviNFqj WW/LX9ldG9nVnJlR1dreUrW0avDrvfnrIoUOneo7OneC12lKSklKr24J5tSW5hdWNHeJ0dt217j9 gSSvxpPkdZv5dH5p3fqi3LrSPFpds3Z0oNKW4HPAL4BY0gpz8AvuRyQDVvsNT7GH2JH5DD2hT9Gl TjCPPJqxNGO5boJ5+AlizWCcXEbBBJsqJjiJfvnSlAwNF2jM/jSpqfQT0bKaW6XkqxJ6mrRMaPJ1 CP5bk5CsEP+KCpqxns/REMKZPrc1YLZiFD0JdKeAYGq1GRkQaBUEWglsGZejSst2JdlgPOb6TYPL W7ZVJbhDzduvj8cPFTpVGZkun03F/CS0s750XV2BH34hXRos293Z5PDaLSqtUf9tfpWYXb5x/4ry G2+9fnddQ/UGm4WDFP59OFzUcfHgrhwhXCGs2HEL/MMVS1ZA1F5R7yW5pJbctThqosNoT0n180JZ eUVyRbKjwu4gNF7JeXZDRfkSlbbo06VNyQ67UWVJiFhWVX4ialfPpauyzieVuL0+GYJVXmQbPmw5 hR8Ho0Qv6fP3Mp+TGUuV3TOjbHaha2EH0CprXqWd3XC1Wo8HElTFveIpaLr46Lr1I4UOdmlmdrKK MbB6d8CbmOpQMS1qi9WqsYU37SqvvKgy3aV7yJBSlle6p7PZHgjtqC/uqC8M2NlrKm8+dvTimnox ZrfYrOpyHewBKjhM70oqLytwCM3V2XxJfcPKHF+kMqtq57F194dr81u27h3EfFRVwO8oc2D5H74g soZAbvUSqNAvKaMRTXIvyeGWRsCohzubJf/T5KZlFyYh3Thhy4Q8PAU7ZqESTZqD3s/d9O8yUTW3 nhPm9k9mLhVpBNkyLpdLy3Yn2dQsr2Ti8nXL091aT37z9qOx4KqqYnc/Y3Dx3kS/Q81On4WELInW F/C22saF6fhgoLk6y18cbmzyL7vp5qMX1zoDeV5mWmume6pZO9Udbiho2753V17X1srtt6yDyK2G nLwbVnIeqbwwco9nF5ZpVEQ/wVpEvWA3pXIulxCaYM2imwia75WVZafa7abCV7ObTO+IqfPpCAs2 BDec0CQTeh3u3qGECljDCUoWOj9HK0w/VhA0sBUqoSkqVO5C2oUrGpZyMV3JrJYGj7tbPPL6rdu1 6p7dYn9zvl6vV+nMOtOKjt7C+HXxHG/pRZfe1d0x1LzkWy1NNb2ry+z9226ICuyv4P6fHajy9W53 epxmkyE5JUlvSnCaMtuv6Ki57Zbr+quya1vLiqpzV/WVJ+VWwr2neuYcJ8EKriHDF2SZkOdNqzES g2BMNNYUq9TOT8WKJsFrIGl5mtSsSOoqNW5yymKFnU5ZriF6Uz5dVEhzK+lzt6O5NXcvLi2de/ah q1O5P//daoXbikbLFbAGN00fu5rZDfdXX9BfsntLs72FNbgCiV4ws3NL1m+fX7L1G3cvF9dXJOm0 Xp2RLkejjs1JqklMyRdcVTtvjU7vnTMvWK/bkkpL8pX1ml6zvjitXqB7H0SO+VAdgr8fZJHti2P3 aJbflQq7XbdoNPhTU13+LFWa1zrBrHxcLaY1emdvDm+vhjsxvTecfX2S7nEQsyf+G1+aSrNBmX0i nAvb7CMM81u1PTk7NSXDwao1Dh+U0p3s9F/Ph+QErDnYxGjQVC8nZyQYDAkZycnpXr3em/5Zwdy1 c9fQ5xXYq7T0+YRe6Z8gR9xk5eLrFG1uYhQNxABPSGpbZDYhlGtKmk0CSKALK+Eiyi6Y2ffPD3Dh nM1P0fm5oOPRz0yyH8AKj5CHFo/nGWJlpuAGXgzrO+hZDj9EsBaLvvCZTF6drxbVnNpwRmziP80k 2bZseGbKDr0t+mbX+dTr9PkoOFkNBQB9wlz8jCSm/U/6mtsFzj8YwT179kk0gz7kL3w2onsrfTZi EzzsBxqjVW8K5Nfl5dTnJZa0bFpbUrb1lvWh9rp8s07LapTn7SVlbSvK1hZ7i9duXFtSvOXa1oyV lTlGI7fDEOA9zkSXN1iWmlmSnbW8vTpyYF2BxeMz6ewmnSfR4zD6/D5fbmUguySYXdEu1u5tzzM5 PEYDjfTemQ/ZF1QPkTAZXRxpMas0J1gWrNXpa/Q1ZfpgML8soSyB5Nc2lNVU6nJ+qQ8GShusn4iB +U0UwjlZeLqCPr/DMRSCBwK8r586ZTt86hTdMJyfozWGUSUI3D/fTdky5+x7U1HR7JuTFnZVD/sC qzEYLfr3+1SaYL4vM8Wj0+nhGVyr47NDCeVt5T5Wreb6ho0mjclpvjLIGGEjUZZK8H2rgTumd3s8 dsO0wV1sLwrpDXoj/I0/NVGrtRg1iUWrS00pPG9hzpmdlnTec1Zr0qtUepP2rEd512SIA+JJPxpY R2RVc0ddfX2wrmvHtu7BbbmN+6HQQ/4TvVx1VQplbmRzdHJlYW0KZW5kb2JqCjgwIDAgb2JqCjY4 NDIKZW5kb2JqCjEyIDAgb2JqCjw8IC9UeXBlIC9Gb250IC9TdWJ0eXBlIC9UcnVlVHlwZSAvQmFz ZUZvbnQgL0VSQ01MRytIZWx2ZXRpY2EgL0ZvbnREZXNjcmlwdG9yCjgxIDAgUiAvVG9Vbmljb2Rl IDgyIDAgUiAvRmlyc3RDaGFyIDMzIC9MYXN0Q2hhciAzMyAvV2lkdGhzIFsgMTM5IF0gPj4KZW5k b2JqCjgyIDAgb2JqCjw8IC9MZW5ndGggODMgMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0 cmVhbQp4AV2QwW7DIBBE73zFHpNDhO0zQqpSRfKhbVQnH4BhsZBqQGt88N8XiJNKPeyBmXkwLD/3 7713CfiVgh4wgXXeEC5hJY0w4uQ8azswTqf9VDU9q8h4hodtSTj33gYQggHw74wsiTY4vJkw4rFo X2SQnJ/gcD8PVRnWGH9wRp+gYVKCQZuv+1DxU80IvKKn3mTfpe2Uqb/EbYsIuVEm2kclHQwuUWkk 5SdkommkuFwkQ2/+WTsw2j3ZtVLUaTpb80+noOWLr0p6Jcpt6h5q0VLAeXytKoZYHqzzC37acEoK ZW5kc3RyZWFtCmVuZG9iago4MyAwIG9iagoyMjIKZW5kb2JqCjgxIDAgb2JqCjw8IC9UeXBlIC9G b250RGVzY3JpcHRvciAvRm9udE5hbWUgL0VSQ01MRytIZWx2ZXRpY2EgL0ZsYWdzIDQgL0ZvbnRC Qm94IFstOTUxIC00ODEgMTQ0NSAxMTIyXQovSXRhbGljQW5nbGUgMCAvQXNjZW50IDc3MCAvRGVz Y2VudCAtMjMwIC9DYXBIZWlnaHQgNzE3IC9TdGVtViA5OCAvWEhlaWdodAo1MjMgL1N0ZW1IIDg1 IC9BdmdXaWR0aCA0NDEgL01heFdpZHRoIDE1MDAgL0ZvbnRGaWxlMiA4NCAwIFIgPj4KZW5kb2Jq Cjg0IDAgb2JqCjw8IC9MZW5ndGggODUgMCBSIC9MZW5ndGgxIDUwNjggL0ZpbHRlciAvRmxhdGVE ZWNvZGUgPj4Kc3RyZWFtCngBvVh/cBTVHf++/XF3IaEmAeSScOxelyO/hUSlQCgcl7uQkICBAL1D kLskF5OYSAZDKljojQUrB1IVoQqOSn9YIUWWC0M3UGlkdNRpVdDRqmVGqb86HRn7i46KZvt5e8lJ mMrkD8Z98/b78733eZ/37u3uda9bH6WxFCOR6ldGulrIusY9AVHS1BnpStrZv4fMberpVpO2XEAk drR03dqZtB0PEY1x3dqxYah99nvwd7RGI83JOH0JOaMVjqTNboCc0trZfWfSzj4K6ehY2zQUz34L tq0zcufQ+HQWtnp7pDOazB/3I8gpXWvv6B6y6yCnd62LDuWzIPC9SgxegR6kNLqN7NAyUVYT2f82 xkUSojyOq2bu2clrrplzgbIclr1m0c8seWbZy/d/Fv0yP/0Bx+dwpA3nc2krHCwkymCIn09/IBWx 2uEmGNRQbFAN6jzUG1GLi+c7KcaepPtRn0AVqY1tpw2o21AfQZVS2gFY/Wx7QnJ4j7MNlMsWetMl Zdn4HMU5Jl15zWC2o48pbzvfP8FysHrnWE5iLKXNH8OeYI9TMyns1+RhG6maCtjevsIOJYzQAepC jaGK1p2xA4nJ5cpJVkIeiaHNVJossWPKx2WlyodlhsASyql8Q4J4djIs7zXKgOsx5Q+uW5WTqL3J 0MFCZBxTDrg6lF2TDbY3oTzoMhjaPJAU611oekzpLNyjNJdZ8bo9htCbUGYhvsKbrsyY6VZudH2g TMs3HAx2qatOKSp7WZmChkhT0anHm6VMcu1SZiM02RXIn416gh1k+6iI7Ut4FirHoWK6fTWFM/cY 7K6+6oIyj8E2emdUF+wprM73FNYpnsKq/HzoK160b7HfbJ9vL7cX2wvsU+1ue559vCPbken4jiPD McbhcNgN9tvEPMV2gvXSPNDS2+ewOWSDPQ2ndIIdspyHfueQHIKDHOMN8z1sXkbjDdZ7NJNrUI7Z LM1msEN9SdchryJxTbICmQLXccOdBOYQaCHp7D7DRluv7ZnnnJc9N2tWlf+bbmErMnwv/ubLyVz6 ntqGoH7QFdLLuWK6QsPpzmHlG2X3eoSivuLi2qUb+nq62lsCUS0Q1gJR1LC+vafVqccaVfVIexcP qLo4NdzY1MplJKp3aVG/3q751SM9VrvLwi083KP5j1BLYFnwSIs36k/0eHsCWsQf6mv0rVs9Yqxt qbHW+f7PWD7e2To+VqPV7rKxVvNwIx9rNR9rNR+r0dtojcUnH2hr8N3Rjd2pBtpqVb2gQa9ZsjKo q5GQ32BPwulfT/IAZcrPUIEco1xpGilE5tuo73A5uNz8SH6BMgc7zX+KFVjUfl6FwXlzaIDuo310 mGz0FPQCuoUeppdYO37bq+govckm03U4eyUyqI7+xEzzDLXQr5DfTadoNx2hDLTppAmI7mQecyNs L/RG2mL+gqbQTLqHnqFZ6HUnnTcPmH2ILqXldJB60f6PTBOOSOPMp80PyEFL0OcWRM6YdeZhyqYS 8lE9vFvoJPOI75it5KQKoHuUHqf99Cx9wu5mR81Ws8c8bZ7DVnXSJGpA2cSOsnPiYeke81Hz7+Yg mCigIowapl30S/R/GGUAR2uA3ca62S62W/AKdwtHpa3yxMGvwEMhLUCpprV0Lxjop+foX/Q5+1Rw iplit/i8eaP5b0qnWsySzyRKPSg/RdmJOZ1gNjadVbJ6tok9xHaz14UiYbkQFH4o3Cl8JC4WV4kb xNelO6SEvEN+2JY+eME8Yb5gvkETyUU30zrajNmdotP0H/qCiehrEvOwCuZjt6DE2D6hn+1n/UI9 G2CnhYPsXfY++5RdFGQhQ5ggFAvdwi6hVzglvCK2ibvFR8R3xQvSXFmQ98sf2jz2vww2Dm4bfMWs MM+Zn+GIdZAbK+OjxbSGIphtF91AP8YsDqEcxqo9R8/TS1Z5n02i8/QZWCCWzXJZOVuEspjdxFpY G3uMHUc5aWH5r4CFENKELGGiMEloEBqFTiEmvCHExDyxSFworhQPo7wovileFC9KsjROmiAtkGpo h9Qp7UV5UnpKSkivyrPkufJieYUck7fJO8Qm+Yz8pm2zbactYfvU9g8ci3X2tfYdWJ2XsGefxV7+ +pLYFKAvp9upiflZI+3BauxnEYpjdzWze8FXFxWYq8XN4gJhOnbDSboLu3UvbaJt4irab74lHqQ/ Y6d0oMsY/UbykUv+OVbnbpqOXTRUvIVFhQX5Uz1TtO+6VRz5k/Jyc5wTr50wflx2VubYjPQxaQ67 TZZEgVFJQKsKq/rUsC5N1aqrS7mtReCIXOII46es6lUjc3SVt4sgNCLTi8yWyzK9yUxvKpNlqnNo TmmJGtBU/WW/phps5ZIg9Pv8WkjVz1v6Iku/39LHQne70UANOFv9qs7CakCv6mmNB8L+0hLW7wUd Y0pL+MHhpXTesU6VkU04YKmSZwT0XM0f0HM06IiJnkCkWa9fEgz489zuEHxwLQ1ijNKSNh04aXtG s9a83fBSY5hrkVVBXYyEdCHM+8oq1idqfn3ixg+dX5vDWmDHJUFd8FRFovEq3RveDnK5GeZWZAes 2gYV3QpbQ0GdbR0CwTG2AymHm3wmeMLtqp6m+bTWeHsY5NLSYCLXm2sdvjrVBxM53hzLKC3pd26u cGP2/aXzS+dzWeF2bk7Kj3+S9L82wKVz83PvQdYuTRHAOANaDXDqapM1iAawM/ktOpPiTTPBE64Q wzTbgKdSF7BnRI8ue2oieqxhGEarPwku3O5PpOXkWg8hXwj54XjmbKwU8jM1NX4BT+uwdv6TkZ7I kMfmybxAPMgXOrVXdBYZ1nv4w9KDWbc6tVa+vj3WmsLWnIFLHLA5NRyzPh4P8PqgW1dDcOBtsqTW oLT64BHGdoYMZm41yO/qxzuquOYWhEv4VmvzY3wYpSVwFLmhXVeiVmHkKr5X1Lgar2mOq1VqKzaT 5LEkAtF4aBoYbAiCJ1qGEb2hvJQaDYVmo59pvB80QXo8hB7ah3qAtFzTvkLS9BI8TMWp9cElQT3m z9O9/hBWAdt3oD6oD2DnhkLIKkshBeJNbc4hzOXAXFaE+PXJXvDuEkMXoXic99kQ1Nz6QDyeF+e/ t6RtMLrc4R1yGMRTOOUGi9WjLYTmzrPWwK25ASvEOb0BW3p4R+Gd/coMz0jhRsvvAe0Mi+GZV4nh WaNhePaoGK5IIR3B8BxgruAMf//bY3juCIbnXZlhbwo3QM4HWq/FsO8qMVw5Gob9o2I4kEI6guEq YA5whhd8ewxXj2C45soML0zhBshaoF1oMVx3lRheNBqGF4+K4ZtSSEcwXA/MN3GGl3x7DC8dwXDD lRlelsINkMuBdpnF8IqrxPAPRsNwcFQMh1JIRzC8EphDnOGbUwx783S69ByOXXbs0lU/mFddQjne lORs8jEXFP75jA9oXBn4ssiAdKc8+L8Jhf//4yOSTuPbTcR/QJXJ/2Uc0wySUB2ZBtFpVG5DF89C h7RDipBpZ+k4WhGtKD6OnmTI6WXXZ7mz8lF90k7jy7/Kz3xRaUiLLuI7HxnWZUbx3fL/LsSZYF9/ e1v59PIqK4HhSyw5Axv+m6LA0spFdQuKq6MdPdHutqYIcpJRnow4TTKHLu5I6Uydxu3/AZsvZOwK ZW5kc3RyZWFtCmVuZG9iago4NSAwIG9iagoyNzE5CmVuZG9iagoxMCAwIG9iago8PCAvVHlwZSAv Rm9udCAvU3VidHlwZSAvVHJ1ZVR5cGUgL0Jhc2VGb250IC9BVE1FUFUrQ2FsaWJyaSAvRm9udERl c2NyaXB0b3IKODYgMCBSIC9Ub1VuaWNvZGUgODcgMCBSIC9GaXJzdENoYXIgMzMgL0xhc3RDaGFy IDg1IC9XaWR0aHMgWyA0ODcgNDc5IDM0OQo0NzEgNDk4IDMzNSAyMjYgNDIzIDM5MSA1MDcgMjUy IDQ1OSA1MjAgMzA2IDUyNSA1MjUgNTI1IDUyNSA1MjUgNTI3IDUyNSAzMDMKNzk5IDIyOSAyMjkg NDUzIDMwMyA1MDcgNTMzIDM4NiA1NDMgNTE3IDUyNSA1NTcgMzk1IDcxNSAyNTAgNDUyIDUyOSA2 NjIgODU1CjI1MiA0OTggNTA3IDUwNyA0ODggMzA3IDMwNyA0MjAgNDU1IDYxNSA4MDggNjIzIF0g Pj4KZW5kb2JqCjg3IDAgb2JqCjw8IC9MZW5ndGggODggMCBSIC9GaWx0ZXIgL0ZsYXRlRGVjb2Rl ID4+CnN0cmVhbQp4AV2Uy27bMBBF9/oKLtNFYFqknAQQBAQpAnjRB+r2A/SgDAG1JMjywn/fc8dp WmRxFlccknMoUZuX/ef9OKxu832Z2kNaXT+M3ZLO02Vpk2vScRizbe66oV3fkj1rT/WcbZh8uJ7X dNqP/eTKMnNu84Mp53W5urvnbmrSJz37tnRpGcaju/v1crAnh8s8/06nNK7OZ1XlutSz3Jd6/lqf ktvY1Pt9x/iwXu+Z9a/i53VOjo6Ysb211E5dOs91m5Z6PKas9L4qX1+rLI3dh6HC32Y0/Vtpvq1K 4X0Rq6zMcyJ4v9sqBiJ4/5ArRiIw+qBYEIFYKO6IQLEt9UAE7/2TRh+JQHFQfCICxRZrIngfbN+G CN7nScUtEWjSijsieB8bjSYiUNwp9kRgI/UcOAtBVFcsb7CvNgq4CqIUAq6C6BVxFcztFXEVRHUV cBXs+6iIq2BUbQRcBVH6AVdBbBVxFWxko7iGm69FXIP50hvFuAp8pR9wFexrXeEazLdQccRVcFZS iPgK9lWTLGCwb62InCDqhUbkBCuryYicYHSniJzoG6+ji8gJulIbETlBlH5EThBlxIsyWFkKETnB 67YmkWOWorWBXDRBmqEYOYGRXjdaBlEbFcgJNlLPnIGBrxXjyzejUd4+9+Hvh59/uAd8/aVATg0W nIJgHsf23zxdKV3996vaXpaFW2r/B7vAupjDmN5/IfM0awHjD1dFIFAKZW5kc3RyZWFtCmVuZG9i ago4OCAwIG9iago1NDMKZW5kb2JqCjg2IDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRvciAv Rm9udE5hbWUgL0FUTUVQVStDYWxpYnJpIC9GbGFncyA0IC9Gb250QkJveCBbLTUwMyAtMzA3IDEy NDAgOTY0XQovSXRhbGljQW5nbGUgMCAvQXNjZW50IDk1MiAvRGVzY2VudCAtMjY5IC9DYXBIZWln aHQgNjMyIC9TdGVtViAwIC9YSGVpZ2h0CjQ2NCAvQXZnV2lkdGggNTIxIC9NYXhXaWR0aCAxMzI4 IC9Gb250RmlsZTIgODkgMCBSID4+CmVuZG9iago4OSAwIG9iago8PCAvTGVuZ3RoIDkwIDAgUiAv TGVuZ3RoMSAyNzk5NiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHVvXd8HMX9Pj67 e733opN0dzrpVE7N6rJl6WR1y7It22dLtmVLljvuvWJjMMVAaAZiQg2hBAM+nZuMSTCJE9JMCKGk AIE0HIITSAMMkn7P7NzIMuXz+bxev3/yPeu555mZ3b2d9/T3zsKmDZuXED3ZSyRS3L+6bx2RP2V7 Qfv6t2wKyEGStZwQZerSdctWs3DeNYRoU5at2r6Uhcu3EVJ5dvmSvsUsTD4DVyxHBAsLZeDM5as3 4Tj6KX0QX2+vWtufTC9XILxhdd+25O+TNxAOrOlbvQSMz+oafAXWbViSTBe6cDnLurUbN8nJxD4F XHx5uokQAbFVQoBYyPeJmojgIoIrWm8V9hEFUmm68v7Bmz/6qXWhuebfxKtBBCGn/7rrZ5RfuO7x Gz+9OHSj9n31CQS1uAL74Dz1/UO/IUT34KcXLz6ofV++UjJRpqqEVgoMitcc03qEyRBXc7GPi6u4 2MvFHi6u5GI3F7u42MnFDi62c7GNi61cbOFiMxebuNjIxXou1nGxlos1XKzmYhUXV3CxkosVXCzn YhkXS7lYwsViLvq5WMRFHxe9XCzkYgEXPVzM52IeF3O56Oaii4s5XMzmIsbFLC5mcjGDi04upnMx jYupXHRwMYWLdi4mc9HGRSsXLVw0c9HERSMXDVxM4qKeiygXdVzUcjGRixouJnAxnotqLqq4qOSi gotyLsq4KOWihItxXBRzUcRFIRcFXORzEeEij4tcLnK4yOYizEUWF5lchLjI4CLIRYALPxfpXKRx kcqFj4sULrxceLhwc+HiwsmFgws7FzYurFxYuDBzYeLCyIWBCz0XOi60XGi4UHOh4kLJhYILiQuR C4ELkhTCCBfDXAxx8RkXn3JxkYtPuPiYi4+4+A8X/+biX1z8k4t/cPEhFx9w8Xcu/sbFBS7e5+Kv XLzHxV+4OM/Fu1z8mYs/cfFHLv7Axe+5eIeLt7n4HRdvcfEmF29w8VsufsPFr7n4FRevc/EaF69y 8QoXv+TiZS5+wcVLXPycixe5OMfFz7j4KRc/4eLHXPyIixe4+CEXP+DiLBff5+J7XDzPxRkunuPi u1x8h4tnuTjNxTNcnOJikIuTXJzg4jgXx7g4ykWCiwEu4lwc4eJpLp7i4kkuDnPxBBff5uJxLh7j 4lEuHuHiW1w8zMU3uXiIiwe5eICL+7m4j4t7ufgGF/dwcYiLr3NxNxd3cXEnFwe5uIOL27m4jYtb ubiFi69xcTMXN3FxIxcHuLiBi+u5uI6La7nYz8U1XFzNxT4uruJiLxd7uLiSi91c7OJiJxc7uNjO xTYutnKxhYvNXGziYiMXG7hYz8U6LtZysYaL1Vys4uIKLlZysYKL5Vws42IpF0u4WMxFPxeLuOjj opeLhVws4KKHi/lczONiLhfdXHRxMYeL2VzEuJjFxUwuZnAxnYtpXEzlYgoX7VxM5qKNi1YuWrho 