From hipsec-bounces@lists.ietf.org Tue Dec 04 11:03:02 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzaEf-0005gR-1C; Tue, 04 Dec 2007 11:03:01 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzaEd-0005bf-Li for hipsec@ietf.org; Tue, 04 Dec 2007 11:02:59 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IzaEc-00015c-Ax for hipsec@ietf.org; Tue, 04 Dec 2007 11:02:59 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id CE463229AC; Tue, 4 Dec 2007 17:01:13 +0100 (CET) X-AuditID: c1b4fb3e-aee9fbb00000459d-ab-475579c9d4ff Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id BD840229A9; Tue, 4 Dec 2007 17:01:13 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.174]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Dec 2007 17:01:13 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Dec 2007 17:01:13 +0100 Received: from [131.160.126.165] (rvi2-126-165.lmf.ericsson.se [131.160.126.165]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 4FD0C245F; Tue, 4 Dec 2007 18:01:12 +0200 (EET) Message-ID: <475579C7.10303@ericsson.com> Date: Tue, 04 Dec 2007 18:01:11 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 04 Dec 2007 16:01:13.0292 (UTC) FILETIME=[E4DBB8C0:01C8368E] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: -1.0 (-) X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c Cc: Subject: [Hipsec] Chair slides X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Folks, you can find the chair slides we will use in today's face-to-face meeting under the following link: http://www3.ietf.org/proceedings/07dec/slides/hip-0.ppt This is the link to our agenda: http://www3.ietf.org/proceedings/07dec/agenda/hip.html Cheers, Gonzalo HIP WG co-chair _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 04 19:10:42 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izhqb-0007pq-7U; Tue, 04 Dec 2007 19:10:41 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izhqa-0007nc-9O for hipsec@ietf.org; Tue, 04 Dec 2007 19:10:40 -0500 Received: from [203.167.203.10] (helo=enso.acheron.indranet.co.nz) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IzhqZ-0005Gp-HR for hipsec@ietf.org; Tue, 04 Dec 2007 19:10:40 -0500 Received: from localhost (IDENT:root@enso.acheron.indranet.co.nz [192.168.1.1]) by enso.acheron.indranet.co.nz (8.9.3-20030919/8.9.3) with ESMTP id NAA20681; Wed, 5 Dec 2007 13:10:34 +1300 Message-Id: <1B42813E-AC4E-47AF-9DC7-79ECF63627D6@indranet.co.nz> From: Andrew McGregor To: Gonzalo Camarillo In-Reply-To: <46CC1F15.6050109@ericsson.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Subject: Re: [Hipsec] API draft Date: Tue, 4 Dec 2007 16:10:33 -0800 References: <46CC1F15.6050109@ericsson.com> X-Mailer: Apple Mail (2.915) X-Spam-Score: 0.1 (/) X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org I have a question: is this draft coherent in the presence of RFC 5014? Should there be a few values defined to fit into the RFC 5014 framework? Andrew On 22/08/2007, at 4:33 AM, Gonzalo Camarillo wrote: > Folks, > > a few months ago, we had some discussions about the API draft. Miika > contacted the APPS area folks and got some feedback from them. With > that feedback, he has generated a new revision of the draft: > > http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-02.txt > > The discussions with the APPS area folks are documented at: > > http://www1.ietf.org/mail-archive/web/discuss/current/msg00496.html > > http://www1.ietf.org/mail-archive/web/discuss/current/msg00755.html > > > I would like people to have a look at this draft and send comments > to the list. Note that our plan was, and still is, to have this > draft ready for publication request by the end of the year. > > There were also discussions on producing a more long-term API at > some point... but that may fall under the scope of the RG instead. > > Cheers, > > Gonzalo > HIP co-chair > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 04 19:47:33 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IziQG-0000hW-Dz; Tue, 04 Dec 2007 19:47:32 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IziQF-0000ah-29 for hipsec@ietf.org; Tue, 04 Dec 2007 19:47:31 -0500 Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IziQD-0003bG-9x for hipsec@ietf.org; Tue, 04 Dec 2007 19:47:31 -0500 Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 7EF022E5A; Wed, 5 Dec 2007 02:47:28 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810 X-Spam-Niksula: No Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id B898F2E56; Wed, 5 Dec 2007 02:47:21 +0200 (EET) Date: Wed, 5 Dec 2007 02:47:21 +0200 (EET) From: Miika Komu X-X-Sender: mkomu@kekkonen.cs.hut.fi To: Andrew McGregor Subject: Re: [Hipsec] API draft In-Reply-To: <1B42813E-AC4E-47AF-9DC7-79ECF63627D6@indranet.co.nz> Message-ID: References: <46CC1F15.6050109@ericsson.com> <1B42813E-AC4E-47AF-9DC7-79ECF63627D6@indranet.co.nz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Tue, 4 Dec 2007, Andrew McGregor wrote: Hi Andrew, good point. The socket options don't seem to apply to HIP. Do you think that this should be mentioned in the draft? The flag size extension applies to the draft. How commonly are AI_EXTFLAGS supported in practise? At leat my Ubuntu/Gutsy does not seem to support it. > I have a question: is this draft coherent in the presence of RFC 5014? > Should there be a few values defined to fit into the RFC 5014 framework? > > Andrew > > On 22/08/2007, at 4:33 AM, Gonzalo Camarillo wrote: > >> Folks, >> >> a few months ago, we had some discussions about the API draft. Miika >> contacted the APPS area folks and got some feedback from them. With that >> feedback, he has generated a new revision of the draft: >> >> http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-02.txt >> >> The discussions with the APPS area folks are documented at: >> >> http://www1.ietf.org/mail-archive/web/discuss/current/msg00496.html >> >> http://www1.ietf.org/mail-archive/web/discuss/current/msg00755.html >> >> >> I would like people to have a look at this draft and send comments to the >> list. Note that our plan was, and still is, to have this draft ready for >> publication request by the end of the year. >> >> There were also discussions on producing a more long-term API at some >> point... but that may fall under the scope of the RG instead. >> >> Cheers, >> >> Gonzalo >> HIP co-chair >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/hipsec >> > > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec -- Miika Komu http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 05 02:57:58 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izp8m-0000Hj-Jx; Wed, 05 Dec 2007 02:57:56 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Izp8l-0000Fz-CX for hipsec@ietf.org; Wed, 05 Dec 2007 02:57:55 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Izp8k-00030q-U5 for hipsec@ietf.org; Wed, 05 Dec 2007 02:57:55 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id A40441FFD3E; Wed, 5 Dec 2007 09:57:53 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id 375E41FFD3D; Wed, 5 Dec 2007 09:57:53 +0200 (EET) Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5E2C4DB5-FE8A-4527-959A-6CF2402AEE97@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Date: Wed, 5 Dec 2007 09:57:49 +0200 To: HIP Working Group X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f Cc: Petri Jokela , Jari Arkko Subject: [Hipsec] Minor correction to hip-base X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org draft-hip-base states today as follows: > Responder's HIT Hash Algorithm (RHASH): hash algorithm used for > various hash calculations in this document. The algorithm is > the > same as is used to generate the Responder's HIT. RHASH can be > determined by inspecting the Prefix of the ORCHID (HIT). The > Prefix value has a one-to-one mapping to a hash function. RFC 4843 states, on the other hand, as follows: > Hash_function : The one-way hash function (i.e., hash function with > pre-image resistance and second pre-image > resistance) to be used according to the document > defining the context usage identified by the > Context ID. For example, the current version of > the HIP specification defines SHA1 [RFC 3174] as > the hash function to be used to generate ORCHIDs > used in the HIP protocol [HIP-BASE]. That is, in RFC 4843 RHASH is identified by the Context ID, which is, in turn, defined in hip-base. So, the definition of RHASH needs to be updated as follows: Responder's HIT Hash Algorithm (RHASH): hash algorithm used for various hash calculations in this document. The algorithm is the same as is used to generate the Responder's HIT. RHASH is defined by the Orchid Context ID. For HIP, the present RHASH algorithm is defined in Section 3.2. A future version of HIP may define a new RHASH algorithm by defining a new Context ID. I don't know what is the right process for this, now that the doc is past IESG. --Pekka Nikander _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 05 03:22:24 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzpWQ-0006Ks-NE; Wed, 05 Dec 2007 03:22:22 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzpWO-0006HZ-J0 for hipsec@ietf.org; Wed, 05 Dec 2007 03:22:20 -0500 Received: from mail.globalsuite.net ([69.46.103.200]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IzpWN-0007o7-Ss for hipsec@ietf.org; Wed, 05 Dec 2007 03:22:20 -0500 X-AuditID: c0a8013c-ac720bb000001e2e-a2-47565fb7835b Received: from [198.18.137.228] (unknown [207.236.117.226]) by mail.globalsuite.net (Symantec Mail Security) with ESMTP id A213C4DC004 for ; Wed, 5 Dec 2007 01:22:12 -0700 (MST) Mime-Version: 1.0 (Apple Message framework v752.3) To: hip WG Message-Id: From: Tobias Heer Date: Wed, 5 Dec 2007 09:21:59 +0100 X-Mailer: Apple Mail (2.752.3) X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027 Cc: Subject: [Hipsec] Some concerns regarding legacy NAT traversal solution X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1047891498==" Errors-To: hipsec-bounces@lists.ietf.org --===============1047891498== Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-4--507612196; protocol="application/pkcs7-signature" --Apple-Mail-4--507612196 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hello, After following the discussions about HIP, ICE/STUN, and NAT traversal today in the WG, I had some concerns regarding possible solutions. Of course, I trust in the judgement of the NAT team (you have all been working on the issue for quite some time), however, I wonder how a possible solution could (will) look like. I'm not asking for details about an yet unspecified solution but I'm rather interested in the design space (specifically what tradeoffs seem acceptable/realistic). I'm specially interested in the opinion of the TURN people in the design team as you probably have the best knowledge to answer the questions. In case STUN will be used for HIP, will there be a penalty in terms of RTTs for running the additional protocol (first one, then the other, or partially parallel)? If yes, will this additional time also be required if no NAT is present (e.g. when moving from behind a NAT to an un-NATed location)? Will STUN replace parts of the BEX or/and UPDATE procedure for optimizing RTTs? If yes, how will these changes look like? Will existing work based on HIP still be valid or will we have to live with an entirely new BEX or UPDATE message exchange? Will things like HIP aware NATs / Firewalls, etc. be harder to implement because they must support both (STUN + HIP)? Concluding, is consistency with the MM and Base draft one of the design goals of the NAT design team or may parts of these documents be obsoleted by the NAT traversal approach? To state it clearly: I'm not advocating any of the approaches... I'm just interested what's possible and what's not. I hope I'm not being too nosy. Thanks in advance. Best regards, Tobias -- Dipl.-Inform. Tobias Heer, Ph.D. Student Distributed Systems Group RWTH Aachen University, Germany http://ds.cs.rwth-aachen.de/members/heer --Apple-Mail-4--507612196 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGQjCCAvsw ggJkoAMCAQICEC1IEZFFsMbqCTfVL3CGGP8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDcwNjA2NDQ0MloXDTA4MDcwNTA2NDQ0 MlowXTENMAsGA1UEBBMESGVlcjEPMA0GA1UEKhMGVG9iaWFzMRQwEgYDVQQDEwtUb2JpYXMgSGVl cjElMCMGCSqGSIb3DQEJARYWaGVlckBjcy5yd3RoLWFhY2hlbi5kZTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMw9OUSRfF10zWkVrIsXsjCC8hsCRqg7NLKWYPr1M7CfJyk/0B14o8Eu PK1qUfjl1w/E5rlHIuC3rbok9tV2hHsWqPV9+tAAr4g5QJVNrou9BCD7vHPuCMJ/7WTWMcEewmS2 +U0762iVFK/bLSKwPvaaQWQV1ULUy9zJaLPHQQIAVooBQSypQy+wtxJ3PIn6nfQQnE8hc+hhz5gd 8jLoGozYz0Xv75W4YSYRjH+/R+JLS60do+V2Si1BUaOjQPS+PBSI3uNmWQQCJOb/3LBFDiUBNWe5 PoVe+HiHZi+L4s0wimzu9O/y7IUme6U5kWQTcMYdVTqxkHDk/TbcAjniyE0CAwEAAaMzMDEwIQYD VR0RBBowGIEWaGVlckBjcy5yd3RoLWFhY2hlbi5kZTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEB BQUAA4GBAD+gsUZ2GBKOG8XHPo8vGSBn85ucmwhiY7CHF+B9EvLKX1QebGCg7TooQLvJOighEUCt d5L59l4kjM6u3PrwcHlUkDeImHW3LP2bOvkXhmpYKTLz1QxlnV3WtyydO0JvNQz9pLSI2DAwuPx1 8E7q/XdJ5IWg6J1acNpiNhMuXOrhMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRow GAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl cyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZI hvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEz MDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Ia dr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+ K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1Ud EwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRow GAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCU YsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9l TzGCAxAwggMMAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5n IChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB AhAtSBGRRbDG6gk31S9whhj/MAkGBSsOAwIaBQCgggFvMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTA3MTIwNTA4MjE2MFowIwYJKoZIhvcNAQkEMRYEFH3XfCt1hHwQ DDKvcLLx9V3+GaN4MIGFBgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgSXNzdWluZyBDQQIQLUgRkUWwxuoJN9UvcIYY/zCBhwYLKoZIhvcNAQkQAgsxeKB2MGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQLUgRkUWwxuoJN9UvcIYY /zANBgkqhkiG9w0BAQEFAASCAQAdXhreBjq0/cKI64roJA2pcbMYcngVjeMmZLMcao9AvI9Iqs60 dSrhSvjiP52bqrx3u07ZzuYrRnQTNK7GqVUZJqomwqobj1JBp+tcViK5OfR+PyQ4UslJ7Vpp5M4y c8uw8AdNqdPOdFaq+G30nLbRngItMMFGsHpGAoZzxKU7gaHO1iBWAhoXLxvnGha5bw42RdDgJP0Z JsQqZ7LUqbk90JT2++QDrUZ3mVXTLESyr5KQnHRqt7+4RaHM6ziT+PTpf3DepnyDlAssLWi7eK/5 Ag8VrMm3/600Nwflz3TRdI4/E6BxLeBa329s2pc6Njjvz+YuYFTzRoefk49oZG5nAAAAAAAA --Apple-Mail-4--507612196-- --===============1047891498== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============1047891498==-- From hipsec-bounces@lists.ietf.org Wed Dec 05 10:48:08 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzwTn-0007Pg-LV; Wed, 05 Dec 2007 10:48:07 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzwTm-0007PY-Fj for hipsec@ietf.org; Wed, 05 Dec 2007 10:48:06 -0500 Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IzwTm-0000ze-2B for hipsec@ietf.org; Wed, 05 Dec 2007 10:48:06 -0500 Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-3.cisco.com with ESMTP; 05 Dec 2007 07:48:05 -0800 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lB5Fm5VG003074; Wed, 5 Dec 2007 07:48:05 -0800 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id lB5Fm1nb005210; Wed, 5 Dec 2007 15:48:01 GMT Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Dec 2007 07:48:01 -0800 Received: from dhcp-473d.ietf70.org ([10.21.148.221]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Dec 2007 07:48:00 -0800 Message-ID: <4756C82E.5020009@cisco.com> Date: Wed, 05 Dec 2007 07:47:58 -0800 From: Mark Townsley User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Pekka Nikander References: <5E2C4DB5-FE8A-4527-959A-6CF2402AEE97@nomadiclab.com> In-Reply-To: <5E2C4DB5-FE8A-4527-959A-6CF2402AEE97@nomadiclab.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Dec 2007 15:48:00.0680 (UTC) FILETIME=[36D67A80:01C83756] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2003; t=1196869685; x=1197733685; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=townsley@cisco.com; z=From:=20Mark=20Townsley=20 |Subject:=20Re=3A=20Minor=20correction=20to=20hip-base |Sender:=20; bh=4AnlUeMZWYYHqJ3RJvtfZFzmQr9JAGDdF/x1t5+Ab90=; b=IMW/qOyb8AN8UlcBlIJ6PLNAbl0AYSS3h5Y/CF1lZ1VXKU4l0gm6z9F1aN2V1RcdzohwLMAq 2hQzIfHoC9JclnkeTM1MQy22WaQkqJ6h9o7slvE1V/Apoo3bmSkGYcdPVkvUEDuBRgwWG1qA0E BEokaR88tT21bfkBTBdlmwZh0=; Authentication-Results: sj-dkim-1; header.From=townsley@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); X-Spam-Score: 0.0 (/) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352 Cc: HIP Working Group , Petri Jokela , Jari Arkko Subject: [Hipsec] Re: Minor correction to hip-base X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org This looks fairly important, so I have added it as an RFC Editor's note - it should be fixed when he RFC Editor edits the document. WG, if there is any objection to this change, please let me know ASAP. - Mark Pekka Nikander wrote: > draft-hip-base states today as follows: > >> Responder's HIT Hash Algorithm (RHASH): hash algorithm used for >> various hash calculations in this document. The algorithm is the >> same as is used to generate the Responder's HIT. RHASH can be >> determined by inspecting the Prefix of the ORCHID (HIT). The >> Prefix value has a one-to-one mapping to a hash function. > > RFC 4843 states, on the other hand, as follows: > >> Hash_function : The one-way hash function (i.e., hash function with >> pre-image resistance and second pre-image >> resistance) to be used according to the document >> defining the context usage identified by the >> Context ID. For example, the current version of >> the HIP specification defines SHA1 [RFC 3174] as >> the hash function to be used to generate ORCHIDs >> used in the HIP protocol [HIP-BASE]. > > That is, in RFC 4843 RHASH is identified by the Context ID, which is, > in turn, defined in hip-base. > > So, the definition of RHASH needs to be updated as follows: > > Responder's HIT Hash Algorithm (RHASH): hash algorithm used for > various hash calculations in this document. The algorithm is the > same as is used to generate the Responder's HIT. RHASH is > defined by the Orchid Context ID. For HIP, the present RHASH > algorithm is defined in Section 3.2. A future version of HIP > may define a new RHASH algorithm by defining a new Context ID. > > I don't know what is the right process for this, now that the doc is > past IESG. > > --Pekka Nikander > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 05 12:43:20 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzyHH-0002yR-Jo; Wed, 05 Dec 2007 12:43:19 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzyHF-0002y6-Ls for hipsec@ietf.org; Wed, 05 Dec 2007 12:43:17 -0500 Received: from p130.piuha.net ([2001:14b8:400::130] helo=smtp.piuha.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IzyHF-0000vO-8K for hipsec@ietf.org; Wed, 05 Dec 2007 12:43:17 -0500 Received: from smtp.piuha.net (localhost [127.0.0.1]) by smtp.piuha.net (Postfix) with ESMTP id 7CC7D1986CC; Wed, 5 Dec 2007 19:43:16 +0200 (EET) Received: from [127.0.0.1] (unknown [IPv6:2001:14b8:400::130]) by smtp.piuha.net (Postfix) with ESMTP id E94AB19863E; Wed, 5 Dec 2007 19:43:14 +0200 (EET) Message-ID: <4756E331.8060307@piuha.net> Date: Wed, 05 Dec 2007 09:43:13 -0800 From: Jari Arkko User-Agent: Thunderbird 1.5.0.14pre (X11/20071022) MIME-Version: 1.0 To: Mark Townsley Subject: Re: [Hipsec] Re: Minor correction to hip-base References: <5E2C4DB5-FE8A-4527-959A-6CF2402AEE97@nomadiclab.com> <4756C82E.5020009@cisco.com> In-Reply-To: <4756C82E.5020009@cisco.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8 Cc: HIP Working Group , Petri Jokela X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org The text works for me. Jari Mark Townsley kirjoitti: > > This looks fairly important, so I have added it as an RFC Editor's > note - it should be fixed when he RFC Editor edits the document. WG, > if there is any objection to this change, please let me know ASAP. > > - Mark > > Pekka Nikander wrote: >> draft-hip-base states today as follows: >> >>> Responder's HIT Hash Algorithm (RHASH): hash algorithm used for >>> various hash calculations in this document. The algorithm is the >>> same as is used to generate the Responder's HIT. RHASH can be >>> determined by inspecting the Prefix of the ORCHID (HIT). The >>> Prefix value has a one-to-one mapping to a hash function. >> >> RFC 4843 states, on the other hand, as follows: >> >>> Hash_function : The one-way hash function (i.e., hash function with >>> pre-image resistance and second pre-image >>> resistance) to be used according to the document >>> defining the context usage identified by the >>> Context ID. For example, the current version of >>> the HIP specification defines SHA1 [RFC 3174] as >>> the hash function to be used to generate ORCHIDs >>> used in the HIP protocol [HIP-BASE]. >> >> That is, in RFC 4843 RHASH is identified by the Context ID, which is, >> in turn, defined in hip-base. >> >> So, the definition of RHASH needs to be updated as follows: >> >> Responder's HIT Hash Algorithm (RHASH): hash algorithm used for >> various hash calculations in this document. The algorithm is the >> same as is used to generate the Responder's HIT. RHASH is >> defined by the Orchid Context ID. For HIP, the present RHASH >> algorithm is defined in Section 3.2. A future version of HIP >> may define a new RHASH algorithm by defining a new Context ID. >> >> I don't know what is the right process for this, now that the doc is >> past IESG. >> >> --Pekka Nikander >> > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 05 13:09:05 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzygC-0005F5-CH; Wed, 05 Dec 2007 13:09:04 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzygB-0005CX-C1 for hipsec@ietf.org; Wed, 05 Dec 2007 13:09:03 -0500 Received: from an-out-0708.google.com ([209.85.132.251]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IzygA-0003N8-Ut for hipsec@ietf.org; Wed, 05 Dec 2007 13:09:03 -0500 Received: by an-out-0708.google.com with SMTP id d11so1167287and for ; Wed, 05 Dec 2007 10:09:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; bh=MHVihS+xWNggWvXUMIAoBxDw8P7SeavlJZ3stuIMrQU=; b=Uy/BchREU1F339RSjhkRJ3HPP6TNF75Ql38pfzrRB5A8fRBdgE+f1k22DeZ7WQm7MplNFTKTUF/j5K8kB57VyHzofwwO0ATrnoi7u4beDObvepEtiU/ZNlCGF0b7qfXaGiITn+8eHDN5rHYlnSmlh1vJXnhKZfPIV/l1ooKAdkU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; b=NggHQZu0DiLOCAPomCBN4SfY+tqDmYB0nqOqBUovSupbangT+2x1e42A1LGXvKL1r+iCBuPOaJlInLpRiEnCb3PoHT703bsiBKwB3ln/mMzmy/Zs/csBr4X+87tyOCEHyTb3CJD/vtbbxpuS1BLQfELAx4JKxDpc88/x9f1fc+U= Received: by 10.100.207.5 with SMTP id e5mr4646097ang.1196878142575; Wed, 05 Dec 2007 10:09:02 -0800 (PST) Received: from dhcp-15f0.ietf70.org ( [130.129.21.240]) by mx.google.com with ESMTPS id b14sm6734936ana.2007.12.05.10.08.55 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 05 Dec 2007 10:08:57 -0800 (PST) From: Julien Laganier To: hipsec@lists.ietf.org Subject: Re: [Hipsec] Re: Minor correction to hip-base Date: Wed, 5 Dec 2007 19:08:53 +0100 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) References: <5E2C4DB5-FE8A-4527-959A-6CF2402AEE97@nomadiclab.com> <4756C82E.5020009@cisco.com> In-Reply-To: <4756C82E.5020009@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200712051908.54338.julien.IETF@laposte.net> X-Spam-Score: 0.0 (/) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 Cc: Petri Jokela , Jari Arkko , HIP Working Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Mark, The change is fine with me. Pekka, thanks for catching this! --julien On Wednesday 05 December 2007, Mark Townsley wrote: > This looks fairly important, so I have added it as an RFC Editor's > note - it should be fixed when he RFC Editor edits the document. WG, > if there is any objection to this change, please let me know ASAP. > > - Mark > > Pekka Nikander wrote: > > draft-hip-base states today as follows: > >> Responder's HIT Hash Algorithm (RHASH): hash algorithm used > >> for various hash calculations in this document. The algorithm is > >> the same as is used to generate the Responder's HIT. RHASH can be > >> determined by inspecting the Prefix of the ORCHID (HIT). The > >> Prefix value has a one-to-one mapping to a hash function. > > > > RFC 4843 states, on the other hand, as follows: > >> Hash_function : The one-way hash function (i.e., hash function > >> with pre-image resistance and second pre-image resistance) to be > >> used according to the document defining the context usage > >> identified by the Context ID. For example, the current version of > >> the HIP specification defines SHA1 [RFC 3174] as the hash function > >> to be used to generate ORCHIDs used in the HIP protocol > >> [HIP-BASE]. > > > > That is, in RFC 4843 RHASH is identified by the Context ID, which > > is, in turn, defined in hip-base. > > > > So, the definition of RHASH needs to be updated as follows: > > > > Responder's HIT Hash Algorithm (RHASH): hash algorithm used > > for various hash calculations in this document. The algorithm is > > the same as is used to generate the Responder's HIT. RHASH is > > defined by the Orchid Context ID. For HIP, the present RHASH > > algorithm is defined in Section 3.2. A future version of HIP may > > define a new RHASH algorithm by defining a new Context ID. > > > > I don't know what is the right process for this, now that the doc > > is past IESG. > > > > --Pekka Nikander > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 05 14:49:50 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J00Fe-00017o-QN; Wed, 05 Dec 2007 14:49:46 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J00Fe-00016M-0F for hipsec@ietf.org; Wed, 05 Dec 2007 14:49:46 -0500 Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J00Fb-0003pb-TP for hipsec@ietf.org; Wed, 05 Dec 2007 14:49:45 -0500 Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 51A4A2E42; Wed, 5 Dec 2007 21:49:43 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810 X-Spam-Niksula: No Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id A62C22D88; Wed, 5 Dec 2007 21:49:35 +0200 (EET) Date: Wed, 5 Dec 2007 21:49:35 +0200 (EET) From: Miika Komu X-X-Sender: mkomu@kekkonen.cs.hut.fi To: Tobias Heer Subject: Re: [Hipsec] Some concerns regarding legacy NAT traversal solution In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 14582b0692e7f70ce7111d04db3781c8 Cc: hip WG , hip-nat-traversal@piuha.net X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Wed, 5 Dec 2007, Tobias Heer wrote: Hi Tobias, > In case STUN will be used for HIP, will there be a penalty in terms of RTTs > for running the additional protocol (first one, then the other, or partially > parallel)? If yes, will this additional time also be required if no NAT is > present (e.g. when moving from behind a NAT to an un-NATed location)? Yes there is some penalty. This is what we discussed earlier on nat design team list but it is somewhat modified (SEQ needs a separate ACK): STUN-based approach: L Relay(R) R | UPDATE(LOCATOR,SEQ, SPI) | | +------------------------->+ | | | | | +---------------------------->| | | | | | UPDATE(LOCATOR,SPI,SEQ,ACK) | | |<----------------------------| |<-------------------------+ | | | | | UPDATE(ACK) | | +------------------------->| | | | | | +---------------------------->| | | | | ICE connectivity tests | |<------------------------------------------------------>| | | | | ESP | |<------------------------------------------------------>| | | HIP-based approach: L Relay(R) R | UPDATE(LOCATOR,SEQ, SPI) | | +------------------------->+ | | | | | +---------------------------->| | | | | | UPDATE(LOCATOR,SPI,SEQ,ACK) | | |<----------------------------| |<-------------------------+ | | | | | UPDATEs(ECHO_REQUESTs, ACK and ECHO_RESPONSEs) | |<------------------------------------------------------>| | | | | ESP | |<------------------------------------------------------>| | | So, the STUN approach has one extra packet going through the relay. In HIP, we can piggypack the ACK in the ECHO_REQUEST. Here we are assuming that ICE connectivity tests replace the return routability tests of HIP. This has a security problem related to middleboxes because STUN messages don't include public keys and signatures. The middlebox needs them in order to protect itself against replay attacks as described in your draft: http://www.ietf.org/internet-drafts/draft-heer-hip-middle-auth-00.txt > Will STUN replace parts of the BEX or/and UPDATE procedure for optimizing > RTTs? If yes, how will these changes look like? Will existing work based on > HIP still be valid or will we have to live with an entirely new BEX or UPDATE > message exchange? Will things like HIP aware NATs / Firewalls, etc. be harder > to implement because they must support both (STUN + HIP)? Yes they will be harder to implement because the middlebox has to... 1) Support two protocols instead of one 2) Be able to map the two protocols to each other My comment is based on that we have actually implemented a HIP-based firewall: http://www.usenix.org/events/usenix07/posters/lindqvist.pdf http://infrahip.hiit.fi/papers/essi_dippa.pdf > Concluding, is consistency with the MM and Base draft one of the design goals > of the NAT design team or may parts of these documents be obsoleted by the > NAT traversal approach? So far we have only concluded that the RVS design is inadequate for the NAT traversal. It is self-evident that the mobility part needs some changes independently of whether we use STUN or HIP for the connectivity tests. Personally, I would like to keep those changes minimal and compatible with the mobility draft. -- Miika Komu http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 06 14:40:22 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0Ma3-0007ad-BP; Thu, 06 Dec 2007 14:40:19 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0Ma2-0007ZD-FU for hipsec@ietf.org; Thu, 06 Dec 2007 14:40:18 -0500 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J0Ma1-0002yp-KK for hipsec@ietf.org; Thu, 06 Dec 2007 14:40:18 -0500 Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [192.42.227.216]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lB6JeGe9015670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 6 Dec 2007 11:40:16 -0800 (PST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lB6JeGUe014452; Thu, 6 Dec 2007 11:40:16 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lB6JeGle014449; Thu, 6 Dec 2007 11:40:16 -0800 (PST) Received: from XCH-NW-6V1.nw.nos.boeing.com ([130.247.55.53]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 6 Dec 2007 11:40:15 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Thu, 6 Dec 2007 11:39:55 -0800 Message-ID: <0DF156EE7414494187B087A3C279BDB4033F259D@XCH-NW-6V1.nw.nos.boeing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: HIP implementation tests at IETF 70 Thread-Index: Acg4PqjkgSpIzC/JQUusjziJHRvH0g== From: "Ahrenholz, Jeffrey M" To: , X-OriginalArrivalTime: 06 Dec 2007 19:40:15.0140 (UTC) FILETIME=[D2D61640:01C8383F] X-Spam-Score: -4.0 (----) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 Cc: Subject: [Hipsec] HIP implementation tests at IETF 70 X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org FYI, during this 70th IETF meeting, I performed some interop tests of = the three HIP implementations. The results were favorable, with IPv4 and = IPv6 base exchanges working between the OpenHIP implementation and = InfraHIP and Ericsson test servers, and a wired to wireless mobility = handoff with each was also successful. Here is a summary... InfraHIP: - IPv4 openhip-0.5 to crossroads.infrahip.net base exchange OK; ESP = traffic using ping6 , http:// OK - IPv6 openhip-0.5 to crossroads.infrahip.net base exchange OK; ESP = traffic using ping6 , http:// OK - IPv4 readdress OK from wired to wireless, after updating OpenHIP code = (see the CVS version) - CLOSE/CLOSE ACK worked OK Ericsson: - IPv4 openhip-0.5 to woodstock4.hip4inter.net base exchange OK; ESP = traffic using ping6 OK, http:// failed (TCP SYNs sent but no = responses) - IPv6 openhip-0.5 to woodstock6.hip4inter.net base exchange OK; ESP = traffic using ping6 OK, http:// failed (TCP SYNs sent but no = responses) - IPv4 readdress OK from wired to wireless - CLOSE/CLOSE ACK worked OK -Jeff _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 06 18:36:38 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0QGj-0007kL-RE; Thu, 06 Dec 2007 18:36:37 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0QGi-0007jt-9f; Thu, 06 Dec 2007 18:36:36 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-06.primus.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J0QGi-0004s5-2Y; Thu, 06 Dec 2007 18:36:36 -0500 Received: from dhcp-17f5.ietf70.org ([130.129.23.245]) by mail-06.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J0QGh-0005Kl-2C; Thu, 06 Dec 2007 18:36:35 -0500 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <79B539D8-C889-4117-88C0-2D7D695EB844@magma.ca> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: p2psip@lists.ietf.org, hipsec@ietf.org, hipsec-rg@listserv.cybertrust.com From: Philip Matthews Date: Thu, 6 Dec 2007 15:36:43 -0800 X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - dhcp-17f5.ietf70.org [130.129.23.245] X-Spam-Score: 0.0 (/) X-Scan-Signature: 8ac499381112328dd60aea5b1ff596ea Cc: Subject: [Hipsec] Friday morning: HIP and P2PSIP discussion X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org There will be an informal discussion of the approach of using HIP for P2PSIP on Friday morning 8:15 - 9:00 (during breakfast time). If you are interested, meet in the hall outside Salon #1, #2, #3 (on the second floor). - Philip _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 06 20:01:18 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0Raf-0005cr-R7; Thu, 06 Dec 2007 20:01:17 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0Rae-0005ai-Dn for hipsec@ietf.org; Thu, 06 Dec 2007 20:01:16 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J0Rad-0000pW-SU for hipsec@ietf.org; Thu, 06 Dec 2007 20:01:16 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 9B38320533; Fri, 7 Dec 2007 02:00:53 +0100 (CET) X-AuditID: c1b4fb3e-afea1bb00000459d-44-47589b451975 Received: from esealmw127.eemea.ericsson.se (unknown [153.88.254.122]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 83D97200DD; Fri, 7 Dec 2007 02:00:53 +0100 (CET) Received: from esealmw129.eemea.ericsson.se ([153.88.254.177]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Dec 2007 02:00:53 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Dec 2007 02:00:52 +0100 Received: from [131.160.126.159] (rvi2-126-159.lmf.ericsson.se [131.160.126.159]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 0AEA523F6; Fri, 7 Dec 2007 03:00:51 +0200 (EET) Message-ID: <47589B41.2080009@ericsson.com> Date: Fri, 07 Dec 2007 03:00:49 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 07 Dec 2007 01:00:52.0831 (UTC) FILETIME=[9D64C6F0:01C8386C] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: -1.0 (-) X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 Cc: Subject: [Hipsec] Using STUN for end-to-end connectivity checks X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Folks, as I said in our WG session, I have pushed the NAT Traversal for HIP design team to make a decision on the protocol to implement end-to-end connectivity checks. The design team was spending too much time thinking of this issue and, in my opinion (as HIP WG chair), this was keeping the team from making progress. There were two proposals to implement the end-to-end connectivity checks: using STUN or using HIP. The design team agreed to make a decision before the end of the IETF. Today, we met for two hours to make this decision. The idea was to make a design assumption (i.e., to use STUN or to use HIP) so that the team can work on other open issues and implementers can start experimenting. If by the time the specification is more or less done and we have more implementation experience, we find overwhelming evidence that this was the wrong decision, the design team agreed that we would able to reevaluate the decision. The design team could not reach unanimous consensus on which protocol to use because there were technical arguments in favor of both of them. Therefore, they had to vote. The STUN approach won the voting (4 votes for STUN 2 votes for HIP). Consequently, from now on, the team will be working assuming STUN as the protocol to implement end-to-end connectivity checks. Cheers, Gonzalo HIP WG co-chair _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 07 02:20:33 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0XVf-0007Eo-9T; Fri, 07 Dec 2007 02:20:31 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0XVd-0007EU-Jg for hipsec@ietf.org; Fri, 07 Dec 2007 02:20:29 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J0XVd-0005iO-5r for hipsec@ietf.org; Fri, 07 Dec 2007 02:20:29 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 2B1351EF1B8; Fri, 7 Dec 2007 09:20:28 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id CFF471EF1B5; Fri, 7 Dec 2007 09:20:27 +0200 (EET) In-Reply-To: <47589B41.2080009@ericsson.com> References: <47589B41.2080009@ericsson.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Fri, 7 Dec 2007 09:20:27 +0200 To: Gonzalo Camarillo X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org I would like to see the DT to clearly express their considerations, in writing, for the WG to think about. Personally, I strongly suspect that the DT has made an architecturally wrong decision. However, I trust that the DT then has other concerns that they have considered more important than architectural beauty (which in the past has been a main concern, or perhaps even the main concern, when making design decisions w.r.t. HIP). Hence, I really want understand what those assumedly more important factors are. --Pekka Nikander On 7 Dec 2007, at 03:00, Gonzalo Camarillo wrote: > Folks, > > as I said in our WG session, I have pushed the NAT Traversal for > HIP design team to make a decision on the protocol to implement end- > to-end connectivity checks. The design team was spending too much > time thinking of this issue and, in my opinion (as HIP WG chair), > this was keeping the team from making progress. > > There were two proposals to implement the end-to-end connectivity > checks: using STUN or using HIP. The design team agreed to make a > decision before the end of the IETF. Today, we met for two hours to > make this decision. > > The idea was to make a design assumption (i.e., to use STUN or to > use HIP) so that the team can work on other open issues and > implementers can start experimenting. If by the time the > specification is more or less done and we have more implementation > experience, we find overwhelming evidence that this was the wrong > decision, the design team agreed that we would able to reevaluate > the decision. > > The design team could not reach unanimous consensus on which > protocol to use because there were technical arguments in favor of > both of them. Therefore, they had to vote. The STUN approach won > the voting (4 votes for STUN 2 votes for HIP). > > Consequently, from now on, the team will be working assuming STUN > as the protocol to implement end-to-end connectivity checks. > > Cheers, > > Gonzalo > HIP WG co-chair > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 07 11:13:12 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0fp8-0001rc-9j; Fri, 07 Dec 2007 11:13:10 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0fp6-0001rR-SW for hipsec@ietf.org; Fri, 07 Dec 2007 11:13:08 -0500 Received: from stl-smtpout-01.boeing.com ([130.76.96.