From nobody Thu Jun 11 06:41:59 2020 Return-Path: X-Original-To: i2rs@ietf.org Delivered-To: i2rs@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 232C03A082C; Thu, 11 Jun 2020 06:41:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 7.3.1 Auto-Submitted: auto-generated Precedence: bulk CC: i2rs-chairs@ietf.org, draft-ietf-i2rs-yang-l2-network-topology@ietf.org, martin.vigoureux@nokia.com, i2rs@ietf.org Reply-To: last-call@ietf.org Sender: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <159188291312.27916.6873972881231325195@ietfa.amsl.com> Date: Thu, 11 Jun 2020 06:41:53 -0700 Archived-At: Subject: [i2rs] Last Call: (A YANG Data Model for Layer-2 Network Topologies) to Proposed Standard X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2020 13:41:53 -0000 The IESG has received a request from the Interface to the Routing System WG (i2rs) to consider the following document: - 'A YANG Data Model for Layer-2 Network Topologies' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2020-06-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document defines a YANG data model for Layer 2 network topologies. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l2-network-topology/ No IPR declarations have been submitted directly on this I-D. From nobody Tue Jun 23 06:52:09 2020 Return-Path: X-Original-To: i2rs@ietf.org Delivered-To: i2rs@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6E33A0E12; Tue, 23 Jun 2020 06:52:02 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Ladislav Lhotka via Datatracker To: Cc: last-call@ietf.org, draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, i2rs@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 7.3.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <159292032253.25999.14074401115344645476@ietfa.amsl.com> Reply-To: Ladislav Lhotka Date: Tue, 23 Jun 2020 06:52:02 -0700 Archived-At: Subject: [i2rs] Yangdoctors last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2020 13:52:03 -0000 Reviewer: Ladislav Lhotka Review result: Ready with Nits I already reviewed revision -04 of this document with the conclusion that from YANG point of view it is ready to be published. It is still the case with the current revision -13. All my earlier comments have been addressed. I appreciate the example in Appendix B, it is really useful. However, I discovered several problems with the JSON instance data: - In all 6 entries of the "ietf-network-topology:link" list, commas are missing after the "source" object. - The identifier "ietf-l2-topology:l2-termination-point-attributes" is split between two lines (7 times), which makes it invalid. While this is explained in the introductory text, I would suggest to find another way of satisfying the 72 character limit that doesn't affect the instance data validity. One option is to use the convention of draft-ietf-netmod-artwork-folding-12, but it is also possible to simply dedent the offending lines. - According to the rules of RFC 7951, the identifier of "termination-point" list needs to be qualified with module name, i.e. "ietf-network-topology:termination-point". - The format of "mac-address" leaves doesn't match the regex pattern of their types: semicolons rather than dashes have to be used as octet separators. From nobody Wed Jun 24 10:07:40 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 781673A10EC for ; Wed, 24 Jun 2020 10:07:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=venaas-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYTjtZcgveob for ; Wed, 24 Jun 2020 10:07:35 -0700 (PDT) Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98FCD3A10BE for ; Wed, 24 Jun 2020 10:07:35 -0700 (PDT) Received: by mail-ej1-x632.google.com with SMTP id q19so3184858eja.7 for ; Wed, 24 Jun 2020 10:07:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venaas-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=PghgYIGzc/l39A3ennDNafjZ/6ku/7itWYtq7/KFMDk=; b=lKd1RmyO4jUQdShNv++wmPLPXOyxfImincGb9isvk9ElzOOVfS2GPiT9tHDfYJTKZh fuJPsLyV3feUMyHbDZMfYMSrBmaZXOt2ka3/SRLZyoHE+ITJ6G1Mcmn0MR1NsR+4SfNQ DDAhkxlxHm0Tj9c56tDoENFbqYKy/Jc0THYK1HBgFz1ES7I1eyAAgwnZGlE7fRxSSZyz +gl3dTzBw4ZcmwcN+X14Eb1Chqtp13qfmLYL+lXdqqWd+lIEWTK01ho+VhHJocOuKGQg 2IKFEpdZi68RnBvHKDMMEfw7Y+WS68jXneRWSU7ZqeuSBIh7ihlNnJjFa62TzSGY4fnU 3z/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=PghgYIGzc/l39A3ennDNafjZ/6ku/7itWYtq7/KFMDk=; b=jxkPUoYAd8SSIw0VFxTPnnGzYeetnV0PvxpyPbGuXhqrbHTk/1spHm/7adveszCstF 0Vsa6xY0RoEDLbSulZPMpIcAVk1w6KULYMAdNFrwCcA1Eo5ZgeZ9CxjIOPi7Aqoofe6z 1twl4F9A8If6IjWMnt7pSofpmSKKOj+a4A3REZ96tDJQHvOV5e/8wFBSrN8gkO4kDC2G 0AEoyiKFlzPVTTXlBj/+RVAj4ILXw4dgGWm+x5WVJRrhRklbT3URJOlei5dOXep7l2fa BCprm+L6QiuZ143FJqYm+aFIlhfp8A0XWKh0a/vUXoxJCDCTANArnwzsoVVkf63LSiKu 0lyQ== X-Gm-Message-State: AOAM532/ETtQ4IaN4SCOF7jJSQLUIO+eTLwy8DXPqnkELDRT1qbuevEC ukwCUAleGLfgpccWz+/dfjGT0YtxFJ0y71idQ51hXw== X-Google-Smtp-Source: ABdhPJwDUAypL20MyUY9A2VvS4q5GPgujq9F6Fww+48vPyXWBV5u5LegTeTrhlIH7JZQnSJTQU4ixZOAgry4cJ4sPRU= X-Received: by 2002:a17:906:5250:: with SMTP id y16mr26006146ejm.3.1593018453833; Wed, 24 Jun 2020 10:07:33 -0700 (PDT) MIME-Version: 1.0 From: Stig Venaas Date: Wed, 24 Jun 2020 10:07:23 -0700 Message-ID: To: "" Cc: rtg-dir@ietf.org, draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, i2rs@ietf.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: [i2rs] RtgDir review: draft-ietf-i2rs-yang-l2-network-topology-13.txt X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2020 17:07:37 -0000 Hello, I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-i2rs-yang-l2-network-topology-13.txt Reviewer: Stig Venaas Review Date: 2020-06-24 IETF LC End Date: 2020-06-25 Intended Status: Standards Track Summary: This document is basically ready for publication, but has nits that should be considered prior to publication. Comments: The document is well written and easy to read. I only found some minor nits that should be taken care of. Major Issues: No major issues found. Minor Issues: No minor issues found. Nits: The idnits tool found some nits; regarding references in particular. There may be some minor model issues, tracker says: Yang Validation 9 errors, 2 warnings. The abstract is rather short, I think it would be worth going into a little more detail. In Introduction =E2=80=9CA sample example=E2=80=9D should maybe just be =E2= =80=9CAn example=E2=80=9D? For grouping l2-network-type, shouldn=E2=80=99t =E2=80=9Cindicates=E2=80=9D= be capitalized? presence "indicates L2 Network"; For leaf maximum-frame-size, missing space before PPP if L2 frame is other type (e.g.,PPP), the L2 For l2-termination-point-type, leaf tag, should say =E2=80=9Cis supported= =E2=80=9D "Defines whether lag is support or not."; In the security considerations, should be =E2=80=9Cdefines=E2=80=9D The Layer 2 topology module define In Appendix A, should say =E2=80=9Crepresents=E2=80=9D. implementations, a corresponding companion module is defined that represent the operational state of layer 2 network topologies. The Regards, Stig From nobody Wed Jun 24 11:13:44 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE8B3A1113; Wed, 24 Jun 2020 11:13:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W7siZsaLeHJw; Wed, 24 Jun 2020 11:13:37 -0700 (PDT) Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26AF3A10A7; Wed, 24 Jun 2020 11:13:36 -0700 (PDT) Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar24.francetelecom.fr (ESMTP service) with ESMTP id 49sWVR0jF3z5w4V; Wed, 24 Jun 2020 20:13:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1593022415; bh=826G/KrrbANKHsk1By2AKT+W6DnlcU8ICtdQ8Zfy9G8=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=VgZd8g85j7qnopO/NeKM46BALEsdhDwMA65kM75rmxjcsfyl2cUNufi3UR2+3F539 Xz0dWhyejxG66lJeKWvjREOOjvuyXmxxvCdQPLgl6xM5zRB3/UoooCGAItY25Qj+hn qudUz8eEvMjwdv8T6wVDqG8PPfOrNnnWDv+BlWpJS5+tPCp6JQFPYdT9jVy2rTko52 G/xzgoy9xmlQDJ66S0e0dwGxz3aYka1NQpM/H5yn3UdlwnRjlIoCK9yJtUmpOP4O2m JiF62QrGz+77SfkrhTRABNbtGRd6jEu/1d/8PLVOQG0sWGGm8U/lJFNn7YCZYRDZVE foy916vNVNHvw== Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.23]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 49sWVQ6YR9z2xCX; Wed, 24 Jun 2020 20:13:34 +0200 (CEST) From: To: Stig Venaas , "" CC: "rtg-dir@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "i2rs@ietf.org" Thread-Topic: RtgDir review: draft-ietf-i2rs-yang-l2-network-topology-13.txt Thread-Index: AQHWSkn+jc8tKo+GPEq5R2VzLhcFIqjoDo3g Date: Wed, 24 Jun 2020 18:13:33 +0000 Message-ID: <10633_1593022414_5EF397CE_10633_415_1_787AE7BB302AE849A7480A190F8B9330314E691E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> References: In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.114.13.247] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [i2rs] RtgDir review: draft-ietf-i2rs-yang-l2-network-topology-13.txt X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2020 18:13:39 -0000 SGkgU3RpZywgDQoNClRoYW5rIHlvdSBmb3IgdGhlIHJldmlldy4gVGhlc2Ugbml0cyB3aWxsIGJl IGZpeGVkIGluIHRoZSBuZXh0IGl0ZXJhdGlvbi4gDQoNCkFzIHBlciB0aGlzIGNvbW1lbnQ6IA0K DQoiVGhlcmUgbWF5IGJlIHNvbWUgbWlub3IgbW9kZWwgaXNzdWVzLCB0cmFja2VyIHNheXM6IFlh bmcgVmFsaWRhdGlvbiA5IGVycm9ycywgMiB3YXJuaW5ncy4iIA0KDQpBY3R1YWxseSwgdGhpcyBp cyBhbiBpc3N1ZSBvZiB0aGUgSUVURiBkYXRhdHJhY2tlciB0aGF0IG9ubHkgcG9wdWxhdGVzIGlu IElFVEYtZGVmaW5lZCBtb2R1bGVzLiBJbiBwYXJ0aWN1bGFyLCBJRUVFLXJlbGF0ZWQgbW9kdWxl cyBhcmUgbm90IHBvcHVsYXRlZCBpbiBhcyByZXZlYWxlZCBieSB0aGUgZXJyb3IgbWVzc2FnZToN Cg0KPT0NCmlldGYtbDItdG9wb2xvZ3lAMjAxOS0xMC0xNS55YW5nOjMxOiBlcnJvcjogbW9kdWxl ICJpZWVlODAyLWRvdDFxLXR5cGVzIiBub3QgZm91bmQgaW4gc2VhcmNoIHBhdGgNCj09DQoNClVu bGVzcyBJJ20gbWlzdGFrZW4sIFN1ZSBoYXMgcmVwb3J0ZWQgdGhpcyBpc3N1ZSBpbiB0aGUgd3Jp dGUtdXAuIFdpbGwgbG9vayBmdXJ0aGVyIG9uIHRoZSB3YXJuaW5ncywgdGhvdWdoLiANCg0KQ2hl ZXJzLA0KTWVkDQoNCj4gLS0tLS1NZXNzYWdlIGQnb3JpZ2luZS0tLS0tDQo+IERlwqA6IFN0aWcg VmVuYWFzIFttYWlsdG86c3RpZ0B2ZW5hYXMuY29tXQ0KPiBFbnZvecOpwqA6IG1lcmNyZWRpIDI0 IGp1aW4gMjAyMCAxOTowNw0KPiDDgMKgOiA8cnRnLWFkc0BpZXRmLm9yZz4NCj4gQ2PCoDogcnRn LWRpckBpZXRmLm9yZzsgZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay0NCj4gdG9wb2xv Z3kuYWxsQGlldGYub3JnOyBpMnJzQGlldGYub3JnDQo+IE9iamV0wqA6IFJ0Z0RpciByZXZpZXc6 IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3ktMTMudHh0DQo+IA0KPiBI ZWxsbywNCj4gDQo+IEkgaGF2ZSBiZWVuIHNlbGVjdGVkIGFzIHRoZSBSb3V0aW5nIERpcmVjdG9y YXRlIHJldmlld2VyIGZvciB0aGlzDQo+IGRyYWZ0LiBUaGUgUm91dGluZyBEaXJlY3RvcmF0ZSBz ZWVrcyB0byByZXZpZXcgYWxsIHJvdXRpbmcgb3INCj4gcm91dGluZy1yZWxhdGVkIGRyYWZ0cyBh cyB0aGV5IHBhc3MgdGhyb3VnaCBJRVRGIGxhc3QgY2FsbCBhbmQgSUVTRw0KPiByZXZpZXcsIGFu ZCBzb21ldGltZXMgb24gc3BlY2lhbCByZXF1ZXN0LiBUaGUgcHVycG9zZSBvZiB0aGUgcmV2aWV3 IGlzDQo+IHRvIHByb3ZpZGUgYXNzaXN0YW5jZSB0byB0aGUgUm91dGluZyBBRHMuIEZvciBtb3Jl IGluZm9ybWF0aW9uIGFib3V0DQo+IHRoZSBSb3V0aW5nIERpcmVjdG9yYXRlLCBwbGVhc2Ugc2Vl DQo+IGh0dHA6Ly90cmFjLnRvb2xzLmlldGYub3JnL2FyZWEvcnRnL3RyYWMvd2lraS9SdGdEaXIN Cj4gDQo+IEFsdGhvdWdoIHRoZXNlIGNvbW1lbnRzIGFyZSBwcmltYXJpbHkgZm9yIHRoZSB1c2Ug b2YgdGhlIFJvdXRpbmcgQURzLA0KPiBpdCB3b3VsZCBiZSBoZWxwZnVsIGlmIHlvdSBjb3VsZCBj b25zaWRlciB0aGVtIGFsb25nIHdpdGggYW55IG90aGVyDQo+IElFVEYgTGFzdCBDYWxsIGNvbW1l bnRzIHRoYXQgeW91IHJlY2VpdmUsIGFuZCBzdHJpdmUgdG8gcmVzb2x2ZSB0aGVtDQo+IHRocm91 Z2ggZGlzY3Vzc2lvbiBvciBieSB1cGRhdGluZyB0aGUgZHJhZnQuDQo+IA0KPiBEb2N1bWVudDog ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0xMy50eHQNCj4gUmV2aWV3 ZXI6IFN0aWcgVmVuYWFzDQo+IFJldmlldyBEYXRlOiAyMDIwLTA2LTI0DQo+IElFVEYgTEMgRW5k IERhdGU6IDIwMjAtMDYtMjUNCj4gSW50ZW5kZWQgU3RhdHVzOiBTdGFuZGFyZHMgVHJhY2sNCj4g DQo+IFN1bW1hcnk6DQo+IFRoaXMgZG9jdW1lbnQgaXMgYmFzaWNhbGx5IHJlYWR5IGZvciBwdWJs aWNhdGlvbiwgYnV0IGhhcyBuaXRzIHRoYXQNCj4gc2hvdWxkIGJlIGNvbnNpZGVyZWQgcHJpb3Ig dG8gcHVibGljYXRpb24uDQo+IA0KPiBDb21tZW50czoNCj4gVGhlIGRvY3VtZW50IGlzIHdlbGwg d3JpdHRlbiBhbmQgZWFzeSB0byByZWFkLiBJIG9ubHkgZm91bmQgc29tZSBtaW5vcg0KPiBuaXRz IHRoYXQgc2hvdWxkIGJlIHRha2VuIGNhcmUgb2YuDQo+IA0KPiBNYWpvciBJc3N1ZXM6DQo+IE5v IG1ham9yIGlzc3VlcyBmb3VuZC4NCj4gDQo+IE1pbm9yIElzc3VlczoNCj4gTm8gbWlub3IgaXNz dWVzIGZvdW5kLg0KPiANCj4gTml0czoNCj4gDQo+IFRoZSBpZG5pdHMgdG9vbCBmb3VuZCBzb21l IG5pdHM7IHJlZ2FyZGluZyByZWZlcmVuY2VzIGluIHBhcnRpY3VsYXIuDQo+IA0KPiBUaGVyZSBt YXkgYmUgc29tZSBtaW5vciBtb2RlbCBpc3N1ZXMsIHRyYWNrZXIgc2F5czogWWFuZyBWYWxpZGF0 aW9uIDkNCj4gZXJyb3JzLCAyIHdhcm5pbmdzLg0KPiANCj4gVGhlIGFic3RyYWN0IGlzIHJhdGhl ciBzaG9ydCwgSSB0aGluayBpdCB3b3VsZCBiZSB3b3J0aCBnb2luZyBpbnRvIGENCj4gbGl0dGxl IG1vcmUgZGV0YWlsLg0KPiANCj4gSW4gSW50cm9kdWN0aW9uIOKAnEEgc2FtcGxlIGV4YW1wbGXi gJ0gc2hvdWxkIG1heWJlIGp1c3QgYmUg4oCcQW4gZXhhbXBsZeKAnT8NCj4gDQo+IEZvciBncm91 cGluZyBsMi1uZXR3b3JrLXR5cGUsIHNob3VsZG7igJl0IOKAnGluZGljYXRlc+KAnSBiZSBjYXBp dGFsaXplZD8NCj4gICAgICAgcHJlc2VuY2UgImluZGljYXRlcyBMMiBOZXR3b3JrIjsNCj4gDQo+ IEZvciBsZWFmIG1heGltdW0tZnJhbWUtc2l6ZSwgbWlzc2luZyBzcGFjZSBiZWZvcmUgUFBQDQo+ ICAgICAgIGlmIEwyIGZyYW1lIGlzIG90aGVyIHR5cGUgKGUuZy4sUFBQKSwgdGhlIEwyDQo+IA0K PiBGb3IgbDItdGVybWluYXRpb24tcG9pbnQtdHlwZSwgbGVhZiB0YWcsIHNob3VsZCBzYXkg4oCc aXMgc3VwcG9ydGVk4oCdDQo+ICAgICAgICJEZWZpbmVzIHdoZXRoZXIgbGFnIGlzIHN1cHBvcnQg b3Igbm90LiI7DQo+IA0KPiBJbiB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHNob3VsZCBi ZSDigJxkZWZpbmVz4oCdDQo+ICAgICAgIFRoZSBMYXllciAyIHRvcG9sb2d5IG1vZHVsZSBkZWZp bmUNCj4gDQo+IEluIEFwcGVuZGl4IEEsIHNob3VsZCBzYXkg4oCccmVwcmVzZW50c+KAnS4NCj4g ICAgICAgaW1wbGVtZW50YXRpb25zLCBhIGNvcnJlc3BvbmRpbmcgY29tcGFuaW9uIG1vZHVsZSBp cyBkZWZpbmVkIHRoYXQNCj4gICAgICAgcmVwcmVzZW50IHRoZSBvcGVyYXRpb25hbCBzdGF0ZSBv ZiBsYXllciAyIG5ldHdvcmsgdG9wb2xvZ2llcy4gIFRoZQ0KPiANCj4gUmVnYXJkcywNCj4gU3Rp Zw0KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18KCkNlIG1lc3NhZ2UgZXQgc2VzIHBpZWNlcyBqb2ludGVzIHBldXZlbnQgY29u dGVuaXIgZGVzIGluZm9ybWF0aW9ucyBjb25maWRlbnRpZWxsZXMgb3UgcHJpdmlsZWdpZWVzIGV0 IG5lIGRvaXZlbnQgZG9uYwpwYXMgZXRyZSBkaWZmdXNlcywgZXhwbG9pdGVzIG91IGNvcGllcyBz YW5zIGF1dG9yaXNhdGlvbi4gU2kgdm91cyBhdmV6IHJlY3UgY2UgbWVzc2FnZSBwYXIgZXJyZXVy LCB2ZXVpbGxleiBsZSBzaWduYWxlcgphIGwnZXhwZWRpdGV1ciBldCBsZSBkZXRydWlyZSBhaW5z aSBxdWUgbGVzIHBpZWNlcyBqb2ludGVzLiBMZXMgbWVzc2FnZXMgZWxlY3Ryb25pcXVlcyBldGFu dCBzdXNjZXB0aWJsZXMgZCdhbHRlcmF0aW9uLApPcmFuZ2UgZGVjbGluZSB0b3V0ZSByZXNwb25z YWJpbGl0ZSBzaSBjZSBtZXNzYWdlIGEgZXRlIGFsdGVyZSwgZGVmb3JtZSBvdSBmYWxzaWZpZS4g TWVyY2kuCgpUaGlzIG1lc3NhZ2UgYW5kIGl0cyBhdHRhY2htZW50cyBtYXkgY29udGFpbiBjb25m aWRlbnRpYWwgb3IgcHJpdmlsZWdlZCBpbmZvcm1hdGlvbiB0aGF0IG1heSBiZSBwcm90ZWN0ZWQg YnkgbGF3Owp0aGV5IHNob3VsZCBub3QgYmUgZGlzdHJpYnV0ZWQsIHVzZWQgb3IgY29waWVkIHdp dGhvdXQgYXV0aG9yaXNhdGlvbi4KSWYgeW91IGhhdmUgcmVjZWl2ZWQgdGhpcyBlbWFpbCBpbiBl cnJvciwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGFuZCBkZWxldGUgdGhpcyBtZXNzYWdlIGFu ZCBpdHMgYXR0YWNobWVudHMuCkFzIGVtYWlscyBtYXkgYmUgYWx0ZXJlZCwgT3JhbmdlIGlzIG5v dCBsaWFibGUgZm9yIG1lc3NhZ2VzIHRoYXQgaGF2ZSBiZWVuIG1vZGlmaWVkLCBjaGFuZ2VkIG9y IGZhbHNpZmllZC4KVGhhbmsgeW91LgoK From nobody Wed Jun 24 12:24:54 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A0E3A10C2; Wed, 24 Jun 2020 12:24:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.948 X-Spam-Level: X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sp41pERM430P; Wed, 24 Jun 2020 12:24:51 -0700 (PDT) Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1CFF3A11B8; Wed, 24 Jun 2020 12:24:44 -0700 (PDT) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=166.170.22.63; From: "Susan Hares" To: , "'Stig Venaas'" , Cc: , , References: <10633_1593022414_5EF397CE_10633_415_1_787AE7BB302AE849A7480A190F8B9330314E691E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> In-Reply-To: <10633_1593022414_5EF397CE_10633_415_1_787AE7BB302AE849A7480A190F8B9330314E691E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> Date: Wed, 24 Jun 2020 15:24:37 -0400 Message-ID: <001601d64a5d$1a30ad60$4e920820$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLhPOLup/Ik+OOavEMMztXCUAwxugGe09qmpsVJrdA= Content-Language: en-us X-Antivirus: AVG (VPS 200624-2, 06/24/2020), Outbound message X-Antivirus-Status: Not-Tested X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [i2rs] RtgDir review: draft-ietf-i2rs-yang-l2-network-topology-13.txt X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2020 19:24:53 -0000 Med:=20 I did report the issue in the write-up, and the Tools people said they = were working on it.=20 Sue=20 -----Original Message----- From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] = Sent: Wednesday, June 24, 2020 2:14 PM To: Stig Venaas; Cc: rtg-dir@ietf.org; = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; i2rs@ietf.org Subject: RE: RtgDir review: = draft-ietf-i2rs-yang-l2-network-topology-13.txt Hi Stig,=20 Thank you for the review. These nits will be fixed in the next = iteration.=20 As per this comment:=20 "There may be some minor model issues, tracker says: Yang Validation 9 = errors, 2 warnings."=20 Actually, this is an issue of the IETF datatracker that only populates = in IETF-defined modules. In particular, IEEE-related modules are not = populated in as revealed by the error message: =3D=3D ietf-l2-topology@2019-10-15.yang:31: error: module "ieee802-dot1q-types" = not found in search path =3D=3D Unless I'm mistaken, Sue has reported this issue in the write-up. Will = look further on the warnings, though.=20 Cheers, Med > -----Message d'origine----- > De : Stig Venaas [mailto:stig@venaas.com] Envoy=C3=A9 : mercredi 24 = juin=20 > 2020 19:07 =C3=80 : Cc : rtg-dir@ietf.org;=20 > draft-ietf-i2rs-yang-l2-network- topology.all@ietf.org; i2rs@ietf.org=20 > Objet : RtgDir review: draft-ietf-i2rs-yang-l2-network-topology-13.txt >=20 > Hello, >=20 > I have been selected as the Routing Directorate reviewer for this=20 > draft. The Routing Directorate seeks to review all routing or=20 > routing-related drafts as they pass through IETF last call and IESG=20 > review, and sometimes on special request. The purpose of the review is = > to provide assistance to the Routing ADs. For more information about=20 > the Routing Directorate, please see=20 > http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir >=20 > Although these comments are primarily for the use of the Routing ADs,=20 > it would be helpful if you could consider them along with any other=20 > IETF Last Call comments that you receive, and strive to resolve them=20 > through discussion or by updating the draft. >=20 > Document: draft-ietf-i2rs-yang-l2-network-topology-13.txt > Reviewer: Stig Venaas > Review Date: 2020-06-24 > IETF LC End Date: 2020-06-25 > Intended Status: Standards Track >=20 > Summary: > This document is basically ready for publication, but has nits that=20 > should be considered prior to publication. >=20 > Comments: > The document is well written and easy to read. I only found some minor = > nits that should be taken care of. >=20 > Major Issues: > No major issues found. >=20 > Minor Issues: > No minor issues found. >=20 > Nits: >=20 > The idnits tool found some nits; regarding references in particular. >=20 > There may be some minor model issues, tracker says: Yang Validation 9=20 > errors, 2 warnings. >=20 > The abstract is rather short, I think it would be worth going into a=20 > little more detail. >=20 > In Introduction =E2=80=9CA sample example=E2=80=9D should maybe just = be =E2=80=9CAn example=E2=80=9D? >=20 > For grouping l2-network-type, shouldn=E2=80=99t = =E2=80=9Cindicates=E2=80=9D be capitalized? > presence "indicates L2 Network"; >=20 > For leaf maximum-frame-size, missing space before PPP > if L2 frame is other type (e.g.,PPP), the L2 >=20 > For l2-termination-point-type, leaf tag, should say =E2=80=9Cis = supported=E2=80=9D > "Defines whether lag is support or not."; >=20 > In the security considerations, should be =E2=80=9Cdefines=E2=80=9D > The Layer 2 topology module define >=20 > In Appendix A, should say =E2=80=9Crepresents=E2=80=9D. > implementations, a corresponding companion module is defined = that > represent the operational state of layer 2 network topologies. =20 > The >=20 > Regards, > Stig _________________________________________________________________________= ________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations = confidentielles ou privilegiees et ne doivent donc pas etre diffuses, = exploites ou copies sans autorisation. Si vous avez recu ce message par = erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les = pieces jointes. Les messages electroniques etant susceptibles = d'alteration, Orange decline toute responsabilite si ce message a ete = altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged = information that may be protected by law; they should not be = distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and = delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have = been modified, changed or falsified. Thank you. From nobody Wed Jun 24 22:01:05 2020 Return-Path: X-Original-To: i2rs@ietf.org Delivered-To: i2rs@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2149B3A00C0; Wed, 24 Jun 2020 22:01:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Christian Huitema via Datatracker To: Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, i2rs@ietf.org, last-call@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 7.4.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <159306126401.5613.2130163467049929604@ietfa.amsl.com> Reply-To: Christian Huitema Date: Wed, 24 Jun 2020 22:01:04 -0700 Archived-At: Subject: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 05:01:04 -0000 Reviewer: Christian Huitema Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a Yang model for representing Link Layer topologies. Representing such topologies is obviously useful for managing network. The security section is focused on securing the usage of this information for network management, but does not address potential privacy issues. The security considerations explain correctly how altering the link layer information could enable attacks against the network. The proposed remedy is access control, implemented using either SSH or TLS. This is fine, although the discussion of TLS authorisation is a bit short. By default, TLS verifies the identity of the server but not that of the client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD require authentication based on TLS client certificates. I assume that's the intent, but it might be useful to say so. On the other hand, the security considerations do not describe privacy issues, and I find that problematic. The proposed information model lists a number of sensitive data, such as for example the MAC addresses of devices. This information can be misused. For example, applications could assess device location fetching the MAC addresses of local gateways. Third parties could access link local information to gather identities of devices accessing a particular network. Such information is often protected by privacy API in the Operating System, but accessing the Yang module over the network might allow applications to bypass these controls. Client authentication alone does not necessarily protect against these privacy leaks. A classic configuration error would limit write access to authorized users, but to allow read-only access to most users. This kind of error would allow privacy leaks. Given the sensitive nature of MAC addresses and other identifiers, it is useful to warn against such errors. From nobody Thu Jun 25 01:59:02 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5BAF3A0884; Thu, 25 Jun 2020 01:58:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dEd9_BtLUFQW; Thu, 25 Jun 2020 01:58:58 -0700 (PDT) Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42EF23A0882; Thu, 25 Jun 2020 01:58:58 -0700 (PDT) Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 49sv806c2wzyfZ; Thu, 25 Jun 2020 10:58:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1593075536; bh=Y31LQ8HywCNTwKgdxNdwCW8dhK+NJvydJ56Rz2A5Ayo=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=R37Yv08MmNOBZ0wWhFV9wePCtMXkHXSU1SjVKqb5860iDA0WwTmxwRjrx9MARpDGA 0qmHj3iMollCvFJDwtcPdt9KvbZatQkYixjerkCIbrwXQWU3k240K8ba0di6drVWO/ x8GV4BtPadPZ1XuuxgdWp0jBIkycTvk4cCf2LwqHdDT/rOdfOfJfqBVN0pAaX2iecB X76A8SriMMk+sEGPghkynuQdmQ00nEXuC8WxoYh1k2tl7BSdLnByjuF0gWS6Tu0xms o2dJjxN71eLYI3J/WeoTgvRWGOJZYuiGZqbHgmc7BL2XoAhcBHeTa+56MgGfp9akPf Hm27VZMsbhvmg== Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.23]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id 49sv805nlDzDq7L; Thu, 25 Jun 2020 10:58:56 +0200 (CEST) From: To: Ladislav Lhotka , "yang-doctors@ietf.org" CC: "last-call@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "i2rs@ietf.org" Thread-Topic: Yangdoctors last call review of draft-ietf-i2rs-yang-l2-network-topology-13 Thread-Index: AQHWSWV73QgI8kN43ka/Q+H8n+VA0ajpCGMw Date: Thu, 25 Jun 2020 08:58:55 +0000 Message-ID: <22029_1593075536_5EF46750_22029_153_1_787AE7BB302AE849A7480A190F8B9330314E6E61@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> References: <159292032253.25999.14074401115344645476@ietfa.amsl.com> In-Reply-To: <159292032253.25999.14074401115344645476@ietfa.amsl.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.114.13.245] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [i2rs] Yangdoctors last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 08:59:00 -0000 SGkgTGFkYSwgDQoNClRoYW5rIHlvdSBmb3IgdGhlIHJldmlldy4gDQoNCldlIGhhdmUgYWxyZWFk eSBmaXhlZCB0aGUgZmlyc3QgdHdvIGNvbW1lbnRzIGluIG91ciBsb2NhbCBjb3B5LiBXZSB1cGRh dGVkIHRoZSB0ZXh0IHRvIGZpeCB0aGUgdHdvIHJlbWFpbmluZyBvbmVzOiANCg0KRldJVywgdGhl IHVwZGF0ZWQgdGV4dCBjYW4gYmUgc2VlbiBhdDogDQpodHRwczovL2dpdGh1Yi5jb20vYm91Y2Fk YWlyL2RyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kvYmxvYi9tYXN0ZXIv ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0xNC50eHQgDQoNCmRpZmY6 DQpodHRwczovL2dpdGh1Yi5jb20vYm91Y2FkYWlyL2RyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5l dHdvcmstdG9wb2xvZ3kvYmxvYi9tYXN0ZXIvZGlmZi1JRVRGLUxDLnBkZiANCg0KQ2hlZXJzLA0K TWVkDQoNCj4gLS0tLS1NZXNzYWdlIGQnb3JpZ2luZS0tLS0tDQo+IERlwqA6IExhZGlzbGF2IExo b3RrYSB2aWEgRGF0YXRyYWNrZXIgW21haWx0bzpub3JlcGx5QGlldGYub3JnXQ0KPiBFbnZvecOp wqA6IG1hcmRpIDIzIGp1aW4gMjAyMCAxNTo1Mg0KPiDDgMKgOiB5YW5nLWRvY3RvcnNAaWV0Zi5v cmcNCj4gQ2PCoDogbGFzdC1jYWxsQGlldGYub3JnOyBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1u ZXR3b3JrLQ0KPiB0b3BvbG9neS5hbGxAaWV0Zi5vcmc7IGkycnNAaWV0Zi5vcmcNCj4gT2JqZXTC oDogWWFuZ2RvY3RvcnMgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1pZXRmLWkycnMteWFuZy1s Mi1uZXR3b3JrLQ0KPiB0b3BvbG9neS0xMw0KPiANCj4gUmV2aWV3ZXI6IExhZGlzbGF2IExob3Rr YQ0KPiBSZXZpZXcgcmVzdWx0OiBSZWFkeSB3aXRoIE5pdHMNCj4gDQo+IEkgYWxyZWFkeSByZXZp ZXdlZCByZXZpc2lvbiAtMDQgb2YgdGhpcyBkb2N1bWVudCB3aXRoIHRoZSBjb25jbHVzaW9uIHRo YXQNCj4gZnJvbQ0KPiBZQU5HIHBvaW50IG9mIHZpZXcgaXQgaXMgcmVhZHkgdG8gYmUgcHVibGlz aGVkLiBJdCBpcyBzdGlsbCB0aGUgY2FzZSB3aXRoDQo+IHRoZQ0KPiBjdXJyZW50IHJldmlzaW9u IC0xMy4gQWxsIG15IGVhcmxpZXIgY29tbWVudHMgaGF2ZSBiZWVuIGFkZHJlc3NlZC4NCj4gDQo+ IEkgYXBwcmVjaWF0ZSB0aGUgZXhhbXBsZSBpbiBBcHBlbmRpeCBCLCBpdCBpcyByZWFsbHkgdXNl ZnVsLiBIb3dldmVyLCBJDQo+IGRpc2NvdmVyZWQgc2V2ZXJhbCBwcm9ibGVtcyB3aXRoIHRoZSBK U09OIGluc3RhbmNlIGRhdGE6DQo+IA0KPiAtIEluIGFsbCA2IGVudHJpZXMgb2YgdGhlICJpZXRm LW5ldHdvcmstdG9wb2xvZ3k6bGluayIgbGlzdCwgY29tbWFzIGFyZQ0KPiBtaXNzaW5nDQo+IGFm dGVyIHRoZSAic291cmNlIiBvYmplY3QuDQo+IA0KPiAtIFRoZSBpZGVudGlmaWVyICJpZXRmLWwy LXRvcG9sb2d5OmwyLXRlcm1pbmF0aW9uLXBvaW50LWF0dHJpYnV0ZXMiIGlzDQo+IHNwbGl0DQo+ IGJldHdlZW4gdHdvIGxpbmVzICg3IHRpbWVzKSwgd2hpY2ggbWFrZXMgaXQgaW52YWxpZC4gV2hp bGUgdGhpcyBpcw0KPiBleHBsYWluZWQgaW4NCj4gdGhlIGludHJvZHVjdG9yeSB0ZXh0LCBJIHdv dWxkIHN1Z2dlc3QgdG8gZmluZCBhbm90aGVyIHdheSBvZiBzYXRpc2Z5aW5nDQo+IHRoZSA3Mg0K PiBjaGFyYWN0ZXIgbGltaXQgdGhhdCBkb2Vzbid0IGFmZmVjdCB0aGUgaW5zdGFuY2UgZGF0YSB2 YWxpZGl0eS4gT25lIG9wdGlvbg0KPiBpcw0KPiB0byB1c2UgdGhlIGNvbnZlbnRpb24gb2YgZHJh ZnQtaWV0Zi1uZXRtb2QtYXJ0d29yay1mb2xkaW5nLTEyLCBidXQgaXQgaXMNCj4gYWxzbw0KPiBw b3NzaWJsZSB0byBzaW1wbHkgZGVkZW50IHRoZSBvZmZlbmRpbmcgbGluZXMuDQo+IA0KPiAtIEFj Y29yZGluZyB0byB0aGUgcnVsZXMgb2YgUkZDIDc5NTEsIHRoZSBpZGVudGlmaWVyIG9mICJ0ZXJt aW5hdGlvbi1wb2ludCINCj4gbGlzdCBuZWVkcyB0byBiZSBxdWFsaWZpZWQgd2l0aCBtb2R1bGUg bmFtZSwgaS5lLg0KPiAiaWV0Zi1uZXR3b3JrLXRvcG9sb2d5OnRlcm1pbmF0aW9uLXBvaW50Ii4N Cj4gDQo+IC0gVGhlIGZvcm1hdCBvZiAibWFjLWFkZHJlc3MiIGxlYXZlcyBkb2Vzbid0IG1hdGNo IHRoZSByZWdleCBwYXR0ZXJuIG9mDQo+IHRoZWlyDQo+IHR5cGVzOiBzZW1pY29sb25zIHJhdGhl ciB0aGFuIGRhc2hlcyBoYXZlIHRvIGJlIHVzZWQgYXMgb2N0ZXQgc2VwYXJhdG9ycy4NCj4gDQoN CgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fCgpDZSBtZXNzYWdlIGV0IHNlcyBwaWVjZXMgam9pbnRlcyBwZXV2ZW50IGNvbnRl bmlyIGRlcyBpbmZvcm1hdGlvbnMgY29uZmlkZW50aWVsbGVzIG91IHByaXZpbGVnaWVlcyBldCBu ZSBkb2l2ZW50IGRvbmMKcGFzIGV0cmUgZGlmZnVzZXMsIGV4cGxvaXRlcyBvdSBjb3BpZXMgc2Fu cyBhdXRvcmlzYXRpb24uIFNpIHZvdXMgYXZleiByZWN1IGNlIG1lc3NhZ2UgcGFyIGVycmV1ciwg dmV1aWxsZXogbGUgc2lnbmFsZXIKYSBsJ2V4cGVkaXRldXIgZXQgbGUgZGV0cnVpcmUgYWluc2kg cXVlIGxlcyBwaWVjZXMgam9pbnRlcy4gTGVzIG1lc3NhZ2VzIGVsZWN0cm9uaXF1ZXMgZXRhbnQg c3VzY2VwdGlibGVzIGQnYWx0ZXJhdGlvbiwKT3JhbmdlIGRlY2xpbmUgdG91dGUgcmVzcG9uc2Fi aWxpdGUgc2kgY2UgbWVzc2FnZSBhIGV0ZSBhbHRlcmUsIGRlZm9ybWUgb3UgZmFsc2lmaWUuIE1l cmNpLgoKVGhpcyBtZXNzYWdlIGFuZCBpdHMgYXR0YWNobWVudHMgbWF5IGNvbnRhaW4gY29uZmlk ZW50aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24gdGhhdCBtYXkgYmUgcHJvdGVjdGVkIGJ5 IGxhdzsKdGhleSBzaG91bGQgbm90IGJlIGRpc3RyaWJ1dGVkLCB1c2VkIG9yIGNvcGllZCB3aXRo b3V0IGF1dGhvcmlzYXRpb24uCklmIHlvdSBoYXZlIHJlY2VpdmVkIHRoaXMgZW1haWwgaW4gZXJy b3IsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBhbmQgZGVsZXRlIHRoaXMgbWVzc2FnZSBhbmQg aXRzIGF0dGFjaG1lbnRzLgpBcyBlbWFpbHMgbWF5IGJlIGFsdGVyZWQsIE9yYW5nZSBpcyBub3Qg bGlhYmxlIGZvciBtZXNzYWdlcyB0aGF0IGhhdmUgYmVlbiBtb2RpZmllZCwgY2hhbmdlZCBvciBm YWxzaWZpZWQuClRoYW5rIHlvdS4KCg== From nobody Thu Jun 25 06:04:23 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41CA23A083A; Thu, 25 Jun 2020 06:04:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.948 X-Spam-Level: X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QtuJkV3EHlR; Thu, 25 Jun 2020 06:04:20 -0700 (PDT) Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3097E3A0833; Thu, 25 Jun 2020 06:04:19 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.170.22.63; From: "Susan Hares" To: "'Christian Huitema'" , Cc: , , References: <159306126401.5613.2130163467049929604@ietfa.amsl.com> In-Reply-To: <159306126401.5613.2130163467049929604@ietfa.amsl.com> Date: Thu, 25 Jun 2020 09:04:15 -0400 Message-ID: <005401d64af1$2243a2c0$66cae840$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQGr16bjpP16h1NZBzVaEcIfqcfi36k+Liig Content-Language: en-us X-Antivirus: AVG (VPS 200624-2, 06/24/2020), Outbound message X-Antivirus-Status: Not-Tested X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 13:04:22 -0000 Christian: Thank you for catching the privacy issues. =20 I've got a few questions to help the authors scope this change:=20 1) Since this is common to all L2 Topologies, can you or the security = directorate recommend some text that might be appropriate?=20 If you have recommended text, has this text been reviewed by OPS-DIR = and Yang doctors?=20 2) Will it be a problem If we write privacy considerations on IEEE = specifications?=20 3) Do we need to consider the range of deployments of L2 (home, enterprise, public PBB service, national PBB service, Data = centers) Thank you, Sue=20 -----Original Message----- From: Christian Huitema via Datatracker [mailto:noreply@ietf.org]=20 Sent: Thursday, June 25, 2020 1:01 AM To: secdir@ietf.org Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; = i2rs@ietf.org; last-call@ietf.org Subject: Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 Reviewer: Christian Huitema Review result: Has Issues I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written with the intent of improving security = requirements and considerations in IETF drafts. Comments not addressed = in last call may be included in AD reviews during the IESG review. = Document editors and WG chairs should treat these comments just like any = other last call comments. This document describes a Yang model for representing Link Layer = topologies. Representing such topologies is obviously useful for managing network. The security section is focused on securing the usage of this = information for network management, but does not address potential = privacy issues. The security considerations explain correctly how altering the link = layer information could enable attacks against the network. The proposed = remedy is access control, implemented using either SSH or TLS. This is = fine, although the discussion of TLS authorisation is a bit short. By = default, TLS verifies the identity of the server but not that of the = client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD = require authentication based on TLS client certificates. I assume that's = the intent, but it might be useful to say so. On the other hand, the security considerations do not describe privacy = issues, and I find that problematic. The proposed information model = lists a number of sensitive data, such as for example the MAC addresses = of devices. This information can be misused. For example, applications could assess = device location fetching the MAC addresses of local gateways. Third = parties could access link local information to gather identities of = devices accessing a particular network. Such information is often = protected by privacy API in the Operating System, but accessing the Yang = module over the network might allow applications to bypass these = controls. Client authentication alone does not necessarily protect against these = privacy leaks. A classic configuration error would limit write access to = authorized users, but to allow read-only access to most users. This kind = of error would allow privacy leaks. Given the sensitive nature of MAC = addresses and other identifiers, it is useful to warn against such = errors. From nobody Thu Jun 25 06:18:13 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 339573A0997; Thu, 25 Jun 2020 06:17:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tw-ni7sVPPtz; Thu, 25 Jun 2020 06:17:53 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE3C83A0839; Thu, 25 Jun 2020 06:17:52 -0700 (PDT) Received: from lhreml717-chm.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 3DD2DAA6F058A746A43B; Thu, 25 Jun 2020 14:17:49 +0100 (IST) Received: from lhreml717-chm.china.huawei.com (10.201.108.68) by lhreml717-chm.china.huawei.com (10.201.108.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 25 Jun 2020 14:17:49 +0100 Received: from DGGEML403-HUB.china.huawei.com (10.3.17.33) by lhreml717-chm.china.huawei.com (10.201.108.68) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Thu, 25 Jun 2020 14:17:48 +0100 Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.107]) by DGGEML403-HUB.china.huawei.com ([fe80::74d9:c659:fbec:21fa%31]) with mapi id 14.03.0487.000; Thu, 25 Jun 2020 21:17:42 +0800 From: Qin Wu To: Christian Huitema , "secdir@ietf.org" CC: "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "i2rs@ietf.org" , "last-call@ietf.org" , "mohamed.boucadair@orange.com" , NETMOD Group Thread-Topic: Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 Thread-Index: AdZK7/ux7S4z7G2WR7mVKayBPsC8Mg== Date: Thu, 25 Jun 2020 13:17:41 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.164.123.57] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 13:17:56 -0000 SGksIENocmlzdGlhbjoNClRoYW5rcyBmb3IgdmFsdWFibGUgY29tbWVudHMsIHBsZWFzZSBzZWUg cmVwbHkgaW5saW5lLg0KLS0tLS3pgq7ku7bljp/ku7YtLS0tLQ0K5Y+R5Lu25Lq6OiBDaHJpc3Rp YW4gSHVpdGVtYSB2aWEgRGF0YXRyYWNrZXIgW21haWx0bzpub3JlcGx5QGlldGYub3JnXSANCuWP kemAgeaXtumXtDogMjAyMOW5tDbmnIgyNeaXpSAxMzowMQ0K5pS25Lu25Lq6OiBzZWNkaXJAaWV0 Zi5vcmcNCuaKhOmAgTogZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5h bGxAaWV0Zi5vcmc7IGkycnNAaWV0Zi5vcmc7IGxhc3QtY2FsbEBpZXRmLm9yZw0K5Li76aKYOiBT ZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3Jr LXRvcG9sb2d5LTEzDQoNClJldmlld2VyOiBDaHJpc3RpYW4gSHVpdGVtYQ0KUmV2aWV3IHJlc3Vs dDogSGFzIElzc3Vlcw0KDQpJIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9m IHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwg SUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UgY29tbWVu dHMgd2VyZSB3cml0dGVuIHdpdGggdGhlIGludGVudCBvZiBpbXByb3Zpbmcgc2VjdXJpdHkgcmVx dWlyZW1lbnRzIGFuZCBjb25zaWRlcmF0aW9ucyBpbiBJRVRGIGRyYWZ0cy4gIENvbW1lbnRzIG5v dCBhZGRyZXNzZWQgaW4gbGFzdCBjYWxsIG1heSBiZSBpbmNsdWRlZCBpbiBBRCByZXZpZXdzIGR1 cmluZyB0aGUgSUVTRyByZXZpZXcuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hv dWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNv bW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhIFlhbmcgbW9kZWwgZm9yIHJlcHJl c2VudGluZyBMaW5rIExheWVyIHRvcG9sb2dpZXMuDQpSZXByZXNlbnRpbmcgc3VjaCB0b3BvbG9n aWVzIGlzIG9idmlvdXNseSB1c2VmdWwgZm9yIG1hbmFnaW5nIG5ldHdvcmsuDQpUaGUgc2VjdXJp dHkgc2VjdGlvbiBpcyBmb2N1c2VkIG9uIHNlY3VyaW5nIHRoZSB1c2FnZSBvZiB0aGlzIGluZm9y bWF0aW9uIGZvciBuZXR3b3JrIG1hbmFnZW1lbnQsIGJ1dCBkb2VzIG5vdCBhZGRyZXNzIHBvdGVu dGlhbCBwcml2YWN5IGlzc3Vlcy4NCltRaW5dOiBNeSB1bmRlcnN0YW5kaW5nIHByaXZhY3kgaXNz dWUgY2FuIGJlIGFkZHJlc3NlZCBieSB1c2luZyBOQUNNLiBOQUNNIHByb3ZpZGUgY2xpZW50IGF1 dGhvcml6YXRpb24gYW5kIHJlc3RyaWN0IHBhcnRpY3VsYXIgdXNlcnMgdG8gZ2V0IGFjY2VzcyB0 byBhIHByZWNvbmZpZ3VyZWQgc3Vic2V0IG9mIGFsbA0KICAgICBhdmFpbGFibGUgTkVUQ09ORiBv ciBSRVNUQ09ORiBwcm90b2NvbCBvcGVyYXRpb25zIGFuZCBjb250ZW50Lg0KDQpUaGUgc2VjdXJp dHkgY29uc2lkZXJhdGlvbnMgZXhwbGFpbiBjb3JyZWN0bHkgaG93IGFsdGVyaW5nIHRoZSBsaW5r IGxheWVyIGluZm9ybWF0aW9uIGNvdWxkIGVuYWJsZSBhdHRhY2tzIGFnYWluc3QgdGhlIG5ldHdv cmsuIFRoZSBwcm9wb3NlZCByZW1lZHkgaXMgYWNjZXNzIGNvbnRyb2wsIGltcGxlbWVudGVkIHVz aW5nIGVpdGhlciBTU0ggb3IgVExTLiBUaGlzIGlzIGZpbmUsIGFsdGhvdWdoIHRoZSBkaXNjdXNz aW9uIG9mIFRMUyBhdXRob3Jpc2F0aW9uIGlzIGEgYml0IHNob3J0LiBCeSBkZWZhdWx0LCBUTFMg dmVyaWZpZXMgdGhlIGlkZW50aXR5IG9mIHRoZSBzZXJ2ZXIgYnV0IG5vdCB0aGF0IG9mIHRoZSBj bGllbnQuIFJGQzgwNDAgc2VjdGlvbiAyLjUgc3BlY2lmaWVzIHRoYXQgImEgUkVTVENPTkYgc2Vy dmVyIFNIT1VMRCByZXF1aXJlIGF1dGhlbnRpY2F0aW9uIGJhc2VkIG9uIFRMUyBjbGllbnQgY2Vy dGlmaWNhdGVzLiBJIGFzc3VtZSB0aGF0J3MgdGhlIGludGVudCwgYnV0IGl0IG1pZ2h0IGJlIHVz ZWZ1bCB0byBzYXkgc28uDQpbUWluXTogR29vZCBvYnNlcnZhdGlvbiBvbiBSRVNUQ09ORiAoUkZD ODA0MCksIFNpbWlsYXJseSwgTkVUQ09ORiAoUkZDNjI0MSkgc3RpcHVsYXRlcyB0aGF0ICJORVRD T05GIGNvbm5lY3Rpb25zIE1VU1QgYmUgYXV0aGVudGljYXRlZC4gIFRoZSB0cmFuc3BvcnQgcHJv dG9jb2wgaXMNCiAgIHJlc3BvbnNpYmxlIGZvciBhdXRoZW50aWNhdGlvbiBvZiB0aGUgc2VydmVy IHRvIHRoZSBjbGllbnQgYW5kIGF1dGhlbnRpY2F0aW9uIG9mIHRoZSBjbGllbnQgdG8gdGhlIHNl cnZlci4iIFRMUyBpcyBvbmUgZXhhbXBsZSBvZiBzdWNoIHRyYW5zcG9ydCBwcm90b2NvbC4gU28g aXQgaXMgdGhlIGpvYiBvZiBUcmFuc3BvcnQgcHJvdG9jb2wgdG8gcHJvdmlkZSBtdXR1YWwgYXV0 aGVudGljYXRpb24uIFBsZWFzZSByZWZlciB0byBzZWN0aW9uIDIuMiBvZiBSRkM2MjQxLiANCiAg IEkgYW0gbm90IHN1cmUgd2Ugc2hvdWxkIGVtcGhhc2l6ZSBtdXR1YWwgYXV0aGVudGljYXRpb24g dXNpbmcgdW5kZXJseWluZyB0cmFuc3BvcnQgcHJvdG9jb2wgaW4gdGhpcyBkb2N1bWVudCwgc2lu Y2UgYm90aCBSRVNUQ09ORiBhbmQgTkVUQ09ORiBoYXMgYWxyZWFkeSBjbGFyaWZpZWQgY2xpZW50 IGF1dGhlbnRpY2F0aW9uIGFuZCBzZXJ2ZXIgYXV0aGVudGljYXRpb24uDQogICBMZXQgbWUga25v dyBpZiB5b3UgdGhpbmsgSSBhbSB3cm9uZy4NCg0KT24gdGhlIG90aGVyIGhhbmQsIHRoZSBzZWN1 cml0eSBjb25zaWRlcmF0aW9ucyBkbyBub3QgZGVzY3JpYmUgcHJpdmFjeSBpc3N1ZXMsIGFuZCBJ IGZpbmQgdGhhdCBwcm9ibGVtYXRpYy4gVGhlIHByb3Bvc2VkIGluZm9ybWF0aW9uIG1vZGVsIGxp c3RzIGEgbnVtYmVyIG9mIHNlbnNpdGl2ZSBkYXRhLCBzdWNoIGFzIGZvciBleGFtcGxlIHRoZSBN QUMgYWRkcmVzc2VzIG9mIGRldmljZXMuDQpUaGlzIGluZm9ybWF0aW9uIGNhbiBiZSBtaXN1c2Vk LiBGb3IgZXhhbXBsZSwgYXBwbGljYXRpb25zIGNvdWxkIGFzc2VzcyBkZXZpY2UgbG9jYXRpb24g ZmV0Y2hpbmcgdGhlIE1BQyBhZGRyZXNzZXMgb2YgbG9jYWwgZ2F0ZXdheXMuIFRoaXJkIHBhcnRp ZXMgY291bGQgYWNjZXNzIGxpbmsgbG9jYWwgaW5mb3JtYXRpb24gdG8gZ2F0aGVyIGlkZW50aXRp ZXMgb2YgZGV2aWNlcyBhY2Nlc3NpbmcgYSBwYXJ0aWN1bGFyIG5ldHdvcmsuIFN1Y2ggaW5mb3Jt YXRpb24gaXMgb2Z0ZW4gcHJvdGVjdGVkIGJ5IHByaXZhY3kgQVBJIGluIHRoZSBPcGVyYXRpbmcg U3lzdGVtLCBidXQgYWNjZXNzaW5nIHRoZSBZYW5nIG1vZHVsZSBvdmVyIHRoZSBuZXR3b3JrIG1p Z2h0IGFsbG93IGFwcGxpY2F0aW9ucyB0byBieXBhc3MgdGhlc2UgY29udHJvbHMuDQpbUWluXTog SSB0aGluayB0aGlzIGlzIGEgdmFsaWQgcG9pbnQsIGluIG15IHRoaW5raW5nLCB3ZSBjb3VsZCBh ZGQgTUFDIGFkZHJlc3MgYXMgYW5vdGhlciBzZW5zaXRpdmUgZGF0YSBub2RlIGV4YW1wbGVzIHVu ZGVyIGwyLW5vZGUtYXR0cmlidXRlcyBhbmQgbDItdGVybWluYXRpb24tcG9pbnRzLWF0dHJpYnV0 ZXMuDQpQbGVhc2Ugbm90ZSB0aGF0IHdlIGZvbGxvdyBZQU5HIHNlY3VyaXR5IGd1aWRlbGluZSB0 ZW1wbGF0ZSBhcyBmb2xsb3dzOg0KaHR0cHM6Ly90cmFjLmlldGYub3JnL3RyYWMvb3BzL3dpa2kv eWFuZy1zZWN1cml0eS1ndWlkZWxpbmVzDQoNCg0KQ2xpZW50IGF1dGhlbnRpY2F0aW9uIGFsb25l IGRvZXMgbm90IG5lY2Vzc2FyaWx5IHByb3RlY3QgYWdhaW5zdCB0aGVzZSBwcml2YWN5IGxlYWtz LiBBIGNsYXNzaWMgY29uZmlndXJhdGlvbiBlcnJvciB3b3VsZCBsaW1pdCB3cml0ZSBhY2Nlc3Mg dG8gYXV0aG9yaXplZCB1c2VycywgYnV0IHRvIGFsbG93IHJlYWQtb25seSBhY2Nlc3MgdG8gbW9z dCB1c2Vycy4gVGhpcyBraW5kIG9mIGVycm9yIHdvdWxkIGFsbG93IHByaXZhY3kgbGVha3MuIEdp dmVuIHRoZSBzZW5zaXRpdmUgbmF0dXJlIG9mIE1BQyBhZGRyZXNzZXMgYW5kIG90aGVyIGlkZW50 aWZpZXJzLCBpdCBpcyB1c2VmdWwgdG8gd2FybiBhZ2FpbnN0IHN1Y2ggZXJyb3JzLg0KW1Fpbl06 SSBhZ3JlZSBjbGllbnQgYXV0aGVudGljYXRpb24gYWxvbmUgZG9lc24ndCBwcm90ZWN0IGFnYWlu c3QgdGhlIHByaXZhY3kgbGVhayBidXQgTkFDTSBkb2VzIHNpbmNlIGl0IHByb3ZpZGVzIGNsaWVu dCBhdXRob3JpemF0aW9uIGFuZCByZXN0cmljdCB2YXJpb3VzIGRpZmZlcmVudCB1c2UgdG8gZ2V0 IGFjY2VzcyB0byBvcGVyYXRpb24gYW5kIGNvbnRlbnRzLg0KSWYgSSBhbSB3cm9uZywgSSB3b3Vs ZCBsaWtlIHRvIHNvbGljaXQgb3BpbmlvbiBmcm9tIE5FVE1PRCBtYWlsaW5nIGxpc3QuDQoNCg0K DQo= From nobody Thu Jun 25 06:25:21 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B68EB3A09B3; Thu, 25 Jun 2020 06:25:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFYQ9sGDOVTB; Thu, 25 Jun 2020 06:25:13 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4F663A09B1; Thu, 25 Jun 2020 06:25:12 -0700 (PDT) Received: from lhreml744-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 9B088D57A5787527537E; Thu, 25 Jun 2020 14:25:10 +0100 (IST) Received: from lhreml744-chm.china.huawei.com (10.201.108.194) by lhreml744-chm.china.huawei.com (10.201.108.194) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 25 Jun 2020 14:25:10 +0100 Received: from DGGEML403-HUB.china.huawei.com (10.3.17.33) by lhreml744-chm.china.huawei.com (10.201.108.194) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Thu, 25 Jun 2020 14:25:10 +0100 Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.107]) by DGGEML403-HUB.china.huawei.com ([fe80::74d9:c659:fbec:21fa%31]) with mapi id 14.03.0487.000; Thu, 25 Jun 2020 21:25:05 +0800 From: Qin Wu To: Susan Hares , 'Christian Huitema' , "secdir@ietf.org" CC: "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "i2rs@ietf.org" , "last-call@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 Thread-Index: AdZK8zSFZwHzgS3vTuGAmW5dXOCk0w== Date: Thu, 25 Jun 2020 13:25:04 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.164.123.57] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 13:25:15 -0000 U3VlIGFuZCBDaHJpc3RpYW46DQpJIGhhdmUgcmVzcG9uZGVkIHRvIENocmlzdGlhbiBvbiBwcml2 YWN5IGlzc3VlLCBteSBwcm9wb3NhbCBpcyB0byBhZGQgTUFDIGFkZHJlc3MgYXMgYW5vdGhlciBk YXRhIG5vZGUgdnVsbmVyYWJpbGl0eSBleGFtcGxlIGluIG91ciBvcmlnaW5hbCBzZWN1cml0eSBj b25zaWRlcmF0aW9uIHNlY3Rpb24uDQpCdXQgSWYgQ2hyaXN0aWFuIG9yIHNlY3VyaXR5IGRpcmVj dG9yYXRlIGhhcyByZWNvbW1lbmRpbmcgdGV4dCwgd2UgYXV0aG9ycyBhcmUgaGFwcHkgdG8gYWNj ZXB0IGl0Lg0KDQotUWluDQotLS0tLemCruS7tuWOn+S7ti0tLS0tDQrlj5Hku7bkuro6IFN1c2Fu IEhhcmVzIFttYWlsdG86c2hhcmVzQG5kemguY29tXSANCuWPkemAgeaXtumXtDogMjAyMOW5tDbm nIgyNeaXpSAyMTowNA0K5pS25Lu25Lq6OiAnQ2hyaXN0aWFuIEh1aXRlbWEnIDxodWl0ZW1hQGh1 aXRlbWEubmV0Pjsgc2VjZGlyQGlldGYub3JnDQrmioTpgIE6IGRyYWZ0LWlldGYtaTJycy15YW5n LWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnOyBpMnJzQGlldGYub3JnOyBsYXN0LWNh bGxAaWV0Zi5vcmcNCuS4u+mimDogUkU6IFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0 LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3ktMTMNCg0KQ2hyaXN0aWFuOg0KDQpU aGFuayB5b3UgZm9yIGNhdGNoaW5nIHRoZSBwcml2YWN5IGlzc3Vlcy4gICAgICANCg0KSSd2ZSBn b3QgYSBmZXcgcXVlc3Rpb25zIHRvIGhlbHAgdGhlIGF1dGhvcnMgc2NvcGUgdGhpcyBjaGFuZ2U6 IA0KDQoxKSBTaW5jZSB0aGlzIGlzIGNvbW1vbiB0byBhbGwgTDIgVG9wb2xvZ2llcywgY2FuIHlv dSBvciB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUgcmVjb21tZW5kIHNvbWUgdGV4dCB0aGF0IG1p Z2h0IGJlIGFwcHJvcHJpYXRlPyANCiAgIElmIHlvdSBoYXZlIHJlY29tbWVuZGVkIHRleHQsIGhh cyB0aGlzIHRleHQgYmVlbiByZXZpZXdlZCBieSBPUFMtRElSIGFuZCBZYW5nIGRvY3RvcnM/IA0K DQoyKSBXaWxsIGl0IGJlIGEgcHJvYmxlbSBJZiB3ZSB3cml0ZSBwcml2YWN5IGNvbnNpZGVyYXRp b25zIG9uIElFRUUgc3BlY2lmaWNhdGlvbnM/IA0KMykgRG8gd2UgbmVlZCB0byBjb25zaWRlciB0 aGUgcmFuZ2Ugb2YgZGVwbG95bWVudHMgb2YgTDIgKGhvbWUsIGVudGVycHJpc2UsICBwdWJsaWMg UEJCIHNlcnZpY2UsIG5hdGlvbmFsIFBCQiBzZXJ2aWNlLCBEYXRhIGNlbnRlcnMpDQoNCg0KVGhh bmsgeW91LCAgU3VlIA0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBDaHJp c3RpYW4gSHVpdGVtYSB2aWEgRGF0YXRyYWNrZXIgW21haWx0bzpub3JlcGx5QGlldGYub3JnXQ0K U2VudDogVGh1cnNkYXksIEp1bmUgMjUsIDIwMjAgMTowMSBBTQ0KVG86IHNlY2RpckBpZXRmLm9y Zw0KQ2M6IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYu b3JnOyBpMnJzQGlldGYub3JnOyBsYXN0LWNhbGxAaWV0Zi5vcmcNClN1YmplY3Q6IFNlY2RpciBs YXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xv Z3ktMTMNCg0KUmV2aWV3ZXI6IENocmlzdGlhbiBIdWl0ZW1hDQpSZXZpZXcgcmVzdWx0OiBIYXMg SXNzdWVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNl Y3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRv Y3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJl IHdyaXR0ZW4gd2l0aCB0aGUgaW50ZW50IG9mIGltcHJvdmluZyBzZWN1cml0eSByZXF1aXJlbWVu dHMgYW5kIGNvbnNpZGVyYXRpb25zIGluIElFVEYgZHJhZnRzLiAgQ29tbWVudHMgbm90IGFkZHJl c3NlZCBpbiBsYXN0IGNhbGwgbWF5IGJlIGluY2x1ZGVkIGluIEFEIHJldmlld3MgZHVyaW5nIHRo ZSBJRVNHIHJldmlldy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91bGQgdHJl YXQgdGhlc2UgY29tbWVudHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMu DQoNClRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgWWFuZyBtb2RlbCBmb3IgcmVwcmVzZW50aW5n IExpbmsgTGF5ZXIgdG9wb2xvZ2llcy4NClJlcHJlc2VudGluZyBzdWNoIHRvcG9sb2dpZXMgaXMg b2J2aW91c2x5IHVzZWZ1bCBmb3IgbWFuYWdpbmcgbmV0d29yay4NClRoZSBzZWN1cml0eSBzZWN0 aW9uIGlzIGZvY3VzZWQgb24gc2VjdXJpbmcgdGhlIHVzYWdlIG9mIHRoaXMgaW5mb3JtYXRpb24g Zm9yIG5ldHdvcmsgbWFuYWdlbWVudCwgYnV0IGRvZXMgbm90IGFkZHJlc3MgcG90ZW50aWFsIHBy aXZhY3kgaXNzdWVzLg0KDQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZXhwbGFpbiBjb3Jy ZWN0bHkgaG93IGFsdGVyaW5nIHRoZSBsaW5rIGxheWVyIGluZm9ybWF0aW9uIGNvdWxkIGVuYWJs ZSBhdHRhY2tzIGFnYWluc3QgdGhlIG5ldHdvcmsuIFRoZSBwcm9wb3NlZCByZW1lZHkgaXMgYWNj ZXNzIGNvbnRyb2wsIGltcGxlbWVudGVkIHVzaW5nIGVpdGhlciBTU0ggb3IgVExTLiBUaGlzIGlz IGZpbmUsIGFsdGhvdWdoIHRoZSBkaXNjdXNzaW9uIG9mIFRMUyBhdXRob3Jpc2F0aW9uIGlzIGEg Yml0IHNob3J0LiBCeSBkZWZhdWx0LCBUTFMgdmVyaWZpZXMgdGhlIGlkZW50aXR5IG9mIHRoZSBz ZXJ2ZXIgYnV0IG5vdCB0aGF0IG9mIHRoZSBjbGllbnQuIFJGQzgwNDAgc2VjdGlvbiAyLjUgc3Bl Y2lmaWVzIHRoYXQgImEgUkVTVENPTkYgc2VydmVyIFNIT1VMRCByZXF1aXJlIGF1dGhlbnRpY2F0 aW9uIGJhc2VkIG9uIFRMUyBjbGllbnQgY2VydGlmaWNhdGVzLiBJIGFzc3VtZSB0aGF0J3MgdGhl IGludGVudCwgYnV0IGl0IG1pZ2h0IGJlIHVzZWZ1bCB0byBzYXkgc28uDQoNCk9uIHRoZSBvdGhl ciBoYW5kLCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZG8gbm90IGRlc2NyaWJlIHByaXZh Y3kgaXNzdWVzLCBhbmQgSSBmaW5kIHRoYXQgcHJvYmxlbWF0aWMuIFRoZSBwcm9wb3NlZCBpbmZv cm1hdGlvbiBtb2RlbCBsaXN0cyBhIG51bWJlciBvZiBzZW5zaXRpdmUgZGF0YSwgc3VjaCBhcyBm b3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBkZXZpY2VzLg0KVGhpcyBpbmZvcm1hdGlv biBjYW4gYmUgbWlzdXNlZC4gRm9yIGV4YW1wbGUsIGFwcGxpY2F0aW9ucyBjb3VsZCBhc3Nlc3Mg ZGV2aWNlIGxvY2F0aW9uIGZldGNoaW5nIHRoZSBNQUMgYWRkcmVzc2VzIG9mIGxvY2FsIGdhdGV3 YXlzLiBUaGlyZCBwYXJ0aWVzIGNvdWxkIGFjY2VzcyBsaW5rIGxvY2FsIGluZm9ybWF0aW9uIHRv IGdhdGhlciBpZGVudGl0aWVzIG9mIGRldmljZXMgYWNjZXNzaW5nIGEgcGFydGljdWxhciBuZXR3 b3JrLiBTdWNoIGluZm9ybWF0aW9uIGlzIG9mdGVuIHByb3RlY3RlZCBieSBwcml2YWN5IEFQSSBp biB0aGUgT3BlcmF0aW5nIFN5c3RlbSwgYnV0IGFjY2Vzc2luZyB0aGUgWWFuZyBtb2R1bGUgb3Zl ciB0aGUgbmV0d29yayBtaWdodCBhbGxvdyBhcHBsaWNhdGlvbnMgdG8gYnlwYXNzIHRoZXNlIGNv bnRyb2xzLg0KDQpDbGllbnQgYXV0aGVudGljYXRpb24gYWxvbmUgZG9lcyBub3QgbmVjZXNzYXJp bHkgcHJvdGVjdCBhZ2FpbnN0IHRoZXNlIHByaXZhY3kgbGVha3MuIEEgY2xhc3NpYyBjb25maWd1 cmF0aW9uIGVycm9yIHdvdWxkIGxpbWl0IHdyaXRlIGFjY2VzcyB0byBhdXRob3JpemVkIHVzZXJz LCBidXQgdG8gYWxsb3cgcmVhZC1vbmx5IGFjY2VzcyB0byBtb3N0IHVzZXJzLiBUaGlzIGtpbmQg b2YgZXJyb3Igd291bGQgYWxsb3cgcHJpdmFjeSBsZWFrcy4gR2l2ZW4gdGhlIHNlbnNpdGl2ZSBu YXR1cmUgb2YgTUFDIGFkZHJlc3NlcyBhbmQgb3RoZXIgaWRlbnRpZmllcnMsIGl0IGlzIHVzZWZ1 bCB0byB3YXJuIGFnYWluc3Qgc3VjaCBlcnJvcnMuDQoNCg0KDQoNCg0K From nobody Thu Jun 25 07:00:25 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0D13A0B7B; Thu, 25 Jun 2020 07:00:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.948 X-Spam-Level: X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uuv4k7cND1ia; Thu, 25 Jun 2020 07:00:13 -0700 (PDT) Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4A323A0B74; Thu, 25 Jun 2020 07:00:12 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.170.22.63; From: "Susan Hares" To: "'Qin Wu'" , "'Christian Huitema'" , Cc: , , References: In-Reply-To: Date: Thu, 25 Jun 2020 10:00:08 -0400 Message-ID: <002a01d64af8$f07320b0$d1596210$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLWmtRw7iPyu8IsKX2i31zM5z+c8qbou2Eg Content-Language: en-us X-Antivirus: AVG (VPS 200624-2, 06/24/2020), Outbound message X-Antivirus-Status: Not-Tested X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 14:00:15 -0000 Qin and Christian:=20 Thank you for your prompt attention to the privacy issue. =20 I'm sure Christian will respond in a bit - since he might be in PDT = time-zone.