From owner-namedroppers@ops.ietf.org Fri Dec 01 02:41:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gq31u-0006m3-7b; Fri, 01 Dec 2006 02:41:54 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gq31n-0000AP-Sz; Fri, 01 Dec 2006 02:41:54 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gq2vn-000BOI-9R for namedroppers-data@psg.com; Fri, 01 Dec 2006 07:35:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gq2vO-000BKU-Np for namedroppers@ops.ietf.org; Fri, 01 Dec 2006 07:35:29 +0000 Received: from open.nlnetlabs.nl (localhost [127.0.0.1]) by open.nlnetlabs.nl (8.13.8/8.13.4) with ESMTP id kB17Z0hS047395 for ; Fri, 1 Dec 2006 08:35:01 +0100 (CET) (envelope-from olaf@open.nlnetlabs.nl) Received: (from olaf@localhost) by open.nlnetlabs.nl (8.13.8/8.13.8/Submit) id kB17Z0nF047394 for namedroppers@ops.ietf.org; Fri, 1 Dec 2006 08:35:00 +0100 (CET) (envelope-from olaf) Date: Fri, 1 Dec 2006 08:35:00 +0100 (CET) From: Olaf Kolkman Message-Id: <200612010735.kB17Z0nF047394@open.nlnetlabs.nl> To: namedroppers@ops.ietf.org Subject: DNSEXT list policy Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8 - List Purpose namedroppers@ops.ietf.org is the mailing list for the IETF DNSEXT working group. See for the wg charter. Messages should be on topics appropriate to the dnsext wg, which are various discussion of the DNS protocols or administrivia of the WG itself. - Specific items that are not not appropriate for posting Calls for papers, announcements of events not directly relevant to the DNS protocols, etc. are not appropriate. Discussion of problems with particular implementations, announcements of releases, sites' misconfigurations, pleas for help with specific implementations, etc. should be done on mailing lists for the particular implementations. There is a working group for dns operational practice, DNSOP, whose charter can be found at . Items relevant to the DNSOP charter are to be discussed on the DNSOP mailinglist. Discussion about the quality of implementations is outside the scope of this list. - Moderation Moderation is based on "subscriber-only with spam filter". To counter a certain class of spam mails messages over 20000 characters, originating from list subscribers, will be held for moderations. Questions or concerns related to the acceptance or rejection of specific messages to the namedroppers mailing list should first be discussed with the wg chairs, with followup appeals using the normal appeals process of rfc 2026 (i.e. follup with area directors, then iesg, etc.). There is a mailing list for the discussion of ietf processes, which includes any general discussion of the moderation of ietf mailing lists. it is poised@lists.tislabs.com --- NOTE WELL: All statements related to the activities of the IETF and addressed to the IETF are subject to all provisions of Section 10 of RFC 2026, which grants to the IETF and its participants certain licenses and rights in such statements. Such statements include verbal statements in IETF meetings, as well as written and electronic communications made at any time or place, which are addressed to - the IETF plenary session, - any IETF working group or portion thereof, - the IESG, or any member thereof on behalf of the IESG, - the IAB or any member thereof on behalf of the IAB, - any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, - the RFC Editor or the Internet-Drafts function Statements made outside of an IETF meeting, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not subject to these provisions. ---------------------------------------------------------------------- $Id: dnsext-list-policy.txt,v 1.8 2005/01/12 15:54:51 olaf Exp $ -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From maidofhonortoasts.com@endoflip.com Fri Dec 01 10:35:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqAPy-0006jM-Jh for dnsext-archive@ietf.org; Fri, 01 Dec 2006 10:35:14 -0500 Received: from [208.251.146.98] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GqAPw-00054X-TN for dnsext-archive@ietf.org; Fri, 01 Dec 2006 10:35:14 -0500 Message-ID: <000001c7155d$d8652e80$0100007f@localhost> From: "Elias Bailey" To: Subject: About your health Date: Fri, 01 Dec 2006 09:38:05 -0600 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C7155D.D8652E80" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Spam-Score: 3.8 (+++) X-Scan-Signature: a0ecb232550b38fd41a3cf6a312fbabc This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C7155D.D8652E80 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000E_01C7155D.D8652E80" ------=_NextPart_001_000E_01C7155D.D8652E80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Please view this as original HTML. ------=_NextPart_001_000E_01C7155D.D8652E80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
chwryyjhstkn
flurriedaccordedshames
cudvrwipyn
calvestoilingsparkled
ctuyebnuvqk
sedateunderskirtsales
qrlbuoset
christianityluciferjocular
naqwixgqbod
roofingactivelyboudoir
eyfbiarfryga
paintednichesmissive
moaufmnphcw
opportunistsfiftiesviolinist
------=_NextPart_001_000E_01C7155D.D8652E80-- ------=_NextPart_000_0001_01C7155D.D8652E80 Content-Type: image/gif; name="pict64.gif" Content-Transfer-Encoding: base64 Content-ID: R0lGODlh5wF8AKIAAP///y9j/X9/f9TQyMoAAAAAAAYGYgAAACH/C05FVFNDQVBFMi4wAwEA AAAh+QQEyAAAACwAAAAA5wF8AAAD/wi63P4wykmrvTjrzbv/YCiOZGmeaAoUhQqxHczBslO7 eEm3FnszO88PNVzxcsiksuHzLYouaO9onFYfUmbTKckuM8GKNzyjporer3odO8rSJvhFPjZH 5E87G9yi64F9f3tYeniDh4gKN2RNgDWNeVBbblxVkC+XjoqBkZt5d4WBb5eQZJ5clUajqjyL lKuMZlubj5y0lE+fQZmThK6ks7G1w4KJxiCuV6srum6eV4Cfyq21XX9vltSK09a+0snZqaq0 z7iVptinnNVa39rL8LCi7tJA9OXmpe/Oj8f+JMli2bBV70dAKuiKoZG1jiE0TL3AscuGqaCd hA+H7CKoUf9bM4r0nMiLBq7iQZII87X7x3IEux2zWMEcFbMeSHXRQBFqZ4oVhYU5iYm8hgtf o5PujtrqiQ/lTW59oKbMeDHYVKS3hqLK1LIrH2APn00b2u2jWbE7B/IkeOtnqKBFc6oVKxDr zY04557EaInZyLNhq9nlq2WrOK+IJwDtaPPp3LyQw66cjNMgW8tpm6LdbPEsRqx4HWuufJna zMiE6Zamylqn3MSwXa/sJ/ges9nx0GaR1AoktmWB39qGxlauYJWe63LkfS8McOLINYt7adpo 8FzmGsferh26UNMpeS+fKLmwt7vAn8ska/GVx8fUlcJ1btV7xUjRuU4kzN7ROWH/ogFDDHcE FmjggXEU05IhCDbo4IMQssGghN1FaOGFGGaY4HZcaejhhyCGKOKIJJZo4okopqjiiiy26OKL MMboDwE0ymjjjThmSCMBOfbo44+x7QhkixOWRZkOCobQ4RlJDrmAkE6qWKRsryEZRZNWbgel AlvuuCUAXXrJ45M1clmmA2KW+aWQaTbApphunokmnGZ6ycCban4ZpQpAEYFlG19MuYadYIZJ J6GFHmroA2meCeWjjZIJ56KMRpoonZc2iuieHy3pE37foTdgW2sx9Fdh7k2lGnmhNZPff7kY Fd4+nCVa55iQ4pprnbfyOmeeY9oqbLDCZgpssb/eeamv/8ZqSiyn4WhXFHWu5kabM5oQV21V qsHn0XMzmSrrt+TSuo1UW1Wq67HD7touu3EGS6mezNKbaQT2rgkvpdCiptBqg0VXq27cMjdc twGXx1pJ6HJjXHFF4Iknr23uWrGckmZMppl3tslsvBLkK6e7xdobZWpZAXzVrFrRxFhS/VGm Xl4JG+wvXH6N5XLMEyhaaMeQ/ixpnkIn+7HHzcqLscYQiEwsyfz2i/JxTgG2kGGYJaewRG+B q/J9N4fkV6qS4aGovrmOTCimIB99NtNOL8000HSX7KjcJ6/28MIrV3lk1pAxRXCt9FUd2Wup ufyp4Y1BcbbaaT+9NqJpf7xsvf93P2srv2v6OrnSoPdrtUPSxQMxP7o0Pq3AuFWYSm7k2Kye 1wXZdnrTn0MOrO7rZj70ppcnHXrd7/4eOee+i/5URwLax5SA7g3ES32gMJwtfv6JlrK008W1 +KeAG205svSiTfzmGG9qZ9R6Tgy0oeZjrrnyygtK//34+2h//vz3/+L+/gugAAdIwAIa8IAI TKACF8jAfxjggRCMoAQnSMEKWvCCGMygBjfIwQ568IMgDKEIR0jCEpqQgg3UQAQFwMIWupCF J4yhDGdIwxra8IY4zCEGU5iBFUaghToMohCHSMQiGtGISHCWEpfItgz5EAIsBIAAjkjFKlrx ilgsogr/mMjFLnrxi2CcnwieqIAABGABMMyiGtfIxja6cYIoCKMc50jHLp5AgmbMIwDOCIAB DACIFVSADQUpQUJu0JBvtOACEjlIADDShCRg4gjqSEkvkgCPeTwjH/0ISBQ6coSIhGAoDTDK C5Zyh5+MoCBPGUNDlpIBpkylDF/ZgA6y8pEcFIESc2AyF0jyAytkoRn32IA/TjGQsgQhLeGY TFR+cJGivOUsU3lKaUozhMtUZjNx6cEPLNFEu/RANIe5R3Iu4I+qJOQqXQlLUlLTkbV0pzyh yc5PrtOe+DwkPRepTn7C84HxdOc793nPUfZToABtp0L/ec9o9hOa0SxkPhsq/0+BHhSfF2Xk Br7Jol9i4IECKGcmzakAdAI0oQid5zsrWlFEUnSdJ1XpROG5zUBalKYqTSdMUapOlh4UpZ5M aD59OtOX4rSl2wzlRZdKVIsi1amJzABHYxROCxggpJmUgEnT2VR2NpWlXOVpMncq06RCNKb7 zGlEgapWtv4UrGH16lfJ6tWf0nKhb4VpXVfa1qhiQFM9muoErurIPPpRjwzYai33GlG5ZlOt i13pWTVIzcYe1a18TStQ5cpMzGIWlpwt6FvDKtG15pSxQvUnLi1gqT05a7B7NMBISVrSYzJV rJZd62P1OlPLXlOVQSXrV8FK16HCVbeZ5atpUUva5v+m1rPFHS5b/UoBpEHrtRB4YAAM4APE FtO2vcWteDUr3tOG17y5DO5lh7vK8ua1pu/17ElDe1njOve26HVvZX9rxQpYV3SAfQAEAxDS CSgWtAFNcHGLqtnI5va4Nu3sQ9er4IFyNqUOre9An8tejMpysg54aoiRSl6o8reKPWsiCGbL RwzQNgIvHkRrIUpgCmyVmzjOcQ5PrOMMphh4I4hxBYTsACLv4b9kjMCNe8zkJoOypk7OJb6A TAJy6tG7Iy1jViWQZZFqMssk3XIk2bZCP5r5zGc+ZpTXzOY233DKvRSBOa3MRzovwMgMoK2d RVpOLfvZBJsK5gsHnUY3G/r/0IjuprrwtuI6t3jPYv4zBfRc5zs7WsuRHvOZEs3pTnv6yb8S Ywj23OdSY/rRLZ7Ai79s6T/jOQSIQrOsZ03rWtv61rjOta53zete+/rXwA62sIdN7GL3Gnei HvWlXb3sOVeay8/ms6VZbepUl4BQhM62trfN7W57+9vgDre4x03ucpv73OhOt7rXHUV1qaDL 075ypr0LbWuHmdqn3mKcecjvGTHaQpQ+MpSMTfCCG/zgCE+4whfOcGMvWkQBZwOhGk7xilv8 4hjPuMZ3/fAPwRveX7CTHxUggI2b/OQoT7nKUe5ufot8AH0s+cpnTvOa2/zmtm65y2s08j/i /OdA/w+60BXOxX7bqucy93UBGr70oTvd4E1neNSffuYvGl1ISMf1Fgaw9KkDexKy7rofva5r r4td4VsfdtPJXuxJsJ3Wby87mt8ed5zT0d/JvhDWYe7zW7O97nK39dQBD/e5Mx3hhBd24g0f bLMX3ulFb5u/SbT3mGvd8Gv3gdJnvfWua77XUV/72D8fejMv3vRhZ8HYUc910nP99U0Yvepl //W5f771s8/86Vd/Zt2L3vO7N3gdzRyvvA/K+BGqfN8Fj/nXs37XZB+884P//N/33vnYD37c zw776+ee99jvvuKvj3rpcx/0zS9/65+P8EruiNbF92/m4Df/kNXo/hLrVf+v8k/l94Hpd7fS f8mSdX4Xe2InfbwGduYHfujHe+dnfedXdrFHfme3gA7IfhG4eRgYfgf4dQrofRzYfu5HALcm eSnGJfrXOyhYNJXiOUozJ3Xzgv/GMTR4NxyDf/LHIwTIfCAIdgkYdiAYfuhXej7YgdQXfa4n eup3gbJHetS3gUu4epmngeXXeSHoayNII8JmgvaHPvjHI+uDg1O2MTcoOfqCbPKnLEVDNGL4 Y33Ed0lXa46XgT/IeFLIgEMYhT0ohLnmeBeohHfIhHzIfnXIgA94hdCXfkGIh7RWSQnHhfYH hsdiMTNog2VIhmqDhtU1P5aIgzPIKzsoh82HgIn/aIeqB4ibR4Tkl32/5oesaIivWHpQSIUh aIGM6HeK2H2kOGuU1HCQCGfFQ4mSEyduM4wsKDdtSINkuIKdKIksCIyh+HhLOIEJmHaax32z R4u+t4pPiITZOHiuB36554RPiIfUOIHAR4vTl4TUWHVdlHK/iDuY+IJraIx0EzXG0iz7Fyah ZoaT6IybqINwSHUEWZA493ZMZHPxyEDKF4dwl3Zt54MF53bl2HgQqXIUSXEZuWsJeXMLuUAN aZAiOZIr15FA95EKFJIkuZIs2XAmOXQomUB710ItWZM2WWxcVJAxiUB7d5M++ZO89pI6eT47 J5BAeZRI6UU1uZMHJCTs//aUUBmVUjmVVPltO+JtXlSVWklo8Xd1n2h0DSKAliQiApiSPHdz W5mWarmW4uYlL8REVPmGMyc+LmZtckZpdukC9BZHZ2lzavZpgPlAXgJBTIRDfEdzdHkBr8YB q5aXeumYmvaGJDdzUwSWHRCG2KUBvWYAhzmXTJkEjfkFi+lNZ2l5K1eZlrlRHsUBMGcBU9SZ uuaQBxdqdelsmfYAkTZMztZnWWWbqfZxt5ln+OZl+TaaoDiQp3lTqZmDmekBsGlrrymXsVmR uUabGXBvkqZql4ZYummbxFRqkNZskMlnoYlp38mckrl8gbeKw4aay8lazQkCz1lr0dlrIUWd Jf9onYr5m8sGY1sWnpKGl9xJb8HZAKQGnBrwcqZph0DIoMLmnu/5Y/HpnNIJnZxZodAZRYNY bB23n8KZnUUmnswWoPbmmLm5lwYqotU2nh0XjeLXoOz5oMoZof0YYCEwn7RWn7jWbudkdrf3 a8iGfK02pEYGoAMqbaYWoCMKnuMpb0uapOiZnrL5gOhogOv4jePodRDKJPhjRyKAo7Omo9D5 AH8ki7eoa0FqAbMlbSgqnP/5ZdvJYr4Zb6jWptOWpHIKcpF4Tsi5iLYIe6h4iGE6oyfwJ4E1 YyUAprImpjlaW0knAGZqe9mIa3AmpP2zJdEoi3+KjYu4oVvaMuEyDyb/MQ6G0Snv4QuvEDsE 8l8m0Jlul2YXemshhXtLB6kxCovVmaYMeSaZynqbmn3WGHpkt6W3cRvYgi1YUA6xgqyLcC4v sKzQGhVasm9fKp0XiU6K+kd9FHq2yo2neKvwB4y7GiyZio6dyqnSKITEGhW9Ia3segfQ6qyk 8BjPygTRWqw38pw/ykmxSp8r0HvRl4uLt6cgial9KoTYmLCviKt4uK45kzPtiq/2Kq/Fyqz0 mqwTa6wPiyPzyXaMuqiIGKOCSqmVWrC8erB+eI20R6VZSnto5rDu+rDvqhuxsrEWaw/42qzn cqwbm68YmqP9mqMbyqAjm5+6KpNy4qImR6w9/yut26AqoFKzWSETDhMc4ZEyhmoi2Qqr2cpC ixesk2q0R9sBdvpuxilwSXuwD3mtBMe0NLoGW2tmHxt23UpxEmqpuMmiZgsbm6K0G+e2b/sF ccuvcbuvCheQXylmenqn8kZnrOakecuk1NabjbumxEmeejs0iaW2Jwe4gasEg4utP3tyUQpt JKqdvCmijnueKTq5usmkvHm53clsmgSfGOO3Gue5n4sExvRtQbtytjtp/Ylns2uk/QkBAEqk j+tlvklqzPksnMRClEmou5sEHxS6Fme7eXegenuksOu8kQu7yutnc1qez+sAOCebSLm+c1lz 2pts3Cu8Kjq7UBqiruP7od97v3MGopE4PzhXvQfivu9bb3VapPx5b3KKvPQLnLvZnVg2oGWr uQ/AlhRcwRZ8wRicwVH5VyrWaChSlgAcwr7UwYxZoB4igOybwioMlAnKqq7VSyscwzJMkhyA qE5SljOcwzoMkzVsoz/iwmikwUI8xERcxEYclx7gw4e6b4HZxDm2bp0Ga0AMIzYswlaMCFO8 IlV8xVwsY1l8IkrcxWKMtiQMTmU8xmisBlVVIl+cxm68BIIFIm38xnScBHGMIVtcx3p8fFnY x34cxnscyF78x4SchYJ8yMdQyIp8dx+QAAAh+QQEDwAAACxOAFoATQAPAAADMwhQ2v4wyklr ZTbrzR/uYCh+YmlS5Kmu6eqOb1y2cn3ZeEbnvLL3uR/QJhzKisYXMnlKAAAh+QQEDwAAACxO AFoADwAPAAADIgi6zNVwvQgndbeV/XjsEgWCHzCKZmptoeqsGRYrVlxnRQIAIfkEBA8AAAAs XABaABEADwAAAygIutxQLi4oI1Xl2qYdzc8DZl8oYlN6lSi6qgz0ujFGzmnl6Ttf+5MEACH5 BAQPAAAALGsAWgAQAA8AAAMlCLrc1ZC9GCd1F77CV+8KCFhiOHKklprOOmonGotWxto3XttF AgAh+QQEDwAAACx4AFoAEQAPAAADIwi63FAuLigjre3iWWjHkLd5mkRuT6oqH9OdbFmOqFtP N5sAACH5BAQPAAAALIcAWgAPAA8AAAMjCLrM1XC9CCd1t73CbZeeEgJcJYnWKaLquJXgmK0z XadZkQAAIfkEBA8AAAAslABaAAoADwAAAx0Iulv87jU5KSjYRaWv514Hdhv5XVkKWpvUQtaV AAAh+QQEDwAAACydAFoAAQAPAAADBAi63AkAOw== ------=_NextPart_000_0001_01C7155D.D8652E80 Content-Type: image/jpeg; name="image60.jpg" Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAJgAA/+4ADkFkb2JlAGTAAAAA Af/bAIQADQkJCQoJDQoKDRMMCwwTFhANDRAWGRQUFhQUGRgTFRUVFRMYGB0eIB4dGCYmKSkm Jjg3Nzc4Pj4+Pj4+Pj4+PgEODAwODw4RDw8RFA4QDhQVERERERUfFRUXFRUfJxwYGBgYHCcj JSAgICUjKysnJysrNTUzNTU+Pj4+Pj4+Pj4+/8AAEQgARwIRAwEiAAIRAQMRAf/EAKQAAAEF AQEAAAAAAAAAAAAAAAABAgMEBQYHAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUGEAABAwIDBQUE CAQEBgMAAAABAAIDEQQhEgUxQVGRE2Fx0SJSgTKSFKGxQnIjM1MGYsKzFcGCssPw4aJDc4Mk FgcRAAEDAwIFAwMCBgMAAAAAAAEAEQIhMRJBA1FhIhMEcYEy8KFSkcGx0fFCFAXhkiP/2gAM AwEAAhEDEQA/APQYgJY258WtAa1p2YAYp/Qh/TbyCZa/lHv/AJWqnqt5c2lxZOjIEEsvTnBA 30pjzVRiZHEXUkgByr/Qh/TbyCOjD+m3kFkS6jefMaqI30isox0xQe+QMa796ddajdx6TZyx OHzV0Y2h1BtcKk0V9mdLdRAvxDpdyLHk/wBiy1ejD+m3kEdGH0N5BZH93mGgC/wNwfISQKZ8 2WtB2KW1GswXsLLmT5u2mbV8gYG9N1K7QEHakASSI4khib43ZHci4ABLsXGj2Wl0Yf028gk6 MP6beQXPt1LVH215eNumNZaSOYIXMbV2U0oCrt9qdy3TLSaABlzdljWilaZhU4FM7MwQHFTj 6FnS7sWJawdafRh9DeQR0YfQ3kFX0m7feafFO81kNQ87PM003K2s5AxkYm8SysEEAixqmdGH 0N5BHRh9DeQT0KXKaZ0YfQ3kEdGH0N5BPQm5QmdGH0N5BHRh9DeSehDlCYJHMzMB2AZCdozO ypTFETVzQ473OxJTHfmHuj/qKbehJM6EP6beQR0If028gqOk3c9zJeNmdmEMzo46ACjRXgqr 7rUJtVurSK7ZbRwBrm5mNdXMBxotO1LKQJAxDn691OcWBY9RYLY6MP6beQR0Yv028gs6K7u4 tYFpcSiSF9uJGkNDavb7zge2hwVD+7ah/bYrtzwDPdCJvlH5fDZxTGzM2Iq1fX+iR3I8D/Rd B0Yf028gjow+hvILH1CXVre/gt2XTQy7e4M/DHkAIpt27Us02qDUYdPZdNY4wZ5JTGKFwLqm h2bEDZJAOQrEy1sEHcAehoW91rdGH0N5BHRh9DeQWbp2pzyWl5JdFrzZue3qsFA4NH/JM0LU by6fLFeODnhjJY6ADyu27O9I7MwJk/2Xrx4JjcBxH5LV6MPobyCOjD6G8gnoWTq0zow+hvII 6MPobyCehNyhM6MPobyCOjD6G8gnoQ5Qo3RNa0ujGRwxFMNnFOzmZ1DgwBpoN5OOKHnyO7im w7T91n1IFkk4wQ+kI6EPpCq6vevsbCS4jAMgIayuyrjtUFtJrENw6K7InidEZGztaGhrwK5M KKxCRjk4HBzdrspMgC1VodCH0BHRi9AWSzVrgaAb+QgzklrTTCubKMEttqd3JpN3PIQLq1L2 kgClW0pgqOzuB62lhfVLuRpescvZavRi9AR0YvQFDaTvm06K4cQZHxZyRsrSqyHaze/2u0mz tjluZTE+4LRlYAaVpsSjtTkSAbSxvr9BOU4hn1GS3ejF6AjoxegKlYz3sQnF+RJFFQxXTWgC QO4Bqti7hyPeatyENc1wIcCdgp21wWczjLEyHGhTBBD29U7oxegI6MXoCr3F6BDmizB+dsbg WEubmI2t7jgpbW4MxmBaR03lgJaRUCnFR3ASwKbh2T+jF6AjoQ+gJ6FbniU2TOhB6AjoQegJ 6EOeJQyZ0IfQEmZ0VWsODh5a40OZrf5lIo3+832f640Ct0k7oRnEjMTtLsSjoQ+kJ+9YQ1i8 j0y/mlLXXNpKY2UbQYkNGHNVCEp/HiB/2splIRvz+y2ehD6AjoxegLOgvrw6nbWkxBbJbCWQ AD3yDX6lAzWLl2s/L+X5N0roBhjmaPV95V2dytbRyvol3I0vU4rY6MXoCOjF6Asue61K61Ke zsZWQNtWNc5zmhxe5wrTEHBR3OpalHplvKW9C7lm6Lw9mFMfNlKY2ZnHqDyaj1D1CDuRD0NP 2Wx0YvQEdGL0BZ1rd38eqf266eyYOj6gkjblLe9QR6xcu1noHL8kZXwDDHO1vHvS7U6sXaOd 9EdyNL1OPutjoxegI6MXoCb83D1eljXNkzUOXPSuXNsqk+ah6nTxrmyB1DlzenNxWOY/LldX RP6MXoCOhD6Aqkd+8lpLXESTPjAyHBra0+pXkRmJWJogMUzoQegI6EHoCehU54lNkzoQ+gJD G1gLo/K4CuGz2qRNf7ru4oBL3STPnx2oVNCpgk6uWv5Xt/lCpfuCEyaXI5vvwubK08MpoTyK v2IBiNfV/K1WKDgiMsZRl+JBQRlEji65q2a5+ialdOBzXTpH47aDYo8lxczaTbQO6b4IBNnc MzQe0f5V1WXsSUG8LT/INTiHJJHJwyjtWrYAfd1x/QuBpeo2JBfJbTtkwG1pNCWj2VVmK8gu tcsprV0pY/CYmoZnDMGgHgAuoypAymwABB8h3eN8tfyDFHZqGlZtOBdchFpttNZalcvjPzEU shjcCRsx2bCpnOur650uKKTLLFB1nSuGYB2zEb/dXU0HBIe5B8mRqYvfF6s4ZHZHH1/V1hft 0SQfOWMuLoJag0oCHYYD/KtlS0HAIoOCynPORkzOrhHGIHBRIUtBwRRo2gKVSiQnlzcQB7Uw 47UwEJC7gmk1TsE129CEz/uO7o/6in3quPzD3Rf1VcoOAQdEgua03UrSyuL9ly5zHPuHuZRp dUVPBRTnTW65ev1CMvY5rOmaOIrlb6V1dAjBbd8ZGQiRlHEtL0tTks+0WAcNEuKLmtdeIo7K /thRjWPjZgRRsjKMwPeo9Rt3RaJpsTW+YSxPcOBdVx+tdTQVSZRuwQN8gQDfAk3uKt/FB2nM i/y+v2WHrGY6vpRGwSPqfhUV7aQXn7hiiuGZ4vl6kVIxBdvaQuhyhFNymO8YswYxiYuDxq6Z 2wXfWQl+i498j7fS9QsmZgPmOjC3EkNcT9YarVtb3Wn61aNme2Vk0JhDmty0DBgPoC6ag4Io KbMFR8kkEYjqfL3DJDaqC/xZvZRIUtBwCPKOCwWqiQnuLRsAKaSCP8KIQkJTKnfinYJCmyEx x8ru4oh2n7rPqRIfI7uP1J9qAXGvoj+op6JcFm/uSN8mlSZBUscxxG3yg4n6U2DV/nbp8NqA +1bAXySFrg4PofLU0H0LcyjgEgjY33WgdwAVx3IiGJi5BJiXs7fyUmBycFqB/Zcc0yTaXplj F78873VOwZXUqezzKWlxbSaxa3Dg980PWDmijSd9B/mXV/h/w/Qj8P8Ah+haHyDXooST75ZK OweJpT2ZlhaTqdk/T4LJslbhsGUsyu2tYa40oqVvcdHQrQSwtltJJXNuC4E5Wl3vNy7CuqAZ up7KFOLGkUIFDuoo70QS0SxkJF5V15c1R25UeVQGt6Ll9JdEDfRMc+XSmBpieaghzjjlrQ4b Vo9Q0NZBNHBNE4zimLTX3i3A5eK1wxgFA0AcAEgY0CgAA4UWO9/6TM/jRufunGDAB1lSubI+ WRhDmdW3aHDEEtdjTuqrFq4Z7ltRmEziRvoQ2iuhrQKAADcAEZW7SBXeVAgxd1QFVEhS0aBW gSGm4CitNRpC4BPOO6nsTTTgmAhMJqUx3vt9n+uNS4cFC41kb3f7kSYH2SKsb1y+pROGryWQ HkvpYJCP4RmzfSV1BQ2mYKtrc7ZJZ3DfuCpnDMAOzFYl08RfuRk592KzeT7Mx/wWO2C9j0qD Ui5pjFx8xkc2j8xOWpPCrV3AaOA5Iyimz6FcPIxbpdsQeYj/ADUy2ncvxb1K5eee3t9Uvvmn SRRXkbHQyR1qaBpo0trjVVZM8+h2rZy55N5ldmJrsIpU4rsSxhpVoNNlQjK3gOSY8gBumox1 /EMkdk1rQvpxLrm2xQaTrTmQAsgdbOkc0kuqW5nYVx+ys0QX0Olw6hma6Ntx18pBz5i7LXNw OVdvlbwHJJlHAIHkkMTFz05Em4CDsvYsKtydZZmibOHwPxfK0SW7qHNmp52bxhjXYkDm9Blv UdcT4s+1hIXk04Zd61Mra1LRmG+m5LkbXNQV40C48L1v+60xWU1waIXOIA+alqTsxMgWgpS1 pwLQfYkdlHDkqhFnDu6YDKNISAnkim7kmkDeqZNNLj3Jricru4p+HBRvIyvw3H6lQFQk6poT MeKFoyl1o2P5TvvfytVlVrH8p33v5WqysiqCRzg1hc4hjW4lxNAsmb9y6XE/K2ZhG52YY9yv 39nFfWclrNURyCmZpoQRiCO4ryfXNGutIleJ2vktXEhtzHTI4VwD8DlpwXT4u1t7jiUmOgXN 5E9yDYinFei//aLEAO6jcp2HMKHdgVoWGrWWoAi3kDntxLQa4VpULxqFxvZI7e2Y+aQAtYyM AuoXVO4816F+zv2/PYu+bu5A2YNLWwNIOXMcXPcKAnsC18jxtrbgTk0tAs9ne3jMAimrrrki bnoKb0nU4rgYruXP6nqs7rya06vy7IS3Lh5nYjHNw3rV06S8dG75l7JRX8KZhBDh25Via868 ZPI65tGz2hLOjcRto9tXN8jnbcditaBb3Nubl80TreCVw6EEh8woSakbsF2TjHsAjGJ9i9tb rKJl3NStLUX3+RjLFozONHvJHlHYCqNhfXRvnWskzbqMNJMrR7tBxCk1efVYRDPprBOxp/Hh ABcRXCm/swWfpkF/Pqvzgszp9s0GsbsMxykUANNpU7cR2pZYfEsdcueqcicgz39ltX938paP nAzOFGsB2ZnHb7Fmm+1K2igvJ5BJDcYmOgFBt+pIRqup6bcxXVv8tOxzXW7SMmelSRiSqZ/u 1/Fa2Elm63bb4STPwbQDLWvcq2tuABBwpI5uR8WoymZJNHt0+vNakl1d3V860sniJsYq55FS dm3mnafeS3DZYp6daA0c4YVBNN3AhVZWXdhqTry1gddQStpRm0GgwPtCk0u3ngbNNcN6cty6 vTO0NqXEkd6Uxt9umLYxx/LL+504k5Vd6vwZXm/mu7of6qvrPYayO/8AT/VWguaWi0CFFc3D LaCSeQ+SMZj4KVU9VhNxp88Q2uAp3gg0+hZzJEJEXAJCuIBlEGxIBWE7XdSmkzMcImHFsYAO HaStrTNQfcgsmAErcajYQuct7Yu2ihAoeNQ6q2tJgLZTIcNv0ryPE3/IlvRylIxkeoGy9Lyt rZG0cYxiY2IutdKkrTdVNL+zFeyy8tVtUu32djLcsbmcylAdmJpU9yxrO9v55XSW90yWR2Qu hfRgdhiGg+nZgtfUDdOtJRZhjp6eVkgq1w3txwxC5Mw3d3LJFDYPhu2mPNTyMjOU5ieGY4hd fjxgYSBEQX+Rb7g6LLcJEhU+y7cPOAIx3rH1XVpmF7LI0EJAmloCA47GCq0WZul0y/zZA0yD jloXc1zd5oeo29k4W1w+7GYE2zGkVJ+1tUePHbz6yLgASseae5ljQFdHbSukt4nvNXPY1zjs qSFn3F7dy6k6xglFu2Me8QPMQA7f3qAv1qw06zbbwuupn1MrXNLjGKCjPe3JdZbL8417tNN5 BSnVhcQ+vpeAqhCImXxkCJY1FxyKUicRcMzqS31h/wArcOno+a3oGuGAdU5RVMde6lBbw3ss jZIpjQx5QMMezsVey0u5ksrnrMEE1xQwQOwyhpz0PDghzNUuraDTn2roRCfNM/BtBgDXuK0x 2sjji2XU/BtPdS8mDvbpW1I5pYXN2Obm5iqmtPeP/ji+oqs+gYWtPlYzK08Q0UVm09533Ivq K5ZWWourKhvSW2c7gaERvIPc0qZV78ONhchgzOMUgaBtJylQLhaQ+UfULyUXdzSpmkJ+8fFA u7gt/OfXM4nzHs7VTDZ9hhlH/rd4Ia2fH8KXafsO8F2f5MOS+y7m1T4fZdX+yrmaTXGsdK9z TDJVrnEjDLTavQ15r+w2TnXwXRPa1sMmZzmkAVy0xK9JzAbVzb0xObjgvnP9uYnyulmwjZKs HWdVmhujZxvELemXmQgkkkGjW8OC2y8HdRc9+43XTXl77VtxZiI5Zmt/EifQ4l1cBXFV44B3 BkAQ2v8AyvL3KRoVo6ZNfOB67mTQZQY5mEE1wwICs30l02AmzYJJSQBWlAOOKw9CguGXclwy GS3s3xgNbLte4gYgcNpWlqkuox2ok05rZJWOq9hAJLf4a8Cq3IDvAAx05R90onoeo/iq0N9q EV9FazyMuOrg9jKVZXbUilKLUkLzG8ROAkIORx2A7iVzkIvb7VYZ4bF9i1pDriV1WgmtXHzA bVr2t3fT3dzDcW3Rgir0ZS0jN5qDE4bFW9AAgjEEReYDcUoE2JNTRVLq71m1MYkljc+U5WMY AST8KmvL29ilt7bOyB8jQZJnUy5sagGlNyhijupdemnmhey3t2kQPc0hpp5RlJ7yU3VIrkX8 Nybd13ZtaAYmY0IGII78VQEDKMSIPjlRrmwSLgEubhla0+8uJ5J4pnNlbDsnaKA40orJ/Mb3 f7kSztLjnbcT3DonW1tKCGQvwqT7tAeC0P8AuN7v9yJZboiJkRZmFuLKoE4h+atFDfeHegob 7w71gtFxX711O9ttXZDBcPiYIWuysNBUucufbrmqdRv/AMyX7VfOfS5XP/0aUx6+yoIBt2UP HzPXKi6GYY8fpaV73ija7G24i+I0C8vfjud2ZBLOdVuu1zVKE/OS7Nucr1Swe59lbPecznRR lzjtJLQarw03IIOO5e36ZVunWgcCCIIga7a5Grl/2ggBt4ACsnZbeEJAyyJNrq2qeqXbrKyk uWNzuZQAbqk0qVZLxsoquom5NnKLNjZJqeWOQVa4fabSo3LzYAZRezi67TYrIs73Up5XSW9x HO85C6E0aCCKkNDuGwroA/AA4Hf2LiTHPcyvjt7CWG7aY6taC1kZy+YmuzMcQuxicQxrXmrw AHO4upiea6PJhEGJDClqP9lntE1d1l3d1q8fUuHOZaxMP4cbi0lw+mqv2VxJcWsU0oyveMRs rQ0r7Vz97d6u5k1nfac65mqfl54mnKK4ZhlrVW2S6xp2m2rGWxuJnOf1GULzG3a1pyqp7YMI hoRk9MSGxb6ulGTSJqQys3mozfOm0hkZA2MVllfjjStE+O+njspbid0c4YQI3xnaSaUcAqGo wXFrqxvflHX1rJi5jBUtdTKahR2djeT2924xG1E9DbwvwJcHZxgezBPDawiXiA0Xs7vUcUZT yN3qyuQ3t+8xuFzC50hqYHUFAdy0ZaAPGzA4cMFz5iupbeK0ZYPinjcc8xGB9q3Xn8MgnMWs oXcSBQqd6MQYs2tA1tDROBLF3sqlUJaBCzTWhYkCJ1fV/K1WARxVS2/L9v8AK1S1CxN1YUkm V8ZYTgd6oPsW0LSQWu2jA1VrMKYpK8k4yIsUjF1RZpsEQIhY2LNi/I1rcx7aK3bWwiOdxG+g 70/MOCTMmZk6pCICfmHFJmbxURJ4pElSe5zThQEcCARhs2pK79pO0ptVXuXNDog8kMLjmoSP sngiRYOkSytVCjkkjYDI9waG7XOPiqBdNlcXOIfkwGOanT5e8nanG12nyNy5i0DIMSa1Cz7h xlIRrEOk9H4K06eFsgjc9okfi1pNaojnhlLgx4kyHEA1osm5Y83ZaGkueYXMwOIaDXHsT9JD hNUtLckIY6oI8weTRZx8mctwQMAzspEyZLVx27O5IKN3Kkxrg1rhmzZYziTtL6O+hPt3VkIq S7IDICT72Y12raO65AxbJU+itxGsjz/4f6i0Mw4rPi2v7o/6itVVSuFQU1RxTXgOYRVRlwTS SVKajNvC45nNBO8qVjWs2YcKJqSqkQgC4FU5TkQxJZSZuJSZhxUZKCcFalPLx3phIJJIFXUq QKE02V4ppKE0J1QkJ7VXunARCpIGdlSCRhmHBV2l5kb5iGA/h7TUZz/hx3KZbmJZnSMmV2R8 cbS97g1o2kmgUZu7YNY7qtAkwYc21VLghmnAuYZXeUgGp8+4nfgs+aIMYAysvUjcC8NIBkc8 OIApgsd3flA0iD0iXuplIi3Bb3cPbxRSoocRwxVS4Dv4hliqKEjzVbw3pkxyiQEuDG5+nQnb 5aYrU7jPT3TMlcefK6g3EK3akBzq+iP6iqZPlPcfqVmLafus+orQl4pi6t5m8QmyFpY4VGIK iqkLjsUBUqPRPFJ0jxO0q5lCaWqnWveKitWFk2YncVcz9qgAoaoJqhZylkXU2YcU1xa4EOo5 rhRzTiCDuIUSKoUqQuH/ABu7gm1CZVVZXkTuDXHODHkZU0ofewSlLECiTsrhx2mveUx08TXh jngSO91hOJ9ipQl7nRhziQSC4Au97KSQfbuUF0IZNQDHfh0yOkeQSXuHuMbwWc94iIIiHJAq pMqUC02zRyEta8Ocz3gHVonVocDQ9mCx9KafmBhQtiLZMKUcXk0KsNzBofV2bK12JO0vp9SW 3vGUBIx42QJOKhX67yceaAaygjh/uRqnC6stC4l2Ul7STg7NwVqP3/YP6ka2jLIOmC6uJRtC TckLqKVapalF1JwaZgGgcVT+W2eX6Oxacjcxqm9NbRmwAWZjVZroCcS2poBjwGAWzG4ZG445 RU760VYxhSVoFM5ZNyTiGU1WitKAk1J4nYkLxxUVUilUnnLUkAAupmIoCaYCpG2iK79iZVUH SO8/TcS6sgeKnBodh3UCUp46JEstLNwJHtUZkiDi3OAWirhXEDiVVgLjLi4uaGnLQnLi53Hb hvVK6iPWvhG3F8DTgNpriolukREhF3JH2Uk6hanzUGTqdZoYTQOzCle9PqNu0neTVc66lXSZ T0nGQNOU0qYg0buK1AHC2t2EuBERqASDmDMK0UbXkSmSDBmCUZE6K6STgSacK4JryMjvulUi SMHOcI6Ak1PvFnHvVlhJgaSaksBJ9i225uWZlTu6bQoTkLVJlaYMkYI8zHAE0xINBhTajqN4 O+F3ghCzDa3VpDKODvhPgm9QcHfC7wQhPpRVBkbwdyPgkMg4O5HwQhOiVUnUHB3IpM/YeRQh HSiqTOOB5FNL2Zm1BzAnLgdtMfoQhBx1Sqlz9juRRn7DyKEJ9KKpM/Y7kUZj/FyKEIohGccD XuKYwxAnJtPecEISOOqFdihZ0nHO0SENwqDSjqtr3lBkIwc1wPYKjmEIS9VSb1Bwd8J8EhlH pd8LvBCEdKKpDIODvhPgk6g4O+E+CEJ9KC6TqDg74T4IMg4O+EoQjpSqml44HkUZ+x3IoQn0 oqmuew0zA0qKVB21wS5+x3IoQkcXQjP2O5FGc8HcihCfSlVJn7+RTJDEadQHDjUYIQg4sXQp Yx1Dl90by7AU9qtOY1jqsOdpaAQCKgAYH2oQpl9kwyZ1G8HfC7wSGRvB3wu8EIR0806pOoOD vhd4JDIN4d8LvBCEdPNJBkFNh+F3gm9QcHfCfBCEDHmiqOp2O+E+CTOODvhPghCOlFUmcfxf CU3PHmcRXMaZsD7EIR00dKqXqdh+E+CM/YeR8EIT6UJM43g8ijP2O5FCEUQmMMQcS2uY9hOF fFWYYw5rnFwa6nkBIr7zTs7wAhCVG6UwpHSUwcHDiACRzbUJOo3g74XeCEJdKdUhkHB3wu8E 0yCn2vhd4IQn080F0nUHB3wu8EdQcHfCfBCEdPNKqTqdjvhPgkLxwd8J8EIR0oqkL2/xfCU1 jmBpyVpU1o07amv0oQjpSLpep2O+EpOp2O+E+CEKulCM44HkUF44HtwKEJUQmPLHAB9f+oKS INko0ENbTafKAPahCOly3yQLq38vafqD4ghCFPUqov/Z ------=_NextPart_000_0001_01C7155D.D8652E80-- From ririkachan@so-net.ne.jp Fri Dec 01 12:41:34 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqCOE-0002HR-AF for DNSEXT-ARCHIVE@LISTS.IETF.ORG; Fri, 01 Dec 2006 12:41:34 -0500 Received: from [221.210.168.75] (helo=so-net.ne.jp) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GqCO8-0000YF-7Z for DNSEXT-ARCHIVE@LISTS.IETF.ORG; Fri, 01 Dec 2006 12:41:34 -0500 Received: from bxxul8 (unknown [129.86.96.37]) by smtp5 (Coremail) with SMTP id RlYVXO4qc82mvH34.1 for ; Mon, 24 Nov 2003 11:32:50 +0800 (CST) X-Originating-IP: [129.86.96.37] Subject: =?iso-2022-jp?B?GyRCPXUkMSRGJC8kQCQ1JCQbKEI=?= From: =?shift-jis?B?l6KXnInU?= To: X-Mailer: Microsoft Outlook Express 6.00.2800.1478 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0049_01C6E238.D47967D0" X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 4.6 (++++) X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b This is a multi-part message in MIME format. ------=_NextPart_000_0049_01C6E238.D47967D0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit $BFMA3$9$_$^$;$s!#C]Cf!!bC;R$H?=$7$^$9!#7k:'$7$F#1#2G/L$$@$K;R6!$,=PMh$^$;$s!#2?$+$K$D$1$F$=$N;v$K4X$7$F8H$K$$$d$_$r8@$o$l$^$9!"$7$+$bIW$O30$K=w$,$$$k$h$&$G:G6a$O$[$H$s$IAj
=1B$BFMA3$9$_$^$;$s!#C]Cf!!bC;R$H?=3D$7$^$9!#7k:'$7$F#1#2G/L$$@$= K;R6!$,=3DPMh$^$;$s!#2?$+$K$D$1$F$=3D$N;v$K4X$7$F8H$K$$$d$_$r8@$o$l$^$9!"= $7$+$bIW$O30$K=3Dw$,$$$k$h$&$G:G6a$O$[$H$s$IAjhttp://vlzh.com/?nh05
 
 
------=_NextPart_000_0049_01C6E238.D47967D0-- From akmkunokel@retireriverside.com Sat Dec 02 09:33:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqVvW-0003DV-Oi for dnsext-archive@lists.ietf.org; Sat, 02 Dec 2006 09:33:14 -0500 Received: from 0x55537c96.adsl.cybercity.dk ([85.83.124.150]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GqVvU-0005tG-TB for dnsext-archive@lists.ietf.org; Sat, 02 Dec 2006 09:33:14 -0500 Received: from mail.retireriverside.com (mail.retireriverside.com [202.60.67.51]) by 0x55537c96.adsl.cybercity.dk (8.12.11/8.12.11) with ESMTP id uDKGZzN9dAz6R8 for ; Sat, 2 Dec 2006 03:35:29 -0600 Received: from unknown (HELO tppuknggkgo) (38.96.190.99) by mail.retireriverside.com with ESMTP id zctmYwpDrznW for ; Sat, 2 Dec 2006 03:35:29 -0600 Reply-To: "Wade Bowen" From: "Wade" Message-ID: <4293066575.20061202033529@tppuknggkgo> Date: Sat, 2 Dec 2006 03:35:29 -0600 To: Subject: Microsoft Office 2007 Enterprise ready to download MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 4.7 (++++) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. Announcing Microsoft Office 2007 Enterprise Edition. Office 2007 will be available for enterprise users by November 30, 2006. The end user version will be available in the beginning of 2007. The 2007 Microsoft Office System, also known as Microsoft Office 2007, is the most recent version of Microsoft's productivity suite. Formerly known as Office 12 in the initial stages of its beta cycle, it is scheduled to be made available to volume license customers on November 30, 2006, with general availability following in early 2007. Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Ribbon, replacing the menus and toolbars that have been the cornerstone of Office since its inception.Office 2007 also includes new applications and server-side tools. Chief amongst these is Groove, a collaboration and communication suite for smaller businesses which was originally developed by Groove Networks before being acquired by Microsoft in 2005. Also included is Office Sharepoint Server 2007, a major revision to the server platform for Office applications, which supports "Excel Services", a client-server architecture for supporting Excel workbooks that are shared in real time between multiple machines, and are also viewable and editable through a web page.While Office 2007 includes many new features, one has been removed entirely: Microsoft FrontPage is no longer being developed; its successor is the Microsoft Expression line of products. Microsoft Office 2007 Enterprise Retail Price $899.00 Our Price $79.95 You save $819.05 http://sophisticvip.net Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Sat Dec 02 15:23:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqbOb-0002qM-G0; Sat, 02 Dec 2006 15:23:37 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqbOW-0007Hf-6w; Sat, 02 Dec 2006 15:23:37 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqbG8-0000kf-9z for namedroppers-data@psg.com; Sat, 02 Dec 2006 20:14:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [212.9.189.167] (helo=mail.enyo.de) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqbFv-0000k1-9o for namedroppers@ops.ietf.org; Sat, 02 Dec 2006 20:14:46 +0000 Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de) by mail.enyo.de with esmtp id 1GqbFn-0003Mj-OV; Sat, 02 Dec 2006 21:14:31 +0100 Received: from fw by deneb.enyo.de with local (Exim 4.63) (envelope-from ) id 1GqbFa-0006mb-Ip; Sat, 02 Dec 2006 21:14:18 +0100 From: Florian Weimer To: Mike StJohns Cc: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <20061127032712.CD1FE56890@shell-ng.nominum.com> Date: Sat, 02 Dec 2006 21:14:18 +0100 In-Reply-To: <20061127032712.CD1FE56890@shell-ng.nominum.com> (Mike StJohns's message of "Sun, 26 Nov 2006 22:26:55 -0500") Message-ID: <87ejrit5r9.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 * Mike StJohns: > Any other ideas in this general topic? I think this could be addressed in a straightforward manner, keeping the spirit of SO, if you published a signed bitmap of all permitted RTYPE/RCLASS combinations for a particular value. If you wonder if this is worth the additional complexity, it seems to me that this is less complex than the A/MX heuristics described earlier in the thread. At least it's completely deterministic. There is a significant overhead, of course, compared to SO as proposed, but less so compared to plain old DNS. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sat Dec 02 17:32:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqdPW-0007Y6-7b; Sat, 02 Dec 2006 17:32:42 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqdPQ-0006lF-Gw; Sat, 02 Dec 2006 17:32:42 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqdJi-000Cwa-U5 for namedroppers-data@psg.com; Sat, 02 Dec 2006 22:26:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqdJM-000Ct1-N2 for namedroppers@ops.ietf.org; Sat, 02 Dec 2006 22:26:36 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 1FFF911429 for ; Sat, 2 Dec 2006 22:26:15 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Sat, 02 Dec 2006 21:14:18 +0100." <87ejrit5r9.fsf@mid.deneb.enyo.de> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Sat, 02 Dec 2006 22:26:15 +0000 Message-ID: <14241.1165098375@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da i'm having trouble understanding the scope of this discussion. the working group refused to consider a simpler design that lacked, among other things, secure nxdomain. masataka ohta wrote up a viable proposal 11 years ago and the working group went the other direction. now, to the extent that dnssec will ever be deployed, the industry as represented in this working group has chosen to deploy a more complicated design. if we are readdressing our original scope, then let's look at masataka ohta's simpler design from 11 years ago, and let's stop working on NSEC3 and "white lies" and so on. i for one think that would be a bad idea, both because we have invested a lot of time and money in the current design, and because i am more comfortable with secure denial of existence, even with all its costs. but this third way forward is mystifying me. i am mystified that msj brought it up at all; i am curious to know who, among the deployment communities (who are domain holders, domain registrars, domain registries, client implementors, server implementors, server operators, and internet governance institutions), feels ready to discard the current design at this, the 11th hour (which we have already reached and retreated from seven times in 12 years), and move back to something that the industry rejected in 1995 or so when eastlake/ kaufman was chosen over the ohta design. and if we're moving backward, why are we reinventing it rather than reusing ohta's perfectly reasonable design? i am completely amazed to see anyone here arguing technical merits on another fundamental change in direction. does anyone really believe that if the ietf starts over an 8th time on this technology, that any potential deployer will ever again take this working group seriously? msj, this isn't a personal slam. from a quick glance, your proposal looks to be every bit as good as ohta's. the quality of the proposal is not in doubt, only the timing and strategy. re: > From: Florian Weimer > To: Mike StJohns > Cc: namedroppers@ops.ietf.org > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. > Date: Sat, 02 Dec 2006 21:14:18 +0100 > Sender: owner-namedroppers@ops.ietf.org > > * Mike StJohns: > > > Any other ideas in this general topic? > > I think this could be addressed in a straightforward manner, keeping > the spirit of SO, if you published a signed bitmap of all permitted > RTYPE/RCLASS combinations for a particular value. > > If you wonder if this is worth the additional complexity, it seems to > me that this is less complex than the A/MX heuristics described > earlier in the thread. At least it's completely deterministic. > > There is a significant overhead, of course, compared to SO as > proposed, but less so compared to plain old DNS. > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sat Dec 02 18:48:39 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gqeb1-0004lo-4R; Sat, 02 Dec 2006 18:48:39 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gqeav-0002lG-8X; Sat, 02 Dec 2006 18:48:39 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqeUt-000Jq0-Mh for namedroppers-data@psg.com; Sat, 02 Dec 2006 23:42:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,HTML_10_20, HTML_MESSAGE,SPF_PASS autolearn=no version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqeUb-000JoS-2R for namedroppers@ops.ietf.org; Sat, 02 Dec 2006 23:42:07 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 7B7B056882; Sat, 2 Dec 2006 15:41:53 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 02 Dec 2006 18:41:49 -0500 To: Paul Vixie ,namedroppers@ops.ietf.org From: Mike StJohns Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: <14241.1165098375@sa.vix.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=====================_92570843==.ALT" Message-Id: <20061202234153.7B7B056882@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.3 (/) X-Scan-Signature: c119f9923e40f08a1d7f390ce651ea92 --=====================_92570843==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Hi Paul - Thanks for your note, and I appreciate it's not an attack on me. You asked why: From http://www.whitehouse.gov/omb/circulars/a094/a094.html - Sunk Cost -- A cost incurred in the past that will not be affected by any present or future decision. Sunk costs should be ignored in determining whether a new investment is worthwhile. The above, although cribbed from a government publication is a good general business practice - ignoring it is how businesses go bankrupt. > i for one think that would be a bad idea, both because we >have invested a lot of time and money in the current design, Unfortunately, that sentiment seems to be widespread. The entire development of DNSSEC up to this point is sunk costs - the amount of investment is no predictor of the success of the development. After 14 years, with no firm date for completion in sight and no guarantee that there won't be yet another show stopper - I think it's reasonable to re-consider the direction, or at least have some fall back position. Here's the timeline as I understand it: ~1986 - the Protocol Standards technical panel of the DOD identified the need to have a way to validate DNS data ~1992-3 - TIS submitted a proposal to ARPA for research in this area - a 3+ year contract (or maybe a task order against an existing contract) was awarded. 1999 - DNSSEC was declared done with the publication of RFC2535 2000-2002 - OK, maybe some twiddles - new RFCs covering some changes - no real deployment of DNSSEC 2003 - Publication of DS RFC 2004 - Typecode rollover discussions 2005 - DNSSEC declared done again with the publication of 4033, 4034, 4035 2005 - OK... maybe not done - NSEC not sufficient for certain zone operators - some zones (e.g. NL) signed, few signed deletations 2006 - Still working on NSEC3, few signed delegations 2007 - Maybe NSEC3 complete, maybe more show stoppers So blaming my proposal as a distraction seems to be a bit ... unreasonable. It may be more reasonable to blame the lack of attraction of DNSSEC to the zone operators and the lack of any application driven desire for DNSSEC for its failure to take hold up to this point. WRT to Ohta's design - I've actually never seen it. It may be perfectly fine, but my guess is that it doesn't provide even a hint of interoperability with the 4033-4035 DNSSEC and I was hoping to at least use the existing server code base. In general, my proposal is targeted at the space mostly ignored by PNE DNSSEC - that of how an application uses signed DNS data. I don't actually consider this a change in direction, rather one that could focus this deployment on the use of the data rather than simply the signing of it for signing's sake. I've heard the sentiment "Stay the course" too much over the last 4 years -both here and in American politics - the arguments for both tend to get weaker the longer things go on. Finally, you asked about 11th hour. When I came back into this 4 years ago people swore it was done and that other proposals weren't needed. Last year it was "NSEC3 is almost done - have patience" - the same this year. I actually waited three and a half years on this or 25% of the total time period. While it may be true that NSEC3 is almost, I can't predict the future and sunk cost analysis suggest that I shouldn't attempt to. So the proposal came out after many patient years. I'm sure if I had submitted this at the beginning of the NSEC3 discussions I would have gotten the same "11th hour" comments. So feel free to ignore it - I''ll keep it live as a draft for a year or so and we can talk about 11th hour issues again in about a year or two while we're waiting for NSEC4. :-) You decry my timing and strategy, but I ask you when if not now? Should I have submitted this as a place holder 3 years ago when roughly the same argument was made to me? Should I have waited until NSEC3 was complete - if ever? Never? If the latter really is the answer, then the IETF is a vastly different organization that it used to be. Later, Mike At 05:26 PM 12/2/2006, Paul Vixie wrote: >i'm having trouble understanding the scope of this discussion. the working >group refused to consider a simpler design that lacked, among other things, >secure nxdomain. masataka ohta wrote up a viable proposal 11 years ago and >the working group went the other direction. now, to the extent that dnssec >will ever be deployed, the industry as represented in this working group has >chosen to deploy a more complicated design. > >if we are readdressing our original scope, then let's look at masataka ohta's >simpler design from 11 years ago, and let's stop working on NSEC3 and "white >lies" and so on. i for one think that would be a bad idea, both because we >have invested a lot of time and money in the current design, and because i am >more comfortable with secure denial of existence, even with all its costs. > >but this third way forward is mystifying me. i am mystified that msj brought >it up at all; i am curious to know who, among the deployment communities (who >are domain holders, domain registrars, domain registries, client implementors, >server implementors, server operators, and internet governance institutions), >feels ready to discard the current design at this, the 11th hour (which we >have already reached and retreated from seven times in 12 years), and move >back to something that the industry rejected in 1995 or so when eastlake/ >kaufman was chosen over the ohta design. and if we're moving backward, why >are we reinventing it rather than reusing ohta's perfectly reasonable design? > >i am completely amazed to see anyone here arguing technical merits on another >fundamental change in direction. does anyone really believe that if the ietf >starts over an 8th time on this technology, that any potential deployer will >ever again take this working group seriously? > >msj, this isn't a personal slam. from a quick glance, your proposal looks to >be every bit as good as ohta's. the quality of the proposal is not in doubt, >only the timing and strategy. > >re: > > > From: Florian Weimer > > To: Mike StJohns > > Cc: namedroppers@ops.ietf.org > > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. > > Date: Sat, 02 Dec 2006 21:14:18 +0100 > > Sender: owner-namedroppers@ops.ietf.org > > > > * Mike StJohns: > > > > > Any other ideas in this general topic? > > > > I think this could be addressed in a straightforward manner, keeping > > the spirit of SO, if you published a signed bitmap of all permitted > > RTYPE/RCLASS combinations for a particular value. > > > > If you wonder if this is worth the additional complexity, it seems to > > me that this is less complex than the A/MX heuristics described > > earlier in the thread. At least it's completely deterministic. > > > > There is a significant overhead, of course, compared to SO as > > proposed, but less so compared to plain old DNS. > > > > -- > > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > > the word 'unsubscribe' in a single line as the message text body. > > archive: > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: --=====================_92570843==.ALT Content-Type: text/html; charset="us-ascii" Hi Paul -

Thanks for your note, and I appreciate it's not an attack on me.  You asked why:

From http://www.whitehouse.gov/omb/circulars/a094/a094.html -


Sunk Cost -- A cost incurred in the past that will not be affected by any present or future decision. Sunk costs should be ignored in determining whether a new investment is worthwhile.

The above, although cribbed from a government publication is a good general business practice - ignoring it is how businesses go bankrupt.

 i for one think that would be a bad idea, both because we
have invested a lot of time and money in the current design,

Unfortunately, that sentiment seems to be widespread.

The entire development of DNSSEC up to this point is sunk costs - the amount of investment is no predictor of the success of the development.  After 14 years, with no firm date for completion in sight and no guarantee that there won't be yet another show stopper - I think it's reasonable to re-consider the direction, or at least have some fall back position. 

Here's the timeline as I understand it:

~1986 - the Protocol Standards technical panel of the DOD identified the need to have a way to validate DNS data
~1992-3 - TIS submitted a proposal to ARPA for research in this area - a 3+ year contract (or maybe a task order against an existing contract) was awarded.

1999 - DNSSEC was declared done with the publication of RFC2535
2000-2002 - OK, maybe some twiddles - new RFCs covering some changes - no real deployment of DNSSEC
2003 - Publication of DS RFC
2004 - Typecode rollover discussions
2005 - DNSSEC declared done again with the publication of 4033, 4034, 4035
2005 - OK... maybe not done - NSEC not sufficient for certain zone operators  - some zones (e.g. NL) signed, few signed deletations
2006 - Still working on NSEC3, few signed delegations
2007 - Maybe NSEC3 complete, maybe more show stoppers


So blaming my proposal as a distraction seems to be a bit ... unreasonable.   It may be more reasonable to blame the lack of attraction of DNSSEC to the zone operators and the lack of any application driven desire for DNSSEC for its failure to take hold up to this point.

WRT to Ohta's design - I've actually never seen it.  It may be perfectly fine, but my guess is that it doesn't provide even a hint of interoperability with the 4033-4035 DNSSEC and I was hoping to at least use the existing server code base.

In general, my proposal is targeted at the space mostly ignored by PNE DNSSEC - that of how an application uses signed DNS data.  I don't actually consider this a change in direction, rather one that could focus this deployment on the use of the data rather than simply the signing of it for signing's sake.

I've heard the sentiment "Stay the course" too much over the last 4 years -both here and in American politics - the arguments for both tend to get weaker the longer things go on.

Finally, you asked about 11th hour.  When I came back into this 4 years ago people swore it was done and that other proposals weren't needed.  Last year it was "NSEC3 is almost done - have patience" - the same this year. I actually waited three and a half years on this or 25% of the total time period.  While it may be true that NSEC3 is almost, I can't predict the future and sunk cost analysis suggest that I shouldn't attempt to.  So the proposal came out after many patient years.  I'm sure if I had submitted this at the beginning of the NSEC3 discussions I would have gotten the same "11th hour" comments.  So feel free to ignore it - I''ll keep it live as a draft for a year or so and we can talk about 11th hour issues again in about a year or two while we're waiting for NSEC4.  :-) 

You decry my timing and strategy, but I ask you when if not now?  Should I have submitted this as a place holder 3 years ago when roughly the same argument was made to me?  Should I have waited until NSEC3 was complete - if ever?  Never?  If the latter really is the answer, then the IETF is a vastly different organization that it used to be.

Later, Mike



At 05:26 PM 12/2/2006, Paul Vixie wrote:
i'm having trouble understanding the scope of this discussion.  the working
group refused to consider a simpler design that lacked, among other things,
secure nxdomain.  masataka ohta wrote up a viable proposal 11 years ago and
the working group went the other direction.  now, to the extent that dnssec
will ever be deployed, the industry as represented in this working group has
chosen to deploy a more complicated design.

if we are readdressing our original scope, then let's look at masataka ohta's
simpler design from 11 years ago, and let's stop working on NSEC3 and "white
lies" and so on.  i for one think that would be a bad idea, both because we
have invested a lot of time and money in the current design, and because i am
more comfortable with secure denial of existence, even with all its costs.

but this third way forward is mystifying me.  i am mystified that msj brought
it up at all; i am curious to know who, among the deployment communities (who
are domain holders, domain registrars, domain registries, client implementors,
server implementors, server operators, and internet governance institutions),
feels ready to discard the current design at this, the 11th hour (which we
have already reached and retreated from seven times in 12 years), and move
back to something that the industry rejected in 1995 or so when eastlake/
kaufman was chosen over the ohta design.  and if we're moving backward, why
are we reinventing it rather than reusing ohta's perfectly reasonable design?

i am completely amazed to see anyone here arguing technical merits on another
fundamental change in direction.  does anyone really believe that if the ietf
starts over an 8th time on this technology, that any potential deployer will
ever again take this working group seriously?

msj, this isn't a personal slam.  from a quick glance, your proposal looks to
be every bit as good as ohta's.  the quality of the proposal is not in doubt,
only the timing and strategy.

re:

> From: Florian Weimer <fw@deneb.enyo.de>
> To: Mike StJohns <Mike.StJohns@nominum.com>
> Cc: namedroppers@ops.ietf.org
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
> Date: Sat, 02 Dec 2006 21:14:18 +0100
> Sender: owner-namedroppers@ops.ietf.org
>
> * Mike StJohns:
>
> > Any other ideas in this general topic?
>
> I think this could be addressed in a straightforward manner, keeping
> the spirit of SO, if you published a signed bitmap of all permitted
> RTYPE/RCLASS combinations for a particular value.
>
> If you wonder if this is worth the additional complexity, it seems to
> me that this is less complex than the A/MX heuristics described
> earlier in the thread.  At least it's completely deterministic.
>
> There is a significant overhead, of course, compared to SO as
> proposed, but less so compared to plain old DNS.
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: < http://ops.ietf.org/lists/namedroppers/>

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: < http://ops.ietf.org/lists/namedroppers/>
--=====================_92570843==.ALT-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sat Dec 02 19:26:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqfBp-0000ZX-Ir; Sat, 02 Dec 2006 19:26:41 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqfBk-0003ot-4c; Sat, 02 Dec 2006 19:26:41 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gqf3o-000NWj-53 for namedroppers-data@psg.com; Sun, 03 Dec 2006 00:18:24 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gqf3S-000NVt-SB for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 00:18:17 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id E3A1A11425 for ; Sun, 3 Dec 2006 00:18:01 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Sat, 02 Dec 2006 18:41:49 EST." <20061202234153.7B7B056882@shell-ng.nominum.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Sun, 03 Dec 2006 00:18:01 +0000 Message-ID: <25076.1165105081@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248 > ... blaming my proposal as a distraction seems to be a bit ...unreasonable. > It may be more reasonable to blame the lack of attraction of DNSSEC to the > zone operators and the lack of any application driven desire for DNSSEC for > its failure to take hold up to this point. i think the lack of attraction is explainable separately from the quality or complexity of the current official design. kc said it best, on one of steve crocker's concalls, when steve asked "what's the one thing the community needs to begin dnssec deployment?" and kc answered, "motivation." dnssec is a classic internet design, demanded by military/government types. it is not like the web or ssl, demanded by the market and/or useful for commerce. if you're trying to create motivation, then adding an 8th 11th-hour retrenching isn't the way. if you're trying to overcome inertia and/or improve the cost:benefit toward a more compelling level, then again, adding an 8th 11th hour retrenching to the schedule is not your best move. > WRT to Ohta's design - I've actually never seen it. that's a sad statement in and of itself. you're acting like a latecomer who has all the answers but hasn't done a lot of research and/or homework. since i know you better than that, i am mystified. what kind of deployment community backing have you received that made your current proposal seem useful? > In general, my proposal is targeted at the space mostly ignored by PNE > DNSSEC - that of how an application uses signed DNS data. I don't actually > consider this a change in direction, rather one that could focus this > deployment on the use of the data rather than simply the signing of it for > signing's sake. as most of us have been saying for a decade, the major reason to deploy dnssec is that it will protect nameservers from following evil NS/A/AAAA chains. if there's a secondary benefit (that dnssec is useful in commerce or antispam or antiphish or whatever) then such secondary benefits will not be known or visible until after the basic infrastructure is in place. that's due to the chicken-or-egg problem, folks won't sign their zones until it improves their lives, and folks won't install a validators until it improves their lives. something had to be the first mover. obviously, that's the NS/A/AAAA chains. > ... I'm sure if I had submitted this at the beginning of the NSEC3 > discussions I would have gotten the same "11th hour" comments. So feel free > to ignore it - I''ll keep it live as a draft for a year or so and we can > talk about 11th hour issues again in about a year or two while we're waiting > for NSEC4. :-) here, you are preaching to the choir. i wasn't going to propose EDNS until DNSSEC was done, but in 1998 donald eastlake convinced me that there was time. michael graff and i decided not to propose "slabbed DNS" with security as metadata in 2002 because we didn't want to muddy the waters. a bazillion people have told me not to bother deploy DLV since NSEC3 is coming real soon now. a couple of times per year, i drag something up from the old jim galvin dns-security mailing list archive and repost it to namedroppers under the subject, "on this date in 1997" or whatever, and it'll be the same thread all over again. i hate this whole thing. dnssec is the worst design-by-committee effort i've ever seen, both in terms of how late it is, how fuzzy the goals have been, how often the goals have changed, and how complicated and heavy it is now that it is trying to be all-things-to-all-people. but you won't improve it by adding an 8th 11th-hour redesign. all you could do would be to convince anybody who has been waiting for dnssec that they'll have to go their own way. are you failing to grasp that any change to the way this stuff works will take at least two years to stop arguing about and test-in-lab and write code for and so on? and that the real deployment work will not begin until those moments stop coming? and that real deployment will take five years once it starts? > You decry my timing and strategy, but I ask you when if not now? Should I > have submitted this as a place holder 3 years ago when roughly the same > argument was made to me? Should I have waited until NSEC3 was complete - > if ever? Never? If the latter really is the answer, then the IETF is a > vastly different organization that it used to be. never. because the IETF is a vastly different organization than it used to be. and while you're hitting on the reasons we tried to start MODA, that's a separate discussion (and, MODA is dead, since it could not overcome inertia.) -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 03 00:10:26 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqjcQ-0002zT-54; Sun, 03 Dec 2006 00:10:26 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqjcL-00020Y-S3; Sun, 03 Dec 2006 00:10:26 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqjUq-00001i-1O for namedroppers-data@psg.com; Sun, 03 Dec 2006 05:02:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqjUU-000Q0L-D4 for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 05:02:29 +0000 Received: from [192.168.1.102] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB34xroa030216; Sat, 2 Dec 2006 23:59:54 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <25076.1165105081@sa.vix.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> Date: Sun, 3 Dec 2006 00:02:20 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 At 0:18 +0000 12/3/06, Paul Vixie wrote: > (MSJ) > WRT to Ohta's design - I've actually never seen it. > >that's a sad statement in and of itself. you're acting like a latecomer who >has all the answers but hasn't done a lot of research and/or homework. since >i know you better than that, i am mystified. what kind of >deployment community >backing have you received that made your current proposal seem useful? That's a bit harsh. Ohta's proposal is very hard to find. I've tried, and eventually did get a copy. Here's a URL for it. http://www.watersprings.org/pub/id/draft-ohta-simple-dns-02.txt -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From qlickrlda@legit-or-not.net Sun Dec 03 04:08:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqnKi-0003CD-Rz for dnsext-archive@lists.ietf.org; Sun, 03 Dec 2006 04:08:24 -0500 Received: from li-17c73.adsl.wanadoo.nl ([81.69.154.115]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GqnKe-0002AH-G8 for dnsext-archive@lists.ietf.org; Sun, 03 Dec 2006 04:08:24 -0500 Received: from smtp.secureserver.net by li-17c73.adsl.wanadoo.nl (8.9.3/8.9.3) with ESMTP id w0nBjj3s2qIu for ; Sun, 3 Dec 2006 04:08:54 -0500 Received: from [128.202.106.83] by smtp.secureserver.net via HTTP for ; Sun, 3 Dec 2006 04:08:54 -0500 Date: Sun, 3 Dec 2006 04:08:54 -0500 From: Maxine Watson Reply-To: Maxine Watson Message-ID: <758558393456.811320742412@legit-or-not.net> To: Subject: Microsoft Office 2007 Enterprise ready to download MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 3.4 (+++) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. Announcing Microsoft Office 2007 Enterprise Edition. Office 2007 will be available for enterprise users by November 30, 2006. The end user version will be available in the beginning of 2007. The 2007 Microsoft Office System, also known as Microsoft Office 2007, is the most recent version of Microsoft's productivity suite. Formerly known as Office 12 in the initial stages of its beta cycle, it is scheduled to be made available to volume license customers on November 30, 2006, with general availability following in early 2007. Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Ribbon, replacing the menus and toolbars that have been the cornerstone of Office since its inception.Office 2007 also includes new applications and server-side tools. Chief amongst these is Groove, a collaboration and communication suite for smaller businesses which was originally developed by Groove Networks before being acquired by Microsoft in 2005. Also included is Office Sharepoint Server 2007, a major revision to the server platform for Office applications, which supports "Excel Services", a client-server architecture for supporting Excel workbooks that are shared in real time between multiple machines, and are also viewable and editable through a web page.While Office 2007 includes many new features, one has been removed entirely: Microsoft FrontPage is no longer being developed; its successor is the Microsoft Expression line of products. Microsoft Office 2007 Enterprise Retail Price $899.00 Our Price $79.95 You save $819.05 http://mscu44.com Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Sun Dec 03 05:11:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqoK5-0000hp-C0; Sun, 03 Dec 2006 05:11:49 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqoK0-0003rm-3P; Sun, 03 Dec 2006 05:11:49 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqoCE-0000dI-CG for namedroppers-data@psg.com; Sun, 03 Dec 2006 10:03:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [80.67.170.53] (helo=mail.bortzmeyer.org) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqoBp-0000Zb-Ch for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 10:03:31 +0000 Received: by mail.bortzmeyer.org (Postfix, from userid 10) id D1954240813; Sun, 3 Dec 2006 11:03:09 +0100 (CET) Received: by fetiche (Postfix, from userid 1000) id CBD4318106; Sun, 3 Dec 2006 07:59:33 -0200 (BRST) Date: Sun, 3 Dec 2006 07:59:32 -0200 From: Stephane Bortzmeyer To: Paul Vixie Cc: namedroppers@ops.ietf.org Subject: Back to Ohta's old proposal (Was: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061203095932.GA3132@laperouse.bortzmeyer.org> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <14241.1165098375@sa.vix.com> X-Transport: UUCP rules X-Operating-System: Debian GNU/Linux 3.1 User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f On Sat, Dec 02, 2006 at 10:26:15PM +0000, Paul Vixie wrote a message of 65 lines which said: > the working group refused to consider a simpler design that lacked, > among other things, secure nxdomain. masataka ohta wrote up a > viable proposal 11 years ago Thanks to the archaeologist Ed Lewis, I've read this draft and I'm puzzled: it does cover PNE for domains, with the ZL record (and PNE for types with the RRD record). Ohta's proposal does not seem to be SO and therefore does not seem to be a direct competitor of St John's. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 03 05:28:25 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gqoa9-00063B-OM; Sun, 03 Dec 2006 05:28:25 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gqoa8-0007wT-FZ; Sun, 03 Dec 2006 05:28:25 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqoSq-0002A6-7P for namedroppers-data@psg.com; Sun, 03 Dec 2006 10:20:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [80.67.170.53] (helo=mail.bortzmeyer.org) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqoSR-00026D-Uf for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 10:20:42 +0000 Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 7C21C240813; Sun, 3 Dec 2006 11:20:24 +0100 (CET) Received: by fetiche (Postfix, from userid 1000) id 2E41518106; Sun, 3 Dec 2006 08:07:14 -0200 (BRST) Date: Sun, 3 Dec 2006 08:07:14 -0200 From: Stephane Bortzmeyer To: Florian Weimer Cc: Mike StJohns , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061203100714.GA3108@laperouse.bortzmeyer.org> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ejrit5r9.fsf@mid.deneb.enyo.de> X-Transport: UUCP rules X-Operating-System: Debian GNU/Linux 3.1 User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 On Sat, Dec 02, 2006 at 09:14:18PM +0100, Florian Weimer wrote a message of 19 lines which said: > I think this could be addressed in a straightforward manner, keeping > the spirit of SO, if you published a signed bitmap of all permitted > RTYPE/RCLASS combinations for a particular value. This moves the complexity to the resolver, which would have to remember, when receving (NOERROR, Answer=0) to retrieve the signed bitmap and to check it. But, yes, it seems simpler than the RRD in Ohta's draft (recently resurrected). -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 03 08:18:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqrEj-0001ix-Dk; Sun, 03 Dec 2006 08:18:29 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqrEh-00087J-07; Sun, 03 Dec 2006 08:18:29 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gqr7O-000HFG-2Q for namedroppers-data@psg.com; Sun, 03 Dec 2006 13:10:54 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [171.68.10.86] (helo=sj-iport-4.cisco.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gqr6y-000HD6-8r for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 13:10:48 +0000 Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by sj-iport-4.cisco.com with ESMTP; 03 Dec 2006 05:10:27 -0800 Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id kB3DARCG027439; Sun, 3 Dec 2006 08:10:27 -0500 Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id kB3DATYJ014831; Sun, 3 Dec 2006 08:10:29 -0500 (EST) Received: from xmb-rtp-211.amer.cisco.com ([64.102.31.118]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 3 Dec 2006 08:10:26 -0500 Received: from 10.86.240.43 ([10.86.240.43]) by xmb-rtp-211.amer.cisco.com ([64.102.31.118]) with Microsoft Exchange Server HTTP-DAV ; Sun, 3 Dec 2006 13:10:25 +0000 User-Agent: Microsoft-Entourage/11.2.5.060620 Date: Sun, 03 Dec 2006 08:10:57 -0500 Subject: Re: DNSSEC - Signature Only vs the MX/A issue. From: Ralph Droms To: Paul Vixie , Message-ID: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AccW3HhItwGTGILPEduKCQARJOT6eg== In-Reply-To: <25076.1165105081@sa.vix.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 03 Dec 2006 13:10:26.0198 (UTC) FILETIME=[65ECC360:01C716DC] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2447; t=1165151427; x=1166015427; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20 |Subject:=20Re=3A=20DNSSEC=20-=20Signature=20Only=20vs=20the=20MX/A=20iss ue.=20 |Sender:=20 |To:=20Paul=20Vixie=20,=20; bh=FCwvWOxwTuGWJMzpa7qHT3zUHuuSv1AowbbU9r69M6E=; b=i5KBAWyezQxSTHeneFOnC8XUu2UdRXuQzLcow9xZEe9auc16wY1re8tVBPwXtsk+MRx9JpOX 2Ir55XlguBJ/iDdzQpJatcmEbc068wNNCDxC9Z4ZKLjfA+sH23pbtyCb; Authentication-Results: rtp-dkim-2; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; ); Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465 I'm very interested in the problem of motivation, because I'm part of an organization that is trying to predict customer motivation, which will predict customer demand for DNSSEC features in our products. We can use those predictions to guide our decision about when to have those DNSSEC features ready for our customers. As far as I can tell, there is no market/commerce motivation today. Attacks that can be mitigated by DNSSEC are not in the public consciousness like spam or malware or phishing attacks. Do we have documented evidence of specific successful attacks that can be mitigated by DNSSEC? What is the direct, immediate RoI for the resources I have to commit to providing DNSSEC resolution for names in my zone? My external contacts ("customers") may benefit from mitigation of attacks, but that's an indirect benefit. The motivation driving deployment problem is compounded by the complexity (as measured by the number of moving parts) of the solution, which results in a chicken-and-egg problem. My organization may benefit by enabling DNSSEC resolution on my internal hosts and recursive servers, but that benefit only accrues if the sites I access provide DNSSEC. The motivation factor seems to be necessary (although not sufficient) to drive DNSSEC deployment... - Ralph On 12/2/06 7:18 PM, "Paul Vixie" wrote: >> ... blaming my proposal as a distraction seems to be a bit ...unreasonable. >> It may be more reasonable to blame the lack of attraction of DNSSEC to the >> zone operators and the lack of any application driven desire for DNSSEC for >> its failure to take hold up to this point. > > i think the lack of attraction is explainable separately from the quality or > complexity of the current official design. kc said it best, on one of steve > crocker's concalls, when steve asked "what's the one thing the community > needs to begin dnssec deployment?" and kc answered, "motivation." dnssec is > a classic internet design, demanded by military/government types. it is not > like the web or ssl, demanded by the market and/or useful for commerce. if > you're trying to create motivation, then adding an 8th 11th-hour retrenching > isn't the way. if you're trying to overcome inertia and/or improve the > cost:benefit toward a more compelling level, then again, adding an 8th 11th > hour retrenching to the schedule is not your best move. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 03 10:02:00 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gqsqu-0007bf-L6; Sun, 03 Dec 2006 10:02:00 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gqsql-0006ql-9t; Sun, 03 Dec 2006 10:02:00 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gqsix-0000fM-Ov for namedroppers-data@psg.com; Sun, 03 Dec 2006 14:53:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqsiV-0000ce-Of for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 14:53:38 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 7FC18402C; Sun, 3 Dec 2006 15:53:17 +0100 (CET) Date: Sun, 3 Dec 2006 15:53:17 +0100 From: bert hubert To: Ralph Droms Cc: Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061203145317.GA4757@outpost.ds9a.nl> References: <25076.1165105081@sa.vix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3 On Sun, Dec 03, 2006 at 08:10:57AM -0500, Ralph Droms wrote: > that can be mitigated by DNSSEC are not in the public consciousness like > spam or malware or phishing attacks. Do we have documented evidence of > specific successful attacks that can be mitigated by DNSSEC? Yes, there have been succesful spoofing attacks, whereby end-users end up on a different website from the one they thought they were visiting. These attacks could have been prevented without DNSSEC however, and any website that is truly important uses SSL, which would flag the misdirection (which would then be ignored). Such spoofing has actually happened a number of times, but hasn't really hit the news. It is also easy to do, to quote from http://www.ietf.org/internet-drafts/draft-hubert-dns-anti-spoofing-00.txt The calculations above indicate the relative ease with which DNS data can be spoofed. For example, using the formula derived earlier on a domain with a 3600 second TTL, an attacker sending 7000 fake answer packets/s (a rate of 4.5Mb/s), stands a 10% chance of spoofing a record in the first 24 hours, which rises to 50% after a week. For a domain with a TTL of 60 seconds, the 10% level is hit after 24 minutes, 50% after less than 3 hours, 90% after around 9 hours. I've written some tools that perform this action, when you manage to saturate the bonafide authoritative servers, success is achieved within seconds. Partial saturation means somewhat longer time is needed. The calculations above are for the non-saturated case. > What is the direct, immediate RoI for the resources I have to commit to > providing DNSSEC resolution for names in my zone? My external contacts > ("customers") may benefit from mitigation of attacks, but that's an indirect > benefit. They might conceivably worry more over the (inherent) higher reliability problems of DNSSEC: there are far more failure modes. This is not DNSSECs fault, it is inherent in any protocol that gets encryption added to it. This is why I favor (immediate) ameliorization measures, as outlined in my draft, which are easy to implement. However, recapping, there IS a problem that needs to be solved. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 03 16:04:01 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GqyVF-0001qp-6z; Sun, 03 Dec 2006 16:04:01 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GqyVB-0004p6-CK; Sun, 03 Dec 2006 16:04:01 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqyLh-0006jN-Ot for namedroppers-data@psg.com; Sun, 03 Dec 2006 20:54:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GqyLL-0006iM-5D for namedroppers@ops.ietf.org; Sun, 03 Dec 2006 20:54:04 +0000 Received: (qmail 37495 invoked from network); 3 Dec 2006 21:00:52 -0000 Received: from unknown (HELO necom830.hpcl.titech.ac.jp) (220.231.42.120) by necom830.hpcl.titech.ac.jp with SMTP; 3 Dec 2006 21:00:52 -0000 Message-ID: <45733935.3070709@necom830.hpcl.titech.ac.jp> Date: Mon, 04 Dec 2006 05:53:09 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: Stephane Bortzmeyer CC: Paul Vixie , namedroppers@ops.ietf.org Subject: Re: Back to Ohta's old proposal (Was: DNSSEC - Signature Only vs the MX/A issue. References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061203095932.GA3132@laperouse.bortzmeyer.org> In-Reply-To: <20061203095932.GA3132@laperouse.bortzmeyer.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002 Mike StJohns wrote: > ~1992-3 - TIS submitted a proposal to ARPA for research in this > area - a 3+ year contract (or maybe a task order against an > existing contract) was awarded. It maybe the reason why TIS's proposal was chosen without any real (Paul's confusion on my proposal is an evidence) discussion. Stephane Bortzmeyer wrote: >>the working group refused to consider a simpler design that lacked, >>among other things, secure nxdomain. masataka ohta wrote up a >>viable proposal 11 years ago > Thanks to the archaeologist Ed Lewis, I've read this draft and I'm > puzzled: it does cover PNE for domains, with the ZL record (and PNE > for types with the RRD record). Yese, it does everthing DNSSEC does. The difference is that my proposal avoided, by design, all the gotchas related to CNAME, glue, UDP size overflow and so, most of which was confirmed with an implementation. OTOH, TIS's proposal was not implemented and was claimed to have some minor features intentionally missing from mine, all of which is useless/harmful/impossible and was, later, dropped. > Ohta's proposal does not seem to be SO > and therefore does not seem to be a direct competitor of St John's. It's trivially easy to add my propoal some record that a zone does not support ZL. However, even though my proposal makes more simpler to implement, deploy and operate, the real problem of DNSSEC is that it is merely weakly secure. That is, if you can blindly believe that all the namesever operators between you and your peer are secured, you can blindly believe that all the ISPs between you and your peer are secured. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From filkoskisrzgz@techwriteplus.com Sun Dec 03 23:12:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gr5C2-0003ld-Gb for dnsext-archive@lists.ietf.org; Sun, 03 Dec 2006 23:12:38 -0500 Received: from ip-227.gtelco.net ([205.208.217.227]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gr5C0-0007tQ-KH for dnsext-archive@lists.ietf.org; Sun, 03 Dec 2006 23:12:38 -0500 Received: from sitemail.everyone.net by ip-227.gtelco.net (Postfix) with ESMTP id 2F9C70BF69 for ; Sun, 3 Dec 2006 16:11:41 -0600 Received: from ocuyybbtxvfa (HELO dswsmdhiyv) ([29.111.116.70]) by sitemail.everyone.net with ESMTP for ; Sun, 3 Dec 2006 16:11:41 -0600 Reply-To: "Arlene Chen" From: "Arlene" Message-ID: <9385045832.634283357715@techwriteplus.com> Date: Sun, 3 Dec 2006 16:11:41 -0600 To: Subject: Microsoft Office 2007 Enterprise ready to download MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 1.8 (+) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. Announcing Microsoft Office 2007 Enterprise Edition. Office 2007 will be available for enterprise users by November 30, 2006. The end user version will be available in the beginning of 2007. The 2007 Microsoft Office System, also known as Microsoft Office 2007, is the most recent version of Microsoft's productivity suite. Formerly known as Office 12 in the initial stages of its beta cycle, it is scheduled to be made available to volume license customers on November 30, 2006, with general availability following in early 2007. Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Ribbon, replacing the menus and toolbars that have been the cornerstone of Office since its inception.Office 2007 also includes new applications and server-side tools. Chief amongst these is Groove, a collaboration and communication suite for smaller businesses which was originally developed by Groove Networks before being acquired by Microsoft in 2005. Also included is Office Sharepoint Server 2007, a major revision to the server platform for Office applications, which supports "Excel Services", a client-server architecture for supporting Excel workbooks that are shared in real time between multiple machines, and are also viewable and editable through a web page.While Office 2007 includes many new features, one has been removed entirely: Microsoft FrontPage is no longer being developed; its successor is the Microsoft Expression line of products. Microsoft Office 2007 Enterprise Retail Price $899.00 Our Price $79.95 You save $819.05 http://avtospeccentr.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Mon Dec 04 06:00:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrBYw-0007Oj-Cb; Mon, 04 Dec 2006 06:00:42 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrBRB-0001go-Gh; Mon, 04 Dec 2006 05:52:50 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrBKX-0008kv-4O for namedroppers-data@psg.com; Mon, 04 Dec 2006 10:45:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.167] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrBJu-0008hf-8C for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 10:45:28 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id B1BBD11402F; Mon, 4 Dec 2006 10:45:09 +0000 (UTC) (envelope-from Shane_Kerr@isc.org) Received: from [199.6.1.234] (unknown [199.6.1.234]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id E889AE60A0; Mon, 4 Dec 2006 10:45:04 +0000 (UTC) (envelope-from shane@isc.org) Message-ID: <4573FC2F.7080306@isc.org> Date: Mon, 04 Dec 2006 11:45:03 +0100 From: Shane Kerr Reply-To: shane_kerr@isc.org Organization: ISC User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Ralph Droms CC: namedroppers@ops.ietf.org Subject: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: In-Reply-To: X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ Apologies for a mostly non-technical mail that says what everybody already knows. ] Ralph Droms wrote: > What is the direct, immediate RoI for the resources I have to commit to > providing DNSSEC resolution for names in my zone? My external contacts > ("customers") may benefit from mitigation of attacks, but that's an indirect > benefit. Isn't this always the case with security though? What is the direct, immediate RoI for putting a lock on your door? I think the reason things like DNS and routing security don't get much traction is because there is much lower hanging fruit for attackers. If the end points of the Internet weren't so insecure, then things would be different. If DNSSEC stabilizes after NSEC3, then DNSSEC could slowly become part of the BCP for network operators. The blocking factor here is the TLD (and the root), which has little or nothing to do with RoI. - -- Shane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFc/wuMsfZxBO4kbQRAknGAKCno1hfO/JrNoyhsk+9rkEx94BMRwCginCo VWL6Q40W+fGBrmwth3D67ds= =Gzje -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 07:46:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrDCw-0002xK-1W; Mon, 04 Dec 2006 07:46:06 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrDCq-0000uD-DX; Mon, 04 Dec 2006 07:46:06 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrD6v-000Gqo-3P for namedroppers-data@psg.com; Mon, 04 Dec 2006 12:39:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrD6a-000GoR-L6 for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 12:39:47 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id B8C603FA2; Mon, 4 Dec 2006 13:39:30 +0100 (CET) Date: Mon, 4 Dec 2006 13:39:30 +0100 From: bert hubert To: Shane Kerr Cc: Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061204123930.GC3111@outpost.ds9a.nl> References: <4573FC2F.7080306@isc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4573FC2F.7080306@isc.org> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d On Mon, Dec 04, 2006 at 11:45:03AM +0100, Shane Kerr wrote: > Isn't this always the case with security though? What is the direct, immediate > RoI for putting a lock on your door? Try removing the lock from your office building and you find out quickly enough. Security IS part of doing business, and if it is more effort than it is perceived to be worth, people don't do it. Perception is the key word here though. My feeling however is that the full cost of DNSSEC (even without NSEC3) vastly outweighs any perceived (or even: real) benefit. See http://ds9a.nl/secure-dns.html for some further discussion. I don't doubt DNS needs better security, but it doesn't warrant anything really complex. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:18:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrEe3-0001YF-EW; Mon, 04 Dec 2006 09:18:11 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrEdy-0003zS-3b; Mon, 04 Dec 2006 09:18:11 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEZi-000NyD-0S for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:13:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.167] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEWc-000Nka-7W for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:12:24 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id A588E11401F; Mon, 4 Dec 2006 14:10:29 +0000 (UTC) (envelope-from Shane_Kerr@isc.org) Received: by farside.isc.org (Postfix, from userid 10287) id C8CE6E60AE; Mon, 4 Dec 2006 14:10:24 +0000 (UTC) Date: Mon, 4 Dec 2006 14:10:24 +0000 From: Shane Kerr To: Mike StJohns Cc: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Application use of Provable non-existence Message-ID: <20061204141024.GA24871@farside.isc.org> References: <20061127032712.096F15688E@shell-ng.nominum.com> <456ACB19.3020706@isc.org> <20061128203525.E477E56860@shell-ng.nominum.com> <456D791B.4010201@isc.org> <20061130193629.DDCB35691B@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061130193629.DDCB35691B@shell-ng.nominum.com> User-Agent: Mutt/1.4.2.1i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c On 2006-11-30 14:36:25 -0500, Mike StJohns wrote: > Unsecure is data under a trust anchor where there was a secure > delegation into an unsecure zone (e.g. proof at the parent that the > DS record didn't exist) So, there is the equivalent of PNE for DS records under any model? Otherwise an attacker can break the chain of trust, right? > All you can say about data in an unsecure zone was that the parent > said it was unsecure. A response of non-existence is no better or > worse than without DNSSEC or data not subordinate to a trust anchor. > > If you say a site doesn't exist securely of course you know that the > data doesn't exist - now. The question is how long you wait until > you decide that it might exist (e.g. TTLs)? And how does that > differ from what you do with DNS today (e.g. negative caching ttls)? > I know that if I get an answer like that regardless of whether its > validated or unvalidated, I'm probably going to try and force a DNS > lookup past the cache, especially if I *know* (someone told me, > someone wrote it down, it was on a web page, etc) it existed. > > If you say a site doesn't exist insecurely, you don't have the data > to connect (i.e. no return of a A record) so you can't connect. You > might want to try again - and if you get a validated answer that it > does exist (either PNE or SO) at a later time you connect. > > I can't see any difference on the final result or even much on how I > got there... So the difference under discussion is the TTL on negative caching, right? (*) In general, I thought we trust the administrator in DNS. We respect TTL for caching. If DNSSEC without negative caching is okay, then I guess we don't need PNE, for some classes of applications. A big scary notice to anyone using DNS might be in order though ("no doesn't *always* mean no"). > >For non-interactive applications... I don't know. The possible > >attack is DoS, right? I guess some analysis of classes of > >non-interactive applications can be made, but my intuition tells me > >that most applications will need to handle this attack in a unique > >way. > > Yes. I'd really like someone to make and publish analyses for > several applications rather than assume a field of dreams > approach. At the very least it would silence some of the DNSSEC > critics who ask "What's the value-add for DNSSEC?" Yeah... RFC 3833 says about authenticated denial of domain names: "The question remains: how serious is this threat?" It's been a couple of years... has there been any work done since then? -- Shane (*) I'll think a bit more on the actual resolution process, I think there is a difference there. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:18:33 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrEeP-00025m-Lp; Mon, 04 Dec 2006 09:18:33 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrEeJ-00042I-EK; Mon, 04 Dec 2006 09:18:33 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEU8-000NZg-Ec for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:07:56 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [80.67.170.53] (helo=mail.bortzmeyer.org) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrETi-000NXz-6G for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:07:45 +0000 Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 77899240813; Mon, 4 Dec 2006 16:07:16 +0100 (CET) Received: by fetiche (Postfix, from userid 1000) id DF6AC17BD9; Mon, 4 Dec 2006 12:02:30 -0200 (BRST) Date: Mon, 4 Dec 2006 12:02:30 -0200 From: Stephane Bortzmeyer To: Shane Kerr Cc: Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061204140230.GA2945@laperouse.bortzmeyer.org> References: <4573FC2F.7080306@isc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4573FC2F.7080306@isc.org> X-Transport: UUCP rules X-Operating-System: Debian GNU/Linux 3.1 User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 On Mon, Dec 04, 2006 at 11:45:03AM +0100, Shane Kerr wrote a message of 38 lines which said: > Isn't this always the case with security though? What is the direct, > immediate RoI for putting a lock on your door? You get a big cut in your insurance costs . That's a RoI! [This could be a good model for DNSSEC. In the real world, decisions about security are not taken based on technical merits. They are taken based on what the insurance companies require.] -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:30:39 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrEq6-0004nE-W0; Mon, 04 Dec 2006 09:30:39 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrElq-0004xv-Qy; Mon, 04 Dec 2006 09:26:18 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEhH-000OdO-Vw for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:21:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEgy-000Obw-6w for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:21:26 +0000 Received: from [192.168.1.102] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB4EIadP039246; Mon, 4 Dec 2006 09:18:37 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 4 Dec 2006 09:15:56 -0500 To: Ralph Droms From: Edward Lewis Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Cc: Paul Vixie , Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3 At 8:10 -0500 12/3/06, Ralph Droms wrote: >spam or malware or phishing attacks. Do we have documented evidence of >specific successful attacks that can be mitigated by DNSSEC? I have seen just one attack documented. It isn't like the attack that Bert Hubert describes, I'll explain that later. http://www.alvestrand.no/subjects/dns-attack-1.html documents the one case. This is not a "it could happen" but an attack that did happen. The attack works on manipulation of data within the registration system. It could be the result of subscriber fraud (such as using a fake credit card) or it could be the result of a hiccup in the registration process. The hiccup begins with using an out-of-bailiwick name server that is so out-of-bailiwick the name server is in another domain. There's no tractable way for the expiration of a domain name to trigger a check of all uses of name servers in that domain across all other registries. A tractable defense to this is to have zones that use out of bailiwick servers to check on the expiration dates of the domains homing their slaves. This could be built into a name server product or a zone management product. Or completely avoid of out-of-bailiwick name servers. (Peter - I'm just saying...) DNSSEC would be one way to address this situation (I wouldn't call it an attack necessarily), with the alternative being tighter defense against subscriber fraud and diligent management of out-of-bailiwick name servers. (Said in the vein that RFC 2181 and the code Andreas mentioned on the list are an alternative to DNSSEC when fighting cache poisoning.) The attack that Bret mentions (I forget if it is a prediction or an observation - I think it is a prediction because he uses formal math to describe it) is something that is of concern. But it is cache poisoning a directed attack at poisoning a particular server. The situation documented by Harald is a widespread situation, when it is pulled off, all iterating name servers "will fall victim" to it not just the targeted one(s). -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:31:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrEqh-00059T-TU; Mon, 04 Dec 2006 09:31:15 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrEqb-0005jd-H9; Mon, 04 Dec 2006 09:31:15 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrEmE-000P2N-JL for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:26:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.1.7 Received: from [131.111.8.130] (helo=ppsw-0.csi.cam.ac.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrElj-000Ozb-Hm for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:26:27 +0000 X-Cam-SpamDetails: Not scanned X-Cam-AntiVirus: No virus found X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:57801) by ppsw-0.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.150]:25) with esmtpa (EXTERNAL:fanf2) id 1GrElW-0002ps-0a (Exim 4.63) (return-path ); Mon, 04 Dec 2006 14:25:54 +0000 Received: from fanf2 (helo=localhost) by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1GrElM-0005BN-4U (Exim 4.54) (return-path ); Mon, 04 Dec 2006 14:25:44 +0000 Date: Mon, 4 Dec 2006 14:25:44 +0000 From: Tony Finch X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk To: IETF DNSEXT WG cc: Phillip Hallam-Baker , John C Klensin , Dave Crocker , Patrik Faltstrom Subject: Re: Non-terminal-wildcards Re: SRV records considered dubious In-Reply-To: Message-ID: References: <198A730C2044DE4A96749D13E167AD37E7E74C@MOU1WNEXMB04.vcorp.ad.vrsn.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 On Fri, 24 Nov 2006, Olaf M. Kolkman wrote: > > I think that most folk seem to agree that the "**" (terminal) super-wildcard > could be implemented using a preprocessor [3], personally I think that such > mechanism does not need a protocol action. I also think that there are still > folk that would like to see a solution for the not-so-terminal wildcard > (_foo.*.example.com) although we have not seen any concrete solutions and > there is doubt that deployment of such (protocol) extension would ever happen. CSA specifies that clients can perform a limited walk up the DNS to search for CSA SRV records, as an alternative to wildcarding. http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.html Tony. -- f.a.n.finch http://dotat.at/ BISCAY FITZROY: SOUTHWEST 6 TO GALE 8, INCREASING SEVERE GALE 9 IN NORTHWEST. ROUGH OR VERY ROUGH. RAIN LATER. GOOD. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:56:53 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrFFV-0002kh-Jq; Mon, 04 Dec 2006 09:56:53 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrFFU-0000MI-7X; Mon, 04 Dec 2006 09:56:53 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrF99-0001Gk-1x for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:50:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.75] (helo=robin.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrF8O-00019A-RJ for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:49:53 +0000 Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id kB4EmKqg014327; Mon, 4 Dec 2006 06:49:05 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 06:48:20 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Non-terminal-wildcards Re: SRV records considered dubious Date: Mon, 4 Dec 2006 06:48:17 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EAF6@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Non-terminal-wildcards Re: SRV records considered dubious Thread-Index: AccXsCeB9Y2kPtqBRxG7NrS7AKVeUQAAsT0g From: "Hallam-Baker, Phillip" To: "Tony Finch" , "IETF DNSEXT WG" Cc: "John C Klensin" , "Dave Crocker" , "Patrik Faltstrom" X-OriginalArrivalTime: 04 Dec 2006 14:48:20.0540 (UTC) FILETIME=[3DB7F7C0:01C717B3] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 > From: Tony Finch [mailto:fanf2@hermes.cam.ac.uk] On Behalf Of=20 >=20 > On Fri, 24 Nov 2006, Olaf M. Kolkman wrote: > > > > I think that most folk seem to agree that the "**" (terminal)=20 > > super-wildcard could be implemented using a preprocessor [3],=20 > > personally I think that such mechanism does not need a protocol=20 > > action. I also think that there are still folk that would=20 > like to see=20 > > a solution for the not-so-terminal wildcard > > (_foo.*.example.com) although we have not seen any concrete=20 > solutions=20 > > and there is doubt that deployment of such (protocol)=20 > extension would ever happen. >=20 > CSA specifies that clients can perform a limited walk up the=20 > DNS to search for CSA SRV records, as an alternative to wildcarding. > http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.html This is the problem though. Heuristic walks up and down the DNS hierarchy are the quick and easy = fix. The problem is that they are inefficient and they change the = semantics of DNS administrative boundaries. =20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 09:57:55 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrFGV-0004Fr-5R; Mon, 04 Dec 2006 09:57:55 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrFGT-0000RN-Ru; Mon, 04 Dec 2006 09:57:55 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrFBR-0001VK-6f for namedroppers-data@psg.com; Mon, 04 Dec 2006 14:52:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrF9t-0001KZ-PO for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 14:51:43 +0000 Received: from [192.168.1.102] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB4EmRLo039420; Mon, 4 Dec 2006 09:48:28 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <20061204123930.GC3111@outpost.ds9a.nl> References: <4573FC2F.7080306@isc.org> <20061204123930.GC3111@outpost.ds9a.nl> Date: Mon, 4 Dec 2006 09:45:07 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b At 13:39 +0100 12/4/06, bert hubert wrote: >Perception is the key word here though. No pun intended, yes, it's all perception. >My feeling however is that the full cost of DNSSEC (even without NSEC3) >vastly outweighs any perceived (or even: real) benefit. Having worked with DNSSEC for more than two years, I know a lot about what DNSSEC is. But knowing how (well) it is constructed doesn't mean it is the right solution to the problems we have now. Times change, problems change. What was probably the best solution in 1996 might not be the best solution in 2007. Just because DNS has a vulnerable protocol state and DNSSEC offers a means to defend it does not mean DNSSEC is the answer. This doesn't mean DNSSEC ought to be abandoned. But I do wonder why, if DNSSEC is the solution to problems, that it isn't wholeheartedly adopted? I don't hear anyone saying "I'd love to use DNSSEC, but could you adjust it here or there?" I.e., I don't see a building demand for it. DNSSEC does take a water-tight approach to security, it would be able to defend a lot of forms of attack and supports all of the robustness principles of the DNS (caching, replication, etc.). But is the effort to be this secure worth the cost? I haven't seen anyone who says yes to the latter with an open wallet. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 10:30:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrFmS-0003TE-9z; Mon, 04 Dec 2006 10:30:56 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrFmN-0004Y9-1F; Mon, 04 Dec 2006 10:30:56 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrFhy-0004PW-Tb for namedroppers-data@psg.com; Mon, 04 Dec 2006 15:26:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrFge-0004Ft-9M for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 15:25:41 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id AB8621142D for ; Mon, 4 Dec 2006 15:24:55 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) In-Reply-To: Your message of "Mon, 04 Dec 2006 09:45:07 EST." References: <4573FC2F.7080306@isc.org> <20061204123930.GC3111@outpost.ds9a.nl> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Mon, 04 Dec 2006 15:24:55 +0000 Message-ID: <70651.1165245895@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de > This doesn't mean DNSSEC ought to be abandoned. But I do wonder why, if > DNSSEC is the solution to problems, that it isn't wholeheartedly adopted? because, like AV products for home PC's, most folks who need this technology do not know that they need it. without marketing, there is no market. (duh!) -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 10:59:46 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrGEM-0004D0-Oc; Mon, 04 Dec 2006 10:59:46 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrGEL-0000XU-G8; Mon, 04 Dec 2006 10:59:46 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrG8T-0006hs-1J for namedroppers-data@psg.com; Mon, 04 Dec 2006 15:53:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,NO_REAL_NAME autolearn=no version=3.1.7 Received: from [198.32.6.68] (helo=vacation.karoshi.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrG8I-0006fu-4t for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 15:53:35 +0000 Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id kB4Fq7SK010370; Mon, 4 Dec 2006 15:52:07 GMT Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id kB4Fq6ap010369; Mon, 4 Dec 2006 15:52:06 GMT Date: Mon, 4 Dec 2006 15:52:06 +0000 From: bmanning@karoshi.com To: Edward Lewis Cc: namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061204155206.GA8964@vacation.karoshi.com.> References: <4573FC2F.7080306@isc.org> <20061204123930.GC3111@outpost.ds9a.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.2 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 > > DNSSEC does take a water-tight approach to security, it would be able > to defend a lot of forms of attack and supports all of the robustness > principles of the DNS (caching, replication, etc.). But is the > effort to be this secure worth the cost? I haven't seen anyone who > says yes to the latter with an open wallet. > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis +1-571-434-5468 those w/ open wallets are now w/ empty wallets and nothing (much) to show for it. :) --bill -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 12:21:40 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrHVc-0003uC-6n; Mon, 04 Dec 2006 12:21:40 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrHVV-0004j9-U8; Mon, 04 Dec 2006 12:21:40 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHRO-000DT0-Fi for namedroppers-data@psg.com; Mon, 04 Dec 2006 17:17:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHQd-000DPK-EY for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 17:16:51 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 1F95711429 for ; Mon, 4 Dec 2006 17:16:27 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Mon, 04 Dec 2006 12:12:21 EST." <20061204171222.303505687D@shell-ng.nominum.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Mon, 04 Dec 2006 17:16:27 +0000 Message-ID: <91450.1165252587@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 > I don't think I've ever seen an insult done as subtly and smarmily as the > one above. Congratulations on your use of the English language. mike, i think we're done here. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 12:21:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrHVt-00046E-GL; Mon, 04 Dec 2006 12:21:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrHVo-0004lL-1y; Mon, 04 Dec 2006 12:21:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHN1-000D6X-IG for namedroppers-data@psg.com; Mon, 04 Dec 2006 17:12:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHMe-000D57-Bo for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 17:12:41 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 303505687D; Mon, 4 Dec 2006 09:12:22 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Dec 2006 12:12:21 -0500 To: Paul Vixie ,namedroppers@ops.ietf.org From: Mike StJohns Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: <25076.1165105081@sa.vix.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061204171222.303505687D@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86 At 07:18 PM 12/2/2006, Paul Vixie wrote: > > ... blaming my proposal as a distraction seems to be a bit ...unreasonable. > > It may be more reasonable to blame the lack of attraction of DNSSEC to the > > zone operators and the lack of any application driven desire for DNSSEC for > > its failure to take hold up to this point. > >i think the lack of attraction is explainable separately from the quality or >complexity of the current official design. kc said it best, on one of steve >crocker's concalls, when steve asked "what's the one thing the community >needs to begin dnssec deployment?" and kc answered, "motivation." dnssec is >a classic internet design, demanded by military/government types. it is not >like the web or ssl, demanded by the market and/or useful for commerce. if >you're trying to create motivation, then adding an 8th 11th-hour retrenching >isn't the way. if you're trying to overcome inertia and/or improve the >cost:benefit toward a more compelling level, then again, adding an 8th 11th >hour retrenching to the schedule is not your best move. I'm not adding anything to the schedule.... feel free to complete and deploy NSEC3 on schedule.. what is that schedule by the way? > > WRT to Ohta's design - I've actually never seen it. > >that's a sad statement in and of itself. you're acting like a latecomer who >has all the answers but hasn't done a lot of research and/or homework. since >i know you better than that, i am mystified. what kind of >deployment community >backing have you received that made your current proposal seem useful? I don't think I've ever seen an insult done as subtly and smarmily as the one above. Congratulations on your use of the English language. I actually did a fair amount of research and homework as you well know. I also discussed the generics of my proposal with many people who have been involved with DNSSEC over the last 4 years and Ohta's proposal never came up. If it had, having now looked at it, I wouldn't have used anything from it as it had no interoperability with 4033-4035. Finally, after I presented SO at the IETF a number of people who are trying to deploy DNSSEC found me to chat - and said that this proposal might actually speed deployment. but you won't improve it by adding an 8th 11th-hour redesign. all you could >do would be to convince anybody who has been waiting for dnssec that they'll >have to go their own way. You seem to be all out of proportion afraid of one simple proposal. If the DNSSEC train can be derailed by such a simple thing (think penny on the track) isn't it possible that the track needs rebuilding or the engine needs redesign? >are you failing to grasp that any change to the >way this stuff works will take at least two years to stop arguing about and >test-in-lab and write code for and so on? and that the real deployment work >will not begin until those moments stop coming? and that real deployment >will take five years once it starts? Actually, given reactions from folks like you I've about decided to publish it as experimental - as a profile of 4033-4035 with extensions. That should have it done mostly at the next IETF. For code - well stub zones without further delegation will run on 4033-4035 compliant servers (already have a few proof of concepts there). The changes to 4033-4035 authoritative and recursive servers for full compliance mainly involve teaching them that OSIG should be treated like RRSIG(DNSKEY) and DSSO like the DS record. For deployment, if someone thinks they can make money signing OSIG records I'll bet that would happen sooner than 5 years. For the application side - that's a bit harder, but since validators for 4033-4035 already exist for a few apps, not as hard as you would think as SO validation is a subset of PNE validation. > > You decry my timing and strategy, but I ask you when if not now? Should I > > have submitted this as a place holder 3 years ago when roughly the same > > argument was made to me? Should I have waited until NSEC3 was complete - > > if ever? Never? If the latter really is the answer, then the IETF is a > > vastly different organization that it used to be. > >never. because the IETF is a vastly different organization than it used to >be. and while you're hitting on the reasons we tried to start MODA, that's a >separate discussion (and, MODA is dead, since it could not overcome inertia.) And that's what happens when political considerations override technical ones... sad. If you've got further technical arguments to make - please make them. I'm done with this political thread. Later, Mike -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 12:39:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrHnJ-0003XG-Py; Mon, 04 Dec 2006 12:39:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrHnH-0007Li-AK; Mon, 04 Dec 2006 12:39:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHfk-000Ehb-Mb for namedroppers-data@psg.com; Mon, 04 Dec 2006 17:32:08 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrHfG-000Ee2-9A for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 17:31:56 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id E6D595688D; Mon, 4 Dec 2006 09:31:35 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Dec 2006 12:31:34 -0500 To: Shane Kerr From: Mike StJohns Subject: Re: DNSSEC - Application use of Provable non-existence Cc: namedroppers@ops.ietf.org In-Reply-To: <20061204141024.GA24871@farside.isc.org> References: <20061127032712.096F15688E@shell-ng.nominum.com> <456ACB19.3020706@isc.org> <20061128203525.E477E56860@shell-ng.nominum.com> <456D791B.4010201@isc.org> <20061130193629.DDCB35691B@shell-ng.nominum.com> <20061204141024.GA24871@farside.isc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061204173135.E6D595688D@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9a2be21919e71dc6faef12b370c4ecf5 At 09:10 AM 12/4/2006, Shane Kerr wrote: >On 2006-11-30 14:36:25 -0500, Mike StJohns wrote: > > Unsecure is data under a trust anchor where there was a secure > > delegation into an unsecure zone (e.g. proof at the parent that the > > DS record didn't exist) > >So, there is the equivalent of PNE for DS records under any model? >Otherwise an attacker can break the chain of trust, right? Not exactly. In both SO and PNE you break the chain of trust by failing to have a signature chain - in PNE, the semantics of that signature chain include signatures over NSEC(3) records which gives you the ability to prove that a record doesn't exist. In either case, you use the signature chain to prove the validity of one or more records - but what the records might say is that something doesn't exist. So doing a deletion or modification attack on any RRSIG record results in an unvalidated answer for either SO or PNE. Breaking the chain on a PNE proof of DS non-existence has the side effect of making all the stuff covered by the DS record "bogus". > > All you can say about data in an unsecure zone was that the parent > > said it was unsecure. A response of non-existence is no better or > > worse than without DNSSEC or data not subordinate to a trust anchor. > > > > If you say a site doesn't exist securely of course you know that the > > data doesn't exist - now. The question is how long you wait until > > you decide that it might exist (e.g. TTLs)? And how does that > > differ from what you do with DNS today (e.g. negative caching ttls)? > > I know that if I get an answer like that regardless of whether its > > validated or unvalidated, I'm probably going to try and force a DNS > > lookup past the cache, especially if I *know* (someone told me, > > someone wrote it down, it was on a web page, etc) it existed. > > > > If you say a site doesn't exist insecurely, you don't have the data > > to connect (i.e. no return of a A record) so you can't connect. You > > might want to try again - and if you get a validated answer that it > > does exist (either PNE or SO) at a later time you connect. > > > > I can't see any difference on the final result or even much on how I > > got there... > >So the difference under discussion is the TTL on negative caching, >right? (*) > >In general, I thought we trust the administrator in DNS. We respect >TTL for caching. > >If DNSSEC without negative caching is okay, then I guess we don't need >PNE, for some classes of applications. A big scary notice to anyone >using DNS might be in order though ("no doesn't *always* mean no"). We trust current DNS to do reasonable negative caching - and that's a point of weakness mitigated by relatively short caching times. If you do negative caching based on a proof of non-existence, you could up the negative caching time somewhat, but you then have to have another discussion about just how long you keep the stuff negatively cached. Too long and the server may not retrieve legitimately new data that's published after the negative response from the authoritative server. The semantics of a signature over existing data generally mean you can trust the binding of the name to the data over the signature lifetime (e.g. from signature inception to expiration) - that's a separate issue from keeping it in the cache which is a TTL issue. The semantics of a signature over non-existing data - does that mean you can trust there will never be a binding of a name to data covered by the non-existence proof during the signature lifetime? Can a validator rely on this? In practice, the answer is that the reliance on a proof of non-existence is bounded by a number lower than the signature lifetime (e.g. the embedded original TTL of the NSEC record) - otherwise an administrative error (e.g. proving there are no MX records at the zone name for the next 20 years) would really screw you. (But consider an attacker who could get his hands on such a record and keep replaying in for the next 20 years :-) ) > > >For non-interactive applications... I don't know. The possible > > >attack is DoS, right? I guess some analysis of classes of > > >non-interactive applications can be made, but my intuition tells me > > >that most applications will need to handle this attack in a unique > > >way. > > > > Yes. I'd really like someone to make and publish analyses for > > several applications rather than assume a field of dreams > > approach. At the very least it would silence some of the DNSSEC > > critics who ask "What's the value-add for DNSSEC?" > >Yeah... RFC 3833 says about authenticated denial of domain names: "The >question remains: how serious is this threat?" > >It's been a couple of years... has there been any work done since >then? Some - not enough. Later, Mike -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 13:30:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrIa4-0006qC-Tp; Mon, 04 Dec 2006 13:30:20 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrIZz-0005ne-Dy; Mon, 04 Dec 2006 13:30:20 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrITQ-000JER-7c for namedroppers-data@psg.com; Mon, 04 Dec 2006 18:23:28 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.1.7 Received: from [157.185.61.2] (helo=M4.sparta.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrIT3-000JAz-8p for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 18:23:20 +0000 Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id kB4IMrDt022764; Mon, 4 Dec 2006 12:22:53 -0600 Received: from ponyxpress.rosslyn.ads.sparta.com (861.rosslyn.sparta.com [157.185.86.1]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id kB4IMok0025805; Mon, 4 Dec 2006 12:22:52 -0600 Received: from mailbin.rosslyn.ads.sparta.com ([157.185.85.6]) by ponyxpress.rosslyn.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 13:22:50 -0500 Received: from spx.vb.futz.org ([216.27.162.138]) by mailbin.rosslyn.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 13:49:13 -0500 Date: Mon, 4 Dec 2006 13:22:38 -0500 From: Robert Story To: Mike StJohns Cc: Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: <20061204171222.303505687D@shell-ng.nominum.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> Organization: SPARTA X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; powerpc-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; boundary=Sig_r9stLV6KT4.aMG94OQm_vAK; protocol="application/pgp-signature"; micalg=PGP-SHA1 Message-ID: X-OriginalArrivalTime: 04 Dec 2006 18:49:13.0515 (UTC) FILETIME=[E45CEFB0:01C717D4] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 --Sig_r9stLV6KT4.aMG94OQm_vAK Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 04 Dec 2006 12:12:21 -0500 Mike wrote: MS> The changes to 4033-4035 authoritative and recursive servers=20 MS> for full compliance mainly involve teaching them that OSIG should be=20 MS> treated like RRSIG(DNSKEY) and DSSO like the DS record. For=20 MS> deployment, if someone thinks they can make money signing OSIG=20 MS> records I'll bet that would happen sooner than 5 years. =20 I find this interesting, since you've said yourself that you haven't figured out a way for a resolver to know if it should expect an OSIG record (and thus know if it's been stripped). Which is too bad, I think off-tree signing would be very nice to have. --=20 Robert Story SPARTA --Sig_r9stLV6KT4.aMG94OQm_vAK Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFdGdz7/fVLLY1mngRAsRXAKCJoHgg7h4xXezF6CDgvSSDQoqYCwCeKeza FiUq2W/Q5ggYTeoxBhY9tmY= =i4vW -----END PGP SIGNATURE----- --Sig_r9stLV6KT4.aMG94OQm_vAK-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From 304edlin@joyie.sh Mon Dec 04 13:53:35 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrIwZ-0004eE-Lb for dnsext-archive@lists.ietf.org; Mon, 04 Dec 2006 13:53:35 -0500 Received: from abmu103.neoplus.adsl.tpnet.pl ([83.7.240.103] helo=CCC) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GrIwX-0005p0-GX; Mon, 04 Dec 2006 13:53:35 -0500 Message-ID: <00840014724368.EBB1EA927B@A6MMB> From: "(270) 818-7244 Trey " <179claudio@ilyichevsk.net> To: Subject: Gte your Diploma {}fast and easy today! Date: Mon, 4 Dec 2006 19:48:29 +0200 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: TC5AYC9Pcn5xcDtHiBx7zIiTXvBGqYXOmwUK Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Spam-Score: 1.8 (+) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d Yo Ce!. Absoltuely are no demnaded tests, classes, books, or interviews ! Gain a_Bachelors, aMsters., MBA, and Doctorate (PhD) diploma. Brin gin the perks and hnoor_that comes with a.diploma ! No one si removed 100% Secercy promised Receive Anytime +1 (270) 818-7244 Operators Waiting *-+*-+*-+*-+*-+*-+*-+*-+*-+*-+*-+ mother's jewelry that should have gone to Quintus's wife, if ever heforward, dimly aware that earth ought to be sprinkled on the dead man,tribune, but at that moment he would have followed him as his ownthen that his life was beginning. But that was the evening he firstover it reflected neither stars nor moon. The gods have turned theiruse it to keep his men alive a little longer. Pulling away from thedarkness had brought relief from the glare of the Syrian sun on bareinto obedience. Rufus moved among them where they lay, inspecting, and From owner-namedroppers@ops.ietf.org Mon Dec 04 14:11:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrJDU-0001aJ-V9; Mon, 04 Dec 2006 14:11:04 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrJDP-0003oK-L5; Mon, 04 Dec 2006 14:11:04 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJ6e-000MvS-Ld for namedroppers-data@psg.com; Mon, 04 Dec 2006 19:04:00 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJ6F-000MuB-TB for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 19:03:49 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 58F1E56893; Mon, 4 Dec 2006 11:03:34 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Dec 2006 14:03:33 -0500 To: Robert Story From: Mike StJohns Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Cc: namedroppers@ops.ietf.org In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061204190334.58F1E56893@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0 At 01:22 PM 12/4/2006, Robert Story wrote: >On Mon, 04 Dec 2006 12:12:21 -0500 Mike wrote: >MS> The changes to 4033-4035 authoritative and recursive servers >MS> for full compliance mainly involve teaching them that OSIG should be >MS> treated like RRSIG(DNSKEY) and DSSO like the DS record. For >MS> deployment, if someone thinks they can make money signing OSIG >MS> records I'll bet that would happen sooner than 5 years. > >I find this interesting, since you've said yourself that you haven't >figured out a way for a resolver to know if it should expect an OSIG >record (and thus know if it's been stripped). Which is too bad, I think >off-tree signing would be very nice to have. Sorry - apples and oranges here. The presence of a RRSIG(DNSKEY) hint (e.g. with a special algorithm type) tells a validator/resolver to look for an OSIG record at the apex regardless of whether it was returned under a DO query. If it finds the OSIG, the validator can use the OSIG to create a chain of trust into the zone. Under PNE, the presence of a trust anchor implies that I should be able to complete a proof of existence or non-existence for any query subordinate to that trust anchor. That's really the first part of the validation algorithm - setting the expectation before ever retrieving any data. If the OSIG zone is not under a trust anchor, then the RRSIG and OSIG could be stripped without ever causing the PNE validator to reset the expectation from unsigned to signed resulting the zone being treated as "unknown" or "unsecure" In SO - all unvalidated answers are equally bad so this isn't a problem. So you could use this mechanism for PNE, but the results for a zone signed by OSIG but not subordinate to a trust anchor would be no better than SO. (Hmm... I guess you could include NSEC records for the zone, but the signalling for whether a zone is PNE or SO is done by choice of DS or DSSO so you'd have to encode that in the OSIG). The way this OSIG/RRSIG hack works is that the OSIG is treated by a non-SO-compliant server like any other non-dnssec data - (E.g. RFC3597 master file representation syntax). Mike >-- >Robert Story >SPARTA > -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 14:50:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrJpY-0005SX-F8; Mon, 04 Dec 2006 14:50:24 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrJpU-0003KF-Uf; Mon, 04 Dec 2006 14:50:24 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJjJ-00004M-6y for namedroppers-data@psg.com; Mon, 04 Dec 2006 19:43:57 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.1.7 Received: from [157.185.61.2] (helo=M4.sparta.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJik-000Pzx-CD for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 19:43:41 +0000 Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id kB4JhJ9l027765; Mon, 4 Dec 2006 13:43:19 -0600 Received: from ponyxpress.rosslyn.ads.sparta.com (861.rosslyn.sparta.com [157.185.86.1]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id kB4JhJfv000997; Mon, 4 Dec 2006 13:43:19 -0600 Received: from mailbin.rosslyn.ads.sparta.com ([157.185.85.6]) by ponyxpress.rosslyn.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 14:43:18 -0500 Received: from spx.vb.futz.org ([216.27.162.138]) by mailbin.rosslyn.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 15:09:41 -0500 Date: Mon, 4 Dec 2006 14:43:05 -0500 From: Robert Story To: Mike StJohns Cc: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: <20061204190334.58F1E56893@shell-ng.nominum.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204190334.58F1E56893@shell-ng.nominum.com> Organization: SPARTA X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; powerpc-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; boundary=Sig_B4dl1eoqwzkD47st_ZoZn2x; protocol="application/pgp-signature"; micalg=PGP-SHA1 Message-ID: X-OriginalArrivalTime: 04 Dec 2006 20:09:42.0125 (UTC) FILETIME=[227059D0:01C717E0] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da --Sig_B4dl1eoqwzkD47st_ZoZn2x Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 04 Dec 2006 14:03:33 -0500 Mike wrote: MS> At 01:22 PM 12/4/2006, Robert Story wrote: MS> >On Mon, 04 Dec 2006 12:12:21 -0500 Mike wrote: MS> >MS> The changes to 4033-4035 authoritative and recursive servers MS> >MS> for full compliance mainly involve teaching them that OSIG should = be MS> >MS> treated like RRSIG(DNSKEY) and DSSO like the DS record. For MS> >MS> deployment, if someone thinks they can make money signing OSIG MS> >MS> records I'll bet that would happen sooner than 5 years. MS> > MS> >I find this interesting, since you've said yourself that you haven't MS> >figured out a way for a resolver to know if it should expect an OSIG MS> >record (and thus know if it's been stripped). Which is too bad, I think MS> >off-tree signing would be very nice to have. MS>=20 MS>=20 MS> Sorry - apples and oranges here. MS>=20 MS> The presence of a RRSIG(DNSKEY) hint (e.g. with a special algorithm=20 MS> type) tells a validator/resolver to look for an OSIG record at the=20 MS> apex regardless of whether it was returned under a DO query. If it=20 MS> finds the OSIG, the validator can use the OSIG to create a chain of=20 MS> trust into the zone. I guess I wasn't clear.. I was referring to this paragraph from your initial message on off-tree signing: > If a DNSSEC aware client makes a query into the DNS tree for data=20 > that is not subordinate to one of the trust anchors it knows about=20 > (e.g. it olny knows about .COM, the query is for "FOO.NET"), that=20 > data is automatically treated as not-signed by the validator. Say=20 > that foo.net has an off tree signature - there's no way to convey to=20 > the validator that this part of the tree is signed - a simple=20 > deletion attack could remove any DNSSEC data and the validator=20 > wouldn't know the difference. So, my observation was simply that I can't imagine people signing up for OSIGs when a deletion attack is so simple... --=20 Robert Story SPARTA --Sig_B4dl1eoqwzkD47st_ZoZn2x Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFdHpT7/fVLLY1mngRApyBAKCQHuIcEHX4YVo5TpJ+5ak92DihAgCgi73p keHDsujwNX5J2ipKk+tzvXY= =8FTp -----END PGP SIGNATURE----- --Sig_B4dl1eoqwzkD47st_ZoZn2x-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 14:58:00 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrJwu-0005oM-Gv; Mon, 04 Dec 2006 14:58:00 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrJwp-00047q-Tx; Mon, 04 Dec 2006 14:58:00 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJpi-0000ct-62 for namedroppers-data@psg.com; Mon, 04 Dec 2006 19:50:34 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJpG-0000Yh-Vv for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 19:50:24 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 1F0F74049; Mon, 4 Dec 2006 20:49:58 +0100 (CET) Date: Mon, 4 Dec 2006 20:49:58 +0100 From: bert hubert To: Mike StJohns Cc: Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061204194957.GA25206@outpost.ds9a.nl> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061204171222.303505687D@shell-ng.nominum.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69 On Mon, Dec 04, 2006 at 12:12:21PM -0500, Mike StJohns wrote: > I'm not adding anything to the schedule.... feel free to complete and > deploy NSEC3 on schedule.. what is that schedule by the way? Also - if DNSSEC were to be a success, NSEC3 would be the most complex part of *any* protocol actually used on the internet. It even beats H.323. Not many protocols require mathematical problem solvers embedded in mission critical software. > You seem to be all out of proportion afraid of one simple proposal. If > the DNSSEC train can be derailed by such a simple thing (think penny on > the track) isn't it possible that the track needs rebuilding or the engine > needs redesign? DNSSEC has been derailed many times already. Signature Only however might fit the 'cost/benefit' balance. > Actually, given reactions from folks like you I've about decided to > publish it as experimental - as a profile of 4033-4035 with > extensions. That should have it done mostly at the next IETF. For That is one other problem of DNSSEC - it is absorbing most of the 'brain cycles' of DNSEXT members. Non-DNSSEC drafts struggle to get enough attention, even those which would have an immediate positive influence on DNS security. Which I understand, a lot of time is needed to work through all DNSSEC drafts and proposals etc. But it is sad nonetheless. You may find the same problem getting people willing to proofread your RFC. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 15:08:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrK73-0004rT-FF; Mon, 04 Dec 2006 15:08:29 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrK72-0005Sr-63; Mon, 04 Dec 2006 15:08:29 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJzR-0001RB-Sf for namedroppers-data@psg.com; Mon, 04 Dec 2006 20:00:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrJxF-0001EI-NN for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 19:59:14 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id A9F515688E; Mon, 4 Dec 2006 11:58:20 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Dec 2006 14:58:19 -0500 To: Robert Story From: Mike StJohns Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Cc: namedroppers@ops.ietf.org In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204190334.58F1E56893@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061204195820.A9F515688E@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d > >I guess I wasn't clear.. I was referring to this paragraph from your >initial message on off-tree signing: > > > If a DNSSEC aware client makes a query into the DNS tree for data > > that is not subordinate to one of the trust anchors it knows about > > (e.g. it olny knows about .COM, the query is for "FOO.NET"), that > > data is automatically treated as not-signed by the validator. Say > > that foo.net has an off tree signature - there's no way to convey to > > the validator that this part of the tree is signed - a simple > > deletion attack could remove any DNSSEC data and the validator > > wouldn't know the difference. > >So, my observation was simply that I can't imagine people signing up >for OSIGs when a deletion attack is so simple... For SO - its a "don't care" or rather "unvalidatable signed data (e.g. because of deletion) is no better than unsigned data. That's the basic design of SO.... the only output of the validator is either validated or unvalidated - if the former, do the "secure" thing, if the latter do something else. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 15:16:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrKEP-0002Yi-Qn; Mon, 04 Dec 2006 15:16:05 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrKEK-0006mR-DP; Mon, 04 Dec 2006 15:16:05 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrK9a-0002OD-MF for namedroppers-data@psg.com; Mon, 04 Dec 2006 20:11:06 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrK7x-0002DS-Qt for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 20:10:23 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 88E685688E; Mon, 4 Dec 2006 12:09:24 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Dec 2006 15:09:23 -0500 To: Robert Story From: Mike StJohns Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Cc: namedroppers@ops.ietf.org In-Reply-To: <7.1.0.9.2.20061204145619.05bd8a08@nominum.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204190334.58F1E56893@shell-ng.nominum.com> <7.1.0.9.2.20061204145619.05bd8a08@nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061204200924.88E685688E@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab At 02:58 PM 12/4/2006, Mike StJohns wrote: >>I guess I wasn't clear.. I was referring to this paragraph from your >>initial message on off-tree signing: >> >> > If a DNSSEC aware client makes a query into the DNS tree for data >> > that is not subordinate to one of the trust anchors it knows about >> > (e.g. it olny knows about .COM, the query is for "FOO.NET"), that >> > data is automatically treated as not-signed by the validator. Say >> > that foo.net has an off tree signature - there's no way to convey to >> > the validator that this part of the tree is signed - a simple >> > deletion attack could remove any DNSSEC data and the validator >> > wouldn't know the difference. >> >>So, my observation was simply that I can't imagine people signing up >>for OSIGs when a deletion attack is so simple... > >For SO - its a "don't care" or rather "unvalidatable signed data >(e.g. because of deletion) is no better than unsigned data. That's >the basic design of SO.... the only output of the validator is >either validated or unvalidated - if the former, do the "secure" >thing, if the latter do something else. Hmm.. let me expand this.... with the sole exception of a delegation into an unsecure zone you use PNE to prove that the data you asked for doesn't exist (NB - at the time you ask). What the practical result of that is that you won't try and connect (because ... duh :-) ... you don't have the data). If you get a valid/exists result in PNE you pretty much never look at the non-existence data - so this is directly equivalent to SO. If you get a bogus result (e.g. an inability to either prove or disprove the existence of data) - that's equivalent to an "unvalidated" result in SO - both PNE and SO will generally treat bogus/unvalidated as not secure and take some action less than the "secure" action. It's only the corner cases - the provably unsecure set of records (either not under a trust anchor or under a securely unsecure delegation) where PNE and SO treat results differently. SO treats anything that it can't validate as unvalidated. PNE treats data that it didn't know how to validate as better than data it did know how to validate, but for which it wasn't able to complete the validation (e.g. better than bogus data). Hmm... -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 15:38:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrKZe-0006bf-Jq; Mon, 04 Dec 2006 15:38:02 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrKXd-0001Jh-LH; Mon, 04 Dec 2006 15:35:58 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrKTW-0004pn-Kh for namedroppers-data@psg.com; Mon, 04 Dec 2006 20:31:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrKSq-0004kV-PV for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 20:31:14 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 746FF3FD4; Mon, 4 Dec 2006 21:30:59 +0100 (CET) Date: Mon, 4 Dec 2006 21:30:59 +0100 From: bert hubert To: Robert Story Cc: Mike StJohns , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061204203059.GA26943@outpost.ds9a.nl> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204190334.58F1E56893@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 On Mon, Dec 04, 2006 at 02:43:05PM -0500, Robert Story wrote: > So, my observation was simply that I can't imagine people signing up > for OSIGs when a deletion attack is so simple... Without intercepting traffic from either the client or the authoritative nameserver, a deletion attack is only easy if the source port and DNS id of queries are predictable. People with the ability to intercept and inject packets are rare compared to those able to spoof data from non-BCP 38 compliant networks - who I currently consider the gravest danger to the DNS. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 15:38:08 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrKZk-0006lP-Ae; Mon, 04 Dec 2006 15:38:08 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrKVM-00014S-Bp; Mon, 04 Dec 2006 15:33:38 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrKPp-0004KS-DV for namedroppers-data@psg.com; Mon, 04 Dec 2006 20:27:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrKO2-00046e-5y for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 20:26:46 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 1D6E8405E; Mon, 4 Dec 2006 21:00:14 +0100 (CET) Date: Mon, 4 Dec 2006 21:00:14 +0100 From: bert hubert To: Edward Lewis Cc: namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061204200013.GB25206@outpost.ds9a.nl> References: <4573FC2F.7080306@isc.org> <20061204123930.GC3111@outpost.ds9a.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f On Mon, Dec 04, 2006 at 09:45:07AM -0500, Edward Lewis wrote: > DNSSEC does take a water-tight approach to security, it would be able > to defend a lot of forms of attack and supports all of the robustness > principles of the DNS (caching, replication, etc.). But is the > effort to be this secure worth the cost? I haven't seen anyone who > says yes to the latter with an open wallet. We've asked many of our customers and users this exact question: would you be willing to fund DNSSEC development in PowerDNS, and the answer has so far always been a resounding 'no'. We've seen people list "DNSSEC" (w/o further specification) as a requirement, but nobody clamoured for it enough to pay a (modest) premium for it. To put this statement into perspective, in many areas, including some of the largest internet markets (ie, Germany), PowerDNS controls >50% of domains right now, and in others over 40% of resolving needs. So if there were a 'hidden demand' for DNSSEC, or even 'more secure DNS' we'd heard of it by now. And I agree fully with Bill Manning's statement that most people previously willing to fork over money for DNSSEC protocol development now have "an empty wallet, and nothing (much) to show for it". Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 16:27:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrLLU-00047r-0V; Mon, 04 Dec 2006 16:27:28 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrLLS-0003rU-NJ; Mon, 04 Dec 2006 16:27:27 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrLFm-000Afp-A2 for namedroppers-data@psg.com; Mon, 04 Dec 2006 21:21:34 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.1.7 Received: from [65.201.175.9] (helo=mail.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrLEz-000Acv-0Z for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 21:21:16 +0000 Received: from [10.131.29.169] ([::ffff:216.168.239.87]) (AUTH: PLAIN davidb, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.verisignlabs.com with esmtp; Mon, 04 Dec 2006 16:20:43 -0500 id 002DC020.4574912B.00007193 Message-ID: <45749132.2070002@verisignlabs.com> Date: Mon, 04 Dec 2006 16:20:50 -0500 From: David Blacka User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: bert hubert CC: Mike StJohns , Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> In-Reply-To: <20061204194957.GA25206@outpost.ds9a.nl> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d bert hubert wrote: > On Mon, Dec 04, 2006 at 12:12:21PM -0500, Mike StJohns wrote: > >> I'm not adding anything to the schedule.... feel free to complete and >> deploy NSEC3 on schedule.. what is that schedule by the way? > > Also - if DNSSEC were to be a success, NSEC3 would be the most complex part > of *any* protocol actually used on the internet. It even beats H.323. Er, no. > Not many protocols require mathematical problem solvers embedded in mission > critical software. What are you talking about? I feel compelled to point out that NSEC3 isn't that complicated to actually *do*. If it is complex, it is complex to analyze. That is, it can be hard to convince yourself that it works without a bit of mental stretching. -- David Blacka Sr. Engineer VeriSign Infrastructure Product Engineering -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 16:45:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrLch-0003bU-Qt; Mon, 04 Dec 2006 16:45:15 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrLb6-0005ol-QG; Mon, 04 Dec 2006 16:43:42 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrLWt-000CRA-Lf for namedroppers-data@psg.com; Mon, 04 Dec 2006 21:39:15 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrLVa-000CLc-8a for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 21:38:39 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id E6D2B3F7F; Mon, 4 Dec 2006 22:37:52 +0100 (CET) Date: Mon, 4 Dec 2006 22:37:52 +0100 From: bert hubert To: David Blacka Cc: Mike StJohns , Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061204213752.GD26943@outpost.ds9a.nl> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <45749132.2070002@verisignlabs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45749132.2070002@verisignlabs.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 On Mon, Dec 04, 2006 at 04:20:50PM -0500, David Blacka wrote: > I feel compelled to point out that NSEC3 isn't that complicated to > actually *do*. If it is complex, it is complex to analyze. That is, it > can be hard to convince yourself that it works without a bit of mental > stretching. It has a 51 page draft, and it details only *non*-existence. I am referring to NSEC3 non-existence proofs. Perhaps I missed something, but messages like: "In practice, then, we must show an NSEC3 record that encloses the hash of x.C, one that encloses the hash of *.C, and any RR owned by C (which could be an NSEC3, in which case it would be owned by the hash of C). A resolver verifying this proof would have to try longer and longer closest enclosers to determine which was being demonstrated as C, if an NSEC3 is presented. If any other RR was used, then C would be the owner. Once C has been determined, the resolver can easily check x.C and *.C against the proof." http://www.ops.ietf.org/lists/namedroppers/namedroppers.2005/msg00468.html .. look rather like I need to solve for a system of constraints within my software. But perhaps this applied to a previous draft, of perhaps I am dense (most likely). The mind boggles however at the failure modes implied by the wording quoted above. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 04 17:20:58 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrMBG-0007HB-QY; Mon, 04 Dec 2006 17:20:58 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrMBF-0003Un-Fw; Mon, 04 Dec 2006 17:20:58 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrM67-000Ffx-Uf for namedroppers-data@psg.com; Mon, 04 Dec 2006 22:15:39 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.1.7 Received: from [65.201.175.9] (helo=mail.verisignlabs.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrM5m-000FdF-2k for namedroppers@ops.ietf.org; Mon, 04 Dec 2006 22:15:33 +0000 Received: from [10.131.29.169] ([::ffff:216.168.239.87]) (AUTH: PLAIN davidb, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.verisignlabs.com with esmtp; Mon, 04 Dec 2006 17:15:11 -0500 id 002DC0AD.45749DF0.00000A46 Message-ID: <45749DF7.4020309@verisignlabs.com> Date: Mon, 04 Dec 2006 17:15:19 -0500 From: David Blacka User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: bert hubert CC: Mike StJohns , Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <45749132.2070002@verisignlabs.com> <20061204213752.GD26943@outpost.ds9a.nl> In-Reply-To: <20061204213752.GD26943@outpost.ds9a.nl> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465 bert hubert wrote: > On Mon, Dec 04, 2006 at 04:20:50PM -0500, David Blacka wrote: >> I feel compelled to point out that NSEC3 isn't that complicated to >> actually *do*. If it is complex, it is complex to analyze. That is, it >> can be hard to convince yourself that it works without a bit of mental >> stretching. > > It has a 51 page draft, and it details only *non*-existence. I'm not sure that the length of the draft is totally correlative to the complexity of the protocol. It certainly took some words and examples to cover all of the cases, however. > I am referring to NSEC3 non-existence proofs. Perhaps I missed something, > but messages like: > > "In practice, then, we must show an NSEC3 record that encloses the hash of > x.C, one that encloses the hash of *.C, and any RR owned by C (which could > be an NSEC3, in which case it would be owned by the hash of C). A resolver > verifying this proof would have to try longer and longer closest enclosers > to determine which was being demonstrated as C, if an NSEC3 is presented. > If any other RR was used, then C would be the owner. Once C has been > determined, the resolver can easily check x.C and *.C against the proof." > > http://www.ops.ietf.org/lists/namedroppers/namedroppers.2005/msg00468.html > > .. look rather like I need to solve for a system of constraints within my > software. I don't think that text appears in the any version of the draft. In any case, all it is actually saying is that you have to iteratively hash a known, finite series of names in order to determine the closest encloser. The series of names is the qname, followed by all ancestors of qname up to and including the zone apex (which you know). > But perhaps this applied to a previous draft, of perhaps I am dense (most > likely). The mind boggles however at the failure modes implied by the > wording quoted above. The actual proof follows a fairly simple algorithm. -- David Blacka Sr. Engineer VeriSign Infrastructure Product Engineering -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From dmnrjfvens@otised.com Mon Dec 04 19:01:21 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrNkP-0005cu-3Z for dnsext-archive@lists.ietf.org; Mon, 04 Dec 2006 19:01:21 -0500 Received: from s01060010b5c2a4a7.ed.shawcable.net ([68.149.151.48]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrNkM-0003cm-S5 for dnsext-archive@lists.ietf.org; Mon, 04 Dec 2006 19:01:21 -0500 Message-ID: <000201c71800$a139e0e0$00000000@Wassim> From: "version" To: dnsext-archive@lists.ietf.org Subject: rental key kissimmee Date: Mon, 4 Dec 2006 17:02:18 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Spam-Score: 2.9 (++) X-Scan-Signature: 0f1ff0b0158b41ac6b9548d0972cdd31 20074 From owner-namedroppers@ops.ietf.org Mon Dec 04 20:37:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrPFe-0006Lb-Ql; Mon, 04 Dec 2006 20:37:42 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrPFZ-00047e-Bs; Mon, 04 Dec 2006 20:37:42 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrP7r-0004Sk-Aa for namedroppers-data@psg.com; Tue, 05 Dec 2006 01:29:39 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.75] (helo=robin.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrP7T-0004Q1-AB for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 01:29:29 +0000 Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id kB51TAaN010009; Mon, 4 Dec 2006 17:29:11 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 17:29:10 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Mon, 4 Dec 2006 17:29:10 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EB6F@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AccX7aMyjWsy0HUxSfC/pIrCnA+iXQABsNKA From: "Hallam-Baker, Phillip" To: "bert hubert" , "David Blacka-CR" Cc: "Mike StJohns" , "Paul Vixie" , X-OriginalArrivalTime: 05 Dec 2006 01:29:10.0515 (UTC) FILETIME=[C3B08C30:01C7180C] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c Seems to me that this discussion consists of endless demands for further = particulars followed by the complaint that the answers to those = particulars is too long. NSEC3 is not at all complex by crypto standards.=20 > -----Original Message----- > From: owner-namedroppers@ops.ietf.org=20 > [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of bert hubert > Sent: Monday, December 04, 2006 4:38 PM > To: David Blacka-CR > Cc: Mike StJohns; Paul Vixie; namedroppers@ops.ietf.org > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. >=20 > On Mon, Dec 04, 2006 at 04:20:50PM -0500, David Blacka wrote: > > I feel compelled to point out that NSEC3 isn't that complicated to=20 > > actually *do*. If it is complex, it is complex to analyze.=20 > That is,=20 > > it can be hard to convince yourself that it works without a bit of=20 > > mental stretching. >=20 > It has a 51 page draft, and it details only *non*-existence. >=20 > I am referring to NSEC3 non-existence proofs. Perhaps I=20 > missed something, but messages like: > =20 > "In practice, then, we must show an NSEC3 record that=20 > encloses the hash of x.C, one that encloses the hash of *.C,=20 > and any RR owned by C (which could be an NSEC3, in which=20 > case it would be owned by the hash of C). A resolver =20 > verifying this proof would have to try longer and longer=20 > closest enclosers to determine which was being demonstrated=20 > as C, if an NSEC3 is presented. > If any other RR was used, then C would be the owner. Once C=20 > has been determined, the resolver can easily check x.C and=20 > *.C against the proof." >=20 > http://www.ops.ietf.org/lists/namedroppers/namedroppers.2005/m > sg00468.html >=20 > .. look rather like I need to solve for a system of=20 > constraints within my software. >=20 > But perhaps this applied to a previous draft, of perhaps I am=20 > dense (most likely). The mind boggles however at the failure=20 > modes implied by the wording quoted above. >=20 > Bert >=20 > --=20 > http://www.PowerDNS.com Open source, database driven DNS=20 > Software=20 > http://netherlabs.nl Open and Closed source services >=20 > -- > to unsubscribe send a message to=20 > namedroppers-request@ops.ietf.org with the word 'unsubscribe'=20 > in a single line as the message text body. > archive: >=20 >=20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 00:02:08 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrSRT-0003yG-Tt; Tue, 05 Dec 2006 00:02:07 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrSRS-0007Z2-HO; Tue, 05 Dec 2006 00:02:07 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrSMJ-000OT7-Ck for namedroppers-data@psg.com; Tue, 05 Dec 2006 04:56:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrSLz-000OQd-G8 for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 04:56:41 +0000 Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB54uMOt015593; Mon, 4 Dec 2006 20:56:22 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Dec 2006 20:56:21 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Mon, 4 Dec 2006 20:56:25 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccXkxLRVBrsDLxqSMadM/73BGCppgAlZ9lg From: "Hallam-Baker, Phillip" To: , "Ralph Droms" Cc: X-OriginalArrivalTime: 05 Dec 2006 04:56:21.0764 (UTC) FILETIME=[B54A9C40:01C71829] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 > [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of Shane Kerr > Isn't this always the case with security though? What is the=20 > direct, immediate RoI for putting a lock on your door? Rarely from securing an existing infrastructure. Don't expect the existing uses of DNS to drive deployment of the DNSSEC = infrastructure. It can only serve those needs after the infrastructure = is almost complete. Deployment of DNSSEC will be driven by the deployment of domain centric = security infrastructure such as DKIM and policy based network = administrating to address the emerging challenge of deperimeterization. There is a solid business case there but don't expect early adopters to = be the ones who are already satisfied.=20 > I think the reason things like DNS and routing security don't=20 > get much traction is because there is much lower hanging=20 > fruit for attackers. If the end points of the Internet=20 > weren't so insecure, then things would be different. The business case for routing security will be driven by regulation. > If DNSSEC stabilizes after NSEC3, then DNSSEC could slowly=20 > become part of the BCP for network operators. The blocking=20 > factor here is the TLD (and the root), which has little or=20 > nothing to do with RoI. Stability is not a necessary condition for deployment. Meeting the = criterial considered essential by the key infrastructure providers is. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 03:31:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrVi7-0004C5-4U; Tue, 05 Dec 2006 03:31:31 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrVi1-0002uw-Ps; Tue, 05 Dec 2006 03:31:31 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrVbJ-000Gp4-GN for namedroppers-data@psg.com; Tue, 05 Dec 2006 08:24:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.1.7 Received: from [195.177.253.212] (helo=shed.alex.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrVaw-000GnT-In for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 08:24:23 +0000 Received: from [192.168.100.164] (localhost [127.0.0.1]) by shed.alex.org.uk (Postfix) with ESMTP id 1455EC2DA3; Tue, 5 Dec 2006 08:24:00 +0000 (GMT) Date: Tue, 05 Dec 2006 08:24:39 +0000 From: Alex Bligh Reply-To: Alex Bligh To: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms Cc: namedroppers@ops.ietf.org, Alex Bligh Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <8CE0BBDB5B8DAC00C2C476DD@localhost> In-Reply-To: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-Mailer: Mulberry/4.0.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64 --On Monday, December 04, 2006 20:56:25 -0800 "Hallam-Baker, Phillip" wrote: > Rarely from securing an existing infrastructure. > > Don't expect the existing uses of DNS to drive deployment of the DNSSEC > infrastructure. It can only serve those needs after the infrastructure is > almost complete. I'm not sure whether this is the same point Phil is making, but inc ase not, it seems to me the RoI argument is like expecting positive RoI on the deployment of the first telephone. From a resolver's point of view, deployment is not going to be particularly useful until there are a number of authorative servers with secure data to look up; and from an authorative server's point of view, deployment isn't particularly useful until there are a number of secure resolvers who know what to do with the data. Whilst the above is true, I am also hoping it's so blindlingly obvious (being equally true for most other end-to-end protocols) that people realized it 15 years ago (*). As far as "no demand for DNSSEC" is concerned, I think it is fair to say I have not yet driven through parliament square in London only to be slowed by hordes of protesters carrying banners saying "what to do want? DNSSEC. when do we want it? Now. Well, as soon as a reasonable deployment plan can be worked out". However, I do recall going to a meeting a couple of months ago attended by (amongst others) by one parliamentarian, and a representative from the UK Department of Trade and Industry, and being slightly surprised they where perfectly aware of the possibility of various DNS-related attacks (no doubt discovered through background reasearch for other Phishing attacks) and that DNSSEC solved most of them. I suspect that signifies demand. And I suspect major registries aren't spending time contributing to drafts simply to keep their staff busy... (*) = I'm afraid I got a bit lost with the argument that suggested "can't we validate at the caching resolver instead, that way we don't have to wait for end users to upgrade". Firstly, didn't we discover the painful way that middle-boxes are often the last thing to be upgraded (think about new RR-types and firewalls, etc)? Secondly, to get proper security functionality out of DNSSEC, doesn't the end user app need to be upgraded? Or there can be no way it can distinguish between a signed A record and an unsigned one (let alone between secure denial and insecure denial); unless I'm missing something vital, that's pretty much equivalent to no security (sure the cache itself may be more resistant to some attacks, but we have plenty of end-user machine attacks now). Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 04:03:21 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrWCv-0006TS-Q4; Tue, 05 Dec 2006 04:03:21 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrWCt-0000Ew-8V; Tue, 05 Dec 2006 04:03:21 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrW93-000Jxn-2g for namedroppers-data@psg.com; Tue, 05 Dec 2006 08:59:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrW8h-000Jwi-Sq for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 08:59:15 +0000 Received: (qmail 97572 invoked from network); 5 Dec 2006 09:06:32 -0000 Received: from th028033.ip.tsinghua.edu.cn (HELO necom830.hpcl.titech.ac.jp) (59.66.28.33) by necom830.hpcl.titech.ac.jp with SMTP; 5 Dec 2006 09:06:32 -0000 Message-ID: <457534AF.6030103@necom830.hpcl.titech.ac.jp> Date: Tue, 05 Dec 2006 17:58:23 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: Alex Bligh CC: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> In-Reply-To: <8CE0BBDB5B8DAC00C2C476DD@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 Alex Bligh wrote: > However, I do recall going to a meeting a couple of months > ago attended by (amongst others) by one parliamentarian, and a > representative from the UK Department of Trade and Industry, and being > slightly surprised they where perfectly aware of the possibility of various > DNS-related attacks (no doubt discovered through background reasearch for > other Phishing attacks) and that DNSSEC solved most of them. That's a big surprise, because DNSSEC is not a protection against most, if not all, of attacks, even when zone administrators are not compromised, which is as easy as compromising ISPs. Perhaps, the parliamentarian should also believe DNSSEC were cryptographically secure. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 10:51:30 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrcZu-00073N-F5; Tue, 05 Dec 2006 10:51:30 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrcZt-0006FM-3G; Tue, 05 Dec 2006 10:51:30 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrcSn-0005uh-4e for namedroppers-data@psg.com; Tue, 05 Dec 2006 15:44:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrcST-0005sy-SS for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 15:44:03 +0000 Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB5FheOE030180; Tue, 5 Dec 2006 07:43:40 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 07:43:39 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Tue, 5 Dec 2006 07:43:41 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EBA2@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccYRrvHGikxqDd3Rw2oHzaz2DUn9gANP4zg From: "Hallam-Baker, Phillip" To: "Alex Bligh" , , "Ralph Droms" Cc: X-OriginalArrivalTime: 05 Dec 2006 15:43:39.0553 (UTC) FILETIME=[226AE910:01C71884] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 > From: Alex Bligh [mailto:alex@alex.org.uk]=20 > I'm not sure whether this is the same point Phil is making,=20 > but inc ase not, it seems to me the RoI argument is like=20 > expecting positive RoI on the deployment of the first=20 > telephone.=20 Part of it. There is a chicken and egg problem in every one of these network effect = marketting type schemes. So to create critical mass you need to have a = strategy that does not depend on the network effect. DKIM has a unilateral deployment advantage albeit a weak one. DKIM + = Secure Letterhead has a much stronger deployment advantage. The point here is to design for deployment and in particular to work to = co-opt the participation of major infrastructure providers, major = platform providers. Absolutely nobody has made the claim that NSEC3 is too complex to be = deployed. Multiple registries have stated that they cannot deploy = without NSEC3. This is the only group I know where this would still be = under discussion. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 12:11:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrdpS-0001fH-E7; Tue, 05 Dec 2006 12:11:38 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrdpN-0002JO-4J; Tue, 05 Dec 2006 12:11:38 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grdjv-000DGg-12 for namedroppers-data@psg.com; Tue, 05 Dec 2006 17:05:55 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grdjk-000DFK-1X for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 17:05:49 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1Grdji-0000RG-V2 for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 18:05:42 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 0049840BC; Tue, 5 Dec 2006 18:05:40 +0100 (CET) Date: Tue, 5 Dec 2006 18:05:40 +0100 From: bert hubert To: "Hallam-Baker, Phillip" Cc: Alex Bligh , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061205170540.GA3751@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37E7EBA2@MOU1WNEXMB04.vcorp.ad.vrsn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <198A730C2044DE4A96749D13E167AD37E7EBA2@MOU1WNEXMB04.vcorp.ad.vrsn.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote: > Absolutely nobody has made the claim that NSEC3 is too complex to be > deployed. Let me then make the claim that DNSSEC-bis + NSEC3 is so complex I have serious worries over its reliable implementability, especially considering the number of corner cases. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 12:24:03 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gre1T-0006B4-1y; Tue, 05 Dec 2006 12:24:03 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gre1Q-0003zR-LS; Tue, 05 Dec 2006 12:24:03 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrdwJ-000EFk-1u for namedroppers-data@psg.com; Tue, 05 Dec 2006 17:18:43 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grdw0-000EDV-1L for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 17:18:37 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB5HICid001536; Tue, 5 Dec 2006 09:18:12 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 09:18:12 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Tue, 5 Dec 2006 09:18:25 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EBCA@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccYj5xNiMM5rD6mTUyin/Ib+E5EOwAASPpQ From: "Hallam-Baker, Phillip" To: "bert hubert" Cc: "Alex Bligh" , , "Ralph Droms" , X-OriginalArrivalTime: 05 Dec 2006 17:18:12.0087 (UTC) FILETIME=[5782E870:01C71891] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69 There are two responsible options for the group to take. The first is to agree with the Europeans who state that these are = essential requirements and override Bert on the basis that the = interoperability results simply do not support his claim. The second is to shut down DNSSEC completely and immediately: stop = wasting everyone's time and stop preventing other groups from working on = this problem. My vote is for the first approach. > -----Original Message----- > From: bert hubert [mailto:bert.hubert@netherlabs.nl]=20 > Sent: Tuesday, December 05, 2006 12:06 PM > To: Hallam-Baker, Phillip > Cc: Alex Bligh; shane_kerr@isc.org; Ralph Droms;=20 > namedroppers@ops.ietf.org > Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only=20 > vs the MX/A issue.) >=20 > On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote: >=20 > > Absolutely nobody has made the claim that NSEC3 is too=20 > complex to be=20 > > deployed. >=20 > Let me then make the claim that DNSSEC-bis + NSEC3 is so=20 > complex I have serious worries over its reliable=20 > implementability, especially considering the number of corner cases. >=20 > Bert > --=20 > http://www.PowerDNS.com Open source, database driven DNS=20 > Software=20 > http://netherlabs.nl Open and Closed source services >=20 >=20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 14:30:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grfzc-0001UC-Ic; Tue, 05 Dec 2006 14:30:16 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grfzb-00077R-7X; Tue, 05 Dec 2006 14:30:16 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrfuB-000Oko-3T for namedroppers-data@psg.com; Tue, 05 Dec 2006 19:24:39 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grftt-000Oj2-2P for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 19:24:33 +0000 Received: from [10.31.32.201] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB5JLZsq050599; Tue, 5 Dec 2006 14:21:36 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: Date: Tue, 5 Dec 2006 14:14:13 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: peace Cc: ed.lewis@neustar.biz Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 This is the third time I'm sat down to write this. So this time I'm going to go ahead and be annoying. (While writing this I got a spam message with the subject line "stop fighting." Spam isn't always wrong.) Nothing is distracting from anything else. This WG has no budget cap on what it can look at. We are all volunteers and give time in accordance to our interests, whether our interests are personally set or set by those funding our participation. The WG as a whole can afford to try NSEC3, DNSSECbis, DNSSECter, SO, Ohta's proposal, etc. in as much as there is no definition what what it means to be a member of the WG. The WG can also afford to have dissenting opinions expressed. It comes down to whether a proposal can meet with the collective positive opinion of the group, enough to warrant it being promoted in someway. Until then, let statements fly, let challenges be thrown. Not every insulting remark has to be refuted. Skepticism over an idea is natural. There are two reasons. One, for each hard problem we see today in DNS, there will not be a simply obvious solution. Proof by contradiction says - if there were a simply obvious solution, someone here would have already thought of it, most likely. So, no one ought to believe that they've found an "instant miracle" and folks hearing new ideas ought not to be prepared to defend against the "latest onslaught to sanity." Two, consensus building is inherently conservative. Any new idea ought to be expected to meet opposition. This isn't because the listeners are stodgy and unwilling to change, if there is a problem, it is because the proposal was not made clear enough. Keep in mind too that many of us in the group have many years of experience and education - and that applies not just to those who you know, it applies across the group. In general we all have the same or similar mind set and have learned the same fundamental principles of engineering and math. Where we differ is usually in understanding the problem to be solved, and in our other experience and learnings (like economics, legal, etc.). Please keep this in mind when looking at preparing a critical remark and when receiving a critical remark. The criticism may be the fault of the problem goal and not the approach chosen. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 14:39:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grg8r-0005NO-Hq; Tue, 05 Dec 2006 14:39:49 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grg8n-00010I-7J; Tue, 05 Dec 2006 14:39:49 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grg4j-000PhE-UE for namedroppers-data@psg.com; Tue, 05 Dec 2006 19:35:33 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_00,HEADER_SPAM autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grg4Y-000PfW-RN for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 19:35:28 +0000 Received: from mail.ogud.com (localhost [127.0.0.1]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB5JWksZ050719 for ; Tue, 5 Dec 2006 14:32:46 -0500 (EST) (envelope-from namedroppers@mail.ogud.com) Received: (from namedroppers@localhost) by mail.ogud.com (8.13.1/8.13.1/Submit) id kB5JWkRc050718 for namedroppers@ops.ietf.org; Tue, 5 Dec 2006 14:32:46 -0500 (EST) (envelope-from namedroppers) Received: from [213.244.168.210] (helo=outpost.ds9a.nl) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrUu1-000BSe-QO for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 07:40:02 +0000 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id CDC803FDF; Tue, 5 Dec 2006 08:39:43 +0100 (CET) Date: Tue, 5 Dec 2006 08:39:43 +0100 From: bert hubert To: "Hallam-Baker, Phillip" Cc: shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061205073943.GA3389@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> User-Agent: Mutt/1.5.9i X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581 On Mon, Dec 04, 2006 at 08:56:25PM -0800, Hallam-Baker, Phillip wrote: > Stability is not a necessary condition for deployment. Meeting the > criterial considered essential by the key infrastructure providers is. And criterium #1 is stability. I've yet to meet serious infrastructure providers willing to base their network on unstable protocols, where unstable means "I'll have to upgrade software/protocols/algorithms in the foreseeable future". Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 15:04:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrgWI-0008RU-7Q; Tue, 05 Dec 2006 15:04:02 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrgRU-0004WM-A8; Tue, 05 Dec 2006 14:59:06 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgNq-0001O9-MH for namedroppers-data@psg.com; Tue, 05 Dec 2006 19:55:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [193.94.160.1] (helo=netcore.fi) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgNV-0001Kj-RH for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 19:55:12 +0000 Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id kB5Jsupg019099 for ; Tue, 5 Dec 2006 21:54:56 +0200 Date: Tue, 5 Dec 2006 21:54:56 +0200 (EET) From: Pekka Savola To: namedroppers@ops.ietf.org Subject: brain cycles of the WG In-Reply-To: <20061204194957.GA25206@outpost.ds9a.nl> Message-ID: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.6/2277/Mon Dec 4 19:10:23 2006 on otso.netcore.fi X-Virus-Status: Clean Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581 On Mon, 4 Dec 2006, bert hubert wrote: > That is one other problem of DNSSEC - it is absorbing most of the 'brain > cycles' of DNSEXT members. Non-DNSSEC drafts struggle to get enough > attention, even those which would have an immediate positive influence on > DNS security. Agree. There are a lot of (IMHO, more) pressing problems with DNS, such as writing an understandable basic specification (think of 'DNS implementation requirements') so that 98% of vendors don't get it wrong (or miss important features, e.g., the cache poisoning validaton) in one way or the other. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 15:11:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grgd4-0003MB-QN; Tue, 05 Dec 2006 15:11:02 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grgd3-0006Pz-Gc; Tue, 05 Dec 2006 15:11:02 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgaY-0002R8-5x for namedroppers-data@psg.com; Tue, 05 Dec 2006 20:08:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgaF-0002Ow-D1 for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 20:08:20 +0000 Received: from [10.31.32.201] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB5K5P4F050928; Tue, 5 Dec 2006 15:05:25 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Date: Tue, 5 Dec 2006 15:08:00 -0500 To: Pekka Savola From: Edward Lewis Subject: Re: brain cycles of the WG Cc: namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 At 21:54 +0200 12/5/06, Pekka Savola wrote: >On Mon, 4 Dec 2006, bert hubert wrote: >> That is one other problem of DNSSEC - it is absorbing most of the 'brain >> cycles' of DNSEXT members. Non-DNSSEC drafts struggle to get enough >> attention, even those which would have an immediate positive influence on >> DNS security. > >Agree. There are a lot of (IMHO, more) pressing problems with DNS, such as >writing an understandable basic specification (think of 'DNS implementation >requirements') so that 98% of vendors don't get it wrong (or miss important >features, e.g., the cache poisoning validaton) in one way or the other. This is one of the many good ideas that has floated to the surface time and again over the years. Every time this is thought about, we get caught in what is "right." E.g., look at what happened when we tried to clarify just AXFR. Clarifying wildcards took 4 years. I'd rather waste my time designing DNS II than clarifying RFC 1034, et.al. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 15:11:07 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grgd9-0003Mm-BN; Tue, 05 Dec 2006 15:11:07 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grgd7-0006QH-Ux; Tue, 05 Dec 2006 15:11:07 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgYq-0002Hh-QJ for namedroppers-data@psg.com; Tue, 05 Dec 2006 20:06:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgYW-0002GV-Mw for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 20:06:35 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB5K6DC3008992; Tue, 5 Dec 2006 12:06:14 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 12:06:13 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Tue, 5 Dec 2006 12:06:14 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EC01@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccYpZY/nh9rQfMcTiGvvsVChgCDVQAAnAwg From: "Hallam-Baker, Phillip" To: "bert hubert" Cc: , "Ralph Droms" , X-OriginalArrivalTime: 05 Dec 2006 20:06:13.0434 (UTC) FILETIME=[D07661A0:01C718A8] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 > [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of bert hubert >=20 > On Mon, Dec 04, 2006 at 08:56:25PM -0800, Hallam-Baker, Phillip wrote: >=20 > > Stability is not a necessary condition for deployment. Meeting the=20 > > criterial considered essential by the key infrastructure=20 > providers is. >=20 > And criterium #1 is stability. I've yet to meet serious=20 > infrastructure providers willing to base their network on=20 > unstable protocols, where unstable means "I'll have to=20 > upgrade software/protocols/algorithms in the foreseeable future". This is simply not true. The European registries have made it clear that copmpliance with the EU = privacy directive, i.e. compliance with the law is a higher priority. VeriSign has made it clear that the efficiency of the protocol, in = particular the data volumes required is a higher priority. In any case the way to achieve stability would be to accept maximal = requirements rather than minimal. We have had an ostrich posture = specification proposed for ten years with no sign of deployment. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 15:38:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grh47-0006i3-Qz; Tue, 05 Dec 2006 15:38:59 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Grh41-0002AU-Hb; Tue, 05 Dec 2006 15:38:59 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grgzt-0004Xm-4B for namedroppers-data@psg.com; Tue, 05 Dec 2006 20:34:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrgzY-0004WP-GP for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 20:34:31 +0000 Received: from open.nlnetlabs.nl (localhost [127.0.0.1]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kB5KXtLA028623; Tue, 5 Dec 2006 21:33:55 +0100 (CET) (envelope-from jaap@open.nlnetlabs.nl) Message-Id: <200612052033.kB5KXtLA028623@open.nlnetlabs.nl> To: "Hallam-Baker, Phillip" cc: "bert hubert" , shane_kerr@isc.org, "Ralph Droms" , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) In-reply-to: Your message of Tue, 05 Dec 2006 12:06:14 -0800. <198A730C2044DE4A96749D13E167AD37E7EC01@MOU1WNEXMB04.vcorp.ad.vrsn.com> Date: Tue, 05 Dec 2006 21:33:55 +0100 From: Jaap Akkerhuis Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 The European registries have made it clear that copmpliance with the EU privacy directive, i.e. compliance with the law is a higher priority. Please, don't make sweeping statements about "the european registries". Not all agree on the need for NSEC3 or similar mechanismes for "privacy" requirements. Actually, most of them don;t have an opinion on this, others are happy with classical NSEC. Furthermore, a european directive is not a law. The implementations of a directive can be (and most times are) different in the various member state. As far as I understand, the UK & DE registries are advised by their juridical advisors against NSEC because of the local juridical system. jaap -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 17:15:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GriZ8-0007RQ-HX; Tue, 05 Dec 2006 17:15:06 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GriWo-0005Mw-4M; Tue, 05 Dec 2006 17:13:02 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GriRO-000EC8-3k for namedroppers-data@psg.com; Tue, 05 Dec 2006 22:07:06 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_FAIL autolearn=no version=3.1.7 Received: from [217.155.92.109] (helo=mail.links.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GriRC-000EBX-Co for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 22:07:00 +0000 Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 69BAE33C1F; Tue, 5 Dec 2006 22:06:52 +0000 (GMT) Message-ID: <4575ED7C.1070705@algroup.co.uk> Date: Tue, 05 Dec 2006 22:06:52 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: bert hubert CC: David Blacka , Mike StJohns , Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <45749132.2070002@verisignlabs.com> <20061204213752.GD26943@outpost.ds9a.nl> In-Reply-To: <20061204213752.GD26943@outpost.ds9a.nl> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 bert hubert wrote: > On Mon, Dec 04, 2006 at 04:20:50PM -0500, David Blacka wrote: >> I feel compelled to point out that NSEC3 isn't that complicated to >> actually *do*. If it is complex, it is complex to analyze. That is, it >> can be hard to convince yourself that it works without a bit of mental >> stretching. > > It has a 51 page draft, and it details only *non*-existence. > > I am referring to NSEC3 non-existence proofs. Perhaps I missed something, > but messages like: > > "In practice, then, we must show an NSEC3 record that encloses the hash of > x.C, one that encloses the hash of *.C, and any RR owned by C (which could > be an NSEC3, in which case it would be owned by the hash of C). A resolver > verifying this proof would have to try longer and longer closest enclosers > to determine which was being demonstrated as C, if an NSEC3 is presented. > If any other RR was used, then C would be the owner. Once C has been > determined, the resolver can easily check x.C and *.C against the proof." > > http://www.ops.ietf.org/lists/namedroppers/namedroppers.2005/msg00468.html > > .. look rather like I need to solve for a system of constraints within my > software. > > But perhaps this applied to a previous draft, of perhaps I am dense (most > likely). The mind boggles however at the failure modes implied by the > wording quoted above. I don't see why. All its saying, admittedly at great length, is that you have to determine the closest encloser. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 18:03:58 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrjKQ-0005Do-Ig; Tue, 05 Dec 2006 18:03:58 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrjKP-0004Qn-9N; Tue, 05 Dec 2006 18:03:58 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjGT-000ISN-1v for namedroppers-data@psg.com; Tue, 05 Dec 2006 22:59:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.1.7 Received: from [195.177.253.212] (helo=shed.alex.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjG7-000IR0-IL for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 22:59:46 +0000 Received: from [192.168.0.100] (localhost [127.0.0.1]) by shed.alex.org.uk (Postfix) with ESMTP id 80920C2DA3; Tue, 5 Dec 2006 22:59:30 +0000 (GMT) Date: Tue, 05 Dec 2006 22:59:18 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Masataka Ohta Cc: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org, Alex Bligh Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: In-Reply-To: <457534AF.6030103@necom830.hpcl.titech.ac.jp> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrs n.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> <457534AF.6030103@necom830.hpcl.titech.ac.jp> X-Mailer: Mulberry/4.0.4 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 --On 05 December 2006 17:58 +0900 Masataka Ohta wrote: > That's a big surprise, because DNSSEC is not a protection against > most, if not all, of attacks, even when zone administrators are > not compromised, which is as easy as compromising ISPs. Specifically, DNSSEC is a protection against injection / MITM attacks. Of course there is the possibility that the zone itself is compromised. But if you can compromise an ISP, far easier to compromise the web site (which invariably is the app they are considering) in question. But even if you are right, and DNSSEC does not protect against the majority of attacks (for some defined set of attacks) I don't see why that implies it is not useful; it is a useful component in solving the whole problem (i.e. securing against that set of attacks). The alternative rational argument is to say "leave DNS insecure, just like IP is insecure, solve it all at a higher level, for each protocol, based on certificates etc., and teach apps that in general DNS alone cannot be trusted". wc -l /etc/services suggests this is an inefficient route to take (yes, a gross simplification I know, but you get my point). Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 18:21:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrjbZ-0005Fd-Mb; Tue, 05 Dec 2006 18:21:41 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrjbV-0008BD-Cd; Tue, 05 Dec 2006 18:21:41 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjXc-000K3b-W5 for namedroppers-data@psg.com; Tue, 05 Dec 2006 23:17:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjXS-000K30-Co for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 23:17:31 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GrjXS-00034I-68 for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 00:17:26 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 50B114B637; Wed, 6 Dec 2006 00:17:24 +0100 (CET) Date: Wed, 6 Dec 2006 00:17:24 +0100 From: bert hubert To: Edward Lewis Cc: Pekka Savola , namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG Message-ID: <20061205231724.GB9514@outpost.ds9a.nl> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 On Tue, Dec 05, 2006 at 03:08:00PM -0500, Edward Lewis wrote: > This is one of the many good ideas that has floated to the surface > time and again over the years. Every time this is thought about, we > get caught in what is "right." E.g., look at what happened when we > tried to clarify just AXFR. Clarifying wildcards took 4 years. I'd > rather waste my time designing DNS II than clarifying RFC 1034, et.al. Count me in! -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 19:03:19 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrkFr-00069X-BY; Tue, 05 Dec 2006 19:03:19 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrkFq-00006k-1b; Tue, 05 Dec 2006 19:03:19 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrkBK-000NMC-5b for namedroppers-data@psg.com; Tue, 05 Dec 2006 23:58:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrkB8-000NLd-Tf for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 23:58:32 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GrkB8-0003Zl-B2 for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 00:58:26 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id A4FFC3FB6; Wed, 6 Dec 2006 00:58:24 +0100 (CET) Date: Wed, 6 Dec 2006 00:58:24 +0100 From: bert hubert To: "Hallam-Baker, Phillip" Cc: Alex Bligh , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061205235824.GA17712@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37E7EC36@MOU1WNEXMB04.vcorp.ad.vrsn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <198A730C2044DE4A96749D13E167AD37E7EC36@MOU1WNEXMB04.vcorp.ad.vrsn.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 On Tue, Dec 05, 2006 at 03:50:33PM -0800, Hallam-Baker, Phillip wrote: > > I was in this case only referring to Phillip Hallam-Baker's > > statement that stability was not a necessary condition for > > deployment - which statement in my not so humble opinion > > shows a large "reality gap". > > Don't misreprsent me. I wasn't knowingly doing so. For completeness sake, I might have misinterpreted your original posting, viz below. But I'm bowing out of this discussion as I'm afraid we are no longer being productive. On Mon, Dec 04, 2006 at 08:56:25PM -0800, Hallam-Baker, Phillip wrote: > Stability is not a necessary condition for deployment. Meeting the > criterial considered essential by the key infrastructure providers is. http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01545.html -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 05 23:23:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GroJq-0001us-5Q; Tue, 05 Dec 2006 23:23:42 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GroJo-0007Zh-PY; Tue, 05 Dec 2006 23:23:42 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GroCz-000I5E-EH for namedroppers-data@psg.com; Wed, 06 Dec 2006 04:16:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,SPF_PASS autolearn=ham version=3.1.7 Received: from [65.205.251.75] (helo=robin.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GroCf-000I2w-7A for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 04:16:31 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id kB64G7Fo025970; Tue, 5 Dec 2006 20:16:07 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 20:16:07 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Tue, 5 Dec 2006 20:16:05 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EC64@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccY3laiq07JEvbhRLuKOTIyc16U6QADmv3A From: "Hallam-Baker, Phillip" To: , "Alex Bligh" Cc: , "Ralph Droms" , X-OriginalArrivalTime: 06 Dec 2006 04:16:07.0150 (UTC) FILETIME=[407B80E0:01C718ED] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 > From: Danny Mayer [mailto:mayer@gis.net]=20 > I suspect that we will see demand for DNSSEC the first time=20 > that a bank sees a poisoning attack and their customers get=20 > redirected to a fake site and their accounts drained as a=20 > result. Phishing attacks can be alleviated since you can tell=20 > technologically that the site is not what it claims. Their=20 > customers will demand it, the bank will be afraid not to do=20 > it, the insurance companies make it a condition of coverage=20 > of losses, etc. Then of course the military have a need for=20 > it. Of course that still leaves the issue of validating=20 > resolvers being not being widely deployed (okay, so only a=20 > handful of people have deployed them). This attack is happening but not quite in this way. A spoofing attack only affects a local area. Seems that the use being = made by the perpetrators of DNS spoofing is to drive folk to fake = versions of CNN etc. and try to load a trojan onto their machine. A stolen CC number is worth less than a dollar. Downloading the trojan = has a higher success rate and pays out rather more.=20 The trojan could be a keystroke logger, a redialer or just recruit as a = bot. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 03:15:58 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Grrwc-0001RN-F9; Wed, 06 Dec 2006 03:15:58 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrruY-0006ya-DL; Wed, 06 Dec 2006 03:13:51 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grrou-000C7T-AV for namedroppers-data@psg.com; Wed, 06 Dec 2006 08:08:00 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrroY-000C5o-3Z for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 08:07:54 +0000 Received: (qmail 44255 invoked from network); 6 Dec 2006 08:15:32 -0000 Received: from softbank219001188039.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.39) by necom830.hpcl.titech.ac.jp with SMTP; 6 Dec 2006 08:15:32 -0000 Message-ID: <45767A46.2040905@necom830.hpcl.titech.ac.jp> Date: Wed, 06 Dec 2006 17:07:34 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: Alex Bligh CC: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrs n.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> <457534AF.6030103@necom830.hpcl.titech.ac.jp> In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d Alex Bligh wrote: >> That's a big surprise, because DNSSEC is not a protection against >> most, if not all, of attacks, even when zone administrators are >> not compromised, which is as easy as compromising ISPs. > Specifically, DNSSEC is a protection against injection / MITM attacks. A man working for zone administrators can be the MITM, just as a man woking for ISPs can be the MITM. > The alternative rational argument is to say "leave DNS insecure, Properly implemented and operated plain DNS is secure. Properly implemented and operated plain DNS is just as secure as properly implemented and operated DNSSEC. Both are weakly secure. Of course, improperly implemented or operated DNSSEC is less secure than properly implemented and operated plain DNS. > solve it all at a higher level, for each protocol, > based on certificates etc., and PKI is weakly secure. You can enjoy cryptographic security only when you directly share secret information with your peer. Security does cost. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 03:42:12 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrsM0-0005JD-Bu; Wed, 06 Dec 2006 03:42:12 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrsLx-0002RX-Td; Wed, 06 Dec 2006 03:42:12 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrsFo-000Egl-3w for namedroppers-data@psg.com; Wed, 06 Dec 2006 08:35:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [193.94.160.1] (helo=netcore.fi) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrsFN-000EaB-3Y for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 08:35:37 +0000 Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id kB68ZEfL001354; Wed, 6 Dec 2006 10:35:14 +0200 Date: Wed, 6 Dec 2006 10:35:13 +0200 (EET) From: Pekka Savola To: Edward Lewis cc: namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG In-Reply-To: Message-ID: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.6/2285/Tue Dec 5 15:58:47 2006 on otso.netcore.fi X-Virus-Status: Clean Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 On Tue, 5 Dec 2006, Edward Lewis wrote: >> Agree. There are a lot of (IMHO, more) pressing problems with DNS, such as >> writing an understandable basic specification (think of 'DNS implementation >> requirements') so that 98% of vendors don't get it wrong (or miss important >> features, e.g., the cache poisoning validaton) in one way or the other. > > This is one of the many good ideas that has floated to the surface time and > again over the years. Every time this is thought about, we get caught in > what is "right." E.g., look at what happened when we tried to clarify just > AXFR. Clarifying wildcards took 4 years. I'd rather waste my time designing > DNS II than clarifying RFC 1034, et.al. Yes, I know it's cooler to design new protocols than do maintenance on the old ones, and I didn't say this would be easy. But if it's too difficult for us to get agreement on this, how do you think the implementors will be able to get it right? For overly contentious topics, one may be able to omit normative specification, but include some discussion so that the implementor can make an informed decision. The key point is that I hope that at least 90-95% of DNS specifications are not contentious and if we are able to recognize which parts are which, we might be able to make reasonable progress in finite number of years :-) I wonder what the implementation and interoperability status of the basic IP protocols would be without the Host Requirements and Router Requirements standards. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 09:09:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrxSV-0004ho-9S; Wed, 06 Dec 2006 09:09:15 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrxST-0001ul-RM; Wed, 06 Dec 2006 09:09:15 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxJr-0008ih-51 for namedroppers-data@psg.com; Wed, 06 Dec 2006 14:00:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxJW-0008RF-Rx for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 14:00:01 +0000 Received: from [192.168.1.102] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6DtXXS056657; Wed, 6 Dec 2006 08:56:06 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Date: Wed, 6 Dec 2006 08:54:06 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: Re: brain cycles of the WG Cc: Edward Lewis Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248 At 10:35 +0200 12/6/06, Pekka Savola wrote: >Yes, I know it's cooler to design new protocols than do maintenance on the >old ones, and I didn't say this would be easy. But if it's too difficult for >us to get agreement on this, how do you think the implementors will be able >to get it right? For overly contentious topics, one may be able to omit >normative specification, but include some discussion so that the implementor >can make an informed decision. The key point is that I hope that at least >90-95% of DNS specifications are not contentious and if we are able to >recognize which parts are which, we might be able to make reasonable progress >in finite number of years :-) > >I wonder what the implementation and interoperability status of the basic >IP protocols would be without the Host Requirements and Router Requirements >standards. There are two reasons why I think it is futile to do a mass rewrite of the DNS protocol as it stands today. One is that for the most part, it works. Evidence of this is the huge investment made based upon the existence of the DNS. The domain name industry is just the first order effect. People fight over "ownership" of domain names - evidence that there is value in the name. A lot of advertising money is spent to build value in a domain name. (Even in the 90's, when a newspaper ran an add that was just it's WWW service name - a full page, multi-colored printing of the letters.) What is there is solid enough for industry to make use of it. The parts of the DNS that do not interoperate (well) are details that DNS nerds notice. I wonder if this is just us trying to make work for us. There are places where there are things to be fixed, but the marginal benefit in tackling these issues is worth the cost. For example, when developing the wildcard clarify document, the WG haggled over what it means to have an NS RRset owned by a wildcard domain name. In the end, we decided that it was a protocol barb that wasn't worth the effort to smooth out. The second reason I think it is foolish to do a major overhaul of the DNS specification is that a lot of the new functions that are being demanded from DNS cannot be accommodated in the current architecture. I've recently blathered about "slapped on security" and problems I suspect are inherent in that. There's a rising call for limited search capabilities, something DNS does not accommodate being a lookup service, that is a reasonable thing to desire but is not something I can see being fitted into the current protocol. Non-coherent DNS is another desire. And it could be argued that IDN is something that DNS doesn't adequately accommodate. (Another case where we have something that is beneficial but we could have done a lot better if the protocol was a little bit different.) A new approach to DNS will happen when two things come together. When the marginal benefit is greater than the cost there will be motivation to replace DNS. Part of that, but important enough to be mentioned separately, is that the new system has to be regulated in the same way that the DNS is regulated. I.e., the non-protocol investment in the DNS cannot be undermined. What does this mean in the DNSEXT WG? To me it makes me think the work here is pretty much over, just the mopping up of some issues. I'm not saying shutdown work like NSEC3, SO, and whatever else we have, but that I don't see this group taking on a major topic and seeing it come to a change. I'm not against superwildcarding, I am not optimistic that it can be finished. In the 11 years I've followed DNSEXT and its forerunners DNSIND and DNSSEC, we've only managed to get one document to Draft Standard, which I would think is far easier than slapping on yet another function. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 09:10:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrxTY-0004nb-4u; Wed, 06 Dec 2006 09:10:20 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrxTR-00025W-QQ; Wed, 06 Dec 2006 09:10:20 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxNX-000GJY-Q9 for namedroppers-data@psg.com; Wed, 06 Dec 2006 14:04:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [199.212.90.4] (helo=monster.hopcount.ca) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxNP-000G89-Q1 for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 14:04:01 +0000 Received: from cpe0013464a5d1b-cm0014e88ec620.cpe.net.cable.rogers.com ([74.110.59.202] helo=[192.168.0.138]) by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxNj-0005X3-Bd; Wed, 06 Dec 2006 14:04:19 +0000 In-Reply-To: <198A730C2044DE4A96749D13E167AD37E7EC64@MOU1WNEXMB04.vcorp.ad.vrsn.com> References: <198A730C2044DE4A96749D13E167AD37E7EC64@MOU1WNEXMB04.vcorp.ad.vrsn.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0095F0EB-9583-4778-9E40-AA7950487696@ca.afilias.info> Cc: , "Alex Bligh" , , "Ralph Droms" , Content-Transfer-Encoding: 7bit From: Joe Abley Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Wed, 6 Dec 2006 09:03:21 -0500 To: "Hallam-Baker, Phillip" X-Mailer: Apple Mail (2.752.3) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 On 5-Dec-2006, at 23:16, Hallam-Baker, Phillip wrote: > >> From: Danny Mayer [mailto:mayer@gis.net] > >> I suspect that we will see demand for DNSSEC the first time >> that a bank sees a poisoning attack and their customers get >> redirected to a fake site and their accounts drained as a >> result. Phishing attacks can be alleviated since you can tell >> technologically that the site is not what it claims. Their >> customers will demand it, the bank will be afraid not to do >> it, the insurance companies make it a condition of coverage >> of losses, etc. Then of course the military have a need for >> it. Of course that still leaves the issue of validating >> resolvers being not being widely deployed (okay, so only a >> handful of people have deployed them). > > This attack is happening but not quite in this way. The banks around here have fixed that problem by buying insurance which will reimburse both the bank and the customer from fraudulent transactions which occur using the bank's web banking app. In the case that the customer notices a fraudulent transaction, the bank reimburses them, the insurance company reimburses them, and everybody is happy. In the case that the customer doesn't notice a fraudulent transaction, nobody does anything and everybody is still happy. DNSSEC will need to be as reliable as this, and noticably cheaper than the insurance, before I would expect these banks to start caring about it. Joe -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 09:44:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gry0p-0004OU-SS; Wed, 06 Dec 2006 09:44:43 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gry0o-0006sp-ID; Wed, 06 Dec 2006 09:44:43 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxwR-000MXK-AG for namedroppers-data@psg.com; Wed, 06 Dec 2006 14:40:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [193.94.160.1] (helo=netcore.fi) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrxwG-000MUl-6o for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 14:40:09 +0000 Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id kB6EdskE009308; Wed, 6 Dec 2006 16:39:54 +0200 Date: Wed, 6 Dec 2006 16:39:54 +0200 (EET) From: Pekka Savola To: Edward Lewis cc: namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG In-Reply-To: Message-ID: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.6/2285/Tue Dec 5 15:58:47 2006 on otso.netcore.fi X-Virus-Status: Clean Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081 On Wed, 6 Dec 2006, Edward Lewis wrote: > One is that for the most part, it works. [...] > The parts of the DNS that do not interoperate (well) are details that DNS > nerds notice. [...] We seem to have a different view of what's broken with DNS in the field. I have seen for example: - load balancers and such dropping all queries except 'A' - DNS servers giving various sorts of bogus error codes in various kinds of conditions (e.g., RFC 4074) - Totally broken (in various ways) DNS resolvers out there (e.g., RFC 3697) - various pieces of DNS infrastructure not supporting new RR types as well as we might like to - cache poisoning prevention still having no useful normative specification - EDNS0 not working very well, e.g., because some products choose to drop "too big" DNS packets. Someone better versed with DNS specifications and their implementations could continue the list. All of these have contributed to "dumbing down" the minimum, useful subset of DNS. DNSSEC requires more than the minimum subset, which is likely one (minor) reason why it likely won't become popular outside fringe communities ("DNS nerds" you mentioned) any time soon. > The second reason I think it is foolish to do a major overhaul of the DNS > specification is that a lot of the new functions that are being demanded from > DNS cannot be accommodated in the current architecture. Is your point that revising the specs now isn't worth it because we can't wrap these new demands in the core DNS spec? Otherwise I didn't quite understand. Or did you mean that once the core spec is "opened", worms will sprout out and we'll end up with redesigning the DNS to accommodate new functions? My intention very specifically was NOT to include any of these search, IDN, DNSSEC etc. capabilities in the updated "core DNS" specification. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 09:55:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GryAo-0001jI-7j; Wed, 06 Dec 2006 09:55:02 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GryAi-0008Rm-Va; Wed, 06 Dec 2006 09:55:02 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gry4m-000NfX-6c for namedroppers-data@psg.com; Wed, 06 Dec 2006 14:48:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [195.177.253.212] (helo=shed.alex.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gry4a-000Nej-VV for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 14:48:42 +0000 Received: from [192.168.100.25] (localhost [127.0.0.1]) by shed.alex.org.uk (Postfix) with ESMTP id EAE69C2DFF; Wed, 6 Dec 2006 14:48:35 +0000 (GMT) Date: Wed, 06 Dec 2006 14:48:34 +0000 From: Alex Bligh Reply-To: Alex Bligh To: Masataka Ohta Cc: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org, Alex Bligh Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <06B1DDEB6C4BD12710C1848A@[192.168.100.25]> In-Reply-To: <45767A46.2040905@necom830.hpcl.titech.ac.jp> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrs n.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> <457534AF.6030103@necom830.hpcl.titech.ac.jp> <45767A46.2040905@necom830.hpcl.titech.ac.jp> X-Mailer: Mulberry/4.0.4 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25 --On 06 December 2006 17:07 +0900 Masataka Ohta wrote: > Properly implemented and operated plain DNS is secure. I would suggest this is a minority view. Else we'd have spent the past 15 years fixing implementations as opposed to protocols. Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 10:31:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrykQ-0002Sa-Sh; Wed, 06 Dec 2006 10:31:50 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrykP-0007NV-FT; Wed, 06 Dec 2006 10:31:50 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrydW-0001uQ-NR for namedroppers-data@psg.com; Wed, 06 Dec 2006 15:24:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrydP-0001mn-1k for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 15:24:37 +0000 Received: from [10.31.32.201] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6FIONU057114; Wed, 6 Dec 2006 10:18:45 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Date: Wed, 6 Dec 2006 10:20:57 -0500 To: Pekka Savola From: Edward Lewis Subject: Re: brain cycles of the WG Cc: Edward Lewis , namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88 At 16:39 +0200 12/6/06, Pekka Savola wrote: > - load balancers and such dropping all queries except 'A' > - DNS servers giving various sorts of bogus error codes in various > kinds of conditions (e.g., RFC 4074) > - Totally broken (in various ways) DNS resolvers out there (e.g., RFC > 3697) (Do you mean 3697? Flow-label? I don't see DNS in there.) > - various pieces of DNS infrastructure not supporting new RR types as > well as we might like to > - cache poisoning prevention still having no useful normative > specification > - EDNS0 not working very well, e.g., because some products choose > to drop "too big" DNS packets. I don't discount that this happens or is a pain. But with the exception of the penultimate point, what part of that is the result of the protocol specifications being unclear or missing? E.g., handling only A records seems like a choice, not a misbelief that they are the only records in use. >Someone better versed with DNS specifications and their implementations could >continue the list. That seems to be self-contradictory. Folks well-versed probably can't see what is unclear. >All of these have contributed to "dumbing down" the minimum, useful subset >of DNS. DNSSEC requires more than the minimum subset, which is likely one >(minor) reason why it likely won't become popular outside fringe communities >("DNS nerds" you mentioned) any time soon. What's wrong with something being "dumbed down?" Perhaps it is a sign that the other clutter we've thrown in over the years is extraneous complexity. The reason why the DNS was built is to provide a service to others, not be basis for on-going work. >Is your point that revising the specs now isn't worth it because we can't wrap >these new demands in the core DNS spec? Otherwise I didn't quite understand. >Or did you mean that once the core spec is "opened", worms will sprout out >and we'll end up with redesigning the DNS to accommodate new functions? My >intention very specifically was NOT to include any of these search, IDN, >DNSSEC etc. capabilities in the updated "core DNS" specification. I think that to do some of the new things that are desired cannot be accommodated in the code now. Part of that is architectural, part of that is design, part of that is compatibility with the existing base. Architectural - that DNS is a lookup, not a search. Design - the CLASS field is after the label. Compatibility - old code won't cope so we shoe horn unnaturally. I also don't think we will get agreement on what is in the core now. I've kicked around the idea of just doing a profile - a document listing the other documents that define the protocol, and haven't been able to get any consensus on what is and is not essential. Not every one likes AXFR, not everyone does CNAME. If we were to describe what is absolutely necessary for interoperability only in DNS, we'd get a mudfight. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 10:39:13 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GryrZ-0005AE-EI; Wed, 06 Dec 2006 10:39:13 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GryrY-0000YW-19; Wed, 06 Dec 2006 10:39:13 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GryoR-0003IU-1q for namedroppers-data@psg.com; Wed, 06 Dec 2006 15:35:59 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [193.94.160.1] (helo=netcore.fi) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GryoB-0003HQ-Sr for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 15:35:53 +0000 Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id kB6FZe71010606; Wed, 6 Dec 2006 17:35:40 +0200 Date: Wed, 6 Dec 2006 17:35:40 +0200 (EET) From: Pekka Savola To: Edward Lewis cc: namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG In-Reply-To: Message-ID: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.6/2285/Tue Dec 5 15:58:47 2006 on otso.netcore.fi X-Virus-Status: Clean Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 02ec665d00de228c50c93ed6b5e4fc1a I think I'll be quiet after this post... On Wed, 6 Dec 2006, Edward Lewis wrote: > At 16:39 +0200 12/6/06, Pekka Savola wrote: > >> - load balancers and such dropping all queries except 'A' >> - DNS servers giving various sorts of bogus error codes in various >> kinds of conditions (e.g., RFC 4074) >> - Totally broken (in various ways) DNS resolvers out there (e.g., RFC >> 3697) > > (Do you mean 3697? Flow-label? I don't see DNS in there.) Sorry, 4697. >> - various pieces of DNS infrastructure not supporting new RR types as >> well as we might like to >> - cache poisoning prevention still having no useful normative >> specification >> - EDNS0 not working very well, e.g., because some products choose >> to drop "too big" DNS packets. > > I don't discount that this happens or is a pain. But with the exception of > the penultimate point, what part of that is the result of the protocol > specifications being unclear or missing? E.g., handling only A records seems > like a choice, not a misbelief that they are the only records in use. Almost all of these are due to an insufficiently clear specification, lack of identification of the "minimum subset of DNS" and to some degree insufficient motivation ("why is it important to do this?", see e.g. RFC1812 for examples) >> All of these have contributed to "dumbing down" the minimum, useful subset >> of DNS. DNSSEC requires more than the minimum subset, which is likely one >> (minor) reason why it likely won't become popular outside fringe >> communities >> ("DNS nerds" you mentioned) any time soon. > > What's wrong with something being "dumbed down?" Perhaps it is a sign that > the other clutter we've thrown in over the years is extraneous complexity. > The reason why the DNS was built is to provide a service to others, not be > basis for on-going work. The problem is that most of the DNS community and some subset of the IETF seem to believe the DNS is offering much more than that. If the specifications only included the "dumbed down" parts (provided that DNS could still work well enough with those, which I at least I disagree with), that'd be OK. This may also be a reason for Keith Moore's rants about unreliability, slowness etc. of DNS for.., well, pretty much anything :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 11:25:22 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GrzaE-0000yR-0C; Wed, 06 Dec 2006 11:25:22 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GrzaB-0008Ro-Mz; Wed, 06 Dec 2006 11:25:21 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrzUe-00089S-Dw for namedroppers-data@psg.com; Wed, 06 Dec 2006 16:19:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrzUW-00088T-LA for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 16:19:30 +0000 Received: from [10.31.32.201] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6GGdXY057482; Wed, 6 Dec 2006 11:16:40 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Date: Wed, 6 Dec 2006 11:19:38 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: Re: brain cycles of the WG Cc: Edward Lewis Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d At 17:35 +0200 12/6/06, Pekka Savola wrote: >I think I'll be quiet after this post... I am not trying to be antagonistic. If someone wanted to digitally remaster the DNS specifications I would applaud the effort. What I am writing are the reasons why I don't think any effort to do produce a remastered copy will run to a successful (having a new spec) completion. Either we are going to find that there are funds to pay someone or some small group for the effort to do this or we are going to find a person (or group) who would rather pursue this at the cost of their own otherwise free time or this won't happen. Such is the nature of volunteer efforts. There is evidence of demand for this work. But that hasn't translated into action. If someone can drum up support to do this, great, I would not stand in the way. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 12:18:39 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs0Pn-0003r8-5i; Wed, 06 Dec 2006 12:18:39 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs0Pk-0007x5-Md; Wed, 06 Dec 2006 12:18:39 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs0JC-000DxF-Md for namedroppers-data@psg.com; Wed, 06 Dec 2006 17:11:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,INFO_TLD autolearn=no version=3.1.7 Received: from [207.219.45.62] (helo=mail.libertyrms.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs0J1-000DwX-0r for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 17:11:45 +0000 Received: from wormhole2.int.libertyrms.com ([10.1.2.130] helo=trilby.local) by mail.libertyrms.com with esmtp (Exim 4.22) id 1Gs0J0-0005xb-BZ for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 12:11:38 -0500 Received: by trilby.local (Postfix, from userid 1019) id 894B726D7C8; Wed, 6 Dec 2006 12:11:42 -0500 (EST) Date: Wed, 6 Dec 2006 12:11:42 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: An argument from a contrarian point of view (was: Pimping DNSSEC) Message-ID: <20061206171137.GB16996@afilias.info> Reply-To: Andrew Sullivan References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> <457534AF.6030103@necom830.hpcl.titech.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.12-2006-07-14 X-SA-Exim-Mail-From: andrew@ca.afilias.info X-SA-Exim-Scanned: No; SAEximRunCond expanded to false Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2 On Tue, Dec 05, 2006 at 10:59:18PM +0000, Alex Bligh wrote: > based on certificates etc., and teach apps that in general DNS alone > cannot be trusted". wc -l /etc/services suggests this is an inefficient > route to take (yes, a gross simplification I know, but you get my point). I get your point, but I'm not really convinced by it. (I'm not actually convinced of anything in this thread yet, though.) Suppose I am a DNSSEC contrarian. My argument will go like this (sorry; it's a little long): * * * DNSSEC, including the newer proposals like NSEC3 and SO, places the security at the wrong point in the network. Application designers have the responsibility to build the security they need into their applications. That sometimes means that they can choose not to care (because loss of data or insecure transmission is acceptable). That sometimes means that they can choose to provide fairly minimal security (because, for example, the cost of better security is more than the value of the data). It sometimes means that users will have to endure inconvenient out-of-band negotiations of security prior to connection. And it will sometimes mean that multiple authentication mechanisms at the ends will be needed (probably with some dependency on the previous item). Some will argue that there is inefficiency in that approach, because several of the security problems could be solved by making the DNS smarter. But this violates the principle that one should put as much of the decision making at the edges; DNS is too central to provide those security services. This is the cost of a dumb network/smart edge model (which is outweighed by the other benefits). Some will argue that the application designers will make the wrong decision (and point to /etc/services as one piece of evidence). But the failings of previous applications do not entail that some other part of the Internet should be improved; that is merely an argument for fixing such applications. And fixing such applications is again more consistent with pushing as much of the intelligence as possible out to the edge of the network. Some will argue that, because there are applications that really need the security, but whose users simply aren't willing to bear the inconvenience of multiple-method authentication and out-of-band mechanisms. I, Contrary Guy, answer that if users aren't willing to bear such inconvenience, then they have in fact decided that they don't really want the security after all. Some will argue that the users of the Internet are not technically sophisticated enough to do the work of out of band negotiation, pre-loading of others' certificates, and the like. I, Contrary Guy, answer that, if such is true, the application designers are shirking their duty to their users: usability problems are not going to be solved by remaking the underlying technological support, because the usability issues will still be there. Some will argue that the users of the Internet are gullible, and DNSSEC is needed to protect them. I, Contrary Guy, answer that the history of tech fixes to solve the problem of human gullibility is littered with failure, but has no claim to even one success. Finally, there remains the problem in DNSSEC that the costs of it are not borne, or are borne at best indirectly, by those who want the additional security it provides. In order to add this additional security for some applications, the entire Internet community (or at least, a significant portion of it) has to bear the burden of additional load on the DNS and considerably larger DNS packets. Moreover, several of those who have that burden to bear are either contractually unable to extract compensation, or are simply too far from the end to get such compensation from the users. In both cases, the effect will be that the cost will be temporarily externalized, and then will be internalized in some other way that distorts the relationship between service and cost. This distortion is a result of not following the end to end principle rigourously enough, and therefore should not be tolerated. * * * I want to emphasise that I'm not sure I buy any of the above, but each of these is one I've heard. Together, they seem to be to be a pretty strong argument that anything complicated to deliver DNSSEC is unlikely to prevail (so far, I am unable to come up with much of an argument to completely counter all of the above). If that's right, then something less ambitious but simpler, such as the SO approach, might be a better answer to the extent we think this is a problem that needs solving. A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada M2P 2A8 jabber: ajsaf@jabber.org +1 416 646 3304 x4110 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 13:44:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs1lJ-0003Lq-R4; Wed, 06 Dec 2006 13:44:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs1lC-0004kL-EQ; Wed, 06 Dec 2006 13:44:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1ft-000NMr-QN for namedroppers-data@psg.com; Wed, 06 Dec 2006 18:39:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,HEADER_SPAM autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1fi-000NJJ-T3 for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 18:39:17 +0000 Received: from mail.ogud.com (localhost [127.0.0.1]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6IaRxF058261 for ; Wed, 6 Dec 2006 13:36:27 -0500 (EST) (envelope-from namedroppers@mail.ogud.com) Received: (from namedroppers@localhost) by mail.ogud.com (8.13.1/8.13.1/Submit) id kB6IaRCD058260 for namedroppers@ops.ietf.org; Wed, 6 Dec 2006 13:36:27 -0500 (EST) (envelope-from namedroppers) Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Grk3e-000Mkj-Nu for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 23:50:59 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB5NoXQ1018351; Tue, 5 Dec 2006 15:50:33 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Dec 2006 15:50:32 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Date: Tue, 5 Dec 2006 15:50:33 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7EC36@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccYwu1LSR3/Qy1DTIW48CyRsCAVkAABIYlA From: "Hallam-Baker, Phillip" To: "bert hubert" , "Alex Bligh" Cc: , "Ralph Droms" , X-OriginalArrivalTime: 05 Dec 2006 23:50:32.0386 (UTC) FILETIME=[269F7A20:01C718C8] X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 97adf591118a232206bdb5a27b217034 > From: bert hubert [mailto:bert.hubert@netherlabs.nl]=20 > On Tue, Dec 05, 2006 at 11:01:05PM +0000, Alex Bligh wrote: >=20 > > Noone *has* to upgrade anything. If people don't want to upgrade,=20 > > that's up to them. And I thought your argument (now) was=20 > that it was=20 > > not the protocol that was unstable, but various implementations=20 > > thereof through the complexity of the protocol - in which case they=20 > > will chose the stable implementations instead. >=20 > I was in this case only referring to Phillip Hallam-Baker's=20 > statement that stability was not a necessary condition for=20 > deployment - which statement in my not so humble opinion=20 > shows a large "reality gap". Don't misreprsent me. You said that it was the number 1 criteria. I called bullshit on that = claim. I did not say that it was not a criteria I said that it was not the = number 1 criteria. I don't think it even comes in the top 5. And regardless I don't think the group can deliver on it. Not when = people have been ignoring critical functionality. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 13:45:33 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs1lt-0003VO-BJ; Wed, 06 Dec 2006 13:45:33 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs1lm-0004sA-Se; Wed, 06 Dec 2006 13:45:33 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1fL-000NHs-0T for namedroppers-data@psg.com; Wed, 06 Dec 2006 18:38:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_00,HEADER_SPAM autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1fE-000NHH-Lr for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 18:38:44 +0000 Received: from mail.ogud.com (localhost [127.0.0.1]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6IZsLr058239 for ; Wed, 6 Dec 2006 13:35:55 -0500 (EST) (envelope-from namedroppers@mail.ogud.com) Received: (from namedroppers@localhost) by mail.ogud.com (8.13.1/8.13.1/Submit) id kB6IZsx0058238 for namedroppers@ops.ietf.org; Wed, 6 Dec 2006 13:35:54 -0500 (EST) (envelope-from namedroppers) Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjTF-000Je6-C7 for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 23:13:11 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GrjTE-00031C-Cg for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 00:13:04 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id C75514B637; Wed, 6 Dec 2006 00:13:02 +0100 (CET) Date: Wed, 6 Dec 2006 00:13:02 +0100 From: bert hubert To: Alex Bligh Cc: "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <20061205231302.GA9514@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> <20061205073943.GA3389@outpost.ds9a.nl> <5A5895CBA9764AD7ED442F6E@[192.168.0.100]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5A5895CBA9764AD7ED442F6E@[192.168.0.100]> User-Agent: Mutt/1.5.9i X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 On Tue, Dec 05, 2006 at 11:01:05PM +0000, Alex Bligh wrote: > Noone *has* to upgrade anything. If people don't want to upgrade, that's up > to them. And I thought your argument (now) was that it was not the protocol > that was unstable, but various implementations thereof through the > complexity of the protocol - in which case they will chose the stable > implementations instead. I was in this case only referring to Phillip Hallam-Baker's statement that stability was not a necessary condition for deployment - which statement in my not so humble opinion shows a large "reality gap". Other messages I've written to this list indeed state that I find the current protocol specs to be very complex, to the extent that I doubt they can be reliably implemented. I'm making this last statement having fully experienced how hard it is to write software even for unsigned DNS, given the many oddities around (broken middle boxes, "mandatory optional behaviour" etc). Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 13:46:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs1nH-0003w3-5N; Wed, 06 Dec 2006 13:46:59 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs1nF-000572-SF; Wed, 06 Dec 2006 13:46:59 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1fg-000NJ8-7X for namedroppers-data@psg.com; Wed, 06 Dec 2006 18:39:08 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_00,HEADER_SPAM autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs1fS-000NIB-1P for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 18:39:02 +0000 Received: from mail.ogud.com (localhost [127.0.0.1]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB6IaAVG058254 for ; Wed, 6 Dec 2006 13:36:10 -0500 (EST) (envelope-from namedroppers@mail.ogud.com) Received: (from namedroppers@localhost) by mail.ogud.com (8.13.1/8.13.1/Submit) id kB6IaAEw058253 for namedroppers@ops.ietf.org; Wed, 6 Dec 2006 13:36:10 -0500 (EST) (envelope-from namedroppers) Received: from [195.177.253.212] (helo=shed.alex.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GrjHq-000Iby-1E for namedroppers@ops.ietf.org; Tue, 05 Dec 2006 23:01:32 +0000 Received: from [192.168.0.100] (localhost [127.0.0.1]) by shed.alex.org.uk (Postfix) with ESMTP id 485FBC2DA5; Tue, 5 Dec 2006 23:01:17 +0000 (GMT) Date: Tue, 05 Dec 2006 23:01:05 +0000 From: Alex Bligh Reply-To: Alex Bligh To: bert hubert , "Hallam-Baker, Phillip" Cc: shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org, Alex Bligh Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Message-ID: <5A5895CBA9764AD7ED442F6E@[192.168.0.100]> In-Reply-To: <20061205073943.GA3389@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrs n.com> <20061205073943.GA3389@outpost.ds9a.nl> X-Mailer: Mulberry/4.0.4 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 --On 05 December 2006 08:39 +0100 bert hubert wrote: > And criterium #1 is stability. I've yet to meet serious infrastructure > providers willing to base their network on unstable protocols, where > unstable means "I'll have to upgrade software/protocols/algorithms in the > foreseeable future". Noone *has* to upgrade anything. If people don't want to upgrade, that's up to them. And I thought your argument (now) was that it was not the protocol that was unstable, but various implementations thereof through the complexity of the protocol - in which case they will chose the stable implementations instead. Alex -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 15:36:08 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs3Uu-0005es-1V; Wed, 06 Dec 2006 15:36:08 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs3Uo-0003CB-Jl; Wed, 06 Dec 2006 15:36:08 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs3Oo-000Apj-De for namedroppers-data@psg.com; Wed, 06 Dec 2006 20:29:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs3OX-000AoK-TI for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 20:29:44 +0000 Received: from [127.0.0.1] (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kB6KTRDh023579 for ; Wed, 6 Dec 2006 21:29:27 +0100 (CET) (envelope-from olaf@NLnetLabs.nl) Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-15-298683662" To: IETF DNSEXT WG From: "Olaf M. Kolkman" Subject: SO vs DNSSEC Date: Wed, 6 Dec 2006 21:29:20 +0100 X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 287c806b254c6353fcb09ee0e53bbc5e This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-15-298683662 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Colleagues, Let us suppose that the Signature Only proposal would end up on standards track, what would that mean for DNSSEC? I think that Mike's and Bert's arguments that SO is less complex and easier to deploy than DNSSEC bis, are valid to some extend. SO carries DNSSEC label at less expense than DNSSEC-bis (that is a marketing thing). So those that will start to look to DNSSEC at the moment SO is available will do a minimal implementation or only deploy SO zones. Essentially DNSSEC compliance will probably boil down to MUST implement SO and MAY implement DNSSEC-BIS. My crystal ball functions well enough to predict that DNSSEC-bis will not be implemented/deployed to an extend to achieve useful interoperability. Once SO is standardized then DNSSEC-bis will, effectively, be dead. Personally I try to be open to new ideas and occasionally reread the "Emperors clothes" just to remind me of the healthy mindset. Nevertheless, RFC3833 was our requirements document, it is only 2 years old, and I find it difficult to believe we have worked on all the PNE issues without believing in them. Mentioning "2 years" reminds me of the "15 years argument". While it is true that DNSSEC was first thought of 15 years ago, I do not think it is fair to compare it to the time DNSSEC had to catch up on deployment. RF4033-4035 have been finalized by this group less than 2 years ago. For TLDs DNSSEC deployment is something that takes a wee bit of planning and thinking. I do think that the root and the TLDs are important first players. If they play others may play as well. We, as a working group, have given a number of signals that DNSSEC- bis is fixed and that those who do not care about zone enumeration can start signing their zones today. Some organizations have actually tried to break through the chicken-and-egg problem by investing in software, infrastructure and documentation. Effectively they only started about 2 years ago. In my simple view the SO copes with the lack of deployment by cutting away some of the complexities and turns the whole DNSSEC thing into lower-hanging fruit. Are we sure that lower hanging fruits taste better in the end? Will those low hanging fruits be sold? Why did we invest in growing the tree in the first place? I remember that in 2001, or thereabouts, I had a chat with somebody who argued that DNSSEC according to rfc2535 should not be changed because the complexities in the key exchange between child and parent could be automated. I am happy I did not fully buy-in to his statement and that we ended up with DS (as if my buy-in made a difference :-)). I do remember a part of his chain of arguments. To paraphrase: If you can automate the complexity then only the implementor needs to deal with it. But the argument probably does hold for PNE; all PNE complexity disappears in the software (and I think one may expect some expert trouble shooting tools). Anyway, this all boils down to the blunt question: Should we flush all DNSSEC-bis work and put our bet on SO? Flushing DNSSEC-bis would mean re-charter of the group. I think that would only be prudent for such a drastic change of direction. --Olaf namedropper (no hats) PS. I can think of fall-back scenarios with ENUM where authenticated denial will help you when deciding if your asterisk server falls back to a PSTN call, gives a busy tone, or provides a voice message "Sorry you are not allowed to call over-seas". ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ --Apple-Mail-15-298683662 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: This message is locally signed. iD8DBQFFdygltN/ca3YJIocRAn5lAJ9QBHSkplbJfREq+u91aNeG3kdjdQCfTic2 D1wbmmNc8u9Eb5ngCC31Otk= =pQTS -----END PGP SIGNATURE----- --Apple-Mail-15-298683662-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 16:12:26 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs442-0007Nv-Nm; Wed, 06 Dec 2006 16:12:26 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs43u-0007s1-Kw; Wed, 06 Dec 2006 16:12:26 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs3wp-000Eph-Tf for namedroppers-data@psg.com; Wed, 06 Dec 2006 21:04:59 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [212.9.189.167] (helo=mail.enyo.de) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs3wf-000Ep8-S8 for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 21:04:55 +0000 Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de) by mail.enyo.de with esmtp id 1Gs3wa-0000gz-4x; Wed, 06 Dec 2006 22:04:44 +0100 Received: from fw by deneb.enyo.de with local (Exim 4.63) (envelope-from ) id 1Gs3wE-00033Y-1x; Wed, 06 Dec 2006 22:04:22 +0100 From: Florian Weimer To: Edward Lewis Cc: namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> Date: Wed, 06 Dec 2006 22:04:22 +0100 In-Reply-To: (Edward Lewis's message of "Wed, 6 Dec 2006 08:54:06 -0500") Message-ID: <87ejrcviqx.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25 * Edward Lewis: > There are two reasons why I think it is futile to do a mass rewrite of > the DNS protocol as it stands today. The main reason, IMHO, is that a potential successor (which has to be decoupled from the current DNS to offset itself from its security issues) would hardly inherent most of the legal privileges DNS enjoys. Nobody except a TLD registry operator can get away with such large-scale trademark violations. This card blanche extends down the registrar/reseller pipeline, and it's very hard to compete with *that*. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 16:14:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs45w-00004q-Ah; Wed, 06 Dec 2006 16:14:24 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs45n-0008AG-Vk; Wed, 06 Dec 2006 16:14:24 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs40r-000FH4-Jb for namedroppers-data@psg.com; Wed, 06 Dec 2006 21:09:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs40c-000FGJ-Fs for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 21:09:03 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 750CE56890; Wed, 6 Dec 2006 13:08:53 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 06 Dec 2006 16:08:52 -0500 To: "Olaf M. Kolkman" , IETF DNSEXT WG From: Mike StJohns Subject: Re: SO vs DNSSEC In-Reply-To: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> References: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061206210853.750CE56890@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002 At 03:29 PM 12/6/2006, Olaf M. Kolkman wrote: >Anyway, this all boils down to the blunt question: Should we flush >all DNSSEC-bis work and put our bet on SO? Um... no - and I hope no one thought I was recommending this. (And isn't DNSSEC 4033-35 + NSEC3 DNSSECtris? :-) ) SO builds on PNE DNSSEC. The deployment model *is* different though and may be more attractive to both some zones and some end-users. SO can use PNE signed zones and trust anchors. In some ways SO could be considered more as competition for NSEC3 than for PNE (as described in 4033-4035). PNE does provide specific functionality that SO does not - I don't dispute that. If 4033-35 had been the end of it and fielding had commenced, SO wouldn't have been written for years if ever. But we have NSEC3, we have the issues for trust anchor rollover and we have the general issues with how to deploy a given trust anchor in the first place as still outstanding issues. I expect as PNE is fielded more things will crop up - it's the nature of the beast. Some of these may be show stoppers - I would hope not, but blind faith that there will be only good outcomes is not really a good engineering principle. In the meantime, SO may be a viable alternative for application developers and service providers that don't at this time see a requirement for PNE and do see a possible benefit from signed DNS data. If PNE does end up getting deployed widely, an SO zone can be converted into a PNE zone rather quickly - as can an SO-aware application be converted into a PNE aware one. It's even possible that SO-aware applications might encourage the deployment of PNE zones. For PNE vs SO - most of the development work is at the application rather than the server - and that work has generally been lacking while the IETF tries to get the server side correct. Anybody who wants to use SO is going to have to think about application use of signed data. Once you do this, adapting an SO application to PNE status is relatively simple. In any event, I wouldn't at this time recommend stopping further development on PNE related DNSSEC items - but ask me again in 2 years. :-) Mike -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 16:42:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs4XS-0004E7-9Q; Wed, 06 Dec 2006 16:42:50 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs4XG-0003bT-RU; Wed, 06 Dec 2006 16:42:50 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs4RS-000IUc-67 for namedroppers-data@psg.com; Wed, 06 Dec 2006 21:36:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.167] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs4RI-000ITh-VV for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 21:36:34 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id 872C511404E for ; Wed, 6 Dec 2006 21:36:28 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK)) by farside.isc.org (Postfix) with ESMTP id 0F487E60AE for ; Wed, 6 Dec 2006 21:36:26 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.13.8/8.13.8) with ESMTP id kB6La4LJ033654; Thu, 7 Dec 2006 08:36:05 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200612062136.kB6La4LJ033654@drugs.dv.isc.org> To: Masataka Ohta Cc: Alex Bligh , "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) In-reply-to: Your message of "Wed, 06 Dec 2006 17:07:34 +0900." <45767A46.2040905@necom830.hpcl.titech.ac.jp> Date: Thu, 07 Dec 2006 08:36:04 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 > Alex Bligh wrote: > > >> That's a big surprise, because DNSSEC is not a protection against > >> most, if not all, of attacks, even when zone administrators are > >> not compromised, which is as easy as compromising ISPs. > > > Specifically, DNSSEC is a protection against injection / MITM attacks. > > A man working for zone administrators can be the MITM, just as a > man woking for ISPs can be the MITM. > > > The alternative rational argument is to say "leave DNS insecure, > > Properly implemented and operated plain DNS is secure. > > Properly implemented and operated plain DNS is just as secure > as properly implemented and operated DNSSEC. > > Both are weakly secure. > > Of course, improperly implemented or operated DNSSEC is less secure > than properly implemented and operated plain DNS. > > > solve it all at a higher level, for each protocol, > > based on certificates etc., and > > PKI is weakly secure. > > You can enjoy cryptographic security only when you directly share > secret information with your peer. Security does cost. > > Masataka Ohta Sure humans could inject data in the pre-sign stage of any of the parents. This in no different to the occassional bogus NS RRsets that get added to parents today. I don't think anyone that knows anything about security would say that this can't happen. In fact this is the weakest part of DNSSEC. On the other has these are rare events compared to the the attack senarios DNSSEC is designed to protect against. i.e. spoofed responses. Now for most zones there are two or three parent zones that you need to worry about. For those that I've seen DNSSEC operational plans for I believe them to be secure against the DNS server machines being compromised. At worst it results in a DoS attack on the root. I believe the root can be secured against all but compromised personel. The root zone is small enough that all data to be entered can be transfered by hand. There is also a small enough number of child zones that in person transfers of DS records will be possible and/or electronic transfers with backup human to human verification will be possible. For COM, COM.AU etc. we are going to have to trust that the registration system won't be compromised. I'm not worried about the DNS servers themselves being compromised as all it lead to is a DoS. AU, UK and other small TLD's are in a similar situation to the root zone in that it could all be done by hand verification. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From akiowear@pelo3.com Wed Dec 06 16:44:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs4Yy-0004qd-0Q for dnsext-archive@lists.ietf.org; Wed, 06 Dec 2006 16:44:24 -0500 Received: from adsl-89-217-3-164.adslplus.ch ([89.217.3.164]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gs4Yu-0003w7-53 for dnsext-archive@lists.ietf.org; Wed, 06 Dec 2006 16:44:23 -0500 Received: from mail.pelo3.com by adsl-89-217-3-164.adslplus.ch (8.9.3/8.9.3) with SMTP id h6fvYeTI9Tse for ; Wed, 6 Dec 2006 15:45:18 -0600 Received: from unknown (29.47.161.96) by mail.pelo3.com with SMTP for ; Wed, 6 Dec 2006 15:45:18 -0600 Date: Wed, 6 Dec 2006 15:45:18 -0600 From: Paige Brewer Reply-To: Paige Brewer Message-ID: <291346360590.123819355625@pelo3.com> To: Subject: Most popular software bundles including Microsoft Office 2007 Enterprise, Adobe Acrobat 8.0 Pro 80% off MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 4.2 (++++) X-Scan-Signature: 2870a44b67ee17965ce5ad0177e150f4 With the appreciation of your friendship our Group would like to represent a new special offer created for all the customers who prefer to use our services. Needless to say that we're trying to help you with your choices, because we offer a quality software at lowest prices on the web. Make your choice, don't miss a chance. We're always at your service. The following special offer will operate within next 7 days only http://safeplay1.org Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Wed Dec 06 18:46:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs6T7-0002pb-63; Wed, 06 Dec 2006 18:46:29 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs6O4-0000Gj-7a; Wed, 06 Dec 2006 18:41:21 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs6H4-0005wc-Rf for namedroppers-data@psg.com; Wed, 06 Dec 2006 23:34:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs6Gz-0005wA-Tl for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 23:34:00 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1Gs6Gy-0005EM-Rt for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 00:33:56 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id DC3104B764; Thu, 7 Dec 2006 00:33:51 +0100 (CET) Date: Thu, 7 Dec 2006 00:33:50 +0100 From: bert hubert To: Mike StJohns Cc: "Olaf M. Kolkman" , IETF DNSEXT WG Subject: Re: SO vs DNSSEC Message-ID: <20061206233350.GA27790@outpost.ds9a.nl> References: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> <20061206210853.750CE56890@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061206210853.750CE56890@shell-ng.nominum.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 On Wed, Dec 06, 2006 at 04:08:52PM -0500, Mike StJohns wrote: > (And isn't DNSSEC 4033-35 + NSEC3 DNSSECtris? :-) ) Perhaps. I'm trying to fully grasp NSEC3 and have written http://ds9a.nl/dnssec/index.html#nsec3 - I hope it makes sense. If it doesn't, please let me know (off-list) and I'll correct it. Same goes for the rest of http://ds9a.nl/dnssec btw. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 06 21:09:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs8hX-0006ub-Ba; Wed, 06 Dec 2006 21:09:31 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs8hR-0007jA-DV; Wed, 06 Dec 2006 21:09:30 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs8bG-000M8i-8p for namedroppers-data@psg.com; Thu, 07 Dec 2006 02:03:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.138] (helo=ntp2.ntp.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gs8bD-000M8I-0x for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 02:03:00 +0000 Received: from 65-86-158-146.client.dsl.net (65-86-158-146.client.dsl.net [65.86.158.146]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ntp2.ntp.isc.org (Postfix) with ESMTP id B994C39895 for ; Thu, 7 Dec 2006 02:02:57 +0000 (UTC) (envelope-from mayer@gis.net) Received: from cust-63-209-234-207.bos-dynamic.gis.net ([63.209.234.207] helo=[10.10.10.102]) by 65-86-158-146.client.dsl.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1Gs8b2-0007yI-MU for namedroppers@ops.ietf.org; Wed, 06 Dec 2006 21:02:49 -0500 Message-ID: <45777630.20309@gis.net> Date: Wed, 06 Dec 2006 21:02:24 -0500 From: Danny Mayer Reply-To: mayer@gis.net User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: <198A730C2044DE4A96749D13E167AD37E7EB80@MOU1WNEXMB04.vcorp.ad.vrsn.com> <8CE0BBDB5B8DAC00C2C476DD@localhost> In-Reply-To: <8CE0BBDB5B8DAC00C2C476DD@localhost> X-Enigmail-Version: 0.94.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-kostecke.net-MailScanner: Found to be clean X-kostecke.net-MailScanner-From: mayer@gis.net Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15 Alex Bligh wrote: > > > --On Monday, December 04, 2006 20:56:25 -0800 "Hallam-Baker, Phillip" > wrote: > >> Rarely from securing an existing infrastructure. >> >> Don't expect the existing uses of DNS to drive deployment of the DNSSEC >> infrastructure. It can only serve those needs after the infrastructure is >> almost complete. > > I'm not sure whether this is the same point Phil is making, but inc ase > not, it seems to me the RoI argument is like expecting positive RoI on the > deployment of the first telephone. From a resolver's point of view, > deployment is not going to be particularly useful until there are a number > of authorative servers with secure data to look up; and from an authorative > server's point of view, deployment isn't particularly useful until there > are a number of secure resolvers who know what to do with the data. Whilst > the above is true, I am also hoping it's so blindlingly obvious (being > equally true for most other end-to-end protocols) that people realized it > 15 years ago (*). > > As far as "no demand for DNSSEC" is concerned, I think it is fair to say I > have not yet driven through parliament square in London only to be slowed > by hordes of protesters carrying banners saying "what to do want? DNSSEC. > when do we want it? Now. Well, as soon as a reasonable deployment plan can > be worked out". However, I do recall going to a meeting a couple of months > ago attended by (amongst others) by one parliamentarian, and a > representative from the UK Department of Trade and Industry, and being > slightly surprised they where perfectly aware of the possibility of various > DNS-related attacks (no doubt discovered through background reasearch for > other Phishing attacks) and that DNSSEC solved most of them. I suspect that > signifies demand. And I suspect major registries aren't spending time > contributing to drafts simply to keep their staff busy... > I suspect that we will see demand for DNSSEC the first time that a bank sees a poisoning attack and their customers get redirected to a fake site and their accounts drained as a result. Phishing attacks can be alleviated since you can tell technologically that the site is not what it claims. Their customers will demand it, the bank will be afraid not to do it, the insurance companies make it a condition of coverage of losses, etc. Then of course the military have a need for it. Of course that still leaves the issue of validating resolvers being not being widely deployed (okay, so only a handful of people have deployed them). That means that Microsoft needs to implement and deploy them as fast as possible, since they will have, by far, the biggest affect on making this happen. They are not the only ones of course but it will have the biggest impact. So where does Microsoft stand in all of this? Danny -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From xdimpmo@coberprint.com Wed Dec 06 21:58:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs9T3-000525-Ah for dnsext-archive@ietf.org; Wed, 06 Dec 2006 21:58:37 -0500 Received: from [195.112.246.163] (helo=[195.112.246.163]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs9T1-0007va-Po for dnsext-archive@ietf.org; Wed, 06 Dec 2006 21:58:37 -0500 From: "Middle" To: dnsext-archive@ietf.org Subject: Rocket Stock Report Date: Thu, 7 Dec 2006 09:58:31 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0000_01C719E6.406BFD60" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccZ5kBrt+LALi3/QsaG+K/Q8NQoWw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <9C7A6B6EDD43DF6.3E14FAC08C@coberprint.com> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ------=_NextPart_000_0000_01C719E6.406BFD60 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
VSUS Announces New MyOneScreen Application & New Market strategy. Price & Volume Going Through the Roof All Week!