5qKJi0YuGo7S2TJmzYn0Wj/mzIl0J2gfC12VSB+P0F4W2sPoykS6AZG7WWgXo52MdjDankirxyHb EmkNoK2MtjDazNI2sdBGRhtY5PpE2iScsI7RWkZr2CGrGa1idEUitQlHrmS0gtFyRssYLU2kNuKQ JSy0mFE/o0WM+hj1MlrIaAE7r4eF5jOax2guo25GXYzmMJrNKMZoFqOZjGYw6mQ0ndE0RlMZdTCa wqid0eSErw15aGPUmvBNRqiFUXPC145QU8I3BdTIqIHRJJZWz86LMqpj59Uymsiohh05gdF4dno1 oypGlYwqGJWzi5UxKmVXKWE0jlExu1gRo0J2XgGjfEYRRnmMchnlMMpmlw4zymLXzGQUYpTBLh1k FGDn+RmlM0pjlMrIxyglkTIVxvIy8iRSpiHkZuRikU5GDhZpZ2RjZGVpFkZmFmliZGRkYGl6RjpG WpamYaRmpEp4p+PXlQlvJ0jBSGKRIgsJjIhMwgijYfkQYYiFPmP0KaOLLO0TFvqY0UeM/sPo3wnP LP+g8K+EZybonyz0D0YfMvqApf2dhf7G6AKj91naXxm9xyL/wug8o3cZ/Zkd8icW+iML/YGFfs/o HUZvs7TfMXqLRb7J6A1Gv2X0G3bIr1noV4xeT7jnICuvJdyzQa8yeoVF/pLRy4x+wegldsjPGb3I Is8x+hmjnzL6CTvkx4x+xCJfYPRDRj9gdJbR99mR32Oh5xmdYfQcS/suo++wyGcZnWb0DKNTjAbZ kSdZ6ASj44yOMTqacNUh04mEax5ogFGc0RFGTzN6itGTjA4zeiLhQq8vfJtd5XFGj7G0Rxk9wuhb jB5m9E1GDzF6kNED7GL3s6vcx+helvYNRvcwOsTo6+yEu1noLkZ3MjrI0u5gV7md0W0s7VZGtzD6 GqObGd3EjryRhQ4wuoHR9YyuY3RtwtmHvO9POBeBrmF0dcK5FKF9jK5KOGMI7U04MdgIexLOCtCV jHaz03ex83Yy2pFwLsYh29np2xhtZbSF0WZGmxhtZJfewE5fz2hdwtmPq6xlF1vDjlzNaBWjKxit ZLSCnbec0TJ2Z0vZ6UsYLWZH9jNaxKiPUS+jhYwWsEz3sDubz2gey/Rcdulu9kNdjOaw253NfijG rjKL0UxGMxh1JhxRZGx6wkHNOi3hoA12asJxNagj4SgATWGHtDOanHBgIiG0sVAroxYW2ZxwXIm0 poTjOlBjwrEH1JBw7AVNStiaQfWMoozqGNUmbJgXCBNZqCZh7UZoAqPxCSttR9WMqhLWFoQqE9Yu UEXCOhdUztLKGJUmrPmILGFHjktYacaKE1baIRUxKmSnF7BfyGcUYRfLY5TLLpbDKJtRmFFWwkqt lMkoxK6Zwa4ZZBcLsKv4GaWz89IYpTLyMUph5E1YenBNT8KyAOROWBaCXIycjByM7Ixs7AQrO8HC Is2MTIyMjAzsSD07UscitYw0jNSMVOxIJTtSwSIlRiIjgRGJjpgX+SmGzf3+IfNi/2fQnwIXgU8Q 9zHiPgL+A/wb+Bfi/wn8A2kfIvwB8Hfgb8AFxL8P/BVp7yH8F+A88C7wZ9My/59My/1/BP4A/B54 B3Fvg38HvAW8ifAb4N8CvwF+DfzKeIX/deM4/2vgV42r/K8Yw/5fAi9D/8IY8b8E/Bx4EennEPcz 42r/T6F/Av1j6B8ZV/pfMK7w/9C43P8D4zL/WZz7fVzve8DzQHTkDL6fA74LfMew3v+sYYP/tGGj /xnDJv8pYBA4ifgTwHGkHUPaUcQlgAEgDhzRb/c/rd/hf0q/y/+kfrf/sP5K/xPAt4HHgceAR4FH 9AX+b4EfBr6Jcx4CP6i/wv8A9P3Q9wH3Qn8D17oH1zqEa30dcXcDdwF3AgeBO4Dbcd5tuN6tuqn+ W3TT/F/TLfPfrHvEf5PuMf9+Kct/jVTlv1qo8u+L7Y1ddXhvbE9sd+zKw7tj+t2Cfrdvd/vunbsP 7/7t7qhNpdsV2xHbeXhHbHtsa2zb4a2xZ8RryVJxf7QmtuXw5phis2Pzps3SvzYLhzcLjZuF4s2C SDZbNgc2S4ZNsQ2xjYc3xMiG6Rv2bohvUEyIb3h7g0g2CLrBkTNHN/jSm8HRXRuMlub1sbWxdYfX xtYsXR1biRtcUbUstvzwstjSqsWxJYcXx/qrFsX6qnpjC6t6YgsO98TmV82NzTs8N9Zd1RWbg+Nn V82KxQ7Pis2s6ozNONwZm1Y1NTYV8R1V7bEph9tjk6taY22HW2MtVc2xJmSepFpSA6mShd7A1FTc CfEJk4p9Ud/bvg98CuKL+874JJs5xZ8i5pq9QsM0r7DWu8d7i1cye37uEaOe3Pxms/vn7t+5/+5W 2KPu3MJm4rK4Ai7JSfPm6phF83bUVdfIeFy5nNcOVyjcbHYKZqffKTb5nQKxvm39wCo5n7P83CKa zYLZPGIWo2Ycbjb5TSL9GjFJUdO4ymaz0W8U6deIUXJFjYihN59tmD6r2az368VYnX6aXozq6xqa o/qC4mYiCQEBT34sIElD70Zw+psHBXLUJSiFQeHWgVkzI5H2QQ2Z0R7XTJ8XF66PZ82k39HOuXHV 9XESmzuva0AQvtY9IIgNs+KO9s65LLz/5pvJpLT2eNrMrviDad3t8b0QUSpGIEjagItM6o4s2Lh5 YySyaQG+FmzcFJH/EBI20xA+SMDfxk0I038ghAlN+eoPOwzHLdyIj3wZdvWvPuX/gRTh/4F7/C+/ xQGCKtpVPyJeQxaLVwP7gKuAvcAe4EpgN7AL2AnsALYD24CtwBZgM7AJ2AisB9YBa4E1wGpgFXAF sBJYASwHlgFLgSXAYqAfWAT0Ab3AQmAB0APMB+YBc4FuoAuYA8wGYsAsYCYwA+gEpgPTgKlABzAF aAcmA21AK9ACNANNQCPQAEwC6oEoUAfUAhOBGmACMB6oBqqASqACKAfKgFKgBBgHFANFQCFQAOQD ESAPyAVygGwgDGQBmUAIyACCQADwA+lAGpAK+IAUwAt4ADfgApyAA7ADNsAKWAAzYAKMgAHQAzpA C2gANaAClICifgTfEiACAkDIYgFxwjAwBHwGfApcBD4BPgY+Av4D/Bv4F/BP4B/Ah8AHwN+BvwEX gPeBvwLvAX8BzgPvAn8G/gT8EfgD8HvgHeBt4HfAW8CbwBvAb4HfAL8GfgW8DrwGvAq8AvwSeBn4 BfAS8HPgReAc8DPgp8BPgB8DPwJeAH4I/AA4C3wf+B7wPHAGeA74LvAd4FngNPAMcAoYBE4CJ4Dj wDHgKJAABoA4cAR4GngKeBI4DDwBfBt4HHgMeBR4BPgW8DDwTeAh4EHgAeB+4D7gXuAbwD3AIeDr wN3AXcCdwEHgDuB24DbgVuAW4GvAzcBNwI3AAeAG4HrgOuBaYD9ZXL9XuAbqamAfcBWwF9gDXAns BnYBO4EdwHZgG7AV2AJsBjYBG4ENwHpgHbAWWAOsBlYBVwArgRXAcmAZsBRYAiwG+oFFQB/QCywE FgA9wHxgHjAX6Aa6gDnAbCAGzAJmAjOA6cA0YCowBWgHJgNtQCvQAjQDTUAj0EAW/5d30//tt9f9 336D/+X351m4gO4YImT4jrGbhMh0spJsJHvx71pyM7mDPEd+SxaRq6EOkQfJo+TbJE6eJz8mr192 1v/PwPB25WpikE4SFbETMnJx5MLwo8Cg0jQm5g6E7IrApZgRy8jfPhf3t+E7RizDgyob0cnnGsWX cbV/CkMjFzG+qohxpIKGxeugzfIvfai+f/jI8GOXZWA66SRzyTwyn/SQXtKH/C8my8kKWOYKsoqs Jmvk0BqkLYNeitBCHIW+RNaXjlpL1pG1ZAPZRDaTLfi3DnpjMkTT1svhzWQr/m0j28kOspPsIruT 31vlmF1I2SHHbkPKlWQPSuYqsk9WnFnM1eQash+ldh25ntyAEvvq0A2jRx0gN5KbUM5fI7eQr9I3 X5ZyK7mV3EZuR304SO4kd5Gvo158g9z7udi75fh7yP3kAdQZesadiHlAVneRu8mz5IfkOHmaHCEn ZFv2w7bMItwuS2VLr4MNdiHPV4+5Y2bNraPWuhLWoPk+kMz3Nthv35gztiTtSK13NY6k1jmQLAd6 ld3JGG6JW5Ezpi/lk9qI5uGWy/LJz/jfYmmOqZ3uhb24ZajN7kLcPV+IHXvEWH0XuQ8t8CF8U6tS 9U1oph6Q9dj4+0ePfVBOe5h8izyCsniMUMWZxTyKuMfI42jbT5DD5En8u6THKpb6NHlKLrk4GSAJ cpQcQ0meICfJoBz/P6UdQd/x+XOOJq+VGL3KKfIMOY0a8l1yBj3N9/CPx3wHcc8lY8/KR7Hw97CX 8qx8FE39HurWC+ihfkJ+Sn5Gfk5+gNCL8vePEHqJvEx+SV4XjFC/IH/B9xB5SflHYiL12Hj5DErj XrKALIi2LF64oGf+vLndXbFZM2d0Tp82tWNK++S21pbmpsaGSfXRutqJNRPGV1dVVpQXFRbk54Sz MkMZfo/DajEb9TqtRq1SKiTMbPObQs29gXi4N64Ih1pbC2g41IeIvjERvfEAopovPyYeoOf1Iemy I6M4cunnjoyyI6OjRwqWQA2pKcgPNIUC8XONocCgMLezC/rmxlB3IH5B1h2yVoTlgBGBYBBnBJo8 yxsDcaE30BRv3rL8QFNvY0G+MKDXNYQalugK8smATg+ph4rnhNYNCDm1gizEnKbxAyLRGOnPxqWs pr7F8emdXU2NvmCwW44jDfK14qqGuFq+VmBFHPdMbgwM5J85cNOghSzqjRgWhxb3ze+KS3046YDU dODAdXFrJJ4baozn7vijBwZcEs8PNTbFIyHcWPuM0R8Q4sosSyhw4N8ENx+68D7uekxMXzJGlWX5 N6GJNIujZooLfVwT3BvuEPkLBum93DgYJYsQiO/t7GLhAFnkS5BoUaQ7LvbSlDM8xRmjKXt5yujp vSFYtinU1Jv827LcE9+7KFCQj5KV/7LiiiykB+JSuHdR/3LKfUsOhBqRQ9iSzILTphEi2pc0ZtNA cRGO7+tFJlZQM3R2xYtC6+KO0CRmbUTgIllNK2Z2yaew2Ka4oyFOevuTZ8WLmnAuqkjTAVow9Abp tUKdXadI6cjbA2UB39FSUka66X3EXQ0olHDTga7FS+P+Xt9i1M+lgS5fMB7thvm6Q11LumkphSzx 3Lfxc/igAOWzkLfPHc0PRrbj6ixNoEv0Sd20tBARaMZXaFINEixxFQvSEp1UE+gSfIQfhl9JHkHV ZddBQMpqaMXJYJza0OoLonLLn//hlnwsA7iNuGb0nhS4CeWle2K/85W3xo6mN5QbaFrSOOYGL7so AvINJq/25fcpUlskjYFb0NDibKV5KMgXoQNI1sRF5FOOoqXoCcTJ9EBXaEmoO4Q6FJ3eRQuH2lou 3/aZIeoYlEs7WUtmXRZi6VUsLU6C7bO6eID6bOLNEblcabHK4RY5PBps/VxyG08OHNCE2mceoD8e Sl6QBNCCUDiqcFvfjVW2MjTWZnSUoea+UMASaD7QNziyd9GBgWj0wLqm3uXj0QwOhNoWHwjN7KpB WcrtfrdvB/1pG2kX2mdNKshH3zNpICRc3zkQFa6fObfrlIWQwPWzuhIinKK9k7oHMpHWdSpASFSO FWksjaSHBGiAXmkGAhr5eN+pKCF75VSFHCGH++GXlePYQYgTSP+gyOIs/DgRcQoWF5XjuvFBC/Ms RxGgH24KLKbFs6t7+YHebtq4iAtFiT8hLoRqSVwM1cKVqzLEdaElk+L60CQaX0fj61i8isarQ5Pi gkuAcQbRJx3oDaGfQpXrgou8G7XDQmu/mBUYHBmZ1RU857vQHUSTmA/M7YprIxgHlFmTcVwLRS+i W+J7+/vofZAYmjptmW393WgL/II4pC2uxRW0ySvgiGb5HFodcVI/ygYFKJ+/F4H43u54d4T+aNcK ekeBgCVOWkPjUezsmsow/aGi7gO2UAmt2Dg0rsu6jpIW90bgpJZjfAjix9Dh0hypDbjz/hCS+nsD KAEF6Z+Jqs76Uh0tN8QsQZeoCC+RofMlEwnNlpSlN+ri2kJcEH9U6wtxQfypu2EUmnk5dF3yAPy2 Ja7HHYXHmDJ5AqyDpDZ6L/i7DjdPD32eXqZzkMwIbUPXSG9a/ik1kuPGrLY+dP7sfD1iQlX8ZFxL k0Wj6DXOslg1zbkBdpeyZg2OPBbaTnsA/inID9HBgVZM4juFik26D3w+Ij4vUpCv+XysUY4+cEBj /PITmL00xlGmVwk0YawhREFfY/k5uJH0Kd4nT0rnyZOKz8iTogKcg3APeVL1OnlSOYX0KzIQ14W4 p0iL9Gdill4l8xVl5JC0iMwF90qfkh5FDclSbSFZ0llSTtPgY9svPSzzIdVicojGKark46nuFX+C 84OkU3yaBBWbkygjB6X7SIZykJRLD5AMKZd04zoEPsU8eBzvltxEgLe4Cd7h/cAOeI+fA+ZKn5FM 5KcVeBrYAPTDmOw9HEIMWCfS93mCpBwzRDMJEBdWqBlIt8px+cSIt3gK8RaPjfhJFkknaSQVb/T4 iIekkBxSTCqISApwHT1xkxDJJdkkQsLEQXR4d0dF6Ohaido6jpQQDfHijScnUeL36Och8pCQLtwo qsXHxH9I66XnFKsUf1T2qDSq36jr1R9obtA6tU/qOnRv608ZHjXmGR82TTTtNfeZ/2HZa3Vb47Zc 29/tV9i32i84djvLXAbXetdLrn+5s9wt7rXu292/9UQ8izx3e6u976c87Gvw/R6/iF8e3ii9jJWz hFxVkw4ylcx7lhjh4nKR8cLx487GRk2B+rtwX4kkIMzCLQtCQ9SsEI0nU1LqQifLVTdL1rZBoeBY nfpmuHbrht4aerFo6K0LtuqiC0LRm++89Y7lwxet1UWl77zyzrhiwRq0ynCYRLXaoQplFIrl2eGK 0tKSWrG8LBzKMIlyXFlFZa1UWpIuSjiSxdSKNCxIL382V5o2pBKvDNXNLlWmp5gdRpVSTPXYCmqy LDPnZdUUpqkltUpSatQ5lZMy2lc1ZfxGbU1zutJsGo0tzeVMs6qHfqs0XfyH0vRpg2LVpwcl1YT5 dZnS13UaUaFSDaZ7vHkTgm2zzXaLQm+3WF0atc1qyGmcP3StM5VeI9XpZNca6kC96Bv5QGFQpsN6 i46mkgmRwZHzRy1CB/iDo2aZ3z9qlPlvRw0ynz+qB39XLEUN8whFqFdhIT9hn6k4LeSh2hULhQPa 2TDlKxcohKJ3ZM+S5bWz44qzHCZmtDLZHCpn0jzUcE5HOkzEzKQwiEqNI7pwZ9uVP72lY+Zdv9hT tXJus0+jlBQavcZUMm39tNk3L64s7791XsfGzjKzWqeSTlo8NpMjN9s361sf3vfQZ0fmOwN5PpM9 xeZItWuzi7Kbrn1+187v7KkPF4VV1nRUiCfRI9yCukNbwtZoWl1QsHuQc7sF2bY7kGe7DRm2e5Bb +2mxBPUthdkmJWkbmXEc+D/UNmDZNimn8YxBC9sYEqZO36AQHlDOInUX6kZt8QozybjiHoEaIJgR LreWVZQGUUHUZYViKGSlhlDcMvuRDx4d/ps7N9ctZD1+/r7O42Vrn7j2yMCuJzZUi/c8/ukjM/zZ in3Z/jkPnz+04vg1kz+z1u59nvYFyJm0CznLJ1sGUrKTJQqWS1Rm3DVYvms5HXnMHhStUa3WHrAH cPMpg4ImatwbFs6EhZfCQjis8g4iP8bObNCAiuUHraRn/QZkq8hWXV1UZGHZKpHL+fJsyQUdtNIc jpHSLoXOqBm6g+ZQXKoxapRKfA2rhITGqFUotNBTRUFj1ClabD6bhuVWY/M5bD6rZnil1pJqt6VY 1MPjNFafnO+Ri4rpSgf6s8FjdeOEkCGZdbCcdZmRdbCcdTkdWTfQrKe6M/W0/PW0/PUWHKbXoVD1 tPz1g6Il6iZRp9BBonb6ZbHCbx5FOnHTB+BIoHwCae68GZmDQn7UfMYgvGQQDAZb2gxbTBkjdXV1 ssEu1AlFkcgrtFUkDXbJcD1oIazDQFczKllrEZ2I41IxXeMIelICDs3QUSivJ8Oh0TgyPN6gQyN2 aByBFA9UisagVirVBo1YO/Q9rhW/4WrooqjiOmk/oQv2c5LpJ+vc09xH3BJJmhAsm1Bm2AYsm1BO h4XIM6jzupEzJ2EJnWWGnF1kc7SiX8oXz4HQxe9b6wy66X2P3u2lO0zelfQx7qqULIpax1nwY8W0 TIqoCmLDh9xfgeX7kxn3B5bvT07HgTpaxAZn9oygzuKbYRktj2oUxmi1RYmw+wyHs4UvMb/AOnWn Q6UWBJdL+ljtyPCF8l3q4UyeF14Gwk9UFncwJSVgVxttwzOFF63qVFrBVRadeN3QdrWRlotRfSmn Q8+LdVqDWqFEgRhT3EMjQ/ek2JNtuR25TyGtp4iTZRY7QeTMyozMguXMguUOyInMHiNa8wznoBBJ Nlah6BwvDDmPrNNh3S0qFh2r2tHitENn3bmjmXgJEYp2h8+uRdt7mleVTx/SWlOTJaOKoJ+pIU9G Lb2162pFY3Gxu6hIV+jxyJ0hmpPcSaJFyYx7Bcv3KqejYFJowaRnjjMYdLT16Wjr09HWp6OtT0dL WkfrFsGWFC8CJLOiU+9xG4s84wpV/pxOf4w3rjqbu9paivJ8hbcraylvWdZSa/XEotJSayk63Ut1 MSSYJDo8ZwuhMcVNx/N00S2U0vKm0qmKaBx+rzto14jDpZLemeZwpjv04nCLgJbm9aCQ833LA8WZ Hq2wVSlcq0/xh72rzT674VKVXvbpQbVOLSkwVGHQPsRtqXg0L9OQkuP7bI70aHqeV6+1pzkxNvWP XFCcVwYxd8smu6IpDmoaBzWNgw5MDjowOahpHINiaVQbwLxtL+ZA6cnGAJbrB1gevMHy4C2n46z0 0xi8dcQr5CbMM0O0jigxYI8doHp4XZEHKDrNSTZbeXwaM1orzk++462Dt796Y+Pkg28dvOWVm5uO Z8/7+rp1X1+YG55794b19yzIEe+677OBhXMe/c+Dhy4eWTj7kX9+e813bpw666bTyzacubFj1i3P 0rF45KL0AmpSKmac2wYyVcmMgOWMyIyMg+XKI6cjIypaedzWNGqeNGqeNIvBKExJCyAtbVAsSRBr 1qCgO6pSGZBN/VFnp4H2w8npHRuGeRXB9I52uJdXBLQLxZghWXohuvWpbXdo7UEv7bDyUgRnXseK 1VNyj0+Y05P/wDemLmvOlO7ou3dNzXDhaAk/kZOhdtfN3z5n2soy09AnOS2YsMs5VuiR4wrSSG6L plsKrZUa3HUlzUWlnItKmqtKWsqVKOWTuVEEc+us1CRQMuNYmWEasGwasNwHWGGaRGqhBeP4iXVR IRp1T4QFjgc73cm+jxqh50L1aPfHWw2G8uQAThuGVCh9wSQud7pER3F1uuS2u1xCWTg7HOaTFr3K kZmeEnToFVudBbWzJmzkxsIkxj6uPqV949Ts0KT51YGyghzHJpNmeKhxureu9LbHG/sn+dFcNBj3 LQZhXNmcutDQr0eN+HS2XykZq2avbahfNm28wxSpmTpu+A+ZadL+KSvcatXwlOCE6egtW0YuSP1o N23k3VOkfuT8MbNFmFJPTQYTyQzTyYwWBJZNVT8o5kcjJVG7Q5hSErUKHZklmSUGn4ee66Ndkc+C s3y4qw4fLQ7fM9jDgv7oqE8eB88c9SbZwfiEmU4ODIWnhWwslnRCOKq3BiqFyqjeIExB+ZyJ6qiq tFZaXTWYTh2v9ylzZ7oGhdxkO0QRXLDSGVUk0mO5YMEEa8xsQZ5q8alDstJmFCp4A2VLkUJVMvz5 KbZK6m/Y+lBP/do5E9x6BcxtKp2+fnJVT0NmyYwVa5bPKJ2w4rZZkTkdNXaVQpRUerW+qLFnfMX0 spSSmSvXrJxZKlwx72v9Ja5AhifLjzWJOiMnlF45vbRy6oRxpbWz1k/r3DO7wOz12/VWj92GmXdq KC2teFJWxdSaktKJM9ejjMxo66+j5meQJSc9UZjXY8Us4swxKCI3bBhbbvCo3TIjAXx5w6dDgnXk zHGkWVW2QSHnaFqybZdg2vGhvOT4QcRyNpK00JjZVJB3Z/Kg97o8zTzIx+/hg3waKl0jT0LP2lOt mk/vH62IizTWVLudLaBoO56PGlcn/QSzkyiJRwPmSf5JRZMkvdZdZkB9KaPVp4xWmjILrU5lg8JH URPJzjYTwUBoWyfjae3EoeDztJbKjBMoy9V3/KCoiTqs7h+QMkuZOOFMmUDKhLKywvq8QcEXNb+U IWRkKNLeK5w88Q1Dh4IU0Y5cbttWebq5oIevO85GFvRUJ2fpJWjkCzASqrAeC4fLyykne/nScroG GV3K1irkIVDN1miu0pKKSqnOkupL8Zsm3NbZsrGzoHbT4yt2ucZNrZ7Y1zbOoDFoFWrfpNlLy/qu