=20 Once you have a solution you both like, we should validate the privacy changes to the security considerations section with = the=20 Yang-doctors, OPS-ADs, and Security-ADs. =20 Martin's watching this thread so I'm sure he'll help us out as well.=20 Sue=20 -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu Sent: Thursday, June 25, 2020 9:25 AM To: Susan Hares; 'Christian Huitema'; secdir@ietf.org Cc: i2rs@ietf.org; = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; = last-call@ietf.org Subject: Re: [i2rs] Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 Sue and Christian: I have responded to Christian on privacy issue, my proposal is to add = MAC address as another data node vulnerability example in our original = security consideration section. But If Christian or security directorate has recommending text, we = authors are happy to accept it. -Qin -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- =E5=8F=91=E4=BB=B6=E4=BA=BA: Susan Hares [mailto:shares@ndzh.com]=20 =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B46=E6=9C=8825=E6=97=A5 = 21:04 =E6=94=B6=E4=BB=B6=E4=BA=BA: 'Christian Huitema' ; = secdir@ietf.org =E6=8A=84=E9=80=81: = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; i2rs@ietf.org; = last-call@ietf.org =E4=B8=BB=E9=A2=98: RE: Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 Christian: Thank you for catching the privacy issues. =20 I've got a few questions to help the authors scope this change:=20 1) Since this is common to all L2 Topologies, can you or the security = directorate recommend some text that might be appropriate?=20 If you have recommended text, has this text been reviewed by OPS-DIR = and Yang doctors?=20 2) Will it be a problem If we write privacy considerations on IEEE = specifications?=20 3) Do we need to consider the range of deployments of L2 (home, = enterprise, public PBB service, national PBB service, Data centers) Thank you, Sue=20 -----Original Message----- From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] Sent: Thursday, June 25, 2020 1:01 AM To: secdir@ietf.org Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; = i2rs@ietf.org; last-call@ietf.org Subject: Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 Reviewer: Christian Huitema Review result: Has Issues I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written with the intent of improving security = requirements and considerations in IETF drafts. Comments not addressed = in last call may be included in AD reviews during the IESG review. = Document editors and WG chairs should treat these comments just like any = other last call comments. This document describes a Yang model for representing Link Layer = topologies. Representing such topologies is obviously useful for managing network. The security section is focused on securing the usage of this = information for network management, but does not address potential = privacy issues. The security considerations explain correctly how altering the link = layer information could enable attacks against the network. The proposed = remedy is access control, implemented using either SSH or TLS. This is = fine, although the discussion of TLS authorisation is a bit short. By = default, TLS verifies the identity of the server but not that of the = client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD = require authentication based on TLS client certificates. I assume that's = the intent, but it might be useful to say so. On the other hand, the security considerations do not describe privacy = issues, and I find that problematic. The proposed information model = lists a number of sensitive data, such as for example the MAC addresses = of devices. This information can be misused. For example, applications could assess = device location fetching the MAC addresses of local gateways. Third = parties could access link local information to gather identities of = devices accessing a particular network. Such information is often = protected by privacy API in the Operating System, but accessing the Yang = module over the network might allow applications to bypass these = controls. Client authentication alone does not necessarily protect against these = privacy leaks. A classic configuration error would limit write access to = authorized users, but to allow read-only access to most users. This kind = of error would allow privacy leaks. Given the sensitive nature of MAC = addresses and other identifiers, it is useful to warn against such = errors. _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs From nobody Thu Jun 25 21:04:49 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 871613A110A for ; Thu, 25 Jun 2020 21:04:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqc9LfLwLYwO for ; Thu, 25 Jun 2020 21:04:44 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C5B33A1106 for ; Thu, 25 Jun 2020 21:04:44 -0700 (PDT) Received: from xse70.mail2web.com ([66.113.196.70] helo=xse.mail2web.com) by mx114.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1jofbR-0017HC-Aj for i2rs@ietf.org; Fri, 26 Jun 2020 06:04:42 +0200 Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 49tNYt4z0Wz2Csd for ; Thu, 25 Jun 2020 21:04:34 -0700 (PDT) Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1jofbO-0006IO-Iw for i2rs@ietf.org; Thu, 25 Jun 2020 21:04:34 -0700 Received: (qmail 29315 invoked from network); 26 Jun 2020 04:04:32 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.153]) (envelope-sender ) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 26 Jun 2020 04:04:32 -0000 To: Susan Hares , 'Qin Wu' , secdir@ietf.org Cc: i2rs@ietf.org, draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, last-call@ietf.org References: <002a01d64af8$f07320b0$d1596210$@ndzh.com> From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: <15aa8236-ce09-d0b4-5f12-31f10b32387c@huitema.net> Date: Thu, 25 Jun 2020 21:04:32 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <002a01d64af8$f07320b0$d1596210$@ndzh.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: 66.113.196.70 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.196.70/32 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.70/32@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0f6LF1GdvkEexklpcFpSF5apSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDU1aob+exlALJps7Lzuw5NLgN zB/4Jkrw1eDLcif59fu8jKMpFnng60b5obnfgVz+U7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+60/QPNqXybIny9WGhadIo/d/hBjqsxautjlVXfyJaQKbyme9ldZJ7uNXfg/GfS8fUvP/L5 rCqHDsKZM+xa1iwJX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8Snwqla7jUnW3hy14Yji8fo+4xCnSRo4Rcu5Z37rMuDjCny5fE9ykbJ7I9co1MAEE3ruN Xsm8UJsAPvDcVSKtDCYkioPY5Qx4fJOk03R5fJtf/Dv/dkIzS7m4GUpXCY1Y3j3ilUN7TTX3qb0a 8RNcOLCOSd6whjgtKo9vvLdWvMqyXFm2EBrIrZARFugr7XDLx1AroVZb+TQLYJgqAcx9u1zs2n30 lSfuxANzRU5MAZzTOSGBRgFQq3c/LANVGGraFol5H/KY2AXNZGS5G93aGyH8MqMNONNOB63tZ91H 4Bn0Oix6pWbXRABfcPDKZLJzH8ecMJxMPnetLBJMh51NiRRoHIAjibDbwsd8mmY5aab3jt2omiK7 x42VjdzChZMe6O/DiWiiIzuXMTE3l4bIsk+O50sPpk7G/Hl2vUa2qJsqsk4i08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho= X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 04:04:47 -0000 How about adding something like this: Privacy Considerations The Yang model for layer 2 topology exposes privacy sensitive information, for example the MAC addresses of devices. Unrestricted use of such information can lead to privacy violations. For example, listing MAC addresses in a network allows monitoring of devices and their movements. Location information can be derived from MAC addresses of network devices, bypassing protection of location information by the Operating System. Deployments should mitigate this privacy concerns by limiting access to the layer 2 topology information. Access to the information should be restricted to a minimal list of authorized agents, and should require proper authentication of these agents. -- Christian Huitema On 6/25/2020 7:00 AM, Susan Hares wrote: > Qin and Christian: > > Thank you for your prompt attention to the privacy issue. > I'm sure Christian will respond in a bit - since he might be in PDT time-zone. > > Once you have a solution you both like, we should > validate the privacy changes to the security considerations section with the > Yang-doctors, OPS-ADs, and Security-ADs. > > Martin's watching this thread so I'm sure he'll help us out as well. > > Sue > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > Sent: Thursday, June 25, 2020 9:25 AM > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > Cc: i2rs@ietf.org; draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; last-call@ietf.org > Subject: Re: [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 > > Sue and Christian: > I have responded to Christian on privacy issue, my proposal is to add MAC address as another data node vulnerability example in our original security consideration section. > But If Christian or security directorate has recommending text, we authors are happy to accept it. > > -Qin > -----邮件原件----- > 发件人: Susan Hares [mailto:shares@ndzh.com] > 发送时间: 2020年6月25日 21:04 > 收件人: 'Christian Huitema' ; secdir@ietf.org > 抄送: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; i2rs@ietf.org; last-call@ietf.org > 主题: RE: Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 > > Christian: > > Thank you for catching the privacy issues. > > I've got a few questions to help the authors scope this change: > > 1) Since this is common to all L2 Topologies, can you or the security directorate recommend some text that might be appropriate? > If you have recommended text, has this text been reviewed by OPS-DIR and Yang doctors? > > 2) Will it be a problem If we write privacy considerations on IEEE specifications? > 3) Do we need to consider the range of deployments of L2 (home, enterprise, public PBB service, national PBB service, Data centers) > > > Thank you, Sue > > > -----Original Message----- > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > Sent: Thursday, June 25, 2020 1:01 AM > To: secdir@ietf.org > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; i2rs@ietf.org; last-call@ietf.org > Subject: Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 > > Reviewer: Christian Huitema > Review result: Has Issues > > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. > > This document describes a Yang model for representing Link Layer topologies. > Representing such topologies is obviously useful for managing network. > The security section is focused on securing the usage of this information for network management, but does not address potential privacy issues. > > The security considerations explain correctly how altering the link layer information could enable attacks against the network. The proposed remedy is access control, implemented using either SSH or TLS. This is fine, although the discussion of TLS authorisation is a bit short. By default, TLS verifies the identity of the server but not that of the client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD require authentication based on TLS client certificates. I assume that's the intent, but it might be useful to say so. > > On the other hand, the security considerations do not describe privacy issues, and I find that problematic. The proposed information model lists a number of sensitive data, such as for example the MAC addresses of devices. > This information can be misused. For example, applications could assess device location fetching the MAC addresses of local gateways. Third parties could access link local information to gather identities of devices accessing a particular network. Such information is often protected by privacy API in the Operating System, but accessing the Yang module over the network might allow applications to bypass these controls. > > Client authentication alone does not necessarily protect against these privacy leaks. A classic configuration error would limit write access to authorized users, but to allow read-only access to most users. This kind of error would allow privacy leaks. Given the sensitive nature of MAC addresses and other identifiers, it is useful to warn against such errors. > > > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > From nobody Fri Jun 26 04:37:52 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7F53A125D; Fri, 26 Jun 2020 04:37:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMmrTiL0AJ8B; Fri, 26 Jun 2020 04:37:48 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B2193A1259; Fri, 26 Jun 2020 04:37:47 -0700 (PDT) Received: from lhreml715-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 22CE7952682DFE730179; Fri, 26 Jun 2020 12:37:45 +0100 (IST) Received: from lhreml715-chm.china.huawei.com (10.201.108.66) by lhreml715-chm.china.huawei.com (10.201.108.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Fri, 26 Jun 2020 12:37:44 +0100 Received: from DGGEML401-HUB.china.huawei.com (10.3.17.32) by lhreml715-chm.china.huawei.com (10.201.108.66) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Fri, 26 Jun 2020 12:37:43 +0100 Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.107]) by DGGEML401-HUB.china.huawei.com ([fe80::89ed:853e:30a9:2a79%31]) with mapi id 14.03.0487.000; Fri, 26 Jun 2020 19:37:42 +0800 From: Qin Wu To: Christian Huitema , Susan Hares , "secdir@ietf.org" CC: "i2rs@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "last-call@ietf.org" , NETMOD Group Thread-Topic: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 Thread-Index: AdZLq4eKKDexa0UyTree7juoGQUnLA== Date: Fri, 26 Jun 2020 11:37:41 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.164.123.57] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAAD7BCE5Ddggeml531mbschi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 11:37:50 -0000 --_000_B8F9A780D330094D99AF023C5877DABAAD7BCE5Ddggeml531mbschi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIENocmlzdGlhbjoNCg0KMS4gICAgICAgTkFDTSBkZWZpbmVkIGluIFJGQzgzNDEgaGFzIGFs cmVhZHkgcHJvdmlkZWQgbWVjaGFuaXNtcyB0byByZXN0cmljdCBhY2Nlc3MgdG8gc2Vuc2l0aXZl IGluZm9ybWF0aW9uIHRvIGEgbWluaW1hbCBsaXN0IG9mIGF1dGhvcml6ZWQgY2xpZW50IG9yIGFn ZW50cyBhbmQgZGVhbCB3aXRoIHByaXZhY3kgaXNzdWUgaWYgbXkgdW5kZXJzdGFuZGluZyBpcyBj b3JyZWN0Lg0KDQoyLiAgICAgICBCb3RoIE5FVENPTkYgYW5kIFJFU1RDT05GIHdpbGwgcmVseSBv biB0cmFuc3BvcnQgcHJvdG9jb2wgc3VjaCBhcyBUTFMgdG8gcHJvdmlkZSBjbGllbnQgYXV0aGVu dGljYXRpb24gYW5kIHNlcnZlciBhdXRoZW50aWNhdGlvbiwgaS5lLiwgbXV0dWFsIGF1dGhlbnRp Y2F0aW9uLg0KDQozLiAgICAgICBUaGUgWUFORyBzZWN1cml0eSBndWlkZWxpbmUgZGVmaW5lZCBp biBodHRwczovL3RyYWMuaWV0Zi5vcmcvdHJhYy9vcHMvd2lraS95YW5nLXNlY3VyaXR5LWd1aWRl bGluZXMNCg0KUHJvdmlkZSBwZXJmZWN0IGJvaWxlcnBsYXRlIHRvIGFkZHJlc3MgYm90aCBzZWN1 cml0eSBjb25zaWRlcmF0aW9uIGFuZCBwcml2YWN5IGNvbnNpZGVyYXRpb24uDQoNCk15IG9yaWdp bmFsIHByb3Bvc2FsIEEgdG8gYWRkcmVzcyB5b3VyIGNvbW1lbnRzIGlzOg0KDQpPTEQgVEVYVDoN Cg0KIg0KDQogICBUaGVyZSBhcmUgYSBudW1iZXIgb2YgZGF0YSBub2RlcyBkZWZpbmVkIGluIHRo aXMgWUFORyBtb2R1bGUgdGhhdCBhcmUNCg0KICAgd3JpdGFibGUvY3JlYXRhYmxlL2RlbGV0YWJs ZSAoaS5lLiwgY29uZmlnIHRydWUsIHdoaWNoIGlzIHRoZQ0KDQogICBkZWZhdWx0KS4gIFRoZXNl IGRhdGEgbm9kZXMgbWF5IGJlIGNvbnNpZGVyZWQgc2Vuc2l0aXZlIG9yIHZ1bG5lcmFibGUNCg0K ICAgaW4gc29tZSBuZXR3b3JrIGVudmlyb25tZW50cy4gIFdyaXRlIG9wZXJhdGlvbnMgKGUuZy4s IGVkaXQtY29uZmlnKQ0KDQogICB0byB0aGVzZSBkYXRhIG5vZGVzIHdpdGhvdXQgcHJvcGVyIHBy b3RlY3Rpb24gY2FuIGhhdmUgYSBuZWdhdGl2ZQ0KDQogICBlZmZlY3Qgb24gbmV0d29yayBvcGVy YXRpb25zLiAgVGhlc2UgYXJlIHRoZSBzdWJ0cmVlcyBhbmQgZGF0YSBub2Rlcw0KDQogICBhbmQg dGhlaXIgc2Vuc2l0aXZpdHkvdnVsbmVyYWJpbGl0eSBpbiB0aGUgaWV0Zi1uZXR3b3JrIG1vZHVs ZToNCg0KDQoNCiAgIG8gIGwyLW5ldHdvcmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50 IGNvdWxkIGF0dGVtcHQgdG8NCg0KICAgICAgc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24gb2Yg YW55IG9mIHRoZSBjb250YWluZWQgYXR0cmlidXRlcywNCg0KICAgICAgc3VjaCBhcyB0aGUgbmFt ZSBvciB0aGUgZmxhZyBkYXRhIG5vZGVzLg0KDQoNCg0KICAgbyAgbDItbm9kZS1hdHRyaWJ1dGVz OiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0byBzYWJvdGFnZQ0KDQogICAgICB0 aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRhbnQgbm9kZSBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRo ZSBuYW1lDQoNCiAgICAgIG9yIHRoZSBtYW5hZ2VtZW50LWFkZHJlc3MuDQoNCg0KDQogICBvICBs Mi1saW5rLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNh Ym90YWdlDQoNCiAgICAgIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBsaW5rIGF0dHJp YnV0ZXMsIHN1Y2ggYXMgdGhlIHJhdGUNCg0KICAgICAgb3IgdGhlIGRlbGF5IGRhdGEgbm9kZXMu DQoNCg0KDQogICBvICBsMi10ZXJtaW5hdGlvbi1wb2ludC1hdHRyaWJ1dGVzOiBBIG1hbGljaW91 cyBjbGllbnQgY291bGQgYXR0ZW1wdA0KDQogICAgICB0byBzYWJvdGFnZSB0aGUgY29uZmlndXJh dGlvbiBvZiBpbXBvcnRhbnQgdGVybWluYXRpb24gcG9pbnQNCg0KICAgICAgYXR0cmlidXRlcywg c3VjaCBhcyB0aGUgbWF4aW11bS1mcmFtZS1zaXplLg0KDQoiDQoNCk5FVyBURVhUOg0KDQoiDQoN CiAgIFRoZXJlIGFyZSBhIG51bWJlciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5H IG1vZHVsZSB0aGF0IGFyZQ0KDQogICB3cml0YWJsZS9jcmVhdGFibGUvZGVsZXRhYmxlIChpLmUu LCBjb25maWcgdHJ1ZSwgd2hpY2ggaXMgdGhlDQoNCiAgIGRlZmF1bHQpLiAgVGhlc2UgZGF0YSBu b2RlcyBtYXkgYmUgY29uc2lkZXJlZCBzZW5zaXRpdmUgb3IgdnVsbmVyYWJsZQ0KDQogICBpbiBz b21lIG5ldHdvcmsgZW52aXJvbm1lbnRzLiAgV3JpdGUgb3BlcmF0aW9ucyAoZS5nLiwgZWRpdC1j b25maWcpDQoNCiAgIHRvIHRoZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlv biBjYW4gaGF2ZSBhIG5lZ2F0aXZlDQoNCiAgIGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMu ICBUaGVzZSBhcmUgdGhlIHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVzDQoNCiAgIGFuZCB0aGVpciBz ZW5zaXRpdml0eS92dWxuZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOg0KDQoN Cg0KICAgbyAgbDItbmV0d29yay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQg YXR0ZW1wdCB0bw0KDQogICAgICBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBhbnkgb2Yg dGhlIGNvbnRhaW5lZCBhdHRyaWJ1dGVzLA0KDQogICAgICBzdWNoIGFzIHRoZSBuYW1lIG9yIHRo ZSBmbGFnIGRhdGEgbm9kZXMuDQoNCg0KDQogICBvICBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFs aWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlDQoNCiAgICAgIHRoZSBjb25m aWd1cmF0aW9uIG9mIGltcG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWUN Cg0KICAgICAgLHRoZSBtYW5hZ2VtZW50LWFkZHJlc3Mgb3IgbWFjIGFkZHJlc3Mgb2YgdGhlIGRl dmljZXMuDQoNCg0KDQogICBvICBsMi1saW5rLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVu dCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlDQoNCiAgICAgIHRoZSBjb25maWd1cmF0aW9uIG9m IGltcG9ydGFudCBsaW5rIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIHJhdGUNCg0KICAgICAgb3Ig dGhlIGRlbGF5IGRhdGEgbm9kZXMuDQoNCg0KDQogIG8gIGwyLXRlcm1pbmF0aW9uLXBvaW50LWF0 dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0DQoNCiAgICAgIHRvIHNh Ym90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCB0ZXJtaW5hdGlvbiBwb2ludA0K DQogICAgICBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBtYXhpbXVtLWZyYW1lLXNpemUsIG1hYy1h ZGRyZXNzLg0KDQoiDQoNCg0KDQpXaXRoIHlvdXIgcHJvcG9zZWQgdGV4dCwgd2UgY291bGQgaGF2 ZSB0aGUgZm9sbG93aW5nIHByb3Bvc2FsIGNoYW5nZXMgKFByb3Bvc2FsIEIpOg0KDQpPTEQgVEVY VDoNCg0KIg0KDQo2LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCg0KDQoNCiAgIFRoZSBZQU5H IG1vZHVsZSBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCBkZWZpbmVzIGEgc2NoZW1hIGZvciBk YXRhDQoNCiAgIHRoYXQgaXMgZGVzaWduZWQgdG8gYmUgYWNjZXNzZWQgdmlhIG5ldHdvcmsgbWFu YWdlbWVudCBwcm90b2NvbHMgc3VjaA0KDQogICBhcyBORVRDT05GIFtSRkM2MjQxXSBvciBSRVNU Q09ORiBbUkZDODA0MF0uICBUaGUgbG93ZXN0IE5FVENPTkYgbGF5ZXINCg0KICAgaXMgdGhlIHNl Y3VyZSB0cmFuc3BvcnQgbGF5ZXIsIGFuZCB0aGUgbWFuZGF0b3J5LXRvLWltcGxlbWVudCBzZWN1 cmUNCg0KICAgdHJhbnNwb3J0IGlzIFNlY3VyZSBTaGVsbCAoU1NIKSBbUkZDNjI0Ml0uICBUaGUg bG93ZXN0IFJFU1RDT05GIGxheWVyDQoNCiAgIGlzIEhUVFBTLCBhbmQgdGhlIG1hbmRhdG9yeS10 by1pbXBsZW1lbnQgc2VjdXJlIHRyYW5zcG9ydCBpcyBUTFMNCg0KICAgW1JGQzg0NDZdLg0KDQoN Cg0KICAgVGhlIE5ldHdvcmsgQ29uZmlndXJhdGlvbiBBY2Nlc3MgQ29udHJvbCBNb2RlbCAoTkFD TSkgW1JGQzgzNDFdDQoNCiAgIHByb3ZpZGVzIHRoZSBtZWFucyB0byByZXN0cmljdCBhY2Nlc3Mg Zm9yIHBhcnRpY3VsYXIgTkVUQ09ORiBvcg0KDQoNCg0KICAgUkVTVENPTkYgdXNlcnMgdG8gYSBw cmVjb25maWd1cmVkIHN1YnNldCBvZiBhbGwgYXZhaWxhYmxlIE5FVENPTkYgb3INCg0KICAgUkVT VENPTkYgcHJvdG9jb2wgb3BlcmF0aW9ucyBhbmQgY29udGVudC4NCg0KDQoNCiAgIEluIGdlbmVy YWwsIExheWVyIDIgbmV0d29yayB0b3BvbG9naWVzIGFyZSBzeXN0ZW0tY29udHJvbGxlZCBhbmQN Cg0KICAgcHJvdmlkZSBlcGhlbWVyYWwgdG9wb2xvZ3kgaW5mb3JtYXRpb24uICBJbiBhbiBOTURB LWNvbXBsaWVudCBzZXJ2ZXIsDQoNCiAgIHRoZXkgYXJlIG9ubHkgcGFydCBvZiA8b3BlcmF0aW9u YWw+IHdoaWNoIHByb3ZpZGVzIHJlYWQtb25seSBhY2Nlc3MNCg0KICAgdG8gY2xpZW50cywgdGhl eSBhcmUgbGVzcyB2dWxuZXJhYmxlLiAgVGhhdCBzYWlkLCB0aGUgWUFORyBtb2R1bGUNCg0KICAg ZG9lcyBpbiBwcmluY2lwbGUgYWxsb3cgaW5mb3JtYXRpb24gdG8gYmUgY29uZmlndXJhYmxlLg0K DQoNCg0KICAgVGhlIExheWVyIDIgdG9wb2xvZ3kgbW9kdWxlIGRlZmluZSBpbmZvcm1hdGlvbiB0 aGF0IGNhbiBiZQ0KDQogICBjb25maWd1cmFibGUgaW4gY2VydGFpbiBpbnN0YW5jZXMsIGZvciBl eGFtcGxlIGluIHRoZSBjYXNlIG9mIHZpcnR1YWwNCg0KICAgdG9wb2xvZ2llcyB0aGF0IGNhbiBi ZSBjcmVhdGVkIGJ5IGNsaWVudCBhcHBsaWNhdGlvbnMuICBJbiBzdWNoDQoNCiAgIGNhc2VzLCBh IG1hbGljaW91cyBjbGllbnQgY291bGQgaW50cm9kdWNlIHRvcG9sb2dpZXMgdGhhdCBhcmUNCg0K ICAgdW5kZXNpcmVkLiAgU3BlY2lmaWNhbGx5LCBhIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0 ZW1wdCB0byByZW1vdmUNCg0KICAgb3IgYWRkIGEgbm9kZSwgYSBsaW5rLCBhIHRlcm1pbmF0aW9u IHBvaW50LCBieSBjcmVhdGluZyBvciBkZWxldGluZw0KDQogICBjb3JyZXNwb25kaW5nIGVsZW1l bnRzIGluIHRoZSBub2RlLCBsaW5rLCBhbmQgdGVybWluYXRpb24gcG9pbnQNCg0KICAgbGlzdHMs IHJlc3BlY3RpdmVseS4gIEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kgdGhhdCBpcyBsZWFybmVk LCB0aGUNCg0KICAgc2VydmVyIHdpbGwgYXV0b21hdGljYWxseSBwcm9oaWJpdCBzdWNoIG1pc2Nv bmZpZ3VyYXRpb24gYXR0ZW1wdHMuDQoNCiAgIEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kgdGhh dCBpcyBjb25maWd1cmVkLCBpLmUuIHdob3NlIG9yaWdpbiBpcw0KDQogICAiaW50ZW5kZWQiLCB0 aGUgdW5kZXNpcmVkIGNvbmZpZ3VyYXRpb24gY291bGQgYmVjb21lIGVmZmVjdGl2ZSBhbmQgYmUN Cg0KICAgcmVmbGVjdGVkIGluIHRoZSBvcGVyYXRpb25hbCBzdGF0ZSBkYXRhc3RvcmUsIGxlYWRp bmcgdG8gZGlzcnVwdGlvbg0KDQogICBvZiBzZXJ2aWNlcyBwcm92aWRlZCB2aWEgdGhpcyB0b3Bv bG9neSBtaWdodCBiZSBkaXNydXB0ZWQuICBGb3IgdGhvc2UNCg0KICAgcmVhc29ucywgaXQgaXMg aW1wb3J0YW50IHRoYXQgdGhlIE5FVENPTkYgYWNjZXNzIGNvbnRyb2wgbW9kZWwgaXMNCg0KICAg dmlnb3JvdXNseSBhcHBsaWVkIHRvIHByZXZlbnQgdG9wb2xvZ3kgbWlzY29uZmlndXJhdGlvbiBi eQ0KDQogICB1bmF1dGhvcml6ZWQgY2xpZW50cy4NCg0KDQoNCiAgIFRoZXJlIGFyZSBhIG51bWJl ciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVsZSB0aGF0IGFyZQ0KDQog ICB3cml0YWJsZS9jcmVhdGFibGUvZGVsZXRhYmxlIChpLmUuLCBjb25maWcgdHJ1ZSwgd2hpY2gg aXMgdGhlDQoNCiAgIGRlZmF1bHQpLiAgVGhlc2UgZGF0YSBub2RlcyBtYXkgYmUgY29uc2lkZXJl ZCBzZW5zaXRpdmUgb3IgdnVsbmVyYWJsZQ0KDQogICBpbiBzb21lIG5ldHdvcmsgZW52aXJvbm1l bnRzLiAgV3JpdGUgb3BlcmF0aW9ucyAoZS5nLiwgZWRpdC1jb25maWcpDQoNCiAgIHRvIHRoZXNl IGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBjYW4gaGF2ZSBhIG5lZ2F0aXZl DQoNCiAgIGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuICBUaGVzZSBhcmUgdGhlIHN1YnRy ZWVzIGFuZCBkYXRhIG5vZGVzDQoNCiAgIGFuZCB0aGVpciBzZW5zaXRpdml0eS92dWxuZXJhYmls aXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOg0KDQoNCg0KICAgbyAgbDItbmV0d29yay1h dHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0bw0KDQogICAgICBz YWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBhbnkgb2YgdGhlIGNvbnRhaW5lZCBhdHRyaWJ1 dGVzLA0KDQogICAgICBzdWNoIGFzIHRoZSBuYW1lIG9yIHRoZSBmbGFnIGRhdGEgbm9kZXMuDQoN Cg0KDQogICBvICBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBh dHRlbXB0IHRvIHNhYm90YWdlDQoNCiAgICAgIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFu dCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWUNCg0KICAgICAgb3IgdGhlIG1hbmFn ZW1lbnQtYWRkcmVzcy4NCg0KDQoNCiAgIG8gIGwyLWxpbmstYXR0cmlidXRlczogQSBtYWxpY2lv dXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3Vy YXRpb24gb2YgaW1wb3J0YW50IGxpbmsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgcmF0ZQ0KDQog ICAgICBvciB0aGUgZGVsYXkgZGF0YSBub2Rlcy4NCg0KDQoNCiAgIG8gIGwyLXRlcm1pbmF0aW9u LXBvaW50LWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0DQoNCiAg ICAgIHRvIHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCB0ZXJtaW5hdGlv biBwb2ludA0KDQogICAgICBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBtYXhpbXVtLWZyYW1lLXNp emUuDQoNCiINCg0KTkVXIFRFWFQ6DQoNCiINCg0KNi4gIFNlY3VyaXR5IENvbnNpZGVyYXRpb25z DQoNCg0KDQogICBUaGUgWUFORyBtb2R1bGUgc3BlY2lmaWVkIGluIHRoaXMgZG9jdW1lbnQgZGVm aW5lcyBhIHNjaGVtYSBmb3IgZGF0YQ0KDQogICB0aGF0IGlzIGRlc2lnbmVkIHRvIGJlIGFjY2Vz c2VkIHZpYSBuZXR3b3JrIG1hbmFnZW1lbnQgcHJvdG9jb2xzIHN1Y2gNCg0KICAgYXMgTkVUQ09O RiBbUkZDNjI0MV0gb3IgUkVTVENPTkYgW1JGQzgwNDBdLiAgVGhlIGxvd2VzdCBORVRDT05GIGxh eWVyDQoNCiAgIGlzIHRoZSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyLCBhbmQgdGhlIG1hbmRhdG9y eS10by1pbXBsZW1lbnQgc2VjdXJlDQoNCiAgIHRyYW5zcG9ydCBpcyBTZWN1cmUgU2hlbGwgKFNT SCkgW1JGQzYyNDJdLiAgVGhlIGxvd2VzdCBSRVNUQ09ORiBsYXllcg0KDQogICBpcyBIVFRQUywg YW5kIHRoZSBtYW5kYXRvcnktdG8taW1wbGVtZW50IHNlY3VyZSB0cmFuc3BvcnQgaXMgVExTDQoN CiAgIFtSRkM4NDQ2XS4NCg0KDQoNCiAgIFRoZSBOZXR3b3JrIENvbmZpZ3VyYXRpb24gQWNjZXNz IENvbnRyb2wgTW9kZWwgKE5BQ00pIFtSRkM4MzQxXQ0KDQogICBwcm92aWRlcyB0aGUgbWVhbnMg dG8gcmVzdHJpY3QgYWNjZXNzIGZvciBwYXJ0aWN1bGFyIE5FVENPTkYgb3INCg0KICAgUkVTVENP TkYgdXNlcnMgdG8gYSBwcmVjb25maWd1cmVkIHN1YnNldCBvZiBhbGwgYXZhaWxhYmxlIE5FVENP TkYgb3INCg0KICAgUkVTVENPTkYgcHJvdG9jb2wgb3BlcmF0aW9ucyBhbmQgY29udGVudC4NCg0K DQoNCiAgIEluIGdlbmVyYWwsIExheWVyIDIgbmV0d29yayB0b3BvbG9naWVzIGFyZSBzeXN0ZW0t Y29udHJvbGxlZCBhbmQNCg0KICAgcHJvdmlkZSBlcGhlbWVyYWwgdG9wb2xvZ3kgaW5mb3JtYXRp b24uICBJbiBhbiBOTURBLWNvbXBsaWVudCBzZXJ2ZXIsDQoNCiAgIHRoZXkgYXJlIG9ubHkgcGFy dCBvZiA8b3BlcmF0aW9uYWw+IHdoaWNoIHByb3ZpZGVzIHJlYWQtb25seSBhY2Nlc3MNCg0KICAg dG8gY2xpZW50cywgdGhleSBhcmUgbGVzcyB2dWxuZXJhYmxlLiAgVGhhdCBzYWlkLCB0aGUgWUFO RyBtb2R1bGUNCg0KICAgZG9lcyBpbiBwcmluY2lwbGUgYWxsb3cgaW5mb3JtYXRpb24gdG8gYmUg Y29uZmlndXJhYmxlLg0KDQoNCg0KICAgVGhlIExheWVyIDIgdG9wb2xvZ3kgbW9kdWxlIGRlZmlu ZSBpbmZvcm1hdGlvbiB0aGF0IGNhbiBiZQ0KDQogICBjb25maWd1cmFibGUgaW4gY2VydGFpbiBp bnN0YW5jZXMsIGZvciBleGFtcGxlIGluIHRoZSBjYXNlIG9mIHZpcnR1YWwNCg0KICAgdG9wb2xv Z2llcyB0aGF0IGNhbiBiZSBjcmVhdGVkIGJ5IGNsaWVudCBhcHBsaWNhdGlvbnMuICBJbiBzdWNo DQoNCiAgIGNhc2VzLCBhIG1hbGljaW91cyBjbGllbnQgY291bGQgaW50cm9kdWNlIHRvcG9sb2dp ZXMgdGhhdCBhcmUNCg0KICAgdW5kZXNpcmVkLiAgU3BlY2lmaWNhbGx5LCBhIG1hbGljaW91cyBj bGllbnQgY291bGQgYXR0ZW1wdCB0byByZW1vdmUNCg0KICAgb3IgYWRkIGEgbm9kZSwgYSBsaW5r LCBhIHRlcm1pbmF0aW9uIHBvaW50LCBieSBjcmVhdGluZyBvciBkZWxldGluZw0KDQogICBjb3Jy ZXNwb25kaW5nIGVsZW1lbnRzIGluIHRoZSBub2RlLCBsaW5rLCBhbmQgdGVybWluYXRpb24gcG9p bnQNCg0KICAgbGlzdHMsIHJlc3BlY3RpdmVseS4gIEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kg dGhhdCBpcyBsZWFybmVkLCB0aGUNCg0KICAgc2VydmVyIHdpbGwgYXV0b21hdGljYWxseSBwcm9o aWJpdCBzdWNoIG1pc2NvbmZpZ3VyYXRpb24gYXR0ZW1wdHMuDQoNCiAgIEluIHRoZSBjYXNlIG9m IGEgdG9wb2xvZ3kgdGhhdCBpcyBjb25maWd1cmVkLCBpLmUuIHdob3NlIG9yaWdpbiBpcw0KDQog ICAiaW50ZW5kZWQiLCB0aGUgdW5kZXNpcmVkIGNvbmZpZ3VyYXRpb24gY291bGQgYmVjb21lIGVm ZmVjdGl2ZSBhbmQgYmUNCg0KICAgcmVmbGVjdGVkIGluIHRoZSBvcGVyYXRpb25hbCBzdGF0ZSBk YXRhc3RvcmUsIGxlYWRpbmcgdG8gZGlzcnVwdGlvbg0KDQogICBvZiBzZXJ2aWNlcyBwcm92aWRl ZCB2aWEgdGhpcyB0b3BvbG9neSBtaWdodCBiZSBkaXNydXB0ZWQuICBGb3IgdGhvc2UNCg0KICAg cmVhc29ucywgaXQgaXMgaW1wb3J0YW50IHRoYXQgdGhlIE5FVENPTkYgYWNjZXNzIGNvbnRyb2wg bW9kZWwgaXMNCg0KICAgdmlnb3JvdXNseSBhcHBsaWVkIHRvIHByZXZlbnQgdG9wb2xvZ3kgbWlz Y29uZmlndXJhdGlvbiBieQ0KDQogICB1bmF1dGhvcml6ZWQgY2xpZW50cy4NCg0KDQoNCiAgVGhl IFlBTkcgbW9kZWwgZm9yIGxheWVyIDIgdG9wb2xvZ3kgbWF5IGV4cG9zZSBzZW5zaXRpdmUgaW5m b3JtYXRpb24sDQoNCiAgZm9yIGV4YW1wbGUgdGhlIE1BQyBhZGRyZXNzZXMgb2YgZGV2aWNlcy4g VW5yZXN0cmljdGVkIHVzZSBvZiBzdWNoIGluZm9ybWF0aW9uDQoNCiAgIGNhbiBsZWFkIHRvIHBy aXZhY3kgdmlvbGF0aW9ucy4gRm9yIGV4YW1wbGUsIGxpc3RpbmcgTUFDIGFkZHJlc3NlcyBpbiBh IG5ldHdvcmsNCg0KICAgYWxsb3dzIG1vbml0b3Jpbmcgb2YgZGV2aWNlcyBhbmQgdGhlaXIgbW92 ZW1lbnRzLiBMb2NhdGlvbiBpbmZvcm1hdGlvbiBjYW4gYmUgZGVyaXZlZA0KDQogICBmcm9tIE1B QyBhZGRyZXNzZXMgb2YgbmV0d29yayBkZXZpY2VzLCBieXBhc3NpbmcgcHJvdGVjdGlvbiBvZiBs b2NhdGlvbiBpbmZvcm1hdGlvbiBieQ0KDQogICB0aGUgT3BlcmF0aW5nIFN5c3RlbS4gRGVwbG95 bWVudHMgc2hvdWxkIG1pdGlnYXRlIHRoaXMgcHJpdmFjeSBjb25jZXJucyBieSBsaW1pdGluZyBh Y2Nlc3MNCg0KICAgdG8gdGhlIGxheWVyIDIgdG9wb2xvZ3kgaW5mb3JtYXRpb24uIEFjY2VzcyB0 byB0aGUgaW5mb3JtYXRpb24gc2hvdWxkIGJlIHJlc3RyaWN0ZWQgdG8gYQ0KDQogICBtaW5pbWFs IGxpc3Qgb2YgYXV0aG9yaXplZCBjbGllbnRzLCBhbmQgc2hvdWxkIGFsc28gcmVxdWlyZSBwcm9w ZXIgYXV0aGVudGljYXRpb24gb2YgdGhlc2UgY2xpZW50cy4NCg0KDQoNCiAgIFRoZXJlIGFyZSBh IG51bWJlciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVsZSB0aGF0IGFy ZQ0KDQogICB3cml0YWJsZS9jcmVhdGFibGUvZGVsZXRhYmxlIChpLmUuLCBjb25maWcgdHJ1ZSwg d2hpY2ggaXMgdGhlDQoNCiAgIGRlZmF1bHQpLiAgVGhlc2UgZGF0YSBub2RlcyBtYXkgYmUgY29u c2lkZXJlZCBzZW5zaXRpdmUgb3IgdnVsbmVyYWJsZQ0KDQogICBpbiBzb21lIG5ldHdvcmsgZW52 aXJvbm1lbnRzLiAgV3JpdGUgb3BlcmF0aW9ucyAoZS5nLiwgZWRpdC1jb25maWcpDQoNCiAgIHRv IHRoZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBjYW4gaGF2ZSBhIG5l Z2F0aXZlDQoNCiAgIGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuICBUaGVzZSBhcmUgdGhl IHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVzDQoNCiAgIGFuZCB0aGVpciBzZW5zaXRpdml0eS92dWxu ZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOg0KDQoNCg0KICAgbyAgbDItbmV0 d29yay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0bw0KDQog ICAgICBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBhbnkgb2YgdGhlIGNvbnRhaW5lZCBh dHRyaWJ1dGVzLA0KDQogICAgICBzdWNoIGFzIHRoZSBuYW1lIG9yIHRoZSBmbGFnIGRhdGEgbm9k ZXMuDQoNCg0KDQogICBvICBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBj b3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlDQoNCiAgICAgIHRoZSBjb25maWd1cmF0aW9uIG9mIGlt cG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWUNCg0KICAgICAgLHRoZSBt YW5hZ2VtZW50LWFkZHJlc3MsIG1hYy1hZGRyZXNzIG9mIHRoZSBkZXZpY2VzLg0KDQoNCg0KICAg byAgbDItbGluay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0 byBzYWJvdGFnZQ0KDQogICAgICB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRhbnQgbGluayBh dHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlDQoNCiAgICAgIG9yIHRoZSBkZWxheSBkYXRhIG5v ZGVzLg0KDQoNCg0KICAgbyAgbDItdGVybWluYXRpb24tcG9pbnQtYXR0cmlidXRlczogQSBtYWxp Y2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQNCg0KICAgICAgdG8gc2Fib3RhZ2UgdGhlIGNvbmZp Z3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50DQoNCiAgICAgIGF0dHJpYnV0 ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUtc2l6ZSwgbWFjLWFkZHJlc3MuDQoNCiINCg0K VGhlIHF1ZXN0aW9uIGlzIGRvIHlvdSB0aGluayBwcm9wb3NhbCB3aXRoIHlhbmcgc2VjdXJpdHkg Ym9pbHRlcnBsYXRlIGhhcyBhbHJlYWR5IGFkZHJlc3NlZCB5b3VyIGNvbW1lbnRzDQoNCk9yIHlv dSB0aGluayB3ZSBzaG91bGQgZW1waGFzaXplIGhvdyBwcml2YWN5IGlzc3VlIGNhbiBiZSBhZGRy ZXNzZWQgYnkgTkFDTSBhbmQgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGlzIG5lZWRlZD8NCg0KDQoN Ci1RaW4NCg0KLS0tLS3pgq7ku7bljp/ku7YtLS0tLQ0K5Y+R5Lu25Lq6OiBDaHJpc3RpYW4gSHVp dGVtYSBbbWFpbHRvOmh1aXRlbWFAaHVpdGVtYS5uZXRdDQrlj5HpgIHml7bpl7Q6IDIwMjDlubQ2 5pyIMjbml6UgMTI6MDUNCuaUtuS7tuS6ujogU3VzYW4gSGFyZXMgPHNoYXJlc0BuZHpoLmNvbT47 IFFpbiBXdSA8YmlsbC53dUBodWF3ZWkuY29tPjsgc2VjZGlyQGlldGYub3JnDQrmioTpgIE6IGky cnNAaWV0Zi5vcmc7IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxs QGlldGYub3JnOyBsYXN0LWNhbGxAaWV0Zi5vcmcNCuS4u+mimDogUmU6IFtMYXN0LUNhbGxdIFtp MnJzXSBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1u ZXR3b3JrLXRvcG9sb2d5LTEzDQoNCg0KDQpIb3cgYWJvdXQgYWRkaW5nIHNvbWV0aGluZyBsaWtl IHRoaXM6DQoNCg0KDQpQcml2YWN5IENvbnNpZGVyYXRpb25zDQoNCg0KDQpUaGUgWWFuZyBtb2Rl bCBmb3IgbGF5ZXIgMiB0b3BvbG9neSBleHBvc2VzIHByaXZhY3kgc2Vuc2l0aXZlIGluZm9ybWF0 aW9uLCBmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBkZXZpY2VzLiBVbnJlc3RyaWN0 ZWQgdXNlIG9mIHN1Y2ggaW5mb3JtYXRpb24gY2FuIGxlYWQgdG8gcHJpdmFjeSB2aW9sYXRpb25z LiBGb3IgZXhhbXBsZSwgbGlzdGluZyBNQUMgYWRkcmVzc2VzIGluIGEgbmV0d29yayBhbGxvd3Mg bW9uaXRvcmluZyBvZiBkZXZpY2VzIGFuZCB0aGVpciBtb3ZlbWVudHMuIExvY2F0aW9uIGluZm9y bWF0aW9uIGNhbiBiZSBkZXJpdmVkIGZyb20gTUFDIGFkZHJlc3NlcyBvZiBuZXR3b3JrIGRldmlj ZXMsIGJ5cGFzc2luZyBwcm90ZWN0aW9uIG9mIGxvY2F0aW9uIGluZm9ybWF0aW9uIGJ5IHRoZSBP cGVyYXRpbmcgU3lzdGVtLg0KDQoNCg0KRGVwbG95bWVudHMgc2hvdWxkIG1pdGlnYXRlIHRoaXMg cHJpdmFjeSBjb25jZXJucyBieSBsaW1pdGluZyBhY2Nlc3MgdG8gdGhlIGxheWVyIDIgdG9wb2xv Z3kgaW5mb3JtYXRpb24uIEFjY2VzcyB0byB0aGUgaW5mb3JtYXRpb24gc2hvdWxkIGJlIHJlc3Ry aWN0ZWQgdG8gYSBtaW5pbWFsIGxpc3Qgb2YgYXV0aG9yaXplZCBhZ2VudHMsIGFuZCBzaG91bGQg cmVxdWlyZSBwcm9wZXIgYXV0aGVudGljYXRpb24gb2YgdGhlc2UgYWdlbnRzLg0KDQoNCg0KLS0g Q2hyaXN0aWFuIEh1aXRlbWENCg0KDQoNCk9uIDYvMjUvMjAyMCA3OjAwIEFNLCBTdXNhbiBIYXJl cyB3cm90ZToNCg0KPiBRaW4gYW5kIENocmlzdGlhbjoNCg0KPg0KDQo+IFRoYW5rIHlvdSBmb3Ig eW91ciBwcm9tcHQgYXR0ZW50aW9uIHRvIHRoZSBwcml2YWN5IGlzc3VlLg0KDQo+IEknbSBzdXJl IENocmlzdGlhbiB3aWxsIHJlc3BvbmQgaW4gYSBiaXQgLSBzaW5jZSBoZSBtaWdodCBiZSBpbiBQ RFQgdGltZS16b25lLg0KDQo+DQoNCj4gT25jZSB5b3UgaGF2ZSBhIHNvbHV0aW9uIHlvdSBib3Ro IGxpa2UsIHdlIHNob3VsZCB2YWxpZGF0ZSB0aGUgcHJpdmFjeQ0KDQo+IGNoYW5nZXMgdG8gdGhl IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24gd2l0aCB0aGUgWWFuZy1kb2N0b3JzLA0K DQo+IE9QUy1BRHMsIGFuZCBTZWN1cml0eS1BRHMuDQoNCj4NCg0KPiBNYXJ0aW4ncyB3YXRjaGlu ZyB0aGlzIHRocmVhZCBzbyBJJ20gc3VyZSBoZSdsbCBoZWxwIHVzIG91dCBhcyB3ZWxsLg0KDQo+ DQoNCj4gU3VlDQoNCj4NCg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KDQo+IEZyb206 IGkycnMgW21haWx0bzppMnJzLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBRaW4gV3UN Cg0KPiBTZW50OiBUaHVyc2RheSwgSnVuZSAyNSwgMjAyMCA5OjI1IEFNDQoNCj4gVG86IFN1c2Fu IEhhcmVzOyAnQ2hyaXN0aWFuIEh1aXRlbWEnOyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rp ckBpZXRmLm9yZz4NCg0KPiBDYzogaTJyc0BpZXRmLm9yZzxtYWlsdG86aTJyc0BpZXRmLm9yZz47 DQoNCj4gZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxAaWV0Zi5v cmc8bWFpbHRvOmRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGll dGYub3JnPjsNCg0KPiBsYXN0LWNhbGxAaWV0Zi5vcmc8bWFpbHRvOmxhc3QtY2FsbEBpZXRmLm9y Zz4NCg0KPiBTdWJqZWN0OiBSZTogW2kycnNdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mDQoN Cj4gZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0xMw0KDQo+DQoNCj4g U3VlIGFuZCBDaHJpc3RpYW46DQoNCj4gSSBoYXZlIHJlc3BvbmRlZCB0byBDaHJpc3RpYW4gb24g cHJpdmFjeSBpc3N1ZSwgbXkgcHJvcG9zYWwgaXMgdG8gYWRkIE1BQyBhZGRyZXNzIGFzIGFub3Ro ZXIgZGF0YSBub2RlIHZ1bG5lcmFiaWxpdHkgZXhhbXBsZSBpbiBvdXIgb3JpZ2luYWwgc2VjdXJp dHkgY29uc2lkZXJhdGlvbiBzZWN0aW9uLg0KDQo+IEJ1dCBJZiBDaHJpc3RpYW4gb3Igc2VjdXJp dHkgZGlyZWN0b3JhdGUgaGFzIHJlY29tbWVuZGluZyB0ZXh0LCB3ZSBhdXRob3JzIGFyZSBoYXBw eSB0byBhY2NlcHQgaXQuDQoNCj4NCg0KPiAtUWluDQoNCj4gLS0tLS3pgq7ku7bljp/ku7YtLS0t LQ0KDQo+IOWPkeS7tuS6ujogU3VzYW4gSGFyZXMgW21haWx0bzpzaGFyZXNAbmR6aC5jb21dDQoN Cj4g5Y+R6YCB5pe26Ze0OiAyMDIw5bm0NuaciDI15pelIDIxOjA0DQoNCj4g5pS25Lu25Lq6OiAn Q2hyaXN0aWFuIEh1aXRlbWEnIDxodWl0ZW1hQGh1aXRlbWEubmV0PG1haWx0bzpodWl0ZW1hQGh1 aXRlbWEubmV0Pj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KDQo+ IOaKhOmAgTogZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxAaWV0 Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxs QGlldGYub3JnPjsNCg0KPiBpMnJzQGlldGYub3JnPG1haWx0bzppMnJzQGlldGYub3JnPjsgbGFz dC1jYWxsQGlldGYub3JnPG1haWx0bzpsYXN0LWNhbGxAaWV0Zi5vcmc+DQoNCj4g5Li76aKYOiBS RTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YNCg0KPiBkcmFmdC1pZXRmLWkycnMteWFuZy1s Mi1uZXR3b3JrLXRvcG9sb2d5LTEzDQoNCj4NCg0KPiBDaHJpc3RpYW46DQoNCj4NCg0KPiBUaGFu ayB5b3UgZm9yIGNhdGNoaW5nIHRoZSBwcml2YWN5IGlzc3Vlcy4NCg0KPg0KDQo+IEkndmUgZ290 IGEgZmV3IHF1ZXN0aW9ucyB0byBoZWxwIHRoZSBhdXRob3JzIHNjb3BlIHRoaXMgY2hhbmdlOg0K DQo+DQoNCj4gMSkgU2luY2UgdGhpcyBpcyBjb21tb24gdG8gYWxsIEwyIFRvcG9sb2dpZXMsIGNh biB5b3Ugb3IgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlIHJlY29tbWVuZCBzb21lIHRleHQgdGhh dCBtaWdodCBiZSBhcHByb3ByaWF0ZT8NCg0KPiAgICBJZiB5b3UgaGF2ZSByZWNvbW1lbmRlZCB0 ZXh0LCBoYXMgdGhpcyB0ZXh0IGJlZW4gcmV2aWV3ZWQgYnkgT1BTLURJUiBhbmQgWWFuZyBkb2N0 b3JzPw0KDQo+DQoNCj4gMikgV2lsbCBpdCBiZSBhIHByb2JsZW0gSWYgd2Ugd3JpdGUgcHJpdmFj eSBjb25zaWRlcmF0aW9ucyBvbiBJRUVFIHNwZWNpZmljYXRpb25zPw0KDQo+IDMpIERvIHdlIG5l ZWQgdG8gY29uc2lkZXIgdGhlIHJhbmdlIG9mIGRlcGxveW1lbnRzIG9mIEwyIChob21lLA0KDQo+ IGVudGVycHJpc2UsICBwdWJsaWMgUEJCIHNlcnZpY2UsIG5hdGlvbmFsIFBCQiBzZXJ2aWNlLCBE YXRhIGNlbnRlcnMpDQoNCj4NCg0KPg0KDQo+IFRoYW5rIHlvdSwgIFN1ZQ0KDQo+DQoNCj4NCg0K PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KDQo+IEZyb206IENocmlzdGlhbiBIdWl0ZW1h IHZpYSBEYXRhdHJhY2tlciBbbWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmddDQoNCj4gU2VudDogVGh1 cnNkYXksIEp1bmUgMjUsIDIwMjAgMTowMSBBTQ0KDQo+IFRvOiBzZWNkaXJAaWV0Zi5vcmc8bWFp bHRvOnNlY2RpckBpZXRmLm9yZz4NCg0KPiBDYzogZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0 d29yay10b3BvbG9neS5hbGxAaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtaTJycy15YW5nLWwy LW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnPjsNCg0KPiBpMnJzQGlldGYub3JnPG1haWx0 bzppMnJzQGlldGYub3JnPjsgbGFzdC1jYWxsQGlldGYub3JnPG1haWx0bzpsYXN0LWNhbGxAaWV0 Zi5vcmc+DQoNCj4gU3ViamVjdDogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YNCg0KPiBkcmFm dC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LTEzDQoNCj4NCg0KPiBSZXZpZXdl cjogQ2hyaXN0aWFuIEh1aXRlbWENCg0KPiBSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzDQoNCj4N Cg0KPiBJIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0 eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVu dHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UgY29tbWVudHMgd2VyZSB3cml0 dGVuIHdpdGggdGhlIGludGVudCBvZiBpbXByb3Zpbmcgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFu ZCBjb25zaWRlcmF0aW9ucyBpbiBJRVRGIGRyYWZ0cy4gIENvbW1lbnRzIG5vdCBhZGRyZXNzZWQg aW4gbGFzdCBjYWxsIG1heSBiZSBpbmNsdWRlZCBpbiBBRCByZXZpZXdzIGR1cmluZyB0aGUgSUVT RyByZXZpZXcuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRo ZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQo+ DQoNCj4gVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgYSBZYW5nIG1vZGVsIGZvciByZXByZXNlbnRp bmcgTGluayBMYXllciB0b3BvbG9naWVzLg0KDQo+IFJlcHJlc2VudGluZyBzdWNoIHRvcG9sb2dp ZXMgaXMgb2J2aW91c2x5IHVzZWZ1bCBmb3IgbWFuYWdpbmcgbmV0d29yay4NCg0KPiBUaGUgc2Vj dXJpdHkgc2VjdGlvbiBpcyBmb2N1c2VkIG9uIHNlY3VyaW5nIHRoZSB1c2FnZSBvZiB0aGlzIGlu Zm9ybWF0aW9uIGZvciBuZXR3b3JrIG1hbmFnZW1lbnQsIGJ1dCBkb2VzIG5vdCBhZGRyZXNzIHBv dGVudGlhbCBwcml2YWN5IGlzc3Vlcy4NCg0KPg0KDQo+IFRoZSBzZWN1cml0eSBjb25zaWRlcmF0 aW9ucyBleHBsYWluIGNvcnJlY3RseSBob3cgYWx0ZXJpbmcgdGhlIGxpbmsgbGF5ZXIgaW5mb3Jt YXRpb24gY291bGQgZW5hYmxlIGF0dGFja3MgYWdhaW5zdCB0aGUgbmV0d29yay4gVGhlIHByb3Bv c2VkIHJlbWVkeSBpcyBhY2Nlc3MgY29udHJvbCwgaW1wbGVtZW50ZWQgdXNpbmcgZWl0aGVyIFNT SCBvciBUTFMuIFRoaXMgaXMgZmluZSwgYWx0aG91Z2ggdGhlIGRpc2N1c3Npb24gb2YgVExTIGF1 dGhvcmlzYXRpb24gaXMgYSBiaXQgc2hvcnQuIEJ5IGRlZmF1bHQsIFRMUyB2ZXJpZmllcyB0aGUg aWRlbnRpdHkgb2YgdGhlIHNlcnZlciBidXQgbm90IHRoYXQgb2YgdGhlIGNsaWVudC4gUkZDODA0 MCBzZWN0aW9uIDIuNSBzcGVjaWZpZXMgdGhhdCAiYSBSRVNUQ09ORiBzZXJ2ZXIgU0hPVUxEIHJl cXVpcmUgYXV0aGVudGljYXRpb24gYmFzZWQgb24gVExTIGNsaWVudCBjZXJ0aWZpY2F0ZXMuIEkg YXNzdW1lIHRoYXQncyB0aGUgaW50ZW50LCBidXQgaXQgbWlnaHQgYmUgdXNlZnVsIHRvIHNheSBz by4NCg0KPg0KDQo+IE9uIHRoZSBvdGhlciBoYW5kLCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlv bnMgZG8gbm90IGRlc2NyaWJlIHByaXZhY3kgaXNzdWVzLCBhbmQgSSBmaW5kIHRoYXQgcHJvYmxl bWF0aWMuIFRoZSBwcm9wb3NlZCBpbmZvcm1hdGlvbiBtb2RlbCBsaXN0cyBhIG51bWJlciBvZiBz ZW5zaXRpdmUgZGF0YSwgc3VjaCBhcyBmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBk ZXZpY2VzLg0KDQo+IFRoaXMgaW5mb3JtYXRpb24gY2FuIGJlIG1pc3VzZWQuIEZvciBleGFtcGxl LCBhcHBsaWNhdGlvbnMgY291bGQgYXNzZXNzIGRldmljZSBsb2NhdGlvbiBmZXRjaGluZyB0aGUg TUFDIGFkZHJlc3NlcyBvZiBsb2NhbCBnYXRld2F5cy4gVGhpcmQgcGFydGllcyBjb3VsZCBhY2Nl c3MgbGluayBsb2NhbCBpbmZvcm1hdGlvbiB0byBnYXRoZXIgaWRlbnRpdGllcyBvZiBkZXZpY2Vz IGFjY2Vzc2luZyBhIHBhcnRpY3VsYXIgbmV0d29yay4gU3VjaCBpbmZvcm1hdGlvbiBpcyBvZnRl biBwcm90ZWN0ZWQgYnkgcHJpdmFjeSBBUEkgaW4gdGhlIE9wZXJhdGluZyBTeXN0ZW0sIGJ1dCBh Y2Nlc3NpbmcgdGhlIFlhbmcgbW9kdWxlIG92ZXIgdGhlIG5ldHdvcmsgbWlnaHQgYWxsb3cgYXBw bGljYXRpb25zIHRvIGJ5cGFzcyB0aGVzZSBjb250cm9scy4NCg0KPg0KDQo+IENsaWVudCBhdXRo ZW50aWNhdGlvbiBhbG9uZSBkb2VzIG5vdCBuZWNlc3NhcmlseSBwcm90ZWN0IGFnYWluc3QgdGhl c2UgcHJpdmFjeSBsZWFrcy4gQSBjbGFzc2ljIGNvbmZpZ3VyYXRpb24gZXJyb3Igd291bGQgbGlt aXQgd3JpdGUgYWNjZXNzIHRvIGF1dGhvcml6ZWQgdXNlcnMsIGJ1dCB0byBhbGxvdyByZWFkLW9u bHkgYWNjZXNzIHRvIG1vc3QgdXNlcnMuIFRoaXMga2luZCBvZiBlcnJvciB3b3VsZCBhbGxvdyBw cml2YWN5IGxlYWtzLiBHaXZlbiB0aGUgc2Vuc2l0aXZlIG5hdHVyZSBvZiBNQUMgYWRkcmVzc2Vz IGFuZCBvdGhlciBpZGVudGlmaWVycywgaXQgaXMgdXNlZnVsIHRvIHdhcm4gYWdhaW5zdCBzdWNo IGVycm9ycy4NCg0KPg0KDQo+DQoNCj4NCg0KPg0KDQo+DQoNCj4gX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCg0KPiBpMnJzIG1haWxpbmcgbGlzdA0KDQo+ IGkycnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+DQoNCj4gaHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pMnJzDQoNCj4NCg== --_000_B8F9A780D330094D99AF023C5877DABAAD7BCE5Ddggeml531mbschi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCgl0ZXh0LWFsaWduOmp1c3RpZnk7DQoJdGV4dC1qdXN0 aWZ5OmludGVyLWlkZW9ncmFwaDsNCglmb250LXNpemU6MTAuNXB0Ow0KCWZvbnQtZmFtaWx5OiJD YWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0 eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGlu ZTt9DQpwLk1zb1BsYWluVGV4dCwgbGkuTXNvUGxhaW5UZXh0LCBkaXYuTXNvUGxhaW5UZXh0DQoJ e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoi57qv5paH5pysIENoYXIi Ow0KCW1hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC41 cHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5DaGFyDQoJe21z by1zdHlsZS1uYW1lOiLnuq/mlofmnKwgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K CW1zby1zdHlsZS1saW5rOue6r+aWh+acrDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQovKiBQYWdlIERlZmluaXRpb25zICov DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcy LjBwdCA5MC4wcHQgNzIuMHB0IDkwLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29y ZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0 LWlkOjkzMzUwOTg4NzsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0 ZS1pZHM6LTEyMDI4MzExNTYgMTU2MDMwMjAxNiA2NzY5ODcxMyA2NzY5ODcxNSA2NzY5ODcwMyA2 NzY5ODcxMyA2NzY5ODcxNSA2NzY5ODcwMyA2NzY5ODcxMyA2NzY5ODcxNTt9DQpAbGlzdCBsMDps ZXZlbDENCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjE4LjBwdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30N CkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsN Cgltc28tbGV2ZWwtdGV4dDoiJTJcKSI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjQyLjBwdDsNCgl0ZXh0 LWluZGVudDotMjEuMHB0O30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCW1hcmdpbi1sZWZ0OjYzLjBwdDsNCgl0ZXh0LWluZGVu