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J0fp5-0006KV-33 for hipsec@ietf.org; Fri, 07 Dec 2007 11:13:08 -0500 Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lB7GD0GY017939 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 7 Dec 2007 10:13:02 -0600 (CST) Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lB7GD0Eb027818; Fri, 7 Dec 2007 10:13:00 -0600 (CST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lB7GCdkr027241; Fri, 7 Dec 2007 10:12:59 -0600 (CST) Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Dec 2007 08:12:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Hipsec] Using STUN for end-to-end connectivity checks Date: Fri, 7 Dec 2007 08:12:02 -0800 Message-ID: <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] Using STUN for end-to-end connectivity checks Thread-Index: Acg4oaqJDUBLr5aYR5Gpwqr8ITGgJwAO7YTQ References: <47589B41.2080009@ericsson.com> From: "Henderson, Thomas R" To: "Pekka Nikander" X-OriginalArrivalTime: 07 Dec 2007 16:12:57.0713 (UTC) FILETIME=[07F71610:01C838EC] X-Spam-Score: -4.0 (----) X-Scan-Signature: 36b1f8810cb91289d885dc8ab4fc8172 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org =20 > -----Original Message----- > From: Pekka Nikander [mailto:pekka.nikander@nomadiclab.com]=20 > Sent: Thursday, December 06, 2007 11:20 PM > To: Gonzalo Camarillo > Cc: HIP > Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks >=20 > I would like to see the DT to clearly express their considerations, =20 > in writing, for the WG to think about. >=20 > Personally, I strongly suspect that the DT has made an =20 > architecturally wrong decision. However, I trust that the DT then =20 > has other concerns that they have considered more important than =20 > architectural beauty (which in the past has been a main concern, or =20 > perhaps even the main concern, when making design decisions w.r.t. =20 > HIP). Hence, I really want understand what those assumedly more =20 > important factors are. >=20 > --Pekka Nikander Pekka, Here are my thoughts on this (as one of the STUN proponents): As background context, we are talking here about the syntax and parameters of the STUN connectivity check that is used in ICE and flows from end-to-end. The requirement here is to make these look like the data so that they flow through the NAT in the same way. Since this is end-to-end, we could pick a HIP-based encoding and put STUN parameters in there (if needed), or we could pick a STUN-based encoding and put additional HIP parameters in there (if needed), or invent some other coding altogether I do not doubt that the HIP WG or design team could come up with a format more aligned to HIP. This I think is the main argument for defining a HIP connectivity check format. I also think that it would be viable to proceed down that path and it would have some advantages. However, I question whether it is good strategy for the moment to try to optimize in that area, for a couple of reasons. =20 1) taking the STUN format and aligning with STUN where we can makes it easier for HIP to leverage the STUN/ICE developments and lessons learned, and focus on other things. 2) there seems to be some interest (see the SAFE BOF this week: http://www3.ietf.org/proceedings/07dec/slides/safe-0.pdf ) for vendors to build middleboxes that can tag the STUN messages for optimizing (reducing) the keep-alive traffic. If we wanted to take advantage of that (if that work were to go forward), we would want to look like STUN in that case. 3) using the STUN format makes it easier to incorporate STUN/ICE by reference in our design document. By the same token, I have observed that some people in the P2PSIP WG are questioning "Why HIP? Why not selectively pick good ideas from HIP that are tailored to our particular problem requirements and discard the rest?" For consistency, I think it is not the best stance to be recommending on the one hand "do not, by default, cherry-pick pieces of HIP; consider the overall system before you resort to that" while on the other saying "we want to take only the pieces of ICE/STUN that make sense for us." If we find strong technical reasons to diverge, so be it, but that is not the case here from what I understand. Regarding architectural purity, since we are talking about NAT traversal, I think we are already sullied unfortunately. I understand the possible concern that things that are developed/used for NAT traversal leak into other aspects of the HIP design (when not running over NAT), but we will just need I think to monitor and evaluate that as it comes up. My personal feeling is that, in the public internet, operating over NATs will be a very common mode of operation for some time to come. Also, you can see from Gonzalo's post that we reserved the right to revert this decision in a few months if it appears that we goofed, and the view was expressed that if we were to do so in the future, it would be easier to recover back to HIP than if we proceeded with HIP initially and then later tried to map back to STUN. I also think it would probably not be too much of a problem to add back in a pure HIP version of these messages if it is desired later. Some of these points above are subjective and different people have different views of the future; hence the lack of consensus on the design team.=20 Regards, Tom >=20 > On 7 Dec 2007, at 03:00, Gonzalo Camarillo wrote: >=20 > > Folks, > > > > as I said in our WG session, I have pushed the NAT Traversal for =20 > > HIP design team to make a decision on the protocol to=20 > implement end-=20 > > to-end connectivity checks. The design team was spending too much =20 > > time thinking of this issue and, in my opinion (as HIP WG chair), =20 > > this was keeping the team from making progress. > > > > There were two proposals to implement the end-to-end connectivity =20 > > checks: using STUN or using HIP. The design team agreed to make a =20 > > decision before the end of the IETF. Today, we met for two=20 > hours to =20 > > make this decision. > > > > The idea was to make a design assumption (i.e., to use STUN or to =20 > > use HIP) so that the team can work on other open issues and =20 > > implementers can start experimenting. If by the time the =20 > > specification is more or less done and we have more implementation =20 > > experience, we find overwhelming evidence that this was the wrong =20 > > decision, the design team agreed that we would able to reevaluate =20 > > the decision. > > > > The design team could not reach unanimous consensus on which =20 > > protocol to use because there were technical arguments in favor of =20 > > both of them. Therefore, they had to vote. The STUN approach won =20 > > the voting (4 votes for STUN 2 votes for HIP). > > > > Consequently, from now on, the team will be working assuming STUN =20 > > as the protocol to implement end-to-end connectivity checks. > > > > Cheers, > > > > Gonzalo > > HIP WG co-chair > > > > _______________________________________________ > > Hipsec mailing list > > Hipsec@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/hipsec > > >=20 >=20 > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec >=20 _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 07 12:51:47 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0hMY-0000ni-BL; Fri, 07 Dec 2007 12:51:46 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J0hMW-0000bo-Ne for hipsec@ietf.org; Fri, 07 Dec 2007 12:51:44 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J0hMW-0004ll-Ay for hipsec@ietf.org; Fri, 07 Dec 2007 12:51:44 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 853ED21078; Fri, 7 Dec 2007 18:51:43 +0100 (CET) X-AuditID: c1b4fb3e-aee9fbb00000459d-01-4759882fba9e Received: from esealmw127.eemea.ericsson.se (unknown [153.88.254.122]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 6C379216F0; Fri, 7 Dec 2007 18:51:43 +0100 (CET) Received: from esealmw129.eemea.ericsson.se ([153.88.254.177]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Dec 2007 18:51:43 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Dec 2007 18:51:42 +0100 Received: from [131.160.126.42] (rvi2-126-42.lmf.ericsson.se [131.160.126.42]) by mail.lmf.ericsson.se (Postfix) with ESMTP id B3EB0236E; Fri, 7 Dec 2007 19:51:41 +0200 (EET) Message-ID: <4759882C.50004@ericsson.com> Date: Fri, 07 Dec 2007 19:51:40 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 07 Dec 2007 17:51:42.0426 (UTC) FILETIME=[D35E8BA0:01C838F9] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Cc: Subject: [Hipsec] ICE for non-HIP protocols X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Folks, FYI: I just got the following information, which I believe is relevant to the HIP WG and, in particular, to the NAT Traversal for HIP design team. I have just been informed that, as a consequence of the P2PSIP discussions, Jonathan Rosenberg (author of ICE) plans on producing a draft on "Using ICE in non-SIP Protocols". This draft will basically point to the various things in the ICE spec implementations need and don't need to do. The draft will make it clear which sections of ICE are relevant to non-SIP protocols and which ones are not. The idea is that, once this draft is done, non-SIP protocols using ICE (e.g., HIP) will just need to reference this document and describe how to exchange the parameters it defines. In the case of HIP, it would most likely also be necessary to define additional ways to gather address candidates (e.g., using a HIP RVS). The plan is to publish this draft before the next IETF. Cheers, Gonzalo HIP WG co-chair _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 10 00:59:07 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1bfM-0002dX-EM; Mon, 10 Dec 2007 00:58:56 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1bfL-0002dN-HC for hipsec@ietf.org; Mon, 10 Dec 2007 00:58:55 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J1bfK-0001V9-VA for hipsec@ietf.org; Mon, 10 Dec 2007 00:58:55 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 22326214C4 for ; Mon, 10 Dec 2007 06:58:54 +0100 (CET) X-AuditID: c1b4fb3e-b1ea5bb00000459d-83-475cd59e65ba Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 121E5214BA for ; Mon, 10 Dec 2007 06:58:54 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.174]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Dec 2007 06:58:53 +0100 Received: from mail.lmf.ericsson.se ([131.160.11.50]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Dec 2007 06:58:53 +0100 Received: from [131.160.36.4] (E000FB0F665DD.lmf.ericsson.se [131.160.36.4]) by mail.lmf.ericsson.se (Postfix) with ESMTP id A88A8236E; Mon, 10 Dec 2007 07:58:53 +0200 (EET) Message-ID: <475CD59D.9080406@ericsson.com> Date: Mon, 10 Dec 2007 07:58:53 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Gonzalo Camarillo Subject: Re: [Hipsec] ICE for non-HIP protocols References: <4759882C.50004@ericsson.com> In-Reply-To: <4759882C.50004@ericsson.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Dec 2007 05:58:53.0810 (UTC) FILETIME=[BE86E520:01C83AF1] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi, of course, the subject should have said "non-SIP" protocols. Cheers, Gonzalo Gonzalo Camarillo wrote: > Folks, > > FYI: I just got the following information, which I believe is relevant > to the HIP WG and, in particular, to the NAT Traversal for HIP design team. > > I have just been informed that, as a consequence of the P2PSIP > discussions, Jonathan Rosenberg (author of ICE) plans on producing a > draft on "Using ICE in non-SIP Protocols". This draft will basically > point to the various things in the ICE spec implementations need and > don't need to do. The draft will make it clear which sections of ICE are > relevant to non-SIP protocols and which ones are not. > > The idea is that, once this draft is done, non-SIP protocols using ICE > (e.g., HIP) will just need to reference this document and describe how > to exchange the parameters it defines. > > In the case of HIP, it would most likely also be necessary to define > additional ways to gather address candidates (e.g., using a HIP RVS). > > The plan is to publish this draft before the next IETF. > > Cheers, > > Gonzalo > HIP WG co-chair > > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 10 10:29:03 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1kZ3-0006Ni-6a; Mon, 10 Dec 2007 10:29:01 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1kZ1-0006NZ-QP for hipsec@ietf.org; Mon, 10 Dec 2007 10:28:59 -0500 Received: from an-out-0708.google.com ([209.85.132.245]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J1kYz-0003Q0-Kb for hipsec@ietf.org; Mon, 10 Dec 2007 10:28:59 -0500 Received: by an-out-0708.google.com with SMTP id d11so387916and for ; Mon, 10 Dec 2007 07:28:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; bh=DHQJBMaL3wYQL91vbFWhHoC6U2WKiiGzgISDs4SlvCo=; b=rMGOUFw+wxpoAoHio8e7tJsOgFSH8xiG2Xl7ZWze9xrNT1zuNiwIfY5BE7Tkn+WejeMjy3TceaIfgloFMILnrlYXMnpkmvPRvfMoVFfFzxuUPWTTTKvPrp8fw6LFxcT4O1XImJ1C70qf8e2ZddOqcI9R5e+28hlsNBKvsZv4zmg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; b=a84i4zRsXL67sKOzDg+aEpkLjpCUXPm/k78w0uP6uFNLYDeOUu55JFerrWhNsuuPE9OJQk+ImEDxk8NXH/4M7aIU4HedupZoNBPd8HviETOW70Dklnv8SbaWiMCkpxZFhXV+nb90HCwMcU8d+FnNOgLwRld+zJmVVuyEJ1chzMc= Received: by 10.101.66.14 with SMTP id t14mr15164666ank.1197300537342; Mon, 10 Dec 2007 07:28:57 -0800 (PST) Received: from ubik.local ( [212.119.9.178]) by mx.google.com with ESMTPS id i7sm822082nfh.2007.12.10.07.28.55 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 10 Dec 2007 07:28:56 -0800 (PST) From: Julien Laganier To: HIP Working Group Date: Mon, 10 Dec 2007 16:28:52 +0100 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200712101628.53066.julien.IETF@laposte.net> X-Spam-Score: 0.0 (/) X-Scan-Signature: e1b0e72ff1bbd457ceef31828f216a86 Cc: Jari Arkko , hip-chairs@tools.ietf.org Subject: [Hipsec] "Minor" correction to hip-rvs X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org =46olks, While being polled for IANA action I noticed that the hip-rvs draft=20 still defines a RVS_HMAC parameter of fixed length, while the hip-base=20 draft does not: Value =A0 =A0 =A0 =A0Parameter Type =A0 =A0 =A0 =A0 =A0 =A0Length =A0 =A0 = =A0Data =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Reference =2D------- =A0 =A0 ---------------------- =A0 =A0----------=20 =2D--------------------------------------- =A0--------- 65500 =A0 =A0 =A0 =A0RVS_HMAC =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A020 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0[RFC-ietf-hip-rvs-05.txt] Historically the RVS_HMAC related text from hip-rvs has been a near=20 copy/paste of the HMAC text from hip-base, only the parameter type (and=20 hence the location, after signature) would differ.=20 The coupling between the two has been lost due to negligence on my part.=20 I lost track of the changes of HMAC in hip-base, i.e. addition of=20 pseudo hash agility. Therefore I think the RVS_MAC text in hip-rvs=20 shall be aligned with that of the HMAC in hip-base. That would require the change below to be carried on. I do not know=20 however how now that hip-rvs is in RFC Editor queue. ADs, can that be=20 done as part of AUTH-48? =2D-julien =2D--------------------------------------------------------------------- OLD: 4.2.1. RVS_HMAC Parameter The RVS_HMAC is a non-critical parameter whose only difference with the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. This change causes it to be located after the FROM parameter (as opposed to the HMAC): Type [ TBD by IANA (65500 =3D 2^16 - 2^5 - 2^2) ] Length 20 HMAC 160 low order bits of a HMAC keyed with the appropriate HIP integrity key (HIP_lg or HIP_gl), established when rendezvous registration happened. This HMAC is computed over the HIP packet, excluding RVS_HMAC and any following parameters. The "checksum" field MUST be set to zero and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameter when the "authenticator" field is calculated. To allow a rendezvous client and its RVS to verify the integrity of packets flowing between them, both SHOULD protect packets with an added RVS_HMAC parameter keyed with the HIP_lg or HIP_gl integrity key established while registration occurred. A valid RVS_HMAC SHOULD be present on every packets flowing between a client and a server and MUST be present when a FROM parameters is processed. NEW: 4.2.1. RVS_HMAC Parameter The RVS_HMAC is a non-critical parameter whose only difference with the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. This change causes it to be located after the FROM parameter (as opposed to the HMAC): Type [ TBD by IANA (65500 =3D 2^16 - 2^5 - 2^2) ] Length length in octets, excluding Type, Length, and Padding HMAC 160 low order bits of a HMAC keyed with the appropriate HIP integrity key (HIP_lg or HIP_gl), established when rendezvous registration happened. This HMAC is computed over the HIP packet, excluding RVS_HMAC and any following parameters. The "checksum" field MUST be set to zero and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameter when the "authenticator" field is calculated. HMAC computed over the HIP packet, excluding the RVS_HMAC parameter and any following parameters. The HMAC is keyed with the appropriate HIP integrity key (HIP-lg or HIP-gl) established when rendezvous registration happened. The checksum field MUST be set to zero and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameters when the HMAC is calculated. The size of the HMAC is the natural size of the hash computation output depending on the used hash function. To allow a rendezvous client and its RVS to verify the integrity of packets flowing between them, both SHOULD protect packets with an added RVS_HMAC parameter keyed with the HIP-lg or HIP-gl integrity key established while registration occurred. A valid RVS_HMAC SHOULD be present on every packets flowing between a client and a server and MUST be present when a FROM parameters is processed. _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 10 11:06:07 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1l8w-0000qu-Cy; Mon, 10 Dec 2007 11:06:06 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1l8v-0000qk-9o for hipsec@ietf.org; Mon, 10 Dec 2007 11:06:05 -0500 Received: from wr-out-0506.google.com ([64.233.184.238]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J1l8u-0004YA-Qv for hipsec@ietf.org; Mon, 10 Dec 2007 11:06:05 -0500 Received: by wr-out-0506.google.com with SMTP id 68so1275530wra for ; Mon, 10 Dec 2007 08:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:user-agent:cc:mime-version:content-disposition:date:content-type:content-transfer-encoding:message-id:sender; bh=eA370CO56U+YEDx4SAlcfiumfFD523cHo/VYd2XDo88=; b=OTYq0UfWpZgfxg5q7QAgBmf9+if4FBvK9uvOeFhgLfZ0oDUyvo3P6vH70d5fNxnAQ1QQA1iaVOIjWBlJ0esk9QC1f0Wkv/YjDsxZEINbrBX7BSh3fm8esiJyRUvszMDKXXDZB15DtvfKGF7GlP2WLhAsP9tMsqMAd0lM9DD6jv8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:user-agent:cc:mime-version:content-disposition:date:content-type:content-transfer-encoding:message-id:sender; b=YbHcI/7or30AmAH2nPBBWGXXQSzU7opXDIsMGUja7DG80rOejNRKpkbYt52e9I6flhQmulaWQKj/Mxd2Kxhj388RpRwmv/ICirEToUIf6E8XPKWUpsMmt9gKFhpB5GXKf09/o4R+UUT2mB72PwMROP+seGsxHeojtyge42oOo+E= Received: by 10.78.149.15 with SMTP id w15mr2790288hud.1197302763087; Mon, 10 Dec 2007 08:06:03 -0800 (PST) Received: from ubik.local ( [212.119.9.178]) by mx.google.com with ESMTPS id 2sm853610nfv.2007.12.10.08.05.58 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 10 Dec 2007 08:06:01 -0800 (PST) From: Julien Laganier To: HIP Working Group User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) MIME-Version: 1.0 Content-Disposition: inline Date: Mon, 10 Dec 2007 17:05:55 +0100 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Message-Id: <200712101705.56501.julien.IETF@laposte.net> X-Spam-Score: 0.0 (/) X-Scan-Signature: 386e0819b1192672467565a524848168 Cc: Jari Arkko , hip-chairs@tools.ietf.org Subject: [Hipsec] [CORRECTED] "Minor" correction to hip-rvs X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org [ Resent since I managed to mess up my copy/paste :( Sorry! ] =46olks, While being polled for IANA action I noticed that the hip-rvs draft=20 still defines a RVS_HMAC parameter of fixed length, while the hip-base=20 draft does not: Value =A0 =A0 =A0 =A0Parameter Type =A0 =A0 =A0 =A0 =A0 =A0Length =A0 =A0 = =A0Data =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Reference =2D------- =A0 =A0 ---------------------- =A0 =A0----------=20 =2D--------------------------------------- =A0--------- 65500 =A0 =A0 =A0 =A0RVS_HMAC =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A020 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0[RFC-ietf-hip-rvs-05.txt] Historically the RVS_HMAC related text from hip-rvs has been a near=20 copy/paste of the HMAC text from hip-base, only the parameter type (and=20 hence the location, after signature) would differ.=20 The coupling between the two has been lost due to negligence on my part.=20 I lost track of the changes of HMAC in hip-base, i.e. addition of=20 pseudo hash agility. Therefore I think the RVS_MAC text in hip-rvs=20 shall be aligned with that of the HMAC in hip-base. That would require the change below to be carried on. I do not know=20 however how now that hip-rvs is in RFC Editor queue. ADs, can that be=20 done as part of AUTH-48? =2D-julien =2D--------------------------------------------------------------------- OLD: 4.2.1. RVS_HMAC Parameter The RVS_HMAC is a non-critical parameter whose only difference with the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. This change causes it to be located after the FROM parameter (as opposed to the HMAC): Type [ TBD by IANA (65500 =3D 2^16 - 2^5 - 2^2) ] Length 20 HMAC 160 low order bits of a HMAC keyed with the appropriate HIP integrity key (HIP_lg or HIP_gl), established when rendezvous registration happened. This HMAC is computed over the HIP packet, excluding RVS_HMAC and any following parameters. The "checksum" field MUST be set to zero and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameter when the "authenticator" field is calculated. To allow a rendezvous client and its RVS to verify the integrity of packets flowing between them, both SHOULD protect packets with an added RVS_HMAC parameter keyed with the HIP_lg or HIP_gl integrity key established while registration occurred. A valid RVS_HMAC SHOULD be present on every packets flowing between a client and a server and MUST be present when a FROM parameters is processed. NEW: 4.2.1. RVS_HMAC Parameter The RVS_HMAC is a non-critical parameter whose only difference with the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. This change causes it to be located after the FROM parameter (as opposed to the HMAC): Type [ TBD by IANA (65500 =3D 2^16 - 2^5 - 2^2) ] Length length in octets, excluding Type, Length, and Padding HMAC HMAC computed over the HIP packet, excluding the RVS_HMAC parameter and any following parameters. The HMAC is keyed with the appropriate HIP integrity key (HIP-lg or HIP-gl) established when rendezvous registration happened. The checksum field MUST be set to zero and the HIP header length in the HIP common header MUST be calculated not to cover any excluded parameters when the HMAC is calculated. The size of the HMAC is the natural size of the hash computation output depending on the used hash function. To allow a rendezvous client and its RVS to verify the integrity of packets flowing between them, both SHOULD protect packets with an added RVS_HMAC parameter keyed with the HIP-lg or HIP-gl integrity key established while registration occurred. A valid RVS_HMAC SHOULD be present on every packets flowing between a client and a server and MUST be present when a FROM parameters is processed. _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 10 11:30:47 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1lWn-000589-IG; Mon, 10 Dec 2007 11:30:45 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J1lWm-000582-1Q for hipsec@ietf.org; Mon, 10 Dec 2007 11:30:44 -0500 Received: from ams-iport-1.cisco.com ([144.254.224.140]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J1lWl-00054s-3d for hipsec@ietf.org; Mon, 10 Dec 2007 11:30:44 -0500 X-IronPort-AV: E=Sophos;i="4.23,277,1194217200"; d="scan'208";a="489895" Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 10 Dec 2007 17:30:42 +0100 Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lBAGUgJB002688; Mon, 10 Dec 2007 17:30:42 +0100 Received: from xbh-ams-332.emea.cisco.com (xbh-ams-332.cisco.com [144.254.231.87]) by ams-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id lBAGUgmc025470; Mon, 10 Dec 2007 16:30:42 GMT Received: from xfe-ams-332.cisco.com ([144.254.231.73]) by xbh-ams-332.emea.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Dec 2007 17:30:42 +0100 Received: from Townsley-MacBook.local ([10.61.65.163]) by xfe-ams-332.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Dec 2007 17:30:41 +0100 Message-ID: <475D69AF.90703@cisco.com> Date: Mon, 10 Dec 2007 17:30:39 +0100 From: Mark Townsley User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Julien Laganier References: <200712101628.53066.julien.IETF@laposte.net> In-Reply-To: <200712101628.53066.julien.IETF@laposte.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Dec 2007 16:30:41.0394 (UTC) FILETIME=[01352D20:01C83B4A] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4959; t=1197304242; x=1198168242; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=townsley@cisco.com; z=From:=20Mark=20Townsley=20 |Subject:=20Re=3A=20=22Minor=22=20correction=20to=20hip-rvs |Sender:=20; bh=FQuSNzD/HgzIM7KxjOP521daad7xhdLfCnJGKpCWUNs=; b=GErjIQMRUD7VSoo98vTSnR8ELmpOBK3Zz2XDyKu8Wk3Hl1HS8ZOL6jhp6c UPuZv4xZsf7QIgKhXnqZKz7Xye85sRYCsvzGRlnBUbO+5BsgQehgXBS/jn8a 5o2iTnnKzN; Authentication-Results: ams-dkim-1; header.From=townsley@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; ); X-Spam-Score: -4.0 (----) X-Scan-Signature: a8a20a483a84f747e56475e290ee868e Cc: HIP Working Group , Jari Arkko , hip-chairs@tools.ietf.org Subject: [Hipsec] Re: "Minor" correction to hip-rvs X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Julien Laganier wrote: > Folks, > > While being polled for IANA action I noticed that the hip-rvs draft > still defines a RVS_HMAC parameter of fixed length, while the hip-base > draft does not: > > Value Parameter Type Length Data > Reference > -------- ---------------------- ---------- > ---------------------------------------- --------- > 65500 RVS_HMAC 20 > [RFC-ietf-hip-rvs-05.txt] > > Historically the RVS_HMAC related text from hip-rvs has been a near > copy/paste of the HMAC text from hip-base, only the parameter type (and > hence the location, after signature) would differ. > > The coupling between the two has been lost due to negligence on my part. > I lost track of the changes of HMAC in hip-base, i.e. addition of > pseudo hash agility. Therefore I think the RVS_MAC text in hip-rvs > shall be aligned with that of the HMAC in hip-base. > > That would require the change below to be carried on. I do not know > however how now that hip-rvs is in RFC Editor queue. ADs, can that be > done as part of AUTH-48? > Yes. If there are IANA implications, please be sure they know now. - Mark > --julien > > ---------------------------------------------------------------------- > > OLD: > > 4.2.1. RVS_HMAC Parameter > > The RVS_HMAC is a non-critical parameter whose only difference with > the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. > This change causes it to be located after the FROM parameter (as > opposed to the HMAC): > > Type [ TBD by IANA (65500 = 2^16 - 2^5 - 2^2) ] > Length 20 > HMAC 160 low order bits of a HMAC keyed with the > appropriate HIP integrity key (HIP_lg or HIP_gl), > established when rendezvous registration happened. > This HMAC is computed over the HIP packet, excluding > RVS_HMAC and any following parameters. The > "checksum" field MUST be set to zero and the HIP header > length in the HIP common header MUST be calculated > not to cover any excluded parameter when the > "authenticator" field is calculated. > > To allow a rendezvous client and its RVS to verify the integrity of > packets flowing between them, both SHOULD protect packets with an > added RVS_HMAC parameter keyed with the HIP_lg or HIP_gl integrity > key established while registration occurred. A valid RVS_HMAC SHOULD > be present on every packets flowing between a client and a server and > MUST be present when a FROM parameters is processed. > > NEW: > > 4.2.1. RVS_HMAC Parameter > > The RVS_HMAC is a non-critical parameter whose only difference with > the HMAC parameter defined in [I-D.ietf-hip-base] is its "type" code. > This change causes it to be located after the FROM parameter (as > opposed to the HMAC): > > Type [ TBD by IANA (65500 = 2^16 - 2^5 - 2^2) ] > Length length in octets, excluding Type, Length, and > Padding > HMAC 160 low order bits of a HMAC keyed with the > appropriate HIP integrity key (HIP_lg or HIP_gl), > established when rendezvous registration happened. > This HMAC is computed over the HIP packet, excluding > RVS_HMAC and any following parameters. The > "checksum" field MUST be set to zero and the HIP header > length in the HIP common header MUST be calculated > not to cover any excluded parameter when the > "authenticator" field is calculated. > > HMAC computed over the HIP packet, excluding the > RVS_HMAC parameter and any following parameters. The > HMAC is keyed with the appropriate HIP integrity key > (HIP-lg or HIP-gl) established when rendezvous > registration happened. The checksum field MUST be set to > zero and the HIP header length in the HIP common header > MUST be calculated not to cover any excluded parameters > when the HMAC is calculated. The size of the > HMAC is the natural size of the hash computation > output depending on the used hash function. > > To allow a rendezvous client and its RVS to verify the integrity of > packets flowing between them, both SHOULD protect packets with an > added RVS_HMAC parameter keyed with the HIP-lg or HIP-gl integrity > key established while registration occurred. A valid RVS_HMAC SHOULD > be present on every packets flowing between a client and a server and > MUST be present when a FROM parameters is processed. > > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 11 07:35:30 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J24Ke-0001H0-Lw; Tue, 11 Dec 2007 07:35:28 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J24Kd-0001FM-GA for hipsec@ietf.org; Tue, 11 Dec 2007 07:35:27 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J24Kc-0007IF-6E for hipsec@ietf.org; Tue, 11 Dec 2007 07:35:27 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 0AAAA1EF107; Tue, 11 Dec 2007 14:35:25 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id C75BC1EF100; Tue, 11 Dec 2007 14:35:24 +0200 (EET) In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 14:35:23 +0200 To: "Henderson, Thomas R" X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: f2728948111f2edaaf8980b5b9de55af Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Tom, Thanks for your reply. I've been thinking it for a while, and find only a couple of your arguments even slightly convincing. I think I have counter-arguments even to them, but let's see. My main argument is in the very end of this message -- before that I'll just try to tear down your other arguments. :-) >> I would like to see the DT to clearly express their considerations, >> in writing, for the WG to think about. > As background context, we are talking here about the syntax and > parameters of the STUN connectivity check that is used in ICE and > flows from end-to-end. I don't quite agree with that characterisation. I would say that we are talking here about the right approach for doing ICE-like connectivity checks to find out which address pairs to use for HIP- controlled control (HIP) and data (ESP, later others) traffic. > The requirement here is to make these look like the data so that > they flow through the NAT in the same way. I agree. > Since this is end-to-end, we could pick a HIP-based encoding and > put STUN parameters in there (if needed), or we could pick a STUN- > based encoding and put additional HIP parameters in there (if > needed), or invent some other coding altogether. I agree with that. > I do not doubt that the HIP WG or design team could come up with a > format more aligned to HIP. This I think is the main argument for > defining a HIP connectivity check format. I also think that it > would be viable to proceed down that path and it would have some > advantages. Ok. I have more to say about this, below. > However, I question whether it is good strategy for the moment to > try to optimize in that area, for a couple of reasons. > 1) taking the STUN format and aligning with STUN where we can makes > it easier for HIP to leverage the STUN/ICE developments and lessons > learned, and focus on other things. Hmm. I don't see how. When I went down to the STUN and TURN details (for writing the hip-sturn draft), I found there many things that are "inconvenient" from a HIP point of view, even to the level of I would call them incompatible. I no longer remember all of the details (I worked on that for only some 5 hours), but at least the following come still to my mind: a. TURN (and I think also STUN) security requires pre-distributed shared secrets, or alternatively need to have the ability to have a side channel. Pre-distributed creates an enrolment problem that HIP can trivially avoid, and using HIP to create such a side channel and then using STUN seems pointless to me; see below. b. I found STUN referral completely insecure (that's why I didn't specify how to do it but only referred to a missing HIP delegation spec). I suspect that might even form a vehicle for flooding redirection attacks, but I didn't analyse the situation well enough to see if that is really the case or not. c. TURN relaying is tightly bound to TCP and UDP, and incompatible with ESP relaying. Hence, while TURN could perhaps be used to relay ESP traffic, all that traffic would need to be UDP encapsulated. Hence, while I agree with you in principle, I don't believe that in practise we could use STUN in an unmodified form. I am pretty sure that we cannot use TURN as such. But, of course, I may be wrong. > 2) there seems to be some interest (see the SAFE BOF this week: > http://www3.ietf.org/proceedings/07dec/slides/safe-0.pdf ) for > vendors to build middleboxes that can tag the STUN messages for > optimizing (reducing) the keep-alive traffic. If we wanted to take > advantage of that (if that work were to go forward), we would want > to look like STUN in that case. OK. This is the first argument that I find somewhat convincing. I see the point. However, after some thinking, I have two counter-arguments: i) AFAICS, we can take advantages of such developments also through OPTIONAL mechanisms. That is, if using STUN would be optional for HIP, we would avoid making HIP dependent on STUN but still allow HIP to benefit from STUN where-ever there are such advanced STUN deployments. ii) As I argue towards the end of this message, I don't see how we could work _only_ with STUN servers. That is, to me it looks like that we will anyway need HIP-specific RVS servers. That makes STUN servers to look unnecessary to me. > 3) using the STUN format makes it easier to incorporate STUN/ICE by > reference in our design document. That would be a reason if we really could do so. However, as I wrote above, based on what I saw while writing the first incomplete version of the hip-sturn draft, I don't believe that to be case. I don't believe that we could use STUN as it is. But I may be wrong, and actually would like someone to prove me to be wrong, through implementation. (I've discussed this with some implementers, and they say that their early exploration indicates that changes to STUN may be inevitable.) Hence, if we would anyway need to adopt STUN to HIP, then I don't see much difference, i.e., I don't buy you argument of STUN-syntax approach being easier. I think we can refer to those documents even if we are using HIP-based syntax, and define just a delta. To clarify, I believe that independent of which of the two approaches is selected, such delta documents are needed, and that their complexity will be roughly at the same level. I do admit that the HIP-syntax- based deltas are likely to be somewhat longer, but they may turn out to be easier to implement and have better support for mobility and multi-homing. > By the same token, I have observed that some people in the P2PSIP > WG are questioning "Why HIP? Why not selectively pick good ideas > from HIP that are tailored to our particular problem requirements > and discard the rest?" And they may be right. HIP may be a bad match for their specific requirements. I think there is lots of good work in the STUN/TURN/ICE specs. However, I also find them very SIP-flavoured. That is, in many places they seem to assume a side channel (through SIP proxies). Hence, for HIP we will anyway need to reconstruct such a side channel; we definitely should not attempt to reuse SIP proxies for that. Consequently, if I'm right, we will need HIP RVS servers, and therefore we will not *need* (but could still optionally use) STUN servers. See below. > For consistency, I think it is not the best stance to be > recommending on the one hand "do not, by default, cherry-pick > pieces of HIP; consider the overall system before you resort to > that" while on the other saying "we want to take only the pieces of > ICE/STUN that make sense for us." If we find strong technical > reasons to diverge, so be it, but that is not the case here from > what I understand. While I can sympathise with your political arguments, I do see here technical reasons, as explained above and below. > Regarding architectural purity, since we are talking about NAT > traversal, I think we are already sullied unfortunately. Ok, that is the second argument I find somewhat convincing. :-) But perhaps there are grades even in ugliness :-) More seriously, I am concerned about unnecessary circular dependencies and enrolment hurdles. > I understand the possible concern that things that are developed/ > used for NAT traversal leak into other aspects of the HIP design > (when not running over NAT), but we will just need I think to > monitor and evaluate that as it comes up. My personal feeling is > that, in the public internet, operating over NATs will be a very > common mode of operation for some time to come. Here we seem to agree. > Also, you can see from Gonzalo's post that we reserved the right to > revert this decision in a few months if it appears that we goofed, > and the view was expressed that if we were to do so in the future, > it would be easier to recover back to HIP than if we proceeded with > HIP initially and then later tried to map back to STUN. I also > think it would probably not be too much of a problem to add back in > a pure HIP version of these messages if it is desired later. Ok, that I can buy, even though I don't really see it as a convincing argument for STUN-based syntax. But if the DT/WG wants to play, I'm not too concerned with a six-months detour, either. :-) ------ Now, let me check if I still understand what the HIP NAT traversal is about. My understanding is that with just UDP encapsulation (and nothing else) a HIP host behind a legacy NAT can contact any (UDP- encapsulation-supporting) HIP host in the public Internet. Hence, solving the problem of having a client behind a NAT does not seem to require anything from STUN/TURN/ICE. Hence, the problem we are attempting to solve with STUN/TURN/ICE is the problem of connecting to a HIP server that is located behind a NAT box. By definition, a server behind a NAT box does not have a public IP address that one could send an I1 to. Hence, to be reachable in the first place, the server needs to register at least one RVS server at the DNS. Consequently, for the RVS server to be able to forward any arriving I1s to the server, the HIP server has to keep alive a UDP- encapsulated HIP control channel with the RVS server. In more practical terms, the HIP server has to create a HIP SA with the RVS server (base exchange, over UDP encapsulation), to register as a RVS client with the RVS server, and then keep up the UDP-encapsulated channel through the NAT so that the NAT will be