VSUS technologies Inc. (VSUS) has developed a new application that allows you to surf the web, use email, shop online, and use office documents and spreadsheets, all from one secure application called MyOneScreen. This application is free to download and the campaign is now launching to the world market of internet users.

Company: VSUS Technologies Inc.
Sym: VSUS
Price: $0.03
Target: $0.07

Note: Price Up 33% This Week. Volume Up 600% This Week!

VSUS has also signed agreements with two of the largest Blog marketing companies on the net to incorporate their advertising solutions via Blogs into the software. Blog advertising, although in its infancy is fast becoming one of the worlds most effective means to reach the market. Companies like Intel, Banana Republic, and Coca Cola are now focusing large portions of their advertising dollar into Blog Advertising.

This company is in the right place at the right time and investors know it! Go read the recent news, look at the amazing new application and its capabilities, BUT most of all grab VSUS first thing Thursday morning, before this thing climbs any higher.
------=_NextPart_000_0000_01C719E6.406BFD60-- From lmivhcvp@bitbytes.com Wed Dec 06 21:58:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gs9T3-00053H-Kj for dnsext-archive@lists.ietf.org; Wed, 06 Dec 2006 21:58:37 -0500 Received: from [195.112.246.163] (helo=[195.112.246.163]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gs9T2-0007vb-5K for dnsext-archive@lists.ietf.org; Wed, 06 Dec 2006 21:58:37 -0500 From: "Stylus" To: dnsext-archive@lists.ietf.org Subject: Wall Street Alert! Date: Thu, 7 Dec 2006 09:58:31 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C719E6.406BFD60" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccZ5kBriniV3TugSdOJU1PgBwCOzw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: X-Spam-Score: 3.7 (+++) X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ------=_NextPart_000_0001_01C719E6.406BFD60 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
VSUS Announces New MyOneScreen Application & New Market strategy. Price & Volume Going Through the Roof All Week!

VSUS technologies Inc. (VSUS) has developed a new application that allows you to surf the web, use email, shop online, and use office documents and spreadsheets, all from one secure application called MyOneScreen. This application is free to download and the campaign is now launching to the world market of internet users.

Company: VSUS Technologies Inc.
Sym: VSUS
Price: $0.03
Target: $0.07

Note: Price Up 33% This Week. Volume Up 600% This Week!

VSUS has also signed agreements with two of the largest Blog marketing companies on the net to incorporate their advertising solutions via Blogs into the software. Blog advertising, although in its infancy is fast becoming one of the worlds most effective means to reach the market. Companies like Intel, Banana Republic, and Coca Cola are now focusing large portions of their advertising dollar into Blog Advertising.