dDotMjEuMHB0O30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6ODQuMHB0Ow0K CXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10ZXh0OiIlNVwpIjsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFy Z2luLWxlZnQ6MTA1LjBwdDsNCgl0ZXh0LWluZGVudDotMjEuMHB0O30NCkBsaXN0IGwwOmxldmVs Ng0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFi LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCW1hcmdpbi1s ZWZ0OjEyNi4wcHQ7DQoJdGV4dC1pbmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7 bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCW1hcmdpbi1sZWZ0OjE0Ny4wcHQ7DQoJdGV4dC1pbmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBs MDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxl dmVsLXRleHQ6IiU4XCkiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDoxNjguMHB0Ow0KCXRleHQtaW5kZW50 Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJv bWFuLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246cmlnaHQ7DQoJbWFyZ2luLWxlZnQ6MTg5LjBwdDsNCgl0ZXh0LWluZGVudDotMjEu MHB0O30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNtO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGNt O30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRz IHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtp ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1h cCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRp Zl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpILUNOIiBsaW5rPSIjMDU2M0MxIiB2bGluaz0i Izk1NEY3MiIgc3R5bGU9InRleHQtanVzdGlmeS10cmltOnB1bmN0dWF0aW9uIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+SGksIENocmlzdGlhbjo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7 bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gbGFu Zz0iRU4tVVMiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPjEuPHNwYW4gc3R5bGU9ImZv bnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBs YW5nPSJFTi1VUyI+TkFDTSBkZWZpbmVkIGluIFJGQzgzNDEgaGFzIGFscmVhZHkgcHJvdmlkZWQg bWVjaGFuaXNtcyB0byByZXN0cmljdCBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGluZm9ybWF0aW9uIHRv IGEgbWluaW1hbCBsaXN0IG9mIGF1dGhvcml6ZWQgY2xpZW50IG9yIGFnZW50cyBhbmQgZGVhbCB3 aXRoIHByaXZhY3kgaXNzdWUgaWYgbXkgdW5kZXJzdGFuZGluZyBpcyBjb3JyZWN0LjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVm dDoxOC4wcHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8 IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBsYW5nPSJFTi1VUyI+PHNwYW4gc3R5bGU9Im1zby1s aXN0Oklnbm9yZSI+Mi48c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9t YW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwv c3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGxhbmc9IkVOLVVTIj5Cb3RoIE5FVENPTkYgYW5k IFJFU1RDT05GIHdpbGwgcmVseSBvbiB0cmFuc3BvcnQgcHJvdG9jb2wgc3VjaCBhcyBUTFMgdG8g cHJvdmlkZSBjbGllbnQgYXV0aGVudGljYXRpb24gYW5kIHNlcnZlciBhdXRoZW50aWNhdGlvbiwg aS5lLiwgbXV0dWFsIGF1dGhlbnRpY2F0aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDoxOC4wcHQ7dGV4dC1pbmRlbnQ6 LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48 c3BhbiBsYW5nPSJFTi1VUyI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+My48c3BhbiBz dHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZd PjxzcGFuIGxhbmc9IkVOLVVTIj5UaGUgWUFORyBzZWN1cml0eSBndWlkZWxpbmUgZGVmaW5lZCBp biBodHRwczovL3RyYWMuaWV0Zi5vcmcvdHJhYy9vcHMvd2lraS95YW5nLXNlY3VyaXR5LWd1aWRl bGluZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHls ZT0idGV4dC1pbmRlbnQ6MjEuMHB0Ij48c3BhbiBsYW5nPSJFTi1VUyI+UHJvdmlkZSBwZXJmZWN0 IGJvaWxlcnBsYXRlIHRvIGFkZHJlc3MgYm90aCBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGFuZCBw cml2YWN5IGNvbnNpZGVyYXRpb24uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPk15IG9yaWdpbmFsIHByb3Bvc2FsIEEgdG8g YWRkcmVzcyB5b3VyIGNvbW1lbnRzIGlzOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5PTEQgVEVYVDo8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+JnF1 b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGVyZSBhcmUgYSBudW1iZXIgb2YgZGF0YSBub2Rl cyBkZWZpbmVkIGluIHRoaXMgWUFORyBtb2R1bGUgdGhhdCBhcmU8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGlj aCBpcyB0aGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGRlZmF1bHQpLiZuYnNwOyBUaGVzZSBkYXRh IG5vZGVzIG1heSBiZSBjb25zaWRlcmVkIHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyBpbiBzb21lIG5ldHdvcmsgZW52aXJvbm1lbnRzLiZuYnNwOyBXcml0ZSBv cGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZyk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRvIHRo ZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBjYW4gaGF2ZSBhIG5lZ2F0 aXZlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBlZmZlY3Qgb24gbmV0d29yayBvcGVyYXRpb25zLiZu YnNwOyBUaGVzZSBhcmUgdGhlIHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVzPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyBhbmQgdGhlaXIgc2Vuc2l0aXZpdHkvdnVsbmVyYWJpbGl0eSBpbiB0aGUgaWV0Zi1u ZXR3b3JrIG1vZHVsZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5i c3A7IGwyLW5ldHdvcmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVt cHQgdG88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNhYm90YWdlIHRo ZSBjb25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0dHJpYnV0ZXMsPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBzdWNoIGFzIHRoZSBuYW1lIG9yIHRo ZSBmbGFnIGRhdGEgbm9kZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg byZuYnNwOyBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRl bXB0IHRvIHNhYm90YWdlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0 aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRhbnQgbm9kZSBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRo ZSBuYW1lPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgbWFu YWdlbWVudC1hZGRyZXNzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8m bmJzcDsgbDItbGluay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1w dCB0byBzYWJvdGFnZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdGhl IGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IGxpbmsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUg cmF0ZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgb3IgdGhlIGRlbGF5 IGRhdGEgbm9kZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNw OyBsMi10ZXJtaW5hdGlvbi1wb2ludC1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291 bGQgYXR0ZW1wdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdG8gc2Fi b3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBhdHRyaWJ1dGVzLCBzdWNoIGFz IHRoZSBtYXhpbXVtLWZyYW1lLXNpemUuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZxdW90OzxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5ORVcgVEVY VDo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+JnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGVyZSBhcmUgYSBudW1i ZXIgb2YgZGF0YSBub2RlcyBkZWZpbmVkIGluIHRoaXMgWUFORyBtb2R1bGUgdGhhdCBhcmU8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7Jm5ic3A7IHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNv bmZpZyB0cnVlLCB3aGljaCBpcyB0aGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGRlZmF1bHQpLiZu YnNwOyBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBjb25zaWRlcmVkIHNlbnNpdGl2ZSBvciB2dWxu ZXJhYmxlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBpbiBzb21lIG5ldHdvcmsgZW52aXJvbm1lbnRz LiZuYnNwOyBXcml0ZSBvcGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZyk8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IHRvIHRoZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBj YW4gaGF2ZSBhIG5lZ2F0aXZlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBlZmZlY3Qgb24gbmV0d29y ayBvcGVyYXRpb25zLiZuYnNwOyBUaGVzZSBhcmUgdGhlIHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVz PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBhbmQgdGhlaXIgc2Vuc2l0aXZpdHkvdnVsbmVyYWJpbGl0 eSBpbiB0aGUgaWV0Zi1uZXR3b3JrIG1vZHVsZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyBvJm5ic3A7IGwyLW5ldHdvcmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xp ZW50IGNvdWxkIGF0dGVtcHQgdG88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0 dHJpYnV0ZXMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBzdWNoIGFz IHRoZSBuYW1lIG9yIHRoZSBmbGFnIGRhdGEgbm9kZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNs aWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRhbnQgbm9kZSBhdHRyaWJ1 dGVzLCBzdWNoIGFzIHRoZSBuYW1lPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyAsdGhlIG1hbmFnZW1lbnQtYWRkcmVzcyA8Yj5vciBtYWMgYWRkcmVzcyBvZiB0aGUgZGV2 aWNlczwvYj4uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBs Mi1saW5rLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNh Ym90YWdlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmln dXJhdGlvbiBvZiBpbXBvcnRhbnQgbGluayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgZGVsYXkgZGF0YSBu b2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwO28mbmJzcDsgbDItdGVy bWluYXRpb24tcG9pbnQtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVt cHQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHRvIHNhYm90YWdlIHRo ZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCB0ZXJtaW5hdGlvbiBwb2ludDxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgbWF4 aW11bS1mcmFtZS1zaXplLA0KPGI+bWFjLWFkZHJlc3M8L2I+LjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mcXVvdDs8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPldpdGggeW91ciBwcm9wb3NlZCB0ZXh0LCB3ZSBjb3VsZCBo YXZlIHRoZSBmb2xsb3dpbmcgcHJvcG9zYWwgY2hhbmdlcyAoUHJvcG9zYWwgQik6PG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi Pk9MRCBURVhUOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mcXVvdDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Ni4mbmJzcDsgU2VjdXJpdHkgQ29u c2lkZXJhdGlvbnM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGUgWUFO RyBtb2R1bGUgc3BlY2lmaWVkIGluIHRoaXMgZG9jdW1lbnQgZGVmaW5lcyBhIHNjaGVtYSBmb3Ig ZGF0YTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdGhhdCBpcyBkZXNpZ25lZCB0byBiZSBhY2Nlc3Nl ZCB2aWEgbmV0d29yayBtYW5hZ2VtZW50IHByb3RvY29scyBzdWNoPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBhcyBORVRDT05GIFtSRkM2MjQxXSBvciBSRVNUQ09ORiBbUkZDODA0MF0uJm5ic3A7IFRo ZSBsb3dlc3QgTkVUQ09ORiBsYXllcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgaXMgdGhlIHNlY3Vy ZSB0cmFuc3BvcnQgbGF5ZXIsIGFuZCB0aGUgbWFuZGF0b3J5LXRvLWltcGxlbWVudCBzZWN1cmU8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRyYW5zcG9ydCBpcyBTZWN1cmUgU2hlbGwgKFNTSCkgW1JG QzYyNDJdLiZuYnNwOyBUaGUgbG93ZXN0IFJFU1RDT05GIGxheWVyPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBpcyBIVFRQUywgYW5kIHRoZSBtYW5kYXRvcnktdG8taW1wbGVtZW50IHNlY3VyZSB0cmFu c3BvcnQgaXMgVExTPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBbUkZDODQ0Nl0uPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgVGhlIE5ldHdvcmsgQ29uZmlndXJhdGlvbiBBY2Nl c3MgQ29udHJvbCBNb2RlbCAoTkFDTSkgW1JGQzgzNDFdPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBw cm92aWRlcyB0aGUgbWVhbnMgdG8gcmVzdHJpY3QgYWNjZXNzIGZvciBwYXJ0aWN1bGFyIE5FVENP TkYgb3I8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBSRVNUQ09ORiB1c2Vy cyB0byBhIHByZWNvbmZpZ3VyZWQgc3Vic2V0IG9mIGFsbCBhdmFpbGFibGUgTkVUQ09ORiBvcjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsmbmJzcDsgUkVTVENPTkYgcHJvdG9jb2wgb3BlcmF0aW9ucyBhbmQgY29u dGVudC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBJbiBnZW5lcmFsLCBM YXllciAyIG5ldHdvcmsgdG9wb2xvZ2llcyBhcmUgc3lzdGVtLWNvbnRyb2xsZWQgYW5kPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyBwcm92aWRlIGVwaGVtZXJhbCB0b3BvbG9neSBpbmZvcm1hdGlvbi4m bmJzcDsgSW4gYW4gTk1EQS1jb21wbGllbnQgc2VydmVyLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg dGhleSBhcmUgb25seSBwYXJ0IG9mICZsdDtvcGVyYXRpb25hbCZndDsgd2hpY2ggcHJvdmlkZXMg cmVhZC1vbmx5IGFjY2VzczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdG8gY2xpZW50cywgdGhleSBh cmUgbGVzcyB2dWxuZXJhYmxlLiZuYnNwOyBUaGF0IHNhaWQsIHRoZSBZQU5HIG1vZHVsZTxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDsgZG9lcyBpbiBwcmluY2lwbGUgYWxsb3cgaW5mb3JtYXRpb24gdG8g YmUgY29uZmlndXJhYmxlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFRo ZSBMYXllciAyIHRvcG9sb2d5IG1vZHVsZSBkZWZpbmUgaW5mb3JtYXRpb24gdGhhdCBjYW4gYmU8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3VyYWJsZSBpbiBjZXJ0YWluIGluc3RhbmNlcywg Zm9yIGV4YW1wbGUgaW4gdGhlIGNhc2Ugb2YgdmlydHVhbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg dG9wb2xvZ2llcyB0aGF0IGNhbiBiZSBjcmVhdGVkIGJ5IGNsaWVudCBhcHBsaWNhdGlvbnMuJm5i c3A7IEluIHN1Y2g8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGNhc2VzLCBhIG1hbGljaW91cyBjbGll bnQgY291bGQgaW50cm9kdWNlIHRvcG9sb2dpZXMgdGhhdCBhcmU8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IHVuZGVzaXJlZC4mbmJzcDsgU3BlY2lmaWNhbGx5LCBhIG1hbGljaW91cyBjbGllbnQgY291 bGQgYXR0ZW1wdCB0byByZW1vdmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG9yIGFkZCBhIG5vZGUs IGEgbGluaywgYSB0ZXJtaW5hdGlvbiBwb2ludCwgYnkgY3JlYXRpbmcgb3IgZGVsZXRpbmc8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7Jm5ic3A7IGNvcnJlc3BvbmRpbmcgZWxlbWVudHMgaW4gdGhlIG5vZGUsIGxp bmssIGFuZCB0ZXJtaW5hdGlvbiBwb2ludDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbGlzdHMsIHJl c3BlY3RpdmVseS4mbmJzcDsgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGxlYXJu ZWQsIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgc2VydmVyIHdpbGwgYXV0b21hdGljYWxseSBw cm9oaWJpdCBzdWNoIG1pc2NvbmZpZ3VyYXRpb24gYXR0ZW1wdHMuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBJbiB0aGUgY2FzZSBvZiBhIHRvcG9sb2d5IHRoYXQgaXMgY29uZmlndXJlZCwgaS5lLiB3 aG9zZSBvcmlnaW4gaXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7ICZxdW90O2ludGVuZGVkJnF1b3Q7 LCB0aGUgdW5kZXNpcmVkIGNvbmZpZ3VyYXRpb24gY291bGQgYmVjb21lIGVmZmVjdGl2ZSBhbmQg YmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHJlZmxlY3RlZCBpbiB0aGUgb3BlcmF0aW9uYWwgc3Rh dGUgZGF0YXN0b3JlLCBsZWFkaW5nIHRvIGRpc3J1cHRpb248bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 IG9mIHNlcnZpY2VzIHByb3ZpZGVkIHZpYSB0aGlzIHRvcG9sb2d5IG1pZ2h0IGJlIGRpc3J1cHRl ZC4mbmJzcDsgRm9yIHRob3NlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyByZWFzb25zLCBpdCBpcyBp bXBvcnRhbnQgdGhhdCB0aGUgTkVUQ09ORiBhY2Nlc3MgY29udHJvbCBtb2RlbCBpczxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsgdmlnb3JvdXNseSBhcHBsaWVkIHRvIHByZXZlbnQgdG9wb2xvZ3kgbWlz Y29uZmlndXJhdGlvbiBieTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdW5hdXRob3JpemVkIGNsaWVu dHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgVGhlcmUgYXJlIGEgbnVt YmVyIG9mIGRhdGEgbm9kZXMgZGVmaW5lZCBpbiB0aGlzIFlBTkcgbW9kdWxlIHRoYXQgYXJlPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOyZuYnNwOyB3cml0YWJsZS9jcmVhdGFibGUvZGVsZXRhYmxlIChpLmUuLCBj b25maWcgdHJ1ZSwgd2hpY2ggaXMgdGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBkZWZhdWx0KS4m bmJzcDsgVGhlc2UgZGF0YSBub2RlcyBtYXkgYmUgY29uc2lkZXJlZCBzZW5zaXRpdmUgb3IgdnVs bmVyYWJsZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgaW4gc29tZSBuZXR3b3JrIGVudmlyb25tZW50 cy4mbmJzcDsgV3JpdGUgb3BlcmF0aW9ucyAoZS5nLiwgZWRpdC1jb25maWcpPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyB0byB0aGVzZSBkYXRhIG5vZGVzIHdpdGhvdXQgcHJvcGVyIHByb3RlY3Rpb24g Y2FuIGhhdmUgYSBuZWdhdGl2ZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgZWZmZWN0IG9uIG5ldHdv cmsgb3BlcmF0aW9ucy4mbmJzcDsgVGhlc2UgYXJlIHRoZSBzdWJ0cmVlcyBhbmQgZGF0YSBub2Rl czxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgYW5kIHRoZWlyIHNlbnNpdGl2aXR5L3Z1bG5lcmFiaWxp dHkgaW4gdGhlIGlldGYtbmV0d29yayBtb2R1bGU6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1uZXR3b3JrLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNs aWVudCBjb3VsZCBhdHRlbXB0IHRvPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBhbnkgb2YgdGhlIGNvbnRhaW5lZCBh dHRyaWJ1dGVzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7c3VjaCBh cyB0aGUgbmFtZSBvciB0aGUgZmxhZyBkYXRhIG5vZGVzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7Jm5ic3A7IG8mbmJzcDsgbDItbm9kZS1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBj bGllbnQgY291bGQgYXR0ZW1wdCB0byBzYWJvdGFnZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IG5vZGUgYXR0cmli dXRlcywgc3VjaCBhcyB0aGUgbmFtZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgb3IgdGhlIG1hbmFnZW1lbnQtYWRkcmVzcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLWxpbmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xp ZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBsaW5rIGF0dHJpYnV0 ZXMsIHN1Y2ggYXMgdGhlIHJhdGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IG9yIHRoZSBkZWxheSBkYXRhIG5vZGVzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IG8mbmJzcDsgbDItdGVybWluYXRpb24tcG9pbnQtYXR0cmlidXRlczogQSBtYWxp Y2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7IHRvIHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCB0ZXJt aW5hdGlvbiBwb2ludDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYXR0 cmlidXRlcywgc3VjaCBhcyB0aGUgbWF4aW11bS1mcmFtZS1zaXplLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mcXVvdDs8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+TkVXIFRFWFQ6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZxdW90OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj42LiZuYnNwOyBTZWN1 cml0eSBDb25zaWRlcmF0aW9uczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 IFRoZSBZQU5HIG1vZHVsZSBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCBkZWZpbmVzIGEgc2No ZW1hIGZvciBkYXRhPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0aGF0IGlzIGRlc2lnbmVkIHRvIGJl IGFjY2Vzc2VkIHZpYSBuZXR3b3JrIG1hbmFnZW1lbnQgcHJvdG9jb2xzIHN1Y2g8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IGFzIE5FVENPTkYgW1JGQzYyNDFdIG9yIFJFU1RDT05GIFtSRkM4MDQwXS4m bmJzcDsgVGhlIGxvd2VzdCBORVRDT05GIGxheWVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyAmbmJzcDtpcyB0 aGUgc2VjdXJlIHRyYW5zcG9ydCBsYXllciwgYW5kIHRoZSBtYW5kYXRvcnktdG8taW1wbGVtZW50 IHNlY3VyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdHJhbnNwb3J0IGlzIFNlY3VyZSBTaGVsbCAo U1NIKSBbUkZDNjI0Ml0uJm5ic3A7IFRoZSBsb3dlc3QgUkVTVENPTkYgbGF5ZXI8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IGlzIEhUVFBTLCBhbmQgdGhlIG1hbmRhdG9yeS10by1pbXBsZW1lbnQgc2Vj dXJlIHRyYW5zcG9ydCBpcyBUTFM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFtSRkM4NDQ2XS48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGUgTmV0d29yayBDb25maWd1cmF0 aW9uIEFjY2VzcyBDb250cm9sIE1vZGVsIChOQUNNKSBbUkZDODM0MV08bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 Jm5ic3A7IHByb3ZpZGVzIHRoZSBtZWFucyB0byByZXN0cmljdCBhY2Nlc3MgZm9yIHBhcnRpY3Vs YXIgTkVUQ09ORiBvcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgUkVTVENPTkYgdXNlcnMgdG8gYSBw cmVjb25maWd1cmVkIHN1YnNldCBvZiBhbGwgYXZhaWxhYmxlIE5FVENPTkYgb3I8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IFJFU1RDT05GIHByb3RvY29sIG9wZXJhdGlvbnMgYW5kIGNvbnRlbnQuPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgSW4gZ2VuZXJhbCwgTGF5ZXIgMiBu ZXR3b3JrIHRvcG9sb2dpZXMgYXJlIHN5c3RlbS1jb250cm9sbGVkIGFuZDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJz cDsmbmJzcDsgcHJvdmlkZSBlcGhlbWVyYWwgdG9wb2xvZ3kgaW5mb3JtYXRpb24uJm5ic3A7IElu IGFuIE5NREEtY29tcGxpZW50IHNlcnZlciw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRoZXkgYXJl IG9ubHkgcGFydCBvZiAmbHQ7b3BlcmF0aW9uYWwmZ3Q7IHdoaWNoIHByb3ZpZGVzIHJlYWQtb25s eSBhY2Nlc3M8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRvIGNsaWVudHMsIHRoZXkgYXJlIGxlc3Mg dnVsbmVyYWJsZS4mbmJzcDsgVGhhdCBzYWlkLCB0aGUgWUFORyBtb2R1bGU8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IGRvZXMgaW4gcHJpbmNpcGxlIGFsbG93IGluZm9ybWF0aW9uIHRvIGJlIGNvbmZp Z3VyYWJsZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGUgTGF5ZXIg MiB0b3BvbG9neSBtb2R1bGUgZGVmaW5lIGluZm9ybWF0aW9uIHRoYXQgY2FuIGJlPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyBjb25maWd1cmFibGUgaW4gY2VydGFpbiBpbnN0YW5jZXMsIGZvciBleGFt cGxlIGluIHRoZSBjYXNlIG9mIHZpcnR1YWw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRvcG9sb2dp ZXMgdGhhdCBjYW4gYmUgY3JlYXRlZCBieSBjbGllbnQgYXBwbGljYXRpb25zLiZuYnNwOyBJbiBz dWNoPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBjYXNlcywgYSBtYWxpY2lvdXMgY2xpZW50IGNvdWxk IGludHJvZHVjZSB0b3BvbG9naWVzIHRoYXQgYXJlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB1bmRl c2lyZWQuJm5ic3A7IFNwZWNpZmljYWxseSwgYSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVt cHQgdG8gcmVtb3ZlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvciBhZGQgYSBub2RlLCBhIGxpbmss IGEgdGVybWluYXRpb24gcG9pbnQsIGJ5IGNyZWF0aW5nIG9yIGRlbGV0aW5nPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyBjb3JyZXNwb25kaW5nIGVsZW1lbnRzIGluIHRoZSBub2RlLCBsaW5rLCBhbmQg dGVybWluYXRpb24gcG9pbnQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGxpc3RzLCByZXNwZWN0aXZl bHkuJm5ic3A7IEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kgdGhhdCBpcyBsZWFybmVkLCB0aGU8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHNlcnZlciB3aWxsIGF1dG9tYXRpY2FsbHkgcHJvaGliaXQg c3VjaCBtaXNjb25maWd1cmF0aW9uIGF0dGVtcHRzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgSW4g dGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGNvbmZpZ3VyZWQsIGkuZS4gd2hvc2Ugb3Jp Z2luIGlzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyAmcXVvdDtpbnRlbmRlZCZxdW90OywgdGhlIHVu ZGVzaXJlZCBjb25maWd1cmF0aW9uIGNvdWxkIGJlY29tZSBlZmZlY3RpdmUgYW5kIGJlPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyByZWZsZWN0ZWQgaW4gdGhlIG9wZXJhdGlvbmFsIHN0YXRlIGRhdGFz dG9yZSwgbGVhZGluZyB0byBkaXNydXB0aW9uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvZiBzZXJ2 aWNlcyBwcm92aWRlZCB2aWEgdGhpcyB0b3BvbG9neSBtaWdodCBiZSBkaXNydXB0ZWQuJm5ic3A7 IEZvciB0aG9zZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgcmVhc29ucywgaXQgaXMgaW1wb3J0YW50 IHRoYXQgdGhlIE5FVENPTkYgYWNjZXNzIGNvbnRyb2wgbW9kZWwgaXM8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 Jm5ic3A7IHZpZ29yb3VzbHkgYXBwbGllZCB0byBwcmV2ZW50IHRvcG9sb2d5IG1pc2NvbmZpZ3Vy YXRpb24gYnk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHVuYXV0aG9yaXplZCBjbGllbnRzLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7IFRoZSBZQU5HIG1vZGVsIGZvciBsYXllciAy IHRvcG9sb2d5IG1heSBleHBvc2Ugc2Vuc2l0aXZlIGluZm9ybWF0aW9uLA0KPG86cD48L286cD48 L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDtmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBkZXZpY2Vz LiBVbnJlc3RyaWN0ZWQgdXNlIG9mIHN1Y2ggaW5mb3JtYXRpb24NCjxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Y2FuIGxlYWQgdG8gcHJpdmFjeSB2aW9sYXRpb25zLiBGb3IgZXhh bXBsZSwgbGlzdGluZyBNQUMgYWRkcmVzc2VzIGluIGEgbmV0d29yaw0KPG86cD48L286cD48L3Nw YW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsmbmJzcDthbGxvd3MgbW9uaXRvcmluZyBvZiBkZXZpY2VzIGFuZCB0aGVp ciBtb3ZlbWVudHMuIExvY2F0aW9uIGluZm9ybWF0aW9uIGNhbiBiZSBkZXJpdmVkPG86cD48L286 cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsgJm5ic3A7ZnJvbSBNQUMgYWRkcmVzc2VzIG9mIG5ldHdvcmsgZGV2aWNl cywgYnlwYXNzaW5nIHByb3RlY3Rpb24gb2YgbG9jYXRpb24gaW5mb3JtYXRpb24gYnkNCjxvOnA+ PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7dGhlIE9wZXJhdGluZyBTeXN0ZW0uIERlcGxv eW1lbnRzIHNob3VsZCBtaXRpZ2F0ZSB0aGlzIHByaXZhY3kgY29uY2VybnMgYnkgbGltaXRpbmcg YWNjZXNzDQo8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwO3RvIHRoZSBsYXllciAy IHRvcG9sb2d5IGluZm9ybWF0aW9uLiBBY2Nlc3MgdG8gdGhlIGluZm9ybWF0aW9uIHNob3VsZCBi ZSByZXN0cmljdGVkIHRvIGENCjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7bWlu aW1hbCBsaXN0IG9mIGF1dGhvcml6ZWQgY2xpZW50cywgYW5kIHNob3VsZCBhbHNvIHJlcXVpcmUg cHJvcGVyIGF1dGhlbnRpY2F0aW9uIG9mIHRoZXNlIGNsaWVudHMuPG86cD48L286cD48L3NwYW4+ PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFRoZXJlIGFyZSBhIG51bWJlciBvZiBkYXRhIG5vZGVz IGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVsZSB0aGF0IGFyZTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJz cDsgd3JpdGFibGUvY3JlYXRhYmxlL2RlbGV0YWJsZSAoaS5lLiwgY29uZmlnIHRydWUsIHdoaWNo IGlzIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgZGVmYXVsdCkuJm5ic3A7IFRoZXNlIGRhdGEg bm9kZXMgbWF5IGJlIGNvbnNpZGVyZWQgc2Vuc2l0aXZlIG9yIHZ1bG5lcmFibGU8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IGluIHNvbWUgbmV0d29yayBlbnZpcm9ubWVudHMuJm5ic3A7IFdyaXRlIG9w ZXJhdGlvbnMgKGUuZy4sIGVkaXQtY29uZmlnKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdG8gdGhl c2UgZGF0YSBub2RlcyB3aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRp dmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuJm5i c3A7IFRoZXNlIGFyZSB0aGUgc3VidHJlZXMgYW5kIGRhdGEgbm9kZXM8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 Jm5ic3A7IGFuZCB0aGVpciBzZW5zaXRpdml0eS92dWxuZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5l dHdvcmsgbW9kdWxlOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8mbmJz cDsgbDItbmV0d29yay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1w dCB0bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc2Fib3RhZ2UgdGhl IGNvbmZpZ3VyYXRpb24gb2YgYW55IG9mIHRoZSBjb250YWluZWQgYXR0cmlidXRlcyw8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhl IGZsYWcgZGF0YSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBv Jm5ic3A7IGwyLW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVt cHQgdG8gc2Fib3RhZ2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHRo ZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhl IG5hbWU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICx0aGUgbWFuYWdl bWVudC1hZGRyZXNzLCA8Yj5tYWMtYWRkcmVzcyBvZiB0aGUgZGV2aWNlczwvYj4uPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1saW5rLWF0dHJpYnV0ZXM6 IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRh bnQgbGluayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgZGVsYXkgZGF0YSBub2Rlcy48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLXRlcm1pbmF0aW9uLXBvaW50LWF0 dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0byBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBv ZiBpbXBvcnRhbnQgdGVybWluYXRpb24gcG9pbnQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUtc2l6ZSwN CjxiPm1hYy1hZGRyZXNzPC9iPi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+JnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRoZSBxdWVzdGlv biBpcyBkbyB5b3UgdGhpbmsgcHJvcG9zYWwgd2l0aCB5YW5nIHNlY3VyaXR5IGJvaWx0ZXJwbGF0 ZSBoYXMgYWxyZWFkeSBhZGRyZXNzZWQgeW91ciBjb21tZW50czxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5PciB5b3UgdGhp bmsgd2Ugc2hvdWxkIGVtcGhhc2l6ZSBob3cgcHJpdmFjeSBpc3N1ZSBjYW4gYmUgYWRkcmVzc2Vk IGJ5IE5BQ00gYW5kIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBuZWVkZWQ/PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4tUWluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPi0tLS0tPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LWZhbWlseTrlrovkvZMiPumCruS7tuWOn+S7tjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+LS0t LS08YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Y+R5Lu25Lq6 PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj46IENocmlzdGlhbiBIdWl0ZW1hIFttYWlsdG86aHVp dGVtYUBodWl0ZW1hLm5ldF0NCjxicj4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 5a6L5L2TIj7lj5HpgIHml7bpl7Q8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjogMjAyMDwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L5L2TIj7lubQ8L3NwYW4+PHNwYW4gbGFuZz0i RU4tVVMiPjY8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5pyIPC9zcGFu PjxzcGFuIGxhbmc9IkVOLVVTIj4yNjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L 5L2TIj7ml6U8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPg0KIDEyOjA1PGJyPg0KPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuaUtuS7tuS6ujwvc3Bhbj48c3BhbiBsYW5n PSJFTi1VUyI+OiBTdXNhbiBIYXJlcyAmbHQ7c2hhcmVzQG5kemguY29tJmd0OzsgUWluIFd1ICZs dDtiaWxsLnd1QGh1YXdlaS5jb20mZ3Q7OyBzZWNkaXJAaWV0Zi5vcmc8YnI+DQo8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5oqE6YCBPC9zcGFuPjxzcGFuIGxhbmc9IkVO LVVTIj46IGkycnNAaWV0Zi5vcmc7IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9w b2xvZ3kuYWxsQGlldGYub3JnOyBsYXN0LWNhbGxAaWV0Zi5vcmc8YnI+DQo8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Li76aKYPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVT Ij46IFJlOiBbTGFzdC1DYWxsXSBbaTJyc10gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJh ZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0xMzwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPkhv dyBhYm91dCBhZGRpbmcgc29tZXRoaW5nIGxpa2UgdGhpczo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPlByaXZhY3kgQ29uc2lkZXJhdGlvbnM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRoZSBZ YW5nIG1vZGVsIGZvciBsYXllciAyIHRvcG9sb2d5IGV4cG9zZXMgcHJpdmFjeSBzZW5zaXRpdmUg aW5mb3JtYXRpb24sIGZvciBleGFtcGxlIHRoZSBNQUMgYWRkcmVzc2VzIG9mIGRldmljZXMuIFVu cmVzdHJpY3RlZCB1c2Ugb2Ygc3VjaCBpbmZvcm1hdGlvbiBjYW4gbGVhZCB0byBwcml2YWN5IHZp b2xhdGlvbnMuIEZvciBleGFtcGxlLCBsaXN0aW5nIE1BQyBhZGRyZXNzZXMNCiBpbiBhIG5ldHdv cmsgYWxsb3dzIG1vbml0b3Jpbmcgb2YgZGV2aWNlcyBhbmQgdGhlaXIgbW92ZW1lbnRzLiBMb2Nh dGlvbiBpbmZvcm1hdGlvbiBjYW4gYmUgZGVyaXZlZCBmcm9tIE1BQyBhZGRyZXNzZXMgb2YgbmV0 d29yayBkZXZpY2VzLCBieXBhc3NpbmcgcHJvdGVjdGlvbiBvZiBsb2NhdGlvbiBpbmZvcm1hdGlv biBieSB0aGUgT3BlcmF0aW5nIFN5c3RlbS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPkRlcGxv eW1lbnRzIHNob3VsZCBtaXRpZ2F0ZSB0aGlzIHByaXZhY3kgY29uY2VybnMgYnkgbGltaXRpbmcg YWNjZXNzIHRvIHRoZSBsYXllciAyIHRvcG9sb2d5IGluZm9ybWF0aW9uLiBBY2Nlc3MgdG8gdGhl IGluZm9ybWF0aW9uIHNob3VsZCBiZSByZXN0cmljdGVkIHRvIGEgbWluaW1hbCBsaXN0IG9mIGF1 dGhvcml6ZWQgYWdlbnRzLCBhbmQgc2hvdWxkIHJlcXVpcmUgcHJvcGVyDQogYXV0aGVudGljYXRp b24gb2YgdGhlc2UgYWdlbnRzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+LS0gQ2hyaXN0aWFu IEh1aXRlbWE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPk9uIDYvMjUvMjAyMCA3OjAwIEFNLCBT dXNhbiBIYXJlcyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBRaW4gYW5kIENocmlzdGlhbjogPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBUaGFuayB5b3UgZm9yIHlvdXIgcHJvbXB0IGF0 dGVudGlvbiB0byB0aGUgcHJpdmFjeSBpc3N1ZS4mbmJzcDsNCjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IEknbSBz dXJlIENocmlzdGlhbiB3aWxsIHJlc3BvbmQgaW4gYSBiaXQgLSBzaW5jZSBoZSBtaWdodCBiZSBp biBQRFQgdGltZS16b25lLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBPbmNl IHlvdSBoYXZlIGEgc29sdXRpb24geW91IGJvdGggbGlrZSwgd2Ugc2hvdWxkIHZhbGlkYXRlIHRo ZSBwcml2YWN5DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBjaGFuZ2VzIHRvIHRoZSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9uIHdpdGggdGhlIFlhbmctZG9jdG9ycywNCjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IE9Q Uy1BRHMsIGFuZCBTZWN1cml0eS1BRHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyBNYXJ0aW4ncyB3YXRjaGluZyB0aGlzIHRocmVhZCBzbyBJJ20gc3VyZSBoZSdsbCBoZWxwIHVz IG91dCBhcyB3ZWxsLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBTdWU8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0t PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZndDsgRnJvbTogaTJycyBbPGEgaHJlZj0ibWFpbHRvOmkycnMtYm91bmNlc0Bp ZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5v bmUiPm1haWx0bzppMnJzLWJvdW5jZXNAaWV0Zi5vcmc8L3NwYW4+PC9hPl0gT24gQmVoYWxmIE9m IFFpbiBXdTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFNlbnQ6IFRodXJzZGF5LCBKdW5lIDI1LCAyMDIwIDk6MjUg QU08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jmd0OyBUbzogU3VzYW4gSGFyZXM7ICdDaHJpc3RpYW4gSHVpdGVtYSc7DQo8 YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93 dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+c2VjZGlyQGlldGYub3JnPC9zcGFuPjwvYT48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jmd0OyBDYzogPGEgaHJlZj0ibWFpbHRvOmkycnNAaWV0Zi5vcmciPjxzcGFuIHN0eWxl PSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5pMnJzQGlldGYub3JnPC9z cGFuPjwvYT47DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyA8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1pMnJz LXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxAaWV0Zi5vcmciPg0KPHNwYW4gc3R5bGU9ImNv bG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPmRyYWZ0LWlldGYtaTJycy15YW5n LWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnPC9zcGFuPjwvYT47DQo8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OyA8YSBocmVmPSJtYWlsdG86bGFzdC1jYWxsQGlldGYub3JnIj4NCjxzcGFuIHN0eWxlPSJj b2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5sYXN0LWNhbGxAaWV0Zi5vcmc8 L3NwYW4+PC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFN1YmplY3Q6IFJlOiBbaTJyc10gU2VjZGlyIGxhc3Qg Y2FsbCByZXZpZXcgb2YNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5l dHdvcmstdG9wb2xvZ3ktMTM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFN1ZSBh bmQgQ2hyaXN0aWFuOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IEkgaGF2ZSByZXNwb25kZWQgdG8gQ2hyaXN0aWFu IG9uIHByaXZhY3kgaXNzdWUsIG15IHByb3Bvc2FsIGlzIHRvIGFkZCBNQUMgYWRkcmVzcyBhcyBh bm90aGVyIGRhdGEgbm9kZSB2dWxuZXJhYmlsaXR5IGV4YW1wbGUgaW4gb3VyIG9yaWdpbmFsIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb24gc2VjdGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBCdXQgSWYgQ2hyaXN0 aWFuIG9yIHNlY3VyaXR5IGRpcmVjdG9yYXRlIGhhcyByZWNvbW1lbmRpbmcgdGV4dCwgd2UgYXV0 aG9ycyBhcmUgaGFwcHkgdG8gYWNjZXB0IGl0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZndDsgLVFpbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IC0tLS0tPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LWZh bWlseTrlrovkvZMiPumCruS7tuWOn+S7tjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+LS0tLS08 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jmd0OyA8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Y+R 5Lu25Lq6PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj46IFN1c2FuIEhhcmVzIFs8YSBocmVmPSJt YWlsdG86c2hhcmVzQG5kemguY29tIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0 LWRlY29yYXRpb246bm9uZSI+bWFpbHRvOnNoYXJlc0BuZHpoLmNvbTwvc3Bhbj48L2E+XTxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mZ3Q7IDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L5L2TIj7lj5HpgIHm l7bpl7Q8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjogMjAyMDwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk65a6L5L2TIj7lubQ8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjY8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5pyIPC9zcGFuPjxzcGFuIGxhbmc9IkVO LVVTIj4yNTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L5L2TIj7ml6U8L3NwYW4+ PHNwYW4gbGFuZz0iRU4tVVMiPg0KIDIxOjA0PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuaUtuS7tuS6ujwvc3Bhbj48c3BhbiBsYW5nPSJFTi1V UyI+OiAnQ2hyaXN0aWFuIEh1aXRlbWEnICZsdDs8YSBocmVmPSJtYWlsdG86aHVpdGVtYUBodWl0 ZW1hLm5ldCI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5v bmUiPmh1aXRlbWFAaHVpdGVtYS5uZXQ8L3NwYW4+PC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86 c2VjZGlyQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29y YXRpb246bm9uZSI+c2VjZGlyQGlldGYub3JnPC9zcGFuPjwvYT48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyA8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5oqE6YCBPC9zcGFuPjxzcGFuIGxh bmc9IkVOLVVTIj46DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0 d29yay10b3BvbG9neS5hbGxAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0 O3RleHQtZGVjb3JhdGlvbjpub25lIj5kcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRv cG9sb2d5LmFsbEBpZXRmLm9yZzwvc3Bhbj48L2E+Ow0KPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPGEgaHJlZj0i bWFpbHRvOmkycnNAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQt ZGVjb3JhdGlvbjpub25lIj5pMnJzQGlldGYub3JnPC9zcGFuPjwvYT47DQo8YSBocmVmPSJtYWls dG86bGFzdC1jYWxsQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0 LWRlY29yYXRpb246bm9uZSI+bGFzdC1jYWxsQGlldGYub3JnPC9zcGFuPjwvYT48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OyA8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Li76aKYPC9zcGFu PjxzcGFuIGxhbmc9IkVOLVVTIj46IFJFOiBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZg0KPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZndDsgZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0xMzxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgQ2hyaXN0aWFuOjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7 PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZndDsgVGhhbmsgeW91IGZvciBjYXRjaGluZyB0aGUgcHJpdmFjeSBp c3N1ZXMuJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mZ3Q7IEkndmUgZ290IGEgZmV3IHF1ZXN0aW9ucyB0byBoZWxwIHRoZSBhdXRo b3JzIHNjb3BlIHRoaXMgY2hhbmdlOg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyAxKSBTaW5jZSB0aGlzIGlzIGNvbW1vbiB0byBhbGwgTDIgVG9wb2xvZ2llcywgY2FuIHlvdSBv ciB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUgcmVjb21tZW5kIHNvbWUgdGV4dCB0aGF0IG1pZ2h0 IGJlIGFwcHJvcHJpYXRlPw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgJm5ic3A7Jm5ic3A7Jm5ic3A7SWYgeW91 IGhhdmUgcmVjb21tZW5kZWQgdGV4dCwgaGFzIHRoaXMgdGV4dCBiZWVuIHJldmlld2VkIGJ5IE9Q Uy1ESVIgYW5kIFlhbmcgZG9jdG9ycz8NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDsgMikgV2lsbCBpdCBiZSBhIHByb2JsZW0gSWYgd2Ugd3JpdGUgcHJpdmFjeSBjb25zaWRlcmF0 aW9ucyBvbiBJRUVFIHNwZWNpZmljYXRpb25zPw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgMykgRG8gd2UgbmVl ZCB0byBjb25zaWRlciB0aGUgcmFuZ2Ugb2YgZGVwbG95bWVudHMgb2YgTDIgKGhvbWUsDQo8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jmd0OyBlbnRlcnByaXNlLCZuYnNwOyBwdWJsaWMgUEJCIHNlcnZpY2UsIG5hdGlvbmFs IFBCQiBzZXJ2aWNlLCBEYXRhIGNlbnRlcnMpPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFRoYW5rIHlvdSwmbmJzcDsgU3VlPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDs8bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IC0tLS0tT3JpZ2luYWwg TWVzc2FnZS0tLS0tPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgRnJvbTogQ2hyaXN0aWFuIEh1aXRlbWEgdmlhIERh dGF0cmFja2VyIFs8YSBocmVmPSJtYWlsdG86bm9yZXBseUBpZXRmLm9yZyI+PHNwYW4gc3R5bGU9 ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPm1haWx0bzpub3JlcGx5QGll dGYub3JnPC9zcGFuPjwvYT5dPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgU2VudDogVGh1cnNkYXksIEp1bmUgMjUs IDIwMjAgMTowMSBBTTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFRvOiA8YSBocmVmPSJtYWlsdG86c2VjZGlyQGll dGYub3JnIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpu b25lIj5zZWNkaXJAaWV0Zi5vcmc8L3NwYW4+PC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IENjOiA8YSBocmVm PSJtYWlsdG86ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxAaWV0 Zi5vcmciPg0KPHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5v bmUiPmRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3Jn PC9zcGFuPjwvYT47DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyA8YSBocmVmPSJtYWlsdG86aTJyc0BpZXRmLm9y ZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPmky cnNAaWV0Zi5vcmc8L3NwYW4+PC9hPjsNCjxhIGhyZWY9Im1haWx0bzpsYXN0LWNhbGxAaWV0Zi5v cmciPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5s YXN0LWNhbGxAaWV0Zi5vcmc8L3NwYW4+PC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFN1YmplY3Q6IFNlY2Rp ciBsYXN0IGNhbGwgcmV2aWV3IG9mIDxvOnA+DQo8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgZHJhZnQtaWV0Zi1pMnJzLXlh bmctbDItbmV0d29yay10b3BvbG9neS0xMzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDsgUmV2aWV3ZXI6IENocmlzdGlhbiBIdWl0ZW1hPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgUmV2aWV3IHJlc3Vs dDogSGFzIElzc3VlczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgSSBoYXZlIHJl dmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUn cyBvbmdvaW5nIGVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nl c3NlZCBieSB0aGUgSUVTRy4mbmJzcDsgVGhlc2UgY29tbWVudHMgd2VyZSB3cml0dGVuIHdpdGgg dGhlIGludGVudCBvZiBpbXByb3Zpbmcgc2VjdXJpdHkgcmVxdWlyZW1lbnRzDQogYW5kIGNvbnNp ZGVyYXRpb25zIGluIElFVEYgZHJhZnRzLiZuYnNwOyBDb21tZW50cyBub3QgYWRkcmVzc2VkIGlu IGxhc3QgY2FsbCBtYXkgYmUgaW5jbHVkZWQgaW4gQUQgcmV2aWV3cyBkdXJpbmcgdGhlIElFU0cg cmV2aWV3LiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0 IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgVGhpcyBkb2N1bWVudCBkZXNjcmliZXMg YSBZYW5nIG1vZGVsIGZvciByZXByZXNlbnRpbmcgTGluayBMYXllciB0b3BvbG9naWVzLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mZ3Q7IFJlcHJlc2VudGluZyBzdWNoIHRvcG9sb2dpZXMgaXMgb2J2aW91c2x5IHVzZWZ1 bCBmb3IgbWFuYWdpbmcgbmV0d29yay48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBUaGUgc2VjdXJpdHkgc2VjdGlv biBpcyBmb2N1c2VkIG9uIHNlY3VyaW5nIHRoZSB1c2FnZSBvZiB0aGlzIGluZm9ybWF0aW9uIGZv ciBuZXR3b3JrIG1hbmFnZW1lbnQsIGJ1dCBkb2VzIG5vdCBhZGRyZXNzIHBvdGVudGlhbCBwcml2 YWN5IGlzc3Vlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFRoZSBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucyBleHBsYWluIGNvcnJlY3RseSBob3cgYWx0ZXJpbmcgdGhlIGxpbmsg bGF5ZXIgaW5mb3JtYXRpb24gY291bGQgZW5hYmxlIGF0dGFja3MgYWdhaW5zdCB0aGUgbmV0d29y ay4gVGhlIHByb3Bvc2VkIHJlbWVkeSBpcyBhY2Nlc3MgY29udHJvbCwgaW1wbGVtZW50ZWQgdXNp bmcgZWl0aGVyIFNTSCBvciBUTFMuIFRoaXMgaXMNCiBmaW5lLCBhbHRob3VnaCB0aGUgZGlzY3Vz c2lvbiBvZiBUTFMgYXV0aG9yaXNhdGlvbiBpcyBhIGJpdCBzaG9ydC4gQnkgZGVmYXVsdCwgVExT IHZlcmlmaWVzIHRoZSBpZGVudGl0eSBvZiB0aGUgc2VydmVyIGJ1dCBub3QgdGhhdCBvZiB0aGUg Y2xpZW50LiBSRkM4MDQwIHNlY3Rpb24gMi41IHNwZWNpZmllcyB0aGF0ICZxdW90O2EgUkVTVENP TkYgc2VydmVyIFNIT1VMRCByZXF1aXJlIGF1dGhlbnRpY2F0aW9uIGJhc2VkIG9uIFRMUyBjbGll bnQgY2VydGlmaWNhdGVzLg0KIEkgYXNzdW1lIHRoYXQncyB0aGUgaW50ZW50LCBidXQgaXQgbWln aHQgYmUgdXNlZnVsIHRvIHNheSBzby48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7 IE9uIHRoZSBvdGhlciBoYW5kLCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZG8gbm90IGRl c2NyaWJlIHByaXZhY3kgaXNzdWVzLCBhbmQgSSBmaW5kIHRoYXQgcHJvYmxlbWF0aWMuIFRoZSBw cm9wb3NlZCBpbmZvcm1hdGlvbiBtb2RlbCBsaXN0cyBhIG51bWJlciBvZiBzZW5zaXRpdmUgZGF0 YSwgc3VjaCBhcyBmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZg0KIGRldmljZXMuPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZndDsgVGhpcyBpbmZvcm1hdGlvbiBjYW4gYmUgbWlzdXNlZC4gRm9yIGV4YW1wbGUs IGFwcGxpY2F0aW9ucyBjb3VsZCBhc3Nlc3MgZGV2aWNlIGxvY2F0aW9uIGZldGNoaW5nIHRoZSBN QUMgYWRkcmVzc2VzIG9mIGxvY2FsIGdhdGV3YXlzLiBUaGlyZCBwYXJ0aWVzIGNvdWxkIGFjY2Vz cyBsaW5rIGxvY2FsIGluZm9ybWF0aW9uIHRvIGdhdGhlciBpZGVudGl0aWVzIG9mIGRldmljZXMN CiBhY2Nlc3NpbmcgYSBwYXJ0aWN1bGFyIG5ldHdvcmsuIFN1Y2ggaW5mb3JtYXRpb24gaXMgb2Z0 ZW4gcHJvdGVjdGVkIGJ5IHByaXZhY3kgQVBJIGluIHRoZSBPcGVyYXRpbmcgU3lzdGVtLCBidXQg YWNjZXNzaW5nIHRoZSBZYW5nIG1vZHVsZSBvdmVyIHRoZSBuZXR3b3JrIG1pZ2h0IGFsbG93IGFw cGxpY2F0aW9ucyB0byBieXBhc3MgdGhlc2UgY29udHJvbHMuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jmd0OyBDbGllbnQgYXV0aGVudGljYXRpb24gYWxvbmUgZG9lcyBub3QgbmVjZXNz YXJpbHkgcHJvdGVjdCBhZ2FpbnN0IHRoZXNlIHByaXZhY3kgbGVha3MuIEEgY2xhc3NpYyBjb25m aWd1cmF0aW9uIGVycm9yIHdvdWxkIGxpbWl0IHdyaXRlIGFjY2VzcyB0byBhdXRob3JpemVkIHVz ZXJzLCBidXQgdG8gYWxsb3cgcmVhZC1vbmx5IGFjY2VzcyB0byBtb3N0IHVzZXJzLiBUaGlzDQog a2luZCBvZiBlcnJvciB3b3VsZCBhbGxvdyBwcml2YWN5IGxlYWtzLiBHaXZlbiB0aGUgc2Vuc2l0 aXZlIG5hdHVyZSBvZiBNQUMgYWRkcmVzc2VzIGFuZCBvdGhlciBpZGVudGlmaWVycywgaXQgaXMg dXNlZnVsIHRvIHdhcm4gYWdhaW5zdCBzdWNoIGVycm9ycy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDs8bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OzxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX188bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBpMnJzIG1haWxpbmcgbGlz dDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mZ3Q7IDxhIGhyZWY9Im1haWx0bzppMnJzQGlldGYub3JnIj48c3BhbiBzdHls ZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+aTJyc0BpZXRmLm9yZzwv c3Bhbj48L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9pMnJzIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQt ZGVjb3JhdGlvbjpub25lIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ky cnM8L3NwYW4+PC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_B8F9A780D330094D99AF023C5877DABAAD7BCE5Ddggeml531mbschi_-- From nobody Fri Jun 26 05:36:40 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3BED3A0CD7; Fri, 26 Jun 2020 05:36:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.948 X-Spam-Level: X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0teuq54RUTS; Fri, 26 Jun 2020 05:36:30 -0700 (PDT) Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 212AA3A0958; Fri, 26 Jun 2020 05:36:29 -0700 (PDT) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=166.170.22.63; From: "Susan Hares" To: "'Christian Huitema'" , "'Qin Wu'" , Cc: , , References: <002a01d64af8$f07320b0$d1596210$@ndzh.com> <15aa8236-ce09-d0b4-5f12-31f10b32387c@huitema.net> In-Reply-To: <15aa8236-ce09-d0b4-5f12-31f10b32387c@huitema.net> Date: Fri, 26 Jun 2020 08:36:23 -0400 Message-ID: <006001d64bb6$68303850$3890a8f0$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLWmtRw7iPyu8IsKX2i31zM5z+c8gIWWk1AALLQ99Cm0+21kA== Content-Language: en-us X-Antivirus: AVG (VPS 200626-0, 06/26/2020), Outbound message X-Antivirus-Status: Not-Tested X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 12:36:33 -0000 Qin and Christian:=20 This addition words for me.=20 Sue=20 -----Original Message----- From: Christian Huitema [mailto:huitema@huitema.net]=20 Sent: Friday, June 26, 2020 12:05 AM To: Susan Hares; 'Qin Wu'; secdir@ietf.org Cc: i2rs@ietf.org; = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; = last-call@ietf.org Subject: Re: [Last-Call] [i2rs] Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 How about adding something like this: Privacy Considerations The Yang model for layer 2 topology exposes privacy sensitive = information, for example the MAC addresses of devices. Unrestricted use = of such information can lead to privacy violations. For example, listing = MAC addresses in a network allows monitoring of devices and their = movements. Location information can be derived from MAC addresses of = network devices, bypassing protection of location information by the = Operating System. Deployments should mitigate this privacy concerns by limiting access to = the layer 2 topology information. Access to the information should be = restricted to a minimal list of authorized agents, and should require = proper authentication of these agents. -- Christian Huitema On 6/25/2020 7:00 AM, Susan Hares wrote: > Qin and Christian:=20 > > Thank you for your prompt attention to the privacy issue. =20 > I'm sure Christian will respond in a bit - since he might be in PDT = time-zone.=20 > > Once you have a solution you both like, we should validate the privacy = > changes to the security considerations section with the Yang-doctors,=20 > OPS-ADs, and Security-ADs. > > Martin's watching this thread so I'm sure he'll help us out as well.