From nobody Mon Sep 4 23:38:10 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF22413236D for ; Mon, 4 Sep 2017 23:38:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9t1CE0CkDTQ for ; Mon, 4 Sep 2017 23:38:06 -0700 (PDT) Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB9D120727 for ; Mon, 4 Sep 2017 23:38:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 7D1F7200BD; Tue, 5 Sep 2017 08:38:03 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93C-LuYnYXw9; Tue, 5 Sep 2017 08:38:02 +0200 (CEST) Received: from mail-essen-02.secunet.de (mail-essen-02.secunet.de [10.53.40.205]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id EB0C120080; Tue, 5 Sep 2017 08:38:01 +0200 (CEST) Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id 14.03.0361.001; Tue, 5 Sep 2017 08:38:01 +0200 From: "Bruckert, Leonie" To: "Scott Fluhrer (sfluhrer)" , Cen Jung Tjhai , Valery Smyslov , 'Tero Kivinen' CC: "ipsec@ietf.org" Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2 Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ0CPEAgAekg4CAAJuwgIATv86AgAAjvgCAAD+7AIAVmK7Q Date: Tue, 5 Sep 2017 06:38:01 +0000 Message-ID: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <22922.55551.190123.31763@fireball.acr.fi> <006601d31b21$8d59ce20$a80d6a60$@gmail.com> <46593A80-1391-4849-9B57-D53EF08863FD@post-quantum.com> <11e11cdc7bac4e80aa1c3bcb3d5c18ef@XCH-RTP-006.cisco.com> In-Reply-To: <11e11cdc7bac4e80aa1c3bcb3d5c18ef@XCH-RTP-006.cisco.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-exclaimer-md-config: 2c86f778-e09b-4440-8b15-867914633a10 x-g-data-mailsecurity-for-exchange-state: 0 x-g-data-mailsecurity-for-exchange-error: 0 x-g-data-mailsecurity-for-exchange-sender: 23 x-g-data-mailsecurity-for-exchange-server: cbe3d3f7-b9e3-4256-b890-f24c4306a01c x-g-data-mailsecurity-for-exchange-guid: 0ED5D70B-24EF-463E-BC96-34318A3FFDA9 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 06:38:09 -0000 Hi, First, I want to emphasize that we (that is secunet) are highly interested = in this topic. Note that we already contributed to the discussion in Prague= (Kai Martius had a 5 minute slot). So what do we expect from a combined key exchange? I listed some high prior= ity issues which I assume we all agree on: - Protection against future quantum attackers - Agility (allow multiple quantum resistant algorithms in combination) - Maintaining security properties of IKEv2 - Backwards compatibility - Ability to process messages larger than 1500 Byte Additionally, it would be nice to also protect the identities i.e. to make = the AUTH exchange quantum resistant. Particularly with regard to the PPK dr= aft which doesn=92t assure this. I=92d like to draw the attention to another aspect associated to the NIST s= tandardization efforts and the assignment of IDs for post quantum algorithm= s. At present people refuse to specify post quantum algorithms and assign I= Ds officially =96 and they=92re justified in doing so, because these algori= thms are not sufficiently analyzed. On the other hand we somehow need to ad= dress the PQ algorithms now. How can we break the vicious circle? Temporari= ly provide IDs and adjust them later? Or just let the user assign IDs indiv= idually in the range that is reserved for private use?=20 Just imagine, NIST standardizes a set of well-studied PQ algorithms at some= day within the next 5 - 7 years. From that day forward there will be no ne= ed for a combined key exchange anymore and it should be possible to use PQ = algorithms in IKEv2. But it=92s likely that many implementations won=92t be= upgraded to perform a combined key exchange until then, so designing a pos= t quantum IKEv2 while guaranteeing backwards compatibility to two former ve= rsions would be the new challenge.=20 So I think we should modify IKEv2 in a way that not only offers a combined = key exchange, but also allows the transition from combined modes to the sol= ely use of PQ algorithms. I=92m aware that this is a difficult task and mig= ht possibly not be solvable at all. However, the anticipated short period o= f use of a combined key exchange demands a fast solution. I support Scott=92s approach to dynamically assign unused IDs. I came up wi= th a similar idea that makes use of (new) attributes but I think this one i= s simpler.=20 As I understand the main drawback of introducing a new transform type and t= hus negotiating PQ algorithms in the SA payload is (besides compatibility i= ssues) the fact that the key exchange is then limited to a combination of o= ne classical method and one PQ method. Whereas Scott=92s idea allows to com= bine multiple PQ algorithms. Regards, Leonie -----Urspr=FCngliche Nachricht----- Von: IPsec [mailto:ipsec-bounces@ietf.org] Im Auftrag von Scott Fluhrer (sf= luhrer) Gesendet: Dienstag, 22. August 2017 16:31 An: Cen Jung Tjhai; Valery Smyslov; 'Tero Kivinen' Cc: ipsec@ietf.org Betreff: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 > -----Original Message----- > From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Cen Jung Tjhai > Sent: Tuesday, August 22, 2017 6:43 AM > To: Valery Smyslov; 'Tero Kivinen' > Cc: ipsec@ietf.org > Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 >=20 > Hi >=20 > >> Well, that are valid reasons. However, what makes me uncomfortable is > >> that this design looks like yet another short-term (or medium-term) > >> solution. We already have > >> draft-fluhrer-qr-ikev2 that was declared as a temporary short-term > >> approach to countermeasure immediate threat until cryptography > >> science gives us new well-studied QC-proof primitives to replace > >> classic public key cryptography. Now it turns out that we don't have > >> primitives we are certain in (at least for key exchange), so we > >> decide to combine several different primitives (which we don't fully t= rust > in) with classic DH. That's a valid approach for transition to PQ cryptog= raphy, > but it doesn't look like long-term standard solution. >=20 > On our draft-00, one of the objectives is to deprecate DH key exchange in > the long-term future. Hence, we thought it would be neater to introduce a > new transform type and a new PQ key exchange payload (QSKE). The idea is > that when people are happy to drop KE payloads, they can use QSKE > payloads instead. Obviously, there are concerns with backward compatibili= ty > by introducing a new transform type, which I agree. If we look at the general problem, I see that there are three subproblems t= hat we need to solve: 1. How to introduce a postquantum key exchange to IKE 2. How to have the postquantum key exchange in addition to the classical (E= C)DH (so that we can't make security worse) 3. How to handle the greater-than-MTU payloads that are likely to result (and, of course, how to handle this all in a backwards-compatible way, whic= h minimizes additional complexity, and which allows us to deprecate traditi= onal DH Keyexchanges eventually). Much of our discussion has been on #3 (which is, indeed, the hardest of the= three), however I would like to discuss #1 and #2. Draft-00 solves #1 by adding a new payload type; one issue with this is, be= cause of the new transform type to negotiate it, existing IKE responders ma= y be confused by it. They do solve #2 for free (because it's in parallel w= ith the existing KE payloads). I would suggest a different way; instead of assigning a key payload type, w= e just issue new group descriptions for the postquantum key exchanges; the = traditional 2048 MODP group is 14; we might make NewHope number 32. One objection to this may to say "but, NewHope isn't a group"; actually, th= at's just terminology. As far as the protocol is concerned, all these key = exchanges do fundamentally the same thing; the initiator creates a payload = and sends it to the responder; the responder then generates a payload and s= ends it to the initiator; both sides do some computation and create a share= d secret (that someone in the middle cannot derive just seeing the payloads= ). There are distinctions between the key exchanges (sometimes the intiiat= or's and responder's keyshares are of different lengths; sometimes the resp= onder's keyshare is a function of the initiator's), but those are distincti= ons that the protocol doesn't have to care about. I would argue that this minimizes complexity (the protocol parts of IKE imp= lementations wouldn't have to change at all), and we have good backwards co= mpatibility (as existing IKE implementations already know how to deal with = groups they haven't heard of). However, as it stands, it doesn't address #= 2 at all. To solve that, I would suggest adding a way to exchange multiple groups in = parallel (and have the shared secret depend on all of them); that way, we c= an perform both an ECDH (so we're at least as secure as now) and a NewHope = exchange (so we have a potential to be secure against a quantum computer). = Ideally, we would be able to allow more than 2 (as some users might not wa= nt to trust just one of these new-fangled PQ key exchanges; it would be goo= d if we could give them the option, without adding much complexity on our s= ide). Here is one possible way to do this; we assign group descriptions 0x7f00-0x= 7fff (the high end of the IANA unassigned list) to be dynamically assigned = by the initiator. That is, the initiator could include a notify that may s= pecify "group 7f00 is really group 14 and group 32 concatinated", he can th= en include that within his policy (and the resulting key share would be the= group 14 and the group 32 key share concatenated); the responder can eithe= r accept this, or reject it in favor of another proposal (just as the curre= nt IKE allows fallback to other DH groups). The idea here is that we try to reuse as much of the existing KE protocol l= ogic (and security logic) as possible; by reusing this logic, we avoid addi= ng complexity, and we also rely on the same security logic that makes the c= urrent KE exchange safe. So, in summary, this idea: - Allows us to rely on postquantum key exchanges (once they have been defin= ed and accepted) - Allows us to also rely on traditional groups as well (so we don't make th= ings worse) - Is backwards compatible (in that someone proposing this to an unupgraded = responder will react in the expected way; either downgrading the key exchan= ge, or rejecting the key exchange, based on the initiator policy) - Allows a clean way to deprecate traditional groups in the future - Allows someone to rely on multiple postquantum key exchanges, should they= be paranoid. - Does all this while trying to minimize complexity (most of the changes in= the implementation will be in the crypto engine and the policy handling; t= hose would have to change in any such solution) Thoughts? Credit: this idea was worked out in conjunction with Oscar Garcia-Morchon, = Zhenfei Zhang and William Whyte; this idea applied to TLS can be found in d= raft-whyte-qsh-tls13=20 _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From nobody Tue Sep 5 06:02:48 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AC31329AB for ; Tue, 5 Sep 2017 06:02:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.12 X-Spam-Level: X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_B8cIWckpfE for ; Tue, 5 Sep 2017 06:02:45 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8583A1329AD for ; Tue, 5 Sep 2017 06:02:44 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v85D2XKV015395 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 5 Sep 2017 16:02:33 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v85D2W4N027656; Tue, 5 Sep 2017 16:02:32 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <22958.41064.866389.557847@fireball.acr.fi> Date: Tue, 5 Sep 2017 16:02:32 +0300 From: Tero Kivinen To: "Bruckert\, Leonie" Cc: "Scott Fluhrer \(sfluhrer\)" , Cen Jung Tjhai , Valery Smyslov , "ipsec\@ietf.org" In-Reply-To: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <22922.55551.190123.31763@fireball.acr.fi> <006601d31b21$8d59ce20$a80d6a60$@gmail.com> <46593A80-1391-4849-9B57-D53EF08863FD@post-quantum.com> <11e11cdc7bac4e80aa1c3bcb3d5c18ef@XCH-RTP-006.cisco.com> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 22 min X-Total-Time: 22 min Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 13:02:47 -0000 Bruckert, Leonie writes: > Additionally, it would be nice to also protect the identities i.e. > to make the AUTH exchange quantum resistant. Particularly with > regard to the PPK draft which doesn=E2=80=99t assure this. As we discussed earlier, some kind of pseudonym system might be better for this, especially as it works also for traditional authentication and Diffie-Hellman against active attacks (it does not work against attackers who can break Diffie-Hellman for traditional DH). I.e., in this case we do following exchange: Initiator Responder ------------------------------------------------------------------- HDR, SAi1, KEi, Ni --> <-- HDR, SAr1, KEr, Nr, [CERTREQ] HDR, SK {IDi(ID=5FPSEUDONYM,PNi), [CERT,] [CERTREQ,] AUTH, SAi2, TSi, TSr} --> <-- HDR, SK {IDr(ID=5FPSEUDONYM, PNr), [CERT,] AUTH,=20 SAr2, TSi, TSr} And after that we do pseudonym update exchange: HDR, SK {N(UPDATE=5FPSEUDONYM, PNi)} -> =09 =09=09=09<-- HDR, SK {} I.e., client will use completely random identity PNi (for example "SeDOELWhkvX03Xt1s9nh9g") and every time it suspects that identity might have leaked (i.e., it gets authentication failure, or IKE=5FAUTH times out, meaning there might have been active attacker on the link), it will update the pseudonym to new one. If we want to make it more complicated we could support multiple pseudonyms for the client, i.e., make pseudonym update work as follows: HDR, SK {N(CLEAR=5FPSEUDONUMS), =09 N(ADD=5FPSEUDONYM, PNi), =09 N(ADD=5FPSEUDONYM, PNi), =09 N(ADD=5FPSEUDONYM, PNi)} -> =09 =09=09=09<-- HDR, SK {} And server will associate those new pseudonyms to the same client until it does CLEAR=5FPSEUDONUMS again.=20 > I=E2=80=99d like to draw the attention to another aspect associated t= o the > NIST standardization efforts and the assignment of IDs for post > quantum algorithms. At present people refuse to specify post quantum > algorithms and assign IDs officially =E2=80=93 and they=E2=80=99re ju= stified in > doing so, because these algorithms are not sufficiently analyzed. On > the other hand we somehow need to address the PQ algorithms now. How > can we break the vicious circle=3F Temporarily provide IDs and adjust= > them later=3F Or just let the user assign IDs individually in the > range that is reserved for private use=3F =20 It depends what IDs you need. Most of the IDs in the IKEv2 are expert review, so you do not necessarely need any document to get one ID, but as an expert, I will usually require some kind of stable reference. On the other hand we do have interested people working on this in the IPsecME WG, so I think we should just wait for that work to either finish, or to die out because of lack of interest.=20 > Just imagine, NIST standardizes a set of well-studied PQ algorithms > at some day within the next 5 - 7 years. From that day forward there > will be no need for a combined key exchange anymore and it should be > possible to use PQ algorithms in IKEv2. But it=E2=80=99s likely that = many > implementations won=E2=80=99t be upgraded to perform a combined key e= xchange > until then, so designing a post quantum IKEv2 while guaranteeing > backwards compatibility to two former versions would be the new > challenge. Quite a lot of people are still using IKEv1, and IKEv2 RFC was published 2005, and IKEv1 has been obsoleted since... So it will take decade or two until people start updating their implementations... :-( > So I think we should modify IKEv2 in a way that not only offers a > combined key exchange, but also allows the transition from combined > modes to the solely use of PQ algorithms. I=E2=80=99m aware that this= is a > difficult task and might possibly not be solvable at all. However, > the anticipated short period of use of a combined key exchange > demands a fast solution.=20 I think that is something we should aim for, and I do not think it is impossible task to make. The tradeoffs are more in the case how badly will broken old IKEv2 implementations break when we define that extension...=20 > I support Scott=E2=80=99s approach to dynamically assign unused IDs. = I came > up with a similar idea that makes use of (new) attributes but I > think this one is simpler. =20 I think that is hack and we should aim for more generic and cleaner solution. Nobody will be adding support for the PQ algorithms without heavily modifying the code, thus adding new exchanges or changing the IKE=5FAUTH payloads is something we can do. We should try to keep IKE=5FSA=5FINIT compatible as much as possible, and hopefully negotiate= the use of the new features there, so we can be backwards compatible with old implementations. I mean if we are going to transfer several tens of kilobytes or even megabytes of keys inside IKE, adding one more round trip in that case is no longer an issue...=20 > As I understand the main drawback of introducing a new transform > type and thus negotiating PQ algorithms in the SA payload is > (besides compatibility issues) the fact that the key exchange is > then limited to a combination of one classical method and one PQ > method. Whereas Scott=E2=80=99s idea allows to combine multiple PQ > algorithms. Or we can just negotiate the traditional stuff in SA, and use notify to tell that we support PQ, and if we do support PQ, we do the intermediate exchange between IKE=5FSA=5FINIT and IKE=5FAUTH and exchan= ge our PQ stuff there, and do the negotiation of what kind of algorithms we use there. Making magic things with transform IDs might look like easy hack, but usually that will just cause more issues in long run, and might generate more code than making bigger, but cleaner change. --=20 kivinen@iki.fi From nobody Tue Sep 5 23:12:05 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE6C132339; Tue, 5 Sep 2017 23:11:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUC7qm-ijFZM; Tue, 5 Sep 2017 23:11:56 -0700 (PDT) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D91071241F3; Tue, 5 Sep 2017 23:11:55 -0700 (PDT) Received: by mail-wm0-x236.google.com with SMTP id u26so26780727wma.0; Tue, 05 Sep 2017 23:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:mime-version:to:cc:from:subject:date:importance :in-reply-to:references; bh=ReHT5rLEVxlr8QPwI0GWyJxgoiuou/EtgI85siFk5gc=; b=TaqPD8qfzsdpEESQzman3B0OBz+rwcm8u9cyChRA8IJ5sER47JlYJQrqvZJZEtPqf/ Qpjb9isUn1xLBkGdZYnS5qu3lMT0xZgHd0VbbtPAsEv/8fgaj2qY8ih964OT1q+Q6ISV +mupluYOeUpwLiYUwgjcBiUTp0e6DaF6GdAJfKCjHacR5sSyar6uRv9HL/yacsPvIVTv 7XBF/kInWqvLkQ9gvJeQSWiBA1iKDHch9s8IR4qlh2NceiQHO64wxzpPU7a+Jti5FGyU 3XpcHYiwR64Qwp2RT5D4uRB+JZt0QnNoAVXt6YtJZytk24lWzLiDusy/8SNqrM9oa2LS MDVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:mime-version:to:cc:from:subject:date :importance:in-reply-to:references; bh=ReHT5rLEVxlr8QPwI0GWyJxgoiuou/EtgI85siFk5gc=; b=LDhyz+HJH0LmNDRexDEHnH4XOSKUP9bmwKPm6Ir9fAiv8WZ+KHu2ax0Vb/bEHCYpLs 5fI3J/1+1j8QAS53jN+B3enn2DNbNn1gUCyNMFOC1Ip/vSE4QiI74Sh+zNCO2xz0yiG+ iZWgWGyTB42bKgmbwBrEqQGc2n86SRdAh/yEFtuSCzyEP33wcCB46qGbNxZIIEwHcmsI x9ruFC6tYoczgWVjqO4GEFJF7RK1G1V2AcNu42IMnhD82+uXLo6IBo0jnJmnzTp44rDo Y5NLDrsNRwiu9FHYxf7ihnrdu6HyRyL5rF6eAtXo2FsUMfN2k7D0JfttqqOZscuQTLWq owpQ== X-Gm-Message-State: AHPjjUjtLRbsky+1tcNf1icjJTHMJT2IVgkuj8UvmLGkW3GdD8H543AD ShKQ8pZ1S3DUhA== X-Google-Smtp-Source: ADKCNb5qxSOrr8V9zuCYnHSRMZOAquZOcrT0I1xusBWxRydwhY0Z3yLZ1pIfynpXtunCfuZpJa85Ig== X-Received: by 10.28.66.202 with SMTP id k71mr738808wmi.19.1504678314378; Tue, 05 Sep 2017 23:11:54 -0700 (PDT) Received: from ?IPv6:::ffff:10.209.9.1? ([176.12.224.109]) by smtp.gmail.com with ESMTPSA id b196sm233841wmd.43.2017.09.05.23.11.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Sep 2017 23:11:53 -0700 (PDT) Message-ID: <59af91a9.cd801c0a.cf48a.137f@mx.google.com> MIME-Version: 1.0 To: Michael Richardson Cc: "i2nsf@ietf.org" , IPsecME WG From: Yoav Nir Date: Wed, 6 Sep 2017 09:11:44 +0300 Importance: normal X-Priority: 3 In-Reply-To: References: <27246.1504662360@obiwan.sandelman.ca> <27407.1504662398@obiwan.sandelman.ca> Content-Type: multipart/alternative; boundary="_80489963-A7EA-499A-A6B8-0B238227030F_" Archived-At: Subject: Re: [IPsec] [I2nsf] interim tomorrow X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 06:11:58 -0000 --_80489963-A7EA-499A-A6B8-0B238227030F_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" And now it is=20 Sent from my Windows 10 phone From: Yoav Nir Sent: Wednesday, September 6, 2017 7:54 To: Michael Richardson Cc: i2nsf@ietf.org; ipsec-chairs@ietf.org Subject: Re: [I2nsf] interim tomorrow It can and it will. Later today=E2=80=A6 > On 6 Sep 2017, at 4:46, Michael Richardson wrote: >=20 > Maybe I should ask the i2nsf chairs instead. >=20 > Michael Richardson wrote: >> Could the agenda, which the IETF calendar links to at: >> https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials/age= nda-interim-2017-i2nsf-01-i2nsf-01 >=20 >> please include the webex/dialin/URL/etc. information? >> Thank you. >=20 >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 >=20 >=20 >=20 > -- > ] Never tell me the odds! | ipv6 mesh netwo= rks [ > ] Michael Richardson, Sandelman Software Works | network archite= ct [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails= [ >=20 > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf --_80489963-A7EA-499A-A6B8-0B238227030F_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

And now it is

 

Sent from my Windows 10 phone<= /p>

 

From: = Yoav Nir
Sent: Wednesd= ay, September 6, 2017 7:54
To: Michael Richardson
Cc: i2= nsf@ietf.org; ipsec-chairs@iet= f.org
Subject: Re: [I2nsf] interim tomorrow

 

It can and it will.<= /p>

 

Later tod= ay=E2=80=A6

 

> On 6 Sep 2017, at 4:46, Michael Richardson <mcr@sandelman.ca>= wrote:

>

> Maybe I = should ask the i2nsf chairs instead.

>

> Michael Richardson <mcr+ietf@sandelman.ca> wrote= :

>> Could the agenda, which the IETF calenda= r links to at:

>> https://datatracker.ietf.or= g/meeting/interim-2017-i2nsf-01/materials/agenda-interim-2017-i2nsf-01-i2ns= f-01

>

>> please = include the webex/dialin/URL/etc. information?

>= > Thank you.

>

>&= gt; --

>> Michael Richardson <mcr+IETF@san= delman.ca>, Sandelman Software Works

>> -= =3D IPv6 IoT consulting =3D-

>

>

>

>

>

>

> --

> ]=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Never tell me the= odds!=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 | ipv6 mesh networks [

= > ]=C2=A0=C2=A0 Michael Richardson, Sandelman Software Works=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0| network architect=C2=A0 [

> ]=C2=A0=C2=A0=C2=A0=C2=A0 mcr@sandelman.ca=C2=A0 http://www.sa= ndelman.ca/=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 ruby on= rails=C2=A0=C2=A0=C2=A0 [

>

> _______________________________________________

> I2nsf mailing list

> I2nsf@ietf.org=

> https://www.ietf.org/mailman/listinfo/i2nsf

 

 = ;

= --_80489963-A7EA-499A-A6B8-0B238227030F_-- From nobody Wed Sep 6 05:34:04 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1F5513292F for ; Wed, 6 Sep 2017 05:34:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLWy5avGNL0j for ; Wed, 6 Sep 2017 05:34:01 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 602FE1326BB for ; Wed, 6 Sep 2017 05:34:00 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml707-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOA08151; Wed, 06 Sep 2017 12:33:58 +0000 (GMT) Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 6 Sep 2017 13:33:51 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML701-CHM.china.huawei.com ([169.254.3.191]) with mapi id 14.03.0301.000; Wed, 6 Sep 2017 05:33:46 -0700 From: Linda Dunbar To: IPsecME WG Thread-Topic: [I2nsf] conference bridge for Sept 6 I2nsf Interim to discuss SDN-IPSec-flow protection Thread-Index: AdMnDEv+nNEOsmK7QhepVhWfuDX+ag== Date: Wed, 6 Sep 2017 12:33:44 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946F1E3@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.47.89.77] Content-Type: multipart/mixed; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.59AFEB37.001E, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: f6dcc5f470ecc0e8a9145397c358913d Archived-At: Subject: [IPsec] FW: [I2nsf] conference bridge for Sept 6 I2nsf Interim to discuss SDN-IPSec-flow protection X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 12:34:03 -0000 --_004_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_ Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_" --_000_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Linda Dunbar Sent: Wednesday, September 06, 2017 7:26 AM To: Michael Richardson ; i2nsf@ietf.org Cc: ipsec-chairs@ietf.org Subject: [I2nsf] conference bridge for Sept 6 I2nsf Interim Join WebEx meeting Meeting number (access code): 642 733 681 Host key: 121744 Meeting password: P5B3DUCM Join by phone 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Toll-free calling restrictions Can't join the meeting? Contact support. IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. You should inform all meeting attendees prior to re= cording if you intend to record the meeting. -----Original Message----- From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Michael Richardson Sent: Tuesday, September 05, 2017 8:47 PM To: i2nsf@ietf.org Cc: ipsec-chairs@ietf.org Subject: Re: [I2nsf] interim tomorrow Maybe I should ask the i2nsf chairs instead. Michael Richardson > wr= ote: > Could the agenda, which the IETF calendar links to at: > https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials/= agenda-interim-2017-i2nsf-01-i2nsf-01 > please include the webex/dialin/URL/etc. information? > Thank you. > -- > Michael Richardson >, Sandelman Software Works > -=3D IPv6 IoT consulting =3D- -- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | network architect= [ ] mcr@sandelman.ca http://www.sandelman.ca/ = | ruby on rails [ _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf --_000_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

&nbs= p;

From: I2nsf [mailto:i2nsf-bounces@ie= tf.org] On Behalf Of Linda Dunbar
Sent: Wednesday, September 06, 2017 7:26 AM
To: Michael Richardson <mcr@sandelman.ca>; i2nsf@ietf.org
Cc: ipsec-chairs@ietf.org
Subject: [I2nsf] conference bridge for Sept 6 I2nsf Interim

 

Meeting number (access code): 642 733 6= 81       

Host key: 121744   &nbs= p;    

Meeting password:   &nbs= p;   P5B3DUCM       

 


 
 
Join by phone=  
1-877-668-4493 Call-in toll free number (US/Canada) 
1-650-479-3208 Call-in toll number (US/Canada) 
Toll-free calling restrictions  


 
Can't join the meeting? Contact support.  
 
IMPORTANT NOTICE: Please note that this WebEx= service allows audio and other information sent during the session to be r= ecorded, which may be discoverable in a legal matter. You should inform all= meeting attendees prior to recording if you intend to record the meeting.

 

 =

-----Original Message-----
From: I2nsf [mailto:i2nsf-bounces= @ietf.org] On Behalf Of Michael Richardson
Sent: Tuesday, September 05, 2017 8:47 PM
To: i2nsf@ietf.org
Cc: ipsec-chairs@ietf.org
Subject: Re: [I2nsf] interim tomorrow

 

Maybe I should ask the i2nsf chairs instead.=

 =

Michael Richardson <mcr+ietf@sandelman.ca> wrote:

    > Could the agenda, which the= IETF calendar links to at:

 

    > please include the webex/di= alin/URL/etc. information?

    > Thank you.

 =

    > --

    > Michael Richardson <mcr+IETF@sandelman.ca>,= Sandelman Software Works

    > -=3D IPv6 IoT consulting = =3D-

 =

 =

 =

 =

 =

 =

--

]        &n= bsp;      Never tell me the odds!   = ;            &n= bsp; | ipv6 mesh networks [

]   Michael Richardson, Sandelman Softwar= e Works        | network architect = [

]     mcr@sandelman.ca  http://www.sandelman.ca/        |&nb= sp;  ruby on rails    [

 =

_______________________________________________

I2nsf mailing list

 

--_000_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_-- --_004_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_ Content-Type: text/plain; name="ATT00001.txt" Content-Description: ATT00001.txt Content-Disposition: attachment; filename="ATT00001.txt"; size=130; creation-date="Wed, 06 Sep 2017 12:26:45 GMT"; modification-date="Wed, 06 Sep 2017 12:26:45 GMT" Content-ID: <440EF136EC04084390B345A800A8BE55@huawei.com> Content-Transfer-Encoding: base64 X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkkybnNmIG1h aWxpbmcgbGlzdA0KSTJuc2ZAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vaTJuc2YNCg== --_004_4A95BA014132FF49AE685FAB4B9F17F65946F1E3SJCEML702CHMchi_-- From nobody Wed Sep 6 07:02:36 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C71C132FCA for ; Wed, 6 Sep 2017 07:02:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tKSvoH3UVHuV for ; Wed, 6 Sep 2017 07:02:33 -0700 (PDT) Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90282132FD3 for ; Wed, 6 Sep 2017 06:58:45 -0700 (PDT) Received: by mail-qt0-x229.google.com with SMTP id q8so15586448qtb.5 for ; Wed, 06 Sep 2017 06:58:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:date:organization:mime-version :content-transfer-encoding; bh=Af/HYE9e+ftN7ku0Lp/dFNt3bKYYqsvl3V2a/vMctog=; b=EBxc4m8hR5wm8EnF567r88YTcqxULXpu9nOFRwjNTHWUanSgnAlnCVKXqKzXj3Vzp8 FWN7PZ3RoyaEBL5fMbDrUy7H/gQeV+dWuktkBlEYIKxILWgK9iYQoiERU7mi0JIfRMIS 8PrBxLetuUzo3QvYAJbtCr8BMWp+7HoLXeUmHcElqSU4hgGx6ES7ZxM/JFzwUSLZTNuu MBwFj4Ci48PaTiRbdWRCg7wVIrMOZejGS13XKL6hE5UoUA+Ix4/rD2AWl20xKg9iTAcl HwE/Onu2rMXuGXqcgfSEz2/+jEImHINMVDFrrJm17j/4fCfKrmbc4YHuPqUQLoaAepo4 EMRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:organization :mime-version:content-transfer-encoding; bh=Af/HYE9e+ftN7ku0Lp/dFNt3bKYYqsvl3V2a/vMctog=; b=TX8Q7S4wW1Y7OsefD731egTw5UHqUcbxrd5hvsq/Sb20PrtyPsK0VeHd2d96bhHWeH XZBFTIXOeOvarJ427Bbc7ah7POuqyfVESaEUQInycI6RrgJnQQRsFNz4xtqjmqTSqi7V CGsEsCWhc/JBn71EzLtp0hfSol4wfF9WNeJXl7fFePy1FvHIC5KeZNuWr5MsaYrVVC+8 53bTdfWj0em+AmDAbrPApVw6QPOf7ip9rtubZLTcZCEpCUZ+p+C6Gc6rNuNeVwcqaWpo blR2nSdQ5AChAVbk/gcX3/NudrI/9ZXBriSJbXh/tKBGS+wxax5IveZJqZnionIDDjEj zCYQ== X-Gm-Message-State: AHPjjUij5+4FSoMrNYEGifEEB5yVEImKU0QsPrpMK7u798QDNBx0oE+4 L4nkZTaIK8xdn0qg X-Google-Smtp-Source: ADKCNb4zwSXQu9A928YDdoCy6N/V/vCs1PzQqA6JVYGyhXfC0PanVYimUQ8weTGSHqoGosOhIQXZag== X-Received: by 10.200.2.6 with SMTP id k6mr3928258qtg.180.1504706324626; Wed, 06 Sep 2017 06:58:44 -0700 (PDT) Received: from sio_centos_lt ([147.178.6.131]) by smtp.googlemail.com with ESMTPSA id v32sm2247980qtc.66.2017.09.06.06.58.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Sep 2017 06:58:44 -0700 (PDT) Message-ID: <1504706286.24576.2.camel@gmail.com> From: Yoav Nir To: ipsec@ietf.org Date: Wed, 06 Sep 2017 16:58:06 +0300 Organization: Dell-EMC Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-22.el7) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Archived-At: Subject: [IPsec] Reminder: I2NSF virtual interim meeting X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 14:02:35 -0000 Hi This is a reminder that the I2NSF virtual interim meeting will take place today/tonight in about two hours. Agenda and slides are here: https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/session/i2nsf More information such as Webex info is in the Agenda at the above link. The draft to be discussed is for controlling IPsec using an SDN, so people from both the I2NSF and IPsecME working groups are likely to be interested. Link to the draft: https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-03 Linda & Yoav From nobody Wed Sep 6 09:01:22 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2BED1329C7 for ; Wed, 6 Sep 2017 09:01:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwepTAHN_8qw for ; Wed, 6 Sep 2017 09:01:19 -0700 (PDT) Received: from mail-pg0-x230.google.com (mail-pg0-x230.google.com [IPv6:2607:f8b0:400e:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65FC7132D14 for ; Wed, 6 Sep 2017 09:01:19 -0700 (PDT) Received: by mail-pg0-x230.google.com with SMTP id t3so16051693pgt.0 for ; Wed, 06 Sep 2017 09:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RcUucXnPZGgOMarB8TAVq+u7PR7ETTzFC6+cPsNt22Q=; b=HInWPNe/UZxpOJqOqHRaIKdqyWcobpDzrAR3Ul+fsGk0qcrzMCm0SSYmT2hqGk1Wf6 +nI5wWWYaGMmA40NDft+2ONdrlqbgWLovGU3wBzLmxzfmb9QWHGrRm2GTRs0oMkRkQW7 YaqMA+98rCGrEKZNx6ZNAVQyvXP2bvKmeSrcfmipNWASR0+6UosylFdomLp/WbMJqXF1 OMl33clUtN/xmSaaV1DuZrrXbM/YWkg135ike/4PtoZOtD5PdiR3WNy9PYLmhRhB9Mg7 EshUvQ879ABxLRqKl05NBBbU6fHJ8B17alf9gMrqe6x+2oWidEFAv3y4cVDhYJELK+iP h6aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RcUucXnPZGgOMarB8TAVq+u7PR7ETTzFC6+cPsNt22Q=; b=iSLcwPBcrbRysvrStmfu6hdG4buf9wDqB/MEcF3leCbAZtXjSsdMTl9JRZN+g9FCXU 7y+CTonW+breINN67Khj5umNhBB+hYwE5q9lvubDp3mHDWzDzpRYPIT81xsylfvwGvGy JAseydPPqh/R7GvPVtD6PHhr9lIVP9rUZZZ9QDV/MzIdgXLKrO7CpKj5tiWFdRX6TReq moxXxtG4GJv/4jTkfVe6uiqCvcQrjSqp1Nzp5FD9AWOgMT76YRhd0LsP0pgkxwllrnuh DgbOCvezKsYP3/c8rq9/496XmlXzHDMbvPWb39wM7u1u3+/CJUwfhA3elUuU92sL3BC3 pvhw== X-Gm-Message-State: AHPjjUh9DgfZ7gu/VNL4KH7L8kWnyM3J9wwZ8vIdyo285BerkziMJvwk pXvgVCTSQWxdrcyFzOEqsvKVqbEwFQ== X-Google-Smtp-Source: ADKCNb6jjmD9VJkvSBTRYg7JaKTqeE7c0BOw8KpVcM7g0OBIjrBOTqVx1mOs9XYu8k5codYGNqWs/w3ZEeTqFiX95jw= X-Received: by 10.84.133.70 with SMTP id 64mr9015956plf.233.1504713678986; Wed, 06 Sep 2017 09:01:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Wed, 6 Sep 2017 09:00:38 -0700 (PDT) In-Reply-To: <1504706286.24576.2.camel@gmail.com> References: <1504706286.24576.2.camel@gmail.com> From: Kathleen Moriarty Date: Wed, 6 Sep 2017 12:00:38 -0400 Message-ID: To: Yoav Nir Cc: "ipsec@ietf.org" Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [IPsec] Reminder: I2NSF virtual interim meeting X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 16:01:21 -0000 Yoav, Is the meeting code i2nsf? The one I had from the email didn't work, but we do have an I2NSF webex that is working, waiting for a host to enter the code. Thank you, Kathleen On Wed, Sep 6, 2017 at 9:58 AM, Yoav Nir wrote: > Hi > > This is a reminder that the I2NSF virtual interim meeting will take > place today/tonight in about two hours. > > Agenda and slides are here: > https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/session/i2nsf > > More information such as Webex info is in the Agenda at the above link. > > The draft to be discussed is for controlling IPsec using an SDN, so > people from both the I2NSF and IPsecME working groups are likely to be > interested. > > Link to the draft: > https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-03 > > Linda & Yoav > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec -- Best regards, Kathleen From nobody Wed Sep 6 09:09:00 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B57E2132031 for ; Wed, 6 Sep 2017 09:08:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZfIonADSJHbU for ; Wed, 6 Sep 2017 09:08:56 -0700 (PDT) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 036C9132924 for ; Wed, 6 Sep 2017 09:08:56 -0700 (PDT) Received: by mail-wm0-x232.google.com with SMTP id 187so32789789wmn.1 for ; Wed, 06 Sep 2017 09:08:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Kg8H6Vi1jYN2YICzJq+pQaX3KeZRdsTsoOp1oORWAHE=; b=HWZCnDah5VEzCUuBAx9XEuOnt13QmezJim+xw4uL2A1mKBlROh3fcIqcVc4Q6afkf9 atdbWxfULjITqOEJNhCtqOH4ieAyNG0Or8XxNGicWyWSQT8t2qF2mbxrWA4jOqhdjuWR qbA/JBkDoK3sM+kH9NDBZrAlzQ4gxN4qhfgsbPrr9Q+XJiqbx6qIQlXkwK/YSxlI216e 8fDU3IhsqNVDSmIc6AhcU88r9e4GxyYIR2m6+3yFtMGcimemGEZxZWI2kjPS35vB5yUt Qj+HTmhkpUsD1gmiIfzUTFoA0ZRBugC5uZ9ZUb2amGai92LedYOkY3HceZB2FOt63V0H 3zJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Kg8H6Vi1jYN2YICzJq+pQaX3KeZRdsTsoOp1oORWAHE=; b=oSZ+mAepSZBIljk13dngI/ed4aUd/Yt6n6D9gsbryS1/mVG8KaQOpR3oSytA5BZFa5 dbevLYUm2/uLw7QOpC8h3z8HqxwjrUqYLgHxDgQ9kRMQksaUo3/aHnMWbAbg9pgNymwQ AWLykjJaX1J/8kgcFDgQZH3w8oJNUKWFXlB+go1VNO6uPL5db3majG5Wl0ifOWO+jFUf FLRp5KYmwNIhteDZQSQzqzQdEyje8XTqcNZ0XXvwncRYO0Kta32gh18hOztRpt2fbCFH ZAIqBDcI52BHuyKvLi0A8WBZmkYph36C5nk2Os/uK0QTO/jOCCsluDi0Olsvm91/SQ+n 1Azw== X-Gm-Message-State: AHPjjUjO/Rg57pXrOqFpHkb5wlCE1RLEsYGGi5HXiXRlSHrM7Fg+Wy6v 9pRzF9Te06l60Q== X-Google-Smtp-Source: ADKCNb6gYkh/sC6EWju3RvsIL5TWQVo7jzKuXcLu24+qna2xniPvB8T2xAeQVSt8asSC8NVFMHYsHg== X-Received: by 10.80.179.199 with SMTP id t7mr185919edd.19.1504714134407; Wed, 06 Sep 2017 09:08:54 -0700 (PDT) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id b38sm1548535ede.16.2017.09.06.09.08.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Sep 2017 09:08:53 -0700 (PDT) From: Yoav Nir Message-Id: <3FE86632-978C-461D-8083-F3B8B5DAA9BD@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_7CA18925-F8B8-4238-B1A2-97D747C1382A"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Wed, 6 Sep 2017 19:08:51 +0300 In-Reply-To: Cc: "ipsec@ietf.org" To: Kathleen Moriarty References: <1504706286.24576.2.camel@gmail.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [IPsec] Reminder: I2NSF virtual interim meeting X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 16:08:58 -0000 --Apple-Mail=_7CA18925-F8B8-4238-B1A2-97D747C1382A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Yes, it worked for me. > On 6 Sep 2017, at 19:00, Kathleen Moriarty = wrote: >=20 > Yoav, >=20 > Is the meeting code i2nsf? The one I had from the email didn't work, > but we do have an I2NSF webex that is working, waiting for a host to > enter the code. >=20 > Thank you, > Kathleen >=20 > On Wed, Sep 6, 2017 at 9:58 AM, Yoav Nir wrote: >> Hi >>=20 >> This is a reminder that the I2NSF virtual interim meeting will take >> place today/tonight in about two hours. >>=20 >> Agenda and slides are here: >> = https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/session/i2nsf >>=20 >> More information such as Webex info is in the Agenda at the above = link. >>=20 >> The draft to be discussed is for controlling IPsec using an SDN, so >> people from both the I2NSF and IPsecME working groups are likely to = be >> interested. >>=20 >> Link to the draft: >> = https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-03 >>=20 >> Linda & Yoav >>=20 >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >=20 >=20 >=20 > -- >=20 > Best regards, > Kathleen --Apple-Mail=_7CA18925-F8B8-4238-B1A2-97D747C1382A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJZsB2TAAoJELhJCxUKWMyZ7HwH+we24LiyEvmX6lfGwFWKsHiz HcAsjTyUTW1aqSoOs6sPZvy0A4X02kfQ23hRYJbnzbdkbQ/WnJqVX6c9+/GdLowl +savO2NR8mF2gAL13xGPFXXBNFro+Dmss7VwYKTTUahFtDgZQP6rGhdcLIo4GUdQ u517NopJhLPfxApZDpT2++K6XU5PLNgGPD6MhIUb14HhVDwUSStwjlfq6fyVrSpe EjPhE2EmEf14BH4fqmelbWkuesqx8Y7VQSVC7jGaHsn7rJ55ROkOt6YVdgMbiFL1 HMQKVNYIj+i9xYfBvRDQ6CThs8l+dG0Sg6bttty0K002HB1mFpTHMjYESl70q0o= =pmPd -----END PGP SIGNATURE----- --Apple-Mail=_7CA18925-F8B8-4238-B1A2-97D747C1382A-- From nobody Wed Sep 6 15:30:06 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0169512EC30; Wed, 6 Sep 2017 15:29:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGUN0AH8mCkB; Wed, 6 Sep 2017 15:29:57 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D85B1286C7; Wed, 6 Sep 2017 15:29:56 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml708-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DUX39685; Wed, 06 Sep 2017 22:29:54 +0000 (GMT) Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 6 Sep 2017 23:29:53 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML701-CHM.china.huawei.com ([169.254.3.191]) with mapi id 14.03.0301.000; Wed, 6 Sep 2017 15:29:48 -0700 From: Linda Dunbar To: Yoav Nir , IPsecME WG , "i2nsf@ietf.org" CC: Kathleen Moriarty Thread-Topic: WebEx recording of the i2nsf WG Virtual Meeting on SDN Controlled IPSec Key management (2017-09-06) Thread-Index: AdMnX4y3GYoIkVFITZijCB7XeyAnlQ== Date: Wed, 6 Sep 2017 22:29:48 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946F689@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.47.89.77] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946F689SJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.59B076E3.0016, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: d770be2b48e46c1b6e7a026068754e3e Archived-At: Subject: [IPsec] WebEx recording of the i2nsf WG Virtual Meeting on SDN Controlled IPSec Key management (2017-09-06) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 22:29:59 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F65946F689SJCEML702CHMchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks to many people actively participating & contributing to the discussi= on. It was a very productive meeting. Yoav and I will put the meeting minut= es together. Here is the Video Recording of the session: https://ietf.webex.com/ietf/ld= r.php?RCID=3D04303a15dda9bff7d8011a253800736e The Interim meeting presentation material and the link to the video are als= o posted in the I2NSF Wiki page for future references: https://trac.ietf.= org/trac/i2nsf Linda & Yoav From: IESG Secretary > Subject: [I2nsf] Interface to Network Security Functions (i2nsf) WG Virtual= Meeting: 2017-09-06 Date: 22 August 2017 at 23:26:29 GMT+3 To: "IETF-Announce" > Cc: i2nsf@ietf.org The Interface to Network Security Functions (i2nsf) Working Group will hold a virtual interim meeting on 2017-09-06 from 16:00 to 17:30 UTC. Agenda (times in GMT): 16:00 - Welcome, Note Well and Agenda Bashing 16:10 - Uses of IPsec (Paul W) 16:15 - Scope of draft-abad (Gabriel/Rafa) 16:20 - Open discussion about scope. 16:50 - Against IPsec without IKE (Tero) 16:55 - The case for IPsec without IKE (Gabriel/Rafa) 17:00 - Open discussion 17:20 - Conclusion and next steps. Information about remote participation: Call-in details will be sent a week before. The purpose of this meeting is to discuss the objections to draft-abad-i2ns= f-sdn-ipsec-flow-protection. _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf --_000_4A95BA014132FF49AE685FAB4B9F17F65946F689SJCEML702CHMchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Thanks to many people actively partic= ipating & contributing to the discussion. It was a very productive meet= ing. Yoav and I will put the meeting minutes together.

 

Here is the Video Recording of the se= ssion:  https://ietf.webex.com/ietf/ldr.php?RCID=3D04303a= 15dda9bff7d8011a253800736e

 

 

The Interim meeting presentation mate= rial and the link to the video are also posted in the I2NSF Wiki page for f= uture references:   https://trac.ietf.org/trac/i2nsf

 

Linda & Yoav

 

 

From: IESG Secre= tary <iesg-secretary@ietf.org= >

Subject: [I2nsf] Interface to Network Security Functions (i2nsf= ) WG Virtual Meeting: 2017-09-06

Date: 22 August = 2017 at 23:26:29 GMT+3

To: "IETF= -Announce" <ietf-announce= @ietf.org>

 

The Interface to Network Security Functions (i2nsf) = Working Group will hold
a virtual interim meeting on 2017-09-06 from 16:00 to 17:30 UTC.

Agenda (times in GMT):
16:00 - Welcome, Note Well and Agenda Bashing
16:10 - Uses of IPsec (Paul W)
16:15 - Scope of draft-abad (Gabriel/Rafa)
16:20 - Open discussion about scope.
16:50 - Against IPsec without IKE (Tero)
16:55 - The case for IPsec without IKE (Gabriel/Rafa)
17:00 - Open discussion
17:20 - Conclusion and next steps.

Information about remote participation:
Call-in details will be sent a week before.

The purpose of this meeting is to discuss the objections to draft-abad-i2ns= f-sdn-ipsec-flow-protection.

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.or= g/mailman/listinfo/i2nsf

 

--_000_4A95BA014132FF49AE685FAB4B9F17F65946F689SJCEML702CHMchi_-- From nobody Thu Sep 7 12:33:21 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36FF132FA2; Thu, 7 Sep 2017 12:33:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WIrGwHeoxmQ; Thu, 7 Sep 2017 12:33:18 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2C13132F99; Thu, 7 Sep 2017 12:33:17 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOD58214; Thu, 07 Sep 2017 19:33:14 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 7 Sep 2017 20:33:13 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Thu, 7 Sep 2017 12:33:07 -0700 From: Linda Dunbar To: Yoav Nir , "i2nsf@ietf.org" , IPsecME WG Thread-Topic: your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. Thread-Index: AdMoDbYLifW0BcxoSGSurAJRseRi2Q== Date: Thu, 7 Sep 2017 19:33:07 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946FE7FSJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.59B19EFB.01AF, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 17a32674da4a2ea9daafd3db3f09fe85 Archived-At: Subject: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 19:33:20 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F65946FE7FSJCEML702CHMchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Yoav, At yesterday's I2NSF Interim meeting, you described an example of Gap havin= g thousands of locations and most of them are in a mall where public networ= k is available. You said that typically the VPN gateway placed in the store= has no knowledge of the global network topology, nor does it know where th= e controller is located. Today, many vendors' remote CPEs support ONUG's SD-WAN "Zero-touch deployme= nt" requirement, where the remote CPEs devices can be connected to its cont= roller via barcode scan/email/etc. Does it solve the problem? Thanks, Linda --_000_4A95BA014132FF49AE685FAB4B9F17F65946FE7FSJCEML702CHMchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Yoav,

 

At yesterday’s I2NSF Interim meeting, you desc= ribed an example of Gap having thousands of locations and most of them are = in a mall where public network is available. You said that typically the VP= N gateway placed in the store has no knowledge of the global network topology, nor does it know where the controller is l= ocated.

 

Today, many vendors’ remote CPEs support ONUG&= #8217;s SD-WAN “Zero-touch deployment” requirement, where the r= emote CPEs devices can be connected to its controller via barcode scan/emai= l/etc.