nxX+1s2Niyf5u6fXr53oMRjQDxvm1jVnNS+tn7JuclZz2fRyX1ooTWPxmr1pKaE0e37sylln3QV1 uc0zJzXCuodg3VeV60kemUj2H6+rE3TBimRVAMutGiy3YhqW7VUxKHwc9TkjdJCMBGDRCLV/hPam EWrxyKCoi2qJU1dRHlQoiwcF5YnwZF+zZUo15ICyg46EdIxwo29MrtTYGEFtxlZstGfka1cs3fgs ik0P+RCptrpgrVpRerW0/9aeSFtzczbWLk5Hqk2ltgc83oBNk9Pe2pqz6MY5OU87y2ZHA7XRpuzG XQ21XZVe4d3Np69ptobH565B1VMoMIdXVsm9I76G/pRbFbJMvTq+uWnf4om2vEklw4dmzqnp34nW NRcWC0g/xkL8hoFU2q7oYAF+m9YtOls/BmMQedGHBHkxCJuA5RnCpcXgyHv0BCwK9VFjkUkwed/1 R3XGVj/WNuIx+2Tpr+Nom9UaW8flDwqqAS3MNvRKhC75I6hvyfnDWbRDthy8VL1K0tEnycFQBtSl Rb8UEJVqb017V1HfXUvK69cf6o50NpZ7tCrRZjRn18TGb90TjPbUVM+uixjoVOqbVq/V6M1Ks0V3 Ht28/7kdEywpGR6T3WPL9gdzgiefnnN1VyQzEtLY02g77YVd7sWujTA8HTdG/XUTBL2vmrbOajrP rKY9fDWtHdW0slSfxh4+QoqY1YpoDUM6WJ6NyIyT5HgcXUQrlM4ebNZXZ/sUJjRLZcIzGU1dcdTU AaciKpNcnUaXGslaJden0cno2CZY4nKP1ioJY+uYCVeldK/amuqgrpyWQ/P6b5qTU7LotoXTro6q HX5ap7SPNuxurEMNQo2qD06MNmd7eQXa2jG74+qBRZtOX9PS1CDq+RpkqAl1Z9GuaOO+JahLDRja RNIDax1CrxaBv+/paF5RRV3F2grJTluTPQAr2e3BfDoe5lNr5VMz5sv9G+rCJ8cbI9+KiNSBdJy2 tjJFsvKB5Tomh3EamHVwCmq/YDD/hb2KWxXiGYXwkkJQKFKL3ghP9rzXa1pnEk3a91LlCtaT7Ntk r4M8Ry15M8IqGzq7CHp7NFBVKDimWqGdjq18ojO7QjaoWjqU7R1KpDev64wubisyqPUqSZTU+orZ 66NrH9swvmb9g/0r7+wteFTavnXi/NoMURSzg+3bZhc6U5xqk9dmtJsNeq/HXrtjcMemU1c1NW78 Rpd938HCKUsqqQWzMMqdUG7HDD5GGgaayGns9dURv/BJItaJp9ufRJ0VxfmdrR0XaloC+RcqzMqK 1vAUL60sda+cs1woQZ3Bkq30nZI3P3zlnRdHx/nRifioZ3GsowB9uTzuowuX+6SxLc0ZLHE5pRNa V3Z6WrZbp3Nnp6Vnu7Q2DfoirGA0w6u42mOx0JnBnsyWFY2u/EwfViyizqCxpmSlNo0X1Slexc9S w/QK4dTULK9W6836dBzccgrqm5Ocn/31kg5k2lOs6r6e/bNzFRqtTm/xWAOpao166bp+nydpJeWH spV2kfXHpk8v2EZtcyy/J38VGRTXntDl41813mb6JLFrfgE1m79hYvW2VrNS2bDpQn/L/NauC23N BYHqCw2tpVO4AesulFD7ycPgOW7Gd5I+qhfpqrAEteX/aNMxM4fPm1cxpiNzBr/K5soPte6xNnfL NqerSfXwFdzmX2L91ita8if5DRoJPjJnINc7uUY4mNWMIikIoUiUos6otnnDvqYJKJKU/3ORfLF4 YrR4zEaD3WcPpGn12qXr5nxliUmkfPgO6QbpR6QWvvaF5KWo01bQQvvNFg26g5aAxS5MaSmtGxz5 mM5pwHKPCX77BE2qU0+DjBrNNmHKNJ/CXCyVqtW0f0D36qMzYyNEQana51OXFijosBUtQ1dBuuhP dAUsOK0rLyuqB2eZi9VS1eTfGGaedzp7q6S/1LTmBSb9umryvF8HpsmrWVt13QU6B7rwGhvMI6Xn IpGzETcm1nRqbcUIbzkXwV+Ef9EqoQqFXC42uIezVWhBLndyvcNnSJWYMMHDT79pK3O50bKwCBqd INWKdiyJsk1YJLEJwA1281Wh1JKevVMr+302d33FXxvWzSgsu+LR9asPLcq3BMcFxhWVZPkzy+Zf NSW3xS9YrNbh4SU9xS1F7iXzxrUWuWcu7PxLINejvWZL+5Jan7Qp5M+cUzR128z8NJetMD1UKOrE 4MTuCbXrYuOyot1lwdqqUq93Sv7E3nBWz6SOHbMKtJrg8IfzlwWq2nK6l/orW4cWjK8TNd6C3Bxn fUNacS315hxCj/Ug5lolZPuxujIhz56cWIHZxApCnoTTCDo5sNOJljuduUnpGMB8pfJAoKdpOuYh hV8Dy1DVyYLJmc3eKfKAKLdN+I2Zp4ZNr+jsanQ0tMpzUJV6jFuGz7IqKuQJqfSgxsZmUZ7CtuLa XY0Iyq4YPrlqubVt7s4pQS/vjkRzx4LGzK7Y0I08ZuyMqr1t4tIb+miftH/kotCpLIIXNEhuOlkX mhZaG5Jc1BjIIli2gRyGtxcsV16wXNPleNRY12lxPbwZTmapLzrokiaFg+7jEzp/FLUbnVztMa+l TbbPaxciyYV5cq5AR7Yxxknawk4nUrQyohYKtZ83gD1/wvgIxagJpGswj0Q/bVALxePzcqsBXvK7 UPJl5M6ooa5CyB0njIvahA5M8V6Sp9QQ8vwR/B5t13IYuRx3Gm9pZBBDMjdf7V9HZUhxFRQQmlFW KVwZemVOW2qzlVcIdM9CESaMWKHIy7eSt+VFHPI9mvH/k1N2l8aekeILecyq4Ws+bxFhlsbmhZM8 w6k1moefEdYY9bLLQVIbtcI/ho1frBifvSxs0Rm1EiYGWoPHMvzMcJbVmbSZUAubOUlU9pWvlX3l crtAtyXXETrbps/KwKwBEZT2MZ2lWS7iZPl+abl+sSxHi/BSnU3ehfIlzNOmk/eiPhv1iMvPq8IW 6mDI9tDvdTOE5jEtV74juQWjp5UZRQKWp/tyi05Pd6Gip6eXMA8sbdjMDSs3bB0G4ZPTqZdkei1W C3JGx6waZN8UwnJjkBmnZ5/G6zAlxCKoEu2TsYBQRY31k2ubC6raCjDlSXYIKH86T+b+qOqkPwoP X5PuXNo/yC/xjWkHdKF6WSfxhYhkS3GyXsOd9OArX2Kdh13jyG8srN7YRMdhOiK78hsKqzeN9iUq W6rblWZRT7mlraq7sdhS0NnekjlnS5t/tDzEUPXnepUvxsCVoEcV0uo1W2PTUorqc8Y15tnR3Uzh vS5KsIQcjJpZCdJiTHbAsjnHlFKy3x3th5OlSRe86Xq6hmEPruhoOfbplfDxyWRXTDviqK5gcp43 s42bno6To31xJOkPTVr7f7L15aZ1fmWHPGrEuzv+lw75MkPBQL20P6Yr2rdgIeoLfzyaWpcr5NiE XKsQNgphgxDWCGG1kCcJuaIg+7dhBLBc/8BytwW+3P9NFxzpRTpBN8axTtc2Yxzrz+BdMPj4TppJ xzoUE55+CgnzZHiRxaSLgK5ykzWTL3dpX5X8/G9+c+mt8Ruf2rD2kTUV1Ruf3AiufNpXu3Ja24rG oK9u5bTWlY0B4U9rTl3bPunKYxvAk8G72vYtqi5buK9j8r6+6rIF+2CbQ8MHpVdhG+of2Uv9I8GK L3kCxnqfS4/C6LDtZK4R2UkiezqZl+RLfSNtlmlf6Rv5MtfIFwdt51e7Rm5fkNNYH83kXTUqi8Pp s6lzp3R0Fiw6QF0jpbJrpDm7cUdDbXdlivCXLc9e3WLJKAsN13KPiOIvaFyShGa2Pa821znlmiOb m65aXGPPbRg3fA/24C3eRWtSL6x1b9Ja10Z9MJdfH6H9W4T6AJgB5E4uQtf/edhTKleb0mR1Asu9 JFj2B8iMtloqr/+dWW36iRG/wlJI1/8pk6vo+t/SocRc9MvX/5e5k8qt7ElUchEhurlwfnH9r6Xz Hr9DnTu5tS2bmqik/7aFOc1NLXl0c4cj1ar+gg9g+Bi3lHAutzpk5n4Aa9aE3NXcdMP/Zo4A5lSC I0CeE4qPwWKlpP/YunIhbE72+GC56wGzykUFnR+Z6bzPlnxIjkGC0GZFUjBqZEW1kclhszPQ5qSr XLm7lwd81ojG+tboTPpLZn6sEqmwvUil1WjcaZlOb3H5+NCYmiP31Vn146vTjMHMNINCEqRFrnSr VqvVOAqnVA7F+QB/qaO5uqIx2yxpdDqtSd5D0DlyQXwROW4jL0YNRe117dPa97QfaVeOeYggj3ly GN0s+MxRTATlMPoemVEp6geFN6J+9iSBVjEfrWLJBwlI9tEu2vcMXg+lDzZ1CBBDFPGYQp2JhnG9 OsMRg2gofLNS91frdGuvdZ1VYg8MfkufFkx2nWeOSpiRPSpIPijooTsL2MM7JBUln20zv4iJ7iz4 Pz8oEF8sXbBvavGcpmKXTkEfBETqZlflNZb4sqPTY53R7NwZO2dkto7PdaolzI50Km1GRVtRXjTX mROdEZsZzRZMTatQ3m6vI9Nvxy4NX8BnC1Vkhcty/BmR2tk15X1t+Qab02IwuyxWr0Xt8rrsoeLU 7PKcQEZezSw6uwmO/F1crXiKjCfzj+USa6gg2RBlhk3BclmA5QYpM4wIR8HHUYPbWHAh1JpmvOBu HYe2OKCWPbsXztHBrpSZqOTcWeaeVMhrO+vnF/ii0ymvNeii0MoWczQsrtZYArmF7ubF0bQrzTa6 aWU3X3W8S/3fNvO7lS3uzFSHRqlVKualZVhMWlUWHn2JJuYSeU2NoxR43v+a2ppizwwM63oWanVa pclDRkZovqW/K4vw9nMmvJBq7AjEe2/MHtIbsEc9mZgoqsdQ/vGxSHp6BG3uk6hBKo/Ut1oiFyaU tzpo15PVoWWux3NwJglFJW/CAQLnfwn1e8ATdKmPhoNDXqaynJq+2hTS4+kuzJPcXuotKhqTwa+2 hnTSl/LZ3aOtznkpn7a0oPUrjYK8HqT+WulZzItuh7e2TNBn01aUTVtRNn1Qmi131Nl0roQtSZ+c IHRKSvzJbggs1wzwx/IKhgo6F6cH8IgPWASMp7UXtGXrld42TE6Vl5y2tI/i89HRZnXZMpU7bUe9 tVbZ81hRORoBd60tzelOs6o67pKnP2oH87e5i1qLa3c2wW2LVatNOzqh3BqbWrPshkViBp8zDv1r 2sKGrK6YuJnH0LqQgdX6Ttgnn/zhFAmNYESnk32/hn5n+YV0JtIFeWGKjMt7RcCOZM9tT7ItyVYY JlqJAyoxs7IK2RYhRylk5CBiYoaQmSEEqcQeucygEJBjA0JmQMg2C1uCQhDrxKjW6mwNBtBzIXQ+ qkVXGKSeYhqiS0bwB1EDrhHMaQvqU9r0bBCAfeVlHon0yLOnSE8P/RPoNEpOiCAcidDplHp0s8al 7Qhuu7vSzuYW0k5BlMThcwpjSk56eo7XpBh+UaEUNHa/Oy1k1yqGFdKnIrz0Pne6VS09oNDqDOrP vq03abCn0KST5hhsWgkLYxFf2qEUg0H8sxa+N1Gjp9YuH7movAbWbiJvncJD5jPRicgansfgiXyV UEk5q1AIB4VwQAj7hXC6EE4TslOFHIWQKwnjJwgTxgsTCoSafMESwAYp/MdhZKcBZTxUQUQAV7Bg DJWjKUexj6HDTKPN9W3ycdSYdZZplrWWPRaFJWpztVpK27Laxt+aL+TTtHw6cljsrtZl+VvzxSbE uqfIPcCr1JI9Z+vqzsGSzN6yzccVE2pl2dRUJA2NvU3JTTFStlri+2O4swv7Yi6ZfIxUXqNQDn8k Gd056f48r0H6jigekYwpuen+bISGP1EqaM+RmmHTSL8WxRdErQ3V3m/TiK+Lwmsi9gikeLCxVXpA 7TBfKhTxZq12aOOlIjI71Fo9Sgir9aEUrRYlZMTgA5fGkIeHRA2m7WgdmOntQnllkhmniA81r5zW bJ+Q6xM89JFF2COETRUmMVsrpNBhd3yK4K0CT/AK/javzt6ma1dMI+3UG4+ZSh2qJmxHLUUrZ1Bi T0sr7XSfWLgsubQUSu10ReRyOdRi6TbVuJKUgFVU7dJapOHnNJbM9PQMh1YpCNLHKmtGIDXTqho+ brEqDQ6TUK2w6aT5To9JKWnMxqFC8TW7XomxwIacdGPi+jreNI6QCaeIBTlx0R0uYXmHSBHSy7SN WlGbZcXC5Ki31Yy+EAsU3Dh9goBH4T3n0K6S29roli86rawUqKK+S3k/pryVQ6BSfF2lMWmGXnP6 aJMQbh7eY7HTPWGiQm/FQ0jEDW8WHsVjcVWz3YcNbcEMk8vltYgrg1nYkalWmVzWgMnjTrEM3aW2 YDYlYh/qSdmXpseOcgc2/Ivrj6m0kqGV1L11Dj0r87eOerCETu6xGj6iOJd0UA0PIJd5w28JG8nb 2KeuS+jdqcTyyjm2SUWtZjW00s4nzMJGlcltvUFptHvtVrdOUOzXezJTvJlu/S3+ssIC74tqHVYK qDSCfa8vYFGpLAFaY+4e+Qj/JYa36b73AboN4cwJtD3cK7op3GnkefpzY5xta4pqawopVrcUFTYB 9BrC8LuSTvld+IQ0AxYlKcJQ607eXnLroPpxhdGR5vQGbQqV2KMw2tOdeGanUH5oNGsUaqPdqNpp NGtxdw4jrtckHBMLxYnYx286RtT6C3i4j7kLci4/42Jmk8ut0GYdXmDDR/gmSkcpfJKd7g+H01XW FFxl//Bjwj+VN2I3f0bUKdEBU6KTT0muQpLTr99P6oowJUJ3iyursEHX5na5WBXPLpTkGsO6WOHv C3sWzlMKpjSvLcVukCpmVKX6q2eUCtiJ63KnWkTloh8Pd7/2+vDcnxqseiU2lyqX/uJXb65f/8av X16GvemSSod3nASyA3f0Lu4oSEpPERsWDrgnjEPymp3ycVrFbXCbnTmBFKwe2B1GStgt0rGAmjUc rqissJWXidlh5opwu2zCu6lVnRWSAfu+U9KMgnL+ggULFKIl1e3ENg5x2WbRu/7NX/1iqVKjEpWo 1D8RHnv9NeGxH2st2EGuUinODU/D/T03fEb0KbdiX7jpuPdH5pQXqOGLLnC7Y/iRh3e59chTQ3lS 6DObRojBZdPrbS6DQFR4ImY2Pfww5eHPgj60CIcqQtsNdobiMdjFGpXZTa0xd/iMcCL5a5Yfec0v qJK/ppT3oyWbaumlySndkSic0NvchhETli569cMPMx4xuG36iw4fJttBq9usUp5NDVjdFjjIfPjP FIgkU95540Cf0kOqo2nTZ8ye2Pa7ueWquWXqeb9Lz7Omz8W/zIYZmTF3crsyVhDW0lI8jixJErpC tk0OrzewpySh5BhRaQ+OqtF5tD3pnkbXKL8P4ZSCSaWmF1AiiL1A6Mavztlktqs0RvX+PEGF4nKn W1RC3vB7eBnGnOr20FCufIRBc23udrPdbr4+V1Bb092eVLMiT3BlCxpLusedZlIKORvN9qGBHGzN k7ZYPWb18LH0DJmfUOvpcKFXC7OHx+g0mqoRpqQHQulCPZKx20KvGv7uWO3vHT6GPV2wYSvmpS/I OzMj8Ll6P+eKyuKuKCxFzkSzzGJHb4EwxslEPasOOod10C2KDg9Vp0W8o0QCbAkTSDYDsOxrAMsT WfB52iNhzoX/FU5BVKujmz6jRKLunqgW7blIN00nEnkmhhD20eI/7ERvQkeFjuBNaLyKoMOGT7oj km/4tNoEts+MTrMs77ApV9IDSBeNGO7Y50v8WVgojL61oZBeKFodv2rHY0sjxavie3eC4yZfpKaj OLZyoiu9fklrVWxijkcrHrjzPwN9c7790YMHP5L5yb57tsQqvdNvenbVbT/dOz6zYcGG/WgTT2Pk eEDpxptKf4pmZqYLmWlCZqoQ8gmZKUKmV6DDt1vIld2AtgCmmsU0p0Zq7mKBUNOSXDrvRApY7ldk hvXBskHB8oIgl24hNaV76EkePf3WYyr8Nn33BfzKUVwTfIZeakz8GTqlRRimxxkP4q0gOzah1R0N zcjFskzN9lyX1A1h6EhOY8/hyWMp35dGLUvYJJeZV3azXtqYhj5CxWZclVnJhoNXQrBF+wEVnvoO zVcb9CoVXo8QTBftbswaVHqtkKcw2Dw2LCVU72lMWmUjXXOrLSl4Q8KqlX51p05hTHdbPRaD6jlJ gf0VqOKf3qLFAAFrb4C170WdroUP2phbIUTShdw0OouNUrO6qVmjgotuoHLJg4aLmsmFaniiNAv/ SHXS1tXP4D+IpoexYBw9ncTqYUW9tao6EKhG5Ss8UepSFc60wJeYwy3E/Bf0/RG6EHgncm70RRLZ RvLs9DLj0On+5zaoqZIrV7yTRbtkZEVr1g6Vm5xmtaQzGz6ds6Lallo+vUzenkbbN14u8kzovmLC gpt7Cl0t1649J5ZqzHrlZLpfUW1JdznS3W6joJt/+7ZFkUjH+IyMnAyNLd0JR4XJmRnylM/f0VS7 85YjG17T2mSfUT/61SPY0egnr5/CrsTzUZ01iJ2eFlZnzifrkuwfQ52Rl0NgPB+FGTfJyy3M8JNn WehZNEjPAstnycl6urTbbBHCeI5C43EyFlVnTtDiCQq0rdNKCv6VvMULCz65IC69FMCuifDbx3GO U4k5Y8HRlE69vCWabpvEBw/DqeHpNJd+kjRm/UUHXWHs/FE6Iim1quFCpdmdmZIRxpRXeG/oDrtd qTNpxX+YnHqV4qwtzec1ffqiAVMbFSY5isk5mXbYGr5e2a9B57n0oyJ4U7N+VkfT9FikoW/VikUb Vvx/5SWQqwplbmRzdHJlYW0KZW5kb2JqCjkwIDAgb2JqCjE1NDY2CmVuZG9iago5MSAwIG9iagoo KQplbmRvYmoKOTIgMCBvYmoKKE1hYyBPUyBYIDEwLjExLjYgUXVhcnR6IFBERkNvbnRleHQpCmVu ZG9iago5MyAwIG9iagooKQplbmRvYmoKOTQgMCBvYmoKKCkKZW5kb2JqCjk1IDAgb2JqCihQb3dl clBvaW50KQplbmRvYmoKOTYgMCBvYmoKKEQ6MjAxNzAyMjExNjQ5MzlaMDAnMDAnKQplbmRvYmoK OTcgMCBvYmoKKCkKZW5kb2JqCjk4IDAgb2JqClsgKCkgXQplbmRvYmoKMSAwIG9iago8PCAvVGl0 bGUgOTEgMCBSIC9BdXRob3IgOTMgMCBSIC9TdWJqZWN0IDk0IDAgUiAvUHJvZHVjZXIgOTIgMCBS IC9DcmVhdG9yCjk1IDAgUiAvQ3JlYXRpb25EYXRlIDk2IDAgUiAvTW9kRGF0ZSA5NiAwIFIgL0tl eXdvcmRzIDk3IDAgUiAvQUFQTDpLZXl3b3Jkcwo5OCAwIFIgPj4KZW5kb2JqCnhyZWYKMCA5OQow MDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwODgwNTAgMDAwMDAgbiAKMDAwMDAwMTAzNyAwMDAwMCBu IAowMDAwMDU5NDgyIDAwMDAwIG4gCjAwMDAwMDAwMjIgMDAwMDAgbiAKMDAwMDAwMTAxOCAwMDAw MCBuIAowMDAwMDAxMTQxIDAwMDAwIG4gCjAwMDAwMDI0NjUgMDAwMDAgbiAKMDAwMDAwNTIzNyAw MDAwMCBuIAowMDAwMDAwMDAwIDAwMDAwIG4gCjAwMDAwNzEwMDMgMDAwMDAgbiAKMDAwMDAwMDAw MCAwMDAwMCBuIAowMDAwMDY3NDQxIDAwMDAwIG4gCjAwMDAwMDEyNjIgMDAwMDAgbiAKMDAwMDAw MjQ0NCAwMDAwMCBuIAowMDAwMDAyNTAxIDAwMDAwIG4gCjAwMDAwMDUyMTYgMDAwMDAgbiAKMDAw MDAwNjgxMyAwMDAwMCBuIAowMDAwMDA1MjczIDAwMDAwIG4gCjAwMDAwMDY3OTIgMDAwMDAgbiAK MDAwMDAwNjkyMCAwMDAwMCBuIAowMDAwMDA5MDM3IDAwMDAwIG4gCjAwMDAwMTAxODUgMDAwMDAg biAKMDAwMDAxMDIwNSAwMDAwMCBuIAowMDAwMDExMzY3IDAwMDAwIG4gCjAwMDAwMDcxMjkgMDAw MDAgbiAKMDAwMDAwODA2MSAwMDAwMCBuIAowMDAwMDA4MDgxIDAwMDAwIG4gCjAwMDAwMDkwMTcg MDAwMDAgbiAKMDAwMDAwMDAwMCAwMDAwMCBuIAowMDAwMDU5NjQzIDAwMDAwIG4gCjAwMDAwMTk1 MjQgMDAwMDAgbiAKMDAwMDAyMjY0OCAwMDAwMCBuIAowMDAwMDE2NDE4IDAwMDAwIG4gCjAwMDAw MTk1MDMgMDAwMDAgbiAKMDAwMDAxMzI1NCAwMDAwMCBuIAowMDAwMDE2Mzk3IDAwMDAwIG4gCjAw MDAwMTEzODcgMDAwMDAgbiAKMDAwMDAxMzIzMyAwMDAwMCBuIAowMDAwMDI1Mjk3IDAwMDAwIG4g