=20 > > Sue > > -----Original Message----- > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > Sent: Thursday, June 25, 2020 9:25 AM > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > Cc: i2rs@ietf.org;=20 > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > last-call@ietf.org > Subject: Re: [i2rs] Secdir last call review of=20 > draft-ietf-i2rs-yang-l2-network-topology-13 > > Sue and Christian: > I have responded to Christian on privacy issue, my proposal is to add = MAC address as another data node vulnerability example in our original = security consideration section. > But If Christian or security directorate has recommending text, we = authors are happy to accept it. > > -Qin > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: Susan Hares [mailto:shares@ndzh.com] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2020=E5=B9=B46=E6=9C=8825=E6=97=A5 21:04 > =E6=94=B6=E4=BB=B6=E4=BA=BA: 'Christian Huitema' = ; secdir@ietf.org > =E6=8A=84=E9=80=81: = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > i2rs@ietf.org; last-call@ietf.org > =E4=B8=BB=E9=A2=98: RE: Secdir last call review of=20 > draft-ietf-i2rs-yang-l2-network-topology-13 > > Christian: > > Thank you for catching the privacy issues. =20 > > I've got a few questions to help the authors scope this change:=20 > > 1) Since this is common to all L2 Topologies, can you or the security = directorate recommend some text that might be appropriate?=20 > If you have recommended text, has this text been reviewed by = OPS-DIR and Yang doctors?=20 > > 2) Will it be a problem If we write privacy considerations on IEEE = specifications?=20 > 3) Do we need to consider the range of deployments of L2 (home,=20 > enterprise, public PBB service, national PBB service, Data centers) > > > Thank you, Sue > > > -----Original Message----- > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > Sent: Thursday, June 25, 2020 1:01 AM > To: secdir@ietf.org > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > i2rs@ietf.org; last-call@ietf.org > Subject: Secdir last call review of=20 > draft-ietf-i2rs-yang-l2-network-topology-13 > > Reviewer: Christian Huitema > Review result: Has Issues > > I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written with the intent of improving security = requirements and considerations in IETF drafts. Comments not addressed = in last call may be included in AD reviews during the IESG review. = Document editors and WG chairs should treat these comments just like any = other last call comments. > > This document describes a Yang model for representing Link Layer = topologies. > Representing such topologies is obviously useful for managing network. > The security section is focused on securing the usage of this = information for network management, but does not address potential = privacy issues. > > The security considerations explain correctly how altering the link = layer information could enable attacks against the network. The proposed = remedy is access control, implemented using either SSH or TLS. This is = fine, although the discussion of TLS authorisation is a bit short. By = default, TLS verifies the identity of the server but not that of the = client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD = require authentication based on TLS client certificates. I assume that's = the intent, but it might be useful to say so. > > On the other hand, the security considerations do not describe privacy = issues, and I find that problematic. The proposed information model = lists a number of sensitive data, such as for example the MAC addresses = of devices. > This information can be misused. For example, applications could = assess device location fetching the MAC addresses of local gateways. = Third parties could access link local information to gather identities = of devices accessing a particular network. Such information is often = protected by privacy API in the Operating System, but accessing the Yang = module over the network might allow applications to bypass these = controls. > > Client authentication alone does not necessarily protect against these = privacy leaks. A classic configuration error would limit write access to = authorized users, but to allow read-only access to most users. This kind = of error would allow privacy leaks. Given the sensitive nature of MAC = addresses and other identifiers, it is useful to warn against such = errors. > > > > > > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs > From nobody Fri Jun 26 06:11:55 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B18723A09EC; Fri, 26 Jun 2020 06:11:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f5C5dSWqES8v; Fri, 26 Jun 2020 06:11:50 -0700 (PDT) Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E27853A0990; Fri, 26 Jun 2020 06:11:48 -0700 (PDT) Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 04CCB6AB; Fri, 26 Jun 2020 15:11:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from atlas5.jacobs-university.de ([10.70.0.198]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id xSH3U3WTX85z; Fri, 26 Jun 2020 15:11:46 +0200 (CEST) Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Fri, 26 Jun 2020 15:11:46 +0200 (CEST) Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id A9EF4200E4; Fri, 26 Jun 2020 15:11:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id d-0Zd_XrLdw5; Fri, 26 Jun 2020 15:11:46 +0200 (CEST) Received: from localhost (anna.jacobs.jacobs-university.de [10.50.218.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by hermes.jacobs-university.de (Postfix) with ESMTPS id 6B76F20154; Fri, 26 Jun 2020 15:11:45 +0200 (CEST) Date: Fri, 26 Jun 2020 15:11:45 +0200 From: Juergen Schoenwaelder To: Susan Hares Cc: 'Christian Huitema' , 'Qin Wu' , secdir@ietf.org, i2rs@ietf.org, draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, last-call@ietf.org Message-ID: <20200626131145.habw34iy5orl4d3m@anna.jacobs.jacobs-university.de> Reply-To: Juergen Schoenwaelder Mail-Followup-To: Susan Hares , 'Christian Huitema' , 'Qin Wu' , secdir@ietf.org, i2rs@ietf.org, draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org, last-call@ietf.org References: <002a01d64af8$f07320b0$d1596210$@ndzh.com> <15aa8236-ce09-d0b4-5f12-31f10b32387c@huitema.net> <006001d64bb6$68303850$3890a8f0$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <006001d64bb6$68303850$3890a8f0$@ndzh.com> X-Clacks-Overhead: GNU Terry Pratchett Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 13:11:53 -0000 But please s/agents/clients/ . /js On Fri, Jun 26, 2020 at 08:36:23AM -0400, Susan Hares wrote: > Qin and Christian:=20 >=20 > This addition words for me.=20 >=20 > Sue=20 >=20 > -----Original Message----- > From: Christian Huitema [mailto:huitema@huitema.net]=20 > Sent: Friday, June 26, 2020 12:05 AM > To: Susan Hares; 'Qin Wu'; secdir@ietf.org > Cc: i2rs@ietf.org; draft-ietf-i2rs-yang-l2-network-topology.all@ietf.or= g; last-call@ietf.org > Subject: Re: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i= 2rs-yang-l2-network-topology-13 >=20 > How about adding something like this: >=20 > Privacy Considerations >=20 > The Yang model for layer 2 topology exposes privacy sensitive informati= on, for example the MAC addresses of devices. Unrestricted use of such in= formation can lead to privacy violations. For example, listing MAC addres= ses in a network allows monitoring of devices and their movements. Locati= on information can be derived from MAC addresses of network devices, bypa= ssing protection of location information by the Operating System. >=20 > Deployments should mitigate this privacy concerns by limiting access to= the layer 2 topology information. Access to the information should be re= stricted to a minimal list of authorized agents, and should require prope= r authentication of these agents. >=20 > -- Christian Huitema >=20 > On 6/25/2020 7:00 AM, Susan Hares wrote: > > Qin and Christian:=20 > > > > Thank you for your prompt attention to the privacy issue. =20 > > I'm sure Christian will respond in a bit - since he might be in PDT t= ime-zone.=20 > > > > Once you have a solution you both like, we should validate the privac= y=20 > > changes to the security considerations section with the Yang-doctors,= =20 > > OPS-ADs, and Security-ADs. > > > > Martin's watching this thread so I'm sure he'll help us out as well.=20 > > > > Sue > > > > -----Original Message----- > > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > > Sent: Thursday, June 25, 2020 9:25 AM > > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > > Cc: i2rs@ietf.org;=20 > > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > > last-call@ietf.org > > Subject: Re: [i2rs] Secdir last call review of=20 > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Sue and Christian: > > I have responded to Christian on privacy issue, my proposal is to add= MAC address as another data node vulnerability example in our original s= ecurity consideration section. > > But If Christian or security directorate has recommending text, we au= thors are happy to accept it. > > > > -Qin > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Susan Hares [mailto:shares@ndzh.com] > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B46=E6=9C=8825=E6=97= =A5 21:04 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: 'Christian Huitema' ; secdir@ietf.org > > =E6=8A=84=E9=80=81: draft-ietf-i2rs-yang-l2-network-topology.all@ietf= .org;=20 > > i2rs@ietf.org; last-call@ietf.org > > =E4=B8=BB=E9=A2=98: RE: Secdir last call review of=20 > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Christian: > > > > Thank you for catching the privacy issues. =20 > > > > I've got a few questions to help the authors scope this change:=20 > > > > 1) Since this is common to all L2 Topologies, can you or the security= directorate recommend some text that might be appropriate?=20 > > If you have recommended text, has this text been reviewed by OPS-D= IR and Yang doctors?=20 > > > > 2) Will it be a problem If we write privacy considerations on IEEE sp= ecifications?=20 > > 3) Do we need to consider the range of deployments of L2 (home,=20 > > enterprise, public PBB service, national PBB service, Data centers) > > > > > > Thank you, Sue > > > > > > -----Original Message----- > > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > > Sent: Thursday, June 25, 2020 1:01 AM > > To: secdir@ietf.org > > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > > i2rs@ietf.org; last-call@ietf.org > > Subject: Secdir last call review of=20 > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Reviewer: Christian Huitema > > Review result: Has Issues > > > > I have reviewed this document as part of the security directorate's o= ngoing effort to review all IETF documents being processed by the IESG. = These comments were written with the intent of improving security require= ments and considerations in IETF drafts. Comments not addressed in last = call may be included in AD reviews during the IESG review. Document edit= ors and WG chairs should treat these comments just like any other last ca= ll comments. > > > > This document describes a Yang model for representing Link Layer topo= logies. > > Representing such topologies is obviously useful for managing network= . > > The security section is focused on securing the usage of this informa= tion for network management, but does not address potential privacy issue= s. > > > > The security considerations explain correctly how altering the link l= ayer information could enable attacks against the network. The proposed r= emedy is access control, implemented using either SSH or TLS. This is fin= e, although the discussion of TLS authorisation is a bit short. By defaul= t, TLS verifies the identity of the server but not that of the client. RF= C8040 section 2.5 specifies that "a RESTCONF server SHOULD require authen= tication based on TLS client certificates. I assume that's the intent, bu= t it might be useful to say so. > > > > On the other hand, the security considerations do not describe privac= y issues, and I find that problematic. The proposed information model lis= ts a number of sensitive data, such as for example the MAC addresses of d= evices. > > This information can be misused. For example, applications could asse= ss device location fetching the MAC addresses of local gateways. Third pa= rties could access link local information to gather identities of devices= accessing a particular network. Such information is often protected by p= rivacy API in the Operating System, but accessing the Yang module over th= e network might allow applications to bypass these controls. > > > > Client authentication alone does not necessarily protect against thes= e privacy leaks. A classic configuration error would limit write access t= o authorized users, but to allow read-only access to most users. This kin= d of error would allow privacy leaks. Given the sensitive nature of MAC a= ddresses and other identifiers, it is useful to warn against such errors. > > > > > > > > > > > > _______________________________________________ > > i2rs mailing list > > i2rs@ietf.org > > https://www.ietf.org/mailman/listinfo/i2rs > > >=20 > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Fri Jun 26 07:03:25 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738373A00AE; Fri, 26 Jun 2020 07:03:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.948 X-Spam-Level: X-Spam-Status: No, score=0.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id isTKB1JcY2Ee; Fri, 26 Jun 2020 07:03:23 -0700 (PDT) Received: from hickoryhill-consulting.com (50-245-122-100-static.hfc.comcastbusiness.net [50.245.122.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA0F63A005F; Fri, 26 Jun 2020 07:03:22 -0700 (PDT) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.170.22.63; From: "Susan Hares" To: "'Juergen Schoenwaelder'" Cc: "'Christian Huitema'" , "'Qin Wu'" , , , , References: <002a01d64af8$f07320b0$d1596210$@ndzh.com> <15aa8236-ce09-d0b4-5f12-31f10b32387c@huitema.net> <006001d64bb6$68303850$3890a8f0$@ndzh.com> <20200626131145.habw34iy5orl4d3m@anna.jacobs.jacobs-university.de> In-Reply-To: <20200626131145.habw34iy5orl4d3m@anna.jacobs.jacobs-university.de> Date: Fri, 26 Jun 2020 10:03:17 -0400 Message-ID: <009001d64bc2$8b8cfde0$a2a6f9a0$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQLWmtRw7iPyu8IsKX2i31zM5z+c8gIWWk1AALLQ99AC9T3OswJJw38FpqoN9RA= Content-Language: en-us X-Antivirus: AVG (VPS 200626-0, 06/26/2020), Outbound message X-Antivirus-Status: Not-Tested X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 14:03:25 -0000 Juergen:=20 Good catch. Thanks.=20 sue -----Original Message----- From: Juergen Schoenwaelder = [mailto:j.schoenwaelder@jacobs-university.de]=20 Sent: Friday, June 26, 2020 9:12 AM To: Susan Hares Cc: 'Christian Huitema'; 'Qin Wu'; secdir@ietf.org; i2rs@ietf.org; = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; = last-call@ietf.org Subject: Re: [i2rs] [Last-Call] Secdir last call review of = draft-ietf-i2rs-yang-l2-network-topology-13 But please s/agents/clients/ . /js On Fri, Jun 26, 2020 at 08:36:23AM -0400, Susan Hares wrote: > Qin and Christian:=20 >=20 > This addition words for me.=20 >=20 > Sue >=20 > -----Original Message----- > From: Christian Huitema [mailto:huitema@huitema.net] > Sent: Friday, June 26, 2020 12:05 AM > To: Susan Hares; 'Qin Wu'; secdir@ietf.org > Cc: i2rs@ietf.org;=20 > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;=20 > last-call@ietf.org > Subject: Re: [Last-Call] [i2rs] Secdir last call review of=20 > draft-ietf-i2rs-yang-l2-network-topology-13 >=20 > How about adding something like this: >=20 > Privacy Considerations >=20 > The Yang model for layer 2 topology exposes privacy sensitive = information, for example the MAC addresses of devices. Unrestricted use = of such information can lead to privacy violations. For example, listing = MAC addresses in a network allows monitoring of devices and their = movements. Location information can be derived from MAC addresses of = network devices, bypassing protection of location information by the = Operating System. >=20 > Deployments should mitigate this privacy concerns by limiting access = to the layer 2 topology information. Access to the information should be = restricted to a minimal list of authorized agents, and should require = proper authentication of these agents. >=20 > -- Christian Huitema >=20 > On 6/25/2020 7:00 AM, Susan Hares wrote: > > Qin and Christian:=20 > > > > Thank you for your prompt attention to the privacy issue. =20 > > I'm sure Christian will respond in a bit - since he might be in PDT = time-zone.=20 > > > > Once you have a solution you both like, we should validate the=20 > > privacy changes to the security considerations section with the=20 > > Yang-doctors, OPS-ADs, and Security-ADs. > > > > Martin's watching this thread so I'm sure he'll help us out as well. = > > > > Sue > > > > -----Original Message----- > > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > > Sent: Thursday, June 25, 2020 9:25 AM > > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > > Cc: i2rs@ietf.org; > > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; > > last-call@ietf.org > > Subject: Re: [i2rs] Secdir last call review of > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Sue and Christian: > > I have responded to Christian on privacy issue, my proposal is to = add MAC address as another data node vulnerability example in our = original security consideration section. > > But If Christian or security directorate has recommending text, we = authors are happy to accept it. > > > > -Qin > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Susan Hares [mailto:shares@ndzh.com] > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2020=E5=B9=B46=E6=9C=8825=E6=97=A5 21:04 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: 'Christian Huitema' = ; secdir@ietf.org > > =E6=8A=84=E9=80=81: = draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; > > i2rs@ietf.org; last-call@ietf.org > > =E4=B8=BB=E9=A2=98: RE: Secdir last call review of > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Christian: > > > > Thank you for catching the privacy issues. =20 > > > > I've got a few questions to help the authors scope this change:=20 > > > > 1) Since this is common to all L2 Topologies, can you or the = security directorate recommend some text that might be appropriate?=20 > > If you have recommended text, has this text been reviewed by = OPS-DIR and Yang doctors?=20 > > > > 2) Will it be a problem If we write privacy considerations on IEEE = specifications?=20 > > 3) Do we need to consider the range of deployments of L2 (home,=20 > > enterprise, public PBB service, national PBB service, Data centers) > > > > > > Thank you, Sue > > > > > > -----Original Message----- > > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > > Sent: Thursday, June 25, 2020 1:01 AM > > To: secdir@ietf.org > > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; > > i2rs@ietf.org; last-call@ietf.org > > Subject: Secdir last call review of > > draft-ietf-i2rs-yang-l2-network-topology-13 > > > > Reviewer: Christian Huitema > > Review result: Has Issues > > > > I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written with the intent of improving security = requirements and considerations in IETF drafts. Comments not addressed = in last call may be included in AD reviews during the IESG review. = Document editors and WG chairs should treat these comments just like any = other last call comments. > > > > This document describes a Yang model for representing Link Layer = topologies. > > Representing such topologies is obviously useful for managing = network From nobody Fri Jun 26 08:54:42 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDBC3A0801 for ; Fri, 26 Jun 2020 08:54:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.888 X-Spam-Level: X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYeTlqroqFfC for ; Fri, 26 Jun 2020 08:54:35 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2D1B3A07C0 for ; Fri, 26 Jun 2020 08:54:34 -0700 (PDT) Received: from xse500.mail2web.com ([66.113.197.246] helo=xse.mail2web.com) by mx166.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1jopn7-000rKU-OY for i2rs@ietf.org; Fri, 26 Jun 2020 16:57:28 +0200 Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 49tg0W4T3Yz1kMM for ; Fri, 26 Jun 2020 07:55:07 -0700 (PDT) Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1jopkx-0003cu-Ev for i2rs@ietf.org; Fri, 26 Jun 2020 07:55:07 -0700 Received: (qmail 15894 invoked from network); 26 Jun 2020 14:55:07 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.153]) (envelope-sender ) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 26 Jun 2020 14:55:06 -0000 To: Qin Wu , Susan Hares , "secdir@ietf.org" Cc: "i2rs@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "last-call@ietf.org" , NETMOD Group References: From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: <34bbf063-7973-b7aa-c407-0ac9c071a648@huitema.net> Date: Fri, 26 Jun 2020 07:55:05 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------D1256F2AD8D9EE12B56C05C7" Content-Language: en-US X-Originating-IP: 66.113.197.246 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.197.0/24 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0f6LF1GdvkEexklpcFpSF5apSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDU1aob+exlALJps7Lzuw5NLgN zB/4Jkrw1eDLcif59ftj+vcRILgqLmGROorwAsJ/+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxph9w6EwXICYy0ePXtGEMhqrDaibB3uLat3zCZGq8cCma2U6UgOqKJ9sMwhVoOBGSAIboXtx P9OF0EfNs5TqNq2Yhy7LI0kfFnXdPP6btp4oBeJDeKRq5oPj2hFJhLx+qI3HlR3ootg7OlA3N5WN re/oppAGOX5cHTu1yz4pRT/9FGrxEaaKeSxe0Wrx6M4G5/WoLsdfEoJI0BNUQ4KpaNyNCwGqOUcw rXf55E8Tb8bmXq4yH8StrboPphDtmrtUkwkDMc9xayd+oZJo2heFY+g6kVWClPVvbW5lVyQanRxw 5rdY2rW50fd1ekaDpmIWc1Vmt3mnxMTQMQWbvBqEXskTQn6USYs98Imn+lZXe3dwYfgVB1xo6dCf BaU/iegBU8aIeAiT0zR0hZdGDzE20RPqIs2Wt13AFwj+mbBCp9AQapy0QmXh9uhfq6i5/bGl8Ngx iMxSpkvqIEtRL3s4ePxvne6Agjui5gKB/Byw/yqfyPKY2AXNZGS5G93aGyH8MqMlOQRMVMd0HCeT skOZ5TL8jLUw57aJSXIevh0x/9ZiDjXg724gFzhHYUe+7aKm0vV7rNsxpsot8b76lu8kLu8BTi+J 2sBvM/O0p+zizleC4va6FPcpDHjXMKZJK8+chia6s7QH5Aus1s4PLXq2tVdt7cTs80/2FnZg/IMs IAdedSzLrjsyfTPCYbMCLdmf5h2vfxw3Qvb2Glio5Cia/9Kfg4kJ0WtAYbrpe3OOAtQNb87OBHCz Hbokiue7PjVB1S6AQRz4SqXhOP5fdiQt7lu5Jm5nk4BSgYHOJJgUtm67rBRli6kULE5BQDZnPvvF VsQ= X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 15:54:39 -0000 This is a multi-part message in MIME format. --------------D1256F2AD8D9EE12B56C05C7 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I like variant B better, although I would not single out the mac addresses in the "sabotage" warning. My main concern is that network administrators will naturally be very concerned about information that is writable/creatable/deletable, because they understand the impact on the management of their network. However, they are not so concerned with read-only access, because reading information does not directly affect the operation of the network. My whole point is telling them, "you are documenting your L2 topology, it contains sensitive information, make sure that reading it is protected, not just writing it". I agree that NETCONF and RESTCONF provide the right tools for protecting the information. My request is just to clearly tell network administrators to use these tools, do not leave read access wide open! -- Christian Huitema On 6/26/2020 4:37 AM, Qin Wu wrote: > > Hi, Christian: > > 1.=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 NACM defined in RFC8341 has alre= ady provided mechanisms to > restrict access to sensitive information to a minimal list of > authorized client or agents and deal with privacy issue if my > understanding is correct. > > 2.=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Both NETCONF and RESTCONF will r= ely on transport protocol > such as TLS to provide client authentication and server > authentication, i.e., mutual authentication. > > 3.=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 The YANG security guideline defi= ned in > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines > > Provide perfect boilerplate to address both security consideration and > privacy consideration. > > My original proposal A to address your comments is: > > OLD TEXT: > > " > > =C2=A0=C2=A0 There are a number of data nodes defined in this YANG modu= le that are > > =C2=A0=C2=A0 writable/creatable/deletable (i.e., config true, which is = the > > =C2=A0=C2=A0 default).=C2=A0 These data nodes may be considered sensiti= ve or vulnerable > > =C2=A0=C2=A0 in some network environments.=C2=A0 Write operations (e.g.= , edit-config) > > =C2=A0=C2=A0 to these data nodes without proper protection can have a n= egative > > =C2=A0=C2=A0 effect on network operations.=C2=A0 These are the subtrees= and data nodes > > =C2=A0=C2=A0 and their sensitivity/vulnerability in the ietf-network mo= dule: > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-network-attributes: A malicious client could at= tempt to > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sabotage the configuration of any of the= contained attributes, > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 such as the name or the flag data nodes.= > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-node-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important node attr= ibutes, such as the name > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the management-address. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-link-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important link attr= ibutes, such as the rate > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the delay data nodes. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-termination-point-attributes: A malicious clien= t could attempt > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 to sabotage the configuration of importa= nt termination point > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 attributes, such as the maximum-frame-si= ze. > > " > > NEW TEXT: > > " > > =C2=A0=C2=A0 There are a number of data nodes defined in this YANG modu= le that are > > =C2=A0=C2=A0 writable/creatable/deletable (i.e., config true, which is = the > > =C2=A0=C2=A0 default).=C2=A0 These data nodes may be considered sensiti= ve or vulnerable > > =C2=A0=C2=A0 in some network environments.=C2=A0 Write operations (e.g.= , edit-config) > > =C2=A0=C2=A0 to these data nodes without proper protection can have a n= egative > > =C2=A0=C2=A0 effect on network operations.=C2=A0 These are the subtrees= and data nodes > > =C2=A0=C2=A0 and their sensitivity/vulnerability in the ietf-network mo= dule: > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-network-attributes: A malicious client could at= tempt to > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sabotage the configuration of any of the= contained attributes, > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 such as the name or the flag data nodes.= > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-node-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important node attr= ibutes, such as the name > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ,the management-address *or mac address = of the devices*. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-link-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important link attr= ibutes, such as the rate > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the delay data nodes. > > =C2=A0 > > =C2=A0=C2=A0o=C2=A0 l2-termination-point-attributes: A malicious client= could attempt > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 to sabotage the configuration of importa= nt termination point > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 attributes, such as the maximum-frame-si= ze, *mac-address*. > > " > > =C2=A0 > > With your proposed text, we could have the following proposal changes > (Proposal B): > > OLD TEXT: > > " > > 6.=C2=A0 Security Considerations > > =C2=A0 > > =C2=A0=C2=A0 The YANG module specified in this document defines a schem= a for data > > =C2=A0=C2=A0 that is designed to be accessed via network management pro= tocols such > > =C2=A0=C2=A0 as NETCONF [RFC6241] or RESTCONF [RFC8040].=C2=A0 The lowe= st NETCONF layer > > =C2=A0=C2=A0 is the secure transport layer, and the mandatory-to-implem= ent secure > > =C2=A0=C2=A0 transport is Secure Shell (SSH) [RFC6242].=C2=A0 The lowes= t RESTCONF layer > > =C2=A0=C2=A0 is HTTPS, and the mandatory-to-implement secure transport = is TLS > > =C2=A0=C2=A0 [RFC8446]. > > =C2=A0 > > =C2=A0=C2=A0 The Network Configuration Access Control Model (NACM) [RFC= 8341] > > =C2=A0=C2=A0 provides the means to restrict access for particular NETCO= NF or > > =C2=A0 > > =C2=A0=C2=A0 RESTCONF users to a preconfigured subset of all available = NETCONF or > > =C2=A0=C2=A0 RESTCONF protocol operations and content. > > =C2=A0 > > =C2=A0=C2=A0 In general, Layer 2 network topologies are system-controll= ed and > > =C2=A0=C2=A0 provide ephemeral topology information.=C2=A0 In an NMDA-c= omplient server, > > =C2=A0=C2=A0 they are only part of which provides read-on= ly access > > =C2=A0=C2=A0 to clients, they are less vulnerable.=C2=A0 That said, the= YANG module > > =C2=A0=C2=A0 does in principle allow information to be configurable. > > =C2=A0 > > =C2=A0=C2=A0 The Layer 2 topology module define information that can be= > > =C2=A0=C2=A0 configurable in certain instances, for example in the case= of virtual > > =C2=A0=C2=A0 topologies that can be created by client applications.=C2=A0= In such > > =C2=A0=C2=A0 cases, a malicious client could introduce topologies that = are > > =C2=A0=C2=A0 undesired.=C2=A0 Specifically, a malicious client could at= tempt to remove > > =C2=A0=C2=A0 or add a node, a link, a termination point, by creating or= deleting > > =C2=A0=C2=A0 corresponding elements in the node, link, and termination = point > > =C2=A0=C2=A0 lists, respectively.=C2=A0 In the case of a topology that = is learned, the > > =C2=A0=C2=A0 server will automatically prohibit such misconfiguration a= ttempts. > > =C2=A0=C2=A0 In the case of a topology that is configured, i.e. whose o= rigin is > > =C2=A0=C2=A0 "intended", the undesired configuration could become effec= tive and be > > =C2=A0=C2=A0 reflected in the operational state datastore, leading to d= isruption > > =C2=A0=C2=A0 of services provided via this topology might be disrupted.= =C2=A0 For those > > =C2=A0=C2=A0 reasons, it is important that the NETCONF access control m= odel is > > =C2=A0=C2=A0 vigorously applied to prevent topology misconfiguration by= > > =C2=A0=C2=A0 unauthorized clients. > > =C2=A0 > > =C2=A0=C2=A0 There are a number of data nodes defined in this YANG modu= le that are > > =C2=A0=C2=A0 writable/creatable/deletable (i.e., config true, which is = the > > =C2=A0=C2=A0 default).=C2=A0 These data nodes may be considered sensiti= ve or vulnerable > > =C2=A0=C2=A0 in some network environments.=C2=A0 Write operations (e.g.= , edit-config) > > =C2=A0=C2=A0 to these data nodes without proper protection can have a n= egative > > =C2=A0=C2=A0 effect on network operations.=C2=A0 These are the subtrees= and data nodes > > =C2=A0=C2=A0 and their sensitivity/vulnerability in the ietf-network mo= dule: > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-network-attributes: A malicious client could at= tempt to > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sabotage the configuration of any of the= contained attributes, > > =C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0such as the name or the flag data nodes.= > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-node-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important node attr= ibutes, such as the name > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the management-address. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-link-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important link attr= ibutes, such as the rate > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the delay data nodes. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-termination-point-attributes: A malicious clien= t could attempt > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 to sabotage the configuration of importa= nt termination point > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 attributes, such as the maximum-frame-si= ze. > > " > > NEW TEXT: > > " > > 6.=C2=A0 Security Considerations > > =C2=A0 > > =C2=A0=C2=A0 The YANG module specified in this document defines a schem= a for data > > =C2=A0=C2=A0 that is designed to be accessed via network management pro= tocols such > > =C2=A0=C2=A0 as NETCONF [RFC6241] or RESTCONF [RFC8040].=C2=A0 The lowe= st NETCONF layer > > =C2=A0 =C2=A0is the secure transport layer, and the mandatory-to-implem= ent secure > > =C2=A0=C2=A0 transport is Secure Shell (SSH) [RFC6242].=C2=A0 The lowes= t RESTCONF layer > > =C2=A0=C2=A0 is HTTPS, and the mandatory-to-implement secure transport = is TLS > > =C2=A0=C2=A0 [RFC8446]. > > =C2=A0 > > =C2=A0=C2=A0 The Network Configuration Access Control Model (NACM) [RFC= 8341] > > =C2=A0=C2=A0 provides the means to restrict access for particular NETCO= NF or > > =C2=A0=C2=A0 RESTCONF users to a preconfigured subset of all available = NETCONF or > > =C2=A0=C2=A0 RESTCONF protocol operations and content. > > =C2=A0 > > =C2=A0=C2=A0 In general, Layer 2 network topologies are system-controll= ed and > > =C2=A0=C2=A0 provide ephemeral topology information.=C2=A0 In an NMDA-c= omplient server, > > =C2=A0=C2=A0 they are only part of which provides read-on= ly access > > =C2=A0=C2=A0 to clients, they are less vulnerable.=C2=A0 That said, the= YANG module > > =C2=A0=C2=A0 does in principle allow information to be configurable. > > =C2=A0 > > =C2=A0=C2=A0 The Layer 2 topology module define information that can be= > > =C2=A0=C2=A0 configurable in certain instances, for example in the case= of virtual > > =C2=A0=C2=A0 topologies that can be created by client applications.=C2=A0= In such > > =C2=A0=C2=A0 cases, a malicious client could introduce topologies that = are > > =C2=A0=C2=A0 undesired.=C2=A0 Specifically, a malicious client could at= tempt to remove > > =C2=A0=C2=A0 or add a node, a link, a termination point, by creating or= deleting > > =C2=A0=C2=A0 corresponding elements in the node, link, and termination = point > > =C2=A0=C2=A0 lists, respectively.=C2=A0 In the case of a topology that = is learned, the > > =C2=A0=C2=A0 server will automatically prohibit such misconfiguration a= ttempts. > > =C2=A0=C2=A0 In the case of a topology that is configured, i.e. whose o= rigin is > > =C2=A0=C2=A0 "intended", the undesired configuration could become effec= tive and be > > =C2=A0=C2=A0 reflected in the operational state datastore, leading to d= isruption > > =C2=A0=C2=A0 of services provided via this topology might be disrupted.= =C2=A0 For those > > =C2=A0=C2=A0 reasons, it is important that the NETCONF access control m= odel is > > =C2=A0=C2=A0 vigorously applied to prevent topology misconfiguration by= > > =C2=A0=C2=A0 unauthorized clients. > > =C2=A0 > > *=C2=A0 The YANG model for layer 2 topology may expose sensitive inform= ation, * > > *=C2=A0=C2=A0for example the MAC addresses of devices. Unrestricted use= of such > information * > > *=C2=A0=C2=A0=C2=A0can lead to privacy violations. For example, listing= MAC addresses > in a network * > > *=C2=A0=C2=A0=C2=A0allows monitoring of devices and their movements. Lo= cation > information can be derived* > > *=C2=A0 =C2=A0from MAC addresses of network devices, bypassing protecti= on of > location information by * > > *=C2=A0=C2=A0=C2=A0the Operating System. Deployments should mitigate th= is privacy > concerns by limiting access * > > *=C2=A0=C2=A0=C2=A0to the layer 2 topology information. Access to the i= nformation > should be restricted to a * > > *=C2=A0=C2=A0=C2=A0minimal list of authorized clients, and should also = require proper > authentication of these clients.* > > =C2=A0 > > =C2=A0=C2=A0 There are a number of data nodes defined in this YANG modu= le that are > > =C2=A0=C2=A0 writable/creatable/deletable (i.e., config true, which is = the > > =C2=A0=C2=A0 default).=C2=A0 These data nodes may be considered sensiti= ve or vulnerable > > =C2=A0=C2=A0 in some network environments.=C2=A0 Write operations (e.g.= , edit-config) > > =C2=A0=C2=A0 to these data nodes without proper protection can have a n= egative > > =C2=A0=C2=A0 effect on network operations.=C2=A0 These are the subtrees= and data nodes > > =C2=A0=C2=A0 and their sensitivity/vulnerability in the ietf-network mo= dule: > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-network-attributes: A malicious client could at= tempt to > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sabotage the configuration of any of the= contained attributes, > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 such as the name or the flag data nodes.= > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-node-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important node attr= ibutes, such as the name > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ,the management-address, *mac-address of= the devices*. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-link-attributes: A malicious client could attem= pt to sabotage > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 the configuration of important link attr= ibutes, such as the rate > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 or the delay data nodes. > > =C2=A0 > > =C2=A0=C2=A0 o=C2=A0 l2-termination-point-attributes: A malicious clien= t could attempt > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 to sabotage the configuration of importa= nt termination point > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 attributes, such as the maximum-frame-si= ze, *mac-address*. > > " > > The question is do you think proposal with yang security boilterplate > has already addressed your comments > > Or you think we should emphasize how privacy issue can be addressed by > NACM and client authentication is needed? > > =C2=A0 > > -Qin > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: Christian Huitema [mailto:huitema@huitema.= net] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B46=E6=9C=8826=E6=97=A5= 12:05 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Susan Hares ; Qin Wu ; > secdir@ietf.org > =E6=8A=84=E9=80=81: i2rs@ietf.org; > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; last-call@ietf.o= rg > =E4=B8=BB=E9=A2=98: Re: [Last-Call] [i2rs] Secdir last call review of > draft-ietf-i2rs-yang-l2-network-topology-13 > > =C2=A0 > > How about adding something like this: > > =C2=A0 > > Privacy Considerations > > =C2=A0 > > The Yang model for layer 2 topology exposes privacy sensitive > information, for example the MAC addresses of devices. Unrestricted > use of such information can lead to privacy violations. For example, > listing MAC addresses in a network allows monitoring of devices and > their movements. Location information can be derived from MAC > addresses of network devices, bypassing protection of location > information by the Operating System. > > =C2=A0 > > Deployments should mitigate this privacy concerns by limiting access > to the layer 2 topology information. Access to the information should > be restricted to a minimal list of authorized agents, and should > require proper authentication of these agents. > > =C2=A0 > > -- Christian Huitema > > =C2=A0 > > On 6/25/2020 7:00 AM, Susan Hares wrote: > > > Qin and Christian: > > >=C2=A0 > > > Thank you for your prompt attention to the privacy issue.=C2=A0 > > > I'm sure Christian will respond in a bit - since he might be in PDT t= ime-zone. > > >=C2=A0 > > > Once you have a solution you both like, we should validate the privac= y > > > changes to the security considerations section with the Yang-doctors,= > > > OPS-ADs, and Security-ADs. > > >=C2=A0 > > > Martin's watching this thread so I'm sure he'll help us out as well. > > >=C2=A0 > > > Sue > > >=C2=A0 > > > -----Original Message----- > > > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > > > Sent: Thursday, June 25, 2020 9:25 AM > > > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > > > Cc: i2rs@ietf.org ; > > > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > > > last-call@ietf.org > > > Subject: Re: [i2rs] Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >=C2=A0 > > > Sue and Christian: > > > I have responded to Christian on privacy issue, my proposal is to add= MAC address as > another data node vulnerability example in our original security > consideration section. > > > But If Christian or security directorate has recommending text, we au= thors are happy > to accept it. > > >=C2=A0 > > > -Qin > > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Susan Hares [mailto:shares@ndzh.com] > > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B46=E6=9C=8825=E6=97= =A521:04 > > > =E6=94=B6=E4=BB=B6=E4=BA=BA: 'Christian Huitema' >; secdir@ietf.org = > > > =E6=8A=84=E9=80=81: draft-ietf-i2rs-yang-l2-network-topology.all@ietf= =2Eorg > ; > > > i2rs@ietf.org ; last-call@ietf.org > > > > =E4=B8=BB=E9=A2=98: RE: Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >=C2=A0 > > > Christian: > > >=C2=A0 > > > Thank you for catching the privacy issues.=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 > > >=C2=A0 > > > I've got a few questions to help the authors scope this change: > > >=C2=A0 > > > 1) Since this is common to all L2 Topologies, can you or the security= directorate > recommend some text that might be appropriate? > > > =C2=A0=C2=A0=C2=A0If you have recommended text, has this text been re= viewed by OPS-DIR and Yang > doctors? > > >=C2=A0 > > > 2) Will it be a problem If we write privacy considerations on IEEE sp= ecifications? > > > 3) Do we need to consider the range of deployments of L2 (home, > > > enterprise,=C2=A0 public PBB service, national PBB service, Data cent= ers) > > >=C2=A0 > > >=C2=A0 > > > Thank you,=C2=A0 Sue > > >=C2=A0 > > >=C2=A0 > > > -----Original Message----- > > > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > > > Sent: Thursday, June 25, 2020 1:01 AM > > > To: secdir@ietf.org > > > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > > > i2rs@ietf.org ; last-call@ietf.org > > > > Subject: Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >=C2=A0 > > > Reviewer: Christian Huitema > > > Review result: Has Issues > > >=C2=A0 > > > I have reviewed this document as part of the security directorate's o= ngoing effort to > review all IETF documents being processed by the IESG.=C2=A0 These comm= ents > were written with the intent of improving security requirements and > considerations in IETF drafts.=C2=A0 Comments not addressed in last cal= l > may be included in AD reviews during the IESG review.=C2=A0 Document > editors and WG chairs should treat these comments just like any other > last call comments. > > >=C2=A0 > > > This document describes a Yang model for representing Link Layer topo= logies. > > > Representing such topologies is obviously useful for managing network= =2E > > > The security section is focused on securing the usage of this informa= tion for > network management, but does not address potential privacy issues. > > >=C2=A0 > > > The security considerations explain correctly how altering the link l= ayer > information could enable attacks against the network. The proposed > remedy is access control, implemented using either SSH or TLS. This is > fine, although the discussion of TLS authorisation is a bit short. By > default, TLS verifies the identity of the server but not that of the > client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD > require authentication based on TLS client certificates. I assume > that's the intent, but it might be useful to say so. > > >=C2=A0 > > > On the other hand, the security considerations do not describe privac= y issues, and > I find that problematic. The proposed information model lists a number > of sensitive data, such as for example the MAC addresses of devices. > > > This information can be misused. For example, applications could asse= ss device > location fetching the MAC addresses of local gateways. Third parties > could access link local information to gather identities of devices > accessing a particular network. Such information is often protected by > privacy API in the Operating System, but accessing the Yang module > over the network might allow applications to bypass these controls. > > >=C2=A0 > > > Client authentication alone does not necessarily protect against thes= e > privacy leaks. A classic configuration error would limit write access > to authorized users, but to allow read-only access to most users. This > kind of error would allow privacy leaks. Given the sensitive nature of > MAC addresses and other identifiers, it is useful to warn against such > errors. > > >=C2=A0 > > >=C2=A0 > > >=C2=A0 > > >=C2=A0 > > >=C2=A0 > > > _______________________________________________ > > > i2rs mailing list > > > i2rs@ietf.org > > > https://www.ietf.org/mailman/listinfo/i2rs > > >=C2=A0 > --------------D1256F2AD8D9EE12B56C05C7 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