This company is in the right place at the right time and investors know it! Go read the recent news, look at the amazing new application and its capabilities, BUT most of all grab VSUS first thing Thursday morning, before this thing climbs any higher.
------=_NextPart_000_0001_01C719E6.406BFD60-- From owner-namedroppers@ops.ietf.org Thu Dec 07 03:56:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsF3E-0000a1-BP; Thu, 07 Dec 2006 03:56:20 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsF38-0003WB-1d; Thu, 07 Dec 2006 03:56:20 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsEw4-000HQQ-PN for namedroppers-data@psg.com; Thu, 07 Dec 2006 08:48:56 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsEw1-000HPh-60 for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 08:48:54 +0000 Received: from [127.0.0.1] (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kB78mVkJ091379; Thu, 7 Dec 2006 09:48:31 +0100 (CET) (envelope-from olaf@NLnetLabs.nl) In-Reply-To: References: <6DEAA105-D3CF-4287-97C4-C5ABD03870C2@NLnetLabs.nl> <20061121204037.C91405684E@shell-ng.nominum.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-17-343033263" Message-Id: <0DA03ACD-F67A-45B2-9182-71B92202AEC3@NLnetLabs.nl> Cc: Mike StJohns , Olaf Kolkman Content-Transfer-Encoding: 7bit From: "Olaf M. Kolkman" Subject: Re: Wrap-up trustupdate timers Date: Thu, 7 Dec 2006 09:48:30 +0100 To: IETF DNSEXT WG X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-17-343033263 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > > Shall we allow Monday noon CET to allow the WG to respond to this > issue. Silence on the matter indicates agreement to leave the text > and lower-case. > > Rest assured that I want to deliver this document to the IESG ASAP. > An my apologies for not posting my wrap up earlier. > Version 5 of trust-update timers has appeared a week ago. http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate-timers/ draft-ietf-dnsext-trustupdate-timers-05.txt diffs from version 4: http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate-timers/ draft-ietf-dnsext-trustupdate-timers-05-from-04.wdiff.html I plan to push this to the IESG shortly with a proto statement similar to the one I posted previously. Thanks Mike! --Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ --Apple-Mail-17-343033263 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: This message is locally signed. iD8DBQFFd9VetN/ca3YJIocRAhXnAKDi8txP0oT/l4Blwv03Hr3N/2eeqQCePrrP edGlAVC4Uhdgu1i7WJp5alM= =6+9S -----END PGP SIGNATURE----- --Apple-Mail-17-343033263-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From signed@aliwhitton.co.uk Thu Dec 07 05:40:26 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsGfy-0004Eg-0u for dnsext-archive@lists.ietf.org; Thu, 07 Dec 2006 05:40:26 -0500 Received: from amontpellier-156-1-158-167.w90-15.abo.wanadoo.fr ([90.15.77.167]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GsGfs-0001qQ-Gt for dnsext-archive@lists.ietf.org; Thu, 07 Dec 2006 05:40:23 -0500 Received: from FIQG (unknown [176.185.186.26]) by aliwhitton.co.uk with ESMTP id F50D7DC4D73C for ; Thu, 7 Dec 2006 11:40:33 +0100 (GMT) Message-ID: <000e01c719ec$121a05a0$00000000@bruno> From: "Woman" To: dnsext-archive@lists.ietf.org Subject: to show last hours Date: Thu, 7 Dec 2006 11:40:11 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C719F4.73DE6DA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.5 (++++) X-Scan-Signature: 4fc59e88b356924367ae169e6a06365d ------=_NextPart_000_000A_01C719F4.73DE6DA0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C719F4.73DE6DA0" ------=_NextPart_001_000B_01C719F4.73DE6DA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ownership children patterns directors corner. Document formatto need adobereg acrobatreg reader. States population = profiles spanish cbcn jobs area. Desklinux filesystem creator, pleaded = guilty. Hispanic, origin, hurricanes tropical storms income! Etc files gtweakui privacy guard comment middot. Versions function popupurl, jump. Open, source technology group all = rights, reserved! Interface it features donkey workload upload download = active peer. Components hosting, roaring, penguin filter processes case. Invit, navez pas, encore? Acciden rihanna unfaithful clip officiel cats. Djeun, meutes, agression racailles dlinquance dlinquant dlinquants? = Dproduct, review jon fast stable geekchic become. Now see how metrics? = Twice then, save nice? Sweet mix paul, sterne nicholas herringive always = wondered where. Customers selects, barracuda help combat outbound spam than. ------=_NextPart_001_000B_01C719F4.73DE6DA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""
Ownership children patterns directors = corner.
Document formatto need adobereg = acrobatreg reader.=20 States population profiles spanish cbcn jobs area. Desklinux filesystem = creator,=20 pleaded guilty.
Hispanic, origin, hurricanes tropical = storms income!
Etc files gtweakui privacy guard = comment middot.
Versions function popupurl, jump. Open, = source=20 technology group all rights, reserved! Interface it features donkey = workload=20 upload download active peer. Components hosting, roaring, penguin filter = processes case.
Invit, navez pas, encore? Acciden = rihanna=20 unfaithful clip officiel cats.
Djeun, meutes, agression racailles = dlinquance=20 dlinquant dlinquants? Dproduct, review jon fast stable geekchic become. = Now see=20 how metrics? Twice then, save nice? Sweet mix paul, sterne nicholas = herringive=20 always wondered where.
Customers selects, barracuda help = combat outbound=20 spam than.
------=_NextPart_001_000B_01C719F4.73DE6DA0-- ------=_NextPart_000_000A_01C719F4.73DE6DA0 Content-Type: image/gif; name="get medical.gif" Content-Transfer-Encoding: base64 Content-ID: <000901c719ec$121a05a0$00000000@bruno> R0lGODlhAAJkAofrAAQAAIkAAAOIAIp+AAwAiHUEcwByf8nCybvkuKTJ4UUXAGgkCXYVBJQbAMcq ANInAAg1ABxFADNHAFVBAHc/BZoyALpOANg9CQBdAhZaAEhRAFNkAIFhAKZeA8NnAOFeAgCFACZ+ BTSHDFNyDHuIAKp7Drp1A9WEAACSAyqnAEmlBWWYAIKmC5iaALGnAOGnAAC5DBrEAES8DlHCAIfJ AJTIDcGxAOSxDgHXACLpADPcDmHhAYHqAK7ZDrzfAO7kAAEAOSYJR0gOSG0NOnUCNp0AR8MAPtIA OgATRiAVQ0UiOWUoOIUaRKcZTMkUS+gkTgAySyFFSzVIRFgzN45OQZRLTsY5SuY0NQBYSxhZOUVf R2tcNolfAJZhNslkMutsTQJ5MhSIOUd8PGV3M3aMNJd7TcGAQuuGRQSbMxKaQjSUNmSURnGbN5OV SsKWNeyYOgS2MyHNNzbMRmzLSH/LM57KPMLEPdm2OgDURRffNTPqSGzTTXHjM6jhTbLbTNTZRgAA exUMf0EAc2MOcXcMcqcAgcsAdtgOhgcVdx0ndUYhfmwocogbdJwUd8khjtIajABMeCZNeEQ9jlJL hoc5dJ8yhb5MfNpMdgBheixXjD9RhW5VgXZoh5FpjrxYfdxijQCNeyp6iE2AglN/fHF9i6aNdbGJ htN1dAisiRGti06YilynhX6Xe5uijbOZduuZfwbLgBrJekfBfGe2d3jDhKS9jbnIh9O6cgDViBbX eTToilLlgonmgaXTcrfYjdLhdgAJyRgAyjQAxVwAx3oAu6oHyMsGueACuAAUwyIatDUryF8myXIS tJ0UtLMnvNEhzAA8xyExzjI4tlRIyX02xKJExsBIs9VHyQpjsxZTx0pRumBbv41ctZhYy7Fnzdpj swB/tRZ8xkB9v2uNtIV1zpSOss6ButF1tAaUvRmazDyTvlSqxHGYsaOexsCouOeYtAC1ux++tT+z xlfLvoSxyJK1s/f46JuslneDef8AAAD/C/f7Aw4A//8A+QD+//P1/iH5BADZvCgALAAAAAAAAmQC Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePEO2JHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcpUKMinUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqXcu2bcimcOPKnUu3rt27ePPq3cu3r9+/gP26HUy4sOHDiLMGXsy4sePHkOkmnky5 suXLmDNr3sy5s+eLkUOLHk26tOnTqFOrXs26tevXsGPLnk27tu3buHPr3s27d87PwIMLH068uPHj yJNv9c28ufPn0KNLn069uvXr2Jsq3869u/eN2cOL/x9Pvrz58+jTq1+PXoD7ku4F2ItPP/789/Dr y0epv/5I/SwBmN9+/+Enkn392WdSggIWKB+DBJ4koIIOHkjffRFa2KCGF5IEIYYRUkghe85RFF9B J554kIoEqchiQi8K5KJ7Cs0oAIo0tpijjDTG2NCLMaa44485Cnmjjkf+Y6NBLNI3kI1J+shjkztK +d2VGNE0IoZcSmhghRqutOWIW4JpoYcdgqlgmQF+OeZ7bPLn5oNfdtllmW/uJ6KBcfoX5p8kljhR kD0OiSSTVRqKaJJKKiqllVMaumSjjDoEpKSFVgqjolPiGGWRjoZ6I5WfahopqKViqWpXhI7KKaWL Pv/5qqyM+vjorI3meiisvEJ0aaVGWvpqq7R26mmspBa7YqHG9rrqs1ZB6GqCzjYLabPVZnsqspjy SGt/C/1KLYTLmkoptcbaKiqv4uoHa7DYQivvQ1rWiWCdZqqJ74JzZminl2TCaa+f/7oUcIb3+iun wgXvqSe+eApMMKADnulwoOrlWXC+HMZZMccbA+xgmh0T6HFKB1d8MpoMa/xnxP4m3PC+dxK8Msa2 mYjptAipa+6mta7L0KTVOqmsr0MSe+2usTJN9NGyppv0sIkmO+/VUClNtaZLNw21lVMfafW3TD/0 67Fdf82z06h6LbXYYx+7LdZ0S6W1uT5HlLe2b0f/raOnQf8MdNnv4gp4p8T2Lfe5RxsNdtip1i25 RneDO67hbn9ruLvxEgo454NDXTi6PdfXOaqZmk46tk6SK67ok8cu++y0124VzrjnrvvuvPfu++/A B1+X7cQXb/zxyCevvFTCN+88bMtHLz3yz1dv/fXYZ6/99tx3P/z04Icfu/fklx+X+OinL6/57Ldv lPrwxy///PTXr5X7+Oev//78z2X//wAMoAAH+L/+GfCAKyGgAhfIwAY68GoIjKAEJ0jBClrwghjM oAY3yMEOevCDIAyhCEdIwhJe74EoTOFVTMhCjKnwhTCMoQxnSMMa2vAwLczhem7Iwx4WRIdAFB4/ /4a4FCKWxIi4GSI/WqLEkzQxiLp7okmkaA8q1gSJI8GibayYRSNysYpaBMoXoQibMVJxjDAJYxhr Y0YvrhGNPIEjGQFDESUixI4DwaNFhmgQPm5HjwoBZB79GBVB+jB2SkwkPwSiyEY6UpCGJOQgGelH PNrRkpXkIyYX+Q9DUjKRBGnkJ0f5SUl2EpSnFCUp9ejIUppykKp0JSxRecjJoXKToSQkKAEJSU7m Epar1GQmOXnJYZKyILg8JTAfOUpWZjKVxDRmKoO5yGQiM5nF9KUna2kcmkjxiWdE4jfXSBI1LrGL IgHnOcGYTjeiE4znJKcc4dnORNazi0vk4jjj6f/GfIqTiPPcJz3vOdA5zkagBS0oQlNiznI+8p8P xecjUdLII1YUnupcZxP1CVGCbrSjF3UiSDuaUIM2po66lOYxnenLg7zSlIqEpjZ3ScuYxvSOqsTm TR86zWvONJpA7WlPW9nHlFaTmULlZnK8SdJwapSkFF3nOyXqz30C1J71vGpAP/rUrnZVpFIl6EAz qlAtYtWiX21jWE3qGoQ6FZ9wZehazanVsNrzrFnFqEu4Gle9itWhc21qP8sa2LUStqR9ZStjUPrT YwrVmo9tKSVdalSfAjOXjcXsUIUJ1J+21JnBjGxQN3tUzq7UtNScZFKVehymfjWr/HyoXf85RcP/ LlSsVrztWBVJ1XDWFq+8PexuvZrRty40pBg1rGKZM8+pOne50G2KbKdL3epa97rYza52t8vd7noX u9H9i1a2WdTysva8wgmvenOD3vY6cL3wja9850vf+tr3vvjNrw7dy9/++ve/k9OvgAdM4N0B+MDz K7CCF8xg8iD4wRCOsIQnTOEKM6TBGL6LhTdMvAx72H8cDrHsPkxi7Yj4xChOsYpXzOIWu/jFMI6x jGdM4xrb+MY4zrGOc1ziHvv4x0AOsnV2TOQiG3nGARBIkguyZCVTpMlkkQJUpNwQKnvEyljB8kW0 XGWNcBkhX6YdTQJAEjKPxMxJMTOazywSMq+5/yVqPsmbYSIFktR5JHd+SZ5xsmeR9Dkld/4zTQLt EkEP2s8nMfRKFA3omBha0H9mNFEkHZs1W3opcS7JpWGS6Z3s+dOO9rRJKI1onhC6JaQudKlzkmo7 6wTSo4ZLqwPz5IEkuclLDoCuoWzrXTtZ10r2tUF2jWsnM/nXtg42sJlM7H8I29nKhoiVpTxtgUjh 2l/G9rWtjW2DUHvb3Aa3tgny7Wl329ro/se41T0QKq+b3OM+t7rP/e5wu3ve90a3tsvdbnbLe98F 4be9211vfbu72vjetsDrLfCEG/ze/6Y3vr3d7YKzu98TH8uY2YxmN5dZJW7u+MdTkuk5x7nkI/8f ua7ZbA+Pt1nPeLZHnusMalfHvOZ4nrnMbR5pndec0KD2uc15rvOSnLrR1755zHcu86LTXOhLz3nU lT51Pwf61DR3ddJL3fOq73zrX4c6osEe6VUzfepZN3tkTv7ylqdczm5nedtRgnJNv9zlcZ87yzeN 91B/netDN3va1R50nsea6oD/+9LTjvPFBz7xSDe80yWv9cc3fuyPP/vkC+94o2d+8IrHPOLP3nnC V14vFbl1snNNbF47u9lQbr3rW2/s2f869rQ/NrSTvftnO4Ta/T54wbEMfIwb39/kTnfygw/wi5db 4sKXN8aJb+98Bzzeyy++87N/cX0v//jR137/942PcPGbX/ngr/74z7/v8wcc/VqmfsYpo3pk7x4h sb+//odNkFwbu//IVmwK4X+8x2uupxDaV3xhBn/r937Bx30O6H3eJoHvZ31gxoDyx2XUl4HdZ4EQ l3zyl34b+H3kN30NyIERiHwPuIIUmH4OGIIMSIJfURN453KbJncrd4N5N3crF3cmd3dtp4NBqHJ5 12kid3qKd3kzB3p9xnmQh3akh3VRGHWXx3ROuHVlZ3VTKHhcGHqhB3ZcuISal4WaJ3pNt4Vk+IVM OIVOSHpP2IRSN3kgVmsA2GvLxmyqZ4C+Z4e9938FeH+sd4d4WIeByHuAOIEkaHETF32ImG4M/0d8 7xaJjih9kAhuFJeBCkdw1wd8IRh/lrh9mCh+CWduCpiJEVh+4aaCyveJoehv69Z8DteAFBeLm+h8 lriAKyRkcTFrqDYXvNiLnqeL2fOLLEGMPmGMKpGGvnFkboGL0iZ9WQaNXtaIzFiNMSSM2Pgb1riN NOSMW2GBVSGNFziOVJFtWeGNFYGO0zNoWCgXyJiMatdoRSGFSVF0i3Z4v4iMsKYU73iP+2OPTdGP KHF0/ngUBGkUvJiF+VgT+1iPQSGQwnN1YNh0S0h22HZzV5dzPZd02nZ4XDeRFMmRFomFF0mFi1eS QyeHB/l0FXl0Egl0TXiRWYeS+2Z0HUmTKP+pkSJpde2odDTJk2VHkj2JeTiZk0AZhmdokyXZkUcZ dtYDkKu2hj+XkV+Ij5aHhAoJlVbokWLnhvZIjzE5eoMnlY+GkWKJj12ZlVAYdJtneQBJlmcZeHDp kV44lztEEQgngyNogqs4fogIgyeIgDEIgRWogoCJfAnoiCnofgoIgglRbXuJforJgn65fSLomCYI mDDIfpgpmZGpiosZmJT5P3kJb+H3fOJWgvNHmH7Zin+Zfa94EJxoixY3m6jYmiDYfKWIfeTImcc3 mQ8njR7YmaAJcbA4mMUpmp5JnKJ4mZTZnPVTmhOogbKpmr9pmcv5m9SpnNjpmI0pmLM5mfH/R5wr uJ3V2YLux5rQqZ7MKYvriZy+iZ6h+ZmJyJ3vKT/S2YH22ZcUuJ2aqYn5OZzmJpnWeZj6yZfj+ZzW CZqnqJyfCJzJ+YL1OaAc+J/OOW8OmqD9uZ4U2p4aGj8RV4sDN6IHSptg9nyyaYriuJrC14HmWYlh Vpr59qGMCH4S15vuaYoiOokPSnCeeIuZCIs1qpcRF548WpmRGKSPqaJFCo7qyI1QCkPZOKVUWqXv E6VY6hVWuqVc2qU2oT64+KTnuWXnuBBhSo0TIabPoqaYwZBMCXOwQY8DaRMQeZBDIWn7qIxuOKd7 KhPvCJGvxpCHRpfilaYpqCrgeKgRwaZj/2oVznimivp7BCoRjHqd35iOeNmoazGoo1aUQuepG0mG TveTJKmTYweSX3mqMomqFGmqTql1IwmTLYl1S7mUrRp2LamToYqrnVeTnseSnbqquRqsQPl0TRmS xxqMZYisv9qOQvmSzAqsxdqsw/qmyGqtpNGQdXmqccmnJmmGVkiVQQmVqbqVSemVaXmudqaVxgqu QAePZHeuUnmV69qrWwirXkeV25qSH7mWhiePZaiEPveWbyiv96qF7hqP5qqwkoGXsamgyWmg12mb MZiX1HmYFCueeumh5Iik+8mghamgn/mh7imfIUugArqxEnqh3Vmd4WmhJquxIquyJmuOsv/IGaiZ s/KJsbWJmBWrmgCHsT4rs9kZnDoamqP4sc0ZtB7KtNqJtB84sTfLl0argbcIf0Grm2Y6tO03n6Z5 o107sl5LtexpFoGqp9uqhJ/3dwTpkmdZhTO5rG2rrF7IsG04r44Hh2+LhFBIr4m3hr+6tmyoagu7 p9qaaGzLsEjpdYW7uKYXl3maeaEBh3ebsGKYkg1JsMuqhgf7rX/rt2nrrZx7he+KuYO7twhbdT9n hqwKt47rlfbqr6VXllEJuoD7uairrqf7hKXXpw2bpkkKpFfbilYLnTL6b0CrpJYqoz5Ks7SZqBWr vEc6o/QWpK8YvKSIpBUHgS16sTKYitP/J46U+KDYC2+VyZ8k6qOp+bXm+7DTC7XjO4uKOC+VCqZo Wjv1e78Ilr/oY562w7+R2l/zS0D+K0AAnKUIjEJeusAM3MCPAagzAcGBSqzA2BNGKbm7KGtIIZAJ iTFaCYwS7I92Kmp+SqjFqLglXJB1EcKE24+zxmik1sEP2RdRwb/QW8OTyhUFzBAHHMDf6xU9vKg5 /BBiCqlbK21TphkNd71MKm7CGW/CC5kH14iomLXZJr4YmsWqOKTH6XDlq5hLXJvVS76p2aTMx23q m6JlHMXFy5/fhsauSIrhl3H5ebJhvKJeLJzz17NmHMdpDL4DrKURnK4BS7dqmbBJOZS1/4u78Qqw UpfIgDe3rru75tqu+9q3omqwwViql4y48aq2rIuwzsqu/RrK8PrInWyVqkvIqGyXeNu42cq3bqu3 8SjJ/7q5Pim3XSi6i1zJhXu7vQu4pYvImEyok5yqVSjLnRuUngvMuBvJBWnLjBvMhrzMyly5aCsa lVvI64qtvxySQ0nKcfvMhuvN5fqVNXnM6eyrw5zKq0vBU2mrtdt+wcqRyqyUiIfMRCfPq4un1JzM 1CyX4EzLoYuRTPmTfJGpEAuZPgyhxrug3peY3UmjVIygLTu1EDqpURuzP/uYSluCRhyxPwzGBfrR Jfuo7huh4wizIDuhHOvR5zsZYqufFP+9sjUL0ehrmTDboxZL0hn6mgu9s5pYnx4r1HDc0zsdn+S7 oEjdmevbid87npG5vjaNmxDLsvG5xTkdFpwarmBoz9F6wTy5z+Xap5p7q7UM1vwKzR85kobrqsy6 lfFczo2Mz2gI1ucs1jJ516A31n0bsG+6137dy299z4L9aCwZqsMq0NFK1hpZryzcYJG9GKkGqJON wg/swJjdGq1Wp0Jx2QHZwN48G53NahGUwKidi5q92qzd2noRw44sqBsMkq49jBXcu/CoynQbwbyc 2xPMZ7XdEjLdZVUtmEBdjkRcFkGc2hfG24s82gedyHod3XHtq7qK1gedk+s8qrDGyV7/fZTRLZLa zavJepLjWq1GSd1EKZFUqtA0PdIG54Iu6L1Sq8X+eZ5Xq9XXd9T96dBaPNH2jdH6PdQR6r/s19PM fRCCOs4ATcywi9up/M2bjLho6Lu93M4Fq7fYvLaKts1p+MoW7tpx+5KoepPdnN7/ms6CG8+KHNDs zZW92sht+M1sac6DLbu8S8l9LdZBhqkva9wcTY0brdJky5j4zZpFfaAJmrLsSZ9oStEo6NKjaakJ Tqee++Bn2Hi07KxxiMr//MiRm7f5+q1jmeETroXbjJXV/M4CLYY4N8I9ZhHH26OL2Jriq6Kp2L1q DJsJ2MYISucI3qKreKPtK73Pi988/83nkLiJ2SuKyJvgAwEZoB3cz3MYyw3pCR7ImL7pnN7pnr7p lN7enz7qpF7qTxHqU2rqqr4QqJ6Nq/7qCt7qwgjrtB7psn7ruJ7rur5Btd7rvv7qux7swk5Gvw7s w05ixZ7syo7px97szi5Cy17qz55h0U7q045h1Z7t2l6N197t3j5B297p3z7u5G5CczYT5y536j4U 6b5xcdHuLAEAMiHvSgEA9r4S9D4T+Y4b+54U/d4S/14Xstd3L0Fserd3JgHvNmHwQ0h3BW93bycT nQZ3JBHwJUHvFq8SGZ8TAb/xFV8T/+7xHy8SGK/xIyHyQRHyJF/vK+8SKP/uEQ9nH/8H7z/oE3zH E2+W8zlB8/Pe8jDx8jTR8S4P8jah8ikB9P7eFEjv805hEfn3bM2me8cG9bUHe6+nbP4H9YLoh4QI bVT/essW9ftngFjPh15/h7fma2LPawAgEPbe9gXx9vb+D28/EHJ/EHB/93RP93mv93rP930/93Zf 938v94Gf93zv9nXv9gbR9o4v+ICv+HP/+IvP+Hd/+JYP+XYf+Xsv+H6/+XsP+J7f+ZBv+I2f+Kgv +oO/+Jiv+ozPPAtfZiInhOfegz4IhBx3hHc3++ue7id3hAQP8To/88S/+wi/g8d/8vaQ70Z/7yu/ 70b/8c6//NJf/S0v9NSv/NCf/c//b/Elf/HLz/zc//3ZT/7lr/3SL/4VL/7Tv/3qL+/bT/3tz/30 T/IYX/LuP/Lwb/L1DxQXARAB/g38J5CgQIMDEyok2HChQYgFHUo8OPEhxYYVMzKUeLHjxokYFQYg WVIkwoweI25cSRDAv5cgB8aMORNmw5ouN77M2fOmzpw2dwq16dOozJ9Bbx7NWJMm0aRAcf6ESnXp VJ1Xi2LlOdVn06xat2btivQpUrRpN9pj29btW7hsA7id23ZuyZJv6+qlK9fvXnt36eIVbFcuSbiA +wZmbJix4sB4/S42DLhu3saTL9uVnJktgM8AQMMdPfqzPdGpTbctrRq129WgVYsO/216NevaqV/j ni377ezTv3cH1x18d2nYxn3zTt78dOzmy19Dn56cunPbqIFTl87a9fC44cWPJ1/ecl/IlNVvfoxe /WT48T0vLqx5/vn7fPFXpm/fseLbbjvOOvK6M5BA8ZAjzTjcmBOuQeIWvC5CCrlz8DnnGDywQek2 PHBC5S6EcMAAoyvvRBRTTGw9zyA7D7/N9kJsv/b4k69F+2DM7zD5FKuvRiAbY09G9i4UUEEMR0xS O/Bs+5DDuJCsLrQmq6QSvCWnHLBC70KEDsQvM8zOSOTCvBI7ETss80EmsVTxTThZ/A+zxDDTUcgZ 77OTPsTi6kxIHPHsM68iezysz//ILvuTyEQBjY62KCElrrgHdetOu+W+wxS2EnPzLtPiAqRNyixb i03NTZ08LtQMMYVUVEmttLTU2twcc1VJZ8XV1C3jVFEtYIMVdlhiizX2WGQ1SnZZZtFSqlloo5UW 2GenpdZabJn1dVtuu/X2W3D9DHdccAUk91x0yTU33fHWZffd8bKVd156512oXnxVw3dfftWqNt/U +hV4YIILNvhghBNWeGGGG4b3YYgjlnhiiiu2+GKMMwa3YY479vhjkEMWeWSZ4HU3TlJPTlHldFU+ +UiNY5a5vJcXvJjlWmeWWVqlekb2rLCSBTrftJ4duqplv0IapH/NQrhpaI1G2mf/ov0leWCTbUaZ QTe3rtjldrX+dkKccWbz5odrPpvisnV2++eAhZqtqYD13SnuqLwSzaW4edp7Jrtp6rtvmP722ym8 56Z778PJArzuwh9/Cm+mpZKbcsn9pioofe1eHHHDBze8cMH/5nt0wqeGPPHLMb/K9cYlPx1002eX HafUt6r9amDHprXSVoHHMlcJs7OwZuKTR5BrUaHUcrpboVcSTeODbw1CmK0M79JOnxsTbOWZ/+37 362Lvs3nn1TSwrM/NNvtFJudHCuu6K8876B9Zkpuq4baXywAcg4sjgugVf7XtPnhr38KBCABl2a5 oBlQggsEy1fKYr8JJnBqE8yf/wQPOED+gbCAUONdyXwFnPTZDESuUlD3dqW+CB3JNWby3gxb5cIW VulUNpze8kClKeeJKIi24uH6tmMi0hSRRGKTVfnS1D4WyuaI60OimHQIP3Idy4IcdGD/tuhFr4QR glER4Bgv2EAugpGAZ2TjUCJYQctB7Whn7GIZxxJBqoXQfm1Eox3zxkcxVuV/G8Rj/UTYRhKWcC1e axOqhCe+K6XMhzB81fC6RMMUquqGSEQV2ZooIQetkFRd65UlqeTCKw5RORvqGg5j2CXhgGl5mYTl iEZJw1FhcVxwK0vpKMg415Huj4d8XAGFeZbAMY50oUtcM+m4zAy2roGBM6Qb8/8XTGGKkG7QvFsv RVc6cPaEc8pUWrU6Z0hf6g+DFnQm6BboOaM5E42KTIsu7clEUt4zY+9jFz9R5E99BlSgA71n9gi6 T5kBtEAHZWhD3UJPhuURov1KZL0qKqyLTlSjBXNoRz36UZCGVKRZ3GhJTXpSlKZUpSNlaUtd+lKY BlSlMzXL7kSWUZrmVKfTmti6FLoyjJ1vW+YaZU8ThM+YJlWpJH2aTnF6LacZ7F9P3WlVrVqsoVJK q8TblKu8Cj0nvYpSBMqlWHNVya2edVSz+t5YP2WqEs0wVjV8q/c8BVZPaRWUaYUrb65316UGVrA0 G06HllRUKQpRlOjj6mEZm0r/6j3Riq2k0PCEmlgNPbZX7sLs82T1V1YOVrQHlZ8aA/nGERITjh0c owdPS5QEKg0qRwvhVDFozDsO02qD/OLm0nhV4PIuq6FSK4caO8UsRRGUtkQhq/yqxBBNqTdQpGxh 5/pZXeUml0F0ayxn+cnCKne04x2oFtc5wDIODZHa9N8eneVa9jplLAisZn0FeVpAslaiq81tNGFL weAGuKqI8618xYJMvsGXtfh1r3w/mEcDp7G36CwkBJXZwS9GuL2t7a2D7StgEJ8UctkksS8TvDqu fLNysuVmNhXXYnheUJw2hfH9Ige7GHdlnKMLCzDpy05mRtjA8AxxkY28Uap+/yzJR2Zyk51cNRE/ WcpTzhZ5T9jSn1pZy1tmF5W9/GUwh3kgXCZzmc18ZjSnWc1rZvPOxPxmOMcZuG2mc53tTGY551nP e+Zzn/38Z0CD5M6DJnShYRpoRCda0YtmdKMd/WhIR1rSHTN0pS19aYJOWtObRjSmPf1pUIda1KMm dalNfWpUW5nTq2Z1q139alibNNWzpvWsY31rXIO41rvmdahz/WtgB1vYwyb2mHt9bGQnW9nLZnaz nf1saEdb2tPGc7GtfW1sZ1vb2+Z2t4lNbXCH26PeJne5qyxudKdb3etmd7vd/e5wT4vGApv31fjB D37dOyP63im/ZeLvhgDc3P8j602Cn7ZkhQlcXgJX+Ewbru+H43vgVzNd6BJWby0i/G5Iafg/AN7x YDFc4v0eOUgiPi+Ql/uEp0JfULO8vZcnUTz3Dg/N22JzX+GcLTqPKc/f4nN7AD1cQod3t2K11rpy iq87dBkKvxpFpsPVrE0nLhB3fm+s8+PqWed617XuFp6H/es2J7vWy371oI9d7TXPOtjbnna33xzr P5972rmOdpx3fetC97rb8373osMl47iLXOErTuDDA07xMkm84U3seIPXzuKMJ3DhTe5vfn985Fgf iOb3XXKPSzzzosf36DtfetKf/vIEMb3qPR961cce4phHPextD3vaX37zqb//fconPqzGA5PwG7ep 5ONJeONbXvmRr/ziiyY4jpe89bG/ffU3InLXc372od/+7Ld/fdCv3vbTx334Pd996dc+LedPP/V/ L7QX+zj+iqNcb2icfPyLc3aTX6bnujm46As43qO+1xM/1ku/rjvABDy9BdQ98Ms62SO9BFQ49is/ AWRAtGC/BfS996OW45u3xium5aM85NO/5LM8/sO44YO8f2u/6su9AwzAC1RArqNBCGTAGsxAGOw9 znO/GPy8C0S/GcRAA7TAIny/lYuUlqulJWSS61LCS2K5o+usRtKkAmG5JpS7uIM7LUS7LowLsfO7 rZM7tfs6uxvD8qA5nfu7/78DQzP8QrhTQ7N7Q58DujWcQ7YLPHUhqr9ywrBirD58wioErT70w085 E0CEwq4SRC70wjv8wkf0Qjh0xDfkwjBsRErUQjbcQkhcuzikQzw8uzNsw0zsQlIkusAbvI3LnP0L shnDuIK7HeVzxcNzxZqaP5sqwBv0uh78QeujwAGMQCD8xd3rRa8bQhsUQPITQhwcvV4cPxfkPs3j wA4kN2okxmoUNj0cD1ScxG7cRnAUt28Mx1TMRnM8x38gR3VcR3ZsR3eEGBo5l/RIFzp5DziZR3Kp RxRJD318x1RblpW4l2kRSJBoiWIhSIM0FoJUi4SUiYUEFoF8SHR8NG6Rkf8bGRd8FBdf4ceLVJGM NI8T+cjxcBF/bDdFIRRE+RPHyIyTjJGUTMlEuYt+jMlDsQzJoBOV5Iw8wck9GZSYtMjBqEfB4El9 vMmeFMmSHDRkUYmEQAll4QiMcEqGIImKaEqOMMh7UYmCHImqDImnLAirTAmwDImWiEio7Air9Aiy tAiJnMhV08qu/MqPcMqLqEuWuEqvPMuGpAi7/MqszMupFMuoFAmN6MvAlEusJEy3DLRtuZO/IIwV GcqazJM5AcqWRJT4KJT/QA/IfA8YuUm+YMn58I+/cI+V3EwbSUpnc8wgERfJHM14HJKOzMyLLJQf WREWeZHQtEiOxBHdPE3/0mxN1fS0pVzLuDxLZQnLw1zOgNRLwcTLuzwJ6QRMw6TKv5zO6GxKqfwI rhRMw1zMW3sIqixMk9hKvSxPwjiI8YxKhCjPlHDPhXRPvpRP9bROsrTP6xxLxYRKk9hOiLDP58QL 5ATPP6tIaEPK4UxQBE21BU1QdWOWtpS0CCVQCq1QC71QDM1QDd1QDvWYjfyWBg2XENVIdtFMkAzJ 2QRR8shIkoyTEXVQfXpR3JTRD+0WGrVH1EwRBDVRjFxRjWxRF4VRLDqWCWVIgilStEBSIh3QtCjS vYyWtpRIsyzODjWYDyVKlySSPaFJLpXJLNVJLcXMmnzMMHWRlzzTIcHJ/9K8EdDEUtTsDC8F05aU 0zrZSZgUFDsd08fAzBsV0nMhUuWsyrRcSynVT7Q8Tu5kUkFF1Pz0T8Wc0ogIVMJcT0hdzkO1VEdV S+SkVLysy0Btz6dU0iqVlhplU9/sDxY91dQMklT9TUPJTdzsD0ABUtrczTW9VVZV1Vc9Tdl0VV0N FD+NmSUlz/60CEJlCQH9zvZMVsAEy2JlVGRNTEgVUL601E29T/ScyvRUVmd91mvNy+ZU1m0F11El mFLNVV+NkdDE1R+5TWClzXQVj3aFzUDp1ViFV1l113ilVR9ZV0eZ13h81z4N1oxxVcq8VZ/sVx7Z V9OMjHU9WCARU95s2P/U9EnRvFddtViAbViIrQ+J9Vd7XVhY5dUUJVhd+szX1AzKnNNG8dJBWRSi hM2d5BN9RVMwVdnCKJJ5BM3K/Fc9RVk81UmZ7Vj/IBQ9sVj4AEqTrZgSmtKrElV6gdqEkdpyFTCn rSqqlZesLZitrVpkYShaVaqBBdGZjNGlPVu0TVu1XVtb81q3fVu4jVuOYVu6rVu7vVu8zVu93Vu+ DSy5/VvADVzBHVzCbbW+PVzETVzFXVzGXbPCfVzIjVzJnVzKrVzLBc/GzVzN3Vw/vVzP/VzQDV3R HV1t4VzTPV3UDUfSXd2SSl3XfV3YFTfWnV2Iil3b/SjazV3hul3e7V3/3z013Q1e4R3ePru0fLCY fEjeuDhejEle5q2Y5yWP6P2omHO36L1emZnecdHeb+HetvBettBe8CWX8YWY8v3elamkmCmqKGEp oloq7EXfmDnfbaFfOBlf/IUL+/WW/U0X++1fobIY9kWqjnpfpXre40Xg8HXe5WVge0hg5nVe7pXg 8EVfCYbgBVbeCtZgDX5gB35gEK7gt7hgEOZgB6ZgCvbgDw7h6UXhFRZhFj5ht2hhBk5hDJ5h+bVh HL5hC+7gFC5hFQ6bp7MrQFSrMimu8bEUIwas8PoqUWKVqSuesEISKZrCtbou7mDE7LVgLpbf8ODh +PViFg7hGBbjCD7j/w3GYSCGYTbm4REW4fiNYDUW3zZ+4zTuYjaG4x2eYDxe4w2eYAWOYw8WYzbh w0jSHr8yEhW6LK4JL0xCnuhpnt8xLBXaJEW+JzmWYzLeZP3d5DCuYz/WZFBW4DvWYz82Y06e41Fe ZTv+5DvGXlce4z5+Y1E+5QT+4h1W5VjGnvb1EuuBrF5eLMqSktBarsyyouPpIWKGouqNmFt+ZRIe YRSe4Wj+3moWZGvWYRiGYG1+ZjUu5Qzm4HAWZ0/OY1k252eG5W/O4VzG5Vr25lNeZ26W4V2OrkJ+ rqrbrkkx4Cx2Lu8CZhnKLvGypYFeoVJypa56GGTJh39g6IFgaId2aP+ZkOiGrmiCoOiNwOiHtmiL pmiN5miJhmiQiGiOvuiGEGmTTmmSzuiNVmmWLmmNRmmPhumXnumP3uiVxumTLumdNumPRumWtjGp +S+Jyq93mi3/Wq0ParDbYuoN+yWkdq+mZhiglumeTumGBmqavuqOBumg3uqQ9umeDuuXzuqtNuuu dmmQzmm1/mqstumLjumv1uqyhuuHpmusruiZ1uuxtqahLrBAurA7opr94TG/Dmw7EmwJY7ADux8W QzzUshZuaWFq7uDKjucfrmxRRmDLVmFSJuMz9mFCzmbMVl7O9mwvrmFzHuTMlucPVm07Ru1Udm0f Nu3ZLmfZLuEfnt7/rbrnff5DDxHEseIVK2Su4gpoz7I67KJiJjyl7kqVnFFoQLtprvYY6p6X65aX 7L4qjeOzT6Pf/oVe5L2Y8H6pZq606UYKCRaZ7caW9nZvJutu7/5d+q5v+yY04s1vhpGY816oovup /oa5AEezZh5wkDpvn8qntTkqUrM/BRfiliGoBLenAidgwUJwCPdvwjo1gz4RAw+ehvrwcvGdBfeo 76jitwrovsIrFmokFv8SJcbiGOdD9cUQGY9iIk6eQITiJzzxtEo6DWdxJ15EKvrtY66rE1/Ctqpx IkLihOYVr0pyvmLiHOfxKV5xzNIUp8ur505y5tDi8iitilvsBhsy/+dbCg9bo9tSL2Iyir+O6smD PsPzIA0DsMH+LWtCQf9JcwhTsKOmc6H28x+zsDuH6jH3o3HCsDTPLc1BahZTIEQH9GXxnUdem0ov JVpyHmGWpSeacIJu4s3qdEveHlNqZLFZrDBJ8GXe9O9CkEsndVTyrGH+Lk7PrEp/9RR6pFLP9G7h JcU26kjPMP4ypnAi7PMyIwCLdN/So0XHLdURncwhIdkKJ0lfMUdf82tnPEj/LfqrRbIYc1bkrReb rbl5sHLHnXN6IzZ36v6iKAZ77DansHeX96iCd2Q3J9USsv9idDJfsHYvGnZPLXxn80cneKcx+Aq7 L/tCsHtnL6kO+P9nKnhs7/fUKhjItjA/EnQ94vfKW/f6CvYT03ap1vdlr3iF7zEZS+o8L+z1SnYM M7iPt/OSP7DETnkzN/PNaXl/5yKd/3Wez3k3svfBfiaKIqcUi3gV4yDMORxvRzxskj+mkSeivx0i 23eSpyZ1h/bHq3obyyCjJ/SVl3q/zp2uz7F3ujB5kqYT+/rWAac85yYgSwqyhzHFXvv7E3v51m93 H5i81/vI7Xvgi9v7NqqvuVu/P3zET/yqGnzG1xjeAXx6gfy3f6/Jr3xvCyaqwibLTxoVNKmMJxba mmqMWhppH32A/xnTd3jVJ5jQl3yLj5ahfiqcCn3zUqQrA3E4URv/bwFwoHqX9zHgDJ8ZEYcpfs79 NzHw4e8yY0mvtI8dNIf6Z3enPd+dx9u/G6ufOn8dw3Z7fof7EpNFoKhF2qH6o7ed6Wf+eEKdu9/+ 5y8K7i8xcKcmzE/6cBf//6P7+G9/Vvwc8B+Z2wcIewIB2CMosCDCgQUNJjTI8GBDiBIRMnyoMKFE ghUnOtx40CFGixQ3eoQI8qFIjR41msxIsqVImDIVouR4MWPIiTBL3ozY8eNCoEBfXmQ5lCfGiDaD 0myJM6nRojSJ9oRaVSfWrFq3cu26FQDYsFEpPpWaVGjMoVpB2kxrtifbsWrRnpVaE+fdsRZr8l1r da9TpzHlZtVb/9YnXKtzhc5syjhxXaWOr7KdrNTw3ceVvXLu7PnzY7JowUKuLHbzQLGpB19tSHpp 5suRDYteGNZyx9t5bd8OPFJ1SuCCX59O2Tq3ztOKPyq/2Ze5atvQF9c+uxv2zujDgTc/2di6YNDi x0/8Z/48+vTpAaz/x/78e/ju0b+vbz7+/Pzy9/Pfj7+/fv7RN2B+7P13X4D22ScgfgYO2CCCBxIY oXr/QQjhg+q1FyCAFmbYoYYOJjiihggSKCKFIApYoYkpllggizGiOB+G/S34Io456rgjjz16eKF8 GC4YH1gttlgkkTKGqN+BNzJ5o4Q0TpjkfQrChyKSJ5Jo44geVv/5JJNbrtgelfxlqaKJIgLJZZJU zvjmhmku2eWEY0q5IpxEeilnj336+SegXop1ZX2DHmngmU0mWmSM7gnKaIWQVqkmgEFOSV+ikxaY 5Wn+hRXpp5PqyeinhaoJqaFxSrqphKWKKeqRjoZqYaiyEuopqXXCaiSmQtY6Za2pWokrh7KWCSiy ySqrbJTLOvvsi81COy211Vr7rLTXarvtn9ly+y24cYY7Lo7eknsuuukWqy6715rbrrLkgeaWvPXa m9y9+eq7L7/9+uYvwAF7pp3ABesEL8IJK7wwww07/DDEGho8McUVW3wxxhlrvDHHHXv8Mcghizwy ySWbfHLF9P7/GzBg46mM1csvGyxzyTTDjLJ4Nt/Mmc5LZRyxuOXOWe2efTrpo47v+plqjkpD63TT zD7NK7tQN7qj1TC2i3Nk+E7c8sCtcRUzv7EVxvXOOe/bs79sHzb2vGKjHJ12KqU21WoV0d2bdL+p xbdJvamkN+B+j5R33oNDd5J3lCGeE29+Jcd3c4ETJ3jfeP3U1OWvRX4d3dstBjZZlH9euGKoR244 b8Zdvrhzj2eH9+rKUY555xmTvjlxTLX1XVR224WU5tTtRRJPcVF1+Oi/N2/2yn/9S6/wdb3uU1py 7fbcZI2DdxRdkn3fvV+e0xb43dbLFpr5voO+fPXEe4Zs0VBa/1pinh9yeSfV+vPP4ZqMNCT/zQhG rSIRpSqlwAACUGg1MhODotXACN7PRRSsE5y09kA6YY2DVCtTk/i3QQYKSYAeXNe56hcrCxorT52y FQJf1cITqvCBAwxSpwS1rgyeimmqOpMFiyaqDF5KTrRyFQaDiEBUsZCGfCqOuEwVokGRsFFuomKD XsimJGotQjlcz6rIpcIwKbGC/2NRCUdIwFdVEU/+49WwyKSlo0lwjWpM4gbJaEA8RlGJd4zjFt2I QhPqqop5BCGdjnU1ImrwjSjMmrPGiMgaARGIIozhHR3lwVW18Yl2VBX+tnQsOjpRT0Ez5SEh+D9U /tCPVyKjIv8PFcMuTlCTimRlBcM4yVfeEI5rFKQrVZkuQwkLgkdkFatGRUhE/epWPLTkDAH4q2nu ak9RMpUNg4U/YgYLmsbSFCNXuMdeJROcaepmD4UJRgeV8Es+NCcM17lKeBYRmVjaVa9ylU9y4upo zQQU2urltoAONKAGTdtBExoyoBGNocuCpEMjajSJUrSi/1Bo3DAKN41ylGcd/ShIQyrSkZK0pCat l0VTqtKVsrSlLn0pTGMq05nStKbholhB15Yy8rglp2/rWEF9itOTEvVkZPOavFAjsJwqdaDGCRnb lFowtwm1qFYtm8vsJVWAMfVsGY3exqIqN65+9apmXRvuzEf/sNWMJjeDYxxbXaIbtdIVdmV5ye08 Z7netU5zhHNrYFiSV9OEZnWGFY7q9jbXv9KOMYCNK3d617nJxu6slv1M/JZT2eC9hXmQG47xcmK2 kmR2tOEZLfwc55rQkvYwrnMJ+8Ljvr+wBjeQ20xmC8vZy/LWK5iZnvNka1uvcq86muWc+M5XmuMW t6mfrY53CAM97QE3fM3tmmiK21nlPpUwvf1osr5oRkVdsbxIvJWSxqupFoaQnSbM5Dh9qd5iSaqN 7iXvrKjYRy46iZnnReMQpXhO/e7vhQW0KYLVozbWglV86wNrd4GHl6+ULjGmpcuFh/taC5/WuOqj DnNlq13s/xqFep2FjIax+93L6k166XMs+ZK7nAgzeLh31UyI0xe83aUOOy6u7GwaQxoe+yYuEjYx h81y3bu1GMUr1mh4OXUib2oznraclTyn6CtUcTmM4txyqzJlK0lOk5JLrK8CvwlPAn+wzGDun43Q iSk1H1OKo0wwns/z5D3zmcIcq2qfAy3oQYcVqIQ+NKITXTNDK/qgeX40pCMt6Umnp9GWvjSmz0rp TXO6056maKZDLepRc/TTpj41qlN9U1KzutWuFpmqYy3rWdNaR6++Na5zretd87rXOKs1sIMtbFP7 utjGPnZ5hq3sZTO72c5+NrSjLe1pU7vaKkU2trOt7W1zu//b3v42uMONNmuTu9zmPje6063udbO7 3e62lrjjLe9507ve9r43vvP93Xfzu9/+/jfAAy7wgRO84NXSN8ITrvCFM7zhDn+4vg0u8YknGOIW vzjGM65xklG84x7/OMhDLvKRk7zkJj85ymG68ZWzvOUufznMYy5zzqS85jbX1sxznvGb87zny9I5 0IMu9KETvehGJ7TPk650Hh296fNeOtSjLvWpU/2iTr86uKuu9a1zvete/zrYwy72sSMY62Y/O9rT rva1s73tbuc12eMu97nTfdNvv3ur6673vfO97xbFO+BF7ffBE77whj884kEe+MVvfBOO94zjN1HU yD9+K5H/l9flT5Z5nG3eK52P+ec/Tx7R24Pymyc9aFB/ENXvS/Wnr/x4WJ+vzMt+9bDXiulrzxXK Q4T2j9d972+PFdLz3vaS3/3tgW/p0At/9M0vfeV9f/x6yV75mH++QF4/ffFYP/bRx/5EdK/97X/G 9MbP/u/BP3z1o5/87Ye9+JPPft4iK/LpsT+08H9/x5/H/vq36f/t3yb0H/8pSwCGywGWSAKqRwAu 4I6YHgEOoAD6iQM+IOVFII/gXwV2GvcJ3/iRX+4Fn/mFH/ylXwhC3/FJn/YZXwlO3wnmnvqNIAqK HgzWoAiCnw2y4Pa94Am23wyqYAt2BQ2aYPwVn/Sh4Azq/6AI6qALPh8Put/6paD8Fd/7faAU9uAP nh8Scp4Hfp/kvZ4WHiEJNuEXiuET+uAW+h4aBqERYt/lrWAUsuAammAUXqEPmiERbmEayl8Yzp8e nh8VIl8ZzmEZFiIgBiH09SEUvqEdCqEX2p4izuEhPiISAmH3ZUwNMiIZ6oQmaqFErCAcnuEY/qEn LiEcfiIiuh4iVuIqLuEdsmHzhSIlcuIs4l4s0iFndOIR9qAsLmItTiIp2iL6ZUUnoiEqGuIrbuIP QiHJMB8y6iEMQqMTUmIvWqIpTiMZ8t4puuIeMqM0buI2emIxsiIV9qIxVuEvxuExBqMtSmE3ZqE4 zmI0sv+jGiofFi7jM1phPuJiN14iJnZhIYriOBIfL65iIM7jOLriLrZiPDYiLSojOd6jMQ6kF2pj KtYiHnojNwJjLlbkI8rgNxKiSI7iMnbkQX7kRdohKKakP2KMM9IjLELkRjakHI6hSmJjSIbjRKYj TSajI4IjQ1qkMophSLIjSQbfOQqiEkakQaLkUOJkFXbGSQIlVXIkOTakRorMSxJkVSalVxZlEj6k T47iSspkT6oiRCYkMcZkKY7lO4IlUbbjOhqlOsKjJrbhU+6jQ3IjSAriDrKlW1KkXtYk17ykNPZj MvqiYvbkSOLhWAplW1olWp5lCYqlSGbkW2amCu7kLWb/Y2Ry5Q36JF7mZEV+ZeeVYwyeZmlGJGKa o2r64ccYZkmiYwsGYmTCJUCeogxaIj+i5RS2427Wphs25WvyJl8K5QjqJD6CYGda5vs9JhAqJEJC 5XN+JVIeY3AmZzTqpm0m4ra15K6Bp0kmnHjeW3nm2nlaHmxyG0+G1KZt4LvB57LIp7/lXp4xHn4m WuLtJ3/2p3/+J4DOWn4O6KAFqIF+GoEmqIIuKIM2qIOizIFGqN09KIVWqIVeKIZmaFZIKIdGmoZ+ KIiGKLZ1KInimYieKISWqIquKIu2qIu+KIzGqIzOKI3WqI3e6IuiqI5yHI72KLzsKJAGqZAKmo8W qZEePymSJqmSLimTNqmTPmnhDamUTimVVqmVvhqUZilAXSmX8ouWfimYhim0dCmZlqmZfoyYpqma rimOnKmbgkZAAAA7 ------=_NextPart_000_000A_01C719F4.73DE6DA0-- From owner-namedroppers@ops.ietf.org Thu Dec 07 12:30:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsN4b-00027L-R4; Thu, 07 Dec 2006 12:30:17 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsN4a-0005w0-Ar; Thu, 07 Dec 2006 12:30:17 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsMuG-0001cD-IY for namedroppers-data@psg.com; Thu, 07 Dec 2006 17:19:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsMu5-0001bK-Fx for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 17:19:31 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kB7HJAr5031301; Thu, 7 Dec 2006 09:19:10 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 7 Dec 2006 09:19:09 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: SO vs DNSSEC Date: Thu, 7 Dec 2006 09:19:00 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37E7ED40@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: SO vs DNSSEC Thread-Index: AccZdqz6EYwSG0qlSMSTBWy6nvX2FwAqK77g From: "Hallam-Baker, Phillip" To: "Olaf M. Kolkman" , "IETF DNSEXT WG" X-OriginalArrivalTime: 07 Dec 2006 17:19:09.0927 (UTC) FILETIME=[CED01770:01C71A23] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe Lets look at this in pure security terms. The purpose of a security scheme is to manage risk, what are the risks to be managed here? One of the reasons this group has taken so long is that the risks were never grounded in concrete use/abuse cases and so feature triage was never performed. From the risk management point of view there are some abuse cases where the ability to insert records has absolutely no negative effect whatsoever and others where the abuse cases are very important. There are two parts to look at here, zone signer and the zone verifier If we are looking at core DNS zone insertion is not meaningful since anyone can obtain any domain they chose for the sum of $10 or less or zero if they use a stolen card. An insertion attack is not a threat unless and until measures are deployed that makes it harder to register lookalike or cousin domains. For core DNS deployment of NSEC3 is acceptable, deployment of the original NXT is unacceptable and SO would probably be acceptable - albeit now the work is mostly done for NSEC3. For deployment at the network level record insertion is potentially a major issue, particularly if the motive for deploying DNSSEC is to enable secure deploment of DNS driven policy based security to address deperimeterization such as I will be proposing in a few days. The complexity of generating the link records is not a major concern. From the zone verifier point of view the SO draft does not change anything whatsoever. The decision to verify NSEC records of any type has to be driven by the security needs of the application, not the standard. A signature verifier can always decide to ignore the NSEC records just as an application can always decide to ignore DNSSEC altogether.=20 The decision an application makes is driven by its security needs and the decision it is going to take. For example if we have a device that has the logic 'if there is a security chain and everything is OK then do X, otherwise do nothing at all' there is no point in implementing NSEC verification since there is no alternative action the device can take. Clearly DoS is a potential problem in such a situation and has to be handled somewhere but the device that has no access to reliable DNS is not going to be able to do that. So looking through the cases I don't see that considering SO is necessary. Verifiers always have the option to do SO if they chose. SO does not seem to meet the signer needs that are not already met by NSEC3. The only real advantage I see to putting SO on the table would be to remind people of the fact that any improvement on existing DNS security is better than we are now. Crypto-perfectionism does not lead to successful deployment. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 07 14:57:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsPNU-0005kg-CE; Thu, 07 Dec 2006 14:57:56 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsPNS-0002u0-Nk; Thu, 07 Dec 2006 14:57:56 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsPEK-0001K2-IB for namedroppers-data@psg.com; Thu, 07 Dec 2006 19:48:28 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsPEB-0001FK-TC for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 19:48:22 +0000 Received: from Puki.ogud.com (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kB7JjMtO066061 for ; Thu, 7 Dec 2006 14:45:22 -0500 (EST) (envelope-from ogud@ogud.com) Message-Id: <7.0.1.0.2.20061207144200.063648c8@ogud.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Thu, 07 Dec 2006 14:47:45 -0500 To: namedroppers@ops.ietf.org From: =?iso-8859-1?Q?=D3lafur?= =?iso-8859-1?Q?_Gu=F0mundsson?= /DNSEXT co-chair Subject: DNSEXT IETF-67 meeting minutes Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e1924de3f9fb68e58c31920136007eb1 Sorry for the late posting. DNSEXT @ IETF-67 Date: Tuesday November 7'th Time: 15:20 - 17:20 Location: Harbor Island II Chairs: Olafur Gudmundsson Olaf Kolkman Minute taker: Michael Richardson Jabber Scribe: George Michaelson Jabber Log: http://www3.ietf.org/meetings/ietf-logs/dnsext/2006-11-07.html The minutes of IETF-66 meeting where approved. Note: This set of minutes will not repeat what is in presentations, unless it is related to milestones or working group actions. Links to presentations are provided. Document status: RFCs Published since last IETF-66 RFC4471 Derivation of DNS Name Predecessor and Successor RFC4592 Wildcard Clarify RFC4635 HMAC SHA TSIG algorithm Identifiers RFC4701 DHCID Documents advanced: MDNS Informational RFC-editor NSID Standards track IESG Discuss state DNSSEC-experiments Experimental IESG Discuss state OPT-In Experimental IESG Discuss state Deferred: Use of RSA/SHA-256 DNSKEY and RRSIG Resource Records in DNSSEC Last call completed: DSA Keying Standards track Proto Summary needed Diffie-Helman Keying Standards track Proto Summary needed Key Rollover Requirements Informational Proto Summary needed Key Rollover Timers Standards track Proto Summary needed RFC2929bis BCP Summary needed DNSSEC Transition Mechanisms Informational Summary needed Agenda bashing: Sam Weiler: Q: Is 2929bis on the agenda later? suggests that we remove the template from the document. Chairs will take taking the suggestion under advisement DNAME presentation. Wouter Wijngaards http://www3.ietf.org/proceedings/06nov/slides/dnsext-1.pdf http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-rfc2672bis-dname/ version 00 covered. The document is chartered by the working group to update RFC2672 and address any issues that people have with the original specification based on implementation or operational experience, as well as better understanding of DNS and aliasing in general. The editors have started an issues tracker and are looking for feedback on the issues. (see presentations for list of issues). Discussion. Q: Rather than increase the TTL, could we drop the CNAME synthesis? A: added to list of issues. Q: signaling the end to end issue. do not do versioning, 2672 is broken. Q: back when DNAME was designed, the intent of the versioning was to be able to remove the CNAME. To do that, it means that caches have to be able to synthesize CNAMEs. Q: the CNAME has compression in it. how many bytes are saved by dropping the CNAME? A (depends upon the name) (the query is there, and the answer will likely have it..) Q: On the topic of delegation tool. Never seen it as a delegation tool. A: IP6.int. --> NSEC3 update: David Blacka. http://www3.ietf.org/proceedings/06nov/slides/dnsext-2.pdf http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-nsec3/ version 08 discussed. Various issues updated since last version based on feedback from Workshop in Sept. CHAIR: this document will be LC after the next revision. I: NSEC3 + DNAME must be recommended against. Chair: Mark Andrews to provide text and open issue on this. Sam Weiler. dnssec-bis-updates. http://www3.ietf.org/proceedings/06nov/slides/dnsext-6.pdf http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-dnssec-bis-updates/ version 04 Stable for a while. Some minor issues need addressing, send editors any issues discovered or not clear in RFC435x documents. WG: Keep document alive for one more year at least before issuing as RFC BCP on resolvers: Olafur for Bert Hubert http://www3.ietf.org/proceedings/06nov/slides/dnsext-5.pdf http://tools.ietf.org/html/draft-hubert-dns-anti-spoofing-00 Peter: sourcing of port-53 in advised... may be good for implementors, but may not be BCP for operators yet. Ed: Should this become a WG item? Why bother expanding it's scope? A: keep it lean and mean. This sounds like observations about what would be a good idea to do in DNS. Does this need collaboration? HOW MANY READ? half the group. HOW MANY WOULD ADVANCE: nobody. HOW MANY WOULD WORK: 6 persons. Mohsen: this is more of an operational issue than protocol implementations and so it should go to DNSOP. Chairs; Will make formal announcement of adoption on the mailing list. GSS-TSIG. Rob Austein. http://tools.ietf.org/wg/dnsext/draft-austein-dnsext-relax-gratuitous-tsig-01.txt TSIG-- very simple. GSS (kerberos/etc.) -- could be used. While implementing ISC discovered that the implementations did not conform with document, this draft is about bringing documentation in line with implementations. Willing work on document: Wouter. Walter. Josh. Sam Weiler. Jerry Wilson. Chairs: Will make formal announcement of adoption on the mailing list. Eastlake. DNS cookies. http://www3.ietf.org/proceedings/06nov/slides/dnsext-0/sld1.htm http://www.ietf.org/internet-drafts/draft-eastlake-dnsext-cookies-01.txt Rob: 20 years too late. Peter: does this say that we do not believe in DNSSEC? (a perception, even if that's not the case) Donald: this is a weak version of TSIG. How many READ: 10 persons. Signature Only DNSSEC: Mike St.Johns. http://www3.ietf.org/proceedings/06nov/slides/dnsext-3.pdf http://www.ietf.org/internet-drafts/draft-stjohns-dnssec-sigonly-00.txt - why I went down this path. - the details of the document. HOW MANY HAVE SEEN THIS: 20-30 HOW MANY WERE INTERESTED: 4-5... negative: some as well. Johan: what if the DS is just removed? A: show me an application that cares about bogus vs unsecured vs unknown. Rob: gives example of MX vs A that requires PNE. (much discussion about this, and intermediate validation) Rob: intrigued by the off-tree stuff. suggests splitting the draft. Ed: doesn't understand why PNE conflicts with off-tree signatures thinks that off-tree was removed because the code was hard. We needed a policy language to do off-tree. Sam: PNE requires intermediate validation? A: No. Intermediate validation requires PNE. Discussion about unvalidated data. Wes: insecure/unvalidated distinguish. My applications would do something different. And with PNE, I have to encode the list of valid zones. Firefox does this. Peter: will this work for a PNE subtree of a SO zone? A: yes, but the PNE resolver will see the PNE subtree as insecure. Rob: thinks this may be interesting, but may take as long as anything else. Olafur: what do you want the WG to say? MikeStJohns: I want them to think about it. Good points here. Olafur: This is the 6 or so time this issue has been brought up, have we answered it wrong in the past ? Olaf: wants closure on this before the next IETF. Wes: a lot of people have given this a lot of thought... why not ask the room now? Olaf: we asked about this before, and got some feedback. We need to look deeper before we ask again. Informed consent is needed. Mundy: the conclusion that we need provable non-existence was that we need PNE. It wasn't a question about whether or not we were done. Meeting ended -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 07 17:26:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsRhO-00027R-HL; Thu, 07 Dec 2006 17:26:38 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsRhL-0000wZ-JR; Thu, 07 Dec 2006 17:26:38 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRbT-00016H-Iz for namedroppers-data@psg.com; Thu, 07 Dec 2006 22:20:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [171.68.10.86] (helo=sj-iport-4.cisco.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRbG-00014c-A4 for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 22:20:25 +0000 Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by sj-iport-4.cisco.com with ESMTP; 07 Dec 2006 14:20:17 -0800 Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id kB7MKFoO001437; Thu, 7 Dec 2006 17:20:15 -0500 Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id kB7MKEDM026486; Thu, 7 Dec 2006 17:20:15 -0500 (EST) Received: from xmb-rtp-211.amer.cisco.com ([64.102.31.118]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 7 Dec 2006 17:20:14 -0500 Received: from 10.86.240.30 ([10.86.240.30]) by xmb-rtp-211.amer.cisco.com ([64.102.31.118]) with Microsoft Exchange Server HTTP-DAV ; Thu, 7 Dec 2006 22:20:14 +0000 User-Agent: Microsoft-Entourage/11.2.5.060620 Date: Thu, 07 Dec 2006 17:20:52 -0500 Subject: Re: DNSSEC - Signature Only vs the MX/A issue. From: Ralph Droms To: bert hubert CC: Paul Vixie , Message-ID: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AccaTfR9MzovWoZBEduPigARJOT6eg== In-Reply-To: <20061203145317.GA4757@outpost.ds9a.nl> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 07 Dec 2006 22:20:14.0395 (UTC) FILETIME=[DE1328B0:01C71A4D] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2809; t=1165530015; x=1166394015; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20 |Subject:=20Re=3A=20DNSSEC=20-=20Signature=20Only=20vs=20the=20MX/A=20iss ue. |Sender:=20 |To:=20bert=20hubert=20; bh=OJiG2TXVLVq9L9xdSSPoa1AKkVlrEz7Q7lU3+IrWP5s=; b=UdkjnSvwpExGFVOpjB29ykN/tTXGSMJtqW0m9ZnV9BhoJUjq5K8KL8v7fysFu4l+YAP8wQdL xPPFyRckOyo7psAA0zd22GbJsNOZNVjbnWpndLPWOlaXNw7buU7TtnS4; Authentication-Results: rtp-dkim-2; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; ); Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da Have these spoofing attacks been recorded somewhere that can be referenced, e.g. US-CERT? Can you say more about how those attacks could have been mitigated without DNSSEC? Have there been attacks that could only be mitigated with DNSSEC? Of course, a spoofing-phishing attack turns into a DoS attack if the host discards the bogus DNS info but never gets the DNSSEC validated info. - Ralph On 12/3/06 9:53 AM, "bert hubert" wrote: > On Sun, Dec 03, 2006 at 08:10:57AM -0500, Ralph Droms wrote: > >> that can be mitigated by DNSSEC are not in the public consciousness like >> spam or malware or phishing attacks. Do we have documented evidence of >> specific successful attacks that can be mitigated by DNSSEC? > > Yes, there have been succesful spoofing attacks, whereby end-users end up on > a different website from the one they thought they were visiting. These > attacks could have been prevented without DNSSEC however, and any website > that is truly important uses SSL, which would flag the misdirection (which > would then be ignored). > > Such spoofing has actually happened a number of times, but hasn't really hit > the news. > > It is also easy to do, to quote from > http://www.ietf.org/internet-drafts/draft-hubert-dns-anti-spoofing-00.txt > > The calculations above indicate the relative ease with which DNS data can > be spoofed. For example, using the formula derived earlier on a domain > with a 3600 second TTL, an attacker sending 7000 fake answer packets/s (a > rate of 4.5Mb/s), stands a 10% chance of spoofing a record in the first > 24 hours, which rises to 50% after a week. > > For a domain with a TTL of 60 seconds, the 10% level is hit after 24 > minutes, 50% after less than 3 hours, 90% after around 9 hours. > > I've written some tools that perform this action, when you manage to > saturate the bonafide authoritative servers, success is achieved within > seconds. Partial saturation means somewhat longer time is needed. The > calculations above are for the non-saturated case. > >> What is the direct, immediate RoI for the resources I have to commit to >> providing DNSSEC resolution for names in my zone? My external contacts >> ("customers") may benefit from mitigation of attacks, but that's an indirect >> benefit. > > They might conceivably worry more over the (inherent) higher reliability > problems of DNSSEC: there are far more failure modes. This is not DNSSECs > fault, it is inherent in any protocol that gets encryption added to it. > > This is why I favor (immediate) ameliorization measures, as outlined in my > draft, which are easy to implement. > > However, recapping, there IS a problem that needs to be solved. > > Bert -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 07 17:34:47 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsRpH-0006KK-OM; Thu, 07 Dec 2006 17:34:47 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsRpG-0002NK-A4; Thu, 07 Dec 2006 17:34:47 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRmn-0002tf-Up for namedroppers-data@psg.com; Thu, 07 Dec 2006 22:32:13 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [171.68.10.87] (helo=sj-iport-5.cisco.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRme-0002nJ-8H for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 22:32:08 +0000 Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by sj-iport-5.cisco.com with ESMTP; 07 Dec 2006 14:32:03 -0800 Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id kB7MW2fl000300; Thu, 7 Dec 2006 17:32:02 -0500 Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id kB7MW2YJ010429; Thu, 7 Dec 2006 17:32:02 -0500 (EST) Received: from xmb-rtp-211.amer.cisco.com ([64.102.31.118]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 7 Dec 2006 17:32:02 -0500 Received: from 10.86.240.30 ([10.86.240.30]) by xmb-rtp-211.amer.cisco.com ([64.102.31.118]) with Microsoft Exchange Server HTTP-DAV ; Thu, 7 Dec 2006 22:32:01 +0000 User-Agent: Microsoft-Entourage/11.2.5.060620 Date: Thu, 07 Dec 2006 17:32:39 -0500 Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) From: Ralph Droms To: CC: Message-ID: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccaT5nk2KJMnYZCEduPigARJOT6eg== In-Reply-To: <4573FC2F.7080306@isc.org> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 07 Dec 2006 22:32:02.0275 (UTC) FILETIME=[84011330:01C71A4F] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2117; t=1165530722; x=1166394722; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20 |Subject:=20Re=3A=20Pimping=20DNSSEC=20(was=20Re=3A=20DNSSEC=20-=20Signat ure=20Only=20vs=20the=20MX/A=0A=20issue.) |Sender:=20 |To:=20; bh=rGSz6AYHs787sTx30+DNuqsMvi7IHGGUrzAxeShYKdE=; b=dQA4KW3meoI6k6oSRHmtB7ukYh7CKl1YVD5WGBith8q8lqTX0/FFyjanA5eG3BhEbYiffqvp Zr0wm8qJtVMV+fIQumH1/6ERL+aaIa7vEaBh/3rjwB8cMJq+0h8Mbewh; Authentication-Results: rtp-dkim-1; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; ); Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab I think the root and the TLD is just one blocking factor. Then, there's the DNSSEC-aware recursive servers, the DNSSEC-aware host resolvers, signing all those organization zones, and the fundamental "what's my ROI" question. I have this vision of a jigsaw puzzle with about 6 or 8 pieces, that we have to drop from a couple of feet off the ground and have all the pieces land in place, interlocked, all at once to make DNSSEC fly... The immediate RoI isn't directly like locking your door, because you don't have the risk of anything being stolen *directly* from you if you don't apply DNSSEC to your zones. It's more indirect - somebody else trying to access your website won't be robbed through a phishing attack if you put a lock on your door. - Ralph On 12/4/06 5:45 AM, "Shane Kerr" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > [ Apologies for a mostly non-technical mail that says what everybody already > knows. ] > > Ralph Droms wrote: >> What is the direct, immediate RoI for the resources I have to commit to >> providing DNSSEC resolution for names in my zone? My external contacts >> ("customers") may benefit from mitigation of attacks, but that's an indirect >> benefit. > > Isn't this always the case with security though? What is the direct, immediate > RoI for putting a lock on your door? > > I think the reason things like DNS and routing security don't get much > traction > is because there is much lower hanging fruit for attackers. If the end points > of > the Internet weren't so insecure, then things would be different. > > If DNSSEC stabilizes after NSEC3, then DNSSEC could slowly become part of the > BCP for network operators. The blocking factor here is the TLD (and the root), > which has little or nothing to do with RoI. > > - -- > Shane > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFc/wuMsfZxBO4kbQRAknGAKCno1hfO/JrNoyhsk+9rkEx94BMRwCginCo > VWL6Q40W+fGBrmwth3D67ds= > =Gzje > -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 07 17:47:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsS1w-0003ie-3J; Thu, 07 Dec 2006 17:47:52 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsS1q-0004su-N3; Thu, 07 Dec 2006 17:47:52 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRyK-0004vg-Vk for namedroppers-data@psg.com; Thu, 07 Dec 2006 22:44:08 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsRyD-0004sB-Q3 for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 22:44:03 +0000 Received: from mail.nominum.com (mail.nominum.com [81.200.64.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by shell-ng.nominum.com (Postfix) with ESMTP id 361EA568DC; Thu, 7 Dec 2006 14:44:01 -0800 (PST) (envelope-from Ted.Lemon@nominum.com) Received: from [66.93.162.135] ([66.93.162.135]) (authenticated user mellon@nominum.com) by mail.nominum.com (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits)); Thu, 7 Dec 2006 14:43:59 -0800 Message-ID: <45789929.9070501@nominum.com> Date: Thu, 07 Dec 2006 15:43:53 -0700 From: Ted Lemon User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Ralph Droms CC: shane_kerr@isc.org, namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 Ralph Droms wrote: > The immediate RoI isn't directly like locking your door, because you don't > have the risk of anything being stolen *directly* from you if you don't > apply DNSSEC to your zones. It's more indirect - somebody else trying to > access your website won't be robbed through a phishing attack if you put a > lock on your door. It depends on how much your reputation is worth. I was having dinner with a guy the other day whose site had been hacked using a SQL injection attack which resulted in customers' information being acquired and misused. He certainly didn't think that this was his customer's problem - indeed, his e-commerce site has been offline for three months now because they're so worried about the possibility of compromising their customer info again. DNSSEC doesn't solve this problem at all, but the point is that companies who don't have a monopoly, which is most companies, really do care whether their customers' transactions are safe. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From aplekker@aciheart.com Thu Dec 07 17:54:23 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsS8F-00067F-UE; Thu, 07 Dec 2006 17:54:23 -0500 Received: from dynamic-acs-24-154-129-244.zoominternet.net ([24.154.129.244] helo=jeaniescomputer.zoominternet.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsS89-0005u6-QJ; Thu, 07 Dec 2006 17:54:23 -0500 Received: from 72.22.69.165 (HELO mail.aciheart.com) by lists.ietf.org with esmtp (*FP).B0/A*W A,H08) id >68384-7.1*;K-50 for dnsext-archive@lists.ietf.org; Thu, 7 Dec 2006 23:04:17 +0300 Date: Thu, 7 Dec 2006 23:04:17 +0300 From: "Stacy Staples" X-Mailer: The Bat! (v2.12.00) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <059101261.29372037981990@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Microsoft Office 2007 Enterprise ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Spam: Not detected X-Spam-Score: 1.7 (+) X-Scan-Signature: 7aefe408d50e9c7c47615841cb314bed Office 2007 is available for enterprise users from November 30, 2006. The end user version will be available in the beginning of 2007. The 2007 Microsoft Office System, also known as Microsoft Office 2007, is the most recent version of Microsoft's productivity suite. Formerly known as Office 12 in the initial stages of its beta cycle, it is scheduled to be made available to volume license customers on November 30, 2006, with general availability following in early 2007. Office 2007 contains a number of new features, the most notable of which is the entirely new graphical user interface called the Ribbon, replacing the menus and toolbars that have been the cornerstone of Office since its inception.Office 2007 also includes new applications and server-side tools. Chief amongst these is Groove, a collaboration and communication suite for smaller businesses which was originally developed by Groove Networks before being acquired by Microsoft in 2005. Also included is Office Sharepoint Server 2007, a major revision to the server platform for Office applications, which supports "Excel Services", a client-server architecture for supporting Excel workbooks that are shared in real time between multiple machines, and are also viewable and editable through a web page.While Office 2007 includes many new features, one has been removed entirely: Microsoft FrontPage is no longer being developed; its successor is the Microsoft Expression line of products. Microsoft Office 2007 Enterprise Retail Price $899.00 Our Price $79.95 You save $819.05 http://topcellnetwork.net Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Thu Dec 07 18:29:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GsSgf-0003yg-OW; Thu, 07 Dec 2006 18:29:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsSge-0003DL-AU; Thu, 07 Dec 2006 18:29:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsSaB-000BQz-Nr for namedroppers-data@psg.com; Thu, 07 Dec 2006 23:23:15 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [171.68.10.87] (helo=sj-iport-5.cisco.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsSZr-000BKK-AG for namedroppers@ops.ietf.org; Thu, 07 Dec 2006 23:23:01 +0000 Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by sj-iport-5.cisco.com with ESMTP; 07 Dec 2006 15:22:54 -0800 Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id kB7NMrVQ015101; Thu, 7 Dec 2006 18:22:53 -0500 Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id kB7NMrYJ021109; Thu, 7 Dec 2006 18:22:53 -0500 (EST) Received: from xmb-rtp-211.amer.cisco.com ([64.102.31.118]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 7 Dec 2006 18:22:52 -0500 Received: from 10.86.240.30 ([10.86.240.30]) by xmb-rtp-211.amer.cisco.com ([64.102.31.118]) with Microsoft Exchange Server HTTP-DAV ; Thu, 7 Dec 2006 23:22:52 +0000 User-Agent: Microsoft-Entourage/11.2.5.060620 Date: Thu, 07 Dec 2006 18:23:31 -0500 Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) From: Ralph Droms To: Ted Lemon CC: , Message-ID: Thread-Topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) Thread-Index: AccaVrUH87KulYZJEduPigARJOT6eg== In-Reply-To: <45789929.9070501@nominum.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 07 Dec 2006 23:22:52.0982 (UTC) FILETIME=[9E5E0560:01C71A56] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1291; t=1165533773; x=1166397773; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20 |Subject:=20Re=3A=20Pimping=20DNSSEC=20(was=20Re=3A=20DNSSEC=20-=20Signat ure=20Only=20vs=20the=20MX/A=0A=20issue.) |Sender:=20 |To:=20Ted=20Lemon=20; bh=kKRdDunBkbQ78eg8QCWaZFY6i17KkTQz/eudR41iWaM=; b=YfYeTyv/yFxnD27T9N++B4N6tu4ya8p5eJ4TwSOhwcH2eWRE2baUxxPzcWXJ0KBIZwUCdmbA gudgg+rmqEI/4W24oTPo3XesDXSV3SYmLqr2x2DZEf0g9oPAddP+OPDm; Authentication-Results: rtp-dkim-1; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; ); Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 Ted - I agree 100% that there are risks for loss of reputation, recovery from customer losses due to fraud, etc. Perhaps those assets are as tangible as direct theft of cash... - Ralph On 12/7/06 5:43 PM, "Ted Lemon" wrote: > Ralph Droms wrote: >> The immediate RoI isn't directly like locking your door, because you don't >> have the risk of anything being stolen *directly* from you if you don't >> apply DNSSEC to your zones. It's more indirect - somebody else trying to >> access your website won't be robbed through a phishing attack if you put a >> lock on your door. > > It depends on how much your reputation is worth. I was having dinner > with a guy the other day whose site had been hacked using a SQL > injection attack which resulted in customers' information being acquired > and misused. He certainly didn't think that this was his customer's > problem - indeed, his e-commerce site has been offline for three months > now because they're so worried about the possibility of compromising > their customer info again. DNSSEC doesn't solve this problem at all, > but the point is that companies who don't have a monopoly, which is most > companies, really do care whether their customers' transactions are safe. > -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 08 15:59:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gsmoj-000427-3N; Fri, 08 Dec 2006 15:59:37 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GsmoU-00026F-VL; Fri, 08 Dec 2006 15:59:37 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsmfY-0003L3-NU for namedroppers-data@psg.com; Fri, 08 Dec 2006 20:50:08 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,MIME_BOUND_NEXTPART,NO_REAL_NAME autolearn=no version=3.1.7 Received: from [156.154.24.138] (helo=ns3.neustar.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GsmfT-0003JU-OI for namedroppers@ops.ietf.org; Fri, 08 Dec 2006 20:50:05 +0000 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns3.neustar.com (Postfix) with ESMTP id 8951B1763A; Fri, 8 Dec 2006 20:50:02 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1GsmfS-0002zv-38; Fri, 08 Dec 2006 15:50:02 -0500 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org Cc: namedroppers@ops.ietf.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnsext-2929bis-04.txt Message-Id: Date: Fri, 08 Dec 2006 15:50:02 -0500 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.3 (/) X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Domain Name System (DNS) IANA Considerations Author(s) : D. Eastlake 3rd Filename : draft-ietf-dnsext-2929bis-04.txt Pages : 19 Date : 2006-12-8 Internet Assigned Number Authority (IANA) parameter assignment considerations are specified for the allocation of Domain Name System (DNS) resource record types, CLASSes, operation codes, error codes, DNS protocol message header bits, and AFSDB resource record subtypes. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-2929bis-04.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnsext-2929bis-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-dnsext-2929bis-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-12-8131127.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnsext-2929bis-04.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnsext-2929bis-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-12-8131127.I-D@ietf.org> --OtherAccess-- --NextPart-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From sgasser.com@verkaufsladen.com Sun Dec 10 00:53:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtHcm-0007W2-Q3 for dnsext-archive@ietf.org; Sun, 10 Dec 2006 00:53:20 -0500 Received: from dslb-088-073-061-066.pools.arcor-ip.net ([88.73.61.66] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GtHci-00029E-FL for dnsext-archive@ietf.org; Sun, 10 Dec 2006 00:53:20 -0500 Message-ID: <000001c71c1f$707aac00$0100007f@localhost> From: "Ramon Powell" To: Subject: Why be an average guy any longer Date: Sun, 10 Dec 2006 06:53:08 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C71C1F.707AAC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.1365 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.1015 X-Spam-Score: 3.8 (+++) X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C71C1F.707AAC00 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000E_01C71C1F.707AAC00" ------=_NextPart_001_000E_01C71C1F.707AAC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit "Pen~is Growth Patch (TM)" already helped over a million men up! Potent ingredients from patch permit to assume bigger size, depper penetration, more action and super-satisfying results for both partners. Don't lose your prestige! Be first! Take advantage of price specials going on now. Please view as original HTML (or see attached picture) and find link to our site. ------=_NextPart_001_000E_01C71C1F.707AAC00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
"Pen~is Growth Patch (TM)" already helped over a million men up!
Potent ingredients from patch permit to assume bigger size, depper penetration, more action and super-satisfying results for both partners.
Don't lose your prestige! Be first!
Take advantage of price specials going on now.
------=_NextPart_001_000E_01C71C1F.707AAC00-- ------=_NextPart_000_0001_01C71C1F.707AAC00 Content-Type: image/gif; name="img86.gif" Content-Transfer-Encoding: base64 Content-ID: R0lGODlh6gFNAKIAAP///8zMzP8AAGZmZgBmzAAAZgAAAAAAACH/C05FVFNDQVBFMi4wAwEA AAAh+QQEyAAAACwAAAAA6gFNAAAD/whQ3P4wykmrvTjrzbv/YOgoZGmeaKqubOu+cCzPdL00 Q67vuej/wKBwSCxabMikcslsOl+OgSoQGBiv2Kx2y608v+CweGyLTgMAa3fNbrvfELLMYJCf 6DZ8Da+/1+0wZiQEBCQ5dAZwiouMjR+AJoiIJH2QlTOVlyp8f36QUA6EogCFAFRVahEKRasP rRivjhckslmxP5+UnXqacr15nSy/urktD6KEpAqnPRK3HM8Fz9ET1BTTC9a4N9LcI7TV3kDR JxraHsUAmXV9kiXuCvDxkyiS7fTq7Pj18u+8+rr+3EtnIgqVZKVIUEkVRxw0h90amoPoJRY4 W9yonTuHDv8iR2cUQaRbl2+eSXXE2p3UNLCkS3zDXHpCyWnly2AEM5IqNapElW83Vl0sGJGB 0BJGsykNqpNpN6dFj4BD2opqtqRDXxG1erFB1aVYv36VFjGr2FtonR6FuvXqU7WuipGsedKf zLqX5gajW5efX7t8Tcb8xEAKMmQmfhpN+pSxVqVeoToeW3WyWsiw3kI+ChRz2aBRxzJWxZSt TstgP48mJ46y69BLMa9tLXeXQH325rnLnY83sZR7Af5O0SsvQOODCRvumULxN9jQH4+OGznq 5OpIG6LFet3i6evVV3+XCL085+nnRcfNzv70edXirUfOZc/2Xby3J8XUCzj4iuL/ONWEHE45 LSBFAaIclIxPqRQk3YPfsYZdae+ttUFGE1onnXiSqadRhyBaFd5n7ZFmInqbudcULazRR2BJ LNnX33/+8TfcX5EEeJyOdyUXhjQEIHhYQgqp8Rp48BUlYXeXTfiRVya+V56GnnlIkZUoUpcl Nid2tmWVYGq53icA4iUTH7+plKNuK91m1yYvvgSjmzTReR8kDASJCHMMxgdhho1RGZ1sYUrp RZSeTSkUklieuOGGZEFa4XTPVVphioCGJl9Ylrx4z6f09NOPP8L1JmNf/Hj6z5mrtklQAwRI wYJzDhKl2XywXVbirX9u6gyiYVFp1nyQBkqsomdlyaE3/11pRqizy0r2FqXEFmjttdjGAKus KzhXy7fghvukCNmWa+652RXWgrfhtusuHOOGgO689OZk0Cn45svQu/z2628G9QYssBxR8GCw Dv8mrPDC1Q7s8MNIMCzxxBRrB/HFGMOQ78Ycd+zxxyCHLPLIJJds8skop6zyyiyPHPCowCHh oxJlhjHzCwfnrPPOPPfs889ABy300EQXbfTRSCfNLQz13RzDYIFhEucTNYPhdMZYZ631SFMv AXWpL6t6cctkl2322WinrfbaZgPz5py95RhjqDCVKo+acHOyDsymklr3bnb/bVuMc17tE9uI J6744ow3Xrbbw+mNH6qsutrq5f+rSu4q5TK2NBBvme9y5pp110CFAgM4rvrqrLfuOsqQT27j na0KtuObkoc+442ezA535GDfGTPvGqNRxevIJ6/88ojHbntfesNce95gZ17n88NznpvvgTVt an6Ek0TD6cczb/756KffsfO/+/4Xf927yc5NPVbPI/b4/07597oZV7/pxksdygygNgKq74At M2DaFPg69tHFfTOBn/361zf9WdB/+Yvf/+C0pt3tzwXkE+DH7BEAAjKQZPXZmAmpcEKPnXCF ZyMhywzYwpQ1DYUme2HHarg69sVtcmbqIP3aZ6fKZZBO+zDiP5AYNZXY51RHBKApROhCjvEQ ZFdkIb7/srjFfHHRhgVE2xdVmEMv7lB5PhTcgHBUQf2NqiUXHBztfKMfOUatjXdLYhylWL4R mpGGiBBZDUlowkCGTIE0ZKEhEXmKL7ZwkY1UJB20uEJJSBKRkxzZCw1ZQkh20pFm/GQiCznG tH0BjlsTYir5SMUzdhGGWsQiGSOZSE1GsoS4pOUtc+nHMzKSgYWMJSN1WcZd4hKYx8ThK5eZ SV42jmr+WSUUVzm+AB7SkpXsIhYJuUxnylKYzhxlMq/JSXDWkpK3HCY6ixnLdaKzlKIMJDJh 6c3FQfNtqeQbNWMQwkP+MZ6gDOU64TnOY8owm2N8JCTPWdBzprCTJUMmMQea/9A/clOijtun Rh/Wz2/qkqD1nGc7BclLen60nlYUqDjDWdJ2XhGeGC2oTAM60ZqClGwbzWnAOtrLkxrTldqE KEP9+cugqtOjLt2lSME50pgidanuRKlAo5rNn9pTp1g9F0+r2E1LknORk4RlM/2ZznIetaeN 5CQwPVlSQGaynGRNazO9SkqSapOu8WQdDap2yq4xQZ9W8yu6torAwhrWdTdF217FZjPBJsFw NHOsuQhrRRna8KEzvGHiMNu6piVWkJpN32LZeM8xQPaxki0XZQ/L2ta69mSpCk4eAccqUAWE QJq7bf50279o1haKAuJR6WwbxJvsTX5FVIg1X8vc5v86l2N3SFPnnggP3cVjdKQqbvRwayfC bW5625Vbm+j2XeuihH6ge9FCcvDc9rrXtTT6H/eoq0pVhi9O4vPuHiEIvQlKN27TqxwGE/Pe Ahu4sH6gbfbiuL3qSi+a9RHeBssE3gn+Yr64m59w0tvgFxz4wyBmnhA1iOEEL3HAbgzejQKM PQxfuEa+Re/1ejtHnCntxjjOsY53zOMe+1hoI7YwjPE5E97N7o793d8Dh7xgfGpQutHrHXfr m9UqW5lr//3hEu/jxJQYebpNzjDx2JTlT0nYc/cTH3aHOOMxq+/HcI6znHN8PhOb+c4qnu3g uCuqDsNJzeL1m6CR/L1pthH/iBTkLYqVi745O/rRkN5ZH5d3ZSecVqenSwPzclDpsZUsdaYw X6e9ltpKr7Z1nB61w9BgY+N9OnGqRm2sZ7Vc5aV61vVydcjYG2qSDeCzLsO1sJ9waq4GlWW3 HrZWew0yXptMCsAOmbKnrYTVvnSWLUs2tbGl62aD2teclmrLtk3uGVDWpFaNNr60Xe6cdPtj zt710kyxybHCtt34pvUUybhWsMozl179pCT1Ne++tuDSG323x+INbxRU4ajAHrYAJu6CiQsA 3+duqU0hylKnMqPgp3RBqaus8I4x3OTLYO9CzipXeEqc4i2wOMZrndSOd9PmVl2veCPM8/0E mhKB/yY0b7WMpmW3vJwn55gURPnwYxuzlC+/eMxhXm7CDhOqDT0oJjfGbtGd97xe38Q7gE72 65qdF2I/O9k1bPSjE7zkzKB3I3+t0rA63WNRrzjVyW11vG6c5U8neHTnRxOwF/4/ctvL2NVu 9npEV+2EVy2zBf72yetLHVt85D9zDl05yJwEnweAxUMveqqPfu+hJz3oYX56qa/e9a0vgcxV j4LYK8D2t6f46HO/dzBsVYdbD37gh//xwRue8GxHfNkVv/zGTw23az+85LG97m8vnKXUn2mw ybD70pve9t33fvfDT3vv8/70rz8/+Vvv+hOwX+rvf/37w+97mutQ4G6dqf+/By74SBw++clH O4v3dQTodWGXCdEHeQTIbZZnctZncuJ2bPQEdXbweePHehiYgbx3fhtYe6wne993cRcIeyGY AqQnghYYgvNXfk1QbKvDbtIXg5FXP2rEP2R2aMiRXYU2cmQAd1z3gEpHd6Dlby5XgRkIfxoo fh2Ygknofr3XgeZ3gk1YflSIelNYgmLggpcEV2YDg/PCg1jjg5WHRUJ4VZ6ne+jHhOKHhkiI grvHgqmHe7NnhW2Yfk7Yfna4hFhofllIc8jjheeiR5jWgEEohvynOJCAfqW3iPKHhIyofrn3 iHeofnHohiBYh1B4iR7YfmoIhSzIBFroOICYb4DyYIgfZ4qqk4gjSIdHyImriIeaWInpJ4WY yIcmUIWuWIuy2If7tjyjSIpygApAg4oZBQiKqIiQuIaX2Ip5OIck+Ix6mIQjmIeiF426uIf1 pwObBnLACAhDQ4zPZIyvuIxtyIrlCI0bOH92GH+UuIfsyI62uIth8GYhVo+v9Qm0OInUmIn5 aI3xqILmSIe3iIy494/oOI+i1Y0YU2cKOQOfqFGRFpESOZEUWZE905AO+YQYuZEc2ZHW8pD7 ZI8iOZKI6JFTB4uYRpIquZKPY5JVx5IwGZMm45LlZpE2eZM4mZM6RpPkppM++ZNAGZQ7wJPK lgAAIfkEBA8AAAAsQgAzAFsADwAAAzZosNz+MMpJa1U2680z7mAoTt9onl2JrmyktnD7xrQ5 13ia7+LN/xIfcNgQEonGIzCp5DGbuQQAIfkEBA8AAAAsQgAzABEAEAAAAykIutz+zUAop6uW 4ayMl98HiGPZnWgJmivWsuryVi+6ymbK5fvG+RlDAgAh+QQEDwAAACxQADQADwAPAAADIgi6 zNZwvQgndbeZ/XjsEgWCHzCKZmptoeqsGRYrVlxnRgIAIfkEBA8AAAAsXgA0ABEADwAAAyYI utxgLi4oIzW0vqlVzh7GfCPnmRNGnui6tZwqhirbofeb67mRAAAh+QQEDwAAACxtADQAEAAP AAADJQi63NaQvRifmVRNnLe7khaKJIedZIoC5nJesAu6GcTVLD7qbAIAIfkEBA8AAAAsegA0 ABEADwAAAyQIutxgLi4oI63t4mlg3x6lOd6ElcqYPWY6hh+3qlIXg9uaTwkAIfkEBA8AAAAs iQA0AA8ADwAAAyMIuszWcL0IJ3W3PcNtl54SAlwlidYpouq4leCYrTNdp5mRAAAh+QQEDwAA ACyWADQACgAPAAADHQi6a/zuNTkpMNhFpa/nXgd2G/ldWQpam9RC1pUAACH5BAQPAAAALJ8A NAABAA8AAAMECLrcCQA7 ------=_NextPart_000_0001_01C71C1F.707AAC00-- From owner-namedroppers@ops.ietf.org Sun Dec 10 15:54:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtVh5-0001jX-CP; Sun, 10 Dec 2006 15:54:43 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtVh2-0006og-0c; Sun, 10 Dec 2006 15:54:43 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVYL-000ERv-30 for namedroppers-data@psg.com; Sun, 10 Dec 2006 20:45:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [131.107.115.214] (helo=smtp.microsoft.com) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVYE-000EPk-Gu for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 20:45:36 +0000 Received: from tk1-exhub-c101.redmond.corp.microsoft.com (157.56.116.111) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.0.685.24; Sun, 10 Dec 2006 12:45:33 -0800 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com (157.54.0.39) by tk1-exhub-c101.redmond.corp.microsoft.com (157.56.116.111) with Microsoft SMTP Server id 8.0.685.24; Sun, 10 Dec 2006 12:45:33 -0800 Received: from WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.24]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.2825); Sun, 10 Dec 2006 12:45:30 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Sun, 10 Dec 2006 12:45:27 -0800 Message-ID: <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AccaTfR9MzovWoZBEduPigARJOT6egCTLlUQ References: <20061203145317.GA4757@outpost.ds9a.nl> From: Christian Huitema To: Ralph Droms , bert hubert CC: Paul Vixie , X-OriginalArrivalTime: 10 Dec 2006 20:45:30.0965 (UTC) FILETIME=[21B9D050:01C71C9C] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 97adf591118a232206bdb5a27b217034 > Of course, a spoofing-phishing attack turns into a DoS attack if the > host > discards the bogus DNS info but never gets the DNSSEC validated info. Actually, if you look at market motivation, there is a case to be made for focusing on DOS attacks. Suppose someone is trying to secure a transaction with "www.example.com". In practice, they will use some form of end-to-end security, TLS or SSL, as in "https://www.example.com". The end to end security should provide a proof that they are communicating with the real "www.example.com". In these conditions, what is the point of securing the DNS look-up? The end-to-end verification of the certificate will validate it. Certificates allow for third party signature, and thus are somewhat easier to deploy than a strict hierarchical scheme. The verification will not implicitly validate the mapping of name to address. It will also protect against routing attacks that might divert the traffic to a bogus site, an attack not addressed by securing the DNS look-up. End-to-end security mitigates a spoofing attack and reduces it to a denial of service attack. If the name to address mapping was wrong, or unavailable, or if the routing was bogus, the secure transaction will simply not happen. The focus of DNS security should thus be a protection against DOS attacks, i.e. ensure that if a record exists, it will be found. -- Christian Huitema -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:06:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtVsB-00062K-Qf; Sun, 10 Dec 2006 16:06:11 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtVs5-0001HK-3o; Sun, 10 Dec 2006 16:06:11 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVnj-000GI1-0s for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:01:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVnY-000GH1-HC for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:01:29 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GtVnZ-0007Je-KQ; Sun, 10 Dec 2006 22:01:25 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 23BA24056; Sun, 10 Dec 2006 22:01:19 +0100 (CET) Date: Sun, 10 Dec 2006 22:01:18 +0100 From: bert hubert To: Christian Huitema Cc: Ralph Droms , Paul Vixie , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061210210118.GA14479@outpost.ds9a.nl> References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 On Sun, Dec 10, 2006 at 12:45:27PM -0800, Christian Huitema wrote: > In these conditions, what is the point of securing the DNS look-up? The > end-to-end verification of the certificate will validate it. Exactly. This is also the reason why we don't have an "ARPSEC" protocol. Or perhaps we do, but is about as exciting as DNSSEC. I wrote about this on http://ds9a.nl/secure-dns.html . Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:09:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtVv0-0007N9-Fx; Sun, 10 Dec 2006 16:09:06 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtVux-0001lz-0e; Sun, 10 Dec 2006 16:09:06 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVrs-000GxZ-2g for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:05:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [195.54.233.68] (helo=shaun.rfc1035.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVro-000Gwx-KM for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:05:50 +0000 Received: from [200.160.9.55] (account jim [200.160.9.55] verified) by shaun.rfc1035.com (CommuniGate Pro SMTP 5.0.9) with ESMTPSA id 122658; Sun, 10 Dec 2006 21:05:16 +0000 In-Reply-To: <87ejrcviqx.fsf@mid.deneb.enyo.de> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <87ejrcviqx.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> Cc: Edward Lewis , namedroppers@ops.ietf.org Content-Transfer-Encoding: 7bit From: Jim Reid Subject: Re: brain cycles of the WG Date: Sun, 10 Dec 2006 21:05:13 +0000 To: Florian Weimer X-Mailer: Apple Mail (2.752.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 On Dec 6, 2006, at 21:04, Florian Weimer wrote: > The main reason, IMHO, is that a potential successor (which has to be > decoupled from the current DNS to offset itself from its security > issues) would hardly inherent most of the legal privileges DNS enjoys. Perhaps. Though I'm not sure DNS has any legal privileges. DNSv2 would surely be doomed by all the layer-9 goop it would attract. Governments, regulators, lawyers, industry groups and all sorts of non-technical organisations would have a feeding frenzy about who got to control the root, where the servers get placed, who gets runs them and how they are policed, etc, etc. > Nobody except a TLD registry operator can get away with such > large-scale trademark violations. This card blanche extends down the > registrar/reseller pipeline, and it's very hard to compete with > *that*. I disagree with your premise but accept the conclusion. Registrars, resellers and the intellectual property folks would scream very loudly if there was a viable replacement to the current DNS. BTW, TLD registry operators don't "get away with trademark violations". They're generally innocent third parties. Validating trademarks is hard and expensive. [I've just spent months looking at this issue with IPR professionals for a new TLD operator.] Even if an impostor registers a trade mark, there are a variety of methods for the true holder to gain control of the domain. This is now way off topic for this list, so no followups on UDRP and suchlike to namedroppers, please... -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:16:07 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtW1n-0001OA-3Q; Sun, 10 Dec 2006 16:16:07 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtW1h-00036d-Nx; Sun, 10 Dec 2006 16:16:07 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVyP-000Hf4-50 for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:12:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtVyL-000Hea-7H for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:12:35 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 4F81011425; Sun, 10 Dec 2006 21:12:31 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: Christian Huitema cc: Ralph Droms , bert hubert , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Sun, 10 Dec 2006 12:45:27 PST." <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Sun, 10 Dec 2006 21:12:31 +0000 Message-ID: <613.1165785151@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69 christian, your words echo some i heard recently from stuart cheshire: > Suppose someone is trying to secure a transaction with "www.example.com". > In practice, they will use some form of end-to-end security, TLS or SSL, as > in "https://www.example.com". The end to end security should provide a > proof that they are communicating with the real "www.example.com". there are at least two problems with this approach. one is, tls/ssl is not a lightweight device: not all of us want to use tcp for all transactions, and many of us want to be able to virtualize many domain names on a single ip address. the other is, ssl/tls depends in practice upon x.509, which is outside of "the internet" for all practical terms. the internet ought to be able to do this kind of security for itself. so, here's what i told stuart cheshire: if you believe that the web is all there is to the internet, or you believe that the approach taken for securing https/imaps/smtps is appropriate for all future applications/protocols used on the internet, then it's natural that you would think ssl/tls/x509 is all we need. i do not think that the ssl/tls/x509 model is futureproof, and so i think that we need something else, something more internet-like. to understand what i mean, consider the number of e-mail transactions which will be carried by smtp this year and this decade, compared to smtps. the insecurity does not lead to migration of mail toward the tls/ssl/x509 model; rather, it leads to e-mail reputation systems, spam filtering, and phishing attacks worth USD$100B/year. as long as we're using domain names as unique endpoint identifiers and as universal service locators, the world will suffer from any lack of security in the dns infrastructure, and in the continuing lack of confidence in end-to-end dns data. the fact that x509 is an industry which funnels a large amount of money to a small number of toplevel key repositories who are themselves chosen by web browser vendors, means that there are financial scaling problems in the x509 model that are at least as compelling as the technological scaling problems. with x509, "effective and usable security" can never become the default, it will always be a premium service with a high cost of entry, used only when other money is at stake (like when entering credit card numbers). that isn't the kind of internet or the kind of world we ought to be trying to make. paul -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:18:21 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtW3x-0002dY-SA; Sun, 10 Dec 2006 16:18:21 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtW3w-0003am-J7; Sun, 10 Dec 2006 16:18:21 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtW1e-000I0M-3q for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:15:58 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtW1V-000Hyo-MR for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:15:52 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 6AD7D11425 for ; Sun, 10 Dec 2006 21:15:49 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG In-Reply-To: Your message of "Sun, 10 Dec 2006 21:05:13 GMT." <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <87ejrcviqx.fsf@mid.deneb.enyo.de> <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Sun, 10 Dec 2006 21:15:49 +0000 Message-ID: <741.1165785349@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 > > The main reason, IMHO, is that a potential successor (which has to be > > decoupled from the current DNS to offset itself from its security > > issues) would hardly inherent most of the legal privileges DNS enjoys. > > Perhaps. Though I'm not sure DNS has any legal privileges. DNSv2 would > surely be doomed by all the layer-9 goop it would attract. we know there won't be a new namespace. ever. but in addition to adding new kinds of names (idn) and securing the data (dnssec) we have sometimes tried to improve the protocol (edns). if i were to embark on dnsv2 it would be with the hope of completely forklift-upgrading the protocol while keeping the namespace as it is. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:33:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtWIW-0007JB-Tp; Sun, 10 Dec 2006 16:33:24 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtWIS-0006bn-J7; Sun, 10 Dec 2006 16:33:24 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtWFZ-000JX9-Op for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:30:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtWFO-000JVB-Aw for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:30:16 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GtWFS-0007XG-OP; Sun, 10 Dec 2006 22:30:14 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 422A14053; Sun, 10 Dec 2006 22:30:08 +0100 (CET) Date: Sun, 10 Dec 2006 22:30:08 +0100 From: bert hubert To: Paul Vixie Cc: Christian Huitema , Ralph Droms , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061210213007.GD14479@outpost.ds9a.nl> References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <613.1165785151@sa.vix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <613.1165785151@sa.vix.com> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 On Sun, Dec 10, 2006 at 09:12:31PM +0000, Paul Vixie wrote: > so, here's what i told stuart cheshire: if you believe that the web is all > there is to the internet, or you believe that the approach taken for securing > https/imaps/smtps is appropriate for all future applications/protocols used > on the internet, then it's natural that you would think ssl/tls/x509 is all > we need. i do not think that the ssl/tls/x509 model is futureproof, and so > i think that we need something else, something more internet-like. I very much agree with this sentiment. But DNSSEC is not the answer as is only sends out authenticated small and static messages. It doesn't to whole transactions. One cannot rely on DNSSEC for the whole shebang. In theory it could be the conduit of a web of trust, perhaps that is what you mean? Which makes the vast amount of effort and brain cycles on it all the more puzzling. In the vein of your statement regarding the 'king makers' in the browser that annoint X.509 certificate vendors, perhaps there is something along those lines happening within DNS? I honestly don't know (it wouldn't seem likely), but it is unclear to me why people continue to expend so much time on such a small part of a secure internet. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 16:40:51 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtWPj-0001vQ-Ey; Sun, 10 Dec 2006 16:40:51 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtWPi-0007zV-1W; Sun, 10 Dec 2006 16:40:51 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtWN8-000KJO-Dy for namedroppers-data@psg.com; Sun, 10 Dec 2006 21:38:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [131.107.115.215] (helo=smtp.microsoft.com) by psg.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtWMw-000KIT-KX for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 21:38:04 +0000 Received: from TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.70.72) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.0.685.24; Sun, 10 Dec 2006 13:37:58 -0800 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com (157.54.69.169) by TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.70.72) with Microsoft SMTP Server id 8.0.685.24; Sun, 10 Dec 2006 13:37:56 -0800 Received: from WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.24]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.2825); Sun, 10 Dec 2006 13:37:56 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Sun, 10 Dec 2006 13:37:54 -0800 Message-ID: <70C6EFCDFC8AAD418EF7063CD132D06402F7B848@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> In-Reply-To: <613.1165785151@sa.vix.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: Acccn+yMNs4unbmJQ+21YKOdxKCXQAAAII5A References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <613.1165785151@sa.vix.com> From: Christian Huitema To: Paul Vixie CC: Ralph Droms , bert hubert , X-OriginalArrivalTime: 10 Dec 2006 21:37:56.0216 (UTC) FILETIME=[74710780:01C71CA3] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 > christian, your words echo some i heard recently from stuart cheshire: Well, Stuart and I often disagree, so you might consider that us agreeing somehow shows something...=20 =20 > so, here's what i told stuart cheshire: if you believe that the web is > all there is to the internet, or you believe that the approach taken for > securing https/imaps/smtps is appropriate for all future applications/protocols > used on the internet, then it's natural that you would think ssl/tls/x509 is > all we need. i do not think that the ssl/tls/x509 model is futureproof, > and so i think that we need something else, something more internet-like. I am not so much looking at SSL than at end-to-end security. Name resolution is one step in the end-to-end process of completing the transaction. If you are really concerned about the security of the application, you want to secure the entire process, not just one step. You may use SSL, secure RTP, IPSEC, or maybe some application specific solution. The point is, you will use something. Now, consider the "market for DNS security". Logically, the early adopters ought to be the most security conscious users. Yet, those security conscious users are also most likely to deploy end-to-end security for their application. They are thus not likely to invest in yet another deployment, and to bear the management cost of yet another system. They will only do this investment if securing the DNS brings clear additional benefits, on top of what they already have. What would be the characteristic of a DNS security system that complements, rather than replace, end-to-end security? For me, the obvious answer would be to ensure availability of the DNS service. The secure DNS should guarantee that, if the relevant name servers are available and reachable, the name resolution transaction will complete.=20 The best "secure DNS" would be one that provides that guarantee at the least possible deployment cost.=20 -- Christian Huitema -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 18:09:19 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtXnL-0000pw-OP; Sun, 10 Dec 2006 18:09:19 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtXnG-0007U8-E1; Sun, 10 Dec 2006 18:09:19 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtXjK-0003en-IW for namedroppers-data@psg.com; Sun, 10 Dec 2006 23:05:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtXj9-0003cN-0C for namedroppers@ops.ietf.org; Sun, 10 Dec 2006 23:05:04 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id B5F0411425 for ; Sun, 10 Dec 2006 23:04:53 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Sun, 10 Dec 2006 22:30:08 +0100." <20061210213007.GD14479@outpost.ds9a.nl> References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <613.1165785151@sa.vix.com> <20061210213007.GD14479@outpost.ds9a.nl> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Sun, 10 Dec 2006 23:04:53 +0000 Message-ID: <15457.1165791893@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa > > so, here's what i told stuart cheshire: if you believe that the web is all > > there is to the internet, or you believe that the approach taken for > > securing https/imaps/smtps is appropriate for all future > > applications/protocols used on the internet, then it's natural that you > > would think ssl/tls/x509 is all we need. i do not think that the > > ssl/tls/x509 model is futureproof, and so i think that we need something > > else, something more internet-like. > > One cannot rely on DNSSEC for the whole shebang. In theory it could be the > conduit of a web of trust, perhaps that is what you mean? yes, but dnssec is also a web of trust in its own right, albeit not useful for "whole transactions" in the sense of e-commerce or web or whatever. > Which makes the vast amount of effort and brain cycles on it all the more > puzzling. In the vein of your statement regarding the 'king makers' in the > browser that annoint X.509 certificate vendors, perhaps there is something > along those lines happening within DNS? it's because dnssec makes only one king where there are three, that it is hard for the world to make traction for it. that is, right now root zone management is a groupthink process involving icann, us-doc, and verisign, but once there is a root key, the holder of that key will be the one true king. meatspace does not admit the possibility anymore of one true king. but you touched on something even more important. x509 succeeded because it was clear what was at stake and it was clear that investment could pay off. pgp and dnssec, by not offering a specific and definite fiscal pyramid, don't offer the kind of investment incentive that's usually nec'y for big things to be built. (if not for netscape's profit-motive, i think the web would have been slower to take off, and if you doubt this, ask bill gates what he was thinking back in 1996 on this topic.) (if not for bbn's and later uunet's profit motives, i think the internet would have been slower to take off, etc.) > I honestly don't know (it wouldn't seem likely), but it is unclear to me why > people continue to expend so much time on such a small part of a secure > internet. because it's a very important part. it's an enabling technology for just about everything else we all want to do. sadly, it's not the sexy part nor is it investment-worthy in its own right. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 19:40:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtZE0-0006Tn-Q4; Sun, 10 Dec 2006 19:40:56 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtZDv-0006KY-GI; Sun, 10 Dec 2006 19:40:56 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtZ8h-000CR1-Dc for namedroppers-data@psg.com; Mon, 11 Dec 2006 00:35:27 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtZ8e-000CQ5-AY for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 00:35:25 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id E8EAA1142D; Mon, 11 Dec 2006 00:35:18 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: Christian Huitema cc: Ralph Droms , bert hubert , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. In-Reply-To: Your message of "Sun, 10 Dec 2006 13:37:54 PST." <70C6EFCDFC8AAD418EF7063CD132D06402F7B848@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <613.1165785151@sa.vix.com> <70C6EFCDFC8AAD418EF7063CD132D06402F7B848@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Mon, 11 Dec 2006 00:35:18 +0000 Message-ID: <27895.1165797318@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 > > christian, your words echo some i heard recently from stuart cheshire: > > Well, Stuart and I often disagree, so you might consider that us agreeing > somehow shows something... it does. > I am not so much looking at SSL than at end-to-end security. you're also willing to consider a design that creates security-haves and security-have-nots, such that any application that cares at all about security has to do it end-to-end. if all an application wants is confidence in the kind of information that's easy to store in dns, like SPF or A or PTR or PGP or MX, and is otherwise not concerned about authorization or encryption, then in your model they have to do some kind of end to end security thing which in your model involves non-internet key exchanges (sneakernet, x509, whatever). in my model, applications who don't care so much about security that they're willing to pay an end-to-end complexity penalty (like ssl or tls), can still get moderate confidence in the basic results of a dns query. once this is established, we're in a position to add more types of data to dns, which the current confidence-free system does not really encourage. > What would be the characteristic of a DNS security system that > complements, rather than replace, end-to-end security? For me, the > obvious answer would be to ensure availability of the DNS service. The > secure DNS should guarantee that, if the relevant name servers are > available and reachable, the name resolution transaction will complete. > > The best "secure DNS" would be one that provides that guarantee at the > least possible deployment cost. so you're allowing for NS-only security. others have proposed that, but it was decided early on (by consensus among those willing to to volunteer to do work in this area) that end-to-end application security was something we wanted Secure DNS to be a building block for. so the Secure DNS model is end-to-end rather than interior-only. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 20:35:22 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gta4f-0006ra-Va; Sun, 10 Dec 2006 20:35:22 -0500 Received: from psg.com ([147.28.0.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gta4d-00067y-3D; Sun, 10 Dec 2006 20:35:21 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtZzV-000HlP-4N for namedroppers-data@psg.com; Mon, 11 Dec 2006 01:30:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtZzS-000Hko-60 for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 01:29:59 +0000 Received: (qmail 83353 invoked from network); 11 Dec 2006 01:39:13 -0000 Received: from softbank219001188039.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.39) by necom830.hpcl.titech.ac.jp with SMTP; 11 Dec 2006 01:39:13 -0000 Message-ID: <457CB491.3020000@necom830.hpcl.titech.ac.jp> Date: Mon, 11 Dec 2006 10:29:53 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: Mark Andrews CC: Alex Bligh , "Hallam-Baker, Phillip" , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: <200612062136.kB6La4LJ033654@drugs.dv.isc.org> In-Reply-To: <200612062136.kB6La4LJ033654@drugs.dv.isc.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 Mark Andrews wrote: > Sure humans could inject data in the pre-sign stage of any > of the parents. This in no different to the occassional > bogus NS RRsets that get added to parents today. I don't > think anyone that knows anything about security would say > that this can't happen. In fact this is the weakest part > of DNSSEC. That is, DNSSEC does NOT provide cryptographic security. But, for the other weakest part, see below. > For COM, COM.AU etc. we are going to have to trust that the > registration system won't be compromised. Considering that domain names will keep being sold on-line in realtime with credit card payment, we will use TLS or SSL (or nothing) for secure exchange of public keys and certificates with the registry. It means that TLS or SSL (or nothing) is secure enough that we don't need DNSSEC. Worse, it also means signature generation system is accessible online. That is, if the registration server of, say, COM, is compromised, all the domain names under COM becomes untrustworthy. This is the weakest part of DNSSEC. DNSSEC is just as insecure as plain DNS. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Sun Dec 10 20:41:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtaAC-0000sy-W8; Sun, 10 Dec 2006 20:41:04 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtaAA-0006BJ-A7; Sun, 10 Dec 2006 20:41:04 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gta7F-000IXy-5L for namedroppers-data@psg.com; Mon, 11 Dec 2006 01:38:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gta78-000IXH-2z for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 01:37:59 +0000 Received: (qmail 83684 invoked from network); 11 Dec 2006 01:47:18 -0000 Received: from softbank219001188039.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.39) by necom830.hpcl.titech.ac.jp with SMTP; 11 Dec 2006 01:47:18 -0000 Message-ID: <457CB675.70107@necom830.hpcl.titech.ac.jp> Date: Mon, 11 Dec 2006 10:37:57 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: Paul Vixie CC: Christian Huitema , Ralph Droms , bert hubert , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <20061203145317.GA4757@outpost.ds9a.nl> <70C6EFCDFC8AAD418EF7063CD132D06402F7B845@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <613.1165785151@sa.vix.com> <70C6EFCDFC8AAD418EF7063CD132D06402F7B848@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <27895.1165797318@sa.vix.com> In-Reply-To: <27895.1165797318@sa.vix.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Paul Vixie wrote: > so the Secure DNS model is > end-to-end rather than interior-only. It is not e2e. With DNSSEC, zone administrators between you and your peer are the intelligent intermediate entities subject to all the technical and social hacking attacks. E2e security can be enjoyed if and only if you and your peer directly share secret information without intelligent intermediate entities. DNSSEC does not provide cryptographic security. PKI does not provide cryptographic security. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 11 07:39:03 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtkQx-0004tY-4n; Mon, 11 Dec 2006 07:39:03 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtkQp-0001wl-Jy; Mon, 11 Dec 2006 07:39:03 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtkIq-000A7N-4T for namedroppers-data@psg.com; Mon, 11 Dec 2006 12:30:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [88.198.34.164] (helo=mail.bofh.priv.at) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtkIf-000A4H-4U for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 12:30:34 +0000 Received: by mail.bofh.priv.at (Postfix, from userid 1000) id DDFAD4D611; Mon, 11 Dec 2006 13:30:26 +0100 (CET) Date: Mon, 11 Dec 2006 13:30:26 +0100 From: Otmar Lendl To: namedroppers@ops.ietf.org Subject: 2929bis RRTYPE Allocation for the ENUM Branch Location Record Message-ID: <20061211123026.GA17954@nic.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 03169bfe4792634a390035a01a6c6d2f Hello, Section 3.1 of draft-ietf-dnsext-2929bis-04 specifies a DNS RRTYPE Allocation Policy which involves Expert Review after the submission of an allocation template to this list. Although this draft has not been elevated to RFC status yet, the DNSEXT chairs have agreed to give this new procedure a test-drive using my EBL draft as the guinea pig. So here is the template for your consideration: -------------------------------------------------------------------- DNS RRTYPE PARAMETER ALLOCATION TEMPLATE Date: 2006/12/11 Originator: Otmar Lendl , +43 1 5056416 33 Specification: http://tools.ietf.org/html/draft-ietf-enum-branch-location-record-01 Need for this RRTYPE: ENUM as defined in RFC3761 supports various applications as selected by the "service" parameter in the NAPTR record. That works very well if all these applications are based on the same administrative model where a single shared entity manages the ENUM zone for a number. In the context of Infrastructure ENUM, this does not hold: The end-user has control over the RFC3761 domain on one hand and the carrier needs to control (both in terms of content and availability) the records for I-ENUM. See draft-ietf-enum-infrastructure-enum-reqs-02 for the requirements concerning Infrastructure ENUM. At the IETF meeting in Dallas there was agreement to pursue a two-prong strategy: In the long run a new domain apex for I-ENUM is viewed as the right solution. This involves a lot of politics (including ITU interactions), thus an interim solution which introduces branches to the RFC3761 tree is needed as well. See http://tools.ietf.org/html/draft-ietf-enum-combined-01 Alternatives: The last two years has seen two proposals on how to integrate User-ENUM and I-ENUM in a common tree by a) using non-terminal NAPTR records (http://tools.ietf.org/html/draft-pfautz-lind-enum-carrier-00) or b) by adding delegations at the number level (draft-ietf-enum-3761bis-00.txt + the URI draft). One of the main reasons why these proposals were dismissed is the existence of "open numbering plans" where the length of a number is not fixed. For a long explanation, see http://www1.ietf.org/mail-archive/web/enum/current/msg05108.html The first proposals regarding branching off the User-ENUM tree used static or off-line specified branch locations. One iteration (draft-haberler-carrier-enum-01) and proof-of-concept code used a TXT record. Based on feedback from the dnsext folks this was changed to a new RRTYPE which added some more flexibility. Non-terminal NAPTRs were considered. For terminals, the regexp parameters is very helpful when dealing with open numbering plans, e.g. by mapping +1555123(.*) to \1@sip.example.com with a single record. The "replacement" field, on the other hand, is constant. There is no way to capture the concept of "the ENUM tree for this number-range is located -> there" with non-terminal NAPTRs. Mnemonic: The RRTYPE is called "ENUM Branch Location" record, thus we propose EBL as mnemonic. Earlier drafts used "BLR" for "branch location record". This was changed as "record" should not be part of the acronym to avoid incorrect language like "BLR records". Registries: No new IANA registry is requested. Special handling: The EBL record does no change the behaviour of DNS servers and needs no special casing. It can be treated as an Unknown RRTYPE. Comments: Support for the EBL record (and thus I-ENUM) has been added to the OpenSer SIP proxy and will appear in the 1.2 release. The code can be found in the OpenSer CVS. A patch for Asterisk has been submitted as well. See http://bugs.digium.com/view.php?id=8089 While testing these patches, a plain bind 9.3.2 installation was used as the nameserver. Example resource record: infrastructure.1 TYPE65300 \# 14 ( 04 ; position 01 69 ; separator 04 65 31 36 34 04 61 72 70 61 00 ; e164.arpa ) This corresponds to infrastructure.1 EBL 4 "i" e164.arpa. -- draft-ietf-enum-branch-location-record-01 does not define an IANA registry for labels where EBL might reside. The reason is that I don't want to restrict uses of EBLs to special labels. Other applications might just as well use EBLs directly at the number level, e.g. 6.1.4.6.5.0.5.1.3.4.e164.arpa. EBL 0 "" enum.nic.at. One might suggest that drafts defining EBL use-cases should use "_"-prefixed labels to minimize the chance of collisions. (plus the proposed registry for these labels) Right now, the chance of collision is miminal as no labels other than single-digit ones are used in the ENUM tree. -------------------------------------------------------------------- Any feedback, both regarding the protocol part, as well as the language of draft-ietf-enum-branch-location-record-01 is very much welcome. The ENUM WG will put this draft up for last call soon, so I'd prefer to make any changes as soon as possible. Thanks! /ol -- < Otmar Lendl (lendl@nic.at) | nic.at Systems Engineer > -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 11 09:54:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtmYQ-0003qd-0j; Mon, 11 Dec 2006 09:54:54 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtmYB-0000FN-6Y; Mon, 11 Dec 2006 09:54:53 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtmTK-0000Jb-04 for namedroppers-data@psg.com; Mon, 11 Dec 2006 14:49:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtmT6-0000F7-OC for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 14:49:32 +0000 Received: from Puki.ogud.com (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBBEjUsD034588; Mon, 11 Dec 2006 09:45:30 -0500 (EST) (envelope-from ogud@ogud.com) Message-Id: <7.0.1.0.2.20061211091625.05a55250@ogud.com> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Mon, 11 Dec 2006 09:48:26 -0500 To: namedroppers@ops.ietf.org From: =?iso-8859-1?Q?=D3lafur?= =?iso-8859-1?Q?_Gu=F0mundsson?= /DNSEXT co-chair Subject: Re: 2929bis RRTYPE Allocation for the ENUM Branch Location Record Cc: Otmar Lendl , townsley@cisco.com In-Reply-To: <20061211123026.GA17954@nic.at> References: <20061211123026.GA17954@nic.at> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 311e798ce51dbeacf5cdfcc8e9fda21b Dear colleagues, This message starts an "test drive" of the RFC2929bis "IANA template registration of DNS RR types". This is an experiment to determine if there are any obvious problems with the template (and its process) that can be fixed before http://www.ietf.org/internet-drafts/draft-ietf-dnsext-2929bis-04.txt is issued as an BCP. RFC2929bis will be advanced to the IESG this Friday unless someone tells us there is a problem with the current document. Time line for the experiment/test drive: Start: December 11 15:00 Reykjavik Time (UTC) End: January 1 23:59 Reykjavik Time (UTC) Mark Townsley our AD will appoint a special DNS expert for this experiment before Jan 1'st and announce his appointment on namedroppers. Expert review due: January 15'th 12:00 UTC The chairs are aware that there are number of holidays during this period, please use that as a motivation to participate sooner rather than later, by reading the template, the document referred to in the template. Then send message to namedroppers with your issues or stating your satisfaction that the information provided is sufficient. It is important for the working group, its reputation and future workload that the process to register new RR types is as smooth and robust as possible. Chairs Notes on template process: #1 2929bis does not specify a deadline for the expert or what the default answer is if the expert is non responsive. In the case of single expert this is fine as the expert should allowed to take a long vacation :-) For this experiment we specified a deadline in order to conclude the process before the document is processed by the IESG. #2 This process does not allow consideration of private messages to the expert. thank you Olafur & Olaf At 07:30 11/12/2006, Otmar Lendl wrote: >Hello, > >Section 3.1 of draft-ietf-dnsext-2929bis-04 specifies a DNS RRTYPE >Allocation Policy which involves Expert Review after the submission >of an allocation template to this list. > >Although this draft has not been elevated to RFC status yet, the >DNSEXT chairs have agreed to give this new procedure a test-drive >using my EBL draft as the guinea pig. > >So here is the template for your consideration: > >-------------------------------------------------------------------- > > DNS RRTYPE PARAMETER ALLOCATION TEMPLATE > >Date: > > 2006/12/11 > >Originator: > > Otmar Lendl , +43 1 5056416 33 > >Specification: > > http://tools.ietf.org/html/draft-ietf-enum-branch-location-record-01 > >Need for this RRTYPE: > > ENUM as defined in RFC3761 supports various applications as selected > by the "service" parameter in the NAPTR record. > > That works very well if all these applications are based on the same > administrative model where a single shared entity manages the ENUM > zone for a number. > > In the context of Infrastructure ENUM, this does not hold: The > end-user has control over the RFC3761 domain on one hand and the > carrier needs to control (both in terms of content and availability) > the records for I-ENUM. > > See draft-ietf-enum-infrastructure-enum-reqs-02 for the requirements > concerning Infrastructure ENUM. > > At the IETF meeting in Dallas there was agreement to pursue a > two-prong strategy: In the long run a new domain apex for I-ENUM > is viewed as the right solution. This involves a lot of politics > (including ITU interactions), thus an interim solution which > introduces branches to the RFC3761 tree is needed as well. See > http://tools.ietf.org/html/draft-ietf-enum-combined-01 > >Alternatives: > > The last two years has seen two proposals on how to integrate > User-ENUM and I-ENUM in a common tree by a) using non-terminal NAPTR > records (http://tools.ietf.org/html/draft-pfautz-lind-enum-carrier-00) > or b) by adding delegations at the number level > (draft-ietf-enum-3761bis-00.txt + the URI draft). > > One of the main reasons why these proposals were dismissed is the > existence of "open numbering plans" where the length of a number is > not fixed. For a long explanation, see > http://www1.ietf.org/mail-archive/web/enum/current/msg05108.html > > The first proposals regarding branching off the User-ENUM tree > used static or off-line specified branch locations. One iteration > (draft-haberler-carrier-enum-01) and proof-of-concept code used a TXT > record. > > Based on feedback from the dnsext folks this was changed to a > new RRTYPE which added some more flexibility. > > Non-terminal NAPTRs were considered. For terminals, the regexp > parameters is very helpful when dealing with open numbering plans, > e.g. by mapping +1555123(.*) to \1@sip.example.com with a single record. > The "replacement" field, on the other hand, is constant. There is > no way to capture the concept of "the ENUM tree for this number-range > is located -> there" with non-terminal NAPTRs. > >Mnemonic: > > The RRTYPE is called "ENUM Branch Location" record, thus we propose > EBL as mnemonic. > > Earlier drafts used "BLR" for "branch location record". This was changed > as "record" should not be part of the acronym to avoid incorrect language > like "BLR records". > >Registries: > > No new IANA registry is requested. > >Special handling: > > The EBL record does no change the behaviour of DNS servers and needs > no special casing. It can be treated as an Unknown RRTYPE. > >Comments: > > Support for the EBL record (and thus I-ENUM) has been added to > the OpenSer SIP proxy and will appear in the 1.2 release. The > code can be found in the OpenSer CVS. > > A patch for Asterisk has been submitted as well. > See http://bugs.digium.com/view.php?id=8089 > > While testing these patches, a plain bind 9.3.2 installation was > used as the nameserver. Example resource record: > > infrastructure.1 TYPE65300 \# 14 ( > 04 ; position > 01 69 ; separator > 04 65 31 36 34 04 61 72 70 61 00 ; e164.arpa > ) > > This corresponds to > > infrastructure.1 EBL 4 "i" e164.arpa. > > -- > > draft-ietf-enum-branch-location-record-01 does not define an IANA > registry for labels where EBL might reside. The reason is that > I don't want to restrict uses of EBLs to special labels. Other > applications might just as well use EBLs directly at the > number level, e.g. > > 6.1.4.6.5.0.5.1.3.4.e164.arpa. EBL 0 "" enum.nic.at. > > One might suggest that drafts defining EBL use-cases should > use "_"-prefixed labels to minimize the chance of collisions. > (plus the proposed registry for these labels) > > Right now, the chance of collision is miminal as no labels > other than single-digit ones are used in the ENUM tree. > >-------------------------------------------------------------------- > >Any feedback, both regarding the protocol part, as well as the language >of draft-ietf-enum-branch-location-record-01 is very much welcome. The >ENUM WG will put this draft up for last call soon, so I'd prefer to make >any changes as soon as possible. > >Thanks! > >/ol >-- >< Otmar Lendl (lendl@nic.at) | nic.at Systems Engineer > -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 11 09:55:07 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtmYd-000432-Pi; Mon, 11 Dec 2006 09:55:07 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtmYS-0000Hz-3k; Mon, 11 Dec 2006 09:55:07 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtmLK-000PJE-ES for namedroppers-data@psg.com; Mon, 11 Dec 2006 14:41:22 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [65.205.251.75] (helo=robin.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtmL9-000PIH-LS for namedroppers@ops.ietf.org; Mon, 11 Dec 2006 14:41:16 +0000 Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id kBBEf09X022115; Mon, 11 Dec 2006 06:41:00 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 11 Dec 2006 06:41:00 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Mon, 11 Dec 2006 06:40:58 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD3701059611@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AcccxccoBrDUgGgaTyawEnpCRzPEfAAa9UEQ From: "Hallam-Baker, Phillip" To: "Masataka Ohta" , "Paul Vixie" Cc: "Christian Huitema" , "Ralph Droms" , "bert hubert" , X-OriginalArrivalTime: 11 Dec 2006 14:41:00.0347 (UTC) FILETIME=[603C18B0:01C71D32] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8 If you want to make such statements first state your risk model. Otherwise we end up engaged in hairsplitting debates that have no basis = in common sense. There is no perfect security, get over it. DNSSEC provides certain cryptographic controls in certain instances. = DNSSEC is clearly not necessary to do anything we do today otherwise we = could not do it.=20 The point is that Internet security is kind of a mess. There is no = coherent architecture. The utility in DNSSEC lies in the deployment of the next generation of = Internet security infrastructure which uses DNS to perform policy = distribution. Protocols like DKIM and architectures that address the = issue of deperimeterization. > -----Original Message----- > From: owner-namedroppers@ops.ietf.org=20 > [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of Masataka Ohta > Sent: Sunday, December 10, 2006 8:38 PM > To: Paul Vixie > Cc: Christian Huitema; Ralph Droms; bert hubert;=20 > namedroppers@ops.ietf.org > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. >=20 > Paul Vixie wrote: >=20 > > so the Secure DNS model is > > end-to-end rather than interior-only. >=20 > It is not e2e. >=20 > With DNSSEC, zone administrators between you and your peer=20 > are the intelligent intermediate entities subject to all the=20 > technical and social hacking attacks. >=20 > E2e security can be enjoyed if and only if you and your peer=20 > directly share secret information without intelligent=20 > intermediate entities. >=20 > DNSSEC does not provide cryptographic security. >=20 > PKI does not provide cryptographic security. >=20 > Masataka Ohta >=20 >=20 >=20 > -- > to unsubscribe send a message to=20 > namedroppers-request@ops.ietf.org with the word 'unsubscribe'=20 > in a single line as the message text body. > archive: >=20 >=20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From lhasas@airbrushworkz.com Mon Dec 11 13:01:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtpTJ-0002MN-Ot for dnsext-archive@lists.ietf.org; Mon, 11 Dec 2006 13:01:49 -0500 Received: from atoulouse-257-1-149-142.w90-5.abo.wanadoo.fr ([90.5.240.142]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtpTD-0008VY-JA for dnsext-archive@lists.ietf.org; Mon, 11 Dec 2006 13:01:49 -0500 Received: from BlhjLro (unknown [113.117.174.127]) by airbrushworkz.com with ESMTP id F0109D47FDB2 for ; Mon, 11 Dec 2006 19:02:22 +0100 Message-ID: <000b01c71d4e$715bba80$00000000@BUREAU> From: "craftsmen lift" To: dnsext-archive@lists.ietf.org Subject: Ill write nouveav handbook Date: Mon, 11 Dec 2006 19:01:54 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0007_01C71D56.D3202280" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.1 (++++) X-Scan-Signature: fca7d4b87f391aa4d413f865ce6efe79 ------=_NextPart_000_0007_01C71D56.D3202280 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0008_01C71D56.D3202280" ------=_NextPart_001_0008_01C71D56.D3202280 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Becta professor macfarlane who relaxing? Supported tv cards btwincap iu labs rd. Signup zoofiesta login username = passwort friendly plus. Kart metroid, gameboy boy gba pr dev. Ares, develop projects freely, = altama original. Kids fri, sep, pm, dslmodem nur bei. Taj mahal trump = tickets jones. Marie largest, keough born. Village, drinking childhood, skakel kids = fri! Treatment facilities ca sea ak oil gas cass. Played, birth aka lampoons = julia daniel. Safe effective lines diminished, reduction pore procedure. Notes my daughters bijon. Gessow audrey mortgage bc rich acrylic, warlock absolute price. Is = bended hadrians wall on knee, moved. Higley kimberly, evans eric block marc jonas blum bock? Kurta sherwani = chudidar blazer! Rcupration contient contenu obscne violentes. Alocr alonetrio alonedark alonon alper dunno dupa. Elad hnapossoha sem lapot aki. Receipes longfin mako johan can help recipe casserole. Toutes sportives = nhl regarder matchs, entiers? Amature ando webcam como saben hace. Broadcast schedule rogers lowes nev hampshir, york penn. ------=_NextPart_001_0008_01C71D56.D3202280 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"younger"
Becta professor macfarlane who = relaxing?
Supported tv cards btwincap iu labs rd. = Signup=20 zoofiesta login username passwort friendly plus.
Kart metroid, gameboy boy gba pr dev. = Ares, develop=20 projects freely, altama original. Kids fri, sep, pm, dslmodem nur bei. = Taj mahal=20 trump tickets jones.
Marie largest, keough born. Village, = drinking=20 childhood, skakel kids fri!
Treatment facilities ca sea ak oil gas = cass.=20 Played, birth aka lampoons julia daniel. Safe effective lines = diminished,=20 reduction pore procedure.
Notes my daughters bijon.
Gessow audrey mortgage bc rich acrylic, = warlock=20 absolute price. Is bended hadrians wall on knee, moved.
Higley kimberly, evans eric block marc = jonas blum=20 bock? Kurta sherwani chudidar blazer!
Rcupration contient contenu obscne = violentes.
Alocr alonetrio alonedark alonon alper = dunno dupa.
Elad hnapossoha sem lapot = aki.
Receipes longfin mako johan can help = recipe=20 casserole. Toutes sportives nhl regarder matchs, entiers? Amature ando = webcam=20 como saben hace.
Broadcast schedule rogers lowes nev = hampshir, york=20 penn.
------=_NextPart_001_0008_01C71D56.D3202280-- ------=_NextPart_000_0007_01C71D56.D3202280 Content-Type: image/gif; name="Executive.gif" Content-Transfer-Encoding: base64 Content-ID: <000601c71d4e$715bba80$00000000@BUREAU> R0lGODlhdALAAocJAAAAAIEACwONAIeLAAIAiYUAdA54c83MsrTlyq3T40stAGYqCH8XAJUaCbYt AOcpBgAzCRM7A005AFpNAH1BDaU8ALtCAOBHAABdAShnADZuAF5qAIJXDpVZAM5VBNdRAAqNCSWE AEZ7AF6HBoCICqeOAM2DDdmMAA2pAB2gAzWsAFihAIOoB62gALycAOmhBwC3AC2zAEa0AFHAAIq5 AJ7DALy+B+XIAADoABLnAETZAljTAIngBZzcAMXSAO3gAA4AQS4KQE0ASm0ASXMAN5UAMrMIPtIA RA0mNhMePzwaMl4mRnEaPq4hOr8hQNUSRQA0NR8+STFAR2g4RYFLRadGSrJFSOlLQwRqOCpuTkNk TWtbQ4hlD6VrPLFTSNlRNAJ8NhuLPUt3QGmNNXt6NZ5xR7l/RNKMSAClQxqUTUSaSFWUOoCUPaej TMyhOOegSwXMMSLBMTy/TFy1Nnu7QqWyMby/M+HCMwDZPhHVMjvdRl/uRXzYRp7cQMXXNdLgMwIK jhQAjkQAiVoJd3sAjKoAgLUMetUCfgAfdSYthkote1oYgoAcdpIYjbgijusXhAZKjCJMhko2elQ/ iHI3hpZHcbRDjdlLgwFcjBtRgzFldFtUeXFig5xpgsRag+Fsdgh/ihZ9jUWMglqMgHiDhZ6Dg7KK iNF1iQGgfiqhik6tc1KZgnGVhqyaiLupeNmaigy6fh7HjUy3dmzEiIW6c6zKjsO4d965hQbXeCfg d0jcd2rgfofsgpzgc7Pagd7WcggAwBEGzU0Ay1wBw3kAwpIAw80AzNUAtQAqvRojx0squGMVzIIe vqUuwrcexNEsuQFKySJIwD46zVw6vnZMwJs2uLI3udpGsgBbtBJhx0dWzGRlyXZesqVStrxXuedU sQB5uiCBw0t9tGV1sYeAxZaNs8KFt9N5tAqWtieruTytzFydxXySua2pzrGlyuOTvQazsSy7tky/ wGi4s4bCyaS9t/f/566gqYxygfQAAA78Dfz/AAAA//8A/wD/+f//9yH5BABtxosALAAAAAB0AsAC Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWN/7Jq3cq1q9evYMOK HUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPivcq3r9+/gAMLHky4sOHDL/UqXsy4sePHkCNLnky5 suXLmDNr3sy5s+fPoEOLZou4tOnTqFOrXs26tevXsGPLnk0b5ujbuHPr3s27t+/fwIMLH068uPHj yJMrX868ufPn0KNLn069uvXr2LNr3869u/fv4MOL/x9Pvrz58+jD1l7Pvr379/Djy5+fMr39+/jz 69/Pv7///wAGKOCA3NFn4IEIymbWAAyCxeCDA3gFYYNaPbiVhWFhWOGEEzrY4YYRXtgghyF6+CGI JIoIYVYkWrgiiP+0qCGKKsYoo40laqjjiSZyJSOFKpbI4owcBlljiz0aOSSFMxLopIRA+shklDgu CSOOQn7VZI1iYbhjli5OSSWXL1aZZJhZopgjlVsGuWaEbZopp5didjnmlVo2WSadbwKJJo1dbfkl nk/y99CDByE6kKL2MNoogwIhCiFDEyLkaKKQLprppZJm+ugACTEqqqcGOQrppZqOCipBqLI6aaSn kv9akKK0bkqqrLO+Wiqurqpq66qwrlppsJ/mCmywsk6qa6sJxrbgmIKOCK20PJp4p5xQpvnnkX5e O2e3aVqZbZ4v6uktlnXGWWWHfJ5VLaGB7rlitHB+uC2XS05br5DqFpreobii2umxxHLoUKyW8prq rqByGiuwzBZL7MQMJ0zwwr8aq1CnBStcLMK1XrxxwyJLbPHAA1fM8ccB30oypg6X3Ox8ArdM8sUo y6xxqxGbjHGyD1MMs9A/+twriSzfrHGoQec8LMdBI6tzxyL3DLXSNWPdtM0/46yr0DMfmLXKXBtM adRLW0w2wU5PjXSvag8tN9pgL721zpUOezTedC//zPTNd68Na9IVUy033GHT9qy2+mJrZYp2vuu4 lIzvS/m652IO5rVxdi6mueFeWWS/7JYZb+jo3kl6nZqfbubojefbJr3+9gew17gbTfjXhetuddlA K6074qYqzOzxnupdN+Kf9m3swx4jDzHXf0+c8s7JK9uy375Tn7jYvBY//bEhI1t93T37XD7cIcvc Pve9Pzq8ycrPT3HeHjef6vTMpz32+XZzmbCydz3uqSp+32vP4sglLtGBC1DxkpLrItfAb4XoS6HD YAUpd0FqMRCCG7wcjfplQTJ5i02Vy5DqHljCEYKLX5ubIL5q5y8kqSlcRSKU6TYIOrLk0E0szNe4 /1xoQ9l1EElE6mGShPgjfIFOXUqElwinmLoZzgty8IqiFGn4rwR68YtgTAoXx0jGMj4njGhMoxp1 YsY2uvGNcIyjHOcYoDXa8Y54zKMe98hHotDxj4AMJGP6SMhCGrIjAUjkQRLJyAAIhJEEgaRBGjkQ Sj6ykY6spCIjqUhMbjIhnvxkKBHiSU5m8pKODCUkR6kQS6LSlJJ8pSztEctYHvKWUFELI7uyy3/s speNBEsvfZlIrQCzmFkZZjKLeUxkemWYzVymM6VJzWoGk5gB+Eozs6nNa2LTmMiEpjPFyc1vCvKc 2ZEIJk3JSVp20paTXKUkbTnPT76ylvYsCD4zuf9PdmqSn+8UZT7/SVBSurKep3TnKRE6S4Xi8qGF WWdB9VnKhcgToAm9Zz4vOtF4LnST/WyoRiUq0onCE5YgDahHR6rSjkL0pX15pz8p6kqLHnSgHGVn SBeZ0o/61KUOrShQZ3lSgvbUoTTVqDuRWlKYOlUqOUWlPUnKEJKeNKojbeo/rXpUoF4Up6pMZVcN KtayMrWg8lwqPQf61Lb2BC2/nKY0w4lJsyhTmdTEa1zrGhZyzlWvcv2mJ7mCV3DyVZh0FWxgyclM b1YTnZClTkRYydOy1rSVUwWrWXXaUlBm1qzwvGpAa1rUoLLVn6UUrU9Hm9HSuvW1R9lpUr/akLX/ ZtS0rW2pa8+aU9uulLZaZahnV7vZma6TqmeFrXJvcha/EnMre53rWABbTnNS17qFNSx0G8tNx96V rt2N5jPBW13CjvOa362uNx0b2fZaByIbxags93nbpNrXt/MV6GlDSl/U6neryTVpaW370wDLVqvL TXBiynJdbDpXuogt718lHErtGlbCDl7vNL17WHNOWJUedvB41Zve7D7Ywu5NsYpXzOIWu/jFMI6x jGdM4xpzRcE4zrFqbMzjHvv4x0AO8mR0TOQiF0bISE6ykpfM5CQb+clQ5kuTp0zl4kT5yljOspa3 nMcqe/nLYA6zmAXE5TKb+cxoTrOa18xmQ475/81wjrOc5yydNtv5ziKhs573zOc++/nPgA70bvBM 6EIb+tCITrSiF83oRjvaJYKOtKQnTelKW/rSe360pg2N6U57+tOg5vGmR33nUJv61KhOtapXzepW u/rViyG1rNe86g/YGtY0hoitd22PXX+AILzm9UCC7etiD9vYvS42spPta2Ar+yDPXoiwj/3rgii7 2de29rWFPW1t29rb1c5Itzmy7ZCMWyDndki6md1sZnvb2cue9Uu43W53d5vY4TYIvfPt7nf3u9/1 Bvi3FTLuc6973/xG98DhjZCAs3sj68bItB2ukXRHXNoLZ7jCf13whU884/JmCcLDve+NmxzaGf8H ecfzXfKT/zvZBA+4wUFO7Zrrm+YHr3e8L3Jxi6yc3A7fubqDrnKOF73aHQ/5vAce7Za3/OYJ97fL a/5xktM85vfG+dX/bXGtR53dVq+6x7NNbZ0j++lYh3rZ+S10qWs8IvGO+M97rvSVlJzpeEd63hu+ dZtP3eRV93tDvp1yr/M97ChPeM6xfXbC513vkD/52CFP978L3OiIh3lCuv51jGve8oK3d9/rjpWz 7Dorp0/9rVH/AdZrZdurL/ZXTv/61W9F9a3/B+1rv3uw4J73XYF962nf+9vbHvheUb3uh3/r3f+e 9czP/fKlb/zcK7ssxZ++9qG/fbJkv/tmeT7/+Lki/OjjOjLEj735oe/84yff18E/fvZxD//3fx/4 7ac+9+1ff/vHX//4B3/iN4DNZ3v5V3/X533up335N35h8X3394AFKH0HuH4BSIH9d35lAXd7B3Zh F3iDd3RvR3WO13mgt3Fmp3hbh2+bZ3iJJ3klSIKIB4JPR3EtqIKY92yVB3o7CG8p+G5zJ4KkZ3cd CHY+OIJpN4Izh3kneII06IJq93JIKIU2d3eTx3UxCHhXiIIPMXM8OHpuF3oM8YRsl4UyGIZDWBFo kX4Y2HsZeH/y537F54bqZ33tV32zZ4B1+H95aIcL6IBiAYETeIGEyH0NyH7hJ4d7yIfY94cR/9iH yAd+4rd/dAiAGigXbFh91PeGf7h987eAmbh/0+eHohh/5EeKp2iJ3ZeBpdiKkYiHDLiInjiB69d/ nwiKehiHGEiJquiKDsiKrmd8sBiL+neIgHiJX6FrjMdySeeDTdd2nJd1zPh4fReEOgh7L0d0OHh4 L4iCmYeFjRdtVBiNNiiORnh4KShzV/dza1eEU0d2aYgRyMiIw5gbjziPnxGPXQiFQNGD+vgT+PiK viga9xiQnfGPCLlcBrmQf5SQDulWDBmREjmRFFmRFlljD5mRGrmRHNmRHvmRFxmST/KRJNllInmS KJmSKrmSLNmSLtlpJRmTMjmTNFmTNnmTOP+Zkzq5k1H2kj75k0A5aTw5lO4RlEZZIESZlEq5lEzZ lE7ZFEcZlVI5lVX2lFZ5GlSZldBxlVx5GFr5lWAZli7WlWQ5GGJ5ln1GAATwFmrZFW2JllUJEQAw l3MZFGppEndZEHkpEHt5EH3JlwQAmCKhln9Zlm1VlwKBmD5RmCBRmH3JmAPhmIGJl5NpmH1kFnP5 FXSZmVmxmQDwD3TZmZ6pFaMJmqXJmZxpml5BmGupFazpmqzZmrGZFbP5D7HZmlvxlrQpm6+5m7vZ m215m7AJnIRJFm8pnL+pm3A5IA+hmAShmIhJl/YgnXUpndMJAAZRndGJnds5EM4ZmYQJnoL/uZeS aQ/hKZjoSRCPGZjkOZl32Z7jmZfvWZnzmZ4JIZ/4aZ6VaZmE9J2JiZ3/GaDXGaDQCaDPyZ0Gup3+ aRD5qZ96SZ/7GZ/qCaEMepvsSaEOCp8ZSqHwCZkI0aAbyp9hhJmf2RWpiZoliqKqKZqiuZkruqIu KhbHiZvECZvJGZy4aZs0mqO+aaO6OaM6aqNB+qNrSaTJaZy86aM8upwE0pwGeqDeCaDdOaAFOqAE mqBSap0KcZsV6qAS+qXpWZ7iqaH1iZ5lGqL26aVb6p4cGqEimjhncaKfKacsCqNzWqKqiaJ3Spp4 mpp1KqS+CaQzWqS8Sai5WahumaM4KqSL/6qjSWqkgxqkkqqch9qjQ7qklMqkY1Saphmadaqintmn o0mnf1qqktqjvemoxamqjTqcq1qpjJqqg7qqrTqrswqoh1qrhQqkmuofLLGgEQGsGeGhdumm4vmm DyUZfqoWy0oXmdobz3qqvfpmzYoW1eoWtekb2TqtK4as3vqt4Bqu4pqG3Fqu5nqu6Jqu3Tqu7Nqu 7nog6hqv8jqv9Fqv9nqv7vWu+rqv/Nqv/vqvABuwAkuU+FqwdDGwCCsVwpqdT5qwXRmnnJoW1+oV E7sV+ZAPXXGxGpsVF2uxGMuxGvuxBquBflqxYWGyW4Gy/9CxHqsVHcuyIBuzMjuyuFatKv/aqZnp qaHKp576otUasi4rsi0btCsrtDR7iTabokp7p3uqs3v6qaLqFUA7s0MbszB7tMi4sy0atXbqs0/b tWHBsmJrtCAbsi9Ltlg7j3rKtaAataRqsmMrs0B7tWdbtmibtq62tnwKtV7bty/6FWb7sXSLsYNb tFWLt5TmpFAqoALanVVapVYauQJxsQRBufZguZebD5lbuZq7uZPbuQ5bdxAbo6V6sznLqajLtUS7 ukU7t0ILs4GLuAGpsrKLlhmxsKErsHBBu7Xbu777u8Dbq7k7vGkkAAJAvI5mraSrGEm7vFzBu2Nh vFxhvNT7FdQrvVlxvQKQvdq7vcGbr4r/y7gjsaCQKxLdaw/GOxDpWxDri77H277p277Iu2Xki6XX SZ2b+Z/WGar6+52Pm79W6pn9+6Tfeb0EAb/Hy74J7L4GEb8LPL9aVr9Rer9Rar9XmqXiO8EXDKX+ a8GS677yi8ANvMDyKxAObMAQ/FokSrFui6d/S6dv68I867TP+7V/arLVqxXY+w87rMPey8M/zL1e 0cPfO2NJu7cl68Kh+rU3W8MmKsOnW8MRa705vMNEDMQ+7MNBvBVXXMSBFL4F8b+Lm8GRO6Vh3LAf rJ1nHBEOzMAm/MBvrL4JXMIKnMJXJsYU7Jx6bL+QK8FrzMENW74L2sYi7MYiTMeFbMdQ/ybAA4yg YzzAjFuggYzGHQzJ97vHCozCIJzI2vvGnbzJcKzI3krHomxn99HFXuxlpbzKCZHKrvzK9crKslwQ sJy2s3zL9lDLurzL04rLvvzLwBzMwjzMxFzMhsnLI2vMEIzMBqvMzvzM4crM0jzNNAu9oyHD1Axn U6yZ2EyiWlsXtAvFPZuy45zNPkaqJ9vNyqsXKjuqKfu872zOSXatWnuaSgsWy2rPThuj+tzEpAma 8dyZJyvP89zN6IzE98zN+My0e8uiMUzOJgrQ/zzRmknQKhas+5u/5avBAIwQwqrGGkylFoy74kvA B6Gl0AxTa3HEUMvP5ezE5OyiSYzQ9v9cFjob0BRr0ULG0nnKti8N0Q3d00At1E9s0wKtxAOt0+0F xn6Mv/ob0h5NwFnqyBwN0gEs1R6dmNP5nFq91d6Z0k41uhNbz6krFvk8quLs0uNMw1Ispyc6w0rt Z9bMrOossXFtanNN13FR13cdYy5B0hXByGDdaH1d2Ib9aoPtsIfdy4mNsIv92JD9aY3t2JFd2ZYd aZOd2Zq92Zzd2Z59mZcd2qI92qRd2qZ92qid2qq92qzd2q7NpJ8d27I927QNW69927id27q927zd 277927hR2+0K3Ccp3OxaGZVQCdeRovBsF3zt3G/x06Dx3Di90gL9kw+R3JVAENptEcn/rRHa3d0Z 8d0FQd6B3dWBzBBo3BDrvd7ZORFSShHuzd4MG51hXMHzvRDtfdLn7dX5DRLxPRP/Ddpkod1bYeBs kdxxoeBZweAJjuANDuFuwdzVLRfUjc/MOuFsAcXvzOESfd3WipnRDeKQceGNYeKClN3iHd4CEd7b bQ8u/uIw7uItzuIzXuMLYd43PuPizeM6Xt4yPhA/zt9d7d/ofd/7G8BbraWCrdVMbsn4TdUdzcjc ScFQ3r+X7OT7naBE/tUD/tVFXuVPnuUISslgbuRoztVmPOVJjtJe7uZUzuRybuZebuVe/VJmEd4R ruAOzucM7uda4eCBrtx/rtxhIeiA/x7h/yDoYMHoi27oSf3hFE7hQW3DTPzhmO6zR13hCR3RSA3Q b/3p8YzUYy3pOd3hIg7ilw7qMJ3pfTrRk17UMIrp2Lzqox7R/0zqqE7itK7pmb6uDfHdLC7sMk7s Qr7d5j3k5G3jCqHjxo7jQ34Qyh7kCSHmdx7g6V3nar7tZ17kRm7S933n7w3uVa7t3n7k5v7e6H7G AvzldV7u5C7u4m7m1o7udH7t8z7uXB3u977k3O7k1f7vaQ5ReU7oBp7oj57wit7nhh7jew7pjQ7x fu7iCi8Wju7oOT2npi7RHr7pu+7xvP7pGk/RsN7WI3/dJ8/qJI/yH4/rHM+zri7pFf+r8SMv8jG/ 8qx+8rHe3KZO1qEp6iXP8yp/1Prs8kP/8i+m4jh+48mO7MXu9Me+4zvO7Anh7FAP5MFO7VKvENbO 5QOf7+lt0uDe7fE99mBu9uV+5GK/7/u+9lGd5ALv72zP3/Ue79l+7v6e9tiu7vje72kv718P9nEf 7mSf71C27C/+7Ez/9FP/7D1u9dLO+FKv+M2u9ZDf5fEu726f7np/998O1et+7Z0P8ObunwFO+nwf +n8/8KdP+F6v9oQP+Ph+9nj/+n8/+mYf+mF++4J/7nzc9kY27TW+4pIf48P/+EEe7cZ/7Mjf49xN 4z6O+Fnt7Xt/oHDP+U89yWNOnSf/3cHwXp2o79/g7/rXH/uiz/1sT+XTP/v2jv54z/5ofu9ez+b1 Xvugj/70j6XtDf6C7e56BBD/BA4kWNDgQYQJFRasVIlgw4URJU4cCJHiRYwHAWQUuJHjx4EeQY6U KJLkSZQpMZpU+Y9lS5gxZc6kWTOhRYE4bVLUuXPlx5c+g/osSdTo0Y4zhyJl2tTpU4Q9oU69CMDq UoRXscbUStXrV5VdlYIlW9bsWbRp1a5l29btW7hx5c6lW9fuXbx5Bdrj29fvX8CBBQ8mXNjwYcSJ FS9m3NjxY8iRJU+mXNnyZcyZNW/m3DkzAM9+QWMeHRpwadOpCaNG3bd149eqZf+N/z3b9m3cuWXX Hjyat+Xfi0sH/8w3NvHJxJEz9m3vuGKtV50HXq77NPTe1l1r597du2jhqqsbHj67+XfPrKnDBo8+ 9Hj38eXPp/xaq+v7051LN26VOn/Q+NtPQPwABHDA/vzzTcAAFyywOQJPu4/BBP/zbzoGIzSuwusa HE66BhP88EAPtxsQOfUoRFDCC/PD0MEXR4SwRRPb0/DEBS/EcEUcWSyvRRlFhJDH6Ogzcj6KsNrI JI+WJMjJpBJaUiQoowzpSZewtOrKLJNisqMmm+zSSyoVCpPLKln6cksvsSwoTYOmvFLNMud0U84o qxxTyifrhNNNLvM8M0s29yTTTv8rETV0zTtdKvNLPh0FM1FKxSxUz6300hSjxH4L0Eb9Nlzu0+3U a09U8Ez9EdQNUS311PVC1Y/UWF21VdZbO0yVNlhpnVXWIWvMTthga2211fJutQ/YXJslltkdXxX2 ulCT7VVaZY/UFr0k4+wK0inFukqjb7UENNFwxwV3zuisfLRdSLNCV9CXGGVXrDsLNVdRdOFtdN3o Mo23yzDrfbNRd/cseEuANQLTYH4t3ZdSR8cd00987W0z0E073knNiQk29OBzMVWY5I1LTjioOgmN 89yXT14UZZf5dRjmmlOel2aJ0Rx5oYHFhBlkn1cO2eSch+ZZZpMHZjpQpEHW+Gf/j6tuiWhJqew5 ZawZnljfi5tGOGmhLz553ZgbrvRomb9+eeq2c2Yz6qfl5XhrrHduWexJ4x3qT6jp1hhsrRPmWk+d 08zUasYJ6jQ/ECs8z8UbI1dVQRZnPbBGzE/k3ETIWc0cdA5p2xzZykvfFfTIRcuQVA91zNFaao/9 lUfXgZT98yIlhxZX1o/rnHJoW8/99mp9793XHIHf9nnon4fPtOmjt16z6qe9Lfvirvc+tcY5/mrx 8MvHuVuvyBfKfPbbx7d9+N1SP2an3q/f4vjz139//vv3/38ABlCAAyRgAf33PQQmUIELZGADHUgf 7nUmgrY7zAQfqD3BWPCCm0FR/wYRo8ENhrAyVaEY1Y4yP7uhb3wgQWHaSji2ieTtYWCzSwtvBrQU 4tCAO2ThC6liQ5oVBSxANOFPiigyEirtfHMh4hKDKL5I8VCKSfrWpQh1KXHR8E0WC1dI7Mco/LWr YpaS2tzyxUX89WluXKzYDPGUMXXFEWJmu6IcvWXHGdJvbVREoxnpRcY6smtSeQzkGLdoxjDab4xC E1cbCXnEKR6wU/0h3e5ShMH1WBJWzNIktl70H08y73cUTFGyYKQrXiXvVKZEnfZOKcpNtqY6l8SW KGVnShjZkpWr2U8oU4ksTtIOmCIkpm6SqLbEQfJtbFPZ1Pimx2eSLYjOzBOfIP+mJJf5aWcwRJr4 6qXIZv5rXkEznDTRZk1m3i2ZTkNiJA2IneJx0kY6yuCEVkfKe0ZLVEWqDS2zFbBf2g6W53mQr46V uk/t0lSii1GEZFkY3vjzV7PrnEAPWip+MrSg8pyWqjiKutMVU6SyOaY4I/ZEdVIznCed49Koic2V VjNuiBuZwZykzbjJVGd6POJSVAqllp7zUdCk2EuVWE2jFs2dS7UbMuX2pzl6TVGE8+LZqgq3lF5V q950KcL8RtOysUyd7azpOHG2tz1GtZstk6ZSh3rSsvbta13bmjmrqkymxk849CyW5mC3u8wNtKIF 0qdf/UrQgDZPsSKy0Owsqjr/BDmWkjdS5UH5aqF50vN4nCNeYBlLrJB69KKe+51mLZdZ4LVOsr2L LAVH+trOIOVv7surUZqol9vWVrcyESttd2uT3OIluL8V4HsoK1IXwVY+yVUuc5X7XOhGV7rTpW51 rXtd7GZXu9vlbne9+13whle8xQRhbzQ7SceUl5fjZQ57A5oc98aXWurF4CwfQ9+AGdS1R6JvejFp Hv9WcFjhga/zjCVf9zRluDmEYhQzsuClEfeGEFbwSWw43LJJOHxstBMbw/jHQznykAtTY7q86DUP Y9GKhnQjHc2kpRWn8cQkDjEiVUzGsKZNi+Xq8E1p3EVDAo5MgGQxkIssqWze/5hODJNxm/rI5Ef6 C01PviOTtWZFPGlYfix9V9GahlaV/SzDiMPyW5HKNrbmMMYu3qOgBpllm5rZplxtZuHGiVO5bVGQ d4Zilq8IV26+DacrXmfIckowM4tMi1puCnqfJdHJfdTA8ZxvPiU90Es7q3bxjGhiR1vYZXn0OZ2+ 1kIzrUr9QjqfoeaVqlNp6mwhL9MSHeUwY61fBEcvtKeekT03ey3nUdSgqhb1qjXtadLhDp/JTt7l jDfRWGnoob4sKKaBuaxQZjR4gwV1rWXN6mSb2paWBuirU7W8Sec6NxyJJt2S9sK8ZVipdC60z36q THLO7KjtTHS7d9pmgHczrv86ratZ+4zmg6k00An3akzt6kSdvvvfjHaKo2k1WGuP+3PAfo6kZw0q fwJ2v4+9dkeRbS2N93Kh/azsslUO7Ftv3NPi/ii3U35exIJ7mDT/ULWGvclvc1rd3OLjieu4xg8j 2o9Gr3KDs5ZIqSaTxUq/Mpt9GuaCkQvpYD561dfa1B33sa0z3mbUWdbIErf4Ye+OWtT7NPV0yhiO QJVqFhedRhpLnOKNrgy2syvM+USwv+k5sICxN3TE83fT10Wskbg3eAl6kMDdS3zl3eN36nZWW4/X teTh2ffjWl70oyd96U1/+sTsXfWrZ33rXf962Me+ttRzfHsRCPnLA2fouEf/fe0/SB4fudy56f7v gDtPfM5w3vaO1qjxU8P7Avf+eiNRn8C6unCIO/3FdJH3CXv4YCOSjMIwGT/5ZU8X6Ogudg9qeS0P jOvcrb/VNFL/aEOnu8ayP0SkJRLOJ3TL8yKt0HkVAwGRi3M+/hvA1CpA1vi/IEEV0+qlBGTAfZKs CmS/ymqe4IuRjTKdB+Q/6Qu8cCO3kTvAxYM/hpKlH6Ed2LEokfMUXBE5fTLBeaI2k/MlwHql/5q2 fxo5ZqvBmAtAGfw5jPpBSurBiwK8c7PBJDS2ELQNFZo3MqMaPCsxdYmIMbs+s2IrgXuxeDM0mFK4 gLMqL2M4ByNDJ8PCEspC/6cKs526Ny1UtJohH3/bty48P6JIv13KlQC0P8J6qBGptBuMtX2KP5sT Ql97luAhLEGsQIeaOSdsPBSMQWPrwx4JNhdEN5arthjUNlt7NE2cQUR8NljaLIAqtyckKfAjqyn8 G7SzmSkUPzucqTxDKX17QzcEuIijqVmEQ6nZvqzqsBsiKykUMyo8qyc6p2BkOLCKwzu0GbzCwx8q Q1gsKlmsxkPLQoezFzYEFLq6RTQUsl3MqS8sHLQJKp5KKrVaQ4M7s2GEGzjcRqiZR298JqqqNx+S xh/SFyu7MnGkqyusxyZ7OhoSoyXLsSNTI62jukWBOqa7ozM6u60zurUqyP+zsjt/LCeKvCuFnDIs Y7C5+7F6xDq8u5uwu6kzqqkbIzt9PIpUjC/oe0mZnEmaxI2YrEmcjJ6WdKfy20mf/EmgDEqhHEqi LEqjPEqkTEqlXMryCa6eZDeykCGUeErtIwqqLIlF8z6m/J/og6ho6w5SE4/36srD87zJW6+bxETI MK3xaLycRL1R+UruSMvfAzrJiEm6NLf3KLy9Mh14ysu3JCaU48DPSi5+AkCCsg8SsUBD/KwdeR1L FMD+e0TItD9pm8wHLBEfscCEQkxWkzYHxMBz+0AK1L/TEaYDXK0VOUzADExtUaEus0ZjRLKHKyI4 68V/6bcYos0uJLSpIkf/3VyTNLu3jzw433QzqePIOYu4YuQ6rjGnQUuzrWQf7EgokjPCT8S04ChF SqS2lEM+JHS51HIVWCM2J3w0kDtPJszOWoO1wtqvnIPA8YyW74y04nNN6CIhlGSaVwy0gJk4KXOj cjSp5NQ6t+vNiOyZ/6yzKuKxMXSqO4zQO/uiBF07dlwkiWnGOURDJGKn6RwglOzGeWtOh0FHD11G OQQ0ohJDDlVQYJQ4dJTH2iwrdhJRNSPHCxWr/fRGlmq4qvzQqpk8FvQ5+HTBVaoVjIsl/BC6WnLL ngs5HhRFmevO8Oy2VdLOe8I5b4vP8sxSE+y4lasv3onE68TP6go/Llw7/zvrSBBzuis8yIXMu7YD qjjlz1ikF6trMjGauv78JrorTjxdzjXkx0eaMa+z0EEKHEK9UPHjMHdZVCBlyqu0sHysrUm1xUjN VIM4PhFsTRECTE8107eUi0tlt4H8LXACLk1dVYUQVVd9VVjlDFadVVqtVVu9VVwloFjdVV7tVV/9 VWANVmEdVmItVsDIVWRNVmVdVmZtVrIwVmiNVmmdVmqtVmu9VmzNVs9wVm7tVgDSVnANV3EdV3It 18XwVnRNV/gxV3ZtVxFSV3iN1yB1V3qtV3u9V3yVSXndV361i3z9V4BNsH4dWIItWIM9WIRNWIVd WIZt2IENWIiNWImdWP+KrViLvVj2cliN3ViUwFiP/djG4FiRHdmLAFmTPVnCIFmVXVmWbVmXfVmY Xdn5aAjJoNm/sFnogQ+dzVntEh7BE0z8zAipmAmp0ImhrQiHYIikPVqQaAimBYpFclMz6c/w06G0 u8WMsS2o6D5krNQXrZpSXb2nbYmiTdqcMNuDKNuaGNtVPFHt+0WoFSIUZcUfDYv0+dpoxNuOCVsp WgynrQS/+Nu++FubJVy+MFx7IFzAvdnFPdzFRdzEfVzEpVnFHdzJdVrBKFzIhVy0TM/THEvCnMD6 MzAaVNKwjL/aUU0GvKTR9UDVtSQDlEHP6cxClMDRFM3KWcxew0DWRUz/x2StUb2Iv0Xas/0HnFBb pyXe4lXah3CI411a5zVbi4CI5DXe6CXe6UVb5a1e6tVeqwWYt2op5WzRbTLD2YRGiOuasxk0GBur qrxNYmROs+HHQaET43xf3szfl0o08tXU7F1e5bVeg+je5g1gpFVcAV5eAlbg6y3e503gm4Be7PVe YNxTsXFFR51RrkUZrs0v28RbOoUrG8VRdKLGa+RR9R1D88WhpMJHtkunoFQMzbXcGXZcxxVcnI1c ywWMHKbcxp1hnAXiHwbcIJbcHA5cyd3hI/bKIi2l3yslBwwpz0tMm/M59wRe8vTE24E0LFZMUrQ1 dPslImw/Z8O/zfw4/xwkNy0OVe0SXsId4AYW4Ac2Wun1XjqG4P99YDmuYzzW3qH9Xwem4CjSUXNZ nGhiVCmh2laMMPdFlBgdYZhCUUbSG/q50+GEYXD0txZ+YUYG0jvOY+ht4OS9Y+u1Y7Rd4AReYO6N Y1Vu5bSV4ECG4xQiZEdOR/JVRvEdYbqltx2TZIITOBkyRx+1s6jCWnp7KjYLm1ueKw4NR77locTo YSMeYsGNXBxu3BvGXMZF4mwe4m5O4iL+5mwOjGveYWuuYblstSw94+KpzCWdT856NiuWXd/ZNAUk 0tNC3Q20HM1TkOFJXSpFTdTSQA/stjL+w3ZuXXnGyZ1gW7dw6LHYof9n/piYlSKIZouL5i0DmmiK rmj0ywzOtZ6Qtg02jo+S5iCUTWmVXukF8miXTliWjmmZJg1/VkLY6iDCa667NEuw3OnIOGlpdcu6 RDUfHJXhQ+n2W69qm8S+Y2fDw57IRK/lKTfW6rjvOF2lvq+JhUquHrgzBEmmuLAb7ehj1turmUoV bjPxXSEG++pVhOlJCs19zq8tLszYxTz0dOf9syf6U63SJN3bLUwJ3GvSBF1cciziARJGHBbNBMF0 NhasDl3KGUXOHOzdBSnEhkwvvuxLXGn7TLfEHEG97FJ7tl1d6ijRek+9tOdVKcJ3ppHVLlJb+WzN OcLSna/WBj4f9Lb/WAK8247SXJqRSmIVV/OgTtptj6XtzvXD+YxP1+XSSlRS0ZlEoR6l78zARuxA +szu0D622GZq0HrExpRu10JB4P40LBVtQswk9QzYkkJUKyynSY5aqstKF06XA50moxmxDSan/0zh +q5UvIkxg6THUyVRuSUqB/tC+tbTCEMr8EW7/77IgCzQg/3LE5zuERSttkRjmFu23H6sTTTS9xrM 1Ja8VPtEmYtS7gbPSXPPDz+1QRTxMR3u7C5T87xPjP1sHoRtopbSoDPdJc1x8USeMfZxZKtS7O45 KkVv9TZy91NLWlPLJidt8by43z65Gi+5J8dyMb45oH7VJCLIOnWx//mu8H400EO14AwOMg7+06zr b5JcOvlW06J6HyahXz418ONsI3Bpc0W9R0Pt2kCFb5bM2pVBdDw3MTs/pLaq8JeuC472mFJ9Sgib dLOO9JaQrjC/PdpLvvrIvZkGn/3BdE0xdfMjCVR3a03f9FF/dViPdVmfdVqvddOL22HkClbX6P8Z yBbCsBWiQ62VPV6cogB77KaO7cgD3Zzm6csAU9vrcGYHMBhHbt17bgkKvc84ar58YvnCdZ5KdRhS 1bvddbR2oaqlvmB3orANZppwW13PvrotYdczyKSDqhSLsi9qUJbk0TaVE20ysj0VNCLDyCLLWoH3 dSobdKjrrYVxt/+BJyQ5U7tG8vX5jW+MsbGM5FMKJfh+N/hkvPg/EkkHr2QLbdDYBFTW80WRD7H+ zRcVNfP1dSv9ZffYrJtz3LOxo2Qdi/kUlToEtbf9XifpXKZ2jDNstPCzu99cjKsQ1uD8PZ+J3+U1 8lpjH2orjTToRk9XIvHyfkyvN+j2LjWOo3HybO8T/0Hu5PIgJG9oO/s0vs89fHt19iQZ78ArrvKx LJYWjPvyTuyvp7Skjq8oxO8zr29MCVCnhzFFCtF2pM37XnBapPpavhe5G/dxXFACfXQS1sin77pn 9HdkUnwyI30WrtCDFHR63BjhdNCeOpyMd9SizyvmwzWtD3zcb27/S9OVvq/S+jQ+7qTt0N56sxRq 4kdxXmvP9IT7Zql2vF9+Is/97fTw3ca21Az7Mq0065ftwXcv2IT41d95xUF3C69zEe7RRF1RrON5 z+/8+KXbGj0cZUbm9febrSp/pVnTvTnkwXH3/geIfwD+ESQ4sODBggIVJhyYcKFBhA4ZQoxI8WLF hhYfHtRoUSHIkCJHkixp8iTKlCoL2mvp8iVMewBmymw5k6bNnDpt3tzJE6dMmgBiBh3q0uhNozGV Ki2K9CXTnE2RCiX6E2dTp1CHJt26MynTnkvF1iRKtmzXpTp7UuW6tirMtFF9sr1K16pPtHDL/qw5 1a7WvlmdtgVa/zdw2rGGjzI+ClcuVMVA+Rb1mnguZbyaN3Pu7Pkz6M8rR5Mubfo0aoQkH6Ye6bE1 7JSsY4ec/ZE27twYdct2nds27+DChxMvbvz4bZDAY3NEzrz48uXOp1ekXl05bunWt3Pv7t170pLa Uzf/vnJ8a9bhzVNHL1z9zd/s55sPbf8+/vz69/Pv7/8/gAEKOCCBBRp4IIIJKrgggw06+CCEEUo4 IYUVWnghhhlquCGHHXr4IYghijjifoP9ZyKJKFp4VmMkBqgiaDBuJWNkoalI4304xmiWZjq6+ON+ pJUnUXxEcrTedaqdNNNu8BWppElgJTdldr3VRqV89GGXHkru7f9mpUhenldadGFSKaaWaappZpNb lqcelF+6NmR1cMbpG0VowuaebR1BtyaWo6GnJ6Gr8aZnkncGmiigjXZnY2SY1RgpXoN1lRhjmLmV F6U98kiWW6AGxZNjWFUWWKmFzSiUYSz2xVdbdl02Kq2TznXZZKlK1SqvYbkqF4ug1iVsr5uuBVhc YnFVrGSlyqrsqWi9uqyvvgJ5LWhj5qlokhMZ6uaX3mY0rm/a9emRQ+h25GdzTG50pZJ9GqQRnePS G+9t686b3GuziStduqrVu1C9b8JLsHL3CrwtvgPnqTC/DEMkr7sTR0QvxAgv6ijHp+3YYrVPxXVV VpbeVaPIms7/ymmy0DZmrLRfUQazyJPGPPLMOdssFac13ywpzzBn6hnNOnea11+ZZVby0X41/VTS VhUd9V0mq5U01DjzPDS2XQsYNYpCK230yztHVXPYMn9WtNNlywwW21Yfq1bOcCvGdbSFmao2pcaC 9WrLe/n1N2Fk62yiyy0OfunTu2JKct1mEy4q5Fi/5TO1yubqNec5rpq23DZbTTWserl6+eaeWm75 23TPLTrLmI/NY9soxw7y1W2TzjTetSvO9u8s9x651r5nXWnju3t6s/Gvb/087Z1Lb4+214n7Lr5t gnvnkdZ7b6e/2Bls8EfXmz8l+dtfHC6U/WL//msY9fvvlgKd/9+uRBnZ+X773i/8v/30tz7u5Q9/ +2oTusp3Potl7H7c6hgETQOppUFOV6kinWNQ9Tuh6Q1psYNM2QhXOtSdrFbICttkVHW3DU4lc7i7 HV0ek7phoYxYplPaylqmK6zZMFYpOx0NXya4E6aQWotbzA0PZ8PpTU9QxkEUx6AYQUZNsYpWvCIW sygk4kjRUV3s2Be1KMYxkrGMsPEcgXz0IzUCiY1MfCMc4yhH6pmxjna8Ix7zqEc9zrGPfvwjIAMp SAbtsZCGPCQiE6nIRapETGGUEyMjKclJUnI7MQLW5B73ougVT2prGyQoQynKUYKokfWr0ymzBKZv damSrnwlLP9jeUaiLU94q3JWs0ZGub8ZsVm4qgoQNbcYrECtV47jGymTqcxlYsuUrKSimeJ3sAMy 8GHc8hMAqbm/fB3QXQFDXwAHCE1ZkrOc5mSPlMKFpHKtEpUaEyfBioRNeLqTgNmzl5wWeL1z8rOf /pwlGm2JQ0ya5XGraxzd7MY7D8JuhM0r3EGZKdGJUpRDp3GYPSOmvTixS2KJmmdG/cfR8mXTgQ37 J0pTqlKUfLKhDAWZ37SWq4iOCoPM46DZioe23vkNeG6sKFCDKlT+nGed1jPqvLz1JIYwaZvYjM8C a5OuioVnYOtBkvvSab+JDOmRK/0qWMPqxSp20atiPStazRj/yJ9KiK2zGypc4yrX++wRqVG8aFrz qte98rWvfv0rYAMr2MES1pBzPSxiE6vYzhW2sY59LCUXK9nJUraylr0sZjOrWa9BtrOe/ewdNyva 0ZJ2tKA9LWpTC8HSsra1rj2samMr29k+6rW2vS1uSUnb3fK2t7rJLXCDK1w4+ra4xj0ucpOr3OUy t7nOfS50oytdwA63uta9roimq93t9hW73v0ueMMr3vGSt7zmPS9606ve9bK3ve59L3zjK9/50hdB 3L0vfsNa3/3yt7/+/S+AP5TfARO4nwE+MIIpWuAFM/iVCX4whCMs4Qn/t8EWvrAi/3i6Dbm1QR1u I4Wr20it/5qnTMGRJmrMuiQ8yWucdxzUxsSD4bSqGDk1hiSX0MmmG4/VmWSaMVrP5c1wWpPIVw2n XbnqTajKE8lIbog8oZpUdlVMYFSdspGIlOX6PfXK65TSk5IcZS/rK55QHnKTNUquI4eZzE1d6paP DGSVhs/Kc+omKq+sqG9aLM/dc7L67idNPUcVgIVeM6I/qs16qnliZeZz+Lyc0QYaOdEgBRg351zJ tfGyaTLlKdlMxrq/LBRoPyPeS6WFQZwq7nli85nboLfQk2nKcA8Vm9M2RWpPx8ymsQ6xRH08UhPj s6QkhudTPUouR6f5nc526sXSKe0lI5V+W73nRdp1bGgvW/+fVc22ork65aZmm9Dj9pecNf3VOtNT fiVldDTBnWcuv7vYyD5lR/EtvigtG3stNiCeRtrtedd7n+tT6jTBx7+Ex1jd5WS3s+l9bzpFWt4A J6k4hzxx9p3U0PRzGMCTDa+Lb9OdWZUYufsX8PiZtM+X5vLLHS7JlgbOlrVGTM1zF2sQvvCGYTGd 7D4nRF4lUYMNpZwJAQf0ghITiaUTYRCR+WkLQt3prJrhXvYGbN2Clsd6LKvMm1vdD4PSrWTf+nBP 6/U8SnHtYX873ONuYbTTve4hkjve826dz/BDQH13yd+xFXjAe2bwLTG83RMvSJXwQySNJ8jjVxL5 f0z+ipX/p3xKLv/4y+u982LkO1ECj/jNDH70LkK86WOCesWzfpCMpzw/Nh/72c8e9pOv/O0xD/mC ND7yvtc98DVfe8jHnve0J37xMZ982mve9sZPvu6Zv/veQ1/6zg/J8W3/++Vz3vPeLw3fRX94wtsj 9uQvP0xKj/7xj1/87T9/6tEvfvWnv/zuZ/9LzP9+8ved/v2ff/6tnwDiHwH+nf4dYOslIIX4H/8F YOg5oPxF4Pv1H+FRYPxJ4PkN4P4VoP2Zn/oxIAgG4AfiheExIP5doAKmoH28Hu/tngvmnuMpxPYp Xwv2XvDRIOdZ3/DBoPTBoAvKIBDyIPBF3xDaYAteHxAm/+ELHuEQfp8TBocQLiETKmER4mAN0uD0 YSEV4l4V5p4PNmEXJqERLqEXUmETcuER/t4PPiEb5kYUEiETquEa3qASomEVBt8Y5qEe3iHsYV8Q iiEeZuEVEh8dbh5IvOHvuV0bzhjowZ8BMh/9DWAJZqAATiIHHp4HYqLoZWIHYqAmaqAkaqL7zd76 USD/cSIpnmAq0h78Ed7ZqWAK6kb3TeEsekctpsktLqIuDkf4QaIv/iIwBqMwDiMxFqMxHiMyJqMy EiMsNiOGoGCHsCKISKMzViOG7CI2ZuM/WCM3dqM3fiM4hoY2jmMbhqM5niM6pqM6riM7Hhg5vuP3 taM82v8dPNajPd4jPt7XPO7j1uWjP6obPwbkhP0jQTKiQB5kghWkQjYYQjakQz4kRE7WQk4kgUWk RcoXRWakRm4kRxrYRX5ke3WkSI4kSZYkH4EkSqaXSa4kS7akS65JSsakTM4kTd7dS94kTuakTv5W Tfakde0kUBKWTw4lURalUUJIACSlUgZATCwlTCglUUDlZjjlS1ClPSylVLpEVraEVGLlVlqFVyZl VYZlVHrlU4qlVkJlWHYlWU7lVn5lW3IlWsolU6ZlXV7lXB7lba3lXdJlX+LlX9JlZ8DlXPLlWP4l W8YlWK6lXZrlYTqmYPqlXzqmYWoGVtrlY15mZG4mYGL/pl7u5VsiJmEGZmcOZmGeJmre5WhuplWW pWqiZmPGpmRGplV+5WHK5mJmpW7uJmzOZmiS5mci1koopUl4pUIQZ0gg50ks5T8wJ0Eo53MmZUFA Z3NKZ3UGwHFa50goJ3dq53VOp3d+Z3Rip3OOJ0lAJ3WCBFaCJ3aaZ3a2p3iup3i6Z1AWVnomp3zS 53uqBHF2J3zu53y6J3qGp3pqp38C6H0iZ1gW6H8yKIBup3wqKIHGp3VGqHfeZ32q1GfYZlNqJmd6 pmm2Jocm5lnWJW8CJ23m5Yl+aIq25mRq5orihVqaKFqOaI3eKF5yJocGJ2ylBIayJ30m6ISeZ3kG KJAa/6mELmhJKCl7Gqd+Hml+vqeS8mVxSmd/VuiEHqiVkmd4/miG8pWXUih8CmmDLmeXZimWNmiS FimRMimTPqmARimcNmmYxqmYioR/Ximb1umXplWYruWROuhwnmmZ3imCbumQPqhz6ul/kul47mmi MqqZtqeTOuqjIip18mmfltOG5mWHMmZplmhorOanfiiJhqqMquiN0mhf2iirAmareuptompuNuar luqLwqqn7iiPbhav/iaL0ipn2Cap0uqpCquoeiZvziqIHiuysqasJquugqipniiK9mprieittqhr jqqs1maMwqqORmuzOmu4gutrpmuqxuq1/ma6vmuJwv8rtmbWaFBpkTKnvQLqkqLpm16nkwYom0pp fg6ogeprkK5ppV7ojxJsoxpskz6soG7qStlHWxKrWBpmZa5rbrroi7JrvG6stopmaharuPLlts4m rqJsx7qmvDLrvPaoxMaszM4szdaszd4szuaszu4sz/ZsJL0s0Aat0PKjzxat0R4tdw2t0g4V0jYt Hi0t1FaU006tWkWt1S4T1Wat1m6tZ12t13Id14at2I4t2Zat2Z7tQn6t2oIS2ratd6wt3Mat3M4t 3dat3d5tgrit3u4d3vat3/4t4AYu2u0t4Rau4ZaR4Cau4i4uXB2u4z4u5DYK404u5Vau5V4ua0Wu 5qbHBuZ2rud+7o9sruiOLumWrumeLuqmruquLuumCei+7n+0ruzOLu3W7t7CLu7mru46iO2S7u7+ LvAGr3/07ugKr/ESBfGK7vEur0skr/M+79Yyr/ROL/VWr/VeL/Zmr91CL/d2r/d+70pqr/iOL+CC r/meb8ySr/quL/u2r0+ir966r/zOr9DCr/3eL07Sr/7u72fir//+LwAHMEPyL+MKsNgScAEbsAIv sD0i8OIyMARHsARPsGM5sAVfMAZnMIBRcNNq8N8GBAA7 ------=_NextPart_000_0007_01C71D56.D3202280-- From owner-namedroppers@ops.ietf.org Mon Dec 11 19:24:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtvRd-0002Cf-4b; Mon, 11 Dec 2006 19:24:29 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtvRW-0004Na-P0; Mon, 11 Dec 2006 19:24:29 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtvJH-0009EA-Fr for namedroppers-data@psg.com; Tue, 12 Dec 2006 00:15:51 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.138] (helo=ntp2.ntp.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtvJ6-0009D6-6Q for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 00:15:45 +0000 Received: from 65-86-158-146.client.dsl.net (65-86-158-146.client.dsl.net [65.86.158.146]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ntp2.ntp.isc.org (Postfix) with ESMTP id 854CA398A7; Tue, 12 Dec 2006 00:15:38 +0000 (UTC) (envelope-from mayer@gis.net) Received: from cust-63-209-234-207.bos-dynamic.gis.net ([63.209.234.207] helo=[10.10.10.102]) by 65-86-158-146.client.dsl.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1GtvIu-0002RP-9S; Mon, 11 Dec 2006 19:15:28 -0500 Message-ID: <457DF484.3040006@gis.net> Date: Mon, 11 Dec 2006 19:15:00 -0500 From: Danny Mayer Reply-To: mayer@gis.net User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Joe Abley Cc: "Hallam-Baker, Phillip" , Alex Bligh , shane_kerr@isc.org, Ralph Droms , namedroppers@ops.ietf.org Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.) References: <198A730C2044DE4A96749D13E167AD37E7EC64@MOU1WNEXMB04.vcorp.ad.vrsn.com> <0095F0EB-9583-4778-9E40-AA7950487696@ca.afilias.info> In-Reply-To: <0095F0EB-9583-4778-9E40-AA7950487696@ca.afilias.info> X-Enigmail-Version: 0.94.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-kostecke.net-MailScanner: Found to be clean X-kostecke.net-MailScanner-From: mayer@gis.net Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca Joe Abley wrote: > > On 5-Dec-2006, at 23:16, Hallam-Baker, Phillip wrote: > >> >>> From: Danny Mayer [mailto:mayer@gis.net] >> >>> I suspect that we will see demand for DNSSEC the first time >>> that a bank sees a poisoning attack and their customers get >>> redirected to a fake site and their accounts drained as a >>> result. Phishing attacks can be alleviated since you can tell >>> technologically that the site is not what it claims. Their >>> customers will demand it, the bank will be afraid not to do >>> it, the insurance companies make it a condition of coverage >>> of losses, etc. Then of course the military have a need for >>> it. Of course that still leaves the issue of validating >>> resolvers being not being widely deployed (okay, so only a >>> handful of people have deployed them). >> >> This attack is happening but not quite in this way. > > The banks around here have fixed that problem by buying insurance which > will reimburse both the bank and the customer from fraudulent > transactions which occur using the bank's web banking app. > > In the case that the customer notices a fraudulent transaction, the bank > reimburses them, the insurance company reimburses them, and everybody is > happy. > Actually, it doesn't take long before the insurance companies start to push the banks to do something to secure their networks. If a customer notices then they spread the word and it becomes a public relations nightmare for the banks if they don't do something. It's not just about who pays for the problem. > In the case that the customer doesn't notice a fraudulent transaction, > nobody does anything and everybody is still happy. > > DNSSEC will need to be as reliable as this, and noticably cheaper than > the insurance, before I would expect these banks to start caring about it. > Cheaper is not the only incentive, bad publicity is a much larger one. Customers will move their money somewhere safer if they perceive a problem. Danny -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 11 19:51:40 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gtvrw-0004yo-3t; Mon, 11 Dec 2006 19:51:40 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gtvru-0001ea-Qu; Mon, 11 Dec 2006 19:51:40 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gtvoj-000Bvo-9j for namedroppers-data@psg.com; Tue, 12 Dec 2006 00:48:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtvoZ-000Bv7-5Y for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 00:48:13 +0000 Received: (qmail 32493 invoked from network); 12 Dec 2006 00:57:48 -0000 Received: from softbank219001188039.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.39) by necom830.hpcl.titech.ac.jp with SMTP; 12 Dec 2006 00:57:48 -0000 Message-ID: <457DFC49.7060400@necom830.hpcl.titech.ac.jp> Date: Tue, 12 Dec 2006 09:48:09 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: "Hallam-Baker, Phillip" CC: Paul Vixie , Christian Huitema , Ralph Droms , bert hubert , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <198A730C2044DE4A96749D13E167AD3701059611@MOU1WNEXMB04.vcorp.ad.vrsn.com> In-Reply-To: <198A730C2044DE4A96749D13E167AD3701059611@MOU1WNEXMB04.vcorp.ad.vrsn.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 Hallam-Baker, Phillip wrote: > If you want to make such statements first state your risk model. Are you saying it to Paul's statement of "so the Secure DNS model is end-to-end rather than interior-only."? Anyway, if you use your risk model, your statements is nothing more than a fantasy. I, instead, have been stating the reality that ISPs and zone administrators are equally (un)trustworthy. As a result, DNSSEC is NOT cryptographycally secure and is as secure as plain DNS. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From edition@agisdem.e.telefonica.net Mon Dec 11 21:10:59 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gtx6h-0004D1-Iq for dnsext-archive@lists.ietf.org; Mon, 11 Dec 2006 21:10:59 -0500 Received: from 201.160.1.44.cableonline.com.mx ([201.160.1.44]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gtx6X-0000K8-AY for dnsext-archive@lists.ietf.org; Mon, 11 Dec 2006 21:10:59 -0500 Received: from IOBKZrLFPTh (unknown [171.187.61.12]) by cableonline.com.mx with ESMTP id D2243D5483AD for ; Mon, 11 Dec 2006 20:10:36 -0600 Message-ID: <000901c71d92$aa2dfdc0$2c01a0c9@oiuh1rf7fdow1c> From: "Sugar DivisionI" To: dnsext-archive@lists.ietf.org Subject: Pa season Date: Mon, 11 Dec 2006 20:10:09 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0005_01C71D60.5F938DC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.5 (++++) X-Scan-Signature: 5655aae64318292c42757ebeb53e54ce ------=_NextPart_000_0005_01C71D60.5F938DC0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0006_01C71D60.5F938DC0" ------=_NextPart_001_0006_01C71D60.5F938DC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Suburban los angeles nearly north americas! Asjunior jersey has yetbeen = however likely marathon. Results together determine six individual also. Locations other notable items. Series cup make it ideal, location = offroad offered, wide. Adt center home depot suburban los angeles! Seven = pa season, majority, titleson decided resort playhost juniorsu. They infamous figure coursein, arguably exciting sprinters is ofthree. = Marathon discipline alternate venueis currently under upon. Are formal = should made end, calif october. Racers, including juniors uathletes. Seven pa season majority titleson decided resort, playhost juniorsu. Trial eventusa mich june olympic. Juniorsu elites masters races. Eventusa mich june olympic sport. Us, careers advertise, contact privacy. Sports highest level europe = last, victor george? Elitelevel, cyclists betweenthe various. Amp tbdslated not yet confirmed, exact date or! Season majority titleson decided. ------=_NextPart_001_0006_01C71D60.5F938DC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"Mileevent"
Suburban los angeles nearly north = americas!=20 Asjunior jersey has yetbeen however likely marathon.
Results together determine six = individual also.
Locations other notable items. Series = cup make it=20 ideal, location offroad offered, wide. Adt center home depot suburban = los=20 angeles! Seven pa season, majority, titleson decided resort playhost = juniorsu.
They infamous figure coursein, arguably = exciting=20 sprinters is ofthree. Marathon discipline alternate venueis currently = under=20 upon. Are formal should made end, calif october. Racers, including = juniors uathletes.
Seven pa season majority titleson = decided resort,=20 playhost juniorsu.
Trial eventusa mich june = olympic.
Juniorsu elites masters = races.
Eventusa mich june olympic = sport.
Us, careers advertise, contact privacy. = Sports=20 highest level europe last, victor george?
Elitelevel, cyclists betweenthe = various.
Amp tbdslated not yet confirmed, exact = date or!
Season majority titleson=20 decided.