able to forward any I1s from the RVS server to the HIP server. If that is the case, I fail to see where we need STUN or TURN servers. As I try to show in the hip-sturn draft, it is a trivial extension to the HIP protocol for the RVS server to inform the HIP server about its public IP address and UDP port, as seen by the RVS server. And that is exactly the service a STUN server is supposed to provide, and nothing else. Or am I mistaken here. Would a STUN server do something else but provide the HIP server with the external pair? What comes to TURN, the RVS server already provides the ability to forward (I1) packets to the HIP server. Hence, I fail to see for what TURN is needed. Hence, based on my perhaps completely flawed understanding, HIP does not need either STUN or TURN, as the same functionality either is already provided (TURN) or can be trivially provided (STUN) by the RVS server, which is needed anyway. Accordingly, all that HIP can adopt from the STUN/TURN/ICE work is really the ICE algorithm, which I have been advocating all way along. For the actual connectivity checks (Sections 7 and 8 of the ICE draft), I would simply use ESP, either as such or UDP-encapsulated, or whatever data encapsulation protocol is planned to be used if ESP is not used. If something is needed inside (to solicit replies), simple ICMP (i.e. ping) would suffice. Now. Where do I go astray? Or how the DT has thought to solve the problem in a different way so that STUN and/or TURN servers become useful? --Pekka Nikander _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 11 12:51:05 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J29G3-0005Hb-VI; Tue, 11 Dec 2007 12:51:03 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J29G3-0005C4-0J for hipsec@ietf.org; Tue, 11 Dec 2007 12:51:03 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J29G2-0005su-GH for hipsec@ietf.org; Tue, 11 Dec 2007 12:51:02 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 7E7C91EF102; Tue, 11 Dec 2007 19:51:01 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id 040A21EF100; Tue, 11 Dec 2007 19:51:00 +0200 (EET) In-Reply-To: <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <2F76F859-BDE3-4DFE-AD76-6B6EB8308B40@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 19:50:58 +0200 To: HIP Group X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 Cc: X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org An afterthought: > Now, let me check if I still understand what the HIP NAT traversal > is about. > > ... > > Hence, based on my perhaps completely flawed understanding, HIP > does not need either STUN or TURN, as the same functionality either > is already provided (TURN) or can be trivially provided (STUN) by > the RVS server, which is needed anyway. Accordingly, all that HIP > can adopt from the STUN/TURN/ICE work is really the ICE algorithm, > which I have been advocating all way along. So far so good, but ... > For the actual connectivity checks (Sections 7 and 8 of the ICE > draft), I would simply use ESP, either as such or UDP-encapsulated, > or whatever data encapsulation protocol is planned to be used if > ESP is not used. If something is needed inside (to solicit > replies), simple ICMP (i.e. ping) would suffice. ... here I was clearly too simplistic. Within those ESP, ESP-over- UDP, or why not anything-over-UDP packets, we need something more sophisticated than ping, as connectivity may be one-way. Alternatives that I see are the following: a) ICE-STUN messages according to the ICE spec. Here using plain STUN might be appropriate, iff SAFE were to take place and improve NAT behaviour. b) messages preserving ICE-STUN semantics, such as STUN-encapsulated- in-ESP-in-UDP, or STUN-with-HIP-syntax-encapsulated-in-UDP c) SHIM6 failure detection protocol [draft-ietf-shim6-failure- detection-09.txt], adopted to HIP. (Such adoption should be very straightforward due to the by-default packet compatibility.) Of course, there may be others that I fail to see now. --Pekka Nikander _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 11 15:05:46 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2BMO-0004V4-Ew; Tue, 11 Dec 2007 15:05:44 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2BML-0004Qz-Bp for hipsec@ietf.org; Tue, 11 Dec 2007 15:05:41 -0500 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J2BMK-0007KW-QI for hipsec@ietf.org; Tue, 11 Dec 2007 15:05:41 -0500 Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lBBK5V8m005181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 Dec 2007 12:05:31 -0800 (PST) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lBBK5Vqu010688; Tue, 11 Dec 2007 12:05:31 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lBBK5SRf010542; Tue, 11 Dec 2007 12:05:30 -0800 (PST) Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 11 Dec 2007 12:05:28 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 12:05:12 -0800 Message-ID: <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> In-Reply-To: <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] Using STUN for end-to-end connectivity checks Thread-Index: Acg78lBMyL6QZh+uQACv2lDe8wFDuQAHGXSQ References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> From: "Henderson, Thomas R" To: "Pekka Nikander" X-OriginalArrivalTime: 11 Dec 2007 20:05:28.0262 (UTC) FILETIME=[2CCAEE60:01C83C31] X-Spam-Score: 0.0 (/) X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Pekka, continuing this inline below=20 > -----Original Message----- > From: Pekka Nikander [mailto:pekka.nikander@nomadiclab.com]=20 > Sent: Tuesday, December 11, 2007 4:35 AM > To: Henderson, Thomas R > Cc: HIP > Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks >=20 >=20 > > However, I question whether it is good strategy for the moment to =20 > > try to optimize in that area, for a couple of reasons. > > 1) taking the STUN format and aligning with STUN where we=20 > can makes =20 > > it easier for HIP to leverage the STUN/ICE developments and=20 > lessons =20 > > learned, and focus on other things. >=20 > Hmm. I don't see how. When I went down to the STUN and TURN=20 > details =20 > (for writing the hip-sturn draft), I found there many things=20 > that are =20 > "inconvenient" from a HIP point of view, even to the level of=20 > I would =20 > call them incompatible. I no longer remember all of the details (I =20 > worked on that for only some 5 hours), but at least the following =20 > come still to my mind: >=20 > a. TURN (and I think also STUN) security requires pre-distributed =20 > shared secrets, or alternatively need to have the ability to have a =20 > side channel. Pre-distributed creates an enrolment problem that HIP =20 > can trivially avoid, and using HIP to create such a side channel and =20 > then using STUN seems pointless to me; see below. >=20 > b. I found STUN referral completely insecure (that's why I didn't =20 > specify how to do it but only referred to a missing HIP delegation =20 > spec). I suspect that might even form a vehicle for flooding =20 > redirection attacks, but I didn't analyse the situation well enough =20 > to see if that is really the case or not. >=20 > c. TURN relaying is tightly bound to TCP and UDP, and incompatible =20 > with ESP relaying. Hence, while TURN could perhaps be used to relay =20 > ESP traffic, all that traffic would need to be UDP encapsulated. >=20 > Hence, while I agree with you in principle, I don't believe that in =20 > practise we could use STUN in an unmodified form. I am pretty sure =20 > that we cannot use TURN as such. But, of course, I may be wrong. I have two responses here.=20 1) I feel that we need some implementation experience with these approaches before finalizing the NAT traversal draft; if what you forecast turns out to be true, then it should become evident when we try to work the details. However, my default preference is to push on the STUN/TURN approach until it is shown to be inadequate, rather than immediately decide to go the other way. 2) if there are indeed problems with STUN/TURN mechanisms, wouldn't it be better to fix those (or have those standards adopt HIP-friendly options or extensions) than run in parallel? I guess I don't really see the point of spending cycles right now to redefine and document (diffs) how all of these HIP parameters relate to ICE (btw, there are several more defined in ICE that are not mentioned in the sturn draft), and it doesn't offend my sensibilities to suggest that we just adopt STUN formatting for these messages. Rather, I think it would be nice if we find problems with STUN or TURN that we ask whether options or extensions could be made to accommodate HIP, and end up with a unified format. You mentioned that REAP/FD from shim6 is an alternative for these messages. While I agree that it is much better aligned, it neither supports IPv4 nor NAT traversal presently (although that also could be fixed). =20 Regards, Tom _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 11 15:26:47 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Bgk-00031w-NW; Tue, 11 Dec 2007 15:26:46 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Bgk-0002xj-1Q for hipsec@ietf.org; Tue, 11 Dec 2007 15:26:46 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2Bgj-00014Z-Df for hipsec@ietf.org; Tue, 11 Dec 2007 15:26:46 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 667711EF102; Tue, 11 Dec 2007 22:26:44 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id 148811EF100; Tue, 11 Dec 2007 22:26:44 +0200 (EET) In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 22:26:41 +0200 To: "Henderson, Thomas R" X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org >>> However, I question whether it is good strategy for the moment to >>> try to optimize in that area, for a couple of reasons. >>> 1) taking the STUN format and aligning with STUN where we can >>> makes it easier for HIP to leverage the STUN/ICE developments and >>> lessons learned, and focus on other things. >> >> Hmm. I don't see how. When I went down to the STUN and TURN >> details (for writing the hip-sturn draft), I found there many >> things that [...] I would call ... incompatible. >> >> >> >> Hence, while I agree with you in principle, I don't believe that >> in practise we could use STUN in an unmodified form. I am pretty >> sure that we cannot use TURN as such. But, of course, I may be >> wrong. > > I have two responses here. > > 1) I feel that we need some implementation experience with these > approaches before finalizing the NAT traversal draft; if what you > forecast turns out to be true, then it should become evident when > we try to work the details. However, my default preference is to > push on the STUN/TURN approach until it is shown to be inadequate, > rather than immediately decide to go the other way. I'm fine with that. As I said, I'm fine with the WG taking a six month detour. And, of course, I may well be wrong and it may turn out that what I currently consider as an almost-sure detour will turn out to be the right thing, after all. Having done the somewhat-detail thinking today, I am no longer that convinced that STUN would really be wrong for the ICE connectivity tests (ICE sections 7 and 8). There it may play nicely. However, I'm still pretty convinced that trying to utilise existing STUN and TURN servers will be pointless, and we'll do better just with HIP RVS servers. But I may be missing something there; I would even encourage people think of creative ways to use STUN or TURN servers as HIP RVS servers. That would be an ubercool (and very ugly) hack. :-) Almost as cool as the idea of carrying HIP I1s in TCP options. :-) > 2) if there are indeed problems with STUN/TURN mechanisms, wouldn't > it be better to fix those (or have those standards adopt HIP- > friendly options or extensions) than run in parallel? Maybe. I cannot say as I haven't followed BEHAVE. > You mentioned that REAP/FD from shim6 is an alternative for these > messages. While I agree that it is much better aligned, it neither > supports IPv4 nor NAT traversal presently (although that also could > be fixed). I don't see there any big issues in adding them. As far as I can see, connectivity testing is really that, independent of whether the path is IPv4, IPv6, or NATed IPv4. As long as the address candidates are there (and I still think the most sensible way to collect them in the NATted case is to use RLOCATOR from an RVS server), you can just churn them without really considering what kind of locators they are. Ok, looking at REAP it appears that we would need to define how to encode IPv4 addresses and IPv4+UDP address+port pairs in the REAP PROBE message, but as far as I could see, that would be the only modification needed. But I have to admit that I have not read ICE nor REAP in detail. Hence, I cannot really evaluate their pros and cons in real life situations. It would be nice if people implemented both, just to compare. That might even make a nice paper for someone. --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 12 03:41:19 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2N9Z-0000vS-Ch; Wed, 12 Dec 2007 03:41:17 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2N9X-0000vK-Ox for hipsec@ietf.org; Wed, 12 Dec 2007 03:41:15 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2N9X-0000Yd-9b for hipsec@ietf.org; Wed, 12 Dec 2007 03:41:15 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 667251EF109; Wed, 12 Dec 2007 10:41:14 +0200 (EET) Received: from [IPv6:2001:14b8:400:101::50] (unknown [IPv6:2001:14b8:400:101::50]) by n2.nomadiclab.com (Postfix) with ESMTP id 2D06F1EF102; Wed, 12 Dec 2007 10:41:14 +0200 (EET) Message-ID: <475FA018.9010800@nomadiclab.com> Date: Wed, 12 Dec 2007 10:47:20 +0200 From: Jan Mikael Melen User-Agent: Thunderbird 1.5.0.9 (X11/20070209) MIME-Version: 1.0 To: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> In-Reply-To: <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Pekka Nikander wrote: >> >> I have two responses here. >> >> 1) I feel that we need some implementation experience with these >> approaches before finalizing the NAT traversal draft; if what you >> forecast turns out to be true, then it should become evident when we >> try to work the details. However, my default preference is to push >> on the STUN/TURN approach until it is shown to be inadequate, rather >> than immediately decide to go the other way. > > I'm fine with that. As I said, I'm fine with the WG taking a six > month detour. And, of course, I may well be wrong and it may turn out > that what I currently consider as an almost-sure detour will turn out > to be the right thing, after all. > > Having done the somewhat-detail thinking today, I am no longer that > convinced that STUN would really be wrong for the ICE connectivity > tests (ICE sections 7 and 8). There it may play nicely. > > However, I'm still pretty convinced that trying to utilise existing > STUN and TURN servers will be pointless, and we'll do better just with > HIP RVS servers. But I may be missing something there; I would even > encourage people think of creative ways to use STUN or TURN servers as > HIP RVS servers. That would be an ubercool (and very ugly) hack. > :-) Almost as cool as the idea of carrying HIP I1s in TCP options. :-) > Concerning the STUN server usage for gathering your own addresses. Yes Pekka you are right and this was even decided by the DT that you have two different options how you gather them. First option is that you use the RVS to reflect your public address and second option is that you use STUN server which ever method you use is local policy issue. (Or even more generally speaking you could even manually configure your public addresses if you will) As I see it from our implementation point of view I don't see why would you ever use a STUN server to reflect the addresses but some of the DT members thought that this would be sensible option to be left open. IMHO the RVS option is more natural from HIP point of view. Maybe the STUN option could be handy, if the scenario would be that people would have deployed RVS servers as defined by the current draft-ietf-hip-rvs which do not reflect your address (yes I know there is also some other limitations with these type of RVS servers as well but let's not go there), but as I see it the NAT traversal stuff should be ready before any flavor of RVS servers will be deployed anyway. The TURN servers then again is a whole different story. It is like shooting a moving target. Even behave WG is not able to say yet how it looks like. They seem not to be able to even decide what kind of multiplexing header they would like to use which was once more modified :-) Regards, Jan _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 12 10:48:59 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2TpS-0003sB-FX; Wed, 12 Dec 2007 10:48:58 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2TpR-0003rx-CR for hipsec@ietf.org; Wed, 12 Dec 2007 10:48:57 -0500 Received: from smtp.nokia.com ([192.100.122.230] helo=mgw-mx03.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2TpP-0000IC-QT for hipsec@ietf.org; Wed, 12 Dec 2007 10:48:57 -0500 Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id lBCFmNnK013637; Wed, 12 Dec 2007 17:48:45 +0200 Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 17:48:40 +0200 Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 17:48:40 +0200 Received: from esdhcp035191.research.nokia.com ([172.21.35.191]) by esebh101.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Dec 2007 17:48:39 +0200 Message-Id: From: Lars Eggert To: ext Pekka Nikander In-Reply-To: <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Wed, 12 Dec 2007 17:48:40 +0200 References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> X-Mailer: Apple Mail (2.915) X-OriginalArrivalTime: 12 Dec 2007 15:48:40.0003 (UTC) FILETIME=[772AF130:01C83CD6] X-Nokia-AV: Clean X-Spam-Score: 0.0 (/) X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On 2007-12-11, at 22:26, ext Pekka Nikander wrote: > However, I'm still pretty convinced that trying to utilise existing > STUN and TURN servers will be pointless, and we'll do better just > with HIP RVS servers. But I may be missing something there; I would > even encourage people think of creative ways to use STUN or TURN > servers as HIP RVS servers. That would be an ubercool (and very > ugly) hack. :-) Almost as cool as the idea of carrying HIP I1s in > TCP options. :-) In case you said that last thing to see if I'm paying attention - I am :-) Seriously though, merging STUN/TURN with HIP RVS may make sense. As I understand it, although the old RFC3489 STUN was something that could be run on its own, the new-style 3489bis-style STUN merely provides some methods that can be used to build a NAT traversal solution, but isn't a complete one by itself. TURN uses the 3489bis-style STUN to do just that. It might be possible to use the 3489bis-style STUN with HIP RVS, to create a "HIP-TURN" thingie. (My meta-issue with STUN/TURN/ICE is that the current documents aren't consistent with one another. That makes it difficult to understand how the pieces fit together. In addition, they were written when STUN/TURN/ ICE was targeted at SIP and RTP, and are now being updated to be a more general NAT traversal suite for any type of traffic. Significant chunks of the documents have this implicit assumption that data = SIP or RTP, and if you read them with a different application in mind, they don't answer all the questions.) Lars _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 12 11:39:58 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Ucn-0004rX-Rd; Wed, 12 Dec 2007 11:39:57 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Ucm-0004rS-85 for hipsec@ietf.org; Wed, 12 Dec 2007 11:39:56 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-01.primus.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2Ucj-0001mF-Qx for hipsec@ietf.org; Wed, 12 Dec 2007 11:39:56 -0500 Received: from [216.13.42.68] (helo=[10.10.80.124]) by mail-01.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J2Uci-0008Q6-2r; Wed, 12 Dec 2007 11:39:53 -0500 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Some concerns regarding legacy NAT traversal solution Date: Tue, 11 Dec 2007 15:15:49 -0800 To: Tobias Heer X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.10.80.124]) [216.13.42.68] X-Spam-Score: 1.8 (+) X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5 Cc: hip WG X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Sorry to be slow in responding. A few comments inline. Hope this helps. - Philip On 5-Dec-07, at 00:21 , Tobias Heer wrote: > Hello, > > After following the discussions about HIP, ICE/STUN, and NAT > traversal today in the WG, I had some concerns regarding possible > solutions. Of course, I trust in the judgement of the NAT team (you > have all been working on the issue for quite some time), however, I > wonder how a possible solution could (will) look like. I'm not > asking for details about an yet unspecified solution but I'm rather > interested in the design space (specifically what tradeoffs seem > acceptable/realistic). I'm specially interested in the opinion of > the TURN people in the design team as you probably have the best > knowledge to answer the questions. > > In case STUN will be used for HIP, will there be a penalty in terms > of RTTs for running the additional protocol (first one, then the > other, or partially parallel)? If yes, will this additional time > also be required if no NAT is present (e.g. when moving from behind > a NAT to an un-NATed location)? I don't believe that any penalty will be required. > > Will STUN replace parts of the BEX or/and UPDATE procedure for > optimizing RTTs? If yes, how will these changes look like? STUN will just be used for connectivity checks. There are changes needed in the BEX and UPDATE procedure for NAT Traversal, regardless of the connectivity check protocol. > Will existing work based on HIP still be valid or will we have to > live with an entirely new BEX or UPDATE message exchange? Will > things like HIP aware NATs / Firewalls, etc. be harder to implement > because they must support both (STUN + HIP)? HIP-aware NATs and FWs might also need to understand STUN. However, there are other reasons to suspect that STUN-aware NATs and FWs might be produced. > > Concluding, is consistency with the MM and Base draft one of the > design goals of the NAT design team or may parts of these documents > be obsoleted by the NAT traversal approach? We will try to kept things fairly close, but changes WILL be required. > > To state it clearly: I'm not advocating any of the approaches... > I'm just interested what's possible and what's not. I hope I'm not > being too nosy. Thanks in advance. > > Best regards, > > Tobias > > > > > > > -- Dipl.-Inform. Tobias Heer, Ph.D. Student > Distributed Systems Group > RWTH Aachen University, Germany > http://ds.cs.rwth-aachen.de/members/heer > > > > > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 12 11:40:02 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Ucs-0004vD-3j; Wed, 12 Dec 2007 11:40:02 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Ucp-0004tq-Uh for hipsec@ietf.org; Wed, 12 Dec 2007 11:39:59 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-01.primus.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2Ucn-0001mM-Om for hipsec@ietf.org; Wed, 12 Dec 2007 11:39:59 -0500 Received: from [216.13.42.68] (helo=[10.10.80.124]) by mail-01.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J2Ucn-0008Q6-0h; Wed, 12 Dec 2007 11:39:57 -0500 In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 15:43:11 -0800 To: Pekka Nikander X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.10.80.124]) [216.13.42.68] X-Spam-Score: 1.8 (+) X-Scan-Signature: a92270ba83d7ead10c5001bb42ec3221 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org I am also on the HIP NAT Traversal team and I also voted using STUN for connectivity checks. Tom has expressed most of my thoughts below. I will just try to add a few more points. I could not see any strong technical arguments one way or another. The best technical arguments that anyone seemed to come up in either direction seemed to depend heavily on guesses on how the future would evolve. So a lot of it came down to gut feel. Personally, I feel that it is important to be practical and try to leverage the work being done elsewhere in the IETF as much as possible. As someone trying to sell the benefits of HIP to other (primarily P2PSIP), I already see a lot of "HIP - you cannot be serious" comments and non-verbal actions, and I felt that using HIP for connectivity checks would not help that situation. I will also note that I asked Jonathan Rosenberg for his opinion, and convinced him to come to the HIP WG meeting to express it. Personally, I am very willing to keep an open mind. If using STUN proves to be a mistake, then I think we can switch later, and also take that useful feedback to the BEHAVE working group. - Philip On 7-Dec-07, at 08:12 , Henderson, Thomas R wrote: > > >> -----Original Message----- >> From: Pekka Nikander [mailto:pekka.nikander@nomadiclab.com] >> Sent: Thursday, December 06, 2007 11:20 PM >> To: Gonzalo Camarillo >> Cc: HIP >> Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks >> >> I would like to see the DT to clearly express their considerations, >> in writing, for the WG to think about. >> >> Personally, I strongly suspect that the DT has made an >> architecturally wrong decision. However, I trust that the DT then >> has other concerns that they have considered more important than >> architectural beauty (which in the past has been a main concern, or >> perhaps even the main concern, when making design decisions w.r.t. >> HIP). Hence, I really want understand what those assumedly more >> important factors are. >> >> --Pekka Nikander > > Pekka, > > Here are my thoughts on this (as one of the STUN proponents): > > As background context, we are talking here about the syntax and > parameters of the STUN connectivity check that is used in ICE and > flows > from end-to-end. The requirement here is to make these look like the > data so that they flow through the NAT in the same way. Since this is > end-to-end, we could pick a HIP-based encoding and put STUN parameters > in there (if needed), or we could pick a STUN-based encoding and put > additional HIP parameters in there (if needed), or invent some other > coding altogether > > I do not doubt that the HIP WG or design team could come up with a > format more aligned to HIP. This I think is the main argument for > defining a HIP connectivity check format. I also think that it > would be > viable to proceed down that path and it would have some advantages. > > However, I question whether it is good strategy for the moment to > try to > optimize in that area, for a couple of reasons. > 1) taking the STUN format and aligning with STUN where we can makes it > easier for HIP to leverage the STUN/ICE developments and lessons > learned, and focus on other things. > 2) there seems to be some interest (see the SAFE BOF this week: > http://www3.ietf.org/proceedings/07dec/slides/safe-0.pdf ) for vendors > to build middleboxes that can tag the STUN messages for optimizing > (reducing) the keep-alive traffic. If we wanted to take advantage of > that (if that work were to go forward), we would want to look like > STUN > in that case. > 3) using the STUN format makes it easier to incorporate STUN/ICE by > reference in our design document. > > By the same token, I have observed that some people in the P2PSIP > WG are > questioning "Why HIP? Why not selectively pick good ideas from HIP > that > are tailored to our particular problem requirements and discard the > rest?" For consistency, I think it is not the best stance to be > recommending on the one hand "do not, by default, cherry-pick > pieces of > HIP; consider the overall system before you resort to that" while > on the > other saying "we want to take only the pieces of ICE/STUN that make > sense for us." If we find strong technical reasons to diverge, so be > it, but that is not the case here from what I understand. > > Regarding architectural purity, since we are talking about NAT > traversal, I think we are already sullied unfortunately. I understand > the possible concern that things that are developed/used for NAT > traversal leak into other aspects of the HIP design (when not running > over NAT), but we will just need I think to monitor and evaluate > that as > it comes up. My personal feeling is that, in the public internet, > operating over NATs will be a very common mode of operation for some > time to come. > > Also, you can see from Gonzalo's post that we reserved the right to > revert this decision in a few months if it appears that we goofed, and > the view was expressed that if we were to do so in the future, it > would > be easier to recover back to HIP than if we proceeded with HIP > initially > and then later tried to map back to STUN. I also think it would > probably not be too much of a problem to add back in a pure HIP > version > of these messages if it is desired later. > > Some of these points above are subjective and different people have > different views of the future; hence the lack of consensus on the > design > team. > > Regards, > Tom > >> >> On 7 Dec 2007, at 03:00, Gonzalo Camarillo wrote: >> >>> Folks, >>> >>> as I said in our WG session, I have pushed the NAT Traversal for >>> HIP design team to make a decision on the protocol to >> implement end- >>> to-end connectivity checks. The design team was spending too much >>> time thinking of this issue and, in my opinion (as HIP WG chair), >>> this was keeping the team from making progress. >>> >>> There were two proposals to implement the end-to-end connectivity >>> checks: using STUN or using HIP. The design team agreed to make a >>> decision before the end of the IETF. Today, we met for two >> hours to >>> make this decision. >>> >>> The idea was to make a design assumption (i.e., to use STUN or to >>> use HIP) so that the team can work on other open issues and >>> implementers can start experimenting. If by the time the >>> specification is more or less done and we have more implementation >>> experience, we find overwhelming evidence that this was the wrong >>> decision, the design team agreed that we would able to reevaluate >>> the decision. >>> >>> The design team could not reach unanimous consensus on which >>> protocol to use because there were technical arguments in favor of >>> both of them. Therefore, they had to vote. The STUN approach won >>> the voting (4 votes for STUN 2 votes for HIP). >>> >>> Consequently, from now on, the team will be working assuming STUN >>> as the protocol to implement end-to-end connectivity checks. >>> >>> Cheers, >>> >>> Gonzalo >>> HIP WG co-chair >>> >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@lists.ietf.org >>> https://www1.ietf.org/mailman/listinfo/hipsec >>> >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/hipsec >> > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Wed Dec 12 11:40:03 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Uct-0004yb-Q9; Wed, 12 Dec 2007 11:40:03 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Ucs-0004wQ-9l for hipsec@ietf.org; Wed, 12 Dec 2007 11:40:02 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-01.primus.ca) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J2Ucr-0001wT-Hv for hipsec@ietf.org; Wed, 12 Dec 2007 11:40:02 -0500 Received: from [216.13.42.68] (helo=[10.10.80.124]) by mail-01.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J2Ucp-0008Q6-1w; Wed, 12 Dec 2007 11:39:59 -0500 In-Reply-To: <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <249B68D7-58CF-4457-9703-57692AE0C29E@magma.ca> Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Tue, 11 Dec 2007 15:48:02 -0800 To: Pekka Nikander X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.10.80.124]) [216.13.42.68] X-Spam-Score: 1.8 (+) X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On 11-Dec-07, at 04:35 , Pekka Nikander wrote: [Long message snipped] > Now, let me check if I still understand what the HIP NAT traversal > is about. > > My understanding is that with just UDP encapsulation (and nothing > else) a HIP host behind a legacy NAT can contact any (UDP- > encapsulation-supporting) HIP host in the public Internet. Hence, > solving the problem of having a client behind a NAT does not seem > to require anything from STUN/TURN/ICE. > > Hence, the problem we are attempting to solve with STUN/TURN/ICE is > the problem of connecting to a HIP server that is located behind a > NAT box. > > By definition, a server behind a NAT box does not have a public IP > address that one could send an I1 to. Hence, to be reachable in > the first place, the server needs to register at least one RVS > server at the DNS. Consequently, for the RVS server to be able to > forward any arriving I1s to the server, the HIP server has to keep > alive a UDP-encapsulated HIP control channel with the RVS server. > In more practical terms, the HIP server has to create a HIP SA with > the RVS server (base exchange, over UDP encapsulation), to register > as a RVS client with the RVS server, and then keep up the UDP- > encapsulated channel through the NAT so that the NAT will be able > to forward any I1s from the RVS server to the HIP server. > > If that is the case, I fail to see where we need STUN or TURN > servers. As I try to show in the hip-sturn draft, it is a trivial > extension to the HIP protocol for the RVS server to inform the HIP > server about its public IP address and UDP port, as seen by the RVS > server. And that is exactly the service a STUN server is supposed > to provide, and nothing else. Or am I mistaken here. Would a STUN > server do something else but provide the HIP server with the > external pair? > > What comes to TURN, the RVS server already provides the ability to > forward (I1) packets to the HIP server. Hence, I fail to see for > what TURN is needed. > > Hence, based on my perhaps completely flawed understanding, HIP > does not need either STUN or TURN, as the same functionality either > is already provided (TURN) or can be trivially provided (STUN) by > the RVS server, which is needed anyway. Accordingly, all that HIP > can adopt from the STUN/TURN/ICE work is really the ICE algorithm, > which I have been advocating all way along. For the actual > connectivity checks (Sections 7 and 8 of the ICE draft), I would > simply use ESP, either as such or UDP-encapsulated, or whatever > data encapsulation protocol is planned to be used if ESP is not > used. If something is needed inside (to solicit replies), simple > ICMP (i.e. ping) would suffice. > > Now. Where do I go astray? Or how the DT has thought to solve the > problem in a different way so that STUN and/or TURN servers become > useful? > > --Pekka Nikander > Pekka: The use of the connectivity checks is not for getting HIP through NATs, but for getting the HIP Data plane (currently ESP) through NATs. All the stuff above is talking about HIP signaling, and your thoughts there are correct. - Philip _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 13 02:02:05 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2i56-0002os-Gy; Thu, 13 Dec 2007 02:02:04 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2i54-0002gX-Ut for hipsec@ietf.org; Thu, 13 Dec 2007 02:02:02 -0500 Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2i53-00007I-7Z for hipsec@ietf.org; Thu, 13 Dec 2007 02:02:02 -0500 Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id A18022DF9; Thu, 13 Dec 2007 09:02:00 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810 X-Spam-Niksula: No Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 165C22DFC; Thu, 13 Dec 2007 09:01:53 +0200 (EET) Date: Thu, 13 Dec 2007 09:01:53 +0200 (EET) From: Miika Komu X-X-Sender: mkomu@kekkonen.cs.hut.fi To: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks In-Reply-To: <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> Message-ID: References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Tue, 11 Dec 2007, Pekka Nikander wrote: Hi, > Hmm. I don't see how. When I went down to the STUN and TURN details (for > writing the hip-sturn draft), I found there many things that are > "inconvenient" from a HIP point of view, even to the level of I would call > them incompatible. I no longer remember all of the details (I worked on that > for only some 5 hours), but at least the following come still to my mind: > > a. TURN (and I think also STUN) security requires pre-distributed shared > secrets, or alternatively need to have the ability to have a side channel. > Pre-distributed creates an enrolment problem that HIP can trivially avoid, > and using HIP to create such a side channel and then using STUN seems > pointless to me; see below. If I recall correctly, it was Philip or Hannes who proposed to reuse HIP keymaterial with STUN. > b. I found STUN referral completely insecure (that's why I didn't > specify how to do it but only referred to a missing HIP delegation > spec). I suspect that might even form a vehicle for flooding > redirection attacks, but I didn't analyse the situation well enough to > see if that is really the case or not. STUN referral? > What comes to TURN, the RVS server already provides the ability to forward > (I1) packets to the HIP server. Hence, I fail to see for what TURN is needed. TURN (media relay) forwards ESP traffic, not HIP traffic. The functionality of forwarding ESP traffic should be decoupled from forwarding of HIP traffic. -- Miika Komu http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 13 02:02:17 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2i5J-0003HM-PJ; Thu, 13 Dec 2007 02:02:17 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2i5I-0003GE-M8 for hipsec@ietf.org; Thu, 13 Dec 2007 02:02:16 -0500 Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2i5I-00008C-7O for hipsec@ietf.org; Thu, 13 Dec 2007 02:02:16 -0500 Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id BCFC42DFC; Thu, 13 Dec 2007 09:02:15 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810 X-Spam-Niksula: No Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id BA1212DF3; Thu, 13 Dec 2007 09:02:08 +0200 (EET) Date: Thu, 13 Dec 2007 09:02:08 +0200 (EET) From: Miika Komu X-X-Sender: mkomu@kekkonen.cs.hut.fi To: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks In-Reply-To: <2F76F859-BDE3-4DFE-AD76-6B6EB8308B40@nomadiclab.com> Message-ID: References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <2F76F859-BDE3-4DFE-AD76-6B6EB8308B40@nomadiclab.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352 Cc: HIP Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Tue, 11 Dec 2007, Pekka Nikander wrote: >> For the actual connectivity checks (Sections 7 and 8 of the ICE draft), I >> would simply use ESP, either as such or UDP-encapsulated, or whatever data >> encapsulation protocol is planned to be used if ESP is not used. If >> something is needed inside (to solicit replies), simple ICMP (i.e. ping) >> would suffice. > > ... here I was clearly too simplistic. Within those ESP, ESP-over-UDP, or > why not anything-over-UDP packets, we need something more sophisticated than > ping, as connectivity may be one-way. Alternatives that I see are the > following: > > a) ICE-STUN messages according to the ICE spec. Here using plain STUN might > be appropriate, iff SAFE were to take place and improve NAT behaviour. > > b) messages preserving ICE-STUN semantics, such as > STUN-encapsulated-in-ESP-in-UDP, or STUN-with-HIP-syntax-encapsulated-in-UDP > > c) SHIM6 failure detection protocol > [draft-ietf-shim6-failure-detection-09.txt], adopted to HIP. (Such adoption > should be very straightforward due to the by-default packet compatibility.) > > Of course, there may be others that I fail to see now. Regarding to option b, I have also thought about STUN-encapsulated-in-ESP-in-UDP, but never said it aloud for some reasons. Here I am assuming that you are reusing the symmetric keys and SPIs generated during base exchange for STUN messages. I see at least three problems in this approach: * SPIs should be different on different network interfaces according to mm draft and you have only a single SPI pair after base exchange * STUN messages have to be forced to use HITs in order to force the STUN message to go through the ESP tunnel. The IP addresses are usually fixed in ESP SAs and you would have to do some weird variations in the SAs to get the STUN messages through IP addresses * I am not sure how cleanly this works after mobility events Regarding to option c, one of the decisions of the DT was that the format for the connectivity tests and failure detection should be unified. -- Miika Komu http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Thu Dec 13 08:53:29 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2oVD-0004rK-7f; Thu, 13 Dec 2007 08:53:27 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2oVB-0004hg-TK for hipsec@ietf.org; Thu, 13 Dec 2007 08:53:25 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-01.primus.