I like variant B better, although I would not single out the mac addresses in the "sabotage" warning.

My main concern is that network administrators will naturally be very concerned about information that is writable/creatable/deletable, because they understand the impact on the management of their network. However, they are not so concerned with read-only access, because reading information does not directly affect the operation of the network. My whole point is telling them, "you are documenting your L2 topology, it contains sensitive information, make sure that reading it is protected, not just writing it".

I agree that NETCONF and RESTCONF provide the right tools for protecting the information. My request is just to clearly tell network administrators to use these tools, do not leave read access wide open!

-- Christian Huitema

On 6/26/2020 4:37 AM, Qin Wu wrote:

Hi, Christian:

1.       NACM defined in RFC8341 has already provided mechanisms to restrict access to sensitive information to a minimal list of authorized client or agents and deal with privacy issue if my understanding is correct.

2.       Both NETCONF and RESTCONF will rely on transport protocol such as TLS to provide client authentication and server authentication, i.e., mutual authentication.

3.       The YANG security guideline defined in https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines

Provide perfect boilerplate to address both security consideration and privacy consideration.

My original proposal A to address your comments is:

OLD TEXT:

"

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      or the management-address.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size.

"

NEW TEXT:

"

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      ,the management-address or mac address of the devices.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

  o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size, mac-address.

"

 

With your proposed text, we could have the following proposal changes (Proposal B):

OLD TEXT:

"

6.  Security Considerations

 

   The YANG module specified in this document defines a schema for data

   that is designed to be accessed via network management protocols such

   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer

   is the secure transport layer, and the mandatory-to-implement secure

   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer

   is HTTPS, and the mandatory-to-implement secure transport is TLS

   [RFC8446].

 

   The Network Configuration Access Control Model (NACM) [RFC8341]

   provides the means to restrict access for particular NETCONF or

 

   RESTCONF users to a preconfigured subset of all available NETCONF or

   RESTCONF protocol operations and content.

 

   In general, Layer 2 network topologies are system-controlled and

   provide ephemeral topology information.  In an NMDA-complient server,

   they are only part of <operational> which provides read-only access

   to clients, they are less vulnerable.  That said, the YANG module

   does in principle allow information to be configurable.

 

   The Layer 2 topology module define information that can be

   configurable in certain instances, for example in the case of virtual

   topologies that can be created by client applications.  In such

   cases, a malicious client could introduce topologies that are

   undesired.  Specifically, a malicious client could attempt to remove

   or add a node, a link, a termination point, by creating or deleting

   corresponding elements in the node, link, and termination point

   lists, respectively.  In the case of a topology that is learned, the

   server will automatically prohibit such misconfiguration attempts.

   In the case of a topology that is configured, i.e. whose origin is

   "intended", the undesired configuration could become effective and be

   reflected in the operational state datastore, leading to disruption

   of services provided via this topology might be disrupted.  For those

   reasons, it is important that the NETCONF access control model is

   vigorously applied to prevent topology misconfiguration by

   unauthorized clients.

 

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      or the management-address.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size.

"

NEW TEXT:

"

6.  Security Considerations

 

   The YANG module specified in this document defines a schema for data

   that is designed to be accessed via network management protocols such

   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer

   is the secure transport layer, and the mandatory-to-implement secure

   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer

   is HTTPS, and the mandatory-to-implement secure transport is TLS

   [RFC8446].

 

   The Network Configuration Access Control Model (NACM) [RFC8341]

   provides the means to restrict access for particular NETCONF or

   RESTCONF users to a preconfigured subset of all available NETCONF or

   RESTCONF protocol operations and content.

 

   In general, Layer 2 network topologies are system-controlled and

   provide ephemeral topology information.  In an NMDA-complient server,

   they are only part of <operational> which provides read-only access

   to clients, they are less vulnerable.  That said, the YANG module

   does in principle allow information to be configurable.

 

   The Layer 2 topology module define information that can be

   configurable in certain instances, for example in the case of virtual

   topologies that can be created by client applications.  In such

   cases, a malicious client could introduce topologies that are

   undesired.  Specifically, a malicious client could attempt to remove

   or add a node, a link, a termination point, by creating or deleting

   corresponding elements in the node, link, and termination point

   lists, respectively.  In the case of a topology that is learned, the

   server will automatically prohibit such misconfiguration attempts.

   In the case of a topology that is configured, i.e. whose origin is

   "intended", the undesired configuration could become effective and be

   reflected in the operational state datastore, leading to disruption

   of services provided via this topology might be disrupted.  For those

   reasons, it is important that the NETCONF access control model is

   vigorously applied to prevent topology misconfiguration by

   unauthorized clients.

 

  The YANG model for layer 2 topology may expose sensitive information,

  for example the MAC addresses of devices. Unrestricted use of such information

   can lead to privacy violations. For example, listing MAC addresses in a network

   allows monitoring of devices and their movements. Location information can be derived

   from MAC addresses of network devices, bypassing protection of location information by

   the Operating System. Deployments should mitigate this privacy concerns by limiting access

   to the layer 2 topology information. Access to the information should be restricted to a

   minimal list of authorized clients, and should also require proper authentication of these clients.

 

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      ,the management-address, mac-address of the devices.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size, mac-address.

"

The question is do you think proposal with yang security boilterplate has already addressed your comments

Or you think we should emphasize how privacy issue can be addressed by NACM and client authentication is needed?

 

-Qin

-----邮件原件-----
发件人: Christian Huitema [mailto:huitema@huitema.net]
发送时间: 2020626 12:05
收件人: Susan Hares <shares@ndzh.com>; Qin Wu <bill.wu@huawei.com>; secdir@ietf.org
抄送: i2rs@ietf.org; draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; last-call@ietf.org
主题: Re: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13

 

How about adding something like this:

 

Privacy Considerations

 

The Yang model for layer 2 topology exposes privacy sensitive information, for example the MAC addresses of devices. Unrestricted use of such information can lead to privacy violations. For example, listing MAC addresses in a network allows monitoring of devices and their movements. Location information can be derived from MAC addresses of network devices, bypassing protection of location information by the Operating System.

 

Deployments should mitigate this privacy concerns by limiting access to the layer 2 topology information. Access to the information should be restricted to a minimal list of authorized agents, and should require proper authentication of these agents.

 

-- Christian Huitema

 

On 6/25/2020 7:00 AM, Susan Hares wrote:

> Qin and Christian:

> 

> Thank you for your prompt attention to the privacy issue. 

> I'm sure Christian will respond in a bit - since he might be in PDT time-zone.

> 

> Once you have a solution you both like, we should validate the privacy

> changes to the security considerations section with the Yang-doctors,

> OPS-ADs, and Security-ADs.

> 

> Martin's watching this thread so I'm sure he'll help us out as well.

> 

> Sue

> 

> -----Original Message-----

> From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu

> Sent: Thursday, June 25, 2020 9:25 AM

> To: Susan Hares; 'Christian Huitema'; secdir@ietf.org

> Cc: i2rs@ietf.org;

> draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> last-call@ietf.org

> Subject: Re: [i2rs] Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> 

> Sue and Christian:

> I have responded to Christian on privacy issue, my proposal is to add MAC address as another data node vulnerability example in our original security consideration section.

> But If Christian or security directorate has recommending text, we authors are happy to accept it.

> 

> -Qin

> -----邮件原件-----

> 发件人: Susan Hares [mailto:shares@ndzh.com]

> 发送时间: 2020625 21:04

> 收件人: 'Christian Huitema' <huitema@huitema.net>; secdir@ietf.org

> 抄送: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> i2rs@ietf.org; last-call@ietf.org

> 主题: RE: Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> 

> Christian:

> 

> Thank you for catching the privacy issues.     

> 

> I've got a few questions to help the authors scope this change:

> 

> 1) Since this is common to all L2 Topologies, can you or the security directorate recommend some text that might be appropriate?

>    If you have recommended text, has this text been reviewed by OPS-DIR and Yang doctors?

> 

> 2) Will it be a problem If we write privacy considerations on IEEE specifications?

> 3) Do we need to consider the range of deployments of L2 (home,

> enterprise,  public PBB service, national PBB service, Data centers)

> 

> 

> Thank you,  Sue

> 

> 

> -----Original Message-----

> From: Christian Huitema via Datatracker [mailto:noreply@ietf.org]

> Sent: Thursday, June 25, 2020 1:01 AM

> To: secdir@ietf.org

> Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> i2rs@ietf.org; last-call@ietf.org

> Subject: Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> 

> Reviewer: Christian Huitema

> Review result: Has Issues

> 

> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving security requirements and considerations in IETF drafts.  Comments not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

> 

> This document describes a Yang model for representing Link Layer topologies.

> Representing such topologies is obviously useful for managing network.

> The security section is focused on securing the usage of this information for network management, but does not address potential privacy issues.

> 

> The security considerations explain correctly how altering the link layer information could enable attacks against the network. The proposed remedy is access control, implemented using either SSH or TLS. This is fine, although the discussion of TLS authorisation is a bit short. By default, TLS verifies the identity of the server but not that of the client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD require authentication based on TLS client certificates. I assume that's the intent, but it might be useful to say so.

> 

> On the other hand, the security considerations do not describe privacy issues, and I find that problematic. The proposed information model lists a number of sensitive data, such as for example the MAC addresses of devices.

> This information can be misused. For example, applications could assess device location fetching the MAC addresses of local gateways. Third parties could access link local information to gather identities of devices accessing a particular network. Such information is often protected by privacy API in the Operating System, but accessing the Yang module over the network might allow applications to bypass these controls.

> 

> Client authentication alone does not necessarily protect against these privacy leaks. A classic configuration error would limit write access to authorized users, but to allow read-only access to most users. This kind of error would allow privacy leaks. Given the sensitive nature of MAC addresses and other identifiers, it is useful to warn against such errors.