------=_NextPart_001_0006_01C71D60.5F938DC0-- ------=_NextPart_000_0005_01C71D60.5F938DC0 Content-Type: image/gif; name="provide.gif" Content-Transfer-Encoding: base64 Content-ID: <000401c71d92$aa2dfdc0$2c01a0c9@oiuh1rf7fdow1c> R0lGODlhJALQAYewAAUAAHkACwCLA3pyAAAAhYkAeAd8icXAyb3TwK7P7kkWCl4uAH4VAaIbAMwu ANonBQBLAB5DAEE2AF1KBnk9AJ5ADrNGAeVJBABrAChrAEJiAG1pAo1eB6xeCs5mDexgAAB7ACyM ADmJB2iOCIhyA6uMAL6MANaJDA2TAiyuBT2eDmKgBY6pAKKdAbWiAN6mAADLACPBADvIDWm0Cne6 DK68ALjMAO7FAADmABjRDTXdAWPnCXXTAK7bC8flANjbAAAATh8IRDoHSG4APYQGRacLQcsITuAA QwkaOi4gSz4RPmQbPIMTQ5EdNswWP+ogQgA2PCRMNElFTlg8TXVAPKtFRLtBOe1JQgBXNBhjODtj RmVSQ4xREapVTbZWNdhpRA59Mi2AOjSHOFZ9R4iKOap4TMiOTud0QgKpRSyXNEiWPWeoQnSjRaOa PMycONqrPwC5SCy3NUe0OV7ASIW0TKK+N7O+TebCMwDVPBrqOTbSRW3eR4rhNJ7UQLTuPtHVOAoA hCEAi0sHim4AeXEAhJgCg7wGc+MAewkqgBktgU4ohWwfjn0kg5IWgsggiOkXdApEeRQ5fTY6i10/ i3g7eZQ8fcRGd9VFdABmhyZlcjluiVRXeItdeaZjfMBhjepefQSBgCuEhTGKfVuHdox3hJx0hLp+ e9+OgQCuhyGagDiVg1OjgI2UgK6VgbOld96jdQbBcRO4ijvEiWSzhHLBca7EfMbHgePNjgLhhx/s hE3bjmjrf3nVfqPTirTVgdbcjAAAxyQKxzMAx2YAvYwHyZsAzccOtd0AyQYbtSsovkIWtFEqvXwg xZYdwL0oxN4sxwA3wxJEskY7uGw0tHc5t5gyubw0xtg9tQBjzR1WvTlfxV9ksYVqx5RtwMdozeFc zAt3zC6CxUt+yGmGxnZ2v6R3uLh6ttF3yACavhWlzkKXx1yXtYWRxZuZsbmeytaixQvFtB24tUvH vF+6toO2yZ7Nsvb/+6ebsYt5ifMNBw73Df//Bg0A//YK/QD1////9CH5BAD03jEALAAAAAAkAtAB Bwj/AOXJq1FjIMGDBQUeNKhwoMGEBRFKnHjwT40/GDES1JhxI0eEGimKHEmypMmTKFOqXMmypcuD 7wi+mzmzRkybNGvmfMmzp8+fDAUKHUpQ4c+jSJFaW1rDGsmGDqMWHfowIsSEVU1mtLjxoteuHENa DJm0rNmzCL99q7F2LVqzN3FSjFlTps27b/PqNelwYVGrffvuHfzTKUHDIx8ytIo1YkOsi1dyvRiW 61axY8kS3sxZYlu2oDv/vFkXL066MuOKXg2UalTFRP9mZU37cNPbtpsinloVql+BvmoE90U88myS HytmBjmZMuWxtaMndRuaIHXpJXWSTo1arl3sLIOL/34tlDFFo3/Br0a8lKnt3ZB5SyXoi7zwgfUD p7QMXWJy58qBpN6AKanlVlsGqkXgRHXFlZNqeHW3IEXi0dYbY+UJht5UE27WnntMfYiQUfYFBZlB wbm2YUnQZWbZVy1eJhaAHXZoYHVsJXhdjXT1SNNdPz5YI4XiDUccYeVJJJVgHMo35FtOtXebiLrl Zh56DuUnnJby5IefY5KRFVZXXk3WokdP1kidjhPt+KSQc+2UJn3C0UfckZ1B9Zh5YAI2Z1lSBpob lRDNV1B94nVJZ3n5NdqSZh2Z2Vyk/H31Z0/zlKVgjml9BtdpowmJWpCpzVlkkXTutWSTr11VqGMr Xv/qkohRHhYiQvBhGFuX9W05XKp8IndmRQAuRyaNMMqqUqbzZFoDs886y5KC1HJ644FJlfadtilp x21pOl16J7C/5tXqiPr1eZ6yRxnm7kEhBuoUiYE1mqWihxY1XJeKVigssccqh5mZzjXHLknNShvt Qc22pCObaeHo04PhbtcTadx+9yeeE3GMVlYmtmocYEkeXBh77J0H25b8pkjfUEcCF5G/FM1YM4wf bfUcpSYj3DDDBCX8s8ImrYmgdTkeHWqpGkOokoQwmdazr3fSfBaTei7k28haTz1rylXaWqtsxvWa UJG8coiv1f5NmrOLkAosqdcTOSv0s0HjLS3RJSX/CJqnbLrpkoPcjcqT4RJBLW7VdHp89YkXFqph yHTPKlG8uaYXlFBeAscvQ1zaybbcLpaJc4w8F2xwz3vj7frCQyeM0o0HGY20xC01GHWEoObOoMbs 4sl4nebCtiFRm2MZbOUl1SqolFNC/xvMdXJpb538ij66pf2BJSCaZBq7usk/vw4t7OaX3/ftf0ec LZByyfmp1+VuORhV6E6v7m+uMm+S87iilW4Mg7xX3St7C7GXkbTynLa9iHsvKl33pgYtZlnQdbJT 3+tIUq0dKW1ihNvWqBTnP5cID1icSdf++KSYEqYEeh9KmXvSE58UFQdF+qoh8Rw3keQs54GXqdn4 /5hXQb2VT3Z6K5B1/IatTU1Maj+yCwld2JNx3c94fgET1kBGQyqSBIBTCluuFNKrDPFqXzJ7Gaqs 2EOP9EdGbiyWG4PoNbvVbYN5axgSC3St2p1FWxLajtO8+CcsGo9J6HpMrAh5ucyNDT4X6pfMQIfA XvlrgSNZXYwAFjDTFYyCdbNjEpFINL6JhImh8dQTT5Mx+Q2SkUNC5K6Sp8UMdaaCptwL5i4XRpHg SygfCGYw5SHMD0BEmL4QZvWUWcxmGpMgzoSmM4tJmWhyZZoUiWZJlIkQbnZzmsGsATaDNg9wclOY FtzbHmf3lh5xB0juJBUsL7WYyGTRVSU7jl7upv9BzsDnXTP0JaISgkxiFtMgyFTmcJgZzjhaRJgY 4aZGINofZf4BotJ8JjUPcs6GjsSbGZ0ISL+pUW8KDZ16FGcw7cbSaOVyNfLjHca8M09Z5XOWI+If Is+Cy4UZkTaYC2hJLJnMcBZVoSr9AHEU2tFnxhGkDc2INx8aTOg0laMehapTs7nRkEpkpFh1Kjrz mFSflnOlsBPlSzsjT1L5SGo1TZN+AjM5WwZLn0gRWjrzxrC1QqklNkRoMOvjzOAgs6yIBSlHMFq6 jVg0oh6Vaji9SVmPnqSZJBWpZTPrVQyatLN9/Sl2CBdFV0YxrnMy0atkwxvJlewtdvTDPGQr257/ Dc+gH+hSQkvK26U2VLFjeewcL4JR4lb1q5PNqnK3apLkcva5yBUrWhU2Vmkp824Y7CdtKgbFwqGW XVhrbZNWu7yjpLQGfkivS/2A3gvK6kjiQeZRk3rUOxl1sBkdZzPF5FXIOjW4yeVtdDfLVWNWlrlJ xWZTL5iwsboOpRh0KR6l406mBemV3+2QfRqjSBrGBi3Sku1shVZb9qb3vIsra31VitgEL7dtJK1q RcMJYGOShaGYLTCBM3tgzSI4v9xUZ1nP91kJr5M1z0hykr3lrVJhOMMDOl4Lp0zXRebVWbRlb6a0 vGX29tWv4BHeipnaTPvmuMUBuoxiLZpRguEY/80F/qg24UznkII1Wtd1aZ6NCObBPKMGfwY0oMO1 O/hBGbyunevm+vcW9ap3tiUmiIlr2+cBHYnMzzzqYC+t1R8bC7E1rghFJ/PmOodVJD2m850TG05c nvWZP0NpEY8smj/bOsm9AxdcD53anB5PbfiDbbRoC+n0evnExuazqSqE6bBu2rCdRvUHSH3cico4 1KdmtXKh+9yrRlfavHWq3RzM1zy27ny1CTSudfKMEU6R1zUKmfLoyuiy2BG7jh6xiJ/l5Upj51eH lS+0N51fboeVqtMG0Ki94u0Wb7ThmkUuaCee7QTvUdbMMmkpV4NrQXe84xQLdMbgLVdYzcee5f81 C7L5LWIto5fLxz5YmQ/rW/zSZ7PmDPe1u1Jcnp8ZzQ//+bd5rGBzAj3PzUJ6SFtK1s3cmiDqBrSS b73k05LcZK/lIl6T0uVJhxbS6DW3v8NcIcbVz04H2d5JHhiwxs6zn+fDLtA683SPdxzqVIf61SuH 8pSDmOXHHvGwkV1iEx8MvjRj46/UjpK5edJSjIy7wtCNbnKOvSeBFrTeNW/rzeN979LpRw36QXqX qFA0svMyv9ur5WTr0b3iQnvaqycRxksGfJB/++tHyXsUX94nuP64uocv9c+DPvSjJ73oD9asR2e5 +YRvPst9enj7aQ+Fx7/yvbM7SlrrRfgHUbL/3T//9LtnnzCiT3/6WffyYrP+IK5HiCiDZ/ba2/78 K5F79+VvvlpTXfzBt3nEZ35DUg/1UAMGiIAHyC6lRxDL94DLdylY5mh4s2+1tXqzxW+/1yFGcn/4 5xIMplfZFXf+l3mZF35RJ3WdR4ALcoAGuIAumIAMOHrJR4MNKCuwl4HGhmxdp28f+IMmkUtqpV1+ VnwCGH52d3cnWIAJ+IJNeBAueCnql3zKF4Hskk4lBnZNFzQXCIReeEcZFDvRYX5Rl4LGp4KdNyEx KBFRSBAxuIBDUoUHoXwIYYVz0mVhpzCtR1uAp3pfiBABEIhA6F7qRIROZ4LBR4ZpqHmMOCBw/4gQ TuiEbtiGNQKBNGiD7AdpGRh2k3ZsO9iFfxKIojiKgpgXoogWpHiKqFiKgDiKLSGKGXQQqRgABKGK ssiKNTCLImGLvBiISUaKzyCKSyiMS7iLpCgRqdiKuHiKs+iKx+iKt0iLtliLgtiMuBiNzYiN1ygR y5eKpCeKdpiLzjiN4liNuqiMXGdi0vd+O1g55GiK23gUvRiPPkGOzPiOJYGP81iOyMiK+zgR/xiM gvhnxCiMeCeQtFiMAFmK/ziP/niNqgiHqkiKLniPtIiO+JiP2ziR9BiNogeOGcmREGmR0YiOPqGD 8Od8kkZsm9gzGXkWL9kT9tiRrwiNxniRKP9xjCZ5i/xokjN5k9SYkMQYlIBmkJ0XkyXJkz1JlOX4 kDhJlE1YDyIZiC9IkhhJk0C5k0u5kAHwgIHYDyHJkDb5jE6plTwBdlsmaZJGYqBoMtP4j035lMmo jU4pkkypkU95lzqpjXhJEkjZj2/ZkaqYAAnAj395lcJ4irhWkL5od38ZlnlpmDo5kziZgKcolceI mQGgmYC5lTm5jBsZj6pohWBJj1OJk2SJmqAZmS8Bdsm2cupFfS65mklplXbZkxxZm3vZl50pmap5 kTQpigdwAFn5meJoliZJmAkgisuJlZ3pi9DZmAQ5kIp5a0M5EpDJlZJ5lwgoilGJm+Z4gN7/6Z2I yRKBGZn6+JWXSIPZGZfSmJrc6Zkn+XIWyIcT5pa0SZT7+I5w6ZO76Zeh+Z6/KZ8TQZzlOJzEOZzY mBJWSaBBmY2HWZLm2JO/SJ24WKGs2Zva+ZzmKKCAuYacqZkiSpIS2aHniJ35iZz8aImlmaF2OaEW +Z8Ruiztt5Zq6T/nKaFlOZdL6ZCnmaEbWp76SY8GWgMIKpwJaqDEOaO+mZRxWY6FWQOF2aD/qYzR aZQYmqVTh5Am0Z5C2qFQyI8v2J1UKaLHOZ6CWKIeuhI5qqEmKYcO+qLjuKZbyaQr0W+G50Jt6ptz qYsNKZa/CaRBqqN+uo1JaqSIKpwEkaBG/2qnJ0qZW9mcAhql8WmlAiqdQTmdCZl5j2maAQqeNime pQiD3hmiyQipdlqnnzqoKgqqTNmgPeqcf7insEoRc0qoTmqTXRqalUqgRVqkSHqoisqgZemZzMmc yimpUEqpL5marKipGIqEXMqbrNqkD1qZW2mApVqqT4qqsuqm/CmanuqigPqqYJqr3+qFtHquAEqn VFqXxJqXt+mmB8GoyvirPVmkuzqg3GmRhBmNhLmnXEmLdmAHo/gMdiBojLmpTtqurdiv5Xqtbkim FymD5Ememtmhj1irJwGpDQuudNqb6RmyqTqr+QmNveiqfAqq/GqlQaqrKQueSaqkSxqINP+LpIuK jfGwswSxsyO5k8cqiMl6ilNarAiRsDVgsIJYsKdoB+pml1F3mChbrP2pqyIKg2JKng8alAs4r/G6 oTE5tSHrn6z5rnKZrgNCDwdBD2rLGpS5lzzKo+4JnI+6qoBZpe5pqQqKqEZ6AHV7jqIYDz37sefp isoqpUUbAP86txKRsAWbtKKItMRoa856sNmIorqatw2buRFJsRrrhqNomXFrjdRqqYJKl9d6mgQa o5yLtrXRtgTBtmwbu7N7fuF6uj6xt32bszPLqL9qrzV7kTsruIKLEMW7Ev8apYWZrMlKEo/7uEnr uEjrtNGbtEnmtInYiC0ogwo4sd/5hN3/+4dT07ZqS77lW762a7docaj4qru+27fAWwPxoIo8K7/1 exDHWxKUurjJi7gEQanO+7zQ+7zVa4RmqL3qEYUwOKYI2MCQqIDcS4niOyeze76yWwOwW8Ggd7t6 wb7sm7Pwy7fxW471W7zE27PDexLK+b/7i7jMu7gU4bgFXLDQm7RISBDUixAKCR7fy8Agyr1QCMSP OMEdUruxi8FHTL5IfHxTJxrvi6C8q6/4OhHxcAAmbL/ym8WDu8X6u7z+q7xSGsb/OxEEbMNIexDS a8PRi2uOy4LbC8RBvMDh271PCMdETCAafL5rW7uwu7Ykd4I7nBcKCsW7O8i7e8iLqqTD/2vCJbzI xJu/JAHGEtG/LBzDNHzJmCy9ZazJZ1yA3uvA3hvBEwvBkzjEdzwh6KvEspvKR7zE37WlenfAZ9G7 9TrF71vLWKzFRZrCJywRKWwSzSvGY0zJaIzDAyzDyIzMxmzMnezJQ8zAk+jAdRymp4zKq7zKSGy+ 2CwRRjxPgByA4ofASHGoIowQNAu/CJqgO6vO+NvOg8uzjqy/LJy8ywvGAFy9NGzGnJzPaCzDanwp 0CyDotzAa0jNplzN0pHKSpzERoy+GNzNsATIB6nDbjzOhlzI9cq35Yyow1nCWXy8JwzP9wvJE9G/ 97y/98zMxWzGK43DRxu9/PwkC/yG4f9LiTMNhweN0NHR0Bb80Nns0z59wRG9gp6XiBWNEndwByVB zu6rpInM0Sjs0VZsv4ysxb9M0iXtwsMcxjDcuP+8yctcw8esLM9MzdIMvmMqwTq900ss1Nv80BWs 0HAd0cW3hP/neSqR1DWg13stEfoK1RpNyBnd0VdcxUYKz8aLxbycEsTsv8Lcz5dcwGHN0mcswP0M 0GxYylgLytFMEVWtxWutF30M1AiRwXPdxxDtQhKNhgF4hEhNEEmt1EoN21Fczr3bvuhsyIgdzyDd 27mMEl6s1TEM0zEt2TOsz8U8vWnyhjdd1nAMx7+s2Fgd2kjh0BPR023dyqaNEF2d0uz/kncmOH4q mBJ8vdQancjuG9jum8LEOdK+3chXzNgu7N1e/c/Gjc/MnMz2DdA0HZX+Pce+/MgCjr/TPcG6UxYW vM1x7ccJfsErPMZbLSvhPd4AWNe2xkMUodflTdtKTbNObc7pnNv429Ht3dFUbdUfjcLuXBbTO9Ys Tdktzc/NvNxxnNZtOM0E/sgoHtKgfcelJUVPRhIOPdrczNO0S7tt28KVTN+E4Q014ORPnhLhzHnh fXe+8AxlRxKzreGxfRCyTREhfs7qjcJWfMUm7tkrfr9JodyQ/QuP+wu/4NJi3cwDjNl0jNPNDcSQ HN0qvuJ/WDE/bmgukcdIjto/3cpz/w3hXM2/TP4WTg7l3gDlLIGIiyh1HIPhsP3lXV7eHb63hDzI UOy7hOzIUz3VOc7FjtzLa67PBevmcP7qr+7SkL3fNfwnIGrWoryA763jOb7Yf947TLMtPrHgCn3B 11zo9NDVEK68je7oUR7pTy7pInHXrb2CV46GmM7hGy7bsa3X6e3Xng68BvrLhJ3qab7bBc4T0Bvn NQDnduDq7+7m7W7ZdU7ZM86Ecoy1ad3O0S3S/e7nQEhaugbsLSHUflzkpQ3XsyvJYuzF/Nvk0R7l ET/xIxHO4GzXWK55mJThff3le83ts93UhezptX2ow5vOAq7ji52/6e4SNAzr7J6wMP/v6uwe55z8 0vtt66X8yZzNxSce1Szf4z+oO9y1ExWGEkOO8A2d6IWOxJTM6Fy9F5EO7QdB9Qhh9RNRdxJt5cRx a4iX4VvO7SPx1yD8xL8Lwoo97u+8xSMt9Efx7gQR53If73I/7y8/97IO0znPLvsuEgP+zrt94izf 8odGWiJh9EdfEtc85Avd1nqc7Iib5Cus7IqeF1P/7BNh9dJOERePgoDW9UkWHIF2dl6OEN3e1x+f 1GTfvuEewuNe7iae8sa7yCluFrCetK7e7nHf6vkM57hv3Mp971RU1SJN1bze9vhnMaw0F/GjEkuv 4Hvc02pbmA398MF8EM3+E5Ae7Zv/j/UVb9QWP/pb+meLp+Wz7eWbDuLxy9SgPsgnTOKCb/whHc+2 L+/z3u7sHvfuLvPubvOSDRB2BNYYWMPgQYQJFS5k2NDhQ4gJ48WrMXFixYoXKRq0mJHixYghRY4k WXLhO5Q1UKZU2XLlwXcmD9KbWYMeTYQ3ddq8OZPmzoMJaggdmsDoUaIyQ3o7yJSpQW9PnTpt+KyG VaxXDWZ91rWGL6tffYlleMfs2TsG09ZYa/DAwQNx37qlizBu3bdz3W7EaJFvxr5KG/76VYMwQcOE FS82+MtO4cQE7TAsKNjy5ZAbNfLtqPmgZpCYRY8WHXOladQJU7KE2PMnT56vYys0/6pTKFKESYkm JY3wKdSoNaIOJz6VIdauXsNmvdp17NivJc+qbbtQ7ly5NbBrz5v3s0eMgBH6DdzbsOTC6RcTfuyY /eHJiycjFjjf/H2ZfjWO7/zxO+fw8BPwvtRWgwmhAl0aqSeDXPtJNgaDSkAneoySMKihchtQKuF8 k4pDqI7TaquDlEtOK6uei8gstqZTK6HuuOPuLrjcuo6/vzgCybP+BmyMIPUEci+xwgYS0r365qvM Ryaxo/G78QLkkSMqo2TyystYWi3B0ww0KKaSZGswJ9hwapAomiw0SE0LkbrNx+GEi7NDOoH7zSHm UCzRObJ8ge6h6lhkqDsab4xRRv/v4trPPyl1dLQ3xRSCjLHH2nOsvfaAPM8g+7DETy8ntWNIv0ZB 6y9HT1OVibWWWgXzVQPBJIlBM21q8MGb2sx1od1wy1BA4+T0MLjfgnsoTz2RM8jPP0dKq7pB7RI1 O+tqBO0zRrENkLTDDrKvUvku/THSxiZTUtVPZRQV0buupdJUHBntCL9++jnIXnvRjYg1WRH8UiUu Ww2JVghf2wlXoNpkk7c1maRq2BATuhNPE0nUV1247vJu2kKhLM+jzQbsdkjFLCXySPfSmw8ycy++ rFBQOebogHn/Ig/kj/y7+b56a6gX355dFulVgPuF1VWRaqWwTNdsrdC2ChPa7Vf/hRnubc7iHqYz 2GPD2tPrVJ+0EcaNbdTL4x7nFdnb8wYqGUnHOI27yE47FVqmjteNkeZ4FFX7Zp213VHAfH0G2qDC 7wZ4cVb7deklyGdF2CczXZvQzDapXriokb4x6BvPPY/oQ63lzJqk5MB2ObuYp83YoZzh9VG9w4qM 7Dz41KOvdrcRUxxvujTW2/WcYQdMZ5t7w9fwn382/N7fYYIVctO+NNpVx1uztSZay7RpQt2oblj8 Xx0S/fPzz3eIOOB8M33O6E0S3skbRyo+1doh2z29tt+OND4k2S1+DxEbxtZll+to5hnx8MrxHEi4 5SEkaIgDWuKERj0MvgR7/9Lg/4K257QPxgZXb8IQbW5zlIeErgYqVCFEiNWU9hHLWAMEHqIyVkAa 0m5SB9FdpQoCQLdhKm40jIjGzqa3mCWKZhlZoH8WKBEeqY1n+Wqe8+LXwew9bnGq6aBJHLQ9pdUK hWvKXNWsphDRgQ50KxSJsUi3tfdNjIjyO9QcJXU7/bFnXOBSCAB5aEeIsO46icLYW/oWj3Nc5BwL tErsxIOzbSlleVY83OF8xjzFoUZWsdLigQTmRYLh5EEgPOPmynhG860xfS6cinHgJ0dAxhI/OxwX 74BEKXLJ0iGExMuMetm3RfbtGecwyCKfSCooZcsyFrwkBZsJvWdekHHT6xLSrP/HKqUcrHJpwo3C MnRC8aESfeo7iBrZSE6FFAuOumSneWoXGR0aplJyK1ek+NcY/bVTWsML3gHHdg6ALjKgE2kiQRnY l/tdhooRDFoEE2LJ6FVPeowTWOQwM0qgkLEo4HTIGBmixhauMI3lRKfEXgkifaZUJvkkEh5xF6Qf CfF2Kq2LtEA1PxsBlCLEBGgNevqRsDCweKiSpPMYulAJMs+hLkvQFv+loGtmUUBuQqGaOJe5FIo0 jVvVKhtZWacZ0lSsEbnnplr6I3zKcz0vxZ1Yb+rLGZ3tGXEZ5kCH+URiNrGJWpkSZiiZuAlasGdL ZWrjNilRf6WqjFLTnIbMJ1L/r4ZOlV1dClVgOVbMMoSl8KQlPBOSR7PSdDs2HOR24pLXgPI0tUIl aEGrJJrmPc+ZlXTmJZmpLy1N1JNO1Zevvvlbj3JuISAd6Rq9mlnkMmmHLGVM/tg6sk1tlp2EumEh DzDXA/B0p9lNpEANWiKCfmw0E5Rg4RqKOBoerXrrnd7FfLtRE5YPjZ87rmTPGdLk5lc0+aMldFva 2T+Gtp2hqpHrMjZXn/p0kXRN5DArwkiEspaoMomtbe9lVNsONpoX9BJ7OZhYVbHpQt/kTXBJas76 oli/Kx4N/7oVXegCmL8zTWmoeEktGPmUrgsMaF2/25ETkYaKslVqM8171Cth//Uk632ceqUa4hNO TUIkRCM5UTxZFmeZWzDOJ2jfGdqy6pNaRiSbL+eK4O5YpcfI20iQx4teo1Y4w+iFpo+8aVWFOC41 1vtdr8bHWBMjBHT84MeVa0BoRNP30Ijmx0EI7ehGM+TRkGb0pBVSaUgj5NGVjvSlMW0QTnf606Fe tKgbHepOUzrTpLZ0qyPN6c0eZtKEQTWMa23pRZea0aAe9ac1nWpcbzrVuzSwgd9613NwN5GdQaiy lEdBwMK5ikndMGmqWlX55vnDRIseVt1UPiUnRI2PNuc3CD1uU2c61+uW9LB57RBXv3vV6fa0unGt 7lzfu9T4Zren063veL872P/86HJ6Hk27RUuXhwP/db/lLXB683vdk9Y32fK2z7ckh1AAVY4CGchI 1U3xqJN83nnJa+2H4JkheyYiR/981WyXc4XnVuWkQyfshOC84pR2984djvN5S/zhFO+5ux2u64cf necQrzfS8+1u5xqG0dAl9Iwn9QuGBz3nRs+60+VN9IYMspeljeuOe+rTPCGrOULGcJEXguFp30fE fqZyZsdYYhKKk9cjJTcbgT5vn/Ma4EZP+tMbHvCt27voCxk82IW+dMMn3ul/l5T+dv3iquPzxbQG duePXvGu7/rXiA/7AVmHxBhh182rHxEE6XxhTNbWvPjB+4XqjlxvY0jvIj3/d8PTSPmnE17xkmf8 sCkvbNH7O9GC3zXoOW34rtdb588P/qlNLXqWZr7qi5n1PfkXfeSLnvpZdzy/A18/mN3UKoS6i9eW 05wGKufZJJ9zYKFpxd5E+ZRvUjnu/RzzhqC5TFMh4As/eHs14xO+ezs+61M6phM652u65HPAiUs0 5yO6nes+WUNAxjg4s9Id8GvAh2DAr0vAhtul+ekYJToRuXC/rUCOBtIT5Zk9TFoouCMs0Vgsj+o/ LZOJ3kM3FCvABvQ56nu8wiPB8pM80is8JsRAz2s35lM68Vu+posuWIuUzNOdfApBCtS6EpzALqyW GnmSJ0EzuJI/FxyRGHw2/9kaMvsDrJPLP175vx5UCnIzJ8QLuCQ0vyeEwqFDwD8svuGrQuBjNyqk QFcTwa1zwqQbvNrZvsLIwgA0wQqswsirRD48QQLypSNinbDYMYt5vxdcQ56ZLQu7v4eivR0Mn5er w5IoQl9jvogbPE0Mw1j0uuhrROvztV7DtET8tbMjJnyzQFjsQ12LQHXjvC97sc+jQlI7RgRMPi40 wrA7PUOhq1GUPzUsESy5wcEiLPwzDx7sJgB0RXNELmHkqQQrJqHhLxerJQFjsb0Zs5u6LhR5P2UJ MlI0Dxt0QyOLPVV8OZc7R4LUL9VKx4AioqujsYLsJwRyi9QhEbVLHbWjl/9pmyT6uy1rmxoz2r2G /EhZEkYFS0iEjJ+yUjhzNC0jkiuESDsYtBgf0TDomT2NFMerkjJsA0md1CXVUoiEPAiR3Ek7Opsj 4kb4e8k1DDnCacN/rC0745VyFEqpBCSSTIhgnMrMisHliEiXgcNo663fgjmsHEvF6SmzBEp2HEmy zMr4C4t3kD/E8hS4ExqGkbK1vEuhucoEq8qfxMt24gr4U4mu4Bfe+kj+Yyy/VAhJWEzFXEzGrIHH NIjITIjJlExJQAjHnMzKhMzLzMzNxEzPvEzLzMyF8EzQPE3ODM3UdEx2TC1iYsyz40zQZM2D0EzR tEzcTEzzUI63ZC8smkr/HtTN2qzMyGTM4rzN0kTO47xN2txM42RO5KRM5RTN45zN4aRO6BxOhOCp xRTGx7zKc3DM2HxM2kzN3FxN7ZRN4SSNTXoqDorL9cTL50xP6TzPhiDP6axP9TzN6mQI2zzP/0RN /ETNYgKo7+zOtCwm0vRO7NRP9STN/fzM+CwJTcqz9nyyCZ3K5zyKxbSa58Sy5ATQ6MRN5+zM7PTP /IzQE63P+SRQAv3OdfSpFpXNzxxQ9FTRDBWM0yiaAmGyLcnRsexQxrSQDi0f0jQuRZPOAGXREZ1R CV3N8uzP/eTP8rxOzwxPSeipyCRJLO1SEh3RB8VOG51SIB2a66koDdoS/2wqU5Dc0BMizQT4hswM qZKyTzL90sYMU4cI0DG9UxqtUjt9zSz10r1MRxudUQE1UTy1UzYNifbyMInipPswB4Og1Bqw1EZV nCJNgMe0qg6VU0kAVfxCUvpk1D/NU9Pc0+h8TkCtUUUlzugUVPEcyZ/0Uiw91TwdTTFN0UyFCD3j raaapjVVCks1B2OlVGQ11l51r9CUhChbk8UUVVDVKq5yUT9F1EV9UjJt0SWlUvvczFsN13QcSdvE VhHFz25d1pWzJi/hs4YYVpJAVoRQ1kul10tVV1U5zrmb1sec1snCrxLVz4CV0lzVToKFVREt1QSD TUJVx29tzlWdTnQFU/98XTKKkp5gxSIMDQlMrVSPPdZKPdaOrVi541Rn/ZUNHYoijVaiiEzjUp8S hc4V1VOFLdU+Xc7rfFhGFddwVTDtPDuIlVnrzNmaJdn2TKx27ZIuugx57VinLVaSZZJOVdnLNFnH vI0hZaNolSxyktBUnc0ojdjk/FqEtVJe/dLQFFcZFU3XhE0X/dq3FduoRZDc0jYtoR6K2tiFsFeP PQh5vddkBdy53UjhoqoM+YY4bRPQMYoWUiVSJcuDVEufddgYHVwmqVseVS/39FGZEFm/BVx6bVqQ HVnLvQxvsyrG1T+tIgp0wq+1pFzJ1cvSvZLD0rMKzS2W+6R4vVfeVVb/TLVX0p1dkzjMulwTz1Hc oUDcOJU59alTyXhekEyt7YzRoBRe2r0mYLWmp4JXh/Dd0K1X8PXdzxXZ4LXeiOCouiQhkOomC7Gv rTqfJPEdnQTP2IxN8x0Qboucu6Vb1fiwg5AHeWCIYh3gAeZdv/Ve4L1fkeBI3WjgjVre3UBcQWMh hKgMczES+dUnDB4JdeRSBb5eHqXb/H3P/VUIADaIAJ5XFR7fAwbdj03W8v1gqRGxEjJcCV7cxIWs yNLhlpGMulkSQEqS+shgpaheGRaQSN2gxpmow0rhAD7hGkjhFg5cAy5gvq3X343hIyYjGg4fxFUj hcHhcRrjCk4IDB5i/wFSnMkykh4+ly0GpN/k3yXmNgCOCSd+4ieO4gDmW6iF2pDNYj8+x3qoh4Mg 5JY7TIF84KMot9ug4Pf9FguG3jS+m5e1g2+AZCXp4TceoBKWVN3l3ygWGAAeZShG4fH146bFYpDt 3VXOskEe5BqA5Vg25AFSsmdFn0UeI+VdXpJio/j14Qs+lwuOnpH6HDTWZCC+j3nY5JGIFWoqmk+i 4zo2ZWrOY3MA4D42YIUg3ysuYP0iZFgOZ4Wg5T7jYqrS5c/J4ariWq5akmNmGyLWl/clCOLyYU5p GTceCXeoAXfoZ35WiHlY5mVGiIFm5pPIXFCG5l+VB2zKYynG4igO5P9TruLw/VwWA2dwjmWNzmhx ruUZBrQ1urYU22FJvmchbmOXaV7jsmR7/mGTLol95md/9ueDGGibDmiBNmguoqbr6aJNwmM7PmGh FmpuXuHQfVoYFt1vNghDluVXnuVwJmeX2b+w/JWQTt3lVTGQqmBIpg+2meRUAVFLHmskFWJ4BuuF mGmD6Ge1roGArmmBLuiCNugKnSY+29H2ZOg6xmNTzuNQplR5IN+PbeF5TWWL/uaMToiObjndey8I LoqrTtJezmCzft5gRmsmsa9xSh/PsRt8foh9ZuuY/ufRdod5iGmcrmm3Jmh8rRyTqGtugyqfJmUU LmUp3uOIvubAHuz/v6XiVRbs5CJnjn5qWWZqje4z/dtBMkojoQDjepY5YOYU6YZe6pZnJP3Xybhk czpjzE6I0P5nmQ5vtz5t015tnI7ruW7UphGhWtmXJnvmEkaQUQ7lULbtJ/bckaXi8P3tKV6xpi5k 497oqC7nbws0FDreOJ1nrp3uIfaWH+JqShY0skaMNfplBm8I0Q7t0V7tfj7tgS7vt87pnFbvmpgN EKLQJWM5lpjvO/5fh65UbHYT72VlbiZg8c0sp8Zo4v7vQn5quiSx8CmjxU1e5r3uko5u+XXpi1np K1vwS47ffGYI0Q7vmO5wmWbr8E5t805vIBWlL8KVEDJTJtZfohFq/z2u7b4W6gSQB6Og1ARwcxf2 5pCtYi1mp6im5cR26h6nISqzy4ZpZF523souY68mdHThbMnobJYGnbGG8iTHcJoGbw3H8iu38rg2 CC1f7QkVJdhICDAXc35xMmg+c1IeaifmHHNY86EwVqRI9TcPXPH13N7FcYTA8+O+dVxP7LsJ8uIF rvZlobJucAvGZ2QWmnJTI5a2ZO2G369ucO9e6yqn9PJWa/K+9Evfci5PzKYZJacJI0etXYX2FzvW 41FeDb9O4ao61t2Ac4imaKfV5rFq6h3X9eF+5eL+cRoWy/Ep5joVdjQudGe3bvelL4HQbpMm9oB/ 9rWGdkyf9is/CP/TRu/xlvhsv8vu8YlboZz2dm81vest0muGDuGWMAo23yg2f/NVf3WrinVVLmzk 6ujivnd53/FuI7HCRWSROOZid+nuFhDHJa6C2G4Hb2MBKu2Fx3LRFmjTnnRMx3S5Nu/4XBoRGhPX XhUlvt2WmO8z7+sEsGOhuOavR11MbfMb/13CjvcA5+hZZmqZJ+5YSl+PXAg2lm5iv+d4PnR6ZmmR mnAGF+Z4/m6j/24PD+239uebfmunP++oB/NPN/EIaWb4JJoV1/oTfgc8BmD9Y/U/PyFWl/WEGF1a x2jj5vGZj3ldR27dKyGl8Ptgpo+ex5InV/Z65vlvwXBJn2nD32f/pW/6iIf6ic9RTt+mEs+oLHGq H0WJkA9ly49ioWBobDPcVWf1NhfcPzZstB/9tfdxth/u7Z8j9LWMH0Lmzx6gZZ8PZPdqR0frKl94 0p543Hf/xAfoEfdLg8F4BxGTE+8NlDAKy+/6kAeId/Lk1RiYoEYCeQkTMDR30Jy5GggRNmwI8WKN iBk1Suzo8SPIkCJHkiwpsl49iShV1kipEuXKmC09ujRp8ybOnDft2KnRk6dPiUCB6iyq85vEb0h5 fvvp1GlHoiDdUXX30arVGvOqVq2R1d08rWLnkZUYtqzRtGrXpqVHr4Zbtx3jwqULty7bkAzfvavR t29CgQMLFmSo/5DgwMMQJ0Y8mADiY44bJWPMa3mty5orX3LuKHPm5dCiQ0L9KTTo6MtKhSrtedr0 U9cis3qt3ZEqWaxet2IFG9bj79+phxPXKfetRLtv6drN+26vX799D/NNWJCvQr/QGTquqNFh44uL JVYubj5kTZqZQcKE2TL9+fg5hwqFLT8tfdQ+pZomqVvif7cBl9tWBQZ3lnBaJXgfg2st55FcdzH3 4Fx5JVAdXxkeVJ08GWqo0HMJEXRhdI9lxB1DFDW0EXkZsdggce15FhONm6WUHnww6kjafjsWNZRs PAEZVH8jUSUgbb4lSVZYYIk1YEdo+TilTcghV9eVdyWX3HJZFv/VHV8SHaQdYIJ1KBhCA4U4EYnd ceciZJF9F1F5VIrm3nudeQbaS5vZ+SegO6GWX1SFmnRkVwB6BRZXvTmZ4IFPBjopXhFqGeGDlnr5 ZUfPabchhn6B2BdhC21oXXcUUdSYmOC5SOlwmfmpHksf4Qkrrri6RhR9spVEG4C9mcXokWLhVtaC ZkmZK6xdfmTlcRae+umpYe5FEGDWFTYYYB+h2NibL0rGLGY3mktTnjjySS67dgqp32k5fRUsvbx1 tZWyTCIoabtTZiphtJViaemXY5KKUHUpSnTwhdke1qGKqk50YkUr1tlvWn5qnCfHmmH8sbuG6lTs V4hqdSRvZ0X/ORbLIO8YcEhZXtlcWnt1uyHCDTsm3YXcZasdwqSOKaaYjw3tcsZ7ure0nrci/TTS XClam1W8scykgsFBzaCVz2KKpZZhGzVmw39Vl7OHKIa7c88qhlt0ikdvXRSNHHc849x5t5vkvL7t 9qS+yJqlN9dxfb0lhRSu5aHZnvbs2HPWYvhziEPvTPTbhOekWd3n2qg56JTyTbKTKI8luNahF5c4 l1zKzNabky9MNMMNL5xwzmw6brnECqtu0422blzr78VP2ZXUUS4YabLGjzazsxJKf5nNZceucIjW ohim25ErrLbzOK1Xa47hm78josB+hPrg56d2OMCXiq1TqkF3/9tpmJFPvJebt3uabf0k5r6RBG9P xBsgAv8kpWUlUDQEU5xotveX6HhIRRkiU+TWNJEJtul7RGsgSZg2KxCSsIS/yxT8YDexheEsbQiT jnT+ojbbve1Na2MQUnJowh1O6hCHyIsPQRJEHgIKhZtSC9v0B0OzQa5TZQsVidb0vczdBykdWY0V iWiSO9yhJAD44hehNsT4jLEjZSyjEH/4kSGi0SSJQUxJfNhGLYbkHKEhG88whLMYTs57GWThqRJw AIYM8nLyUUoOs0jHm3BxJGGUyCNdNsfhtPGMahRJJS+pk8F4JDEjmSQd7XgOUY7SjiNxBipRKRFn gERtDNMQH//tF0P/hWiQ1TkALjF3gEPWwIqr6SUwf7lIkXSxkR6J5EfAGEllAqAGYIQkMzsSTWdO 85HLbCYm5egROV6Sm2zkpkS8GU5xrlGT39TmOMcJzhoE0ZvdFKc8uIkYgmRTnehk5zoTOMoalJKf IWElSACaSoCGhHsTFBP3yoZBEh0gYVIU5C5rENHz6PCKFkWkIofZEWMaE5ohuSY0m/nMMD6TmiAh qTVFik2QZnOM38SnGTWZznu6VKYwjelNb9rOd870pUEciA/j+UOh0pMwaVRnT01oSlNKhKmrrIEq oSpVgRK0oPkDlYYs97gN+iWiDX1OISWay1zyMpi91GFFh+P/C4n4Yq1ba2QXj4nNZM41pR41KUvl atK7KvMmL81pOgO7zR9aEqfldGdOfcpTmNYUn/TcKT0Hw8mjJpawNnUfKZ26T1OqkpUCfepAoeoM b5D2bdmbnc6uuqZ37JK1u8RlLlnbEa/CNj6ITIpHMJrR0bS1Bm51WVxFgkxp1nWlxvUoS5mpUuKG dK5xVGNN/6pTcY7xAI0t52Arm9TA7hSnQSVIUPH5XYlIFrvaBWX4NLtUUfKTqk/tSCpr4A35eoOV 80XIffXXs9rt93+yhW1DvSpWAA9YosT5JRYrimDe+tatvyVccId7173aFa/F3auFmUtNCbf0nt7l aWN9+Frr//5wl5nM7nW7y13LfvixQ43pPIua3fNe9nxM3WdTn3qOz67Ss6IlLZDrW1r5fmqCZ7vg H9sE2/++1sASabJHJpoajB6oLL5ksG/Z2tYHgyy4NegohlGq4QqLGbnGXe6Eh8vhwioWqefE50RF TGKbsnmxKkanihk7VDkSFaZCNeqMQ0znGqtuqTnmJ2ej+l7RTrUjQSYtwrzRx8YxzlO4ZK1sBzzi 2T55tlJWTYPD4ovAAXMeu7XMWlPdYKjFtZgf7WtzL0xhlcJ6wyOVNYYnPOMVRxfP1D0ElBFrXl6n mJx5/qmwwQneQ5TXntoVr3QFKDeorbeU1/BnKT3bWUZLhP+0owVyZ+8LNOiclnFR/OpXn0xgKNO2 tqHp7ZZVPQ9fWNHUpj71WuDN1o7oG2Ot5qKXR8NhnQw8NJOsrbs/7aNm9zmyBSFqsy3kEd7lbb1N vcY1dqzxgXL8I98GMn2//XFvpHaWRubOWAOMabJyutPq/khm0zLvebf1GzP/xqiVYmpgXqa3+161 g5FWzICLpuA3MfplDg5lJzN9SjF2LBxxGnXLsG3ibJobe0t5jms4I+M7/qy2u+1tcHu7xwnIbwX1 W6L8NXR26p4ogBN+AK1vFtHYNomqR62VVG8Z56q2OdZEo+pV/9zfACe6wJ1rFKSrhZwiETDTWU4l bxb1jR3/mTrV6+e7aWPd66PcNo9XWXYhk17kQfaI0NaOv4W1/YIuN/CIN32Ouce8I6Qkic+tHO+a K0hBNsdylrMMby6zy9UafTzsJQ8oOFZexpOVscRVVXXMrRBkWb82Kj//T4DOd7SorC99ve39iZFW Q36sXFcJLFEmy12sTZ17U3Ecfxw7ld/xRhBZkDJqeu/f9/rquf0JH+Edn+aknLs13cJBn8OR1wI+ HBLFzcRVHdlwHsbYkeeFHUGFXbeNVvh9m3xxYH15IMnBUBQZzMFElGttGsuR1eztkh3hkmb5k+3J oEf026jRXC+1lanR272J2uA0T1Hk3ZZpmc8RIOEcwC9I/8QvxJ3C6cg8PRwnTRYDQuEDwk0AVZ8h uYwFep1oYVyjhRa3caAqgZv3zdfZIdQfzQ73BBjCNZmU5VJmwVZm0d/t0aDP7d7M4eDMNZgO+lbg 5YWD5V3haRTjaRis/MISKiEiLh2lMN/lEUYUQl/BGNIU2RAFYowXxlfXTZW2edZ9iR+kiR34kZ58 HY3r+c9rpWDTraBEzR4/jdWh1Z2hzeC+3eDg1Vy8+R0e/iGqDd/ggY5yqUUh6lpJ/MM/gIQxJqNE GKNHMOMyJuMxikQSRtQi1kASNmLzVZ4DSmHNWKHbdITvFA3SeGEXYpwqXZtocdyjgWAZeoSPjcRB wdBHwP9iyr1dLM5e3c1gHdYfcKwVzYlacOxeH7bPuxHh7yDTMJ6U4pFEQjpjRzgkMzpkDTgjREbj RyDiNSLhLmHk8jmiNhpVxK1FOE7g0aBI9YGMOXZiDZhjo6VjGYLc6W1gVYmbTtRj8j2ZxW3W7eWj /NWfvumdDqbavuhd8wChUfTbQS7krMXahsVacZVUmCnlM1ZkSEhkRFrkSCQhIiriNVpjoHgSoEmW WHIj/ZRkOFIfHgnQx7Ak9qVkj8GXJ5IdpHUfXXKgUbRhgbkcKb3WKMEfHdYf/X0E3/HdvO2dQAqH P/aeUR4fh5EZSi1XSZXZUhJjMyrjM1YlVl5lSVwjZ27/pVYq4Z9YXmSJZScBmkhO3wRK3/48Dddx 3SaCYSdq23yBn/elUvfRF5GlBdxBnguWEu31k05mXczRXRE6mHCUhS324/6pjBEK1zTZ2pgdF0gl l1R+BEVGo0Q+JDQqY3Ze5FZ65Xd6ZSM6IHltI1hKYk6g5geB4/6YJNSwEvZlYGiF1ic6GpEF2cfl BcLd5Fj15dz55U5i2z6WUm/RXCDW4OAM5qrxYnM6Z3NFp5kxF3XaxHVe5kRyZ2Ye43VKZFeCp4d2 6Hg64uWRZVnGDQSyiVa5zSWyi4/Jp8dl4FyKYgjOJffdJT3uJk6+otbFn+3FIHD6Qj8JH1AK4t4J 6WI2/6iDQidfSeeFTahJbCd2ZuiFVuaUaqd3iqciimd4hmaMPR+Jjg0l9g8WqiXSVBVVdZx7kaF9 gV9uhuJdRpn7OVlvtqArzqLdsRePnsMtDl/gbdnMuRUO3iBzIqmu5dVkSiaiHhdlVqmFUqVVRqmV dgRHSipoWuOWfuVomuYdfRDbaFUlrii5gB1cMpqLCpko4ibIsQVttVxELdV/egRwZh2P+tNaEShb iVr/7eFg6mBh7guhElet5Zpj2to1QaWhRqqFXig0MiqjQilIfKdncia7ZCp6iqS3kOQM+QT4vCcn tmhVSdWPveTpmeq36qeB0WkdqVes5mmW2Srf7R1ZAP8qcu4hqf3q0VVn8WCktHomloIQBKZme6qN VHBrjykauKbjW4KbVNFkueqm+8EhDO6oTsLcjd0YohmaP+ohHwblWQSlH9rrvZbQZ1pqlu6QB4mj OCZAf6isr2jOO5op2M0myMXXZbzh/MmgxN6pLMIqzprS7hnmxhbm/f0WA4GsQjYQv2plV3alP3hE 07qPe/7rUxANTxxEy4JMbCJsucJmZ73scLgh/MHc3dFg7d1srRIhDoaanxqkyhSt0WpReHLkZ/oD 3dbA0z7t+ZjkDH1qUFgtvLiMBoYeJxYsuCqawQ4H3Y0ET8bqXwJp4f1j8A0mWkDK2x4ftF6qRNDt 3Wb/rt2Gj94WCmwwhB1Y7a4UCeCGIamqJOhNSh3mGD/CaoAG4A0Gn1n0H9ARZOVabr86bUhoLt46 zw39BMtq60QIya48TVQZ7qJxHNglr3wkbpDmadlWmygBKT8KZaD2n1Dibu6yi9umRj7kQ0nUbdPi bfn+7lqEL65A4FDM0JAc799ijIsub+i5F81ahvqKxI4KKOxa3Pyt6yg9mFAG3dDC25ES6nPGR2My k6+WRULeRP52RPhOcOfabflOcPg2LQZT8AZHMEjk7wZLMAaLMAWTsAiLxAiXcA2oL0NscAtvMFB0 sPiesEd0sETI8AdzcAR7cA2P8A3vsPjKcNeu8Aa//2z4EpQHqy8Q0zARK67/AiZwXuyd4mzkEl6g xquBDmT3RuV9LPBvRBKy4N9l2HAG220Z+676avAM93ATmwQIr7ESw3EQy/EPNzEPf8Qb03ET80T4 JoD69kT4AnI+GK+vJPEa2/Eho/AMq/Adt3EbM3I+OEP+auJUqS8r8TAmL7ImM7EhlwT18qzrHprr yh+/AR1RZi/tbvECS2hfVROsBSOx0hVxzQMDU1NYuDJU5hoJH3IG0+0Zd24vN3HdPnIiK3JIxPEJ LzEiO/Ixa/IbE7FTcEcg8/EmN7My43Ex5/APPzM2d7MPx3FsVtURe9YRQ5UP1zExczIvZ7PihjIp rf8GHdIggvKhkL6r3m2xXh2tmT2lIT7mkr6agvizA6NZP+NaDxty3ebv3Sp0BKvxNqtwNzezIyMz OsdxI7MxET9z/sJGIP8wNcdLDEOyRJdEHlczRidzCYMzwnazKllyRifyOV9zJuvvzToVWiHSOXxD 686q/b1rDf4iPi/qdDoXQjaprEkYLUdTUk+uZKYZvpqwCF/wDJPvGSu0P1x0I2e1SVP0RKcwVm8y Mv9xoXSwa+CwHXDzS5c0RNNwWBfzTLd1Wk+yaJWzOUdyOp90VzMxOoPE/rKXTue0HWFUU2URKY/E L/p0UBtiPmeYYisXQVcYcHxR6oQRgki2ZMtVApP/xDfnw9MGc0KLrxqjMTtrNTbr8TLv9S4zM1s7 8xz7ykeLNTSXBlp7MztjdElrMxvftiUbbkuvsSRX80yrs16rNs/WXSKhVU6flU4XN94paGLrsyxH aGMvpJNGdjPtCxjbMmV/8VMbMzL7Mmdjs1Rn7kUTNzMH92mrNlzjtm6L77vU8VkPMnyPdQhLdHmv 9kPjNkrntwcfbgT/9kOjd1GUN54GZmDj9FkdOE8/N1sMdUgJK1EbNYSuz3AtdWUvl3DkVcG1tea+ MXhHtRmv83Dv9R0v8TXXMVfbthxvdWt/tCOHdG6L+H1X9IqP9F1nNHFTlUvPdicLN2qbd3EnmE4j /9g7n5XdMfhlPGcwFjVdRSau5XJSt89S995l4zKT53BMY3CHr/iJB/hIqLVa7zJM1ziWzzFUp/VH /0Qgy3B8q/hm1/dBm/k2K7JIzzkOl3ado3aP5/WI03SC/3UvATY/6VByIznoTFTgMGfq8MsB2wQP m+/dam5HDDPnpsWMB8q7ZPrUvne8GPqlJ4VSBLYMhroVjRJOL3fx+IGqv63yCc7VDOoP5kUjk+9H lC/n0rpafDqlBMnx8oeh97lILPc+HTeihbrYEo4fSMSqJ3sNqPqqI6kbKs8B/N/pHGekEIekWzBI RHoF53ptT0pp8Aqvmy6D6zrPDfttYZFf5/Rt5f9Nsr+7szc7szd7g7IbLoXFLv1hGItxo7PF5g6z 75pvApXua/QH/P76UVyRkCMFux+3MEENsz/7s3fEu9P78dk77GVNy6wMcCgLtk+6056vtpPQwBIJ ISN8UQg2qAf6cicYbrn7sld8zMs8Acbdk6HFvecSpLi6x2M7twM8+aLvAG16r18tyuOEyiu3kVuU WUE8vcO7xM+7slu85jxwSKjgvWtFzrftviwQvxQF44n872Y7Dxlvjxz9WqSVMOEbzyHNvEe8xFP8 R8R7rmR2ki6eYxvYPETU3v/GtC/Q5PaeYnuR4j3n+fqD3Ze90aN9TiyYguVWMD08yMC7si+73Ff/ vrxHPK4cK0A77AEMV9ZrPerg3//B+jAuuUHT7SMhfnczfuVmkcMvPYKxfbvEPdTHPEhMPLsMHCy7 MmXC1hdBmVLXsnKRhZUrapNH+OBD9/v8i+ufD+xfGajr1tzEu7O/PeY/febLe7usMmWWGYftUhix 2z5zt1lYNgCYP4S/2hfdwi04NeETB6bAzPMXz01/hMu3e/XD/e1z//UDhB+BNWr4IXgQYUKFCxk2 dHgQAACCESnWiAhRYsKLFisuPMCR4MeQHyPOuyjy4jyTEjeCdPmQY8aJMltq7AgTJ0J6Nejt7Emw 586cQ4kWNXoUaVKlS5km/EbwW1SpUQ9ObXp1/6hBgVoLbiU4cOBXhQaxXr2psOVGih3XNjyw8UDc tSVLflxJcOXKuTNx3ooJ4NatiIFfMqx5NahPxULLNnb8GHLksk+h1pj6lDJUzJIfcy34VWtYsgc9 j+Zs9DBamixXz0xdIy7Ij28lkgRAW+XMeXxfv04YWDDr4ASD+23ou+lPoUFPN3f+HPpSqpY3V7as OXpT0Vy3jgYbWmz47IZlHs9YUW3a8gltz+YoNyLu3OkB3OVbuKXxGn4H95cYOL37CkPsIMZ4Um68 BBVcsDmqNstsOgaR4s40hL6zELTPJMRor4XmOq/DAdk7abYPaTtgN9fYaotDAYn7a7D9QlTvLP8C gToQQZ823JHHHh2qDruqMvMRpwpFS2g77zQksjHkYBMJobigdK+G3FIUMSfgDhqOsP28JKzLh2yp wZYxkwPKQCbVXJNHqaxjMyfPkJxTQ/AqhDMpJ0eC7aDZpIRJz4b8GhRAmcD08kuHxiyzzDPTPBDP SCVt0MFJiyyNtNK+C8vSPNdjaEo/91StRqIGJY5QRPXb79CFzDSTzEWPSkw5xXi6tdNcdd3VMU3D A6/OOu/k9ao/oeQMuGTDbBWhUxl6FdZYZ8X11jQfdcicg7LNlthuvYWTu66WFBesz8r9FjIpj43M OC0J1a/dVV0lqNGDGDXqp2pxhHQobrclyJz/gANGl+CCEzQy2CO7otBgXZddtV1VWdVyXjITWjRa nBbTUadrFRoYoW0FroHbhk0+uaydFBZ34XG9GxblNZNlVdV4I6b52UZlpTcp5vLlGKaSRwaYZJFB jhnppInqzg96hpUzQ5iVRuqdqhvrEuuI432xoXsVqjfjnGylNid/ST57ZIEHVnvqtlFeDk0LBeqp adLI5dRct5N6hyC+rX7sZoVSTVReaWPVWWek4Aa6IaHXPrvokEE+OimrhtQb8+hsTSw8usUKDVgM Mx/q77797vuqd08Fc1muC39V2mjDJspAj0OGnOiS0Z78cd2LoqzSy0cf3jHmcK3d6QPJ8mpJ/4aJ x4nvGqKXXvqqS1dqcNfhhRjniu+F3TnftfVXbbPLl07IIJ9f38Z8j4fUIKeb7q5l+tl3yHqr/T49 +umZcvdFYaJZ4RBSr9iNx2i7g5zZIsc28cEEeNepivruV8Gh6IhjGZxTuOR0LgsqRH9/O91BRpiU rR3KZs5CVNe+Z8DwJXBtIisa74aGOwhSRzOYAdIHefiQsUFqOe4jF08QxrIe4o+EpqPeUlhHQHh9 iYAXsxcCI4e2GeaOaAukXE6mE8Eu4vCIYSwQY4IYRH7pSCvyu5sYEWK96rmRevzzHxOdtTooci0n XoPOv7QFMPNh0YpVJMqDrqPDCLGRhz8kI/+ONrY5n8wPkW2U5BtRB8c5MnFLE8sans43OSvS8HaC tCEXrQMh4UWSfchbHNwKNEbGoZKE+Ysj6mZ5yaOckGJbmhmcPLnFBtYwi1okpQQlGKFTwpJ4P1tk raqFoOPZDpH+658lbYk9VLEuk7py3B8lN74Y+tIphSSmmyxzjnMcE5nJPKMqgUYrVsKSf7SsZBKr acInUkyADHHGPhn0L6OxTZRYfOADEeIgCB3knNY5RzqTicGf6eRGHWMkI6H5welJ03QXvd7/mpiq KB6En86ogUhHmp0tmk983DwpOBXyoC5+Y6FRMWcNZspQzBlPIcuEKJp+SDY2lk6EIpwn4Db/mRN+ EuSoR23O+T72uCz6kqk3BKNUzgnTmNJ0oQu1adsUua+xOXIxEq2oBYMax2nCMSFXis4+ScrWkr51 qQvhIwNzl8DxDcWQOiwndRJKU6w65w81+MNgt7ogn40xol9dpFjHWsGg7q96Q81NlShbpck6x61K JSlcT+PPxvnTgbsD5kOARBlzwvRyWdWqYwYb2IO41rWFfQ5OOZejxcbNle9EJmTLyje1quRKu7GS ZDY7UpGGtKTFjYwMyWfXuobShqNliEv5KlOsZpUzrRXsa7UbW9k2h5XLZNzGItpKhspSfwxRq2Xx Alz2Rka5bQWpWzkj3bT5Eb8JSZsMf1cZ/9SmVrWs3e52Ycvd755Gp7g1rxDfabzG9pC3SVzvZIf7 W8jId7MYpm9nHadf5jrVm6PEqyETGmCErLYpgVWxigXLYu0emDNl5GkzlUktBpf3wNO00nDZmyLg XrYxx81wcpUaV6HNMLRXDKSSCUpaviKUIKvVak2vUmCEeBe23oVxYzYXNzM6GIOtFKJsgWrZ4Fq4 wpQF8lWETN/jIhXO0elkJxsYzD42GSYo/iuV/YoVwhKktX8mcGy1vOXH4BS3h0W0Kw19kB/7WLju /XF71Xzhtr5ZyCONRzwkM7TeHXmBdQYknvNsTj1H+a9+BjSLAW1gQTc6ZQ3WYJiVWdsbPf8Yluvt MYUdjRf4zhfTnHZGPETKaU5DZr/dFLWyPcsUU+/Zr1NWtYsLfWVYQ6Z25a0tGRftPlwXdsfCTWtl 18zm+G46s5uugbGXi7tk83HZumMpUQL87CifWimsHnCLV0zYV187OdxOrJc7Ft4ZwxrSvoY0j8ld WTYjla3HJbax93lsdh+7LJ8WLQM7HOqAHsXU2DVxigvdXZP7+7UAZ4qDExtmbevLmQB/tMMdTeEK uzfIxo34xIk9bIJsGuOO6WWTnXvSq8y03gLu7r5fHOgXq3wp3saxl9vpSJ9+V9yRbi/DyS1umj+c n0DvucQPgvGgZ5yu+n2uN5179D4/xt//KOd3iwnM72pDHV/8WkgGdeqzbyMy4VoPd8PNTOnHsPXY Ef/5uo0N9Mf0zuNHvu+yJZXlFTPk6U/Hu1I0KGYFd7mn0LlkPXNlczVf9tGRVr2uryJsiR/V8Ytf qgN5V8X7kppJhGb10qk9981HHbHMfB/VvRqd/plVnt3CedYRIunCP9/SxRb79NfN+NgLXd59vOIf cZ/7VV8+0FfG8u9XTnWHyhiioZeMGzEaT2LxeuvBVfhvve4Yi1vf8epGiNirj/1mNzuQpGtSeG/8 wm/V9o38FEfRmsn8Hsr4Ygn5ZIlBAgUmvE7+4i/1DM/++k//JsIDfy4eAKADseJTQEty/3qJKD4F NSgQJ5wOAVuN0FIuJ1TQMJjiPHLlBrns/HYqp65u/WppiWiJ9FSERUiQBociRT5E8HxN4ZrQJhAi RIjC2HIwI6bw/jzkKEqwPOZKYABg3mrQIpDiCAGFVHKwxTLiD9pC33BCBdswTz5QJphpzMziA4eC CnXw1gaOtv6uKTBqiTRqCKFwDJWCBRfCx16iJNJq9S6QQ1rDRRzC4tRtCidCEkMQBMuCBpnrzsxh EMHwDcVQI/iNJeLuBlUMAP6NDGfQBj0Q0XSrSUAxDHWw6vKwVvjwKkIoiZTIDstDPYiwERuRPgIE SyJtI3YjJeYCuJCR9XzDSWgCItZNBP/DMATzjzVuUC3C8CaiEBvTwheJZi+CERg9sBrDURAvgkVY Awud8QDTsNWwke4MLBTrkCVi4hn/Yhs/RR1jkQrDCh05QiiK8BzpES3ssR5jUR/hENsWzbymrjmO L3/K7PjYkBdboxcDpBefUBgNMS/wwhwlwhhZg/We0EPGkCaATiIs0SI4rQpVMhotsSb60R0LUkCs EQoHEktiEiG5kRdtcieRYx7rkMAk4s9O8RTnDhUN0hm5ESdnMh6REiHpAQDM6CKgUiKg0iCvUhzz sR7xsSDvECu5jNE6LzvQS4keMgglUhAxAhFhcibxEUSQQ7gSUTfkki48EudUYyTJcB7/W/Iko/Ek TRLjfvIZe7ImCzMnDXMrj+MqaXIwERMhG9MTzXDAPoQov+8Fa3IvgZIxZZIrM/Mpo5KRorInQNMq dzIUTbMw3dAzD/IrI2MBGcQsI2uONso80pI3PkRF2pII33IMP1IQ9WItNrL+RLJF9NIlj40KL04E 1U0wxREzHdM0m5MrsfIbU3MxrzMeCTMy5dEcWW0UBYsi7s4dfzI6qdMxx9MpwxAqhUg0LSIoohI3 YQQ7rdPMjNEkcNIrMUeoIlACA9FFKjION6Yj1fIii9AQXyIvEtFKSmI4ifMm0xEbkVMlgVIanfM5 IZNCyxM1E5MzsVM655NDLXQk2eI0/1OuMoPSITJTMjdTMwdyNe+QjDLCKkfTPalFOyn0IFNPRTm0 ExsmvYQwli5qF20TPWR0QKmSKl3DJbJxIhXCPpa0PqqkLt+LPNQSL7EQGhvPL6Fx/5ZTRL9UMA9D Q62UPrkTKVk0TKfzRpvyMZ3T34QSDVnTJtPzMBHTDVt0PQ3yHyHiPfNURM3xPKM0Iw7xPifCvfLT bRwysmQzSGdwPXCTKpn0It4hUimCb+ITP9pQGYlwPgwUGKvxHGnQGZlz05bTS7vxUT0UUMtRKdFj RG2CPFf1Q+lxOglSVJuyOl+rKNMwILGUTlmzLTa0K6GQRt3TeEBTPfVRUpcSH+OyPv8mLUoLVSUQ tW2E1KxGyFrPZMZo5XR84kdt6SU7EfUskEqXggXPjv+uryl61Fehg10T5F01J+ZoJfjmsCjgr+aa b9JCUj+FMFsryT81JrckiR7Sy0Bi8z/fdeEgoxBlj932r/9WMQvHI16jo2Ll1V4natsy1iEYjv6A TPXWB6iwVY4C1ocKTl8g6m92AhfnqGGZkNLuMkHu7+Iq0VxL5SE8lTN0VrY4h6IajCiWrz4nreYO 8X6mCWCT7yw5z6FIqGABkW+EiDaZQmYXhPrw7+wSkFi+7Fq4jdbulQn3lfB67etGR6OCkJqwAv2k B24otVash2UjLGaCLmu1dmv1kF7/38daysL5hrb++DVpSBZqKSnqkKdA/KYnKFVx41YXsdVuHxcx vG0BBW7gjGLhso5ce4xszfYPdbFxTTanzq/WnnaeKHWJggKyFpUQ7XBHLnZ1HcN16bBTONYh3pNY M6g990V3c2IRKy1f61MRh0eOMoohQDchFgeIoNJqQNNt9wdxcUwCW5MNcXROX/c8c5Z6YZcEZdI5 JJN7GZYMY04B9dEqzasqb81nceJyYfbMCNV3RTYXO9cP8eWrbuUdAvRp99N5iTcIY/ddY5dNs1cx nwOA57SAYfGAJWN0e7AozvcqfUJGXc4HNRJwh7bXeI3r9Ib9/tVzU3RFImInxrFS/+/3HqUHWe+3 YHU2WHG2V60RRLKyVsdTKQNVUq+RIAUSVl14NUqlQwLyg2NVJ184N0vYPIpUHVmYRGsYS2tkNEtz Iyp1G4dYPmW4PXmTBx9CaOdvx8K2fbWOc68VaQk3RUPRdqdyPZWXJwDgftV4NO93f+CTMSTi+FY0 gIFViGEyVQfziKvXRa3zRkkSEUH0Ontyj8H0Pq6RkL83NfdYKwc5KQP1V2n0iVkCg2aYWZsYhJvY PXkxfSsQc7dYbKk04UR2ZBl1lsa4Jn+Ckm+lKqtSedXYeliieeeRZdU4O6GTJ+URQ81zl71Xeg2Z WX+5RHuZTT+0PIE5H435ekP0IP+PcE1n9UJ5EI6BYppZ2U5jUZOruUbhE1LOt7G6uGgDL2Yvt9z6 NSIbdQjzOIRnNIQpVY43uXpK83RANSKEio4hWU4fmXufGUfd0lUTMz6R+J+BuUNx85jvkUR12aCX uU3tOIaNWRuVdT0kuUCaczFzNY2dc08R2ox5FwMvkGjLtWxJ+Q/Pdmn5uCfjOIWjR43luGrgOJZR 2JYutUXx2Qz1OUOj+ZfzGJmFmaeDWVjXtKZx2jCJuqbB8KBzmpgHUZ0hOE9DOFlpdKMNc0ZpOY3X WTSlTn0/ufDkb/War9LKOXOit4MHuKDzBZbPF6bdGY3XeD1j2n/u+Xvzk6h5elX/G1qpQcIRlTmv 7xo/7Zqv23RWk3mQy9SwN/OnA/srwxSIYhKrdSJ3/1g0q7mqy7eJy9eTdw1mNbDrJK2ChVd1U/CH 1xmC3bae4dNtLeKlQbiVLbVz9VqgvZKwI5pWp3ixQxWIHXqHX3Ww/VpJrXg+ZTUbh9VWDbsc6TO2 h5qFlfR4tdmKs1qK0QOq92Kdb/hiJ2xhNXfrLniktwzMEiO9nJdlvTZ/hGJwiSSB8SS9tVdSWnFg 3YkhG6J+dcsWQXnmmlBsM/ezG22RrKZgWdZ+2e+NABzAGxW9k2a9D2h2VHFSVumwnsnGiqKdGDC+ sXictzis56/hRhngWM6MquZp/0P8JxR3ZXW3hIy3e0+GZ48CWjBmwQ3G7yZXlaaFpxwQKSbsvYzW aLv6faHOmRQjak03agEWxMkSaUsIchsDVvSIYBCgBhAAyj0vb1N2IYnEvmfuk7larK+NvCgpbvOX dDf4v498apMcKRhlZwznxTslygkiynPkeCH8wXvEqzubu7Wbw1XOjBZCwOM5vHlicf0Vxc18XtB8 igynyd38yV/OtvL2lTYEzUBWEcW5uxttohkDbk23YA+kyENcwBFWQhKcTURdzV38e1LRehk8J5wc Idq8yn8cwtUkSsuWUEP6wjcEXXeFMpP1Rk74y0mcehgXcf910KeXdT0x1BG4Xf+JQnYsZoowBpVT 3dhX/cmjHMqd3MlhHX3VD4AP+A7JlfnwW9Jxvfrollg4OdE4ndOH3byFHdghsHVjxpeTotnT/NCj /ROPndpdfe/2juXIpttlVyYwHPruskFnNvYar+zUVVIIGVlb25ZJfI3reeJh2Y0pHpFpRId1OTt7 A7cfuYb9OSmF2FZ9GIe18Rt18uRxm2fQfFHWYkzGsRsLeuV/OCtP04bh8OO3vS2g2Il5sx8B0ohl vqgBeoWf9fnaN8c5ezwYfvHqtuEF0XZLs5Yfko3ZNipZ+lLTOq0DGecxtDP3WaddmJgHWBhjuJnr micZWe1pAnFcyEwAwBZUXuz/9XipMVNT777a5/HaI3hGD4STQfgxmXGxOZ64gZUvjHFzeUzXtrw5 zI5mGa/sdAU1y5eW/xt1YVmVmSOtl3d5BTmYl3KXi9lDC1uRQ7SRg9v0+3moV38poX1nZEWxE9v1 Ffua+VkiWD1VlyOCuZlHFVNNx/hFH9M+y+1jtVtBIrHx9G/5ZS9SKh8039Ks3lpx2XilVduEWVpV B7qZlzg1+BmoaTih03NGxn4xr3BLAdr86TH2YeUb3V+QcR/vgxXZZx9Gdp+VFWOwJyIBEqAGACJB AgAECdYAUCOhQoQJCyp8iDDiwYUNKyach3BeDY0P53FUyNHjw5EkS5o8STJe/7yEK2u0XAnTpUKV KGvavIlzJEOLFgHQq/Fz4ruhB+m9M/qO4buJQplO3PkUolOmEklCnTq1as+sXKVSdLpTK1WdXHfG AwCTJtquYtvqtGWrRty4cqECsHWXol2yeqXuvYr1a8W/EBEAlkovMT2fit2OFcg0QVS+Xv1OHusU o0aPnEVyBtk5p+ibaV/KpKmydOqYo1u7tlp54uLZFY0CBTB06OIaS4UqDVt2oePAgwXzNLj38mWD lZkDL95QLPTpBFPLZIi2Jfbg0cE2pEsXIVzklrs3dxsWvUnC3dN3FZyY8U/HCAcqtF9jIAD8Xp9T 3vnMdlyF9NlGBnr2WoIp0f/EUkyllZSWghKKltxWBxEUFFC8FYRbUgUtlRRv3nGYnkQVHkYVczqR d6GK9LEIEYv+YUceidOlGBFr0SEE03bJOUSjeAfBlRBceBGEF1swCmdifzI6RJySVQG542EcVslT ZFAyeZBkV7an4n/PCLYlUx9tdtGEakLYkkurvemmm6atSaeCQSlmElF6EnUSijj5WadNgAYKIUsT oSbngxSuJ5dcRDbqKKGS3jSogpIlJJlAkG2q5pg1POMpqDmdOamCiOr40moP6VhqqzVlSJKeCvX2 0E+2RkmpqzlVqmtq2TmoKquClpRXo48SSZeuyvLaGmSYZnoppvcpKOqnoXr/qqyywBpqXaoPMpht uHYqllhRsO4qrlVlpuurQ6yxCi5KX56UrLH1plvnvIRqmp+z/d4XrWtjhprQwPgSempKI7W54MEO 21RuuQndee7DFrvW7WkzKZooncdeDLJr/GYKcMAJglptyiGbKmeDGrcZ4WnWrUwzuQpJPDHNOhc6 06oydxwnwzsPve/Iz/5LsqQof0p0TnP2LFODiGocZ9PZUnwzUBFPXLHVIEf4poOG8ux12ZZKy2+/ 0Rr9msEFK4St2Se9u2q3GcsstNXMvnYrnn1reKfcCfKKImDeurSW0ODmnWur66L72t51cupvfs9C K2G1TFsrOEreLr4wx/EO/y0g5MZVyRDOWufct+qTampyn2oSzujYoR+E2tSfL4qrglaa3prkayat 9rTEU8s0wZp3vnDLUY8NbMZPk55l46dDtVutJfnddaCY/yvv7NZT1jxqv1Yd+ug1CT/a738OfrC/ JsN+aeyjoYzt8szX3bPiMEf9NMaFzEZb0lf1roK9Wm2tRc6B0nO+FBETuehC+SHIpSDYIizFyDkZ RJ26HKjBCPLoLAVRC7BKeBZDSdBHE8QRC3dELAeW6UrzomEHRcikBxbQhtVr1vfqBz5pZU5URNwf m4KFN5/F4x2oyQ2tiEajvlyPfEzZms3KhRAsmus2I/KLe3oSxS7VZzAPXP8fBW+EwP6UBTilyY5Z zqKWQ5FRL2VUTgTJRL7SqVGKwqEjH8fCHuqoCYiwQ1raJjSwuBmxfNCbk0pAJDY+8WlnehzOAT+I oYiRazZYzF58oBNItnxlIPa5oCjDF8o0fkU9C/nfWt6YHZYwRCWstFAtcfUjYmVJOqkUZS+V85pC nqRyiwzX/1y2EqIscYmQ5I0AV1ZJBoYJK4fJ0FUilsWG7EaLkyGRJQVESjJyiD+YWRGV/qjKrQQS jiQsIe5W5a4RpvCXLOQhl/LYQxcuiTto7Gcu2WeStcnPcvYrZqlmBsBZ5cYlIGIiE5MpoicOcJe9 S+d6AqehLc7mnz2sEGb/SklKqHhpj7G5pUV9VJ7BmI+WqfKL+fiJGelE6aT51OMl0enLlAJyX5cL okGzhVAGtcShIHLmQ5NZ1IhCk6IePc4qc1aUqEIkKEuakU5z2RDIVMVL5LQpWGo5zS+a9J1nlCfu VoKWEVb1lGO9qYX4EkqY0oefLcynaEiG1+P91Jj/cygzG+pQpTpRogMMU5AKZ9gcZnGbmixI9vRl FxAap3QMwc84u9rHDdoRhoA552E9iFYZPQhK7ZwnBGsIRg5qFpOn62MNz9lPBq5yh1ppajAHuteD je6Ry1zirATbGycmZJK5NUmGrgg4rmkUqpMLYuUKuiyM/W9m0btbZ4sb/yj/FM1y2DWJPL5bA3nU 6Zh7EtFffSui4ZaEsN3N6Ooyelyt+SRr3TvbyAhpMeFRN2hUy53trpuubyREwFC0a3tdJd7wfle8 4KWTb5M6FJpEuE2STO9vD0wS7qluMY4FnOvqdIAaHGDEIS5eugzoNJMItWqq6qjDviFgGBe2rhjW VYIZrJAbOxiwvIkwE9ULZElWuMbaS67WcHYr1pUqxCNOSIgPucgVOzJmOoOxjGNcAwITecsouTF4 G9xgNS2FmehtYpBpFVwesxe7EmszfI985PpKiMkifrJASlzi/b0rd7t95sNibGUtc3nQ3sWxoRUc XjH32LzBVehC1Tzchf9uWZPvheq5PjwhOj+ZxAlocjG3pURhhQzLWVYIqQmN6oQs+MsLTrSCw9wa SZ850rR+CHGLumaHARQlSeaaFT2M6TnX2clO9nSeCbVr0bTYeS6rMqBLLeNk1y6/qX6Il3Wc42zD OtaEbehIJA1YXF8YX96Uae9uQuk4q5tOh8kznUWskGNPSLu94lacds0sP+2kkKfOMoGlTVIz8m58 086hW1F87latGtGvXni2FU3cRatXorIGsq5jQydbXfG4vQ6UsT9OYiZ7et6tdRWfSS6hyj4kAVeG 9oABIGj4JTxywCs4TMsZGIAr6MslMfSqEzwa4Qq9x2puNK0jTm066tD/SjKcYAPFafCnqDbnO3q3 iG1IYgAc4I53lK3UP1tbsoCwgRyk7QujYnYEAulxaCe7BS34jSsJmERxd5LbMYlDDbb9g1h6LYx+ R+9LDoqGbA8Uz4GOaIdb+zWymjjRJe5tWfHYwuSO0VPpTdOyzjeC3pgPbJzeWomEWOuVGX2eu37G NT5VkJafI1MDj3qp4xSuGJf9VvSTKYR8w0t1t/It3zPb2ccejzjnpV3DDhud1s62ddIxqxnMc1dL XzRCDnek0Yz9yS8617ryKEptjlWmeAMA4/dGDcxPfrGrEfDwjvfo4W36En/zqk4Fplzpr3762zaa +e+JQOrDe6UGczC3/xB190fA91abZX8udnPm5h3EUW4Jx3+T4nPbdmg4xniDdX3fBnlo5miUd3GT lVrJJ4Le4Q3jdxAniH4exFHJ5xAjtxPv52Ra530ERFLfV1JZYYOzBVv+VHsTKHxc1S/74XtxJ2MH YYA3Ik0A9hc2soAwlIC8pG+rl0FpVCIuWHvNp2rWBnTOx3CIlxNC9oEVJm4SR3RId2I5SE1UFH7p l4Lpd4LkR08QGG9OMWKk12QIwWQ0qIZqWEYAFls5GFdtFXDX9SP/5yxEuHv7oXtz14ACF1dKqEvF t4aIJVkHaHy0V3Ja2HNb+HzYFnRPNHSNZ3Gi2IEP432sN0WrV34Ngf+C5rccw1E4YAGD7bd1M8iH JRhbVkWCCuiD7dF/sYiFoSdKXUUyA+h7tZWJDDiHs2hLCWEDNgAA0qiJGBdNqrR/FFUq0Odlnpho 0ZcgoqiB4jhuE+dtICguqYgjxuN1qOWKrmgjcVgjzbF8BtFkefiCVNJUGEQmyGdOUxdCfgdML2Ju yMF2jqEf+yEt4wRjnvUkdxdDP1JAuGRY03gl0WhPFvVVPbiR0wQmHml4i+eFrfaNDEd9jnaO2+d4 uPZoabY/8+NTJ2F+J/iO52eTNYcS7uZ+8DdspeI+A4dskgJlmwJdRmQDCnGU0VgDSVltJPFzOQaG nhiVNyFrLMmBEZX/ZkNnhnITMIVUlApBkxAxk7AIlgJnEx9HbD3Zfj5pcwSXL61ClET5U0mplNCo lHV5lE1pktzojdo2ldQ3WI2WVBZXa1jJfTojUNyFOV95k3GogiqYEGQpOzhBYnUmcnimlpLijEA5 O4XnPSsnRLl1lyVRl03JaqrWhRi4bdxmho+2fS75eL91mDQTl6GpmMRUlpAJlrA4lh5XbMRWmWup l+KSNri5P3mJlNConHSJnHoZZl0YLySpIHsyZNcHYeJGnVzJXUezcmzzEGT5mJE5EmFJKJi5lvI2 nNkCRARlUNHYnHfpns25lOl5Yy8hD/HwXSuBgRMimOQoebZ2hrOJ/5jcmZiEFDuPOZM3uZvkCWIj N3Lp6TDGuUjuaZfIyZTMWZrVFn2OdJ/qM539mV6DaWFCh4bRhROmFDvOUpwHWpbnN5a8qZkPIXI1 pnNZCKEkkZcUOpoHAZ85GpQoNymlkWD4mRod6qGhOKLgFqLUSYYCGqN3VVnFCTBIYxKSKZ5sOXOT kmwAJTzuk28HU6MJwpQVOp88iqPyKT5uiXPj5TLiVaTwwp9lyJKCeXSu6aQ/eqIgZZtSWqU2SZN/ CplWmnIG1n0y1z6HOoxNE6ZiOp8WmpTT+J5omqbDkqiBElRuEmaXGo4Vd2FZ2aTlmIZjd1j/txD/ VxAjZRAJOZ7jB/8lrEoQKAiRHSSriiWrCHdaALlCLOiPvah3/JhzTRdZa1ciwDF8Xed3n/V1epes IXQLNXALAHALzRokETmNyYqRHHIOS6mUBZGXx0qCxFqrwLpBBjms9Uca05MoYROnKjlkFQeiWxku TvccqFpBiKhVqbcfI0USMymHLiqPIgiuzBiwbsVUXrR6dTWFglgeg1dT5qGAw+ewg2iwCRixWfGs CxGtFxt4ECGNkCqNH1sD5yCN2XoOJVut1PhLxGd7VEeH+EpXpNExYHM4daJ9IkqiN3unbzl7pBoR poQpPfuz27mvg5GgwLeMk5iyBKse8kexDqi0wVEpXkWJLdiLEiv/fFXLFNKqtSYirX8Csib7sSJ7 DgAgtiLrsUeZtMUxJT/YsPf3hArjX7ZDN88znUQHDzUAD3mbtyFqjqQYgrGFiKlaQQSUNgfJISjY h+sIhdX4detyUrdYZ3yYh01bUfjUhH3iq4W4hJK4SzuoWHNluU4IraN7sc5quFTyqNSordWarUvJ rZvrTZ/XTXYHkFTYuGUHs+raYtMlagmit3gLD0sRvHn7DndrnYUJpviXVYxoOQCYe+CnfOq4ipoL KI+rh6andfJ3h4IXPgrbFz+5plFIh5vJssRouwUbrQkRrVyLEOlruparrR87jSI7sj2arTLFsE3i tl6qfJzLSPvl/zP9RbcKMrx4Oyt7C7zBC1wlmi0pax/5qpD7xoiJOL37lIoDy4TKe0l7CLlbVxWm F77Z6L2g9K16FGPXuGi48YQXDL/nyx1aq7UNkbHQenAREY1mexbuSRDwSbYY6bb/sa0pVbvieyLK dnJz21JHKhrGq7e0ord7y6kzNnVDwSFLka/hdFkKeUEg6ZAWTFv3xHc8yHRul3UEcYvXC7kZZA3W kBDWsH+3Wq4PqFnuQWoFcYQd8iVJESKTGHXteIlfVVLSuiWl+6zuWxDNak5PIbYf205he5dm18c6 0a3zWa0j+EWrlVrM1zCMIyx3Q8AGPBJNzLcJYbxyk5IShVvQIv+huRVyM3qPePZuB7DGbLzGC0HL zmZl/rakLYmOINOsGZux6ksSv6wQ7gu35xAP9BuyeEmyClGykjoaFNqoZWqiNsEwCLUxu+tnNrG3 d/vEpQzKoPzEglOVepIARLE2JbPKBuWg8HePIyHLI2YNJTbLbszGbXzPB3OEunyEAjYU38CkdLoy wVzMiEzMiFzQcyMTNgATzyzN8XDDNiC2E4Km0lzNNXFMUiM9GU3ATOzNBuzRpIzApmyVHjiYeRWT 2HVsmpaW7UfL8yzLszwRt9zGARZogqZlAM0b/uyfOasswWzQznrQQp2+BH0SzwzR8cnQEp2tSVmy rfsazDnN0Pz/pNasRP1DNQL8GiM90sArziLtzeA8NJ56Yef8Dud8NLWJYbDsbpgZYvVMyzFdy/is EHONLzc9YAMG0EshaNnZywMt1IGN0ETtOamBzA49nyKrrclcmk8N1aKRoRdK1Q4DM6rhPHP7yV7N xKQM0uP8uzvzqZHHnRB2SPXDmHITnA8ay0w2zzJdA2ssy69d1/dM2+GCZThNYDqdZeOIhj5dKkUN 3M6qvgZNzIFdNyvx1AmRrYyd2Issn48N2dRcmpNN2WCTRAmzzSgR1g8h1p8dzl+9MsJ1iuLNG5fS G+d8Xz3VXWydlg4azyLW2nVm1zI937qyz/4WaKXWY1em0zaL/3T90A/p8stADdTCDcwYbR2H7RLI HL8YqtwkC905kaM+ajWKwy1iEzTZHcoK4d3cDdKc3eE0M4oiqlDDhd4bcuKUk9JYuomiEZwHYXUO St+vHdNyXdM1zcYI4dqlgtNZxhBaxsswVl5qFuABPhJFHpFq4r7GzOTrUdwm4dhuEp9I/eDNLKaR 6jX+Zd0AvNWcHc4evd2h3N0g85/AtcCyuR98silXHK9U5BovHoM66WlwTc/wls80fRAv7ebvYxKA hh33/c/vsNcBqlREB+APAeABDr6uESbPyhCD/eTqix2RzjDL7djJrRJRrtwPHtVKrdRNc81yy2K2 kxNgnsBj/v/Rm/27XX0wc3pmg3mORCFSp83ihHoTIbcQ74zr8A3b783G8VznNO3GN57PdZLfc4fs 0EZgxAXkC/wOiZ4Qh67oNZDoRg5wjU4QA07c2h7D7ds8cuLYyJ3MDALhyV2yV/7pYwrqeBMvnuwa qR7S4+zlqS7iVvwhB+Eh9k4Q2UcipuoiD+wiCBd1eSdNYhfwU4esdEaDZlwlMX0l9lwQNp7jcPy9 B++RKwRoc8chccccHG8QwiVCuXElim4Q/TDy1E54CD9FYVG6HNK1wDq6KlJdyRyyJStUh23uER7N I0HdIaMapqE+Gi7mIQ3iCQzWXs3hXv4wkRci+94QDYUQCxX/9VY8EGfNVSE1sFmKepbksv3XFsHJ HFsn9m1MgzEtdfes42iPz3PFHHC0Fg0hNFv/bEiIr3H3z0aoJ06vx88+FCZ/EEUOAIpu5Ic+tSpL HYVMw+t7Ib/cvtDq6BQR6gzezDQ/7iGbzOe+6U1Z2Q3TbKOBwJ4t1vN+6p8d4uFCok9RVFG/IZOk +np8xZaFWZosu7Oni5enjTNYbBGBZzRYzwBgz63t+3Md/A3x++o0E2nFtsmR2zDXe4Oh03Un6ADd IU/vbRGB5ACOENAuvmjHshGh+I6PRjDs7XIUM8gt+eZe81Wu89V2zb271Z8P/9380UcP4qFv+rSq FEuYZh1i/8VdoikAASBBAoEAahysYdAgwoUIHSYEEFGhw4kMHzZMeFBiRI0ZIW6scUBkwgMWN3I8 qdDaAWvWAFg72PIlQ5cwYS6cGC9exobxDOo0SbHGt6Eav30DQLRjSqXv3i10ihNkP4n9alA92E/r VakgeX69uLTGLQBkx46teCsjWbUYMeoEWuPcuXhzD557WNcu3od9/f4FHFjwYMKEd9YAChdxYcDw HNdwDA8ywsd9JU+OjHkyY86DnSZ8FzQ06M+fa0R1GjVhgoMEB1YUa/GvW4+xOwoNKrtiw5IISxoU eWAiS5jCV66s4ZJlcgDLbyaXWdMmzoSJAfiEi30nUNgZlf8OxfldYWiiqY8+PagagFOtBq1y5arV 6nvqfSd2v+3RbFm1+896LKs2jw5bLLu7dMKLLrnskqszBx+EMEKHFCNQQsgkewzDCy/DkMPINATR QhEzCg2l9NALDb3TSkwNpdEAFBA2jgTMz8TcIArrxhlr4605ikYSjqSVgjQIpq+MfKkljZCsSKal tuPpsIjiQqy7ho7y7srxVlzvnfK6LJGqd6wysT345pOvvhply5FHs26Bs6yGzIKRzQoRQ1CunfA6 jC++RgQ0UEEF9fCyg0CszDLKDB20sKhMNKi0jUpjyMWPGrJSIxsxqvQ+3CSikbaPeKQI1JBOPWmk jY7zqjn/5FxV8qOaLi3Jp+rwvM6nKRciMNODjjrKVKMuPQ3LS9cjMyKqkgVgK4jea48+YUl96JmF nqGoLYna+o8/snakkUIo6dIrwbn+bDRddddVtN1C3/2QMnY5S3FF0+wdLbV67z2xMzXn7Wykg4AE 8tSWigtJpIMPTg4hJRmOKaaFS6r1oMQOs3XCv4wtyiGigAU2taJYXPG0q+TLar6UnYUQW5drePkg bB+CE86z1DqoP8Pw3I5AuvwEOGihR/wwQ8w67PDQQz2Ud+iH6kVI3xfTM/nFFPct2V8anS6st1O/ Hti3lpZzriSGjZS44bEPFthrPAvsiMLAgO2L45CH+s4j/9PGRFNllKF96L3BZpYZ5phnxrY/nHO2 uead48IYSq4np5yzzDRTOtGlkc6MUaf1NTlrfh0S+cR88y3Mq8oZ603gU4NrOCSIWSJu7OUctinW seM5gHffeMd4Iyjl9itvvPHG8uNvvGReo6tPFlzlvqTPirOXES+c8GcSB2xxxu40cHXxx1/Uoco4 v/zyzTSkHHXRRd536r37pZR8QdtuvWCK1a79YbMlnt3DkmM25PCuN5ELzJ08djyE0C1531le1dKD punJp28WZBljtrdBl20we4TLGUK89z3IFUiB9kPh0DS3mcypb32ZqxzUqla/qJXuajJ0XwoB5bqB UQx2tP/L3ZBkB7GIxc5gLImHkoLTOwNOiEoWs9gJlTLFX33sIViC37365heUIQSDgZFHB2GGkOuR UWbbU1d2nqhDNgLMUOw72oaOlr4Vcu2Gobvh8+j3vBy2MVCwc4j+wIYwhfGQYcFBDnTwN6GKlZBK kiteFYvCMeQZL3DSy+BVvJgyTQqGg2E0HBrROMZQitGPp0TlYDo3x6W1sJUsXF0e9ThLq+WRaqNL pYMA+cOE1W5guVOYw4SpyNtBRye9a53FaqVAAkFybh1THt0IQ8GVadJv0euLPLQZRlDCDJQedEgH QZhLcpbTlW/knNLU6blYys+GpMOjBKkGT3Pq0jfJJFj/EI9DwCJKrH+xSqIBmdjDkUCyhIsRDMga 2LFpdpF6neQk9LIpjzGCkqLfDCUpSRmzenYUMAMZHxwRxUL1sXNy8duj1EA3z6ex1KOs6yUvv1Yc miYSOn0xUu4QYw2BJsxAiUFoUNcIGCtacjCCWxk1NxlRh1D0g98s4/U8KNWXvpQ1NbgqVgfCmqyy K15FS5r5UHlH+rkUl6UpXVVZx8O2KfI4RBTgAG+qT5420qcYcyJC4kEPxPC1Bn5dFzaRmoB+sKaw XfWLU5/RTW2CUJQfNKNaPXpVkLaGqw5B7LpEijSStlGGJePj/OSZRclyZpdhu+eQaAdA6CwMbRRj 22Eo/3bMJirmbXulR24B+9fdDspZmNzqYQlr2L9QdHvcrKhjx5m9My63tGzMKlcpi5DLuvF8142j SceHNdTVEodlledzIbQ/s/nQJq1N21thizbEFBR4IqHt2yxGDwLlFiG67S2grqmVrWL1PdLNLELC ONXFNpbAHCWjKJ0rXvJtFaSVxWprLFtddSUNjiTVLvm6ay/wgtZ0HGZwwMjb2oWpLWI5fR1d6xrI rx1QjXzVLW55e1/7NgqDhS3sVfob3Ag/xLgG9mYNtPlBcSq4cBoNcQqlG+EHW5bJXHvjouqIwjuq dKUzhJrUkjzekZxNdzolcZeJMzADPnEnyJTvXu/71/+H+DW/guoiYZmMYwpnc4wcDLJUqcpcw225 jU1+spMBDGVY5pKPEgztaDvs5wixF8UP8/I/VbuYH/auL3vF7U7oq9uDuDloh9XqVuTcYwg3tcCL Dadjm1tkcDJ6db7wBUJizeTL9pfWdXb1iOCHx6mBGF9pzTWEUGzERwcSkfqzNJDObMJNAwWw+YUx wAw7kAxG1y8u42aR+1ytM4YTycFeV6zFDeuDzNoXCTj3g7tKYVuDW0RZftrp5olLdz8IzLGL65iX 2GKCWtp3GLPvpj3daTZzml3tpi51cW3qO48ScaZkbhnrHW5YV3yrsV64hEut1R5P3EI2/K4ePS6i R0P/+rw6xecSgReSlfOMvpq+U8Bh/GZBrVvdOw5wn1u90Y1C3Nsjb1TFyb3uc8PawQkPNKCB/nHR Ra0vn126g2LlEIiN7XX8buuyoTTzNhPcIVw/uNKdLOG+iDPVo2xut3ke9UDNWtYcRze6jT6QWdf6 1kdnu4NyqOVb5n1EaCuxb3qYsBbnzy+Z7jR+3Tzwg9+a7Oz2pMO//XBwYs/vEHK7udNt8Yube+OY HfvqEFBVqPfr8kHbn7G9VmZxva3G0aZxwKXN7so6OMDaO7JzOYjnx57eQeSWdbodXHR1YzzhNw80 5Ua//BogwPn17KPvh1Zpwlf/kQVf/JujTfNA1XrJ/37JOdqnakZTQnzB0heM5jN/blKjG6vpxuyO O57zeTG/+cwfPfr1/5fUk9dtfZG57Hu9mTO4dKk9jTtA+tu2tCO/iIus/RuM9TO3GsA496NA4RO3 uKsusVPAdHm+g3C+EGw+CCRB/rs6wdgtmeMtxUu8xtvApPMkIuM9nYuqbyvBvwC+4KPAcmMN4etB CkzA6Zouocm//BtBIzTCG1TCzti+FGQzguO+mkNArerAs8Me7RGj3du5JXQI4HO7C7Q9KrQ9yvLB J6OsIWSXEBRBEXSIJEyya7iGGohDLgyaAOS0Z2vBoCk1NIzBa0O7nzs/OhS3HbxABKy7Jpu7jcM7 xP+qwkApwudTwxEEtzm0n4tyKqBzwicswCjsvtDrjMNJsIYrpQWkw4f4wkJksrkjPpxzv7qbP4Rr RAhBQhAsQloEwU60tVhMFzikxNW5xG1yqksMtkycsQDkGu9zEJ8bRQcsRb8gtxy8QOCLO1V8MPaz QDEUNFJTlzXEP0nsRhGpPXVzGl6Mwznsxcm5KCETsKi7Qyh8QgbTNiOzwWacwIrbQXusNWvExuST vw3UxQixv1uERHD0R7IbmnLsRV6snHQ8CEt0yHozOMVjQfGSvMgKxFL0QntsDYvDQOEzwwkDsCX7 PEdkQ/xLQjfsDEZEuo4LGnM8CDj0xYZsSIccsiH/G7nse8fnoryLbMa+GLdCNDrLGjogrMAePLpF PD6WJEmE+MD788YIYUXHU0p2UchylMOr5BqbXMemsklhdDfY40S12rOeLAyhe8YI88FE/MEMHDRA yzhHPMJbPMKTdBD5e0UqHMerhMlzHJpglMltkkl1JMvB3LJBFLp75Dy6877+cjuRDEfQ28aHYMO4 RMmUzMXv4xpKtErK6UrB7MzOJMzQlCxozLwuHLoxlK65E0Ok1MZ1Wb5a9MamhEq8U7jMlEPN5Eyt 9EthBEzR9M2X+sJnnEChRMtqpLXjvDvkdE1u7MbKDAxru0tPnByYXMia5E0BC0av/M3AiL7tdJqz /yREs9zIJos7KvTBcHTMfwRIppTE9uSMMyTP5JvKicvOmfxFmvROwkCpXstPdhlEoETFaMRAuUtE kIzPlRyaSHTPlGTJOkO4pUtHYAzM+9TOjmIQdGEjeQud/hSa0iw3zdvBHatAIIxPXKPN+jNJqJw/ vHy8+WSwaWkq+wxMGbXEdeEUQQGaBUEIDB2MGw0UrAEt/hQaH+VC4fzQ/yREobTAxrS7Ay0tm+O4 +KvClNAhIt0aMLpP7BQyp8KUQLFSCzkXHV2IBNENv/iXdbEyIQ2aLy1TCGFTj9JIjRTQORVRlYRO 6SwnnJPSh8DM2aiqN2XIdbTOGr1SEXnTB2GQBv9R1AtVVB89U0A5HSvbUK45VDZxkEo1p3Gzx+GE xvD8qBZ1UXKCz+MLw1h0VFNRiBtNVU3pFOqYEdURilTtCll1VZyQB464VQDYpo2gKJCY1aUAF2Dt UmLRlB0RFq/4EwA4F+o4h2Nt1mk5iVEp1lN91WPFkafACWzFFFSV1mFlk2FtFWkVV1ol1otAVW59 LvXLwcNETMYQR8lq0qNMgDuY1zvA0zax1FU1U6mwDZ7w1q3R1zqhDXCp1l7lTTXJFGM11zIVlVi9 EY/gC2XFC1dd1onNj0/p0oa92BhhVYgoEY/dWH/VkTbJ2Fgt2duoD421j4vF1FQSzpd9O089RXD/ y0W4qwF7BSl6xSp7DQwqHVjA8NaExY2Q9ZV/6Y5bVUeD0CalBUyE5ViVFRVfcdihTYgclZGMuNBH rZN+5ZSu/RQuSZH1UFmwQNkr9RSjfdqV3dpCLdsZy8nR/MnwHE62Q82ctdc7oFe8ZQ2e7Vm17VeS fVgridawiFqWDZWktYhcRVeyZVyvZdjBhdxq3YhziVisxVqJWNaQXVtaDVbHRdnRWA/niVpf/VpH /YpZtRGUVVgAGdxSQVf8etvSIk3xpFu8lC69ndeb5aq7FQxVnVoz/da0tdQa+IWD+IXjLVrD7Vou HTKFuESn/dnhLVzflV4BQZe5UAi7UNa7aFaN/8BeHkXbL/VcAAnbzxgP0BXesjVdTwFYqhVYzc3X 3DKI3lq89Jq6TKVdOV26MNxZg+xfvOVbP8VX/Bjak+Va482I4i3exm3bv10IpLWNVw1cjqVaV/3d 1IWN7jUXuZDY75XYqm3W71Xb6N3Y8c1W1GARqCDb1KUW4F2TCQbXBj5cVqUHAJi5+ZU9qjs59sql U+zUqKszvMVLAM7dDqRWrX1h1pVg1zWIBV5gAPgFKG5TYvVccMXg3VjcUFGdXy1WJW7VvrDYih2V MH5W+yDYad1XyR1WFHkKbTVWSClgoM3Xcz3W1cURWO2UGq4UvloIAvSyE+NhoXGGGhhkZzBkwv+0 ubx1MHrNXd49JSdWYOJV4ONd4Hpq2c7Yix0lUx31E3PJ5PaZn9B101x6vWKkMWvILcAbtvsVZEJG iEHWvz+ogT+QZVnmU9Db253lWb292wDWoeMlXoSoZEmWZEoup0tmjOvlXofIUU/m3kQ9KfQdZVKu MQBkQXo4r/RCr6Ax5G525YOA5dOr5VmuZVpGugcTYl6uvbzNpUkuZmAOZmOGZ1RC5sLAiw6aCzT6 E0YlU2e2n3qGXxQCO3dMvINJZXwL5EBulHAO52/2vXK25XE+CFu22XrVWd6d14z2ZRSi5EmW52F+ 57zbnnvuPVLUZEVtEGjm0NiLyGhD5YLutKn/cy0iWmiH9uaHaOilM2dzdohxtmUh1OiDyFsAJuo2 imTj7WhjdghgVmqg26BOfuq9eAaV5mSUXmlrvsPtSw5Oawm+8rJ7U5dC/uaG7uac1umH8Glyjr+d 3duhxl0EtZ9hruSOJua6PuqoSxDxO4epHmlmvouqtuqrLsb6/SubMMZUBrMdTpdDtmlC9mbGFueJ nuXJVusJi1IA/t/dFQx+aBTORgjPFuZiXuqQ9uh45hrQ/uzCQO2DWO3BaThsyeuRVrB8XhCgoeqr xkPGw2ZsXkGvxh3cYWVBgWxXFutXNmuPo2ha3unJpmhSxWzdvdvcDdXU7gvQbu3BQO3VZmrR/0Zq kKZrkAaY1r5uvxBv1o5BENprjTqXp5aZewbjZRbswADLVC7ll86phF5sshbrsibuvEvuiZZoyjZI Ib7Zh7ho7CZv6maM7O6Lpg7m7g7t7UZgoSlvwqjwyLO89jacfJ5qMtprwtnkv45vd2Q87ONt10ob fLupxTZuh+7v45445SZniVbuAAcwAh9qXX5uwOBsfvBx1vbxIA/yGhhyBTfv1LZu4+WHX/BsJg/m JV/y4+Xs4gXtBRbyz/5xIC/yKydyIvdsIS/vIvfyLO/yMc/yHh9zLA/y7Vlzu9ggIWfzNccWfjgH H58LOx9xgk48xTPo3d5mk8tmdinkQX9lcP928ZGr8YgWcBlXuIFgZOnG2Tv9CzL/cuqmdCMvc/O2 bmDucQVucjSnciWf8IdAc013iDBPckz3ciQ/dVO39FXX9A7ih2eY9Tmn7TpfkKmedcOhc1r/8krP 8xXcc69rQa7WJ+BW6EC56f0m7psGOkXn6QBv7kbXWY2O7gLf7FbPdGA/8urW9i6Hcib3dCIX908H 90wH73P/9kxndSPv8SFncAZX9yMv9ViXGTTH53v/cF1HnF2n8ztPkPFel3S+ya8T9pfubd36smwe tkEh9BZn6ENHbuaW7EUHv/4i6osu6sCQ91SXd29X8E7vdOIN906XcnIH9WEGcy3v9jJf+Y//Z/eW r3eXZ/dKj/eX+fVa56BZd+9a3+t/53lcxwuBDxTMJvCbdeSJAzsj8bTd9iuaZngWd2xwLmtn9++K b26evvig7uVeRvBXp/d1d/dWL/lxF3kld/KRJ2aYn/e2n3m2r/m4d3tXt3c2by6dlwufZ3NRqvVa J3K+IHoJwXHezfgdz7WBc2kYgwnYjYk/OC/lBuuahuVBZ2wYR/SdVvTByFmLbuSNTnCwp/mQH/tW P3kEjvIun+QlZ+1K5vYfT3LrrnfX/3YyH/uO33abJ3s08nFa5/U5Z/O9BnxSAvr0pnPzBmgH8fp0 3ng/I2w7LGyuc/wSm2lBp/pmN3T003qt/9f81sDZHO/Ajz9zMAd/sd/0Yp7yMrdyST59cWf5nFdz l5f91YZ3kKd3MXd/3P/sOZf9NIeZoBdygDh3jh9Bfuee1TBYY2CNhvxqAGgocSLFihZr3MnY8M7E jBw9frwociTJkiZPlqRHT+K1hvSsvXxJ8Y+1mjX/0LSGcqdEZz1r+GzobCjPokaPIp34pwZOpAk0 eqyRIOnEhyOtOhz5q+LWrjW6bqX4a+xRrFTPWkQ48ZnVZ2pruEV4Dm5cuAefCXS78C1aiiExAv6r EXDgqH37ypN3eGWNayth1tCpUuZSa5Vz5rTJ9LBFokN9guYsejTpi1MTnJZKsiDr1q5fw/+OLXs2 7dq2b+POrXt3wcNQNwbGaPgv4dJUFddIfFRljcmMW167pjNyZJrVJS7N2bCpcaHeu4MPL74s57Fh xU4Ma75s7/FG9bJuyBch37t68cblWzoqR4n9fxsmnHsoKYaccsgh5Vh0Cy7IlE3WQWgZTpZtxxR3 A2KYoYYbHnWeeWBJ9OGHHIKn1lt6wSWfifnddZB94fUXXIyCETYciRIldmBDBiJYVIONNUedRDdZ JmFkRWa3lIU3Mtmkk+Gd95WUU65H5ZOk0UcXivqtVVeK9OUH3nDE/SdcmQFuqFxya+64Zo87MdjS Utf8Qed0N1mnE017boeTn0peGaigg5r/RJZXZE351aGEopVlXSfSFemXKVIqn3EhzSgjf2MWxiGC BfKY3JtwtrQdg0LaRGGqflrIqpKAMhqrrLGChWh6szZqooqQ8rolmJcC91uNH8VY3GDFYphjgaIu S1WpM7laU3U6UbjZZtlViKu225IYZYiKesXtUbpSdB+Ka1U6abp9IbsRscX+d6aMnqrZLLPONhYd U3RiR+R0175a4YXiElwweIYeaqvBJ5krEZgPdymppZZySZWwfsEr4GA1uqthjm6GCmqC+f7Yp8DY YmcywAuz3HJ5Lo/75aMTQ+xwfmHu1xFIZQLn37EdFZdmmyKzedSCASulcp9NMQ0wrDBD/x211Jyd eHPVWkaaZbkVJwUSx0ETyzGZZnoq0sdUuWoyq0uunSSsKE8dt9xz77TifeWii7XDOcfrn19Bi5Rp sm7ieG9ff17bqrXYIq2443RDHrnkN+utIt6V4jzaxZ26O6PnZrY7II8GitomUgG/irrjaXOH+tOS wx67y3dffS7tEl8att/xIruxzqGLvmOohz0Nt6uNL5n8wLIz33zBjtotc+Vc+4ZpzwLuDuDOfQs9 dL1oDfy28WuznfLyzqOf/qC06/or5RHv57uxwXZemPXAi/7xqKcvfv7S1v7vZP5THwEz5A1v1OCA CERg886FOYpJ7G6561zvLvYu7GXsRv/DGw3iGKc2tzGudeQrIAkHdECKnJB5vaLU1SznQNLQyGdj uh/gIpe2ijRtJk473utK6EPwKDCBC0wg+ubjpbxVrjt3mEdwRqK7sZFtbqkTIQAT9zbsDPCHkjtA Q7i4oQWmMIXOs5q6tPRC48yDiSCZxxIzkkbPZeyJ8oubB/80xRwqL0nZ0uIWuehHEomxIQwsIsTI RTHq9YWJbHRjcJgYrJ1V5ExzjNoIm0ZFtrVuh3vko9z86MUafNI9JwykINWnNZkZsjSK/B0b7ZdG jCwyimTbnIaCYhymWbKSVkSZLjl5JWlpxigHGGYX/2hAIpZSiIMs4MOOCJ5VvjJYi3T/o0aiGcNJ csiWROEM4rCIvF1acWW+fNK/GlJOngyTmH8MJYZG6c5xhseRaYSmjVoJFa9hb1g3+gxQ+ulP4t0x ZQF0WxUTB88bUUtIRzonSYg5EU+CMqKiVCADl3nQ7jiyBtGUSCth2Z9pYgpA9HtSaDiIx4Lq0GlK uyiHpGXOIy0UJRD1pEMdKspSDtGiLE2kRnu6Sp9a055t5IhQj8WzWn7GMz8JDy6XpkfWYXGnGTon MGF6FHZyaIhE1KlUzyJPefq0IY5cYkdD2saxPjKbJaWIUgGaSRxaJIRR7ap7UkWRYDJUJOrcq0TS +UVk0pUz0OToKzP60QvGMkDEUWs//7fpWJMqrampM+g3Ayuef6WqnC5tqDH7KlGsWtZg8xSrWKGp yDdqtI2g217HmJRUf5bUlocT4Er/x8vQDiizwExoTHey187i1mWnjeZGC+vTapKVkWTNp2tBw0/Y kiaEgLpQ43gY3Mu+9E6oyutI/BpRiF53YWAlLXk1OlrzLvK0x8qok5zbE6XKlpvZ6iDcBFrf8JYm sy81J3e769dQgha/2ipuWE073J4iWGcbbW9bZRtf+fovi5sU8Giqut2F9lev6qQw1Ig7kdOWNsSE 5WiCB+UZ94KneN604305nN8hUUu/Rampiws22MKO17wjnieIw2riiYTmwd05qQB7WJ9jzvB2sxk+ cuwOTBECLzij52XvlVAsZKYmz5tMDg9m9bvkLcsNxIMlrWnJTNjhUllQVx6QHrMM5u5o965vlt1P iTvlHB9YyiOeM5+NYtf99jlyVPYwjj8s4hDXOdCKPslmF01nEiNYyjw2LqIdbelLw7PQ5UVvaQ2c 4xJjOtSihlyUN31e8v5Ux5EeNatbHbdJf5jHsX5ypwnt6ltbJCAAOw== ------=_NextPart_000_0005_01C71D60.5F938DC0-- From owner-namedroppers@ops.ietf.org Mon Dec 11 23:51:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GtzcF-0001em-Rd; Mon, 11 Dec 2006 23:51:44 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtzZO-0001Q6-Ho; Mon, 11 Dec 2006 23:48:48 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtzSs-00063E-Ny for namedroppers-data@psg.com; Tue, 12 Dec 2006 04:42:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [65.205.251.74] (helo=colibri.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GtzSp-00062R-24 for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 04:42:00 +0000 Received: from MOU1WNEXCN03.vcorp.ad.vrsn.com (mailer6.verisign.com [65.205.251.33]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id kBC4fLPe019780; Mon, 11 Dec 2006 20:41:22 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 11 Dec 2006 20:41:21 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Mon, 11 Dec 2006 20:41:09 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37010596C9@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: Accdh0f5JyU+XIOAQheX80NsEVWMIgAHyCMA From: "Hallam-Baker, Phillip" To: "Masataka Ohta" Cc: "Paul Vixie" , "Christian Huitema" , "Ralph Droms" , "bert hubert" , X-OriginalArrivalTime: 12 Dec 2006 04:41:21.0426 (UTC) FILETIME=[C58A2F20:01C71DA7] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 AS I have been saying for over a decade security is risk management, not = risk elimination. The point you make is not new, Bruce Scheneir made it together with Carl = Ellison in a paper some years back. He was wrong then and Secrets and = Lies is essentially explaining why. Most cases of administrative incompetence will result in a complete loss = of service. DNSSEC does not add a significant number of new ways to = screw up and the remedy is exactly the same.=20 The cases where administrative incompetence leads to a security breach = are not as likely as direct attack and in any case very difficult to = exploit successfully without inside knowledge that allows for more = powerful attacks. DNSSEC is not intended to control against administrator malfeasance.=20 > -----Original Message----- > From: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp]=20 > Sent: Monday, December 11, 2006 7:48 PM > To: Hallam-Baker, Phillip > Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20 > namedroppers@ops.ietf.org > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. >=20 > Hallam-Baker, Phillip wrote: >=20 > > If you want to make such statements first state your risk model. >=20 > Are you saying it to Paul's statement of "so the Secure DNS=20 > model is end-to-end rather than interior-only."? >=20 > Anyway, if you use your risk model, your statements is=20 > nothing more than a fantasy. >=20 > I, instead, have been stating the reality that ISPs and zone=20 > administrators are equally (un)trustworthy. >=20 > As a result, DNSSEC is NOT cryptographycally secure and is as=20 > secure as plain DNS. >=20 > Masataka Ohta >=20 >=20 >=20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 12 02:30:37 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu261-00042H-31; Tue, 12 Dec 2006 02:30:37 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gu25x-00015Z-Mz; Tue, 12 Dec 2006 02:30:37 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu1wf-000Oy3-S7 for namedroppers-data@psg.com; Tue, 12 Dec 2006 07:20:57 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu1wZ-000OxM-KY for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 07:20:56 +0000 Received: (qmail 46187 invoked from network); 12 Dec 2006 07:30:27 -0000 Received: from vaio.hpcl.titech.ac.jp (HELO necom830.hpcl.titech.ac.jp) (131.112.32.134) by necom830.hpcl.titech.ac.jp with SMTP; 12 Dec 2006 07:30:27 -0000 Message-ID: <457E5833.3050605@necom830.hpcl.titech.ac.jp> Date: Tue, 12 Dec 2006 16:20:19 +0900 From: Masataka Ohta User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: ja, en MIME-Version: 1.0 To: "Hallam-Baker, Phillip" CC: Paul Vixie , Christian Huitema , Ralph Droms , bert hubert , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. References: <198A730C2044DE4A96749D13E167AD37010596C9@MOU1WNEXMB04.vcorp.ad.vrsn.com> In-Reply-To: <198A730C2044DE4A96749D13E167AD37010596C9@MOU1WNEXMB04.vcorp.ad.vrsn.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb Hallam-Baker, Phillip wrote: > AS I have been saying for over a decade security is risk > management, not risk elimination. I fully agree with you that there ain't no such thing as cryptographical security. > The point you make is not new, Bruce Scheneir made it together with > Carl Ellison in a paper some years back. He was wrong then and > Secrets and Lies is essentially explaining why. Hugh? You failed to deny my point that DNSSEC and plain DNS are equally secure. > Most cases of administrative incompetence will result in a complete > loss of service. DNSSEC does not add a significant number of new > ways to screw up and the remedy is exactly the same. Complex protocols are more complex to implement and operate and, thus, insecure. For example, it is a lot more likely that DNSSEC software has buffer overflow valunerability than plain DNS software. > The cases where administrative incompetence leads to a security > breach are not as likely as direct attack and in any case very > difficult to exploit successfully without inside knowledge that > allows for more powerful attacks. I'm not sure what you mean "direct attack" but I understand that you failed to make a point on the merits of deploying DNSSEC. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 12 03:42:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu3Dt-0001Ez-Co; Tue, 12 Dec 2006 03:42:49 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gu3Dm-00047T-VD; Tue, 12 Dec 2006 03:42:49 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu35x-0005dk-CS for namedroppers-data@psg.com; Tue, 12 Dec 2006 08:34:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu35r-0005ca-KV for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 08:34:35 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1Gu35w-0003M9-7f; Tue, 12 Dec 2006 09:34:36 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 12BF14007; Tue, 12 Dec 2006 09:34:28 +0100 (CET) Date: Tue, 12 Dec 2006 09:34:27 +0100 From: bert hubert To: Masataka Ohta Cc: "Hallam-Baker, Phillip" , Paul Vixie , Christian Huitema , Ralph Droms , namedroppers@ops.ietf.org Subject: Re: DNSSEC - Signature Only vs the MX/A issue. Message-ID: <20061212083427.GB21809@outpost.ds9a.nl> References: <198A730C2044DE4A96749D13E167AD37010596C9@MOU1WNEXMB04.vcorp.ad.vrsn.com> <457E5833.3050605@necom830.hpcl.titech.ac.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <457E5833.3050605@necom830.hpcl.titech.ac.jp> User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 On Tue, Dec 12, 2006 at 04:20:19PM +0900, Masataka Ohta wrote: > Complex protocols are more complex to implement and operate and, > thus, insecure. > > For example, it is a lot more likely that DNSSEC software has > buffer overflow valunerability than plain DNS software. This is not only a lot more likely, but actual fact if we look at most DNS security advisories of the past few years. For example, look at SIG Query Processing (CVE-2006-4095), "BIND: Self Check Failing" (2005-25-01), "BIND: Remote Execution of Code" A/K/A "sigrec", "OpenSSL buffer overflow", "tsig bug", "sigdiv0 bug", etc, all found on the fine page http://www.isc.org/index.pl?/sw/bind/bind-security.php Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 12 07:34:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu6qK-0007Vc-DY; Tue, 12 Dec 2006 07:34:44 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gu6qB-00057H-3p; Tue, 12 Dec 2006 07:34:44 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu6jK-0003Ch-HY for namedroppers-data@psg.com; Tue, 12 Dec 2006 12:27:30 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gu6jD-00039p-Ku for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 12:27:28 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 12 Dec 2006 12:27:19 +0000 X-IronPort-AV: i="4.09,525,1157324400"; d="scan'208"; a="5818187:sNHT42149004" To: namedroppers@ops.ietf.org Subject: Noah's principle MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Tue, 12 Dec 2006 12:22:52 +0000 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 12/12/2006 12:22:52 PM, Serialize complete at 12/12/2006 12:22:52 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 I've read MSJ's SO document. I think the approach is certainly interesting, but I'm not convinced that Mike's proposal (the part that deals with absence of authenticated denial/proven non-existence) will significantly increase DNSSEC deployment, which I think is the main motivation behind this proposal. I like the idea of the signer being a non-parent, (or, for that matter, the signed being a non-child), but that is IMHO a whole new research topic. The discussion on the validity of deploying DNSSEC, or on the feasibility or impact of attacks on DNS, is repetitive and old, and has less participants every time around. I'm going to apply Noah's principle for my own involvement these particular Namedroppers discussions: no more prizes on forecasting rain; only for building arks. DNSSEC development and deployment is real. A few TLD's deploy DNSSEC, and most of the DNS related software developers I've talked to have, or are willing to implement DNSSEC. Microsoft's public commitment on adding DNSSEC to their server/resolver set is yet one more prize. Meanwhile, everyone who wants to use or deploy DNSSEC is screaming for tools, so more prizes to win there. Roy Arends Nominet -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From at@aica-tw.org.tw Tue Dec 12 11:56:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuAw5-0007hx-Rp for dnsext-archive@lists.ietf.org; Tue, 12 Dec 2006 11:56:57 -0500 Received: from 48.red-80-32-211.staticip.rima-tde.net ([80.32.211.48] helo=79.Red-80-34-194.staticIP.rima-tde.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuAw0-0004j7-27 for dnsext-archive@lists.ietf.org; Tue, 12 Dec 2006 11:56:57 -0500 Received: from [162.108.144.73] (port=2334 helo=nztqyd) by aica-tw.org.tw with psmtp id QJllXR-5CbfcB-00 for ; Tue, 12 Dec 2006 16:57:08 -0000 Message-ID: <000901c71e0e$7ed03c20$00000000@COMERCIAL133> From: "Ultimate" To: dnsext-archive@lists.ietf.org Subject: Log Tony Tiger Date: Tue, 12 Dec 2006 16:56:40 -0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0005_01C71E0E.7ED03C20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 2.0 (++) X-Scan-Signature: d424907374faffed8e9e11e94f671eb2 ------=_NextPart_000_0005_01C71E0E.7ED03C20 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0006_01C71E0E.7ED03C20" ------=_NextPart_001_0006_01C71E0E.7ED03C20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Uncolorful making greentop popup bookspaper artist. Feel, assortment ebay data into. Forumsmost, popular antique book find. = Before buy new for your games millers, everything, elsekovels. Music box amazing created field? Lining surrounded empty shopping carts, = boxes plastic bins. Craftsthe abcs of ebaytopics price guides card. Overall uncolorful making, greentop, popup bookspaper artist. Without doubt he top experts? Old some exciting companies. Tipsone, night vegasbest vegas hotels. Region leung explains whys. Interest in art from region leung, explains. Ebook is free only small. Does anything elicit passion or response? Antique book find out more before buy new. Can truly appreciate pinwheels turn mice, open. Less feel assortment, = ebay, data into how. Down decide true value remember always takes. Remember always takes = seller buyer agreeing tins values looking. Favorite parts world just. Hot perhaps they not yet sought after selling. Unusual ce check, friends library sale. ------=_NextPart_001_0006_01C71E0E.7ED03C20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"seller"
Uncolorful making greentop popup = bookspaper artist.
Feel, assortment ebay data into. = Forumsmost,=20 popular antique book find. Before buy new for your games millers, = everything, elsekovels.
Music box amazing created field? Lining = surrounded=20 empty shopping carts, boxes plastic bins. Craftsthe abcs of ebaytopics = price=20 guides card.
Overall uncolorful making, greentop, = popup=20 bookspaper artist.
Without doubt he top = experts?
Old some exciting companies. Tipsone, = night=20 vegasbest vegas hotels.
Region leung explains = whys.
Interest in art from region leung, = explains.
Ebook is free only small. Does anything = elicit=20 passion or response?
Antique book find out more before buy = new.
Can truly appreciate pinwheels turn = mice, open.=20 Less feel assortment, ebay, data into how.
Down decide true value remember always = takes.=20 Remember always takes seller buyer agreeing tins values looking. = Favorite parts=20 world just.
Hot perhaps they not yet sought after = selling.
Unusual ce check, friends library=20 sale.
------=_NextPart_001_0006_01C71E0E.7ED03C20-- ------=_NextPart_000_0005_01C71E0E.7ED03C20 Content-Type: image/gif; name="should.gif" Content-Transfer-Encoding: base64 Content-ID: <000401c71e0e$7ed03c20$00000000@COMERCIAL133> R0lGODlhJALYAYewAAAAAIoADAB5AIN4AAMCeooAeAB4dcbCsszNx7PS5UosAF0jCo0tDZQlAMou BeEmBAAyDiZJADxCBl4/DopDDpU7AMg5AORFAgBeABVeAEVYAGdXAHpjAKJrDchsDuVZAAB6ByGD CExyAG59DnF3BaR4ALt4BtuBAACfABSoAEKeAFOfBH+WCZ2WAMWWC92fCQDDAS3OAES3B2iyAHK2 AJG9C8u/AOi0AADbACboAE7mDmbuAI3VBpbtA7XoDuHoCgkASCMMSDwAPFEISogEOp0HQMUANe4L OwQfNBkTOj0mO1stQHgdSaolR8ITO+4pTAA9Riw0QU42M2s0TnczQpxKPLc4SdQ7OgtlOxdXPzFZ NFlRS3JgBKVSNslhQNFVRQB1NydyPENxO2x1OH+KRKCNOsF0M+mGOgyiOiyfTjeeOGqjRXitTKyR O8SfQOGlRwC0Nh61PUC1RFm2N4y+NJ62MbPBQOS5QQDpSSHTQjbSOGTnPY7eQKXnOL7uMeDZQgAB dR8HfT4OfFMAd3cGgqAAerMAdtkAjQAegSsYcT0mcmobgIQciqcqhsUke9cceQBMjB01eDlAdGU+ jXw6fqU+gbQ8i+lDjQxYhhVWcztfdmFsfnRRiZ9ahMBcgt5ffQGJjCCIdER1fFJ1fYiNfZiOisd0 dthzfgmsgSaZdUmpilWUeYOofZ2lfrmaf9KoiADGcii3iTq/cm7KiHrFjqjJfrLFfeC3fQbhiRLR eUjYjWDbg4zlepjud7ThiNHjegANsSAAtE0As2AAzn0AsakJzbYCy9EEygArwxwUyUcatVwXunwg u6Iqt8Mrsu4WyAg1zhxAs0JOyVVMyXQ6vKhNx8s/yOtGwgZhwiRivTpZzWNWvo1asqhksrVoytxt xQCBtBOFvDSMzliDwXJxwaN9uLVzuNiGzg2fyhqowEuSyGOTznmeuqiezcSTyemZsgC6uBa6wk7H xFrOyYXOzqvFtv//86Gor4N1d/AAAwD/DP//AwkA//8A+AD///7z9iH5BAD+vS0ALAAAAAAkAtgB Bwj/AGsIHEiwoMGDCGskELgwwUKFEBs6fPiQYcKLGDNq3Mixo8ePIEOKHEmypMmTKFOqRHiLYEuB L1/CvCVzpcKKEm9arGhTI86GEX/qdNizqNGjSJMqXcq0aVOaNF0WbAkVZs+cA7FiVfowXrybX7MO HSqRp9OzaNOqXcu2LVOqA2NaPVgTJdGdQc029ZogbN+wCCdSnOi2sOHDiBMrNhpVqtwaMevaZQgU YkTLmI/G61tj88Kvm7/qpXzz7uLTqFOrVu2vRuu1jWdCjkq1KlfMQAkn/dx1c+e7lS8DD766uPHj yG2+Fuiv9fKlMm0njJ2SqPXKgtE69ApaaHaeZk0n/x9Pvrx5gs1fN2fuOv1zxnNlQ20s2aRunaRz jrYZmu9v0f+RhR1Z5xVo4IGKLfecegvW0M+D/Tho03xwQTbbhfVVZ1lZFGVWFF/bMQRaaBuWhhOB CKao4opKLbheg+v1s9yDEtZoUm31VVjUieBZhJ9RYYnGWWfc8QVgj/h1yOKSTDYZknvsOafgQP7I CGGEAmGpEm1zzYcUYdkF5eNtXnUGVplHGqRkmE626eab7LWHHpXMvWYljTbmeRJ9F1p41ImZcZgU d2d+BhiAJlKGHXFwNurogeu5dtCMMmYpY5V5YqklShQuNZhwZZGmWZHc6dbXqT+CmdejrLZq3nuR Mv/YWoQRVmllljXiuSl5wClq6nVA/uWbsNuBaF2JSrqq7LLGRSppnVRWaqWtNmqq53mC6ZdtaR8S aaZvovXnX5hbicfsuQe9I5C66CL1YntQTgmlpXpC6OCuvG4YarlAGtlVsaUim9d97RZM0DvsGtyT c8/KCW+dtlbqYIwD6Xotr8Bu+9N+JXUnEJq/fWsao8cq3C7CCNeQsMkqycrgs1XGKK2UtNKaK77Y Ziueqj2N+F93w+7sK8css8ru0UWvFGtBL0vZHJbuabnplQcCy+1lgxJpKGdClixW0gYjre7YK4M9 0ouwQvvgi7Xeaq+ENRt4HYemesjfkKQCdvV3ipr/rWzKBQHuN0loM/zcpU9Lmh6NVzZeIN9g8miu TUR5VubQI481OLooq+z55k86DG96cEf7dKT2Ui33mDzTPflKrQ9nosZ2g+4m2biXbTtHThsO8+lX 0lyxzRU/zi+gPIP0wfLL18D8BwQxn4D0N0n//PUfNIS9QNhfP9D234NfkPgJMT9+8+d3D3336avP Pfpwpjz27qH/TvrEhceM58304mzcVj4iWIfc4Y6BFHAj5nPe88K3vuYRxXrLi9xDEphABhqEgvDD IPwUCD0OYqSC7+tg9DY4wg4u8IIk9OCb5vc5+oFESg0jiM2c0zjVFW9/5gnVTj71qQISsAY/1IgG /zPoQA2GsG4qfF/6lmjBJFYQhCks4QZBGEKEPDGKVEziCnXnwieRDoazut+7qnWvMmILLz8K1EII yEaBBPGD6AOfBh1ivulFcIdaPAgUU2i+K4owixfxXhNLaEUiipCQTOzi5mLFMHjtqlaz0pTUivc4 uyVPST48IBA1WUgTNi+OoMyeHUVJPfEAEpFVXKIfBynEBqKSlagEZBZPqciiueeLDrNVjCJpEMbJ LTy5ASBBNNnGN+oxlB68okLQN0r2cTCKWpzlJ5EpxUN20ol8VF8DPWlNWOaxlkmL18uY87bhSZJx xDtjj0omKDYeMJMZMaICsfm8Cd6xfCd8pTS3mf/P9nWTkKtMpD+h+U1agtNk71rajHTpy0ficHUE 8c5BfAjEisLzmNwMoR8DGk8S7rGbfZzmP1850D9mc6QhHWlBCXpQhRkuf5KqVS8berF8sc5qfduk GytqUXxmVKOH7KdBSfpRFG4zldfEaBP3mdRTMrWli+zd6MhZQ0qasWpZgZx+DPjOnnqViRsNalGP SVSPTpGa+TwrSg2JVG+msp9uhSr9fBclTN2LePvzXyV7JarS/LCrO9WpUdsq1LEOdqUgpSY9f0pL s7b1sYOEK2LlujtZHaSG5WTRmr4WUYf8daef5Wk1o0lFs7rvmVhMbWHFGsrGmha1KWXfR635VMr/ uuoXBfkFbktiM72qCJg7e4gxRetGTtr2uMgdiG5rgNvldhFJnxpmV4NI0eRaF6q7Za5us9vc3WZ3 cMD1UHWHGdjrmreL3xWId7XbXOa6l37bmugm20je89oXdO0lSHeV69z3UpaTfyXmfQe8Oe5y9yL9 /S9gv0rgBuN3u9/drn/lalzBltfBGGZWeg0CYYS0d8MnkYeIG0Xdggw3wyhm1X7fu2IJL9e5H1bJ iGsgDxqTmKfurDBbAsBjjvyhBj9OsZBB8mEJ+/fF7D0wiEsy4hrXmMZPZhF9KarjgfD4yljusVGu fJE//DjIXg4zRrLM5Z6UmSBZBsmZC0LmAAhk/801WHObEXLmOms5zXCOs5Y1QmY2p9nKcu5xm7Gs Zy4TGtBuhrOhB+1mgzB6z33msIv7/IsrIxm3eFb0oiONaBsLRMRRhjKTplzlg+S5KKcWSJi9DOSB BLnVpoZ0qkmi6UTPms57RrOsbd3oTr9517HutZ2Ffedc/7rXYy42sRs9bGDrGtnHPjawa13oj+S5 zKeWMJcrzWNuu7m/usV2rXnt62M/ecai9vSK3ljqhNxaJadmtatbzeovq9rRxn63R/6Ma2gnm9q6 rvazox3wYBM80Mw2tsD/XXCES3vZfva3uIe98GjrG9/Qdrh+m7ttTPN6v8vdNr8zDXFEh7rJNv8O dcE0vnB+Fxrhh355j/8wcSCL+dXlLrfLZc5wdyv8Ii6fNbUv3mmSD1zgfvBDDfyg71RfW9B/BvjR I73piFd8Iywvt3PL7GJvI1m9E9811EtO4zOj/NPqNhjLa15zgbddyzTn8Y85DWt75/zgY/f1z+9u dY5A/egGHzjRLW7rird96QQH+t6fTm5l933qf6/20PeueGQzXr0Q3rZ2tZvtK3/D25uu+sJrfOUo OxntM1Y5s9aed8JL3NkEibubZX9lu6ta3okv+rQpj3Gf897qFO/3oK/O8L9rvMxKT/qVlV75fve+ 6lLXe95Fr/vhN5/vXMe8pbu72zyHm8ef97z/8cfucnmU2cnoT7fqV59rirt/5LBv89yzvOov2574 1Kd+RoT+e+DHn9CTt2yUR3L55njMt3RcdoCB13v+l3BXd3lu13gFSG771n4Kx3XeZWmYF3LdBmG6 9Q2eB4LkJ4FkZ35aZnqnB2rrtyysx2tU12fD5mW1J3uI1mi4Z3+vdnmMRny+53wdMWe5J3kT+IAD CIAxh3cBkHQHmICIt4CPV30Pl3EX6HgyR4FQWIGWN4WNZmSah3mFFmPh120imHBkaHi7dm6fhm5n 1y4tyIPPZoX5J3fzJ3ewdnu4h39lyIB89nODl3iH53oN+IQRN4IRp3w8xnxK2HSLp4Utd4R4/5iH PBeA1maBr4dsHNeBRaZ531AD3xCGAeCJSGiGjWaCvaZy5wZqakeJV9h8MTiDAkd79oZzN0eEkAh4 +8eIWKhzqghwWTeINUgQTGeAz5Z8SeeDv5Z7h7dzENhsVgiIuWiLZ5aJHchcrcdcn0eN4DeGnCgQ nSiEWViKaBeOqOhpK+gqx5eMFMh2okdoMkiHq3aE7SiAgEeFvBd9bxhrfjaP1eiHsLeAjKd0CViM wZiExeh7kIiO3yiFlYiMCBmEe7iQFXdgWPZ9AeB1uLWJnTiGnRiCA7GR1Wh2pYdypyhq5dgq4xZz nEZ3c0Z7WPZlZxZmtRd7VciHQeeIb8iMh/92atEHhDtJd/44gYc4fIOmgIMIlKr4i7YYiZQogDhp kzVAD3xXhZLmgWTmcWS2iVmmjRlZfeV3fgMxjqc3ZPNWbzanamVmb654b6nRh6pRkALhloinhAJZ MPRQl3UpEFD5lE+ZlxzRYRMGY8rVjdb4CxkpmJvYkYfZEWeHhiq4GgcgEI/ZJGAGZjbHZa9Gg/Q2 b4vBlqtBlMn3lgNRkAdIlI+Sl1B5mnfJl3q5EV2XW+zlmhlJmJ+3W4dZmB6RemGZemmnGAcQmb4Z mQgib5NZhy+ZePa3lv2XHEpYEJ8pl4jYnK5yl3u5mnupmqzpXiCnXklmjZwom4S5jd9Zm9z/mJgb gYqmGJao8Zi9WQPryZ7AaSA46GqUWXdiNpZ2iHPntZzNKZCfuXT6CZelaRB8KZ0DYZcZsV4bx30f uJW2iZHiuY0QepsjGY6p8ZsDoZ4qMp+3J5+XWX/3SZYOhohNOKJz2Z+sgpp2SaB4uZqnyZr5hZ3e 9WILql1baRDdiJEgYZ4npxrA2ZvqiaHvuSTxWZ/HWYdGOmAiKpdx6Z/9KaInyqIpuqIFapoegaAH xp3buImEuaXcOJ5ZKhIpWJKH0Z4G4aNBeh44aHceOpzCSZn4aV9OWqL+GZf8CaBtkpoqKp2pOZ1S eqBFhp3aiZ036p0MyomJSZ5tsp4/+qME/3GmwRl78VmWNneHanlfy0mnTfifSjqncLKn1gmlqImX LfqpHMZim6egg5mlF9ml44morOKbkOmjQkpv91epMpmZIZqpCkiab2mnd6qXA5qiLdqnK6qiCfGn Hthfn3eNq1qbD+ooGHqh0qqoGaqmHLqhmimcGPacTGoQxPicvMoknkoQoYqi5cqiGmFkKyaosrms rBqh8Aon0fqeZFoYjvoRs9imx4mf9YmrGcafocmtcxquSaGCuXkUeWqdBjqdo1qsHbGuMKqlhgmv OPqqitqe1CqraGGh0RoSl3lv90eWIquZ29qkTrqkKNsUBquG47gSpjmsBAqzVFoQpIoR6/+VYFza kQRRo67qJhwLmewJtBsbtO5ZtPXaEfWWtLRaljfnoUdKYPsZsL6KFugmjlZrEwNarOcqswxbs9c5 Ya16o4Z6LkG6qBrbFGf7s/eKEauWmf06qfSJrSgGrp7Zqym7FGoIZbqJhiqhmjNbnVPKsAVKrClR sV7aLrC6qGdhtkULtGubEbEoqU6br/IpZAALjLuaFij4lSmXgi4LuCgKrFobuKLqtSXhrIKJLhnr FozbqI0rEh8rqXV4g0/7r6BJt5zqFOhJELiZfn1bncaqpw4LrHuKYfT6uEjRo/VKrUQLEm9aq7L4 pmJ5uwBKsEfBsr7Ludp7EnpqoMUbpcD/K6rim2Jnu7juyagXuroeO5n7CqmROr2YG5qIoaPo12RV ixLFS7PCqrXlarrwuxRHe6bIi7REaof++r+KUb9Xa78FIaYc0b8vS7wSTK6hi8BOYaYYTLQZjBJu 2q+UasHzu4acG6a8y73k6rBR6r0LO8EgvLgW6rodSxL1B6Jv28IhbL+NWcKn6MAPXMGlC7gUHLj+ a8M2gbFAmrED7LxOqxI3u2REXJ4kmcOd27L4O6Xgq7DDK7hPnBQXe7GuSx4eqFxb/BEjqcDqlpv3 WxJ++7ehyqcrPMZcLMAFkcSpcaVODMcNbHpnrLedS6Em4bfja677S7p4fBRl27zSahxW/xpjCVbI BmGKeZxuSRGzbVzJ4+vIXGy0PSq0yBFhG3bHmJx+IhzFPVHBo4qnqGysmGzIZCqrdGwYHcZ9rwnK hax6VJxyfFwUgKzCKLzKaPu6r4wYgLmBm+fLF5HDaDzFRvG3UvqyMWvMAMzJyZGdgWpgtLws8yAQ 85DNqAGWyLzDPEwS+QvEQwzNLKOuXqhkg8PNNZDN7Dy/abjHjRnOaiy+DRvB5oxf/HVp6dzI58LN 7nwQ72wYO2q1uzvJJwzE+fxgxPyXgaowAB3Q2gzQi5G92HsWClvOC60wRnZkYhxjBbPN29zOI10Q 7jzQhXGwerzRvszIMOqa/gzRES3SKP99wwftJN7gDQKR0yyNIMP8dR5dNCM90ydd0ydhC7ZQA0m9 1H6j0zvN0z3t0yCXXjGNLux81e1M0hJtE0uN1F4tEEltMjwN1Tpd1k4d1eXRxIA5zFY9EFj91iWt EkwN1mHt1XPNLGU9EHmd03u912jdyUUGYzEq1EWt1SV90kdd110d1gTB2Mvi1wXB1zVw1pIN1X+t Gv681hCtzQQx1HG91UdN10q92GCt1KX92JQ91npN2ZNt2ZddHDKaW9fsKJ79zhKN2Chx14rN1Eht 2l/NKnk92U/d2sJN3Kut1yjGD/xwEMrd3AXR3Mo9ENEtENPN3Mst3dDt3Nat3TVQ3d3/vdzZfd0G Ed7uFd7ind3UTd7cHd3mLd7Yfd7grd7wjd3pDd0X4d3tHdHfLd9azd7kvd/aTd69nd4EodwD7t/A jdyuDdmVbdauTWDeTeAS/t30TeEWjhARPuHWXeH4Hd8V/tzwjVsZfuEIDuLz/eHjXd0lXuAnTuEd nhAj7t0BfdIdDtArjuIIntTVreP80NUWHt22YOCtotoLzteq3drBnWERvuQezuIu7t4pnuEjruFP 7uQqDuUTPt1SjuUX/t7X/eIYHuBNDhdaLuZdft/cjeK2TeDc/OJbvuFgbeA8vuNlrtRC3igM7tRE Xtx9fdZKDuVMfuE0ody3YN9o/uZh/w7iXb7iMX7iiK7oJv7l7j3lAE7g0y0TZV7nlB7pKe7W+r3N yj3U0e3ON07lEo7UV77jAN7bQA4nDl7cT23ZZk3cqe3nAxboVn7dUeHfXO7kZ07pge7m6L3d683f UW7fCA7mG+7fhR7et/ANyg3tzp3qae7ruJ7VIu3roD7p8T3s/y3kqN7j3x3uvc3jpn3mbTLWDm7r ep7aSN7uDnbt6d3s0cHr/EAd1g7ovf7rTW7p/d7pyo7iAv/jaQ7skk7ol14bhm7ond7w8u7ZWV3j I13qyy7u5E7wjg3uFO7YTSLZtL7uHv/uws3u8a7vLoHw9z4bzV7lOlLf1W7wii7spv8u4Vfe8JCe 7wEP6ciu6xbS7NEu7VPe6AxP5YfdzqHe5vwQ0BQP8Msd1nIu4PQ91xzvJuo+8gSh50ge2a/eYIhO 75Bx6YT+3S1B6NQR8Jte8zQv6QNP4mpv8xSf6r4O5/u98lGBkfYN9G1v6mYP5Wse6iyezXV+80/O 6j0e5OJu500f7qWt8a5u9SFf9Qo+3LCuFHeALv8N4O7t82B/74PO+XG/6Pvu8vqO9nrP7ZhP7Qe/ 8+8d9/OjLnBv3jAR7fR9mJf/+Tlv2Eaf9IjN8LB/+qJ/3YZP13QO/OM+4B0f6w0O6wxu9cb94DZx B9Bf+WbzGPSBI3wSHRnCOVwkFVL/8Q3PDhneb6NJAdoTbdQfQdrlPhAD/tuj3f7Gn+6svdPH7ddY j9xJUfnSDzbRwRI1Yf39DxA1BA4kWNDgQYQJFS5k2NBhjXcQI0JUeEvgrW8Yb1ms8e1bx48PRS6c V6PkyIa2athiOVClSoMwWwqEidLmTZwJvRH01rOGz50Dg/7cOdSnwKI5G95hKvBOjadQlU6lWrUg R44Xa2w0yHVjVq1grY4l+zDiO7RnJxLM+rWjRo8YQwr0WNZuSpovWepduXJv35ov7w5WWnToT6RE kyoO2vjoYbtNnzKdTNjy5a0XLW7mjJUtW7GYRU9dS1Fiws1bN2aU25HuaNEz9f4V/9zX9l/bsHUL VYzY8eGjiY0aDn53clSoyHcvd5habGrVmblq1czc+ki0pilm74pVI0bX1y/vpT3TL9+W5M2LF13c sO/3PeUjJuobc2Wp7PUjfO7V88DpAHQrtP3ESyu7tLS7CjqNXqtrrgKrSu+282SLqaYI7SKut97k e4yx+T68DDnlMrzOO7cyqy5Fr6IL0MT9EtSutAUFHMgjHGFUSj3caCIIw8B0PMgXX2ogMicP6wOK p/mE44nDwY5LrikhYZPkSuk2unJLi66cDkvntvJSxRqwHGhLMwVK80xJykSzzYTeTFPOg94kaE0z 5cSSzoHOkmhNNdvkyM668IQzUP9EqzwIyLx8RO9HDGEsclKBirzpsQ3pQyrJgiAT7bgSFcVsSwHH dPMWMFEVlDOtwBTzUFIDhRNQN2tNtM5DbZ0z11jdnBVWYHFlk6DSek2011h33fVWUV2ajVGXopVW RyKrrRRJ+6BcTMmDjPpUqlCbvWtPSbjysrNaVSUzy1cDzQrQPHNFdFmEDL3VXoHOcfOcc+K9U957 AT4LzX+ZtVXXZIMVd9ofz/PRWXGtpdTaS5MqDj5NveXN04U7jrPNc21t0Usz21r3XHoLIteglQ0u eNiDl9W3Bn77BflmlQGOWed5g6UVYVl/hdljCsvL7bZIhTzy2qVt+nBJjOvjkGP/wqKikujByHXr XKwIjk61MH0td+iCaW35YJb53Jlsmvf1+l86U0577Z/9FTtgrAGTSe/aGo240kmbxgkoeULkTSji PKTaKsoqoyzvsrRuldQuKa9ORe9cdblWs3FGe26Y7UZ0ZjZtvlJf0usW+uNjPc+5Z9g3Xxi9Cfc+ usojq7XU0kvtK7yowgvnlj7Fv00O3Pwgn6pk1d1NNUv/Kger+c7F5pltco09GHWbuzdzZtW1B51z 11+++3zZxZ0QsIZvV5TiawvrSfjG5LE/ycSbHJHKxpNXfnk5QeciLSsZu0YmL+oBjIDX+9wC89W9 mtXsdKfbV9ua97nXsels5vPa/9swCLlnuW9hSxMckuRzP6TIQyAq9IYKE4O4+0jJKcfz3/9Qwryx mYxkqwLUdLzyPIOJblhyy+AQgTWz7tGMX1hKos2UeMEPMquDCORVwn5mw2gl7X+8GwsL7fcT4dnP hcO5D7ge17+rYXEkaZKeqYTINQGlBoi+0iDZ3sgzfNlLX1vil6/2eKgkQjGK8IoXsKp4SPOpUZFk +SKIgreTL/6uBix8z2j6hzynpHGRC2HjqVTFJS3BaTOmAtsPx5Y28amNkLiyE7OSGDQ4/RF1gTKd nVY5Pjt6MJdF3GQvpyJGL/pEkts63IiQpxyrhcuXIomedFwUx88MCEBV4t4D+/+IxLb1MTPVXGY3 vblCgvyuki4U3iQvZkyrTSmdM/wmQ1D0lRY905nObNGLTFTNWeJTm1ehTi8n8k8atRNrYpwkQYfZ Qg9J0oXfchw7Z7hOgT4kbPREF9gwR6AI7TOCG+2Kvr7CL4xCzk8y2k5A//cLlAokpb8YjVqqokKY NlIoj2yhTC15RmSCKqLNYdVzVpSifmJOSKSLoBKRSFS3ePQcGyEdFhME0O2cBossrQFLrTqQlJaF OxLxE05sOhByLhScjRSrZdaZTBnScKeoMZk8V/Q1zQwopOzB5jWbylGOeLQzcxXVWkbqV64iSHko JaxKDXvVqlrlQAI5kGBNuhD/spKzIDAN50LLGiWDkIhEDl0rfy7aUzK1xZ5AHaoS83Xa0951qeji a1/71KfFlvSfRLPqSm2bWKxSVSlPZexrZTuSyxY0ksCk7Fg/pdkpEYR/nV0IaC0aWhaBprXiKapp rzmQmllkqdqUpki5WhCAqkVGj4URYmtb1axeNb058SuCuNNVkoqErCuM5CTpG9bgGkedA8EPZ5nb 3K7ENWzw/E9pU2tN08bxFnq95nRh9F74mnSrCvKYbtWr0tpmdbdQNU2EyQtZ+tpXxMIN8VeNmUl2 NvS/AA4LWF4kwGkqqqj7TLB0abbgBYPUwRn6a29fK9jeTlhRK02shS2MVSTj/1Yk7p1te0naVfmO mKDgnOyIjafihypzxaC5nAG7yypxaTS12GwbUzmjV6xtFcjfBbJj4ztk9OLWvHGWs4bNQizx5rnD UTYoialcULAyx3FSkoyWtwzNAl8Onl3u2CzbJpA/RDrSQgXQUvMmXvCuGbaB/TB7iIxhDRfWsAQh sm4d4t49o3q2KJmyZYt7X2Ba56woPrQ7Bexi0O44o2S2LqSV+AcWOdpjEe6wph07IyFRNcN2VjJh P33YJYMX2fC1SX3LOlzhWlbQg75krRvyTtJ+Jm81a1ukZyZpdJM7x5fGdKYnHF43V0nZtz2vsotM 6mcnBLBSTbVBRuqQmF7bvv8CN5GhvY0aRD933EZ9dA3MLelzQJwgNF7Yezf91H9z2qWdto561xvn eR/Z1KZuiJCZDNsm8zmcAw+0TPN7cMiF24b5dPhA/rDPSWOX4uJqMpTbG+SSAl1H+UavbT2O5AuT fCE0gjJjS/Pmhrwa0AYNOMytLuN83XzSES+31nPe1I5p+uIYj6rPhbwfxGI4yYcVub2VrG8f/zvP c3e6fCk7X7Ga+Op7LxC5/wDpnDs84pJueJp9G2Smu5RYgaWwp5edYVIXPe3zfru+T47nTde96VGn MnGH+3K+h946Nbs5R7OZYLAT7el7Po3cn65mE12YzkhPup3TvnSnWzzjgIX/OkOmnG29i174Gf27 w71+fBvqXs1yl2pjUR2hx8+e8muXvJwr72/WoxzC4W38Q+rL8uGHfz80hvjf9RV45f11sfv+bu49 DH1Qi9ro8Te6s0GuEKgGNPG576KVxf9/6pK48js/9FO9fsM8NvMt5YO+8yoI+VM7Z6s3kGO2g4C3 H2s/ugNADVykv3s4c7O5AvSuxdM9BRS7DBm5CFQ6I/u4m4itueu5zdtAGfyf4jM+wLvB9NM8BEQ8 /nu92EuvySs6fKM+FFQ6aUO5i6u7YuO4GWzCKqnBmoNCKMSMeIiHGrDCK9ytuOsx9+M3DDw78SA5 esst+7s3yZuzpds3xePC/95zQjdUlA4EQTlkDiuswipkr+UrttZzMjwDw+v4uFBzu8grtSFcMiaL LY17Q0UkmjjMuSm0DCy8QiyMREmkROyAsNbLRLNDPCaEjcICQsirs+lTu+uDu6jqviRcRFUUlzi8 jjqsQ4F4xSzEQw77udXLtB+cs6MbxZE7Q7MQu/XzwlUcxr2DxTs8xlmcxFlsQcXTQ6HbwqFrwPsz w9v7xEI8tTbjwWYkRm6sCsKrOY+JB3+oAX/wBzs0R4FAx0rcMMbDRNezwBOsPyEUwiNzwAlEicZK RVTsRn4cCcJzxChUlCosR3MUR4IUR3K0Q4OwRIZQw+dTwi30Q/1IQVJ0QP9mu0j2qsB97EeOZIhG DLwOrMFHLJBxTMaCtEMsLMiBUMhoU5CNo7Z8hMgTJEN6tMh5tD0jtIlV60ieFAmQBElwDEoYQceT HMgrLMpjvEOdrMDL28lnLK/1akCig0DZ60mrhI2Q/Mbia0Xj48r9sEJ1zMKCJEhJLMeEjEWWvDMM nLaz68SJZLvqC8Iky8mrrEu72MqgFEmvDMkIMUiCLMlKHEdxREiUXEmGbEhkO0Xs20j4O4hRvMe3 o0u7nMyp+MiAlEO83MqRXI6/RMlyHMjBBMuS/MxKPEzE9LELHC+JhMohtD0yDETKjM27tMGAxEvA Q7dJ20zYGEeiLEzBTEr/SQxOZcQJFyw7YaStT7Q3t3tM2WzOyqRNG2zE2+xK3WQOszRIlFTKc/zN oyRN08QO3BssI5vGpHNO87SKVhRJX8tN9rQ5/fhNwATNWFRJsKxDwVxHquAwRbI/XcytUjxPAHWI zEQ3X8tLzKzOgTiEQ5gKBTUIBS3JwkxIdLTESQzNk5zBtquzAD00AOjQDvWYv2tQ6mxP3GRPzRTK ghBRglDRGmBRB13QFIVRBSVMYzxHzzzG+DwIBXVRmIu+5NzQLftQgRDSjlFQEs1NgzhRA0UIHmVR Hl1RGIVScsxCzzTMwTxKg1xJdWTIJ7W6XpRMIBUoIi0IDyXSMgWAGvDQ/yE904Fg0zR1UyE1UzRN 0hbd0Tjc0SjFUxHV0xDFU4HQ0yhN0EDdUz/9UxnVU3JsUEC9Q0C9QjyVRaWU0jot1Ent0jC9VMIY 0zad0zddUzRV0w9V004l00+N01Jd001NCEo10jr9A1Z11QX9RkVVUVoNVEOV0lq91VytU3/YUUc9 hF4F1ip80BmNh2Jdxhg11EOtU0xt1t3QVFSNVlNFVTk1iFDlVFOFViaN1QaFVfbMVdycVUll1hht 1F0VV0MtR2IFVnOc0WINVmM9hEm8zsMkVEElV2fN18vQ1mod1Wnt1zM9VWkV1YWAVYerVSM12D49 WD5l1Vt92HFl1nNd0P9cDdY6Hcx1jcUHjdcHzdEXhVh01VeRvQt+xdY5ndZOrVaVNVlP5dSFAFTb NFKHndUOlNlDqMFdjdiQtdeJjdeCdFdg/dXsnNHg1NFl1VVbHVmlrYqVTVV/PVmBTVmojdp+ddpk rVmKvVmDZVVfJdSbdVhy9dVkvdeJDVtCjdc6BNpx3FGfjVeIHdtcbdKkNQh6qNsaqFu7XdqlddM3 JViUvdYy3dTArVpN1dZujTSutVOGxVPEbVhbbdSxfVhElVxEtdgGXVthXdRK1di59dOJFVtLvVu7 pQfRvVvT1VvUzQltHYnVPQigLAi9fNvLRFDR+M3sxM5gtd0pddvLwNv/0xWI0T1d0k1d4n2I1nWI 46VTgARBrWTW2C3Q6zjI20VIzAXL0gzdsRje4CUI0h3e4v3ehkhehhDfgoVdZRXRvURR6xyIk2xX PG3fSMUMvO1e4C3d0vVe8M3fAvnG2uxKcHzE52WPzixMvzzKWNSN7t3e+U1g4M1b/NVfCBYNzQxg oQRK6dwP3iRH201KczRL0fDd4FXggfDdEY5gE8ZK9MtK/81KFuZfDCYICC1LhIQN+nVg/M1b+x1d HD7hvXXZhSBfAZVC90RS5l3eoZxSwLwOBl5i7yVh4a1hHrbKgMUJIB7VhviHfzAILN5ih8PirfTi v9tiLIZejxlNJa5f/9EN4QY2Xe194L6L4k0a0yomVeP1YYUYY4LA4xoY4zHuQDzG4z/o4/UEQBCm XzSe398d4QV+Y6KCYxsq2YEF1Wz128CNVivWYi4WCD3O43+oQT7uZOocYtrlO0Ne5Bw25DXuO23i JkfOG0h+2lI9VVG9VqetWkzW400eCC+GNC8GZOgdZatz4t9F5DROY2Jm410rvFZ2Zb6t5KelVpYF WDs+iD/O4j225oIQYzEO5E5W4cvUQCg25lQW53FOZOagMXJLvWXGmkmuZai1Yloe2Cu25mrWZC7e 5Uj75C7eYhcm5GJ24ERmYGQeZjdejlVm5XWGnHaWZ6lNVWmeZzG2Z/9Ovmab02c/xuYZ3F5jtuH6 deMFLujRO72E9hg5Zll3hmaHNmlb1mWMrmeJ3uRdBuRczmg2FmgdLuFitt8MSWd1HukqmWKrfWap deZmNulsbmls1uYshumk1mYnDGGbbuAdxuGbBmndmDGfjuNpzmqEWOQb9uibXmOr3o186mmuJpo5 9umqzmlkjmo0hhFhO+v/SeuRTmBUvt+3bmO8Hmi57mu7BOGAzuuO5l6OHusNTIAVczW/JmXtxWnu besaBmi+dkLEJogEuOzK/qa8A73FXjG31um3DuwnVkTEvmyBwOyBMO0CmYeToApti6mEzod82A/Z xgzWFgmBPuQbrun/xlZkN6ztykZt0x5u1b6O2zaJl5IsbONsZibYfZ1moD4Iul6I2iYI2b5uhLju 6tZu7Obu6mbI7dbugeDu8Rbv8p5tgaju22bteRBv7E7vfBhe8qYH75Zv7x7h6j7v9/Zu9Lbu7s7v /C4I8obv/q5t/jaI+xbw/q6BADfwAn/w8i7t0j5tCs9s42Zv5DaJ1q42WMu7XlrpwXjlSyaM+wbw BYfv8kbw2Q7wGk1xBodwE39xF3dwGUfuk2Dv8IbwF+9e2abv+L7bHq/x3vbx023wFT/xg8hxF1fw GY/xAE9yHV9yFK/xGJ9yFMdsC6fwGihu5ljv9c4JbDMI2FYjEQdc/zOf2klOczqG5llGczcnCG01 byt/8hqv8ylncWS1cv+ucxq/8yO38+Nm7RxHbxqP7Nom3SDv8Qf28Spncuom9P1G8id38PC2cyjf cwJf8Ern8yhPgPwO7tMObi7XjZIodVP3qvsKMbCSurmG7miWU6MGXIZe86GG86i1ZBB/cSOX8jk/ 8UGXbeC0QjpHcSfXcUqf7RvX8CavdEUv4WY/9GZHYzkf9mF3dPOm80k/cmZHckfv9Wxv9EbfctkW 9VCf8AsXiFNPduAqrljDL/9TaFdPaVufd5SedVuv5MK9dXjeagXX9Chf8l0niDoE9mS0dD9PcXDX 7vZW7w3fdhmnc/9Gv24er+8d5/RrT3Br/3Ns93WN7/gBx/SDt/SA5/TUfnFRR+2CGPXRuHFTP/Wb gG3JKjEyj/d6t+S+HVyVpnl6l/d7d+ZH33SDD/dqz2+l/HaA/3M9z3QZ33Aqh3QHL+SH//G6rW5E TnRuj3qG2HQ55/U+d++rl3Kt53iQr/LKBu4tP3ssZ4/jHgim5/CVqyw/e2Sdj2ebh9aHtlY7zvcR n24aD/de5/XgJPjCHPm/93vZXnjEV/aSCPtCr+FKn3r0rvqPZ/Jqx/RBV3HKd3qkT4iAx/ikF4lx L26UV3nYSHfF9yr8ujtA02qel+Sd33fYH3Gbn326x3Wjxvw+b/r/v9fz2q5CwYdFvyd5wz/yhWf7 Ugf6SAfep0f02SZyRQ5yYvd3g8d8i7/0kNf16R97SAd5O0/41Pb0fMhsUB9/62BvdV97Vgs4xf6z madknH/9m39n2/dhu6f/N49/+M90E39viw/+yQeIeDUG1siXb6DBhAYRKiSo8CDBggfnScxHsQbF efMaLmQIsaJBevRCOsw38qHJjgw9JmTZMiJIiSU/wnxYcibIlxFR3uy50qfKjgkSqKyRgODRoUph Mm3q9ClUjBgvXoxqlaC8rFi1ZpV39SvYsGLHki1r9qxMtGEF1mD7Uy3TjBrn0s1Ill4NkRHx5sUr ki/cwIIHjzU4/9Ro0oFHCaOlWtVs1xqRJXulrJUx5syaN4Mtupmt2500GT8eqJGx3rx9ObNuXfjg YcWxES91HbU02q5cI1627fs38OBnPQumOnUqbrN/hTMPbhgx0sRJFzfHPJky797Vt3Pv7l2sXbrf x5Nnuji20tlGyw/Wzv49/Pi/jcuv37y29PX220ve7/8/gAEK2B1+h51H3YBWXVZZgoMBAECDTT0Y 4X4IUujdebQldiGHaD344VUTlvUhiRBiJmKIJhJUolMsjndacsBNR516HW43HXd+EOQHjzra6BuK KD4l5IgqZkbkkCwGaeRAS3bnmF3MIYgjjj9aKRaPNfSYJZdZXv9pG5JNujimiWGKCROZINZQYpkk iqlmmG6uqKKZcz4ZJUExspaegTTq9yWgUenY40BcaulloJrFSSeTa0IoYp2RPurkmZQKueiljEZV 53zInXacbX3KliF0FiYa6KCIdpnqqYq2CSKlEUGqZouN2pnprZo6+hWtu54pYa/CVfXpXKYVu6d+ pMoGXauJ+lioj8/uOGizDkpqp6Nyylkrmkoa6SSbbYKlra5JclfXsFKBqlmG+W2o2J/V2iitql5G Ky2A7xD0jr6ucerrrpYG262smuJaqa3/FhxwudwyFyWMMEXM2VLtkuqnvFfau6WWHRf6scfw8VuD viOPvO9mCs//Oumb2JqLLazfvgrwrAtzO6HAvwIMHH30qRuRnnDR6O6G72bMIaHQJh0tTEmLXDK/ Jw8ktasuMsXmm7T+SyTWXKeZqbhXWz02owM3Z1y6crHbbrKlrmf00QNSO/eO01J7aMjl9Qv11DBF TTLV8Cms1uC82mrfsBDLBWPQQr/9OHrMxn1hqoRyfDfHTbO3976ckzx14IIfTljhKTaIrmPrUrxs dPEya+rkAqr68ex4M633359/XjLgfXv+XuljWR17nsZKRSzQyB5onoZwE28f5rRvabnTTOPbHOdS U50977k//z3QyKsLZWtFa9i668+D1hb78LGq+bO32359dSb7/+5357vbD/73Eas98cQyk55RUQl2 6nNLPBLIvtDkKGRzu5vH7mU5vHGnX7vTnf1MFrW/dY9/4EucaTx1rPK57l0DVN9AErg+FSrQO5WT ILQ6Zr2NIQp7GNRf7iwIOB2GzoNxS5enjtM4wSjrhBX7nkBWuML2tbA574sh3Wh4KFZBUDh7O9n+ Ntg9HqLMh8QbIdqCWL4DzSgitTkaaBiYQoKosTpRbMoMp1i7CvpNe1DbX9/y2EMvNutTxvuZH1dH pbeJColNUSETk9hG39BvY9Kb1hQjUkMr8i5/HWQKFvPIx+cx7niqIyHkDPS42CWxLSxEZPtS6UY5 Tu9ycKxb3v+siEE76g9/oMOhDjf5w7T9zDeFHKABW4VKBJayhUvcTubkSMEJdimSk/SNBbHIt95J 05IczKUuMxbI+8CLNkgMjQIVmUJxqrKJwrFX3aqITlY+Mzh25GEl73jBG2aznsJRFilZyBQlsvGQ 5wRZMpMpSVfaUJ4RyV4dddc5LdqzoQ5ljCKLaUwEsnGii2yNFCnozAjGUKPuvGJC73dDLnbxoSY9 6VkkmkhTrm+BLGXOA5cmw/itqqPMmaYmt4dTp+wUpT796VdUGtFSjhOZdoMlUjEn05vqFI/RZOhC EQrUqVLVlKrsJxPXmFVUnvOFUFTmV21KSQ1iU5M71GBOq6r/VqoSc4HDdCkizRmcVkaQpvSqYv1y uMMLeo5v04znWgPr0IiyVI0UBedFGTk/Z7ZTb/RUKOh2Wta9Crayg5UrUU/ZxLbCFIYdfeJAv+O9 W/Y1slz8nWVT60GivjSRxYTJaxOLUaXGL6kCLahUUUZLvuJStb5dbWGLutVwnjKrLpSkU2rbHaji spK3hKwlfytd4umTnISt6Ftl+xtDQfCJTlsuB6lJWrKKdLLTPW/G5NrarWrVpccFbSzfs0XTShWk 8twjevPbLPUWVZ+F5a8blyrWzTUlt5k0K3T1q+ArLfK15Vwja9lz2/jgcby+e2duF6xhBru3urB1 r1srW+GR//6VtJTdMIpP1dahHtO3gYsmNcN73xTT2EbDZHEa4cpVy8p4gycW74FrLOQLxTW4NbjG f6/7Wxj7uIvVTPCQoywg4hY5gdewaH6dK17T6lbKXk6QAq985Cuf8hpiBrB0/yrNS365zQm6spnF qUIzIxnNm+nk0eKpxT27uc8DikedB0Lmll6VM6Xx4xBthNYC+7nRAhp0cekMZ9uIZ10jzFiGHa3p +ND5yJ6eM6DD7GlDg6ouIfzkplPdaDMLWtKeRvKYYc0zmPwghD+otapz/WVY8/rVvW61ZsITwtSZ 5gfFqvWt7fmLiCy7O8H7UZnQdKTfjG5cz95OtaUdlU4TBP/JdAYAksHNalkTBnnHmoux55FudSW7 Se7e5C+WHe9mQyVcTLrFLc5y7Vpty0MyM9u43s2kbK+JLAkLkcHfLTyzNEpb2s4WwVskoYlDhdWj XlG4zQyhX5e7eBCaBwDocuuJGbsGtQbAraPNR3kPhN6mg0m+CZJvfMcc31bZN7BcVqRY4VxWCv+5 gxiecH0L3ecrKrjRvzV0hFc8It7uNbjX9PRgC5EiITd2rTWCa3UTpN0/QDnSfdjssdcg3i8X08wn dAsW5XtbWIN42LYms6yV7Vo5H9LRBa53n8PJV4/K1pyCNSk60b1bMcta4CFVcK31G+KOX/zBCX81 aUdc4YT/H3ze3YR5NLE66teIOuib1Olw+73uiXc3iBYH+QfJJeQYgVDKY4/0ysuL5S0v++3rPfe2 A2DtBus9w3SOMJ05bPjG39ThOCX52e/dZSw7epDCLn2aod7oSU++9KMdfaVrW+mRCvvB+R5wy1N/ 8QQD+saR/nmNZ1zqFi999fPOd8JHKeQgH8i6UW5s/d+f+dMHn8vlHu4F4MLE3IPQHM5ACO/5Xg3E HM003KsQHK6AS8Qtys2Zn+SpnPyZn/hBn/X9nPZ9YPNNHvf9nQdu4AiaIMX5n+FpXlj8nQmW4PRx n6ysH7gR3voV3LiB3wkCHQc2CZTAnuuJR8ihnBGa3Jqc/9zJ1ZPZCWDZEaCj0FwUol248F7N/Mrb Nd7dIYy3nF3LXCAMZh76dWAP/uAMJl32Td4MuqAYep8IsqAZPpwGwgrlBV69YSAIxt8GNtzifZ6g lUnGeRv5od7XqGDBPcbHXV1G7N/9PYrWgZ3+6d/Kzdvtmd28EWCmIOCkzJzMNSADUiDMAJzNHJ/w Fd/ObAoe7t3AkaEemuEqtuEbamAayqAboiAcGmILymIc4mK1haEshuAH8uGj+OGRiZsxdtsgxuEs Gp1d2N/HrduaNCLIPaK7fV3XeRAlPuETyhsU+gq+qd3h8d6ufOLMrIzOWSAW/t7ZoaMapiEcLiMr qiDXoP9hw6TgrcAMPJ7iLf7fGOajPfIjD+bh4p2DzxEkP0ad+xWjQhKjrC2fIcrjQ57a12mE/WVd RqCcutlfRppcJJpcu32PJTJb7jUhwTgg1viemqAk8MFdBMaKPrJkwTCe2XRNFmKfQOrimNRh5uFM Lu4kLn6hHZZjKwqlHPbdCloeG8pfTq7g8hXcOUTgUxJEVF5N51mcMZKeHPpk2bjiqU3j/g2haTyj /XHkEiIdrokdvV1iE5KkU9CczXliRDggJ77lC87dd/QcZ9DewwHJZnyDXxadWZyDQdaAYBImYQpm YTYFt8GEqxnap5RcySGhup0GsqUbZeKf150lAIqkNrL/HFsOhBTGZQOCZieOpifaHF3enF16B17m 5YgEh16WhV/O5mwyHVkQJGIi5kDgpmHu5mEy5tRdnG8sDkUkG9dx3XFYJGYiWzZRoloShCWy3MzJ JWm6JWjKpQOaZnYiH0ppIfK1plhsi5KZxTfUQHn+5UDUZnlmRmJGRGK+p0HmJlME55gJJ9WZXHEe 22OK3K3hWrL1J3N+5PNc4gBG5zY2W82hZmlepxQm6Glup659hluFE1moZ21GxHqeJ2Popnvu5mAW Znz+pmK+WnBg3WRqHUb0Z+I85llqZn/qEjemJcxpJ3aS5mne6I1C6H5YgzUQRI/yqFrlWJGdxXmi Z5Ga/ydBrCdcgKiHuieTGiaIhmh5MM5xLuJUYJ1/4h8SVqbJDal2/YiMamMlQifuXSdcnilchqZp MoWOwseP1kCPwgSQslVFJZlY0GZ6mqeS5il6LmlvSql8RsVgkodxZt2VaiZ9eN2WemStERpxNcta EmjLhSTuTad1Tmd1PiiDvmWbnsj4ySmQximcwmmozinh8CVjxCZctdcLIqmrwsRfaiiS7mlZ4KaU HmZ8BupvDuoF2iJAloW5LWKxGEeLVuZ/OlhmWdWXRghJhmQ2ZiN2cqLMOagCrkloSmt4vuav+iqP xqmomuqb8mGrbqtgqCre+eBVUKhQ3eGaXKh5AoCRxv8qhnqIVNpqYgIAb/4plMJEvkqcMpLrWBCn oaJoyaGoR3bdD6RRPCRsRGgWVgHK2DlnAEYsptrogiIgp45mxWbr0vUqqfrom5Lqj4pqk5AswO4l a5irv55sw7pWfxVa5vVphuopnxapu9Zqv8rnk75nvd7qyh4kYaRbwWrdidrawWopEi6s0nYpRbXX sg6IyzXrpE6tSmZN2wGeSq7d2mFtCQ6M5s2kUWpf3GVLt/6oG34IkIprTNadyrkdpogt24oNnPTd 3PLk40GemKgQiSTQ5vFbAsKrX8Ir4MnqNzicTCaMYNIKbz7KUz6IQZLIUzYuYbot3QKewIniV1Sm XED/JroFqGaOU6MmUOhG2Ft9yVqWqWeOabV+o2n23gE2Ces2oOuaiNbWog/+Isr63xWyDI8CQKlC SLdOSpyWSdmiaxkCox72IvXRYB56XwYebzoKBADEg4lIr6Mk0fTiXeEKbuEGbuEiqeCmJ+ASIvRS Hm5CyIfiq+NO7prwpuQSpO0yX/Rx5WAUJ2RGxOcu560trZJxFThdyXM655iWnQIi4HW6LicC3+XJ XEQy7z/aYtsqJdL1qO/KStn+XdpSsMkqLy2y4h3G7ysOpTsusBg2CfauSSk9iiJlr7+Gb8F1L/de 6PeKrz82XOTuam7+3flO5WHia97B7wgHsQOPBZf+/yfSfqQRW1XCKlLo7lPDUiiYRuwATrFz0q7s auyjoGbvaa3sbu2KeDEhaiHuxmLzXV64/u5AaDDw9m7vjioEJ6X8pgmw0GH57iFMymAYGyUKW2/X hJPyvrD3du/2mkhthu/3Oq8Yv0muTm7kFibjysriKgk90uPwlEWWaqmiYrIRc9ZZRhiE1amNkF3q jqm8rSTrGqAXn/IWW+sWtx0Y/ysaoqC4zuHxjuyahKrvAm/JiuychjD9/qQIgrA72rHasiAw08kJ Ty8qqQj13qEgB26TaOj3FnKGNjBU3LAji2hUom/1La6H+nAwijAsq0WAbmmxvmjSCsSxMiyrKuzD gv/p1JKppP5CK59yF6+ktVqrK1crK98jBAvkPxsz9IlqBQfvnFhDBcNpBRsJBRcl+CHvD4aw3Sav RFtzCf/yirDF9GYvH6cwupaJkiIv4P7lSHPlED8yNvewUzYJDwP0NuNjB1+0JR8tl2Im/jJqWyzx w+YYqwoXh0Ts6VIxJbpJ1RaczQGf721tK8+e3Xonw7ytKkpwiRSvQvPkVLPxqPYuucRgUyMeUMbk L090UHo1DTa11hyd9VLvh/DtOOli4IX0u75JrJ6nw2klxYHIh760YUIlN0+uTMbxWd+tyiIscyLh EbdbcRVXOW3WUK0XhUgsdGZjU2xnamrsmp7pxpL/h7dSdVbzckJ/bKmGbIAM9lr0E2e9YZLqqczS 7FzPrKzeJr/qLK4y6ZPiqofyandkabEerH+K7sLm9NI+sVW9s3+FsowCNQFa6oJiNqdmNntsdkSA q9l6axq/KXULCGmDxY6lUmhkG232KVTg6VnktVSKaG866b7ma3u+R/7SdH+iUsLqtE+7lrrCsyhP KjdahYKa6YNmp3N/R7f6aHWnMZpsdtmWqhvbh1NjBmIR2leIt81mqM3yaa3+KW3bas9y6HkHKm5z h6IC6NE+8W+P03gaGWtB8WNH6sSSXVtW51yiZo1e9nhc94CDKshCN7gmuD0ZE8xaxZHe7KtaKM7e /7Zth2jOui9t7yt737RuY9d7r1h9uyyPXwilcqYTwlxqOmjGzqh9cDaBi2x1h2pTmOqOv3NY7Olr H2nN0mpYwKdvQimG43Ztuy97g3g5o7MCLXGjOnGD0/fT7oftMYUUp85FaDllp2mXR7ei6/iAi7l1 B7iGtfa8rvl4l3eTcqiu5jWSd3idf65/7rlWIRaExRZ3h/IACzC9EcunaO1cIvq0JvqYj6rvWrei i/a3Kjh7mKt6Qog0G2k7joVuDiqGa3N7yvZ5N0fEoTPCii47g5ichfpw9XSCEKiByhu6hEs+KyhS K7fgyKkb33pBZ3VDU3WAk3nKaGv4ITt5lievq/92erI5yzJFbsKnhm/4In/zen8quitcZS+nYRd2 Yvc0qXvpJ/+0AMboL/jPXJgIRc4Dt7tlp7rpgdf4rH/rnEJ6Z5s7cuEVqma3opBnXIO3mqO2VRw5 Dgd7vTrp4wImvaYyjjpFi67URJn4lL8sPJfpABsLfTB8I74uq4Ptylze2B5uGCejT944Qm91QT9K 0utyJfsBiWTJ8y1J0Ifg4Q7c1y7w1X/1HMNt4vkyDFL9gwTuh0DzPOoxU9ctONuq0idu4/pwFwp2 zPxtOz5viaBkq6crOY26spI4svJ9hxioNgaSH7mezog0ynYtFpbf/PWgMK4IdYe7CiI0+bbxEH// TNy59Ss+H/1eXxuScPLyyvIGc+OLMCHjrdhALwgP6iu6veMm7uVK3CzLsgQbtQIjdT2vBbI+6pBi 14cZfCUSIJ5MhUZOIyz+bBCT30kL8cSZSLnvcvxhdS7jMuUP71f5CADoiEP+Ouh3vkxDtEW3qjCH szDHL/nHY/siJvo+bq7iK/t/CxD/6k+6tfjJI+yy+hWjqVUobO8Pt2YBRLwa8QjWMHgQYUKFCxk2 dPgQ4sFfNSYynFfj4sF5G+cB4NgxYw0ABkeKBFASIUqSKVe2FPnyYMmTM2G2HKkyJsmT1gzyFGkN 6E8AQHkOtXazRtChI5Ua9ON05kk/flBW1UnT/+VLlUhzJpTJUivLrVcfRuW6cixYtGLFmq3plW3O sWZHnju38u5dAHZrnNu7l2/drymjvnWJFS5Sq7cG32Js8FbEgwUFTiZ4ufJAypovDzRYUHJo0aNJ K7z4EeNpkR89ZhzcFXbW11bnxrVpOOvRg0WTAr3p86XurUeBj3w6FcBU5CSf1jwLE+dz6QpfQ387 XS1122FjX/deG+5C8GvlGsxrXq/duyL5sq/bF3D18d1xK3buGEDk/I4Z848cOrPPOMNsocwEOvDA 0hRckMGEVHswJ9dSs86q7LxzrrwMTboQN/KC82mopHZCSTfiQhSROJ1qmGqlp6QSiUXaYnrOQ//u NgwvremqOqu6w3ScMbwNxzvpO4aG5BGpvADrCyb1SrLrr/X8ug02InGyLqsqwfrKsQ4j2mwyARH0 jLMCA2wQzTQh2sjBjDpKiSMsESOMSJPqxBCtwsjCzkuZiATuqhIL8y1FEfdcsTmqrFwxOUa7oukm PbGDVLw7KdxyUTvp03TSTOm0EbpMJTUSU64otXOvhPzCKiq9mHTOUk6v2lFT8WIbSb+TItPvvxr4 +7IzhRLUDKFgg1UT2WQfUs2g09zEaEJlHbpSNGodIoqopLTliVtut+0N3BZXHJdFcg9qTlovG7TW 2nTdrVZVJvlqb72+1Jv3XdL827VLyH4VbUz/MT/rbNiCj80XYYeuqeGahRe2KLU4o03YQnhFA46o eLz1aePegtKWJRYTHdcpc91tl0FqUaaY5U3Ry+ve816ut+WG9v2vX1+7zBnggSsz2MBhax664YcP WphZ1KBVeuiVpyVN46RAi3o3b8HtFtWSEUr0OHSV1VNNsIceu9JYEZLSPHtnJju0nSHzVaFeIfp5 wGIHDhNMthF2uGGGHdYoJNOgnVjvd6OeOuqNsfX4W4aOQ9TccgufnPJ3z2tPXporf3tnnA9ye7Sp BRwQNGLJPHPzNPs26G+HL+qbTTaXjj11aQmyRuNse+r46o8d8npk5byunfjiJbtcc+Phllvn/8// DR1BxC2jW/lkH16d9aI5QnpwjQivvjTUb1d8N5ABhahckR8Hn/323V9o1+Z1jp9ngKkXv0zU3w+t aKMZ9rthGUGa7EYiu/2FzjMIwp3uPOY7kIlGORWz1QQh4rQFWTBlZpMMBil4QGT1i19we9uCSoeZ n5lQfx6MiNH6hxCkXcNNBfSIxejjFsoRiFgCCcrtytcTdS2kaxGkSkTYtcF39ShsHSzLBVWYrM4l hHkNOhMKU9hEiLSuf3y73gBlYsAKBilLHDQcZTaTmcUp8SGSk6B20Eiqk+VLZaERIxitmKbn1Q9Z pasjg4rGOj/68XobcQtixBZGOpZFUqx6lP8iF4WVeERKIHV6JCPrVMhREbKQqBrMJe8EtispsjyU rJCfKnmjOc2oknMqjCcpJUpUjhKTp/phE3uFxz0az39+02XrFqkhw0TnkA2ZD4++Q6uVTFInkRRJ ZiL1qCV2kkOyqVEzs4QlLc2FNqOc5o3wdKtqWhNU3KQmqL4yzG7eEp1W/Jsu/wfA1sknmr+kTiaz Mylw8smaADiQPkuizBw9czvAdKY5cURHc/6TnPGs5zfhKdBt/pOgNErnRPe3xeslhIX31KRDvykg feovoqFa5UKdc5lIjdSZ85RlQkn6o0WC8lNF8uUmN/pLsyEUR4MEo0tvE9I5UhSok1vdUF3/eDQq 1YiN9AnQRztoTySmxSaV0edAuMLMLSU1oVCVZlYD2lGuzrSnWLUQTq9q0K5CtKvhDOpai2fRohr1 f9doaMUq9JJHklEmAaMVVOvK0tsQpCp3leqFPgmkIwWplAcFkjw95CmWljOtjD1qWZGq2IHaBpou Y+tm2ea/dWLPhXK1FCnZNVqTejJBUhWVKukEAF/4YiS+2OpIlAnYWW2Vm4fKkWMPJVLS7shUKkWl VhJJSJvAlCwq7SthsnbbiBq3ubLCLWepK1R28u26uVRTGQuWwIPN0iGyFa9sG9JdPRbup8gqbHVJ s1z2vnds68xeaOGqrDEZzLuj8+pCyGsQ//HW4LVzS2Dt0pvEYMJXmPtF8IL3djTs1le7Uhyw6Uqo Wg0+ZLz+1XCA3UfPlqkESgwWJnRFXOJ3sdCtRe1jHsV0QssM+Lzh9e94+wtghPzXxAySmXpy3GMf J+yicQ2yFm0nMDBFT2gQ+S+ObTxjDv+4NPi616ugXGUrlyaXLWwhIFkMNDK1mDQcJu9raexkMkvr ADVI8wHYvFbMwYzKV5bznBsC2uw9+I9ilczBhObiJGMYwEsOtI0DXGMmo6nNaVazQRSdYPahTV5q kzTLCuxo9NK5xNjVdEYZRheJztK856VemQA96P7iuL+urXGaEp3ogzRaS++ayC8q8rSF0P9ryvCB s6X1TEQDY3COHHTaJ5ELKw1WGtN8xN6W3+pNNCHZdAILDZnPPGiFnLnaDII1rBfd7VgnqyK0nrVB ah2RBCSgBgm4i7pfFWKZtbc0yKbs1+T4xYUKVKsKTra0MvrZdmoXm7BUGatmItVJAracnXSlSMTr WkIzvFZeWaliAHCAip8kzVHJuMVT2cjunDRPtyUuACrCybVgJQFmUfd6WkVPiv/WlLF0LGlF3lqQ 15ziws0aKz0VR/fKc2WrPOW+ldU3Xgo5wlvR5nKZSpKfffQkCKeqOKkDW4fDFuvV5ApszSqXkbC5 k2sm7qJnc06qZzZP4sbJL8Y59nPf5Nz/6QYAuuclmFcVNrN+8qZlnY0psI49qTT1JTgxq8RPF1Sz bIs7utm74qM39artYmokKTNVpgY23wyPLYAdfpYzu7Ykq5Ysd8DO5o0rmitgPwxSZSobtktkJLOm NcmBiZKU394uKTcIuzWamLJqlafhzPxcL4tG4g8+1gPX6RIVqnh0Lx6+WlyxG2ebXJY8nUy0rSs/ S2UlascW9Bvm/GuHztGzWFzNYB+k6dGPJ4kOU6ez/u3rU3J7xs997ixXD7sF0x68//7ezkriMqmh bOjwIu74VIT6ZoO3kGS9Mo9sFu/54i7dOEv6fM3ZOOotHiklKM/pqIoDZ4rrAkzVwo/a/8jPyTSw NlDP9GoC9Rgtn1iPoMRNJGiNImiPIiaCRpDi3G5v7pgk/54POvxPOxAK+FpP+JhvPpCPjRJQrWal R3Zw9CZL3pClBxkv3a4QC33sCG0EmBKk6aCuIGREQ06C6/xr81Ci0DSPzFTQsNLPBb8u40Rizdpv +yDvCEti9uiP7W6i3PCPLdTtJNRNCO2uhghrupAEVkbvAdPq8LQJCQmPsZYQnhBP3xCmBxFiC6EP yrqQlMoG6oxLmabOhmQl9JzD0FAw4lpLt+Dw617JJdpPSDbFAAeQ5PoQK3BRK/4QJtBt7lLOSs5t 3QTxL4bOr06J50TKt2puALuPCa1PSP9kzuwcavmqxOVOqgrRJBMrcAIzcQuJzn6QLLXqBrzGrNDI T8w07OEapM3gsNXSrwVt7cCmRdxskCLuER8VYgJ37xywcC8IsQJ5DBwHsiEYzxuvkCChJ9qM5Vgs 6Mka7tQOotqebEG27R3FjtsOzILGzTBsUPbs8SCE8CD9sR/5ggITEiWzMCQNMgu9MSWBJWhySI/E CNs2TyJvrMkqstUy8h3lcR4VouTuMdxqrdx2rwJbsgcLox+RMs5ekiCxkAK78RudkiGqaEEErSHK jCIVRNHq0Cu7MmHsMdxykNyIsihDciG60V4Ekir37RuFUCW3sS1hMsZK4xxnzNQSYiv/uVLsEqIr 2zFfPrIeJaIoyw0qW5Ibnw9fpnIukw364LIxKUf0+Gsy2fHVYLDbAFPWPPIjhfIh1JIh4JIxI7PK TlI0ubET4W1ysu0hA20vwashwHLRMNLbNpMGZY8sazA0ETMuDbIQ5zIbjQhNglM0fFMkdw8hc+yn iDNN7lIdrU0SRcMrFSIjf5L5EAI3hdIjSa4gjdIXE1PuwhMDm4Z9mPM6zzOlhiYqexM8lVM1K2cN mWwrkag0NBMOfXI0roQzc5AouVMfjTIkr8T+zJPewIdAeQ0/J4tljnMbWZILa4WaRuW4EusTlQsW IzSW2vCmhA64lI/mioTgIIWYqO+V/+RvJmavO4BxEFX0F9+OQ2Hx5GrvQ5uLk2Z05GD0DlcRRxGQ ABXOR9cLQ26ORlXpRUXu50jDQeVSLk0MmtCOOwrw22wlOvqKmNxL77ZprM4KEtFO8sJDB+mPJOhP QFvyF3/wKEPl79pusSIRm9JzTXmKDH9onPApSCNr9UJO6xhKAb8KNs0NOdESQHuMoE5u79aoCHdq O+RUmvLN/JBQ8J7RkGICTMMCZd6OJJJTJL4zTfskADtVQR2VUOlTSu2UERXKPipx3tzUqZLFOP80 Nf8OT6FwB48NpfpOGaFRVWsqS8HKCH0PQQ9K8qLi7Y5To+iC9WSjGmUVERHVWCnV2P9AMfiI7bew 8aaclbAk1BJHjpGkhSVHk0nt1D7y1PAStQs/rgkTteseCgDRdVfVNY5y4va8s1hHFfLSNQOx6tNO Vaz4Tl3eD6CCa1PPlQkPkDTxNZoAdlCpUQoLtbEEFkvNtQztqT7oilnjAkiJJF63MAEhq14ryxEN lq++TWFbL1bi1K/UgkoXsUM2NvF6LE4CZzix1UhfKgpp1VRWKrpiyUhGixlxVGf5pPzoqrg69E4/ xZhiakJNdqykkUZR1hNZC1mV77F4i0d/dAEzsOek1RlblsFeNiS8qGAp50DDlujG1l3sDFkg5Fmc hWwnx2zbNkAIwhnm9iCcgcHeFln/tqidlCVw+rZZYLZtyTNwbee87LYG7HZuDRe+8FZ1smtvGcSL ZAc1PgJwB9dy9yduCwJxnaEyFJduL1c0eGn60gRm2ZZyaadyI9M0vXXfPvdwDwh/BMRu48FwaTdx QZd/OO3fGuRr3cR3fXdwUrcttdA7WVfOFDchXLd69ChAZpdzieV2Xxd3r8jodhdNJnd2JGZpvkdv GDdm0POnXPJPdQ9hGBc9Q+N2kfdwE1d9y0Zv9glv5pZ261ZuOXdzp1dhhKzZFoR2/hYhmMV/hbdm urRBeGzXSLRPQfMou5FxCfg9be2nEPd177dukfddL2hKv8Tp7moy2Pd51xeErRJ///Ns2dCWNNa2 WYLXdPv30iznZQ4ieSIVIhpUJOGygdlGVB3CcD93h113cy9YQUoWg2xrmRBic9P3dQ9EeUdYIbaM 2RREbR/kWQAnhTGYQnsWCnHuRrP41lDFVWRORok2Uy01uipQSHku4Tx0Rl/ulf6v/Iq0jEnCGbBi jmlibkNU6awEppiuTpsWj09KIOzXIBKXdm0XeduXif9tdHkXbL0nYv63keON6iAWS+e0+ebFSVYl MOLJSdEiKV/i/vaxSbWUkh/r7Ci2k9H0YQ/3JOgWANJ3jl/Cbunz+PhYRtp0g0NxfV95dtfXfmGZ ghM5tKQvwkQjimeniidEgOGtXP8XNfJIFT1gOCw2mVHp6jtlYvFaVFPVFVadufhWeZp2jWUHOZYH uSQUFynYd2WrL1yf+auIOK/ml5ej93A3Q36XWJjnS2/5N3Ymd4r7WZmteOZK0ZvDqpuleVVmwi9g hk8uYoaSdiR0b1pF8hfzhEMnrmK/+WQ9ZErWsqMDDhnROYvruCrad1pD9Vw5ljwAaxSniogHeZAL WZ3pFpGF+fEgt3v895ElF4Al+aAz2qDBOW0AA0qmhOVq4k3+9qFtJF7hLlM18SiXcGJLeVV/mivS Q22MWqrRmavPWZZdeZYl2E1Daar72EM4MASn6o4Rt5CN2JAnuKbzOVnW9mWrWIr/k/k9Z65d9ZpP Swku9OIvYBgpHBolHFojFFHu4q5FQVmxDTJaOfkNNRqxU2KhlQR5UiVVsDRxUWKOO1tFRuKOWVl6 c7VoUZZXOxBLOFetndd24bq141quSTenIXmKtzdm2xmLpcuTrhVg0yahp+Q9PvokkhprefCpXXRF r7AU0Xi6emu3d+s50iNV3G0tNeWomwudea6zJ+mV6znqnJZn9bQJYQqtubvy6nmCk9h54Tq236Vv vTZ4uTedkCh53i2F/VZpYPYxUfM/F9h4u9e3pWzS7Nu+GSKsyVl9ObdzB0J+W/uGgOa1abq15/d5 xbq93Tun67p0bfuWDg/OMPku/1CXp/+WcuV1H0ETxasHJWDmw/Gl3TCZiHzYlxlcpuuZMmA7YRCH jGL6cws5kJ93fkH4wt1FwyW3e74Wrz3Iw6JZVeoFhaMFdRMixZkSqlWSwLACc9JmwFk8q2N4tGM5 ejf3hBSckOX2y4YGh8KEweUXpmH6ntF7yPNFew1ow42cvbjcIeqatisXMrsVLcXXeLy8ySFt1wTd zSU4epEsfbvrfY1lwoBceu+5l0U4ziE3cpGZikl8mYNKc+A7yiUGbImVNzVxH8EnZr4X0uIlyxeC gnmYghGEbutXv9DcZ1ys1sucrXu40jH8d49c0wHaxEqXp5Fce1dSyg/TQdtHSv9OPcANuMlZnZ5p ulict3ZZO83RPLWYFzMIma1pPMh33b0B+q4Bh2lErJ+ThrYfebal/M9989GqW5qj+XKyGt4NfIcR fHoUXHP1fdTIhopIJ5Bp3JdtHdylBXgjprb7d9OrS897+uC7ZxMDVQshs3jqBW1cnN4t/mwEPcw9 F8h/eX4DJtrGJnrAjGBo3H7phtILHopB/b2T3Md+95ghOZn9fEkB3dTjHXnYkl4mTSFm2oh1PWAU 3Mb/rGUyl3TupsUMhOVZBnAX3twbotiL/dilcj0pXnloxoC1vimRR8sbwtVj+jJSnt9jvS5ZRnry h4wYfeWb/nqn3ll62mUBOO7/5Tst9fE0H43nCX3jNb7d7N2DyVnwTWh223rW/Z0clV7URt7tifx0 IcTuo753qRhsqb7Kr96DYByhM4ctPdrAjdiX733tCUZ0JufkRV50UKjxKaby1d3KjPwijAHU/3eG jT3zBRLXFILQUx3aD12sIX2H5Zbpb+h0vut0fGb1nT6+B1L2lfl0Ix+oLP7id17rc02HhfzLJbj0 jZ9tGLJYgubkk7/pVcMYDKL8OcIYml9BztLUlx3P/37vzwbsWz3SFXfs47Z2zAv5SU38WR41AMLY vHk1BhqrUdCYwBoLETp8CBHhrxoTKUa86CNjxho+Lnr8CBLiuXM1SD4kadLh/8iRJVGWRMgypDOE M2k6q1nDWbwaO3uG/Ak06Md4RHka3emQKFKhTJs6fQo1qtSpVKtavYrV4byDAwsS9OpV4demE39V rOhx40aOHTtmDYky5kuVc2HGTfnzZk6HM539qPHjRzydbwsn5Vm0qFHDjBs7fgw5suSpChEaZGhw oOaCCCt/NGtWIsXQaB+6bet2Ml2VLE3iresSZtObNwP/8Hsbp2qrSxXv/g08uPDhkg+K7dqQ4Nbl nX+GtvjwecTTqNmufey6ZWy7dFfOlct05t/cgRH+JY4+vfr17NtTNc6QM0GBmrvGhw/ybFm00tta 13iaQwBiF9d3rRVo10qvCf91HmDlndegexJOSGGFFhpmnGfxGcTVQQ5Vhh9E+oEmWmkI+adWgKml 5piCrSUY03bbMVWeeeM9VOOFUNliC0I96ghkkEJGBiJDHoKIpEJKflbaWR9RhxFHUvrH2IIRuZhd XU/Z5hCEOQ4JFI881jCmQz+CiWaaagIVYpHx3adhfqTxJxpEAFZHnUZstShXjCdZaeVPNY4HoXmG rnlRjz8qWiaZZyIKqZDmmIMQpWAWuaSSmH4YJ5Og7WciamqZliKVLbb0Uowp3UWVbYUaGiGkZy7q o6JkRoorkJPWQGmvll6oKXzBNrcpsXI6WZaAK16nop577uadbAlK5WWDg8b/iiutjjraaKO5fjvh rr8CC6eRH77ppmed1jmadBWtBa+oz5o22V0vuhRtVNZaiyO2aj5q5kOPAgxuwej16pCl41Z4pKad HdlcxM5Z9CmJykpJL6nzQpuqSFi5eiiXX665KK1i2tqtwSoHhzCvlVa68IQZ3icxug8/7KGnFms8 JZUpYnwii5EdGOhUERIKq79DluzjrbN6e+vKUgM3qcJB4rfkQxoKa+6bIe083agY+2yq0LjyayOX sqJcpphNu03w1HI3Ji7MLsdMYc45E5vhzDdHxWKAQZt64sa5EnojyNl6e7K2TkM9d+RY+Zpw1S5b KCzEWIeIlbMrWifglBcb/3w0YKZH6nbUZjIqsOOSv36Vrwq3DGzWXWfaNc17OyW04P+heKfUr37b +Jgln8wtyrAvb5W44+ItIe5wcm1kklU52/Pgo1Yn/I3gAsy48ciLz3z5U9VNe5rWez0sVSiC/uyA QUtO+a4ktx3w8cU3bX7/UKV/Ka15rXro2p1UmHUxeM1vbr+qm93QNKuoRVB1jIKc/y4IkqpBj1wE 3F3DGmaVnyEQgUBbmfN4NbsGgolt3JIgCy2IwRiqDFN9Q5KxrsIsEnrObAWz3wNlZ7kV8s9W+QOf DI/4uszRbICFEdvnsGfChD3Ecs4DoIWgRsTGOW2LSOyimgAARo8Ea2/rev+LAgFgJ+6lB42T86EG 7wbEyz2GjVZRHvISVcG4edF/YOwjHdHzR4gEMiIgLJZH6DhI3mXkj/LLSiJrwMZERrKN9mugJa12 QsY8MgEJQEgCANDJR7bOcQCYIPn22EVRUkiVENHcT1jJlNQAIIfAkSRCYNmUN8Kxfih8mS8Nk0hO CnOYoBQKrQJZQdWhUoaS7OMtITlINIYRmg7x4zOnac2ISBOakXRmNqU5SWwi0pnc3GY5rznNh4AT jR1hZzbPect0vrOa9IRkPBEJz3uGkZz5VCc5rTkpAJgDjAGN5EDDSKlvcvOZDK2nPRmqUGeGEoyc hOQnvclPf4KxR37kUSn/KbhMJEZTndS8iDivSVJ5klSQJX3oJOmZzpJiU5sNNSc6HRrPetr0oSmF 6UodGk6dNnSlKv1jII+qzoIqFZIHraevwOnTofIUn0Yt6SevGsoafBKiP33bM21RyjGxMXUhPaIf 99nTQwKVp/asKk5RKlS27nSqb3VpVOEqVbfudKRIratN52pXmsp1sF2Va0BdxsaBKrZqaKSiQPXK Vp+as6pG3apWO2nPq1q0rrVCI1hNScSyxnCkdxUsXSmr0YziNbCo/Sk+y/nStqY1r0SFbTf/Kc55 4vW2cWXpYM/aV6cy1Z6HDehAeylQ2CpWqLbc5m29ednMSnSrmgWuNjtq/887bku0zDStbNVa098W lqaQFa9rSxvbvRIWp0H1LW1Z+Vffxra2pfUuT5eb3MV+N6FMZexwudrc75JWq8XUqkUtO1/vfvSj +OMuVjbzRQVH9ryrVa9fCTvfub72uzJF73qH2t7dxtet7uXwS21pXtqu9LAPPS6vHgszGCfUwhNe K4gPzElQojGUWcXqjlUs0zPh0sFM+cpY0NTMmYKXrvA8qmorXNN/uve10M3pc2+cWirzs8pbfjKW t1zNaMb0ytfNLT6Ny9+zorCPxyWxKDfcZGtOFJQ5DnM/w/zXBBPZKcrpinIsc+Q942rIcuOlFF0c ERXKkbNRwSxmDezJ6P92sqKCVs1mIBzoSg/afwDUoAYHGUQUxozQIHm0Jys6aVQb+NGm1jRj7FMf I2sl064GE6mjOLvL+dfTL2vZwm4dEmFeltKQlnSxa+0YI9cHLMhudnrcWMk42u2NsiuMo009aYcM c5jHdnZW+gzosfyZ1t4uN2NSKOofVs6HvWT3VbL9EEq3upNK4aRvzE0VcSub3Pjut2N06WlpszuT 1j61vImt1XjQOwEK94m/pRLrZWsF0EHix1ss7hCMp0njGQ8KxxHycRNW0pcLSx/lIJPqSB98J/BG yr0fLpQ++9ky8pG4jkJeA43jPCQc3zmQQu5ziAAd5FOL9t1+mW6IWK3/MY5WObcTDmmlIMThMA+K rDlT84fY5+YX0XlTev6RrVNo6EAhOwMTfRHohdowB4f0thdT76VMvepFHjemsQ5hrvNj7yDfu9/9 nnO+d/whYPc6QfgxD68TXfE5j8jfMy74wANe8hi3uOD/PvTJU37wmF+85CE/ec0TPvSat3zlgx47 pQfcIyN3N2OEDZFJK7zYPVGK1OnelD9HhN9jV7zvGf/xwnsF44nPeVe8DnyQWL7jYBd64AdPdKEj n/Ce5/zzq4/94Duf86ePPmTU3sspbpDt3Gb1ZVlOFHrXfjG4j7lXjixz3kuo+b6nftftb3zE618z y1++5/3/EQDofY3n/3zNt3iAJ3zWR38EiH2N53PaZ33eh3ptdGgw02lr5xjwlmr2JmyYdXu2134x Z3PhBiYLGH0GuH0SWHzLd3j5x4D9x4CjR3qVZ3+dh4Jm54A1GIM0mIAnGHnQN4A0KIGRgTcI40ZJ N36vdxgM1xMMBxEfGIJAIWviJh8lqIMniH9ZqHEruILDl4PTJ4BBWIDU14M76HhkqIMLWIYQCIRm +IJt+G9HZ4FLJ2pJ+HpN50kK12o+AYJRaHUT935WGIEEaICMR4DH9xUWNxaIN4BvOIh8N31994IC qHM4SInZx4NoKIn1F4NumHzAdj7Pc3JIFxwdKHuIcRR8eHt+GBKXhv91aFKIp9d50Nd8yqGIjVcf huiIEgiJfVeJ/oeAnRiMKUiIpeeLhOiJvfh5vHh5xjiEoFgVJkdFxDFMiTF3LocYDid3rBh2eCc3 qIeC/OZn8mcVE7ge5igpDyR+7GGNh9Eb1zh33Dg3mEeP9WiP94iP+aiP+8iP/eiP/wiQAYmPxFFt 7iF12Gh7cpcY2yiP/oOOuwdrNAcW5CgVjxcV8lAD8qCRjWGRDQmP2niN7ciQHllp8EdxrugeGomR GEmSu7F+F/GOLYlv40aCFPkbG8mSCMGSGymTjFF7vUF1cDeSPUlkM7d1YhcUB+IYPJmRPMmURPkW Bwl3qIiNUFlr4Ab/ETZ5JapSGCvplDqpklYZlfA4le0olq5Gk0j5E1iiIFqCFWHpEGGZk2eZFar4 EFJJl8iWd0CBF36CL255kTrZlBlJmHCZl1jhclT3cofZfgUCHifBHVQBlysZl4PJmFHpG0N5mTCX JY7JGtphFV6pknNJmJtpmqe5lq6xKpH5l0UjFKJZmqOJmrNJmyLBldKSHX1SFZQpmKRZm7+5mWzp mbmZJbvZm8CJnKjpHTKCm6jSMZL5ELyZnP7GQtPZFGyZKgiiHW3pmkxBmb5pneYWWnoUnleCKi/i nN0xLeV5lm0DN6zDnnDBnFqCnn0Zn2KZR3eUTPe5ldl5L5EJmoDJ/58NaTL6U0QDehGOGRuqMiMI SpLaol0HCkPsaZ+PKRurYqEOyordgj+hpUz8SZz28h0dg54auqEpE6HGkzwOqpQGsp4jaqLcmEe1 Ij6OozwDii+t6Z/aGaPLhJNYATcgpaLJRFY4Sp/S4px+0qNdlJNNWkctdKMglTzkeZ8LOpxIuqQy 5JvSuSMBQ6P7qaKtw6KfOS0IkqFZikHfCZZSUTzwCVqME6Oq6Z87iqZIxKU4CZ7GFBGuA6VeNaEU +p+2Wac+Gp1P2aVbFKR4xEU92qLdOagX5KR4mqdh8jhcBJ+j9KFL6pdn+qjms5Nqaqg7MjDvmTrv Oajc6aid6qlxKf+ak/oTfBqmiLqiVKqqaNoPNdAPtxpDc+mVVQGn22IyUEqrtaqhuXqruuoQyFo+ P1qYVBGmKeOl+UOsnZqruGqs1ooQ1QqpTemqTnE8i5qpRTqtS4qsx2qs55qm3doUEyRBj/M0rHgA NRCv8jquu6Gr15qtIcihrPM0w1p1BwCw9Dqv9RoZ52qu1Xqtx0qd0tpgXuqvzjavADuwCDGxBGsY 5WqwyYqrG0udWrQ6WiSuMFexEluxFnuxGpuvHIuvylp1wdquIRiwJBuvEkuvJnuy98qxKquwOdux z7qiMCuvMUuzQVuyNlsV5Zqs2oqwG7uz7VedMBuwNesQMxu0RvtJFglrreaaszgbhbEahVRLtDH7 EFFrtUd7sAjLsjxbtgYzsVTrtmS7tlKhsHOrskyLrWkbt4gCt1JLs0Wbt0yRtuiarVz7t7sREAA7 ------=_NextPart_000_0005_01C71E0E.7ED03C20-- From owner-namedroppers@ops.ietf.org Tue Dec 12 13:58:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuCpu-00027V-Hw; Tue, 12 Dec 2006 13:58:42 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuCpt-0005Lj-4n; Tue, 12 Dec 2006 13:58:42 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuCjE-000KHq-JW for namedroppers-data@psg.com; Tue, 12 Dec 2006 18:51:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.7 Received: from [65.205.251.75] (helo=robin.verisign.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuCj4-000KGo-6M for namedroppers@ops.ietf.org; Tue, 12 Dec 2006 18:51:43 +0000 Received: from mou1wnexcn01.vcorp.ad.vrsn.com (mailer1.verisign.com [65.205.251.34]) by robin.verisign.com (8.13.6/8.13.4) with ESMTP id kBCIpEdK012247; Tue, 12 Dec 2006 10:51:14 -0800 Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by mou1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 12 Dec 2006 10:51:13 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DNSSEC - Signature Only vs the MX/A issue. Date: Tue, 12 Dec 2006 10:51:13 -0800 Message-ID: <198A730C2044DE4A96749D13E167AD37010596F5@MOU1WNEXMB04.vcorp.ad.vrsn.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DNSSEC - Signature Only vs the MX/A issue. Thread-Index: AccdvjQBouzmddnPTJWjKzQFy0+TJwAYARwA From: "Hallam-Baker, Phillip" To: "Masataka Ohta" Cc: "Paul Vixie" , "Christian Huitema" , "Ralph Droms" , "bert hubert" , X-OriginalArrivalTime: 12 Dec 2006 18:51:13.0814 (UTC) FILETIME=[7F5F1B60:01C71E1E] Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.1 (/) X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15 Don't say that you are agreeing with someone when you are intentionally = misinterpreting what they said to claim the opposite. This conversation is closed.=20 > -----Original Message----- > From: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp]=20 > Sent: Tuesday, December 12, 2006 2:20 AM > To: Hallam-Baker, Phillip > Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20 > namedroppers@ops.ietf.org > Subject: Re: DNSSEC - Signature Only vs the MX/A issue. >=20 > Hallam-Baker, Phillip wrote: >=20 > > AS I have been saying for over a decade security is risk=20 > management,=20 > > not risk elimination. >=20 > I fully agree with you that there ain't no such thing as=20 > cryptographical security. >=20 > > The point you make is not new, Bruce Scheneir made it together with=20 > > Carl Ellison in a paper some years back. He was wrong then=20 > and Secrets=20 > > and Lies is essentially explaining why. >=20 > Hugh? >=20 > You failed to deny my point that DNSSEC and plain DNS are=20 > equally secure. >=20 > > Most cases of administrative incompetence will result in a complete=20 > > loss of service. DNSSEC does not add a significant number=20 > of new ways=20 > > to screw up and the remedy is exactly the same. >=20 > Complex protocols are more complex to implement and operate=20 > and, thus, insecure. >=20 > For example, it is a lot more likely that DNSSEC software has=20 > buffer overflow valunerability than plain DNS software. >=20 > > The cases where administrative incompetence leads to a=20 > security breach=20 > > are not as likely as direct attack and in any case very=20 > difficult to=20 > > exploit successfully without inside knowledge that allows for more=20 > > powerful attacks. >=20 > I'm not sure what you mean "direct attack" but I understand=20 > that you failed to make a point on the merits of deploying DNSSEC. >=20 > Masataka Ohta >=20 >=20 >=20 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From howard@guidedtoursperu.com Wed Dec 13 04:27:00 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuQOC-0005hK-NE; Wed, 13 Dec 2006 04:27:00 -0500 Received: from 2.26.leased.lanck.net ([84.17.2.26]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuQO6-0006Dd-Ny; Wed, 13 Dec 2006 04:27:00 -0500 Received: from 83.244.130.21 (HELO mailforward.telivo.com) by lists.ietf.org with esmtp (0FP/7-09:+ WC<'8V) id 54G5FQ-SZ5)(8-61 for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 09:26:52 -0180 Message-ID: <01c71e98$d2d25350$6c822ecf@howard> From: "Lynnette Crouch" To: Subject: Windows Vista Ultimate ready to download Date: Wed, 13 Dec 2006 09:26:52 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-Spam-Score: 2.6 (++) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://dayfrese5.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From into@amminadab.com Wed Dec 13 05:41:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuRXu-00086C-8p for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 05:41:06 -0500 Received: from pd9ff4fc8.dip.t-dialin.net ([217.255.79.200] helo=pD9FF6175.dip.t-dialin.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuRXU-0007Ms-NK for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 05:41:06 -0500 Received: from PxIQvUnio (unknown [171.182.94.188]) by amminadab.com with ESMTP id 17AF3C343157 for ; Wed, 13 Dec 2006 11:40:49 +0100 Message-ID: <000c01c71ea3$19e6b100$7561ffd9@MeinPC> From: "program" To: dnsext-archive@lists.ietf.org Subject: Way Date: Wed, 13 Dec 2006 11:40:26 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0008_01C71EAB.7BAB1900" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 3.5 (+++) X-Scan-Signature: 4824b9ef1b1988f2983d420e78cedc0a ------=_NextPart_000_0008_01C71EAB.7BAB1900 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0009_01C71EAB.7BAB1900" ------=_NextPart_001_0009_01C71EAB.7BAB1900 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Against under terms deal transform screening material also. Exclusive = rights peertopeer technology called fasttrack. Whats this sign, up. Settle lawsuit brought by. Action pending against = under terms deal. Then joined defendants copyright, record labels. Rss feeds partners weekend! Service ebay billion, fear. Press, room way mobile add rss feeds, partners weekend. Reached into, = their, own. Tens millions dollars, hollywood according. Newspaper = delivery today bull about usa todaycom. Whats this sign up receive our free and get. Then joined, defendants copyright record. Kazaas newspaper delivery today. Lead defendant which was. Get the top of day. Over, quite yet march, streamcast, operates program morpheus. Happens = updated, pm et save print. Limited click posted enlarge costas = bloomberg, cofounder people. Search real estate oasadlinks email = features whats. Settled thursday confirmed that payout well above, = million. Policyyour, california, right media kit press room way mobile. Shopping buy car job search real estate oasadlinks email. Are parties = figure said, an cannot, say any more! Lawsuit brought by music movie industries australias, sharman networks. And get, the, top of, day in your inbox? Fear, served, with legal papers. Free, and get the top of day, in your. ------=_NextPart_001_0009_01C71EAB.7BAB1900 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"Kit"
Against under terms deal transform = screening=20 material also. Exclusive rights peertopeer technology called = fasttrack.
Whats this sign, up. Settle lawsuit = brought by.=20 Action pending against under terms deal. Then joined defendants = copyright,=20 record labels.
Rss feeds partners = weekend!
Service ebay billion, = fear.
Press, room way mobile add rss feeds, = partners=20 weekend. Reached into, their, own. Tens millions dollars, hollywood = according.=20 Newspaper delivery today bull about usa todaycom.
Whats this sign up receive our free and = get.
Then joined, defendants copyright = record.
Kazaas newspaper delivery = today.
Lead defendant which was.
Get the top of day.
Over, quite yet march, streamcast, = operates program=20 morpheus. Happens updated, pm et save print. Limited click posted = enlarge costas=20 bloomberg, cofounder people. Search real estate oasadlinks email = features whats.=20 Settled thursday confirmed that payout well above, million. Policyyour,=20 california, right media kit press room way mobile.
Shopping buy car job search real estate = oasadlinks=20 email. Are parties figure said, an cannot, say any more!
Lawsuit brought by music movie = industries=20 australias, sharman networks.
And get, the, top of, day in your = inbox?
Fear, served, with legal papers. Free, = and get the=20 top of day, in your.
------=_NextPart_001_0009_01C71EAB.7BAB1900-- ------=_NextPart_000_0008_01C71EAB.7BAB1900 Content-Type: image/gif; name="Breaking.gif" Content-Transfer-Encoding: base64 Content-ID: <000701c71ea3$19e6b100$7561ffd9@MeinPC> R0lGODlhOAL8AYewAAoEDoAEBwByAIqMAAAOhHQAdQV6hcSzwc7Vv7PS5EAcAG4hAHMbB5EjAMMm DuUaAABNAB1JAEw+AFg3AHxGAKdGAM0+AORJBAphAB5sDjxpC1JoBnZUAK5aALprANxoAA2LAxFx ADyACF93AImACZt9ALSLC+GJBwunBCmuCjObA1KtAHSSDaamALmpAOCnCgbLABvIAj7KAFvABXe+ AJ62ALnGANzHCwbRAB/fDEPiA2vfAITXAKzrAMThANPjAAAASiYLSkkAN2oFRI4ATKQNR8EAMuAA MwsSNiYWPj0uQFgtTXYcRpYdRs0uTeYeOwVESig5ST4yQmFJSHRGMppEPsdHStNLNA5eSx9SMzZq SlJpRINhAKxmTcNhM+lpOwB6PBh5NzqENWhzPHuJOZ6AS8l5M9aFPQKVNBafOTiTTmatOoSUSa2p O8GUNtKUPAy9NSXBQErGM1G7MXK4MqGxSsDBMdvJRwDlSR/XQDnsOVvUQ4XbS6LkN8fmTOLWRwUA cxsAgEAAjFcHgH0CgZsNh8wDceMDeAAceBYfhUcodFkji40fiJgsdsgfdtkscQAyiC5MgD89i1E2 gn9FdaVAjs40htU2jQNphi5UeUJXjVVph4FYhJxaf7tccdlqgQB5dCWKgjF1hVeKiHeLjJl8eLSI jNhyjAGTchiei0OefVyncoGSeZWge8yuidGhggDOhyPJcje6im7NdoC/faDGicfAiOvChg7SdS7g eTffeV3khY7afp3Xd7rdeebdjAMDxy4Awz0AwFMAu3sLzpwAzcoAyuwHwAAnxR0UzEwmxFQft3Eq yJ0YtLMuweUSxQA7tiJIx0k/xl01zocxwJRBscFItdtAxwdlvRJouEhozWthsYpusaRjzrlWt+Jt ugCBwS1ztDRxuFZ4zI6EyZWCssaGtOl/zACSshesyjafzlaRyHGWyaShzc6bvueutgDMvyu6xTHF zVTLx3/Evai4yvzt+aaepI52gPYIDAD7AP//AAAA8v8D/wT///7//yH5BACqztMALAAAAAA4AvwB Bwj/AGsIHEiwoMGDCBMqXMiwIUFzEGtANCcwosSJGCU6REivYEd6IGt0FClw5MiNKFOqXMmypcuX MAneuFFj5g1fvmj6Gjgzps+fQIMKHUq06EuKFgdGRKqxIMWUIT+KlEq15ECQIY1q3cq1q0qaNHna zNkzrNezaNOq/enMmUC3aplqXNp04tynKKme9FgSa1+pa9P+Gvir8ODAiBWa1WlzZs6dNhNLnkzZ a9sabi9j9moXr92LTC3KbRh1al+rHwFnNVmZ62DDrRObrRk57M2akMnG3s27N8O2l4Fn1qwVb1PQ F5HTzXt1ql/ABrOS9D309WGB16lv7VkTd8+cNciC/6fNXbv585OBv4ULt/jnpEozVvRM+qpekntX Y12NvuVr7IcV1p9Rs92EE2S4dVfWYgM2KNA3ENbwjYMuDYfZcJmt11Vo8703l1IVMWQSdKz9VSJ+ VVHokHXXBaiiT7YJ9N2CtOlGXnkv9jbhhBLyyGOODmXInnoWEhfUUqHJ9dSS8BnnUGonQmmac6xJ B+RBAmZnmIBXtoTjQDsJtBNOMjZWW5c6DgRhhGgq1N6FGAZ34WZDyZfcZx/ehZSTHPnVXH4n7Ufl lHu1iV0NLcJm6Epg2SbejOSBieCile0ooZo9UloQewMNySmddY62p2jH1UVqQoLa55F0+z2nV6Ft cv/pIpeabrQYeDflmquMN972Za1nRegjpsBuOuRmwiFrlJPLidbsnqUeFOhpqTmHH1+wwmqorAAW 61BktNVIVq5hgnVgmdodI5C6/Qm745oPAmshnG/BmeyboSJ313x1dYjqdM1ZiyJ/f01npbeIbokw Q2WFOaa549q2a7i8qcvuMRejZ+mPbC4sJ6dyggpUkw+ZmtxKfgJcrcFRmjhlrbQqujBC3IX1mIw3 lxdxzbtZPJDFGNfA7m7wXtqjpUZ7m2G9nRqJb53xfeihvgqNyCp/J5oGHWozI9r1QguaiRNY3ZUb XqQVC71u0ED7hjSbcP9IachLf6osUcYteWfUeKr/dJ/LKweackEBFP714bzKdFt4D4vlWLi/Uoax z+uuPbmOb1/aMXWFd254S+1d5rnnCY3++UCmB6BU56Oy3plGqXdeg+wB2/ecwFSGFPvos59uEO2I t9nojTaODR5kjjVKtuRsqz105c9TxnHS7ia92+6+I+RM53XXII9A8mBPuPi9p4765xGxnidF4gNv 7bQoyj5iSdjL7v74qhN1f/BahU0QmWFrTHfQNRvJtE1oQYMeAqMnmTVNT01yux7pzpe/hXBPZPIA Du22N8Hy+c5+7jud+i6iPmbRjk/S0k+1OtK5wNWOdifZn1dkd4c71MCGNxSKDWwgEB52TWKJw5l3 /3ZFtuVFLjFsaxvQEtgaBzqQIEjjjQw3ckHvgc9736NdBsMnwuzhTyElFIjrSmYO18HnX4Lbi/z+ BB0YUnAj2YlJ52o4EBze0I4v2SEP9/g1cJVJgGIJYs0KOBkmZix6DIyNj4bVmw6WjndiNJ08vge+ LBrOGZTkouoc+TsvEmSEEgnjnWR3RtqZz4MBAMkpWUaSNVIQkpHMX+zwB8tOjq6Gpvuk+Wppuj3a YJe5RGUFgdfFCkrGf+RBXoKUN8DWXE6BhzxgE4kFRc55kpYTNF9bvodJDgZgkgPRZPksOMXyyWWE 0DLnQUxZvxam7mAxLFwbZxnLwuzulbXEpuFmaf/DdrKzl7EkHTCD+U9ZXlMg86jBPBKaUKIsr5nl KQsBzeRMyy0Qmkwk2sYyZU1jrvODn+vcJDMDzkmK83uUBKFHP5pPUj7FpaRqX0jXSNNU0qOFpakS C+UpnWwWE1E+HeZPD4JLwxV1pkg1KFI9yEPPNTWExCxoLD0YyYQs9KoMbehQKBpEdN0oXUlEoPMS mEj+/QSqAr1n+dzCTUpiUaQo9Z5I0UrXqKoOI2bsl0yVGhX5+cmvVzMJTnUp1MLa03CHDcBg0GoQ Gx4Vh2jt51DHKbs9VvZ+jH0jZVV6EIYqtCAN1apQABlRngQSkJW52DMpd0izCqWum1QrXDczUpP/ itSKk+QsPlca0Kkmx6X+muI/CevKwR7MKi38om/Lt9jP/aJzzTXm/moo2cIStrqa3WwA9PhLpPpw uePUbDtBu9CBXFWhof1sUGJURIg+1I+xSSIiD5hR18pxf7o1iCYz2VbbFs6k4FTpSss53NX57pzX HK5f3jlOEgkuuYTNruyei9jwZpYgOLwDDctHRw5reLIq/e4/vxte8BZUqZ5ML3rVi1DRwkii7eVZ jKjTvOc9U6z2DQp+93lQ2bkVi1acrSW/mVsvEniphGVShFnqW53K737z052RQYzU10C3xFimI3U3 vOEPBwC7y+WsDy+bvQuXOKgeLW9W1ZvVNY/W/4i14VlX+6NateV4KLzkMUiLTGTcgjOWKfVcgB0J Qlr29tBMTjTwbmrdEhdqRDtu9DgpnD9KI1qGjqWdl1Ec5p+SrruFe+p2l3zoDqJZuQg1SHpdHBMz IROI8E0ba1Vb1jvDpH4B5Z0mfVzJIZuvpLgmX645iWrlwlaewkzZX6cs6QlDN7q7vR91jzrH2G25 cJAdauwsW+ZuB7PUmP2cZ8/b4lRvdc68Ki1YJ5cxO9u6KKvcrUlRidKS7lrQVsy3MKX7beKWE7xL DjeERZJPgqiS2RIuXHQFdGxjUtff1dX0mancQVAXe9jFFjhBWK1qhwZQQag1T0bb/e7W1PuKcf/9 M4AJ8udw/nhAKTIR1rgWk/9kKY7FnnYdBdLhOzp25zxHCYlrwMehayW0HE81ubkSZ8gNyJBrK7nJ 9Z3vl1Md5ScHkpVWWJJz0OMcYH+ZTxQGRuBN244977Bj097zjZDYl17B6orLa+66J329EM3R0Cgn dZO7taRAxmImKxnOLrUKSifxutdBovgZxhvtGc7wztf+8KCvxOhdUbPSkS73uvf98y+qN+DnTfgf z3vlWqc5VsD+9a+L5Bw1gD1X4p1DDFN+7bW/I9Ab1Oalt/mzngW98B1kesETHustV7nVX5Sf2IP9 +c4Pu+wpc/bJ657nlW87eugOfHOvGat3H77/+HujfAAn394HWX7qBQL76cfe+e9vjZYlb3sM1x6P vB/33JE+/v6bZ/BXN3r2lnVXBCzP534HGH/UF3lqp2XYZ38q8n1uhl7nFX7+d4GJYX64FYDGF3hx VSthx34i2H4hmBg6V38OqHvzByRLt38ViIEwiBb8MIMIAXj6RnoAKHr8hTDSNxDTV4JnMYP80Fgq eII1IIQ/pynjZoEx2IQrIYRQGIVHSIMIIYSkV3ovF4Uz+IEooYVD6BBCOBReqIXtx34JWIVj+IUu EYZEiH14dAdImEOVZxBsSB3cp3/d54R39oHq9xNpGIZ1WBDyYIV/V4hV54UtB4Z/2BCB6Id//ziD JLgRi/gSgah9DHhDYZiCaKiGvdF7LFaBTKiHwCKAHagVjTiFnCiIyFd1x2dSVnh1DCGFA3GKiNGI ZQh97keHVBgUjch2PpdDtLiJ5xF8LaZiosg/g6dyXXGKwYh8L3eFldSMCyGNldGMsgeEupiKPnGK lOdz04aE+CeM2wd8ahaKx1grfKh8hUcUzOiFBPGKgwiFHkh6rziL8riJ2piNgciGY1gQ/RiLuzh9 WjiNu+iPu8iP7miPaqiFkfePAjGQ71iQw0h35niOmsJfKXeDfQgT7ZiQqBiPEJmM3hOG3+OQBpmP JymLqPiQDpmGjFiQYGeS+giRgHiQLUmFN//pjjZkktRokT4ZFBiJcoKYiEDRkV9Yh1YIj1uogQrZ lCwpjglxj1KJkwi5kDaJkieZkrB3jwcxiR45lVQ5hGDJDzWElGEZkVaJlT+5ljChjOkHZKcnhhK5 kiyZlh8peCJJSWaplk5ZlzXJiVVZl065j3PZlRJJmFgpjSpJl4K5koiJinZUlV9ZmGxZmS1RfDbo ciIpFB3Zl39JkhgZV3upmAU5kI9Jl3vZmKqpEI14moaZj/EQD3Upm32JmjT4mKc5iYxpmbx5maf3 jFXHh3KpjanZmAmZfCNZmhCpj9m4m4HJmM+5mlF5mMqZmLsYm9ipkLFZm4GJm9UpnVnZmyz/cQDk SZ5raX46GJxZR5Qx0Zmq2ZEZ6VbB2IydmZtnaZzfCZCp6JrNWQO0SZv+KYXYaZ9i+Z0EKp5BcQAC YZ4K2qA+CZwZ6XLruJFPOJfF6Zh2OZ1WWZspCZi3KZn4maFc2ZO7iYpHSZ8zmJ0CQZuTmaEYGpYF CqN+GZEI2hLl6aBsOYDot3LpSKEs4Z7Q+aHL2aFCupgzSZMt+p5XOaQaeqSU6ZdaKJtCGA9sSKU5 CaWjqZIuCZ41ahAKWgNfap4EEaZ6GJTI2Ypw6aMpAaTFaaREeqIkaqKtGYW3UKe26aJySqK0yKRO OqVTGpthaKVDmqX76ZFYipZdqhBkCqY4/8qoixqDxZem6ziPvWGnlioZt1ADmWqpm5qpP/qkQ6Gi /jmqBJGd//mniXoeYbqqYLqgX3qMEVqAoieUapoWdWqnmpqrauGpuNqruKoSXKkVsmmq/rmdpFqs oyqloJqqvfGqq+qsR1eR/RGfhUeKGwiLmDoQt/qraHGpunqruqqIfGoU/zmspFquKqqsXwigzNoa Dtqgj9qorVoUE9gl6jeAEnqDseGpBNGp/LoVm5qr26qpvCoQA8ua40oUADqs5bqixrqwgjoQxtqu lCGmiyqm87qg9EqOLZgjeXlypoevrXGp4KqtXRGw4LqtA1uwBusT9fCyAlEPNSCzMLGdNv/bsA6b rBLLsBRbsQVhsRkLtBn7E+QmWtLqG3EZspLqliNbsgT7rycbsNqKsuHaqS/xsjKLtTBLsyyRrsia s+ZqrsdKrD2bGAwatBgLrRtLkR3rsQBYrUxbq2vBryq7EH3DEt4qtQL7tCbrEllLEDSrtTA7sxvB rhC7sOcatsQqtmUbGBaLsQNxowxankGheWzGfUASt3iZfnKLGP/6r0q2HHh7sHtLsC1rtXW7EYMr uIQbs1wbuAzBrjurs9j5sDtrszrbuI4Lr2TKu5QruULhZsaIJtYKnIG3GylrsE4LGnmjZCtBst/a q9/Kt1frujP7t4N7vVybEP+Zu7XrsDz/WxCKe6y6uxaT26rw6qqsChRsu3GUAo1vy7TIK7DJKzXM exxntBF0y6tSS7fKq7xQixCBu7Xam7UEfL0oIarhG76liqzd273lexaQi74JMbmvSrTFqFVHex7q +Jv9obcBrDfyIbrPy6mme7p9uxLZa8CtG7MDgbUurBBiC7FfG7YrCr4HMbERjBbvOq8X/KhrW6/E i5mTOiDLqy/OghEotBArW7pQC73+uxBa+8IsvLqw+7otbBAznLvJiru028BevMNe8bg4SrmRe7bB y3kIk3JveyVIsi8hwiENwbJ7K70m3LJPy60GUQ8JwMcvmwB9fMAu/LctnL05fMNey7gS/7sQoirG XHGjYzrBGnvBaex9G9wgqNcmzdIvIBItCrG/VXu63prHJ6wQgFwPhcHHgIzArEzFW2vI4svFY4uz 5KvFtSu7jqwVv3vGGuuqXMF/uYwSehMinYy/+XsQvwq90cu3+3vEBPELgdvHqxzIfNy6MIy9rpzD N9vIC3y75DuxuBzMRAHJPrzL6GvGvizOiPHG9AEtozHH/fq5ePy/KFu/BZEAqYzKhqG1gRzD2vvP VnzIpdqw4Jy4OevA4azOusyojtq7B0HJCr0WfKLEzuLJCAHCpsuyyVyyepwANQDIg6HPqgzNr2zA 2DvA2cy9PGu4DnzDiDzDOhzR42zGv/8br+/6rDIdF3LMN1TjEP6qx746teGKJd2CKPpsHdU8sx5t zSftutu7yLbb0oicuA/szTm9Fc6avmQcyQ191Vshx6+DQktsEKnrq6NMyvTsqUtdGNKMz/gMzdgx xQWcxYNMuE9tqok8uwx7y3j9tV5dFBMstD/M0Gj713gjKux8J3ebECZstSdMtSBcsiCdypM9s1si 0h/9z4C7utYrvt+7xbWswxDcxYbdFZB72hANyRBNHdpyjO4cxx3y2nMM1ChsskE91ALh1h+dtX0s ICLtx7l90q8Lw3Q90BC80riryKKd0KU9zr2s2qftqKwtKMfl2m/8EKF7zIzdzPTMzHb/fM+HAiB/ rM8Jk88f3c8AbciwDL7fS9WL3NKfHdPN/chjStgMbcH23RpSEhWt3YSnwi+bPLrybNv9Sr8EAcir bBggjcpK/bJcstRP/cIpjRCNDNXcO9WjPd9Yfd+r/dC9vBvzYxVsed30Ucz6G891TNtmndvnXd6p DM1uzccwLrjSvN5XHOFaDLaHy9cDreFqgcbp68M/O7SUoVPVXZnDTMwlnMIpG9RNPhAIPs0incou HtKtnNl2DbjF3cDvDdqyu+M+nhbrW9+PK+QgbnA055NJ8TogMtafnNFH3OR6e88JfspHbeV/jOAF vMrqXRA4DsbcjNx6rcgLoRlPE+YO/4HTZ4zOz93hgfFog4Pk/FIyLRHFG43HdAzl5+3RvS3NCfPW AtLHSi3q1DzI663NBu3StNvXtaw9ccI0iM4QQX7OFDy0aqvfaJ6oGeHmKaHHcF7HKZzbS43lqDzl tDLe9fAOyZ7sdv0OhbzlXP7Zs8vlfv0b9RInRhLrXuq7QY7G5Zzfk5FGzdebOx0TyQzAHP2/B77p S43PMgsbmF3Nfazs9M7UsJvACF3tfM3cm9Ip/q4e/scqYscbPfzhXP3hs14Z/N0qiI66K3vW6w7l 7W7UbA3XVvwOGO/RL1vvyn7vDRHGol2siPsbQtLvJt93VoN4/S0ZasvovfvD8lrkKP9SO2GOuqLs 6ywu7H6uytTsxyadABjP7B1f1ymh3AnN7wYBMp9CHIfuWgyfO4+2G9yu1ZMcuRzu6ImxMu+WD1wv FFyfD1xx1gFcA18P9gc+7AfO23at8cxOwMke9H/uEDze4yhBJEwfOnfzbvA081oj9WTe0IGt1ViP GLdzOGX/9QOB+EGh+JRx+AYR5Qjs807d8e/w9W//soi/8WR/+PnQoJz/+fJd9gTB+J//9c6A+Jeh +G1B+pxfEIy/+WYvEK9vHgQjOIMi4pNB9ZOctoU9+I1b+mY/+wOB8Swh/ENh/KPf9RKf2at83jKr 8dCv1Blv+Vlb+Vx/+cAPpsAv+gf/4fiyr/yw//mnz/XqYfqpr/zZn/jgD/vJH/swJ+L8LXYrb76+ fLa+a/URzf3f//3uXwPODhA13g18J7DGQYQJFdbI13DhQ4gRHzbMJ5Ghw4QJMmpEWC+BRo/1BIqs V+8dxYIl61EUebHhgRoHKFY8UBMmRYsHZ1bUidHlQWdBg9ZwRlHoTKI4XfLsmVBpT6Y/c06lWjUh PYRYsdbYepXrwq5WxY6FWTMhzJho0Z49uHbsW7hx5c6l+3ShXYIH8w6sapduRL93fR78qNHw4ZY1 EoNUifKgSJwF/VJUC3XqToRPnzoDmrQh552gMQZWaNf04L+ps2rlyrr1a62x6c2m/606dVmzbW3a jNnbt23gwYULJ515Z0O+UANjtiwV4nGnPpUej2ocqfKGhudRV5ygZUmcIt+tbAj55e6b59EWL81c s0POROMX/by0In2e7Jvvdz6c7tbawlpttq+uItA/sspKa8G0ckPILQQjlHBCwaprj7qCTuIOu+kc 0o86pt7LD7oKOzyuMOpCUskjEE38zTK19LPuov1azCeoDulr7rrnBjvNQgqnArC12A4C0LWuDjQy SIty463BtqBUkEkqq1TtQxMHcmxH6UbkcSITvZyRPzBDxCmBmT5CiiOCvAPPRqhwa4uy6ICs8CcR qRsKp8/69JHEOgMd00qLwqJNSf8jhyRQSdkIfQi935xkEEJHK7UUMNQutE6yFvurM1NNxxRx0B7N rGgey7bL7iOEBgrJpYIU+0lDphR8Kr18KL2TRhE5i08+0WbCbzlA+/vxUoiGJPLQJQ1c0rUCkZUy SkmflPbaa7E0VctOi2MO06hcrBFUQV2aB1VV89HoTFYTIIgklgyiVSDS6OxNRi55xGk+oqzj89sy TS3XU2kFZDTJIg80dFlsFbRWIV2xlbhKbTeFNcOBPyWXP3Gdk1GpdNF1KYGQz2U1OcswjoxO9HCy 9aWc8jTVV18RGtbPL8sk9diJE2Xt52cVdrbnhdaCMGKik56QPRE55SlWUjW2k+P/0boUWKJRa0CV onPZTYgvpwXKcEuWcXVSpo3L/XYzfpUDCmCdlbYqyWiJ9IpRhZgleje25PY7yC+rvhqpWD18zzKm w8z3anC1XkrrmbrGCNVW5UVJZYe4hRlth3jjHOmde/1VqPiE9ezPC6f+O2+wDl04K9gVRnR12mv3 r1OPM7fvOhARTxxQ3Hcv9aCtqTs33Yf2cmxs5ArinESzarIX6z+t5q50pYaVOvDqM0Z2UdiiBfor ZReuzXb00/9rw9wryqtY4AWfutjdqycX5OIj17rkhaBWivl8JOd5SvEcweLmNg4Jy1em0972dkU1 1VVKaMrymd2a9TNoqU+DG+Sg/6WOtz8Q7u9cjoMIymKFMYjxLUq66Y2DgiMU+fRrdP3qIFxmh0Gf AQ2HCathD334Q+Acj3KOGyLxRJg8qGEMameR05TOFiGaDQWGQJTLkV6zmoeMz1Czo2IXvfhFI45Q IZT7oBAjosQmTelBKwSdatoGLDAKKW9Hct0VLXjDDMZRgwhAQA34+Ec9ehFdgyShGEM4lyYabY1B kuKvAimR8p2vSOQL2g4p+Mja8dGPmtxkHzmJyQ2K0ZBkRMgHb9Mgh70IlD3DG2yERskKIoqLq5Qb Jz15kD7ikpbqE9kQRyiyUgLHibtU2qKMuUVo0c2YBaIH6YjZs0/+MZqezOUza/9XROIN0pfDid6L 3FEDd4Tzm9+0JpVc1yhmWjFAsmkmDYcCx3JaipoIkWYn/UjPeP4Nm8C0EjnB6c9wglOg+YzQMunm SljWkSjtlOEUZUjQIFXznrbMJTUlKlGl/UOjFNLoP65FyiOackLiFGhAxzlOiEromM8aUPjEJ5Rm 0oyGD3VkSoVT0YnqUqcVlSZOHdVRoAa1Bh3l6EYRRFSq+DKoRkUIUBOC1INAdahMTUhAS4rSg/gz qzYNDjvBR0FmDSkodIPh6KLI1eBo0qf3xOdDMIpRJi11qVP16ISkKpa7LiSvFjmXXKkq1Kj+VbB1 reo//2nSgRbWqmj9j/jOCRb/OwJlrGOVbAxtxtjhqNWibI0mZ+0prbzuVTiinQpp5+LUwDIVsHR9 6mAfQlJxxvawWtUqZqsYNLuFNZbOiKlD+SVFhdTUtm+5ZU45e8t5VlOtbK0UVHNpWttAVyLShctd obpaqWaXqbTFKm2vCtDaDvct5WNmbpf0zvj01p0ydad432IHXNqhuBPdrE7p69lKIaCjn6TralML Xbm2lrBzbapf/SvgApN2r0glsHYJy1qEhNewiS1phSfsXrFYsVkXhF1nuIJeeMKRdMLFcETscGL4 yvePKgbkW3HZYv7ClUn61ShyaRzg/6IWIn5NcI6va2AdK4SoPH7Igo065Lo6/1jAEi7shGFLTtiW eCyzfCz5mtlb9Ta0kcD1sJRNfOKDpNiigDwuchWyVkfxcb8WRS2DXVta1W5Uyf1F8HTlHOcdU7XH rEXygx0sWygHeqBWPelsmexlSIoPizn88EMvG8Mo1ozEiA5zpeGLgEtjer7HZe6Lc7rpCbV4v0Ku cWp9HGS9EpjPBjZ1nSPSZzg/eM9uhnCrbW3S2BJ6qwC9alYPTek5RrZRy+RtWGrW3i2/EdhhTrGK /SjfZzu7p5v8LD3NHNFPr1mXP04yq/Os6j7j2Lp6TrVHVV1kckPYzUH+s2FJelh4F5rJi112oTrM MCNR9tgz1fJD2AtsMNfg0v+61CSLbWxLgtcXzQh6K1HZbNQb2zonbY6zudMt8Vp/+9QaL7et/atk QaMUyhFGbKHhXW+qICy3W/m3I+fz8hA7lNIoFri04YtPMGuW4GfmqaclVFxNOryaDlf3xdE94Ipn nNSyBjC5FaxnbifY6BF2ssgXouuRI/bCKLe3la9Im3+3tzNbDi7Xay5faGda0zfv5HJ5CmP+htrG oYX4uv0s61lHnd3dZvrUV73noyM96VKnCq4pXNuQB9rwZs8wHR894oTMsOyWXXazrd12gddT5/Q9 eKd/zvOISzTqp764t4subqgfuMdE/va5HXx32HN38U/e9WIVz/i5KPudXRb/O6TrDWYUX/rEmsY0 iomP8Gnv9L4/X25qyXxjT44b1UvH7mBHL+DSH3n6gZc+9l2dcdljPddP9i7u5ZJsmnJ5xC6vPNvF fHOcDl+5O7/v2+0bITJTW7Oal7H5qV7h2QM0iLA9/zs/fgMW4CqryqK83zO+gZu2+Wox5bu85mO4 tnqxg6vAAvw/ABy5k7MKrNpAujCr3Ss7ZUM0mktBTHsxFYM2oEsuuHq+UEuI/aNB5cq/Ajypd7O6 eLOwreo1ChNBq3CmmJuhl5u0mUOI90sxe7rBC6S2hOu/tNLAT6snzxNCQNvBq6uqECQ/IRQLEGOv s3I5yWtAgfM5mlu+iAC6/7aTQuB4QdCLMSgUwSzswg8ctHfbwi8cwpoiQd9rpAOcOctrwU0yuM3L v57bKTe0DTSrwZ2Luw3Uuh/ctSbjNV+jtz0ci7KSNA9bP9xjOwxkMeZqvmu7Np+rkkMcRSvEwsTS QatbvB8sv0wEw8tyhj84iFvsQ5ljvJsLuOJLxTHzKZ2bJwpZxbd7Phy0JsMgDI5QjRCkxFfMuiib xbiIj1v8A9LJxUjjPV5kNj7KOc8aRp5biEW8KZxysUSMp8IgDITgiGaEi1e8sACsvUqkRrHARvT6 A3w0wgUswDTsKeS7vE67KEIpxc6aQ2JaRnasgcNgyL/gNXqLSC1UCEy0x/+c0EdsJIp9lCF9rEWL NC5PO8f6uj9UpKgyy6cE+IOUbEZ3ZMZ1lAtLFDQ8rEdY/Mip0MagwEZ9nKIT/MLkc0QoJMZkRMUr PMiEXEmGbEmGfIYaeAamfMm50DrbIzTDGz+bvMlbRIiszEl8rAGdvMpqU8M2lMArpBKKIshnukaV XMfCSACnPAinjMt3fAuRk73DMzmS+7WrxEivxEiM5Iys1MjA/EhkpEFyJMlrsTGCusa2/IO4bErI fEu5nMu4yMMelK1B8zWwjAi1DMyOvEavDM3B3EzFfCuh3MybdEiGVMlb/AiVfAaNYEqnXEbKrIpp vMSSc7dcC0LbYElKG8z/jsRF4czK0bTIYwQ1GyxL1FQIjcBItgzNpZRMyfRNujy57go5ity61GiX dlRI9/JL8OxLtVxOiEA+YSxH8nTJjjwM2YxLpmxKt4zO2vyFX6gB+jyI+ry62zM5meRA4XhH7mQV zAJNzxRP6OxL4VxOuBvK9MyJlOzLtoRN6ZzN93TL9pzL/MzQDN1Cy6xKShyOtnRH2kzK4RpPAiVO XATOBuU8SFxRidBHpExJ2CQM2GSVx2xIDKVPDbVP/NRPqttPV6xIuvDN2mzHEkVQ0XwIv3RRJo2L tsTFj5hNC4XMKH1KuHzLZsxPHtVQLdXP6+RCy1QNpQTQMS3SlPJMvgxO/4UoziZtU4gQ0LU0DH2c TLfkCAltSvfkiPq8T/vUUYToUh+VSh8MDu9MSqhUTWbkquIk0IT4TCR1U0i1iDGVTRmVUNnE0yp9 UkDt0T7d1IiISBAFUBIlUZY8DDPNJzV11ANF0Uht1YVgy+b0SqZ0zPisUTx9TAp1SD7dUx7FT0+1 FFOFShx9yRCdizs41hq4g2RVVg46UeJUVTV11SDxU78xB4Sw1mtZRudMScek0beMzKfE0T7t1YTQ 0V/9Cz+ogXRV13WV1EJN1IUU1YYcC2ZN1oM41npF1vQJTmgVzfGUVgrR0nOVFmst2BrAVmR5TjtF iAp9z+j81iftUV7lU/9yFY509YN2dVCFfFIBFdHuRFSxyNd7tVdmxdd6pR3Q1Mpo7UyARZANHdhr wVZzMFiJmUsbxVU7LYwardB33FFqHY6LVVd2RYiMfVVDXciPZcdTpQqTXdaTPVl7VR9GfdSWlRBq Nde/mVmDnVmiccenlNA6nVG4xFTV5FWJBVqMPYi0vdigjQhiLdWObRfuHFV6VVa7Hdl7xVcNgla+ rNoJ2VNz/dmJQdiDvVbCdZQAFdFLnVEpbVxDzdJe3VWYHYt1ZVuFSFu1fVOHnNuNhdtgzYm7zdvQ bVp97aC+/Ve/HY5d7dTJtZTD1dqJiVsanVLIhE/3RFpf9VWzTQ2Mbdf/jMVczH2I59zceY3Yx4XX iBhdhCDd0nVaZIValJ3a1PUPwI3c1nUUrYVdrs3WzVVNw/jWsaVdixBY/1hb4A3ays3cjPDe7h3R uDVVkH0IfX3eqNVb+41avJ1e2zLb1VWarT1Y2JUWYmXf9qTQS1VaK0nf4E0IBc5Yzx3VQi1e5E1e u31evSVZ/DXZ0NVftCJf1r1e7C3cwj3cSnngjbDQS+3Y+J0Qtu1doVXbFgZe4Q3RYO1cWBVQCl5W Hdbh0c3Xp+Vgm3pZ3f1T/z2I7Y1d5nTJ4XXfpbVYGH7itvXdBVbiATZSuX3Vd5Xf5b1fDS7ZDc5b IIao6q1e9SHhS5lX/7pN4qNdYRaO4stlYKItWkQt04+V25Y81ZKFiB4W3S5u3jC2Ji6tWBDGsCpO VDJ1lKJtW6GVYaJlTtrE4c5F2uHV4zzG3y3O47st3Ur+Y2IC3A3t1IqttxElVQS+lil+4Th24fRd X1Y20o04XhxeiArO35HFZOj9Yk4uJz+9z8ANZa6jzCtW2iZGEAVeZHaV4kZ2ZI8l5UcmXjzO4Ke1 YJFViAq+4FymJTImVw/GPRrm2O5FluBF32M+ZXdd5nidZC3uYkum30tuXk2+ZmzW5k+mWP8rVfYd 5ggRZ8u93H12W0l+X2EF3VleXjDuYeh1WngGZIoN5EFGtFiemLUdWv9Frlzz1dhgbt9D1eOEuGB3 rl/lnd8dTuhHClzJ3VKRtopwVmVUTmmJYGJlfmiL2GB2rmQvrmb69eOTBiPBneeGzmn1tdzfJecZ zmKlBF2StemjJuhqtmRa9uk48mSTpmentghGbuTe7WeqeNeMrgqQZmq89WIe/uqpDiSfzd2xnooY PuZxlmNJPdr3tYpp9mELluV0Puiz9qGrBdTdveuHAGrfRWW5EFF83mhpdl6CDmlotmu+pqKJ5WWo XuyIuOoFxupzqIHKvuwJWer6VeoMRmgMVmxH2WvIhouJ3dKenuqgVmSEuOxzwGwJ6WqEjuvO1mJp 6dIdjdR+qIHc7of/3a4S2yao3s5tiCrmhGjtyi5uyz5uBLHpad5oPr5pxC7u1vbtchXtFeXt4Nbt hBDuv93d21YfAAAAuNjt3h6L8E6a87aN6Tbu5F7t9bZs4bhp5a1l6PZoqFVu1p7Ws41cFyVv3tbt /z6I/+buCBFcX5aI8E5w8UaI9LaSBocIBUeI8uZuAs+J81bwB68BDGfwDdfwBT+IDPfwCPdwDgfx D/+L6W5vhThuzFbu1GBuaI7aa7iGg6BxGgdj/G1xFndx1f3T0vbk0y5A7BZwAN9u4a5wqx1XIrbw Dw9xQnFyhWjwAM/uAGdyEy/xK7/yB7/wEw/xBufyLA9zuTBu1nbx//c+CDIHjj3G6Rm/cRq/g2vw 4dWGb/g2c5e1bTznVNQccO0mbwH3cyQPWCW3cixPbwxf8BEXcUNvcvE+dA5P9IhYdAXf7Q63iEVP CDBfCCff8hMPczDPcCh/i/cmcx6v8+HoY9GN8xqI8zhXVhtfdQye8zNH87+N6sdeTj+XcAIfcgDn c0HH2qngdC1ndBIn8S9vdGJP8GHHcgRH9EsPb19vdmY39k4X82n38mRXdk2vdrFwbRZPbtd2bxVX c5le9Tc3d/x9dYhgb28v9eBY6HJl3c2scj4/cu3u83sPdKttXWGn9hIH9Wz/94C39oe49GW/d0sn doGH8A7vd0xveP8oD/WqCPcUB3c0X+9vtw1Mdto273hWr/FlvXFxT/MdT/JdHnQDt0ns9u/y/vMJ 13dp6fdML/YRP/Zi9/eDv/lIF+9+SO+eB4Cfj/adv3ZkN/FNL/ppJ3hIT/oxb+9wn/NxP3WOh3U3 V942X3E6T/Fvd/e/+NmTp+cg57oqfwiW7/NdR+8ud/abB/i1R3qcf3uJz3Kfh3ZoH/uhF/OZ1/mF Z3ps13u/twqtl25TF/wWj++Q7+qrX3VmFXlYt3j8jnrh+Pp5HnSqsIEasHzLR7kBr3Bfr3eFgHlL sfmDV/ZnH3jSN32D33YTx+6ZF+6IV/i233u5V/vZV329j/up0Hr/bx955K744WB1VT/WVld8kXfz xh/13ldd8i1t/p4KG3j+g3j+zM98KbP3Xl/5P8d3l7f+iXH0Qof4Y9d2RZ95Sdf2o6f7BQ/68Sf4 71967/d+o097pYd93LcIks/6Ot96x+d61bj6jgeIO9dq3LlT4xrCGgoXLjzn8GGNcwodMqxo8SJG i782/lLIcaPHGh0z2mBY8mSNkhlXsmzp8iXMmDD79VtI8yZNhThtWrwp8yfQoAAABC06VGbNpDVq vjxa9KlMp0EfSmxIUWJVqhO3QnWJ0OBAggPDjj0Y9uBEiFuxdmXZEeTIkB/jWkSZ8q5CGypT6m3r 9y9ghkoFC/a5/3QpU8KBF8eUytii45ZMkw5uSvSx38hPq0aEmLVzZ62YzSIsW/psaYVlGXrmPJoh R5Ee4YJkqRJlX9y3X/PujZjnYZ5KJ+cknNg34KHKkQOdDDzqZeYwNUO9Kjor24hcMZ9mODYheNLi tYdWy3vkW9mx6ZrU694u3/d88UqvD3hn8d/OKTu37/+/ToflByCBGVEEWkPkqUXPOfSkxRtqC6Wm GlkUTmhVfW+h95FsGJ2UW3x1LdSXga4V6F9xKf5WWE7H6WTYiTHKOCNznGEHGnYMUnXjYxdSqJp4 F/pYIIcisefhXu7Ft9tte7EmGo3M4cRfYj5N+eJxLka5JZddVv+X3WdU0cOgjlU5yNhZEgKJFlnh obWlhisleReJH+YG35M2lredl4vhJ+B+VrY4YJ+FdrnPPoZWZN6B5OEY0ZifOTgmmmaxGV6Fq72p aEVKvgciiHmFWBKUO+JoIqdBDRecYljmZ6WXyjnl2FGySmVrdLgStZxCteqaEa692rqQrMQWW8Ov LiFaEaLNYtTssjVA6+xF0yo07bLYRssQtNJqCylWzVaFqIPWervQttFuW9F3bKoZZJtppjoik/Q6 KSpKWKF6IJTzqmpYli8G1x9lK0Z5667RIZuwscI2vDBkCDNEXUUSS+wwxhBTvBK2516bKLMge8yt yCSjm+i6IWP/5NC2EkX7UKT0NDumzPvUfGa2IqcLcsprtpuQu9/J629eJNr7YXui0rkvvwk2SnRM r9rU4ooqusoldbQyjPHFmh2rdUsW5zp2xhMrbHa11H58skU7q9x2yWw/G3eCy15lN4IRQTtmzmyr S+3fGYHX3Zttugt10XYpOSJ9nZ6jEpj6Ymge4kjtN/XAVRJ68Nll+/pw151/rfDGD2tMNtedQ3wR dd3KPfLrKfcM++twrwz7OYg2GFpnrudMad/eBk77j5vKC/TgleNl552eLu9edtq1xnveyr+kYpUG wwqoljJmTXrCxy4s/q+fg81SsOPzmjrr6bOk9sg9u127yXCb/7v2ynZTpH9o5aJs8+/8t7ZuzW8l yPuR0N6FuMV1SkRGy4u+9GSVRj2tPgdQyAUvOJqdAGcwVOpPl76Hts817HxoU98JV+K1rYFOdaXL iO90RrcCEg9/BKQb/ULGltzZrEwwI5fw/oczngFObbOz0IRS0y4gDS1VinMe45T2oceRSnqUs1G/ fKPBGhwggxl8TMECBisPZg9rLgTf6kJnuhaaEFiiu8z5RPiTvtEQf/HDoR3PdcQangxmPKSgQm4W RG/R7G/Luga0mmiR0xhOQkCzXhQZmDg6Ne9xjbvKk9ZSwdd08Ysa9GInGUM1gWUOPwXrkxrTiLpU pnB9q1PhG/9Nd7HTYWRjdJShDXGZR9sNEI98XNuByHWmQArQfwC0WQ1q9jFEDcR1iPSlhZj4SEVa z2hO0k2oqGidCHJzR6h6zCe5iEGGdHEhW/xLZTQXxjAqaljGmiUtSxgshKERfbGUJz1n5b7W3a+f MjQiNJfprG/l8GTR4ts+GuQQSn1siMic1lmYeTKySFRw8VJihaAWG5HghnF2ohMl81Q9yimoN1/E 4BbLac5Q+glLPUEMfyApU97s0V/DTCY9fEEzXyxkUj5lKD3clFEkLtGimdKUv+ainhAprWhLwos2 18KVHS7KUYsBpUrHidJOljOrmAHYKZ8zU//oSnX/qSnUKOX/U5zmFKg/HWZ33LSmnyRReXAx0kJi s7g6edQuJpreZ6rKmE+ek4tcDWVXX8NBmG6ue2OdEQIi+9j/qNVBPE2mTn1xWbayFSFBNQ0Tg3Q4 ak52qemRSySdapKmPqhpeZPcN9vCVcNWpKuenG1h0RmgUXqwtDSSbA0iiwDfAohmNdBsW32q08oq sXCWgtcj50pc9aAnJBztiA1+wSTmqVaC/PLmqazql5N61bAnFSd5N6ifqk1XRsMN7nCB+9729say mEWucXkKVNI4yHCoyWi8pEvfDaWnJNoFCRR3M5+0lMo1mIwtYGZrTnHW1rzoLe99MOdY+tbnvcCF 73zny2HG/7RVv2NarmVRnMxrfHY1yRPS4RQ42bjEaakjKnAk57SXBwtWkyalrReBbGEKp3fERo4v Q+KLZCOPZrmZrSyUJ0VMTTXSv6YZUntp3KG8Yvded1oZbFsDSAg/5ZyJPe+ECxvO3DLZt5L18JI/ 3ObF0MyybQ3kfX1Rms8GLVPswmgjZ4xajcAmu9b8qEUkR73J8eiqFEYpkc172zQ/es7EhfNChCtn S3dFs4HUKZ4xyxCGEg5TxgMtI7EsU/ZUF68aQk92F4y0i1BQgk4jc5kfnVXEohfStg0np6erafgq RMkiDnZQPO1p5Sr7vkHtqSNJs8SfGS/GM71rbdaDbRpLEv8opRIvOCEtbiAH2cwYRvaJDvgTY3uY 2JlGd1F4qmwVq/XJZxoclTc1njQxUt+rNtJ6qAvwI8lkeghyLWaCPO5Ik7O8bIb3f46K1JYg+diZ DjHEfyLvzdZ5IcudcqoXecBS61vVlSM4Xi+y0aKM+cGb/At5Y77rcXqStjbPuH+ii0DSJrnibwZx knEeE3lXRL/EPPFBiJ7vS7Gr6YTzt123vOW7wqbGQflGDb5xDqxb58cWWTNhJX3YIQvdPnGVLs+L 3e7gsv3NSy67SzRL9I0TE9T39vRQz26piTPdt+nR8mmpW5unfKPwhX85OMPecKwKWeH1ETPimXzl aPL9IsP/rojPLQ73lsj9uMfdrNPzzW/QIvG5zr02bf5e9SOhfCVYzzrsDV945rA0IzO/cErR/Jha WzHY/927tE3e87aLWPObj/vnL+tpz3tcqKXfu85L/vuxFkngdNlo61nyetlnHeuvN6lKzU1kUDa+ 0pgJk6O0gmvf9vu/Q2VJu4+t5OPDZPnz3jjor6FnBBYvrkkUfmkBXsqpXlt4H+x13/fxxq6dW3qB Xe0xxg45GPqtX2lNmzRV20toWvGxHf0N3dwxH/7pX5UR1bsg1cgF4MAJno1VX0wYnkLIXgJqEa89 nM3dFvmdn4MpiGtR4FipmtAAoOXF2bt1IFAon+fJnZ6N/97ZUZuLkZyA/RvVndarXR1DbB/3vaAM Kt5hnZdtjR8NdsVfMZha8GAP+kzoVV5GCJfauRsR1h8Setz9ud+fvZ+01eEFdsU7vINC6OGJBF6c rNzVeZ8LWoQB/piEpdTi+ZpWQaCPWRGPdRN9TZNoOVf0URwHtqFMdB4cFt2VYZTPVJlcydVT5OEe 6qEp0ohSWVdRbF8VYmEMKuAihh1LjZ2Znd+j9F5skZS/vN1FMCGMpckzPANDCKMwYiJjLF/yKQTo iZbOdeI0RQjUyUQe8iE18mEfTiGXQYUgzt4VHqAWrdTXaVX4bZX5+QWjhElglUfkFcraqd2mNZcd Al8NBP/jPM5jMdKjMR5jMvoCdaCaP56e80VjTJCiKVJjKRLJbAScNi6EFR7gIDLGQ9bgzW3hmZFd YFAVa/COra0jWSWLw7wXrgybO+nKNZQVQhDjM6TPPq3PSLrPO4XPGlWMWc2SrwxL+aCOPblS+5hN G4VcaHkHvjmDM5Rg2q0EQU7jHtbAKVojgShV9v0ENwqiN74iUEglK0pl7q2ZIjrc7mVkBJ4KdnzX jIiQZA0FSOLkUJQkUZgaxAwEMdbjUNAjCb0STbKQGwkLTvLkTKKlXZYN+4RNXspkYKqPU7gY9DVh vzkDvuEhQyBlUiolKRKXAT4kKy5k7HXfRWBdYk0kYs3/3BduxmsdnPTwjj80RGnSyAo5BQKYZWQd xWqeDUKkZbQNhGy6pUIEY1zO41yyUgrdJQq9UsTUEhzxylzGZDwZJ13upT5FjGYkUPIoxFAihGLW gGJeg1BGZ/EAhUFCJlMmZXc+VlTGXmWuIgyKZ0VMJs01nDhqJSPmIBYp2jn4A1bIZw2cZmn6w2kC SGoSxXCZZXC5pn/Ol1ru20EU5lvi5mWkJAvxJnLKJF4Op28G528Wp1/+Zm/K0hmp0ug05xOqiXUK ZXhU5+lpp1KWqHeW4neWVgLOnkNCJItmpq71Ghc+3miCmzqqo2vkZ0c66Gs+aIAGKHCRZGkcRROp pDv9/6Vgis8JmY9ZAaeDFos+2eQ8vZCDVuhyJide/lnwuct0Wid1guhpKGZ1FuVFFORjHmRknqJv eYM3sGh5Eh6MOqQLjmeRKdxnAgZsgSUu4icW1Sd++img2kdkXGlxsiaUAsBFFSiiWgSC3mYxUuiV Vikspc7GVCpxXqqE6uV0DOZNYiiVDsR1ppp1nqBAukRBOuZCHCVkQhKbLoQ3KMSrvioCYqE2FmJ4 0uogcqOFzei5LUbkiOFV/Kn08Ome3Kef6ihzDGpLCotwqebphOKADuOjJmgLLWmG2hOlNqmlRimE Sqo8WUaDIqnYtIR0gmq5XoiIkilGqOmZEuSqWk+s1v+ArFYEm9arvBYgDDbkZBYiQ4YjONbIjT6I eL2ndhgroCIrcmiNppmlfy5MfLFmPAlVZAQjgtLjtGIoxlJppOrkhWrqhN6TtXYsljqpKmUsbPob uo6qmFIn4QxlUKQpUqrpNLLrvNSrrLYqrMarvN5sV4Qnet5qi0YJN90ioFKFfErE0e6IfQprfUqH whYbwwLAwvInYYaPkk7sxXprTY7NpR7pSybnGSlpb+bTcnRqxlDMka7QSw6n2DpSabismL6tUEJn QrgsdRaFmaZpRUQm4uBsrP6tqwbuvNbqnL6gm86qK1JlgfzVNj2EfTZtfSIt5CrEn1YugISYfA1b O1b/XFBQbD3mY7I2KVFJ50GI6VB26ULArd3ioZmWaIpWRALUQOxySavOa+3u7ODG6+BWZb9episa rq2+KIFgUp44BH3+qY0cLeXKJ37q6OP+h9uBGKYFHegqD5UyUZfKLWqs7um2hcyaKN+6RALM7ozY 7M7mrL36bc6uYtBa5XjOKr8Ob/ppRWlSBPPO5xgyhLAiK8IyR+Zy4AZe3M9VL3EtJum+yXWe7txq p8yiavhixPjKbqbNrvH5RvpehM3ers7ybAs25FSuqPAiruL6B/Ey2ELUr8E2b0TQZ6Baboy83fwJ MJxVMAErz9yC6pd2791C5wKv7k9sJ9/SrEWML/nK/y4CRHCx/ccFW4TuAu75OvFLxG/v7qvPmucI D69rnabx2u+B5CfTnvDk2ofbFZ8aWgTm1vBk2W33JrDq5nDqQsVSMuV2XgQRx24CHPH40vBojIm9 om/t4uy9BvL6QjFMvOg2Gi6t4ioCXrF0fFPSJi1pPq4kN+0XG6x0zPAa/m8ZXyIaPxbcQqcb6zAo jzJjrqreQvAQ3/Edz58eBwVD0WvH+W36Ai4UZ3ALInIi56rvFi4jN/KjxOcK0ydbKG/1UHKgUu7l flgZn3ESb1onyxT3MsR18vAn7/AoLqXrtkTsHjEexxcFN3NgDFPH0UMTk7MGM3HgCm4Hc59VemMr Hv8yl6ifVOWn8T5J8xrr0h4r9K4h0MkXPz9ze02zAvtwAltzKT8wKiuEKkuwu6lhK8vEfuFUMnkD pciqOd8urN6r+aKvILuEmxqyrlbm4bpzjHjGsDIvsQbrCiPzfVruPbsXxgGwMj80QKfKQPvwG48y TvtGHtpxHhOxZG2zBvqFWh1dRjuI7ZIz7tquRi/1RgOy60llv76pvmJmCJc0vyhvfALzBKnw/j7v 0lpyh1mcBi5zTU9XNRd0Dqs1T7euHXez7OZx9BK1RB8dUgOyUgOy+mY0X9NrIUekIn9fSGOm785I NwkzMCvtsVZy5TKtCl/uPzMzG541NINyD2PEAtf/B1LGLh/O7h1jBC8ChThXlrxW9ETT8gY3tR/b 7u66HkNSMS4n7hR3yRhGUFcbbz5PMmS1Yz8PME1TNtFcdmYrMHKoamMasVDz9iaLdjIRE2eVdnPz 8ZlQ9FIHsizrNVS3RDfqsi7/LmHTdtI6LjFvNTIbs3lD7ksTiFkLYRIDtydTs0DfbWa3dQOfoh0T X3sDHXMXtXExFGvzcc7m9QX/sUbvtUxQ8b4SdoIbSnhrNVc/Nhh/tVeLNfQqc3s7s3vPVFp/KYdL x1Fup0MD8IXnN0SP9jgr9V3PcquasyAPeBOfbxRT5lXiqkgrSv1eR0VMclin8PK+MIZjeIZruA5P /7NB90Y1dufMNvNyx3CJ/5RzE1O9XrQTI3Ve+7F1N3V2Z8T7sjMix28vz4hLW4QlN7b+6vPzbgmQ B7mhbLhAzzcp2wdCO2ZkMnn8AUZRr6+ALzFfY/fu6uyB/247v6lVp4pjh3l5n3CY67aaZ/hNE/fc ivKJnKoD5+HmuiNUQBm0NfdES7RaxatSM0SWM3Fra99UurMHi+eXywiZgzElv3RL5zOiL3qQ33SH s/VO/4ccm6gMgzOvu7JbhRpO3WwGo3isXnSL9/Ufj7qWX+ZHc7kUF4oefvUxH/rBwjqryzplE/kO q3GbFzmBqCo2gzOm/TZG3NRa9XeU8zFrs2mnp/82jL87VE6xFW55qn87ZPoDQeL7O4R1eSf6mH8x tj9zNH8ywatxpL8rQhPbz5F7uUtZXUc3f0c5RZ8JxT+17ma0gf954l7h+/ZJkpfmvut7ZLr6hJ85 tQe8wMu3m8f3tms7gATxiWJerz9FnfV3RSC1U9urOddZBjdxzys7FUalVEM7wpsyvuN7q8d60rd0 GKN8yvMwhw80NW+JQborb9T8nffUTRU7dbM711d3Omc8eeLySBtK3uYhfqJ98478qrd6Y1O404Mu rbvxm7u8m798qr4uiUE8p5+7dBf7Uqs7gVs3a3e0ZcZ2qrhrtE96yLdwrFt7/8a9MRL3Gz86kbv/ /JvPGcXffN/jfOdLuZRhNO4WuNC1rhxLen1Ge4877/6evORPfrev9XALd4cjm99T/FoJ7t/qNYCD Or0Ke8ZZY8wKf8ymvlcbM483/evn46PDtzQ3/7Y7f7A5/CuPM54VO5VTN0cf+znDXbh759rPrKvr M0svfydbPhvTPvfOPbqdO8SbOznfdXS7uDr3cemDL4qm6dEr5X2GfAoDhD9/NQYOrHEQYUKFCxk2 dPgQYkSJEylWtHgRY0aNG50l7HjQWUiQHUmWrFFS5EaVK1kepEfP5UuYMBHSrPHSGz1vNXbm9PaT 506eQ3sCHdoSadKN797VYNqUKcKnTQ++E0iQ/6DBqwcNKvX6FWxYsWORfgR5Em3Kk2pDmjRLFu7G mXNl0px58+bMnjhh/uwZdKHRuINVTnV6mGpUqFG3CtRKGPLEP5MjV7YcluTCt5nbqh15GXRDmXjp zo2pM6FMvweNCmUdGrbDp05nJ64q1SrTro55xwYbr0Y84H9qTDZO/CBx5L6/znNeYx5zjR+pI8y8 NiV17dIv38373SX4m35bAyZPHiECBDXUq+cOenbCxPGrbs3aleWdGvrv6AcNPDgAi/tjuOSKM/C9 laJDKLoFG0wQIs7S0swsz9r6DMLB7LLpO9PCY221EF1bbaH10suQLKoWUmwxFlUMy7/+ZPSvMv/h bCRQOOKGo4xHyg5EUaLnoGvwOeeIXBBIharrbLsJMUwyspc6FK8mD/t67SihBGsvofW8PMhEKFmC 6rDbqqoNsbH46+8g/iwDDs4Ac7TxxuOUG3A5MRMqckgjh2TwICLFfMu6tZS80LoLPdPzq9FS+3BD KT9EqCih3OOSvTDbc489RgujDVQyX1ysTK9idBMhGgcTLjiECDwIwMl+CW7W4xTKk1E//zQSyV09 dRLRYA0dtsJfxeLwLivB4xAiE7181tlOvzQ2I1LPvG2qqEpVis0192MzMgDhjGey4X4hl8BfZh2w hl94pNZBXvuUd08ke83QJEOr+2zRYak91jv/KZkVOKJoM+1UWkw5/feiFrWdr0xtTU21zf18m5My Vgk0zlzj8MQ1yQf5nJdkknXFl99CnzwLO5UZBivg0epittlLMQUzPU1ftshFhxEj01QZv7UYNhtb JdfGc3E0TmmPk1sOZAj95JVqe4X8M1A9t+vMI4+WJHRnpWySlGCKoOX00i4z5TLMsCV6sdT54F5J 1Yq7rTvcAoNLN8dyW3UX8DuRi5q7qU0WtOoiFU9SQpaJZUgksN1utCaMFkZY7ZwRnnbyh4COG00Y FYqR6Ij4Of10hVDnB6HVWa/hdThZj/N0pP/gR1Ycc2T3TjGnFpJq6PoUfvh4GVfULbTOitzf/84z vHnTg6XF2VnOnW9IYmzFOnVoVVGF6PWDwg8f9vITYj124XCP9fR0b6ezTncHf5fw2I60WleRFReZ eE+ZbPk6KLkelNLWtrUlbGEGHOCKQBUxGHWLIdwznerMR8GFzA5WGFTf+4CzvtXF4xe4m8z4iIO6 8zEHcfcL3q5SCDytLQ+GTELUAiGEtoSBKW3TsyENI2Kb7c2oTRD01gRPSL7WMQSD4hMcP+LBxD+E 8HawCmETKSPC20VRfEe03/CEJy/DebFkIwOShb7GFh6i6EvVw2Eab3i5M4JGgnYbGkWMiL6GuC6L 4podgJw4Oyayzl1NdBfuCHlFLNYvNL/L2v/vqtZFBzHoasdTWbGwI7k3WoaNClybptA2LU1eEi7c c1PdhEbEI44vdRcsn9Fep6P1NRGWrutj+Qh5IBMWbl4qTBzWctnF/mltM1y7Diil40kdHhCHmEsm MQlDo1J+C1x4e0gdK5hFVZKviQEi0B7RB8tAtqqW6BMcFlHIwkDhj5H0uhcvocQ8YFmSmZXpJDI3 t7noZS6ezSwduFL1PfCd0JpZpGYFmbi34KyvhH88VweRI8LylbCKWkykOnOZzl768pzrbOeh8skc 623SmNSrZ0ebebdozhGIplud6lYKu5aKr3blQhpCXTpCE1ZROeS7ZUAnirX9BW9kjcyoRiH/co1r 1MCoRiXpUku0w5zd02DRcyNTvyI0CBJNmpBh1ZycEo93CEh3DvHRj3Cpv5/uMl6RfFBFjnqQo7YV qVSl6uU2VddnjVSZn5Qr3brnTNL5c5qyFOxgCVtYwx52sImsqKC46EWhilEiSY2rW+G6V5JC765T bSPOlGnZlgiRdNB8plZhBT9WfbU4tnsa7xDpm8TxSZ2Ole0vI/LWtyIkqUr1bDwNpjl7GlCNu30g Vp8JWK327UB/QO1Xc/SOHgnOVRla3Ap/6kvDOTIjt23rdoVLzLsypJPf9W13qwrak5buuK+yUVS2 WhXlvNdjtkrQax0bxvsxhKgJUWpl3YrU/9tOlrxnbJvNogUtzo43wCoxKXqJ+5/gMBdATfEqbbQF NQP17j30Wqx1e3myrNXWtgqpbG51m+DrZTKBUeXsR02cn4RclZ+XecpWnRvhxPTOVoc4xFjn20JF NkjHvHwkFx0y4v8uZLsllkiQ38jkjDiZO2c7JgIPprAWI2VNqPJWVheiYy8fIiFQ7vKXwWwmpwzu NspVLqjie5Ag1+/LLRFzRGBrL+w6R8ePhS1EyAxmpepYt3A9KpPnrJA5eznMhX6Iog1N5q8wesll bnSc3SzpsRSayQjQsYmC3OdOO/nTjvY0Qhxd6UQ3mtSUDptVZ+S9SKd6IlAWM5pI1RTiUP8FvpOB tKnlbGmKvPZw8wjyWodMW4YAutJKjqtkcctrhxxa1rvWCKh9zRJpL7ra0Xb2pQ9B101Xuj2b5rSl Eb1tU2Na0tQ2d7nVvbOrjs5iXD41rGtAaFFX2ymO/oOOlRNqL/e71NiutKoD3hBoszvdYO4zkL8s bDIbKeCqxi2g/1xmZPf53HGOeLYR/ml6E9ziEt+2vRHOa3+3e+PlrnfBzT3wk7s85CqfNMm/DaYg a7rkmYq2vVG98jH3fOViFnnLg07zhCNa5qEM4l/l+OqPKzzhPh9zVHT8jiA3per/9nm7BR70jFME 0h7P+CHwTPY8/wnRDlc7dMQu5msEOan/FBf72w9hVJ7/XOqJpnne2x7yvB+b3FCH9d1DbXLBt1zs fye61NWtcq4b3O/1pLl6br6enUfe2dAGusQTP2/PZz7mXr92UpgOzX463fB8jznCn5L1HRfn08bh N7+JI+27bx3fkBc4tdVe9t5DnOxsN3vUGU1329rb+HavO92JfvvBI/3wuP952AOvepjnnPHR1/zj Uw1y0P+d+3jPdBo3rfEyh7v6ib889IEOfswXHfCbj7zz4xLHpcf42dWXfvO1v+OrW93/DoEp9i0A 6a3rGi/34m/m1A/qniPP8qxIzk7tRg3+xgyu5E7wBs3Pbg/jFA/3PA7lHC/6FPDrDK8D/0PQ+oqO ASOC8MrMGjqPAhfw/b4kznDu28Zt3rzPAHdQ9aiN5TxQ6KIu+xaPLFKKn+Tt83gu/KQP6wSw6poQ AJUrCvmNCJ/u+cDO1xDw+RjO53gFAlfu90jQrbRN+pRPA1MPDXPQ77hPCRPQ/VLQ0zCvDa+wBD1Q /ELOGmrgBQ9hD/OwCuGw2ijPywRR3HZw7xRP8zxv6OwwEQ2wBf9QdFwNCeWPDtnv+aDC9WovEzWR AAdu8ThwBPmv5ywR+rhw2BgOFbVQ8ZgPqZBt/3KuBd8PDfvu8OYw/6zw+xJAxxKAF1FQFUmxEYdw 5awhD3VsDw+iGIVQDWWx+1av/XwQCP/xjevoTxiFMQhxkRohg5QqogNNsONE0Muo7t6Qw+iYEf5C EPv07hvLsQvX7t5gzeHAURrJ7PhW7+KOTgWZMRFPUARhbsw4DyBrQBfLbCATYBZBjtK6UR13bg+9 LBkXEPIQUgyDERpHTdE27vN6cBoTUgezUZ/6ahKfzA3PxDYeRjGwEF7qbK02osRC7MiSDZQMkhcF 0iAToialww8TIievjJlczStGrzayZ1v4bCSBJH8waiX+6yUlyxV5iBefsiZlUiYPYipDww/zkBhz khj1cHLohCcH4wdlo4FIsqN6JZJUQrv6q61Kjb+c8iarUiqt8ioRAiuRUQ93klrE5Wj/YOUrE0Qo P6cvi4q/kkzQlG2AntImZ3ImaTIqLSMrH5MrIRMvfyVO9tIrWSUwmeNhhjIzBdO2Aq2/zkgxFxMx qXIxGfMy6rIh5vJfLnN+eKwzY/NfjMy//KstF0gqbzIxBZIme7My6hI4H3MyGWVcAiS5emQ4BEQ2 ubEoiWn08G4w0vIlqWXXoKwqTTMxezHpcBEptjIyv5MrkeI5V8Jo6qS9NuZOlHM5m3EJSWo8MzIu pnMUm5MH4QLdKq0xodI38zPIdHM+leIqt9I7WXPazPE9JwK5qPDNCBBHWmU9KdEO3ZM+oTNDxvNA V+I+fa40qZIhFJPJ/JM7W0JAA9Qu/8OzQCFRKTbmQMiFCtGFXErrQRVx/hDSB48uQ7OvRufRG+UQ 6raTH9fxIIFUBdnTHiOS+MxvO4c0LEst5XKU4+LwEGrS0eIyH4WQGruRSWeUGL9MONnz+gAPSp/u Ijmy0oTD0eJh9r4MTQ9hTWkU3YRUSdnRH/MxDUPDF5WxEvsPOvsuBdXQ+hAw90quH78OFL0u/lQx Gg/y++6wPgc1UZeQ5PBzF01NP6vxESetDvl0GIPsGEsUUEXRUG2xEQ9xQdElyNaUHANwxzox/K7R BEWvRxEvVl9xQrnN+1o1FHGVDh1xHgsVUfd0BAFVGTsP1RA1GBUVVHWVV6cPT59OSv+jtD8LMjdX ziBRMFEz1R4R7RizElj71E9Tj/rEFMxQtUE7EVWBQ8fW9EVXsP0AEVybdf9wtFa57VB/9Buvj+PE FV/BlEf/NAF/9VOJNFffcewWsSOzVUe9deTslV3/UyB30dNIs1r7tRqXlQLjsBkn01gT1loNFkuV UUdoj9/QtQB1rQBlFUIfER0tUV6Z4z5HNQtDsVtPzfawbwUZDWCPVFm/71eJElkPEF7JUEYVFg0H UkNB9Fkf1kr18Uj5dehglmgtVRaP1eUqTTkARGRXlVXZlEDStFFjFhvXsGmxtWp942XHFhiJNlJt MUI3Ekcj1F+HVlPj9W3XNmhnNA3/M3Rn4xZWPZFRtbMglZYqb4FwbyEW65Rnh5VioRZSF7cW89Ub SdZoOHHlZI9N01UT37ZdO1Zs81RPFxY09NZNnXFO//FeS5dCm5RYF3JqyVReW5cjY3dMN7JHcfbl KHRIv5ROnRbWBtLLbiEhClfHCHd3r3RpZc75FjF32xMjW5Z3rfHLTJYy/i1NX0VOITJ3oXd36dRt 63M9L9RYwNcp95M3yxd4awB4CTcBzvd8Y7RvfAS+0AVPMGZy2zUpxNd7YxRF3QZ/w2K/KmMqc9Mg gZcXC5d4b+E02/dBdSQ5CmSr2ux9XzRP+rfrTlR/dY+HwjI2/tcyoHIqEXiAC1cg/wk4fRV4OfVS R+TXRQ0KzdDFcpNUPOcVdy+YhpNC0CJDYtdXh9VXh0dYhNHXhGPTdpYGaVh4QCQYPVtrPX2BiX2h ht/oM+UTgAd4hHeYfdEXi7P4QZFYcLZKfu0kiZ+4BpgYIchYjAeIu9IYwOKiMQ0YfXcYiA8iiIM4 MwsEjMtlfthFThCEJRSzfC+piZ14jJt4jAv5jDtnv5gvxDp4INU3fde3fSM5fd13nJBjR2ynb/QG KfwTRGnI0cw4IQRZDOGz1x5NhkO3VtfPS0s34IxvjQWWld10ldF3FwuYeOU4eEv4gpEmk8NqaZzm RclKIzw4Kk+Thnzh7shYlA3Zfv/JgoJHGUhGTwfj9Wajju7iTMkYd2ypOVvNN45zGYvpWEzs4CDs gJwvQ6b2RkVj5cJ2R4klolJ105idh4l1zImZDJnj7J7h9Plc1+ia0R/vzUa7OXtnWaC9VB77lWGr 0G031l+d7CW1eVereXjDGYhvOYslGS7iQyg14pzLGZ0RBDN5x4UvbCXe0jTl+ZjtrZ7BrKVXbp8/ cVb59Bd5NFYpGnEVEPoe96b1NGCT1w0bepsZ8JrLbDr5caJ9WmctjX0neZIveqM3cywtgpzNuQaq 2pytujLe62OcRp3l66R9EyHyc4AEGePy2ayhbpnb9nNdl24XlW3ZtWaRVWWHuq3/U1lx+ZabWxHZ NNBHlTqpAfEQDviAcfmWdTky5AYjtLqqrxqkIyOPYQXHXqXNVAKlOfQ059ltYnqMT86e85l577oc SdddP9D8QpR16RpvHdpaYy2vWduaK9BnYTuwXa6EMRqXtThFGkhFrGUisBqry9mqtRoy0OyIwfpd WqKY33I06bmQ7bnS0NqJlfkg8lmmBdscubOuZ/ZGL9W7AZts4ZYEaTu8jW+uyXuvM86NL/qpEUKc kaLWRMW3H+Kjhfuc71u4tzpjjlhjPmaTM5sxSfN6yBif7Rm6rTvIrJut+1So83a17TpZv1tRa/qu SXlZydah61BuITzDV85wy+yK/9f7tsXiczrazBwCuIebIYg7pJNLmJMiLpv7sjuHkDsQtKFbtg2V ZvPaoJFXU/+ZwQ8OFvEWehP6c0M1ULM0oXt8Hf9VlmN5yemUsEP8sHU7KXobaOQGMFd8uD86q7Pa sWHDTrraK2b8j6+Txqd7kKdbkNW8jKv7kCfnmWM4ozP6ig17LORbPtKEMxPCyx27sa8auMPcMqAG rL9iWgVYszd7kNfc0aubkNc6zhlmznvNqXNbhH84z0fFRfgcIry8y788zFn8jWRcrDt5ctZ6mdU8 kEF50i/iHA4i1mtg1j1rxMM5xK3cKzYzvrdlbvy8sYOb0PM7n4wZ1Wm8kNkc0v8fXZkl/dUj4hyi ndZjndpr3dbFmcpJPFRM/Gc+XdDBfNhHvb6JCcBBSdmTnZnd3NWf/SGkfdajXdppHSHiXa4k2YA1 Pc8pLGJ8+9cXQtQBHeAZu9j9eEMXiM0DGdIPnpDZHdplXdbhfd4Vwtp3K5K/eaNPnKM9vSGEHdDv W+CXKoDNndUNed3XneEl/t3dXd5V3uHlXbiamjCCUiqwRarpO9jHXSFw/uQro9kbPdLVfecZ4t0f nuin/eEh3uiDHiKsReb7ncvzO9gFPdyVHjKo283L2OSpnt7jXeUnPuKn3eupPlS051r6fONvXuq/ XexB4+rhvNWdPehrvdrBnuX/h97dw17ss0diepsion7Q1943zHjhRz7BbOEgDL8GDB/xkYLaXX7l q33uub7x8Z7qfajEL+LL/R7wpaPZV528FH/xE8IWFL8lWD7pG3/lj/7uW16u8iXmHWi+F1vYSX3z Q6PN4dzEFn/0RT/xd18luP70jX7oEwLpk56qhAme8t0w6EMlaL/2qUVdDmJd3sj3q9/3Ex/7Qx/W jV/4iR/15R78j99xlCc0nP7590pdpn+AEF/32Z/0Dx/7fz/iJ/776R71i56pGmf8z//5o39WAOJX jYE1BBI8iDChwoUMGzp8SNDWQVsSJQ6kaJFiDY0XIS48d65GyJAiRYIEOZBk/0mULD26fAkzpktn zmrUPHhTps6dPHv6/Ak0qNChQ38ZPVqQoFGiTF1qtBhxo9SpUit2fDly5UmTI1VqTWmSoNemZIfe pJmzrNq1bNu6fUt26cCldA3CbZoRatWNTzti5EvV49aDXrOeZIk4JcmxdxsPrHn2sePJlCs3nDev RmbLnJN6Lii3s9C/gAMD7jtRZrySNVajZN319eLFYEVPRkvTpu3dvIluzry5d2OBxD+DFh7zKca8 VqFa5avcZbx451aDnY5wq/bZyBufRau7u/jxlzVrxky+bfG5So/aTb/wr97TV6M2j7pwOvbWratX 5+9abayJtdKA8DWV22NpHf/IoHDAPdigWkgdRFxoEV7UnHIVPXefXhvmt19/rv03EHYhqjQbbYRd yGKLLnqE3otE2VVhce+xyFFpEXGU4UQZzreadQRNB5J+XVHXmnWHcTVYbDI+CSWL6AFnXnBR6kRX ezdeuFxGqUX34V5e6hWifgASWaSRLb0WFopcGXhlnHLyFiNBVs4J0XpyVSjjc/X5mKN9qM1Xopn9 hYRkiUX2x19LYbU5GJ6STnoXhJZS6tF7E27ZYI49eugchjraF6SJ+wXpX3VEosomYYg1iWmsspIV 45R3zuoQjX1iGCZ0H+YF3VQ8JmldqcYidKqIhhZGIK7OPvtTcLdCqxCfV5L/tmOogeq4LbFDIjti mqoiyt+hhyXWKrXqrssQZtOyK5Q88gwkL2d9EVoVhxryuKGZQSYJYJLkAmzqf2gW6Ca8Ci/McFnz PlxvxI3x6xdpHora5VXx2BLit6eq+q9+QpbqJJNwNoyyjHbUYEfLLK+cMlMPE1QvvTXMO5l8P9a3 3I7CcrSxv8WWeN2/JIp8aJtKx8y0iy3DjJDLUDfNU830zjzzQTi3BexpXec7KsZIJ0s0sUiuGjCR 5hKYLtVuk7dy3FMTBPPcbz8kb94378331jTDRSi29AE7qMdClnuQkohTRx1KBSsm4N2SC+fyy3K/ TDfLmE/eUN5Y632131az/2XxVfeVxu++XhY7sqGMny1ygGgqaRjntncmNdSXZy717QxFDPreOI/u N9fD+mz6hhdjOJ1EYxtrIsAEN6rqo8z6jn1jT2sed0J1D1R59jTX7PnNehMfulvzfW1xmPIVynHZ hiLLKOOsGVn2kuLvz1b4B/kfvsrJzW6TE53E+NY34I2Oa36pWLYCgy2OxU8hsWMdYVA1u3+9iX8c 1Ak9BvLBDzJkgFN7WvdGSMC3ee585rua8GxmvuKtJVAa4lWwnJOXjrXucGRTlKKix6gOClEmIiwi PUQIvoV0L3eZo9v2sPc5rUkxhjEcngyZcq8x5St1OGygvwhWqoS4zlRoG/+iGV+CxCOGUCEnLOH3 MLe93vmufC6sohStGDyggGOP8dGZ8nhVkT2Cw09SiYcgC2W2Qo0NkUMr1+E6c8gzzkmNBFmjGj8Y RxPCsW7fa2MTnyRIcCAklEEJ3gHPV7zyZe0nkWzIpxRiC0F6yS+HtKAjw+gtDQ5Jl01pJUR8Kcko hbCINTBiEwW4O8txEny6e6KMgAnMnmwtlXWE2PCqqUc+xgdjPfNRDQ75R6nUEmm7LJsjEzcytkSz IesMZpwseUzNbe6JS0zhEqFEyoHk8ydRbKHVVllF0F1RJu0E1PuYE0s+0lCfewzZmRQZsHIibqIv KWhPLOrOBg2TkiA8YiX/BehENspzpPJMoU8SUAOUJmClb2klRnVCvhZSMaYCpaNPMHqvG/IInLNk KDgeGTv5BXV6uIzJS3Vy1IzCx6NM7WgleedJZv4vjiF1ZlBQOhCWYnUtpEwqTKYp0xf+LnQDNao2 XbnQMSV0kMfzaRjJuTihPXJ6ZhUlU7yqVPEQs5gb5Wsx/+o9kFJVqrvz306wylKEJFadfIxmKO1K EF+2cporfCw46mXZyx4ks5B9CGdHuU+JSFaba13rWb/ZUBNZFqgRNeQ+fYra04L2sbGNrShd+tnI ytayeV1qQob5Vzus0aTnkFtxPcnJAQJlqyrN6mLVQtvN5ra2uoVsHuXB/1lRYjezw8uuZ73rU97C 9iKRNK14Yxuk7B5rtqsN72vZe8jP4na68z1vb7tDSY8C9pLCpcc9TXhcO6DEhP8d7GFX2tyUIra5 Wy1LdKsL4fFK+JoPOyTO9gg88wkSs5F8b0JGC9n5Rngj5d3nfPVTS9uaCpEiDq9HQNxZ6tp2xC2e 8X3JY8xKcpR7ImnZcTc3EnoGUI4y0Wpimevc55IFmrvVJoh/Z+G/9XPDEpaxQphsVyyPlyKyJHGT s9xQ9AJIkNBLEpkB1mHZsvO0jj2rlqn75hv3BriWZKp/ManJkAzwuNxRJmENCxMkM1irKXVLnMf7 ZK15jsr/pBd35ZXohf+8edJsdvOXEZ1dcLwjHu/Y9Dv4Q2YzpTnGa+5sm0N8aThn+knU5Jx+n3rJ O8etuJtU5tN+bNUkkrTIKj0yc5W85FRHONL+nFeUFZ3dvBH7w6mmtKktHeNRtybTPwXjakKdXier mSHLlrGz3WvfBuGRwmGd3F7VOLUAK5c7AgYfrj/ZEyP3OsFZLbSDhY3pZ8cYdJFc4XYxDGk+GrvS pJZutLV9cDDre8T5Hi92Oj2yTkM81MPetqQJzmxUJ7zhcTogDK/5NiNesqNIBLCA3ai5AKvknpvj NYIRrGCYM5ir+Fb1wqc4cO1mXHj97rbBZ1tlm/886NIWc/Q4vZpNi2z/nBz/JcaBTnSEB71FEssa KgHqtjQisZjJpfWSaO1usKwMJMg06UPmfRCYE+Tl9O6lmmucTw9TcbT/dnSUfT50G3sb2grXeN5P XK7UepporvX71Ln99L8nvsYMFXexE2gzyma9zjuedY/VTZje3drrmdTJy+19ZMXWG7pvn65tH4wQ Zcs32TnP+8Xpa3rwnv7B9V0tp2uw6dZ8WvZe5e2pq5tZGssePmBdZatheLdXu9u4uStugFkG9iT6 OIAHHvTaFdL2u1oc9cCX+wEtWzPY37zU4eY+uPn+XiyHUum7fPjpof7irpZe49xXP1474/EV2jF9 vVF7g3tTT5WDayfn/2MlJWB8BmhFFnP11muFFnpscQAHUAMSKIEyIzwyZE1UFCsQp3tKNx2dthv3 JyNW93hgJWXIZxn/d32U02OKcWv09GcnlxUtx2srmHaI5VwQOIEROBAUSBRY90Jl5SwgKHED8WkH 8QeUIYIvon8neEoQg0CVsWD2FnPAZhl8hnkkcYAvKDW0Nn00eGBJlmRIthYUGIE8eIYVKDMLhILP AoIEcYRFSBB/QIdJWAN22FIWNyfkY3VWlEAxxRloJ3oLKBoz+D3qNmswg4BYuGue94ArSIZkoYZn eBCUOIEWSEcmSC1ECBFJSIdwsYRUB3KjCFBVB4WT8X9TOHqFGGQHiP+IKSFksZhrCtiADEhoKtgU FciDBGGGPUgWkicT1lADwkgQxMgiciiHd4iEyhhMW6JA4wONQZh6qEiIa2dkCtYZtEF2lmdyhzF9 zNduV4WDCYaLQ6GLO8iLPaiGvrgb1uCO7ziM7yiMxnghb5gQnviJ+XhGBnEjBqRoffOHQrgWtziI 11eOd4EiJNRjBGYY29g7jMETg7ZghCaJ6jiJl4iR6Cgc8ziMHemOHSkndTgQeIiH4mMtNvMLGcZ/ pmRN/eQWn2eNo7dYVtgY2jh2Zadnl7d5PgaRV5V2NsgUPriOvHiR6tgZH4mUxTgQ8Ignn6iM+rg/ /LgeFwiFp/SPJ0j/jaCXg/JWi5XRFZAjgAYoVS+Tk01BkWynFkKZhrtolGY4lI5Bj0s5j8QojwcR lzJih07ZFqE4HnsCGlOJNWSFTR/nT3DxXJGIltVIGYXhFS4DdlvBk1LVk8ulmGWxi2y5jpbYiyDZ GHFZl57JmR8ZbAW3E+2Ul8y4l3rIl5WRJceRNylpfIXZhIEJcm0xb782hlpJkwi5QZukZysHfY45 g1Gii8Vpib54ANaQnKJZGfQ4l885l/H4EhASf6SJVHooknpJc9a5mpQhlUgxMykJm8f3j1gnkETh a1QYk6F3kAjpJFoIfUEGiwJ4LnOymelIgfNYgczpFs8pnQnBnBzp/5EQ8SC/UScLcQ01cA0LqqAN ChPhhhCnaWiqqYfd4R5IsRQPM54aiIKB+YeGmYNVOHO7eYVvgi7JpYiQczIyMpTHaYZ1mZz/2Rby aIz8SZfRaZcP4S7UeR7vkqADwaBA+qMVZX6WUVDd6Rg2YiEXSJiCiXMf+hZtR46ISaJw4SiJARvb ATnDyaLnqJZEmZwRyJRL+RZ1maNKiRBmOqYLIS09WiUIkaALGqRyShBD6hJIShRHWqHioStGMTzF kYHV5HEuxIZl8XnjeJsOGKKcESlc6igJIRuTGSEHcEhnWKkR+FjMGWnxpafilakCWn+ZxZ+zBxyt NA+CFBxxCmEJyv9Zdvpd1slwjAeh9gV3e2qhSaEr8uAesklZTWhH54met9lgFBmT2SgWWHqsWQop cVKBgoSp6BdKMbqpwfd61LZH8whe1pBd8phd7nJIp7pHECKnP3pIC+pdQeoQL1VfFUets9dieEce 1rInsBmN+7cQvhqlbDeRW6movFE79bkmkdM2LyKBlSpiBatN2rp4RxV3DSt146WwfBSxdhWxwKcZ 0kYlGSenpHQNoaSq6WqrNqdwwvewNsapGxchuzoXfvqaCsRCH2eeqDiOqxii7VmTDakdvZkiA8ui NvesopSfh1SxJFudP0eMJwuq1xpbSCm0pgquIytjCZoZcdqxe0T/rmdVteDgqogHq+zaWCULW872 eyyiKRhabC6rgbQJhC95gzOnlXdxl5CaHVrxr8nKsy5iqbS3R2xZdBKWVE92tNcqtIELDu4oSHR5 uO5KSplhWb/Roz+atXEqSHQ6uQq6tfBXarMnssFHbe51ZSHLpxPCoS/bkgNVqI2BlsOqnmvxmXHr KrKxrCoiK5bFg5HUrGDLeJk7YhFbsaLZtAm7tIqLqhdLW5hxDfNwvMjLoOUauUBauePKtU53W7Q1 aqsHXrMKun2ZEKf4N9uriVF4F7iJdv7XnzfqusnKNjP4dbP7WBTorL7Yt3vXtbGasBV7uL57rUM7 jEV3oN0HDu6i/xnJO6TlGluq6kvounPSq22oxXCYm3FjKyNLikDjNkVUCay2WYWrW6ZMmZQNwaUr 4iaSGiX7RKl7S4nxm7vRG2GG+7UUu7/5m7gvDLUHYaBPK0rGi7x1wqpWa658dLVaK6SXe3ifW72G R8QEgRsQhqcHQmFVN41ReMEDWaw/ORnwOKoM8ZVf+RXsy0dq+L7y23cNrMKwha1SJ4xCu7TvOLim ysCl+q07GiM/LLkEN6QI7MBci3DadAu3wGSwBRmoVRPxiymZqH9N/LKd0YCqCxcf+Qw18AzPsKYe jDCtIsJxkk+1G3viV7S7+7ui6lPcCq2hFByiPLXAcbwN2rzU1f/DWsuglzt8r/dze1wDfJxdgVzL IivGHadoVxdQpyuFOOgYj/zIHmkNjXy+WPyoznKpQlmkmiy9RivDBge8vPuRg3t+dqLKCprDxmu5 zEvAVga9/quuBLfH5TzLmQUe7ooW62plkmJ8hzyoC9PIjezIwwjJkcw5S6wWNJqUNYqjnymd9Ggr AIyqyesuH3sQkDundWq5dAoXsjwQtzDLziDR4AEZCyIZB4EAA7HRNdDRgyxlgdqGKDPM7/jIxEjP tiN3vHGjStnPAC2XVkzDCMG4kXTQB2qnVCukQLrTDC3EQiHRs0wQQW3OOZEguLEgG40AH+3RTQ3S HxrPDDPPUw3/ycXojlOdz9lrGaMq02kajwI6oDRMnW+szW9apzmd0Jar1g8t1BE9yxId1AoiGRdt 1BzN1Hat1HdNKXwYxdQizAcx1cXsyH89OfrMFnHLkXRply3NmTNNJW88tcnb0JCLyq5K2Tttx0RR zuYs1Hv8HUj8x9/hDEpNEKRd2kstZw1C2IBNEMM8zKndmWma2Ejpzy6tELVCnXEczjyNrjqN0Art oEMB18Mty8R9C0d90bqB1EuN2hrt3MwN2+Px2gNB1Vid0oMd3eVLpjI92xyMz9gMwAPhuMirEA7N 262Myg6K0ExB1EP91hEN15Gh3Mnt0dDd1B3N3Pad3cgxz/U8/9ir/drCfN1N8S73Zb4g2c+2fcwz LdZ3UsdqPa6q+uDA/dNBsdlxndEQnRYJYtc1gd9Ojdr57dT7vRuEXd3UDdhYTStWUuDupNi0HZ3c jaYE+hu+vdAQftY8Hdw6XhacfRCcTdHHjcTzjcSmHeIjjtfNTeLCQc8p3eT1/NerHRRUAsAt7uKh OeM4Kpc7QdkPjtk+LeF1jN7s7dbu7dYVPdH0ndE0gQCjXd+m/eYarddLXhlS3uR3LuCtzRRU3r+w 3cFquuVX7BLAreMOLeaX3dA8rhacPdydTdE28dnfsdQejteV7tx0bhuu3doD7t8BPt0+Acfi7abR DeMx7ZwdzP/lO17Za03hPB7hmW3hEL3ZnR3fkM7hf9zUHh7iIm7k9Y3pnaHp/g3l2P3f/e0boz7Q fh7QotnSCz7oCRHmEx7c5h3EPV7ctH7mQw7p2q7k9/3R0J3fc/7rjZHnUC7g577pwi4Ul2InVh5M NDqg8D4UrezbiR7OiL7Wi97WZ67hoT3XuYHfR07aeR3u3T7u5K7nTo7idn7stdLufa7sNdoUly3h 047ohw7r7F3cGA7RCiLfjzHwpz3ivI7kecXi7g4X6E7dTv7kKD7l54HN7Q7zB08W0i7m+Z7eFY/z PV7mGI4TP8/hco4QAs/r4t5B4T3zSG8ZAw7g/W3s614lyW7/1jQ/8fRu7+h96PY+GbO+ELc+9PpN 8ER/5CYv3rmdsUtf7OUe5ZweLTHv8BBP9UBh2auO9YZu2RUuHAHP0Uke9ntv9PszJWVP5WVvHpzx 9Od+53te5YQv6nGvFhWv0Dqt3vcuI2O/63Zd2pIU6mZtKWdPGZ9u5yo+FJ7P+I5fFpGf8/dOtWjd Innt7eEu9GcU6gdqoIVP+sEc5did+L7h+XBv+kRx819O6HD6Inpf8HE+8mZUw4Vv+wnh+25h7KDf Fo4r879/+q3O23Dq5cUP4nFO8r4+RDv68Dw66qLx6S4//ScPHzBps5Jz43SK8XjPImJ/36f997YD x21K04I///PMv/QA8azGQIEDDR5EmFDhQoTzajic55DhRIoVLSJMUCPjwY0ZN14EGVLkSJIlr9W4 dlLlwJMoUbYsGVOmSAQ1ahpEkHPmTp49fSaEGFRi0IcPIx41+lNpyD8D/zStAXXp1JgeB3a8mkCr xo9UvX6VmfKlWJhgzdK0abOmzrNt3VKMaFTiQIgG69ql+3Zp06cGn/6VqtesR6xcNXK8Kljx2ZSN WS6GfPBmWraRLSs9SvQgUqRJ5ya9LDIwYL59+4b22VHr1sOHCSdGHVv2bJqVad8O2Tlu3KJCe/su ilvh6YWlAQuvWoOecnrLV79e3Rr5dOrVrcvmnTlv3bl3N/8Hn35D/I0aN06bdvr3OkjCGZsnoLdV PmzD6+3fx58/Zna5ePOCx8s74cgrzzyDxoNKqvP0Y8i55ZzLyiDVnmOwQgsvtG8ouoQa6jMAQRvQ rz/MO8/A8/iKKrAKlzOsvea4soo1DGekcbFbDLrxRho97AzE/37ULjzyRiRxyNKMdCqqJFdc7b0H X3ROvuiiq7FKK5XSMaFbspyRM9B4A8+7Hm8TL0UT0TOQRNMSxNDJreJjDkaOsOrqSjvvFCnLLRHi ksG7+LOLKO76Qw5BI59SU8kECTROyRVfHCi+J+FjMcKs6sQzU00X0jHHgTq1UEAwOeNRLkBjK7O8 qMQjjVX/voYcMkUUHdUPPuXi1Oo9WyWUcVNff8UxRz257BO/Uf/UTkAQPQyNwALNlPVZAtNULz30 alUu11vjhHPC53oFNtwrhcXxU1ArTLY3dXULELfxCvxLTVYPhTbFaFXErzl9u32Q0sSgs0pcgWfc 0tM+Dd7Tz92Q9a/HDntilycEoz20WkRJ8yva/Pql9D3mXvwWMUwHJvk+Tz+toVhyu/yP1GT//FAk LwMlqUwER7T3YvLMK5PNNe1lcKMn4/O3PgpZG7lkpatDuOCUT3662AzHzCzIUX0kyeXd1BXJWUd3 RpTEVUlTb7Qlax3avThh7OqjpJeGmzZh504Z5T2lNlYh/4eB9EymrR/eumtVnSUy1lgHP/FEC53U dddsW1QI3Lgnl7vuYC8vN9RBl4144Zk0DDDIi3Y+SM2meFa0QJ6JpDVBfNfreN9IIWwt4Lcpxz20 pqNG2fIdu9sQZtD3E3NDQrtOdUTXTVxV7NNxbr1a/NR+UKMopRTZtdy3lw3UhBX6HkPgFxY95pE4 FBR48xV6tzzlnx/7fZxhvVb66WP0WLpL5bSUe/8tc9rcBBg+zTXMeIHjCbNo1pCSXMx98VKV8sRm II3R6n7tqR1s2sa2/3XQRsOKWqcKhjc/BWpzCNyPZ6rGn+FVxGbwktfqimQi5yXJftgCFwYjFDAP 9lAvd/97Wu/KRUKFDY87CiTe+Ex1RMFlDEkHQRGiLMgmbO1QQlds23x8aKH6ve46AaxbwohYo2P5 5IgrFFULJzItVX0Niu8DmqxcZ8ELam8+tqPS7bZInQVFkY5fPBmxoLbHzXyGiQscE0XY+ECMFU6K qVORF6+DNPq0R4tXJOR9ZlU2OUqSOsTCXCZNiEINaQZ5qXIKz3p2sdLY8GwWUk3/5BSj+oiyOrOy IRWJYx8COs2W3zEVULajRovY7EzziuADUyeiC8WIQvRJiB5/KRsqKmqXuMQPAadZSEL5pjsoPKX8 3seoPjYKlhiDpsh4uE3hKCghjYInO8k4qKpxU1kubGP/xeKlPGu9EUOEQY/bJlRLeeJGQa38mc/i WNASIhBQMxsJKl1lHHP+sUZ/SABGeQVNaTIUMhbz48/eeUOP3kd9njPk+orJRpyxbpd44ktGd7nB Dm7Sk+1cKHoQWtIqpe9HXAOTTMYDtjMh5KUXOmhUVqNRgubuODq9KW3cuaRrvdJaUeUpbkCXnQ6Z ci9yhOm9MEpSpyYUaJu0DjbT80biXBOrWaVN+fQW1II+9ai4w1f9znpXhqzkLNh0XRQDaz+ywnU6 W5PHURILM7i6860CO2hFW5mxi/jVJV9BqGCrWs7JGtY+8kgsXUA7j8USc5u6dGVN19pPvlpELCx5 LVXy/7pWs0avsM5wxkBy69mz+MC3v62Bbw8ijxoQt5DcAa1x6wpFyj42XPEEa0LfSpaXGCS2Suns O7XLTGZKBbe4rcFuw8vbqfhgIOY972+FOxDl2oW4u2lve6e5oJxtD5dmk65bWwtb6/Z3KtXMbEU7 aTbw6na34BUveZWCXgYD17fGJW6Ei8ve5PKUk9CNW3bFmjPAFtYl1B3LY7DLXXRSdK9mPXB4EZxi Bftkveg9rzweDNqEQFi5NC6ufG1Ztrw6t0I2APJAbDAczVI2tVU1MkJAXN0l/8ScinMNU0UUSRYb 5MC5TXCLS8Lg8xrkwTkuLowNQuMbs5ehSUVtpoJcg/8hD5nNbo7elG+o1oy9tDEtUcmdy+ITyR4U YB4p50Gw/F0Dq1i3Wg4JjF9s3hfLGLQ+sLGZK2xjMuP4l/fl7qbafBAgw3mKJYaniY+TkDzjubqn djKolUrJpY71rAgpcIK/O2hEX4TR6Q1ucIGLY0YTd70QnjCYwSzh+V4z01eCc6c3zWYhk22ZnU2z gA9i2etel886ZW6KkKaVpmTEYocer3hnLegs11ohXF70eikc4UfrOsfEfveE2T3f1aLzTpt2c5Dz DeTRQBe/niQpTBzj368uiNtbiem3MApopzgjMLHG8njDbe6JqNvLXf6tjBkNaRkH99E6lrSwgy1K Hif/VdP6Tnan2ZrkT9uVvkp2TJ7NsiaotHpKSnVUdKCS4nIbuucUR8jGHaxeGFc4zL5OrqVDHm8z /7IgU9XUmts8daNO1mf91mtOFzptEVvbK92mZWuY6m0KqWfQCCa3oYG+kKGLOd3vTrqjk8txo9e9 zMV+SkE0/WZm51vIUfH0VQdc32U+WyEClzlmo0gnb2t07As/ToEFbeBy/9zcLw66mHNM92FLmNg4 njTcR05IDfsK5QZRNpvJVvI4r7a5/SQ1f9silWfu0JJPOXhU0J7ls6vY8gc5R4tvffHhC7f4kP7y 3OUNemCDXJTPEAj09S6u1Pf9D2u26uu76KjSXwbs/wvfdoI+ElCJw3rcEQe3Qs6x/hqwn/2etbh6 h8txzs+d7pCWdPMZCv2DTP/e+062vrOXwLOmSOqxOmsnbvuLpSK7b2lAppK1b/iG3JpAQvu94Hu/ gQg+wxq6g2Aw+2MvzLu1eRO2zxsup6uB6Nu70+M066M5kELAAxSp2Vg8b8M5mbo5BfQuK5M8WrMI DGw/hNhAnjK+oMs1ChO9zfNA5DtBJBy20fOhgtA76VMzT8M3Fhw17kOrs/k2ivKx2XObbtMoLQIY hPiGcFsx3/tB93M/Ikwvoss14Yq7eBtBMhuzOawx5/MgKVRB/1MzvhOyqeO3IGurXLoqZ+M+11OM M/98J6u4uozKuY0yvwo0NAnErQmkiPVjQw0MwpLaOHcTuuTDv4/ztTBbrxWyw3lTOkKiwhR0xSrE PkBEPRu4vra6Kz+ire4DC0Y8CAlkRF48DPCDRI0oDUjEl42QQMo7Q0tUsV+cCCBsvyHMKs1LN/NS vi+ju6RDisUKLW6MLz38nz50RT9EthZEiADERX86xNXjMYuiCl9UCGDUnzwKmUqqj2WctUFLRmdk iDaMRmhkqE8sQkVLvo4bRXcTreSSCBrLjPiapin8FX3jNCw8Kk66F62boy8UiWWsAX40CGc8QzqB EfDDPbdBDF9EyUsEL3jsyH7EwJfkRLjCvCOkSWv/pLGDxD/SWqyHSKzQIi3SCjajY0X+ExiqC0Cq u7BMEymQqqavAEaU5MiO5MhklJKMsjmBmpOEWMZ97MWtXAhpBMIM9Ci3K8Im7LWDHApHU6yIeK+g WkUUHJjTo7p6qy8T47BX0siRYEl45MqBSMaWdI0Neibb+cheBEyp3Me/7EdO9McOWotE88A4JEtH Q755A0r2cojRUqwI4wxw3MNWnDavw5PqyzYuNE05K0135Am+bEleTMyPlEcyvCP+QUa/hE2+nEqW fMaw/J+b8E2Q+MQui8MYc7TOiwu1bBmdDC0VgsIo5D8qjC3LGk1zZK4sLMC6jKzCWwqvtE3d/MWt //RFB7SU2ay9qTRMwORKefxKadyenHBP26gIdJPMI+y1CoM0h/ABtoyI/OTJ0uKNb3w+FYQ5PEu8 ktksSIouu1LN7bxNqTxM2DwakdQe/UHMB+1Ov/xOefrNDbUIB2O7GFNC8/pJiNC4ER2tbsxM/Swo EBM42YOsdbSm7iKxBe0J1szNxPRKqkyn/Qk7B73N3LRNH2Wnx6QM+Ky4N9Q1EZQw5CNRtsxPofBP E9VJujo09OuhO4s9uDFAxZnB/fIJefzODA1S8PyGLLI97LlQC0VJrVRPW5oMtRiIN+1QgfQyi/O4 zEwsRmNLn1zOFP1JlarS31saLA1NxFMafwMrBP99izYVUsPM0JDMIUyKRwz1UfAMUgv9pclwT5JQ N7dLUvSqsD1VUTQaJs/hQZ+7sv+xtj3bs4HJTkQcMC/dCdds0NdszUttVEyqRzN0UFp9UMUsKE2N U06NTOHMNco0ikebh/u8Q8wsip0MDolAPwssP9zBUrJoURddmhnsrryMib+8UagEUyCNph3lVTN8 SjL1qPeU00Qbvk91O7XMzyfFP56Er8C5GivTV7RLP8qRuSXzq1Z9UZozKkU8CxwF1191TcVkVJAw z8JszaikineoAYoFlk0lUmKtyeKDu4Z8t7ooLRQ1Lu04u2nV1+0hUOoSzQwLKS1cjIUV0r3s1Yb/ LQlLZU1M7QmLrdh30Flf0Yl2HYlbk7937cltXEgSTdZmjVbKozwWkzxrPbWY4zr/eblFtVQMZVRf 9cifWFialQmeHQiw3VlbgsPMM6HRWj6eTIrSWhdpDdRqPdnJWYlr7brLWruL0NpwRUyopNTVjFnd VAqKtVjBDVt5Oj5320+07Y6d3MYlQgoLJLRCE1SlGTgRs9u7xVvcrNCnhM2u/FIxBdbAFduKDdvR JVuCTNIlCra1lIuRPSBp5Tm1873JFZfXmtvLFVjM1UqsBdwK3VsxnYqo9NqY4FnBFVvCJd1tKsuG 4KrdOIADqIHnLSWu4cFYm1249VfYul1T092K/+BckDxPIB1e4Rjc4h1b04UrU+2Q530I6B0m6i2/ HrRS7tleU8vd7uVVde1aMD1P/QDb0TVf3uKQ33he6YXeA/CqhOBX2s1e7a1c/MXbzu3OrLWQwU3e C8bgrDqk6C1gh4BezVCWNIxbDyoLQoVg76XV7xXec82PAD4IwkVfniIVDkZgDzYluZLcK5tfVcXW E3bYwzTPrm3QCilfGO5ZBcsMBB4I6aXhD0GiyXtaHzasvWRYILbVC0Fe4zU3iShgDvZgJj4VBZ48 KW4xhqXiiM1VBtHi891i7kBg6Z2HLn5iMu5eX41YzbUSnY3hWouILo7eOP5jOhbkmbVRCa6S4w1d u60p4A9e4jkmpIAAADs= ------=_NextPart_000_0008_01C71EAB.7BAB1900-- From owner-namedroppers@ops.ietf.org Wed Dec 13 09:53:20 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuVU0-0002nR-6v; Wed, 13 Dec 2006 09:53:20 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuVTv-0000mc-SH; Wed, 13 Dec 2006 09:53:20 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuVKe-0007A5-J7 for namedroppers-data@psg.com; Wed, 13 Dec 2006 14:43:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [217.155.92.109] (helo=mail.links.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuVKY-00079O-LB for namedroppers@ops.ietf.org; Wed, 13 Dec 2006 14:43:36 +0000 Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 31AC933C21; Wed, 13 Dec 2006 14:43:32 +0000 (GMT) Message-ID: <45801197.5040901@algroup.co.uk> Date: Wed, 13 Dec 2006 14:43:35 +0000 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: Jim Reid CC: Florian Weimer , Edward Lewis , namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <87ejrcviqx.fsf@mid.deneb.enyo.de> <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> In-Reply-To: <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c Jim Reid wrote: > On Dec 6, 2006, at 21:04, Florian Weimer wrote: > >> The main reason, IMHO, is that a potential successor (which has to be >> decoupled from the current DNS to offset itself from its security >> issues) would hardly inherent most of the legal privileges DNS enjoys. > > Perhaps. Though I'm not sure DNS has any legal privileges. DNSv2 would > surely be doomed by all the layer-9 goop it would attract. Governments, > regulators, lawyers, industry groups and all sorts of non-technical > organisations would have a feeding frenzy about who got to control the > root, where the servers get placed, who gets runs them and how they are > policed, etc, etc. What root? ;-) >> Nobody except a TLD registry operator can get away with such >> large-scale trademark violations. This card blanche extends down the >> registrar/reseller pipeline, and it's very hard to compete with *that*. > > I disagree with your premise but accept the conclusion. Registrars, > resellers and the intellectual property folks would scream very loudly > if there was a viable replacement to the current DNS. > > BTW, TLD registry operators don't "get away with trademark violations". > They're generally innocent third parties. Validating trademarks is hard > and expensive. [I've just spent months looking at this issue with IPR > professionals for a new TLD operator.] Even if an impostor registers a > trade mark, there are a variety of methods for the true holder to gain > control of the domain. This is now way off topic for this list, so no > followups on UDRP and suchlike to namedroppers, please... > > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: > > -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From ealinetsougwtm@mishablairwedding.net Wed Dec 13 10:21:39 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuVvP-00019K-IF for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 10:21:39 -0500 Received: from bsn-61-87-76.dial-up.dsl.siol.net ([86.61.87.76]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GuVvG-0005GT-EH for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 10:21:39 -0500 Received: from mx01-dom.earthlink.net by BSN-61-87-76.dial-up.dsl.siol.net (Postfix) with ESMTP id 86E48893BA for ; Wed, 13 Dec 2006 09:21:40 -0600 Received: from unknown (HELO irgrmbeoyxwu) (213.203.132.108) by mx01-dom.earthlink.net with ESMTP for ; Wed, 13 Dec 2006 09:21:40 -0600 Reply-To: "Rubin Skinner" From: "Rubin" Message-ID: <4775632348.20061213092140@irgrmbeoyxwu> Date: Wed, 13 Dec 2006 09:21:40 -0600 To: Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 1.7 (+) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://godayfreshge5.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.e more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From premiersurface.com@gloomba.com Wed Dec 13 17:36:04 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gucho-0003pp-2I for dnsext-archive@ietf.org; Wed, 13 Dec 2006 17:36:04 -0500 Received: from [212.200.175.68] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Guchi-0004rU-Tv for dnsext-archive@ietf.org; Wed, 13 Dec 2006 17:36:04 -0500 Message-ID: <000001c71f06$b9c04980$0100007f@localhost> From: "Walter Cox" To: Subject: Three Steps to the Software You Need at the Prices You Want Date: Wed, 13 Dec 2006 23:35:48 +0100 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3610 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.100 X-Spam-Score: 4.7 (++++) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c T0P 1O ITEMS N0W! $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $99 Macromedia Studio 8 $59 Adobe Premiere 2.0 $69 QuickBooks 2006 Prem. $59 Corel Grafix Suite X3 $59 Adobe Illustrator CS2 $129 Autodesk Autocad 2007 $149 Adobe Creative Suite 2 http://vinni-soft.net/?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t0 See more by this manufacturers: Microsoft....Mac....Adobe Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://vinni-soft.net/2442.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t1 Sales Rank: #1 (98584 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://vinni-soft.net/2441.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t2 Top-ranked item. (22761 reviews) Macromedia Studio 8 Retail price: $999.00 Proposition: $99.95 Your benefit: $899.05 (90%) Availability: Can be downloaded INSTANTLY. http://vinni-soft.net/2348.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t3 Best choice for professional. (46862 reviews) From Coolest@antisocial.ru Wed Dec 13 18:47:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gudoq-000605-0q for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 18:47:24 -0500 Received: from [189.128.76.139] (helo=dsl-189-128-76-139.prod-infinitum.com.mx) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gudoe-0006yG-1A for dnsext-archive@lists.ietf.org; Wed, 13 Dec 2006 18:47:15 -0500 Received: from ITcqMG (unknown [182.132.71.63]) by antisocial.ru with ESMTP id 7A34C9022488 for ; Wed, 13 Dec 2006 17:47:36 -0600 Message-ID: <000901c71f10$fc47cc10$00000000@MAQUINA3> From: "quotquot quot" To: dnsext-archive@lists.ietf.org Subject: Tennessee Texas Date: Wed, 13 Dec 2006 17:47:01 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0005_01C71EDE.B1AD5C10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 4.1 (++++) X-Scan-Signature: d9238570526f12788af3d33c67f37625 ------=_NextPart_000_0005_01C71EDE.B1AD5C10 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0006_01C71EDE.B1AD5C10" ------=_NextPart_001_0006_01C71EDE.B1AD5C10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Valuable tool my private. Vader dadmore star wars psas. Work thomas onealusing services discovered case. Rate member, loginuser = sign upforgot username password whats. Ago category musicfrom ratings. = Laughs wanted retake, untili saw friends were. From well remember them again long. Free searchable database of, over million, us photos. Videosthe heart = steelstar trek. Arkansas, california, colorado delaware florida georgia = hawaii. Furniture design month arts. Info need right, here read. Copy = every valid data. Someone used, another state! Access electronic format, = your. Log advertise director videosthe. Thomas, onealusing services discovered. Matt peoplefrom walking at. Darth psa funny comedy. Battle elements, ii orlando men. Free searchable database, of over. From well remember, them again long! = Channels groups amp infohelp apissafety faqcode infotest. Doe featured = earlier performing diving, rolls? ------=_NextPart_001_0006_01C71EDE.B1AD5C10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"Wisconsin"
Valuable tool my private. Vader dadmore = star wars psas.
Work thomas onealusing services = discovered case.=20 Rate member, loginuser sign upforgot username password whats. Ago = category=20 musicfrom ratings. Laughs wanted retake, untili saw friends = were.
From well remember them again = long.
Free searchable database of, over = million, us=20 photos. Videosthe heart steelstar trek. Arkansas, california, colorado = delaware=20 florida georgia hawaii. Furniture design month arts. Info need right, = here read.=20 Copy every valid data. Someone used, another state! Access electronic = format,=20 your. Log advertise director videosthe.
Thomas, onealusing services discovered. = Matt=20 peoplefrom walking at.
Darth psa funny comedy.
Battle elements, ii orlando = men.
Free searchable database, of over. From = well=20 remember, them again long! Channels groups amp infohelp apissafety = faqcode=20 infotest. Doe featured earlier performing diving,=20 rolls?
------=_NextPart_001_0006_01C71EDE.B1AD5C10-- ------=_NextPart_000_0005_01C71EDE.B1AD5C10 Content-Type: image/gif; name="used another.gif" Content-Transfer-Encoding: base64 Content-ID: <000401c71f10$fc47cc10$00000000@MAQUINA3> R0lGODlhjAJ0AYewAAAACXgFCgiFAIGLDQAKeHcFjgBzcczBtrXcx5jL4zceAFIfC3MRB6kVAMIX BuMSBQBKAC5GBUNHAllJAIBOAJ5GALM4AN4/AANTAC5nADxZAGFdBnNoDJJuALJTBuNkAAx0ABhy AECCAGp+AISLAJx7ALF2Ct+MAAyiABaXAEuUC1KrAH6kBpahDryqC92nAADAASm/ADzOAFa9AH+3 AKPDCre1ANe3AAjtAB/eADnhAFPoA4DlAJLhCsrlAOHpCAAARiMARz0AQF8FRYEAOZ0AMrMAOOwN RwAjTRoWPUgkMVUaRnMbTJomPsouTuotPQE6OyVNNEpCPWc+QYBNS5E9Tbs3Qd5FQgBRQyxnPzVu QV5sS4VoDJxRRrFmPdRlQA53RhuDMkuFSF6MMnyERJ12ScVzQOqKPQSWOhaZTj+jPlqoTo2iTKWr OceVRuGpSwC8Mha5Rjy2O261P4y9O6LDPb/DNuvCMgvZMS3SPUvaQWrtRorXTZ/mOLfWQtvWQgAA eBcIekgAjlkJeo4Ai6AIhMoGi+MAggAXeCsqhEEhd14ufXUiiZgTf7MWgtogcwJMgylNhktMeVwy eoUyipgydbc8ge41ggNXiyJZfzlfgl1pd39miZxufbxaf9xXeQB5iyp0dUN7h214gYyIgK1/hryH i9iJdACXciaRekKUiV6gdo2XdqKZf7eahNWYgwCxiSi9fknCdGvLgH2/g67OcbK6jem2hQHmixPU fzjcgVnUeXXqcaTshMbnd+LocQcAsiUNzDcAxWoAtnoDtJEMs8sHtd4LvwkTvB8dszgTs1UivYYT tKkatcYRw9oXtABJsxk7yDM/wmpGzXpBsa4zyrU0ytdNuQpXsxNou0NTx19awoFnxaBjycRdw99p uA56yhGJxzSCtmiCzHF9t5V3ycSNveWKxg6VsxaduTaZt1qZzXKft6auyr2VytakvAO5xhbCvzbA ulPLx3m6upu6vf/z+KeXloCAhf8AAAD/CfD/BgAA+/8A9g7/8f/5/iH5BADowX0ALAAAAACMAnQB Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPK7Givps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWkM7Nq3cq1q9evYMOK JXm1rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDUccqXsy4sePHkCN/RUy5 suXLmDNr3sy5s+fPoEOLniq5tOnTqFOrXs26tevXsGPLng1ztO3buHPr3i2Utu/fwIMLH26Rt/Hj yJMrX86caYDnzaNLn2744vPrzxteT4i9+7/u2QVi/y84fiB4hOC3fw8PUf3B9OnRs8/onrj9+/jF Jr1uk79P/zoBeJN/BApoD3b9QXeggjgZmGAARTkYIIMLQjihhU1JSN2GHHaYIYUL/qRhhRc+WCGD 3dUkIIgqsqjUiANSCCNUM3po443JUVTfe+Wt5x1585nH3nY/+pjdjtwFKWQARoZ3XpNKElQffEtC OV98BmFZpJVGStnjeU82WaWP4kWZ35lo0oakl0y6t2aZTGY55JHegWmmnHHi2SWcfJLJ0JTqBUqn k4TG+Sagbc45aKKGDgpnnj2SKWijlKZp6aWMHTUigAVimBN8EHIKHX+jhlqqpz2B2qKpnkpYI4km rv8qq6isxvopirha2OmsucIqq60F/uoijsQWe5SOijra55t+AlmppOMReaez8jHKJqLaXakon24q 2yy1ffo5KbfbYjumuKDmiem67G6lKYikwvdribemKKyC8aLKk4b5NgjevKnK2CuJtPrK78Cw7kpw rysKjGGnpw5r7MQUR2Vgv/RmHKO+CeN7alAH13qhrhJvbPK9Ii/88LAFo+xywQ23OnCK9lZs8806 VYTtoXeu6XOU4wrJo7psfgsus0WfO2631oYLbrNBL12utuoyvSSjRLer9daNWQ31s0OHrefY5f2c NblVF+p0kmlDqrbX0pq587boVhr02nEnbTTSXPf/7XdLWD5KtZJmi/00lNUmvmOYYrKtt9RuRx6p s4VSvWyyket9NdFen/v356CHfh/fopdu+umom6R26qy37vrrGDEO++y012777bjnrvvuvPfuu0c4 By/88MQXb/zxyCcP1e/MN+/8bFIJIL3yTkkvAFHWU6/99nJZ7/330+uU/VDfGwX+9T+Nz9T53pPP Pvrmhy+U+j3Rz/39+K8vvz3229R/+vubn/z+hxMCKsWAPkFgURSYEwbyL4D5i6DyMGI9glSQIxeE SAYFIj2XbFCDHdzIBxkywoOU8HkoTOE/Nsi+gVwQfArJIAxNGMKEfM+CHWyhC2dowxru8IQr9CEO /wXAwRzyMIhELOIHz/dDIQJRhVAE3VLo174Hoi974zNgFsP3PwRicYDTq+IWrwjBAgbwi/AzYxrV OMbrqW+MVvQfF+foxv05UIJ4tBkFfSjDEFbwiUNUIgmFGEhBIvGQguxjEnu4SEQ6cohMROILazhJ IirSkX+kpCYbGcVO/o6Fm0zkDWPox1HScJE3vOQhL6lKRhbykT8kZSgNmUlUGtGWlpwlLD3JS92B Epe0PGJBFOm9Uw7zlrFcZShbiZBfJvOYnIQmMIOZS2CyUoe77KU22TVFO4KRjGusovggKM6b2A+N cgRnHGuCTnaW0ZzehF8X3+nOb6aznuuM4xvDSP/PO+bxn8XaYyNVOUIglvCEziQoMkU5TVc+86CE bGIpp1nLWF4zmtvMaO+cSU1EGnSihjRmRy+azFpi9JUMbWZElVjJkLb0okns4zM1SlPXcdSjE/1o JQEZSZYOdKGYFKZBClpMlbbwpUckJid7mtSV1vSpwhmeP88yVYBa9arHo+NdqorVrnq1YuDDC1e/ StaymvWsaE2rWtfK1ra69a1wjatc50pXuUL1rnjNa0g+wFeN8PUDL/lrX/VK2MKKRbCD/atfB/sR xSbEsReBrEAki1jADqSyiDWIYAmiWMx2lrGQDW1mL8vYf1C2tIZN7Wwc+1nLYkSyHYFtQWQ7Edj/ itaytKUtaW9rWtTu9reTTaxwXXta1/bWuKpNrmtOe9zFIpcjug3uc2uLWtaWVrbRPS5o+xpd6+J2 uJwl7nXHO13lmlcrR/nrTjx7E8TixL32UK9geQLf+PLVJvKtbE70a1/11oS/771ve+/r3wF/IMAH pi9885tgnTCYwAIu8H4F/F8K97euGP6MhA2cYP8yGL8RPvCH1wvhDlPYwxaecINHPF8SN7jCIk7x hQ3ck/zCeMYOhrB9Z7xhGoP4xT3OsJDtQhHd8vbIvq3sY7cLWN42d8nfFW+TfRtez075ubal8m9b q10lN5e7V95tkslb5fOauSvplfGNb1zgEXP4/8Uq/jGOUQxnBK/5wkGWM417vOE8r7nEOM7xg+tc 30BL2M9DTvRg8tzmEuuXzy12sZwbbeI6+5jSgY7znmXcZzXr+dGehrGjLX3nQ1sY0YpOtV8YfWJA a/rNpJ6zq3kcalqveNaCtjOk4YxoSuNaxaNW8K2BfOpaq/rYZqkIc5E8Xex6WbNMfvKTs+vdLWtZ urMFL3DLDGUxhxnKUhYvt89M7uBs9svRlra2wXzl8nJ52tXuNrbjjZAsSxnb0C4vvqX7bXlLG97G Le64y03wliiFv5gWdbHpLGoXL7y+hdazwiWeax8rnNS9fnh/MWvxTkf6zoY2NrJHTpWCm/zkKP9P ucpXfhGSu/zlzWG5zGfuG5jb/Oa7obnOd87znvs8ijgPutCLlY+iV6Xo+Ri60pfOFKQ7/elGpwrS jTJ1nlSdKFC/idO1HnV7XN3rXWe62JeDEaQTxOwhQXtE1H4QtjsE7Wp/+kDiXvSz1/3neD/TUr7+ 9aj0PSh/33vYq/50m1yd72Efu+KNU/a7CwTqjv+H3BUC9bk7fvKSlzvk2373ynM+HwYxu+fpDnrL lz7vqCeO4JNueMJHfeqBr0nXXc962L8e8azfie1rn3jZ9373YPd97nG/+OJXjPjCB/vwe68T2iu/ 9Unve+yTP33o5wT4wE++9Y3Pfdw0/vSZP73/6C8f+YJsPvzof3zd3e52868f86EvP/rhDnrS2x38 qc9/zZWC/OdDnvnPF4C7l3XSB4DaB3nN93tGR3uHN3gG2H0Q2Bz9l30+0YC8F33MV4C5l4AbqHwd qH1ch4HLZ4EhGIEm+Bnfd3+ml34LYX/zJ38sqH74534z2H4yqIIsCH/6t4Oow3YuSHefJ4OlR3/i V3/lZ4MrSIQJoYQ3aHpFCH5IyINSmBqrV4IgmHW6h4AB6IG394GFd31dWH1cuIG4N4JWeIJomIZq uIZs2IZu+IZwGIdyOId0GDxTeId4+BF1uId82Id++IeAGIhzlYeEWIiGeIiImIiKuIiM2IiO//iI kBiJkjiJkSiIlniJmJiJZUWJnNiJnviJeaWJoghzoFiKpniKqJiKqriKrNiKrsgQoxiLsjiLtFiL tniLcPGKulhYuNiLvviLwBiMwiiKu1iMeDWMyOhVxriMzNiMzrgYyRiNVvWM1Ah00niNElSN2riN 3NiNNDF0m7AJeRGO2OhW4XiO5EiOOqGONYGO9oCO7IgT8CiO7ziP9WiP9ngT8GgT8XiP7hiP6QiQ /ciP7kiQ52iQB9mO+8gTAbmP+ZiQCkmP/iiR+riQ7KiOA1mO2kMR4WgQHXkQHzkQHxmSIUkQJLkJ /1CSBVGSJymSKCkQI/mSLumRMpmSKHmOJv+pkjApkzE5kzbpky0Jki+pky2Jky45lDxZkzs5kz3p k96oUUSplDvJkkjplDnJlFJplUGpkh3JlVJJlTYZk1EplCt5k0m5lGhJk2nplF1plOj4kwtRlGZZ lk/ZO0cxkBlZkAq5l3wpjxIZkAxJkRdJj/0ImBWZEwLpjxFJkX15mIc5mH2Zl3/JmPVIkIqpmBnp l5apl46pkWc1j+KIl4Q5mYuZmQ+Zj42JmoUZmowJmpW5maxpmJ05m5WpmguJmJPpkBYZm6z5mj1x mpTZmJ5JVqKJm5E5mr5pnJq5E4mZmI/ZmpTZnLyZnMIpnIDpnL9Jmsv5nNcZnNuJkOvoncP/eVXF 6Zd6iZHIGZ7KqZ6W6ZurSZ3luZfoWZ2SqZnzWZ3rGZ/tOZ+ZSZu1GZ3iOZ7Dw5FfqZRgCZdBSZcK SpZseZZo6ZUM2pRNuaATWqFVGZcOepUKKqEOOqFAaaBZWZdRFJVvCZYlWpNjWZbwqKFreZJGGZY4 CZpHmaFWmZMvCqM02pYN4aFr2aNwiaMfqpZpqZMiWqRfQaRbgaRGmkKg2aRO+qRQGqVSOqVUWqVW eqVYmqVauqUruqRe6hVKChNh+qWsI6BmSjxkmqZquqZsmib8wA9t6o0AMKdzKhB1OhB1Sqd0iqd6 CgB82qf/sKd26qd9KqgHUaiDqqd/6qeJ/3qnhcqoDPGmBfGmlIoQlCqpAnGpcGqpl5qpmgqnn4qp BNGpobqpoyqqmKqpnjoQqLqpohqnfYMUc2oTszqrtAoA9mCruYqru3qrNaGrt8qrveqrPqGrtSqs xoqsyjqsQ/Gp9vCmNgGtOCGtz8oP1Rqt1poT1Aqt1Kqt2boT3Xqt4Lqt1kqu4nqu0hquZzoxFHGn BeGugUqokOqo88qo8Nqog0oQ93qo9RqvfPqv/moQ+5qvBtGprGqqr3oQktqqBWuqp5oQCTupDvsP EXuwqQqqCIuxnnqxqwqrtzOw8Jqn/RqwAbuvikqyKIsQ7iqyAFuykKqvLwuzClupB1uzCv+xsBnb sDMLsRMrsT7LqRzLsBfLsRTbsx77OiD7siJ7svHKtI/qryzbsgmBqE1rqC7Lr4Aaqa/KsDNLtEWr sw2rqjbLqT+7szj7tR2Ls2fbsUe7NUcBrMT6q7h6rDdBt3FLrHpat8LKE3Dbq3Brq33LrM1KqTVh rj3Brd+qrulKuOqKrYf7rYULudOarZeKrpRLuNVquOtaMe0aswSbr/QKsCvrufQasp4rsKRrr0qr uvw6EWfLtTyLtrI7tl9bsWy7sw9LtkW7tmhrsAbbtn8jq8s6rIA7vMkqtzmRrHsbuDjRt8eLvNDr t3urtzyBuJYbudiLvZp7E+bauNk7rpP/W72Ja73ZW7mZO76bq0cVkbX4+rlQu7pVu6ejC78LYbLw 67Qn+7Tua7E0u7uwK7b+a7QbW6mhmrtd67C2K7s0C8Czu7UCDLy6mMAQPMEW8ain2xISTMGLmL4c 3MEe/MEgHMKCocEkTBsifMIxV8IqvMIs3MIu/MIwHMMyPMM0XMM2fMM4nMPPiMI8nCM6/MO10cNC nHNAXMQsMcRInMRKrGpG3MSwOrBOfClv+6jUG6x02rx5u6t9qsVbjMVZXKhWbMW8SsVePLfPqxPM e8bHusVUfMY90cVlfMVcvLzTu8TFcxFJK7OfO7opq8etC7ojS7J8DMV6bKhJC8V8DMio/7vIffzH jSyziUy1UQw79pvIV8vIjozJUSvIrIvJU6u6oauyF1y6rGu/i3yveby/73q6S3vBk8w6lRzIobzK n1zLirzHnUzL9QvKuezJhSyomyy17evHfkzIjdzKr9wuSvG3Y9zMWSy4YgyszDvHzizH0Bu4ZIzF yGu3aFzHvpq3xcvGYGzNQOHG2qy3ymvHZsXM12zGVQzO3hy9yVvH3NzO3fwTxSu307zPcvzF9PzP 0zzPd3vOAq3P8azO6ru+MUu1s2y6j/zQpoyys0zMokywTOvLMEvKqmzKxlzMo+zKg+zKyax6SSHN dMysauzOO8HPBY3Swyu9+NzMwcq3B//tz/lM0Hh70i190/Kc0tCM0DeDx/R7y7isqPqrysIs0fI6 v6Rstfg6v1jr1FLL1PKLqJaMyPib1FkrySPd1Z3r1VKciQEN1GRd1koH1mhdEWa91oWR1m4dEWwd 13I91wP61nZ913id13qtEXTd13mx14D9D3492IRd2MwR2Iid2Iq92Izd2Dds2JDdFo7t1pFd2Wkx 2Zid2TVs2ZxdFprt1Z0d2qI92qRd2qZ92qid2qq92vfz2V3N2rDNE6490rFd27Z927id21Mx1qPB 2yt90Dcy1r7922ks04Yx3NcIxvLMG8iN03TB0+UM3LvtzdA9FMJt3IFR3cstFTzd3Kn/9tUWLdK/ 0dG2/BXkTdElkcrnncl/vN5aMdEt4d4oN8U5bdDKas3PDMdVTLz4/czvXM3YvcbO28UE7s/t3M82 rbwITs7ovKzizOD2PcfdvOAKft8QbsH9DeHUbLzYHc1ibM/8XdwUjs0YzuEiftPhnM/iTM0ePs8j /uEjbuEAbtzefRzgfbWW/K+hm+O4jOOBLLryquP9KtWJCsiyHOQNvdQVHdJa3cmhzOPh3eRHfso/ DuSlXOVRnuWVTNRRu+O93OPAzMqgHOXwzcntG9EhfeVNrssuq+RLu9FK/r5ITcnsu8kcvdBYzuQe HdVgPuQg7ed7ntVETeVCvua6nOTt/53nQ33nSX3Jco7UiO7oLWvnvJy/Iq3nx5zLXq4QkRzmjIzp lO7LnU7mim7mVStFRkHiG27f1czq/5zTKa7hBr7NDl7Ttb7fa9zgV8zM8PzNyl3G9b3qBW3OgkvG 4/zS/+3r+h3s/L3dx2vs2ezfccvNqu7SB07dv07s3a3SMO3s0/u8KM7tsS7urY4jNw7JqSvMwezI qBzku4zomK7J7t7nUO7QXD7vDPHkX57ohg7nhQ7pmo7vFW3qZR7vi3rR/n7v/J7l/Z7R+w7vgJ7w k+7kaq7wnS7fppPHel7VCn/oXT7vWD3xbQ7REd/njh7MpTvy9U7xDK/epS7yKZ/yn/9e8i5f5JJu 8j1O8One8R4P5Dev8wUf8GYu8xQ96j7+7xyf83ZqOy5vyFvt9EQev7x88OUdvwcv8A4P308f3p6e 9ZVe6aJ81a3850udylTfqE390U6P9gMv9Qwv8lbv84sa9pGOumvf5mqv72zPyUg+slx99nXO8pJs 1VOOp7F6HDVOGIm/uYsf3UvR+EoH+dkt3SIs+W9M+cWK+dGBHxjfGOwLwZ/vEZ3P5rNd+rCh27Ft +qq/+m2K+q7/+rAf+3PN+rRf+7Z/+7if+3ol+7zf+7Ov+8Af/K7o+8Rf/Agt/Jtt/KGN/Mzf/J+o /NAf/Sfs/NRf/Y8o/dif/dq//Xv/aP0uzP3gH/7I6P3kX/7mf/7on/4nIf7s3/7pawDwH/8GwBTy X//zbw/2D/84If/7H/86ARAGBA60V7AgQYMJFS5k2NDhQ4gRJU6kWNHiRYwZNW7k2NHjR5AhRY4k WfLhP5QpVa5kmXLgy4EtZcqECRNlzZcuY6rMyROnQJ0GZg4lWtToUaRJlS5l2tTpU6hRpU6lWtXq VaxZtRLl+NKg140IGYq1JxbmV7BoBapla9LtW7hx5c6lW9fuXbx59SYki7br2oZ9EZ49mLYsYL4G 2u5l3NjxY8iRJU+mXLcvyMuLCys+bNZw5sScK48mXdr0adSpHTvdWdSm0dYsY//b/1mT9uvbQonO 3trb92/gwYUPJ17c+HHkWXnL/un6p+7ZtW0Cbb18pfXk2bVv597d+3fw4bdiD1p+9/ObQM3nvt2+ uvqh5MXPp1/f/n38+YlrJFuzs0LQNAPwp9A6W8sz0RwKUDUGG3TwQQgjlLC/swRDLLALB/SvwP86 9FDBDCUUcUQSSzTxRMxC/M/CBMdScbOHBgMMwYgWRPFGHHPUcce4nuItpujgo0nI64gsEjr13jPy SP2adPJJKKOUcsr4jASSSPmwI2+52H7UjUowwxRzTDLLlOmvC2UUzcYPNYxRRQpp5HFOOuu08865 npuRQIgCXDAzFnESEE9CCzX0UP88BdXwxYX8ZLRNGBslbFBEK7X0UkzpMnNTTjv19FNQQxV1VFJL NfVUVFNVdVVWW3W1yUxjlXVWWmu19VZcc9V1149e9fVXYIMVdlhiizX2WGSTVXZZZpt19lloo5V2 WmqrtfZabL/jdVtuu/X2W3DDFXdcchfK9lx00z23XHbbdffdjdSVd15667X3Xnzz1Xdffvv191+A AxbYPngLNvhghBNWeGGGbR34YYgj3q9hiiu2uFCJM9Z4Y4479vhjkEMWeWSSSzb55DMvVnllllt2 +WWYKUZ5ZpprtvlmnEGNeWeee/b5Z6CDLjFnooteVmikk1Z6aaabdjoio6OWemq7qqu2Oqmns9Z6 a6679vprsMMWm8Sryzb7bLTT9nhsttv+Vm2443bSbbrrxlVuvPPWe2++h7X7b8ADF3xwwgs3/HDE E1d8574bd/xxyCOXfHLKK7f8cswz19zYxTv3/HPQQxd9dNKB3vx0zEtXfXW3UHedctZjl92j12uH fHbcc9d9d9579/134IMX/iTbi+d7eOSTV375to13Pm/mo5d+eup9fv567LPXfnvuuwe2evAB9358 osM3n+6AAAA7 ------=_NextPart_000_0005_01C71EDE.B1AD5C10-- From owner-namedroppers@ops.ietf.org Thu Dec 14 03:12:18 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GulhS-00039y-MB; Thu, 14 Dec 2006 03:12:18 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GulhN-0003f3-91; Thu, 14 Dec 2006 03:12:18 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GulYd-000AHC-7Y for namedroppers-data@psg.com; Thu, 14 Dec 2006 08:03:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GulYa-000AEb-IN for namedroppers@ops.ietf.org; Thu, 14 Dec 2006 08:03:09 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GulYh-0005v0-30 for namedroppers@ops.ietf.org; Thu, 14 Dec 2006 09:03:15 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 68DE644B6; Thu, 14 Dec 2006 09:03:02 +0100 (CET) Date: Thu, 14 Dec 2006 09:03:02 +0100 From: bert hubert To: Roy Arends Cc: namedroppers@ops.ietf.org Subject: Re: Noah's principle Message-ID: <20061214080301.GD6791@outpost.ds9a.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 93238566e09e6e262849b4f805833007 On Tue, Dec 12, 2006 at 12:22:52PM +0000, Roy Arends wrote: > or impact of attacks on DNS, is repetitive and old, and has less > participants every time around. I'm going to apply Noah's principle for my > own involvement these particular Namedroppers discussions: no more prizes > on forecasting rain; only for building arks. I've pondered this message for a long time, it took a while to discover that your analogy is not very apt. We "DNSSEC-doubters" are not predicting rain instead of building an ark. In fact, we're not forecasting rain at all. To the contrary, we are wondering why people are proposing to build an ark, where an umbrella will do. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 14 13:30:03 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuvLH-0003OB-R0; Thu, 14 Dec 2006 13:30:03 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuvLE-0001yW-HA; Thu, 14 Dec 2006 13:30:03 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuvDe-000G0j-KS for namedroppers-data@psg.com; Thu, 14 Dec 2006 18:22:10 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuvDU-000FvB-Qu for namedroppers@ops.ietf.org; Thu, 14 Dec 2006 18:22:05 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id F20AA11429 for ; Thu, 14 Dec 2006 17:49:14 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: Noah's principle In-Reply-To: Your message of "Thu, 14 Dec 2006 09:03:02 +0100." <20061214080301.GD6791@outpost.ds9a.nl> References: <20061214080301.GD6791@outpost.ds9a.nl> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Thu, 14 Dec 2006 17:49:14 +0000 Message-ID: <15952.1166118554@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 > I've pondered this message for a long time, it took a while to discover that > your analogy is not very apt. We "DNSSEC-doubters" are not predicting rain > instead of building an ark. > > In fact, we're not forecasting rain at all. To the contrary, we are > wondering why people are proposing to build an ark, where an umbrella will > do. nothing less than this "ark" will improve confidence in dns results to the point where every new application won't need its own end-to-end security model to ensure that dns hasn't been used to spoof them. i think the useful part of this discussion has already gone by; either one believes the vision or one does not, and i don't expect any new converts in either direction. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 14 17:45:01 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuzK1-0003Mq-NA; Thu, 14 Dec 2006 17:45:01 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GuzK0-0004Bj-D7; Thu, 14 Dec 2006 17:45:01 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuzDG-000IGP-4z for namedroppers-data@psg.com; Thu, 14 Dec 2006 22:38:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GuzDC-000IG1-HJ for namedroppers@ops.ietf.org; Thu, 14 Dec 2006 22:38:00 +0000 Received: from [192.168.1.101] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBEMXmf7063838; Thu, 14 Dec 2006 17:34:10 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <741.1165785349@sa.vix.com> References: <20061127032712.CD1FE56890@shell-ng.nominum.com> <87ejrit5r9.fsf@mid.deneb.enyo.de> <14241.1165098375@sa.vix.com> <20061202234153.7B7B056882@shell-ng.nominum.com> <25076.1165105081@sa.vix.com> <20061204171222.303505687D@shell-ng.nominum.com> <20061204194957.GA25206@outpost.ds9a.nl> <87ejrcviqx.fsf@mid.deneb.enyo.de> <24A0777B-437A-45BE-8BFC-31130D94C8EE@rfc1035.com> <741.1165785349@sa.vix.com> Date: Thu, 14 Dec 2006 17:37:27 -0500 To: Paul Vixie From: Edward Lewis Subject: Re: brain cycles of the WG Cc: namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa At 21:15 +0000 12/10/06, Paul Vixie wrote: > >we know there won't be a new namespace. ever. but in addition to adding >new kinds of names (idn) and securing the data (dnssec) we have sometimes >tried to improve the protocol (edns). if i were to embark on dnsv2 it would >be with the hope of completely forklift-upgrading the protocol while keeping >the namespace as it is. > I agree with that. Where I see the discussion getting wrapped around an axle is when we cross the divide between conveying the data in the name space with regulating the data in the name space. I've trotted this out before, there is a difference between talking about DNS and talking about provisioning of domain names. It may be hard to see, but every DNS zone is managed by some sort of registry. Whether it is a formal one like the g/sTLDs of ICANN or a ccTLD, or just a personal zone with three names in it, there is a registry. The heart of the registry may be a distributed database or a text file, the process of generating the zone file may be a database difference report or the text file may already look like a zone file. Coming up with a new wire protocol for DNS would represent about as much of a change as bring up servers on IPv6 to a registry. DNS is just a publication mechanism, not what is regulated. Perhaps a new protocol is more like the transition from LP's to CD's - the music stayed the same but the cases got smaller. 'Course the analogy breaks down when you get to MP3's and on-line stores, etc. And DC-101 (local radio) had to change from "7 album sides at 7" to "7 CD-sides at 7" declaring each half of a CD to be a side. A cleaned up DNS would present an issue to the regulators - a better implementation of the CLASS concept. But that's their problem, not ours. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 15 10:24:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvEvU-0003cb-Bp; Fri, 15 Dec 2006 10:24:44 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvEvT-0002Hq-0B; Fri, 15 Dec 2006 10:24:44 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvEnw-000AzO-Q5 for namedroppers-data@psg.com; Fri, 15 Dec 2006 15:16:56 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvEnr-000Ay6-Hd for namedroppers@ops.ietf.org; Fri, 15 Dec 2006 15:16:56 +0000 Received: from [10.31.32.71] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBFFChKC068481; Fri, 15 Dec 2006 10:12:44 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> References: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> Date: Fri, 15 Dec 2006 10:16:12 -0500 To: "Olaf M. Kolkman" From: Edward Lewis Subject: Re: SO vs DNSSEC Cc: IETF DNSEXT WG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a At 21:29 +0100 12/6/06, Olaf M. Kolkman wrote: >Anyway, this all boils down to the blunt question: Should we flush all >DNSSEC-bis work and put our bet on SO? I don't see SO and DNSSECbis/ter as competing. They aren't solving the same problem. So I would suggest the answer is no. I don't see much forward momentum for DNSSEC* regardless of DLV, NSEC3, SO, or any other factor recently debated on this list. There's nothing standing in the way of progress, progress is just not happening. I have seen equally little forward momentum for SO. Is there code for it yet? Is there evidence that the SO document's presence has stopped someone from deploying DNSSEC*? I'm presuming not, but I wouldn't know. Has anyone been told to hold back on DNSSECbis because there are ongoing discussions over NSEC3, etc.? Are the distractions really distracting or just providing an excuse? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From gkilbride@songformyson.com Fri Dec 15 11:59:08 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvGOq-00006K-FZ; Fri, 15 Dec 2006 11:59:08 -0500 Received: from 89-178-140-5.broadband.corbina.ru ([89.178.140.5] helo=adel-kyqi2tw6a8) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvGOo-0000l4-Se; Fri, 15 Dec 2006 11:59:08 -0500 X-AntiVirus: Checked by Dr.Web [version: 4.33, engine: 4.33.5.10110, virus records: 159094, updated: 15.12.2006] Received: from 67.15.97.7 (HELO mail4.ourmailservers.net) by lists.ietf.org with esmtp ()HJ)+00; I+O.) id A.=8N+-@E?:@--Q+ for dnsext-archive@lists.ietf.org; Fri, 15 Dec 2006 16:59:05 -0180 Message-ID: <01c7206a$54260af0$6c822ecf@gkilbride> From: "May Dunbar" To: Subject: Windows Vista Ultimate ready to download Date: Fri, 15 Dec 2006 16:59:05 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="us-ascii"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Spam-Score: 3.7 (+++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://otkritogon.net Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Fri Dec 15 16:56:24 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvL2W-00075y-8h; Fri, 15 Dec 2006 16:56:24 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvL2T-0000oU-Tc; Fri, 15 Dec 2006 16:56:24 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvKux-0005tE-93 for namedroppers-data@psg.com; Fri, 15 Dec 2006 21:48:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvKus-0005sd-W0 for namedroppers@ops.ietf.org; Fri, 15 Dec 2006 21:48:32 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 0377B11430 for ; Fri, 15 Dec 2006 21:48:26 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: IETF DNSEXT WG Subject: Re: SO vs DNSSEC In-Reply-To: Your message of "Fri, 15 Dec 2006 10:16:12 EST." References: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Fri, 15 Dec 2006 21:48:26 +0000 Message-ID: <35012.1166219306@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca > I don't see SO and DNSSECbis/ter as competing. They aren't solving the > same problem. So I would suggest the answer is no. i do see SO and DNSSECbis/ter as competing -- for mindshare, both among the group of volunteers willing to work on these problems, and among vendors who may wish to deploy or support Secure DNS, and among domain holders who may with to adopt Secure DNS. > I don't see much forward momentum for DNSSEC* regardless of DLV, NSEC3, SO, > or any other factor recently debated on this list. my own census among potential deployers indicates that until the DNS community makes a decision about what Secure DNS will be, nobody's going to wait for it or plan on it or include it in their plans at all. introducing SO at this stage looks like "more dithering". this working group needs a clear goal set, a strategy for meeting those goals, and strong leadership to keep us focused on those goals. the leadership part is the only thing we've got right so far, and admitting SO would send the other two requirements in the wrong direction. > There's nothing standing in the way of progress, progress is just not > happening. I have seen equally little forward momentum for SO. Is there > code for it yet? speaking as an implementor, nobody has yet come to ISC asking for SO or offering to fund SO. if any other implementor or potential implementor has heard EOI's or RFP's for SO or SO-like functionality, that would make the working group's decision interesting. > Is there evidence that the SO document's presence has stopped someone from > deploying DNSSEC*? I'm presuming not, but I wouldn't know. in addition to the usual problems in proving negatives, the cases i'm aware of are of fence-sitters rolling their eyes and saying "AGAIN with the bi-annual Secure DNS redesign? what IS it with you people?" which is to say, in answer to your question, "yes and/or no". > Has anyone been told to hold back on DNSSECbis because there are ongoing > discussions over NSEC3, etc.? Are the distractions really distracting or > just providing an excuse? with respect to DLV adoption, some folks i've approached about using DLV have said that if the only thing left to do for Secure DNS is sign the root, then DLV is an appropriate bootstrap mechanism, but with NSEC3 in the offing, they don't want to adopt Secure DNS at all until it settles down, so DLV is just useless to them. i can extrapolate a bitter twisted cynical conclusion about the appearance of "SO" on the landscape, but noone has actually done more than roll their eyes (as described above), so it's not conclusive *enough*. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Fri Dec 15 16:56:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvL2q-0007BV-3g; Fri, 15 Dec 2006 16:56:44 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvL2k-0000qe-K7; Fri, 15 Dec 2006 16:56:44 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvKv4-0005tf-Dk for namedroppers-data@psg.com; Fri, 15 Dec 2006 21:48:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00, HELO_DYNAMIC_DHCP autolearn=no version=3.1.7 Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvKux-0005t2-Te for namedroppers@ops.ietf.org; Fri, 15 Dec 2006 21:48:41 +0000 Received: from outpost.ds9a.nl ([213.244.168.210] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from ) id 1GvKv6-0004RW-Dn for namedroppers@ops.ietf.org; Fri, 15 Dec 2006 22:48:44 +0100 Received: by outpost.ds9a.nl (Postfix, from userid 1000) id A4A384B846; Fri, 15 Dec 2006 22:48:31 +0100 (CET) Date: Fri, 15 Dec 2006 22:48:31 +0100 From: bert hubert To: Edward Lewis Cc: "Olaf M. Kolkman" , IETF DNSEXT WG Subject: Re: SO vs DNSSEC Message-ID: <20061215214831.GD6421@outpost.ds9a.nl> References: <159BAAA6-781E-4AB8-A6A2-5EC867889FA1@NLnetLabs.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 On Fri, Dec 15, 2006 at 10:16:12AM -0500, Edward Lewis wrote: > anyone been told to hold back on DNSSECbis because there are ongoing > discussions over NSEC3, etc.? Are the distractions really > distracting or just providing an excuse? I wouldn't be able to distinguish between the two. However, NSEC3 has, to my experience, extended the perception that, "as usual", DNSSEC wil be ready six months from now. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From alisunwelsh@aks-inc.com Fri Dec 15 18:20:50 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvMME-0000V3-26 for dnsext-archive@lists.ietf.org; Fri, 15 Dec 2006 18:20:50 -0500 Received: from [218.232.24.177] (helo=admin) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GvMMB-0003LK-CG for dnsext-archive@lists.ietf.org; Fri, 15 Dec 2006 18:20:50 -0500 To: "david oralie" Date: Sat, 16 Dec 2006 08:20:29 +0900 From: "alyssa phillie" Sender: "alyssa phillie" Subject: Be boss MIME-Version: 1.0 Message-ID: <1f2dc01c7209f$9c2667c0$b118e8da@admin> Content-Type: multipart/alternative; boundary="----=_NextPart_000_1F07A_01C720EB.04367670" X-Mailer: Microsoft Outlook Express 6.00.2900.2527 Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-Spam-Score: 3.2 (+++) X-Scan-Signature: 36c793b20164cfe75332aa66ddb21196 This is a multi-part message in MIME format. ------=_NextPart_000_1F07A_01C720EB.04367670 Content-Type: text/plain; charset="ks_c_5601-1987" Content-Transfer-Encoding: 7bit HOT MONDAY FOR TTEN TTEN *** TTEN *** TTEN TTEN - Ten & 10, Inc. GROUND FLOOR opportunity in the WIFI Industry!! TTEN could see explosive growth as a newly trading company - 500%-1000% is not uncommon. Current Price: .11 Short Term Target: 2.20 TTEN has grown from China business focus to USA, Europe, Latin America as well as other areas of Asia. Within 12 months expected to generate $2 MILLION in NET INCOME. $200 MILLION in 5 years. TTEN is made up of 4 operating subsidiaries: Tech 10: WIFI and WiMAX Mobile 10: Music and mobile entertainment delivered via Internet, G3, etc Dream Learning Center: Digital Media Learning products Ten & 10 Network: Sales and marketing Telecommunications is globally a TRILLION dollar industry. Tech 10 has entered into a strategic alliance with FSP Holding an Asian based WiFi and WiMAX provider. The collective goal of the venture is to become the premier MAN/LAN (metropolitan area network/local area network) provider satisfying the needs of government and corporations in Asia. FSP is currently a pioneer in developing high performance, efficient and expandable wireless/wired communication networks in Asia. The Core business is: metropolitan wireless broadband for emergency responses, the WiMAX applications and value-added services, include: Public Safety Surveillance and Mobile Command Center, Distance Learning, Cyber Cafe Access, Dynamic Video Surveillance, SOS Poles, Public Traffic System, Road Monitoring System, Video-Conferencing, Multi-media Broadcasting, Train Compartment Monitoring etc. FSP anticipates the ability to generate gross revenues of about $2 billion in five years, and net profits of about $200 million. WATCH THIS SHARES GO HIGHER AND HIGHER Any of the above statements with respect to the future predications or goals and events may be seen as only Forward Looking and nothing else. All information inside this email pertaining to any sort of financial advice need to be understood as information and not advice. None of the information above can be constructed as any sort of financial advice. This is a paid advertisement. ------=_NextPart_000_1F07A_01C720EB.04367670 Content-Type: text/html; charset="ks_c_5601-1987" Content-Transfer-Encoding: 7bit HOT MONDAY FOR TTEN