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2oV8-0002gR-Eg for hipsec@ietf.org; Thu, 13 Dec 2007 08:53:25 -0500 Received: from [216.13.42.68] (helo=[10.10.80.124]) by mail-01.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J2oV7-0000KH-2p; Thu, 13 Dec 2007 08:53:21 -0500 In-Reply-To: <475FA018.9010800@nomadiclab.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <77F357662F8BFA4CA7074B0410171B6D04049A46@XCH-NW-5V1.nw.nos.boeing.com> <54633618-2438-4277-A4AF-E29167FCE35B@nomadiclab.com> <475FA018.9010800@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Thu, 13 Dec 2007 08:53:20 -0500 To: Jan Mikael Melen X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.10.80.124]) [216.13.42.68] X-Spam-Score: 0.0 (/) X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org > > The TURN servers then again is a whole different story. It is like > shooting a moving target. Even behave WG is not able to say yet how > it looks like. They seem not to be able to even decide what kind of > multiplexing header they would like to use which was once more > modified :-) > I agree that TURN is a moving target. However, the recent changes are all based on feedback from the WG, and there is strong pressure to finish TURN-UDP soon. I think that TURN-UDP will be finalized before the HIP NAT Traversal stuff is. - Philip _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 14 02:09:46 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J34fv-0001wr-SA; Fri, 14 Dec 2007 02:09:35 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J34ft-0001lT-Mf for hipsec@ietf.org; Fri, 14 Dec 2007 02:09:33 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J34fs-0005bu-Iv for hipsec@ietf.org; Fri, 14 Dec 2007 02:09:33 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 42BC71EF108; Fri, 14 Dec 2007 09:09:31 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id CE7C61EF102; Fri, 14 Dec 2007 09:09:30 +0200 (EET) In-Reply-To: <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Fri, 14 Dec 2007 09:08:29 +0200 To: Philip Matthews , Thomas R Henderson X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: a1852b4f554b02e7e4548cc7928acc1f Cc: HIP Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Philip, Tom, and others, First I must apologise for having misunderstood part of what the discussions and decision at Vancouver considered. Briefly, I did not understand that the term "connectivity check" in the decision was limited to consider the ICE end-to-end connectivity checks, as per Sections 7 and 8 of the ICE draft, and not to connectivity checks e.g. w.r.t between a HIP host and an RVS server. Once I've understood that (thanks to many people for clarifying this, both on the list and in off-list discussions), I see that I've risen a storm in glass of water. Yes, I know several people said this to me upfront, but it took some time for me to understand. Sorry for my denseness, especially to you, Tom. I was stubborn enough not to understand the issue from your first mail. My apologies. [My only excuse here is that I do not see any big structural differences between different types of connectivity checks, and therefore tend to clump together all kinds of them. See also below.] I think there are still some issues, but much smaller than I originally thought. Consequently, I have to reconsider both Philip's and Tom's argumentation. That I do below. Philip wrote: > I could not see any strong technical arguments one way or another. > The best technical arguments that anyone seemed to come up in > either direction seemed to depend heavily on guesses on how the > future would evolve. Having now understood what the issue is about, and that it is NOT about whether to use HIP RVS or STUN/TURN servers, I tend to almost agree. While I do see there technical arguments for not using STUN (see below), they appear sufficiently vague so that I think we need to resort to experimentation to bring light to the issue. > Personally, I am very willing to keep an open mind. If using STUN > proves to be a mistake, then I think we can switch later, and also > take that useful feedback to the BEHAVE working group. I like this attitude, and think the DT/WG can continue on the selected path. Tom wrote: >> However, I question whether it is good strategy for the moment to >> try to optimize in that area, for a couple of reasons. >> >> 1) taking the STUN format and aligning with STUN where we can >> makes it easier for HIP to leverage the STUN/ICE developments and >> lessons learned, and focus on other things. I agree that it can make it easier for HIP to leverage. However, I'm still worried about the shortfalls of STUN/ICE, in areas such as mobility, multi-homing, non-NATed (ESP) connections, and asynchronous paths. The biggest issue here that I see is HIP desire to support other protocols but TCP and UDP, something that does not currently seem to align well with STUN/TURN. >> 2) there seems to be some interest (see the SAFE BOF this week: >> http://www3.ietf.org/proceedings/07dec/slides/safe-0.pdf ) for >> vendors to build middleboxes that can tag the STUN messages for >> optimizing (reducing) the keep-alive traffic. If we wanted to >> take advantage of that (if that work were to go forward), we would >> want to look like STUN in that case. I think that I already acknowledged that this may be a good reason to use STUN packet formats. But maybe I didn't; I've been working with too many things lately so that my memory tends to fail time-to-time. >> 3) using the STUN format makes it easier to incorporate STUN/ICE >> by reference in our design document. Again, I now have to admit that maybe. However, given my concerns above I am still not convinced. >> Regarding architectural purity, since we are talking about NAT >> traversal, I think we are already sullied unfortunately. If connectivity checks were only about NAT traversal, I would need to fully agree. However, given that I see the connectivity checks like this also needed in mobility (for return routability), multi-homing (for robustness), and therefore for non-NAT cases, I cannot fully agree. I think we have to think about the overall architecture just because connectivity checks are not only about NATs. >> I understand the possible concern that things that are developed/ >> used for NAT traversal leak into other aspects of the HIP design >> (when not running over NAT), but we will just need I think to >> monitor and evaluate that as it comes up. Ok, I can live with that, as long as the DT keeps a keen eye on exactly those issues. ----------- That all given, my main concerns seem to boil down to the following (but perhaps I'm still densely denying reality in some sense :-): 1. Return routability in mobility and connectivity checks for NAT are architecturally the same thing, though for different purposes. 2. Connectivity checks for multi-homing (a la SHIM6 REAP) and to determine a best address-pair for NAT-traversal are architecturally the same thing, with some differences related to NAT-state and asymmetric paths. Given that, and given that I have not read in detail REAP nor ICE drafts, I cannot determine what is the best way forward. As longer- term options, I see the following possibilities: a. Design how to use STUN for return routability (could be already there -- need to be checked) and fail-over (needs work). b. Design how to use REAP for NATed case (could be trivial or could require more work). Personally, I would prefer the latter path, as it looks architecturally better aligned to me. However, when we are dealing with legacy systems (NATs) and potential developments such as the SAFE proposal, non-architectural considerations may be more valuable than purely architectural ones. ---------- From this, I think we get to a question that seems to fall between INT and TSV areas (I hope the ADs are listening). How to proceed towards a unified connectivity check architecture for mobility, multi- homing, and NAT-traversal? Such an (micro)architecture is needed for HIP, but could potentially benefit also other, non-HIP systems. --Pekka Nikander _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 14 06:20:44 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J38ap-0006Dp-7B; Fri, 14 Dec 2007 06:20:35 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J38ao-0006D4-9e for hipsec@ietf.org; Fri, 14 Dec 2007 06:20:34 -0500 Received: from n2.nomadiclab.com ([2001:14b8:400:101::2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J38an-0002HF-MA for hipsec@ietf.org; Fri, 14 Dec 2007 06:20:34 -0500 Received: from n2.nomadiclab.com (localhost [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id B073E1EF108; Fri, 14 Dec 2007 13:20:32 +0200 (EET) Received: from [127.0.0.1] (localhost [IPv6:::1]) by n2.nomadiclab.com (Postfix) with ESMTP id 78CD71EF102; Fri, 14 Dec 2007 13:20:32 +0200 (EET) In-Reply-To: References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <7463A868-E7D0-49FD-B1CE-61F28315EECA@nomadiclab.com> <2F76F859-BDE3-4DFE-AD76-6B6EB8308B40@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Pekka Nikander Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Fri, 14 Dec 2007 13:20:28 +0200 To: Miika Komu X-Mailer: Apple Mail (2.752.3) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: -1.4 (-) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 Cc: HIP Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Trying to think about this even more ... >>> For the actual connectivity checks (Sections 7 and 8 of the ICE >>> draft), I would simply ... whatever data encapsulation protocol >>> is planned to be used. ... I became stuck the above observation of mine. I think here we have a major difference between SIP and HIP: - in the SIP architecture, the actual data is carried by plain UDP or TCP, using different protocols above - in the HIP architecture, the actual data is always encapsulated, in a form or another, in order to associate the data with a HIT pair, since the pair of IP addresses may be insufficient to indicate the HIT pair. Hence, when considering ICE-like connectivity with HIP, there will always be such an encapsulation protocol. Now, the *encapsulation* protocol could be UDP, in which case STUN might really be the right choice. However, even in that case there would be an explicit decapsulator in the HIP case; something which typically is missing in a SIP case. Hence, ... >> Within those [data protocol connectivity check] packets, we need >> something more sophisticated than ping, as connectivity may be one- >> way. Alternatives that I see are the following: >> a) ICE-STUN messages according to the ICE spec >> b) messages preserving ICE-STUN semantics [but differently encoded] >> c) SHIM6 failure detection protocol ... ... I am starting to lean towards a direction where I think, tentatively, that the connectivity check protocol should be architecturally coupled with the data encapsulation protocol, in a way or another. Apparently, the simplest case is where the connectivity check protocol is run within the data encapsulation protocol, as a separate protocol. That would, presumedly, lead to maximum data path compatibility, since the boxes in the middle could not tell a connectivity check packet from a regular data packet. If I am right in that thinking, then for *current* HIP, the options that apparently would do most sense are the following: i) ICE-STUN-within-ESP, either UDP encapsulated or not ii) REAP-within-ESP, either UDP encapsulated or not Thoughts about that? Miika writes: > Regarding to option b) [aka i)], I have also thought about STUN- > encapsulated-in-ESP-in-UDP, but never said it aloud for some > reasons. Here I am assuming that you are reusing the symmetric keys > and SPIs generated during base exchange for STUN messages. That was my assumption. But then we have to remember that it wouldn't be just a plain base exchange, but it would also need to exchange the address/locator candidates. > I see at least three problems in this approach: > > * SPIs should be different on different network interfaces > according to > mm draft and you have only a single SPI pair after base exchange Hmm. Not necessarily, if you space the probes long enough from each other. The reason for the different SPIs was to handle replay protection, which would become on the way if some of the links are really slow. Here, if you manage to get packets both though a slow link > * STUN messages have to be forced to use HITs in order to force the > STUN > message to go through the ESP tunnel. The IP addresses are > usually fixed in ESP SAs and you would have to do some weird > variations in the SAs to get the STUN messages through IP addresses Hmm. I don't quite understand this. > * I am not sure how cleanly this works after mobility events This may be a concern. Can you clarify more? --Pekka _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 14 14:01:23 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Fmk-0004tg-SI; Fri, 14 Dec 2007 14:01:22 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Fmj-0004ta-70 for hipsec@ietf.org; Fri, 14 Dec 2007 14:01:21 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-06.primus.ca) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J3Fmi-0006Bi-OI for hipsec@ietf.org; Fri, 14 Dec 2007 14:01:21 -0500 Received: from [216.13.42.68] (helo=[10.10.80.124]) by mail-06.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J3Fmh-00063a-2H; Fri, 14 Dec 2007 14:01:19 -0500 In-Reply-To: <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Fri, 14 Dec 2007 14:01:20 -0500 To: Pekka Nikander X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.10.80.124]) [216.13.42.68] X-Spam-Score: 0.0 (/) X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c Cc: HIP Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On 14-Dec-07, at 02:08 , Pekka Nikander wrote: [First portion of message snipped.] > > > That all given, my main concerns seem to boil down to the following > (but perhaps I'm still densely denying reality in some sense :-): > > 1. Return routability in mobility and connectivity checks for NAT > are architecturally the same thing, though for different purposes. > > 2. Connectivity checks for multi-homing (a la SHIM6 REAP) and to > determine a best address-pair for NAT-traversal are architecturally > the same thing, with some differences related to NAT-state and > asymmetric paths. I agree that these seems to be basically the same thing. Personally, I think that ICE needs to be extended to handle mobility and perhaps multihoming. From what I hear from Marcelo, the Mobile IP folk are interested in the former as well. > > Given that, and given that I have not read in detail REAP nor ICE > drafts, I cannot determine what is the best way forward. As longer- > term options, I see the following possibilities: > > a. Design how to use STUN for return routability (could be already > there -- need to be checked) and fail-over (needs work). > > b. Design how to use REAP for NATed case (could be trivial or could > require more work). > > Personally, I would prefer the latter path, as it looks > architecturally better aligned to me. However, when we are dealing > with legacy systems (NATs) and potential developments such as the > SAFE proposal, non-architectural considerations may be more > valuable than purely architectural ones. I don't know much about REAP, but I agree that ICE and REAP seem to be similar protocols. So I mostly influenced by Marcelo, who has said that he thinks we are better off starting with ICE and adding mobility and multihoming, than starting with REAP and adding NAT traversal and mobility. > > ---------- > > From this, I think we get to a question that seems to fall between > INT and TSV areas (I hope the ADs are listening). How to proceed > towards a unified connectivity check architecture for mobility, > multi-homing, and NAT-traversal? Such an (micro)architecture is > needed for HIP, but could potentially benefit also other, non-HIP > systems. Marcelo pointed this out to me back in Chicago and we both spoke to a number of people about it. I was hoping that the HIP work would be a part of such an effort, but it doesn't currently seem to be. - Philip _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Sat Dec 15 00:20:47 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3PS6-0006J4-Nu; Sat, 15 Dec 2007 00:20:42 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3PS5-0006Ix-ES for hipsec@ietf.org; Sat, 15 Dec 2007 00:20:41 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J3PS3-00042n-TH for hipsec@ietf.org; Sat, 15 Dec 2007 00:20:41 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id AC22B207B6; Sat, 15 Dec 2007 06:20:36 +0100 (CET) X-AuditID: c1b4fb3e-b1ea5bb00000459d-17-47636424f334 Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id A05582156B; Sat, 15 Dec 2007 06:20:36 +0100 (CET) Received: from esealmw126.eemea.ericsson.se ([153.88.254.174]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Dec 2007 06:20:36 +0100 Received: from [131.160.126.61] ([131.160.126.61]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Dec 2007 06:20:35 +0100 Message-ID: <47636423.2020105@ericsson.com> Date: Sat, 15 Dec 2007 07:20:35 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 15 Dec 2007 05:20:36.0001 (UTC) FILETIME=[38FDD110:01C83EDA] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: -1.0 (-) X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad Cc: Subject: [Hipsec] Draft HIP WG MoMs X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Folks, here you have the draft minutes of our last face-to-face HIP WG meeting: http://www3.ietf.org/proceedings/07dec/minutes/hip.txt Comments are welcome. Cheers, Gonzalo HIP WG co-chair _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Sat Dec 15 00:32:02 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Pd3-0005jB-Rd; Sat, 15 Dec 2007 00:32:01 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Pd2-0005j6-VX for hipsec@ietf.org; Sat, 15 Dec 2007 00:32:00 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J3Pd2-0004LO-GM for hipsec@ietf.org; Sat, 15 Dec 2007 00:32:00 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id E6D92201CE; Sat, 15 Dec 2007 06:31:59 +0100 (CET) X-AuditID: c1b4fb3e-b0ea3bb00000459d-db-476366cf681d Received: from esealmw129.eemea.ericsson.se (unknown [153.88.254.124]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id D06A2200AC; Sat, 15 Dec 2007 06:31:59 +0100 (CET) Received: from esealmw127.eemea.ericsson.se ([153.88.254.171]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Dec 2007 06:31:59 +0100 Received: from [131.160.126.61] ([131.160.126.61]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Dec 2007 06:31:58 +0100 Message-ID: <476366CE.80904@ericsson.com> Date: Sat, 15 Dec 2007 07:31:58 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 15 Dec 2007 05:31:58.0966 (UTC) FILETIME=[D0120160:01C83EDB] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: -1.0 (-) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Cc: Subject: [Hipsec] Raw notes from HIP meeting X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi, as usual, I have made the raw notes from the meeting available at our supplementary page: http://hip.piuha.net/meetings/ietf70/ Cheers, Gonzalo _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Sat Dec 15 09:35:55 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Y7O-0005hn-5f; Sat, 15 Dec 2007 09:35:54 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Y7M-0005hY-J6 for hipsec@ietf.org; Sat, 15 Dec 2007 09:35:52 -0500 Received: from smtp02.uc3m.es ([163.117.176.132]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J3Y7L-0005vv-1x for hipsec@ietf.org; Sat, 15 Dec 2007 09:35:52 -0500 Received: from [192.168.1.131] (245.45.217.87.dynamic.jazztel.es [87.217.45.245])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp02.uc3m.es (Postfix) with ESMTP id A1E0C2AEF17;Sat, 15 Dec 2007 15:35:49 +0100 (CET) In-Reply-To: <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> References: <47589B41.2080009@ericsson.com><77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.n w .nos.boeing.com><4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: marcelo bagnulo braun Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Sat, 15 Dec 2007 15:35:58 +0100 To: Pekka Nikander X-Mailer: Apple Mail (2.752.3) X-imss-version: 2.049 X-imss-result: Passed X-imss-scanInfo: M:B L:E SM:2 X-imss-tmaseResult: TT:1 TS:-3.2189 TC:1F TRN:27 TV:5.0.1023(15608.000) X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) X-Spam-Score: -1.9 (-) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Cc: HIP Group , Philip Matthews X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org El 14/12/2007, a las 8:08, Pekka Nikander escribi=F3: >>> Regarding architectural purity, since we are talking about NAT =20 >>> traversal, I think we are already sullied unfortunately. > > If connectivity checks were only about NAT traversal, I would need =20 > to fully agree. However, given that I see the connectivity checks =20 > like this also needed in mobility (for return routability), multi-=20 > homing (for robustness), and therefore for non-NAT cases, I cannot =20 > fully agree. I think we have to think about the overall =20 > architecture just because connectivity checks are not only about NATs. > one more thing about this: afaiu, probably NAT traversal techniques =20 are not only required for dealing with nats but also to deal with =20 stateful firewalls. So we need this not only in the v4 natted cas, =20 but also in the more general case, for instance a v6 only case with =20 stateful firewall in the middle of the path. So, i am so worried about importing this t the multihoming and =20 mobility case, since we would have done that in any cas to deal with =20 the firewall case Regards, marcelo _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Sat Dec 15 09:35:57 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Y7R-0005j8-Be; Sat, 15 Dec 2007 09:35:57 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J3Y7P-0005ht-5n for hipsec@ietf.org; Sat, 15 Dec 2007 09:35:55 -0500 Received: from smtp02.uc3m.es ([163.117.176.132]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J3Y7O-0003n5-A6 for hipsec@ietf.org; Sat, 15 Dec 2007 09:35:55 -0500 Received: from [192.168.1.131] (245.45.217.87.dynamic.jazztel.es [87.217.45.245])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp02.uc3m.es (Postfix) with ESMTP id C6DF82AEF17;Sat, 15 Dec 2007 15:35:52 +0100 (CET) In-Reply-To: References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: <5F6D5046-74CB-4972-8EB9-E494EBACA37E@it.uc3m.es> Content-Transfer-Encoding: quoted-printable From: marcelo bagnulo braun Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks Date: Sat, 15 Dec 2007 15:36:02 +0100 To: Philip Matthews X-Mailer: Apple Mail (2.752.3) X-imss-version: 2.049 X-imss-result: Passed X-imss-scanInfo: M:B L:E SM:2 X-imss-tmaseResult: TT:1 TS:-16.3652 TC:1F TRN:82 TV:5.0.1023(15608.000) X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) X-Spam-Score: 2.1 (++) X-Scan-Signature: 200d029292fbb60d25b263122ced50fc Cc: HIP Group X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi, El 14/12/2007, a las 20:01, Philip Matthews escribi=F3: > > On 14-Dec-07, at 02:08 , Pekka Nikander wrote: > > [First portion of message snipped.] > >> >> >> That all given, my main concerns seem to boil down to the =20 >> following (but perhaps I'm still densely denying reality in some =20 >> sense :-): >> >> 1. Return routability in mobility and connectivity checks for NAT =20 >> are architecturally the same thing, though for different purposes. >> >> 2. Connectivity checks for multi-homing (a la SHIM6 REAP) and to =20 >> determine a best address-pair for NAT-traversal are =20 >> architecturally the same thing, with some differences related to =20 >> NAT-state and asymmetric paths. > > I agree that these seems to be basically the same thing. =20 > Personally, I think that ICE needs to be extended to handle =20 > mobility and perhaps multihoming. =46rom what I hear from Marcelo, =20 > the Mobile IP folk are interested in the former as well. > Well there are some people in the mobility community that are =20 proposing that and i am personally interested, but it is far from =20 general i would say. > >> >> Given that, and given that I have not read in detail REAP nor ICE =20 >> drafts, I cannot determine what is the best way forward. As =20 >> longer-term options, I see the following possibilities: >> >> a. Design how to use STUN for return routability (could be already =20= >> there -- need to be checked) and fail-over (needs work). >> >> b. Design how to use REAP for NATed case (could be trivial or =20 >> could require more work). >> >> Personally, I would prefer the latter path, as it looks =20 >> architecturally better aligned to me. However, when we are =20 >> dealing with legacy systems (NATs) and potential developments such =20= >> as the SAFE proposal, non-architectural considerations may be more =20= >> valuable than purely architectural ones. > > I don't know much about REAP, but I agree that ICE and REAP seem to =20= > be similar protocols. So I mostly influenced by Marcelo, who has =20 > said that he thinks we are better off starting with ICE and adding =20 > mobility and multihoming, than starting with REAP and adding NAT =20 > traversal and mobility. > as you know, i was proposing the adoption of REAP for HIP =20 multihoming. REAP was designed in a way that it can be trivially =20 adopted in HIP. The first issue that need to be addressed, as Tom has =20= mentioned, one is about v4 support. That is very easy and i don't =20 think it is a problem The second thing is much more critical and it is about supporting =20 unidirectional paths. In shim6 we have decided that we needed to support unidirectional =20 paths, in order to be robust in the case of ingress filters. This was =20= a design decision in shim6 and the result is the REAP protocol which =20 is somehow more complex than a simple return routability check. As you mentioned it seems clear that connectivity checks, failure =20 detection keepalives, return routability checks for flooding =20 prevention and keepalives to preserve nat binding state can be =20 performed by the same type of packets. The main difference is about =20 frequency and some additional information you need to include in some =20= cases, but i guess it is fairly asy to find a single packet format =20 that can be used in all cases without much additional cost. However, it seems harder to extend this unidirectional path support =20 that REAP provides for the NAT case in particular and for preserving =20 NAT state alive. This is so because in some cases, since we are =20 asuming unidirectional paths, the first packet can come from either =20 direction. So if we want to support REAP in nat environments, we =20 would need to do more work that would be non trivila imho to support =20 the unidirectional path work. If we don't support the unidirectional =20 path case, then we are not really ding rap, we are merely doing a =20 return routability check imho. The question then is whether this is =20 worth it. I really think that the complexity would be big and i think =20= that at this stage and as a base mechanism, we should be able to live =20= with the bidirectional assumption and leave the unidirectional case =20 for future work at this stage. So, imho we should use a single packet format for connectivity tests, =20= failure detection, return routability and keeping nat state and at =20 this stage we could do the bidirectional path assumption and probably =20= we should be able to find a solution that provides most of th =20 functionality that would be way much easy to understand and implment =20 that having separate mechanisms and packet format for these. > > >> >> ---------- >> >> =46rom this, I think we get to a question that seems to fall between =20= >> INT and TSV areas (I hope the ADs are listening). How to proceed =20 >> towards a unified connectivity check architecture for mobility, =20 >> multi-homing, and NAT-traversal? Such an (micro)architecture is =20 >> needed for HIP, but could potentially benefit also other, non-HIP =20 >> systems. > exactly this is needed in many protocols imho, HIP being one, but mip could =20 also benefit from something like this. This is why probably a general =20= nat traversal solution is very attractive and ICE seems a good =20 starting point for this imho. I mean, essntially ICE is the response =20 to that problem from the SIP community, so probbaly with their help =20 we can extend this to the other protocols Regards, marcelo > Marcelo pointed this out to me back in Chicago and we both spoke to =20= > a number of people about it. I was hoping that the HIP work would =20 > be a part of such an effort, but it doesn't currently seem to be. > > - Philip > > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 17 10:57:25 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4ILM-0007OI-A2; Mon, 17 Dec 2007 10:57:24 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4ILK-0007O6-BE for hipsec@ietf.org; Mon, 17 Dec 2007 10:57:22 -0500 Received: from twilight.cs.hut.fi ([130.233.40.5]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J4ILJ-0003YV-Sf for hipsec@ietf.org; Mon, 17 Dec 2007 10:57:22 -0500 Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 036312FA3; Mon, 17 Dec 2007 17:57:20 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810 X-Spam-Niksula: No Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 407F12F9B; Mon, 17 Dec 2007 17:57:11 +0200 (EET) Date: Mon, 17 Dec 2007 17:57:11 +0200 (EET) From: Miika Komu X-X-Sender: mkomu@kekkonen.cs.hut.fi To: marcelo bagnulo braun Subject: Re: [Hipsec] Using STUN for end-to-end connectivity checks In-Reply-To: <5F6D5046-74CB-4972-8EB9-E494EBACA37E@it.uc3m.es> Message-ID: References: <47589B41.2080009@ericsson.com> <77F357662F8BFA4CA7074B0410171B6D04049A2A@XCH-NW-5V1.nw.nos.boeing.com> <4AEF8C83-7390-425D-B630-CE43429D1520@magma.ca> <26B942A3-4DC3-42AE-B003-AAF57967270B@nomadiclab.com> <5F6D5046-74CB-4972-8EB9-E494EBACA37E@it.uc3m.es> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Score: 0.0 (/) X-Scan-Signature: 52e1467c2184c31006318542db5614d5 Cc: HIP Group , Philip Matthews X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org On Sat, 15 Dec 2007, marcelo bagnulo braun wrote: Hi, > However, it seems harder to extend this unidirectional path support that > REAP provides for the NAT case in particular and for preserving NAT > state alive. This is so because in some cases, since we are asuming > unidirectional paths, the first packet can come from either direction. > So if we want to support REAP in nat environments, we would need to do > more work that would be non trivila imho to support the unidirectional > path work. If we don't support the unidirectional path case, then we are > not really ding rap, we are merely doing a return routability check > imho. The question then is whether this is worth it. I really think that > the complexity would be big and i think that at this stage and as a base > mechanism, we should be able to live with the bidirectional assumption > and leave the unidirectional case for future work at this stage. Agree. > So, imho we should use a single packet format for connectivity tests, > failure detection, return routability and keeping nat state and at this > stage we could do the bidirectional path assumption and probably we > should be able to find a solution that provides most of th functionality > that would be way much easy to understand and implment that having > separate mechanisms and packet format for these. The extensions for STUN that we have to write will be deployed far later than the current bis version, if ever. Also, I think we may have made a related conflicting choice in the design team; to avoid optimization and to use unified connectivity/failure/return/nat packet format. For these reasons, I'd actually suggest to use STUN only for connectivity tests. It is also easier to bolt to current implementations this way for initial experimentation. -- Miika Komu http://www.iki.fi/miika/ _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 17 11:48:37 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4J8t-0002Mk-1l; Mon, 17 Dec 2007 11:48:35 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4J8s-0002MK-0j for hipsec@ietf.org; Mon, 17 Dec 2007 11:48:34 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-05.primus.ca) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J4J8r-00054d-Lz for hipsec@ietf.org; Mon, 17 Dec 2007 11:48:33 -0500 Received: from [24.139.16.154] (helo=[10.0.1.3]) by mail-05.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J4J8C-0001Vk-26; Mon, 17 Dec 2007 11:47:52 -0500 In-Reply-To: <47636423.2020105@ericsson.com> References: <47636423.2020105@ericsson.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Draft HIP WG MoMs Date: Mon, 17 Dec 2007 11:48:24 -0500 To: Gonzalo Camarillo X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.0.1.3]) [24.139.16.154] X-Spam-Score: 0.0 (/) X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org I am guessing that none of the discussion was captured, so people should go to the audio recording for details? - Philip On 15-Dec-07, at 00:20 , Gonzalo Camarillo wrote: > Folks, > > here you have the draft minutes of our last face-to-face HIP WG > meeting: > > http://www3.ietf.org/proceedings/07dec/minutes/hip.txt > > Comments are welcome. > > Cheers, > > Gonzalo > HIP WG co-chair > > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 17 12:40:28 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4Jx3-0002f9-8o; Mon, 17 Dec 2007 12:40:25 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4Jx1-0002f3-TP for hipsec@ietf.org; Mon, 17 Dec 2007 12:40:23 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J4Jx1-000777-FW for hipsec@ietf.org; Mon, 17 Dec 2007 12:40:23 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id E1DBA22055; Mon, 17 Dec 2007 18:40:22 +0100 (CET) X-AuditID: c1b4fb3e-b16a4bb00000459d-82-4766b48671a9 Received: from esealmw127.eemea.ericsson.se (unknown [153.88.254.122]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id D0B972204A; Mon, 17 Dec 2007 18:40:22 +0100 (CET) Received: from esealmw129.eemea.ericsson.se ([153.88.254.177]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Dec 2007 18:40:22 +0100 Received: from [131.160.126.81] ([131.160.126.81]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Dec 2007 18:40:22 +0100 Message-ID: <4766B484.8070100@ericsson.com> Date: Mon, 17 Dec 2007 19:40:20 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Philip Matthews Subject: Re: [Hipsec] Draft HIP WG MoMs References: <47636423.2020105@ericsson.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Dec 2007 17:40:22.0243 (UTC) FILETIME=[E6145B30:01C840D3] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi, as I indicated in my other email, the raw notes are available at: http://hip.piuha.net/meetings/ietf70/ Cheers, Gonzalo Philip Matthews wrote: > I am guessing that none of the discussion was captured, so people should > go to the audio recording for details? > > - Philip > > On 15-Dec-07, at 00:20 , Gonzalo Camarillo wrote: > >> Folks, >> >> here you have the draft minutes of our last face-to-face HIP WG meeting: >> >> http://www3.ietf.org/proceedings/07dec/minutes/hip.txt >> >> Comments are welcome. >> >> Cheers, >> >> Gonzalo >> HIP WG co-chair >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/hipsec >> > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Mon Dec 17 16:18:27 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4NM3-0002s2-4B; Mon, 17 Dec 2007 16:18:27 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4NM1-0002rv-Pm for hipsec@ietf.org; Mon, 17 Dec 2007 16:18:25 -0500 Received: from mail6.primus.ca ([216.254.141.173] helo=mail-07.primus.ca) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J4NM0-00024h-2Y for hipsec@ietf.org; Mon, 17 Dec 2007 16:18:25 -0500 Received: from [24.139.16.154] (helo=[10.0.1.3]) by mail-07.primus.ca with esmtpa (Exim 4.63) (envelope-from ) id 1J4NLw-0001C2-2s; Mon, 17 Dec 2007 16:18:21 -0500 In-Reply-To: <4766B484.8070100@ericsson.com> References: <47636423.2020105@ericsson.com> <4766B484.8070100@ericsson.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <3134E01D-5A8E-44E5-8F33-889982AAE5B9@magma.ca> Content-Transfer-Encoding: 7bit From: Philip Matthews Subject: Re: [Hipsec] Draft HIP WG MoMs Date: Mon, 17 Dec 2007 16:18:19 -0500 To: Gonzalo Camarillo X-Mailer: Apple Mail (2.752.2) X-Authenticated: philip_matthews@magma.ca - ([10.0.1.3]) [24.139.16.154] X-Spam-Score: 0.0 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Sorry. I didn't see that until later. - Philip On 17-Dec-07, at 12:40 , Gonzalo Camarillo wrote: > Hi, > > as I indicated in my other email, the raw notes are available at: > > http://hip.piuha.net/meetings/ietf70/ > > Cheers, > > Gonzalo > > > Philip Matthews wrote: >> I am guessing that none of the discussion was captured, so people >> should go to the audio recording for details? >> - Philip >> On 15-Dec-07, at 00:20 , Gonzalo Camarillo wrote: >>> Folks, >>> >>> here you have the draft minutes of our last face-to-face HIP WG >>> meeting: >>> >>> http://www3.ietf.org/proceedings/07dec/minutes/hip.txt >>> >>> Comments are welcome. >>> >>> Cheers, >>> >>> Gonzalo >>> HIP WG co-chair >>> >>> >>> _______________________________________________ >>> Hipsec mailing list >>> Hipsec@lists.ietf.org >>> https://www1.ietf.org/mailman/listinfo/hipsec >>> > > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Tue Dec 18 13:48:31 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4hUU-0004d1-3h; Tue, 18 Dec 2007 13:48:30 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4hUS-0004Sh-B5 for hipsec@ietf.org; Tue, 18 Dec 2007 13:48:28 -0500 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J4hUQ-0007yb-Ce for hipsec@ietf.org; Tue, 18 Dec 2007 13:48:28 -0500 Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [192.42.227.216]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lBIImImI028194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 18 Dec 2007 10:48:22 -0800 (PST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lBIImIaJ000365; Tue, 18 Dec 2007 10:48:18 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lBIImHsu000276; Tue, 18 Dec 2007 10:48:18 -0800 (PST) Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 18 Dec 2007 10:48:17 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: [Hipsec] WGLC: draft-ietf-hip-native-api-03.txt Date: Tue, 18 Dec 2007 10:48:16 -0800 Message-ID: <77F357662F8BFA4CA7074B0410171B6D04049A98@XCH-NW-5V1.nw.nos.boeing.com> In-Reply-To: <474DDBFA.1050509@ericsson.