CjAwMDAwMjI2NjkgMDAwMDAgbiAKMDAwMDAyNTI3NiAwMDAwMCBuIAowMDAwMDI1NDA0IDAwMDAw IG4gCjAwMDAwMjg4MzUgMDAwMDAgbiAKMDAwMDAzMDE1NyAwMDAwMCBuIAowMDAwMDMyNDM5IDAw MDAwIG4gCjAwMDAwMzM3MTYgMDAwMDAgbiAKMDAwMDAzMDE3OCAwMDAwMCBuIAowMDAwMDMxMzUx IDAwMDAwIG4gCjAwMDAwMjc2NDAgMDAwMDAgbiAKMDAwMDAyODgxNSAwMDAwMCBuIAowMDAwMDMz NzM3IDAwMDAwIG4gCjAwMDAwMzUwMTcgMDAwMDAgbiAKMDAwMDAyNTY2NCAwMDAwMCBuIAowMDAw MDI2OTYwIDAwMDAwIG4gCjAwMDAwMjY5ODEgMDAwMDAgbiAKMDAwMDAyNzYyMCAwMDAwMCBuIAow MDAwMDMxMzcxIDAwMDAwIG4gCjAwMDAwMzI0MTkgMDAwMDAgbiAKMDAwMDA1MTU2MiAwMDAwMCBu IAowMDAwMDUzMjk1IDAwMDAwIG4gCjAwMDAwNTMzMTYgMDAwMDAgbiAKMDAwMDA1NzQ5MiAwMDAw MCBuIAowMDAwMDQ0NzYxIDAwMDAwIG4gCjAwMDAwNDgyNjMgMDAwMDAgbiAKMDAwMDA1NzUxMyAw MDAwMCBuIAowMDAwMDU5NDYxIDAwMDAwIG4gCjAwMDAwMzUwMzggMDAwMDAgbiAKMDAwMDAzODUx NyAwMDAwMCBuIAowMDAwMDM4NTM4IDAwMDAwIG4gCjAwMDAwNDI3ODcgMDAwMDAgbiAKMDAwMDA0 MjgwOCAwMDAwMCBuIAowMDAwMDQ0NzQwIDAwMDAwIG4gCjAwMDAwNDgyODQgMDAwMDAgbiAKMDAw MDA1MTU0MSAwMDAwMCBuIAowMDAwMDU5NTc5IDAwMDAwIG4gCjAwMDAwNjAyNDIgMDAwMDAgbiAK MDAwMDA1OTg1NyAwMDAwMCBuIAowMDAwMDYwMjIyIDAwMDAwIG4gCjAwMDAwNjA0ODcgMDAwMDAg biAKMDAwMDA2NzQyMCAwMDAwMCBuIAowMDAwMDY3OTI0IDAwMDAwIG4gCjAwMDAwNjc2MDYgMDAw MDAgbiAKMDAwMDA2NzkwNCAwMDAwMCBuIAowMDAwMDY4MTczIDAwMDAwIG4gCjAwMDAwNzA5ODIg MDAwMDAgbiAKMDAwMDA3MjAxMyAwMDAwMCBuIAowMDAwMDcxMzc0IDAwMDAwIG4gCjAwMDAwNzE5 OTMgMDAwMDAgbiAKMDAwMDA3MjI0OCAwMDAwMCBuIAowMDAwMDg3ODA1IDAwMDAwIG4gCjAwMDAw ODc4MjcgMDAwMDAgbiAKMDAwMDA4Nzg0NiAwMDAwMCBuIAowMDAwMDg3ODk5IDAwMDAwIG4gCjAw MDAwODc5MTggMDAwMDAgbiAKMDAwMDA4NzkzNyAwMDAwMCBuIAowMDAwMDg3OTY2IDAwMDAwIG4g CjAwMDAwODgwMDggMDAwMDAgbiAKMDAwMDA4ODAyNyAwMDAwMCBuIAp0cmFpbGVyCjw8IC9TaXpl IDk5IC9Sb290IDc1IDAgUiAvSW5mbyAxIDAgUiAvSUQgWyA8OTU3ZWVjYmQ3MjUzYjZjNGFlYWQ5 Y2YxOGJiZTYwZWM+Cjw5NTdlZWNiZDcyNTNiNmM0YWVhZDljZjE4YmJlNjBlYz4gXSA+PgpzdGFy dHhyZWYKODgyMjUKJSVFT0YK --_002_D4D228CE766F3goranselanderericssoncom_-- From nobody Tue Feb 21 09:55:08 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC7212945B for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 09:55:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id purxneT21RYL for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 09:55:06 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFFC5129465 for <6tisch-security@ietf.org>; Tue, 21 Feb 2017 09:55:05 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 27EB620183; Tue, 21 Feb 2017 13:16:55 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7CB43636BB; Tue, 21 Feb 2017 12:55:04 -0500 (EST) From: Michael Richardson To: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= In-Reply-To: References: <21361.1487688501@obiwan.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Date: Tue, 21 Feb 2017 12:55:04 -0500 Message-ID: <30305.1487699704@obiwan.sandelman.ca> Archived-At: Cc: "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 17:55:07 -0000 tahnk you. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ From nobody Tue Feb 21 22:54:31 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1800F12966A for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 22:54:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.221 X-Spam-Level: X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4cjuImxB26G for <6tisch-security@ietfa.amsl.com>; Tue, 21 Feb 2017 22:54:28 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1505E129669 for <6tisch-security@ietf.org>; Tue, 21 Feb 2017 22:54:27 -0800 (PST) X-AuditID: c1b4fb25-93e1698000001738-f2-58ad35a126c1 Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by (Symantec Mail Security) with SMTP id 19.1F.05944.1A53DA85; Wed, 22 Feb 2017 07:54:25 +0100 (CET) Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.03.0319.002; Wed, 22 Feb 2017 07:53:37 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Michael Richardson Thread-Topic: [6tisch-security] slides you presented Thread-Index: AQHSjNhj/O61zu/6fEqs5XyYLuNd2w== Date: Wed, 22 Feb 2017 06:53:36 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.1.161129 x-originating-ip: [153.88.183.148] Content-Type: text/plain; charset="utf-8" Content-ID: <5106D87AE5A2BE46BB4F1ED8672E3299@ericsson.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplkeLIzCtJLcpLzFFi42KZGbFdRXeh6doIg+O3JC2aVy5it5jXcJnJ gcljyZKfTB4tc/YwBzBFcdmkpOZklqUW6dslcGXcmX6LueAHd8X6n6dZGhgvcHcxcnJICJhI bNsxh6WLkYtDSGAdo8S7FfeYIZwljBLvZ29gBKliE3CReNDwiAnEFhHQlDgysx3MZhawlGj/ fIcZxBYWMJa49nsRaxcjB1CNicTblzoQpp7EqVWFIBUsAqoSDyd+AZvIK2Ah0b/wJhuIzSgg JvH91BqoieISt57MZ4K4TUBiyZ7zzBC2qMTLx/9YQWxRoJHLn6+BiitJNC55AraVGeiy9bv0 IcZYS9x/2c4IYStKTOl+yA6xVlDi5MwnLBMYRWch2TYLoXsWku5ZSLpnIelewMi6ilG0OLU4 KTfdyFgvtSgzubg4P08vL7VkEyMwcg5u+a26g/HyG8dDjAIcjEo8vB9C10QIsSaWFVfmHmKU 4GBWEuHtVFobIcSbklhZlVqUH19UmpNafIhRmoNFSZzXbOX9cCGB9MSS1OzU1ILUIpgsEwen VAOjgPLFkttKFQnT/y05PT9a/abep+z62FP9KmsnTkzky51p2sVr7cl4tWq+SenfQG0JZt59 65hUfm6NXKc9T2X/ebbo+qkq86fmbzZq3vWx61KxtF+HlHeBzcngNX1LLzYffqeTc/v1pjVd bmc/x97c5h0+dbHoN6ZvEjNdzJZMVPnEs1m9cNVvJZbijERDLeai4kQApk9qYZgCAAA= Archived-At: Cc: "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 06:54:30 -0000 DQpCZWZvcmUgc29tZW9uZSBzbGFwcyBteSBmaW5nZXJzIEkgc2hvdWxkIGRpc2NsYWltIHRoYXQg dGhlIG1lc3NhZ2UNCmV4Y2hhbmdlIHdhcyBqdXN0IGEgc2tldGNoIHRvIGJlIGFibGUgdG8gZGlz Y3VzcyB0aGUgbnVtYmVyIG9mIG1lc3NhZ2VzLA0Kd2hpY2ggcGFydHkgaW5pdGlhdGVzLCB3aG8g ZW5jcnlwdHMgZmlyc3QgZXRjLiBBcyB3ZSBhbGwga25vdyBzZWN1cml0eQ0KcHJvdG9jb2xzIGFs d2F5cyByZXF1aXJlIGEgbG90IG9mIGNvbnNpZGVyYXRpb25zLCBpbiB0aGlzIGNhc2UgdGhlcmUg aXMNCmUuZy4gbWlzc2luZyBhIE1BQyBvZiB0aGUgaWRlbnRpdHkgb2YgdGhlIHNpZ25pbmcgcGFy dHkuDQoNCkfDtnJhbiANCg0KDQpPbiAyMDE3LTAyLTIxIDE3OjUwLCAiNnRpc2NoLXNlY3VyaXR5 IG9uIGJlaGFsZiBvZiBHw7ZyYW4gU2VsYW5kZXIiDQo8NnRpc2NoLXNlY3VyaXR5LWJvdW5jZXNA aWV0Zi5vcmcgb24gYmVoYWxmIG9mDQpnb3Jhbi5zZWxhbmRlckBlcmljc3Nvbi5jb20+IHdyb3Rl Og0KDQo+SGkgTWljaGFlbCwNCj4NCj5JIGVkaXRlZCB0aGUgcHJlc2VudGF0aW9uIGR1cmluZyBh bmQgYWZ0ZXIgdGhlIG1lZXRpbmcgdG8gc3VtbWFyaXNlIHNvbWUNCj5wb2ludHMgbWFkZS4gVGhl IHByb3RvY29scyBhcmUgYXMgcHJlc2VudGVkLCB0aGUgYW5ub3RhdGlvbiBJ4oCZdmUgYWRkZWQu DQo+DQo+R8O2cmFuDQo+DQo+T24gMjAxNy0wMi0yMSAxNTo0OCwgIk1pY2hhZWwgUmljaGFyZHNv biIgPG1jckBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPg0KPj4NCj4+Q2FuIEkgZ2V0IGEgY29weSBw b3N0ZWQgdG8gdGhlIGxpc3QgZm9yIHRoZSByZWNvcmRzPw0KPj5UaGFua3MuDQo+Pg0KPj4tLQ0K Pj5dICAgICAgICAgICAgICAgTmV2ZXIgdGVsbCBtZSB0aGUgb2RkcyEgICAgICAgICAgICAgICAg IHwgaXB2NiBtZXNoDQo+Pm5ldHdvcmtzIFsNCj4+XSAgIE1pY2hhZWwgUmljaGFyZHNvbiwgU2Fu ZGVsbWFuIFNvZnR3YXJlIFdvcmtzICAgICAgICB8IG5ldHdvcmsNCj4+YXJjaGl0ZWN0ICBbDQo+ Pl0gICAgIG1jckBzYW5kZWxtYW4uY2EgIGh0dHA6Ly93d3cuc2FuZGVsbWFuLmNhLyAgICAgICAg fCAgIHJ1Ynkgb24gcmFpbHMNCj4+ICAgWw0KPj4NCg0K From nobody Wed Feb 22 08:00:48 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACEC0129A5A for <6tisch-security@ietfa.amsl.com>; Wed, 22 Feb 2017 08:00:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNhTeHZaCnwv for <6tisch-security@ietfa.amsl.com>; Wed, 22 Feb 2017 08:00:44 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ADE7129A41 for <6tisch-security@ietf.org>; Wed, 22 Feb 2017 08:00:44 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6271C200A3; Wed, 22 Feb 2017 11:22:35 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 860D9636BB; Wed, 22 Feb 2017 11:00:41 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org In-Reply-To: <22592.7216.968126.340725@fireball.acr.fi> References: <22592.7216.968126.340725@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: Tero Kivinen Subject: Re: [6tisch-security] Short address assignment X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 16:00:47 -0000 --=-=-= Content-Type: text/plain Tero Kivinen wrote: > During the teleconf I pointed out about the issues with the short > address assignments and security. This email provides background > information and explains the situation bit more. thank you! > When using TSCH the situation is bit different as Frame counter is > replaced with network global ASN. This means that Source address part > needs to be unique for that timeslot. This means that coordinator Attached below is a yang module to describe the short-address assignment. > PAN ID is added, as large networks might use multiple PANs, but still > use same secret key (it does not matter whether the ASNs are in sync or > not). Do you think we should slip the PANID in with the short-address assignment? We have not explained how the pledge knows about PANIDs: clearly it could just use whatever PANID the beacons it hears contain. Do you think we need to be more explicit? Perhaps we should at least put it in the yang model such that it read back? I have included an inception date for the short-address for this reason as well. I called it "effectiveat", but maybe there is a better name. ==== module ietf-6tisch-short-address { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:6tisch-shortaddress"; prefix "ietf6shortaddr"; //import ietf-yang-types { prefix yang; } //import ietf-inet-types { prefix inet; } organization "IETF 6tisch Working Group"; contact "WG Web: WG List: Author: Michael Richardson "; description "This module defines an interface to set and interrogate the short (16-bit) layer-2 address used in 802.15.4 TSCH mode networks. The short addresses are used in L2 frames to save space. A lifetime is included in terms of TSCH Absolute Slot Number, which acts as a monotonically increasing clock. "; revision "2017-03-01" { description "Initial version"; reference "RFC XXXX: 6tisch minimal security"; } // top-level container container ietf6shortaddresses { config false; description "A 16-bit short address for use by the node."; leaf shortaddress { type binary; length 2; mandatory true; description "The two byte short address to be set."; } leaf validuntil { type uint32; description "The Absolute Slot Number/256 at which the address ceases to be valid."; mandatory true; } leaf effectiveat { type uint32; description "The Absolute Slot Number/256 at which time the address was originally set. This is a read-only attribute that records the ASN when the shortaddress element was last written or updated."; mandatory false; } } } -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlittakACgkQgItw+93Q 3WWA/wf/S5JGqBMXE/hue7RsphN/q13Kwf4mvFkpmEQmR1WqXCyLZkkmWhONFc83 7jOIT1epc9t/bYBtO7Yv5IdJLJPHflcs09YKjU2aj9828PjH8Pqg1MyQp6JGfZbR rACnHJJU86QywJnEpK5qzgl2bEHIPljIHdNMIjB+Q0UV9+YBR7E/Cei29/eseHjb elQj3zfhZcQmjzjwewShg90lv9/o9RgZV7WUYDgoKGOjWhX6GIUzX5FSejPAvKsQ k6lv8wwSkQB7kyCKTkNfP9Ho8x4tqc1vTd2ZoDSFogtmNkszX/xYwndPgqPK5Oow eibBcS16jzGfzUsA9xsQ2itoAMDusA== =7u7E -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Feb 22 09:26:20 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D83D129A14 for <6tisch-security@ietfa.amsl.com>; Wed, 22 Feb 2017 09:26:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eeYxEEryJCnQ for <6tisch-security@ietfa.amsl.com>; Wed, 22 Feb 2017 09:26:16 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5461E12999E for <6tisch-security@ietf.org>; Wed, 22 Feb 2017 09:26:16 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5C531E1D3; Wed, 22 Feb 2017 12:48:08 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4F2B1636BB; Wed, 22 Feb 2017 12:26:14 -0500 (EST) From: Michael Richardson To: Tero Kivinen In-Reply-To: <22593.32141.375714.870333@fireball.acr.fi> References: <22592.7216.968126.340725@fireball.acr.fi> <163CC403-7DDC-4895-A2EA-A8C1D8396B5F@inria.fr> <22593.32141.375714.870333@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: =?us-ascii?Q?