From nobody Fri Oct 4 15:01:51 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19F67120052 for ; Fri, 4 Oct 2019 15:01:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.991 X-Spam-Level: X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_HTML_ATTACH=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=gmVaQu6C; dkim=pass (2048-bit key) header.d=kitterman.com header.b=C8vzySUo Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SW2gkLRBtTba for ; Fri, 4 Oct 2019 15:01:47 -0700 (PDT) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 039F712006B for ; Fri, 4 Oct 2019 15:01:47 -0700 (PDT) Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id C3B95F80284 for ; Fri, 4 Oct 2019 18:01:15 -0400 (EDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1570226475; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding : from; bh=7xrpD1sT0565OrSSxQyCcmpLsU7YztQJ/05jaWVWaxo=; b=gmVaQu6Cjb5IVs3KRzZ1qpRhvMnS/LA9G8rC1Sxxs4BTQU9yjLsVBaFm r+qiej/TjH177tIJ+Ga3zJaB0NnmAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1570226475; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding : from; bh=7xrpD1sT0565OrSSxQyCcmpLsU7YztQJ/05jaWVWaxo=; b=C8vzySUoNsZYf30sVVrPA8gS12fWb7+wn7Td0bV8JxVxqh9JlFVIas/f wsPLTLGWSDY167KeDWzRXbDfzVzaYPvKqiWC/0+4Vp7CWGUg9S85e6PDnZ MLMuGMeptZHDMSq5ADIop8QUy3AkC5Ow+vUQL5mHEKCRDg5wTCrTLwo/Mt jai9y6bXDSDePutcPWsmZO8aj3ZVCM3MnJwFWr3MVFShO+/nK1C6gPZH01 l1kn2YM830Zd4c8/fTdJ5PMBMh4C4XCnyBcFQbYoigGLr/ptwfwJt+ZJUM h3D2PblbfV9KS1Dlrw4Hng5FXBpdmYdFMXJQWjLfQ3m8eJbneKVP1w== Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 327EEF801A6 for ; Fri, 4 Oct 2019 18:01:15 -0400 (EDT) From: Scott Kitterman To: dmarc@ietf.org Date: Fri, 04 Oct 2019 18:01:14 -0400 Message-ID: <1960529.BQ9LHqgqYc@l5580> In-Reply-To: <2080369.Hr1xgu6sVx@l5580> References: <2080369.Hr1xgu6sVx@l5580> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart2086774.9YeHt4G8mN" Content-Transfer-Encoding: 7Bit Archived-At: Subject: Re: [dmarc-ietf] PSD DMARC: draft-ietf-dmarc-psd post-WGLC Status X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 22:01:49 -0000 This is a multi-part message in MIME format. --nextPart2086774.9YeHt4G8mN Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Saturday, September 28, 2019 5:38:37 PM EDT Scott Kitterman wrote: > Based on the post-WGLC discussion, I believe an updated draft before IETF > last call is appropriate with three changes: > > 1. Updated Longest PSD definition: > > 2.3. Longest PSD > > > > The longest PSD is the Organizational Domain with one label removed. > > 2. Addition of the PSL data format to Appendix B (it would be B.3). I > haven't drafted text yet, but I don't expect it to be controverisial. > > 3. Add zdkimfilter to Appendix C (also didn't make text yet). > > Unless someone tells me otherwise, I plan to go ahead with those changes. I've done this now. I've attached the latest rfcdiff from -06. If you want to review the entire draft as it stands, it's available in the WG GitHub repository: https://raw.githubusercontent.com/ietf-dmarc-wg/draft-ietf-dmarc-psd/master/ draft-ietf-dmarc-psd-07.txt Please let me know if I missed something or if the new text could be improved. Scott K --nextPart2086774.9YeHt4G8mN Content-Disposition: attachment; filename="draft-ietf-dmarc-psd-07-from-6.diff.html" Content-Transfer-Encoding: base64 Content-Type: application/xhtml+xml; name="draft-ietf-dmarc-psd-07-from-6.diff.html" PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h bC5kdGQiPiAKPCEtLSBHZW5lcmF0ZWQgYnkgcmZjZGlmZiAxLjQxOiByZmNkaWZmICAtLT4gCjwh LS0gPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlv bmFsIiA+IC0tPgo8IS0tIFN5c3RlbTogTGludXggbDU1ODAgNC4xOS4wLTYtYW1kNjQgIzEgU01Q IERlYmlhbiA0LjE5LjY3LTIgKDIwMTktMDgtMjgpIHg4Nl82NCBHTlUvTGludXggLS0+IAo8IS0t IFVzaW5nIGF3azogL3Vzci9iaW4vZ2F3azogR05VIEF3ayA0LjIuMSwgQVBJOiAyLjAgKEdOVSBN UEZSIDQuMC4yLCBHTlUgTVAgNi4xLjIpIC0tPiAKPCEtLSBVc2luZyBkaWZmOiAvdXNyL2Jpbi9k aWZmOiBkaWZmIChHTlUgZGlmZnV0aWxzKSAzLjcgLS0+IAo8IS0tIFVzaW5nIHdkaWZmOiAvdXNy L2Jpbi93ZGlmZjogd2RpZmYgKEdOVSB3ZGlmZikgMS4yLjIgLS0+IAo8aHRtbD4gCjxoZWFkPiAK ICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hh cnNldD1pc28tODg1OS0xIiAvPiAKICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5 cGUiIGNvbnRlbnQ9InRleHQvY3NzIiAvPiAKICA8dGl0bGU+RGlmZjogZHJhZnQtaWV0Zi1kbWFy Yy1wc2QtMDYudHh0IC0gZHJhZnQtaWV0Zi1kbWFyYy1wc2QtMDcudHh0PC90aXRsZT4gCiAgPHN0 eWxlIHR5cGU9InRleHQvY3NzIj4gCiAgICBib2R5ICAgIHsgbWFyZ2luOiAwLjRleDsgbWFyZ2lu LXJpZ2h0OiBhdXRvOyB9IAogICAgdHIgICAgICB7IH0gCiAgICB0ZCAgICAgIHsgd2hpdGUtc3Bh Y2U6IHByZTsgZm9udC1mYW1pbHk6IG1vbm9zcGFjZTsgdmVydGljYWwtYWxpZ246IHRvcDsgZm9u dC1zaXplOiAwLjg2ZW07fSAKICAgIHRoICAgICAgeyBmb250LXNpemU6IDAuODZlbTsgfSAKICAg IC5zbWFsbCAgeyBmb250LXNpemU6IDAuNmVtOyBmb250LXN0eWxlOiBpdGFsaWM7IGZvbnQtZmFt aWx5OiBWZXJkYW5hLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IH0gCiAgICAubGVmdCAgIHsgYmFj a2dyb3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5yaWdodCAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAj RkZGOyB9IAogICAgLmRpZmYgICB7IGJhY2tncm91bmQtY29sb3I6ICNDQ0Y7IH0gCiAgICAubGJs b2NrIHsgYmFja2dyb3VuZC1jb2xvcjogI0JGQjsgfSAKICAgIC5yYmxvY2sgeyBiYWNrZ3JvdW5k LWNvbG9yOiAjRkY4OyB9IAogICAgLmluc2VydCB7IGJhY2tncm91bmQtY29sb3I6ICM4RkY7IH0g CiAgICAuZGVsZXRlIHsgYmFja2dyb3VuZC1jb2xvcjogI0FDRjsgfSAKICAgIC52b2lkICAgeyBi YWNrZ3JvdW5kLWNvbG9yOiAjRkZCOyB9IAogICAgLmNvbnQgICB7IGJhY2tncm91bmQtY29sb3I6 ICNFRUU7IH0gCiAgICAubGluZWJyIHsgYmFja2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAgIC5s aW5lbm8geyBjb2xvcjogcmVkOyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkZGOyBmb250LXNpemU6IDAu N2VtOyB0ZXh0LWFsaWduOiByaWdodDsgcGFkZGluZzogMCAycHg7IH0gCiAgICAuZWxpcHNpc3sg YmFja2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAgIC5sZWZ0IC5jb250IHsgYmFja2dyb3VuZC1j b2xvcjogI0RERDsgfSAKICAgIC5yaWdodCAuY29udCB7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7 IH0gCiAgICAubGJsb2NrIC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogIzlEOTsgfSAKICAgIC5y YmxvY2sgLmNvbnQgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjREQ2OyB9IAogICAgLmluc2VydCAuY29u dCB7IGJhY2tncm91bmQtY29sb3I6ICMwREQ7IH0gCiAgICAuZGVsZXRlIC5jb250IHsgYmFja2dy b3VuZC1jb2xvcjogIzhBRDsgfSAKICAgIC5zdGF0cywgLnN0YXRzIHRkLCAuc3RhdHMgdGggeyBi YWNrZ3JvdW5kLWNvbG9yOiAjRUVFOyBwYWRkaW5nOiAycHggMDsgfSAKICA8L3N0eWxlPiAKPC9o ZWFkPiAKPGJvZHkgPiAKICA8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNw YWNpbmc9IjAiPiAKICA8dHIgYmdjb2xvcj0ib3JhbmdlIj48dGg+PC90aD48dGg+Jm5ic3A7ZHJh ZnQtaWV0Zi1kbWFyYy1wc2QtMDYudHh0Jm5ic3A7PC90aD48dGg+IDwvdGg+PHRoPiZuYnNwO2Ry YWZ0LWlldGYtZG1hcmMtcHNkLTA3LnR4dCZuYnNwOzwvdGg+PHRoPjwvdGg+PC90cj4gCiAgICAg IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0 Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+TmV0d29yayBXb3JraW5nIEdyb3VwICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUy4gS2l0dGVybWFuPC90ZD48dGQ+ IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+TmV0d29yayBXb3JraW5nIEdyb3VwICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgUy4gS2l0dGVybWFuPC90ZD48dGQgY2xhc3M9Imxp bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkludGVybmV0LURyYWZ0ICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZlRMRCBSZWdpc3RyeSBTZXJ2aWNlczwvdGQ+ PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZlRMRCBSZWdpc3RyeSBTZXJ2aWNlczwvdGQ+PHRkIGNsYXNz PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0i ZGlmZjAwMDEiIC8+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj5JbnRlbmRlZCBzdGF0dXM6IEV4cGVyaW1l bnRhbCAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBjbGFzcz0iZGVsZXRlIj5BdWd1 c3QgMTAsPC9zcGFuPiAyMDE5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPkludGVu ZGVkIHN0YXR1czogRXhwZXJpbWVudGFsICAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuIGNs YXNzPSJpbnNlcnQiPlNlcHRlbWJlciAzMCw8L3NwYW4+IDIwMTk8L3RkPjx0ZCBjbGFzcz0ibGlu ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj5FeHBpcmVzOiA8c3BhbiBjbGFz cz0iZGVsZXRlIj5GZWJydWFyeSAxMSw8L3NwYW4+IDIwMjA8L3RkPjx0ZD4gPC90ZD48dGQgY2xh c3M9InJibG9jayI+RXhwaXJlczogPHNwYW4gY2xhc3M9Imluc2VydCI+QXByaWwgMiw8L3NwYW4+ IDIwMjA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAg ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVm dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVu byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkRNQVJDIChEb21haW4tYmFzZWQgTWVz c2FnZSBBdXRoZW50aWNhdGlvbiwgUmVwb3J0aW5nLCBhbmQgQ29uZm9ybWFuY2UpPC90ZD48dGQ+ IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+RE1BUkMgKERvbWFpbi1iYXNlZCBNZXNzYWdlIEF1dGhl bnRpY2F0aW9uLCBSZXBvcnRpbmcsIGFuZCBDb25mb3JtYW5jZSk8L3RkPjx0ZCBjbGFzcz0ibGlu ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgRXh0ZW5z aW9uIEZvciBQU0RzIChQdWJsaWMgU3VmZml4IERvbWFpbnMpPC90ZD48dGQ+IDwvdGQ+PHRkIGNs YXNzPSJyaWdodCI+ICAgICAgICAgICAgICAgRXh0ZW5zaW9uIEZvciBQU0RzIChQdWJsaWMgU3Vm Zml4IERvbWFpbnMpPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90 cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJkaWZmMDAwMiIgLz48L3RkPjwvdHI+CiAgICAgIDx0 cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si PiAgICAgICAgICAgICAgICAgICAgICAgIGRyYWZ0LWlldGYtZG1hcmMtcHNkLTA8c3BhbiBjbGFz cz0iZGVsZXRlIj42PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAg ICAgICAgICAgICAgICAgICAgICBkcmFmdC1pZXRmLWRtYXJjLXBzZC0wPHNwYW4gY2xhc3M9Imlu c2VydCI+Nzwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48 L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBj bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkFic3RyYWN0PC90ZD48 dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+QWJzdHJhY3Q8L3RkPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4K ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9 ImxlZnQiPiAgIERNQVJDIChEb21haW4tYmFzZWQgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiwgUmVw b3J0aW5nLCBhbmQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBETUFSQyAoRG9t YWluLWJhc2VkIE1lc3NhZ2UgQXV0aGVudGljYXRpb24sIFJlcG9ydGluZywgYW5kPC90ZD48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIENvbmZvcm1h bmNlKSBpcyBhIHNjYWxhYmxlIG1lY2hhbmlzbSBieSB3aGljaCBhIG1haWwtb3JpZ2luYXRpbmc8 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBDb25mb3JtYW5jZSkgaXMgYSBzY2Fs YWJsZSBtZWNoYW5pc20gYnkgd2hpY2ggYSBtYWlsLW9yaWdpbmF0aW5nPC90ZD48dGQgY2xhc3M9 ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG9yZ2FuaXphdGlvbiBj YW4gZXhwcmVzcyBkb21haW4tbGV2ZWwgcG9saWNpZXMgYW5kIHByZWZlcmVuY2VzIGZvcjwvdGQ+ PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIG9yZ2FuaXphdGlvbiBjYW4gZXhwcmVzcyBk b21haW4tbGV2ZWwgcG9saWNpZXMgYW5kIHByZWZlcmVuY2VzIGZvcjwvdGQ+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu byIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBtZXNzYWdlIHZhbGlkYXRp b24sIGRpc3Bvc2l0aW9uLCBhbmQgcmVwb3J0aW5nLCB0aGF0IGEgbWFpbC1yZWNlaXZpbmc8L3Rk Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBtZXNzYWdlIHZhbGlkYXRpb24sIGRpc3Bv c2l0aW9uLCBhbmQgcmVwb3J0aW5nLCB0aGF0IGEgbWFpbC1yZWNlaXZpbmc8L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgb3JnYW5pemF0aW9u IGNhbiB1c2UgdG8gaW1wcm92ZSBtYWlsIGhhbmRsaW5nLiAgVGhlIGRlc2lnbiBvZiBETUFSQzwv dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIG9yZ2FuaXphdGlvbiBjYW4gdXNlIHRv IGltcHJvdmUgbWFpbCBoYW5kbGluZy4gIFRoZSBkZXNpZ24gb2YgRE1BUkM8L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcHJlc3VtZXMgdGhh dCBkb21haW4gbmFtZXMgcmVwcmVzZW50IGVpdGhlciBub2RlcyBpbiB0aGUgdHJlZSBiZWxvdzwv dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHByZXN1bWVzIHRoYXQgZG9tYWluIG5h bWVzIHJlcHJlc2VudCBlaXRoZXIgbm9kZXMgaW4gdGhlIHRyZWUgYmVsb3c8L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgd2hpY2ggcmVnaXN0 cmF0aW9ucyBvY2N1ciwgb3Igbm9kZXMgd2hlcmUgcmVnaXN0cmF0aW9ucyBoYXZlPC90ZD48dGQ+ IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgd2hpY2ggcmVnaXN0cmF0aW9ucyBvY2N1ciwgb3Ig bm9kZXMgd2hlcmUgcmVnaXN0cmF0aW9ucyBoYXZlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0 ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgYmdjb2xvcj0iZ3JheSIgPjx0ZD48 L3RkPjx0aD48YSBuYW1lPSJwYXJ0LWwyIiAvPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8 L3NtYWxsPjxlbT4gcGFnZSAxLCBsaW5lIDQ5PC9lbT48L3RoPjx0aD4gPC90aD48dGg+PGEgbmFt ZT0icGFydC1yMiIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBh Z2UgMSwgbGluZSA0OTwvZW0+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSW50ZXJuZXQt RHJhZnRzIGFyZSB3b3JraW5nIGRvY3VtZW50cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmc8 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdv cmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZzwvdGQ+PHRkIGNsYXNz PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUYXNrIEZvcmNlIChJ RVRGKS4gIE5vdGUgdGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZTwvdGQ+PHRk PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0 IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlPC90ZD48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIElu dGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtPC90ZD48dGQ+IDwv dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgd29ya2luZyBkb2N1bWVudHMgYXMgSW50ZXJuZXQtRHJh ZnRzLiAgVGhlIGxpc3Qgb2YgY3VycmVudCBJbnRlcm5ldC08L3RkPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRHJhZnRzIGlzIGF0IGh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLjwvdGQ+PHRkPiA8L3RkPjx0ZCBj bGFzcz0icmlnaHQiPiAgIERyYWZ0cyBpcyBhdCBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RyYWZ0cy9jdXJyZW50Ly48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90 ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0 ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIEludGVybmV0 LURyYWZ0cyBhcmUgZHJhZnQgZG9jdW1lbnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1v bnRoczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEludGVybmV0LURyYWZ0cyBh cmUgZHJhZnQgZG9jdW1lbnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1vbnRoczwvdGQ+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhbmQg bWF5IGJlIHVwZGF0ZWQsIHJlcGxhY2VkLCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRz IGF0IGFueTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFuZCBtYXkgYmUgdXBk YXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55PC90 ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0 ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRp bWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJl bmNlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGltZS4gIEl0IGlzIGluYXBw cm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyByZWZlcmVuY2U8L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbWF0ZXJpYWwgb3Ig dG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3MuIjwvdGQ+PHRkPiA8 L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIG1hdGVyaWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0 aGFuIGFzICJ3b3JrIGluIHByb2dyZXNzLiI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy Pjx0ZD48YSBuYW1lPSJkaWZmMDAwMyIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9 ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIFRoaXMgSW50 ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gPHNwYW4gY2xhc3M9ImRlbGV0ZSI+RmVicnVhcnkg MTE8L3NwYW4+LCAyMDIwLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBUaGlz IEludGVybmV0LURyYWZ0IHdpbGwgZXhwaXJlIG9uIDxzcGFuIGNsYXNzPSJpbnNlcnQiPkFwcmls IDI8L3NwYW4+LCAyMDIwLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz PSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+Q29weXJpZ2h0IE5v dGljZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkNvcHlyaWdodCBOb3RpY2U8L3Rk Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48 dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIENvcHlyaWdodCAoYykgMjAxOSBJRVRGIFRydXN0 IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz cz0icmlnaHQiPiAgIENvcHlyaWdodCAoYykgMjAxOSBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29u cyBpZGVudGlmaWVkIGFzIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48 L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PHRkIGNsYXNzPSJsZWZ0Ij4gICBkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZl ZC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBkb2N1bWVudCBhdXRob3JzLiAg QWxsIHJpZ2h0cyByZXNlcnZlZC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+ PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48 dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoaXMg ZG9jdW1lbnQgaXMgc3ViamVjdCB0byBCQ1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWw8 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGlzIGRvY3VtZW50IGlzIHN1Ympl Y3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsPC90ZD48dGQgY2xhc3M9Imxp bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFByb3Zpc2lvbnMgUmVsYXRp bmcgdG8gSUVURiBEb2N1bWVudHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBQ cm92aXNpb25zIFJlbGF0aW5nIHRvIElFVEYgRG9jdW1lbnRzPC90ZD48dGQgY2xhc3M9ImxpbmVu byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChodHRwczovL3RydXN0ZWUuaWV0 Zi5vcmcvbGljZW5zZS1pbmZvKSBpbiBlZmZlY3Qgb24gdGhlIGRhdGUgb2Y8L3RkPjx0ZD4gPC90 ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAoaHR0cHM6Ly90cnVzdGVlLmlldGYub3JnL2xpY2Vuc2Ut aW5mbykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHB1YmxpY2F0aW9uIG9mIHRoaXMgZG9jdW1l bnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz cz0icmlnaHQiPiAgIHB1YmxpY2F0aW9uIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2aWV3 IHRoZXNlIGRvY3VtZW50czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i PjwvdGQ+PC90cj4KICAgICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+PC90ZD48dGg+PGEgbmFt ZT0icGFydC1sMyIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48ZW0+IHBh Z2UgMiwgbGluZSA1MTwvZW0+PC90aD48dGg+IDwvdGg+PHRoPjxhIG5hbWU9InBhcnQtcjMiIC8+ PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdlIDIsIGxpbmUgNTE8 L2VtPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNi4xLiAgU3ViZG9tYWluIFBvbGlj eSBUYWcgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAgOTwvdGQ+PHRkPiA8 L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNi4xLiAgU3ViZG9tYWluIFBvbGljeSBUYWcgIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAgOTwvdGQ+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICA3LiAgUmVmZXJlbmNlcyAgLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTA8L3RkPjx0 ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICA3LiAgUmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTA8L3RkPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA3LjEuICBOb3JtYXRp dmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEwPC90 ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA3LjEuICBOb3JtYXRpdmUgUmVmZXJl bmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEwPC90ZD48dGQgY2xh c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNy4yLiAgSW5m b3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAx MDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNy4yLiAgSW5mb3JtYXRpdmUg UmVmZXJlbmNlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxMDwvdGQ+PHRk IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBBcHBlbmRp eCBBLiAgVGhlIEV4cGVyaW1lbnQgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAgMTE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBBcHBlbmRpeCBBLiAgVGhl IEV4cGVyaW1lbnQgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTE8L3Rk Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk IGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICBB LjEuICBQU0QgRE1BUkMgUHJpdmFjeSBDb25jZXJuIE1pdGlnYXRpb24gIC4gLiAuIC4gLiAuIC4g LiAuIC4gIDExPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICBBLjEuICBQU0Qg RE1BUkMgUHJpdmFjeSBDb25jZXJuIE1pdGlnYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEx PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg ICAgQS4yLiAgTm9uLUV4aXN0ZW50IFN1YmRvbWFpbiBQb2xpY3kgLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuICAxMjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgQS4yLiAg Tm9uLUV4aXN0ZW50IFN1YmRvbWFpbiBQb2xpY3kgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu ICAxMjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAg IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0 Ij4gICBBcHBlbmRpeCBCLiAgRE1BUkMgUFNEIFJlZ2lzdHJ5IEV4YW1wbGVzICAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAgMTI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBBcHBl bmRpeCBCLiAgRE1BUkMgUFNEIFJlZ2lzdHJ5IEV4YW1wbGVzICAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAgMTI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i bGVmdCI+ICAgICBCLjEuICBETUFSQyBQU0QgRE5TIFF1ZXJ5IFNlcnZpY2UgLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gIDEzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg ICBCLjEuICBETUFSQyBQU0QgRE5TIFF1ZXJ5IFNlcnZpY2UgLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gIDEzPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90 cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xh c3M9ImxlZnQiPiAgICAgQi4yLiAgRE1BUkMgUHVibGljIFN1ZmZpeCBEb21haW4gKFBTRCkgUmVn aXN0cnkgLiAuIC4gLiAuIC4gLiAuICAxMzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi PiAgICAgQi4yLiAgRE1BUkMgUHVibGljIFN1ZmZpeCBEb21haW4gKFBTRCkgUmVnaXN0cnkgLiAu IC4gLiAuIC4gLiAuICAxMzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQ+PGEgbmFtZT0iZGlmZjAwMDQiIC8+PC90ZD48L3RyPgogICAg ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJs b2NrIj4gICBBcHBlbmRpeCBDLiAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+SW1wbGVtZW50YXRpb24g Ljwvc3Bhbj4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNz PSJkZWxldGUiPjEzPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAg IDxzcGFuIGNsYXNzPSJpbnNlcnQiPkIuMy4gIERNQVJDIFBTRCBQU0wgRXh0ZW5zaW9uIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTM8L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICBDLjEuICBBdXRoaGVh ZGVycyBNb2R1bGUgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFu IGNsYXNzPSJkZWxldGUiPjEzPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr Ij4gICBBcHBlbmRpeCBDLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+SW1wbGVtZW50YXRpb25zPC9z cGFuPiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJp bnNlcnQiPjE0PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk IGNsYXNzPSJsYmxvY2siPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9 InJibG9jayI+ICAgICBDLjEuICBBdXRoaGVhZGVycyBNb2R1bGUgIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjE0PC9zcGFuPjwvdGQ+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+ PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgIEMu Mi4gIFpka2ltZmlsdGVyIE1vZHVsZSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAgMTQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg Y2xhc3M9ImxlZnQiPiAgIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln aHQiPiAgIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuICAxNDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48 L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PHRkIGNsYXNzPSJsZWZ0Ij4gICBBdXRob3IncyBBZGRyZXNzICAuIC4gLiAuIC4gLiAuIC4gLiAu IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9 InJpZ2h0Ij4gICBBdXRob3IncyBBZGRyZXNzICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g LiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48 L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90 ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0 ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjEuICBJ bnRyb2R1Y3Rpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4xLiAgSW50cm9kdWN0 aW9uPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAg PHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQi PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBETUFSQyBbUkZDNzQ4OV0gcHJvdmlk ZXMgYSBtZWNoYW5pc20gZm9yIHB1Ymxpc2hpbmcgb3JnYW5pemF0aW9uYWw8L3RkPjx0ZD4gPC90 ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBETUFSQyBbUkZDNzQ4OV0gcHJvdmlkZXMgYSBtZWNoYW5p c20gZm9yIHB1Ymxpc2hpbmcgb3JnYW5pemF0aW9uYWw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcG9saWN5IGluZm9ybWF0aW9uIHRvIGVt YWlsIHJlY2VpdmVycy4gIERNQVJDIGFsbG93cyBwb2xpY3kgdG8gYmU8L3RkPjx0ZD4gPC90ZD48 dGQgY2xhc3M9InJpZ2h0Ij4gICBwb2xpY3kgaW5mb3JtYXRpb24gdG8gZW1haWwgcmVjZWl2ZXJz LiAgRE1BUkMgYWxsb3dzIHBvbGljeSB0byBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzcGVjaWZpZWQgZm9yIGJvdGggaW5kaXZpZHVh bCBkb21haW5zIGFuZCBmb3Igb3JnYW5pemF0aW9uYWwgZG9tYWluczwvdGQ+PHRkPiA8L3RkPjx0 ZCBjbGFzcz0icmlnaHQiPiAgIHNwZWNpZmllZCBmb3IgYm90aCBpbmRpdmlkdWFsIGRvbWFpbnMg YW5kIGZvciBvcmdhbml6YXRpb25hbCBkb21haW5zPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFuZCB0aGVpciBzdWItZG9tYWlucyB3aXRo aW4gYSBzaW5nbGUgb3JnYW5pemF0aW9uLiAgRE1BUkMgbGV2ZXJhZ2VzPC90ZD48dGQ+IDwvdGQ+ PHRkIGNsYXNzPSJyaWdodCI+ICAgYW5kIHRoZWlyIHN1Yi1kb21haW5zIHdpdGhpbiBhIHNpbmds ZSBvcmdhbml6YXRpb24uICBETUFSQyBsZXZlcmFnZXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcHVibGljIHN1ZmZpeCBsaXN0cyB0byBk ZXRlcm1pbmUgd2hpY2ggZG9tYWlucyBhcmUgb3JnYW5pemF0aW9uYWw8L3RkPjx0ZD4gPC90ZD48 dGQgY2xhc3M9InJpZ2h0Ij4gICBwdWJsaWMgc3VmZml4IGxpc3RzIHRvIGRldGVybWluZSB3aGlj aCBkb21haW5zIGFyZSBvcmdhbml6YXRpb25hbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGJnY29sb3I9ImdyYXkiID48dGQ+PC90 ZD48dGg+PGEgbmFtZT0icGFydC1sNCIgLz48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9z bWFsbD48ZW0+IHBhZ2UgNSwgbGluZSA0MzwvZW0+PC90aD48dGg+IDwvdGg+PHRoPjxhIG5hbWU9 InBhcnQtcjQiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdl IDUsIGxpbmUgNDQ8L2VtPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRyZWUgYXQgd2hp Y2ggdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzICJvd25lZCIgYnkgaW5kZXBlbmRlbnQ8L3RkPjx0 ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0cmVlIGF0IHdoaWNoIHRvIHJlZ2lzdGVyIGRv bWFpbiBuYW1lcyAib3duZWQiIGJ5IGluZGVwZW5kZW50PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG9yZ2FuaXphdGlvbnMuICBSZWFsLXdv cmxkIGV4YW1wbGVzIGFyZSAiLmNvbSIsICIub3JnIiwgIi51cyIsIGFuZDwvdGQ+PHRkPiA8L3Rk Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIG9yZ2FuaXphdGlvbnMuICBSZWFsLXdvcmxkIGV4YW1wbGVz IGFyZSAiLmNvbSIsICIub3JnIiwgIi51cyIsIGFuZDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu PSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAiLmdvdi51ayIuICBOYW1lcyBhdCB3aGlj aCBzdWNoIHJlZ2lzdHJhdGlvbnMgb2NjdXIgYXJlIGNhbGxlZCBQdWJsaWM8L3RkPjx0ZD4gPC90 ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAiLmdvdi51ayIuICBOYW1lcyBhdCB3aGljaCBzdWNoIHJl Z2lzdHJhdGlvbnMgb2NjdXIgYXJlIGNhbGxlZCBQdWJsaWM8L3RkPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgU3VmZml4IERvbWFpbnMgKFBTRHMp LCBhbmQgYSByZWdpc3RyYXRpb24gY29uc2lzdHMgb2YgYSBsYWJlbDwvdGQ+PHRkPiA8L3RkPjx0 ZCBjbGFzcz0icmlnaHQiPiAgIFN1ZmZpeCBEb21haW5zIChQU0RzKSwgYW5kIGEgcmVnaXN0cmF0 aW9uIGNvbnNpc3RzIG9mIGEgbGFiZWw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv cCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48 L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc2VsZWN0ZWQgYnkgdGhlIHJlZ2lzdHJhbnQgdG8gd2hp Y2ggYSBkZXNpcmFibGUgUFNEIGlzIGFwcGVuZGVkLiAgRm9yPC90ZD48dGQ+IDwvdGQ+PHRkIGNs YXNzPSJyaWdodCI+ICAgc2VsZWN0ZWQgYnkgdGhlIHJlZ2lzdHJhbnQgdG8gd2hpY2ggYSBkZXNp cmFibGUgUFNEIGlzIGFwcGVuZGVkLiAgRm9yPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWdu PSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRv cCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGV4YW1wbGUsICJpZXRmLm9yZyIgaXMgYSByZWdp c3RlcmVkIGRvbWFpbiBuYW1lLCBhbmQgIi5vcmciIGlzIGl0czwvdGQ+PHRkPiA8L3RkPjx0ZCBj bGFzcz0icmlnaHQiPiAgIGV4YW1wbGUsICJpZXRmLm9yZyIgaXMgYSByZWdpc3RlcmVkIGRvbWFp biBuYW1lLCBhbmQgIi5vcmciIGlzIGl0czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBQU0QuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy aWdodCI+ICAgUFNELjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+Mi4zLiAgTG9uZ2VzdCBQ U0Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4yLjMuICBMb25nZXN0IFBTRDwvdGQ+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0 ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkPjxhIG5hbWU9ImRpZmYwMDA1IiAvPjwvdGQ+ PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg Y2xhc3M9ImxibG9jayI+ICAgVGhlIGxvbmdlc3QgUFNEIGlzIHRoZSA8c3BhbiBjbGFzcz0iZGVs ZXRlIj5QU0QgbWF0Y2hpbmcgbW9yZSBsYWJlbHMgaW4gdGhlIGRvbWFpbiBuYW1lPC9zcGFuPjwv dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBUaGUgbG9uZ2VzdCBQU0QgaXMgdGhl IDxzcGFuIGNsYXNzPSJpbnNlcnQiPk9yZ2FuaXphdGlvbmFsIERvbWFpbiB3aXRoIG9uZSBsYWJl bCByZW1vdmVkLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90 ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0 ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4gICB1bmRlciBldmFsdWF0aW9u IHRoYW4gYW55IG90aGVyIHB1YmxpYyBzdWZmaXggbGlzdCBlbnRyeS48L3NwYW4+PC90ZD48dGQ+ IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48 L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+Mi40 LiAgUHVibGljIFN1ZmZpeCBPcGVyYXRvciAoUFNPKTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i cmlnaHQiPjIuNC4gIFB1YmxpYyBTdWZmaXggT3BlcmF0b3IgKFBTTyk8L3RkPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg Y2xhc3M9ImxlZnQiPiAgIEEgUHVibGljIFN1ZmZpeCBPcGVyYXRvciBtYW5hZ2VzIG9wZXJhdGlv bnMgd2l0aGluIGl0cyBQU0QuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgQSBQ dWJsaWMgU3VmZml4IE9wZXJhdG9yIG1hbmFnZXMgb3BlcmF0aW9ucyB3aXRoaW4gaXRzIFBTRC48 L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90 ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjIuNS4gIFBTTyBDb250cm9sbGVkIERvbWFpbiBO YW1lczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjIuNS4gIFBTTyBDb250cm9sbGVk IERvbWFpbiBOYW1lczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUFNPIENvbnRyb2xs ZWQgRG9tYWluIE5hbWVzIGFyZSBuYW1lcyBpbiB0aGUgRE5TIHRoYXQgYXJlIG1hbmFnZWQgYnk8 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBQU08gQ29udHJvbGxlZCBEb21haW4g TmFtZXMgYXJlIG5hbWVzIGluIHRoZSBETlMgdGhhdCBhcmUgbWFuYWdlZCBieTwvdGQ+PHRkIGNs YXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9 ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhIFBTTyBhbmQg YXJlIG5vdCBhdmFpbGFibGUgZm9yIHVzZSBhcyBPcmdhbml6YXRpb25hbCBEb21haW5zICh0aGU8 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhIFBTTyBhbmQgYXJlIG5vdCBhdmFp bGFibGUgZm9yIHVzZSBhcyBPcmdhbml6YXRpb25hbCBEb21haW5zICh0aGU8L3RkPjx0ZCBjbGFz cz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGVybSBPcmdhbml6 YXRpb25hbCBEb21haW5zIGlzIGRlZmluZWQgaW4gRE1BUkMgW1JGQzc0ODldPC90ZD48dGQ+IDwv dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGVybSBPcmdhbml6YXRpb25hbCBEb21haW5zIGlzIGRl ZmluZWQgaW4gRE1BUkMgW1JGQzc0ODldPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9 ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgYmdjb2xvcj0iZ3JheSIgPjx0ZD48L3RkPjx0 aD48YSBuYW1lPSJwYXJ0LWw1IiAvPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxs PjxlbT4gcGFnZSAxMywgbGluZSA0MDwvZW0+PC90aD48dGg+IDwvdGg+PHRoPjxhIG5hbWU9InBh cnQtcjUiIC8+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGVtPiBwYWdlIDEz LCBsaW5lIDQwPC9lbT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp bmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICArLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLS0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgKy0t LS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB8ICAgIFBTRCAgICAgIHwgU3RhdHVzICAgICAg ICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgfCAgICBQU0QgICAgICB8IFN0 YXR1cyAgICAgICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwv dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNs YXNzPSJsZWZ0Ij4gICArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rPC90ZD48dGQ+IDwv dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgKy0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKzwv dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48 dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB8 IC5iYW5rICAgICAgIHwgY3VycmVudCAgICAgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy aWdodCI+ICAgfCAuYmFuayAgICAgICB8IGN1cnJlbnQgICAgICAgfDwvdGQ+PHRkIGNsYXNzPSJs aW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu byIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICArLS0tLS0tLS0tLS0tLSst LS0tLS0tLS0tLS0tLS0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgKy0tLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i dG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3Ai PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB8IC5pbnN1cmFuY2UgIHwgY3VycmVudCAgICAgICB8 PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgfCAuaW5zdXJhbmNlICB8IGN1cnJl bnQgICAgICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+ CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNz PSJsZWZ0Ij4gICArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rPC90ZD48dGQ+IDwvdGQ+ PHRkIGNsYXNzPSJyaWdodCI+ICAgKy0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKzwvdGQ+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB8IC5n b3YudWsgICAgIHwgY3VycmVudCAgICAgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo dCI+ICAgfCAuZ292LnVrICAgICB8IGN1cnJlbnQgICAgICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICArLS0tLS0tLS0tLS0tLSstLS0t LS0tLS0tLS0tLS0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgKy0tLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0tKzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwv dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk PjxhIG5hbWU9ImRpZmYwMDA2IiAvPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRl bGV0ZSI+QXBwZW5kaXggQy4gIEltcGxlbWVudGF0PC9zcGFuPmlvbjwvdGQ+PHRkPiA8L3RkPjx0 ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij5CLjMuICBETUFSQyBQU0QgUFNM IEV4dGVuczwvc3Bhbj5pb248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90 ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0 ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg Y2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZD48YSBu YW1lPSJkaWZmMDAwNyIgLz48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxl dGUiPlRoZXJlPC9zcGFuPiBpcyA8c3BhbiBjbGFzcz0iZGVsZXRlIj5vbmU8L3NwYW4+IGtub3du IDxzcGFuIGNsYXNzPSJkZWxldGUiPmltcGxlbWVudGF0aW9uPC9zcGFuPiBvZiBQU0QgRE1BUkMg YXZhaWxhYmxlIGZvciB0ZXN0aW5nLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g ICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5bcHNkZG1hcmMub3JnXSBwcm92aWRlcyBhIFBTTCBsaWtl IGZpbGUgdG8gZW5hYmxlIHRvIGZhY2lsaXRhdGU8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVu byIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs YXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGlkZW50aWZpY2F0aW9uIG9mIFBT RCBETUFSQyBwYXJ0aWNpcGFudHMuICBDb250ZW50cyBhcmUgZnVuY3Rpb25hbGx5PC9zcGFuPjwv dGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48 dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBp ZGVudGljYWwgdG8gdGhlIElBTkEgbGlrZSByZWdpc3RyeSwgYnV0IHByZXNlbnRlZCBpbiBhIGRp ZmZlcmVudDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48 L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBj bGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xh c3M9Imluc2VydCI+ICAgZm9ybWF0Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0i dG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi bG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz cz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBXaGVuIHVzaW5nIHRoaXMgYXBwcm9h Y2gsIHRoZSBpbnB1dCBkb21haW4gb2YgdGhlIGV4dGVuc2lvbiBsb29rdXAgaXM8L3NwYW4+PC90 ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0 ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90 ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHN1 cHBvc2VkIHRvIGJlIHRoZSBvdXRwdXQgZG9tYWluIG9mIHRoZSByZWd1bGFyIFBTTCBsb29rdXAs IGkuZS4gIHRoZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90 ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0 ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4g Y2xhc3M9Imluc2VydCI+ICAgb3JnYW5pemF0aW9uYWwgZG9tYWluLiAgVGhpcyBhbHRlcm5hdGl2 ZSBkYXRhIGFwcHJvYWNoPC9zcGFuPiBpcyA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5wb3RlbnRpYWxs eTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgog ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0i bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imlu c2VydCI+ICAgdXNlZnVsIHNpbmNlIERNQVJDIGltcGxlbWVudGF0aW9ucyBhbHJlYWR5IG5lZWQg dG8gYmUgYWJsZSB0byBwYXJzZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j ayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgdGhlIGRhdGEgZm9ybWF0LCBzbyBpdCBzaG91bGQg YmUgZWFzaWVyIHRvIGltcGxlbWVudC48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5v IiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZh bGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xh c3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+QXBwZW5kaXggQy4gIEltcGxlbWVudGF0 aW9uczwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9 Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk IGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBj bGFzcz0iaW5zZXJ0Ij4gICBUaGVyZSBhcmUgdHdvPC9zcGFuPiBrbm93biA8c3BhbiBjbGFzcz0i aW5zZXJ0Ij5pbXBsZW1lbnRhdGlvbnM8L3NwYW4+IG9mIFBTRCBETUFSQyBhdmFpbGFibGUgZm9y PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRy Pjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIHRlc3RpbmcuPC90ZD48dGQgY2xh c3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48 L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PHRkIGNsYXNzPSJsZWZ0Ij5DLjEuICBBdXRoaGVhZGVycyBNb2R1bGU8L3RkPjx0ZD4gPC90ZD48 dGQgY2xhc3M9InJpZ2h0Ij5DLjEuICBBdXRoaGVhZGVycyBNb2R1bGU8L3RkPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQg Y2xhc3M9ImxlZnQiPiAgIFRoZSBhdXRoaGVhZGVycyBQeXRob24gbW9kdWxlIGFuZCBjb21tYW5k IGxpbmUgdG9vbCBpcyBhdmFpbGFibGUgZm9yPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo dCI+ICAgVGhlIGF1dGhoZWFkZXJzIFB5dGhvbiBtb2R1bGUgYW5kIGNvbW1hbmQgbGluZSB0b29s IGlzIGF2YWlsYWJsZSBmb3I8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90 ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0 ZCBjbGFzcz0ibGVmdCI+ICAgZG93bmxvYWQgb3IgaW5zdGFsbGF0aW9uIGZyb20gUHlwaSAoUHl0 aG9uIFBhY2thZ2luZyBJbmRleCkuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg ZG93bmxvYWQgb3IgaW5zdGFsbGF0aW9uIGZyb20gUHlwaSAoUHl0aG9uIFBhY2thZ2luZyBJbmRl eCkuPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAg PHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQi PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJdCBzdXBwb3J0cyBib3RoIHVzZSBv ZiB0aGUgRE5TIGJhc2VkIHF1ZXJ5IHNlcnZpY2UgYW5kIGRvd25sb2FkIG9mPC90ZD48dGQ+IDwv dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSXQgc3VwcG9ydHMgYm90aCB1c2Ugb2YgdGhlIEROUyBi YXNlZCBxdWVyeSBzZXJ2aWNlIGFuZCBkb3dubG9hZCBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFs aWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgQ1NWIHJlZ2lzdHJ5IGZpbGUg ZnJvbSBbcHNkZG1hcmMub3JnXS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0 aGUgQ1NWIHJlZ2lzdHJ5IGZpbGUgZnJvbSBbcHNkZG1hcmMub3JnXS48L3RkPjx0ZCBjbGFzcz0i bGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+ PC90cj4KICAgICAgPHRyPjx0ZD48YSBuYW1lPSJkaWZmMDAwOCIgLz48L3RkPjwvdHI+CiAgICAg IDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsYmxv Y2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0 Ij5DLjIuICBaZGtpbWZpbHRlciBNb2R1bGU8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu ZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i IHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQg Y2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgVGhlIHpka2ltZmlsdGVyIG1v ZHVsZSBpcyBhIHNlcGFyYXRlbHkgYXZhaWxhYmxlIGFkZC1vbiB0byBDb3VyaWVyLTwvc3Bhbj48 L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+ PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48 L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAg TVRBLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9 Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3Rk PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PHRk IGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBj bGFzcz0iaW5zZXJ0Ij4gICBNb3N0bHkgdXNlZCBmb3IgREtJTSBzaWduaW5nLCBpdCBjYW4gYmUg Y29uZmlndXJlZCB0byBhbHNvIHZlcmlmeSw8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGFwcGx5IERNQVJDIHBvbGljaWVzLCBh bmQgc2VuZCBhZ2dyZWdhdGUgcmVwb3J0cy4gIEZvciBQU0QgRE1BUkMgaXQ8L3NwYW4+PC90ZD48 dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj bGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48 dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHVzZXMg dGhlIFBTTCBleHRlbnNpb24gbGlzdCBhcHByb2FjaCwgd2hpY2ggaXMgYXZhaWxhYmxlIGZyb20g ZnJvbTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFz cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9 Imluc2VydCI+ICAgW3BzZGRtYXJjLm9yZ108L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxp Z249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz PSJyYmxvY2siPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249 InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9w Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+QWNrbm93bGVkZ2VtZW50czwvdGQ+PHRkPiA8L3RkPjx0 ZCBjbGFzcz0icmlnaHQiPkFja25vd2xlZGdlbWVudHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2 YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl ZnQiPiAgIFRoYW5rcyB0byB0aGUgZm9sbG93aW5nIGluZGl2aWR1YWxzIGZvciB0aGVpciBjb250 cmlidXRpb25zIChib3RoPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhhbmtz IHRvIHRoZSBmb2xsb3dpbmcgaW5kaXZpZHVhbHMgZm9yIHRoZWlyIGNvbnRyaWJ1dGlvbnMgKGJv dGg8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3RyPgogICAgICA8 dHI+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGlnbj0idG9wIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ ICAgcHVibGljIGFuZCBwcml2YXRlKSB0byBpbXByb3ZpbmcgdGhpcyBkb2N1bWVudC4gIFNwZWNp YWwgc2hvdXQgb3V0IHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHVibGlj IGFuZCBwcml2YXRlKSB0byBpbXByb3ZpbmcgdGhpcyBkb2N1bWVudC4gIFNwZWNpYWwgc2hvdXQg b3V0IHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAg ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9Imxl ZnQiPiAgIERhdmUgQ3JvY2tlciBmb3IgbmFtaW5nIHRoZSBiZWFzdC48L3RkPjx0ZD4gPC90ZD48 dGQgY2xhc3M9InJpZ2h0Ij4gICBEYXZlIENyb2NrZXIgZm9yIG5hbWluZyB0aGUgYmVhc3QuPC90 ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0 ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+ PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBLdXJ0IEFuZGVyc2VuLCBTZXRoIEJsYW5rLCBE YXZlIENyb2NrZXIsIEhlYXRoZXIgRGlheiwgVGltIERyYWVnZW4sPC90ZD48dGQ+IDwvdGQ+PHRk IGNsYXNzPSJyaWdodCI+ICAgS3VydCBBbmRlcnNlbiwgU2V0aCBCbGFuaywgRGF2ZSBDcm9ja2Vy LCBIZWF0aGVyIERpYXosIFRpbSBEcmFlZ2VuLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iIHZhbGln bj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBaZWtlIEhlbmRyaWNrc29uLCBBbmRyZXcgS2Vu bmVkeSwgSm9obiBMZXZpbmUsIERyIElhbiBMZXZ5LCBDcmFpZzwvdGQ+PHRkPiA8L3RkPjx0ZCBj bGFzcz0icmlnaHQiPiAgIFpla2UgSGVuZHJpY2tzb24sIEFuZHJldyBLZW5uZWR5LCBKb2huIExl dmluZSwgRHIgSWFuIExldnksIENyYWlnPC90ZD48dGQgY2xhc3M9ImxpbmVubyIgdmFsaWduPSJ0 b3AiPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+ PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFNjaHdhcnR6LCBBbGVzc2FuZHJvIFZlc2VseSwgYW5k IFRpbSBXaWNpbnNraTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFNjaHdhcnR6 LCBBbGVzc2FuZHJvIFZlc2VseSwgYW5kIFRpbSBXaWNpbnNraTwvdGQ+PHRkIGNsYXNzPSJsaW5l bm8iIHZhbGlnbj0idG9wIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyIg dmFsaWduPSJ0b3AiPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIiB2YWxpZ249InRvcCI+PC90ZD48L3Ry PgoKICAgICA8dHI+PHRkPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZD48L3RkPjwvdHI+CiAgICAgPHRyIGJnY29sb3I9ImdyYXki Pjx0aCBjb2xzcGFuPSI1IiBhbGlnbj0iY2VudGVyIj48YSBuYW1lPSJlbmQiPiZuYnNwO0VuZCBv ZiBjaGFuZ2VzLiA4IGNoYW5nZSBibG9ja3MuJm5ic3A7PC9hPjwvdGg+PC90cj4KICAgICA8dHIg Y2xhc3M9InN0YXRzIj48dGQ+PC90ZD48dGg+PGk+MTEgbGluZXMgY2hhbmdlZCBvciBkZWxldGVk PC9pPjwvdGg+PHRoPjxpPiA8L2k+PC90aD48dGg+PGk+MzUgbGluZXMgY2hhbmdlZCBvciBhZGRl ZDwvaT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgPHRyPjx0ZCBjb2xzcGFuPSI1IiBhbGlnbj0i Y2VudGVyIiBjbGFzcz0ic21hbGwiPjxici8+VGhpcyBodG1sIGRpZmYgd2FzIHByb2R1Y2VkIGJ5 IHJmY2RpZmYgMS40MS4gVGhlIGxhdGVzdCB2ZXJzaW9uIGlzIGF2YWlsYWJsZSBmcm9tIDxhIGhy ZWY9Imh0dHA6Ly93d3cudG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi8iID5odHRwOi8vdG9v bHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi88L2E+IDwvdGQ+PC90cj4KICAgPC90YWJsZT4KICAg PC9ib2R5PgogICA8L2h0bWw+Cg== --nextPart2086774.9YeHt4G8mN-- From nobody Mon Oct 14 15:20:20 2019 Return-Path: X-Original-To: dmarc@ietf.org Delivered-To: dmarc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 872E11208D5; Mon, 14 Oct 2019 15:20:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: dmarc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.105.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: dmarc@ietf.org Message-ID: <157109160548.24656.16938618763351225498@ietfa.amsl.com> Date: Mon, 14 Oct 2019 15:20:05 -0700 Archived-At: Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd-07.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 22:20:12 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain-based Message Authentication, Reporting & Conformance WG of the IETF. Title : DMARC (Domain-based Message Authentication, Reporting, and Conformance) Extension For PSDs (Public Suffix Domains) Author : Scott Kitterman Filename : draft-ietf-dmarc-psd-07.txt Pages : 14 Date : 2019-10-14 Abstract: DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling. The design of DMARC presumes that domain names represent either nodes in the tree below which registrations occur, or nodes where registrations have occurred; it does not permit a domain name to have both of these properties simultaneously. Since its deployment in 2015, use of DMARC has shown a clear need for the ability to express policy for these domains as well. Domains at which registrations can occur are referred to as Public Suffix Domains (PSDs). This document describes an extension to DMARC to enable DMARC functionality for PSDs. This document also seeks to address implementations that consider a domain on a public Suffix list to be ineligible for DMARC enforcement. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-psd/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dmarc-psd-07 https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-psd-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-psd-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 14 15:21:34 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD23F1208B8 for ; Mon, 14 Oct 2019 15:21:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=6HXIct0I; dkim=pass (2048-bit key) header.d=kitterman.com header.b=WMcuRg+L Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEodYPc9cnGD for ; Mon, 14 Oct 2019 15:21:23 -0700 (PDT) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75CD01208D7 for ; Mon, 14 Oct 2019 15:21:23 -0700 (PDT) Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 73C86F8035D for ; Mon, 14 Oct 2019 18:21:21 -0400 (EDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1571091681; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=sg7JAAryv7orVsqvq3+gPgyAd1R0lAfBEExZloVZ1OU=; b=6HXIct0IoTkFi7U5gPmh6gYNLfOXN8WRjJcM/+6gs5wYRCW9Zs+mc0ch WE/tN5hr+AgZh25J2MfFz0b78ZjXBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1571091681; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=sg7JAAryv7orVsqvq3+gPgyAd1R0lAfBEExZloVZ1OU=; b=WMcuRg+Lf9HI1dtJ18WkvGi4+gpuMTifnYidd1L5IUwYYU7rWzO+uwuF Y+ihoiSeTW3ABIJdX7PUmXT/ssGeErLLAg/ITbdLDOUA1skFfIGme8ebNj P1KPCjHYx8CqarKHza9o85JxUoXhI2L9lgrsg3s0pLLhLuCEIb0GNgFjMc 2GGF505GCn2z49o1DTgCTFsKI+SV84ibvjbTObbWABuVPh6EBO4B+xjbb+ 8WsS1MrNTL2Z3Z04iN5iUFQ/XwuOasEc3a5OkCAcm5YoS1TFrq7J3i32VX OuXEQ8Je0hQgisf7V6ZMqAPzbx3baUNdR4Tajs40EpUhzyyd8KdTkg== Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 3DBE2F8001E for ; Mon, 14 Oct 2019 18:21:21 -0400 (EDT) From: Scott Kitterman To: dmarc@ietf.org Date: Mon, 14 Oct 2019 18:21:20 -0400 Message-ID: <2076880.dcr36rYjyA@l5580> In-Reply-To: <1960529.BQ9LHqgqYc@l5580> References: <2080369.Hr1xgu6sVx@l5580> <1960529.BQ9LHqgqYc@l5580> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [dmarc-ietf] PSD DMARC: draft-ietf-dmarc-psd post-WGLC Status X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 22:21:33 -0000 On Friday, October 4, 2019 6:01:14 PM EDT Scott Kitterman wrote: > On Saturday, September 28, 2019 5:38:37 PM EDT Scott Kitterman wrote: > > Based on the post-WGLC discussion, I believe an updated draft before IETF > > last call is appropriate with three changes: > > > > 1. Updated Longest PSD definition: > > > 2.3. Longest PSD > > > > > > The longest PSD is the Organizational Domain with one label removed. > > > > 2. Addition of the PSL data format to Appendix B (it would be B.3). I > > haven't drafted text yet, but I don't expect it to be controverisial. > > > > 3. Add zdkimfilter to Appendix C (also didn't make text yet). > > > > Unless someone tells me otherwise, I plan to go ahead with those changes. > > I've done this now. I've attached the latest rfcdiff from -06. If you want > to review the entire draft as it stands, it's available in the WG GitHub > repository: > > https://raw.githubusercontent.com/ietf-dmarc-wg/draft-ietf-dmarc-psd/master/ > draft-ietf-dmarc-psd-07.txt > > Please let me know if I missed something or if the new text could be > improved. Having heard nothing for 10 days, I went ahead with it. The only other change made was to update the date. Scott K From nobody Mon Oct 21 07:54:43 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6578A120096 for ; Mon, 21 Oct 2019 07:54:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.402 X-Spam-Level: X-Spam-Status: No, score=-2.402 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWdALL0ubPdl for ; Mon, 21 Oct 2019 07:54:39 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6092B120043 for ; Mon, 21 Oct 2019 07:54:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1571669674; bh=kJSPWFqeT8Xe2MIsLtGh2oQyZmIOU25IDjdjcsfvgGw=; l=994; h=References:From:To:Date:In-Reply-To; b=C09Aqmkj97EM2Ho/Hw4ibKmPpM6UOxAswO2E1noYrJR/gh467KVgXmM24Z32YJtSN 8+LWXWYp5/bPKBIQGt8nycuJfacOJNh68xY1AKlsFEsTxYZUJc6SCv/I8BKiJN9V7l 7b4AG+6w37C+i8/XHDth7CgQWZRm2fGEzGY6/SAagBhX4q/51Y+5JcKIhzPWT Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC077.000000005DADC6AA.00005DFA; Mon, 21 Oct 2019 16:54:34 +0200 References: <4783309.BXR8ZdE9c3@l5580> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> From: Alessandro Vesely Openpgp: preference=signencrypt To: dmarc@ietf.org Message-ID: Date: Mon, 21 Oct 2019 16:54:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 14:54:41 -0000 On Wed 07/Aug/2019 17:16:29 +0200 Murray S. Kucherawy wrote: > >> If the definition of ptype smtp were "a parameter of the SMTP session used >> to relay the message" it would be perfect. I'd propose that policy.iprev >> be deprecated and smtp.remote-ip used instead>> > > Given that RFC8601 was published just last month, it'll probably be a while > before this happens. Wouldn't an accepted erratum be enough to change the wording in the IANA page? About the new ptype, a reviewer suggested to also use it to report whether the query supported DNSSEC. No DNSWL that I know supports it. However, I know some DKIM filters report that feature either as a comment or as a reason in the dkim= methodspec. Using the new ptype might make that clearer. Consider: Authentication-Results: example.com; dkim=pass dns.sec=yes header.i=@example.org header.b=j5aQ3SJv What you think? https://tools.ietf.org/html/draft-vesely-authmethod-dnswl-11#section-2 Best Ale -- From nobody Mon Oct 21 10:49:19 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE35A1200F7 for ; Mon, 21 Oct 2019 10:49:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwB2kkCgT6Vr for ; Mon, 21 Oct 2019 10:49:15 -0700 (PDT) Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 607171200B1 for ; Mon, 21 Oct 2019 10:49:15 -0700 (PDT) Received: by mail-oi1-x236.google.com with SMTP id i185so11785071oif.9 for ; Mon, 21 Oct 2019 10:49:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i2zlPLkMI3vxNSaDMbJuiojhEB/Sz4Vnm1M5nkM05FQ=; b=SfJgZwUENSzUCK3At4t3CL1Wh9WwWohWW/JxiwU2Nnn1+4OANW1B3Y1vJmpKWJeomC Pa+WDDAaus+Y4plUUbsg7E28JAeuROZ2krf32rmDRlQNAOn4hJdxp+Mh2BbOYQHJDRpb ZYfjEf2Zz5ZLH1uOGp4pwfznFfG72zc+WJYIBNjIqZ+JSGKxx+yLUhJ9fG7nY11j0v2W +EyLVtq+ccGuEZmecV1kLK7dk1tQ3SuUycA0HK2E8QK7V++SFozWyZU+9M/gQirAMd82 1aDI6V4uxzzSAjfqoMfCzkTMh+ecC3l8ptPY0AnSxd4hysr2/EF09+cifUQ55bQ4Tg5q p8Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i2zlPLkMI3vxNSaDMbJuiojhEB/Sz4Vnm1M5nkM05FQ=; b=ao5eVHKb6A7W3jzBxG1LtN/HbUSCMWGy5nLhNlYBvlUmq41k4njYXD0egtU1Z7+oqj O42ElZol6MDFz2YQEsJVE4CQGFiHL+M4LjbFoSID41KWmoC3JEJmxnOBNK2TIWyQFMSI UkmOcmSrABTfceky8d1JOoLojMnXNFTK4H3X3rZS50D/3XLVSkrS3MoypeA48MHNTXkL XPyxOzQ4PjBmGtZGwLvug3azwByWhUkRzxgYT8D0TMT0vMX8PnIV4plnQKAmQzhBqX2d Ay5K2kNyhwrngPOrY+BxTXrqfvXisjlxycdYw7NVyaN6a+xNtfWnuttS1ZrOE8rZ1tqe IKng== X-Gm-Message-State: APjAAAWQQEpY7NSR6RQYXZzOgvpe2RO/XVJwqLZuq+A2Fl1MHA+ACL8Z J3fp9vozlnA2S+H9ot4QJwaT23cuL2+Z8oKQ+Xl5dKDW X-Google-Smtp-Source: APXvYqzb7PLiujz4+3ETk0kjiIlljjVaYkfzHzb7usFIEtzpNTkAFwRFYgh26R97rNDCNNmKCeTBQYPvmn24WZ1QwEA= X-Received: by 2002:a54:480d:: with SMTP id j13mr19995942oij.6.1571680154645; Mon, 21 Oct 2019 10:49:14 -0700 (PDT) MIME-Version: 1.0 References: <4783309.BXR8ZdE9c3@l5580> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> In-Reply-To: From: Tim Wicinski Date: Mon, 21 Oct 2019 13:49:03 -0400 Message-ID: To: Alessandro Vesely Cc: IETF DMARC WG Content-Type: multipart/alternative; boundary="00000000000051979705956f4d8e" Archived-At: Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 17:49:18 -0000 --00000000000051979705956f4d8e Content-Type: text/plain; charset="UTF-8" Alessamdro There are a couple of different combinations of dnssec valid/invalid/expired you would want to account for. Tim On Mon, Oct 21, 2019 at 10:54 AM Alessandro Vesely wrote: > On Wed 07/Aug/2019 17:16:29 +0200 Murray S. Kucherawy wrote: > > > >> If the definition of ptype smtp were "a parameter of the SMTP session > used > >> to relay the message" it would be perfect. I'd propose that > policy.iprev > >> be deprecated and smtp.remote-ip used instead>> > > > > Given that RFC8601 was published just last month, it'll probably be a > while > > before this happens. > > > Wouldn't an accepted erratum be enough to change the wording in the IANA > page? > > > About the new ptype, a reviewer suggested to also use it to report whether > the > query supported DNSSEC. No DNSWL that I know supports it. However, I know > some DKIM filters report that feature either as a comment or as a reason > in the > dkim= methodspec. Using the new ptype might make that clearer. Consider: > > Authentication-Results: example.com; > dkim=pass dns.sec=yes header.i=@example.org header.b=j5aQ3SJv > > What you think? > > https://tools.ietf.org/html/draft-vesely-authmethod-dnswl-11#section-2 > > > Best > Ale > -- > > > > > > > > > > > > > > > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > --00000000000051979705956f4d8e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Alessamdro

