From nobody Sun Apr 2 22:58:31 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0987E126C23 for ; Sun, 2 Apr 2017 22:58:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yki7zFq7heVn for ; Sun, 2 Apr 2017 22:58:27 -0700 (PDT) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E250B120727 for ; Sun, 2 Apr 2017 22:58:26 -0700 (PDT) Received: by mail-oi0-x234.google.com with SMTP id b187so114252636oif.0 for ; Sun, 02 Apr 2017 22:58:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YE4dvF+CcTeiss5i8Wnnvw+tUSMtvvavxcVPs9lTX60=; b=BhCsFkxL14hkPo3oxSeYkN2Ws72etT17cFrslfiY5cfBPl0tMBBdG6IDthI8uddjbQ 5IUrcSsWxe2CYIixcWb1bUfQ9bjJMbOVdeh0Y22QO+kLZAL0QT5FjD0blR02+xz9Lnpw /ijyZV8L48WK52UZxIHYthgq782G54NA5wyyDndKkzfS4IXzYDFXj8ijGyavmXEPjxcP eICNcvPVCEXzkKfjKspsj+wGccQd9mhGXo6a5KNO+y4ctnEtB4ceo/qKKm0EWH6K1kjb JvpsaAu62kVXK8kR6wbW2ZYMCN3mOS9V95bQHhyrw3EssEXAabPThKjqgQA7rh5Bi6Mm htbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YE4dvF+CcTeiss5i8Wnnvw+tUSMtvvavxcVPs9lTX60=; b=I7ytAmeTvuZeAKWbR05Ogg5U9qq+AXLkd9EbwJ+j1s9SEW+PrzP8z6I8FP6yf8z/uA vvZAFWmvyxrXn5wFhANeDFBlHgBok9KobevPZognBsuInMwzDZqCKEu6tL6k6yOAdzBr Tl5H/4K++whXMtH+342RfBFvdzu+H3+knFmzAMc20E5TPnl3Y7gx0vOmesTJE9PAob1p kW2svmOEvRkwKZWqvreoWTDXjL8sAqR665O3hd8HCR4VYOsq9c4cmjvrYID1OYzXke/Q 1bedUo2LcRyk6WYV2hH4z5SXAHb7a3XveP3KvTo3I6K43IoWYCnIk1qGvgX3oFKDoakm FU7A== X-Gm-Message-State: AFeK/H0YxqoUWu5nR+XyuCiopMWJ/BUJ4sTNlQGX9oefoySNtZNW4xqbULWJ8qCqBxOrkeO63Q1PuQ0K1EMC9Q== X-Received: by 10.157.63.130 with SMTP id r2mr7369763otc.270.1491199106149; Sun, 02 Apr 2017 22:58:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.8.34 with HTTP; Sun, 2 Apr 2017 22:58:25 -0700 (PDT) In-Reply-To: <010201d2aa94$957b6760$c0723620$@augustcellars.com> References: <010201d2aa94$957b6760$c0723620$@augustcellars.com> From: Samuel Erdtman Date: Mon, 3 Apr 2017 07:58:25 +0200 Message-ID: To: Jim Schaad Cc: draft-ietf-ace-cbor-web-token@ietf.org, ace Content-Type: multipart/alternative; boundary=001a11c041e2030939054c3cd997 Archived-At: Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 05:58:30 -0000 --001a11c041e2030939054c3cd997 Content-Type: text/plain; charset=UTF-8 Thanks for the review Jim, See inline comments On Sat, Apr 1, 2017 at 5:03 AM, Jim Schaad wrote: > Given that it was stated that the authors believe that the document was > ready for publication, I decided to do another review pass. > > 1. Following the discussion in the SET WG meeting, I believe that it would > be reasonable to define some inputs for the external data fields to allow > for distinguishing between the different uses of JWT structures. Language > about different applications extending this structure would also be > reasonable. > I was not part of that discussion, could you please link to some resource or notes from that meeting. > 2. I do not know if the authors looked at changing the Type3StringOrURI so > that it would explicitly tag URIs or not. I do no remember seeing any > discussions on the list but have not gone back to search > We have no looked at changing this. Is there any good motivation for actually doing this change? > > 3. I find the description of Type6NumericDate to be slightly confusing as > it appears to imply that this is not using a numeric value when it does. > I think the idea is to say that it is not a JSON number but a CBOR number. I have added a ticket to look at the wording. https://github.com/erwah/ietf/issues/28 > > 4. The authors need to look at their use of Type6NumericDate and determine > if this is what they really want to do. All of the examples are incorrect > because of this tag usage. > Examples should be updated, see below > > 5. After the discussions in the SET group, do the authors which to > re-consider the MUST ignore statement in the first paragraph of section 3? > I have not seen the SET group discussion could you please link to it. > > 6. The string "6 tag value 1" is normally written as "6.1" when looking at > pretty-printed CBOR diagnostics. This would be clearer than what is > written. > Good input, I have create an issue to update this, https://github.com/erwah/ietf/issues/26 > > 7. The text should be altered to use a TBD for the CWT tag rather than > using a constant so this is highlighted. > Good input, I have create an issue to update this, https://github.com/erwah/ietf/issues/25 > > 8. The note for step 5 in section 6.1 is problematic from a number of > things. A) AEAD algorithms are required, so it is not clear that the > recommendation makes sense. B) there is a big difference between signing > and MACing in terms of the amount and type of integrity provided. > Replacing > signing w/ AEAD loses a lot. > I think you are correct and I have considered removing it, I added in in an early attempt to be smart. I have added a issue to evaluate the value of this statement and remove if considered useless. https://github.com/erwah/ietf/issues/24 > > 9. Step 6 in section 6.1 does not agree w/ the language in section 5. > MUST > vs maybe. > I see your point. I have added a ticket to look over the create and verify steps to make sure they are consistent. https://github.com/erwah/ietf/issues/27 > > 10. In starting to verify the examples I ran across the following two > issues: > > a) The hex string and the diagnostic notation are equivalent, but they are > not the same. Specifically, the order of claims is not the same. CBOR.ME > gives > > {2: "erikw", 3: "coap://light.example.com", 4: 1444064944, 5: 1443944944, > 6: > 1443944944, 1: "coap://as.example.com", 7: h'0b71'} > I have create a issue to make them the same to make reading and testing easier, https://github.com/erwah/ietf/issues/23 > > b) The encoding of some of the claims is incorrect according to the > document. It should be > You are correct, I have added an issue to update, https://github.com/erwah/ietf/issues/22 > > { 1: "coap://as.example.com", 2: "erikw", 3: "coap://light.example.com", > 4: > 1(1444064944), 5: 1(1443944944), 6: 1(1443944944),7: h'0b71'} > > Or > > a7 # map(7) > 01 # unsigned(1) > 75 # text(21) > 636f61703a2f2f61732e6578616d706c652e636f6d # "coap://as.example.com" > 02 # unsigned(2) > 65 # text(5) > 6572696b77 # "erikw" > 03 # unsigned(3) > 78 18 # text(24) > 636f61703a2f2f6c696768742e6578616d706c652e636f6d # > "coap://light.example.com" > 04 # unsigned(4) > c1 # tag(1) > 1a 5612aeb0 # unsigned(1444064944) > 05 # unsigned(5) > c1 # tag(1) > 1a 5610d9f0 # unsigned(1443944944) > 06 # unsigned(6) > c1 # tag(1) > 1a 5610d9f0 # unsigned(1443944944) > 07 # unsigned(7) > 42 # bytes(2) > 0b71 # "\vq" > > Note the additional tagging which is required. > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > --001a11c041e2030939054c3cd997 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks for the review Jim,

See inline co= mments

On Sat,= Apr 1, 2017 at 5:03 AM, Jim Schaad <ietf@augustcellars.com> wrote:
Given tha= t it was stated that the authors believe that the document was
ready for publication, I decided to do another review pass.

1.=C2=A0 Following the discussion in the SET WG meeting, I believe that it = would
be reasonable to define some inputs for the external data fields to allow for distinguishing between the different uses of JWT structures.=C2=A0 Lang= uage
about different applications extending this structure would also be
reasonable.

I was not part of that disc= ussion, could you please link to some resource or notes from that meeting.<= br>=C2=A0
=C2=A0
2.=C2=A0 I do not know if the authors looked at changing the Type3StringOrU= RI so
that it would explicitly tag URIs or not.=C2=A0 I do no remember seeing any=
discussions on the list but have not gone back to search

We have no looked at changing this. Is there any good mot= ivation for actually doing this change?
=C2=A0

3.=C2=A0 I find the description of Type6NumericDate to be slightly confusin= g as
it appears to imply that this is not using a numeric value when it does.

I think the idea is to say that it is not= a JSON number but a CBOR number. I have added a ticket to look at the word= ing.
https://github.= com/erwah/ietf/issues/28

=C2=A0

4.=C2=A0 The authors need to look at their use of Type6NumericDate and dete= rmine
if this is what they really want to do.=C2=A0 All of the examples are incor= rect
because of this tag usage.

Examples sho= uld be updated, see below
=C2=A0

5.=C2=A0 After the discussions in the SET group, do the authors which to re-consider the MUST ignore statement in the first paragraph of section 3?<= br>

I have not seen the SET group discussio= n could you please link to it.
=C2=A0

6.=C2=A0 The string "6 tag value 1" is normally written as "= 6.1" when looking at
pretty-printed CBOR diagnostics.=C2=A0 =C2=A0This would be clearer than wha= t is
written.

Good input, I have create an issue to upd= ate this, https://githu= b.com/erwah/ietf/issues/26
=C2=A0

7.=C2=A0 The text should be altered to use a TBD for the CWT tag rather tha= n
using a constant so this is highlighted.

Good input, I have create an issue to update this, https://github.com/erwah/ietf/issues/25
=C2=A0

8.=C2=A0 The note for step 5 in section 6.1 is problematic from a number of=
things.=C2=A0 A) AEAD algorithms are required, so it is not clear that the<= br> recommendation makes sense.=C2=A0 B) there is a big difference between sign= ing
and MACing in terms of the amount and type of integrity provided.=C2=A0 Rep= lacing
signing w/ AEAD loses a lot.

I think yo= u are correct and I have considered removing it, I added in in an early att= empt to be smart.
I have added a issue to evaluate the value = of this statement and remove if considered useless.
https://github.com/erwah/ietf/issues/24=

=C2=A0

9.=C2=A0 Step 6 in section 6.1 does not agree w/ the language in section 5.= =C2=A0 MUST
vs maybe.

I see your point. I have adde= d a ticket to look over the create and verify steps to make sure they are c= onsistent.
https://g= ithub.com/erwah/ietf/issues/27
=C2=A0

10.=C2=A0 In starting to verify the examples I ran across the following two=
issues:

a) The hex string and the diagnostic notation are equivalent, but they are<= br> not the same.=C2=A0 Specifically, the order of claims is not the same.=C2= =A0 CBOR.ME=
gives

{2: "erikw", 3: "coap://light.example.com", 4: 14440= 64944, 5: 1443944944, 6:
1443944944, 1: "coap://as.example.com", 7: h'0b71'}

I have create a issue to make them the same = to make reading and testing easier, https://github.com/erwah/ietf/issues/23
=C2= =A0

b) The encoding of some of the claims is incorrect according to the
document.=C2=A0 It should be

You are co= rrect, I have added an issue to update, https://github.com/erwah/ietf/issues/22
= =C2=A0

{ 1: "coap://as.example.com", 2: "erikw", 3: "coap= ://light.example.com", 4:
1(1444064944), 5: 1(1443944944), 6: 1(1443944944),7: h'0b71'}

Or

a7=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # map(7)
=C2=A0 =C2=A001=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(1)
=C2=A0 =C2=A075=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# text(21= )
=C2=A0 =C2=A0 =C2=A0 636f61703a2f2f61732e6578616d706c652e636f6d # &quo= t;coap://as.example.com"
=C2=A0 =C2=A002=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(2)
=C2=A0 =C2=A065=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# text(5)=
=C2=A0 =C2=A0 =C2=A0 6572696b77=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # "erikw"
=C2=A0 =C2=A003=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(3)
=C2=A0 =C2=A078 18=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # text(24)
=C2=A0 =C2=A0 =C2=A0 636f61703a2f2f6c696768742e6578616d706c652e636f6d = #
"coap://light.example.com"
=C2=A0 =C2=A004=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(4)
=C2=A0 =C2=A0c1=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# tag(1)<= br> =C2=A0 =C2=A0 =C2=A0 1a 5612aeb0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigned(1444064944)
=C2=A0 =C2=A005=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(5)
=C2=A0 =C2=A0c1=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# tag(1)<= br> =C2=A0 =C2=A0 =C2=A0 1a 5610d9f0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigned(1443944944)
=C2=A0 =C2=A006=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(6)
=C2=A0 =C2=A0c1=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# tag(1)<= br> =C2=A0 =C2=A0 =C2=A0 1a 5610d9f0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigned(1443944944)
=C2=A0 =C2=A007=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# unsigne= d(7)
=C2=A0 =C2=A042=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0# bytes(2= )
=C2=A0 =C2=A0 =C2=A0 0b71=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 # "\vq"
Note the additional tagging which is required.


_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

--001a11c041e2030939054c3cd997-- From nobody Mon Apr 3 07:36:41 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1C38128DE5; Mon, 3 Apr 2017 07:36:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OOxd5MSM4cft; Mon, 3 Apr 2017 07:36:32 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D68C0128CFF; Mon, 3 Apr 2017 07:36:31 -0700 (PDT) Content-Type: multipart/alternative; boundary="----=_NextPart_000_0049_01D2AC4C.FD915DA0" Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491230182; h=from:subject:to:date:message-id; bh=PQZrKWMKTp6aaE3wpGfjx1ecPE3hGVEsRn9zNljKDik=; b=OTxaQxK249L89Mz/0rYbpXlQRJH+s9LXI0xlS81dPF45sJFsb8Ug4qpJ/aaBrirkBQOHgy4126I XUSJN1d4niU4mb7MIbhwmwP2nfuH9owENmkm0e1pzi/eIY/X9B+DWNikwrR7K7gP7DrnnjMlSQC+s J7ROWrwBBUTEAUkIGhVqzQCcmp3/QRh1H25AJS5kXGtexmCWtqnLzISZF0mes9WWVedruGLIKCB5A YVv25DM3OpeAUKLMJDjYJrmAW3tRuTFgThQCWj4Qh8EhIZeROv4mj687s77xn3zMR36NRMFkCNRMl 3Yj7KkT4JxQ3TiCyOKSOlagHqxeGrraymrwQ== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 3 Apr 2017 07:36:22 -0700 Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 3 Apr 2017 07:36:19 -0700 From: Jim Schaad To: 'Samuel Erdtman' CC: , 'ace' References: <010201d2aa94$957b6760$c0723620$@augustcellars.com> In-Reply-To: Date: Mon, 3 Apr 2017 07:36:18 -0700 Message-ID: <004801d2ac87$a9ea6940$fdbf3bc0$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQFLp/+ayhouGyHzbCNSCHQOOqf2BgIsy6i3orBYzbA= X-Originating-IP: [24.21.96.37] Archived-At: Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 14:36:40 -0000 ------=_NextPart_000_0049_01D2AC4C.FD915DA0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable It has been pointed out to me that I was incorrect when I thought that = the TLA for the WG was SET. It should be secevent. =20 Jim =20 =20 From: Samuel Erdtman [mailto:samuel@erdtman.se]=20 Sent: Sunday, April 2, 2017 10:58 PM To: Jim Schaad Cc: draft-ietf-ace-cbor-web-token@ietf.org; ace Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 =20 Thanks for the review Jim, See inline comments =20 On Sat, Apr 1, 2017 at 5:03 AM, Jim Schaad = wrote: Given that it was stated that the authors believe that the document was ready for publication, I decided to do another review pass. 1. Following the discussion in the SET WG meeting, I believe that it = would be reasonable to define some inputs for the external data fields to = allow for distinguishing between the different uses of JWT structures. = Language about different applications extending this structure would also be reasonable. =20 I was not part of that discussion, could you please link to some = resource or notes from that meeting. =20 =20 2. I do not know if the authors looked at changing the Type3StringOrURI = so that it would explicitly tag URIs or not. I do no remember seeing any discussions on the list but have not gone back to search =20 We have no looked at changing this. Is there any good motivation for = actually doing this change? =20 3. I find the description of Type6NumericDate to be slightly confusing = as it appears to imply that this is not using a numeric value when it does. =20 I think the idea is to say that it is not a JSON number but a CBOR = number. I have added a ticket to look at the wording. https://github.com/erwah/ietf/issues/28 =20 4. The authors need to look at their use of Type6NumericDate and = determine if this is what they really want to do. All of the examples are = incorrect because of this tag usage. =20 Examples should be updated, see below =20 5. After the discussions in the SET group, do the authors which to re-consider the MUST ignore statement in the first paragraph of section = 3? =20 I have not seen the SET group discussion could you please link to it. =20 6. The string "6 tag value 1" is normally written as "6.1" when looking = at pretty-printed CBOR diagnostics. This would be clearer than what is written. Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/26 =20 7. The text should be altered to use a TBD for the CWT tag rather than using a constant so this is highlighted. =20 Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/25 =20 8. The note for step 5 in section 6.1 is problematic from a number of things. A) AEAD algorithms are required, so it is not clear that the recommendation makes sense. B) there is a big difference between = signing and MACing in terms of the amount and type of integrity provided. = Replacing signing w/ AEAD loses a lot. =20 I think you are correct and I have considered removing it, I added in in = an early attempt to be smart. I have added a issue to evaluate the value of this statement and remove = if considered useless. https://github.com/erwah/ietf/issues/24 =20 9. Step 6 in section 6.1 does not agree w/ the language in section 5. = MUST vs maybe. =20 I see your point. I have added a ticket to look over the create and = verify steps to make sure they are consistent. https://github.com/erwah/ietf/issues/27 =20 10. In starting to verify the examples I ran across the following two issues: a) The hex string and the diagnostic notation are equivalent, but they = are not the same. Specifically, the order of claims is not the same. = CBOR.ME =20 gives {2: "erikw", 3: "coap://light.example.com ", = 4: 1444064944, 5: 1443944944, 6: 1443944944, 1: "coap://as.example.com ", 7: = h'0b71'} =20 I have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah/ietf/issues/23 =20 b) The encoding of some of the claims is incorrect according to the document. It should be =20 You are correct, I have added an issue to update, = https://github.com/erwah/ietf/issues/22 =20 { 1: "coap://as.example.com ", 2: "erikw", 3: = "coap://light.example.com ", 4: 1(1444064944), 5: 1(1443944944), 6: 1(1443944944),7: h'0b71'} Or a7 # map(7) 01 # unsigned(1) 75 # text(21) 636f61703a2f2f61732e6578616d706c652e636f6d # = "coap://as.example.com " 02 # unsigned(2) 65 # text(5) 6572696b77 # "erikw" 03 # unsigned(3) 78 18 # text(24) 636f61703a2f2f6c696768742e6578616d706c652e636f6d # "coap://light.example.com " 04 # unsigned(4) c1 # tag(1) 1a 5612aeb0 # unsigned(1444064944) 05 # unsigned(5) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 06 # unsigned(6) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 07 # unsigned(7) 42 # bytes(2) 0b71 # "\vq" Note the additional tagging which is required. _______________________________________________ Ace mailing list Ace@ietf.org =20 https://www.ietf.org/mailman/listinfo/ace =20 ------=_NextPart_000_0049_01D2AC4C.FD915DA0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

It has been = pointed out to me that I was incorrect when I thought that the TLA for = the WG was SET.=C2=A0 It should be secevent.

 

Jim

 

 

From:<= /b> = Samuel Erdtman [mailto:samuel@erdtman.se]
Sent: Sunday, April = 2, 2017 10:58 PM
To: Jim Schaad = <ietf@augustcellars.com>
Cc: = draft-ietf-ace-cbor-web-token@ietf.org; ace = <Ace@ietf.org>
Subject: Re: [Ace] Review of = draft-ietf-ace-cbor-web-token-03

 

Thanks for the review = Jim,

See inline = comments

 

On Sat, = Apr 1, 2017 at 5:03 AM, Jim Schaad <ietf@augustcellars.com> = wrote:

Given = that it was stated that the authors believe that the document = was
ready for publication, I decided to do another review = pass.

1.  Following the discussion in the SET WG meeting, I = believe that it would
be reasonable to define some inputs for the = external data fields to allow
for distinguishing between the = different uses of JWT structures.  Language
about different = applications extending this structure would also = be
reasonable.

 

I = was not part of that discussion, could you please link to some resource = or notes from that meeting.
 

 

2.  = I do not know if the authors looked at changing the Type3StringOrURI = so
that it would explicitly tag URIs or not.  I do no remember = seeing any
discussions on the list but have not gone back to = search

 

We have no looked at changing this. Is there any good = motivation for actually doing this change?

 


3.  I find the description of = Type6NumericDate to be slightly confusing as
it appears to imply that = this is not using a numeric value when it = does.

 

I think the idea is to say that it is not = a JSON number but a CBOR number. I have added a ticket to look at the = wording.
https://github.com/erwah= /ietf/issues/28

 


4.  The authors need to look at their use of = Type6NumericDate and determine
if this is what they really want to = do.  All of the examples are incorrect
because of this tag = usage.

 

Examples should be updated, see = below

 


5.  After the discussions in the SET group, = do the authors which to
re-consider the MUST ignore statement in the = first paragraph of section 3?

 

I = have not seen the SET group discussion could you please link to = it.

 


6.  The string "6 tag value 1" is = normally written as "6.1" when looking at
pretty-printed = CBOR diagnostics.   This would be clearer than what = is
written.


Good input, I have create an issue to update this, = https://github.com/erwah= /ietf/issues/26
 


7.  The text should be altered to use a TBD = for the CWT tag rather than
using a constant so this is = highlighted.

 

Good input, I have create an issue to update this, https://github.com/erwah= /ietf/issues/25

 


8.  The note for step 5 in section 6.1 is = problematic from a number of
things.  A) AEAD algorithms are = required, so it is not clear that the
recommendation makes = sense.  B) there is a big difference between signing
and MACing = in terms of the amount and type of integrity provided.  = Replacing
signing w/ AEAD loses a = lot.

 

I = think you are correct and I have considered removing it, I added in in = an early attempt to be smart.

I have added a issue to evaluate the value of this = statement and remove if considered useless.
https://github.com/erwah= /ietf/issues/24


 


9.  Step 6 in section 6.1 does not agree w/ = the language in section 5.  MUST
vs = maybe.

 

I = see your point. I have added a ticket to look over the create and verify = steps to make sure they are consistent.
https://github.com/erwah= /ietf/issues/27

 


10.  In starting to verify the examples I ran = across the following two
issues:

a) The hex string and the = diagnostic notation are equivalent, but they are
not the same.  = Specifically, the order of claims is not the same.  CBOR.ME
gives

{2: "erikw", 3: = "coap://light.example.com", 4: 1444064944, 5: = 1443944944, 6:
1443944944, 1: "coap://as.example.com", 7: = h'0b71'}

 

I = have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah= /ietf/issues/23

 


b) = The encoding of some of the claims is incorrect according to = the
document.  It should be

 

You are correct, I have added an issue to update, https://github.com/erwah= /ietf/issues/22

 


{ 1: = "coap://as.example.com", 2: "erikw", 3: = "coap://light.example.com", 4:
1(1444064944), 5: = 1(1443944944), 6: 1(1443944944),7: h'0b71'}

Or

a7  =                     =                 # = map(7)
   01            =                     =    # unsigned(1)
   75        =                     =        # text(21)
      = 636f61703a2f2f61732e6578616d706c652e636f6d # "coap://as.example.com"
   02  =                     =              # unsigned(2)
  =  65                  =                  # = text(5)
      6572696b77        =                 # = "erikw"
   03          =                     =      # unsigned(3)
   78 18    =                     =         # text(24)
      = 636f61703a2f2f6c696768742e6578616d706c652e636f6d #
"coap://light.example.com"
   04  =                     =              # unsigned(4)
  =  c1                  =                  # = tag(1)
      1a 5612aeb0        =                # = unsigned(1444064944)
   05        =                     =        # unsigned(5)
   c1    =                     =            # tag(1)
    =   1a 5610d9f0              =          # unsigned(1443944944)
  =  06                  =                  # = unsigned(6)
   c1            =                     =    # tag(1)
      1a 5610d9f0    =                    # = unsigned(1443944944)
   07        =                     =        # unsigned(7)
   42    =                     =            # bytes(2)
    =   0b71                =               # = "\vq"

Note the additional tagging which is = required.


_______________________________________________
A= ce mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

 

------=_NextPart_000_0049_01D2AC4C.FD915DA0-- From nobody Tue Apr 4 07:31:59 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 890161296CD; Tue, 4 Apr 2017 07:31:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N7grvwQosKel; Tue, 4 Apr 2017 07:31:48 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 094D212950C; Tue, 4 Apr 2017 07:31:48 -0700 (PDT) Content-Type: multipart/alternative; boundary="----=_NextPart_000_0061_01D2AD15.7CC85D30" Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491316300; h=from:subject:to:date:message-id; bh=HZA6UX+AnwqtdRBhw66RHWHhua5nnxrUPyIrsC9cNdU=; b=iPp6VxqdAKz5f8oSTKoeUofFm5wywmIoSNS54iDeeYCBu/3oMxcszBnhE9uzFZ89ir4Kq0L+2Ie i2XqvvzTNtyv2jWgUlVsPQMBpbYWjdwVO53CGRQiXYian8/cM+A1N0dsfbqIW+JyEMOgX4eftC2xe BoiLgLEwtbrtC4n7VcpaVDnkkL1DOPDAox9G8FGIXjWHxDa8kRRBeLvVpzrCHz5+e33cCQ9A3cBeT iPp05T2nBvADyWf7+rpEkJsXyD1hjpNvhGIHybRaibz6ZVI5F9ktHJBVpAHweeJBzpNlH5GKSsI5R IH6x5F/tVoogytyImOJphu6Y/mBlAmENaxvw== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Apr 2017 07:31:38 -0700 Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Apr 2017 07:31:33 -0700 From: Jim Schaad To: 'Samuel Erdtman' CC: , 'ace' References: <010201d2aa94$957b6760$c0723620$@augustcellars.com> In-Reply-To: Date: Tue, 4 Apr 2017 07:31:31 -0700 Message-ID: <006001d2ad50$29220510$7b660f30$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQFLp/+ayhouGyHzbCNSCHQOOqf2BgIsy6i3orHizvA= X-Originating-IP: [24.21.96.37] Archived-At: Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2017 14:31:53 -0000 ------=_NextPart_000_0061_01D2AD15.7CC85D30 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Some comments inline =20 =20 From: Samuel Erdtman [mailto:samuel@erdtman.se]=20 Sent: Sunday, April 2, 2017 10:58 PM To: Jim Schaad Cc: draft-ietf-ace-cbor-web-token@ietf.org; ace Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 =20 Thanks for the review Jim, See inline comments =20 On Sat, Apr 1, 2017 at 5:03 AM, Jim Schaad > wrote: Given that it was stated that the authors believe that the document was ready for publication, I decided to do another review pass. 1. Following the discussion in the SET WG meeting, I believe that it = would be reasonable to define some inputs for the external data fields to = allow for distinguishing between the different uses of JWT structures. = Language about different applications extending this structure would also be reasonable. =20 I was not part of that discussion, could you please link to some = resource or notes from that meeting. =20 [JLS] As noted in an earlier message, I got the name of the WG wrong. = The document is SET and the WG is secevent. Given that Mike was doing = the presentation, I would suggest talking to him about the issues = presented. The issues involved how to prevent a SET being used as a JWT = as an access token. =20 =20 2. I do not know if the authors looked at changing the Type3StringOrURI = so that it would explicitly tag URIs or not. I do no remember seeing any discussions on the list but have not gone back to search =20 We have no looked at changing this. Is there any good motivation for = actually doing this change? =20 [JLS] If you tagged URIs, which is presumably easy for the creator, then = the recipient does not have to do any work to try and distinguish = between a string and a URI. The cost is that the token is going to be = one byte longer per tag. This is not done for JWT and therefore code = needs to exist on the user of a JWT to figure out if it is a URI. =20 3. I find the description of Type6NumericDate to be slightly confusing = as it appears to imply that this is not using a numeric value when it does. =20 I think the idea is to say that it is not a JSON number but a CBOR = number. I have added a ticket to look at the wording. https://github.com/erwah/ietf/issues/28 =20 4. The authors need to look at their use of Type6NumericDate and = determine if this is what they really want to do. All of the examples are = incorrect because of this tag usage. =20 Examples should be updated, see below =20 5. After the discussions in the SET group, do the authors which to re-consider the MUST ignore statement in the first paragraph of section = 3? =20 I have not seen the SET group discussion could you please link to it. =20 6. The string "6 tag value 1" is normally written as "6.1" when looking = at pretty-printed CBOR diagnostics. This would be clearer than what is written. Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/26 =20 7. The text should be altered to use a TBD for the CWT tag rather than using a constant so this is highlighted. =20 Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/25 =20 8. The note for step 5 in section 6.1 is problematic from a number of things. A) AEAD algorithms are required, so it is not clear that the recommendation makes sense. B) there is a big difference between = signing and MACing in terms of the amount and type of integrity provided. = Replacing signing w/ AEAD loses a lot. =20 I think you are correct and I have considered removing it, I added in in = an early attempt to be smart. I have added a issue to evaluate the value of this statement and remove = if considered useless. https://github.com/erwah/ietf/issues/24 =20 9. Step 6 in section 6.1 does not agree w/ the language in section 5. = MUST vs maybe. =20 I see your point. I have added a ticket to look over the create and = verify steps to make sure they are consistent. https://github.com/erwah/ietf/issues/27 =20 10. In starting to verify the examples I ran across the following two issues: a) The hex string and the diagnostic notation are equivalent, but they = are not the same. Specifically, the order of claims is not the same. = CBOR.ME =20 gives {2: "erikw", 3: "coap://light.example.com ", = 4: 1444064944, 5: 1443944944, 6: 1443944944, 1: "coap://as.example.com ", 7: = h'0b71'} =20 I have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah/ietf/issues/23 =20 b) The encoding of some of the claims is incorrect according to the document. It should be =20 You are correct, I have added an issue to update, = https://github.com/erwah/ietf/issues/22 =20 [JLS] You can find some candidate encodings in the examples github for = COSE. =20 Jim =20 { 1: "coap://as.example.com ", 2: "erikw", 3: = "coap://light.example.com ", 4: 1(1444064944), 5: 1(1443944944), 6: 1(1443944944),7: h'0b71'} Or a7 # map(7) 01 # unsigned(1) 75 # text(21) 636f61703a2f2f61732e6578616d706c652e636f6d # = "coap://as.example.com " 02 # unsigned(2) 65 # text(5) 6572696b77 # "erikw" 03 # unsigned(3) 78 18 # text(24) 636f61703a2f2f6c696768742e6578616d706c652e636f6d # "coap://light.example.com " 04 # unsigned(4) c1 # tag(1) 1a 5612aeb0 # unsigned(1444064944) 05 # unsigned(5) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 06 # unsigned(6) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 07 # unsigned(7) 42 # bytes(2) 0b71 # "\vq" Note the additional tagging which is required. _______________________________________________ Ace mailing list Ace@ietf.org =20 https://www.ietf.org/mailman/listinfo/ace =20 ------=_NextPart_000_0061_01D2AD15.7CC85D30 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Some = comments inline

 

 

From:<= /b> = Samuel Erdtman [mailto:samuel@erdtman.se]
Sent: Sunday, April = 2, 2017 10:58 PM
To: Jim Schaad = <ietf@augustcellars.com>
Cc: = draft-ietf-ace-cbor-web-token@ietf.org; ace = <Ace@ietf.org>
Subject: Re: [Ace] Review of = draft-ietf-ace-cbor-web-token-03

 

Thanks for the review = Jim,

See inline = comments

 

On Sat, = Apr 1, 2017 at 5:03 AM, Jim Schaad <ietf@augustcellars.com> = wrote:

Given = that it was stated that the authors believe that the document = was
ready for publication, I decided to do another review = pass.

1.  Following the discussion in the SET WG meeting, I = believe that it would
be reasonable to define some inputs for the = external data fields to allow
for distinguishing between the = different uses of JWT structures.  Language
about different = applications extending this structure would also = be
reasonable.

 

I = was not part of that discussion, could you please link to some resource = or notes from that meeting.

 

[JLS] As = noted in an earlier message, I got the name of the WG wrong.=C2=A0 The = document is SET and the WG is secevent.=C2=A0 Given that Mike was doing = the presentation, I would suggest talking to him about the issues = presented.=C2=A0 The issues involved how to prevent a SET being used as = a JWT as an access token.

 

 

2.  = I do not know if the authors looked at changing the Type3StringOrURI = so
that it would explicitly tag URIs or not.  I do no remember = seeing any
discussions on the list but have not gone back to = search

 

We have no looked at changing this. Is there any good = motivation for actually doing this change?

 

[JLS] If you = tagged URIs, which is presumably easy for the creator, then the = recipient does not have to do any work to try and distinguish between a = string and a URI.=C2=A0 The cost is that the token is going to be one = byte longer per tag.=C2=A0 This is not done for JWT and therefore code = needs to exist on the user of a JWT to figure out if it is a = URI.

 


3.  I find the description of = Type6NumericDate to be slightly confusing as
it appears to imply that = this is not using a numeric value when it = does.

 

I think the idea is to say that it is not = a JSON number but a CBOR number. I have added a ticket to look at the = wording.
https://github.com/erwah= /ietf/issues/28

 


4.  The authors need to look at their use of = Type6NumericDate and determine
if this is what they really want to = do.  All of the examples are incorrect
because of this tag = usage.

 

Examples should be updated, see = below

 


5.  After the discussions in the SET group, = do the authors which to
re-consider the MUST ignore statement in the = first paragraph of section 3?

 

I = have not seen the SET group discussion could you please link to = it.

 


6.  The string "6 tag value 1" is = normally written as "6.1" when looking at
pretty-printed = CBOR diagnostics.   This would be clearer than what = is
written.


Good input, I have create an issue to update this, = https://github.com/erwah= /ietf/issues/26
 


7.  The text should be altered to use a TBD = for the CWT tag rather than
using a constant so this is = highlighted.

 

Good input, I have create an issue to update this, https://github.com/erwah= /ietf/issues/25

 


8.  The note for step 5 in section 6.1 is = problematic from a number of
things.  A) AEAD algorithms are = required, so it is not clear that the
recommendation makes = sense.  B) there is a big difference between signing
and MACing = in terms of the amount and type of integrity provided.  = Replacing
signing w/ AEAD loses a = lot.

 

I = think you are correct and I have considered removing it, I added in in = an early attempt to be smart.

I have added a issue to evaluate the value of this = statement and remove if considered useless.
https://github.com/erwah= /ietf/issues/24


 


9.  Step 6 in section 6.1 does not agree w/ = the language in section 5.  MUST
vs = maybe.

 

I = see your point. I have added a ticket to look over the create and verify = steps to make sure they are consistent.
https://github.com/erwah= /ietf/issues/27

 


10.  In starting to verify the examples I ran = across the following two
issues:

a) The hex string and the = diagnostic notation are equivalent, but they are
not the same.  = Specifically, the order of claims is not the same.  CBOR.ME
gives

{2: "erikw", 3: = "coap://light.example.com", 4: 1444064944, 5: = 1443944944, 6:
1443944944, 1: "coap://as.example.com", 7: = h'0b71'}

 

I = have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah= /ietf/issues/23

 


b) = The encoding of some of the claims is incorrect according to = the
document.  It should be

 

You are correct, I have added an issue to update, https://github.com/erwah= /ietf/issues/22

 

[JLS] You = can find some candidate encodings in the examples github for = COSE.

 

Jim

 


{ 1: = "coap://as.example.com", 2: "erikw", 3: = "coap://light.example.com", 4:
1(1444064944), 5: = 1(1443944944), 6: 1(1443944944),7: h'0b71'}

Or

a7  =                     =                 # = map(7)
   01            =                     =    # unsigned(1)
   75        =                     =        # text(21)
      = 636f61703a2f2f61732e6578616d706c652e636f6d # "coap://as.example.com"
   02  =                     =              # unsigned(2)
  =  65                  =                  # = text(5)
      6572696b77        =                 # = "erikw"
   03          =                     =      # unsigned(3)
   78 18    =                     =         # text(24)
      = 636f61703a2f2f6c696768742e6578616d706c652e636f6d #
"coap://light.example.com"
   04  =                     =              # unsigned(4)
  =  c1                  =                  # = tag(1)
      1a 5612aeb0        =                # = unsigned(1444064944)
   05        =                     =        # unsigned(5)
   c1    =                     =            # tag(1)
    =   1a 5610d9f0              =          # unsigned(1443944944)
  =  06                  =                  # = unsigned(6)
   c1            =                     =    # tag(1)
      1a 5610d9f0    =                    # = unsigned(1443944944)
   07        =                     =        # unsigned(7)
   42    =                     =            # bytes(2)
    =   0b71                =               # = "\vq"

Note the additional tagging which is = required.