=3D=3Futf-8=3FQ=3FMali=3DC5=3DA1a=5FVu=3DC4=3D8Dini=3DC4?= =?us-ascii?Q?=3D87=3F=3D?= , 6tisch-security@ietf.org Subject: Re: [6tisch-security] Short address assignment, nonces, and TSCH X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 17:26:18 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Tero Kivinen wrote: >> Then, the question becomes whether we need a mechanism to detect nod= es >> that are no longer present in the network. In case we use the lease >> time as you propose, to have such a mechanism useful, we would need = to >> set it to a fairly small value (24h or less), > Why? The only reason for the lease time is to allow JCE to clean up > unused short addresses, and as there is 65k of them, it could be also > much longer time, lets say a year or so. If the JCE ever starts runni= ng > out of addresses (i.e., more than half of the address space is in use= ), > it can shorten the lifetime to a day or so for new devices. Yes, but that just makes the new devices fight each other for new addresses. Probably, it should be allocating addresses with some kind of time-based horizon against which it allocates. If it knows it will rekey everything by time X, then it always allocates lifetimes such that they expire by X. > As far as I have understood the networks are supposed to be up and > running for years, thus having life time of one year etc is not an > issue. Rekeying once a year seems reasonable to me. Once you rekey, you have to reach out to every node, and the ones that you fail to reach after some time, are gone, and get cleaned up. > On the other hand TSCH nodes, are required to keep constant > communication with their timekeeping neighbors (i.e., send packet eve= ry > few minutes), thus the extra power consumption used for renewal of the > address every day or so is negligible. That might be reasonable, but I think the scale can be extended a lot. >> but then we require the whole network to =E2=80=98rejoin=E2=80=99 in= the same time >> frame, which is quite an overhead. I am thinking whether we could >> achieve the same functionality by having neighboring nodes report to >> JCE that a node left the network upon the removal from the neighbor >> table. What do you think? > JCE could of course also use the routing table to find out which nodes > are still in the network, but that requires whole routing table to be > known to the JCE (I am not familiar with the routing protocol used, so > I do not know whether it is true or not). 6tisch networks are generally non-storing, which means that the DODAG root(= s) know how to get to every single node. The JRC (new name for JCE) might have access to that routing table, but access could be arranged using something like i2rs perhaps. In any case, presence of a route does not mean that the node is alive, or that it's a current route. RPL is reactive rather than proactive: if links go in active and nobody is in the forest to notice, then nobody hears it (to paraphrase a philosophical question). The JRC contacting the node to attempt to rekey it would be traffic, and sa= id traffic would cause either a reactive attempt to find the node (if it was reachable from the same next-hop router), or would fail until the node woke up and reconnected. Upon failure, the node's address could be cleaned up at next rekey, I think. > Anyways we are going to need some kind of renewal method, i.e., where > node comes back to JCE and says he wants to use same address he had > before. This is needed if the node is temperarely disconnect from the > network, and when he rejoins the network he needs to go back to the J= CE > and verify his address is not given out to anybody else while he was > away. > So as this mechanism is needed regardless whether we have lease time = or > not if want to cope with JCE reusing addresses, then requiring nodes = to > do it periodically based on the lease time is not really big overhead. If the lease time hasn't expired, I think that the address should not be garbage collected, until a rekey. Upon rekey, the node is off the network anyway, and has to do something. I think that most networks will have enough fewer than 64K nodes that they can tolerate some leak/loss of 2-byte addresses and mostly never have to change addresses, even through rekeys. But the leak will be reclaimed upon rekey. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlitybUACgkQgItw+93Q 3WU/qAf8DihwGjdds6BthXmQJX3wFjgpBY4Oe6i5fU6hz40hGmavR+h9eMIxy6/K 3cRpNWIq7+vcQBZ2D8C2WVFqIoww2H1YdhwZwCNwKm3Q4PStYyJPmHVPTzFbF8b4 beipJcWow67aJ1z7ru2ldqLXwgZQjmeKI4CP5JDxPcIbzD0AEBPJP0WhwiYNsGY7 62OCLnECT88qOcq97KncmCphqL0lDkPVgSQ+6KlUSMRhHiq4KhQys/KGsYXlpWSA Qttl0BvNcaD/3CfjcolPVP9NN2D1FL9gzsw2G/6GuobR1V2ZwIYDyUpdZN3Ej5wM 5d8z1MxCF5gJ6PotS1Y0KxrBG87kqA== =vpxe -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Feb 23 00:41:29 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C126A1294D5 for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 00:41:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMUBDsJ-I1Fy for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 00:41:26 -0800 (PST) Received: from lb3-smtp-cloud2.xs4all.net (lb3-smtp-cloud2.xs4all.net [194.109.24.29]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58BB71293FB for <6tisch-security@ietf.org>; Thu, 23 Feb 2017 00:41:26 -0800 (PST) Received: from webmail.xs4all.nl ([194.109.20.199]) by smtp-cloud2.xs4all.net with ESMTP id o8hQ1u0064Hiz6i018hQ3n; Thu, 23 Feb 2017 09:41:24 +0100 Received: from AMontpellier-654-1-111-93.w90-0.abo.wanadoo.fr ([90.0.86.93]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Thu, 23 Feb 2017 09:41:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 23 Feb 2017 09:41:23 +0100 From: peter van der Stok To: =?UTF-8?Q?G=C3=B6ran_Selander?= Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: References: Message-ID: X-Sender: stokcons@xs4all.nl User-Agent: XS4ALL Webmail Archived-At: Cc: Michael Richardson , 6tisch-security@ietf.org Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 08:41:28 -0000 Hi Goran and Michael, Let me ask very high-level questions about the presented slides. Is the diffie-hellman part a replay of the EDHOC draft? or an optimized extension, or completely new? Is the SK part an OSCOAP scenario? Will the use of CoMI be described in the minimal security draft? thanks for answering, Peter Göran Selander schreef op 2017-02-22 07:53: > Before someone slaps my fingers I should disclaim that the message > exchange was just a sketch to be able to discuss the number of > messages, > which party initiates, who encrypts first etc. As we all know security > protocols always require a lot of considerations, in this case there is > e.g. missing a MAC of the identity of the signing party. > > Göran > > > On 2017-02-21 17:50, "6tisch-security on behalf of Göran Selander" > <6tisch-security-bounces@ietf.org on behalf of > goran.selander@ericsson.com> wrote: > >> Hi Michael, >> >> I edited the presentation during and after the meeting to summarise >> some >> points made. The protocols are as presented, the annotation I’ve >> added. >> >> Göran >> >> On 2017-02-21 15:48, "Michael Richardson" wrote: >> >>> >>> Can I get a copy posted to the list for the records? >>> Thanks. >>> >>> -- >>> ] Never tell me the odds! | ipv6 mesh >>> networks [ >>> ] Michael Richardson, Sandelman Software Works | network >>> architect [ >>> ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on >>> rails >>> [ >>> > > _______________________________________________ > 6tisch-security mailing list > 6tisch-security@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch-security From nobody Thu Feb 23 04:29:52 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF961129BC3 for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 04:29:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.12 X-Spam-Level: X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKKsvA0Pr2WP for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 04:29:50 -0800 (PST) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A0601296FF for <6tisch-security@ietf.org>; Thu, 23 Feb 2017 04:29:49 -0800 (PST) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v1NCTjMJ001196 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Feb 2017 14:29:45 +0200 (EET) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v1NCTiQM027033; Thu, 23 Feb 2017 14:29:44 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22702.54712.764374.615794@fireball.acr.fi> Date: Thu, 23 Feb 2017 14:29:44 +0200 From: Tero Kivinen To: Michael Richardson In-Reply-To: <11405.1487685793@obiwan.sandelman.ca> References: <22592.7216.968126.340725@fireball.acr.fi> <11405.1487685793@obiwan.sandelman.ca> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 5 min X-Total-Time: 5 min Archived-At: Cc: 6tisch-security@ietf.org Subject: Re: [6tisch-security] Short address assignment, nonces, and TSCH X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 12:29:51 -0000 Michael Richardson writes: > > Tero Kivinen wrote: > > When using TSCH the situation is bit different as Frame counter is > > replaced with network global ASN. This means that Source address part > > needs to be unique for that timeslot. This means that coordinator > > assigining the short address must make sure that same short address is > > not given to multiple nodes at the same time, but it can give short > > address to node A, and when it is sure that node A does not use the > > short address anymore, it can give the same short address to node B. > > This means it can reuse the short addresses and it will not run out of > > short addresses unless it has more than 65k nodes in network. > > If the coordinator rekeyed the network, and knew that it had not rekeyed node > A, that would also work, would it