There are a c= ouple of different combinations of dnssec valid/invalid/expired you would w= ant to account for.=C2=A0

Tim

=

= On Mon, Oct 21, 2019 at 10:54 AM Alessandro Vesely <vesely@tana.it> wrote:
On Wed 07/Aug/2019 17:16:29 +0200 Murray S. Kucherawy wrote: >
>> If the definition of ptype smtp were "a parameter of the SMTP= session used
>> to relay the message" it would be perfect.=C2=A0 I'd prop= ose that policy.iprev
>> be deprecated and smtp.remote-ip used instead>>
>
> Given that RFC8601 was published just last month, it'll probably b= e a while
> before this happens.


Wouldn't an accepted erratum be enough to change the wording in the IAN= A page?


About the new ptype, a reviewer suggested to also use it to report whether = the
query supported DNSSEC.=C2=A0 No DNSWL that I know supports it.=C2=A0 Howev= er, I know
some DKIM filters report that feature either as a comment or as a reason in= the
dkim=3D methodspec.=C2=A0 Using the new ptype might make that clearer.=C2= =A0 Consider:

=C2=A0 =C2=A0 Authentication-Results: example.com;
=C2=A0 =C2=A0 =C2=A0 dkim=3Dpass dns.sec=3Dyes header.i=3D@example.org header.= b=3Dj5aQ3SJv

What you think?

https://tools.ietf.org/html/dr= aft-vesely-authmethod-dnswl-11#section-2


Best
Ale
--



















_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
--00000000000051979705956f4d8e-- From nobody Mon Oct 21 11:11:57 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FC8B120105 for ; Mon, 21 Oct 2019 11:11:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqWDaqEQSsZX for ; Mon, 21 Oct 2019 11:11:54 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 955FC1200F7 for ; Mon, 21 Oct 2019 11:11:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1571681511; bh=MYEdgU+BQ6vZqbi05bYuxsxRi8VeXvCX4MYZXQKh/7c=; l=1986; h=To:Cc:References:From:Date:In-Reply-To; b=DMh71cSTalY+v93fCh90KISmktflqAcqyu3Epr8ebu/BCCf6zUxTTM7cKUrvHXnfC n8pHwVb0wtUI1voO/B8B4KNRqmteaaQy8WlYKSIqFIeF0E9DbXDIPencGDNwxWcq6W dq59GVCUzxtjyPSGg8y8xLx6fKvQdOygPK37MPcyp5kYgueCyhFsQMLZzuiL+ Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC081.000000005DADF4E7.000076BF; Mon, 21 Oct 2019 20:11:51 +0200 To: Tim Wicinski Cc: IETF DMARC WG References: <4783309.BXR8ZdE9c3@l5580> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: Date: Mon, 21 Oct 2019 20:11:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 18:11:57 -0000 Hi Tim, The I-D linked below provides for yes, no (not signed), or na (for not applicable). The expired case should perhaps map to "no"? The lookup only sets an AD bit... Best Ale On Mon 21/Oct/2019 19:49:03 +0200 Tim Wicinski wrote: > > Alessandro > > There are a couple of different combinations of dnssec valid/invalid/expired > you would want to account for.  > > Tim > > > On Mon, Oct 21, 2019 at 10:54 AM Alessandro Vesely > wrote: > > On Wed 07/Aug/2019 17:16:29 +0200 Murray S. Kucherawy wrote: > > > >> If the definition of ptype smtp were "a parameter of the SMTP session used > >> to relay the message" it would be perfect.  I'd propose that policy.iprev > >> be deprecated and smtp.remote-ip used instead>> > > > > Given that RFC8601 was published just last month, it'll probably be a while > > before this happens. > > > Wouldn't an accepted erratum be enough to change the wording in the IANA page? > > > About the new ptype, a reviewer suggested to also use it to report whether the > query supported DNSSEC.  No DNSWL that I know supports it.  However, I know > some DKIM filters report that feature either as a comment or as a reason in the > dkim= methodspec.  Using the new ptype might make that clearer.  Consider: > >     Authentication-Results: example.com ; >       dkim=pass dns.sec=yes header.i=@example.org > header.b=j5aQ3SJv > > What you think? > > https://tools.ietf.org/html/draft-vesely-authmethod-dnswl-11#section-2 > > > Best > Ale > -- > > > > > > > > > > > > > > > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > From nobody Tue Oct 22 01:48:40 2019 Return-Path: X-Original-To: dmarc@ietf.org Delivered-To: dmarc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F411120077; Tue, 22 Oct 2019 01:48:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: dmarc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.107.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: dmarc@ietf.org Message-ID: <157173411350.2986.15946929000816259352@ietfa.amsl.com> Date: Tue, 22 Oct 2019 01:48:33 -0700 Archived-At: Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-arc-usage-08.txt X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 08:48:34 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain-based Message Authentication, Reporting & Conformance WG of the IETF. Title : Recommended Usage of the Authenticated Received Chain (ARC) Authors : Steven M Jones Kurt Andersen Filename : draft-ietf-dmarc-arc-usage-08.txt Pages : 19 Date : 2019-10-22 Abstract: The Authentication Received Chain (ARC) provides an authenticated "chain of custody" for a message, allowing each entity that handles the message to see what entities handled it before, and to see what the message's authentication assessment was at each step in the handling. But the specification does not indicate how the entities handling these messages should interpret or utilize ARC results in making decisions about message disposition. This document will provide guidance in these areas. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-usage/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dmarc-arc-usage-08 https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-arc-usage-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-arc-usage-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From smj@dmarc.org Tue Oct 22 02:04:36 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB35A1200D8 for ; Tue, 22 Oct 2019 02:04:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dmarc.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIpmYYFZW5SC for ; Tue, 22 Oct 2019 02:04:35 -0700 (PDT) Received: from dragon.trusteddomain.org (dragon.trusteddomain.org [208.69.40.156]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D72651200A1 for ; Tue, 22 Oct 2019 02:04:35 -0700 (PDT) Received: from dragon.trusteddomain.org (localhost [127.0.0.1]) by dragon.trusteddomain.org (8.14.5/8.14.5) with ESMTP id x9M93ich002449 for ; Tue, 22 Oct 2019 02:03:44 -0700 (PDT) (envelope-from smj@dmarc.org) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dmarc.org; s=clochette; t=1571735024; bh=WZ3TnJhfsRZvj8YbdoBKGVTmmDnGturWsbAZTVysvR8=; h=Date:From:To:Subject; b=QuU4nh2WuJy6bwb7Z2+Ecn3ivdKtDOVfQWR1Ks/7n13FUo2BIEnK5+MUJGbMzvgEG 4S6gyffNWIcWvpGLOcVPVwK8uKEJGs/VlMPdumhW7C/IG58vjvbtIL15vsQbWLDkQO FG/S1iUgcXu4082WFpqqxz4dRQSMJGV2az+UuRH0= Authentication-Results: dragon.trusteddomain.org; sender-id=fail (NotPermitted) header.from=smj@dmarc.org; spf=fail (NotPermitted) smtp.mfrom=smj@dmarc.org Received: from localhost (smj@localhost) by dragon.trusteddomain.org (8.14.5/8.14.5/Submit) with ESMTP id x9M93iUc002446 for ; Tue, 22 Oct 2019 02:03:44 -0700 (PDT) (envelope-from smj@dmarc.org) X-Authentication-Warning: dragon.trusteddomain.org: smj owned process doing -bs Date: Tue, 22 Oct 2019 02:03:43 -0700 (PDT) From: Steven M Jones X-X-Sender: smj@dragon.trusteddomain.org To: dmarc@ietf.org Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Archived-At: Subject: [dmarc-ietf] draft-ietf-dmarc-arc-usage-08 published X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 09:18:24 -0000 This document is officially in "Parked WG Document" state while we focus on other matters, but it seemed worthwhile to keep it from expiring. One typo noticed after the last update in April was corrected. From nobody Thu Oct 24 10:55:04 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BA4012011B for ; Thu, 24 Oct 2019 10:55:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.6 X-Spam-Level: X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vx3YazfkxvcN for ; Thu, 24 Oct 2019 10:54:58 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5CBC1200F4 for ; Thu, 24 Oct 2019 10:53:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1571939637; bh=jjyIbWZSG8X6wfgm/eZNfFRdDjoS0Gb041j+MbcDIWs=; l=1128; h=To:From:Date; b=BKVEIiNzKaBizPQIvGyYjOWSLAQxW6lMs0oPNIKU4QD6Xd7A52W7OmhjISRgOX7eI IfLq2xfr0JrT8wHkCALZjwrjeb/VWVUDDk42zFQQE9dwcD9qxjehobexB6t9Ux9WLv a0AYYrsZ6JeIpp5MIHiFJx/1WQV7rSnEo0dRngnZ6ZxKuWQaI2GeyShd9HTpF Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC028.000000005DB1E535.00003CEC; Thu, 24 Oct 2019 19:53:57 +0200 To: "dmarc@ietf.org" From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> Date: Thu, 24 Oct 2019 19:53:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 17:55:01 -0000 Hi all, it is difficult to tell what is each aggregate report's record. It is easier if the source IP is known. Mailing lists can be told by their (unaligned) SPF domain. Otherwise, it is difficult to tell abuse from legitimate users using the wrong server. Getting a failure report for each source IP is not easy, because few mailbox providers send failure reports. In order to ease the understanding of aggregate reports, I propose two additional per-record fields: *score*: The average score of the messages in the row; let's say an SA-like number (< 0 good, > 10 bad, values in between may be worth human inspection). *list*: An enumerated type, for example "none", "black", "white", "both", indicating if the source IP is listed in some public or private DNSxL that the reporting MTA uses. They're obviously subjective stuff. However, most MTAs deploy at least one of them, and summing up per-IP results every day can bring useful indications. I haven't added those fields to http://bit.ly/dmarc-rpt-schema, yet. Let's discuss. I hope they will make it to rfc7489bis. Best Ale -- From nobody Thu Oct 24 17:53:49 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD95912001A for ; Thu, 24 Oct 2019 17:53:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.499 X-Spam-Level: X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_5DTCbvDIiS for ; Thu, 24 Oct 2019 17:53:46 -0700 (PDT) Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDB9C120019 for ; Thu, 24 Oct 2019 17:53:45 -0700 (PDT) Received: by mail-vs1-xe34.google.com with SMTP id p13so353599vso.0 for ; Thu, 24 Oct 2019 17:53:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TY8ombJovOk5g5dLwUXMxewC4BVIFuXj7phSAE89rKg=; b=Pea4RG29dqW0Vj7v34TO8YZowuFOVZXRjuBZ7tkb2elv63eka0wpU/klSkryJTeD1K lebiL5DtYEDL731QeT4f2MDap1zzCmSc3pLRpKmjHL0kbxhl/z70PVvtaG7o6b9NlCZj ycZQfsiY3nfas0M6PXlFnTGE4kTDQT6l0osFThTJRZmdyByCNJai84K0n1FY0CWSBZQ4 FfvIwNezLuocgg8p1pPGpi8dq3i5CGLmlhw4Wo8mGQX0Nz4+vde0ke0NRXpdixFwqZ35 4P3noKRk5NmagETa3DrIaKGuJ8lALX7MtHBps6nTOu/bMjXMlGHRpo4afYtY+vFzwvNi p13A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TY8ombJovOk5g5dLwUXMxewC4BVIFuXj7phSAE89rKg=; b=itoEmxzQN8wEFYhf4pPkLOQLMJbxQwzZjMHqjl5bIzLaDlat591fKXgnRsjzVU+Y0e 6DJfuMwElpyXKl+7icUHLQviPxzsOym9YmFu89Hs9tezX2MqVyy/UvAPYFroQKP3VySb NukpX9/QtiRGTAcM68bw6yMqE6OwaEV2cvXWuFR4d2/VGHvgaDIqvWU2YGRjfP131ev1 hJkKdJI7ht8WglwX9RX0R1yS5opUYKXxnWvdkWMrR44Lak+qV7vD/O/tuTz/AIC9a8Aj yW9Z2uRcS9NKNCOG7qjQ+670dzAR1Nvqq4yi/iVe6sEn0Qn5UcvpMlhQ1hvk0DYExvfd rhIw== X-Gm-Message-State: APjAAAUzjzrumNXs3NXsQ2W7zkX7K95t6LR/vQl4KVwS2Hk5mqCFC+ba liEVAj3F+v/52TP2Oo+XiZKncwTFU02Wmh9Rw0KhauY= X-Google-Smtp-Source: APXvYqyuUVYhekibhTE3rJ71S4tG3KHleT2F+2xhzJjDhdtbG3Nwpw6NdgDNMSQF2CBlfoQjBEE3mFvuebM/nQa2NE4= X-Received: by 2002:a67:edc9:: with SMTP id e9mr589384vsp.76.1571964823977; Thu, 24 Oct 2019 17:53:43 -0700 (PDT) MIME-Version: 1.0 References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> In-Reply-To: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> From: Brandon Long Date: Thu, 24 Oct 2019 17:53:32 -0700 Message-ID: To: Alessandro Vesely Cc: "dmarc@ietf.org" Content-Type: multipart/alternative; boundary="000000000000ef668f0595b1949a" Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 00:53:48 -0000 --000000000000ef668f0595b1949a Content-Type: text/plain; charset="UTF-8" On Thu, Oct 24, 2019 at 10:55 AM Alessandro Vesely wrote: > Hi all, > > it is difficult to tell what is each aggregate report's record. It is > easier > if the source IP is known. Mailing lists can be told by their (unaligned) > SPF > domain. Otherwise, it is difficult to tell abuse from legitimate users > using > the wrong server. > > Getting a failure report for each source IP is not easy, because few > mailbox > providers send failure reports. > > In order to ease the understanding of aggregate reports, I propose two > additional per-record fields: > > > *score*: The average score of the messages in the row; let's say an > SA-like > number (< 0 good, > 10 bad, values in between may be worth human > inspection). > This assumes that your spam system is able to make a spamminess score that approximates a continuum, I'm not sure that's true. Also, it's a lot of spamminess feedback, not sure if that can be abused or not. Also, as rejected at smtp time, especially for DMARC, we're unlikely to have run a full spam assessment on the message. > *list*: An enumerated type, for example "none", "black", "white", "both", > indicating if the source IP is listed in some public or private DNSxL that > the > reporting MTA uses. > At first I was wondering if you were going to have the values of the list-id header. That said, though I've never used any DMARC aggregator services, I would think that one of the values they're likely to provide is IP address identification, useful so you can hunt down what things aren't sending DMARC compliant email yet (ie, looks like you're sending mail from ESP A and ESP B, fix those)... they can just as easily use the various public IP reputation sources. Anyways, I doubt we'd expose anything internally... also, this is kind of the opposite of the spamminess score, in that it expects that things are black & white, and we virtually never classify things as such. Brandon --000000000000ef668f0595b1949a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Oct 24, 2019 at 10:55 AM Ales= sandro Vesely <vesely@tana.it> = wrote:
Hi all,
it is difficult to tell what is each aggregate report's record.=C2=A0 I= t is easier
if the source IP is known.=C2=A0 Mailing lists can be told by their (unalig= ned) SPF
domain.=C2=A0 Otherwise, it is difficult to tell abuse from legitimate user= s using
the wrong server.

Getting a failure report for each source IP is not easy, because few mailbo= x
providers send failure reports.

In order to ease the understanding of aggregate reports, I propose two
additional per-record fields:


*score*:=C2=A0 The average score of the messages in the row; let's say = an SA-like
number (< 0 good, > 10 bad, values in between may be worth human insp= ection).

This assumes that your spam sy= stem is able to make a spamminess score that approximates
a conti= nuum, I'm not sure that's true.=C2=A0 Also, it's a lot of spamm= iness feedback, not sure if that
can be abused or not.
=
Also, as rejected at smtp time, especially for DMARC, we're unlikel= y to have run a full spam
assessment on the message.
= =C2=A0
*list*:=C2=A0 An enumerated type, for example "none", "black= ", "white", "both",
indicating if the source IP is listed in some public or private DNSxL that = the
reporting MTA uses.

At first I was wond= ering if you were going to have the values of the list-id header.

That said, though I've never used any DMARC aggregator services, I= would think that
one of the values they're likely to provide= is IP address identification, useful so you can
hunt down what t= hings aren't sending DMARC compliant email yet (ie, looks like you'= re sending
mail from ESP A and ESP B, fix those)... they can just= as easily use the various public IP reputation
sources.

A= nyways, I doubt we'd expose anything internally... also, this is kind o= f the opposite of the
spamminess score, in that it expects that t= hings are black & white, and we virtually never
classify thin= gs as such.