> 

> 

> 

> 

> 

> _______________________________________________

> i2rs mailing list

> i2rs@ietf.org

> https://www.ietf.org/mailman/listinfo/i2rs

> 

--------------D1256F2AD8D9EE12B56C05C7-- From nobody Fri Jun 26 23:27:18 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CECD3A0D78; Fri, 26 Jun 2020 23:27:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0993F5MmsCks; Fri, 26 Jun 2020 23:27:07 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9547D3A0BD6; Fri, 26 Jun 2020 23:27:06 -0700 (PDT) Received: from lhreml702-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id D77AC58B29F0A44CC1B7; Sat, 27 Jun 2020 07:27:04 +0100 (IST) Received: from lhreml702-chm.china.huawei.com (10.201.108.51) by lhreml702-chm.china.huawei.com (10.201.108.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Sat, 27 Jun 2020 07:27:03 +0100 Received: from DGGEML405-HUB.china.huawei.com (10.3.17.49) by lhreml702-chm.china.huawei.com (10.201.108.51) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1913.5 via Frontend Transport; Sat, 27 Jun 2020 07:27:03 +0100 Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.107]) by dggeml405-hub.china.huawei.com ([10.3.17.49]) with mapi id 14.03.0487.000; Sat, 27 Jun 2020 14:26:57 +0800 From: Qin Wu To: Christian Huitema , Susan Hares , "secdir@ietf.org" CC: "i2rs@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , "last-call@ietf.org" , NETMOD Group Thread-Topic: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 Thread-Index: AdZMSzxxZZkY3O3kQj2fPy6LwO0Mqg== Date: Sat, 27 Jun 2020 06:26:56 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.164.123.57] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAAD7BE6C3dggeml531mbschi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 06:27:12 -0000 --_000_B8F9A780D330094D99AF023C5877DABAAD7BE6C3dggeml531mbschi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIENocmlzdGlhbiBmb3IgY2xhcmlmaWNhdGlvbiwgaGVyZSBpcyB0aGUgdHdlYWtlZCB0 ZXh0IHRvIGFkZHJlc3MgeW91ciBjb21tZW50LCB3aGljaCBpcyBwb3NpdGlvbmVkIHJpZ2h0IGFm dGVyIHRoZSBkaXNjdXNzaW9uIGFib3V0IHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgYXR0 cmlidXRlcy4NCg0KTkVXIFRFWFQ6DQrigJwNCg0KNi4gIFNlY3VyaXR5IENvbnNpZGVyYXRpb25z DQoNCg0KDQogICBUaGUgWUFORyBtb2R1bGUgc3BlY2lmaWVkIGluIHRoaXMgZG9jdW1lbnQgZGVm aW5lcyBhIHNjaGVtYSBmb3IgZGF0YQ0KDQogICB0aGF0IGlzIGRlc2lnbmVkIHRvIGJlIGFjY2Vz c2VkIHZpYSBuZXR3b3JrIG1hbmFnZW1lbnQgcHJvdG9jb2xzIHN1Y2gNCg0KICAgYXMgTkVUQ09O RiBbUkZDNjI0MV0gb3IgUkVTVENPTkYgW1JGQzgwNDBdLiAgVGhlIGxvd2VzdCBORVRDT05GIGxh eWVyDQoNCiAgIGlzIHRoZSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyLCBhbmQgdGhlIG1hbmRhdG9y eS10by1pbXBsZW1lbnQgc2VjdXJlDQoNCiAgIHRyYW5zcG9ydCBpcyBTZWN1cmUgU2hlbGwgKFNT SCkgW1JGQzYyNDJdLiAgVGhlIGxvd2VzdCBSRVNUQ09ORiBsYXllcg0KDQogICBpcyBIVFRQUywg YW5kIHRoZSBtYW5kYXRvcnktdG8taW1wbGVtZW50IHNlY3VyZSB0cmFuc3BvcnQgaXMgVExTDQoN CiAgIFtSRkM4NDQ2XS4NCg0KDQoNCiAgIFRoZSBOZXR3b3JrIENvbmZpZ3VyYXRpb24gQWNjZXNz IENvbnRyb2wgTW9kZWwgKE5BQ00pIFtSRkM4MzQxXQ0KDQogICBwcm92aWRlcyB0aGUgbWVhbnMg dG8gcmVzdHJpY3QgYWNjZXNzIGZvciBwYXJ0aWN1bGFyIE5FVENPTkYgb3INCg0KDQoNCiAgIFJF U1RDT05GIHVzZXJzIHRvIGEgcHJlY29uZmlndXJlZCBzdWJzZXQgb2YgYWxsIGF2YWlsYWJsZSBO RVRDT05GIG9yDQoNCiAgIFJFU1RDT05GIHByb3RvY29sIG9wZXJhdGlvbnMgYW5kIGNvbnRlbnQu DQoNCg0KDQogICBUaGUgTGF5ZXIgMiB0b3BvbG9neSBtb2R1bGUgZGVmaW5lIGluZm9ybWF0aW9u IHRoYXQgY2FuIGJlDQoNCiAgIGNvbmZpZ3VyYWJsZSBpbiBjZXJ0YWluIGluc3RhbmNlcywgZm9y IGV4YW1wbGUgaW4gdGhlIGNhc2Ugb2YgdmlydHVhbA0KDQogICB0b3BvbG9naWVzIHRoYXQgY2Fu IGJlIGNyZWF0ZWQgYnkgY2xpZW50IGFwcGxpY2F0aW9ucy4gIEluIHN1Y2gNCg0KICAgY2FzZXMs IGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBpbnRyb2R1Y2UgdG9wb2xvZ2llcyB0aGF0IGFyZQ0K DQogICB1bmRlc2lyZWQuICBTcGVjaWZpY2FsbHksIGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBh dHRlbXB0IHRvIHJlbW92ZQ0KDQogICBvciBhZGQgYSBub2RlLCBhIGxpbmssIGEgdGVybWluYXRp b24gcG9pbnQsIGJ5IGNyZWF0aW5nIG9yIGRlbGV0aW5nDQoNCiAgIGNvcnJlc3BvbmRpbmcgZWxl bWVudHMgaW4gdGhlIG5vZGUsIGxpbmssIGFuZCB0ZXJtaW5hdGlvbiBwb2ludA0KDQogICBsaXN0 cywgcmVzcGVjdGl2ZWx5LiAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGxlYXJu ZWQsIHRoZQ0KDQogICBzZXJ2ZXIgd2lsbCBhdXRvbWF0aWNhbGx5IHByb2hpYml0IHN1Y2ggbWlz Y29uZmlndXJhdGlvbiBhdHRlbXB0cy4NCg0KICAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0 aGF0IGlzIGNvbmZpZ3VyZWQsIGkuZS4gd2hvc2Ugb3JpZ2luIGlzDQoNCiAgICJpbnRlbmRlZCIs IHRoZSB1bmRlc2lyZWQgY29uZmlndXJhdGlvbiBjb3VsZCBiZWNvbWUgZWZmZWN0aXZlIGFuZCBi ZQ0KDQogICByZWZsZWN0ZWQgaW4gdGhlIG9wZXJhdGlvbmFsIHN0YXRlIGRhdGFzdG9yZSwgbGVh ZGluZyB0byBkaXNydXB0aW9uDQoNCiAgIG9mIHNlcnZpY2VzIHByb3ZpZGVkIHZpYSB0aGlzIHRv cG9sb2d5IG1pZ2h0IGJlIGRpc3J1cHRlZC4gIEZvciB0aG9zZQ0KDQogICByZWFzb25zLCBpdCBp cyBpbXBvcnRhbnQgdGhhdCB0aGUgTkVUQ09ORiBhY2Nlc3MgY29udHJvbCBtb2RlbCBpcw0KDQog ICB2aWdvcm91c2x5IGFwcGxpZWQgdG8gcHJldmVudCB0b3BvbG9neSBtaXNjb25maWd1cmF0aW9u IGJ5DQoNCiAgIHVuYXV0aG9yaXplZCBjbGllbnRzLg0KDQoNCg0KICAgVGhlcmUgYXJlIGEgbnVt YmVyIG9mIGRhdGEgbm9kZXMgZGVmaW5lZCBpbiB0aGlzIFlBTkcgbW9kdWxlIHRoYXQgYXJlDQoN CiAgIHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGlj aCBpcyB0aGUNCg0KICAgZGVmYXVsdCkuICBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBjb25zaWRl cmVkIHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlDQoNCiAgIGluIHNvbWUgbmV0d29yayBlbnZpcm9u bWVudHMuICBXcml0ZSBvcGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZykNCg0KICAgdG8gdGhl c2UgZGF0YSBub2RlcyB3aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRp dmUNCg0KICAgZWZmZWN0IG9uIG5ldHdvcmsgb3BlcmF0aW9ucy4gIFRoZXNlIGFyZSB0aGUgc3Vi dHJlZXMgYW5kIGRhdGEgbm9kZXMNCg0KICAgYW5kIHRoZWlyIHNlbnNpdGl2aXR5L3Z1bG5lcmFi aWxpdHkgaW4gdGhlIGlldGYtbmV0d29yayBtb2R1bGU6DQoNCg0KDQogICBvICBsMi1uZXR3b3Jr LWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvDQoNCiAgICAg IHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0dHJp YnV0ZXMsDQoNCiAgICAgIHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBub2Rlcy4N Cg0KDQoNCiAgIG8gIGwyLW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxk IGF0dGVtcHQgdG8gc2Fib3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0 YW50IG5vZGUgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgbmFtZQ0KDQogICAgICBvciB0aGUgbWFu YWdlbWVudC1hZGRyZXNzLg0KDQoNCg0KICAgbyAgbDItbGluay1hdHRyaWJ1dGVzOiBBIG1hbGlj aW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0byBzYWJvdGFnZQ0KDQogICAgICB0aGUgY29uZmln dXJhdGlvbiBvZiBpbXBvcnRhbnQgbGluayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlDQoN CiAgICAgIG9yIHRoZSBkZWxheSBkYXRhIG5vZGVzLg0KDQoNCg0KICAgbyAgbDItdGVybWluYXRp b24tcG9pbnQtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQNCg0K ICAgICAgdG8gc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0 aW9uIHBvaW50DQoNCiAgICAgIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUt c2l6ZS4NCg0KDQpTb21lIG9mIHRoZSByZWFkYWJsZSBkYXRhIG5vZGVzIGluIHRoaXMgWUFORyBt b2R1bGUgbWF5IGJlIGNvbnNpZGVyZWQNCnNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlIGluIHNvbWUg bmV0d29yayBlbnZpcm9ubWVudHMuIEl0IGlzIHRodXMgIGltcG9ydGFudCB0byBjb250cm9sDQpy ZWFkIGFjY2VzcyAoZS5nLiwgdmlhIGdldCwgZ2V0LWNvbmZpZywgb3Igbm90aWZpY2F0aW9uKSB0 byB0aGVzZSBkYXRhIG5vZGVzLiBJbiBwYXJ0aWN1bGFyLCB0aGUNCllBTkcgbW9kZWwgZm9yIGxh eWVyIDIgdG9wb2xvZ3kgbWF5IGV4cG9zZSBzZW5zaXRpdmUgaW5mb3JtYXRpb24sIGZvciBleGFt cGxlIHRoZSBNQUMNCmFkZHJlc3NlcyBvZiBkZXZpY2VzLiBVbnJlc3RyaWN0ZWQgdXNlIG9mIHN1 Y2ggaW5mb3JtYXRpb24gY2FuIGxlYWQgdG8gcHJpdmFjeSB2aW9sYXRpb25zLg0KRm9yIGV4YW1w bGUsIGxpc3RpbmcgTUFDIGFkZHJlc3NlcyBpbiBhIG5ldHdvcmsgYWxsb3dzIG1vbml0b3Jpbmcg b2YgZGV2aWNlcyBhbmQgdGhlaXINCm1vdmVtZW50cy4gTG9jYXRpb24gaW5mb3JtYXRpb24gY2Fu IGJlIGRlcml2ZWQgZnJvbSBNQUMgYWRkcmVzc2VzIG9mIG5ldHdvcmsgZGV2aWNlcywNCmJ5cGFz c2luZyBwcm90ZWN0aW9uIG9mIGxvY2F0aW9uIGluZm9ybWF0aW9uIGJ5IHRoZSBPcGVyYXRpbmcg U3lzdGVtLg0KDQoNCuKAnQ0KDQpUaGFua3MuDQoNCg0KDQotUWluDQrlj5Hku7bkuro6IENocmlz dGlhbiBIdWl0ZW1hIFttYWlsdG86aHVpdGVtYUBodWl0ZW1hLm5ldF0NCuWPkemAgeaXtumXtDog MjAyMOW5tDbmnIgyNuaXpSAyMjo1NQ0K5pS25Lu25Lq6OiBRaW4gV3UgPGJpbGwud3VAaHVhd2Vp LmNvbT47IFN1c2FuIEhhcmVzIDxzaGFyZXNAbmR6aC5jb20+OyBzZWNkaXJAaWV0Zi5vcmcNCuaK hOmAgTogaTJyc0BpZXRmLm9yZzsgZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3Bv bG9neS5hbGxAaWV0Zi5vcmc7IGxhc3QtY2FsbEBpZXRmLm9yZzsgTkVUTU9EIEdyb3VwIDxuZXRt b2RAaWV0Zi5vcmc+DQrkuLvpopg6IFJlOiBbTGFzdC1DYWxsXSBbaTJyc10gU2VjZGlyIGxhc3Qg Y2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS0x Mw0KDQoNCkkgbGlrZSB2YXJpYW50IEIgYmV0dGVyLCBhbHRob3VnaCBJIHdvdWxkIG5vdCBzaW5n bGUgb3V0IHRoZSBtYWMgYWRkcmVzc2VzIGluIHRoZSAic2Fib3RhZ2UiIHdhcm5pbmcuDQoNCk15 IG1haW4gY29uY2VybiBpcyB0aGF0IG5ldHdvcmsgYWRtaW5pc3RyYXRvcnMgd2lsbCBuYXR1cmFs bHkgYmUgdmVyeSBjb25jZXJuZWQgYWJvdXQgaW5mb3JtYXRpb24gdGhhdCBpcyB3cml0YWJsZS9j cmVhdGFibGUvZGVsZXRhYmxlLCBiZWNhdXNlIHRoZXkgdW5kZXJzdGFuZCB0aGUgaW1wYWN0IG9u IHRoZSBtYW5hZ2VtZW50IG9mIHRoZWlyIG5ldHdvcmsuIEhvd2V2ZXIsIHRoZXkgYXJlIG5vdCBz byBjb25jZXJuZWQgd2l0aCByZWFkLW9ubHkgYWNjZXNzLCBiZWNhdXNlIHJlYWRpbmcgaW5mb3Jt YXRpb24gZG9lcyBub3QgZGlyZWN0bHkgYWZmZWN0IHRoZSBvcGVyYXRpb24gb2YgdGhlIG5ldHdv cmsuIE15IHdob2xlIHBvaW50IGlzIHRlbGxpbmcgdGhlbSwgInlvdSBhcmUgZG9jdW1lbnRpbmcg eW91ciBMMiB0b3BvbG9neSwgaXQgY29udGFpbnMgc2Vuc2l0aXZlIGluZm9ybWF0aW9uLCBtYWtl IHN1cmUgdGhhdCByZWFkaW5nIGl0IGlzIHByb3RlY3RlZCwgbm90IGp1c3Qgd3JpdGluZyBpdCIu DQoNCkkgYWdyZWUgdGhhdCBORVRDT05GIGFuZCBSRVNUQ09ORiBwcm92aWRlIHRoZSByaWdodCB0 b29scyBmb3IgcHJvdGVjdGluZyB0aGUgaW5mb3JtYXRpb24uIE15IHJlcXVlc3QgaXMganVzdCB0 byBjbGVhcmx5IHRlbGwgbmV0d29yayBhZG1pbmlzdHJhdG9ycyB0byB1c2UgdGhlc2UgdG9vbHMs IGRvIG5vdCBsZWF2ZSByZWFkIGFjY2VzcyB3aWRlIG9wZW4hDQoNCi0tIENocmlzdGlhbiBIdWl0 ZW1hDQpPbiA2LzI2LzIwMjAgNDozNyBBTSwgUWluIFd1IHdyb3RlOg0KDQpIaSwgQ2hyaXN0aWFu Og0KDQoxLiAgICAgICBOQUNNIGRlZmluZWQgaW4gUkZDODM0MSBoYXMgYWxyZWFkeSBwcm92aWRl ZCBtZWNoYW5pc21zIHRvIHJlc3RyaWN0IGFjY2VzcyB0byBzZW5zaXRpdmUgaW5mb3JtYXRpb24g dG8gYSBtaW5pbWFsIGxpc3Qgb2YgYXV0aG9yaXplZCBjbGllbnQgb3IgYWdlbnRzIGFuZCBkZWFs IHdpdGggcHJpdmFjeSBpc3N1ZSBpZiBteSB1bmRlcnN0YW5kaW5nIGlzIGNvcnJlY3QuDQoNCjIu ICAgICAgIEJvdGggTkVUQ09ORiBhbmQgUkVTVENPTkYgd2lsbCByZWx5IG9uIHRyYW5zcG9ydCBw cm90b2NvbCBzdWNoIGFzIFRMUyB0byBwcm92aWRlIGNsaWVudCBhdXRoZW50aWNhdGlvbiBhbmQg c2VydmVyIGF1dGhlbnRpY2F0aW9uLCBpLmUuLCBtdXR1YWwgYXV0aGVudGljYXRpb24uDQoNCjMu ICAgICAgIFRoZSBZQU5HIHNlY3VyaXR5IGd1aWRlbGluZSBkZWZpbmVkIGluIGh0dHBzOi8vdHJh Yy5pZXRmLm9yZy90cmFjL29wcy93aWtpL3lhbmctc2VjdXJpdHktZ3VpZGVsaW5lcw0KDQpQcm92 aWRlIHBlcmZlY3QgYm9pbGVycGxhdGUgdG8gYWRkcmVzcyBib3RoIHNlY3VyaXR5IGNvbnNpZGVy YXRpb24gYW5kIHByaXZhY3kgY29uc2lkZXJhdGlvbi4NCg0KTXkgb3JpZ2luYWwgcHJvcG9zYWwg QSB0byBhZGRyZXNzIHlvdXIgY29tbWVudHMgaXM6DQoNCk9MRCBURVhUOg0KDQoiDQoNCiAgIFRo ZXJlIGFyZSBhIG51bWJlciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVs ZSB0aGF0IGFyZQ0KDQogICB3cml0YWJsZS9jcmVhdGFibGUvZGVsZXRhYmxlIChpLmUuLCBjb25m aWcgdHJ1ZSwgd2hpY2ggaXMgdGhlDQoNCiAgIGRlZmF1bHQpLiAgVGhlc2UgZGF0YSBub2RlcyBt YXkgYmUgY29uc2lkZXJlZCBzZW5zaXRpdmUgb3IgdnVsbmVyYWJsZQ0KDQogICBpbiBzb21lIG5l dHdvcmsgZW52aXJvbm1lbnRzLiAgV3JpdGUgb3BlcmF0aW9ucyAoZS5nLiwgZWRpdC1jb25maWcp DQoNCiAgIHRvIHRoZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBjYW4g aGF2ZSBhIG5lZ2F0aXZlDQoNCiAgIGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuICBUaGVz ZSBhcmUgdGhlIHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVzDQoNCiAgIGFuZCB0aGVpciBzZW5zaXRp dml0eS92dWxuZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOg0KDQoNCg0KICAg byAgbDItbmV0d29yay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1w dCB0bw0KDQogICAgICBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBhbnkgb2YgdGhlIGNv bnRhaW5lZCBhdHRyaWJ1dGVzLA0KDQogICAgICBzdWNoIGFzIHRoZSBuYW1lIG9yIHRoZSBmbGFn IGRhdGEgbm9kZXMuDQoNCg0KDQogICBvICBsMi1ub2RlLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3Vz IGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlDQoNCiAgICAgIHRoZSBjb25maWd1cmF0 aW9uIG9mIGltcG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWUNCg0KICAg ICAgb3IgdGhlIG1hbmFnZW1lbnQtYWRkcmVzcy4NCg0KDQoNCiAgIG8gIGwyLWxpbmstYXR0cmli dXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2UNCg0KICAg ICAgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IGxpbmsgYXR0cmlidXRlcywgc3VjaCBh cyB0aGUgcmF0ZQ0KDQogICAgICBvciB0aGUgZGVsYXkgZGF0YSBub2Rlcy4NCg0KDQoNCiAgIG8g IGwyLXRlcm1pbmF0aW9uLXBvaW50LWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3Vs ZCBhdHRlbXB0DQoNCiAgICAgIHRvIHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9y dGFudCB0ZXJtaW5hdGlvbiBwb2ludA0KDQogICAgICBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBt YXhpbXVtLWZyYW1lLXNpemUuDQoNCiINCg0KTkVXIFRFWFQ6DQoNCiINCg0KICAgVGhlcmUgYXJl IGEgbnVtYmVyIG9mIGRhdGEgbm9kZXMgZGVmaW5lZCBpbiB0aGlzIFlBTkcgbW9kdWxlIHRoYXQg YXJlDQoNCiAgIHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVl LCB3aGljaCBpcyB0aGUNCg0KICAgZGVmYXVsdCkuICBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBj b25zaWRlcmVkIHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlDQoNCiAgIGluIHNvbWUgbmV0d29yayBl bnZpcm9ubWVudHMuICBXcml0ZSBvcGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZykNCg0KICAg dG8gdGhlc2UgZGF0YSBub2RlcyB3aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEg bmVnYXRpdmUNCg0KICAgZWZmZWN0IG9uIG5ldHdvcmsgb3BlcmF0aW9ucy4gIFRoZXNlIGFyZSB0 aGUgc3VidHJlZXMgYW5kIGRhdGEgbm9kZXMNCg0KICAgYW5kIHRoZWlyIHNlbnNpdGl2aXR5L3Z1 bG5lcmFiaWxpdHkgaW4gdGhlIGlldGYtbmV0d29yayBtb2R1bGU6DQoNCg0KDQogICBvICBsMi1u ZXR3b3JrLWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvDQoN CiAgICAgIHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVk IGF0dHJpYnV0ZXMsDQoNCiAgICAgIHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBu b2Rlcy4NCg0KDQoNCiAgIG8gIGwyLW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50 IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3VyYXRpb24gb2Yg aW1wb3J0YW50IG5vZGUgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgbmFtZQ0KDQogICAgICAsdGhl IG1hbmFnZW1lbnQtYWRkcmVzcyBvciBtYWMgYWRkcmVzcyBvZiB0aGUgZGV2aWNlcy4NCg0KDQoN CiAgIG8gIGwyLWxpbmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVt cHQgdG8gc2Fib3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IGxp bmsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgcmF0ZQ0KDQogICAgICBvciB0aGUgZGVsYXkgZGF0 YSBub2Rlcy4NCg0KDQoNCiAgbyAgbDItdGVybWluYXRpb24tcG9pbnQtYXR0cmlidXRlczogQSBt YWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQNCg0KICAgICAgdG8gc2Fib3RhZ2UgdGhlIGNv bmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50DQoNCiAgICAgIGF0dHJp YnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUtc2l6ZSwgbWFjLWFkZHJlc3MuDQoNCiIN Cg0KDQoNCldpdGggeW91ciBwcm9wb3NlZCB0ZXh0LCB3ZSBjb3VsZCBoYXZlIHRoZSBmb2xsb3dp bmcgcHJvcG9zYWwgY2hhbmdlcyAoUHJvcG9zYWwgQik6DQoNCk9MRCBURVhUOg0KDQoiDQoNCjYu ICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucw0KDQoNCg0KICAgVGhlIFlBTkcgbW9kdWxlIHNwZWNp ZmllZCBpbiB0aGlzIGRvY3VtZW50IGRlZmluZXMgYSBzY2hlbWEgZm9yIGRhdGENCg0KICAgdGhh dCBpcyBkZXNpZ25lZCB0byBiZSBhY2Nlc3NlZCB2aWEgbmV0d29yayBtYW5hZ2VtZW50IHByb3Rv Y29scyBzdWNoDQoNCiAgIGFzIE5FVENPTkYgW1JGQzYyNDFdIG9yIFJFU1RDT05GIFtSRkM4MDQw XS4gIFRoZSBsb3dlc3QgTkVUQ09ORiBsYXllcg0KDQogICBpcyB0aGUgc2VjdXJlIHRyYW5zcG9y dCBsYXllciwgYW5kIHRoZSBtYW5kYXRvcnktdG8taW1wbGVtZW50IHNlY3VyZQ0KDQogICB0cmFu c3BvcnQgaXMgU2VjdXJlIFNoZWxsIChTU0gpIFtSRkM2MjQyXS4gIFRoZSBsb3dlc3QgUkVTVENP TkYgbGF5ZXINCg0KICAgaXMgSFRUUFMsIGFuZCB0aGUgbWFuZGF0b3J5LXRvLWltcGxlbWVudCBz ZWN1cmUgdHJhbnNwb3J0IGlzIFRMUw0KDQogICBbUkZDODQ0Nl0uDQoNCg0KDQogICBUaGUgTmV0 d29yayBDb25maWd1cmF0aW9uIEFjY2VzcyBDb250cm9sIE1vZGVsIChOQUNNKSBbUkZDODM0MV0N Cg0KICAgcHJvdmlkZXMgdGhlIG1lYW5zIHRvIHJlc3RyaWN0IGFjY2VzcyBmb3IgcGFydGljdWxh ciBORVRDT05GIG9yDQoNCg0KDQogICBSRVNUQ09ORiB1c2VycyB0byBhIHByZWNvbmZpZ3VyZWQg c3Vic2V0IG9mIGFsbCBhdmFpbGFibGUgTkVUQ09ORiBvcg0KDQogICBSRVNUQ09ORiBwcm90b2Nv bCBvcGVyYXRpb25zIGFuZCBjb250ZW50Lg0KDQoNCg0KICAgSW4gZ2VuZXJhbCwgTGF5ZXIgMiBu ZXR3b3JrIHRvcG9sb2dpZXMgYXJlIHN5c3RlbS1jb250cm9sbGVkIGFuZA0KDQogICBwcm92aWRl IGVwaGVtZXJhbCB0b3BvbG9neSBpbmZvcm1hdGlvbi4gIEluIGFuIE5NREEtY29tcGxpZW50IHNl cnZlciwNCg0KICAgdGhleSBhcmUgb25seSBwYXJ0IG9mIDxvcGVyYXRpb25hbD4gd2hpY2ggcHJv dmlkZXMgcmVhZC1vbmx5IGFjY2Vzcw0KDQogICB0byBjbGllbnRzLCB0aGV5IGFyZSBsZXNzIHZ1 bG5lcmFibGUuICBUaGF0IHNhaWQsIHRoZSBZQU5HIG1vZHVsZQ0KDQogICBkb2VzIGluIHByaW5j aXBsZSBhbGxvdyBpbmZvcm1hdGlvbiB0byBiZSBjb25maWd1cmFibGUuDQoNCg0KDQogICBUaGUg TGF5ZXIgMiB0b3BvbG9neSBtb2R1bGUgZGVmaW5lIGluZm9ybWF0aW9uIHRoYXQgY2FuIGJlDQoN CiAgIGNvbmZpZ3VyYWJsZSBpbiBjZXJ0YWluIGluc3RhbmNlcywgZm9yIGV4YW1wbGUgaW4gdGhl IGNhc2Ugb2YgdmlydHVhbA0KDQogICB0b3BvbG9naWVzIHRoYXQgY2FuIGJlIGNyZWF0ZWQgYnkg Y2xpZW50IGFwcGxpY2F0aW9ucy4gIEluIHN1Y2gNCg0KICAgY2FzZXMsIGEgbWFsaWNpb3VzIGNs aWVudCBjb3VsZCBpbnRyb2R1Y2UgdG9wb2xvZ2llcyB0aGF0IGFyZQ0KDQogICB1bmRlc2lyZWQu ICBTcGVjaWZpY2FsbHksIGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHJlbW92 ZQ0KDQogICBvciBhZGQgYSBub2RlLCBhIGxpbmssIGEgdGVybWluYXRpb24gcG9pbnQsIGJ5IGNy ZWF0aW5nIG9yIGRlbGV0aW5nDQoNCiAgIGNvcnJlc3BvbmRpbmcgZWxlbWVudHMgaW4gdGhlIG5v ZGUsIGxpbmssIGFuZCB0ZXJtaW5hdGlvbiBwb2ludA0KDQogICBsaXN0cywgcmVzcGVjdGl2ZWx5 LiAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGxlYXJuZWQsIHRoZQ0KDQogICBz ZXJ2ZXIgd2lsbCBhdXRvbWF0aWNhbGx5IHByb2hpYml0IHN1Y2ggbWlzY29uZmlndXJhdGlvbiBh dHRlbXB0cy4NCg0KICAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGNvbmZpZ3Vy ZWQsIGkuZS4gd2hvc2Ugb3JpZ2luIGlzDQoNCiAgICJpbnRlbmRlZCIsIHRoZSB1bmRlc2lyZWQg Y29uZmlndXJhdGlvbiBjb3VsZCBiZWNvbWUgZWZmZWN0aXZlIGFuZCBiZQ0KDQogICByZWZsZWN0 ZWQgaW4gdGhlIG9wZXJhdGlvbmFsIHN0YXRlIGRhdGFzdG9yZSwgbGVhZGluZyB0byBkaXNydXB0 aW9uDQoNCiAgIG9mIHNlcnZpY2VzIHByb3ZpZGVkIHZpYSB0aGlzIHRvcG9sb2d5IG1pZ2h0IGJl IGRpc3J1cHRlZC4gIEZvciB0aG9zZQ0KDQogICByZWFzb25zLCBpdCBpcyBpbXBvcnRhbnQgdGhh dCB0aGUgTkVUQ09ORiBhY2Nlc3MgY29udHJvbCBtb2RlbCBpcw0KDQogICB2aWdvcm91c2x5IGFw cGxpZWQgdG8gcHJldmVudCB0b3BvbG9neSBtaXNjb25maWd1cmF0aW9uIGJ5DQoNCiAgIHVuYXV0 aG9yaXplZCBjbGllbnRzLg0KDQoNCg0KICAgVGhlcmUgYXJlIGEgbnVtYmVyIG9mIGRhdGEgbm9k ZXMgZGVmaW5lZCBpbiB0aGlzIFlBTkcgbW9kdWxlIHRoYXQgYXJlDQoNCiAgIHdyaXRhYmxlL2Ny ZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGljaCBpcyB0aGUNCg0KICAg ZGVmYXVsdCkuICBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBjb25zaWRlcmVkIHNlbnNpdGl2ZSBv ciB2dWxuZXJhYmxlDQoNCiAgIGluIHNvbWUgbmV0d29yayBlbnZpcm9ubWVudHMuICBXcml0ZSBv cGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZykNCg0KICAgdG8gdGhlc2UgZGF0YSBub2RlcyB3 aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRpdmUNCg0KICAgZWZmZWN0 IG9uIG5ldHdvcmsgb3BlcmF0aW9ucy4gIFRoZXNlIGFyZSB0aGUgc3VidHJlZXMgYW5kIGRhdGEg bm9kZXMNCg0KICAgYW5kIHRoZWlyIHNlbnNpdGl2aXR5L3Z1bG5lcmFiaWxpdHkgaW4gdGhlIGll dGYtbmV0d29yayBtb2R1bGU6DQoNCg0KDQogICBvICBsMi1uZXR3b3JrLWF0dHJpYnV0ZXM6IEEg bWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvDQoNCiAgICAgIHNhYm90YWdlIHRoZSBj b25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0dHJpYnV0ZXMsDQoNCiAgICAg IHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBub2Rlcy4NCg0KDQoNCiAgIG8gIGwy LW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fi b3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IG5vZGUgYXR0cmli dXRlcywgc3VjaCBhcyB0aGUgbmFtZQ0KDQogICAgICBvciB0aGUgbWFuYWdlbWVudC1hZGRyZXNz Lg0KDQoNCg0KICAgbyAgbDItbGluay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291 bGQgYXR0ZW1wdCB0byBzYWJvdGFnZQ0KDQogICAgICB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBv cnRhbnQgbGluayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlDQoNCiAgICAgIG9yIHRoZSBk ZWxheSBkYXRhIG5vZGVzLg0KDQoNCg0KICAgbyAgbDItdGVybWluYXRpb24tcG9pbnQtYXR0cmli dXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQNCg0KICAgICAgdG8gc2Fib3Rh Z2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50DQoNCiAg ICAgIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUtc2l6ZS4NCg0KIg0KDQpO RVcgVEVYVDoNCg0KIg0KDQo2LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCg0KDQoNCiAgIFRo ZSBZQU5HIG1vZHVsZSBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1bWVudCBkZWZpbmVzIGEgc2NoZW1h IGZvciBkYXRhDQoNCiAgIHRoYXQgaXMgZGVzaWduZWQgdG8gYmUgYWNjZXNzZWQgdmlhIG5ldHdv cmsgbWFuYWdlbWVudCBwcm90b2NvbHMgc3VjaA0KDQogICBhcyBORVRDT05GIFtSRkM2MjQxXSBv ciBSRVNUQ09ORiBbUkZDODA0MF0uICBUaGUgbG93ZXN0IE5FVENPTkYgbGF5ZXINCg0KICAgaXMg dGhlIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIsIGFuZCB0aGUgbWFuZGF0b3J5LXRvLWltcGxlbWVu dCBzZWN1cmUNCg0KICAgdHJhbnNwb3J0IGlzIFNlY3VyZSBTaGVsbCAoU1NIKSBbUkZDNjI0Ml0u ICBUaGUgbG93ZXN0IFJFU1RDT05GIGxheWVyDQoNCiAgIGlzIEhUVFBTLCBhbmQgdGhlIG1hbmRh dG9yeS10by1pbXBsZW1lbnQgc2VjdXJlIHRyYW5zcG9ydCBpcyBUTFMNCg0KICAgW1JGQzg0NDZd Lg0KDQoNCg0KICAgVGhlIE5ldHdvcmsgQ29uZmlndXJhdGlvbiBBY2Nlc3MgQ29udHJvbCBNb2Rl bCAoTkFDTSkgW1JGQzgzNDFdDQoNCiAgIHByb3ZpZGVzIHRoZSBtZWFucyB0byByZXN0cmljdCBh Y2Nlc3MgZm9yIHBhcnRpY3VsYXIgTkVUQ09ORiBvcg0KDQogICBSRVNUQ09ORiB1c2VycyB0byBh IHByZWNvbmZpZ3VyZWQgc3Vic2V0IG9mIGFsbCBhdmFpbGFibGUgTkVUQ09ORiBvcg0KDQogICBS RVNUQ09ORiBwcm90b2NvbCBvcGVyYXRpb25zIGFuZCBjb250ZW50Lg0KDQoNCg0KICAgSW4gZ2Vu ZXJhbCwgTGF5ZXIgMiBuZXR3b3JrIHRvcG9sb2dpZXMgYXJlIHN5c3RlbS1jb250cm9sbGVkIGFu ZA0KDQogICBwcm92aWRlIGVwaGVtZXJhbCB0b3BvbG9neSBpbmZvcm1hdGlvbi4gIEluIGFuIE5N REEtY29tcGxpZW50IHNlcnZlciwNCg0KICAgdGhleSBhcmUgb25seSBwYXJ0IG9mIDxvcGVyYXRp b25hbD4gd2hpY2ggcHJvdmlkZXMgcmVhZC1vbmx5IGFjY2Vzcw0KDQogICB0byBjbGllbnRzLCB0 aGV5IGFyZSBsZXNzIHZ1bG5lcmFibGUuICBUaGF0IHNhaWQsIHRoZSBZQU5HIG1vZHVsZQ0KDQog ICBkb2VzIGluIHByaW5jaXBsZSBhbGxvdyBpbmZvcm1hdGlvbiB0byBiZSBjb25maWd1cmFibGUu DQoNCg0KDQogICBUaGUgTGF5ZXIgMiB0b3BvbG9neSBtb2R1bGUgZGVmaW5lIGluZm9ybWF0aW9u IHRoYXQgY2FuIGJlDQoNCiAgIGNvbmZpZ3VyYWJsZSBpbiBjZXJ0YWluIGluc3RhbmNlcywgZm9y IGV4YW1wbGUgaW4gdGhlIGNhc2Ugb2YgdmlydHVhbA0KDQogICB0b3BvbG9naWVzIHRoYXQgY2Fu IGJlIGNyZWF0ZWQgYnkgY2xpZW50IGFwcGxpY2F0aW9ucy4gIEluIHN1Y2gNCg0KICAgY2FzZXMs IGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBpbnRyb2R1Y2UgdG9wb2xvZ2llcyB0aGF0IGFyZQ0K DQogICB1bmRlc2lyZWQuICBTcGVjaWZpY2FsbHksIGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBh dHRlbXB0IHRvIHJlbW92ZQ0KDQogICBvciBhZGQgYSBub2RlLCBhIGxpbmssIGEgdGVybWluYXRp b24gcG9pbnQsIGJ5IGNyZWF0aW5nIG9yIGRlbGV0aW5nDQoNCiAgIGNvcnJlc3BvbmRpbmcgZWxl bWVudHMgaW4gdGhlIG5vZGUsIGxpbmssIGFuZCB0ZXJtaW5hdGlvbiBwb2ludA0KDQogICBsaXN0 cywgcmVzcGVjdGl2ZWx5LiAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0aGF0IGlzIGxlYXJu ZWQsIHRoZQ0KDQogICBzZXJ2ZXIgd2lsbCBhdXRvbWF0aWNhbGx5IHByb2hpYml0IHN1Y2ggbWlz Y29uZmlndXJhdGlvbiBhdHRlbXB0cy4NCg0KICAgSW4gdGhlIGNhc2Ugb2YgYSB0b3BvbG9neSB0 aGF0IGlzIGNvbmZpZ3VyZWQsIGkuZS4gd2hvc2Ugb3JpZ2luIGlzDQoNCiAgICJpbnRlbmRlZCIs IHRoZSB1bmRlc2lyZWQgY29uZmlndXJhdGlvbiBjb3VsZCBiZWNvbWUgZWZmZWN0aXZlIGFuZCBi ZQ0KDQogICByZWZsZWN0ZWQgaW4gdGhlIG9wZXJhdGlvbmFsIHN0YXRlIGRhdGFzdG9yZSwgbGVh ZGluZyB0byBkaXNydXB0aW9uDQoNCiAgIG9mIHNlcnZpY2VzIHByb3ZpZGVkIHZpYSB0aGlzIHRv cG9sb2d5IG1pZ2h0IGJlIGRpc3J1cHRlZC4gIEZvciB0aG9zZQ0KDQogICByZWFzb25zLCBpdCBp cyBpbXBvcnRhbnQgdGhhdCB0aGUgTkVUQ09ORiBhY2Nlc3MgY29udHJvbCBtb2RlbCBpcw0KDQog ICB2aWdvcm91c2x5IGFwcGxpZWQgdG8gcHJldmVudCB0b3BvbG9neSBtaXNjb25maWd1cmF0aW9u IGJ5DQoNCiAgIHVuYXV0aG9yaXplZCBjbGllbnRzLg0KDQoNCg0KICBUaGUgWUFORyBtb2RlbCBm b3IgbGF5ZXIgMiB0b3BvbG9neSBtYXkgZXhwb3NlIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiwNCg0K ICBmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBkZXZpY2VzLiBVbnJlc3RyaWN0ZWQg dXNlIG9mIHN1Y2ggaW5mb3JtYXRpb24NCg0KICAgY2FuIGxlYWQgdG8gcHJpdmFjeSB2aW9sYXRp b25zLiBGb3IgZXhhbXBsZSwgbGlzdGluZyBNQUMgYWRkcmVzc2VzIGluIGEgbmV0d29yaw0KDQog ICBhbGxvd3MgbW9uaXRvcmluZyBvZiBkZXZpY2VzIGFuZCB0aGVpciBtb3ZlbWVudHMuIExvY2F0 aW9uIGluZm9ybWF0aW9uIGNhbiBiZSBkZXJpdmVkDQoNCiAgIGZyb20gTUFDIGFkZHJlc3NlcyBv ZiBuZXR3b3JrIGRldmljZXMsIGJ5cGFzc2luZyBwcm90ZWN0aW9uIG9mIGxvY2F0aW9uIGluZm9y bWF0aW9uIGJ5DQoNCiAgIHRoZSBPcGVyYXRpbmcgU3lzdGVtLiBEZXBsb3ltZW50cyBzaG91bGQg bWl0aWdhdGUgdGhpcyBwcml2YWN5IGNvbmNlcm5zIGJ5IGxpbWl0aW5nIGFjY2Vzcw0KDQogICB0 byB0aGUgbGF5ZXIgMiB0b3BvbG9neSBpbmZvcm1hdGlvbi4gQWNjZXNzIHRvIHRoZSBpbmZvcm1h dGlvbiBzaG91bGQgYmUgcmVzdHJpY3RlZCB0byBhDQoNCiAgIG1pbmltYWwgbGlzdCBvZiBhdXRo b3JpemVkIGNsaWVudHMsIGFuZCBzaG91bGQgYWxzbyByZXF1aXJlIHByb3BlciBhdXRoZW50aWNh dGlvbiBvZiB0aGVzZSBjbGllbnRzLg0KDQoNCg0KICAgVGhlcmUgYXJlIGEgbnVtYmVyIG9mIGRh dGEgbm9kZXMgZGVmaW5lZCBpbiB0aGlzIFlBTkcgbW9kdWxlIHRoYXQgYXJlDQoNCiAgIHdyaXRh YmxlL2NyZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGljaCBpcyB0aGUN Cg0KICAgZGVmYXVsdCkuICBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBjb25zaWRlcmVkIHNlbnNp dGl2ZSBvciB2dWxuZXJhYmxlDQoNCiAgIGluIHNvbWUgbmV0d29yayBlbnZpcm9ubWVudHMuICBX cml0ZSBvcGVyYXRpb25zIChlLmcuLCBlZGl0LWNvbmZpZykNCg0KICAgdG8gdGhlc2UgZGF0YSBu b2RlcyB3aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRpdmUNCg0KICAg ZWZmZWN0IG9uIG5ldHdvcmsgb3BlcmF0aW9ucy4gIFRoZXNlIGFyZSB0aGUgc3VidHJlZXMgYW5k IGRhdGEgbm9kZXMNCg0KICAgYW5kIHRoZWlyIHNlbnNpdGl2aXR5L3Z1bG5lcmFiaWxpdHkgaW4g dGhlIGlldGYtbmV0d29yayBtb2R1bGU6DQoNCg0KDQogICBvICBsMi1uZXR3b3JrLWF0dHJpYnV0 ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvDQoNCiAgICAgIHNhYm90YWdl IHRoZSBjb25maWd1cmF0aW9uIG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0dHJpYnV0ZXMsDQoN CiAgICAgIHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBub2Rlcy4NCg0KDQoNCiAg IG8gIGwyLW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQg dG8gc2Fib3RhZ2UNCg0KICAgICAgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IG5vZGUg YXR0cmlidXRlcywgc3VjaCBhcyB0aGUgbmFtZQ0KDQogICAgICAsdGhlIG1hbmFnZW1lbnQtYWRk cmVzcywgbWFjLWFkZHJlc3Mgb2YgdGhlIGRldmljZXMuDQoNCg0KDQogICBvICBsMi1saW5rLWF0 dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlDQoN CiAgICAgIHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBsaW5rIGF0dHJpYnV0ZXMsIHN1 Y2ggYXMgdGhlIHJhdGUNCg0KICAgICAgb3IgdGhlIGRlbGF5IGRhdGEgbm9kZXMuDQoNCg0KDQog ICBvICBsMi10ZXJtaW5hdGlvbi1wb2ludC1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQg Y291bGQgYXR0ZW1wdA0KDQogICAgICB0byBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBp bXBvcnRhbnQgdGVybWluYXRpb24gcG9pbnQNCg0KICAgICAgYXR0cmlidXRlcywgc3VjaCBhcyB0 aGUgbWF4aW11bS1mcmFtZS1zaXplLCBtYWMtYWRkcmVzcy4NCg0KIg0KDQpUaGUgcXVlc3Rpb24g aXMgZG8geW91IHRoaW5rIHByb3Bvc2FsIHdpdGggeWFuZyBzZWN1cml0eSBib2lsdGVycGxhdGUg aGFzIGFscmVhZHkgYWRkcmVzc2VkIHlvdXIgY29tbWVudHMNCg0KT3IgeW91IHRoaW5rIHdlIHNo b3VsZCBlbXBoYXNpemUgaG93IHByaXZhY3kgaXNzdWUgY2FuIGJlIGFkZHJlc3NlZCBieSBOQUNN IGFuZCBjbGllbnQgYXV0aGVudGljYXRpb24gaXMgbmVlZGVkPw0KDQoNCg0KLVFpbg0KDQotLS0t LemCruS7tuWOn+S7ti0tLS0tDQrlj5Hku7bkuro6IENocmlzdGlhbiBIdWl0ZW1hIFttYWlsdG86 aHVpdGVtYUBodWl0ZW1hLm5ldF0NCuWPkemAgeaXtumXtDogMjAyMOW5tDbmnIgyNuaXpSAxMjow NQ0K5pS25Lu25Lq6OiBTdXNhbiBIYXJlcyA8c2hhcmVzQG5kemguY29tPjxtYWlsdG86c2hhcmVz QG5kemguY29tPjsgUWluIFd1IDxiaWxsLnd1QGh1YXdlaS5jb20+PG1haWx0bzpiaWxsLnd1QGh1 YXdlaS5jb20+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NCuaKhOmA gTogaTJyc0BpZXRmLm9yZzxtYWlsdG86aTJyc0BpZXRmLm9yZz47IGRyYWZ0LWlldGYtaTJycy15 YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWky cnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBpZXRmLm9yZz47IGxhc3QtY2FsbEBpZXRm Lm9yZzxtYWlsdG86bGFzdC1jYWxsQGlldGYub3JnPg0K5Li76aKYOiBSZTogW0xhc3QtQ2FsbF0g W2kycnNdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtaTJycy15YW5nLWwy LW5ldHdvcmstdG9wb2xvZ3ktMTMNCg0KDQoNCkhvdyBhYm91dCBhZGRpbmcgc29tZXRoaW5nIGxp a2UgdGhpczoNCg0KDQoNClByaXZhY3kgQ29uc2lkZXJhdGlvbnMNCg0KDQoNClRoZSBZYW5nIG1v ZGVsIGZvciBsYXllciAyIHRvcG9sb2d5IGV4cG9zZXMgcHJpdmFjeSBzZW5zaXRpdmUgaW5mb3Jt YXRpb24sIGZvciBleGFtcGxlIHRoZSBNQUMgYWRkcmVzc2VzIG9mIGRldmljZXMuIFVucmVzdHJp Y3RlZCB1c2Ugb2Ygc3VjaCBpbmZvcm1hdGlvbiBjYW4gbGVhZCB0byBwcml2YWN5IHZpb2xhdGlv bnMuIEZvciBleGFtcGxlLCBsaXN0aW5nIE1BQyBhZGRyZXNzZXMgaW4gYSBuZXR3b3JrIGFsbG93 cyBtb25pdG9yaW5nIG9mIGRldmljZXMgYW5kIHRoZWlyIG1vdmVtZW50cy4gTG9jYXRpb24gaW5m b3JtYXRpb24gY2FuIGJlIGRlcml2ZWQgZnJvbSBNQUMgYWRkcmVzc2VzIG9mIG5ldHdvcmsgZGV2 aWNlcywgYnlwYXNzaW5nIHByb3RlY3Rpb24gb2YgbG9jYXRpb24gaW5mb3JtYXRpb24gYnkgdGhl IE9wZXJhdGluZyBTeXN0ZW0uDQoNCg0KDQpEZXBsb3ltZW50cyBzaG91bGQgbWl0aWdhdGUgdGhp cyBwcml2YWN5IGNvbmNlcm5zIGJ5IGxpbWl0aW5nIGFjY2VzcyB0byB0aGUgbGF5ZXIgMiB0b3Bv bG9neSBpbmZvcm1hdGlvbi4gQWNjZXNzIHRvIHRoZSBpbmZvcm1hdGlvbiBzaG91bGQgYmUgcmVz dHJpY3RlZCB0byBhIG1pbmltYWwgbGlzdCBvZiBhdXRob3JpemVkIGFnZW50cywgYW5kIHNob3Vs ZCByZXF1aXJlIHByb3BlciBhdXRoZW50aWNhdGlvbiBvZiB0aGVzZSBhZ2VudHMuDQoNCg0KDQot LSBDaHJpc3RpYW4gSHVpdGVtYQ0KDQoNCg0KT24gNi8yNS8yMDIwIDc6MDAgQU0sIFN1c2FuIEhh cmVzIHdyb3RlOg0KDQo+IFFpbiBhbmQgQ2hyaXN0aWFuOg0KDQo+DQoNCj4gVGhhbmsgeW91IGZv ciB5b3VyIHByb21wdCBhdHRlbnRpb24gdG8gdGhlIHByaXZhY3kgaXNzdWUuDQoNCj4gSSdtIHN1 cmUgQ2hyaXN0aWFuIHdpbGwgcmVzcG9uZCBpbiBhIGJpdCAtIHNpbmNlIGhlIG1pZ2h0IGJlIGlu IFBEVCB0aW1lLXpvbmUuDQoNCj4NCg0KPiBPbmNlIHlvdSBoYXZlIGEgc29sdXRpb24geW91IGJv dGggbGlrZSwgd2Ugc2hvdWxkIHZhbGlkYXRlIHRoZSBwcml2YWN5DQoNCj4gY2hhbmdlcyB0byB0 aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbiB3aXRoIHRoZSBZYW5nLWRvY3RvcnMs DQoNCj4gT1BTLUFEcywgYW5kIFNlY3VyaXR5LUFEcy4NCg0KPg0KDQo+IE1hcnRpbidzIHdhdGNo aW5nIHRoaXMgdGhyZWFkIHNvIEknbSBzdXJlIGhlJ2xsIGhlbHAgdXMgb3V0IGFzIHdlbGwuDQoN Cj4NCg0KPiBTdWUNCg0KPg0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQoNCj4gRnJv bTogaTJycyBbbWFpbHRvOmkycnMtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFFpbiBX dQ0KDQo+IFNlbnQ6IFRodXJzZGF5LCBKdW5lIDI1LCAyMDIwIDk6MjUgQU0NCg0KPiBUbzogU3Vz YW4gSGFyZXM7ICdDaHJpc3RpYW4gSHVpdGVtYSc7IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2Vj ZGlyQGlldGYub3JnPg0KDQo+IENjOiBpMnJzQGlldGYub3JnPG1haWx0bzppMnJzQGlldGYub3Jn PjsNCg0KPiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBpZXRm Lm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxA aWV0Zi5vcmc+Ow0KDQo+IGxhc3QtY2FsbEBpZXRmLm9yZzxtYWlsdG86bGFzdC1jYWxsQGlldGYu b3JnPg0KDQo+IFN1YmplY3Q6IFJlOiBbaTJyc10gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YN Cg0KPiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LTEzDQoNCj4NCg0K PiBTdWUgYW5kIENocmlzdGlhbjoNCg0KPiBJIGhhdmUgcmVzcG9uZGVkIHRvIENocmlzdGlhbiBv biBwcml2YWN5IGlzc3VlLCBteSBwcm9wb3NhbCBpcyB0byBhZGQgTUFDIGFkZHJlc3MgYXMgYW5v dGhlciBkYXRhIG5vZGUgdnVsbmVyYWJpbGl0eSBleGFtcGxlIGluIG91ciBvcmlnaW5hbCBzZWN1 cml0eSBjb25zaWRlcmF0aW9uIHNlY3Rpb24uDQoNCj4gQnV0IElmIENocmlzdGlhbiBvciBzZWN1 cml0eSBkaXJlY3RvcmF0ZSBoYXMgcmVjb21tZW5kaW5nIHRleHQsIHdlIGF1dGhvcnMgYXJlIGhh cHB5IHRvIGFjY2VwdCBpdC4NCg0KPg0KDQo+IC1RaW4NCg0KPiAtLS0tLemCruS7tuWOn+S7ti0t LS0tDQoNCj4g5Y+R5Lu25Lq6OiBTdXNhbiBIYXJlcyBbbWFpbHRvOnNoYXJlc0BuZHpoLmNvbV0N Cg0KPiDlj5HpgIHml7bpl7Q6IDIwMjDlubQ25pyIMjXml6UgMjE6MDQNCg0KPiDmlLbku7bkuro6 ICdDaHJpc3RpYW4gSHVpdGVtYScgPGh1aXRlbWFAaHVpdGVtYS5uZXQ8bWFpbHRvOmh1aXRlbWFA aHVpdGVtYS5uZXQ+Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQoN Cj4g5oqE6YCBOiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBp ZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5h bGxAaWV0Zi5vcmc+Ow0KDQo+IGkycnNAaWV0Zi5vcmc8bWFpbHRvOmkycnNAaWV0Zi5vcmc+OyBs YXN0LWNhbGxAaWV0Zi5vcmc8bWFpbHRvOmxhc3QtY2FsbEBpZXRmLm9yZz4NCg0KPiDkuLvpopg6 IFJFOiBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZg0KDQo+IGRyYWZ0LWlldGYtaTJycy15YW5n LWwyLW5ldHdvcmstdG9wb2xvZ3ktMTMNCg0KPg0KDQo+IENocmlzdGlhbjoNCg0KPg0KDQo+IFRo YW5rIHlvdSBmb3IgY2F0Y2hpbmcgdGhlIHByaXZhY3kgaXNzdWVzLg0KDQo+DQoNCj4gSSd2ZSBn b3QgYSBmZXcgcXVlc3Rpb25zIHRvIGhlbHAgdGhlIGF1dGhvcnMgc2NvcGUgdGhpcyBjaGFuZ2U6 DQoNCj4NCg0KPiAxKSBTaW5jZSB0aGlzIGlzIGNvbW1vbiB0byBhbGwgTDIgVG9wb2xvZ2llcywg Y2FuIHlvdSBvciB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUgcmVjb21tZW5kIHNvbWUgdGV4dCB0 aGF0IG1pZ2h0IGJlIGFwcHJvcHJpYXRlPw0KDQo+ICAgIElmIHlvdSBoYXZlIHJlY29tbWVuZGVk IHRleHQsIGhhcyB0aGlzIHRleHQgYmVlbiByZXZpZXdlZCBieSBPUFMtRElSIGFuZCBZYW5nIGRv Y3RvcnM/DQoNCj4NCg0KPiAyKSBXaWxsIGl0IGJlIGEgcHJvYmxlbSBJZiB3ZSB3cml0ZSBwcml2 YWN5IGNvbnNpZGVyYXRpb25zIG9uIElFRUUgc3BlY2lmaWNhdGlvbnM/DQoNCj4gMykgRG8gd2Ug bmVlZCB0byBjb25zaWRlciB0aGUgcmFuZ2Ugb2YgZGVwbG95bWVudHMgb2YgTDIgKGhvbWUsDQoN Cj4gZW50ZXJwcmlzZSwgIHB1YmxpYyBQQkIgc2VydmljZSwgbmF0aW9uYWwgUEJCIHNlcnZpY2Us IERhdGEgY2VudGVycykNCg0KPg0KDQo+DQoNCj4gVGhhbmsgeW91LCAgU3VlDQoNCj4NCg0KPg0K DQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQoNCj4gRnJvbTogQ2hyaXN0aWFuIEh1aXRl bWEgdmlhIERhdGF0cmFja2VyIFttYWlsdG86bm9yZXBseUBpZXRmLm9yZ10NCg0KPiBTZW50OiBU aHVyc2RheSwgSnVuZSAyNSwgMjAyMCAxOjAxIEFNDQoNCj4gVG86IHNlY2RpckBpZXRmLm9yZzxt YWlsdG86c2VjZGlyQGlldGYub3JnPg0KDQo+IENjOiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1u ZXR3b3JrLXRvcG9sb2d5LmFsbEBpZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1pMnJzLXlhbmct bDItbmV0d29yay10b3BvbG9neS5hbGxAaWV0Zi5vcmc+Ow0KDQo+IGkycnNAaWV0Zi5vcmc8bWFp bHRvOmkycnNAaWV0Zi5vcmc+OyBsYXN0LWNhbGxAaWV0Zi5vcmc8bWFpbHRvOmxhc3QtY2FsbEBp ZXRmLm9yZz4NCg0KPiBTdWJqZWN0OiBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZg0KDQo+IGRy YWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3ktMTMNCg0KPg0KDQo+IFJldmll d2VyOiBDaHJpc3RpYW4gSHVpdGVtYQ0KDQo+IFJldmlldyByZXN1bHQ6IEhhcyBJc3N1ZXMNCg0K Pg0KDQo+IEkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3Vy aXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3Vt ZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJlIHdy aXR0ZW4gd2l0aCB0aGUgaW50ZW50IG9mIGltcHJvdmluZyBzZWN1cml0eSByZXF1aXJlbWVudHMg YW5kIGNvbnNpZGVyYXRpb25zIGluIElFVEYgZHJhZnRzLiAgQ29tbWVudHMgbm90IGFkZHJlc3Nl ZCBpbiBsYXN0IGNhbGwgbWF5IGJlIGluY2x1ZGVkIGluIEFEIHJldmlld3MgZHVyaW5nIHRoZSBJ RVNHIHJldmlldy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91bGQgdHJlYXQg dGhlc2UgY29tbWVudHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuDQoN Cj4NCg0KPiBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhIFlhbmcgbW9kZWwgZm9yIHJlcHJlc2Vu dGluZyBMaW5rIExheWVyIHRvcG9sb2dpZXMuDQoNCj4gUmVwcmVzZW50aW5nIHN1Y2ggdG9wb2xv Z2llcyBpcyBvYnZpb3VzbHkgdXNlZnVsIGZvciBtYW5hZ2luZyBuZXR3b3JrLg0KDQo+IFRoZSBz ZWN1cml0eSBzZWN0aW9uIGlzIGZvY3VzZWQgb24gc2VjdXJpbmcgdGhlIHVzYWdlIG9mIHRoaXMg aW5mb3JtYXRpb24gZm9yIG5ldHdvcmsgbWFuYWdlbWVudCwgYnV0IGRvZXMgbm90IGFkZHJlc3Mg cG90ZW50aWFsIHByaXZhY3kgaXNzdWVzLg0KDQo+DQoNCj4gVGhlIHNlY3VyaXR5IGNvbnNpZGVy YXRpb25zIGV4cGxhaW4gY29ycmVjdGx5IGhvdyBhbHRlcmluZyB0aGUgbGluayBsYXllciBpbmZv cm1hdGlvbiBjb3VsZCBlbmFibGUgYXR0YWNrcyBhZ2FpbnN0IHRoZSBuZXR3b3JrLiBUaGUgcHJv cG9zZWQgcmVtZWR5IGlzIGFjY2VzcyBjb250cm9sLCBpbXBsZW1lbnRlZCB1c2luZyBlaXRoZXIg U1NIIG9yIFRMUy4gVGhpcyBpcyBmaW5lLCBhbHRob3VnaCB0aGUgZGlzY3Vzc2lvbiBvZiBUTFMg YXV0aG9yaXNhdGlvbiBpcyBhIGJpdCBzaG9ydC4gQnkgZGVmYXVsdCwgVExTIHZlcmlmaWVzIHRo ZSBpZGVudGl0eSBvZiB0aGUgc2VydmVyIGJ1dCBub3QgdGhhdCBvZiB0aGUgY2xpZW50LiBSRkM4 MDQwIHNlY3Rpb24gMi41IHNwZWNpZmllcyB0aGF0ICJhIFJFU1RDT05GIHNlcnZlciBTSE9VTEQg cmVxdWlyZSBhdXRoZW50aWNhdGlvbiBiYXNlZCBvbiBUTFMgY2xpZW50IGNlcnRpZmljYXRlcy4g SSBhc3N1bWUgdGhhdCdzIHRoZSBpbnRlbnQsIGJ1dCBpdCBtaWdodCBiZSB1c2VmdWwgdG8gc2F5 IHNvLg0KDQo+DQoNCj4gT24gdGhlIG90aGVyIGhhbmQsIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0 aW9ucyBkbyBub3QgZGVzY3JpYmUgcHJpdmFjeSBpc3N1ZXMsIGFuZCBJIGZpbmQgdGhhdCBwcm9i bGVtYXRpYy4gVGhlIHByb3Bvc2VkIGluZm9ybWF0aW9uIG1vZGVsIGxpc3RzIGEgbnVtYmVyIG9m IHNlbnNpdGl2ZSBkYXRhLCBzdWNoIGFzIGZvciBleGFtcGxlIHRoZSBNQUMgYWRkcmVzc2VzIG9m IGRldmljZXMuDQoNCj4gVGhpcyBpbmZvcm1hdGlvbiBjYW4gYmUgbWlzdXNlZC4gRm9yIGV4YW1w bGUsIGFwcGxpY2F0aW9ucyBjb3VsZCBhc3Nlc3MgZGV2aWNlIGxvY2F0aW9uIGZldGNoaW5nIHRo ZSBNQUMgYWRkcmVzc2VzIG9mIGxvY2FsIGdhdGV3YXlzLiBUaGlyZCBwYXJ0aWVzIGNvdWxkIGFj Y2VzcyBsaW5rIGxvY2FsIGluZm9ybWF0aW9uIHRvIGdhdGhlciBpZGVudGl0aWVzIG9mIGRldmlj ZXMgYWNjZXNzaW5nIGEgcGFydGljdWxhciBuZXR3b3JrLiBTdWNoIGluZm9ybWF0aW9uIGlzIG9m dGVuIHByb3RlY3RlZCBieSBwcml2YWN5IEFQSSBpbiB0aGUgT3BlcmF0aW5nIFN5c3RlbSwgYnV0 IGFjY2Vzc2luZyB0aGUgWWFuZyBtb2R1bGUgb3ZlciB0aGUgbmV0d29yayBtaWdodCBhbGxvdyBh cHBsaWNhdGlvbnMgdG8gYnlwYXNzIHRoZXNlIGNvbnRyb2xzLg0KDQo+DQoNCj4gQ2xpZW50IGF1 dGhlbnRpY2F0aW9uIGFsb25lIGRvZXMgbm90IG5lY2Vzc2FyaWx5IHByb3RlY3QgYWdhaW5zdCB0 aGVzZSBwcml2YWN5IGxlYWtzLiBBIGNsYXNzaWMgY29uZmlndXJhdGlvbiBlcnJvciB3b3VsZCBs aW1pdCB3cml0ZSBhY2Nlc3MgdG8gYXV0aG9yaXplZCB1c2VycywgYnV0IHRvIGFsbG93IHJlYWQt b25seSBhY2Nlc3MgdG8gbW9zdCB1c2Vycy4gVGhpcyBraW5kIG9mIGVycm9yIHdvdWxkIGFsbG93 IHByaXZhY3kgbGVha3MuIEdpdmVuIHRoZSBzZW5zaXRpdmUgbmF0dXJlIG9mIE1BQyBhZGRyZXNz ZXMgYW5kIG90aGVyIGlkZW50aWZpZXJzLCBpdCBpcyB1c2VmdWwgdG8gd2FybiBhZ2FpbnN0IHN1 Y2ggZXJyb3JzLg0KDQo+DQoNCj4NCg0KPg0KDQo+DQoNCj4NCg0KPiBfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KDQo+IGkycnMgbWFpbGluZyBsaXN0DQoN Cj4gaTJyc0BpZXRmLm9yZzxtYWlsdG86aTJyc0BpZXRmLm9yZz4NCg0KPiBodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2kycnMNCg0KPg0K --_000_B8F9A780D330094D99AF023C5877DABAAD7BE6C3dggeml531mbschi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5 OuW+rui9r+mbhem7kTsNCglwYW5vc2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOW+rui9r+mbhem7kSI7DQoJcGFub3NlLTE6MiAxMSA1IDMg MiAyIDQgMiAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5N c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4w MDAxcHQ7DQoJdGV4dC1hbGlnbjpqdXN0aWZ5Ow0KCXRleHQtanVzdGlmeTppbnRlci1pZGVvZ3Jh cGg7DQoJZm9udC1zaXplOjEwLjVwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVk LCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjojOTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFpblRl eHQsIGxpLk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJpb3Jp dHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6Iue6r+aWh+acrCBDaGFyIjsNCgltYXJnaW46MGNtOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCgl0ZXh0LWFsaWduOmxlZnQ7DQoJZm9udC1zaXplOjEw LjVwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpwDQoJe21zby1zdHls ZS1wcmlvcml0eTo5OTsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6 MGNtOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCgl0 ZXh0LWFsaWduOmp1c3RpZnk7DQoJdGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDsNCglmb250 LXNpemU6MTAuNXB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4u Q2hhcg0KCXttc28tc3R5bGUtbmFtZToi57qv5paH5pysIENoYXIiOw0KCW1zby1zdHlsZS1wcmlv cml0eTo5OTsNCgltc28tc3R5bGUtbGluazrnuq/mlofmnKw7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjANCgl7bXNvLXN0eWxlLXR5cGU6cGVy c29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6 IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsN Cglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQg NzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDkwLjBwdCA3Mi4wcHQgOTAuMHB0O30NCmRpdi5Xb3Jk U2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0K QGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6OTMzNTA5ODg3Ow0KCW1zby1saXN0LXR5cGU6aHlicmlk Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMTIwMjgzMTE1NiAxNTYwMzAyMDE2IDY3Njk4NzEz IDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3 Njk4NzE1O30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6MTguMHB0Ow0KCXRl eHQtaW5kZW50Oi0xOC4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10ZXh0OiIlMlwpIjsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2lu LWxlZnQ6NDIuMHB0Ow0KCXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3Rv cDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246cmlnaHQ7DQoJbWFyZ2luLWxlZnQ6 NjMuMHB0Ow0KCXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1s ZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCglt YXJnaW4tbGVmdDo4NC4wcHQ7DQoJdGV4dC1pbmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBsMDpsZXZl bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRl eHQ6IiU1XCkiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDoxMDUuMHB0Ow0KCXRleHQtaW5kZW50Oi0yMS4w cHQ7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxv d2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246cmlnaHQ7DQoJbWFyZ2luLWxlZnQ6MTI2LjBwdDsNCgl0ZXh0LWluZGVudDotMjEuMHB0O30N CkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6MTQ3LjBwdDsNCgl0ZXh0LWluZGVu dDotMjEuMHB0O30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDph bHBoYS1sb3dlcjsNCgltc28tbGV2ZWwtdGV4dDoiJThcKSI7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjE2 OC4wcHQ7DQoJdGV4dC1pbmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgltYXJnaW4tbGVmdDoxODkuMHB0 Ow0KCXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwN Cgl7bWFyZ2luLWJvdHRvbTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3ht bD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6 ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBl bGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iWkgtQ04iIGxp bms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+VGhhbmtzIENocmlz dGlhbiBmb3IgY2xhcmlmaWNhdGlvbiwgaGVyZSBpcyB0aGUgdHdlYWtlZCB0ZXh0IHRvIGFkZHJl c3MgeW91ciBjb21tZW50LCB3aGljaCBpcyBwb3NpdGlvbmVkIHJpZ2h0IGFmdGVyIHRoZSBkaXNj dXNzaW9uIGFib3V0IHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUgYXR0cmlidXRlcy48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5n PSJFTi1VUyI+TkVXIFRFWFQ6PG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+4oCcPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPjYuJm5ic3A7IFNlY3VyaXR5IENvbnNpZGVyYXRpb25zPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsmbmJzcDsgVGhlIFlBTkcgbW9kdWxlIHNwZWNpZmllZCBpbiB0aGlzIGRv Y3VtZW50IGRlZmluZXMgYSBzY2hlbWEgZm9yIGRhdGE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRo YXQgaXMgZGVzaWduZWQgdG8gYmUgYWNjZXNzZWQgdmlhIG5ldHdvcmsgbWFuYWdlbWVudCBwcm90 b2NvbHMgc3VjaDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgYXMgTkVUQ09ORiBbUkZDNjI0MV0gb3Ig UkVTVENPTkYgW1JGQzgwNDBdLiZuYnNwOyBUaGUgbG93ZXN0IE5FVENPTkYgbGF5ZXI8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7Jm5ic3A7IGlzIHRoZSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyLCBhbmQgdGhlIG1h bmRhdG9yeS10by1pbXBsZW1lbnQgc2VjdXJlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0cmFuc3Bv cnQgaXMgU2VjdXJlIFNoZWxsIChTU0gpIFtSRkM2MjQyXS4mbmJzcDsgVGhlIGxvd2VzdCBSRVNU Q09ORiBsYXllcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgaXMgSFRUUFMsIGFuZCB0aGUgbWFuZGF0 b3J5LXRvLWltcGxlbWVudCBzZWN1cmUgdHJhbnNwb3J0IGlzIFRMUzxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsm bmJzcDsgW1JGQzg0NDZdLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFRo ZSBOZXR3b3JrIENvbmZpZ3VyYXRpb24gQWNjZXNzIENvbnRyb2wgTW9kZWwgKE5BQ00pIFtSRkM4 MzQxXTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgcHJvdmlkZXMgdGhlIG1lYW5zIHRvIHJlc3RyaWN0 IGFjY2VzcyBmb3IgcGFydGljdWxhciBORVRDT05GIG9yPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsgUkVTVENPTkYgdXNlcnMgdG8gYSBwcmVjb25maWd1cmVkIHN1YnNldCBv ZiBhbGwgYXZhaWxhYmxlIE5FVENPTkYgb3I8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFJFU1RDT05G IHByb3RvY29sIG9wZXJhdGlvbnMgYW5kIGNvbnRlbnQuPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsgVGhlIExheWVyIDIgdG9wb2xvZ3kgbW9kdWxlIGRlZmluZSBpbmZvcm1h dGlvbiB0aGF0IGNhbiBiZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgY29uZmlndXJhYmxlIGluIGNl cnRhaW4gaW5zdGFuY2VzLCBmb3IgZXhhbXBsZSBpbiB0aGUgY2FzZSBvZiB2aXJ0dWFsPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyB0b3BvbG9naWVzIHRoYXQgY2FuIGJlIGNyZWF0ZWQgYnkgY2xpZW50 IGFwcGxpY2F0aW9ucy4mbmJzcDsgSW4gc3VjaDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgY2FzZXMs IGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBpbnRyb2R1Y2UgdG9wb2xvZ2llcyB0aGF0IGFyZTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsmbmJzcDsgdW5kZXNpcmVkLiZuYnNwOyBTcGVjaWZpY2FsbHksIGEgbWFs aWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHJlbW92ZTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJz cDsgb3IgYWRkIGEgbm9kZSwgYSBsaW5rLCBhIHRlcm1pbmF0aW9uIHBvaW50LCBieSBjcmVhdGlu ZyBvciBkZWxldGluZzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgY29ycmVzcG9uZGluZyBlbGVtZW50 cyBpbiB0aGUgbm9kZSwgbGluaywgYW5kIHRlcm1pbmF0aW9uIHBvaW50PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyBsaXN0cywgcmVzcGVjdGl2ZWx5LiZuYnNwOyBJbiB0aGUgY2FzZSBvZiBhIHRvcG9s b2d5IHRoYXQgaXMgbGVhcm5lZCwgdGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBzZXJ2ZXIgd2ls bCBhdXRvbWF0aWNhbGx5IHByb2hpYml0IHN1Y2ggbWlzY29uZmlndXJhdGlvbiBhdHRlbXB0cy48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kgdGhhdCBpcyBj b25maWd1cmVkLCBpLmUuIHdob3NlIG9yaWdpbiBpczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgJnF1 b3Q7aW50ZW5kZWQmcXVvdDssIHRoZSB1bmRlc2lyZWQgY29uZmlndXJhdGlvbiBjb3VsZCBiZWNv bWUgZWZmZWN0aXZlIGFuZCBiZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgcmVmbGVjdGVkIGluIHRo ZSBvcGVyYXRpb25hbCBzdGF0ZSBkYXRhc3RvcmUsIGxlYWRpbmcgdG8gZGlzcnVwdGlvbjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDsgb2Ygc2VydmljZXMgcHJvdmlkZWQgdmlhIHRoaXMgdG9wb2xvZ3kg bWlnaHQgYmUgZGlzcnVwdGVkLiZuYnNwOyBGb3IgdGhvc2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 IHJlYXNvbnMsIGl0IGlzIGltcG9ydGFudCB0aGF0IHRoZSBORVRDT05GIGFjY2VzcyBjb250cm9s IG1vZGVsIGlzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB2aWdvcm91c2x5IGFwcGxpZWQgdG8gcHJl dmVudCB0b3BvbG9neSBtaXNjb25maWd1cmF0aW9uIGJ5PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB1 bmF1dGhvcml6ZWQgY2xpZW50cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNw OyBUaGVyZSBhcmUgYSBudW1iZXIgb2YgZGF0YSBub2RlcyBkZWZpbmVkIGluIHRoaXMgWUFORyBt b2R1bGUgdGhhdCBhcmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHdyaXRhYmxlL2NyZWF0YWJsZS9k ZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGljaCBpcyB0aGU8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 Jm5ic3A7IGRlZmF1bHQpLiZuYnNwOyBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBjb25zaWRlcmVk IHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBpbiBzb21lIG5l dHdvcmsgZW52aXJvbm1lbnRzLiZuYnNwOyBXcml0ZSBvcGVyYXRpb25zIChlLmcuLCBlZGl0LWNv bmZpZyk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRvIHRoZXNlIGRhdGEgbm9kZXMgd2l0aG91dCBw cm9wZXIgcHJvdGVjdGlvbiBjYW4gaGF2ZSBhIG5lZ2F0aXZlPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNw OyBlZmZlY3Qgb24gbmV0d29yayBvcGVyYXRpb25zLiZuYnNwOyBUaGVzZSBhcmUgdGhlIHN1YnRy ZWVzIGFuZCBkYXRhIG5vZGVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBhbmQgdGhlaXIgc2Vuc2l0 aXZpdHkvdnVsbmVyYWJpbGl0eSBpbiB0aGUgaWV0Zi1uZXR3b3JrIG1vZHVsZTo8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLW5ldHdvcmstYXR0cmlidXRl czogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG88bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9uIG9mIGFueSBv ZiB0aGUgY29udGFpbmVkIGF0dHJpYnV0ZXMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyAmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDtzdWNoIGFzIHRoZSBuYW1lIG9yIHRoZSBmbGFnIGRhdGEgbm9kZXMuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1ub2RlLWF0dHJpYnV0 ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBv cnRhbnQgbm9kZSBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBuYW1lPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgbWFuYWdlbWVudC1hZGRyZXNzLjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8mbmJzcDsgbDItbGluay1hdHRyaWJ1dGVz OiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0byBzYWJvdGFnZTxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0 YW50IGxpbmsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgcmF0ZTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsgb3IgdGhlIGRlbGF5IGRhdGEgbm9kZXMuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi10ZXJtaW5hdGlvbi1wb2ludC1h dHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdG8gc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24g b2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBtYXhpbXVtLWZyYW1lLXNpemUu PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5Tb21lIG9mIHRoZSByZWFkYWJsZSBkYXRhIG5vZGVz IGluIHRoaXMgWUFORyBtb2R1bGUgbWF5IGJlIGNvbnNpZGVyZWQNCjxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBsYW5nPSJFTi1VUyI+c2Vu c2l0aXZlIG9yIHZ1bG5lcmFibGUgaW4gc29tZSBuZXR3b3JrIGVudmlyb25tZW50cy4gSXQgaXMg dGh1cyAmbmJzcDtpbXBvcnRhbnQgdG8gY29udHJvbA0KPG86cD48L286cD48L3NwYW4+PC9iPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5yZWFkIGFjY2Vz cyAoZS5nLiwgdmlhIGdldCwgZ2V0LWNvbmZpZywgb3Igbm90aWZpY2F0aW9uKSB0byB0aGVzZSBk YXRhIG5vZGVzLiBJbiBwYXJ0aWN1bGFyLCB0aGUNCjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBsYW5nPSJFTi1VUyI+WUFORyBtb2RlbCBm b3IgbGF5ZXIgMiB0b3BvbG9neSBtYXkgZXhwb3NlIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiwgZm9y IGV4YW1wbGUgdGhlIE1BQw0KPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5hZGRyZXNzZXMgb2YgZGV2aWNlcy4gVW5y ZXN0cmljdGVkIHVzZSBvZiBzdWNoIGluZm9ybWF0aW9uJm5ic3A7Y2FuIGxlYWQgdG8gcHJpdmFj eSB2aW9sYXRpb25zLg0KPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5Gb3IgZXhhbXBsZSwgbGlzdGluZyBNQUMgYWRk cmVzc2VzIGluIGEgbmV0d29yayBhbGxvd3MgbW9uaXRvcmluZyBvZiBkZXZpY2VzIGFuZCB0aGVp cg0KPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxz cGFuIGxhbmc9IkVOLVVTIj5tb3ZlbWVudHMuIExvY2F0aW9uIGluZm9ybWF0aW9uIGNhbiBiZSBk ZXJpdmVkIGZyb20gTUFDIGFkZHJlc3NlcyBvZiBuZXR3b3JrIGRldmljZXMsDQo8bzpwPjwvbzpw Pjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4t VVMiPmJ5cGFzc2luZyBwcm90ZWN0aW9uIG9mIGxvY2F0aW9uIGluZm9ybWF0aW9uIGJ5IHRoZSBP cGVyYXRpbmcgU3lzdGVtLg0KPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPuKAnTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGFua3MuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4t UWluPG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25l O2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNt Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBzdHlsZT0idGV4dC1hbGlnbjps ZWZ0Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvl vq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R5Lu25Lq6PHNwYW4gbGFuZz0iRU4tVVMi Pjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPiBD aHJpc3RpYW4gSHVpdGVtYSBbbWFpbHRvOmh1aXRlbWFAaHVpdGVtYS5uZXRdDQo8YnI+DQo8L3Nw YW4+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u 6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuWPkemAgeaXtumXtDxzcGFuIGxhbmc9IkVOLVVT Ij46PC9zcGFuPjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj4g MjAyMDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5bm0PHNwYW4gbGFuZz0iRU4tVVMiPjY8 L3NwYW4+5pyIPHNwYW4gbGFuZz0iRU4tVVMiPjI2PC9zcGFuPuaXpTxzcGFuIGxhbmc9IkVOLVVT Ij4NCiAyMjo1NTxicj4NCjwvc3Bhbj48Yj7mlLbku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwv c3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBRaW4gV3UgJmx0O2JpbGwud3VAaHVhd2VpLmNv bSZndDs7IFN1c2FuIEhhcmVzICZsdDtzaGFyZXNAbmR6aC5jb20mZ3Q7OyBzZWNkaXJAaWV0Zi5v cmc8YnI+DQo8L3NwYW4+PGI+5oqE6YCBPHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9iPjxz cGFuIGxhbmc9IkVOLVVTIj4gaTJyc0BpZXRmLm9yZzsgZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDIt bmV0d29yay10b3BvbG9neS5hbGxAaWV0Zi5vcmc7IGxhc3QtY2FsbEBpZXRmLm9yZzsgTkVUTU9E IEdyb3VwICZsdDtuZXRtb2RAaWV0Zi5vcmcmZ3Q7PGJyPg0KPC9zcGFuPjxiPuS4u+mimDxzcGFu IGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IFJlOiBbTGFzdC1D YWxsXSBbaTJyc10gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1pMnJzLXlh bmctbDItbmV0d29yay10b3BvbG9neS0xMzxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJ0 ZXh0LWFsaWduOmxlZnQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8cD48c3BhbiBsYW5nPSJFTi1VUyI+SSBsaWtlIHZhcmlhbnQgQiBiZXR0ZXIsIGFs dGhvdWdoIEkgd291bGQgbm90IHNpbmdsZSBvdXQgdGhlIG1hYyBhZGRyZXNzZXMgaW4gdGhlICZx dW90O3NhYm90YWdlJnF1b3Q7IHdhcm5pbmcuDQo8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiIHN0 eWxlPSJmb250LXNpemU6MTIuMHB0Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cD48c3BhbiBs YW5nPSJFTi1VUyI+TXkgbWFpbiBjb25jZXJuIGlzIHRoYXQgbmV0d29yayBhZG1pbmlzdHJhdG9y cyB3aWxsIG5hdHVyYWxseSBiZSB2ZXJ5IGNvbmNlcm5lZCBhYm91dCBpbmZvcm1hdGlvbiB0aGF0 IGlzIHdyaXRhYmxlL2NyZWF0YWJsZS9kZWxldGFibGUsIGJlY2F1c2UgdGhleSB1bmRlcnN0YW5k IHRoZSBpbXBhY3Qgb24gdGhlIG1hbmFnZW1lbnQgb2YgdGhlaXIgbmV0d29yay4gSG93ZXZlciwg dGhleSBhcmUgbm90IHNvIGNvbmNlcm5lZA0KIHdpdGggcmVhZC1vbmx5IGFjY2VzcywgYmVjYXVz ZSByZWFkaW5nIGluZm9ybWF0aW9uIGRvZXMgbm90IGRpcmVjdGx5IGFmZmVjdCB0aGUgb3BlcmF0 aW9uIG9mIHRoZSBuZXR3b3JrLiBNeSB3aG9sZSBwb2ludCBpcyB0ZWxsaW5nIHRoZW0sICZxdW90 O3lvdSBhcmUgZG9jdW1lbnRpbmcgeW91ciBMMiB0b3BvbG9neSwgaXQgY29udGFpbnMgc2Vuc2l0 aXZlIGluZm9ybWF0aW9uLCBtYWtlIHN1cmUgdGhhdCByZWFkaW5nIGl0IGlzIHByb3RlY3RlZCwg bm90DQoganVzdCB3cml0aW5nIGl0JnF1b3Q7LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwPjxz cGFuIGxhbmc9IkVOLVVTIj5JIGFncmVlIHRoYXQgTkVUQ09ORiBhbmQgUkVTVENPTkYgcHJvdmlk ZSB0aGUgcmlnaHQgdG9vbHMgZm9yIHByb3RlY3RpbmcgdGhlIGluZm9ybWF0aW9uLiBNeSByZXF1 ZXN0IGlzIGp1c3QgdG8gY2xlYXJseSB0ZWxsIG5ldHdvcmsgYWRtaW5pc3RyYXRvcnMgdG8gdXNl IHRoZXNlIHRvb2xzLCBkbyBub3QgbGVhdmUgcmVhZCBhY2Nlc3Mgd2lkZSBvcGVuITxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwPjxzcGFuIGxhbmc9IkVOLVVTIj4tLSBDaHJpc3RpYW4gSHVpdGVt YTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+T24gNi8yNi8yMDIwIDQ6MzcgQU0sIFFpbiBXdSB3cm90ZTo8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUu MHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPkhpLCBDaHJpc3RpYW46PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDot MTguMHB0O21zby1saXN0OmwwIGxldmVsMSBsZm8yIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxz cGFuIGxhbmc9IkVOLVVTIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4xLjxzcGFuIHN0 eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+ PHNwYW4gbGFuZz0iRU4tVVMiPk5BQ00gZGVmaW5lZCBpbiBSRkM4MzQxIGhhcyBhbHJlYWR5IHBy b3ZpZGVkIG1lY2hhbmlzbXMgdG8gcmVzdHJpY3QgYWNjZXNzIHRvIHNlbnNpdGl2ZSBpbmZvcm1h dGlvbiB0byBhIG1pbmltYWwgbGlzdCBvZiBhdXRob3JpemVkIGNsaWVudCBvciBhZ2VudHMgYW5k IGRlYWwgd2l0aCBwcml2YWN5IGlzc3VlIGlmIG15IHVuZGVyc3RhbmRpbmcgaXMgY29ycmVjdC48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFy Z2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxm bzIiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gbGFuZz0iRU4tVVMiPjxzcGFuIHN0eWxl PSJtc28tbGlzdDpJZ25vcmUiPjIuPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMg TmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwv c3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBsYW5nPSJFTi1VUyI+Qm90aCBORVRD T05GIGFuZCBSRVNUQ09ORiB3aWxsIHJlbHkgb24gdHJhbnNwb3J0IHByb3RvY29sIHN1Y2ggYXMg VExTIHRvIHByb3ZpZGUgY2xpZW50IGF1dGhlbnRpY2F0aW9uIGFuZCBzZXJ2ZXIgYXV0aGVudGlj YXRpb24sIGkuZS4sIG11dHVhbCBhdXRoZW50aWNhdGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MTguMHB0O3RleHQt aW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzIiPg0KPCFbaWYgIXN1cHBvcnRM aXN0c10+PHNwYW4gbGFuZz0iRU4tVVMiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPjMu PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwh W2VuZGlmXT48c3BhbiBsYW5nPSJFTi1VUyI+VGhlIFlBTkcgc2VjdXJpdHkgZ3VpZGVsaW5lIGRl ZmluZWQgaW4NCjxhIGhyZWY9Imh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL29wcy93aWtpL3lh bmctc2VjdXJpdHktZ3VpZGVsaW5lcyI+aHR0cHM6Ly90cmFjLmlldGYub3JnL3RyYWMvb3BzL3dp a2kveWFuZy1zZWN1cml0eS1ndWlkZWxpbmVzPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJ0ZXh0LWluZGVudDoyMS4wcHQiPjxzcGFuIGxh bmc9IkVOLVVTIj5Qcm92aWRlIHBlcmZlY3QgYm9pbGVycGxhdGUgdG8gYWRkcmVzcyBib3RoIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb24gYW5kIHByaXZhY3kgY29uc2lkZXJhdGlvbi48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ TXkgb3JpZ2luYWwgcHJvcG9zYWwgQSB0byBhZGRyZXNzIHlvdXIgY29tbWVudHMgaXM6PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPk9MRCBURVhUOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mcXVvdDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFRoZXJl IGFyZSBhIG51bWJlciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVsZSB0 aGF0IGFyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgd3JpdGFibGUvY3JlYXRhYmxlL2RlbGV0YWJs ZSAoaS5lLiwgY29uZmlnIHRydWUsIHdoaWNoIGlzIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg ZGVmYXVsdCkuJm5ic3A7IFRoZXNlIGRhdGEgbm9kZXMgbWF5IGJlIGNvbnNpZGVyZWQgc2Vuc2l0 aXZlIG9yIHZ1bG5lcmFibGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGluIHNvbWUgbmV0d29yayBl bnZpcm9ubWVudHMuJm5ic3A7IFdyaXRlIG9wZXJhdGlvbnMgKGUuZy4sIGVkaXQtY29uZmlnKTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsmbmJzcDsgdG8gdGhlc2UgZGF0YSBub2RlcyB3aXRob3V0IHByb3BlciBw cm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRpdmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGVmZmVj dCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuJm5ic3A7IFRoZXNlIGFyZSB0aGUgc3VidHJlZXMgYW5k IGRhdGEgbm9kZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGFuZCB0aGVpciBzZW5zaXRpdml0eS92 dWxuZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8mbmJzcDsgbDItbmV0d29yay1hdHRyaWJ1dGVzOiBBIG1h bGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgYW55IG9mIHRoZSBj b250YWluZWQgYXR0cmlidXRlcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBub2Rlcy48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLW5vZGUtYXR0cmlidXRlczogQSBt YWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2U8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBu b2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IG9yIHRoZSBtYW5hZ2VtZW50LWFkZHJlc3MuPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1saW5rLWF0dHJpYnV0ZXM6IEEgbWFs aWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBvcnRhbnQgbGlu ayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyBvciB0aGUgZGVsYXkgZGF0YSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLXRlcm1pbmF0aW9uLXBvaW50LWF0dHJpYnV0 ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyB0byBzYWJvdGFnZSB0aGUgY29uZmlndXJhdGlvbiBvZiBpbXBv cnRhbnQgdGVybWluYXRpb24gcG9pbnQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7IGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUtc2l6ZS48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+JnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPk5FVyBURVhUOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mcXVvdDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IFRoZXJlIGFyZSBhIG51bWJlciBvZiBkYXRhIG5vZGVzIGRlZmluZWQgaW4gdGhp cyBZQU5HIG1vZHVsZSB0aGF0IGFyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgd3JpdGFibGUvY3Jl YXRhYmxlL2RlbGV0YWJsZSAoaS5lLiwgY29uZmlnIHRydWUsIHdoaWNoIGlzIHRoZTxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDsmbmJzcDsgZGVmYXVsdCkuJm5ic3A7IFRoZXNlIGRhdGEgbm9kZXMgbWF5IGJlIGNv bnNpZGVyZWQgc2Vuc2l0aXZlIG9yIHZ1bG5lcmFibGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGlu IHNvbWUgbmV0d29yayBlbnZpcm9ubWVudHMuJm5ic3A7IFdyaXRlIG9wZXJhdGlvbnMgKGUuZy4s IGVkaXQtY29uZmlnKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdG8gdGhlc2UgZGF0YSBub2RlcyB3 aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEgbmVnYXRpdmU8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlvbnMuJm5ic3A7IFRoZXNlIGFyZSB0 aGUgc3VidHJlZXMgYW5kIGRhdGEgbm9kZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGFuZCB0aGVp ciBzZW5zaXRpdml0eS92dWxuZXJhYmlsaXR5IGluIHRoZSBpZXRmLW5ldHdvcmsgbW9kdWxlOjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8mbmJzcDsgbDItbmV0d29yay1h dHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0bzxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24g b2YgYW55IG9mIHRoZSBjb250YWluZWQgYXR0cmlidXRlcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHN1Y2ggYXMgdGhlIG5hbWUgb3IgdGhlIGZsYWcgZGF0YSBub2Rl cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLW5vZGUt YXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2U8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHRoZSBjb25maWd1cmF0aW9u IG9mIGltcG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG5hbWU8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICx0aGUgbWFuYWdlbWVudC1hZGRyZXNzIDxi Pm9yIG1hYyBhZGRyZXNzIG9mIHRoZSBkZXZpY2VzPC9iPi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLWxpbmstYXR0cmlidXRlczogQSBtYWxpY2lvdXMg Y2xpZW50IGNvdWxkIGF0dGVtcHQgdG8gc2Fib3RhZ2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBsaW5rIGF0dHJp YnV0ZXMsIHN1Y2ggYXMgdGhlIHJhdGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7IG9yIHRoZSBkZWxheSBkYXRhIG5vZGVzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7byZuYnNwOyBsMi10ZXJtaW5hdGlvbi1wb2ludC1hdHRyaWJ1dGVzOiBBIG1h bGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsgdG8gc2Fib3RhZ2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgaW1wb3J0YW50IHRl cm1pbmF0aW9uIHBvaW50PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBh dHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBtYXhpbXVtLWZyYW1lLXNpemUsDQo8Yj5tYWMtYWRkcmVz czwvYj4uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZxdW90OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+V2l0aCB5b3Vy IHByb3Bvc2VkIHRleHQsIHdlIGNvdWxkIGhhdmUgdGhlIGZvbGxvd2luZyBwcm9wb3NhbCBjaGFu Z2VzIChQcm9wb3NhbCBCKTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+T0xEIFRFWFQ6PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZxdW90OzxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj42LiZuYnNwOyBTZWN1cml0eSBDb25zaWRlcmF0aW9uczxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7Jm5ic3A7IFRoZSBZQU5HIG1vZHVsZSBzcGVjaWZpZWQgaW4gdGhpcyBkb2N1 bWVudCBkZWZpbmVzIGEgc2NoZW1hIGZvciBkYXRhPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0aGF0 IGlzIGRlc2lnbmVkIHRvIGJlIGFjY2Vzc2VkIHZpYSBuZXR3b3JrIG1hbmFnZW1lbnQgcHJvdG9j b2xzIHN1Y2g8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGFzIE5FVENPTkYgW1JGQzYyNDFdIG9yIFJF U1RDT05GIFtSRkM4MDQwXS4mbmJzcDsgVGhlIGxvd2VzdCBORVRDT05GIGxheWVyPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyBpcyB0aGUgc2VjdXJlIHRyYW5zcG9ydCBsYXllciwgYW5kIHRoZSBtYW5k YXRvcnktdG8taW1wbGVtZW50IHNlY3VyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdHJhbnNwb3J0 IGlzIFNlY3VyZSBTaGVsbCAoU1NIKSBbUkZDNjI0Ml0uJm5ic3A7IFRoZSBsb3dlc3QgUkVTVENP TkYgbGF5ZXI8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGlzIEhUVFBTLCBhbmQgdGhlIG1hbmRhdG9y eS10by1pbXBsZW1lbnQgc2VjdXJlIHRyYW5zcG9ydCBpcyBUTFM8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IFtSRkM4NDQ2XS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBUaGUg TmV0d29yayBDb25maWd1cmF0aW9uIEFjY2VzcyBDb250cm9sIE1vZGVsIChOQUNNKSBbUkZDODM0 