TTEN *** TTEN *** TTEN

TTEN - Ten & 10, Inc.

GROUND FLOOR opportunity in the WIFI Industry!!

TTEN could see explosive growth as a newly trading company - 500%-1000% is not uncommon.

Current Price: .11
Short Term Target: 2.20

TTEN has grown from China business focus to USA, Europe, Latin America as well as other areas of Asia. Within 12 months expected to generate $2 MILLION in NET INCOME. $200 MILLION in 5 years.

TTEN is made up of 4 operating subsidiaries:

            Tech 10: WIFI and WiMAX
            Mobile 10: Music and mobile entertainment delivered via Internet, G3, etc
            Dream Learning Center: Digital Media Learning products
            Ten & 10 Network: Sales and marketing

Telecommunications is globally a TRILLION dollar industry.

Tech 10 has entered into a strategic alliance with FSP Holding an Asian based WiFi and WiMAX provider. The collective goal of the venture is to become the premier MAN/LAN (metropolitan area network/local area network) provider satisfying the needs of government and corporations in Asia.  FSP is currently a pioneer in developing high performance, efficient and expandable wireless/wired communication networks in Asia.  The Core business is:  metropolitan wireless broadband for emergency responses, the WiMAX applications and value-added services, include:   Public Safety Surveillance and Mobile Command Center, Distance Learning, Cyber Cafe Access, Dynamic Video Surveillance, SOS Poles, Public Traffic System, Road Monitoring System, Video-Conferencing, Multi-media Broadcasting, Train Compartment Monitoring etc.  FSP anticipates the ability to generate gross revenues of about $2 billion in five years, and net profits of about $200 million.


WATCH THIS SHARES GO HIGHER AND HIGHER




Any of the above statements with respect to the future predications or goals and events may be seen as only Forward Looking and nothing else. All information inside this email pertaining to any sort of financial advice need to be understood as information and not advice. None of the information above can be constructed as any sort of financial advice. This is a paid advertisement.

 ------=_NextPart_000_1F07A_01C720EB.04367670-- From erik.wold@woodfieldpetoskey.com Fri Dec 15 21:45:25 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvPYC-0006bQ-B4; Fri, 15 Dec 2006 21:45:24 -0500 Received: from dip013.gw4.kc.ru ([84.53.206.13] helo=i915-e97c312360) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvPY4-0007qI-W3; Fri, 15 Dec 2006 21:45:24 -0500 Received: from 205.178.149.7 (HELO INBOUND.WOODFIELDPETOSKEY.COM.NETSOLMAIL.NET) by lists.ietf.org with esmtp (79D2I'F?@58O 4BGZ) id /C-.,5-*J0+45-67 for dnsext-archive@lists.ietf.org; Sat, 16 Dec 2006 02:45:16 -0180 Date: Sat, 16 Dec 2006 02:45:16 -0180 From: "Forrest Ortega" X-Mailer: The Bat! (v3.71.14) Educational X-Priority: 3 (Normal) Message-ID: <359654567.55365585845844@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Spam: Not detected X-Spam-Score: 2.1 (++) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The= most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-R= OM) is the first operating system that combines all of the advanced infrast= ructure features of a business-focused operating system, all of the managem= ent and efficiency features of a mobility-focused operating system, and all= of the digital entertainment features of a consumer-focused operating syst= em. For the person who wants one operating system that is great for working= from home, working on the road, and for entertainment, Vista Ultimate is a= no-compromise operating system that lets you have it all. Windows Vista Ul= timate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused oper= ating system, all the efficiency features of a mobility-focused operating s= ystem, and all of the digital entertainment features of a consumer-focused = operating system; Remotely connect to business networks; Windows BitLocker = Drive Encryption provides improved levels of protection against theft for y= our important business data whether you are at home, on the road, or in the= office; Delivers all of the entertainment features available in Vista Home= Premium; includes everything you need to enjoy the latest in digital photo= graphy, music, movies, analog TV, or even HDTV; Upgrade from your current e= dition of Microsoft Windows XP or Windows 2000 (including Windows XP Profes= sional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Win= dows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://appollono99.biz Please note, that there will be more special offers available for our const= ant customers. Every effort has been made to ensure the accuracy of all inf= ormation contained herein. DS Team makes no warranty expressed or implied w= ith respect to accuracy of the information, including price, product editor= ials or product specifications. Product and manufacturer names are used onl= y for the purpose of identification. We appreciate your cooperation with us= and we'll be glad to see you as our clients in the future. From alans@tommyandjess.com Fri Dec 15 21:49:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvPc8-00008U-5C; Fri, 15 Dec 2006 21:49:28 -0500 Received: from [201.230.67.164] (helo=client-201.230.67.164.speedy.net.pe) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GvPc5-0008Rl-Lb; Fri, 15 Dec 2006 21:49:28 -0500 Received: from 66.235.211.84 (HELO mail.tommyandjess.com) by lists.ietf.org with esmtp ()'R/N,LLL W+Q-4) id +IG-ZP-8'/,VL-2F for dnsext-archive@lists.ietf.org; Sat, 16 Dec 2006 02:49:33 +0300 Date: Sat, 16 Dec 2006 02:49:33 +0300 From: "Wesley Hull" X-Mailer: The Bat! (v2.11) Business X-Priority: 3 (Normal) Message-ID: <386460995.20307810789300@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Spam: Not detected X-Spam-Score: 4.5 (++++) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The= most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-R= OM) is the first operating system that combines all of the advanced infrast= ructure features of a business-focused operating system, all of the managem= ent and efficiency features of a mobility-focused operating system, and all= of the digital entertainment features of a consumer-focused operating syst= em. For the person who wants one operating system that is great for working= from home, working on the road, and for entertainment, Vista Ultimate is a= no-compromise operating system that lets you have it all. Windows Vista Ul= timate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused oper= ating system, all the efficiency features of a mobility-focused operating s= ystem, and all of the digital entertainment features of a consumer-focused = operating system; Remotely connect to business networks; Windows BitLocker = Drive Encryption provides improved levels of protection against theft for y= our important business data whether you are at home, on the road, or in the= office; Delivers all of the entertainment features available in Vista Home= Premium; includes everything you need to enjoy the latest in digital photo= graphy, music, movies, analog TV, or even HDTV; Upgrade from your current e= dition of Microsoft Windows XP or Windows 2000 (including Windows XP Profes= sional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Win= dows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://appollono99.com Please note, that there will be more special offers available for our const= ant customers. Every effort has been made to ensure the accuracy of all inf= ormation contained herein. DS Team makes no warranty expressed or implied w= ith respect to accuracy of the information, including price, product editor= ials or product specifications. Product and manufacturer names are used onl= y for the purpose of identification. We appreciate your cooperation with us= and we'll be glad to see you as our clients in the future. From kpstjgnje@alicedsl.de Sat Dec 16 08:09:56 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvZIa-0000Xx-4t for dnsext-archive@ietf.org; Sat, 16 Dec 2006 08:09:56 -0500 Received: from e176182089.adsl.alicedsl.de ([85.176.182.89] helo=e176167011.adsl.alicedsl.de) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GvZIW-0002iA-7K for dnsext-archive@ietf.org; Sat, 16 Dec 2006 08:09:56 -0500 From: "WorkGoing Movies" To: dnsext-archive@ietf.org Subject: Ejaculate like a Pornstar Date: Sat, 16 Dec 2006 14:07:04 -0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C7211B.768FFD10" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcchG3aPxv4mm0BPQAOKnurAw8O9JQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <2A8652BAB64B2A0.C835DADB75@alicedsl.de> X-Spam-Score: 3.6 (+++) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 ------=_NextPart_000_0001_01C7211B.768FFD10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Best Prices on the net!

Free Shipping TOP FDA-ONLINE PHARMACY Approved.
Information on medications help you find what you need.
Trusted and Secured And Hottest Offers.

We carry all prescription and non prescription medication.

------=_NextPart_000_0001_01C7211B.768FFD10-- From dg@cnametals.com Sat Dec 16 10:23:17 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GvbNd-0007vm-7d; Sat, 16 Dec 2006 10:23:17 -0500 Received: from [85.159.38.73] (helo=aa) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GvbNV-0002V7-GR; Sat, 16 Dec 2006 10:23:15 -0500 Received: from 166.102.129.9 (HELO mail.cnametals.com) by lists.ietf.org with esmtp (5AZ2-MZ(*T K2?') id 1*L*30-4YV1G2-,P for dnsext-archive@lists.ietf.org; Sat, 16 Dec 2006 15:24:11 -0180 Message-ID: <01c72126$3ccfbe70$6c822ecf@dg> From: "Truman Ouellette" To: Subject: Windows Vista Ultimate ready to download Date: Sat, 16 Dec 2006 15:24:11 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Spam-Score: 4.1 (++++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://watersplashing.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Sat Dec 16 17:28:35 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gvi1D-0006c1-5r; Sat, 16 Dec 2006 17:28:35 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gvi18-0001pC-Pk; Sat, 16 Dec 2006 17:28:35 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvhtN-000Nin-Vr for namedroppers-data@psg.com; Sat, 16 Dec 2006 22:20:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.7 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GvhtL-000Nhw-Cw for namedroppers@ops.ietf.org; Sat, 16 Dec 2006 22:20:28 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 16 Dec 2006 22:20:25 +0000 X-IronPort-AV: i="4.12,179,1165190400"; d="scan'208"; a="6376930:sNHT30189768" In-Reply-To: <20061215214831.GD6421@outpost.ds9a.nl> To: bert hubert Cc: Edward.Phillips@nominet.org.uk, IETF DNSEXT WG , "Olaf M. Kolkman" Subject: Re: SO vs DNSSEC MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Jay Daley Date: Sat, 16 Dec 2006 22:15:58 +0000 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 16/12/2006 10:15:43 PM, Serialize complete at 16/12/2006 10:15:43 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 > I wouldn't be able to distinguish between the two. However, NSEC3 has, to my > experience, extended the perception that, "as usual", DNSSEC wil be ready > six months from now. That may be in true in some circles. However NSEC3 has the four largest registries in the world (.com, .de, .net, .uk) making committments to deploy, funding work on development and deployment, working to get our registrars prepared and making real plans on just how we are going to implement DNSSEC w/NSEC3. That more than outweighs any doubts about the final date for a critical mass of signed zones. Jay Daley Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From aes@mpluk.com Sat Dec 16 17:52:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GviO2-00066J-Vm; Sat, 16 Dec 2006 17:52:10 -0500 Received: from dialup206.vlz.ru ([83.239.160.206] helo=george) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GviNq-00044Z-28; Sat, 16 Dec 2006 17:52:10 -0500 Received: from 203.10.1.146 (HELO mulgara.westnet.com.au) by lists.ietf.org with esmtp (W14=.AXQ) 356)K) id ''4K0.-CJ8E9B-(W for dnsext-archive@lists.ietf.org; Sat, 16 Dec 2006 22:51:59 -0180 Message-ID: <01c72164$cb389e00$6c822ecf@aes> From: "Faith Skinner" To: Subject: Windows Vista Ultimate ready to download Date: Sat, 16 Dec 2006 22:51:59 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-Spam-Score: 1.7 (+) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://theoverment.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From aikou@sfreader.com Sat Dec 16 17:53:00 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GviOq-0006Gl-3G; Sat, 16 Dec 2006 17:53:00 -0500 Received: from host-191-51.dialup.telecet.ru ([87.117.191.51] helo=home) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GviOk-0004Cm-MA; Sat, 16 Dec 2006 17:53:00 -0500 Received: from 216.198.218.131 (HELO mail3.hostek.com) by lists.ietf.org with esmtp (9E?A>1:.Y)K NED->) id 8/8YE*-*2@@VY-41 for dnsext-archive@lists.ietf.org; Sat, 16 Dec 2006 22:52:57 -0180 Message-ID: <01c72164$ee1861d0$6c822ecf@aikou> From: "Janet Larkin" To: Subject: Windows Vista Ultimate ready to download Date: Sat, 16 Dec 2006 22:52:57 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="us-ascii"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Spam-Score: 4.0 (++++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Dear customers and friends of DS Team, Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://theoverment.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From alowejones@bunniquette.net Sun Dec 17 13:13:49 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gw0WD-0002ZP-G9; Sun, 17 Dec 2006 13:13:49 -0500 Received: from 217-15-154-152.ip.yaroslavl.ru ([217.15.154.152] helo=lg) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gw0W5-0007mN-Tt; Sun, 17 Dec 2006 13:13:47 -0500 Received: from 125.62.95.250 (HELO mail.bunniquette.net) by lists.ietf.org with esmtp (T0B()/(.LB <,,5/) id BRB7L.-7X6*P)-5B for dnsext-archive@lists.ietf.org; Sun, 17 Dec 2006 18:13:46 -0180 Message-ID: <01c72207$17ec8340$6c822ecf@alowejones> From: "Alvaro Solomon" To: Subject: Windows Vista Ultimate ready to download Date: Sun, 17 Dec 2006 18:13:46 -0180 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-Spam-Score: 0.1 (/) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://bimbose.com Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From ckddobw@biggreenhits.com Sun Dec 17 20:53:42 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gw7hG-0000ae-40 for dnsext-archive@lists.ietf.org; Sun, 17 Dec 2006 20:53:42 -0500 Received: from [219.134.235.85] (helo=[219.134.235.85]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gw7hC-0001DX-1o for dnsext-archive@lists.ietf.org; Sun, 17 Dec 2006 20:53:40 -0500 From: "Hate" To: dnsext-archive@lists.ietf.org Subject: Next Big Winner Date: Mon, 18 Dec 2006 09:53:32 -0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0000_01C7228A.608BBBB0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcciimCLRwWNop1gQ0WEILQvgitQIA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <304A14EFCE566D3.B0773D4EB6@biggreenhits.com> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be ------=_NextPart_000_0000_01C7228A.608BBBB0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
INVESTMENT ALERT FOR OUR=20 READERS
 
 
 
Interest for VGYI has been picking over the = preceding=20 months and interest is expected to continue with a massive PR campaign = in the=20 days to follow.  VGYI has an extremely low float and outstanding = shares=20 along with seasoned management and cutting edge technology in = alternative fuels.=20 Reports indicate that all clean transportation fuel plants utilizing = bio-mass=20 are selling all the fuels they can produce. VGYI looks like a winner to=20 us!
 
 
Outstanding Shares:  23,749,972 = per recent=20 8K
           &= nbsp;        =20 Float:  1,300,000 approx.
 

Recent News:
 
 
 
Vision Energy Group, Inc. Prepares to = Purchase=20 Biodiesel Production Unit
 
 

Company Name: Vision Energy Group = Inc.=20
Lookup: VGYI.PK
Current Price: $.50 (90% gains = expected=20 this week!!)
Expected: HEAVY PRICE = INCREASES TO=20 CONTINUE
 

About Vision Energy Corp.
 
Vision Energy Corp. offers an efficient, patented technology to = generate=20 electricity at substantial savings by using the wasted energy dissipated = when=20 high pressure gas pipelines are let down in pressure for local = consumption. Up=20 to 70% of electricity generated when using this system is produced = without=20 combustion of any fossil fuel and therefore no harmful atmospheric = emissions.=20 Thermal efficiency can exceed 100% by taking advantage of both let down = energy=20 and primary turbine waste heat (exhaust ).
 