Brandon
--000000000000ef668f0595b1949a-- From nobody Fri Oct 25 01:40:22 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DECF120273 for ; Fri, 25 Oct 2019 01:40:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vES0oeOS8b8i for ; Fri, 25 Oct 2019 01:40:18 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 921CA12026E for ; Fri, 25 Oct 2019 01:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1571992813; bh=j3EGWBBnzFqfDG9up4v20M7w7D/4TicpzFLc2XOMXpg=; l=2987; h=To:Cc:References:From:Date:In-Reply-To; b=A1RKODViyqPxkD26kIs/KmbR89wmsmYtfNIIcUvai30/lH5JHhsoan6nwGZ+e4g1U ewfBFwzMN+D3Zb4qN27Pc7U9sIQ9ddWKNJSsxbB21Dvsy0lbPA0xSmx6BDbOhgNnlL q8K+TVrCF0PRC1sKspCwpeqeEHQw9i9lG51vRMM1mb8unFBm3kzPMVdsVN0HB Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC056.000000005DB2B4ED.00004204; Fri, 25 Oct 2019 10:40:13 +0200 To: Brandon Long Cc: "dmarc@ietf.org" References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: Date: Fri, 25 Oct 2019 10:40:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 08:40:20 -0000 On Fri 25/Oct/2019 02:53:32 +0200 Brandon Long wrote: > On Thu, Oct 24, 2019 at 10:55 AM Alessandro Vesely wrote: >> >> In order to ease the understanding of aggregate reports, I propose two >> additional per-record fields:>> >> >> *score*: The average score of the messages in the row; let's say an >> SA-like number (< 0 good, > 10 bad, values in between may be worth human >> inspection).>> > > This assumes that your spam system is able to make a spamminess score that > approximates a continuum, I'm not sure that's true. The spam score is a rather common concept. Of course, an MTA which does not implement any such thing would omit this field. > Also, it's a lot of spamminess feedback, not sure if that can be abused or > not. Correct. However, it is an average, so a spammer would have a hard time trying to work out the detail of how the receiver's score is computed. Again, a reporter may compute the std deviation along with the average and omit this field if all messages have equal score. OTOH, this is indeed a valuable feedback. Mail sites could build their own reputation system based on that. A community IP database. Revolutionary, isn't it? > Also, as rejected at smtp time, especially for DMARC, we're unlikely to have > run a full spam assessment on the message. Perhaps we could add a second count. Or break the record into two rows. >> *list*: An enumerated type, for example "none", "black", "white", >> "both", indicating if the source IP is listed in some public or private >> DNSxL that the reporting MTA uses.>> > > At first I was wondering if you were going to have the values of the > list-id header. Ah, that way we'd get rid of all those "on behalf of"... :-) > That said, though I've never used any DMARC aggregator services, I would > think that one of the values they're likely to provide is IP address > identification, useful so you can hunt down what things aren't sending DMARC > compliant email yet (ie, looks like you're sending mail from ESP A and ESP > B, fix those)... Exactly. > they can just as easily use the various public IP reputation sources. Yes, could do, but it's more difficult. Here the reporting MTA already has the datum, and can include it for free. This datum would be vouched by the reporting MTA. It can be internal, like a fail2ban database. How about also reporting the source, if external? > Anyways, I doubt we'd expose anything internally... I always wonder why Google doesn't publish their internal IP database. > also, this is kind of the opposite of the spamminess score, in that it > expects that things are black & white, and we virtually never classify > things as such. The aim is to be able to look at an aggregate report and understand it. For example, if people can tell an IP is blackish, they'd just smile and be happy for a good failure case. What field would you suggest instead? Best Ale -- From nobody Fri Oct 25 03:52:09 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA54120850 for ; Fri, 25 Oct 2019 03:52:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ieux2J0PmxwQ for ; Fri, 25 Oct 2019 03:52:06 -0700 (PDT) Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41C0F12084F for ; Fri, 25 Oct 2019 03:52:05 -0700 (PDT) Authentication-Results: mail.aegee.org/x9PApn9C007232; auth=pass (LOGIN) smtp.auth=didopalauzov DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1572000721; i=dkim+MSA-tls@aegee.org; r=y; bh=mCYgJ1FPQdd1IT1MVIJywNW4llOJmiHgxOW8h63yEXw=; h=Subject:From:To:Date:In-Reply-To:References; b=MenyqMvqadxGzTvVdlyGIhqv5sMwDBoERZ/uV9/OeLQfPqkismDpu1lchFZzcPS7m PfDECARzWBHeMhcY9l5si7TiPjeD2CU7OHAMIrcLs3tdfkPue4m6+HITRdpVEvyHei YOZ1M0F3+uWMETf/F2VsOnSx/TbRb2LaNLIDprj3hp3sdXaaR6eBQx78eLz9oUhSK6 aVwn6/tVOkxXUYAbe69JDSdmnBAlcJ216TitMIxWrDGxbeKzsO2ciLC1euTJ8ghPTw UVfx78KfuEQIHnngDcD0fi13vX/l6MpnsGt8v1Vgyj9r9QTw5OfS4yTNgjtouQKD9f EuEzB9KC60xNsJkxlPmixiMX5J8eqtTuaOQzAjPoSBMN2Q53j9GTGpxN7FP75MsFMw s34WXYKB3qlcFoflHiQu1LjU3a1pXjNt5k2hpn+iB7S/I3N/SQiD6t+oJkr3SDHhuH kHSAGlZkb/T7iEuwUcuVUo/LP3sV4qU+H33QuVbuADmaJFjmjmfTPNatumIqErmswX Evo/AMAaAcJDR4XAiqM6IJ6635JcDcEE7Lc4bpYdXy/CciyuNhfKHdpttA6Gar9q93 41A6tJzf1C4T7JpO6zkok8wcbsPpmKsd1Cz5QcXBoTDQ5f+tOc/0Ail0AeCfrNjEyk SUEI6flVXWGK4T+NRIrV9VJ4= Authentication-Results: mail.aegee.org/x9PApn9C007232; dkim=none Received: from Tylan (87-118-146-153.ip.btc-net.bg [87.118.146.153]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x9PApn9C007232 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 25 Oct 2019 10:51:55 GMT Message-ID: From: =?UTF-8?Q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD_?= =?UTF-8?Q?=D0=9F=D0=B0=D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2?= To: Alessandro Vesely , "dmarc@ietf.org" Date: Fri, 25 Oct 2019 10:51:43 +0000 In-Reply-To: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.35.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.101.4 at mail.aegee.org X-Virus-Status: Clean Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 10:52:09 -0000 Hello Alessandro, I do not see how this helps for DMARC. An email either validates DMARC, or fails DMARC and the aggregate repors say per sending IP server (only direct mail flow is reported), whether DMARC validates or fails. With this information it is sufficient to determine, if the DMARC/DKIM implementations on sender and receiver are either both bug-free, or both have the same bugs. I do not see, how the information you ask to add, while interesting, does help DMARC. What is the purposes of the aggregate and non-aggregate reports? What are non-goals? I asked several times here, nobody answered. Perhaps a discussion on the goals and non-goal would help. If it is a goal to reuse the dmarc-reporting mechanism to report also about perceived spam probability, then it can be discussed in more details how this can be achieved. My experience is, that asking a provider, why an obviously non-spam mail was evaluated as spam, virtually never leads to a useful answer. So nobody wants to reveal how its spam system weigths factors and if there is lack of such interest, extending the report format will not help, as nobody will be willing the report the data. Exchanging information on hard-coded rules in Spam-Assassing (IP reputation, HTML mime part without text/plain, the “Nigeria money” phrase), that is not based on filter training, does not help neither, as sender can run the tests on its own and predict how the recipient will evaluate these set of criteria. Regards Дилян On Thu, 2019-10-24 at 19:53 +0200, Alessandro Vesely wrote: > Hi all, > > it is difficult to tell what is each aggregate report's record. It is easier > if the source IP is known. Mailing lists can be told by their (unaligned) SPF > domain. Otherwise, it is difficult to tell abuse from legitimate users using > the wrong server. > > Getting a failure report for each source IP is not easy, because few mailbox > providers send failure reports. > > In order to ease the understanding of aggregate reports, I propose two > additional per-record fields: > > > *score*: The average score of the messages in the row; let's say an SA-like > number (< 0 good, > 10 bad, values in between may be worth human inspection). > > *list*: An enumerated type, for example "none", "black", "white", "both", > indicating if the source IP is listed in some public or private DNSxL that the > reporting MTA uses. > > > They're obviously subjective stuff. However, most MTAs deploy at least one of > them, and summing up per-IP results every day can bring useful indications. > > I haven't added those fields to http://bit.ly/dmarc-rpt-schema, yet. Let's > discuss. I hope they will make it to rfc7489bis. > > > Best > Ale From nobody Fri Oct 25 08:21:38 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15F3F120123 for ; Fri, 25 Oct 2019 08:21:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xfu5-0JNtd8 for ; Fri, 25 Oct 2019 08:21:35 -0700 (PDT) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55274120105 for ; Fri, 25 Oct 2019 08:21:35 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id p6so2835774iod.7 for ; Fri, 25 Oct 2019 08:21:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LYCcQxEOdPL1Rjva2LgwDB4UFoMTNMa733RLJYlhWLY=; b=ZyxcvZeMCgSKPFfyaOZvLWfbj/8ICCT2WotI2qT0p41WOVwsLDK3AtzX2KzrdXTBvB B6tD3qWrMMfib855LRDYoVVDcPihjALKNUdcnQBInINVHo4libj4pPWJOw0z+hWXFzsl 7N1pjZgGR3Tc0NA1ZblF1smbYRk/CIb4e0TjQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LYCcQxEOdPL1Rjva2LgwDB4UFoMTNMa733RLJYlhWLY=; b=O/tCHhAiqXfu1xl8DGiKK0dNnrhKuMeD405yq37LBdkk2giANwppq5OrBz6c2cGcMd JLKjyChgYG2m5Jl3WkZqV9KUXDbl+66q08nRS5rlqyVvLCZzhP3CLBemAQv533wwkbBT 1NfkrjYwwJTAAvdTUFSwpdo8xcshQgNCDWUpmqVRoN6vzRkvVVdYpxOsGeoHrMVi5bzn sl0jHNI8rWZu7H/FZVcDEpplVN7xlICGlZpSrzvA6ieUbQUKOaeUHEClf4NUY9s6gXYs SxscU5NsB7Pv4J+wIaJy4sHevbl8rdM52Crb3OrlACfNduxafjrTRCF+s5FgiLuRdnxQ I+VA== X-Gm-Message-State: APjAAAUVMiGmOyCZYIX/hb7qor2tq3GP0snj6/H3puSIjbj6RKBlT3Eq ITC5EJ3oX+4D3v2SD+muMsuBRsqi/n4ldAIz4c9aiUxuZWs= X-Google-Smtp-Source: APXvYqx6T45OeCE2Iinmf+/uPxW5VESgp5Tn6TYE7YLTPfCLqoGTQCilnv36Zcfx8o61kTCEuqGyOhzm9t4U0yOaUIA= X-Received: by 2002:a02:b710:: with SMTP id g16mr4433915jam.111.1572016893868; Fri, 25 Oct 2019 08:21:33 -0700 (PDT) MIME-Version: 1.0 References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> In-Reply-To: From: "Kurt Andersen (b)" Date: Fri, 25 Oct 2019 08:21:19 -0700 Message-ID: To: =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD0LfQvtCy?= Cc: Alessandro Vesely , "dmarc@ietf.org" Content-Type: multipart/alternative; boundary="0000000000008a54220595bdb417" Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 15:21:37 -0000 --0000000000008a54220595bdb417 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Oct 25, 2019 at 3:52 AM =D0=94=D0=B8=D0=BB=D1=8F=D0=BD =D0=9F=D0=B0= =D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2 wrote: > > If it is a goal to reuse the dmarc-reporting mechanism to report also > about perceived spam probability, then it can be > discussed in more details how this can be achieved. My experience is, > that asking a provider, why an obviously non-spam > mail was evaluated as spam, virtually never leads to a useful answer. So > nobody wants to reveal how its spam system > weigths factors and if there is lack of such interest, extending the > report format will not help, as nobody will be > willing the report the data. > Especially when the answer more or less boils down to "lots of recipients treated messages like this as spam". There are so many squishy terms there that it is essentially meaningless. --Kurt --0000000000008a54220595bdb417 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Oct 25, 2019 at 3:52 AM =D0=94=D0= =B8=D0=BB=D1=8F=D0=BD =D0=9F=D0=B0=D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2 <= dilyan.palauzov@aegee.org&= gt; wrote:

If it is a goal to reuse the dmarc-reporting mechanism to report also about= perceived spam probability, then it can be
discussed in more details how this can be achieved.=C2=A0 My experience is,= that asking a provider, why an obviously non-spam
mail was evaluated as spam, virtually never leads to a useful answer.=C2=A0= So nobody wants to reveal how its spam system
weigths factors and if there is lack of such interest, extending the report= format will not help, as nobody will be
willing the report the data.

Especially= when the answer more or less boils down to "lots of recipients treate= d messages like this as spam". There are so many squishy terms there t= hat it is essentially meaningless.

--Kurt=C2=A0
--0000000000008a54220595bdb417-- From nobody Fri Oct 25 09:56:32 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D01120992 for ; Fri, 25 Oct 2019 09:56:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=f00f.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXIdResZvEED for ; Fri, 25 Oct 2019 09:56:29 -0700 (PDT) Received: from proxima.stupidest.org (proxima.stupidest.org [IPv6:2600:1f14:f95:d300:5e8c:4452:4d34:d242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D79412098B for ; Fri, 25 Oct 2019 09:56:29 -0700 (PDT) Received: from aether.stupidest.org (tunnel-proxima-aether.stupidest.org [10.0.1.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by proxima.stupidest.org (Postfix) with ESMTPS id 4709HZ6WFGz8K8; Fri, 25 Oct 2019 16:56:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f00f.org; s=m2016a; t=1572022586; bh=gQ6JLwso8ForZ8j5LNhhob1fCFMMz0D8JXYyrw08ZhQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: In-Reply-To; b=gMaj/wDJ38r1R41myygse2GRB56MnlTnXjGgyI5wRmZrPEV4FmqGWS/eSHqXdRCek cSzRAJBF0h09pzOll3mhcInenRsD49UE232c4jZT0gHEr1W6zOEX/AV30KfdCk+Wzc EgEH3qEpp+42KT1+cMc2muWzwRvA9sIUjlxhcl3BeVO7bcn6rU5ZWMpnbmLIhjlGRc GTwXDqvCAIUngbWqzrHspI7SLvUlOn6E8l1myReq7y/Ir13ZNdenfsiYrB7YHSXSk5 JncMK9Eovl/1aqL6XQzkVy383qX1duMRGbkr2Y6HKxJIDJs4AkjerJNavvuJJcxZm+ mYFHQ7ssTg1wA== Received: by aether.stupidest.org (Postfix, from userid 10000) id 4709HZ52hkz9KQZw; Fri, 25 Oct 2019 09:56:26 -0700 (PDT) Date: Fri, 25 Oct 2019 09:56:26 -0700 From: Chris Wedgwood To: Alessandro Vesely Cc: Brandon Long , "dmarc@ietf.org" Message-ID: <20191025165626.GF12745@aether.stupidest.org> References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 16:56:30 -0000 > Correct. However, it is an average, so a spammer would have a hard > time trying to work out the detail of how the receiver's score is > computed. [randomly] permute the input, seen 1000s of messages and look at how the score varies ... repeat ... From nobody Fri Oct 25 10:49:25 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55439120132 for ; Fri, 25 Oct 2019 10:49:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.749 X-Spam-Level: X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=sYxb0bVP; dkim=pass (1536-bit key) header.d=taugh.com header.b=eRYpPhVg Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9YfyLUYRAma for ; Fri, 25 Oct 2019 10:49:22 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBDB1200DB for ; Fri, 25 Oct 2019 10:49:21 -0700 (PDT) Received: (qmail 98502 invoked from network); 25 Oct 2019 17:49:19 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=180c4.5db3359f.k1910; i=printer-iecc.com@submit.iecc.com; bh=F4hwwApg4svlR0zcAp0/T0xraPxjaqRHD3wuEaz/CvE=; b=sYxb0bVPF3sDhURobkjX6uvJnHC0DUwcqqKXj3z4GPvbKKRz+KUVL4dn6YlDPT2WTZcgq5Hz/vdPQIdeRpV0pvtP/Iqrqp1pqo+cT+A4yXLlo/tFEOpn5KYSsgWiqb1LnXJpyKh2aaSV/4nRXVl8tGBpu0UG442hVJIo7G0R/NQPiWxBRo/Jr0rwHgoJgZMYsMSn4zxpeInv8cdDLFYJ1d5m/2hSxLQMV6EJW1iLITo70JhEe+blR0FW0l8E8/rG DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=180c4.5db3359f.k1910; olt=printer-iecc.com@submit.iecc.com; bh=F4hwwApg4svlR0zcAp0/T0xraPxjaqRHD3wuEaz/CvE=; b=eRYpPhVgTTJjoZovP5sthYXSmwhiSKXnCtK5civ7xfbVSoVqJHc1xpqlmbXpsb7k7wRkReOm5bhHOnU0kz0BpQU05PUqzNd4R3qBpojeIPk1qwsqCcAsWecyc6vsnWa+2Eq76MiNjjaCJ4C9saU3BEZG86nPJkv7zz2skk4u1PBNlh1R71nGYL6vuNIj4BsBLdbVWd5AmN/lhCCs3p38MTe6pcpeYP2yUSCwyIGwJ3728rgiIF17Na/WjDDUFaXZ Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 25 Oct 2019 17:49:19 -0000 Received: by ary.qy (Postfix, from userid 501) id E8CAFD66F4D; Fri, 25 Oct 2019 13:49:18 -0400 (EDT) Date: 25 Oct 2019 13:49:18 -0400 Message-Id: <20191025174918.E8CAFD66F4D@ary.qy> From: "John Levine" To: dmarc@ietf.org Cc: dilyan.palauzov@aegee.org In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 17:49:23 -0000 In article you write: >What is the purposes of the aggregate and non-aggregate reports? What are non-goals? I asked several times here, >nobody answered. Perhaps a discussion on the goals and non-goal would help. As far as I know, the point of DMARC reports is to help domain owners understand who is sending mail that purports to be from them. In a large organization it can be remarkably hard to track down every mail server in every department or every subcontractor that might be sending real mail with the domain in the From: header. The domain owners use the reports to do things like update SPF records to include all of the sending hosts, update server configs to add DKIM signatures, or to fix servers that are adding invalid signatures, and often to shut rogue servers down that shouldn't have been sending mail in the first place. I can't see how spam scores would be of any use for any of these tasks. R's, John From nobody Fri Oct 25 10:53:19 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DA11209DB for ; Fri, 25 Oct 2019 10:53:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ga8xBD4VHkKG for ; Fri, 25 Oct 2019 10:53:10 -0700 (PDT) Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 114C812094E for ; Fri, 25 Oct 2019 10:53:10 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id v9so3322522wrq.5 for ; Fri, 25 Oct 2019 10:53:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=7Fk1s6Oj3otUcw+qZXsuTey8IvaoZ0YVX129uWUgPDM=; b=JIkcfBcB8CmN7uD4s2eOiCdz68u0NRsuAjamzMiG5rhBzsnGqyjvDBFiIKT1T4D+Yt h1OeDvPAQ+ZuF6/O4SOCHP/k6rQQfNLqRtOaRHjMuP1C3aKOvUji0ZIth6RPxdR3z8SD uLoVUv77hwbIyFl3QUcEvtxbe/h7qtzBMYW1TxMJMTBHfE3guhigFjX0Cpoj060V7hL/ ey9EOv0lcZ70mmPWYHZq//6dUgtoVAJ1qp6Gu3aP90/GYyS5AOkWOmIrlyY1khChj927 svh3luOKg8yvjWsByMTC6PvTc7/IKE8nKn845P1we4EyWN5fzkLjzPUnQauDVbpLVvma movg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=7Fk1s6Oj3otUcw+qZXsuTey8IvaoZ0YVX129uWUgPDM=; b=bq7UOcJDDIrcaPrs2swW2jjMy/QE3IQPk0BiccwSOk4EfS0rj8fKBnIvHeLEeK8TFZ Se6xfcd1S3kefr3B7vLsbnCPY7ALuAWJxxrbh4WHsgjt+nvO2bwPmYw+5zcqw/aRJ4hL EsMampf38AnfPrf4TTf+DB15YBMTb+4doBCJ7eiiSngACIqrTEWF3ZQ4LNy81nVGgxWJ Csbg0Ux04JtInHTmUWTlLebxSMnb9QdMfJnSuYys/xmF2PsWborcqDsoSGLyUlt8VgdR WJYs0ZpnL27G7cJXIaujcQLoVgCXGcH/3cxIJx8rVR5LGZpukeYktBENnbS2tbmIG1Sn nN1A== X-Gm-Message-State: APjAAAUpxlMIKSUF4GqidT9HbvGd0wMbKvVq1gQMGMYd1FP9bWW9H710 8Y/k6/wJb25/NbLQh2PR6f34kPjFnOW+sBAuUDZ/kag9wIk= X-Google-Smtp-Source: APXvYqwILKmlOfuK21oVudR6PWnaAB2OfpQpJoEWo6Bf5oCMD6dDYZ01UcAEDkSePt+4uw9WQ80PfB/fG5OrW41CVxs= X-Received: by 2002:a5d:4f91:: with SMTP id d17mr4263107wru.184.1572025988046; Fri, 25 Oct 2019 10:53:08 -0700 (PDT) MIME-Version: 1.0 References: <20191025174918.E8CAFD66F4D@ary.qy> In-Reply-To: <20191025174918.E8CAFD66F4D@ary.qy> From: Seth Blank Date: Fri, 25 Oct 2019 10:52:57 -0700 Message-ID: To: IETF DMARC WG Content-Type: multipart/alternative; boundary="000000000000986e820595bfd280" Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 17:53:18 -0000 --000000000000986e820595bfd280 Content-Type: text/plain; charset="UTF-8" On Fri, Oct 25, 2019 at 10:49 AM John Levine wrote: > As far as I know, the point of DMARC reports is to help domain owners > understand who is sending mail that purports to be from them. In a > large organization it can be remarkably hard to track down every mail > server in every department or every subcontractor that might be sending > real mail with the domain in the From: header. > > The domain owners use the reports to do things like update SPF records > to include all of the sending hosts, update server configs to add DKIM > signatures, or to fix servers that are adding invalid signatures, and > often to shut rogue servers down that shouldn't have been sending mail > in the first place. > > I can't see how spam scores would be of any use for any of these tasks. > +1000 The point of DMARC reports is to understand what is not authenticating in an aligned fashion, so that you can get those mailstreams authenticating properly and verify things are now correct. Spam, nor insight into receiver mechanisms to combat spam (which change daily, per Brandon), is out of scope of DMARC reporting. Seth -- *Seth Blank* | Director, Industry Initiatives *e:* seth@valimail.com *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. --000000000000986e820595bfd280 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Oct 25, 2019 at 10:49 AM John Lev= ine <johnl@taugh.com> wrote:
As far as I know, the point of DMARC reports is to help domain o= wners
understand who is sending mail that purports to be from them.=C2=A0 In a large organization it can be remarkably hard to track down every mail
server in every department or every subcontractor that might be sending
real mail with the domain in the From: header.

The domain owners use the reports to do things like update SPF records
to include all of the sending hosts, update server configs to add DKIM
signatures, or to fix servers that are adding invalid signatures, and
often to shut rogue servers down that shouldn't have been sending mail<= br> in the first place.

I can't see how spam scores would be of any use for any of these tasks.=

+1000

The poi= nt of DMARC reports is to understand what is not authenticating in an align= ed fashion, so that you can get those mailstreams authenticating properly a= nd verify things are now correct. Spam, nor insight into receiver mechanism= s to combat spam (which change daily, per Brandon), is out of scope of DMA= RC reporting.

Seth

--

Seth Blank | Director, Industry Initiatives
p: 415.273.8818



This email and all data transmitted with it contains confidential and= /or proprietary information intended solely for the use of individual(s) au= thorized to receive it. If you are not an intended and authorized recipient= you are hereby notified of any use, disclosure, copying or distribution of= the information included in this transmission is prohibited and may be unl= awful. Please immediately notify the sender by replying to this email and t= hen delete it from your system.