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Hipsec] WGLC: draft-ietf-hip-native-api-03.txt Thread-Index: AcgyBMBynFHb8GQAS3SSVfu/sdHw3QPlHyig References: <474DDBFA.1050509@ericsson.com> From: "Henderson, Thomas R" To: "Miika Komu" X-OriginalArrivalTime: 18 Dec 2007 18:48:17.0567 (UTC) FILETIME=[8D9332F0:01C841A6] X-Spam-Score: -4.0 (----) X-Scan-Signature: 03169bfe4792634a390035a01a6c6d2f Cc: HIP X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org =20 > -----Original Message----- > From: Gonzalo Camarillo [mailto:Gonzalo.Camarillo@ericsson.com]=20 > Sent: Wednesday, November 28, 2007 1:22 PM > To: HIP > Subject: [Hipsec] WGLC: draft-ietf-hip-native-api-03.txt >=20 > Folks, >=20 > I would like to WGLC the following draft: > http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-03.txt >=20 > This WGLC will end on December 19th. >=20 > Send your comments to the author and this list. >=20 > Thanks, >=20 > Gonzalo > HIP co-chair >=20 Miika, Here are some more comments. In summary, I'd like to see more work on this draft on some points below. Overall =3D=3D=3D=3D=3D=3D=3D=3D I still don't think the document gives enough guidance to the implementor about where various aspects of HIP-related API are defined (there are two other API documents in shim6 and BTNS WGs). Specifically, the shim6 API draft specifies new socket options applicable to shim6 and HIP, but some of them are not applicable when using PF_HIP. I would like to see more clearly stated which shim6 options from Table 1 of the shim6 document are applicable/invalid when using PF_HIP. So I would like to see more explicit guidance of the form; e.g.: - this document specifies extensions to RFC3493 and 3542 to define a new socket address family and describe how the socket calls in those RFCs are adapted or extended as a result - socket options for use with PF_HIP/PF_INET6 sockets are defined in the [shim6-api], and section X.X of this document clarifies which options are applicable to PF_HIP sockets. - this document relates to the RFC5014 as follows... - APIs to manipulate IPsec bindings are defined in [btns-api]... Andrew also pointed out the need to align with or extend RFC5014 (source address selection). The introduction should clearly state a design assumption: "This API allows a HIP-aware application to use the sockets API independent of any handling of IP addresses, but also allows an application to use HIP names in conjunction with IP addresses if so desired. As a result, this API implies that the system may need to resolve HIP names to IP addresses, and describes how a system resolver might be able to cache such bindings during the name resolution process." In section 4.1: "The HIT value is an IPv6 address and it is stored in network byte order." I disagree, and I think other reviewers will too. HITs are not IPv6 addresses. In section 4.3 (page 8) the document starts talking about ORCHIDs, in a manner that suggests at first glance that they are distinct from HITs. I think I understand what you are trying to do here, but I am not sure it is the right way. If I understand correctly, you are allowing to bind sockets to wildcarded HIT macros, but then allowing the system to accept the communications even if it is not a HIT but is instead an IPv6 address, unless it sets a flag to "ONLY_ORCHID" in the ship_flags (although it is unclear which socket call requires this flag to be set). My opinion is that more work needs to be done on this part of the API. I think you want to allow an application to set some wildcards in the socket calls and possibly permit the socket to open if the peer does not support HIP but is reachable via IPv6. I think there will need to be some care taken to not violate semantics since we are mixing address families at this point. Regarding the last paragraph of section 4.1, some systems support accept_filters that allow the system to do the access controls-- do we want to specify the same here? In section 4.2 (resolver extensions), the description implies that a resolver will have to do two queries (nodename to HITs and nodename to IP addresses), and concatenate the results in the rres field, before returning from getaddrinfo(). Shouldn't the application instead issue two getaddrinfo's for each of the different queries? Section 4.3 first paragraph could perhaps be developed further. Maybe it warrants another major section in the document. Also, I did not quite understand the placement of the second paragraph in this section. It seems like this guidance (what error to return if the HIT cannot be resolved) is more appropriate somewhere in Section 4.1. Editorial =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The last sentence of the abstract has some missing words. Generally, Terminology section follows the Introduction. =20 It seemed to me that the third paragraph of the Introduction might be the one that you want to lead with. I do not think that "HIP Layer" row needs to be in Table 2. To me, this is akin to saying that there is an "ARP Layer" between Network and Link layer, and that is not how ARP is commonly depicted in the stack. I was surprised that there was no reference to the HIP DNS draft since this is heavily based on HIP DNS resolution. In the paragraph after figure 2: s/published or not, but that/published or not, but note that/ I thought that we agreed to delete the "IPV6_ADDR" portion from the macro HIP_IS_IPV6_ADDR_ANON_HIT? For document title, I would suggest changing from: Native Application Programming Interfaces (APIs) for Host Identity Protocol (HIP) to=20 Basic Socket Interface Extensions for Host Identity Protocol (HIP) which would align the title with RFC 3493. Lingering comment from my previous post =3D=3D=3D=3D=3D=3D=3D=3D=3D > >> Both of these two approaches may be more prone to errors > >> than the use > >> resolver with host names. Hence, HIP-aware applications should > >> prefer to use the resolver with host names. > > > > Can you specify which errors the resolver-less approach is=20 > more prone > > to? >=20 > The main concern is wow to map a HIT to an IP address in the=20 > current state=20 > of HIP deployment in DNS. Do you suggest to move the last two=20 > sentences? I just want to understand what the assumed error risk is. You seem to be saying that indirecting through the DNS is less error prone than directly providing the HIT to IP address binding at the API. Is that because you are assuming that handling HITs is an error prone operation (as compared with DNS names) for either applications or users? =20 I think it should either be more specified to state what the presumed error is, or else remove the last two sentences. _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 21 06:31:57 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5g6e-0005P5-SN; Fri, 21 Dec 2007 06:31:56 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5g6d-0005Oh-6v for hipsec@ietf.org; Fri, 21 Dec 2007 06:31:55 -0500 Received: from mailgw4.ericsson.se ([193.180.251.62]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J5g6c-00078O-RH for hipsec@ietf.org; Fri, 21 Dec 2007 06:31:55 -0500 Received: from mailgw4.ericsson.se (unknown [127.0.0.1]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id 0F54E2158D; Fri, 21 Dec 2007 12:31:54 +0100 (CET) X-AuditID: c1b4fb3e-ae69ebb00000459d-16-476ba429f78d Received: from esealmw127.eemea.ericsson.se (unknown [153.88.254.122]) by mailgw4.ericsson.se (Symantec Mail Security) with ESMTP id BD66D2147C; Fri, 21 Dec 2007 12:31:53 +0100 (CET) Received: from esealmw127.eemea.ericsson.se ([153.88.254.175]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Dec 2007 12:31:52 +0100 Received: from [159.107.2.106] ([159.107.2.106]) by esealmw127.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Dec 2007 12:31:51 +0100 Message-ID: <476BA424.1060601@ericsson.com> Date: Fri, 21 Dec 2007 13:31:48 +0200 From: Gonzalo Camarillo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: HIP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 21 Dec 2007 11:31:52.0345 (UTC) FILETIME=[1534A890:01C843C5] X-Brightmail-Tracker: AAAAAA== X-Spam-Score: 0.0 (/) X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f Cc: Subject: [Hipsec] New draft HIP BONE X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org Hi, we have put together an Internet Draft describing how to build overlays using HIP (note that some of the mechanisms used in this framework are work in progress; that is, they will be defined by specifications that are not finished yet). http://www.ietf.org/internet-drafts/draft-camarillo-hip-bone-00.txt This framework is aligned with the most relevant peer protocol proposals in the P2PSIP WG so that HIP can be used to perform connection management and the peer protocol can be used to perform overlay maintenance, and data storage and retrieval. I will be announcing this draft also in the P2PSIP list for their reference. Cheers, Gonzalo _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec From hipsec-bounces@lists.ietf.org Fri Dec 21 17:22:25 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qG8-0000PF-50; Fri, 21 Dec 2007 17:22:24 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qG6-0000N5-Pm; Fri, 21 Dec 2007 17:22:22 -0500 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J5qG5-0003S0-K4; Fri, 21 Dec 2007 17:22:22 -0500 Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lBLMMKnR018378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Dec 2007 14:22:20 -0800 (PST) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lBLMMKER023919; Fri, 21 Dec 2007 14:22:20 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lBLMMG8J023792; Fri, 21 Dec 2007 14:22:19 -0800 (PST) Received: from XCH-NW-2V2.nw.nos.boeing.com ([130.247.55.18]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Dec 2007 14:22:19 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C8441F.F313CEC2" Date: Fri, 21 Dec 2007 14:22:16 -0800 Message-ID: <0C549DAFE1A8004D8EB57ACDD108646D070BA682@XCH-NW-2V2.nw.nos.boeing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Boeing HIP Implementation of SIP (which is point-to-point secure SIP) Thread-Index: AchEH96vkLdr2CwpRny3bB+oZLdYwQ== From: "Paine, Richard H" To: , X-OriginalArrivalTime: 21 Dec 2007 22:22:19.0528 (UTC) FILETIME=[F3383080:01C8441F] X-Spam-Score: -4.0 (----) X-Scan-Signature: ee55aaecc4f51e26a5b012c189b5823d Cc: Subject: [Hipsec] Boeing HIP Implementation of SIP (which is point-to-point secure SIP) X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: hipsec-bounces@lists.ietf.org This is a multi-part message in MIME format. ------_=_NextPart_001_01C8441F.F313CEC2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable At the Vancouver meeting, there was a joint meeting of the HIP and P2PSIP groups on Friday morning. At this meeting, Boeing committed to sent the P2PSIP group a releasable white paper on the Boeing HIP implementation that is, in effect, point-to-point secure SIP. =20 <>=20 The next step beyond this is to hold a teleconference in the first or second week of the new year to discuss this paper. Please note that although the identity in this example is an IPv6 address, any cryptographic identity can be used as a name in the HIP namespace. The Boeing intent is to use PKI crytographic identities in the HIP namespace. Richard H. Paine Success is getting what you want, happiness is liking what you get! Cell: 206-854-8199 IPPhone: 425-373-8296 Email: richard.h.paine@boeing.com=20 ------_=_NextPart_001_01C8441F.F313CEC2 Content-Type: application/msword; name="NGI_SMA_Boeing_VoWLAN_Demo_White_Paper_12-8-07.doc" Content-Transfer-Encoding: base64 Content-Description: NGI_SMA_Boeing_VoWLAN_Demo_White_Paper_12-8-07.doc Content-Disposition: attachment; filename="NGI_SMA_Boeing_VoWLAN_Demo_White_Paper_12-8-07.doc" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAACAAAA2wAAAAAAAAAA EAAA2QAAAAEAAAD+////AAAAANUAAADcAAAA//////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////s pcEAI2AJBAAA+BK/AAAAAAAAEAAAAAAABgAAxhwAAA4AYmpiaqEVoRUAAAAAAAAAAAAAAAAAAAAA AAAJBBYAtV4BAMN/AADDfwAAxhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w8AAAAA AAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAAAAAAAAAAAAKQAAAAAABIEAAAAAAAAEgQAABIE AAAAAAAAEgQAAAAAAAASBAAAAAAAABIEAAAAAAAAEgQAABQAAAAAAAAAAAAAACYEAAAAAAAAjgoA AAAAAACOCgAAAAAAAI4KAAAAAAAAjgoAABQAAACiCgAAFAAAACYEAAAAAAAAsRQAABQBAADCCgAA TAAAAA4LAAAAAAAADgsAAAAAAAAOCwAAAAAAAA4LAAAAAAAAiQ0AAAAAAACJDQAAAAAAAIkNAAAA AAAAMBQAAAIAAAAyFAAAAAAAADIUAAAAAAAAMhQAAAAAAAAyFAAAAAAAADIUAAAAAAAAMhQAACQA AADFFQAAaAIAAC0YAADGAAAAVhQAABUAAAAAAAAAAAAAAAAAAAAAAAAAEgQAAAAAAACpDwAAAAAA AAAAAAAAAAAAAAAAAAAAAABJDQAAQAAAAIkNAAAAAAAAqQ8AAAAAAACpDwAAAAAAAFYUAAAAAAAA AAAAAAAAAAASBAAAAAAAABIEAAAAAAAADgsAAAAAAAAAAAAAAAAAAA4LAAA7AgAAaxQAABYAAAD9 EAAAAAAAAP0QAAAAAAAA/RAAAAAAAACpDwAA7gAAABIEAAAAAAAADgsAAAAAAAASBAAAAAAAAA4L AAAAAAAAMBQAAAAAAAAAAAAAAAAAAP0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAqQ8AAAAAAAAwFAAAAAAAAAAAAAAAAAAA/RAAAAAAAAD9EAAA HgAAAHgTAAAYAAAAEgQAAAAAAAASBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxBMAAAAAAAAOCwAAAAAAALYKAAAMAAAAgAxXXR9E yAEAAAAAAAAAAI4KAAAAAAAAlxAAACIAAACQEwAACAAAAAAAAAAAAAAAMBQAAAAAAACBFAAAMAAA ALEUAAAAAAAAmBMAACwAAADzGAAAAAAAALkQAAAuAAAA8xgAABAAAADEEwAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAPMYAAAAAAAAAAAAAAAAAAASBAAAAAAAAMQTAABsAAAAiQ0AAGgAAADxDQAASgAAAP0Q AAAAAAAAOw4AADwAAAB3DgAAMgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiQ0A AAAAAACJDQAAAAAAAIkNAAAAAAAAVhQAAAAAAABWFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA5xAAABYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkNAAAA AAAAiQ0AAAAAAACJDQAAAAAAALEUAAAAAAAAqQ8AAAAAAACpDwAAAAAAAKkPAAAAAAAAqQ8AAAAA AAAAAAAAAAAAACYEAAAAAAAAJgQAAAAAAAAmBAAApAQAAMoIAADEAQAAJgQAAAAAAAAmBAAAAAAA ACYEAAAAAAAAyggAAAAAAAAmBAAAAAAAACYEAAAAAAAAJgQAAAAAAAASBAAAAAAAABIEAAAAAAAA EgQAAAAAAAASBAAAAAAAABIEAAAAAAAAEgQAAAAAAAD/////AAAAAAIADAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEJvZWlu ZyBWb1dMQU4gSW1wbGVtZW50YXRpb24gYW5kIERlbW9uc3RyYXRpb24NT3JsaWUgVC4gQnJld2Vy IChvcmxpZS50LmJyZXdlckBib2VpbmcuY29tKQ1EYXZpZCBNYXR0ZXMgKGRhdmlkLm1hdHRlc0Bi b2VpbmcuY29tKQ1SaWNoYXJkIEguIFBhaW5lIChyaWNoYXJkLmgucGFpbmVAYm9laW5nLmNvbSkN U3RldmVuIEMuIFZlbmVtYSAoEyBIWVBFUkxJTksgIm1haWx0bzpzdGV2ZW4uYy52ZW5lbWFAYm9l aW5nLmNvbSIgARRzdGV2ZW4uYy52ZW5lbWFAYm9laW5nLmNvbRUpDQ0xMi84LzA3DQ1UaGlzIGlz IGEgdGVjaG5pY2FsIGRlc2NyaXB0aW9uIG9mIHRoZSBCb2Vpbmcgc2VjdXJlIFZvaWNlIG92ZXIg V2lyZWxlc3MgTG9jYWwgQXJlYSBOZXR3b3JrIChWb1dMQU4pIGRlbW9uc3RyYXRpb24gaW5jb3Jw b3JhdGluZyB0aGUgSUVURpJzIEhvc3QgSWRlbnRpdHkgUHJvdG9jb2wgKEhJUCkuICBUaGUgcmVx dWlyZW1lbnQgaXMgdG8gc2VjdXJlIHRoZSBmYWN0b3J5IHByb2R1Y3Rpb24tY3JpdGljYWwgY29t bXVuaWNhdGlvbnMgc3lzdGVtcywgaW5jbHVkaW5nIHZvaWNlLiAgVGhlIGRldmVsb3BtZW50IG9m IGEgVm9XTEFOIGNhcGFiaWxpdHkgd2FzIGEgMjAwNyBwcm9qZWN0IGFuZCBjdWxtaW5hdGVkIGlu IGRlbW9uc3RyYXRpb24gb2YgdGhlIGNhcGFiaWxpdHkgaW4gRGVjZW1iZXIgMjAwNy4NDVRoZSBP cGVuIEdyb3VwknMgU2VjdXJlIE1vYmlsZSBBcmNoaXRlY3R1cmUgKFNNQSkgd2FzIHB1Ymxpc2hl ZCBpbiBGZWIgMjAwNCAoEyBIWVBFUkxJTksgImh0dHA6Ly93d3cub3Blbmdyb3VwLm9yZy9ib29r c3RvcmUvY2F0YWxvZy9lMDQxLmh0bSIgARRodHRwOi8vd3d3Lm9wZW5ncm91cC5vcmcvYm9va3N0 b3JlL2NhdGFsb2cvZTA0MS5odG0VKS4gIEEgQm9laW5nIGltcGxlbWVudGF0aW9uIG9mIFNNQSB3 YXMgZGVzaWduZWQgYW5kIGVuZ2luZWVyZWQgdG8gbWVldCB0aGUgbmVlZHMgb2YgdGhlIENvbW1l cmNpYWwgQWlycGxhbmUgZGl2aXNpb24gb2YgVGhlIEJvZWluZyBDb21wYW55LiAgVGhlIEJvZWlu ZyBpbXBsZW1lbnRhdGlvbiBpbmNsdWRlcyBzb21lIGluZnJhc3RydWN0dXJlIHBhcnRzIHRvIHN1 cHBvcnQgdGhlIHNlY3VyZSBhbmQgc2VhbWxlc3MgbW9iaWxpdHkgZmVhdHVyZXMgZGVzaXJlZCBi eSB0aGUgZW50ZXJwcmlzZS4gIFRoZSBpbXBsZW1lbnRhdGlvbiBpcyBwcmVzZW50bHkgaW4gcHJv ZHVjdGlvbiBvbiB0aGUgNzc3IGNyYXdsZXJzIHRoYXQgYXJlIHJvYm90cyB0aGF0IGNhcnJ5IGxh cmdlIHBvcnRpb25zIG9mIHRoZSA3NzcgYWlyY3JhZnQgd2hpbGUgaW4gcHJvZHVjdGlvbi4NDU9u ZSBvZiB0aGUgZnVuZGFtZW50YWwgY29uY2VwdHMgYmVoaW5kIHNlY3VyZSB2b2ljZSBpcyB0aGUg dXNlIG9mIHRoZSBIb3N0IElkZW50aXR5IFByb3RvY29sIChISVApLiAgSElQIHVzZXMgU2VjdXJp dHkgQXNzb2NpYXRpb25zIChTQSkgaW4gYSBuYW1lc3BhY2UgdG8gZXN0YWJsaXNoIHRoZSBlcXVp dmFsZW50IG9mIGEgVmlydHVhbCBQcml2YXRlIE5ldHdvcmsgKFZQTikgdGhhdCBwcm92aWRlcyBh IHByaXZhdGUgdHVubmVsIGJldHdlZW4gYW4gaW5pdGlhdG9yIGFuZCBhIHJlc3BvbmRlci4gIFRo ZSBmb2xsb3dpbmcgZ3JhcGhpY2FsIGRlc2NyaXB0aW9uIHNob3dzIHRoZSB1c2Ugb2YgYSBuYW1l c3BhY2UgdG8gY3JlYXRlIGFuIG92ZXJsYXkgbmV0d29yayB0aGF0IGFsbG93cyBzZWN1cmUgYW5k IG1vYmlsZSBjb21tdW5pY2F0aW9ucyBhY3Jvc3MgdGhlIG92ZXJsYXkgcGxhbmUuIA0NEyBTSEFQ RSAgXCogTUVSR0VGT1JNQVQgFAgBFQ0NVGhlIHR1bm5lbCBsb29rcyBqdXN0IGxpa2UgSVBTRUMs IGJ1dCBpbmNsdWRlcyBhIGNyeXB0b2dyYXBoaWMgaWRlbnRpdHkgaW4gdGhlIGhlYWRlciBvZiB0 aGUgcGFja2V0cyBiZWluZyBleGNoYW5nZWQgYmV0d2VlbiB0aGUgaW5pdGlhdG9yIGFuZCB0aGUg cmVzcG9uZGVyLiAgDQ1UaGUgU01BIGluZnJhc3RydWN0dXJlIGlzIGFuIGludGVncmFsIHBhcnQg b2YgdGhlIEJvZWluZyBJbnRyYW5ldCBhbmQgdGhlcmVmb3JlIHVzZXMgdGhlIFBLSSBhbmQgSW5m b3JtYXRpb24gVGVjaG5vbG9neSBzZXJ2aWNlcyBvZiB0aGUgSW50cmFuZXQuICBUaGVyZSBhcmUg dHdvIFNNQSBpbmZyYXN0cnVjdHVyZSBkZXBsb3ltZW50cywgb25lIGluIEJlbGxldnVlLCBXYXNo aW5ndG9uIGFuZCBvbmUgaW4gRXZlcmV0dCwgV2FzaGluZ3Rvbi4gIFRoZSBpbmZyYXN0cnVjdHVy ZSBkZXBsb3ltZW50cyBhbGwgb3BlcmF0ZSBpbiB0aGUgRE5TIG5hbWVzcGFjZSCTbW9iaWxlLnRs LmJvZWluZy5jb22ULiAgVGhpcyBuYW1lc3BhY2UgY29tcHJpc2VzIHRoZSBvdmVybGF5IG5ldHdv cmsgdGhhdCBpcyBzZWN1cmUgYW5kIG1vYmlsZS4NDVRoZSBmb2xsb3dpbmcgaXMgYSBkZXNjcmlw dGl2ZSBzbGlkZSBvbiB0aGUgQm9laW5nIFNNQSBpbmZyYXN0cnVjdHVyZSBuZWVkZWQgdG8gc3Vw cG9ydCB0aGUgVm9XTEFOIGNhcGFiaWxpdHk6DQ0TIFNIQVBFICBcKiBNRVJHRUZPUk1BVCAUCAEV DQ1UaGUgcmVkIGVuY2lyY2xlZCBkZXZpY2VzIGFyZSBOb2tpYSA3NzBzIGhhbmRoZWxkIGNvbXB1 dGVycyB0aGF0IGhhdmUgYSBVU0IgaGVhZHNldCBjYXBhYmlsaXR5IGFuZCBhcmUgdXNlZCB0byBk ZW1vbnN0cmF0ZSB0aGUgc2VjdXJlIGFuZCBtb2JpbGUgVm9XTEFOIGNhcGFiaWxpdHkuICBUaGUg Tm9raWEgNzcwcyBydW4gTGludXggYW5kIGEgU0lQIGltcGxlbWVudGF0aW9uIGNhbGxlZCBMaW5w aG9uZS4gIFRoZSBTSVAgc29mdHdhcmUgZG9lcyB0aGUgY2FsbCBzZXR1cCB3aGlsZSBISVAgcHJv dmlkZXMgdGhlIFNlY3VyaXR5IEFzc29jaWF0aW9uIGJhc2VkIG9uIHRoZSBpZGVudGl0eSBvZiB0 aGUgdXNlciBhbmQvb3IgZGV2aWNlLiAgVGhlIGZvbGxvd2luZyBpcyB0aGUgY2FsbCBzZXR1cDoN DVRoZSBOb2tpYSA3NzAgYW5kIGEgbGFwdG9wIGFyZSBpbiB0aGUgbW9iaWxlLnRsLmJvZWluZy5j b20gbmFtZXNwYWNlDVRoZSBOb2tpYSA3NzAgYW5kIHRoZSBsYXB0b3AgYXJlIGNvbm5lY3RlZCB0 byB0aGUgQm9laW5nIEludHJhbmV0IFdpcmVsZXNzIFByb3RlY3RlZCBBY2Nlc3MgKFdQQSkgV0xB TnMuDUhJUCBhbmQgTGlucGhvbmUgYXJlIG9uIHRoZSA3NzAgYW5kIHRoZSBsYXB0b3AuDUNhbGwg aW5pdGlhdGlvbiBhbmQgY2FsbCBzaWduYWxpbmcgaXMgdmlhIFNJUCB1c2luZyBMaW5waG9uZQ1F dGhlcmVhbCBpcyB1c2VkIHRvIHNob3cgdGhlIFJUUCBwYWNrZXRzIGVuY2Fwc3VsYXRlZCBhcyBF U1AgcGFja2V0cy4NDVRoZSBjYWxsIGluaXRpYXRpb24gaGFzIGFsc28gYmVlbiBzaG93biB0byB3 b3JrIHdpdGggYSBDaXNjbyBWT0lQIENhbGwgTWFuYWdlciB1c2luZyBTSVAgdG8gZG8gdGhlIGNh bGwgc2lnbmFsaW5nIHdpdGggdGhlIFJUUCBwYWNrZXRzIGVuY2Fwc3VsYXRlZCBhcyBFU1AgcGFj a2V0cyBleGNoYW5naW5nIHRoZSBzZWN1cmUgdm9pY2UgY29tbXVuaWNhdGlvbi4gIA0NV2hhdCBt aWdodCBiZSBsZXNzIHRoYW4gb2J2aW91cyBpbiB0aGUgQm9laW5nIGltcGxlbWVudGF0aW9uIGlz IHdoYXQgcGFydCB0aGUgU01BIGluZnJhc3RydWN0dXJlIHBhcnRzIHBsYXkgaW4gdGhpcyBWb1dM QU4gZGVtb25zdHJhdGlvbi4gIFRoZSBkaXJlY3RvcnkgcGxheXMgYW4gaW50ZWdyYWwgcm9sZSBp biBzdG9yaW5nIHRoZSBpbmZvcm1hdGlvbiBhYm91dCB0aGUgaWRlbnRpdHkgKEhJVCksIHRoZSBJ UCBhZGRyZXNzLCBhbmQgdGhlIGxvY2F0aW9uIG9mIHRoZSBwZXJzb24gb3IgZGV2aWNlLiAgVGhl IG1vYmlsaXR5IGV2ZW50cyBhcmUgaGFuZGxlZCBieSBISVAgdXBkYXRlIHBhY2tldHMgYW5kIHRo ZXJlZm9yZSBjYW4gb2J0YWluIHRoZSBsYXRlc3QgSVAgYWRkcmVzcyBvZiB0aGUgZGV2aWNlIGFu ZCB0aGVyZWZvcmUgbW9iaWxpdHkgaXMgYmFzZWQgb24gdGhlIGxhdGVzdCBJUCBhZGRyZXNzIHJh dGhlciB0aGFuIGEgZml4ZWQgb3IgY2FyZS1vZiBhZGRyZXNzLiAgVGhlIEROUyBQcm94eSBlbmFi bGVzIGFueSByZXF1ZXN0IGZvciBhbiBJUCBhZGRyZXNzIHRvIGJlIGRpcmVjdGVkIHRvIHRoZSBk aXJlY3RvcnkgcmF0aGVyIHRoYW4gdGhlIGVudGVycHJpc2Ugb3IgdGhlIEludGVybmV0IEROUy4g IFRoZSBSZWdpc3RyYXRpb24gQXV0aG9yaXR5IGVuYWJsZXMgYW4gYXV0aGVudGljYXRlZCBkZXZp Y2UgdG8gcmVxdWVzdCBhIHRlbXBvcmFyeSBjZXJ0aWZpY2F0ZSAoQm9laW5nIGNhbGxzIFRlbXBD ZXJ0cykgdG8gZ2l2ZSB0aGUgZGV2aWNlIGEgY2VydGlmaWNhdGUgaXQgY2FuIHN0b3JlIG9uIGl0 cyBmbGFzaCBtZW1vcnkgb3IgaGFyZCBkaXNrIGZvciByYXBpZCBhY2Nlc3MgaW4gdGhlIHNpZ25p bmcgb3IgdmVyaWZpY2F0aW9uIG9mIGNlcnRpZmljYXRlcy4gIFRoZSBtZXNzYWdlIGJyb2tlciBo YW5kbGVzIHJlYWwtdGltZSBsb2NhdGlvbiBldmVudHMgdGhyb3VnaCBhIEJvZWluZyBlbnRlcnBy aXNlIG1lc3NhZ2UgYnJva2VyIHNlcnZpY2UgKHVzaW5nIElCTZJzIE1RIFNlcmllcykuICANDUlu IHRoZSBiaWcgcGljdHVyZSwgdGhpcyBCb2VpbmcgaW1wbGVtZW50YXRpb24gZW5hYmxlcyBwYXJ0 aWNpcGFudHMgaW4gYW4gb3ZlcmxheSBuYW1lc3BhY2UgdG8gY29tbXVuaWNhdGUgc2VjdXJlbHkg YWNyb3NzIHRoZSBiaWcgSW50ZXJuZXQgdmlhIGRhdGEgb3Igdm9pY2UgYW55d2hlcmUgaW4gdGhl IHdvcmxkLiAgVGhpcyBWb1dMQU4gZGVtb25zdHJhdGlvbiBzaG93cyB3aGF0IGlzIGJlaW5nIGRv bmUgaW5zaWRlIGFuIGVudGVycHJpc2UgdG8gc2VjdXJlIHRoZSBpbmZyYXN0cnVjdHVyZS4gIEZv ciBvdXRzaWRlIHRoZSBlbnRlcnByaXNlLCBob3dldmVyLCBhIEhJUCBNaWRkbGVib3ggb24gdGhl IHBlcmltZXRlciBjYW4gc2VjdXJlIGVudGVycHJpc2UgY29tbXVuaWNhdGlvbnMgd29ybGR3aWRl IGZyb20gYW55IElQIGFkZHJlc3MsIGFueXdoZXJlIGluIHRoZSB3b3JsZC4gIEFzIGxvbmcgYXMg b25lIGhhcyBhIGdsb2JhbCBJUCBhZGRyZXNzLCB0aGUgQm9laW5nIFJBIGFuZCBUZW1wQ2VydCBw cm9jZXNzIGVuYWJsZXMgQm9laW5nIHBhcnRpY2lwYW50cyBpbiBhIEJvZWluZyBuYW1lc3BhY2Ug dG8gY29tbXVuaWNhdGUgc2VjdXJlbHkgd2l0aGluIHRoZWlyIG5hbWVzcGFjZSBvdmVybGF5LiAg VGhlIGVudGVycHJpc2UgdGhlbiBrbm93cyBleGFjdGx5IHdobyBpcyBjb21tdW5pY2F0aW5nIHdp dGggdGhlIGVudGVycHJpc2UgKGF1dGhlbnRpY2F0ZWQgYnkgdGhlIGVudGVycHJpc2UgUEtJKSBh bmQgZnJvbSB0aGUgbG9jYXRpb24gaW4gdGhlIGRpcmVjdG9yeSwga25vd3MgZXhhY3RseSB3aGVy ZSB0aGV5IGFyZS4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAALggAAC8IAACSCAAA lQgAALAIAADCCAAAwwgAAPIIAADzCAAA9AgAAA4JAAAPCQAAEgkAAFAJAAB4CQAAfgkAAH8JAACN CQAAwwkAAC0KAACqCgAA+AoAAPkKAAD6CgAABgsAADkLAAA7CwAAPAsAAD0LAABwCwAAcQsAAKsM AAAgDQAAIQ0AACINAACIDQAAPw4AAOQOAADlDgAA5g4AAOcOAAD+DgAA/w4AAPPn49/j1MzUwcy0 zNSwrLCssKywrLCooKiZqI6ghaCorLCorIF9gX11gXUAAAAAAAAAAAAAAAAAAAAPA2oAAAAAFmjR Qr8AVQgBBhZoNkLWAAAGFmjRQr8AABAVaFIZEAAWaBc0lQAwShAAABUCCIEDagcBAAAGCAEWaBc0 lQBVCAEMFWgXNJUAFmgXNJUAAA8DagAAAAAWaBc0lQBVCAEGFmgXNJUAAAYWaBQVUAAABhZo/Trl AAAYFWhsBFkAFmh5N7QAMEoQAG1IBgRzSAYEABUCCIEDagAAAAAGCAEWaHk3tABVCAEPA2oAAAAA Fmh5N7QAVQgBFBVobARZABZoeTe0AG1IBgRzSAYEAAYWaPRtwAAABhZoeTe0AAAXFWh5N7QAFmgi BBsANQiBQ0ogAGFKIAAXFWh5N7QAFmj9OuUANQiBQ0ogAGFKIAAAKwAGAAAvCAAAWwgAAIIIAACw CAAAEQkAABIJAAAaCQAAGwkAAKsKAACsCgAAIQ0AACINAADlDgAA5g4AAAMPAAAEDwAApA8AAKUP AABEEQAARREAALQRAAC1EQAA0hEAANMRAABgEwAA9wAAAAAAAAAAAAAAAO8AAAAAAAAAAAAAAADv AAAAAAAAAAAAAAAA9wAAAAAAAAAAAAAAAPcAAAAAAAAAAAAAAAD3AAAAAAAAAAAAAAAA9wAAAAAA AAAAAAAAAPcAAAAAAAAAAAAAAADqAAAAAAAAAAAAAAAA6gAAAAAAAAAAAAAAAOoAAAAAAAAAAAAA AADqAAAAAAAAAAAAAAAA6gAAAAAAAAAAAAAAAOoAAAAAAAAAAAAAAADiAAAAAAAAAAAAAAAA6gAA AAAAAAAAAAAAAN0AAAAAAAAAAAAAAADdAAAAAAAAAAAAAAAA2AAAAAAAAAAAAAAAAN0AAAAAAAAA AAAAAADdAAAAAAAAAAAAAAAA3QAAAAAAAAAAAAAAAOIAAAAAAAAAAAAAAADdAAAAAAAAAAAAAAAA 3QAAAAAAAAAAAAAAAAAAAAAEAABnZPg+AwAABAAAZ2Q2QtYAAAcAAAMkAWEkAWdkbARZAAAEAABn ZP065QAABwAAAyQBYSQBZ2R5N7QAAAcAAAMkAWEkAWdk/TrlAAAZAAYAAMYcAAD+AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBAQH/DgAAAA8AAAEPAAACDwAAAw8A AAQPAACjDwAARREAALURAAC2EQAAzREAAM4RAADPEQAA0BEAANERAADSEQAA0xEAAPwRAAAPEgAA dhIAAJwSAABfEwAAYBMAAGETAAB7EwAAphMAAK8TAADCEwAAKxQAAD0UAAB7FAAAfBQAAMMUAACS FQAAkxUAAB8WAAC0FgAAuBYAAG0YAABzGAAAeBgAAHkYAACaGAAAmBkAAJkZAAAFGgAADhoAACYa AABQGgAA0RoAANoaAADFHAAAxhwAAPLq4tvX08/Tx8PHta3H16nDz8PPpc+loaWdoZ2hnaWdoZ2h maGZlZmVmZWhlZGNlZGNkZUAAAAAAAAAAAAAAAAAAAAAAAAGFmhzcrYAAAYWaPROlAAABhZoEDBZ AAAGFmhAbFcAAAYWaFF8rgAABhZo4B/vAAAGFmg/AUwAAAYWaGwEWQAADwNq9AIAABZobARZAFUI ARoDagAAAAAWaCNpDwBVCAFtSAAEbkgABHUIAQAGFmgjaQ8AAA8DagAAAAAWaCNpDwBVCAEGFmj4 PgMAAAYWaDZC1gAABhZo/TrlAAAMFWgXNJUAFmjRQr8AAA8DagAAAAAWaNFCvwBVCAEPA2pkAgAA FmhsBFkAVQgBGgNqAAAAABZo0UK/AFUIAW1IAARuSAAEdQgBNGATAABhEwAAphMAAA8UAAA/FAAA fBQAAMIUAADDFAAAkxUAAJQVAACZGQAAmhkAAMYcAAD6AAAAAAAAAAAAAAAA8gAAAAAAAAAAAAAA APIAAAAAAAAAAAAAAADyAAAAAAAAAAAAAAAA8gAAAAAAAAAAAAAAAPIAAAAAAAAAAAAAAADtAAAA AAAAAAAAAAAA7QAAAAAAAAAAAAAAAO0AAAAAAAAAAAAAAADtAAAAAAAAAAAAAAAA7QAAAAAAAAAA AAAAAO0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE AABnZFF8rgAIAAAKJgALRgEAZ2Q/AUwAAAQAAGdkNkLWAAAMLAAxkGgBH7DQLyCw4D0hsAgHIrAI ByOQoAUkkKAFJbAAABew0AIYsNACDJDQAqBGHfDicgAAMZ6VVKmxDTbb+zb/ImOhm///2P/gABBK RklGAAEBAQBgAGAAAP/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRocHCAkLicg IiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAWgB4AMBIgACEQEDEQH/ xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMA BBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVG R0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0 tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEB AQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2Fx EyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZ WmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TF xsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APM6KKK+6Pnhw606 mjrTqTLjsLRRRSGLSikpRSGLSikpRQAtKOlJSjpSAdS0lLSABTqaKdQMWlpKWkIdSikpRSAdSikp RSAcKUUgpRQAtKKSlFIB1OptOpALS0lLQAopwpopwpCFpaSloELTqbTqQC0tJS0ALS0lLSAWlpKW gQClFIKUUALRRRQAtFFFIBaUUlKKACiiigQoooFFABQKKBQAtFFFABRRRQBw9FFFdwhw606mjrXr /h/S0OgaZN4Y0Pw94hTy431KK82m8SZt28ZfCony7V4PrhuSeevWVJJtfp+JtRhz6HkdFeteEdL8 MXl14tibSbhLFprW0gS7hQ3No8zNEcFs7Srt1ySAozkiofDPhm103wZ4gGs6Yj6pNa3zwNKsciwr bAIxU8lW8yQjjrsB9CcXjYq6tqrfir/h1NFQbtr3PLKUV6T4K0vRodCsV1q3iMniO8ks4JJIhI0c KxsoeI4Ox/OZVyfY4wM1j6DpKadpHjG81K0imn023Fl9nkVW8uWWTZ5gbkAoVPTrnqKt4mN5K21v nd2/PQSpOy/rzOPpRXs8Wk20cEJ0Tw1oniHwv5e2WeABtQUbAWLMxB8zLEhVGeAPl4rj9Mi0nRvD N/4nh02LUs6p9hsYtRXcIk2M5aRVO1yVIGOgIyD2qI4tSTsv6fft8ynRa6nE0o6V0HiDXdL1yws5 ItEt9O1SNmWdrICOCSPqvyf3uTznt3yAvXaroOmp4Yu/D0NrEuuaRp8GoTMI1ExcljOryYwyKkiE AH05bGKqVflS5lZv/hr+hKp3vZnmdLXoH9qW3h3wD4ZuYtA0W9nvftXnS3tmJGOyXC85B6HHOegr O8QaTDqVr4b1TSrCK1n1vzIms4SQnnrLtLKWOFDFhheAuOppRr3eqsrtX9L/AOTG6emjOQFOr0Xx lpmjzaHero0EQk8PXkdpO8cQjaSJo1UvKcDe/nKy5HucYOak8R+HdMvfDGlnTLZIdZtdGg1C5VAE Se3KkO3oXVhk5wSG/iIAErFRaTatf8PUbpPU83pa7/UfCn9tar4ds9PhitkbQLe7u5IockDne+xR mRzwMDJJI+ouaD4CtbDx1pcGpTfadOuY5JbUT2rxG4eMco8bcpj73zZVgAOd2Ani6ajd72vYFRk3 Y82pRW9ptlp6eO9Ms7W6TUrBr23XzXgKLKpZdwKN25I564r1FNEvn1+5t9R8FaHH4fDTg3NvbJ55 iCtsKhGLbjhfurnnjBpVsVGna66X7fg+vkEKTkeJUorprTSZr3wJA9vFavPPrS2sf7kCZmaLgeaW xsyfu4685rSl8AWaJqUcXiW1nvNMtJJ7u2jhOVdVB2qScMM5Bb+E4BGTgW8RBOzZKpyexxIpRXYf DezW91fU1/s+1vp49Nlkt4LqNXRpQybcg8dTjOR1PNa/inTVi8HyXGvaNpejaus4Wxj0/apnX5d+ 5V3DAHOc9cDjPzRLEKNT2dv6fkNUm4cx5zSiu2ufCs2q6nolrHJYWsTaLDeXFwkIhWKLnc7/ADHe /TLcZ46AE1b8M+FtAfxfpSDW7XVrOeOWRIvJZWaRP4HQnKjHzAtw20jGCMksVBRv8xKjJuxwFOre 1Lw7aWuhS6vYar9ttlvhZofs5j3/ALoOW5ORg5XGO2c1pWvgX7Vdw2/9qxReboy6r5kse1EycbGO eAO7fpVOvTSu3+YvZybschS11+m+CYNUlu7i31WWTSYZBDHdw2EkryyFQxHlL8ygZ5Y8dMZzxzur 6Vc6Jqtxp14FE8DYbY2QQQCCD6EEH155xRGtCT5U9ROEkrspinCminCtCBaWkpaBC06m06kAtLSU tAC0tJS0gFpaSloEApRSClFAC0UUUALRRRSAWlFJSigAooooEKKKBRQAUCigUALRRRQAUUUUAcPR Vn7DL/eT8zS/YZf7yfmaf9o4X+dHf/ZON/59srjrXdaZr3g2W20qbV9L1G01LTtq+ZpBSNbkKQVZ 8kMH4OSpBPXPQLxwspAfvJ+Zpfscnqv51lVxmEqb1PuZrTyzGx/5ds7G68ffbovFVxJDNa3+rSWj 2ptzxD5DZGWyDnAHIHX0q/qHxHsdR1PUZxY3Fta3GiT2MVvGysq3EzB3kI4ABbILDk7QSOcDz/7J J6r+dH2ST1X86y9rgP5l/SS/Qv6hj/8An2ztbr4lanp8Njp/hi4ey060tY4cPbRbppAMvIVw20sT 03H1zkml8SeMdI1LSNUTSrS4tL3WLqGe9Vo0EexE+4CGOT5uX3bVJ3HNcV9lk9V/Ol+yv6rQq2AT TUlf8+uvfUPqGPas6bO9svFng6DUrTxAdH1Cz1mCPJtdPZIrR5QCAeu5QeMgcdiG53Zdl4rsr6HU rDxJaXEljf3x1DdYuqPbTENuKBgdwbIXDHgcjmuW+zP6rS/Zn9VoVfBL7f4vT0D+z8d/z7Z1cure Dob3RoLDSrv7BaXH2i7ubpEkuLjnPlFQwQphQOfU4H3t+na/FjV5deaTVD9o0OWRxLp/lRH902Rt 3bQWwCOuN2MHGa4L7O/qtAt39VpOtgZK0pp+o1gMctqbR2qaz4OvfDOlaTqo11m01rgRyWscKB1k kLAkMxwcBeOxzyetLbeMdJttb0mSPT7gaTokMv2K1kKSPNMxJ8x2ONhJKscbtpX5R6cV5DeopfJb 1FL2+D1vU79e+/5h/Z+O/wCfbO0tfiPqV/De6f4luHvdPu7WSHCW0W6GQ/ckC4XcVI6bh65yBVLU fFudV8O6jpYljn0rT7e2bzeA7x53D5TkoQcdsgmuY8lvUUvlN6imq+BTupJfkJ5fjmtYM9El+I1g PFtnqltpssNj/Zi6dc26N5bRruLHymUjG35cH5en8PBFSPxvZ2ni7SNQhXVbux0/eDJf3RluJPMU qxwSUXAIwFxnbyeeOH8tvUUvln2qFVwK+30tuV9Rx/8Az7ZswXulab4vs77T1vW0y2uoZlFwFMxV SpbOPlzkHH4V03/CQeDLfxBJ4gtF8RjUftDXSoWhSNnJJKEjJCHJB68E9a4HYfal2mrniMJLep0t uSsuxq2ps7K08V/arOC3xFDqcviJdU8yb5bZMjHzHO4ANyfbvXeX+jW2lQ+KNWfSZ7KW9064E1xN dxtCJGx8sQB3EOxzlgDwAAM4HiWKMVjUq4WTXLUSRccBjEtaTZu+GtZt9H/tf7QkrfbNNmtI/LAO HfGCckcce/0rFFNpc10rG4VNvnWpk8sxrVvZs7mLxrYxanpsjWUs9kuix6TfRv8AKzLzvKEH6Yzj PI46iKx8QeG9C8R6PfaNp1+YLTzPtMlzIvmzbwV4UHaNoPGMZ6HHWuM3ClDCsfbYPbn/ABK+oY7/ AJ9s7aDWfCf9kXOhzxa0NN+2reW8kZi84nywjBweAM5Ix1yOmObN14z0mW7mkt7K5ghfw+2lxw8N 5chPHJOSgHGevtXA7x70vmD0NJ1sG3dz/Ef1DHf8+2dj4Y8VWumaPdaRqB1CG3klFxHc6bN5cyPg Ag5IBUgd/wAjwRgavqB1XVbi98toxK3CPM8pUAAAF3JLHAHP5ADis7zV9DR5y+hq44nCRk5qauyH l2OaUXTZKKcKh85fQ0onX0NX9ew386J/srGf8+2TUtQ/aE9Go+0J6NR9ew386F/ZWM/59snp1V/t KejUv2pPRqPr2H/nQf2VjP8An2yxS1X+1x+jflR9rj9G/Kl9ew/86D+ysZ/z7ZZparfbI/Rvypft kf8Adb8qPr2H/nQf2Vjf+fbLNLVX7bH/AHX/ACpftsf91/yFH17D/wA6F/ZWN/59ssilFVft0X91 /wAhS/bov7r/AJCl9ew/86D+ysb/AM+2WqKq/b4v7r/kKPt8X91/yFH17D/zoP7Kxv8Az7Zboqr9 vi/uv+Q/xo+3xf3X/If40fXsP/Og/srG/wDPtlulFU/7Qi/uv+Q/xpf7Qi/uv+Q/xo+vYf8AnQf2 Vjf+fbLdFVP7Qi/uv+Q/xo/tCL+6/wCQ/wAaPr2H/nQv7Kxv/PtlwUVU/tGH+6/5D/Gj+0Yf7r/k P8aPr2H/AJ0H9lY3/n2y3QKqf2jD/df8h/jR/aMP91/yH+NL67h/50H9lY3/AJ9suUVT/tGH+6/5 D/Gj+0Yf7r/kP8af17D/AM6D+ysb/wA+2XKKp/2jD/df8h/jR/aMP91/yH+NL67h/wCdB/ZWN/59 szKK9Z/4Un/1MH/kl/8AbKP+FJ/9TB/5Jf8A2yvluSR9z/aOG/m/B/5Hk1d7exaJPpukCKLS3u0t MrEbiKNJpPLtsiVkKFcZnI3sCWU84IWtz/hSf/Uwf+SX/wBso/4Un/1MH/kl/wDbKahJdDKpjcNN p89reTOYvrLwxaX0J0q5+0Wj2l4PNuWT5mEDbCVJ3B95IGVTOE2gkFmt3mieHU1PV4NLNreQRx3E is13kwqtsJIzFhh5n7zeD9/AQZxyTuf8KT/6mD/yS/8AtlWE+Ed5HYyWKeLJ1tJG3PbrbkRseOSv mYJ4H5CnyvsZvF0NLVX26/fscFo1/af2K1rfmzjiN7bxPL9kiadbdxL5rKxQsSPl55I4x6VNf2Gi Qx3/ANmEDFWbcZLtQ0I8tCnlBHcOGkLqRmQhQoZkOXrr/wDhSf8A1MH/AJJf/bKP+FJ/9TB/5Jf/ AGylyy7FvGYbm5lO3yf+Rzc2meHJmZjdwKT4cS5GydFC3ihRsAH8R2nKnJJZj1xg0ez8M+bZG/mg itnhIeYS7pGDW0hlLIc7WSXaI/lUnqN/Wuk/4Un/ANTB/wCSX/2yj/hSf/Uwf+SX/wBsp8suxP1r D8tvav7n/kYFvpuhtHvFlp092ltczXtqL1jHAUjZovJKyZkDbQXwz4/2Kovpul2mtfY7VfPj+wXt x5kwyxBhlaE4wB/qxE4wMhnOeQAvap8I7yOxksU8WTraSNue3W3IjY8clfMwTwPyFN/4U9ceb5v/ AAlEvmeX5W/7Kc7NuzbnzOm35cenHSjlfYSxdDW9T8/6/pbnA293pkHgeeCWOJ9QuJ5FjxBGzoAY GDFyd6jAkAA4O5vSuistK8NTahp7zS6XJay2Fk10slyqNHKQVk24ljA4TLZ3sGYHacmtb/hSf/Uw f+SX/wBso/4Un/1MH/kl/wDbKXLLsOWLwzTtUav5P/IwNKsvDMHizRIp3s5rC80tWvDPcfJBMY23 c5G1sqOD0LcYO3EUFt4dhjuZLq105roQ5a3F47RRyCO5YCNlk+YHy7fPzNy5HBIA6T/hSf8A1MH/ AJJf/bKP+FJ/9TB/5Jf/AGynyy7CeKw7/wCXr/E43TINDt/EuqWd3LFLpyybIpZGB3RpcRliGXuY lk5XBOcDkgHTWPwzeafbNIbMTyTJLc/P5RjhaKMTSKBj51lSTZHzwxIQqRW//wAKT/6mD/yS/wDt lH/Ck/8AqYP/ACS/+2UuWXYcsXhm7+0f3P8AyOe0+z8O3cU1m/2CGRo7HypJLry1LmB2mLuSxXBJ HyjAcRgqRkHmNdFmuuXi6fHFHaCTESROXCr6biTk+pBKk52kjFekf8KT/wCpg/8AJL/7ZR/wpP8A 6mD/AMkv/tlDjLsVDG4aMub2jf3nk1Fes/8ACk/+pg/8kv8A7ZR/wpP/AKmD/wAkv/tlLkkbf2jh v5vwf+R5NRXrP/Ck/wDqYP8AyS/+2Uf8KT/6mD/yS/8AtlHJIP7Rw3834P8AyPJqK9Z/4Un/ANTB /wCSX/2yj/hSf/Uwf+SX/wBso5JB/aOG/m/B/wCR5NRXrP8AwpP/AKmD/wAkv/tlH/Ck/wDqYP8A yS/+2Uckg/tHDfzfg/8AI8mor1n/AIUn/wBTB/5Jf/bKP+FJ/wDUwf8Akl/9so5JB/aOG/m/B/5H k1Fes/8ACk/+pg/8kv8A7ZR/wpP/AKmD/wAkv/tlHJIP7Rw3834P/I8mor1n/hSf/Uwf+SX/ANso /wCFJ/8AUwf+SX/2yjkkH9o4b+b8H/kcP4Ra1S61BriK1lcWn7lLiSCMF/Nj6NMrIDt3dQeM4rpR Dozx6YWm0nyotRikuNy2ochpfmQlWBZF3uGbaFISMogXc1af/Ck/+pg/8kv/ALZR/wAKT/6mD/yS /wDtlUoy7HPPFYaUubn/AAZwWt6iLvTdKRY7BXaAyXH2e1hjbzBLKoyUUEfJs+Xp0OO9bNtFpUPj DxXaXcdnFE63NtaCYKqQyNMqIwz90LkkkchVYjpXSf8ACk/+pg/8kv8A7ZT5fgzJPM803iRpJZGL O72mWYnkkkycmlyy7DeLwtrKdt+j737GHrn/AAjNzbatqlnaacp3QSWkIn2NgrblozEjjA+aXO0E 538qVG5+vjw7ea/dG6NhHDJGJWubSfewJvmDMNrMGcwvuIIJGBgADFa3/Ck/+pg/8kv/ALZR/wAK T/6mD/yS/wDtlPll2IWIwyt+8enr5f5GNZ2Xg9Llo5Es542uQpea5dDGN1qrBdsmNo8y4IOW4jzu YAk19AXRbKy8PahKtgL0anCJWa6O4R75cu67xs24jP3QOFJZtxVeh/4Un/1MH/kl/wDbKP8AhSf/ AFMH/kl/9so5Zdh/WcO1Z1X+JyutW2j/AGK/lt49OF0kMAKQ3Xywny4B+5AJEpLGcNktjbkkH7xJ YaCNb0GOAWclvNpaSXgkuyE+0bHLbm3ja2QvyblBOBlc5rqv+FJ/9TB/5Jf/AGyj/hSf/Uwf+SX/ ANspcsuw1i8Olb2j/Hsc9dWvhNbue022sdqNz/a4bh3kUfbvLwo3FT+4+YDaSR83NZ2oJpces6At 1BYQWojT7fHYzeagHnybssrMSdm3+InpjHArsv8AhSf/AFMH/kl/9so/4Un/ANTB/wCSX/2yjll2 COLwy/5eP8Tm54UmuboainhqSVWJsIbWaOKKQ7sMC8TLhAhJHmMrZVQM5cF5tfCaaXOkK2sz+XMY biW4dZT/AMfZQldwGf3Vvxt/j5HzCuh/4Un/ANTB/wCSX/2yj/hSf/Uwf+SX/wBsp8suwvrWGtb2 lvRNHNyaPo4W1hljs7eaSyR4T9swZXazZy0u58RkS+XtzsBDHhh0sWi6TaaZrNgV0ttkEMm97oOT L9ilDFPn2uRM2BtBwXPopXfk+DMkzBpfEjOwVVBa0ycAAAf6zoAAB7Cmf8KT/wCpg/8AJL/7ZRyy 7A8Vh2rOp+DOensdCuZ7s2FlYF7We6SKP7U4hmjV4VjeV2k+UFXkIYMoZgo56GjHJbaP4v1uySKz FpG14sa3UEcoUxpL5QBkBOdwXv8AMcA5rt7P4R3mnTGax8WT2srLtLwW5RiOuMiTpwPyqKX4MyTz PNN4kaSWRizu9plmJ5JJMnJo5ZdgWLw+sXUuvn/kcxb2fhm5udOlM0E1zPD5k8E8v2aAyFo9wZl+ 4BuuMY2/6tMK2QZGRJ4fdJXngsHeGC3dP3zJ5jfYHZlIVhn98iZxhtzEE84rp/8AhSf/AFMH/kl/ 9so/4Un/ANTB/wCSX/2yjll2H9aw3/Px/j/kclc2vh97aeWJbWPdAruEuGJgc20bIIgWJfdMXRgd +0D+DrVy607w7d6pOiNEIJr9lV7R90u43O3y441zmPyPnDBD82AGP3K6H/hSf/Uwf+SX/wBsp8Xw ZkgmSaHxI0csbBkdLTDKRyCCJODRyy7A8Xh+lR/j/kcfeWNnbX1hnRLWZprA3Mtva3xMY8uZ2dg+ 985iiZcBjgkkcjFcnXsl18KNRvXd7vxfdTu8YiZpYGYsgbcFOZOm4A49eaqf8KT/AOpg/wDJL/7Z ScJdi6ePw8V70/zPJqK9Z/4Un/1MH/kl/wDbKP8AhSf/AFMH/kl/9spckjX+0cN/N+D/AMj1miii ug+WCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo ooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiis7V9bstFhRrlm aaQkQ28Q3SzH0Vf5k4A6kgc0m0ldg3bVl+SRIo2kkdURQWZmOAAOpJrkrvxNe6m2zQPKitR1v7mI usntGmRkf7ZIHoDnIpXS3muyCXWNq2wIaPTo2zGuOhkP/LRu+Pug9ASN1XK8fFZnb3aP3/5HnV8b 9mn95W+1+Kv+g1Yf+C0//HaPtfir/oNWH/gtP/x2rNFcH9oYn+b8F/kc31ut/N+RW+1+Kv8AoNWH /gtP/wAdo+1+Kv8AoNWH/gtP/wAdqzRR/aGJ/m/Bf5B9brfzfkVvtfir/oNWH/gtP/x2j7X4q/6D Vh/4LT/8dqzRR/aGJ/m/Bf5B9brfzfkVvtfir/oNWH/gtP8A8do+1+Kv+g1Yf+C0/wDx2rNFH9oY n+b8F/kH1ut/N+RW+1+Kv+g1Yf8AgtP/AMdo+1+Kv+g1Yf8AgtP/AMdqzRR/aGJ/m/Bf5B9brfzf kVvtfir/AKDVh/4LT/8AHaPtfir/AKDVh/4LT/8AHas0Uf2hif5vwX+QfW63835Fb7X4q/6DVh/4 LT/8do+1+Kv+g1Yf+C0//Has0Uf2hif5vwX+QfW63835Fb7X4q/6DVh/4LT/APHaPtfir/oNWH/g tP8A8dqzRR/aGJ/m/Bf5B9brfzfkVvtfir/oNWH/AILT/wDHarXer+KLXy0XV7Oa4mO2G3i00l5W 9B+9/MnAA5JAqxNcyvdLYWEP2m/ddwjzhY1/vyN/Cv6nBABro9F0GHSt9xLJ9p1CUYmumXBI/uqP 4UHZfxJJya9DByxdd80pWj6LX8Dqw7r1NW9PkWNGTVE0mAazLby6hgmVrZCqZzwACSeBgZ74zgVf oor2D0AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA4vV/FN9a63e2cF/o 1rPbuqWmmX3y3GqEorDynMqBQzMYgdjgMjHnlRqS6hrGoanfwaMbGOPTJVhnW8jdjcyGNJdqsrDy l2yIN5DnLN8mFG+PWPDupamNSs01iNNL1RCl1BNbNLKitGI3EL+YFjBUZAKNh2ZjnOBYudFvkv7m 40jU47FL5w94r23nMXCKnmREsAj7FUfMHX5FO3728Ap614puNMurBUscRmJbnURKwLWcTSxx/OVJ VMeZJIWJKlbaQDjLoJe+JL/WtaSwudKS1067S3S3ntZC837iKU5lEmEyZSufLbGM4bpRceAtC1Oe 8k1qyg1TzYktoGu0LyW9uqYCCRiWLbzI/mZDkuMk7QajsfDniOxluyniS0YXzxSXUzaZ+/MiwRQu 6Hzdik+VuAMbBSeQwGKAI7vxv+40e9sLXfY3VpFqF20pw1tbyPEil8EhOJJJCxJG22kHqyXLDxLN N4u1PRru3jjgjuPJs7hSfnZbeGVo3zxvxKWXBOVR+Bsy1c/Drw5cC4j1LTbS+g+zxWVos0WWtLWO MKsSOSWzuMjbwQ3zgZ+VasWfhRhpt/b6lqUl3cXtxBdvdRxLEyzxRQIsgXlc74BJggrztIIHIBTs vHSf8I9pt/eWU8sj6VBqeovaKojs4pEJ3kO4Yr8kvCb2wh4yVzqaFrV3qmreILS4sJLePTr1beGR in71TDG+eHY5y+7oPldB94MBz8vw0tpLfTInk025e10y302WW+0tLhtkQbDw7mxE53sTuEg4Tg7T u6jTdKm0/VtZu2uY5INRuI7hIhEVaJhCkTAtuIYERqRwMc9ewByfhLxrea22iGTVtD1KTUYg9zZa bEVmsMxGQtIfOf5QwEZyq/NIvIPynUs/GTL4V0rWL7TbuRJtMhv7+4tY1EFqjJuZjvcFgMMdqb2A AyPmXduaFpn9ieHtM0nzvO+w2kVt5u3bv2IF3YycZxnGTXH6r8MU1Tw9ZaRJqMDLbaVHpwmuLBZm jKIQJYAzYiZiRv8AvFlVAChUNQB0Eni6zi1i509rO+22t3FZ3F35Q8mOSVYzEM7stuMqr8oJU8sF UhjJb+KLa51RLQWl2kE1xLaQXrBPKmnj3+ZGoDFwR5UvLKFOw4Jyu6O48MfaP7S/0zb9t1W01L/V Z2eR9n+Trzu+z9eMb+hxzT0zwPbaZ4lfVY103BuJ7lZBpqC7Lyliwe4JJKAyNgKqnAQFiA24A6yi iigAoqtf6haaZZvd3s6QQJ1dz3PQD1JPAA5Ncje6hqHiDKES6fpZ/wCWQO2e4H+2R/q1/wBkfMe5 HK1jXxFOhHmmzOpVjTV5GjqfihnnksdDWO4uUJSW5fJgtyOoOCN7D+6p47leM5drYrBNJcyyyXN7 KMS3MxBdvbjhV9FUAD0qeGGK2hSGCNIokG1ERcBR6ACn187isbUru2y7Hk1sTKrpsgooorjOYKKK zNc16y8P2Iur1nwz7I4413O7YJwB9ATzgcU4xcnZblRjKbUYq7Zp0VU0vU7XWNOhv7Ny8EoOCRgg g4II7EEEfhVuk007MTTTswooooEFFFFABWXqPiPSNJvYbO+vo4J5uVVgTgZwCxAwoz3OBWpXJ+If Adn4h1Zb2W7mhV0EdxEgB81RnGD/AAnnGeePQ81pSVNy/eOyNqCpOdqraXl+B1lFAAAAHQUVmYhR RRQAVVQ3WqXb2Olbd0ZxcXbjMdv7Y/ifH8PbqccArZW1z4jci0ke30sHEl4vDTeqw+3q/wCC5PK9 lZWVtp1nHaWkKwwRjCoo4Hr9STyT1Jr18FlzlapV27HoYfCc3vT27EGlaRa6PamC2ViztvlmkOZJ X7sx7n9AMAAAAVeoor3EklZHppWCiiimAUUUUAFFFFABRRVdL+zkitZY7uB47vH2Z1kBE2VLjYf4 vlBbjsCelAFiiqcurabC86S6haRvbo7zK8ygxqiqzFueAFkQknoHU9xViSeGF4UlljR5n2RKzAF2 2lsL6narHA7AntQBJRUYnha4e3WWMzoiu8YYblViQpI6gEqwB77T6VGL+zazhvBdwG1m2eVMJBsk 3kBNrdDuLKBjrkY60AWKKKKACiiigAooooAKKKKACiiigDH16+uLdtMsbWTyJtTuzai4ChjABFJK zKp4LYiKjPALAkMBtOWmu3eiaydHvpZNQgR7QtqEuxJEW5aaNA6ooVz50SICoXiUEj5GZug1LTYd Tt1jkaSKSNxJBcRECSCQAgOhIIzgkEEEEEqwKkg57eF7aXS720uru7ubm9QLLqEhQXAK5MbIVUKh jPzJtUANlsbixIBzd98UbOxgS4lisYYTaf2hi61AQyXFqzyCJrdCp8yR0i3eW2zaXRSck40NV8T6 j9q1C2tLP7PDYarYWT3jSq3m+dLallVMHHyTOCTjHylSSTs1LnwvbSXCS2V3d6Ygt47SWKwKRrLA hbZHypMYXe4BjKMN3XhcSTeG7Of7buknH2zULfUJMMOJIfJ2gcfdPkJkdeW5HGADHvfG0trr0ujx 2VjPfP5qWlkmpp9rkkSJ5V8yLbiKNwhw+5iN8eVGSF2NF8Q2+vz3D6evm2EcUDpdZK73kTzNmwgE YjeFs9/MxwVIqvH4Rs4tYttQW8vttrdy3lvaeaPJjklWQSnG3LbjKzfMSVPClVJU2PDOjf2Ho4tm SBJpJZJpFgHyJuYlYwcDcsabIlOB8sa8KAFABycvi3V7Xwx4mmu5o45401N9JuxGBuaCS4UREcqX RYkcZxvUn5T5bsdS/wDH1nY+KG0djY/uruCzkje+CXbSTCPa0cG354x5qZbcCMScHaN2hfeDtL1H w5d6Hc+e1vcS3M3mq+2WJ53kZyjAcf61175UlW3AkGw3h9P7Ykv4dQvreOeVJ7i0hdVjnlVVVWY7 fMHCRgqrhSEwQQW3AHL6T431SDT79dasIGvvNuhpyw3O4XbpeNbiHPlr5e12t0DsPmEgY4w4XU/4 TZb2WJNEtI71Lp4IbSeWZoY3lkge5Kv8hZAIVRgQrZMoXAwxFyDwhYRSwvJLPP5GoT38QlEZCmVj I0fCgmMSESAHJDohz8owL4QsINOjtbKWezkhu3u4LmAR+ZC7BkAAZShVYmMShlO1AoHKggAr2viy 4vb/AEqyt9K3TXf2sXDG4AS3NtOkMpyRl1JZtpABOFyFDMUj8CeKG8T6Dp8ySR3ZjsoRf3iuoH2t o0ZowqjBIDZY8BSVUZO4JqWHhuz066s7mKSd5raK5j3Ow/etcSpLK7AAfMXTPy4UbiAAMAN0vw/Y eH47aSCeVEtNOisHaV1xJFDny2c44K7pORgHecg4XaAbVYmseJINNm+xW0RvdSZci2RsBAejSN0R f1POAcVlXviO61jMOiObeyPDaiy/NIP+mKnjH+2wx6Bs5Fe0soLGExwIQGYs7MxZnY9WZjyxPqea 83F5jGl7tPWX4I46+LjD3Y6sjW1nurxb/VZxdXi58sAYit89o17e7HLH1xwLlFFeBUqSqS5pu7PK nOU3eTCiiioJCiigkDqcUAFZmuaDZeIbJbW9EgCPvjkjbayNgjIP0J65FadFOMnF3W5UZShJSi7N FPS9MtdH06KxskKQRZwCckkkkknuSSTXN+PdW1zS7az/ALIWVI5Gbz7iKASshG3auCCAGy3OOwHe uwoq4VOWfPJX9TSlV5aiqSXN5PqUdGnvLrRbKfUIfJvJIVaaPGNrEc8Hp9O3Sr1FFZt3dzJu7uFF FFAgooooAKKKgu7uGyh82ZjgkKqqpZnY9FVRySewFCTbshpN6IydRuprjVbmxXUn0y3s7WO6luYh GWbe0igZkVlVR5RJ4ydw5XB3Z97qd2g02PXRpdpBdJLIkd/fGxiu0jKAl2ZWZN3mIwhwSRu3NhcP 0cfgmfWLmLVdRu7jTLtCphhtBE5VRkr5u9HV2BJI4whJ2nkk70/he22Wf9n3d3pk9okkcdxbFHcp IytIG81XDFmRWLEFiRndy2focJgFBKdRa9ux6tDCqNpTWpz0niq5uTHcaZI0FhPbaFPbxPEgKJdX bpID15MYVepxjjB5qXVfGlw/g1L+zg+zXV74autYhfeH+zvHHEVXBXDczDk4+70543J/CtjPMZWm u8lLFOZd5xazNNHlmyxJZiGJJJHoeaz/APhAbI28tpJqepSWZ0yfSre2YxBbW3lCAqhEYYkCNAC5 Y8c5JJr0ztJNX8YJo3iG2025SxSOeWGFFfUFW7lMrhFeODB3RhmwWLKRskIUhRu0NA1m41pb2WTT /stvBdz2sTmYOZjFK8bMAB8q/IMZOc7hjADNXv8AwjZ3+otdNeX0SPdwX0ltDKFjkuITHtkb5dx+ WJFK52YGdofDDU0zTYdKtXt4GkZHuJ7glyCd0srSsOAONzkD2x160AXKKKKACiiigAoorI1HxRoO kXX2bUdXs7afaG8uSUBgD0OKANevL4NE1G9ttRtYbfM3hqJ7bSYQ6gNItyLmCFyTyoig0/nIOJHB bdkr13/Ce+E/+hg0/wD7/Cj/AIT3wn/0MGn/APf4UAcLqc80nhjUbgSyGDVNC1/UAdx/0iNpIvs8 jDuRAyKu7lV+XjGKk02xuI/G3h+G4jxBomoS6ZZDcP3KNBeyBOOW/wBHFgcnP13b67b/AIT3wn/0 MGn/APf4Uf8ACe+E/wDoYNP/AO/woA5XSpNSTxBZ+LpbS0TS9UvZUFytyzMbe4EUVu3k+WCpc29p /GxHmOSq5/d6GnmEapp+pGOQaDNqdw2n5cYiuJd489mxzFKzTCP5iMzpjd5iLDtf8J74T/6GDT/+ /wAKP+E98J/9DBp//f4UAdFRXO/8J74T/wChg0//AL/Cp7Lxh4c1G9is7PWrKe5lJEcSSgsxAJOB 34BoA26KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoormdT8UM80ljoax3FwhKS3T8wQ HuMj77j+6Dx/EV4zFSpGnHmm7ImUlFXkzV1fW7PRoUa5ZnmlJENvEN0sxHZV/mTgDuRXKXK3muyC XWNq26kNFp8bZjXHQyH/AJaN3/ujsCRup1rYrBNJcyyyXN7KMS3Uxy7+3oqjsoAA9OTVqvBxeYyq e7T0X4s8uvi5T92GiCiiivMOIKKK4HUtL8VyeP4rq2ln+wedEyOs+IkhG3erJnkn5uxzkcjHGlOm ptpuxtRpKo2nJKyb1/L1O+ooorMxCuJ8e+FdS8Ry2T2RgljiDK0E77VVjjDjg5OMj19OprtqKulU lSkpx3NaNaVGaqQ3RXsIJbXTrW3nnaeaKJEeZusjAAFj9TzViiiobu7mb1OD8d3PimHVLRdGW8Fq YwVNpFvzNk8ScHC424zgcnNdvbGY2sRuAonKDzAnQNjnHtmpaK0nU5oKNrWNZ1eaEYcqVuvV+oUU UVmYhRRRQAUUVh634kh0y4g0+ALNqVy2yKM/dT5Wbc5HQYVsDqccdyKhCU3yxWpdOnKpJRirtl3V NWg0uJNytLcS5ENun3pCOv0A7k8D8q5a509NXk8/W4be8k/ghdA8UI9FB7+rHk+wwBRZtQOtXEcE 0Et2kEU881yjEzbmcCNSpHlKPLPZvvZwSDuhn8WWbXUtnZur3MVzFEwYgggzpFJwDuUqXwNwGTyN wzXsYfCqlruz6XBYGnh1zT1l/Wxd/wCEZ0D/AKAem/8AgJH/AIUf8IzoH/QD03/wEj/wpsOpXk/h W01KOFXup7aKVlRSwXcFLMFBywUEnaDk4wDk0y38QRGECf8AeSr5AdoVIUmWZol+VuVIZTuU8ryM sRXT7x6HudiX/hGdA/6Aem/+Akf+FH/CM6B/0A9N/wDASP8Awqhp/is3GnWDTadctf3KRN9ni8sb t8buHUl8BT5cmATu45HIpl9450y3jl+zBruVbbz0RWVC/wC780DDHcBs+YttxjjJb5adp3sF4Wua X/CM6B/0A9N/8BI/8KP+EZ0D/oB6b/4CR/4VpRO0kSO0bRsyglHxlT6HBIyPYkUhd2uI7W2he5vJ c+VBH95sdSeyqO7HgfiKlOTdkNqKV2ZU+geHLePzJdF00DIAAs0JYngAADJJPAA5NdR4Y+GWnG8t 9X1LRrK0MLiW2tI7dFdWHIeRgOvoo4HfPQdJ4d8Ix6bImoaiyXOp4+Uj/V2+eojB79ix5PPQHFdP XZTpuOstzhq1lLSK0CjoMmquoajZ6VZSXl9OkFvH1dvXsABySTwAOSeleN/EPxLrGrW6z2guLSxM c9utqCS0xaNmRpVB25MiRqqc/fKnO/aNJSUdzGMHLY7TXPGcl2z2fh+QbB8smo4DKPaIHhj/ALR+ Uf7XIHNQQJbqwTcSzFnd2LM7HqzMeST6muA1PUNQt7eeIS3Ea2cd3bxESOpHyXLJuIPzMscMBUtk 4k3cllYW7zXtTtrmwMrSt9heSGeMDZ9un8ucIOB8pbykYIM589ODhSeWpzTO2lyU0dzRXHQ32pW6 /Yro3aXwlgltPtDIGuCx2yrtRmBThmbr5ayAhcIudITM3g6OYXsqyFFaaabcjbtw8xX25MXO5SR/ qucY21k4m6nc36K5OHxFJaxW8JZQsrWyWxuJN7Tb7ho5Nj8eYqpsZWxkqys2d1V9G1+/k8MwFLm2 uplSyjF0VZ1DyuEZHG/LSIMMfmGd44Hc5GL2iO0rkNX8VXth4j+wRW8RiRo18tlPmTbscoc8dcdD yppZPFGofbbW0SG2jeR2gM0pVUkcTPESoaRT8uwPsXeTuC5Xhjo+Gr241u00WCEQ6jrF3aGcSIoV IwCodnIzsALAHHUggDOFqowfa4e0j1NpmkaaK2t4XuLqY4igT7zHufQAdyeBXd+G/C6aP/pl4yXG qSLhpAPkiU/wR56D1PVu+BgCx4f8OW+hQM2/7RfSgefdMuC3+yo/hQdl/E5JJO1XVSpKGr3OGtWc 9FsFFFFamAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAec6x4ol1S8uLKdNRsLCGRomiis5zL cYODudVIVD6KckYyQMrTYdb0u3hSGGC8jiQbVRNNnAUegGyvSKK4q+BjXlecn+H+RzVcMqjvJs86 /wCEhsP7l/8A+C64/wDiKP8AhIbD+5f/APguuP8A4ivRaKw/smj3f4f5Gf1Cn3Z51/wkNh/cv/8A wXXH/wARR/wkNh/cv/8AwXXH/wARXotFH9k0e7/D/IPqFPuzzr/hIbD+5f8A/guuP/iKjPijS1nS Am9Erqzqn2CfJVSASBs6Asv5ivSa5+8/5KHo3/YKv/8A0baUf2TR7v8AD/IPqFPuzmv+EhsP7l// AOC64/8AiKP+EhsP7l//AOC64/8AiK9Foo/smj3f4f5B9Qp92edf8JDYf3L/AP8ABdcf/EU0+JdN EgjIvQ7AsF/s+fJAxk42e4/MV6PXP3n/ACUPRv8AsFX/AP6NtKP7Jo93+H+QfUKfdnNf8JDYf3L/ AP8ABdcf/EVHP4o0u2gknnN7HFGpd3awnAVQMkk7OmK9Jrn/AB3/AMk88S/9gq6/9FNR/ZNHu/w/ yD6hT7s5h/EumxqGcXqgkLltPnHJOAPudyQKd/wkNh/cv/8AwXXH/wARXS+Mv+QHbf8AYV03/wBL Yad4wdk0W3KMVP8AamnDIOODeQgj8qP7Jo93+H+QfUKfdnMf8JDYf3L/AP8ABdcf/EUf8JDYf3L/ AP8ABdcf/EV6LVa/1C00uykvL6dILeMZZ3P4AD1JPAA5J4FH9k0e7/D/ACD6hT7s4P8A4SGw/uX/ AP4Lrj/4iqi+NdBfdsup22kqcWcxwR1H3OtSaz4ivvEO6CMS2Olngxg7Zrgf7ZH3FP8AdHJ7kcrW fHGkUaxxoqIowqqMAD0ArnngKCdk2/u/yOmnk8JK8m0T3XiQ36eTovmAn/WXU0LIsQ/2VcDc34YH U+h43xBqNtol9pkaQzTyQzNeTndlmUxyR7ixPzMS3/jvbiutqhqOiadqzRte2wlaP7pDspx6HBGR 7HitqNKFLRI9LDYOlh1aP39RJdP0/Vliu3RnWSMcrIyLKh5CuAQHXk/KwI+Y8cnKnRbFpnlMcvzu shjE7iPeHDhgmdoO5QSQOTnOcnN5VCqFUAADAA7VyXijw7qerapDcWkkZRYwqb5Cpt3ySXXA6nI5 HPA/DWOrtc6rLqdINNtBpsenCLFrGixom45ULjbhs5BGAQc5BAOc1XbQdNYwHyGBgZWUrK67yr7w Xwf3hDZb5s8knqTnQQMsaqzbmAALYxk+tOqbsLLsZtnoOm2Ag8iBgYGDRM8ruUwjIACxJ2hXYBeg 3EgZpn/COaWIfIWGVITB9naJLiRUdNmz5lDYY7cDccngc8DGqSAMk4Aq1ouh3niVhLG72uld7oDD z+0Weg/2/wDvnPUXFSk9CJuEFdlTTrG71OcadpKbzCAktzMzOkAx/GxOXfHO3OTwSQDmvRdC8PWW g27LbhpbiXBnuZcGSUjpk9gOcKMAZ6cmrthp9ppdlHZ2UCQW8YwqL+ZJPUknkk8k9as12QpqB59S q5vyCsXX/E1noKLGytcX0ozDaRn5m/2if4V9WP4ZOAee8W/EO00m9k0exuIV1BAPOnm/1cGfQfxt jsOB3PY8TFrWkRvJK+qRzXEzbpp5ZMvIfUn+QHAHAAFKpU5dEtR0qXPq3ZGvdT3mq3ovtUlEs658 qJM+Vbg9kHr6seT7DgFZv/CQ6R/0EIP++qP+Eh0j/oIQf99Vxy5pO7O+PJFWRpUVlnxHowKg6lbg t0G/rTv+Eh0j/oIQf99UuV9iuePc0qKzf+Eh0j/oIQf99Uf8JDpH/QQg/wC+qOV9g549zSorMGv6 Y8scME7XM8rFY4bWF5pGIBJwqAk8Anp2qcXE9xdRW/2DW7WF8mW6bRLtvLA7KoiOWPbPA5JzjBap yfQmVWEVdsu2ttearf8A2DTUVpgAZZXH7u3U/wATep9FHJ9hkjprDQrTQvG+jw2wZ5H0u/aaeTBe VvNtOWP8gOAOBU2l67oGjWK2dlYa4kYO5idCvizserMfJySfWqN14r05vHOk3AttZ8tNNvUOdFvA 2WltSML5WSPlOSBgcZxkZ7adNQR59Wq6j8ju6K5//hMtL/59dc/8EV7/APGaP+Ey0v8A59dc/wDB Fe//ABmtDI6CiszS9fsNYnuILU3SzW6o8kV1ZzW7hXLBW2yqpIJRhkf3TWnQAUUUUAFFFFABRRRQ AUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFc/ef8lD0b/sFX/wD6NtK6CufvP+Sh6N/2Cr// ANG2lAHQUUUUAFc/ef8AJQ9G/wCwVf8A/o20roK5+8/5KHo3/YKv/wD0baUAdBXP+O/+SeeJf+wV df8Aopq6Cuf8d/8AJPPEv/YKuv8A0U1AB4y/5Adt/wBhXTf/AEtho8Zf8gO2/wCwrpv/AKWw0eMv +QHbf9hXTf8A0thqLx1cRWnhyKeZiEj1PT3OFLHAvIScAck4B4HNAHS9Bk1kXmo+HdQtXtb280u5 t5Bh4ppY3RvqCcGs6SG88RHdqMb2uln7tiT8849ZiOg/6Zj/AIETnaLX9h6T/wBAuy/8B0/wryq+ a06cuWK5i1Bszf7C+HH/AECvCn/gPb/4Uf2F8OP+gV4U/wDAe3/wrS/sPSf+gXZf+A6f4Uf2HpP/ AEC7L/wHT/Csf7Zj/J+I/Zmb/YXw4/6BXhT/AMB7f/Csm/s/ATXJ0/StD8Jy3eP3k8trB5NuPViB 8zeiA56ZKg5rqP7D0n/oF2X/AIDp/hR/Yekf9Auy/wDAdP8ACj+2Y/yfiHszC07wp8ObG28t7Tw5 dSsxeSaeK3JZj6DGFH+yoAFUta0jwDFqvh1LfTPDAil1B0uAltb4KfZZ2AbjpvVD9QK6r+w9J/6B dl/4Dp/hVDUNF0oXulAaZZgNdMDiBeR5MvtR/bMf5PxD2Yz+wvhx/wBArwp/4D2/+FH9hfDj/oFe FP8AwHt/8K0v7D0n/oF2X/gOn+FH9h6T/wBAuy/8B0/wo/tmP8n4h7Mzhofw4BBGleFQR0It7f8A wreGuaMoAGq2AA4AFwn+NUv7D0n/AKBdl/4Dp/hR/Yek/wDQLsv/AAHT/Cj+2Y/yfiHsy9/b2j/9 Bax/8CE/xo/t7R/+gtY/+BCf41R/sPSf+gXZf+A6f4Uf2HpP/QLsv/AdP8KP7Zj/ACfiHsy9/b2j /wDQWsf/AAIT/Gj+3tH/AOgtY/8AgQn+NUf7D0n/AKBdl/4Dp/hR/Yek/wDQLsv/AAHT/Cj+2Y/y fiHsy9/b2j/9Bax/8CE/xrO1PxfplqY7azvLO6vZv9Wn2lVRB/ekf+FfzJ7A0/8AsPSf+gXZf+A6 f4Uf2HpP/QLsv/AdP8KP7Zj/ACfiHsyLTZ9GtJXvLrW7G71GVdslw06DC9diLn5EHp36kk81p/29 o/8A0FrH/wACE/xqj/Yek/8AQLsv/AdP8KP7D0n/AKBdl/4Dp/hR/bMf5PxD2Ze/t7R/+gtY/wDg Qn+NH9vaP/0FrH/wIT/GqP8AYek/9Auy/wDAdP8ACqF/aaXBMllZ6LY3OozDMcPkqAq9N7nHyoPX qegBPFXDNvaSUY07t+YOFupLrF/Z3uueFRaXcFxs1V93lSB8ZsrrGcGpPHJmXw3G1vHHJONT08xp I5RWb7ZDgFgCQM98HHoay5PDtpoes+GJI0ia9uNWc3E6RBN+LK6wqqPuoMnC/Ukkkk7Fh4n0HxF9 mhiE8kdxsmtmu9PmhjmK4kQxtKgVmG3eNpJwpYcKSPXV7amZjzW15rHjfT7PxLo2lG1fSr3EKXBu 0kxNaH5leJAMEKR1/DHMfhPwX4VudHuHn8NaNK41O/QM9hExCrdzKo5XoFAAHYACtiy8W+HtUuLK 6hW7zMgS2vLjS7iGMrIVICzPGFAchMDd8x2gZOKuf21o2n6j/ZaN5MjS4cxWz+Sksh3bXkC+Wkjl wdrMGYyLwS4ywPO7Xw7po8E/D4WXh3Rrie+e2e5huI1ijumGnztmVhG5YgksCVPPpnNegeF9Hm0e yuY5YLS0Se4MsVjZMWgtF2IuyM7V4LK0hwq/NI3B+8ZPtuhW2neaEgjt9Jl8hIxAQ1vIB5aokeNw Yq4VAoyyyLtyHGbD63p0dndXT3GI7WUwTAo29ZMgBNmNxZty7QAS+9SuQy5AM+z/AOSh6z/2CrD/ ANG3ddBXP2f/ACUPWf8AsFWH/o27roKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigArn7z/koejf9gq//wDRtpXQVz95/wAlD0b/ALBV/wD+jbSgDoKKKKACufvP+Sh6N/2C r/8A9G2lb7MqKWZgqqMkk4AFeWa74xubzxxpsvh426xw2F3GLq7haWOcNJbltiq6HAKrhs4POBjB KlJRV2aU6U6r5YK56pXP+O/+SeeJf+wVdf8Aopq5L/hK/GH/AD+aH/4LJv8A5IrI1bxN4s13StU0 tZ9Hls5LaaC8njsJUEalCGVWM5Bfnpggd+wOM8TShHmk9DongMRBXlH8V/mdz47v0i0y1soAJ9Qk v7KaG1U4LKl1ExJP8K/LjceMkDqQKgv9NmkWDUdVlW4vlurfylTPlWwMyAiMHvjgueTz0HyjFYX1 jZn9/bTTS3MDzXEkDGWVxIuCx39AewAAHAxVzUdS1V7VA8tmR58J+W3YciRSP+Wnrj/61fO4zM3X 9yGkfzBYSpHdHY0VzP8Aausf89rH/wABn/8AjlH9q6x/z2sf/AZ//jlebzxNPq1XsdNRXM/2rrH/ AD2sf/AZ/wD45R/ausf89rH/AMBn/wDjlHPEPq1XsdNWdNNfS6pLa2s1vEkUMchMsLSFizOOzrjG z9ayv7V1j/ntY/8AgM//AMcqxolxc3Or373TRM4ggAMUZQY3S9ixoUk9iZ0ZwV5IveTrH/P9Y/8A gG//AMdqGaw1WeW3ka/swYJDIuLNuSVZef3voxq02oRxPei4HlLaoJS33sxlSd3A9VcY6/LnuKon WL1YbqeTT4kiswDcA3JLr+7WRgoCYOA2B8wzjtVGRa8nWP8An+sf/AN//jtHk6x/z/WP/gG//wAd p1vqSTanc2LRsjwn5WzkSAKjN9MeYo59RjPOJrC6+26dbXezZ58Sybc527gDjP40AQ6dcXErXcVy 0TyW8wj3xIUDAojdCT/ex17Verl5b2/ttY1RLWS2VDOpIlhZznyY+4cU7+1dY/57WP8A4DP/APHK lzSNo0KkldI6aiuZ/tXWP+e1j/4DP/8AHKP7V1j/AJ7WP/gM/wD8co54j+rVex01Fcz/AGrrH/Pa x/8AAZ//AI5R/ausf89rH/wGf/45RzxD6tV7HTUVzP8Aausf89rH/wABn/8AjlH9q6x/z2sf/AZ/ /jlHPEPq1XsdNRXM/wBq6x/z2sf/AAGf/wCOVjal4r1szSWGnXFgbkDEs/2Vitvkcf8ALTDP3C/i ewOlKLqy5YbgsLVbskdbeX8z3X9naYiS35AZ2fJjt1P8cmP0Uct7AFhpaXpUOlwuEZ5p5TvnuJcF 5W9Tj9AMADgAV5tp2s+J9LtfIt7vROSXeR9OmZ5HPVmP2jkn/wCt0Aq3/wAJX4w/5/ND/wDBZN/8 kV9NhKNHDx0d31YSy/FP7P4r/M63xD/yHPCf/YVk/wDSK6rL8E+GZ7fw54an1TUNSmls7KF4rG6S KNbWUwbDgLGr5VXdMOzdTnJAI5bVtR8Ra1FBHe3elf6PL50TwWt1A6PtZMh47pWHyuw69DWf5Guf 9Bb/AMm9T/8Ak6uz20O5P9m4r+X8V/mdLoWgata+HvBw1C/1W609YrUXemSwRL9lkVEeFvkiEu1J URSpOeQzNtRw1y8trlPDGueEvsd22oak9+LaVLd2tylzJK6u0wGxAok+ZWIbKNtVspv47yNc/wCg t/5N6n/8nVRiOvNr13bHWZCkdrBIFN5qO0FmlBI/0zOflGckjgYA5JPbQ7ieXYlfZ/Ff5no99aXM mqXetpp0jWdtexb7PY+bwR4VropnJeMn5BsJcQAjeTA0WheaUsnjWxf7NIbOa3lurrG7ynuYmgWB 3H3S4VpMZ5OxDyYkK+beRrn/AEFv/JvU/wD5Orc8H6JqetXU1xqF7dPpSKUSW31LUYmlkz/CWunB UcgnHXgdDio1IydkZ1sJWox5qisvVf5nY2f/ACUPWf8AsFWH/o27roKy9K8P6fo1xcXFp9qae4VE klurya4YqhYqAZWYgAuxwPU1qVZzBRRRQAUUUUAFFFFABXHeOviDa+CPskc1jNdT3Su8eHEcYCFQ dznpy69Af5V2Nc/egH4haOCMg6Tf5B/662lA1a+p5ofjreMcrounqOwN+Wx+OwfyqzY/HTfcxw3e gq+84H2K782RvZYyoyfxr1NtE0l2LPpdkzE5JNuhJ/SpUtLbToJXsrCNSFLeXboiFzjoOgyfcge9 Kz7m8qlFqyh+Iml6hBq+k2WpW277PeQJcRbxg7XUMMj1wat1wfgvXdRh8C+Hok8J6zOiaZbKssct mFcCJfmG6cHB68gH1Arc/wCEh1T/AKEzXP8Av9Zf/JFM5zoKK5//AISHVP8AoTNc/wC/1l/8kUf8 JDqn/Qma5/3+sv8A5IoA6Ciuf/4SHVP+hM1z/v8AWX/yRR/wkOqf9CZrn/f6y/8AkigDoKK5/wD4 SHVP+hM1z/v9Zf8AyRR/wkOqf9CZrn/f6y/+SKAOgorn/wDhIdU/6EzXP+/1l/8AJFH/AAkOqf8A Qma5/wB/rL/5IoA6CufvP+Sh6N/2Cr//ANG2laulajDrGkWWp2wcQXkEdxGHGGCuoYZHrg1lXn/J Q9G/7BV//wCjbSgDoKr3t7badZy3d5OkNvEMu7ngf/X7Ad6razrVloVl9pvHPzHbFEgzJK/ZVHc/ oBkkgAmvOdQvrzXbxLvUsKsZ3W9opykHuT/E+P4u3QY5znUqKC1OvC4SeIlaO3VljW9buvErmN0e 30kH5bZuHn/2pfQeifi3PC87eSxweJrGWV1jjSwuizMcBRvg6mtC5u47UIGDvLIdsUUYy8h9AP69 B1JApLXQ2n1uzvdWSN5khlaG3HKQ/NH1P8TdDnoMDA4yfLxOMjS96e/RHv8AJTw1P2dNa6fn1Ftr K51rDyebaace3KSzj+aL/wCPH27z+I9TsPDugGHySBKjQW9vAoyTtPQZAAHrmt+s3WdDsdetUgvo 2IRt6OjlWQ4xwR7HpXgSxPtqqdb4eyMptz1YxdRttW0W2vrRi0Ms0RGRggiVQQR6ggg/SpNZvLay so5Lq5hgQ3EIDSyBAT5inGT7A002NtpmkW9naRCOCKaEIuSf+Wqk8nkknJzWX4t8Ky+ImtJYLtIZ bcOu2VC6lW25PBGD8v49KzpxpSq2k7RuQ03dHTggjIOQaKp6TYDStJtLBZWlFvEsYdurYGPw+lXK wkknoWgooopAFXNB/wCQtf8A/XCD/wBClqkzqpUMwBY4GT1NOsr1tO1C5la0nnSaKNQYinBUvnO5 h/eFXDRmGJTlTsjbv9N+2XELhtqH5Lhc48yMHcAeOfmAGDxtdx3psWj239o3V5cWttLLJOskUjRh nQBEUckccqTx61W/4SNf+gXffnF/8cpreJ40ZFbTb4FztUZi5OCf7/oDW3Mu55vsp9mW2013e8cy KjyXK3EDgZKFY0Xnp12sCAeVYjIzVjTbZ7PSrO1kKl4YEjYr0JCgHH5Vnf8ACRr/ANAu+/OL/wCO Uf8ACRr/ANAu+/OL/wCOUcy7h7Kf8r+4z7j/AJDOp/8AXdf/AEVHSUwSNcXt7ctC8KzShlWQruwI 0XnBI6qe9PrCW56tFNU0mFFFFSaBRRRQAUUVzt5qUmqs1vYymOyBxLdIcGX1WM+nq/4Dnkb0KE60 uWI0m3ZEmoarLdyyWWmybVQlZ7sc7D3VOxb1PRfc8CK3t4rWFYoU2oO2cknuSe5J5JPWliijgiSK JFSNBtVVGABT6+ioYeFGPLE7qVJQ16hRRRWxqFFFFABXE3HiCe08dTRJDGUkMFm0TZ8xgCxDrz0/ enjByF6iu2q5oXh3/hJboXMqbNLiJRphw9yc8oh6hM/eYdeg7kaU48zscmMqxpQ55O1h2haFJ4kl 8yTdHpCNh3U4NyR1RT2XsW79B3I9JiijgiSKJFjjRQqIgwFA4AA7CiKKOCJIokWONFCoiDAUDgAD sKfXbCCgrI+YxGInXnzSCiiirMAooooAKKKKACiiigArz34geKf+EO8RaPq76fLdQiyu7ckN5cau 8luy7nIIHEbe9ehUEAggjIPUGgatfU8UPx1vGOV0XT1HYG/LY/HYP5VZsfjpvuY4bvQVfecD7Fd+ bI3ssZUZP416m2iaS7Fn0uyZickm3Qk/pVi2sbSzBFrawQA9fKjC5/KlZ9zeVSi1ZQ/EzfCNnPp3 gvQrG6jMdxbafbwyof4XWNQR+YNbNFFM5wooooAKKKKACiiigAooooA5/wACf8k88Nf9gq1/9FLW R4r15NF8baQ8cJuro6XeokCMBy0trguf4V+VufbABPFZmj+LhY+AvDum6UEn1EaTa+Y7cx22YV+9 jq3cIPqcAjPLSR+X4utJpZXmnls7p5p5Tl5Dvg5J/kBgAcAAVlUqqOi3O/CYGVb35aR/M15Guby8 a/1Cf7ReONu/GFjX+4i/wr+p6kk1Xe4lmuTZ2EYmuh98k4jhB7uf5KOT7DJBbpc60cWjtBY/xXeP mk9oge3+2ePTPUdDZ2Vvp9stvaxCONecDkk9ySeST3J5NeFjMeqbcY6y/I911Iwj7OirIy4vCeku PM1KzttSum+9PdwK5+igghV9h+OTk05dD0i2u1tINKsYraeCXzYUt0VJPmj+8oGD+NbVcLcaJ4lf x+l+kr/YxKrCbz/kWHjdHsznJwe2M4Oa8mEp1nJznbS+pyyiux01v4a0G0uEuLbRNNhmjOUkjtUV lPqCBkUXHhrQbu4e4udE02aaQ5eSS1RmY+pJGTWpRWHtZ3vdj5I7WOU8X6XanRLCzgsLMxC6jjSB YYfMCnJKwLIPL3cDIPG0PWPNqum6d4bv7jR9L0+GWSN4Fu7a2WJZP9BN0JPLKnjtsYn3J6VZ+Iuo 30EVpZRWscllOd0hlt/OWR1ZSsZXpyRn1Pboa6aLTrPVILW/1PSLX7e9sEk82FXeMMp3R7iM4+Zg R05PrXbF+zoxlU1Tv1/MylBuT5TkZ5NG0+4kRvBuirPYpPPeGNUxGsSwyExHygXbbOuAdnIIzjBo 1jUrTUr6d4/CVheSpdpai7v7dtrAXCwMC5iIzub5QrNwGJwV2Hto9I02K2W2j0+0SBY3iESwqFCO cuuMYwxAJHQ45pk+h6RdTTzXGlWM0twoSZ5LdGaRQQQGJHIG1ev90elQsTTum09PN/5/15g6UrWT MbxHb6Xpmh2+mxaZbrBd3SxJFFYCZUOC7uIlVssER8Haw3bcjbmq+jT6FZaLaatFolnb6lKXtxHa WQiklmVijqikBgpZSfmxgfexzje1W8SyeB4bI3WoyBo7ZFXBwcFsvj5E4Uk+w4JwKk02yltoC928 Ut5K5kmkjiCAsQBgdyAAq5JJwBUKpalZ31ffcrl9/Qy7HwppcsBm1TQNFN1I5dljs0ITPYsR8x9T xk9q07vQ9I1DyvtulWNz5S7I/Ot0fYvoMjgVforF1Zt3uWoRStYoQ6HpFtaTWkGlWMVtP/rYUt0V JP8AeUDB/GqDeHtCsdQ0+a10fTbeZZyQ8VsiMPkboQPXH6VvVlalpUl7ciRJUAKBCGGdvXkfnSVS fd6ilFW0Qtx4a0G7uHuLnRNNmmkOXkktUZmPqSRk1LNoekXNpDaT6VYy20H+qhe3Rkj/AN1SMD8K vKNqgZJwMZNLS9pPu9CuWPYoWmh6Rp/m/YtKsbbzV2SeTbom9fQ4HIqunhTw7G6umgaWrqcqy2cY IPqOK16KftZ73YckexnXmgaNqNwbi+0iwuZiADJPbI7YHQZIzTv7D0j7B9g/sqx+xbt/2f7Onl7v XbjGav0UvaTta4csexnWegaNp1wLix0iwtpgCBJBbIjYPUZAzUEvhfw2S802haUTyzu9pH9SSSK1 JporaB5p5FjijUs7scBQO5Nc3cTS624MyNFpwOUgYYab/acdh6L+J9B04anWrz0b82ONNSfKkVNS tNP8TSwl9OtW0+3AEUjwKXlA6BSRlY/p972H3tNVCqFUAKBgADgClor6ClTVOChHZHfSpRprTcKK KKs1CiiigAooq9oWgyeJJfNl3x6Ohwzg4N0R1VD2T1bv0Hci4QcnZGGIxEKEOeYaFoUniSXzJN0e kI2HdTg3JHVFPZexbv0Hcj0mKKOCJIokWONFCoiDAUDgADsKIoo4IkiiRY40UKiIMBQOAAOwp9d0 IKCsj5TEYidefNIKKKKswCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiio7i4 htLeS4uJUhhjUu8kjBVUDqST0FAElcJr/i+S9Z7DQptsIJWbUF5+qxep9X6Dtk8rQ13xHP4jDW1t 5ltpB4bOVkuh791j9urd8DIOLLciGSOztIPPumX93AnAVemWPRVHr+ABPFctauop2fzPYweXq3ta +i7Gb4elttP8G6Q77Y0NpCcKvLMyA4AHJYk9ByTVPULO4udesJNT1LTNP8xJFt7K6hZyyM0fEuJV BJK9OnGOTWvpOjy6J4WtLtAb/UIbWKONmjLLAmFVikY5bauWIHzPjAIyAMLWtMtvEF+Lqe+KM0dt DdiCAkOJZ3hTaHYGNsqd6MDsPHzEHPjyxiqzai7R72u/uOqpV54KGyt+R3rQat/Z8UcV7YreK3zy mzcxleeAnmgg9Odx6HjnhbGHV45mN/fWM8W3AWCzeJg2Rzkytx14x+NYemeMjcaVphm0u7bUbuOE i2h8v5xJE7h1LSYCHypMBm3fLyORlmofEPSLWKb7IHvZktftMcaOiGT915oGGIcDy/nLbcY4yX+W vJ9hWbcFH8ifaU7c1zW+zeJf+gtpP/gsk/8AkirN9Dq8kwNhfWMEW3BWezeVi2TzkSrx04x+NVte 1W507w+L6GLyZ2kt02TRGYx+ZKiHKRtliAx4U8kcZpmn65Nd+HBqK2ck9x5kkAhjjaMyOkrR52tz GCVyQ33QcEnHMWqOKnZb22X/AAw7xT5fmOvJtYsNEndpre61AuBB5Fi+05IAUp5v1+YuAM5PTlkP /CU+RH5v9j+btG/aJAN2OccnjNXNKtLu3ikm1C5M13OQ0gUnyo/REHYD16nqewGhUuaWlk/kNRvq UH/tf+z4/L+w/bd37zdv8vbz0756frRY/wBr+c32/wCw+Vt4+z7927I9e2M1foqOfS1irGN/xUv/ AFCf/IlWb8awZQNONiI9vJuA5YNz2HbpWhRT59b2QuXzK1jbSWlokU1zJcyjJeWTALEnJ4HAHoOw qzRRUN3d2UtAooopAFFFFABRRRQAUUUUAFQ3d3BY2z3FzII4k6sfyAA7kngAcmmX1/b6dbGe4YgZ 2qqjLOx6Ko7muE8SR3eqXWkSXdtb3Be8Kx6fPJiFV8iU/Odrbm4Bzg4IwMck9uEwcsRLtHuFm9jc kafVp1uLxDHbo26C1J6Hs79i3oOi+55qzXCPaSSPHYvpenssetbUsDJm2UfYi2AfL4GSW+594n61 fvNMkSHSrWG1tNIle/dozYNuVW+zS7XPypk5AypGCBg5BIr6OFGNOKjHRHRTqcqajH+vuOsorA0i 8+2+I9SZo/KmjtbeKaLOdjrJP9DgjDAkDKspwM1SsGvJbm3sba9a1ill1KWVkjVnJW6AXaWBAPzn qCME8ZwRXKa+2Vk0v6vY6yiuGjvtQmlOqQ3nlXN3Y6UdhiVokMszKePvEct/Fn5zz93Ghf6rdWGp QRpd3M6JdW9m25IViLPs3B84dpNrl8xgKPl4+VqORkrExtdr+tf8jqaK5uyvtQN3ayzXnmxXOo3V oIfKVVREMxU5HJb90BnOMHpn5jRt4tZ8R+ENTvbuS8tbCXQ7q+DSG3UyyRqpKQqPn8nL4ZmBONoy Ccmo0nJ2RnWx1OlHmkv60/zPQdB0F/EknnTbk0dDhmBwbojqqn+56nv0Hc16THGkUaxxoqRoAqqo wFA6ACuL8Y6WJLbwnposbPVguo+X9n1HakU22zuOX2xso6bsBMZAwB2hh0ebR77w5HLBaWiT67JL FY2TFoLRf7PnXZGdq8FlaQ4Vfmkbg/ePbCCirI+axGInXnzzO8oryuTxnqsVvqpgv7uUyeHLvWLa e5itlUbAnlSQRoS6xNvY4ny3yqM5D52NV1rXNFGq2RvJL+4VNOdJI4YkdWurl4HWIHCAKEBTzC2C fnZxVGB3lFc/4TvNSubW/i1MTiS1u/Kj+1Pbm4KGKN/3ogJjDZdsAAfJsJGTk9BQAUUUUAFFFFAB RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRWTr3iG00G3Vpt0tzLkQW0f35SP5KO7HgfUgEvYaTk7 Itanqlno9i95fTCKFTgcEszHoqgcsT2A5rzfVdUvPEVwst6pgs0bdBZZyAR0aQjhm746L2yRuqG6 nu9Uvvt+pyLJcAERRp/q7dT/AAoPX1Y8n2GAMzVrbUbowx2ksC2/JmRyymT0G5eQPXHJ9fXjq1r6 RPfwmX+xXtaivLoizG9zqczW+m4CKdst2wykZ7hR/G36Dv6FPEBn8LeG3l0aFnneVRPcuvmOAQcy N6ngD0GemBilhvNdt4Uhht9IjiQBURA4CgdgB0p/9peIv+eel/nJXi1aeJqTTcVyrpf8zomqs3dp h4XebXPCMUerWxAz5aNgoZFUjZIO6nIBBGDlQwxxWi3hvSnNsfs7qbdldSk8i72V/MUyYb94Q+W+ fdyzHqxznf2l4i/556X+clH9peIv+eel/nJXNLB4lybirJ9EyPYy6xKHiO2tPB+h211pdkDJDcIk c1xLJKLdfLdASWbOwBmULnaDJnGaXwnptjrfhmOW4s3hRoms2SC4lSG4iCeUGKB8MdmF3HJ+UYPA xJqOua9Y6Xd3k0GmSRwQvK6DflgqkkfpVkaj4hAAEWlADgD95Wrw2J9ly296+/N+BPsXe3KaWsWc b6C1oLS4vAvliOJbh1csrKUJl3bhhgCWzngnmk0DRjo9mVlmMtxKd0rBm2A5JwoJJ6kkscsxJZiS awNO/wCEhsnuJ5H064urhg0srmToPuqo6BRk4HuSckk1f/tLxF/zz0v85KyeBxKi4Lb1KVKd+ZxO mormf7S8Rf8APPS/zko/tLxF/wA89L/OSsv7OxHb8SuSf8rOmormf7S8Rf8APPS/zko/tLxF/wA8 9L/OSj+zsR2/EOSf8rOmormf7S8Rf889L/OSj+0vEX/PPS/zko/s7EdvxDkn/KzpqyNRuNQjvkW3 V9mBsCpkOe4Y44/SqH9peIv+eel/nJVa517X7aeziaHTCbqYxKQZOCEd8n8EP501l2I7L7yZwnbZ nX0VzP8AaXiL/nnpf5yUf2l4i/556X+clL+zsR2/Erkn/KzpqK5n+0vEX/PPS/zko/tLxF/zz0v8 5KP7OxHb8Q5J/wArOmormf7S8Rf889L/ADko/tLxF/zz0v8AOSj+zsR2/EOSf8rOmqnqOpQ6bCrS BpJXO2KFOXkb0H9SeB3rF/tLxF/zz0v85KSC3fznurqTzryQYaTGAo/uoOy/z6nJrWjls3L95oio 0pydmrCRxTT3P22+ZXuSCEVTlIVP8K/1bqfYYAW8sbPUIhFe2sFzGG3BJow4B6Zwe/J/OrFFe1GK gko6JHbGEVHltoUn0fTJLKOyfTrRrSNtyQGBSinnkLjAPJ/M0+20yws0VLWxtoERzIqxRKoDkbSw wOuDjPpxVqiqux8kb3sMEUYlaUIokZQrOByQMkAn0GT+ZpqWtvG4dIIlcb8MqAEbzub8yAT6nmpa KB2RVGmWAeNxY2weNFjRvKXKopDKo44AIBA7EA06Sxs5rkXEtrA84UKJWjBbAYMBnrgMAR7jNWKv 6BoL+JJPPm3Jo6nBYHBuiP4VP9z1PfoO5qoRlN2Rz4itSoQ5p/8ADkXh/wALxeIpEmlgSPR4ZWkD KoBuJDndsPZTubcw5bJA6k131v4e0SzjvI7bR9PgjvRtulitkUXA54cAfN95uuep9a0I40ijWONF SNAFVVGAoHQAU6u+EFFWR8tiK868+aRXSws44rWKO0gSO0x9mRYwBDhSg2D+H5SV47EjpUkkEMzw vLFG7wvviZlBKNtK5X0O1mGR2JHepKKowM9dC0dftG3SrEfafN8/Fun73zdvmbuPm37V3Z67RnOB Viaws7j7R59pBL9piEE++MN5sY3YRs/eX524PHzH1NWKKAK9jYWemWcdnYWkFpax52QwRiNFySTh RwMkk/jViiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK4zxF4vbzZdN0R1M6EpPeYDJ Ae6r2Z/0XvkjaVKSirs0pUp1ZckFdmh4j8VR6QxsrJFudUZciMn5IQejyEdB6Dq3sMkcLtkkuZLu 6ma4vJseZM/U+gA/hUdgOPxJJSGBIFYLuZmYu7uxZnY9WYnkk+pqSuKpVc9Oh9Ng8DDDrmesu/8A kFFFFYneFFFFABRUE88qT2tvb2c13c3UpihhhKBmIRnPLsqjCox5NWf7O8S/9CnqX/gRaf8Ax+rU JNXSMKmKo05cs5WZkeJv+RU1j/rxm/8AQDWrVTWND8Uahol/ZReFNQWS4tpIkL3NoACykDP77pzV 3+zvEv8A0Kepf+BFp/8AH6r2U7bGCxuH52+dbL9RtFO/s7xL/wBCnqX/AIEWn/x+q8j31pfw2epa Rd2Es8TyxGaSFw4QoG/1cjYx5i9cdal05JXaNYYuhOSjGSuTUUUVB0hRRRQAUVBd3P2WFXEMk7vL HDHFHt3O8jhFA3EAZZh1IFSzW2v2yB5/DF/EhdUDPdWagszBVHM/UsQAO5IFXGEpapGFTE0qT5Zy sx1ZWrf8hLQv+v5v/Seard/LqelJv1HQ7izQIX3XF/ZRjaGVSfmnHG50GfVlHcVzeo+JLaW+0hwL bEV2znGrWB48iVeouCB94ctgds5IBpUp9jCeNw7Wk1uvzOuorFHiOJrd7hYITAjqjyDV9P2qzAlQ T9owCQrEDvtPpWpYrrOp2cd5YeHbu7tZM7JoLyykRsEg4YT4OCCPwpeyn2L+vYf+dE1FQLLdR6hN YX2nXNhdRRJMY52ibcjlwpBjdh1jbqc8VPUNNOzOiE41I80XdBRRRSLCiiigAooooAKKKKACiitD QNAbxG4uLgFdHU/Q3Z9B/wBM/U/xdBx1uEHN2Rz4jEQoQ5pBoGgN4jcXFwCujqfobs+g/wCmfqf4 ug46+kIiRxrHGqqigBVUYAA7ChEWNFRFCoowqqMAD0FOrvhBRVkfK4jETrz55hRRRVGAUUUUAFFF FABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUjusaM7sFVRksTgAetQX19a6ZZS3l7OkFvEM s7ngeg9yTwAOSeK831rWrrxK+yVHt9KBylq33pvRpfb0Tp3OTgLE5qCuzow+GqYiXLD7y7rviubW i9ppMrwab0ku1O17j2jPVU/2+p/hwMMcWKKOCJYokVI0GFVRgAU+iuGc3N3Z9RhsLTw8bR37hRRR UHSFFFFABRRRQA7Tv+Rz8Mf9f0v/AKSXFeoXF9b2k9pDPJsku5TDANpO9wjSEcdPlRjz6euK8v07 /kc/DH/X9L/6SXFeieIdNm1XRJre1aNbtHjuLYykhPOidZYw+ATs3oobHOM4wea7qHwHzGa/7w/R Eep+KNJ0i8FndzTm6by9sMFpLO7bxKVwsasTxBKeOmznGRkTxTozRWsj3nkfarsWUaXMTwuJypcR sjgMjFRkBgM5XGdy55d9I1HURouoq19p91qWtvqEzQwr5lnGbKWKMMsiMEbYsKuGBG9mAPK4uat4 Uhd9Js5xd6lHe6nM+pzy4DSK1hPDl/LCqg2+WgKhe38RydjzTrEvreTUZrBZM3UMUc0ibT8qOXCn PTkxv+XuK4Xx9/yNegf9eN9/6HbVreHYNXi8X6y2qxSNssrWCK82gJdKs10VYEYG/Y8e8YXDZwAp UnJ8ff8AI16B/wBeN9/6HbVnV+BnXgf94h6mPRRRXnn1wUUUUAVrz/XaZ/2FbD/0qirv/HImbw3G tvJHHOdT08RvIhdVb7ZDglQQSM9sjPqK4C8/12mf9hWw/wDSqKu/h8YRSzEvpGpQ2AvWsf7QfyTE ZRMYANqyGTBlG0HZ3BOBkjtw/wAJ83nH8den6sp28OsRfEPS/wC1r6xus6VfeX9ks3t9v720zndK +e3TGMHrnjQ8G/8AIDuf+wrqX/pbNVdvGipBeXjaDqo0yzlnjnv82/losLskj7fN8wqCjHhNxA4B 4FaF94gS0vJLeDT76/8AIx9rezRXFqCARuBYMzbTu2Rh3xt+X5k3bnlHH2aXkngz4YrYTwQXR8jZ JPCZUX/iXT5yoZSeM/xD156V2mi6VNpovZru5juLy+uPtFw8URij3CNIwEQsxUbY0zljzk8AgCP/ AISfS1i1CZ59tvY2iX0k6/Oj2zqzLKhTO5TskGOvyHjBUk/4SSzhi1B7+OexbTrRL25SZQxSFlZt 37ssDgxyKQDnMZwCCpYA4rxX/wAlDu/+wVaf+jbmqVWfEcjTeOppXhkgd9Hs2aKQqWQmW5+U7SRk dOCR6E1WrgrfGz6vLf8AdY/P82FFFFZHcFFFFABRRRQAUUVoaBoDeI3FxcAro6n6G7PoP+mfqf4u g463CDm7I58RiIUIc0g0DQG8RuLi4BXR1P0N2fQf9M/U/wAXQcdfSERY0VEUKijCqowAPQUIixoq IoVFGFVRgAegrB13xJ/YOor58e+xj0q91CfYuZP3BhwFyQORI3B7gcjmu+EFFWR8riMROvPnmdBR XH6t42ltrFnstGvnu0u7JDbzoiO1vcTeWsoDSLt3bXVVYh1bG9VXJrUt/FFtc6oloLS7SCa4ltIL 1gnlTTx7/MjUBi4I8qXllCnYcE5XdRgblFcna+Pba/t9Mls9F1mZ9Tt3ubOIQIrSIgi3E7nAQfvc AsQG2HaTuj32LnxrpsNvHd28F3eWf2KPUZ7mFFC21q4YrK4dlYghJDtQM3yHK5IBAOkorD0LWrvV NW8QWlxYSW8enXq28MjFP3qmGN88Oxzl93QfK6D7wYDm/CXjW81ttEMmraHqUmoxB7my02IrNYZi MhaQ+c/yhgIzlV+aReQflIB6BRXJ2fjJl8K6VrF9pt3Ik2mQ39/cWsaiC1Rk3Mx3uCwGGO1N7AAZ HzLuuSeLrOLWLnT2s77ba3cVncXflDyY5JVjMQzuy24yqvyglTywVSGIB0FFYdv4otrnVEtBaXaQ TXEtpBesE8qaePf5kagMXBHlS8soU7DgnK7tygAooooAKKKKACiiigAooooAKKKKACs7WdbstCs/ tF25JY7YoYxmSZv7qjuf0HUkDmqfiHxPb6GqwIn2nUZV3RWytjjpuc/wrnv37AniuAdri7vHvr+f 7ReOMF8YVF/uIv8ACv6nqSTWVSqoep3YPAzxDvtHv/kS397e63eLeakVAjOYLVDmOD3/ANp8fxH3 AAycsoorilJyd2fT0qUKUeSCsgoooqTQKKKKACiiigAooooAdp3/ACOfhj/r+l/9JLivWK8du7G0 1CERXtrBcxBtwSaMOAfXB78mqX/CM6B/0A9N/wDASP8Awrop1lCNrHk4zLpYirzqVj2+ivn/AMQe H9FtvDeqTw6NpySx2kro62seVYISCOK0f+EZ0D/oB6b/AOAkf+FafWFbY4/7Ine3Mj2+vPfH3/I1 6B/1433/AKHbVyX/AAjOgf8AQD03/wABI/8ACrFno+mafKZbLTrS2kZdpeGBUJHpkDpwKiddSi1Y 6MPlc6VWM3JaF2iiiuY9oKKKKAK15/rtM/7Cth/6VRV2+geEYIBLdajHdm5Op3d0sL30rwYa5kki fyd5izgo4+XIbB4YZrjLm2gvIGguoI54XxujlQMpwc8g8daz/wDhGdA/6Aem/wDgJH/hW9KqoK1j y8bl8sRUU07aWOv/AOELnGlT3LJfSXf9q3V1Lp51KX7Pd273UjGMxeZ5XzRNkKdoL7Q/ylwdwx6n ourapJZ6XJqSapcLcI6TRxLbuIY4isu452fu1bcgc8sNnyjf5p/wjOgf9APTf/ASP/Cs2fw9og8T WMQ0fTxG1ncMyC2TBIeEAkY6jJ/M1qsQn0OGWUTir8yPSV8J6iunWdlG8BbQdPgt9LmmRQtzcIFY vIBuIhzHENuQQwdsbkhddjVdOl1W+8NXh0/b5F2ZbpJtheKMwyMFbBIOJlgOFJG5EYfdBHmH/CM6 B/0A9N/8BI/8KP8AhGdA/wCgHpv/AICR/wCFL6yuxX9jT/mR0Xiv/kod3/2CrT/0bc1SqrZ6ZYad v+w2Nta+Zjf5ESpux0zgc9TVquepLmlc9jC0XQoqm3e3+YUUUVB0BRRRQAUUVpeH/D7eInF1dKV0 dTwOhuz/APG//Qv9371wg5uyOfE4mGHhzS/4cTQPDzeI2Fzchk0cHgDg3Z/+N+/8X06+joixoqIo VFGFVRgAegpVVUUKqhVUYAAwAKWu+EFFWR8riMROvPnmFc/4j8Mf8JB53+mfZ/N0q903/Vb8faPK +fqPu+V0756jHPQUVRgc3rfhebU7u9u7e/jt550sBH5luZFRrW4ecEgOpYMX24yMYznnivpnge20 zxK+qxrpuDcT3KyDTUF2XlLFg9wSSUBkbAVVOAgLEBt3WUUAc/o/hj+yv7A/0zzf7I0ptN/1W3zd 3kfP1O3/AFHTn73XjnDl+GltJb6ZE8mm3L2umW+myy32lpcNsiDYeHc2InO9idwkHCcHad3eUUAZ em6VNp+razdtcxyQajcR3CRCIq0TCFImBbcQwIjUjgY569pNC0z+xPD2maT53nfYbSK283bt37EC 7sZOM4zjJrQooA8/1X4Ypqnh6y0iTUYGW20qPThNcWCzNGUQgSwBmxEzEjf94sqoAUKhq6C48Mfa P7S/0zb9t1W01L/VZ2eR9n+Trzu+z9eMb+hxz0FFAHJ6Z4HttM8Svqsa6bg3E9ysg01Bdl5SxYPc EklAZGwFVTgICxAbd1lFFABRRRQAUUUUAFFFFABRRRQAVyniPxd9imfTdJ2TagOJZG5jts/3v7ze i/icDGc7X/F8l+z2OhzFLcErNqCd/VYfX3foO2TyvOwwx28QiiUKg7e/cn1J9awq1uXSO56uBy51 bTqaR/MI4tjySvI808rb5ppDl5G9Sf0AHAHAAHFSUUVxt31Z9FGKiuWK0CiiikUFFFFABRRRQAUU UUAFFFFABRRRQBgeMXul8PSx20bMkx8q4ZV3MkTKQxA/IdOMk9qseG7q+vNGjm1BW80swV2TY0i5 4YjAxn6D171r0VV9LGfJ7/NcKKKKk0CiiigAooooAKKKKACuJ1q91iHxlAbaKTEYEVuixZWaN9hk 3NjjlfUY2g9+e2oqouxnUhzq17BRRRUmgUUUUAFFFFABRRWl4f8AD7eInF1dKV0dTwOhuz/8b/8A Qv8Ad+9cIObsjnxOJhh4c0v+HDw/4fbxE4urpSujqeB0N2f/AI3/AOhf7v3vR1VUUKqhVUYAAwAK FVUUKqhVUYAAwAKWu+EFFWR8riMROvPnmFFFFUYBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQ AUUUUAFFFFABXMeL9G13XIYbTTL21t7Ig/ao5Q4ab0XK/wAPXI79DxkHp6KBptO6PN18E+JlUKt1 o4UDAAWTApf+EL8T/wDP3pH/AHzLXo9FZ+xh2Ov+0MT/AD/kecf8IX4n/wCfvSP++ZaP+EL8T/8A P3pH/fMtej0Uexh2D+0MT/P+R5x/whfif/n70j/vmWj/AIQvxP8A8/ekf98y16PRR7GHYP7QxP8A P+R5x/whfif/AJ+9I/75lo/4QvxP/wA/ekf98y16PRR7GHYP7QxP8/5HnH/CF+J/+fvSP++ZaP8A hC/E/wDz96R/3zLXo9FHsYdg/tDE/wA/5HnH/CF+J/8An70j/vmWj/hC/E//AD96R/3zLXo9FHsY dg/tDE/z/kecf8IX4n/5+9I/75lo/wCEL8T/APP3pH/fMtej0Uexh2D+0MT/AD/kecf8IX4n/wCf vSP++ZaP+EL8T/8AP3pH/fMtej0Uexh2D+0MT/P+R5x/whfif/n70j/vmWj/AIQvxP8A8/ekf98y 16PRR7GHYP7QxP8AP+R5x/whfif/AJ+9I/75lo/4QvxP/wA/ekf98y16PRR7GHYP7QxP8/5HnH/C F+J/+fvSP++ZaP8AhC/E/wDz96R/3zLXo9FHsYdg/tDE/wA/5HnH/CF+J/8An70j/vmWj/hC/E// AD96R/3zLXo9FHsYdg/tDE/z/kecf8IX4n/5+9I/75lo/wCEL8T/APP3pH/fMtej0Uexh2D+0MT/ AD/kecf8IX4n/wCfvSP++ZaP+EL8T/8AP3pH/fMtej0Uexh2D+0MT/P+R5x/whfif/n70j/vmWj/ AIQvxP8A8/ekf98y16PRR7GHYP7QxP8AP+R5x/whfif/AJ+9I/75lo/4QvxP/wA/ekf98y16PRR7 GHYP7QxP8/5HnH/CF+J/+fvSP++ZaP8AhC/E/wDz96R/3zLXo9FHsYdg/tDE/wA/5HBaf4F1Ca6X +3Lqzksl5aC1VwZT/dYt/D6gdenTIPeKqooVVCqowABgAUtFVGKjojCrWqVXzTd2FFFFUZBRRRQA UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUV5vceNPH2l6daNc/Dye/uDETcy W93HGokAZyqRo0zFQq4DEgs3AUEhSAekUV5nc+LfiWdbutKtvAtojoks0N096Xt2jVCqrvwoLtKA QDtO0gFV5kG5HfeOZV19DptjDJHKqaQ8iApKpldcybZ8lRGI2JwjDc2EcqAwB2FFeZ6Trfxcmhuj qfhbRoXVHMOy4GWYQylRt80ggyrCpO5cBjwclk1LrX/H0WiyfZ/BcE+prFbhD/aMaxtI8JaVtpOQ scgCbd2WByG4zQB3FFcGvi3xpc2+tW0PgWSHVLO3he133qtbzSSAEr5jBAxQEk7cglGG4ZUtX1nx V4/0S3uLseDI9Tgj1O4RUtJv3jWYCiFgoLsXZmJOBwEOVGcgA9Eorj4tZ8bRatqEV14VgnsVinex mtr2NS7pJJ5aSBm+Xegj5AbaTk9SscY8TeNToz3B+Hsg1BbhUFodYt9rRFSTIJPUMACpA+8CCeQA DtKK5ODXvGA8QRWN54KjGnlwsmo2mrRyqoI+8EdUcgE4PAPBIDcZ6ygAooooAKKKKACiiigAoooo AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoorP1rULjS9MN1a6 dPqMwlijFtAQHYPIqMRnj5QxbkgfLyQOQAaFFed6R8StQuk3ax4ak0QyW8rQLePcKXnVgI4PmtwG eQElRH5jYU/LnirFv4+1qW/s7WTwLrMaTvaJJcbT5cJnSNjnKg4j3TBjjCmNQcb/AJQDvKK4ubx5 Kb9/7P0iTUtJFxBGupWXnTxsjpKZGURwtvKNGFwhYZkUFkOQKcnxE1hbF7tPAeuOv2Rp44BE4mLe dJGiMpTC8IjthmYCUEK6hmAB6BRXB3XxEvrDV2s7zwbrMNsLjyxqJTNqsQneN5pHx+7QRqJORyD2 XDsL8TYSmohtC1KJ4UmNhPMoW11RlYiFLeX/AJaPKuGUKpyCcbsZIB3lFcGfiVLCLgT+DvE8rxvE qfYtLmdZQ0YZ2UyJGQFfcnzAE/KQOSF0JfGrT2+mT6Ro13qCXV7b2l0EZd1gZAxkEyruKPFhd6sF A3j5uuADrKK4dvGviBJdSDeCb5ltrSa4t1jlYvOUZVCHMYQMSz8K7k+UxUOrRs8cXxHms7K1fxB4 Z1LT7u4srnUfs8AM4gt4U3EyuwQK56bBkgsgbaWAoA7yiuL0/wAdX2oBQvhXUoZGe1LQTfJLDFNc zQ+ZIhGVCrCHIG7746KC9dpQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUU UAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQ AUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAf/2aBGHfCVwwAADfyyw+n6gEr2jEtxjWuFAf// 2P/gABBKRklGAAEBAQBgAGAAAP/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRoc HCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAWgB4AMBIgAC EQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAA AX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4 OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaan qKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQAD AQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEG EkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpT VFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4 ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APM6KKK+ 6Pnhw606mjrTqTLjsLRRRSGLSikpRSGLSikpRQAtKOlJSjpSAdS0lLSABTqaKdQMWlpKWkIdSikp RSAdSikpRSAcKUUgpRQAtKKSlFIBss8NugeeVIlJwC7BRn8aRby1YsFuYSVTewDjhcZyfbBHNRX1 o12kQSXy2jfeD83PBGPlIPf1qsNHf7ELRrhfKVX27YtpDMrAk4OMfM2AAO3PHOE5VVK0VoWlC2rL 8d5azAmK5hcAgErIDgk4H5mni6t2kjjE8ReRdyKHGWHqB3FZjaI0sFzFPdFhOI1JAYkBWJ6szdc/ h6VLFpJiSGL7RmJGjdhtILMiqBznGPlHBB789MSp1usRuMO5ckv7OCQxy3cEbjqryAEfhmnx3trK 6JHcwu0gJRVkBLDnkevQ/lVK40aG5lklkkk3NMkq4dgF2hR0BxkgHnqM+1FtpBt18pbjdC0wmfcp Ls4IIO7PfaM8c84xkAHNW5tlYVqdt9S2NSsChcXtttBALeauATnA6+x/KlOp2ChS19bAMMqTKvIz jI59QfyqmuhQrbwRrPMrxhQ0qyMGOEZRt5+XlicDjtTbTQ3tJIWjuQFQAFArqCA7Njh/9rHzbulT zV9PdQ7U+5qxXEEwQxTRuHBKlWB3AHBI+hNMTULKRSyXluwXqVlU44J9fQE/gapwaQYZLaT7SS9u kaKNgCsFUryOufmfoccjg45SDQo4bcRGUycRAtIC3CdQMnhWBYY7bm6jgVzVdPdFaHc16Wkpa2Mh aWkpaQC0tJS0CAUopBSigBaKKKAFooopALSikpRQAUUUUCFFFAooAKBRQKAFooooAKKKKAOHooor uEOHWnU0da9sOj6wmi6C+geCfD2o28ulW8k1xd20W8zFfmyS6k8bTnHUnmuavXVK1+vnY2o03NM8 Worvta8JQav8UdV0rShDp1hb/v55JQY0t4wqmR8NjjcxwBxgjBC8jM1XwV5Vtp17oOpw6zY31wLN JVTyWW4J4jZGORkcgn8cDBJHE03a7tdX+/8AAp0pK/kcrSiu08RfDu60LR5NQju3uhasqXqvaSQL GzHaDGzgCVd3GV9VOMHjW1jwRDfeJPE0lzqmn6XBpX2VpDDZmKErIgztQMSCAOFGdzHHGan63S3T 0+fkv1Q/Yz2t/X9I82pRXYXfgJ5b3Q4tC1SLU4NY80W8zRNBtMZ/eFlbJwBznqcHA6Zk1HwRp1vo Wratpnia31KLTmjjdI4CrF2faerfd5BDDIb5gOmS/rNLTXfyfe3y17h7KRxlKOldN4a1bS9LsJgu hJq2vXMyxW6XcQlgSM46IOWkJ4/LB6g9jdaRouhza7rcmkW81/p9jaPNpsgzawXU+Q4C87lX5SAC RyQCONsVMRyS5XH089l+b3HGnzK9zyqlr1i00rQdUi07xZNo0UX/ABK7u9m0+BglvLJbMiD5ccBs kkdOBnPzbsi61GwuPC1h4vj8P6VDfW2oNYSWywf6LOpiZgzReoyMc9Rk54AlYq7so+Xz10/AbpW6 nnwp1d/4r1S2j8IadbzaDotrqmqRi6ZrSzEZgg3Dy9pBOS+CSc8DIK85ql8P7LTry6vRK2mvqwWN dPg1Qn7PIzNh9wH3mwQFHqc4OMilX/duo1/W39feL2fvcqZx1LXpep2MX9ueGYNY8LRaVqsuoRJI tqifY7mAyDOQCRvBIBHPB56qBZ1fw3pp8eQ6tDprpoUUNxc3MMaxKu60ZkdVTptLLHwevmHpzjP6 3HS66P8AD/MfsWeW0or0m90LTn+MN7FJaxQ6Pp8a3lzHFGoRI0hVj8mOQWIBABJ3H61z3jG0tn/s rW7G3ihtdUtFdkgQJGk6fJKqJ1ABA65ySSCaqGIU3FW3V/v1sKVNpN9jmaUV2OlaPb6n4Eso9kUd 1deIo7T7V5QLqjRDjPUgE5xmrUvw9sY1vyPFNmTpswW/LQOFhjJbBB53vwPkH8WVzkcjxNNO0g9l Jq6OGFKK7NPh+susyWUWtQfZm0v+04LuSIorxkgDeCfkHUk84AzjsM3XPDMOnaXbatpmqRanpk0h hMyxmJo5Rk7WQnIyBkH+WQS44inJpJ7+onTkldnP0or0PW/Bq6t4+1qG0VbHTbNYTKba2MhQtGu0 LEgyxJyTjgAEn3zYfh/cHX7vTJ7+K2SKwa/huJkKLJHkAbwcGPqc5GVweD1qI4qm1dvpcHRmmchT q7aPwHpkh0+dfFMBsdQbyrWQ2jiSWXft2iPPC/7RPBI45BqtpPgS5vZb/wC13LQW9nctaNLbWsly XlXqAiDIXHO446gd+D6zSs3f8GHsp9jk6WustfA0nna1FqmpQaedJaLznZd6Mj5O4EHOdoyBjJJA 4NbHh/wdpKeJtFlfU4tS029SaSANbOnnSRHBQqTwB97J4O0jHIyp4qnFN3v/AMNf02BUZt/16Hng pwrq9P8ACmj3884i8TK8YlEVuIrKSSac7NzN5IO4KORnkHB6cZ2LXwdpOnWHia21XUokntHgjFyL Z38mNirK4UHq/wB0gcrg8kHlSxNOOmt/R/11BUZM89pa7K58MS6pqWjWqSWNtE2jw3dxOkQiWKLn c7/Md7dMnjPHQAmq0/hCIvpc+natFfadfXS2huViKNFKTjDRk56cj+mQS1iKfVidKRy9OrrrnwVZ xLqkFt4ggudR06KSeW2W3YLsQ8/PnG7BGRzhuOxNY/hfS11nxNp9g4Vo5JQZFZiAyL8zDI5yVBA9 /Smq0HFyWyJ9nJNJ9TKpa737Ho+ueGL3UZZbTSrf+2W2Tm1XesPljZGqoOTyCQD2Zucc48vhOO01 57G/1e0trL7ObqO9zuE0X8JRQeWP93PY4zxmY4iLuno0U6TWxzdLXYXHgGSPWdJsoL/fFqPmbZJr Z4XTy+WzG3PTp0z7DmmyeGLPT9W0xbbVobuR7+KCW2urRonQkggtExyyEHnp1AzzwfWab2f5i9jN bnJUtdkvhCK9l1m/u79bO1tb+WD/AEaxeQArksdin5EAxjk46Z6Z5nVbGPTtTntIruG8jjb5Z4Gy rgjIP155HODkc1UK0Zuy3JlTlFXZTFKK6/8A4QT/AJcf7Xtv7e8nzv7N2/jt8zON23nH9Pmq7PHo +k/DyzmhFhNeX0UnzT2bPI7ZCsEfPyFM9ehIyOtZvEw0Udbu39eRfsZa30OEorsvB9lbXGm3L2kO mXet+btS01HlWiCFv3a8AuSOueAO2ebM+j2mp+MtI0+60ltKu5F3X0CAeRIFXcDHtPAYKQcHg+pB JHiIxk4tbf1sJUW4prqcLRXUL4m0qeKe0u/Ddglm0TLE1qu24Qj7hMhzk8AE4564PQy+E4tPsNPu da1WCGWD7RDaRCeISoSzBpTtwTuVBkH3I56U3VcYtuP/AARKmm7JnJ0ortdI0qHR/E3iK2uLOG5W wsZ5oEukWQEAqyE9slSOmOp6VBbXNr4psdUil0jTrK4s7N7qGeziMeNhUsrLnDZHAJ6c9c0vbq90 tNNfUfstN9f8jkaK7jwvYaZFpNquqQxl9auXtoneMOyRhGXfGcHY3mMoyfY44zUXhnTtMh03xHH4 gtsLbPDC7ooaSBi7KSpGehwTjOQOh6UpYhK+m1vnrb8wVFu2u/8Aw5xoorrE0Q6ZoXiq2voIWvLN rUJIAGKhn6qeoBBHp70XngS8s9KluDMzXkEXnXFuYHVETGTtlPyOwBGQPfGcc19Yp31f9WT/AFF7 Gfb+v6RydAruNbs9D0G60C6gnjuFEMLS25tM/aImLFpTv4yegU8jjkYGOc8SaaNI8R31igURxykx qpJARvmUZPOQCBRTrKb0W4p03Hcy6KKK2MwooooA4eirP2GX+8n5ml+wy/3k/M0/7Rwv86O/+ycb /wA+2Vx1r0C91zwPrdlpH9rJ4hS7sdOhsm+yCEIdg5I3EnqT6cY4riBZSA/eT8zS/Y5PVfzrKpjM JNp+0tbsa08txsVb2bO3/wCFhwP4s+13NlNdaS2nf2TIk0hNxLbZ5dmBA8wnk4wOcZz81Vr/AMXa Xp+n6VpvheyuFtbK+XUnl1EgySzrwoIQ4ChcDjGeOmCW5H7JJ6r+dH2ST1X86yVfApr3/wAS/wCz 8f8A8+2dr4t8bWGt2E8diNZEt8yPcQ3l87QW5GCVhQNhgW7uMDA2qM8Sa94303Vf+Ev8iC7X+2fs X2feijb5ON2/DHGccYz+FcP9lk9V/Ol+yv6rQq2BjZKe3n5p/ogeAxzvem/6/wCHO98K+IvOvfBO m6esS3+myXaub1/Lhk84khVYZOSMgcfeI4Nb/iHQ7Hw34B8SR2+lXempeyWxjN7dRO0rCXPloqM3 CKCQSSxyc525ryP7M/qtL9mf1Ws51sK5qUaqS36663/PyKWAxiVnSf8ASsdd4I8QeHfD0Nxc30ep rq7NtgurSOJ/IjwM7RJwGPzAkg8dMZNT23iTwzaXOqWPkaxeaLq8Km8lunT7Ws6szK6kHaRkg/N1 PJyBg8X9nf1WgW7+q1cq+DlJydTfz+77hLL8akl7NnfR+PdJsryx0+z0qV/DkFnLZSxzv/pEqTFW lbIOAcqMAe/K5G3I17X9Hfw7beH/AA/aXaWKXBu5p71gZpJcFRwp2gBePfjgYJbmfIb1FL5Leooj XwUWmp/i/v8AxB5fjmrezZu+M9fg8ReIWurKN4bCKGOC1heNUMUar93C8Y3FiOeh/Cm+G9T0ey+2 Wmuab9qsruMKZoVH2i3YZKtGTwOTyO/GcgEHE8lvUUvlN6iq+t4RQ9mp6E/2djebm9mzuJvGGj2k Wg6XpNvqB0rTtQS/lkvGDTMwYnaoB2gYJ6YyT25LNvfHcc+h69p8VvcebfX0strcNIA0NvK4d4++ AdoyoODuOenPFeW3qKXyz7Vn7bBb8/8AW5X1DHf8+2eg33xBtotT17VtGjuItR1FoEglmhjzbxIq h+SWyWIxtxjABzkYGTq3jGXxH4ZNnrTPNqcFyJra5WGMAxldrRnG3aOjZGckAHGAa5XYfal2miNb Axs1JXVteumgPAY5/YZ1Wi+JrLTtB06xmiuGlttcj1FyigqY1UAgZP3uOnT3pZvE1lJZ+L4RFPu1 m5jmtyVGFCzM5388HBHTPNcrijFN4jB3vz/1e4v7Px1rezZ6f4f12x1O7nk+yyywWHhNrW4hkOzz ShG4BgSQCDjPX2rmdc1zSX0C20HQbW6SySc3U014QZZJcFRwp2gBfz46YJPL0uaiNbCRlzc43gMa 1b2bPRP+E/sT4o1u5MN/HpmqxxK0kD+VcwtGgCspDY654zyMe6nPTxdaf2nq0zJfvBcaTLp1u08x mlYnGHkLNgZOSQvAzwDyTxm4UoYUKrgltPy+4HgMe/8Al2zq4fElnHZ+EoTHPu0e5kmuCFGGDSq4 2c8nA745rUsPG1ir6za3X9p29le30l7BcafL5dxGzN91vm2kFceuD68EcDvHvS+YPQ0SrYOW8/6v cSy/HL/l2/60Osk8UQXGm+JYpYJ0m1RrfyQZWmCCNs4d3YsTjHPr2AwKt6T4ws9MXwtm3nkbSmuf tAGAGEp4Kc8kA5wccjGe9cT5q+ho85fQ0Ovg2rc39Wt+QLL8cnf2b/p3O/0nxN4e0ux1DTbc65a2 086Sx3VsYluWUKAUduwDAkYP8R6c5fP4v0TUr3Wjf2+oLaavFbGUQbN8MkWPlXJwynGdxwe23vXn 3nL6GlE6+hqfa4O9+fX19P8AJD+oY61vZs7mLxjZRalpztZyzWa6Oml3sb/KzL/GUIP0xnGeenUN fxNo9kukWGkWl2NOtL9L+4kuSpmkcHGAAdoG3jtnjpgk8T9oT0aj7Qno1P22D/n/ABF9Qx//AD7Z 1tr4itIdb8SXrRzmPU7e6ihAUZUyNld3PA9cZ/Gq3g/UY9K8W6bdy7fLEux2d9oUOChYn0G7P4Vz n2lPRqX7Uno1U8TheVx51qrErLsddP2b0O8+06Po2m3vhXW7a/lMWpNKJoAsbKoQKrgMeScdDxtb IOQKfb+NLCPxWt8bCSGxgsjY2nlbXmgQfdcb8gt1H0PfnPA/a4/Rvyo+1x+jflUe2wjvzTvcr6hj ltTZ3974q0a6n0bzE1a6h06aQlrmYedKjgHf5isCGVhwB1AHzCpdS8ZaZc/2KkY1G6+wXsdw1xer F5ojXGUUr97OMkk5yBknt559sj9G/Kl+2R/3W/Kl7TB6e/sH1HH/APPtnfaX4q0m01HU7x/7WtZr m9e4jms3Qlo23YSSNyUOMk5wTk9RjnnvEOpQavr95f21v9nhmfcqcZ6AEnHckZPuTyetYX22P+6/ 5Uv22P8Auv8AkKqGIwkJcynqTLLsdJcrps9D/wCEy0f7d/wkH9nXP/CQ+Ts27/8ARvMxt39d33e3 Tt1+aue1DVYLvw5ounRpIJrHz/NZgNp3uGGOfTrnFc79ui/uv+Qpft0X91/yFKNfCRd1Pb/g/wCY Sy/HS0dNnT6NqGirp0+n61YSOjOJYru0CidG4BXLcFSO3Y545BGhd+MI4tT0V9KhmFnpK7YvtD5l lDABwx5ABAwMdO2OAOI+3xf3X/IUfb4v7r/kKbr4Ryu5/wBbAsuxyVlTZ2a3/hC2inubfS7+a7ki ZUtrp1NvGzcHBBDELk4J5+h5BD4xudJ0Ww0/Q5Gt2jV3upWhjzLIxz0IPCjjOcn0GBXG/b4v7r/k P8aPt8X91/yH+NL2+EfxTv66h/Z+OW1Nr0PQYvF2l3F+15qMN0JbrS2sbw28aZdyR+8ByASVHccY A5FZ76voemWN5FoMGom4vITBJPeOn7tCQWCqowdwBBJ5HGK47+0Iv7r/AJD/ABpf7Qi/uv8AkP8A Gkq2EW09AeX49/8ALtnb3Hji+s4rWz0KZrWytrdIsNBHmRx95yMHBJPTJ9e9GpeJdOu7bXhBbzRS aqts/l7FCxyIcvkg8g9c4BJJyB1riP7Qi/uv+Q/xo/tCL+6/5D/Gmq2DWqkv6d9fuD6hmD3pv+tD s08VJJ4KudEuoGa6Kxxw3C8lo1fcFck5wvIGOOcYHU3NX8Z2+p6dJJt1BNQnh8mWEXTrar2LqobJ JHG0/LzznHPA/wBow/3X/If40f2jD/df8h/jS9rg735ut/6+4PqGPtb2bO1mmsfFX9hWMEd5FqaJ FZOQqvEIlzlwB8xPO49AAD6ZrP8AFl+mp+KtRuotvlmXYpV9wYIAoYH0O3P41zX9ow/3X/If40f2 jD/df8h/jVRxGGjK6n/TFLLcbJWdNlyiqf8AaMP91/yH+NH9ow/3X/If41r9ew/86M/7Kxv/AD7Z coqn/aMP91/yH+NH9ow/3X/If40vruH/AJ0H9lY3/n2zMor1n/hSf/Uwf+SX/wBso/4Un/1MH/kl /wDbK+W5JH3P9o4b+b8H/keTV3t7Fok+m6QIotLe7S0ysRuIo0mk8u2yJWQoVxmcjewJZTzgha3P +FJ/9TB/5Jf/AGyj/hSf/Uwf+SX/ANspqEl0MqmNw02nz2t5M5i+svDFpfQnSrn7RaPaXg825ZPm YQNsJUncH3kgZVM4TaCQWa3eaJ4dTU9Xg0s2t5BHHcSKzXeTCq2wkjMWGHmfvN4P38BBnHJO5/wp P/qYP/JL/wC2VYT4R3kdjJYp4snW0kbc9utuRGx45K+ZgngfkKfK+xm8XQ0tVfbr9+xwWjX9p/Yr Wt+bOOI3tvE8v2SJp1t3EvmsrFCxI+XnkjjHpU1/YaJDHf8A2YQMVZtxku1DQjy0KeUEdw4aQupG ZCFChmQ5euv/AOFJ/wDUwf8Akl/9so/4Un/1MH/kl/8AbKXLLsW8ZhubmU7fJ/5HNzaZ4cmZmN3A pPhxLkbJ0ULeKFGwAfxHacqcklmPXGDR7Pwz5tkb+aCK2eEh5hLukYNbSGUshztZJdoj+VSeo39a 6T/hSf8A1MH/AJJf/bKP+FJ/9TB/5Jf/AGynyy7E/WsPy29q/uf+RgW+m6G0e8WWnT3aW1zNe2ov WMcBSNmi8krJmQNtBfDPj/Yqi+m6Xaa19jtV8+P7Be3HmTDLEGGVoTjAH+rETjAyGc55AC9qnwjv I7GSxTxZOtpI257dbciNjxyV8zBPA/IU3/hT1x5vm/8ACUS+Z5flb/spzs27NufM6bflx6cdKOV9 hLF0Nb1Pz/r+lucDb3emQeB54JY4n1C4nkWPEEbOgBgYMXJ3qMCQADg7m9K6Ky0rw1NqGnvNLpcl rLYWTXSyXKo0cpBWTbiWMDhMtnewZgdpya1v+FJ/9TB/5Jf/AGyj/hSf/Uwf+SX/ANspcsuw5YvD NO1Rq/k/8jA0qy8MweLNEinezmsLzS1a8M9x8kExjbdzkbWyo4PQtxg7cRQW3h2GO5kurXTmuhDl rcXjtFHII7lgI2WT5gfLt8/M3LkcEgDpP+FJ/wDUwf8Akl/9so/4Un/1MH/kl/8AbKfLLsJ4rDv/ AJev8TjdMg0O38S6pZ3csUunLJsilkYHdGlxGWIZe5iWTlcE5wOSAdNY/DN5p9s0hsxPJMktz8/l GOFooxNIoGPnWVJNkfPDEhCpFb//AApP/qYP/JL/AO2Uf8KT/wCpg/8AJL/7ZS5ZdhyxeGbv7R/c /wDI57T7Pw7dxTWb/YIZGjsfKkkuvLUuYHaYu5LFcEkfKMBxGCpGQeY10Wa65eLp8cUdoJMRJE5c KvpuJOT6kEqTnaSMV6R/wpP/AKmD/wAkv/tlH/Ck/wDqYP8AyS/+2UOMuxUMbhoy5vaN/eeTUV6z /wAKT/6mD/yS/wDtlH/Ck/8AqYP/ACS/+2UuSRt/aOG/m/B/5Hk1Fes/8KT/AOpg/wDJL/7ZR/wp P/qYP/JL/wC2Uckg/tHDfzfg/wDI8mor1n/hSf8A1MH/AJJf/bKP+FJ/9TB/5Jf/AGyjkkH9o4b+ b8H/AJHk1Fes/wDCk/8AqYP/ACS/+2Uf8KT/AOpg/wDJL/7ZRySD+0cN/N+D/wAjyaivWf8AhSf/ AFMH/kl/9so/4Un/ANTB/wCSX/2yjkkH9o4b+b8H/keTUV6z/wAKT/6mD/yS/wDtlH/Ck/8AqYP/ ACS/+2Uckg/tHDfzfg/8jyaivWf+FJ/9TB/5Jf8A2yj/AIUn/wBTB/5Jf/bKOSQf2jhv5vwf+Rw/ hFrVLrUGuIrWVxafuUuJIIwX82Po0ysgO3d1B4ziulEOjPHphabSfKi1GKS43LahyGl+ZCVYFkXe 4ZtoUhIyiBdzVp/8KT/6mD/yS/8AtlH/AApP/qYP/JL/AO2VSjLsc88VhpS5uf8ABnBa3qIu9N0p FjsFdoDJcfZ7WGNvMEsqjJRQR8mz5enQ471s20WlQ+MPFdpdx2cUTrc21oJgqpDI0yojDP3QuSSR yFViOldJ/wAKT/6mD/yS/wDtlPl+DMk8zzTeJGklkYs7vaZZieSSTJyaXLLsN4vC2sp236PvfsYe uf8ACM3Ntq2qWdppyndBJaQifY2CtuWjMSOMD5pc7QTnfypUbn6+PDt5r90bo2EcMkYla5tJ97Am +YMw2swZzC+4ggkYGAAMVrf8KT/6mD/yS/8AtlH/AApP/qYP/JL/AO2U+WXYhYjDK37x6evl/kY1 nZeD0uWjkSznja5Cl5rl0MY3WqsF2yY2jzLgg5biPO5gCTX0BdFsrLw9qEq2AvRqcIlZro7hHvly 7rvGzbiM/dA4Ulm3FV6H/hSf/Uwf+SX/ANso/wCFJ/8AUwf+SX/2yjll2H9Zw7VnVf4nK61baP8A Yr+W3j04XSQwApDdfLCfLgH7kAkSksZw2S2NuSQfvElhoI1vQY4BZyW82lpJeCS7IT7RsctubeNr ZC/JuUE4GVzmuq/4Un/1MH/kl/8AbKP+FJ/9TB/5Jf8A2ylyy7DWLw6VvaP8exz11a+E1u57Tbax 2o3P9rhuHeRR9u8vCjcVP7j5gNpJHzc1nagmlx6zoC3UFhBaiNPt8djN5qAefJuyysxJ2bf4iemM cCuy/wCFJ/8AUwf+SX/2yj/hSf8A1MH/AJJf/bKOWXYI4vDL/l4/xObnhSa5uhqKeGpJVYmwhtZo 4opDuwwLxMuECEkeYytlVAzlwXm18Jppc6QrazP5cxhuJbh1lP8Ax9lCV3AZ/dW/G3+PkfMK6H/h Sf8A1MH/AJJf/bKP+FJ/9TB/5Jf/AGynyy7C+tYa1vaW9E0c3Jo+jhbWGWOzt5pLJHhP2zBldrNn LS7nxGRL5e3OwEMeGHSxaLpNppms2BXS22QQyb3ug5Mv2KUMU+fa5EzYG0HBc+ild+T4MyTMGl8S M7BVUFrTJwAAB/rOgAAHsKZ/wpP/AKmD/wAkv/tlHLLsDxWHas6n4M56ex0K5nuzYWVgXtZ7pIo/ tTiGaNXhWN5XaT5QVeQhgyhmCjnoaMclto/i/W7JIrMWkbXixrdQRyhTGkvlAGQE53Be/wAxwDmu 3s/hHeadMZrHxZPaysu0vBblGI64yJOnA/KopfgzJPM803iRpJZGLO72mWYnkkkycmjll2BYvD6x dS6+f+RzFvZ+Gbm506UzQTXM8PmTwTy/ZoDIWj3BmX7gG64xjb/q0wrZBkZEnh90leeCwd4YLd0/ fMnmN9gdmUhWGf3yJnGG3MQTziun/wCFJ/8AUwf+SX/2yj/hSf8A1MH/AJJf/bKOWXYf1rDf8/H+ P+RyVza+H3tp5YltY90Cu4S4YmBzbRsgiBYl90xdGB37QP4OtXLrTvDt3qk6I0Qgmv2VXtH3S7jc 7fLjjXOY/I+cMEPzYAY/crof+FJ/9TB/5Jf/AGynxfBmSCZJofEjRyxsGR0tMMpHIIIk4NHLLsDx eH6VH+P+Rx95Y2dtfWGdEtZmmsDcy29rfExjy5nZ2D73zmKJlwGOCSRyMVydeyXXwo1G9d3u/F91 O7xiJmlgZiyBtwU5k6bgDj15qp/wpP8A6mD/AMkv/tlJwl2Lp4/DxXvT/M8mor1n/hSf/Uwf+SX/ ANso/wCFJ/8AUwf+SX/2ylySNf7Rw3834P8AyPWaKKK6D5YKKKgvL210+1kur25itreMZeWZwiqP cngUAT0Vyvhn4g6F4v1m/wBO0WWW4FkivJcbNsbZJGFzyenXGPTNdVQAUUUUAFFFFABRRRQAUUUU AFFFFABRRRQAUUUUAFFFFABRRRQAVyeoeK9Ss5deuE0m0k0vRHxdTNfMs7KII53KReUVJCyYALjJ HJHWusrzvXfAU2saj4h83Q/D9ymruBFqdy5N1ZqbeOLKp5JyVZGcASLknqvWgDsJvEOmW+qDTpJ5 BPvWNnEEhijdsbUeULsRzuXCswJ3pgfMuSHxDplxqh06OeQz72jVzBIIpHXO5ElK7HcbWyqsSNj5 HytjHvPDupTapeRxG0/s++1O11KWdpWEsTQeR+7WPaQ4b7OvzF1x5h+U7fmr6V4OuLDxKLuVY5Le K9ub6KdtRuXO6YyHattkRRkecy7wWyFJ2gvlQDQh8caH9nsmub2OOe5sob4pEksipDIDiUtsBEQK nLsFC8btu4ZuL4p0Z9Yj0oXn+mSyvDEnlOFldFZnCPja+zYwbBO1sK2GIB5uDwVqUXhXUNLae08+ 48L22jIwdtomjSdWY/LnZmVcHGeDwO9ewh1BvFmnadBBI1hp2sXt9JO9ncRFxMtyc75EWPCvOEAR pC4IcbQpFAHUX3iix0rUr+DUpI7S0s7e0me7kf5czyyRKDx8oDRj5icfNzgDNV5/GmnrdaPBBFdz f2jetZsDazI9uwiaT94hTKE4Thtvytv+6pNR6x4bvNQ1i6vIpIFjl/svaHYgj7NdvPJnjurAD1PX A5qObw7qS6+NRgNo6f26uoFHlZT5P2EWrdFPzhssB0IA+YZ4ALkPjXQbrTre/tLqe7guMmH7LZzT PIAFLMqIhYqu5VZsYVjtJDcVJc+MNAtLiOCTUo2d7eO7BiRpFEDlgJiyggRfKcyE7VyNxG4Zx28L aynhXw7pMN5GDYWUdrcrHdz26+YERRMHi2u4Ta/7olA+/JZSoqvB4K1KLwrqGltPaefceF7bRkYO 20TRpOrMflzszKuDjPB4HcA6ibxDplvqg06SeQT71jZxBIYo3bG1HlC7Ec7lwrMCd6YHzLmPw14g i8SaZLexW88Cx3c9tsmieMny5GQNh1U8gAkY+UkqeVNYd14OuJvFlxf7Y5bS6vbe+Zn1G5jETRLE Av2ZCI5TmFSHZhgsMqwQBtzw5p95pdjd214IPm1C7uIWhkLbo5ZnlXcCo2sN5BAyOM55wADYoooo AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiuX8V+PtE8F32l2+tPLDH qHmhJ1TckZTZndjnneOQD0rfsNQstUs47zT7qG6tpBlJYXDqfxFAFmiiigArxL4q/CjxT4mun1LT ddm1KNSWTTbpxGI/aPGE/MA+pNe20UAfIvgf4a+Jdc1rU9MS8n0K8s40aVJldGcEkDpjI469K7r/ AIUR4w/6HX/x+b/Gvf8Aau7dgbsYzjnFLQB8/wD/AAojxh/0Ov8A4/N/jR/wojxh/wBDr/4/N/jX sl94x8O6bdva3WrW6XEZw8akuyH0YLnB9jVb/hYHhb/oLxf9+3/+Jp2YHiuj/BjxXqdlJcQ+MDEq XVxAVLy8tFM8bNwe5Qn8av8A/CiPGH/Q6/8Aj83+Neg+F/Gvh2y0meK51NI3bUb6UKY35R7qV1PT urA/jW1/wsDwrn/kMRD6o4/pRyvsB5J/wojxh/0Ov/j83+NH/CiPGH/Q6/8Aj83+Ne82V7a6jaR3 dlcxXFvIMpLE4ZW+hFT0gPn/AP4UR4w/6HX/AMfm/wAaP+FEeMP+h1/8fm/xr6AooA+f/wDhRHjD /odf/H5v8aP+FEeMP+h1/wDH5v8AGvoCigD5/wD+FEeMP+h1/wDH5v8AGj/hRHjD/odf/H5v8a+g KKAPn/8A4UR4w/6HX/x+b/Gj/hRHjD/odf8Ax+b/ABr6AooA+f8A/hRHjD/odf8Ax+b/ABo/4UR4 w/6HX/x+b/GvoCigD5//AOFEeMP+h1/8fm/xo/4UR4w/6HX/AMfm/wAa+gKKAPn/AP4UR4w/6HX/ AMfm/wAaP+FEeMP+h1/8fm/xr6AooA+f/wDhRHjD/odf/H5v8aP+FEeMP+h1/wDH5v8AGvoCigD5 /wD+FEeMP+h1/wDH5v8AGqKfBvxa+uy6V/wmLb47ZLkvvlwQzMuOv+wfzr6Orn4uPiHd5/i0qHH4 Sy5/mKAPH/8AhRHjD/odf/H5v8aP+FEeMP8Aodf/AB+b/GvoCigD5/8A+FEeMP8Aodf/AB+b/Gj/ AIUR4w/6HX/x+b/GvoCigD5x1r4N+LdF0LUNVk8YtIllbSXLIrygsEUsQOe+Kvf8KI8Yf9Dr/wCP zf417B47/wCSeeJf+wVdf+imroKAPn//AIUR4w/6HX/x+b/Gj/hRHjD/AKHX/wAfm/xr6AooA+f/ APhRHjD/AKHX/wAfm/xo/wCFEeMP+h1/8fm/xr6AooA+f/8AhRHjD/odf/H5v8aP+FEeMP8Aodf/ AB+b/GvoCqWpatYaPbpcajdx20TyLErSHALHoP5k+gBJ4BoA8M/4UR4w/wCh1/8AH5v8aP8AhRHj D/odf/H5v8a+gKKAPn//AIUR4w/6HX/x+b/Gj/hRHjD/AKHX/wAfm/xr6AooA+f/APhRHjD/AKHX /wAfm/xo/wCFEeMP+h1/8fm/xr6AooA+cdF+Dfi3WtC0/VY/GLRpe20dyqM8pKh1DAHntmr3/CiP GH/Q6/8Aj83+NeweBP8Aknnhr/sFWv8A6KWugoA+f/8AhRHjD/odf/H5v8aP+FEeMP8Aodf/AB+b /GvoCigD5/8A+FEeMP8Aodf/AB+b/Gj/AIUR4w/6HX/x+b/GvoCigD5//wCFEeMP+h1/8fm/xqjF 8G/Fsuu3elDxiwe2toLkvvlwRK0qgde3kn8xX0dXP2f/ACUPWf8AsFWH/o27oA8f/wCFEeMP+h1/ 8fm/xo/4UR4w/wCh1/8AH5v8a+gKKAPknx98M/Enh280ezm1CbXbm/MogihWR2TZszwc9dw/Ku/+ Fvwk8WaDeR6pqGuTaPGSGextXDtKPSTOUH5MfpXu21SwbA3AYBxzj/IFLQAUUUUAFFFFABVfUJnt 9Nupozh44Xdc+oBIqxVPVv8AkDX3/XvJ/wCgmgDx3SdW0q2sbCxk1K0S8eKPML3CiV3cA5IJyWYn Pqc+9blcJa6Zey6Zdy+defYpZLcXFmka4uIDbQrIVO0vkDP3Tk7CowxyLF9Hq8wu4rM6iNUdrtXO +RYfJKS+RsJxEGz5HK/N1z/HX0EKjUbNEHYPLHG0avIqtI21AxwWOCcD1OAT9AafXGXbS6l4u0+8 +zastjDLAIyUmjXJS5DMUGCBu8pSWA46/K2TUtINfa3AkvtRF07W4utltKvlyGeLcVaR2RgF83/V L5ZGc8bRVe28gseq+AXZda1+3U4iAtptg6b2Dhm+pCL+Vd3XAfD2NYdd12JSxVLezUF3LHA83qTk k+55rv68TE/xpepSCiiisBhRRRQAUUUUAFFFYniXXxolkqwqsuoXBKWsLdCe7N/sLnJ/AdSKaTk7 IDborgPDGvXWm36afq17LdW92/7m6mPzJMeqHsFY/d7A/KOCoHf1dSnKnLlkAUUUVmAUUUUAFFFF ABXPp/yUOb/sFR/+jXroK59P+Shzf9gqP/0a9AHQUUUUAFFFFAHP+O/+SeeJf+wVdf8Aopq6Cuf8 d/8AJPPEv/YKuv8A0U1dBQAUUUUAFFFFAEV1dQWVpLdXMqxQQoXkkc4CqBkk15je3kviDUG1G8iK w7THa20g/wBXGepYf327+gwOxJt/EjWLi2uBbTQn7HDb/aoId2Pt04OFjB5+62zC8ks6nHAz5o0d zb6NcaPeWkrO09jLGl+yAXBM0SSjCtIMF13seTmbkc5b0MHTUf3klcTPXfB+ttazR6BeyErg/YJm PLKBkxE92Ucj1Ueqkntq8P07Rfsy3by29ppsTiMpBYyfJE6Fm84NtTDnK/w/8s15PQer+GdSutR8 NWt9qKCKVlJLkbRIoJxJj+EMAGx2zWWLoezfMtEwTNmivP7jxzq183m6LaWcVkeYprze7yr2bYpG 0HqMknHUDpUH/CV+Lf72if8AgNL/APHKmOErSV1ELo9Horzj/hK/Fv8Ae0T/AMBpf/jlH/CV+Lf7 2if+A0v/AMcp/U6/8v5BdHT+BP8Aknnhr/sFWv8A6KWugryfw/rni3SvDel6d/xJ0+yWcUG14JGY bUC4JEmCeOo4roNL8a38d7Bb65bWqwzyLEl1aswCOxwodGzgEkDIY8kcY5EywtaMeZx0C53FFRzz xW1vJPPIscMSl3dzgKoGSSewAriJvH+oTPv0zQI5LY8pJe3pt2ceuxY3IH1wfUDpWUKc5u0VcZ3d FcB/wnXiD/oXdM/8G8n/AMj0f8J14g/6F3TP/BvJ/wDI9a/Va38oro7+ufs/+Sh6z/2CrD/0bd1g f8J14g/6F3TP/BvJ/wDI9Z8PibxBF4hvdW/sLTD9ptILbyv7Vk+Xynmbdn7PznzsYxxt754Pqtb+ ULo9Porg4/HmsI4a68OWxi/i+y6kZJPwV4kB/wC+hXZabqNrq2nw31nJ5kEoJU4wQQcEEHoQQQQe hBrOdKdP4lYZaooorMAooooAKKKKACo54VuLeWB87JEKNj0IxUlFAHlEej69pEEWnyaJeXf2dBGt zatEUlAGAwBcEZ7gjg+o5LvJ1r/oWdV/8g//AByvVaK7Fj6yVhWR5JbSaneRNLb+HtTkRZHiLL5P DoxRh/rOzKR+FTeTrX/Qs6r/AOQf/jldr4N/5Adz/wBhXUv/AEtmroKf9oVvILI5TwXol7p76hqO oQ/Zpr3y1W3LBmjRA2NxUkbiWbgEjGOetdXRRXJOTnJye7GFFFFSAUUUUAFFFFAFPVNTttH06a+u 2IiiHRRlmJ4CqO7E4AHqa8e1jX74a0t9dwxvNKokugGytnb+YqKmf4QN7uXPDeVJwBynsOq6ba6v ps1leKTDIOSDhkI5DKexBAIPqK8VGh6dql/qCaxFbanMwEUFw0G1XtwMBom9CxkJZehOMkKprtwV uZ2+LoJlTVtekF3q1m95pZFuwSPTZEP2i7BiR9qnzByxYqMIeR0J4r1bwjr8lyDpGoyl76BN0Uzd bmIcbv8AfHAb6g98DhLC1Oj215cX16J2lZZppjHs5WKOMnAz1MecD+9jtXd+EdAktgdX1GIrfTpt ihbrbRHnb/vHgt9AO2T0Y1RULz36CR1dFFFeUUFFFFABRRRQAVz44+Ibf7WlDP4Sn/E10Fc//wA1 D/7hX/tWgDoKKKKACiiigDn/AB3/AMk88S/9gq6/9FNXQVz/AI7/AOSeeJf+wVdf+imroKACiiig AopskiRRtJI6oiAszMcAAdSTWD5934k+W0eWz0g9blcrLdD0j7on+31P8OOGoAp+JreLxXG2iWcM cstvMkj3zrujspUOQR/ek/2R0B+YjIDcebYSXL2+pWcI1C0bZIrKG2nKsGQn+ElVYH/ZHQjj1a0t