MV08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHByb3ZpZGVzIHRoZSBtZWFucyB0byByZXN0cmljdCBh Y2Nlc3MgZm9yIHBhcnRpY3VsYXIgTkVUQ09ORiBvcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IFJFU1RDT05GIHVzZXJzIHRvIGEgcHJlY29uZmlndXJlZCBzdWJzZXQgb2Yg YWxsIGF2YWlsYWJsZSBORVRDT05GIG9yPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBSRVNUQ09ORiBw cm90b2NvbCBvcGVyYXRpb25zIGFuZCBjb250ZW50LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IEluIGdlbmVyYWwsIExheWVyIDIgbmV0d29yayB0b3BvbG9naWVzIGFyZSBz eXN0ZW0tY29udHJvbGxlZCBhbmQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHByb3ZpZGUgZXBoZW1l cmFsIHRvcG9sb2d5IGluZm9ybWF0aW9uLiZuYnNwOyBJbiBhbiBOTURBLWNvbXBsaWVudCBzZXJ2 ZXIsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0aGV5IGFyZSBvbmx5IHBhcnQgb2YgJmx0O29wZXJh dGlvbmFsJmd0OyB3aGljaCBwcm92aWRlcyByZWFkLW9ubHkgYWNjZXNzPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyB0byBjbGllbnRzLCB0aGV5IGFyZSBsZXNzIHZ1bG5lcmFibGUuJm5ic3A7IFRoYXQg c2FpZCwgdGhlIFlBTkcgbW9kdWxlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBkb2VzIGluIHByaW5j aXBsZSBhbGxvdyBpbmZvcm1hdGlvbiB0byBiZSBjb25maWd1cmFibGUuPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgVGhlIExheWVyIDIgdG9wb2xvZ3kgbW9kdWxlIGRlZmlu ZSBpbmZvcm1hdGlvbiB0aGF0IGNhbiBiZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgY29uZmlndXJh YmxlIGluIGNlcnRhaW4gaW5zdGFuY2VzLCBmb3IgZXhhbXBsZSBpbiB0aGUgY2FzZSBvZiB2aXJ0 dWFsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0b3BvbG9naWVzIHRoYXQgY2FuIGJlIGNyZWF0ZWQg YnkgY2xpZW50IGFwcGxpY2F0aW9ucy4mbmJzcDsgSW4gc3VjaDxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJz cDsgY2FzZXMsIGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBpbnRyb2R1Y2UgdG9wb2xvZ2llcyB0 aGF0IGFyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdW5kZXNpcmVkLiZuYnNwOyBTcGVjaWZpY2Fs bHksIGEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHJlbW92ZTxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsgb3IgYWRkIGEgbm9kZSwgYSBsaW5rLCBhIHRlcm1pbmF0aW9uIHBvaW50LCBi eSBjcmVhdGluZyBvciBkZWxldGluZzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgY29ycmVzcG9uZGlu ZyBlbGVtZW50cyBpbiB0aGUgbm9kZSwgbGluaywgYW5kIHRlcm1pbmF0aW9uIHBvaW50PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyBsaXN0cywgcmVzcGVjdGl2ZWx5LiZuYnNwOyBJbiB0aGUgY2FzZSBv ZiBhIHRvcG9sb2d5IHRoYXQgaXMgbGVhcm5lZCwgdGhlPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBz ZXJ2ZXIgd2lsbCBhdXRvbWF0aWNhbGx5IHByb2hpYml0IHN1Y2ggbWlzY29uZmlndXJhdGlvbiBh dHRlbXB0cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IEluIHRoZSBjYXNlIG9mIGEgdG9wb2xvZ3kg dGhhdCBpcyBjb25maWd1cmVkLCBpLmUuIHdob3NlIG9yaWdpbiBpczxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsm bmJzcDsgJnF1b3Q7aW50ZW5kZWQmcXVvdDssIHRoZSB1bmRlc2lyZWQgY29uZmlndXJhdGlvbiBj b3VsZCBiZWNvbWUgZWZmZWN0aXZlIGFuZCBiZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgcmVmbGVj dGVkIGluIHRoZSBvcGVyYXRpb25hbCBzdGF0ZSBkYXRhc3RvcmUsIGxlYWRpbmcgdG8gZGlzcnVw dGlvbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgb2Ygc2VydmljZXMgcHJvdmlkZWQgdmlhIHRoaXMg dG9wb2xvZ3kgbWlnaHQgYmUgZGlzcnVwdGVkLiZuYnNwOyBGb3IgdGhvc2U8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7IHJlYXNvbnMsIGl0IGlzIGltcG9ydGFudCB0aGF0IHRoZSBORVRDT05GIGFjY2Vz cyBjb250cm9sIG1vZGVsIGlzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB2aWdvcm91c2x5IGFwcGxp ZWQgdG8gcHJldmVudCB0b3BvbG9neSBtaXNjb25maWd1cmF0aW9uIGJ5PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyB1bmF1dGhvcml6ZWQgY2xpZW50cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyBUaGVyZSBhcmUgYSBudW1iZXIgb2YgZGF0YSBub2RlcyBkZWZpbmVkIGluIHRo aXMgWUFORyBtb2R1bGUgdGhhdCBhcmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHdyaXRhYmxlL2Ny ZWF0YWJsZS9kZWxldGFibGUgKGkuZS4sIGNvbmZpZyB0cnVlLCB3aGljaCBpcyB0aGU8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7Jm5ic3A7IGRlZmF1bHQpLiZuYnNwOyBUaGVzZSBkYXRhIG5vZGVzIG1heSBiZSBj b25zaWRlcmVkIHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBp biBzb21lIG5ldHdvcmsgZW52aXJvbm1lbnRzLiZuYnNwOyBXcml0ZSBvcGVyYXRpb25zIChlLmcu LCBlZGl0LWNvbmZpZyk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHRvIHRoZXNlIGRhdGEgbm9kZXMg d2l0aG91dCBwcm9wZXIgcHJvdGVjdGlvbiBjYW4gaGF2ZSBhIG5lZ2F0aXZlPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOyZuYnNwOyBlZmZlY3Qgb24gbmV0d29yayBvcGVyYXRpb25zLiZuYnNwOyBUaGVzZSBhcmUg dGhlIHN1YnRyZWVzIGFuZCBkYXRhIG5vZGVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBhbmQgdGhl aXIgc2Vuc2l0aXZpdHkvdnVsbmVyYWJpbGl0eSBpbiB0aGUgaWV0Zi1uZXR3b3JrIG1vZHVsZTo8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLW5ldHdvcmst YXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxkIGF0dGVtcHQgdG88bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNhYm90YWdlIHRoZSBjb25maWd1cmF0aW9u IG9mIGFueSBvZiB0aGUgY29udGFpbmVkIGF0dHJpYnV0ZXMsPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyAmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDtzdWNoIGFzIHRoZSBuYW1lIG9yIHRoZSBmbGFnIGRhdGEgbm9k ZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1ub2Rl LWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdl PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlv biBvZiBpbXBvcnRhbnQgbm9kZSBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBuYW1lPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgbWFuYWdlbWVudC1hZGRyZXNz LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IG8mbmJzcDsgbDItbGluay1h dHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0byBzYWJvdGFnZTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdGhlIGNvbmZpZ3VyYXRpb24g b2YgaW1wb3J0YW50IGxpbmsgYXR0cmlidXRlcywgc3VjaCBhcyB0aGUgcmF0ZTxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgb3IgdGhlIGRlbGF5IGRhdGEgbm9kZXMuPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi10ZXJtaW5hdGlv bi1wb2ludC1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdG8gc2Fib3RhZ2UgdGhlIGNvbmZp Z3VyYXRpb24gb2YgaW1wb3J0YW50IHRlcm1pbmF0aW9uIHBvaW50PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSBtYXhpbXVtLWZy YW1lLXNpemUuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZxdW90OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5ORVcgVEVYVDo8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+JnF1 b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPjYuJm5ic3A7IFNlY3VyaXR5IENvbnNpZGVyYXRpb25zPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgVGhlIFlBTkcgbW9kdWxlIHNwZWNpZmllZCBpbiB0 aGlzIGRvY3VtZW50IGRlZmluZXMgYSBzY2hlbWEgZm9yIGRhdGE8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IHRoYXQgaXMgZGVzaWduZWQgdG8gYmUgYWNjZXNzZWQgdmlhIG5ldHdvcmsgbWFuYWdlbWVu dCBwcm90b2NvbHMgc3VjaDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgYXMgTkVUQ09ORiBbUkZDNjI0 MV0gb3IgUkVTVENPTkYgW1JGQzgwNDBdLiZuYnNwOyBUaGUgbG93ZXN0IE5FVENPTkYgbGF5ZXI8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7ICZuYnNwO2lzIHRoZSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyLCBhbmQg dGhlIG1hbmRhdG9yeS10by1pbXBsZW1lbnQgc2VjdXJlPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyB0 cmFuc3BvcnQgaXMgU2VjdXJlIFNoZWxsIChTU0gpIFtSRkM2MjQyXS4mbmJzcDsgVGhlIGxvd2Vz dCBSRVNUQ09ORiBsYXllcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgaXMgSFRUUFMsIGFuZCB0aGUg bWFuZGF0b3J5LXRvLWltcGxlbWVudCBzZWN1cmUgdHJhbnNwb3J0IGlzIFRMUzxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDsmbmJzcDsgW1JGQzg0NDZdLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IFRoZSBOZXR3b3JrIENvbmZpZ3VyYXRpb24gQWNjZXNzIENvbnRyb2wgTW9kZWwgKE5BQ00p IFtSRkM4MzQxXTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgcHJvdmlkZXMgdGhlIG1lYW5zIHRvIHJl c3RyaWN0IGFjY2VzcyBmb3IgcGFydGljdWxhciBORVRDT05GIG9yPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBSRVNUQ09ORiB1c2VycyB0byBhIHByZWNvbmZpZ3VyZWQgc3Vic2V0IG9mIGFsbCBhdmFp bGFibGUgTkVUQ09ORiBvcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgUkVTVENPTkYgcHJvdG9jb2wg b3BlcmF0aW9ucyBhbmQgY29udGVudC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBJbiBnZW5lcmFsLCBMYXllciAyIG5ldHdvcmsgdG9wb2xvZ2llcyBhcmUgc3lzdGVtLWNv bnRyb2xsZWQgYW5kPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBwcm92aWRlIGVwaGVtZXJhbCB0b3Bv bG9neSBpbmZvcm1hdGlvbi4mbmJzcDsgSW4gYW4gTk1EQS1jb21wbGllbnQgc2VydmVyLDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDsgdGhleSBhcmUgb25seSBwYXJ0IG9mICZsdDtvcGVyYXRpb25hbCZn dDsgd2hpY2ggcHJvdmlkZXMgcmVhZC1vbmx5IGFjY2VzczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg dG8gY2xpZW50cywgdGhleSBhcmUgbGVzcyB2dWxuZXJhYmxlLiZuYnNwOyBUaGF0IHNhaWQsIHRo ZSBZQU5HIG1vZHVsZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgZG9lcyBpbiBwcmluY2lwbGUgYWxs b3cgaW5mb3JtYXRpb24gdG8gYmUgY29uZmlndXJhYmxlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7Jm5ic3A7IFRoZSBMYXllciAyIHRvcG9sb2d5IG1vZHVsZSBkZWZpbmUgaW5mb3Jt YXRpb24gdGhhdCBjYW4gYmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3VyYWJsZSBpbiBj ZXJ0YWluIGluc3RhbmNlcywgZm9yIGV4YW1wbGUgaW4gdGhlIGNhc2Ugb2YgdmlydHVhbDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDsmbmJzcDsgdG9wb2xvZ2llcyB0aGF0IGNhbiBiZSBjcmVhdGVkIGJ5IGNsaWVu dCBhcHBsaWNhdGlvbnMuJm5ic3A7IEluIHN1Y2g8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGNhc2Vz LCBhIG1hbGljaW91cyBjbGllbnQgY291bGQgaW50cm9kdWNlIHRvcG9sb2dpZXMgdGhhdCBhcmU8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHVuZGVzaXJlZC4mbmJzcDsgU3BlY2lmaWNhbGx5LCBhIG1h bGljaW91cyBjbGllbnQgY291bGQgYXR0ZW1wdCB0byByZW1vdmU8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5i c3A7IG9yIGFkZCBhIG5vZGUsIGEgbGluaywgYSB0ZXJtaW5hdGlvbiBwb2ludCwgYnkgY3JlYXRp bmcgb3IgZGVsZXRpbmc8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGNvcnJlc3BvbmRpbmcgZWxlbWVu dHMgaW4gdGhlIG5vZGUsIGxpbmssIGFuZCB0ZXJtaW5hdGlvbiBwb2ludDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJz cDsmbmJzcDsgbGlzdHMsIHJlc3BlY3RpdmVseS4mbmJzcDsgSW4gdGhlIGNhc2Ugb2YgYSB0b3Bv bG9neSB0aGF0IGlzIGxlYXJuZWQsIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgc2VydmVyIHdp bGwgYXV0b21hdGljYWxseSBwcm9oaWJpdCBzdWNoIG1pc2NvbmZpZ3VyYXRpb24gYXR0ZW1wdHMu PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBJbiB0aGUgY2FzZSBvZiBhIHRvcG9sb2d5IHRoYXQgaXMg Y29uZmlndXJlZCwgaS5lLiB3aG9zZSBvcmlnaW4gaXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7ICZx dW90O2ludGVuZGVkJnF1b3Q7LCB0aGUgdW5kZXNpcmVkIGNvbmZpZ3VyYXRpb24gY291bGQgYmVj b21lIGVmZmVjdGl2ZSBhbmQgYmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IHJlZmxlY3RlZCBpbiB0 aGUgb3BlcmF0aW9uYWwgc3RhdGUgZGF0YXN0b3JlLCBsZWFkaW5nIHRvIGRpc3J1cHRpb248bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7Jm5ic3A7IG9mIHNlcnZpY2VzIHByb3ZpZGVkIHZpYSB0aGlzIHRvcG9sb2d5 IG1pZ2h0IGJlIGRpc3J1cHRlZC4mbmJzcDsgRm9yIHRob3NlPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNw OyByZWFzb25zLCBpdCBpcyBpbXBvcnRhbnQgdGhhdCB0aGUgTkVUQ09ORiBhY2Nlc3MgY29udHJv bCBtb2RlbCBpczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgdmlnb3JvdXNseSBhcHBsaWVkIHRvIHBy ZXZlbnQgdG9wb2xvZ3kgbWlzY29uZmlndXJhdGlvbiBieTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg dW5hdXRob3JpemVkIGNsaWVudHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsg VGhlIFlBTkcgbW9kZWwgZm9yIGxheWVyIDIgdG9wb2xvZ3kgbWF5IGV4cG9zZSBzZW5zaXRpdmUg aW5mb3JtYXRpb24sDQo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7Zm9yIGV4YW1wbGUgdGhlIE1BQyBhZGRyZXNzZXMgb2YgZGV2aWNlcy4gVW5y ZXN0cmljdGVkIHVzZSBvZiBzdWNoIGluZm9ybWF0aW9uDQo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9 IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Y2FuIGxlYWQgdG8gcHJpdmFj eSB2aW9sYXRpb25zLiBGb3IgZXhhbXBsZSwgbGlzdGluZyBNQUMgYWRkcmVzc2VzIGluIGEgbmV0 d29yaw0KPC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyZuYnNwO2FsbG93cyBtb25pdG9yaW5nIG9mIGRldmljZXMgYW5kIHRoZWlyIG1vdmVtZW50 cy4gTG9jYXRpb24gaW5mb3JtYXRpb24gY2FuIGJlIGRlcml2ZWQ8L3NwYW4+PC9iPjxzcGFuIGxh bmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7ICZuYnNwO2Zyb20gTUFDIGFkZHJlc3NlcyBv ZiBuZXR3b3JrIGRldmljZXMsIGJ5cGFzc2luZyBwcm90ZWN0aW9uIG9mIGxvY2F0aW9uIGluZm9y bWF0aW9uIGJ5DQo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7Jm5ic3A7Jm5ic3A7dGhlIE9wZXJhdGluZyBTeXN0ZW0uIERlcGxveW1lbnRzIHNob3VsZCBt aXRpZ2F0ZSB0aGlzIHByaXZhY3kgY29uY2VybnMgYnkgbGltaXRpbmcgYWNjZXNzDQo8L3NwYW4+ PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7dG8g dGhlIGxheWVyIDIgdG9wb2xvZ3kgaW5mb3JtYXRpb24uIEFjY2VzcyB0byB0aGUgaW5mb3JtYXRp b24gc2hvdWxkIGJlIHJlc3RyaWN0ZWQgdG8gYQ0KPC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1V UyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PGI+PHNw YW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyZuYnNwO21pbmltYWwgbGlzdCBvZiBhdXRob3Jp emVkIGNsaWVudHMsIGFuZCBzaG91bGQgYWxzbyByZXF1aXJlIHByb3BlciBhdXRoZW50aWNhdGlv biBvZiB0aGVzZSBjbGllbnRzLjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IFRoZXJlIGFyZSBhIG51bWJlciBvZiBkYXRh IG5vZGVzIGRlZmluZWQgaW4gdGhpcyBZQU5HIG1vZHVsZSB0aGF0IGFyZTxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJz cDsmbmJzcDsgd3JpdGFibGUvY3JlYXRhYmxlL2RlbGV0YWJsZSAoaS5lLiwgY29uZmlnIHRydWUs IHdoaWNoIGlzIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgZGVmYXVsdCkuJm5ic3A7IFRoZXNl IGRhdGEgbm9kZXMgbWF5IGJlIGNvbnNpZGVyZWQgc2Vuc2l0aXZlIG9yIHZ1bG5lcmFibGU8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7Jm5ic3A7IGluIHNvbWUgbmV0d29yayBlbnZpcm9ubWVudHMuJm5ic3A7IFdy aXRlIG9wZXJhdGlvbnMgKGUuZy4sIGVkaXQtY29uZmlnKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsg dG8gdGhlc2UgZGF0YSBub2RlcyB3aXRob3V0IHByb3BlciBwcm90ZWN0aW9uIGNhbiBoYXZlIGEg bmVnYXRpdmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7IGVmZmVjdCBvbiBuZXR3b3JrIG9wZXJhdGlv bnMuJm5ic3A7IFRoZXNlIGFyZSB0aGUgc3VidHJlZXMgYW5kIGRhdGEgbm9kZXM8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7Jm5ic3A7IGFuZCB0aGVpciBzZW5zaXRpdml0eS92dWxuZXJhYmlsaXR5IGluIHRoZSBp ZXRmLW5ldHdvcmsgbW9kdWxlOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 IG8mbmJzcDsgbDItbmV0d29yay1hdHRyaWJ1dGVzOiBBIG1hbGljaW91cyBjbGllbnQgY291bGQg YXR0ZW1wdCB0bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc2Fib3Rh Z2UgdGhlIGNvbmZpZ3VyYXRpb24gb2YgYW55IG9mIHRoZSBjb250YWluZWQgYXR0cmlidXRlcyw8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHN1Y2ggYXMgdGhlIG5hbWUg b3IgdGhlIGZsYWcgZGF0YSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZu YnNwOyBvJm5ic3A7IGwyLW5vZGUtYXR0cmlidXRlczogQSBtYWxpY2lvdXMgY2xpZW50IGNvdWxk IGF0dGVtcHQgdG8gc2Fib3RhZ2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7IHRoZSBjb25maWd1cmF0aW9uIG9mIGltcG9ydGFudCBub2RlIGF0dHJpYnV0ZXMsIHN1Y2gg YXMgdGhlIG5hbWU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICx0aGUg bWFuYWdlbWVudC1hZGRyZXNzLCA8Yj5tYWMtYWRkcmVzcyBvZiB0aGUgZGV2aWNlczwvYj4uPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDsmbmJzcDsgbyZuYnNwOyBsMi1saW5rLWF0dHJp YnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0IHRvIHNhYm90YWdlPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGUgY29uZmlndXJhdGlvbiBvZiBp bXBvcnRhbnQgbGluayBhdHRyaWJ1dGVzLCBzdWNoIGFzIHRoZSByYXRlPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciB0aGUgZGVsYXkgZGF0YSBub2Rlcy48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOyZuYnNwOyBvJm5ic3A7IGwyLXRlcm1pbmF0aW9uLXBv aW50LWF0dHJpYnV0ZXM6IEEgbWFsaWNpb3VzIGNsaWVudCBjb3VsZCBhdHRlbXB0PG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0byBzYWJvdGFnZSB0aGUgY29uZmlndXJh dGlvbiBvZiBpbXBvcnRhbnQgdGVybWluYXRpb24gcG9pbnQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IGF0dHJpYnV0ZXMsIHN1Y2ggYXMgdGhlIG1heGltdW0tZnJhbWUt c2l6ZSwNCjxiPm1hYy1hZGRyZXNzPC9iPi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+JnF1b3Q7PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRoZSBx dWVzdGlvbiBpcyBkbyB5b3UgdGhpbmsgcHJvcG9zYWwgd2l0aCB5YW5nIHNlY3VyaXR5IGJvaWx0 ZXJwbGF0ZSBoYXMgYWxyZWFkeSBhZGRyZXNzZWQgeW91ciBjb21tZW50czxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5PciB5 b3UgdGhpbmsgd2Ugc2hvdWxkIGVtcGhhc2l6ZSBob3cgcHJpdmFjeSBpc3N1ZSBjYW4gYmUgYWRk cmVzc2VkIGJ5IE5BQ00gYW5kIGNsaWVudCBhdXRoZW50aWNhdGlvbiBpcyBuZWVkZWQ/PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4tUWluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPi0tLS0tPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTrlrovkvZMiPumCruS7tuWOn+S7tjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1V UyI+LS0tLS08YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Y+R 5Lu25Lq6PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj46IENocmlzdGlhbiBIdWl0ZW1hIFs8YSBo cmVmPSJtYWlsdG86aHVpdGVtYUBodWl0ZW1hLm5ldCI+bWFpbHRvOmh1aXRlbWFAaHVpdGVtYS5u ZXQ8L2E+XQ0KPGJyPg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuWP kemAgeaXtumXtDwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+OiAyMDIwPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuW5tDwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+Njwv c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L5L2TIj7mnIg8L3NwYW4+PHNwYW4gbGFu Zz0iRU4tVVMiPjI2PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuaXpTwv c3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+DQogMTI6MDU8YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtZmFtaWx5OuWui+S9kyI+5pS25Lu25Lq6PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj46 IFN1c2FuIEhhcmVzIDxhIGhyZWY9Im1haWx0bzpzaGFyZXNAbmR6aC5jb20iPg0KJmx0O3NoYXJl c0BuZHpoLmNvbSZndDs8L2E+OyBRaW4gV3UgPGEgaHJlZj0ibWFpbHRvOmJpbGwud3VAaHVhd2Vp LmNvbSI+Jmx0O2JpbGwud3VAaHVhd2VpLmNvbSZndDs8L2E+Ow0KPGEgaHJlZj0ibWFpbHRvOnNl Y2RpckBpZXRmLm9yZyI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1mYW1pbHk65a6L5L2TIj7mioTpgIE8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjog PGEgaHJlZj0ibWFpbHRvOmkycnNAaWV0Zi5vcmciPg0KaTJyc0BpZXRmLm9yZzwvYT47IDxhIGhy ZWY9Im1haWx0bzpkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBp ZXRmLm9yZyI+DQpkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBp ZXRmLm9yZzwvYT47IDxhIGhyZWY9Im1haWx0bzpsYXN0LWNhbGxAaWV0Zi5vcmciPg0KbGFzdC1j YWxsQGlldGYub3JnPC9hPjxicj4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L 5L2TIj7kuLvpopg8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjogUmU6IFtMYXN0LUNhbGxdIFtp MnJzXSBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1u ZXR3b3JrLXRvcG9sb2d5LTEzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5Ib3cgYWJvdXQgYWRk aW5nIHNvbWV0aGluZyBsaWtlIHRoaXM6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5Qcml2YWN5 IENvbnNpZGVyYXRpb25zPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGUgWWFuZyBtb2RlbCBm b3IgbGF5ZXIgMiB0b3BvbG9neSBleHBvc2VzIHByaXZhY3kgc2Vuc2l0aXZlIGluZm9ybWF0aW9u LCBmb3IgZXhhbXBsZSB0aGUgTUFDIGFkZHJlc3NlcyBvZiBkZXZpY2VzLiBVbnJlc3RyaWN0ZWQg dXNlIG9mIHN1Y2ggaW5mb3JtYXRpb24gY2FuIGxlYWQgdG8gcHJpdmFjeSB2aW9sYXRpb25zLiBG b3IgZXhhbXBsZSwgbGlzdGluZyBNQUMgYWRkcmVzc2VzDQogaW4gYSBuZXR3b3JrIGFsbG93cyBt b25pdG9yaW5nIG9mIGRldmljZXMgYW5kIHRoZWlyIG1vdmVtZW50cy4gTG9jYXRpb24gaW5mb3Jt YXRpb24gY2FuIGJlIGRlcml2ZWQgZnJvbSBNQUMgYWRkcmVzc2VzIG9mIG5ldHdvcmsgZGV2aWNl cywgYnlwYXNzaW5nIHByb3RlY3Rpb24gb2YgbG9jYXRpb24gaW5mb3JtYXRpb24gYnkgdGhlIE9w ZXJhdGluZyBTeXN0ZW0uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5EZXBsb3ltZW50cyBzaG91 bGQgbWl0aWdhdGUgdGhpcyBwcml2YWN5IGNvbmNlcm5zIGJ5IGxpbWl0aW5nIGFjY2VzcyB0byB0 aGUgbGF5ZXIgMiB0b3BvbG9neSBpbmZvcm1hdGlvbi4gQWNjZXNzIHRvIHRoZSBpbmZvcm1hdGlv biBzaG91bGQgYmUgcmVzdHJpY3RlZCB0byBhIG1pbmltYWwgbGlzdCBvZiBhdXRob3JpemVkIGFn ZW50cywgYW5kIHNob3VsZCByZXF1aXJlIHByb3Blcg0KIGF1dGhlbnRpY2F0aW9uIG9mIHRoZXNl IGFnZW50cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPi0tIENocmlzdGlhbiBIdWl0ZW1hPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj5PbiA2LzI1LzIwMjAgNzowMCBBTSwgU3VzYW4gSGFyZXMg d3JvdGU6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZndDsgUWluIGFuZCBDaHJpc3RpYW46IDxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5i c3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZndDsgVGhhbmsgeW91IGZvciB5b3VyIHByb21wdCBhdHRlbnRpb24gdG8g dGhlIHByaXZhY3kgaXNzdWUuJm5ic3A7DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBJJ20gc3VyZSBDaHJpc3Rp YW4gd2lsbCByZXNwb25kIGluIGEgYml0IC0gc2luY2UgaGUgbWlnaHQgYmUgaW4gUERUIHRpbWUt em9uZS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgT25jZSB5b3UgaGF2ZSBh IHNvbHV0aW9uIHlvdSBib3RoIGxpa2UsIHdlIHNob3VsZCB2YWxpZGF0ZSB0aGUgcHJpdmFjeQ0K PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZndDsgY2hhbmdlcyB0byB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2Vj dGlvbiB3aXRoIHRoZSBZYW5nLWRvY3RvcnMsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBPUFMtQURzLCBhbmQg U2VjdXJpdHktQURzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgTWFydGluJ3Mg d2F0Y2hpbmcgdGhpcyB0aHJlYWQgc28gSSdtIHN1cmUgaGUnbGwgaGVscCB1cyBvdXQgYXMgd2Vs bC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFu IGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgU3VlPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsm bmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+Jmd0OyAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4m Z3Q7IEZyb206IGkycnMgWzxhIGhyZWY9Im1haWx0bzppMnJzLWJvdW5jZXNAaWV0Zi5vcmciPjxz cGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5tYWlsdG86 aTJycy1ib3VuY2VzQGlldGYub3JnPC9zcGFuPjwvYT5dIE9uIEJlaGFsZiBPZiBRaW4gV3U8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+Jmd0OyBTZW50OiBUaHVyc2RheSwgSnVuZSAyNSwgMjAyMCA5OjI1IEFNPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PiZndDsgVG86IFN1c2FuIEhhcmVzOyAnQ2hyaXN0aWFuIEh1aXRlbWEnOw0KPGEgaHJlZj0ibWFp bHRvOnNlY2RpckBpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1k ZWNvcmF0aW9uOm5vbmUiPnNlY2RpckBpZXRmLm9yZzwvc3Bhbj48L2E+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsg Q2M6IDxhIGhyZWY9Im1haWx0bzppMnJzQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2lu ZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+aTJyc0BpZXRmLm9yZzwvc3Bhbj48L2E+Ow0K PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZndDsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5l dHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0 ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5kcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3Jr LXRvcG9sb2d5LmFsbEBpZXRmLm9yZzwvc3Bhbj48L2E+Ow0KPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPGEgaHJl Zj0ibWFpbHRvOmxhc3QtY2FsbEBpZXRmLm9yZyI+DQo8c3BhbiBzdHlsZT0iY29sb3I6d2luZG93 dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+bGFzdC1jYWxsQGlldGYub3JnPC9zcGFuPjwvYT48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jmd0OyBTdWJqZWN0OiBSZTogW2kycnNdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3 IG9mDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh biBsYW5nPSJFTi1VUyI+Jmd0OyBkcmFmdC1pZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9s b2d5LTEzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBTdWUgYW5kIENocmlzdGlh bjo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jmd0OyBJIGhhdmUgcmVzcG9uZGVkIHRvIENocmlzdGlhbiBvbiBwcml2YWN5 IGlzc3VlLCBteSBwcm9wb3NhbCBpcyB0byBhZGQgTUFDIGFkZHJlc3MgYXMgYW5vdGhlciBkYXRh IG5vZGUgdnVsbmVyYWJpbGl0eSBleGFtcGxlIGluIG91ciBvcmlnaW5hbCBzZWN1cml0eSBjb25z aWRlcmF0aW9uIHNlY3Rpb24uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgQnV0IElmIENocmlzdGlhbiBvciBzZWN1 cml0eSBkaXJlY3RvcmF0ZSBoYXMgcmVjb21tZW5kaW5nIHRleHQsIHdlIGF1dGhvcnMgYXJlIGhh cHB5IHRvIGFjY2VwdCBpdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IC1RaW48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jmd0OyAtLS0tLTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk65a6L5L2T Ij7pgq7ku7bljp/ku7Y8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPi0tLS0tPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDsgPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuWPkeS7tuS6ujwvc3Bh bj48c3BhbiBsYW5nPSJFTi1VUyI+OiBTdXNhbiBIYXJlcyBbPGEgaHJlZj0ibWFpbHRvOnNoYXJl c0BuZHpoLmNvbSI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9u Om5vbmUiPm1haWx0bzpzaGFyZXNAbmR6aC5jb208L3NwYW4+PC9hPl08bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyA8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5Y+R6YCB5pe26Ze0PC9zcGFu PjxzcGFuIGxhbmc9IkVOLVVTIj46IDIwMjA8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OuWui+S9kyI+5bm0PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj42PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTrlrovkvZMiPuaciDwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+MjU8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OuWui+S9kyI+5pelPC9zcGFuPjxzcGFuIGxhbmc9 IkVOLVVTIj4NCiAyMTowNDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk65a6L5L2TIj7mlLbku7bkuro8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjogJ0Nocmlz dGlhbiBIdWl0ZW1hJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmh1aXRlbWFAaHVpdGVtYS5uZXQiPjxz cGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5odWl0ZW1h QGh1aXRlbWEubmV0PC9zcGFuPjwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRm Lm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUi PnNlY2RpckBpZXRmLm9yZzwvc3Bhbj48L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuaKhOmAgTwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+ Og0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xv Z3kuYWxsQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29y YXRpb246bm9uZSI+ZHJhZnQtaWV0Zi1pMnJzLXlhbmctbDItbmV0d29yay10b3BvbG9neS5hbGxA aWV0Zi5vcmc8L3NwYW4+PC9hPjsNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IDxhIGhyZWY9Im1haWx0bzppMnJz QGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246 bm9uZSI+aTJyc0BpZXRmLm9yZzwvc3Bhbj48L2E+Ow0KPGEgaHJlZj0ibWFpbHRvOmxhc3QtY2Fs bEBpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9u Om5vbmUiPmxhc3QtY2FsbEBpZXRmLm9yZzwvc3Bhbj48L2E+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTrlrovkvZMiPuS4u+mimDwvc3Bhbj48c3BhbiBsYW5n PSJFTi1VUyI+OiBSRTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YNCjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7 IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3ktMTM8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IENocmlzdGlhbjo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVO LVVTIj4mZ3Q7IFRoYW5rIHlvdSBmb3IgY2F0Y2hpbmcgdGhlIHByaXZhY3kgaXNzdWVzLiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OyBJJ3ZlIGdvdCBhIGZldyBxdWVzdGlvbnMgdG8gaGVscCB0aGUgYXV0aG9ycyBzY29wZSB0 aGlzIGNoYW5nZToNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgMSkgU2luY2Ug dGhpcyBpcyBjb21tb24gdG8gYWxsIEwyIFRvcG9sb2dpZXMsIGNhbiB5b3Ugb3IgdGhlIHNlY3Vy aXR5IGRpcmVjdG9yYXRlIHJlY29tbWVuZCBzb21lIHRleHQgdGhhdCBtaWdodCBiZSBhcHByb3By aWF0ZT8NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7ICZuYnNwOyZuYnNwOyZuYnNwO0lmIHlvdSBoYXZlIHJlY29t bWVuZGVkIHRleHQsIGhhcyB0aGlzIHRleHQgYmVlbiByZXZpZXdlZCBieSBPUFMtRElSIGFuZCBZ YW5nIGRvY3RvcnM/DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IDIpIFdpbGwg aXQgYmUgYSBwcm9ibGVtIElmIHdlIHdyaXRlIHByaXZhY3kgY29uc2lkZXJhdGlvbnMgb24gSUVF RSBzcGVjaWZpY2F0aW9ucz8NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IDMpIERvIHdlIG5lZWQgdG8gY29uc2lk ZXIgdGhlIHJhbmdlIG9mIGRlcGxveW1lbnRzIG9mIEwyIChob21lLA0KPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsg ZW50ZXJwcmlzZSwmbmJzcDsgcHVibGljIFBCQiBzZXJ2aWNlLCBuYXRpb25hbCBQQkIgc2Vydmlj ZSwgRGF0YSBjZW50ZXJzKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+Jmd0OyBUaGFuayB5b3UsJm5ic3A7IFN1ZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0i RU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t LTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxh bmc9IkVOLVVTIj4mZ3Q7IEZyb206IENocmlzdGlhbiBIdWl0ZW1hIHZpYSBEYXRhdHJhY2tlciBb PGEgaHJlZj0ibWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5k b3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5tYWlsdG86bm9yZXBseUBpZXRmLm9yZzwvc3Bh bj48L2E+XTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFNlbnQ6IFRodXJzZGF5LCBKdW5lIDI1LCAyMDIwIDE6MDEg QU08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jmd0OyBUbzogPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyI+DQo8 c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+c2VjZGly QGlldGYub3JnPC9zcGFuPjwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBDYzogPGEgaHJlZj0ibWFpbHRvOmRy YWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdvcmstdG9wb2xvZ3kuYWxsQGlldGYub3JnIj4NCjxz cGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5kcmFmdC1p ZXRmLWkycnMteWFuZy1sMi1uZXR3b3JrLXRvcG9sb2d5LmFsbEBpZXRmLm9yZzwvc3Bhbj48L2E+ Ow0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZndDsgPGEgaHJlZj0ibWFpbHRvOmkycnNAaWV0Zi5vcmciPjxzcGFuIHN0 eWxlPSJjb2xvcjp3aW5kb3d0ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5pMnJzQGlldGYub3Jn PC9zcGFuPjwvYT47DQo8YSBocmVmPSJtYWlsdG86bGFzdC1jYWxsQGlldGYub3JnIj48c3BhbiBz dHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+bGFzdC1jYWxsQGll dGYub3JnPC9zcGFuPjwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBTdWJqZWN0OiBTZWNkaXIgbGFzdCBjYWxs IHJldmlldyBvZiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IGRyYWZ0LWlldGYtaTJycy15YW5nLWwyLW5ldHdv cmstdG9wb2xvZ3ktMTM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFJldmlld2Vy OiBDaHJpc3RpYW4gSHVpdGVtYTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFJldmlldyByZXN1bHQ6IEhhcyBJc3N1 ZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IEkgaGF2ZSByZXZpZXdlZCB0aGlz IGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBl ZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhl IElFU0cuJm5ic3A7IFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiB3aXRoIHRoZSBpbnRlbnQg b2YgaW1wcm92aW5nIHNlY3VyaXR5IHJlcXVpcmVtZW50cw0KIGFuZCBjb25zaWRlcmF0aW9ucyBp biBJRVRGIGRyYWZ0cy4mbmJzcDsgQ29tbWVudHMgbm90IGFkZHJlc3NlZCBpbiBsYXN0IGNhbGwg bWF5IGJlIGluY2x1ZGVkIGluIEFEIHJldmlld3MgZHVyaW5nIHRoZSBJRVNHIHJldmlldy4mbmJz cDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21t ZW50cyBqdXN0IGxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgWWFuZyBtb2Rl bCBmb3IgcmVwcmVzZW50aW5nIExpbmsgTGF5ZXIgdG9wb2xvZ2llcy48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBS ZXByZXNlbnRpbmcgc3VjaCB0b3BvbG9naWVzIGlzIG9idmlvdXNseSB1c2VmdWwgZm9yIG1hbmFn aW5nIG5ldHdvcmsuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgVGhlIHNlY3VyaXR5IHNlY3Rpb24gaXMgZm9jdXNl ZCBvbiBzZWN1cmluZyB0aGUgdXNhZ2Ugb2YgdGhpcyBpbmZvcm1hdGlvbiBmb3IgbmV0d29yayBt YW5hZ2VtZW50LCBidXQgZG9lcyBub3QgYWRkcmVzcyBwb3RlbnRpYWwgcHJpdmFjeSBpc3N1ZXMu PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBUaGUgc2VjdXJpdHkgY29uc2lkZXJh dGlvbnMgZXhwbGFpbiBjb3JyZWN0bHkgaG93IGFsdGVyaW5nIHRoZSBsaW5rIGxheWVyIGluZm9y bWF0aW9uIGNvdWxkIGVuYWJsZSBhdHRhY2tzIGFnYWluc3QgdGhlIG5ldHdvcmsuIFRoZSBwcm9w b3NlZCByZW1lZHkgaXMgYWNjZXNzIGNvbnRyb2wsIGltcGxlbWVudGVkIHVzaW5nIGVpdGhlciBT U0ggb3IgVExTLiBUaGlzIGlzDQogZmluZSwgYWx0aG91Z2ggdGhlIGRpc2N1c3Npb24gb2YgVExT IGF1dGhvcmlzYXRpb24gaXMgYSBiaXQgc2hvcnQuIEJ5IGRlZmF1bHQsIFRMUyB2ZXJpZmllcyB0 aGUgaWRlbnRpdHkgb2YgdGhlIHNlcnZlciBidXQgbm90IHRoYXQgb2YgdGhlIGNsaWVudC4gUkZD ODA0MCBzZWN0aW9uIDIuNSBzcGVjaWZpZXMgdGhhdCAmcXVvdDthIFJFU1RDT05GIHNlcnZlciBT SE9VTEQgcmVxdWlyZSBhdXRoZW50aWNhdGlvbiBiYXNlZCBvbiBUTFMgY2xpZW50IGNlcnRpZmlj YXRlcy4NCiBJIGFzc3VtZSB0aGF0J3MgdGhlIGludGVudCwgYnV0IGl0IG1pZ2h0IGJlIHVzZWZ1 bCB0byBzYXkgc28uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyBPbiB0aGUgb3Ro ZXIgaGFuZCwgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGRvIG5vdCBkZXNjcmliZSBwcml2 YWN5IGlzc3VlcywgYW5kIEkgZmluZCB0aGF0IHByb2JsZW1hdGljLiBUaGUgcHJvcG9zZWQgaW5m b3JtYXRpb24gbW9kZWwgbGlzdHMgYSBudW1iZXIgb2Ygc2Vuc2l0aXZlIGRhdGEsIHN1Y2ggYXMg Zm9yIGV4YW1wbGUgdGhlIE1BQyBhZGRyZXNzZXMgb2YNCiBkZXZpY2VzLjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7 IFRoaXMgaW5mb3JtYXRpb24gY2FuIGJlIG1pc3VzZWQuIEZvciBleGFtcGxlLCBhcHBsaWNhdGlv bnMgY291bGQgYXNzZXNzIGRldmljZSBsb2NhdGlvbiBmZXRjaGluZyB0aGUgTUFDIGFkZHJlc3Nl cyBvZiBsb2NhbCBnYXRld2F5cy4gVGhpcmQgcGFydGllcyBjb3VsZCBhY2Nlc3MgbGluayBsb2Nh bCBpbmZvcm1hdGlvbiB0byBnYXRoZXIgaWRlbnRpdGllcyBvZiBkZXZpY2VzDQogYWNjZXNzaW5n IGEgcGFydGljdWxhciBuZXR3b3JrLiBTdWNoIGluZm9ybWF0aW9uIGlzIG9mdGVuIHByb3RlY3Rl ZCBieSBwcml2YWN5IEFQSSBpbiB0aGUgT3BlcmF0aW5nIFN5c3RlbSwgYnV0IGFjY2Vzc2luZyB0 aGUgWWFuZyBtb2R1bGUgb3ZlciB0aGUgbmV0d29yayBtaWdodCBhbGxvdyBhcHBsaWNhdGlvbnMg dG8gYnlwYXNzIHRoZXNlIGNvbnRyb2xzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDsgQ2xpZW50IGF1dGhlbnRpY2F0aW9uIGFsb25lIGRvZXMgbm90IG5lY2Vzc2FyaWx5IHByb3Rl Y3QgYWdhaW5zdCB0aGVzZSBwcml2YWN5IGxlYWtzLiBBIGNsYXNzaWMgY29uZmlndXJhdGlvbiBl cnJvciB3b3VsZCBsaW1pdCB3cml0ZSBhY2Nlc3MgdG8gYXV0aG9yaXplZCB1c2VycywgYnV0IHRv IGFsbG93IHJlYWQtb25seSBhY2Nlc3MgdG8gbW9zdCB1c2Vycy4gVGhpcw0KIGtpbmQgb2YgZXJy b3Igd291bGQgYWxsb3cgcHJpdmFjeSBsZWFrcy4gR2l2ZW4gdGhlIHNlbnNpdGl2ZSBuYXR1cmUg b2YgTUFDIGFkZHJlc3NlcyBhbmQgb3RoZXIgaWRlbnRpZmllcnMsIGl0IGlzIHVzZWZ1bCB0byB3 YXJuIGFnYWluc3Qgc3VjaCBlcnJvcnMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxz cGFuIGxhbmc9IkVOLVVTIj4mZ3Q7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsmbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PjxzcGFuIGxhbmc9IkVOLVVTIj4mZ3Q7IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgaTJycyBtYWlsaW5nIGxpc3Q8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+ Jmd0OyA8YSBocmVmPSJtYWlsdG86aTJyc0BpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndp bmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPmkycnNAaWV0Zi5vcmc8L3NwYW4+PC9hPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mZ3Q7IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vaTJycyI+DQo8c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246 bm9uZSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pMnJzPC9zcGFuPjwv YT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+Jmd0OyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvYmxvY2txdW90 ZT4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_B8F9A780D330094D99AF023C5877DABAAD7BE6C3dggeml531mbschi_-- From nobody Sat Jun 27 09:18:13 2020 Return-Path: X-Original-To: i2rs@ietfa.amsl.com Delivered-To: i2rs@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D04923A0821 for ; Sat, 27 Jun 2020 09:17:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.888 X-Spam-Level: X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4sVUbJzzZvhT for ; Sat, 27 Jun 2020 09:17:54 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E2393A0802 for ; Sat, 27 Jun 2020 09:17:53 -0700 (PDT) Received: from xse254.mail2web.com ([66.113.196.254] helo=xse.mail2web.com) by mx14.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1jpDWQ-0004Iv-QZ for i2rs@ietf.org; Sat, 27 Jun 2020 18:17:50 +0200 Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 49vJnK336Yz2ZRN for ; Sat, 27 Jun 2020 09:17:41 -0700 (PDT) Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1jpDWP-0006FU-7Z for i2rs@ietf.org; Sat, 27 Jun 2020 09:17:41 -0700 Received: (qmail 7994 invoked from network); 27 Jun 2020 16:17:40 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.153]) (envelope-sender ) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 27 Jun 2020 16:17:40 -0000 To: Qin Wu , Susan Hares , "secdir@ietf.org" Cc: "i2rs@ietf.org" , "draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org" , NETMOD Group , "last-call@ietf.org" References: From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: <90a9ffa5-4db7-fdaf-5a55-48ed2745bde0@huitema.net> Date: Sat, 27 Jun 2020 09:17:39 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------A3510C022F77668DCEC42238" Content-Language: en-US X-Originating-IP: 66.113.196.254 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.196.254/32 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.254/32@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0f6LF1GdvkEexklpcFpSF5apSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDU1aob+exlALJps7Lzuw5NLgN zB/4Jkrw1eDLcif59ftUjR6wuRiqVZ10mayu/1rZ+rYZvu7UEJiU3s27VgKHO7lwS3dBJTnTxDoD vBGGxpgwWbxrOZCJSMpTl/yE2fo2wVN19L7+HpOQTYxMY+AoxQZ6weYgSzquK2hxskqXvy8woCTx LKweTbuJ+19zsyHVGVmhMAaQ/AfCRwRe7yHm5oY+NYmsSGn+svMubxnbgm1cr18FZBEPC2/c16Xd 7sC9aC4xteE1WLqGS9YoqrsZ2DyteN0e+ECCv9/f+GPymkgDVo7QBKA4MctKq4ifYPcXFRL2K3LA EfDXVOdt7wDbusYnuEVWSxKMHbU0zkNM3EElFDaoLuOPKc8gc82pKfhB7T02ZXdoQxMs//iOE4Fl hiCv9TR+UxzLZWL8hwGBjhoI3W+YcuHfP5PkZb5A+wE5qGdpH54Oa3V8I76VOEvlwLCanpZsarZa LIRpEqA8mZEwWcPoaRBqQ28Cyw5TTd3Tznbr/iPR0U8WqNWDtD9jyfHFc9tVi614cnRbnL0tzV9X dU571qBU/d2sq9m7FB7HFod3/PybrGCFhu0/G2xhnGkvZ+pWP1s35neRYWMQUWZErSs0X3oyoTc8 j/o7qulxl9HUMOvZkeNp2fpKbDmnVGre/hsBBxzR0ZxLcHZ9dOjYiLlGFZl9C5ThG9mlnyxnQzYz IE5q2+yrLuhv7kNPiAEH5tktsnhMr4gG+2qXrJ1naxDP6DybgbEEPGfx07Ug9R/2gMGq0KWAzmMf +ibVDpdplkxcBm4XM6d7s4Bx3w1WbaUe4g0kgaInvdEp64qlVpe//bVkg87Xe61e30HXuSERbInM iTBIUBbQ/Dy6Ip4D1rnEhdYtY/lMQX5s39oH5ijcGdSK77ViXbmzTYWgl82XucjoLWQ7++7jcUS/ T5w= X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [i2rs] [Last-Call] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13 X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 16:18:10 -0000 This is a multi-part message in MIME format. --------------A3510C022F77668DCEC42238 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Works for me. Thank you. -- Christian Huitema On 6/26/2020 11:26 PM, Qin Wu wrote: > > Thanks Christian for clarification, here is the tweaked text to > address your comment, which is positioned right after the discussion > about writable/creatable/deletable attributes. > > *NEW TEXT:* > > “ > > 6.  Security Considerations > >   > >    The YANG module specified in this document defines a schema for data > >    that is designed to be accessed via network management protocols such > >    as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer > >    is the secure transport layer, and the mandatory-to-implement secure > >    transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer > >    is HTTPS, and the mandatory-to-implement secure transport is TLS > >    [RFC8446]. > >   > >    The Network Configuration Access Control Model (NACM) [RFC8341] > >    provides the means to restrict access for particular NETCONF or > >   > >    RESTCONF users to a preconfigured subset of all available NETCONF or > >    RESTCONF protocol operations and content. > >   > >    The Layer 2 topology module define information that can be > >    configurable in certain instances, for example in the case of virtual > >    topologies that can be created by client applications.  In such > >    cases, a malicious client could introduce topologies that are > >    undesired.  Specifically, a malicious client could attempt to remove > >    or add a node, a link, a termination point, by creating or deleting > >    corresponding elements in the node, link, and termination point > >    lists, respectively.  In the case of a topology that is learned, the > >    server will automatically prohibit such misconfiguration attempts. > >    In the case of a topology that is configured, i.e. whose origin is > >    "intended", the undesired configuration could become effective and be > >    reflected in the operational state datastore, leading to disruption > >    of services provided via this topology might be disrupted.  For those > >    reasons, it is important that the NETCONF access control model is > >    vigorously applied to prevent topology misconfiguration by > >    unauthorized clients. > >   > >    There are a number of data nodes defined in this YANG module that are > >    writable/creatable/deletable (i.e., config true, which is the > >    default).  These data nodes may be considered sensitive or vulnerable > >    in some network environments.  Write operations (e.g., edit-config) > >    to these data nodes without proper protection can have a negative > >    effect on network operations.  These are the subtrees and data nodes > >    and their sensitivity/vulnerability in the ietf-network module: > >   > >    o  l2-network-attributes: A malicious client could attempt to > >       sabotage the configuration of any of the contained attributes, > >       such as the name or the flag data nodes. > >   > >    o  l2-node-attributes: A malicious client could attempt to sabotage > >       the configuration of important node attributes, such as the name > >       or the management-address. > >   > >    o  l2-link-attributes: A malicious client could attempt to sabotage > >       the configuration of important link attributes, such as the rate > >       or the delay data nodes. > >   > >    o  l2-termination-point-attributes: A malicious client could attempt > >       to sabotage the configuration of important termination point > >       attributes, such as the maximum-frame-size. > >   > > *Some of the readable data nodes in this YANG module may be considered * > > *sensitive or vulnerable in some network environments. It is thus >  important to control * > > *read access (e.g., via get, get-config, or notification) to these > data nodes. In particular, the * > > *YANG model for layer 2 topology may expose sensitive information, for > example the MAC * > > *addresses of devices. Unrestricted use of such information can lead > to privacy violations. * > > *For example, listing MAC addresses in a network allows monitoring of > devices and their * > > *movements. Location information can be derived from MAC addresses of > network devices, * > > *bypassing protection of location information by the Operating System. * > >   > > ” > > Thanks. > >   > > -Qin > > *发件人:*Christian Huitema [mailto:huitema@huitema.net] > *发送时间:*2020年6月26日22:55 > *收件人:*Qin Wu ; Susan Hares ; > secdir@ietf.org > *抄送:*i2rs@ietf.org; > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; > last-call@ietf.org; NETMOD Group > *主题:*Re: [Last-Call] [i2rs] Secdir last call review of > draft-ietf-i2rs-yang-l2-network-topology-13 > >   > > I like variant B better, although I would not single out the mac > addresses in the "sabotage" warning. > > My main concern is that network administrators will naturally be very > concerned about information that is writable/creatable/deletable, > because they understand the impact on the management of their network. > However, they are not so concerned with read-only access, because > reading information does not directly affect the operation of the > network. My whole point is telling them, "you are documenting your L2 > topology, it contains sensitive information, make sure that reading it > is protected, not just writing it". > > I agree that NETCONF and RESTCONF provide the right tools for > protecting the information. My request is just to clearly tell network > administrators to use these tools, do not leave read access wide open! > > -- Christian Huitema > > On 6/26/2020 4:37 AM, Qin Wu wrote: > > Hi, Christian: > > 1.       NACM defined in RFC8341 has already provided mechanisms > to restrict access to sensitive information to a minimal list of > authorized client or agents and deal with privacy issue if my > understanding is correct. > > 2.       Both NETCONF and RESTCONF will rely on transport protocol > such as TLS to provide client authentication and server > authentication, i.e., mutual authentication. > > 3.       The YANG security guideline defined in > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines > > Provide perfect boilerplate to address both security consideration > and privacy consideration. > > My original proposal A to address your comments is: > > OLD TEXT: > > " > >    There are a number of data nodes defined in this YANG module > that are > >    writable/creatable/deletable (i.e., config true, which is the > >    default).  These data nodes may be considered sensitive or > vulnerable > >    in some network environments.  Write operations (e.g., edit-config) > >    to these data nodes without proper protection can have a negative > >    effect on network operations.  These are the subtrees and data > nodes > >    and their sensitivity/vulnerability in the ietf-network module: > >   > >    o  l2-network-attributes: A malicious client could attempt to > >       sabotage the configuration of any of the contained attributes, > >       such as the name or the flag data nodes. > >   > >    o  l2-node-attributes: A malicious client could attempt to sabotage > >       the configuration of important node attributes, such as the name > >       or the management-address. > >   > >    o  l2-link-attributes: A malicious client could attempt to sabotage > >       the configuration of important link attributes, such as the rate > >       or the delay data nodes. > >   > >    o  l2-termination-point-attributes: A malicious client could > attempt > >       to sabotage the configuration of important termination point > >       attributes, such as the maximum-frame-size. > > " > > NEW TEXT: > > " > >    There are a number of data nodes defined in this YANG module > that are > >    writable/creatable/deletable (i.e., config true, which is the > >    default).  These data nodes may be considered sensitive or > vulnerable > >    in some network environments.  Write operations (e.g., edit-config) > >    to these data nodes without proper protection can have a negative > >    effect on network operations.  These are the subtrees and data > nodes > >    and their sensitivity/vulnerability in the ietf-network module: > >   > >    o  l2-network-attributes: A malicious client could attempt to > >       sabotage the configuration of any of the contained attributes, > >       such as the name or the flag data nodes. > >   > >    o  l2-node-attributes: A malicious client could attempt to sabotage > >       the configuration of important node attributes, such as the name > >       ,the management-address *or mac address of the devices*. > >   > >    o  l2-link-attributes: A malicious client could attempt to sabotage > >       the configuration of important link attributes, such as the rate > >       or the delay data nodes. > >   > >   o  l2-termination-point-attributes: A malicious client could attempt > >       to sabotage the configuration of important termination point > >       attributes, such as the maximum-frame-size, *mac-address*. > > " > >   > > With your proposed text, we could have the following proposal > changes (Proposal B): > > OLD TEXT: > > " > > 6.  Security Considerations > >   > >    The YANG module specified in this document defines a schema for > data > >    that is designed to be accessed via network management > protocols such > >    as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF > layer > >    is the secure transport layer, and the mandatory-to-implement > secure > >    transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF > layer > >    is HTTPS, and the mandatory-to-implement secure transport is TLS > >    [RFC8446]. > >   > >    The Network Configuration Access Control Model (NACM) [RFC8341] > >    provides the means to restrict access for particular NETCONF or > >   > >    RESTCONF users to a preconfigured subset of all available > NETCONF or > >    RESTCONF protocol operations and content. > >   > >    In general, Layer 2 network topologies are system-controlled and > >    provide ephemeral topology information.  In an NMDA-complient > server, > >    they are only part of which provides read-only access > >    to clients, they are less vulnerable.  That said, the YANG module > >    does in principle allow information to be configurable. > >   > >    The Layer 2 topology module define information that can be > >    configurable in certain instances, for example in the case of > virtual > >    topologies that can be created by client applications.  In such > >    cases, a malicious client could introduce topologies that are > >    undesired.  Specifically, a malicious client could attempt to > remove > >    or add a node, a link, a termination point, by creating or deleting > >    corresponding elements in the node, link, and termination point > >    lists, respectively.  In the case of a topology that is > learned, the > >    server will automatically prohibit such misconfiguration attempts. > >    In the case of a topology that is configured, i.e. whose origin is > >    "intended", the undesired configuration could become effective > and be > >    reflected in the operational state datastore, leading to disruption > >    of services provided via this topology might be disrupted.  For > those > >    reasons, it is important that the NETCONF access control model is > >    vigorously applied to prevent topology misconfiguration by > >    unauthorized clients. > >   > >    There are a number of data nodes defined in this YANG module > that are > >    writable/creatable/deletable (i.e., config true, which is the > >    default).  These data nodes may be considered sensitive or > vulnerable > >    in some network environments.  Write operations (e.g., edit-config) > >    to these data nodes without proper protection can have a negative > >    effect on network operations.  These are the subtrees and data > nodes > >    and their sensitivity/vulnerability in the ietf-network module: > >   > >    o  l2-network-attributes: A malicious client could attempt to > >       sabotage the configuration of any of the contained attributes, > >       such as the name or the flag data nodes. > >   > >    o  l2-node-attributes: A malicious client could attempt to sabotage > >       the configuration of important node attributes, such as the name > >       or the management-address. > >   > >    o  l2-link-attributes: A malicious client could attempt to sabotage > >       the configuration of important link attributes, such as the rate > >       or the delay data nodes. > >   > >    o  l2-termination-point-attributes: A malicious client could > attempt > >       to sabotage the configuration of important termination point > >       attributes, such as the maximum-frame-size. > > " > > NEW TEXT: > > " > > 6.  Security Considerations > >   > >    The YANG module specified in this document defines a schema for > data > >    that is designed to be accessed via network management > protocols such > >    as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF > layer > >    is the secure transport layer, and the mandatory-to-implement > secure > >    transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF > layer > >    is HTTPS, and the mandatory-to-implement secure transport is TLS > >    [RFC8446]. > >   > >    The Network Configuration Access Control Model (NACM) [RFC8341] > >    provides the means to restrict access for particular NETCONF or > >    RESTCONF users to a preconfigured subset of all available > NETCONF or > >    RESTCONF protocol operations and content. > >   > >    In general, Layer 2 network topologies are system-controlled and > >    provide ephemeral topology information.  In an NMDA-complient > server, > >    they are only part of which provides read-only access > >    to clients, they are less vulnerable.  That said, the YANG module > >    does in principle allow information to be configurable. > >   > >    The Layer 2 topology module define information that can be > >    configurable in certain instances, for example in the case of > virtual > >    topologies that can be created by client applications.  In such > >    cases, a malicious client could introduce topologies that are > >    undesired.  Specifically, a malicious client could attempt to > remove > >    or add a node, a link, a termination point, by creating or deleting > >    corresponding elements in the node, link, and termination point > >    lists, respectively.  In the case of a topology that is > learned, the > >    server will automatically prohibit such misconfiguration attempts. > >    In the case of a topology that is configured, i.e. whose origin is > >    "intended", the undesired configuration could become effective > and be > >    reflected in the operational state datastore, leading to disruption > >    of services provided via this topology might be disrupted.  For > those > >    reasons, it is important that the NETCONF access control model is > >    vigorously applied to prevent topology misconfiguration by > >    unauthorized clients. > >   > > *  The YANG model for layer 2 topology may expose sensitive > information, * > > *  for example the MAC addresses of devices. Unrestricted use of > such information * > > *   can lead to privacy violations. For example, listing MAC > addresses in a network * > > *   allows monitoring of devices and their movements. Location > information can be derived* > > *   from MAC addresses of network devices, bypassing protection of > location information by * > > *   the Operating System. Deployments should mitigate this privacy > concerns by limiting access * > > *   to the layer 2 topology information. Access to the information > should be restricted to a * > > *   minimal list of authorized clients, and should also require > proper authentication of these clients.* > >   > >    There are a number of data nodes defined in this YANG module > that are > >    writable/creatable/deletable (i.e., config true, which is the > >    default).  These data nodes may be considered sensitive or > vulnerable > >    in some network environments.  Write operations (e.g., edit-config) > >    to these data nodes without proper protection can have a negative > >    effect on network operations.  These are the subtrees and data > nodes > >    and their sensitivity/vulnerability in the ietf-network module: > >   > >    o  l2-network-attributes: A malicious client could attempt to > >       sabotage the configuration of any of the contained attributes, > >       such as the name or the flag data nodes. > >   > >    o  l2-node-attributes: A malicious client could attempt to sabotage > >       the configuration of important node attributes, such as the name > >       ,the management-address, *mac-address of the devices*. > >   > >    o  l2-link-attributes: A malicious client could attempt to sabotage > >       the configuration of important link attributes, such as the rate > >       or the delay data nodes. > >   > >    o  l2-termination-point-attributes: A malicious client could > attempt > >       to sabotage the configuration of important termination point > >       attributes, such as the maximum-frame-size, *mac-address*. > > " > > The question is do you think proposal with yang security > boilterplate has already addressed your comments > > Or you think we should emphasize how privacy issue can be > addressed by NACM and client authentication is needed? > >   > > -Qin > > -----邮件原件----- > 发件人: Christian Huitema [mailto:huitema@huitema.net] > 发送时间: 2020年6月26日12:05 > 收件人: Susan Hares ; Qin > Wu ; > secdir@ietf.org > 抄送: i2rs@ietf.org ; > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > last-call@ietf.org > 主题: Re: [Last-Call] [i2rs] Secdir last call review of > draft-ietf-i2rs-yang-l2-network-topology-13 > >   > > How about adding something like this: > >   > > Privacy Considerations > >   > > The Yang model for layer 2 topology exposes privacy sensitive > information, for example the MAC addresses of devices. > Unrestricted use of such information can lead to privacy > violations. For example, listing MAC addresses in a network allows > monitoring of devices and their movements. Location information > can be derived from MAC addresses of network devices, bypassing > protection of location information by the Operating System. > >   > > Deployments should mitigate this privacy concerns by limiting > access to the layer 2 topology information. Access to the > information should be restricted to a minimal list of authorized > agents, and should require proper authentication of these agents. > >   > > -- Christian Huitema > >   > > On 6/25/2020 7:00 AM, Susan Hares wrote: > > > Qin and Christian: > > >  > > > Thank you for your prompt attention to the privacy issue.  > > > I'm sure Christian will respond in a bit - since he might be in PDT > time-zone. > > >  > > > Once you have a solution you both like, we should validate the privacy > > > changes to the security considerations section with the Yang-doctors, > > > OPS-ADs, and Security-ADs. > > >  > > > Martin's watching this thread so I'm sure he'll help us out as well. > > >  > > > Sue > > >  > > > -----Original Message----- > > > From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu > > > Sent: Thursday, June 25, 2020 9:25 AM > > > To: Susan Hares; 'Christian Huitema'; secdir@ietf.org > > > Cc: i2rs@ietf.org ; > > > draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > > > last-call@ietf.org > > > Subject: Re: [i2rs] Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >  > > > Sue and Christian: > > > I have responded to Christian on privacy issue, my proposal is to add > MAC address as another data node vulnerability example in our > original security consideration section. > > > But If Christian or security directorate has recommending text, we > authors are happy to accept it. > > >  > > > -Qin > > > -----邮件原件----- > > > 发件人: Susan Hares [mailto:shares@ndzh.com] > > > 发送时间: 2020年6月25日21:04 > > > 收件人: 'Christian Huitema' >; secdir@ietf.org > > > > 抄送: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > > > i2rs@ietf.org ; last-call@ietf.org > > > > 主题: RE: Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >  > > > Christian: > > >  > > > Thank you for catching the privacy issues.      > > >  > > > I've got a few questions to help the authors scope this change: > > >  > > > 1) Since this is common to all L2 Topologies, can you or the security > directorate recommend some text that might be appropriate? > > >    If you have recommended text, has this text been reviewed by OPS-DIR and Yang > doctors? > > >  > > > 2) Will it be a problem If we write privacy considerations on IEEE specifications? > > > 3) Do we need to consider the range of deployments of L2 (home, > > > enterprise,  public PBB service, national PBB service, Data centers) > > >  > > >  > > > Thank you,  Sue > > >  > > >  > > > -----Original Message----- > > > From: Christian Huitema via Datatracker [mailto:noreply@ietf.org] > > > Sent: Thursday, June 25, 2020 1:01 AM > > > To: secdir@ietf.org > > > Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org > ; > > > i2rs@ietf.org ; last-call@ietf.org > > > > Subject: Secdir last call review of > > > draft-ietf-i2rs-yang-l2-network-topology-13 > > >  > > > Reviewer: Christian Huitema > > > Review result: Has Issues > > >  > > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG.  These comments were written with the intent of improving > security requirements and considerations in IETF drafts.  Comments > not addressed in last call may be included in AD reviews during > the IESG review.  Document editors and WG chairs should treat > these comments just like any other last call comments. > > >  > > > This document describes a Yang model for representing Link Layer topologies. > > > Representing such topologies is obviously useful for managing network. > > > The security section is focused on securing the usage of this information for > network management, but does not address potential privacy issues. > > >  > > > The security considerations explain correctly how altering the link layer > information could enable attacks against the network. The proposed > remedy is access control, implemented using either SSH or TLS. > This is fine, although the discussion of TLS authorisation is a > bit short. By default, TLS verifies the identity of the server but > not that of the client. RFC8040 section 2.5 specifies that "a > RESTCONF server SHOULD require authentication based on TLS client > certificates. I assume that's the intent, but it might be useful > to say so. > > >  > > > On the other hand, the security considerations do not describe privacy issues, > and I find that problematic. The proposed information model lists > a number of sensitive data, such as for example the MAC addresses > of devices. > > > This information can be misused. For example, applications could > assess device location fetching the MAC addresses of local > gateways. Third parties could access link local information to > gather identities of devices accessing a particular network. Such > information is often protected by privacy API in the Operating > System, but accessing the Yang module over the network might allow > applications to bypass these controls. > > >  > > > Client authentication alone does not necessarily protect against these > privacy leaks. A classic configuration error would limit write > access to authorized users, but to allow read-only access to most > users. This kind of error would allow privacy leaks. Given the > sensitive nature of MAC addresses and other identifiers, it is > useful to warn against such errors. > > >  > > >  > > >  > > >  > > >  > > > _______________________________________________ > > > i2rs mailing list > > > i2rs@ietf.org > > > https://www.ietf.org/mailman/listinfo/i2rs > > >  > > --------------A3510C022F77668DCEC42238 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Works for me. Thank you.