 

Does it solve the problem?

 

Thanks,

Linda=

 

--_000_4A95BA014132FF49AE685FAB4B9F17F65946FE7FSJCEML702CHMchi_-- From nobody Thu Sep 7 13:19:10 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D437132FC4; Thu, 7 Sep 2017 13:19:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eSdj-jy2Z2OW; Thu, 7 Sep 2017 13:19:01 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C36D8132FC7; Thu, 7 Sep 2017 13:18:57 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 462CDE223; Thu, 7 Sep 2017 16:22:51 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DCF9D806B4; Thu, 7 Sep 2017 16:18:56 -0400 (EDT) From: Michael Richardson To: Linda Dunbar cc: Yoav Nir , "i2nsf\@ietf.org" , IPsecME WG In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 20:19:03 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Linda Dunbar wrote: > Today, many vendors=E2=80=99 remote CPEs support ONUG=E2=80=99s SD-WA= N =E2=80=9CZero-touch > deployment=E2=80=9D requirement, where the remote CPEs devices can be= connected to > its controller via barcode scan/email/etc. Dunno. I googled for ONUG SD-WAN Zero-Touch, and got: https://opennetworkingusergroup.com/wp-content/uploads/2015/05/ONUG-SD-WAN-= WG-Whitepaper_Final1.pdf but it was a 404. I tried the google cache, but the documents were not useful. Perhaps you could give us an Openstand reference we can use. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlmxqbAACgkQgItw+93Q 3WXvMwf/WYcsHfsbGrETMKECY8o85j/BhouM+YeBnOaN8peHxMMbeCV3G5H5EeXt yn9jNiQeKpdl1yJ3nDtogpPt5Cxtbv8pkWacWBAfRw2al48C/l2jILq6awdAp+0u xefkbDz1Lc+PGN7lndqM/tlqHiYhFtvSzaC5YyYnLHYBfbRikOY6Zv7nVcP0PZBu qXWPzWMzBH7urpy+FFU0JThiXW5/wwFwflcLyR/5Rzd4Swu5ItRC0usbucNbG1FT 4+N2YO/csJ02r2ICND3vDUWpw8frPoSoMJ5d/gMxtyk97iPDpTcxbGt3y12pVfwr +unLcGCXRRzPD8KUHA1w6Dycz5AGLQ== =jCT5 -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Sep 7 13:42:38 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04121329B5; Thu, 7 Sep 2017 13:42:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.218 X-Spam-Level: X-Spam-Status: No, score=-4.218 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9EGPG-AB1Ek; Thu, 7 Sep 2017 13:42:30 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA4461201F8; Thu, 7 Sep 2017 13:42:28 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOD63842; Thu, 07 Sep 2017 20:42:26 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 7 Sep 2017 21:42:25 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Thu, 7 Sep 2017 13:42:16 -0700 From: Linda Dunbar To: Michael Richardson CC: Yoav Nir , "i2nsf@ietf.org" , IPsecME WG Thread-Topic: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. Thread-Index: AQHTKBaRIkJ0WtxnX06I7DA2C7wDjKKp4ovA Date: Thu, 7 Sep 2017 20:42:15 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946FED5@SJCEML702-CHM.china.huawei.com> References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <31229.1504815536@obiwan.sandelman.ca> In-Reply-To: <31229.1504815536@obiwan.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/related; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_"; type="multipart/alternative" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.59B1AF33.00D7, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: d93e9e0f8dcd121a2b471700837fafd3 Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 20:42:31 -0000 --_004_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_ Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_" --_000_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Rm9yIGV4YW1wbGUsIGhlcmUgaXMgb25lIHZlbmRvcidzIGltcGxlbWVudGF0aW9uIChJIGZvdW5k IG9uIHRoZSB3ZWIsIGlmIHlvdSBlcXVhdGUgdGhlICJQdWJsaWMgQ2xvdWQgUGxhdGZvcm0iIHRv IHRoZSBwdWJsaWMgaW50ZXJuZXQgaW4gYSBzaG9wcGluZyBtYWxsKS4NCg0KDQoNCg0KLS0tLS1P cmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IE1pY2hhZWwgUmljaGFyZHNvbiBbbWFpbHRvOm1j citpZXRmQHNhbmRlbG1hbi5jYV0NClNlbnQ6IFRodXJzZGF5LCBTZXB0ZW1iZXIgMDcsIDIwMTcg MzoxOSBQTQ0KVG86IExpbmRhIER1bmJhciA8bGluZGEuZHVuYmFyQGh1YXdlaS5jb20+DQpDYzog WW9hdiBOaXIgPHluaXIuaWV0ZkBnbWFpbC5jb20+OyBpMm5zZkBpZXRmLm9yZzsgSVBzZWNNRSBX RyA8aXBzZWNAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0lQc2VjXSB5b3VyIGV4YW1wbGUgKGxp a2UgR2FwKSBhYm91dCBJUFNlYyBWUE4gZ2F0ZXdheSBkZXBsb3llZCBpbiBzaG9wcGluZyBtYWxs IG5vdCBhd2FyZSBvZiB3aGVyZSB0aGUgY29udHJvbGxlciBpcy4NCg0KDQpMaW5kYSBEdW5iYXIg PGxpbmRhLmR1bmJhckBodWF3ZWkuY29tPG1haWx0bzpsaW5kYS5kdW5iYXJAaHVhd2VpLmNvbT4+ IHdyb3RlOg0KICAgID4gVG9kYXksIG1hbnkgdmVuZG9yc+KAmSByZW1vdGUgQ1BFcyBzdXBwb3J0 IE9OVUfigJlzIFNELVdBTiDigJxaZXJvLXRvdWNoDQogICAgPiBkZXBsb3ltZW504oCdIHJlcXVp cmVtZW50LCB3aGVyZSB0aGUgcmVtb3RlIENQRXMgZGV2aWNlcyBjYW4gYmUgY29ubmVjdGVkIHRv DQogICAgPiBpdHMgY29udHJvbGxlciB2aWEgYmFyY29kZSBzY2FuL2VtYWlsL2V0Yy4NCg0KRHVu bm8uDQpJIGdvb2dsZWQgZm9yIE9OVUcgU0QtV0FOIFplcm8tVG91Y2gsIGFuZCBnb3Q6DQoNCmh0 dHBzOi8vb3Blbm5ldHdvcmtpbmd1c2VyZ3JvdXAuY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE1 LzA1L09OVUctU0QtV0FOLVdHLVdoaXRlcGFwZXJfRmluYWwxLnBkZg0KDQpidXQgaXQgd2FzIGEg NDA0LiAgSSB0cmllZCB0aGUgZ29vZ2xlIGNhY2hlLCBidXQgdGhlIGRvY3VtZW50cyB3ZXJlIG5v dCB1c2VmdWwuICBQZXJoYXBzIHlvdSBjb3VsZCBnaXZlIHVzIGFuIE9wZW5zdGFuZCByZWZlcmVu Y2Ugd2UgY2FuIHVzZS4NCg0KLS0NCk1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZAc2FuZGVs bWFuLmNhPG1haWx0bzptY3IrSUVURkBzYW5kZWxtYW4uY2E+PiwgU2FuZGVsbWFuIFNvZnR3YXJl IFdvcmtzICAtPSBJUHY2IElvVCBjb25zdWx0aW5nID0tDQoNCg0KDQoNCg== --_000_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVu dD0iTWljcm9zb2Z0IEV4Y2hhbmdlIFNlcnZlciI+DQo8IS0tIGNvbnZlcnRlZCBmcm9tIHJ0ZiAt LT4NCjxzdHlsZT48IS0tIC5FbWFpbFF1b3RlIHsgbWFyZ2luLWxlZnQ6IDFwdDsgcGFkZGluZy1s ZWZ0OiA0cHQ7IGJvcmRlci1sZWZ0OiAjODAwMDAwIDJweCBzb2xpZDsgfSAtLT48L3N0eWxlPg0K PC9oZWFkPg0KPGJvZHk+DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIyIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExcHQ7Ij4NCjxkaXY+Rm9yIGV4YW1wbGUsIGhlcmUgaXMgb25lIHZlbmRv cidzIGltcGxlbWVudGF0aW9uIChJIGZvdW5kIG9uIHRoZSB3ZWIsIGlmIHlvdSBlcXVhdGUgdGhl ICZxdW90O1B1YmxpYyBDbG91ZCBQbGF0Zm9ybSZxdW90OyB0byB0aGUgcHVibGljIGludGVybmV0 IGluIGEgc2hvcHBpbmcgbWFsbCkuIDwvZGl2Pg0KPGRpdj48Zm9udCBmYWNlPSJUaW1lcyBOZXcg Um9tYW4iPiZuYnNwOzwvZm9udD48L2Rpdj4NCjxkaXY+PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJv bWFuIj4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8ZGl2Pjxmb250IGZhY2U9IlRpbWVzIE5ldyBSb21h biI+PGltZyBzcmM9ImNpZDozMDMwRTRGMUE3NUE3ODRGQjA4Q0M5NjBENjQ4NkYzREBodWF3ZWku Y29tIj48Zm9udCBmYWNlPSJDYWxpYnJpIj4gPC9mb250PjwvZm9udD48L2Rpdj4NCjxhIG5hbWU9 Il9NYWlsRW5kQ29tcG9zZSI+PC9hPg0KPGRpdj4mbmJzcDs8L2Rpdj4NCjxkaXY+LS0tLS1Pcmln aW5hbCBNZXNzYWdlLS0tLS08YnI+DQoNCkZyb206IE1pY2hhZWwgUmljaGFyZHNvbiBbPGEgaHJl Zj0ibWFpbHRvOm1jciYjNDM7aWV0ZkBzYW5kZWxtYW4uY2EiPm1haWx0bzptY3ImIzQzO2lldGZA c2FuZGVsbWFuLmNhPC9hPl0NCjxicj4NCg0KU2VudDogVGh1cnNkYXksIFNlcHRlbWJlciAwNywg MjAxNyAzOjE5IFBNPGJyPg0KDQpUbzogTGluZGEgRHVuYmFyICZsdDtsaW5kYS5kdW5iYXJAaHVh d2VpLmNvbSZndDs8YnI+DQoNCkNjOiBZb2F2IE5pciAmbHQ7eW5pci5pZXRmQGdtYWlsLmNvbSZn dDs7IGkybnNmQGlldGYub3JnOyBJUHNlY01FIFdHICZsdDtpcHNlY0BpZXRmLm9yZyZndDs8YnI+ DQoNClN1YmplY3Q6IFJlOiBbSVBzZWNdIHlvdXIgZXhhbXBsZSAobGlrZSBHYXApIGFib3V0IElQ U2VjIFZQTiBnYXRld2F5IGRlcGxveWVkIGluIHNob3BwaW5nIG1hbGwgbm90IGF3YXJlIG9mIHdo ZXJlIHRoZSBjb250cm9sbGVyIGlzLjwvZGl2Pg0KPGRpdj48Zm9udCBmYWNlPSJUaW1lcyBOZXcg Um9tYW4iPiZuYnNwOzwvZm9udD48L2Rpdj4NCjxkaXY+PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJv bWFuIj4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8ZGl2PkxpbmRhIER1bmJhciAmbHQ7PGEgaHJlZj0i bWFpbHRvOmxpbmRhLmR1bmJhckBodWF3ZWkuY29tIj5saW5kYS5kdW5iYXJAaHVhd2VpLmNvbTwv YT4mZ3Q7IHdyb3RlOjwvZGl2Pg0KPGRpdj4mbmJzcDsmbmJzcDsmbmJzcDsgJmd0OyBUb2RheSwg bWFueSB2ZW5kb3Jz4oCZIHJlbW90ZSBDUEVzIHN1cHBvcnQgT05VR+KAmXMgU0QtV0FOIOKAnFpl cm8tdG91Y2g8L2Rpdj4NCjxkaXY+Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZndDsgZGVwbG95bWVudOKA nSByZXF1aXJlbWVudCwgd2hlcmUgdGhlIHJlbW90ZSBDUEVzIGRldmljZXMgY2FuIGJlIGNvbm5l Y3RlZCB0bzwvZGl2Pg0KPGRpdj4mbmJzcDsmbmJzcDsmbmJzcDsgJmd0OyBpdHMgY29udHJvbGxl ciB2aWEgYmFyY29kZSBzY2FuL2VtYWlsL2V0Yy48L2Rpdj4NCjxkaXY+Jm5ic3A7PC9kaXY+DQo8 ZGl2PkR1bm5vLjwvZGl2Pg0KPGRpdj5JIGdvb2dsZWQgZm9yIE9OVUcgU0QtV0FOIFplcm8tVG91 Y2gsIGFuZCBnb3Q6PC9kaXY+DQo8ZGl2PiZuYnNwOzwvZGl2Pg0KPGRpdj48Zm9udCBmYWNlPSJU aW1lcyBOZXcgUm9tYW4iPjxhIGhyZWY9Imh0dHBzOi8vb3Blbm5ldHdvcmtpbmd1c2VyZ3JvdXAu Y29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE1LzA1L09OVUctU0QtV0FOLVdHLVdoaXRlcGFwZXJf RmluYWwxLnBkZiI+PGZvbnQgZmFjZT0iQ2FsaWJyaSI+aHR0cHM6Ly9vcGVubmV0d29ya2luZ3Vz ZXJncm91cC5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTUvMDUvT05VRy1TRC1XQU4tV0ctV2hp dGVwYXBlcl9GaW5hbDEucGRmPC9mb250PjwvYT48L2ZvbnQ+PC9kaXY+DQo8ZGl2Pjxmb250IGZh Y2U9IlRpbWVzIE5ldyBSb21hbiI+Jm5ic3A7PC9mb250PjwvZGl2Pg0KPGRpdj5idXQgaXQgd2Fz IGEgNDA0LiZuYnNwOyBJIHRyaWVkIHRoZSBnb29nbGUgY2FjaGUsIGJ1dCB0aGUgZG9jdW1lbnRz IHdlcmUgbm90IHVzZWZ1bC4mbmJzcDsgUGVyaGFwcyB5b3UgY291bGQgZ2l2ZSB1cyBhbiBPcGVu c3RhbmQgcmVmZXJlbmNlIHdlIGNhbiB1c2UuPC9kaXY+DQo8ZGl2PiZuYnNwOzwvZGl2Pg0KPGRp dj4tLTwvZGl2Pg0KPGRpdj5NaWNoYWVsIFJpY2hhcmRzb24gJmx0OzxhIGhyZWY9Im1haWx0bzpt Y3ImIzQzO0lFVEZAc2FuZGVsbWFuLmNhIj5tY3ImIzQzO0lFVEZAc2FuZGVsbWFuLmNhPC9hPiZn dDssIFNhbmRlbG1hbiBTb2Z0d2FyZSBXb3JrcyZuYnNwOyAtPSBJUHY2IElvVCBjb25zdWx0aW5n ID0tPC9kaXY+DQo8ZGl2PiZuYnNwOzwvZGl2Pg0KPGRpdj4mbmJzcDs8L2Rpdj4NCjxkaXY+PGZv bnQgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8ZGl2Pjxmb250 IGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Jm5ic3A7PC9mb250PjwvZGl2Pg0KPC9zcGFuPjwvZm9u dD4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_-- --_004_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_ Content-Type: image/jpeg; name="ATT88348 1.jpg" Content-Description: ATT88348 1.jpg Content-Disposition: inline; filename="ATT88348 1.jpg"; creation-date="Thu, 07 Sep 2017 20:42:10 GMT"; modification-date="Thu, 07 Sep 2017 20:42:10 GMT" Content-ID: <3030E4F1A75A784FB08CC960D6486F3D@huawei.com> Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAGnAwgDASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACisbWfE+maFc29teG6ae4UtFFb2sk7MBjPCKfX+fpVrSNZsNesBfadOZoCxT JRkIYcEFWAII9xQBforNuNbtLbXbTR5C/wBquonljwhK7VxnJ6DrUOpeJdP0rUUsbnz/ADnge4Ai haTKr1wFBJPsOaANiioLO7ivrOG6h8zypkDr5kbI2D6qwBB9iKi1LU7TSbT7TeSMkZdIxtRnLMzB VACgk8kfzPFAFyiudHjTSi8CMl9FJNdJaKlxZywsHf7vDqOOetdFQAUUVR1TVbbSIIJbosEmuYrZ Nq5+eRwi/hkigC9RWZq+vWOieQLszl52KxRwwPKzn0AUE1QsvG2i6jPYw2k0zteSSRIGt3jKumNy sGAKnnuKAOiopksscMbSSuscajLMxwB9TWVq/iSx0e7060lE0t1qD7LeKGJn3AEbjkAgABgee30N AGxRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUU AFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQA UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHA eNItUk8b+HP7IMCXOJB5lwrFFX+I8d8Zx2ziscRSfD7xTp0N5q19LYXkdzPdXDW/7uS6crgfImAe OB747gV6qURmDFVLDoSORSSRRygCSNXAOQGGcH1oA8StbttR1nw/d6tqWoQQuLoGdUKkrvGFY7Tt GPofenWF9qlzdWt5LPfzSRWV6La5uIDHI0Y/1bEbV5/CvaJLS2mTZJbxOuc7WQEdc/z5p5hiOMxp wMD5RwPSgDy3RNTlvdQQeINY1O3SO0tpLVRGVWR2RC5zs+Y7vc9W9OOi8eGSGbw5essr2VvqkL3B RCwQZwHbA4AOOa657W3lCCSCJ/LIKbkB2kdMelSOiupV1DKeCCMg0AcD401G31KXQDp0huGg1eAt 5aEgHORzjBrAs9Zubm2s7u31fU38QPq8MF1aNAQFjLR70KFBtURnO7tk88cesR2tvCoWO3iRQ27C oAM+v1pVtoEnedYI1lf70gQBm7cnv0oA8kPie+aw0ay+2XqaiPEyRTxtC6kw7/usSv3fmXvz07EV Va9lv4bObVL/AFD+2D4mtkks5IiiKizR4GNg+UDBDZ5PftXsv2a38xpPIi3sQzNsGSR0JPrxR9mg 81pfIj8xiCzbBkkdMn8BQBxvjxNQfVPDZ0wxC5F8MNMpKAcZzjnpn8awrrQ28M+JtLnkuJ7ua4nu b+5kSMcOY1BCADjhBjOea9SZFYgsoJXkEjpUVzLbwASzAZHQ7cn8KErg3bc8L1nUdQ1+PVtLt5b8 2Vxp5uGiYb2LK6kAsVwCcHIHOD2rY1HTrOfWvBNzpk17MFinlAVnI8xI0ZVORkcgfLxnkV6lZTWM szrb2yozfMxEWN314+lVPtgt5CkenhdjHGyA8E9TwKtQk3Yh1IpXPONK1jUJdO0S8i1rVLjxFPqM EGpWjQjEab0EgZBGNgCc5/2iQcYxctzqjeDZb46pqK3t1rENv5oI3RxGZEIUbcdCeSD1r0ZpI7aL 7Z9jUTykb2WPDHtzxmnWt5aXP7pIwpzuClOM+tLldrj51ex5tqSanbyeMYbfVdTjXSp7eSyZSGKl o4mbqp3ck8c9a9StHeSygkkOXaNSxxjkinmKM7sxod/3sqOfrTwMDA6VJQUUUUAFFFFABRRRQAUU UUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRR QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUVE1xCkoiZwHPQUWBuxLR WVc3d8ly6xwSeWCApCZzwOanlmu004yKhM+5QF25OCRnj6Zq+R6GftFr5F6is6z1Lzm8uZGR+nKk VA93c3d+sdqzpEjgMdnDDIz1H1o9m72Ye0VrodeX08k72tqrq6sFLquewPpxVxrQXECLcksw5OOK shVBJAAJ6nHWloctrDUNW2xkcUcQwihfpT6KKgsCARgio1giR9yoA3qBUlFAWMa4ivrS482GV2jL DKhd2Rx14rXVwQoJwxHSnVl6nbSgm6heQuuDtXn8hWl+eyZnbku0alFV7Kdri2DupVs4ORjNWKhq zsWndXQUUUUhhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFVxe25uTbh8 yDqADx+NNJvYTaW5YorInXUZ7mWMMyQ7htIA6YHerT2k72Ih89hJnO8fWqcUupKm3eyLFwXED+V9 /HGBms+x0+Qyfabl3MmchSAPxNPtrC5iuFeS5ZlHbjmtKm3yqyYuXmd2FYni7X/+EY8MXeriHzmh MaKnqXkVBn2y2a264n4t/wDJNtR/67Wv/pTFWZocfD8Vdeut0kGhQzbTtLRo7YOM4yB6EU+P4leJ Yd3l+HANxyf3Un+FV/BeqeMLTw+ItG0iO5shKxWRjyTxmuh/t34i/wDQvQ/nVXFoY03xX8R28fmT 6GkUYIBZ0dR+ZFen+HtXGu6HbaiI/LMq5K+hrynxpqnjG78OSRazpMdrZeYhaReudwwPzr0H4d/8 iRp/+6aQzqaKKKQBRRRQAUUUUAZmpXFxaTQyIxEG4BgFyPftWijrIgdTkGmXFulzA0T5wcHI7EHN MtTDGDbxuWKdc1bs4+ZCTUnroyxRRRUFhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU UUAFFFcB4n8Y3P2ySw0qUwrC22WcKCWPdVyOnbNaUqUqkuWJnUqxpx5pHdS3VvAcTTxR/wC+4H86 i/tKw/5/bb/v6v8AjXjE5a6laW4dpXY5Jc5zUfkRf880/wC+RXcsv01kcbx+ukT2v+0rD/n9tv8A v6v+NH9pWH/P7bf9/V/xrxTyIv8Anmn/AHyKPIi/55p/3yKP7P8A7wvr/wDdPa/7SsP+f22/7+r/ AI0f2lYf8/tt/wB/V/xrxTyIv+eaf98ijyIv+eaf98ij+z/7wfX/AO6e1/2lYf8AP7bf9/V/xo/t Kw/5/bb/AL+r/jXinkRf880/75FHkRf880/75FH9n/3g+v8A909r/tKw/wCf22/7+r/jR/aVh/z+ 23/f1f8AGvFPIi/55p/3yKPIi/55p/3yKP7P/vB9f/untf8AaVh/z+23/f1f8anjljlXdG6uvTKn Irw3yIv+eaf98irdne3umsWsbuWAk5+U5GfoeO1KWXu2khrHq+sT2qiuZ8KeJ11mJrW6IW/j6gKQ JFwPmHb149q6auCcHB8rO6E1OPNEKKKKkoKKKKACiiigAooooAKKKKACiiigAooqG7keK1keMEsB wAMmmld2E3ZXGTSLOJbeGYLMMZx27/yqKz01LZjI7F5Cc5PamaVbMsbXEu/zXP8AEMECtGqk+X3U RFc1pNBRRRUGgUUUUAFcT8W/+Sbaj/12tf8A0pirtq4n4t/8k21H/rta/wDpTFQB4/pPjDxFodmb PTtUaG23lxH5EbbSevJUmtmTxr8QYdO/tGW8u0st4QXDWCBCTjHzbMYOQM9M8da4yt668X6re+Eh 4cuJFe1DoRJtUPtVgypwMYBUc9cd6YiPVvGHiPXLE2Wo6q01sWDNGII13EcjJC5688V7b8O/+RI0 /wD3TXzwelfQ/wAO/wDkSNP/AN00MDqaKKKQwooooAKKKKACsjY1vrbMoYiZhnjgcD/Cteql3dfZ pIVCBi7BcntzVwb2XUiaVr9i3RRRUFhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFF FABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUU AZHie8ksPDd7cQyGOQKFVwMkFmC5/WvJACByxYnkk9Sa9R8cf8ihe/70X/oxa8vr1cBFcjfmeXjp P2iXkFFFFd5xBRRRQAUUUUAFFFFABRRRQAUUUUAXdGuJLTXdPmiYg/aI0bHdWYAj9a9krxbT/wDk K2P/AF9Q/wDoxa9ju7qKxtJLmcsIoxubapY49gOTXk4+3OvQ9PAv3Hcmorj9Y+IGnacY1BljztZm uLeSNdpYDGSByc4FbNl4k0++mhij+0pJMMoJLd1B+hIwa8qOJoyfLGab9fy7nca9FQvd26Xcdq0y CeRSyRk8sB1IFF1dwWVtLcXEipFEhd2PYCtwJqK52Hxz4dudJGpW2oCe3aYW6iKJ2dpTjCBANxJy OMdx61lal8SbGI2kOmWd3e3V1e/YVjeB4vLmBUsrhlBXCsD0x745oA7egnAya8+1jxhrlnLqF9HB BDpmlX0FvdK8bPJIjsm5lA9A5/LPIrF1HXNZvPFGrRw6vLbLZ30cSxSzRR2/kFUJBQr5jFgzEMDj kY6GgD0/TtVsdWgM1hdRzxhipKnoQcEEVcrz3wBa6f4d1rXdEjS7Ez3zTW7SRSMrQNFGww+NuM7u /XNehUAFFZmt6smkaZLdDY7xlR5ZYAnLAf1rHtvHuluuboS259o2cfoDWsaNSceaKuZyrQi7Sdjq 6zZ72T+047eIkqGAcBc+/wDKrdne29/brcW0nmRN0bBH86iWz/4mL3RkPPRRj0A5qY2TfMOV2lyl yiiioLCiiigAooooAK4n4t/8k21H/rta/wDpTFXbVynxJ0271bwHqFnYwtNcF4HWNBksEmR2wO5w poA+eqK1P+EZ8Q/9ADVf/AOT/Cj/AIRjxD/0ANV/8A5P8KdxGWelfQ/w7/5EjT/9014YfDHiHH/I A1X/AMA5P8K988Fafc6Z4TsbW7jMcyp8yHqPrQwOgooopDCiiigAooooAKztTH722/66D+daNV5p oBNHFJy5IwMdKqLsyZq6LFFFFSUFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBz3 jj/kUL3/AHov/Ri15fXqHjj/AJFC9/3ov/Ri15fXrYD+E/X/ACPKx38X5f5hRRRXccYUUUUAFFFF ABRRRQAUUUUAFFFFAFjT/wDkK2P/AF9Q/wDoxa9M8Um6XT1MZYWm9Rc+WuX25HI4PHr3xXmen/8A IVsf+vqH/wBGLXsN9BFdWMsM7lImX5mBwQPrXjZnD2j5L2urabnpYH4WeaeOfEGl29inh/7TGl/q XlxKHXhImdVLsTwBg+uc1sCAWdno1vp91JNdRbY7aUAOJAMBixAxjHPGKcfDmka75lxZXCXLQyCC WS7tkfAGM7SyZ6HjtV5LbQNDngkfU2zbcJHlSq5/2VXiviMFw1iKFamua3I7uz1ba6aXXbXuz054 iMot9yj43T7JrfhXVC7xyC/SykkjQnibC4JwcDPc+tcbZaLeTLba213q1zqA1xbHUY5BuSS3ZkUq Y9mAoU9cZ5PPTHfah4w8N3UKpKr3YjlSRENuwAdSCrDcB0POfas6bxtdymUaTpZ2lxlhEzsTxnIU df8A61faRwtWXS3qcksTSit7+hyieD9RudAk8PQ2l9Fd6JqYubaRovJiu4sqeJAoBbG7lehH4V0m meC5F023ku1j0iS31aLUIwLgztJtCBg7PnlgMcHsD3IpRdeNdRYNH9qt0JA2mBU/9CXNWYvCOrX0 mdV1QjcR8gbcSOM8dKr6vGPxzX5kfWJS0hBkupQeFVGvpe6jK8esSRvcxIC20qiINm1c9EB785qp d6x4QJgddLS+ngEaRyzQfMduNpJYZJGBj3FS3Xhbw7o01uuoaleNJcOFijADFjn0VCcepq/NP4S8 NWstzdqkEaXCwlpYmdjIduNoAJPVegp/7NHuwX1iW9kZs/i/W7jIsdMmVScApbs+P0piQ+NNUysk 80MTMM7kWPH5AGtk+PtB+yTTW0k8oi8rCC3dPM8xgqFCwAYbiBx0PFczqHjadtXulK31ts2QmxlT GydCsrfMoPBibJ5x06Z5X1iMfggvzH9Xk3703+RfPg9ZjJHd60r3ef8AVowZiwGcEHnOP6VDo/hN DEb3W5Hs4YZhhHIQPgjrnsTx2NZxs9TjbWLrS725mvpNYjeKcWalkinhjVcFkI2ruzkdAvJ+9TrL SNcuPDkseoPr02o74pGQRwhBKCqll8xdrKeWI9M47UfXKtmrh9Up3TsepRLGkSiIKI8fLt6YrP09 2N9dKWJAapNFivodHto9SkWS7VAJGVQoz9Bx+VSKLa3vHwxEspHB6fhXPF6M2ktUy3RRVe9jmls5 Ut7r7LKRxNsDbPU4PFSWWKK880vxt/ZsOp32t6nLdac2ox2WmyfZNjSkom4gKo+XexGT6HnoK3LL x9oepC3+wvc3DTlgFW2cFdrAOWyBgDPJoA6eiubtvHOjXV7b26tdotzN5FtPJaSrFM+M4VyuD0PP Tis7xVfa3p2vaZDaaytva30+xla0V/KRRlsHqScH6Z74oA7WiuXh8eaK0EcrvdrDIpMM8lpIizYX cSpK+n68deKfL470KFEaSW4UPBHOubWTO2R1RB93hizqMHnn0BoA6WiuG1jxlNZa9pW2DUY7N/OS 4tvsLtJIQEKlRtLEDd1Xjrnpxoa54oVvAcuvaHOGD+V5Mjx9N0iocqe/J60AdTRXDnxTc+FtYltP E16sthNCLi2vfLCEfdVo2VRj7xGOp+b6VftPiDoN5BPJHLPuhliiaMwNuLS48vAxzknGOuaAOpor hNX8aZvdLezmubSCPUWttQintijYVAxGGXOMEEFetX5viNoFt/x9fb4A0fmxGSwmHmoGCll+XnBO fpz05oA6yisG68X6VayXCE3EjQXEVqwigdsyyKrIowOeHU+2earWnjzRrqZI8XsIeRog89pIih1X cykleMD9eOvFAHT0Vx1n8T/C999o8i7mbyI/NYfZpASuQO44PI4POCDjBo1Dx/awaRcXdpZ3ck0E 9ujwS20ivtlZMNtxno/Ax14oA7GsxoZZdY3lGVEIw2OCMCrMt4sdh9pZXTIGFZcMCTgZH403TZpp 7d3m/vkLxjjA/rmrjdJszlZtRLlFFFQaBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU UUAc944/5FC9/wB6L/0YteX16h44/wCRQvf96L/0YteX162A/hP1/wAjysd/F+X+YUUUV3HGaFtY xT+Hr+8O7z4biGOPHTDMoP8AOi70a5svtIleIyW+3fGjbmAOMHA7fMP50trfRQaHeWTBjJPcRSqR 0AVlJ/8AQamvdUgudZ1S7RXEd0gVM4yPlUf0rG8+Z9v+G/4JraNl/Xf/AIBVXTH2xGSaNN7IGXOH QNjBwfY5qS90uO11O4tIrtDHCwBklOMZxgEgAE89qsy6hZDTFgSS6nlEiMrThf3YUgkAgDIOMVN/ a2nDVrm8QXKmcqd5RGMZ4ztBGMdRzz6VPNPf+ug7QsUF07ypL+C4G4xWwlRhnB5Ugg9xz/MUyfTy 1yi26YVoI5ZHb7q5Vcknt/WrmoavBc3t1KgkKy2ogUsADnI5OOO1LZa2ttdfekSF7eOJyqqSCoHI BBHamnUtew7U72voUU0u4kvPsybSSm9JOisuM5B/z0qpKnlXEkW9X2EDehyG4B4/PH4VsXerrNfy SedPND9naJPMVVIJGOigYGaxRwKuDk/iM5qK+EKKKK0ILGn/APIVsf8Ar6h/9GLXWeLp9fnuJreO 1uRpykAeRGX8zocnAyOe1cnp/wDyFbH/AK+of/Ri13PjTxBqnh+90eWzUPZy3AW7Tyi7FNyg7cAk EAk/ga87FVPZ1lK19Duw1P2lOUb2OY0LTbzULmSwjuJLUffdSrLnp+uMV00Xw8stwe4v7tznJCbQ D+YJrlY/G0s+t+Jb6K9u/wCzzIIbCSCzMhUosYcqChJ5LcnIGc0y3uvEuuvb2lxf6lLbi8nt2mit 1XkRpJBIxVMABmwTwOPauepjJyd46HTDCQStLU7yLQPDthIUbyjInzkSyDIA5zj0qt/wnPhq2sp5 rORpFiuEtmSG2dSZH27QMqM8MDnpXMR+GvEuuXlnd6gjQlZYTJvEamWMKqyeZhcljhsY2jBHFQaJ 4M1HUkubDUo7q0tzOlwbkhTIssRAiK7wwK7VUYwRj3JrmlOUvidzojCMdkdVF8QNNn1aytVjmjt7 tvLjnmhdFeTdt2gkYznjnr2yK47xjd3lr4/muYpr1o7OSCYQwBt7vtULGgwd0Zb7wUZ68ivQYPCV mqWgvLu7vmtZBKjTsoBcHKkqiqvBHHFbT21vJMszwRtKn3XKgsPoako5PW7Ya3pdhrVn/aKalAP3 T2ahXVj95WV1Py54PH41m6F4Q1sySXWsXEcl09/Feb2VeQYUjlBAGATs7Y612V5r2mWMrQz3kQnU E+UDlicZxj1PHHvXPav41SbwDceItBLMI5Y48zW7gqPNVHO0jJwpJz04oAjvvh6lzoj2a6nctOFC RyMEAVRMJQOF7EYz1x781r2HhHTLUGSeJrq5ec3Mks7biZDGsZP02qBiuZsvGmsGKFBGl1Hcastn b3ssLwJJCVjO7BHXLMo7Ej8ayL7xb4ju2e3tbq+E9zJLHJa2unky2Ijw2VYod25eOQeWOORwAesA Q26qo2Rg4VRwM9gKzr7xHpWnrcm4usG3ZEkVI2Y7nICqAB8xJIAAycnFed6po+ra1c2tzpVxr7aa iohSWIQzxyhlfevmqvykYBOD3GOCK3bjwRe3t9dsLz7PaXRjmmgdUkWWZVX5yNoIYFVOQeqjtxQB 3MMqzwpKoYK4yAylT+IPIrN1WBhLFcp5hKMMhFz3HtTtA0ltE0iKxe+nvWQkmafG45OccADA6CtO qjLldyZR5lYRTuQNgjIzg1n67psusaJdafBfS2Mk6bPtEShmQZGcA8cjI/GmLqLwXrw3WQpYKp2n HPStSiUWgjJS2ODk+HdzPoNtplx4gMpspI3tJH0+ErGF4ZWTGHyM9ehwfY7Fj4Qt7O5tpzcb2itn gdY4EiV9x5baoAFdJRUlHGWHgFrW6sxc69eXWnadcrc2No0Ua+UQuMM4XLjJY9uo9OdrWvDsOt3t hcTTyILN2YIoGHyMEH862aKAONtfh/HFaxWV3rF3d2FtGY7SF441MQKlSSwX5jz7VVT4alo7hbvx De3DOsKQt5MSeQsUiyRgYXnDIM5ySPzrvK5nxj4jufD0NibeKMLc3CQvcThvKhBIGWKg4yT9Pcda AEh8KXb3tpe6nrs99c2xl2ubeOMbXVRtwo6Dbn15Pthi+CIk8CN4Xj1CZU4K3OxSykOHBx06ilvP H2h6Q8Nvql5tuSkbSGCCSSJN5CqS6qQASR1NWrvxlo1ldTQTvdDyZEjllSzleJGfbtBcKVGd69+9 AGRcfDwavbzr4g1y71GZ0WKKRYY4REisr8KAQSWXkngjjHeql/4KvrTw/HZWlwlxcvqlrOJ7ezht zCiOh3lVG1ymC3PXGMVval4rtbbUYrOCZNyXqWtyZIpNqloxJgMBjO1gck45A68Uf8JzoQspbxpb tbdCgWR7KZRKXOFEZK/OSeMLk5oAz5Ph+t5H/wATLWLq7ne7a5mlMUab8xiPaAowAFUeppn/AAgI ZzPqur3urJb20tva27xxRiNHGCMquWbAABJ/DvXSaLr2neILaWfTpmkWGUwyh42Ro3ADFSGAIOGH 51pUAcF4Q8GXcHhm0XV7u4F+dRXUZd4UkMm1VTIHTai88mtSXwRbTbA97PsW6luWUKvzeYoUr+AF dTRQBxFh8OYLHTbuw/tJpIZkCRsLOCORAGDcsigseO9XL/wTHdrqTJqU0Et59mYSCNW8poChUgHg 5MYyD611ZOBk1SvmlmtcWpJJYAleo5ppXYpOyuRpEl7aLbS3TTyRYEkgQLvI5zjp+VX0QRoEXoKr WFmLSIgks7HLE1bpyfRbCiur3CiiipKCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK KKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooo oA57xx/yKF7/AL0X/oxa8vr1Dxx/yKF7/vRf+jFry+vWwH8J+v8AkeVjv4vy/wAwoooruOMKKKKA CiiigAooooAKKKKACiiigCxp/wDyFbH/AK+of/Ri165qOl2+qfZftG//AEadZ02nHzL2Pt615Hp/ /IVsf+vqH/0Yte015OP/AIi9D08D8LMeyttA0yUWFr9iimDswhDrv3N14688VfkvLO0ikMk8MSQg FxuA2A9Mjt1rzTUtORNT8RwLp93NqR1m0ubC4W0LMoYQFir7SNinfn0wehGaq33gvVbjU9eeeLUp ppZ5Jop1ePyZ1MMe0OuMnDJgAY5FcJ3HbXvjSwhlsJbeQy2Ms7wTzCF8RELuGeOB7ng9qz2+Jmnx +VJNYX9vbSupSaa3dQ0JZV83kcDc3Q8456ZxDoHhK41HTWvtWnlgnu7i3ungjiEYHlIibWVlyNwT B9jwa2LbwPp1vbzwvc3d0kkL28YuGRhDG2SVUBRxz3yfegDmLnxT4i1Jn+xXLWYSGK5RYbcSeahm 2MNzKR90MeOcY6ZFVtZi8U3Dz20tzq15pttqKoZYbcLO8LQRFXUIq79shfOB6jtivSNM0q20uwtr WFAVt4xEjlRu2+lXqAOD07wlcXhvLy5M0E1xeWl5E84QyqYVjBDYH8Xl8j37V0Fp4aig0rUdLmuZ J7K7dyiFVBhVhyoIHPOTznk+nFblFAFGPSLVdPsrOVTOln5ZiaXBbcmNrHAAzwKtJbwxzSSpEiyS ffcKAW7cnvUlFABRRRQAUUUUAQz2sVxtLg5U5BFVbm/a1uPLMRMQx82DWhTJI0lQo6gg1SfcmUX0 3EhnjuIhJG2V9SMVJWG19psty2jW1y32lSGIRSQOh5bGP1qzb2N5FcK73IZAeV55qnC2+hKm3otT TorMubG9luZJI7oKjH5VOeOBUy2twLBoTP8AvSeHz9KnlXcak77F2srXdNu9Usmtre7SFJFKyLJC sgYHvgjqKIbC9SZHe6BUMCQCeRUl3Z3c1wXiuAiYGBzT5VfcOZ2vY5e3+HMFlPE8FykqiOOORbmB X4Q/w8cfStmbwpa3Fpr1rJNKI9YlEshTAMZEUcY28f8ATMHnPNaUFrdR2c0T3G6RjlG/u8D/AOvV dNPvlkRjdggMCRzyM0cq7hzPsY6+C5JdNgtr3VZZ5VuTcSzbFBfK7cYxgcAVDL4FubnQIdIudYea G0nimtC0KDGx9wD4HzAjj6V0l5Z3c826G52Jj7p7flT7O1uIIpVln3sxyD6cUuVWvcfM72sQaFpA 0ezkh/cbpZTK5hhWMEkAdB1OAOT7VqVkDTr7eCbsYDA9TVq9tbmfZ5M4TA5z3p8qvuJSdr2LtV3v 7ZH2NKN3TGKgtLK5iEonuC6uMADtUaabaWpTz59zM42eaVGT2A45oSit2JuT2QX4vJp1ihyIjjJx x781ctLYWsPlhy2Tkk1PRSctLDUEnzGfrV/LpmlTXkMBnaIqSg7qWAJ/AEn8KxrXx7pMqZufNt29 42cH/vkGunkjWWNo3GVYEEHuK8rv/Dl/Df6gtraTyQ2rgqfLJ3g4Py8fNjPb0rpw0KVROM9znxNS pTalDY9PtLuC+tluLZ98TdGwRn86nrkfDPimCWJNO1DFvdqwjjBQqHHGO2AcnGK66sKtN05WaN6d RTjdMKKa7rHGzuwVFGWYnAA9azdC8QWHiO1mutNeSS2jmaEStEyLIQBkpkDcvOMjjg1maGpRRUF5 ewafatc3LlIlIBIUtyTgcDnqaG7asCeiubuPGFmmox21v+9AZRNnKuAccqp5OM5PHStey1ay1CaW G2lZpIgC4MbLjP1AzWMMRSqS5YSTfkwLtFFFbAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHPeOP+RQvf96L /wBGLXl9eteJ7J9Q8OXltHuLlQyhRkkqwbH6V5IDnOQQQcEEYINergGuRrzPLx0X7RPyFooorvOI KKKKACiiigAooooAKKKKACiiigCxp/8AyFbH/r6h/wDRi17TXjWjwSXWvadFGGJ+0xu21c4VWBOf TpXsteTj/jXoengfhYUUUVwncFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFcf42utWtIVe3u1htGI UqgG9j9SOn0rrndYo2d2CqoySewrzmZ5vF/ioJFJK2nRyKVPlkBUGN3UdTz19a6sLH3+d7I5sTL3 OVbsPAqGTXZZGyWWMkk+9eizSrBA8z52opY4GTgVVttLsrO5kubeBY5XUKxXjOAAP5CuI8WeJp55 raxtpr+zAuFS7jtUU3IUuFDoGVg4HUgAnbnioxFVVZ8yLoUnThys0tL+IenTs6aoPsEkl4ttajBk 84PtCNlQduS2DnGK7KuG8O+BltbibUZtTlmNzIjnbCkYlRQpUsm35GJXkLgHA4BzVrxrr8lrpd5a 6XJqJvrcwtONPtjLLHGzjlcqy5xyeCQMnHSsDY6+isLwpqF1qGlyG6Nw7wyeV51xbNA0pCqSwVlX K5JAIGDit2gAooooAKKKKACiiuG8ceJtV0yb7BY2l+hlWPyrq1t97NIzgBVLKyD/AGg38Occ4oA7 K8uo7Gynu5Q5jhQyMEQs2AM8AZJPsK8u1G7mnsW1i51GeLVWv7UrE8I3afbyOigpE64LYOSSCRuP Qiuz8P8Aiq1v0jsby5T+1I28mUKhCPKFVmCtjBxuA475q/rWgWurxM5RI71V/c3IUFo2HIPvg880 AZ+l+J7aK8GialfGXUo5PJacW7LFI+AQu/bs34YcA+vocdNXlOvaZf6L4eg+1tBaWdjeRXRmjw8l 3d+YojJyDgbiuT6Cum8KeLodR+0WEj3c39nxxpPqNzF5STSMAcDgD+IdgD24oA6yeeK2geeeRY4o 1LM7HAAqhoniDTfEVrJc6bM8kcb+W3mQvEQcA9HAOMEc9KzfG2jNrnh+SFp7r7JH++ntbVQXuwnz LHnBIBIHTk1xXhfXX8P6rcxXdtfPJcXNtb3NxOjECRo0VY4wigKEXaCG57ngigDsPEnhNb5n1CwZ kvgVbaCNr4xz0znA496o+HvFsltK+na5JL54lCK8kWGXOMKwA985x0I+tdnBcQXSF7eaOVAdpZGD DPpxWRr/AIattaiLgmK6GNsq459j6iuqnWjKPs6u3fsc1SlKL9pS37dzG+IsF7eaTDD50sWiF1fU WtUaSeVAwxEgUE/McAkdjzxmue0nWdc0K70trgrbWWqXccFnoP2b95a22FXecLuUjlm3cD25rV0v X73w3ePp2sCVrcOAHKk7BgcqcfMO/fvT/EnhkXaXmtaLcXc17qc1vDNNE6s8FtlFkEGVIXKgk5zy T0rKrRlTfl3NKVWNRefY6bQPE+l+JlvH0qZ54rSc28khjZV3gAkDIGcZqr4juLkT21uQ8Vk7qZJk j35bcMKeDtBOOa83bxJceF9U1BNEszaaNbXMVsrG1kkF5MAgdXcKQjHdweAT3znHqJurTxFZTWUF 55F1H5ZmRcGSBiFcBlPfBHX1rjxVKVWhOnF2bTX3o1W5534zt4bO/ttQXR4lX+0rRp9SwDIv7yNe O/oP6V2Ec0tv4ii+xmSZ5Sq3EOzKqmfvbscY+vNZ974InOpeaJ7i6864SYyvKQsRUrzsB24+XgAY z1B5z1WmaQ2n3E08l5LcvKACXVVwB9AK+ZyzJsVQxFOdR2ULq997paddPu8kjapUUlZGnRRRX1pi FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAU UUUAFFFFABRRRQAUUUUAFFFFABXA+KvCMyzz6npwkl8xw0lsq5IPAJXAz7/nXfUVpTqSpy5omdSn GpHlkeIPFNExWS2uEYcEPCwI/Aim/N/zyl/79N/hXuBVW6qD9RTJPJijaSQIqKMsxHAFdn9oS7HJ 9QX8x4l83/PKX/v03+FHzf8APKX/AL9N/hXsQ1PSyLci7tsXJxB8w/eH0X1qxDNa3DTLC8UjQv5c oUg7GwDg+hwQfxFH1+XYPqC/mPFfm/55S/8Afpv8KPm/55S/9+m/wr2CHVtLuNYudIiuImv7ZFea ALyisMg9Mc1bne3toHnnMccSDLO+AAPc0fX5dg+oL+Y8U+b/AJ5S/wDfpv8ACj5v+eUv/fpv8K9p tprS9t1uLV4poX5V4yCD+NTeWn9xfyo+vy7B9QX8x4h83/PKX/v03+FHzf8APKX/AL9N/hXt/lp/ cX8qPLT+4v5UfX5dg+oL+Y8Q+b/nlL/36b/Cprexvbx1jtbK5lZm25ETbR9TjA/GvafLT+4v5UoA AwAB9KX1+XYFgY9Wc74X8MLocTzzsJb2X7zDog/uiujoorinNzfNI7YQUFyxCiiipKCiiigAoooo AKKKKACiiigAoopGJVSQCSBnA70ALRXG6B4/ttY13UNMvLZ9MktyBAl2rI8wx8xGRggHjg10Oo6x bWOjvqIkV4sDYV53EnAxj3NNJydkJtRV2c9411xUhOj2rP8AaZWQPtU5AJGFHHJPA49a1/C+if2J phjZmaad/Nk3Y+U4A2j2GP51znhXTH1vU59dv2dmWYFMqAGYAYPTkAYHHpXdTzRW0DzzOqRRqWZm PAArqrtU4qjH5+pzUU6kvay+XoZHi2+On+GbydVJOFQkBiVDMFLfKCflBLcDtXJeHdCt7yVdOtNa XV9O025SSZ7qENKkpVZAFlCgHkq2RyOAaxNYv5fEnjC3u9Mn1G5gLRS2sEkT2vlkFcEB1AkiYjLd TgnoMY9W0zT4dNsVijhgidvnmMMYQO+AC2B34H5VyHURa9cxWmjTyy3Jtx8oVxIsZLEjChm4BJwP xrzrSrbUPFWrahOt/fw2d+yRzvarGpi2qh8uZWUkPgkBl42kcZq54i1RfEuoQyaYkuo2OmXiR3mm z222O5BcKXQsPmKk5HqU4z37fRdC03RIrj+zrY263UgnkTJ+9tVeh6cKOBQBpIgjjVFzhQAM06ii gAooooAKKKKACqOsacdW0qexW8uLPzgFM9vt8xRkZxuBAyMjOO9XqKAPIde0r/hHLzStNsNS1gQW kq4mWz3xWcRKl2ZhGd8jDIHPVjgZAxvaV46neVrF0nuJYrzZJNJaugSD5dpbC43tnhepGDjBzXoB APUVwPizw9Pp8X9qae1zcKt7FdSW2zzQjhvmmwFLOVUDCj+6Mc5NAHZXVlZaxZxpd2wmh3JKqTRk YZTlSVPIIPrXm+saJe6Dqd9fyHUdU+0XYvSEhxa2ihUTcyqN0jKE4UEjAHHUm14Y8ePai5g17+0W Y3IZXe1ZhaxOEEaylY12FmbIVssAQT1Feh3drDqFjLazAtDOhRgDgkEetAHDeF/GkUUIXWtXmvH1 LUNmmH7HsJhYIq5CL8q7y3Lf0rT8aaJHLoOp3lpJJBcv5TzFC53ojqWUKoJ3MoK8DJzWH4m8JXtp d2C+H1uTJeahC01yAjfYoowgXaGUjaNpOCDkk+tdPp1/pGhrHpH9pyXc4mEUksjeY3nPggOVGFJy CBgdaAOG8O64dAu7yWWB9NgupEu7m1eNtlrCEjjXC7dxlkwPl5yT0zmvU7W9t7xN0EoYgAsp4Zc+ qnkfjWZrnhiw1t4riWPbeQEPDMpxhhyu7+8AcHB4rzuztL3wVNNci8up9WmnigFrdBGWYu6qZgyK Cy85weV2ntQB6drGjW2tWZt59yHIKyJjcuDnjNcTDdar4P1V7aRZZNN8wHLJ8jA4yytjgjnjPb3z XX6P4itdWvLqwUOt7ZhPtK7G2KxGcK+MN+BOO9X9QsLfU7KS0uk3xPjI7gg5BH4iuilW5VySV4mF Wjze9HSSORm0WLU7fVNW8Kak8V3fsnmRShWgWUbB5hRkJDhVBHYkDIrm59KGjeIotO8NC6vPESze fqOpXe4QxKwBO8hdpypwq9vrmtO9s9T8GXwns5pn05nXcSoYP0GH4wOeMjHauhk/s7xtoN5Z213P ZtOVW5e3ASUYwSMsDkEfLnngmirQ5Vzw1j/W4Uq3M+Sekv62J/CHiX/hJ9Ga9aAQPHO9uwDZVyvV kPdea6CvCLnRdam1W9Swnngv9Pu44rWxQmMWduvllZkyNkmcktuz37iu+8OeNbzXvFt3p8dru0q2 Xykv1ik2XMoA3bW2hQAdw6+nqK5zc7miiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACoby2S9sp7 WTOyaNkbHoRipqKAPme00fVLC6e6vGvza+Db0G3TyCDJmdefu5YFc9OMY6ck2dT8U+MvD+hW+qaS l9bprV5cX9y7WgyrEqiLlkOBhMj1z6Yr6O2rzwOevHWgqpGCoI9MUAfND+IfE9vrGp6yL+9s9Yn0 6zEXkWAmF3JtTKn5CqkgnjjkfhXp/wAStR1Cf4e2WmR2U82q6xJBCbeJMH7ys4JIIXgEZPTNekbF /uj8qCATkgcUAeC+HtX1jwd4B1XSZjd6ReWOswceSJzBbTGMkKdpVzgscDJ57cVbvfG+t22mRzw+ Jb17B9eS1GoPp6K5tiiFiEMfO0luQM169reh2uvWkVtdtIqRXMVypiIB3RuHUHIPGRg+3pUOteG7 DXptMlu/MB067S7hEZABdeRuyDx+VAGJ8NNY1XWvD95Pqs09wYr+WK1uZ7fyWngAUq+3avqR07V2 dAGOlFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAVy3jrVJbPw9KlheSxXfnQCQWiiS4WEy qJCiYbLbC3Y469q1vEGu2XhrQ7nV9QZ1toNu7YpZiWYKoAHqSBXmlzoq3uu3Nxr+magV1e6guLHV 7GLMlnhYwiNgMEAKjJIxyaAIvD/9leM4Bpd499q6fbWnWeeNkksI1xtUybFGSyEkejfidjUWOrat b6DpaONOtnSICNeAONzZx256+lamsXEvhrw9/Za6lNd6ncNn7SYEV2XcM7tihc446ZNaXg7Rn03T muLgH7RcHdhhgouBgevqfxrror2UPavfp/mcla9Wfslt1/yN6ztIbG0jtoF2xxjArjPiDrfkwQ6W tyLeC5cRXN0bczxx7iAqSYB2BiVG44611es6mmkaY95IFIV0QBmCjLMFHJ9zXDaf4eu7nxNKS0cn kXpmnugwPnROoPlOOdw56jHQehzyt31Z1JW0R0Pg7R57DTNl7ubY/wDo8TssiwAAD92+Adp685xW lrVxdvpdwujyJJfIyfIrKWxvXcOeAduetZ3irWbbTLKHSYb9bC9viLe2kVQRCSQA3IwByBz61ykN jPa6vpltFpuo2mtQ3sPm3VujtbXNvkGQvIVK8ruGMg5xyMikM0vCPhlm1PV729E0Df2is4t4VMcB cInIyoL4PfJGeB0rv6KKACiiigAooooAKKKKACiiigAooooA5Dxj4be70W5fTnnjlM63bwwxo/ny qV2ltynO3aGAHdRWbp/iiDRL0w3F9q98Lgo8gvbbyvsrMF+X7ikcEHaeea9BrKuvD1jeX7Xc4d95 RpIWwY3ZCChIIPIIBBGOlAGmjiRFdfusMjjFedeKPBi6fc/25p0t8ZWvoJGSCISGLMqiSXAUlgF7 Y4wTxyaNR8Zajofiq9W5hmNnLfRQQfaEKIsARPNaMbd0hB3njIOQPYdrYa5Z6jO0Nv8AaNyoGYyW 7ooyfu5YAbu+3rgg4waAPPtC8USWGuXcura9rM+lrKFtIp7AbvLZV/eTFIgVXeWAzt9+1ehanpVj rtkolWNmA329yEVnhf8AhkQsCAwOCDjqKx/EvhWDUbe4khEqiaZLm8ggChr0x7diMxBIX5FzjBwM ZrlNG1S40NpbG9vr1Il1BWcRR7mMjbD5EQ2HMKrjc3X73zd6ANzVYJvCPhG30rR7grqd1MsUd6YR 8paQb5XyCvCknnrir/hPxLa31na2M1/Pd32HAuZbV4ludp5ZCUVSOe3HXGcGtcPpvifQmMUi3Nhe RMgdeMg5U4z0PWuXfTNP8GvBfXmrahqMtrCttp1i6xkjOEARUQFmJ7n16UAdvLFHPE0UqB0YYKno a4LWfD954fuDqejSzeWGBZFXcUGRxjHK/wAs1d0LxlBLefZdRN2lzcT+Ur/ZnNssmB+7WTbjPIHJ 5OcV10M8NyrmKRZArFGxzgjqK1pVpU3pt2MqtJVF59zko9RtPGmjXWlyXElhqEsflmSMANt4J2kj