LextY7W1hSGCMbUjQYAFYviTwsmvNBPDdNZXkf7s3CIGLRE/MhB791P8J9QSD1YXEexlrsxNHK6J o/8AwkmoMJlzpNq+J89LiQf8s/dR/F6n5efmA7PxWxTwdrbISrLp85BHY+W1X7GxttNsYbK0iEVv CoRFHYe57nuSeSeaz/Fv/Ima7/2D7j/0W1Z1q0qs+ZjR5/ZgLZQKAABGoAH0qrrmo/2Tol3eholk jjxF5pwhkPyoGORgFioJJAGckgc1btf+POH/AK5r/Kqgu9J1HUEgS8tZ7yykaQRRzgvEwBQkqDng ORz6+tfQP4bIgxP+Emi/4R/zP7UtfN+3fYftfmJt278793+r3+T8/wDd3cYz8lQ3vix/+Ed0y5gv LGK9uo5HcvIqxF4kO5VZjtIMuxOCcqxKnjcOm/s20/tf+1fJ/wBN8j7N5u4/6vduxjOOvOcZot9N tLXULy/hh23N5s899xO/YMLwTgYHpWfJU7/139QJrW5hvbSG6t33wTxrJG2CNysMg4PPQ1U1vjSn I6iSIj/v4tW7e2htImjgTYjSPIRkn5nYsx59SxNU9c/5BUn+/H/6GtVUv7N37Ad/4/JHgTVgDw0Q U+4LAEfiCa5Gut+IH/Ii6p/uL/6GtclXDlu0vkORwlh4h1Oy07TNS1H+05re4gMk7Tra+WQLd5SY hHhwSU43cYJzziti88TXOnsbW605Tflo/Ljt5JJo2DiQgkrHvziGTgIf4ecElbtt4b0u1RY1glki SMxpDcXEk0aKV24COxUfKSvA6EjoTVW1h8NXdvKLa/iucSR7p11FpJUYkqgEu8uuSzAAEZ3MP4jn qUakVbmEVk8TXk19BBBpzCe4WJRDdSGFUJ+0Fm5j34Ig4yOQV4XnL5/Fc0dleXEGmec1jA8t2nnh cFXkjwhI+YboXJJ2nbggEnbWgum6NZ3ccgEUdxB5eC0x3AsZFQtk8ljLKMnJZmPU1S1XwnFqJaGN 4IbSVXE6GJ2dy7s7HPmBSQXZl3KwRiSPSm1VS0d2B0ddH8Oif7DvlzwupT4Hpkg/zJrnK6P4df8A IF1D/sJT/wBK5sx/hr1HE6+iiivHKCuXuPH+gwzvEj3tzsJUyW1lLJGSOuHC4b6gkVta27R6DqLo xVltZSCOoO014ppfiS2gs7m0kt5EOnW8OwLgm5zEh2xjjLZdV2+rpz8wFdOGoxqt8zsJs9N/4WJo v/PDVf8AwXTf/E0f8LE0X/nhqv8A4Lpv/ia4HT/Elle21k7lopbmKJyoRmjiaRQyo0gXaGO4YBIJ 3Lx8wzYtNc06+uxa29xvnMbSqpRl3Rggb1JGChLDDDhucE4OOxYGk9pCudt/wsTRf+eGq/8Agum/ +Jo/4WJov/PDVf8AwXTf/E15hH4xjOoGCUacq/bWsxEt/uuc+aYgfK2DgnDH5uF556Vej8U6dO9u 8EnmWk0EkwuArclWiAVVxliTKBgc7gVxuyAlg6L+2F2eoaT4w0fWLwWdvJcRXLAlI7m2khLgcnaW ADHvgHOOcVu145Z6naX+vaStpN5jW+qpFKQpARwXVlzjrwcj0IPRgT7HXFiKSpT5Yu6Gjn/Bv/IE uR3Gq6jn/wADJjXQVz/g/wD5BV7/ANhW/wD/AEqkroKwGFFFFABRRRQAUUUUAFQXt7badaPdXcyw wp1ZvfgAepJ4AHJNV9T1aDTVjQo891MSILWEAySkdcDoAMjLHAGeTVay0maa7TUtYdJrxOYYU5ht c/3M/ebHBc89cBQSKAIBZ3XiI+ZqUT22l9UsG4eces3ov/TP/vrOdof4k8PprOnoLcpDfW2WtJSO FOOUOP4GHBH0I5ArcqlquqW2jabNfXbERxjhVGWdjwFUdyTgAe9OLad1uBx3hjQLrUb9dQ1ayktY LR/3NrMPmeZTy59VU/d9T83QKT31cv4Y8UzarcS2OqQRWt/gywrExKSR+gJ6suQG9eCOuB1FaV5T lNupuCCivMPEc8us+J9VtLqacWmnyx28UEcrIhJhjlLsFI3H95jnpt4xk5y/7DsP+ecv/f8Ak/8A iq6KWBnUgpJrUVz2OivHP7DsP+ecv/f+T/4qj+w7D/nnL/3/AJP/AIqtP7Oqd0HMex0V45/Ydh/z zl/7/wAn/wAVTk0uO2Pm2M91aXK8xyxXD5U9sgnBHsQQe4pPLqndBzHsNc//AM1D/wC4V/7Vq74c 1KTWPDGk6pKqrJeWUNw6r0BdAxA/OqT/APJQ4f8AsFSf+jUrzxnQUUV5dqOq6jruo3r/ANpXlpaW 91NbQwWkpi/1TmNmZl+YkspPXAGOOpOtGjKrLliDZ6jRXjN9JdWP2Z21fW2ilnWGR/7TlHl7shTj POXKL7bs9AazP7dmaPUfL1LXWltWCQodUlHnO0rwouc/KTLGw7gAqSeSBu8DNOza/r5Cues+O/8A knniX/sFXX/opq6Cvnm31ibX530ttUllguERJIZtfnDzRyQrIxWIpll2uRzjODnFdFYG4vtOtbtd b1jbPEko2anORhgDwSQcc9wD7CiOCnLZr+vkFz2Sqt/qFrplqbm7l2R5CqACzOx6KqjlmPYDk15X NqOqeH7WfVLXVtQnNrG0zW93ctNHKqjJU7slcgdRgj36V6NpulOZ01TUpVutQZfkIGI7dT1WNT09 2PzN7DCjGtQlRdpAnchj0661uRbnWY/KtFIaHTcgjI6NMRwzeij5R/tHBG9RRWIwrzfxJq7eI7xr a1uJYtMtX+WWFyrTzL/GCP4UPT1YZ6AE6PjvxItpBPpcM7QKkBn1C4TOYYMH5VxzuYK3TkAE9Ste WWviKaTw3cKl7CtzbzWaltPCTeVHK0YZVChlJDGVFGCcKvUkM3dhaMb89TboJs9p8K+IG1a3e0vS q6nageaAMCVe0qj0OOR2OR0wTZ8WAnwbrgAyTp9xgD/rm1eUaNPqQvnvLS5u5GtQjW1xfW/kO7nd 5kTLsTMZAj529WJBJUbfXdJ1O18RaKl0kZ8uUNHLDIOUYEq6N9CCPQ9uKyxFD2crrZgmec2hzZwE dPLX+VcoGvorU2OkQXUjQQSC2ivLPY1lIImVNkzARuAdqY+YneW3soNd9L4L1/TmFtpTadeWSDEJ u7mSGRFHRTtjcNgcbuM+lR/8Iz4w/wCfHQ//AAZzf/I9ei8XRkleVvvFZnAWVpqU01rCt/qbWT3a iRhDPAQvkzbhmZ3kwT5YzwoONp3ZI0LyDXBLfW9nLL/o8c11aSFjmWSRWEcZLfKQrGT5TwAIPeuv /wCEZ8Yf8+Oh/wDgzm/+R6P+EZ8Yf8+Oh/8Agzm/+R6SxGHStzfmFmcBotpqUniKAPf6m+mrBI5D QzwIZQ8eAxmdpDxzjheCBnMgrpdc/wCQVJ/10j/9DWtr/hGfGH/Pjof/AIM5v/kermneDdWur2F9 cNhDawSLL5FpM8xmZTuUMzImFBAJABzjqBnKliaEaclF3b9QszY+IAJ8C6tgdIgT7AMCT+VclXpl 1awX1pNaXMSy288bRyxsOGUjBB+oNcPJ4F1mBzHZa1aSW44j+12jNKB6MyuAx98D+tcuCxEKV1Pq Noy64aLRdUPhjR5pZFN3bxWcMEK2jKYQZoGfzRvJYr5a5xswA2evHpX/AAhfiP8A6C2lf+Acn/xy j/hC/Ef/AEFtK/8AAOT/AOOV1zxdCe7YrM4VrK6g0+eydJ7idNUtpzcsmWuENxG287RjKAFCOyxg 4VSorqa0f+EL8R/9BbSv/AOT/wCOUf8ACF+I/wDoLaV/4Byf/HKccZQj1CzM6uj+HQ/4kl+ex1Kf B9eQKz18EeIHYLJrWnRofvNHZOWA9syYz9c/Q12Wk6XbaLpkNhaBvKjySznLOxJLMx7kkkn3NcuM xMKsVGA0i7RRRXnjKGtqz6BqKKCWa1lAA7naa8V07w7BcR2d+027e8Vxt2nlRFEAmc/34Inz/s7e hOfea5aX4faC8rPGL63ViT5VveypGv8AuqGwo9hxXThq0aTfMriaPNrLw3NZS6cUvYiLOCKAyC2A mZUXBQOGx5ZIyVYNySQQdpWtoGm6hDqNq9xFPDaWNk9nBHOsQO0mPafkd9zYjO4kqPu7VHzV6f8A 8K70X/nvqv8A4MZv/iqP+Fd6L/z31X/wYzf/ABVdX12krWixWPO49CvBm2lv4GsPtrXgjW2Ky584 zAb95GA2Afl5Hoeab/wjGLfSFW82z6XaeRDL5XVwYvm65AIiKsoPKuwyK9G/4V3ov/PfVf8AwYzf /FUf8K70X/nvqv8A4MZv/iqf12l/KwscFDo1t5+k6ddxxXlvPrBleOWIMrCSSSTaVOQQN2PwzXpP /CCeD/8AoVND/wDBdD/8TS6V4N0fSL5b2FLma4QERvc3Mk3l5GCVDEgHBIz1wSO5rfrixFVVZ3ir IaOb8D28FpoVzbW0McMEWp3yRxRqFVFFzIAABwAPSrniHxDBoFvCzQSXNzcOUgt4iAXIGSSScBQB yfp1JArn/DviWw0+11C2mt9VaRNVvsmDSbqZObmQ8OkZU/gayfFGtWur+KdFFtFfp5VrdlvtVhPb Zy0GMeai7uh6Zx361NGCnUUX1GzR/wCE91n/AKFu3/8ABl/9qqkvxUuWhspRolqEvVVrcnUSN4OM HmLgHco5xyyjqQDXrmY/Dk0rX6zS7CskhsJdoPls8v2gyYB5xJ5a7W/5456ORXqTwNNfCibnUXHx cuLWeWCTw8GljlWBliuJZCXZDIFG2A7jsGTjOB1xmrdr8SdUvF3ReGAo2hv313JEcEkdHhHPynjr jB6EZ88g8N302p2k1zBLHFJItxP5VxsaJm+2OyBkYMdrTouR97PpkDo7Sykt9cupgrfZzZW8MbvJ vJKNMSCSSxOGXk9c9TzUQwUG9VoFzqP+E91jv4bgx7al/wDa61bPxa2tweRo9nJ/aKnZcJcjEdmf WRhw2QQVVTlgR90ZI5WrHhC/1O21HX4rDSRer9qiZm+1JHtJhTjB+nWssXhYUoKUe40zudM0iLT2 kneR7m+mA8+6lxvfHQDHCqOcKOB9SSdGuf8A7U8St9zw1Avr5upKPy2o1H9o+Kf+hdsf/Bof/jVe cM3pJEijaSR1SNAWZmOAoHUk15L4g8VQaprdnNcGRbIsVsItp5yyoZ3Hbc0iIo5ID5wMtt6nxDB4 q17RZtOGjWNuZSp3/wBpkqcMDtYeVypxgjuCa83vNGvdfvNRee5udLmhQWaQhY5DG64dn5BKneVx tKk+UrBuVI7cHFOTlu1shMt3+t+VPctHaX0f9lyh21CPy9tuwRXLYLhmAV+QFOQSMHNer+G9eTXb As6CK9gPl3UAP3H9R6qeoPp7ggeR2GiG9uL+81W1nhe6ljk+zC8cxkeRErKyq2xxuDqcjkD0xXde CtOmu9Sk17c0Vp5Rt4AOPtIyCXP+yCML9WPQjO+NgnHnlv0EjhPFd9dWHxR1KaKZltUuS91F/C6G CxQsx/hCeYX3eikZAJNZunatrhiu2LZuJbvzniliMsltEYIX2CIMhYJ5mCV+bOPkJfjsdXsoW8a+ Io7u3idp5EdBIgO+B7eFG69VLRMD2O2obnS9PvUZLqwtZ0eQSsssKsGcLtDHI64AGfTit8PTk6Sa YMwZvEd5uSaJtO8j7ba2RTzC5kMoicvG/AcbZCAu0cKWz/DRqdvfXvii4hgRpYorKBth1Se0Clnm BIEYO4naOvTArTuNAgu9XGoTzyuV2Yi8uIDCMHUbwnmYDqGxuxn24qxeaNpeozCa+02zuZQu0PPA rkDrjJHTk/nW/JN7/wBfmI5S213WL3w8t1IVYQy6euYPlmneT7M7DqFAPmMPQ7sfKFO7b0vVb7Ud RjQGzNobKG8MiK+SJTLtVc44wq/MQDwflG75Nk2tu2/dBEd8iyvlB8zrjax9SNq4PbaPSonSy06K e78qGBQpaWRVC5GWbk9+WY/Vj601CSd2wOg8F2vipvAvh5rfWdGjgOmWxjSTSZXZV8pcAsLkAnHf Az6Cr2nxarF4+QareWd1IdLfY1raNAAPNTghpHyfxFang+1msfBOg2lzGY54NOt4pEYcqyxqCD+I qGTj4h2/+1pUuPwlj/xFfOFnQV5FYff1L/sK3/8A6VS167Xkdmpjn1SNwQ66rekqeo3XEjD81ZT+ Nd+XfxX6f5CYmpWX9oafLbCTypDh4pdu7y5FIZHx3wwU4PBxg8VUm8P2kn9lpGvlxaftREyTmNdp VM57PHE2eT8mOhNZV0t1bzzXazyyyPO0dteJeOYFkL7EimgztA3FYiVDHgsdjchx8T3k7P8AZdPZ VnXyrQzIc+fiPh8dgZHDAcqLeU88hfTc4N+8iTT0DRf7DsmtvtHn7vK+bZt+5DHF0yevl5/HHbNW 9Lsv7N0iysPM8z7NAkO/bjdtUDOO3SuRsdW1dvEdxbx3MAjuJWghWWOSQRFZbs7iDJySICCBtHzL jATDW7jVtUtrzU7pZrOaKx09Jp1VmZHKSXAZUGfkZtmCSW2FQMPjIUKkEk0gNvxF/wAixq3/AF5z f+gGut0q1s7547OTXfENlqGzJs7m62ORjkrwQ6+6kiuS8Rf8izqo7m0lUD1JQgCu8+xwwxwaJr0K 3djIQLK5m5ZHA4jZuocfwuOTjGdwy3BmXxRHEs/8Ir/1Htc/8DP/AK1H/CKIeH1zXHXuPtzL+q4P 60fZNb0XmxnbVrMf8ut3JidB6JKeH+knPq9XtN12x1OV7eN3hvIxmS0uFMcyD1KnqP8AaGVPYmvN KOU8TfDuG+sXuLK71Ca+jC/u7m8aVbmMMGaFt5ICtjH488E1ys2nWmsPDe75o2XYGVcKSY5VkCuC M5VkIwem5x1Nez1xXijw1ei/Op6HbrNJckJc2xcIpbosoJ6Y4DdyACORhu3CYhQfLPZiaMCC0udY 1BdKsXMcjLvuLgDP2eP1/wB44IUfU8hTWzYyeLfB1lDZT6Na63pduoRJtLPk3CqO7QucOf8AdbJr pvD+hxaFpogV/NuJG8y4nIwZZCOTjsOAAOwAFatZYmu6079OgJWMvQtfsvENm9xZC4Tyn8qaK5t3 hkifAJVlYDnBH51qVFc28V3azW0ylopkaNwGKkqRg8jkcdxXIf8ACKeINDy3hjxHI8I6afrObiL6 LKP3iD8W+lc4ztKKx7XV7m00CXUvEltBpbW4Yz7J/OjCj+MMADg+mMir2n6lY6taLd6deW93bt0l gkDqfxFAFqimTTRW8LzTSJHFGpZ3dgFUDqST0FcDrHxc0WyZotKt59VlH/LSMiODP++3J+qqw96m c4wV5OxpTpTqvlgrvyPQaK8Nvvip4quywt/sFhGfu+XCZXX/AIEx2n/vmsO48W+KbsYn8Sagf+uZ SH/0Wq1ySzChHZ3PRhk2LlukvVn0dRXzM2sa2/3/ABDrRx6ajMv8mFPXXtfRgy+ItYyOmb12H5Ek Vn/adHs/6+Zr/YWJ7r73/kfS1FfPdt498X2jqV16SZR/yzubeJ1P4hQ3610mm/GHU4WC6tpFvcp3 ksXMbD6I5IP/AH2K2hjqEutvU56mU4umr8t/Q9gorn/D3jXQvEpEVjd7bvbua0nHlygd/lP3gPVc j3roK6k01dHnSi4uzVmFFFFMRDd3KWdlPdSAlIY2kYDrgDP9K8wj1vxJqcMd6fEFzZeegkFva29u Y4wRnAMkbMcepPPoK9F17/kXtT/69Jf/AEA14PbNLFpeq6lHc3X2uz8pbSL7Q5jZvs0JWPys7W3s xGMbiW4IOCO3BwhJtzVxM7X7Z4j/AOht1P8A8B7P/wCMUfbPEf8A0Nup/wDgPZ//ABiuSg8Q30X9 rSeTA1rp0VxcuGdzI5Wa5UICScA+Upz0GCAuCNssGs62Z47C5t4Le7nlRIpZY1woKSuSYkmckfuS Ad65LdPlOe9U8O7e6LU6j7Z4j/6G3U//AAHs/wD4xR9s8R/9Dbqf/gPZ/wDxiuS/tTVINWv3e7s5 lEVpAiRKxjSR7iSHf97qCCWXrwF3fLua3bavqkuvJpJFmzRNL9onCMoYKIHBRNxwSJ9uCx5G7PG0 ipUP5Q1Ot0rX9asNasIb3VZtStrycW7LcQxKyFgcMpjRe4GQQeCa9Irwi21nUJtZ0UHT3mltLuMX cUICs8+4gLEXYLjCs/zEHa8R/ir1f/hIdU/6EzXP+/1l/wDJFebi4wjU9xWQ0Hg//kF3w7jVb/P/ AIEyGsHx3/yNGgf9et5/6Fb1s+CZXn0i9lkt5Ld31O8ZoZSpZD5zcHaSuR7Ej3qfxN4cOvRW0sFw ttfWjM0MrJvUhhhkZcjIOAeCCCo+hyoTUKik+g2ea61fXVl5HkvFbwNuMt3LA8yRYxgMqspUEFiX J2rs56iq48TWtrZs986l42AL24ykqGMyecnP3Niue/KOoLkDPQ3vgPxXd7Gi1ixtJEyN8AY5BxkF XVlPQc4yOxAJzVi+FusI8bvNo8xWOVH81HYTGRizM4xgnLSYxgASuAAGxXpyxtPm91k2MDV/FL2d 1FDZWktyTP5LYRdr4lgRirF1HBlKdD84OcBTma58TbdOW9hsrpYHkgMUrxb1mieVFLKEJYHa+QrA Mc/dOCBpzfCjXpra0iGp2Mb2se1JlDF2bzI5TI2VILl4lJJHOWz1p8fwt8RRwR251eze3haI28LF wsKxurqowo3D5FGW3NgHBGSTP12N3qFhLC/W/SX9zLBLDJ5c0Mu3dG20MASpKnKsp4J6+uQJfDlt aSa5q0l5HLal7uKKDU7aTZJDIYo8Ix/utxgNlSeCMlc3LbwH4ktri7lS90rddTCWTKyHBCKnHTjC D8c11+h+GYNK0m5s7pkvJL1zJds0eEkJULgKScKFUDGT09SayxeJhUpqMXrcaQz7brWjcajbnU7M f8vlnH++Qf7cI+99Y8k/3BWvYajZ6pai5sbmK4hJxujbOCOoPoR3B5FZlnPNo13Fpl9K8lrKdtld yHJJ7RSH+8B91j94cH5hlpr/AMPWl3dG9t3lsNRIx9rtCFdsdA4IKyD2YHHbFecM1q5HxfoMkjf2 3p0TPdRJtuYEGTcRD0H99eSPUZX0xe/tbVNH+XW7T7RbD/mIWMbFQPWSLlk+q7h3O2tq0u7a+tY7 m0uIriCQZSWJwysPYiqhNwkpR3A8z0iwHiu8FvBITpiBXu54zjeCAREp9WBySOQp7Fga9QjjSGJI okVI0AVVUYCgdAB2FV7CGGCB1hshZqZpGMYVRuJc5f5SR833vX5uQDkC1WletKtLmkJKxxni/VNA e8TT77QP7buoV3lBHGfs4bplnIwSB0GTjGcAiua83w1/0Tn9bf8A+Lqprmqmz8e6/ax2N1eTzXSy KsBjG1UtbUHJd1HWQdPelTW9PfLG5ijjEYffLIqf38gqTuUr5b5BAxtPdWx20MJSnBOTdxNlrzfD X/ROf1t//i6PN8Nf9E5/W3/+LpqX9nJfSWKXcDXca7ngWQGRRxyV6gcj8xVFvEuj+bZJHqNrN9sn NvE0UyMN4Xdg8/7o47uo71s8DRW8n94XZoeb4a/6Jz+tv/8AF1PZ6j4W0+7ju5PAZtBEd/2lYoJT Dj+PAYtx6qCfQVTj1TT5XmSO/tXeCRYpVWZSY3ZtoVueCTwAe/FOS+spoPNS6t3iLIm9ZAVy4XaM +pDLj13D1FH1Ci9mwuesRSxzRJLE6vG6hldTkMDyCDWFN/yUOz/7BU//AKNhpfApJ+H3hokkk6Va 5J/65LSTf8lDs/8AsFT/APo2GvGKOgrD1Xwfoms3hu7u2mFwwAaS2upbdnxwNxjZd2Bxzmtyimm1 qgOK/wCFTeDP7Q/tD+zbr7b/AM/P9pXXmdNv3vMz04+lSj4YeFF2bbS+GyRpUxqt38rtncw/e8E7 mye+4+tdhRT5pdwOHl+EPgicuZtJnkMilXL6jcncC+8g5k5G/wCb689amHwr8ICFoRYXgiaIQMg1 S6wYxkBCPM+6MnjpyfWuyopcz7gc5Z+BfD1jdxXUdrcSyxMHT7VfT3Cqw6ELI7DI7HGRW7d2kF9a yWtzEssMg2sjd/8AD69qmoobb3AxbG7n067j0nUpWk35Fndv/wAtwATsb/poAM/7QGR0YC7qWkWG rxIl7biQxndHICVkiPqjrhlPuCKlvrG31KzktblN0T+hIKkchlI5DA4II5BGaoadfXFvdjSdTfdc 7S1vc4AF0g68DgOP4h36jjIVAVtuu6L9xjrViP4XKpdxj2PCSfQ7T7sau2msW+s2tyumXSJdxqVa O4ibfA5Hy+ZESrYzzjIyOh71p1VvoYZLK682xW8Dwsj2+1CZ1wf3fzkKc5IwxA55oAtUUUUAFFFF AAQCMEZFcrf/AA+0O5u3vrBZ9G1FuTd6VL5Dt/vKPlf/AIEprqqKAPnvxZr+qandy6NealJeWumz Pbs7II/tMiMQXdV44IwB0+XPU8c/XofxC8CXdrqVxrmk273FrcMZbqCIbnic/edVHLKepA5Byeh4 86jkSVA8bqynupzXz2OjUVVue3Q+0ymdB4dRpb9e9zW0PR/7Ymukzc/uIPO2Wtv50j/Oq4C7l/v5 69Aamu/DlzFdmKFsIEV2N4UtWiJJAWQO2FY7SwXcSVwfXGfaXn2W2vofL3faoBDnONuJEfPv9zH4 1oHW7e5SWO+s5ZEn8qSYwziNnljDKHyVb7wclsgktlsjOKwj7NxSe51z9sptx27aeXp5jLnw5f29 jBdeU2HieSRHAR0KSOjqFJyxUJubA+UHnA5qWz8K6hcztHIYIQsUjsWuI8xsqMwRxu+RjtIw2CAG OMK2JL3xXHcK13cWUcd4sNxH54mITEzyF8qc8ASkLgjB5JYYAcniq2+13bnT5g93I8l/GZ9rb3jk T5AUzGP3znDbj93nrnRQpb9NP62MXUxHw2XNr2/z/rqZUmk3kVkLt41Ee0OVEil1U4wzIDuVTkYJ AB3L6jNKtSfVoptFjsPs0u9MbS85eOP1MakZQt/F8xUkk7eF25dYSUV8J103Np86DkOjo7pIjBkk RirIw6EEcg+4r3P4c+KLjxJoUq32GvrGQQyyAY80bQVfHYkHB9wTwDivE9PsrvVr8WGm2z3d2efL j/hHqx6KPc1714K8LJ4U0P7MzrLeTv511IvQvgDC/wCyAAB+J716mWxqJtv4T5/PZ0GlFfH+nmdH RRRXrnzZBe2wvbC5tS20TxNGWHbIIz+teQQ+HrnTLmJrjwnPJqUCCM3lvapJvwu3csgOcEeuDjgg V7NXNXPj7w7a3MkBurmZo2Ks1rYXE6AjqN8aMpI+tb0Ks6b9xXEzhora6gd3h8L6nG7/AH2SzALf Mzc4PPLMfqxPeq6aOsdjJYp4MvFtJG3PAunoI2PHJXoTwPyFd5/wsXw5/wA9NT/8E95/8ao/4WL4 c/56an/4J7z/AONV0/W6/wDL+AWRw39mN/0KF9/qPs3/AB4r/qf+efX7n+z0p9vYzWixLbeE9RhW JWWMRWSqEDEFgMHgEgE+pFdt/wALF8Of89NT/wDBPef/ABqj/hYvhz/npqf/AIJ7z/41S+t1/wCX 8AsjlNA8O6hda9bTf2bfWsSXwvrm4vFVNxC7VVVB54CL0xhckk9fVaxNJ8W6LrV19ls7qQXGCwiu LaW3dgOpUSKpbHtmtuuWtUlUleW4zn/CP/HjqX/YVvP/AEc1Z/jfVr22udN0qzuJLX7Ys0ss8WN4 WPYNqkg4yZBz1wD61X8P3PiONNUWw0rSp7carebZJ9Tkic/vm6qIGA/M1zPxFTxBqF1aQXVla2d0 dNvvshsNSkdmkzARljHHt5C9yDk546lBJ1Emrgx/2a6/6Det/wDgyl/+Ko+zXX/Qb1v/AMGUv/xV ck1p4zjgvlgvJQgnkWzUiFnWNUm2ZZt24MfIBLHd97OPvF5Hi86ibSK4n2rFKBcSpD5eSbkRsxC5 LcW5wowBncOa9jlpf8+/wRB1X2a6/wCg3rf/AIMpf/iqPs11/wBBvW//AAZS/wDxVcuLXxENXsP7 MW+sdN8zddR31xHcM2GUnks7KCu4Dax+YfdXljY0/TdZj1bRb6/ury4f7FKl2D9nCQyMIzt+VQSp Knpk5VecE5ahT29n+AHQfZrocjW9bz/2EZT/AOzV2XgjVby/tdQtL2ZriSxuBEk7gb3Qxq43Y4JG 4jPcAd8mvGLLRvGFvZ+St232iSKFzJNdOURljfIJLSNv8xlJCqEZY8Z+YrXq/wAOXaR9edo2iZrq ImNyMqfIj4OCRkexIrjxcYeyTUOV3/zGjs7u0gv7SS1uohJDIMMp/wAex7gjkGsywu59PvE0nUpT IzZ+x3bf8vCgZ2t2EgGc/wB4DcP4guzVa/sLfUrN7W5UmNsEFThlYchlI5DA4II5BFeaUWayJfD1 oNQ+32Ukun3TOHme1IVZ/USIQVYkcbiNw7EUadf3EN3/AGVqbA3YBaCfGFukHfHQOONy/iODgXdR 1C20rT5r68k8uCFdzNjJ9AAO5JwAO5IFADrN0kgYx3n2tRLIDJlTtIdgU+UAfIQU9fl5JOTViud8 NeKRrjzW11a/Yr6MeYIC+7dETwwPcjIDDsfYgnoqcouLswPFtdttQ/4WRrd/YQ2s3lTmF0nnaL79 tZkEEI2f9WfTrWbH4Vkj1m1upHgnhjlSeTeuCZM3TsVXBwA9wpXkkBeuQCfQte8Lar/bd3qWkJbX CXpR54Z5jEUkVFTcpCsCCqKMcYI754zf+Ef8Wf8AQK0//wAGB/8AjdepQrUFTXM9US0zipvCMtw1 5A7qIZmunS4a6mcqZhIOIMiNSPNI3ZOQDwC2V0JLHVLq/sb6a206KWC5VnWOZmLRiOVCfMKDJHm5 C7QOD83zcdL/AMI/4s/6BWn/APgwP/xuj/hH/Fn/AECtP/8ABgf/AI3Wyr4ZbS/r7gszim8L3lzZ 2FndLZtBYRRWy5YuLmNZYXYupUBSVg+78wJfGeMnTn07zvE8Tqsv2byxcXC4xG0yHbETxhjgsT1I MMR4wM9F/wAI/wCLP+gVp/8A4MD/APG6UeGvFdwfKNpp1qH4M5vGk8v3ChBuPtkfUUfWMMvtfn0C zL3gvwX4VuvAvh64uPDWjTTy6ZbPJJJYRMzsYlJJJXJJPOauWmhaRonxCshpWlWNh52lXXmfZbdI t2JbfGdoGeprpdL0+HSdJs9Nt93kWkCQR7uu1FCjP4Cub1rXNJ0f4g6Y2p6pZWS/2VdDNzcJH1lg x94jrtbH+6fSvEKOl1LULfSdMudQumKwW8ZkcqMnAHQDua4xvHeuMxMPhyxEZ+752qMr49wsLAH6 MfrTfG3jDwxf+D9QtbPxHpFxcSqqxxQ30bu53rwAGya8+m8UalZ+Jv7Le0gu45b3yIzETE8SBYWL EEt5hAnGQMYCM3TO3swtKnNN1BM9B/4TrxB/0Lumf+DeT/5Ho/4TrxB/0Lumf+DeT/5HrzaHx5cP b+dNplrCjRxujPfHaNxt/vkx/KALlSTz91vrT5vGcyae2o4s4glslwmnSljPcK0SyFkcfwjcwzsI /dtkqM7er2GF8xXZ6N/wnXiD/oXdM/8ABvJ/8j0f8J14g/6F3TP/AAbyf/I9eczeKtYutBvri10y C1mh09rpmku9xjyZVVkxGVkGItwOQCGHbmpdR8T39rqlosS2f2BorWW4uMh4kEruGPml0AXah2na dxwOCQCfV8NvqF2eq6D4xl1LU003UtOSyuZUZ4DDc+fHJtxkZKIQ2DnpjAPNdXXi/gnWJtX8X6Ob q1a0uI3mJhkRkYK0BYHawBwDuTd0YxsRjoPaK8/EQjCdobDQVV1HT4NTtDBPuGGDpIhw8bjoynsR /wDryOKtUViMytM1Cf7Q2l6ntXUI13K6jCXMYwPMQduSAy/wk+hUnk/E2u3GrXzWGmXk1raWj/vL mBsNLOv8IPdUPXszDB4BBs+P9Vt/Kj0yOXybmPF1LeCTYbKMZ+YN2ZgGA7Y3E8cHzmPXri18NyO0 Fvps8ElqgS4U7YopjH8zKSpwu91JyAWiY8cqO3CUIv36mwmz2Lwxr/8AbVk8dwEj1G2wtzEvTJ6O v+y2CR6YI6g1uV4joes3rak99Y3dlfT2aqVubQFIZ1Ytvt2+Z+RtVs54LoccfN7DpWqW2s6bDfWj ExSA/KwwyMDhlYdiCCCPassRR9nK62ewJl2iiiucYUUUUAFc3rngPw74gla4vNPVLtutzbsYpCfU lcbv+BZrpKKTSasxxk4u8XZnlF78GXBJ03xA4UdEvLYOT/wJCuP++TXEa34W1bQtXg024n0+WSUb jIjTBYl7M37sj8ASfbHNfR1Fc0sHQl9k7oZni4Kym/nr+Z5LonhfwXp9jBf6jFN4immLoJF0qa6i iKkBlEaI2znHL8nBwccUmg+FfCWqeD9Os7vRbnSdUtdNje6vf7Lls3R1RRIWleMI5zkkEtnk4OM1 sJpl9qMV79jtvO8vVbzf/wATu50/GXGP9Qp39D97p26msrT7uWTR5JZdPnt49W8O3N9bs/iC6vsI FiO1o5QFVv3y8gnoR0NYOCScFsczqzlP2jevc4uLw6k2vw6cmvQG0uCFgvo7CWQEnoHTI2k+uSvu Olej6d8HtGgIbU7+91A45jD+RH+SfN/49Xc6T/yBrH/r3j/9BFXK6YYWlDaKNamPxNRWlNlTTdKs NHtBa6bZwWkAOdkKBQT6nHU+9W6KK6DkCiiigCjrUjxaFqEkbFXS2kZWHUEKea8v0lVTRrFVACi3 jAA7fKK9P1wFvD+pKoJJtZQAO/yGvMdKIOj2RByDbx/+givTy3eRMiK/1U2V3b2sdjdXc88byBYD GNqoVBJLuo6uvSmW+v2F1qK2MUjea8SyoWQqGyXBTno48t8qcHg8fK2Gajbah/a9nf2ENrN5UE0L pPO0X32jIIIRs/6s+nWqUPhmSK4uJftKiVliljmC8rOJppXO3sh84rgNkqWUnnJ9BufNpsIsW3iW K9gS4tNOvri3McbyyRqh8rciyYK7tzEK6nCBuuBk8Vt1ykeganDYWFvHFYrc29pFbrqEczxyw7VA IwF/eoGy21iqtwCvGT1dVTcn8QEOSuuaEwOCNSjwR7hgf0JH416xXkN5aW1/qGjWt3bxXFvLqMSy QzIHRxzwQeCK77/hBPB//QqaH/4Lof8A4mvIzD+N8ikHhH/jy1Idxqt5/wCjmqp4y0K+1GXT9R06 Jbi4shLG1uXCGRJNudpPGQUXrgYzzU3gq2t7LT9StrWCKC3i1O5WOKJAqoA/AAHAFbt9f2emWj3d 9cxW1un3pJXCqM9OTXHCThJSW6Gebf2b4n/6Fm4/8C7f/wCLo/s3xP8A9Czcf+Bdv/8AF11n/CwP C3/QXi/79v8A/E0f8LA8Lf8AQXi/79v/APE12fXcR/SFZHJ/2b4n/wChZuP/AALt/wD4uj+zfE// AELNx/4F2/8A8XXWf8LA8Lf9BeL/AL9v/wDE0f8ACwPC3/QXi/79v/8AE0fXcR/SCyOT/s3xP/0L Nx/4F2//AMXXWeDdEu9JtL2e/VI7m+nEzQq27ylCKgUnoT8uTjjnHOMk/wCFgeFv+gvF/wB+3/8A ia3bG/tNTtEu7G5iubeTO2WJwynHB5HvWNbEVai5Z7AkWKKKK5xlTUtPg1K0MM5ZNrCSOVDh4nHR 1PYj8iMg5BIry688Svr+pWttfXMBSDcbZYshbthuAnwemQGKLk8B2BYDI9F8UaZc6x4du7G0mEc0 gHBOFlAIJjY9QrAFSR2PfofEZbbU7m4uddiRYvstyu2ze2Y3KpBuSSMYfbuO642gqc+YORxt7MHB OXNu10/UTNv+3bV76J7K4nhvba4ZIbl7SUQiUMUKFyoUhjlCM8k4HOK9W0HW4dd00XKL5UyHy7iA nJhkHVT6jkEHuCD3rx7StFllika7u7wQjULidbNlRY8i5d0bOzfjIVx82D9Diu58E2U9zrFzrETG Kx8s23H/AC9OG+99EO5QepJbsOejGwUoKpLR/mJGf4ivLnV/E2qWct3dRWenyRwRw29w8IdjEkpd ihBb/WAYJwNvTPNZn9lw/wDPxqH/AIMJ/wD4url5/wAjj4n/AOv6L/0kt6zdemng0sG2naCWS5t4 fNRVJUPMiNgMCM4Y9Qa6MPTp+xUnFPQHuTf2XD/z8ah/4MJ//i6P7Lh/5+NQ/wDBhP8A/F1g3+pa vp+owaZazfbZ1kSQNMqK06NFcN5TYAUHdBw4AxkZBwdwNUv9Se5uLO5ujpqzqVks4ozMsbQQyKds inKfPISAC+SoA6irtR/k/BC1N7+y4f8An41D/wAGE/8A8XSrZSWx82y1HUbe4XlJPt0rAHtlWYqw 9iCKXTZfP0+J/tX2nqPNMexjgkYZezjGGGB8wPC9BbrT2NJr4V9yC56B4e1J9Z8NaVqkiBHvbOG4 ZF6KXQMQPzqjc/8AJQ9M/wCwVd/+jbasPwXa+Km8C+Hmt9Z0aOA6ZbGNJNJldlXylwCwuQCcd8DP oKuW8OsRfEPS/wC1r6xus6VfeX9ks3t9v720zndK+e3TGMHrnj5ws0PG9tNeeC9Vht42kl8neEQZ ZtpDEAdzgHiuBTV9NdA66halSMgiZf8AGvXqoyaLpUsjSSaZZu7HLM0Ckk+5xXVhsU6F7K9xNXPL ZL/S5lCy3dm6hlYBpFIyCCD16ggEe4p/9qaf/wA/9r/3+X/GvTf7B0f/AKBNj/4Dp/hR/YOj/wDQ Jsf/AAHT/Cun+0n/ACi5TzL+1NP/AOf+1/7/AC/40f2pp/8Az/2v/f5f8a9N/sHR/wDoE2P/AIDp /hR/YOj/APQJsf8AwHT/AAo/tJ/y/iHKee+HpI9Q8b6UbORJxbJNLMY2DCNShUE46ZJ49efQ16lU NtZ2tmhS1toYEJyViQKCfwqauGvVdWfO0UgooorIDjPH/hN9d017qxB+2KgjniUc3dvnLxezEbgr dix5Gcjz5fDunzGK50kQWVvKYZJY4LcKJTFMkiEgY2kYdemfn5+6BXs2sapDo2lT386s6xD5Y1+9 I5OFRfdmIA9zXA3vhjWdJt47+KF9Qub1y97bQkYjuHYtlP8AYydpPbAY9WNduErxi+Wpt+QmiskF 1qV/FpdgdtxKNzykZFvH0Mh9T2A7n2BI6jQfFHhazdfDsFwdOurdjGtrfo0EkhyfmG/Hmbjlsgkn OarWOnXvghTqEz/b7S4AbU2jj+e3YZxImBlolBwV6gDcMktnp7/TNK8Q6eIb+ztb+0kUMolQSKQR wR/iKzxOIdad+i2BKxforG0Hw1Z+Gkni06a8NtJt8u2nuWljgxniPdkqDnkZ7CsT/hM9U0Vinivw 7c2sQ66hp2bu2x6sAPMQfVfxrmGdpRVLStY03XLNbzS763vLc8eZBIGAPocdD7GrtABRRRQAUUVF JdW8LbZZ4kbGcM4BoA5jQL6zsYtQ+13UFv5+tXEEPnSBPMkZztRc9WODgDk1TntPDcOj+Iho1zBP c2tlNBLEl60/2MFW/dKhYiBcpjYoUfIBj5RjHF+NK1Ftbils8Je6lbE3kskFsFklibe9wsbrGcxK oDY3F+DkYNz+w5rbw1HMt1a3Gn6Z4blsbS4gkLG8V4oiZCMYQDyRgBn3B85GMHz5r3myzuNJ/wCQ NY/9e8f/AKCKuVmaReWp0mwQXMJYwRjHmDOdorTr0CAooooAKKKKADqMGuSk+HejtIxgudRtYicr DBdFY09lBzge3QdBgV1M8yW1vJPK22ONC7H0AGTXn8V3qevxpeT6zd2fnRrMllaOkYhRs7dxwWZs ZBJOCQcAYrGti44ZczbV+xnVqxpq8jV/4V1pv/QS1j/wL/8ArUf8K603/oJax/4F/wD1qzf7Nu/+ hg1r/wACv/rUf2bd/wDQwa1/4Ff/AFq5/wC2od5f18zn+u0vM0v+Fdab/wBBLWP/AAL/APrUf8K6 03/oJax/4F//AFqyWtJUcq/iXVlYbcg3gBG44Xt3PA9TUn9m3f8A0MGtf+BX/wBaj+2od5f18xvG U1un9xv6V4L0vSr9L1ZLy6niz5RupzIIyQQSo6ZwSM9cE+proq4jT9S1DRtUsbe51Ce/sbyb7P8A 6SFMkLkEqQygZUkYIbJ5BzwQe3rqpYiOIjzxdzenUjUjzROf8J/6jVv+wrdf+h1jfEBidR8PxE5T zpn29twjwD+G4/nTtB8J+HNTfWLm/wDD+lXdw2q3W6Wezjkc/OepIzWX4t8PaJous6FJpWj6fYPI 06u1rbJEWGwcEqBmurD/AMWPqWyhe3kdjAs0qsVaWKEBRzl3VB+GWGfaq9/qpsru3tY7G6u5543k CwGMbVQqCSXdR1delGtWlxe6cI7URGdJ4JlWVyqt5cqOQSASMhSOhqjLpN3quo2l1qSLbLBFNHss r6UElzEVO5Qhx8jZHT7vXt783K9l5Ek3/CRQyTItrZ3l3C1tFdGaBFwsUm7adpYOThGOFUn2zxQP Eds08+y3naygZVkv1MZgXciuDw27bh1y23AzkkAEhj2GoWmryTaZBYrbSWkNsvmOy+R5bSHIRVww xIONy9MZHWqMHh28trS+0aLyP7Lu1SI3DTEzrGII4iNmwKWIQ4O7AznBxtMN1AOprZ+H7Eah4giB wnnQvt7bjGAT+O0flWNWz4A/5CviH/rpB/6LNYZh/C+Y0dzRRRXiFBXF+MNEa3lfXrGMsQB9uhQc yIBxIB3ZR17lfUqortKKunOVOSlHcDy3T7GTxHqC2FtIRaBQ93cxt92M9EUj+JvUdBk9dufTreCG 1t47e3jSKGJQkcaDAVQMAAelQafpljpNu1vp9rFbRNI0hSJcAsxyT/nsAOgq3WlevKtLmYkrHluo K0XjTxGrgq0lzDMgP8SG2hQMPbcjj6qar3tlBqNq1tcqzRFlb5JGQgqwZSGUggggHg9q6nxc+j3d 5HZy6Emr6hEm7G4RiBG6bpOozj7oyTjOK5r+ybX/AKESw/8ABu//AMRVxzehRiqVS115mU6tOLs2 VYdIsrcQ7ImLQymdXklZ3LlCm5mYksdrFeScDHoMRP4f0xmldIGhkllaZ3t5nhYuwUMdyEHB2qSO hIBIzzV/+ybX/oRLD/wbv/8AEUf2Ta/9CJYf+Dd//iKf9uYTbT+vkT7el/MJbW0NnbrBAm2Nc4GS SSTkkk8kkkkk8kkk806aWOCF5pWCRxqWZj0AHU0n9k2v/QiWH/g3f/4ip7SDRtNuUu9R8FQW8ER3 m4hujdCHHO8owBwOuQCR1xVLPcO9I2+8arU27cx2ngy3ltPA3h+2njaOaHTbaORGGCrCJQQfxqK8 /wCSh6N/2Cr/AP8ARtpW8jrIiujBkYZVlOQR6iuV16PUpPHOh/2Xd2ltN/Z18C91bNOpXzLU42rI hB465/DnI4jc29f1M6L4d1LVBGJGs7WScITjcVUkD8cV5sy6lcHzbvXtVaduXMN20KZ/2UTAA/zz W94ztfFK+CNca51nRpIBYzGRI9JlRmXYcgMbkgH3wfoaya9HL6cJ83Mr7EsrfZrr/oN63/4Mpf8A 4qj7Ndf9BvW//BlL/wDFVhS6pd/8IJp2oG5lS5njszLNFEHf948Ycqm0gkhmwAp9hTBc6nMljbi+ vIYrjUGhjupLdEnkiFu7ncjphT5ikfcHCj1ye7ko/wAn4LqLU6D7Ndf9BvW//BlL/wDFUfZrr/oN 63/4Mpf/AIqufS61C815dI/tKeAWyziSeGOLdOVFuyEhkYA4mIOAASM8A7Rt6TeSX1h5syqJUllh coMBjHI0ZYA5wDtzjJxnGT1pxp0ZO3KvuDU2fDmqX+neI9P06S/ury0v2ki23UnmNE6xtIGDH5sY Qggk9RjGOewZrjV7u5ghuZLa0tn8p3iwHlfAJAJ+6oyBkck55GOeEsP+R08Nf9fU3/pNNXead/oe sahZPx57/a4D/eUgK4+oYZPs614+PhGNblirI6aG0pLdLT7/AOvzD/hGdIbma0+0N/euJHlb82JN H/CM6SP9XbPF/wBcZ5I8f98sKwviPpT6vpFpBFqAsXWfcJGmaNTx0JUgnr0rzS1sNCs7KL+2L/W5 7nDGR7S6m2YDsuRjPBxXKqcX0B4quvtv72en2tpPqGuXttZajdpp+nlELzMLjdc/eIBkDHCDbkg5 3HGRtOddpdbs3VH+wXwbO0BjbyHHoDuDH8VryKxsvAsu6Gym8RK4y6xG6nTzWJ+6uV5Yk9Pqa3PB K2Xh/wATazNrd3HZtDHGIxe3mRCrAkgM+OeBkjFHJbbQf1iT+JJ+q/VWf4noY8QWsRCahHNpznj/ AEpdqE+0gJQ/TdmqerX9/ot4NWVmvNDZALmKNAXtQP8AlsmBl0/vLyRjI7ikfxxoDPDFFPPdi4lW BHt7SWWMsxwBvC7P16Zq82g20TGTTpJNOlJyfs2AjH/ajPyn64z70veXmH7mf91/ev8ANfiaiOsi K6MGVhkEdCKWuRub3xHoGqvfX6rf6K6gTm2X57YjjzFTrt/vLlu7AjoentLy2v7cT2k6TRHjchzz 6H0PtTUk9CZ0pRXNuu62/ryepGNOtooLqO0jWza5LNJLboqMXIxv6YLcDkg9BXLbPHfh8/u5LTxP ZD+GTFpdgf7w/dv+IUmu0oqjIzdI1gappZvZrG803azLJDfxiN0x1PUgj3Bwa0qgvLS2vrKa1vYY p7aVCsscqhlZe4INeDal4iGjas0PgTUr+x0tMoyySieBz6wpIG2DuDnB/u45OdWrClHmmzehh6mI nyU1dnvdxcwWcDT3M8cEKDLSSuFVfqTXnHivWPhvql1HdXWo2kupRLtiurO2+1nH91gqsrL7N07E HmvKLySbUrj7RqNxPezgkiS5kMhXP93PC/QYFbfho20Q1Se4ChYbMMrm1juNhM0S5COQpOGI68Am vPeZKT5Yx+89hZHKMeapP5L+v0OgPjey1bSbjwlEmn6RaXkMts+pm3eKBVcYysOBtY5b7zqFODuf 7tad7rPh/wADXl/cif8AtfW71Sbi1s4IoYtzHcS/lqOCTx5rSOATgnc5bmdVs9NWS5uriGSeKDyI s2wS1+0GVXkWXaFZUGxVG0DJ6nByKm1Hw1YWMNtYJHKs0dvebbiOJY4mMEs7EkclmYKBjI2jactn AydaTTsv6vb+tQ/sujzRvJ2f+V/y8r/MsaL4h8Df2jFqWr6TJHeRNuhSLS0SCA9iqxlizD+82T3A XpXotl8RfCF+cR67bQsTgLd7rcn6CQLmvNrLRtIt73U0kt7mb+zvPtZN0yYlcQzHzFGz5MeS2B82 CynPy4biyAQQQCD2NV9fnTS5or5GiyalVbVOTVrb26n1HHIksayRurowyrKcgj2NOr5h068vdGm8 7Sb24sJM7j9nfCsf9pPut+INeo+Dvic99dw6X4gSJJ5WCQ3kQ2o7HorqT8rHsRwSe3GeujjqVV8u zPPxWU18OnPdeR6bRRRXYeYZ+vf8i9qf/XpL/wCgGvO9MuVsngkliuTHJptqqtFbSSAkeZkZVTj7 w/OvRNe/5F7U/wDr0l/9ANcdp8vkeG7Wby5JPLtEbZGuWbCA4A7mvHzf4YfP9DmxE1G0WrqWm9uq e9n2Muf+0vMm+yfa/wC0d9xu3bvK8va/lbd37vOfJ6c9c/xU64DGyZbFtUS3Mi+Y8yzMV4bOFJEx 52A7SByD0Dg6Ntqjvbm5uEthbEZSa1uPPVjnG37oJJJwAAckEcHAMi6xYvJDEJmEsxKpE0bK+Rty CpGRwynkdDu6c14t2aSrYhSsqXw9tdVr0TXu/ZX2Vvc5yxh1Bbh5Zo79bp/s6ZPmY2LdMGB5Zf8A V7e5yCxycsTMEv5IYIwdQEjCIX5LSr+8MsWdhPQY87Jj+XHtit86rZCGGUzfJPF50Xytl1+UcDGc kuoA6knAFNt9Ysbq6+yxTMbjG4wtGyuo55YEZXp3x1X+8Mu73saSx2Jk5VvYPR32dlbS22ytt0lZ 9LGRdzHTbi0acXb21vrMPlYjknkKeWCcABnf5i3r6dq7X/hMtL/59dc/8EV7/wDGa57Uv+P/AEP/ ALCcP9a9Br38r/gfMww1R1I8z3/4C19Xu/M5jwReRXtjqs0Szqp1W54ngeJhlsjKuARwR2rU1zQr TX7NILlpYnifzIZ4WAkifBGRkEdCRggg56VS8K/8xv8A7Cs//stdBXpptO6Og4v/AIV2v/Q0a5/3 zaf/ABij/hXa/wDQ0a5/3zaf/GK0/EXjbQ/DB8q+uTJdldy2luu+Uj1x0Ue7ED3rhLz4y3juw0/w /GifwvdXXzfiiqR/49SqY50/jqW+ZvRwlatrTg2dR/wrtf8AoaNc/wC+bT/4xR/wrtf+ho1z/vm0 /wDjFcYvxg18MC2k6aV7gSyAn8cVs6b8ZLV3Cavo1xaAnHm2souEUepGFb8lNRHMlJ2VT8Wazy3F QV3Tf5/kbX/Cu1/6GjXP++bT/wCMV0Oh6FaaDZvBbNLI8j+ZNPMwMkrYAyxAA6ADAAAx0qfS9W0/ WrJbzTbuK6t24DxtnB9D3B9jzVytpVZzVpNs47WCiiioAKKKKACiiigDzWeeWPxpq6o2BLrCRPxn KDT43A9vmGasX+qvZyThLdZI7WAXFwzSbSEO77gwdx+RuCVHTnniOWygvvE3iVZxJ+71SN0McrRs rfYrcZBUg9CR+NJcW+jRzw2tzcqszAKsct42+ZSxwrAtmQZJADZHJHc18tjLfWJHJfDyqrni5Nbp LzbvdNPbTy87WJV1OYrPcfZV+xRGVfMEwD5jLAkq2FAypAO49RkAZxnR69e3Oo2dqlqsJM4Ewcuu UZJCMb41PWNj0A4AzyduudKsjM8jQ79+7MbszR5bIYhCdoJyckDJ3H1OY00TT45lmWKTzldX8wzO XZl3AFmJy3DsOc8HHQAVzXiKnXy+KnzU23bTyfn72vqra9EUrHXJJ7S3nNvug/cRSyPKPM8yRUIw oUAj94uTle+BwM2NO1OW/W3W6tI4lu7Y3EQSUyZT5chsquD869M9/wAZ49HsYWiMcLKIgoVBI2w7 QApK5wxAAwSCflHPAqaGxtrf7P5Ue37PEYYvmJ2odvHv91evpQ2ia9bASUvZ02m9vLR/3rb2+Wy7 7PgZmf4f+G2Yks2l2pJPc+UtJff8j9on/YPvv/Q7asPwX4L8K3XgXw9cXHhrRpp5dMtnkkksImZ2 MSkkkrkknnNXItB0fRPH+kHStJsLAy6feeZ9ltki34e3xnaBnGT+dfZHcaXjeKSbwJr8cSF3bT59 qqMknYeBXEo6yRq6MGRgCpHQg16pXJX/AII8J28c97cxzWNugLyGLUp7aFB67UkVVH0ArrwuJVC9 1e4mrnCW3hzTbWJIo1ujFH5eyKS8mdE2MrJhWcgYKr0HbHQkVbv9NttSSJbkS/upPMjaKZ4mVtpX IZCD0Yjr3pt5d/D22t4bmC38Q3tvLNJCJYNTulUMgQn/AFk6kj94MEAg4PtnGvLaSTTmvNN0+N2W +ezMEetahclsbMSIyypuUlwudo5ZP72Bq82w0bqx0QwVeaTUXr8vzNOXQNPlW3GyeM26usbQ3UsT YcgvllYFiSoJJJJPPWtCKKOCFIYY1jijUKiIMBQOAAB0FcrLaT2viFtLlNrcRxwi4kuLe/1DaYxD 5rbP9KO75c4OQDx0zxct59Ph1C6sr/wvqlw1pN5EraZ4hu5GLbtmVjd1OC2BnPVlBwSMqOc4a+i8 ipYDEJJuPS/yOi05S/jXw6FBJSeaRgOyi3kXP0yyj8RXouoWRvIkaJ/KuYW3wS4ztb3HdSOCPQ9j g1zXg2fwebi5i0GQfbwCs6XFw8s+AecM7MWTPdSV6YNdjXLiKyrz51sYRcqcuzRw/jGG/wBf0eCC ytQNQtblXmt3Y/LweQQDkHscc47HIFPQbfxDpumQWr6VuaLduKscHLluCR74ruL2wF0UmikMF3Fn y5lGceqsP4lPcflggEYtxrt1cXg0OHy7XUids04YMkS4BymfvOQQQpHHUggDdzuXKveNHTU1zU/m u3/A/Lr3eKyatd6i141tO89sTEEimQiHIBxt2nDYIOeuD6VW0CyuIviVd3WqWCK+oWKtBJKgLgwF VbnAwT5uePT2rp20P+y1jutDRUuoU2vG7HF2uSSsjHktkkhzkgk5yCQYdS06LxjBp9xbXktoLad0 uk24l2MhWSE8/IxyvPoMjqDWfOq0GkZbHOeMtYuIvEUN9bzXkNromYy9vY/axPeTIuyDYCGVtrR4 f7recV3o2M63hb4kadrl6dI1GJ9J1xHeP7JckATFHZGMT/dcbkYcE8qeuM0/WPC1xFaqmnvcz2kW 9orZLgx3FozRvEXtpScZCyPhHyASMFcAVkf2FoVzoV/dXOtXMelW8/2zULCK1iijQQlWjSSIxmRN kUUMeFK7ljBxliTCbpaPYNz0muQ1zTbnTdYfW7drpraYKLn7KMzW5AwJFUA+Yn95GBx95ecg41r4 k1fwm2onWpI7nSLKWZpfMcJPYweZttzudybgSIcgjncrplnGyul07xdBqviNdOtIHaze3kkjvGyo eRCgeMKRn5RIuSe4YdVNbqUZoqE5Qd4uxd/tK5075dWjXyR0vYQfL/4GvVPryvuOlaqsrorowZWG QQcgisG/bUdF1N9Qi+0X2l3BAubYAvJbHAHmRDqV6bkH+8vOQbTadNp7tNpJQITl7NziNvUqf4G+ nB7jJzT1Xmae5U/uv8H/AJfl6FTxxaXt/wCCNYtdPVmuZLZgqL1cfxKPcrkfjXzyjK6BkOVI4xX0 5ZX8N8j7AySxnEsMgw8Z9CP5EcHsTXE+K/hfaaxcS3+kTrp99IS8iFN0MzHqSByrE9SPqQTXHjMM 68U4PVHo5ZjVg5yhVWj/AAPI7SynvpTHAqkqu5md1REHTLMxAAyQOT1IHUiiaO5sJZraQtGzKFkV W4deGHI4ZThWB5B4I7V0UnhjXdKsLvTdU0yaGKWaOZb63RrmEGMOMMIwXVSJD8xTqAMYORBpGt6T YeXbR6yiJb3ZkvYirob6Lan7raB8w+WQASbRhx0ywHlPDTj8SsfQLH05t+zal5f1+VjL0261X7db wadd3MdzJi3hEUxQ4Zs7AcjALHPpk5qAX12LVrUXU4t2UK0QkOwgMWAI6YDEn6kmuu0zxTFBq9u0 +pTiygtrJYVJcrG6mAS7V7HaJgSByCw53c0v7cQTaZDJf+asME4kuArcXDPP5cpJAc7fMVwcErkk DcSKnkjb4v627lqpNtt0+35N9vl6mbaTa9dxpcW15dstgpWNhckGAeW7ELk8DZE3TsuPQVkV2Y12 wSyniudQ+0XRgKSXW1z57+TdqDuYBjjzokywHT0GafceMdLmvgtvc2UmVuDaW0UU08kKmCRVjZHL KoyyArGpQ45ICjNKippWlqZvFSpN3hZfccTTJomniMCRtLJL+7SNRlnY8BQO5JOK6TTvBnivxBOZ l02eFZWLPdaixiyTySVP7wk/7vPrXqHhL4d6f4blW+uJTf6mAQs7LtSLPXYmTjjjJJPXkA4rWhga k5Jy0RhjM3oU4OMHzS8tvvOo0uK5g0myivZPMu0gRZnz95woDH881boor3j48r31t9t0+5tS23z4 mjz6ZBH9a84s9XsrHTYtN1K/g07UbeFYZoppVR0YDbuUN1XIyrYIIr0+o5YIZ8ebEkmOm9QcVy4r CxxCSbtYxrUVVtfoeSzTaNeGd7vxBorSShc+UURZCrKw8wFzvxsAHI4LDvxPYXWg2NzHONb0dSqS KY7dooky5j5ADH/nmOpJOeoAAr0/7BZ/8+kH/fsUfYLP/n0g/wC/Yrj/ALKj/P8AgaSlXlD2bqad rLtbt20PLZZfDcsV6h1vTCLmRXAadGVdreYFYFvmBkLk9OHI4wMP0q60HTLm4nGt6ODOiKY7dooU UqW5ADHruHUk8dcYA9P+wWf/AD6Qf9+xR9gs/wDn0g/79ij+yY7c7FJ15U5UpVG4y30WtrfPovuO Ct7i38Qa3pcGl3EV2trdrc3MsLh0iVVOAzDgMSVAXryT0Br0WmxxpEgSNFRR0VRgU6u/DYdUIcid yaNJUo8qOI0PxX4c0y51y2v9f0q1nGqz5invI42HQdCc9jUXi74k6LYeHpm0PXtKu9TlZYYEguo5 WVmON+0E5wMn0zgd63PCv/Mb/wCwrP8A+y1N4r8Px+J/D1xpjyeU74eGXGdkinKnHcZGD7E1rK/K 7bnRT5VNc2x4Vo+kHV5LqV5LuWUMGkFtB9puJGbOXK7hleOWzwWUd+LUfh22kjtgNWi864glnj/c v5YSNpAzM33gCsZIwpJPBC8E05o7nw5qM2navpcDTHkRXIYB8dHjdSpZeT0OPUZAwsviC9uLtLqb ynmEE8BYrjcJTIXJA4zmVsYwOnFfONKLtUWvz7n3EXKavQl7vS1u3+fpYmTRIpb62jhuLmWC6gM8 IitC87gMyECMNjOUY/extGc5+Wp28PH7VcaUFZL+JopkkkjdcxOq/K6jO1xuTCjqSygsSgNCHWpo o4YnggmgjtjbNE4YCRPNMvzEEHIcg8EfdA9cpqOuXGoRSLMkEauY2kMSbA3lx+WnHRQBu4AA+Y9g AJvTttr/AF+v9d7ca/Nvp/wf8t1/Ss6b4lHhfxI2qaWHi0/eqTwtyZoAcZfkjfjLZHQ5AwDivoqv nfRdM1Hxpr016ljFcW0Lw3N2olMRudzNnZkYwzRtuIIAyQAOg9n/AOEnuov+PvwzrMA7siwzj8PL kZv0r2ME3GDU36eh8rm06U6y9nvbX1/X1Ohornj420KME3U9zZY6/bbKa3A/F0A/HOK3oZormCOe CRJYZFDpIjAqykZBBHUEV3J32PLH0UUUwCiiigDgYvl8VeKAeCb+JwPUfZLcZ/MH8qoagWgurkW8 M7vPgvbPbGSG5+UL98DCEgBcscDBJXnJ7LWPDUOqXQvILy5sL0II2mt9h8xBkhWV1IOCTg4yMnnB IrN/4Q2//wChpv8A/wAB7f8A+IrxcRl1WpVc4tWZzQpTp1nUVmn0+7yfb/Jp6nH3Sat5moss935+ y4xHHDLjZtfy8Pv2Z/1f3F3Z4P8AEa1Lu0vInjhtrid0uk8iWRnJaM5LGQEcKSpkGem7ywAAK3P+ ENv/APoab/8A8B7f/wCIo/4Q2/8A+hpv/wDwHt//AIisf7Lr91/XyN6lWvPl92On9Lpsnt9zbONu otXe+Oy7vY5GvFDrDBJhYfNGDuLGL7u0naueobjfXWAJbwAFiEjX7zsWOAOpJ5P1NTf8Ibf/APQ0 3/8A4D2//wARSr4JMx2ajrl/e2p+/bFIo1kHoxRA2PYEZ6HjIp/2XWdrtf18jHFKtiYxi0kl2+XZ LRdL3stLl7wOjR+APDaOCrLpdsCD2PlLTdQ48daEe5s71fwzAf6Cl8Ty6zZWlvc6RPbwwQsftYe1 MzCPHDKoZc7epA5IzjkAHnNV8OeJde1LS759a0ya3hhm2S2cdzacPsI+aO5ywO31A+uePclUjH4j osehdBk186+KPFlx4xv/ALS7MunIxazt+wXs7Du5HPtnA7k+jN4N1oKVa+Eykck6zqaDHpjz2/nX jyWF3pthpwvIDEt1axz2zE5EsTKCCD3IBAI6g+xGeDHVHKl+7enU9jJY0niP3m9tPU29I1OKytHj XUdS02YuWaWxy3nLgbVYeYgG07iDzneemOb9p4qt7R2eG08kG6uLlYlUFY9xhkiUYI4DwKG4Hy5x z0wxaRvojXqFvMiuRFKGPBDqSm33+STOf9nHetK90qw0mSVrtbmeNJ2tBHFKsZMsap5rbip+Xc3y jbkg8kYwfLjKaWmx9JUhSlKz1b/r9b6gdfjhNzNbR5uJbW1tAJ4Ukj2JGgclWyCd8abcg8E9DjEs XiO3jvl1J4JXu2ghhlijxDH8jDJXb935I0A44Ziy7Si1SfR44TqYaVnFvZxXULAbdwkaLbuHODtl 5APB7kddLXfDtvpw1ELY6lZpaOVhuLtwY7rEgXan7teSCX4J4U8dxS9rZvt/wf8AgktULqPf/gfP scy+2O6EltLKDE+6CYfu5Fx0YYJ2n6E/U17j8PPFc3ibRZVvSp1CycRTuowJARlXwOmRwfcHHFeF Myou5jgV7X8MPDN1oWjXN5fxtDd6g6uYWGGjjUYQN78scdt2OoNdeWOfO19k83PY0vZxb+P8bG94 m1S/0+1ii06xu55rhihmgh8wW645cr3PoOmevAqlo0mlahb3OkCwu4mgCTTR30RWRy5bEhbOSxKN 82c5H0rqa4nVJ9Wt/FWuSaLbJPd/YrAbWUMQu+5yVQvGGPTgyJgEnJICt6WIheNz5mMnF3RtZ1DS +CH1CzHcf6+Me4/5aD8m/wB41z03iNJbx9W0DS9VuZUcw3Cx2xEd0EJUg5PDD+FiPY8Hhnhi/muv ENymv6nqKaglwV0+zukNmjr5CGXy41ws4VzIOWl2hEIbne+h4W0mC50R7mN5LW7+33w+0QNtY4up cBh0YezA1z0INS0N3OFT49H3X6r9V9zOthk82GOTY6b1DbXGGXI6EetZ2p6HBqEy3cUklpqEa7Y7 uDAcD+6wPDr/ALLAjuMHmm/bdR0/jULY3MI/5ebNCSB/tRct/wB87voKvWl9a38Pm2lxHMgOCUbO D6H0Psa7bp6MznRlFc267rb+vJ6nm8vg2wN/DpU2k2VtqP2mO7t3tk8u1e3Ro0uVWNB8u+NmV1cM H3qpdgqhNL4kXt9plrpN/pE0S6pDeeXGjKHLpIjIVC5Gcts/KuhvvCWmalq0upXb3rSyRrEyJeSx x7VyQNqMARlicHIyaxfFeg6Zofhe7utG0q3t71SrCa2gHnHkZO4DcTjPesvY++pXM7nMabr/AI/v 4ZJLnWNL05o5TEY7qzO7IAPY+hFXrWPxzHPOYfGOjStO/mFDaSSYOAPlBPAwM4HHU1laSukajazS 61YzzzG4cr56SKxUqg7+4P5VJNoXhdL6F9M022to4mzJLulDyAjBUHBwOefUcV0aE6lnRNS8Q654 1jtZ9Yt3S2gaVLq2tTGJiGxt55aPd1HfHB716bY3v2rzIpU8q6hwJYs5xnoQe6nnB+vQggcRos0d 14/t5be3WKCPTDEfKUiNSJOFBIHbnFdhq0EqouoWiFru1BIUf8tU6tH+OOPQge9Q9NUdEHz2py+T 7f8AA/LfvfSqre6ZYakmy+sra6QfwzxK4/UVNbzxXVtFcQsHilQOjDupGQakqjFpp2Zzcvw/8ITA g+G9MTP/ADyt1j/9BxUP/CtfB3/QBtvzb/GuqopWTGpSWzOdh8BeEYCCvhvS2K9DJao5H4sDz71t 2tla2MXlWltDbxj+CGMIPyFT0UybhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHHQXWr6VpmtXGm6O dQuDq0pEDzeT+7OMuCQd2PQde1Lp13rXiGN3j8Q2doIztlgs7IieFvRzMTg+xjFdZcXENpbS3NxI scMKGSR2OAqgZJP4VwFxceIrMQa/AdPtINSlaTUpr63eVrGAL/o42q6fKOfMJOFMjN90MRjWk0tH YaNPU/Aena1YS2+q3upag7oQklzdNtjYjhxGu2PI6g7a57Svhn4e1zR4bhWv9Nu0LQ3Udtc7lSZC VcASh8DcCR7EVr+HNd8UTWcmsa6NCPh90a4gvLZpoZRbgMVlaJg4+ddjbd4KgnOTwLmj6tY/8JTM bG5SW01VdxUZDRXcagMrKeVZowpwQCPKb1rCn70uWpqaRqTp6wbXoYo+DGj5Gdc1xh6F7cZ/KGtn TPhj4V02RZTp5vZV5D3sjTD/AL5Pyg++K6+iumNKnF3jFL5Dnia01ac215tnN2YC+PNaVQABp9iA B2+e5rermJNQt9N8aa3PcuQpsLFUVVLNIxe5wqqOWY9gK0o/EFn/AGReajdCWzSwR2vIplzJb7F3 NuC5z8vI25yCCM5rjrxfO2ZrYq6wvn61aWmptjRpgFVV+7NPnhJT/dIxtHRjkHqAelAAGAMCvMZN XkmuZtb8a3NzoWhyWriz0ycKI5Yjkt55wW+0narrGu1lHClz5oHV+HdXnMVpZaklzHJcQrNZyXSb JZEKhjHIO0yDhh3xuH8QXehJJcrEzo6KKK6RBRRRQAUUUUAFFFFABRTZJEhieWV1SNAWZ2OAoHUk 9hXF+I9cM2izajN/o+hI8cYMknkm7MjrGpdzzFBlgWbBYrk42jDzKSitQLer+JLaWMqNVt9L0rzP Jl1SedYhI/OYoWY4J4OX7YIXJyV37S0gsLOG0tYlighQJGi9FArz3VdXstQ8NfYWuLbWLqOTzrD+ zdImS1uhChka2jkzJGxeNJojtc8Oy7TgqbOg6XZ+HLfTdU0rW76awv4Wlj0m3iAhu5JSZFMMT5MC ASN8qkAAIXPysW4qjdTcpaHY61cfY9C1G5zjybaSTP0Umqdr4e07UfBumaTqdnHcQRWkKBXHKlUA ypHKn3GDWD4uv9Us/CerW2sR26rqNpJDbyW27bDI6lRE5PU88PgBjkYB27u9ACgADAHAFbUKbjdS BvseV6p4Fk8Hl9U0PUZJVleK2js7pQT5skqCJhKOipJ5bkFTkIQTgmsaDwL4qitlsr7Rra7tldpY zbamImR2ADctGcghVyCP4RgjkH03xV+8k0G2/wCe+qxceuxHl/8Aaea2658RTpqSSidlPH4iK0l/ XrueGXuheM7eDVri68PQiKW1WEuNQhSOGONo2GCzdAsQX5jnuTnObtj8P/EXi2ebW70W2hxX00k4 glDTzIGYnBUbQPz+oHSu2v8AV7XXNbkttNjnv5NElElxEImNrNIPvRCT7hnjyrBSeCR3BKddZXtv qNnFd2snmQyDKnGD6EEHkEHIIPIIINVRw1Ka95FPMsT0lb5Ly/yRzPhz4daJ4dnS72y31+nK3F0Q dh/2FACr9cZ9666iiu6MVFWirHDOcpvmk7sK898Qef8A8JpeY+3f2f5Nl/aH2DzfO8nF5t2+V+9/ 1vlZ2c4zn5d1ehVxN/qk2nePL6G1tkuLy+t7K3t0llMUe4C8kJdwrEDbG3RTzgcAkjOt8DEtyHTP 7Sk1zT7o/wBqi5ubq5muxN5wgFgfOEA2N+6STi2yoAl6lhy9bngv/kXW/wCwhff+lUtWtF1P+1tN F0YfJkWWWCWMNuCyRSNG+1sDK7kbBIBIwSAeBV8F/wDIut/2EL7/ANKpaxw795jZtXV3bWNrJdXd xFb28Y3SSzOERB6kngVyd54n8C3k3ntr2nx3IGBcQXISQf8AAgeR7HI9qxfjNJcrpGjJbjfm+LNF kAPiJ8fkeR7ivINAS8guLi3u9ykQwybWk3ncd4Yk+pK9q7VTU9yqblF3i7HuP/CdaZZf6rxVo+ox j+G4mWGX/vtQVP02j61PD8S/CN7iC61CCJz/AMs5Csin/gSFl/M15JUVxdW9pGJLmeKFCdoaRwoJ 9Mmn7BrZnReEvjj92n/A/A9q/wCEv8ExN/yF9JRv95QaU+NvBRGDrekkf9dFrxIG1mKFWiYyLvQq Rll45GOo5HPuKhmurG2VTLfxwhiwUvOACQcEDJ7Hg+lHs5IXsaL2k16r9U/0Pco/GngmFt0WtaSj eqyKDUp+IHhIKSPENg2AThZgT+Qrw918sAvcuqkhfmKjknAHTuSBSqsXmld++VQGIZskA5wcduh/ I0ezk9g9hSjq539F/nb9T17QfG3he00Kzgn1/TkkWPlDOvyZOdv4Zx+FaX/Cf+Ef+hi07/v+K8Uo qlRsrXM6ic5ub6u57X/wn/hH/oYtO/7/AIo/4T/wj/0MWnf9/wAV4pRT9l5k+z8z2v8A4T/wj/0M Wnf9/wAUf8J/4R/6GLTv+/4rxSij2XmHs/M9r/4T/wAI/wDQxad/3/FNf4geElRmHiHTmIGQPPHN eLUUey8w9n5kHhL4ha7d+NNNml1C8llvLu3iuIXnLQFJX2sBHkqgXPGMHOPU5+la+drH/kO6L/2F LT/0elfRNRNWdiJKzCiiioJCiiigAooooAKKKhu7uCwsp7y6kEVvBG0kjnoqgZJ/KgDE14/2rqVr oCcxNtur/wBoVb5UP++4x7qjisDRjrt5ezXK3Gorq0qFZ01KB1sdOXezCKKNfLFy/ITzQxyELbwC qPnHVLseJ47G51ldAnvLZ9X1CZzB5vl4ZYbePzSwARI5HkIQgFM5G810k8VhrPgvTdT8X6ZAxgto 7+4tp4SUim8ohh5bZyRvYBWyc47gGuGrPmkUjG8MRNq2laPpYmeW0ZU1S6XCiKOInMMMIABWFnXc iv8AMI12tjhR2l5oGlX+pWuo3NlG17asHhuBlXUjPGRgkcng5HPSofDljPbWMl3fJt1C/kNzcrnP lkgBY8/7ChV9yCe9bFddOPKiWFFFFWBQGjaf/bjaybZTqBhWDziSSEBYgAdB948jk1W1bT5/PXVd NUfb4l2PGThbmIHPlsfXklW7EnsWzsUUmk1Zgee+JZReWVtr0FsupzQ3A/s+G6JhtNMkVG8y4uue seHySMqQqoFYlm5uwvbnUotf8RiZl0u3jW8uFljeG5vdqZW9gRjtgVUTbFw3miMrI2fmX0XWdO+y yXGoQWourW4TZqVjs3iePGC4Xu4Xgj+NeOSFqPxAPCl1oY1rxBBpd1pttEZkubuBJlRWxyuQfvfK MDknA5OK4pxdN2K3L+kalNLJJp2ohV1KBcsVGFnToJUHoe4/hPHIwTrV5/rOoak+t3hkktYItPv7 a3sykLC5Tz1jVJiS+JImld42XauQjkNuTB6/SdU/tGGRJovIvbdtlzbk52N2IPdT1Ddx6EEDppVO Za7iaNGiiitRBRRRQAVBeXlvp9pJdXcyxQxjLO35Ae5J4AHJJxXI+Rev4y13VNOctc2n2e3Nuz4S dBH5hQ9g37zKt2PsTS6nqH9lXdhrXidFjtHm8pNrFotOduEeTjB3cqZSQELKoGGZqylWirrqOxn+ KtfmS1e6vrSVYIgk8di8JcRw7wrXc6ggyLFwxiQkrlC+NwKafhC+n1G91GeDW7rWdGCRx213cRRI GnV5VmCGONA6ACL5gCpOcMcEDmJI9TtXi0q4mfTtG1K9z4c1BxGtzpc4UukTxMABE4Eion3gjeUw Xdhdrw3YXmgW0mkWCwjUpyJp7OCQyafprNnc0eVV1Vz84hz1JA2rlq5ZXn6j2LGo6aRrcbXt7Prt yLk3el6XLFCkdqwXaJGZU3YQs+HYnG4YVnAJ6PTNI+ySve3coutSlXbJPtwFXrsjXnant1PUkmpN M0qHTI5CrvNczENPcy8vK3qfQDsBgAdAKv11U6SgtdxNjZIo5kKSorocZVhketOoorURyfiu+W08 Q+Gk8mWeQTXE0UMK5aRxCUAHYf608nAA5JApuoHWLu2fRtRvRpU+oYFvfafyUXIMkIZukuwMFfA6 7goK4rrcDOcDI4zVe/sbfUrKS0uULRPjocFSDkMCOQwIBBHIIBrKdJS16jTPOL+0bTk/snw5qKaD 4SiQw6lqMkqqls6sqFLV3bIlYkq7nKhskHzd4Ohpvii3TXdQMELW8yHzr/S2YGXyCcR3aoPmUldh eNgHAIyM7fMdrWj32sT21jPdRprmnEy6dcXCbreQFkU3XlDh54k3bQeFZs4AYENt/B2o6Na2ulaU LWe0j1KLUH1O7uWW93eaGm3bYyJXZN6b9yZR9hBAJbmTcHruPc72KWOeFJoXWSKRQyOhyGB5BB7i n1yNlrGnaTqV1b2WoWtxpaTbLmOGZXOmzMxGHAPyxswbg/dbP8OdvXV2QmpK6JCvNfFv2JPFN/Ne yWMXlQ2LRSXmsSaaEc/bFyssYLFtpYbe4J9K9KrkJ7yex8bazLb6Zdag5srFTFbNErAbrn5j5joM cY655HHWoraQY0c94RuNLXX7aCyvdHJd5X8q08ZXN6zMwZmIgdQrkkliT0yW6iuw8F/8i63/AGEL 7/0qlrO8Jz6paxNYXvhzUbUS3t5cfaJJbZo0WSeSVQdkzNnDAcKefbmtHwX/AMi63/YQvv8A0qlr Kg/fY2cx8XP+PPQ/+v1//RT15VF/yHrv/r2g/wDQpa9V+Ln/AB56H/1+v/6KevKov+Q9d/8AXtB/ 6FLXo09i4bF6s/U28qbT5ikrpHcFn8uNnIBikGcKCepH50X2t6bpsxivLpYpBGJNpUnKk44wOee3 Xv0oXW9Ne2a4S6V4lm8jKKW3ScfKoAy3XtmrbRd0ZrWNxPqH2iKNo8iaa2LgqI2/c4Df3d5VyR1I Zs4JNFv5lshn2XdrcSSS5BtTMrDzpCAwTJGAxIIIB3DlgMCzfeI7S0gsZ4v9Ijum4ZM/LGBl34B+ 73HB6+hpl14khTP2REuWPkqib2RmeTlRyuACuTnPbGBS07i0LN7AZ9Gt4Ws1QGS3326gMqASJuXj ggDPtgVmywX8U00b/aAixwxG4UO5dFMpBOwh2PKBsEHJz93rtWOpWmoq7Wsu/ZjcCpUgEZBwQDgj oehrMi8TxXN4lrb2srSvdmALICnyquXfkY4/u9enTOKHYHYrSJqk2mIHa9SWO2u/ljypZlcCIHBJ zgZHJJx1IJzJdxXqTPCJblLKOVgrbJpWPyRleUYORky8kkdvTFzU/EFtpeoQW0ytsaMyTSAMfJXo pIAOctx7fjVuPVbGW+ayS4Uzgsu3BwSoBYA9CRkZAORRZdwsjPUXY1C181715NqBhsKjoNzfKTFj OQVb5uSVPCA0rJ72XTIHja+ZntFNw8hY8kptK+vybzhPmPch8GtRtfspIFe1mR5HlSJEkDx5Zxlc /KSARyDjB9adY63pFyois7qLbHCZNoUqqRqcc5AC49PTnpRp3DTuZtsboDZffbjZpI4UxrMrnKxl D8rNJjmTqTjocEACXZqB1VC81yuGj2IYWbKbV3bmVhEDnfnIJ9P4a1LHVbPUmkW1lZzGFZg0bLgM MqfmA6jmoTr+lq0oN4mI4vOZgCVKZxkNjDcnHBPPHWiy7hoXoNvkR7N+zaNvmZ3Yx33c5+vNSVnt rempbLcPdKkTTeRl1K7ZOflYEZXp3xRY63pupTCKzullkMZk2hSMKDjnI457de/Squh3Rq2P/Id0 X/sKWn/o9K+ia+drH/kO6L/2FLT/ANHpX0TWFXcyqbhRRRWZAUUUUAFFFFAGL4o1W+0XS476ytoL gLcRpOs0hQCNjtLbgDjBKnOCMZ+tZOoXt74ikg02PSrm38k/abuK8BjjcpgxReYoZSGfBJXdhUYE c4rqry0gv7KezuYxJBcRtFIh6MrDBH5GuTt7XUda8PCxXW7vTtY0qdoHuoVRt8ioVVpEYEOjK6Sb eOSMEEA1hXlKK0GjlbvU7PXZ5tD1iGCO7ll2voPiJgY/OZEJFpeRhsN/pAIHzvgqFWIV0thpzTXl nov2nUZ7S3caldpqEyzSQkndDbFxncA+W5ZyPLA3EEVD4X8PX1hYX/h7xFo9lqVtNLLey6kojaO/ leZn/ewkApIBsIxuXCgbhtArT8I39usclrfM1tr11I1zd2042uWPGEzxIiqFQMpIwozzWVJKUvQb OqooorsJCiiigAooooAK5XV9Pt9NhvUuI/M8O6grx30IJAty+Q0gI5CNk7sfdPzdCxHVUjKGUqwB UjBB71MoqSswPODpviPS9Y1G+Mb6oyJDs1a+iikZEVpseRawBGcokzqzF0ZtzbFbhG0NDg1fUdJj 8RC/W4v5ZHmsy0axRy2jY2xkKMhHA8xd2Xj8wKxYq261fabFZ20mgXryDQb/ABBE6kAxBjg2zEg4 RxlVYYIDFQVOw11FcE3Km/MvcwrrxfbLppksYHudQ2O32Ena8RX73mnnYARgnnP8O7IzsaXeHUNJ sr1kCG4gSUqDnbuUHH61U1O3hj0zU5o4Y1llgcyOqgF8IQMnvgcU7w1/yKukf9eUP/oArro1XUuS 1Y1KKKK2Ec34d/eah4juP+euqEf98QxR/wDslbU8EN1by29xEk0EqFJI5FDK6kYIIPBBHaubsbbx No7XsUWlabdwzXs9wko1F0cq8jMoZTDgEAgcMelW/wC0vEi8N4ajY+seooR+qg/pXBUpVHJtIpNF DSLF7G1bw94evbp7O3kZWvLlxKLJO0ERIy5XoA27YPvE4CnqNP0+20y0FtaoVTJZixLM7HqzMeWY 9ya53Rm1m315lXQLiz0u63PMJbiFhDL13oFcnDfxDHX5u7Z6yuqlBRV+omFFFFaiCiiigAooooAo 6rpkeqWojMjQzxt5lvcIPmhkHRh+ZBHQgkHg1z+oatq76dstlWDU7G7t21CBITKZLbzB5jQjOSGQ MRgM3DKBvwR11Zmr6Y955V1ZusOpW2TBI33WBxujf1RsDPoQCOQKyq01NX6jTOE0y80uVItUnvLa w8PxandSW95qQa2a+iuYRK0QEgXdG0s0jZ6EW8fDH5xvaN4istPs1Mt0/wDYjtIlnd3KPG0LRsyv BKHAYFSrBSRk4weQC2dcaVZzW1zqOg2lzY+J7y9EU10CZZ7aQ4D+YX3KYVjG4RnCNtTZtYoR2Vnp 9rYaba6fbQhLW1jSKGMkttVAAoyck4wOTzxXKqnI7jtc5G9n1fxTrFzbW63WnxWEEN3DEt1JBJdL I0qlZNpGzIiyo5K8bupUbXhux06NJ7+zkvZJ59sVwb24eWWMxlsRtuJ2lS7ce+eRil0T974r8Rz/ ANx7e2/75i8z/wBq1a1LT54bo6rpag3YUCa3ztW6QdAT0Dj+FvwPByN5wlUgmtxbM0q4u88PQzX8 2maLf6rbTPI09zJDfyrFa+Yxc4UNjexJIXoM5PGA2udbOrbLTRHzcuP30jp/x5ryDvU/x5BAQ85B J4BrZ0/T4NMs1trcNtBLM7nLyMeSzHuxPJNZ0KUr8z0G2ef/ABXjEOm+H4gzsEu2UM7FmOIX5JPJ PvXlsX/Ieu/+vaD/ANClr1b4uD/QtDPb7awz7+S9cL4Z8I33ijWNUks763tRbwwI3nQs+7JkPGGG K9KDtG7Ki7I5W88O/bdSkupLrKPLCxiaPcPLTOY+v3WOCe2R0NRx+GpIILMw3+29tmlY3DQ7vMMg ILMM8sOMEk9OQa9W/wCFU61/0G9P/wDAR/8A4uj/AIVTrX/Qb0//AMBH/wDi6fNAfNE8nk8KpmGO 3u2ito7c2+xo97AM2XZSThWYEjOOh+mGHwfC6GGS5ZrZpmkKBPmxs2xrvJJ+QZx2Oelet/8ACqda /wCg3p//AICP/wDF0f8ACqda/wCg3p//AICP/wDF0uaAXieX6foMmmwoILtUm8yPzpBGT5saDAQh mOPqMY9KhtPDUlm0Wy/ylrFKlpmHmJnJO8nOGIBxjAHsK9W/4VTrX/Qb0/8A8BH/APi6P+FU61/0 G9P/APAR/wD4unzQDmieUy+GpLu6kkvb/wA+OZYlmXycMwQfdDZ+VWb5iAPx70W3haKOJYJ7p5YI YpYrdQoUxiTO4k87mwcdAOOlerf8Kp1r/oN6f/4CP/8AF0f8Kp1r/oN6f/4CP/8AF0uaAc0TyKPw gEERF7tkRSC6o/zEJsjbBc4ZMkgjHtiiTwqkWm3kO95zLBFDGIo1Vk2YJxubGGb5iMjv35r13/hV Otf9BvT/APwEf/4uj/hVOtf9BvT/APwEf/4ujmgF4nlemabqQae8uJ1t7u4uxJLhA2+FRhUIyQv1 BJ9zUaeGZYrW3tl1FvJtJlmtkMIwGDlsvzluGxwVHtXrH/Cqda/6Den/APgI/wD8XR/wqnWv+g3p /wD4CP8A/F0c0A5onlL+GN0cIW+cSK0s0rlP9ZM64EmAQFKnkY6frVnSNCTSp5JfNWUmGOJB5e3Y FHzY5P3m+Yj19a9N/wCFU61/0G9P/wDAR/8A4uj/AIVTrX/Qb0//AMBH/wDi6fNAOaJx1j/yHdF/ 7Clp/wCj0r6JrzbRPhfcWmsWt7qmqwXEVrKs6QwW5TdIpypLFjwCAcAc4HPr6TWc5JvQibu9Aooo qCQooooAKQkKpZiAAMkntWL4p8TWnhbR2vrhTLIx8uCBTgyyEcDPYcEk9gD16HwrX/EereJ5mbVL tmtycrZxErAvp8v8R92z7Y6VzYjFQofFud2Dy+rin7miXU9n1L4jeFNLcxyatHcTDIMdmrTkH0JQ EL+JFef6p8UDHrc2oeHtKn/0mBYpxfBVVmQnY4CvnoxBzgkBfSuN0pbNdUslvQBYidPPAz/q9w3f d56Z6c10cFrql5fW0PiDzzYlnaBGAIdhGxVIACMoxCriMhTlBkEoa4JY6dVWjFfn9+x639jUaX8S TfXt929yA/EnxRdE/bQFU/wWF0tup+u6GRh+Dj61JaeN4LW6iu5fCUF9dwtviuLzWJpmjb1XzI32 n6YrXitba0ttSS2tZ7XdEWkhmTyyjfZb0fcLuyggKcM2TnPQiq9nosVj4gS6S38uH+37VLJi5O6B nkIZQTkqQqYbocHBPNKNWsrWt9w/qWC191/ebFt8Zwf+Pzw5Mnr9mu1k/wDQglblh8WPC13tW4mu tPdjjbd27AD6um5R+JrjtJ8O6XeWll5tq2d1q5lBO2cPLGjqH3/MB5hBCxgowALEjL8TcyRSXDNB D5MXAVNxYgAY5J6k9TwBknAA4FPHVqaTmk7hHKcLWbVNyVvSx9L2WoWWpWy3NhdwXUDdJYJA6n8Q cVYr5es57jTbv7Xp1zNZ3PeW3fYW9m7MPYgivWPCXxOiu7aS018pHfRJmKSJf+PvttVf+enT5R1z kdwOvD42nWfLszzcZlVbDLn3j3/zO31jU20+GOO3jE9/ct5dtATjc3cseyKOSfTgZJALPDGoz6v4 T0bU7kILi8sYLiUIMLudAxwPTJrJuJbjRtF1bxTqMAm1CGzln+zh8CKNFLiFWwcZx8zYOT7BQKM2 gw6E2h6Xa6nrS21zP9iiRL7AgRIJJBgbTkYiC4985450+sRu+x5tjuaK8s0+TWda+yf2VLfP52lW moyfatceLZ5/mYQbYH3Y8s88dRxWpIkbeFLPXbbV/EDpfJbG2ilvQh3XDIkYcgHaN0i7iN2BnAbo adeKCxpeLtWXf/Yk0F3FaXMRNzfCxkmjVDxsUqjLv92wBwfm6VU0LxjFNdXaXk0KaWLpraxvWcgM VRSUkLH75ySCeuCOCOahgvdO0/VrrXLvXLf+zrU3jGz1Ezxyx4clUdo48yDyzlcYAZDn5uNTQdK0 7VPCl1azwzSLc3M6XYnm81vPjkMbsr4BIDR5VsA4AOAeBhWnGWo0bepSJLod68bq6m3kwynIPymo 9CuIbXwdpc9xNHDDHYQs8kjBVUbBySeBXFalb+FfD+lXq63odkNRt1ARrWIW7X6sdqMpTHOcBh/C eehXPAXQ1rxWI5rny5IIcR21qJFjiQgcJDGxy7AEDjc3I9QKl1YYdd2zswuCniXdO0Vu2eqan8WP DNiSlpJc6nIDjFlFlf8AvtiqkfQmuauvjJqDsRZaBBGvZri7JJ+qquB/30a4weHNWKRv9k4kRZR+ 8TIjYAiQjORHg8uflByCQQRUUei30lxND5cUZixveWdI4/mGVw7EKdw5GDyASMjmuSePrv4Y2+R7 dLKMHFe/Pm+aX9fedK3xZ8Ws2Uj0RB/dNpK36+aP5VGvxU8XqSQ+kNns9nJgfTEorDHhvWGjRxYS 