--000000000000986e820595bfd280-- From nobody Fri Oct 25 10:59:40 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D4141209A9 for ; Fri, 25 Oct 2019 10:59:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=f00f.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdzff02IA1lO for ; Fri, 25 Oct 2019 10:59:28 -0700 (PDT) Received: from proxima.stupidest.org (proxima.stupidest.org [35.163.12.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18406120A06 for ; Fri, 25 Oct 2019 10:59:28 -0700 (PDT) Received: from aether.stupidest.org (tunnel-proxima-aether.stupidest.org [10.0.1.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by proxima.stupidest.org (Postfix) with ESMTPS id 470BhG0Yw5zM5; Fri, 25 Oct 2019 17:59:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f00f.org; s=m2016a; t=1572026366; bh=Ibe2RqfYjNPFoMKq6cLYkvfgEqx6FLjJRsbO24zxtbo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: In-Reply-To; b=TtGAlpEqYfkm2XkyO85aN21zvK4AGcZqzdNCdjx1CosuMCgBVwoNTMyBxsgM/Zh54 qjeFc23+KVLgSPyUXzGenuh+azknIPxLxZgUXc4WhPneYkSmplavq9/j59CSw7ME5Z XsUDyZumn9XfPEiTO8+Fi78+JvKsHWbNo1MJrHaACmKFzPWfAe4TstI7Snu9yruHQW 2YFHaUfcy7dBtwJPyET+1AB21qK+YXhzNFXIEjiuPAafYpVOsJ+3RHZAHzNzrbmP9V +vMMuwgsAeyoJkblzt8YqAdY5XI8y4xtaXssA1ACymeXPOvg93yE1do0VLYXJHOGYO JhGVxcWMW+l9w== Received: by aether.stupidest.org (Postfix, from userid 10000) id 470BhF5PNLz9KQZw; Fri, 25 Oct 2019 10:59:25 -0700 (PDT) Date: Fri, 25 Oct 2019 10:59:25 -0700 From: Chris Wedgwood To: John Levine Cc: dmarc@ietf.org, dilyan.palauzov@aegee.org Message-ID: <20191025175925.GA15322@aether.stupidest.org> References: <20191025174918.E8CAFD66F4D@ary.qy> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191025174918.E8CAFD66F4D@ary.qy> Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 17:59:33 -0000 > I can't see how spam scores would be of any use for any of these > tasks. i don't think anyone will include those values even if they can/could for fear of it being used against them From nobody Fri Oct 25 11:03:37 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A079120817 for ; Fri, 25 Oct 2019 11:03:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obhY6zFYctb1 for ; Fri, 25 Oct 2019 11:03:33 -0700 (PDT) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BED3120043 for ; Fri, 25 Oct 2019 11:03:32 -0700 (PDT) Received: by mail-wr1-x42b.google.com with SMTP id l10so3362750wrb.2 for ; Fri, 25 Oct 2019 11:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vJMBmZxnB4jSZB2ypbpBFs0m7aATSnE21zkqgL/0uEE=; b=fzowTi/GYPtfQQQuUj74Kf4ItFKBdAf9j56IkYHAOh0/SbE1OXzKYBifvlxmXg9Ggk QLaDK7rWb9U6pMIvN03JK/xyk/LFD2VQaP40Yl42JjudRDTnqAkBQ+JbZevKD0KD7tiY mOxXfDVmzyJm2bO88CDXdPTIfT1hoIQ6ZFXRbeTFOHikMPfrNnp5hEDJ4mejVlCCefMA AIZ6xs08YjmKSY/UtyC0KgVzkgLYzLa7cH25eNV8zudvZkwrDDY2ss6cY21Z8XU8YlJt aXn3nJ9e7J4Gl/d7BDVNn/0ialM5sj1akHDU+OzwIINP0vEe7U6FCpxvX0Rx2jCzlt6N nMLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vJMBmZxnB4jSZB2ypbpBFs0m7aATSnE21zkqgL/0uEE=; b=Iy++kxfl3DaTe3TUaH+HaT4l3Jai5yV+j322ZAeTMjb4BpZWzoeFnn0mTkf83niBt8 xdiyC6Xgqd35kIQkocM62y72IUi3e3JdsFAphIL5RK7V/Ojec21QG2GALc6PvX+o+lgi FC9xA47GlzuBLlSwbcVFk6NocBsyYDmVsGa/7Eetrt1ni/87qeazGcEux6zEG/jhg6a+ 2IMdL1EzIJhoDt6hPixBmjf88zbUjeivqYo3mIbkgVcMjFaz+TopvP/VFM9vPLJIWDkg pTLQhP3mQ5Xu+1U+StAFgzRUnixzIZHWsU8ovI0ISf3kAa1Gce7pfSdRX7XCclSsT5l/ 2J5A== X-Gm-Message-State: APjAAAVmisWxsynTGeXCCiSUE/MUKzPXgJtRzNjsiwtpjDSb1txAkVEn OIZoqnzsoOH3IjEIHbyLDsjISSjdFmc7uRegWj0= X-Google-Smtp-Source: APXvYqwE6RkqzBczczk8EBm9XSS700zT5j1L/wBhksTchT1zzTXtoFCU0Ya/gz4ksOsCvzs3xPThXeMhVXiEFLt6GM0= X-Received: by 2002:adf:e7c9:: with SMTP id e9mr4136778wrn.261.1572026611284; Fri, 25 Oct 2019 11:03:31 -0700 (PDT) MIME-Version: 1.0 References: <20191025174918.E8CAFD66F4D@ary.qy> In-Reply-To: From: Dotzero Date: Fri, 25 Oct 2019 14:03:19 -0400 Message-ID: To: Seth Blank Cc: IETF DMARC WG Content-Type: multipart/alternative; boundary="000000000000be3e890595bff758" Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 18:03:35 -0000 --000000000000be3e890595bff758 Content-Type: text/plain; charset="UTF-8" On Fri, Oct 25, 2019 at 1:53 PM Seth Blank wrote: > On Fri, Oct 25, 2019 at 10:49 AM John Levine wrote: > >> As far as I know, the point of DMARC reports is to help domain owners >> understand who is sending mail that purports to be from them. In a >> large organization it can be remarkably hard to track down every mail >> server in every department or every subcontractor that might be sending >> real mail with the domain in the From: header. >> >> The domain owners use the reports to do things like update SPF records >> to include all of the sending hosts, update server configs to add DKIM >> signatures, or to fix servers that are adding invalid signatures, and >> often to shut rogue servers down that shouldn't have been sending mail >> in the first place. >> >> I can't see how spam scores would be of any use for any of these tasks. >> > > +1000 > > The point of DMARC reports is to understand what is not authenticating in > an aligned fashion, so that you can get those mailstreams authenticating > properly and verify things are now correct. Spam, nor insight into receiver > mechanisms to combat spam (which change daily, per Brandon), is out of > scope of DMARC reporting. > > Seth > > Absolutely agree with the sentiments expressed by John and Seth. Michael Hammer --000000000000be3e890595bff758 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Oct 25, 2019 at 1:53 PM Seth = Blank <seth=3D40valimai= l.com@dmarc.ietf.org> wrote:
On Fri, Oct 25, 2019 at 10:49 AM John Levine <johnl@taugh.com> wro= te:
As far as I know, = the point of DMARC reports is to help domain owners
understand who is sending mail that purports to be from them.=C2=A0 In a large organization it can be remarkably hard to track down every mail
server in every department or every subcontractor that might be sending
real mail with the domain in the From: header.

The domain owners use the reports to do things like update SPF records
to include all of the sending hosts, update server configs to add DKIM
signatures, or to fix servers that are adding invalid signatures, and
often to shut rogue servers down that shouldn't have been sending mail<= br> in the first place.

I can't see how spam scores would be of any use for any of these tasks.=

+1000

The poi= nt of DMARC reports is to understand what is not authenticating in an align= ed fashion, so that you can get those mailstreams authenticating properly a= nd verify things are now correct. Spam, nor insight into receiver mechanism= s to combat spam (which change daily, per Brandon), is out of scope of DMA= RC reporting.

Seth


Absolutely agree with the sentiments expr= essed by John and Seth.

Michael Hammer=C2=A0
=
--000000000000be3e890595bff758-- From nobody Fri Oct 25 11:35:58 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A831A12003E for ; Fri, 25 Oct 2019 11:35:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.001 X-Spam-Level: X-Spam-Status: No, score=-4.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1152-bit key) reason="fail (message has been altered)" header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KYBT8CzAXB5n for ; Fri, 25 Oct 2019 11:35:55 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 278BC120033 for ; Fri, 25 Oct 2019 11:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1572028550; bh=6vvVdObkRFsHFxnesRqqBDU1C2kU3seYhbd4Q3iwJtE=; l=3143; h=To:References:From:Date:In-Reply-To; b=DCmaI9hmJiLB2Cc8OBvwQFv1IQ8aatWCzPup2pMffF98YJCicg02CcWZz8wnRUKJL LG7ZBGE/oJ1182l4rO54O+lF3G//om11JyE9npP0bnZJE091B+Xici+RVt3OmeivS6 nh4jVGchbU9wyEIwGFQVIrOGN1LLPbaSvzlXnGVvDNCFDPgXqlqlipLoMQUED Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC028.000000005DB34086.00000D3E; Fri, 25 Oct 2019 20:35:50 +0200 To: =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD0LfQvtCy?= , "dmarc@ietf.org" References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> Date: Fri, 25 Oct 2019 20:35:50 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 18:35:57 -0000 Hi Dilyan, On Fri 25/Oct/2019 12:51:43 +0200 Дилян Палаузов wrote: > > I do not see how this helps for DMARC. An email either validates DMARC, or > fails DMARC and the aggregate repors say per sending IP server (only direct > mail flow is reported), whether DMARC validates or fails. With this > information it is sufficient to determine, if the DMARC/DKIM implementations > on sender and receiver are either both bug-free, or both have the same > bugs. Looking at aggregate reports, you cannot tell whether an authentication failure is a sacrosanct signaling of your domain being abused rather than a legitimate user going through external forwarders. > I do not see, how the information you ask to add, while interesting, does > help DMARC.> > What is the purposes of the aggregate and non-aggregate reports? What are > non-goals? I asked several times here, nobody answered. Perhaps a > discussion on the goals and non-goal would help. That was probably discussed already. Now that we have some experience, we can discuss further. I know some very acknowledgeable WG participants accumulate aggregate report values in their own MySQL database (I'm not sure about the details). Many people, instead, outsource reports to specialized DMARC analyzers, who display nice graphical summaries. I run an XSLT transform of DMARC reports into an HTML tabular format of one row per record. In theory, reports can be something more than a debugging aid. It has the potential to assemble a community where bad actors are identified and dismissed. > If it is a goal to reuse the dmarc-reporting mechanism to report also about > perceived spam probability, then it can be discussed in more details how > this can be achieved. Well, spam score usually is hight for phishing too. To counter phishing is DMARC core business. > My experience is, that asking a provider, why an obviously non-spam mail was > evaluated as spam, virtually never leads to a useful answer. So nobody > wants to reveal how its spam system weigths factors and if there is lack of > such interest, extending the report format will not help, as nobody will be > willing the report the data. This is a problem, indeed. Large mailbox providers may fear that giving bad scores to an IP can result in senders complaining against against their weighting method, requiring more personnel to answer back. It should be made clear that reports are given out AS IS, as a favor to senders, without liability. Anyway, reporting MTAs don't have to reveal the method, just the result. > Exchanging information on hard-coded rules in Spam-Assassing (IP reputation, > HTML mime part without text/plain, the “Nigeria money” phrase), that is not > based on filter training, does not help neither, as sender can run the tests > on its own and predict how the recipient will evaluate these set of > criteria. Changing point of view, perspective also changes. In addition, by comparing external scores to internal predictions, one has a chance to evaluate the goodness of the reporting MTA. Best Ale From nobody Fri Oct 25 13:13:49 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3B9212004F for ; Fri, 25 Oct 2019 13:13:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.749 X-Spam-Level: X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=L3I2XUzF; dkim=pass (1536-bit key) header.d=taugh.com header.b=2k3C1u6d Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9FUNMZkgo_D for ; Fri, 25 Oct 2019 13:13:47 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6B9A12003E for ; Fri, 25 Oct 2019 13:13:46 -0700 (PDT) Received: (qmail 31222 invoked from network); 25 Oct 2019 20:13:45 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=79f4.5db35779.k1910; i=printer-iecc.com@submit.iecc.com; bh=IisW42XjRZ5/N/IkJ1E8k5xp+s+j/vNJfdyqKNWZiho=; b=L3I2XUzFZBITWWtahT8rOQoWrd04IK1Io6iD2D4jkuj9VFmBB27D3MxB0tHO9+fLh+YNwmxgi1+plG5YqzbJLgKsrtV4oaXGpHM57GhVEE/JKGkWn5HNevFg2qRXuATBF4366LvzJyb6nlHfGr15N0J+rs/lhwoAIQPkV3kaub7aj23C4kS0gU5oDUPYxOf/nLb+cpXHzhy64hr/mCHLpT4/16v3NRgpuWEpmRI8iwG1OH+oPfbJPNXeeLOuNkc6 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=79f4.5db35779.k1910; olt=printer-iecc.com@submit.iecc.com; bh=IisW42XjRZ5/N/IkJ1E8k5xp+s+j/vNJfdyqKNWZiho=; b=2k3C1u6dVkmsmkxPAgoF18CZPIVA0YQVrP2FqPMvgO+KnwD235awjlrR1MbqGt6d+lcvliZhDgEFWTBgogSkQtQrfY+V58rbVVInIVVirxY8iAJaIqHRORtVX3no8sZj59LxDStDQEKyIUb78wvc4IUrauawddJAz/R7KoUmdK3oYTZhnT6lOuG8bvK5roFIoxw33gbUt510PGUsz1a6izbxV0TorZCVVfRWHD7/KtcyeT+OH/T28y4jrPezWAep Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 25 Oct 2019 20:13:45 -0000 Received: by ary.qy (Postfix, from userid 501) id BB28AD68CE6; Fri, 25 Oct 2019 16:13:44 -0400 (EDT) Date: 25 Oct 2019 16:13:44 -0400 Message-Id: <20191025201344.BB28AD68CE6@ary.qy> From: "John Levine" To: dmarc@ietf.org Cc: vesely@tana.it In-Reply-To: <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 20:13:48 -0000 In article <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> you write: >Looking at aggregate reports, you cannot tell whether an authentication failure >is a sacrosanct signaling of your domain being abused rather than a legitimate >user going through external forwarders. Sure you can, you look at the IP address and see who it is. In my reports I see bursts of authentication failures from hosts that are obviously mailing list servers, and lots of failures in China which are random spambots. >In theory, reports can be something more than a debugging aid. It has the >potential to assemble a community where bad actors are identified and dismissed. No, that's not what they're for and they don't have the necessary info. There are systems that compile data for IP reputation but that's not what DMARC is. The point of DMARC is to try to tell "is this message really from X", not "is this message spam." R's, John From nobody Sat Oct 26 03:58:11 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53CE912006E for ; Sat, 26 Oct 2019 03:58:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOfy5ZbG3kPz for ; Sat, 26 Oct 2019 03:58:07 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B97412002F for ; Sat, 26 Oct 2019 03:58:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1572087482; bh=Sjph5qTBoA+CiHJRvi4EoK7nVRonUskG4vsdUXLNPjU=; l=2062; h=To:References:From:Date:In-Reply-To; b=DJwFeN/HwE/ZWTPXXEZkPH0gpahI2xHib9aO575bPERv8qiVWjCLnINdZwXq8iqM3 +wte0zI71UpRO+JKw4GS6ii1O2MPPrFjzh6pkK8/TdyIYnME9zvmMyc9fsblf4/Rc8 hummv3bsAExc+XAF/95zJJLu59ZIcNyf1uYJe3X02crCNXinWIfuNGxK51QUl Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC085.000000005DB426BA.00002606; Sat, 26 Oct 2019 12:58:02 +0200 To: John Levine , dmarc@ietf.org References: <20191025201344.BB28AD68CE6@ary.qy> From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: <677fd9cc-f7ce-8904-2e27-644f9f442e29@tana.it> Date: Sat, 26 Oct 2019 12:58:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191025201344.BB28AD68CE6@ary.qy> Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2019 10:58:09 -0000 On Fri 25/Oct/2019 22:13:44 +0200 John Levine wrote: > In article <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> you write: >>Looking at aggregate reports, you cannot tell whether an authentication failure >>is a sacrosanct signaling of your domain being abused rather than a legitimate >>user going through external forwarders. > > Sure you can, you look at the IP address and see who it is. In my reports I > see bursts of authentication failures from hosts that are obviously mailing > list servers, and lots of failures in China which are random spambots. Right, to add a country lookup during XSLT transform is a nice hint. IP reputation sites are not quite as handy. >>In theory, reports can be something more than a debugging aid. It has the >>potential to assemble a community where bad actors are identified and dismissed. > > No, that's not what they're for and they don't have the necessary > info. There are systems that compile data for IP reputation but > that's not what DMARC is. The point of DMARC is to try to tell "is > this message really from X", not "is this message spam." There are spammers who abuse other domains, and not all of them are phishers. While hard policies don't seem to be a goal for seldom-abused domains, failed p=none hardly map to some kind of score. So, yes, it looks like some necessary info is missing. But why would more info hurt? The biggest obstacle is admins' reluctance to divulge internal data about their mailflows. Perhaps we should instead look for something that mail site admins are eager to communicate to their peers. I, for one, see many more DMARC target domains than sources (73 to 13 this morning, most of the latter from my yesterday's posts to this list). I guess such ratios are rather common, possibly worse for large sites. Correct? Curiously, in general, people and organizations seem to have a lot to say, while they are often reluctant to listen. How come DMARC, as a channel, induces the opposite behavior? Just thinking aloud Ale -- From nobody Sat Oct 26 06:32:21 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 197661200A3 for ; Sat, 26 Oct 2019 06:32:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1-rcXbZxoOn for ; Sat, 26 Oct 2019 06:32:18 -0700 (PDT) Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F3B120024 for ; Sat, 26 Oct 2019 06:32:18 -0700 (PDT) Received: by mail-wm1-x332.google.com with SMTP id 6so6223268wmf.0 for ; Sat, 26 Oct 2019 06:32:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MwdbTCwm1M/+BTMk32LKvVw42lestN0gP+P69jKnxxs=; b=iTlpgvd+E3wE1tKo1kMTQnPcenrfCt3/Bmk6dgacjMU/7tQeiFiVwtbH3hq1L14ctN fpgS4S3tTpbwSB6m90Isc6sWQpWcQDRErhYxmKx7yXzHnt5R3hfMFIY4awuCBrWDwkW9 hpPh6RA23Omse+ONunuZm8Dmu1Toq3KuFCuSLj9PV+wNtjXoH9JvppBoUKVuj/F//cK7 r/7re1WSBMT4o6gkVrQ8OzN0sw4nvpVIlqnpwCGowZFQnRg0PgdzIOSl/IbOyGv4RHcc qEWCs0lUD663NxgQDvlMwDaZvFM2vG9s2txvKvMXpwjlejMr7zYlqR+ilTW/Wx+C8cOZ KL+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MwdbTCwm1M/+BTMk32LKvVw42lestN0gP+P69jKnxxs=; b=p/etv7EjJ2aHONqPwdnY7qdqpwBC/u5zrO370+NBCDEIfxlU6xudbrFkKbBSmNMdE/ TNuTFt1WR/G4blCZitJltBjP4MnaVaI0tV+A5Z4oWFRlDvX8YDgIQWJ/lf99qz661LHo fvwbqpgUAZPM+jF2c9zzkdSoJvP9BsAZ3fQPT74abJYevwCXf/f+JXIQX6j5BnUCB7q2 sUPDAnsBf7vKJG6M7saZtTtL6+MUeV39ukINRmtfihYnv97yoWq3wBV2I+yQn50Ni7fg ESEDbfaoau9eT/1UzdwT6T5PtFsmNXWuzE6vQyLOZzFJyn7qYaMNXkWqEh+0t29rqaU/ Hxbg== X-Gm-Message-State: APjAAAXQG+g2+Rpar4pi4ACmXcl3rcDAvuxd0hHmqVhl4nBr9Zh+AMEM yZpivrNFv3qLDgA0EbFSlID8C17oRYJWniRGqWE= X-Google-Smtp-Source: APXvYqzjk5TIOxFcvNd3oAHpyqRj0FXRGR9WeU4QUQ6Xn1jHC3ZAtbbOLqdS7QnlMEd9QYrzS2Iunv7JqPe07X78AZ4= X-Received: by 2002:a1c:2dd0:: with SMTP id t199mr7651246wmt.58.1572096736847; Sat, 26 Oct 2019 06:32:16 -0700 (PDT) MIME-Version: 1.0 References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> In-Reply-To: <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> From: Dotzero Date: Sat, 26 Oct 2019 09:32:06 -0400 Message-ID: To: Alessandro Vesely Cc: =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD0LfQvtCy?= , "dmarc@ietf.org" Content-Type: multipart/alternative; boundary="0000000000008d6c200595d04b57" Archived-At: Subject: Re: [dmarc-ietf] Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2019 13:32:20 -0000 --0000000000008d6c200595d04b57 Content-Type: text/plain; charset="UTF-8" On Fri, Oct 25, 2019 at 2:36 PM Alessandro Vesely wrote: > > Well, spam score usually is hight for phishing too. To counter phishing is > DMARC core business. > Absolutely wrong. DMARC does one thing and one thing only - mitigate direct domain abuse. Bad guys can and have switched to using cousin domains, homoglyphs and other approaches to engage in spam, phishing and other abuse. One thing I think we will see more of over time is system compromise to enable sending of badness as a particular domain. This is one reason I'm not a huge fan of reputation systems and whitelisting in particular. Reputation in practice essentially reduces to "What have you done to me today". Michael Hammer --0000000000008d6c200595d04b57 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Oct 25, 2019 at 2:36 PM Aless= andro Vesely <vesely@tana.it> w= rote:

Well, spam score usually is hight for phishing too.=C2=A0 To counter phishi= ng is
DMARC core business.