oeQR169ODW/4e0gaDoFlpYkWT7NGI/MVAm/HfA4ya5zxJ4VaJ5NW0kzC4V1k8mMA4II5UAZ98c5q fw54uWcLZavIY73zBGjMhXfkDG7gBTnt9K1nRjOPtKW3VdjKFZwl7Orv37nX0UUVynUFFFFABRRR QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAF FFFABSMwUZYgD1Jpa4r4hXljdaWdCm/tjzLh4meTSoWeSBN4+ckAgLwc57e+KAOa8Z+Jk1XX5vDc l5CbVru1hFi1n5oukYozyGQjCovOWB429QcV0fhJ7PRdEvby31q9utAicpbJeRfNEQcYRtoZlzwM 5+p61yGlaXJ4klt9OS0ste0e2u1WLVXHkTW8ICloXRQrBhk4z1yCc10niS8F1eweGdMj8u3ikSN0 ij4zwR26DIOfatqNL2k7dOpjXq+zhfr09RujWT+KfEc+qXDS/Z4ZlYDtlcEL06cAke/vXoUkiQxt JIwVFGST0AqnpOmQ6Rp8dpCSQvLMerHua5T4g+JG062j0+BVYXDrHPIUdljBI+VigOwkHI3YGKK9 XnlpstgoU+SOu73JtR8S+dfTadNo11f6fPPBEJfIKQhHC/MHYAPgknC5IxjrXR6Xo1hodvNHp9v5 YlfzXGcl2wByT7KB+Fcv4L0K3F5PrcGq6jeW8qiFY7xQFLJgeYBsX0wCAARzznNa/inX4tKsvJiu yl9IybI4k8yUqXAJVMHPB9KxNjlNQnWw1q7k8aQ/aLDUo82qC0L/AGYxkERhkUksxAYZ5zwK7bw7 p39maUIlur6eJ2Mka3pBeFSBiPgA4GO+Tz1rG8MzSeI7BotZt5blrGaOSO4uIPL3yABgQAACV4BI GM59K6+gAooooAKKKKACiiigAooooAKKKKACiiigAooooAzNY0aHVI1kXZFfQg/Zroxq7QMf4lDA jP1rzO70++0PVbq7ik1aa7h1FYNNsli+S9dkjLzzNs5UFm5yABGBnOa9fqtf2SahZS2zySRiVShk iIDgHrg4OPSgDJ8HX82oeH0e6uZrm6jkaOeWVUGXHJA2AKVGcAj+dTaz4ei1RJZIZ5LO9kQRC7iC l40yNwXcCASMjOO9c34p26VaWekRzXOmaLbRrNPeQRM7Nh1CxKQDlmYgY6nPFXfBev3uq32r2+or cwSxyo9vaTQbfJtzGoXLY+8x3MQx3DPTGKAM698VWXhS4g8NaVY3KtazwQLuhYpN5hBIVscnDE56 Z46kV1lndaLr1w9zavbXc1lJ5TSAZMT4Bxn6EGnapo0V+UuIvLhv4v8AU3JiVyh78HrxxXAiWfwX dWNo+pX8dsJ2F1Kmmhlnd2GzLKhwpLhFAIOfWgDR8R+FJrGBLuyv9Se3guDceRGFfyASpcxqELOx wQo55Y+xFrwbql4mp3Wj3UXIX7R8sZzbghAI5WwBvIIbnn5vQcdDoniGx14XQtRcRzWriOeG5t3h kjJUMMq4B5BBqrrNvdaVpV7caHbs17c3MckuBvY5KozAHrhRnHse9AG8CCMg5HtXMeI/CcWpNJfW ZMV/w2BjbIRjk8ZzgcHNYOl63deHb28tAs15psWpw2k88x2uk0wi+WNOu0eYpOTnk44wK9DimjnT fFIrrkjKnIyOtXTqSpy5okVKcai5ZHEaD4rmsZ207XWmWQSbUeSMgpnGAcDp7+/Wu5VldQykFTyC Kx9e8O2utwfMTFcL9yVQM/Q+orlNO1y/8LXrWGqrM9oHADFCdoOOVOPmHfv3rpcI11zU9JdV/kc6 nKi+WprHo/8AM9EoqG2uoLyBZ7eRZI26MKmrjatozrvcKKKKACiqd3q1hYgm5u4o8EAgtkgn2HPe qbeKdHBwLpm/3YXP8hVKEnsieaN7XNiisceJ9LI+WSY/9sH/AMKT/hJ9O9Z/+/Lf4U/Zz7C549zZ orH/AOEm03u8w+sLf4Ug8VaP3uJF+sEg/wDZaPZz7D549zZorOt9e0q6YrFfREg4wx28/jj1rQBB GQcj1FS01uUncWiiikAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFF ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFACOwRGY9FGTX Lax45sdM003YVgodV3zEIgywHXPvxitfX5buLRp2s42eTgNtAJVM/MQCRkgZrzX4lW9i/wAMriUb XMPlNA7tyCZUyfrjNeRmeZSwlSlSjG7m7Xtov0v5FRhzX8jtr7Wf7Y037HZXd5pV7cbRDcCJHMbZ BHXKkHp9DXA3f/CRaNrf2vUJL2z8QXc0Vnb30KpJYXgygUSJy0ZY5XgADr711s0v/Em06W2PmXKt CYFRh87ZXjqB+tdgZxHY+fdoI9qB3UkHaRzTybMZ4+g6k42advJhUjySsc7rV2nh3QpZ7eCG31S+ KtL5IGDIQAz89cAdfYVD4L0aWNZdVvg5uJm/d7iPu4B3fUkn8hWRbwTeL/FL3ZE39nxyKcMwwiqF +Xr/ABYJ49a7XXNWi8PaDc6k9tNPFbID5NuoLtyAAASB3/Kvoqj9jT9mt3v/AJHFTXtqntHstv8A Mb4i1uPw9osuoyW8txteONYoioZ3kdUUZYgDlhyT0rhtLstcv9e1u1k0+1it7y/gurxb7ZJIqBIv lTaSrLhOM4Knt3MC3Op+OdRnnW0G3TmijksftAkt7qKUI5zhsLKvPXpxgnOK7/SNF03QLed7SB4P OIlnMk7ytkKB95iTgAAYHHFcZ1lq+Z7bTZfs9o1wVTasERClh0wCSAOK8ks9Itr7XZLVxMl3NeRC fT7591xbKuxklhmGSuBg7c4JB9edTWPFWu3epN9muVtdMtr6O3jv7VVmilkYxlUlAbcow4UnHUjg ivRNOSeWGO51C0ghvsFWMZDYHseuKALUEXkQRxeY8mxQu9zlj7n3qSiigAooooAKKKKACiiigAoo ooAKKKKACiiigAooooAKKKKAGSRRzLtkRXXIOGGRkHIrzzXPCWtRajdS6Le3gku50uDM0i7TJlVP mYw21UXCgcDAyDzXo1FAHP8A/CU6dYX9vo15dtJqAEUUrhPlEjABQx6AsSMD3rT1bTItXsDayySR fOkiSx7d0bqwZWG4EZBAPINcl4m0G+srfV7ywubp4dRvbWa4htox50aqY0kZGyD9xPw5xWf4c8YP pt7d6bc6frtxC98vkNMVme0gZYlDTMXJVS5dh1IXkgDFAEF5p2oeHdb1a81DV9cTTXeCeO/jW2bz pQFQI4CA8thQNuORyK6zR9ela6jg1UyQXF2cW8ThNo2jkblJ+Y/eIPTOK6CSOG6h2sFkjbkdx9RX mXiLwW2lGe7tprlknvI2jljZl+wxnaJZWIbLuVDAMenyjtQB1uu+DbPWZXuEubi1uXkRzLGwO0qR kqrAqGwMbsZHUc1xtnr934Jk1iCHQ7w2MF1Edk1xGREjBVG05yXkOWAPGWUErkhd7wZ4ngMcWjTx ahG6AmKa+2B5EOGDNhmxndwT1xXVz6Pp91erey24acADfuI3AcgEA4P40AWreX7RbRTBGTzEDbXG GXIzg+9U9Y0e21qxa1uC65wVkjwGUg54yDWhRTjJxd0KUVJWZ5Zczar4SvbrTrW7IhcbgwCnJIA3 dOGGPpXYeDNTm1LSJBcyPJNDKULtjLDAIPH1I/Cp9Q8I6RqV1LdTQyC5lILSLKwyQABxnHQDtVXR /C0miaq1xb3jPbuNrRNkcfToT7121KtKrT1+L0OOnSq06l/s+po69rP9jWSyJCZppHCRoCAMk9ST 2rlZdQ1S8jYXN9Ioc5CRAJs9sjk1b+IhZbOwdGKss4YH3HNcsuvhI8zWspbIH7rBH15Ip4eknDms LEVuWfLc0orKKNzIcySE5LuAWP44qxVWDUrS5XMcy57g8EVZV1b7rA/Q1uYi0UYPpRikAUUYPpSE hepAoAjltoZv9ZGrHOckCn2r3lijC01C4QswPzkOB07EY6CoZr61gUtJOgAIB5zyf/11QfxBBudY oJpNp4f5Qrfrmny30sHOou9zt9A8QT3ly1hfxYuBkxzLjbIoA7ZyDz6V0deX+EJpLrxtHPIzDMEg WMOdqjC9umeOteoVwYiChOyO3Dzc4XbuFFFFYG4UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAU UUUANdBJGyHowIrkNV8HLJYCPyxqSI4ItbjGCCeeSe2SfwrsaKxr4elXjy1I3/T0fR+ga9Dm9P8A CiWv2VmuGRYJBIsEXyoCO3XkVleNdbaaX+wrRJGld4xIVIGWJBVevuOvHNbOreK7PT0vYl3tdW5V BHgfMWxyOegzz9DWN4O0g308mt36SNL5pMLO5OePvdefQZ9K7cJhqeGhzqNktl3ZyV5uo/ZQer39 DpPD+jRaJpogTJkkPmSknOWwB/ICovEGvf2KluRZy3YlkEbpCAWAPTgkcnoM8Vc1jUJNL0qa8hsb i+kjxi3t8b3yQOMkDvn6V5fpa3eseObq6t7a482Z43kLXzL9nTCrIrxlucDcAApB4OQeRlKTk+Zn TGKiuVbHbeF7DSblm13TbW+09rhm861kmIQvwpJjDMmflHI9/U0/xtrVvo+hs7yH7SzJ5ESyqjSH cAQNxVTwSdpPOMc5xW/Bbw2VqIbaEJEg+WNBiuJ1fQoPH8Mk9pqtxbtbXSI8E0YYQSRlSRtz8pK4 +oYZBHFSUZ/gvw1ZXzPfQfare1E6TeZZXzLbXzDacvCHOGBUK2QM4xyOvplUtK0qz0axW0sbeOCI EsVjXALHqcVdoAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACsDWvDEOp 201vA7WkV5cpPftAxSS5C7flLA5GVUKcHpxW/RQB5hoPiS40O6min0+ay0Jbt4VaWUSLCPlVfmLF ssx4XH5cV6JbXVnq9gZIJEntpQVOOh9Qaz9a8OQaq1tKm2KWC5S5+7lZGUjBYdyMDBPTFYOj2TW2 q6r4l1GWfTraGZ1SyMh8sIFUeYVGBuY5Pftz2AA/WfCMgjWz0u0R7Sd4xM0lw/mRqJAxAYsG2YBA UHjPTHFWbjxbp2g3p0qKzv7i3tZooLm6VlaO2aUjYrM7gn768DJwRjPStLw34kh8SxXssFpcW6Wt x5H78AF/kV84B9HFZXjXw7NdaNPPpMVwbxJ0uvs9rIIzPKCo3NllDEKuQGODtFAHYUV5foetXng6 5uV127vZdPuZkNvLfXAd1XaoZiCxK/MSNvc9B0z6XbXEV3axXELbopVDIfUGgCWiiigDi/iL/wAe Nl/12/pXBV3vxF/48bL/AK7f0rgq9jBfwjyMZ/FGlFbqBThkfdZx9GIqQxFYUkc7d5wgxnd7+wzx +FSPp98hwbRz86oMMp+ZsEA88cEHnFdT5Xuc2pAGkHSecf8AbVv8aN82f+Pm4/7+tUv2O62zMYdv khWbc6jOWAGDnnr+mOtBs7oSeX5Hz5UbTIgOTjA69TkVPLT8h3klfUiLynrcTn/tq3+NIcsMM8jf 7zk/1qy1jMtt5pB3Dlkx90bgvXPqaF069YZ+zEcryXXB3HA5zjmi1Na6BeRU8tQc7Rn1p1Wo7C4b zTJE8aRqxLEqOR7ZzVWrTXQTT6m/4J/5GyH/AK4yf0r1KvLfBP8AyNkP/XGT+lepV5GO/i/I9XBf wgooorjOsKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK KACiiigAooooAKKKKACiiigAoqG7uUs7SW4kDFY13EL1Nc9/wmlvni0lx25FAHT0Vy//AAmlv/z6 S/mKP+E0t/8An0l/MUAdRRXL/wDCaW//AD6S/mKP+E0t/wDn0l/MUAdRRXL/APCaW/8Az6S/mKP+ E0t/+fSX8xQB1FFcx/wmcH/PnN+lH/CZwf8APnN+lAHT0VzH/CZwf8+c36Uq+M7cuoa0mAJAJGOP frQBxeqW13qfiW/W1t5JpGmwFXHoB1JwPzrvPD1pe6PozrqlypCtlAzcRLgDBP1z+datnZ2tsrPb RBPOO9j1JJrmPHN/A1p/ZawahcXMkZkYWQDeVHnBd1LLuX2GT7V1VsS6kVBLRHNSw6hJzb1Od8Q6 u2rW1q95BqMu24RLeTSrry7eeQyhQofepD4OPmG3Peuy8J6I+lae8t3Gf7QuHLTSykPMVHCK8gzv IUAZyenWue8BeHoVtIruGWaG0ikzFb294720p2gb9jHKnOcr0zzXYa3fvp+k3E8ME88oX5Y7dVaQ ZOCwUkZ25yRnoK5TpOG8azTXOuNZ6cmstOzxLMFvTDaMFw5GVcOh2/xKOTwTiuh8P6FLbX41iCS8 tVvV33dlcz+d8+AAwIJAOABwa5jwf4dsvEXn3uqW9zPOkyf8TKG9dUvQoBAeMPlWU/KVYchRyRjH p6qFUKoAAGABQAtFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUU UAFUNY0yDV9Oa1nTeoZZFQsVBdGDLux1G4DI6Gr9FAHikuka94biji1BtTnjGpQzTT2lyYonMsqK sajeDIxJAJYABemcc+i2HiLUobkxeINIOmwuV8m68+NogWYKsbHdneWPYYORzWtrOj2uu6a1jd+Y Iy6SK0TlHR0YOrAjkEMoNef+MdK1G2iiuNTurq+gj1Czt7G2ikOZVMse9pBnBcncoPYYxg0AdP4w 8EWPiyBXdngv49ghuVdvkUOGI2ghTnGOR3rX0XRYdEtGhinuZy7b3e4maQ5wBwCSFGAOBgVi+Hdb 1W61i60y9h3Tw4lu2BG22LgFIQQTlgOT2+ausoAKKKKAOL+Iv/HjZf8AXb+lcFXe/EX/AI8bL/rt /SuS0yzgu4rrziwKqoQq2MMzBRnP1r18JJRo3Z5OKV61iss8f2UxSwGSQH93J5hGwdcYHXnJ/Grc +rtLL56xyJM0iSSkTNskKgD7vToKe2liHSZWmikF8t0kaqGH3GwAMZ6k5/SqklhLAZDOjxqqowU7 S2GcJ2JGcnPXpXQnBswakhEuwInikhEkbIExuIPDBgc/UVNDqMcd9LdS2iSl2jYAsRtKBQP/AEEU T6RdQtdDy2YQE/vBjaQACe+c4PpUp0SbZHjJkdgNnGcbQxI59DQ3T7gozvtsRPqhkEyvArJLkFdx HBdWIyPpj8alfV0dp1FqywStG3lidvkZMbSp6jpUQ0uXc4YMgWSJOSpOXx1wTjGeaZ/Zlw8zxRI0 hjkaNsYB+UAnGT7jFFqYPntcU6grRSB4GeY5VJXmYlVPUHJ+Y9eT61SrTGjSBQZGZC08cCqQCSz4 xnBxwWwfp3qtewJbrbKElWV49zhsYzuYdj7CnGUdkJqXU1fBP/I2Q/8AXGT+lepV5b4J/wCRsh/6 4yf0r1KvLx38X5Hp4L+EFFFFcZ1hRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAZ+u/8AIEu/9z+tcp4c0W21e1uJJ2dWil8s bT1G0H+tdXrv/IEu/wDc/rWN4H/48L3/AK+f/ZEoAlPhPTQcGdwf9+j/AIRPTP8Anu//AH3Va/8A DOoXOoXE8dzGqSPuALNxVf8A4RLVP+fuL/vpqANH/hE9M/57v/33Th4Q09hkSykezVmf8Ilqn/P3 F/301dHolhNp2n+RcOrvvLZUk8H60AUP+EPsP+ekv/fVH/CH2H/PSX866GigDNuY9P0rTmnmgUxR AAkICTyB/Wq5v9JW2s7g2+Eu5BHF+7Gck4Gavao5j06VxbC5Ix+5Izu5H/6/wrPa4c2Omt/Y4JeY AxED9wN33v60ASpd6W+ryaYtuPtCfe/djb0B6/Q1h+LoIobm18uNUyDnaMd63Ypm/wCEgmi/s1VA /wCXrAy3yj/9X4VjeMv+Pm0+h/nQB1MCh7KNTnBjAODjtXD3ngm8j12O4hnubm3a4V0n+2OlzaKc bgGJw8fB+QjjPHPNdzbf8esP+4P5VLQBATb2FqzsUihQbmboPcmvN76+XW9Uv1ePV7jzL6GPS7nT 5TGsUZWMMdwYYIYuzBh0xXQeObyUWqae+n3k1lOA0k9swBRlYFeSwGAQCc8EAjnOKr/D3R3iszrU 11dvJdqdsUjlQAcZZo1JQv8AKBuGeAMHBoA6TQtDtPD9g1ratK/mSNNLLNIXeR26sSfoPyrToooA KKKYk0cjuiOrNGcOAeVPXmgB9FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFF ABRRRQAUUUUAFU9Tsn1DT5LaO5e2d8YmjHzJyM7fQ479quUUAZui6FY6DayQWSynzZPNmlmlaWSV 8AbmZiSTgAfhWlSMyoMswA9zVWXU7WLOZAxHBC800m9hNpbluisptdgyQsMx9zgD+dQSa5IR+7iC +55q1Sl2I9rHuY/xF/48bL/rt/SuDDOFKrI6gkEhWIzggjP4gGun8ZX013BaiQjAkyAB7Vy9ethI uNOzPKxTUqlx7z3Ejs73Vwzu6yMTK3LLgKevUYH5Ux3kbO6aUg4yPMOOCCBj6gH60AbmUHoSAfzr entdMttUa0S2ImE8Qj2yMwCbVLb8sepNbuSjpYyjByMU3Fw4xJc3DqWyQ0rHPTPfvgVcvNSjuI8R pMkodWVjKfkwAMLz0471YtdIjmhWSaGVQt3AjZk4kR2XOMdOp9/6SvZ2ptbiFbSVf9P8sDdltqqr BRn1Oe/eoc4XHaVtf63MPfKM4nmALBiFkIGR0OAe1KJJgWPnzZZtxPmHk8An8cDPrWk9nbJaXN20 M6rGIysJYAgs4Xn881d/snT/AN8u243QzQxNyMEyBT+m6m6kUCpSvb+uv/BMFZplxtnlADrIAHIA YYIbHrwKYS7fflkf03uT/OpbmE211LAesbFairRW3RD8zf8ABP8AyNkP/XGT+lepV49oDMuvRFWZ T5b8qcHtXaLcXCHK3E34yE/zrzMXS5qlz0cLU5YWsdbRXMJqV2n/AC2Lf73NWE1q4X76q36VyujI 6lWib9FZC67GF+eB8/7JH9TU8es2r9d6c4+Yf4VDpyXQpVIvqaFFRx3EMv3JFbtwakqLFhRRRQAU UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAFDW kaTRrpUUsxTgCvPrTULuwRkt5niDNuYDjJxj+leoVXNhaEkm2iJP+wKAPP8A+3tU/wCfyT86P7e1 T/n8k/Ou/wD7Ps/+fWH/AL4FH9n2f/PrD/3wKAOA/t7VP+fyT86P7e1T/n8k/Ou//s+z/wCfWH/v gUf2fZ/8+sP/AHwKAOA/t7VP+fyT86P7e1T/AJ/JPzrv/wCz7P8A59Yf++BR/Z9n/wA+sP8A3wKA MCHxjapCiyQXDOAAxwvJ/OpP+E0sv+fa5/Jf8a2/7Ps/+fWH/vgUf2fZ/wDPrD/3wKAMT/hNLL/n 2ufyX/GsPXNXi1ee3MEMqlflwwGSSeOldv8A2fZ/8+sP/fApVsbRGDLbRBgcghBxQBj6n4mg0FYI bmyu3LIoDxqu3oO5YVkJ49e51CCCGyEcUsyRl5XAKqWAJ9O5rrNS0211Wza1u498ZIPBIIIOQQRX F2/gSR9QvILhnS2UA286kHdyMgjOfUV2UPq7i+danHX9upe5sdzNDb31s8MyRzQSDDK3KsPepI40 ijWONQiKAqqowAB2rgLjwjrtic6bfzyKrAqqXBjz07ZApYtd8TaKv/ExsnkjDAEyYJ7dGUnNT9WU v4cky/rDTtOLR6BRXIW/xBsHfZPZ3cRzjdhSP/Qs/pXRWWr2GoIWtrqN8HBGcHNZTo1IfEjWFaE/ hZiajdNd6zMkV1cR21tGVleKXaofAOOD6H8K4TwtrUmseOdWtIBPb2KRLLbzLMwkm5ClmIY7gSDj PbFdh4i0NZpbq2jstQayvo/35sZNhD5HP3gRkDnHUZzXG6D4bOleOrjULNtSuLQ2qRR24mDPGVwC rLkYUY6epr4zMljfrFa3Nqvcte3Tb+9vf5nTTcLK/wAz0zw9eebBPazSyNcwSEMJWy20gEH6YNbN YugWIgglvbi3kiupmJczHLBR0HUgCuQsfiB9ilvry5s9Tvl1HVnttPt7UK7COONFJCs4wC4f8f1+ nw3tPYQ9r8Vlf1MvQ9JorkE+JPh57OwnEswe9vVsUt2QCRJS4UhwTgBSQTz09a6+twCiiigAoooo AKKKKACiiigAooooAKKKKACiiigAooooAKKRnVFLMwAHc1mz63DGxSON5CP4uNv86qMXLYlyUdzT qvPewWw/eSDPoOTXP3F/c3DHMrIp/hRiMflVYkk5JJPqa2jQ7mTrdjal11MEQwuSDwXwAaozandS k4kKD0XiqdFaqnFdDJzk+o4u7ffkd/8AeYn+dNooqyQooqK5klhtpZIYTPKikrECAXPpk8c0AYni n/VW3/XT+lc/VK00rxlqWqXmtaxHNbwlwsOlicOqqAPmADYB/U81cDDJByrA4IPBBrrw8k42OTER amLSs7s+9pJC+Qd5cluOnPWkoroOck+0XGwILicIDkKJWwD7DOKRppnfe88zNuD5aRidwxhuvXgc 9eBTKKLDvcc8ssrO0k0rmQguWkJ3kYxnnnGBjPpR5s3P7+bkhj+8bkjoTz1Hb0ptFAvMVmZmLMxZ j1LHJP40lFIWC9TQBoaD/wAh2L/rm/8ASuxribO5j0dJdc1BXgsLddrSsOpYqo464yRzXYWl3b39 rHdWsqywyDcjqcgiuGs056HdRTUCaiiisjUKKKKAAcHIJB9qnjvLmI5WeQ85wzEioKKTSe4J2NSH W5F4mjDj1Xg1eh1e1mwCWjJOMOB/SudorN0os0VWSOwBBGQQR7UtcjHNLEwMcsi47Bjj8q04NbZF xcRlzn7yY6VlKi1saxrJ7m3RUFvdw3Sbo2+oPUVPWTTW5onfYKKKKQwooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooA8+1D4j3un+Jb+wOgPNp9leQ2kl3Hcx7syBMHyyQx5fsC OOvo/wD4WHeSeMLvRLbRkkgtLjyZbhr2JGA2hiwjZgzcHsDWdrPwxmvfEGqeIrfyDq7ala3di7zS KipH5YZXUcHIVux7UkfgfxBb+O9S1eO10OS1vbsS+fMGa4jQoqkKcYHQ0AWdP+LMF34a1vV5dKmR 9NljRbdHUtKrlVQjJAGS3T09+Kp2HxjbWLGwj0vw5eXOr30jrDaebGq7EKhnLluBy2MjqpzgYJzI Pg9qsV5pUn9oQxwiUPqcUUjqLgI+6Pp1xx19B6Ck0v4UeI/D9npmoaTqFmuuWM8oxIzGGWB3ztJI znk9vxoA6DUvidqGneHbrVX8L3KHT7r7LqEUlxGPIYhNpGGO4EyAcehqG9+J+sadeWFhd+FTBfXi mREl1CBUKZ4O8vjPt7ilvPAGu6j8P/EOmXl/ay6zrN7HdtIAyxR7WiO0d8YjPbvR4x8Ca1rGv6Nq mnJpU4sbbyXhvwSpPHIGD6UAdvqmsrpHhq41i7iKiCDzXjVg3OOmeh5rBn8Yajpvw1HifUtKEd3i NjZiVRgPIEX5s4HDBqg8dwahqOj6P4dXTprgahdwJeyW7bY4YUdWfLZDDgcY9K0/Hnhy58SeBb3Q 9O8hJpvJCCZmVNqSIxBK89FIoAwIPifcTeFNV1Y6IBdWF5Da/Z1u43SQyFMYkUlcjf646c9cXrX4 hMPD2t6hqWjzWl1pMiRS2yypLvZwuwKyttOS4HXiuatfhZqsvh7WrS+OnwSalc2rfZLSR1tkjiaM sQABh2CtyPz9LMvwwv4be90HT5IIPDlzqsF4V+0S+eIlCb13HnOVJHPoaAND/haB/wCEEvPEJ0S4 jubK+jsprKRgG3MY8lSM54kGM45GPepB8V9KEN3dPa3AtLbTor5mBUvl3CCPGcbgxA61TT4cajYv q9lY3iyaXd3lrdwrdTPJIrIU8zcT1zt4/CoJfhPJJqviiOO6S30nU7aOOzSORy8Dh1kPXou9ScA9 6ANaf4ganYeH7nWNU8MXNhbI0BhaaeMiRJJFTJ2sSpAbODWjovjuy17xnqOgWSiVLKCOX7Ujgo+4 A4H0zXPXPhDxrrPhO80TW9Q0ydC1ssARSAVjlRmLnGclVIx6960/DngM+HfiFq+tWkdpb6Xd20UU VvACpVlADHHQZIJ4oA7qiiigDN8QaquiaBeaiVLGGP5FH8Tk4UfixFcloGu6lZaVC3iC4nae5nw8 N3biMwAKGcAjOVAyQT+ldZrulvq+nG1WZY/nR/nTcp2sGGR9QK4/xBoWt6nL/wATOwkvYwBFHPp1 yEdULKWZkYqM8MOCTj8qANu3g8J+KIJbi3EEwVlEjRuY2ViARnBByQV/CqN94IszMY9OvWgnwGWN mJIAI5z1rjfEL/YH1WSHTrmAatNEjwFhDJGEiSOEAtIFU7s8qQeV64rq/DVvdWT6tq14xkkt7eC1 gkkuQ6ORErNg7iB87YJ46VtCvUhszKVCnLdFZtL8YaTNutpbq5jDhuLgOvb+Fmzj6VZg8XT6XLK2 oaSVldx5jxjBbgDvxVOz+IGpyLao9mkk32tkvk3orWsSKrOxIYqwAbOQSTkDrXRaf4r8O+JIbkbl 8uEpvFygAIbBVh7HIrT6zGX8SKfpoZfVnH+HJr8RIfF+katbS2zyT2ZlUx5lAB5GMggn1qlpvhGD T7iC6066FythZNBaxs+T5h5LEk9T6mtCTwdoF+DcW8ZUvyHimYr+WcVj3fgvULUs2lahLxgiNZTG 35gijkoTfuya9QUq8F7yv6HIJ4PutEvtJTUdEv8AUY4Y5rwlJBKr3z9ASX4AAHJ4yc+pqHw7ea3P 9l1qS+uJrqK8NxqWNUZViiABaJrdmC8LjGB3FdjDqHi7R1P2u1mmiDDJkIkJ6dwTVeXXPDd8LyLV PD7JJeYjuZIAFZ1IAyzBlbsBxzgCk8LP7OvoNYqH2tPUXTfG/iGLRrXV9S0xZotSukisLWAqJmDs NuckKOCeSeMc8V01l4xspbG/uNRgl0xrC6FrPHcMjkOVRhgoWB4cfrVOKLw7rF9pVxBdlP7Lytvb byqAkDBK5wSOMH3PvXLax4E1C3lgv2S+1ZTqct9PFZ3W2RWfaEdA7BSUCLgdu2KwlGUXaSOhSUtm ejW+vaVdWkd1DfQvDJIIlYN1ckALjrnJHHvVq7vbawgE11MkMZkSMMxwCzsFUfUsQPxrx2+8PWNn rOgWd6+oW0F/qLalNLePtkWQhFWIshODlQev44rT1y//ALag1HxHLLPJoOhuo0+BJGUXVypXbI2C NwVyMZyD+YqRnq1FeX+DNT1Dwh4J1GXX59Q1HUFv40W3lnEk2+WOHbErM+Dy2evc9T1taH8RNUuN Pt21DRJJb+7v5YILa0dMrEgXLklsHqelAHo1Fc7pHjXSNYgtXR5bea5me3W2uFAkWRPvKQCRkZHe uioAKKKKACiiigAooqG5uY7SEySE4HYdTQlfQG7ExIAyTgVl3esxxM0cKl3H8R+7WdeajLdsQCyR dlzg/jiqddMKPWRzzq9Ikk9xNcOWlkY5/hydo/Co6KK3SsY+YUVVm1C3hYqzEkdl5qMatbE87xyB ytTzx7kOpBbsvUU1HWRdyMCPanVRYUVg+KPFlj4VtYpLqKeeWdxHDDAoLO3pyRWb4Rl8VahqV9qW tw/YrKXAtbNmBZRgc8Hv789anmV7Dtpcz/Fmt+I9Uv7vw14b065iljeNJ9SEgQRKwVsqc+h+vpXS +FtDuNA0g2t1qd1qMzyGVprlyxBIA2jPbjP4mtrABJxyetLTtrcG9LBVO70qxvjm4gDH1DFT+YIq 5RTvYlpPcwJfClmGZ7aa4iZsZDSs6jHoCeKrv4auATsuFIzxkV09FaKrNdSHTi90cjJ4f1FD8ixv /wACxUZ0TUwQDFECegMg5/WuvklSJdzsAK8x8fakR418IvBLMsYvoxJtbCsDIuRjPNDxMo7slUqd 7HQroWpkgGJAM9d44/WrC+G7k/enRfoM1vw30E7EKxBBxhuKs0/byezCNOnLVHPr4VhfHn3MzAEH EbbOhz1FXoNB023cOluS4Ocu7N+hOK0qKhzk92aKEVsirqOm2erafLYX0Cz2swAeNiQDg5HT3ANV fsa6BoDW+h6eH8hP3FqsmNx9NzH+ZrUoqSjitE+Itnd6mdH1i0m0rVgwTyZsbWJAxhs+9drWTqvh nRtangn1CwjmmgkWWOTJVgw6cgjI9jxR4h1mTQdKa+j0+e8WNl3xwYLBcgEjn3qVdbj0exrUVg+G vF+k+KrVptPkdHRtrwTgLIp9wCa3qad9hNWCiimSzRwpvkYKuQMn3pibtqx9FUW1W2U4+c+4FSw3 0ExwrYOcYNTzRfUlVIN2TLNFFFUWAJByrMp9VODWlaaxJCu2cNKuevcVm0VMoqW41Jx1R1kFxFcx 74mBHf2qWuRjlkhcNHIykEHg4z9a3rHVEuT5cg2SZwPRvpXNOk46o6IVU9GaFFFFZGoUUUUAFFFF ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA FFFFABRRRQBFcW0F3C0NxCksbdVdQQawD4G0NGuWtYri0+08ypBdSLExwB/qt2wcKOi10lFAHnOp /D2W3AfTkiuoRE0Btg5tiY3I3fMhAJ4BycHjrWFqui3WkaVaQ2vhq8IF5BLdNN5ZUwxlMI7I53Zx nPOec5PB9jrnvEetzWVzY6dYkC7uJFkdmAIjgV1MrEZ/u7gPc0AZvgi3ZbIF7aZY2d7lJYpQIAXP MYXdu4x3XHpXCTa5cv4+u7z/AE2IfbvMk8u5lV44oUTETRlvLKOVJ3DJ+Yj6+oaP4s0vVT5QuoY7 kkYgL/NtblD+I5rUu7CyvYpIrmCN1kAD54LAHPUc9hQBgReMWjt4W1HRby1llmji8oSRSMBIyqsm FckLluc8gAnFTyf8Ivr+o3OnMbea9iP71EJRwRjuMH9ag1HwFouqawdYYTreGaG4DLO2zfEAIztz jAwOBwcc5rldX+H+o2kdtdae9zdT2rpLKbafyZrp2mjM5yWA5jVhgnFOMnF3TFKKkrNHR33gjSFC Jb3ElpLIw8vc5fJ9Bk57VlvoHirS5S1lc3FwgIwqXPB/4CzYrE8V6ffxSi60631uxi0gwval7suL i4mljVV+aQ7lHQg9icda7+68RT2upWmlx6ZPd3jwiado3RUhXuSSwJPoADXRHFVFo9fUwlhab209 DltS1nUXsZNP8QaXJLA7KHKnYwGQflYf4+1XI9Y8KXuiQ6HLZXFtp8TxbIm4HyOrLyrE43AE59Oa 2bLxfoms3U9iyyoFLANcxbY5tuCxRjwwGevrUk3hbw9qGZlgXJb78MzAZ47A49KftKEvjjb0JdOt H4JX9TntQ8IWuqalq3iLTNQkvb6ZVaytWuGWCCZYwgfaDjOADkjisrSvh1qLa6I7m41HT7TT7SKO 2ura75mlZjJMRySBklTkDgDHAGN688CTQu8mlX8seSCqFypH/AgeapxR+MtHZvkuLiFTnc8olBH4 sTR7CnL4Jr56A684u04P5alLw/p+jaZ8TLvToj5MWkwgobmfLSzzBWZ/mOSSGAz7H2zauTFafEF4 9ah1ZPt95H/Zd9BfMICAiHyyiyYHzKRgrzk9iaivNa0LUpjJr3hpZbpGH72MDfnA7kgg/j0xVrR9 N8Fyala3iz3vnW0im1hvr+V0ibG0FVZyM/Xv71nLD1Y6tGkcRTlsz0KikVlcZVgw9Qc0tYmwUUUy aVYImkf7qjJoAiu7tLSEyMCT0Cjqa5u4uJLmZpJGY56LnhfpS3Vw11cPKS20/dUn7oxUNdlOmoq/ U5Jz5n5BRRRWhAjMqKWY4A6msG8v5LlmVdyRA8YOCfrip9VulkLWq5+VgX+vBH9Kza56s9bI4MRW bfLHYKKKxfEHiew8Owq1yWlndgqW8WC7ZPpWJzxi5OyNoXYsVM5m8qNDuclsKenXt2xWXD8QbnX9 TgtPDOkXF1DHcxreXcm0RpHkbtvzcnGaGht/EuhmG/sp4oJ9peCY7G4IYfdPqB3q7oWn2Xh2NLfT YPIty+50Dk5zjJOScnA71cJtPyOihVjSupf8A6i6sLS+aFrq3jlaCQSxF1zsYHII9+Ks0gIYAjoa Wus7wooooAKKKKACql9eC1i+UbpDjA/HrU88oghaVgSFGcDqa52eUzTvKc/Mc4J6VnUnyqyOfEVe RWW7Eklklcs7scnOCTgfSs6+0aw1K6tLm7gMk1o4khbzGXYwIIOAQD071erkPGk00F/oDRSTIp1C NX2SFVYb14YZ5/L1/Hl3OKmnKdk9Tr8kHIODV+w1Awfu5jJIrMApJ3Fc4Hft3qgetFOMnF3RMZOL ujqqKy9IuWdXhkJJU5Uk5yPT88/pWpXXGXMrnqU5qceZBRRRVFhQQCMHpRRQBz6eCtAi8Qf25DZG K/J3M8crqrH1Kg47elQeI/G9p4Wu4YtQ0+/NvKwX7XGimJScdSWB7109U9VsrLUdMntdQgE1rIMS RkkZ59qlqy0HdbyIV1qzuNPS8spkuI5PuNGwINZUs0kzszuxyc4JOB9Ky9K0HTdC+0R6XDJBbyvv 8ppWcLwBxkn0rPXxnpY8Qvok6z290rBQ0qqEYkDABz71zTqOW551WUqsnyapHQ0UUVBzF+y1BoT5 cu91ZuCTkjJ9+1bYORkVytaukXBw8DszHO5STnj0/wA+tb0p9GdeHrO6gzVooorc7go/QjkEdqKK ANrTNT3YgnLFyflc9/b61r1x38+oIrodKvTcxGOTPmJ3P8Q9a5qtO3vI6KVS+jNCiiisDYKKKKAC iiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK KKACiiigAooooAK5jWvCbax4g+3m8kgiOnvaHyyQwLOrZH1AIP1rp6KAOG/4V/BbzQfZkjKDU7e7 d2OXSOBYxGgJ56xDPrk+tZ3i6G9/t3VdQhi1Zpra3hisoraZljnaVghyu4KQu7JzjGM9q9KpCAeo zQB5xYeIrzQ1fw/dJLdmyukhjmtXDP5SQRyvvyxYkEleeTuHrmuy0nX4dT0b+05YJLGH0uHQ4HHO UZh39add+H9Ou5JJTE0Nw6spngcxyDOMkEdD8o59qxNR8FRxeEptI0gs7Pew3ji8nZxMUljdlY84 DBMcDGTnuTQB1FvdW19CskEsc0ZPBByMiqN/4d03Ur+O+nSZbmNCgkhuJI8qeoYKwDD6g1xOpadr 39qRldEe2ihvbWVZbGcCMpuQzNw4JwAQQy844zQvi/WbFbkx281/NPfLDADhY1jO0kjJzuCk/Ljt 15oAv3Pw3Wa2kgbVLiaFdsVrE/yi3hLqZFBUgklQw3HkZ9hWbrGi3WlTSJb6VqKWE2qrdltPmBIj iiiUDG4YLlD1z0JJGRXQX3jC9svAJ8QPos6Xu5EFhIyhmZpAnUEjGDu69BzircvjTS7ebS7eXzTc aiUVEiTdsLdCx7D3oA5HSvHerS6tqiw2slxbtcW8Fsk7KmyWUKSC248BTnGBzxjnJ6RvGc1pqpst R0x4Ugh827uEkRkgBztJ5zg49zyKvTr4b8Twz6a7w3CxypI6xSNGwdGDKwZSDwQOQfaq954LtHk1 Gezlljlv0ijmSWRpI2CAAfKTwcDqO/NAGlCNI8RWf2hYo54mO0sylTkdvX0rKufBOiztIlqZIJhg kCVmx+BNV9W8Oai3h3SdCt5bm5h+2QtfXAuDG/kq4ZhuyG5wBwc4rkLrWtf0zXrzS9IsL+MC4Cxv PMkpKAJHGCzvuwSGY7iThh9BpCrOHwszlShP4kdBdeFNfsTu02+nkVWBCR3BjJ6diQKdD4g8SaOu NTspHQMOXAJxx3UkGoLbxPq+ma7qM17ay31o1/FYKYplXy2EEZYqjMBjeWyRzXRWXi20vPCVxr93 Z3FtaQ7mMcqDcyjoQM857e9bfWuZWqRTMfq3K7wk0Vbf4g6e7hJ7S7hJIBbapUZ/4Fn9KuahrFpf wpFa3CSISCxB/IVXa18La1pVrqk8KQQ3pQRO7mFmZiAo4P3icDFYGpeGYEuJUspHRUcBQzHjGO/X PetKaoTd43TIm68FaVmbFFcoLXW7KdmUXMiAjB87crdP4S2f0q0viCe3JW6tGyGAOOOOPWuh0X9l 3MFVX2lY6GmSyCKNnPQVhyeJY3h3Qwyo4cZEgXlcjPQmp5tRj1HSJHh8yMh1VlbgjBB7HuP51nOE oR5mglWjZ27GfNNvkaV2+8epP5Vlz6sFMiQwu7IcZJAU/rUOo3LzSyWw3IiEZYH73ANVVRmYIikk kAAVyRhfVnkTqa6Dpbm5mbJlaP0CMRx+dYkHhyzh1iXVZN9xeGXzI5JmZtnAGOTz07+3pW35Unlv JsOxCAx9CTgfrTjbThgDEcsQoGRyT0HWrtElVai2b1J01aWMfvYTJyOU+vpWlBOlzHvjJx0OR0NY ZjdQSVICtsJPr6UiSvbyCRC5AILIrfeGR2ziplBPYI1O53mkSM9q6tn5HwCTnIwD/jWhWDolykkp 2NlWHT0Nb1a03eJ7GHlemgoooqzcKKKKAMvWJgY1gweSGJB44ORWDdXkVrGWbLEEDYuMk/5NWNdu 3t5534JDoqAnrkLn+tc38zOzuzMzd2OcVztc0rnj4irebfy+4uTalNJuWNfLU8Ak84rLvLGPUPJ+ 1vLL5EolizI3ysOh681b8t9obYdpO0H1PH+NOa3nV3QwtvQgMPTOMfzFUoxWhzc890OivbmAEbzI M5w5JP5mrsGqxySCOSN42JABOMfzrP8AJk67DjzPL/4Fxx+opjLng9j60nCLGpyW508ErQ3Ebr/f XPPbPP6V0w6V5/p15sJgmLks42MTnsBjr6129g++zTqcDGScmnS0bielg53uizRRRWx3BRRRQAVm 6vIv2cQnOWYHr6HNaVcp4h1AwTy7QS6uqKM56gE9/eoqN2sjnxM1Gnr10K91fRWo5y7ZxsTGf51z Ot6bZeICftdrhlYGOUMQ649CD9euf5VbAO4szMzHqzEk/rUhhlBQGMjzPuf7VZKnFbnk+1kneOhn 6ZYy6ZbGFdQvJQX3ZkmYkcAY69OK0ory5gBG8yDOfmOT9MmlNpcBmUwtuQgMMjg0wwyKFJQ4Ztqn I5NVaJLqTbuzRt9UjmkMbxvG2QBnkHp/j+laULmOeNw2MOCfpnmuYZQeDng54NaGmXZ+a3mZyQco 7nORxxnrnNRKFtUaQndnegggEdKWqunyeZZqTnjjmrVdCd1c9qL5kmFFFFMoKkt5mguYpFJGHGQD 1Gef0qOih6gdgpDKCOh5oqnpUplsEySSvy80VwNWdjti7q5dooopDCiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKz9V0TTtbtBa6hb+bEsiyrtdkZXUghgykEHIHQ1oUUAY+seHLPWbO1tbgyiK2kWWNQ55 ZfuluecHnmvPr/4aapZ2LrYXlzfSx2shDPcFXmlO0KBlsIFUEDkYyema9ZooA841nS4Lnw9YaNp+ i39hJ50dt5owrxRqRIx37iSpKgE8k5Puau/DrV77XodVvp3uPLtplsIoZXyC0ca736nqzHn255ru qpNpdqLKa1gVrVJmLsbZvLbcTknI7nFAHO2HjG6fSNTv76wRBZ6olgiwybhIGeJN2TjoZD/3zxWr e+FdH1G+a9uLaQzO0TvtnkRXaNlZCyhgpIKLyR2x0rCk8JXFtHp+h2TXD6Wt+l/c3M8oZjsZXEfX ccsoOcY4rt6AMnUPDemajC8csGwuXbdGxUhnGC3HfHes/VPDMlz4Ys9CglV7dLiAzGUkFoUkDkcd /lH9a6aigDxq68M+J2WyN3pl27afeNPZxw3CeWkMQWRdw34LyOCBxwBjgHJzmZn8Mvf2Gp6g+uST xpIJ7x+JJHCEFS20YBOAO4HtXu1cdrOk2kuoy+daxkeclwpxjLrgq3Hof5VtR30Mq2xyPhDxBqes StbXdk8a2sAWeZmU5myMrwSehz+B9s9VLbxToUkQMp6g1V0/SLPS5byS0jZGvJjPNl2bLkAZGTx0 6Cr1dSujmdmzl77RJft2yxs3EJxukaUEZ+hbP6VU1Cwm0y28x5WySOEbA6gc812dc/4ojaW02IpJ ODgHHQg1dStJwsctanGMXJHIIMAnkljkknOTU0Evky7/AJuhA29QaiU5UUtYHjbFp7xD5gjjkAZl cgtwzAqT+HB/X1qKSZHujMBMMSq6g4zwQfX61F3HuakniMEzREglccj6ZpJJaFczaHzXfnwlGjIk 8zcW7NwBnr1/wqCiimlbYlu+5r+HJPLlK4PFwo4PqFFdtXCaGP35YKQDdRDJ6HBWu7ohuz1cDJuL QUUUVodwUhOBmlpH+6aAPPtYdpdVlV9xVH3Lk+oH9c1UqzqYYapMWUgE8H14FVqyjsfP1fjZOLtV i2mGRyrIVBOAGB69en+HpTpbxZIpVKzbnZDkkHoADnn61WoALBtqOSOeMYx69aOVEXZNBdiBsGOS SMSBsE+4OQM4yMGomO5i3qc0lFOwNt7iFhG8chzhZFPH1Fd3ojl7aUHosuB9Nqn+tcHInmBY/wC8 6j9RXeaHt+zTBQQRLhvrtX/61JfGjrwX8RGnRRRWp7AUUUUAFef6zIZtaucl/lbgE9OB0r0CvO9T 41i692BPt8oqJbo4MffkVitVg3SvGVeOUshUwndgKcDJ4P1x71XopNXPMUmti3c3kc6PkTAlww6c jABzz14pEu4QER4ZWRAD1AO8Hg4z+f0qsATFI+DhCOexyQPz5pKXKrWG5O9wPJNCnbPC4GSJF49s iikOd8YCsxMijCnB603sStzu9EDCG4BHHm5H/fI/wrTrO0f/AFEv+/8A0rRp0/hR7uHVqaCiiirN gooo+lAG/ogIsmz3kOPyFFWNPh8iyjUjBIyaK4Zu8mdkFaKLVFFFSUFFFFABRRRQAUUUUAFFFFAB RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFF FFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWXrNqHhFwoJdOCB3FalIyhlIIyD1FVGXK7kyjzKx x9FXdQsXtZ2ZU/cE/Kc9PaqVdqaaujkaadmFZesJ8sb++K1Ko6sP9AZgpYhl6fUCpqK8WYV1emzh bu3a1uZMRsIXbKtnI5HPf1qKt+eCO5iMUoJQ44BI/UVkXNhPA58mNpY8jGDyMn61lCatZnjSg90V xjcpIyAQSPUVLczLcTmURlC2MjdnoMf0qIh04eN0PoRSbs/dBJ9AKvTczs9haQ7iVRBlmYKBn1OK ljtrqUjbbuoJ5ZiAB+talpYR2pL8tIf4iT/jSlNIuMG9y1pNosM0MYyf3gc5PcY/wrq6xNKj3XBf HCitunS2uevhY2hcKKKK1OkKQjIxS0UAcXrNmZDI0aMZkYYAbGRnn9KxVbPbBHBB6iusv1ZdQnyC FLAr9No/rmse801ZS00O4THnG44b8M4rmjLlbTPEqwvJ2MypI3iWB43iZmZgdwcjp0GPTvTWhuY2 YPbuApxuGCD70zcAcHP5VpozCzQtFAEjEBInbJxkYxVqDTZZjm4Vo1BHy7uo+oNDkkCg2NsLdrif zGVhHGwIYHqRg12WiqVt5iRgNLke/wAqj+lYsUMcCbI12r+ddJYx+VaqMEE8mppvmnc9DCU1z37F miiitz0gooooAK4vXrT95LJGjGVXHC9wSP6V2lc/qMbJfzMc4cgj8gP51lV0SZyYxXgjkVYMOPxH pS1oXemA75bff5rNu27uD0z16VQeK4iP7y2kXnGeCP50lJM8mUGhyybbeSLDZZgdwc4xx2/D9aZT S4HXI/CnKsrnEcEj/QD+tVoLVhVrTbf7RK0zghY2wvOMng54p1vpjSnddKVAYEIG6/XBrVRFjQIo woGBWU59EaQhbVmzomTBOT083A+m0f41p1U06MxWig5yeat1vBWij2aMeWmkFFFFUahVmxtWurpA AdisGY/Q9KgRHkdURSzMcACulsbNbODaOWY5Y571nUnyounDmZaooorjOsKKKKACiiigAooooAKK KKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooo oAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAjngjuIWilXcjdRXO31jJaSMwX9 xkbXz+h/GumprosiFXAKnqDVwqOLInBSOQqOaJZoXjbOGGODitq90dkzJaqWH/PPPP4E1lMCrlWG GBwQe1dcZKS0OWcLaM5WdTbmQOpymcjvXP2XjHSNQ1AWNvJKbgtgK0e3+ddfq9t5Je7RGYMcvg98 ADqfYCvIr221XUG1a7XQtXi1ieRVtJg+1IIgUJAO8YJ2t0Hf3Ncko8rsedGjHmcZHppTPUUnlqD9 2vM2s/ETw6h9mt9ahtpPs6xrNOTJuDIHI+YkA/Mc9MelXNXsdetNP1W305NSlT7XCYW81nYptXdg 7txGeuP5ZqbsX1dXtzL+rf5nfyyJBG0krBEUZJY4xVLStYs9ZglmspPMjikMTH/aAB/qK53wlHqE Hhq/Gs2l9NJ9pJWGTJkddqYC7j0znvjrVzwRBdPeajato19Zwz3RuFaZAirHhF25DZ3cHpTSvohO lZSS1aO/0mAxW7u2cyPkZ7DAH+NaFIqhFCqMAcClrtirKx304KEVFBRRRTLCiiigDL1iHEazAdCA xz0z0/XiuP1fxTpmhzCO+eVCehVMjt/iK9AnhWeFo3GVNeX+OVvpfK0lNGvbq1adGunhHWMEMQuD 1P8ASuatHqjjqUl7VOWzOhsL2HU7NLq2JaJxkEirHljrt/SvMdRs9Zdr4WGm69bRS+QmmxrOQsAG 0PvAc7c4PX1ycda05dK1xnu7lm1A3Ed3bGFVuG2FBs8zABwR97NYmcqEd1L+tDvAuBkDFY+p+J9L 0i8S1u5mWVyoAC5AycDJ7da4ZLPxYnjFGddU+xjUEZmEjmMxbl4zuxtwTx7YPpW34v8Atd5c/wBn RaBeXFm80T3VxEM+YilTtXkYPbnHIoY1QipJN3TO5hiM80aAZDMuef4c8/pXTgYGBWTocJNotxJb yQswGxJCNwXA4OCeeo/CtauqlGyubYanyxu+oUUUVqdIUUUUAFZurxDyBN3UgH8Tj+taVMmiWeFo nB2sMHBxUyXMrGdSPPBo4vUNW0/Sghv7uK3EhwhkbG6prS7t9QtxPayrNETgOvQ1yXxQktLazisL yyuJHklUJcIgby0DKWI5zkrx+dcbdX7RPJDo82s2enlIk05Idyh5fl3h/m9SR/8AqxXE9Nzlhhue N9mey7F67RSgY6CvK7yfWhe6xdz32owy2K2ZW3Sdgm5hGGBAOD940281jVF8cLA819Buv4AsX2l9 hjOzjaMrg5z1HXpTEsK3s/60/wAz0q71WwsZY47q7hheRgqK7AEn0q9GnnSogG4MwBwccE8nP0rz H4kwwS38SJbXZu22BMRBo5ju+7v3ZXg9hzxXrHhmzZdMtpp4JIZViVRG77tvyjqcnPpk04LmdhLD pxi11N1VCqAOg4FLRRXaegFOjjklcJGhZiegqe1sZ7thtjIjzgueB+FdBa2UNmpESnJ5JJyTWc6i j6lwpuXoQ6fpyWi7m+aU9T6ewq9RRXI227s6kklZBRRRSGFFFFABRRRQAUUUUAFFFFABRRRQAUUU UAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQ AUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABVW5sLe6BMiYb+8pwatUU02tUJpPc5q90 eZFYCPzoj6HnH0rlbywltpH2Rt5K9DuyR0655r0+q1xYW10D5sQJPcEg/pWntFJWkclfCRqLTc8t ors7zwjbmR5oFdmJzt8wj9M4rNl0GOIfv7eVQD3c/wAwaFC+zPOlg6se39fIwooJZ2xGhbkZI7Vv WlqtrGVUkljliT3xUscSRLtjUKPQU+t4U1HU3pUFDV7hRRRWh0BRRRQAUUUUAFU76yFyhZBiYdDn j3q5RSaTVmTKKkrM5dkkjZkkRkYHBBptdNNbxXCFZV3A++KqjSbQDAVwP98n+dYOi+hwywkk/deh h89Kv2WnNK2+ZWRAQQM43d+3atCPTbWNtwiycg/MxPTpxVuqjStqzSnhbO8wAx0ooorY7AooooAK KKKACiiigCpf2S3cXCjzAcqTWDJC8TskkZUqcc11NRywxzoUkXcp/Cs501LVHPWw6nqtzlyinOVH JyeOp/yKXauc4GT+tbo0i0XOFfHu5P8AOnxaVbCTckLO2RjLFhnjHHSsvZSOZYap1sZtnpz3DB5V ZI1YEf7WMH8q3AAowOAKvQaVdyn5o/KXPViOlacOjWsZDOGkcHOSxA/IValCCsehRw3KtDFhtLi4 x5ULMM4J4AH51r2ujRJhp/3jg5ABIA/xrTVQowoAHoKWspVpPY6o0ktxAAoAAwB2paKKyNQooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACkKhhggEe9LRQBSl0mzmcuYyreqsR+nSqU+hkZMEufRW/xraoq1UkupDpxfQ5d9 OvUYg2zEf3lII/nmoHR4iQ6MpBxyK6+msiuu1lDA9jWirvqjN0ezOQorpn0yzkzuhHP90kfyqE6L Z4O0Ov8AwMn+dWq8SXRkc/RWy+hDkxzH6EVXbRbkE7WRh25qlVi+pLpyXQzqKunSb0dIgfow/wAa jOnXw/5dHP0Zf8arnj3JcZLoVqKsjT7w5zbOPy/xo/s+7/593p8y7hyvsVqKsfYLv/n3k/Kj7Bd/ 8+7/AJUcy7hyvsV6Ks/2feY/493/AEpP7Pvj/wAukn/fS/40c0e4WfYr0VbXS75utuV+rL/jUi6P dnqEX6mlzx7j5JdihRWsmhufvzAfQZqwmiW4GHZ2/HFS6sUUqUmYNA56DP0ro00eyT/lkx7/ADOx /rVmK2hhz5cSrnrgVLrroNUX1OaWyu3GUtnb8h/M1ah0a4fBlxGPTOT+ldBRWbrSexaopbmbHolq v+s3uQc/eI/lV6KCKBcRxqo68CpKKzcm92aKKWyCiiipKCiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAo oooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooA/9k= --_004_4A95BA014132FF49AE685FAB4B9F17F65946FED5SJCEML702CHMchi_-- From nobody Thu Sep 7 15:40:37 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E96D0132F64; Thu, 7 Sep 2017 15:40:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4c8bKJjThqo; Thu, 7 Sep 2017 15:40:23 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA59C132F56; Thu, 7 Sep 2017 15:40:21 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml708-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOD73226; Thu, 07 Sep 2017 22:40:20 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 7 Sep 2017 23:40:19 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Thu, 7 Sep 2017 15:40:14 -0700 From: Linda Dunbar To: Gabriel Lopez , Rafa Marin-Lopez , "i2nsf@ietf.org" , IPsecME WG Thread-Topic: Key points of Case 2 of draft-abad-i2nsf-sdn-ipsec-flow-protection and going forward? Thread-Index: AdMoKhrSg5961fqcSuSmkATDTzC/MQ== Date: Thu, 7 Sep 2017 22:40:13 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F65946FFB4@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F65946FFB4SJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.59B1CAD4.0087, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 8d25f9a87488bd3b9f4ca0cff3b06e51 Archived-At: Subject: [IPsec] Key points of Case 2 of draft-abad-i2nsf-sdn-ipsec-flow-protection and going forward? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 22:40:25 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F65946FFB4SJCEML702CHMchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Tero, Gabriel, Rafa, Alejandro, and Interim meeting participants: Thank you very much for presenting justification for Case 2 & Reasons again= st Case 2 at yesterday's I2NSF Interim. It is a very productive discussion. In a nutshell: Opponents believe Case 2 is technical feasible but very complex; Proponents understand the technical difficulty but want to describe an appr= oach for pushing the complexity to SDN Controller. Question to Proponents: What is the advantages of Case 2? Is the Case 2 for making the NSF simpler to not include an IKE daemon and i= ts configuration files? Some people say that all platforms today include an IKE daemon: Windows, M= ac, Linux (all distros), even all phones. Do all containers support IKE imp= lementation? How about all VMs? Question to Opponents: If it is technical feasible, but have risks, can we document the risks asso= ciated with the method in the draft? Thank you very much. Linda --_000_4A95BA014132FF49AE685FAB4B9F17F65946FFB4SJCEML702CHMchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