_______________________________________________
A= ce mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

 

------=_NextPart_000_0061_01D2AD15.7CC85D30-- From nobody Wed Apr 5 18:02:15 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A460F127449; Wed, 5 Apr 2017 18:02:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.02 X-Spam-Level: X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48KIJbAt5to5; Wed, 5 Apr 2017 18:02:08 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0108.outbound.protection.outlook.com [104.47.40.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36E2B124BE8; Wed, 5 Apr 2017 18:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ub+XQOJN97OegHmdJD6MMPH2E3JgbZ0jFuzBl7cqQOE=; b=jhA4z17k5wmlRHxvF0KUaQp5fRvdNsrf7C7vigmMxFwAZvWPvp4uc5XSEtPFhh4zHvk+DMIlZsIzC2IdMlEpmF0z+bI26Ft40SxMcFASRUu1mBSjkgBxmLK+tfrqSpqbToDl8sk7uR96gA4LEQg0q2KYR6UfMTEGXEoy90cLUwQ= Received: from DM5PR21MB0505.namprd21.prod.outlook.com (10.172.91.139) by DM5PR21MB0508.namprd21.prod.outlook.com (10.172.91.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1019.0; Thu, 6 Apr 2017 01:02:00 +0000 Received: from DM5PR21MB0505.namprd21.prod.outlook.com ([10.172.91.139]) by DM5PR21MB0505.namprd21.prod.outlook.com ([10.172.91.139]) with mapi id 15.01.1019.019; Thu, 6 Apr 2017 01:02:00 +0000 From: Mike Jones To: Samuel Erdtman , Jim Schaad CC: "draft-ietf-ace-cbor-web-token@ietf.org" , ace Thread-Topic: [Ace] Review of draft-ietf-ace-cbor-web-token-03 Thread-Index: AdKqjYd/dEU13IlnTS+NuoPqts/VjQBsccuAAImGdFA= Date: Thu, 6 Apr 2017 01:01:59 +0000 Message-ID: References: <010201d2aa94$957b6760$c0723620$@augustcellars.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: erdtman.se; dkim=none (message not signed) header.d=none;erdtman.se; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [2001:4898:80e8:1::36] x-microsoft-exchange-diagnostics: 1; DM5PR21MB0508; 7:t3Gg17QIOfIGeJ4UNW+KgYk+xI3OVXkuRN0kyU2PPzaxvW23r9AHCD6I/9GbqVjDTjPbQMeaHicfsZFW4eURbIUzZMqBzEgvLek2C8LTb4RJZTwzNimYEHumau6EWqmoMn7Qm1V6UOfO4GKh+JY/nRQbt8SBXIoLm1CaQrmzaKYX1olAOCT2I5GqXr6FBvs+j0l96U1nsguKG4EHbqzX/XkCbL6lYepMLNBzm8fkLarrIfYJ01XGdz7t5Xvic25rHINn1KZkWTQWcTGwFcfxHzEziYLYSKI40FzXFKjURNPLoHsiw0FOieC/pxSY0qkh+1R3yI3BxGripzQhq/LpJ3r2NTwwFMzjuNraf3uRE64= x-ms-office365-filtering-correlation-id: f4979692-0524-4fe0-4ade-08d47c8887b3 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:DM5PR21MB0508; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(166708455590820)(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:DM5PR21MB0508; BCL:0; PCL:0; RULEID:; SRVR:DM5PR21MB0508; x-forefront-prvs: 02698DF457 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39400400002)(39850400002)(39410400002)(39860400002)(39450400003)(39840400002)(377454003)(51914003)(24454002)(2950100002)(229853002)(38730400002)(5005710100001)(6246003)(10290500002)(7736002)(5660300001)(7696004)(54906002)(53386004)(9686003)(7906003)(74316002)(122556002)(25786009)(86362001)(54896002)(19609705001)(53936002)(3660700001)(33656002)(86612001)(236005)(189998001)(6306002)(2900100001)(3280700002)(54356999)(4326008)(81166006)(6506006)(102836003)(790700001)(50986999)(8676002)(6116002)(55016002)(99286003)(76176999)(10090500001)(230783001)(8990500004)(53546009)(6436002)(77096006)(606005)(2906002)(8936002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0508; H:DM5PR21MB0505.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DM5PR21MB05056C9A30088E02D055EDBCF50D0DM5PR21MB0505namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2017 01:01:59.8381 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0508 Archived-At: Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 01:02:13 -0000 --_000_DM5PR21MB05056C9A30088E02D055EDBCF50D0DM5PR21MB0505namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TGV0IG1lIHNlY29uZCB0aGUgdGhhbmtzIGZvciB0aGUgdGhvcm91Z2ggcmV2aWV3LCBKaW0sIGFu ZCBlc3BlY2lhbGx5IGZvciB2YWxpZGF0aW5nIHRoZSBleGFtcGxlcy4gIFJlcGxpZXMgdG8gc29t ZSBvZiB0aGUgcG9pbnRzIGFyZSBpbmxpbmXigKYNCg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC0tIE1pa2UNCg0KRnJvbTog U2FtdWVsIEVyZHRtYW4gW21haWx0bzpzYW11ZWxAZXJkdG1hbi5zZV0NClNlbnQ6IFN1bmRheSwg QXByaWwgMiwgMjAxNyAxMDo1OCBQTQ0KVG86IEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2VsbGFy cy5jb20+DQpDYzogZHJhZnQtaWV0Zi1hY2UtY2Jvci13ZWItdG9rZW5AaWV0Zi5vcmc7IGFjZSA8 QWNlQGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtBY2VdIFJldmlldyBvZiBkcmFmdC1pZXRmLWFj ZS1jYm9yLXdlYi10b2tlbi0wMw0KDQpUaGFua3MgZm9yIHRoZSByZXZpZXcgSmltLA0KU2VlIGlu bGluZSBjb21tZW50cw0KDQpPbiBTYXQsIEFwciAxLCAyMDE3IGF0IDU6MDMgQU0sIEppbSBTY2hh YWQgPGlldGZAYXVndXN0Y2VsbGFycy5jb208bWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5jb20+ PiB3cm90ZToNCkdpdmVuIHRoYXQgaXQgd2FzIHN0YXRlZCB0aGF0IHRoZSBhdXRob3JzIGJlbGll dmUgdGhhdCB0aGUgZG9jdW1lbnQgd2FzDQpyZWFkeSBmb3IgcHVibGljYXRpb24sIEkgZGVjaWRl ZCB0byBkbyBhbm90aGVyIHJldmlldyBwYXNzLg0KDQoxLiAgRm9sbG93aW5nIHRoZSBkaXNjdXNz aW9uIGluIHRoZSBTRVQgV0cgbWVldGluZywgSSBiZWxpZXZlIHRoYXQgaXQgd291bGQNCmJlIHJl YXNvbmFibGUgdG8gZGVmaW5lIHNvbWUgaW5wdXRzIGZvciB0aGUgZXh0ZXJuYWwgZGF0YSBmaWVs ZHMgdG8gYWxsb3cNCmZvciBkaXN0aW5ndWlzaGluZyBiZXR3ZWVuIHRoZSBkaWZmZXJlbnQgdXNl cyBvZiBKV1Qgc3RydWN0dXJlcy4gIExhbmd1YWdlDQphYm91dCBkaWZmZXJlbnQgYXBwbGljYXRp b25zIGV4dGVuZGluZyB0aGlzIHN0cnVjdHVyZSB3b3VsZCBhbHNvIGJlDQpyZWFzb25hYmxlLg0K DQpJIHdhcyBub3QgcGFydCBvZiB0aGF0IGRpc2N1c3Npb24sIGNvdWxkIHlvdSBwbGVhc2UgbGlu ayB0byBzb21lIHJlc291cmNlIG9yIG5vdGVzIGZyb20gdGhhdCBtZWV0aW5nLg0KDQpJbiB0aGUg U2VjRXZlbnQgV0csIGFmdGVyIEkgZ2F2ZSB0aGlzIGludml0ZWQgcHJlc2VudGF0aW9uIG9uIEpP U0UvSldUIHNlY3VyaXR5PGh0dHBzOi8vd3d3LmlldGYub3JnL3Byb2NlZWRpbmdzLzk4L3NsaWRl cy9zbGlkZXMtOTgtc2VjZXZlbnQtam9zZWp3dC1zZWN1cml0eS11cGRhdGUtMDAucGRmPiwgdGhl cmUgd2FzIGEgZGlzY3Vzc2lvbiBvbiB3aGV0aGVyIGl0IHdvdWxkIGJlIHVzZWZ1bCB0byBkb2N1 bWVudCBiZXN0IHByYWN0aWNlcyBvbiB1c2luZyBKV1RzLiAgQWZ0ZXIgdGhlIHJlcGVhdGluZyB0 aGUgc2FtZSBwcmVzZW50YXRpb24gaW4gdGhlIE9BdXRoIHdvcmtpbmcgZ3JvdXAsIGl0IHdhcyBh Z3JlZWQgdGhhdCB3ZSB3b3VsZCBkbyB0aGF0IGFuZCBJIHdvdWxkIHdyaXRlIGRvd24gc29tZSBv ZiB0aGUgcG9zc2libGUgaXNzdWVzIHVzaW5nIEpXVHMgYW5kIG1pdGlnYXRpb25zLiAgU29tZSBv ZiB0aGlzIHdpbGwgYmUgaW4gdGhlIGZvcm0gb2YgYWR2aWNlIHRvIGltcGxlbWVudGVycy4gIFNv bWUgb2YgaXQgd2lsbCBiZSBhZHZpY2UgdG8gcHJvdG9jb2wgZGVzaWduZXJzLiAgR2l2ZW4gdGhh dCBDV1RzIGFyZSBpbnRlbnRpb25hbGx5IHBhcmFsbGVsIHRvIEpXVHMsIEkgZXhwZWN0IHRoYXQg bXVjaCBvZiB0aGUgSldUIEJDUCBsYW5ndWFnZSB3aWxsIGFsc28gYXBwbHkgdG8gQ1dUcy4gIEni gJlsbCBtYWtlIGEgbWVudGFsIG5vdGUgdG8gYWxzbyBiZSB0aGlua2luZyBhYm91dCBDV1RzIHdo ZW4gd3JpdGluZyBhYm91dCBKV1RzLg0KDQoNCjIuICBJIGRvIG5vdCBrbm93IGlmIHRoZSBhdXRo b3JzIGxvb2tlZCBhdCBjaGFuZ2luZyB0aGUgVHlwZTNTdHJpbmdPclVSSSBzbw0KdGhhdCBpdCB3 b3VsZCBleHBsaWNpdGx5IHRhZyBVUklzIG9yIG5vdC4gIEkgZG8gbm8gcmVtZW1iZXIgc2VlaW5n IGFueQ0KZGlzY3Vzc2lvbnMgb24gdGhlIGxpc3QgYnV0IGhhdmUgbm90IGdvbmUgYmFjayB0byBz ZWFyY2gNCg0KV2UgaGF2ZSBubyBsb29rZWQgYXQgY2hhbmdpbmcgdGhpcy4gSXMgdGhlcmUgYW55 IGdvb2QgbW90aXZhdGlvbiBmb3IgYWN0dWFsbHkgZG9pbmcgdGhpcyBjaGFuZ2U/DQoNCkhhdmlu ZyBpdCBqdXN0IGJlIGEgc3RyaW5nIGFzIGl0IGlzIG5vdyBpcyBwYXJhbGxlbCB3aXRoIEpXVHMg KHdoaWNoIGRvbuKAmXQgaGF2ZSB0aGUgdGFnZ2luZyBvcHRpb24gYXZhaWxhYmxlIHRvIHRoZW0p LiBNeSBpbmNsaW5hdGlvbiBpcyB0byBrZWVwIGl0IHBhcmFsbGVsLiAgQWx0ZXJuYXRpdmVseSwg d2UgY291bGQgc2F5IHRoYXQgaXTigJlzIGFsc28gbGVnYWwgdG8gdGFnIHRoZSB2YWx1ZSBhcyBh IFVSSSBpZiBpdCBpcyBvbmUuICBXaGF0IGRvIG90aGVycyB0aGluaz8NCg0KDQozLiAgSSBmaW5k IHRoZSBkZXNjcmlwdGlvbiBvZiBUeXBlNk51bWVyaWNEYXRlIHRvIGJlIHNsaWdodGx5IGNvbmZ1 c2luZyBhcw0KaXQgYXBwZWFycyB0byBpbXBseSB0aGF0IHRoaXMgaXMgbm90IHVzaW5nIGEgbnVt ZXJpYyB2YWx1ZSB3aGVuIGl0IGRvZXMuDQoNCkkgdGhpbmsgdGhlIGlkZWEgaXMgdG8gc2F5IHRo YXQgaXQgaXMgbm90IGEgSlNPTiBudW1iZXIgYnV0IGEgQ0JPUiBudW1iZXIuIEkgaGF2ZSBhZGRl ZCBhIHRpY2tldCB0byBsb29rIGF0IHRoZSB3b3JkaW5nLg0KaHR0cHM6Ly9naXRodWIuY29tL2Vy d2FoL2lldGYvaXNzdWVzLzI4DQpJIGFncmVlIHRoYXQgY2xlYXJlciB3b3JkaW5nIGNhbiBiZSB1 c2VkLCB0YWxraW5nIGFib3V0IGEgQ0JPUiBudW1iZXIgdGFnZ2VkIGFzIGEgbnVtZXJpYyBkYXRl Lg0KDQoNCjQuICBUaGUgYXV0aG9ycyBuZWVkIHRvIGxvb2sgYXQgdGhlaXIgdXNlIG9mIFR5cGU2 TnVtZXJpY0RhdGUgYW5kIGRldGVybWluZQ0KaWYgdGhpcyBpcyB3aGF0IHRoZXkgcmVhbGx5IHdh bnQgdG8gZG8uICBBbGwgb2YgdGhlIGV4YW1wbGVzIGFyZSBpbmNvcnJlY3QNCmJlY2F1c2Ugb2Yg dGhpcyB0YWcgdXNhZ2UuDQoNCkV4YW1wbGVzIHNob3VsZCBiZSB1cGRhdGVkLCBzZWUgYmVsb3cN Cg0KDQo1LiAgQWZ0ZXIgdGhlIGRpc2N1c3Npb25zIGluIHRoZSBTRVQgZ3JvdXAsIGRvIHRoZSBh dXRob3JzIHdoaWNoIHRvDQpyZS1jb25zaWRlciB0aGUgTVVTVCBpZ25vcmUgc3RhdGVtZW50IGlu IHRoZSBmaXJzdCBwYXJhZ3JhcGggb2Ygc2VjdGlvbiAzPw0KDQpJIGhhdmUgbm90IHNlZW4gdGhl IFNFVCBncm91cCBkaXNjdXNzaW9uIGNvdWxkIHlvdSBwbGVhc2UgbGluayB0byBpdC4NCg0KSWdu b3JpbmcgY2xhaW1zIHRoYXQgYXJlIG5vdCB1bmRlcnN0b29kIGlzIGNyaXRpY2FsIHRvIGV4dGVu c2liaWxpdHkuICBJdOKAmXMgc2VydmVkIEpXVHMgd2VsbCBhbmQgd2lsbCBzZXJ2ZSBDV1RzIHdl bGwgaW4gdGhlIHNhbWUgcmVnYXJkLiAgV2l0aG91dCB0aGlzLCBldmVyeSBzeXN0ZW0gdXNpbmcg YSBDV1Qgd291bGQgYmUgYnJpdHRsZSBieSBkZXNpZ24uDQoNCg0KNi4gIFRoZSBzdHJpbmcgIjYg dGFnIHZhbHVlIDEiIGlzIG5vcm1hbGx5IHdyaXR0ZW4gYXMgIjYuMSIgd2hlbiBsb29raW5nIGF0 DQpwcmV0dHktcHJpbnRlZCBDQk9SIGRpYWdub3N0aWNzLiAgIFRoaXMgd291bGQgYmUgY2xlYXJl ciB0aGFuIHdoYXQgaXMNCndyaXR0ZW4uDQoNCkdvb2QgaW5wdXQsIEkgaGF2ZSBjcmVhdGUgYW4g aXNzdWUgdG8gdXBkYXRlIHRoaXMsIGh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRmL2lzc3Vl cy8yNg0KDQoNCjcuICBUaGUgdGV4dCBzaG91bGQgYmUgYWx0ZXJlZCB0byB1c2UgYSBUQkQgZm9y IHRoZSBDV1QgdGFnIHJhdGhlciB0aGFuDQp1c2luZyBhIGNvbnN0YW50IHNvIHRoaXMgaXMgaGln aGxpZ2h0ZWQuDQoNCkdvb2QgaW5wdXQsIEkgaGF2ZSBjcmVhdGUgYW4gaXNzdWUgdG8gdXBkYXRl IHRoaXMsIGh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRmL2lzc3Vlcy8yNQ0KDQpJIGRpc2Fn cmVlIHdpdGggdGhpcy4gIFRoZSB2YWx1ZXMgaW4gdGhlIHJlZ2lzdHJ5IGFyZSBhbHJlYWR5IG1h cmtlZCBhcyDigJxUQkQgKG1heWJlIDYxKeKAnS4gIEl0IHdvdWxkIGp1c3QgYWRkIGNsdXR0ZXIs IGRldHJhY3RpbmcgZnJvbSB0aGUgcmVhZGFiaWxpdHkgb2YgdGhlIHNwZWMsIHRvIHJlcGxpY2F0 ZSB0aGlzIGVsc2V3aGVyZS4gIEJlc2lkZXMsIHRoZSBleGFtcGxlcyBuZWVkIGEgc3BlY2lmaWMg bnVtYmVyLiAgSWYgSUFOQSBjaGFuZ2VzIHRoZSBudW1iZXIsIHdlIHdpbGwgb2YgY291cnNlLCB1 cGRhdGUgdGhlIHNwZWMgYWNjb3JkaW5nbHksIG9uY2UgYSBmaW5hbCBhc3NpZ25tZW50IGlzIGRl dGVybWluZWQuDQoNCjguICBUaGUgbm90ZSBmb3Igc3RlcCA1IGluIHNlY3Rpb24gNi4xIGlzIHBy b2JsZW1hdGljIGZyb20gYSBudW1iZXIgb2YNCnRoaW5ncy4gIEEpIEFFQUQgYWxnb3JpdGhtcyBh cmUgcmVxdWlyZWQsIHNvIGl0IGlzIG5vdCBjbGVhciB0aGF0IHRoZQ0KcmVjb21tZW5kYXRpb24g bWFrZXMgc2Vuc2UuICBCKSB0aGVyZSBpcyBhIGJpZyBkaWZmZXJlbmNlIGJldHdlZW4gc2lnbmlu Zw0KYW5kIE1BQ2luZyBpbiB0ZXJtcyBvZiB0aGUgYW1vdW50IGFuZCB0eXBlIG9mIGludGVncml0 eSBwcm92aWRlZC4gIFJlcGxhY2luZw0Kc2lnbmluZyB3LyBBRUFEIGxvc2VzIGEgbG90Lg0KDQpJ IHRoaW5rIHlvdSBhcmUgY29ycmVjdCBhbmQgSSBoYXZlIGNvbnNpZGVyZWQgcmVtb3ZpbmcgaXQs IEkgYWRkZWQgaW4gaW4gYW4gZWFybHkgYXR0ZW1wdCB0byBiZSBzbWFydC4NCkkgaGF2ZSBhZGRl ZCBhIGlzc3VlIHRvIGV2YWx1YXRlIHRoZSB2YWx1ZSBvZiB0aGlzIHN0YXRlbWVudCBhbmQgcmVt b3ZlIGlmIGNvbnNpZGVyZWQgdXNlbGVzcy4NCmh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRm L2lzc3Vlcy8yNA0KDQpJIGFncmVlIHdpdGggZGVsZXRpbmcgaXQuDQoNCg0KOS4gIFN0ZXAgNiBp biBzZWN0aW9uIDYuMSBkb2VzIG5vdCBhZ3JlZSB3LyB0aGUgbGFuZ3VhZ2UgaW4gc2VjdGlvbiA1 LiAgTVVTVA0KdnMgbWF5YmUuDQoNCkkgc2VlIHlvdXIgcG9pbnQuIEkgaGF2ZSBhZGRlZCBhIHRp Y2tldCB0byBsb29rIG92ZXIgdGhlIGNyZWF0ZSBhbmQgdmVyaWZ5IHN0ZXBzIHRvIG1ha2Ugc3Vy ZSB0aGV5IGFyZSBjb25zaXN0ZW50Lg0KaHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2lldGYvaXNz dWVzLzI3DQoNClNlY3Rpb24gNSBzYXlzIHRoYXQgdXNlIG9mIHRoZSBDQk9SIHRhZyBpcyBvcHRp b25hbC4gIEJ1dCBJIHNlZSB0aGF0IHRoZSBsYW5ndWFnZSDigJxUaGUgQ1dUIHRhZyBNVVNUIHBy ZWZpeCBhIHRhZ2dlZCBvYmplY3TigJ0gY291bGQgYmUgbWlzaW50ZXJwcmV0ZWQuICBXZSBjb3Vs ZCBjaGFuZ2UgdGhpcyB0byDigJxJZiBwcmVzZW50LCB0aGUgQ1dUIHRhZyBNVVNUIHByZWZpeCBh IHRhZ2dlZCBvYmplY3TigJ0uDQoNCg0KMTAuICBJbiBzdGFydGluZyB0byB2ZXJpZnkgdGhlIGV4 YW1wbGVzIEkgcmFuIGFjcm9zcyB0aGUgZm9sbG93aW5nIHR3bw0KaXNzdWVzOg0KDQphKSBUaGUg aGV4IHN0cmluZyBhbmQgdGhlIGRpYWdub3N0aWMgbm90YXRpb24gYXJlIGVxdWl2YWxlbnQsIGJ1 dCB0aGV5IGFyZQ0Kbm90IHRoZSBzYW1lLiAgU3BlY2lmaWNhbGx5LCB0aGUgb3JkZXIgb2YgY2xh aW1zIGlzIG5vdCB0aGUgc2FtZS4gIENCT1IuTUU8aHR0cDovL0NCT1IuTUU+DQpnaXZlcw0KDQp7 MjogImVyaWt3IiwgMzogImNvYXA6Ly9saWdodC5leGFtcGxlLmNvbTxodHRwOi8vbGlnaHQuZXhh bXBsZS5jb20+IiwgNDogMTQ0NDA2NDk0NCwgNTogMTQ0Mzk0NDk0NCwgNjoNCjE0NDM5NDQ5NDQs IDE6ICJjb2FwOi8vYXMuZXhhbXBsZS5jb208aHR0cDovL2FzLmV4YW1wbGUuY29tPiIsIDc6IGgn MGI3MSd9DQoNCkkgaGF2ZSBjcmVhdGUgYSBpc3N1ZSB0byBtYWtlIHRoZW0gdGhlIHNhbWUgdG8g bWFrZSByZWFkaW5nIGFuZCB0ZXN0aW5nIGVhc2llciwgaHR0cHM6Ly9naXRodWIuY29tL2Vyd2Fo L2lldGYvaXNzdWVzLzIzDQoNCg0KYikgVGhlIGVuY29kaW5nIG9mIHNvbWUgb2YgdGhlIGNsYWlt cyBpcyBpbmNvcnJlY3QgYWNjb3JkaW5nIHRvIHRoZQ0KZG9jdW1lbnQuICBJdCBzaG91bGQgYmUN Cg0KWW91IGFyZSBjb3JyZWN0LCBJIGhhdmUgYWRkZWQgYW4gaXNzdWUgdG8gdXBkYXRlLCBodHRw czovL2dpdGh1Yi5jb20vZXJ3YWgvaWV0Zi9pc3N1ZXMvMjINCg0KDQp7IDE6ICJjb2FwOi8vYXMu ZXhhbXBsZS5jb208aHR0cDovL2FzLmV4YW1wbGUuY29tPiIsIDI6ICJlcmlrdyIsIDM6ICJjb2Fw Oi8vbGlnaHQuZXhhbXBsZS5jb208aHR0cDovL2xpZ2h0LmV4YW1wbGUuY29tPiIsIDQ6DQoxKDE0 NDQwNjQ5NDQpLCA1OiAxKDE0NDM5NDQ5NDQpLCA2OiAxKDE0NDM5NDQ5NDQpLDc6IGgnMGI3MSd9 DQoNCk9yDQoNCmE3ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIG1hcCg3 KQ0KICAgMDEgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgdW5zaWduZWQoMSkN CiAgIDc1ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIHRleHQoMjEpDQogICAg ICA2MzZmNjE3MDNhMmYyZjYxNzMyZTY1Nzg2MTZkNzA2YzY1MmU2MzZmNmQgIyAiY29hcDovL2Fz LmV4YW1wbGUuY29tPGh0dHA6Ly9hcy5leGFtcGxlLmNvbT4iDQogICAwMiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIyB1bnNpZ25lZCgyKQ0KICAgNjUgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICMgdGV4dCg1KQ0KICAgICAgNjU3MjY5NmI3NyAgICAgICAgICAg ICAgICAgICAgICAgICMgImVyaWt3Ig0KICAgMDMgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICMgdW5zaWduZWQoMykNCiAgIDc4IDE4ICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAjIHRleHQoMjQpDQogICAgICA2MzZmNjE3MDNhMmYyZjZjNjk2NzY4NzQyZTY1Nzg2MTZk NzA2YzY1MmU2MzZmNmQgIw0KImNvYXA6Ly9saWdodC5leGFtcGxlLmNvbTxodHRwOi8vbGlnaHQu ZXhhbXBsZS5jb20+Ig0KICAgMDQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMg dW5zaWduZWQoNCkNCiAgIGMxICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIHRh ZygxKQ0KICAgICAgMWEgNTYxMmFlYjAgICAgICAgICAgICAgICAgICAgICAgICMgdW5zaWduZWQo MTQ0NDA2NDk0NCkNCiAgIDA1ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIHVu c2lnbmVkKDUpDQogICBjMSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyB0YWco MSkNCiAgICAgIDFhIDU2MTBkOWYwICAgICAgICAgICAgICAgICAgICAgICAjIHVuc2lnbmVkKDE0 NDM5NDQ5NDQpDQogICAwNiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyB1bnNp Z25lZCg2KQ0KICAgYzEgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgdGFnKDEp DQogICAgICAxYSA1NjEwZDlmMCAgICAgICAgICAgICAgICAgICAgICAgIyB1bnNpZ25lZCgxNDQz OTQ0OTQ0KQ0KICAgMDcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgdW5zaWdu ZWQoNykNCiAgIDQyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIGJ5dGVzKDIp DQogICAgICAwYjcxICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyAiXHZxIg0KDQpOb3Rl IHRoZSBhZGRpdGlvbmFsIHRhZ2dpbmcgd2hpY2ggaXMgcmVxdWlyZWQuDQoNCg0KX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkFjZSBtYWlsaW5nIGxpc3QN CkFjZUBpZXRmLm9yZzxtYWlsdG86QWNlQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9hY2UNCg0K --_000_DM5PR21MB05056C9A30088E02D055EDBCF50D0DM5PR21MB0505namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1z b25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCglt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTIuMHB0Ow0K CWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLHNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4 DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmOw0KCWNvbG9yOiMwMDIwNjA7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBp biAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rp b24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1 bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEt LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzpp ZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtl bmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0i cHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzAwMjA2MCI+TGV0IG1lIHNlY29uZCB0aGUgdGhhbmtz IGZvciB0aGUgdGhvcm91Z2ggcmV2aWV3LCBKaW0sIGFuZCBlc3BlY2lhbGx5IGZvciB2YWxpZGF0 aW5nIHRoZSBleGFtcGxlcy4mbmJzcDsgUmVwbGllcyB0byBzb21lIG9mIHRoZSBwb2ludHMgYXJl IGlubGluZeKApjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzAwMjA2MCI+Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzAwMjA2 MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gU2FtdWVs IEVyZHRtYW4gW21haWx0bzpzYW11ZWxAZXJkdG1hbi5zZV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBT dW5kYXksIEFwcmlsIDIsIDIwMTcgMTA6NTggUE08YnI+DQo8Yj5Ubzo8L2I+IEppbSBTY2hhYWQg Jmx0O2lldGZAYXVndXN0Y2VsbGFycy5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBkcmFmdC1pZXRm LWFjZS1jYm9yLXdlYi10b2tlbkBpZXRmLm9yZzsgYWNlICZsdDtBY2VAaWV0Zi5vcmcmZ3Q7PGJy Pg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbQWNlXSBSZXZpZXcgb2YgZHJhZnQtaWV0Zi1hY2UtY2Jv ci13ZWItdG9rZW4tMDM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5UaGFua3MgZm9yIHRoZSByZXZpZXcgSmlt LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TZWUgaW5saW5l IGNvbW1lbnRzPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gU2F0LCBB cHIgMSwgMjAxNyBhdCA1OjAzIEFNLCBKaW0gU2NoYWFkICZsdDs8YSBocmVmPSJtYWlsdG86aWV0 ZkBhdWd1c3RjZWxsYXJzLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmlldGZAYXVndXN0Y2VsbGFycy5j b208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAw aW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5HaXZlbiB0aGF0IGl0IHdhcyBzdGF0ZWQgdGhhdCB0aGUgYXV0aG9ycyBiZWxp ZXZlIHRoYXQgdGhlIGRvY3VtZW50IHdhczxicj4NCnJlYWR5IGZvciBwdWJsaWNhdGlvbiwgSSBk ZWNpZGVkIHRvIGRvIGFub3RoZXIgcmV2aWV3IHBhc3MuPGJyPg0KPGJyPg0KMS4mbmJzcDsgRm9s bG93aW5nIHRoZSBkaXNjdXNzaW9uIGluIHRoZSBTRVQgV0cgbWVldGluZywgSSBiZWxpZXZlIHRo YXQgaXQgd291bGQ8YnI+DQpiZSByZWFzb25hYmxlIHRvIGRlZmluZSBzb21lIGlucHV0cyBmb3Ig dGhlIGV4dGVybmFsIGRhdGEgZmllbGRzIHRvIGFsbG93PGJyPg0KZm9yIGRpc3Rpbmd1aXNoaW5n IGJldHdlZW4gdGhlIGRpZmZlcmVudCB1c2VzIG9mIEpXVCBzdHJ1Y3R1cmVzLiZuYnNwOyBMYW5n dWFnZTxicj4NCmFib3V0IGRpZmZlcmVudCBhcHBsaWNhdGlvbnMgZXh0ZW5kaW5nIHRoaXMgc3Ry dWN0dXJlIHdvdWxkIGFsc28gYmU8YnI+DQpyZWFzb25hYmxlLjxvOnA+PC9vOnA+PC9wPg0KPC9i bG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSB3YXMgbm90IHBhcnQg b2YgdGhhdCBkaXNjdXNzaW9uLCBjb3VsZCB5b3UgcGxlYXNlIGxpbmsgdG8gc29tZSByZXNvdXJj ZSBvciBub3RlcyBmcm9tIHRoYXQgbWVldGluZy48YnI+DQo8YnI+DQo8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj5JbiB0 aGUgU2VjRXZlbnQgV0csIGFmdGVyIEkgZ2F2ZSB0aGlzDQo8YSBocmVmPSJodHRwczovL3d3dy5p ZXRmLm9yZy9wcm9jZWVkaW5ncy85OC9zbGlkZXMvc2xpZGVzLTk4LXNlY2V2ZW50LWpvc2Vqd3Qt c2VjdXJpdHktdXBkYXRlLTAwLnBkZiI+DQppbnZpdGVkIHByZXNlbnRhdGlvbiBvbiBKT1NFL0pX VCBzZWN1cml0eTwvYT4sIHRoZXJlIHdhcyBhIGRpc2N1c3Npb24gb24gd2hldGhlciBpdCB3b3Vs ZCBiZSB1c2VmdWwgdG8gZG9jdW1lbnQgYmVzdCBwcmFjdGljZXMgb24gdXNpbmcgSldUcy4mbmJz cDsgQWZ0ZXIgdGhlIHJlcGVhdGluZyB0aGUgc2FtZSBwcmVzZW50YXRpb24gaW4gdGhlIE9BdXRo IHdvcmtpbmcgZ3JvdXAsIGl0IHdhcyBhZ3JlZWQgdGhhdCB3ZSB3b3VsZCBkbyB0aGF0IGFuZCBJ IHdvdWxkDQogd3JpdGUgZG93biBzb21lIG9mIHRoZSBwb3NzaWJsZSBpc3N1ZXMgdXNpbmcgSldU cyBhbmQgbWl0aWdhdGlvbnMuJm5ic3A7IFNvbWUgb2YgdGhpcyB3aWxsIGJlIGluIHRoZSBmb3Jt IG9mIGFkdmljZSB0byBpbXBsZW1lbnRlcnMuJm5ic3A7IFNvbWUgb2YgaXQgd2lsbCBiZSBhZHZp Y2UgdG8gcHJvdG9jb2wgZGVzaWduZXJzLiZuYnNwOyBHaXZlbiB0aGF0IENXVHMgYXJlIGludGVu dGlvbmFsbHkgcGFyYWxsZWwgdG8gSldUcywgSSBleHBlY3QgdGhhdCBtdWNoIG9mIHRoZQ0KIEpX VCBCQ1AgbGFuZ3VhZ2Ugd2lsbCBhbHNvIGFwcGx5IHRvIENXVHMuJm5ic3A7IEnigJlsbCBtYWtl IGEgbWVudGFsIG5vdGUgdG8gYWxzbyBiZSB0aGlua2luZyBhYm91dCBDV1RzIHdoZW4gd3JpdGlu ZyBhYm91dCBKV1RzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpz b2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6 NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj4yLiZuYnNwOyBJIGRvIG5vdCBrbm93IGlmIHRoZSBhdXRob3JzIGxvb2tlZCBhdCBjaGFu Z2luZyB0aGUgVHlwZTNTdHJpbmdPclVSSSBzbzxicj4NCnRoYXQgaXQgd291bGQgZXhwbGljaXRs eSB0YWcgVVJJcyBvciBub3QuJm5ic3A7IEkgZG8gbm8gcmVtZW1iZXIgc2VlaW5nIGFueTxicj4N CmRpc2N1c3Npb25zIG9uIHRoZSBsaXN0IGJ1dCBoYXZlIG5vdCBnb25lIGJhY2sgdG8gc2VhcmNo PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj5XZSBoYXZlIG5vIGxvb2tlZCBhdCBjaGFuZ2luZyB0aGlzLiBJcyB0aGVyZSBhbnkgZ29v ZCBtb3RpdmF0aW9uIGZvciBhY3R1YWxseSBkb2luZyB0aGlzIGNoYW5nZT88bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+SGF2aW5nIGl0IGp1c3QgYmUgYSBzdHJp bmcgYXMgaXQgaXMgbm93IGlzIHBhcmFsbGVsIHdpdGggSldUcyAod2hpY2ggZG9u4oCZdCBoYXZl IHRoZSB0YWdnaW5nIG9wdGlvbiBhdmFpbGFibGUgdG8gdGhlbSkuPC9zcGFuPiZuYnNwOzxzcGFu IHN0eWxlPSJjb2xvcjojMDAyMDYwIj5NeSBpbmNsaW5hdGlvbiBpcyB0byBrZWVwIGl0IHBhcmFs bGVsLiZuYnNwOyBBbHRlcm5hdGl2ZWx5LA0KIHdlIGNvdWxkIHNheSB0aGF0IGl04oCZcyBhbHNv IGxlZ2FsIHRvIHRhZyB0aGUgdmFsdWUgYXMgYSBVUkkgaWYgaXQgaXMgb25lLiZuYnNwOyBXaGF0 IGRvIG90aGVycyB0aGluaz88L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxl ZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1s ZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0K My4mbmJzcDsgSSBmaW5kIHRoZSBkZXNjcmlwdGlvbiBvZiBUeXBlNk51bWVyaWNEYXRlIHRvIGJl IHNsaWdodGx5IGNvbmZ1c2luZyBhczxicj4NCml0IGFwcGVhcnMgdG8gaW1wbHkgdGhhdCB0aGlz IGlzIG5vdCB1c2luZyBhIG51bWVyaWMgdmFsdWUgd2hlbiBpdCBkb2VzLjxvOnA+PC9vOnA+PC9w Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1ib3R0b206MTIuMHB0Ij5JIHRoaW5rIHRoZSBpZGVhIGlzIHRvIHNheSB0aGF0IGl0IGlz IG5vdCBhIEpTT04gbnVtYmVyIGJ1dCBhIENCT1IgbnVtYmVyLiBJIGhhdmUgYWRkZWQgYSB0aWNr ZXQgdG8gbG9vayBhdCB0aGUgd29yZGluZy48YnI+DQo8YSBocmVmPSJodHRwczovL2dpdGh1Yi5j b20vZXJ3YWgvaWV0Zi9pc3N1ZXMvMjgiPmh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRmL2lz c3Vlcy8yODwvYT48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5JIGFncmVlIHRoYXQgY2xlYXJlciB3 b3JkaW5nIGNhbiBiZSB1c2VkLCB0YWxraW5nIGFib3V0IGEgQ0JPUiBudW1iZXIgdGFnZ2VkIGFz IGEgbnVtZXJpYyBkYXRlLjwvc3Bhbj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFy Z2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 YnI+DQo0LiZuYnNwOyBUaGUgYXV0aG9ycyBuZWVkIHRvIGxvb2sgYXQgdGhlaXIgdXNlIG9mIFR5 cGU2TnVtZXJpY0RhdGUgYW5kIGRldGVybWluZTxicj4NCmlmIHRoaXMgaXMgd2hhdCB0aGV5IHJl YWxseSB3YW50IHRvIGRvLiZuYnNwOyBBbGwgb2YgdGhlIGV4YW1wbGVzIGFyZSBpbmNvcnJlY3Q8 YnI+DQpiZWNhdXNlIG9mIHRoaXMgdGFnIHVzYWdlLjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1 b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RXhhbXBsZXMgc2hvdWxkIGJlIHVw ZGF0ZWQsIHNlZSBiZWxvdzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6 MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48YnI+DQo1LiZuYnNwOyBBZnRlciB0aGUgZGlzY3Vzc2lvbnMg aW4gdGhlIFNFVCBncm91cCwgZG8gdGhlIGF1dGhvcnMgd2hpY2ggdG88YnI+DQpyZS1jb25zaWRl ciB0aGUgTVVTVCBpZ25vcmUgc3RhdGVtZW50IGluIHRoZSBmaXJzdCBwYXJhZ3JhcGggb2Ygc2Vj dGlvbiAzPzxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SSBoYXZlIG5vdCBzZWVuIHRoZSBTRVQgZ3JvdXAgZGlzY3Vzc2lvbiBjb3Vs ZCB5b3UgcGxlYXNlIGxpbmsgdG8gaXQuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMwMDIwNjAiPklnbm9yaW5nIGNsYWltcyB0aGF0IGFyZSBub3QgdW5kZXJzdG9vZCBp cyBjcml0aWNhbCB0byBleHRlbnNpYmlsaXR5LiZuYnNwOyBJdOKAmXMgc2VydmVkIEpXVHMgd2Vs bCBhbmQgd2lsbCBzZXJ2ZSBDV1RzIHdlbGwgaW4gdGhlIHNhbWUgcmVnYXJkLiZuYnNwOyBXaXRo b3V0IHRoaXMsIGV2ZXJ5DQogc3lzdGVtIHVzaW5nIGEgQ1dUIHdvdWxkIGJlIGJyaXR0bGUgYnkg ZGVzaWduLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAj Q0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7 bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnI+DQo2LiZuYnNwOyBU aGUgc3RyaW5nICZxdW90OzYgdGFnIHZhbHVlIDEmcXVvdDsgaXMgbm9ybWFsbHkgd3JpdHRlbiBh cyAmcXVvdDs2LjEmcXVvdDsgd2hlbiBsb29raW5nIGF0PGJyPg0KcHJldHR5LXByaW50ZWQgQ0JP UiBkaWFnbm9zdGljcy4mbmJzcDsgJm5ic3A7VGhpcyB3b3VsZCBiZSBjbGVhcmVyIHRoYW4gd2hh dCBpczxicj4NCndyaXR0ZW4uPG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0KR29vZCBpbnB1dCwgSSBoYXZlIGNyZWF0ZSBhbiBp c3N1ZSB0byB1cGRhdGUgdGhpcywgPGEgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2ll dGYvaXNzdWVzLzI2Ij4NCmh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRmL2lzc3Vlcy8yNjwv YT48YnI+DQombmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4g MGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxicj4NCjcuJm5ic3A7IFRoZSB0ZXh0IHNob3VsZCBiZSBhbHRlcmVk IHRvIHVzZSBhIFRCRCBmb3IgdGhlIENXVCB0YWcgcmF0aGVyIHRoYW48YnI+DQp1c2luZyBhIGNv bnN0YW50IHNvIHRoaXMgaXMgaGlnaGxpZ2h0ZWQuPG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVv dGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Hb29kIGlucHV0LCBJIGhhdmUgY3Jl YXRlIGFuIGlzc3VlIHRvIHVwZGF0ZSB0aGlzLCA8YSBocmVmPSJodHRwczovL2dpdGh1Yi5jb20v ZXJ3YWgvaWV0Zi9pc3N1ZXMvMjUiPg0KaHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2lldGYvaXNz dWVzLzI1PC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6IzAwMjA2MCI+SSBkaXNhZ3JlZSB3aXRoIHRoaXMuJm5ic3A7IFRoZSB2 YWx1ZXMgaW4gdGhlIHJlZ2lzdHJ5IGFyZSBhbHJlYWR5IG1hcmtlZCBhcyDigJxUQkQgKG1heWJl IDYxKeKAnS4mbmJzcDsgSXQgd291bGQganVzdCBhZGQgY2x1dHRlciwgZGV0cmFjdGluZyBmcm9t IHRoZSByZWFkYWJpbGl0eSBvZiB0aGUgc3BlYywNCiB0byByZXBsaWNhdGUgdGhpcyBlbHNld2hl cmUuJm5ic3A7IEJlc2lkZXMsIHRoZSBleGFtcGxlcyBuZWVkIGEgc3BlY2lmaWMgbnVtYmVyLiZu YnNwOyBJZiBJQU5BIGNoYW5nZXMgdGhlIG51bWJlciwgd2Ugd2lsbCBvZiBjb3Vyc2UsIHVwZGF0 ZSB0aGUgc3BlYyBhY2NvcmRpbmdseSwgb25jZSBhIGZpbmFsIGFzc2lnbm1lbnQgaXMgZGV0ZXJt aW5lZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBp biAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48YnI+DQo4LiZuYnNwOyBUaGUgbm90ZSBmb3Igc3RlcCA1IGluIHNlY3Rp b24gNi4xIGlzIHByb2JsZW1hdGljIGZyb20gYSBudW1iZXIgb2Y8YnI+DQp0aGluZ3MuJm5ic3A7 IEEpIEFFQUQgYWxnb3JpdGhtcyBhcmUgcmVxdWlyZWQsIHNvIGl0IGlzIG5vdCBjbGVhciB0aGF0 IHRoZTxicj4NCnJlY29tbWVuZGF0aW9uIG1ha2VzIHNlbnNlLiZuYnNwOyBCKSB0aGVyZSBpcyBh IGJpZyBkaWZmZXJlbmNlIGJldHdlZW4gc2lnbmluZzxicj4NCmFuZCBNQUNpbmcgaW4gdGVybXMg b2YgdGhlIGFtb3VudCBhbmQgdHlwZSBvZiBpbnRlZ3JpdHkgcHJvdmlkZWQuJm5ic3A7IFJlcGxh Y2luZzxicj4NCnNpZ25pbmcgdy8gQUVBRCBsb3NlcyBhIGxvdC48bzpwPjwvbzpwPjwvcD4NCjwv YmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgdGhpbmsgeW91IGFy ZSBjb3JyZWN0IGFuZCBJIGhhdmUgY29uc2lkZXJlZCByZW1vdmluZyBpdCwgSSBhZGRlZCBpbiBp biBhbiBlYXJseSBhdHRlbXB0IHRvIGJlIHNtYXJ0LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBoYXZlIGFkZGVkIGEgaXNzdWUgdG8gZXZhbHVh dGUgdGhlIHZhbHVlIG9mIHRoaXMgc3RhdGVtZW50IGFuZCByZW1vdmUgaWYgY29uc2lkZXJlZCB1 c2VsZXNzLjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9lcndhaC9pZXRmL2lzc3Vl cy8yNCI+aHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2lldGYvaXNzdWVzLzI0PC9hPjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMwMDIwNjAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj5JIGFncmVlIHdpdGggZGVs ZXRpbmcgaXQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48YnI+DQo5LiZuYnNwOyBTdGVwIDYgaW4gc2VjdGlvbiA2LjEgZG9lcyBub3QgYWdyZWUg dy8gdGhlIGxhbmd1YWdlIGluIHNlY3Rpb24gNS4mbmJzcDsgTVVTVDxicj4NCnZzIG1heWJlLjxv OnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+SSBzZWUgeW91ciBwb2ludC4gSSBoYXZlIGFkZGVkIGEgdGlja2V0IHRvIGxvb2sgb3ZlciB0 aGUgY3JlYXRlIGFuZCB2ZXJpZnkgc3RlcHMgdG8gbWFrZSBzdXJlIHRoZXkgYXJlIGNvbnNpc3Rl bnQuPGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2lldGYvaXNzdWVzLzI3 Ij5odHRwczovL2dpdGh1Yi5jb20vZXJ3YWgvaWV0Zi9pc3N1ZXMvMjc8L2E+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s b3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMwMDIwNjAiPlNlY3Rpb24gNSBzYXlzIHRoYXQg dXNlIG9mIHRoZSBDQk9SIHRhZyBpcyBvcHRpb25hbC4mbmJzcDsgQnV0IEkgc2VlIHRoYXQgdGhl IGxhbmd1YWdlIOKAnDwvc3Bhbj48c3BhbiBsYW5nPSJFTiI+VGhlIENXVCB0YWcgTVVTVCBwcmVm aXggYSB0YWdnZWQgb2JqZWN0PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj7i gJ0NCiBjb3VsZCBiZSBtaXNpbnRlcnByZXRlZC4mbmJzcDsgV2UgY291bGQgY2hhbmdlIHRoaXMg dG8g4oCcSWYgcHJlc2VudCwgdDwvc3Bhbj48c3BhbiBsYW5nPSJFTiI+aGUgQ1dUIHRhZyBNVVNU IHByZWZpeCBhIHRhZ2dlZCBvYmplY3Q8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMwMDIw NjAiPuKAnS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWY7Y29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg I0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi1yaWdodDowaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0KMTAuJm5ic3A7 IEluIHN0YXJ0aW5nIHRvIHZlcmlmeSB0aGUgZXhhbXBsZXMgSSByYW4gYWNyb3NzIHRoZSBmb2xs b3dpbmcgdHdvPGJyPg0KaXNzdWVzOjxicj4NCjxicj4NCmEpIFRoZSBoZXggc3RyaW5nIGFuZCB0 aGUgZGlhZ25vc3RpYyBub3RhdGlvbiBhcmUgZXF1aXZhbGVudCwgYnV0IHRoZXkgYXJlPGJyPg0K bm90IHRoZSBzYW1lLiZuYnNwOyBTcGVjaWZpY2FsbHksIHRoZSBvcmRlciBvZiBjbGFpbXMgaXMg bm90IHRoZSBzYW1lLiZuYnNwOyA8YSBocmVmPSJodHRwOi8vQ0JPUi5NRSIgdGFyZ2V0PSJfYmxh bmsiPg0KQ0JPUi5NRTwvYT48YnI+DQpnaXZlczxicj4NCjxicj4NCnsyOiAmcXVvdDtlcmlrdyZx dW90OywgMzogJnF1b3Q7Y29hcDovLzxhIGhyZWY9Imh0dHA6Ly9saWdodC5leGFtcGxlLmNvbSIg dGFyZ2V0PSJfYmxhbmsiPmxpZ2h0LmV4YW1wbGUuY29tPC9hPiZxdW90OywgNDogMTQ0NDA2NDk0 NCwgNTogMTQ0Mzk0NDk0NCwgNjo8YnI+DQoxNDQzOTQ0OTQ0LCAxOiAmcXVvdDtjb2FwOi8vPGEg aHJlZj0iaHR0cDovL2FzLmV4YW1wbGUuY29tIiB0YXJnZXQ9Il9ibGFuayI+YXMuZXhhbXBsZS5j b208L2E+JnF1b3Q7LCA3OiBoJzBiNzEnfTxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBoYXZlIGNyZWF0ZSBhIGlzc3VlIHRvIG1h a2UgdGhlbSB0aGUgc2FtZSB0byBtYWtlIHJlYWRpbmcgYW5kIHRlc3RpbmcgZWFzaWVyLA0KPGEg aHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2Vyd2FoL2lldGYvaXNzdWVzLzIzIj5odHRwczovL2dp dGh1Yi5jb20vZXJ3YWgvaWV0Zi9pc3N1ZXMvMjM8L2E+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0ND Q0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJn aW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxicj4NCmIpIFRoZSBlbmNvZGlu ZyBvZiBzb21lIG9mIHRoZSBjbGFpbXMgaXMgaW5jb3JyZWN0IGFjY29yZGluZyB0byB0aGU8YnI+ DQpkb2N1bWVudC4mbmJzcDsgSXQgc2hvdWxkIGJlPG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVv dGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Zb3UgYXJlIGNvcnJlY3QsIEkgaGF2 ZSBhZGRlZCBhbiBpc3N1ZSB0byB1cGRhdGUsIDxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9l cndhaC9pZXRmL2lzc3Vlcy8yMiI+DQpodHRwczovL2dpdGh1Yi5jb20vZXJ3YWgvaWV0Zi9pc3N1 ZXMvMjI8L2E+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJv cmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGlu IDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxicj4NCnsgMTogJnF1b3Q7Y29hcDovLzxhIGhyZWY9Imh0dHA6Ly9hcy5l eGFtcGxlLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFzLmV4YW1wbGUuY29tPC9hPiZxdW90OywgMjog JnF1b3Q7ZXJpa3cmcXVvdDssIDM6ICZxdW90O2NvYXA6Ly88YSBocmVmPSJodHRwOi8vbGlnaHQu ZXhhbXBsZS5jb20iIHRhcmdldD0iX2JsYW5rIj5saWdodC5leGFtcGxlLmNvbTwvYT4mcXVvdDss IDQ6PGJyPg0KMSgxNDQ0MDY0OTQ0KSwgNTogMSgxNDQzOTQ0OTQ0KSwgNjogMSgxNDQzOTQ0OTQ0 KSw3OiBoJzBiNzEnfTxicj4NCjxicj4NCk9yPGJyPg0KPGJyPg0KYTcmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgIyBtYXAoNyk8YnI+DQombmJzcDsgJm5ic3A7MDEmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyMgdW5zaWduZWQoMSk8 YnI+DQombmJzcDsgJm5ic3A7NzUmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyMgdGV4dCgyMSk8YnI+DQombmJzcDsgJm5i c3A7ICZuYnNwOyA2MzZmNjE3MDNhMmYyZjYxNzMyZTY1Nzg2MTZkNzA2YzY1MmU2MzZmNmQgIyAm cXVvdDtjb2FwOi8vPGEgaHJlZj0iaHR0cDovL2FzLmV4YW1wbGUuY29tIiB0YXJnZXQ9Il9ibGFu ayI+YXMuZXhhbXBsZS5jb208L2E+JnF1b3Q7PGJyPg0KJm5ic3A7ICZuYnNwOzAyJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsjIHVuc2lnbmVkKDIpPGJyPg0KJm5ic3A7ICZuYnNwOzY1Jm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHRleHQoNSk8 YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyA2NTcyNjk2Yjc3Jm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgIyAmcXVvdDtlcmlrdyZxdW90Ozxicj4NCiZuYnNwOyAmbmJzcDswMyZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 IyB1bnNpZ25lZCgzKTxicj4NCiZuYnNwOyAmbmJzcDs3OCAxOCZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAjIHRleHQoMjQpPGJyPg0KJm5ic3A7 ICZuYnNwOyAmbmJzcDsgNjM2ZjYxNzAzYTJmMmY2YzY5Njc2ODc0MmU2NTc4NjE2ZDcwNmM2NTJl NjM2ZjZkICM8YnI+DQomcXVvdDtjb2FwOi8vPGEgaHJlZj0iaHR0cDovL2xpZ2h0LmV4YW1wbGUu Y29tIiB0YXJnZXQ9Il9ibGFuayI+bGlnaHQuZXhhbXBsZS5jb208L2E+JnF1b3Q7PGJyPg0KJm5i c3A7ICZuYnNwOzA0Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDQpPGJyPg0KJm5ic3A7ICZuYnNwO2Mx Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsjIHRhZygxKTxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7IDFhIDU2MTJhZWIw Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDE0NDQwNjQ5NDQpPGJyPg0KJm5i c3A7ICZuYnNwOzA1Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDUpPGJyPg0KJm5ic3A7ICZuYnNwO2Mx Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsjIHRhZygxKTxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7IDFhIDU2MTBkOWYw Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDE0NDM5NDQ5NDQpPGJyPg0KJm5i c3A7ICZuYnNwOzA2Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDYpPGJyPg0KJm5ic3A7ICZuYnNwO2Mx Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsjIHRhZygxKTxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7IDFhIDU2MTBkOWYw Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDE0NDM5NDQ5NDQpPGJyPg0KJm5i c3A7ICZuYnNwOzA3Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsjIHVuc2lnbmVkKDcpPGJyPg0KJm5ic3A7ICZuYnNwOzQy Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsjIGJ5dGVzKDIpPGJyPg0KJm5ic3A7ICZuYnNwOyAmbmJzcDsgMGI3MSZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICMgJnF1b3Q7XHZxJnF1 b3Q7PGJyPg0KPGJyPg0KTm90ZSB0aGUgYWRkaXRpb25hbCB0YWdnaW5nIHdoaWNoIGlzIHJlcXVp cmVkLjxicj4NCjxicj4NCjxicj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fPGJyPg0KQWNlIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpB Y2VAaWV0Zi5vcmciPkFjZUBpZXRmLm9yZzwvYT48YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2FjZSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vYWNlPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9j a3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_DM5PR21MB05056C9A30088E02D055EDBCF50D0DM5PR21MB0505namp_-- From nobody Wed Apr 5 18:32:33 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBCF8124BE8; Wed, 5 Apr 2017 18:32:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b0KdolX-5zVk; Wed, 5 Apr 2017 18:32:28 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2853C127077; Wed, 5 Apr 2017 18:32:27 -0700 (PDT) Content-Type: multipart/alternative; boundary="----=_NextPart_000_016E_01D2AE3A.F288BF30" Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491442340; h=from:subject:to:date:message-id; bh=VcXmUrbk5oaStWyOlNnBTZlnAez+yhwtrb3NHprWCgA=; b=H/gX58vtuS5clW0D46RqhF0B+9NOSUcFhMEtS84L8iL7MVIUUs2UOx8g0+Bnjrx0pdvjzFo1GKE aqAjVlRDbcSdJ5KnGYgSL5Gvqw3X2KOOTlEoW3BdEftfw8l4xABrc6KEx8F1KwxbC93CVQaOlT8uY JYCZtYSYI03LjCkfWNaU3yAFOVw9VTpK7b5AHhSurc1NxbBgIbBR4hTbrZhNKLzTG0GNIBacQpqCf 38QSXNGc8BlJDo7AyBaiYZfKu7KyJ0vRqvWIWnag3xT7GQe0c4qxMQJEuMwriavPAaD2tUCx0Mv9s 89P5JJN455KrpjK4MW29e8yNGwjPV1zfA08w== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 5 Apr 2017 18:32:19 -0700 Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 5 Apr 2017 18:32:13 -0700 From: Jim Schaad To: 'Mike Jones' , 'Samuel Erdtman' CC: , 'ace' References: <010201d2aa94$957b6760$c0723620$@augustcellars.com> In-Reply-To: Date: Wed, 5 Apr 2017 18:32:11 -0700 Message-ID: <016d01d2ae75$9ee28e20$dca7aa60$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQFLp/+ayhouGyHzbCNSCHQOOqf2BgIsy6i3AfQyg9OipJJV8A== X-Originating-IP: [24.21.96.37] Archived-At: Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 01:32:32 -0000 ------=_NextPart_000_016E_01D2AE3A.F288BF30 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =20 =20 From: Mike Jones [mailto:Michael.Jones@microsoft.com]=20 Sent: Wednesday, April 5, 2017 6:02 PM To: Samuel Erdtman ; Jim Schaad = Cc: draft-ietf-ace-cbor-web-token@ietf.org; ace Subject: RE: [Ace] Review of draft-ietf-ace-cbor-web-token-03 =20 Let me second the thanks for the thorough review, Jim, and especially = for validating the examples. Replies to some of the points are = inline=E2=80=A6 =20 -- Mike =20 From: Samuel Erdtman [mailto:samuel@erdtman.se]=20 Sent: Sunday, April 2, 2017 10:58 PM To: Jim Schaad > Cc: draft-ietf-ace-cbor-web-token@ietf.org = ; ace > Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03 =20 Thanks for the review Jim, See inline comments =20 On Sat, Apr 1, 2017 at 5:03 AM, Jim Schaad > wrote: Given that it was stated that the authors believe that the document was ready for publication, I decided to do another review pass. 1. Following the discussion in the SET WG meeting, I believe that it = would be reasonable to define some inputs for the external data fields to = allow for distinguishing between the different uses of JWT structures. = Language about different applications extending this structure would also be reasonable. =20 I was not part of that discussion, could you please link to some = resource or notes from that meeting. In the SecEvent WG, after I gave this invited presentation on JOSE/JWT = security = , there was a discussion on whether it would be = useful to document best practices on using JWTs. After the repeating = the same presentation in the OAuth working group, it was agreed that we = would do that and I would write down some of the possible issues using = JWTs and mitigations. Some of this will be in the form of advice to = implementers. Some of it will be advice to protocol designers. Given = that CWTs are intentionally parallel to JWTs, I expect that much of the = JWT BCP language will also apply to CWTs. I=E2=80=99ll make a mental = note to also be thinking about CWTs when writing about JWTs. =20 =20 2. I do not know if the authors looked at changing the Type3StringOrURI = so that it would explicitly tag URIs or not. I do no remember seeing any discussions on the list but have not gone back to search =20 We have no looked at changing this. Is there any good motivation for = actually doing this change? =20 Having it just be a string as it is now is parallel with JWTs (which = don=E2=80=99t have the tagging option available to them). My inclination = is to keep it parallel. Alternatively, we could say that it=E2=80=99s = also legal to tag the value as a URI if it is one. What do others = think? =20 3. I find the description of Type6NumericDate to be slightly confusing = as it appears to imply that this is not using a numeric value when it does. =20 I think the idea is to say that it is not a JSON number but a CBOR = number. I have added a ticket to look at the wording. https://github.com/erwah/ietf/issues/28 I agree that clearer wording can be used, talking about a CBOR number = tagged as a numeric date.=20 =20 4. The authors need to look at their use of Type6NumericDate and = determine if this is what they really want to do. All of the examples are = incorrect because of this tag usage. =20 Examples should be updated, see below =20 5. After the discussions in the SET group, do the authors which to re-consider the MUST ignore statement in the first paragraph of section = 3? =20 I have not seen the SET group discussion could you please link to it. =20 Ignoring claims that are not understood is critical to extensibility. = It=E2=80=99s served JWTs well and will serve CWTs well in the same = regard. Without this, every system using a CWT would be brittle by = design. =20 6. The string "6 tag value 1" is normally written as "6.1" when looking = at pretty-printed CBOR diagnostics. This would be clearer than what is written. Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/26 =20 7. The text should be altered to use a TBD for the CWT tag rather than using a constant so this is highlighted. =20 Good input, I have create an issue to update this, = https://github.com/erwah/ietf/issues/25 =20 I disagree with this. The values in the registry are already marked as = =E2=80=9CTBD (maybe 61)=E2=80=9D. It would just add clutter, detracting = from the readability of the spec, to replicate this elsewhere. Besides, = the examples need a specific number. If IANA changes the number, we = will of course, update the spec accordingly, once a final assignment is = determined. =20 =20 [JLS] =E2=80=93 This is the definition of point squatting. Looking at = the registry, the correct thing to do is to use 65000 (or something = between 65000 and 65535) which are defined as being experimental and not = for operation usage. The examples would then be regenerated when the = document is ready to progress or after you have actually received the = correct assignment in the registry. This is just good practice and the = right way to do things. You want to make sure that nobody implements = and deploys before the registration is actually done. =20 8. The note for step 5 in section 6.1 is problematic from a number of things. A) AEAD algorithms are required, so it is not clear that the recommendation makes sense. B) there is a big difference between = signing and MACing in terms of the amount and type of integrity provided. = Replacing signing w/ AEAD loses a lot. =20 I think you are correct and I have considered removing it, I added in in = an early attempt to be smart. I have added a issue to evaluate the value of this statement and remove = if considered useless. https://github.com/erwah/ietf/issues/24 =20 I agree with deleting it. =20 9. Step 6 in section 6.1 does not agree w/ the language in section 5. = MUST vs maybe. =20 I see your point. I have added a ticket to look over the create and = verify steps to make sure they are consistent. https://github.com/erwah/ietf/issues/27 =20 Section 5 says that use of the CBOR tag is optional. But I see that the = language =E2=80=9CThe CWT tag MUST prefix a tagged object=E2=80=9D could = be misinterpreted. We could change this to =E2=80=9CIf present, the CWT = tag MUST prefix a tagged object=E2=80=9D. =20 10. In starting to verify the examples I ran across the following two issues: a) The hex string and the diagnostic notation are equivalent, but they = are not the same. Specifically, the order of claims is not the same. = CBOR.ME =20 gives {2: "erikw", 3: "coap://light.example.com ", = 4: 1444064944, 5: 1443944944, 6: 1443944944, 1: "coap://as.example.com ", 7: = h'0b71'} =20 I have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah/ietf/issues/23 =20 b) The encoding of some of the claims is incorrect according to the document. It should be =20 You are correct, I have added an issue to update, = https://github.com/erwah/ietf/issues/22 =20 { 1: "coap://as.example.com ", 2: "erikw", 3: = "coap://light.example.com ", 4: 1(1444064944), 5: 1(1443944944), 6: 1(1443944944),7: h'0b71'} Or a7 # map(7) 01 # unsigned(1) 75 # text(21) 636f61703a2f2f61732e6578616d706c652e636f6d # = "coap://as.example.com " 02 # unsigned(2) 65 # text(5) 6572696b77 # "erikw" 03 # unsigned(3) 78 18 # text(24) 636f61703a2f2f6c696768742e6578616d706c652e636f6d # "coap://light.example.com " 04 # unsigned(4) c1 # tag(1) 1a 5612aeb0 # unsigned(1444064944) 05 # unsigned(5) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 06 # unsigned(6) c1 # tag(1) 1a 5610d9f0 # unsigned(1443944944) 07 # unsigned(7) 42 # bytes(2) 0b71 # "\vq" Note the additional tagging which is required. _______________________________________________ Ace mailing list Ace@ietf.org =20 https://www.ietf.org/mailman/listinfo/ace =20 ------=_NextPart_000_016E_01D2AE3A.F288BF30 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