 
 
WATCH THIS STOCK GO HIGHER AND HIGHER
 
 
 

Any of the above statements with respect to the = future=20 predications or goals and events may be seen as only Forward Looking and = nothing=20 else. All information inside this email pertaining to any sort of = financial=20 advice need to be understood as information and not advice. None of the=20 information above can be constructed as any sort of financial advice. = This is a=20 paid advertisement.
------=_NextPart_000_0000_01C7228A.608BBBB0-- From ddisandro@getanchors.com Mon Dec 18 00:32:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwB7E-0001vq-QP; Mon, 18 Dec 2006 00:32:44 -0500 Received: from [58.224.153.83] (helo=mx01-dom.earthlink.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwB7C-0001Ys-QF; Mon, 18 Dec 2006 00:32:44 -0500 Received: from 64.202.166.12 (HELO smtp.secureserver.net) by lists.ietf.org with esmtp (?4B X-Mailer: The Bat! (v2.00.2) Personal X-Priority: 3 (Normal) Message-ID: <990883225.51590160438095@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Spam: Not detected X-Spam-Score: 4.7 (++++) X-Scan-Signature: 97adf591118a232206bdb5a27b217034 Please let us represent our new special offer you can't afford to miss. The= most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-R= OM) is the first operating system that combines all of the advanced infrast= ructure features of a business-focused operating system, all of the managem= ent and efficiency features of a mobility-focused operating system, and all= of the digital entertainment features of a consumer-focused operating syst= em. For the person who wants one operating system that is great for working= from home, working on the road, and for entertainment, Vista Ultimate is a= no-compromise operating system that lets you have it all. Windows Vista Ul= timate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused oper= ating system, all the efficiency features of a mobility-focused operating s= ystem, and all of the digital entertainment features of a consumer-focused = operating system; Remotely connect to business networks; Windows BitLocker = Drive Encryption provides improved levels of protection against theft for y= our important business data whether you are at home, on the road, or in the= office; Delivers all of the entertainment features available in Vista Home= Premium; includes everything you need to enjoy the latest in digital photo= graphy, music, movies, analog TV, or even HDTV; Upgrade from your current e= dition of Microsoft Windows XP or Windows 2000 (including Windows XP Profes= sional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Win= dows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://yournoebad.org Please note, that there will be more special offers available for our const= ant customers. Every effort has been made to ensure the accuracy of all inf= ormation contained herein. DS Team makes no warranty expressed or implied w= ith respect to accuracy of the information, including price, product editor= ials or product specifications. Product and manufacturer names are used onl= y for the purpose of identification. We appreciate your cooperation with us= and we'll be glad to see you as our clients in the future. From transvestitedating.com@reevesassociates.com Mon Dec 18 03:47:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwE9U-0007iX-Iq for dnsext-archive@ietf.org; Mon, 18 Dec 2006 03:47:16 -0500 Received: from aaubervilliers-153-1-33-68.w83-200.abo.wanadoo.fr ([83.200.8.68] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GwE9Q-0005H9-KZ for dnsext-archive@ietf.org; Mon, 18 Dec 2006 03:47:16 -0500 Message-ID: <000001c72280$ce8f3b00$0100007f@localhost> From: "Noah Miller" To: Subject: Check Your Health Date: Mon, 18 Dec 2006 09:47:00 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C72280.CE8F3B00" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1014 X-Spam-Score: 3.8 (+++) X-Scan-Signature: e5bfa71b340354e384155def5e70b13b This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C72280.CE8F3B00 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000E_01C72280.CE8F3B00" ------=_NextPart_001_000E_01C72280.CE8F3B00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Please view as original HTML or view attached images, found link and visit our site. ------=_NextPart_001_000E_01C72280.CE8F3B00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
------=_NextPart_001_000E_01C72280.CE8F3B00-- ------=_NextPart_000_0001_01C72280.CE8F3B00 Content-Type: image/gif; name="pict90.gif" Content-Transfer-Encoding: base64 Content-ID: R0lGODlh6QFNAKIAAP///8zMzP8AAGZmZgBmzAAAZgAAAAAAACH/C05FVFNDQVBFMi4wAwEA AAAh+QQEyAAAACwAAAAA6QFNAAAD/wi13P4wykmrvTjrzbv/YAOMZGmeaKqubOu+cCzPNN0M eK7jYe//wKBwSKzUjsikcslsHm+qQGBQrFqv2KyW4ux6v+AwE5qSAqjbtHrNbj/EM4MBjpIf 7TU7/rSnu8gjBAQkOHIGboiJiosefnyGe32OkjJ9lCl6c3Waji0OgqAAgwBSU2gQI0SpDqsX rYwWJLBXrz6dJZGal3C7eZwsvSPBt7WggqIjpTwRtRvNBc3PEtIT0QrUtgoLzyXV2kHcJhnY HcTCv5kkkLiG6u3uu5C5uQDrKvKbunPz5+7m4gwGSDk2ioSUU2++lVPIwNo4hrFeycLSSho5 cgtRQXS1Ef/EP0v79PWr5y/SSEr06olUySlYPF0qY8oMOfLfRGiiRoUqMUXEqlQ3AVa81g2n 0YlDtQH9qbRjQqZLt8kCKjVoUqhEbzZsirMp0q/Qjl6tWqss16VcuzINq1Yq263EQMZMyU6m v5p405VE9+vRJhPpJOm1OXFATmPHeJ46u3aoUbeP3YL9KbkxUQxZo0aFe7nytshrISesCtmx WLSeH4djxZgx6MyqYfuM21KkPDy3WeLOXXdvXbn3+uKdS5PdsE4FDBtb0ZP16+emV6feCl0r Z1akxUZ+Pp276dHev1mmnjo066LoxV92HL3z+Vu8ifs9uc4lX7vy72ISjl++4Hf/hMliWAGg DJSYQYt1w5564WlEHVbuoTZOQw+6x11sacVGHnjtcbZZdek5CF51JJL14Wzw8TeYfv/1B9h9 cgG331+/FeebfrdAQwCBiBWEYGkRBtngiJq5VhlGIjh44ncSCXmhc0Nud+GJovn0VIZFVrhh lR5OouJKJNFTW03C7bbSbr3NSCNNaIYJ5nFfLLCjITuZ0Nx4020Glpae4akdkp+NtiSDkuWJ ZUfmJSrelBFyyaWfWRpKYTi00agbPO/Yc85LNmoq435f2lbbm2DmKKdhLDSnVmZXqRdka3uK s6CjzCjplYUAdeXhltYpSKiubTFK1mzv6clqWkIpFOKV/wE26+yzMDBAAKrMITTLtdhiC2gI 0Hbr7bdaURuFtdmWa24b23oE7rrs/nNDKfDGq+q59NZr70Pt5qtvGDfs4G8O9wYs8MBd7mvw wTUQrPDCDDOL8MMQtyDvxBRXbPHFGGes8cYcd+zxxyCHLPLIH+er6YsuxgCnEpesTIPLLfwr 88w012zzzTjnrPPOPPfs889ABy20uC/cBjMMw6wYB39etMz0EkdHLPXUVFcaRtI2mvwlwiR3 7fXXYIct9thkf33Hff1k0tfJm5o55jxjCuOb2nyx3bZxAOY2mKd5Azi33zGULfjghBdu+OFm +5Km2mSW2jh9M52pj6gs3UWXOv+Wxy2mPWiaZFKNcctgxhmIl2766ainXrLiLGa9d5mlBua6 qMWtaPvT+aUNI9q5D1djmoEHQIpAqhdv/PHIl302ym3qjg/K+MkevW1u6v47jm3fPv30+Dz/ /PW+u2DGFMmXb/756Fe8/PUx4h7579rPVX3v8be+ffvAYzp5i5/CMD7xHjPA2ASYvgKSjIBi Q6Dq1ncj/K2gef6Z3d04J8H+bQ589MNdizAYNVIIj3wXk0cABKjAjd1GXiSUQgkrVsIUgk2E IyPgCkFmNBN2rIUUm6HpGAgP+5FpPu/LDwTpEj8zQS+ImZpcfzxXEuzVL3jDw9gMdRjCKpaC ivHCYQL/Bxg2LObwhln8ovF4uCn9rQ1weembXdhGRAmWESXfawc/lHapu9mRg+4rwwcByMIw ytAQGZsiJEY4QkBK8YoqVKEhEcjIQ2ZRDomM5CAJmcJJTrKQXoRXCw2JSRkqMpNatCQlIbnD LlyuavlDpej26EhEujCSFluhAl2YSURKkpCutCUuY9nHRs6ykLeEJSUDqMli/vKVrUzkMYEp TMOZkndVC50qafA/KQ6yksUMoQiXuctWevKXw0QmCy95S0/mMpjdFGcgs6lMY3ZTm9t0JzgR 98xUTs1u04QiCHkpTxjyk53DfGcVfQlDbNZSlovEJTcVesWC1lKX6YzoH9dp/8x4zvNw+cyo wappxVw+FKLCpCXHXqnOcAp0YlpkqDnbiU4qfvSiyIxpMgPqTpAWTqM4bRdH/9nOi4qRnZBc 6Tp9CVSb/hSWjQzpLlcKUxtCVKY+Rakf5QlQZ+b0qt7aaR9rSs5xWjKoS31pNsmZ1Jl28qkJ ReofSclJijaUlGcd5UHDGFcSdtWqldgaGDqYV76+LI9ZZaUBB0tY432UbH+1VNMAiwS/klFf Ws2hPz9WwwNWVnAnVJ3RDjvSy54vsUBcLC8Y6wTHmiOyhU2tale7uheBhG/16VTf4OYXwFEw ZbCVEW3T2DvivG1UodOc324LwWQIlrXITa5y5cWHzP8513lt2tsaXftD6MLucUeMbuxCYlvt JhFylcud5HTjOA/mYLnoTe9qH1jB3S0uaynjLfOYBhw43sh69z1iBnvDuOJeMJXqDbCACfuI 2OKRe7FNIhrr2z36os1pQcSvhPX7xM7Nz3t6A+yAN8zh5GW3vQcusNvOCD46yhfCQwSxYitM PdnK8boxG5qMZ0zjGtv4xjjO8c4+fD/3Yk+/S/Rxb3FUXPw6cMLAY/EEFwzfIGP1yVBuVkqM GDn4MjFtThRufqF3yh4+d44Ofq6Y19gSMVtZOOnTsZrXzGYam0/EYO4hHXOLKTjX7cXs7Z+X 61xnE5NXmnfEbqBvC2D0tfn/0IhONM32ibwol5a0UB4dH4uHA0c/rGMC8aCHLc0ySEf6uMar NKc3CgMcfJBjkxbbqJNg2oyiNnWiXnW+To0xU2taYwPgbMdkzesvvJqnzQxZrHsNLlpfzNaY rofyiM1sJbzapSj02rCbDS1jWwzZuK70SbtG7W5TE9QsjTZdSTZtbwfI2hXD9rGJ9s67cszc 8BYfuGnaybWC1d5v/WS8yv2FVlsa3RRTd7pRMIWybjtjzBaAwuP9AtSStKbKFKpMJ8bvfjO8 DLe+dqaPnQxTH8TgmmzrxRK+8IunCtxJXShNVa7Dab84wS8Pjpu4W0brFRlvXpZjsTXtWYFT nBSD/8x1VZWKcGIrXAAmP3kUiypRiGcWrnBVBtFIIjeqU73MmDgJ5qwuTZjcY+tY34fVq33r yZoC4MoA+hWFDlSwGnViJEd60qOAclGeM9zQBmm5xQ4TsYdp7IAB+9brCPj4Dn7wfS98s6wt 8rNnfN/Kbqi4737weIXh6CXA/AiOrvnNlxwAnP886D/feROEvuSlx/zpTb/w1Wde9KznPAlc 73mky370sF+CVnHISJI+/KlV3fvf/574p2F9+Fw/fPhw0dyq8/1b6J6hz/cd0cmHu/Lwurzm b4/723P/9HL/fu67L/7wox78s19950v/eteDX+7kf//4kbB7ugJyrfT+Kv/+9z315xNfbn4X PYiXfFUHeF6XF4LnfMhHdtmGdgeBfUoVVRQjBttXgeZ3gRdYe7WXgSfgfaR3fuHXfukXehrI fiI4e92ngRsof/N3BL92OvwWgAsog/+RN65FN7UDaMM1Yv7WBA7Ifz9YCBrjUFE3ctqHgSpo gRyohCoYeyP4hLiHAus3fiSYAiYYhVA4hfB3hfQ3byiUWWJTcXMHBz8IL9OXRWx3U0cYf1io eiRogWx4hVr4ep7XfuVnhS2IhU6YhR+4hXn4bUt3PGI4hmFQhlJniI2HWBTogaNnh+bXiCN4 fpDYgX3oiH5Ie1zIhU14gklYiZuoe16IOoNIiL719ngBt3HlAwdVWIUr2IqRiIHwt4d6yIZ6 OIeUqIlyKHpw2ISaWAMvaDqjSIpdYAo5Y4ilo4oemHrJqIvLeIkb+Il3yIu554bOuIlLuIu1 +IczcBAeJ4hTJ4xhwDPGSE+LqISxuIrcR36umI2094wrGI1Q2IZ9iI6Y6ImzCIrnk2odto+D RQfKGIvWOI3MeI4DeY/pKHu2CI2tB3v1eJD22Ivf9lngCFmpOJHmpmgYmZEauZEcaTMW+ZEg GZIiOZISw48meZKDQ5LEhpIs2ZKJo5Ky5pIyOZMeA5O81pE4mZM6uZM1ZpOyxpNAGZRCOZQ6 4JOclgAAIfkEBA8AAAAsQQAzAFsADwAAAzZosNz+MMpJa1U2680z7mAoTt9onl2JrmyktnD7 xrQ513ia7+LN/xIfcNgQEonGIzCp5DGbuQQAIfkEBA8AAAAsQQAzABEAEAAAAykIutz+zUAo p6uW4ayMl98HiGPZnWgJmivWsuryVi+6ymbK5fvG+RlDAgAh+QQEDwAAACxPADQADwAPAAAD Igi6zNZwvQgndbeZ/XjsEgWCHzCKZmptoeqsGRYrVlxnRgIAIfkEBA8AAAAsXQA0ABEADwAA AygIutxgLi4oI1Xm2qYdzc8DZl8oYlN6lSi6qgz0ujFGzmnl6Ttf+5MEACH5BAQPAAAALGwA NAAQAA8AAAMlCLrc1pC9GCd1Fz7DV+8KCFhiOHKklprOOmonGotWxto3XttGAgAh+QQEDwAA ACx5ADQAEQAPAAADIwi63GAuLigjre3iaWjHkLd5mkRuT6oqH9OdbFmOqFtPN5sAACH5BAQP AAAALIgANAAPAA8AAAMjCLrM1nC9CCd1tz3DbZeeEgJcJYnWKaLquJXgmK0zXaeZkQAAIfkE BA8AAAAslQA0AAoADwAAAx0Iumv87jU5KTDYRaWv514Hdhv5XVkKWpvUQtaVAAAh+QQEDwAA ACyeADQAAQAPAAADBAi63AkAOw== ------=_NextPart_000_0001_01C72280.CE8F3B00 Content-Type: image/jpeg; name="image67.jpg" Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAJgAA/+4ADkFkb2JlAGTAAAAA Af/bAIQADQkJCQoJDQoKDRMMCwwTFhANDRAWGRQUFhQUGRgTFRUVFRMYGB0eIB4dGCYmKSkm Jjg3Nzc4Pj4+Pj4+Pj4+PgEODAwODw4RDw8RFA4QDhQVERERERUfFRUXFRUfJxwYGBgYHCcj JSAgICUjKysnJysrNTUzNTU+Pj4+Pj4+Pj4+/8AAEQgARwISAwEiAAIRAQMRAf/EAKgAAAEF AQEAAAAAAAAAAAAAAAABAgMEBQYHAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUGEAABAwIDBAcE CAQEBAcAAAABAAIDEQQhEgUxQVETYXGR0SIyUoGxkhShQmJygiNTBsGyMxXhc8M08KIkFsLS Q2ODswcRAAEDBAAEBAYBAgcAAAAAAAEAEQIhMRIDQVEiE2FxgQSRocEyQlKxYgXw0fGiIzMU /9oADAMBAAIRAxEAPwD0aQmSV0ZPgaBUcSccU0wQ+kJT/uJfw+4qpq96+xsJLiMAyAhrK7Ku O1VEGUhEXLAeqRIAJNgrXIh9ISciH0BZ9tJrENw6K7InidEZGztaGhrwK5MKKFmrXA0A38hB nJLWmmFc2UYK+1PhISrGND+1lGceIIoT8FrcmL0BHJi9AWVbandyaTdzyEC6tS9pIApVtKYK /aTvm06K4cQZHxZyRsrSqUtc4u5tLG6cZxlbk6m5MXoCOTF6AsJ2s3v9rtJs7Y5bmUxPuC0Z WAGlabFoWM97EJxfkSRRUMV01oAkDuAanPVKETIyFCQz8qFIbIkgAGzv5q7yYvQEcmL0BNF3 Dke81bkIa5rgQ4E7BTprgobi9AhzRZg/O2NwLCXNzEbW9RwWJ2AB8uD3VuFY5MXoCOTF6AmW twZjMC0jlvLAS0ioFOKmTEnDglAY1TORD6AjkQegJ6E3PMpsmciD0BHIh9AT0JOeaGUeZ0VW sODh4a40OZrf/EnciM4kZidpdiU1/mb7P541LvTSTORD6Qk5EPoCxhrF5Hpl/NKWuubSUxso 2gxIaMO1WIL68Op21pMQWyWwlkAA85Br7lodMw5f7X48g6gbIuL1WjyYvQEcmL0BY7NYuXaz 8v4fk3SugGGOZo9X3lJPdaldalPZ2MrIG2rGuc5zQ4vc4VpiDgn2ZgsSB05OTwR3IkOATXFl qcmL0BHJi9AWPc6lqUemW8pbyLuWbkvD2YUx8WUqe1u7+PVP7ddPZMHR8wSRtylvWkdU2JyF H4/rdHci4DHh81o8mL0BHJi9AWPHrFy7WeQcvyRlfAMMc7W8eta3zcPN5WNc2TNQ5c9K5c2y qjZGWvHI/cHFU4yjJ24Fk7kxegI5MXoCZ81DzOXjXNkDqHLm9Obiq8d+8lpLXESTPjAyHBra 09yzOwD8lThW+RD6AjkQegJ6FbnmU2TORB6AjkQ+gJ6EnPMoZRmNrAXR+FwFcNntTi7nGjvI GtOXiXCuKH+V3UUkJ8R+7H/KnwSS8iH0N7AjkQ/pt7AqOuXV1Z2bbi2IBZI0SAgGrDhv6UyS /uHav8tC+kDLYzPFAakg5cfaFY1yIyFur/apM4gsb0+a0eTD+m3sCOTD+m3sCx49VuW/t430 jq3BJa11Btz5RhswCfZapcHTLqe4o64tHPa7AAEjy7OlM6ZgE8pYeqO5GnjHL0WryYfQ3sCO TF+m3sCx7aTXALS6dJ81BckGWJrAOW11KGoG4Jr7zUZb/UIobpkEdlQgPY0gimban2ZORlEs HLebJdwM+JD2/lbPJh/Tb2BHJh9DewLK/vE5/b/9wIDJ3eFuGGbNlrQqxot5PdW0guTWeGR0 bzQDZswCR1TEZSP4yxPmmJxJAH5DIK7yYfQ3sCOTD6G9gT0LJ1aZyYfQ3sCOTD6G9gT0JuUJ nJh9DewI5MPob2BPQhyhM5MPob2BAeYTQYsyueBwLR/inqKXb+CT3IFUinmJjsZAHu3l2KOR DT+m3sCedqzrW7nk1e8tXurDCGGNtAKVArj7U4xJEiPxD/RIkBn4lle5EP6bewI5MP6bewLK vrq9/u7LGC4bbMdDzMzmhwqCeKV9zfW1/p8Ms7ZobkPbI5rAA51fCRTZtCvtSYVDmOTeF0u5 FzQ0LLU5MX6bewI5MX6bewLCuNVvhbapcsfRltK2ODAGnio7aMcFJqdzqltFBcxXLRHcGNgj yAlpczMTU9IT7E3AcB6fIH6pdyNSxp/otnkw+hvYEnJh9DewLJvJdUtprK0+aaZbhzw+blgC gy5fD0KbTL27feXVndPbMLYNImY3Lt21okdUscgQaZejsmNgyxY3b1utDkw+hvYEcmH0N7As bSdWu7m/Mc5Bgma98AoBTK6gGzgFuKdkJQOJunGQkHCZyYfQ3sCOTD6G9gT0KXKpM5MPob2B HJh9DewJ6EOUJnJh9DewI5Mf1RkO4twKeiuKHKFX+ak6PLl/EhQd6FbeCl1eP+4l/D7isz9y Rvk0qTIKljmOI2+EHE/StZgBuJq8GfxUmUcAlGWM4yviQUSGUSObhYcGr/O3T4bUB9q2Avkk LXBwfQ+GpoPoWS0yTaXpljF5553uqdgyupU9HiXYiNjfK0DqACT8v7P0LSO6MfthRwRXiAb/ ABUHUZXl4UHNcpS4tpNYtbhwe+aHnBzRRpO+g/Er2k6nZP0+CybJW4bBlLMrtrWGuNKLd/L+ z9CAGbqeyhRLcJBpRL0Lg0cBuScdRiXBpW44EuuVt7jk6FaCWFstpJK5twXAnK0u8zcuwqTS XRA30THPl0pgaYnmoIc445a0OG1dQWNIoQKHdRAYwCgaAOACU9wlCccf+wk3pUvbmkNRBjX7 Q1vBlkcw0NZBNHBNE4zimLTXzFuBy8UsrmyPlkYQ5nNt2hwxBLXY06qrVDGgUAAHCiA1oFAA BuAC5e3wdXj4qlauGe5bUZhM4kb6ENorClyt2kCu8oo0CtArjQMqsokKQ03AUTTjup7E0Jhc Amk1KeacEmHBNmQonedvs/njU+9V3Gsjer/UiVgokGSC5fUonDV5LIDwX0sEhH2RmzfSVdun iL9yMnPlis3k+zMf4LbbTMFKGjgOxane4AItHE1vavyUDUz1vLJcO2C9j0qDUi5pjFx8xkc2 j8xOWpPCrVoTz29vql9806SKK8jY6GSOtTQNNGltcarqMops+hIWMNKtBpsqFZ9y7vG72LUc EfBlPZaxs1+diuOkzz6HatnLnk3mV2YmuwilTirrYoNJ1pzIAWQOtnSOaSXVLczsK4/VXSZW 8B2JcreA7Ej7hwRj0yycP+3+SY02L1DV8lxAgvodLh1DM10bbjn5SDnzF2Wubgcq6IzRNnD4 H4vlaJLd1DmzU8bN4wxrsWplHAJMra1LRmG+m5Ze42Ha1BExkS45HgiOvHi7gfFZYc3kMt6j nifFn1sJC8mnDLvQ1waIXOIA+alqTsxMgWrkbXNQV40CC1pwLQfYsO342+i0xUSFI7KOHYmk im7sWnimmEgJC49ScQN6TDgmEOmOJyu6iiHzH7sf8qR5GV+G4+5OtRVzq4+CL+VNqJcQodTg +Y0+4ipUlhLR0t8Q+kLJ0DPO27u31JMUcLSfsR0PuXSUHBLl6FUduMDBvuN/5/hSYPISewXH MbLPpem2MRyvmme7MRUDK6gJ+JTtgumT6tZSHmyzxc5rmtyhxHiwH4l1NOKXL0LQ+5NWiKkn 1MslA0gN1Ggb5MuOddwyt01sBlE8JiiuAKhjQ00od2JVoada3mq6qZ4y4soYyCRjlPDaunyY 7BjtRQcEj7g/iDGhD5VqXTGn9i9eVLMuPz3F1p2m2TXHmPld4iK5RGaNr1Byv6Q24tdXvra4 cHulDZg9oytJ2mg/Et89SUAcAlL3DiUcQBJ/iS6BqYguSQ3yDKJCloOCKDgsVqokKWjeATS5 o3VQhMSEgdaU47UmCbITSaqOTaf8uT3KU7VBITif/al9wTCRKtHasBt9bWWu377klrZAwMIa XVIaOC6QgcEUCcJiIkCHEg128UpRJZixiXXLahLYS6zBcXbTJavtgQcrtpLstQ3FT6kbc6Xa 3dk2kNpM2RjaEeEEg4Ox2rosEUCvv/ZQ9FGyoyntfdUdXguTkhf/ANpzPI/MuHc1w41eAPoC s64HnTLCgJIlhr8K6KgrVFAjvlwWtKUr/sjt0Z+Aj8Fg63BHcalpsMrc0b3SBwxFR4d4VSrd Nl1aCGrIWxNMTcTRzw1tQT95dTSnUig4Ij7giIiQ8QGZ/wCrJ0HUCTIFiS7+jLkIrW7sDpFx I8PiqG5ctHMEviOY7z4iuqUtBwRQcFO3adjEhiH+ZdOEMHAN1EhS0aNtE1xaBgAVmrTEVS5g Rw6KJuCYCE2pRXFKaJpNEBLiqlfehR1PHehbYqXWqz/czdTP4qVRM/3M3Uz+KlWJVhQ3pLbO dwNCI3kHqaV5GLu5pUzSE/ePevWr8ONhchgzOMUgaBtJyleMhs+wwyj/AON3cttG2OsF+K9z +ySgI7cmqY39VcF3cFv9Z9czifEejpW/+yrmaTXGsdK9zTDJVrnEjDLTauUa2fH8qXafqO7l 0n7DZOdfBdE9rWwyZnOaQBXLTErSe+MoEDiF3+9nrPtdzYvgeS9KQkzAbU0vB3UXIvlFiazq s0N0bON4hbyy8yEEkkg0a3hwVvTJr5wPPcyaDKDHMwgmuGBAWd+43XTXl77VtxZiI5Zmt/Mi fQ4l1cBXFN0KC4ZdyXDIZLezfGA1su17iBiBw2ldZhD/AM4PTEt4Fz53BWTnucSty+kumwE2 bBJKSAK0oBxxWZDfahFfRWs8jLjm4PYylWV21IpSis6pLqMdqJNOa2SVjqvYQCS37NeBWPCL 2+1WGeGxfYtaQ64ldVoJrVx8QG1LTCJhLLDFpVNweDomTkGJv6Lo5C8xvETgJCDkcdgO4lZF 1d6zamMSSxufKcrGMAJJ+FW7W7vp7u5huLbkwRV5MpaRm8VBicNiqRR3UuvTTzQvZb27SIHu aQ008Iyk9ZKnWBEyyEDjHKrHyARJyAQ92U15e3sUtvbZ2QPkaDJM6mXNjUA0puTtPvLieSeK ZzZWw7J2igONKKrqkVyL+G5Nu67s2tAMTMaEDEEdeKdpcc7bie4dE62tpQQyF+FSfLQHgrMY dl+l8X4fc9uaTkT43Wif6jer/UiVkqr/AOo3q/1IlaK5pLUIb5h1riv3rqd7bauyGC4fEwQt dlYaCpc5dq3zDrXm3/6NKY9fZUEA27KHj4nrq/t4j3+oAjGV1h7sSOpokguLKm3XNU5jf+sl +tXxn0uSO1zVKE/OS7NucrCF0Mwx4/S0pDcgg47l7Ijpr0x+AXnY7f2l8V7lYPc+ytnvOZzo oy5x2kloNVYVTTKt060DgQRBEDXbXI1WC8bKL5uVz5lexGwVbVLt1lZSXLG53MoAN1SaVKx7 O91KeV0lvcRzvOQuhNGggipDQ7hsK19RNybOUWbGyTU8Mcgq1w+s2lRuXJGOe5lfHb2EsN20 x1a0FrIzl8RNdmY4hdXtowMJOADzLFvMFZ7CQQzrtg/AA4Hf0LGu7rV4+ZcOcy1iYfy43FpL h9NVqROIY1rzV4ADncXUxPauavbvV3Mms77TnXM1T8vPE05RXDMMtaqPbxBkaRNnyu3g6ew9 IqQV0FlcSXFrFNKMr3jEbK0NK+1U7zUZvnTaQyMgbGKyyvxxpWirMl1jTtNtWMtjcTOc/mMo XmNu1rTlTNRguLXVje/KOvrWTFzGCpa6mU1CuGuGcnxIIlhUXHmplOWIAd6ZK/HfTx2UtxO6 OcMIEb4ztJNKOAUEN7fvMbhcwudIamB1BQHcqdnY3k9vduMRtRPQ28L8CXB2cYHowTDFdS28 VoywfFPG455iMD7VoNet5B4kvW1A3+LJGUqGtviugloA8bMDhwwUlr5nfci9xUDz+WQTmLWU LuJAoVPa+Z33IvcVyGy14qwitAdwG0oTJomTwSQyCscjS1wGGBFDsWYumbLNuf3Dplu/JzmO INC7MKVG7rUP/dFjTMJG5eOYUw24rhP3F+37rSp5JWZ7izJP50dC5gP1Xihp171hRzsmyW8A c9+asbGDM7MQBhga7F6cPZ6ZRBEsqXXny37gSMW8l7LYa3YXz+VFIOb6a1rQVNFeO1cL+0P2 3cwXMd3eOMHKOeO3qC8mlAXkAAU4bV2+alQcVxb4QjNtZyC69E5yi8wx+icsHW9UmiujZNfy IzGXF9KlxI8rTu4Lb5nFYH7idetc55tmXNjy3eMNHMifQ+Ku2m9HtwO4BIA+ZV7CWor+ly3j gebKy4goOXK0jMDh4XAKzfPu22//AEbQ+YmgJIoBxxWJoNvcMu5LkQPtbN8YDWSHF7iBiBw3 rS1Z+pNtRJplHTMdV7KAlzfs13hVsiO8ADE28B5Fkok4OX+qqQXt/FfxWskzbkvI5jAASw78 RvC1J52wW8k58QjaXU4ncuehZqV/qkFw2xdp7WEOnkdVocQauONKk7FoB+pXr7+zuYPl7fK5 tvMRQOObw41KvbCLxfGgBmARz8Eoksb1PS6hF9qnyo1EyNMRfl5VMKVp71Ym1CaeeC2syI3T ND3OONMwr9FFlA606ybpJsXhwfUzHyUrm82zbvV2e0ubO4tbu0jN0IWNjkazbVoLSeo1Whjr Brhl14MzN+LqRk3FqZfVWrS7uDczWV0Q+WIEtkGFQN30qeTaf8qX3NVKwjunXU+oXMZgMoLY 43bfFQbOAAV1xqXf5UvuCw2YifS32jJrZNVaRPSL3o60UIQudWke5rGOc40a0EuPQMSuZm1+ +nlrbkQw1IYKAudTec1V0VyzmW8sdaZ2ObXrFFyMNo8O5bhlczM012ioovP/ALjt2wwjrJiJ O5C7fYw1yzlMCRizArf0vU5Z3CG4pnIq14wr0Fam9YWm27vmA7c0g9gotwmnStvYz2T1f8hc g0J5LL3cYR2dAABDsOaVQ3UxhtpZmtzmNrnBvGgrRSF44YqG4MxhkEBa2YtPLLhVoduqusCo ezrmNiuettRvbuQSRXbGzFmETqNZ5vJjh01XSRPl5bOa0NkIGcA1AO+i4uZl5PM6CTTnMveX 5YhlYXZ/6uGGWmC6rT2ywWkEU7s0rGASGtceFd9F1e5jFomLD+kN/I4LPUS5FVDqupvhzQWu MzG55X0rkZ3lS6bcS3FlFLKc0j81XUA2Gm5Y95ol8xl1Lb3b5TJV5t2tNX44CtcU60Gs2GjC SOF01y+QAWr2kmNviBwzb9qDr1nUBCUTLIBzQ1HF0AyzJILMruoX1w29hsrd4hzgEyn7VePU m22pSRy3FvduEpga57ZG4Vy7QotU+akhtZZdP+a8DTOIyWyxuIq5oAOxQadp80slxNNAbKGV joreF9cwzClTv9qcY6+0MgAw4M+T/FSTLOjqf53VHWh1ASNETXZeVlFKVpwWjFM2aGKZopzG 1pw3FYrW6s2zdpfybsX1531aVrt2bVrQRiCGK3BB5TQ0uGwnaVO4RamP3HHH9fFVAmt2ar81 XqhJ3VQpQ4WwwgXE1eDP4qTM3iFXd/Xl/B7ilqsDwWgUshaWOFRiCsvknirxcdiZlCYLLSE8 XVPlHidpUtqwsmzE7ipS1AFDVDpy2khuanz9KTMOKhJqkQslK4tcCHUc1wo5pxBB3EJC4f8A G7qCjqkqgIT6hIcdpr1lU5XkTuDXHODHkZU0ofNgo4S9zow5xIJBcAXebKSQfbuUdyrNxZTl 4K66eJrwxzwJHeVhOJ9iRs0chLWvDnM8wDq0WZdCGTUAx35dMjpHkEl7h5GN4JmlNPzAwoWx FsmFKOLyaFZ9+XcEcQxkYv5Kcy7NR1sVocDQ9GCSu8nHtVBuYND6uzZWuxJ2l9PcnwurLQuJ dlJe0k4OzcFrHbUBrpurgNZQRw/1I1aVOPz+wf8A2Rq5uVS4KwlG0KhqUXMnBpmAaBxV0uoo ZG5jVECxdEg4WZ8ts8P0dCR0BOJbU0Ax4DALS5aaYwte4s8FZjcMjcccoqd9aJatFaUBJqTx OxQ1oEVWS0UpeOKYctSQAC6mYigJpgKkbaJiKoCE+u/YjNwJHtWa6R3j5biXVkDxU4NDsOqg UkBcZcXFzQ05aE5cXO47cN6gbHLMpd+CtGSIOLc4BaKuFcQOJTPmoMnM5zQwmgdmFK9ay7qI 86+EbcXwNOA2muKqOpV0mU8pxkDTlNKmING7isZ+5lEtgDcfNlBmQbLoqjbtJ3k1SEk4EmnC uCpAOFtbsJcCIjUAkHMGYVomkkYOc4R0BJqfMWcetbd2gJjcK3NFdeRkd90qzbGj3V9EXuKp MJMDSTUlgJPsVuPzH7sf8q0d4umLq1UcUEtLSCcCoahGYb1CpVn2QBJDqg7digZplvGS+ONj Hu8z2taHHrIV4uRmHBWJya6gwCit7QMcHk4A1HFTlwqcUzMmkmu1J3TAaykLmnemOc01BFQc CDiCOBTEVQmnVxrSpRUKtdOAjFSQM7KkEjAuHBQBz+Y3xENB/LrmJIzu/hxUymxZnU5K89zQ KuNAMauOA7VE+5t25HPkaBJ5CTtrwUDmB2nlrxmJjJIdUkuy13rMmY/lQDI4l1u1jcCfEHA0 We3dLWA0RWL14JSkYrabPC+R0QkDntHiYDs9idjuw4FZFk14vWAtILHTF5ocA6mXHpVp7SS9 3izfnHadrT4f8E9e4yi5hxZEZEhXMAa0xO9JWrnU/Sl9wVaN/wCe0EnmHmZhU0phlw2K0zzO /wAuT3BawnkCWbgmC60cw4oqOKiqkzBSrUpykEVVR1vE4+NoJG87VISSkSMYyoQ6YkY2LJWM YzygADgnl3EqKqQlOIADAJEklzUqXMOKaXjjVMrgmkqkk4uBNaCtMtaY020rwRUJqhunEW8p BoQw4jbsQSwPkgqcnpomuLWguJAAxJJp2lUHlxJEbiIqnIfEfFlbs9tU+TKLScyNMgJfmbU1 IqaAKO7Q0sCfgpyU3zlry+bzWhlcuYO38FICD4hjXGu1YRYGsjmNXOc55mo1wDSWZWNpRaET HC1tWOBFGHMMRiGGlaLPXvlIkGIHSDRSJHjyV6hpT6NybUA4DYqYwyhxcI6NLqk+YsdtO3ar EBrDGSSSWtxO3YtozcszMqd1Djw+qhP/APKhbv4JYrSmbllc8HNUDOBSopsw6VFzG8HfC7uQ hYhuKvySGRvB3wu7knMHB3wu7kIT6fFCQyDeHfC7uQZBTYfhd3IQjp8UqpvMHB3wnuRzOh3w nuQhHSiqTOODvhPckzj7XwlCE6JVTc8eZxFcxpmwPsS8zoPwnuQhAxQjP0HsPckzjeD2FCEd KKoz9DuwpjDEHEtrmPQThXvQhHRR/RCswxhzXOLg11PACRXzNOzrACkdJTBwcOIAJHa2oQhT xqqScxvB3wu7khkHB3wu7kIT6fFFU0yCn1vhd3JOYODvhd3IQjp8Uqo5g4O+E9yTmdDvhPch CBiiqQvHB3wnuSF7ftfCUIR0oqmscwNOStKmtGnbU1+lLzOh3wlCEDHgkEnM6HfCe5GccD2F CFVEILxwPTgUx5Y4APr/AMwQhI4tVCkiDZKNBDW02nwgD2q29oY7Mw525WhwBFQAMD01QhI+ FlQsmcxvB3wu7khlHB3wnuQhHSiqbzBwd8Lu5Bkbwd2HuQhPpSLpOY3g7sPck5g4O7ChCKIq k5nQ7sKTOK7D2FCEURVNc9hpmB2ilQdtcEufod2FCEdKSM/QewpM+Ox1eooQn0oqjMftdhRn HA16ihCKITAYs9QDmNePtwVuCKNzXOe8NJa4AVFaEYkhCFJZun1TCcXubg9prxaMw+hJzBwd 8J7kIRRPyTTKPS74XdyQyDg74T3IQn0oqk5g3h3wnuScwcHfCe5CEdKRdHMHB3wlJnHA9hQh AxRVJn6HdhTXvYWuDwctPFUECiEJ9KEufod2FGfoPYUISDJVRnPB3YUmfr7ChCfSjzTXmNwA eDTdtCdHR2VrMB9UnAU6yhCXS9GdCs/LWv6rfLTzDbxQhCXWqov/2Q== ------=_NextPart_000_0001_01C72280.CE8F3B00-- From owner-namedroppers@ops.ietf.org Mon Dec 18 10:12:01 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwK9p-0007qI-Fg; Mon, 18 Dec 2006 10:12:01 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwK9o-0005eh-52; Mon, 18 Dec 2006 10:12:01 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwJvb-0003mX-AW for namedroppers-data@psg.com; Mon, 18 Dec 2006 14:57:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwJvI-0003k9-8w for namedroppers@ops.ietf.org; Mon, 18 Dec 2006 14:57:05 +0000 Received: from [192.168.1.101] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBIEqX5i093298; Mon, 18 Dec 2006 09:52:34 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 18 Dec 2006 09:56:46 -0500 To: namedroppers@ops.ietf.org From: Edward Lewis Subject: DNSv2 comment in Re: brain cycles of the WG Cc: Edward Lewis Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64 At 21:23 +0000 12/16/06, Jay Daley wrote: >I'm also increasingly of the view that DNS is /so good/ that most people >simply don't realise it. And it is all those complex and weird little >quirks that enable it to be so good. What worries me about any attempt at >DNSv2 is that some of the brilliance will be lost by trying to 'fix' DNS >and DNS is just too important to work in any less good a way. DNS stands on the shoulders of other naming systems, I am not surprised that DNS is a good protocol at heart. I don't mean to disparage the effort by saying that DNS stands on other's shoulders, it means that it wasn't just a lucky bolt out of the clear blue sky. I think that what is lost often is what makes the DNS a good protocol. I work in an area in which DNS is a new beast, a non-Internet environment. It is interesting to see what "them folks" think is the best part of DNS. They aspects often cited are the quick response, the lightweight nature, the robustness. They that I hear are less enthused about the scaling, etc. DNS is not perfect though. Some problems are in the architecture for example CNAME chasing in the authoritative server, the fixed message size assumptions (in data and header), and message compression. In the sense of "you've optimized a design when you can't possibly strip away any more" these are things that probably would have been taken out if there was better hindsight back then. Outside of CNAME, most of what I'd take out now were originally put in to handle problems of 15 years ago - namely really constrained bandwidth. There are other problems with DNS that are accidents of history, cruft thrown in because of implementation gaffs over time. Mangling misunderstood types are an example of this, as well as some of the extra records that BIND threw in years ago that probably ought not to have been in responses (like the authority records in a CNAME-impacted response). A DNSv2 would have to retain the lightweight nature, and make it even more lightweight. It would also have to remove the limitations of small fields without adding more to the fields. Finally, it would have to expand the notion of what's atomic from the RR to the RRset plus ancillary info. But, please, abandon the hope of negotiating service parameters - that's heavy weight and adds round trips. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 18 11:33:28 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwLQe-00067Z-58; Mon, 18 Dec 2006 11:33:28 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwLQb-0004v6-Pd; Mon, 18 Dec 2006 11:33:28 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwLKS-000BqG-VO for namedroppers-data@psg.com; Mon, 18 Dec 2006 16:27:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwLKB-000Bp9-ML for namedroppers@ops.ietf.org; Mon, 18 Dec 2006 16:26:48 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 8C48311426 for ; Mon, 18 Dec 2006 16:26:44 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSv2 comment in Re: brain cycles of the WG In-Reply-To: Your message of "Mon, 18 Dec 2006 09:56:46 EST." References: X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Mon, 18 Dec 2006 16:26:44 +0000 Message-ID: <37664.1166459204@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 > I think that what is lost often is what makes the DNS a good protocol. ... ask five people this question, get seven distinct nonoverlapping answers. > ... But, please, abandon the hope of negotiating service parameters - ... i can't think of a successful protocol that lacks an "options" escape-hatch? -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 18 12:01:29 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwLrl-0001Xf-BR; Mon, 18 Dec 2006 12:01:29 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwLrh-0001nT-St; Mon, 18 Dec 2006 12:01:29 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwLnX-000Ed9-O8 for namedroppers-data@psg.com; Mon, 18 Dec 2006 16:57:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwLnL-000EbQ-Dj for namedroppers@ops.ietf.org; Mon, 18 Dec 2006 16:57:00 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id 49AF156891; Mon, 18 Dec 2006 08:56:54 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 18 Dec 2006 11:56:49 -0500 To: Paul Vixie ,namedroppers@ops.ietf.org From: Mike StJohns Subject: Re: DNSv2 comment in Re: brain cycles of the WG In-Reply-To: <37664.1166459204@sa.vix.com> References: <37664.1166459204@sa.vix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061218165654.49AF156891@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081 How about DNS? Admittedly EDN0 was grafted on - but only to deal with changes and expansions to DNS. DNS did fine without it for many many years. With respect to negotiations in DNS - there are actually two protocols involved - the transmission protocol and the data protocol. It's somewhat easier to add negotiation to the transmission protocol (and that's what EDNS0 did in part) because it's between just a client and a server during a specific conversation. Adding negotiation to the data protocol is a bit harder (see for example grafting on the notion of non-existence and the various indications that have to go into the data to signal to a resolver/validator meanings). Its also the case that the publisher of the data doesn't have a clue as to the capabilities of its consumers and they will vary wildly. So without a massive change to the data model (which may in turn lead to a massive change in the name space with all the political issues thereof - ??), I'm mostly with Ed here. If you just want to re-write the query language and leave the data structures mostly intact - then lets just get the query language correct at the start. We've got 20 years of experience with DNS that should allow us to write a tight protocol for the next 20 years. Mike At 11:26 AM 12/18/2006, Paul Vixie wrote: > > I think that what is lost often is what makes the DNS a good protocol. ... > >ask five people this question, get seven distinct nonoverlapping answers. > > > ... But, please, abandon the hope of negotiating service parameters - ... > >i can't think of a successful protocol that lacks an "options" escape-hatch? > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Mon Dec 18 12:27:53 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwMHJ-0002b5-NW; Mon, 18 Dec 2006 12:27:53 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwMHI-0006JX-Do; Mon, 18 Dec 2006 12:27:53 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwM6P-000GMt-Rl for namedroppers-data@psg.com; Mon, 18 Dec 2006 17:16:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.187.1] (helo=sa.vix.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwM6J-000GLX-ON for namedroppers@ops.ietf.org; Mon, 18 Dec 2006 17:16:33 +0000 Received: from sa.vix.com (localhost [127.0.0.1]) by sa.vix.com (Postfix) with ESMTP id 73E7C11427 for ; Mon, 18 Dec 2006 17:16:31 +0000 (UTC) (envelope-from vixie@sa.vix.com) From: Paul Vixie To: namedroppers@ops.ietf.org Subject: Re: DNSv2 comment in Re: brain cycles of the WG In-Reply-To: Your message of "Mon, 18 Dec 2006 11:56:49 EST." <20061218165654.49AF156891@shell-ng.nominum.com> References: <37664.1166459204@sa.vix.com> <20061218165654.49AF156891@shell-ng.nominum.com> X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1 Date: Mon, 18 Dec 2006 17:16:31 +0000 Message-ID: <45297.1166462191@sa.vix.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f > So without a massive change to the data model (which may in turn lead to a > massive change in the name space with all the political issues thereof - > ??), I'm mostly with Ed here. If you just want to re-write the query > language and leave the data structures mostly intact - then lets just get > the query language correct at the start. We've got 20 years of experience > with DNS that should allow us to write a tight protocol for the next 20 > years. i'm not proposing that we make parts of the namespace optional, though IDN does that implicitly and there will be similar insertions in the future (for example, consider whitelies.) so if being with ed means "better query language" then i'd be with ed, too. (i think you're misreading ed, fwiw.) note that one insertion i'd want right off the bat is better wildcards, so that one could have per-type wildcards, apex-inclusive DNAMEs, and probably other stuff i can't remember at the moment. these new wildcard forms would only be visible to clients who understood them, so they'd be like DNSSEC or IDN. my two hot buttons with the current design are that it's middlebox-prone and that it puts too much workload on the authority servers. authority servers should not have to do any kind of wildcard synthesis, and the ANY qtype is just right out. an authority server who has wildcard data that fits a query should be able to just give out the wildcard data that covers the query, and it ought to be normally cacheable. and of course, security would be built in from the get-go, both hop-by-hop (what we do with TSIG and SIG(0) today) and end-to-end (what we do with RRSIG-et-al today). there are no new clients being made for whom this kind of processing is a burden. a wristwatch made in 2001 has more RAM than a VAX made in 1981. let's shift the workload and get authority-side processing out of the realm of supercomputing. but this is all just talk, as long as the WG's to-do list remains endless and as long as we're putting new (SO) lipstick on the DNSSEC pig every year. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From abdat@ausfa.com Mon Dec 18 15:07:36 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwOlr-0002Rx-TG; Mon, 18 Dec 2006 15:07:35 -0500 Received: from p508246e5.dip0.t-ipconnect.de ([80.130.70.229]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwOlo-0006nu-7f; Mon, 18 Dec 2006 15:07:35 -0500 Received: from 202.174.84.34 (HELO mail04.domaincentral.com.au) by lists.ietf.org with esmtp (07(1O26X ?5NAF) id -)89-5-A0(,E/-/A for dnsext-archive@lists.ietf.org; Mon, 18 Dec 2006 20:13:54 -0060 Message-ID: <01c722e1$0aac79d0$6c822ecf@abdat> From: "Cecil Hurley" To: Subject: Windows Vista Ultimate ready to download Date: Mon, 18 Dec 2006 20:13:54 -0060 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 1.8 (+) X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014 Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://horrytrader.com Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From frank@tucktv.com Tue Dec 19 04:03:49 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwat3-0000J0-4a; Tue, 19 Dec 2006 04:03:49 -0500 Received: from [195.209.32.38] (helo=zurichdata.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gwasw-0006TL-Az; Tue, 19 Dec 2006 04:03:46 -0500 Received: from 216.104.160.31 (HELO mx1.daemonmail.net) by lists.ietf.org with esmtp (F)8@(KVEXN/ *Y58O) id 2R7*/0-0Q8.(J-=G for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 09:03:42 -0180 Date: Tue, 19 Dec 2006 09:03:42 -0180 From: "Gail Coleman" X-Mailer: The Bat! (v2.00.18) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <875923460.24812429640464@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 8bit X-Spam: Not detected X-Spam-Score: 4.3 (++++) X-Scan-Signature: 08e48e05374109708c00c6208b534009 Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://awfullastiostra.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From cristina.v.weber@grandislehoa.com Tue Dec 19 06:27:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwd8H-0006Ra-RB; Tue, 19 Dec 2006 06:27:41 -0500 Received: from [217.20.89.31] (helo=adsl-pppoe31.reus.ru) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwd8F-0006kY-Qq; Tue, 19 Dec 2006 06:27:41 -0500 Received: from 205.178.149.7 (HELO INBOUND.GRANDISLEHOA.COM.NETSOLMAIL.NET) by lists.ietf.org with esmtp (3V,C=R+G9 @(.U) id 0:0=02-1T1+;.-E( for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 11:27:39 -0300 Date: Tue, 19 Dec 2006 11:27:39 -0300 From: "Ian Rocha" X-Mailer: The Bat! (v1.53bis) Personal X-Priority: 3 (Normal) Message-ID: <222930882.62996504175355@thebat.net> To: dnsext-archive@lists.ietf.org Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Spam-Score: 2.6 (++) X-Scan-Signature: 08e48e05374109708c00c6208b534009 Please let us represent our new special offer you can't afford to miss. The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://lastiostraonline.org Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From uni-blindsuwty@i-nebula.com Tue Dec 19 10:19:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwgko-0004gr-9N for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 10:19:42 -0500 Received: from cpe-24-175-228-247.stx.res.rr.com ([24.175.228.247]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gwgki-0005de-Oy for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 10:19:40 -0500 Received: from inbound.net.registeredsite.com by cpe-24-175-228-247.stx.res.rr.com (8.12.11/8.12.11) with ESMTP id UCgYInY3TqHEqL for ; Tue, 19 Dec 2006 09:21:17 -0600 Received: from unknown (dsnat [19.21.238.83]) by inbound.net.registeredsite.com via HTTP for ; Tue, 19 Dec 2006 09:21:17 -0600 Reply-To: "Sabrina Morton" From: "Sabrina" Message-ID: <8499807627.20061219092117@hhzxczck> Date: Tue, 19 Dec 2006 09:21:17 -0600 To: Subject: Windows Vista Ultimate ready to download MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Spam-Score: 4.6 (++++) X-Scan-Signature: 08e48e05374109708c00c6208b534009 The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) Windows Vista Ultimate Upgrade (DVD-ROM) Retail Price $399.00 Our Price $79.95 You save $319.05 http://kolubmus.com Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future. From owner-namedroppers@ops.ietf.org Tue Dec 19 10:57:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwhLB-0003Is-1C; Tue, 19 Dec 2006 10:57:17 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwhL7-0004CI-HR; Tue, 19 Dec 2006 10:57:17 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwhCG-0004Jx-J9 for namedroppers-data@psg.com; Tue, 19 Dec 2006 15:48:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwhC9-0004HV-9Y for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 15:47:59 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 19 Dec 2006 15:47:56 +0000 X-IronPort-AV: i="4.12,187,1165190400"; d="scan'208"; a="6418277:sNHT30644540" To: namedroppers@ops.ietf.org Subject: additions to dnssec-bis-updates-04.txt MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Tue, 19 Dec 2006 16:43:02 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 19/12/2006 03:43:02 PM, Serialize complete at 19/12/2006 03:43:02 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c As promised (though a little late) here are my quirks from the dallas-ietf presentation on DNSSEC-bis omissions: One rant on DNSSEC-bis is that it groups empty-non-terminal response types as "name errors" instead of "no data errors" (section 3.1.3.2 of RFC 4035). I think it was Rob Austein who explained during the WG session that the term "Name Error" used in DNSSEC-bis does not necessarily reflect "rcode=3 (name error)". In hindsight, this is purism, and does not create any holes in the validation logic. This is not all that important, so my suggestion here is to remove the following part in dnssec-bis-updates: 2.2. Empty Non-Terminal Proofs To be written, based on Roy Arends' May 11th message to namedroppers. The editors are trying to figure out whether what's really required here is a discussion of the relationship between DNS RCODEs and DNSSECbis. Other points of my presentation in Dallas were: (1) ancestor versus parent terminology I'd suggest avoiding 'parent-side' terminology in favor of 'ancestor' for NSEC Origin checks. For every existing name (except for the empty label/root), there exists a spanning NSEC in an ancestor zone. Not just at the parent zone. So the following rule for the type-bit-map must be true for proof of absence of name check when NSEC ownername is an ancestor of the QNAME: (NOT DNAME) AND ((NOT NS) OR SOA). My guess is that you wanted to state this in section 2.1 of the update document, but that needs to rewritten. This is somewhat a purity issue, since the validator can't distinguish parent from grandparent or further ancestors. (2) gaping hole: validation in rfc4035 for unsigned delegation needs an NSEC for proof of absence of DS records. Section 5.2 of RFC 4035 states that the validator needs to check for the absence of DS type and absence of SOA type, but fails to mention to check for the presence of NS type. If this is not checked, spoofed unsigned delegations can be used to claim an existing signed record is not signed. (3) spoofing cname into nonexistence. If response is of type nodata: check NSEC for absence of CNAME type, otherwise a claim for nodata at name X/type Y might be a spoof, since the type might exist at the canonical name for X. (4) expanding wildcards/wildcard no data response Both response types need a proof that the wildcard is at the closest encloser. The closest encloser can be determined by comparing QNAME to both ownername and nxtdname of the NSEC and take the nearest common ancestor. Every NSEC in a response MUST have the same closest encloser (this is fact, not a requirement). i.e. validator must check this way that there is no closer wildcard match. Hope this helps, Roy Arends Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 11:20:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwhhm-00066s-Av; Tue, 19 Dec 2006 11:20:38 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwhhi-0008TX-Vx; Tue, 19 Dec 2006 11:20:38 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwhZj-0006qQ-DM for namedroppers-data@psg.com; Tue, 19 Dec 2006 16:12:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwhZf-0006ps-5m for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 16:12:17 +0000 Received: from [192.168.1.101] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBJG7P5j001122; Tue, 19 Dec 2006 11:07:26 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Tue, 19 Dec 2006 11:11:42 -0500 To: Roy Arends From: Edward Lewis Subject: Re: additions to dnssec-bis-updates-04.txt Cc: namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0 At 16:43 +0100 12/19/06, Roy Arends wrote: >As promised (though a little late) here are my quirks from the dallas-ietf >presentation on DNSSEC-bis omissions: Dallas? Or Montreal? Or San Diego? ;) >One rant on DNSSEC-bis is that it groups empty-non-terminal response types >as "name errors" instead of "no data errors" (section 3.1.3.2 of RFC >4035). I think it was Rob Austein who explained during the WG session that >the term "Name Error" used in DNSSEC-bis does not necessarily reflect >"rcode=3 (name error)". In hindsight, this is purism, and does not create >any holes in the validation logic. This is not all that important, so my >suggestion here is to remove the following part in dnssec-bis-updates: I don't think redefining terms in this way is just a violation of purism. I can't think back 3 IETF's though to recall the conversation. >(1) ancestor versus parent terminology > >I'd suggest avoiding 'parent-side' terminology in favor of 'ancestor' for >NSEC Origin checks. For every existing name (except for the empty >label/root), there exists a spanning NSEC in an ancestor zone. Not just at >the parent zone. So the following rule for the type-bit-map must be true >for proof of absence of name check when NSEC ownername is an ancestor of >the QNAME: (NOT DNAME) AND ((NOT NS) OR SOA). My guess is that you wanted >to state this in section 2.1 of the update document, but that needs to >rewritten. This is somewhat a purity issue, since the validator can't >distinguish parent from grandparent or further ancestors. This is only an issue when you are staring at two NSEC sets/records owned by the same name. In this case, it is just the parent that matters. E.g., for www.foo.bar.example.com, assuming all zones are just one label deep, yes, you have a lot of NSECs covering the name. Assuming that www.foo.bar.example.com is not a delegated point, then all of the NSEC's will have different owner names (and signed by different domains). If www.foo.bar.example.com is delegated from example.com, then there will be two NSEC's, both owned by www.foo.bar.example.com. You can distinguish which is which by the bitmap. A domain name will not own records in more than two zones, ever. If there are records in two zones, it is parent and child we are seeing. (Am I missing a point here?) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 11:47:40 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwi7w-0002V6-MT; Tue, 19 Dec 2006 11:47:40 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwi7v-0004jo-8o; Tue, 19 Dec 2006 11:47:40 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwi4E-000Ap3-PU for namedroppers-data@psg.com; Tue, 19 Dec 2006 16:43:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,BIZ_TLD autolearn=no version=3.1.7 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwi44-000AoJ-6d for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 16:43:44 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 19 Dec 2006 16:43:36 +0000 X-IronPort-AV: i="4.12,187,1165190400"; d="scan'208"; a="5916173:sNHT37868332" In-Reply-To: To: Edward Lewis Cc: namedroppers@ops.ietf.org Subject: Re: additions to dnssec-bis-updates-04.txt MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Tue, 19 Dec 2006 17:38:42 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 19/12/2006 04:38:43 PM, Serialize complete at 19/12/2006 04:38:43 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b Edward Lewis wrote on 12/19/2006 05:11:42 PM: > At 16:43 +0100 12/19/06, Roy Arends wrote: > >As promised (though a little late) here are my quirks from the dallas-ietf > >presentation on DNSSEC-bis omissions: > > Dallas? Or Montreal? Or San Diego? ;) Dallas. > >One rant on DNSSEC-bis is that it groups empty-non-terminal response types > >as "name errors" instead of "no data errors" (section 3.1.3.2 of RFC > >4035). I think it was Rob Austein who explained during the WG session that > >the term "Name Error" used in DNSSEC-bis does not necessarily reflect > >"rcode=3 (name error)". In hindsight, this is purism, and does not create > >any holes in the validation logic. This is not all that important, so my > >suggestion here is to remove the following part in dnssec-bis-updates: > > I don't think redefining terms in this way is just a violation of purism. > > I can't think back 3 IETF's though to recall the conversation. > > >(1) ancestor versus parent terminology > > > >I'd suggest avoiding 'parent-side' terminology in favor of 'ancestor' for > >NSEC Origin checks. For every existing name (except for the empty > >label/root), there exists a spanning NSEC in an ancestor zone. Not just at > >the parent zone. So the following rule for the type-bit-map must be true > >for proof of absence of name check when NSEC ownername is an ancestor of > >the QNAME: (NOT DNAME) AND ((NOT NS) OR SOA). My guess is that you wanted > >to state this in section 2.1 of the update document, but that needs to > >rewritten. This is somewhat a purity issue, since the validator can't > >distinguish parent from grandparent or further ancestors. > > This is only an issue when you are staring at two NSEC sets/records > owned by the same name. In this case, it is just the parent that > matters. > > E.g., for www.foo.bar.example.com, assuming all zones are just one > label deep, yes, you have a lot of NSECs covering the name. This was exactly my point. > Assuming > that www.foo.bar.example.com is not a delegated point, then all of > the NSEC's will have different owner names (and signed by different > domains). > > If www.foo.bar.example.com is delegated from example.com, then there > will be two NSEC's, both owned by www.foo.bar.example.com. You can > distinguish which is which by the bitmap. Yes. > A domain name will not own records in more than two zones, ever. If > there are records in two zones, it is parent and child we are seeing. > > (Am I missing a point here?) No, you're not. You want to be sure the NSEC record is from the correct zone, lets say "from the zone that has the authority to make that claim", and not from an ancestor zone. I was ranting against the use of the word 'parent' instead of ancestor. that is all. Roy Arends Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 12:20:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwidK-0003e8-EK; Tue, 19 Dec 2006 12:20:06 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwidJ-0002rJ-1o; Tue, 19 Dec 2006 12:20:06 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwiYH-000E8a-Eu for namedroppers-data@psg.com; Tue, 19 Dec 2006 17:14:53 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwiY6-000E7F-Gz for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 17:14:48 +0000 Received: from [192.168.1.101] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBJHA892001847; Tue, 19 Dec 2006 12:10:09 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Tue, 19 Dec 2006 12:14:26 -0500 To: Roy Arends From: Edward Lewis Subject: Re: additions to dnssec-bis-updates-04.txt Cc: Edward Lewis , namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 At 17:38 +0100 12/19/06, Roy Arends wrote: >You want to be sure the NSEC record is from the correct zone, lets say >"from the zone that has the authority to make that claim", and not from an >ancestor zone. The only time the bit map will give a hint whether the NSEC is right or not is when it is parent/child involved, when the owner name is the same between two NSEC choices. It's possible that an NSEC owned by an ancestor label will not have any delegation information. www.foo.bar.example.com - A AAAA NSEC DNSKEY RRSIG foo.bar.example.com - SOA NS NSEC DNSKEY RRSIG or NS DS NSEC DNSKEY RRSIG bar.example.com - TXT example.com - same as foo-bar-... com - ditto . - just the second half of the above Come to think of it, none of the ancestor NSECs would cover the last anyway - all of the next names would be at or before the next name down. >I was ranting against the use of the word 'parent' instead of ancestor. >that is all. In this case, it would seem that parent is more accurate than ancestor. Also, keep in mind that the NSEC has to be signed by it's zone - that ought to give away the authority of the NSEC. The only reason the bitmap comes up is if you want to avoid having to look at the RRSIG. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From afshin@mineramexico.com Tue Dec 19 13:04:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwjKg-0007SI-Fb; Tue, 19 Dec 2006 13:04:54 -0500 Received: from host81-159-130-72.range81-159.btcentralplus.com ([81.159.130.72]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwjKK-0002gm-Ja; Tue, 19 Dec 2006 13:04:54 -0500 Received: from 200.79.27.5 (HELO smtp.mineramexico.com) by lists.ietf.org with esmtp (?(1/-H71(,N '07>) id D1)7E0-58 for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 18:04:34 +0000 Date: Tue, 19 Dec 2006 18:04:34 +0000 From: "Jayne Mccarthy" X-Mailer: The Bat! (v2.00.9) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <399460832.15483933597946@thebat.net> To: dnsext-archive@lists.ietf.org Subject: "OEM" Windows 2000 Professional OS (building a new DAW) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------BDAA379D3712542" X-Spam: Not detected X-Spam-Score: 4.5 (++++) X-Scan-Signature: 00134749b78ab2213964fc53d03de937 ------------BDAA379D3712542 Content-Type: multipart/alternative; boundary="----------6E5B67109679679" ------------6E5B67109679679 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 7bit This drizzling three-day January thaw,Dismal, endless plain—Side of the painting, the world of that wise, white,How can they get the point of how a worldAt these masses the snow hides from me. visitors' dugout. The osprey whose nest is atopThis perfection, this absence.Given by nature will soak into it.Seen. What you know is only manifestWill sound, then the Lord's face will luminesceOnly a whiter absence to my mind,The flakes which have stolen onto the flagstonesAnd melt the spirit; his mouth will distend ------------6E5B67109679679 Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: 7bit "OEM" Windows 2000 Professional OS (building a new DAW)
This drizzling three-day January thaw,
Dismal, endless plain—
Side of the painting, the world of that wise, white,
How can they get the point of how a world
At these masses the snow hides from me.
visitors' dugout. The osprey whose nest is atop
This perfection, this absence.
Given by nature will soak into it.
Seen. What you know is only manifest
Will sound, then the Lord's face will luminesce
Only a whiter absence to my mind,
The flakes which have stolen onto the flagstones
And melt the spirit; his mouth will distend
 ------------6E5B67109679679-- ------------BDAA379D3712542 Content-Type: image/gif; name="kccexpw.gif" Content-ID: <5BDAAAA3.71096E5B.6796E5B6.E5BD3796_csseditor> Content-Transfer-Encoding: base64 R0lGODlhnAGnAcQAAAAAAP///w0N/H5+/L29/CthozaN4x1FbvDx8s7o+WKXshQaHTA2OU1YXVPN 8O/5+4Lk8XqBgdvd3cD2sJHGepTyGHGWOMPEwdnuYfTOG99SF6GgoPz8/P///wAAAAAAACH5BAEA AB0ALAAAAACcAacBAAX+YCCOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj0iSJHVpLkWSyzNJ k2yuiBWiedpKu00vLjqllsQqMvq4NrtxbRwDdWHYN6MGA/+Gbex2SxtlJAh2FyUcdXZZJX8Nizh6 fH1QhymGe5EvVjeblaAxn1WUDBccJn93qAERe6yhmHYNVxx6pyiTJq6HsCKTi74zrhvCb64RxiKq AcEuj552yrHUJc400CIMyYmArwEcCBzT1c2B4xyXKNkkesjCveg2tt+gioy52yLyLX/c8+PKCTRx bYY/VnYSSWDQQNc+cuWCoVtgCsW9OSM4SFjQYCHGERIhuqBHqdK4Oyb+NAba94IDuxoiB4YaFcMl wzwVM/ojNuIKIhIbIkSg1SiAlQ0IhiLtKZTomaBKCS1rupTpnSuqIgxKmY7BFJsREOj5evBozw0X EASlJdVKA60ceAKlWvTCFSV3gW4NoJaq1Iw2G5xw1QCVWZBNI/xcpocWJStUF6M4LOJCYsknzFp+ W3IE5LeSr5TxScJuZ89YlDbqy7ko6sgn1kaIIk1RXr2YGTO8ezDj2EkB5RrV480rqjpDAWWRQNyb BFbMGVAEJDl68efa7EznRR0FMVi3bBYbEWFBsWvE9Ez3CrR48vHDixs39zGAqsWLlqv3llvJuRKr 0MeKKt4Ilh0g3BD+uF4EKlxDICAG0nGHe45ohyBOJc3Szh4SJoePdc7BouCFI4hVnCpZqOKLR7gA 6E0yCxXmGSPljUcSKmJRhJYqMi6iSTEm/kgcdrw0sUFjrAS545DjBHWVXXZo9RdYAWUiToysdPWc M/QcAuU20M3SBHfjKWkXk5m0SBwlj6BS5JkMkROXPqUxcpw0RkVpJEr2rXmennDOd4IzHin25Wkg IdgEk8sAyguD9sVZGSBJ9jIoIDuqtJtdvDyxiKFH/tfKHU14gyOfjTKgTKh7ALkSOP6YyAdJsDL0 3Dgs0lcMOqrcGo47J5kijkod1WrcOCYyOE5+4SBAUYspcVlHYeH+4KPpsgmBw+Q4vKAyZ2HiJKVj k+cgCyw9kKbT2D7AdZUWrramcBEJc/4jUZvI8kRuMm4yNKymiE6qamDoJMWhhK80i2qU//Z6URaB VXTRNIvs2i+/+dJJ2L8e4aHpKeEsRBEryPhGZyJUIusPu8J+xy2H6KLT5CAX+XpjwRIxLHOW7SIb UkjuqqAlOC6Lty+2A9crcyTBgozsKjf7XFs2yOkBTia36iyz0PT8VK0p3t4bDz/kUourzRzoyMTU Ywe0NtjoOMSszO1eQhLMGyzwD0HlBosdOh7tIwHa4xJcsIrgePRErlzhC6+MHonTc91wP8RKHQu4 HQDUBUt3CoH+bPHD+dMLIPIwOpam4PJY6CD38q5z9zyxSgsMC87No1dbep7s/eHk53baNAvNmp9A ZapuM+uRnpob/lAUV6xZfKIMXPkiyA3is4/Lj4ijE0cvc8PQtOBAfWnmYTI01FBvWYqradLHZV5A SHt/Y6QDG4/v1eccJL+NNUJFPC6Vv/KBDTC9MFiBWpS626kDaA2MDZg8sjM7/UciAWiXwJDmtnFQ DlpN8yCHxuI7pWVsgRDRXSOAQz3ANYdh+4hV2JqzHvjwLWkggiHCOtiuNtHLfypCTia+hh0C0s9H xZkOLi5AQ0yJcFf7wKBLwJfBhOlvG/+aUzFWlzDc5cSID1H+xz7SdDjuJEyM/JMYl9IkNEMUpoQP IYYbo4gng8FndgUBhwXO+MU0nsJgyYjTtLrisTJ6I2Bj/M5G2EPHpIXjS7MYVjYUMR3OLDJgs/PZ gxrgmoxc44n7opfhFFdCV0BJRjtsZBNWyUpxXKCSUircdzw5stspTnHKKNvOpmWlcOjLjsHqjF22 VJt9oCpxK5EZArZAHAOWRFNLmJgD+8iV35QOFmCBozTvBw6JYI1eUDsmNJHmOi1p73bIYma25DXI d9RJVegEnCo8ljduoOtfmbChNfC0M43MM5UiAKbwsGlCkrDOd+4E6Dj7GTcsdi5h5dkb/rwVPhVN Y4r2RN3+Hhx6syruijC+cAd9vCcCkJKgW9Hx1RZqY1Ly4Mkc6DMgtPRnnuCVSH3CEpj3Aki9YZlP Vy9DZUn5mQmXISNOhmGd1OAptAYsgEUkHWnKGrqr/R2iYT/dZ/WmCkoCRrVdLHJbPr3lj9rEaIBe 5ZnessgcpLgLqwlDESx4QdLAaHAdSEUnmdDB0/8hDT73ERAsPjWgADVmWAajFmFTBR8pRjBaDAGT L75Vu8vVpqOCFR4frAO7KBX2GyKMB4GgWEVOZkyoFnlEMVsoPKctAmSO8yzSrHhDcsHtIjNl7fbm F1rsBOlfPsKYN6Ja2yzNEzrnku1FrHhYVORttcFCa0r+9scrQPhqcglTyywaghJpPgR0xOHGSmfB nWgKjyHhzRKXuhIvixhiXE+hyD9mZ0dPvrRL7YusxcDr2e8C4nY+KuJ4cfoqeX2tHo30FnEakl5j 0UJ4DC5QLrm0YO6CyXifvN+BLXzANGb3UXLK8Jy2Sx3bRhhCrYNQY156NR6lkEcW+5rZBArMqyHR inl85Atj7JIXQoJ+6sRUXT85WgPvUVAZ6Zh6+emQbhYzHKrgSHQsFuQ71FVT9sxEAZvkY+wZWIFF TPDVzLgHfDbnZQiiTfVS6csTEfedsKjxCWfxt9t1qroIBuND1PLC2ej1RWqGmCKagxYWO/nC8gqS I5v+ZTtkidV26FRDPyG9Z0l38H1S2NrtEGBpgkL6ke/6MqUBs8xLZzEcnjZ1E1BNtpBJ4V+kLvWe KQ04J2iaa6UWhqMp6gWnZUkRmfZZWhA7PVLTD9S+tgirS/RpYWcx1llc5ptRNmpkRWHYng4DsX+t kVc3q3i4TCGwbxXPSzfv3Ay1nK4ZStB0A8bd6n53sUXJD5TVW9PFvje7291Pere63uq+9Qp2Zjxz 97vc+xY4V7h9cGVPFt3wRrjEubZueCc8SwgX+LdGvXCATy8mETcwwe0975G3ICYjQXkijAcOljxc 4aK0d8EBnnKWdzzfCW+50GY+b3ql3OT0RhkL5AT+9IB76+bTy0LFUH70HdD85APXuUVk8gOVw8Dq R3h6NbDOA3HDhDsSpbrYx072spv9DVkh99nXzva2u/3tA2c11+FO97rb/e5CKDre9873vvv974AP vOAHT/jCG/7wiE+84hfP+MY7vhxxoAIZiNCGyD/+8pifAU2o0OQgjGLzmQ+96LPHVDfMUggFyePo V896gfWBVkP4/DpbT/vRqx4JsEc9i29f+94jXjaBxstbFKOX0aClNHnxCZ+FEtXTT6U1g0pMVeby luDr1PfYR7yiJ1T6B0UJQyTQEIb6xSrrKrgeORQVX15o/oCyH3EbzL78Bz9itCDxs4Z6VK0i5KP+ m0rMqZuSFSxTJmsSKFNQgJbxfURDKvcXRqg1fxCIdx9jbdLBVAwjSeeQH/unRpd1Z2jGV3jTN8li CbelQPACN5xWgdikNxHYgnznOLblSsFDVSHkUd+ADMNyLhwESiSRRRi0BTvzB5kTKWYTg+H3gC6Y hG0XQEsGT45zO/UkDu40PpLSM0x4J0nDQm2jO16zLJxCKX7VhB0kWUpYhmzHTTvoQ/5FLXlTGK4j DeGGhiHhMqnzNDmhQPLRVQDGYukQdmb4hzLxOr/2SgPTG/6lLKT0CqaEOG12RyEBHGyEQP+3XWjR LVo0iLXELvoEiJwoEPXiGnKFIvQSUVR1UHv+4DK/QFtzw4ROpU+KQx/vskxCGD6aI4rkQVqdmIvV IFcuNTBh5X/7tQ1mFVn14FesdTMttYCFiFQatYxb1YsdxHG6OI19YCKcBCvT0VDs8SszGFx2uE5P ZF8DI1Cf0hNQ4zBtVhvWCDHPVXqWR43wmATLxV3E8VDoVWJj5ERotjc1dmjnF4wkJlkH5iHEATI+ wl3dQj3xuJBvoCmkMoN4aCtkUyR45lbj11PcwluzZWX0wxyVhBQ9szzbgDnJY2gMeZJEUGsSEC7y gDPvcm/Sdmy5ZmzY1Gj71mmVFgbp1E9k8G0vh5JAmZL7Jm9Fh29F+XEU9W8Nl3Ejl3M+F5T+UDkE SelxIccS/iYDuXSULdmSGdFycxeVYGkETUd1XxmWZnmWaJmWarmWbNmWbvmWcBmXcjmXdFmXdnmX eJmXermXfNmXfvmXgBmYgjmYhFmYhnmYiJmYirmYjNmYjvmYkBmZkjmZlFmZlnmZmJmZmrmZnNmZ nvmZoCl4nDY4rLRKO2IXqFmaTjA4g1OWoZmLjCZtnDaarKmaRmIauGl/p2l/tukErLQjWCEUwqkV aFGbtxlqr9l7sTmbrEmavYmaWBGd0smbp/mc0BmcwvkWJ1aBC9CdANCd4LkA3+md4Kk+QhGdr5Zr rpmcnric0tacxqmauzmdPgGd9mmdwHn+Bec5nAzGYRQRngAaoAIqoNLRnQVaoOsxfOe5SmTAmtPG nmJ3bb95m7tpGj7Bm9YpBaY5nVoxnOzzQv8poOM5oCRKotwpHxaCokm0HuZZnwzqBA8KofYgoddp mzRamhzKnxb2nwgKnt/5oyNaogOKoBWookaqoix6pEpapOrjE8b5FzLqBiu5TMaZn9lJj94AoEAa nkEqpACqHTzKo0sqH0k6pkiaREu6HmVaIKIBn1FajYNjFISxYliapgbKomHKpGa6p3xqpGtqIXjK pGKapM3BfnoqX4Owkqz5plSQFnFaWujVEB46qewTqZLaFNvZp5q6qWIKCH9aIP2pnYn+QamYGqoc Vhy0MGyyxqhFoAiLyhyhap4dup9BARWhKpz6mambuqtj2hi3eqkeChWkqp2xaqjy0Z+eOjzPsUys 2qpY4QSEoWL7Oa2z+qGSip0WUKe82qumKqqkmp3rE2G+2q3kKq6RmqUnSqQq+mPh0KxEYKDDV6vC qqDV2qG2So+4iql76quWKqn0+q2iSqx0SozrSo/j2q/lumKzoKcoeqcoGhbN4q5B0KOwRJz1WZ3S SakZW6oM9q0emxjlGlkKO7AQQowKW7IGm7DIaqrJmqedeqCguqydJLE6QJ4GqmL+mq/0qZ8Wm5+1 Wq8Ba60qy7L8SqcDi6wLWyD3WLT+3Sq0SGusLQuod3qzzMOsNKsDAhSgOOuvAdu1pgqyQ/urQ+u0 S1u2InusSjuyCBu2JguiBzqogtqwtHA1V5sDJyGe4bm17LO3Auu0l/q1QSuwYUu2Bnu2RzuwB0CM iUtiDZC4YUuuSQu3gMqd08GiFrYrM1u3NZFBBNqv6xOuXtuffMu3HQu4j0u4RSuyB6AHidu6DLC4 SWthqxupqxu2s3uPZAqmRTqoLxthZaK5MGELeFueeiupBTB8xOq0IGutoyu4p9ufs3u7s9u4R2u4 r0uw1UuuftsQjnu9kru7k2u55wpawIuVHjS8xGuqBUC6x7u9xiu6Yvu4Icuvtfv+ugt2vSd7vUrb vfJbrAwBu+DLu2/LsIU7t+1avi/gPU5ls6AatOHqvhGwvlxbuh9KumF7vNybwbh7v92rvx3Mugvb GPyrvqE6vfybomoKs5WrpydsIV6DwDUXAQDQpXZQu/AbuNvLsQ2AwQ0hwTvcv6bawtlrsgRbsot7 sBksv0W8uwI8tQScqZBAtzCsBb7Uufb7w0MhwR/avqYLuqXbrTzcw9pLtGULwoXqDa4LwPhbw/17 uwpbuSt8sysMsyGcpd05Gz03xSXCLT9KvJ6bs1zsvs7bt6ELxPfbuDVcx93bwcUhxPRow0Prxug6 uW8bouLLYIt7p2Ghx3EXFzT+3Lpi27zaG8GDHMbya8qYPLL5m7REvMRH7LjUO7RnS7AOG6ZxnKcq hq43i7mc3AUZib4UcQAFMMyBHLpZ3LTl6sWGvLL2G7vTW7Lrqr8VtrYJq7poisu13KlH3ERiigdW 28uA0QrjOaLCXAAKoACkLKqBjMoUjMEYLLR+a8OQPMEFvMZJC8Cuq7/3fMjUnMH1K8K667In6sQN nLiWXKBRnMcIvFM2G8wHcM7oHAEaYAEaoAHKPMaC/MNinLDzvLJHHFkfvbCMjMaoOgsdPb9L3J0H INBTG6KgWsTZrDdqB87olDddKszn7ABBQdFDoQEUrLI5XK4nncrQO80tfLv+vdq2qivU5orU4TvQ LI2//nnQ/8kvNB1QTdLQHGEB5wwBEyDRGFDRFT3IoerDpkvWqTzUzGzPrEyyI03SVzyu8+vGxMHS LlueC/DRbivH5Rlm4Ow9Nu2dgHAAEaAATWABG5ABY+3TyZvE8JvR3XrSQ93CIM3KR7q4J1xhsYzS zbHSA13JLv2ys1zJRKo3WrfQy4K332kHFtDaFKCfGYABiT3Wg6vRDMbD7FzUjg3JJizScJ3G+qzG aTu95Fq7/0yMUW3LlNvALRvTFBFNNF1qeZO3DNDaFiB9GyDWPm3BY5yw1mrDS5uya81+wj2mi7zG 4gq5xDHSd03aeJ3LNOT+3OAJKZlbvg+gdKo9Hda9AdeNAa2NARRQwUC9zJvt2OqdyGp7v41spEYb 15GNtLdry6E94YQKwk5cyxUIpTDsSugLCBqQARFgARRwARjg3xRt0Uz9xYbczI9c4NGruCiqxsIN uwCs2R0tz6Md0FLr3kyav186oLPy15Q0vHYw0RRtASWOARUA4AJerCQcyeJdwGQMzdc743savUZb 4NWL3Mp94QcdwnX93qDdnaa1nuzJ4V/KAEYu4hVQARRAARUA2TcMxtUswk6OpYwMteW94Aku191a 2bS83F4u5m/t5RT7LAfMyfDSxwty5HDu5tmarfRM3MWtsqs7z//r54j+DOj63OnysedE/M8lTL1n m8mlTeHLjbJh/t54HZ7K0suAIx1BCgjZWgEWYOu2ruJBLMZy3tFS7avyvMo0ftnE/r/hrd6S7KkT fuoEbdJR29ICajawrhKMnqLVbd2t3QCSTsYEXqfQe+x1+tZ9itmDreq8jaXrzeXuTdV+jLuHHr5f ajrgrDsj2uPXbt2aruVca9wczcxMa6meTu4enMhLys/6brDivuw/7rDljtxQTaDgiYtTTDqMTrWs u8Pcjayw/LiXHmGXvtSb/czpvq0lnemGW8LWqx7QHtM9msvKTryWHO1SPMXhIutpLrLdTdQpfvBM K/I4f6okz+BgrsH+m83pyv7wJqq0nx3zh84R0gi8TzPO1I1e2y7IIL3zmG5hRkvp3PXiQd/wev3z 5vpCmWyi2VyksGzHMP/ufR2jdWsuwNyiGsq2+c7zpI7I6I7zaW+oI3+kc4y2dr6ysXz1tGzXQ5q2 FEu5Kx+iXkbz2tLHq428QMz1PNzPRW/Cqjy+oP71w060Th1ZMb/weWvxhT/AXspbiu5BUg+vOkzP /n7j/hzLx23GYI5ez6ypc/ypYm/yec9+ra74K6/0ii/oJfrqehw3Wr0dawHlWX7n3G7NAF20m9+w nmrQ5S3ECOvzXB76o5/mad/0ww/xfojA59vQLZoACQDZQy/4cq3+97R/95l+qtMvHcL9955u7OgO 0ALP463+45ad+CDALCNZLuLZcAHbui8cyzNd2zee6zvf+/mqsQCMiIxIpIFMNprOZ+PQPDAa1aeU IW1enVQruMoQR8nhMTqNXlBPbjV8DP6CvdyzGGUa6fdq6xiJnkjf3kkVwsrPImOj4yNkJGRiBJEl H9JdFBSnHNVW55ZUllMe4FlYFlUcYaDaweEbq5xnXdhpWkmhnyBtW6Groe5CA8KDJHKy8jJzMwdH pXDDBjVnJ+r1VVfd2JdWHl3X7Oxb7Pj3qe0c7hqfoLAJLeBuIPx7sWKz/j5//z7lJQBEuFTZQIAJ J1Bk5Ewpo6n+S7h5Vkh5ErMKjrlDajSa60arCqlb7L7VswcszbxhJXe5k5Mon7+YMmfSpPEsGhFB 06opSVjK4RWFmkRxW5Ulj8db49isIVRuzcU/8rZp89ZOGEs+6ErGc2PyRIRENceSLcuP0pAhOdMp 2WANikWGpSg+VOpx4TpWHFu52tgXjrdNefEEa2mvF1Kusb4eCgvTLOTIknmswEkCQJMIPN82NLWN G+hNCxd+QnMm6iFYfhej+IsSTWBtQEkqPox4ouJWtlNHePB4MvDgwgNUTptT5wYmn59YxNUZZN24 tD8CnRfoV7DrHLGniar0J+Gru9+ZFv/Oq6HWSoazby95xYb+gFpTRNgG6j5sLZqqCwb5cforuOWS nSxeteYUYK9NdAdDH43nx39drQSPFlJscIx7GWrozzMcbJCWcUoksdlyIlGHCl4pKrjVSHHshaBu McLx3YL66eXOeDeqRGEJFv62IZBBQvJMfJfotAQdJpZy4k9k0IVUVKwc1VSBGdUDo0ZSysaNf7Xl WF5WXsajXwQKrICAkGmquQiRRbh5xBJbJuRLRbjVmJdR3SW11UaoteOUlVnqaReDiZn3ZWLniemH FEiwgOaakUpqQ5uWrCWHW3UQJc4qbBGaYouscOHnfB2x9pSgUt2xxX+LHvYaSwSmd8IBSJjJAYaT 6rorcc/+XOBmERJluh+D1l2UimzSQQkrUtZlWWpr0BYYBy4U+efsg7qspu2XPW3QIa/hTuqrcWlp w8AFbJlhVzfPkfRklHdN52x2V8ZIXkevtEuadblk2wu2EvLYbgQHfPuMuAmrSW65I4i4QboNwTUl i6aARtI88Q4KYDnSogrjLM4RFN6/Wm0E4SAU1qoAAxcq/LKQiUjg5nFdRHDBBUnIFhKAoap4zjn5 HogjoB3zRd1H1l5UssmACGPBeenJkYTBMFu9IZq/gigQnJqpk6yAYI7aHG1hJ9id2YudWjSCqcah yilWHbqbi7xkhaMUCvj449V9Q4amBAxYOl9BIrE68oz+85ZXBtBBAzphyik/dReKKPpbcoQo21Zh JlXz7TfoY3Ew89YpNFYsl8buGfZsAJ5DWJWFFW0gyNSCejLmuI+J46xaRFAAFRcgHDrxZo0ueMOl 5Cznlq73G6XG48SbEXqPGxbtLLHF1i/Tqc3tqhsHrLzJBQ/kWjz6Mj2DgOBGOqzZBmSTpqWyn7ou /Z+BEj3r5CFLtzTTMGIIqKFnVrUqmBaE97n0MXAZCGBfTgSilcyIrEn9yg8G7xK91zXFepLbEfZE BZ3qCPBfJeTWqyq0AeA1QYENfCE/OICABhiJCEvw2sSmYrvpWOWCjYuSYfCFKm7VLk8r0p09Ipgq rET+q3d5a4gEzgfDKSZDhjQUyHGIQZDFFWqDoVLdgGRBDgLdTYhiFCGD5GYCJQILZV5iANTKyBvg bSEBC6QiHn9gxQjWTESWYxfQwrZBv5Cjevhq4iGPJra4XPBBNZsO/8rYDQVsQgoSyCMmI7FHCabl Ycm5WHj0dT+NTetFGGkb73ghxLdpcH61ySKFLmcCpx2GCgUomBQK0IBLZrKXjNhjw6pQnz/Yr3HG dI3bEBm1rkRNRokDpHiyKB9tybIEBCwgNWulS13Wyje+/GYPniGEwWnlk80azSD15Lh6SamU1+PR tPzHJTHBsgRGQKIZ7fbEUTRAAWIBJ0BvsD6cXEL+CMIcplLkVjtWyosvz1pox5a5uZbwJU92auhl 4MFJk4lpbtrKGz8VsAFIBbSkNkFAJbAYrIIkR0U+PKZe7gW0fGKlmWcE0yIPVUN7IuZuFlAmebRA SfHpUqQkNSlSXwAQ4xhhGlaI3+LoxE6YUqmUR5OoKmt6U1WFMqPpyYy5yqNVk3xhqE2wgAImkICk stUFNyHnPQvSqpdOdaYdjGcJsYfNsYZQninRRTRClKmguoWnJ4jjXkkgvt/lUgEFoMAF/tlWpHYo pWpRCdIS2kGgTU9GJuPoqbLVh6u+JhydKocRfpXFJGQxDW5BwU4ocNa7wUYBFhCfBRpAAQVE9o7+ k83kW8v1SNOYjZBtO2Zor8QdZo7VBEm43ji2eBUiFLYILcso/DQjAWoIcwwUGKYe6qkfvW1CAbyN rBR/C9DKDC4nckHCEcPoojGyRjdEyx8wciSBCARVBN7xTEmOg4QIKkGLC8gEF+JXKt2mUHxDPYAF HnveBBxVvesNgGUvsQ3lPO+U/UvmZmknqIiSoAn1pNB+xZgqiVAHYuMEALpAFD8A6OxDrviQVymA Y9oKVXwHKABacZYAXlq4pPCxlIabsGJD/YUNQnuo0fYnC9WUuD4SuIAcdTHD+h6CIAZDaAKm8QAX RxDLQ7iuFluWCwU7TMcXoMDm9tkAtJ5XAkT+LvJ6PYRFTq4FvEzeFjsfetehRQFHEAPUBgL33Acx YL+whVhyDpyuMfQmfkqQQAPCvAca85cY/KWxEKrBBxxz2gpISGE/6djP80LgAnfG8zeJVEMYtwa+ UaWX0BSpP/s24AI2RkP5rMAHX8NTEPDbpRAWkOgL8DYBSXD0ER5AgKemC9OXlSCaZwxqsPhaBDOe BibgHKbxVnK3V/a1HWGd5yKptKlP0JnjDES4JVb1DTjzSqYf0OkTOHuWxMAZjk9gZ4hJAKXEQCkh cNZrqPqafeiqDwJSvAcFB1zJw37qCFhLjO9+5cfknbMCKCCBBGzAn75VdwOPEZ+GveEhRpT+r6kG hCVUjmADCXBKBAaOgpyHmr/FyDk1oDGCe1N3y8QORATCbPMqVPvZQuh1xEVwiUx8+sB8OTWOGXyE DcA5lgd4MIRFaufvVhjlmIQPU7kmgp78WYAzVzHMsfdzFPg60SiA2AhSrALVLuDevRkEwpfHh58j +2boSs6kHbZdJbZsxhlPtrdFoJn6UGMCueWx+Cjg4whTIAEXSIAFemP2WHNAte6j9IHZ4cOPvYgj JH7Kdg+x30wblNgL0DsHDEpjRWuNDzNEdpYc7WzuQvrXNTf9makBovosPF2DV8/mfMfCCFug1RO4 QG69OXrgll4tSJZK41ifr70MkQQ2d1j+mBttY03f3ufsS4vh8S6IBzTB2l3G9OEnnWlmf2S/sNS4 2qVAeFETesASuW2eyF0ZBcCR9m0fHiEM312WAKZZ2+XPO/WF+BnG3x1Y4KDLrwBf+x0c8nBgy1xA zeTe7UHV0GFZtOHfLllbztnZvhmH1EFIYv1UnCmB+ERByEkABFjeEUjAyTlg6DwD6exZSywBXVkg GckUNjXRz/WdjeVcCZJAzohgEcQf6WQcCiYaIIyUQTXAmKEBd62dsF1bESiREXjFNCWbSQhVFNyW BVDAD04ABfxUzhHh2ZVe+zCVGHgaGLmdvF0J+dFctGxXo3Uastle+9EYApTAzRADyUn+XsHV3gPY Gf6hAbzJyk4By+nFEja1Vo/toAU4AAVMgB1agQWkmx5SEeCkncMQg+kshQfdF+t9kFckGs/JnqtB nt69X8aRTqLZWbo4H33QFffwFFyBCPW0EWKN29cJBoSdoh3+FANQgGS14gvJTB9aytqdy0wZ0nHR nLzpwi7hjGsNmR7oXeCsRcXpjHshBogVBhpexjTxjgEWgngxAHnhFgU4ACreIdRQwBBq49UADvIg 4eLM4yBG2XFVyTDwQQKMmVdEQPeZn0HNoGGdGXOJkL+wkUp5VSqNiRyN1yegFQVQ4x3WnEFS0fpI nQS5l4j4GX0pykPOTqycQGR1mib+uuEa/aRIDo1xAZFhbVRMgkgfkBMhBiUc4tYBpOQP3iEKUEB6 tWTxJAIEBcRwKRKV6FXkfMxX7oHFlVE9HceJ2U3iyBKflY4BwgNixVI/fcI0qqQ1HphVwpAMcUBC HuXgZUxNMpNXBhFz8U6AGQIbwVNX0qInaiVTbRozLiUzasWDySFABiQO9t1dvlBewmQ9JoqHfWUT oVKWFZCrnGXNpJBi0owaslxijUBdqsyPVdJjUSMQkgBBZiYDbSaSRaaSzdeEKEqgBOY7leNuHKZA nCHhTBWpNMxR3qMymsurpADLjMIc1qFUosAE4CYDoUnutRu29UIyuZ4hNeTs0E3+mlWZfBymIHwS ZiBBwLnGCTVmeiIlUJKfSNIKLmlBKdLmAurBBWhn+rzEFYUkccncaoyWlAWmMq0E8/mcJLmhe45B Sx3B2tVHT50SCuzUfBqmNQHKPipBhUQBf1rANWEmgBZPh1xRGm6loImn9dxiaz4eJF5B6rWEiBxB T2AGITho6lEaT4ZjRjUnaw5gRNbnCIzCN8wmKlajCbzaifaNgO6mDRYSbR3SjjhXH1haCw2Lsj2d mR0BUsaHhSaHElrJfAWpcNWjY5IAAUEjAumnAtSh5SHnAmTnkxIPQOwZtuXB+DkUcAaRXgnDtmFC d1mokvFdwCkimWIGDVmohBT+EppO00ZtpJShzBSARMjRJVc46Z1azQNZhoa1CjJFFC42ZGsuWsbR qKEKQSVI3plVAptVgoUumnz5Js2k6VquqWu6yhjojX4+pZxKZUZxaqe+jAylVLt1GReAlp9m1eOM psXVnDBZHaMeGPyRQH1EwzQwqoTGyYXGp5B2YmtC5pjUyjdM45LW5mU0WrGCTp56n3vR6Gb9ZkSG 5irtAWvtnKqaIZhmXE7wV6acGo46zCAsFD2uJmNGn2LEqyhcQZwu6XXqArG2q7jkqXxg6DgOZoLG aIm5IYUW2Koe2L+eWUbS0MDkmnmEa+m8ylvyAhWwTIXMISomwJwmJQNkI8X+KozFIqEAOhPMFRuC woMS9JmBwZeSjdMJpOdZrtJn/uSGxqPUlKc7iAKEfd0pSkA10kPZ5WzFYlhMGoln3mRNIajU+sEn FZiB/WFkwhJfLq1DbcuKMiew8FhipcGbZh4qYq2w2tPNcq2nBsDKNad9xVzZ2g3msB2HtpFztpGV khZXmCXLtVZ6WONNjgE3UQGJViYqUq49FYPfwkwisBvPnsvklF90vmiOJJHcus/AwGcqCSnL8Rh+ hc8RyOVTjmhSDoEKFOTnAgmaFMm1xStHkVEkjWT3hOLKeiJr1utnYWCkMi4RvQPn9lVVVEHIQQDW Zq1XYQbv9i7WlJ6e7mn+FZAnPZpn4aauRrGu+Tpu4iZvqZQD97gG1YYd7m4a93pvwvxue8UVBrKN 8Rbp8aquuCareEFX00qg29pXIFCugY4XOujWzDJp7mIG/uZvAJiglM6bKXEsCAXwYfDR9kJv4zZj UTLR24JjghCFHMqpuv5kA1RwxYLv166FLLqe7ARQ9+ij3KZpZN6rgRbg0g7v0ahi9sRlFPxYSkIs iebuEEQADIdL1ugpdP6VDXNwVn2wbZwYwvbw2F5VAdJNyORW9GwB8zUBVC7pZdqvCjzxrqwA343u +L5v+U5UcWbLfA4wF4/joK2vqNwWHAGGE+gNdYacEj+ucTgxG+vKCsz+jHe23J/csAl5sKDeKg+f LDIBFVraTm6NzPYgwRZwXrpSktTaUPcmMnB0SDsmKy2gEOpKcghnVSe2VyUvE/tmmcGaRhJsMl0E chNs024p8WsqIyKbcqQYYfBmEeRJzvl2TxCr7g43c3L277jmmqcggS7ZAT/dUgMA2ZzRZiqW79QR s6QY4V4aybI272hesTNn8dZI6mo668yd74E0yLuZVyZw0zY7AZI0gXnRoWXO8SGLc6SgSVZKcUfS VACzrQg77a1Cbgptldpg1h9kcz7/zhH7WC4VgHlR0u+QKCEHJEEU0HF8i0CrCTciITmB5+ASaUK7 b+JuMQH3cOTEFPP+8gUU+FiIYjRG68eqKYFG4y7nAuUGlLRJy1A38iVwlqorMw1M32frvm1EUxQ6 5BJGb/NGX/VG0xFGb3QSgzQD71XLEHWavCS8TmoH3w00O6akcrHyIizknpgen1ARX7THxalItRoE EIBdX7VOl4k/b+4WPaFOlrJYk0WUNudG+a8ypbUj1TGuUvLpyhwJd8cobLVBKIBeD4ACaLZ5aTZn X7VWN1sCJMB3XV69sUGtCE9hA0mKhu9ZQvJSoyk7N7R8qqnAcOUjE5NcdjZvixRWb/RnZ7WPKQDN kjZz5DacTOxqB8dhe58E/mlWqO9sv/Xy2iNbznIk2VVF6bRG+/b+VQc3VpeJeWl0d+8gZk+AAjDB 0lzHyiTacm9IazcyYI6nU/+LemIxba91AaNsrbZLGXzdb/92mQz4LZH37zhWAZD3YpUc1VxQWSVH FL13hjxQd0ox6wpndDP1Y0/yHVd3JlMpbFx0d2M1ZxM4gpO3Y/1Ogat4gh9xPymHvhQANSS4ckt4 ZIjFgMKrVgGVdLOzNE33Y3f4bXtEacjcpdZ1Vqc4ea/4krP4Nm1zgSe4j8FF3PQTBCR4Htp4e7wE QTlnLRopY6s1bXNohy8uYdqV7RJVeje5gWN5lLv5Njk5lCe4lDtYKvTyBjhAghuAzWn5louTa7N1 fhnpeIDkQpf+cJm7dDRzFka7+e+wOKTT+ZtvE53PeWwCj1bnMyjIOFY3oJ8zN3shtiotM1s79juX Ja4K+Ydj0PPQ9ZJHOYL7dC5t86xD+ZxXkk5X9RQcOARc9WhX5af/TahbeFuaKmuGuaHX93UzpvtI rlSnJZETFZ07eYuzUD5T+o9lOx1heq5r9Y9p9KpBgAEowLgPWZYHO3CIRYZ97Y7jd6Err4c/b9vG O3zqUIU0+pM/OXNoAHNMRK7/O8Avlnj3+kZTWAEwwFqhe7oPe0pfaYaHOTOeugirbG3f9zzbO1B8 gqTXuYtXgQZ4/E8E/L0HvJo7AAE4gAI4gANAAAKwTKYRtsL+M4NYiK5BO+tLHzpQSjxbKy0Pv3Z0 pYJO93KtN4AGFL3RH33RW8RO57p/AfwFQEDJoXxew+zNwnzMK8PMz/DyKvXKQrNDRzy853eQQ2/B TkW1BP22i08efDzSGz3R+zvJ53SuT73U9zrjbO3V10TWN7LbYpUWr7N8/32Zb6gblQ10pDnAM0Db L37Sn7Nbkigs6HSc9joBkFwZnACw5/1MzHxZDyl9i2SPa1QJVzfPb7HhroimkLzasz3jI/2BpaLa yyUckegSj7z4bMAAQEACOMDlH5zmC/sFu/Z9c6xZmyZz8nzX5zdKe3hFIQ2SdjtOK37rI70QUEAF XH8F0D7+7Wd/9v8UwDvAaJ9tIHju75dFh2Dw/va9DkP2bIO9S6us6Tu7qpiB6qv9GEy/0VuABiwA Bly/9WM/CFSiVZHUcqRqqiSQ0hwMsyzNE+T6zvf+DwwKh8Si8YhMKpdMTuACWACm1JrVSqNdt9Fo rSvdfsfe6TgsDoO76/M2O5M1GPNGjHFArQqqWUMDGCiYQZhxwjAhorhIUmJhgbeiogARMTezQBPB xNnp+QkaKjrq4wRFZVaVVqN1ZWblJVYGS/YFhsamxpaqtgo3QxdsFyN5wCfJIKicocFM2LBgkZix WE3yGJkisKIQcXBpFYFDSl5ufo6eHiCRWnXLmrkK+y7+f7YWextby+vedgUcR9icb8VWbEtBR1mz ZoWazamAAUMFatVGkJCR4tgeOwA1cXCiLqTIkSTRcZAgpR8aMVpa0cLVy9XLfG306ep1LyZLYHXo DCtYbIHChYQYYtAwI2IGiRUbPVKh8eABS5eyLIjAYVzJrVy7egVyMiWqlCzrxbTpZuWstTD3iUXl 701HYT4lSV0RbxnDQkszRIsIGANFa5D2aExxB+DVj18bO36c7iPKdq98rcrnBp9MsrnY4qyJM208 gD1/xtBjUBsehXxbW/gLkWlFR4UzGjtcFdOCDRwQQP4NPPgSyQzgjn2DJQ3mlVxqnW1La9dbfzZ/ 0f3+WeyuDKGD9vLFMIMChgmBJzaNVCA9n7uJAW4CKTy+/Pm9EZws7k6n2ZmZ0876fNN/Nd3Dy048 +RTDHVDtYYwK3TnTGgbRTEAeYEvNVlh626TXIGIDAbRBAL7NR2KJkEmAQIr4GYdWcrLYI1p/nIXG nC5j5UcPPMDIIBAxQK2QUCAQfmfIXxGJFxFEjFTAR5O3qXdMe36EOKKJVl5JEooISLBifmX9w8U7 nrFF5nM3AejlStb5VBcxemh3DAMR6KWBBXth8Jo0gUkkmyIWyAClhut5GMw3EYQIH5aKLkqOBFoW x1lc+0XX4mWh5QRTP9IViNxcw9hRUJMa/fHHBhr+5OYHBRfQMd6efC5CAZNPBjqqHHRQwAAFvTHK a6+foIhiAyxW9qUsNtEDWrJtCUjZjDlmEhBHdUlyzEFxzokUtJhYBUkDgZEXG2EZCVAAuYKqMAwd EdAQola+vgsvEY6mKGw7+sFjqS01oqWZspjxs+mz2vrhB3YLcqhhCpbkoa4CG0BwQTdVKTABAhS6 euSfs6pnboMFfErBHLuJGG/JJvugJQL1Gjepsfz1a+Ol+hFor5f6rFkaQSpsqJ4kdSjgAAEJDJ3A AwlErIIFSFYYGwWQAAOlAVB2/I0dlmhBQQCJnsw1vFpysLJKlcqjyrGbRSdzZcniWKOOBw5zWEb+ 5c56ALkGOABB3hAQXbTR62bRQAQUUDABBVcz8AgFcpcrtdQcGmNHyNte8MDWXV/OaH1g3/hsSy/q 41l//Mi8z6bT5fjLJXWACpWTHPI8AN565z30AwgM/Q0Mil3xiNIhG+O4AeSa+3EBFnQDTA0XZIV5 872mGAA0NQtcTy77upU2ppHuUmCLniKYWqDk3uYA3rLTXnvRq1IgQeHYQPJIIYLx4XgB9UvdYDd/ t7K85c7/TyL7RO90YyPbcpBljwGFrmbOsl4srPMNgcQNYaKyX/nOt7e9FS1FCjiAeNongQtgAElK 6cvHhGeA4NlNPRLblvIq5z8AyhA4AozAsIj+1TLtmWktNNEe994yo7J0pDQ+Ih7xbnO3C86Ob0Oz w8UqZKHvWCBqjLPf3ArQwuQpT2sz7KJ87MMBG7KMepb6l3L0RRmAzQNNkSKLgXrkI9tMTT0XVKLe XDC0CQRuPBezkGD4MkUrpnCQVsQiDMDRCgkwxouM/E2KwiiWSBbwc5lCG7PSdiaxjTENc7kOMTh2 Lvol0Y4ZJNoGGLCBPkaxNRsIpP0aV8X0dINHuqmBImPYyFySBIxihAt08HVG68XIXjFj22c6EyA1 jQYPPTIIrTh0t1FC4HxD25sCUImxP7omPY1DoePIdUhouIQBEoChLs/JFehFgIA4rJ5zRif+JjSe hTrH9KXAhigQOT6Tm6Ms3+xm1wA97ak1hbAEFgeZwlfKsgCWeJpLbonOiO7SN70EYtvIRqMyHnM6 aLoRG6szMGaurnXmIl4S+4nBDB7AAhLAGEEzEIFAJnSQAnBcBD52B3wxwD5VkqhPz/HIDQBRmC3D pL9okkC1BMieNcJZPscVqLq9MoV19OfsrgmRvryULzdFqFcdZyvPSYGci/ypWckRVBu9YpIyMeOL cBEwZ21PkskUYkCE8Y0KEo+f0azqP72xyq1mYIoN+KoVzSUtLbKCp2dt7ChShIAN3JCtzTEjaNqY E3gGjKlNDelA6iC3FXIMoQ5A6fkCqlX+wTqDr4blUPJcAoCd4tKxtEUCijhwik1S9lKayczaOkMd 0wG3qd+jgz5p9VW/+tMBK9WmavE01a+CNTcsEWBtrzscyAp1qO3cT/eWVUkHHlWS9kSLVQBiK9Ai saTRLS1plagApTl3qxqI6UFb+zFaWkUNDbAudv97BC1dgID30qikyvRDzg1orvTs1I4IZtzbmAuW 0i3kIEurNNVCyE4KkG5Co1RLWvR3tgAu8Q4gO2AFX9TAdYVZZhm8VHZyKjkdCesnuaker+K4kLIM 6ARS+9I5KaDDHdZxehIb4i40oKwmbjLKUpTi8hZ1jfx6WTLF21FMtm1NEH7SChEqyOj+GmDIWMww fe0U0whE4MKG7cNoZDJiJ8uZB70BloxXXFmj8nZ7msrysPRz3k76Ia87blxNw9xNhHZjcIIRjAUy sIHBDbnIpXVvCgdwZFSFCQBYIfGcsSvg0xW4espCW4zXdmrNXnRbd0VvoCgsXaDdrcMYjm/v6jRY Dh9P1pa2NB/ag681RAB6n/70vCaTxhidkUb0/C2BUs290Tk4pEPMcU296eFKO4DXk+72kNms7WiO GadzCZMUOl1sY2+JSyxyYw7l2lsFqvWHxYTnL7HwC/36AdHZrnRftw1woAlc4OXjNVUHqQByKzaB nGZyuk3sKEd1iZiT8pe+MvXsy47+MY3I7BS0qG3cm7KWtP+ualWBZvKUl7bDUtqvK7qA7oc7WUvs bjeeg5nRMmQ2wb7s6Istw+qB1eG+Hv63aVVe1ZNaWmoJ6simUxJzmUMcWBN3oFleXGo/w7tZYmuj x1k9RDt8W8x9PTrSzx7NQ/KIR59DRdSlDuCU1Yu7U7Z4vesJY67zXNnx6DsrSOMwBQxAuv4+u+FN nvCevDbPVOCNp+Hu0/rQ64Y330yDEZhgeGNW76M+799JI6cICH7Sg/e32ZV4+EqzHFUup1TjHQ75 2ko+bGnyruYxrsbN4mh6wuV767UVUDVTYgBFPnj5zD5N8xk+hQQpN+PZsIHKxb7+xI+UXtd3q/kc Dbf3Kr7+jMFEY6GrWfQPIwDAjZ/6aaof8fnVtEtskUZETf+/9YneZItqcQTzef/bT7akkAMmwJBm FDBkBLA3g2d0Jrd+ybdcDYhFzVdurcBDqCB/84ddAiQ9HFV5bUU6qJZ7C1ZeC8Z3AQgM8WVIF5BB yYd+dbR+qJd8yddCirdwm2YcFWiBtcVLG0dZ+KBx4UVevOd90fYfnMRJM3A8DRBfKTVNJYd6LtiE 2wZiTud38AdcU9A/N3hdj9RLPbdb+QcjbFOFvNVnP1dUeKA4Q+YAE3BHLwBw2saCemM+eVNw4cQR rPdWk3WFWOhYvfERW5h5FWf+VMIkhHGVeQrGKZQFNRbQABRATdPUbXKIcnD4guYzaQ3wa/o2g2TA cVSQh3rYWFrYbtgHVx1IZZpVhTTDdRlVD4DzCEDzT9v2iBvQbQb4At1GgIajiJ/SScqhQL7UiZ5o Vjm4iRuoc3rmYlIGhiB4YPthhGiofnpDZkMGAbJoSA/jbcfjADeVIKynGy43gX+2PO4CjD6lTqG4 gW7hhd5XTD+4cUMlDy2BByiHQWRmSLXIUIakP7moAIaji7v4e6J2Qwzwi+MYUXwYADbETiPogz0I VyHIcQ10dwr5eYPjABQwO1CIhEMmevcoei+giMazj/3Ije/3TjI2BQIJewT+qUv154fGdHVXZibZ p0bz9pA+pB8IIY9yWIvGMGkbaYkZmXBTgYQh03JSiHOTBRdk1VMqiU7QI1ndZ3vylHWnWJO7R1ce 5Xs8UgAWyYgweGSGdACJ95NDFjiRszAjKVbPN4hJeVtMSY72IVTtuIN6phbIZJcAo3e5d28ogAIF oJOOSJa500FImCA35ZPCx40A+HwmyZYp6ZaMdFtxaY4FpH/LkT0fiJnrWGXJEZaUAIdQCDmzZImS IHrDsI/++GakxpjGoZSPiU6aI5lx9W72Fk/+B38N5JCZuQWA4oxeiRhhqSDrklcZKXYOpUUkyYuh iJSxpUhL6ZqQCWUJWXn+4zULNIB1EOlRDNR7LMECkVhwGREDioMRcdSZkXNNitUKyJk9q0kF/eVf z9lI2mWS53hUUWCdnFNPu7eJeEkPUKFtckgMMTBFa5cYVaM4RziFgLicCxpbjAWfjXQSUDZxQTQ2 PBQzlKRqNKNWbEQjeTAVYyY7oPmbHYQJl7B2WFRmLjSblsSgqBBnDwqhW4IAUQaQ+IcpqgBj+YmK BNZxfJkCUmNVHjmeKwWPCKEHx6M02zGbqNiixvGiMAqdM1p18cRi2xcPxPSNeMd9QfQPncmCxMBM x7NfSooHSLhtefCSytikN+Sezgml/yNgU3octldqkIKlaKRbmsJU75D+EUAKX1UBOelZY4gzOCrK gZfJnsvZpu/5ps4zL6vyZ0P4EgvJHJqkib14dz1qBUjkALFTPooTEMbzfkoqB9uWoHumoYa4pgDQ ADTXqDJUZ1sip993NlnWVsfCn3qqe+4mNyB6fENmhH7wJ7u5TEMZYlsHkKuKlP0Vca8qQ8c2paPG eF43D2tVOh74g2dSA3IjawhnpIijADvxdx7kAO+nndiprJHKaRGHIs4Kp+s2oWVDjDHGdzzHhepK LFChaPjzJ8AwrHIxrgQIDa6XrHnJmBzFIq0acY/nrr0yLwgQrThaZSJonxdarVLpRkLIpds6cghD pCuFpuJKB7l4q1v+t5+qGm10NwUREHEX4KYNWzI0R3tc2BzJ6W71qns1Sa960LE84lD96gbdCLKn oYnz2aIJqatUEAEXEEKKBLOYI3cqdnNYpzZ8epW4mavL8aPRpRH9OkUkWbHNWKauF4RrerAssrSO 4rJPizmQNbPZWbN5tmXQYop7Crf5ikT1Y6QmCgkc2BIpkAkDq7ELSl5LRXkbcErGwbJM265syzWz R3nYJ21k4aFaoJ1MulFosDjnUrl/gg2mFg8CujubF7nKqa4pMQchcpCK27IM67hYAlktyUCTqmVX wDAH0H+2OYi2K2FQArhYALIhG7TBuql4mq6RGhM+sbQ5sDynswH+7Oq6r2slPPW21rpslFIWSqqf V3m3mru5GvEPj1AA5opvEbSp1pmoSKkmIlMDgYO4S8sbDZADIeK80Cu9JyOMUstWPGi7KHCflkST G1oZthEU5dtBbwUtAQV+q8lnAbkBDXABDwy/F7AqG3AoFyAiapYJLLIB6yYB94u/KSK7FOdd+oAQ 21GMg7uhkbSpqaECYrCI3ngz//oFwruW+NoPz6vDErBOahbBh7IuG6yqHZwiHwzCJQOKyqmQ5rV2 F6uZeXoLC/LCwmsFxkPFYqCIEth3y5m+ZvC8FBzBF6BmWtSiGExsRxwv+WtzZoPAxoUHazSKl+uO 2xoUNrypRBv+txzxJTeMsjYXwRa8TnNQlarqsh8RvWj8RfYxwmTkC2EZB3hauKarE3X8jiKjnjbw Gi9xn8dLeYJstCgrBQOJyL7yEU8ZuRuoMEaaSbdpilwqCXrwVoaaBnZQq/XGybqKsPdHFhg8yiYD l8h7jgxQPGiKpcgol3T8u8yYibwDW7GQB6XbxX1suE5MBxuAwYfcy/JRyvcnqbtpDAYVsvKKnxka BhixrXz5Vlc8y3H7crd8wwHMMuqCuEybzVzjG6aMjNkLFQlXAFRmyw3Mp+aszhd3yfj2cmSxySer 0LccuO4Lxoxbz48bAJLFo70FvGHpJFy6ScabFh5avOZ2qkX+CMegw8eryp6sEDgX/NBMy6gRDS/2 kVt/hhyb+w10xcpKLExvjFHd9Y4SKB1CzM04vdCqkNLWvNJtmQPY7NIk4gSxaTP4tm/5RRCWx3mE uK06PdA3i2dJdi9DbbbSobxGbdQU/DWOudTxYgp3xruWuDC5s04ZO81wu8AGtC+VwtU/TZOmm5uo oLwqTcHPG3GPZNZnjcS4FcloUKaGecKiB1s3XdLjis7BRNLveKtzmrR6bXPqcihjDca31ZZOoNSE rSgwbaecEglUgRGnbcf855IfvdN1LdLYiyxBvZwzoGaIy9mM+0hgJNq5dB8q8XlgmgkemlMNiZ02 rdN0LSb+PF1L/Il7AM0ygbvZYUzWgQ1ZLd3bXtQbMxDd5zzcHhqW5kyF+wkdWX2pSkVUZFytxbzQ YeAHtx3GRm3d1601oZ3dvqwymNBzgYsHC4OiNuzcKxzScgs6BabFmkTSStzX1N3ZD3vdH/Gy9x2f CEAVlovYmTC+PFmaA6ulc2Wj2qqKH0dvWKmqCTzdK63b1w1Z9i3hzgM2n4K4C4AS3w2UPbneO9dZ qjmnpTPXCY7XvhTWfz3W8wLh9M1FLX5ddWAB1uwECCJ6GomEMV7ZvDdlF4dU/tDcRqsvmj3PYAzY K27IPHXGSI5dHKAFgdPkPtENG5BfhyK4Gbex7uTYagn+TLeZSfaZ0pvN2Q6u4mNO5ib2EagQAAlc lgLI5terqThXu9maoLmK0vDd5YybMn1eJSz+5+iUCoZ8BTyckVrckIwMXpfFwt3M0Q093WKd4mCk 6th96en2ZzfwALwx45SkoCmsgQ3MiynR12M95M0J5oZs6a1+XT2HFUnNAaxQ4DOWqjOBo6zMHI3N 5da851piO5Al7I/JGQyQKFUu6mTCg/1Cwpis50fN59Z+7c957CcJ6e/neRcrbykrsQrm5H7d2Sz9 4IN97gS5Oahblp9nlNZq68w2BviBE1y+0vIt2PWX7w0LqQ9kHVNo61ZpqW9h2/T+0I4CQ4a88K/7 ERf+kIGK6TLNlrHNXtS5Lem3Fewb75YaH8HsO9ebp6VeENbSfvHzIn06gO8q767wYcgSYMEuj3Fw zTYzT+7lpPE6f9+G/AAPEEI/z77j7N5Ej+LUDtpI/+cgQd/1EUJ/fNtAzOBN+7A3n9RWf+6SNyLA XsRpn/YoIn3AXt9k3+pbY/aqjvOgbfd3n/Jwn81OkCKVQ+k8P+Z5r/eiDeHsmjI5P/iJD9oebN2J 7/hCABJFHuGPT/k4X/mXj/mZr/mNuvXx0vmP8fmORNbmMKP0DBmjb4Ee7x4jgpaqyyWoxAOr4im8 fEqCJr88gCqBY8Q4r/oCOCJcsgk7sC63rwOn9MD+sL8Dp8TLcwAWvW/bbjr8PZD7LLsDzJ8DqcsD yr8Dzk8HvOwDrNcAHawD1q8D3A/B1c8APaD9rR/7dLCUdHBi+9P9OrAuu78OM6C6OkAHYUT8EnUf 4Q8C1xUxTRBs6dYwkXqdWxmd9VWqG8lIwaWSGq/aiUPK7Xo1GWMjCiJOJU6Nw+IRSZJkVQYzMohi pnNUiooZamXxCFy3wwEwtuhd4kRMmHjuVjUs0PjJxeT9qPGBiXHc5bC4pPDZMCxsEHG01CBA6qld ojQRyTQMnki0WJn2sba6vsLGys6yklxQzXnhcjQy3PLiNpTWndxsAPPeRFABGyPjFrEg8E7fNOD+ Wk8DyywHaNWgyhzXCFupdRvysfD2ZSNzQ4cqQ5trV0/NrfNeocsXnyFDoCZeNAbaOExj0cMcO3fA BDJgpm+Uryq9frEjciMREXwBWBx7yAKGwFURhlE8Vo4Wy5YuX85aV0WCk10Xgf3bIHBczmeZTBTh 4AyZmAgLnsmjooUdM1uhQHkzuDIAqmVBfOG64+1oLR5MCU2KCgbNCaNIdW3FZXRk1opRJeDM1QBu H7PPtJot6zVjo7lKuVKcxEtXRo0lPP6kUjUuh8VWrp0oeeOW3mknYWLOrFlWrwhK4nbBWoUEAk5A e+5ShmkoK4arUyVmZIyqqHzLZEQR2oQTDzX+ue+Ya+2xyuxTTXRDdU0cNouCqAzmqpiYIOgqzW0q zCdnOiOmzTFptSOalTFxczLRuNiHIQLSc27A1ZTvWvtVm+/jh4nwipAvmNRvAlt4yojgCTHvHddK exExoklx/5Uwn2K7haMXXCR0Fh1JGLZTG4RA3YTeJhxiosmCVJzIjYaNJTjLggU+IQovGLLIU2tg lJLjDoIBSN5ua/CCz3eM6AIcaUYAVdJgNubXpJOxDLZDCZQFFtg0Sv6jhpYt0GUYk2JM1NE1zqwH 25EywKXKPg0kZJA5t2gVJiVfzpHKCeUMtgAbckpxDUNUSPOmemTGoCNURFyx5W4SRYQcNCv+nOSC dpHmONIYbvmokzVB+kljH3csFoCAXg2VAkFPoppqUMnseCmVUeXg2z8R6KFQYai1kleJY7a462BY 4QlGkMv8iQqbaOnq5amxWfMGT8kWgY9dwrJ4LFaEGnESSKcaVeAROBnBFbYRaJugUaUhNE146ZyK 2rfMNfqpdML4INpOvaRpqqr7oorABWlSo1pok6CygKK1DVUtWXO6EtxrIUUo23E13puML0PRiAA3 wA2563oYHxyxw8uFpM+fGrcAXMSrPhiUyWCAsk8YnP7n6J/vYKqhK0NBZOyvYRV0HoYyMPOY0TEc yq/SmrGYHjLDAXjTlSX1dJ6KD7tyInj+WIHBRhyfpezVeWFrYzJvlmr93zeYLCUQfenekbZ4t5yI EI37HfbL2kG1HBmJCMExY6Nd/+dM3UGt22OHIekGCS9V9RHqRXb+GqoPQC+d+Uvm0GUxk+G9LDhc hGoHNOl9yOmzxWxS5Kdenr4++ES6cfRRvK+xjoefhAETaupTABpvoAhy1PjCvdAZZuMFNXPG1iXf rnOVrSRsDvDmHMrbLwGUNLFx30bWrubjc7ZRGUxMM331FtPA2hw+K+uKUUgYnGZ0/ZnBJlNMEFvE Rv3Drhdcm18ONrAQUpQBCjI7yHkCRcAUGGUv4WIUX/awjU/UCkh1OQo9bDEjDv6qCRn+3ItdBuaq nSWIGmqwgEhakMGQjE2DBREbCpJGvhvCIhmJKkGX5gaWeADOBA+ihnkYdqMd4sB+59mIliKgjSI8 JyyAm5hy0pUImR3sC7RrojYcYxFxWE9LQgBYcAS3i9LUjlWK0gl1RgZFgAxJjVtio8yIlDPFiWGI KIMMNaQ0Jb7gCBN7RJR9cGjIGz1OBAy0CFOqw0iiBOWJjGzYQ9JVnd6JAJKrKgw1bAIapFRSk5jE SEBu5ZNOoguQTJHkeT4ZsH9p8pE18wkj/QXLUwLxko6cpSw3KQIJLLKVprTkfw5pTErScj2YoOR5 1nOrZiIzmcVsZBuHyUlrehIpFmn+JmOeKUxcUmcOreTlLJnBTGd+pTvgqpky23nOSZZzl46M5THr 2TBx2vOe4qOFN2/kzirgM1Xm3Fw+8znQdolvnwVdKEMb6tCHQjSiEp0oRStq0YtiNKMa3ShHO+rR j4I0pCIdKUlLatKTojSlKl0pS1vq0pfCNKYynSlNa2rTm+I0pzrdKU976tOfAjWoQh0qUYtq1KMi NalKXSpTm+rUp0K1oUFQaFSralUnMQAAALgqV7v6JCto1atiHWtmsrpVsqJ1FgQYgAAGMAACUBWp DQhrWuvqCrYKIK8CIMADqpoJuto1sDVIgF7bulergvWsghUsAfI6AA70latmXez+YvE6gAfEValz VSxl64pXuHb1r5yN6gPYOgAxlJatCRCDW/dqWtS2drVEaG1rCSCGxhrgtERIwGtfwQG8Ola3rFhr YQcg2xqUtq0BIK5j+8oB3urVuK0BbluFO4fWFte2RaCuWxvGXevOobFvDQBwxxve4rLkt9mdbnHB ywHx2ra82n0vehmx2a7qlSzP1at2a6DXAOS3CoTNa39PwF/HYgK4rEVwK/Zb2OhGFrnUrW8Rgvvg vJL3wocVsIbbGuEO29bBF75sHxoL4ip8VsO21TB4XWHiEWNiwCOOsHr3qmIAwzgNgLWqZWdb2N02 t8c1oC6QPfzfKhS2wJ91cXv+qRvhDAcXu22FxoPdWt4o/7gGL66uk08gZcMmgL7R/fKTt2zlwqYP ymMuroX5S1UzS1m4cO6yl6vM3TYTOB735eqAHzvkLNd5yghwLDSI/Ocp4zXMJ5CxciuM4bs6VhsP kLFwLctXyCJAxvMtbJgf8IAt8xWzL46wZSVN6RM8AAGfdS6UB2Dq6BKBvwBVcKAbbWBYH9rPr7As FVL9YjSUmheTxrWarUvhVtNjsvh99K1lfd28hpkDR242gbcL7RpXmsImbrGW9YrZVg6a2d7+5gMY LO08A6PcCGZHcjc86qIhZNpQ7u+7wT3tz55qyWpecF71+2JYjJrfp633Q+7+LW81+1veiQ3tkh28 bUcLABgNH/DD56BXYZvbsnmNLK9boe+gtNu2FcdEu517ZHPqVbbM0PfHzxPyQ/e35cJecsmp0+dA g3fb9Dg3t3284Sp8GtjVtsjLW31bQluEwTVQNlcrjlee93XkTs8r1Je77hpH1rEUP4EBNg7pn6MY wVc2rWGdfXAo3wrf816PkOeNi5Zbu9HRNSzZLdtXuG/7yTgWACwSXU0qwP3ZjcZ7c8Vw8D0vm+9Q Rvu8P/xovDJ+1QEIucN5zr2zIxfzVlfuhDt82Kpnnur8hqu6FV9ipau99K2ouOcvHOgCb969hW9F 6fuJas1PHeyxZ8Ts67T+Y6vWHMEmXrHoUY1XzAq/2hc/z80hj+PLjpztzMbEw69s2K6THa7njniC p/96wbdm5PqucfjXXVjsO1YA2NetzKNv8eKz1/QNdj4jcl9gMcse/gv36meH/37jIh3M+R/P9dlX eNvTQZmqQdsrjBtqVR+BRRZmCdvkIZmt+Rf8fd/e6d3kid/QaWAffJr5YdgETl66cZwHnpcF/h8s BBgDep0DMlj7KZ2jgRfTcRXPIeDz2R09tBkutNllFVq/MdjwXdw+Sd7oxR6N9dPZ5SDMAR4E9sHH qV3jReHQeRs2OSERuN/e9V2eoVZ1USESup0WzmCzgcnvIZbGmZ4aRlv+2JVdrl0bNGybB6afh+3T ti3M5fWbHgpAms1Wd/3ft90eBo4hHopBuPVhFsZeHiJi+rSdFroVaE3hCbgf6K1e71Fi8rUVI7bg JO4eJvSeaHkVZHFXtxUWELWb0m0Z9xkeoO1dGXYHsU0er5FiAx6a4m0fENEfzJ2HLLabrq1dL87g Lw6WLL7fhsmgCuYiJTlbZLjZ9lnXL74dCuIf7+kf4l0VLzBaf22fMorYz3Vji6UiK6qZANBYaxFB CDoWAbBjkjEDo71VOzqb5bUiOWagOrYVO4JaEP4cPsbjPsZddbEjdU0j2FUjKNrab7FVOr5YPJYX qjWkPrpjBhZBJZb+oQ3e4CnGmputh0ZeoBce3QxuWT0yQuc1Ywp2mLF5H+P5HGgJ3o21JD2YJArW mobFJBmqIBd+ZEl6HgJEVo3B5OvFwxYeHhpeFa3dYj8hZa09k4gVWOmBVxNq2YRJFwh2XlXS4JPV 3ugNJVUelyJOZZV9ZVAwV5JxJU7mHxAG2qmsYk4ul1eepSmmJY1h5A2KjwS+E2r1k7ANkyCmo08u S6p9Gjv6ZWskgD5CVi6l2rK0C14CnU/qY2GmY1MKZmQmVGUSZkAhF2XeyGKiGmBmjT42GGZeGis4 JtB1ph/uX2dRlDZRFWOg02a4ZkvMZoOlm+25xC75Fm5+UxHchyP+1SVUtd5wEmdxGudxImdyKudy MmdzOudzQid0koNROlU3Rud1Ymd2aud2cmd3emdxkpgochVmkWdilud5mmd6oud6qmd7sqcgvqd7 ymd80ud82md94ud96md+8ud++md/Aqh5LuY+UCdrGuhRgUZwHuiCalaBMuiDDpV4qpQELMAtXIBW YSgAeAhmAMAgaExLdOgJhGiDXSjm0EIEAICJuogNZcaHaoaLBsCIcuggyGhrlGgs1GhBCUWKtuaN XoCeaM5jFAMAlAK5GAWRasaIqgGIDgKtNMyNwgSKqqgsLGl+VGlZFUKOusSIOumT8igsdClD7eiU LtSY3kkhKM3+haLBhdrHXLEoLYxox8iCllJPimZWLdgpTMipZuypSwwJnbIEoJJHnm5Uid7pMRkq 93yp0ogMmx6iwTwKJLDBCLSHMPBEA9xCBIUpEWwBDuAClxJMEIREotZHHr6ClCpFWHRpp5YCGmiq iV6AMAgBNNBKrJaCErxqMciqjXhGpBSFwThph8Yql2jErooPqJaFCAiDZ7xHnpZqXfBBrS6r19SA pNgAs1KFqNKqqkbrFpTCaqQoKZiEtw4Cq47DFrCBDmQBDLCqExWrpdIqufoAoU7FvkgAAMSMo1rE XKFBVi3AXFlCWWiowWhVehhQjGJoIW2AVlUCksYojQ7Cwg7+LJGOKeDgK0tIqYiuQogiwAJoqL9G QYbaRyMAgMF47Glo6MeWbMgmLMmarMPGaCWsjIgmbMyq7AL8Rsk27GmIwYj6bFapwcpWrEBcbB/8 7M2aaiAgygLEwMl6bJZuLI3KLM/uKNACbQ0MbIRsgNNqqKIOAgd4LB9cqE48Lcjmgs6eLNZO7bxO wsJSK6qgKHFoacaiaHoUjMCaAOAwLbj0KdhChzdcrM+mh8G4Kr6WKNG+qfzkaY2GaMaiwMW6EThQ LBUsLChold5A7nfcq+tUrojiLELYV5Z+KYpewuayQ+caLcTSLOYew+Fm1Zv6rJ0aQdFqBO3+6xzU j1IILhH++OznHs+Fyu7C0qjv+i1d1K3DXKggCCzg8kHnmi7lFq3QogFnIYCg5odMDGkhoeqVkuwl oCgbxK1vigpkjAHttkcP7C7qco9njO3r8mZdLG7UAq4p+MdwVCvTWgdkwOzD9slfYMJKTO4zecT+ Ni7+RgP58q7qxijPduiOygC+9pPPMnAhBcC/Qu8lqK+oyAHj0qif3AqbPs0Ge3AGLymKRsFayMHt 1q0N+IEBS8gCE8VoCcKh6mkh7Kj22mmONi5nhW9HoGm1jhbWqm4P167H6gkNMy8VcDBVeKyGYqsG s0IgHMYVnBUEC7EUyIEUswAVa6wrXOkSa/FhZBUr7G7+jNpIiCZvyfZQz9LoGVPw934E/hIx4Hbx FfPvxxAqHd+xHgMxVVzssm7VvZZuExNrHE9x0NYx1qbBDztJHflPjoKVEtvHDmfBaAkp/LbC7s5x s3bo/s6C4y5xY5AAhl7CJetYolxBIvPvJWcVKlcpoJryEreyGF1pAtcxB+9oJ/MsG6uyljZGiN4u Hy/vHt8xnZppH+/xHMftT1SvAeGrCb/PKGvVJcyyGqQyMYvK/+7yV8WRvm5C1xLzvdIAEW/yQMCv 1zhBMY8zALBBI4jADicuHgAxZSxxK9HEAuCvOf/v7cRDPQ/En4ivKi/yp0YtQGsmL6tzAt8w4MKu Agv+dLQ0QdHCMTngbz0b89juglEk8kTfiRzjKzuDrbYw0j0fhfLYchb4Cr8QsTffSdEGQprBMTkH cZ+Ks+TSwO7W9CkI65e+NCzMlfGC9MNmRQG3EooGDyuQMFDU83ck9UOTA9TaclOn7i3LL5T29FQT M6AubCXY9CZYsFDHQBm3A8VGhsPKaE5zz1dfqNKaA5fu7YwAQPeKiUBTawPzy8Iqwlob6ZGexr1a QqyStUw3iCW87VzRigwAaRkbNiLoiaHeMOXSyVaPgIYGg7AeKQ1stROsRZ0QtiBl1WG7aS+nRyUY ENGCdvRSMGcf7BKb9g+ENlaLNf86NgjDtvyuR/Wv7u9cYerW8rRle6xDg+u//gA+K0GN6vZwL+pv Qy87h7UIbXZrrwBqc+oTj+3SKC8nZ6gQABRvF2zhVvKnaNUu2w2GVqgkd/F4a1WF+suiZmwtBwWK Muwk/Gh657TEMiwaSKx4Ey0p23Ed57fF8rdThzWShvJ+T3MmKzAuQynz1vZJr8dPV0F7kLd8N7Ge xLbcHmnJToKMoreGV3Ip3yua2reG2oNZHbgqL7hGb0YIAAA7 ------------BDAA379D3712542-- From owner-namedroppers@ops.ietf.org Tue Dec 19 14:03:05 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwkEz-0006BF-B7; Tue, 19 Dec 2006 14:03:05 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwkEt-0008Hk-GG; Tue, 19 Dec 2006 14:03:05 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwk9q-000OgS-Jk for namedroppers-data@psg.com; Tue, 19 Dec 2006 18:57:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,BIZ_TLD autolearn=no version=3.1.7 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwk9e-000OfZ-51 for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 18:57:36 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 19 Dec 2006 18:57:32 +0000 X-IronPort-AV: i="4.12,188,1165190400"; d="scan'208"; a="5917077:sNHT64492684" In-Reply-To: To: Edward Lewis Cc: namedroppers@ops.ietf.org Subject: Re: additions to dnssec-bis-updates-04.txt MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Tue, 19 Dec 2006 19:52:37 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 19/12/2006 06:52:39 PM, Serialize complete at 19/12/2006 06:52:39 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 Edward Lewis wrote on 12/19/2006 06:14:26 PM: > At 17:38 +0100 12/19/06, Roy Arends wrote: > > >You want to be sure the NSEC record is from the correct zone, lets say > >"from the zone that has the authority to make that claim", and not from an > >ancestor zone. > > The only time the bit map will give a hint whether the NSEC is right > or not is when it is parent/child involved, when the owner name is > the same between two NSEC choices. root: com NSEC edu NS DS tld: example.com NSEC lewis.com NS DS sld: www.example.com NSEC example.com A QNAME is www.example.com The spoofed response contains: com NSEC edu NS DS This is obviously from an ancestor (grandpa in this case), not the parent. This was about terminology, not the rules itself, so I don't see what the rest of your response about rules and ways to check, etc, etc has to do with my point about terminology. Roy Arends Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 14:28:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwke1-0003lV-EV; Tue, 19 Dec 2006 14:28:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwkdy-0006Lo-1H; Tue, 19 Dec 2006 14:28:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwkar-0001e5-0t for namedroppers-data@psg.com; Tue, 19 Dec 2006 19:25:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,BIZ_TLD autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwkak-0001dP-5Q for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 19:25:36 +0000 Received: from [192.168.1.101] (hlid.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBJJL0Wj002527; Tue, 19 Dec 2006 14:21:01 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Tue, 19 Dec 2006 14:25:06 -0500 To: Roy Arends From: Edward Lewis Subject: Re: additions to dnssec-bis-updates-04.txt Cc: Edward Lewis , namedroppers@ops.ietf.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248 At 19:52 +0100 12/19/06, Roy Arends wrote: >Edward Lewis wrote on 12/19/2006 06:14:26 PM: > >> At 17:38 +0100 12/19/06, Roy Arends wrote: >> >> >You want to be sure the NSEC record is from the correct zone, lets say >> >"from the zone that has the authority to make that claim", and not from >an >> >ancestor zone. >> >> The only time the bit map will give a hint whether the NSEC is right >> or not is when it is parent/child involved, when the owner name is >> the same between two NSEC choices. > > >root: com NSEC edu NS DS >tld: example.com NSEC lewis.com NS DS >sld: www.example.com NSEC example.com A > >QNAME is www.example.com > >The spoofed response contains: com NSEC edu NS DS > >This is obviously from an ancestor (grandpa in this case), not the parent. > >This was about terminology, not the rules itself, so I don't see what the >rest of your response about rules and ways to check, etc, etc has to do >with my point about terminology. What's the point about terminology? The doc, in 2.1, talks about distinguishing between parent-side and child-side NSEC through the use of the bit map. This same check is unique to the parent-child issue, it isn't pertinent to any zone up the tree (toward the root). In your example, I don't see this working. "com NSEC edu NS DS" doesn't indicate a span from com to edu, it covers the span from the last name in the com *domain* (not zone) to edu. I see this: com ... www.example.com .... lastnamein.com ... edu with the NSEC saying there is nothing after lastnamein.com until you get back to edu. The NS bit says this. So the NSEC is not covering the QNAME. In 2.1, the words there are about the problem of having this: example.com NSEC foobar.com NS DS DNSKEY RRSIG NSEC example.com NSEC a.examppe.com SOA NS DNSKEY RRSIG NSEC Are you saying that there's a missing case of mistaken identity - that we need to be clear that a NSEC with an NS or DNAME bit means the span is from the end of the owning domain? Truthfully, the span is always from the end of the owning domain - the NS bit just reminds us that there are names lower in the tree, that the owning domain is not terminal. I think that 2.1 is accurate - any parent-side NSEC can be misused (via misinterpretation) to deny data below it, the section doesn't limit the damage to only the zone below. Looking upwards, it isn't just the parent-side NSEC whose bitmap matters. But 2.1 doesn't say to only look up to the parent-side NSEC, as opposed to the ancestor. OTOH, 2.1 isn't exactly clear..."both RRs at that ownername and at ownernames with more leading labels, no matter their content" I don't understand the point of that comment. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From geoffrey@comcast.net Tue Dec 19 15:18:43 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwlQB-0003In-FJ for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 15:18:43 -0500 Received: from ip54561263.speed.planet.nl ([84.86.18.99]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwlQ6-0000EO-PT for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 15:18:43 -0500 Message-ID: <000001c723aa$d4813b00$63125654@Computer2> From: "Simon" To: Subject: We know what you want. Date: Tue, 19 Dec 2006 21:18:22 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------ms060906050607080306010607" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 3.3 (+++) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 This is a multi-part message in MIME format. --------------ms060906050607080306010607 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable
Choosing Online=20 Pharmacy
 
We address this letter to you hoping that it will help you = select=20 among the variety of online pharmacy stores.
We did a national = research and=20 are pleased to recommend you #1 consumer rated USA pharmacy store with = such=20 variety of drug categories:
Men's Health=20
Anti-Depressants
Pain Relief
Weight loss=20

And incredible Cristmas offer:
Cialis + Viagra Powerpack (30 pills + 30 pills) With 20% = Christmas=20 Discount.
Unbelievable price: = $319.95
 
 
--------------ms060906050607080306010607-- From owner-namedroppers@ops.ietf.org Tue Dec 19 15:47:04 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwlrc-0002V4-AN; Tue, 19 Dec 2006 15:47:04 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwlrb-00078Y-1g; Tue, 19 Dec 2006 15:47:04 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwlkb-0008ka-0K for namedroppers-data@psg.com; Tue, 19 Dec 2006 20:39:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwlkY-0008kD-4F for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 20:39:47 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 19 Dec 2006 20:39:42 +0000 X-IronPort-AV: i="4.12,188,1165190400"; d="scan'208"; a="6420694:sNHT34008132" In-Reply-To: <200612191944.kBJJi40q055134@open.nlnetlabs.nl> To: Jaap Akkerhuis Cc: namedroppers@ops.ietf.org Subject: Re: additions to dnssec-bis-updates-04.txt MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Tue, 19 Dec 2006 21:34:48 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 19/12/2006 08:34:48 PM, Serialize complete at 19/12/2006 08:34:48 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 Jaap Akkerhuis wrote on 12/19/2006 08:44:04 PM: > > This is obviously from an ancestor (grandpa in this case), not the parent. > > The dictionary at my MAC tells me that parent can also mean ancestor. Ok wijsneus :) .. an anscestor (grandpa in this case), other than the parent .. Roy Arends Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 16:57:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwmxY-0004pB-9r; Tue, 19 Dec 2006 16:57:16 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwmxX-0004DG-1V; Tue, 19 Dec 2006 16:57:16 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwmt1-000Fsy-Lr for namedroppers-data@psg.com; Tue, 19 Dec 2006 21:52:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gwmsy-000FsW-8B for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 21:52:34 +0000 Received: from open.nlnetlabs.nl (localhost [127.0.0.1]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kBJJi40q055134; Tue, 19 Dec 2006 20:44:04 +0100 (CET) (envelope-from jaap@open.nlnetlabs.nl) Message-Id: <200612191944.kBJJi40q055134@open.nlnetlabs.nl> To: Roy Arends cc: Edward Lewis , namedroppers@ops.ietf.org Subject: Re: additions to dnssec-bis-updates-04.txt In-reply-to: Your message of Tue, 19 Dec 2006 19:52:37 +0100. Date: Tue, 19 Dec 2006 20:44:04 +0100 From: Jaap Akkerhuis Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: d17f825e43c9aed4fd65b7edddddec89 This is obviously from an ancestor (grandpa in this case), not the parent. The dictionary at my MAC tells me that parent can also mean ancestor. jaap -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 17:32:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwnW2-0002nU-Hn; Tue, 19 Dec 2006 17:32:54 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwnW0-0001Vl-7A; Tue, 19 Dec 2006 17:32:54 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwnRp-000JYf-MZ for namedroppers-data@psg.com; Tue, 19 Dec 2006 22:28:33 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [204.152.184.167] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwnRm-000JYM-IH for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 22:28:31 +0000 Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id 3462C114028 for ; Tue, 19 Dec 2006 22:28:30 +0000 (UTC) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK)) by farside.isc.org (Postfix) with ESMTP id 83580E6058 for ; Tue, 19 Dec 2006 22:28:29 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.13.8/8.13.8) with ESMTP id kBJMSKL2097056; Wed, 20 Dec 2006 09:28:21 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200612192228.kBJMSKL2097056@drugs.dv.isc.org> To: Roy Arends Cc: namedroppers@ops.ietf.org From: Mark Andrews Subject: Re: additions to dnssec-bis-updates-04.txt In-reply-to: Your message of "Tue, 19 Dec 2006 16:43:02 BST." Date: Wed, 20 Dec 2006 09:28:20 +1100 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081 > As promised (though a little late) here are my quirks from the dallas-ietf > presentation on DNSSEC-bis omissions: > > One rant on DNSSEC-bis is that it groups empty-non-terminal response types > as "name errors" instead of "no data errors" (section 3.1.3.2 of RFC > 4035). I think it was Rob Austein who explained during the WG session that > the term "Name Error" used in DNSSEC-bis does not necessarily reflect > "rcode=3 (name error)". In hindsight, this is purism, and does not create > any holes in the validation logic. This is not all that important, so my > suggestion here is to remove the following part in dnssec-bis-updates: > > 2.2. Empty Non-Terminal Proofs > > To be written, based on Roy Arends' May 11th message to namedroppers. > > The editors are trying to figure out whether what's really required > here is a discussion of the relationship between DNS RCODEs and > DNSSECbis. > A NSEC record prove that there at no names, with records, between the owner of the NSEC record and the Next Domain Name in the zone which owns the NSEC record. This is not the same as there are no names in the covering span. You can determine which empty names exist in the covering range of the NSEC by taking the NSEC's closest encloser and the Next Domain Name. If the Next Domain Name is not the closest encloser and call that E. Strip the left hand label from E and if that is not the closest encloser you have found a empty name that exists in the span. If that name end in a wildcard label you have found a empty wild card label. Keep striping labels from E until you encounter the closest encloser to find all the empty names that exist in the range. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Tue Dec 19 18:29:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwoPF-0003oo-7L; Tue, 19 Dec 2006 18:29:57 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwoPC-0003LR-Mq; Tue, 19 Dec 2006 18:29:57 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwoJo-000Oxs-Ep for namedroppers-data@psg.com; Tue, 19 Dec 2006 23:24:20 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_00,HEADER_SPAM autolearn=no version=3.1.7 Received: from [66.92.146.160] (helo=ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GwoJe-000Ox1-HY for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 23:24:18 +0000 Received: from mail.ogud.com (localhost [127.0.0.1]) by ogud.com (8.13.1/8.13.1) with ESMTP id kBJNJfTB004256 for ; Tue, 19 Dec 2006 18:19:42 -0500 (EST) (envelope-from namedroppers@mail.ogud.com) Received: (from namedroppers@localhost) by mail.ogud.com (8.13.1/8.13.1/Submit) id kBJNJf3f004255 for namedroppers@ops.ietf.org; Tue, 19 Dec 2006 18:19:41 -0500 (EST) (envelope-from namedroppers) Received: from [213.248.199.23] (helo=mx3.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gvh4S-000IhN-HA for namedroppers@ops.ietf.org; Sat, 16 Dec 2006 21:27:54 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx3.nominet.org.uk with ESMTP; 16 Dec 2006 21:27:50 +0000 X-IronPort-AV: i="4.12,179,1165190400"; d="scan'208"; a="6376603:sNHT32987820" In-Reply-To: To: Pekka Savola Cc: Edward Lewis , namedroppers@ops.ietf.org Subject: Re: brain cycles of the WG MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Jay Daley Date: Sat, 16 Dec 2006 21:23:23 +0000 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 16/12/2006 09:23:07 PM, Serialize complete at 16/12/2006 09:23:07 PM Content-Type: text/plain; charset="US-ASCII" X-Scanned-By: MIMEDefang 2.57 on 66.92.146.160 Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81 [ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] > I think I'll be quiet after this post... This is an important discussion and you have some interesting things to say. > > On Wed, 6 Dec 2006, Edward Lewis wrote: > > At 16:39 +0200 12/6/06, Pekka Savola wrote: > > > >> - load balancers and such dropping all queries except 'A' > >> - DNS servers giving various sorts of bogus error codes in various > >> kinds of conditions (e.g., RFC 4074) > >> - Totally broken (in various ways) DNS resolvers out there (e.g., RFC > >> 3697) > > > > (Do you mean 3697? Flow-label? I don't see DNS in there.) > > Sorry, 4697. > > >> - various pieces of DNS infrastructure not supporting new RR types as > >> well as we might like to > >> - cache poisoning prevention still having no useful normative > >> specification > >> - EDNS0 not working very well, e.g., because some products choose > >> to drop "too big" DNS packets. > > > > I don't discount that this happens or is a pain. But with the exception of > > the penultimate point, what part of that is the result of the protocol > > specifications being unclear or missing? E.g., handling only A > records seems > > like a choice, not a misbelief that they are the only records in use. > > Almost all of these are due to an insufficiently clear specification, > lack of identification of the "minimum subset of DNS" and to some > degree insufficient motivation ("why is it important to do this?", see > e.g. RFC1812 for examples) DNS certainly has the problem that most people think it is simple to understand and don't realise there are some real complexities in the details. This, in my view, explains the astonishing mistakes that many implementors make. I think this is going to change as implementors get to grips with DNSSEC. The complexity of DNSSEC is such that they can't give their DNS work to the office junior who reads RFC1035 and then thinks that they understand DNS. Hopefully the trigger of thinking about DNSSEC will force implementors to address all the bits of DNS they have not yet got around to understanding. I'm also increasingly of the view that DNS is /so good/ that most people simply don't realise it. And it is all those complex and weird little quirks that enable it to be so good. What worries me about any attempt at DNSv2 is that some of the brilliance will be lost by trying to 'fix' DNS and DNS is just too important to work in any less good a way. Jay Daley Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From AnnaHurstnr@alliedphillips.com Tue Dec 19 21:24:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gwr7p-0000Jf-D9 for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 21:24:09 -0500 Received: from host-70-45-124-241.onelinkpr.net ([70.45.124.241]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gwr7n-000695-54 for dnsext-archive@lists.ietf.org; Tue, 19 Dec 2006 21:24:09 -0500 Received: from HP-PC ([163.138.129.186]) by host-70-45-124-241.onelinkpr.net (8.13.4/8.13.4) with SMTP id 7D4FDA89F02831; Tue, 19 Dec 2006 22:24:44 -0400 Message-ID: <000c01c723dd$eec87e50$f17c2d46@HPPC> From: "Anna Hurst" To: dnsext-archive@lists.ietf.org Subject: GoldBlue Date: Tue, 19 Dec 2006 22:24:10 -0400 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0008_01C723BC.67B49460" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 4.6 (++++) X-Scan-Signature: 17bdfcaea25d1444baef0e24abc38874 ------=_NextPart_000_0008_01C723BC.67B49460 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0009_01C723BC.67B49460" ------=_NextPart_001_0009_01C723BC.67B49460 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Blog publish own original works use magnet. On features unlimited free, online calls promote your blog. Protection, = exclusive filter blocks suspect files. Click send file, detailed user! = Blocks suspect, files adult content. Right click, send file detailed = user! Builtin virus protection exclusive filter blocks. Adult content, with = password, how is read parents. Content with password how, is read = parents watch flash? From, multiple sources, now, more, on. Adult content, with password how is! Send, file detailed user guide, = builtin virus protection exclusive. Share, downloads last week total. = Share downloads last week. Right click send, file. Builtin virus protection exclusive filter blocks suspect files adult. = Multiple sources now more on features unlimited free online. On = features, unlimited free online, calls promote your. Exclusive filter blocks suspect files adult content. Multiple sources now more on, features. Links easier install and = toolbars goldblue icons. Week total up to mores searches. More on = features unlimited free online calls promote your. Download share = downloads last week total, up. Online calls promote your, blog publish own, original. Files adult = content with password how is, read parents. Is read parents watch flash. Right click send file detailed user? Install and, toolbars goldblue. Up to mores searches agent. Download share, downloads last? User guide builtin virus protection = exclusive filter blocks suspect! Detailed user guide builtin? Detailed, = user guide builtin, virus. Agent, scans from multiple, sources. Scans from multiple sources now, more on features? Goldblue, icons right click send. Mores searches agent scans from = multiple sources now more. And, toolbars goldblue, icons! Searches, agent scans from multiple? Now more on features, unlimited = free online. Files adult content, with password? Guide builtin virus protection = exclusive, filter. Send file, detailed user guide, builtin? Goldblue, icons right click = send file. Read parents watch flash demo learn about. Is read parents watch flash = demo. ------=_NextPart_001_0009_01C723BC.67B49460 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""
Blog publish own original works use = magnet.
On features unlimited free, online = calls promote=20 your blog. Protection, exclusive filter blocks suspect files. Click send = file,=20 detailed user! Blocks suspect, files adult content. Right click, send = file=20 detailed user!
Builtin virus protection exclusive = filter blocks.=20 Adult content, with password, how is read parents. Content with password = how, is=20 read parents watch flash? From, multiple sources, now, more, = on.
Adult content, with password how is! = Send, file=20 detailed user guide, builtin virus protection exclusive. Share, = downloads last=20 week total. Share downloads last week. Right click send, = file.
Builtin virus protection exclusive = filter blocks=20 suspect files adult. Multiple sources now more on features unlimited = free=20 online. On features, unlimited free online, calls promote = your.
Exclusive filter blocks suspect files = adult content.
Multiple sources now more on, features. = Links=20 easier install and toolbars goldblue icons. Week total up to mores = searches.=20 More on features unlimited free online calls promote your. Download = share=20 downloads last week total, up.
Online calls promote your, blog publish = own,=20 original. Files adult content with password how is, read parents. Is = read=20 parents watch flash.
Right click send file detailed = user?
Install and, toolbars = goldblue.
Up to mores searches = agent.
Download share, downloads last? User = guide builtin=20 virus protection exclusive filter blocks suspect! Detailed user guide = builtin?=20 Detailed, user guide builtin, virus.
Agent, scans from multiple, = sources.
Scans from multiple sources now, more = on features?
Goldblue, icons right click send. Mores = searches=20 agent scans from multiple sources now more. And, toolbars goldblue, = icons!
Searches, agent scans from multiple? = Now more on=20 features, unlimited free online.
Files adult content, with password? = Guide builtin=20 virus protection exclusive, filter.
Send file, detailed user guide, = builtin? Goldblue,=20 icons right click send file.
Read parents watch flash demo learn = about. Is read=20 parents watch flash demo.
------=_NextPart_001_0009_01C723BC.67B49460-- ------=_NextPart_000_0008_01C723BC.67B49460 Content-Type: image/gif; name="GoldBlue Icons.gif" Content-Transfer-Encoding: base64 Content-ID: <000701c723dd$eec63460$f17c2d46@HPPC> R0lGODlhcAEQAYfoAAAACYUAAAuDAIF5AAAFeIYCjAZ5jcTCzLvRua/X+EwmBF0RAIokAJ8iCbcs AOMSAwA/ByhAADhLAFhDDXI+Bpg7ALxJCOw1CgBXCihcCzReB2plCIduAJNgAbRhC9NaDAB2CCl+ BU6KBGB/AIRzAKeAA7N6AN+CBwCtAyOmCEiXAF2VAYacAJ2lAM2dA9ueAAPEAx69AE60AFG9BIa3 AK25ALq6DNyzAA3kASnkAE3jAFHtAI7RAJTtALzpC9vWAAgAOCQHNEwBMmEAQo4NOa0ATccAPNkA QwATSigVSEUeN2IqM3oqS5coQbkgRugZNwBNRilGTUc2PGhHTHw9N55NNbQ3MulGRg1uRC1qRk5l OGRgTnxtCppaQr5RN+VXPAp8TSeKOUp3RGmGR3p2Rql2Tcx/Ntp7OgmiSyGZPjyjQGycPo6cP6Su SbydS+6UQATLRCi6SkC5S2K/QXOxRq61R7y2MtjDSQDbNRHZPk7tTGjfQ3zfSZbjM7XiTdbfQAIN jiwAjk4Ac2AMd3EAf6IMcrUEfO0EiQAafSsXdjQkemsWg4UidKMqd7UWg+gRegA+fiVFcjZHfFc2 dXFFfpVAc7I8f9E4jgBriyddfzdZcWlVg3JfeJ5bfM5nfelgdAx5hByHdz9/f2iBeYSCca51d7V9 hOuDdQyWiSOadkSsjF2Ri3OUg5KXirenf+OjdwCxdxOxi0XOjGK3doLIe5rDhLi1f+G2fwfmfCPr gj7WjmTXh3PShKnZe7fijNXgewUAwCQAuEIAumUAs4oOt5oCys4DtuwAvQAtvB0utzcdvmsqyn0R y5EdybEnteYuvgA/viwyzDE8y19HzHc7yplLuL05y+BOyAJqsi1ftUxltmRfsohgxJRnyM1ss95R zQR4vSN5vj+FwFeMv351wqCLxs58y9KFyQCdsSipyUSozVStwIKcyqOUs8WpwO6nxgi1yx+4zDXB tmTEvoK2zKHFtvf/5KuWnnp6jv8AAAD8Cf/0CgAA//cA+wz+///29iH5BAAv83EALAAAAABwARAB Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqjPivo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzJsuNOHPq3Mmzp8+fQINCtEm0qNGjSJMqXcq06UqhUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOq1em0rdu3cOPKnct0rd27ePPq3cu3r9+ddAMLHky4sGGafxMrXsy4sePHkIcenky5 suXLmDNr3sy5c9LIoEOLHk26tGmcnlOrXs368+nXsGPLnk27tu3buDO23s27t2+WAYIH+CfcY3Di w40PF868I/PjyJ8njw6denXr0z/m287dI/fv/75v/zd5/Tr25c+VS3ee/bf7ytCLs0f+8bh5+srr t68ef3p//SGN15GAAmqXj3cHklTefu3h5+B8AL4nIWX9/bfggxCOdCGA/CV3X4AJhpdggQgaqKF8 GN7XIUjmfTjhi3NV6OGMEKrYYIQZzrcihiIVSGCIJQYZUnM58rhjfjjCqORSCgUnkJNQBvCklPY4 WaV0UzJXkJVTbikllgOBWZB4+QxEZpnbEZSmQVa2SWWYWIoJp5e51dnllVm+qeWdTb6J55wERfkn QlyaiWaZhhq0pkCLBkqlm3TSWSiglNppWkn/UaeefzeymN2G+WUq0n0/CmkqiZuKWiR+Ni7p6lt9 8v8pnKO0RsrnoLI+qqeutaqJqD1rNsror8LeKmivlE6qrJ+W0qYll7NWKp2ue1aa5661yploomcC Kx6hfkb5bJzhlmtrs+imq+667Lbr7rvwxkvWq/TWa++9+OarL1Hy9usvQnSBA05rAu9rMMECJ1ww UQvPpHDDS0Ec08MeUXySxf9gjHHGCR/MG0MC8xRyRiPbU7JPJ1dUcsgrg7NQyya7LBDLMsc8c83/ WnXxwBXzzHFHGncMtMVE8yxxSBAvHLTQSxfMdNNGK2yS0z4fXRLVPf88tNYe9wYyzjCHLTPNA6Vs 88hmF3Qy2TfbTBDMMbuc8Nloy10zzTgnxLbbDu3/7bfdCucc1tp321224W8XblDdaasNNuJ0O354 227/zffeCtU9ed9jKy725oJHtfNHDVNdtNJVRy01x1aDlPTAD2NNeuxbay37z7HD7vNIQnPduuul p+677ll3vdrXiU/eeNufUx74y4/zDTrlklcOOebUH5Qy3Jnn3Xzk2YeuFeE3X48423MzPn3acH9P vebWX26+9NUn73ze4cuvP/fij+/9w+VrmQDnFjcCSo99ADycAROYwPjR7XkF7JzeYhdAxS2OghFU 4ADx17/TkO81y+tg6D7oQQ6KEC+X+Z3xVsjCjpzwhTCMoQz/0sIa2nAzM8yhDncIlA/48IdQ+SEQ /29zEiH68CNGTKJHlCiSJB6xI078QEuYuEQjIpGKUHQiSpgYxS5KsYlWrOITs/hFMgpxJEccYxTF CJIf/uOMZsziG8voxhte8Yt1bOMY2TjHMt6Rj3nM4xafGEhCqtGQh6SjIENSx0UKspGORKQYE8nH PoJxjpWEpB8tyclOplGRm9yXQoYoEFIOxJT2MKUPD0LKIbZylQ5R5QdKCUtazjKVtXzlLU9Zy4LI 0pe91CVBZHlLI/KymL3EJSuNictdujKZz1ylEG0pTNmQZJGdJOMfBwlKbXrzm3oMZTa1WchuhhOM 4tzmN8vJyE/C0Y3YLMkn1ylJdcLzkJis5MESgv/KZgJzl/5sSDSPact/IqSfAR2mNHPJUIAW1CAI VShAq5lQggIRlhdNpkQG+lCCHlOjy3TobfqJSmLG0okfnSZEmNlRi2I0mBqNKEsN6lGTGjSjs8Tp RaLo0Z42E6QQBSpprrlHcGYznugEJCVZEkZs3jOM+jRqOIt6VCyO05KQxGoiqUpUc0Zyk0htZzrx xc+YQhOmIj0oWisaUYbo9KYLdShJhSpRmha0pGbN6Uunide0qnWicbVrS0dJV9nMVa5rFehabbrR wMIVmYAVaWF9yta91vWxKa2oZgkbWc329aR+HWpX1RnVR4rTtFJEbUr2qMltatKcUa0iaauKR9X/ KhWU9ZTqaNn41XPakSQL4ahgfzrYjgqXsTS1KUVVqsvQCtenzb0sRYlr3Mn2dLl5BW26kvjXkMoU pdRUKWUleljk8hW8nEWoeYm5XrSKV7HcJa96rbtZHtr3vqL7rX73y9/++tdV+A2wgAdMYMn898AI TrCCF8zgBjv4Mgnhx0H4QWEJE6TCFrZHhjWMkA1juMIF+TCFOXxhDX84xBs28UAwfGEWm/jELQax QES8YhnTeMQrfrGLa1ziG5c4xzrOsJCBfF+S8CMkR/ZIkv+xZCZ3ZMlNBkmUn2ySJkf5yFP+CIWl nGQrU1nLYBaJl52MZDBPectKDjOSvXxmNTv5/8pfJrOcH+ySCIfYIBJOMYctrOcc67nPP57xnQEt 6CHnGc8k7rCigfznCSN6yEQetJ8RXehJO1rQmC5wpBNt6R5z+tGUtvOmD21nQ396zwoBtIczvWlW V5rVqk40qQM961nfOdOEDnCKG83rXEO61bee8Y1hzGgS2xrTxHZ1jWUc5GMLm8V8hvWio01jY1v7 2TiWNbBzaGQpl7nNWO52nMctZje/uSRdJnO4vV3mNJd7zm1ut5rXTW53nzvL9KY3u6Fsbzq3RNSt djapVb1jZQf7086mdaeBvepLa/vgAV94rCvd51qf2uAFFreb+e1ujpt7zBqf87k1zvExw7nfG/+v N7xFDm+Qs/vJ+k4zv9MdZo9n2d8x+bCSK8xlNK/84+aWt8ixrPOgyxnDWka60YfO5KI3Hc0ibvnS rUx0pTN95zyPs8dx/hRNe/3rYNch18dO9rKbvYVhT7va1872trsdJ7tetpCrLfcRZ1vYzQ4yinEM 4rvP/e7Ytvuqh81sbLt61y6me+IVz+xk57rtIVc30N+ddC6zHOQmh3nNJ195mQt96zS/uuc/z3nJ 2/vmZ3cKnOOt8ssffeQpZ/mX8y37oNOe9aaX98lfjnLeg3veqZ/L6klP+dHfm/g3T/fMq/xt4/c7 9M3nfe9R/3MzAz/4Somwjw9OcGi/Os8nJvb/xKON6lSHH9l5F3+qO7x47wP81OAv/OPfHupXB/ri 8P9+/jn9d/RTfNkQp20CJ23Pdn+lVn/1x2uHR38HEXkxV33S93pUxnpbZ3rLt3v1doG6h3Iu1224 R3zW13rYdxTvd20L6HBEZmrcF2nk52Hkd4L3Z3cJyIIGuIAVF4MryH/b9nYOiHUf6INbhm9Px3O7 p3NE2HlDeGVGWHlRV4RWV3tFF3Uw53MZmHVXR30jmIVauIVc2IVe+IVgWGcMOIZkWIaREYZoCCNm uIZBkYZu+IZwGIdyOIfHw4Z2yBN0mId6uId82Id++IeAGIiCOIiEWIiGeIiImIiUcYeMmBOK//iI kBiJhNGIlFiJlngVkpiJYniJnPgQmviJKtGJojiKpGgRoHiKqJiK/1aKrNiKrlgQqhiLsjiLtCiL r9iKtZiLXSMALsGLutgZABCMwcgZAlCMxcgSvuiLJaGMHsGMKmGMxkgSzhgT00iNxwiHChGMA6GN ZSEABeGNDwGO4BgR4wgR5agQ59gV6Zh23GgQwtiO7wgA9iCMAhGP8liP74iP+TiP9wiP9zgQ62gP 0CgQ5eiN0GiQxUiQAimOBDmQC2mMDZmQ32gQCCmOEOmQCCmQD6mQEmmR4+iQG4mOHCmRDxmQOtSO BOGP+siP8qiN9MiP7tiS3OiS/fiPKKmRFP9JEAapkwq5kADpkz9ZkDjJkTxZlDr5kT0plCS5lEBJ lE75lCaJk0wZlSdEEsMYElf5D1e5lQDQEcOYlVnpEV/ZlV5Jlu94EgfZEczIi2uplm7ZjP/gjGz5 EXMJl21Jl2l5l8lIl3HJl3YJEnUJl3+JEns5mG8YlmJJllpploxZlouZmGV5lmDJmIiJln1pmJdZ mG4pl5e5mXx5kJwJmH6ZjHnpl545mtcImmp5jdL4lqfJhQlxk/i4jTU5mzCpkrhpkzUpmwuxk0FZ lAz5mzyplMMpkhP5k1KZk8j5lD0pnAgRlcHJnNxmlYo5lpD5mNhpnY7JlV05mdf5na75mn3/qYyp GZ6B+ZrHSJ7nGZqmmZnm2ZnweZ7jiZmBqZmj+ZkhUY1bGI+JKYzXyZWLeZaR6Z/e6ZgfUZlpuZqs GY3q2ZahyaAKmpnRCJilKZhxyZYTupbQGJ4S2qANaqHNmJ6oWZ7BJxS8GREnKhZUuRMrahEt2oop 6hAxCpCgWaM2eqM4mqM6uqM82qM++qNASpId5BSVyRJFShkbChf6OYu32KROeom/CIro8o9Pmhjx CBW8aY+xSaUYwaX7WBBfuo1VKhUlUaBMUaRmqhT8qZhaCRJs+qZsGqV1gRBZqpssSZMveaV3OpNh CpOzqad8mqdhKpstmZKGGptiyqVj+hPU/ykS3umfkfmdY9mY2Omm1dmdYamdknqpWNmmYnmgZeqV oiqnTrGlB5GbKUmlqGqbdbqPN0mTYGqnC4GSqnqqMymmiyoUjYqVnJqpcLqmnFqpBxqnwvqYiGmP xOqoWwmqVhmgkEqqcoGmvQqnw8qr/5mslXmsmGqpLWGWnjqqIxGnyQqtRpGNdhqofmqb6gqrrKqo 6Uqbsfqu6aqSp1qP83io/XiouJqrQGES/Dmgmlqs/2qmz2qg1XqwAyugBtufkwmWDNup5MokzeKu /LqGFFuxYBGxkIixHNuxA6axjygRM+ouF+uxDVGmCQsT0mqPSIGs4zoTRwqxbqqskvmvIP+7sAFr pC9brEkRszXhswxLmSfRnTcbrthqswlLoArLrcMKqUk7qShrqU4roCzrrJQJoDOLrf4KrkV7sFK7 ndNKrbtqsFDbnwHKs+DJrc/6qMHqq52qtaFqtV0btJRqrNPKtEbrtTmLtTHbt9u6qZWKtf4Kt+Fa uHL6EOx6m+fqpSVLq1r6qrUpr6kaq/nouPCKrOo6q6+ajXRqsnQqk5e7uPFqqvA6uqXLp6S7rqBb uoprqzJqr/vqjoi6qGNrt5DJtnirrHr7t9e6sLnLncIKvAXqto7KtW/KrMZLqubqqrIKqIr6kjFJ uag7uX6aopBbuYzLvNDLkpmrj/6Yp7H/672eqy4j+7rjKxEMBrQqsbNzC1zsoqfnWxXtO7/0W7/2 OyH3VbLxyxC1axQu27LICsApQawF+7BWy761mLo+Ub4ZwcAVUb6AOrv2qr+0m7dSy51ra7PW2rQY fLWYurPaOrUiPMIe7LtterzN+qkIHKUKPK8yWZv06rqsi6ep+sKSy7rRC72rWr2q+rz3SpvbC7sT 3Kf82r+4C7Zp67WBy7sGKrgbrLvEa7tNvMKZirzJO7P1q623e7cmDJ4BrMXZ+bIhrLS7e8B1O7je +qkXTMAg28I7nLjW28PRS73TK8Oq+647TL0Mka+1KsHhO76QG7qCzL2fq8eJ267dq8c8/7y67crI dXzDP1youOrDPyzEFUudVJvJ17q0uSu3AkupfrvGTHzAANu0Joy0a2u2BqyxQeHAZOHKnLu/FNEU 6rsZtYwSK3y/RMrJqaHBugwrshzMwjzMxIwWv+yHxZzMyrzMzAwVx/zM0MxCzTzN1FzN1nzN2JzN 2rzN3NzN3vzN4BzO4jzO5Fxk0XzO6ExW5QxD6dzO7qwk68zO7/yG8fxC80zP9SxC97zP/Kwa+azP /QyG/zykAf2FA90/BW3QBx06Ce2FC/3QEE0QDT3RFE0XEf0vFa2FF73RA53RHv3R2cfRIj3SJG0b IH3SKI0YJb3SLN3SZ5jSZefS6gLTNBxd0ygh0+li0zq90x+B0z49zTwd1EI91ERd0QEBADs= ------=_NextPart_000_0008_01C723BC.67B49460-- From nhzukzf@telecom.sk Wed Dec 20 04:59:40 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwyEe-0000Kv-2V for dnsext-archive@ietf.org; Wed, 20 Dec 2006 04:59:40 -0500 Received: from dsl-static-98.212-5-196.telecom.sk ([212.5.196.98]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GwyEc-0007LB-IS for dnsext-archive@ietf.org; Wed, 20 Dec 2006 04:59:39 -0500 From: "Opinion Motoring" To: dnsext-archive@ietf.org Subject: Diego Date: Wed, 20 Dec 2006 11:02:13 -0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C72426.4E07CE00" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcckJk4HMcQxcJc6QTOoP/Scy3JZpg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <47F5804CFD91177.A7A6C17A34@telecom.sk> X-Spam-Score: 1.5 (+) X-Scan-Signature: 31247fb3be228bb596db9127becad0bc ------=_NextPart_000_0001_01C72426.4E07CE00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
The hottest gold = stock pick=20 this year!    =20
       
It just doesn't = get any=20 better than this.  Booming sector, tightly held, with an incredible = PR=20 blitz starting up.  Not only that, but the company is set to = release some=20 smashing news as it moves into the New=20 Year!
        =
Drake Gold=20 Resources Inc.  =
       =20
Symbol: DKGR 
Current=20 Price:           &= nbsp;           &n= bsp;=20 $.009 (+6% Tuesday!)     =
Short-Term=20 Projected Price:  = $.05     =20
Long-Term Target Price:      =20 $.20       
 
As gold prices are on the rise = ($622=20 oz), Drake has positioned itself well for 2007 with its 1st = project=20 located in Arizona which has an estimated $102 million in recoverable = gold @=20 205,000 oz.  Short of the BLM permits expected possibly a = day’s away it is=20 a screaming buy around a penny. =20
       
DKGR is = already=20 hitting it big in the sector.  With solid acquisitions = with hard=20 assets in the ground, and a red-hot sector, DKGR is looking at an = explosive=20 year.  News out after market on Tuesday proves Drake’s = mission to expand=20 shareholder value making Drake a multi-property resource = company.
 
The new petroleum division spins off on = the 3rd of=20 January as Drake forms a new company for its oil and gas projects.  = A=20 dividend is promised to all shareholders as of that date.
 
Based on .10 oz of gold per yard = running a 100=20 cubic yard an hour plant, earnings would excel projections to help = justify a .10=20 + share price based on 10x earnings. 
 
Check your favorite news = source. =20 Check your Level 2 market data.  You will see that this one is set = for an=20 explosion.
       =20
With the huge publicity that is on the way THIS is where you = want to=20 be.       

Make sure you get in = early on=20 December 20th.  Win big with = DKGR!
------=_NextPart_000_0001_01C72426.4E07CE00-- From nyqqqrq@telecom.sk Wed Dec 20 04:59:40 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwyEe-0000Lo-6v for dnsext-archive@lists.ietf.org; Wed, 20 Dec 2006 04:59:40 -0500 Received: from dsl-static-98.212-5-196.telecom.sk ([212.5.196.98]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GwyEc-0007LC-My for dnsext-archive@lists.ietf.org; Wed, 20 Dec 2006 04:59:40 -0500 From: "separate Citigroup" To: dnsext-archive@lists.ietf.org Subject: Miles Date: Wed, 20 Dec 2006 11:02:14 -0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0005_01C72426.4E1AE0D0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcckJk4awTykoGN7QMGiPuCEQ/LjLQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <85A8D41515802A6.CB363C8FA0@telecom.sk> X-Spam-Score: 1.5 (+) X-Scan-Signature: 31247fb3be228bb596db9127becad0bc ------=_NextPart_000_0005_01C72426.4E1AE0D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
The hottest gold = stock pick=20 this year!    =20
       
It just doesn't = get any=20 better than this.  Booming sector, tightly held, with an incredible = PR=20 blitz starting up.  Not only that, but the company is set to = release some=20 smashing news as it moves into the New=20 Year!
        =
Drake Gold=20 Resources Inc.  =
       =20
Symbol: DKGR 
Current=20 Price:           &= nbsp;           &n= bsp;=20 $.009 (+6% Tuesday!)     =
Short-Term=20 Projected Price:  = $.05     =20
Long-Term Target Price:      =20 $.20       
 
As gold prices are on the rise = ($622=20 oz), Drake has positioned itself well for 2007 with its 1st = project=20 located in Arizona which has an estimated $102 million in recoverable = gold @=20 205,000 oz.  Short of the BLM permits expected possibly a = day’s away it is=20 a screaming buy around a penny. =20
       
DKGR is = already=20 hitting it big in the sector.  With solid acquisitions = with hard=20 assets in the ground, and a red-hot sector, DKGR is looking at an = explosive=20 year.  News out after market on Tuesday proves Drake’s = mission to expand=20 shareholder value making Drake a multi-property resource = company.
 
The new petroleum division spins off on = the 3rd of=20 January as Drake forms a new company for its oil and gas projects.  = A=20 dividend is promised to all shareholders as of that date.
 
Based on .10 oz of gold per yard = running a 100=20 cubic yard an hour plant, earnings would excel projections to help = justify a .10=20 + share price based on 10x earnings. 
 
Check your favorite news = source. =20 Check your Level 2 market data.  You will see that this one is set = for an=20 explosion.
       =20
With the huge publicity that is on the way THIS is where you = want to=20 be.       