 

Tero, Gabriel, Rafa, Alejandro, and Interim meeting = participants:

 

Thank you very much for presenting justification for= Case 2 & Reasons against Case 2 at yesterday’s I2NSF Interim. It= is a very productive discussion.

 

In a nutshell:

Opponents believe Case 2 = is technical feasible but very complex;

 

Proponents understand the= technical difficulty but want to describe an approach for pushing the comp= lexity to SDN Controller.

 

Question to Proponents: What is the advantages of Ca= se 2?

 

Is the Case 2 for making = the NSF simpler to not include an IKE daemon and its configuration files?

 Some people say tha= t all platforms today include an IKE daemon: Windows, Mac, Linux (all distr= os), even all phones. Do all containers support IKE implementation? How abo= ut all VMs?

 

Question to Opponents:

If it is technical feasib= le, but have risks, can we document the risks associated with the method in= the draft?

 

 

Thank you very m= uch.

 

Linda=

--_000_4A95BA014132FF49AE685FAB4B9F17F65946FFB4SJCEML702CHMchi_-- From nobody Thu Sep 7 22:36:27 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68802132F5D; Thu, 7 Sep 2017 22:36:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3lIrVKwoDgS; Thu, 7 Sep 2017 22:36:24 -0700 (PDT) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BDB1132D80; Thu, 7 Sep 2017 22:36:24 -0700 (PDT) Received: by mail-wm0-x22b.google.com with SMTP id f199so8839536wme.0; Thu, 07 Sep 2017 22:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=gmV9sFsK6yN7HklZ7/Jmzku4mptEajHXkd/0d681lWY=; b=oCvMA9u+fkJ0jKmSRSTr0FzaTbQw+5jJW+R0S9J8ClJt6lioAaVOgq6lZPbubp84pS hWR3SS6GTi1TgNBfwlVCgA3tN71XxNoEzNQHr4LknOb9qvjH18VgYqsvK/SDfuivWwN+ ysPwKw+qcQS6C+yeuNxR9pOK33Uh8bGLq72jYq30PU3XPoy+e90Ui66FACaMKJgmJxlY d21+yFPgcGvjsgCtvoPyTb39e7DmN91spFwY2kKgYi9gYlQyQ0X/OwwRZp8Itp+fpUXE 2iiglHXJGajJQ5kYaHc7CX8NVBPAaDCt2CpUMlPVP0/u0hoSEw2wmnylNh+jbLk3GQQU iIkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=gmV9sFsK6yN7HklZ7/Jmzku4mptEajHXkd/0d681lWY=; b=tBnnyKxT16fQzFza4caOLbdAn/EOiHJRr1JOR6+asAfmFE1STV/kndqCeT4y0QJxdZ Ys9C6NDnp0AE+DwEUkGuTyS962DkjtvyOOa16ATyfCQMwRmXPmzBL0vAy/6VxgbZ+klj IAJJSBI1+Tb1lWUb03UXGFCApefVTd4AJpFrQODnJoRo358E38jeAeYj7kiioZOywO/F 8ORDkR57+LKSxdYUU5HEl96/EzopSC1evGQJUoTcmbwBut4kk+jHlM3VuRmWWY282n4h kH3bEUanG+1p+R/ZHkcUALdGB7PUhDd3/A+TWzXnEZGVeUrPTRtDZHT9UQsftzYHuEn6 cvfw== X-Gm-Message-State: AHPjjUhsex3UvsYvKvO65OSYT5bsJqFWmrZ/v5yV2mHcf567SB+RJlzw 9szBVBBvo+pk6Q== X-Google-Smtp-Source: ADKCNb6ZTvqoqhoH9OWUJaYRwBEdJa3P/1h/jieUQV/V2J5VhMrVmCcCGK/WXHPbeNkY+t5o6n6Tfw== X-Received: by 10.80.170.50 with SMTP id o47mr1310896edc.40.1504848982433; Thu, 07 Sep 2017 22:36:22 -0700 (PDT) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id w18sm361642edl.92.2017.09.07.22.36.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Sep 2017 22:36:21 -0700 (PDT) From: Yoav Nir Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_CD543C23-F7CD-48FA-B008-52535DF9F841"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Fri, 8 Sep 2017 08:36:18 +0300 In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> Cc: "i2nsf@ietf.org" , IPsecME WG To: Linda Dunbar References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 05:36:26 -0000 --Apple-Mail=_CD543C23-F7CD-48FA-B008-52535DF9F841 Content-Type: multipart/alternative; boundary="Apple-Mail=_83D435F8-219C-4D63-BB79-ACFD90EFA91F" --Apple-Mail=_83D435F8-219C-4D63-BB79-ACFD90EFA91F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi, Linda The reason I brought up the Gap was because they described their network = in a Packet Pusher=E2=80=99s episode ([1]). And the solution for them was some vendor=E2=80=99s SD-WAN solution. As = far as I can tell, each vendor=E2=80=99s SD-WAN solution is proprietary = and non-interoperable with other vendors=E2=80=99 SD-WAN solution. That vendor (Viptela, since then merged with Cisco) uses BGP on a large = scale to pass configuration information between CPE devices and data = center devices, and an SD-WAN controller to manage it all. Other = vendors use other technology to learn protected domains, and as I = mentioned, there was an attempt to standardize something in IPsecME a = few years ago, but that failed. The draft we were discussing has no way to transfer domain information = from the CPEs to the controller or to other CPEs, so I assume that it = does not fit this use case. At least not in its current form. Yoav [1] = http://packetpushers.net/podcast/podcasts/show-274-packet-pushers-live-vip= tela-three-real-world-sd-wan-deployments-sponsored/ = > On 7 Sep 2017, at 22:33, Linda Dunbar wrote: >=20 > Yoav, >=20 > At yesterday=E2=80=99s I2NSF Interim meeting, you described an example = of Gap having thousands of locations and most of them are in a mall = where public network is available. You said that typically the VPN = gateway placed in the store has no knowledge of the global network = topology, nor does it know where the controller is located. >=20 > Today, many vendors=E2=80=99 remote CPEs support ONUG=E2=80=99s SD-WAN = =E2=80=9CZero-touch deployment=E2=80=9D requirement, where the remote = CPEs devices can be connected to its controller via barcode = scan/email/etc. >=20 > Does it solve the problem? >=20 > Thanks, > Linda --Apple-Mail=_83D435F8-219C-4D63-BB79-ACFD90EFA91F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi, Linda

The reason I brought up the Gap was because they described = their network in a Packet Pusher=E2=80=99s episode ([1]).

And the solution for = them was some vendor=E2=80=99s SD-WAN solution. As far as I can tell, = each vendor=E2=80=99s SD-WAN solution is proprietary and = non-interoperable with other vendors=E2=80=99 SD-WAN solution.

That vendor (Viptela, = since then merged with Cisco) uses BGP on a large scale to pass = configuration information between CPE devices and data center devices, = and an SD-WAN controller to manage it all.  Other vendors use other = technology to learn protected domains, and as I mentioned, there was an = attempt to standardize something in IPsecME a few years ago, but that = failed.

The = draft we were discussing has no way to transfer domain information from = the CPEs to the controller or to other CPEs, so I assume that it does = not fit this use case.  At least not in its current form.

Yoav

[1] http://packetpushers.net/podcast/podcasts/show-274-packet-pushe= rs-live-viptela-three-real-world-sd-wan-deployments-sponsored/

On 7 Sep 2017, at 22:33, Linda Dunbar <linda.dunbar@huawei.com> wrote:

Yoav, 
 
At = yesterday=E2=80=99s I2NSF Interim meeting, you described an example of = Gap having thousands of locations and most of them are in a mall where = public network is available. You said that typically the VPN gateway = placed in the store has no knowledge of the global network topology, nor = does it know where the controller is located.
 
Today, = many vendors=E2=80=99 remote CPEs support ONUG=E2=80=99s SD-WAN = =E2=80=9CZero-touch deployment=E2=80=9D requirement, where the remote = CPEs devices can be connected to its controller via barcode = scan/email/etc.
 
Does it solve the problem? 
 
Thanks, 
Linda

= --Apple-Mail=_83D435F8-219C-4D63-BB79-ACFD90EFA91F-- --Apple-Mail=_CD543C23-F7CD-48FA-B008-52535DF9F841 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJZsixTAAoJELhJCxUKWMyZcXwIAIzINeb21Wn7P0KlwdOjsDNi 2t9P73qZgslx37/6mndWc1f2YVOpqjqrirLZtt63LljVHOuEMSTK4M/O9KbnSKmP fi99Qu/bYHt8DBN3ALxi4fX5x6Z1oCwhPuowKZLbKn/qDO4jVQhS8VOM5Z4QZB9C 35GqlO/Njz9ICOZKruGuXdcuUo3QPUSdaawm2fmXKXLFmBOO8D2O3slS/SJFCZVX GJhVDsg3UkCXSg3qV40Q2c9jEkvLPb0B/mNLpgG74shqOJsgbwsChNk4rj3AYXV/ K3BYW58sKAAXMxNrYhFJQ+5jmwzFMcjIUL6CKmSacBXy6GZkJ5qnuxXvxUdCTDQ= =lLGJ -----END PGP SIGNATURE----- --Apple-Mail=_CD543C23-F7CD-48FA-B008-52535DF9F841-- From nobody Fri Sep 8 09:07:39 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 984FC13219F; Fri, 8 Sep 2017 09:07:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlIBBj6meKA4; Fri, 8 Sep 2017 09:07:35 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69B8A132C32; Fri, 8 Sep 2017 09:07:33 -0700 (PDT) Received: from 172.18.7.190 (EHLO LHREML712-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOF01783; Fri, 08 Sep 2017 16:07:30 +0000 (GMT) Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by LHREML712-CAH.china.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id 14.3.301.0; Fri, 8 Sep 2017 17:07:29 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML701-CHM.china.huawei.com ([169.254.3.191]) with mapi id 14.03.0301.000; Fri, 8 Sep 2017 09:07:27 -0700 From: Linda Dunbar To: Yoav Nir CC: "i2nsf@ietf.org" , IPsecME WG Thread-Topic: your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. Thread-Index: AQHTKGRt09apsL3l7kOakyJzH9i5I6KrJjOA Date: Fri, 8 Sep 2017 16:07:26 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F6594703D1SJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.59B2C043.0295, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 0b4c02e4b2fc4e09f1e58fea9f06c722 Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 16:07:37 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F6594703D1SJCEML702CHMchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WW9hdiwNCg0KTm90IGhhdmluZyBpbnRlcm9wZXJhYmxlIHNvbHV0aW9uIGZvciBTRC1XQU4gaXMg YSBodWdlIGlzc3VlIGZvciBlbnRlcnByaXNlcy4gVGhhdCBpcyBvbmUgb2YgdGhlIG1haW4gcmVh c29ucyB0aGF0IFNELVdBTiBkZXBsb3ltZW50IGhhcyBiZWVuIHNsb3cgc2luY2UgaXRzIGluY2Vw dGlvbiBpbiAyMDEyLg0KSW4gT05VRyAoT3BlbiBOZXR3b3JrIFVzZXIgR3JvdXApIHdoZXJlIG1h am9yaXR5IG9mIHBhcnRpY2lwYW50cyBhcmUgZW50ZXJwcmlzZXMsIGl0IHdhcyBvdmVyd2hlbG1p bmdseSB2b3RlZCB0aGUgbmVlZCBmb3IgaW50ZXJvcGVyYWJsZSBTRC1XQU4gc29sdXRpb25zLiBB cyB0aGUgcmVzdWx0LCB0aGUgT05VRyBzdGFydGVkIGEgU0QtV0FOIEV4Y2hhbmdlIFdHLiBIb3dl dmVyLCBPTlVHIGlzIG5vdCBhIHN0YW5kYXJkIG9yZ2FuaXphdGlvbi4gVGhlaXIgbWFpbiBnb2Fs IGlzIHRvIGlkZW50aWZ5IHVzZSBjYXNlcywgcmVxdWlyZW1lbnRzLCBldGMuDQoNCldlbGwsIFNE LVdBTiBoYXMgb3RoZXIgaXNzdWVzLCBsaWtlIFNELVdBTiBzb2x1dGlvbiBidWlsZHMgcG9pbnQt dG8tcG9pbnQgb3ZlcmxheSBwYXRocyBiZXR3ZWVuIHR3byBlbmQtcG9pbnRzIChvciBicmFuY2gg b2ZmaWNlcykgYXMgYWx0ZXJuYXRpdmUgcGF0aHMuIEhvd2V2ZXIsIG1vc3QgZW50ZXJwcmlzZXMg bmVlZCBtdWx0aS1wb2ludCBpbnRlcmNvbm5lY3Rpb24gYW1vbmcgbXVsdGlwbGUgbG9jYXRpb25z LCBhcyBkb25lIGJ5IE1QTFMgTDIvTDMtVlBOLiBVc2luZyBTRC1XQU4gb3ZlcmxheSBwYXRocyB0 byBhY2hpZXZlIGFueSB0byBhbnkgbWVzaCBpbnRlcmNvbm5lY3Rpb24gYW1vbmcgYWxsIGJyYW5j aGVzIG5vdCBvbmx5IHJlcXVpcmVzIGFsbCBicmFuY2hlcyBDUEVzIHRvIGJlIHVwZ3JhZGVkLCBi dXQgYWxzbyByZXF1aXJlIENQRXMgdG8gbWFuYWdlIHJvdXRpbmcgYW1vbmcgb3RoZXIgQ1BFcyBs b2NhdGVkIGF0IG90aGVyIGxvY2F0aW9ucywgd2hpY2ggZHJhbWF0aWNhbGx5IGluY3JlYXNlIHRo ZSBjb21wbGV4aXR5IG9mIHRoZSBDUEVzLiBBbG1vc3QgbGlrZSBnb2luZyBiYWNrIHRvIHRoZSBj b21wbGV4aXR5IG9mIGZyYW1lIHJlbGF5IHdoZXJlIGVhY2ggQ1BFIG5lZWRzIG1haW50YWluIG1l c2ggcm91dGluZyBmb3IgYWxsIGRlc3RpbmF0aW9ucy4NCg0KDQpMaW5kYQ0KDQpGcm9tOiBZb2F2 IE5pciBbbWFpbHRvOnluaXIuaWV0ZkBnbWFpbC5jb21dDQpTZW50OiBGcmlkYXksIFNlcHRlbWJl ciAwOCwgMjAxNyAxMjozNiBBTQ0KVG86IExpbmRhIER1bmJhciA8bGluZGEuZHVuYmFyQGh1YXdl aS5jb20+DQpDYzogaTJuc2ZAaWV0Zi5vcmc7IElQc2VjTUUgV0cgPGlwc2VjQGlldGYub3JnPg0K U3ViamVjdDogUmU6IHlvdXIgZXhhbXBsZSAobGlrZSBHYXApIGFib3V0IElQU2VjIFZQTiBnYXRl d2F5IGRlcGxveWVkIGluIHNob3BwaW5nIG1hbGwgbm90IGF3YXJlIG9mIHdoZXJlIHRoZSBjb250 cm9sbGVyIGlzLg0KDQpIaSwgTGluZGENCg0KVGhlIHJlYXNvbiBJIGJyb3VnaHQgdXAgdGhlIEdh cCB3YXMgYmVjYXVzZSB0aGV5IGRlc2NyaWJlZCB0aGVpciBuZXR3b3JrIGluIGEgUGFja2V0IFB1 c2hlcuKAmXMgZXBpc29kZSAoWzFdKS4NCg0KQW5kIHRoZSBzb2x1dGlvbiBmb3IgdGhlbSB3YXMg c29tZSB2ZW5kb3LigJlzIFNELVdBTiBzb2x1dGlvbi4gQXMgZmFyIGFzIEkgY2FuIHRlbGwsIGVh Y2ggdmVuZG9y4oCZcyBTRC1XQU4gc29sdXRpb24gaXMgcHJvcHJpZXRhcnkgYW5kIG5vbi1pbnRl cm9wZXJhYmxlIHdpdGggb3RoZXIgdmVuZG9yc+KAmSBTRC1XQU4gc29sdXRpb24uDQoNClRoYXQg dmVuZG9yIChWaXB0ZWxhLCBzaW5jZSB0aGVuIG1lcmdlZCB3aXRoIENpc2NvKSB1c2VzIEJHUCBv biBhIGxhcmdlIHNjYWxlIHRvIHBhc3MgY29uZmlndXJhdGlvbiBpbmZvcm1hdGlvbiBiZXR3ZWVu IENQRSBkZXZpY2VzIGFuZCBkYXRhIGNlbnRlciBkZXZpY2VzLCBhbmQgYW4gU0QtV0FOIGNvbnRy b2xsZXIgdG8gbWFuYWdlIGl0IGFsbC4gIE90aGVyIHZlbmRvcnMgdXNlIG90aGVyIHRlY2hub2xv Z3kgdG8gbGVhcm4gcHJvdGVjdGVkIGRvbWFpbnMsIGFuZCBhcyBJIG1lbnRpb25lZCwgdGhlcmUg d2FzIGFuIGF0dGVtcHQgdG8gc3RhbmRhcmRpemUgc29tZXRoaW5nIGluIElQc2VjTUUgYSBmZXcg eWVhcnMgYWdvLCBidXQgdGhhdCBmYWlsZWQuDQoNClRoZSBkcmFmdCB3ZSB3ZXJlIGRpc2N1c3Np bmcgaGFzIG5vIHdheSB0byB0cmFuc2ZlciBkb21haW4gaW5mb3JtYXRpb24gZnJvbSB0aGUgQ1BF cyB0byB0aGUgY29udHJvbGxlciBvciB0byBvdGhlciBDUEVzLCBzbyBJIGFzc3VtZSB0aGF0IGl0 IGRvZXMgbm90IGZpdCB0aGlzIHVzZSBjYXNlLiAgQXQgbGVhc3Qgbm90IGluIGl0cyBjdXJyZW50 IGZvcm0uDQoNCllvYXYNCg0KWzFdIGh0dHA6Ly9wYWNrZXRwdXNoZXJzLm5ldC9wb2RjYXN0L3Bv ZGNhc3RzL3Nob3ctMjc0LXBhY2tldC1wdXNoZXJzLWxpdmUtdmlwdGVsYS10aHJlZS1yZWFsLXdv cmxkLXNkLXdhbi1kZXBsb3ltZW50cy1zcG9uc29yZWQvDQoNCk9uIDcgU2VwIDIwMTcsIGF0IDIy OjMzLCBMaW5kYSBEdW5iYXIgPGxpbmRhLmR1bmJhckBodWF3ZWkuY29tPG1haWx0bzpsaW5kYS5k dW5iYXJAaHVhd2VpLmNvbT4+IHdyb3RlOg0KDQpZb2F2LA0KDQpBdCB5ZXN0ZXJkYXnigJlzIEky TlNGIEludGVyaW0gbWVldGluZywgeW91IGRlc2NyaWJlZCBhbiBleGFtcGxlIG9mIEdhcCBoYXZp bmcgdGhvdXNhbmRzIG9mIGxvY2F0aW9ucyBhbmQgbW9zdCBvZiB0aGVtIGFyZSBpbiBhIG1hbGwg d2hlcmUgcHVibGljIG5ldHdvcmsgaXMgYXZhaWxhYmxlLiBZb3Ugc2FpZCB0aGF0IHR5cGljYWxs eSB0aGUgVlBOIGdhdGV3YXkgcGxhY2VkIGluIHRoZSBzdG9yZSBoYXMgbm8ga25vd2xlZGdlIG9m IHRoZSBnbG9iYWwgbmV0d29yayB0b3BvbG9neSwgbm9yIGRvZXMgaXQga25vdyB3aGVyZSB0aGUg Y29udHJvbGxlciBpcyBsb2NhdGVkLg0KDQpUb2RheSwgbWFueSB2ZW5kb3Jz4oCZIHJlbW90ZSBD UEVzIHN1cHBvcnQgT05VR+KAmXMgU0QtV0FOIOKAnFplcm8tdG91Y2ggZGVwbG95bWVudOKAnSBy ZXF1aXJlbWVudCwgd2hlcmUgdGhlIHJlbW90ZSBDUEVzIGRldmljZXMgY2FuIGJlIGNvbm5lY3Rl ZCB0byBpdHMgY29udHJvbGxlciB2aWEgYmFyY29kZSBzY2FuL2VtYWlsL2V0Yy4NCg0KRG9lcyBp dCBzb2x2ZSB0aGUgcHJvYmxlbT8NCg0KVGhhbmtzLA0KTGluZGENCg0K --_000_4A95BA014132FF49AE685FAB4B9F17F6594703D1SJCEML702CHMchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk6U2ltU3VuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0K QGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQg NSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglw YW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5 OiJcQFNpbVN1biI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBE ZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0K CXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0 Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLHNlcmlmO30NCmE6bGluaywgc3Bhbi5N c29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4 dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9s bG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRl Y29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uYXBwbGUtY29udmVydGVkLXNwYWNlDQoJe21zby1z dHlsZS1uYW1lOmFwcGxlLWNvbnZlcnRlZC1zcGFjZTt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXtt c28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fu cy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10 eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24x DQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9 DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEt LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlk bWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+ DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0 YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxi b2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9 IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s b3I6IzFGNDk3RCI+WW9hdiwNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFG NDk3RCI+Tm90IGhhdmluZyBpbnRlcm9wZXJhYmxlIHNvbHV0aW9uIGZvciBTRC1XQU4gaXMgYSBo dWdlIGlzc3VlIGZvciBlbnRlcnByaXNlcy4gVGhhdCBpcyBvbmUgb2YgdGhlIG1haW4gcmVhc29u cyB0aGF0IFNELVdBTiBkZXBsb3ltZW50IGhhcyBiZWVuIHNsb3cgc2luY2UgaXRzIGluY2VwdGlv bg0KIGluIDIwMTIuIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JbiBPTlVHIChPcGVuIE5ldHdvcmsgVXNl ciBHcm91cCkgd2hlcmUgbWFqb3JpdHkgb2YgcGFydGljaXBhbnRzIGFyZSBlbnRlcnByaXNlcywg aXQgd2FzIG92ZXJ3aGVsbWluZ2x5IHZvdGVkIHRoZSBuZWVkIGZvciBpbnRlcm9wZXJhYmxlIFNE LVdBTiBzb2x1dGlvbnMuIEFzDQogdGhlIHJlc3VsdCwgdGhlIE9OVUcgc3RhcnRlZCBhIFNELVdB TiBFeGNoYW5nZSBXRy4gSG93ZXZlciwgT05VRyBpcyBub3QgYSBzdGFuZGFyZCBvcmdhbml6YXRp b24uIFRoZWlyIG1haW4gZ29hbCBpcyB0byBpZGVudGlmeSB1c2UgY2FzZXMsIHJlcXVpcmVtZW50 cywgZXRjLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5XZWxs LCBTRC1XQU4gaGFzIG90aGVyIGlzc3VlcywgbGlrZSBTRC1XQU4gc29sdXRpb24gYnVpbGRzIHBv aW50LXRvLXBvaW50IG92ZXJsYXkgcGF0aHMgYmV0d2VlbiB0d28gZW5kLXBvaW50cyAob3IgYnJh bmNoIG9mZmljZXMpIGFzIGFsdGVybmF0aXZlIHBhdGhzLiBIb3dldmVyLA0KIG1vc3QgZW50ZXJw cmlzZXMgbmVlZCBtdWx0aS1wb2ludCBpbnRlcmNvbm5lY3Rpb24gYW1vbmcgbXVsdGlwbGUgbG9j YXRpb25zLCBhcyBkb25lIGJ5IE1QTFMgTDIvTDMtVlBOLiBVc2luZyBTRC1XQU4gb3ZlcmxheSBw YXRocyB0byBhY2hpZXZlIGFueSB0byBhbnkgbWVzaCBpbnRlcmNvbm5lY3Rpb24gYW1vbmcgYWxs IGJyYW5jaGVzIG5vdCBvbmx5IHJlcXVpcmVzIGFsbCBicmFuY2hlcyBDUEVzIHRvIGJlIHVwZ3Jh ZGVkLCBidXQgYWxzbyByZXF1aXJlDQogQ1BFcyB0byBtYW5hZ2Ugcm91dGluZyBhbW9uZyBvdGhl ciBDUEVzIGxvY2F0ZWQgYXQgb3RoZXIgbG9jYXRpb25zLCB3aGljaCBkcmFtYXRpY2FsbHkgaW5j cmVhc2UgdGhlIGNvbXBsZXhpdHkgb2YgdGhlIENQRXMuIEFsbW9zdCBsaWtlIGdvaW5nIGJhY2sg dG8gdGhlIGNvbXBsZXhpdHkgb2YgZnJhbWUgcmVsYXkgd2hlcmUgZWFjaCBDUEUgbmVlZHMgbWFp bnRhaW4gbWVzaCByb3V0aW5nIGZvciBhbGwgZGVzdGluYXRpb25zLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdE Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkxpbmRh DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJf TWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L2E+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9i PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZiI+IFlvYXYgTmlyIFttYWlsdG86eW5pci5pZXRmQGdtYWlsLmNvbV0N Cjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlkYXksIFNlcHRlbWJlciAwOCwgMjAxNyAxMjozNiBBTTxi cj4NCjxiPlRvOjwvYj4gTGluZGEgRHVuYmFyICZsdDtsaW5kYS5kdW5iYXJAaHVhd2VpLmNvbSZn dDs8YnI+DQo8Yj5DYzo8L2I+IGkybnNmQGlldGYub3JnOyBJUHNlY01FIFdHICZsdDtpcHNlY0Bp ZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IHlvdXIgZXhhbXBsZSAobGlrZSBH YXApIGFib3V0IElQU2VjIFZQTiBnYXRld2F5IGRlcGxveWVkIGluIHNob3BwaW5nIG1hbGwgbm90 IGF3YXJlIG9mIHdoZXJlIHRoZSBjb250cm9sbGVyIGlzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpLCBMaW5kYTxvOnA+PC9vOnA+PC9wPg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIHJlYXNvbiBJIGJyb3VnaHQgdXAgdGhlIEdhcCB3 YXMgYmVjYXVzZSB0aGV5IGRlc2NyaWJlZCB0aGVpciBuZXR3b3JrIGluIGEgUGFja2V0IFB1c2hl cuKAmXMgZXBpc29kZSAoWzFdKS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+QW5kIHRoZSBzb2x1dGlvbiBmb3IgdGhlbSB3YXMgc29tZSB2ZW5k b3LigJlzIFNELVdBTiBzb2x1dGlvbi4gQXMgZmFyIGFzIEkgY2FuIHRlbGwsIGVhY2ggdmVuZG9y 4oCZcyBTRC1XQU4gc29sdXRpb24gaXMgcHJvcHJpZXRhcnkgYW5kIG5vbi1pbnRlcm9wZXJhYmxl IHdpdGggb3RoZXIgdmVuZG9yc+KAmSBTRC1XQU4gc29sdXRpb24uPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYXQgdmVuZG9yIChWaXB0ZWxh LCBzaW5jZSB0aGVuIG1lcmdlZCB3aXRoIENpc2NvKSB1c2VzIEJHUCBvbiBhIGxhcmdlIHNjYWxl IHRvIHBhc3MgY29uZmlndXJhdGlvbiBpbmZvcm1hdGlvbiBiZXR3ZWVuIENQRSBkZXZpY2VzIGFu ZCBkYXRhIGNlbnRlciBkZXZpY2VzLCBhbmQgYW4gU0QtV0FOIGNvbnRyb2xsZXIgdG8gbWFuYWdl IGl0IGFsbC4gJm5ic3A7T3RoZXIgdmVuZG9ycyB1c2Ugb3RoZXIgdGVjaG5vbG9neQ0KIHRvIGxl YXJuIHByb3RlY3RlZCBkb21haW5zLCBhbmQgYXMgSSBtZW50aW9uZWQsIHRoZXJlIHdhcyBhbiBh dHRlbXB0IHRvIHN0YW5kYXJkaXplIHNvbWV0aGluZyBpbiBJUHNlY01FIGEgZmV3IHllYXJzIGFn bywgYnV0IHRoYXQgZmFpbGVkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5UaGUgZHJhZnQgd2Ugd2VyZSBkaXNjdXNzaW5nIGhhcyBubyB3YXkg dG8gdHJhbnNmZXIgZG9tYWluIGluZm9ybWF0aW9uIGZyb20gdGhlIENQRXMgdG8gdGhlIGNvbnRy b2xsZXIgb3IgdG8gb3RoZXIgQ1BFcywgc28gSSBhc3N1bWUgdGhhdCBpdCBkb2VzIG5vdCBmaXQg dGhpcyB1c2UgY2FzZS4gJm5ic3A7QXQgbGVhc3Qgbm90IGluIGl0cyBjdXJyZW50IGZvcm0uPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPllvYXY8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+WzFd Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3BhY2tldHB1c2hlcnMubmV0L3BvZGNhc3QvcG9kY2FzdHMv c2hvdy0yNzQtcGFja2V0LXB1c2hlcnMtbGl2ZS12aXB0ZWxhLXRocmVlLXJlYWwtd29ybGQtc2Qt d2FuLWRlcGxveW1lbnRzLXNwb25zb3JlZC8iPmh0dHA6Ly9wYWNrZXRwdXNoZXJzLm5ldC9wb2Rj YXN0L3BvZGNhc3RzL3Nob3ctMjc0LXBhY2tldC1wdXNoZXJzLWxpdmUtdmlwdGVsYS10aHJlZS1y ZWFsLXdvcmxkLXNkLXdhbi1kZXBsb3ltZW50cy1zcG9uc29yZWQvPC9hPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJv dHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gNyBTZXAgMjAxNywg YXQgMjI6MzMsIExpbmRhIER1bmJhciAmbHQ7PGEgaHJlZj0ibWFpbHRvOmxpbmRhLmR1bmJhckBo dWF3ZWkuY29tIj5saW5kYS5kdW5iYXJAaHVhd2VpLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5Z b2F2LDxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+QXQgeWVzdGVyZGF54oCZ cyBJMk5TRiBJbnRlcmltIG1lZXRpbmcsIHlvdSBkZXNjcmliZWQgYW4gZXhhbXBsZSBvZiBHYXAg aGF2aW5nIHRob3VzYW5kcyBvZiBsb2NhdGlvbnMgYW5kIG1vc3Qgb2YgdGhlbSBhcmUgaW4gYSBt YWxsIHdoZXJlIHB1YmxpYyBuZXR3b3JrIGlzIGF2YWlsYWJsZS4gWW91IHNhaWQNCiB0aGF0IHR5 cGljYWxseSB0aGUgVlBOIGdhdGV3YXkgcGxhY2VkIGluIHRoZSBzdG9yZSBoYXMgbm8ga25vd2xl ZGdlIG9mIHRoZSBnbG9iYWwgbmV0d29yayB0b3BvbG9neSwgbm9yIGRvZXMgaXQga25vdyB3aGVy ZSB0aGUgY29udHJvbGxlciBpcyBsb2NhdGVkLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmIj5Ub2RheSwgbWFueSB2ZW5kb3Jz4oCZIHJlbW90ZSBDUEVzIHN1cHBv cnQgT05VR+KAmXMgU0QtV0FOIOKAnFplcm8tdG91Y2ggZGVwbG95bWVudOKAnSByZXF1aXJlbWVu dCwgd2hlcmUgdGhlIHJlbW90ZSBDUEVzIGRldmljZXMgY2FuIGJlIGNvbm5lY3RlZCB0byBpdHMg Y29udHJvbGxlciB2aWEgYmFyY29kZSBzY2FuL2VtYWlsL2V0Yy48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+RG9lcyBpdCBzb2x2ZSB0aGUgcHJvYmxlbT88c3Bh biBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPlRoYW5rcyw8c3BhbiBjbGFzcz0iYXBw bGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5M aW5kYTwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+ DQo= --_000_4A95BA014132FF49AE685FAB4B9F17F6594703D1SJCEML702CHMchi_-- From nobody Fri Sep 8 09:24:35 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D434132A65; Fri, 8 Sep 2017 09:24:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZS1ZP4VUGve; Fri, 8 Sep 2017 09:24:32 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CC2313202D; Fri, 8 Sep 2017 09:24:31 -0700 (PDT) Received: from 172.18.7.190 (EHLO LHREML710-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOF03585; Fri, 08 Sep 2017 16:24:29 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by LHREML710-CAH.china.huawei.com (10.201.108.33) with Microsoft SMTP Server (TLS) id 14.3.301.0; Fri, 8 Sep 2017 17:24:29 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.148]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Fri, 8 Sep 2017 09:24:24 -0700 From: Linda Dunbar To: Yoav Nir , IPsecME WG , "i2nsf@ietf.org" CC: Kathleen Moriarty Thread-Topic: Meeting minutes of the i2nsf WG Virtual Meeting on SDN Controlled IPSec Key management (2017-09-06) Thread-Index: AdMovq1LN5hdcFE9T9OkhCgiGc5Nsg== Date: Fri, 8 Sep 2017 16:24:24 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F659470417@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F659470417SJCEML702CHMchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.59B2C43E.004D, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.148, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: afde7dab24ef1528bb6b7d55fdd9c9af Archived-At: Subject: [IPsec] Meeting minutes of the i2nsf WG Virtual Meeting on SDN Controlled IPSec Key management (2017-09-06) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 16:24:34 -0000 --_000_4A95BA014132FF49AE685FAB4B9F17F659470417SJCEML702CHMchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Here is the meeting minutes of the i2nsf WG Virtual Meeting on SDN Controll= ed IPSec Key management: https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials/minute= s-interim-2017-i2nsf-01-201709061600/ You can also view the chat history of the session: https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials/slides= -interim-2017-i2nsf-01-sessa-sept-6-interim-chat-record/ Linda & Yoav. From: Linda Dunbar Sent: Wednesday, September 06, 2017 5:30 PM To: 'Yoav Nir' ; IPsecME WG ; i2nsf@ie= tf.org Cc: 'Kathleen Moriarty' Subject: WebEx recording of the i2nsf WG Virtual Meeting on SDN Controlled = IPSec Key management (2017-09-06) Thanks to many people actively participating & contributing to the discussi= on. It was a very productive meeting. Yoav and I will put the meeting minut= es together. Here is the Video Recording of the session: https://ietf.webex.com/ietf/ld= r.php?RCID=3D04303a15dda9bff7d8011a253800736e The Interim meeting presentation material and the link to the video are als= o posted in the I2NSF Wiki page for future references: https://trac.ietf.= org/trac/i2nsf Linda & Yoav From: IESG Secretary > Subject: [I2nsf] Interface to Network Security Functions (i2nsf) WG Virtual= Meeting: 2017-09-06 Date: 22 August 2017 at 23:26:29 GMT+3 To: "IETF-Announce" > Cc: i2nsf@ietf.org The Interface to Network Security Functions (i2nsf) Working Group will hold a virtual interim meeting on 2017-09-06 from 16:00 to 17:30 UTC. Agenda (times in GMT): 16:00 - Welcome, Note Well and Agenda Bashing 16:10 - Uses of IPsec (Paul W) 16:15 - Scope of draft-abad (Gabriel/Rafa) 16:20 - Open discussion about scope. 16:50 - Against IPsec without IKE (Tero) 16:55 - The case for IPsec without IKE (Gabriel/Rafa) 17:00 - Open discussion 17:20 - Conclusion and next steps. Information about remote participation: Call-in details will be sent a week before. The purpose of this meeting is to discuss the objections to draft-abad-i2ns= f-sdn-ipsec-flow-protection. _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf --_000_4A95BA014132FF49AE685FAB4B9F17F659470417SJCEML702CHMchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Here is the meeting minutes of the i2= nsf WG Virtual Meeting on SDN Controlled IPSec Key management:

https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/mat= erials/minutes-interim-2017-i2nsf-01-201709061600/

 

You can also view the chat history of= the session:

https://datatracker.ietf.org/meeting/interi= m-2017-i2nsf-01/materials/slides-interim-2017-i2nsf-01-sessa-sept-6-interim= -chat-record/

 

Linda & Yoav.