 

From:<= /b> = Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: = Wednesday, April 5, 2017 6:02 PM
To: Samuel Erdtman = <samuel@erdtman.se>; Jim Schaad = <ietf@augustcellars.com>
Cc: = draft-ietf-ace-cbor-web-token@ietf.org; ace = <Ace@ietf.org>
Subject: RE: [Ace] Review of = draft-ietf-ace-cbor-web-token-03

 

Let me second the thanks for the thorough review, Jim, and especially = for validating the examples.  Replies to some of the points are = inline=E2=80=A6

 

            =             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;   -- Mike

 

From:<= /b> = Samuel Erdtman [mailto:samuel@erdtman.se] =
Sent: Sunday, April 2, 2017 10:58 PM
To: Jim Schaad = <ietf@augustcellars.com>
= Cc: draft-ietf-ace-cbo= r-web-token@ietf.org; ace <Ace@ietf.org>
Subject: Re: = [Ace] Review of draft-ietf-ace-cbor-web-token-03

 

Thanks for the review = Jim,

See inline = comments

 

On Sat, = Apr 1, 2017 at 5:03 AM, Jim Schaad <ietf@augustcellars.com> = wrote:

Given that it was stated that the authors = believe that the document was
ready for publication, I decided to do = another review pass.

1.  Following the discussion in the SET = WG meeting, I believe that it would
be reasonable to define some = inputs for the external data fields to allow
for distinguishing = between the different uses of JWT structures.  Language
about = different applications extending this structure would also = be
reasonable.

 

I was not part of that discussion, could = you please link to some resource or notes from that = meeting.

In the SecEvent WG, after I gave this invited presentation on JOSE/JWT = security, there was a discussion on whether it would be useful to = document best practices on using JWTs.  After the repeating the = same presentation in the OAuth working group, it was agreed that we = would do that and I would write down some of the possible issues using = JWTs and mitigations.  Some of this will be in the form of advice = to implementers.  Some of it will be advice to protocol = designers.  Given that CWTs are intentionally parallel to JWTs, I = expect that much of the JWT BCP language will also apply to CWTs.  = I=E2=80=99ll make a mental note to also be thinking about CWTs when = writing about JWTs.

 

 

2.  I do not know if the authors looked = at changing the Type3StringOrURI so
that it would explicitly tag URIs = or not.  I do no remember seeing any
discussions on the list but = have not gone back to search

 

We have no looked at changing this. Is there any good = motivation for actually doing this change?

 

Having it just be a = string as it is now is parallel with JWTs (which don=E2=80=99t have the = tagging option available to them). My inclination is to keep it parallel.  = Alternatively, we could say that it=E2=80=99s also legal to tag the = value as a URI if it is one.  What do others = think?

 


3.  I find the description of = Type6NumericDate to be slightly confusing as
it appears to imply that = this is not using a numeric value when it = does.

 

I think the idea is to say that it is not = a JSON number but a CBOR number. I have added a ticket to look at the = wording.
https://github.com/erwah= /ietf/issues/28

I agree that clearer wording can be used, = talking about a CBOR number tagged as a numeric = date. 

 


4.  The authors need to look at = their use of Type6NumericDate and determine
if this is what they = really want to do.  All of the examples are incorrect
because of = this tag usage.

 

Examples should be updated, see = below

 


5.  After the discussions in the SET = group, do the authors which to
re-consider the MUST ignore statement = in the first paragraph of section 3?

 

I = have not seen the SET group discussion could you please link to = it.

 

Ignoring claims that are not understood is critical to = extensibility.  It=E2=80=99s served JWTs well and will serve CWTs = well in the same regard.  Without this, every system using a CWT = would be brittle by design.

 


6.  The string "6 tag value = 1" is normally written as "6.1" when looking = at
pretty-printed CBOR diagnostics.   This would be clearer = than what is
written.


Good input, I have create an issue to update this, = https://github.com/erwah= /ietf/issues/26
 


7.  The text should be altered to = use a TBD for the CWT tag rather than
using a constant so this is = highlighted.

 

Good input, I have create an issue to update this, https://github.com/erwah= /ietf/issues/25

 

I disagree with this.  The values in the registry are already = marked as =E2=80=9CTBD (maybe 61)=E2=80=9D.  It would just add = clutter, detracting from the readability of the spec, to replicate this = elsewhere.  Besides, the examples need a specific number.  If = IANA changes the number, we will of course, update the spec accordingly, = once a final assignment is determined.

 

 

[JLS] = =E2=80=93 This is the definition of point squatting.=C2=A0 Looking at = the registry, the correct thing to do is to use 65000 (or something = between 65000 and 65535) which are defined as being experimental and not = for operation usage.=C2=A0 The examples would then be regenerated when = the document is ready to progress or after you have actually received = the correct assignment in the registry.=C2=A0=C2=A0 This is just good = practice and the right way to do things.=C2=A0 You want to make sure = that nobody implements and deploys before the registration is actually = done.

 


8.  The note for step 5 in section = 6.1 is problematic from a number of
things.  A) AEAD algorithms = are required, so it is not clear that the
recommendation makes = sense.  B) there is a big difference between signing
and MACing = in terms of the amount and type of integrity provided.  = Replacing
signing w/ AEAD loses a = lot.

 

I = think you are correct and I have considered removing it, I added in in = an early attempt to be smart.

I have added a issue to evaluate the value of this = statement and remove if considered useless.
https://github.com/erwah= /ietf/issues/24

 

I agree with deleting it.

 


9.  Step 6 in section 6.1 does not = agree w/ the language in section 5.  MUST
vs = maybe.

 

I = see your point. I have added a ticket to look over the create and verify = steps to make sure they are consistent.
https://github.com/erwah= /ietf/issues/27

 

Section 5 says that use of the CBOR tag is optional.  But I see = that the language =E2=80=9CThe CWT tag MUST = prefix a tagged object=E2=80=9D could be misinterpreted.  We could change this to = =E2=80=9CIf present, the CWT tag MUST prefix a = tagged object=E2=80=9D.

 


10.  In starting to verify the = examples I ran across the following two
issues:

a) The hex = string and the diagnostic notation are equivalent, but they are
not = the same.  Specifically, the order of claims is not the same.  = CBOR.ME
gives

{2: "erikw", 3: = "coap://light.example.com", 4: 1444064944, 5: = 1443944944, 6:
1443944944, 1: "coap://as.example.com", 7: = h'0b71'}

 

I = have create a issue to make them the same to make reading and testing = easier, https://github.com/erwah= /ietf/issues/23

 


b) The encoding of some of the claims is = incorrect according to the
document.  It should = be

 

You are correct, I have added an issue to update, https://github.com/erwah= /ietf/issues/22

 


{ 1: "coap://as.example.com", 2: "erikw", 3: = "coap://light.example.com", 4:
1(1444064944), 5: = 1(1443944944), 6: 1(1443944944),7: h'0b71'}

Or

a7  =                     =                 # = map(7)
   01            =                     =    # unsigned(1)
   75        =                     =        # text(21)
      = 636f61703a2f2f61732e6578616d706c652e636f6d # "coap://as.example.com"
   02  =                     =              # unsigned(2)
  =  65                  =                  # = text(5)
      6572696b77        =                 # = "erikw"
   03          =                     =      # unsigned(3)
   78 18    =                     =         # text(24)
      = 636f61703a2f2f6c696768742e6578616d706c652e636f6d #
"coap://light.example.com"
   04  =                     =              # unsigned(4)
  =  c1                  =                  # = tag(1)
      1a 5612aeb0        =                # = unsigned(1444064944)
   05        =                     =        # unsigned(5)
   c1    =                     =            # tag(1)
    =   1a 5610d9f0              =          # unsigned(1443944944)
  =  06                  =                  # = unsigned(6)
   c1            =                     =    # tag(1)
      1a 5610d9f0    =                    # = unsigned(1443944944)
   07        =                     =        # unsigned(7)
   42    =                     =            # bytes(2)
    =   0b71                =               # = "\vq"

Note the additional tagging which is = required.


_______________________________________________
A= ce mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

 

------=_NextPart_000_016E_01D2AE3A.F288BF30-- From nobody Thu Apr 13 10:37:15 2017 Return-Path: X-Original-To: ace@ietf.org Delivered-To: ace@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2007C12EAA1; Thu, 13 Apr 2017 10:37:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: internet-drafts@ietf.org To: Cc: ace@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.49.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <149210503308.15784.12806568451337218438@ietfa.amsl.com> Date: Thu, 13 Apr 2017 10:37:13 -0700 Archived-At: Subject: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-04.txt X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 17:37:13 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments of the IETF. Title : CBOR Web Token (CWT) Authors : Michael B. Jones Erik Wahlström Samuel Erdtman Hannes Tschofenig Filename : draft-ietf-ace-cbor-web-token-04.txt Pages : 21 Date : 2017-04-13 Abstract: CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/ value pair consisting of a claim name and a claim value. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04 https://datatracker.ietf.org/doc/html/draft-ietf-ace-cbor-web-token-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cbor-web-token-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 13 10:41:02 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2328612EAC4 for ; Thu, 13 Apr 2017 10:41:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.02 X-Spam-Level: X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3-djB8FgSkL for ; Thu, 13 Apr 2017 10:40:59 -0700 (PDT) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0093.outbound.protection.outlook.com [104.47.36.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF3D412EAB3 for ; Thu, 13 Apr 2017 10:40:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=a1Gjpcx6uzUlbjpSw8XAJQOfOcmw2LRSdZSsGvUlztU=; b=M2bzMh1rmiZJfoHZXLKm3lN0fqjEOY+JQZHhv677HNWZCKDIXOLfI+CdpZkJ3X0dfyPhA7IF+0FTcB2f8BvqCHA0TRlRdaAqV1Gia4LH9nzT9LGZEOlnRMHKMmdIdI5tE+8S1ONVw2wQV4Qf2fsfV3Fa8rZ6wDs7dsdI5Q89b1E= Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.1; Thu, 13 Apr 2017 17:40:56 +0000 Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1034.013; Thu, 13 Apr 2017 17:40:56 +0000 From: Mike Jones To: "ace@ietf.org" Thread-Topic: CBOR Web Token (CWT) specification correcting inconsistencies in examples Thread-Index: AdK0erDudKOARECLR0iflVlLSzltJw== Date: Thu, 13 Apr 2017 17:40:56 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetBy=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-04-13T10:40:53.7058470-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [50.47.93.167] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0504; 7:HGs5ohHBBxnJ507iFSeSqRZM8vKOx/gbX95xfeShbY0PWFC6smIajvuQPJ0qbc6ZWDp3Nke699agxEwKx1aaNmdE4zHfjXypQr1WLjlhW6RSywPamCtX1qk8taOs9ZC+tXWHjShVOqIKDS+I/cnjKsV3Fr52tPBrl+smbkzFnr0FlHjcdWwpDSHkyTIILrqmIEWz1CGOkimnwqFugn7KZ54svHlNmP1Hbs51QdLhZuDva90P2QncgE7v2TLyEYM7P24uteOqB75Ma1Lco0f1gvI7B8TDwed2DiHmVF+l7SI81if94ONhd+Lx3QhaGQ9xW/QzQCdRJ39gHaXczipvJ16EoCngzaqZG2sPuw0fC9o= x-ms-office365-filtering-correlation-id: 99d1d00c-6b31-4a9c-1923-08d482943da6 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR21MB0504; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(31418570063057)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:CY4PR21MB0504; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0504; x-forefront-prvs: 02760F0D1C x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39450400003)(39840400002)(39410400002)(39850400002)(39400400002)(209900001)(5630700001)(606005)(55016002)(2900100001)(7696004)(66066001)(38730400002)(53376002)(110136004)(6436002)(3660700001)(3280700002)(5660300001)(6506006)(7906003)(3846002)(99286003)(8990500004)(5640700003)(54896002)(2501003)(790700001)(6116002)(6306002)(102836003)(77096006)(6916009)(86612001)(7736002)(86362001)(74316002)(53936002)(5005710100001)(9686003)(236005)(10290500002)(8676002)(50986999)(54356999)(81166006)(189998001)(1730700003)(81156014)(122556002)(33656002)(966004)(8936002)(25786009)(2906002)(2351001)(10090500001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0504; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY4PR21MB05048FC7011A421942C4B44EF5020CY4PR21MB0504namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2017 17:40:56.5377 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0504 Archived-At: Subject: [Ace] CBOR Web Token (CWT) specification correcting inconsistencies in examples X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 17:41:01 -0000 --_000_CY4PR21MB05048FC7011A421942C4B44EF5020CY4PR21MB0504namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable A revised CBOR Web Token (CWT) draft has been published that corrects incon= sistencies in the examples. Thanks to Jim Schaad for validating the exampl= es and pointing out the inconsistencies and to Samuel Erdtman for fixing th= em. As before, people are highly encouraged to validate the updated exampl= es. The specification is available at: * https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-04.htm= l -- Mike P.S. This notice was also posted at http://self-issued.info/?p=3D1671 and = as @selfissued. --_000_CY4PR21MB05048FC7011A421942C4B44EF5020CY4PR21MB0504namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

A revised CBOR Web Token (CWT) draft has been publis= hed that corrects inconsistencies in the examples.  Thanks to Jim Scha= ad for validating the examples and pointing out the inconsistencies and to = Samuel Erdtman for fixing them.  As before, people are highly encouraged to validate the updated examples.<= /p>

 

The specification is available at:

  • <= a href=3D"https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04">htt= ps://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04

 

An HTML-formatted version is also available at:=

·      &n= bsp;  http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-04.ht= ml

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;        -- Mike

 

P.S.  This notice was also posted at http://self-issued.info/?p=3D1671 and as @selfissued.