Make sure you get in = early on=20 December 20th.  Win big with = DKGR!
------=_NextPart_000_0005_01C72426.4E1AE0D0-- From mexicotravel101.com@kcsouth.com Wed Dec 20 06:01:15 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwzCF-0001XD-Tm for dnsext-archive@ietf.org; Wed, 20 Dec 2006 06:01:15 -0500 Received: from [125.234.78.106] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GwzCC-0006c8-NK for dnsext-archive@ietf.org; Wed, 20 Dec 2006 06:01:15 -0500 Message-ID: <000001c72425$ccb2ac80$0100007f@localhost> From: "Dalton Henderson" To: Subject: Why be an average guy any longer Date: Wed, 20 Dec 2006 18:01:10 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.1521 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.1521 X-Spam-Score: 3.2 (+++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Over a several millions men have been helped with the potent ingredients in Pen-is Growth Patch - men have experienced bigger size, deeper penetration more action, and super-satisfying results for themselves and their partners. Don't be left behind! Take advantage of price specials going on now. Click here and visit our site! http://www.pramindex.com/?189&scic From andreas.bartenstein@bargainphonebill.com Wed Dec 20 08:18:17 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx1Kr-0000yU-5l; Wed, 20 Dec 2006 08:18:17 -0500 Received: from ip66.129.adsl.wplus.ru ([195.131.129.66]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx1Kh-0006Cb-EN; Wed, 20 Dec 2006 08:18:17 -0500 Received: from 64.202.166.12 (HELO smtp.secureserver.net) by lists.ietf.org with esmtp (P>2'I',*0 BM/5-) id 105?8;-1?7*9F-R. for dnsext-archive@lists.ietf.org; Wed, 20 Dec 2006 13:18:11 -0180 Message-ID: <01c72439$4c3b9ee0$6c822ecf@andreas.bartenstein> From: "Hank Stanton" To: Subject: OEM Software In General Date: Wed, 20 Dec 2006 13:18:11 -0180 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000F_01C72452.7188D6E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Spam-Score: 3.3 (+++) X-Scan-Signature: 231d7929942febf3be8fd5be2903302f This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C72452.7188D6E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0010_01C72452.7188D6E0" ------=_NextPart_001_0010_01C72452.7188D6E0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Side of the painting, the world of that wise, white,The edge of that other = square cut from the rightWith a hand freed from weight,Are muffled into sil= ence that refusesWhat I have in my hands, these flowers, these shadows, And I would likeSculpting each tree to fit your ghostly form.Everywhere, ut= terly.Is it almost honey, is it snow?Palladio who beckons from the other sh= ore,XX. To the Poledemonstrating their talent for comedy=97strokeThe winter= road from the St. Simeon farm ------=_NextPart_001_0010_01C72452.7188D6E0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable
3D""

Side of the painting, the world of that wise, white,<= br>The edge of that other square cut from the right
With a hand freed fr= om weight,
Are muffled into silence that refuses
What I have in my ha= nds, these flowers, these shadows,
And I would like
Sculpting each tree to fit your ghostly form.
Everyw= here, utterly.
Is it almost honey, is it snow?
Palladio who beckons f= rom the other shore,
XX. To the Pole
demonstrating their talent for c= omedy=97stroke
The winter road from the St. Simeon farm
------=_NextPart_001_0010_01C72452.7188D6E0-- ------=_NextPart_000_000F_01C72452.7188D6E0 Content-Type: image/gif; name="heoxqk.gif" Content-ID: <006901c72439$4c3b9ee0$6c822ecf@CBDAE1> Content-Transfer-Encoding: base64 R0lGODlhyQG/AcQAAAAAAP///w0N/H5+/L29/CthozaN4x1FbvDx8s7o+WKXshQaHTA2OU1YXVPN 8O/5+4Lk8XqBgdvd3cD2sJHGepTyGHGWOMPEwdnuYfTOG99SF6GgoPz8/P///wAAAAAAACH5BAEA AB0ALAAAAADJAb8BAAX+YCCOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ikcslsOp/QqHRK rVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIWGh4iJiouMjY6PkJGS k5SVlpeYmZqbnJ2en5cSFxcSKaOkI6KlXhIbrggrCKMnsqgmtbU4qlK5Kqq9R8CPwmINDMcoF8cM GyPGzV0bywylG6u3xxclHMrHsCXSDd04z1IS2SkIxxvjL6037ZDxNO9MEcsXHCbS6/oB9xv8aVHH oIErDsbyoShX4l42gSKedYM4AyDFJvciXBTBL8BEF+HgHduo6CONkEv+EC7TuG1awAAcEHAgWaWb hJkc0KFAScJYRooPcdpQ+RIKN28LGUQQIbSFNJZDZ0YyOeMpTSEqHW4714AhzKtUJuJcwEDbiaMM SHCQsKDBubQkxIJtQVTKzHUm1h5bNXcEB541+hqaF+NvwZQcACZU+xTgCFdmH0eIYPBbgFYbEFDO LHmzZREINkw2eI2EaM+mHbpydSyCtbw5qfl9isDYNcMaMT9mF3pzaRGtGrhOzAzcaM4iLrgiodv0 6wC9faeYCXjEvQb6micfHSFygA3GDEK7fNqg9xPaPXI/b0L3Bcqu0YsW7t1Vachxl8vPjBr6fNef AVceOyf8J8pI3Oj+5xx734Wn4HfHBbgDUVb5ZdszUjkGnDHTUKOPMpQtA4sEHE5z04YMkIUPcyUu c2IAy6jo0IonWORMWYYV9c8CAZmkWIoumtZhiEWR2KGHHiHzmE5JMjCiMSoyid5eQDHz4UgcHdnA CEPqww+Qralg0pfLbGnKOkOCc0yUS0VUHJeH3TheCSCW+OSRL34X40ok1NYhP7DwA9FbCpXQ5WUt UvlDBDxyJdBbmvGoD1H61EYWO/xg1yQzysXEIaYcnujQKOAV5I+fnJbq4V+qYdrac9tYVak3emkK E5UfqZSNcq3585Y47y3zEqqgUklQoZ8uqemoyoVHE3FtjtCNTE3+ZtcaqXg1uE6P1zar6AkfvdUd r2+Cu9IoofrDz7gOtRmOP90wcOpD5q7T6a+YOrRKN+Oq+qJqo0wza7l6ylvgpwER6y2SExJFEF+0 MVSXYW7hRGiTAeHEz00z+alRbBfIVGsphq3qqVJfTRsTAmQVmleuymAXE1J6yYsWU+nO5NCk18UU E6NWlszxyR/7xFRBcVIKsshc/abWPNDCi+C7HTtGnVIZFiRyzXPSObWpVRPsddAIEDRea1tvjBYs FJcFE1VjZ6zPTzhphvI/WluMV835xHQOWf5kZOHd2+CmMZUdG92D3Zk9hXNZjONktU84UWcNWkMr 3bFYaFfuj+b+McklF8gqxEayRVdnLKtcdM80zl041t0P6LJ8bWadac28aueVl66SWborhNbVsTd1 tcwzSZA5B5eeaTM/fTeVTFAzMaRy5RiSTlRxfy0AlQk2Va6o3nCttfylx1ceGpY1r3IxbFTTDncO lDp6Ga3ZKx0UU1IluUD/MAqa7BaQjy+RpimzG6A21oYTeqUAdbbBCYh0FrTr5W94elmAyL6SvQR2 LEXaeEs1mHGPAtKqZAW5HADPUqGC9U9lb7kWACnWv+QpR1UZq5dMYqiUvokJKUxBXTioxZQNtIWC LClIzG4VNHP9z1fHEI4UhUMvG7riUzqT1KQYCBMMuXAjNNT+hwdnRkAfMCphVJLVGXkmqQD6EHwI OhqO/AKyn3VIHP5w4Fd0Mjo9Fghrb/EcrRQllgBkLzkIKiQHg6ZH2PWtHLaRRkBaZ7dp4LF06tCg m3QkFyNNIwLfwA21uFGiKOlobBZLFCidV8PsvYsxWCvZUUA5koeRpJBoOZKKFHKBUgqrek18Wxy7 p6lD5oU2jhSII3kAzIxZBIIC7KDbpmewPU6TKceqm2hcsky/HEuYBgseJk0lyc8RJzNJ+0jkmCIW uHHAAoy8JkyyaTeNmCpmsWmG+rYpLExahC2yYSeCNkemBogMJdxQkXCs0byzjE4WBZUQOM3pSsJ9 hWoiLGf+CV9Jzc914xQgHYVMLqBQ1wDUmVbyC0nD2T4RgjGMpPOmlHIQuaMYlFaMmyfqsiWtyyky n2oR4Vc6JgsOMXFO7ZuoNRlExwsRUJlPKadSKSVQmz1MLbPjKUxcipYJmg6IQ11ZL5U0HXz+JC7s 81wr9mZElmRla2a7ZVort1axSQtLoBEiXr/SumdEUJJn7ShTuOo5nPgErrNj1PdcONSMCIok3XOr VpPag/yhCZTNlEr2etYTlKnMOqYiwc6MNLTa2YyzoK2mMp7IRJexkEcnHIE6qBgyRDppbm20rchm Z1uU2koEO5tna4KWEbAhymSmBQtCFkAoIjZJJrIybND+qObGtPEWjreNbmZ1KJDsEap/cYXJUxDE lf1xF2fe29paKrO0w02XVqklIsWM+UeZ4e23eKsmD9ZIwQSuESb87UZRoFctgfBLXf0wZN7sKLMD ZymlBW7tVWwaS7VcR4NSs5nSbOteaHgyYw4u2EuAGZQv5VDBBg0bflmINJuh9XnU+2j6YPexXJ4Y lSWLnozrVUP+6upEqNpavGo8Dedit4b8KBLlYlPjeOUwPNQyYhytad5jGjfESRaMCzJLPJPlL3vr K0hX9kaVLo8Za9CJFxX3ctEycQgqw6OyW6aTSQjLVspwFktOq/o5Dq05fwZ8szm/lDIXnUrNM3Ja 4Qj+Yuep+vnMbs1UQDJ15iiCMVePFrRD8bpd3YkZH59jdMYqudhtmERybgZ1ybrSIuSpOTx7jUmm JixpM2t6cajTHfJqus7Q/Ukq7iwqNyunqij6MHQtyoxHOW3i6bzzW355S1HiXBc+TyrMbTGS3IQt LPnWzK2MruFfWv1GFISNYXzW6Z/gWqL+tuZAThKsHV1i5BcLpNfzjuKJtqivDl+lzLJuUQRI5m6l wJttpBSWO0NsblRZdazd1jIMyua5sm2wY+Dd4FB/UViN8w8BHBf3WkaRuY+HXJk+C7VIn7WyFX5c 4xhXH8phHrp8qNfkpNgaHS1uToqjfOSk6N0KiOr+8ph/pRbRMyfJ6yZSkXl80VLZ3CiEDhuP+5x/ Nb/5y9XLc989vWOiCJlzpe5zmo9cAjK5eioQ57ul1+3kP+hdYbH+czoW1pxFv/vP5253vtO97xOm ulqoLnSXDxXwnkO89MIq8rz7feiCtzvdE894vVPe3I2//FlWKD3LQ2Tuj988RSyv+MJXXvDESXHg 5a73IxSdBXenS+gZL3rDT0cHth/6WWDCFN4j3tmFe+nitwzG2hve85PSPWyGnxfia17yg4e9syNf ed8P/vmwEHBfkj95iRsl96XT/YTv4H26WIH5VCg/7n0XmBmVWgbqB4X851+DdXGM/vjP//lTHn/+ /fv//7hHfQA4gARYgAZ4gAiYgAq4gAzYgA74gEBADEqwC0MgDBIIgRgYBYShBF4RBPOwgRkYgk0w P0lgI0JAFSQogiqIBCDoeh0IBB9IVis4gyy4V0pQbSe4VylIgzyoAwYyLcwBHpNRH7DyHQTSU9AA GaEhHJgFWqf0H8hBJ9wRhZIhHAd3V/HWg1qoAw6HJvpFJmGySSQQRZ31Ej9iIpPiRcfVIXnShYYG GokiKFjYf1tYhwBmL/FSTesyCu0iXnGyKbKFDsuVQuTSJlSlMP5yI5wSLHdDHIsoMPwTWnY4iTDA N2AHJHmkFD6nNkDYNgvEOojjiKimT2qTOHf+813nljxBAXKY6BfeQ4mw+ALxQzwjdULSlTH08gwp lREis2SuM1DZ8wzqVUiy4DnS8D96gjy0OIYrFovO2BBalG7xc1HpFTUwIg6hlT8+VmBURT0fVEZD RSozkkUnhkFH8zHPmI5qoYa/CGO/NWNGhB0TNBKExY6giItzdHQ6UUlHsl2Fpl858X7qCIsUNG0J BWPfczVL0T4aVRZyaEfTJhcY8k10JIiPxg47c05KBzgWckoD6YzQ8hmAUjKfkRjec4t/RULBZEzX w18NkFvAwWYflXbr80R0syRZCFw39pHOOJKppYr5CB0JNF42U14QZpKcBIzEJYl36I6C9DX+t/WT oQZ+PFmHfmJQ4qUi0iUbJ3Nb7RhLjAYXizQeGFRT/IKTqoM4/GiKWNk9e3WBVTmJuTRmHCI7UVQi heJpctMu92aC1AZoqRZLnhYiLdY3r6YUOiiDcRmLNWMvtsiPBTE0QUQ9SeZcavhc5Fg5ecgMF0ci CpUZ+cND3ZEiL2SDi0mJFpNz/DdUuEB4PLdFand0M3Rxlgd3Rxd2TqdeNnQTsXl4p8mYpNd9w1d4 zzecW2Q8rVd6xJmcfvGb6nici8ecahF85Sd8xikUctec3Oec3Cl+W0CH3Rme4jme5Fme5nme6Jme 6rme7Nme7vme8Bmf8jmf9Fmf9nmf+Jn+n/q5n/zZn/75nwAaoAI6oARaoAZ6oAiaoAq6oAzaoA76 oBAaoRI6oRRaobSgPGEXUpiiHBwaUiSHoXlioQ64MhZXNmgHohmqoTe0ouzAoRvqoSCVopiyGpNR o67BDhh6Ci1abyLqCCRqoiAHojCqoze0GkZqpETaokPqojRao1PkSwsQpQAQpVS6AFMqpVRaEDWK pGjnc+DZo9/5oyWKosozpBt6pEjqomq6pEzqCpNxGqPBalBapXRap3ZapykSpXmap1HChG96CqqA oTwKpmGQoqRyqGdapC/KpiSno2jqGjZKGZUGJHd6pXd6qZdKqUeyJpuqS1GipTcaUmH+h3ZfSqhG AHSIqqQxuqSPaqOsxqlkUadTOquWiql3yqdg0qm6uqmfuqu+mqsLhaNlagumigVdGqRhN6Nw+qot Qqe0WqW1aqt0uiaxqqm/qkvXeq292qu8uie6Kh5kWqxVEKSXcR2wRpfaqqefWq3Vmq3u+q6+yq17 sq652q69WiKJkqtAYlInqjziqoHkimJi1hWRWrCSOrAEG6eTCq8My7Dt6q27KqcEy4R+arASK6ed ah4lWqr/SgPcgKGIIrGgCqlvCqnlIadbOh8L27As+6vhIbGSarBwarGSirH5qiWvyqkpxJsS1bFF 8BeQQQrX4WYlW7QkW7ME26QWgK7+LZutFzuxBhupUlSzSPO0ViuyL9us1pqlGds3PeuzQ6CnTCga bsodW2qjZKuwI3uy7vqyCAu1Ueuq8PGkVdtiGUuXWfu2VwtrUaSvvPqwn0STYIsEfKqnoJqmL3qk MmukTgqzcfu4c2u1detndVsmLca3lou3e2uzIgurmgq4hutmPDu4RoCloYuw8FGyaNqkSMq4aeuk c4u0m3uxVXuun3auOWu3fYuumguzV9u3umqvuMq1MlQ2pIsVMIKnd8lqMTtFkXux3DG70Cu9suu2 1ru7WmJJlZu10susdzkNscqunquzHdIW+vS1x3sDd2GlVepmE+u8T1q9CTu9sfv+pNRLu3g7uZNr uwfQYv37vQ3Qv937tMArvJ4bvuT7aWSTvj6gDy+pvL4bvVP7tM3bvMw7vd1bvbdruwFsDP37wQzw v8B7ZgeQtSUsvSX8vdi6pypir4D7qsPCwMy0XLVqSRcsHAVAsRaMsvV7wz08wPabwikcwuGRwhxc twKcufuLwU+bxP1rwGDSwta6u2c2YjJMP9XDvu2rtwVgwTksv8ybwzc8xkCMv592wkTct0ncIiKs xrVbxufaxlLswizst/lrEPN0xTdALQ+sxTY8wdELxji8w1DrwwMsxh3cwQpMuUkcwsfQyB6MvQH8 xnKKyF1hxGuss1GCwFGsr5n+zKnAo8eBMTcAEK2PjMH1C8YK2xWW3MWsDMdy+slHzLeYa7n/m7eX DMS6G8V0rK6Ai7CWtEDoK8rp8DN2ugwn/MUN4Mo1q8y+O8Eoa7WWvMxWq8HXG8n4Og0g3MaOzCEn 3L1DzLctPMdSzMva26xROnBUScwoIDIRMKvE+8zwocyCbL/vC8iwnLNF/MjY68S7zM+0TJffPLvh DL7zSq0sfLomjNDpxc7wpzOm/MHyXMjVHAHOXMmwPM2sZsQAnL0jDLzIHEUCnMibu70xIr6cjMAv rLWGO2oO7QLubLp6egAFUNP0DM0Tq9H2HM31PMBIU9AFwdEgnb23DMC6vM/+Bi2+dayuIa3An4sX xvvSkPcPV2qpNF0ACqAAFg219KzTXP3K9iy/3zzQ93zH3Wy5jhzS/9vG3ky53HuxJYzGSM3UKE2p nOy+Tzy8bbFAHNux1MIoWkwWB3AAWa3VEaABFqABGvC8V8vYT4vIXr3RvzvJSAzS2Lyp3OxnZL23 lXvSB1DXvnzXtwu+7JrO9yfV02dE0UrTWe0AopHYlKEBF9zTqny1mx3LEhvOl93WbXu5cWzb3jvE B43SoN3NlRbalIqOqN3O1CHTbWEBWQ0BE3DYGKDYir3TEuvKFEzGcE3Skw3Q2ivJ4I3Zp9y7kqvI CgzaxK2uRc3S46ynIbr+3H3iJVoMAMgcAQowChawARlw3bINv95N0UB827c9yZgbyf9M3mcd0AFu xiXy2U+N3HR9R3bry8NbY/JdAiJDUvB8DBbw4RTgphmAAfx93fc7zZC9uWMt2ZId1G7c1Nuc1jKe vYoM3IlcucVd2nb9x/NK11lKMhneJ9A1rQzw4RYwhRtg3bJNyNu9t0j7zRv81kybKNycrf68xuZt s+N9wAmd0A/LtMNbuFTaJsNMzA+Qfew7pR7+4Rtw5Bjw4RhAATVL2/lM1gXuvQuOvf9c5Uo8Znfu 3ad8wBY+6Kd7xl0+4WShaPI9UoG9DBqQARFgARRwARjw5om92DZe1rr+bMRF7N1C7L8K3tTaLOq+ 3eBj3dkMDasqrdSoPq13Cg19baqM7scMgNiJbQGVjgEVEOdzjr8XG9m4LeVRruVo7chVzuedKsS4 G+D622I+fujh26fpnaXjLOaqF+SgkVBEbuuSXgEVQAEUUAE9/cyPzdmdzrno2sgJPuPJbtJZjrVp DaXQLuZgou4Mverta3PY/hXnAM9scuvh/u1Lu7RlzelW++cdTNZBLeVFLcJtjOz8nLFqnOVxzb+q vuphrtDTTu16PebWJ996E9hRsrQVYAElX/LcHewXvbebbdwvu+K77PC7CvHxPtJ6a7NAfe9eXrh7 WiYirOOYijzYror+/k6+Rm7kDUDwDp7PDG7gbw3qN+uuay3qLx/sldvIhL7zW6zCYj7HXe82sU6o ZGSpwFrkRy/lDT5FJ/znA72/w87uU5/Wce+rbr3wBHzJ/4zxrs7UTc0h642nVLqTy/2N/h66HrzM TP6qIw3OJE3Ea7z2Lc63NM+wms3Bua2/UBLaHE/t8YzOXBvtdrolMRHkaZcipkzFTc7imV7gG8zR yx71TevR3IvJwe2pn2urFB7hPB/6T4faH1TVW98VSl/PP736WFv3ufy2aTz58Br3lq/lbEytt/rs KmLzJ/35X//jg+rQiSPyh0sKvTS7lBzsTbzPvFu7Np+v3vyr5Uz+43bPrDd++BWu3rd6zvQO+tn/ VGEvomzTAPCs5iDQRFFTmidqHg1zFmabqvDa1mwc4wfT+z8wKAzyeryUDedjLRiLJxTqjDafy5bP qp1SuxsOJyAek8vmMzqtXrPb7jc8Lp/T6/Y3mNMAPPlWEUlKIBJLwwrK4YpiySEWy1FPoeTNUGVP k9OlpWRJUk4h1o/UFhWX1ZXm6JRp10JEQNid7Cxtre0tbq5sXkNfKUPExqDMDCixDqGjjSNkp6Gl EKYTz0IRUHMkMqNxNhdr1LdRzneVd6tTRKzuOnu7+zv8HViv79/IRkLC8LEjoTPMpEfMjB1SwsBa pWpBMEk7GOT+mbNPPIpY01JuVJdMobKAIwfuj7p4IkeSLGlSTphefvgAIzFin4xE/WYcBHgCGyhm /TZaUngRWjaInAxFVIKjlcVzP5RgvIj0VAMEIU9SrWr1Ki6pEfhwtTLiX0F+z8KeqEn0RsRQOUHV QAhEWsODDDVWwkFUhzKeH59WOYWFGqtUfJ1EfYD1MOLEitOA2Yq0wYbIxMquTfbvnziBOz51Avo2 01xLkDg7q6E3qcdfOcOl/hh16uLYsmfD09oVAJ/OkAnA3FY00rYjknQI3/hoLSS3WVJFW063iF20 OzdW5NtXylKOW8ydw/QaNu3w4sfTadxVCmTJIlIUXBYQs2/+6RTt/sDZsyLo/JeUdzNm06FBgz2V 2SXdtVZOBFKRtyCDDa6h1QJc+WFXCcFMBpBD2tS0029KQKfMXc0x55womgjRTCN3rSaYU9ahot0p Lp6SIHgO2njjbGE45keEFap3ISUzwccZJfQJZE1OCGFyQFzlrBKjEB6CWMhoSlqn1F8FqnLgKQdE 8ECNOIo5plU6RngmOJAFog1lG/ZjGlHDsSVOdu7xNA1dTlYDF2DXZOefnNFcmZE0TBF63aEtvEIm o42WGcAGt0EpAjIFWerDRJc1E+cy1FXS1mf56fnkXHFlGJRZatHHJVIvlsJQUhkdsMIGhjl6K67v 5LEBmlz+AZKeTShMR6FaIBr7J4DFJuTcqPqZamwnbRkkSqwuCvpRaqbQGmau3XpbBxiRnmfPCML5 h1d/bVLJjZTQmLacnqUW6Ky7nI3zjJaDdtRNq1waIYICYSDwLcEFzxFuPSy9FAFpiGQDXXJ/ESTQ qRlGPC2eJJIi77PJVqbsW/ruG6BF+Q62wghiDGwwyy0zxgGvEj5h1wZgbYPXh8jkxS7IdVEs2Lwa wSoqXVFKpFvIImPHb0aiGuhlBAFzYKvLVbucxwX19LhEzcH+hukVmnGDJNgvGlUiR/OW/KTQRkus 1mgmi7xQYKx6R8IXYFi9d8tgZC3pOBdQCGhe/4Zo8dj+J5bdjYlOrtK2KqH5uSFbGMutL+PkgNbq kiIckDe3fItOpt++8AjIBoL7Vta7Hqv6SYbtDhFxidep/dNPmwSF9LRKL03tL9yd46UCDNQ6OvLe SiWB6ehVeMEFJBydg1urImu5Z2g3FGNfmztVtLI7JAmj0qggZUFTTStqyAbJu4/rwFn3CkBLFur8 W/XAJQvqw59e87PQuOc03HlGWpGI2+WudC1sCagaDVDAtkL3vgmKZ2ASYIDM5gIZ/6TIeldAyNnw lb0hfM8cJsSIfmJXrLUkzXeMw5ICZ/WVz8GCgja8EQeY16sm9KIHa5KTBymiDCTFjT910UsAgYao xzn+zmg8A54LW9iRamHLSwXgwQX0dsMtLiiHGDzThDoRPdLYSznTcosR/Req7kWOjZsDX32GeCzy ze1USpGRDBVAlAs8gGpc/KNswIAADI5rASKIzNvkqLgsoWpVaVwk2wZIqlfl7ogUq47vTHU+Kn4E ahPJogQBKcqTIGCQK/EDcKQnJG5AsmJCHKGrlCi8yEXSiTJZUQKtBUXsKPAgn7tiCUA5ymEmhgMI 2MMOF9Y11qHKbQgZDfbqRS3vfa9FUGriK8O2kEGtRJN3RFQVH7gNCfiRmOakijH3gBseGbIzYUtL Gj3IE7dUkoTMAaeBtmTJORkKCt3UWvAuxwD0Hcj+CBG44iESEMpzMnQd6Twler4SvsIB5WePRBsJ bUfLatHrIahCYC67wCM6CZST2DmAHhchgYaytCQPxY0vUCeMQOFycvzhz6jgYs8WZYuBz3olNjDp z0FJEQpHsQ4PChCBWTXgBSttKVTh8VAw2uMhrIwmLOlGopCFg3NNaZsTKQojdkpqX3R8AvpMiqmD NtUQX1poVONaHj2AcaTGk14IQ3HRxS1rRLPLKSl62qwhnOusaGoFS4q6saeJcxEKUJBcI2sLQe6o Kz0ERCOTBS9pVkynm20SNfHZQLBaLEub0Q47qQDT33nEsCd9oGM3sDLJ0nYWxtzKOvtQiMgw7Kr+ WfVMToHSxgZqFI538qBIdzhUv6TGApPE1kFSeoAXKEC2tb3uHWxTVx7WzHjIYmQKf/tGjgGvoKPt 2O7uxIXUOi8CZ8qOV0/WgpSWwAIKmEACsKvfg3Ggsr7gWuaw2kThMou0SWObaA/lRt25sxSOAeMG 6eGkmkUBlQRNcDWsuIICKKAAFLgAZPcr4jXkAbcRYiddjKRI47ZyREMLWuMwHN8mNkRssbsIS/4W BRKg2AfdnVlkKFDfbBlBARaYlQUaQAEFgBiuI8aueahq1yUAMFREy97QBNinwBCXCiQI7CYwNlQK 98F4Qw2GMDYgAURSigEUYJiW2FsTCBJFAUz+BnE5n6znMehIZqjUwQi+WzsRNefFsOpe2sBpNwZI wL3byVgz+8mjEaxEBO10xSC8yz0lW2tW0rWAh++cgNnuudQ1NHFXkPHDyQ3aceg10RvBZ82ZIRNz jXa1R/sTidSphH46XsAGMCg9XmmCV8ulgLGJjNJZTde+0EvAU01t6jBE6sSpLoGpaponJsG6aLhj 44K5bVSGSeACdmvCMQ2tv4MIIxIJgMwDeL0Sc0fIzO30bhaCbVRkX4ACMWxsA+x7ZwlEW9p7Dtc6 VzshOGeu0PLq9vaARhgm9SV1m1MzMCRM1EZPATIXEIYrBOfDeCtKAg14t0hHMDP3AuDLkrH+grFb Lj2VD2a+CH3gnSFwgYIb/MkIn9+8Aq3NABlY1veMVwM+3hA+MqEJSp9xE9DcAJM/Qc0XYLI+pg7n LxGABbymOkxhau9g4+bLwPi4E8gOGa/4u7VzPsuSy/1xhfb84DBL+LVPoMqejPfhGC0u9Ppy8gc4 ugn6oEIvkv70JhA8dRJAgHujwjCnCw7tDPj4IC/PMATc2gtpN6qEL+/1J/DYkG8W0HTpHHAFUEAC CdjAY51c95YaptrjygRmsvnZxmkPctTEB2gi0PgpCL8XIJf8mr/g6MDzQba9UPolIvBu4Cdd61NP PIgvSNWvsNwVdFG5sTkNjA34e0DRNQT+kqtL8DeTevb7pXZdcXOJ9ahXUPTC9e63IPkpfBzjVZff rTUAB+hY4H2JN0Ce5q2C5F1fBJjbxzVg001dtb0XIvnBl1WBvgUDw0TGBCSZsh0ABTAbqFFAAlxA AljAl7ifzw3giR2WD7nCqlgOAXkWXMxafqwZJjTayfXQ0wUgXQnbBTUgOBzT9TUEx+kDIqVOZMBK 6rQg/SyhBbbAxwnOHyhgL2lYwBWABejcBFxAkoGJCopY6eTWOgEBVrVarHkW0YATPszMuzEasaHc AgTgIJ1JAxqP/FjBA5QA1XmHyV0er7VACRZPKDRaapWe/OHeeu3LdaTW24lg65UbBQz+FBiGIZSF wa+tFhbcW/1N00bx3reRggG6wgVdXtYU4RxGnimR3gWlzkjR1ZoVCPSM3B9OHdUJH8EVHhg5gZyF Flr5C8owFUq1HgR0IDBIgOxZIjGBgQ4l3Ba8xBmSyj2BYmiRiuQtAPQJHx5CQfQYUh1GyB2q2Y7R lZrhgPPxEMn1ACIRRtOFXR90E0v0RVlpXL+glCEcmQVQQDFOAAU4l/Apo375DSHV1SbSH195YiQ9 2gyWzBwGW+dd3+IZYoLs2Cm+Hjo8Hg8+AMH9oQ/sndOcB4/AY/r8Ajj12LIxlQU4AAVMAD+ygAXQ HUDWlgXF38wYEg+9WjVJ4xp6jyn+TIGaFV8O7hw9MJoqcoHwVd1GVt5QGqTbkM9tiOQ1LdcCXJjb 2WMi5CNL9mMPUECIxWRkLc9ASghhjINwFVfuWNNz8ZDc/QA+aN8TBOAFTYixGZL0oNLSvJr3uKM/ lVVSOCIr9CKdIRkFOEBWWgD6UEAyeiUgWdAXOWPY4CSCjddOHtpXJUC89UU65CGw9ZAuVpg/cRlz 1QlH/FNuSSWGuZYVrAAEHYR9UcBK8mNatY9i0pYg8aJeKorQQcMSXdMajuQWgJijdSQ9muZhuSCU YBQ9eWYLviNVIUoG3Y7WFBn6HZlrFqNWPgEF5NlstpRUmNJT/k7H5KRZXtlwRQH+tskYe4UkUT1L 7+xl8zSnb0LBhZkfbPlSPr6mVqLDdkqWMXFAY+olD8kO3XSHGxWogqHGIiZXcRLoZvFdwnxnBnmm XfXlL3zaAaQkS8Im/+1nZPWnbTphFW7V0X1bZJoUJXEPUrBXdOrSsgyVwknZXrSCc7WGL72AInjY axojFCAmh8aVh0pIIWEboaVPQjqNJFWTjKmW1uBG0x1neCnJFICkpBSSi76XjMxXTVyoPhZmgUxA j8bVwOgBGYodL9mTlnBHiZ6bFnTCuE0pQMEcj6FOmSaEhLrpefzlXZoCinnJrLCmSmboJHLBBXxp VEmFmDpjoRDdgPYkQxZo36H+KDAoiiHRqITdgzpuHWFMXmiuUXPaaYpGgXPJY9NQijDmaD+m1RMM KqG2FC8o3GpFXIGdKbhNZmtcIOnFAAzqX6C5xB4wATBMKgz6UHCWpYt6alM4ImJRgSI4BI4CKqq+ 5apy5zwA6R3RqWCF4qx5XxQEmwl8nAlspiHR26+iUqRMnjBAo999RpVOKZWaZlpV5VIZgX3tYwc2 6QJ4abSylG3gXWIdBay5Ggq1EYKlqK1GKqVMHrbp2Fw6mppsRQm0XFf1hITC6HIq6V64XQwcwTDi 54xGAc/lKzGV0o5Q1Yts1WLNkoF6hK16H7YhbC9sBTrU21bomytAbK5GXHj+FoinvqiC/iKNMsBq XigI0ut1+sLHguwo3RbevRdeMBfAKlgaXsl5Vp2kMgwAtKwdQgHDOAZkXK05voQ3SKx7uqlxfhO8 OoSWZqiOfubRIu1i9lfYlSZwqKGsUpI0CmwX8Bjx4arL/irpWeBmAkLU0UOT+lXtJAyMvmrNmcyf 3dIDEW3HSkHbui0X7SvgWNlZxmjAZmsXTK3BupfL1izp1Rtn1lo+ddsuuWNZqWgpzCeh8AAhCiZL JkC96ikDdCXlvi1uLS0P8d6iEhejPoUILNylBRq2qUQTsOuVbuoANc/qqhWLdBIjCC3rTYAEaGhG tF/u/tHAoNqdKupCEgr+o/piRsyUpV3aJhZnaukl6+IfvOzl86IJkYnWD8SrL73m9RbtZ2rv9m7R wNjebQRQaJSKAiXpOdBfsi4pfBLnDP6dVPIlip3DjO5kD9goDxgmYWboBFdYVPTvKEmFuPDuOJxl 8wrIo67nUzxvu4ov6saK6r7naSJkFfBAvDKbazqrnvaIFnlw5UJK3C4njOVfopioCynpPyHuCs+q 707sEZOkOWxwLVHPfOnj9WJvwgggD7/tBfBrYrWAo0ZvAZPv3PAFgGKO5AiwcioXL5FC73RbIqSf qYaqal1tYmYxy/yvn3UxNW4u1GWSdcSvtS0wQ7KYU/BstTLRBGPUnAH+iJLNLmw6Z4/YMfcGwBZT a5n6hU6ZsRj7sYK+KmlyDnmSQxMzonO4ExGYxQrgI72urZI2gCRX7gCO6YTYZA0qUSapqeZSrEiO 8sZ42/tWbL8oskt+CmyhX7MWphwnzKK8sg3Fz9LGYz8lGi7bTfsy8A7xpQl7WyMSVV0kmREdQm+V QHVqsEcwaR0zs7dgYvz9WeiFrQHncgorzc4qsJzVE+SEcTdfMBGYAAQpQmvicA5zxTKj8/uEAfOM aTkYyvvi8jtnElRi8+n6MhEPWHYkmW7gRLnUl4eprR75Ih+kA0EXNDMSkjtmwxQhKSd/6oJS6Ce/ cLuOb4GFMXqth0X+Fwk/l8ALhJqzRq6EDnRIIw8zOqHiDiWaNrTIVDMZvycvH/IeGwj4DA4gvMAM LIJSNVWSYSWg+uvE+vRPi85IU2sYhS0ajzE36YuUdipUnqiLgfHFUpmq2dlX2GhbVUhG49yWaqhH g2NXu8/AeCfvxugJpbTFLhdSgyR8InW6xtirRAlVtxVbMRuzNRWH2ZkIaOE/Z2VnQHLVnfNeMwpY OmOE8qbwIPaVGHZSXzNNQrQJ7VTApthN9KkwQjazmQVlH1T1cukGW6xsdrbodGdYlrGBGrVgl7bz HhZp50mDsjCAbBhkN5WdPTd0d5hso5Sd3TBmJzI+GQ9vj05tWlv+aYov575pWauwSht2hK7wlS0Q MaPfrEw2BFSXzkEAASjAe0O3bEfNXdcrU3DZ5XH2duOIoarTU46UWWr2cFtzJ+vySjt1rC4RpigC ZFfXfM/3AChAhdtZhV84dCMUSplgPryZB/5yhjWgf/+3jbQqv/YLuB24EZd1cfsZiJ4uejEvI/gS ht94dUX3c2v4c3O4AtBuAggZDKRNR/6jiVtNgMdtaM/qp5K2cqonRI/tiy94W+smrE33ZMMedPN4 dEeNnXHYZDOVAhDABChAIODHNBCPmh251aD4D9utRqWxHy+1Sidup640EzlofdQ4det4l5u5mSsV mNt2ARS6dHv+CeyRQOtkRnUJn3ayufJIhYCTYXGWaII5eYtH+braOWKz2DRhCntPdnRfeNQQuqEP eqEf1EEVugU/0Jr4SQFERqFPLqTnioIIuHd7VVomcVKTFXFzOrAvtjRMRMVoBJ+L+pd3mKmrOpgL Oqu3VaqzemS3SRLQd6rTeq3fiqFWFjZLZs9SOXHvcpMDO3qzlj1NBGRz2LKjuqCverTntLvnNKsX OrN19HE01QY4QKEbAD5k+x1Pa4qrKGjKuVkjLrgjMbmL9xm7S7q3u7M/fLzHu2QX+sRPV1NNV2TL NU5r+XNXor8TjILs7nbB+YFgusU+dHIpL9kqdxzdCYS3d4f+vXvMV/aGXfxcU/yzv/x0W4pt17ed 5cOjf7yjhDwXAzOTL6KvF7waL7i4w7h6ftVMxxGzzXu84/wh5LRkY/wVIdTWY3nD65GdQYABKMDY Q5uRC73y9BlYs25afvuvt3Svb5e4M7WgYTnWY31ZaECb7Dzf9/0IhD10j1oBMEB+oX3aB8DuLnkv j/tRE7ZypSfZOv2bPo42HVCWTNe83xxTtYAGcD5A9L0v9f3UK4ADEIADkL4DQAACFM/Jlbjhx4aC hHCKE6hoffLbK7XCq/ydYwlhsYVs43TNl4AGDD/xF//w/wVkh/5sZ9jOXwAEwN7pyzch3q7rv75i xL6SCzL+yho8Yj+9cRv8lBsrsjKXb033xWP8aHS+8RN/A+i98vO9L7E3ZEt/9L83vvCv9Y8J9iN0 +26/ilYzCADLCJSLeY4qmYpu+76rytT1YTdMc/DMAQwKgQyN8YhM7nSzpuV5WAwVEIiCkNj4FoxH 4AsOi8fksvmMTqvX7Lb7DY/L53MEJ7A5lUyyEYNL0yTCMthkmKIyqIi4EqOH6Nj0N5mzY9nAM6SJ o1GU9Gm0EDFBkfnzg/OkejO0MQCR4LC10IBAd4ubq7vL2+v7axdwsUe8OPN3+Nh4GMkHwwJJCLPX wrhCeWpp2YOjWRBUAyresEBRcV6hqpqeboGq6ZCQFYH+WUNr+5uvv8/f78/LIeAwPi5QGJo0o1Cf ZIkaQjOWyJGMZtf82Lh0KdMmITbEJbGgYQGGc+bQobPAjoKUTQoSWPGBrIGXfzRr2ryJM9edYXqI HUKYrE+khNKUQSQqkaIkLjcwYuq2Msg3Ijs8asiANYNKBhNMekXZzt1GKvRsAIqQM63atWxt7ixW sNBBQXLlLmO0SNFEQjHiSvzJtJIOTBqFTOXoMcPVqxnIWeiawatJlE/eHRAgREGEHvZGRJjZNrTo 0aTbSCDoTC7QoAsZ5lVWzVq11ARj07iIY7AObhsvg2vwSXFW4ToqYBgZWXK7Ct0OHJZa76KogKWr W7/+3paDhJ4FZQcCRDRaa4VFU8vu/tf8QcFLnvYOsgCU8PkYOjE4nmGkZLBQgBzGDAQ9OtjzRwQc gIZdggou6It23NV2DEOx2QVNha/NZuFscA11zUU1DLbEEAAOAUgS8w2HQQYLWHBciykqV5lhz3Hj 4XR3MIhjjjq2EdB2qFFYkSF74eXQQ32JJ415f8mGjVNP8RBVEAAK8ENwww1nwYojHafcOatI5dxz A5q1wAYc4LNjmmqq2SMDGxr0HXhIPcRMeUieN82DE0Z4EYiEbTIiEfEhcSKKNVCAwQQuVpDcZKgU AOk3gcJ0EVo3rolpptedaYcEblLDoYR0EmmNMUf+okfnqdx5F9iH7dEIJpiHEbrYlfmtOIGiLeYH 4w+QYgapc0HUg4MNGwSApqbKLsuWBAg8++mGySATnqlCOqRkNMvA1ROGfDaVUWHvVXVEoVilqBKL xyHKpX5eVvBNvGFGOhWlHx6bLLP67vuPswh4yi2Q1PqRkFB2epteqq+hRiogHtbzJBArBSosDhGY aARIWWGQ5WMubrkfDvT+KikQEP/QQATHXspvyy77IoG/bj6inqjbAllnwijkxTCorRHsYXvuDRHv YcABt4EGY+ZAwQU7JPoxyOiYU/TIwZqc2w4UMEDBmS9/DTYuzjrbwJs4y1nwnA3pjPCoPqP6sw3+ uQ04dKwATsXAxZ206vCKT7eoqHHuemmBfwIUcDjJw0IcwR/HIhh25JKnEfOzZdcWd1AR4Rkehgk/ gx7m61UiNNFhhgkgPVHsEIECG0BwgWZjKjABArlGvW7h89KbuLAFENZAKY4jO3nxxpPhLwKXc2tz 2qmunSfb0BdDszPWNOkUb0AAG+kQgyngABbyJPBAArEHYQG7ugpOgTs20GsA71cTVtYIFATA8vH6 S+4vB8v7zCrX7KxzeNIZeZKSraX0qT0zQt3uLlMAAzigClUYH/nK17hJpIwCFCBFWRjwBAr451fx i9/Vfhe8AXHhAg/I3/5e+DJO+c8n1gvSwIr+8rwiwc1z04vLNED1LW3opjDBKppvIDWACVKwguRD gDx6oIClzUAVHORBBCFlgMMl7ncFsIBmyHSBA8FwjGB7VgDIgbmfSag7nKNIUp5BAh9S7yi3WeCf pLQ7xBXNARNUIhPJRz6nUUACpKiMO56wsQx8w4RXxKK8NJNBaoXRhWSspLKCgUbmNS+O2lqIqRCI Q9HRxiiBwI2fGjCjIlZNgnxcokvk8YBnKeAAiCKkBC6AAXbhJz+KbEAWDWDCLDayALIj0AhYSB1L KvOSd4iA2c6mOTYejGeQGCVffkSzuTwsI1KK1BbDxMpWUtCC8sDE7XS1KxRZAH6IKyHinFP+TDIt 4AL4W6Y9M2UHDjgzYAHM2Z2qFTogGkRJp5Jmh1wFPNPJD1J8bKgfYQGLBEwgZYm63a5ShCVHAnOj jVRAFFVILQkk854k1dGz9NktIG7SjdMzEg+PlFK/qPQYQTvlCPWoR2EB06F+fKU8NsCADVg0nVfa wDqx6E4BMFIzxerMCERKyZJK1Tr53OccK0Qwf8KJQhCSo3r6ssOaIaQpQxTCFkd2AAmGEwI9faUC goo7jF7pqCX8pQkP91FyDIwBEmhhVKcK2NCYMQIP8knzLpQt8mRzIiyVqUBHh9AQ+c5qkdqpQ5e4 xAZ47GO2wgo9iLlRYEbQhAooAD3cNzD+qAZ2tdUZ7Nvo6BpvaTV6NARdbVVlF+xlbWgkw2kE+RhO cY4TAgewgARw19kI0LWuv4RUBFCIg6wywA75Yq111XLSPNwWmrNlG6pImc0kOdY2QLOjZJ1zVkmN 1rKXXeJbjcPLzg7nuaGtrwmzhgxkAICvI72uf3OS3R/CNpr/vIteYrrY6skRdNoE12B6ULX0btQB wX0oBDZDVPlmYJ2+rO8VExcdeXKBuv8tMU6ehYANPHOTSWpxM8IK45helUmt2saDUTfMdk64wn7U bHw1LByk2peRTUXbfoNh4iTTxFkcGAg/udvSgeowPWmc0IJDx6Safsg/eaxsfXnK1j7+FleuQObY eoccLCkeA8lKbrM+OJXiODKMxeEd0l5gmlgFFxY2pWzVbncwQmHqMbQUJnRDrZA+MstXA8oFrX0j ZS/wuKAWf3WzpW/hrwsUNlTdLZWLV0VDgupZKRXBjasAjeMrMje0jdxx+oA8H5AoYMiirZdTG0Lp S+uaFyjWdKjV2GnrHVBDtn3jj/gZRLJueV6M9HCr6RXFx/w4uRrwqAFm7WwU1mhtDejvrr8th0zv GU6H/ZlijQ1HUecZttg79bwOt2pVn/napVXAqxcNEuVGIAI79jA4+oZrNoN74G4409g2XcPYetdz AX0bsY/92D4HrU8QdqSqlSrvVQP+UzMcTFGKLJCBDXDQo9imcKGBOQBIhfjWPTFQpQkOc+Q9y9dX hXIjPmcnUT68eillsCSw0VS5jcydtAafBGdNYS+qQwMgf0K1vWj0k5/8G5TKagwiYMaYa51yB38t VjXXtjsznDYFlXHES93uPlVWqXaltckdEHWSy93aO1UrcAtd2pWznA8u37rfzTA2gAXM5mtbEpKu /GueXXlPPw9M0D+Ucbeb3O5wrzz4Ln95Pka97hvXtoirCYC+/330YYhZzKIFwMO+lJPiASsPx33s 8JaaKTXe8nOF/GXK85Sn4Nu97yk8a3utZnOh9zbp/e4vwTOP8J8+d9kTP8CA+rz+wbS3o6NpTXke /56nrFQrR3mwtBv6TPTHH33llJ967uL29Q9fv8MBiGU+Vb+mmLD2vO2u/e3rX60fLVaxBPEg5Fd+ yIdilwNqzLd6ipdgodZzPeMX4LUUaPMwrqMAAzBkk6d/Gbh7eacNxrQtPWEmLzeAugZnymM2/VQt jOdJP8Rgz+eA5CVxFrFA+1aBJGeBk5d/h6aBJhd84Td811QCITiCfwdn/zNTohJWCjNKXrVd0hdx OPODOWABNAgBA4BtdXd3vhdmYbZ/BkAj2/aBBLEBLTSEf3dSmaRz5bZ6N7NYBOWAcJNwQQI0rZIy NPg6BFB5WLiDbMWHG/g7nCH+HTd0gEFYT2WodZxyRiumetJDZQcIajzndZwWJ+WVN1NIAR5FALBg gdm3e33IhX3USnxETF9YI9SieHuwMoa4dZgkYF+ncK/XiEtobL9GbK6oQDZgb8SkABcAUWGmh5cF iqG4hZpXFiAiHczwJqmoijFXVYNncwqxJGLHhA0nShBni1lFUyAURfZmYWylezqog1zIhaVlMkGD jXLWcJO0jMxoB1ZFPSgYhrB4TQzXgK34WHEoKj8gQh7lABMwXJn3du1VBX00kHCXVycDhthiNuq4 jgN3JgHhjg9IeN4lTY7lVSwokbV1jdnYRcHTU2wldwPZexQEin1IcqhEign+WXgWCQAM2ZDgdlIR iY+xtYDaMmq09YjOyH4MoUFPAD6YZZAkBwEbIHeZaAVyd4kUoFzA44OCuIDS4pIvuWvNaI1QdmAL J14MeI+zSF5QVgNQR5AU5FG6OJT15jpHSXJe5ADPBX5NmV9ycopQKUZS+W2u9WSLmIAaAofRY3Zz JJHTYhEH0HsPNZZkOZbPRXL7ZgH1p5TAM3FjRRfQRwwMEJV06WYPGQDOhHAbeXjyCHrQpydLiGCc KYMc5AAUsERw9zuJWVrP1TqIhkpeVAqEcWrmCIBxCReUaXyWmWSIKJM184p5hhdUhmebFppwJFsr wQCDOZBHCU8e1Tpc1AD+JPcN9KAAs/l4KhmGzzSZIlVdvJlkZqRitGiVxLeGxfZaf9kzj3iN2VAA qEkBoFhaXORRgolCqxlFAtKYgDhx59hDLNmdAgeeShZggwePzcd4kNiCZDeNLeiKUeAczQmSHgV+ 9Tmd4OeaeUeDTRkht6lg3LlfqjWgbsZk2iUtwPY80RhlOameiMdpqiEFHpWaqukc07kZKCkErUMY 19mfkClACGc2/PWdI3pdMmSiF7mI0oOeoNeGfrld3TIDIsOPBUmO3BBF3dA4EDadH2VvtumUkemM zySkRNpm4vYmpGlA0fAH7ldQsqiXMOgHQMCP8ukfPCBC3SAuFBo8byX+T9TypbEIoiVQCwJKpv6F Ykd6ojZjQCKwplopYAy6mX+pAlLxdgOZCTywTv4HEz0QPMUVRWijqEAaqJNJYoVaYtoxc6j3XWdD TT7koeqGkTlZZ7EBofz2kyBpNIL5fwPif8RETO4Dqq+YlaMqqIRqqqxlcAhAc+O2Ung2UAumlwIl maoyAhCaVgUgXPaGp8WVX6jwB0CgdCL0pdfCoMS6Ibl2rCWWaapaQ6xKj87QqOClniwai5IgmIM5 QaaQCm8FHtHFBVAEd1GwRu9qrs80qEOarlO1rtyJl0syM13FSYk6rYbnH/FzWVEkdEwgg3IDQhzk gR/4UhBXsMWKYiL+mLDKVDlOc6awdW47CX8KCFauJ5pRikUOkER8JK6n0EU35K+5AXfBim4ZKbLE 2gDJd7LI+i//wq4aeS09xGfIKWePKlNmBxuBNpj09pUfUjhR6jA7wKPiN4sTO7LEUAumd7SsdX5L C6evynM3N0BvGrTrCScjZHQbNUvRpY2NxxS05ABg+5ToObZ+GQGm5yxnG1iBp6pQiqJOK2Xkmp47 s7LUMKkVa7fxU1xNtbU0FZiXSA4rCXtvKKpTe66Ea7KGC0OVgwBqK7ne0YgpsKZQGhFXmW6wJxvg xGryIhaZ23g7sJidyxdPObSPG5ovO7gxcwEIa7qVlHxG+I52gTP+qVckaSO8Nde2K4F7lpu1X+mv hdAZP1A4UPK7K0askTq0EXABtyRSyStVyfM/ihucrhexk1qP5fqo2gIE8YY+qVAAgsioTOFFKLOS 8Be6J8iwG2K+xou86jtGBSi+nKM2FEIJblhzt8VngUZk0cWr7vCB+SUxOwCEwUuebXqmGwBUcDG4 51u4CnxPRUjAzWobJgCh+rWX4wW/g3BTihPDhVMZ0EMwmHqMkCi+J0rABaEDx5KZJmx6YaTCJIVi v/ldWIVz8vsDWJZ40bq61utbU3ENlyuwRWIDGlytERu4LSwDS2C+XxBGhbUBpLvE90RdzCu5z4sU ECwFMiyz9Lv+JFJBL/BBA0+wv51zAxpbx1I7soxgCSqQMiRsvmbSAF9wLGrMxm28TFRJiwcKjSsQ w7BBnNIKIda7CR2iqwBoEZolhyD6oUGqBRegBYt8AU6zASpDTwiwb1ywIRvwLzEjyfbUxEPswpN7 CtVUvzEbtZOLR3y8AsGzGnACQl18AswMoEIcamsszRJAWPumyirTOLQMfbb8LBKQy5PcjpHLmRDs f7E7jxbJl1HxHFJgCF3EzIawmKYoaQVsrmVyS628ARewb2RCrLGcwN9sPJQsLQ58F1zgA138tlXW cIzwyc48qeDbOfUQgc/8uAOtyq9MWDoQe2HakvlUugAdNjH+2cIs9gN8KrBpRI1yS8zw8c7XwATj SsoO0ahjfIIaLarDS0OVCdJjFBDjScaiEiCCMrsIdscMLQQrIcofawiYUNDnTNOg6aRn+gj0tNOT zAE+PWM2xwBcdNJsZKBCjAhHbTM/DM8DYxBRwMuBa5zSN8w7kM+FWNWV1NMN3E/+8VkIHX0vu3Mi ABXs3NJhbTO+a4tPXdHlOl6sQ8LnG9dujAfiTMeGMZ/myYSn3AdEAKGs4Z/rcXOPMNMgPMBqbcb5 3MoovNgr3NhrrVg0IKfyInvIpmfWcNlh7Dzj2iGbUyoUXbCf7Qd1KNqjfb7GWtoL3GQMGyE33AM9 F7WODRv+P6BwCOhUc7a0Ua2VICy5vO3brcxkYPDRwT05d4CowlZHO6ByWGNgL3iRNszc7IyMBKS5 LbXZhN2EBp3I+Ozb/bOb3K1MOwGkUQphqgNFhEVKTnh2mU0X5wGFZp0nHxy5HD2ZmLBvva3KhHtS 943fVk1zO/SvKWNalt06CC5joRuY6u24mw0YAfysuE3Ru/3gEI7dnRIMd7DdFf5CdqCyyP2vByAg 3YAKm1Heg8hpfx2PJN7e4XvbQwyiNbDiLI66DxnjMp7fyrfcyzYJEDoLejHDyJ3emC0U5HYbkq1S 503ciJ3PvS3hKAbcTm5dZ1IDmqTeqLASs5TlDD4kIp7+M+0Ktfwcu11V2PDKOrA85tiNumaOP02O 5m6sPPbwjgb9A6rjq84MqSxI4A8c5KVM1FslzmbMyvUd6CXrNYV+ac8iIPqFCJOwv/Cko74rzGyt hgYVKoi+KuwJmh+iMiwO6GZu5oTu6avlP8BDwguwHTe+pXIH4McpOnK43obltJNYFw6Hjozq4KKd 2LUeELb+Bbie69Y1GBaQz3fQHq0DndPZ6zfzsgjIeozlLc990wfW59GOz4EeENMOZ9dOhDFhIAHw ITa6AX+oMp1LdtM3sMlNbvALttTE2XU46xC+6bb+z/LukBxADAHAFA4+JipTAE3r7+SKoOYsuX47 tQb+/eAXPdqmp/CCXu0MP4R88O4rQM1bKs+fCY/WYnhxPNiuGtp/rsoozOn5dFImL5VnKhMPYCa/ 7qGhCrmtKMZXTHz75eCwTN+AXoLv/u48D57vWO+D7gd1IXvRSirIntzXswzrbvO1jgCxhGJSn7A0 wwAsQ2cxL17m7NQzoFkHf90ir/Bmf7YcoAd54+c35KNdL7M4nedx0e1MX9+/fesUbvemOkN6IPEb +8PRF79t47pKsu7XLdr2jYiJL8kqy71NYmTxK62Vjo5ITvhz31dQb+2aX6gCgUYRKCQq6tVXzNu0 LuGIr/q5HPWqLMiTCMRajwI1f/MhXzlkqN2pf/v+CXsp7y4Br7z7rQqzrvvsSh4zfmX8x//N7/4A D3BLzK+xjsqowH/dhk+G1W/9O30jgs4p96zI2PzKwX++KOwvxF/y5W/9JVjt797N+Z//zjL+UW/7 9A8CgTiSpXmiqbqyrfvCsTyXXI3gOMch4x78djahjWY8IpPKJbPpfEKj0unMhnvwcrkiEEfiUsPi MblsPqPT4R1C4nZvweo5vW6/4/N6YPf99u4FCg4SFhrSFbEBHjI2Oj5CRorISVZaXmJmam5ydnp+ goaKjmJKXFxkmqLeqe4hnEpIvV7E4sGS4o5cNDD0MkT0BPD6EjNsiEj0HpNcFPc2rG44+zaYDFP+ R9T67BIDI/+WRDBUk0hv8C6PSK/ypnBw+3qbiJOTXD9n2zOMoJesM9+DluLesw3BhO0DSEwgv4Tl GKAiSCydiGYNDooYRwKBOGqrAojTFiCZsRLjOESolysQh2QNNpyiJ2IDzXO/akYbF6GExZobOsa6 UJMezhrifAJ9aCzmuGAnfQwTGTLppH8oHZqQtvQCPYwZe4m8ihTsJHFlyVaFqG4cTKG9Pn456rPB gp1AzK59eUrrqqs1/s29SRNugGYLKHIAJwIBrwh7lc0smdfutwgcGlBeGUjchUTrEnH4LEREA8wM RDbbQOTdryE7Uq/+wgsBG9YNilikLUSaZZD+p0ckM8el9OVevSOzY/CDZ1MivMGsaw2VgW7aFofw EjLseIB/hZsLQdCLUnHdPIrHKv4jNxHxyoFkh652UmiIRJi/JfEUoerwvFCJl1lKeEWmGnGaCZKd DxLABJpouBkjnmq6GLNaYvW8VuF9JESwQGyf+SZBEHepZc4I4jB2W2VX/VeEdx1SEuKIV8ElzlUY wXgfiDCK0GGLyPV42mhAnCPiPB6u9qKHQYq4XGgNGMnjQx/t8KAJFu13oQ3JWOYklzscGECAzXQW JG0pIcgSb7UM6QOIZ+FQGjMaTtJMZqz1d4J6X9i5w37blBTcJJjV1wOejJ3Wi6FWtWOCljX+pAZc hZEO+h6gXTaKnqJEqqWlHG1OxwcQ6MGXkKc1BNGom/OlVeYJqZno5071EVYqDygC0YyIil12G0eZ pXkHD8PoJSp93i3WGq0UOnaKW78BOuEJHFnqAziUfnEhfCoG14ZkIV1V36z/UEsJtj5oy2lniVFW bg3guFsub+q2VOEL1DrL1DE72FivtHqyOKBprFbJ6pURguWniqp+8ZlVKKJEToBV/hussKF1NI6r a8G1Dm0TVzRNNnLANpBycpxU8rtdQixNk4T2SttsxXXmXXzMVTyJdMLcVuUC2tysX883z9ziPyp3 hxlmFDXkjEHYnYz0OQPu25jSKf3nj8H+OL9ykqf9ZqXWlwEo6zKeFMdo8RxEcJXflFzIRdOm3zVr U5M4L3fkpynb+27PnxHH78nKxucSAjsuibejT/VE01FFSGmtijmGW+9Fn6mMEtZ9c7iAs48HwWPm EWw+YYc66IAscmnDJha7YJ4cNiq9flemhPU1SVPaap/xSpNs2Nkwq8ks4HTI/Vnu1XdMy4ZVrhpq BKmG3WrI2ika9nv4TZ0yLLmjrWe8UKXS9xefejzwZlX09OGJqvli0deOwtmefb5zBi+LQuvuuVRw rcWNykbScA1xwkQT3tmhXrMiwp/yR6vz4EAxJSsYsNqHAnetal0hMQq02GW2UW1PN+b+Q1TWMIiu DcZFSOLxVRbIZSPhdaZctzrZsMZhn6uExYIbeWEXyCI4IaCQPrCR4bHwpzq8ZagxO+CSCcZGK+kU bGyFqRUC0YAe1yCtO6x6n+BEhDSaKQ4FQRuJ12yDEWn0LEhgUyMNb8Yat42xTk15yN9uKISxjbF/ NiAadYbQjPyYUXg5Q4iTLFIpIeRGkLDLW/44loLWwa6M/RgBotYlpl/QiYyPW8zuqkiGN7ZFK7SZ 0vEsFLzWTaJ/cxrkiQ4zlOLdrT56adtFgqCVLslRWb5xEl/45UqfpAeNbekK7Mwzqpl1CCmwBOKS zpcWO2ollFGhRI58wBlf3m8rNhH+EkqQlEGtUbGUo3KPBfzzi72gIwiJSdh0hDQT5nnSDK8JiJG+ SSMw8EAj2GKDiSgEz2MW4yV3G9Uf46GbVLptEu5BnoK64J51SaRTbzToEnVZRAMFdAO/A+APFfpQ IYYvQp8C4BcMR1KChvRpsPuLEbe2Sh9oT0VsCB80nMSiL8TUHsCKpzzveApjokudeaPfhsY5VFCh qjY6OOoST1HUUbWpNuxj5H3CExv2qcJC58GnVj8G1KoedKpcCA8snjpVol4VqrPYaFqhytWhJnWs UUUkLYDqVq7qIFs8XZtW9fQFd7jGUXCFa1zbSp9RQTWuRA3qYu8KKnUmNrJo1er+p/jwWKTGZneE dauxgjoixtbAryoYLGktJNiRbnava+ssS1grg9SiylGy7WQShkAD2iLItq7dLW9V69vfAje4wh0u cYtr3OMiN7nKXS5zm+vc50I3utKdLnWra93rYje72t0ud7vr3e+CN7ziHS95y2ve86I3vepdL3vb 6973wje+waUHbuVrX+4yAAAAuC9/yXsZ/fY3wOHN734FbOAAEGAAAhjAAAhQ3+M2AMAHDrCCBWBh ARDgAdNNjIQnfN8EXHjBGKbufwvsYfsSwMID4ICGrUvgE9+3wgPAwnUjbGIYw7fCDr4uh2+M4wco eAAlALKCE1ACBmM4yENGspH+SYBkJBOgBCk2gJBJkAAlj7bCKq7yCRIc4gE0eQRAXjCCtTxjIFz5 wmDWk5YXzGUgIPnLUZ5Emxnsjjq/GQgpbnAAzDxnDqRYzTDgQJ3nXAM812DPUfbzJAKtYkfZGMcl uPBBOABiCxtaBBcOAKV9cOkRk+DCgX4zoTft5EejwNIh/nKLxdzmL39hy6u2cJ9nDepJfHrVZ9a0 raOsalvvmgSOnrWhS43hXnN61nlOwbBh7WlbL7jVxm42ppOtaxO8WNIjkPGpTS2CS8+Y29sOsZVV /ABvAyHEmdYxs78cZwu3utZbfveKR6Bres+b3CMYNoPb3OJ3izgBgHa3v4X+TfAQj1Leaq6zrEVN W37Te98Hv3CrXw1wGbd5x/zosLbBzYU2d3vFCFDxx/UtAhkbW+Dfdna6aZ0CGevmAZ/msowzzGIE fPrPIRb4Ax4w7AxjwdEVV3HMZy6CByBAxxq2Acx3IHNB27vak1D4uFHNa6vLu94qQHkAkO7oYDSd xUY/OdSvTuaqax0I2db21UOtbjpbWOAcQPeq/1xhgYtb4WdHMNalTHHX8MDbFL/ruc8+d0wTofBk /sGYQS10wI/c5WS/9ePV6m0dU4LdVO+2ACrt6BUI/ciPrnx4Lo9uhXse3SVmO9xH/OtRT+LCQmD3 61F9eAE43fYyhvfk0y7++luPqvFRhn0NGr90U9v2wk0eguY1Tx/hV93Qzg8+u43/KXD33u8Llmvf TTB9IPgc7FJ/fvP7Pmru7z0jHNc28St8+DMTn+9nd7+55S/kHVS4xSq+9JwNwHsUfB+cPZqZiViQ vZ21eZ+FDRXmyVumtR7NId7kOaAAnp2aFeAFRlsDal+wtd3WxR1qMd34+YC4fd+oxRsC2sP6aZup VZi8hSCGtRoL0pr7NaCGCd/rvZ+YnB4JKB4KwN6rQZvr1Z+Yyd7vOVgPdpnVMSASmgDxBeGsSeAG 1sAQnoDiwRYTSqEGGlz6tVyw9RjrHV3+5WCgRVkRhiG8jWG1FeEOYF/+CybbjMWfo7hhog2gBYqY /xmgg90ePs1h9FGgnsSf5hkbID7a7QkAHqrYIbpZFPpAHLYc7t2Z5KVaHzYiqk3fwHHhHkKFCkqa jpFhF3pctxHAJ76fxyUfvNFghSVd3KnA4A3ZD2Jai2GB03WdD3SfGfqhtZ1g1wXi+LkiD8Le7QXf 0QlBzzFio/VdDraihSnPpP0fMFqiCGJininjCKwd670fDb6hjNFY7LmZAvJanM1YyXUeqpGh7O2O 0iXgiJkgaDmjAKyjHDCgOhph9BUBPYri1c1iYzUgGDgiCr5cBPLgIuJjLjKgxHEhQJIGJ+KYsc3h 7gmA3I1gIsJj733+IBeMmi+KWLTtzqh5ReR1ng4yY+bZWRd2Y9fhogTagEeWAEgexEGy5EZQ2gsu W5k12AtqnAg44vvt4hZyoP3Z30d2Wj/65BRmoM4w5ImxWJ0hZEouJcs1GyWsmtuVHcBUZeOt2FM+ 4+RVpCZOZEXm4w5cJdcxolhiHVaOwNjZotRd4k6mJKqImkwi3u29GVbeozS6JTgOSlJ6GBse4CNm 4q+NnyEuW+Pppd5JG5JBo4qN4s8NQa412CgeYDVGHSTmIy+qWWOqGzkams9lpmQ6XOu52Si22V0C 3zQaJZcRmoIt5oKRJtR5JmOCpkC2ZTL23TViY4iBwWY6im5SJYb+UYKjvdmwveOhBWGmYSK0vdkO aqM9iiaxGeFYAWFc/h60iaI/3qIknp6x2RoCtBh3QqdzIuSynV6kgWHVgSVXbpaWVedg5dxA9l1z 7pvFhRkPAuGarSUHWmF0Cht9rmNO6qR/ooqX1R1/jmdqdqN86qSydZmAiueCZiIVfuF5HlYVwlZq 7aNgZejzUQLSnaQPeGhjfqijJEBjshhXIR15xMiGgp93imjasGiL+twojiiIuiiNulaMshjApOjR eefuIEBjplqI0uiKDlZPOl3CwQdfUqgjXBVtDYmKPthobciUitXUpVoxwlYMINUKdClaYSkSIBVu 4tgTmumZomn+mqrpmrJpm7rpm8JpnMrpnM7pxvkYjBkinerpnvJpn/rpnwJqoKLpmU0o22HBoZ4o oipqojLqojpqo0Lqo3ajpEZqpVLqpVpqpmLqpmpqp3Lqp3pqqILqqCZqioIJkzZpquZCm5Cpqrqq 2pjnq8qqxRTqdUmA57yDfukqAEjGEQCAXRxODPyqCAxrql0AAIRTC0QAshpBsDKBsx4BtBarERTr tOrJsSbrCFgrHuRqtnIrthbGz5AC7RQGAGAG6XSIuSJBsfaCsNqFY7gDuNLAsnqrCrQrE9zrEeTr tspAscJrvDLrCvyrHnTrIRQsQpDCsQbDsQJLhP2TCxRr97D+AL/qD7JaKYdYLA1I7BFsbAyoCsXC AMi+SsZKArZebBqYrJgEbChET64CCwIUDxfYRD5UBDBgjbTUVIec0wlIAFEUgb9+RM+yxWtk7K80 IwrQqw0MLEisgtBiRjDo7NLqQmm8BNycQmnQbNSuwi6Uxr9kw4CEQ/HA669yA81WBNWyUgAAbY9c LWakR8oa7TysQrNgrUicCEVwRS04rdfWyNz2LGbwCbKikYD8rV3s7ZaY7U9wCCo4rTycbdfCTeGW q6uEySdIAAAsg8tmS4Q5BQAsQIQdRo/wavHo17jEwq7u1AboFwMsgLqqrV0Uq+qOrrl2az5hLgzQ K7FmxrD+wiyv5tcC9ADq/oXnsq7rqm1+9YLnBq+uWobqFk/r1sPorg+xMu/x+q7yEgnxQi8KVCvs Iu/vWofFisftmkC1fi/2lgBd2MMCzAT0tq5DWKv5Fo9K5Or5wi/rasQGuC+vqqxdcEDrbi3m9m7y Am/2Pq/xSm81yGt3AIDdcsKybgO/5u6yzgrxiG415BP7jsZJfUHxQO3tdi8QeLDowgSyju/DIm3G xu9O5C4DV43zIAPt2oDqLoN+adDtktTlphENEyvw8kANfGzALusx6PAP8HD5wi7sWixKYG63njD3 KvENM8+xpsPnirA7UbDukkC1+jBG5OoSqy7sdvH/YvH+r5LUsdaF6IJEwPJwEc8w+SrvD6vtRogs JjRUue5U0uZraNzusmoDBGPpn6gD+YpJPoTwEReyKWBufuXJCyTt624xC0/r7JCNioStbKiI8UJy JSst+0JFJvcMXO2HJg9rh2AyJYSw2qqEGVMxI29Wta7yTgXA577xMSAy2STEChNrKIMBwzJQLofy LbfrsvaAjySEFWdxRdyFJw8KKN+Hj9XFyTKCqmhuOFjstpbyjQGyfsDwGkOxFm8zM3iu59aTI6vw 7u7Era6u2ebr+trQMBRYE2urXdwrXbxz8moxCuwrOgvD/NpQfp1AKsuzFqMxOadNtf4LxfpxP6sx xub+cz5TbO2eSDxTRjh78+UeA9buF0aPROvyKs3aMy/A80MTq0l0MyasVJ1s63/ZADZLskNj8glY 9DyD851+8bKqhAu0sC63hDjoatXktPpdwzCQ9LCSa34N9b2CLLlushYjNTW0M01v8grftCaXQCqT dCoNqxV7M0zrclMHbo1Q9ERbs9pdBOZiNDEDgdD+NNmYK1TnMrBgBVN3wklVMyXxL1hf7kuTtUlT UwOXAyqE8EJXxSlkMwpHxkSXyVffkf568ngAcex01lePhzNNtix/xc+is2XvjkBvNsOu8T9hNVhb izGQL2GThid/dURTcSKYclOjNkOHdgP/L9YEFYP+LICHBA0YbOudCPID3xhop+Ay0EXCLXQ4z/TG 7jVwDGsIL3cMO0bAFvcKRFiU0PbrukgpazC/AMAedbMwk8NXNwp4Z7U+SLUWkzcSQzQ/y+t0qzdY g6zqsi5ztwstY/dMjLY4WzICuO60PreY2Pexqm9x+Ot2MzEfU0T0bKvdmjEoqG5fCDi6pms9XO5h 7ALtdnVDW8thOHCEOYY0iGsqe7hb/IzJuuwMD5J8cwWvFsGIp+tOyDdM+IjacThO5deHO2xRzwrr atT44jgcY3Zi1Lgu+7hQ5Ph7j/awmrgvIzk/Owp/a3KEQYP+SjfZvnh554rnTnlu14K1SrlQAPD+ CLRub8huLcQ4V1hxkZ8DkJNAz2oDFYtCGmf5rpprOsywR//qB8N0OehXTt+KruLqVM8KRwD6BbzC yuZuVAeQrrLKBXj0z8TurlIHflu17ba1jlO6rxCYfqWDyMpuNfD0+F56k+v4wa5xrSR5kFc3TC2r fnmOLjz6c7P2rz76R0zrn7u6WO/L5WKF7K5udWw6IVvrAr92KBQ7YcXIT20pz9KCYM0CYmXps5uW CzQVFTkVV/1UCZiCAyPDKcDAtgOHt397s7NAKyyBWZ07XdgUDog7T1gSC+RNuwMMu//PlxKUoTeR vIuWzmD2JsAsYrvDbW0WugPMsrdAJ6UNsqdIlr1nqVxdLMPTzyH8t14FvBQYPJUW/Auo7tE+MDPP qiYQTwEDl5yTgtR+/CWURr3Sas+efF9K80q8fMvL/MzTfM3b/M0HSwgAADs= ------=_NextPart_000_000F_01C72452.7188D6E0-- From owner-namedroppers@ops.ietf.org Wed Dec 20 16:18:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx8pM-0002hg-5k; Wed, 20 Dec 2006 16:18:16 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx8pJ-0007Pb-MB; Wed, 20 Dec 2006 16:18:16 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx8i8-000Atc-Q1 for namedroppers-data@psg.com; Wed, 20 Dec 2006 21:10:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,INFO_TLD autolearn=no version=3.1.7 Received: from [207.219.45.62] (helo=mail.libertyrms.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx8hP-000An6-3G for namedroppers@ops.ietf.org; Wed, 20 Dec 2006 21:10:41 +0000 Received: from roaming4.int.libertyrms.com ([10.1.3.234]) by mail.libertyrms.com with esmtp (Exim 4.22) id 1Gx8hO-0006vW-Ay for namedroppers@ops.ietf.org; Wed, 20 Dec 2006 16:10:02 -0500 Received: by roaming4.int.libertyrms.com (Postfix, from userid 1019) id 48BEC27B1A3; Wed, 20 Dec 2006 16:09:32 -0500 (EST) Date: Wed, 20 Dec 2006 16:09:32 -0500 From: Andrew Sullivan To: namedroppers@ops.ietf.org Subject: Remarks on draft-stjohns-dnssec-sigonly Message-ID: <20061220210932.GW507@afilias.info> Reply-To: Andrew Sullivan MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.12-2006-07-14 X-SA-Exim-Mail-From: andrew@ca.afilias.info X-SA-Exim-Scanned: No; SAEximRunCond expanded to false Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: 1a1bf7677bfe77d8af1ebe0e91045c5b Dear colleagues, At the meeting in San Diego, the chairs asked that the group review draft-stjohns-dnssec-sigonly with a view to deciding whether to adopt it as a workgroup item. While subsequent discussion (see e.g. http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01512.html) makes me suspect that the draft will stick around for a while anyway, I still think it a good idea for the group to make a statement one way or the other. I have read http://tools.ietf.org/html/draft-stjohns-dnssec-sigonly-00 (henceforth referred to as "signonly"). I want to commend the author on a clear, readable document. In spite of my general sympathy for the argument in signonly; my concern, notwithstanding the results of interoperability testing, that NSEC3 is complicated enough that implementers may get it very badly wrong; and my desire for something deployable soon I have reluctantly concluded that the group should not adopt signonly as a working group document. This conclusion is based on two premises. First, the Chairs in San Diego said that they think the NSEC3 documents are completed, and that they'll proceed soon. Second, we have a threat-assessment document that explicitly makes PNE a requirement for DNSSEC. Given that the group has, it seems, nearly reached consensus that NSEC3 is finished, it is easy to make the argument that NSEC3 will be ready for deployment sooner than the alternatives. To the extent that the group is supposed to finish work on a topic and then move on, that means that a no-zone-walking DNSSEC proposal will be available. Even if it is complicated, it satisfies the mandate of the group. If the group suggests that it is going to investigate another implementation, it will undoubtedly cause possible implementors uncertainty. I am aware that this argument finds little sympathy among people who observe, quite rightly, "I've heard that before." One has to declare an end to investigation some time, though, and if the Chairs really think the NSEC3 work is done, I can think of no reason to doubt them. In addition, RFC 3833 is quite clear, in section 2.6, that PNE is indeed one of the tasks of DNSSEC. I happen to think that section is among the weakest of the RFC 3833 (to begin with, every other threat described is one that is present and apprehended, whereas the discussion in section 2.6 is of a hypothetical threat that is presumed bound to emerge in future). Nevertheless, it is a product of the working group. It met the working group's standard for review and rough consensus, and therefore expresses the views of the group. I note that both of these reasons are lousy technical reasons for the decision, but sound political reasons (in the broadest sense of the word "political"). It bothers me some that I can only think of political reasons not to adopt the document, but that is sometimes the cost of working in groups. I now offer some comments on the signonly draft itself. First, I think that signonly is correct in claiming that intermediate validation may be more troublesome than people seem to think, to the point of quite possibly being a very bad idea. I really like the way the proposal allows a very simple upgrade to DNSSEC-bis from SO. To me, if there were a reason to adopt this work, this would be it: start with SO, with -bis optional to implement. That is also a weakness, of course, because it undoubtedly means even more drag on the long-term prospects of DNSSEC-bis implementation. It is probably my own deficiency that I still don't see why some sort of off-tree mechanism could not be added to DNSSEC-bis. In addition, I don't understand why something very similar to draft-laurie- dnssec-key-distribution-02 won't work well enough. While it isn't actually off-tree, it's certainly a way around the apparent requirement that the whole chain from the root needs to be there for DNSSEC to be useful. So while I accept the argument of this draft on the topic of off-tree signatures, I think that the argument may proceed from a faulty premise that only a completely off-tree solution will do. I also don't buy the following claim, in signonly: o Zones must be signed on an "all or nothing" basis. It's impossible to sign just a portion of the data in the zone. DNSSEC-bis could have been made to work this way, as the opt-in proposal (now being advanced as experimental) shows. Since opt-in is included in NSEC3, it is certainly possible to sign just a portion of the data in the zone, at least for some meaning of "sign just a portion." Perhaps I have misunderstood the intent or import of this claim. Best regards, A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada M2P 2A8 jabber: ajsaf@jabber.org +1 416 646 3304 x4110 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 20 17:11:44 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9f6-0004Jy-U6; Wed, 20 Dec 2006 17:11:44 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx9f4-0008RG-EI; Wed, 20 Dec 2006 17:11:44 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx9VP-000FPD-HJ for namedroppers-data@psg.com; Wed, 20 Dec 2006 22:01:43 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx9VE-000FOF-JL for namedroppers@ops.ietf.org; Wed, 20 Dec 2006 22:01:38 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id CCAA95687D; Wed, 20 Dec 2006 14:01:30 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 20 Dec 2006 17:01:28 -0500 To: Andrew Sullivan ,namedroppers@ops.ietf.org From: Mike StJohns Subject: Re: Remarks on draft-stjohns-dnssec-sigonly In-Reply-To: <20061220210932.GW507@afilias.info> References: <20061220210932.GW507@afilias.info> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061220220130.CCAA95687D@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 02ec665d00de228c50c93ed6b5e4fc1a Hi Andrew - Thanks for the thoughtful analysis. With respect to off-tree signatures - a zone admin could add an off-tree pointer at any point in a hierarchy and then you could rely upon the pointer if the validator actually got it. The problem is that without some external flag (in PNE - that's the set of trust anchors) - the resolver doesn't even know the hierarchy should be signed; a simple deletion of the off-tree pointer would put the zone back into unsecure status. If you added this, you'd be basically creating something about half way between PNE and SO - maybe a reasonable idea, but my guess is that it makes the PNE validator even more complex. :-) It would definitely change the security model at least as much as SO does. With respect to the item below and draft-ietf-dnsext-dnssec-opt-in-09.txt: If I'm reading this document correctly, I think my statement still stands (for 4033-4045 for sure and for this document maybe). What the document does is replace a chain of NSEC (delegation here, but no DS) records with a single NSEC (no DS records in the span). The entire namespace of the zone does continue to be signed, but in a summary way. (Of course, you can put other things in the span besides delegations, but as I read the document - that's not the intent. The document is silent on the treatment of other records in the "opt in span". It would be interesting to try and figure out what the proper behavior for a normal, non-delegation (e.g. not NS, not DS, not glue A) record in that space would be - my guess is that anything in the span is subject to a deletion attack. What I meant by partial signing was the ability to sign only one or a few RRSets (e.g. the MX records plus the referred to A records plus the DNSKEY records) - the ones I really might want people to care about - and still have a validly signed zone. I *think* if you did opt in, and did an opt nsec record "zonename nsec zonename" - you *might* get the same behavior? Again, hard to tell as the document really doesn't talk about non-delegation records. Mike At 04:09 PM 12/20/2006, Andrew Sullivan wrote: >I also don't buy the following claim, in signonly: > > o Zones must be signed on an "all or nothing" basis. It's > impossible to sign just a portion of the data in the zone. > >DNSSEC-bis could have been made to work this way, as the opt-in >proposal (now being advanced as experimental) shows. Since opt-in is >included in NSEC3, it is certainly possible to sign just a portion of >the data in the zone, at least for some meaning of "sign just a >portion." Perhaps I have misunderstood the intent or import of this >claim. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 20 17:22:40 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9pg-0000gI-Kh; Wed, 20 Dec 2006 17:22:40 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx9pe-0001zQ-B9; Wed, 20 Dec 2006 17:22:40 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx9kf-000Gsk-0y for namedroppers-data@psg.com; Wed, 20 Dec 2006 22:17:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,INFO_TLD autolearn=no version=3.1.7 Received: from [207.219.45.62] (helo=mail.libertyrms.com) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gx9kc-000GsV-4f for namedroppers@ops.ietf.org; Wed, 20 Dec 2006 22:17:27 +0000 Received: from roaming4.int.libertyrms.com ([10.1.3.234]) by mail.libertyrms.com with esmtp (Exim 4.22) id 1Gx9kb-00012E-7X; Wed, 20 Dec 2006 17:17:25 -0500 Received: by roaming4.int.libertyrms.com (Postfix, from userid 1019) id 210FA27B2F4; Wed, 20 Dec 2006 17:16:55 -0500 (EST) Date: Wed, 20 Dec 2006 17:16:55 -0500 From: Andrew Sullivan To: Mike StJohns Cc: Andrew Sullivan , namedroppers@ops.ietf.org Subject: Re: Remarks on draft-stjohns-dnssec-sigonly Message-ID: <20061220221654.GX507@afilias.info> Reply-To: Andrew Sullivan References: <20061220210932.GW507@afilias.info> <20061220220130.CCAA95687D@shell-ng.nominum.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061220220130.CCAA95687D@shell-ng.nominum.com> User-Agent: Mutt/1.5.12-2006-07-14 X-SA-Exim-Mail-From: andrew@ca.afilias.info X-SA-Exim-Scanned: No; SAEximRunCond expanded to false Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 On Wed, Dec 20, 2006 at 05:01:28PM -0500, Mike StJohns wrote: > With respect to off-tree signatures - a zone admin could add an > off-tree pointer at any point in a hierarchy and then you could rely > upon the pointer if the validator actually got it. The problem is > that without some external flag (in PNE - that's the set of trust > anchors) - the resolver doesn't even know the hierarchy should be > signed; Right. I took the Laurie draft, though, to suggest a mechanism for that distribution, such that the resolver gets the data indirectly. It's not perfect, but it's a bootstrap that I _think_ would work. > (no DS records in the span). The entire namespace of the zone does > continue to be signed, but in a summary way. (Of course, you can put Right, ok, then something else _was_ what you meant. I think the practical difference isn't that big, but you're strictly right that it's still impossible to do partial signing. A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada M2P 2A8 jabber: ajsaf@jabber.org +1 416 646 3304 x4110 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Wed Dec 20 18:31:42 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxAsd-0008Uw-7M; Wed, 20 Dec 2006 18:29:47 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxAom-0005uR-40; Wed, 20 Dec 2006 18:25:53 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxAj4-000LKK-SW for namedroppers-data@psg.com; Wed, 20 Dec 2006 23:19:54 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.248.199.24] (helo=mx4.nominet.org.uk) by psg.com with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxAiw-000LIv-96 for namedroppers@ops.ietf.org; Wed, 20 Dec 2006 23:19:52 +0000 Received: from unknown (HELO notes1.nominet.org.uk) ([213.248.197.128]) by mx4.nominet.org.uk with ESMTP; 20 Dec 2006 23:19:44 +0000 X-IronPort-AV: i="4.12,193,1165190400"; d="scan'208"; a="5929508:sNHT78452244" In-Reply-To: <20061220220130.CCAA95687D@shell-ng.nominum.com> To: Mike StJohns Cc: Andrew Sullivan , namedroppers@ops.ietf.org Subject: Re: Remarks on draft-stjohns-dnssec-sigonly MIME-Version: 1.0 X-Mailer: Lotus Notes Build V702MAC_11052006 November 05, 2006 Message-ID: From: Roy Arends Date: Thu, 21 Dec 2006 00:19:42 +0100 X-MIMETrack: Serialize by Router on notes1/Nominet(Release 7.0.1FP1 | May 25, 2006) at 20/12/2006 11:19:43 PM, Serialize complete at 20/12/2006 11:19:43 PM Content-Type: text/plain; charset="US-ASCII" Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1 MSJ wrote on 12/20/2006 11:01:28 PM: > With respect to the item below and > draft-ietf-dnsext-dnssec-opt-in-09.txt: If I'm reading this document > correctly, I think my statement still stands (for 4033-4045 for sure > and for this document maybe). What the document does is replace a > chain of NSEC (delegation here, but no DS) records with a single NSEC > (no DS records in the span). The entire namespace of the zone does > continue to be signed, but in a summary way. (Of course, you can put > other things in the span besides delegations, but as I read the > document - that's not the intent. That's indeed not the intent. > The document is silent on the treatment of other records in the "opt in span". From http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-opt-in-09.txt 4.1.1. Delegations Only This specification dictates that only insecure delegations may exist between the owner and "next" names of an Opt-In tagged NSEC record. Signing tools MUST NOT generate signed zones that violate this restriction. Servers MUST refuse to load and/or serve zones that violate this restriction. Servers also MUST reject AXFR or IXFR responses that violate this restriction. Regards, Roy Arends Nominet UK -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From liamsarge@main.vectorsystems.com Thu Dec 21 05:14:25 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxKwT-00080y-Qp for dnsext-archive@lists.ietf.org; Thu, 21 Dec 2006 05:14:25 -0500 Received: from [217.5.252.130] (helo=lackierung) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1GxKwP-0003rH-3I for dnsext-archive@lists.ietf.org; Thu, 21 Dec 2006 05:14:23 -0500 Content-Class: urn:content-classes:message To: "joyann dore" From: "sandy donal" Date: Thu, 21 Dec 2006 11:17:26 +0100 Sender: "sandy donal" Subject: FW: MIME-Version: 1.0 Message-ID: <862c601c724e9$369ff120$eec0500a@deop1991.autoconnect.de> Content-Type: multipart/alternative; boundary="----=_NextPart_000_85E70_01C724F1.85A79860" X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-Spam-Score: 3.1 (+++) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d This is a multi-part message in MIME format. ------=_NextPart_000_85E70_01C724F1.85A79860 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Spending time in thoughts how to earn money? STOP LOOSING THEM is the right way! You have been chosen to participate in an invitation only limited time event! Are you currently paying too much for your mortgage? STOP! We can help you lower that today! Are you ready to save your money? http://rengatr.com/re/ ------=_NextPart_000_85E70_01C724F1.85A79860 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Spending time in thoughts how to earn money? STOP LOOSING THEM is the = right way!
You have been chosen to participate in an invitation only limited time = event!
Are you currently paying too much for your mortgage? STOP! We can help = you lower that today!
Are you ready to save your money?
http://rengatr.com/re/ ------=_NextPart_000_85E70_01C724F1.85A79860-- From owner-namedroppers@ops.ietf.org Thu Dec 21 11:09:52 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxQUS-0007ek-9K; Thu, 21 Dec 2006 11:09:52 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxQUQ-0005Gu-QQ; Thu, 21 Dec 2006 11:09:52 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxQJH-000N8M-L9 for namedroppers-data@psg.com; Thu, 21 Dec 2006 15:58:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxQJA-000N7b-Ep for namedroppers@ops.ietf.org; Thu, 21 Dec 2006 15:58:17 +0000 Received: from [127.0.0.1] (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kBLFvjdR084187; Thu, 21 Dec 2006 16:57:46 +0100 (CET) (envelope-from olaf@NLnetLabs.nl) Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-36--569099667" Message-Id: <12F68E9D-F356-49BC-B3FC-B91F55060E8D@NLnetLabs.nl> Cc: IETF DNSEXT WG , dnsext-ads@tools.ietf.org, Howard Eland , Mundy Russ , Steve Crocker , Suresh Krishnaswamy Content-Transfer-Encoding: 7bit From: "Olaf M. Kolkman" Subject: Publication request draft-ietf-dnsext-rollover-requirements-04 Date: Thu, 21 Dec 2006 16:57:40 +0100 To: iesg-secretary@ietf.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 1.1 (+) X-Scan-Signature: cdb443e3957ca9b4c5b55e78cfcf4b26 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-36--569099667 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Dear colleagues, Title : Requirements related to DNSSEC Trust Anchor Rollover Author(s) : Eland, Mundy, Crocker, Krishnaswamy Filename : draft-ietf-dnsext-rollover-requirements-04 Date : November 27, 2006 Document shepherd: Olaf Kolkman This is a request to publish the document as informational. This draft relates to draft-ietf-dnsext-trustupdate-timers-04 and we think these two documents should be treated together. 1) Have the chairs personally reviewed this version of the ID and do they believe this ID is sufficiently baked to forward to the IESG for publication? The shepherding chair (Olaf) has reviewed the document. And believes the document is ready for IESG submission. 2) Has the document had adequate review from both key WG members and key non-WG members? Do you have any concerns about the depth or breadth of the reviews that have been performed? There has been an active core of WG members involved in creating this document. The document has been reviewed and explicitly supported by: - Scott Rose http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01280.html - Wouter Wijngaards http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01294.html - Char Sample http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01307.html - Andrew Sullivan http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01306.html - Wesley Griffin http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01372.html - Lindy Foster http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01309.html Two people have raised their concerns: - Bill Manning http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01315.html Who argues that the document does not meet his perception of key-roll but does not provide technical arguments even when asked for. - Thierry Moreau His arguments are summarized in http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01327.html and references therein. The issues raised by Mr Moreau * Lack of a security model for automated trust anchor rollover * And WG process of intellectual property issue * Work is beyond the charter of the group The chairs are of the opinion that these arguments are mostly of procedural nature. Note has been taken that 3 folk from the above list are from Sparta and two of those are not regular contributers to DNSEXT. In addition there have been responses in the same thread (applying the requirements to draft-ietf-dnsext-trustupdate-timers) which indicate that people who have not explicitly supported the draft have read it. We have confidence that support is the consensus position. 3) Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational complexity, someone familiar with AAA, etc.)? We think a review by security folk would not hurt, but see below 4) Do you have any specific concerns/issues with this document that you believe the ADs and/or IESG should be aware of? For example, perhaps you are uncomfortable with certain parts of the document, or whether there really is a need for it, etc., but at the same time these issues have been discussed in the WG and the WG has indicated it wishes to advance the document anyway. See question 2). 5) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? See question 2) 6) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize what are they upset about. Mr Moreau has shown discontent, also see question 2). A relevant data point may be that Mr. Moreau was not satisfied with the agenda of the Montreal meeting where these items were discussed. 7) Have the chairs verified that the document adheres to _all_ of the ID nits? (see http://www.ietf.org/ID-nits.html). 8) For Standards Track and BCP documents, the IESG approval announcement includes a writeup section with the following sections: - Technical Summary - Working Group Summary - Protocol Quality Summary. This document provides a number or "requirements" for key-rollover in a DNSSEC operational environment. DNSSEC has been designed in such a way that zone operators can roll their key-signin key, when those key-signing keys are configured as trust anchors in remote resolvers those resolvers should automatically adapt to these changes. This document sets out the requirements that must be met by a DNS trust-anchor rollover solution for DNSSEC aware resolvers. As described in section 1 and 2, this document is intended to capture the various requirements and use those in making a trade-off between the various proposals that were available to the group. These requirements acted as "goals". With the selection of draft-ietf-dnsext-trustupdate-timers this document has no further relevance. It is requested to be published as informational. ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ --Apple-Mail-36--569099667 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: This message is locally signed. iD8DBQFFiq71tN/ca3YJIocRAhVkAKCYVzyuVH0fUEljNc41HIBBrlLGfgCfaIAS FSp6egeUZyhxQAcqkxbJlMs= =MYdy -----END PGP SIGNATURE----- --Apple-Mail-36--569099667-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From owner-namedroppers@ops.ietf.org Thu Dec 21 11:10:03 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxQUd-0007mk-JZ; Thu, 21 Dec 2006 11:10:03 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxQUb-0005Hx-2N; Thu, 21 Dec 2006 11:10:03 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxQJW-000N9S-OH for namedroppers-data@psg.com; Thu, 21 Dec 2006 15:58:34 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [213.154.224.1] (helo=open.nlnetlabs.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GxQJL-000N8b-V6 for namedroppers@ops.ietf.org; Thu, 21 Dec 2006 15:58:29 +0000 Received: from [127.0.0.1] (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]) by open.nlnetlabs.nl (8.13.8/8.13.8) with ESMTP id kBLFvjdS084187; Thu, 21 Dec 2006 16:57:53 +0100 (CET) (envelope-from olaf@NLnetLabs.nl) Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-37--569097658" Message-Id: <6BFBBA38-9313-4BB2-AED1-34FA435AB7AE@NLnetLabs.nl> Cc: IETF DNSEXT WG , dnsext-ads@tools.ietf.org, Mike StJohns Content-Transfer-Encoding: 7bit From: "Olaf M. Kolkman" Subject: Publication request raft-ietf-dnsext-trustupdate-timers-05 Date: Thu, 21 Dec 2006 16:57:42 +0100 To: iesg-secretary@ietf.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.0 (/) X-Scan-Signature: 850245b51c39701e2700a112f3032caa This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-37--569097658 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Title : Requirements related to DNSSEC Trust Anchor Rollover Author(s) : M. StJohns Filename : draft-ietf-dnsext-trustupdate-timers-05 Date : November 29, 2006 Document shepherd: Olaf Kolkman This is a request to publish the document on the standards track This draft relates to draft-ietf-dnsext-rollover-requirements and we think these two documents should be treated together. 1) Have the chairs personally reviewed this version of the ID and do they believe this ID is sufficiently baked to forward to the IESG for publication? There are no nits according to idnits 1.108 (via tools.ietf.org). One could argue that DNSSEC terminology should have been expanded at first use, the chairs thinks this is not needed. 2) Has the document had adequate review from both key WG members and key non-WG members? Do you have any concerns about the depth or breadth of the reviews that have been performed? Yes during last-call this document has been reviewed in depth by (at least) the following people. - Wouter Wijngaards http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01270.html - Sam Weiler http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01357.html - Scott Rose http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01280.html - Andrew Sullivan http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01306.html - Wesley Griffin http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01372.html - Robert Story http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01373.html - Suresh Krishnaswamy http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01311.html At an earlier phase the document has been reviewed by Eric Rescorla. http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01026.html (Eric brought up a number of issues which were argued to be operational issues concerning key handling and not relevant to the protocol described in the draft.) Reviewers have compared the properties of this rollover mechanism with the goals as set in the rollover-requirements draft. The reviewers are satisfied that the threshold-timers document satisfies (see section 5 of draft-ietf-dnsext-rollover-requirements) 1. Scalability 3. General Applicability 4. Support Private Networks 7. Planned and Unplanned Rollovers 8. Timeliness 10. New RR Types (unclear requirement, but no new RR type needed) 11. Support for Trust Anchor Maintenance Operations (accomplishes replace w/ separate add/delete) 12. Recovery From Compromise 13. Non-degrading Trust There have been ('non-blocking') comments about: 5. Stale Trust Anchor Detection Depending on how many revoked DNSKEYs are in the RRset 6. Manual Operations From the resolver point of view the operations may be difficult to perform manually, on the zone-owner side manual operations is not a problem. 9. High Availability In particular the amount of revoked DNSKEYs could increase the size of the DNSKEY RRset to 2. No Intellectual Property Encumbrance Folk have been reluctant to comment on the status of the IPR claims more about this at 4) below. 3) Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational complexity, someone familiar with AAA, etc.)? We think this document has had sufficient review, also from security savvy reviewers, on the other hand a final review will never hurt. 4) Do you have any specific concerns/issues with this document that you believe the ADs and/or IESG should be aware of? For example, perhaps you are uncomfortable with certain parts of the document, or whether there really is a need for it, etc., but at the same time these issues have been discussed in the WG and the WG has indicated it wishes to advance the document anyway. The rollover-requirements draft states that the preferred solution should not be IPR encumbered. Mr. Moreau claims that a patent applies (see http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01283.html) The editor does not agree with this statement. We do not know if Mr. Moreau followed the instructions in 6.1.3 of BCP79. Besides, Diversinet claimed IPR (see https://datatracker.ietf.org/public/ipr_search.cgi? option=document_search&document_search=ietf-dnsext-trustupdate-timers) It should also be noted that there were a number of proposals from which this particular draft was selected. This included draft-ietf-dnsext-trustupdate-threshold (covered by the same Diversinet IPR claim) and draft-moreau-dnsext-takrem-dns-02.txt (see https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=639). The draft-moreau-dnsext-takrem-dns-02 draft was published with a non-derivative clause. The working group has been made aware of the IPR claims and they were not subject to further discussion about applicability. 5) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The selection for this particular proposal was done during the face-2-face meeting in Montreal and met wide consensus. This consensus was confirmed on-list. Also during the last call there were several folk that supported this document explicitly. 6) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize what are they upset about. Mr. Moreau has indicated that he would abtain from providing input on this draft because he is not satisfied with the requirements draft. (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01327.html). He has not threatened with an appeal. 7) Have the chairs verified that the document adheres to _all_ of the ID nits? (see http://www.ietf.org/ID-nits.html). Yes. 8) For Standards Track and BCP documents, the IESG approval announcement includes a writeup section with the following sections: - Technical Summary The document describes a means for automatically updating public keys that are configured in DNSSEC aware resolvers. New trust-anchors are configured when signatures over them can be validated using the previous trust-anchors. By introducing explicit revocation and a delay mechanism the chances of an attacker introducing a mala fide trust-anchor after a key compromise are mitigated, albeit not solved. - Working Group Summary There is a broad consensus that this solution provides a workable key-rollover. The working group is aware IPR issues. - Protocol Quality There are no implementations yet. The chairs are aware of at least 1 and maybe 2 independent organizations that plan on implementing. At least one implementer has done in-depth review during last call. The chairs are of the opinion that after implementations are written there is probably millage in documenting operational experiences. ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ --Apple-Mail-37--569097658 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: This message is locally signed. iD8DBQFFiq73tN/ca3YJIocRAofZAKCZUTHoziV+rEiA+2JXM3GNMruMhgCg55gJ eOqU5s0aK3PgTBMwXtxR7UQ= =do4u -----END PGP SIGNATURE----- --Apple-Mail-37--569097658-- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From rxgvzddpmi@burnet.ru Fri Dec 22 04:22:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxgcA-0006ZA-J2 for dnsext-archive@ietf.org; Fri, 22 Dec 2006 04:22:54 -0500 Received: from ws-85-110.burnet.ru ([212.0.85.110]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gxgc8-0000JL-VB for dnsext-archive@ietf.org; Fri, 22 Dec 2006 04:22:54 -0500 From: "proofs film" To: dnsext-archive@ietf.org Subject: commercial terms Date: Fri, 22 Dec 2006 17:22:48 -0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0004_01C725ED.CD2661B0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Accl7c0mA5v4AzLhQkScUV67NcDDXw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <6B0A04F257EBE93.8D3EC35A6B@burnet.ru> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0004_01C725ED.CD2661B0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0004_01C725ED.CD2661B0-- From ououoxmfqva@burnet.ru Fri Dec 22 04:22:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxgcA-0006aL-NL for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 04:22:54 -0500 Received: from ws-85-110.burnet.ru ([212.0.85.110]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gxgc8-0000JQ-VP for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 04:22:54 -0500 From: "Discover potential" To: dnsext-archive@lists.ietf.org Subject: AOL relaunch Date: Fri, 22 Dec 2006 17:22:49 -0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0005_01C725ED.CDA3CF10" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Accl7c2jdOc1zVs6TD6Iv9ZxsV7zMg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: X-Spam-Score: 3.7 (+++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0005_01C725ED.CDA3CF10 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0005_01C725ED.CDA3CF10-- From tonesplanet.com@kerosoates.com Fri Dec 22 05:29:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxheD-0002Qy-T9 for dnsext-archive@ietf.org; Fri, 22 Dec 2006 05:29:06 -0500 Received: from [149.135.118.5] (helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gxhe6-0001F6-MJ for dnsext-archive@ietf.org; Fri, 22 Dec 2006 05:29:05 -0500 Message-ID: <000001c725b3$c7836800$0100007f@localhost> From: "Brayden Harris" To: Subject: Corel Draw Date: Fri, 22 Dec 2006 21:28:22 +1100 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3610 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.100 X-Spam-Score: 1.2 (+) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c T0P 1O ITEMS N0W! $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $99 Macromedia Studio 8 $59 Adobe Premiere 2.0 $69 QuickBooks 2006 Prem. $59 Corel Grafix Suite X3 $59 Adobe Illustrator CS2 $129 Autodesk Autocad 2007 $149 Adobe Creative Suite 2 http://kusok-oema.com/?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t0 See more by this manufacturers: Microsoft....Mac....Adobe Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://kusok-oema.com/2442.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t1 Sales Rank: #1 (98584 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://kusok-oema.com/2441.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t2 Top-ranked item. (22761 reviews) Macromedia Studio 8 Retail price: $999.00 Proposition: $99.95 Your benefit: $899.05 (90%) Availability: Can be downloaded INSTANTLY. http://kusok-oema.com/2348.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t3 Best choice for professional. (46862 reviews) From dmtlubb@rima-tde.net Fri Dec 22 07:09:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxjCw-0003hM-FO for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 07:09:02 -0500 Received: from 50.red-83-37-15.dynamicip.rima-tde.net ([83.37.15.50]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxjCu-0001XI-Qb for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 07:09:02 -0500 From: "Spain.A shelf" To: dnsext-archive@lists.ietf.org Subject: AOL relaunch Date: Fri, 22 Dec 2006 13:09:01 -0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0005_01C725CA.594787B0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcclyllH3ff1ByiES0eryFlkCGmUog== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: X-Spam-Score: 3.9 (+++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0005_01C725CA.594787B0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0005_01C725CA.594787B0-- From kqvxsrdtca@rima-tde.net Fri Dec 22 07:09:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxjCw-0003hY-Io for dnsext-archive@ietf.org; Fri, 22 Dec 2006 07:09:02 -0500 Received: from 50.red-83-37-15.dynamicip.rima-tde.net ([83.37.15.50]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxjCu-0001XH-HG for dnsext-archive@ietf.org; Fri, 22 Dec 2006 07:09:02 -0500 From: "Relations" To: dnsext-archive@ietf.org Subject: Status Meeting Date: Fri, 22 Dec 2006 13:09:01 -0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0003_01C725CA.592AFF00" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Acclylkqo9eMeoOTTVqctZR8mgQr6w== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: X-Spam-Score: 3.9 (+++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0003_01C725CA.592AFF00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0003_01C725CA.592AFF00-- From musogimrv@cniweb.net Fri Dec 22 12:58:48 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxofQ-0001Ig-8Z for dnsext-archive@ietf.org; Fri, 22 Dec 2006 12:58:48 -0500 Received: from [88.222.114.89] (helo=[88.222.114.89]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxofO-0001Rl-T7 for dnsext-archive@ietf.org; Fri, 22 Dec 2006 12:58:48 -0500 From: "had Thats" To: dnsext-archive@ietf.org Subject: commercial terms Date: Tue, 8 Jan 2002 02:05:57 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0002_01C197E9.03233E20" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcGX6QMjVpvEGkCrR82dM5lTF2zEKg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <249C9F0D8E08849.0E58AC6F93@cniweb.net> X-Spam-Score: 2.3 (++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0002_01C197E9.03233E20 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0002_01C197E9.03233E20-- From rqgsgaz@coslina.com Fri Dec 22 12:58:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GxofZ-0001Iy-9n for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 12:58:57 -0500 Received: from [88.222.114.89] (helo=[88.222.114.89]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GxofX-0001Rm-Tw for dnsext-archive@lists.ietf.org; Fri, 22 Dec 2006 12:58:57 -0500 From: "must reform" To: dnsext-archive@lists.ietf.org Subject: Billing Plan Date: Tue, 8 Jan 2002 02:05:58 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C197E9.034963C0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcGX6QNJZdcvrW3/S7yuUC+ZXGjIIw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <3730E91A7BA3470.49CBD3FAFC@coslina.com> X-Spam-Score: 2.3 (++) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 ------=_NextPart_000_0001_01C197E9.034963C0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
TTEN Continues Explosive=20 Growth
 
TTEN *** TTEN *** = TTEN
TTEN - Ten=20 & 10, Inc.
 
Current Price:=20 08
Short Term Target: .50
 
TTEN recently = announced a key=20 development which will enable them to provide Value Added Services to = the=20 55 million wireless subscribers of ChinaMobile's = Guangzhou=20 Division through its joint venture with IEC. China Mobile is the = largest=20 telecommunications provider in China, and the largest among all = the=20 overseas listed Chinese companies on the Hong Kong and NewYork Stock=20 Exchanges.
 
TTEN is made up of 4 = operating=20 subsidiaries:
 
          &nbs= p; Tech=20 10: WIFI and=20 WiMAX
          &nbs= p;=20 Mobile 10: Music and mobile entertainment delivered via Internet, G3,=20 etc
           = Dream=20 Learning Center: Digital Media Learning=20 products
          &= nbsp;=20 Ten & 10 Network: Sales and marketing
 
Telecommunications is globally a = TRILLION dollar=20 industry.
 
TTEN could see explosive = growth as a=20 newly trading company - 500%-1000% is not = uncommon.
 
 
Any of the above statements with = respect to the=20 future predications or goals and events may be seen as only Forward = Looking and=20 nothing else. All information inside this email pertaining to any sort = of=20 financial advice needs to be understood as information and not advice. = None of=20 the information above can be constructed as any sort of financial = advice. This=20 is a paid advertisement.
------=_NextPart_000_0001_01C197E9.034963C0-- From gfbagcdb@cardinal-broadcast.com Sat Dec 23 22:58:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GyKVR-0007Oi-TH; Sat, 23 Dec 2006 22:58:37 -0500 Received: from [219.250.255.226] (helo=smtp2.mail.ascio.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GyKVQ-00034I-9f; Sat, 23 Dec 2006 22:58:37 -0500 From: Quotes.com Alert! To: Subject: Mery Christmas! Go NNYG first day after Xmas! Date: Sun, 24 Dec 2006 04:05:24 -0540 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4025 Encoding: 1 TEXT X-Spam-Score: 4.8 (++++) X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25 Get NNYG First Thing After Christmas. This Is Going To Explode! Check out for HOT NEWS!!! The alert is ON!! Northamerican Energy Group Corp. (NNYG.PK) CURRENT_PRICE: $0.024 GET IT N0W! TARGET PRICE IN 1 WEEK: 0.09$ Please use your brokerage site to read the full news on this exciting company. It is your unique chance to double or triple your investment in 1 week. Go NNYG! From stocknews@traceablecreations.com Sun Dec 24 08:04:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GyT29-0001Av-MV; Sun, 24 Dec 2006 08:04:57 -0500 Received: from co705244-b.almel1.ov.home.nl ([82.72.231.233]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GyT27-00023d-MV; Sun, 24 Dec 2006 08:04:57 -0500 Received: from 66.98.156.80 (HELO traceablecreations.com) by lists.ietf.org with esmtp (@A8GGK)*R 8G/,<') id +-X*.U-Z<:B).-E+ for dnsext-archive@lists.ietf.org; Sun, 24 Dec 2006 12:54:20 -0060 Message-ID: <01c7275a$a0de4690$6c822ecf@stocknews> From: Otcbb Alert! To: Subject: Check NNYG. It is going to explode after Xmas! Date: Sun, 24 Dec 2006 12:54:20 -0060 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="us-ascii"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3338.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3338.1 X-Spam-Score: 2.9 (++) X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c Get NNYG First Thing After Christmas. This Is Going To Explode! Check out for HOT NEWS!!! The alert is ON!! Northamerican Energy Group Corp. (NNYG.PK) CURRENT_PRICE: $0.024 GET IT N0W! TARGET PRICE IN 1 WEEK: 0.09$ Please use your brokerage site to read the full news on this exciting company. It is your unique chance to double or triple your investment in 1 week. Go NNYG now! From yrhlkspqvo@circlesquared.com Sun Dec 24 19:52:55 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gye5H-0002nT-VA for dnsext-archive@ietf.org; Sun, 24 Dec 2006 19:52:55 -0500 Received: from [203.177.220.227] (helo=[203.177.220.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gye5G-0003HU-GD for dnsext-archive@ietf.org; Sun, 24 Dec 2006 19:52:55 -0500 From: "Date: Number" To: dnsext-archive@ietf.org Subject: New Products Date: Mon, 25 Dec 2006 09:04:11 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0004_01C72803.A469AB70" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccoA6RpFUYXgB/8Rfurx5+2ec98Ig== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <4984BA11DCFEEBF.DF23B01161@circlesquared.com> X-Spam-Score: 1.3 (+) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 ------=_NextPart_000_0004_01C72803.A469AB70 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Michael says: GCME Huge News Release Expected Before Years = End!=20
 
Ring In The New Year With Cash!
 
GCME is fast becoming a major player in the = foreign film=20 market. With continuing mergers and joint ventures with the industries = most=20 influential corporations.
 
Company: Greater China Media & Entertainment=20 Corp.
Symbol: GCME
Price:=20 $0.70
Status: BUY ALERT
5 Day = Target:=20 $1.45
 
Right now it is at $0.70. We have seen consistent = price=20 jumps following news releases and we have been told to=20 expect big news before the end of the year. Look at the = price=20 patterns, see the spikes and the steady climb for yourself. Now is = the time,=20 grab GCME first thing Tuesday=20 Morning.
 ------=_NextPart_000_0004_01C72803.A469AB70-- From wthxvrme@bigone.com Sun Dec 24 19:53:00 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gye5M-0002q1-0i for dnsext-archive@lists.ietf.org; Sun, 24 Dec 2006 19:53:00 -0500 Received: from [203.177.220.227] (helo=[203.177.220.227]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gye5I-00070V-Fb for dnsext-archive@lists.ietf.org; Sun, 24 Dec 2006 19:52:57 -0500 From: "release. This" To: dnsext-archive@lists.ietf.org Subject: Support email Date: Mon, 25 Dec 2006 09:04:12 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C72803.A51024A0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccoA6UQ94ZPgmwhTASkubdEpscaQQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: X-Spam-Score: 1.3 (+) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 ------=_NextPart_000_0001_01C72803.A51024A0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Michael says: GCME Huge News Release Expected Before Years = End!=20
 
Ring In The New Year With Cash!
 
GCME is fast becoming a major player in the = foreign film=20 market. With continuing mergers and joint ventures with the industries = most=20 influential corporations.
 
Company: Greater China Media & Entertainment=20 Corp.
Symbol: GCME
Price:=20 $0.70
Status: BUY ALERT
5 Day = Target:=20 $1.45
 
Right now it is at $0.70. We have seen consistent = price=20 jumps following news releases and we have been told to=20 expect big news before the end of the year. Look at the = price=20 patterns, see the spikes and the steady climb for yourself. Now is = the time,=20 grab GCME first thing Tuesday=20 Morning.
 ------=_NextPart_000_0001_01C72803.A51024A0-- From apache@19hour.info Mon Dec 25 09:38:16 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyqy0-0001bH-Tc for dnsext-archive@lists.ietf.org; Mon, 25 Dec 2006 09:38:16 -0500 Received: from [203.82.20.8] (helo=19hour.info) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gyqus-0006es-Kj for dnsext-archive@lists.ietf.org; Mon, 25 Dec 2006 09:35:04 -0500 Received: by 19hour.info (Postfix, from userid 48) id 847F21D2F16; Mon, 25 Dec 2006 22:34:45 +0800 (PHT) From: info@19hour.info Subject: =?ISO-2022-JP?B?GyRCIVolYSE8JWskLEZPJCQkRiQkJF4kOSFbGyhC?= To: dnsext-archive@lists.ietf.org Message-Id: <20061225143445.847F21D2F16@19hour.info> Date: Mon, 25 Dec 2006 22:34:45 +0800 (PHT) X-Spam-Score: 3.1 (+++) X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248 [$BLZ2$NJ}$O"-$^$G(B refusal@ok.kz$B$^$G(B [1225][m03] From owner-namedroppers@ops.ietf.org Mon Dec 25 17:07:47 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gyxz1-0008Sy-Ps; Mon, 25 Dec 2006 17:07:47 -0500 Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gyxyz-0007XR-BW; Mon, 25 Dec 2006 17:07:47 -0500 Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gyxnn-000Gy3-7n for namedroppers-data@psg.com; Mon, 25 Dec 2006 21:56:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [81.200.64.181] (helo=shell-ng.nominum.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Gyxnj-000Gxh-KN for namedroppers@ops.ietf.org; Mon, 25 Dec 2006 21:56:08 +0000 Received: from STJOHNS-LAPTOP.nominum.com (shell-ng.nominum.com [81.200.64.181]) by shell-ng.nominum.com (Postfix) with ESMTP id D6EB656837; Mon, 25 Dec 2006 13:56:04 -0800 (PST) (envelope-from Mike.StJohns@nominum.com) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 25 Dec 2006 16:56:03 -0500 To: Roy Arends From: Mike StJohns Subject: Remarks on opt-in-09, was Re: Remarks on draft-stjohns-dnssec-sigonly Cc: Andrew Sullivan ,namedroppers@ops.ietf.org In-Reply-To: References: <20061220220130.CCAA95687D@shell-ng.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20061225215604.D6EB656837@shell-ng.nominum.com> Sender: owner-namedroppers@ops.ietf.org Precedence: bulk X-Spam-Score: 0.5 (/) X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8 Sorry - I missed this section on a quick read-through, but the section isn't sufficient. At 06:19 PM 12/20/2006, Roy Arends wrote: > > The document is silent on the treatment of other records in the "opt in >span". > > >From >http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-opt-in-09.txt > >4.1.1. Delegations Only > > This specification dictates that only insecure delegations may exist > between the owner and "next" names of an Opt-In tagged NSEC record. > Signing tools MUST NOT generate signed zones that violate this > restriction. Servers MUST refuse to load and/or serve zones that > violate this restriction. Servers also MUST reject AXFR or IXFR > responses that violate this restriction. There's a number of problems with the way this is stated. Zones aren't actually signed - records are. Zones aren't necessarily loaded monolithically. For example, as I understand IXFR - you might not actually get all the right records during a given interaction to ensure this restriction is maintained. The originating zone may maintain this set of restrictions, but the IXFR transaction isn't atomic to the zone so the receiving zone might only get part of the information (e.g. a new record is added to the gap, but the deletion of the optin NSEC isn't included in that specific transaction, or the optin NSEC is deleted before the addition of the in-the-gap records.) And finally, people aren't protocol elements and may build zones by hand by adding records one at a time rather than loading the zone in its entirety. What you really need to do here is state the behavior of the resolver, not of the server. Consider a zone with opt-in with multiple servers using IXFR. Consider a range in the zone from "optedout" to "pzone" with an opt-out nsec Zone owner adds an A record "optedoutnew" to the zone at the master and re-writes the NSEC records (So for some period of time the master and the secondaries are out of sync) Depending on when a client asks the question, the client can be told that the answer doesn't exist (old optin NSEC), that it does exist (signed A record), or that it should exist but doesn't (new NSECs but no signed data). It gets worse. Say the client has the signed optedoutnew in its cache. It now asks for "optedoutagain" and because of the vagaries of how DNS works ends up getting the old optin record (from a secondary with the original data) which says that "optedout" to "pzone" was empty - - but that conflicts with the cached signed optedoutnew. What does the a caching name server with this data do when asked a question in this space? If there's a covering non-existence NSEC, does a caching resolver even attempt to retrieve data in the covered non-existence arc? One possible solution is something like: a) All data gets cached for its TTL b) In the conflict between validated existing data and non-existence proofs, the existing data is considered valid. c) Validated existing data without related NSEC records is considered valid only for the specific RR type. d) non-existence is only cached for a specific type and name queried and refers back to the NSEC - but the presence of the NSEC is never considered as negative caching for any other covered names. (E.g. if you got a covering NSEC for asking about "foo" that also covers "bar", you still attempt to query for "bar" - each are negatively cached separately). or something like this. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: From Jillian'snews@abarr.net Mon Dec 25 23:01:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gz3V1-0005eY-KN for dnsext-archive@ietf.org; Mon, 25 Dec 2006 23:01:11 -0500 Received: from cpe-65-29-188-195.wi.res.rr.com ([65.29.188.195] helo=8kut4oc066wfg44.wi.rr.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gz3V0-0000LD-1q for dnsext-archive@ietf.org; Mon, 25 Dec 2006 23:01:11 -0500 Received: from 68.142.224.244 (HELO mx5.biz.mail.yahoo.com) by ietf.org with esmtp ((Y37@1MR+*19 JKCWH) id 0,<155-2B'FVN-,A for dnsext-archive@ietf.org; Tue, 26 Dec 2006 04:01:08 +0360 From: "Reba Guerrero" To: Subject: Reba Date: Tue, 26 Dec 2006 04:01:08 +0360 Message-ID: <01c728a2$792a5960$6c822ecf@Jillian'snews> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Thread-Index: Aca6QW0.(8/5V1E/5M0<7N:@?-8L08== X-Spam-Score: 1.8 (+) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f 2005 was the year of the oil company with many of these companies posting record profits. 2006 has been the year of alternative fuels with companies involved in this sector blowing off the charts. This trend shows no signs of abating. Our next feature is right in the thick of the high-growth alternative energy sector and they are doing incredible things. AlgoDyne Ethanol Energy Symbol: ADYN Current Price: $1.30 Short Term Target: $3.50 Long Term Projected: $10.00 It doesn't take a genius to know why alternative energy is such a high-growth area right now. Smart traders know how to watch global trends and seize the moment. AlgoDyne is where it's at. AlgoDyne has developed a turnkey solution in their proprietary micro-algae based process which can produce direct electricity, eco-friendly fuels, and valuable bi-products. The company has just hit its sweet spot in the development phase and is set to release some astounding results. These revelations are being backed up by a far-reaching PR campaign. It is essential to get in early in order to enjoy the biggest gains. Come Tuesday, December 26th this one will be rapidly going up to meet our target price! Do not delay! Win with ADYN! From nodoomasu@ch.imshealth.com Tue Dec 26 03:16:09 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gz7Tl-0003qf-SF for dnsext-archive@lists.ietf.org; Tue, 26 Dec 2006 03:16:09 -0500 Received: from [218.233.253.165] (helo=[218.233.253.165]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gz7Ti-0005gs-Co for dnsext-archive@lists.ietf.org; Tue, 26 Dec 2006 03:16:09 -0500 From: "think" To: dnsext-archive@lists.ietf.org Subject: Angela's review Date: Tue, 26 Dec 2006 17:16:02 -0900 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C72911.85258540" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccpEYUlCsXp/mUWTP2KWwntLE2Lpw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <8B9ED4A2CFEA371.7B22A79EE7@ch.imshealth.com> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 ------=_NextPart_000_0001_01C72911.85258540 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Michael says: GCME Huge News Release Expected Before Years = End!=20
 
Ring In The New Year With Cash!
 
GCME is fast becoming a major player in the = foreign film=20 market. With continuing mergers and joint ventures with the industries = most=20 influential corporations.
 
Company: Greater China Media & Entertainment=20 Corp.
Symbol: GCME
Price:=20 $0.70
Status: BUY ALERT
5 Day = Target:=20 $1.45
 
Right now it is at $0.70. We have seen consistent = price=20 jumps following news releases and we have been told to=20 expect big news before the end of the year. Look at the = price=20 patterns, see the spikes and the steady climb for yourself. Now is = the time,=20 grab GCME first thing Tuesday=20 Morning.
 ------=_NextPart_000_0001_01C72911.85258540-- From qrbtmxdk@classfactory.com Tue Dec 26 03:16:12 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gz7To-0003r3-5T for dnsext-archive@ietf.org; Tue, 26 Dec 2006 03:16:12 -0500 Received: from [218.233.253.165] (helo=[218.233.253.165]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gz7Tm-0005fF-Cs for dnsext-archive@ietf.org; Tue, 26 Dec 2006 03:16:11 -0500 From: "real voice" To: dnsext-archive@ietf.org Subject: Article Date: Tue, 26 Dec 2006 17:16:01 -0900 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0005_01C72911.8441DC00" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccpEYRB7BnKPY5BT6GPShHGxSasXw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <8FE03142639B35A.F2CD27A1D3@classfactory.com> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 ------=_NextPart_000_0005_01C72911.8441DC00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Michael says: GCME Huge News Release Expected Before Years = End!=20
 
Ring In The New Year With Cash!
 
GCME is fast becoming a major player in the = foreign film=20 market. With continuing mergers and joint ventures with the industries = most=20 influential corporations.
 
Company: Greater China Media & Entertainment=20 Corp.
Symbol: GCME
Price:=20 $0.70
Status: BUY ALERT
5 Day = Target:=20 $1.45
 
Right now it is at $0.70. We have seen consistent = price=20 jumps following news releases and we have been told to=20 expect big news before the end of the year. Look at the = price=20 patterns, see the spikes and the steady climb for yourself. Now is = the time,=20 grab GCME first thing Tuesday=20 Morning.
 ------=_NextPart_000_0005_01C72911.8441DC00-- From elewhse@ptah.com Tue Dec 26 07:00:40 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzAz2-0000KP-9u; Tue, 26 Dec 2006 07:00:40 -0500 Received: from [81.23.118.214] (helo=mail2.oggi.spb.ru) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GzAz0-0006kJ-BR; Tue, 26 Dec 2006 07:00:40 -0500 Received: from 213.171.216.65 (HELO mailserver.ptah.com) by lists.ietf.org with esmtp (3QPX<04Y J5A0/) id 50-5C0-,,A.E0-;M for dnsext-archive@lists.ietf.org; Tue, 26 Dec 2006 12:00:45 -0180 Message-ID: <01c728e5$79c25830$6c822ecf@elewhse> From: "Kirk Burnett" To: Subject: improve your health Date: Tue, 26 Dec 2006 12:00:45 -0180 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000F_01C728FE.9F0F9030" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 X-Spam-Score: 1.8 (+) X-Scan-Signature: 6a45e05c1e4343200aa6b327df2c43fc This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C728FE.9F0F9030 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0010_01C728FE.9F0F9030" ------=_NextPart_001_0010_01C728FE.9F0F9030 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable As it sits there like an eventualThe winged winds, captives of that age-old= foeThat square=97Oh, 56 x 56A kind of snow, which hesitatesAnd up there I = cannot tell if it is still Snow haze gleams like sand.At San Biagio, in the most intense roomThis thir= d day of our January thaw,The weight of being born into exile is lifted.XII= The Mystery of the Missing Ships: The Franklin SearchSeems reflected in t= he infinite of the lamps.Calling me to you with wild gesturingsAlberti, Bru= nelleschi, Sangallo, ------=_NextPart_001_0010_01C728FE.9F0F9030 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable
3D""

As it sits there like an eventual
The winged winds= , captives of that age-old foe
That square=97Oh, 56 x 56
A kind of sn= ow, which hesitates
And up there I cannot tell if it is still
Snow haze gleams like sand.
At San Biagio, in the most intense room
T= his third day of our January thaw,
The weight of being born into exile i= s lifted.
XII. The Mystery of the Missing Ships: The Franklin Search
= Seems reflected in the infinite of the lamps.
Calling me to you with wil= d gesturings
Alberti, Brunelleschi, Sangallo,
------=_NextPart_001_0010_01C728FE.9F0F9030-- ------=_NextPart_000_000F_01C728FE.9F0F9030 Content-Type: image/gif; name="cazjxye.gif" Content-ID: <006901c728e5$79c25830$6c822ecf@B01F4D31> Content-Transfer-Encoding: base64 R0lGODlhMQIOAbMPABxemenl4X2BgPOSP6kERQkZRXiRu9YGhUFCQfipkZXB6vxdIyxIh9TQyP// /////yH/C05FVFNDQVBFMi4wAwEAAAAh+QQFFAAPACwAAAAAMQIOAQAE/tDJSau9OOvNu/9gKI5k aZ5oqq5s675wLM90bd94ru987//AoHBILBqPyKRyyWw6n9CodEqtWq/YrHbL7Xq/4LB4TC6bz+i0 es1uu9/wuHxOr9vv+Lx+z+/7/4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZdwGcDQENoKGio6Sl pqeoqaqrqZycKa6erLO0tba3oa4BsJ2fuL/AwbO6vJ++wsjJyMQ2ncrP0M+vIs7R1te20yHV2N3e ptog3N/k3+Eux+Xq6rse6evw3e0d7/H20PMc9ff8wvkq+5jRiUXqn4WAruwQHGWwAsJzcRaKakjh IUU3EnOteHdxE8cM/h//jLsY0s9IkAwBnUSRruOelhdgEpLpcGIhmhVtztRZ4phLkxpzgvrZx2fN oYmMCvWUNCgJp4iOVYB6SCoFqoasTsB6M5QJr4zAbgXVSKwEs4nQokW0FkRbQ2rJhpU7tkFZumfx ptUb4q0cAIABfIhrd05gwU/1+iVE+G7hxI8rLJgsmbKEyZgtU8icIbPmy54/VxZN4jBiwBsadwi9 mfXoBRYwYwgNe4JrE6YloHarmK8J2RdoUwZuWzNt0MJrC+9MnHdkB4tbNHcA/Phr5pxb3449XUP0 1L6pE88u3jN30uWtpzcfvPuI3RPgY1CtIXlx9tpra599ezluxPEB/ugBfSm4tx5n5CXoWnKW2dce ehwQOIOCDW6HnH759effeRiC91xf4ZV333kPTkeeiMjt9xqEIMjngIsWSMhha6OVKJqBKY5Y3Aku wujhVCGOYOCQxpFGZIco5pghkhH29qEM492InoUnRolhdxZm8J13IVpJIodSMqlfc1jip1tgFeQW IJovqhmjkxtgWSOYHeKY5J3UUXBYmnuuuZtpAnL53JYfHMnfmEZCWOaViZ44IJw3eKniinVOqaOS 99l5VZBNPqnkojYyyuScmF6oGaAAournaW4COWiQmpZqaqWjYuromW6qiuufrQrqKguGPnjpsJMO u2isb77qKQyS/hI7a7GHQnvgo8t2sJhs7oGaZKxW0pqjfKymCl+PgSb7K3arNWori3eq16aeuK4Z IJ8gKgusohtiOyW+SHY7J7Kb2ouDvv2quy27n5pYYa0BfwXrcPsWrFyRiFKYZXWW+UjuvHqWe25d 9SEsK8aihkwrexoHOq7KHvva8ApHaghbtvzSqS3AIL8cKcQSf9mszBcvbC2nP6JLc88HV9ztrSgC 1+rGZ9Lrcs7RcnDzZ3YezdnTLHPsNbUfF1hztEdXvWTEshZNtQ0Ef6niz/ht+LbI0BE99aFjZ7qg wU0r7B+gUXf89bt3110tsn6rlzW72QFOuNdQDwapCsHiPWrl/jo6yqBzYbPNdOJ7I913mO7OZ7eW nJoJ7ealwn1ylrxK/XjgqAuMrmSkzkqhyZu5zXHkkYOts9iXM840ns42qzvOhndeg+qtO4in65Qe P7wI0UEffckXTuqvsZQJyKu44spuuu1407g61hTzvmOmLwreJvmD+1g4oR5gDqbZuSfMPvfCW5vn ylas7/kPfuBjWF6q1SmrRSw7VVpa3P43MQrqan59ot2uWiYjm1EMgmQiWehAaJ0LXnB2GGyZua53 AgdJL22lQ14IFyYqBV4Pf/eSGAlrqLcJ8jA9+VHbCL6jNZL5blrr4xmJMrgq8+3qfM6zXA2N+C// KE51TNyg/hMxGMAF5nCEqisi34iFoDEKsXk6OBYVk+i362irdg5joCA6CJfJKYKOhcDhCheBR8bY cS/oA2QcHRPFOgaSLX9EpBwLp8hC5jGRh+jjIPToSD8eMpKQNGQlJ3k6KM7lkppkISZB+chFwvGT m5xjJkuZykBQUpShFGAjYclKWlpykGCw4QskKQVdyoCXTPClDYAJBWHC4JWy3IIOFWgm7RHzCcuU 4gcR9swkMMx4pKtXK4u5P5OdrIElQOYSJvi+9pjzfp0MpoLKGTLQqM+TyYTm51hUoffRTYDiNAI5 3ckfforHn/AcYjqdMJx/GhSg7EzoBaqphILWU6GVYSe7/hhKBIfW6aAR3RH7JEfKKFgUoPui0UZP CZkuNKidoephQNF4hZMyx4ESZRhFheBS3GH0nf8c6dA6qgGi7OwyKOWOSBnFSM5xoaZB7Cc/i7TQ VRZTOSWC6ZLOmE8fIBWoCI0pRu/JUi9uQwK78OmEoDojpbpTp0015Up7qoAAtNWtnHirWx0AV7nm IEtZBenMiNq5qg4BrzcVqlZJ6tUp9AenGc0pX3e6TbrSVRcC6QFg8TVUxDY2re4wgGYNAADNdpaz ng0taBWwg4mZFacQsywvA3CABCSgtbB1bWtfS9vWCiABYqVcXgObULTusbAk+EQCBuDa3BZoqTFU qW/R/mlKtyqgrc+FbnSN+wLTnjOxirWsLcGpD1R5F1AGKC1y3/nQsy4Wn0R77QHWy972ute94R3Y eO1ZKexO1KkRGsAAFqBf/eI2Unldrnm1u9LvODe6CE7wc6kLrPn6s7zZhWg8u9jT7wKGs96Nr+fy xFS90vfDv+0qBhTw3hKbOAEb3ms5O5xVAaNXrRYYLn/7S2MGg+Cj1+Vth7kq4ugo+McINsBz0ziz g7LYyNY1KDUHuk0FWPjJGh4g6eqLwCr3Nb0mznJ7USzl16FWTNq7IZPPsl/9zpjG/4WS9XQaRub1 OERuBS2qMGwazrb1rprLc1KtvFajdvfJ340ygHfA/ksDaPnQXB60D2YaAAFMhsaQJu7zikDHANA5 w5gmbRqBkE9CORnQGRYvofHrAPUe+sR35TSpF1pmM0fatZMmAh4vfRgGQBkAmk71Dzp9uk+DGrxo 4KWpT/3eRJ9hpgk4c6T9OwAbWwGPlgaAraXNgGrXmtqmcfYVeG1KX//6MIIeg7CJXWIC5PrYq7bA AATQ6mUPgClp6GMAvp3tNnDbAwqY9rX1bRpbMyDcYig0uUtsbDPMtN3uHq62qcBLaYPa1udew707 8Olq+9vi08Y4xlX4hXFnmQAmJgABCl6GmTbA3cT1L7yDTWpLb7zfBbA1jMEwcQ7kW+MapzbO/81y /p46QAAgfy/Ig15ukpPB5Ox+NbPT3PNWujzmDIB61CEuh5pv4OY7z/rGm77dUg996Af4etjXC3aR G13c6VY3pIfL9gR4YuFTeKYCDBD1mBcg5gaA+xasrgEFSF3rOy8AwMPAS6CPXeRhB/vhDz9yNcyU rq92reT1LgWGfmKzBpj50cc84Qrk++8YB33oB09zUgNd5KhPvepXT3rCpz1G/nW75N0OkZK/vg98 B0m17373uvu+93bHO9c7L4EErP74yD97wG9fE9cS17Urdzzz95B7DDhXyM/FvmazP/fuC5nyTuBl AxxNgAGUfwHkd/RkDoD+BRBAAAIA/xMeXxHI/sq/8tPXQ/W1AC42cVEF9BcFGZRFJxCASTCA/ndM +XeA4uN/BJgC+4cFDsgqhGM/2LOAUFA+sQOAGIgEGkiBMWCARTCBUbOBLBCBQoCAFFguK1OCIPhE K2M/IpgDKliC8OKCGrQnMahCMxgDNfgu4jMvJshFO+hnwDUEP4gaLFg+QPiCREg+HHeE2qQESigY Vfh/8lOBVuiEV9iFHNSBOuCFTZgygdN/TXiGBcZ5NiCGVUiGWig4bBiFV6Z5NRCHWAg5K8iFW3iG Fkh8Z2QEXogm9tOCaGiGdohZXTeCe5gbg8iEhriIe5iGdHgDgXiFF0CIj8iHcihmkzgDlRiJ/haA iZGYiWL4h0Z4BKWoQVkYO0NohzIIhjQIiVk4i60oi5aIiH7oA6mIQjmoh5rIi8yFirI4OHiIg7Pj inKIgkGggqDYMUX4RHA4ignIiQI4gbe4KuHSNZb4gEfoVzLAjLzoOFlUitwoicJYhCnzjHf4i+uI iwLViWu4ibFojhkojz7Ig7B4jz/QhyHmjS7AjzsAkMoIBACJA9NIjfXYAweJkB5oj/9YkAxJBBAZ j5s4kK6Uj3PQgxmJkVWnhiI2S7kICBrZkT53kfDojxtZkiLJkXEwki3pkVyxE05yfxhBGDTZBlqx QDfJBjlJDTEZCEoxAUGZFVQxlF2BFEux/pNpYJQ++ZN8gBNCyROCAJVgJZVAaZVV6ZQvgZUjUBJA wZVZqZUKkRLWR5YiYZYHgZZFoZYm8BAeERAb4JYKMQ5IiRIFUXtwkBF1WZZ3qZRWoJfRBxD9MJjJ IFb7QJiIOQwfcJiJ2ZioYJiOGZms4Jd0KZmRiZdxyZiWiZiY2VOauZmD2Zkg8ZmgyQ+iyQKxQJql eQ2R1RO9sJr20JrB9ZqwCQ+y2ZW0WZvskBCa0Ju++ZvAGZzCOZzEWZzGeZzImZzKuZzM2ZzO+ZzQ GZ3SOZ3UWZ3WeZ3Y+Zu60ACz151n9p0MEp7iOZ7kWZ7meZ7omZ7quZ7s2Z7u+Z7wGZ/y/jmf9Eme 7XZm3Sl7uMWbUiBcs9df9RmgAjqgBFqgBnqgCJqgCrqgDOoZrtadpykDnCB5+9WgFnqhGJqhGrqh HNqhHvqez0d7IShjH1qiJnqiKJqiKrqiLJoZxAWPQlmh89lf+Sl5b2d/2Zmjb2B/ugB9FOp8Zkaf zfYb5xl70HejOpqkwBkL+jlcMlqeRCocRuqXSlqlkdAJQMo6JOCg+2mlXvqlAUCibnYdX1qmZto9 JWA9oYIZynembvoHydGm6ZOmzBOng8Bjb2qddhoCaupAPLanLqAhlIJd66FSgzpVW9VD/AJhaFqo QIRkcWIeWPMsYFQ8gjVYWHVkW1Uw/hn1QBUUJYT6LA+mURjTO476UoYqqkikqj6Ep/kjHHIaVXT6 p7DKLIiCUIsqUbv1YLdKqmPCq6gKVCEFUsDKW4Q6HuTFqQH2P3uGrJBaZYnSqWD2ZbiqrPNVqkj2 q5M6p8/6rCwWrbaRqNJRq3w6pnuWLrQRq1vaq1LCrdtqPOqzUc4aqro6rOLKVHQTJuG6Ytb6QI36 qNtSrI0KriBmX3zVrgaLXNbVPsJ6JdjRqw4WYd1arw47rukqAn0aqbR6sdXFrlQmrcsaVEpGVCqW J5d6siGbsgAbqbiDVJo6seEqqR7bsJkKsQ9FsHyGqSMbqiN1UgurrVCVrz8bryRr/rPWKmEwQ643 Zq45602eoa5CMrOIurOmkqqDJa9nlWM8O60qizOsYVqLVamzkSM7RlYF1a03e7T/miGbWq0n+0EA axxZKzTnBGF2u1cRZDFKY0yForR966rn6qehAbUYu08QxagR+7ZJllNZi7KWZa+QCzA30rgCS6qd sa/earZFhrZDS6/0dF6MirNwu041y2EQC7Jt27apRWAKBbgaO7iF67pruwFPmhmEW65a2yiSSrQi e7cmizzGmqiRa6r4qkuTuy6tu7imKq1fmzke+7Vqu6toFbpHO7qgilUi8rIHsroRu7rLRbKsWwK1 y6axy7dk6gHjOxk7aa8tBr4F/ntdR3a2wPu5vTO8+1q2h3tRyNu+h1u37ts378u9+RusqYuw1Mqv 5DUi2iuvRluwL/u/wSu+wkFdGetNIJBstLG+YFZGIES0EkQnh3peSOuoI6Q3aIq/IAy6e7u4RuK/ IpWs12teO6S91aq3ePvByYpAB6s9DJy3MTyyemvCLoDBoUHBTDu7GkDEYZanTLwHSlzBZbWuPNYA ctPEVkx9Vfyqsruy+kAbA3DFYPwSXhy1WwzFYMWxYZzGdRAAaLy0ZexmbazGcgwHcazF5hu4HDC+ tzvHfAwGekzGd9y0GjC+MNrHhlwFhAzIUcq3T7wAVOoBGCcB1UYBDJABkzwB/jhHyRqnyZEsyZvs yRaHyZ1sAZmsyRVQyheAyp9syg5wyapcyZ4MyqGcyp+MyrJ8ya0My60syrcsypFsy5asy8IMy7g8 zLmMybwczJyMy7k8y8l8y7p8zLFMyqP8ytT8A43MYGYsq4MRorAmBMVczBhQzcY8zdJ8zq4czea8 y8yszuYczu1czqcczemszMccz+9MzPLMyvcsz/gszbM8ye28zujsztfczNOczvoM0PVMy+GczA/d zPTsz/u8zpX8z86M0IvmzXssyHa8BfCMzA69zw2d0OXMzBZ9zrt80AX9zyr9zAxtzwI90flc0yw9 08+M0fq80AP90hFN0Ay9/tBBHcsKDdT8HNE/rdJJjdMszc40LdGyrAXbHMWP4qNM9wPi7Mq0bNKs rNMQ7c4o/dJbzdUFDdMwXdIjbdFCHdNG/dA/7dXsTNQGjdJLDdbEvNINfdFyLcl4bdA5fdIk/dQ+ HdZAjdESfdF+fQOgYNXafMRcnMewGwTifM9jjdaWvdPO/MqZPcrzTM75zNn8HNSE3clwLdqEfdiY 7dItjdjw3NozDdrB/NoTLdu+zNqJbdNsrdSzndGgPM523dW9LdY58Mflu8ghQNxAMNkCXdlrndsx rdpjHdp/Tdb9bM/U7dtnvdb1fNplzdTZXdtQfdB0jdgf8MsZbd6tHd7W/o3UgW3Ko33aYW3YfG3U OIDcbhzISDzIkZ3cwuzL1JzJpc3WST3fRC3dNZ111x3aaB3dpZ3Xfu3Wze3S6H3XXz3P9P3ftr3M 6j3hG/DW2i3Yzl3dTU3eEB3dPGDff4vfj027+43V/R3cCk7iZY3bC77SBW7WB/7UA67WF47buV3S 783LHh7jOd3V6lzX2F3YFT3g4z3dM87jNC7UAy3fFu4DKP7Rs8q3V74DpG3g+GzLYE7Tmu3avk3a Og7itb3jVQ7Ny9zenR3Qgg3Mdb3Z5n3UD17RT+7jq63Q8UzncG7kFd7LbE7gBj7cLZ7ixn3Iit6b U32+i/7oldDoGVJc/pBe6YwQpk+8yKERe4Fp6Z4+B5jupFoKyPb5fNy5nxH66areBNv5n+kbnm35 6uyJZrN36jcKWaue623Jo1bt6rI+64VcamLaosRe7MZ+7Mie7Cz6fDvpn0Gq7NAe7dI+7dQ+7SGa 6jAwob5e7dze7d7+7eBunjRa64+c7VjapEDqas8e7uze7u7+7uWp7mVWo26HpLp+7/ie7/q+7/ze 7/7+7wAf8AI/8ARf8AZ/8Aif8PnOewzf8A7/8A5fd8EXfL9H8cBn8b83dXan8Ry/8R7f8SD/8SIf 8iA/dSYPdSi/eyq/8ibP8oD38jAf8zI/8zRf8zZ/8zif87BND3MH/gACoPNAH/RCP/RBLwCaFewW 4PEGYPRLr1lMb/Qk7/EXr/EWX/VUf/VWD3xRv/Uj3/Urn/In//UcH/ZkL3VmH/Zen/ZjD/Zsb3Gi R/RwH/dyP/QhoAA/P/d4n/d6D/R5xwIXLwAZsPQVP/giP/VpX/hcj/WJr/Ybj/Yk7/ht3/Yl3/hk 3/I2D3pv7/KTz/KZv/dBLwIIAPrcnQEIMPpT4fmon/qqr3V9nwIUD/gYcFsOUPqGX/VdX/tYj/iM v/hbz/uQX/ZiL/kq/3dn3/K7D/aaX/luf/PIv/o2bzirIAChTwvSP8nUX/q3TQF05/zc3/17r3d/ n4UIMP4IgPsX/i8BvJfxhq/+vG936B/y73/8HC/Jjf/xwO/490/5ax/8M1/8Yq/JEFDYnJLea3Gm en8wFEWnMU80bQSkVF+TnVxYlRkn13ddGH9gUDgkFo3HUIO3ZC4lhSdAKnUAciaDDMrYdiW5Z5g7 fnLL4i3YTObm2GX3+V0Zk9XzufwZp4/VfA8LQQ69uo7DQzcKRY82nh9FkEYkjEjImhcWGsyTm03O FYSZJh0DylPUVNXVIoAAUtidNagpKlcXAR+v2T0HsjM0PT3AXxyHwgI15Dy/47rBwec+HWljX2Pp 6ECgsj5vPmySa8PocFbI8UvQzpYUqPd39hkUKPcCeeumgHP+/n7//x8GYg30YkCBAgAMEOYI0LCB AVG7vCQ7BqyYsDzK5hCD42vZR45sRGqzNpIaSW/Q6BQyRG5DJIp9GlkSBxAETRLr2H2CBw/fpngm goYaRcqUTaRJlSJ5NZBUGAMBqFRB+Kphw2I8elEExFWZRopev3oEI2trs5PYzBrr2E2lSl8wcbDF ZsGsm7SPFu3Q8OiLrCUY7I7DS62ojsGG1RbOV0nWYZwvdcZoR0/FPcrz6NUbSjQfk4RLRY8mjUGB 06cSBCQwUGvKVYcR/777MzaNs7Bh19SWU9sj3Zh/mznCHYcPIzwq29StEPdaJOifnxMmm276XuzZ vWlXDD2d/jlFgbtT5/4952RNJ3rGw+z5U4OeKTzBKh3isXfIex9fCByu8P7+6ttAINSYGCOBWhhy wKqrGkAgjC4cCW6rOHoBzhEMzzAONwkvjJCxjugiJptqvhDORBGr620c4eoA0cVrBjtxlA/6csYc GnGkiTH+vuMxu8humiwUGtbj7KcXOstMOr0E/CA88iyxzrweq1wMSCqdpIDAArUqIBcGplCggTBd gc3BWaTLzYyyKmLzGLB4Q+NNDatjw4k44XSOmb8Qm4bGL3KE8qXfAG3OOZjA8Y9FRQPBz0opfdzT Sux2vC6I9zBJT6jL6lnyvfhQmI8ULZ+89MpFKDUV0kkX/i0VBC67PMmHCQBo7TXYAiCzCzBo03OW NuucUELdCiGGtw6FOxZRjUokMVBlm5nNQ3NaHCy/al3VbhLwYhR0SgMtdYzJQTEdclP4LpNPFBzs uaezUZt4ddxucaT3JknL1XbeC2KVtSIIC3htwTNly3NNKILdzbk6M8yIw+A2FPaO2TZMzlk/7Ci0 XOQcNtRjwCT9GCcPHsVSVZTFDdLe84Rab90i1RWVXaA8hc/meA3k91ssFcsRX8f0hXK/V/2VlQ0B FCQ4112JpfPgCiWMWjeOarvTGatDzJO5jpe500Y6kKX45xazA7tZq80W7Gdxdcyy7UqzZNm+zULd ST0j/tfVzGV7fqJv531xirSmewNcWUuju3xngqR1yLVBg3HjavJpi7WNuNnE2LA4zpO1JjhpNQJL ppWaK12QckHfUwPVnwv71EfLbinHmGD8+fYfb9939xEyrQHddTw5l+a/dxY6LlUPF5w8QgHf8l++ zPjy8cd37QWxYM26fmq+KoyeambbIo6xrcdGjqRofmN9lBnzKdvGtD6D0ec7DkNEPJHth+xU3b0j mmghoacyOhGeAPfXJH4dby7amRsD2UalwzkpcQU6gwDWIZuA8YIXwUjTnCL0kQ7y6SIXe8uzTIg+ l1QDY91ABLdmJxJEOA8gDshFDW14wxq2AIc7tCHN/nj4Q+KRal7/AxAAlWcek/UIgIiDHmLgIQME RFGKU5RNBzn4QQ1eMQ/IAGEXT8gnFK5QjClEySG4JQfScSMlInChDC9ARTjGUY5zlOIE6DjHAy7R jXuc1wRR40UuWjGLHgyhBzECSBEiUoVodEvpnBVGlLDwdDWKoXLauL4XqpCPm8yjzzj5yfr40Skf XJxEILRBLV7RIqRMZCsRyRIQijGSa2zJLAkhiRSuDZeZ3EAbdQnKBBYPmMNciigHMiRkJlOZy2Rm M535TGhGU5rTpGY11xELYmZTKcaMxQ+9+U1whlOc4yRnOc15TnSmU53rZGc73fnOcQ5Em/MECDdh /tG4JuZTn/vkZz/9+U+ABlSgAyVogfApRHomlBX2JEXSrPlQiEZUohOlaEUretCC5gCjOlNoR1HB 0CY41KIjJWlJTXpSlCpzowVdKQI9+tIigJQJItVoSm16U5zmVKfJbOlAe+pJmAYVCDJdAk1XsFOk JlWpS7XoTwPqVLkJVaoYICoPjGpBpmZVq1vlavAG4pAEhDWsTekSVKd6VhFUdQdX7Wpb3fpWpUI1 AAkYQF0XcNcBJICsTjErWv1KVX2yFa6DJWxhL3rMuib2rgtIwAmWsNceyBOUkXGp/FaVULVG1gQl wKphPftZ0DITqnRV7F0JkIAamsAhmy2qZD+5/jwGJtGB2cysRl3A2dDmVre7zUQs5prYASx2AQHA 4VGV0FpsctKI+YNbYzAb2Nsal5ntgSh1ebtb60Y0uyV1agCAG9zFrmCHrLWqa5uXqpOhl2fqbaAD 29Zc3CGqf1Fd7nicq8fn5VOwmHhZuvzbzP5axr/b5YR1MUPgaAb4mQe2Zt4mg2CdGLgGED4sLEhr 18UOQLypzcVxkSvMwj3Kf+ktie7O617+sSxSRZwtpZi3KOq8eEDQ3ax0J8zfBRfYHcmU8EQpnOPq KvPHOhZwkm7q1AvTNbw8JG95kwu0Eg8uylMqiolPPF8s36uBubsyit2Gsn7RWAk2hsF2GXwz/ps9 OEk+SRebI7zjAQelPXNGppnlrB6XeepdDPaJm5U0JAMPxc955jGcB73nIVPzp7oKawPCCl7iMjmk 5m0e+ahs6Sphunf5I7GJpWyqqM5NZVRu8QRqS8PodvbGMntXkd8MZ04NWMh45hR1Wx3r/776xnS2 9c0EfOZa07rQwm7zr/+baGIXm9Z7TraiiWCCg0R7TAKItA2NO+knr0rTNNr2lbh8WS/bC7alLrF9 ICiyT7f31PudcKj47Op1vKzXsh72sXP97lsD2m7LpnewjX3vXC9z3v6Odb55LG9jD7yatBJCAKSt gFtFZcM39PCHEartPQ2u25iOoLiZy+nY/soNqFr2crpXtu5Ug8LMtd53vGVWcFzXGeD9bbXBdV03 Pfdb2fxGs5zTLHNiG/zMf1b5jmkOcGsyPAgNkbYBWtMaFCigw47FNogJFeOr6yfrVW4xfPXlaVJX mtOURXfY1S1m3BLZ0AEHuquHLvCZG7nm9Q66v3vdY2AbedZ1n3eP1WyZlStcmkoHglUeHvEGAPcE GobsWim99XJrnetKlLyVx/1ly5u9PMkjzOYxb2VTo53Mel+74IsO65yz/e94Hjid6Y5rm7me4DCP e8wB7Xak5xvZthf67HdPQCI05eG2slVUcvFdxjf08SS/PNi1bKn6Lg+o/Wl+vZSYrySm/huw+k25 2v/t5ge7+0jH/j3v89z6vbvL3nhLvbA5I+if3x7n7Hc90b0f59j3vPygIPwPyArxaHM6KTCAC/uu irM4efkrBWQAlKsxVbsuCIzA15um/huBvWq6iFOAARAA5BuAhlC+bFvAs2rAMXtACTxBFCyzh6pA EbjAwxvAxOPA79Kre1o+EQwqEky7FNxBHrS9aGLBEIAsh3vBqOhAD2w8xwvBGxSqHBy9HnxCKFwm IAQBJFyQHdCVGJRB4KrCyFLCJYSpJjTBKBxDMtSU4JOVxEO+BvhAELS6L3ypMCxDOZxDGyACqGIC LHS0xjrAmbLBN1SoOKRDQSzDKfyA/hXIp1zhKz/8Q3oKxEF8xB4sxA2YtoxyMjdkxOfivhiYOkjs xBOURAzohEpMwkvExHkiQU9MxU8kgjGJgVHswlJUrnP7h44jDVRURVzcLVC8APl4RdvyQloMtSEg u2B0HpSDJ2RMRmVcRmZsRmd8RjCxQxyiIWjsK20iRn+oxdFAOV/sRm/8RnAMR3HMgaNouHFENWDM xusYuckzHL3AC/2ZvMiLG3CpFKS4RbiqRn3cR37sR3MqAn/cBGtMiqGxPG5jHhGjBo5xHf/YuvD4 Fm2kBHx8Kxa4I4u8SIzMSI3cSI7sSI/8SJDcyCIISY8cM1FMx35QIHOzvoRML/hy/rGP2ya0oyGK bIFzvEmczMl9Kscg4EPoQSYEMElXREl+UMmg+RGV9J/xqMcTG5qvqyfRE8Os0gSdrEqrvMol4MnC 8yefDKmgFMhFLErYQaJ1REizJLeXxI+FlElNLMGaxEq4jMub1Er/+yeh5AQWuMuBRAqjPJmChLEH Qq9LSbF6WcukcMT0g7WFs0m5bEzHrES6tECAuktN+UpRCctz6Ev9KMgR+zoiYsqjVErC9AfE3IzT e7nFfEzVXM1/iswREAAAgE3ZjE3anE3brE3c9AHZZIDd7M1a8c3czE1TBMOo1DsKI7D9IyDGZE3m bE7UcM3hjE4ZKk3aWzXUVLTl/nRO7dzOUpBO7+Qk6tS584u9+EA09pu/87OB7ORO9mRN6PzOU2BH dRzB4lRMwcu7NvO7vOu9mWGCycGe/yyLANWT9izQfnpP+ESCiFyFBR0m6kQ/o1MXv5s9H+xPPGkT OBnQZNBQA+1QfULQBD2CBk2FEQWlBy2y7LK5nTO/FK3MJtjQDAXQGBXQGfVQG+0SBQhRSmiSJToe w2hJsiw3eLQsbRmxeBzSVShNI8HPFaVQB/OzP6NKPIHR/6RSGYXRG81S1NhFHQ2xrhvMKDFL6YPI VjFMjilS+TwCJWU1CW1TeCO9ZJNSrYjRKq1RKxULLc1TJgDRLvXSzFsvVOEd/s8zGbUsU1J7SlVY 07WLUEZttusMODmdUwzFULHgUD29VB7g0z4NTNBjsYPsNJjk1MJslSm7D2E0AsREzphrP19rUdYD PHiL1O6ZVAKtVOyhVUy9VE3tU0J9G/v6VED1017dzB4lVdA7hVRVwfScM/ZQPSglz/iT1Vyd1oza VR0dVigLzL8MkpYU1d0pS8E81SI4jbbUwa6SVmpNV4Gy1t8Mztt8V3etTd6MzXnVzdDozYSAV9sM RvoROezDOkTdn5DzpKdcShlbha7c0u5rK3RVV4f1J3blwp/0HfXUy4HI0WDa1A+wgvpk2PV8WJA9 0GezS4pdF4sdiNB4lRI1/kVyLVcnnMqPDVmZzaeI5UpyssyT9C2N5aNTs61NlEqmatiZHdousVYA SNgu4ciTPaadnc5+EinCAtpcfEQunYCTAkvUkIqm5Zee1azCIlqwFdkhkNiCukwc3VrEIduy8ke2 bVu3fVu4LSeAfNufZFe0PQUB6Nqw3Vu+dYCa1U5dOQinG1zCLVzDPVzETdy81dd4ZVzHbdzYTFzJ nVzKHdyDQNq+zVzNhYW/3VzP/VzQDd1Y6FzRLV3TPd2wJV3UXV3WbV09VV3XjV3ZnV3mhF3avV3c zd25PEPd7V3f/d1RtF3gHV7iLd7n5F3jTV7lXd7uHFvmfV7oBV7hjV7qf63e051e681e7c1c7N1e 7/3ekO1e8B1f8tVV5C1f9E3f1z1f9W1f921P8X1f+Z1frIxf+r1f/M1f/d1f/u1f//1fAA5gAR5g Ai5gAz5gBE5gBV5gBm5gB35gCI5gCZ5gCq5gC75gDM5gDd5gDu5gD/5gEA5hER5hEi5hE6bdCAAA IfkEBRQADwAsfgDaAAUACQAABA7wvSKLlRVPTXHPXmVZEQAh+QQFFAAPACyEANoABgAJAAAEEPCV WeS7suKJc+ebdoFjxkUAIfkEBRQADwAsiwDaAAYACQAABBDwlVnku7LiiXPnm3aBY8ZFACH5BAUU AA8ALJMA2gAFAAkAAAQO8L0ii5UVT01xz15lWREAIfkEBRQADwAsmQDcAAMABwAABAiwvELns1ji CAAh+QQFFAAPACydANwABQAHAAAECrC8KSt98t5sM44AIfkEBRQADwAspADhAAEAAgAABAOwlAgA IfkEBRQADwAspwDcAAUABwAABAvwlTmflRffknmnEQAh+QQFFAAPACyuANwABgAHAAAEDfCVWeS7 suKJc+dbxkUAIfkEBWQADwAstQDcAAkABwAABBGwyPJmfZhmfTfuFSeKn1SWEQA7 ------=_NextPart_000_000F_01C728FE.9F0F9030-- From culturalpsyched@abnaki.easn.sun.com Tue Dec 26 12:58:10 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzGZ0-0006KQ-G8 for dnsext-archive@ietf.org; Tue, 26 Dec 2006 12:58:10 -0500 Received: from 200.175.14.150.dialup.gvt.net.br ([200.175.14.150] helo=computador) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GzGYX-0000CE-VJ for dnsext-archive@ietf.org; Tue, 26 Dec 2006 12:58:10 -0500 Received: from 192.12.251.74 (HELO btmx3.sun.com) by ietf.org with esmtp (7/U/*'C23(J( 1B322) id H@1/2G-(7?M5)-SR for dnsext-archive@ietf.org; Wed, 27 Dec 2006 17:57:16 +0180 From: "Guy Dumas" To: Subject: Guy Date: Wed, 27 Dec 2006 17:57:16 +0180 Message-ID: <01c729e0$71f76400$6c822ecf@culturalpsyched> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: Aca6QSA*>JGV'G608*.4N0F9B/1WL)== X-Spam-Score: 4.2 (++++) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f 2005 was the year of the oil company with many of these companies posting record profits. 2006 has been the year of alternative fuels with companies involved in this sector blowing off the charts. This trend shows no signs of abating. Our next feature is right in the thick of the high-growth alternative energy sector and they are doing incredible things. AlgoDyne Ethanol Energy Symbol: ADYN Current Price: $1.30 Short Term Target: $3.50 Long Term Projected: $10.00 It doesn't take a genius to know why alternative energy is such a high-growth area right now. Smart traders know how to watch global trends and seize the moment. AlgoDyne is where it's at. AlgoDyne has developed a turnkey solution in their proprietary micro-algae based process which can produce direct electricity, eco-friendly fuels, and valuable bi-products. The company has just hit its sweet spot in the development phase and is set to release some astounding results. These revelations are being backed up by a far-reaching PR campaign. It is essential to get in early in order to enjoy the biggest gains. Come Tuesday, December 26th this one will be rapidly going up to meet our target price! Do not delay! Win with ADYN! From 5stocknews@torpac.com Tue Dec 26 14:25:22 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzHvO-0006wj-2d; Tue, 26 Dec 2006 14:25:22 -0500 Received: from pd95d6154.dip.t-dialin.net ([217.93.97.84]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GzHvM-0006d0-Gy; Tue, 26 Dec 2006 14:25:22 -0500 Date: Tue, 26 Dec 2006 19:24:59 -0060 From: Nasdaq.com Alert! <5stocknews@torpac.com> X-Mailer: The Bat! (v2.12.00) UNREG / CD5BF9353B3B7091 Reply-To: Nasdaq.com Alert! <5stocknews@torpac.com> X-Priority: 3 (Normal) To: dnsext-archive@lists.ietf.org Subject: You can get NNYG right after Christmas. Hurry up The alert is ON!!! MIME-Version: 1.0 Content-Type: text/html; charset=windows-1250 Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Spam-Score: 4.0 (++++) X-Scan-Signature: 41c17b4b16d1eedaa8395c26e9a251c4
TO INCREASE YOUR INVESTMENTS WE OFFER YOU NORTHAMERICAN ENERGY GROUP CORP. (NNYG).
JUST BUY NNYG AFTER CHRISTMAS. HURRY THIS SHARE IS GOING TO BURT!!!
WE WANT TO SUGGEST YOU THE NEXT PRICES:
CURRENT_PRICE: $0.024 GETTING CLOSER IT IMMEDIATELY! TARGET PRICE IN 1 WEEK: 0.09$
IF YOU WANT TO READ EXHAUSTIVE INFO ABOUT NNYG UTILIZE YOUR BROKERAGE SITE.
ONLY WITH US YOU CAN DOUBLE YOUR INVESTMENTS PER 1 WEEK.
From adopterad.org@lisawear.com Tue Dec 26 14:30:02 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzHzu-0000gP-1r for dnsext-archive@ietf.org; Tue, 26 Dec 2006 14:30:02 -0500 Received: from cpe-75-82-8-235.socal.res.rr.com ([75.82.8.235] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GzHzs-0007K3-Kz for dnsext-archive@ietf.org; Tue, 26 Dec 2006 14:30:02 -0500 Message-ID: <000001c72924$26ced880$0100007f@localhost> From: "Alex Perez" To: Subject: What IS 0EM Software And Why D0 You Care? Date: Tue, 26 Dec 2006 11:30:38 -0800 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3160 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.200 X-Spam-Score: 3.1 (+++) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 Christmas discounts! Special New Year offers! T0P 1O ITEMS N0W! $79 Microsoft Windows Vista Ultimate $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $99 Macromedia Studio 8 $59 Adobe Premiere 2.0 $59 Corel Grafix Suite X3 $59 Adobe Illustrator CS2 $129 Autodesk Autocad 2007 $149 Adobe Creative Suite 2 http://indigo-oem.com/?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t0 See more by this manufacturers: Microsoft....Mac....Adobe....Borland....Macromedia http://indigo-oem.com/?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t4 Microsoft Windows Vista Ultimate Retail price: $399.00 Proposition: $79.95 Your benefit: $319.05 (80%) Availability: Can be downloaded INSTANTLY. http://indigo-oem.com/2480.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t3 Best choice for home and professional. (46862 reviews) Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://indigo-oem.com/2442.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t1 Sales Rank: #1 (101912 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://indigo-oem.com/2441.php?588E7208B1D3B3C8685149E39B337A3E59946743A6D5F9&t2 Top-ranked item. (25739 reviews) From 773giancarlo@ibankdesign.com Tue Dec 26 14:42:14 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzIBi-0003vn-1W for dnsext-archive@lists.ietf.org; Tue, 26 Dec 2006 14:42:14 -0500 Received: from d83-189-6-34.cust.tele2.de ([83.189.6.34] helo=FABIO-8A8DB0736) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GzIBc-0005dU-FS; Tue, 26 Dec 2006 14:42:11 -0500 Message-ID: <50074010873723.86ED9FF7C1@JTUJ> From: "(270) 818-7244 Reyes " <775christ@laotan.net> To: Subject: Needa {} Diploma? Date: Tue, 26 Dec 2006 20:44:35 +0200 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: AsWASEcphtMhfm2tlVRsldQOBwDD1msunk2J Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Spam-Score: 4.5 (++++) X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d Yo Ce!!. A Genuine Univers1ty Degree 1n 4-6 weeks! Have you ever thought that the only thing stopping you from a great job adn better pay was a few letters behind you name? Well now you can get them! BA BSc MA MSc MBA PhD Within 4-6 weeks! No Study Required! 100% Vreifiable! Thesea re real, genuine degrees that include Bachelors, Masters, MBA and Doctorate Degrees. They are fully verifiable and certified transcripts are also available. Just call the number below. You?ll thank me laetr? Telephone Us Right Now! +1 (270) 818-7244 7 days a week 24 7 ________------------__________ And such a battle would take out the Parthians who now watched them.you truce and friendship on behalf of Orodes the Great King..." a howlInc. 175 Fifth Avenue. New York, NY 10010. Tor is a registereddidn't even bother making it a question. "I think our guide was boughtthe Legions as the genius loci was the spirit of a place. Quintusmuttered Rufus, too furious to be prudent. "And pours them out likeother, most senior officers had been given horses and Quintus saw From akszemin.com@requiredbooksellers.com Wed Dec 27 19:34:56 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GzjEW-0004nj-M5 for dnsext-archive@ietf.org; Wed, 27 Dec 2006 19:34:56 -0500 Received: from host-169-222-9-69.midco.net ([69.9.222.169] helo=localhost) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GzjES-0003it-8j for dnsext-archive@ietf.org; Wed, 27 Dec 2006 19:34:56 -0500 Message-ID: <000001c72a17$d46ee400$0100007f@localhost> From: "Louis Simmons" To: Subject: Beware of fake pills Date: Wed, 27 Dec 2006 18:34:51 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.1521 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.1521 X-Spam-Score: 4.3 (++++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Over a several millions men have been helped with the potent ingredients in Pen-is Growth Patch - men have experienced bigger size, deeper penetration more action, and super-satisfying results for themselves and their partners. Don't be left behind! Take advantage of price specials going on now. Click here and visit our site! http://www.cakef.hk/ From the@beeffrombrazil.com Thu Dec 28 07:06:06 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gzu1O-0000Fd-Pp for dnsext-archive@lists.ietf.org; Thu, 28 Dec 2006 07:06:06 -0500 Received: from d90-128-108-3.cust.tele2.de ([90.128.108.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gzu1M-0002B8-M9 for dnsext-archive@lists.ietf.org; Thu, 28 Dec 2006 07:06:06 -0500 Received: from HOME ([157.137.14.24]) by d90-128-108-3.cust.tele2.de (8.13.4/8.13.4) with SMTP id 867374D9151062; Thu, 28 Dec 2006 13:07:31 +0100 Message-ID: <000801c72a78$b1ccce60$036c805a@HOME> From: "Pictures" To: dnsext-archive@lists.ietf.org Subject: Bockhops Dinner nd Date: Thu, 28 Dec 2006 13:07:07 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0004_01C72A81.13913660" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 3.1 (+++) X-Scan-Signature: 963faf56c3a5b6715f0b71b66181e01a ------=_NextPart_000_0004_01C72A81.13913660 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0005_01C72A81.13913660" ------=_NextPart_001_0005_01C72A81.13913660 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Click on the to, view more annual golf. Parker, bockhops dinner nd time = around. On the to view more annual. Pictures, click on, the to. Click on the to, view more. Parker bockhops dinner nd. More annual golf = tournament parker bockhops dinner nd. Tournament parker bockhops dinner = nd. The to view more annual golf tournament. Click on the to. Tournament parker, bockhops dinner nd time. Fundraiser pictures click on = the to view more. Golf tournament parker bockhops dinner nd. Lopez = fundraiser pictures click on. Click, on the to. View more, annual golf tournament, parker bockhops, dinner. To, view more annual golf. To view more annual golf tournament parker = bockhops dinner. More annual golf, tournament parker. Jolie lopez, fundraiser pictures = click, on, the to. Lopez fundraiser pictures, click. On the to view more annual, golf. Parker bockhops dinner nd time. To, view more annual golf! To view more annual golf tournament parker, bockhops dinner. The to view more annual? View more annual golf. Parker bockhops dinner nd time around. The to view more annual, golf tournament parker bockhops. Pictures click = on the to view. To view, more annual golf tournament parker bockhops. The to view, more = annual golf tournament! Lopez fundraiser pictures click on the. Jolie lopez, fundraiser = pictures. Golf, tournament parker bockhops dinner nd time! Lopez fundraiser pictures click on, the to? ------=_NextPart_001_0005_01C72A81.13913660 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D"view"
Click on the to, view more annual golf. = Parker,=20 bockhops dinner nd time around.
On the to view more = annual.
Pictures, click on, the = to.
Click on the to, view more. Parker = bockhops dinner=20 nd. More annual golf tournament parker bockhops dinner nd. Tournament = parker=20 bockhops dinner nd. The to view more annual golf tournament. Click on = the to.
Tournament parker, bockhops dinner nd = time.=20 Fundraiser pictures click on the to view more. Golf tournament parker = bockhops=20 dinner nd. Lopez fundraiser pictures click on.
Click, on the to.
View more, annual golf tournament, = parker bockhops, dinner.
To, view more annual golf. To view more = annual golf=20 tournament parker bockhops dinner.
More annual golf, tournament parker. = Jolie lopez,=20 fundraiser pictures click, on, the to.
Lopez fundraiser pictures, = click.
On the to view more annual, = golf.
Parker bockhops dinner nd = time.
To, view more annual golf!
To view more annual golf tournament = parker,=20 bockhops dinner.
The to view more annual?
View more annual golf. Parker bockhops = dinner nd=20 time around.
The to view more annual, golf = tournament parker=20 bockhops. Pictures click on the to view.
To view, more annual golf tournament = parker=20 bockhops. The to view, more annual golf tournament!
Lopez fundraiser pictures click on the. = Jolie=20 lopez, fundraiser pictures.
Golf, tournament parker bockhops dinner = nd time!
Lopez fundraiser pictures click on, the = to?
------=_NextPart_001_0005_01C72A81.13913660-- ------=_NextPart_000_0004_01C72A81.13913660 Content-Type: image/gif; name="view more.gif" Content-Transfer-Encoding: base64 Content-ID: <000301c72a78$b1ccce60$036c805a@HOME> R0lGODlhFAKwAIfoAAkAAIgICQdxAHWJBQgAcoILjAB/fsG8xcXovaXP60YbAFgeAHwXC54mAbok ANYhAAg1ACAyCTtNAGhHAIhAAJI6ALY3C+g6AgBpABRbADJoBlxTAnJZC5llALZqCu1rAAB7BB1/ AEF4AFp6AIOOAKtyAMGCBtR6AACtACWhBDKWA2qgBnGtAJ6hALmmBd2pBQCxACvNBjK0AFixCIK4 AKCyBsK7DOu1AADoAB/lDEXuAGfZAHvmAJjWAMTSC9PcAQAAMSgAQUgJSFQAM4kASpQAMrkAMesO RQ0rShgeNjcVTVwXTnEkSpoXO8osPeYsMQBEOx5KODE/Tmw3S386SapLOMk0PNExMgBhQhVuMTFV OWpSQHlSAKVUNs5cOe1qQwODSSZ+Rk59R2aGSnZ9SKOLOrV5PeR+PgCdOS2bNj2TQWKbRIuRQKqn SrysR+ObMgm1SBKxRkiyRFnLQ3fMN56zSsyzMd25SgDoQxLkNj7mQVHYPn/RP6jhPb3ZRObcQAAA dyIKgjMAd14AiYsAdp0CjLUAieQAcgIfeCMgiUUjiG0YjYwbhJUrhbshheAbgQA7fRRGiDM6fm5A dYo2eKQyeLo7f+pHigBXgx1ciDNShVlVeH9qcZRZfbRZieFrdQCJixp+ezZyjWqNf353dZ9ydMiF cuF+cwOYhRWmd0eXdGCnhXmbiKSsdrWigOipjgDGjiSxhEzNemzEiY25hZ+7h7HBeN+7hADrhxzb d0rYf1zlhoTXcp/mh7jSdOHsdwEAzh8AxkYAvWIAvYoJv6EAzLMKyOAAwQATvSItvjcXt1gXuHYT x5UpyLkusucixwA/xRZNzUMzxlZKzHo3zKtEvsNOxew6swButRlUxzxZzGhVu3pXupRqubNat+dq tgByuBZ7xjp1w2R6uH17yJWOzcJ2xNV1xgigui6owjqmymOgw4CWxKeXtranu+WUzgPCtSy8yEez x1LEy3qyt6HItvL55ZiXn4eMjPwCBQD/AP/9AAQA//4A/wn/9vX//SH5BADq0VEALAAAAAAUArAA Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWI9jJq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOkF6NKnUq1qtWrWKU+3cq1q1euWcOK HUvW4dezaNOqXcu27cmycOPKnUu3rt27ePPqtei2r9+/gAMLHky4sNO9iBMrXsy4sePHkCNLnky5 suXLmPEa3swZZebPjTuLHk26tOnTqFOrXs26NUjQsGPLnk27tu2BrnOLvM2bru7fwIH2Hk68uPHj yJMrX868OeLg0Fs6n069uvXr2LMjj869u/fvI7WL/x9Pvrz58+jTq7cKvr379/Djy59Pv7790uvz 69/Pf/H9/wBK19+ABCYU4IEIJhhUgZYBAABzDkbI4IR3RejgQBZeiOGDAmloIUMfdphhQxlK+I+G IlaF4okPlsjhhgWVGOOLMoL4IosiejjihiHmGKKJONoII4s7AknkkFopKNhUKOqIpJNILtTkjStK eWOQKRJJ445CBlnljGBmmeWKXxpE5pZPoilmmUBeKJKDH8HZUYQb0ZmRnEoGJ1UAASDEJ0F//qOA AoISCmifDQ06UKATKXroowItsMBADTRAUKUkcgjlQXwyiuWZkU4akaMCkcooqFgGKSmnnQrkqZ+I mv95paut/tNprKRSeB5Mg35U6Ua/2vPAsA90xGdJ+eSjUa8rOeAAR8xmFO2xGTm7koXLKgASttl2 6xG1J4FrD7jgRmsPs+YyGyy0g2p7rrshmbuRuBpJKmlG9i7gbZ7ASZUrpLQK5KwDB/2b0IrEEgvR v7feuiiuhjYacaHtkrppw7Gy6jBDGDPqccaBJkuQyLZiLJDIKOfDMaIbd3yyysmmPJDButZMkLMC D5zzzQRraRDNB+GMENAHkTzzxKQOS1CNDq346kBK/xN1oVQ/9LSsS79otKeBcs1yxg/TenVBuTqK 6c+EVlz1P0bb7DallsIt0Nlzx63ov0QXNHaqC9H/HXDYOw898UJCCzR1QfmuGuriDu0N9QMETa14 qhqWbWjhI6vMdsyJRuxo23L/c7bfb5cOcNexfvz36gtNPvk/r/cd99EEWTzr4w8dTnrggdO9O+uO 8/5P4XSTamrqsZY5tcINJRx17KUa6qjtpo8nU8XoYr+RtdU+aw+3IQ3svT0MlG/+SeVzxH33Gq2/ vj3vi5R+++Jz/z7382eUP0clkpSuu9zCHrzeVbGNCNBd7osfSlwkrQE2cF/8iuBozMcAjUDgghiU oAY3GJLqPYaDIAyhCEdIwhJu0IMoTKEKV8hC2JhwMC2MoQxneJEXkpCGOMyhDnfIw7HY8Iei6aEQ /4dIxCLmEIhIfI0Rl8hEuyTxQE2MohSnSMUqWvGKWBTIE7fIxS568YtgNEkWJRLGMprxjGhczRjX SJs0unEjbJzNGzkYx9DM8Y547GId98jHPk4mj4AMZE78KENBGvKQKSFkZBDJyEY68pGQjKQkJ0nJ Slrykph8pCI3yclOojCTSvGkKEdJSiKC8pTcKaUqV4nK+OCpJBec4yrjCAYwRKSWs+RLK0lDgF76 8iW9RAkQgHDKDGmkfxoZZjKJaY9hKnOXfgmmRqTJD35kpJrHxJadvmfMZTpzI9K8EwAkiBhgAGMg 5hRIOtV5Tna6cyDDzCVvyuSlLbXoQhpypkDi+f8PfvYTCOhsp0CqicWUhJN/48ymOLnJkYNCsy3m 3NY2GUpROWHzmtakqEZfWcmLzimhC23mNxH60L8gMyPOZGZI5SSncEoTT3h65iU5qtCaTrSmJQ2M R8FX0YS2lADTBOpGQUpTBTFGR5uq55foKU8n1uSVHJWmVIUq02fClKggFSl05kklDvWSIF/FUZWY 2tTMoEogYR1IWNdKAB+dyUhn9eSU0NpWug4prmWVDdPElNew1Givc/VZXzWjk6KKcLCIzVpii5NT mCyWsY2NrGQnS9kRPlaLlb1shW5HnMpuxbBDgRNUs3qtrDKwK908CWh3stqnYEwk9/KsSNaVrXb/ xauAGqmUbk8S2/+1BLcZoVdXyBUAlND2JbF9oEbE1dqmrOu4M0lWK51XrHdBcF7FDW52iVuS5PqW gLY1iXSXm92OJI4jMdPIeP3nQJY0F7zTulWzxmddnIb0LOsdb8Ny2wD1xkxZ3RsYR4RrSfnWCask YSmCSQKu0WaEWA+uLklo+1rtkrde+rpXcoFCYPWNT4Hwo69H/mvAAW6Yo/IaZFSMZyjmAe5LLF7s fxEnKtjVWCEkC+xCPGW56NGucWCr3eAMB7mA/Sl4ekNU/Xr2kLwBrmQHUdz0pEfl0AnvS6ALC6+0 p9zteW+9GhlWmCX80E5x5Ln9FQlzeRoScbk5/7sJNImYPwLi9fYKuCWhloBDXJLdMri84KJuRoIV LBC/cs0dSfFN/DXktd11Vi57bI/KNxBKJ8TFUGZdQvzGabt5rtEIgV6UhDc88ZWaybITiKX/sWqF ODlMQVJd3fzWI9HNztHQQ/JUYFJUmnIvxfvz8C6txT3uxom09U12+ESsYPo5uySvzN/+MvgR+XaY I7Ec6kiCPZLsAdCneBKfR0B8EkXbRCoUoMBBWq1qBgjkggaB97shoNi8wlve8v5Htu2xb27zGwIW BPhIaJrudG8EAwhPOCwxuG+GCzwjBgdJ+iZewW1XXNoVDwkFzzcShz/c4xqhYMgvnvF9ky/jGv8d OVoQ7hGTZ0QAAgg4te2BgprXvLEg10jCWa5zDMic4T1XeElgThKe48TlHWG50n0+8IQa3ehHuflG gB7wjUg9I1CnOQpk25r38gTpHsEBDnTi8Ydjnen2EPpIxP7ymLddKWCHSdzPrVmGGOXqR2G7SPQe wazHZO50r7t+8m0gCcIABjY5vHAEz3jHwLzxkDcL1ydP+fZEvjqVF4xMAeTQzD9RKuYM/ToZQtCq +PL0dR0LWcsy+oKktTaeP43XObL5mXQ+J7UHyknZDMXL02X1WetRNYf/6IcsVfjD5wePgIR6tZ5+ IKUnS63rDZnYb0YqKfXnQXRc76RaSSEa8iX/QUa/Th1X6fVief72OUsQ65/Rosm/b69BevqTRFSi GCVpSD26U2T/5Kb2ZRq+ZxzaB2sognqpN33fNyM/ciWB5SKj9ntGwlcDSEM1cXvyl1AuJVTcNHv2 4FBXdV8ZKIIHZhSiRVoe6H5PFILHJk7g5oIlqFooCG4vGIN2woIpl4OFNU4clYI21FcxkVrHBj4n pYNvgmzIRFO7x2bb5IOlxVNFqIIP5YRB6H9NQYVSqCSSAXxiwYV64YV/lIURhIXuxXtieIZoWIGY h0pq2IZu+IZlgYZyOId0uEtweId4mId6uId82Id+OEt1GIio8Yf5IYiG2BqEeEWHuIiMGFmJnngb jQhHjziJkGV9lHiJixSJmriJlfSGnPiJQISJECGHorgdoHiKqJhKpbiKtpGKi8iKyeGKsngYsFiL ljGLuBhKiZiLvNiL8GGLE+GLOAGMxFiMxtgfwpiMyriMzPiLx9h+zfgXzziN1FiN1niNmBGNjoWN 3NiNYqGNi+aNmQGO5KiL4niOd1iO6qgS6HgQ66iM7RiP1VNS8liPExEQADs= ------=_NextPart_000_0004_01C72A81.13913660-- From frank@parkwaygardens.com Thu Dec 28 12:24:57 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gzyzx-0000k7-PV; Thu, 28 Dec 2006 12:24:57 -0500 Received: from i238181.upc-i.chello.nl ([62.195.238.181]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gzyzt-0003Qo-2C; Thu, 28 Dec 2006 12:24:57 -0500 Received: from 12.180.200.4 (HELO mail.parkwaygardens.com) by lists.ietf.org with esmtp (N/7N8/):5WA* N61,*) id M6784T-5D5R-Z-E( for dnsext-archive@lists.ietf.org; Thu, 28 Dec 2006 17:25:49 -0060 Message-ID: <01c72aa5$37a96fd0$6c822ecf@frank> From: "Blanche Andrade" To: Subject: Autodesk Autocad 2007 ready to download Date: Thu, 28 Dec 2006 17:25:49 -0060 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000F_01C72AAD.996DD7D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-Spam-Score: 3.6 (+++) X-Scan-Signature: 3cb75504e283d08ef0543f38ba481a75 This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C72AAD.996DD7D0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0010_01C72AAD.996DD7D0" ------=_NextPart_001_0010_01C72AAD.996DD7D0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Looms in the air, deliberate and slow,Late February, and the air's so balmy= and the numbed yards will go back undercover.Comes up with as a means to it= s own end.Blurring the terrain, With a hand freed from weight,Bronze the sky, with noSuddenly, in a savage,= dreadful bend,But snow has gathered there, has piled up,XV. The Internatio= nal Circumpolar Stations: The Greely ExpeditionIn the sound of the snow. Wh= at the countlesswill be penciled on the coffeeshop menus.snoozing. A school= girl on vacation gapes, ------=_NextPart_001_0010_01C72AAD.996DD7D0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
3D""