&nbs= p;

From: Linda Dunbar
Sent: Wednesday, September 06, 2017 5:30 PM
To: 'Yoav Nir' <ynir.ietf@gmail.com>; IPsecME WG <ipsec@iet= f.org>; i2nsf@ietf.org
Cc: 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>
Subject: WebEx recording of the i2nsf WG Virtual Meeting on SDN Cont= rolled IPSec Key management (2017-09-06)

 

Thanks to many people actively partic= ipating & contributing to the discussion. It was a very productive meet= ing. Yoav and I will put the meeting minutes together.

 

Here is the Video Recording of the se= ssion:  https://ietf.webex.com/ietf/ldr.php?RCID=3D04303a= 15dda9bff7d8011a253800736e

 

 

The Interim meeting presentation mate= rial and the link to the video are also posted in the I2NSF Wiki page for f= uture references:   https://trac.ietf.org/trac/i2nsf

 

Linda & Yoav

 

 

From: IESG Secretary <iesg-secre= tary@ietf.org>

Subject: [I2nsf] Interface to Network Security Functions (i2nsf) WG V= irtual Meeting: 2017-09-06

Date: 22 August 2017 at 23:26:29 GMT+3

To: "IETF-Announce" <ie= tf-announce@ietf.org>

 

The Interface to Network Security Functions (i2nsf) = Working Group will hold
a virtual interim meeting on 2017-09-06 from 16:00 to 17:30 UTC.

Agenda (times in GMT):
16:00 - Welcome, Note Well and Agenda Bashing
16:10 - Uses of IPsec (Paul W)
16:15 - Scope of draft-abad (Gabriel/Rafa)
16:20 - Open discussion about scope.
16:50 - Against IPsec without IKE (Tero)
16:55 - The case for IPsec without IKE (Gabriel/Rafa)
17:00 - Open discussion
17:20 - Conclusion and next steps.

Information about remote participation:
Call-in details will be sent a week before.

The purpose of this meeting is to discuss the objections to draft-abad-i2ns= f-sdn-ipsec-flow-protection.

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.or= g/mailman/listinfo/i2nsf

 

--_000_4A95BA014132FF49AE685FAB4B9F17F659470417SJCEML702CHMchi_-- From nobody Mon Sep 11 15:13:01 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDEF6132D89 for ; Mon, 11 Sep 2017 15:12:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pR1xoYcSN3w7 for ; Mon, 11 Sep 2017 15:12:57 -0700 (PDT) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4401126B71 for ; Mon, 11 Sep 2017 15:12:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1792; q=dns/txt; s=iport; t=1505167977; x=1506377577; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=64W3JZ6ZcFIsREMTdjviLT9wp+vzdk+bOp/SV8j6If0=; b=V7r4440VP/mszmOpU6aq+JT9YXXQ3x8MHPsE53vAtnCW8IPah2z82CBt NZxwnpAOSVSQ8DpTN3pKCDbyoaLN4DEiOg+oEh1Z9iHCFMC08TRo5Xmm5 bepctdSnamqmJKJSWVkVP+pnI3unCkh959fF4Mflpa3mGT8yDSJyxdHAR A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C6AACNCbdZ/5hdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1tkbicHjhGQI4F0limCEgoYC4UbAoQjPxgBAgEBAQEBAQFrKIU?= =?us-ascii?q?YAQEBBAEBJRM0FwQCAQgOAwQBAR8JBycLFAkIAgQBEgiKKRCsZDqLMAEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBARgFgyuCAoFQgWODKIprBZg0iEAClEaSepR+AhEZAYE?= =?us-ascii?q?4AR84gQ13FUqHG3aJe4EPAQEB?= X-IronPort-AV: E=Sophos;i="5.42,380,1500940800"; d="scan'208";a="292220848" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Sep 2017 22:12:56 +0000 Received: from XCH-ALN-009.cisco.com (xch-aln-009.cisco.com [173.36.7.19]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v8BMCuAS003531 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 11 Sep 2017 22:12:56 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-009.cisco.com (173.36.7.19) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 11 Sep 2017 17:12:55 -0500 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1263.000; Mon, 11 Sep 2017 17:12:55 -0500 From: "Panos Kampanakis (pkampana)" To: Derrell Piper , "ipsec@ietf.org WG" Thread-Topic: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Thread-Index: AQHTGGR1juMkEWgpNEmBeMtf53kCNqKv2y8w Date: Mon, 11 Sep 2017 22:12:55 +0000 Message-ID: <9aac45e051ab4a8691773f15e336610b@XCH-ALN-010.cisco.com> References: <22933.40647.462618.166901@fireball.acr.fi> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.108.5] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2017 22:12:59 -0000 Thank you Derrel. Getting to this a little late.=20 All your comments will be addressed in the next iteration.=20 We will add some clarification text to clear up your points about rfc6023. = About rfc6030 we will make clear that this out of scope of this doc or IKE,= but it will just be an informative reference.=20 Panos -----Original Message----- From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Derrell Piper Sent: Friday, August 18, 2017 4:56 PM To: ipsec@ietf.org WG Subject: Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Notes on draft-fluhrer-qr-ikev2-04, mostly nits: pp. 1 "...pose a serious challenge to cryptography algorithms [deployed?] widely = today." pp. 2 "when might one be implemented" -> "when one might be implemented" pp. 3 The Changes section wording confuses me. Does that mean, relative to the l= ast draft? Or does it mean those were the change in -03? pp. 4 "...then it must check if has a..." -> "...if it has a..." pp. 8 "Algorithm=3Durn:ietf:params:xml:ns:keyprov:pskc:pin" RE: rfc6030, any chance we can not refer to an RFC with XML in it? I stron= gly object to XML. Does IKEv2 reference any XML? (sticks fingers in ears.= ..) pp. 9 RE: rfc6023 text I would prefer text here that suggests exactly how to achieve post-quantum = ID confidentiality. This is vague and that means people will implement it = all over the map. I also don't think Child SAs should ever have been made = mandatory, so refering to rfc6023 is fine. Overall, I think this document should advance. This is nice and simple, mo= re or less. Derrell _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From nobody Mon Sep 11 15:20:00 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16E56132F61; Mon, 11 Sep 2017 15:19:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.72 X-Spam-Level: X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=WWAGr2IW; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=phowmbC4 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WK9519lPHi3; Mon, 11 Sep 2017 15:19:50 -0700 (PDT) Received: from esa4.dell-outbound.iphmx.com (esa4.dell-outbound.iphmx.com [68.232.149.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCCD9126B71; Mon, 11 Sep 2017 15:19:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1505168389; x=1536704389; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=sVppLhMWUW0OIukMfGVlgz7q8/QQUsmE1+j6Z4WyA3k=; b=WWAGr2IWj0xgDYisEEvMIBN/lGQXMtsqbZEqPVN0K0XefequQUat/yvz wfiKHVkp8DUp3WpWLhZ2tgHJP9cNpOL366MKzdov0mtHQNvJAXJ9yxjjL zEC0uve+KpYqrNikjfeA0npq9SOSNYrUCow10POg+MYqEWQoptIlivOIu k=; Received: from esa4.dell-outbound2.iphmx.com ([68.232.154.98]) by esa4.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Sep 2017 17:19:49 -0500 From: "Black, David" Cc: "Black, David" , "mcgrew@cisco.com" Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa4.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2017 04:19:47 +0600 Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd53.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8BMJixx012806 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 11 Sep 2017 18:19:46 -0400 X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com v8BMJixx012806 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1505168387; bh=wPkzRkdtkSy4awO9OFDnW5PzCKI=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=phowmbC4ostpI9f/7zcpIup2rA+vsB8CfE5j19q7OG4Za6C0r18kjTW09C8vUQaGe 8P7I7PD7vJgbacMrXRAA/o7EOqDdPiKTC4toMI554Vzf8T1PDolN0hdVEPjlad2nnq GWdNs8a3vMvMamR7na0mRludcWE8aFhHqyE0du4c= X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd53.lss.emc.com v8BMJixx012806 Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd55.lss.emc.com (RSA Interceptor); Mon, 11 Sep 2017 18:18:54 -0400 Received: from MXHUB308.corp.emc.com (MXHUB308.corp.emc.com [10.146.3.34]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8BMJLln004143 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Mon, 11 Sep 2017 18:19:22 -0400 Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB308.corp.emc.com ([10.146.3.34]) with mapi id 14.03.0352.000; Mon, 11 Sep 2017 18:19:21 -0400 To: RFC Errata System , "iesg@ietf.org" , "ipsec@ietf.org" , "andrew.cagney@gmail.com" Thread-Topic: [Technical Errata Reported] RFC5282 (5109) Thread-Index: AQHTKLTyGnfemzrL+0Cuzv8zcKOWh6KwQcPQ Date: Mon, 11 Sep 2017 22:19:20 +0000 Message-ID: References: <20170908151242.77FC0B800F7@rfc-editor.org> In-Reply-To: <20170908151242.77FC0B800F7@rfc-editor.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.238.44.138] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com X-RSA-Classifications: public Archived-At: Subject: Re: [IPsec] [Technical Errata Reported] RFC5282 (5109) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2017 22:19:52 -0000 W0FkZGluZyB0aGUgSVBzZWMgbWFpbGluZyBsaXN0Ll0NCg0KPiBOb3Rlcw0KPiAtLS0tLQ0KPiBS RkMtNzI5NiBhbmQgUkZDLTUyODIgY29udHJhZGljdCBlYWNoIG90aGVyICh5ZXQgUkZDLTcyOTYg Y2l0ZXMgUkZDLTUyODIgd2l0aG91dCBhbnkgY2xhcmlmaWNhdGlvbik6DQo+IA0KPiAtIFJGQy03 Mjk2IGV4cGxpY2l0bHkgZGlzYWxsb3dzIG1peGluZyBBRUFEIGFuZCBub24tQUVBRCBhbGdvcml0 aG1zIGluIGEgc2luZ2xlDQo+ICAgcHJvcG9zYWw7IFJGQy01MjgyIGRvZXMgbm90IChhbmQgc3Ry b25nbHkgaW1wbGllcyBpdCBpcyBhbGxvd2VkKQ0KPiANCj4gLSBSRkMtNzI5NiBhbGxvd3MgJ25v bmUnIGludGVncml0eSBpbiBhbiBBRUFELW9ubHkgcHJvcG9zYWw7IFJGQy01MjgyIGRvZXMgbm90 Lg0KDQpQbGVhc2UgcHJvdmlkZSBwb2ludGVycyB0byB0aGUgUkZDIDcyOTYgdGV4dCB0aGF0IHN1 cHBvcnRzIGVhY2ggb2YgdGhlc2UgYXNzZXJ0aW9ucy4NCg0KVGhhbmtzLCAtLURhdmlkDQotLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQpEYXZpZCBMLiBCbGFjaywgRGlzdGluZ3Vpc2hlZCBFbmdpbmVlcg0KRGVsbCBFTUMsIDE3 NiBTb3V0aCBTdC4sIEhvcGtpbnRvbiwgTUHCoCAwMTc0OA0KKzEgKDUwOCkgMjkzLTc5NTPCoMKg ICBNb2JpbGU6ICsxICg5NzgpIDM5NC03NzU0DQpEYXZpZC5CbGFja0BkZWxsLmNvbQ0KLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQ0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IFJGQyBFcnJhdGEgU3lz dGVtIFttYWlsdG86cmZjLWVkaXRvckByZmMtZWRpdG9yLm9yZ10NCj4gU2VudDogRnJpZGF5LCBT ZXB0ZW1iZXIgOCwgMjAxNyAxMToxMyBBTQ0KPiBUbzogQmxhY2ssIERhdmlkIDxkYXZpZC5ibGFj a0BlbWMuY29tPjsgbWNncmV3QGNpc2NvLmNvbTsgaWVzZ0BpZXRmLm9yZw0KPiBDYzogYW5kcmV3 LmNhZ25leUBnbWFpbC5jb207IHJmYy1lZGl0b3JAcmZjLWVkaXRvci5vcmcNCj4gU3ViamVjdDog W1RlY2huaWNhbCBFcnJhdGEgUmVwb3J0ZWRdIFJGQzUyODIgKDUxMDkpDQo+IA0KPiBUaGUgZm9s bG93aW5nIGVycmF0YSByZXBvcnQgaGFzIGJlZW4gc3VibWl0dGVkIGZvciBSRkM1MjgyLA0KPiAi VXNpbmcgQXV0aGVudGljYXRlZCBFbmNyeXB0aW9uIEFsZ29yaXRobXMgd2l0aCB0aGUgRW5jcnlw dGVkIFBheWxvYWQgb2YNCj4gdGhlIEludGVybmV0IEtleSBFeGNoYW5nZSB2ZXJzaW9uIDIgKElL RXYyKSBQcm90b2NvbCIuDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQ0KPiBZb3UgbWF5IHJldmlldyB0aGUgcmVwb3J0IGJlbG93IGFuZCBhdDoNCj4gaHR0cDov L3d3dy5yZmMtZWRpdG9yLm9yZy9lcnJhdGEvZWlkNTEwOQ0KPiANCj4gLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gVHlwZTogVGVjaG5pY2FsDQo+IFJlcG9ydGVkIGJ5 OiBBbmRyZXcgQ2FnbmV5IDxhbmRyZXcuY2FnbmV5QGdtYWlsLmNvbT4NCj4gDQo+IFNlY3Rpb246 IDguDQo+IA0KPiBPcmlnaW5hbCBUZXh0DQo+IC0tLS0tLS0tLS0tLS0NCj4gOC4gIElLRXYyIEFs Z29yaXRobSBTZWxlY3Rpb24NCj4gDQo+ICAgIFRoaXMgc2VjdGlvbiBhcHBsaWVzIHRvIHRoZSB1 c2Ugb2YgYW55IGF1dGhlbnRpY2F0ZWQgZW5jcnlwdGlvbg0KPiAgICBhbGdvcml0aG0gd2l0aCB0 aGUgSUtFdjIgRW5jcnlwdGVkIFBheWxvYWQgYW5kIGlzIHVuaXF1ZSB0byB0aGF0DQo+ICAgIHVz YWdlLg0KPiANCj4gICAgSUtFdjIgKFNlY3Rpb24gMy4zLjMgb2YgW1JGQzQzMDZdKSBzcGVjaWZp ZXMgdGhhdCBib3RoIGFuIGVuY3J5cHRpb24NCj4gICAgYWxnb3JpdGhtIGFuZCBhbiBpbnRlZ3Jp dHkgY2hlY2tpbmcgYWxnb3JpdGhtIGFyZSByZXF1aXJlZCBmb3IgYW4gSUtFDQo+ICAgIFNBIChT ZWN1cml0eSBBc3NvY2lhdGlvbikuICBUaGlzIGRvY3VtZW50IHVwZGF0ZXMgW1JGQzQzMDZdIHRv DQo+ICAgIHJlcXVpcmUgdGhhdCB3aGVuIGFuIGF1dGhlbnRpY2F0ZWQgZW5jcnlwdGlvbiBhbGdv cml0aG0gaXMgc2VsZWN0ZWQNCj4gICAgYXMgdGhlIGVuY3J5cHRpb24gYWxnb3JpdGhtIGZvciBh bnkgU0EgKElLRSBvciBFU1ApLCBhbiBpbnRlZ3JpdHkNCj4gICAgYWxnb3JpdGhtIE1VU1QgTk9U IGJlIHNlbGVjdGVkIGZvciB0aGF0IFNBLiAgVGhpcyBkb2N1bWVudCBmdXJ0aGVyDQo+ICAgIHVw ZGF0ZXMgW1JGQzQzMDZdIHRvIHJlcXVpcmUgdGhhdCBpZiBhbGwgb2YgdGhlIGVuY3J5cHRpb24g YWxnb3JpdGhtcw0KPiAgICBpbiBhbnkgcHJvcG9zYWwgYXJlIGF1dGhlbnRpY2F0ZWQgZW5jcnlw dGlvbiBhbGdvcml0aG1zLCB0aGVuIHRoZQ0KPiAgICBwcm9wb3NhbCBNVVNUIE5PVCBwcm9wb3Nl IGFueSBpbnRlZ3JpdHkgdHJhbnNmb3Jtcy4NCj4gDQo+IENvcnJlY3RlZCBUZXh0DQo+IC0tLS0t LS0tLS0tLS0tDQo+IDguICBJS0V2MiBBbGdvcml0aG0gU2VsZWN0aW9uDQo+IA0KPiBJS0V2MiBb cmZjNzI5Nl0sIHNlY3Rpb24gMy4zLiBTZWN1cml0eSBBc3NvY2lhdGlvbiBQYXlsb2FkLCBzcGVj aWZpZXMNCj4gQUVBRCBhbGdvcml0aG0gc2VsZWN0aW9uLg0KPiANCj4gDQo+IE5vdGVzDQo+IC0t LS0tDQo+IFJGQy03Mjk2IGFuZCBSRkMtNTI4MiBjb250cmFkaWN0IGVhY2ggb3RoZXIgKHlldCBS RkMtNzI5NiBjaXRlcyBSRkMtNTI4Mg0KPiB3aXRob3V0IGFueQ0KPiBjbGFyaWZpY2F0aW9uKToN Cj4gDQo+IC0gUkZDLTcyOTYgZXhwbGljaXRseSBkaXNhbGxvd3MgbWl4aW5nIEFFQUQgYW5kIG5v bi1BRUFEIGFsZ29yaXRobXMgaW4gYQ0KPiBzaW5nbGUNCj4gICBwcm9wb3NhbDsgUkZDLTUyODIg ZG9lcyBub3QgKGFuZCBzdHJvbmdseSBpbXBsaWVzIGl0IGlzIGFsbG93ZWQpDQo+IA0KPiAtIFJG Qy03Mjk2IGFsbG93cyAnbm9uZScgaW50ZWdyaXR5IGluIGFuIEFFQUQtb25seSBwcm9wb3NhbDsg UkZDLTUyODIgZG9lcw0KPiBub3QNCj4gDQo+IEluc3RydWN0aW9uczoNCj4gLS0tLS0tLS0tLS0t LQ0KPiBUaGlzIGVycmF0dW0gaXMgY3VycmVudGx5IHBvc3RlZCBhcyAiUmVwb3J0ZWQiLiBJZiBu ZWNlc3NhcnksIHBsZWFzZQ0KPiB1c2UgIlJlcGx5IEFsbCIgdG8gZGlzY3VzcyB3aGV0aGVyIGl0 IHNob3VsZCBiZSB2ZXJpZmllZCBvcg0KPiByZWplY3RlZC4gV2hlbiBhIGRlY2lzaW9uIGlzIHJl YWNoZWQsIHRoZSB2ZXJpZnlpbmcgcGFydHkNCj4gY2FuIGxvZyBpbiB0byBjaGFuZ2UgdGhlIHN0 YXR1cyBhbmQgZWRpdCB0aGUgcmVwb3J0LCBpZiBuZWNlc3NhcnkuDQo+IA0KPiAtLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBSRkM1MjgyIChkcmFmdC1ibGFjay1pcHNl Yy1pa2V2Mi1hZWFkLW1vZGVzLTAxKQ0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLQ0KPiBUaXRsZSAgICAgICAgICAgICAgIDogVXNpbmcgQXV0aGVudGljYXRlZCBFbmNy eXB0aW9uIEFsZ29yaXRobXMgd2l0aCB0aGUgRW5jcnlwdGVkDQo+IFBheWxvYWQgb2YgdGhlIElu dGVybmV0IEtleSBFeGNoYW5nZSB2ZXJzaW9uIDIgKElLRXYyKSBQcm90b2NvbA0KPiBQdWJsaWNh dGlvbiBEYXRlICAgIDogQXVndXN0IDIwMDgNCj4gQXV0aG9yKHMpICAgICAgICAgICA6IEQuIEJs YWNrLCBELiBNY0dyZXcNCj4gQ2F0ZWdvcnkgICAgICAgICAgICA6IFBST1BPU0VEIFNUQU5EQVJE DQo+IFNvdXJjZSAgICAgICAgICAgICAgOiBJRVRGIC0gTk9OIFdPUktJTkcgR1JPVVANCj4gQXJl YSAgICAgICAgICAgICAgICA6IE4vQQ0KPiBTdHJlYW0gICAgICAgICAgICAgIDogSUVURg0KPiBW ZXJpZnlpbmcgUGFydHkgICAgIDogSUVTRw0K From nobody Mon Sep 11 21:21:02 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB6A1321A6; Mon, 11 Sep 2017 21:20:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2pBBsbszNnb; Mon, 11 Sep 2017 21:20:53 -0700 (PDT) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F00C3128D0D; Mon, 11 Sep 2017 21:20:52 -0700 (PDT) Received: by mail-wm0-x236.google.com with SMTP id 189so13542988wmh.1; Mon, 11 Sep 2017 21:20:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=+ePnFo52aF5iRhQFJ28n+8A4HNhQuRdL1gpplSgDuLc=; b=pImCgVqhizqx9DBQTPvTb/nlquqh82aBnhx5E+QPG+UNYPsK+KNt6vU9+VIdsncyLJ pBa4lVLWt+UVrkYXnGfdFfZZmcLhePOvrvrr7ddte6HHnC4JQX3EpDtE4jP+5S8mfHxB uqArOwzFKjfwRo1nzxqPf+rZQ6xDDGpwr1UusW2U6/5wRfTviSo7LC/yaQethirZOtft 2sT3hXcKilch5Jg74G3KDaECTyNcuwPbV/hJXEYemmihxP5pBxMMolEwLoS9RnqRxw3B TcIvNIn8JZONpsuUTuqo0sc+Y1uPbgXJ0mZW5KYTJAF/f8OP6sWkaJmQlA+OPH4Vjf7H Qzmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=+ePnFo52aF5iRhQFJ28n+8A4HNhQuRdL1gpplSgDuLc=; b=piEHf6SutHofzDjCJOOcDmK5L9WHnyE2Qadm9MXMaRniAq91dSz/Q/WNG9EVIR18Gu DVy/QJOWo9t94TCkujzWM6C/ThqX8mlmd8QynhwbvFjPuUlyaPUa/rJ+Oex21YumOlYZ vkpmhXNJfG6I0dm5u8gAk9W5WX6f7ZZ60aLIQDG3GKZI/fL6xTFav3c25Bo7KEY2UxYo O5OI0RXkDjI9sNUVHk+5CMCA99mOj3dJKAzJpnIGwKNm7NzWlomxU9mOXhNuZc69iD35 iKjwubm+R2FryE6eGmTxrTuJaouSffFHGD7nR30wl5YJ3vm3lxQslta2PnoqXqMYGcrO KCpw== X-Gm-Message-State: AHPjjUiDpYRK9hn2EGxo4KOdzhBXbVI7kP2XMSyNwywTrHTqD8fKNfoi Q9+L9PuMJmlk7A== X-Google-Smtp-Source: ADKCNb7VJT/nEYYUpsvAyT5OKna3F2QT5U1NloWGneeEh2UkUZDm2lboEYclKTbeSnIIdHwQJDEtdw== X-Received: by 10.80.215.3 with SMTP id t3mr3134005edi.45.1505190051483; Mon, 11 Sep 2017 21:20:51 -0700 (PDT) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id x29sm174910eda.51.2017.09.11.21.20.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Sep 2017 21:20:50 -0700 (PDT) From: Yoav Nir Message-Id: <775FD951-C055-4298-8278-2CD7C7FE6073@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_9530EE72-59A8-4869-91EA-2EF8514BEA39"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Tue, 12 Sep 2017 07:20:47 +0300 In-Reply-To: Cc: RFC Errata System , "iesg@ietf.org" , "ipsec@ietf.org" , "andrew.cagney@gmail.com" , "mcgrew@cisco.com" To: "Black, David" References: <20170908151242.77FC0B800F7@rfc-editor.org> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [IPsec] [Technical Errata Reported] RFC5282 (5109) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 04:20:55 -0000 --Apple-Mail=_9530EE72-59A8-4869-91EA-2EF8514BEA39 Content-Type: multipart/alternative; boundary="Apple-Mail=_0CACBF70-1F3C-418E-A076-F9B2389DB420" --Apple-Mail=_0CACBF70-1F3C-418E-A076-F9B2389DB420 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi, David. Section 2.7 last paragraph: If an initiator proposes both normal ciphers with integrity protection as well as combined-mode ciphers, then two proposals are needed. One of the proposals includes the normal ciphers with the integrity algorithms for them, and the other proposal includes all the combined-mode ciphers without the integrity algorithms (because combined-mode ciphers are not allowed to have any integrity algorithm other than "NONE"). if you allow one proposal to specify = (ENCR-AES-CBC,ENCR-AES-GCM,AUTH-None,AUTH-HMAC-SHA1) then the responder = can validly select (ENCR-AES-GCM,AUTH-HMAC-SHA1) and that=E2=80=99s not = a valid combination. Yoav > On 12 Sep 2017, at 1:19, Black, David wrote: >=20 > [Adding the IPsec mailing list.] >=20 >> Notes >> ----- >> RFC-7296 and RFC-5282 contradict each other (yet RFC-7296 cites = RFC-5282 without any clarification): >>=20 >> - RFC-7296 explicitly disallows mixing AEAD and non-AEAD algorithms = in a single >> proposal; RFC-5282 does not (and strongly implies it is allowed) >>=20 >> - RFC-7296 allows 'none' integrity in an AEAD-only proposal; RFC-5282 = does not. >=20 > Please provide pointers to the RFC 7296 text that supports each of = these assertions. >=20 > Thanks, --David > ---------------------------------------------------------------- > David L. Black, Distinguished Engineer > Dell EMC, 176 South St., Hopkinton, MA 01748 > +1 (508) 293-7953 Mobile: +1 (978) 394-7754 > David.Black@dell.com > ---------------------------------------------------------------- >=20 >> -----Original Message----- >> From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] >> Sent: Friday, September 8, 2017 11:13 AM >> To: Black, David ; mcgrew@cisco.com; = iesg@ietf.org >> Cc: andrew.cagney@gmail.com; rfc-editor@rfc-editor.org >> Subject: [Technical Errata Reported] RFC5282 (5109) >>=20 >> The following errata report has been submitted for RFC5282, >> "Using Authenticated Encryption Algorithms with the Encrypted Payload = of >> the Internet Key Exchange version 2 (IKEv2) Protocol". >>=20 >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata/eid5109 >>=20 >> -------------------------------------- >> Type: Technical >> Reported by: Andrew Cagney >>=20 >> Section: 8. >>=20 >> Original Text >> ------------- >> 8. IKEv2 Algorithm Selection >>=20 >> This section applies to the use of any authenticated encryption >> algorithm with the IKEv2 Encrypted Payload and is unique to that >> usage. >>=20 >> IKEv2 (Section 3.3.3 of [RFC4306]) specifies that both an = encryption >> algorithm and an integrity checking algorithm are required for an = IKE >> SA (Security Association). This document updates [RFC4306] to >> require that when an authenticated encryption algorithm is selected >> as the encryption algorithm for any SA (IKE or ESP), an integrity >> algorithm MUST NOT be selected for that SA. This document further >> updates [RFC4306] to require that if all of the encryption = algorithms >> in any proposal are authenticated encryption algorithms, then the >> proposal MUST NOT propose any integrity transforms. >>=20 >> Corrected Text >> -------------- >> 8. IKEv2 Algorithm Selection >>=20 >> IKEv2 [rfc7296], section 3.3. Security Association Payload, specifies >> AEAD algorithm selection. >>=20 >>=20 >> Notes >> ----- >> RFC-7296 and RFC-5282 contradict each other (yet RFC-7296 cites = RFC-5282 >> without any >> clarification): >>=20 >> - RFC-7296 explicitly disallows mixing AEAD and non-AEAD algorithms = in a >> single >> proposal; RFC-5282 does not (and strongly implies it is allowed) >>=20 >> - RFC-7296 allows 'none' integrity in an AEAD-only proposal; RFC-5282 = does >> not >>=20 >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >>=20 >> -------------------------------------- >> RFC5282 (draft-black-ipsec-ikev2-aead-modes-01) >> -------------------------------------- >> Title : Using Authenticated Encryption Algorithms with = the Encrypted >> Payload of the Internet Key Exchange version 2 (IKEv2) Protocol >> Publication Date : August 2008 >> Author(s) : D. Black, D. McGrew >> Category : PROPOSED STANDARD >> Source : IETF - NON WORKING GROUP >> Area : N/A >> Stream : IETF >> Verifying Party : IESG > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec --Apple-Mail=_0CACBF70-1F3C-418E-A076-F9B2389DB420 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi, David.

Section 2.7 last paragraph:

   If an initiator proposes =
both normal ciphers with integrity
   protection as well as combined-mode ciphers, then two proposals are
   needed.  One of the proposals includes the normal ciphers with the
   integrity algorithms for them, and the other proposal includes all
   the combined-mode ciphers without the integrity algorithms (because
   combined-mode ciphers are not allowed to have any integrity algorithm
   other than "NONE").

if you allow one proposal to = specify (ENCR-AES-CBC,ENCR-AES-GCM,AUTH-None,AUTH-HMAC-SHA1) then the = responder can validly select (ENCR-AES-GCM,AUTH-HMAC-SHA1) and that=E2=80=99= s not a valid combination.

Yoav

On = 12 Sep 2017, at 1:19, Black, David <David.Black@dell.com> wrote:

[Adding the IPsec mailing list.]

Notes
-----
RFC-7296 and RFC-5282 contradict each = other (yet RFC-7296 cites RFC-5282 without any clarification):

- RFC-7296 explicitly disallows mixing AEAD = and non-AEAD algorithms in a single
 proposal; = RFC-5282 does not (and strongly implies it is allowed)

- RFC-7296 allows 'none' integrity in an AEAD-only proposal; = RFC-5282 does not.

Please = provide pointers to the RFC 7296 text that supports each of these = assertions.

Thanks, --David
---------------------------------------------------------------= -
David L. Black, Distinguished Engineer
Dell = EMC, 176 South St., Hopkinton, MA  01748
+1 (508) = 293-7953    Mobile: +1 (978) 394-7754
David.Black@dell.com
---------------------------------------------------------------= -

-----Original Message-----
From: RFC Errata = System [mailto:rfc-editor@rfc-editor.org]
Sent: Friday, = September 8, 2017 11:13 AM
To: Black, David = <david.black@emc.com>; mcgrew@cisco.com; iesg@ietf.org
Cc: andrew.cagney@gmail.com; rfc-editor@rfc-editor.org
Subject: [Technical Errata Reported] RFC5282 (5109)

The following errata report has been submitted = for RFC5282,
"Using Authenticated Encryption Algorithms = with the Encrypted Payload of
the Internet Key Exchange = version 2 (IKEv2) Protocol".

--------------------------------------
You may = review the report below and at:
http://www.rfc-editor.org/errata/eid5109

--------------------------------------
Type: = Technical
Reported by: Andrew Cagney = <andrew.cagney@gmail.com>

Section: = 8.

Original Text
-------------
8.  IKEv2 Algorithm = Selection

  This section applies = to the use of any authenticated encryption
=   algorithm with the IKEv2 Encrypted Payload and is unique to = that
  usage.

=   IKEv2 (Section 3.3.3 of [RFC4306]) specifies that both an = encryption
  algorithm and an integrity = checking algorithm are required for an IKE
  SA = (Security Association).  This document updates [RFC4306] to
  require that when an authenticated encryption = algorithm is selected
  as the encryption = algorithm for any SA (IKE or ESP), an integrity
=   algorithm MUST NOT be selected for that SA.  This = document further
  updates [RFC4306] to require = that if all of the encryption algorithms
  in = any proposal are authenticated encryption algorithms, then the
  proposal MUST NOT propose any integrity = transforms.

Corrected Text
--------------
8.  IKEv2 Algorithm = Selection

IKEv2 [rfc7296], section 3.3. = Security Association Payload, specifies
AEAD algorithm = selection.


Notes
-----
RFC-7296 and RFC-5282 contradict each = other (yet RFC-7296 cites RFC-5282
without any
clarification):

- RFC-7296 = explicitly disallows mixing AEAD and non-AEAD algorithms in a
single
 proposal; RFC-5282 does not (and = strongly implies it is allowed)

- RFC-7296 = allows 'none' integrity in an AEAD-only proposal; RFC-5282 does
not

Instructions:
-------------
This erratum is currently posted = as "Reported". If necessary, please
use "Reply All" to = discuss whether it should be verified or
rejected. When a = decision is reached, the verifying party
can log in to = change the status and edit the report, if necessary.

--------------------------------------
RFC5282 = (draft-black-ipsec-ikev2-aead-modes-01)
--------------------------------------
Title =             &n= bsp; : Using Authenticated Encryption Algorithms with the = Encrypted
Payload of the Internet Key Exchange version 2 = (IKEv2) Protocol
Publication Date    : = August 2008
Author(s) =           : D. Black, = D. McGrew
Category =            : = PROPOSED STANDARD
Source =             &n= bsp;: IETF - NON WORKING GROUP
Area =             &n= bsp;  : N/A
Stream =             &n= bsp;: IETF
Verifying Party     : = IESG
_______________________________________________IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