Absolutely wrong. = DMARC does one thing and one thing only - mitigate direct domain abuse. Bad= guys can and have switched to using cousin domains, homoglyphs and other a= pproaches to engage in spam, phishing and other abuse. One thing I think we= will see more of over time is system compromise to enable sending of badne= ss as a particular domain. This is one reason I'm not a huge fan of rep= utation systems and whitelisting in particular. Reputation in practice esse= ntially reduces to "What have you done to me today".
Michael Hammer=C2=A0
--0000000000008d6c200595d04b57-- From nobody Sun Oct 27 03:12:08 2019 Return-Path: X-Original-To: dmarc@ietfa.amsl.com Delivered-To: dmarc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B3A12006B for ; Sun, 27 Oct 2019 03:12:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.999 X-Spam-Level: X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1152-bit key) reason="fail (message has been altered)" header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZXxC6bMjy9v for ; Sun, 27 Oct 2019 03:12:06 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B247312004C for ; Sun, 27 Oct 2019 03:12:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1572171123; bh=76GNjPNJOUadeWPkAtN4g6QQR5Z4xXDN6kzjPvYczLY=; l=18057; h=To:Cc:References:From:Date:In-Reply-To; b=AjP8tt2DWVYcw4hWfc41NgDxYhrVibUnEJk1mKAkOFz3U3VCY7BgZ3gZLDysLSX3w kWfcbSBp4uG+WIlty/ZLavG+paRwpiLmm2r3IsGXrJBU0BPDDNP5zhCzTssbF9GBM/ sN0u1RuAPgHcJ5M/75G+V/ardJWwWDbVWutyEDiV61Jz43zwDH2TmLNGaidhC Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC083.000000005DB56D73.00005772; Sun, 27 Oct 2019 11:12:03 +0100 To: Dotzero Cc: =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD0LfQvtCy?= , "dmarc@ietf.org" References: <2c9f5a36-105f-22bd-2029-cb66867355c2@tana.it> <682972a4-38e4-f5b2-3180-c5a03a3a08b4@tana.it> From: Alessandro Vesely Openpgp: preference=signencrypt Message-ID: Date: Sun, 27 Oct 2019 11:12:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_north-22386-1572171123-0001-2" In-Reply-To: Content-Language: en-US Archived-At: Subject: [dmarc-ietf] DMARC domain, was Two new fields in aggregate reports X-BeenThere: dmarc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Oct 2019 10:12:07 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_north-22386-1572171123-0001-2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit On Sat 26/Oct/2019 15:32:06 +0200 Dotzero wrote: > On Fri, Oct 25, 2019 at 2:36 PM Alessandro Vesely wrote: > >> >> Well, spam score usually is hight for phishing too. To counter phishing is >> DMARC core business. >> > > Absolutely wrong. DMARC does one thing and one thing only - mitigate direct > domain abuse. Bad guys can and have switched to using cousin domains, > homoglyphs and other approaches to engage in spam, phishing and other > abuse. I conceive that as depicted. Is it the agreed upon diagram? Ale --=_north-22386-1572171123-0001-2 Content-Type: image/png; name="spam.png" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="spam.png" iVBORw0KGgoAAAANSUhEUgAAAlgAAAIxBAMAAABjs9t9AAAAFVBMVEVvcm0AAAAzMzNmZmaZ mZnMzMz///8t/M5/AAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAAD+kAAA/p AamGI58AAAAHdElNRQfjChsKAQHyJ4+yAAAgAElEQVR42u1dy3bquBKFP4gNZO7khLnzYO5A mJskzP2Q//8TGuthPSzJkiwZk0Zr3dPd5yZgb1Vt7SpJVYvFHEY0MBb3AccyMhwP/3ekIstx Nyk8np7e3g+H38toLqP95+Gwf3t9uhsYZ1Px8/sBIiQfvz/71+T/a19LFqjDuTEY4PCW/B/N i77z87sRUB1g+9f/l3lRo3r+skIK4/Xz+r8xrw6q+N0BKeKQr/8HuJYdUr/NqAH2yV+Ha7xR MeP7T8OF32311XgaHXv9VQ+MvUH1d+Fa+raqDq70z/kitqqPJsD4Sf6UcWGzem8CDUz1D3/H rJ7PTbABPv+IcSGzio9N0FGnf8G4EFb/muBjf/vGhdbAYzPBAOltozWZWbHG9XDDWMXHZrJR JzeLFjKrczPl+LxRV4SP/dFMPL5v0RUnd8EbdkWI1ercXGGA1xtDaznpKihdFR9uCquP5mrj +4Zo/lp0JRLXzWB1bq46kJy/DaxWV8bqVtCaB1aXkc0frasugxI1f8fqb6A1K6ya5jRntGaG 1azRmh1WM0ZrOT+sZovWLLGaKVotVutmhuNzflF1i9WqmeXI5obWjLGaH1oziJ01I50VWvPG qgHJjEi+XXCOTXNHy5Cwds2sRz0XAdFi9dLMfFTzoK2ZilGZOH2YA2GtmhsY2QwcceYLoZBo vr4THpubGO2S+HBfCG+E5G9hIeRJ/k7ut0DySx25V3faMiYskMyRy+qr0ZaWsNJ5pgKvRVtL HWG1DzVL+XUdtaVVWDBw3d7VlpETwiM/s/RDqLaugJUGDHTdYZ5h0PT6YakPCdE9rVn64RUc cSDMydA9lObuiMiwtIyUz9kPJ9YPy6G8TBFFbb2dx5mGPZM64mCu4WLp6xkHjlM64nJQFlx0 1jqdcaorn860hpOj4PIjF1eMNv/7RKBJwu/yMK2Kj5v/uSMuTbT5xQePc/bDVtw8TGNYR5Nn 2c7ZD6EjTmJYL0YM+jhrP5xEbC3NAChbo0pnvZ2RhndEw/evWpFVzjb1QNJIM2B39CRxKyCi aL7bF8HFlnHAB38wnW3qYQqOXxrvEybtmjlvP2wf7yGsdjenzx3ywxmfhEhDmtbS3Ksy+KPZ rP0wrI5X5xGAJEmzgYY+6z3rgDpeIxvSdZ8P1s3s/TCcfNDIhlMPxgqZ1Mz9MJx8UAeFVf+8 MkASq5q5H4JAprVUhsXw5LSICfa/ZOan3QKZlpp90F6O4KMJAimfc+ohmDLVGBYpC70TENxh P4xnDFYYZarJJWekaPJZSNI0N+CHTQDT0gU6kMVF2iqwJc7dD0OYlnaT4jI5cSbQVon/q567 H/o3LX0E3VrPR8LTVk0wSud+otm7aemto/XDdcXTFiC5rGLufujbtIYi6NaqzhlPW0RqzDwF 6N+0hmin9cMt0qYvTP7jeBt+6Ne0BnN+NbSpilNbGbHGmacAfZvW8H49UlMnlraI0Jp96sGv aRkkk7GaShnaKjpen3vqwatpGRgGVlMsbVWd85Xzv7biz7RMln7M4gxtdULrFvzw5Mu0liZv WmI1RWkLUMUwfz8EvsAy0pSARDWUtpIO5Gr262FLup4MyyRrQNQUpa2Uyohk9neDPZmWoVF0 aqqjrZz6Xj7/+66ZD9NaGspvyuIZpq2CHleuvDjhL2o9+kU6kXodtQ/TMl71KYunKFtTMWQ3 ygnBT9uaNRFbuD6/vX95dG4P29Pmm9A0qkG0tat9qCuxHas44qc3T4hV401raZ65o2oKZWua sVm/X7arqBYxL4CNF6YWuaicqilIWy/pmNTMz1siMSMy+oA9j27aVo4Fa2khvdkNVUhbqfNW hYBU22Ba5PSW6t+efOI1Wj1YicmERjW1bHfM9KH3CYvTQbvy/f7sGcTGNeUcKUyXVq+bM3eb kNpyCHIYqExbTDcsYCPMa6R6sFvPaja7gDYTbe+F1a/USL7sMKa/6QzXOPVgaRrchmpqf0+6 g8qpHTC1SdcOnaMofmmZWeE2VGvby6wdVO6e1DVpdYQrGeGHtntY/IbqyQos0tExej6O4Ghq Xk4fM4Lil9ZLP3+3KbP4fdIW2kOPadKl1aFP2QiKX1qHKyW/oZqaMh7ufOmnHXeHvEPHXHeK t1/5AX+wARj+2qc3qxLgsu4E60zxSnov/w2mAK1sPwnR4nbvZlyuFK9c+BO1lHHYUP0M1IsU dViznQNHileq90rzDNYHG1A3Ia0BXILAg5PVIaa368TlSPHK5EymM3DLjRzELbrZl7DPr6XV /rOj+AePIqs7Qip9RTs//Bw0q8+ofwYzil/s+NCmxZQTxStFVk5j/A9dKt7UBbVvcqIZhRXz FeZaGWldC1d0StQoRRabaZK8qLkfoln/JxHhWy5kip9R3mpH/9ImPkd+bL4qumzzKF/58mGr zjmid10KUP8SiilnDScnOYSWq9dSsH6+zAz4X0A/VMfQLSudv6lxHdUpwEGspC7IkF7ScUFF 1W7FzWNqkOj/tEHLwQ+XSpquoUfUicq4ciM/1Dx/0llmzeBGc9Qlp2kSEzv+tqF5ez/UvHAC /QRQV+R9qTJxw08Nj1BbYWEpuydyAAvNrSFalS1YukxWjj3ihxoXF+Anw7mGlkViTvLW/9iZ xf9WME9Rd0mXglunO+MDWijgXqbhgQvbkEcnlkqSh2GNi7GS/MUIqyM/8zE7Gec+WHRTO2f/ li4HlT4nA1JjCWEb8uhoB9A8jNS4gMnqJLgEu2tGLSeX2ncmB6scCuE/TdGy9MOlNsBLKSsp jGvQrkT6KJjZoW9dSIVxxj4c1RH5YKrRGC07P9SHLDkrDhjjMgvwZVhxh0g4Kt/qFgBOR2TD iuXTkLfs/FC/+FecOECaDw0D48qkohUwf1l1xlJJJ41b/yie9LDAuzZ6MkDLyg8HdnUAHyyn bPxzNMBqLdcjjGdt6Bd9DIK1E/661miEk5mCsPHD5UDiIGWTVvCuKoVr2BHWChCPdC7WzBf1 1jjuEzpaA9xJcq1trbz64ZAEL9jkcQbDH8JcepTVj8oyPP2UUrKNwScdugWT2mOujbc+TXJI Fn44uLdaM5s42CdxEle/IFVqJ6i4iHDFSklh21UBFmW6TP8YnyZdSsz9cDkIfUIN5ESsDBrX aghjDqsj51yxZLmr+mTYfspzt73f6QiWvPSekRmsRJkxWMOBcEYtPaEXKV71v9iaCbsUgfSR 58GzREjRgP2Dxw+f9uuAZclrIOFlsAVlnKcxOOFQdpPHyYjv5DyA1ZH77xXPqTtpPPMpVEIo mcNb778JAStjyCvRp1LFJxmTpzHYiKaklRpnkTNxPhNu0SqpOQjCnRxfiHtgsenmlPHHbIBH RBsf4YcmWVvifLXxBehTj1f5oxA1twYKXoJOx2wJlNzxyLWwKuRtpWKasP9QTfbaix+aHOfI I1o9xSiSr/prUMFTnCoVStN3a+qkgJ463Qh6I43WJbtCSIOwamhJBGZgGR3mxqQFEsOEu+wH K94oqaFJdyQqIjU7RsMnvzeCzEqix4o6eKFgidMQyZvtHy5NL4GtWaIfjp57JAF4/Lo71Yq9 rpTedqEf8U1wrZhLxtuamnummvp0gLbMRLzZyQ4U8aSG9wJOUm9NmFmH4fhGFtCIy6U86dDx 3OVvjoC+g7KzFEj0tGUk4g2PRrZktasM6b2WM0RG3wmwt6sbqW8TOBIpWN0KCv2O2rt6taoH aMtExC/Ndt8hTpmZblBNIlULRHp2zxlLv3GrTjp0MitvfzfpPlhDEyf94mQiHgxJCOBcgwmy mcJZO7WAdiHpJiFNTR05sHbqpEP3K9DvMibXfNQ912qceDA9B5oaX6GolDOIQcR700Uv6blP Nj0j6sXRR15mQWvNCaCFLmfUWvzLGPFgfAusYFX1kBO+KAE/k6M0R0aWEnXAzTw2IkXSgfwu 8ruCBkErp2k0I62l6QmV2vS6icbY2wWOOUoTiUExd1MKOxovwoiO6GRWBX+lJAaV6HnipHPE fBAs86Nohj2bKo2eKXHHGbyP3yUeCG3njBWRjW75SYdOZhWk4iepsPQ4RCYv7uLB/E5FZqQb Wifc6a2zO/OQM1ppS9xkRz/nUQ1Wt2+B/I6o0pr5crB/euqdh641jjiYeVBnHMDh8NWLeIYj 7ly74iRcpqqTEp2rJfjAN0o8nPtRNuH1ghL9Gr3nDv/wmU+MvVs4YjoIlsJYvnsnK2qT1H+t d9WM2/bsGL4jcS4ds5Hkb8hvZJTocQ3LLZ4qwYh7J3c0jlgM+KH2hLKQMjM5iJXqVXLBf2Qn RpkUgpi3yqVgpZTocUy0Qf9Y8cn8Plq1mlOrQbDOKubplSLNjbKzqwH2lyYeOtVEd3BXZ1ka lfx+QrkLR9tr9NcbqtZRZ7ze7OVqZa0nLRVlZf1jsL2LOgqMefoEe45jQa+26VbYssBp0vi9 kSToKbkxyS78zxXOQNC8fLsBuZeUzE6UHJ8NgLXRrVq8ZAeRQSnAl14KT3Tls8TQOER+f385 gA/cLzxyMivrCD9mIiQmTSthWvXpOz1pKfwqY8sF8BHPUc/uPB1UPVfOuG/sDC0zVDCMxiDL Z7cysIshk3qs+lI6VYnLegCssyJolpnW0OnRVMCeMN9auk3B7mHkhpdZSyoRtg3rd0iV5lSy 0ic59fxBzfE60lJQVonEENgLrzpQFqtn3t0NgKNsm6K/h2FgWU/o54me6PwOwL8giyEv9voy OVet2akWrI3KC19oeoC3OK1hHXtZHbjPsJFtU6BpsbuWRE6SZlSxnsnnbts/yFrJekDZW5dA onD7QgOW3KsA5cQTbxfard3eMyGxDFKR95jHrB1rkqXdIhh35vPYZf4ALwhBn9BLxbquU1py fFmP588RaMsm92YL/0Ut8h4Lt+MFzaQrek3ru2xwBoIWEJeqD8XDDua0FLmsnDEFXlvprp70 JqskxJCzpF56qVINXtfcYohUKdkGywWPkRxVrRTsqyYtRfo9Yd+H53RNlqZX5i/tn6RC/+Gv hClgC+etOqdMhYesJOShKDKkzmmpKWunSOWpr4CV4gLDRDaJsDZ5A6uib9yqUrINJmoF2S5G pdxTsUq/86cOC+6b1Wma3gZNxh4pWrmrhQGwzsy/Jp28X4vT/yhb8o82pCWf40xUkbFBBqZ3 KJt94lxIrW+9mVb9xHzflyjvtWDVcvJUJeIVkjThPrribVqV4+4ZFptZ4cCqwvQhuADyThdD cTp+dlKjOJvH0nJJKiReBbAyuc7qPR+nbXIWYRCoSDVMyKgWP0UguDGXpXKBWYoam3u3cmVs WDtm5dk0YRheSE2u+hkwvbI9G8tS+WfylCWCBba6ZIACvYSjjCz6CAFWGok5rqFbdlJCUDC8 QpLycVVr0ybN3AWNxWnomjfh8hgCK6amHhXslT6akt4glstSuSQV94oygy2dvvdzma98kmYp 9GIDBSvXH8mSnThUyNKlFAWBskRDU03quR9erodWUL+jjOi5mojOmRatVLLWyGWpnN8FygIG Z0hlB/dS7mj2JCW8PwlGOXtmX4uW7NFqBVjnYcqqDOrynCR4MqnvZKrWYT/PYtxcD6AFZEYv A0vO7yJl5QaqSHofvosiq8mbYTFx8xBaMpUhY3g5vxcCZaXD/F5J3Yxt2zBx0wH23M0AWjIG yaRgPcopa6PMQMiH4nww3o2qr9BljfUGiNbO5uFLCVjyjxCyewaUBRTLJUC7/dkV+mhyUV+d 6Exb4hYyDS/9CLEwaz4sSZXBBUyygmu0SeEjVX2JkT7FAylYCmXHomVAWWoV1cqH7BoN6QBL vAM8UPbnup+lkednUn5X1EBlVWo0qsi2gLBHP3zRaSl9riuTgLVRsDJzTKccpqxMo6Ky6Eqd ndiDtkMnA/ovUEjA2ipkMIPWMGVpS8zVV+uhmdLzKENVkaqe8/QDHpVxcmglg5RVauctv5Jl oQrZHwaU1bDbacqAR/mSDFoGlKW/QwrMyzJ5HpBPVoffQzq4wuQ9P+yDFWsCUoxWOXhJAAxY zsm+829b0vUyxrZwYk5NnQetcKcPeHT3osn3/BumrHLoUZLIJtr5Ye/3Pr19jaStyGw57vlh 1gNrYzQr26EnGkbTVJXWkg5FY4pVf/LXhHVpw1i/HC4Hy0YYFAQZ9MJm+LRgZ1SKZk4jmp+g jxzGu+eH4nI4eGE4MrnXVA4rA7MypuCVbQZ2GU+JD+sC/OlU9dtutMvhEJMQtF7GeWEjKe8g GXta5ILeC/7tmp+8B48lY+1yOGgSJmgBk8CvHjRQoOzRQMphrMLKj957JJFdkZDu9P7HiLXQ SJl+R/zBd8HoEsfuFHYr50azHBpcjDZAKzNa6IB+g+h7qLPJ3r7Gu+0Q18NcAGv4ftcwWolZ LFPq3PBz2M0sC0u7RUdHdbLUKGTr0NopFzrDCrNbvUgZxGEfOtfDHzAQkqVm2mcArdz0+auz bhkxOdwNM+kBU67CqwABLCOb6C6H7QymwzEkMQu0A6MlOgkPluG+pw4tMHorIrNQBdDKw/FW r9SXS5+rDq2jHW+bplH4u7JvT52AAFIzfAkFVsaLB1Y7LM0tmqB1dBQOA1j1RER3matHZdC2 Qumtkn+UnAPLnG0wWs7CQafsV+JfUOMp+9kCYBqUuz3NWZF3WNq8p4Jb63Hb8v0yfFnrk9/k