 

--_000_CY4PR21MB05048FC7011A421942C4B44EF5020CY4PR21MB0504namp_-- From nobody Fri Apr 14 03:34:29 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6CEE1286CA; Fri, 14 Apr 2017 03:34:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.209 X-Spam-Level: X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScwJgasBWIHw; Fri, 14 Apr 2017 03:34:24 -0700 (PDT) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F16E12708C; Fri, 14 Apr 2017 03:34:23 -0700 (PDT) X-AuditID: c1b4fb2d-89fff70000004c5d-01-58f0a5ab8478 Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by (Symantec Mail Security) with SMTP id 39.92.19549.BA5A0F85; Fri, 14 Apr 2017 12:34:21 +0200 (CEST) Received: from ESESSMB107.ericsson.se ([169.254.7.253]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0339.000; Fri, 14 Apr 2017 12:34:55 +0200 From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= To: Mohit Sethi M , 'Core' , "6tisch@ietf.org" <6tisch@ietf.org>, "ace@ietf.org" CC: Jim Schaad , =?utf-8?B?Q2hyaXN0aWFuIEFtc8O8c3M=?= Thread-Topic: [core] Question about AEAD nonce uniqueness Thread-Index: AQHSsh1IHF3Oh9Y+Y0KzCXtT1ygnt6G/qPyAgANGtwCAAcFmgA== Date: Fri, 14 Apr 2017 10:34:19 +0000 Message-ID: References: <002101d2b21d$3ff5ba30$bfe12e90$@augustcellars.com> <1bc3ed76-245a-f8fe-ae72-a424102ba682@ericsson.com> In-Reply-To: <1bc3ed76-245a-f8fe-ae72-a424102ba682@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.3.170325 x-originating-ip: [153.88.183.150] Content-Type: multipart/alternative; boundary="_000_D5161FCE7BAA8goranselanderericssoncom_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrEIsWRmVeSWpSXmKPExsUyM2K7q+7apR8iDE6/ZLRYdreP2eL7tx5m i+UXnrNY7Hu7ntli9fTvbA6sHhvnTGfz2Lr/LpPHkiU/mQKYo7hsUlJzMstSi/TtErgy7t09 yV4wcyFrxc5Z05gbGB/0s3YxcnJICJhIvJg8j7mLkYtDSGA9o0Tz23MsEM4SRoklsxczg1Sx CbhIPGh4xASSEBHoYZS4OOc2C0iCWSBfYkP7EiYQW1jAQuLOngPsILaIgKXEw333oGwniYXH 3jKC2CwCqhKHG/eDreYFqp//cxcbiC0kcItR4ubmKhCbU8BB4ufllWBxRgExie+n1jBB7BKX uPVkPhPE2QISS/acZ4awRSVePv4HNlNUQE9ib087G0RcSWLF9kuMEL2xEm933GWC2CsocXLm E5YJjKKzkIydhaRsFpKyWYwcQHFNifW79CFKFCWmdD9kh7A1JFrnzGWHKLGWWHOmHFnJAkaO VYyixanFxbnpRsZ6qUWZycXF+Xl6eaklmxiBMXtwy2/dHYyrXzseYhTgYFTi4U1oeR8hxJpY VlyZe4hRgoNZSYT3eSNQiDclsbIqtSg/vqg0J7X4EKM0B4uSOK/DvgsRQgLpiSWp2ampBalF MFkmDk6pBsZ5sjeefT24ZUXpz1U9+/2bWWu3J4oEOmXKPKxIC1vCJcnz9+3ftOrDK7dNXMXc 4/Eg+KhngUQMs1D38f1s5TIXdFmmyB33TFucs2rqdBmJI3EOVw2uMj+fdeLOpdI1ksIS1W3L Cl5Ymb1jVrXdvEZnN+ff9pQ9nVYqblwvV13dxXRouUquiJoSS3FGoqEWc1FxIgClbgRh1QIA AA== Archived-At: Subject: Re: [Ace] [core] Question about AEAD nonce uniqueness X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Apr 2017 10:34:28 -0000 --_000_D5161FCE7BAA8goranselanderericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgTW9oaXQsDQoNCihBbHNvIGluY2x1ZGluZyBBQ0Ugc2luY2UgRURIT0MgYmVsb25ncyB0aGVy ZS4pDQoNClRoYW5rcyBmb3IgdGFraW5nIHRoZSB0aW1lIGFuZCByZXZpZXdpbmcgT1NDT0FQIGFu ZCBFREhPQy4NCg0KQWdhaW4sIEppbSB3YXMgcXVpY2tlciB0byBhbnN3ZXIsIGFuZCBpbiBmYWN0 IHRoaXMgaXMgb25lIG9mIHRoZSBmZWF0dXJlcyBvZiBFREhPQyB0aGF0IHdhcyBwcm9wb3NlZCBi eSBoaW0uIExldCBtZSBnaXZlIGEgYmFja2dyb3VuZCwgbWF5YmUgdGhhdCBoZWxwcy4NCg0KT25l IG9mIHRoZSBtYWluIGRlc2lnbiBjcml0ZXJpYSBmb3IgT1NDT0FQIGFuZCBFREhPQyBpcyB0byBt YWtlIHRoZSBwcm90b2NvbCBtZXNzYWdlcyBzbWFsbCwgc2luY2UgbWFueSBwZXJmb3JtYW5jZSBh c3BlY3RzIGFyZSByZWxhdGVkIHRvIG1lc3NhZ2Ugc2l6ZXMuDQoNCldoZXJlYXMgRURIT0MgaXMg b25seSBleHBlY3RlZCB0byBiZSBydW4gb25jZSBpbiBhIHdoaWxlIChtYXliZSBqdXN0IG9uY2Up LCBPU0NPQVAgbWF5IHBvdGVudGlhbGx5IGJlIHVzZWQgd2l0aCBpbiBldmVyeSBDb0FQIG1lc3Nh Z2UsIHNvIGluIHBhcnRpY3VsYXIgZm9yIE9TQ09BUCB3ZSBoYXZlIHRyaWVkIHRvIHR1cm4gb3Zl ciBldmVyeSBieXRlLiBUaGUgY3VycmVudCBvdmVyaGVhZCBvZiBPU0NPQVAgZm9yIGEgdHlwaWNh bCBDb0FQIG1lc3NhZ2UgZXhjaGFuZ2UgaXMgMTMgYnl0ZXMgaW4gdGhlIHJlcXVlc3QgYW5kIDkg Ynl0ZXMgaW4gdGhlIHJlc3BvbnNlIGFuZCB0aGF0IGluY2x1ZGVzIHRoZSA4IGJ5dGVzIG9mIE1B QyBpbiBlYWNoIG1lc3NhZ2UuIFRoaXMgbWVzc2FnZSBzaXplIGNhbGN1bGF0aW9uIGluY2x1ZGVz IGEgU2VuZGVyIElEIG9mIDEgYnl0ZS4gSGVuY2UgdG8gZ2V0IGxvdyBvdmVyaGVhZCBpbiBwYXJ0 aWN1bGFyIHJlcXVpcmVzIGEgc2hvcnQgU2VuZGVyIElELiBTZWUgaHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LW1hdHRzc29uLWNvcmUtc2VjdXJpdHktb3ZlcmhlYWQtMDAjc2VjdGlv bi0yLjExDQoNCk5vdGUgdGhhdCB0aGUgU2VuZGVyIElEIGlzIG9ubHkgc2lnbmlmaWNhbnQgZm9y IGEgcGFydGljdWxhciBtYXN0ZXIgc2VjcmV0IGFuZCB0aGUgdXNlIG9mIHNob3J0IGlkZW50aWZp ZXJzIChhZGRyZXNzaW5nIHlvdXIgY29tbWVudCBvbiAibWluaW11bSBsZW5ndGgiKSBpcyBkZXNj cmliZWQgaW4gdGhlIE9TQ09BUCBzZWN0aW9uIEkgcmVmZXJlbmNlZCBiZWxvdy4NCg0KSWYgdGhl IFNlbmRlciBJRCBjb2luY2lkZXMgd2l0aCBhIFNlbmRlciBJRCB1c2VkIHdpdGggYW5vdGhlciBz ZWN1cml0eSBjb250ZXh0IHRoYXQgaXMgbm90IGEgc2VjdXJpdHkgaXNzdWUsIGJ1dCBhIGRldmlj ZSByZWNlaXZpbmcgYSBtZXNzYWdlIGZvciB3aGljaCBpdCBoYXMgbXVsdGlwbGUgc2VjdXJpdHkg Y29udGV4dHMgd2l0aCB0aGUgc2FtZSBTZW5kZXIgSUQgd291bGQgaGF2ZSB0byB0cnkgbW9yZSB0 aGFuIG9uY2UgYmVmb3JlIGZpbmRpbmcgdGhlIHJpZ2h0IChhZGRyZXNzaW5nIHlvdXIgY29tbWVu dCBvbiAiY29uY3JldGUgZWZmZWN0c+KAnSkuICBKaW0gZG9lc27igJl0IGhhdmUgYSBwcm9ibGVt IHdpdGggdGhhdCwgd2Ugd2FudGVkIHRvIHRyeSB0byBhdm9pZCBpdC4gQnV0LCBqdXN0IGluIGNh c2UsIHdlIHNob3VsZCBkZXNjcmliZSB0aGUgcHJvY2Vzc2luZyBoYW5kbGluZyB0aGlzLCBJIG5v dGUgdGhhdCBhcyBhbiBpc3N1ZS4NCg0KRm9yIHR3byBwZWVycyBhdXRvbm9tb3VzbHkgZXN0YWJs aXNoaW5nIGEgc2VjdXJpdHkgY29udGV4dCwgbmVpdGhlciBvZiB0aGUgbm9kZXMgaGF2ZSBrbm93 bGVkZ2UgYWJvdXQgdGhlIGlkZW50aWZpZXJzIHVzZWQgYnkgdGhlIHBlZXIgaW4gaXRzIHZhcmlv dXMgT1NDT0FQIGNvbnRleHRzIHdpdGggb3RoZXIgcGFydGllcy4gVGhlcmVmb3JlLCBpbiBFREhP QywgYXMgZGVzY3JpYmVkIGJ5IEppbSwgZWFjaCBwYXJ0eSBjYW4gc2VsZWN0IGl0cyBvd24gbG9j YWxseSB1bmlxdWUgc2hvcnQgc2Vzc2lvbiBpZGVudGlmaWVyLCBhbmQgd2hlbiBFREhPQyBpcyB1 c2VkIHdpdGggT1NDT0FQIHRoaXMgc2Vzc2lvbiBpZGVudGlmaWVyIGJlY29tZXMgdGhlIFNlbmRl ciBJRCwgc2VlDQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtc2VsYW5kZXItYWNl LWNvc2UtZWNkaGUtMDUjYXBwZW5kaXgtQi4yDQooYWRkcmVzc2luZyB5b3VyIGNvbW1lbnQgb24g ImhvdyBpdCBpcyBnZW5lcmF0ZWQiKQ0KDQpIYXZpbmcgc2hvcnQgc2Vzc2lvbiBpZGVudGlmaWVy cyBhbHNvIG9wdGltaXNlcyB0aGUgRURIT0MgbWVzc2FnZXMsIHNpbmNlIHRoZXkgc2hvcnQgKG9m IGNvdXJzZSkgYnV0IGFsc28gc2luY2UgdGhlIG5vbmNlcyBOX1UsIE5fViAod2hpY2ggYXJlIGxv bmdlcikgb25seSBuZWVkIHRvIGJlIHNlbnQgb25jZSwgaW4gY29tcGFyaXNvbiB3aXRoIGEgcHJv dG9jb2wgY29tYmluaW5nIHRoZSBmdW5jdGlvbiBvZiBub25jZSBhbmQgc2Vzc2lvbiBpZGVudGlm aWVyLg0KDQpJZiB0aGVyZSBpcyBhIHRydXN0ZWQgdGhpcmQgcGFydHkgc3VjaCBhcyB0aGUgR3Jv dXAgTWFuYWdlciBpbiBhIG11bHRpY2FzdCBzZXR0aW5nIChhcyByZWZlcmVuY2VkIGJlbG93KSB0 aGVuIHRoZSBhc3NpZ25tZW50IG9mIGlkZW50aWZpZXJzIGluIHRoZSBzZXQgb2YgZGV2aWNlcyBz aGFyaW5nIGEgY29tbW9uIGNvbnRleHQgY2FuIGJlIHVuaWxhdGVyYWxseSBkZWNpZGVkIGJ5IHRo ZSBHTSBhbmQgdGhlIHNpemUgb2YgaWRlbnRpZmllcnMgb3B0aW1pc2VkIChhZGRyZXNzaW5nIHlv dXIgY29tbWVudCBvbiAib3V0IG9mIHNjb3BlIiAtIHdoaWNoIGluIG15IG1haWwgb25seSByZWZl cnJlZCB0byB0aGlzIGNhc2UpLiBOb3RlIHRoYXQgdGhlcmUgaXMgbm8gYWRkaXRpb25hbCBjb21w bGljYXRpb24gaW4gbWFraW5nIHRoaXMgYXNzaWdubWVudCBzaW5jZSBpdCBqdXN0IGhhcyB0byBi ZSBsb2NhbGx5IHVuaXF1ZSBmb3IgdGhhdCBncm91cC4NCg0KRGlkIHRoYXQgbWFrZSB0aGluZ3Mg bW9yZSBjbGVhcj8gRG8geW91IHRoaW5rIGZ1cnRoZXIgY2xhcmlmaWNhdGlvbnMgYXJlIG5lZWRl ZCBpbiB0aGUgZHJhZnRzPw0KDQoNClRoYW5rcw0KR8O2cmFuDQoNCg0KDQoNCkZyb206IDZ0aXNj aCA8NnRpc2NoLWJvdW5jZXNAaWV0Zi5vcmc8bWFpbHRvOjZ0aXNjaC1ib3VuY2VzQGlldGYub3Jn Pj4gb24gYmVoYWxmIG9mIEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2VsbGFycy5jb208bWFpbHRv OmlldGZAYXVndXN0Y2VsbGFycy5jb20+Pg0KRGF0ZTogVGh1cnNkYXkgMTMgQXByaWwgMjAxNyBh dCAxNjozOQ0KVG86IE1vaGl0IFNldGhpIDxtb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbTxtYWls dG86bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20+PiwgR8O2cmFuIFNlbGFuZGVyIDxnb3Jhbi5z ZWxhbmRlckBlcmljc3Nvbi5jb208bWFpbHRvOmdvcmFuLnNlbGFuZGVyQGVyaWNzc29uLmNvbT4+ LCAnQ29yZScgPGNvcmVAaWV0Zi5vcmc8bWFpbHRvOmNvcmVAaWV0Zi5vcmc+PiwgIjZ0aXNjaEBp ZXRmLm9yZzxtYWlsdG86NnRpc2NoQGlldGYub3JnPiIgPDZ0aXNjaEBpZXRmLm9yZzxtYWlsdG86 NnRpc2NoQGlldGYub3JnPj4NCkNjOiAnQ2hyaXN0aWFuIEFtc8O8c3MnIDxjLmFtc3Vlc3NAZW5l cmd5aGFydmVzdGluZy5hdDxtYWlsdG86Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3RpbmcuYXQ+Pg0K U3ViamVjdDogUmU6IFs2dGlzY2hdIFtjb3JlXSBRdWVzdGlvbiBhYm91dCBBRUFEIG5vbmNlIHVu aXF1ZW5lc3MNCg0KVGhlIHNlbGVjdGlvbiBvZiBTX1ggaXMgZG9uZSBieSBwYXJ0eSBYLiAgVGhp cyBtZWFucyB0aGF0IGFsbCB0aGV5IG5lZWQgdG8gZG8gaXMgdG8gZ2VuZXJhdGUg4oCTIGVpdGhl ciByYW5kb21seSBvciBkZXRlcm1pbmlzdGljYWxseSDigJMgc29tZSBpZGVudGlmaWVyIHdoaWNo IGlzIGN1cnJlbnRseSB1bmlxdWUgZm9yIHRoZW0uDQoNClRoZSBlYXNpZXN0IHdheSB0byBkbyB0 aGlzIGlzIHRvIGhhdmUgYW4gYXJyYXkgb2YgTiBzZWN1cml0eSBjb250ZXh0cy4gIENob29zZSB0 aGUgZmlyc3Qgc2xvdCBpbiB0aGUgYXJyYXkgd2hpY2ggaXMgZW1wdHkgYW5kIHVzZSB0aGF0IGlu ZGV4IGFzIHlvdXIgaWRlbnRpZmllci4gIElmIHRoZSBhcnJheSBpcyBmdWxsLCB0aGVuIGVpdGhl ciBncm93IHRoZSBhcnJheSBvciBzY2F2ZW5nZSBhIHNlY3VyaXR5IGNvbnRleHQgd2hpY2ggaGFz IG5vdCBiZWVuIHVzZWQgaW4gYSB3aGlsZSBhbmQgdXNlIHRoYXQgc2xvdC4gIFRoaXMgYWxsb3dz IGZvciBpZGVudGlmaWVycyB0aGF0IGFyZSB1bmlxdWUgdG8gdGhlIHBhcnR5IGFuZCBzdGlsbCB2 ZXJ5IHNtYWxsLg0KDQpUaGUgb25seSB0aW1lIHRoYXQgb25lIHdvdWxkIG5lZWQgbGFyZ2UgcmFu ZG9tIGlkZW50aWZpZXJzIGlzIHdoZW4gdGhlIGtleWluZyBtYXRlcmlhbCBpcyBnZW5lcmF0ZWQg YnkgYSB0aGlyZCBwYXJ0eSBzdWNoIGFzIHRoZSBQU0sgdmVyc2lvbiBvZiBFREhPQyB3aGVyZSB0 aGUgY29tbW9uIFBTSyBuZWVkcyB0byBiZSBpZGVudGlmaWVkIGZvciBib3RoIHBhcnRpZXMuDQoN CkkgYWxzbyBkbyBub3QgaGF2ZSB0aGUgc2FtZSBwcm9ibGVtcyB3aXRoIGNvbGxpc2lvbnMgdGhh dCBHw7ZyYW4gYW5kIG90aGVycyBoYXZlLiAgSSBhbSB3aWxsaW5nIHRvIHRyeSBtdWx0aXBsZSBr ZXlzIGluIHRoZSBldmVudCBvZiBhIGNvbGxpc2lvbiBhbmQgb25seSB0aGUgY29ycmVjdCBvbmUg d2lsbCB3b3JrLiAgVGhpcyBpcyBub3QgdW51c3VhbCBpbiBzb21lIGNhc2VzIGFscmVhZHkgaW4g b3RoZXIgZW52aXJvbm1lbnRzLg0KDQpKaW0NCg0KDQpGcm9tOiBNb2hpdCBTZXRoaSBbbWFpbHRv Om1vaGl0Lm0uc2V0aGlAZXJpY3Nzb24uY29tXQ0KU2VudDogVGh1cnNkYXksIEFwcmlsIDEzLCAy MDE3IDI6NDYgQU0NClRvOiBHw7ZyYW4gU2VsYW5kZXIgPGdvcmFuLnNlbGFuZGVyQGVyaWNzc29u LmNvbTxtYWlsdG86Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tPj47ICdDb3JlJyA8Y29yZUBp ZXRmLm9yZzxtYWlsdG86Y29yZUBpZXRmLm9yZz4+OyA2dGlzY2hAaWV0Zi5vcmc8bWFpbHRvOjZ0 aXNjaEBpZXRmLm9yZz4NCkNjOiBKaW0gU2NoYWFkIDxpZXRmQGF1Z3VzdGNlbGxhcnMuY29tPG1h aWx0bzppZXRmQGF1Z3VzdGNlbGxhcnMuY29tPj47IENocmlzdGlhbiBBbXPDvHNzIDxjLmFtc3Vl c3NAZW5lcmd5aGFydmVzdGluZy5hdDxtYWlsdG86Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3Rpbmcu YXQ+Pg0KU3ViamVjdDogUmU6IFtjb3JlXSBRdWVzdGlvbiBhYm91dCBBRUFEIG5vbmNlIHVuaXF1 ZW5lc3MNCg0KDQpIaSBHw7ZyYW4sIEppbSBhbmQgQ2hyaXN0aWFuDQoNClRoYW5rcyBmb3IgcmVz cG9uZGluZyB0byBteSBxdWVzdGlvbi4gQEfDtnJhbjogYm90aCAxKSB1c2UgRURIT0Mgb3IgMikg Z2VuZXJhdGUgbGFyZ2UgcmFuZG9tIGlkZW50aWZpZXJzLCBhcmUgdGhlIHNhbWUgdGhpbmcuIEhv dyBhcmUgdGhleSBhbnkgZGlmZmVyZW50PyBJIHdlbnQgdGhyb3VnaCBFREhPQyBkcmFmdCBhbmQg aXQgc2F5cyB0aGF0IHNlbmRlciBpZCBpcyBTX1Ygd2hpY2ggaXMgdmFyaWFibGUgbGVuZ3RoIHNl c3Npb24gaWRlbnRpZmllciAoPSBnZW5lcmF0ZSBsYXJnZSByYW5kb20gaWRlbnRpZmllcikuDQoN CkkgYW0gYWZyYWlkIHNpbXBseSB3YXZpbmcgb2ZmIHRoZSBwcm9ibGVtIGFzIG91dCBvZiBzY29w ZSBtYXkgbGVhZCB0byBzb21lIChtYW55KSBpbnRlciBpbnRlcm9wZXJhYmlsaXR5IGlzc3Vlcy4g SWYgdGhlIFNlbmRlciBJRCBpcyB2YXJpYWJsZSBsZW5ndGgsIGRpZmZlcmVudCBtYW51ZmFjdHVy ZXJzIG1heSBpbXBsZW1lbnQgaXQgdmVyeSBkaWZmZXJlbnRseSBhbmQgY291bGQgY2F1c2UgY29s bGlzaW9uIHdpdGgganVzdCAyLTMgZGV2aWNlcy4gSWYgdGhleSBhcmUgZ2VuZXJhdGVkIGluIHNv ZnR3YXJlIGF0IHJ1biB0aW1lLCB5b3UgY2FuIHN0aWxsIGRvIHNvbWV0aGluZyBhYm91dCBpdCwg YnV0IGlmIGl0IGlzIGJ1cm50IGludG8gdGhlIGRldmljZSwgdGhlbiB0aGVyZSBpcyBubyB3YXkg dG8gcmVjb3ZlciBmcm9tIC4gQXQgdGhlIHZlcnkgbGVhc3QgdGhlcmUgY291bGQgYmUgYmV0dGVy IGd1aWRhbmNlLiBJIGFsc28gdGhpbmsgaXQgd291bGQgbWFrZSBzZW5zZSB0byBoYXZlIGEgbWlu aW11bSBsZW5ndGggc3BlY2lmaWVkIGFuZCBzb21lIHJlY29tbWVuZGF0aW9ucy9ndWlkZWxpbmVz IG9uIGhvdyBpdCBpcyBnZW5lcmF0ZWQuDQoNCkkgd291bGQgYWxzbyBsaWtlIHRvIGtub3cgd2hh dCBhcmUgdGhlIGNvbmNyZXRlIGFmZmVjdHMgb2YgYSBjb2xsaXNpb24/DQoNCi0tTW9oaXQNCg0K T24gMDQvMTEvMjAxNyAwODo0MyBBTSwgR8O2cmFuIFNlbGFuZGVyIHdyb3RlOg0KSGVsbG8gTW9o aXQsDQoNCkNocmlzdGlhbiBhbmQgSmltIGFscmVhZHkgcHJvdmlkZWQgYW5zd2VycywgbGV0IG1l IGp1c3QgcHJvdmlkZSBwb2ludGVycyB0byB0aGUgcmVsZXZhbnQgc2VjdGlvbnMuDQoNCk9TQ09B UDoNCuKAlA0KVGhlIHJlcXVpcmVtZW50cyBvbiB0aGUgc2VjdXJpdHkgY29udGV4dCBwYXJhbWV0 ZXJzIGFyZSBoZXJlOg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtY29y ZS1vYmplY3Qtc2VjdXJpdHktMDIjc2VjdGlvbi0zLjMNClR3byBtZXRob2RzIGZvciBlc3RhYmxp c2hpbmcgdW5pcXVlIHNlbmRlciBJRHMgYXJlIHByZXNlbnRlZDogMSkgdXNlIEVESE9DIG9yIDIp IGdlbmVyYXRlIGxhcmdlIHJhbmRvbSBpZGVudGlmaWVycy4NClRoZSBmb3JtZXIgYWxsb3dzIGZv ciB0aGUgdXNlIG9mIHNob3J0IHNlbmRlciBJRHMuDQoNCg0KTXVsdGljYXN0IE9TQ09BUDoNCuKA lA0KSW4gTXVsdGljYXN0IE9TQ09BUCAoU2VjdXJlIGdyb3VwIGNvbW11bmljYXRpb24gZm9yIENv QVApIHRoZSByZXF1aXJlbWVudHMgb24gdGhlIHNlY3VyaXR5IGNvbnRleHQgcGFyYW1ldGVycyBh cmUgaGVyZToNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC10aWxvY2EtY29yZS1t dWx0aWNhc3Qtb3Njb2FwLTAxI3NlY3Rpb24tMg0KSXQgaXMgdGhlIHJlc3BvbnNpYmlsaXR5IG9m IHRoZSBHcm91cCBNYW5hZ2VyIHRvIGVzdGFibGlzaCBhbmQgbWFuYWdlIHRoZSBzZWN1cml0eSBj b250ZXh0LCB3aGljaCBpbmNsdWRlcyB0aGUgc2VuZGVyIElEcywgYnV0IGhvdyB0aGUgYXNzaWdu bWVudCBpcyBkb25lIGlzIG91dCBvZiBzY29wZS4gVGhlIHVuaXF1ZW5lc3Mgb2Ygc2VuZGVyIElE cyBpbiB0aGlzIGRyYWZ0IGZvbGxvd3MgZnJvbSBPU0NPQVAsIGJ1dCBzaW5jZSB5b3UgYXNrZWQg SSB0aGluayB3ZSBzaG91bGQgYWRkIGEgc2VudGVuY2UgdG8gdGhpcyBkcmFmdCBzdHJlc3Npbmcg dGhhdC4NCg0KDQpHw7ZyYW4NCg0KDQpGcm9tOiBjb3JlIDxjb3JlLWJvdW5jZXNAaWV0Zi5vcmc8 bWFpbHRvOmNvcmUtYm91bmNlc0BpZXRmLm9yZz4+IG9uIGJlaGFsZiBvZiBKaW0gU2NoYWFkIDxp ZXRmQGF1Z3VzdGNlbGxhcnMuY29tPG1haWx0bzppZXRmQGF1Z3VzdGNlbGxhcnMuY29tPj4NCkRh dGU6IE1vbmRheSAxMCBBcHJpbCAyMDE3IGF0IDE5OjA5DQpUbzogTW9oaXQgU2V0aGkgPG1vaGl0 Lm0uc2V0aGlAZXJpY3Nzb24uY29tPG1haWx0bzptb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbT4+ LCAnQ29yZScgPGNvcmVAaWV0Zi5vcmc8bWFpbHRvOmNvcmVAaWV0Zi5vcmc+PiwgIjZ0aXNjaEBp ZXRmLm9yZzxtYWlsdG86NnRpc2NoQGlldGYub3JnPiIgPDZ0aXNjaEBpZXRmLm9yZzxtYWlsdG86 NnRpc2NoQGlldGYub3JnPj4NClN1YmplY3Q6IFJlOiBbY29yZV0gUXVlc3Rpb24gYWJvdXQgQUVB RCBub25jZSB1bmlxdWVuZXNzDQoNClRoZXJlIGlzIG5vdCBhIHByb2JsZW0gd2l0aCBkZWFsaW5n IHdpdGggbm9uY2UgdW5pcXVlbmVzcyBpbiB0aGlzIGRyYWZ0IGJlY2F1c2UgZWFjaCBlbnRpdHkg aXMgZ29pbmcgdG8gYmUgYXNzaWduZWQgdG8gYSB1bmlxdWUga2V5IGZvciB0cmFuc21pc3Npb25z LiAgVGhlIHRyYW5zcG9ydCBrZXkgaXMgZGVyaXZlZCBmcm9tIHRoZSBQU0sgYW5kIHRoZSBzZW5k ZXIgSUQuICBTZW5kZXIgSURzIHdpbGwgYmUgdW5pcXVlIGJhc2VkIG9uIHRoZSBlbnJvbGxtZW50 IHByb3RvY29sIGluIHRoZSBncm91cCBhcyBlYWNoIGVudGl0eSB3aWxsIGhhdmUgYSB1bmlxdWUg aWRlbnRpZmllci4NCg0KSmltDQoNCg0KRnJvbTogY29yZSBbbWFpbHRvOmNvcmUtYm91bmNlc0Bp ZXRmLm9yZ10gT24gQmVoYWxmIE9mIE1vaGl0IFNldGhpDQpTZW50OiBNb25kYXksIEFwcmlsIDEw LCAyMDE3IDQ6NTEgQU0NClRvOiBDb3JlIDxjb3JlQGlldGYub3JnPG1haWx0bzpjb3JlQGlldGYu b3JnPj47IDZ0aXNjaEBpZXRmLm9yZzxtYWlsdG86NnRpc2NoQGlldGYub3JnPg0KU3ViamVjdDog W2NvcmVdIFF1ZXN0aW9uIGFib3V0IEFFQUQgbm9uY2UgdW5pcXVlbmVzcw0KDQoNCkhpIE9TQ29B UCBhdXRob3JzDQoNCkkgd2FzIHRyeWluZyB0byByZWFkIHRoZSBPU0NvQVAgYW5kIDZ0aXNjaCBt aW5pbWFsIHNlY3VyaXR5IGRyYWZ0cy4gSSBoYXZlIGEgcXVlc3Rpb24gYWJvdXQgdGhlIEFFQUQg bm9uY2UgdW5pcXVlbmVzcy4gUkZDIDUxMTYgc2F5cyB0aGF0Og0KDQogICBXaGVuIHRoZXJlIGFy ZSBtdWx0aXBsZSBkZXZpY2VzIHBlcmZvcm1pbmcgZW5jcnlwdGlvbiB1c2luZyBhIHNpbmdsZQ0K DQogICBrZXksIHRob3NlIGRldmljZXMgbXVzdCBjb29yZGluYXRlIHRvIGVuc3VyZSB0aGF0IHRo ZSBub25jZXMgYXJlDQoNCiAgIHVuaXF1ZS4gIEEgc2ltcGxlIHdheSB0byBkbyB0aGlzIGlzIHRv IHVzZSBhIG5vbmNlIGZvcm1hdCB0aGF0DQoNCiAgIGNvbnRhaW5zIGEgZmllbGQgdGhhdCBpcyBk aXN0aW5jdCBmb3IgZWFjaCBvbmUgb2YgdGhlIGRldmljZXMNCg0KU28gbXkgb2J2aW91cyBxdWVz dGlvbiBpcyBob3cgaXMgdGhlIEFFQUQgbm9uY2UgdW5pcXVlbmVzcyBlbnN1cmVkLiBUaGUgUFNL IGlzIGtub3duIHRvIGF0IGxlYXN0IHR3byBwYXJ0aWVzIChtb3JlIGluIGNhc2Ugb2Ygc29tZSB1 c2VzIHN1Y2ggYXMgbXVsdGljYXN0IE9TQ29BUCBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtdGlsb2NhLWNvcmUtbXVsdGljYXN0LW9zY29hcC0wMSk/Pw0KDQpUaGUgZHJhZnQgY3Vy cmVudGx5IHNheXMgdGhhdCBBRUFEIE5vbmNlIHVuaXF1ZW5lc3MgaXMgZW5zdXJlZCB3aXRoIHNl cXVlbmNlIG51bWJlcnMgYW5kIHNlbmRlciBjb250ZXh0IHdoaWNoIGlzIGVzc2VudGlhbGx5IHRo ZSBzZW5kZXIgSUQuIEJ1dCBob3cgZG8geW91IGVuc3VyZSB0aGF0IHRoZSB0d28gcGFydGllcyBo YXZlIGRpZmZlcmVudCBzZW5kZXIgSUQuIEVzcGVjaWFsbHkgc2luY2Ugc2VuZGVyIElEIGlzIG5v dCBmaXhlZCBsZW5ndGguIEkgZ3Vlc3MgdGhlcmUgd2lsbCBiZSBvdGhlciBwcm9ibGVtcyBpbiBj YXNlIG9mIHNlbmRlciBJRCBjb2xsaXNpb25zPw0KYXMgU2VuZGVyIElEcyBhcmUgY3VycmVudGx5 IHVzZWQsIHRoZXkgYXJlIG11dHVhbGx5IGFncmVlZC11cG9uIGxpa2UgdGhlDQpyZXN0IG9mIHRo ZSBzZWN1cml0eSBjb250ZXh0IChrZXksIGFsZ29yaXRobSBldGMpOyBpbiBvdGhlciB3b3Jkcywg dGhleQ0KYXJlIGV4cGxpY2l0bHkgZ2l2ZW4gdG8gYSBkZXZpY2UgYnkgdGhlIG1lY2hhbmlzbSB0 aGF0IGFsc28gZGlzdHJpYnV0ZXMNCnRoZSBrZXkuDQoNCkJlc3QgcmVnYXJkcw0KQ2hyaXN0aWFu DQoNCi0tDQpDaHJpc3RpYW4gQW1zw7xzcyAgICAgICAgICAgICAgICAgICAgICB8IEVuZXJneSBI YXJ2ZXN0aW5nIFNvbHV0aW9ucyBHbWJIDQpmb3VuZGVyLCBzeXN0ZW0gYXJjaGl0ZWN0ICAgICAg ICAgICAgIHwgaGVhZHF1YXJ0ZXI6DQptYWlsdG86Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3Rpbmcu YXQgIHwgQXJiZWl0ZXJnYXNzZSAxNSwgQS00NDAwIFN0ZXlyDQp0ZWw6KzQzLTY2NC05Ny05MC02 LTM5ICAgICAgICAgICAgICAgIHwgaHR0cDovL3d3dy5lbmVyZ3loYXJ2ZXN0aW5nLmF0Lw0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IEFUVTY4NDc2NjE0DQoNCg0KDQoN CkZyb206IE1vaGl0IFNldGhpIDxtb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbTxtYWlsdG86bW9o aXQubS5zZXRoaUBlcmljc3Nvbi5jb20+Pg0KRGF0ZTogVGh1cnNkYXkgMTMgQXByaWwgMjAxNyBh dCAxMTo0NQ0KVG86IEfDtnJhbiBTZWxhbmRlciA8Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29t PG1haWx0bzpnb3Jhbi5zZWxhbmRlckBlcmljc3Nvbi5jb20+PiwgJ0NvcmUnIDxjb3JlQGlldGYu b3JnPG1haWx0bzpjb3JlQGlldGYub3JnPj4sICI2dGlzY2hAaWV0Zi5vcmc8bWFpbHRvOjZ0aXNj aEBpZXRmLm9yZz4iIDw2dGlzY2hAaWV0Zi5vcmc8bWFpbHRvOjZ0aXNjaEBpZXRmLm9yZz4+DQpD YzogSmltIFNjaGFhZCA8aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbTxtYWlsdG86aWV0ZkBhdWd1c3Rj ZWxsYXJzLmNvbT4+LCBDaHJpc3RpYW4gQW1zw7xzcyA8Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3Rp bmcuYXQ8bWFpbHRvOmMuYW1zdWVzc0BlbmVyZ3loYXJ2ZXN0aW5nLmF0Pj4NClN1YmplY3Q6IFJl OiBbY29yZV0gUXVlc3Rpb24gYWJvdXQgQUVBRCBub25jZSB1bmlxdWVuZXNzDQoNCg0KSGkgR8O2 cmFuLCBKaW0gYW5kIENocmlzdGlhbg0KDQpUaGFua3MgZm9yIHJlc3BvbmRpbmcgdG8gbXkgcXVl c3Rpb24uIEBHw7ZyYW46IGJvdGggMSkgdXNlIEVESE9DIG9yIDIpIGdlbmVyYXRlIGxhcmdlIHJh bmRvbSBpZGVudGlmaWVycywgYXJlIHRoZSBzYW1lIHRoaW5nLiBIb3cgYXJlIHRoZXkgYW55IGRp ZmZlcmVudD8gSSB3ZW50IHRocm91Z2ggRURIT0MgZHJhZnQgYW5kIGl0IHNheXMgdGhhdCBzZW5k ZXIgaWQgaXMgU19WIHdoaWNoIGlzIHZhcmlhYmxlIGxlbmd0aCBzZXNzaW9uIGlkZW50aWZpZXIg KD0gZ2VuZXJhdGUgbGFyZ2UgcmFuZG9tIGlkZW50aWZpZXIpLg0KDQpJIGFtIGFmcmFpZCBzaW1w bHkgd2F2aW5nIG9mZiB0aGUgcHJvYmxlbSBhcyBvdXQgb2Ygc2NvcGUgbWF5IGxlYWQgdG8gc29t ZSAobWFueSkgaW50ZXIgaW50ZXJvcGVyYWJpbGl0eSBpc3N1ZXMuIElmIHRoZSBTZW5kZXIgSUQg aXMgdmFyaWFibGUgbGVuZ3RoLCBkaWZmZXJlbnQgbWFudWZhY3R1cmVycyBtYXkgaW1wbGVtZW50 IGl0IHZlcnkgZGlmZmVyZW50bHkgYW5kIGNvdWxkIGNhdXNlIGNvbGxpc2lvbiB3aXRoIGp1c3Qg Mi0zIGRldmljZXMuIElmIHRoZXkgYXJlIGdlbmVyYXRlZCBpbiBzb2Z0d2FyZSBhdCBydW4gdGlt ZSwgeW91IGNhbiBzdGlsbCBkbyBzb21ldGhpbmcgYWJvdXQgaXQsIGJ1dCBpZiBpdCBpcyBidXJu dCBpbnRvIHRoZSBkZXZpY2UsIHRoZW4gdGhlcmUgaXMgbm8gd2F5IHRvIHJlY292ZXIgZnJvbSAu IEF0IHRoZSB2ZXJ5IGxlYXN0IHRoZXJlIGNvdWxkIGJlIGJldHRlciBndWlkYW5jZS4gSSBhbHNv IHRoaW5rIGl0IHdvdWxkIG1ha2Ugc2Vuc2UgdG8gaGF2ZSBhIG1pbmltdW0gbGVuZ3RoIHNwZWNp ZmllZCBhbmQgc29tZSByZWNvbW1lbmRhdGlvbnMvZ3VpZGVsaW5lcyBvbiBob3cgaXQgaXMgZ2Vu ZXJhdGVkLg0KDQpJIHdvdWxkIGFsc28gbGlrZSB0byBrbm93IHdoYXQgYXJlIHRoZSBjb25jcmV0 ZSBhZmZlY3RzIG9mIGEgY29sbGlzaW9uPw0KDQotLU1vaGl0DQoNCk9uIDA0LzExLzIwMTcgMDg6 NDMgQU0sIEfDtnJhbiBTZWxhbmRlciB3cm90ZToNCkhlbGxvIE1vaGl0LA0KDQpDaHJpc3RpYW4g YW5kIEppbSBhbHJlYWR5IHByb3ZpZGVkIGFuc3dlcnMsIGxldCBtZSBqdXN0IHByb3ZpZGUgcG9p bnRlcnMgdG8gdGhlIHJlbGV2YW50IHNlY3Rpb25zLg0KDQpPU0NPQVA6DQrigJQNClRoZSByZXF1 aXJlbWVudHMgb24gdGhlIHNlY3VyaXR5IGNvbnRleHQgcGFyYW1ldGVycyBhcmUgaGVyZToNCmh0 dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3VyaXR5 LTAyI3NlY3Rpb24tMy4zDQpUd28gbWV0aG9kcyBmb3IgZXN0YWJsaXNoaW5nIHVuaXF1ZSBzZW5k ZXIgSURzIGFyZSBwcmVzZW50ZWQ6IDEpIHVzZSBFREhPQyBvciAyKSBnZW5lcmF0ZSBsYXJnZSBy YW5kb20gaWRlbnRpZmllcnMuDQpUaGUgZm9ybWVyIGFsbG93cyBmb3IgdGhlIHVzZSBvZiBzaG9y dCBzZW5kZXIgSURzLg0KDQoNCk11bHRpY2FzdCBPU0NPQVA6DQrigJQNCkluIE11bHRpY2FzdCBP U0NPQVAgKFNlY3VyZSBncm91cCBjb21tdW5pY2F0aW9uIGZvciBDb0FQKSB0aGUgcmVxdWlyZW1l bnRzIG9uIHRoZSBzZWN1cml0eSBjb250ZXh0IHBhcmFtZXRlcnMgYXJlIGhlcmU6DQpodHRwczov L3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtdGlsb2NhLWNvcmUtbXVsdGljYXN0LW9zY29hcC0w MSNzZWN0aW9uLTINCkl0IGlzIHRoZSByZXNwb25zaWJpbGl0eSBvZiB0aGUgR3JvdXAgTWFuYWdl ciB0byBlc3RhYmxpc2ggYW5kIG1hbmFnZSB0aGUgc2VjdXJpdHkgY29udGV4dCwgd2hpY2ggaW5j bHVkZXMgdGhlIHNlbmRlciBJRHMsIGJ1dCBob3cgdGhlIGFzc2lnbm1lbnQgaXMgZG9uZSBpcyBv dXQgb2Ygc2NvcGUuIFRoZSB1bmlxdWVuZXNzIG9mIHNlbmRlciBJRHMgaW4gdGhpcyBkcmFmdCBm b2xsb3dzIGZyb20gT1NDT0FQLCBidXQgc2luY2UgeW91IGFza2VkIEkgdGhpbmsgd2Ugc2hvdWxk IGFkZCBhIHNlbnRlbmNlIHRvIHRoaXMgZHJhZnQgc3RyZXNzaW5nIHRoYXQuDQoNCg0KR8O2cmFu DQoNCg0KRnJvbTogY29yZSA8Y29yZS1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpjb3JlLWJvdW5j ZXNAaWV0Zi5vcmc+PiBvbiBiZWhhbGYgb2YgSmltIFNjaGFhZCA8aWV0ZkBhdWd1c3RjZWxsYXJz LmNvbTxtYWlsdG86aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbT4+DQpEYXRlOiBNb25kYXkgMTAgQXBy aWwgMjAxNyBhdCAxOTowOQ0KVG86IE1vaGl0IFNldGhpIDxtb2hpdC5tLnNldGhpQGVyaWNzc29u LmNvbTxtYWlsdG86bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20+PiwgJ0NvcmUnIDxjb3JlQGll dGYub3JnPG1haWx0bzpjb3JlQGlldGYub3JnPj4sICI2dGlzY2hAaWV0Zi5vcmc8bWFpbHRvOjZ0 aXNjaEBpZXRmLm9yZz4iIDw2dGlzY2hAaWV0Zi5vcmc8bWFpbHRvOjZ0aXNjaEBpZXRmLm9yZz4+ DQpTdWJqZWN0OiBSZTogW2NvcmVdIFF1ZXN0aW9uIGFib3V0IEFFQUQgbm9uY2UgdW5pcXVlbmVz cw0KDQpUaGVyZSBpcyBub3QgYSBwcm9ibGVtIHdpdGggZGVhbGluZyB3aXRoIG5vbmNlIHVuaXF1 ZW5lc3MgaW4gdGhpcyBkcmFmdCBiZWNhdXNlIGVhY2ggZW50aXR5IGlzIGdvaW5nIHRvIGJlIGFz c2lnbmVkIHRvIGEgdW5pcXVlIGtleSBmb3IgdHJhbnNtaXNzaW9ucy4gIFRoZSB0cmFuc3BvcnQg a2V5IGlzIGRlcml2ZWQgZnJvbSB0aGUgUFNLIGFuZCB0aGUgc2VuZGVyIElELiAgU2VuZGVyIElE cyB3aWxsIGJlIHVuaXF1ZSBiYXNlZCBvbiB0aGUgZW5yb2xsbWVudCBwcm90b2NvbCBpbiB0aGUg Z3JvdXAgYXMgZWFjaCBlbnRpdHkgd2lsbCBoYXZlIGEgdW5pcXVlIGlkZW50aWZpZXIuDQoNCkpp bQ0KDQoNCkZyb206IGNvcmUgW21haWx0bzpjb3JlLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFs ZiBPZiBNb2hpdCBTZXRoaQ0KU2VudDogTW9uZGF5LCBBcHJpbCAxMCwgMjAxNyA0OjUxIEFNDQpU bzogQ29yZSA8Y29yZUBpZXRmLm9yZzxtYWlsdG86Y29yZUBpZXRmLm9yZz4+OyA2dGlzY2hAaWV0 Zi5vcmc8bWFpbHRvOjZ0aXNjaEBpZXRmLm9yZz4NClN1YmplY3Q6IFtjb3JlXSBRdWVzdGlvbiBh Ym91dCBBRUFEIG5vbmNlIHVuaXF1ZW5lc3MNCg0KDQpIaSBPU0NvQVAgYXV0aG9ycw0KDQpJIHdh cyB0cnlpbmcgdG8gcmVhZCB0aGUgT1NDb0FQIGFuZCA2dGlzY2ggbWluaW1hbCBzZWN1cml0eSBk cmFmdHMuIEkgaGF2ZSBhIHF1ZXN0aW9uIGFib3V0IHRoZSBBRUFEIG5vbmNlIHVuaXF1ZW5lc3Mu IFJGQyA1MTE2IHNheXMgdGhhdDoNCg0KICAgV2hlbiB0aGVyZSBhcmUgbXVsdGlwbGUgZGV2aWNl cyBwZXJmb3JtaW5nIGVuY3J5cHRpb24gdXNpbmcgYSBzaW5nbGUNCg0KICAga2V5LCB0aG9zZSBk ZXZpY2VzIG11c3QgY29vcmRpbmF0ZSB0byBlbnN1cmUgdGhhdCB0aGUgbm9uY2VzIGFyZQ0KDQog ICB1bmlxdWUuICBBIHNpbXBsZSB3YXkgdG8gZG8gdGhpcyBpcyB0byB1c2UgYSBub25jZSBmb3Jt YXQgdGhhdA0KDQogICBjb250YWlucyBhIGZpZWxkIHRoYXQgaXMgZGlzdGluY3QgZm9yIGVhY2gg b25lIG9mIHRoZSBkZXZpY2VzDQoNClNvIG15IG9idmlvdXMgcXVlc3Rpb24gaXMgaG93IGlzIHRo ZSBBRUFEIG5vbmNlIHVuaXF1ZW5lc3MgZW5zdXJlZC4gVGhlIFBTSyBpcyBrbm93biB0byBhdCBs ZWFzdCB0d28gcGFydGllcyAobW9yZSBpbiBjYXNlIG9mIHNvbWUgdXNlcyBzdWNoIGFzIG11bHRp Y2FzdCBPU0NvQVAgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9jYS1jb3Jl LW11bHRpY2FzdC1vc2NvYXAtMDEpPz8NCg0KVGhlIGRyYWZ0IGN1cnJlbnRseSBzYXlzIHRoYXQg QUVBRCBOb25jZSB1bmlxdWVuZXNzIGlzIGVuc3VyZWQgd2l0aCBzZXF1ZW5jZSBudW1iZXJzIGFu ZCBzZW5kZXIgY29udGV4dCB3aGljaCBpcyBlc3NlbnRpYWxseSB0aGUgc2VuZGVyIElELiBCdXQg aG93IGRvIHlvdSBlbnN1cmUgdGhhdCB0aGUgdHdvIHBhcnRpZXMgaGF2ZSBkaWZmZXJlbnQgc2Vu ZGVyIElELiBFc3BlY2lhbGx5IHNpbmNlIHNlbmRlciBJRCBpcyBub3QgZml4ZWQgbGVuZ3RoLiBJ IGd1ZXNzIHRoZXJlIHdpbGwgYmUgb3RoZXIgcHJvYmxlbXMgaW4gY2FzZSBvZiBzZW5kZXIgSUQg Y29sbGlzaW9ucz8NCg0KYXMgU2VuZGVyIElEcyBhcmUgY3VycmVudGx5IHVzZWQsIHRoZXkgYXJl IG11dHVhbGx5IGFncmVlZC11cG9uIGxpa2UgdGhlDQpyZXN0IG9mIHRoZSBzZWN1cml0eSBjb250 ZXh0IChrZXksIGFsZ29yaXRobSBldGMpOyBpbiBvdGhlciB3b3JkcywgdGhleQ0KYXJlIGV4cGxp Y2l0bHkgZ2l2ZW4gdG8gYSBkZXZpY2UgYnkgdGhlIG1lY2hhbmlzbSB0aGF0IGFsc28gZGlzdHJp YnV0ZXMNCnRoZSBrZXkuDQoNCkJlc3QgcmVnYXJkcw0KQ2hyaXN0aWFuDQoNCi0tDQpDaHJpc3Rp YW4gQW1zw7xzcyAgICAgICAgICAgICAgICAgICAgICB8IEVuZXJneSBIYXJ2ZXN0aW5nIFNvbHV0 aW9ucyBHbWJIDQpmb3VuZGVyLCBzeXN0ZW0gYXJjaGl0ZWN0ICAgICAgICAgICAgIHwgaGVhZHF1 YXJ0ZXI6DQptYWlsdG86Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3RpbmcuYXQgIHwgQXJiZWl0ZXJn YXNzZSAxNSwgQS00NDAwIFN0ZXlyDQp0ZWw6KzQzLTY2NC05Ny05MC02LTM5ICAgICAgICAgICAg ICAgIHwgaHR0cDovL3d3dy5lbmVyZ3loYXJ2ZXN0aW5nLmF0Lw0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB8IEFUVTY4NDc2NjE0DQoNCg0KDQo= --_000_D5161FCE7BAA8goranselanderericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj5IaSBN b2hpdCw8L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2Io MCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij4NCjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiPjxicj4NCjwvZm9udD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTRweDsiPg0KPGZvbnQgZmFjZT0i Q2FsaWJyaSIgc2l6ZT0iMyI+KEFsc28mbmJzcDtpbmNsdWRpbmcgQUNFIHNpbmNlIEVESE9DIGJl bG9uZ3MgdGhlcmUuKTwvZm9udD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29s b3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQt c2l6ZTogMTRweDsiPg0KPGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+PGJyPg0KPC9mb250 PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBm b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8Zm9u dCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj5UaGFua3MgZm9yIHRha2luZyB0aGUgdGltZSBhbmQg cmV2aWV3aW5nIE9TQ09BUCBhbmQgRURIT0MuPC9mb250PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIz Ij48YnI+DQo8L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiBy Z2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDE0cHg7Ij4NCjxmb250IHNpemU9IjMiPjxmb250IGZhY2U9IkNhbGlicmksc2Fucy1zZXJpZiI+ QWdhaW4sIEppbSB3YXMgcXVpY2tlciB0byBhbnN3ZXIsIGFuZCBpbiBmYWN0IHRoaXMgaXMgb25l IG9mIHRoZSBmZWF0dXJlcyBvZiBFREhPQyB0aGF0IHdhcyBwcm9wb3NlZCBieSBoaW0uIExldCBt ZSBnaXZlIGEmbmJzcDtiYWNrZ3JvdW5kLCBtYXliZSB0aGF0IGhlbHBzLjwvZm9udD48L2ZvbnQ+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxicj4N CjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxmb250IHNpemU9IjMiPjxmb250Pjxmb250IGZh Y2U9IkNhbGlicmkiPk9uZSBvZiB0aGUgbWFpbiBkZXNpZ24gY3JpdGVyaWEgZm9yIE9TQ09BUCBh bmQgRURIT0MgaXMgdG8gbWFrZSB0aGUgcHJvdG9jb2wgbWVzc2FnZXMgc21hbGwsIHNpbmNlIG1h bnkmbmJzcDs8L2ZvbnQ+PC9mb250PjwvZm9udD48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IENh bGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogbWVkaXVtOyI+cGVyZm9ybWFuY2UNCiBhc3Bl Y3RzIGFyZSByZWxhdGVkIHRvIG1lc3NhZ2Ugc2l6ZXMuJm5ic3A7PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTog Q2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8Zm9udCBzaXplPSIzIj48 YnI+DQo8L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2Io MCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij4NCjxmb250IHNpemU9IjMiPjxmb250IGZhY2U9IkNhbGlicmksc2Fucy1zZXJpZiI+V2hl cmVhcyBFREhPQyBpcyBvbmx5IGV4cGVjdGVkIHRvIGJlIHJ1biBvbmNlIGluIGEgd2hpbGUgKG1h eWJlIGp1c3Qgb25jZSksIE9TQ09BUCBtYXkgcG90ZW50aWFsbHkgYmUgdXNlZCB3aXRoIGluIGV2 ZXJ5IENvQVAgbWVzc2FnZSwgc28gaW4gcGFydGljdWxhciBmb3IgT1NDT0FQIHdlIGhhdmUgdHJp ZWQgdG8gdHVybiBvdmVyIGV2ZXJ5IGJ5dGUuPC9mb250Pjxmb250IGZhY2U9IkNhbGlicmkiIHN0 eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxNHB4OyI+PGZvbnQgZmFjZT0iQ2FsaWJyaSxzYW5zLXNlcmlmIj4mbmJz cDtUPC9mb250PmhlPGZvbnQgZmFjZT0iQ2FsaWJyaSxzYW5zLXNlcmlmIj4mbmJzcDtjdXJyZW50 DQogb3ZlcmhlYWQgb2YgT1NDT0FQIGZvciBhIHR5cGljYWwgQ29BUCBtZXNzYWdlIGV4Y2hhbmdl IGlzIDEzIGJ5dGVzIGluIHRoZSByZXF1ZXN0IGFuZDwvZm9udD48L2ZvbnQ+PC9mb250Pjxmb250 IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+Jm5ic3A7OSBi eXRlcyBpbiB0aGUgcmVzcG9uc2UgYW5kIHRoYXQgaW5jbHVkZXMNCiB0aGUgOCBieXRlcyBvZiBN QUMgaW4gZWFjaCBtZXNzYWdlLiBUaGlzIG1lc3NhZ2Ugc2l6ZSBjYWxjdWxhdGlvbiBpbmNsdWRl cyBhIFNlbmRlciBJRCBvZiAxIGJ5dGUuIEhlbmNlIHRvIGdldCBsb3cgb3ZlcmhlYWQgaW4gcGFy dGljdWxhciByZXF1aXJlcyBhIHNob3J0IFNlbmRlciBJRC4gU2VlJm5ic3A7PC9mb250PjxhIGhy ZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tYXR0c3Nvbi1jb3JlLXNlY3Vy aXR5LW92ZXJoZWFkLTAwI3NlY3Rpb24tMi4xMSIgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0 bWwvZHJhZnQtbWF0dHNzb24tY29yZS1zZWN1cml0eS1vdmVyaGVhZC0wMCNzZWN0aW9uLTIuMTE8 L2E+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxi cj4NCjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDAp OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8 Zm9udCBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog MTRweDsiPk5vdGUgdGhhdCZuYnNwOzwvZm9udD48Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIz Ij50aGUgU2VuZGVyIElEIGlzIG9ubHkgc2lnbmlmaWNhbnQgZm9yIGEgcGFydGljdWxhciBtYXN0 ZXIgc2VjcmV0PC9mb250Pjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiPiZuYnNwOzwvZm9u dD48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2VyaWYiPmFuZA0KIHRoZSB1c2Ugb2Ygc2hvcnQg aWRlbnRpZmllcnMgKGFkZHJlc3NpbmcgeW91ciBjb21tZW50IG9uICZxdW90O21pbmltdW0gbGVu Z3RoJnF1b3Q7KTwvZm9udD48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2VyaWYiPiZuYnNwO2lz IGRlc2NyaWJlZCBpbiB0aGUgT1NDT0FQIHNlY3Rpb24gSSByZWZlcmVuY2VkIGJlbG93LjwvZm9u dD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsg Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTRweDsiPg0KPHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij48YnI+DQo8L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGZvbnQgZmFjZT0i Q2FsaWJyaSxzYW5zLXNlcmlmIiBzaXplPSIzIj5JZiB0aGUgU2VuZGVyIElEIGNvaW5jaWRlcyB3 aXRoIGEgU2VuZGVyIElEIHVzZWQgd2l0aCBhbm90aGVyIHNlY3VyaXR5IGNvbnRleHQgdGhhdCBp cyBub3QgYSBzZWN1cml0eSBpc3N1ZSwgYnV0IGEgZGV2aWNlIHJlY2VpdmluZyBhIG1lc3NhZ2Ug Zm9yIHdoaWNoIGl0IGhhcyBtdWx0aXBsZSBzZWN1cml0eSBjb250ZXh0cyB3aXRoIHRoZQ0KIHNh bWUgU2VuZGVyIElEIHdvdWxkIGhhdmUgdG8gdHJ5IG1vcmUgdGhhbiBvbmNlIGJlZm9yZSBmaW5k aW5nIHRoZSByaWdodCAoYWRkcmVzc2luZyB5b3VyIGNvbW1lbnQgb24gJnF1b3Q7Y29uY3JldGUg ZWZmZWN0c+KAnSkuICZuYnNwO0ppbSBkb2VzbuKAmXQgaGF2ZSBhIHByb2JsZW0gd2l0aCB0aGF0 LCB3ZSB3YW50ZWQgdG8gdHJ5IHRvJm5ic3A7PC9mb250Pjxmb250IGZhY2U9IkNhbGlicmksc2Fu cy1zZXJpZiIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij5hdm9pZDwvZm9udD48Zm9udCBmYWNlPSJD YWxpYnJpIj48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2VyaWYiIHN0eWxlPSJjb2xvcjogcmdi KDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx NHB4OyI+Jm5ic3A7aXQuDQogQnV0LCBqdXN0IGluIGNhc2UsIHdlIHNob3VsZCBkZXNjcmliZSB0 