= --Apple-Mail=_0CACBF70-1F3C-418E-A076-F9B2389DB420-- --Apple-Mail=_9530EE72-59A8-4869-91EA-2EF8514BEA39 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJZt2CgAAoJELhJCxUKWMyZWyIH/jSOBwkkRuL6hwS8Pa8aXS3d 7/d5QMNb8tl+VFCFUVJ3cZRXx8QpzcreypLsAM8DqehA88qKnvPoUQ1g4kLXe/0E sH1hxf0ipBcaNm5UaZ5P1C99YSjorBo84Fz3UEQ/IkJFr6YwLCG3RAoCJEqHzV0i hLyr+aQ5sVFWl6+1QULIVHihTLoYdIxuwiiH9DOL3m9D1g4YMcqw1twvMCUwwr1S lzYO4f/3WmnnFz+zIW+kK3N8T/JRS53HUYLQTJPZ9KxKG9Gz6kCEPnTT4M2JZmls llxFqT/7rRxeSAngzKAEiHoSMF+Aw4zI7B7czd0qbYKn7ODKgxZVIVQXkOrWvMI= =VnOx -----END PGP SIGNATURE----- --Apple-Mail=_9530EE72-59A8-4869-91EA-2EF8514BEA39-- From nobody Tue Sep 12 06:15:02 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8653A133017; Tue, 12 Sep 2017 06:15:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.72 X-Spam-Level: X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=mTzbp7oZ; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=QGvn1Q8h Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCVhISYCqW6d; Tue, 12 Sep 2017 06:14:58 -0700 (PDT) Received: from esa8.dell-outbound.iphmx.com (esa8.dell-outbound.iphmx.com [68.232.149.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A662F1321C7; Tue, 12 Sep 2017 06:14:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1505222098; x=1536758098; h=from:cc:to:subject:date:message-id:references: in-reply-to:mime-version; bh=wqh2RM6V7VTPiNAdNme6Xv7s5PGzumGFiBoS4WGHT5A=; b=mTzbp7oZWN4XqLpmOR20mBHh7jQjj3HqbJAlhSyrOg9z0O8JRG8HxT6/ aztWcU/0NU5GSROEHVmzo8lZN86FhU86WAYVL2z3gb3LaLasKNUTKxvcV +cwcG266G4Z0BdDOsW33P/J0wVtsRxug1q6NtCAd0KQVq/CaDxy362mlr s=; Received: from esa6.dell-outbound2.iphmx.com ([68.232.154.99]) by esa8.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2017 08:14:56 -0500 From: "Black, David" Cc: RFC Errata System , "iesg@ietf.org" , "ipsec@ietf.org" , "andrew.cagney@gmail.com" , "mcgrew@cisco.com" , "Black, David" Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa6.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2017 19:14:55 +0600 Received: from maildlpprd54.lss.emc.com (maildlpprd54.lss.emc.com [10.106.48.158]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8CDEoWj000974 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 12 Sep 2017 09:14:53 -0400 X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com v8CDEoWj000974 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1505222094; bh=BugO9qhEARd4ORTZ7TR2eY2V0rM=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=QGvn1Q8hyWfGOLlCvV0BMZl9uB4V6TNiKXI9Pf9OvE3h9z4qN7cM+ubP5wONg5fH3 eAzZ6TtmlUCXks/na7Sk4pShw/kbyq9SYEnl49vSwQIl3fzS/UJx+ZM3Nq/gDoPMm0 WQhcBGacClLtzukpoaTRA0Dc5LwRNuDw8T2GxJ+8= X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com v8CDEoWj000974 Received: from mailusrhubprd03.lss.emc.com (mailusrhubprd03.lss.emc.com [10.253.24.21]) by maildlpprd54.lss.emc.com (RSA Interceptor); Tue, 12 Sep 2017 09:14:09 -0400 Received: from MXHUB311.corp.emc.com (MXHUB311.corp.emc.com [10.146.3.89]) by mailusrhubprd03.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8CDEVbP003206 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 12 Sep 2017 09:14:32 -0400 Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB311.corp.emc.com ([10.146.3.89]) with mapi id 14.03.0352.000; Tue, 12 Sep 2017 09:14:31 -0400 To: Yoav Nir Thread-Topic: [IPsec] [Technical Errata Reported] RFC5282 (5109) Thread-Index: AQHTKLTyGnfemzrL+0Cuzv8zcKOWh6KwQcPQgACs5YCAAFE1gA== Date: Tue, 12 Sep 2017 13:14:30 +0000 Message-ID: References: <20170908151242.77FC0B800F7@rfc-editor.org> <775FD951-C055-4298-8278-2CD7C7FE6073@gmail.com> In-Reply-To: <775FD951-C055-4298-8278-2CD7C7FE6073@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.238.44.138] Content-Type: multipart/alternative; boundary="_000_CE03DB3D7B45C245BCA0D243277949362FC4A81DMX307CL04corpem_" MIME-Version: 1.0 X-Sentrion-Hostname: mailusrhubprd03.lss.emc.com X-RSA-Classifications: public Archived-At: Subject: Re: [IPsec] [Technical Errata Reported] RFC5282 (5109) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 13:15:01 -0000 --_000_CE03DB3D7B45C245BCA0D243277949362FC4A81DMX307CL04corpem_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgWW9hdiwNCg0KV2VsbCwgUkZDIDUyODIgYWN0dWFsbHkgcHJvaGliaXRzIHRoZSByZXNwb25k ZXIgZnJvbSBzZWxlY3RpbmcgdGhhdCBjb21iaW5hdGlvbiwgYnV0IHJlcXVpcmluZyBzZXBhcmF0 ZSBwcm9wb3NhbHMgZm9yIGNvbWJpbmVkLW1vZGUgYW5kIG5vcm1hbCBjaXBoZXJzIGlzIGEgY2xl YW5lciBhbmQgc2ltcGxlciBhcHByb2FjaC4NCg0KSXQgbG9va3MgbGlrZSBSRkMgNzI5NiBzaG91 bGQgaGF2ZSB1cGRhdGVkIFJGQyA1MjgyLCBidXQgZGlkbuKAmXQuICBJIG5lZWQgdG8gbG9vayBh dCB0aGUgcmVsZXZhbnQgdGV4dCBpbiBib3RoIFJGQ3MgbW9yZSBjYXJlZnVsbHksIGFuZCBwbGFu IHRvIHJlc3BvbmQgdG8gQW5kcmV34oCZcyBlbWFpbCBsYXRlciB0b2RheSB3aXRoIG15IDAuMDIg b24gd2hhdCBzaG91bGQgYmUgZG9uZS4NCg0KVGhhbmtzLCAtLURhdmlkDQoNCkZyb206IFlvYXYg TmlyIFttYWlsdG86eW5pci5pZXRmQGdtYWlsLmNvbV0NClNlbnQ6IFR1ZXNkYXksIFNlcHRlbWJl ciAxMiwgMjAxNyAxMjoyMSBBTQ0KVG86IEJsYWNrLCBEYXZpZCA8ZGF2aWQuYmxhY2tAZW1jLmNv bT4NCkNjOiBSRkMgRXJyYXRhIFN5c3RlbSA8cmZjLWVkaXRvckByZmMtZWRpdG9yLm9yZz47IGll c2dAaWV0Zi5vcmc7IGlwc2VjQGlldGYub3JnOyBhbmRyZXcuY2FnbmV5QGdtYWlsLmNvbTsgbWNn cmV3QGNpc2NvLmNvbQ0KU3ViamVjdDogUmU6IFtJUHNlY10gW1RlY2huaWNhbCBFcnJhdGEgUmVw b3J0ZWRdIFJGQzUyODIgKDUxMDkpDQoNCkhpLCBEYXZpZC4NCg0KU2VjdGlvbiAyLjcgbGFzdCBw YXJhZ3JhcGg6DQoNCg0KICAgSWYgYW4gaW5pdGlhdG9yIHByb3Bvc2VzIGJvdGggbm9ybWFsIGNp cGhlcnMgd2l0aCBpbnRlZ3JpdHkNCg0KICAgcHJvdGVjdGlvbiBhcyB3ZWxsIGFzIGNvbWJpbmVk LW1vZGUgY2lwaGVycywgdGhlbiB0d28gcHJvcG9zYWxzIGFyZQ0KDQogICBuZWVkZWQuICBPbmUg b2YgdGhlIHByb3Bvc2FscyBpbmNsdWRlcyB0aGUgbm9ybWFsIGNpcGhlcnMgd2l0aCB0aGUNCg0K ICAgaW50ZWdyaXR5IGFsZ29yaXRobXMgZm9yIHRoZW0sIGFuZCB0aGUgb3RoZXIgcHJvcG9zYWwg aW5jbHVkZXMgYWxsDQoNCiAgIHRoZSBjb21iaW5lZC1tb2RlIGNpcGhlcnMgd2l0aG91dCB0aGUg aW50ZWdyaXR5IGFsZ29yaXRobXMgKGJlY2F1c2UNCg0KICAgY29tYmluZWQtbW9kZSBjaXBoZXJz IGFyZSBub3QgYWxsb3dlZCB0byBoYXZlIGFueSBpbnRlZ3JpdHkgYWxnb3JpdGhtDQoNCiAgIG90 aGVyIHRoYW4gIk5PTkUiKS4NCg0KaWYgeW91IGFsbG93IG9uZSBwcm9wb3NhbCB0byBzcGVjaWZ5 IChFTkNSLUFFUy1DQkMsRU5DUi1BRVMtR0NNLEFVVEgtTm9uZSxBVVRILUhNQUMtU0hBMSkgdGhl biB0aGUgcmVzcG9uZGVyIGNhbiB2YWxpZGx5IHNlbGVjdCAoRU5DUi1BRVMtR0NNLEFVVEgtSE1B Qy1TSEExKSBhbmQgdGhhdOKAmXMgbm90IGEgdmFsaWQgY29tYmluYXRpb24uDQoNCllvYXYNCg0K T24gMTIgU2VwIDIwMTcsIGF0IDE6MTksIEJsYWNrLCBEYXZpZCA8RGF2aWQuQmxhY2tAZGVsbC5j b208bWFpbHRvOkRhdmlkLkJsYWNrQGRlbGwuY29tPj4gd3JvdGU6DQoNCltBZGRpbmcgdGhlIElQ c2VjIG1haWxpbmcgbGlzdC5dDQoNCg0KTm90ZXMNCi0tLS0tDQpSRkMtNzI5NiBhbmQgUkZDLTUy ODIgY29udHJhZGljdCBlYWNoIG90aGVyICh5ZXQgUkZDLTcyOTYgY2l0ZXMgUkZDLTUyODIgd2l0 aG91dCBhbnkgY2xhcmlmaWNhdGlvbik6DQoNCi0gUkZDLTcyOTYgZXhwbGljaXRseSBkaXNhbGxv d3MgbWl4aW5nIEFFQUQgYW5kIG5vbi1BRUFEIGFsZ29yaXRobXMgaW4gYSBzaW5nbGUNCiBwcm9w b3NhbDsgUkZDLTUyODIgZG9lcyBub3QgKGFuZCBzdHJvbmdseSBpbXBsaWVzIGl0IGlzIGFsbG93 ZWQpDQoNCi0gUkZDLTcyOTYgYWxsb3dzICdub25lJyBpbnRlZ3JpdHkgaW4gYW4gQUVBRC1vbmx5 IHByb3Bvc2FsOyBSRkMtNTI4MiBkb2VzIG5vdC4NCg0KUGxlYXNlIHByb3ZpZGUgcG9pbnRlcnMg dG8gdGhlIFJGQyA3Mjk2IHRleHQgdGhhdCBzdXBwb3J0cyBlYWNoIG9mIHRoZXNlIGFzc2VydGlv bnMuDQoNClRoYW5rcywgLS1EYXZpZA0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KRGF2aWQgTC4gQmxhY2ssIERpc3Rpbmd1 aXNoZWQgRW5naW5lZXINCkRlbGwgRU1DLCAxNzYgU291dGggU3QuLCBIb3BraW50b24sIE1BICAw MTc0OA0KKzEgKDUwOCkgMjkzLTc5NTMgICAgTW9iaWxlOiArMSAoOTc4KSAzOTQtNzc1NA0KRGF2 aWQuQmxhY2tAZGVsbC5jb208bWFpbHRvOkRhdmlkLkJsYWNrQGRlbGwuY29tPg0KLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K DQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBSRkMgRXJyYXRhIFN5c3RlbSBb bWFpbHRvOnJmYy1lZGl0b3JAcmZjLWVkaXRvci5vcmddDQpTZW50OiBGcmlkYXksIFNlcHRlbWJl ciA4LCAyMDE3IDExOjEzIEFNDQpUbzogQmxhY2ssIERhdmlkIDxkYXZpZC5ibGFja0BlbWMuY29t PG1haWx0bzpkYXZpZC5ibGFja0BlbWMuY29tPj47IG1jZ3Jld0BjaXNjby5jb208bWFpbHRvOm1j Z3Jld0BjaXNjby5jb20+OyBpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPg0KQ2M6 IGFuZHJldy5jYWduZXlAZ21haWwuY29tPG1haWx0bzphbmRyZXcuY2FnbmV5QGdtYWlsLmNvbT47 IHJmYy1lZGl0b3JAcmZjLWVkaXRvci5vcmc8bWFpbHRvOnJmYy1lZGl0b3JAcmZjLWVkaXRvci5v cmc+DQpTdWJqZWN0OiBbVGVjaG5pY2FsIEVycmF0YSBSZXBvcnRlZF0gUkZDNTI4MiAoNTEwOSkN Cg0KVGhlIGZvbGxvd2luZyBlcnJhdGEgcmVwb3J0IGhhcyBiZWVuIHN1Ym1pdHRlZCBmb3IgUkZD NTI4MiwNCiJVc2luZyBBdXRoZW50aWNhdGVkIEVuY3J5cHRpb24gQWxnb3JpdGhtcyB3aXRoIHRo ZSBFbmNyeXB0ZWQgUGF5bG9hZCBvZg0KdGhlIEludGVybmV0IEtleSBFeGNoYW5nZSB2ZXJzaW9u IDIgKElLRXYyKSBQcm90b2NvbCIuDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tDQpZb3UgbWF5IHJldmlldyB0aGUgcmVwb3J0IGJlbG93IGFuZCBhdDoNCmh0dHA6Ly93 d3cucmZjLWVkaXRvci5vcmcvZXJyYXRhL2VpZDUxMDkNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0NClR5cGU6IFRlY2huaWNhbA0KUmVwb3J0ZWQgYnk6IEFuZHJldyBD YWduZXkgPGFuZHJldy5jYWduZXlAZ21haWwuY29tPG1haWx0bzphbmRyZXcuY2FnbmV5QGdtYWls LmNvbT4+DQoNClNlY3Rpb246IDguDQoNCk9yaWdpbmFsIFRleHQNCi0tLS0tLS0tLS0tLS0NCjgu ICBJS0V2MiBBbGdvcml0aG0gU2VsZWN0aW9uDQoNCiAgVGhpcyBzZWN0aW9uIGFwcGxpZXMgdG8g dGhlIHVzZSBvZiBhbnkgYXV0aGVudGljYXRlZCBlbmNyeXB0aW9uDQogIGFsZ29yaXRobSB3aXRo IHRoZSBJS0V2MiBFbmNyeXB0ZWQgUGF5bG9hZCBhbmQgaXMgdW5pcXVlIHRvIHRoYXQNCiAgdXNh Z2UuDQoNCiAgSUtFdjIgKFNlY3Rpb24gMy4zLjMgb2YgW1JGQzQzMDZdKSBzcGVjaWZpZXMgdGhh dCBib3RoIGFuIGVuY3J5cHRpb24NCiAgYWxnb3JpdGhtIGFuZCBhbiBpbnRlZ3JpdHkgY2hlY2tp bmcgYWxnb3JpdGhtIGFyZSByZXF1aXJlZCBmb3IgYW4gSUtFDQogIFNBIChTZWN1cml0eSBBc3Nv Y2lhdGlvbikuICBUaGlzIGRvY3VtZW50IHVwZGF0ZXMgW1JGQzQzMDZdIHRvDQogIHJlcXVpcmUg dGhhdCB3aGVuIGFuIGF1dGhlbnRpY2F0ZWQgZW5jcnlwdGlvbiBhbGdvcml0aG0gaXMgc2VsZWN0 ZWQNCiAgYXMgdGhlIGVuY3J5cHRpb24gYWxnb3JpdGhtIGZvciBhbnkgU0EgKElLRSBvciBFU1Ap LCBhbiBpbnRlZ3JpdHkNCiAgYWxnb3JpdGhtIE1VU1QgTk9UIGJlIHNlbGVjdGVkIGZvciB0aGF0 IFNBLiAgVGhpcyBkb2N1bWVudCBmdXJ0aGVyDQogIHVwZGF0ZXMgW1JGQzQzMDZdIHRvIHJlcXVp cmUgdGhhdCBpZiBhbGwgb2YgdGhlIGVuY3J5cHRpb24gYWxnb3JpdGhtcw0KICBpbiBhbnkgcHJv cG9zYWwgYXJlIGF1dGhlbnRpY2F0ZWQgZW5jcnlwdGlvbiBhbGdvcml0aG1zLCB0aGVuIHRoZQ0K ICBwcm9wb3NhbCBNVVNUIE5PVCBwcm9wb3NlIGFueSBpbnRlZ3JpdHkgdHJhbnNmb3Jtcy4NCg0K Q29ycmVjdGVkIFRleHQNCi0tLS0tLS0tLS0tLS0tDQo4LiAgSUtFdjIgQWxnb3JpdGhtIFNlbGVj dGlvbg0KDQpJS0V2MiBbcmZjNzI5Nl0sIHNlY3Rpb24gMy4zLiBTZWN1cml0eSBBc3NvY2lhdGlv biBQYXlsb2FkLCBzcGVjaWZpZXMNCkFFQUQgYWxnb3JpdGhtIHNlbGVjdGlvbi4NCg0KDQpOb3Rl cw0KLS0tLS0NClJGQy03Mjk2IGFuZCBSRkMtNTI4MiBjb250cmFkaWN0IGVhY2ggb3RoZXIgKHll dCBSRkMtNzI5NiBjaXRlcyBSRkMtNTI4Mg0Kd2l0aG91dCBhbnkNCmNsYXJpZmljYXRpb24pOg0K DQotIFJGQy03Mjk2IGV4cGxpY2l0bHkgZGlzYWxsb3dzIG1peGluZyBBRUFEIGFuZCBub24tQUVB RCBhbGdvcml0aG1zIGluIGENCnNpbmdsZQ0KIHByb3Bvc2FsOyBSRkMtNTI4MiBkb2VzIG5vdCAo YW5kIHN0cm9uZ2x5IGltcGxpZXMgaXQgaXMgYWxsb3dlZCkNCg0KLSBSRkMtNzI5NiBhbGxvd3Mg J25vbmUnIGludGVncml0eSBpbiBhbiBBRUFELW9ubHkgcHJvcG9zYWw7IFJGQy01MjgyIGRvZXMN Cm5vdA0KDQpJbnN0cnVjdGlvbnM6DQotLS0tLS0tLS0tLS0tDQpUaGlzIGVycmF0dW0gaXMgY3Vy cmVudGx5IHBvc3RlZCBhcyAiUmVwb3J0ZWQiLiBJZiBuZWNlc3NhcnksIHBsZWFzZQ0KdXNlICJS ZXBseSBBbGwiIHRvIGRpc2N1c3Mgd2hldGhlciBpdCBzaG91bGQgYmUgdmVyaWZpZWQgb3INCnJl amVjdGVkLiBXaGVuIGEgZGVjaXNpb24gaXMgcmVhY2hlZCwgdGhlIHZlcmlmeWluZyBwYXJ0eQ0K Y2FuIGxvZyBpbiB0byBjaGFuZ2UgdGhlIHN0YXR1cyBhbmQgZWRpdCB0aGUgcmVwb3J0LCBpZiBu ZWNlc3NhcnkuDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpSRkM1 MjgyIChkcmFmdC1ibGFjay1pcHNlYy1pa2V2Mi1hZWFkLW1vZGVzLTAxKQ0KLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClRpdGxlICAgICAgICAgICAgICAgOiBVc2luZyBB dXRoZW50aWNhdGVkIEVuY3J5cHRpb24gQWxnb3JpdGhtcyB3aXRoIHRoZSBFbmNyeXB0ZWQNClBh eWxvYWQgb2YgdGhlIEludGVybmV0IEtleSBFeGNoYW5nZSB2ZXJzaW9uIDIgKElLRXYyKSBQcm90 b2NvbA0KUHVibGljYXRpb24gRGF0ZSAgICA6IEF1Z3VzdCAyMDA4DQpBdXRob3IocykgICAgICAg ICAgIDogRC4gQmxhY2ssIEQuIE1jR3Jldw0KQ2F0ZWdvcnkgICAgICAgICAgICA6IFBST1BPU0VE IFNUQU5EQVJEDQpTb3VyY2UgICAgICAgICAgICAgIDogSUVURiAtIE5PTiBXT1JLSU5HIEdST1VQ DQpBcmVhICAgICAgICAgICAgICAgIDogTi9BDQpTdHJlYW0gICAgICAgICAgICAgIDogSUVURg0K VmVyaWZ5aW5nIFBhcnR5ICAgICA6IElFU0cNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fDQpJUHNlYyBtYWlsaW5nIGxpc3QNCklQc2VjQGlldGYub3JnPG1h aWx0bzpJUHNlY0BpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vaXBzZWMNCg0K --_000_CE03DB3D7B45C245BCA0D243277949362FC4A81DMX307CL04corpem_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToyIDEx IDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWws IGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0 b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcg Um9tYW4iLHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0 dGVkIENoYXIiOw0KCW1hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpzcGFuLkhUTUxQcmVm b3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsN Cgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0 dGVkIjsNCglmb250LWZhbWlseToiQ29uc29sYXMiLHNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE5 DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2Vj dGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEu MGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHls ZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQi IHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+ PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0 IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFk Pg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBj bGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxhIG5hbWU9Il9NYWls RW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkhpIFlvYXYsPG86cD48 L286cD48L3NwYW4+PC9hPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+V2VsbCwgUkZDIDUyODIg YWN0dWFsbHkgcHJvaGliaXRzIHRoZSByZXNwb25kZXIgZnJvbSBzZWxlY3RpbmcgdGhhdCBjb21i aW5hdGlvbiwgYnV0IHJlcXVpcmluZyBzZXBhcmF0ZSBwcm9wb3NhbHMgZm9yIGNvbWJpbmVkLW1v ZGUgYW5kIG5vcm1hbCBjaXBoZXJzIGlzIGEgY2xlYW5lcg0KIGFuZCBzaW1wbGVyIGFwcHJvYWNo LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SXQgbG9va3MgbGlr ZSBSRkMgNzI5NiBzaG91bGQgaGF2ZSB1cGRhdGVkIFJGQyA1MjgyLCBidXQgZGlkbuKAmXQuJm5i c3A7IEkgbmVlZCB0byBsb29rIGF0IHRoZSByZWxldmFudCB0ZXh0IGluIGJvdGggUkZDcyBtb3Jl IGNhcmVmdWxseSwgYW5kIHBsYW4gdG8gcmVzcG9uZCB0byBBbmRyZXfigJlzDQogZW1haWwgbGF0 ZXIgdG9kYXkgd2l0aCBteSAwLjAyIG9uIHdoYXQgc2hvdWxkIGJlIGRvbmUuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMx RjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+VGhhbmtzLCAtLURhdmlkPG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRp diBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5n OjBpbiAwaW4gMGluIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPiBZb2F2IE5pciBbbWFpbHRvOnluaXIuaWV0ZkBnbWFpbC5jb21dDQo8 YnI+DQo8Yj5TZW50OjwvYj4gVHVlc2RheSwgU2VwdGVtYmVyIDEyLCAyMDE3IDEyOjIxIEFNPGJy Pg0KPGI+VG86PC9iPiBCbGFjaywgRGF2aWQgJmx0O2RhdmlkLmJsYWNrQGVtYy5jb20mZ3Q7PGJy Pg0KPGI+Q2M6PC9iPiBSRkMgRXJyYXRhIFN5c3RlbSAmbHQ7cmZjLWVkaXRvckByZmMtZWRpdG9y Lm9yZyZndDs7IGllc2dAaWV0Zi5vcmc7IGlwc2VjQGlldGYub3JnOyBhbmRyZXcuY2FnbmV5QGdt YWlsLmNvbTsgbWNncmV3QGNpc2NvLmNvbTxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW0lQc2Vj XSBbVGVjaG5pY2FsIEVycmF0YSBSZXBvcnRlZF0gUkZDNTI4MiAoNTEwOSk8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSwgRGF2aWQuPG86cD48L286cD48 L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TZWN0aW9uIDIuNyBsYXN0IHBhcmFn cmFwaDo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHByZSBzdHlsZT0iYnJlYWst YmVmb3JlOiBwYWdlIj4mbmJzcDsmbmJzcDsgSWYgYW4gaW5pdGlhdG9yIHByb3Bvc2VzIGJvdGgg bm9ybWFsIGNpcGhlcnMgd2l0aCBpbnRlZ3JpdHk8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJz cDsmbmJzcDsgcHJvdGVjdGlvbiBhcyB3ZWxsIGFzIGNvbWJpbmVkLW1vZGUgY2lwaGVycywgdGhl biB0d28gcHJvcG9zYWxzIGFyZTxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBu ZWVkZWQuJm5ic3A7IE9uZSBvZiB0aGUgcHJvcG9zYWxzIGluY2x1ZGVzIHRoZSBub3JtYWwgY2lw aGVycyB3aXRoIHRoZTxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBpbnRlZ3Jp dHkgYWxnb3JpdGhtcyBmb3IgdGhlbSwgYW5kIHRoZSBvdGhlciBwcm9wb3NhbCBpbmNsdWRlcyBh bGw8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsgdGhlIGNvbWJpbmVkLW1vZGUg Y2lwaGVycyB3aXRob3V0IHRoZSBpbnRlZ3JpdHkgYWxnb3JpdGhtcyAoYmVjYXVzZTxvOnA+PC9v OnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBjb21iaW5lZC1tb2RlIGNpcGhlcnMgYXJlIG5v dCBhbGxvd2VkIHRvIGhhdmUgYW55IGludGVncml0eSBhbGdvcml0aG08bzpwPjwvbzpwPjwvcHJl Pg0KPHByZT4mbmJzcDsmbmJzcDsgb3RoZXIgdGhhbiAmcXVvdDtOT05FJnF1b3Q7KS48bzpwPjwv bzpwPjwvcHJlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5pZiB5b3Ug YWxsb3cgb25lIHByb3Bvc2FsIHRvIHNwZWNpZnkgKEVOQ1ItQUVTLUNCQyxFTkNSLUFFUy1HQ00s QVVUSC1Ob25lLEFVVEgtSE1BQy1TSEExKSB0aGVuIHRoZSByZXNwb25kZXIgY2FuIHZhbGlkbHkg c2VsZWN0IChFTkNSLUFFUy1HQ00sQVVUSC1ITUFDLVNIQTEpIGFuZCB0aGF04oCZcyBub3QgYSB2 YWxpZCBjb21iaW5hdGlvbi48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+WW9hdjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2 Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBw dCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gMTIgU2VwIDIwMTcsIGF0IDE6MTks IEJsYWNrLCBEYXZpZCAmbHQ7PGEgaHJlZj0ibWFpbHRvOkRhdmlkLkJsYWNrQGRlbGwuY29tIj5E YXZpZC5CbGFja0BkZWxsLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+W0FkZGluZyB0aGUgSVBzZWMgbWFpbGluZyBsaXN0Ll08 YnI+DQo8YnI+DQo8YnI+DQo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJn aW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ Tm90ZXM8YnI+DQotLS0tLTxicj4NClJGQy03Mjk2IGFuZCBSRkMtNTI4MiBjb250cmFkaWN0IGVh Y2ggb3RoZXIgKHlldCBSRkMtNzI5NiBjaXRlcyBSRkMtNTI4MiB3aXRob3V0IGFueSBjbGFyaWZp Y2F0aW9uKTo8YnI+DQo8YnI+DQotIFJGQy03Mjk2IGV4cGxpY2l0bHkgZGlzYWxsb3dzIG1peGlu ZyBBRUFEIGFuZCBub24tQUVBRCBhbGdvcml0aG1zIGluIGEgc2luZ2xlPGJyPg0KJm5ic3A7cHJv cG9zYWw7IFJGQy01MjgyIGRvZXMgbm90IChhbmQgc3Ryb25nbHkgaW1wbGllcyBpdCBpcyBhbGxv d2VkKTxicj4NCjxicj4NCi0gUkZDLTcyOTYgYWxsb3dzICdub25lJyBpbnRlZ3JpdHkgaW4gYW4g QUVBRC1vbmx5IHByb3Bvc2FsOyBSRkMtNTI4MiBkb2VzIG5vdC48bzpwPjwvbzpwPjwvcD4NCjwv YmxvY2txdW90ZT4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxicj4NClBsZWFzZSBwcm92aWRlIHBv aW50ZXJzIHRvIHRoZSBSRkMgNzI5NiB0ZXh0IHRoYXQgc3VwcG9ydHMgZWFjaCBvZiB0aGVzZSBh c3NlcnRpb25zLjxicj4NCjxicj4NClRoYW5rcywgLS1EYXZpZDxicj4NCi0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+DQpE YXZpZCBMLiBCbGFjaywgRGlzdGluZ3Vpc2hlZCBFbmdpbmVlcjxicj4NCkRlbGwgRU1DLCAxNzYg U291dGggU3QuLCBIb3BraW50b24sIE1BJm5ic3A7IDAxNzQ4PGJyPg0KJiM0MzsxICg1MDgpIDI5 My03OTUzJm5ic3A7Jm5ic3A7ICZuYnNwO01vYmlsZTogJiM0MzsxICg5NzgpIDM5NC03NzU0PGJy Pg0KPGEgaHJlZj0ibWFpbHRvOkRhdmlkLkJsYWNrQGRlbGwuY29tIj5EYXZpZC5CbGFja0BkZWxs LmNvbTwvYT48YnI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPg0KPGJyPg0KPGJyPg0KPG86cD48L286cD48L3A+DQo8 YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyPg0KRnJv bTogUkZDIEVycmF0YSBTeXN0ZW0gWzxhIGhyZWY9Im1haWx0bzpyZmMtZWRpdG9yQHJmYy1lZGl0 b3Iub3JnIj5tYWlsdG86cmZjLWVkaXRvckByZmMtZWRpdG9yLm9yZzwvYT5dPGJyPg0KU2VudDog RnJpZGF5LCBTZXB0ZW1iZXIgOCwgMjAxNyAxMToxMyBBTTxicj4NClRvOiBCbGFjaywgRGF2aWQg Jmx0OzxhIGhyZWY9Im1haWx0bzpkYXZpZC5ibGFja0BlbWMuY29tIj5kYXZpZC5ibGFja0BlbWMu Y29tPC9hPiZndDs7IDxhIGhyZWY9Im1haWx0bzptY2dyZXdAY2lzY28uY29tIj4NCm1jZ3Jld0Bj aXNjby5jb208L2E+OyA8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyI+aWVzZ0BpZXRmLm9y ZzwvYT48YnI+DQpDYzogPGEgaHJlZj0ibWFpbHRvOmFuZHJldy5jYWduZXlAZ21haWwuY29tIj5h bmRyZXcuY2FnbmV5QGdtYWlsLmNvbTwvYT47IDxhIGhyZWY9Im1haWx0bzpyZmMtZWRpdG9yQHJm Yy1lZGl0b3Iub3JnIj4NCnJmYy1lZGl0b3JAcmZjLWVkaXRvci5vcmc8L2E+PGJyPg0KU3ViamVj dDogW1RlY2huaWNhbCBFcnJhdGEgUmVwb3J0ZWRdIFJGQzUyODIgKDUxMDkpPGJyPg0KPGJyPg0K VGhlIGZvbGxvd2luZyBlcnJhdGEgcmVwb3J0IGhhcyBiZWVuIHN1Ym1pdHRlZCBmb3IgUkZDNTI4 Miw8YnI+DQomcXVvdDtVc2luZyBBdXRoZW50aWNhdGVkIEVuY3J5cHRpb24gQWxnb3JpdGhtcyB3 aXRoIHRoZSBFbmNyeXB0ZWQgUGF5bG9hZCBvZjxicj4NCnRoZSBJbnRlcm5ldCBLZXkgRXhjaGFu Z2UgdmVyc2lvbiAyIChJS0V2MikgUHJvdG9jb2wmcXVvdDsuPGJyPg0KPGJyPg0KLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+DQpZb3UgbWF5IHJldmlldyB0aGUgcmVw b3J0IGJlbG93IGFuZCBhdDo8YnI+DQo8YSBocmVmPSJodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3Jn L2VycmF0YS9laWQ1MTA5Ij5odHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2VycmF0YS9laWQ1MTA5 PC9hPjxicj4NCjxicj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJy Pg0KVHlwZTogVGVjaG5pY2FsPGJyPg0KUmVwb3J0ZWQgYnk6IEFuZHJldyBDYWduZXkgJmx0Ozxh IGhyZWY9Im1haWx0bzphbmRyZXcuY2FnbmV5QGdtYWlsLmNvbSI+YW5kcmV3LmNhZ25leUBnbWFp bC5jb208L2E+Jmd0Ozxicj4NCjxicj4NClNlY3Rpb246IDguPGJyPg0KPGJyPg0KT3JpZ2luYWwg VGV4dDxicj4NCi0tLS0tLS0tLS0tLS08YnI+DQo4LiAmbmJzcDtJS0V2MiBBbGdvcml0aG0gU2Vs ZWN0aW9uPGJyPg0KPGJyPg0KJm5ic3A7Jm5ic3A7VGhpcyBzZWN0aW9uIGFwcGxpZXMgdG8gdGhl IHVzZSBvZiBhbnkgYXV0aGVudGljYXRlZCBlbmNyeXB0aW9uPGJyPg0KJm5ic3A7Jm5ic3A7YWxn b3JpdGhtIHdpdGggdGhlIElLRXYyIEVuY3J5cHRlZCBQYXlsb2FkIGFuZCBpcyB1bmlxdWUgdG8g dGhhdDxicj4NCiZuYnNwOyZuYnNwO3VzYWdlLjxicj4NCjxicj4NCiZuYnNwOyZuYnNwO0lLRXYy IChTZWN0aW9uIDMuMy4zIG9mIFtSRkM0MzA2XSkgc3BlY2lmaWVzIHRoYXQgYm90aCBhbiBlbmNy eXB0aW9uPGJyPg0KJm5ic3A7Jm5ic3A7YWxnb3JpdGhtIGFuZCBhbiBpbnRlZ3JpdHkgY2hlY2tp bmcgYWxnb3JpdGhtIGFyZSByZXF1aXJlZCBmb3IgYW4gSUtFPGJyPg0KJm5ic3A7Jm5ic3A7U0Eg KFNlY3VyaXR5IEFzc29jaWF0aW9uKS4gJm5ic3A7VGhpcyBkb2N1bWVudCB1cGRhdGVzIFtSRkM0 MzA2XSB0bzxicj4NCiZuYnNwOyZuYnNwO3JlcXVpcmUgdGhhdCB3aGVuIGFuIGF1dGhlbnRpY2F0 ZWQgZW5jcnlwdGlvbiBhbGdvcml0aG0gaXMgc2VsZWN0ZWQ8YnI+DQombmJzcDsmbmJzcDthcyB0 aGUgZW5jcnlwdGlvbiBhbGdvcml0aG0gZm9yIGFueSBTQSAoSUtFIG9yIEVTUCksIGFuIGludGVn cml0eTxicj4NCiZuYnNwOyZuYnNwO2FsZ29yaXRobSBNVVNUIE5PVCBiZSBzZWxlY3RlZCBmb3Ig dGhhdCBTQS4gJm5ic3A7VGhpcyBkb2N1bWVudCBmdXJ0aGVyPGJyPg0KJm5ic3A7Jm5ic3A7dXBk YXRlcyBbUkZDNDMwNl0gdG8gcmVxdWlyZSB0aGF0IGlmIGFsbCBvZiB0aGUgZW5jcnlwdGlvbiBh bGdvcml0aG1zPGJyPg0KJm5ic3A7Jm5ic3A7aW4gYW55IHByb3Bvc2FsIGFyZSBhdXRoZW50aWNh dGVkIGVuY3J5cHRpb24gYWxnb3JpdGhtcywgdGhlbiB0aGU8YnI+DQombmJzcDsmbmJzcDtwcm9w b3NhbCBNVVNUIE5PVCBwcm9wb3NlIGFueSBpbnRlZ3JpdHkgdHJhbnNmb3Jtcy48YnI+DQo8YnI+ DQpDb3JyZWN0ZWQgVGV4dDxicj4NCi0tLS0tLS0tLS0tLS0tPGJyPg0KOC4gJm5ic3A7SUtFdjIg QWxnb3JpdGhtIFNlbGVjdGlvbjxicj4NCjxicj4NCklLRXYyIFtyZmM3Mjk2XSwgc2VjdGlvbiAz LjMuIFNlY3VyaXR5IEFzc29jaWF0aW9uIFBheWxvYWQsIHNwZWNpZmllczxicj4NCkFFQUQgYWxn b3JpdGhtIHNlbGVjdGlvbi48YnI+DQo8YnI+DQo8YnI+DQpOb3Rlczxicj4NCi0tLS0tPGJyPg0K UkZDLTcyOTYgYW5kIFJGQy01MjgyIGNvbnRyYWRpY3QgZWFjaCBvdGhlciAoeWV0IFJGQy03Mjk2 IGNpdGVzIFJGQy01MjgyPGJyPg0Kd2l0aG91dCBhbnk8YnI+DQpjbGFyaWZpY2F0aW9uKTo8YnI+ DQo8YnI+DQotIFJGQy03Mjk2IGV4cGxpY2l0bHkgZGlzYWxsb3dzIG1peGluZyBBRUFEIGFuZCBu b24tQUVBRCBhbGdvcml0aG1zIGluIGE8YnI+DQpzaW5nbGU8YnI+DQombmJzcDtwcm9wb3NhbDsg UkZDLTUyODIgZG9lcyBub3QgKGFuZCBzdHJvbmdseSBpbXBsaWVzIGl0IGlzIGFsbG93ZWQpPGJy Pg0KPGJyPg0KLSBSRkMtNzI5NiBhbGxvd3MgJ25vbmUnIGludGVncml0eSBpbiBhbiBBRUFELW9u bHkgcHJvcG9zYWw7IFJGQy01MjgyIGRvZXM8YnI+DQpub3Q8YnI+DQo8YnI+DQpJbnN0cnVjdGlv bnM6PGJyPg0KLS0tLS0tLS0tLS0tLTxicj4NClRoaXMgZXJyYXR1bSBpcyBjdXJyZW50bHkgcG9z dGVkIGFzICZxdW90O1JlcG9ydGVkJnF1b3Q7LiBJZiBuZWNlc3NhcnksIHBsZWFzZTxicj4NCnVz ZSAmcXVvdDtSZXBseSBBbGwmcXVvdDsgdG8gZGlzY3VzcyB3aGV0aGVyIGl0IHNob3VsZCBiZSB2 ZXJpZmllZCBvcjxicj4NCnJlamVjdGVkLiBXaGVuIGEgZGVjaXNpb24gaXMgcmVhY2hlZCwgdGhl IHZlcmlmeWluZyBwYXJ0eTxicj4NCmNhbiBsb2cgaW4gdG8gY2hhbmdlIHRoZSBzdGF0dXMgYW5k IGVkaXQgdGhlIHJlcG9ydCwgaWYgbmVjZXNzYXJ5Ljxicj4NCjxicj4NCi0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPg0KUkZDNTI4MiAoZHJhZnQtYmxhY2staXBzZWMt aWtldjItYWVhZC1tb2Rlcy0wMSk8YnI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLTxicj4NClRpdGxlICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzogVXNpbmcgQXV0 aGVudGljYXRlZCBFbmNyeXB0aW9uIEFsZ29yaXRobXMgd2l0aCB0aGUgRW5jcnlwdGVkPGJyPg0K UGF5bG9hZCBvZiB0aGUgSW50ZXJuZXQgS2V5IEV4Y2hhbmdlIHZlcnNpb24gMiAoSUtFdjIpIFBy b3RvY29sPGJyPg0KUHVibGljYXRpb24gRGF0ZSAmbmJzcDsmbmJzcDsmbmJzcDs6IEF1Z3VzdCAy MDA4PGJyPg0KQXV0aG9yKHMpICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOzogRC4gQmxhY2ssIEQuIE1jR3Jldzxicj4NCkNhdGVnb3J5 ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOzogUFJPUE9TRUQgU1RBTkRBUkQ8YnI+DQpTb3VyY2UgJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7OiBJRVRGIC0gTk9OIFdPUktJTkcgR1JPVVA8YnI+DQpBcmVhICZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOzogTi9BPGJyPg0KU3RyZWFtICZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OzogSUVURjxicj4NClZlcmlmeWluZyBQYXJ0eSAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs6IElF U0c8bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KSVBzZWMg bWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOklQc2VjQGlldGYub3JnIj5JUHNlY0Bp ZXRmLm9yZzwvYT48YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp c3RpbmZvL2lwc2VjIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lwc2Vj PC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_CE03DB3D7B45C245BCA0D243277949362FC4A81DMX307CL04corpem_-- From nobody Tue Sep 12 15:07:20 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBBAA13214D; Tue, 12 Sep 2017 15:07:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.121 X-Spam-Level: X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SL10LCd-ohQ; Tue, 12 Sep 2017 15:07:11 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3120B12421A; Tue, 12 Sep 2017 15:07:10 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v8CM6urQ009768 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 13 Sep 2017 01:06:56 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v8CM6tEV017322; Wed, 13 Sep 2017 01:06:55 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <22968.23167.451620.486002@fireball.acr.fi> Date: Wed, 13 Sep 2017 01:06:55 +0300 From: Tero Kivinen To: "Black\, David" Cc: Yoav Nir , "mcgrew\@cisco.com" , "andrew.cagney\@gmail.com" , "ipsec\@ietf.org" , "iesg\@ietf.org" , RFC Errata System In-Reply-To: References: <20170908151242.77FC0B800F7@rfc-editor.org> <775FD951-C055-4298-8278-2CD7C7FE6073@gmail.com> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 45 min X-Total-Time: 58 min Archived-At: Subject: Re: [IPsec] [Technical Errata Reported] RFC5282 (5109) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 22:07:14 -0000 Black, David writes: > Well, RFC 5282 actually prohibits the responder from selecting that > combination, but requiring separate proposals for combined-mode and n= ormal > ciphers is a cleaner and simpler approach. Yes, and RFC5996 restricted that even more, saying that you need to use separate proposals to do that, which will make it clear that you cannot select such combination and still following the generic IKEv2 rules how to select algorithms. I.e., RFC 5282 changed the generic rules in IKEv2, and when the we did do update on the IKEv2, i.e., from RFC4306 -> RFC5996, it decided that changing generic rules is bad idea, and we can get the same effect by forcing implementations to do two proposals, while also specifying how to negotiate the AEAD ciphers for the ESP. Note, that using two proposals is completely ok for the RFC5282 point of view, i.e., nothing in the RFC5282 forbid using multiple proposals, so in sense the RFC5996 did not change RFC5282 text, it just restricted some of the options allowed by the RFC5282.=20 This was discussed in the IPsec list during the 5996 rewrite, and there was ticket #20 assigned for this: https://trac.ietf.org/trac/ipsecme/ticket/20 Of course the RFC5282 only talks when negotiating AEAD algorithm for IKEv2 use, not at all when using AEAD algorithm for ESP, i.e., when negotiating AEAD algorithm to be used for ESP, which is the much more common case. How to negotiate them in ESP was unclear before RFC5996, as RFC4106 did not specify anything for IKEv2, and RFC4306 did not really specify how they are negotiated.=20 > It looks like RFC 7296 should have updated RFC 5282, but didn=E2=80=99= t. I > need to look at the relevant text in both RFCs more carefully, and > plan to respond to Andrew=E2=80=99s email later today with my 0.02 on= what > should be done. I am not sure if RFC5996 should have updated RFC5282, as it only restricted some of the options allowed by RFC5282, but what is specified in the RFC5996 is still completely inside the what RFC5282 implementation will accept. RFC5996 did restrict some options from the RFC4306 also, i.e., things that were allowed in RFC4306, were no longer allowed in RFC5996. If someone would have pointed that out during the RFC5996 cycle, we would most likely had done something to it...=20 > On 12 Sep 2017, at 1:19, Black, David wrot= e: >=20 > [Adding the IPsec mailing list.] >=20 > Notes > ----- > RFC-7296 and RFC-5282 contradict each other (yet RFC-7296 cit= es > RFC-5282 without any clarification): They do not really contradict, the RFC5996 and RFC7296 restrict the options which were allowed in the RFC5282, but RFC5996 initiator will still talk to the RFC5282 responder. If RFC5282 initiator tries to talk to the RFC5996 responder, and does not use multiple proposals, then the RFC5996 specification is silent what to do for that. Some implementations will most likely accept it, and some will return error.=20 > - RFC-7296 explicitly disallows mixing AEAD and non-AEAD > algorithms in a single proposal; RFC-5282 does not (and > strongly implies it is allowed) RFC582 might imply so, but does not require or even suggest such behavior, and using two proposals solves the issue in a way which is acceptable for the RFC5282 too. Btw, note, that RFC5996 and 7296 does not use upper case MUST, it just states the facts, i.e. "two proposals are needed" (section 2.7), and that if proposing both AEAD and non-AEAD ciphers, then "it must include two proposals". I.e. those are not new requirements, they are just facts based on the requirements derived from the requirements elsewhere in the specification.=20 > - RFC-7296 allows 'none' integrity in an AEAD-only proposal; = RFC-5282 > does not. Yes. We had discussion about this when RFC5996 was being made, and I think the reason why we do allow it was that there were some implementations doing that (for ESP), and we did not want to make them non-compilent by saying MUST NOT. Note, that RFC5996/7296 text covers both cases when negotiating the AEAD for IKEv2 and ESP. The RFC5282 case only really covers IKEv2 case. > Corrected Text > -------------- > 8. IKEv2 Algorithm Selection > =20 > IKEv2 [rfc7296], section 3.3. Security Association Payload, s= pecifies > AEAD algorithm selection. This corrected text is good, and I think we can safely mark this as errata ok, as the text specifying how to negotiate the AEAD ciphers has in fact been incorporated in to the base IKEv2 specification. --=20 kivinen@iki.fi From nobody Tue Sep 12 15:29:15 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E23E133169; Tue, 12 Sep 2017 15:29:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.721 X-Spam-Level: X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=pGaAne7L; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=Gm2nq4EW Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBO7cGWtUT7J; Tue, 12 Sep 2017 15:29:06 -0700 (PDT) Received: from esa4.dell-outbound.iphmx.com (esa4.dell-outbound.iphmx.com [68.232.149.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B0C12421A; Tue, 12 Sep 2017 15:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1505255346; x=1536791346; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0JNCmHfVzFwIMhNqkoGbt8qalmUUT8e23JyDzmWel6c=; b=pGaAne7LcUcW7/HNExK4vFd/kn/sAarAnYwtc5wGHQLdJc7ksUVDwre+ kWg1VwbGpHWzqKN0FbNlfYfdE6i4WVXSXeFmM/Qm6mcBQ3MKwBGQZYGdi WMWiK/5a402VfurBdAI0ql9oLrOFwrzkcgAkqJLh2zA7+iDad+F0jtDIV o=; Received: from esa3.dell-outbound2.iphmx.com ([68.232.154.63]) by esa4.