Looms in the air, deliberate and slow,
Late February= , and the air's so balmy
and the numbed yards will go back undercover.Comes up with as a means to its own end.
Blurring the terrain,
With a hand freed from weight,
Bronze the sky, with no
Suddenly, in a= savage, dreadful bend,
But snow has gathered there, has piled up,
XV= The International Circumpolar Stations: The Greely Expedition
In the s= ound of the snow. What the countless
will be penciled on the coffeeshop = menus.
snoozing. A schoolgirl on vacation gapes,
------=_NextPart_001_0010_01C72AAD.996DD7D0-- ------=_NextPart_000_000F_01C72AAD.996DD7D0 Content-Type: image/gif; name="wgnx.gif" Content-ID: <006901c72aa5$37a96fd0$6c822ecf@4BFD305> Content-Transfer-Encoding: base64 R0lGODlhEALxAcQAAP///wAAAPX19cTDxff0/B8cMAQE/HNziOnp97Kyvc/P0TY3X56fr1dZcIuO pLm909nd8Nna38jN4uPk5XGLo5etwi+UmaDb3sP19+n7+t7Z1/z8/PT09Ozs7AAAAAAAACwAAAAA EALxAQAF/iAgjmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/IpHLJbDqf0Kh0Sq1ar9isdsvt er/gsHhMLpvP6LR6zW673/C4fE6v2+/4vH7P7/v/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJlF AZyca51LoD6dnpCiMKSnK6kBLqworLGkL7KyXqpZqUKlm7xIuDq6Qb5pwCq1xCXIx7UmyLG0z69b xlbCP9XYyb2to7NA2WThytKwz+bLJNLXLOvsWONRoPE09MHbRPaonvox/V323r0T8Y1gtYIAEEbb 1y3FwCr/QvHDhyNiDYsVKV6c2LAHxlwa1VEEpjAhyZMh/p11bEGvJJWPRma5zLhyV0ptNW/IhOnw JpiWIXEdTDY0Z0+jR135ZMIzH6+mJ6AqRWqT6oxTUslZFQPUqlB8KNFF26qSrEmzTJembRguG9Zm ZQMWdPtQ68yz6NAaZKuRLl9bcX3Wtdv1qdpVvtom7nvTolyq09pFZva227isklf6TboXmkjAeXUZ Sxd48ojR/74i3dzZNOmooEsPbpZVleKOt1ke3js19OCzsQnv/HtUr05irGH/9dyaufDgwKGvKxtX hmrOyk/DbW5a+/bPr72fu4ebcXnIKTEWVv4dfHvuzJNz04qdOv3A7vGLJ6r6fE6F/V2F3EgE1oSa bSUB/hggYQzuZ1x9eNWXG2IP8kYZWAuCp99+7i0nVkzbFAVhhHZVd1+D3n1oYXafcWhdiBiuxt9/ KGl2oIcqrpgfTTaidx5lFG7kTow5AgfhjT+aOJ99TDapY4ostsgeOUA+mVlr9cBolHxWknhilytO CKWSNoQloXlBZjlkT1WC+WRRSX45hEt0Fuikl02KieeJd2XXJ4U0ajmimSpi5qWeakapKKJy+uNO m4rqFueihDolY6CDzgipnkP611h3DI2455ikuklibQgx6uiWaJbaqJSJouhbeBdO6uR1R6x5p6uV 5tkqfLHR6uBuw0I3qpW98kkssIv5WKadZzpb5IuB/po33ayp/vrmsgLqCuudyX7LqbfF1vhbcdd+ 22i4Y0b0qKvqjiVtjqqaKmletY7XYbDahmlovvrCi6ym0W7KbXjf/MleugLvya6/xqWD4LwMeaVt vceOVZyogE4zMaQQ/xIUwZE6fPHJFS4cp8K7xsulyfOmJmLDGW+cJr390tybzS1fiDPFndnLQ1ev DmwgyganXLB4oV4ZL68kRynmuEBnZtbMT2fc1G2sRoy0qPP8y7GccO6KtcAKXkrzxxrufDOYCQoa aXJ+9YivvBqXfHbRTfPMN9tTZl1nK2LfDWjbJb4a94zVJv7lXYAzbbWk/gX+9OJ2U9r1gFqiJTPj /mQGPS21k4e+7eY9Ni5brktN3Gy47DyUbdqcpx56jfe6HV2HZs9eu+2S8+54dFcT67vhRo5O+uEb ih68g2SCujvrnv8uGuOuG0u8dAGXm7blY99KG/avG1vOc9yfb7X63sf4ns66+91+td1v79yO3FRv fSlIpi49sKMSFrOOtjmfTcV/ougf+gp0P+8F0BaFYZgD0fUbqKxHZZAbH/2GI7+qrGphaBvcYwxz qQgSCXl8G9014LRByo0sdu4jzvrYJ5wDpodbWTMd9DrWrNA0rHCaCKIQhQjEIRrxiJFgGRKXyEQi 4rCJUIyiIpQoxSpa0RD/u6IWtziIc3Hxi2DM/gMVw0jGMprxjGhMoxrXyMY2uvGNcIyjHOdIxzra 8Y54zKMe98jHPvrxj4AMpCAHSUg+FNFSWjhkIZH4RPKYQZHPUtoiuQhJp4mjkR6c5Bwr+TauYHIY n9RkFDkJsjCQcnmihOMplXeLUOIklXFcZcl+4kpvSBKWTRRWFm34Q9mdkEmV2VsNXfipyuCSjQh7 HzHDtsHvzfJUHAEVCysoQPsRrpbH1MRraLjMBrIPSVKT4AMFKE5rejGbXwSni3i5w3VOz2hRm4xA sIe/52GpnrtEZzo7p0Ow0S56/DGJr/jpMtwhTnz00+caD8TKZzpzoCoRqLpmgivBcQ5kZVNo/hof VrMcHupr2vlo5uZ20fBprpQaDSNHH5O0lkKphzmsqKn0AcOqpRSMKxUMSEnKl5Aa7UglZWXAMHZT Lea0eBRD1Ft8CjOgjlRvDCNqUa141Pg9rl9LNQjU1DZRrMIlcj2bKlWjFlaPgnVdHBHJOJ2awgxd 1aZivWJVc/ezUoaNSgwtkkwhurSGxnWUcitr0R6quIngNbAIbdleD3qsMf7ViDfqJwqdR9nKhnRA Eu3ZYjE32H9K9rFQVOc98dbO0b5TVqeNaVDdOU/yAdSxoA2ic7g5w/QpM3l/gxa8aEuuAcoytoFw zW15yEwMXgaxuX3qvur2iv4VF7hb9CVs/jfEXLLk9Zl44toNa+pDoUH3u+ANr3jHS97ymve86E2v etfL3va6973wja9850vf+tr3vvjNr373y9/++ve/AA6wgAdM4AIb+MAITrCCF8zgBjv4wRCOsIQn rMcNWNjCI8AwCTZA4Q6fQMMZ9rCCQYyCC5MYABwWMYJTXAITW1gAAjgxi1W8YhPDGMYcyDEHZEzj /7r4wiK48I1xrOMcy/jHSE6ykk+8giT3eJFL3sCQpywAHR85yljOspZd/ORCJpnKYL7xlbdM5jL/ uMuEDLOawwxiDAtABBx4M5BnHGQgoxjFb34zipF85xgDQM8c6ACGdyzlDoggxibOsJRh/sziGdv5 BU5Gsx8ibQJHv3jNmGZ0mzksaBj/mdBn3rOGpUxqTfPZxIH2tIU7wIEgjyDQGa6ykVO8aEQjmsuS rgSl66zkTPt60wAwNIwVwGtc7znDrd5Asv9calIbGgA5hvOOdzwCVgugA3qGtotvTeVaC/nWxu7B rnNdhkQr2sY6JnKRc+xrMW86xR1gQAEGIOhQf/jGrQb1ma+N4lYf+sLUlvO/q4zkOMd4yN5etJnt 3YJxkxsNPx5ykWW9boO3G9HnhnMDAuAAPNOazpXmsKr5PHJoXxvVAI/ztBcd6DgjWdWmZvTBSw3m hYf74Wv4ssQnTvF1X/zWioY2ABRQ/oADNKDTfsawnS88AQUImtmi5nKyJ0D1CZDA0Ds2dKLrHWs5 P/rFYAf7zH8ObizjXA02xnS6yZ5pYHegAw1oQAKKrnBl69vFA2jABFq+gXr/mAPE3gADNl6AojvA wtHG8aptPWp8G7wDE7D2t8VOc7a3fctnz8LOfT5kVlvc8jV/9585zoECLEDh18Z22aWsgQKIYAKc DnOrBdCAAjBAAQMYgAMKoAApM9sBCzh8v/uuAQVE4Ok4rvIEBpCAyNta5s1e/ZJBj3A+Z14KtK74 2qcM6w3A3upv13Sga31xDptY0AwIwAA4cIACwD7OAGg/pzmQAAcEOgEHWIAGNCDo/rf3Hc7Bpm0O EAAMcHJVlgAaoGzetwEHEAAHcGj+V3uF1wAHkAB/hm3M5wB7d2nkR31jV3ke2G4gd308kH2s5nk8 N2V953t2x2rQ9mwRQHZ8xgEUOGwFkABVJgL5twEaIAK1pwET0H4BEHcJ8HTAVwANwAATIACwNwBF l4Del3Wz5n0L8IOjRoEKoAAJ0ABVaHUKQH8aSGiM94FkGH3RF4IeOIIkqAPZ13Ju+HlDpgBx1wAO oAA9iGJPB2syeGYKEABIJ3+LVnt5xoAFIGgckHf7p2e15wAMcIT11oCw13/jB2s7xgD6twADcG1Z l4QHxwETEHc7JgD7x25ph4Zm/oiG5beGQJBiVXaCnMd9rVd4nICEDpAAuZdvcIhp23Zhc7d4c9eD 2GZ0HBZn7Qd7olgAWadsN9hyTsgAORZ3Cqh1/hdjcQaKFIhsdDh+w+aA3ndtB8dtZRiOp4iK1KeG qngDbZhjKJiLssZ6tGh0BRAAppeEHaiLBRd3A8B/gbYAFhiMhXhj7ed5CnB67GaJoohjwCdlC+CM b+Z35td/88YBBsmEUkaPcRZ+xbiLHGiKZEiObXeOPkBrrlhxYOZ5G7AAB2BtCdgBC8BxyvZzHwdj GjCEXCiBptdygLhj7edyWzhroAh7Cdh62CZ39UaNzIZhO/l2BQCFgnYA9od3/gFQhEUJjtAnjlbp kWxnjiBJAybYcijIZp4oAAXgANM4AAtge0wog4omAPn3dqy2fzvZdwF5YcV4bU4oZc9YADFWlLzX AQdwAHuJeMH2dBPAcThWdLBnYTVoYVRnYShJbXUnZhx5hlipZlq5lTLAitrHblR2kUs4lni5ew2Q id+YikEWYw5YZcknAKnJlqdHjXEpigsQijTYAEbGAQm4jFy4gibncTyofgh5AFlHew6gmojHkgfw ku6mmlZ5ipRZmaaJmTlggiPJjsmXmyk5d5iojqqXipyGYumnAARHjQIwgMombxemAVbIg3p5cGZJ kTGmAfonAANAgAAQAUIH/mso1oAUyAAJMHcFWI0MQHNxVnSDWJoyF4LjKIIICpPSyYZBFmhvt301 138LmX4NoAG42Wl7d3GGGGTqeXQAd2EDOABUCJh+KY9UJwByGJgzmQAs2JZMiIQyiXETWnRcWHjx 2ACIloSQN3X1WYDhJ5ne1pxXCZ0i+KDTGaHVuWaRB23xiImep3j1iGnM5mfFh3LKpgAHoITsx4Uo 2X4m2ndjmXsxln8DsIR5x6PYtnsD+np3tgFE95YdAJdLqZj2x2g9uHsa4GkNWqVZ2ZEMCqgfqaTo eGgS+pVq1oS1l5LXFnk/2nc/528eZ2RjaHGspwEJ4HT0mYBxNngU6Knt/hd3SPh48VaFCbBj6lmA Rsd9zVhldNh3/kd0DeB9wUakuOqcR4qkv2aoh9pvE0qhYCaaGgpjxmiIxXpxs2d+2giZ0GZkSKdj kFdoklqnO7aEgKcADEBvBKdyeSeLpkdvtudssvaXyuaUkEmrved1fzqZY1d+DRqdvjoDXRmsa1af Gap4j8pqw2idYeZxa+lnUWeIsqZ6kspohDatPHhjqnetfdoBA+CUDNCnDHiRpPapCwB5c2h0Nfmw e/d5laerIhuvvMpm81oD1JmCJTmm8Yl7sSqKs+ehmgl/eOZq2MaBWgpqqceYiLdqqXZ+DHthnXac 78etmvqXtZiqBCdy/u3qriDYdiTbqydLr0F2gvYqe4YIqvGIhDDqad3pa39Ws8emdM8mdMOngGhb d3gJdpaKeNC6kYGpbHiGrZoorXHGlP+Hq1U5sgtasro4tVT7acHKmWAWaFwqj+F6syennOXnaFF3 bkq3ZFEXcaS2i6u3t5fGZggnfZlbjoL6a1FbqIALA/UqrFM2AUi4fo73pJq4hxtGYpU7Z5NLZjOH ZeD2fBpZpKhHmXy7q35rsqNLukw6kmsmb/RmsYbYoaEIk41mfsZZbDbXa0L2ZZXLbZH5rtD3ck4b ujXHvWt2mcHbYogqoaZLZMJ4cksoft4bemvZvNErvZybu2MYu+AI/oK9e7/r+7vgG74hBqzrWLg5 9ouSipe2+KhMK4Kj1rMv5nLv28DTS784i721G3HbS6jda8Hfy78uULqEy32HiJJpyqULcJbC6Wnp O6h1pmeU58CWa7sQ/MLPV5XhaKQj+7t/q8EskLJTWrgwNnekMJr6qKEm17gx2YrZdncsbL1RpsRM LHZEqr1p+Lmgi8GWicM5XLXk28GOx6K1t63cimiEpsWXZ2Ny2oi353Vk3MDxm8bV+8BjKMFmiL99 u7k2zGhW3GSIOrgGt5kwW7uHWIBWl2qNSwLXNqqk6qmJmX8jfAAse5SN+IWiZr142LMOqZHWq8S0 q6BOLIP5W3N3/qwCHLzH2tdp2AapbKl3m3rCCLxh9Ke6GvCX1DYBI/yfZnmD3Th0Olp4xNYBtEqB SZuAwTZnZMx4sRt2cry3NCzFdSxmn5wCOsyZmwmFhLZ88BiPA0rFU3Zuy1uJAUBwc1eE6siFWYuE TpcAs6yYcXeWUXqCe1bJzdbGmJzJUfy0gwp6+6vBMzu4spdjy3eESKij+2fKP3duxtmmtXqMwgnN UUmmGcuDuFl7neaGrXfQ/Te7aVx2l3y/x3yGnbvMdtzMHza8KrtzHVB4f7mtOeYAwrlqXwu2vBZj E5CAfQijG5AAwGmMfeoAPCqUqqmhcFeEB4eBflhoSTfMbbzC/sWsZdsbqNjsySBdaUz6hmv2zVMq ZX/Jzmy3lq1maEF4dKw2gDfrcvRZAIJ3dAbIaiipibIad5oYa9NnzMaczLsr18rs0ffMv8/sr2yJ jJoIhHKaiW93q4MsZJAXbLWXiTtm00W4gKIobxyg0lmXrILYswN5s4hqfkYddhO8xr2moBIMr03d bU8N1XiYxXrthJHHs0tosNbWbkg8fiw5bwPcesmpcBK504XocjoGjT4rjLgYudSb1BlNwxv9rh1t 16MtvoL7v1vMsP63fwE9nN5IdqdJ1HH3fkI2d63WpzB2g0xIgNXKg5zYf2KZiVk2wZQL10rt2fQ8 xfac3BsW/tWKSmT41n+7l8vJ2X163ZmYTXw7ygAM0KUIKKcoCXvB1n76uHErqWy753RyC3xQqMZx jb90raserYLw3b/KNqE7TN+Kp54LaYuvfIM3i3SuPWd1yojVLI/8twHfioSzjGh+eYP816guR3W2 N4VL/NZJvd7z3MkqCOQYnuF39mmmvXk3FoQRudpfenDGaJrUKXkyvndvp9JG64mf2glLCdsSGQAf u2VrPNx8W9w0d9zLfNfhm7IUynMzCcgtfoi1anUHm6Su9m2tqMCifLN2noX5iG9VVoVLe9483uO2 y95CrrdZSeRFvuFS7XikCHzqKKvxZpv1tt/cR2u2Joar/jbArWusPAhwcdt7gjZ39Ebo6R3cYn6V ZP7ZF47mwZvXq5luDEjp1LhjoCirof3RtQZqhGZyCmyIfrezL2aIiimcFS3o0mvqS2zouY7oaknk InnkzMl3ApB+/XdhTojlwzjQCfyQYexnfud3n5ZnQrdtJd21yabUg17hq369F/7RGa6ZegzAojiE dqiFLYmD0ZjrTBbf5lfnvBZyY+t9x/t1LLxwS83Jzc7M0C7f5duOA4m4Rbd+d/tmqnx5eCy+Stdk zkuxsHvwlFfhIr/wHunqowvrAPx9Os3I7BZ+wvbsGW8DPatpkAvyPu657Q21JC+w8T6++ix7B5uo G8ph/hHQ7P3ev3EqvKfJbNpY8w4s1+2uae/O8D3vvyMtcQsIsfKGuAHAj9B28fYI1eZo8mG7wHIL vTZf6D9O8jkvuvAdyt8raE7Y9baYd/J4vMxrBM4bttmW9iP/9zuPimQ/tSgfZla3ewfwhRJ6jLVq 9EjgZsdm0Wnf2WtveW1/w1Xfd9JeuDwYfLImc9iW43lvBAcXgO578FAP+FI/9Tz/9nnM3OqGb1UY 0YWWamw9+kQw+SGv7DpX+Uz93g0PrI0e+/FJgC2X2pu+ew/fbYOfmbpPvap/zKzf+sld+BR3Y3OH bSq34f4nby3t9kLw/GUozzh/6DKc6MFfsPPdc1Zd/qvYhnT+V5v83vwx8PzQP+aqH8PvTv++quYd vH0gcDSbxpndZm5dwQicEMszvW0Anus73/u4LSgcEotEwQapNBppzqczKYVSY9Mq9fbbcrveLzgs HpPL5jM6rRZrUx3O2zQzwZCJgua1knU6mkPfC5aMzVoXE2KiDVLRkuNU0qMk5OSg5WWUoeYmZ6fn J2ioZhvcW9ycXIxGAAOcAIqSwISCTJ2llqiibhPl7iImFCWwVewwkihysvIyczNom2mc7QtdZMMB RwoHAPXGhHfqLW6obzlTZW8vuiSjsfvTuLP8PH29PafWSx/dNGoK0ptvrv5pw1RonjkhSxIOeTdD /tiwK8bi3ato8SLGeqRM0YFiQoMDBhpsTDjWJ4WGDsAOymPoUh3Mdeoc0jyW8SbOnDrXbOTYj8aA AgEKHBigIFIMlTgi0nu58CVShxBXFmO68yrWrFoB5DshzWMMDgMOCA3QwEECFCgARFhJcRnUhJNi 0o31q6a7t1v38u2brCc/KjC+CSD6p8ACxA4GTOBmUO9fl0+d1pxqsOpKv5o3c960EU5Hj9kmcFhw wEqHAQ2EYnPbNG45mbJj4n0HuTPu3Lp1AD5FRWU2oi9ICwja4p/B15JhR7XtaCLm5LunU9cNrVTo J9lQcCAq5U6AA3l+VmHpLC6jXXNnV2pXe2L1/vjy+3bdl/0J98IJBDgoQFRlB8RhkgERXDF3oC7s pVNJBgI0+KCDETZIjFTRYVHHbfNpuKE9n32VBWkbLNDAag20og8S5FFjAgFWbEBgEAYiOGMjl1mG FIQ5Shhhc+8NIkeGHAo55F9AYOcbFI1tAF4DA5SQHgcCOsEPHQTCGKMRXGkZ5A40erkBAUGEOSaY ZZIZZnqywWPhLUS6+SZcS3l1Hw3ZqBZeSkkR94ZjU1KpgpVDbKnlDzcYOuihbXipIAGNOvromJBK OumYSrQYw6UCZPrEpphOqmmmYcI5KqmdAEYnDQoM5YJKKdhQSiDa/clBg18mgiiisZVDZplg/kZq pq/BNiqsmZQ+mgGyySq7bAbGSsplqdFKW6iRPqkYwwQMlPSKACNpUwgVyP5pxZW2MgQjujakq+6L UhCIRKDARvrrs5D6eiwBVja7b779Bvpvuw826y/BBEM7LcII9xZOMN6gsIgGAwzAwAH7iTZuelJk mWhCMpr7Upi9ItFii1OU/NSjoGq6cqcynDyDs/YmPDPNPVxn37VRzqKBAhOT6F8AQR/QowniBuag xublcLAPTJsLMNQvOrjs1AI7OOzIKpOs8ppOUAoqyaLWPDbN9UlTx30caFCWfyRecwADAyzgQI8r Hg1Du6+q517GiBgYsq4XY1qjOH0n/VRV/ncRMpNE2hEEJNmRK1wtaKnQqWoCEvMTyAbXIBnWrC8A DEvSRwQuJq9DoBkFIiWvjqkSHjdUQ+KLNF5n6KjOUV423yotOfBELow2wwKoSjo1rQpwTViyhrYs BsxKj+yL0zNbfZlQX9+Q1DoG/L0QVl46PiOyR0FMVEFUdcKsxVsC2ooxBD//m11hZ3nxa4/XR0mv dsfAG/xEhwBuAAMDkMAFLiABDFwAAhOIAAQjgIEIQnCCDpwABiaAQQ1mQIMT6KD1lFW9EEpvhCRM lhEctTKRNcR9oKuGQhZnCY745FV2YRr9cuiXU+GvH6ugRTZSRIIXNCA/qGAfDJCVAApY/sACTGwi FKHYgChSsYlMvKITs0iBLVKgAl78IhjDWIELjLGMZEygGROoxgswEANufCMckRW9OWYgeie8ox2T Zcc83rGPy4qRDgNJHQ+F5nIBGIA3wDGaDSgAD3RqXwYuwMQDNJGSW7SAJbXIxU1isZNZrCIoQwnK KUoRk6bMJCdTSQEHrFKVrtyiAyoQSwaAcY1rbCMc40jHXeJRhIAUJDA7M7wX0mACpnnFHrjTgQMA oiCoOBuyLiDKaVKzmla0Jjazqc1tTpGUVXziFS/5Si5WYIvl7GIXw3gBjwWznZq52YdQdYejbCsF E0jAIeF3RPYl6wKU3GYoK1BFaVpA/qBPrKYnsYjQTwq0oE1saEM/CdBQTpGSFb2mBbxZzW5mtKPd 5GgFBOXOkW7FbEeDgkrIwgCuZEMBC2DFCn5ytw5EE6MTBSVBA3rTnVIxog2VpkF5KtSbXuBBIiUp UnFCSBeCrjgvJYoDVhMAB3BnW/sMC00j+U9s/rSJBP0qNSMKyoMKFaxe7Sk2NTpUUS4AoA2gQFHZ haVBJbWuGqmWT6oQCLEwc0QJgEGA9uGnWmRVmuCcplizmdOcjhWKiRXlYx9rAcZONoqSXWs224rY juIUaSI9lF1D2xI53e9ar4jVK1IRQD/Iig+02oA/JfrQslrzsmulLGZzy9a0ZrSo/ijERaJEK9w4 sRRnOcuGK1h72m5JzGJTuhQcagpF3DqUimY1K0C7Wlts4pa6us0sFTU7yo5ecrrlagNdh6teclDu QygNkB5WQBo4RCxz5OEAdGmlVdmG0rvU9G81bTtd6/Z3p+L9LhQPnGALtFWSViRjRpl4AewBMrjr vbCp8Fq58gThYXBwwz1F4pFL9UG6iq0mditbxcv6V8ADRjBmFdxEzco4gUxkIBQlzAgY8Sa9GP5x GuCpO6zG9BsP61+rVDJY0DUotmS15nWHCuCBbnPKBhYqjaPYVkvC0aCTjOuVlkYoIJM5yHIy7vvk QKUL4Rer0TzoY1MsSitHMcXe/nXxnGEMShlTk89U3CQDnzxZCgvBx2U+NBvaO+SLqZmpL4BuYfkr 5bByl8ovduxZ6QxjP1c5l2/08mRrJSgLI7rUXximj57r5v2CMs5nVbGmdRtrPdN6uglkoBox0NAp XuC15QLCmE0t7C3YD2epxp1rm6zQAgN01gR+dq2j3ewmvpWZDiVlA8A8akMPu9tiLu7Zjo0KSJu4 ukR9dZ5VjOJL41Tafa41F0nZ1gr8ttCg9Ta+v+2GypkWL22mRjQzaVl0R1ndAa4ysxPu7mhTAAMJ OIAbpbkAzRbVcLjKd75RLe6wkDuSgrb0wrXp7E2HktMzrmZbMeBEXTuYwQWt/vdBSI3xYQvZ0f4m Hk0FYFhZt/vEdQ450LGp8jEuQOIu73W8CnHvmXvbpIWsBd4m4IBtJZluyASAkr3WolTAduA//3rB rTzyF4896OB1ucvbqvYLaHDlC45rodP7O6aXeanEa+oGBhCA/QQIAPcsACJTWzdQZaAjXX9y2XU6 0cSbPcbhdWICD2DjBmiW3vHC1dzpTmZU2yIVqwA81rexPGzYIOtec5Dhc/pxg4O8seyeJmNj33gE ZxntC4ZiATBJedsXXdQxH3PmNY/hYn8lHEAKCgMWsFINTCA1I0gR77jecnP3nPXUz+5/Zw90tZ88 9w7I4KsnPlnPKh34wRf+/np5iDaoqwLwBwiAAgyUgBG8YfArKzyGAKz/b1JZrHjWvtnVHk6NEQVA nO35VtwF1/mh33DZXVNRAxIExQRoQAOwAhwc0wrsAacQAK0ACUGRlX/hlmStns8xHgCW3J6dHPel XAN4UQHkVFtRwLpg3gIyoGhxHvvlXQHQwpIgxmrsRyINXqPgX++oHrM5W2JR1p2doOPtFspVFhNV gMolGAJWmPnZYN0BQTR0hPHVwSqkhEpEjIiVxHZAwdalHpwhXKupIRNemcmhYNrFoVdlEBupnPiN X8bIXQ1iYV05nQvJQSONhECEQwewhWCgXipQl5y9ntdhWuspXBs64dlp/pkoXQMG1RHv0VveoBfH 8CGQOaBoNN83LEIfqAUc9EmdcGAGcM4HStojKl71oVskTqIcYtMbql3ukYgpiV/v/ZoC7qEnkpTG PYG3HMYCWEyUqICKJFHqrZv1odVmQeIsVhH3nRxPiRc2YtoBcFHLNVit8JgeBuPwkZaxeUQSJJ9Z CEWTJJJgDRb7xMDOSRgjQtlswd40WpOCZWM1wmE+3t5kuREHYEAHvJEKVgD5kdoviWMDatiiZQNZ HAAtOF8DlEASwIJ2ICLeKOI2kaAz3uPjUaI/bpOMYSMZNZwXMUACHeB5AVsnKqR6gSIUBIUDyIGS MQ+FaIcqsmIWCdhi/sGiPXokHC5Ylg3lRNWegmHAAYjfFFJe75EfDeKQS+rQMDqB3uUBgCSBCKzA 58xBvvBD1+UYtEVjIzIUUD6hbmXj42lW7mEAE43I9L3cZ11hVApXzS0jBzATCSAFByhAEW2DBiLb O+rcE/2fNvFkWVqjLSKmSNreAXoRXNnh0U3NXAEXMM5lIPnhNAQGBzBAAXxEXgqACIyG34EFESKB Esoiah4mloFkHAogQPnZgU1cw7ERhKEd3FlhS1qmXcGk3bwA8pFiNphG71QBftFKrOycNFIaNKpm CiomLYYkbGrZFD0RjfWiveUKVOom8Ewl/ozIUagFWeRBCRDGRZbm/lcuW6Ulp0euoGK+4VoR5e21 YAVsVeUhS3qw5NJkp3ZGDvHpDj9QYAG8jX+4wDH8JSokT0amG0+ZYNChJWuioHs65zQ13Kcd2AUg DY/dW0Lu50ipn2iIZwI8lYh1iwBEQAANlnm2nEB1VywyJ0juY1DeHnwmpoQKIIS1IGR6Y1zmJod2 qKJZDu64CrfQQUrcAAygIlcap5IxaIue4D7GJu+ZpbSlXEbxmv9RT4ZiZ48iFedlJqxoAAOE6QAA BHwhx3OlqBZ93cG5KHTS6EfWooQyZpxGEVJ2FEHV56+F45b6KFdsIf4c0QZw5lCoY4gMaWu941fW Y/ax6YM+p5z2/iM+yumjolEdvt1Kamhl7inZYOYREQJnNkBEkkUDYB0sLCNGmqYrYt96yug0PSli RqhuwdFAJR1+Gop+aurkFBe/dWoECscMrE0CeAPWmWmSruKSOuIzXl9qMuqbRqJmvdVhtRWv+Z4C ygiuttMwhkagFsA3aNDDJB8SNB+S1sKpHl5HMqtZRqck8hm7ticKSpMuTl8LYunvUea1BlN/Mkwh ZeUomsAEqEZFEiv7ISpjRRSTRhusapNrSup7NisUseV0TiHFFQim3uq9loqHQp0tJGWUFFkHMAD9 bYPpsR8RZgNBESa6UuOcSmlzypqn6ZoU+VaY0eDFChJvamtQ/oypBrkKiSTPuHKcksJjFHEkE7Kn o4bkwiXsP5KRWJHSbZYfx1hszcJJtobDBATow6RAznYLAAQRTqIpCaJsyiptUb5bjEqSeGHby+Up pk6tVGphafFqRSIGAyTA/IUHMgHHocJPoirrLMKowpblwg4ttbHehG2iHkqt2wrPmYUbNXAFMgXR Mj1VAwRrt1yldhSe3Xic3zIn2ZIt7bHsvF2AAijAA8BsN1VhvW6J4i6ukMAk/7iKBtUBRxiZoRgR DSDAhIBGJDVpynquNnlaFEleyGRp1Lru/HBewAKHViYBDNgJA7yKRU7J7hbNW7Ip6P5unRWg5BFU 6lIPbuYn/vIGT77aQv0pwAFQld4GSEyFJrd4RPXmnIMRrfbWL2tSXgNApldRrPm17vjOR8ZmA0s5 QGK4QEHsAYl8i4ogAFbRis4tp/2OrTXWXjnlWk/VW60ayP9KDiiOxlF0y/tV7kjIgg2IgCAY6Axo LoqwmvZl7++yJ5T2FxwxVrZdqpZu8KZqmG+4Clc8yR+MyADEwQaY8PRm7gv1bqpG8N9K4oOWJHqu bd7gJxD4Lw4PEtyWY5LVH3AsE91iZQPogYU4cPIo21gqsZ4ZZWvC6U490RTpb6htG2VScRXvBqfi Tke8wdr8xzVog9c6AQPrgwOfrBnT2uCGHDMVVRRlm1xx/iLrznHN8OYLfRhrLclqBKgKvK8TqLAr sPAgNyynFfJZRlhRRVydgS/Usq4cOzJuTCXUxZTnqQbpofAcVC+tIGcnTyIoa98YYYACsGXTamIC yqUq52ryuJcdw0KR6kNJcMd9xS+BXO8tqyDauXDgriyKuREF5G82F+6gmXLiDnPCZKwA2ZAb5EHp uQIU/DHvIjH9vvBQxXDL5haFChSoPlkN72gjg/O0QDINsFS4jqIsCECfDp4mvwEnKzE131RCB9it sVF5ORb4PKU+77MO25ySqRn7xlSfwu8RH6zgkhzQkW4dwSzFraSeTjTGXrExRwHtIpdWAlYfzzLo 0BRs/m1VNDdqyk6nFE4htV2oN1csSkdLHWNC8fyh0RQNEt90PNuvEhZIUI8NP6ea0Rh0JKlVJy90 pCLtYlozFd1z3D112VR0v9WE0YhOUis1V1czy0Zbr+UhWIc1N8yJzeHFGSJ1bKE1UGK1dTn1W4cz Q851TZyhQXOAR+P1GQtV6vZNX89MVPtIflmvVRt2XlOT2nb1hLn1YlM0uG3Yxu1TuaG1XrOmAEKq c3oTR1U2Z5FXRV3oUWW2UKv0ovlI5chREku2m2qTWpl2arueE4UTF/U2XPG1a6d0XKNZZ2OkXa+h bW9UanMUZ6ltZW+jOE33OFX3Jh2ABGzocBP3vq30/rEddaQpKLOiceE6d3RXElhu1UFZUidtkib5 NnBbNyfFNwVkd6ZuNwCL9XFPDT8EnKIC4CRh0iRdkXQLOInEmxUplC66EiudU3WzknxHuISPE3Zr N35TLTl6t2xPtX5RlkCJrTYd1jWp0jk55helUzk92PwGFSqRk4lPOIzH+CtBOCelb4Xf94VXhziL m34dzQXo4jf9toybkxiVUwXQUi2NEaVSahqV0XwSYDanUytBKzo5+CaxEpavEo1fdwF2uXRTeJeH OYO3Epe70o2nco7zRWO/x1HLwQWo3cTF+XMDtxfd0svSJq7ZkpIzOdMWuZ+f01s5pjltEpU7gKHL /pKhx1IsoVOiwxKZv9I2RrqXg/mVzziDn3mac/eRADZNTHWrzF9vA5UCXcADlNMBEGAMltPbEPkD SAAEQAAGvPoF9UzPDIDd3jquVwCu73oChGmY2i0DdJEEyNI2HrmhRzksYfmx03iWa7myL/sqSfc2 NnuNl7kqffmEY7cGZ/qo1OVxh46DJEDE/bgX0fg2lnqcBzpTThyJMNMDPEAESYAESNAGZVAElW7P XICtN1eu83oCOED6PsASpW+5M0BUHbvBG3yiLzzDQzuE23i0Z7l0PzykVzonbXl1Yzq3Y3hxO+5+ p0KYSIDb4O+6s3t9v7nbjAg6jTzlnToEbIAE/jAT3CgABMXNBUDQA02Qt07QBElArQ8Aqd86sVdA qSN8wnf5sZd4sDP8tKdvmUP4lk97KzV6lmP8xT/61GM9l9s3mm88Vqx5qmEIATwA/o6ICIyI22zR uzPlNbgNLSVl24vAAaw9MyXAvD/AYnwDsvy8rZduBNB8BkWPfmUABDwAxdDSwIdEwgN8ovv6kSs8 lqfvwke7o1e9wze75Wt51lN71qsStWu81zPuZm/lsUXFsDwA2pOI2Y88kTNTymdzoM9n3DNTAQJ8 ArQ63icABGQAAjxQBBA+BESArf+74scNvLt6Bgx7SLR6rxv844eEriP5sodpSCh+4z/7sT86/tVH fOVr/rJbPrSX0+RvOY1zfei7SfnuNw04ikuxPNubvQNIANmrfLuLwDVA+Fu9jdzHv6sPAFpIAAgg GRRFA8M4qnM4yfu8bOvEj1Qx8HsNinL5BYGDSwKFcqByDMrqCY1KnSzKgYLNardcx/Yg2YgB5LL5 jE6r1+y2+w2Py+f0uv2Oz+vNG/KG09HBMcghYHiImKi4qEhAYPhIsKHQ0LDQcNBA5ZVJ8fBQUHCJ tXCZeYV11YmacIPzMPDwtHAw8JKg0SGwgaAAofCpIxEh8RDx+1nhUFHBI/GLMdERjRExoYGh8TNQ lNDszRyelLKyKXW+oowepexEETa2Jz9P/l9vf4+fr6/WB/AnKGgQo4EECwpwtCHBgRYPKjyAgMAR BFmeQAUQ1YCTJiuVKFSgoGmGQwkTfiUAyYBbggYDNkzAJebPABcMHgD71KrVp4cIDjB4JmuhFSoJ flSbQA0p0gwYqhGzFS4qEhUpyCm5imQcA3XKunZlt4mCgpj7ypo9izat2rP9/gEUaDAuI0eJHknj QEBCgogIESiUwCBUgACXvIA0sLHFxysZa+yUoNcYAggQGEwg4DfCBsy8IjDwySJG1Vs6a+6sOcxH MWZOrDp0BTl20wxKI0RTAJnIhYYNwTE7kiP4VmZbizNTksLrcWXw+q19Dj269On72gIM/lhIrnZE jghk37V5EIEjvX5cfnAgRoGLoUStWLjQgKplVxwfwVnsQU1gqS8jiIBAgDNV5kBlOsSSAhXFtfIb MzfYpJ8SOagAEiZCtUbVMlsl0MMFw1AGIgQYUEaMAiWUENtOKqrIIQy8iZMBWdTNSGONNt7YjwCA YPfddj4aQggHGnAzgAYoEBCQJAocUBQl67FXWBPwqeLOAczgUEOBEHjTSjG3nBggBOM1AEwDD1GG AAP/McABelbUt0wCEr72okPtGOYVFhZWkomF8A2VRX3B8fZJbIZC8AwJEuBm6DOQDYCAjDdOSmml ls7TFiCawvWjdo/oSIgA0nQwXgJ//oAHgAIumLoBAwusJwot703ZwkLL6FWDJ6/VdMQLwLRiIkTF 5MUAMTZVNtkDACCA1YNdufaag9FGpV9UUrVTSSmXbFsJnwtlJBQqWHwEhWtPpKBZPJeuy2677vrh x46bdtppkH+MYcshYhCwJDeRAqDBSuxh8sSUDmiiQwwOeaQEorIkANkLKn0ZppgQXZwXxBL41IrF WyrTghNCqeDVi8ms+OIy6bDWpyWvwhprKZZ0262229qcbSWsOvduzz7//FyOgwQSKr0+BjmIGB28 sMEhAPBr5QDSIARYKKaoIMsMLGCNH30qHAAiMBEFWCKBNThKAEQSTUaAaTl5s5WE/ioQrDKtVChH 7YMNHfeEO2/SbHPg7QkGc3s2VyAp0Iovzjim8RJdtNEFIV200rY0vcvTEawa40EbCHuAKD5VxTfB zm5cgSpm3kDC2BARQwB6WCkRG2WfhwlZQ8mlsFMFhSmzNwSpi/zmJsOFg7Kd4RimReDOG04LJlk8 IYm6jV+PffZtZPoWp5IPxEEGlGcOAAcKtNR0HxtIoEQCGXRw2SS+BOyyzLUezHVDEnhkTgM/UeYI sokJPTpg0gtogIJCQUZtkwmQflKUEcAU5wEI2BjDoEAr+GhCFRnsIAWcZ7PBXaJmgFsAA/zBM+2p cIXX4173vjc5ygmkD+ZLwKfE/lDBVU1gAiXgYQS6k5cGWC1WF/pJDmTRFcVsTU2OiMALxISAB9GE BUmYQQsStkDK8KSBicoPxCZDsuTMYBOvwgTgSAhCTZTCAgYAoSgwQrNuwac5LKyjHYFmHXl5D4aK CJ8MN7OZCQwASboQAARm0gwIiGEXv+BLAB1wiZjJqgJYYl8T9jchW6UNM62IogQq6LAZfKZgp7DV fTr2jABhxnVcNFRDQFKfB2ACeVEpB/P6RIqbGaAAbdRWrPhXS5DR8Y7ELKalhAa5PfIxETIUxDW4 oYAOKGCHEVGVDiZAFqlVzxEvYdYbCxCSnyRwBQpZAbo+qZ8DouAAfgEKwciR/oJSROgIVvyWrVTw Ah1oLEW5K8YCDzWZEAn0k6784AJA4kZtYYFCVFioImNiPWNKdKJr4d6merTMPhKiex2IwPkQUIh+ QECH95qEIB7RAQCYADMxMKMTWFSDUN4iYsQ4RgUtmZcb9GRW9lzGJyjDgIyM8luAO4DMRugtW9Gg XL1SmJ1OwyBINgAxiFlAL1+FVY50Sz4ue0D1IOoPiop1rPpw4bwyyggZcoCGP1jrvgiwuRdoBkgK 2KYAACDICkZxKyFpxk58eoMaXOmTqszd1kQZRZw9oQGvmYirHDCBXgQMOV+zYhxvFkc+IXVmJeQW LUaYiauWQpJYfdngKvBV/rCmkKysbW0dhKZHjKIVSJRL32YGkC7PEWAC7dOMPzgwyEXuwgQd0MFW JEAwO1X2CZ8IUAYgc4yHsO9rtaJg1gj2Jp84BH+fMeqeMFGTKtYqEyOcAZ/kiN6cmbFllvggFiyg y9GSNnDZeoBtIbpa1+p3v2wwa+Rmi4jagmc8c8XL03h7hAigsAODhN9d8qqALsnSCZRMXSbOtt2K XGwynzwi3KgYIDlZgkJPUIgJM7Ie+oIBB0KcW2nBBR/qrkCIoaBZKc34WfkgZqrPM4AXfkwydzwU PInjr5GPzIfHXRTAixjfvhLwww10YF8GYsA04RfhAAVCfB5Nmy/0sxEj/orMAa9ApyuI0cC2BQNR TGDAeIwqK8GqTGcqcM8R2KkQBgmxBWh0z1KtcDDTdutJFxmMYPjEkar2MlZ9dcedyExk/CJ50kg2 a0CYrNGNxmQ88SvE0ypzBKntMMLYjJEYJlDXRRXjYFdQLkgck78RwAIyYAQKZExDQb9c+CsTqkQS YhxUbZGZfbQwqtVGe1AaVOhg56XxYECrWe9WaI0gLEUbEbNQK0jgEfctMqW/PdY8JhPTAa5t+ZZ2 GQFowBq/QIICOOAPQXqHVKf+ITHyI73XvIk5oTlTBmT9kJP8NFmPyUsNmpAOF2dNlJAEp/RuQC5a pGBkLLCQE/bMglC0/qwWU2rvQSlAVWv70qqmfWNpJbCLlHsb3CyfKDJ5RO6DPKK2vOCAAzwakIiA OiUAEEAHEBBc2ojBGnhhaQXe2Qp7QuQz0fQobo6RAQIwpwlnoswCo9gQOXPiwjWJccNFR45kUDKV E/lIR3w6txpzqwCha08DEvDZDVYCviO/mc1Eizj8rrzlfLejRbET80/RVkg+3JwkINFE47bkaUtD QErFwAEATeBDcupElkpBmNEdoK6XmcCxKNOlJpgmUcdAFGAck/WvMaGexR7ZSEIUUNO7oneQxOrg BmcJJn0W5Ea9NghF+7KXOcAfkY5o34/PQksrc7aCJ8QO8VLciCSt/g8GeoF4Io+A8llDAca9YsWv wKuMF+AqPtGGIBFlrOPaID8KTKUyhKciLJH/W/ZjSKHKTkvYrOboIfSuw4VYCRdxULLSABYwM1ZF WvP1RqgVE0QWVsgHgSsEW+MWeOUWCCClKtUjcxkzE+izAU7HfTTAJOYXRQdjBfqkARqACSlIFU+0 W7gBVFbyU6aXO4WCAM0QJlm3K1dBXbLCEw4DMvfjUyBBBfChLRkxJAfSXQphVJB0BVXFY5LURrzE SyFUAHkXaQ8YgVuIPf61fBlFF4InKjskSA4QEYEQQBKkBB4lJy5ANwsxAdi3PlpDTxCBCQQQMPSz ADUQJiHmALEz/nv89FMo0EWrkTW8kk9NAhEVc4j4hEWHZYKfYSETBy4scB9H90Gqc1VTeHcmV4Wv knd6x4Wj2EJKBnjkJoaHIAggNROYEVa8sCV3thCfkRJFMghGEgjHYHAbxCsUNGJEVWNsBykhBgYc liKwEQxnM4Oh9BMLpAEBwkqIElRE1QwjgR75BmhWpAQ+YAvmpVkGgFCWsGi/R3KlVQGR0m35RYrr yC7KJ1toFYbc4XNAxwC8MCRtqE+jVCS4gE06IgBLIgjDMBmfsVA1USBtN0I4c0W2kAJWVzuBuBrN GANoQiBfBI2rFEAIIEhBlTPtI071c0VIEGqx8AkpyCivJD1U/pUtCMhLU+UyvtdLDCiK6siONTkp 4naKqHgQiDBljiAnqmJeHBNqhdBNJLBIA3AATaRIwjOJsvB2xgZONXYwClFjBOOQNbgaVrcVUTQS EukChKVKSBIRPEQCVhdhPvAgiHJYFNAlCJCCxgKRKZKJ0yZy37RVLXMJbWRf3aaFNumXOOIHMRFb 75hRpygJHoWUe3IVtlAMKGAqhWAZgNA0QpKUmJE2lddqTmkLmuUe69EAFwEu0yiRj+Eln9AwekFJ f0U7IKJqPnA+0IQm//Zv0HiRAWSZq+R4JBBhsDERI0ULCAVfwJeXw+l78oRCZEGTf6mc0NEW6qMp OclkZ9U0/kx4YdygAZJJDOPgEgKQAD+HALvQUQ4wJCxQCtpoGuOhBBPwmRnxKpkQCigQAXvWAhBj AzshA9rlEBMBcfkTGUUBgk6nF6RxA4xiKKpEmyLQAbPpMGXXBKMQcuIYK5s4Xwsgk2C1nBc6I835 W0RzaeQWJJAwCQ5QJD4BeeBhEzJgKuVTLDiUEIGGe/qxEFlnOLqXeQnADS66h56pLekhC/ohGkHl AswwEc8QdjHAJcbwDBkQAUoaMeqABMEBHFkBT6MnjfR3VIyhLaLFaFlajqWAWmWgPhgqpvagd2Vq oQ04NNAJYNDpEk3DJG61C7EDGHLymC9BEuRgOHsCWmG0/gCGRhg0c0DbMkTsUWPpkRPJKINbsRuQ sQJilxUOMQDKMBxVRBVS+qSU2l1EZTOn8JuVsIk4c1XzhThjSqr4YKanGpiQl0yEuUwfKnMx0QG1 EBF/4JNG6gLAJYlY5QAY4QLmtYdW4BCuwh4X4QIxMBM01h4uSmOXEFSEIonHwxvyBxT0ZAql9GNV cTzW8hovIA7MM0JZEA5z+amlJTOfKDhfWqrpiimnyq6C2T2smlEYFREAsDTRBC/j8aPuKUKYUGM/ cYBsZys5IBjPBmftEQAHoAGhA4AHQ6xOOBO8M3GCVROvsQIpog5WIAqAhjIPwn4b61RxowVe4CDu VSES/pqlOdNLV+VV6sqyetCu7aojHPqFmPYIYeUZkLIZq+SYKEBjlTCjNfYMVlRsWAN3fhpJA3sR 7umzkDQY/pN79sRnCSNYOng2uUOxmlAohKI3/oSMJ9Mb4RptHnEcncqlIZRsp/A3C1EBr8i2Leu2 bvCy7AoqFBhzh0AIuwVXFPSB3JczOtA+RnVPdSYK99GzooQCfQpOffIqhkZoDhc6hZa0ZpQt4LSH E5sMppGfzoIKC4FVgnK5wWEt9ikODUpf4KgCB+UAIWe2tPAaNdg7//K2sRsHcQtR+jKZq1q3hwBE eAVXJ9Bwtpcei5UJKTB+CClhbRdjytCnGbGsbQcz/oQRCrsKuY3rsygGThtikfmhRdLrp4ZmP+uA Fdj6Y1C5qUT4cfVTnNqircqTAA+1d7ILv9uBOSkXs0uWuzvpHccwCcYmqBpXQKdQvZbgdgkDAYD7 BJl0RTPDPrDCuLeHezUGS/F0vazjkFl7MCLUv6U1och2bEclOEe4ex/EYy4jSa2rNzsBAYbwvvAb u2oVF27xQnUreN2hKrbndkziF+sEKzRWK+/EJInpJxoiYyvxdpXxvJSLCQxJixFWeZK4Hps3DKmk AXoxAHoxpVNRT5kluTVjhSCcWSL8m1VVjrukLRR8MSGSAbbLwmtsBmrlwqEyNLF1v45QdEsycguR /gCXgRnvIYCVYE70pAQW0qf3IycJKQqEIStIW2MKkREMOQGBgcSadwAAUkFPtyUnaqM0KAEkCQy2 QBpHYKn5aE5XwRqlzD8iDJx1eYTLsByj/AC2m5xsrK5u7MY8Eggwh4qRsIGUEEl7mDS7dXqUmHEH OwlWloIqsRAaVwVUSblvZGyWMKw7PDDv+Zm3dwmEATEjcjFOpDc6gCL3RqCNsiiwQM4/sChMbKNG Crpiq1y/WbbOY2OZhTgOKMtr/Jz3zKHXcctp+q4VCAlFFwF9cgAzxAH5tFR8prTI9nbMxsyhmQK+ 5gMK8dDkxbiDQagV3bT6KpVYBCLHUkH55Jjk/hx/45xFUewlO8AEcGMctWRUWFCc4ygzXLySC/DK FlrP8HvLOa3TOz0qgTAqZ5XLMhd1rZISCqBuS3JFoaNUuTcAOtoeNPACfsxw5hRsp4AesfJNDGyw O+w/oonH7lAc2htQjuIin3wLNqAT+eQQO0CfK3IcWuBd5BU4ZGxVaIRUNP1VN73G0sDX8ONgZEiG DpbTcUi3Oll0knCLNprENoqUxRZUAUAwO/qZAYALM2FPo4Qcg+y7JjhSVVmtRZGC3Nm0HZCw8CFi GeE3FEelAnWVISLOr+1PkTFxVZJduWdQJMeJjJZZh6PX9QzYv60B1yDcwU3cO2QNPCIeQKTc/sud inFxfdzUNKxmo6e0qz0sjEhZABNHC/fJyEp1FW7ns68iuBs3eyRAP5nXswb0Hm9iRYC2BKShTyvC tTjBJcKxelWwUH8yJcUmnCPHxdxiCcrS22w83Clo4AWegsPNQ9MUW96hy5HA3HRcLw6+LI/M2EpI no2ssEewZ/6j0W55BHtoKxONCRaNuFhFM+A0bLCgALlQtNZsCes0RuaQIedQFaMMvj9WhPitQeSF UGNscjG9WS7jPwPOxsWN5Aau5EoeAeYnPhwAUtfHqoUwswbh4AIQAVMWMAeCqMVGMH5sowdb0NCj dkuFT0lYCwngcAptdxwTA9/yf1ud3Ux4/lghYw6Seg7qwIM5ngpDES77fQXvrGIl5DKsYuTwu+SJ ruQtbpImcmU5hxecgheNsJP0MumYoRmxaBO4ElQAW35NDR8O58CYIAOHJYmb1zRBxQAjNTA5Yz/O RqhV+dRHAGghAWgUtjtWQTK7Lqm6PgU6vgkcFI4HIMaqXG0xXQB7ucKHfqFL/gPPDu3R/uy4dVFQ TssyRC8OriTsViIRoDuA6xPlNzddDWfkuYc0sVQTNxgDYAh4PAGhI3HuaT+NO7C3Z2gwRisk9iw5 zg4q0zeVNV4dR16aII7Wdmx2GXyDVo+Sxuzqqg3R7prnI/HcOPG4laDYQcduLD4bX+UE/uEdWA4p mKEaz9CG52KjfVLZCCLXR1Uup5ALpM0BL1EsAWNijHbBhIMcp8CwA6w1tsTr/g4FX7EOev41fc5B GnRQ9UNyWC1fMiOAsDJ8Nt3wpdri2wBNRPKaRMKNRHKdq3jtSBMQ4vMjEL5bxiAmm1zFjfk1lUAk bccAk3XEarc1TII/6laLW74ka/5inMseBzAq3CANjw2aP5AEQ5FweA6+RE9iXzBmIjhtmODOXfo8 GLESIxS9Uj/1Yyo/25D1Wb/1Wm+d2AFSUS5DTz4IT57theAI3KAZFWQsq/Z91ilEkL00B3Dv7eMe EasQA8ABgXERE+Bz0nQKHRx3LZBi/kzymhKTsMfmJ0SuIEtAqYff74pf9LQyuaJTCsR+d/LFq7SD 6QQwAG9nfJkvppsP+ucP+tNdFCklCP44Zbe8nVKWHbpwKuUGr3YbQN4e8h51b1iyZ+cDAtoQLI3p ME4yHIeDFgfjvod2BCTnzoOoJQ6LQkxYMBFPjwFTwWARC0NiLlo6NFraVpbSoFAO4W224TAt0mYH VuqYShsLb3phGKalUgRBoZk8aDwoIDhMbCAmAiwyNjo+QkZKTlJWWl5iZmpucnZ6foI+KjQxlZqu oA6gJihMCHR0cHAQZAhwbHQIvOZy2Mba6gbL9gYXFxMgyyIMPEwgS0BDP8y4KPhp/jxpdGgAJUxE tGw7xLzUqBQEoDccyQy8adVhYQ2lY2UlQEi426yj+6fnqKJHCr0oA4ksSOcvCRx/DBAgwPJGYYkS curY0VMnnwIIAxokgAgBRaINoU6iTKlyJcuWLl1aMyUzVYKaNmsqyAULVgZZsWABgAXM1y1jtogZ NYoMQQQGrCD08fPggYQE5QaM2hZzgM9RDgbEukGjBgMGAYkcMJiuQTo8LdD2Q2OiLIMTVQAKRFcl TxQ07IwoNENDwgOoExKYyNJCTUWLJSzYwVgHoQQEInAIZjPA5MvOnj+DDi365QZSM1WpunmTgYJe sRBMyJABEQEAAggIACBLAKJX/kl/K53FoYMTpwoIRBgUbVoLJglybRDADduLBAyO+BNc1kWCwDHY KjxQE4iQMgaPYDxRfqFCveRSyFg3BP6BB1bTssPKIB8bEy70nhXHRQShkcYdeWD0ADIDwBEQA5yN FqGEE1JY4UqliXDaKjY51eEKP70i2wQSyCZiBrHRUhsBHRAwDHC/tYhMH6gQQgBqCkxFjTUJRNAB Ak5gdYYZ1yXBhDnc/RMDEQncogEBEC2TWIEMMbaAC3KYgNdZB0RAwAYJfFdCDANsl5B/GtiC3z8N PIEDQAg1RIIaB0pmBZsiBKRQAA9a2KeffwLa5yhYyZSaajV1+ISLHfTEwgAn/pYY2wbDZfBkiy7q Et2LuiCTWwQR4DgIARNgVdVUQjDQwQvUCNFeFjGkoAIb4lXXFwPTxXLIBhEgAAEECWggHxfoMVbE Olm+GaB/CCVmgwbj5HCAV/0E2BYVeQa2TlslUGCgZBgtlGQ6DARarrnnogvKVqc4Z6h17zrFFTCM RuAABRVgcEEGGMhGYgYQyIZAT5huyimnTzIVgSoPRLDBKFPZ94YZViomh3tZTJEWDy60cCuasmjD my3W2WBZTWeoUx5fabCRHbbtnaUlO0FoiW0MFRRWV7V9zUMEGHVmxJceMbu3Z0npIp200uY67MOg pWxoHZmIxjsMpBMcgAEF/hngXAEDGHz9Ly2VxrJbpgW3eNshEUDgBCsOr2DfdnqlNZmebwFYjgwM WAnLHxNok0sQ9ljVD0PoHYHlEFygUW17/qSh514wh0uCeFD9iEPiQiygQHRpBdDyRd8SNAVeRzhQ gRAOlITI0q/DHrtnDmswytNQp5a7U1IPh0sGHYBRAQUXXFDBBQ1cYAG+F/CLAb8VSADBBrMhwEFP s/V+qS69IAeAAviQycCTU3HIN1pCB7RAm5qrj4IMb8mAwma1bVBXgUb0lVjiUywukQv0EC0KjxOg AO+SJLSkQDvaqBs7UIaxitzBAAWQ4IEQckBp6cdzrZMdBzvowU7Urnbr/sJdTdxVQqFMgCllucDw iJc8rRFPeBRwnvAGgIENQGQ2EajFBHSyAWT8UBa16YA7JvCrBFQGAuSzzgzkgJ+OYcUyrPGDVW7F BhXIA28LcJJ12OKehASmDfojkBn8k6obGMR0bzpPsq4VoMlYCSBmQMwb/fOGOOABjuAi4Myekwje QOiDghwkIQEwHW5co1AknJoGehEU2SiAXxdIgPCwgAEHYKAC+DLevYaXgQv4q3kV2GEHJsW94dyi A+UZQCFQABGIJWAaVrFSGhiwvQ08oB3auEEWyvECroApMGDMQUESt5ckyKEG8pjVdRrgAw6cYTJU CJcVCjjNvMQFQNqU/lmVvgXHoUVrAABY0RkS0LpAFjKd6lQa4A5pDRGyq12o2Q2jficA59FQeDDU JNfslUlOQg8DEnheBTLQq1i0SChfGkIDmoECBkiAAPaBZRAqEoMe9tAEU/MDlji2Kqv8I09fPIDT qJWEIzBBSllcJZmQoBZtstGN2XKpSK11LfdYMCMUnOA3CTgk+w0gU4pYJ1GLaq4JIPWQIRwhapwD rOF0oIe/Y5QuTjQBDJAqAcUTXvG2KrwKWCABytsqPlNIm9tsgFTYOBmbQqJEiMltHiTYDALuUxbU JIYsZ4gZ5QBig9sQAAglQAESFoCCKYAkCO5AgpQsRsAB8vV0NUtH/jTP81hiNianB1ELXtTXmnMa NbSirRBSkRoBd4ZQkc7RxjC8VCJIvXZfxLmADVOnPE2ycKsu1CQGBhCBWfzQF5NyTgpSEFF9TJSt 2TkDYUlqD4X4cq+P28tzrmPYu1qnCFh0WRTkaR2UWdaaeblpZNsinxrAQY2d1WOdSicZxfgAOopw 3Wjra9+XwAKjpVXqIQsVuLLdwieJ2EnDfgepfOHWeBHIVwvBwDxW/GJ7QSHOj06mglfiiInj6MsZ 3BEAbRnQoxMBIEJkJR7OIQFmiQ2m4Zz5oRS0NLzXdCNnJSuFjgFwuuxxKUGqyb80cEcm3AALMehL 3/siOcmg2AmT/vWLWh9A+Zn01IkwZjO96cX2nvi8AAM46WAHn2gWuBkwi9iWHHCgAAIIIMwSWWCx 91HDzcM07Fi0tZDFOBZldfMBdojwFb7p77C3YkJd0DIsGV9WTwWsGADFlKyAvEUNiQmeJjUZjdv5 ISeNFCpnjqzkT4PaEtuDag+jGtWkTifTIvzJbhDRi2FAFdbWm/XvZFEiG3K5tl26TTGGAwCm9EoB 0HgoUwYxiEm6A8jMxEojB+Aej+psmgVQgVP6EwNiFiAn7OiHeMgUPlpV51ggGfJiY3pNPSVE2mnM Dn4o0suyoGAqOINrNOp9jemUOhjoDDW/+y0JYTB5J6VF9VK5/kEMVEb4KMC1tQBq4XDZWM16snHe YUiEG9wEAwE45NWahV2OwsA1NXp+6FesyoFgFoECL0j3Gp1JHbTkYB0rIDSRYoCN6WQBCI3soVja IKDRTdOkBizdQOQjGKfOfFBKrzfTfeWrCAx8J8bYt7+rXnVNHeUnTR54O3EV8N34xEWw7nXZFB7V Ww6nU8aYRQd4RQAl/oo7xcbKEkhmpRckc4c8T0vF8B5SWMVFCyvAbgeCACa0eNsHHvuDqW2UYmQm DqYACs+sfFncUohg5oq0nTWi5/SBq7nUUv/hH3lj9dOfvvSjHkbA85vUriMVFqjsddhnLeuxxxoW k8I4xkeN/oAOYM63Ergi29g8ANrWZC4blsGJYKGAMgwWvJatgssV0IZbYYEac9FCWQJnpANAhBsW e5yUpF0GM85c86VgqjXurdTSmnonUFW7UBnxR6qjPv9JPufaYR1wrncdN8heSQDD7RlgppQNi3RK 720PHwAfMvwKBMDHftxOCckDkZRTBpBSBVjMGmgBG7CCAizErcSCFz0BW3AbSKDACohH4SAEqYDX WWTBdlzRCqrfCLWf+4WQfr3efzFKPdXC2fAGEGmKp/UG/ulfEtrXOamerG0dweHb3wzgAjacwjkh LtyCjMwCrwHck7hdXVVFCzhABBBGLIVPAnSLYS1OFkCd/sBsmBuoAKm4Q+bJwzr4AC+RjBb8BRCQ yQVCAbathX80h2qJgNLFRPvxF7613tfJXtgBEgES4CMCgOscoRJaIqgxIdbJyKUIHACmmgJ8So/A QvWI2cBwzyZODzIgFP1xCgdACR8QAGFAgOC1TfnUwKsYCwP0ixVc1wBMQKaRlD6oQrdJBzY8AbAU Xl+oxjDCWaxITZSZQoZAWUwgkg56HZPdhitiShEe4QZlIjeahJF52iWS4/61DhB1Cuu5HgCGojV8 ClJVT8P1hBZ6icbFiIzYAgO2SPXwASzig2I4gAREQAVQDce4FBdwQUNMW4eUAQYdQix8xOIkIAdg gz24/ljiNZXmZcigZMiQKZWmCSD8RdWrMVlveEmndSNoRcckLsLR9Eb9NcJQleNMLiETDqHIrJ7A ndrA/cGnICLU/cJZ8QIxJEPZCcP2MJkssEIyiYc+UA3JcZs9hNcVKJMDcAMDuMI2gEcBkCAihQ/u qJZM3Js1HlL8IRxSiMz9MaH9gRYmbNAjjCNNyiVRfWN0FKEw+MT/eeJp5aAfACVv4J7uTcoA2oYV bo8qSElAyg0TxUrdcAEFyFgJYCUq9aA10MATyFNThSVZ8td+JSWrmU1a1uVbOgISVkI4zmVqItlo 2uTqqWMnmhZf9qUGACV0AJx8hV1SygIubIdgIJG7/uyO/WRRuNTBCRBK7iAnE0ijKdzbHSaiFMoe gKGSrE0da1KiaapmdmpnadYlXjrhTnLdp1Sj7TBeUPYGwaze2agCqzhATKjGdmjBA1nJvVQAVqRf CaUCc64fIj0ndLbeARbDN9rfJMbldhrogVrCN/afdIJneMITVrwT1FWnpowdIK3VGbTAzGGmTSDd KrDZVGyeHzBbIb4fN0BhI4ImWhqFXQoo1WEngsJojBLo/QGSUdze1v0NbYrQuthOj7DeixQeC5bF 4GkehxZpE7SfPrhjCP3AvW1D7GGjbjaiiqrkjJJmOKImarakjHJplxIoWyqowuElbMYeqo3QCrRC /imN2k7UTu6UUGbqJ6FkGpLuYDvBH0axFoDJ3lEIVYAKqCS8qJcKqpfKJKBiKYW+JqmVVijy5YOW gniuS356g/phXkeOAn/CH+MBTmlRJAf00I+OWiLcgnW2pHUW6KCiaqpCgnUuKJnG5mntKITeTqEg IqEkop1C6SJWaFqKpqm2paoCa7CCAmvW6Evm5RPGJn/2ZV86Z39G3X9KJ+uFpqmy5KGypLBia7Zy QiaW6tHMaKvm106eFqxOB7niG09ug/zB2sXJiKaMGVqyaItu6ZYGqrba670mqEzyn2siKwD+Jymq 68G060l6yUmq3iP+6arGJL4ybMN6AiTWaE4u/mL8fZ2YuWYv+GrGFurCzqvDeuzHToKp9l/tTedR DqGXVCjpnRP9cKdKciuggmzMyixcvuVoPiJOlp5LjhrCIux8VemhvuzMCu3QtsRaxiTWUaKfZiKn QYjGEu3TQu0njKPGUu2vtixpRm3Wam3IVm3XRkLQbm3Yiq2Vdm3Gfq3Rjm3abm1c1qvauu3bdoKL wu3c0m3d2u3d4m3e6u3e8m3f+u3fAm7gCu7gEm7hGu7hIm7iKu7iMm7jOu7jQm7kSu7k3uvUPi7Y Um6MWq7jYm7mfhq2NMLL5MkiBERpim4OhO7pBsAjnK4kgC4joG7qrm7qAkDsOkLs2q7rji4k/pTu 7Yqu78Lu7AKv7/ZuJKgu7bLu7gYv786u6gov6T7v8hJv7uZu7VYv7kav51pC60Iv9xZvSzpv8HKv 7L5M8pYv9BIv8H4v+lrvJIyv7Jrv+bKv9WYv9b4v+crv9Y5v9bJv+MLv8Hbv67bv/0ov/2qv+9pv /UYv6ubuBjQw/SYvAqev+BKw7TKw8GKv/s6v+RIw+mpwBWPw+lrwB0fwBCcwABsw/xpwAKPwCc/v BUvvAB/w9ipwCS9vAz+wDMcw83LwBr9wCMtwBi9w82bvDvswDCPv/44wCadwETfxBj+xDhuxFJNv C9vwCAcxEM8wDV+CBuPw85rE+lJxEiPv/gpj7w1rMRL3bxGPsQ6rsQ+vMRqXMRvrbg9jMSVEMRmr 7/OeMQ9n8R/D8RYbrxgDMCBPov8Wsg3P8SD/MCD38QCbMRvfsRs7MREXcBrT8SDvrxYj8PEm8iLH sR9j8SSvsCDHbyQnse068P1OsR6Hcgk/MiZ37yt/ciNDcSXbcu8+Mv0SsifbcgAL8e/W8hpbchv3 sQXHcCmbMvPmMS8X7yrTVykrcxSjsgcDMSkHACLkgDYXMTT7sTPbryhz8jHzsQCTMROX8+42cyDn cjFf8eqOcjkv8yaocAgLMzRzBiG3cSDvcirD8zVzsvXi8zbzH0HD8iaL8w4jcTUX8vdO/vLwrvM+ h3M/J/M/y3ErzzMc17MR33Ei9HIm13NA3/IfP/QqEzRBF3Q2t3DroDRKe/RJi7TyRrQUF284H/Q3 YzRN13QNX3T72nRG9/AsW7E/K3JO63Q6d7AaK/UQUzSBOvQIs3Q2c3NUS/Uqc/ROMzVO/zIEKzEu D/NR23NSW7Q1A3UXCzNEe3VIF/X0mjMwi7EI/zQFg3MCCzA1v+9DC7Vb67Nag3Vde7UrT/FTy69c EzY7l/VggzLwWnVQG/Zc07HyTnBh2zVi83ItBzNct3JIT3MljzVbWzZPa7VG77X+DnFZm/Zpo3Zq q/Zqs3Zru/Zrw3Zsy/Zs03Zt2/Zt/uN2buv2bvN2b/v2bwN3cAv3cBN3cRv3cSN3civ3cjN3c49G Jjt3dHexdFN3J0B3dWP37Wa35xpAd3/QdW934na3AXx3eFPueJe3eUsuensQeKt34bJ3B7n3ew9u fHPQfNM3I9j3Iuw3AKB3fwP4eHu3IwQ4eVeCgBv4JCB4JLD3guu3gGdCg0O4JCB4gjdCf1O4g0OC hj+ChNs3h9dufmtCgXe4d5M4gYO4fw/4ha94hlc4g1e4hT84ecc4f7/4Jfx3jaN4jMs4hpe4ju94 iqs4jd84kIe4iGPCfoP4eG+Akk/4jDt5lFMCj7e4jfP4j185leM4lVc5l/d4lcP4/pWzuJiPeZaT OX4j+YcbQJNbOJNbOYuz+ZibhJrH+YybpoCj5pMP+ZqzpJ7vOZ+zOZ5Pop+7eHfneXwLejjquY+X +aGveKLveZADeoUrenyjuYiruYqP+YyzuKZz+pB3eoszupWjk5rz+aY3eqp/+oG7OaoP+b6ZOquf +qq3+qpb+azveSBZOpJHuKivua8nOJ0D+6D7ep2/uYuvqocn+7DH5H4H+pbLeEvGt4vGuoKDecdi +LPbOrHLuLYfOa8nKKITua17u4kH+4qX+7gfO7Jv+ID7eLW7+raz+48XOrPP+73H+4m7+qVjuruf ur/juoRzBsBDiMDbOKlbe7Qf/ruXw7u8i/uNg3q7fzmZRzy+S3yYx/u6rzq/9/vBe7yhl7jHezrI d7qnjzyuSzzVebiXy/mOl/qjA3mtuzqlc3vG/zh2yryt5/zOrzjH0/ezw3zF21+OP7jQ13zQj7rG ozp6Z2m17ji9P/2tP/m7wzx567q9Y/yUX7vQ6/vGg3uv/7qBxzmGM/mAjz2Yl73Ym7vCRz29e7us Q72rN/3Vs72yl2bDXzzUU32bo33fJ7jP57e5Pzib45/g2zjht7vJGzrJa3201zrZY73SG32h3zzC l7nNB3ncFzjdx73Xf32SyzyhQznd133oJz2UXz7qt7zD+z20A/u5vz7fs33q/lt+pKs+6zt+z38+ 6Ld4oM++nvt+mFt48Le9tGt5s3N58Uv+6Uu9kTO87Le97xu59Kd416874P+8lAOq9i/7xOc98kM8 +If/8re+JaQ9iFP/4ke+fac/mLf/9+M+7O4+77t8wtd/1tt554u/aUq/ypc/5oMAII6AYQKbqW7k qK6i6p6k3JYve4spvNs1WtAwCuyOyKRyyWw6n9CodEqtWq9HXUub5I68OzAKKSaxytsxOctuAs/d MdcrRsOX9/atzDVi/4CBgoOEhYaHiImKUkCLjlR+j5KTlJWWVy+ZmpucnZ6foKGio6SlpqeoqamR l62ur7CLqrO0tba3uLm6/qCssb6/wMFMcMRyxsXIx8rJzMvOzdDP0tHMMNTT2Nfa2dw6vcLg4eLj 5OUtjeaH3+ns7e7v8FJo8Vbr9Pf49QAB/P0k9oYAHvEj8J8IgAIL3lCYhOHCIoS+OYz4ZGIUgvky isNo8KAki/s8MlEIUknJjlAinVyyslBLQSo1ygTGEaLIff4O5tTJqp89fyp3Gsk5dGcRfjaDxrSZ FCVRozwxPkWKk2pIqz6vWq26rqfWkC2kbr0pMitZsQaF4owKtq3Sf2qpLp1Jt9XcmzWvdlzqNezR szoh5mXKsabhh23B8t3hFSvevRL/lkXJ9CvZsncT622aVCLfu44ni8ZM/vll3dNVMi+uPLpyZM6t +/qdPVgxY8Cacyceutf15cewczemHBux7eC1d+P2yJv37769ZKOerkipUYI+rR+1Pla5d+ldEdd2 Lt5p6LDZv28neht39tfMiR9/jtx9++KC9fbEml6zdOoAusRab8a9VhB0BC4nX2ELkZegcL9BCFt4 BT5432b0eecXaPYZN59yzemWXHTyBWjiH5lZqGFwF+blYokGZijhfx8OiGCEFKrXUFoLKphfh635 tmKIDrJ4GY0nJpnagPUFBRyNTuro45OjHUabZKvNFt+EKrr1IHxIQTklhjeuJWKWUsr2om5MKulm Sm26JVSY28HVHU9ywZ63W3dq5SkkYXTiKaida06VYlUamtVgiDaO6d91gYbX53qEobefniu+qSmc m0phWqcRavQpqCaOmqSpm6IqjKqkTscqane22kSsGb0q66245qrrrrz26uuvwAYr7LDEFmvsscgm q+yyzDbr7LPQRivttNRWa+212Gar7bbcduvtt+CGK+645JZr7rnopqvuuuy26+678MYr77z01mvv vfjmq+++/Pbr778AByzwwAQXbPDBCCes8MIMN+zwwxDzGwI=OwA= ------=_NextPart_000_000F_01C72AAD.996DD7D0-- From ruinousobelisk's@abyz.com.br Thu Dec 28 20:42:55 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H06lr-0003bB-BV for dnsext-archive@ietf.org; Thu, 28 Dec 2006 20:42:55 -0500 Received: from [124.217.7.108] (helo=ns.aberton.ru) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H06lp-0003Fp-JC for dnsext-archive@ietf.org; Thu, 28 Dec 2006 20:42:55 -0500 Received: from 200.160.145.123 (HELO mx.sinoscorp.com.br) by ietf.org with esmtp (;0R+.QL4 G2055) id /55.VX-754SID-L0 for dnsext-archive@ietf.org; Fri, 29 Dec 2006 17:42:05 +0480 From: "Elizabeth Romano" To: Subject: Happy NW Elizabeth Date: Fri, 29 Dec 2006 17:42:05 +0480 Message-ID: <01c72b70$a785be00$6c822ecf@ruinousobelisk's> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: Aca6QD5DD''96TT(5@/J+- X-Mailer: The Bat! (v3.6.07) UNREG / E0XUKJWV2Y Reply-To: bcdcef X-Priority: 3 (Normal) Message-ID: <3968781406.20061230054443@cartorama.com> To: dnsext-archive@lists.ietf.org Subject: Charming conditions and real guarantee for your business MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Spam-Score: 2.0 (++) X-Scan-Signature: 5011df3e2a27abcc044eaa15befcaa87
TAKE PLEASURE IN NICE PROFIT = BY ANDROS ISLE DEVELOPM (AVPJ.PK)!
GET NNYG AFTER NEW Y= EAR DO NOT MISS YOUR OPPORTUNITY. IT IS COMING TO EXPLODE!
WE SUGGEST THE NEXT = PRICES:
TARGET PRICE IN 1 WEEK: 0.72$.BUY IT= NOW!
READMORE NEWS ABOUT = THIS INCREDIBLE COMPANY USE YOUR BROKERAGE SITE.
IT=92S GETTING GROWT= H ALMOST EVERY HOUR! MORE THAN 75% DAILY FRO= M BEGINNING PRICE.
WE INSURE YOU THAT Y= OU CAN TRIPLE YOUR INVESTMENTS WITH US.
From 625eustace@lobsterinvest.com Sat Dec 30 08:40:23 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0eRj-0004sT-Pl for dnsext-archive@lists.ietf.org; Sat, 30 Dec 2006 08:40:23 -0500 Received: from amarseille-251-1-27-41.w83-113.abo.wanadoo.fr ([83.113.141.41] helo=qrcuiwu.g8araj.adelphia.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0eRg-0004sP-L1; Sat, 30 Dec 2006 08:40:23 -0500 Message-ID: <22886750123463.0E204CDF97@92AY6H5> From: "(270) 818-7244 Ester " <457trace@mail.hf.ah.cn> To: Subject: RE: Do you want a {}prsoperous future? Date: Sat, 30 Dec 2006 14:42:42 +0200 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: uaA0Aag7z7VvMzqXsOMxUG0F9YZbpns4u9Bp Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Spam-Score: 0.2 (/) X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69 Yo Ce!!. A Genuine Univers1ty Degree 1n 4-6 weeks! Have you ever thought that the only thing stopping you from a great job and better pay was a few lettres behind you name? Well now you can get them! BA BSc MA MSc MBA PhD Within 46- weeks! No Study Required! 100% Verifiable! These are real, geunine degrees that include Bachelors, Masters, MBA and Doctorate Degrees. They are fully verifiable and certified transcripts are also available. Just call the number below . You?ll thank me later? Telephone Us Right Now! +1 (270) 818-7244 Operators Online Now ________________ ringed fist that sent blood spurting from mouth and nose. Then,against some brush and a half-drowned tree, and every time freshHis hand fell to his gladius. If the men could not or would not marchrights. His grandfather would frown at a boy who did not master hisMusic, and I was intrigued to learn that the stories of Krishna and ofdarkness had brought relief from the glare of the Syrian sun on barethe loose formation of an army founded on what had been a militia ofhad long since crept into his bones, he went suddenly hot, ashamedfor the way his twenty surviving men-out of four cohorts-had tried to From elizabeth.onstott@swhotel.org Sat Dec 30 11:10:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0gmk-0002lZ-40; Sat, 30 Dec 2006 11:10:14 -0500 Received: from [87.228.58.186] (helo=aroundfox) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0gmh-0004BT-9p; Sat, 30 Dec 2006 11:10:14 -0500 Received: from 205.178.149.7 (HELO INBOUND.SWHOTEL.ORG.NETSOLMAIL.NET) by lists.ietf.org with esmtp (QYYD57Z23 9/V*) id 7/M4:8-USEB0Q-U5 for dnsext-archive@lists.ietf.org; Sat, 30 Dec 2006 16:10:12 -0180 Message-ID: <01c72c2c$fc10a180$6c822ecf@elizabeth.onstott> From: "Doreen Vela" To: Subject: Autodesk Autocad 2007 ready to download Date: Sat, 30 Dec 2006 16:10:12 -0180 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000F_01C72C46.215DD980" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Spam-Score: 4.3 (++++) X-Scan-Signature: 3cb75504e283d08ef0543f38ba481a75 This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C72C46.215DD980 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0010_01C72C46.215DD980" ------=_NextPart_001_0010_01C72C46.215DD980 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Away, my songs, must we goVI. Smeerenburg and the Whale-Oil RushChoces, M&#= 232;re and Père, undreaming even of fieldsAcross the heavens' gray.Gre= en lilac buds appear that won't survive they sit with their wives all day in the sun,He terrifies the Vast, he seem= s so wild;Swaying in unison beneath the snow,Seized from creation by nonent= ity,That open before me? What I seeYour gloved hands covering your lips' go= od-byeHis sightless eyes horribly watch the air;Green lilac buds appear tha= t won't survive ------=_NextPart_001_0010_01C72C46.215DD980 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""

Away, my songs, must we go
VI. Smeerenburg and the W= hale-Oil Rush
Choces, Mère and Père, undreaming even of fields=
Across the heavens' gray.
Green lilac buds appear that won't survive=
they sit with their wives all day in the sun,
He terrifies the Vast, he = seems so wild;
Swaying in unison beneath the snow,
Seized from creati= on by nonentity,
That open before me? What I see
Your gloved hands co= vering your lips' good-bye
His sightless eyes horribly watch the air;Green lilac buds appear that won't survive
------=_NextPart_001_0010_01C72C46.215DD980-- ------=_NextPart_000_000F_01C72C46.215DD980 Content-Type: image/gif; name="qclti.gif" Content-ID: <006901c72c2c$fc10a180$6c822ecf@13DA0C59> Content-Transfer-Encoding: base64 R0lGODlhEALYAcQAAP///wAAAPX19cTDxff0/B8cMAQE/HNziOnp97Kyvc/P0TY3X56fr1dZcIuO pLm909nd8Nna38jN4uPk5XGLo5etwi+UmaDb3sP19+n7+t7Z1/z8/PT09Ozs7AAAAAAAACwAAAAA EALYAQAF/iAgjmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/IpHLJbDqf0Kh0Sq1ar9isdsvt er9gbmA8DqvIS7SPXDY71TA2fCUPuOqoup792u+9c1lyQm1FgUaHOYNBhW4niSl+jSaSZ36Uknh3 mZpakFWLP59rk4ilinxAo26rJJx2j5l5sq6vrSO2qZ6noGW3M7+osEnBfb68OMVdv6EizbhzuiXS 0sZxyM7VVsppx8M93DXhydg0aOMs6FjMyIfa7+7K5ZjfkepE9/jn+bH1hPOiAF7z5k+YI3sF6dGZ BClewmLyBPJjJLAJnInTKpJLOARjtmEeoXF0dGtVoIal/lCOzLiy36aWbzR2A4nt08VL9Njd5NgJ oTaRs2TutMSzUKWcEn8iBRgKY7SajUaVlPnxJVGdSlkabWOSqjiG7cLS/FOLbFA8iY4ufVY1Z4yT YhGK1KO151qxZu/acRoV6jepTL3qPGu3buG5g4aePQK3qGPEzTgRxlmWMmS6LN2+Bfs46OWnag2z BfCqHy2DQOWm9rwQpst0aU+LPmxrtULGnFW/Lmv6LzzQDutRi527MrDiu2/zRlrZX7XnwYUPz7pZ +kjQRGG7Vk54sXGtzJs3H/vQq7lTKnXbnqt5ed3MyW0iH609uXvubcHrZ98+a+PewliX3XrwqVdd Lqzh/ucfcuIRSFpIAxYo4YQPFpQehR9JF2FEsNBXH34O5ufghSFWWKKJ9313g0MRopjgiweWNkuL gAloWooidkSchXFRWCOO9/2Y4UAVbteeikDm6OKJiu2AnYHH8XhdX1NWaQOCUCapnpBDYqhKj14u qSSXYkqYi2/UXXYlmFqyGKaLfD0JowwkxudXi3SmlOaZxshp33+4yRimm1ouSSafn+GV5lWylUgo k1sZOZufIBI5Z5B3Xmrpez5JNllkma4HYaeetqmnc6GWiWltk556mHasmorqrBtSFauqJ16Fp5mp vtmCSlUKmiioVha4qJOIygrioamiE1qRXQ50q5IE/j6qHIeYUeqrd1naRua2rfnULaOLaItjk4aU Y+25p9LYrHlLuXesr+tW265u2L747a+tMFtspdXpah+/vJhrL1fw5gkToAPX6+27kn4o4rzUKsjm mKFy6e+urblWZ8XyRQxwtOAWajC1+yQcsMQg1/sxrtB1huvEnG03lY1Holwwg8bi5SXF0FrV8M4y f7WSUiHLivN+vI3KrcAk8wfkb7NKaZ2USPJaNcELA3cjhlT/TGV3WUfNMdRSp212rgTD+vWEwF79 9ngin2czlXjfy2mGVo+3d9RhsxvY3WjmTWt4fP8dtNmFTTeYwoU/vWDd2/70TMxVu+o3gIH22WqZ /pjxHXqrVOc1LMNlj2zxH9EZTlujRcI+LanPxj463R7yc7PVpotume+3IxYo4VensmPNrwK/F3q/ 4+4wdRRjbjzz0ufevPLL887H7sIOSy70KlfMtPOO0XX89j6bIunxIY6W/N4hc0+0uJpm2RTR1Mvf scH3d41lbx7zENvaxjVSwYp/ukjaQRbIwAY68IEQtFsEJ0jBClrwgr0IHwY3yMEOetCCTvugCEdI whI+AWgmTKEKV8hCHaGwhTCMoQxnyCga2vCGOMyh2nTIwx768IdADKIQh0jEIhrxiEhMohKXyMQm OvGJUIyiFKdIxSpa8YpYzKIWt8jFLnrxi2AM/qMYx0jGMhptgSFEjRnXmK4opFEflEtXHNlIR5ZZ RIN3nKML68hHUuhRjazA45f+2MdCzgwJb9yjIARpyDomkoAkYaQfG0lJCULhkRQh5CAryUmuve6F iIsf9TTVpFfVCCvcG2AnKfms2r0ELfmzy8vyk7JPfuqUwUvUIVfJydCUqk+ykw37rtU9Vf2SfOfr HS+XqTPgGIlYjcmb4PRmuwYdTJrji93f3sfMXuYvZ+FCHOO0dQzuWA5146yZgYbZzXYSp34DA9z8 7PUguH3seTyzZ3kk2c4uOkx8bzqZocAy0KXpM6BCGdu4+slKaqrOZArVl0IjKj507qtTENUk/kP9 6dCSbWydW4HGwUBq0EH5slcb9ebh4JnRlsqLJiOFETp9JKyLprSR/9wlpNCEp5uIFGNFE9O3jiJQ TN70iTl9nET/BZSnGPNiM00R0ij60KPSMalJYeq+9pGRpwY1qg/TKkqtWsh3xrNbMbsUV2vhVZIC DKyLaxk/yUrFHYETbWoLHCbqydZ5/klz44tbNuNK17LG0pqv3JzwFitObZ5VqK4qnNwMcyRuFraM ozumJ5un2R3OTIEjgp3tOFvMyzryctfbbMoAuKdR1g+srsSeV2GpUdPW9ZyghJ+i/PdY0ALUspnF 31hsS9ziGve4yE2ucpfL3OY697nQja50/qdL3epa97rYza52t8vd7nr3u+ANr3jHS97ymve86E2v etfL3va6973wja9850vf+tr3vvjNr373y9/+OmIDAAbwCARMgg3498BFIPCAEczgGCgYBQF+MAAM 3OAKs4DCJYgwgAUgAAlj2MIgToGGOcxhDpiYAx4OsYU1HGARBJjEJT6xiT3M4hrb+MYSXoGNVbxc HG8AxkAWwIlp7OMiG/nIGuaxcm0c5CaTmMhIjrKUWazk5Dr5yk5WsIAFIAIOcLnFH3Zxiyc8YS5z ecI1JnOHAXBmDnRAwCj+cQdE0OEID/jHHMbwh8f8gh1XOYd+NsGeN4zlQudZywZ+M4fZ/hxnKqOZ wD+O9KHTHGE3LxrAHeCAi0fg5gELecYUxnOd65zkP0cx0GK+saFXjWgAzJnDCkh1qdE8YE1vwNZs lnSk5wwAE3cZxSgeQaYF0IEz93rELwayqJONah4029QWtPOdI/xpL1dbxtZeNamnLYIOMKAAA3iz o08gak03msrEnrCm6RzgYH+Z3UKusbVF3eEn43nK427Bs6G9QRbDWMbXBri2D83tXjcgAA4oc6jD LGgDXzrND+81sSvdbi8DG89u9nKNLz3pPNdb0k3G96z5LUIm/1vg2D7xwLct5l4DQAEFOEADFL1m AY85wBNQwJtz/egk23oCQJ8ACeaM/uI521ncnv4ynzfMdKZ/fOWkNjLJPUjtQqsc6oZudQc60IAG JCDm9771uTU8gAZMIOMbEDeLORDrDTDg4AWIuQMA7OsSY3rUkCaxiTncgQkMm9m6rjfWWY3kqR/k 5NgGcqazPfiQI9rhCOdAARZwb2IXO+ob1kABRDCBRDtZ0wJoQAEYoIABDMABBVDAj3PtgAXMXd1p 14ACIrDzEgt5AgNIgN9H7fHAR7nxMN634bEQ6pRfHcid3kDnhb71Q7uZ3to2cITfzIAADIADByhA 570MgOwnmgMJcICbE3CABWhAA2/eetq77OpjOyAADJi4kBOggVsrfwMHCMAB6Kx+/tHHvQEHkABs Vmy55wBnR2jQB3y+B3xYx3DDhwTFl2mLJ3DKpmjqlnG9xmsRAHVpxgEACGsFkABCJgLltwEaIAKi pwETkH0B0HUJsHOtVwANwAATIACdNwAxV3/KV3SgpnwLkIKQBoAKoAAJ0AA/KHQKAH4GGGd493QL +ISCx4AM6IAPaATFl3FYyHgwpgBd1wAOoAAnOGE712kcSGUKEAA05314Jnpmhn8F8GYcUHbnd2ai 5wAMEIPiln+dl37P12koxgDmtwADQGxFN4P1xgET0HUoJgDnt3dVJ4VOGIWQmHVVyAQUJmQSmHhB xgGaF3djIIMOkACmZ25aWGjI/gZgX3d3X3eCxSZzBuZl2dd5jFgARXdrIZhxOMgAJtZ19md06tdh XqaIAFhrXvh8sKZ/ykdsgsdskQiFgTeJCliJS3CFJjaBpfhpP6Z5XihzBRAAkzeDCYhlNuaBDTAA 6OdmCyCArfiGJJZ9i6cAlLd3gMiIJdZ6P7YAushlaid96QduHDCPNvhj4OhlzReLp1h5UriA0EiJ 0pgEoZaJKddki7cBC3AAw1Z/HbAACHdrK7dwHKYBLWiE/jd5GaeGKJZ9GleEoKaInVd/mldsXidu wJhrAoaSW1cAOvhmByB+ZBcALyiTpBZ8zTiUz7iQHNiQDuliGQeR1wiMNVgA/g7wiwOwAKNng0cp ZgJQfluXaeeHkmnnjgEWi8SGgz+2iwXQYTKZeh1wAAeAlnTnajs3AQhXYjHXeQD2gQAGdABWkcEW dk8GiQpplFdGhUgJBJdofHu3icT2lHMnZKhXjh7XkZ62AfonZLYnAJWZlZQHjF7JiAuwiOQ4Y5y4 AbdohGn3il9WZyA5iI55AEUXeg5gmXSXkQfAkfZmmUSZmyAnmJJZmFaolFuXhVfmZfUXcx3wdYJY jZc3cNLXfm4XAAoQb8AoAO93a98WYBoAhCZ4lvU2lQHZYRpgfgIwAPAHABHgcp02YfkHgAyQAF8X f8HIACDnZTHXhpJ4n4MX/pishp/R55u/qW5beXwhl374WH0NoAGcqGhnN3Bw6GLZOXPtFmDvNwA+ 2JZr6Y1AJwBc6JYgmQCrh38LUGwTIIMfWWdwKXkyR5We2AB1NoN993PkGX/N95fLppu5yZvM6Z8J BpzCeWV+12vdKIiLZ3fhiGW5tmayR3G3pgAHQIPYZ4QVmX0UmnZQaXodVn4DUINlx6LFhnryyXlk tgEwx5Ud0JU4eZfil2cniHoasGj3WaQcGInMyZ+spqNEcJgBmphOdoOiZ5GLuXUHuJyrtm4KN2NN mG3ZqAEJoHPjWX9e9nYA6KjZ13UyaG1bB4heh2LZGX8yh3y5KGRemHbq/gdzDaB8rkajqOqMQ4mj OWqnQhCB1lhoj4mgHCaLcEirAwd60meMfdlrM0ZzJ9Z3cpZ2xIagych2CsAA4RZvFld2njh54TZ6 u/ZpbHlrO9mXpKp6SvemgCmn0UenDOmqhsmjwdmUHEaeB2p3fxpserpqCndneSZrcPhpl0eseRZn wmqCJHZ5KDYBbdoBA7CTDNCm+EeQkfaoIZqIXSdzIvmvZ8d4u6mqqsqqdSqu4wqgsXplAMt0sld2 jYmgbMagh8l9ZbZpxYaAStpolpeXdIdpljZ9+xpgijab27esisqWoZgAFrdl3NqtRbmfcGqKFnux aedm5TqccAip3SiD/h66aIJqaGxWsrRmc7zmcrBnf1gbdmXJdIZKd7+KgHkmbrZmlQQpYxeJaeuH qr1no/pJseI4tD+ApxnbZG7GpN4IrSc7cbbJnHvWc9NmczjWc/4WaciGeZVHuEFLb4jrbwnprUDb eIQJtzUQgT26pzJ4fXqHiK82bB05aHuGeWEqch9XZFHHeweptoEpsTfqtm8ruc4GnBCJZd8WbgYL hwu6iJ17Z2WmcbImcqr2YkxGuEHpl09Hoxvns8X7rUHbuq6rAyNbrk1pYq44cTXofOA6mHoWaX/r uxu3uL/bdE7YdIcrlKpbvqwbrs2LA7BKgYi3isRalqK4mA7HtwuX/rWyyb34C7yIa7o/673J1rg/ m3XXy7zpewOUO4GfF4cVmaVMugBU6ZqLVr3Ki5VY6b/5O7o4hsF4B76Etrarar5te75BFrkF3Gew i4Wfx2FfxwbleI4ga66O55GYaGxjl7/7S7r6O7zCq7iG28EK6LiPm58lrL4uJoEIvIlexoWjZ3r1 irXtSnjUJqZ3SHpKF8X428ODy8FavIyS6HsgDMR/KcJrNsQ2ILcoZ3yMqHF1FofxJ3SWxrckQGyT SqmOapfl58AHMKVt6HZfaGviW3Nie5rBe8M6/HsJ6XQNOMCDScZlTK5Xh5iKJqIFaXaLKsHRt2fg h7kawJbBNgEO/uyeUxmCyfhycVfKsdYBpAqAOVt/rgZmUbzBmDe8bLu2X7ybYhx8jDy5JzykAXdi OhhnuMeN3Sifyxtk04a7fxgA8fZ1L1iNRpi0MqhzCfDJd9l1KhoAIZp8gvzKHFzIhjyFyduRipxl uUwDz3vESIyIp6eiI3l+fve0UJtqstmlpTqLrpmYHOCTVBqiJsiJoqdoWKiNw2p03xvLwDvLTlfL h3bLylbOM7C+AnpyHRB3bKmsJuYArolp8Fxo09Zh/iqm+rwBCWB939mmDsCiL2mZCMp1L1hvBIiG clZz3LzBuia+SIa8xRxy4xxyDi0DBxzRQMbMQ/pjbCmBIbty/vCqaXO2gjOXae93smpMlm9XbJHM ARVJiKLadYQ4mQV9uuaL0KvL0PHa0zCwvrzsZChJiCoopoO4dacKxy/Wd64meoOIYiP9gvfHiN/G ARhddLjKhi0LjydLZ33Jzd2sv1KG0/m50yNM1mVdxEYL1DCGg37HsjVYr5w7qGtHoOD2vppXm/f2 jyj9hhp3Yrzosq5IioA7yAad0Gyr0CDnwwxNwo5dYIQNvYzXrltpguengq+pjFDnYi4demZnv1+n aW3KYSFog/BHrG+2qRNXbOCGxYX7vRbsY4qdyDnN07Wtb47crnr6fB2AeqUMdskHw5sofZimeS3I AAzQpPQn/qYV2Xmuln3neHAYeWuop3O3BgCtp4NX/MdfDdvhLNa03d1khrEonLl6Z4JG2J7mmH0t fZor12hiqAF2KMzeiH4b4Kwy+Ml1tpYhiH59qnFAN3o9iN0ZbNM3DcCMTb6Qi+AXRtiRDd56uoL+ eNlPWm+y2Kqw+nchfnZbh9E2i4iPSgY4Kd7/GAAPe9Mr7toSS+DEK9ZjLOMidsICKnAg2cYcHoel KnT22p+b9r/P58QxdrL/O4TmqHdC9oPxdmTUfcOJ7eLbrWwvjstWfuUAWrnX1mGtV42i6m0NUObo jXyhNmpMiLZ5m9kt2W5uKaan+XXhdt0H2b2ErLpgDYVU/j7WeU5uu4zPMaZxMveyM6aIolrnY11u EYqaLXuaZS5najdxcQaA4i24g8za+JbdcYrqeN7pggbZ0HuZaCcA1Zd+AYaDRo6aA0drjyaGcca7 aqd2jGZmLjdiE920fmxkcS7L5SvlC73pB97dZizZeweSDQCGRKiRItiLqJ5jtt2cYZpqDTe1yke7 S2fDuU7ni83rT+brnr7n6Ix8KAaPdxtz10ecXGbJWUfCDKfeCS5i0kePfGbrAZ7pFm/LBu7vv67g Zy3wy3fSebx3zfdqV6lj6mt/BNe7+A7n+q7dMa7xts1oNW6uv220ZGpgEcDr7r5gY/7Ywp1rxri9 F9zt/he/jPwOjeFe2xD9xP92fwD7bXeLzQKIiLmbYQ+/8TGwrcAm9CtPui2/6y8P85sG8JL9ZG+G g1JvenBHu1V/pyVL7Spf8d7+1eAu9jx/a8HZ8UEmdKh3AElotLNYqjoPgQ7H7F0/5+CM8cob9mL/ kDM/nCboep/mcdKdj3BsBPXmnFzPvQjt7bxH5Unv2ONu49lm1RAqnRJI3GVohYcP5XF+vIl/5x7c gHY/9njP51dngvCXcZWNtqhX9iMc+mXc+r9b9Aq96VXe+J+e23r6dcW2szbvduzYm3dK/M34zT+s +EFM+7V/zlk+ZFlZqlSNZ+pHju0u/JNL/MH72sb//u2gX/sJjvdzW23tWKoICui/WpWFbm+sb/1e zPIgIIgjWZrChqonO6ZpG28AXds3nus73/s/MCgcEovGIzKpzM0AG04HypmSphzRJlHQCDibzqjT 0RzE3Rhp01z21O43PC6Ho+Sq1z2fx/P3fjRgIMsaW6HhIWKi4iIjY9OTmNTViNWIRgADlEAHnsCE AqUgSmPNnOlpnB8qneigXusrLCEpba3tLW4u4mNUJBWlFUzDgdcUQJfXxMbEb6Ba7Wq0dB/1XfX1 nxrsdsus7jd4uPj4YVOXb3PJ1BNKlLIm+9Oks/ftdOrLvR13Wqxo57Z65AYSLGgQ3CMpUdJV4aDB /gEDDWomjBLzRAOYfwKh6ev4RhVIbNX4kXRx8CTKlCoLJYy0MMaAAgEKHBigAIYIMDRkhfOoLZ9P bSX/yFoRcCXSpEqX0jA3BR2LSRwGHJAZoIGDBJw4AYjQ6hnCoB1ViQy5QuhQbhuZsm3rllTLhQyr eEpBk0yBBXkdDJhwTGNPn9bEpu0T0CjPt4oXMzbUUtI8E+uYLTiApcOABjKJfV0LV6w+s2XLpuXn uTHq1KqbNoXSay4JMF5odmEmIGYBBuz+BRYMGi1Jw0VxJl5t/HhqXq4rRf3yhOYLLQEOcIkMCOw3 0HWkkRVttk5ptcjHk3frFJ31EpyuFEggwEEB/ppgOtgWlSGOk9/6p3m/hi2DAAAKGCCBAGJREkCC THJaeQ062FNrr8HmAjMbLNCAZg1kcg4K6YlgBQcEYLHBfW7ktx+KpnxF1IEiDPhigQQSF14gVDD4 II45whWhhDH4lYVMDQygwRVucFCfZCBOcV+JJs7hBJQ3lpIilWoQ4MaVWW6gJZdAeXdCgl/pOCaZ 9uz0lFwteJHZdBjlZFsUfyWppBdMwhEllDvMsCeefD5SZX8oEDAooYVmaSiiiWapgogiNCrAoydE 6miikD56ZZmZappIXCDGoMBMDGzSoRqumXECnUtuV6UpffZ5z6qraLmllYfSauugW+J6q6KF/mbw K7DBCptBr4hKuSmyyTIRIWQ+MkDRqBLJ80wLv9KJRZOs+lQit2p06y2JL9yHgp238oqroboSqi6h xDLpLgHwuhuunfUGSGy8+cKrL6bK+vuvD52+JMMynGijwQADMHCAe1GlOuJPT/rZ0YnainUlrS+I KCIeHA9WqKWQijzpCB6TUGy6AKu8sg3KQRXVBJ9ooIDCGMYXAM4HzIiMtZ4GCFQ9xy4bhMX10nu0 gMLem3SAuQoa8sYhgylppYRaKjTLWTd4nlxSpeOQVfFhOMwBDAywgAM7I6Pkh+QayR14EKOSH8aw qr22o/vQE6uXfaex8096hKlOPDZqfXiy/o+liTcJoCaQMIhmbDDMwMBcy4HRnAyGD39A5Vr3G1eC eQrHopesQsWs9EOcG/40dPmEbXfjxbTYIX67jgL/wtwIoGqewlMqDCO7Oj4Li8Gwyf9KovLDMk+r 0cnjAyOASIf7BpONal9H6ibAkGDrxD2VauxqRsE47unnfuZyuzOkwRbn0FfHFLmdX7wV52+AwQAS XHCBBDBwAQhMIAIGjAAGDmjABBJwAhiI2QMnkIGYSVCCzQMW8y4oPQ06Tw5WK13EWjchJakubmh4 jYRKdRasqa+FTOkUc3gngkuAwgukqk4D1oM/SdwrARSwgAV+CMQhDrEBRDwiEH+oxCAy/pECTqRA BaIoxSlSsQIXsCIWr/i/LP6vixcQIAbCKMYx/gp5ZswA8jioxjQCK41sVCMchWUiF9JxNYqLIUNA NYBlLGMyG1DAFmS4NiVl4AI/PAAQEelECyiyiU985BIjyUQkUrKSlDRiERmpyUZCspMUcMAnPSlK JzqgAqVkwBS96EUwjpGMZ3zlGoP1hjrSsjG685p1JlCZTXyBl1A4QBnkUbyu/eoCljwmMpOZRGUy s5nOfKYRMYlEISpxkaN8YgWcmE0oQpGKF6hYLcNpnqb0YnGCFIAWbgKtJ0wgAQEYgBR2KAVgXQCR z6xkBZBoTAvkU4jJlOQS/znJfPIT/ogEJegk71lJIyKSocu0gDSTGU2IUjSaE63AncSpUaVwzWcs AENVGOAELyhgAZj4Qnp8BoViPlShlNwnPl0q0yMilKDG7OdMc+rSCwgooxv96UHuGDsqnG0mB3CA ZgLggPVA63VS6UAx7clMmwJxn1ZFJkIp6c+cXrWqNGVmRHVqyQXcswEU4Cm4nIQnoLIVITziYQvM MBVgXigBV6BPJJJECagWcpJbRWJWmwlTmGp1iIG15GEPawHCLpaIihVrM8l6zHyGdYgX+FlG+dTW zebCKe3zUBhOtYlfnG8MqJpHFO5Tz4QalKvKfKxYGQvZ2Y4VrBDlKQbX4CfO8hYa/m89JzAgsQku bAIMCBtAwyTTqJX21bKUPGxXu3pPqr6WmbKVLW2dKdkhbheJE12kZbP1iLX2tryLECpoczI/2tHn KQh7nIdC9CHMFbKRyMRuMvFb3fseEb/6TWZ3swvEAA/YAmQ1ZBKvCNEfXuB5c9yteSNcjrdWbnRq MBgUINHOiESlUWJgqTP/69XGOhewldQvbIkoYgFrl5KSJfD/fijAITK4DiVqGXklrGMkuGxxqNrK kZyzjHYQWa/zBdBq/5rfEa94yYJ9ZpMVSuBnvpiIZFXkGPt5SLQ2qRR52jGYeXwm9NSICmyLwRSW y1cEt7a/I+bvk0n85q8qNMo6/p3yMfFMxEcKUMkNXt6dNBvmQQ8Bva1gG3A/pGaWKtm1k7WuPlVM Z2PaObt6DnErxajlxVYv0DkmNKh5cEsaoWrR9Y2pm0ksXRafmNWuvmcXBRhrghrxApi7HlgEHepd 68CzLyM1MMKAOQEguNElhrJMr/vqZe8UiGYFZkEx2QAue1rXvL42a0ZKZmADw9SETbGTRbzqYw6W 3MxG5qV1+kRMkrUCuZ2ltbF9bUNzmxLLpW+SJ13i6DYT3JF+qbnPfW4KYCABBwijMRcgWZ7yzVXy lveo663oD63Z2JIWOLIxXkk8pzvdBrYABoKIASsKsd3vzvWnHw7qHie6NO6D/iqxWatT7FaasZXW +LlDbsUFJPzjti7XM+Kt8lB3NIbBXoYDoAWGL6SNlwDIiAkGhQwsfDvV+2bynFvdbDnjnMVV/jhZ w36BmImcu5zO7JdtN/RB09t9KBhAANxDHwC0swB7HO3dBpWBSmzAmH+9OVa33vXBF9jKQfzfAWLc AMm6u1yuUvvawxzxefziEnZ/OgeOMQz2tkBEe7cRTI393/9uNcqEPT3hLV34AHe3AIxc/McHzPBZ khfykdexr9PUDBvFhAELEKkGJoCZBrwgvR36Rd/9meJy09ml4AZ86mUa9gK73gEPHLHCF4vZoKfd 9rePMAx3F2wBwI8qAVBA/n4SQPwo3E1kn6d6wLW+50hn1d/Rx/nXX0ryg8ee09lizcR8H9sxizl5 zdsVwARoQANgAhTsknNAXQkMCuaAXktxndUZVmHN1Ljd3525WIFNH1lhQANEUQHAFFlRwLc8nvcJ YG9N3tHFBCgAyYW0BwooQ97FSzD0HY1p3c0Fls2hGgfm1KV5nM8xUQWEHHfhFu0J2gqyIGexnJlR 3iRcAkYYl8JwAUV4AQSezCChAJsVVIgBIaQFofT1X2R9INhZ1gN9Uchln/atSu01oRO2VdHBBhUA kkS8QzN0QFeoSYAwB81l3bGZmGMBHJyRYZ5RGRLp2TA4EBr13wK4G64B/mCUsNAc1hG9nZbw2WAK iAGQ8WGHYY7k7FNAxd+jyZ8gIiK6GR4Rml0i6gVEOVT28Rygcd/EWOIlulDEsYC04MUCNMyRrANo XcHnFcmKbWDzieEFquIiQqIQumL/5dMBPBGbHVj13Fgc5iL4sc+vSUYK+N5VBMkeKUNe6dX4iIDf MRHzZdzzMSOAHdF2gWAimqEzVlUYcQAGdIAYfWAFbB+EnYg2mlf4pZcXVMUBgMLwNQCRdOLdECPf BaIzWZyTuaPhVWTh3ROBxeMVEVwUMcD/9B9aLeGrBGR5ZeIJxIQDUEFGDE+LlJooLl06Lt8gFuJE UiQ83mSV5aSUrd4R/mHAAWQfEi4eLW6fCuIiSd7OLp5kAHDBfKTAAaxfhVUBDgYDYf3dftHkQ9mf O7biGV6k2UmW62HAD13IF/KTeFFiUxjlUR4OFA4jBwDTBkgEJShADmVeL5ljPBGbEGllv5niVrYY PZ5hd23XFWXTF6XhZdViHKrlWmZNHUaGp3AAAxTAFEiEXD5lMtBdVPwhBV6cstkkbQ3mV8YeVzaj B3LXAhDcFylY7IXkg41kY9IhAcpQZPaeNrBfZdAOmhHAS6KjzF1cXyYjaJpmYCrTlInmaQ6YEZXc gNHi/+3WHMUmUCXl1CHDhdzEVlQFFxCJMmxmMXrhMkmkIY7ncMqj/hmWpkvppCuOYAVIFeP9ynag ZX5IJ1vlHnCBiAIWANnEh6iMwl0WDzLoj35B3zIOZz1a5MYVZ3L+U5Z1V2Jez2LS53T+1gg5BPkl gEnlBnFxQQTcD4B+Z/K11mcWqIHyZMeZpnoyUzyiqGVR1hEi5lmqoIT+VNsVzxN04tpgxAxcgZyo A29mwKkQ6CEG4fR5ZZEqKIK+WgjG4mLV3/LcGHTK4Yymz+RBpqloAANk6QC0w/zshnKBaDqW3lSV KIK24nGOZpJ6pZoikU9S1D695/9l45SKU1vO1+tswGTORJBUyKjE1xWcow5iYE2SKZLOY5KynooG JuttERuanWva/uKUMOacIstjvo4LTGYDIGRVNMDTac4wcqYx/qZC8aXGrWihHmn+oadOjZE+AR0l 7omkTqqmmCRzbEBMWAYJwE8CLMPTealU9mbMtZkFCiqJEmqa3p9kmRU1fVytdRqkwmqsymqZJGWt TqYyxIzB+F4NgiKqgCp4iuewGmttKegQQuOx5h+5NhaGLJY/jeCTopxuRau0jol9fs3uPCUfycME ZAZD+mmAhiqxCinGqeo70iPBFqy5DpFYLicSLhx+MKGUzivLDKSlisBPBpk7dAADrF/mbaGdFqMX 7BOpimtFHmy5ZhcbthJCTdu7vep8Sqwuzqa9LkhMbGnM3CiG/gRoj/4qkGZEVZZnGnblggpcaa5m FBERJj0qdAIkzLYQtTbDBOinwTxBzZIfANhQqYGpqAorySIsq51ogloWBWyXtJllnEJs0zotOX1W xXZiXjBAAqjfdPCSbJzWv4Insf6lydokuh6RENVaf6XVP0Zn2iLlmHXNfDmBL3XiT85EA+wq+TUl quzdIBXSD40skSpi9HmcaFqRAijAA4xcRSnhawZg4eJOJorBOyxDfbwGOe6JDpkAAhjIPEFk1xJq aWYaESUexkDpq8jr6ZLH5DGkbHyBp3aBreoGJDQk7S5JWZLpwd4uuwLTR45uLY5XvAav4R4DmvAO +ynAUcnV/iaQ41s2wF2pSfPCXLFJL/saZxFdSBta1sN2H/Bq73FQLPKOlAPohagIUy9hyLSAFgJQ 3LAxFua2b+aSZuEZ5v8goWG1rIzar9a03TLcBPkdwFUkgFza4FOewX+WAOVyyKltLgInqnmuqRqK EWGxbLVVYv1KsGpE3I06AZFc8IUMwEJsQAdrDvrOF+aQYgmDpp6daYtaE029K/ZOCQw75tq+zNJF Qi/90ts6ZQMgL2JQQvoi2VYdcBB3pU7KY/TOH0XFb1WdJcS+8BLb0uF6lOWoJNjIxzDIA9bKLgEj Gdd28Wz1rcZRbwYgbYNNYgSnMcCYpA9nmGllgWbo5zqM/soJhLAmjDAed+AQo3BoLhhPIZyKXW9R CrLKUGdwLQ7CbN6F9fDa9BW4RjI06vH9WREGKIBYZpW7ol32cvK/1KtbZljkAs/8rEd8ZXGIojIr KvCymWqdhREFNMDCOltVOdjgRiwt4wj+zokKQQIXXJgmsMAAnwO+VWAXh7GRjittEZzoZupfsbBI mu4zJ47MGt9I1aANeoIAOAEPm4Ajp9ZqdTP+vZoVraZY/hVGOV6UonE6s4Unx4adQoENxskHV0Hz /jAwH2sHatwFKAAaie7CxSjaDjSlNrGPgckksJ8WltYcM/R8QVXfSdVDF2qJLucROvBt3YtaxatA azRH/q1xyzkMgEpGzyxJc6U0RJOszeEHTU/sOkuci3xeahVSZQWxN7tvwmquSvtxjA51J1NY+aRF z3QBiPl0Uz912J6brcEhVVc197KtUYsIiESVT/8lbf0x7Y11LVOo8aUFWs8TBwjsWg9zTkXTZfkU XCsLIQPbvTnvUue1KqZb2R7RtAHNX8e1tvWIURfyVqd0V1tkqt5kwkrTRCU2RSnzMTNSX791Y2+0 PJt1ZEtCGW2tYTs1NCl2JhV2S1nTIwWRE7k14Y72rNr0VQ8FyG4zIa62JU2UMid22Sb2NMp2NV2T cj/SAUjAbeP2pgQ2qe30mvkl9PLkcHe2cSfSDkqV/j8pUiTNdnLTdnIvNySRtxM5tzNDt4MUNI3s NL7ZExdn1yEx0iEp0XHbN4asWxIF1LqKEihtk3KDknkXuIFfU3M/N3tPKzd2NLDR1/hMdkHNNzIt a3h20jZFUTdlkxRRU4wFEU5xEjZpuIAfuImfeCcROCQdVYKv94ILr1wbNYQD4rpO0xOht4lXEYmj UirtsxYxKhdhUXuS3DF3UygpKzeV+BOBEpN/koozNwVMo5Qv95RH+TU1OZSLUovP9IsnhXS/d28T W9gpHJlrN3lH0SplGhitpir9OJAXpo7H+TaZlYZr0yMhuQPkuSnleSmVEjfxOSmFEoJb+ZQft5ZD /tKTIzqAb3mXR7dVzzVvI/XSqR9t3xQAXcADZNMBkNwJZhPZaFMFPIAEQAAEYACpNxDN0AxyxS2r s3oFtDqsJ0CWZmncMgAUSYApTWMFMECeFzkpMXmvqziWAzqfN7kDHPc0YvmKZ7knGfqBN/fLNjqD l3Y3Pvi1BEgCINwFsKeKT2OmkzmdC6XCYQgwPcADHJAESAACORC7H9Dn0swFIFfCwPqrx/qxO8AD +NBRRRFEIFWv8zqvF7vAC3woETiLf9JRhdJxG/woOXuiC7p5M7q0T7v8sLHE/cKVSMDYLB6GkPm4 U4D/XEjH0/kxb3xlVAAEbIAEAFPZKIABmc0F/hhQASUQtiZQAkmAqg8Aprv6sYf6nlNAlkKElfd6 htu6wCd7wj/Rwge60he8kxs7xHuSsjv9wzvRNKo3l088Snz5g2MBATwAx1/IU4r8flOAuQvlMIwN Kv1k2j/lAZw9MCWAuj8AXyjDr+Q8cn1uBLj8AyEPfWUABDzAwqCSvkMEwN97ns/6rgc8kx9VsSN8 oBt7sDu5oEs+5UP9k0/9Iym7xGv9+jw2XEkcceTKA5A9xz/l2IA6MI1Nau53FLk92Uj5sSeAqNN9 AkBABiBAAUUA4ENABKx64mvpuY96BuA6RIi6rPP64kPEq/N4sAc9wDM+rz99r0M8sSM8gVt+/rBL /uRn0+Nn/hNhvefTa4PftGAPSkltfMdfiNg7gASA/YWU/OoPA4GbVezTf7pDwABkhQTMru//Pggw jEM6h5OkT2qezvpIFaOm16AoV77rw5UQiRyiGYNSSiqXTKSJcqBIp9Sq1VE9SDZcgPcLDovH5LL5 jE6r1+y2+w2Py+d08Ma74XQ6nD5HABgoOEhYSEhAAJhIsKHQ0LDQcNDghDVJ8fBQUBAptRA5GSUV dSmaECPzMPCQtHAwkJKg0SGwgaAAoZBJIxEh8RCRm1nhUFFhI5GLMdGxjBExoYGhkTPwk3CMbbw9 NFJSyRReQiy+RIxEsdVVx97u/g4fLz9P/k92B5DHx9dn2O//LwDRhgQHTjyo8AACAkQQWGHSFIBT A0uUoDyiUIECpRYIJUzIlUAjA2sJGgzYMEEWlzwDUDB4oCvTqVOZEiI4wCAZq4JQnCTI8WyCM6FC M2B45gvWtqVCSIzwRiSqkG4MyBG7etVcJQoKVtb7Cjas2LFkw97Lp48fwLWGEA1KxIwDAQkJFgpE QFACg00BAkTCotFAxRMZo0x8UVMCXWAIIEBgMIEA3ggbJNuKwACniRVPY9F8WfNlLxy/jCGBihCV 4tVHMxCNsEyBYh8XDh7UZizIjN1VjVX9bYzICKzBiam7Vza58uXMm9c7q2/fH7bUBSEi/jC9VuU+ BILcyhH5wYEVBSJu4lSiYEEDpIpFQRxE5q8HL3WNjowgAoL9LR87eEzDKiM48dspuRkTA0z0ETED CRpJwtNpThVTVQI3XNCLYxpCgIFjvigQQYi+KFZTiSVaqIJt3GTglXMuvghjjDLeI4Ae0mVXXY6A +MGBBtYMoIEIBOzDiAIH/ORIeeb9dYR6pKBzgDEyvPAfBNic8kssIu4HQXcN6NJAQo4hwEB+DHAg HhTvFZMAg6mpiNA5gGElBYSPTAKhej1N8d5utmWyWqAQJAPBh4EqNqgEAyDQooyOPgpppO2cpUel aulIXSI1+iEAMx10l0Ae2gGgAAqh/m7AwALlceJKek6eUFAxdL2ASWovBZGCLqeAqNAvczHgC0yP NfYAAAhIleBVqKWGILNL0bcUU+c88kkk1j5yZ0ET8SSKFBkpgVoSI1C2jqTmnotuunjgYaOlmGLK Yx5dwBIIFwQYaQ2jAGhQknmSJOGkA5TQsAJCGBExKCsJKJYCSVpy2aVCEs+1sAQ4nRKxlcScgARP JGCl4jAmqljMOKbhCYmqq7L6CSTYYluttTFT+8ipyKmLc846J0djH3tw+m6OPPbBRQcpbBAIAPdG OQAzAum1CSgksNKCCVPL5x4JB2ioy0L7fejfC8lIQIBCDDVGAGgzYVMVgyT8W/Kr/k4Q92yCBwWX BDpqvhxz3+fxtfJ5MVfQ6M6GH474pOz+DHTQ/wwNdNGwIF2L0hGYymJAG/R6ACc4PYX3v8laXAEp YcZQqNcK+UKAeFIRsZpjm3NJYoMN1lTBX8TcDUHpHatZSW/bjBznNoBR0XfygrsiyRRJMFJu4tJP T/0ZlKZ1qeP9cJAB5JUDwIECJyF9xwYSEJFABh1E1ggu/KbcMqwCX32QBBiB00BOjiHydZfi0XCk FLhABIBClOr2Q5/VPGAievnNAxBgsYMp4VXqoQQpKIhBCiQvZn+LBMz4tgAG4ONm1SuhCaV3Pexp 73GQ48cdwpcATXEBgqaawARC/nTDCFxnLg2IGqsilJMZsOIqhLFamRARgRR0CQEJcokJhtCCExAM UY6xSWMg6Jj5LKwxHxtOCyqhKknw7YMbpMQnLGCADXJCIi/DlnqOc8I4ynFn0GlX9lZICO61sDKV mcAAhkQLAUCgJceAABdqkQu78M8BkWBZqyowpfMdwX4NilXZJHMKJkoAi79oQWYAFopYxQdjydiP ZA7Yq0AdRCPvWWCUmmU8Bx0PT56QmQEKkMZqsep+S4kbHOcIzGBGqmeMuyMeB9FCPkTDGgrogAJs uJBS0WACXmka9BCRkmOtsQAbyQkBS0CQEoxrk/QRoAgOgBed/MsbI/jEgoIQ/kVtxYoEKaBBxRRI ol8gSlCN2ZA/N6lKDS5AI2qslhQc5ISDGnIl0ROmQx9alutZCkfHzKMfsNeBCIgPAX+4BwRqKK9G 8CERHQBABP7IxJJcAjEyeUHCTFWxBPgiGBCU5FxicBNXybMYmXAMAybySW3x7QAt82C2YuUCcOGq YHEKjYEY2QDBCGYBuVSVVS2CLfak7AHQYyg+IArWsNIjhe6qqCFayIEX5iCt9iLA5VJAmR0p4JoC AIAfIcjEqmzkGDXhaQxeIKVNmpJEVvMkE2eWhAakpiGpcsAEbsEv4Wgtim2UWRvvZFSXgfBarvDg JKr6CUdaVWV/q0BXvUpC/rGqdrVv6JkdKWrWHUGOfJUZALk0R4AJoI8y+ODAHw9Zi5N2gAZVkcC/ 4jTZJGRiPxlQTDAScj6tweqBVPuXmnCCkPllhqh2ksRLoAirSXiwBXdyo3lpJkaUQUKDUrCALUMr 2r5R6wG0ZWhqWYvf/JqBrI2LrSBmq53uxFUuStNtECIwwg78cX1xuasCsLRAJECydJMQW3YfIrHG bFKIbHviftoECVmCk6g/dUB55KsFGfTwbaPdlnqkW4IebuJloRRjZ9kjmKgqzwBY6PHH0LFQ7RRO v0Qush0WN1H/FsJ79pIpIzpgLwAx4Jnre/B+9tA9jZYNF/SpSBA75oBU/pATFb64Ytp2MSgjMKA7 RG0VYEtWMxKgJwjoJIiBengCMqInqVAQGGmxpaSI9IUvd7LIVHPJqr2iQ05hFrJ9jQxpI5N1H0q2 6EVX0h32/UFpjwlC02z4YGqyiAsTmKsEZMOK5iFXI4ihXwYaMgDFcFEnigHNA/FS4aw06BFDePFP qxXm87mCqFEL7UBd8CCBlVfGffEsZrn7oDNu8BNpFMxBoUC2Wji6oZHudljrWMxK/3e24DNaZASg AWjkQggK4AA+/IidT5FahyPKhKozoSbjbEZMGXh1T0PSU2IlZi4vOMI4WEw1TzKSm82LwbdcMQKP mQBCSMCzCTaBslc4/mm9A6WAVKmtS6qSdo2jlYC26+vtlK+WmDcSd0ASMVtbcMABGt3HQjo9EgAI oAMI+K1ruAANuUjmIOs8hTwVkplmalQ2wcgAAYxzBDFlsZTDeLMlKvySFy/cc94YBiRL2ZCMXISn b5vxtQrQufM0IAGdteAj3BtymcUMtISz75BVjndgSlQ6LteUbHuUw8sxQhFIJO5JlGY0BJSUCxzQ zwQy1KaVsuITfvncAeYamQkIyzFYOgJoCBWMRI0Ad+kxQjyH7bGObKifiUIF6Y39t79B4kid9ThR q71B0KpMZQ7Ax7bvm/fgl3DSxoyt3/1gQ7kMdyFEuwOAUsCdxiMA/nzQUABxpTjxKNzq4gWICk6o 4cdBBau4MJhPAUtJjN6VaEre11b8DAKosA+vIwo0BvxUxV2G9/ARERloqxpgAS5DVaIVX2tkWish ZF8lfAtoQq4Vbn03bnvAUaUCPS9HMS0xPhuwdNbnAkcCfkwkMFBgTxqgAZJAgk6hRLklGz4VJT2V KCQCKAhwDFxyEH71FK7SKjaRMBsjPzylEU6gHtUyET4SINtFEETFSFEwVTrmSGmES7jEQQVQd46m gAxohdPDX8VXUW7hd51iQ37kAAuxB/zTQESgUW2CAnBTEBMgfeZTNfCkEJJAAPzyPgvwAlzyYQ7Q Oq6HTz0lAoRS/jtUcyv1hCQKATGCSE9TVFghmBkQEnHbYgLxUQFmZDpV5YRzR3JQqCp1Z3dX6Iko hGR8J25dGAh8wFEtIRlfZQtWQmcFkRkjASR9ECR7EAwEZ0G38kAhJlQzhnaL8mFaoGEKpBq7IDYu +FI5gSgasB+opBfddQwdIR6q1mdRRAQ4AAvkhVkGQFCQgGi5J3KjVQGMUl/c9onliC7EB1tmxYXW sXM9xwC24CNoaE+fBCSyQE01IgBGwge90BiZcVAv8R9p50EzI0WwMAJThyh8WBrIuAJj4h9btIyn xD8I4Ec/RTPo403wI0VC4GmrkAkkKBulwUoeF1XUMoC4VJIg/od7C3CAnQh85giTjgJuojiKASEI UIYIbVIq5HUxnvYH2VQohzQAB4BEhtQ7jphqBKEyMjYRa5d2d1IlqpQsWVQVTNQRDIkCgmVKQ7IQ N1QoWfRgOJAgg1JYFIAlCECCwaKQCqRBhgE/lzhjj6BVNJNG9DWOVRiTeTkjeLASr5WOFSWKjKBR Q2knUQELvyACofIHkKEHSNMjRCkZZRN5UZBdJlESkmBVJhYADRAR2/JTOAGDBQQDrMAAg4IN5ucU hDIosoED4sNMY9Jv/baMEck/kXlKilcoD6YaDfFRrkBQ7qV7kZBGOraSC1Asj/aSeqmcynEW5VMp NKlkZYU0/kdYYdagAY3pC92AEgKQADyHALWQUQ7gIybwCdQIGt1BBBPAmROBfzImAhGAZyewMKMp E5HXGwkBKOSQGDMBIjnQn7LhGVgSkoFiSrOJAOojmwkTdkfQCR/HjaxiifHFkqdFjstpoTzDl731 M5QmbjyiCI3gAECCE4ynHTDBAqECPsAyQwPhZ7JHHwVRg4JDe5WXANbQonZYHhqZCQXHGSWmDQ2R DF23AlcCDMmQARFwpAxDDkKwG7oxFez0eYOyXfAzewQFcnH3lt/4Cab1BeVzoV8KD3Ynpl41Qo75 Wi4HnSiBNEfCVrXQOnrRJoqZEh7hDYJjJ57VRQswaH7x/jICZC0+ZB4zNh4zQYwtWBW1oRgl4HVT gRADQAy9AUVO8aRMGqnbJVQxEwq+KZfVAlo6Zmx9QzhgKqryMKalypeMV0x/eUwe+nIr0QGvsBB5 kJNDigK+1YiZKREoQF52CAUIkSrmEREosAItIWPn0aIyFgk/9SeNKDy2wX46AU+gEEo99hTCEy2p kQLccDweNAXb0JYex6mf2jKa6DdcOqrnOimlqq59iT2qWlEUtRAAYDTNtC7d0aOTEHugMGM5IYBo FyszwBfN1mbnEQAHoAGds38CE6xJ2BKjF3GA9RKpUQL15yCdc2wstX52MzI1oQ1tQwVYgCDs9SAR yql0/nmlxkkA6KqydLCu61ojG6qFlZYIX4UZi1IZp5SYIsCUxeoKM5YMUTRsU8N2e9pIARsR+PoI 3aenm/lrFRQr+XMKgFWDu1N/O0oJgPIndqNPwygyt+Gtz4YRwaGp4cpBxxYKe1MQFaCKa7uybYsG Lauum/KALhcIfpBbbvVAGmh9NEMD6ENU8yRnnBAfTOlJIqCn3IQnqjJogcZwnSNoRytG1MJNdhix wwAaCAGkByEKBWFVfWK5uxEtHMsNDCpf2kgCA+UAH1e2rpAaoTkM+uK2sbsGcMtQ9eKYqUq3gbBD duVWA9BOmTgeiTUJI9B9AglhafdixKCnTRk1abcy/n6xCZqpJIybtBOxr9kgWPNRRZq5p4MWP+Ug FdXaY8TmSIYhslmqe9daPAmwUHcnu+/rBdVBOdr2skmWuzaJHcHQCMT2pxgHQKFQvZCgdgQDAX+b BJUkRS5zPquyuLEnezPGSr+bP6gzdVgrMB3Uv6MlobDnSPcnrrPXccIpM47UuhrbU4DgvvAru2i1 FmihQnTrd9dRKlYle0eCF+e0KjIGK+t0JISZJxQCY5fJvnsBrJMrCQb5ig9mn/hasExXShpAF7EG T8LRFPF0WZELM1EohJl1EdaihCmTS7dULRQsMRuSAbarwmnsBWjFwpziM2eau4ggdEYScgWRAJEh /hnp0X+PIE5T/JlEVbBW0yYDyQl+0SpGO2MEMREGOQF7YcSWdwD6AUFMZyUmWqMvqCiZoAuwEKCT mphT/DqmIcr3o0GUAAlwd4ktUwzFIU4vYLvJqcbnysZsfCN70HKjuAgW6AiNZIdEk1t64X3bUh4H 0AhTRoIkURAY9wQEYXZrRGyQUMSd6S+b8FOBGjWcuQAL0yESk0R2QwMh0guzcSiBssmqABOykQOx sArZ2hthi1y+SbbJQ2OXRTgJGMvw+5z5vKHRYcs+A7Mxi0cxLHQRgCcH4EIcUE9JlWdIa2xrp2zM zE1PNAK8hgMEMdHitbh9EagZ3RdiJHvoQ8bC/gJB9ZSY5rx+p4YKWVRvsVAwiWkEoGs8RCUFK9mN LZPFJmmcVHjP72vLPe3TP+0pe+ApZYXLL+d0qDISCoBuRiJFnYNUszcAOUpaLpACfKxw4tS0kiAe rLJNDEywOZw/n2mE6PAb2ttPY5MiAcrShDqkVTGkQ2p+uHMOfAIKHjyA1EZGRoWyKbzT6MoMf70+ DPaFX8hgPc2Gc1uTQscIslijR1yjQzls1fwv1TIJfSELLSFPnyQcevoK3kAJHxWX0voTJMidHd0B B6seIDYReiNxUepPCLkh4yzb+rQYEQcl11Wl4QqXNl1Z1aK2fZ3Ggy3cGhANxU3cx21D0HAj/tyx Q83t3KS4FtGHTUgjMD08Sia2w704lAUQca7AAkcyrdindkmrKoGbca5XKO9TeUwZQOmhJlHUZ0Xg GfZkIltbn88IHODlPHriJMMWnCGXxdcCCcUC3Cps3CSI4AdOgsZ9Q8/0WtiRy4vw3HIMLxBuLI38 2EVInouMsEGAZ/mDr5uAlkFgh7Fy0ZKg0YdrVS8T0SSCA7MwtPkKCef0ReAwIeFwgzcOvugwWZsr T+sFxtRGcjbNxS0jQgUOv8it5AjO5EweAeDXPRzAUdGnqn8A0P8A4QIQAVDGLwFSqMP2L3xcowWL 0MtjdklFT0T4CgnAcA0tdxezAtqif1/N/t1HWFgcAw6PGg7kEBXgi1BPwi39HQXxjGIglDKnguSy 2+SLzuQKgOA5oFFDLeVycSlycQg2+S6WLhmUwYowMSs/5a/fF9XqwXAOLAksUFiNeHlI81Ol6QD+ QjPxw2zWXOoYFwR9thF9JmHDEakf4+uPChXhwOMHpTXA4zIHMFXhusFC2EN2ydeJbqFN7p/TTu3U blsTNemz7D2YAuFFom4fEgEHkRmR/X1vE9ZtRp526BJJFXF9MQCAYMcTYLE4ga/xw7gBG3uD5mKv IkvK4ufmUDJ50+Px9OOdwI1CztVLuXuA9o6PBu3nSg3W7p/WKD4Vb4221QHqY7fYwcbd/uPxV94P 2KHliyIZpJEMaCguNYonly0g4rXF4BIKs3DaHJASwMIvSploFww4whEKCjvAVfMNB5cVAM/nez5B o9ATrwLkc6fB8NUy/bcqvUemDz+qjl4NzPQjrvkjF2+dlTLl2n5RfdA9OiLhuQUMXaIosYaYWvMI P5J2DBBZz6t2JR6J84NusNjlRtLmLca55nEAnmINzFDNnZkDQ9ATQt/n5VD0spQFYNaB0YaZg66l yiMRJeFB0Tv1VA+m7VMNWq/1XL/1QCIdHPX1kBPlYg/ybfEHiGANlAFBwdJJ2WedPbSZRnMA+o4+ 6PGwBDEAHEDEBTABO+dMoVBsn8Bd/idwYkfimg1zsMWWJymzEVRsekow9Acc8Eev9ALsOcYPWoh2 zam56QQwAGtXoZq/nJwf+ukf+jWaKyXFB/gIZba8nRvw/jtXCxTVX9vDP+FO8ho1IlMCAk1xKIM2 BEuzOoyTDMfhtCMz04d2BCk330ymxGFRGBULqyPrMXgqGLFjwXjsUVWHhqwr41IaFMqB7OU2HKsF O+3YVh3WamMRZi8MRna1iiAoaEw8aDwoIDhMbCwyAjg+QkZKTlJWWl5iZmpucnZ6foKGio5KlgyY PqU+wbAOsCYoTAh0dHBwEGQIcGx0CMz2cujW6voW2wYXJycTMNsiDDxMMEtQUz/c/swoBGpIaXRo aCQkTETIfDuM0OS8FAS0i3BJyXXhbW0ZuW9xJUBIDLxpENFuoLseWPpUwUcF4ZEF7gYymTOQAQIE W+Q8VKGiDp48ffD0UwBhQIMEFSG0YLSBFMuWLl/CjClz5kxtqm62EqdTp4JetGhlsFWLFgBaxITt UqYLmVKlzBBEYAALAqBADx5ISKDu1IBvNgcILeGgK4cdOHIwYGDwyIGF7hq42yODrcA1K9IyYIGl 4MF2WPhQWaNEhkIlb2hIeEB1QoIVXAhr5GjXQp6OeBpKQHCCR5oZBwaspCl6NOnSpk/T3ADlpqvW O18zUBCsFoIJGTIsIgBAAAEB/gBsCVg0qylxp7c4dIgiVQGBCIaqXZOxqtcGAeC40UjAQMnAzmln JHgoYsvBA+LCFUGzUElHFukhPvSbzsWBvH3oH3igte3gUwz6vbHCDH6tRQdHCa3Bhh58dPQAMwPM YRADoaFWoYUXYpghTKqdgJNrO0kVIgxDzXLbBBLcZmIGtuGiGwEdEHBMccTFyAwgrBxCQGsKXIWN NglE0AECUZyiRhrbMfHEOuARNMIRCeyiAQEVPeNYghG1wcYMdazA11oHREDABgmMwOUIA3znkIAa 6MIfQQ1IwUNBDUmUQhsLWpYFnCcY9FAAE2oYqKCDEhqoKaik8hqI2kkhYwdB/sUwwIop2rYBchlM GaOMvlQ3oy/M+BZBBDwaQsAEp2R1VREMdEADNkXEx4UN2b1hXnaBMXBdLYpsEAECEECQQEBVfMFe lkjAA9ecBQrYkGM6aIBODyT8I1CBcV3Rp3gixKUCBQpa1hFETbrDQKHnopuuuqN8pQoMH4ojolRg EfNoBA5QUAEGF2SAwW0oZgDBbQgEtamnn346JVQRuPJABBuUcJV+cqSxgD33yMeFFW0B4Vl94Czl TXC6aKeDZuKo8U56gLHxRnfaxreWl4MR4aW2I1SgWF7XBoZxAWPk6RFgfcgs358qrZu00kujC7EJ iMKrHZrxznvMpBMcgAEF/hnkXAEDGHwdMC6Y1gIcpwfHyJsiEUAQBSwQw6Dfd361dZmfcxGoTn0M WEyLIBN40wsR+mglUETsKcGlEV+scW18A7Hh518xj5uCeVQNyUPiRSygQHVtBeAyR+EmZAVfhlVQ hAMqLcK066/DPhrEGpQA9YeuwCCV1MjxkkEHY1RAwQUXVHBBAxdYoO8F/mLgbwUSQLABbghwEBRu vGvqSzDNAaAAP2gyMOVVOqW18dAGLRCn5um3UN9c9bUAmm4b5JVgEoE5lrgVi180Az5FU+FxAQzg XprEFhd4xxt1G0zKNKYRPRigABFcUEMMSK0oeI51sdsgBzsICtrRrl2J/sId7nbSlV5MACppuYDw hoc8rQ0veBRoXvAGgIENVAQ3EcjFBHyyAWb80Ba66cA/JhCsBGQGAuNj1D34IwMpHIIb2ghHC6IF novxZwFS0g5c5OMQ8cAhfwhKg4BYtYOFmG5O61lWtgp0GYsVJA2NcaOA5ECHPbxRXAOkWQI6wIjg UMiDghwkIQFwHXBsgzUjzJ2wglGU2yjAXxdIQPC2gAEHYKAC+ipevoSXgQsAjHkV2KEfgROjWvAi PQNARAsqIrEEXEMrFmMDA7S3gQfUxwTfsIc6aAAWMonniz0oTJewpb8c8PKJSjABB9RwmSuMKwsE hGZf6kKga84sS+ES/tceCPQZALxIDQlgXSALac5zLg1wh5yiCN/VmtYA51G+E0DzaBg8GGqSa/jK JCefhwEJOK8CGfhVLU5JnQQYoQHRaAEDJEAA/bySCBoZQQ97uIKpBYJLnnGVVgjSJy9+hnbWYsIy SfKsx6gSTUtwyzXX2MZtrfSjxjRafPYwQQlK8I0sPVL9BsCpRqAzqEJF1wSKekgQivCduNMAcjrQ Q989yhcrmgAGTpUA4gWPeFgNXgUskIDkYbWeKcwNbzZwKm6gDE4mUaLE5HaPFIAGAftJS2scgxY1 yIxyBdEBbwgQDhW0YAkLaIEVSkKEaiXLMXWKJjb3sqyPOnM9A0Sf/kb29xHJ0jR9siHnUDvr2QwV tagRWCcIFbkKbxxDTCma1Gr7lZwL2NABXdUkJ7HqQk1iYAARuMUPhWGpVbjABQ71B0TT2h01BPYz +nhIL/H6uL/0cTuDpat2kPAC0CkhPqsAbsowmy35uGVmH1VBHN4whzTyhZukK51lHqNLQLaudZ+d L31pQouKhvaoh2RN4Mq2C6Ew4icP892k9qVJrUZgXy0cw/JgMQztFSU5Q0LZC1zJI0ahIzBq+EcA uFXAjWLkfw15wRskupHKGRaYhmtAazrgApV614AFaqPRiFWf/z0XPitNiDT3p6UX3AQcZPmpI+Rb 3yMjeRQ/WTJ+/kkrhA4xNZ4+MQZupCe91tKznhdgACcZzOAV3aI3AYYR25xTjhZAAAGJWWIM6mAD 9ym3Dug7DA24BRHCuLkAKaubCbhzhLHwLX+EzdUT7IMEOMSYmgeJWYe/8D/yPnZaddvICoBH2+dR A1GB6AlTfxoaIyc51KLOhPaa2kOnOtWo19l0CIcCnEUE4xhNlXX1au07W6TIhluObZh4kwzkAAAq v1IANRgKFUMYYpL/+PETT8HUAchnozuDpp61s5/xDLMAPRmMQMyDJvDZKjvJElaHurtHj17BIdRG Y3f4kxEuMLQFV8lZW6th721c59TFKOeo++3vShhjyT8JraqR/goOZCAn4cYQoqWqJ4BcQPw2Vqve bZrHGBT1pjfFQAAOfaVmYqtDMW3F3Z7jLamicgCYSKAADdStRhZjhy09EIE700IFHeQKHFwIB1N7 aBZEU/qZb1E0RHTKHcB+poSr4Qqq7G1vYAErAgT/iTL4/e+rX71TSxkKkwmuTl0JHDhCkZGsf122 pSBHFrqwFIw0/usX+YoASgwWeI59CieUzGJ1HuwOfd6Wx7jBzlioT126kDsp9JEIZGLLt02Qc0Gg WkdL2FbiWkqgh3isl8FNxQncyZraaQN6UCd4mk9N9R/+MThYX/3qU1/qYwj8vkb9elFpofCFJ7zW tC77rGlh/imNu30pCOgA5nQrgcOwbc0DgK047pLh+qyIFgpAA2DNvca3PA0OudoCNu7ShbQETkkH qIjOC8MEMYLxWfNSaiqSqg18HzW0qP5JU0G1bwr90eqs3z+SyakMWguc130dONieShDD7iEgp5RN 22Xc//0B8TFDsEAAffwHoohDm9XHn5VEBpBSBbiZG3RBiWkDRORKLXSRFMBFt5VEC8CAeRROQ5xK d61FPNwAnemOKojQ+8EfCOHX7PXXo8hTLpxNcABRp4CacOgf/ykhfZGT6wHgwOVX/P1NAYJKb+QC AvIOKtnILfhawE1J3MlVVsiAA0RAYsAS+CTAtwzW4nCB/tQRTIaV1zgoSefZgwiYwA6UxKv8nQyE A5rYQ5z4hUI8i3SY1gkcik28n37lW+yFne2NHXzlX+o1QnxVRxIu4SV6VhNqnY1oChR63aopgKgE CS1QT5gVzPZwovQwQ0HZXzHECJX8AQEkBgQYXtuQjwsEiBNx379kwXQNwARs2mf4gyt4m3VwA+J5 w+IpwWsQo/ukRXZIgRAEGeedQgkg0g6C3ZLxBgeUIjIYIRJqkCZ+40rIF1Bh4jmGGjkBEajAnuwJ oChqg6gUFfU8XFBsoZhwXI3YiC4E3ytyY6YQAD88hgNIQARUANV4xkp9gaOtBwvmhT2UgCLUAkks zgKW/sUNOEZrROM7uVOHmAKUncBRcRoByp9TxdqSCYeYfBo4clZ1AMBKUuL9RYI5omNNzpcmEuHI vN7ApRrBCYKoJKLUDQNZAQMyNMPZGYP2LJktwEIdlJg/UE28dZs+YJYWIJMDgAMDyMI3KEsBlCAi gc8ImdZN4Bs2HtL8JdyDnU0kclaRtaUmaJAkgJpN0qVQiWMlDiHaxZ4AAs5o6WAgCGVw8J7vsR0q 7QbaIZwrWAlByg2j4GLdfAEFeJcKaGXC+aA24MBGupPnKZJZ6ld+LaWrmc3I3OVbQoIlXgI51uVq HllpNiHutaMnkoNf/qUGCCV1BBx1NBzXOeIuuBhG/j5lCVkbF6HBXNRUG6QB010gCVHj513HHSri FNqef+Ve2SWDa04iarLmdnLnad4lbLYjX87mNdYO5A2lcBjM652NK7yKA9gEbOihA1lMvlTAKbyL TrgGWbYfIkWndMZeAl6nJj4COc5ldxrogcIlTv5adaadeNImFEyR1FWdcCDmT6GVGsjAu0Qjfgon 7qzZVXRmIDibIUrh35ylRfrXjFSiOL7kJGgngsJojLIOaWodeDaV7JkobbZL7QQJ7M1IB1zg3jBS olzgZkJo6FWjXwoZCBGgfxrFUs7aaHraJL5kEw5olbaoahZZjHJpl3rngH4n2i2cbDZZCLnLKfRQ /qcIhd+UQJEa6eetxqZBKA+qk/xVFGr5l+0txU8FqIBWwot6aaAKKk1SAiWqaWyaWmiJopImlaiY 6XbdJ2MokpA9zR0GgvxBHuCEVllwQA/5aKkxwi5gp1tiJ6AK6qmiKpiW5v/daE8qqqOGEOjZDg5O EVcoYp3WHiNS576RJiSWKtKkarAKq0u4JiAZ69YFIMHB6qb9pQ5CZ39O3X9SJ+yNZqlmaZVq6bBq 67aGgp+2peuVGpP15GiN1iGV6yF94jfQn6xlnI10ipgxBY2y6Kddqaly673ia4Iamf+9XquKZ64u ZSmua8K4q0qKiUqCq2v+6Wnma8M6LCkY4Iri/p6uzl/YhVm/BsOvaiyhXumWPuzHgqy+ruqCjl3J JiURiol1op46tqh3tqSfFmrIyuzM/mlcrmr+edqUvmSpQaKvGirSqGZp0uzQEi1pWKl3ymSNhimw Yqu1Fu3TQi3EltPGUq1pumxcRm3Waq3IVu3GFurRbm3Yiu1Mdm3Vfq3Vjm3abm2B2qvauu3bdquL wu3c0m3d2u3d4m3e6u3e8m3f+u3fAm7gCu7gEm7hGu7hIm7iKu7iMm7jOu7jQm7kSu7k6u1ctu3f wizldqnlQm7mau6oaQskwEyfOIJBzOTo9oDoom4ASALqVkLoPkLqqi7rqi4AyG4kyO7tvi7p/k6C 6eLu6P5u7NJu8P6u71LC6tZu6/Ku8PYu7a7u8JYu9DJv8equ7tqu9eau9H6uJrhu9Hav8RbZ8wpv 984uzCiv+UZv8QYv+Kbv9VoC+c7u+aJv+16v9lYv/Jbv/GIv+Vpv+4pv/BKv98Ku+wLw9Pbv9l4C +LIvATOv7m6AA9ev8r6v9Crw/Q7v7aYuBjsv+2bv7kIvB7Pu/qov/S4vCYtw854v/UZw8jIwC09v 857wCnvvC2fwBdswAnNC/+owBYcw9D6wD6twEAfw+L4wDd+wBgsw8R6wEItwDBMxA5cwFGtvCxex AX/wFHewBA8x9QbwDhuxFFcxDk8w9/Jw/gv/MMMu8BILMQEvcRa7LxK/8RWvMRUXcQ1vsf8esRzT cQLbrxurcRjTsRrbsRUf7wY38A3PsRjD8BS7MBy/5P/esQsTMgqDMRz7sSFTshaDMSBfsgknciHz LyJPMPJGMh5PshYjsSP/sSJTbxvrMQP/MPBm8iyfshJjsu1Osu+6cSmr8isnryVnsQUvcP3O7yYL cPaSsiT/cjAzMjPH7hezcg4PszAb7w/LlyAz8hrvMgsPchwb8SL0ADhPsTVnsixr8y0DswoXcx2X sTrD7gF7cSHncjPn8SErczRnQjwTM+xac2gM8x5z8i13cQ/bszv3czj7H0KjcihTsiN7/jNAw/MV v7Irn7MmW/QgU3T6prIv47NFM7EoezK2TnM2B7JDu3Mlg3QsB4A442Q4DzTrIHQ/q4RBiHMVL29E 07Lx3m9DY3Ef7y4Xf3TtbvQ9d/QMPzE3t3NJ0/IWV7BEC3U9BzHvHrA4O3X0wvRKs/RMx7RJ3/T+ 9rQmW/AI43QpU3FXV7VGQ3VR57M5LzNPpzBZ73MUx/UO8zBHrzD8MvRCs7VJy/BcZzQAe7X+fjVZ 03X+prFXw3VRr3MtM+8ZvzUgj+8Ayy8oj3BF+/Vk3zMyS7YxK/NmR7LpRjQILzU2j/Y/g3BSq3Vq q/Zqs3Zru/Zrw3Zsy/Zs03Zt2/Zt/uN2buv2bvN2b/v2bwN3cAv3cBN3cRv3cSN3civ3cjN3czv3 c0P3UJF0dFN3Dlf3dYvCdGP3dvcudyOwAYC3B2m3dy8ueBuAeJP355o3eqc35a53B413ex/ue3NQ fMt34dL3Btn3fUNCfjuCfwPAegP4gJt3eEcCgZ83JhR4glvCglPCezv4I0S4JkB4gTf4hPe3gWfC gjO4JGD4gRs4hn/4fvP3f2u4hJ+4iZ83gnv4hwd4ir94hz84h8s4inP4JAj4jce4hVN4eNN4jf94 igM4jv84kes4iK+4jtO46JZ4J/j3h5v3Bjw5j9v4lFv5JQQ5kAd5i2/5lm94lss4/pgj+ZcXeYaX uZkXuZfjcpNzQn6Dt5R3eJSreIbDuZmvhJsbQJ3buCUWuGpS+Y77uZW/+UtyODn++YXL+Z3Td59n 6Z8POZLneYtSOaMrupBTeqETOn2TeJPj+YubuY1nuKeDeoyH+ok/+p6POap/OpoHEqOPuoLL+arH OL/heY1zeTkt+qDLuopHepW3uoZveonjuZ7PebGbOLGTOpzHeZ6bOozv+oBWuK0r+7NP+2meeqrP JH1bXbUb+4zbesuSulzWeranOLcHO39zu48zeH6ne5K/eruLerhXwqNHu7c/u7y/OpY7O75DerN/ e77bu5HfO4uXLps7eYj3OsL3/nqx67rCU0iFh4bDI3rAg/m4Y/urnzm9W/qZ8zuXw/q3W/zAA7vB H7yJo/ixt7jJq7yun3y8IzxqxnqqV7y/4zrLG3vG2zzGL7ih+7u+L7y3W12t1/zPy/u5o3uOnzyA T7uGq7uML/26J/m/A/yor3fQXqvIaznUH7nGaz244/u1d7zHC/zUE/yak3yPM3uC1/mQR7mBrz2M t73aN/3H2zu30/3FG7vV/zrIK7y49/zEiz3XY73Ym/3Zf7nLp73+qTuKw3nQu/ux53zA2/nUfz3c W77Uo/mtq/jQLzvmH7q8I/jeE/6rG72wx/yOz/vpfz6v7z3mV3nmv/7kk/3l/qO9v2t95/89onf+ w9d6mNM+tpc+f/+5sv/78K8+6kN72RdZlpO7mnf784e9kTv/zD+7tot58nM89Jd98N+33Uf/8m/8 n1756IP/kVt79ne88iM68fs3+8d951+8+ys9+qf/7xe+4d+9qkv+5qe+7xN99IPAZozGBpxoKpJl ipIuALtzHMMrad5sK48vYKo2ZO1sOR/PsGyeAraodEqtWq/YrHbL7Xq/4HD0qLKSUWekekw1pdVv NHttrbmnd/L5HQfcq39zMXFkUGKHiImKi4yNjo+QkZJcRJOWXYaXmpucnZ5hPaGio6Slpqeoqaqr rK2ur7CxJJmftba3uJOy/ru8vb6/wMHCs7nFxsfIWnl+zMvOzdDP0tHU09bV2Nfa2dE63Nvg3+Lh 5E/J5+jp6uvsU5XtjrTw8/T19vdeffhg8vv+/2KgBBhIMEU/SAenGEoYY6EUhgAg2pBIheJEFBa3 9MvIiGPEeOYAikTn0CBGTR4/qqxCMWXFLy5XxmRZbOaiTDZH6gS5MqTMgk+ABqVFMGFBnEIFDjRX tOHSkEhxmpxKFOPTpi6wKl0IFOvHpxGPhiUqdCrTsD2hjm2YdajUk1+rJkU7ViDcn2TBKvWZc6df RG/vljwL923VtkF9qtS7+KLaxo/TQo482GzcwncXb7SKObPivYqhBg5t/rezaKeFRzOm/Dlx5r5/ Y3sZLbM14s2ee1bebTl3SdwHeUsObvKw6tB8qfbWzfz2csPKTVsWftYu7ebyDsvePilqWa5ew+st ijvy5OaIo282anst8rpLjVvV6hg7ebYntUsvL1w+fvNyfaXbePRNx92BkVwnnWD4SeQfgMsNZ15i xKG3IHIPVpjeg1EE6Ft7xb1mm4bnBWidYyRaiOCKiSg4oYrn1VciiClCxl+Dz71X3mQ11nZhegJ+ CGOQ2EUHJHUCnojjfyCy6GQYLs6IVHIwTlmkiP/9RuV1g131o4esfYmlfnyVhmGThF1JV3DQjYnl jJJF+OScWkTp3Xx4ixlUlp5mhjcdWHhSthppeEYVKJ/9XTWXU2biZVR8VaJJ2neQxrmVZ35Omhdt ZNLpaRawPRnqp3GONCqpCJ66oqp0snqMq6jKButfgMaq0ay54Grrrrz26uuvwAYr7LDEFmvsscgm q+yyzDbr7LPQRivttNRWa+212Gar7bbcduvtt+CGK+645Jb7ZAg=OwA= ------=_NextPart_000_000F_01C72C46.215DD980--