aGUgcHJvY2Vzc2luZzwvZm9udD48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2VyaWYiIHNpemU9 IjMiPiZuYnNwO2hhbmRsaW5nIHRoaXMsIEkgbm90ZSB0aGF0IGFzIGFuIGlzc3VlLjwvZm9udD48 L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwg MCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4N Cjxicj4NCjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAs IDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+ DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj5Gb3IgdHdvIHBlZXJzIGF1dG9ub21vdXNs eSBlc3RhYmxpc2hpbmcgYSBzZWN1cml0eSZuYnNwO2NvbnRleHQsIG5laXRoZXIgb2YgdGhlJm5i c3A7bm9kZXMgaGF2ZSBrbm93bGVkZ2UgYWJvdXQgdGhlIGlkZW50aWZpZXJzIHVzZWQgYnkgdGhl IHBlZXIgaW4gaXRzIHZhcmlvdXMgT1NDT0FQIGNvbnRleHRzIHdpdGggb3RoZXIgcGFydGllcy4g VGhlcmVmb3JlLCBpbiBFREhPQywgYXMgZGVzY3JpYmVkIGJ5IEppbSwNCiBlYWNoIHBhcnR5IGNh biBzZWxlY3QgaXRzIG93biBsb2NhbGx5IHVuaXF1ZSBzaG9ydCBzZXNzaW9uIGlkZW50aWZpZXIs IGFuZCB3aGVuIEVESE9DIGlzIHVzZWQgd2l0aCBPU0NPQVAgdGhpcyBzZXNzaW9uIGlkZW50aWZp ZXIgYmVjb21lcyB0aGUgU2VuZGVyIElELCBzZWU8L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz YW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1zZWxhbmRlci1hY2UtY29zZS1lY2RoZS0wNSNhcHBlbmRpeC1CLjIi Pmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1zZWxhbmRlci1hY2UtY29zZS1lY2Ro ZS0wNSNhcHBlbmRpeC1CLjI8L2E+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNv bG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250 LXNpemU6IDE0cHg7Ij4NCihhZGRyZXNzaW5nIHlvdXIgY29tbWVudCBvbiAmcXVvdDtob3cgaXQg aXMgZ2VuZXJhdGVkJnF1b3Q7KSZuYnNwOzwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsg Zm9udC1zaXplOiAxNHB4OyI+DQo8YnI+DQo8L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7 IGZvbnQtc2l6ZTogMTRweDsiPg0KPGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+SGF2aW5n IHNob3J0IHNlc3Npb24gaWRlbnRpZmllcnMgYWxzbyBvcHRpbWlzZXMgdGhlIEVESE9DIG1lc3Nh Z2VzLCBzaW5jZSB0aGV5IHNob3J0IChvZiBjb3Vyc2UpIGJ1dCBhbHNvIHNpbmNlIHRoZSBub25j ZXMgTl9VLCBOX1YgKHdoaWNoIGFyZSBsb25nZXIpIG9ubHkgbmVlZCB0byBiZSBzZW50IG9uY2Us IGluIGNvbXBhcmlzb24gd2l0aCBhIHByb3RvY29sIGNvbWJpbmluZyB0aGUgZnVuY3Rpb24NCiBv ZiBub25jZSBhbmQgc2Vzc2lvbiZuYnNwO2lkZW50aWZpZXIuPC9mb250PjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQ2Fs aWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTRweDsiPjxicj4NCjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIz IiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IGZvbnQtc2l6ZTogMTRweDsiPklmIHRoZXJlIGlzIGEgdHJ1c3RlZCB0aGlyZCBwYXJ0 eSZuYnNwO3N1Y2ggYXMgdGhlIEdyb3VwIE1hbmFnZXIgaW4gYSBtdWx0aWNhc3Qgc2V0dGluZyAo YXMgcmVmZXJlbmNlZCBiZWxvdykgdGhlbiB0aGUgYXNzaWdubWVudCBvZg0KIGlkZW50aWZpZXJz IGluIHRoZSBzZXQgb2YgZGV2aWNlcyBzaGFyaW5nIGEgY29tbW9uIGNvbnRleHQgY2FuIGJlIHVu aWxhdGVyYWxseSBkZWNpZGVkIGJ5IHRoZSBHTSBhbmQgdGhlIHNpemUgb2YgaWRlbnRpZmllcnMg b3B0aW1pc2VkIChhZGRyZXNzaW5nIHlvdXIgY29tbWVudCBvbiAmcXVvdDtvdXQgb2Ygc2NvcGUm cXVvdDsgLSB3aGljaCBpbiBteSBtYWlsIG9ubHkgcmVmZXJyZWQgdG8gdGhpcyBjYXNlKS4gTjwv Zm9udD48Zm9udCBzaXplPSIzIj48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2VyaWYiIHN0eWxl PSJmb250LWZhbWlseTogQ2FsaWJyaTsiPm90ZQ0KIHRoYXQgdGhlcmUgaXMgbm8gYWRkaXRpb25h bCBjb21wbGljYXRpb24gaW4gbWFraW5nIHRoaXMmbmJzcDs8L2ZvbnQ+PGZvbnQgZmFjZT0iQ2Fs aWJyaSI+YXNzaWdubWVudDwvZm9udD48Zm9udD48Zm9udCBmYWNlPSJDYWxpYnJpLHNhbnMtc2Vy aWYiPiZuYnNwO3NpbmNlIGl0IGp1c3QgaGFzIHRvIGJlIGxvY2FsbHkgdW5pcXVlIGZvciB0aGF0 IGdyb3VwLjwvZm9udD48L2ZvbnQ+PC9mb250PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxi cj4NCjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9 IjMiPjxmb250IGZhY2U9IkNhbGlicmksc2Fucy1zZXJpZiI+RGlkIHRoYXQgbWFrZSB0aGluZ3Mg bW9yZSBjbGVhcj8gRG8geW91IHRoaW5rIGZ1cnRoZXIgY2xhcmlmaWNhdGlvbnMgYXJlIG5lZWRl ZCBpbiB0aGUgZHJhZnRzPC9mb250Pjxmb250IGZhY2U9IkNhbGlicmksc2Fucy1zZXJpZiI+Pzwv Zm9udD48L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2Io MCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7Ij4NCjxicj4NCjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdi KDAsIDAsIDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx NHB4OyI+DQo8YnI+DQo8L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29sb3I6IHJn YigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog MTRweDsiPg0KPGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+VGhhbmtzPC9mb250PjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8c3BhbiBzdHls ZT0iZm9udC1mYW1pbHk6IENhbGlicmk7IGZvbnQtc2l6ZTogbWVkaXVtOyI+R8O2cmFuPC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBm b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+DQo8c3Bh biBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmk7IGZvbnQtc2l6ZTogbWVkaXVtOyI+PGJyPg0K PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAs IDApOyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyI+ DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj48YnI+DQo8L2ZvbnQ+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxicj4NCjwvcD4NCjxkaXYg c3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxmb250IGZhY2U9IkNhbGlicmkiPjxicj4NCjwvZm9u dD48L2Rpdj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7IGJvcmRlci13aWR0aDogMXB0IG1l ZGl1bSBtZWRpdW07IGJvcmRlci1zdHlsZTogc29saWQgbm9uZSBub25lOyBwYWRkaW5nOiAzcHQg MGluIDBpbjsgYm9yZGVyLXRvcC1jb2xvcjogcmdiKDE4MSwgMTk2LCAyMjMpOyI+DQo8Zm9udCBm YWNlPSJDYWxpYnJpIj48c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6IGJvbGQ7Ij5Gcm9tOiZuYnNw Ozwvc3Bhbj42dGlzY2ggJmx0OzxhIGhyZWY9Im1haWx0bzo2dGlzY2gtYm91bmNlc0BpZXRmLm9y ZyI+NnRpc2NoLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBvbiBiZWhhbGYgb2YgSmltIFNjaGFh ZCAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5jb20iPmlldGZAYXVndXN0 Y2VsbGFycy5jb208L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDogYm9sZDsi PkRhdGU6Jm5ic3A7PC9zcGFuPlRodXJzZGF5IDEzIEFwcmlsIDIwMTcgYXQgMTY6Mzk8YnI+DQo8 c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6IGJvbGQ7Ij5UbzombmJzcDs8L3NwYW4+TW9oaXQgU2V0 aGkgJmx0OzxhIGhyZWY9Im1haWx0bzptb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbSI+bW9oaXQu bS5zZXRoaUBlcmljc3Nvbi5jb208L2E+Jmd0OywgR8O2cmFuIFNlbGFuZGVyICZsdDs8YSBocmVm PSJtYWlsdG86Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tIj5nb3Jhbi5zZWxhbmRlckBlcmlj c3Nvbi5jb208L2E+Jmd0OywgJ0NvcmUnICZsdDs8YSBocmVmPSJtYWlsdG86Y29yZUBpZXRmLm9y ZyI+Y29yZUBpZXRmLm9yZzwvYT4mZ3Q7LA0KICZxdW90OzxhIGhyZWY9Im1haWx0bzo2dGlzY2hA aWV0Zi5vcmciPjZ0aXNjaEBpZXRmLm9yZzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzo2 dGlzY2hAaWV0Zi5vcmciPjZ0aXNjaEBpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KPHNwYW4gc3R5bGU9 ImZvbnQtd2VpZ2h0OiBib2xkOyI+Q2M6Jm5ic3A7PC9zcGFuPidDaHJpc3RpYW4gQW1zw7xzcycg Jmx0OzxhIGhyZWY9Im1haWx0bzpjLmFtc3Vlc3NAZW5lcmd5aGFydmVzdGluZy5hdCI+Yy5hbXN1 ZXNzQGVuZXJneWhhcnZlc3RpbmcuYXQ8L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdl aWdodDogYm9sZDsiPlN1YmplY3Q6Jm5ic3A7PC9zcGFuPlJlOiBbNnRpc2NoXSBbY29yZV0gUXVl c3Rpb24gYWJvdXQgQUVBRCBub25jZSB1bmlxdWVuZXNzPGJyPg0KPC9mb250PjwvZGl2Pg0KPGRp diBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IGZvbnQtc2l6ZTogMTRweDsiPg0KPGZvbnQgZmFjZT0iQ2FsaWJyaSI+PGJyPg0KPC9m b250PjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwg MCk7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4N Cjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiPjxzcGFuIGlkPSJPTEtfU1JDX0JPRFlfU0VD VElPTiI+PC9zcGFuPjwvZm9udD48L3A+DQo8YmxvY2txdW90ZSBpZD0iTUFDX09VVExPT0tfQVRU UklCVVRJT05fQkxPQ0tRVU9URSIgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFt aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7IGJvcmRlci1sZWZ0LWNv bG9yOiByZ2IoMTgxLCAxOTYsIDIyMyk7IGJvcmRlci1sZWZ0LXdpZHRoOiA1cHg7IGJvcmRlci1s ZWZ0LXN0eWxlOiBzb2xpZDsgcGFkZGluZzogMHB4IDBweCAwcHggNXB4OyBtYXJnaW46IDBweCAw cHggMHB4IDVweDsiPg0KPGRpdiB4bWxuczp2PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOnZt bCIgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4bWxu czp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJodHRw Oi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJodHRw Oi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxkaXYgYmdjb2xvcj0id2hpdGUiIGxhbmc9 IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0 aW9uMSIgc3R5bGU9InBhZ2U6IFdvcmRTZWN0aW9uMTsiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJsYWNrOyI+PHNwYW4gc3R5 bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyI+PGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+VGhl IHNlbGVjdGlvbiBvZiBTX1ggaXMgZG9uZSBieSBwYXJ0eSBYLiZuYnNwOyBUaGlzIG1lYW5zIHRo YXQgYWxsIHRoZXkgbmVlZCB0byBkbyBpcyB0byBnZW5lcmF0ZSDigJMgZWl0aGVyIHJhbmRvbWx5 IG9yIGRldGVybWluaXN0aWNhbGx5DQog4oCTIHNvbWUgaWRlbnRpZmllciB3aGljaCBpcyBjdXJy ZW50bHkgdW5pcXVlIGZvciB0aGVtLjxvOnA+PC9vOnA+PC9mb250Pjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBjb2xvcjog YmxhY2s7Ij48c3BhbiBzdHlsZT0iY29sb3I6IHdpbmRvd3RleHQ7Ij48bzpwPjxmb250IGZhY2U9 IkNhbGlicmkiIHNpemU9IjMiPiZuYnNwOzwvZm9udD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJs YWNrOyI+PHNwYW4gc3R5bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyI+PGZvbnQgZmFjZT0iQ2FsaWJy aSIgc2l6ZT0iMyI+VGhlIGVhc2llc3Qgd2F5IHRvIGRvIHRoaXMgaXMgdG8gaGF2ZSBhbiBhcnJh eSBvZiBOIHNlY3VyaXR5IGNvbnRleHRzLiZuYnNwOyBDaG9vc2UgdGhlIGZpcnN0IHNsb3QgaW4g dGhlIGFycmF5IHdoaWNoIGlzIGVtcHR5IGFuZA0KIHVzZSB0aGF0IGluZGV4IGFzIHlvdXIgaWRl bnRpZmllci4mbmJzcDsgSWYgdGhlIGFycmF5IGlzIGZ1bGwsIHRoZW4gZWl0aGVyIGdyb3cgdGhl IGFycmF5IG9yIHNjYXZlbmdlIGEgc2VjdXJpdHkgY29udGV4dCB3aGljaCBoYXMgbm90IGJlZW4g dXNlZCBpbiBhIHdoaWxlIGFuZCB1c2UgdGhhdCBzbG90LiZuYnNwOyBUaGlzIGFsbG93cyBmb3Ig aWRlbnRpZmllcnMgdGhhdCBhcmUgdW5pcXVlIHRvIHRoZSBwYXJ0eSBhbmQgc3RpbGwgdmVyeSBz bWFsbC48bzpwPjwvbzpwPjwvZm9udD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJsYWNrOyI+PHNwYW4gc3R5 bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyI+PG86cD48Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIz Ij4mbmJzcDs8L2ZvbnQ+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGNvbG9yOiBibGFjazsiPjxzcGFuIHN0eWxl PSJjb2xvcjogd2luZG93dGV4dDsiPjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiPlRoZSBv bmx5IHRpbWUgdGhhdCBvbmUgd291bGQgbmVlZCBsYXJnZSByYW5kb20gaWRlbnRpZmllcnMgaXMg d2hlbiB0aGUga2V5aW5nIG1hdGVyaWFsIGlzIGdlbmVyYXRlZCBieSBhIHRoaXJkIHBhcnR5IHN1 Y2ggYXMNCiB0aGUgUFNLIHZlcnNpb24gb2YgRURIT0Mgd2hlcmUgdGhlIGNvbW1vbiBQU0sgbmVl ZHMgdG8gYmUgaWRlbnRpZmllZCBmb3IgYm90aCBwYXJ0aWVzLjxvOnA+PC9vOnA+PC9mb250Pjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBjb2xvcjogYmxhY2s7Ij48c3BhbiBzdHlsZT0iY29sb3I6IHdpbmRvd3RleHQ7Ij48 bzpwPjxmb250IGZhY2U9IkNhbGlicmkiIHNpemU9IjMiPiZuYnNwOzwvZm9udD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgY29sb3I6IGJsYWNrOyI+PGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+PHNwYW4g c3R5bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyI+SSBhbHNvIGRvIG5vdCBoYXZlIHRoZSBzYW1lIHBy b2JsZW1zIHdpdGggY29sbGlzaW9ucyB0aGF0Jm5ic3A7PC9zcGFuPkfDtnJhbiBhbmQgb3RoZXJz IGhhdmUuJm5ic3A7IEkgYW0gd2lsbGluZyB0byB0cnkgbXVsdGlwbGUga2V5cyBpbg0KIHRoZSBl dmVudCBvZiBhIGNvbGxpc2lvbiBhbmQgb25seSB0aGUgY29ycmVjdCBvbmUgd2lsbCB3b3JrLiZu YnNwOyBUaGlzIGlzIG5vdCB1bnVzdWFsIGluIHNvbWUgY2FzZXMgYWxyZWFkeSBpbiBvdGhlciBl bnZpcm9ubWVudHMuPG86cD48L286cD48L2ZvbnQ+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJsYWNrOyI+PG86cD48Zm9u dCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj4mbmJzcDs8L2ZvbnQ+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJs YWNrOyI+PGZvbnQgZmFjZT0iQ2FsaWJyaSIgc2l6ZT0iMyI+SmltPG86cD48L286cD48L2ZvbnQ+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFw dDsgY29sb3I6IGJsYWNrOyI+PHNwYW4gc3R5bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyI+PG86cD48 Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIzIj4mbmJzcDs8L2ZvbnQ+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsg Y29sb3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgY29sb3I6IHdpbmRvd3RleHQ7Ij48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyI+DQo8ZGl2IHN0eWxlPSJib3JkZXItc3R5bGU6IHNvbGlk IG5vbmUgbm9uZTsgYm9yZGVyLXRvcC1jb2xvcjogcmdiKDIyNSwgMjI1LCAyMjUpOyBib3JkZXIt dG9wLXdpZHRoOiAxcHQ7IHBhZGRpbmc6IDNwdCAwaW4gMGluOyI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZv bnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KPGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IGNvbG9yOiB3aW5kb3d0ZXh0OyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBjb2xvcjog d2luZG93dGV4dDsiPiZuYnNwO01vaGl0IFNldGhpIFs8YSBocmVmPSJtYWlsdG86bW9oaXQubS5z ZXRoaUBlcmljc3Nvbi5jb20iIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246 IHVuZGVybGluZTsiPm1haWx0bzptb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbTwvYT5dJm5ic3A7 PGJyPg0KPGI+U2VudDo8L2I+Jm5ic3A7VGh1cnNkYXksIEFwcmlsIDEzLCAyMDE3IDI6NDYgQU08 YnI+DQo8Yj5Ubzo8L2I+Jm5ic3A7R8O2cmFuIFNlbGFuZGVyICZsdDs8YSBocmVmPSJtYWlsdG86 Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1k ZWNvcmF0aW9uOiB1bmRlcmxpbmU7Ij5nb3Jhbi5zZWxhbmRlckBlcmljc3Nvbi5jb208L2E+Jmd0 OzsgJ0NvcmUnICZsdDs8YSBocmVmPSJtYWlsdG86Y29yZUBpZXRmLm9yZyIgc3R5bGU9ImNvbG9y OiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyI+Y29yZUBpZXRmLm9yZzwvYT4m Z3Q7OyZuYnNwOzxhIGhyZWY9Im1haWx0bzo2dGlzY2hAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjog cHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiPjZ0aXNjaEBpZXRmLm9yZzwvYT48 YnI+DQo8Yj5DYzo8L2I+Jm5ic3A7SmltIFNjaGFhZCAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlldGZA YXVndXN0Y2VsbGFycy5jb20iIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246 IHVuZGVybGluZTsiPmlldGZAYXVndXN0Y2VsbGFycy5jb208L2E+Jmd0OzsgQ2hyaXN0aWFuIEFt c8O8c3MgJmx0OzxhIGhyZWY9Im1haWx0bzpjLmFtc3Vlc3NAZW5lcmd5aGFydmVzdGluZy5hdCIg c3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyI+Yy5hbXN1 ZXNzQGVuZXJneWhhcnZlc3RpbmcuYXQ8L2E+Jmd0Ozxicj4NCjxiPlN1YmplY3Q6PC9iPiZuYnNw O1JlOiBbY29yZV0gUXVlc3Rpb24gYWJvdXQgQUVBRCBub25jZSB1bmlxdWVuZXNzPG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7 IG1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgY29sb3I6IGJsYWNrOyI+DQo8bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxwIHN0eWxlPSJmb250LXNpemU6IDE0cHg7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyI+SGkgR8O2cmFuLCBKaW0gYW5kIENocmlzdGlhbjxvOnA+PC9vOnA+PC9w Pg0KPHAgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7Ij5UaGFua3MgZm9yIHJlc3BvbmRpbmcgdG8gbXkgcXVlc3Rpb24uIEBHw7ZyYW46IGJv dGggMSkgdXNlIEVESE9DIG9yIDIpIGdlbmVyYXRlIGxhcmdlIHJhbmRvbSBpZGVudGlmaWVycywg YXJlIHRoZSBzYW1lIHRoaW5nLiBIb3cgYXJlIHRoZXkgYW55IGRpZmZlcmVudD8gSSB3ZW50IHRo cm91Z2ggRURIT0MgZHJhZnQgYW5kIGl0IHNheXMgdGhhdA0KIHNlbmRlciBpZCBpcyBTX1Ygd2hp Y2ggaXMgdmFyaWFibGUgbGVuZ3RoIHNlc3Npb24gaWRlbnRpZmllciAoPSBnZW5lcmF0ZSBsYXJn ZSByYW5kb20gaWRlbnRpZmllcikuPG86cD48L286cD48L3A+DQo8cCBzdHlsZT0iZm9udC1zaXpl OiAxNHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPkkgYW0gYWZyYWlkIHNp bXBseSB3YXZpbmcgb2ZmIHRoZSBwcm9ibGVtIGFzIG91dCBvZiBzY29wZSBtYXkgbGVhZCB0byBz b21lIChtYW55KSBpbnRlciBpbnRlcm9wZXJhYmlsaXR5IGlzc3Vlcy4gSWYgdGhlIFNlbmRlciBJ RCBpcyB2YXJpYWJsZSBsZW5ndGgsIGRpZmZlcmVudCBtYW51ZmFjdHVyZXJzIG1heSBpbXBsZW1l bnQgaXQgdmVyeQ0KIGRpZmZlcmVudGx5IGFuZCBjb3VsZCBjYXVzZSBjb2xsaXNpb24gd2l0aCBq dXN0IDItMyBkZXZpY2VzLiBJZiB0aGV5IGFyZSBnZW5lcmF0ZWQgaW4gc29mdHdhcmUgYXQgcnVu IHRpbWUsIHlvdSBjYW4gc3RpbGwgZG8gc29tZXRoaW5nIGFib3V0IGl0LCBidXQgaWYgaXQgaXMg YnVybnQgaW50byB0aGUgZGV2aWNlLCB0aGVuIHRoZXJlIGlzIG5vIHdheSB0byByZWNvdmVyIGZy b20gLiBBdCB0aGUgdmVyeSBsZWFzdCB0aGVyZSBjb3VsZCBiZSBiZXR0ZXINCiBndWlkYW5jZS4g SSBhbHNvIHRoaW5rIGl0IHdvdWxkIG1ha2Ugc2Vuc2UgdG8gaGF2ZSBhIG1pbmltdW0gbGVuZ3Ro IHNwZWNpZmllZCBhbmQgc29tZSByZWNvbW1lbmRhdGlvbnMvZ3VpZGVsaW5lcyBvbiBob3cgaXQg aXMgZ2VuZXJhdGVkLjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsg Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7Ij5JIHdvdWxkIGFsc28gbGlrZSB0byBr bm93IHdoYXQgYXJlIHRoZSBjb25jcmV0ZSBhZmZlY3RzIG9mIGEgY29sbGlzaW9uPzxvOnA+PC9v OnA+PC9wPg0KPHAgc3R5bGU9ImZvbnQtc2l6ZTogMTRweDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7Ij4tLU1vaGl0PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0iZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbics IHNlcmlmOyBtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGNvbG9yOiBibGFjazsiPg0KPG86cD4m bmJzcDs8L286cD48L3A+DQo8ZGl2IHN0eWxlPSJmb250LXNpemU6IDE0cHg7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGlt ZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KT24gMDQvMTEvMjAxNyAwODo0 MyBBTSwgR8O2cmFuIFNlbGFuZGVyIHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8Ymxv Y2txdW90ZSBzdHlsZT0iZm9udC1zaXplOiAxNHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsgbWFyZ2luLXRvcDogNXB0OyBtYXJnaW4tYm90dG9tOiA1cHQ7Ij4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250 LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9y OiBibGFjazsiPg0KSGVsbG8gTW9oaXQsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250 LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9y OiBibGFjazsiPg0KPG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6 IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFj azsiPg0KQ2hyaXN0aWFuIGFuZCBKaW0gYWxyZWFkeSBwcm92aWRlZCBhbnN3ZXJzLCBsZXQgbWUg anVzdCBwcm92aWRlIHBvaW50ZXJzIHRvIHRoZSByZWxldmFudCBzZWN0aW9ucy48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46 IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBO ZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+DQo8bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAw aW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9t YW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+DQpPU0NPQVA6PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywg c2VyaWY7IGNvbG9yOiBibGFjazsiPg0K4oCUPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBm b250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNv bG9yOiBibGFjazsiPg0KVGhlIHJlcXVpcmVtZW50cyBvbiB0aGUgc2VjdXJpdHkgY29udGV4dCBw YXJhbWV0ZXJzIGFyZSBoZXJlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxh Y2s7Ij4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWNv cmUtb2JqZWN0LXNlY3VyaXR5LTAyI3NlY3Rpb24tMy4zIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsg dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7Ij5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1cml0eS0wMiNzZWN0aW9uLTMuMzwvYT48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn aW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1l cyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+DQpUd28gbWV0aG9kcyBmb3IgZXN0 YWJsaXNoaW5nIHVuaXF1ZSBzZW5kZXIgSURzIGFyZSBwcmVzZW50ZWQ6IDEpIHVzZSBFREhPQyBv ciAyKSBnZW5lcmF0ZSBsYXJnZSByYW5kb20gaWRlbnRpZmllcnMuJm5ic3A7PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAw aW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3 IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KVGhlIGZvcm1lciBhbGxvd3MgZm9yIHRo ZSB1c2Ugb2Ygc2hvcnQgc2VuZGVyIElEcy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29s b3I6IGJsYWNrOyI+DQo8bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6 ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJs YWNrOyI+DQo8bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJw dDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+ DQpNdWx0aWNhc3QgT1NDT0FQOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxh Y2s7Ij4NCuKAlDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBm b250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCklu IE11bHRpY2FzdCBPU0NPQVAgKFNlY3VyZSBncm91cCBjb21tdW5pY2F0aW9uIGZvciBDb0FQKSB0 aGUgcmVxdWlyZW1lbnRzIG9uIHRoZSBzZWN1cml0eSBjb250ZXh0IHBhcmFtZXRlcnMgYXJlIGhl cmU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFt aWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KPGEgaHJlZj0i aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9jYS1jb3JlLW11bHRpY2FzdC1v c2NvYXAtMDEjc2VjdGlvbi0yIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9u OiB1bmRlcmxpbmU7Ij5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtdGlsb2NhLWNv cmUtbXVsdGljYXN0LW9zY29hcC0wMSNzZWN0aW9uLTI8L2E+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywg c2VyaWY7IGNvbG9yOiBibGFjazsiPg0KSXQgaXMgdGhlIHJlc3BvbnNpYmlsaXR5IG9mIHRoZSBH cm91cCBNYW5hZ2VyIHRvIGVzdGFibGlzaCBhbmQgbWFuYWdlIHRoZSBzZWN1cml0eSBjb250ZXh0 LCB3aGljaCBpbmNsdWRlcyB0aGUgc2VuZGVyIElEcywgYnV0IGhvdyB0aGUgYXNzaWdubWVudCBp cyBkb25lIGlzIG91dCBvZiBzY29wZS4gVGhlIHVuaXF1ZW5lc3Mgb2Ygc2VuZGVyIElEcyBpbiB0 aGlzIGRyYWZ0IGZvbGxvd3MgZnJvbSBPU0NPQVAsIGJ1dCBzaW5jZSB5b3UgYXNrZWQgSQ0KIHRo aW5rIHdlIHNob3VsZCBhZGQgYSBzZW50ZW5jZSB0byB0aGlzIGRyYWZ0IHN0cmVzc2luZyB0aGF0 LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWls eTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1Rp bWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjog MGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5l dyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCkfDtnJhbjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBp biAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21h bicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNl cmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 IHN0eWxlPSJib3JkZXItc3R5bGU6IHNvbGlkIG5vbmUgbm9uZTsgYm9yZGVyLXRvcC1jb2xvcjog cmdiKDE4MSwgMTk2LCAyMjMpOyBib3JkZXItdG9wLXdpZHRoOiAxcHQ7IHBhZGRpbmc6IDNwdCAw aW4gMGluOyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywg c2VyaWY7IGNvbG9yOiBibGFjazsiPg0KPGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsg Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7Ij5Gcm9tOiZuYnNwOzwvc3Bhbj48L2I+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7Ij5jb3JlICZsdDs8YSBocmVmPSJtYWlsdG86Y29yZS1ib3VuY2VzQGlldGYub3JnIiBz dHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7Ij5jb3JlLWJv dW5jZXNAaWV0Zi5vcmc8L2E+Jmd0Ow0KIG9uIGJlaGFsZiBvZiBKaW0gU2NoYWFkICZsdDs8YSBo cmVmPSJtYWlsdG86aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbSIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7 IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyI+aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbTwvYT4m Z3Q7PGJyPg0KPGI+RGF0ZTombmJzcDs8L2I+TW9uZGF5IDEwIEFwcmlsIDIwMTcgYXQgMTk6MDk8 YnI+DQo8Yj5UbzombmJzcDs8L2I+TW9oaXQgU2V0aGkgJmx0OzxhIGhyZWY9Im1haWx0bzptb2hp dC5tLnNldGhpQGVyaWNzc29uLmNvbSIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3Jh dGlvbjogdW5kZXJsaW5lOyI+bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb208L2E+Jmd0OywgJ0Nv cmUnICZsdDs8YSBocmVmPSJtYWlsdG86Y29yZUBpZXRmLm9yZyIgc3R5bGU9ImNvbG9yOiBwdXJw bGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyI+Y29yZUBpZXRmLm9yZzwvYT4mZ3Q7LA0K ICZxdW90OzxhIGhyZWY9Im1haWx0bzo2dGlzY2hAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVy cGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiPjZ0aXNjaEBpZXRmLm9yZzwvYT4mcXVv dDsgJmx0OzxhIGhyZWY9Im1haWx0bzo2dGlzY2hAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVy cGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiPjZ0aXNjaEBpZXRmLm9yZzwvYT4mZ3Q7 PGJyPg0KPGI+U3ViamVjdDombmJzcDs8L2I+UmU6IFtjb3JlXSBRdWVzdGlvbiBhYm91dCBBRUFE IG5vbmNlIHVuaXF1ZW5lc3M8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250 LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9y OiBibGFjazsiPg0KPG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIGlk PSJNQUNfT1VUTE9PS19BVFRSSUJVVElPTl9CTE9DS1FVT1RFIiBzdHlsZT0iYm9yZGVyLXN0eWxl OiBub25lIG5vbmUgbm9uZSBzb2xpZDsgYm9yZGVyLWxlZnQtY29sb3I6IHJnYigxODEsIDE5Niwg MjIzKTsgYm9yZGVyLWxlZnQtd2lkdGg6IDQuNXB0OyBwYWRkaW5nOiAwaW4gMGluIDBpbiA0cHQ7 IG1hcmdpbi1sZWZ0OiAzLjc1cHQ7IG1hcmdpbi1yaWdodDogMGluOyI+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29s b3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTog Q2FsaWJyaSwgc2Fucy1zZXJpZjsgY29sb3I6IHdpbmRvd3RleHQ7Ij5UaGVyZSBpcyBub3QgYSBw cm9ibGVtIHdpdGggZGVhbGluZyB3aXRoIG5vbmNlIHVuaXF1ZW5lc3MgaW4gdGhpcyBkcmFmdCBi ZWNhdXNlIGVhY2ggZW50aXR5IGlzIGdvaW5nIHRvIGJlIGFzc2lnbmVkIHRvIGEgdW5pcXVlIGtl eSBmb3IgdHJhbnNtaXNzaW9ucy4mbmJzcDsgVGhlIHRyYW5zcG9ydCBrZXkgaXMNCiBkZXJpdmVk IGZyb20gdGhlIFBTSyBhbmQgdGhlIHNlbmRlciBJRC4mbmJzcDsgU2VuZGVyIElEcyB3aWxsIGJl IHVuaXF1ZSBiYXNlZCBvbiB0aGUgZW5yb2xsbWVudCBwcm90b2NvbCBpbiB0aGUgZ3JvdXAgYXMg ZWFjaCBlbnRpdHkgd2lsbCBoYXZlIGEgdW5pcXVlIGlkZW50aWZpZXIuPC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNl cmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBjb2xvcjogd2luZG93dGV4dDsiPiZuYnNwOzwv c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46 IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBO ZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXpl OiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgY29sb3I6IHdpbmRvd3Rl eHQ7Ij5KaW08L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5 OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KPHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGNvbG9y OiB3aW5kb3d0ZXh0OyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0 OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4N CjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z LXNlcmlmOyBjb2xvcjogd2luZG93dGV4dDsiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxkaXYgc3R5bGU9ImJvcmRlci1zdHlsZTogbm9uZSBub25lIG5vbmUgc29saWQ7IGJvcmRlci1s ZWZ0LWNvbG9yOiBibHVlOyBib3JkZXItbGVmdC13aWR0aDogMS41cHQ7IHBhZGRpbmc6IDBpbiAw aW4gMGluIDRwdDsiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlci1zdHlsZTogc29saWQgbm9u ZSBub25lOyBib3JkZXItdG9wLWNvbG9yOiByZ2IoMjI1LCAyMjUsIDIyNSk7IGJvcmRlci10b3At d2lkdGg6IDFwdDsgcGFkZGluZzogM3B0IDBpbiAwaW47Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1m YW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+DQo8Yj48c3Bh biBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsgY29sb3I6IHdpbmRvd3RleHQ7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGNvbG9yOiB3aW5k b3d0ZXh0OyI+Jm5ic3A7Y29yZSBbPGEgaHJlZj0ibWFpbHRvOmNvcmUtYm91bmNlc0BpZXRmLm9y ZyIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyI+bWFp bHRvOmNvcmUtYm91bmNlc0BpZXRmLm9yZzwvYT5dJm5ic3A7PGI+T24NCiBCZWhhbGYgT2YmbmJz cDs8L2I+TW9oaXQgU2V0aGk8YnI+DQo8Yj5TZW50OjwvYj4mbmJzcDtNb25kYXksIEFwcmlsIDEw LCAyMDE3IDQ6NTEgQU08YnI+DQo8Yj5Ubzo8L2I+Jm5ic3A7Q29yZSAmbHQ7PGEgaHJlZj0ibWFp bHRvOmNvcmVAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246 IHVuZGVybGluZTsiPmNvcmVAaWV0Zi5vcmc8L2E+Jmd0OzsmbmJzcDs8YSBocmVmPSJtYWlsdG86 NnRpc2NoQGlldGYub3JnIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1 bmRlcmxpbmU7Ij42dGlzY2hAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+Jm5ic3A7 W2NvcmVdIFF1ZXN0aW9uIGFib3V0IEFFQUQgbm9uY2UgdW5pcXVlbmVzczwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGlt ZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9yOiBibGFjazsiPg0KJm5ic3A7PG86cD48L286cD48 L3A+DQo8cD5IaSBPU0NvQVAgYXV0aG9yczxvOnA+PC9vOnA+PC9wPg0KPHA+SSB3YXMgdHJ5aW5n IHRvIHJlYWQgdGhlIE9TQ29BUCBhbmQgNnRpc2NoIG1pbmltYWwgc2VjdXJpdHkgZHJhZnRzLiBJ IGhhdmUgYSBxdWVzdGlvbiBhYm91dCB0aGUgQUVBRCBub25jZSB1bmlxdWVuZXNzLiBSRkMgNTEx NiBzYXlzIHRoYXQ6PG86cD48L286cD48L3A+DQo8cHJlIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4g MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTBwdDsgZm9udC1mYW1pbHk6ICdDb3VyaWVyIE5ldyc7IGNv bG9yOiBibGFjazsiPiZuYnNwOyZuYnNwOyBXaGVuIHRoZXJlIGFyZSBtdWx0aXBsZSBkZXZpY2Vz IHBlcmZvcm1pbmcgZW5jcnlwdGlvbiB1c2luZyBhIHNpbmdsZTxvOnA+PC9vOnA+PC9wcmU+DQo8 cHJlIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTBwdDsgZm9u dC1mYW1pbHk6ICdDb3VyaWVyIE5ldyc7IGNvbG9yOiBibGFjazsiPiZuYnNwOyZuYnNwOyBrZXks IHRob3NlIGRldmljZXMgbXVzdCBjb29yZGluYXRlIHRvIGVuc3VyZSB0aGF0IHRoZSBub25jZXMg YXJlPG86cD48L286cD48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFw dDsgZm9udC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogJ0NvdXJpZXIgTmV3JzsgY29sb3I6IGJs YWNrOyI+Jm5ic3A7Jm5ic3A7IHVuaXF1ZS4mbmJzcDsgQSBzaW1wbGUgd2F5IHRvIGRvIHRoaXMg aXMgdG8gdXNlIGEgbm9uY2UgZm9ybWF0IHRoYXQ8bzpwPjwvbzpwPjwvcHJlPg0KPHByZSBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5 OiAnQ291cmllciBOZXcnOyBjb2xvcjogYmxhY2s7Ij4mbmJzcDsmbmJzcDsgY29udGFpbnMgYSBm aWVsZCB0aGF0IGlzIGRpc3RpbmN0IGZvciBlYWNoIG9uZSBvZiB0aGUgZGV2aWNlczxvOnA+PC9v OnA+PC9wcmU+DQo8cD5TbyBteSBvYnZpb3VzIHF1ZXN0aW9uIGlzIGhvdyBpcyB0aGUgQUVBRCBu b25jZSB1bmlxdWVuZXNzIGVuc3VyZWQuIFRoZSBQU0sgaXMga25vd24gdG8gYXQgbGVhc3QgdHdv IHBhcnRpZXMgKG1vcmUgaW4gY2FzZSBvZiBzb21lIHVzZXMgc3VjaCBhcyBtdWx0aWNhc3QgT1ND b0FQJm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9j YS1jb3JlLW11bHRpY2FzdC1vc2NvYXAtMDEiIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRl Y29yYXRpb246IHVuZGVybGluZTsiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC10 aWxvY2EtY29yZS1tdWx0aWNhc3Qtb3Njb2FwLTAxPC9hPik/PzxvOnA+PC9vOnA+PC9wPg0KPHA+ VGhlIGRyYWZ0IGN1cnJlbnRseSBzYXlzIHRoYXQgQUVBRCBOb25jZSB1bmlxdWVuZXNzIGlzIGVu c3VyZWQgd2l0aCBzZXF1ZW5jZSBudW1iZXJzIGFuZCBzZW5kZXIgY29udGV4dCB3aGljaCBpcyBl c3NlbnRpYWxseSB0aGUgc2VuZGVyIElELiBCdXQgaG93IGRvIHlvdSBlbnN1cmUgdGhhdCB0aGUg dHdvIHBhcnRpZXMgaGF2ZSBkaWZmZXJlbnQgc2VuZGVyIElELiBFc3BlY2lhbGx5IHNpbmNlIHNl bmRlciBJRCBpcyBub3QgZml4ZWQgbGVuZ3RoLg0KIEkgZ3Vlc3MgdGhlcmUgd2lsbCBiZSBvdGhl ciBwcm9ibGVtcyBpbiBjYXNlIG9mIHNlbmRlciBJRCBjb2xsaXNpb25zPzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250 LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IGNvbG9y OiBibGFjazsiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0YW5kYXJkLCBz ZXJpZjsiPmFzIFNlbmRlciBJRHMgYXJlIGN1cnJlbnRseSB1c2VkLCB0aGV5IGFyZSBtdXR1YWxs eSBhZ3JlZWQtdXBvbiBsaWtlIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsg Y29sb3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRh cmQsIHNlcmlmOyI+cmVzdCBvZiB0aGUgc2VjdXJpdHkgY29udGV4dCAoa2V5LCBhbGdvcml0aG0g ZXRjKTsgaW4gb3RoZXIgd29yZHMsIHRoZXk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAw MXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2Vy aWY7IGNvbG9yOiBibGFjazsiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0 YW5kYXJkLCBzZXJpZjsiPmFyZSBleHBsaWNpdGx5IGdpdmVuIHRvIGEgZGV2aWNlIGJ5IHRoZSBt ZWNoYW5pc20gdGhhdCBhbHNvIGRpc3RyaWJ1dGVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAw LjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbics IHNlcmlmOyBjb2xvcjogYmxhY2s7Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtp dC1zdGFuZGFyZCwgc2VyaWY7Ij50aGUga2V5LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4w MDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBz ZXJpZjsgY29sb3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQt c3RhbmRhcmQsIHNlcmlmOyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFw dDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlm OyBjb2xvcjogYmxhY2s7Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFu ZGFyZCwgc2VyaWY7Ij5CZXN0IHJlZ2FyZHM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAw MXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2Vy aWY7IGNvbG9yOiBibGFjazsiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0 YW5kYXJkLCBzZXJpZjsiPkNocmlzdGlhbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJp ZjsgY29sb3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3Rh bmRhcmQsIHNlcmlmOyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsg Zm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBj b2xvcjogYmxhY2s7Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFy ZCwgc2VyaWY7Ij4tLSZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29s b3I6IGJsYWNrOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRhcmQs IHNlcmlmOyI+Q2hyaXN0aWFuIEFtc8O8c3MmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt8IEVuZXJneSBIYXJ2 ZXN0aW5nIFNvbHV0aW9ucyBHbWJIPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsg Zm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBj b2xvcjogYmxhY2s7Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFy ZCwgc2VyaWY7Ij5mb3VuZGVyLCBzeXN0ZW0gYXJjaGl0ZWN0Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwgaGVh ZHF1YXJ0ZXI6PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAx MnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxhY2s7 Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZCwgc2VyaWY7Ij48 YSBocmVmPSJtYWlsdG86Yy5hbXN1ZXNzQGVuZXJneWhhcnZlc3RpbmcuYXQiIHN0eWxlPSJjb2xv cjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiPm1haWx0bzpjLmFtc3Vlc3NA ZW5lcmd5aGFydmVzdGluZy5hdDwvYT4mbmJzcDsmbmJzcDt8IEFyYmVpdGVyZ2Fzc2UgMTUsIEEt NDQwMCBTdGV5cjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNr OyI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRhcmQsIHNlcmlmOyI+ PGEgaHJlZj0idGVsOiYjNDM7NDMtNjY0LTk3LTkwLTYtMzkiIHN0eWxlPSJjb2xvcjogcHVycGxl OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiPnRlbDomIzQzOzQzLTY2NC05Ny05MC02LTM5 PC9hPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wmbmJzcDs8YSBocmVm PSJodHRwOi8vd3d3LmVuZXJneWhhcnZlc3RpbmcuYXQvIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsg dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7Ij5odHRwOi8vd3d3LmVuZXJneWhhcnZlc3Rpbmcu YXQvPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJw dDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsgY29sb3I6IGJsYWNrOyI+ DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRhcmQsIHNlcmlmOyI+Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCBB VFU2ODQ3NjYxNDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9u dC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xv cjogYmxhY2s7Ij4NCjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyBjb2xvcjogYmxh Y2s7Ij4NCjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1Rp bWVzIE5ldyBSb21hbicsIHNlcmlmOyBtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGNvbG9yOiBi bGFjazsiPg0KPG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7Ij4NCjxicj4N CjwvZGl2Pg0KPHNwYW4gaWQ9Ik9MS19TUkNfQk9EWV9TRUNUSU9OIiBzdHlsZT0iY29sb3I6IHJn YigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog MTRweDsiPg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6Q2FsaWJyaTsgZm9udC1zaXplOjExcHQ7 IHRleHQtYWxpZ246bGVmdDsgY29sb3I6YmxhY2s7IEJPUkRFUi1CT1RUT006IG1lZGl1bSBub25l OyBCT1JERVItTEVGVDogbWVkaXVtIG5vbmU7IFBBRERJTkctQk9UVE9NOiAwaW47IFBBRERJTkct TEVGVDogMGluOyBQQURESU5HLVJJR0hUOiAwaW47IEJPUkRFUi1UT1A6ICNiNWM0ZGYgMXB0IHNv bGlkOyBCT1JERVItUklHSFQ6IG1lZGl1bSBub25lOyBQQURESU5HLVRPUDogM3B0Ij4NCjxzcGFu IHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5Gcm9tOiA8L3NwYW4+TW9oaXQgU2V0aGkgJmx0Ozxh IGhyZWY9Im1haWx0bzptb2hpdC5tLnNldGhpQGVyaWNzc29uLmNvbSI+bW9oaXQubS5zZXRoaUBl cmljc3Nvbi5jb208L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5E YXRlOiA8L3NwYW4+VGh1cnNkYXkgMTMgQXByaWwgMjAxNyBhdCAxMTo0NTxicj4NCjxzcGFuIHN0 eWxlPSJmb250LXdlaWdodDpib2xkIj5UbzogPC9zcGFuPkfDtnJhbiBTZWxhbmRlciAmbHQ7PGEg aHJlZj0ibWFpbHRvOmdvcmFuLnNlbGFuZGVyQGVyaWNzc29uLmNvbSI+Z29yYW4uc2VsYW5kZXJA ZXJpY3Nzb24uY29tPC9hPiZndDssICdDb3JlJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmNvcmVAaWV0 Zi5vcmciPmNvcmVAaWV0Zi5vcmc8L2E+Jmd0OywgJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOjZ0aXNj aEBpZXRmLm9yZyI+NnRpc2NoQGlldGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRv OjZ0aXNjaEBpZXRmLm9yZyI+NnRpc2NoQGlldGYub3JnPC9hPiZndDs8YnI+DQo8c3BhbiBzdHls ZT0iZm9udC13ZWlnaHQ6Ym9sZCI+Q2M6IDwvc3Bhbj5KaW0gU2NoYWFkICZsdDs8YSBocmVmPSJt YWlsdG86aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbSI+aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbTwvYT4m Z3Q7LCBDaHJpc3RpYW4gQW1zw7xzcyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmMuYW1zdWVzc0BlbmVy Z3loYXJ2ZXN0aW5nLmF0Ij5jLmFtc3Vlc3NAZW5lcmd5aGFydmVzdGluZy5hdDwvYT4mZ3Q7PGJy Pg0KPHNwYW4gc3R5bGU9ImZvbnQtd2VpZ2h0OmJvbGQiPlN1YmplY3Q6IDwvc3Bhbj5SZTogW2Nv cmVdIFF1ZXN0aW9uIGFib3V0IEFFQUQgbm9uY2UgdW5pcXVlbmVzczxicj4NCjwvZGl2Pg0KPGRp dj48YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIGlkPSJNQUNfT1VUTE9PS19BVFRSSUJVVElPTl9C TE9DS1FVT1RFIiBzdHlsZT0iQk9SREVSLUxFRlQ6ICNiNWM0ZGYgNSBzb2xpZDsgUEFERElORzow IDAgMCA1OyBNQVJHSU46MCAwIDAgNTsiPg0KPGRpdj4NCjxkaXYgdGV4dD0iIzAwMDAwMCIgYmdj b2xvcj0iI0ZGRkZGRiI+DQo8cD5IaSBHw7ZyYW4sIEppbSBhbmQgQ2hyaXN0aWFuPC9wPg0KPHA+ VGhhbmtzIGZvciByZXNwb25kaW5nIHRvIG15IHF1ZXN0aW9uLiBAR8O2cmFuOiBib3RoIDEpIHVz ZSBFREhPQyBvciAyKSBnZW5lcmF0ZSBsYXJnZSByYW5kb20gaWRlbnRpZmllcnMsIGFyZSB0aGUg c2FtZSB0aGluZy4gSG93IGFyZSB0aGV5IGFueSBkaWZmZXJlbnQ/IEkgd2VudCB0aHJvdWdoIEVE SE9DIGRyYWZ0IGFuZCBpdCBzYXlzIHRoYXQgc2VuZGVyIGlkIGlzIFNfViB3aGljaCBpcyB2YXJp YWJsZSBsZW5ndGggc2Vzc2lvbiBpZGVudGlmaWVyDQogKD0gZ2VuZXJhdGUgbGFyZ2UgcmFuZG9t IGlkZW50aWZpZXIpLjxicj4NCjwvcD4NCjxwPkkgYW0gYWZyYWlkIHNpbXBseSB3YXZpbmcgb2Zm IHRoZSBwcm9ibGVtIGFzIG91dCBvZiBzY29wZSBtYXkgbGVhZCB0byBzb21lIChtYW55KSBpbnRl ciBpbnRlcm9wZXJhYmlsaXR5IGlzc3Vlcy4gSWYgdGhlIFNlbmRlciBJRCBpcyB2YXJpYWJsZSBs ZW5ndGgsIGRpZmZlcmVudCBtYW51ZmFjdHVyZXJzIG1heSBpbXBsZW1lbnQgaXQgdmVyeSBkaWZm ZXJlbnRseSBhbmQgY291bGQgY2F1c2UgY29sbGlzaW9uIHdpdGgganVzdCAyLTMgZGV2aWNlcy4N CiBJZiB0aGV5IGFyZSBnZW5lcmF0ZWQgaW4gc29mdHdhcmUgYXQgcnVuIHRpbWUsIHlvdSBjYW4g c3RpbGwgZG8gc29tZXRoaW5nIGFib3V0IGl0LCBidXQgaWYgaXQgaXMgYnVybnQgaW50byB0aGUg ZGV2aWNlLCB0aGVuIHRoZXJlIGlzIG5vIHdheSB0byByZWNvdmVyIGZyb20gLiBBdCB0aGUgdmVy eSBsZWFzdCB0aGVyZSBjb3VsZCBiZSBiZXR0ZXIgZ3VpZGFuY2UuIEkgYWxzbyB0aGluayBpdCB3 b3VsZCBtYWtlIHNlbnNlIHRvIGhhdmUgYSBtaW5pbXVtDQogbGVuZ3RoIHNwZWNpZmllZCBhbmQg c29tZSByZWNvbW1lbmRhdGlvbnMvZ3VpZGVsaW5lcyBvbiBob3cgaXQgaXMgZ2VuZXJhdGVkLjxi cj4NCjwvcD4NCjxwPkkgd291bGQgYWxzbyBsaWtlIHRvIGtub3cgd2hhdCBhcmUgdGhlIGNvbmNy ZXRlIGFmZmVjdHMgb2YgYSBjb2xsaXNpb24/PC9wPg0KPHA+LS1Nb2hpdDxicj4NCjwvcD4NCjxi cj4NCjxkaXYgY2xhc3M9Im1vei1jaXRlLXByZWZpeCI+T24gMDQvMTEvMjAxNyAwODo0MyBBTSwg R8O2cmFuIFNlbGFuZGVyIHdyb3RlOjxicj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgY2l0ZT0ibWlk OkQ1MTIyOTdDLjdCNTlEJTI1Z29yYW4uc2VsYW5kZXJAZXJpY3Nzb24uY29tIiB0eXBlPSJjaXRl Ij4NCjxkaXY+SGVsbG8gTW9oaXQsPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5DaHJp c3RpYW4gYW5kIEppbSBhbHJlYWR5IHByb3ZpZGVkIGFuc3dlcnMsIGxldCBtZSBqdXN0IHByb3Zp ZGUgcG9pbnRlcnMgdG8gdGhlIHJlbGV2YW50IHNlY3Rpb25zLjwvZGl2Pg0KPGRpdj48YnI+DQo8 L2Rpdj4NCjxkaXY+T1NDT0FQOjwvZGl2Pg0KPGRpdj7igJQ8L2Rpdj4NCjxkaXY+VGhlIHJlcXVp cmVtZW50cyBvbiB0aGUgc2VjdXJpdHkgY29udGV4dCBwYXJhbWV0ZXJzIGFyZSBoZXJlOjwvZGl2 Pg0KPGRpdj48YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWNvcmUtb2JqZWN0LXNlY3VyaXR5LTAyI3NlY3Rpb24tMy4z Ij5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1jb3JlLW9iamVjdC1zZWN1 cml0eS0wMiNzZWN0aW9uLTMuMzwvYT48L2Rpdj4NCjxkaXY+VHdvIG1ldGhvZHMgZm9yIGVzdGFi bGlzaGluZyB1bmlxdWUgc2VuZGVyIElEcyBhcmUgcHJlc2VudGVkOiAxKSB1c2UgRURIT0Mgb3Ig MikgZ2VuZXJhdGUgbGFyZ2UgcmFuZG9tIGlkZW50aWZpZXJzLiZuYnNwOzwvZGl2Pg0KPGRpdj5U aGUgZm9ybWVyIGFsbG93cyBmb3IgdGhlIHVzZSBvZiBzaG9ydCBzZW5kZXIgSURzLjwvZGl2Pg0K PGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2Pk11bHRpY2FzdCBPU0NP QVA6PC9kaXY+DQo8ZGl2PuKAlDwvZGl2Pg0KPGRpdj5JbiBNdWx0aWNhc3QgT1NDT0FQIChTZWN1 cmUgZ3JvdXAgY29tbXVuaWNhdGlvbiBmb3IgQ29BUCkgdGhlIHJlcXVpcmVtZW50cyBvbiB0aGUg c2VjdXJpdHkgY29udGV4dCBwYXJhbWV0ZXJzIGFyZSBoZXJlOjwvZGl2Pg0KPGRpdj48YSBtb3ot ZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC10aWxvY2EtY29yZS1tdWx0aWNhc3Qtb3Njb2FwLTAxI3NlY3Rpb24tMiI+aHR0cHM6Ly90b29s cy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9jYS1jb3JlLW11bHRpY2FzdC1vc2NvYXAtMDEjc2Vj dGlvbi0yPC9hPjwvZGl2Pg0KPGRpdj5JdCBpcyB0aGUgcmVzcG9uc2liaWxpdHkgb2YgdGhlIEdy b3VwIE1hbmFnZXIgdG8gZXN0YWJsaXNoIGFuZCBtYW5hZ2UgdGhlIHNlY3VyaXR5IGNvbnRleHQs IHdoaWNoIGluY2x1ZGVzIHRoZSBzZW5kZXIgSURzLCBidXQgaG93IHRoZSBhc3NpZ25tZW50IGlz IGRvbmUgaXMgb3V0IG9mIHNjb3BlLiBUaGUgdW5pcXVlbmVzcyBvZiBzZW5kZXIgSURzIGluIHRo aXMgZHJhZnQgZm9sbG93cyBmcm9tIE9TQ09BUCwgYnV0IHNpbmNlIHlvdSBhc2tlZA0KIEkgdGhp bmsgd2Ugc2hvdWxkIGFkZCBhIHNlbnRlbmNlIHRvIHRoaXMgZHJhZnQgc3RyZXNzaW5nIHRoYXQu PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+R8O2cmFu PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxzcGFuIGlkPSJP TEtfU1JDX0JPRFlfU0VDVElPTiI+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTpDYWxpYnJpOyBm b250LXNpemU6MTFwdDsNCiAgICAgICAgICB0ZXh0LWFsaWduOmxlZnQ7IGNvbG9yOmJsYWNrOyBC T1JERVItQk9UVE9NOiBtZWRpdW0gbm9uZTsNCiAgICAgICAgICBCT1JERVItTEVGVDogbWVkaXVt IG5vbmU7IFBBRERJTkctQk9UVE9NOiAwaW47IFBBRERJTkctTEVGVDoNCiAgICAgICAgICAwaW47 IFBBRERJTkctUklHSFQ6IDBpbjsgQk9SREVSLVRPUDogI2I1YzRkZiAxcHQgc29saWQ7DQogICAg ICAgICAgQk9SREVSLVJJR0hUOiBtZWRpdW0gbm9uZTsgUEFERElORy1UT1A6IDNwdCI+DQo8c3Bh biBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+RnJvbTogPC9zcGFuPmNvcmUgJmx0OzxhIG1vei1k by1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0ibWFpbHRvOmNvcmUtYm91bmNlc0BpZXRmLm9yZyI+Y29y ZS1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgb24gYmVoYWxmIG9mIEppbSBTY2hhYWQgJmx0Ozxh IG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0ibWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5j b20iPmlldGZAYXVndXN0Y2VsbGFycy5jb208L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250 LXdlaWdodDpib2xkIj5EYXRlOiA8L3NwYW4+TW9uZGF5IDEwIEFwcmlsIDIwMTcgYXQgMTk6MDk8 YnI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+VG86IDwvc3Bhbj5Nb2hpdCBTZXRo aSAmbHQ7PGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86bW9oaXQubS5zZXRo aUBlcmljc3Nvbi5jb20iPm1vaGl0Lm0uc2V0aGlAZXJpY3Nzb24uY29tPC9hPiZndDssICdDb3Jl JyAmbHQ7PGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86Y29yZUBpZXRmLm9y ZyI+Y29yZUBpZXRmLm9yZzwvYT4mZ3Q7LCAmcXVvdDs8YSBtb3otZG8tbm90LXNlbmQ9InRydWUi IGhyZWY9Im1haWx0bzo2dGlzY2hAaWV0Zi5vcmciPjZ0aXNjaEBpZXRmLm9yZzwvYT4mcXVvdDsN CiAmbHQ7PGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86NnRpc2NoQGlldGYu b3JnIj42dGlzY2hAaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdo dDpib2xkIj5TdWJqZWN0OiA8L3NwYW4+UmU6IFtjb3JlXSBRdWVzdGlvbiBhYm91dCBBRUFEIG5v bmNlIHVuaXF1ZW5lc3M8YnI+DQo8L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8YmxvY2txdW90 ZSBpZD0iTUFDX09VVExPT0tfQVRUUklCVVRJT05fQkxPQ0tRVU9URSIgc3R5bGU9IkJPUkRFUi1M RUZUOiAjYjVjNGRmIDUgc29saWQ7IFBBRERJTkc6MCAwIDAgNTsgTUFSR0lOOjANCiAgICAgICAg ICAwIDAgNTsiPg0KPGRpdiB4bWxuczp2PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOnZtbCIg eG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4bWxuczp3 PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJodHRwOi8v c2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJodHRwOi8v d3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVu dD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkDQogICAgICAgICAgICAgIG1lZGl1bSkiPg0K PHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1m YW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAy IDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2Ut MToyIDExIDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29O b3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdp bi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1l cyBOZXcgUm9tYW4iLHNlcmlmOw0KCWNvbG9yOmJsYWNrO30NCmE6bGluaywgc3Bhbi5Nc29IeXBl cmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNv cmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQN Cgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRp b246dW5kZXJsaW5lO30NCnByZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxl LWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1hcmdpbjowaW47DQoJbWFyZ2luLWJv dHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIg TmV3IjsNCgljb2xvcjpibGFjazt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5t c29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ow0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJU aW1lcyBOZXcgUm9tYW4iLHNlcmlmOw0KCWNvbG9yOmJsYWNrO30NCnNwYW4uSFRNTFByZWZvcm1h dHRlZENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1z by1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQi Ow0KCWZvbnQtZmFtaWx5OiJDb25zb2xhcyIsc2VyaWY7DQoJY29sb3I6YmxhY2s7fQ0Kc3Bhbi5F bWFpbFN0eWxlMjENCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4g MS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0 cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1b aWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRt YXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5k aWZdLS0+DQo8ZGl2IGJnY29sb3I9IndoaXRlIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIiBs YW5nPSJFTi1VUyI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOndpbmRvd3RleHQiPlRoZXJlIGlzIG5vdCBhIHBy b2JsZW0gd2l0aCBkZWFsaW5nIHdpdGggbm9uY2UgdW5pcXVlbmVzcyBpbiB0aGlzIGRyYWZ0IGJl Y2F1c2UgZWFjaCBlbnRpdHkgaXMgZ29pbmcgdG8gYmUgYXNzaWduZWQgdG8gYSB1bmlxdWUga2V5 IGZvciB0cmFuc21pc3Npb25zLiZuYnNwOyBUaGUNCiB0cmFuc3BvcnQga2V5IGlzIGRlcml2ZWQg ZnJvbSB0aGUgUFNLIGFuZCB0aGUgc2VuZGVyIElELiZuYnNwOyBTZW5kZXIgSURzIHdpbGwgYmUg dW5pcXVlIGJhc2VkIG9uIHRoZSBlbnJvbGxtZW50IHByb3RvY29sIGluIHRoZSBncm91cCBhcyBl YWNoIGVudGl0eSB3aWxsIGhhdmUgYSB1bmlxdWUgaWRlbnRpZmllci48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6d2luZG93 dGV4dCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOndpbmRvd3RleHQiPkppbTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjp3aW5kb3d0ZXh0 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWY7Y29sb3I6d2luZG93dGV4dCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZQ0KICAgICAg ICAgICAgICAgICAgMS41cHQ7cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdCI+DQo8ZGl2Pg0KPGRp diBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxDQogICAgICAgICAg ICAgICAgICAgICAgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6d2luZG93dGV4dCI+RnJvbTo8L3Nw YW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjp3aW5kb3d0ZXh0Ij4gY29yZSBbPGEgbW96LWRv LW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86Y29yZS1ib3VuY2VzQGlldGYub3JnIj5tYWls dG86Y29yZS1ib3VuY2VzQGlldGYub3JnPC9hPl0NCjxiPk9uIEJlaGFsZiBPZiA8L2I+TW9oaXQg U2V0aGk8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBBcHJpbCAxMCwgMjAxNyA0OjUxIEFNPGJy Pg0KPGI+VG86PC9iPiBDb3JlICZsdDs8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1h aWx0bzpjb3JlQGlldGYub3JnIj5jb3JlQGlldGYub3JnPC9hPiZndDs7DQo8YSBtb3otZG8tbm90 LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzo2dGlzY2hAaWV0Zi5vcmciPjZ0aXNjaEBpZXRmLm9y ZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW2NvcmVdIFF1ZXN0aW9uIGFib3V0IEFFQUQgbm9u Y2UgdW5pcXVlbmVzczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwPkhpIE9TQ29BUCBhdXRo b3JzPG86cD48L286cD48L3A+DQo8cD5JIHdhcyB0cnlpbmcgdG8gcmVhZCB0aGUgT1NDb0FQIGFu ZCA2dGlzY2ggbWluaW1hbCBzZWN1cml0eSBkcmFmdHMuIEkgaGF2ZSBhIHF1ZXN0aW9uIGFib3V0 IHRoZSBBRUFEIG5vbmNlIHVuaXF1ZW5lc3MuIFJGQyA1MTE2IHNheXMgdGhhdDo8bzpwPjwvbzpw PjwvcD4NCjxwcmU+Jm5ic3A7Jm5ic3A7IFdoZW4gdGhlcmUgYXJlIG11bHRpcGxlIGRldmljZXMg cGVyZm9ybWluZyBlbmNyeXB0aW9uIHVzaW5nIGEgc2luZ2xlPG86cD48L286cD48L3ByZT4NCjxw cmU+Jm5ic3A7Jm5ic3A7IGtleSwgdGhvc2UgZGV2aWNlcyBtdXN0IGNvb3JkaW5hdGUgdG8gZW5z dXJlIHRoYXQgdGhlIG5vbmNlcyBhcmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJz cDsgdW5pcXVlLiZuYnNwOyBBIHNpbXBsZSB3YXkgdG8gZG8gdGhpcyBpcyB0byB1c2UgYSBub25j ZSBmb3JtYXQgdGhhdDxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBjb250YWlu cyBhIGZpZWxkIHRoYXQgaXMgZGlzdGluY3QgZm9yIGVhY2ggb25lIG9mIHRoZSBkZXZpY2VzPG86 cD48L286cD48L3ByZT4NCjxwPlNvIG15IG9idmlvdXMgcXVlc3Rpb24gaXMgaG93IGlzIHRoZSBB RUFEIG5vbmNlIHVuaXF1ZW5lc3MgZW5zdXJlZC4gVGhlIFBTSyBpcyBrbm93biB0byBhdCBsZWFz dCB0d28gcGFydGllcyAobW9yZSBpbiBjYXNlIG9mIHNvbWUgdXNlcyBzdWNoIGFzIG11bHRpY2Fz dCBPU0NvQVANCjxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9jYS1jb3JlLW11bHRpY2FzdC1vc2NvYXAtMDEiPg0KaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRpbG9jYS1jb3JlLW11bHRpY2FzdC1vc2Nv YXAtMDE8L2E+KT8/IDxvOnA+PC9vOnA+PC9wPg0KPHA+VGhlIGRyYWZ0IGN1cnJlbnRseSBzYXlz IHRoYXQgQUVBRCBOb25jZSB1bmlxdWVuZXNzIGlzIGVuc3VyZWQgd2l0aCBzZXF1ZW5jZSBudW1i ZXJzIGFuZCBzZW5kZXIgY29udGV4dCB3aGljaCBpcyBlc3NlbnRpYWxseSB0aGUgc2VuZGVyIElE LiBCdXQgaG93IGRvIHlvdSBlbnN1cmUgdGhhdCB0aGUgdHdvIHBhcnRpZXMgaGF2ZSBkaWZmZXJl bnQgc2VuZGVyIElELiBFc3BlY2lhbGx5IHNpbmNlIHNlbmRlciBJRCBpcyBub3QgZml4ZWQgbGVu Z3RoLg0KIEkgZ3Vlc3MgdGhlcmUgd2lsbCBiZSBvdGhlciBwcm9ibGVtcyBpbiBjYXNlIG9mIHNl bmRlciBJRCBjb2xsaXNpb25zPzwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9ibG9ja3F1b3RlPg0KPC9zcGFuPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiAt d2Via2l0LXN0YW5kYXJkOyI+YXMgU2VuZGVyIElEcyBhcmUgY3VycmVudGx5IHVzZWQsIHRoZXkg YXJlIG11dHVhbGx5IGFncmVlZC11cG9uIGxpa2UgdGhlPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250 LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZDsiPnJlc3Qgb2YgdGhlIHNlY3VyaXR5IGNvbnRleHQg KGtleSwgYWxnb3JpdGhtIGV0Yyk7IGluIG90aGVyIHdvcmRzLCB0aGV5PC9kaXY+DQo8ZGl2IHN0 eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZDsiPmFyZSBleHBsaWNpdGx5IGdpdmVu IHRvIGEgZGV2aWNlIGJ5IHRoZSBtZWNoYW5pc20gdGhhdCBhbHNvIGRpc3RyaWJ1dGVzPC9kaXY+ DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZDsiPnRoZSBrZXkuPC9k aXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZDsiPjxicj4NCjwv ZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRhcmQ7Ij5CZXN0IHJl Z2FyZHM8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0YW5kYXJkOyI+ Q2hyaXN0aWFuPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFy ZDsiPjxicj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3RhbmRh cmQ7Ij4tLSZuYnNwOzwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3Rh bmRhcmQ7Ij5DaHJpc3RpYW4gQW1zw7xzcyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgRW5lcmd5IEhhcnZl c3RpbmcgU29sdXRpb25zIEdtYkg8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Vi a2l0LXN0YW5kYXJkOyI+Zm91bmRlciwgc3lzdGVtIGFyY2hpdGVjdCZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8 IGhlYWRxdWFydGVyOjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3Rh bmRhcmQ7Ij48YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpjLmFtc3Vlc3NA ZW5lcmd5aGFydmVzdGluZy5hdCI+bWFpbHRvOmMuYW1zdWVzc0BlbmVyZ3loYXJ2ZXN0aW5nLmF0 PC9hPiZuYnNwOyZuYnNwO3wgQXJiZWl0ZXJnYXNzZSAxNSwgQS00NDAwIFN0ZXlyPC9kaXY+DQo8 ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFuZGFyZDsiPnRlbDomIzQzOzQzLTY2 NC05Ny05MC02LTM5Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCZuYnNw OzxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL3d3dy5lbmVyZ3loYXJ2ZXN0 aW5nLmF0LyI+aHR0cDovL3d3dy5lbmVyZ3loYXJ2ZXN0aW5nLmF0LzwvYT48L2Rpdj4NCjxkaXYg c3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0YW5kYXJkOyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCBBVFU2ODQ3NjYxNDwvZGl2 Pg0KPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjwvYmxvY2tx dW90ZT4NCjxicj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L3NwYW4+DQo8L2Jv ZHk+DQo8L2h0bWw+DQo= --_000_D5161FCE7BAA8goranselanderericssoncom_-- From nobody Tue Apr 18 07:31:54 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 913B612778D; Tue, 18 Apr 2017 07:31:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQ245a90dCsO; Tue, 18 Apr 2017 07:31:50 -0700 (PDT) Received: from se-out2.mx-wecloud.net (se-out2.mx-wecloud.net [89.221.255.177]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98FB8127871; Tue, 18 Apr 2017 07:31:45 -0700 (PDT) Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out2.mx-wecloud.net (Postfix) with ESMTPS id E6CDA220731; Tue, 18 Apr 2017 14:31:41 +0000 (UTC) Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Tue, 18 Apr 2017 16:31:43 +0200 To: "ace-chairs@ietf.org" CC: "ace@ietf.org" From: Ludwig Seitz Message-ID: <86798c57-6d47-f00a-ec7d-0886b82e0366@ri.se> Date: Tue, 18 Apr 2017 16:31:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.116.0.226] X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.2 cv=Up4TD64B c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=IkcTkHD0fZMA:10 a=AzvcPWV-tVgA:10 a=48vgC7mUAAAA:8 a=QLPfpYkryAO4RqcpiSkA:9 a=QEXdDO2ut3YA:10 a=V2CapFxqm0gA:10 a=ePWGEMN2vnwA:10 a=w1C3t2QeGrPiZgrLijVG:22 X-Virus-Scanned: clamav-milter 0.99.2 at MailSecurity X-Virus-Status: Clean X-MailSecurity-Status: 0 X-Scanned-By: WeCloud MailSecurity X-MailSecurity-Score: 0 Archived-At: Subject: [Ace] Minutes from IETF 98 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 14:31:53 -0000 Hello chairs, I'm looking for the minutes of ACE@IETF98. They are not currently here: https://datatracker.ietf.org/meeting/98/proceedings Can you provide them? Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 From nobody Wed Apr 19 04:08:23 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC825129489; Wed, 19 Apr 2017 04:08:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.899 X-Spam-Level: X-Spam-Status: No, score=-4.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Txb7kEFEJoSf; Wed, 19 Apr 2017 04:08:19 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C031294A5; Wed, 19 Apr 2017 04:08:18 -0700 (PDT) Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx003 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MBnSJ-1cq6V52SNr-00Akng; Wed, 19 Apr 2017 13:08:08 +0200 To: Ludwig Seitz , "ace-chairs@ietf.org" References: <86798c57-6d47-f00a-ec7d-0886b82e0366@ri.se> Cc: "ace@ietf.org" From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Message-ID: <38780965-515e-0529-99ad-ffd5fcc325e8@gmx.net> Date: Wed, 19 Apr 2017 13:08:07 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <86798c57-6d47-f00a-ec7d-0886b82e0366@ri.se> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xbKB7EMMfxHE62FJTvr4xWlrxpoRJjlb1" X-Provags-ID: V03:K0:8qFXnrXd7DWc6cMZ5zKxkjkZyrYYQH9fLX5S/3n7rkAgF+jMlYB rewtdkb/jcsqueEjBtFM1u36dJCQCbMLY98DHngIAcGqocKQmpGCBxm/grSsHeOYaLuY84t wMXBFBTkEqBvVRlC17qiJ1z7/Ua+R+hx3k7mbnjZIsLJbU9KEMCgvGau3LAK0A7xH7NDkJa HPFYzBfyfpPAx7a5Aulvw== X-UI-Out-Filterresults: notjunk:1;V01:K0:zad7aEllFTI=:A2Ka3SMzKY33tuKdgLZGPN xfMgwwbIwmoTi6ObrhqOARf3EPO/01DUtoQKCPfELpAErRzicOZWZoB727oflLyKh2su267YH //o1ZgW2SWB3mW2u7foayaepH/heZ6/FruQoxq98QhAosrwbdBbItml7McLuqEf7LOOqYFS7l mabb5RFEQZol3m9LLWAGbw6TH9ODYouQYaNfXJisLzojZiEKSShxPoaU1qdeLu56/PC3NWUzp j5s4SPekAxyZQd3q8sQdWQIJUBgmr38OE+6zL2OcKwlUS7GzXFRGOCwV/+T9H2igkVwwF/hry XmuG2v5Hl+iHepkDpEPaXp7tw433Ka7Oaxj6gTV4FL5CAxQcqmqlRm18rQ2XNfryjWnpqp6vV cBjupoM3Vl+AXzKKakuUGoMVgiXge/C1on8JdDfHtP3Te0+4z8z4jGghuBBo+paBb1EqiHkdY X1//f9x/ALHDJ5Q8dloBbn8ryTZUXUT/FRucs8z0xzr6TbqL6IGRja3uspDYgvCy26IEXpvlU Czd58wdIfQx2bITw2aCpEOSfdjOtBaBUdvvEtPw+ElACUwwQUjiOdipKA9VsytUAGjdrKU46m vMpXTTN/km1h9lXYGGWqbAGPn2IW6O9RdE8Pj49KaRSz0+f+B6dfVi6Efg9wIPXm9dJ9GQz2o 9i/BrBhqQE9eaQzBZe/VmV+PwZngCVEPt9InjhYpbYvRGOzrCHJbquLSvf2Y6/GsXRbD/hSjb dtp96CTa6pxuaxaZRD1QwWQRy4off8WJHNgk5KoxeafzZ5512RqOC/5aiPM= Archived-At: Subject: Re: [Ace] Minutes from IETF 98 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 11:08:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xbKB7EMMfxHE62FJTvr4xWlrxpoRJjlb1 Content-Type: multipart/mixed; boundary="LBTb5CActWHc94kjxGuCVhSkcIt3pPLFo"; protected-headers="v1" From: Hannes Tschofenig To: Ludwig Seitz , "ace-chairs@ietf.org" Cc: "ace@ietf.org" Message-ID: <38780965-515e-0529-99ad-ffd5fcc325e8@gmx.net> Subject: Re: [Ace] Minutes from IETF 98 References: <86798c57-6d47-f00a-ec7d-0886b82e0366@ri.se> In-Reply-To: <86798c57-6d47-f00a-ec7d-0886b82e0366@ri.se> --LBTb5CActWHc94kjxGuCVhSkcIt3pPLFo Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Ludwig, thanks for asking. The meeting minutes were captured by Ari & Mohit at the Etherpad at http://etherpad.tools.ietf.org:9000/p/notes-ietf-98-ace?useMonospaceFont=3D= true I have copied the content into the official meeting notes at https://www.ietf.org/proceedings/98/minutes/minutes-98-ace-00 Feedback still appreciated. Thanks to Ari and Mohit for taking so detailed notes. Ciao Hannes On 04/18/2017 04:31 PM, Ludwig Seitz wrote: > Hello chairs, >=20 > I'm looking for the minutes of ACE@IETF98. They are not currently here:= > https://datatracker.ietf.org/meeting/98/proceedings >=20 > Can you provide them? >=20 > Regards, >=20 > Ludwig --LBTb5CActWHc94kjxGuCVhSkcIt3pPLFo-- --xbKB7EMMfxHE62FJTvr4xWlrxpoRJjlb1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJY90UXAAoJEGhJURNOOiAtTAIH/35FrzUC3wGzv6kFZnZ7LQS5 qKeCax+42H7iwNZWtvS0zSu9QJH1nefYcY/hvu20X4wiOatIYHG3YhqObRzk/nF1 hHr+ipdOJsHnYvhEBBmcw+feV1GZHyPzF5zAQ3VCUlc6XW9yWqOYNcWV72D7EE7d 0z1a7p4UvggLggEj6JVhv72rVUWjc8hjmW0gzb2ULRHbb0ZPdFFVVr0KZGXrqHTF EpnxgKOOdJuU3v6CIun0Rosxe92YPg/qPVpEMvGCxOtwUn5P7hF5l+uUco4nB4c7 I39YKfkdAQPJfqVBULI1yLzB59Tr9SUg0CjZj0Un9x/aE2GxC/zxDkckQN1dIE8= =cLej -----END PGP SIGNATURE----- --xbKB7EMMfxHE62FJTvr4xWlrxpoRJjlb1-- From nobody Thu Apr 20 12:11:02 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A7E131598 for ; Thu, 20 Apr 2017 12:11:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50LRwWTMVZhf for ; Thu, 20 Apr 2017 12:10:59 -0700 (PDT) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0092.outbound.protection.outlook.com [104.47.36.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DE81131591 for ; Thu, 20 Apr 2017 12:10:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PK5EUcKE9R1ef7/lWlZgSWgnRzood3EGelvB9vQkla8=; b=TN0gMaFoSbZ00PVlst3PXqUOzs9ECgnxZ/jpkidgxZhTV4xflbn1xyoNPup7rJl9h45PNXHosFduYqV5a0mZDi0t4V+KdTA5mCNcqBS+6KFbDIMtChS/PKxJogDUY14tRxuEb4Bl6ynXVCXoQkM/STjcnP7GTvhi0jcFGVv7+6Q= Received: from BN6PR21MB0500.namprd21.prod.outlook.com (10.172.112.10) by BN6PR21MB0497.namprd21.prod.outlook.com (10.172.112.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.1; Thu, 20 Apr 2017 19:10:53 +0000 Received: from BN6PR21MB0500.namprd21.prod.outlook.com ([10.172.112.10]) by BN6PR21MB0500.namprd21.prod.outlook.com ([10.172.112.10]) with mapi id 15.01.1061.003; Thu, 20 Apr 2017 19:10:53 +0000 From: Mike Jones To: "ace@ietf.org" Thread-Topic: Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) Thread-Index: AdK6Bb2+fFzDaH8tQi+ibomgYAgxlw== Date: Thu, 20 Apr 2017 19:10:53 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetBy=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-04-20T12:10:51.6278460-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [2001:4898:80e8:f::36] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BN6PR21MB0497; 7:ufwzuRM/jbdHaUgWCxb6Y+f5TzSst2jAGbiXtK2ZtWZ0P42XDMg7b0mWBOJ4oIyJsbZUzQIBiRyAZITJqmkqx3Q+6mnTtSA+JJh+qSX3uxW5hpLRPcRGWKDNa1wfPOychEuz0Ld4Jw/mTkG1B7/0ARRsvRKQOgl1KKuU+B7cDYNmfSSdn+xGdbwvKnoVHuVj4ea2WSfOgdudAISUK2Pg4AVVyY6zeksHN3qtUUMZqG26zQGBh2EvLE1J1vkFJprNEyocacUO3bDpxtU+HQKco1AOL6n7PPtcvRkX7Wr4a9XaUTzs6xgRmNfK0h6WwsZzpYVOr2yzetNHN5Dwu+qpYVGPe7ZaRk7xZYrycEQusv4= x-ms-office365-filtering-correlation-id: 16f15889-6d8e-44f9-116a-08d48820f785 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:BN6PR21MB0497; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(31418570063057)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123564025)(20161123558043)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406096)(20161123562025)(6072148); SRVR:BN6PR21MB0497; BCL:0; PCL:0; RULEID:; SRVR:BN6PR21MB0497; x-forefront-prvs: 02830F0362 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39450400003)(39410400002)(39850400002)(39860400002)(39400400002)(39840400002)(209900001)(199003)(189002)(74316002)(8990500004)(86362001)(86612001)(122556002)(7696004)(230783001)(236005)(53936002)(790700001)(3280700002)(54896002)(6116002)(2351001)(99286003)(3660700001)(6306002)(102836003)(5660300001)(9686003)(110136004)(38730400002)(966004)(53376002)(54356999)(10290500002)(5630700001)(55016002)(50986999)(10090500001)(6916009)(2906002)(8676002)(33656002)(5640700003)(8936002)(77096006)(7906003)(5005710100001)(81166006)(1730700003)(189998001)(2900100001)(6506006)(25786009)(7736002)(2501003)(6436002)(606005)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR21MB0497; H:BN6PR21MB0500.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; A:1; MX:1; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BN6PR21MB0500BCCDEF248F5E6EB43E02F51B0BN6PR21MB0500namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2017 19:10:53.6384 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR21MB0497 Archived-At: Subject: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 19:11:01 -0000 --_000_BN6PR21MB0500BCCDEF248F5E6EB43E02F51B0BN6PR21MB0500namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable With the CBOR Web Token (CWT) specification nearing completion, which provides the CBOR equ= ivalent of JWTs, I thought that it was also time to introduce the CBOR equi= valent of RFC 7800, "Proof-of-Possessi= on Key Semantics for JSON Web Tokens (JWTs)", so that applications using CW= Ts will have a standard representation for proof-of-possession keys. I kno= w that PoP keys are important to ACE applic= ations, for instance. I therefore took RFC 7800 and produced the CBOR/CWT = equivalent of it. The specification is available at: * https://tools.ietf.org/html/draft-jones-ace-cwt-proof-of-possessi= on-00 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-jones-ace-cwt-proof-of-possess= ion-00.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=3D1673 and = as @selfissued. --_000_BN6PR21MB0500BCCDEF248F5E6EB43E02F51B0BN6PR21MB0500namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