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2017 17:29:05 -0500 From: "Black, David" Cc: Yoav Nir , "mcgrew@cisco.com" , "andrew.cagney@gmail.com" , "ipsec@ietf.org" , "iesg@ietf.org" , RFC Errata System , "Black, David" Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa3.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Sep 2017 04:27:12 +0600 Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd54.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8CMT2ZG004787 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 12 Sep 2017 18:29:03 -0400 X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com v8CMT2ZG004787 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1505255344; bh=JPBfXi6JJh3jr9KrDHhF30MQ1fY=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=Gm2nq4EWTNDe3rVFYFVfht6sVuPWkIaat9FkmUUMK0/lIIOeVn9OhNeeCVCiSvuBp pDmRCxcHwKhT08pp3BHFvVrUT8DFvBpQvaeZuZmVa+oqMUhcd1fRLwL0ubvJIVzEMM /TsQElXcOtsVAyz2MQqwxv4Aetso9ENGU29H1YRk= X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com v8CMT2ZG004787 Received: from mailusrhubprd51.lss.emc.com (mailusrhubprd51.lss.emc.com [10.106.48.24]) by maildlpprd55.lss.emc.com (RSA Interceptor); Tue, 12 Sep 2017 18:28:24 -0400 Received: from MXHUB304.corp.emc.com (MXHUB304.corp.emc.com [10.146.3.30]) by mailusrhubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v8CMSqcf005622 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Tue, 12 Sep 2017 18:28:52 -0400 Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB304.corp.emc.com ([10.146.3.30]) with mapi id 14.03.0352.000; Tue, 12 Sep 2017 18:28:51 -0400 To: Tero Kivinen Thread-Topic: [IPsec] [Technical Errata Reported] RFC5282 (5109) Thread-Index: AQHTKLTyGnfemzrL+0Cuzv8zcKOWh6KwQcPQgACs5YCAAFE1gIAA2KqA///C4KA= Date: Tue, 12 Sep 2017 22:28:51 +0000 Message-ID: References: <20170908151242.77FC0B800F7@rfc-editor.org> <775FD951-C055-4298-8278-2CD7C7FE6073@gmail.com> <22968.23167.451620.486002@fireball.acr.fi> In-Reply-To: <22968.23167.451620.486002@fireball.acr.fi> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.238.44.138] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Sentrion-Hostname: mailusrhubprd51.lss.emc.com X-RSA-Classifications: public Archived-At: Subject: Re: [IPsec] [Technical Errata Reported] RFC5282 (5109) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 22:29:08 -0000 SSdsbCBkZWZlciB0byBUZXJvJ3MgZXhwZXJ0aXNlIG9uIHRoaXMgLSBpZiBoZSdzIG9rIHdpdGgg dGhlIHJldmlzZWQgdGV4dCwgdGhlbiBzbyBhbSBJLg0KDQpUaGFua3MsIC0tRGF2aWQNCg0KPiAt LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBUZXJvIEtpdmluZW4gW21haWx0bzpr aXZpbmVuQGlraS5maV0NCj4gU2VudDogVHVlc2RheSwgU2VwdGVtYmVyIDEyLCAyMDE3IDY6MDcg UE0NCj4gVG86IEJsYWNrLCBEYXZpZCA8ZGF2aWQuYmxhY2tAZW1jLmNvbT4NCj4gQ2M6IFlvYXYg TmlyIDx5bmlyLmlldGZAZ21haWwuY29tPjsgbWNncmV3QGNpc2NvLmNvbTsNCj4gYW5kcmV3LmNh Z25leUBnbWFpbC5jb207IGlwc2VjQGlldGYub3JnOyBpZXNnQGlldGYub3JnOyBSRkMgRXJyYXRh DQo+IFN5c3RlbSA8cmZjLWVkaXRvckByZmMtZWRpdG9yLm9yZz4NCj4gU3ViamVjdDogUmU6IFtJ UHNlY10gW1RlY2huaWNhbCBFcnJhdGEgUmVwb3J0ZWRdIFJGQzUyODIgKDUxMDkpDQo+IA0KPiBC bGFjaywgRGF2aWQgd3JpdGVzOg0KPiA+IFdlbGwsIFJGQyA1MjgyIGFjdHVhbGx5IHByb2hpYml0 cyB0aGUgcmVzcG9uZGVyIGZyb20gc2VsZWN0aW5nIHRoYXQNCj4gPiBjb21iaW5hdGlvbiwgYnV0 IHJlcXVpcmluZyBzZXBhcmF0ZSBwcm9wb3NhbHMgZm9yIGNvbWJpbmVkLW1vZGUgYW5kDQo+IG5v cm1hbA0KPiA+IGNpcGhlcnMgaXMgYSBjbGVhbmVyIGFuZCBzaW1wbGVyIGFwcHJvYWNoLg0KPiAN Cj4gWWVzLCBhbmQgUkZDNTk5NiByZXN0cmljdGVkIHRoYXQgZXZlbiBtb3JlLCBzYXlpbmcgdGhh dCB5b3UgbmVlZCB0bw0KPiB1c2Ugc2VwYXJhdGUgcHJvcG9zYWxzIHRvIGRvIHRoYXQsIHdoaWNo IHdpbGwgbWFrZSBpdCBjbGVhciB0aGF0IHlvdQ0KPiBjYW5ub3Qgc2VsZWN0IHN1Y2ggY29tYmlu YXRpb24gYW5kIHN0aWxsIGZvbGxvd2luZyB0aGUgZ2VuZXJpYyBJS0V2Mg0KPiBydWxlcyBob3cg dG8gc2VsZWN0IGFsZ29yaXRobXMuDQo+IA0KPiBJLmUuLCBSRkMgNTI4MiBjaGFuZ2VkIHRoZSBn ZW5lcmljIHJ1bGVzIGluIElLRXYyLCBhbmQgd2hlbiB0aGUgd2UgZGlkDQo+IGRvIHVwZGF0ZSBv biB0aGUgSUtFdjIsIGkuZS4sIGZyb20gUkZDNDMwNiAtPiBSRkM1OTk2LCBpdCBkZWNpZGVkIHRo YXQNCj4gY2hhbmdpbmcgZ2VuZXJpYyBydWxlcyBpcyBiYWQgaWRlYSwgYW5kIHdlIGNhbiBnZXQg dGhlIHNhbWUgZWZmZWN0IGJ5DQo+IGZvcmNpbmcgaW1wbGVtZW50YXRpb25zIHRvIGRvIHR3byBw cm9wb3NhbHMsIHdoaWxlIGFsc28gc3BlY2lmeWluZyBob3cNCj4gdG8gbmVnb3RpYXRlIHRoZSBB RUFEIGNpcGhlcnMgZm9yIHRoZSBFU1AuDQo+IA0KPiBOb3RlLCB0aGF0IHVzaW5nIHR3byBwcm9w b3NhbHMgaXMgY29tcGxldGVseSBvayBmb3IgdGhlIFJGQzUyODIgcG9pbnQNCj4gb2Ygdmlldywg aS5lLiwgbm90aGluZyBpbiB0aGUgUkZDNTI4MiBmb3JiaWQgdXNpbmcgbXVsdGlwbGUgcHJvcG9z YWxzLA0KPiBzbyBpbiBzZW5zZSB0aGUgUkZDNTk5NiBkaWQgbm90IGNoYW5nZSBSRkM1MjgyIHRl eHQsIGl0IGp1c3QNCj4gcmVzdHJpY3RlZCBzb21lIG9mIHRoZSBvcHRpb25zIGFsbG93ZWQgYnkg dGhlIFJGQzUyODIuDQo+IA0KPiBUaGlzIHdhcyBkaXNjdXNzZWQgaW4gdGhlIElQc2VjIGxpc3Qg ZHVyaW5nIHRoZSA1OTk2IHJld3JpdGUsIGFuZA0KPiB0aGVyZSB3YXMgdGlja2V0ICMyMCBhc3Np Z25lZCBmb3IgdGhpczoNCj4gDQo+IGh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL2lwc2VjbWUv dGlja2V0LzIwDQo+IA0KPiBPZiBjb3Vyc2UgdGhlIFJGQzUyODIgb25seSB0YWxrcyB3aGVuIG5l Z290aWF0aW5nIEFFQUQgYWxnb3JpdGhtIGZvcg0KPiBJS0V2MiB1c2UsIG5vdCBhdCBhbGwgd2hl biB1c2luZyBBRUFEIGFsZ29yaXRobSBmb3IgRVNQLCBpLmUuLCB3aGVuDQo+IG5lZ290aWF0aW5n IEFFQUQgYWxnb3JpdGhtIHRvIGJlIHVzZWQgZm9yIEVTUCwgd2hpY2ggaXMgdGhlIG11Y2ggbW9y ZQ0KPiBjb21tb24gY2FzZS4gSG93IHRvIG5lZ290aWF0ZSB0aGVtIGluIEVTUCB3YXMgdW5jbGVh ciBiZWZvcmUgUkZDNTk5NiwNCj4gYXMgUkZDNDEwNiBkaWQgbm90IHNwZWNpZnkgYW55dGhpbmcg Zm9yIElLRXYyLCBhbmQgUkZDNDMwNiBkaWQgbm90DQo+IHJlYWxseSBzcGVjaWZ5IGhvdyB0aGV5 IGFyZSBuZWdvdGlhdGVkLg0KPiANCj4gPiBJdCBsb29rcyBsaWtlIFJGQyA3Mjk2IHNob3VsZCBo YXZlIHVwZGF0ZWQgUkZDIDUyODIsIGJ1dCBkaWRu4oCZdC4gSQ0KPiA+IG5lZWQgdG8gbG9vayBh dCB0aGUgcmVsZXZhbnQgdGV4dCBpbiBib3RoIFJGQ3MgbW9yZSBjYXJlZnVsbHksIGFuZA0KPiA+ IHBsYW4gdG8gcmVzcG9uZCB0byBBbmRyZXfigJlzIGVtYWlsIGxhdGVyIHRvZGF5IHdpdGggbXkg MC4wMiBvbiB3aGF0DQo+ID4gc2hvdWxkIGJlIGRvbmUuDQo+IA0KPiBJIGFtIG5vdCBzdXJlIGlm IFJGQzU5OTYgc2hvdWxkIGhhdmUgdXBkYXRlZCBSRkM1MjgyLCBhcyBpdCBvbmx5DQo+IHJlc3Ry aWN0ZWQgc29tZSBvZiB0aGUgb3B0aW9ucyBhbGxvd2VkIGJ5IFJGQzUyODIsIGJ1dCB3aGF0IGlz DQo+IHNwZWNpZmllZCBpbiB0aGUgUkZDNTk5NiBpcyBzdGlsbCBjb21wbGV0ZWx5IGluc2lkZSB0 aGUgd2hhdCBSRkM1MjgyDQo+IGltcGxlbWVudGF0aW9uIHdpbGwgYWNjZXB0Lg0KPiANCj4gUkZD NTk5NiBkaWQgcmVzdHJpY3Qgc29tZSBvcHRpb25zIGZyb20gdGhlIFJGQzQzMDYgYWxzbywgaS5l LiwgdGhpbmdzDQo+IHRoYXQgd2VyZSBhbGxvd2VkIGluIFJGQzQzMDYsIHdlcmUgbm8gbG9uZ2Vy IGFsbG93ZWQgaW4gUkZDNTk5Ni4NCj4gDQo+IElmIHNvbWVvbmUgd291bGQgaGF2ZSBwb2ludGVk IHRoYXQgb3V0IGR1cmluZyB0aGUgUkZDNTk5NiBjeWNsZSwgd2UNCj4gd291bGQgbW9zdCBsaWtl bHkgaGFkIGRvbmUgc29tZXRoaW5nIHRvIGl0Li4uDQo+IA0KPiA+ICAgICBPbiAxMiBTZXAgMjAx NywgYXQgMToxOSwgQmxhY2ssIERhdmlkIDxEYXZpZC5CbGFja0BkZWxsLmNvbT4gd3JvdGU6DQo+ ID4NCj4gPiAgICAgW0FkZGluZyB0aGUgSVBzZWMgbWFpbGluZyBsaXN0Ll0NCj4gPg0KPiA+ICAg ICAgICAgTm90ZXMNCj4gPiAgICAgICAgIC0tLS0tDQo+ID4gICAgICAgICBSRkMtNzI5NiBhbmQg UkZDLTUyODIgY29udHJhZGljdCBlYWNoIG90aGVyICh5ZXQgUkZDLTcyOTYgY2l0ZXMNCj4gPiAg ICAgICAgIFJGQy01MjgyIHdpdGhvdXQgYW55IGNsYXJpZmljYXRpb24pOg0KPiANCj4gVGhleSBk byBub3QgcmVhbGx5IGNvbnRyYWRpY3QsIHRoZSBSRkM1OTk2IGFuZCBSRkM3Mjk2IHJlc3RyaWN0 IHRoZQ0KPiBvcHRpb25zIHdoaWNoIHdlcmUgYWxsb3dlZCBpbiB0aGUgUkZDNTI4MiwgYnV0IFJG QzU5OTYgaW5pdGlhdG9yIHdpbGwNCj4gc3RpbGwgdGFsayB0byB0aGUgUkZDNTI4MiByZXNwb25k ZXIuIElmIFJGQzUyODIgaW5pdGlhdG9yIHRyaWVzIHRvDQo+IHRhbGsgdG8gdGhlIFJGQzU5OTYg cmVzcG9uZGVyLCBhbmQgZG9lcyBub3QgdXNlIG11bHRpcGxlIHByb3Bvc2FscywNCj4gdGhlbiB0 aGUgUkZDNTk5NiBzcGVjaWZpY2F0aW9uIGlzIHNpbGVudCB3aGF0IHRvIGRvIGZvciB0aGF0LiBT b21lDQo+IGltcGxlbWVudGF0aW9ucyB3aWxsIG1vc3QgbGlrZWx5IGFjY2VwdCBpdCwgYW5kIHNv bWUgd2lsbCByZXR1cm4NCj4gZXJyb3IuDQo+IA0KPiA+ICAgICAgICAgLSBSRkMtNzI5NiBleHBs aWNpdGx5IGRpc2FsbG93cyBtaXhpbmcgQUVBRCBhbmQgbm9uLUFFQUQNCj4gPiAgICAgICAgIGFs Z29yaXRobXMgaW4gYSBzaW5nbGUgcHJvcG9zYWw7IFJGQy01MjgyIGRvZXMgbm90IChhbmQNCj4g PiAgICAgICAgIHN0cm9uZ2x5IGltcGxpZXMgaXQgaXMgYWxsb3dlZCkNCj4gDQo+IFJGQzU4MiBt aWdodCBpbXBseSBzbywgYnV0IGRvZXMgbm90IHJlcXVpcmUgb3IgZXZlbiBzdWdnZXN0IHN1Y2gN Cj4gYmVoYXZpb3IsIGFuZCB1c2luZyB0d28gcHJvcG9zYWxzIHNvbHZlcyB0aGUgaXNzdWUgaW4g YSB3YXkgd2hpY2ggaXMNCj4gYWNjZXB0YWJsZSBmb3IgdGhlIFJGQzUyODIgdG9vLg0KPiANCj4g QnR3LCBub3RlLCB0aGF0IFJGQzU5OTYgYW5kIDcyOTYgZG9lcyBub3QgdXNlIHVwcGVyIGNhc2Ug TVVTVCwgaXQganVzdA0KPiBzdGF0ZXMgdGhlIGZhY3RzLCBpLmUuICJ0d28gcHJvcG9zYWxzIGFy ZSBuZWVkZWQiIChzZWN0aW9uIDIuNyksIGFuZA0KPiB0aGF0IGlmIHByb3Bvc2luZyBib3RoIEFF QUQgYW5kIG5vbi1BRUFEIGNpcGhlcnMsIHRoZW4gIml0IG11c3QNCj4gaW5jbHVkZSB0d28gcHJv cG9zYWxzIi4NCj4gDQo+IEkuZS4gdGhvc2UgYXJlIG5vdCBuZXcgcmVxdWlyZW1lbnRzLCB0aGV5 IGFyZSBqdXN0IGZhY3RzIGJhc2VkIG9uIHRoZQ0KPiByZXF1aXJlbWVudHMgZGVyaXZlZCBmcm9t IHRoZSByZXF1aXJlbWVudHMgZWxzZXdoZXJlIGluIHRoZQ0KPiBzcGVjaWZpY2F0aW9uLg0KPiAN Cj4gPiAgICAgICAgIC0gUkZDLTcyOTYgYWxsb3dzICdub25lJyBpbnRlZ3JpdHkgaW4gYW4gQUVB RC1vbmx5IHByb3Bvc2FsOyBSRkMtNTI4Mg0KPiA+ICAgICAgICAgZG9lcyBub3QuDQo+IA0KPiBZ ZXMuIFdlIGhhZCBkaXNjdXNzaW9uIGFib3V0IHRoaXMgd2hlbiBSRkM1OTk2IHdhcyBiZWluZyBt YWRlLCBhbmQgSQ0KPiB0aGluayB0aGUgcmVhc29uIHdoeSB3ZSBkbyBhbGxvdyBpdCB3YXMgdGhh dCB0aGVyZSB3ZXJlIHNvbWUNCj4gaW1wbGVtZW50YXRpb25zIGRvaW5nIHRoYXQgKGZvciBFU1Ap LCBhbmQgd2UgZGlkIG5vdCB3YW50IHRvIG1ha2UgdGhlbQ0KPiBub24tY29tcGlsZW50IGJ5IHNh eWluZyBNVVNUIE5PVC4gTm90ZSwgdGhhdCBSRkM1OTk2LzcyOTYgdGV4dCBjb3ZlcnMNCj4gYm90 aCBjYXNlcyB3aGVuIG5lZ290aWF0aW5nIHRoZSBBRUFEIGZvciBJS0V2MiBhbmQgRVNQLiBUaGUg UkZDNTI4Mg0KPiBjYXNlIG9ubHkgcmVhbGx5IGNvdmVycyBJS0V2MiBjYXNlLg0KPiANCj4gPiAg ICAgICAgIENvcnJlY3RlZCBUZXh0DQo+ID4gICAgICAgICAtLS0tLS0tLS0tLS0tLQ0KPiA+ICAg ICAgICAgOC4gIElLRXYyIEFsZ29yaXRobSBTZWxlY3Rpb24NCj4gPg0KPiA+ICAgICAgICAgSUtF djIgW3JmYzcyOTZdLCBzZWN0aW9uIDMuMy4gU2VjdXJpdHkgQXNzb2NpYXRpb24gUGF5bG9hZCwg c3BlY2lmaWVzDQo+ID4gICAgICAgICBBRUFEIGFsZ29yaXRobSBzZWxlY3Rpb24uDQo+IA0KPiBU aGlzIGNvcnJlY3RlZCB0ZXh0IGlzIGdvb2QsIGFuZCBJIHRoaW5rIHdlIGNhbiBzYWZlbHkgbWFy ayB0aGlzIGFzDQo+IGVycmF0YSBvaywgYXMgdGhlIHRleHQgc3BlY2lmeWluZyBob3cgdG8gbmVn b3RpYXRlIHRoZSBBRUFEIGNpcGhlcnMNCj4gaGFzIGluIGZhY3QgYmVlbiBpbmNvcnBvcmF0ZWQg aW4gdG8gdGhlIGJhc2UgSUtFdjIgc3BlY2lmaWNhdGlvbi4NCj4gLS0NCj4ga2l2aW5lbkBpa2ku ZmkNCg== From nobody Wed Sep 13 08:25:10 2017 Return-Path: X-Original-To: ipsec@ietf.org Delivered-To: ipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7D513305E; Wed, 13 Sep 2017 08:25:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Liaison Statement Management Tool To: "David Waltermire" , "Tero Kivinen" , "Russ Housley" Cc: David Waltermire , IP Security Maintenance and Extensions Discussion List , Limited Additional Mechanisms for PKIX and SMIME Discussion List , Russ Housley , Scott Mansfield , Kathleen Moriarty , Tero Kivinen , itu-t-liaison@iab.org, Eric Rescorla , jean-paul.lemaire@univ-paris-diderot.fr X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150531630127.30557.5933470261200873062.idtracker@ietfa.amsl.com> Date: Wed, 13 Sep 2017 08:25:01 -0700 Archived-At: Subject: [IPsec] New Liaison Statement, "LS on ITU-T SG17 work on quantum-safe PKI" X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 15:25:01 -0000 Title: LS on ITU-T SG17 work on quantum-safe PKI Submission Date: 2017-09-13 URL of the IETF Web page: https://datatracker.ietf.org/liaison/1541/ From: Jean-Paul Lemaire To: David Waltermire ,Tero Kivinen ,Russ Housley Cc: David Waltermire ,IP Security Maintenance and Extensions Discussion List ,itu-t-liaison@iab.org,Limited Additional Mechanisms for PKIX and SMIME Discussion List ,Russ Housley ,Scott Mansfield ,Kathleen Moriarty ,Tero Kivinen ,Eric Rescorla Response Contacts: jean-paul.lemaire@univ-paris-diderot.fr Technical Contacts: Purpose: For information Body: ITU-T Study Group 17 is pleased to inform you that in our August/September 2017 meeting we agreed to start work on the inclusion of a proposal to include optional support for multiple public-key algorithms in Recommendation ITU-T X509 | ISO/IEC 9594-8. The industry is preparing ICT systems to be resistant to attacks by large-scale quantum computers in addition to more sophisticated attacks by conventional computing resources. Proposed was an optional feature to the X.509 certificate that provides a seamless migration capability to existing PKI systems, and is completely backwardly compatible with existing systems. While public-key key establishment algorithms are typically negotiated between peers and are generally fairly simple to update, the authentication systems typically rely on a single digital signature algorithm which are more difficult to update. This is because of the circular dependency between PKI-based identity systems and the dependent communication protocols. In order to update a PKI system, one would typically need to create a duplicate PKI system that utilizes a new digital signature algorithm and then migrate all the dependent systems one by one. This proposal eliminates the need to create such duplicate PKI systems by adding optional extensions to contain alternate public key and alternate signature, and a method for the CA to sign certificates using a layered approach to ensure that every attribute is authenticated by both signatures. The resulting certificate, while containing new quantum safe public key and signature, can still be used by existing systems relying on the classic public key and signature. Attachments: sp16-sg17-oLS-00068 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-13-itu-t-sg-17-ipsecme-lamps-ls-on-itu-t-sg17-work-on-quantum-safe-pki-attachment-1.pdf From nobody Wed Sep 13 11:06:08 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83ED213292F; Wed, 13 Sep 2017 11:06:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZEeU1ZJ0Ij_G; Wed, 13 Sep 2017 11:06:04 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCD73132403; Wed, 13 Sep 2017 11:06:04 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 1DFEFB811AA; Wed, 13 Sep 2017 11:05:52 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, ipsec@ietf.org Message-Id: <20170913180552.1DFEFB811AA@rfc-editor.org> Date: Wed, 13 Sep 2017 11:05:52 -0700 (PDT) Archived-At: Subject: [IPsec] RFC 8247 on Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 18:06:06 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8247 Title: Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2) Author: Y. Nir, T. Kivinen, P. Wouters, D. Migault Status: Standards Track Stream: IETF Date: September 2017 Mailbox: ynir.ietf@gmail.com, kivinen@iki.fi, pwouters@redhat.com, daniel.migault@ericsson.com Pages: 19 Characters: 44739 Obsoletes: RFC 4307 Updates: RFC 7296 I-D Tag: draft-ietf-ipsecme-rfc4307bis-18.txt URL: https://www.rfc-editor.org/info/rfc8247 DOI: 10.17487/RFC8247 The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. The Internet Key Exchange (IKE) protocol is used to negotiate the IPsec Security Association (IPsec SA) parameters, such as which algorithms should be used. To ensure interoperability between different implementations, it is necessary to specify a set of algorithm implementation requirements and usage guidance to ensure that there is at least one algorithm that all implementations support. This document updates RFC 7296 and obsoletes RFC 4307 in defining the current algorithm implementation requirements and usage guidance for IKEv2, and does minor cleaning up of the IKEv2 IANA registry. This document does not update the algorithms used for packet encryption using IPsec Encapsulating Security Payload (ESP). This document is a product of the IP Security Maintenance and Extensions Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Wed Sep 13 17:30:21 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AF0113219A; Wed, 13 Sep 2017 17:30:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Djdpp4FbHMiz; Wed, 13 Sep 2017 17:30:16 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E87E127005; Wed, 13 Sep 2017 17:30:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=113772; q=dns/txt; s=iport; t=1505349016; x=1506558616; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/eVv73kPN+txueQEjL4slWyfeDXFBS5aMVg+yfe57Zk=; b=Bs80KXEQjrQ7rnQCKpMLYY8rArS1vrKUIZK+RZ3eur7JYPxGlaioujqj b63pHppivs/Zkr77PVLevavK9LZdSOvmyPihiJHpJ+ByNOmOOhM3PJ6LV 15+M4HpgepuOx3MtQZ/NuY4GbfR13+MUgWwvc3qf32ntejeKc0Qq+O9D/ E=; X-Files: image001.jpg, image002.gif : 58678, 134 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DhAgDUzLlZ/5BdJa1SBwMZAQEBAQEBA?= =?us-ascii?q?QEBAQEHAQEBAQGCb2tkbicHg3CaSIF0gnOFSI17ggQHAQIehFFPAhqEO1cBAgE?= =?us-ascii?q?BAQEBAmsohRgBAQEBAwUeAggBNhUQAgEIBwoEAQEGAQEBCg4DBAMCAgIFEAYEA?= =?us-ascii?q?wIMFAkIAQEECgQEAQgGDYd4ggYDFRCsCYEjgUxbhzkNg24BAQEBAQEBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEOD4MrgTEwASCCOHuCVlKCWDyBHQoKAQcLARIZCwoVCAmCTIJhB?= =?us-ascii?q?Yl/focBgROFJoUOAQKCB248AoZYAYEAOYdIhG6CHFuFDRKJHoFJjFeILAIRGQG?= =?us-ascii?q?BMQcBV4ECC3cVhWMFFxmBTnYBiRsNF4EMgQ8BAQE?= X-IronPort-AV: E=Sophos;i="5.42,390,1500940800"; d="gif'147?jpg'147,145?scan'147,145,208,217,147,145";a="2637816" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Sep 2017 00:30:14 +0000 Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v8E0UErT023231 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 14 Sep 2017 00:30:14 GMT Received: from xch-aln-017.cisco.com (173.36.7.27) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 13 Sep 2017 19:30:14 -0500 Received: from xch-aln-017.cisco.com ([173.36.7.27]) by XCH-ALN-017.cisco.com ([173.36.7.27]) with mapi id 15.00.1263.000; Wed, 13 Sep 2017 19:30:13 -0500 From: "Mike Sullenberger (mls)" To: Linda Dunbar CC: "i2nsf@ietf.org" , IPsecME WG , Yoav Nir , "Mike Sullenberger (mls)" Thread-Topic: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. Thread-Index: AdMoDbYLifW0BcxoSGSurAJRseRi2QAgJfEAABYKxgABAl2XIA== Date: Thu, 14 Sep 2017 00:30:13 +0000 Message-ID: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.156.165.116] Content-Type: multipart/related; boundary="_005_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_"; type="multipart/alternative" MIME-Version: 1.0 Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 00:30:19 -0000 --_005_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_ Content-Type: multipart/alternative; boundary="_000_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_" --_000_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TGluZGEsDQoNCklmIHlvdSB3YW50IHRvIHNlY3VyZWx5IGVuY3J5cHQgdHJhZmZpYyBiZXR3ZWVu IGVuZHBvaW50cyB0aGVuIHlvdSBhcmUgZ29pbmcgdG8gbmVlZCB0byBidWlsZCBwb2ludC1wb2lu dCBlbmNyeXB0ZWQgdHVubmVscyBiZXR3ZWVuIHRoZXNlIGVuZHBvaW50cywgdGhpcyBpcyB0aGUg bWFpbiByZWFzb24gdGhhdCBTRC1XQU4gaW1wbGVtZW50YXRpb25zIHVzZSBlaXRoZXIgYSBmdWxs LW1lc2ggb3IgZHluYW1pYy1tZXNoIG9mIHBvaW50LXBvaW50IHR1bm5lbHMuICBJZiB5b3UgcmVs eSBvbiBhIG11bHRpLXBvaW50IGNvbm5lY3Rpb24gbW9kZWwgdGhlbiB5b3UgZW5kIHVwIHVzaW5n IGEgZ3JvdXAga2V5IGVuY3J5cHRpb24gbW9kZWwgd2hpY2ggaXMgbGVzcyBzZWN1cmUgKG1hbnkg Y3VzdG9tZXJzIHdpbGwgbm90IGFjY2VwdCB1c2luZyBncm91cCBrZXlzKS4NCg0KTWlrZS4NCg0K W2h0dHA6Ly93d3cuY2lzY28uY29tL2NvbnRlbnQvZGFtL20vZW5fdXMvc2lnbmF0dXJldG9vbC9p bWFnZXMvYmFubmVycy9FdmVudHMvY2lzY29fbGl2ZV9sYXNfdmVnYXMvZW1haWwtc2lnbmF0dXJl LWNsdXMtMTctbHYtaW5kaWdvLmpwZ108aHR0cDovL3d3dy5jaXNjb2xpdmUuY29tLz4NCg0KDQoN Cg0KTWlrZSBTdWxsZW5iZXJnZXIgICAgQ0NJRS0yOTAyDQptbHNAY2lzY28uY29tPG1haWx0bzpt bHNAY2lzY28uY29tPg0KVGVsOiArMSA0MDggNTI3IDg3MDINCkNpc2NvLmNvbQ0KDQoNCg0KDQoN Cg0KRElTVElOR1VJU0hFRCBFTkdJTkVFUi4gRU5HSU5FRVJJTkcNClByb2R1Y3QgRGV2ZWxvcG1l bnQNCkNpc2NvIFN5c3RlbXMsIEluYy4NCg0KDQoNCltodHRwOi8vd3d3LmNpc2NvLmNvbS9hc3Nl dHMvc3dhL2ltZy90aGlua2JlZm9yZXlvdXByaW50LmdpZl0NCg0KVGhpbmsgYmVmb3JlIHlvdSBw cmludC4NCg0KVGhpcyBlbWFpbCBtYXkgY29udGFpbiBjb25maWRlbnRpYWwgYW5kIHByaXZpbGVn ZWQgbWF0ZXJpYWwgZm9yIHRoZSBzb2xlIHVzZSBvZiB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LiBB bnkgcmV2aWV3LCB1c2UsIGRpc3RyaWJ1dGlvbiBvciBkaXNjbG9zdXJlIGJ5IG90aGVycyBpcyBz dHJpY3RseSBwcm9oaWJpdGVkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50 IChvciBhdXRob3JpemVkIHRvIHJlY2VpdmUgZm9yIHRoZSByZWNpcGllbnQpLCBwbGVhc2UgY29u dGFjdCB0aGUgc2VuZGVyIGJ5IHJlcGx5IGVtYWlsIGFuZCBkZWxldGUgYWxsIGNvcGllcyBvZiB0 aGlzIG1lc3NhZ2UuDQpQbGVhc2UgY2xpY2sgaGVyZTxodHRwOi8vd3d3LmNpc2NvLmNvbS93ZWIv YWJvdXQvZG9pbmdfYnVzaW5lc3MvbGVnYWwvY3JpL2luZGV4Lmh0bWw+IGZvciBDb21wYW55IFJl Z2lzdHJhdGlvbiBJbmZvcm1hdGlvbi4NCg0KDQoNCg0KDQoNCg0KRnJvbTogSVBzZWMgW21haWx0 bzppcHNlYy1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgTGluZGEgRHVuYmFyDQpTZW50 OiBGcmlkYXksIFNlcHRlbWJlciAwOCwgMjAxNyA5OjA3IEFNDQpUbzogWW9hdiBOaXIgPHluaXIu aWV0ZkBnbWFpbC5jb20+DQpDYzogaTJuc2ZAaWV0Zi5vcmc7IElQc2VjTUUgV0cgPGlwc2VjQGll dGYub3JnPg0KU3ViamVjdDogUmU6IFtJUHNlY10geW91ciBleGFtcGxlIChsaWtlIEdhcCkgYWJv dXQgSVBTZWMgVlBOIGdhdGV3YXkgZGVwbG95ZWQgaW4gc2hvcHBpbmcgbWFsbCBub3QgYXdhcmUg b2Ygd2hlcmUgdGhlIGNvbnRyb2xsZXIgaXMuDQoNCllvYXYsDQoNCk5vdCBoYXZpbmcgaW50ZXJv cGVyYWJsZSBzb2x1dGlvbiBmb3IgU0QtV0FOIGlzIGEgaHVnZSBpc3N1ZSBmb3IgZW50ZXJwcmlz ZXMuIFRoYXQgaXMgb25lIG9mIHRoZSBtYWluIHJlYXNvbnMgdGhhdCBTRC1XQU4gZGVwbG95bWVu dCBoYXMgYmVlbiBzbG93IHNpbmNlIGl0cyBpbmNlcHRpb24gaW4gMjAxMi4NCkluIE9OVUcgKE9w ZW4gTmV0d29yayBVc2VyIEdyb3VwKSB3aGVyZSBtYWpvcml0eSBvZiBwYXJ0aWNpcGFudHMgYXJl IGVudGVycHJpc2VzLCBpdCB3YXMgb3ZlcndoZWxtaW5nbHkgdm90ZWQgdGhlIG5lZWQgZm9yIGlu dGVyb3BlcmFibGUgU0QtV0FOIHNvbHV0aW9ucy4gQXMgdGhlIHJlc3VsdCwgdGhlIE9OVUcgc3Rh cnRlZCBhIFNELVdBTiBFeGNoYW5nZSBXRy4gSG93ZXZlciwgT05VRyBpcyBub3QgYSBzdGFuZGFy ZCBvcmdhbml6YXRpb24uIFRoZWlyIG1haW4gZ29hbCBpcyB0byBpZGVudGlmeSB1c2UgY2FzZXMs IHJlcXVpcmVtZW50cywgZXRjLg0KDQpXZWxsLCBTRC1XQU4gaGFzIG90aGVyIGlzc3VlcywgbGlr ZSBTRC1XQU4gc29sdXRpb24gYnVpbGRzIHBvaW50LXRvLXBvaW50IG92ZXJsYXkgcGF0aHMgYmV0 d2VlbiB0d28gZW5kLXBvaW50cyAob3IgYnJhbmNoIG9mZmljZXMpIGFzIGFsdGVybmF0aXZlIHBh dGhzLiBIb3dldmVyLCBtb3N0IGVudGVycHJpc2VzIG5lZWQgbXVsdGktcG9pbnQgaW50ZXJjb25u ZWN0aW9uIGFtb25nIG11bHRpcGxlIGxvY2F0aW9ucywgYXMgZG9uZSBieSBNUExTIEwyL0wzLVZQ Ti4gVXNpbmcgU0QtV0FOIG92ZXJsYXkgcGF0aHMgdG8gYWNoaWV2ZSBhbnkgdG8gYW55IG1lc2gg aW50ZXJjb25uZWN0aW9uIGFtb25nIGFsbCBicmFuY2hlcyBub3Qgb25seSByZXF1aXJlcyBhbGwg YnJhbmNoZXMgQ1BFcyB0byBiZSB1cGdyYWRlZCwgYnV0IGFsc28gcmVxdWlyZSBDUEVzIHRvIG1h bmFnZSByb3V0aW5nIGFtb25nIG90aGVyIENQRXMgbG9jYXRlZCBhdCBvdGhlciBsb2NhdGlvbnMs IHdoaWNoIGRyYW1hdGljYWxseSBpbmNyZWFzZSB0aGUgY29tcGxleGl0eSBvZiB0aGUgQ1BFcy4g QWxtb3N0IGxpa2UgZ29pbmcgYmFjayB0byB0aGUgY29tcGxleGl0eSBvZiBmcmFtZSByZWxheSB3 aGVyZSBlYWNoIENQRSBuZWVkcyBtYWludGFpbiBtZXNoIHJvdXRpbmcgZm9yIGFsbCBkZXN0aW5h dGlvbnMuDQoNCg0KTGluZGENCg0KRnJvbTogWW9hdiBOaXIgW21haWx0bzp5bmlyLmlldGZAZ21h aWwuY29tXQ0KU2VudDogRnJpZGF5LCBTZXB0ZW1iZXIgMDgsIDIwMTcgMTI6MzYgQU0NClRvOiBM aW5kYSBEdW5iYXIgPGxpbmRhLmR1bmJhckBodWF3ZWkuY29tPG1haWx0bzpsaW5kYS5kdW5iYXJA aHVhd2VpLmNvbT4+DQpDYzogaTJuc2ZAaWV0Zi5vcmc8bWFpbHRvOmkybnNmQGlldGYub3JnPjsg SVBzZWNNRSBXRyA8aXBzZWNAaWV0Zi5vcmc8bWFpbHRvOmlwc2VjQGlldGYub3JnPj4NClN1Ympl Y3Q6IFJlOiB5b3VyIGV4YW1wbGUgKGxpa2UgR2FwKSBhYm91dCBJUFNlYyBWUE4gZ2F0ZXdheSBk ZXBsb3llZCBpbiBzaG9wcGluZyBtYWxsIG5vdCBhd2FyZSBvZiB3aGVyZSB0aGUgY29udHJvbGxl ciBpcy4NCg0KSGksIExpbmRhDQoNClRoZSByZWFzb24gSSBicm91Z2h0IHVwIHRoZSBHYXAgd2Fz IGJlY2F1c2UgdGhleSBkZXNjcmliZWQgdGhlaXIgbmV0d29yayBpbiBhIFBhY2tldCBQdXNoZXLi gJlzIGVwaXNvZGUgKFsxXSkuDQoNCkFuZCB0aGUgc29sdXRpb24gZm9yIHRoZW0gd2FzIHNvbWUg dmVuZG9y4oCZcyBTRC1XQU4gc29sdXRpb24uIEFzIGZhciBhcyBJIGNhbiB0ZWxsLCBlYWNoIHZl bmRvcuKAmXMgU0QtV0FOIHNvbHV0aW9uIGlzIHByb3ByaWV0YXJ5IGFuZCBub24taW50ZXJvcGVy YWJsZSB3aXRoIG90aGVyIHZlbmRvcnPigJkgU0QtV0FOIHNvbHV0aW9uLg0KDQpUaGF0IHZlbmRv ciAoVmlwdGVsYSwgc2luY2UgdGhlbiBtZXJnZWQgd2l0aCBDaXNjbykgdXNlcyBCR1Agb24gYSBs YXJnZSBzY2FsZSB0byBwYXNzIGNvbmZpZ3VyYXRpb24gaW5mb3JtYXRpb24gYmV0d2VlbiBDUEUg ZGV2aWNlcyBhbmQgZGF0YSBjZW50ZXIgZGV2aWNlcywgYW5kIGFuIFNELVdBTiBjb250cm9sbGVy IHRvIG1hbmFnZSBpdCBhbGwuICBPdGhlciB2ZW5kb3JzIHVzZSBvdGhlciB0ZWNobm9sb2d5IHRv IGxlYXJuIHByb3RlY3RlZCBkb21haW5zLCBhbmQgYXMgSSBtZW50aW9uZWQsIHRoZXJlIHdhcyBh biBhdHRlbXB0IHRvIHN0YW5kYXJkaXplIHNvbWV0aGluZyBpbiBJUHNlY01FIGEgZmV3IHllYXJz IGFnbywgYnV0IHRoYXQgZmFpbGVkLg0KDQpUaGUgZHJhZnQgd2Ugd2VyZSBkaXNjdXNzaW5nIGhh cyBubyB3YXkgdG8gdHJhbnNmZXIgZG9tYWluIGluZm9ybWF0aW9uIGZyb20gdGhlIENQRXMgdG8g dGhlIGNvbnRyb2xsZXIgb3IgdG8gb3RoZXIgQ1BFcywgc28gSSBhc3N1bWUgdGhhdCBpdCBkb2Vz IG5vdCBmaXQgdGhpcyB1c2UgY2FzZS4gIEF0IGxlYXN0IG5vdCBpbiBpdHMgY3VycmVudCBmb3Jt Lg0KDQpZb2F2DQoNClsxXSBodHRwOi8vcGFja2V0cHVzaGVycy5uZXQvcG9kY2FzdC9wb2RjYXN0 cy9zaG93LTI3NC1wYWNrZXQtcHVzaGVycy1saXZlLXZpcHRlbGEtdGhyZWUtcmVhbC13b3JsZC1z ZC13YW4tZGVwbG95bWVudHMtc3BvbnNvcmVkLw0KDQpPbiA3IFNlcCAyMDE3LCBhdCAyMjozMywg TGluZGEgRHVuYmFyIDxsaW5kYS5kdW5iYXJAaHVhd2VpLmNvbTxtYWlsdG86bGluZGEuZHVuYmFy QGh1YXdlaS5jb20+PiB3cm90ZToNCg0KWW9hdiwNCg0KQXQgeWVzdGVyZGF54oCZcyBJMk5TRiBJ bnRlcmltIG1lZXRpbmcsIHlvdSBkZXNjcmliZWQgYW4gZXhhbXBsZSBvZiBHYXAgaGF2aW5nIHRo b3VzYW5kcyBvZiBsb2NhdGlvbnMgYW5kIG1vc3Qgb2YgdGhlbSBhcmUgaW4gYSBtYWxsIHdoZXJl IHB1YmxpYyBuZXR3b3JrIGlzIGF2YWlsYWJsZS4gWW91IHNhaWQgdGhhdCB0eXBpY2FsbHkgdGhl IFZQTiBnYXRld2F5IHBsYWNlZCBpbiB0aGUgc3RvcmUgaGFzIG5vIGtub3dsZWRnZSBvZiB0aGUg Z2xvYmFsIG5ldHdvcmsgdG9wb2xvZ3ksIG5vciBkb2VzIGl0IGtub3cgd2hlcmUgdGhlIGNvbnRy b2xsZXIgaXMgbG9jYXRlZC4NCg0KVG9kYXksIG1hbnkgdmVuZG9yc+KAmSByZW1vdGUgQ1BFcyBz dXBwb3J0IE9OVUfigJlzIFNELVdBTiDigJxaZXJvLXRvdWNoIGRlcGxveW1lbnTigJ0gcmVxdWly ZW1lbnQsIHdoZXJlIHRoZSByZW1vdGUgQ1BFcyBkZXZpY2VzIGNhbiBiZSBjb25uZWN0ZWQgdG8g aXRzIGNvbnRyb2xsZXIgdmlhIGJhcmNvZGUgc2Nhbi9lbWFpbC9ldGMuDQoNCkRvZXMgaXQgc29s dmUgdGhlIHByb2JsZW0/DQoNClRoYW5rcywNCkxpbmRhDQoNCg== --_000_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6eD0idXJuOnNjaGVtYXMtbWljcm9z b2Z0LWNvbTpvZmZpY2U6ZXhjZWwiIHhtbG5zOm09Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5j b20vb2ZmaWNlLzIwMDQvMTIvb21tbCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnL1RSL1JFQy1o dG1sNDAiPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9 InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI+DQo8bWV0YSBuYW1lPSJHZW5lcmF0b3IiIGNvbnRl bnQ9Ik1pY3Jvc29mdCBXb3JkIDE1IChmaWx0ZXJlZCBtZWRpdW0pIj4NCjwhLS1baWYgIW1zb10+ PHN0eWxlPnZcOioge2JlaGF2aW9yOnVybCgjZGVmYXVsdCNWTUwpO30NCm9cOioge2JlaGF2aW9y OnVybCgjZGVmYXVsdCNWTUwpO30NCndcOioge2JlaGF2aW9yOnVybCgjZGVmYXVsdCNWTUwpO30N Ci5zaGFwZSB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0KPC9zdHlsZT48IVtlbmRpZl0t LT48c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFjZQ0KCXtmb250 LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAy IDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1z b05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAw MDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4i LHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0 ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K CWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uYXBwbGUt Y29udmVydGVkLXNwYWNlDQoJe21zby1zdHlsZS1uYW1lOmFwcGxlLWNvbnZlcnRlZC1zcGFjZTt9 DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCnNwYW4uRW1haWxT dHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJD YWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7 bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBX b3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEu MGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+ PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9 ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBt c28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0 PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0K PC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0K PGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMUY0OTdEIj5MaW5kYSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPklmIHlvdSB3YW50IHRvIHNlY3VyZWx5IGVuY3J5cHQgdHJhZmZpYyBi ZXR3ZWVuIGVuZHBvaW50cyB0aGVuIHlvdSBhcmUgZ29pbmcgdG8gbmVlZCB0byBidWlsZCBwb2lu dC1wb2ludCBlbmNyeXB0ZWQgdHVubmVscyBiZXR3ZWVuIHRoZXNlIGVuZHBvaW50cywgdGhpcyBp cyB0aGUNCiBtYWluIHJlYXNvbiB0aGF0IFNELVdBTiBpbXBsZW1lbnRhdGlvbnMgdXNlIGVpdGhl ciBhIGZ1bGwtbWVzaCBvciBkeW5hbWljLW1lc2ggb2YgcG9pbnQtcG9pbnQgdHVubmVscy4mbmJz cDsgSWYgeW91IHJlbHkgb24gYSBtdWx0aS1wb2ludCBjb25uZWN0aW9uIG1vZGVsIHRoZW4geW91 IGVuZCB1cCB1c2luZyBhIGdyb3VwIGtleSBlbmNyeXB0aW9uIG1vZGVsIHdoaWNoIGlzIGxlc3Mg c2VjdXJlIChtYW55IGN1c3RvbWVycyB3aWxsIG5vdCBhY2NlcHQgdXNpbmcNCiBncm91cCBrZXlz KS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPk1pa2UuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8dGFibGUg Y2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBib3JkZXI9IjEiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFk ZGluZz0iMCIgc3R5bGU9ImJvcmRlcjpzb2xpZCAjODI4MTc3IDEuMHB0Ij4NCjx0Ym9keT4NCjx0 cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9ImJvcmRlcjpub25lO2JhY2tncm91bmQ6d2hpdGU7 cGFkZGluZzo3LjVwdCA3LjVwdCA3LjVwdCA3LjVwdCI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1h bFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYWxpZ249 ImxlZnQiIHdpZHRoPSIwIiBzdHlsZT0id2lkdGg6NDA3LjI1cHQ7YmFja2dyb3VuZDp3aGl0ZSI+ DQo8dGJvZHk+DQo8dHI+DQo8dGQgdmFsaWduPSJ0b3AiIHN0eWxlPSJwYWRkaW5nOjBpbiAwaW4g MGluIDBpbiI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBib3JkZXI9IjAiIGNlbGxz cGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIHN0eWxlPSJ3aWR0aDoxMDAu MCUiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGluZzowaW4g MGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgaHJlZj0iaHR0cDovL3d3dy5j aXNjb2xpdmUuY29tLyI+PHNwYW4gc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lIj48aW1nIGJv cmRlcj0iMCIgd2lkdGg9IjU0MyIgaGVpZ2h0PSIxMDAiIGlkPSJsb2dvUHJldmlldyIgc3JjPSJj aWQ6aW1hZ2UwMDEuanBnQDAxRDMyQ0I1LkQzQzREMDMwIiBhbHQ9Imh0dHA6Ly93d3cuY2lzY28u Y29tL2NvbnRlbnQvZGFtL20vZW5fdXMvc2lnbmF0dXJldG9vbC9pbWFnZXMvYmFubmVycy9FdmVu dHMvY2lzY29fbGl2ZV9sYXNfdmVnYXMvZW1haWwtc2lnbmF0dXJlLWNsdXMtMTctbHYtaW5kaWdv LmpwZyI+PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3Ry Pg0KPHRyIHN0eWxlPSJoZWlnaHQ6MTUuMHB0Ij4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9InBh ZGRpbmc6MGluIDBpbiAwaW4gMGluO2hlaWdodDoxNS4wcHQiPjwvdGQ+DQo8L3RyPg0KPHRyPg0K PHRkIHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGluZzowaW4gMGluIDBpbiAwaW4iPg0KPHRhYmxl IGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBh ZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBzdHlsZT0id2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0 cj4NCjx0ZCB3aWR0aD0iMzAiIHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6MjIuNXB0O3BhZGRp bmc6MGluIDBpbiAwaW4gMGluIj48L3RkPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGlu ZzowaW4gMGluIDBpbiAwaW4iPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIgYm9yZGVy PSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBzdHlsZT0i d2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB3aWR0aD0iMjYwIiB2YWxpZ249InRv cCIgc3R5bGU9IndpZHRoOjE5NS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiAwaW4iPg0KPHRhYmxl IGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBh ZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBzdHlsZT0id2lkdGg6MTAwLjAlIj4NCjx0Ym9keT4NCjx0 cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1yaWdodDpzb2xp ZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojNjY2NjY2Ij5NaWtlIFN1bGxlbmJlcmdlciZu