UwvJVxqU7hshHrYK7WC3mVdLJfhIyuodnQLIzk5cvQbJk6ymIK2aA8tqfupESlmbkYQlJpF2 CDN8vX6FUTmKrvoSiLRihdCy3aCiZ/NZu92NI6zepXg8Ceihk2dyKfWfCHIQ2gK8AbFgKTwI HBQPAjxTVtpnwXRFuBUVPHqLMYZrUZutApHWjnvAB73MamvP7tzM1jq6oKUJyN36pOvjgapm HSL8Dpseyb+EJ62MAWutCj525u+7GeWExy7pgAUVLUS3hX/+4IJQyaPylwMqrZwB61GRpDN/ jHSEyupqsODOkAisLSGPLbQvAN2xWPVSFqcwjlhzRF4wYG3l020O1pjAsHvbFqu3N6RLAK0H 2c5kGSOw0o30XmUIR+Tcima0pN6Wi7u3v7pen5U7ZdFDASl0wQpXRiFgQb8rVk37QyD6kJ+E PocgrUeZKpVZBRC2uqFuV0f5hXtg2B2eyrAszeDj8GBl6waVp6skuORBzqlyr1QzYJ0l/MaB VQ9sq2TOuay6WwlzPGcVxKn7QAhWummSXYtZGclDJf8czzsLA5Y8t8Q0QE4H+nm4S9KUuXqB 3xh+S1d1E6J2QawFK9oWsTxX55/jeVnaZbRkfJNw7F5JKtFo9K5dTpJ2xNwyoj1ds6vh5XvT 7eWHz3k3XdlRhngoWZpGak0qxB9ppD+D4s7vbIkAwjxFRMOcy5PsWsSOTfrY5Ksm28i+sg5h WhkrEogqlWnSklthKuZkxlGu4NbOhrXpRTjQH4uuDOe5BePcZI/ttlDXJIS/qZEHMK2Crx77 oDxuxB/FyntlCns//uhq6swrk9gZGlNFcjOoatjlXzbVBUSiSU/RKuJ5wLtpVfwNgAelgOfr b6G91d9PpR+mjvPKF1cpu2Ywuy6fBeAPlBfE8s3FCxtS8imJv2Nhdreewar5ehYPSgHf98L2 Ib9Vx41dl26+BkvdVejbQpZ4gaJ+hzRpU2wu+qHGX3T5P8u4CWxa7FuVHVg7yeoW8zKiKweq qKvhylhcoILNjISD0fMbPoh90aRNsb58Ndak9eXxil4lM9+sxfoLkfCSb+Ers1AZUclPwFSO sypePMcMD9ADZXRBudgUSgJhTdq+Rr4Wlalv02KZuO7AOkq4hPs5poaXjModgx3RsAjDE1+j +Zq2wgfc30GaFKZPBLAM2oyOWQ5BB9ZZshhumd+hCGXS5dBxMezdDClJPRT81+CXg/aCWL5C RnRsqOKir+N5P59zmA4s2WscOco6UuDWvpJZ5LLDh8jwuaKJQ4MRQonG9LEJbFrccojjHYn6 5hRfxFdmk3ZJPTpRAiprx/AWRAEocggAI4TlupgyDXBJlkVBDVYitBHdyJl/VGRIrrpnDFiQ 4U+aZa3VpGn01HIdlqdgw7iA53v9CVdA50ERGrLKgTsDKo3va6eHLElPig3P8NpP+9zBVbFd DfGLlHSiKt/ClI0OMwyWrJYBd3uV7UAv+Wk35YDLc+SsVV4Yvh7QS6Cd7gugv/jHUub3U8/q gV24cgzWRuJXKzZlumq0YDmF0aTwXsIXJPmXDJy6quCXVVFMGi+se8YaRDsYgdUrtrn2oxzw TbWy1yByCHiUx8q6sppb7te9UjzrMgUG61EHFl8iX1rvI3OhCvxB6Ur4KEMjvXgjgieWzIA/ 7RAPg8Xm0vhLb9IarC45B+wxYtawWJt/AJq8jcy3PQ025i0xWFtNHC2cMStk4Y6LzMJcnAlv V5vzSYx+/yh8rFcVH7FL7YMy6RBJYh1V2shBZgGylbpyXcAKtLuIJvWHMVifW4iMGaC0g2yp jtiGcOzkyYpYAAeiwC910Q2ueUMYJZakLPeZnwR/QmvHpx0UPS23vYwD/j+OfYZbOXgh7CV0 0Q2Vo+O0KS4ispglMfMqtZilSw1WyjST4F5Glil10KRYeZaoHYCTNmpDaiyyAB+PeZRajCgC GKyzLOsA36YWtgpr2V1BB02Kl3jsSk6m1eYD865v0yNj+4/+wGJUqRqsAnetSITDIdKkQ2Gv BLF4rHGTVRdObpMOSGRdVgnmHFLu0w/ZicRgSXOYYgdwshhuPAh4Pv47OcnuaktE1sW+eNns zw9ZhlGC1SSRdMM+lVfy3FpbN38U2Okw+xmLrMuv1/ypBH9+yK5dMKElXfhzWVMiRX2VzHrx F67V5m7LPZYsl9+uIu7TfLYuiA3AqqVlL+QloayVknhh2y0fhm+otO/DbSFWHnUpG++kSrA6 01oJi+RKBtbR9i3jsbZJ036tWfJbiIlHXdoDa6Vwld45ECA/6mC9momX2133HZ+Jo2Qbp8yF XXAI88qKB4VFO+KdTH2NDA0l5R9S5xUM8l0q3mj2GBye6durwYJdWDkUvhX1lGyfDb/MZTaY KHXnSiqtRyOZ9a6eDB+RNALL0Gj3imOS1gcd8I0Sbov1eYxhAZwaO6vc3H2kTmCVypJQ1kmH hJz7GO8t6LuRzKI7F6W/fCmz9OTmYBXKqma2Cz+uMJFF77+j36XCuDdczrT2J+KZtIM1WJsB lWsuHICfJQve5YMyK+F2j32Jh1wEa2P2W6pyebZgoetWpccIrj1PU/J7tevrg/XSeAAL7Ynn HnMDrcxK+Ea4sX+wCjuw1oORuRllQTom0igfb2GXzyrFSuzHa4KVKW/uWIJVoB/vVhkP9HL5 LCGKSH2RFpN+sgDr+/3ceAErw+Ev+bhktCa6yCyx6oM30nIDS7d8Wz0YyVd34I1+rbptzndu gkQ8xVXBwpRFM1DFaKZv79X1j0wew4D1OCVY+OqxT7CKVdrTNL5I67pg4UvtNBE8Hqw87juH L9K6Llj45GHdrYbF6LeSlcP3FR5eFazu+CntYTx6NczlnfbO8wTLwpG6GU/ILyWj92JqGS6J n5xWfk2wOivIyfUuDy/1oebGuYFlFRt2qxSBuAzUDKv0syHmFu54AovqnwSF5Umg+le1H1l6 TbCYVyhhwb5TsAYgfmSpf7BiJ+dIougpCdeSzo8szTyDZZODZ1f52qDAvGdB4QLWzjNYkeV0 Y2P6Dlog2Q/Dp57Bstk3RESS4geo9wF6Bvx++WR4ZivMF1imvINfIFQjut9D23pmZf1Y2ujs SP3aYpNV84GmT0WqPZ0D4cRt16U+5oR5N19gmS7S6EBlFaC5WkZbGRGMMh+H2iLfYJmf6kDP D5MytV+wCtT34ut8UW5n8ldrH2A1vsHaGdsg3AVrzSt79ApW/fz+hTaMupDAx34Y6IG1Gu0C Wyujhi+V+Ffu0GKr7mGAh+WQFdyZF7CMTyvjr4bmBV339egTLMiFWeQz4GEzKn7AKkzBQjqx JjWeGlhszd9oTx6xN649LIdsYhOd/Bvr2qWpUsOLYft9ZdyQc1Uew8Etd4QiH78clhz2fsAy XCKYxbBYB9AQ+bpJY3ZuRi+HrNNoTis7OrbBsgmT7vCP0nNkWMU1X1t0/MYRdynIob65e44G L4Zbshjmngt8gIjbQPQQHbILvR+wTNdowESGKKD2q7V63dHHR4fsGpFE9m0G3CPpCi+GR3LU wXtALSi+ZPQCwn5C5Acsw4cqSfmKI1kMfQfUaeyolk3MQHmTNUi8U+DzkRe08hCL4cVeN25q 2YRggCewDB8KT3RbkzLpNIRX6SC8STH+gNCqB9ZY6jB8KGKApPO278VQqB7iQTuwChJdKF+O BstQlXbU9o2qpfteDGkM/b2x0zQmVkDA2jb+rNWIAFBzId+LYYbZGHziyRudd2D5pVKVVwki tNh5btGKfS+GuLwk/Gxiy+O+gl25SlXhniBCi7M/2NrDM2VVO+Lj5KPH5h2SXgnc5fjdSKPz PTyzgdT7niFALtj2Q+iKCm9HesyZ4S9PYBk9lLhmfgboO1Hjfpo4UTZSaHELRK6s+WdNhBuT HxKe/Ogdq29yJRJn+EcKrZIv8/5g1WN0nHbIgh2YIQP23oSVz7GEK8fZAWcDuNXAeLCMBA3e Mft+eg8FVtG6IIzRcaZspCrlphe3Vhu/ZWR03BWt4yDgyZkKtmht56SKfahSbt1KIqfuho55 B1JeLPJdp5YxcLILgm+7jFSlsl4yHk5QGJwcww+eRm9owsCbf7TQfeJHmv0Z9Wq1rEuRh/01 g+Wwxrd9t5f/PaKibN4HSlavKVij0n/cCS/gDyyDk2MV3TTMNm1MEkBmQcXQlpkkZQtGSXjO AkingfFpB5O9AbSMwxRpsZY3DPYTHbY1dUlMPUqucNxSdWCNf+5h60QCsUCIBeotXqLTDvEr 7dW29fROpabvjn+GR/uVeWpwdAQAAA/sSURBVJdZDqMd2j/WtKZCMeLVeG8pNR2d/DM8inZy yCqBsELnAcpN1pV6GxPv8DxcaHqF+Wd4RB+IglehDr+3y+HFeA9nmzjMaP5p+6vxyZJhhkcL E9yOzjeBsGpbPAg7+GtPzNL1RvYhqQe3PVBoCHMn2WMosEqhouOI4FC4Zt113faRs0yHqBTp Q7RtHyz9ABI+mBoRHAqnLBNdT1b7iH9tEGiBAGfYxCzNC2cesacX0nb7HTkRMrC6UDdIR3E8 fr4kAel4VwEMWOOneqiSAsBgRe/nJthNMMUUeSBh2hrZh4QfkqXIIWAZ4udoCpjAuLSDsLxX TDt3D8vTQCUFRLW4HfXzV2iofnD1Reedw4JfR0sGLA/CZ4C0yH3XH1T/dBUSLrDvOjI652h6 FY0pWB628AZIiyqen1dNQ2oPo06ZAtrOBVCFB+w0qR9VOqC0WC1dv0ZRsBURXZCN379GJbTE MkkpA5YPytVXy+YDD7APeDea5cTMtZ2IwMCdJvWjSgeqZYshLQhnWP/OYvg+3k0iFiwfTqHl oTIKFj0L3/PSz3WMJuCaAWvp6Vr/5vpgCS1KHVOlYpGkigPr0cukxjrdMg1YqZczuGKVdCqz PAktfZVelOD9PvyGBmvrAyxxOyXnwPJyVkq3vYXASuEt5pCICRkNtyR8b61iZJYnoaUVD3kH Fr73PWeweqFbyoHlJbbViQcE1mcia7oyO7B6hawZfvelHXTVsgl5gJ/9axIQLIGznNaV3qQD AaxdYD/kmBb8HEId0hLy+05g9V6j4sDyox10fpgHP/eHv2c9HqzeQsUqB1/aofXtxyuDVUZd +Llz1ML9bmO5AJafc9ZqP5wKrBp9T5sHenQEq/8SnHLwpR00LeCmAuviQ+84Y7ZxBKvvHokA lqeUiVKXTgZW1xLu+egGloR4OX73ph3UXa87sPZJqGMhmKsSlPw7u8bv/a6udQ+srS8/3GnB +ux1IPPOWgmT/LMHS9IvuBLA8rUcihfgRbDqsPrdQ7JD0om64CnLy7EjQhlnDVhZFB9+9tFU BOYAlqTHedYDy9Nkq7peIwWPO4pW0XquYNUSHkkFsLwth43iahwCi3Sby6LJwHq09YxYoiUW iyDLYevzRyVYRUzm7zhPsICkxReQgOWLRuRSCz111wolCUhaYARYsqmuemB5Ww4VFI8zpY/y 5IBfoQVtF50rtU0ry0hEXAz9RYeQIl9UTNtlm8IdK73gA0/NofexBKuSOVjWA2vhT/ukso9C 6jDx1+ZDQwNHFPTs7KOsTPboiQQsbxvq0unBYB2Dg1VDu06iJ3T/1wqsWtrBsUdZ3pKlaCpW ErDWLFhlMLBK5IUbtN1qB5aUbmsJWEt/LePlSwoPVrDa5gUp0lWjSpwWJgCkXQlLKVjeJlv2 pZOBhW8Hte5ztjxydJJKxLxPWf4CHmTOxx5YK5bgw4HV3TmEM2NzmA0kUkWQSsDyyPCtm697 fzUlWDn5MptjkqWctiVe6JXh24rjRxEsONnvh8Ph7e3tNQkLFowU0p3dAdxE6lu1FKylx7xJ fw3GfddJzjcKDNYGg2XhLqU84isVYHlczjPJpm7DnHUIB1behVUIrJGGJeV3vwwvMS0C1tPT 0/PFEQ9BV0MYpydHm+soCsOS87tXhoewHAWwprmEUqxxtzZUxDseaVhyfvfL8G3Ms+6HbBOM 9n4/TJe1Ut78Ct1JYVi1AiyPGl6yIKYTgdUClUetaootLmdeNFZ8boz53TPDt1Oy4sHaTQJW E632EcRpY5HsVxmWgt89Mzw0rR33n9tpwMrQzj12RTOwgHJ3LlGAtfC7+SmY1mT79xXaxAVt psZ0cydT8TVQeKHPPDyJEJnPK6LHacBqvp8+LL+0Vuq+SgnW0u9Z9da22WqMm2byYWjOqVII FCov9JiH71hzI2T/Jh5mRFlGymdLlWAtPAvH9kDLkc/RTDyMlmDuMc0kqXdZiqZsxacdJh5G SjiPlAxRa8Ba+uaVNPLajcqIrH8tY6w6UuhRSFk6sDy7CvsgEwWHeRQ/f50tJijViIBMTVm+ blrwJt7t2E8FFjwjCU/+mbj+SZcuSvRgeY5JWvLcTRocdm0h43eTRaXWnUPUUVYLlm/lWHWO mE0THKYvh1cMl4lcSXU1ZkstWEv/63tGHDGfRsKjhlHPbQLbQAiftEc2tZR1Acv7ktU54kQS Hm4gXf4An/Hw/NT6AhNaygpAWqgc4nk6CZ+Q7lpVPCzg00j3UHrKasHyP/34iSaS8F1Ns3I1 KOBPGok1SFlBSAs64stkEh6mZ1qVcgFrQMAPOOEAZfkPD5kM0zQSHnQF4Ir1wDfiSdTgPgxW gAU+g+Y+yZYFQB1f2wVlM2DL2cDu5RBlBQgPyRyup8nCQ5xq1JpBz5KnoWsxhQFYcZBXuFj8 JFl4CBZsNJA9aos2VoMtD9IhLwxDWmga0ymEFsSpWkGwdDILGbveoU3ACjL/GenyMgVY8EBT utWZcqpXDY0u/R5q95CbySmEFsQJnlhNt5oVJRu+x5cPG1aIiKejrQm0A8QJnoVOdmpGORnU 0UsMwFqEKsdXTeKHECd0kuZdOTm4weLQ5C5MwArEw58BW+7Qd2z3DAEMefaazcBhRiiMwFoG o5Y0ZBHJvv7OFIYMGyCehx/WwAtDiQc0WROi9ZrJlQOs7D0YS5gIh4DiAVdrn+qmoWrTEC7L O5NnNcEqlHjoSohOhZZUOQBDLsjMDKsVD2H88GLa39OhJc05QKxMVhlDLwzoh0m0qyZDS1bs 2RirytALA/phS7mT2ZYkjAapgcDC8t0crDjU829wL9AJ1sT+Ygi5/Z+hDxh6YUgRv8KxxgRr Ym8xrM2xqo0NK5yIx+X7oW19hAZLXKYssLLwwoB+iC0KovUvLFZi2ySr77TwwnB+SBpdTICW 0JDL6httvDCcH3b9t2Dnj1XIYzV8q69Pq9nJrcAK5Yd0uiGDhJQQbLcWKBksWNLKC4P5IUMk qIJaOJpnFlw0MTubp1wsZuCHzCug6Q5FXMy0fNtGpLklWKH8kGtlBIlkdQzr8GhOrOjR0guD +SFPu3DOw7giaXvwk1jbr60XtmCtw0x43BOKQYwL1cQGnw7TkVuDFShPUwsfC9CRRu9lqQH8 HmRWtmuutRcGy9MkonsjV/RtXG1+Bk/EP+tftTWsYH7Yb6GC21U9n/1y43qP8rIf9k9oD1Yg P5S1BUav5dUXSU0E+ykAkb0XhvJDaVtgbFyxt3XxBx+F/3KZTXvDCrZ/KNck+8QjXLgtINcH y8YmncAKkqFTHDzCi7wHuAhUz05P7+aFoUKeQmWwpC+hm0GQd8Um6gx67mRYAQ8BngdswrkN 6c9rV+vG1SkSN8MKRfG6QKqDK7bHqzOqKH51nuYqcgcrhNTSNqtjjIM0vzQav3va/uhjqJmu Z5EVUmqVA9NeU1+KnkwAA4dXWpcLWmTi6hLA2bACUXw9SCjUoaKBRmy/hz0DFGnGUDtTVuls WKEo3mTefzm82qpbb2+Hw287QPvHz2H/9vTE/Uj89mVouwHoHflhgKyWIaP8CHhpB7cgZK4O UY3wwtYPA6j4yvggLsdGGqAOZ4F4dlPTezAVb/cypG2dAicJoVWu6xIYZViBKN7+qgW4kNTb haQQTT3BuoEXCjsr7GPtyg9jDCuQeijD3jx0Fg7JOMMKo+JB0CNHzl5YRuPBiufgh1bOtHJ9 qnFeGEg9FCH9MHEsiVCPNqwwAWId8DBb5frZ2WjDCqQeknB+mDtaLfBgWGHUQx7OD13nIfdg WGHUQx1sPXT1QpD4MKxQhTEC+WHmuBaWkS+wYu+mVQS6xQFcdWHixQuhH24D+GGIlLWsleOk hhVGmKZhdiVdP9aXYYUxrTKI1HI12MqbYQUxLRAkn5E73llPvRlWGNMKIrUcRZZPwwqSMa1m 5Ns+DStMOJ34nwBHevdrWEFMyz/Fu9K7X8MKwlrAez4jc1PPvg0ryIKY+y4S7rjA+jasIKZV e1YPuZtf+zesIKaVeTUtV7f2b1hBTKvyWpsmd1uxQxhWkORD6vEjgaMUSQIYFjStlxmb1snN sMoghhXEtBJvHwkSN04NY1jQtHzHvqU30zq5UeopkGG1phXN1bSA22INQhkWNK21f9PyYq25 m2HlwQwLmpbveDr1EiHWbobV1qhaLMKh5TuerrxYa+Y2i1lAwwqiTFMP1lq5TWIV1LBCyIfa QxyVuPlyEharEPIhGy0fTm6ufArqhJjjPafswNiPrN0kDQjshMi0fHP8aeRHpm6mmQU3LGha ATj+ZXKsq/CGFYrj3R3R9ZeTCQwrCMfnIxwxcXuc0yRYheD4JnGWptkctTtvWr4zzLVrQe+T 48ylExlWkDSg40u7gnyayrDCOGLqsm60GRYXsgMTYhVCbIHEHi2QOq7M0zkhNq2XALS1sn5n 17z7dIYVxhFPtj0uUscpa6flYUqwAjgiRGtlh9W/ZvZOGMgRYTMc0+J8sJTfupn5ShgwxQyN xQwtiNWquQUnJNL0HAItk6pztXt/qPQKWEHT8n9fLDWqOgZL362cXX2xuApa/nsOfQ5XFR1T Dba6ElatIwY4y/45VNJuH7ljBZKrOGEw2sLlJVUV6FA1TddCsOm1DCsUbXUVAN97E0GK1LgW 6jxdESvoiCFapX2SkkXvTIWL3z0pf+RavLqKruaE4WiLKwv19Px2Ga+0SM+z6xfWyVWxCkVb DVOjTRirL9dPhAXoF1cd4ZqHMgX8+FJiI4KpxeLqaIUqgA9+uEpiz19jbPgUXdkJQ5J8B9jh sH8/HL5GOns1B6wQWtP1wxyRWowWMxhT9iy8XXJn0TrPGqt0NliFXBL95TIe5gLWct5oZXPC CqH1b65YneaF1azROkUzIqxJ5NbIjM9iZmOSBo9/BKuZolXNE6tZojVbrGaI1oyxmh1a33PG CqH1MiusHhZ3tP4CVgitWajT0/yxmg1an7eAFUJrNQusFjcwgreINstf3QRWCK1r5k5R89LF 4nbQup7gui2sUA7iWjSPDpYsFjeG1lWI60aWwT5a0xMXcsEbw+pKxIVc8Pawwmg9T+iKuPvm 4ibH0rWJrONJkuSGscJojWobasvsN+mCnCvGH1Mxe7S46bGchLnA7ZvVZMb1nfwRrDBaI843 DnogPlG5+BsjCuiLAJ+mfFj8lbEMBRfYR3/KrFjj8iwjuk63iz82lt7h6qzqYfH3xtLD+WyG 1l//MFR+4aKH5Bd/d9D22L8eqOpPQ8Val+zWlyVSfx0qDq4LXpb++LunF54eFv+TwXXMNnRI vgP3/wYq3rxawN71t016jbcX/7sh3Ph6ens/fPF9tNte2/u3J+EHF//TIb9T+ASHvIf74v89 IuPxsLgPI8DuGBlBdsflPu7jPu7jPu7jPu7jPu7jPu7jPu7jPu7jPu7jPu7jPm50/Afp38HS 2d933gAAAABJRU5ErkJggg== --=_north-22386-1572171123-0001-2--