With the CBOR Web Token (CWT) specification nearing completion, which provides t= he CBOR equivalent of JWTs, I thought that it was also time to introduce th= e CBOR equivalent of RFC 7800, “Proof-= of-Possession Key Semantics for JSON Web Tokens (JWTs)”, so that appl= ications using CWTs will have a standard representation for proof-of-posses= sion keys.  I know that PoP keys are important to ACE applications, for in= stance.  I therefore took RFC 7800 and produced the CBOR/CWT equivalen= t of it.

 

The specification is available at:

·         https://tools.ietf.org/html/draft-jo= nes-ace-cwt-proof-of-possession-00

 

An HTML-formatted version is also available at:=

·         http://self-issued.info/docs/d= raft-jones-ace-cwt-proof-of-possession-00.html

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;     -- Mike

 

P.S.  This notice was also posted at http://self-issued.info/?p=3D1673 and as @selfissued.

--_000_BN6PR21MB0500BCCDEF248F5E6EB43E02F51B0BN6PR21MB0500namp_-- From nobody Thu Apr 20 14:53:17 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B0EB1316D4 for ; Thu, 20 Apr 2017 14:53:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YocxxbSYFl_0 for ; Thu, 20 Apr 2017 14:53:13 -0700 (PDT) Received: from out0-236.mail.aliyun.com (out0-236.mail.aliyun.com [140.205.0.236]) by ietfa.amsl.com (Postfix) with ESMTP id 274F91316E9 for ; Thu, 20 Apr 2017 14:53:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1492725180; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=65ODZ2kT7b9vt1rUu0FmDpJzH7zlaBHl+87pObG/y3o=; b=IKMQTD/DtSgmfQpwPiUcQ1r87oWgtf8xC9sG4hGyUpaLyhYeCqBB6IUgX8SxkCEW1FUaXkyTjOV/mSCMXbfVTH5YCGJifwJgiAiO+RpyPUJUpK9qURDb0kjYcuLrVXrrpRJI260gadh/ndM37oyUJgm9g444BW6c5RI5weH9PTw= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R511e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03310; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=2; SR=0; TI=SMTPD_---.7zCmeYI_1492725171; Received: from 30.56.242.221(mailfrom:kepeng.lkp@alibaba-inc.com ip:121.0.29.194) by smtp.aliyun-inc.com(127.0.0.1); Fri, 21 Apr 2017 05:52:55 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Fri, 21 Apr 2017 05:52:49 +0800 From: "Kepeng Li" To: "ace@ietf.org" CC: Hannes Tschofenig Message-ID: Thread-Topic: [ace] WGLC on draft-ietf-ace-cbor-web-token Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Archived-At: Subject: [Ace] [ace] WGLC on draft-ietf-ace-cbor-web-token X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 21:53:15 -0000 In Chicago, it was decided that we were going to WGLC the ACE CBOR Web Token draft. So this starts a working group last call for draft-ietf-ace-cbor-web-token for submission as a Standards Track RFC, ending on 24:00 PDT on Tuesday, May 2, 2017. The specification is available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04 An HTML-formatted version is also available at: http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-04.html Thanks, Kind Regards Kepeng & Hannes From nobody Thu Apr 20 23:44:20 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EEFA12869B for ; Thu, 20 Apr 2017 23:44:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h7SA3XMXhmN0 for ; Thu, 20 Apr 2017 23:44:17 -0700 (PDT) Received: from se-out1.mx-wecloud.net (se-out1.mx-wecloud.net [89.221.255.93]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D42FA12942F for ; Thu, 20 Apr 2017 23:44:16 -0700 (PDT) Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out1.mx-wecloud.net (Postfix) with ESMTPS id 2200B201D4B for ; Fri, 21 Apr 2017 06:44:13 +0000 (UTC) Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Fri, 21 Apr 2017 08:44:14 +0200 To: References: From: Ludwig Seitz Message-ID: Date: Fri, 21 Apr 2017 08:44:13 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.116.0.226] X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.2 cv=e692ceh/ c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=N659UExz7-8A:10 a=AzvcPWV-tVgA:10 a=48vgC7mUAAAA:8 a=BKROngbZntV7ba0Lf3wA:9 a=pILNOxqGKmIA:10 a=w1C3t2QeGrPiZgrLijVG:22 X-Virus-Scanned: clamav-milter 0.99.2 at MailSecurity X-Virus-Status: Clean X-MailSecurity-Status: 0 X-Scanned-By: WeCloud MailSecurity X-MailSecurity-Score: 0 Archived-At: Subject: Re: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 06:44:19 -0000 On 2017-04-20 21:10, Mike Jones wrote: > With the CBOR Web Token (CWT) > > specification nearing completion, which provides the CBOR equivalent of > JWTs, I thought that it was also time to introduce the CBOR equivalent > of RFC 7800 , “Proof-of-Possession > Key Semantics for JSON Web Tokens (JWTs)”, so that applications using > CWTs will have a standard representation for proof-of-possession keys. > I know that PoP keys are important to ACE > applications, for instance. I > therefore took RFC 7800 and produced the CBOR/CWT equivalent of it. > Hello Mike, I like your idea, actually I like it so much that I already did the same thing in draft-ietf-ace-oauth-authz some time ago. I have no strong opinion about separating that part out into a separate document, and I think our two texts look relatively similar. I do however have concerns if this means delaying the progress of draft-ietf-ace-oauth-authz by introducing a normative dependency on a "younger" draft. What does the WG think? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 From nobody Thu Apr 20 23:57:48 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1DB4126C83 for ; Thu, 20 Apr 2017 23:57:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.501 X-Spam-Level: X-Spam-Status: No, score=-3.501 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VANMx4OCs4_Z for ; Thu, 20 Apr 2017 23:57:46 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29D6612869B for ; Thu, 20 Apr 2017 23:57:45 -0700 (PDT) Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0M85r3-1c5w2w1p4L-00vhUW for ; Fri, 21 Apr 2017 08:57:43 +0200 To: "Ace@ietf.org" From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Message-ID: <93ad2fb6-4910-5a17-71bb-b87c647fcc09@gmx.net> Date: Fri, 21 Apr 2017 08:57:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6rtSklwnbnHXN9InnOOg0EAd8eCmvpbcj" X-Provags-ID: V03:K0:mL/tOQMpZd4BzDwVGTNtKBXX3Zio7RM/8CjfMWm4Lrf8tqlGUvT BdFlSjdRNF64KJGyvBZ5oQEhfUdVXcRxiUJvudDNs8EpBw85sdcYoqSPSHWaG5Y8JVX0bHC h4wJjw3G074JOCfpZp2/Ou0a8DFvhA5NP/KU5gKOD+uKIeHsLeMGnITaxhuJGKg9AIiwNFf 6Ow6cXu6W3ph+qKAJITmQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:x3GiPCf+d9w=:PX5KV4l1jHs6u+uN3rvgce DXTc1Y9gdsVRSKOOYxAWH63rP+TIljrNJSWzHPc6VQaHKrISHJeCKJ8xDQBppFSKJOgwcVnXV 3D8sI/bbi2Sg+2i942bw6nI1aIPyEYpWTiU3HQn071UNbhIjhimboq590jYevs4JcK3+4+uvQ hE4sfLnfgQFH4ahTO0qbJOZ45jH34U5kG1A7BY3ROm0iLeuxIFVhOCk8QUvsEQAgBp6zDIT19 A7pquu4wp6O/5q33eUahW100SGxf2LJnPtHQ1z8sqNX/XfILsFpTKuNe+ILjarnOgsIp0AgsR Q7ppKST4w4yX3NpaoIU41ae3b5eaFM0phLKTmRwu5flG1RpvjJGhL1OoGRrxmaLPrz2Op10Ag bQ5kFbUkC58EFjYeFVwKAncDcn6yarJMPP0GFsUoAAnMx2KJSBUnIB5TBooZ6edC+6z2bsAn0 2fW3Poez1VxuHiBgklPdH4S1jIquHM/4BqeHJkCjOzh+aVAToSFm1gIGbhhIv8k7fTujLhZld 07XFeYX8i8+9C7Nr+ltwQGZEvhMaGfsKDldUnm8SkozNiS484WBMBojssNK4qyuiPw+rBB/gg AOZjiIWEdrfvNOUCS98Eql36xUUfS4lPbjq+W7okbHu3IHc8WC4VKn8GVBuCI9KEkbngplVbG tbXrdBao4G+bmnjHICEQ99Pc7AD3uowobddPV+vIjRKGcGlvHj7GPvHnZ5NiN7FpmadJLWrFX fVdxoNo9lsH1QERyZmvwGFMgLYux4T8aIlBsgvaViDEzwo3PI8MS7oF+haA= Archived-At: Subject: [Ace] IoT Week 2017 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 06:57:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6rtSklwnbnHXN9InnOOg0EAd8eCmvpbcj Content-Type: multipart/mixed; boundary="QTbKP2ux7eeGVjwestk2wcag4dWDT8jrs"; protected-headers="v1" From: Hannes Tschofenig To: "Ace@ietf.org" Message-ID: <93ad2fb6-4910-5a17-71bb-b87c647fcc09@gmx.net> Subject: IoT Week 2017 --QTbKP2ux7eeGVjwestk2wcag4dWDT8jrs Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi all, if you happen to attend the IoT Week 2017 in Geneva (June 6-9 2017) and would be interested to talk about recent developments in the ACE working group please let Kepeng and myself know. Ciao Hannes --QTbKP2ux7eeGVjwestk2wcag4dWDT8jrs-- --6rtSklwnbnHXN9InnOOg0EAd8eCmvpbcj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJY+a1mAAoJEGhJURNOOiAtFaUIAKCyAEYV8ij39umMpwH8HVBa ucnEg8KKuyK7UkYFQ71+D1TuuRQR74fTEuLb5jWyFJdd3C4OwnkaEC9n6qz/WVfM CIUwD+qkrn486kaYC6keRgz/MwiQYs0Lr2gpvCQTwR6VyExaw7m3NUvhfJ6mAmj4 f37rhgbnr/XylgyIAKzVr4sivAwCtBYph+H92CdaH/uh7DWGCHUEXPbtyBY6Oz81 Z5kZHoNKkLhwCKGrC/VEm3q4iYz1vyj1mGMc3jSZLiMMKnNM/PY/WMFQ5eno+xKy AoYMoF+B6UGHCn4lBd69onYm/EA//RF9f2BqEuK2+ONH3WbkmCIAP0EKBS7TOjg= =X3xO -----END PGP SIGNATURE----- --6rtSklwnbnHXN9InnOOg0EAd8eCmvpbcj-- From nobody Fri Apr 21 00:57:04 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AFA1294F4 for ; Fri, 21 Apr 2017 00:57:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.9 X-Spam-Level: X-Spam-Status: No, score=-4.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-W9CO86DDw4 for ; Fri, 21 Apr 2017 00:57:01 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18CE2129440 for ; Fri, 21 Apr 2017 00:57:00 -0700 (PDT) Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LikQP-1cQl6d3BMb-00cx7H for ; Fri, 21 Apr 2017 09:56:58 +0200 To: "Ace@ietf.org" From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Message-ID: <12de9bde-cba6-7ff1-5490-e4fb232c5c55@gmx.net> Date: Fri, 21 Apr 2017 09:56:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="W019oHHpq0umRhRrqECr5dGA7sMgpvCAR" X-Provags-ID: V03:K0:WnkvYVk5pVj+eAfEF1W/vBqMSRMkuM67Tb8xyq3EfmWRs9ap12W HPi1GDwUIy+0jQDDQIsMJqa5RNWpXAZbQVIgKRjwugKE+6wxrD2+tfyRsIb4/nkUXUDNdE7 fh3ePyTcZwHMK3hcouUa63T0yVzAO8rDelYdRM87BicqEmS0qJ94ieOn1ZsuiAwNBoEzDBs g3pTgCArxOaX6p43vD76A== X-UI-Out-Filterresults: notjunk:1;V01:K0:oj7lPNF+ZHs=:Ag1384V92WH5sX8VsLV/dR JLWAhPHU4roI+G7TfEBS7TRq/Umjr7k6KMlTNG3fO3FrqZbz1gALmA3Xzcg3bsdo03qdIHEHP bDn/o92up/cuUc677gYhGcjq/s5guGvtYjukfJCk/uWvBXi0xP/hO3PlVGC9lHrewHr54pDgB GTVvDbkQfSMvgo8DuGnGMUPVyKElO+adQ0hq7OEFrJ5mQzYnZp0EQ5V8tb98519mnu/f3B3t2 VqZOhb2clyeywgNPITQktf5u45n3ltwmF2lwMbBinbKd4EoG43ZymK+b7Usqs0hWO10PQxyWq JleCj3usMMC3zgPpjAu2zzyzm77RZo2MILEprh/TUqaa8PC6KE6Mmfug1aa1Pe/k6sxvJVQgA 0Uj5TaOAJyH1wNb7IlV2rVtMI3/TIGSipcqvts/pabiz4hG2Vpn2R2pnxRXWsVhk+wv71A2oT zYn44o5gjkqoxUTptKLunuQBiC4zg+JqiXkMUafWUDy6E+rVPd3MdH6hjgu35tpS3O3uUnAXl WFOw/MmT8sgGSbNq3agctY0Ptgj4ggD3lRPwhsVsTHc9J6ItY98y7DR0y47n3ytAPTarbu8v1 hlEiWFoahAIHGM+teQFikWABC2FLoye4+fsMUN2KKIpWRiiISOP0wDB21ffzcbNkGnmaDZLvB e/qNQkhAbMia/M5IMes39qBHv3S6hYO4tiPLAaIfa5K9fEThXzAzSEb972g1GtKc7npIDAeTk H58ATDjaaLfMFs+3xjKSNbwiqyeMB5dDvHDTRMJq4pIRG98Rr6T+yMa5iSc= Archived-At: Subject: [Ace] CWT and PoP Tokens X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 07:57:03 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --W019oHHpq0umRhRrqECr5dGA7sMgpvCAR Content-Type: multipart/mixed; boundary="EcbxtgrJrJg8cV9NpH85UoMngAR0huL4n"; protected-headers="v1" From: Hannes Tschofenig To: "Ace@ietf.org" Message-ID: <12de9bde-cba6-7ff1-5490-e4fb232c5c55@gmx.net> Subject: CWT and PoP Tokens --EcbxtgrJrJg8cV9NpH85UoMngAR0huL4n Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi all, with the CWT in WGLC (see https://www.ietf.org/mail-archive/web/ace/current/msg02190.html) a question arises about the desired content of the spec. In ACE we have been focused on the use of use of proof-of-possession tokens. Currently, the worksplit between the the CWT and the ACE framework spec is as follows: * the CWT spec maps some of the JWT claims to CBOR but does not contain anything regarding PoP tokens. * the ACE framework provides the PoP-related components (see https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-06#section-5.5.4.5= ). Now, the question to the group is whether they are happy with this split. Another option would be to include the cnf claims needed for the PoP token functionality already in the CWT spec. Thoughts? Ciao Hannes --EcbxtgrJrJg8cV9NpH85UoMngAR0huL4n-- --W019oHHpq0umRhRrqECr5dGA7sMgpvCAR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJY+btJAAoJEGhJURNOOiAtyZIH/2bYnusmXGPPQhl1eEdxP6vm Oh6CSB273K/vzF69MO4h/+95yBjWdBr7bX7dL8WtZXXk2OnmL/0Om5+PB3Vowub8 EiPSSr96oq3KqiximmWlr9cJcjBytKrAicGdEZPT6Th370FhFW9PfIufG+C8s23Y +blZf747HuNjBSEGL01oGctdV3+iOWoDetugQ5+J2mN1QIgqHkUUkSc3jtSfu0OG d43YMdzmtNacM1a+OX1CCX5BxRRCHPcKmPgL7kKPlf74FPPpLE/hQNUwm0PEBad2 8W+EdfrcLiGAraSjj296DJyZkyeD/PKdS2WBCu6qJ7nLNoaRONCas3pDLyik/Kg= =HJfJ -----END PGP SIGNATURE----- --W019oHHpq0umRhRrqECr5dGA7sMgpvCAR-- From nobody Fri Apr 21 01:33:25 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE81129AC5 for ; Fri, 21 Apr 2017 01:33:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m3_pP6xwPjy0 for ; Fri, 21 Apr 2017 01:33:22 -0700 (PDT) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B851294F4 for ; Fri, 21 Apr 2017 01:33:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v3L8XGXD001250; Fri, 21 Apr 2017 10:33:16 +0200 (CEST) Received: from [192.168.217.124] (p5DC7F3A7.dip0.t-ipconnect.de [93.199.243.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3w8TXD5vtnzDHkx; Fri, 21 Apr 2017 10:33:16 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_82BA9407-3C97-413B-AB16-5F0053123AF4"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Carsten Bormann In-Reply-To: <12de9bde-cba6-7ff1-5490-e4fb232c5c55@gmx.net> Date: Fri, 21 Apr 2017 10:33:14 +0200 Cc: "Ace@ietf.org" X-Mao-Original-Outgoing-Id: 514456394.049893-4fb52bb8494d37d265da7e7f3dddb1ba Message-Id: <4867B399-A479-4B06-AE9C-BDF309CE5A8B@tzi.org> References: <12de9bde-cba6-7ff1-5490-e4fb232c5c55@gmx.net> To: Hannes Tschofenig X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [Ace] CWT and PoP Tokens X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 08:33:24 -0000 --Apple-Mail=_82BA9407-3C97-413B-AB16-5F0053123AF4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On Apr 21, 2017, at 09:56, Hannes Tschofenig = wrote: >=20 > * the CWT spec maps some of the JWT claims to CBOR but does not = contain > anything regarding PoP tokens. > * the ACE framework provides the PoP-related components (see > = https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-06#section-5.5.4.5)= . >=20 > Now, the question to the group is whether they are happy with this > split. Another option would be to include the cnf claims needed for = the > PoP token functionality already in the CWT spec. Probably, the =E2=80=9Ccnf=E2=80=9D claims attain their actual meaning = through the framework. It will be hard to do a framework-independent definition of those in the = CWT spec. So I am very happy with that split. Gr=C3=BC=C3=9Fe, Carsten --Apple-Mail=_82BA9407-3C97-413B-AB16-5F0053123AF4 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJY+cPKAAoJEFZLHJw0+dPbIf0QALRT3qgqihxbBc3K8uXK7+3e 4wglg58+Tctiu2RAnZZccB+z7ZfaUnVGpYeRAuhiUS4LeMzWOfyI49xts/XPhhuk rNJWAsAjywxcb8mFtgyyXMMjHzlzjW6nozHIfm+3ciXHxANsljZMTS40z0V/kXSM qrSAkp4OkDFfxxE7tXxhzWj4KuZOy7bTFRIVp3jVJjW5iSBS4cNn+e3y02B1r26T ZCpqCQ3P6b5QIRV5dLQEEJOFN0Ntjds93V1HNUe8TlJeGJJCxJ2aDkjGAXyAbpaS JNc71F1zG70Rqnl3oNrmDmfAczHriMfvAf9wKPyPUzmoZg+aMzJg0Gv1k96W2Jms 6NrV9/CvmnkeEkHwbCrU68vN0tMkr3nqHCYlOdrLGGD8k7vIMxkCxngJ1OkoEuyb zzTB/YzbkLI9Bw2R2SRr7BsxZS9R7FBi5979SyPfZYP47l9pXeFnk00HqfWhlLVh /c+TuE3LVWzqeOBWVbYnB39qGlcb0TRRJhSorFbLpFCXwJS+qReXomoQa2CDfbin BdcUUhqxGzx+WwIe+bFmyI72E+R64zM7DG+xCCabILWVhjvwuku0m0HIY/fH/Cyi 2nCxCp2hGchr4lw2OGy6vQEyTMmmfXM4Ro0W0j6VC8k2NumogqQY3LtW0hJwHn5f ncJAKyyNeCR79fiRY4kk =msyb -----END PGP SIGNATURE----- --Apple-Mail=_82BA9407-3C97-413B-AB16-5F0053123AF4-- From nobody Fri Apr 21 09:46:19 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEAAF128B88 for ; Fri, 21 Apr 2017 09:46:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keMh6hZMSi24 for ; Fri, 21 Apr 2017 09:46:11 -0700 (PDT) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0104.outbound.protection.outlook.com [104.47.42.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C40C6129A92 for ; Fri, 21 Apr 2017 09:46:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=reJzzWulOKJ/Tm5AHw2NGUhRhWPYU3i2c7iD+4jtSkE=; b=E48jURwfN21jYkrdX/ZCie578sldJBZnuMdxumH2nHONUp4cNsGkLo1risZS1Q3p5Vo1OqRQ3GEfKMS0lpru4Edf1DWGA5zm8X7IHMYBbDitl0ILjN4ckS9TODrIrOfkGTuny1bpBXzLpV0t15z2X+0s5zVEIFyU6SHjkiZXUQg= Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0501.namprd21.prod.outlook.com (10.172.122.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.4; Fri, 21 Apr 2017 16:46:10 +0000 Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1061.003; Fri, 21 Apr 2017 16:46:10 +0000 From: Mike Jones To: Ludwig Seitz , "ace@ietf.org" Thread-Topic: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) Thread-Index: AdK6Bb2+fFzDaH8tQi+ibomgYAgxlwAZPJOAABPQQTA= Date: Fri, 21 Apr 2017 16:46:10 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetBy=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-04-21T09:46:08.6024459-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General authentication-results: ri.se; dkim=none (message not signed) header.d=none;ri.se; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [50.47.93.167] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0501; 7:OuWdTSQcn5XMDFDFz3a0sbX4SFC5rvgirMCHFbkh0KN91kn1I+bc2I73kP8DjZBitXkRAypOojLOwRGw7A5BBg59w1N/T0p9s4SEE7yiATmH8xTlUDDAc7lrVvLNEDGeYl8gX+whOrIFHdlLVtj/6XzvjZhYYNAfLDHvdJ+Wx0+pmL2DhDDVO3/c630bjof+sNmgy8+xNbD7h8GAD7DC4hslGI+qPDa84ryvNL+rhO1rMP0bcoQVdL9+/pVt9iNPfnZx9MDEirjnzJ9fc7H0XsgDfp+e66n4g98rxiIz+Xz7DMN3q80u/WWKGPyN5CsJTGxVY903c7TIpHeYMKop+d0S21I8RMNsc1edgAGkCgM= x-ms-office365-filtering-correlation-id: e591cafa-db9b-4c46-8fee-08d488d5ea80 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR21MB0501; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123558054)(201703131423075)(201702281528075)(201703061421075)(201703061406107)(20161123562025)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR21MB0501; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0501; x-forefront-prvs: 02843AA9E0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39400400002)(39410400002)(39840400002)(39860400002)(39450400003)(39850400002)(377424004)(377454003)(13464003)(24454002)(51444003)(8936002)(33656002)(5660300001)(25786009)(74316002)(7906003)(53546009)(7736002)(6306002)(99286003)(55016002)(54356999)(2906002)(50986999)(76176999)(3846002)(8676002)(6506006)(102836003)(189998001)(2900100001)(6116002)(790700001)(81166006)(3660700001)(77096006)(86362001)(10290500002)(229853002)(122556002)(5005710100001)(10090500001)(54896002)(230783001)(606005)(6436002)(66066001)(7696004)(38730400002)(53936002)(9686003)(236005)(3280700002)(2950100002)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0501; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504C9947B152801E71EBE84F51A0CY4PR21MB0504namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2017 16:46:10.8467 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0501 Archived-At: Subject: Re: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 16:46:19 -0000 --_000_CY4PR21MB0504C9947B152801E71EBE84F51A0CY4PR21MB0504namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Ludwig. Thanks for your note. The background of me writing this draft is that I both knew of non-ACE CWT = applications that need PoP keys as well as knowing that ACE needs them. Wi= th CWT nearing completion, I wanted to make sure that we'd have the "cnf" c= laim ready to go both for ACE and other applications in a similar timeframe= . So I'd decided a few weeks ago to do a straight port of RFC 7800 into th= e CBOR/CWT world. I'll say up front that Hannes mentioned that there was some "cnf" content i= n the ACE OAuth profile draft. If for no other reason than for the working = group to have it as reference to compare to, I decided to proceed with the = CWT version of RFC 7800, which is what I published. I took almost all of t= he text straight from RFC 7800 and a few sentences in the IANA Consideratio= ns section from CWT. Comparing the "cnf" content in https://tools.ietf.org/html/draft-ietf-ace-o= auth-authz-06 with the RFC 7800 port, I found that we independently made si= milar choices, which is great. There are a few things missing in ace-oauth= -authz, such as the registry language tying the claims to the equivalent JW= T claims and the security considerations. I believe those would be necessa= ry to complete the work. ace-oauth-authz also contains some restrictions o= n PoP key usage that I believe for the general "cnf" definition, we don't w= ant to and can't make. My sense is that we could get the straight RFC 7800 port adopted and approv= ed as an RFC within this calendar year - likely in a similar timeframe to w= hen CWT becomes an RFC. I think we should make that a goal, both for ACE a= nd for non-ACE CWT applications needing PoP. I say that because the IESG h= as already approved exactly this document, modulo syntax changes from JSON = to CBOR. I think that we could adopt this, go straight to WGLC, and see it= finished with or soon after CWT is. I know that, per the minutes https://www.ietf.org/proceedings/98/minutes/mi= nutes-98-ace-00, people didn't feel that the ace-oauth-authz was ready for = WGLC. My sense is that because it's diverged from OAuth in some important = ways (which I understand the reasons for), the WGLC, IETF last call, and IE= SG processes to approve it will be a lot more involved than those that it w= ould take to approve the RFC 7800 port. I say that because we'll have to j= ustify all the decisions in a new security protocol both to the working gro= up and also to SECDIR, GENART, OPSDIR, the IETF reviewers, and the IESG. F= rom experience, I know that they're thorough. ;-) I'll say up front, that I'd be glad to add you as a co-editor of the RFC 78= 00 port, Ludwig, both to acknowledge the good work you've already put in on= the topic, and so you can help keep me honest in moving this forward exped= itiously. Would you be open to that possibility? Best wishes, -- Mike -----Original Message----- From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Ludwig Seitz Sent: Thursday, April 20, 2017 11:44 PM To: ace@ietf.org Subject: Re: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (C= WTs) On 2017-04-20 21:10, Mike Jones wrote: > With the CBOR Web Token (CWT) > > specification nearing completion, which provides the CBOR equivalent > of JWTs, I thought that it was also time to introduce the CBOR > equivalent of RFC 7800 , > "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)", so > that applications using CWTs will have a standard representation for proo= f-of-possession keys. > I know that PoP keys are important to ACE > applications, for instance. I > therefore took RFC 7800 and produced the CBOR/CWT equivalent of it. > Hello Mike, I like your idea, actually I like it so much that I already did the same th= ing in draft-ietf-ace-oauth-authz some time ago. I have no strong opinion about separating that part out into a separate doc= ument, and I think our two texts look relatively similar. I do however have= concerns if this means delaying the progress of draft-ietf-ace-oauth-authz= by introducing a normative dependency on a "younger" draft. What does the WG think? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace --_000_CY4PR21MB0504C9947B152801E71EBE84F51A0CY4PR21MB0504namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Ludwig.  Thanks for your note.=