-- Christian Huitema

On 6/26/2020 11:26 PM, Qin Wu wrote:

Thanks Christian for clarification, here is the tweaked text to address your comment, which is positioned right after the discussion about writable/creatable/deletable attributes.

NEW TEXT:

6.  Security Considerations

 

   The YANG module specified in this document defines a schema for data

   that is designed to be accessed via network management protocols such

   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer

   is the secure transport layer, and the mandatory-to-implement secure

   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer

   is HTTPS, and the mandatory-to-implement secure transport is TLS

   [RFC8446].

 

   The Network Configuration Access Control Model (NACM) [RFC8341]

   provides the means to restrict access for particular NETCONF or

 

   RESTCONF users to a preconfigured subset of all available NETCONF or

   RESTCONF protocol operations and content.

 

   The Layer 2 topology module define information that can be

   configurable in certain instances, for example in the case of virtual

   topologies that can be created by client applications.  In such

   cases, a malicious client could introduce topologies that are

   undesired.  Specifically, a malicious client could attempt to remove

   or add a node, a link, a termination point, by creating or deleting

   corresponding elements in the node, link, and termination point

   lists, respectively.  In the case of a topology that is learned, the

   server will automatically prohibit such misconfiguration attempts.

   In the case of a topology that is configured, i.e. whose origin is

   "intended", the undesired configuration could become effective and be

   reflected in the operational state datastore, leading to disruption

   of services provided via this topology might be disrupted.  For those

   reasons, it is important that the NETCONF access control model is

   vigorously applied to prevent topology misconfiguration by

   unauthorized clients.

 

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      or the management-address.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size.

 

Some of the readable data nodes in this YANG module may be considered

sensitive or vulnerable in some network environments. It is thus  important to control

read access (e.g., via get, get-config, or notification) to these data nodes. In particular, the

YANG model for layer 2 topology may expose sensitive information, for example the MAC

addresses of devices. Unrestricted use of such information can lead to privacy violations.

For example, listing MAC addresses in a network allows monitoring of devices and their

movements. Location information can be derived from MAC addresses of network devices,

bypassing protection of location information by the Operating System.

 

Thanks.

 

-Qin

发件人: Christian Huitema [mailto:huitema@huitema.net]
发送时间: 2020626 22:55
收件人: Qin Wu <bill.wu@huawei.com>; Susan Hares <shares@ndzh.com>; secdir@ietf.org
抄送: i2rs@ietf.org; draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; last-call@ietf.org; NETMOD Group <netmod@ietf.org>
主题: Re: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13

 

I like variant B better, although I would not single out the mac addresses in the "sabotage" warning.

My main concern is that network administrators will naturally be very concerned about information that is writable/creatable/deletable, because they understand the impact on the management of their network. However, they are not so concerned with read-only access, because reading information does not directly affect the operation of the network. My whole point is telling them, "you are documenting your L2 topology, it contains sensitive information, make sure that reading it is protected, not just writing it".

I agree that NETCONF and RESTCONF provide the right tools for protecting the information. My request is just to clearly tell network administrators to use these tools, do not leave read access wide open!

-- Christian Huitema

On 6/26/2020 4:37 AM, Qin Wu wrote:

Hi, Christian:

1.       NACM defined in RFC8341 has already provided mechanisms to restrict access to sensitive information to a minimal list of authorized client or agents and deal with privacy issue if my understanding is correct.

2.       Both NETCONF and RESTCONF will rely on transport protocol such as TLS to provide client authentication and server authentication, i.e., mutual authentication.

3.       The YANG security guideline defined in https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines

Provide perfect boilerplate to address both security consideration and privacy consideration.

My original proposal A to address your comments is:

OLD TEXT:

"

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      or the management-address.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size.

"

NEW TEXT:

"

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      ,the management-address or mac address of the devices.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

  o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size, mac-address.

"

 

With your proposed text, we could have the following proposal changes (Proposal B):

OLD TEXT:

"

6.  Security Considerations

 

   The YANG module specified in this document defines a schema for data

   that is designed to be accessed via network management protocols such

   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer

   is the secure transport layer, and the mandatory-to-implement secure

   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer

   is HTTPS, and the mandatory-to-implement secure transport is TLS

   [RFC8446].

 

   The Network Configuration Access Control Model (NACM) [RFC8341]

   provides the means to restrict access for particular NETCONF or

 

   RESTCONF users to a preconfigured subset of all available NETCONF or

   RESTCONF protocol operations and content.

 

   In general, Layer 2 network topologies are system-controlled and

   provide ephemeral topology information.  In an NMDA-complient server,

   they are only part of <operational> which provides read-only access

   to clients, they are less vulnerable.  That said, the YANG module

   does in principle allow information to be configurable.

 

   The Layer 2 topology module define information that can be

   configurable in certain instances, for example in the case of virtual

   topologies that can be created by client applications.  In such

   cases, a malicious client could introduce topologies that are

   undesired.  Specifically, a malicious client could attempt to remove

   or add a node, a link, a termination point, by creating or deleting

   corresponding elements in the node, link, and termination point

   lists, respectively.  In the case of a topology that is learned, the

   server will automatically prohibit such misconfiguration attempts.

   In the case of a topology that is configured, i.e. whose origin is

   "intended", the undesired configuration could become effective and be

   reflected in the operational state datastore, leading to disruption

   of services provided via this topology might be disrupted.  For those

   reasons, it is important that the NETCONF access control model is

   vigorously applied to prevent topology misconfiguration by

   unauthorized clients.

 

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      or the management-address.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size.

"

NEW TEXT:

"

6.  Security Considerations

 

   The YANG module specified in this document defines a schema for data

   that is designed to be accessed via network management protocols such

   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer

   is the secure transport layer, and the mandatory-to-implement secure

   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer

   is HTTPS, and the mandatory-to-implement secure transport is TLS

   [RFC8446].

 

   The Network Configuration Access Control Model (NACM) [RFC8341]

   provides the means to restrict access for particular NETCONF or

   RESTCONF users to a preconfigured subset of all available NETCONF or

   RESTCONF protocol operations and content.

 

   In general, Layer 2 network topologies are system-controlled and

   provide ephemeral topology information.  In an NMDA-complient server,

   they are only part of <operational> which provides read-only access

   to clients, they are less vulnerable.  That said, the YANG module

   does in principle allow information to be configurable.

 

   The Layer 2 topology module define information that can be

   configurable in certain instances, for example in the case of virtual

   topologies that can be created by client applications.  In such

   cases, a malicious client could introduce topologies that are

   undesired.  Specifically, a malicious client could attempt to remove

   or add a node, a link, a termination point, by creating or deleting

   corresponding elements in the node, link, and termination point

   lists, respectively.  In the case of a topology that is learned, the

   server will automatically prohibit such misconfiguration attempts.

   In the case of a topology that is configured, i.e. whose origin is

   "intended", the undesired configuration could become effective and be

   reflected in the operational state datastore, leading to disruption

   of services provided via this topology might be disrupted.  For those

   reasons, it is important that the NETCONF access control model is

   vigorously applied to prevent topology misconfiguration by

   unauthorized clients.

 

  The YANG model for layer 2 topology may expose sensitive information,

  for example the MAC addresses of devices. Unrestricted use of such information

   can lead to privacy violations. For example, listing MAC addresses in a network

   allows monitoring of devices and their movements. Location information can be derived

   from MAC addresses of network devices, bypassing protection of location information by

   the Operating System. Deployments should mitigate this privacy concerns by limiting access

   to the layer 2 topology information. Access to the information should be restricted to a

   minimal list of authorized clients, and should also require proper authentication of these clients.

 

   There are a number of data nodes defined in this YANG module that are

   writable/creatable/deletable (i.e., config true, which is the

   default).  These data nodes may be considered sensitive or vulnerable

   in some network environments.  Write operations (e.g., edit-config)

   to these data nodes without proper protection can have a negative

   effect on network operations.  These are the subtrees and data nodes

   and their sensitivity/vulnerability in the ietf-network module:

 

   o  l2-network-attributes: A malicious client could attempt to

      sabotage the configuration of any of the contained attributes,

      such as the name or the flag data nodes.

 

   o  l2-node-attributes: A malicious client could attempt to sabotage

      the configuration of important node attributes, such as the name

      ,the management-address, mac-address of the devices.

 

   o  l2-link-attributes: A malicious client could attempt to sabotage

      the configuration of important link attributes, such as the rate

      or the delay data nodes.

 

   o  l2-termination-point-attributes: A malicious client could attempt

      to sabotage the configuration of important termination point

      attributes, such as the maximum-frame-size, mac-address.

"

The question is do you think proposal with yang security boilterplate has already addressed your comments

Or you think we should emphasize how privacy issue can be addressed by NACM and client authentication is needed?

 

-Qin

-----邮件原件-----
发件人: Christian Huitema [mailto:huitema@huitema.net]
发送时间: 2020626 12:05
收件人: Susan Hares <shares@ndzh.com>; Qin Wu <bill.wu@huawei.com>; secdir@ietf.org
抄送: i2rs@ietf.org; draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org; last-call@ietf.org
主题: Re: [Last-Call] [i2rs] Secdir last call review of draft-ietf-i2rs-yang-l2-network-topology-13

 

How about adding something like this:

 

Privacy Considerations

 

The Yang model for layer 2 topology exposes privacy sensitive information, for example the MAC addresses of devices. Unrestricted use of such information can lead to privacy violations. For example, listing MAC addresses in a network allows monitoring of devices and their movements. Location information can be derived from MAC addresses of network devices, bypassing protection of location information by the Operating System.

 

Deployments should mitigate this privacy concerns by limiting access to the layer 2 topology information. Access to the information should be restricted to a minimal list of authorized agents, and should require proper authentication of these agents.

 

-- Christian Huitema

 

On 6/25/2020 7:00 AM, Susan Hares wrote:

> Qin and Christian:

> Thank you for your prompt attention to the privacy issue. 

> I'm sure Christian will respond in a bit - since he might be in PDT time-zone.

> Once you have a solution you both like, we should validate the privacy

> changes to the security considerations section with the Yang-doctors,

> OPS-ADs, and Security-ADs.

> Martin's watching this thread so I'm sure he'll help us out as well.

> Sue

> -----Original Message-----

> From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Qin Wu

> Sent: Thursday, June 25, 2020 9:25 AM

> To: Susan Hares; 'Christian Huitema'; secdir@ietf.org

> Cc: i2rs@ietf.org;

> draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> last-call@ietf.org

> Subject: Re: [i2rs] Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> Sue and Christian:

> I have responded to Christian on privacy issue, my proposal is to add MAC address as another data node vulnerability example in our original security consideration section.

> But If Christian or security directorate has recommending text, we authors are happy to accept it.

> -Qin

> -----邮件原件-----

> 发件人: Susan Hares [mailto:shares@ndzh.com]

> 发送时间: 2020625 21:04

> 收件人: 'Christian Huitema' <huitema@huitema.net>; secdir@ietf.org

> 抄送: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> i2rs@ietf.org; last-call@ietf.org

> 主题: RE: Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> Christian:

> Thank you for catching the privacy issues.     

> I've got a few questions to help the authors scope this change:

> 1) Since this is common to all L2 Topologies, can you or the security directorate recommend some text that might be appropriate?

>    If you have recommended text, has this text been reviewed by OPS-DIR and Yang doctors?

> 2) Will it be a problem If we write privacy considerations on IEEE specifications?

> 3) Do we need to consider the range of deployments of L2 (home,

> enterprise,  public PBB service, national PBB service, Data centers)

> Thank you,  Sue

> -----Original Message-----

> From: Christian Huitema via Datatracker [mailto:noreply@ietf.org]

> Sent: Thursday, June 25, 2020 1:01 AM

> To: secdir@ietf.org

> Cc: draft-ietf-i2rs-yang-l2-network-topology.all@ietf.org;

> i2rs@ietf.org; last-call@ietf.org

> Subject: Secdir last call review of

> draft-ietf-i2rs-yang-l2-network-topology-13

> Reviewer: Christian Huitema

> Review result: Has Issues

> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving security requirements and considerations in IETF drafts.  Comments not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

> This document describes a Yang model for representing Link Layer topologies.

> Representing such topologies is obviously useful for managing network.

> The security section is focused on securing the usage of this information for network management, but does not address potential privacy issues.

> The security considerations explain correctly how altering the link layer information could enable attacks against the network. The proposed remedy is access control, implemented using either SSH or TLS. This is fine, although the discussion of TLS authorisation is a bit short. By default, TLS verifies the identity of the server but not that of the client. RFC8040 section 2.5 specifies that "a RESTCONF server SHOULD require authentication based on TLS client certificates. I assume that's the intent, but it might be useful to say so.

> On the other hand, the security considerations do not describe privacy issues, and I find that problematic. The proposed information model lists a number of sensitive data, such as for example the MAC addresses of devices.

> This information can be misused. For example, applications could assess device location fetching the MAC addresses of local gateways. Third parties could access link local information to gather identities of devices accessing a particular network. Such information is often protected by privacy API in the Operating System, but accessing the Yang module over the network might allow applications to bypass these controls.

> Client authentication alone does not necessarily protect against these privacy leaks. A classic configuration error would limit write access to authorized users, but to allow read-only access to most users. This kind of error would allow privacy leaks. Given the sensitive nature of MAC addresses and other identifiers, it is useful to warn against such errors.

> _______________________________________________

> i2rs mailing list

> i2rs@ietf.org

> https://www.ietf.org/mailman/listinfo/i2rs


--------------A3510C022F77668DCEC42238-- From nobody Mon Jun 29 04:01:54 2020 Return-Path: X-Original-To: i2rs@ietf.org Delivered-To: i2rs@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A6A3A0D21; Mon, 29 Jun 2020 04:01:51 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: i2rs@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 7.5.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: i2rs@ietf.org Message-ID: <159342851158.26442.10451118179663979297@ietfa.amsl.com> Date: Mon, 29 Jun 2020 04:01:51 -0700 Archived-At: Subject: [i2rs] I-D Action: draft-ietf-i2rs-yang-l2-network-topology-14.txt X-BeenThere: i2rs@ietf.org X-Mailman-Version: 2.1.29 List-Id: "Interface to The Internet Routing System \(IRS\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2020 11:01:52 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Interface to the Routing System WG of the IETF. Title : A YANG Data Model for Layer 2 Network Topologies Authors : Jie Dong Xiugang Wei Qin Wu Mohamed Boucadair Anders Liu Filename : draft-ietf-i2rs-yang-l2-network-topology-14.txt Pages : 35 Date : 2020-06-29 Abstract: This document defines a YANG data model for Layer 2 network topologies. In particular, this data model augments the generic network and network topology data models with Layer 2 specific topology attributes. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l2-network-topology/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-i2rs-yang-l2-network-topology-14 https://datatracker.ietf.org/doc/html/draft-ietf-i2rs-yang-l2-network-topology-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-i2rs-yang-l2-network-topology-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/