5k3eXHx5jlWKsFTO5ipU5AGVHJwCDTRoOoGVkKQKqqG85rmNYiDkDEhbYxyrcAk/K3904y+t4rv+ H/AOlZdl/Zf+BP8AzOnt/i54mjb/AEiy0i4H/TNJIf5s9bNl8ZoTxqWgXMX+1aTrMPrhth/LP41w kfhy/m09bmOJvM+0y2zwuAhV0CEKNxG5zvICAbjtOAecM/sSVtIhvY/NeSZ4kjhEYJcu0yjbgknm HGCAST04BNxxuJW+vyMp5XgZLR26aP8Azue4aJ428O+IJBDp+pRm5P8Ay7SgxS++FYAn6jIroK+a pfDt5I6xPDbyIQX80XETRLgjOZA2xSCy9SDll/vDPZeEvHeoeHr9NG8QSTXFmxCRStmWSJmxsG4Z 8xGyMHnqDkr07aGNU3yzVmeTi8qdKLnSkpJffY9T1fUxptsnlxefeTt5Vtbg4Mj4zyeygAknsATz 0rkdH1Ow8M+JNdi1zWI1urgwTNJO20SMUOdgPRR0A7ADOTknd0JDqQXxBclWmu4h9nRWDLbwHkIC ONx4LEdTgdFFchfeI9Yh8BeJvL0vWJXhfVli1OO4gCxhZpwrAmYSAIABwuRt+UHitXXfPpseVY7D /hOfC3/Qesf+/oo/4Tnwt/0HrH/v6K5PW7q8l1ie1zqt1CfEiwfZrC9MEjR/2WJNit5iYXf85G4A kHqTz1fhi3vreyuRdx3UMDXBa0t7y48+eGLYgKySbn3EyCRh87YVlGRjaB4iyvYVhf8AhOfC3/Qe sf8Av6KwdS1G18SeMNIbw/q0UlzZ2d3KHicsisWgCrIB1VhuGPxHIBEPh57iG+0SS7l1WO5u/lmv XvRdWWpuYXdhCgmYRKxUyqwjTCpt+XdtJ4H8Tz6trUgnmvpIdTtW1C1W4tZYljUTEYBdQp/cy2q/ uyy7kds5bc5Ku2nZDsT6Jr+Lq+v77StXfU3YQXYhtC8cGzJWJQhJYDeTuwS27PCkAXrn4g6FY3CW 98NTtZnRpEjl0y43MqjLMAEJwByTT/Fc03h6xvPE9h5Pn21uftEMz7EuUGdoJ7OpPy+uSvcEeJxX 0lxrP9pajc3L3Mj+ZJcxHEit/Cy+ynBC5HAwCvUclerTjFSe7O/A4GWKcrOyR148eayLzVn8NWkE 0N/fGVZ5YpGlwEihH7khSucIATkEnAGQRWRf6v47vL1LK81DWUupBvjtoIfs7FeegRQxHB7noaJ9 etVtrxIJLmW6uLVoGvGhWB5N0kbFXCsd3CSZcks2/B4GasP4lsZbm7JSdEuLy6nDtCkoRZWiZcxs drn92QQ3AJDDJUVhLEylpz29D2qOX06aX7u/m7/fb/gXOeFhrF5dSRf8Te5uRJskVpppH8zB4OST uwh684U+lNTQdRfUZLdLDUGv413SIqyGZV45P8QHI/MV0q+LLVdUNzHHcxQvdafK8ahRlIEIZSF2 qfm2kDAHHReBVBdVsLnRLfS7prmFI0QtNFEsh3rJOwAUsvBE/XPBXGDnNYud/tvr1OtUrf8ALpLb p33+7sZN1ot4+mQ3LteS2joLgtHPKVi+d41LEHCklGx9fqK2tKTxb4Ym+x6Fe3Uhn3zvDHbeeW2y NES4dN45T2IBA46Czf8Aii0viLkpdpcJFdotuWDRZuGlyQcgqVWQc4O7aBhcZM914tsbuW4QLLDF K5k8ySyiuSD51w4GxzjlZx82cgqRyDmtI1nHao/v/wAzGph1Na0V16f5avvp6GzpHxS11LRrrVtA +12EbbZb2wVk2Hjgq2VJ5H8Y6jjmvQdB8TaT4ltmm0u7Evl4EkbKUkjJ/vKeR356HHGa8Tm123ur W6eaS7N1K0pRSiEqXZiSJl2lVw7Bo9pVssflLAri2N/d6TqEOpafL5V5ByjdmHdW9VPcf1wa3p5g 4tKeq7nHWyVTjKVL3WunT+vM+naKo6NqK6xoWn6mkZjW8to7gIeqh1DY/Wr1eufNhRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAebfF/Rrq807T9XgBeHTjL9oQclUcL+8+i7OfQMT0Brym1 t5b26gtrdd8s7rHGuQNzMcAZPHU19P8AUYNcBrfwp0i/vPtenSSae5cNLbx48mQZ5ABHyE+o4HXa a8/F4N1pc8dz2stzRYaDpTWnfseUz6WEQNaX1tfYzvW3EgZAAWJKuqkjCsSQCBjnGRltxo+p2ksM Vzp13DJO22JJIGUyHgYUEcnkdPUV6HqXh7XtEnSeO3vtauVimA1GBI45Yy0LoB/rPMk+ZkOTygTC 9a5h9cXTWf7fpmqWgZbVCbizeML5ds8LEhsBhucEKflccHANcEsHKO6a/r5/mexTzKEvhkn6vV/l +X+ZgHTL9bt7RrG5Fym3dCYm3ruIC5XGRksoHruHrT30fU472OyfTrtbuRdyQGBg7DnkLjJHB/I1 oXfjTSbiKZLK7CMdM+w7k8qIEm48xjtjICqyZBAzycHdyxkuvGGiXS6lDLctFBe3V1K0o2M0aSPC 6/LuAJzCQRkY3ZycYrJ0I+ZusVPS9v66/wDAM06Lf/ZDcC2lbY8ySxqjF4vKCFy4x8oHmDk++cU9 tDvvLtWhia4e5YrHFFG5ckRpIflKg42yDkcHBI4wTsWvi7TLv7CtqNQuDYXSXESWqeYk/lRQxoHV SdpbymORu2ZIAfORuaZHrOowQ21v4c1SONoRDLPd2cQWMCO1Xd5U7Lv+a3YY7BgRyMVrHCc2yZzz zHktzNL5/wBM88likgleKVGjkRiro4wVI4II7Gt3wVomp614mt59MkWE6exne4kXcitsYKhHfcTy OoXJyDiu4X4WT6nq8l5reqYgwiLBaRqjOqqFGWAAQYX7qrx03nGT6Dpml2OjWEdlp1rHbW0f3UjH fuSepJ7k8murDYBxnzz6Hn4/OIVaTpU1vu/8jD1DzPFXg3WdOhVba/ntJ7KSGZuIJmjK4Ygfd+YE EDlSCOtZUmjeEbPWtGv9Ij8O6fLZXbyTvAIonaMwSx7QVHPzOhwcDj1ArotXsp4LldZ06MyXUabL i3Xj7VEOdv8AvrklSfUrwGyM7wboGnp4H8PrdaRai5Gm24lEtsu8P5a53ZGc5znNdaw7u1fQ8C5z 2j+HPDifYv7fk8Oal9l0Wx09POaObZJD5vmFd44U70x3OOQMCun1vUrC+0ie2tdW0oyPtzHcSxtH MgYF4nznCuoZCcHAbIBIxWr/AGDo/wD0CbH/AMB0/wAKP7B0f/oE2P8A4Dp/hTeHu7tiuefxaRYz JJbvc6Bo+m3NxbPPYaVf7VUQs8oljdVj2yvJ5Kt8oISPhs7dvU+HdMt9Jn1OaxvFuNLu2S4Est29 xIJgvlyZkcklNscWMkkHf22ga/8AYOj/APQJsf8AwHT/AArlNI0ie81LWdLeya00VNReWQbNi3QK JtjUf3OMseh4XkFqUqD6Mdyp4p8PXnjzRn1C2OxbY+ZpcLYH2j+87E9A44Qdhhj1wvnek6la2UEt rqEc+Y5SZLOW2R93ADJl8NAxxguuT93j5Rn6K6DArnvEfgnRPE/7y+t2juwu1bu3bZKo9M9GHswI 9qithFNJwdmjvwWP+rpwmrxf3o8Wn1e3k+3bUl/0jTra0XIHDx+TuJ56fumx9R+E8Wtaf9reeW3Y sLa2jRmgjlJ8uJUdNr5VQxAIfBKhfunJFb2pfCHWrZi2l6laXsf9y5UwOB9V3Bj+C1zV14M8V2Wf O8PXbAfxW7RzA/QKxP5gV5s8NiYO/Lf+n/mfQU8bgaitzW9dO3y6FzUfEVpd62b2OOcR/Zr2LDKM 5macr36DzVz9D17wLqthc6Jb6XdNcwpGiFpoolkO9ZJ2ACll4In654K4wc5rIfTdVi/1uiaxHzjL 6dMBn67cGmfY77/oGal/4BS//E1m4176xf3M3U8JZJVFp5rz/wAzpE8R2Et3HfXEFylzDqs2pRpH tZDuMZEZJweSn3u391s8RWviO3tNP0uNYJXmsp7eYg4VW8uW4cjPJGRMo6dj7ZyYdD164bbD4e1g n/bsZIx+bgCtmz+HPi+9P/ILhs17NeXSj9I95/PFXGniZO6iZTr4GEbOat6379vUR9ftTLDELmf7 OqyZZdNto0y2zgwD5ZB+7HLN12kAbPmTRNCPjDxYq2EDRafDLHJdTbNqjbtJwB8qu5GQgOFDcZCj PYaR8HbZHWTXNTkux1NvaqYU+hbJY/gVr0aw0+z0uzjs7C2itraMYSKJQqj8BXdRwc7qVV7dDycV mlPlcMOt1a+2/l/XoY1wv/CN37XS8aRdSZnXtaysf9Z7IxPzejHd0LEZ93LCRqvhqy8OXd/aMshv BHcpGrG4Lu4Bdw3Jdjx0zxjFdhJGk0TxSorxuCrIwyGB6gjuKwvD3h2XQr7U5Ddme3uGjFur5LxR ouArN/FjOAeuAM5OSeyVCLlc8O5l7bv7b9s/4Qu++0favtm/7dB/rvJ8jdjzcf6v5cdO+M81of2z rf8A0Kd9/wCBdt/8cro6KX1eAXPPToatFNC/gnVZLeSJ4RbyaurQxI6lCIozNti+RmUbAuFJAwDi tlNS+3a9p9pq2h3NlcRLLe2kks8bKGRfKc/I552zkcjHJ7gV1Nc/rvhttc1rTbl7ny7O3hniuYQP mnWQxnZnsp8vn1Bx3olQi1oFyBLKHxez3F9EJdECsltA/S5yCDM3+zgkJ+Ld1x5N4q8Ean4WmklE ct5pWSY7qNSxjX0lA6Ef3vun2JxXv6qFUKoAUDAA7UtTUwtOpDkfQ6sJjKuFnzU+u6PlpHWRQyMG U9CDkGpraf7Ndw3HlRS+U6v5cq7kfBzhh3B7ivd9X+HnhfWZHmm0xILlySZ7RjC5J7nbgMf94GuV vPgxCf8AkHeIbqL2u7dJv/QdledPLKid4NM9+nntGStUi1+Jycem6ZbXMccsym01O5ijgldl3Q2x ZWaQnGFcZVNwyMrMO1WNCjXU9XSDUdPtoEtLq3RI1t1jwxnRDC/GXym84fLfuyc/ezpXPwk8RlUW PWdPuFjXbGJUkjwMk4HLYGST9SaH+G/jmT7Nv1jT2+y4+z7ruc+TjGNnyfL0HT0FCwlZP4fyB5jh pR/ia+j/AK1WjMgtZW/hzT/tDWOyaxmZoBbf6RJL5kqo4k2cAEJkbxwhGDnB5avQY/hH4hnWNLrW 7CNUXaoWKSXYMk4AJXjJJ7ck+tadn8GLYf8AIR1+8m9rWFIQf++t5/WpeBrztdJFRzfC0rtNu77f 8MeUvIkSF5HVFHUscAV1vhPwDqHiWaOe8gltNHyC8koKPOv91FPOD/eOODxnt6ro/gLw1ocqT2ul xvcocrcXJM0in1BfO3/gOK6Suqhl0YPmm7nn4vO6lWLhSXKn16/8AZFFHBCkMSKkcahUVRgKBwAK fRRXpHhhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV5V44+OWi+GLifTtNt5NS1OIlHUgxxR N/tMRk/QDHuK9VrxXxjDrmu6NaL4h+Fb6pemA+deWl3FBJFIA7lYwjSsVCrgFj8zYG0EhSAcz4P+ Ptxb6tqV54uN5cxTIi2tvYQp5cOCd3DMOuRySTxXYf8ADR3g/wD6Buuf9+If/jtcT4b8A+KPDPib VdOHgLT9WWWF5bebVGSeBVQSBdsm0Dez7PlIViByFB3r6NH4SupV19D4C8KQyRyqmkPJpcBSVTK6 5k2y5KiMRsThGG5sI5UBgDP/AOGjvB//AEDdc/78Q/8Ax2j/AIaO8H/9A3XP+/EP/wAdqnpPh/xb NDdHU/hX4KhdUcw7LaDLMIZSo27yCDKsKk7lwGPByWTUutDv4tFk+z/CDw5PqaxW4Q/6KsbSPCWl baRkLHIAm3dlgchuM0AU5f2hvBM5Bl0jWZMdN9tCcf8AkSmr+0F4FRgy6JqysDkEWkAI/wDIlWls ZLm31q2h+DWjQ6pZ28L2u+OBreaSQAlfMZEDFASTtyCUYbhlS1fWdO1DRLe4ux8IfD+pwR6ncIqW lrD5jWYCiFgoDsXZmJOBwEOVGcgAk/4aO8H/APQN1z/vxD/8do/4aO8H/wDQN1z/AL8Q/wDx2tCL w7NFq2oRXXwq8OT2KxTvYzW0dspd0kk8tJA33d6CPkBtpOT1KxxjSpToz3B+CWjDUFuFQWhnstrR FSTIJNvUMACpA+8CCeQACn/w0d4P/wCgbrn/AH4h/wDjtH/DR3g//oG65/34h/8AjtakGhY8QRWN 58H/AA+NPLhZNRtJrWVVBH3gjxo5AJweAeCQG4z1n/CCeD/+hU0P/wAF0P8A8TQB5/8A8NHeD/8A oG65/wB+If8A47R/w0d4P/6Buuf9+If/AI7XoH/CCeD/APoVND/8F0P/AMTR/wAIJ4P/AOhU0P8A 8F0P/wATQB5//wANHeD/APoG65/34h/+O0f8NHeD/wDoG65/34h/+O16B/wgng//AKFTQ/8AwXQ/ /E0f8IJ4P/6FTQ//AAXQ/wDxNAHn/wDw0d4P/wCgbrn/AH4h/wDjtH/DR3g//oG65/34h/8Ajteg f8IJ4P8A+hU0P/wXQ/8AxNH/AAgng/8A6FTQ/wDwXQ//ABNAHn//AA0d4P8A+gbrn/fiH/47R/w0 d4P/AOgbrn/fiH/47XoH/CCeD/8AoVND/wDBdD/8TR/wgng//oVND/8ABdD/APE0Aef/APDR3g// AKBuuf8AfiH/AOO0f8NHeD/+gbrn/fiH/wCO16B/wgng/wD6FTQ//BdD/wDE0f8ACCeD/wDoVND/ APBdD/8AE0Aef/8ADR3g/wD6Buuf9+If/jtH/DR3g/8A6Buuf9+If/jtegf8IJ4P/wChU0P/AMF0 P/xNH/CCeD/+hU0P/wAF0P8A8TQB5/8A8NHeD/8AoG65/wB+If8A47R/w0d4P/6Buuf9+If/AI7W p4++G+lX2m6cmieEtNZ0vQ9ytraxxsYvKkHOJYSRvKcCQdAecYPnl/4COkWsaz+H4LO6i8P6pcX0 lw0M6zIkSCAR7RgTRF4g0gSPcwcgtkkgHX/8NHeD/wDoG65/34h/+O0f8NHeD/8AoG65/wB+If8A 47XGR+CL60s/Edi3hbRtN1A3GlLYvcfvfLSS6kRZSGe4wWYKrpuxtB+9jDSeHtG0y88R6FpMug6G NSWWG2keSaGR4/s6bbqGW2VsFmMNw6zssmfMjGVJDRgHX/8ADR3g/wD6Buuf9+If/jtH/DR3g/8A 6Buuf9+If/jtcRqfgW48V6np+oaT4VsbD+2Nl/bWjEKiW6R2qvvMcyqIWaZ2+VPN+UcDcdtfTbLR NCs9LudW0DSjcSRJq4mubmKMRWDnf5CQO7faZH2XCKW3MoeEllPCAHf/APDR3g//AKBuuf8AfiH/ AOO0f8NHeD/+gbrn/fiH/wCO1xnhz4QardW1/bXel6MbqC9topI5ZJGSIrYySMHZXD4Z5oN3lsRu BIUqoB09G+D8qXGk2+r+GPtFqsSxTzMED/8AH1OSz+Xdptbymh5AmxgAfdwQDoP+GjvB/wD0Ddc/ 78Q//HaP+GjvB/8A0Ddc/wC/EP8A8do0H4Zmxn0BrjwppTWdraQQ38dwkMs0sroxncZDB18x4juZ wyiBwilXw+XovwXaDRnj1HSbQ3cqWK/uVU7FZXjuWLSSP+9RZnf5MJuhhZQxygANT/ho7wf/ANA3 XP8AvxD/APHaP+GjvB//AEDdc/78Q/8Ax2vQP+EE8H/9Cpof/guh/wDiaP8AhBPB/wD0Kmh/+C6H /wCJoA8//wCGjvB//QN1z/vxD/8AHaP+GjvB/wD0Ddc/78Q//Ha9A/4QTwf/ANCpof8A4Lof/iaP +EE8H/8AQqaH/wCC6H/4mgDz/wD4aO8H/wDQN1z/AL8Q/wDx2j/ho7wf/wBA3XP+/EP/AMdr0D/h BPB//QqaH/4Lof8A4mj/AIQTwf8A9Cpof/guh/8AiaAPP/8Aho7wf/0Ddc/78Q//AB2j/ho7wf8A 9A3XP+/EP/x2vQP+EE8H/wDQqaH/AOC6H/4mj/hBPB//AEKmh/8Aguh/+JoA8/8A+GjvB/8A0Ddc /wC/EP8A8do/4aO8H/8AQN1z/vxD/wDHa9A/4QTwf/0Kmh/+C6H/AOJrl/GOmaJ4agjk0z4WWOuM 8TyMtpYRDYVeJQDiMnkSMeAT8h4xuZQDH/4aO8H/APQN1z/vxD/8do/4aO8H/wDQN1z/AL8Q/wDx 2rFk/hq58q3k+HWhpqT6hFbmyFiwkNq+wNdBHtlcRqzEEuqLlGG/OATQ5vDF9Lu1z4YWPhyxFobh 73U7GGOFTujjCFigwxdpAA20lVRsfPhQCv8A8NHeD/8AoG65/wB+If8A47R/w0d4P/6Buuf9+If/ AI7RJc6Nb2LzzfCCB5PsjSww22jvI0svnSRqnNsuxdqCQs+1grrhGNWLkaPbz3MCfCCCZo5b1Y5I 9MTy3WBHZCSYshpCqBQAykSDDsysgAK//DR3g/8A6Buuf9+If/jtH/DR3g//AKBuuf8AfiH/AOO0 f2h4YSW+hvPhRBp01vFcGH7dp0MaXk6NiG3hcKRJJIMnC56fLvHNWEvfBVxFa+V8N4ILqS7Ec9je 6MqXUVvtJNyIY45HaPcAgOACxwSOtAFf/ho7wf8A9A3XP+/EP/x2j/ho7wf/ANA3XP8AvxD/APHa ktNT8Gulh9v+E93YmdFN1NN4ejW3sjuIYySuqjYoG4vjG0gnByBoT2fh7+0pYbL4Zabd2P8AZhvo b+OyhaKZvN2KoKIwIKYl+Us+w8RlvloAy/8Aho7wf/0Ddc/78Q//AB2j/ho7wf8A9A3XP+/EP/x2 i48iHSY5o/gpYz376h9ia2jt4giDy1beZGhHy7mKbgpj+Rjvxt3SalqPg3T4b+JPhjHealZ3CWXk WujRsk1y0LylY2ZAzIoTl9mcMrBSCKAI/wDho7wf/wBA3XP+/EP/AMdo/wCGjvB//QN1z/vxD/8A Ha2Dp/huS2gmtvhxpU6vqp09yljGwVVuZYGkG2NiNojDneEXDYDkjFdR/wAIJ4P/AOhU0P8A8F0P /wATQB4h4y+Ps11qWl3fhBry1SASC6gv4U8ufJXbwrHphuQQeetdv4I+Oui+JZ4NO1W3k03UpSET AMkMrexHK/QjHuam8afBbSfFGpaUdPjsdFsrcSfahZWiJJMSV2gYAHGG5OcZ6V13hbwH4c8HQBNH 06OOYjD3MnzzP9WP8hge1AHSUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUU AFFFFABRRRQAUUUUAFY+t+G7PXvN+1STp5mn3OnnymA/dz7N55B+YeWuD05OQaKKAI9W8L22rTXc 7Xd3bz3CWi+ZAUzGbaZpo2UMrDO5znIIIA4FSWfh9LHUWuIdQvhamWSdLDeohSWQsztkKHbLO52s zKC2QBtXaUUAGm+G7PS/7I8iSdv7K09tPg3sDujPlZLYAy37leRgcnjpinD4NtrW3soLLUtStEt7 KGwlMMiBrmCIEIrsUJUjc/zRlG+c88LgooA1LHSUsNT1S9juZ3/tGVJpIX27I3WNY8rhQ3Komck9 OMZOdCiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo ooA//9kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwEAAEQA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA0Mnqefm6zhGMggCqAEupCwIAAAAXAAAAGwAAAHMAdABlAHYAZQBuAC4AYwAuAHYAZQBu AGUAbQBhAEAAYgBvAGUAaQBuAGcALgBjAG8AbQAAAODJ6nn5us4RjIIAqgBLqQtcAAAAbQBhAGkA bAB0AG8AOgBzAHQAZQB2AGUAbgAuAGMALgB2AGUAbgBlAG0AYQBAAGIAbwBlAGkAbgBnAC4AYwBv AG0AAAB5WIH0Ox1/SK8sgl3EhSdjAAAAAKWrAABdAQAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQyep5+brOEYyCAKoAS6kL AgAAABcAAAA0AAAAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAG8AcABlAG4AZwByAG8AdQBwAC4AbwBy AGcALwBiAG8AbwBrAHMAdABvAHIAZQAvAGMAYQB0AGEAbABvAGcALwBlADAANAAxAC4AaAB0AG0A AADgyep5+brOEYyCAKoAS6kLgAAAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBvAHAAZQBuAGcAcgBv AHUAcAAuAG8AcgBnAC8AYgBvAG8AawBzAHQAbwByAGUALwBjAGEAdABhAGwAbwBnAC8AZQAwADQA MQAuAGgAdABtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAAClqwAAkAAAAEQAZAAAAAAAAAACAAAAAAAA AAAAAAAAACAcGBWjAqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAATwRAAAALIE CvAIAAAAAQQAAAAKAAAzAAvwEgAAAH8AQAFAAQABEAD//wEB8P8AABMAIvEGAAAAPwUBAAEAAAAQ 8AQAAAAAAACAkAAAAEQAZAAAAAAAAAACAAAAAAAAAAAAAAAAACAcGBXVAtUCAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAPAATwRAAAALIECvAIAAAAAgQAAAAKAAAzAAvwEgAAAH8AQAFA AQABEAD//wEB8P8AABMAIvEGAAAAPwUBAAEAAAAQ8AQAAAABAACAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIYCEQASAAEAnAAPAAQA AAADAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAEwAAEDx/wIATAAMAAAAAAAAAAAABgBOAG8AcgBtAGEAbAAAAAIAAAAkAENKGABPSgIA UUoCAF9IAQRhShgAbUgJBG5IEQRzSAkEdEgRBAAAAAAAAAAAAAAAAAAAAAAAAEQAQUDy/6EARAAM AQAAAAAAAAAAFgBEAGUAZgBhAHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgAIABGAG8AbgB0AAAA AABWAGkA8/+zAFYADAEAAAAAAAAAAAwAVABhAGIAbABlACAATgBvAHIAbQBhAGwAAAAgADpWCwAX 9gMAADTWBgABBQMAADTWBgABCgNsAGH2AwAAAgALAAAAKABrAPT/wQAoAAABAAAAAAAAAAAHAE4A bwAgAEwAaQBzAHQAAAACAAwAAAAAACQATEABAAIAJAAMBAAA/TrlAAAABABEAGEAdABlAAAAAgAP AAAANgBVQKIAAQE2AAwEAAAXNJUAAAAJAEgAeQBwAGUAcgBsAGkAbgBrAAAADAA+KgFCKgJwaAAA /wAAAAAAxhQAAAgAACgAAAAA/////wAAAAAvAAAAWwAAAIIAAACwAAAAEQEAABIBAAAaAQAAGwEA AKsCAACsAgAAIQUAACIFAADlBgAA5gYAAAMHAAAEBwAApAcAAKUHAABECQAARQkAALQJAAC1CQAA 0gkAANMJAABgCwAAYQsAAKYLAAAPDAAAPwwAAHwMAADCDAAAwwwAAJMNAACUDQAAmREAAJoRAADI FAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAA AACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAA AJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAA mAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACY AAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgA AAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAA AAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAA ADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAA MAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAw AAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAA AAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAA AAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAA AAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAEgADAAAAAA AAAAgAAAAIAAAAAAAAAAAAAAmAABIAAwAQAAAAAAAIAAAACAAAAAAAAAAAAAAJgAASAAMAIAAAAA AACAAAAAgAAAAAAAAAAAAACYAAEgADADAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAABIAAwBAAAAAAA AIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACAAAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAA gAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAAAACAAAAAAAAAAAAAAJgAAAAAMAAAAAAAAACA AAAAgAAAAAAAAAAAAACYAAAAADAAAAAAAAAAgAAAAIAAAAAAAAAAAAAAmAAAAAAwAAAAAAAAAIAA AACAAAAAAAAAAAAAAAAAAAAvAAAAWwAAAIIAAAAaAQAAGwEAAKsCAACsAgAA5gYAAAMHAAAEBwAA pAcAAKUHAABECQAAyBQAAIiQADAAMAAAAAAAAAIAAAANAAAAAAAAAAAAAAGKkAAwADAAAAAAAAAB AAAAAwAAAAAAAAAAAAAHitAAMAAwAAAAAAAAAQAAAAQAAAAAAAAAAAAAB4qQADAAMAAAAAAAAAEA AAADAAAAAAAAAAAAAAeIkAAwADAAAAAAAAACAAAAAQAAAAAAAAAAAAABAwAAAAIwAAAEAAAAHAAA AAAAAAAAAAAAAAAAB4iQADAAMAAAAAAAAAEAAAAAAAAAAAAAAAAAgAGIkAAwBTAAAAAAAAABAAAA BAAAAAYAAADUUlAHitAAMAAwAAAAAAAAAQAAAAAAAAAAAAAAAACAB4iQADAGMAAAAAAAAAIAAAAB AAAAAAAAAAAAAAGIkAAwCDAAAAAAAAABAAAAAwAAAAAAAAAAAAABiJAAMAgwAAAAAAAAAgAAAAEA AAAAAAAAAAAAAQAAAAABMAAAAAAAAAAAAAC4FwAAAAAAAAAAgAGKkAAwADAAAAAAAAABAAAAAAAA AAAAAAC4F7YHAAYAAP8OAADGHAAADwAAABIAAAAABgAAYBMAAMYcAAAQAAAAEwAAAAAGAADGHAAA EQAAAMIAAADzAAAADgEAAPkCAAA8AwAAcAMAAOYGAAD+BgAAAQcAALUJAADNCQAA0AkAAMYUAAAT WBT/FYATWBT/FYCTXxT/FZyTXxT/FZwPAADwxAAAAAAABvAYAAAAAggAAAIAAAAEAAAAAQAAAAEA AAAFAAAAPwAB8IQAAABSAAfwJAAAAAUFMZ6VVKmxDTbb+zb/ImOhm/8A6nIAAAEAAAAuKAAAAAAA AFIAB/AkAAAABQVOA9OWVuUeaSF22qMy8PXn/wAPvwAAAAAAAP////8AAAAAUgAH8CQAAAAFBQ38 ssPp+oBK9oxLcY1rhQH/AJ3DAAABAAAAGJsAAAAAAABAAB7xEAAAAP//AAAAAP8AgICAAPcAABAA DwAC8GYBAAAQAAjwCAAAAAMAAAAEBAAADwAD8AQBAAAPAATwKAAAAAEACfAQAAAAAAAAAAAAAAAA AAAAAAAAAAIACvAIAAAAAAQAAAUAAAAPAATwYgAAALIECvAIAAAABAQAAAAKAAAzAAvwEgAAAH8A QAFAAQRBAwAAAL8DAAAgAEMAIvEYAAAAkAMDAAAAkgMDAAAAvwMAAgACPwUBAAEAAAAQ8AQAAAAB AAAAAAAR8AQAAAABAAAADwAE8GIAAACyBArwCAAAAAIEAAAACgAAMwAL8BIAAAB/AEABQAEEQQEA AAC/AwAAIABDACLxGAAAAJADAwAAAJIDAwAAAL8DAAIAAj8FAQABAAAAEPAEAAAAAAAAAAAAEfAE AAAAAQAAAA8ABPBCAAAAEgAK8AgAAAABBAAAAA4AAFMAC/AeAAAAvwEAABAAywEAAAAA/wEAAAgA BAMJAAAAPwMBAAEAAAAR8AQAAAABAAAA/wYAAM4JAADGFAAAAgQAAAAAAAAAAAAA/BIAAD0OAAB0 gAAAAAAEBAAAAAAAAAAAAABkFAAASw8AAHSAAAAAAP//BwAAAAYAIL5WAAgAAgBsS+kMBgAhvlYA CAACACw36QwGACK+VgARAAEAbDfpDAYAI75WABEAAQAsP+kMBgAkvlYAEQABAGxC6QwGACW+VgAQ AAEA7DvpDAYAJr5WABEAAQDsSekMQAAAAI0AAABtCAAAdwgAAI0IAACNCAAAlggAAMgUAAAAAAAA AQABAAAAAQACAAAAAQADAAAAAQAEAAAAAgAFAAAAAgAGAAAAAgBZAAAAkgAAAHUIAACBCAAAlAgA AKAIAACgCAAAyBQAAAAAAAABAAAAAgAAAAMAAAAEAAEABQAAAAYAAAAEAAAAOQAAAAQAAAAqgHVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOnNtYXJ0dGFncwWAU3RhdGUAgD4AAAAHAAAA KoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MKgFBlcnNvbk5hbWUA gDgAAAAFAAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MEgENp dHkAgDkAAAACAAAAKoB1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTpzbWFydHRhZ3MF gHBsYWNlAIAMAAAB/Fg5DgAAAAAHAAAAAAAHAAAAAAAFAAAAAAAEAAAAAAAFAAAAAAACAAAAAAAE AAAAAAAAAAAABwAAAA0AAAAvAAAANAAAAJQAAACvAAAAsAAAAMIAAAD0AAAADgEAAHgBAAB+AQAA oAEAAKYBAABCAgAASAIAAKEJAACnCQAAZAoAAGoKAACxCgAAuQoAAAgMAAANDAAAFwwAAB8MAABz DAAAewwAAAgOAAAODgAAehAAAIMQAABVEgAAWxIAAOISAADrEgAAkxMAAJsTAADIFAAABwAcAAcA HAAHAAQABwAFAAcABQAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAAAAAAI0AAACvAAAAsAAAABABAADIFAAABwAEAAcABQAHAAAAAACNAAAA rwAAABIBAAAbAQAAPwsAAGALAADIFAAABwAEAAcABQAHAAUABwAAAAAAlAAAAK8AAADIFAAABwAE AAcAAQBtRxpMCt5m3P8P/w//D/8P/w//D/8P/w//DxAAAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAA AxgAAA+E0AIRhJj+FcYFAAHQAgZehNACYISY/m8oAAIAAAAuAAEAAAAEgAEAAAAAAAAAAAAAAAAA AAAAAAoYAAAPhKAFEYSY/hXGBQABoAUGXoSgBWCEmP6HaAAAAACISAAAAgABAC4AAQAAAAKCAQAA AAAAAAAAAAAAAAAAAAAAChgAAA+EcAgRhEz/FcYFAAFwCAZehHAIYIRM/4doAAAAAIhIAAACAAIA LgABAAAAAIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RACxGEmP4VxgUAAUALBl6EQAtghJj+h2gA AAAAiEgAAAIAAwAuAAEAAAAEgAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhBAOEYSY/hXGBQABEA4G XoQQDmCEmP6HaAAAAACISAAAAgAEAC4AAQAAAAKCAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+E4BAR hEz/FcYFAAHgEAZehOAQYIRM/4doAAAAAIhIAAACAAUALgABAAAAAIABAAAAAAAAAAAAAAAAAAAA AAAKGAAAD4SwExGEmP4VxgUAAbATBl6EsBNghJj+h2gAAAAAiEgAAAIABgAuAAEAAAAEgAEAAAAA AAAAAAAAAAAAAAAAAAoYAAAPhIAWEYSY/hXGBQABgBYGXoSAFmCEmP6HaAAAAACISAAAAgAHAC4A AQAAAAKCAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EUBkRhEz/FcYFAAFQGQZehFAZYIRM/4doAAAA AIhIAAACAAgALgABAAAAbUcaTAAAAAAAAAAAAAAAAP///////wEAAAAAAP//AQAAABIADwAJBBkA CQQbAAkEDwAJBBkACQQbAAkEDwAJBBkACQQbAAkEFQAAAAQAAAAIAAAA5QAAAAAAAAAUAAAA+D4D ACNpDwAiBBsAPwFMABQVUABAbFcAbARZABAwWQAvCVsAk1ZmAPROlAAXNJUAUXyuAHk3tABzcrYA 0UK/APRtwAA2QtYA/TrlAOAf7wCcJ/EA/0ABgAEAlQAAAJUAAADAD7MLAQABAJUAAAAAAAAAlQAA AAAAAAACEAAAAAAAAADGFAAAgAAAEABAAAD//wEAAAAHAFUAbgBrAG4AbwB3AG4A//8BAAgAAAAA AAAAAAAAAP//AQAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAABAAAAEcWkAEAAAICBgMFBAUC AwSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAA ADUWkAECAAUFAQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABTAHkAbQBiAG8AbAAAADMm kAEAAAILBgQCAgICAgSHegAgAAAAgAgAAAAAAAAA/wEAAAAAAABBAHIAaQBhAGwAAABdEZABgAoC AgYJBAIFCAMEAQAAAAAABwgQAAAAAAAAAAAAAgAAAAAATQBTACAATQBpAG4AYwBoAG8AAABBAHIA aQBhAGwAIABVAG4AaQBjAG8AZABlACAATQBTAAAAIgAEAHEIjBgA8NACAABoAQAAAADASbwGkqu8 pgAAAAADAAIAAAAZAwAArREAAAEACgAAAAQAAxAlAAAAGQMAAK0RAAABAAoAAAAlAAAAAAAAAHkF APAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHoAW0ALQAgYFyNAAAAAAAAAAAAAAAAAAA vBQAALwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAACAAAAAAAAAAAAATKDUQDwEAAI3AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AABIWAAAAAAp8P8PAQABPwAA5AQAAP///3////9/////f////3////9/////f////3/9OuUAAAAA ADIAAAAAAAAAAAAAAAAAAAAAAP//EgAAAAAAAAAuAEIAbwBlAGkAbgBnACAAVgBvAFcATABBAE4A IABJAG0AcABsAGUAbQBlAG4AdABhAHQAaQBvAG4AIABhAG4AZAAgAEQAZQBtAG8AbgBzAHQAcgBh AHQAaQBvAG4AAAAAAAAAEABSAGkAYwBoAGEAcgBkACAASAAuACAAUABhAGkAbgBlABAAUgBpAGMA aABhAHIAZAAgAEgALgAgAFAAYQBpAG4AZQAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAGAAAAAQAA AAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAUBAgAAAAAAAAAAAAAAAAAAAAAAAQAA AOCFn/L5T2gQq5EIACsns9kwAAAAsAEAABEAAAABAAAAkAAAAAIAAACYAAAAAwAAANAAAAAEAAAA 3AAAAAUAAAD4AAAABgAAAAQBAAAHAAAAEAEAAAgAAAAkAQAACQAAAEABAAASAAAATAEAAAoAAABs AQAADAAAAHgBAAANAAAAhAEAAA4AAACQAQAADwAAAJgBAAAQAAAAoAEAABMAAACoAQAAAgAAAOQE AAAeAAAAMAAAAEJvZWluZyBWb1dMQU4gSW1wbGVtZW50YXRpb24gYW5kIERlbW9uc3RyYXRpb24A AB4AAAAEAAAAAAAAAB4AAAAUAAAAUmljaGFyZCBILiBQYWluZQAAAAAeAAAABAAAAAAAAAAeAAAA BAAAAAAAAAAeAAAADAAAAE5vcm1hbC5kb3QAAB4AAAAUAAAAUmljaGFyZCBILiBQYWluZQAAAAAe AAAABAAAADMAAAAeAAAAGAAAAE1pY3Jvc29mdCBPZmZpY2UgV29yZAAAAEAAAAAAjIZHAAAAAEAA AAAAmHgrdDrIAUAAAAAAXIdYH0TIAQMAAAABAAAAAwAAABkDAAADAAAArREAAAMAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7/AAAFAQIAAAAAAAAAAAAAAAAAAAAAAAIAAAAC1c3VnC4b EJOXCAArLPmuRAAAAAXVzdWcLhsQk5cIACss+a50AQAAMAEAAAwAAAABAAAAaAAAAA8AAABwAAAA BQAAAJQAAAAGAAAAnAAAABEAAACkAAAAFwAAAKwAAAALAAAAtAAAABAAAAC8AAAAEwAAAMQAAAAW AAAAzAAAAA0AAADUAAAADAAAAA8BAAACAAAA5AQAAB4AAAAcAAAAVGhlIEJvZWluZyBDb21wYW55 LCBNJkNUAAAAAAMAAAAlAAAAAwAAAAoAAAADAAAAvBQAAAMAAADEHwsACwAAAAAAAAALAAAAAAAA AAsAAAAAAAAACwAAAAAAAAAeEAAAAQAAAC8AAABCb2VpbmcgVm9XTEFOIEltcGxlbWVudGF0aW9u IGFuZCBEZW1vbnN0cmF0aW9uAAwQAAACAAAAHgAAAAYAAABUaXRsZQADAAAAAQAAAAAAAGABAAAD AAAAAAAAACAAAAABAAAAOAAAAAIAAABAAAAAAQAAAAIAAAAMAAAAX1BJRF9ITElOS1MAAgAAAOQE AABBAAAAGAEAAAwAAAADAAAAPgAyAAMAAAADAAAAAwAAAAAAAAADAAAABQAAAB8AAAA0AAAAaAB0 AHQAcAA6AC8ALwB3AHcAdwAuAG8AcABlAG4AZwByAG8AdQBwAC4AbwByAGcALwBiAG8AbwBrAHMA dABvAHIAZQAvAGMAYQB0AGEAbABvAGcALwBlADAANAAxAC4AaAB0AG0AAAAfAAAAAQAAAAAAfhAD AAAAcgBYAAMAAAAAAAAAAwAAAAAAAAADAAAABQAAAB8AAAAiAAAAbQBhAGkAbAB0AG8AOgBzAHQA ZQB2AGUAbgAuAGMALgB2AGUAbgBlAG0AYQBAAGIAbwBlAGkAbgBnAC4AYwBvAG0AAAAfAAAAAQAA AAAAfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAABAAAAAgAAAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAkAAAAKAAAACwAA AAwAAAANAAAADgAAAA8AAAAQAAAAEQAAABIAAAATAAAAFAAAABUAAAAWAAAAFwAAABgAAAAZAAAA GgAAABsAAAAcAAAAHQAAAB4AAAAfAAAAIAAAACEAAAAiAAAAIwAAACQAAAAlAAAAJgAAACcAAAAo AAAAKQAAACoAAAArAAAALAAAAC0AAAAuAAAALwAAADAAAAAxAAAAMgAAADMAAAA0AAAANQAAADYA AAA3AAAAOAAAADkAAAA6AAAAOwAAADwAAAA9AAAAPgAAAD8AAABAAAAAQQAAAEIAAABDAAAARAAA AEUAAABGAAAARwAAAEgAAABJAAAASgAAAEsAAABMAAAATQAAAE4AAABPAAAAUAAAAFEAAABSAAAA UwAAAFQAAABVAAAAVgAAAFcAAABYAAAAWQAAAFoAAABbAAAAXAAAAF0AAABeAAAAXwAAAGAAAABh AAAAYgAAAGMAAABkAAAAZQAAAGYAAABnAAAAaAAAAGkAAABqAAAAawAAAGwAAABtAAAAbgAAAG8A AABwAAAAcQAAAHIAAABzAAAAdAAAAHUAAAB2AAAAdwAAAHgAAAB5AAAAegAAAHsAAAB8AAAAfQAA AH4AAAB/AAAAgAAAAIEAAACCAAAAgwAAAIQAAACFAAAAhgAAAIcAAACIAAAAiQAAAIoAAACLAAAA jAAAAI0AAACOAAAAjwAAAJAAAACRAAAAkgAAAJMAAACUAAAAlQAAAJYAAACXAAAAmAAAAJkAAACa AAAAmwAAAJwAAACdAAAAngAAAJ8AAACgAAAAoQAAAKIAAACjAAAApAAAAKUAAACmAAAApwAAAKgA AACpAAAAqgAAAKsAAACsAAAArQAAAK4AAACvAAAA/v///7EAAACyAAAAswAAALQAAAC1AAAAtgAA ALcAAAD+////uQAAALoAAAC7AAAAvAAAAL0AAAC+AAAAvwAAAMAAAADBAAAAwgAAAMMAAADEAAAA /v///8YAAADHAAAAyAAAAMkAAADKAAAAywAAAMwAAAD+////zgAAAM8AAADQAAAA0QAAANIAAADT AAAA1AAAAP7////9/////f///9gAAAD+/////v////7///////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ////////////////UgBvAG8AdAAgAEUAbgB0AHIAeQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAABYABQH//////////wMAAAAGCQIAAAAAAMAAAAAAAABGAAAAAAAA AAAAAAAA8DRpXR9EyAHaAAAAgAAAAAAAAABEAGEAdABhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgACAf///////////////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAAAAAAEAAAAAAAADEAVABhAGIAbABlAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAIBAQAAAAYA AAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAAAAAMZAAAAAAAAVwBv AHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAABoAAgECAAAABQAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAtV4BAAAAAAAFAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAKAACAf///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAMUAAAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMAdQBtAG0AYQByAHkA SQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIBBAAAAP//////////AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzQAAAAAQAAAAAAAAAQBDAG8AbQBwAE8AYgBqAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIAAgD///////// //////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcQAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAEAAAD+//////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ////////////AQD+/wMKAAD/////BgkCAAAAAADAAAAAAAAARh8AAABNaWNyb3NvZnQgT2ZmaWNl IFdvcmQgRG9jdW1lbnQACgAAAE1TV29yZERvYwAQAAAAV29yZC5Eb2N1bWVudC44APQ5snEAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAABSAG8AbwB0ACAARQBuAHQAcgB5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAFgAFAf//////////AwAAAAYJAgAAAAAAwAAAAAAAAEYAAAAAAAAAAAAA AAAwhbHeH0TIAdoAAACAAAAAAAAAAEQAYQB0AGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAIB////////////////AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAAAAAAQAAAAAAAAMQBUAGEAYgBsAGUAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAgEBAAAABgAAAP// //8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAxkAAAAAAABXAG8AcgBk AEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA GgACAQIAAAAFAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1 XgEAAAAAAIEAAACCAAAAgwAAAIQAAACFAAAAhgAAAIcAAACIAAAAiQAAAIoAAACLAAAAjAAAAI0A AACOAAAAjwAAAJAAAACRAAAAkgAAAJMAAACUAAAAlQAAAJYAAACXAAAAmAAAAJkAAACaAAAAmwAA AJwAAACdAAAAngAAAJ8AAACgAAAAoQAAAKIAAACjAAAApAAAAKUAAACmAAAApwAAAKgAAACpAAAA qgAAAKsAAACsAAAArQAAAK4AAACvAAAA/v///7EAAACyAAAAswAAALQAAAC1AAAAtgAAALcAAAD+ ////uQAAALoAAAC7AAAAvAAAAL0AAAC+AAAAvwAAAMAAAADBAAAAwgAAAMMAAADEAAAA/v///8YA AADHAAAAyAAAAMkAAADKAAAAywAAAMwAAAD+//////////////////////////////////////// ///////9/////////////////////v////7////lAAAA/f///94AAADfAAAA4AAAAOEAAADiAAAA 4wAAAOQAAAD+/////v////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////v8AAAUBAgAAAAAAAAAAAAAAAAAAAAAAAgAAAALVzdWcLhsQk5cIACss+a5EAAAABdXN 1ZwuGxCTlwgAKyz5rnQBAAAwAQAADAAAAAEAAABoAAAADwAAAHAAAAAFAAAAlAAAAAYAAACcAAAA EQAAAKQAAAAXAAAArAAAAAsAAAC0AAAAEAAAALwAAAATAAAAxAAAABYAAADMAAAADQAAANQAAAAM AAAADwEAAAIAAADkBAAAHgAAABwAAABUaGUgQm9laW5nIENvbXBhbnksIE0mQ1QAAAAAAwAAACUA AAADAAAACgAAAAMAAAC8FAAAAwAAAMQfCwALAAAAAAAAAAsAAAAAAAAACwAAAAAAAAALAAAAAAAA AB4QAAABAAAALwAAAEJvZWluZyBWb1dMQU4gSW1wbGVtZW50YXRpb24gYW5kIERlbW9uc3RyYXRp b24ADBAAAAIAAAAeAAAABgAAAFRpdGxlAAMAAAABAAAAAAAAYAEAAAMAAAAAAAAAIAAAAAEAAAA4 AAAAAgAAAEAAAAABAAAAAgAAAAwAAABfUElEX0hMSU5LUwACAAAA5AQAAEEAAAAYAQAADAAAAAMA AAA+ADIAAwAAAAMAAAADAAAAAAAAAAMAAAAFAAAAHwAAADQAAABoAHQAdABwADoALwAvAHcAdwB3 AC4AbwBwAGUAbgBnAHIAbwB1AHAALgBvAHIAZwAvAGIAbwBvAGsAcwB0AG8AcgBlAC8AYwBhAHQA YQBsAG8AZwAvAGUAMAA0ADEALgBoAHQAbQAAAB8AAAABAAAAAAB+EAMAAAByAFgAAwAAAAAAAAAD AAAAAAAAAAMAAAAFAAAAHwAAACIAAABtAGEAaQBsAHQAbwA6AHMAdABlAHYAZQBuAC4AYwAuAHYA ZQBuAGUAbQBhAEAAYgBvAGUAaQBuAGcALgBjAG8AbQAAAB8AAAABAAAAAAB+EAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUA UwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAoAAIB////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA xQAAAAAQAAAAAAAABQBEAG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBh AHQAaQBvAG4AAAAAAAAAAAAAADgAAgEEAAAA//////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAADdAAAAABAAAAAAAAABAEMAbwBtAHAATwBiAGoAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgACAP///////////////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////// ////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ------_=_NextPart_001_01C8441F.F313CEC2 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec ------_=_NextPart_001_01C8441F.F313CEC2-- From hipsec-bounces@lists.ietf.org Fri Dec 21 17:49:17 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qg7-0005lk-FM; Fri, 21 Dec 2007 17:49:15 -0500 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qg5-0005lP-HQ; Fri, 21 Dec 2007 17:49:13 -0500 Received: from stl-smtpout-01.boeing.com ([130.76.96.56]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J5qg5-0000K7-4f; Fri, 21 Dec 2007 17:49:13 -0500 Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lBLMnBUF023223 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Dec 2007 16:49:12 -0600 (CST) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lBLMnBPk024121; Fri, 21 Dec 2007 14:49:11 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lBLMnAAV024113; Fri, 21 Dec 2007 14:49:11 -0800 (PST) Received: from XCH-NW-2V2.nw.nos.boeing.com ([130.247.55.18]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Dec 2007 14:49:10 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:calendarmessage MIME-Version: 1.0 Date: Fri, 21 Dec 2007 14:49:07 -0800 Message-ID: <0C549DAFE1A8004D8EB57ACDD108646D070BA68A@XCH-NW-2V2.nw.nos.boeing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: P2PSIP and HIP Joint Meeting on the Boeing VOIP HIP Implementation Thread-Index: AchEI50GVcywQHvhTAWBKzgatEfhSQ== From: "Paine, Richard H" To: "Venema, Steve A" , "Mattes, David" , "Brewer, Orlie T" , , X-OriginalArrivalTime: 21 Dec 2007 22:49:10.0621 (UTC) FILETIME=[B38178D0:01C84423] X-Spam-Score: 0.0 (/) X-Scan-Signature: 8fbbaa16f9fd29df280814cb95ae2290 Cc: Subject: [Hipsec] P2PSIP and HIP Joint Meeting on the Boeing VOIP HIP Implementation X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1173254436==" Errors-To: hipsec-bounces@lists.ietf.org This is a multi-part message in MIME format. --===============1173254436== Content-class: urn:content-classes:calendarmessage Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C84423.B3692020" This is a multi-part message in MIME format. ------_=_NextPart_001_01C84423.B3692020 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable When: Monday, December 17, 2007 8:00 AM-8:30 AM (GMT-08:00) Pacific Time = (US & Canada). Where: Virtual (866-752-6974 Passcode: 9710856# *~*~*~*~*~*~*~*~*~* The teleconference is per a meeting at the Vancouver IETF on Friday, Dec = 7, 2007 that was a joint meeting of the HIP and P2PSIP Working Groups. = The joint meeting determined the need to look at the Boeing = demonstration of SIP over HIP. The demonstration used an = IEEE802.11-WPA-wireless connection to the Boeing Intranet and the SIP = call traversed both the wireless and wired network securely to get to a = wired laptop. The call occurred in a HIP namespace using a = cryptographic identity as an SPI value in the ESP field. This teleconference is being held to discuss the white paper on the = demonstration and the use of HIP for secure point-to-point SIP. Teleconference Details: Date: Tuesday, January 8, 2008 Starting time: 8:00 pm, Pacific Standard = Time (GMT -08:00, San Francisco) Duration: 1 hour 30 minutes Meeting = number: 896 132 416 Meeting password: hipmeeting Teleconference: = Dial-in:1-866-752-6974 (US) Leader passcode:9710856 Participant passcode:9710856 Host: Richard Paine Host's email address: = richard.h.paine@boeing.com=20 Richard H. Paine Success is getting what you want, happiness is liking what you get! Cell: 206-854-8199 IPPhone: 425-373-8296 Email: richard.h.paine@boeing.com=20 ------_=_NextPart_001_01C84423.B3692020 Content-class: urn:content-classes:calendarmessage Content-Type: text/calendar; method=REQUEST; name="meeting.ics" Content-Transfer-Encoding: 8bit BEGIN:VCALENDAR METHOD:REQUEST PRODID:Microsoft CDO for Microsoft Exchange VERSION:2.0 BEGIN:VTIMEZONE TZID:(GMT-08.00) Pacific Time (US & Canada)/Tijuana X-MICROSOFT-CDO-TZID:13 BEGIN:STANDARD DTSTART:16010101T020000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=11;BYDAY=1SU END:STANDARD BEGIN:DAYLIGHT DTSTART:16010101T020000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=2SU END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20071221T224832Z DTSTART;TZID="(GMT-08.00) Pacific Time (US & Canada)/Tijuana":20071217T0800 00 SUMMARY:P2PSIP and HIP Joint Meeting on the Boeing VOIP HIP Implementation UID:040000008200E00074C5B7101A82E00800000000B06ED28EE043C801000000000000000 010000000009C6350D71D43428DE4DFBF56DB8769 ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Venema, S teve A":MAILTO:Steve.A.Venema@boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Mattes, D avid":MAILTO:david.mattes@boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Brewer, O rlie T":MAILTO:brewer@redwood.rt.cs.boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="'p2psip@i etf.org'":MAILTO:p2psip@ietf.org ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="'hipsec@i etf.org'":MAILTO:hipsec@ietf.org ORGANIZER;CN="Paine, Richard H":MAILTO:richard.h.paine@boeing.com LOCATION:Virtual (866-752-6974 Passcode: 9710856# DTEND;TZID="(GMT-08.00) Pacific Time (US & Canada)/Tijuana":20071217T083000 DESCRIPTION:The teleconference is per a meeting at the Vancouver IETF on Fr iday\, Dec 7\, 2007 that was a joint meeting of the HIP and P2PSIP Working Groups. The joint meeting determined the need to look at the Boeing demo nstration of SIP over HIP. The demonstration used an IEEE802.11-WPA-wirel ess connection to the Boeing Intranet and the SIP call traversed both the wireless and wired network securely to get to a wired laptop. The call oc curred in a HIP namespace using a cryptographic identity as an SPI value i n the ESP field.\N\NThis teleconference is being held to discuss the white paper on the demonstration and the use of HIP for secure point-to-point S IP.\N\NTeleconference Details:\N\NDate: Tuesday\, January 8\, 2008 Startin g time: 8:00 pm\, Pacific Standard Time (GMT -08:00\, San Francisco) Durat ion: 1 hour 30 minutes Meeting number: 896 132 416 Meeting password: hipme eting Teleconference: Dial-in:1-866-752-6974 (US)\NLeader passcode:9710856 \NParticipant passcode:9710856 Host: Richard Paine Host's email address: r ichard.h.paine@boeing.com \N\NRichard H. Paine\NSuccess is getting what yo u want\, happiness is liking what you get!\NCell: 206-854-8199\NIPPhone: 425-373-8296\NEmail: richard.h.paine@boeing.com \N\N SEQUENCE:0 PRIORITY:5 CLASS: CREATED:20071221T224909Z LAST-MODIFIED:20071221T224910Z STATUS:CONFIRMED TRANSP:OPAQUE X-MICROSOFT-CDO-BUSYSTATUS:BUSY X-MICROSOFT-CDO-INSTTYPE:0 X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY X-MICROSOFT-CDO-ALLDAYEVENT:FALSE X-MICROSOFT-CDO-IMPORTANCE:1 X-MICROSOFT-CDO-OWNERAPPTID:1461045207 X-MICROSOFT-CDO-APPT-SEQUENCE:0 X-MICROSOFT-CDO-ATTENDEE-CRITICAL-CHANGE:20071221T224832Z X-MICROSOFT-CDO-OWNER-CRITICAL-CHANGE:20071221T224832Z BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:REMINDER TRIGGER;RELATED=START:-PT00H15M00S END:VALARM END:VEVENT END:VCALENDAR ------_=_NextPart_001_01C84423.B3692020-- --===============1173254436== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============1173254436==-- From hipsec-bounces@lists.ietf.org Fri Dec 21 17:55:53 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qlT-0003EJ-AZ; Fri, 21 Dec 2007 17:54:47 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J5qlS-0003Dx-6F; Fri, 21 Dec 2007 17:54:46 -0500 Received: from slb-smtpout-01.boeing.com ([130.76.64.48]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J5qlJ-0004bM-9V; Fri, 21 Dec 2007 17:54:46 -0500 Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [192.42.227.216]) by slb-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id lBLMsawi009075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Dec 2007 14:54:36 -0800 (PST) Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id lBLMsaZD004139; Fri, 21 Dec 2007 14:54:36 -0800 (PST) Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id lBLMsa6W004133; Fri, 21 Dec 2007 14:54:36 -0800 (PST) Received: from XCH-NW-2V2.nw.nos.boeing.com ([130.247.55.18]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Dec 2007 14:54:35 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:calendarmessage MIME-Version: 1.0 Date: Fri, 21 Dec 2007 14:54:33 -0800 Message-ID: <0C549DAFE1A8004D8EB57ACDD108646D070BA68B@XCH-NW-2V2.nw.nos.boeing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: P2PSIP and HIP Joint Meeting on the Boeing VOIP HIPImplementation Thread-Index: AchEJF77+AuPbUl7TLicLKCnqCbpYw== From: "Paine, Richard H" To: "Venema, Steve A" , "Mattes, David" , "Brewer, Orlie T" , , X-OriginalArrivalTime: 21 Dec 2007 22:54:35.0887 (UTC) FILETIME=[75611FF0:01C84424] X-Spam-Score: -4.0 (----) X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365 Cc: Subject: [Hipsec] P2PSIP and HIP Joint Meeting on the Boeing VOIP HIPImplementation X-BeenThere: hipsec@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0007641063==" Errors-To: hipsec-bounces@lists.ietf.org This is a multi-part message in MIME format. --===============0007641063== Content-class: urn:content-classes:calendarmessage Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C84424.7530E116" This is a multi-part message in MIME format. ------_=_NextPart_001_01C84424.7530E116 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable When: Tuesday, January 08, 2008 8:00 AM-9:30 AM (GMT-08:00) Pacific Time = (US & Canada). Where: Virtual (866-752-6974 Passcode: 9710856# *~*~*~*~*~*~*~*~*~* The teleconference is per a meeting at the Vancouver IETF on Friday, Dec = 7, 2007 that was a joint meeting of the HIP and P2PSIP Working Groups. = The joint meeting determined the need to look at the Boeing = demonstration of SIP over HIP. The demonstration used an = IEEE802.11-WPA-wireless connection to the Boeing Intranet and the SIP = call traversed both the wireless and wired network securely to get to a = wired laptop. The call occurred in a HIP namespace using a = cryptographic identity as an SPI value in the ESP field. This teleconference is being held to discuss the white paper on the = demonstration and the use of HIP for secure point-to-point SIP. Teleconference Details: Date: Tuesday, January 8, 2008 Starting time: 8:00 pm, Pacific Standard = Time (GMT -08:00, San Francisco) Duration: 1 hour 30 minutes Meeting = number: 896 132 416 Meeting password: hipmeeting Teleconference: = Dial-in:1-866-752-6974 (US) Leader passcode:9710856 Participant passcode:9710856 Host: Richard Paine Host's email address: = richard.h.paine@boeing.com=20 Richard H. Paine Success is getting what you want, happiness is liking what you get! Cell: 206-854-8199 IPPhone: 425-373-8296 Email: richard.h.paine@boeing.com=20 ------_=_NextPart_001_01C84424.7530E116 Content-class: urn:content-classes:calendarmessage Content-Type: text/calendar; method=REQUEST; name="meeting.ics" Content-Transfer-Encoding: 8bit BEGIN:VCALENDAR METHOD:REQUEST PRODID:Microsoft CDO for Microsoft Exchange VERSION:2.0 BEGIN:VTIMEZONE TZID:(GMT-08.00) Pacific Time (US & Canada)/Tijuana X-MICROSOFT-CDO-TZID:13 BEGIN:STANDARD DTSTART:16010101T020000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=11;BYDAY=1SU END:STANDARD BEGIN:DAYLIGHT DTSTART:16010101T020000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=2SU END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20071221T225357Z DTSTART;TZID="(GMT-08.00) Pacific Time (US & Canada)/Tijuana":20080108T0800 00 SUMMARY:P2PSIP and HIP Joint Meeting on the Boeing VOIP HIPImplementation UID:040000008200E00074C5B7101A82E0080000000080ACA250E143C801000000000000000 01000000020FE7606F6D5FC42BF9DE36E7AF87CFA ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Venema, S teve A":MAILTO:Steve.A.Venema@boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="Mattes, D avid":MAILTO:david.mattes@boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="'Brewer, Orlie T'":MAILTO:brewer@thumper.rt.cs.boeing.com ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="'p2psip@i etf.org'":MAILTO:p2psip@ietf.org ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE;CN="'hipsec@i etf.org'":MAILTO:hipsec@ietf.org ORGANIZER;CN="Paine, Richard H":MAILTO:richard.h.paine@boeing.com LOCATION:Virtual (866-752-6974 Passcode: 9710856# DTEND;TZID="(GMT-08.00) Pacific Time (US & Canada)/Tijuana":20080108T093000 DESCRIPTION:The teleconference is per a meeting at the Vancouver IETF on Fr iday\, Dec 7\, 2007 that was a joint meeting of the HIP and P2PSIP Working Groups. The joint meeting determined the need to look at the Boeing demo nstration of SIP over HIP. The demonstration used an IEEE802.11-WPA-wirel ess connection to the Boeing Intranet and the SIP call traversed both the wireless and wired network securely to get to a wired laptop. The call oc curred in a HIP namespace using a cryptographic identity as an SPI value i n the ESP field.\N\NThis teleconference is being held to discuss the white paper on the demonstration and the use of HIP for secure point-to-point S IP.\N\NTeleconference Details:\N\NDate: Tuesday\, January 8\, 2008 Startin g time: 8:00 pm\, Pacific Standard Time (GMT -08:00\, San Francisco) Durat ion: 1 hour 30 minutes Meeting number: 896 132 416 Meeting password: hipme eting Teleconference: Dial-in:1-866-752-6974 (US)\NLeader passcode:9710856 \NParticipant passcode:9710856 Host: Richard Paine Host's email address: r ichard.h.paine@boeing.com \N\NRichard H. Paine\NSuccess is getting what yo u want\, happiness is liking what you get!\NCell: 206-854-8199\NIPPhone: 425-373-8296\NEmail: richard.h.paine@boeing.com \N SEQUENCE:0 PRIORITY:5 CLASS: CREATED:20071221T225435Z LAST-MODIFIED:20071221T225435Z STATUS:CONFIRMED TRANSP:OPAQUE X-MICROSOFT-CDO-BUSYSTATUS:BUSY X-MICROSOFT-CDO-INSTTYPE:0 X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY X-MICROSOFT-CDO-ALLDAYEVENT:FALSE X-MICROSOFT-CDO-IMPORTANCE:1 X-MICROSOFT-CDO-OWNERAPPTID:1471530967 X-MICROSOFT-CDO-APPT-SEQUENCE:0 X-MICROSOFT-CDO-ATTENDEE-CRITICAL-CHANGE:20071221T225357Z X-MICROSOFT-CDO-OWNER-CRITICAL-CHANGE:20071221T225357Z BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:REMINDER TRIGGER;RELATED=START:-PT00H15M00S END:VALARM END:VEVENT END:VCALENDAR ------_=_NextPart_001_01C84424.7530E116-- --===============0007641063== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec --===============0007641063==--