not? Yes, but then it also must make sure, that node A never updates to new key while someone else is using the same short address. > > Easiest way would be to send the lifetime along the short address. As > > we do have global time in the network (ASN), we can use that as a > > global time frame, so the coordinator can send node A a short address > > Agreed. > > Could we set a minimum lifetime, such that we could send just the upper 24 bits > of ASN or something like that? (5 bytes of ASN pushes us into 8-byte > integers, I think, wasting 3 bytes every time) Using ASN value as global time to base expirations is ok, and as typical ASN will go forward by 100 / second, so not sending lower 16-bits, and only using upper 24 bits will give you resolution of 10 minutes for expiration. On the other hand, in different networks the timings can be different, so it might be better to allow bit wider range of values. Perhaps use 32 bits for expiration time, and only leave lower 8-bits out from the ASN. That will give few seconds resolution for normal case, but even if the timings are much slower, the resolution is still adequate. -- kivinen@iki.fi From nobody Thu Feb 23 14:49:43 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22EF1129BCF for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 14:49:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBlt63F_6Ys1 for <6tisch-security@ietfa.amsl.com>; Thu, 23 Feb 2017 14:49:40 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 165DD1299A8 for <6tisch-security@ietf.org>; Thu, 23 Feb 2017 14:49:39 -0800 (PST) X-AuditID: c1b4fb2d-da3ff70000005112-be-58af67003251 Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.183.24]) by (Symantec Mail Security) with SMTP id 85.50.20754.0076FA85; Thu, 23 Feb 2017 23:49:38 +0100 (CET) Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.03.0319.002; Thu, 23 Feb 2017 23:48:32 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: "consultancy@vanderstok.org" Thread-Topic: [6tisch-security] slides you presented Thread-Index: AQHSjNhj/O61zu/6fEqs5XyYLuNd26F2NsWAgAD9cgA= Date: Thu, 23 Feb 2017 22:48:31 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.1.161129 x-originating-ip: [153.88.183.154] Content-Type: text/plain; charset="utf-8" Content-ID: <665208AAA0E6AD47ADF1784F26F9DA65@ericsson.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOIsWRmVeSWpSXmKPExsUyM2K7hC5T+voIg2enJS2aVy5it3i0fxWb xbyGy0wOzB5Llvxk8miZs4fZ40TDdvYA5igum5TUnMyy1CJ9uwSujJXfPjMX/JKqmPngJ0sD 4wKpLkZODgkBE4kt7+ewdDFycQgJrGOUWHVvARuEs4RR4m3bTGaQKjYBF4kHDY+YQGwRAVuJ +X/3g9nMAkkSvas+M4LYwgLGEtd+L2LtYuQAqjGRePtSB6LcSuJJ016wEhYBVYm7t4+wgNi8 AhYS8x9fZAcpFxJIl7g0SRskzClgKdHU+osNxGYUEJP4fmoN1CZxiVtP5jNB3CwgsWTPeWYI W1Ti5eN/rCC2qICexPLna6DiShKLbn9mAhnPLKApsX6XPsQYa4lt66dCjVSUmNL9kB3iGkGJ kzOfsExgFJ+FZNsshO5ZSLpnIemehaR7ASPrKkbR4tTi4tx0I2O91KLM5OLi/Dy9vNSSTYzA 6Du45bfuDsbVrx0PMQpwMCrx8H74sS5CiDWxrLgy9xCjBAezkgjv9qT1EUK8KYmVValF+fFF pTmpxYcYpTlYlMR5zVbeDwcGVWJJanZqakFqEUyWiYNTqoHRPn19VqfueqlJP49WZ83xDSpa q+Bw5Lv4i/4txbNj7x8TvNklJK39p1de8m3Rjp0N3AsvhjzrLT9YGPdJsfsVx2WNdbMD3cI2 RU2buZl7acP0wrvqB/e8So5eb9Ledck2gcMyeTKvhdyZd9E+gal5TTO1PA7/5VVxcTBKtrbx 8al/4BBdYaDEUpyRaKjFXFScCADgEgMXugIAAA== Archived-At: Cc: Michael Richardson , "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 22:49:42 -0000 SGkgUGV0ZXIsDQoNClRoaXMgd2FzIHRoZSBmaXJzdCBtZWV0aW5nIEkgcGFydGljaXBhdGVkIGlu IHRoaXMgeWVhciBhbmQgSSBqdXN0IHdhbnRlZA0KdG8gdW5kZXJzdGFuZCB0aGUgY3VycmVudCBk aXNjdXNzaW9uLiBUaGUgc2xpZGVzIHdlcmUgaW50ZW5kZWQgZm9yIGEgaGlnaA0KbGV2ZWwgZGlz Y3Vzc2lvbiBvZiBmdW5jdGlvbmFsaXR5IHdpdGhvdXQgYmluZGluZyB0byBzcGVjaWZpYyBwcm90 b2NvbCwNCmJ1dCwgeWVzLCBFREhPQyBhbmQgT1NDT0FQIGRvZXMgdGhlIGpvYiBhbmQgYXMgZmFy IGFzIEkgdW5kZXJzdGFuZCBpcyBpbg0Kc2NvcGUgb2YgdGhlIG1pbmltYWwgc2VjdXJpdHkgZHJh ZnQuDQoNCkFzIGZvciBDb01JLCBpdCBjb3VsZCBlaXRoZXIgdGFrZSBhZHZhbnRhZ2Ugb2YgdGhl IGVzdGFibGlzaGVkIHNlY3VyaXR5DQpmb3IgcHJvdGVjdGluZyBDb01JIG9wZXJhdGlvbnMsIG9y IGluIHNvbWUgd2F5IGJlIHBhcnQgb2YgdGhlIHNlY3VyaXR5DQpzb2x1dGlvbiwgd2hpY2ggSSB0 aGluayBNaWNoYWVsIHdhcyByZWZlcnJpbmcgdG8uIEluIHRoZSBsYXR0ZXIgY2FzZSBpdA0KbmVl ZHMgdG8gYmUgc3BlY2lmaWVkIGhvdyBDb01JIG9wZXJhdGlvbnMgYXJlIHNlY3VyZWQuDQoNCkfD tnJhbg0KDQoNCk9uIDIwMTctMDItMjMgMDk6NDEsICJwZXRlciB2YW4gZGVyIFN0b2siIDxzdG9r Y29uc0B4czRhbGwubmw+IHdyb3RlOg0KDQo+SGkgR29yYW4gYW5kIE1pY2hhZWwsDQo+DQo+TGV0 IG1lIGFzayB2ZXJ5IGhpZ2gtbGV2ZWwgcXVlc3Rpb25zIGFib3V0IHRoZSBwcmVzZW50ZWQgc2xp ZGVzLg0KPklzIHRoZSBkaWZmaWUtaGVsbG1hbiBwYXJ0IGEgcmVwbGF5IG9mIHRoZSBFREhPQyBk cmFmdD8gb3IgYW4gb3B0aW1pemVkDQo+ZXh0ZW5zaW9uLCBvciBjb21wbGV0ZWx5IG5ldz8NCj5J cyB0aGUgU0sgcGFydCBhbiBPU0NPQVAgc2NlbmFyaW8/DQo+DQo+V2lsbCB0aGUgdXNlIG9mIENv TUkgYmUgZGVzY3JpYmVkIGluIHRoZSBtaW5pbWFsIHNlY3VyaXR5IGRyYWZ0Pw0KPg0KPnRoYW5r cyBmb3IgYW5zd2VyaW5nLA0KPg0KPlBldGVyDQo+DQo+DQo+R8O2cmFuIFNlbGFuZGVyIHNjaHJl ZWYgb3AgMjAxNy0wMi0yMiAwNzo1MzoNCj4+IEJlZm9yZSBzb21lb25lIHNsYXBzIG15IGZpbmdl cnMgSSBzaG91bGQgZGlzY2xhaW0gdGhhdCB0aGUgbWVzc2FnZQ0KPj4gZXhjaGFuZ2Ugd2FzIGp1 c3QgYSBza2V0Y2ggdG8gYmUgYWJsZSB0byBkaXNjdXNzIHRoZSBudW1iZXIgb2YNCj4+IG1lc3Nh Z2VzLA0KPj4gd2hpY2ggcGFydHkgaW5pdGlhdGVzLCB3aG8gZW5jcnlwdHMgZmlyc3QgZXRjLiBB cyB3ZSBhbGwga25vdyBzZWN1cml0eQ0KPj4gcHJvdG9jb2xzIGFsd2F5cyByZXF1aXJlIGEgbG90 IG9mIGNvbnNpZGVyYXRpb25zLCBpbiB0aGlzIGNhc2UgdGhlcmUgaXMNCj4+IGUuZy4gbWlzc2lu ZyBhIE1BQyBvZiB0aGUgaWRlbnRpdHkgb2YgdGhlIHNpZ25pbmcgcGFydHkuDQo+PiANCj4+IEfD tnJhbg0KPj4gDQo+PiANCj4+IE9uIDIwMTctMDItMjEgMTc6NTAsICI2dGlzY2gtc2VjdXJpdHkg b24gYmVoYWxmIG9mIEfDtnJhbiBTZWxhbmRlciINCj4+IDw2dGlzY2gtc2VjdXJpdHktYm91bmNl c0BpZXRmLm9yZyBvbiBiZWhhbGYgb2YNCj4+IGdvcmFuLnNlbGFuZGVyQGVyaWNzc29uLmNvbT4g d3JvdGU6DQo+PiANCj4+PiBIaSBNaWNoYWVsLA0KPj4+IA0KPj4+IEkgZWRpdGVkIHRoZSBwcmVz ZW50YXRpb24gZHVyaW5nIGFuZCBhZnRlciB0aGUgbWVldGluZyB0byBzdW1tYXJpc2UNCj4+PiBz b21lDQo+Pj4gcG9pbnRzIG1hZGUuIFRoZSBwcm90b2NvbHMgYXJlIGFzIHByZXNlbnRlZCwgdGhl IGFubm90YXRpb24gSeKAmXZlDQo+Pj4gYWRkZWQuDQo+Pj4gDQo+Pj4gR8O2cmFuDQo+Pj4gDQo+ Pj4gT24gMjAxNy0wMi0yMSAxNTo0OCwgIk1pY2hhZWwgUmljaGFyZHNvbiIgPG1jckBzYW5kZWxt YW4uY2E+IHdyb3RlOg0KPj4+IA0KPj4+PiANCj4+Pj4gQ2FuIEkgZ2V0IGEgY29weSBwb3N0ZWQg dG8gdGhlIGxpc3QgZm9yIHRoZSByZWNvcmRzPw0KPj4+PiBUaGFua3MuDQo+Pj4+IA0KPj4+PiAt LQ0KPj4+PiBdICAgICAgICAgICAgICAgTmV2ZXIgdGVsbCBtZSB0aGUgb2RkcyEgICAgICAgICAg ICAgICAgIHwgaXB2NiBtZXNoDQo+Pj4+IG5ldHdvcmtzIFsNCj4+Pj4gXSAgIE1pY2hhZWwgUmlj aGFyZHNvbiwgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzICAgICAgICB8IG5ldHdvcmsNCj4+Pj4g YXJjaGl0ZWN0ICBbDQo+Pj4+IF0gICAgIG1jckBzYW5kZWxtYW4uY2EgIGh0dHA6Ly93d3cuc2Fu ZGVsbWFuLmNhLyAgICAgICAgfCAgIHJ1Ynkgb24NCj4+Pj4gcmFpbHMNCj4+Pj4gICBbDQo+Pj4+ IA0KPj4gDQo+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0KPj4gNnRpc2NoLXNlY3VyaXR5IG1haWxpbmcgbGlzdA0KPj4gNnRpc2NoLXNlY3VyaXR5QGll dGYub3JnDQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvLzZ0aXNjaC1z ZWN1cml0eQ0KDQo= From nobody Fri Feb 24 03:34:49 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63E491296AF for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 03:34:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.121 X-Spam-Level: X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsDMTMezV2DO for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 03:34:45 -0800 (PST) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3876A1296C0 for <6tisch-security@ietf.org>; Fri, 24 Feb 2017 03:34:45 -0800 (PST) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v1OBYf9w018927 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 24 Feb 2017 13:34:41 +0200 (EET) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v1OBYfPq004332; Fri, 24 Feb 2017 13:34:41 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22704.6737.180577.285794@fireball.acr.fi> Date: Fri, 24 Feb 2017 13:34:41 +0200 From: Tero Kivinen To: Michael Richardson In-Reply-To: <26408.1487779241@obiwan.sandelman.ca> References: <22592.7216.968126.340725@fireball.acr.fi> <26408.1487779241@obiwan.sandelman.ca> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 6 min X-Total-Time: 8 min Archived-At: Cc: 6tisch-security@ietf.org Subject: Re: [6tisch-security] Short address assignment X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 11:34:47 -0000 Michael Richardson writes: > > Tero Kivinen wrote: > > During the teleconf I pointed out about the issues with the short > > address assignments and security. This email provides background > > information and explains the situation bit more. > > thank you! > > > When using TSCH the situation is bit different as Frame counter is > > replaced with network global ASN. This means that Source address part > > needs to be unique for that timeslot. This means that coordinator > > Attached below is a yang module to describe the short-address assignment. > > > PAN ID is added, as large networks might use multiple PANs, but still > > use same secret key (it does not matter whether the ASNs are in sync or > > not). > > Do you think we should slip the PANID in with the short-address > assignment? What do you mean by that? > We have not explained how the pledge knows about PANIDs: clearly it > could just use whatever PANID the beacons it hears contain. Do you > think we need to be more explicit? When device searches for network it will listen beacons, and when it hears beacons it will pick one and set its macPanId to match for that and join that network. Device can only be part of one PAN at the same time, i.e. it can only receive frames which are directed to its macPanId value (or broadcast PAN ID). It can send frames to other PANs by providing both source and destination PAN. Each short address is associated with exactly one PAN, i.e., the PAN of the coordinator who gave it out. > Perhaps we should at least put it in the yang model such that it > read back? Could be useful if we at one point want to have networks crossing multiple PANs. > I have included an inception date for the short-address for this > reason as well. I called it "effectiveat", but maybe there is a > better name. Looks ok to me. -- kivinen@iki.fi From nobody Fri Feb 24 05:31:21 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8968F1296E1 for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 05:31:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkw4yWctN1Sf for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 05:31:18 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137A2129702 for <6tisch-security@ietf.org>; Fri, 24 Feb 2017 05:31:16 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 96CE6E1E7; Fri, 24 Feb 2017 08:53:15 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2E7E26381A; Fri, 24 Feb 2017 08:31:15 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: =?us-ascii?Q?=3D=3FUTF-8=3FQ=3FG=3DC3=3DB6ran=5FSelander=3F=3D?