 

The background of me writing this draft is that I= both knew of non-ACE CWT applications that need PoP keys as well as knowin= g that ACE needs them.  With CWT nearing completion, I wanted to make = sure that we’d have the “cnf” claim ready to go both for ACE and other applications in a similar timeframe.  So= I’d decided a few weeks ago to do a straight port of RFC 7800 into t= he CBOR/CWT world.

 

I’ll say up front that Hannes mentioned tha= t there was some “cnf” content in the ACE OAuth profile draft. = If for no other reason than for the working group to have it as reference t= o compare to, I decided to proceed with the CWT version of RFC 7800, which is what I published.  I took almost all of the tex= t straight from RFC 7800 and a few sentences in the IANA Considerations sec= tion from CWT.

 =

Comp= aring the “cnf” content in https://tools.ietf.org/html/= draft-ietf-ace-oauth-authz-06 with the RFC 7800 port, I found that we independently made similar choices= , which is great.  There are a few things missing in ace-oauth-authz, = such as the registry language tying the claims to the equivalent JWT claims= and the security considerations.  I believe those would be necessary to complete the work.  ace-oauth-aut= hz also contains some restrictions on PoP key usage that I believe for the = general “cnf” definition, we don’t want to and can’= t make.

 

My s= ense is that we could get the straight RFC 7800 port adopted and approved a= s an RFC within this calendar year – likely in a similar timeframe to= when CWT becomes an RFC.  I think we should make that a goal, both for ACE and for non-ACE CWT applications needing Po= P.  I say that because the IESG has already approved exactly this docu= ment, modulo syntax changes from JSON to CBOR.  I think that we could = adopt this, go straight to WGLC, and see it finished with or soon after CWT is.

 

I kn= ow that, per the minutes https://www.ietf.org/pro= ceedings/98/minutes/minutes-98-ace-00, people didn’t feel that the ace-oauth-authz was ready for WGLC. = ; My sense is that because it’s diverged from OAuth in some important= ways (which I understand the reasons for), the WGLC, IETF last call, and I= ESG processes to approve it will be a lot more involved than those that it would take to approve the RFC 7800 port.  I say th= at because we’ll have to justify all the decisions in a new security = protocol both to the working group and also to SECDIR, GENART, OPSDIR, the = IETF reviewers, and the IESG.  From experience, I know that they’re thorough. ;-)

 

I= 217;ll say up front, that I’d be glad to add you as a co-editor of th= e RFC 7800 port, Ludwig, both to acknowledge the good work you’ve alr= eady put in on the topic, and so you can help keep me honest in moving this forward expeditiously.  Would you be open to th= at possibility?

 

&nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;    Best wishes,

&nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;    -- Mike

 

-----Original Message-----
From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Ludwig Seitz
Sent: Thursday, April 20, 2017 11:44 PM
To: ace@ietf.org
Subject: Re: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (C= WTs)

 

On 2017-04-20 21:10, Mike Jones wrote:=

> With the CBOR Web Token (CWT)

> <https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token>

> specification nearing completion, which prov= ides the CBOR equivalent

> of JWTs, I thought that it was also time to = introduce the CBOR

> equivalent of RFC 7800 <https://tools.ietf.org/html/rfc7800>,

> “Proof-of-Possession Key Semantics for= JSON Web Tokens (JWTs)”, so

> that applications using CWTs will have a sta= ndard representation for proof-of-possession keys.

> I know that PoP keys are important to ACE

> <https://tools.ietf= .org/wg/ace/> applications, for instance.  I

> therefore took RFC 7800 and produced the CBO= R/CWT equivalent of it.

> 

 

Hello Mike,

 

 

I like your idea, actually I like it so much that= I already did the same thing in draft-ietf-ace-oauth-authz some time ago.<= o:p>

 

I have no strong opinion about separating that pa= rt out into a separate document, and I think our two texts look relatively = similar. I do however have concerns if this means delaying the progress of = draft-ietf-ace-oauth-authz by introducing a normative dependency on a "younger" draft.

 

What does the WG think?

 

 

/Ludwig

 

 

 

 

 

--

Ludwig Seitz, PhD

Security Lab, RISE SICS

Phone +46(0)70-349 92 51

 

_______________________________________________

Ace mailing list

Ace@ietf.org

https://www.ietf= .org/mailman/listinfo/ace

--_000_CY4PR21MB0504C9947B152801E71EBE84F51A0CY4PR21MB0504namp_-- From nobody Fri Apr 21 09:53:12 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CEFB129A92 for ; Fri, 21 Apr 2017 09:53:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.79 X-Spam-Level: X-Spam-Status: No, score=-4.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svtsLDyanfq6 for ; Fri, 21 Apr 2017 09:53:07 -0700 (PDT) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0138.outbound.protection.outlook.com [104.47.33.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E841E127871 for ; Fri, 21 Apr 2017 09:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IarOKTUMWUH11G32R1TJNdCHBkMQE6FdoPBPDrekDGo=; b=UXpzuBrftVdh2pgmHtw5fjD2wM+pvALfpZ8ioh6oj1kGPgWfa1Vwzgy2RDNwMiFlsTvY5CHkgAchaxC3qq+PhMc5H768DcFCBvoGAq9VCImHvrN3WAKt3KOc0VhmD9mgvxvXvmJU99ggxOIzUsxRtN6O13ANbonIoPK66/SOPAI= Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0503.namprd21.prod.outlook.com (10.172.122.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.4; Fri, 21 Apr 2017 16:53:04 +0000 Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1061.003; Fri, 21 Apr 2017 16:53:04 +0000 From: Mike Jones To: Carsten Bormann , Hannes Tschofenig CC: "Ace@ietf.org" Thread-Topic: [Ace] CWT and PoP Tokens Thread-Index: AQHSunTg8/tjCCMFYEqZoEtihCdRUqHPfusAgACKDhA= Date: Fri, 21 Apr 2017 16:53:04 +0000 Message-ID: References: <12de9bde-cba6-7ff1-5490-e4fb232c5c55@gmx.net> <4867B399-A479-4B06-AE9C-BDF309CE5A8B@tzi.org> In-Reply-To: <4867B399-A479-4B06-AE9C-BDF309CE5A8B@tzi.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetBy=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-04-21T09:53:02.6176722-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [50.47.93.167] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0503; 7:Rf5sGvERRecN/yJKzSfF7yuUAaypu9x7LgC6f8glJ1eRbYbD/kCPfWFz9nlLzwNIaUn34UCq6SK7eq004mjkamWQ6nyFQgQwUmnMmZkyvH1NP+J9E6JucUK8CxPMMQavFqD3KIc0MWdah9MeraTXa53UbDoBq9kmuLtMY64ByGys+k60HALmg0x39ZsQXRXTxSAhofzBBbm5X0Cjaptnrv5mQFaGJQGMNWFZTcJ20UHBpBTFhbJXKQFM4LMyIgQlDuu17VU/SiW7RNCFXlNOohm6muHy79Wv0hRyXwfodXqv00BaDDLjpZ18TlmYV1FhpiGSeLvyI2aryPP1+c91t013HXRbGvcO7iaAvTdRr2M= x-ms-office365-filtering-correlation-id: e4f7759d-6c32-456f-35d0-08d488d6e11b x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR21MB0503; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(248736688235697)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123558054)(201703131423075)(201702281528075)(201703061421075)(201703061406107)(20161123562025)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR21MB0503; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0503; x-forefront-prvs: 02843AA9E0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400002)(39410400002)(39400400002)(39450400003)(39840400002)(39860400002)(377454003)(24454002)(13464003)(6246003)(5660300001)(3846002)(66066001)(6436002)(2900100001)(606005)(4326008)(8676002)(81166006)(8936002)(6116002)(25786009)(790700001)(102836003)(38730400002)(7696004)(122556002)(86362001)(53546009)(2906002)(99286003)(55016002)(10290500002)(76176999)(54356999)(9686003)(50986999)(236005)(6506006)(74316002)(7906003)(77096006)(53936002)(3660700001)(229853002)(5005710100001)(33656002)(6306002)(189998001)(54896002)(10090500001)(2950100002)(3280700002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0503; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY4PR21MB05043F6918C2E0AC4844F744F51A0CY4PR21MB0504namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2017 16:53:04.5547 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0503 Archived-At: Subject: Re: [Ace] CWT and PoP Tokens X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 16:53:09 -0000 --_000_CY4PR21MB05043F6918C2E0AC4844F744F51A0CY4PR21MB0504namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U2VlIHRoZSByZXBseSB0aGF0IEkganVzdCBzZW50IHRvIEx1ZHdpZy4gIEkgYmVsaWV2ZSB0aGF0 IHdlIGNvdWxkIGdldCBhIHN0cmFpZ2h0IFJGQyA3ODAwICjigJxjbmbigJ0gY2xhaW0pIHBvcnQg ZG9uZSBhcyBhbiBSRkMgYXQgdGhlIHNhbWUgdGltZSBvciBzb29uIGFmdGVyIENXVCBiZWNvbWVz IGFuIFJGQy4gIEFDRSBuZWVkcyBQb1Aga2V5cyBhbmQgb3RoZXIgYXBwbGljYXRpb25zIGRvIHRv bywgYW5kIHdlIHNob3VsZCB0cnkgdG8gcHJvdmlkZSB0aGVtIGV4cGVkaXRpb3VzbHkuICBJIGlu dml0ZWQgTHVkd2lnIHRvIGJlIGEgY28tZWRpdG9yIG9uIHRoZSBzdHJhaWdodCBwb3J0IHdpdGgg bWUgdG8gaGVscCBtYWtlIHN1cmUgd2UgbW92ZSBpdCBmb3J3YXJkIHByb21wdGx5Lg0KDQoNCg0K ZHJhZnQtaWV0Zi1hY2Utb2F1dGgtYXV0aHogY291bGQgdGhlbiBwcm9maWxlIHRoZSBSRkMgNzgw MCBwb3J0IGJ5IHNheWluZyBob3cgaXQgdXNlcyB0aGUgZ2VuZXJhbCBjb25maXJtYXRpb24gc3lu dGF4ICh0aGlzIHByb2ZpbGluZyB0ZXh0IGFscmVhZHkgZXhpc3RzKS4NCg0KDQoNCldvdWxkIHRo YXQgd29yayBmb3IgcGVvcGxlPw0KDQoNCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIEJlc3Qgd2lzaGVzLA0KDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gTWlrZQ0KDQoNCg0KLS0t LS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IEFjZSBbbWFpbHRvOmFjZS1ib3VuY2VzQGll dGYub3JnXSBPbiBCZWhhbGYgT2YgQ2Fyc3RlbiBCb3JtYW5uDQpTZW50OiBGcmlkYXksIEFwcmls IDIxLCAyMDE3IDE6MzMgQU0NClRvOiBIYW5uZXMgVHNjaG9mZW5pZyA8aGFubmVzLnRzY2hvZmVu aWdAZ214Lm5ldD4NCkNjOiBBY2VAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbQWNlXSBDV1QgYW5k IFBvUCBUb2tlbnMNCg0KDQoNCk9uIEFwciAyMSwgMjAxNywgYXQgMDk6NTYsIEhhbm5lcyBUc2No b2ZlbmlnIDxoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0PG1haWx0bzpoYW5uZXMudHNjaG9mZW5p Z0BnbXgubmV0Pj4gd3JvdGU6DQoNCj4NCg0KPiAqIHRoZSBDV1Qgc3BlYyBtYXBzIHNvbWUgb2Yg dGhlIEpXVCBjbGFpbXMgdG8gQ0JPUiBidXQgZG9lcyBub3QNCg0KPiBjb250YWluIGFueXRoaW5n IHJlZ2FyZGluZyBQb1AgdG9rZW5zLg0KDQo+ICogdGhlIEFDRSBmcmFtZXdvcmsgcHJvdmlkZXMg dGhlIFBvUC1yZWxhdGVkIGNvbXBvbmVudHMgKHNlZQ0KDQo+IGh0dHBzOi8vdG9vbHMuaWV0Zi5v cmcvaHRtbC9kcmFmdC1pZXRmLWFjZS1vYXV0aC1hdXRoei0wNiNzZWN0aW9uLTUuNS40LjUpLg0K DQo+DQoNCj4gTm93LCB0aGUgcXVlc3Rpb24gdG8gdGhlIGdyb3VwIGlzIHdoZXRoZXIgdGhleSBh cmUgaGFwcHkgd2l0aCB0aGlzDQoNCj4gc3BsaXQuIEFub3RoZXIgb3B0aW9uIHdvdWxkIGJlIHRv IGluY2x1ZGUgdGhlIGNuZiBjbGFpbXMgbmVlZGVkIGZvcg0KDQo+IHRoZSBQb1AgdG9rZW4gZnVu Y3Rpb25hbGl0eSBhbHJlYWR5IGluIHRoZSBDV1Qgc3BlYy4NCg0KDQoNClByb2JhYmx5LCB0aGUg 4oCcY25m4oCdIGNsYWltcyBhdHRhaW4gdGhlaXIgYWN0dWFsIG1lYW5pbmcgdGhyb3VnaCB0aGUg ZnJhbWV3b3JrLg0KDQpJdCB3aWxsIGJlIGhhcmQgdG8gZG8gYSBmcmFtZXdvcmstaW5kZXBlbmRl bnQgZGVmaW5pdGlvbiBvZiB0aG9zZSBpbiB0aGUgQ1dUIHNwZWMuDQoNClNvIEkgYW0gdmVyeSBo YXBweSB3aXRoIHRoYXQgc3BsaXQuDQoNCg0KDQpHcsO8w59lLCBDYXJzdGVuDQoNCg0K --_000_CY4PR21MB05043F6918C2E0AC4844F744F51A0CY4PR21MB0504namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFpblRleHQsIGxp Lk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJn aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLlBsYWluVGV4dENoYXINCgl7bXNvLXN0eWxlLW5hbWU6 IlBsYWluIFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1s aW5rOiJQbGFpbiBUZXh0IjsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQou TXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVp biAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2Vj dGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28g OV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+ DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5 b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9v OnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4t VVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0 aW9uMSI+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5TZWUgdGhlIHJlcGx5IHRoYXQgSSBqdXN0 IHNlbnQgdG8gTHVkd2lnLiZuYnNwOyBJIGJlbGlldmUgdGhhdCB3ZSBjb3VsZCBnZXQgYSBzdHJh aWdodCBSRkMgNzgwMCAo4oCcY25m4oCdIGNsYWltKSBwb3J0IGRvbmUgYXMgYW4gUkZDIGF0IHRo ZSBzYW1lIHRpbWUgb3Igc29vbiBhZnRlciBDV1QgYmVjb21lcyBhbiBSRkMuJm5ic3A7IEFDRSBu ZWVkcyBQb1Aga2V5cyBhbmQgb3RoZXIgYXBwbGljYXRpb25zIGRvIHRvbywgYW5kIHdlDQogc2hv dWxkIHRyeSB0byBwcm92aWRlIHRoZW0gZXhwZWRpdGlvdXNseS4mbmJzcDsgSSBpbnZpdGVkIEx1 ZHdpZyB0byBiZSBhIGNvLWVkaXRvciBvbiB0aGUgc3RyYWlnaHQgcG9ydCB3aXRoIG1lIHRvIGhl bHAgbWFrZSBzdXJlIHdlIG1vdmUgaXQgZm9yd2FyZCBwcm9tcHRseS48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+ZHJhZnQtaWV0Zi1hY2Utb2F1dGgtYXV0aHogY291bGQgdGhlbiBwcm9m aWxlIHRoZSBSRkMgNzgwMCBwb3J0IGJ5IHNheWluZyBob3cgaXQgdXNlcyB0aGUgZ2VuZXJhbCBj b25maXJtYXRpb24gc3ludGF4ICh0aGlzIHByb2ZpbGluZyB0ZXh0IGFscmVhZHkgZXhpc3RzKS48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+V291bGQgdGhhdCB3b3JrIGZvciBwZW9wbGU/ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyBCZXN0IHdpc2hlcyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAtLSBNaWtl PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48YSBuYW1lPSJfTWFpbEVu ZENvbXBvc2UiPjxvOnA+Jm5ic3A7PC9vOnA+PC9hPjwvcD4NCjxzcGFuIHN0eWxlPSJtc28tYm9v a21hcms6X01haWxFbmRDb21wb3NlIj48L3NwYW4+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4t LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCkZyb206IEFjZSBbbWFpbHRvOmFjZS1ib3Vu Y2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgQ2Fyc3RlbiBCb3JtYW5uPGJyPg0KU2VudDogRnJp ZGF5LCBBcHJpbCAyMSwgMjAxNyAxOjMzIEFNPGJyPg0KVG86IEhhbm5lcyBUc2Nob2ZlbmlnICZs dDtoYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0Jmd0Ozxicj4NCkNjOiBBY2VAaWV0Zi5vcmc8YnI+ DQpTdWJqZWN0OiBSZTogW0FjZV0gQ1dUIGFuZCBQb1AgVG9rZW5zPC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij5PbiBBcHIgMjEsIDIwMTcsIGF0IDA5OjU2LCBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmhhbm5lcy50c2Nob2ZlbmlnQGdteC5uZXQiPjxzcGFuIHN0eWxlPSJjb2xvcjp3 aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5oYW5uZXMudHNjaG9mZW5pZ0BnbXgubmV0 PC9zcGFuPjwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+Jmd0OyA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsg KiB0aGUgQ1dUIHNwZWMgbWFwcyBzb21lIG9mIHRoZSBKV1QgY2xhaW1zIHRvIENCT1IgYnV0IGRv ZXMgbm90DQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsgY29u dGFpbiBhbnl0aGluZyByZWdhcmRpbmcgUG9QIHRva2Vucy48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPiZndDsgKiB0aGUgQUNFIGZyYW1ld29yayBwcm92aWRlcyB0aGUg UG9QLXJlbGF0ZWQgY29tcG9uZW50cyAoc2VlDQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPiZndDsgPGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LWlldGYtYWNlLW9hdXRoLWF1dGh6LTA2I3NlY3Rpb24tNS41LjQuNSI+DQo8c3BhbiBzdHls ZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+aHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtYWNlLW9hdXRoLWF1dGh6LTA2I3NlY3Rpb24tNS41LjQu NTwvc3Bhbj48L2E+KS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZn dDsgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IE5vdywgdGhl IHF1ZXN0aW9uIHRvIHRoZSBncm91cCBpcyB3aGV0aGVyIHRoZXkgYXJlIGhhcHB5IHdpdGggdGhp cw0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IHNwbGl0LiBB bm90aGVyIG9wdGlvbiB3b3VsZCBiZSB0byBpbmNsdWRlIHRoZSBjbmYgY2xhaW1zIG5lZWRlZCBm b3INCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyB0aGUgUG9Q IHRva2VuIGZ1bmN0aW9uYWxpdHkgYWxyZWFkeSBpbiB0aGUgQ1dUIHNwZWMuPG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPlByb2JhYmx5LCB0aGUg4oCcY25m4oCdIGNsYWltcyBhdHRhaW4g dGhlaXIgYWN0dWFsIG1lYW5pbmcgdGhyb3VnaCB0aGUgZnJhbWV3b3JrLjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+SXQgd2lsbCBiZSBoYXJkIHRvIGRvIGEgZnJhbWV3 b3JrLWluZGVwZW5kZW50IGRlZmluaXRpb24gb2YgdGhvc2UgaW4gdGhlIENXVCBzcGVjLjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+U28gSSBhbSB2ZXJ5IGhhcHB5IHdp dGggdGhhdCBzcGxpdC48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+R3LDvMOfZSwgQ2Fy c3RlbjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_CY4PR21MB05043F6918C2E0AC4844F744F51A0CY4PR21MB0504namp_-- From nobody Sat Apr 22 11:57:43 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E835129436 for ; Sat, 22 Apr 2017 11:57:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoLphEkM-jNI for ; Sat, 22 Apr 2017 11:57:40 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2571D12422F for ; Sat, 22 Apr 2017 11:57:40 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1492887456; h=from:subject:to:date:message-id; bh=HS7s7uZCaiwyDVikRiHF03LVh1B7Ijlsq4PhDgJEuj8=; b=EWCF1Lk4bVRLY5XWIIJ+v51vtfwcAB9WS6L0IHcrfZbMhdcnfacyscCn0DMO0jId2FrFyp0M3Uh mPNWzSvfx45SUFJbMwImG/dbQMJBUraInzGLlnbCrWDQbs+SNTSgZKAbDlTw/CBjcCQ/HoZw6DQVE yLWaLpU67r7V0sxw0P8l3m7SYdANxTexBND+XFDYeQWTVptIN1O/Mam5kkQV7D/Bi0fv+M4khVWs0 k12a8WsGwcVdvNLkoHq1r25zgHZEe3GcZCOFJ0nAlA3XNuvyNz2fYws+OL9A1iAeC2ogpIZDXngW6 x4paqmy4BMRn/rkcImnMVbCKmGTVAQv9HIyQ== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 22 Apr 2017 11:57:35 -0700 Received: from Hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 22 Apr 2017 11:57:29 -0700 From: Jim Schaad To: 'ace' Date: Sat, 22 Apr 2017 11:47:13 -0700 Message-ID: <00f001d2bb98$dd2be430$9783ac90$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdK7gKnlztOgBho8S4qIHrw1Qvtzug== X-Originating-IP: [24.21.96.37] Archived-At: Subject: Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2017 18:57:42 -0000 Not ready to ship. * I find the text for NumericDate confusing and would suggest this is a cleaner wording. The "NumericDate" term has the same meaning, syntax and Processing rules as the "NumericDate" term defined in Section 2 of JWT [RFC7519], except that the CBOR numeric representation (Section 2.4.1 of [RC7049]) is used. The encoding is modified so that the leading tag (6.1 or 0xC1) MUST be omitted. * What is a "CWT NumericDate" ? Why is this not just a "NumericDate"? You should be consistent on how you are using this and the "StringOrURI" type identifier. Either use the CWT prefix or don't. * s/except that a CWT StringOrURI/except that for a CWT, StringOrURI/ * The algorithm for doing nesting detection is a gross abuse of the content type parameter and can be far more easily done based on the already present tagging of the COSE object. * Break section 8 into multiple paragraphs that deal with different types of issues. * In section 8, the first sentence implies to me that you believe that COSE is more of a problem that breaking of cryptographic algorithms, trust of certificates/keys. Not sure what needs to be done, but better clarity may be a good idea. * I have not done any validation of the examples. You might want to have an example which uses the real for one of the time types. Jim -----Original Message----- From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Kepeng Li Sent: Thursday, April 20, 2017 2:53 PM To: ace@ietf.org Cc: Hannes Tschofenig Subject: [Ace] [ace] WGLC on draft-ietf-ace-cbor-web-token In Chicago, it was decided that we were going to WGLC the ACE CBOR Web Token draft. So this starts a working group last call for draft-ietf-ace-cbor-web-token for submission as a Standards Track RFC, ending on 24:00 PDT on Tuesday, May 2, 2017. The specification is available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-04 An HTML-formatted version is also available at: http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-04.html Thanks, Kind Regards Kepeng & Hannes _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace From nobody Sun Apr 23 23:33:16 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 308B412878D for ; Sun, 23 Apr 2017 23:33:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.502 X-Spam-Level: X-Spam-Status: No, score=-3.502 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhvhz75OXTbe for ; Sun, 23 Apr 2017 23:33:13 -0700 (PDT) Received: from se-out1.mx-wecloud.net (se-out1.mx-wecloud.net [89.221.255.93]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3045D128ACA for ; Sun, 23 Apr 2017 23:33:12 -0700 (PDT) Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out1.mx-wecloud.net (Postfix) with ESMTPS id 6DEAB20313B; Mon, 24 Apr 2017 06:33:07 +0000 (UTC) Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Mon, 24 Apr 2017 08:33:08 +0200 To: Mike Jones , "ace@ietf.org" References: From: Ludwig Seitz Message-ID: <2eed2198-4bca-0a59-a339-574401d61f93@ri.se> Date: Mon, 24 Apr 2017 08:33:07 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.116.0.226] X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.2 cv=e692ceh/ c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=N659UExz7-8A:10 a=AzvcPWV-tVgA:10 a=QLPfpYkryAO4RqcpiSkA:9 a=pILNOxqGKmIA:10 X-Virus-Scanned: clamav-milter 0.99.2 at MailSecurity X-Virus-Status: Clean X-MailSecurity-Status: 0 X-Scanned-By: WeCloud MailSecurity X-MailSecurity-Score: 0 Archived-At: Subject: Re: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2017 06:33:15 -0000 On 2017-04-21 18:46, Mike Jones wrote: > Hi Ludwig. Thanks for your note. > > ~snip~ > > > I’ll say up front, that I’d be glad to add you as a co-editor of the RFC > 7800 port, Ludwig, both to acknowledge the good work you’ve already put > in on the topic, and so you can help keep me honest in moving this > forward expeditiously. Would you be open to that possibility? > > > > Best wishes, > > -- Mike If the chairs agree with your assessment that this document can move forward fast (which I feel it could, but my experience is limited), I'm fine with such a solution. How could I help progressing that document? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 From nobody Fri Apr 28 06:34:36 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2EF1205D3; Fri, 28 Apr 2017 06:34:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsncKb0u0cio; Fri, 28 Apr 2017 06:34:33 -0700 (PDT) Received: from se-out2.mx-wecloud.net (se-out2.mx-wecloud.net [89.221.255.177]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC642127275; Fri, 28 Apr 2017 06:31:23 -0700 (PDT) Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out2.mx-wecloud.net (Postfix) with ESMTPS id 1336A223499; Fri, 28 Apr 2017 13:31:19 +0000 (UTC) Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Fri, 28 Apr 2017 15:31:21 +0200 To: "ace@ietf.org" , core From: Ludwig Seitz Message-ID: Date: Fri, 28 Apr 2017 15:31:20 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.116.0.226] X-ClientProxiedBy: sp-mail-3.sp.se (10.100.0.163) To sp-mail-2.sp.se (10.100.0.162) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.2 cv=Up4TD64B c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=IkcTkHD0fZMA:10 a=AzvcPWV-tVgA:10 a=C01ViRMlAAAA:8 a=QLPfpYkryAO4RqcpiSkA:9 a=QEXdDO2ut3YA:10 a=IVNNpgEr6-sA:10 a=V2CapFxqm0gA:10 a=ePWGEMN2vnwA:10 a=Iuy1Xl9CZTQdwcv9aEVZ:22 X-Virus-Scanned: clamav-milter 0.99.2 at MailSecurity X-Virus-Status: Clean X-MailSecurity-Status: 0 X-Scanned-By: WeCloud MailSecurity X-MailSecurity-Score: 0 Archived-At: Subject: [Ace] IKEA uses CoAP and DTLS for their smart lights X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 13:34:35 -0000 FYI https://mjg59.dreamwidth.org/47803.html /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 From nobody Fri Apr 28 06:48:16 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DEB91293F5; Fri, 28 Apr 2017 06:48:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajBHSXNXpqJE; Fri, 28 Apr 2017 06:48:09 -0700 (PDT) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD7C0127601; Fri, 28 Apr 2017 06:44:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v3SDipc9003682; Fri, 28 Apr 2017 15:44:51 +0200 (CEST) Received: from client-0068.vpn.uni-bremen.de (client-0068.vpn.uni-bremen.de [134.102.107.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3wDw6W1sJbzDHt3; Fri, 28 Apr 2017 15:44:51 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Carsten Bormann In-Reply-To: Date: Fri, 28 Apr 2017 15:44:51 +0200 Cc: "ace@ietf.org" , core X-Mao-Original-Outgoing-Id: 515079891.118724-f6b0bd4c85cbb739d811893a05458463 Content-Transfer-Encoding: quoted-printable Message-Id: <36B76346-FD68-4FD4-A5F2-26B9BB86DE20@tzi.org> References: To: Ludwig Seitz X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [Ace] [core] IKEA uses CoAP and DTLS for their smart lights X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 13:48:11 -0000 On Apr 28, 2017, at 15:31, Ludwig Seitz wrote: >=20 > FYI >=20 >=20 > https://mjg59.dreamwidth.org/47803.html Yes. There has been a flurry of activity in the tinydtls and libcoap projects = in the last weeks, as these seem to be the implementations of choice to = talk to the devices (if you are not using Californium). Lots of hackers/makers are now putting libcoap support into their = various home hub/home bridge projects. This also has further increased the mindshare of LWM2M, which the IKEA = application is based on. The interesting part is that the whole setup makes IKEA TRADFRI a quite = secure implementation of IoT, compared to what=E2=80=99s on the market = today. Maybe we are witnessing the tipping point towards the real Internet of = Things. Gr=C3=BC=C3=9Fe, Carsten