= , consultancy@vanderstok.org Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 13:31:19 -0000 --=-=-= Content-Type: text/plain peter van der Stok wrote: > Let me ask very high-level questions about the presented slides. Is > the diffie-hellman part a replay of the EDHOC draft? or an optimized > extension, or completely new? Is the SK part an OSCOAP scenario? It's EDHOC. This is all OSCOAP. > Will the use of CoMI be described in the minimal security draft? Ugh. There seems to be much resistance to doing that. I am preparing text to say two things, and I need help with the second part. Part 1) saying that rekey is out of scope. Part 2) explaining how to use the exchange to key additional OSCOAP channels. Originally, I was going to point to rfc5295, until I realized that HKDF was embedded in things already, no point in going further. Goran, is there some way to specify that one runs section 6 (Derive Traffic Secret) with different inputs to get additional traffic secrets for additional applications? Could COSE_KDF_Context include one final, optional element, which might be called "subapplication_name"? I'm not sure if that belongs after SuppPubInfo, or within it. We *could* just continue to use the traffic secret derived for 6tisch-minimal, but that seems too intricately linked from a specification point of view. (I notice that OSCOAP totally supports using the same keys with a CoAP client/server role reversal) -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAliwNaIACgkQgItw+93Q 3WWbGwf/VxvlatmTCWkvUYkfEkUOnFwYqlQle8GUxp38p+5AmfWbyxd39gXN/Nsz ecPNUvUbnPOkTBy/qZ7bzZKCZJkgcsImuV0+CL9e04/lsVLDsBiofk73eeHPcYgB WLxrtWHNASntKO/im8LEOzAwZJZSG/bZ4lUVH1ZrWOKid4TPvLMmXIGKTsrguBr8 KfbrAfMeC6SH16P1VGaDYeyz7l/o5sPjiSQZc5Mofrn2zfESwWMHVgp2UmZQ+OgJ 8KE0IVfkqIpT5MiQB6lcLPUA0mhVxcqATgrqFm5PFBNsicsoNvuuROupJ3NhKTjz j5ytDlV8hkjyEDihCF4jZ3cnCgA2kA== =4V9F -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Feb 24 06:31:32 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135D2129D9E for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 06:31:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.721 X-Spam-Level: X-Spam-Status: No, score=-3.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJaRSHi0MVYB for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 06:31:30 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AE871296B0 for <6tisch-security@ietf.org>; Fri, 24 Feb 2017 06:31:30 -0800 (PST) X-AuditID: c1b4fb30-2868b98000002c77-fd-58b043c072e2 Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.183.57]) by (Symantec Mail Security) with SMTP id FA.3D.11383.0C340B85; Fri, 24 Feb 2017 15:31:28 +0100 (CET) Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC013.ericsson.se ([153.88.183.57]) with mapi id 14.03.0319.002; Fri, 24 Feb 2017 15:31:26 +0100 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Michael Richardson , "6tisch-security@ietf.org" <6tisch-security@ietf.org> Thread-Topic: [6tisch-security] slides you presented Thread-Index: AQHSjNhj/O61zu/6fEqs5XyYLuNd26F2NsWAgAHjUYCAACGUAA== Date: Fri, 24 Feb 2017 14:31:26 +0000 Message-ID: References: <3614.1487943075@obiwan.sandelman.ca> In-Reply-To: <3614.1487943075@obiwan.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.1.161129 x-originating-ip: [153.88.183.16] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyM2K7pe4B5w0RBn+2aFo0r1zEbvFo/yo2 i3kNl5kcmD2WLPnJ5NEyZw+zx4mG7ewBzFFcNimpOZllqUX6dglcGWf3zGUqmCBb8e+lUQPj BpkuRk4OCQETiV09J1i7GLk4hATWMUqce3OQHcJZwijxt3EdC0gVm4CLxIOGR0wgtohAksTy BdPAbGYBW4kdX7awg9jCAsYS134vAprEAVRjIvH2pQ5EuZPEpx8zwMpZBFQlZrZNYAWxeQUs JP73boFa3M8o8XDdfrBdnAJGEtcv3mAEsRkFxCS+n1oDtUtc4taT+UwQVwtILNlznhnCFpV4 +fgf2FBRAT2J5c/XQMUVJXaebWcGuYdZQFNi/S59iDHWEm0XDrNB2IoSU7ofskPcIyhxcuYT lgmM4rOQbJuF0D0LSfcsJN2zkHQvYGRdxShanFqclJtuZKSXWpSZXFycn6eXl1qyiREYfwe3 /DbYwfjyueMhRgEORiUe3g8/1kUIsSaWFVfmHmKU4GBWEuE9b78hQog3JbGyKrUoP76oNCe1 +BCjNAeLkjiv2cr74UIC6YklqdmpqQWpRTBZJg5OqQbGoO9CU7xmfv2rdD3wvbeGqOvCqX41 dwWiVjhkWz5t23B8i2Ob3KqsWauaMh5aKvD79Jjs+8vCc8VgU+U3i8M9aV9WZZWV3HjVXlMs LDLxUXx/3O7b9q+3v7Eq8d0mkaAxhSHZ43m9nkBBYt7vifftNx0tT7wiE1jgebxZqPS3FbeI t65XpJUSS3FGoqEWc1FxIgDaTXzXuwIAAA== Archived-At: Cc: "consultancy@vanderstok.org" Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 14:31:32 -0000 SGkgTWljaGFlbCwNCg0KT24gMjAxNy0wMi0yNCAxNDozMSwgIk1pY2hhZWwgUmljaGFyZHNvbiIg PG1jckBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KDQo+DQo+cGV0ZXIgdmFuIGRlciBTdG9rIDxzdG9r Y29uc0B4czRhbGwubmw+IHdyb3RlOg0KPiAgICA+IExldCBtZSBhc2sgdmVyeSBoaWdoLWxldmVs IHF1ZXN0aW9ucyBhYm91dCB0aGUgcHJlc2VudGVkIHNsaWRlcy4gIElzDQo+ICAgID4gdGhlIGRp ZmZpZS1oZWxsbWFuIHBhcnQgYSByZXBsYXkgb2YgdGhlIEVESE9DIGRyYWZ0PyBvciBhbiBvcHRp bWl6ZWQNCj4gICAgPiBleHRlbnNpb24sIG9yIGNvbXBsZXRlbHkgbmV3PyAgSXMgdGhlIFNLIHBh cnQgYW4gT1NDT0FQIHNjZW5hcmlvPw0KPg0KPkl0J3MgRURIT0MuICBUaGlzIGlzIGFsbCBPU0NP QVAuDQo+DQo+ICAgID4gV2lsbCB0aGUgdXNlIG9mIENvTUkgYmUgZGVzY3JpYmVkIGluIHRoZSBt aW5pbWFsIHNlY3VyaXR5IGRyYWZ0Pw0KPg0KPlVnaC4gVGhlcmUgc2VlbXMgdG8gYmUgbXVjaCBy ZXNpc3RhbmNlIHRvIGRvaW5nIHRoYXQuDQo+SSBhbSBwcmVwYXJpbmcgdGV4dCB0byBzYXkgdHdv IHRoaW5ncywgYW5kIEkgbmVlZCBoZWxwIHdpdGggdGhlIHNlY29uZA0KPnBhcnQuDQo+DQo+UGFy dCAxKSBzYXlpbmcgdGhhdCByZWtleSBpcyBvdXQgb2Ygc2NvcGUuDQo+DQo+UGFydCAyKSBleHBs YWluaW5nIGhvdyB0byB1c2UgdGhlIGV4Y2hhbmdlIHRvIGtleSBhZGRpdGlvbmFsIE9TQ09BUA0K PiAgICAgY2hhbm5lbHMuDQo+DQo+T3JpZ2luYWxseSwgSSB3YXMgZ29pbmcgdG8gcG9pbnQgdG8g cmZjNTI5NSwgdW50aWwgSSByZWFsaXplZCB0aGF0IEhLREYNCj53YXMNCj5lbWJlZGRlZCBpbiB0 aGluZ3MgYWxyZWFkeSwgbm8gcG9pbnQgaW4gZ29pbmcgZnVydGhlci4NCj4NCj5Hb3JhbiwgaXMg dGhlcmUgc29tZSB3YXkgdG8gc3BlY2lmeSB0aGF0IG9uZSBydW5zIHNlY3Rpb24gNiAoRGVyaXZl DQo+VHJhZmZpYw0KPlNlY3JldCkgd2l0aCBkaWZmZXJlbnQgaW5wdXRzIHRvIGdldCBhZGRpdGlv bmFsIHRyYWZmaWMgc2VjcmV0cyBmb3INCj5hZGRpdGlvbmFsIGFwcGxpY2F0aW9ucz8NCg0KWWVz LCB0aGlzIGlzIHN0cmFpZ2h0Zm9yd2FyZCBpbiB0aGUgbGF0ZXN0IHZlcnNpb24gb24gdGhlIEdp dGh1YjoNCmh0dHBzOi8vZXJpY3Nzb25yZXNlYXJjaC5naXRodWIuaW8vRURIT0MvDQoNCg0KU2Vj dGlvbiAzLjIgZGVzY3JpYmVzIHRoZSBrZXkgZGVyaXZhdGlvbiBhbmQgYWxsb3dzIHRoZSBkZWZp bml0aW9uIG9mIGFuDQphcHBsaWNhdGlvbiBzcGVjaWZpYyBsYWJlbCAoYnl0ZSBzdHJpbmcpIHdo aWNoIGlzIHVzZWQgdG8gZGVyaXZlIGFuDQphcHBsaWNhdGlvbiBzcGVjaWZpYyBrZXkgZnJvbSB0 aGUga2V5IGVzdGFibGlzaGVkIHRocm91Z2ggdGhlIHJ1biBvZiBFREhPQy4NCg0KSG93IHRoaXMg aXMgdXNlZCB0byBkZXJpdmUgdGhlIE9TQ09BUCBtYXN0ZXIgc2VjcmV0L3NhbHQgeW91IGZpbmQg aW4NCmFwcGVuZGl4IEIuMi4gDQoNCj4NCj5Db3VsZCBDT1NFX0tERl9Db250ZXh0IGluY2x1ZGUg b25lIGZpbmFsLCBvcHRpb25hbCBlbGVtZW50LCB3aGljaCBtaWdodCBiZQ0KPmNhbGxlZCAic3Vi YXBwbGljYXRpb25fbmFtZSI/ICBJJ20gbm90IHN1cmUgaWYgdGhhdCBiZWxvbmdzIGFmdGVyDQo+ U3VwcFB1YkluZm8sIG9yIHdpdGhpbiBpdC4NCg0KSSBndWVzcyB0aGUgbGFiZWwgYWJvdmUgd291 bGQgYmUgc3VmZmljaWVudCwgcmlnaHQ/DQoNCj4NCj5XZSAqY291bGQqIGp1c3QgY29udGludWUg dG8gdXNlIHRoZSB0cmFmZmljIHNlY3JldCBkZXJpdmVkIGZvcg0KPjZ0aXNjaC1taW5pbWFsLCBi dXQgdGhhdCBzZWVtcyB0b28gaW50cmljYXRlbHkgbGlua2VkIGZyb20gYSBzcGVjaWZpY2F0aW9u DQo+cG9pbnQgb2Ygdmlldy4gDQoNCkRpZmZlcmVudCBhcHBsaWNhdGlvbnMgc2hvdWxkIHVzZSBk aWZmZXJlbnQga2V5cywgc28geW91IHNob3VsZCBkZWZpbmUNCmRpZmZlcmVudCBsYWJlbHMgYW5k IHRoZW4gYmUgYWJsZSB0byBkZXJpdmUgdGhlIGtleXMgYXMgaW5kaWNhdGVkIGFib3ZlLg0KDQo+ IChJIG5vdGljZSB0aGF0IE9TQ09BUCB0b3RhbGx5IHN1cHBvcnRzIHVzaW5nIHRoZSBzYW1lIGtl eXMNCj53aXRoIGEgQ29BUCBjbGllbnQvc2VydmVyIHJvbGUgcmV2ZXJzYWwpDQoNClllcywgYnV0 IHRoZXJlIGFyZSBkaWZmZXJlbnQga2V5cyBpbiBkaWZmZXJlbnQgZGlyZWN0aW9ucy4gU28gb25l IG5vZGUNCndpbGwgdXNlIHRoZSBzYW1lIGtleSBmb3Igc2VuZGluZywgaW5kZXBlbmRlbnRseSBv ZiBpdCBpcyBjbGllbnQgYW5kDQpzZW5kaW5nIGEgcmVxdWVzdCBvciBzZXJ2ZXIgc2VuZGluZyBh IHJlc3BvbnNlIChkaWZmZXJlbnQgSVZzIGFyZSB1c2VkDQplYWNoIHRpbWUpLCBhbmQsIGFuYWxv Z291c2x5LCBvbmUga2V5IGZvciByZWNlaXZpbmcuDQoNCkhvcGUgdGhhdCBoZWxwcy4NCg0KR8O2 cmFuDQoNCg0KPg0KPi0tDQo+XSAgICAgICAgICAgICAgIE5ldmVyIHRlbGwgbWUgdGhlIG9kZHMh ICAgICAgICAgICAgICAgICB8IGlwdjYgbWVzaA0KPm5ldHdvcmtzIFsNCj5dICAgTWljaGFlbCBS aWNoYXJkc29uLCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MgICAgICAgIHwgbmV0d29yaw0KPmFy Y2hpdGVjdCAgWw0KPl0gICAgIG1jckBzYW5kZWxtYW4uY2EgIGh0dHA6Ly93d3cuc2FuZGVsbWFu LmNhLyAgICAgICAgfCAgIHJ1Ynkgb24gcmFpbHMNCj4gICBbDQo+DQoNCg== From nobody Fri Feb 24 09:47:36 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEF1F12944A for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 09:47:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KCbt77ucUHXi for <6tisch-security@ietfa.amsl.com>; Fri, 24 Feb 2017 09:47:31 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E296D129445 for <6tisch-security@ietf.org>; Fri, 24 Feb 2017 09:47:30 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8BA42E032; Fri, 24 Feb 2017 13:09:29 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7E4776381A; Fri, 24 Feb 2017 12:47:28 -0500 (EST) From: Michael Richardson To: Tero Kivinen In-Reply-To: <22704.6737.180577.285794@fireball.acr.fi> References: <22592.7216.968126.340725@fireball.acr.fi> <26408.1487779241@obiwan.sandelman.ca> <22704.6737.180577.285794@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: 6tisch-security@ietf.org Subject: Re: [6tisch-security] Short address assignment X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 17:47:34 -0000 --=-=-= Content-Type: text/plain Tero Kivinen wrote: >> Do you think we should slip the PANID in with the short-address >> assignment? > What do you mean by that? I mean, should the JRC set the PANID at the same time as it sets the short-address. This provides the option for the join network to be in a different PANID than the production network, (yes, requires two sets of beacons, etc.), but also perhaps provides for changing the PANID at the next rekey. >> We have not explained how the pledge knows about PANIDs: clearly it >> could just use whatever PANID the beacons it hears contain. Do you >> think we need to be more explicit? > When device searches for network it will listen beacons, and when it > hears beacons it will pick one and set its macPanId to match for that > and join that network. Device can only be part of one PAN at the same > time, i.e. it can only receive frames which are directed to its > macPanId value (or broadcast PAN ID). It can send frames to other PANs > by providing both source and destination PAN. Right: this is the implicit PANID set. The new device assumes it should use the PANID that it hears. > Each short address is associated with exactly one PAN, i.e., the PAN of > the coordinator who gave it out. >> Perhaps we should at least put it in the yang model such that it read >> back? > Could be useful if we at one point want to have networks crossing > multiple PANs. >> I have included an inception date for the short-address for this >> reason as well. I called it "effectiveat", but maybe there is a better >> name. > Looks ok to me. Thanks. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAliwcbAACgkQgItw+93Q 3WWOPwgAiEu+ej3kDD5S+v9mLaXuyKXIqXmgWBlOn+WaGCi8I7lgmXLOw/UJ/FsP 8O83Ao16ZTrqBDqlZmvYp3dNMh+aIMuBieAn381TGu4+XuAfWUMfUauGb0xk6khk JnjNQdz0LE7+jlyDMKNgOGioENaj6QOGT+y+qY1H2fJEcQh2qX1uCaF5F1YzWabB Jp24yXyFiB9FxAqTs2lWk58ycKg8W96yArIPxiWU0penPURGnXAJCyNJCTszmisd ro3G5LxdoZarVKGfGvhIHErdOWrEAJgqDFEESVrpbKkyfqhUBo5SHE5JN4wXuPco E9IGk/1Gjl5CAN1f8+ael0BqgSVnpw== =IuYb -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Feb 25 07:06:21 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D7D12A079 for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 07:06:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.399 X-Spam-Level: X-Spam-Status: No, score=-6.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSibfQEsTnpH for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 07:06:17 -0800 (PST) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E3A7129A25 for <6tisch-security@ietf.org>; Sat, 25 Feb 2017 07:06:17 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.35,203,1484002800"; d="scan'208,217";a="262058402" Received: from mail-ua0-f176.google.com ([209.85.217.176]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 25 Feb 2017 16:06:15 +0100 Received: by mail-ua0-f176.google.com with SMTP id 72so5660276uaf.3 for <6tisch-security@ietf.org>; Sat, 25 Feb 2017 07:06:15 -0800 (PST) X-Gm-Message-State: AMke39lINYC80sdl4aMop9Q8Ig4vIvw1ZgCJBDQIBDslgcih7UEHrkEqVHpB80rxMVx9Ida+NlnZ1Wfd1+BSjg== X-Received: by 10.176.75.168 with SMTP id v40mr3396917uaf.94.1488035174251; Sat, 25 Feb 2017 07:06:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.160.148 with HTTP; Sat, 25 Feb 2017 07:05:53 -0800 (PST) In-Reply-To: <11495.1487172065@obiwan.sandelman.ca> References: <11495.1487172065@obiwan.sandelman.ca> From: Thomas Watteyne Date: Sat, 25 Feb 2017 16:05:53 +0100 X-Gmail-Original-Message-ID: Message-ID: To: Michael Richardson Content-Type: multipart/alternative; boundary=f40304361fd0f989fb05495c2fa0 Archived-At: Cc: "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] enhanced-beacon draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 15:06:20 -0000 --f40304361fd0f989fb05495c2fa0 Content-Type: text/plain; charset=UTF-8 We believe it should be kept separate from the minimal-security draft. Pascal & Thomas On Wed, Feb 15, 2017 at 4:21 PM, Michael Richardson wrote: > > WG Chairs, > > Would you prefer to us to keep: > https://datatracker.ietf.org/doc/draft-richardson-6tisch- > join-enhanced-beacon/ > > as a seperate document (updating 6tisch-minimal?), or should this be > wrapped > up into 6tisch-minimal-security? > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > 6tisch-security mailing list > 6tisch-security@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch-security > > -- _______________________________________ Thomas Watteyne, PhD Research Scientist & Innovator, Inria Sr Networking Design Eng, Linear Tech Founder & co-lead, UC Berkeley OpenWSN Co-chair, IETF 6TiSCH www.thomaswatteyne.com _______________________________________ --f40304361fd0f989fb05495c2fa0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
We believe it should be kept separate from the minimal-sec= urity draft.
Pascal & Thomas
=
On Wed, Feb 15, 2017 at 4:21 PM, Michael Ric= hardson <mcr+ietf@sandelman.ca> wrote:

WG Chairs,

Would you prefer to us to keep:
=C2=A0 =C2=A0 =C2=A0 h= ttps://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enha= nced-beacon/

as a seperate document (updating 6tisch-minimal?), or should this be wrappe= d
up into 6tisch-minimal-security?

--
Michael Richardson <mcr+IETF@= sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-




_______________________________________________
6tisch-security mailing list
6tisch-security@ietf.org https://www.ietf.org/mailman/listinfo/6tis= ch-security




--
=
_______________________________________

=
Thomas W= atteyne, PhD
Research Scientist & Innovator, Inria
Sr Networkin= g Design Eng, Linear Tech
Founder & co-lead, UC Berkeley OpenWSN

______________________= _________________
--f40304361fd0f989fb05495c2fa0-- From nobody Sat Feb 25 07:55:47 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EE8C12A123 for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 07:55:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gtGbZGm40xMx for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 07:55:42 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A900D12A11A for <6tisch-security@ietf.org>; Sat, 25 Feb 2017 07:55:42 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 30A302009E; Sat, 25 Feb 2017 11:17:45 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F101B6381A; Sat, 25 Feb 2017 10:55:40 -0500 (EST) From: Michael Richardson To: Thomas Watteyne In-Reply-To: References: <11495.1487172065@obiwan.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] enhanced-beacon draft X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 15:55:45 -0000 --=-=-= Content-Type: text/plain Thomas Watteyne wrote: > We believe it should be kept separate from the minimal-security draft. Should it be an update to 6tisch-minimal? Are there more things that need to be said about the beacon? Would someone else like to take over authorship of the document? (Someone new perhaps!!!) Thomas Watteyne wrote: > We believe it should be kept separate from the minimal-security draft. > Pascal & Thomas > On Wed, Feb 15, 2017 at 4:21 PM, Michael Richardson > wrote: > WG Chairs, mcr> Would you prefer to us to keep: mcr> https://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enhanced-beacon/ mcr> as a seperate document (updating 6tisch-minimal?), or should this mcr> be wrapped mcr> up into 6tisch-minimal-security? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlixqPwACgkQgItw+93Q 3WXw+Af/ctHHDixlGTymEvyPOumK8PMBSZmViIAA4XVqSZ5nAJIuGgYaCXesega0 X+nn2HQX3asUoJsF1vVuNl6GvrLI1erVIt9WzbxxBp5VdI+J4v3z8Ah/ga2IcXxB nCinN9VgKQBhdF/OJygmsa06sh2mWMz91O2M3/QMe+e0aFozskt+RA2CMKvqxz9U a9xpbihoR2wTm4nZkcUX4jdEPwjFPAqVvSCMTLBflUKjGfsSoIyZGus9MtF8i/Au 241hoDz/mURDuUTA+H/ScYQmYwmoQ3VhQ1kFdLUziTuB2GbSuUpWX708atWi8+hf TNjo93ig1ZU/R+eBmNanpsifUdKyag== =Sc3b -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Feb 25 18:14:00 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26C19129626 for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 18:13:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRuoI7OCMXPk for <6tisch-security@ietfa.amsl.com>; Sat, 25 Feb 2017 18:13:57 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D6C71295FD for <6tisch-security@ietf.org>; Sat, 25 Feb 2017 18:13:57 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 916EEE1AB; Sat, 25 Feb 2017 21:36:01 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E512F6381A; Sat, 25 Feb 2017 21:13:55 -0500 (EST) From: Michael Richardson To: =?us-ascii?Q?=3D=3Futf-8=3FB=3FR8O2cmFuIFNlbGFuZGVy=3F=3D?= In-Reply-To: References: <3614.1487943075@obiwan.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "consultancy@vanderstok.org" , "6tisch-security@ietf.org" <6tisch-security@ietf.org> Subject: Re: [6tisch-security] slides you presented X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2017 02:13:59 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable G=C3=B6ran Selander wrote: > Section 3.2 describes the key derivation and allows the definition of= an > application specific label (byte string) which is used to derive an > application specific key from the key established through the run of = EDHOC. > How this is used to derive the OSCOAP master secret/salt you find in > appendix B.2. https://bitbucket.org/mcr314/draft-ietf-6tisch-minimal-security/commits/153= 87091977d408103cd72f12f7008a50483fc40 =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAliyOeMACgkQgItw+93Q 3WUQjAf/bVuzbMumBR6n5gSWsLIW7Xc21lbyFW8Y4jMGjp+Bw7wLwpia8HyLjaiE +xsUpY70Jwn7WUv+0Q3HkIJBqCWxDJ8dty7ui6jHTSD+4EVdkTYYM8Y9BlzB0Qo4 09iiyfLmnS6Mrw2z1l69cJxJMsesxT2Q3CMz1nWwuMCT1p6cEExS8bWC2xqG0B1A mTtsnav2cWtbyVcSjf3hp9xmPAtL6thevOhhGrsJaApmW9+xzRDDwFxIkTfwvRM8 RfMel/7+xlnLn3SisS8rZT++Jq3oQv4E3qWFTpdRuXLwQ0gz65Z+A/i48R2Hp3Jj RKJIWVV6KFXgAuHYCP7otpeFUQ2/iQ== =fp0U -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Feb 27 15:05:17 2017 Return-Path: X-Original-To: 6tisch-security@ietfa.amsl.com Delivered-To: 6tisch-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B98129451 for <6tisch-security@ietfa.amsl.com>; Mon, 27 Feb 2017 15:05:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evF14IcV71Cf for <6tisch-security@ietfa.amsl.com>; Mon, 27 Feb 2017 15:05:13 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 953D9129450 for <6tisch-security@ietf.org>; Mon, 27 Feb 2017 15:05:13 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3AFACE1D5 for <6tisch-security@ietf.org>; Mon, 27 Feb 2017 18:27:20 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1BF846381A for <6tisch-security@ietf.org>; Mon, 27 Feb 2017 18:05:08 -0500 (EST) From: Michael Richardson To: 6tisch-security@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [6tisch-security] notes and agenda for Tuesday X-BeenThere: 6tisch-security@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 23:05:16 -0000 --=-=-= Content-Type: text/plain please join etherpad for notes: http://etherpad.tools.ietf.org:9000/p/6tischSecurity?useMonospaceFont=true Tuesday, 9:00 am Eastern Standard Time (GMT-05:00) Meeting number: 641 335 839 Meeting password: pledge Meeting link: https://ietf.webex.com/ietf/j.php?MTID=me98f12cebda5e6b55c1b8c66c095d0a9 Agenda: 1) https://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enhanced-beacon/ chairs say to keep this as a seperate document. Does it update minimal? 2) Malisa: rekey moved out of scope. 3) draft-richardson-6tisch-minimal-rekey. https://datatracker.ietf.org/doc/draft-richardson-6tisch-minimal-rekey/ is this the right idea then? 4) changes to zero-touch process. https://www.ietf.org/rfcdiff?url1=draft-ietf-6tisch-dtsecurity-secure-join-00&url2=draft-ietf-6tisch-dtsecurity-secure-join-01 I hope to do a new state diagram for tomorrow's meeting. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAli0sKMACgkQgItw+93Q 3WWz9wf9FylafPnjTdqf19aX7JhRB9FB/wZZrGelo4niDQCFJOHPk95WARmR7J6r 6Y5DCURl+gBGIgl7NVyeT+CTRoZvzg3nejEuR8eDYQrMw96LtXf4yTrK4K2xqzHz 84IRHXlLZdeMn34huD7DB2x8Zf9p5dZbEPV/HbfeVGBQ8tvyyEduDAPchyq0KoFW dTcrfMDmGKNv3xxQy2OiO3WvpDpWawqz9C/IQv+vFTFEhejwpBSGjyVzuqf5RvTC DYtjBXj8ofm4MApqhhNk+VvxO3Zt08G7O6asuAwIvwJMGY65/++D9EPBCv213g9E ANfO1jyEXc4Xy6iOKzKXWEzVIuEuww== =0pN7 -----END PGP SIGNATURE----- --=-=-=--