YnNwOyZuYnNwOyZuYnNwOyBDQ0lFLTI5MDI8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNp emU6OC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjoj NjY2NjY2Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjguNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6IzY2NjY2NiI+PGEgaHJlZj0ibWFpbHRvOm1sc0BjaXNjby5jb20iPjxz cGFuIHN0eWxlPSJjb2xvcjojMDA3RkM1O3RleHQtZGVjb3JhdGlvbjpub25lIj5tbHNAY2lzY28u Y29tPC9zcGFuPjwvYT4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojNjY2NjY2Ij5UZWw6DQo8Yj4mIzQzOzEgNDA4IDUyNyA4 NzAyPG86cD48L286cD48L2I+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6OC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojNjY2NjY2Ij5DaXNjby5jb208bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCB2YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6MGluIDBp biAwaW4gMGluIj48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBzdHlsZT0icGFkZGluZzowaW4gMGlu IDBpbiAwaW4iPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHN0eWxlPSJwYWRkaW5nOjBpbiAwaW4g MGluIDBpbiI+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgc3R5bGU9InBhZGRpbmc6MGluIDBpbiAw aW4gMGluIj48L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3RhYmxlPg0KPC90ZD4NCjx0ZCB3aWR0 aD0iMjAiIHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6MTUuMHB0O3BhZGRpbmc6MGluIDBpbiAw aW4gMGluIj48L3RkPg0KPHRkIHdpZHRoPSIyMDMiIHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6 MTk1LjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDBpbiI+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1h bFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9 IjEwMCUiIHN0eWxlPSJ3aWR0aDoxMDAuMCUiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHZhbGlnbj0i dG9wIiBzdHlsZT0icGFkZGluZzowaW4gMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOiM2NjY2NjYiPkRJU1RJTkdVSVNIRUQgRU5HSU5FRVIuIEVO R0lORUVSSU5HPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiM2NjY2NjYiPlByb2R1Y3QgRGV2ZWxvcG1lbnQ8L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo4LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiM1OTU5NUIiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojNTk1OTVCIj5DaXNjbyBTeXN0ZW1zLCBJbmMu DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3RhYmxl Pg0KPC90ZD4NCjwvdHI+DQo8dHIgc3R5bGU9ImhlaWdodDoxMS4yNXB0Ij4NCjx0ZCBjb2xzcGFu PSIzIiB2YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6MGluIDBpbiAwaW4gMGluO2hlaWdodDox MS4yNXB0Ij48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIzIiB2YWxpZ249InRvcCIg c3R5bGU9InBhZGRpbmc6MGluIDBpbiAwaW4gMGluIj4NCjx0YWJsZSBjbGFzcz0iTXNvTm9ybWFs VGFibGUiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0aD0i MCIgc3R5bGU9IndpZHRoOjM2Mi4yNXB0Ij4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB3aWR0aD0iMzEi IHZhbGlnbj0idG9wIiBzdHlsZT0id2lkdGg6MTUuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gMGlu Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48aW1n IGJvcmRlcj0iMCIgd2lkdGg9IjE4IiBoZWlnaHQ9IjE5IiBpZD0iUGljdHVyZV94MDAyMF8yIiBz cmM9ImNpZDppbWFnZTAwMi5naWZAMDFEMzJDQjUuRDNDNEQwMzAiIGFsdD0iaHR0cDovL3d3dy5j aXNjby5jb20vYXNzZXRzL3N3YS9pbWcvdGhpbmtiZWZvcmV5b3VwcmludC5naWYiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvdGQ+DQo8dGQgd2lkdGg9IjUiIHZhbGlnbj0idG9wIiBzdHlsZT0i d2lkdGg6My43NXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gMGluIj48L3RkPg0KPHRkIHdpZHRoPSI0 NDciIHZhbGlnbj0iYm90dG9tIiBzdHlsZT0id2lkdGg6MzQzLjVwdDtwYWRkaW5nOjBpbiAwaW4g MGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjgu NXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzAwOTkw MCI+VGhpbmsgYmVmb3JlIHlvdSBwcmludC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L3RkPg0K PC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIzIiB2YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6 MGluIDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjIuMjVwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo3LjVwdDtmb250LWZhbWlseTomcXVv dDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiM5OTk5OTkiPlRoaXMgZW1haWwgbWF5IGNv bnRhaW4gY29uZmlkZW50aWFsIGFuZCBwcml2aWxlZ2VkIG1hdGVyaWFsIGZvciB0aGUgc29sZSB1 c2Ugb2YgdGhlIGludGVuZGVkIHJlY2lwaWVudC4gQW55IHJldmlldywgdXNlLCBkaXN0cmlidXRp b24NCiBvciBkaXNjbG9zdXJlIGJ5IG90aGVycyBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLiBJZiB5 b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50IChvciBhdXRob3JpemVkIHRvIHJlY2Vp dmUgZm9yIHRoZSByZWNpcGllbnQpLCBwbGVhc2UgY29udGFjdCB0aGUgc2VuZGVyIGJ5IHJlcGx5 IGVtYWlsIGFuZCBkZWxldGUgYWxsIGNvcGllcyBvZiB0aGlzIG1lc3NhZ2UuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206Mi4y NXB0Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjcuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFs JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Izk5OTk5OSI+UGxlYXNlDQo8YSBocmVmPSJodHRwOi8v d3d3LmNpc2NvLmNvbS93ZWIvYWJvdXQvZG9pbmdfYnVzaW5lc3MvbGVnYWwvY3JpL2luZGV4Lmh0 bWwiIHRpdGxlPSJMZWdhbCBJbmZvcm1hdGlvbiI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IzBFNThB MCI+Y2xpY2sgaGVyZTwvc3Bhbj48L2E+IGZvciBDb21wYW55IFJlZ2lzdHJhdGlvbiBJbmZvcm1h dGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3Rh YmxlPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8dGQgd2lkdGg9 IjMwIiB2YWxpZ249InRvcCIgc3R5bGU9IndpZHRoOjIyLjVwdDtwYWRkaW5nOjBpbiAwaW4gMGlu IDBpbiI+PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPC90 Ym9keT4NCjwvdGFibGU+DQo8L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3RhYmxlPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+ DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7 cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBJUHNlYyBbbWFp bHRvOmlwc2VjLWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkxpbmRhIER1 bmJhcjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlkYXksIFNlcHRlbWJlciAwOCwgMjAxNyA5OjA3IEFN PGJyPg0KPGI+VG86PC9iPiBZb2F2IE5pciAmbHQ7eW5pci5pZXRmQGdtYWlsLmNvbSZndDs8YnI+ DQo8Yj5DYzo8L2I+IGkybnNmQGlldGYub3JnOyBJUHNlY01FIFdHICZsdDtpcHNlY0BpZXRmLm9y ZyZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtJUHNlY10geW91ciBleGFtcGxlIChsaWtl IEdhcCkgYWJvdXQgSVBTZWMgVlBOIGdhdGV3YXkgZGVwbG95ZWQgaW4gc2hvcHBpbmcgbWFsbCBu b3QgYXdhcmUgb2Ygd2hlcmUgdGhlIGNvbnRyb2xsZXIgaXMuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Qi PllvYXYsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPk5vdCBo YXZpbmcgaW50ZXJvcGVyYWJsZSBzb2x1dGlvbiBmb3IgU0QtV0FOIGlzIGEgaHVnZSBpc3N1ZSBm b3IgZW50ZXJwcmlzZXMuIFRoYXQgaXMgb25lIG9mIHRoZSBtYWluIHJlYXNvbnMgdGhhdCBTRC1X QU4gZGVwbG95bWVudCBoYXMgYmVlbiBzbG93IHNpbmNlIGl0cyBpbmNlcHRpb24NCiBpbiAyMDEy LiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6IzFGNDk3RCI+SW4gT05VRyAoT3BlbiBOZXR3b3JrIFVzZXIgR3JvdXApIHdo ZXJlIG1ham9yaXR5IG9mIHBhcnRpY2lwYW50cyBhcmUgZW50ZXJwcmlzZXMsIGl0IHdhcyBvdmVy d2hlbG1pbmdseSB2b3RlZCB0aGUgbmVlZCBmb3IgaW50ZXJvcGVyYWJsZSBTRC1XQU4gc29sdXRp b25zLiBBcw0KIHRoZSByZXN1bHQsIHRoZSBPTlVHIHN0YXJ0ZWQgYSBTRC1XQU4gRXhjaGFuZ2Ug V0cuIEhvd2V2ZXIsIE9OVUcgaXMgbm90IGEgc3RhbmRhcmQgb3JnYW5pemF0aW9uLiBUaGVpciBt YWluIGdvYWwgaXMgdG8gaWRlbnRpZnkgdXNlIGNhc2VzLCByZXF1aXJlbWVudHMsIGV0Yy4NCjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+V2VsbCwgU0QtV0FOIGhh cyBvdGhlciBpc3N1ZXMsIGxpa2UgU0QtV0FOIHNvbHV0aW9uIGJ1aWxkcyBwb2ludC10by1wb2lu dCBvdmVybGF5IHBhdGhzIGJldHdlZW4gdHdvIGVuZC1wb2ludHMgKG9yIGJyYW5jaCBvZmZpY2Vz KSBhcyBhbHRlcm5hdGl2ZSBwYXRocy4gSG93ZXZlciwNCiBtb3N0IGVudGVycHJpc2VzIG5lZWQg bXVsdGktcG9pbnQgaW50ZXJjb25uZWN0aW9uIGFtb25nIG11bHRpcGxlIGxvY2F0aW9ucywgYXMg ZG9uZSBieSBNUExTIEwyL0wzLVZQTi4gVXNpbmcgU0QtV0FOIG92ZXJsYXkgcGF0aHMgdG8gYWNo aWV2ZSBhbnkgdG8gYW55IG1lc2ggaW50ZXJjb25uZWN0aW9uIGFtb25nIGFsbCBicmFuY2hlcyBu b3Qgb25seSByZXF1aXJlcyBhbGwgYnJhbmNoZXMgQ1BFcyB0byBiZSB1cGdyYWRlZCwgYnV0IGFs c28gcmVxdWlyZQ0KIENQRXMgdG8gbWFuYWdlIHJvdXRpbmcgYW1vbmcgb3RoZXIgQ1BFcyBsb2Nh dGVkIGF0IG90aGVyIGxvY2F0aW9ucywgd2hpY2ggZHJhbWF0aWNhbGx5IGluY3JlYXNlIHRoZSBj b21wbGV4aXR5IG9mIHRoZSBDUEVzLiBBbG1vc3QgbGlrZSBnb2luZyBiYWNrIHRvIHRoZSBjb21w bGV4aXR5IG9mIGZyYW1lIHJlbGF5IHdoZXJlIGVhY2ggQ1BFIG5lZWRzIG1haW50YWluIG1lc2gg cm91dGluZyBmb3IgYWxsIGRlc3RpbmF0aW9ucy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5MaW5kYQ0KPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgbmFtZT0iX01haWxFbmRDb21w b3NlIj48L2E+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNv bGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiPiBZb2F2IE5pciBbPGEgaHJlZj0ibWFpbHRvOnluaXIuaWV0ZkBnbWFpbC5jb20iPm1h aWx0bzp5bmlyLmlldGZAZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlkYXks IFNlcHRlbWJlciAwOCwgMjAxNyAxMjozNiBBTTxicj4NCjxiPlRvOjwvYj4gTGluZGEgRHVuYmFy ICZsdDs8YSBocmVmPSJtYWlsdG86bGluZGEuZHVuYmFyQGh1YXdlaS5jb20iPmxpbmRhLmR1bmJh ckBodWF3ZWkuY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IDxhIGhyZWY9Im1haWx0bzppMm5z ZkBpZXRmLm9yZyI+aTJuc2ZAaWV0Zi5vcmc8L2E+OyBJUHNlY01FIFdHICZsdDs8YSBocmVmPSJt YWlsdG86aXBzZWNAaWV0Zi5vcmciPmlwc2VjQGlldGYub3JnPC9hPiZndDs8YnI+DQo8Yj5TdWJq ZWN0OjwvYj4gUmU6IHlvdXIgZXhhbXBsZSAobGlrZSBHYXApIGFib3V0IElQU2VjIFZQTiBnYXRl d2F5IGRlcGxveWVkIGluIHNob3BwaW5nIG1hbGwgbm90IGF3YXJlIG9mIHdoZXJlIHRoZSBjb250 cm9sbGVyIGlzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PkhpLCBMaW5kYTxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ VGhlIHJlYXNvbiBJIGJyb3VnaHQgdXAgdGhlIEdhcCB3YXMgYmVjYXVzZSB0aGV5IGRlc2NyaWJl ZCB0aGVpciBuZXR3b3JrIGluIGEgUGFja2V0IFB1c2hlcuKAmXMgZXBpc29kZSAoWzFdKS48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QW5kIHRo ZSBzb2x1dGlvbiBmb3IgdGhlbSB3YXMgc29tZSB2ZW5kb3LigJlzIFNELVdBTiBzb2x1dGlvbi4g QXMgZmFyIGFzIEkgY2FuIHRlbGwsIGVhY2ggdmVuZG9y4oCZcyBTRC1XQU4gc29sdXRpb24gaXMg cHJvcHJpZXRhcnkgYW5kIG5vbi1pbnRlcm9wZXJhYmxlIHdpdGggb3RoZXIgdmVuZG9yc+KAmSBT RC1XQU4gc29sdXRpb24uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPlRoYXQgdmVuZG9yIChWaXB0ZWxhLCBzaW5jZSB0aGVuIG1lcmdlZCB3aXRo IENpc2NvKSB1c2VzIEJHUCBvbiBhIGxhcmdlIHNjYWxlIHRvIHBhc3MgY29uZmlndXJhdGlvbiBp bmZvcm1hdGlvbiBiZXR3ZWVuIENQRSBkZXZpY2VzIGFuZCBkYXRhIGNlbnRlciBkZXZpY2VzLCBh bmQgYW4gU0QtV0FOIGNvbnRyb2xsZXIgdG8gbWFuYWdlIGl0IGFsbC4gJm5ic3A7T3RoZXIgdmVu ZG9ycyB1c2Ugb3RoZXIgdGVjaG5vbG9neQ0KIHRvIGxlYXJuIHByb3RlY3RlZCBkb21haW5zLCBh bmQgYXMgSSBtZW50aW9uZWQsIHRoZXJlIHdhcyBhbiBhdHRlbXB0IHRvIHN0YW5kYXJkaXplIHNv bWV0aGluZyBpbiBJUHNlY01FIGEgZmV3IHllYXJzIGFnbywgYnV0IHRoYXQgZmFpbGVkLjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZHJh ZnQgd2Ugd2VyZSBkaXNjdXNzaW5nIGhhcyBubyB3YXkgdG8gdHJhbnNmZXIgZG9tYWluIGluZm9y bWF0aW9uIGZyb20gdGhlIENQRXMgdG8gdGhlIGNvbnRyb2xsZXIgb3IgdG8gb3RoZXIgQ1BFcywg c28gSSBhc3N1bWUgdGhhdCBpdCBkb2VzIG5vdCBmaXQgdGhpcyB1c2UgY2FzZS4gJm5ic3A7QXQg bGVhc3Qgbm90IGluIGl0cyBjdXJyZW50IGZvcm0uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPllvYXY8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+WzFdJm5ic3A7PGEgaHJlZj0iaHR0cDovL3Bh Y2tldHB1c2hlcnMubmV0L3BvZGNhc3QvcG9kY2FzdHMvc2hvdy0yNzQtcGFja2V0LXB1c2hlcnMt bGl2ZS12aXB0ZWxhLXRocmVlLXJlYWwtd29ybGQtc2Qtd2FuLWRlcGxveW1lbnRzLXNwb25zb3Jl ZC8iPmh0dHA6Ly9wYWNrZXRwdXNoZXJzLm5ldC9wb2RjYXN0L3BvZGNhc3RzL3Nob3ctMjc0LXBh Y2tldC1wdXNoZXJzLWxpdmUtdmlwdGVsYS10aHJlZS1yZWFsLXdvcmxkLXNkLXdhbi1kZXBsb3lt ZW50cy1zcG9uc29yZWQvPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUg c3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+T24gNyBTZXAgMjAxNywgYXQgMjI6MzMsIExpbmRhIER1bmJhciAm bHQ7PGEgaHJlZj0ibWFpbHRvOmxpbmRhLmR1bmJhckBodWF3ZWkuY29tIj5saW5kYS5kdW5iYXJA aHVhd2VpLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5Zb2F2LDxzcGFuIGNsYXNzPSJhcHBsZS1j b252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiZuYnNwOzxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZiI+QXQgeWVzdGVyZGF54oCZcyBJMk5TRiBJbnRlcmltIG1lZXRpbmcs IHlvdSBkZXNjcmliZWQgYW4gZXhhbXBsZSBvZiBHYXAgaGF2aW5nIHRob3VzYW5kcyBvZiBsb2Nh dGlvbnMgYW5kIG1vc3Qgb2YgdGhlbSBhcmUgaW4gYSBtYWxsIHdoZXJlIHB1YmxpYyBuZXR3b3Jr IGlzIGF2YWlsYWJsZS4gWW91IHNhaWQNCiB0aGF0IHR5cGljYWxseSB0aGUgVlBOIGdhdGV3YXkg cGxhY2VkIGluIHRoZSBzdG9yZSBoYXMgbm8ga25vd2xlZGdlIG9mIHRoZSBnbG9iYWwgbmV0d29y ayB0b3BvbG9neSwgbm9yIGRvZXMgaXQga25vdyB3aGVyZSB0aGUgY29udHJvbGxlciBpcyBsb2Nh dGVkLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZiI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5Ub2RheSwg bWFueSB2ZW5kb3Jz4oCZIHJlbW90ZSBDUEVzIHN1cHBvcnQgT05VR+KAmXMgU0QtV0FOIOKAnFpl cm8tdG91Y2ggZGVwbG95bWVudOKAnSByZXF1aXJlbWVudCwgd2hlcmUgdGhlIHJlbW90ZSBDUEVz IGRldmljZXMgY2FuIGJlIGNvbm5lY3RlZCB0byBpdHMgY29udHJvbGxlciB2aWEgYmFyY29kZSBz Y2FuL2VtYWlsL2V0Yy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp ZiI+RG9lcyBpdCBzb2x2ZSB0aGUgcHJvYmxlbT88c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVk LXNwYWNlIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPlRoYW5rcyw8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5MaW5kYTwvc3Bhbj48L2I+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_-- --_005_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_ Content-Type: image/jpeg; name="image001.jpg" Content-Description: image001.jpg Content-Disposition: inline; filename="image001.jpg"; size=58678; creation-date="Thu, 14 Sep 2017 00:30:12 GMT"; modification-date="Thu, 14 Sep 2017 00:30:12 GMT" Content-ID: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAgEASABIAAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNA+0AAAAAABAASAAAAAEA AQBIAAAAAQAB/+FJGWh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8APD94cGFja2V0IGJlZ2lu PSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4 PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS42LWMxMzcgNzkuMTU5 NzY4LCAyMDE2LzA4LzExLTEzOjI0OjQyICAgICAgICAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9 Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRm OkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1 cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25z LmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6eG1wR0ltZz0iaHR0cDovL25z LmFkb2JlLmNvbS94YXAvMS4wL2cvaW1nLyIKICAgICAgICAgICAgeG1sbnM6eG1wTU09Imh0dHA6 Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iCiAgICAgICAgICAgIHhtbG5zOnN0UmVmPSJodHRw Oi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIgogICAgICAgICAgICB4 bWxuczpzdEV2dD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlRXZl bnQjIgogICAgICAgICAgICB4bWxuczppbGx1c3RyYXRvcj0iaHR0cDovL25zLmFkb2JlLmNvbS9p bGx1c3RyYXRvci8xLjAvIgogICAgICAgICAgICB4bWxuczpwZGY9Imh0dHA6Ly9ucy5hZG9iZS5j b20vcGRmLzEuMy8iPgogICAgICAgICA8ZGM6Zm9ybWF0PmltYWdlL2pwZWc8L2RjOmZvcm1hdD4K ICAgICAgICAgPGRjOnRpdGxlPgogICAgICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAg PHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5XZWI8L3JkZjpsaT4KICAgICAgICAgICAgPC9y ZGY6QWx0PgogICAgICAgICA8L2RjOnRpdGxlPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkFk b2JlIElsbHVzdHJhdG9yIENDIDIwMTcgKFdpbmRvd3MpPC94bXA6Q3JlYXRvclRvb2w+CiAgICAg ICAgIDx4bXA6Q3JlYXRlRGF0ZT4yMDE3LTAyLTA4VDEzOjEzOjE5LTA2OjAwPC94bXA6Q3JlYXRl RGF0ZT4KICAgICAgICAgPHhtcDpNb2RpZnlEYXRlPjIwMTctMDItMDhUMTk6MTM6MjFaPC94bXA6 TW9kaWZ5RGF0ZT4KICAgICAgICAgPHhtcDpNZXRhZGF0YURhdGU+MjAxNy0wMi0wOFQxMzoxMzox OS0wNjowMDwveG1wOk1ldGFkYXRhRGF0ZT4KICAgICAgICAgPHhtcDpUaHVtYm5haWxzPgogICAg ICAgICAgICA8cmRmOkFsdD4KICAgICAgICAgICAgICAgPHJkZjpsaSByZGY6cGFyc2VUeXBlPSJS ZXNvdXJjZSI+CiAgICAgICAgICAgICAgICAgIDx4bXBHSW1nOndpZHRoPjI1NjwveG1wR0ltZzp3 aWR0aD4KICAgICAgICAgICAgICAgICAgPHhtcEdJbWc6aGVpZ2h0PjY4PC94bXBHSW1nOmhlaWdo dD4KICAgICAgICAgICAgICAgICAgPHhtcEdJbWc6Zm9ybWF0PkpQRUc8L3htcEdJbWc6Zm9ybWF0 PgogICAgICAgICAgICAgICAgICA8eG1wR0ltZzppbWFnZT4vOWovNEFBUVNrWkpSZ0FCQWdFQVNB QklBQUQvN1FBc1VHaHZkRzl6YUc5d0lETXVNQUE0UWtsTkErMEFBQUFBQUJBQVNBQUFBQUVBJiN4 QTtBUUJJQUFBQUFRQUIvK0lNV0VsRFExOVFVazlHU1V4RkFBRUJBQUFNU0V4cGJtOENFQUFBYlc1 MGNsSkhRaUJZV1ZvZ0I4NEFBZ0FKJiN4QTtBQVlBTVFBQVlXTnpjRTFUUmxRQUFBQUFTVVZESUhO U1IwSUFBQUFBQUFBQUFBQUFBQUFBQVBiV0FBRUFBQUFBMHkxSVVDQWdBQUFBJiN4QTtBQUFBQUFB QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVJZM0J5 ZEFBQUFWQUFBQUF6JiN4QTtaR1Z6WXdBQUFZUUFBQUJzZDNSd2RBQUFBZkFBQUFBVVltdHdkQUFB QWdRQUFBQVVjbGhaV2dBQUFoZ0FBQUFVWjFoWldnQUFBaXdBJiN4QTtBQUFVWWxoWldnQUFBa0FB QUFBVVpHMXVaQUFBQWxRQUFBQndaRzFrWkFBQUFzUUFBQUNJZG5WbFpBQUFBMHdBQUFDR2RtbGxk d0FBJiN4QTtBOVFBQUFBa2JIVnRhUUFBQS9nQUFBQVViV1ZoY3dBQUJBd0FBQUFrZEdWamFBQUFC REFBQUFBTWNsUlNRd0FBQkR3QUFBZ01aMVJTJiN4QTtRd0FBQkR3QUFBZ01ZbFJTUXdBQUJEd0FB QWdNZEdWNGRBQUFBQUJEYjNCNWNtbG5hSFFnS0dNcElERTVPVGdnU0dWM2JHVjBkQzFRJiN4QTtZ V05yWVhKa0lFTnZiWEJoYm5rQUFHUmxjMk1BQUFBQUFBQUFFbk5TUjBJZ1NVVkROakU1TmpZdE1p NHhBQUFBQUFBQUFBQUFBQUFTJiN4QTtjMUpIUWlCSlJVTTJNVGsyTmkweUxqRUFBQUFBQUFBQUFB QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBJiN4QTtBQUFBQUFBQUFB QUFBRmhaV2lBQUFBQUFBQUR6VVFBQkFBQUFBUmJNV0ZsYUlBQUFBQUFBQUFBQUFBQUFBQUFBQUFC WVdWb2dBQUFBJiN4QTtBQUFBYjZJQUFEajFBQUFEa0ZoWldpQUFBQUFBQUFCaW1RQUF0NFVBQUJq YVdGbGFJQUFBQUFBQUFDU2dBQUFQaEFBQXRzOWtaWE5qJiN4QTtBQUFBQUFBQUFCWkpSVU1nYUhS MGNEb3ZMM2QzZHk1cFpXTXVZMmdBQUFBQUFBQUFBQUFBQUJaSlJVTWdhSFIwY0RvdkwzZDNkeTVw JiN4QTtaV011WTJnQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB QUFBQUFBQUFBQUFBQUFBQVpHVnpZd0FBJiN4QTtBQUFBQUFBdVNVVkRJRFl4T1RZMkxUSXVNU0JF WldaaGRXeDBJRkpIUWlCamIyeHZkWElnYzNCaFkyVWdMU0J6VWtkQ0FBQUFBQUFBJiN4QTtBQUFB QUFBdVNVVkRJRFl4T1RZMkxUSXVNU0JFWldaaGRXeDBJRkpIUWlCamIyeHZkWElnYzNCaFkyVWdM U0J6VWtkQ0FBQUFBQUFBJiN4QTtBQUFBQUFBQUFBQUFBQUFBQUFBQUFHUmxjMk1BQUFBQUFBQUFM RkpsWm1WeVpXNWpaU0JXYVdWM2FXNW5JRU52Ym1ScGRHbHZiaUJwJiN4QTtiaUJKUlVNMk1UazJO aTB5TGpFQUFBQUFBQUFBQUFBQUFDeFNaV1psY21WdVkyVWdWbWxsZDJsdVp5QkRiMjVrYVhScGIy NGdhVzRnJiN4QTtTVVZETmpFNU5qWXRNaTR4QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB QUFBQUIyYVdWM0FBQUFBQUFUcFA0QUZGOHVBQkRQJiN4QTtGQUFEN2N3QUJCTUxBQU5jbmdBQUFB RllXVm9nQUFBQUFBQk1DVllBVUFBQUFGY2Y1MjFsWVhNQUFBQUFBQUFBQVFBQUFBQUFBQUFBJiN4 QTtBQUFBQUFBQUFBQUFBQUtQQUFBQUFuTnBaeUFBQUFBQVExSlVJR04xY25ZQUFBQUFBQUFFQUFB QUFBVUFDZ0FQQUJRQUdRQWVBQ01BJiN4QTtLQUF0QURJQU53QTdBRUFBUlFCS0FFOEFWQUJaQUY0 QVl3Qm9BRzBBY2dCM0FId0FnUUNHQUlzQWtBQ1ZBSm9BbndDa0FLa0FyZ0N5JiN4QTtBTGNBdkFE QkFNWUF5d0RRQU5VQTJ3RGdBT1VBNndEd0FQWUErd0VCQVFjQkRRRVRBUmtCSHdFbEFTc0JNZ0U0 QVQ0QlJRRk1BVklCJiN4QTtXUUZnQVdjQmJnRjFBWHdCZ3dHTEFaSUJtZ0doQWFrQnNRRzVBY0VC eVFIUkFka0I0UUhwQWZJQitnSURBZ3dDRkFJZEFpWUNMd0k0JiN4QTtBa0VDU3dKVUFsMENad0p4 QW5vQ2hBS09BcGdDb2dLc0FyWUN3UUxMQXRVQzRBTHJBdlVEQUFNTEF4WURJUU10QXpnRFF3TlBB MW9EJiN4QTtaZ055QTM0RGlnT1dBNklEcmdPNkE4Y0Qwd1BnQSt3RCtRUUdCQk1FSUFRdEJEc0VT QVJWQkdNRWNRUitCSXdFbWdTb0JMWUV4QVRUJiN4QTtCT0VFOEFUK0JRMEZIQVVyQlRvRlNRVllC V2NGZHdXR0JaWUZwZ1cxQmNVRjFRWGxCZllHQmdZV0JpY0dOd1pJQmxrR2FnWjdCb3dHJiN4QTtu UWF2QnNBRzBRYmpCdlVIQndjWkJ5c0hQUWRQQjJFSGRBZUdCNWtIckFlL0I5SUg1UWY0Q0FzSUh3 Z3lDRVlJV2dodUNJSUlsZ2lxJiN4QTtDTDRJMGdqbkNQc0pFQWtsQ1RvSlR3bGtDWGtKandta0Ni b0p6d25sQ2ZzS0VRb25DajBLVkFwcUNvRUttQXF1Q3NVSzNBcnpDd3NMJiN4QTtJZ3M1QzFFTGFR dUFDNWdMc0F2SUMrRUwrUXdTRENvTVF3eGNESFVNamd5bkRNQU0yUXp6RFEwTkpnMUFEVm9OZEEy T0Rha053dzNlJiN4QTtEZmdPRXc0dURra09aQTUvRHBzT3RnN1NEdTRQQ1E4bEQwRVBYZzk2RDVZ UHN3L1BEK3dRQ1JBbUVFTVFZUkIrRUpzUXVSRFhFUFVSJiN4QTtFeEV4RVU4UmJSR01FYW9SeVJI b0VnY1NKaEpGRW1RU2hCS2pFc01TNHhNREV5TVRReE5qRTRNVHBCUEZFK1VVQmhRbkZFa1VhaFNM JiN4QTtGSzBVemhUd0ZSSVZOQlZXRlhnVm14VzlGZUFXQXhZbUZra1diQmFQRnJJVzFoYjZGeDBY UVJkbEY0a1hyaGZTRi9jWUd4aEFHR1VZJiN4QTtpaGl2R05VWStoa2dHVVVaYXhtUkdiY1ozUm9F R2lvYVVScDNHcDRheFJyc0d4UWJPeHRqRzRvYnNodmFIQUljS2h4U0hIc2NveHpNJiN4QTtIUFVk SGgxSEhYQWRtUjNESGV3ZUZoNUFIbW9lbEI2K0h1a2ZFeDgrSDJrZmxCKy9IK29nRlNCQklHd2dt Q0RFSVBBaEhDRklJWFVoJiN4QTtvU0hPSWZzaUp5SlZJb0lpcnlMZEl3b2pPQ05tSTVRandpUHdK QjhrVFNSOEpLc2syaVVKSlRnbGFDV1hKY2NsOXlZbkpsY21oeWEzJiN4QTtKdWduR0NkSkozb25x eWZjS0Ewb1B5aHhLS0lvMUNrR0tUZ3BheW1kS2RBcUFpbzFLbWdxbXlyUEt3SXJOaXRwSzUwcjBT d0ZMRGtzJiN4QTtiaXlpTE5jdERDMUJMWFl0cXkzaExoWXVUQzZDTHJjdTdpOGtMMW92a1MvSEwv NHdOVEJzTUtRdzJ6RVNNVW94Z2pHNk1mSXlLakpqJiN4QTtNcHN5MURNTk0wWXpmek80TS9FMEt6 UmxOSjQwMkRVVE5VMDFoelhDTmYwMk56WnlOcTQyNlRja04yQTNuRGZYT0JRNFVEaU1PTWc1JiN4 QTtCVGxDT1g4NXZEbjVPalk2ZERxeU91ODdMVHRyTzZvNzZEd25QR1U4cER6alBTSTlZVDJoUGVB K0lENWdQcUErNEQ4aFAyRS9vai9pJiN4QTtRQ05BWkVDbVFPZEJLVUZxUWF4QjdrSXdRbkpDdFVM M1F6cERmVVBBUkFORVIwU0tSTTVGRWtWVlJacEYza1lpUm1kR3EwYndSelZIJiN4QTtlMGZBU0FW SVMwaVJTTmRKSFVsalNhbEo4RW8zU24xS3hFc01TMU5MbWt2aVRDcE1ja3k2VFFKTlNrMlRUZHhP SlU1dVRyZFBBRTlKJiN4QTtUNU5QM1ZBblVIRlF1MUVHVVZCUm0xSG1VakZTZkZMSFV4TlRYMU9x VS9aVVFsU1BWTnRWS0ZWMVZjSldEMVpjVnFsVzkxZEVWNUpYJiN4QTs0Rmd2V0gxWXkxa2FXV2xa dUZvSFdsWmFwbHIxVzBWYmxWdmxYRFZjaGx6V1hTZGRlRjNKWGhwZWJGNjlYdzlmWVYrellBVmdW MkNxJiN4QTtZUHhoVDJHaVlmVmlTV0tjWXZCalEyT1hZK3RrUUdTVVpPbGxQV1dTWmVkbVBXYVNa dWhuUFdlVForbG9QMmlXYU94cFEybWFhZkZxJiN4QTtTR3FmYXZkclQydW5hLzlzVjJ5dmJRaHRZ RzI1YmhKdWEyN0VieDV2ZUcvUmNDdHdobkRnY1RweGxYSHdja3R5cG5NQmMxMXp1SFFVJiN4QTtk SEIwekhVb2RZVjE0WFkrZHB0MitIZFdkN040RVhodWVNeDVLbm1KZWVkNlJucWxld1I3WTN2Q2ZD RjhnWHpoZlVGOW9YNEJmbUorJiN4QTt3bjhqZjRSLzVZQkhnS2lCQ29GcmdjMkNNSUtTZ3ZTRFY0 TzZoQjJFZ0lUamhVZUZxNFlPaG5LRzE0YzdoNStJQklocGlNNkpNNG1aJiN4QTtpZjZLWklyS2l6 Q0xsb3Y4akdPTXlvMHhqWmlOLzQ1bWpzNlBObytla0FhUWJwRFdrVCtScUpJUmtucVM0NU5Oazdh VUlKU0tsUFNWJiN4QTtYNVhKbGpTV241Y0tsM1dYNEpoTW1MaVpKSm1RbWZ5YWFKclZtMEticjV3 Y25JbWM5NTFrbmRLZVFKNnVueDJmaTUvNm9HbWcyS0ZIJiN4QTtvYmFpSnFLV293YWpkcVBtcEZh a3g2VTRwYW1tR3FhTHB2Mm5icWZncUZLb3hLazNxYW1xSEtxUHF3S3JkYXZwckZ5czBLMUVyYml1 JiN4QTtMYTZocnhhdmk3QUFzSFd3NnJGZ3NkYXlTN0xDc3ppenJyUWx0SnkxRTdXS3RnRzJlYmJ3 dDJpMzRMaFp1Tkc1U3JuQ3VqdTZ0YnN1JiN4QTt1NmU4SWJ5YnZSVzlqNzRLdm9TKy83OTZ2L1hB Y01Ec3dXZkI0OEpmd3R2RFdNUFV4RkhFenNWTHhjakdSc2JEeDBISHY4Zzl5THpKJiN4QTtPc201 eWpqS3Q4czJ5N2JNTmN5MXpUWE50YzQyenJiUE44KzQwRG5RdXRFODBiN1NQOUxCMDBUVHh0Ukox TXZWVHRYUjFsWFcyTmRjJiN4QTsxK0RZWk5qbzJXelo4ZHAyMnZ2YmdOd0YzSXJkRU4yVzNoemVv dDhwMzYvZ051Qzk0VVRoek9KVDR0dmpZK1ByNUhQay9PV0U1ZzNtJiN4QTtsdWNmNTZub011aTg2 VWJwME9wYjZ1WHJjT3Y3N0lidEVlMmM3aWp1dE85QTc4endXUERsOFhMeC8vS004eG56cC9RMDlN TDFVUFhlJiN4QTs5bTMyKy9lSytCbjRxUGs0K2NmNlYvcm4rM2Y4Qi95WS9Tbjl1djVML3R6L2Jm Ly8vKzRBRGtGa2IySmxBR1RBQUFBQUFmL2JBSVFBJiN4QTtCZ1FFQkFVRUJnVUZCZ2tHQlFZSkN3 Z0dCZ2dMREFvS0N3b0tEQkFNREF3TURBd1FEQTRQRUE4T0RCTVRGQlFURXh3Ykd4c2NIeDhmJiN4 QTtIeDhmSHg4Zkh3RUhCd2NOREEwWUVCQVlHaFVSRlJvZkh4OGZIeDhmSHg4Zkh4OGZIeDhmSHg4 Zkh4OGZIeDhmSHg4Zkh4OGZIeDhmJiN4QTtIeDhmSHg4Zkh4OGZIeDhmSHg4Zi84QUFFUWdBUkFF QUF3RVJBQUlSQVFNUkFmL0VBYUlBQUFBSEFRRUJBUUVBQUFBQUFBQUFBQVFGJiN4QTtBd0lHQVFB SENBa0tDd0VBQWdJREFRRUJBUUVBQUFBQUFBQUFBUUFDQXdRRkJnY0lDUW9MRUFBQ0FRTURBZ1FD QmdjREJBSUdBbk1CJiN4QTtBZ01SQkFBRklSSXhRVkVHRTJFaWNZRVVNcEdoQnhXeFFpUEJVdEho TXhaaThDUnlndkVsUXpSVGtxS3lZM1BDTlVRbms2T3pOaGRVJiN4QTtaSFREMHVJSUpvTUpDaGda aEpSRlJxUzBWdE5WS0JyeTQvUEUxT1QwWlhXRmxhVzF4ZFhsOVdaMmhwYW10c2JXNXZZM1IxZG5k NGVYJiN4QTtwN2ZIMStmM09FaFlhSGlJbUtpNHlOam8rQ2s1U1ZscGVZbVpxYm5KMmVuNUtqcEtX bXA2aXBxcXVzcmE2dm9SQUFJQ0FRSURCUVVFJiN4QTtCUVlFQ0FNRGJRRUFBaEVEQkNFU01VRUZV Uk5oSWdaeGdaRXlvYkh3Rk1IUjRTTkNGVkppY3ZFekpEUkRnaGFTVXlXaVk3TENCM1BTJiN4QTtO ZUpFZ3hkVWt3Z0pDaGdaSmpaRkdpZGtkRlUzOHFPend5Z3AwK1B6aEpTa3RNVFU1UFJsZFlXVnBi WEYxZVgxUmxabWRvYVdwcmJHJiN4QTsxdWIyUjFkbmQ0ZVhwN2ZIMStmM09FaFlhSGlJbUtpNHlO am8rRGxKV1dsNWlabXB1Y25aNmZrcU9rcGFhbnFLbXFxNnl0cnErdi9hJiN4QTtBQXdEQVFBQ0VR TVJBRDhBOVVPV0NNVVhrNEJLcVRTcDdDdUtzQTh5UmVkdFIwMEc2c2pGREltaFNteGdLVE5IZXBx aXlYbEdRYzJXJiN4QTtPRlVKUDJhQ283NWtRNFFmbjkyemk1Qk1qY2Z6Zm5lNlozRS81aEpwdC9E QmF4eVhzbzFjMlYyWklWOUlvNS9SUzhQc3Y2aUVjdVhTJiN4QTtueFpFQ0ZqNGZ0Wms1S1B4L1ln Tk50UE9FZm1PK25qaU1mMWk5MDA2aEt5cUkzdDBzT054NlpjVU5KZ0I4Ry80NFNZOFB6KzlqRVQ0 JiN4QTtqN3g5ek10S20xQ2ZUNFpkUnQxdEwxZ1ROYnE0a1ZEVTBBY2JIYktaQVhzM3hKcmRGWUdU c1ZkaXJzVmRpcnNWZGlyc1ZkaXJzVmRpJiN4QTtyc1ZkaXJzVmRpcnNWZGlyc1ZkaXJzVmRpcnNW ZGlyc1ZkaXJzVmRpcnNWZWRlWnZLM25hNzgwYTFlV2tyeTJONXBNdHJvNVMra3QxJiN4QTt0TGxy YVNPcHQxSEdRdkt3SWV2dzllMlpNSnhFUVBQdWNUSmptWkVqbFcyL0pLOVM4ay9tWE8rdi9VTDE3 WTN1bjJjTm5QSmZURnhQJiN4QTtDWXZYU0ZWK0NGWlVScXNSeTVkNk1jbEhMRGErL3VZU3haRGRI b09yVCtTZnpKZnpMb2Q3YTNjbGpwbHF0b0piZHRSbW5GdXNUc2JtJiN4QTtOMUswdWpNcDJkcWVI UVkrTERoSTYrNzhVdmhaT0lFYkRicitMZXRaaU9jN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdG WFlxN0ZYJiN4QTtZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWHdkL2liekovMWRi ei9BS1NKZithczMzQkh1ZWE4U1hlWGY0bTh5ZjhBJiN4QTtWMXZQK2tpWC9tckhnajNMNGt1OHUv eE41ay82dXQ1LzBrUy84MVk4RWU1ZkVsM2wzK0p2TW4vVjF2UCtraVgvQUpxeDRJOXkrSkx2JiN4 QTtMdjhBRTNtVC9xNjNuL1NSTC96Vmp3UjdsOFNYZVhmNG04eWY5WFc4L3dDa2lYL21ySGdqM0w0 a3U4dS94TjVrL3dDcnJlZjlKRXYvJiN4QTtBRFZqd1I3bDhTWGVYZjRtOHlmOVhXOC82U0pmK2Fz ZUNQY3ZpUzd5Ny9FM21UL3E2M24vQUVrUy93RE5XUEJIdVh4SmQ1ZC9pYnpKJiN4QTsvd0JYVzgv NlNKZithc2VDUGN2aVM3eTcvRTNtVC9xNjNuL1NSTC96Vmp3UjdsOFNYZVhmNG04eWY5WFc4LzZT SmY4QW1ySGdqM0w0JiN4QTtrdThzcThqK1d2eks4NkpxRGFMcWMvSFRrVjVUUGR6UmgyZXZHTkRV amtlSjYwSGljcXl6aENySE52dzQ4bVM2UEx6WXhONWc4MFF6JiN4QTtTUXlhcGVDU05pamdYTWhv eW1oM0RFSExSQ1BjMG1jdThyUDhUZVpQK3JyZWY5SkV2L05XUEJIdVI0a3U4dS94TjVrLzZ1dDUv d0JKJiN4QTtFdjhBelZqd1I3bDhTWGVYZjRtOHlmOEFWMXZQK2tpWC9tckhnajNMNGt1OHUveE41 ay82dXQ1LzBrUy84MVk4RWU1ZkVsM2xhbm1uJiN4QTt6RTYxWFZyeWxTUDk2SmV4cC9OZ0VJOXpJ emtPcFhmNG04eWY5WFc4L3dDa2lYL21yRHdSN21QaVM3eTcvRTNtVC9xNjNuL1NSTC96JiN4QTtW andSN2w4U1hlWGY0bTh5ZjlYVzgvNlNKZjhBbXJIZ2ozTDRrdTh1L3dBVGVaUCtycmVmOUpFdi9O V1BCSHVYeEpkNWQvaWJ6Si8xJiN4QTtkYnovQUtTSmYrYXNlQ1BjdmlTN3k3L0UzbVQvQUt1dDUv MGtTLzhBTldQQkh1WHhKZDVjUE12bVFtZzFXOHIvQU14RXYvTldQQkh1JiN4QTtUNGt1OHRueko1 bUZhNnBlaWhvZjM4dXg4UHRZOEVlNWZFbDNsci9Fbm1XaGI5SzN2RUdoUHJ5MHFmOEFaZTJQQkh1 WHhKZDVkL2liJiN4QTt6Si8xZGJ6L0FLU0pmK2FzZUNQY2p4SmQ1ZC9pYnpKLzFkYnovcElsL3dD YXNlQ1BjdmlTN3k3L0FCTjVrLzZ1dDUvMGtTLzgxWThFJiN4QTtlNWZFbDNsMytKdk1uL1YxdlA4 QXBJbC81cXg0STl5K0pMdktXNUppN0ZYWXE3RlhZcTdGWFlxOW04dGVYdkxOai96ajlxK3U2MVpR JiN4QTt6M2wvTktOS3VIVWVxc2dwYncrbS93QnI0WkZkaUFhRVZybUZPY2ptQURuNDRSR0F5STU4 bmxNL2w3V3JmUmJiVzVyT1JOSnZKR2l0JiN4QTtyMGo5MjhpRWhscU9oK0Z1dldoOE15eE1YWFZ3 akFnWFd5WDVKaTdGWFlxOTB2NVpQeS8vQUNEdExPSnZRMXp6YTVsbEkya1dHVlF6JiN4QTtkYUVV Z0NJZkF1Y3dSKzh5MzBpN0Vud3NBSFdUd3ZNNTF6c1ZkaXJzVlU3aVpZWVdsWUZnb3FRT3VDUm9X eWhEaU5JVFM3eFo0MlFLJiN4QTtWS0VrbnQ4UkpHUXh5dHUxR0xoTm8vTEhIZGlyc1ZkaXJzVmRp cnNWWmxINWswbTYwK0pMc1FSek95ejZxSGhhUjdsNlNJNVI2TnhsJiN4QTtaQWg1VlVjbUpxS3RX bmdJT3pmNGdJMytLNjMxYnlyWlg3UkZvN3ZTcmlReXp3ckN3VUQ2Mk9BcElnK0pMVnBBQ0I4UElo VFhmRXhrJiN4QTtSNXFKUkI4djIvcVk5NWh1Tk9udmxheFZBZ2pWWlhpSEZIa0ZmaVZSRmJBZkRR SDkyTng5T1dRQnJkcm1SZXlXWkpnN0ZYWXE3RlhZJiN4QTtxN0ZYWXE3RlhZcTdGWDBEK1lIbHFX WFNQeTAvTGVGekU5elNXK1lDcFJsUlJKSng3MDlTWWpOZmludk9iczgyUGFHTkp2TUg1VGViJiN4 QTtyN1c0ZklGajVndEx1MDBTeGJVTlB0SlExdnhTYWNodlVXTkpCNnZKL3RFOUNPbGNuRFBFRGpJ NWxybnBwbVhoZzhoYnpHNDhuNi9iJiN4QTsrYS84S3kyOU5aTndscUlGWU1PY2xPSjVMVWNhTURY d3pLR1FjUEYwY1E0cENYRDFlKzZoK1Yva25YOVYwL3lacEZsRkJiZVhGV1h6JiN4QTtEcmNDS3R3 N3NwQ1d2cTBQT1NRa3lQeXJ3QW9LZE0xNHp5aURJOWVRZG5MVHdrUkFENmVaL1F4dnpUK1NubFdM emo1WWgwQzdkOU0xJiN4QTt1OGtnbnMyYjFPS1dnNXp0RklmaVplS3NONjBQZkxZYW1YQ2I1aHB5 YVNQSEhoNUVwQi96a2ZyMzEvei9BUG95Smg5VjBhM2p0MGpYJiN4QTs3SWtrQWxjajZHVmY5amxt amhVTDcyclhUdWRkenlvRUhvY3luRHB2RlhZcTdGVk9jVmdrSGlwL1ZnbHlaUStvSVRSbUQyelBT bFhPJiN4QTsxU2VnSGpsZUxrMzZyYVZlU1B5MXhuWXE3RlhZcTdGWFlxN0ZYWXEraXZ5YS9KYnlW cS9rcTIxelhyWTZqZGFsNmhSRExMR2tVYVNOJiN4QTtFRlgwbVE4andxU2VuYk5kcWRSSVNvYlU3 WFNhV0JoeFMzdHZ5eitRSGxGZlArdVdkN0pKZTZQcHNkdExaMkx5RU9UZEJ6U1owS3NRJiN4QTtu cG5qdUs5L2NTMVV1QVZ6WlIwVWZFTjhtZk4rUi81VnNLSFFJdm9sdUIrcVRLUHpPVHZjZ2FUSDNK RjU0L0lmOHZaZkxOL05wbGlOJiN4QTtNdjdXQ1NlM3VZNUpTT1VhRnVNaXV6cVZQR2gycU8yV1l0 VlBpRm0yck5vOGZDYUZGOHA1dFhTdG9yT3dWZDJZZ0FkTnppcjN2enQ1JiN4QTtvc2Z5bGswdnly NWQwYXd1Ymo2b2x4cTEvZVFsM25aMlpDS2dvZHloTzVJRlFBTnN3TWNEbHVVaVhaWmNnd1ZHSUhM ZHJ5M2QrV2ZOJiN4QTtXdStZOVQ4bjJNR2t4blNESnFkcHFOa2s4ZnJBdHlhMUVOeEVJeXcvYXAx MzQ3NHpFb0FDVysvZXVNeG5LUmdLMjZqOXFTUCtSR2syJiN4QTtlaVdGM3EvbWI2aGQ2amJmV1kz Tm5JOWpIOEFmaExkQnVDN0hxMVBZSHZQODBTVFE1TmY1TUNJSmxWK1czelk3QitVbWl3NkZwdXUr JiN4QTtidk5xZVhyYlZMaHJiUzRvSVh1dlhvL0gxR1pHVUxIOE5hMHB4SUpJclRCbHpuaXFJNU5t bjA0NExsVzZoWS9raWZYOHlYV3ErYnJlJiN4QTtEeW5vQmlkL01GcFc3RXdrVWtKSEhHNW80NUtH WGtUeW9CeTY1V2RRYTYyVy93RExSdTlxQ1k2aCtWVnZwMm9lVWI3VE5WVFcvTGZtJiN4QTtTOHQ3 YTJ2akcwRGMzbFZDa2tiRWtWcWZmWWdnWmZIUFlJSXFRRGh6MDFTaVFiakl2WUx4anFYL0FEazNZ MjVvWXRGOHV0ZEFiRWlTJiN4QTtTWjRTZitCdUJ0bUNKVmpJN3k3T1dNSElKZHpFL3dBdDlkdXRR LzV5SjErNWxKSnVCZTJ3cWFVaXQzUll3YWVDd3JtVG1qV0VmQndjJiN4QTtFeWM1K0tQODlScjVP ODErY2ZQODBZVyttK3I2WjVaVWlsYm1heWk5ZTRBLzRyU3UvYzhoa2NYcmpHSHhQelo1djNjcFQ2 OGg4bFlhJiN4QTt0ZC9seCtROXBxRnRKeDh4YTY2WEF1WkFKR054ZS92VEk0Y055SzI2VStLdnhk Y0hENG1XdWdUeEhGZ3YrSS9wZWFlVU5lL00rNzgzJiN4QTtKNXBpdHJqVjV2TDBJbHVvSDR3eFIy VFJrbUpGb3FSaDRxbEJHbnVBY3lja2NZanc4cmNQRlBJWmNYUGgrNTV6NS84QU1WNXJYbUM1JiN4 QTsxbDYyOHVvM01rN3hJekVLSElJU3AzSVViWVpEaEFBYk1KRTVTSkRIa21lRjd1VlB0SktwSC9C SEkzVmx0TVJJUkI3a3l2TlZTQ0tOJiN4QTtsUXMwcWgwcjBvZkhMcFpLY1hGcCtJbmZraFk5ZlBM OTVFT1BmaWQveHlBek5zdEdLMktyK243Yi9mYi9BSWYxdytNR0g1T1hlajVHJiN4QTtEVzdOMEJR bjhNdFBKeDRpcFY1b1BRald5UHM1L1VNcnc4bS9WL1g4RXh5MXhWT2VUMDRaSktWNEtXcDQwRmNC TkJsQ05rQkI2ZnFiJiN4QTtYY3JJWXduRmVWYTE3MDhNaERKeEZ2ellPQVhhRjFXU1VYM0ZaR1Zl QU5GSkhjNVhrTzdkcGdPRGwxVXBGZFdRQ2FUNGp2OEFFY2kyJiN4QTtDdTRKcnA0SWdJTEZxTWQy TlRsK1BrNFdmNmtEcW1xVXJiMjUzNlNTRDlReXZKazZCdjArbi9pazdTOVVyUzN1RHYwamtQNmpq anlkJiN4QTtDdW8wL3dERkY5UWZrVm9QNW50NU9lNTA3VzdiVGRJdVhkdE50N3UxTjZlUWJpN3Fv bGdNYXN5bjlvNzFQSHVjVFZ5aHhWVzdrNkdNJiN4QTsrRzc5THlMWHZOLzVzZmxuK2FPcjNPb2Ft dHhydDF3TjdNeXE5dGR3RlFZVDZaQ1VWUjhLOGFjZDFIZkdNWXlpM3lNb2w3OStYMnBmJiN4QTtu ZDVzOHJXL21DNTFQU05KUytReTJGczFoTGNPOGRTRmFRaTRqQ0I2VkZPVzMzWmp6RUFhYm9tUkZ2 Sy96SS9OZjgxRWZVZkordlNXJiN4QTt0cExHZlF2ell4c25xb3lodmhkMlp2VGtWZ2VnSlUwUGNa bjRNRUtFZzZyVTZuSlpnWGxXWmJncFZyTjNjd1NSaUp5Z1lFbnA0KytVJiN4QTs1WkVIWnpOTmpq SUd3OXlYOHh2eXc4OGFQcEYxNS90TCtMekJwMXNrTXQzWkZTbDBxNzBiZW81TlZxVUZDVFJzeDRZ c2tmb3FpM1pjJiN4QTt1S1o5WU5oRXQvemtCNVN0dGUxaVdiVDU3TFNKOUpPbWFMYjI4Y2JQOEpK NXpmRW9XdklkQ2FBWkdlRXhBNzd0c3haUk1rZ1VLb0pqJiN4QTs1TS9QRDh2OUkwNnhtdHpyRnJI SFppS2Z5NXlXN3RETHVmVWlrdUpIa2pIc3BVZjVQV3JMQktYZDcrcUk2aUdQK2R0dFhUN1dNYXgr JiN4QTtaWDVZZWE5RTByU1BPOWpxRmcrbFhrMCttdHBRamFNMjhqMUZ1M3FFRlFGNHBzUDJRUVIw eG5obENWanF5d1poT05FY2tIYWZtNStXJiN4QTtNOW41czhzWFdnWE9sZVI5YmVENm91bmlNM1VV MFFEZXJJcnR3Slo0VmJaalNsUGk2NUE0cGM3M0RkNGd1cTJLQi9NZjgwOUVpOHQrJiN4QTtXUExY a3FLNnQ3SHkvS3Q5YTZqZDhCTzExSEo2aXZ4UWtDak16Zk05QlRlend5TE11Y21pTXhJZ1I1Uktl NlgvQU01QitXZitWcGFiJiN4QTs1MmtzTG1LWFVkTE9qNi9acUVZUXVKa2tqbnQzcVBWVThBQ0c0 a0FkOHA4RWtjTGtuS0I2bUcrVWZ6S3Q5RC9PbWJ6TEg2bDlvMGw5JiN4QTtmT3NmRUpLMXZjK3B4 WUthVWRRNE5DZmF2ZkwrR1U0OExqbmd4bmpwazM1MmZtWGErZHRicy8wWVpCbzloRFNGWlY0TTAw dThyRmFuJiN4QTtzRlg2UGZMZE5oNEJ2emNMVjZnWkNLNUJGWC81d2VTcnp5WG9OcDVyc2J1LzFm eThycFkyTVFRV2QyVlJVaGE1Y3NHQ29xZ09vRy95JiN4QTtKR1ZTeG1FaVJ5azVHS1F5eEFQT1B5 VU5CL09HSzIvTHZ6RmJmdkg4MmVaN3VSNWJuaUZWTFdTSkVKcURzUis4VkZVZkRYMnlmZzhVJiN4 QTtvbitFQnJPWXdqSWZ4RXZJTmQvNDkvOEFXUDhBRExjM1JqbytxQWsreGUvOFpCL3hJNVVlcmt4 L2g5eS9VLzdtei80d3Irb1ljbkllJiN4QTs1amc1eTk2eEpDRVg0aDBIKzdBUDRZTFprZmltL1ZQ OHcvNUdqK21Ob3I4VW5jNVAxRnlOejZab091NVhNay9TNitBOVk5NkUwTlhTJiN4QTtDUkhVcWVW YUhicUtmd3lHSGszYXVpUVFpNytkNExTU1ZLY2xwU3ZUZGdNbk0wTGFNTUJLUUJTZTR2N2k1c1dM MEhHUlI4TlJzVmJyJiN4QTtsRXBraHo0WVl3bnQzZnFRK24zQ1FYYVNPU0VGZVZQY0VaQ0JvdG1h QmxFZ0l6VkRXL0I4WXgrdkxNbjFOT24rajR1bCszSDgvd0NtJiN4QTtBc284aXR1TlNhT0ZyZUxa aVR6ZndGT2d4TTZGQkVjTnk0aWx1Vk9TN0ZYM2ovemo4N3YrVHZscG5QSnZSbDNQdGNTRE1ITWZV WEp4JiN4QTtpb3Zudi9uTEkwL05LUGVuKzQyMzcvOEFGa3Z1TXlkUDlMVGw1dnBmOG4vL0FDVnZs WC90bVczL0FDYkdZdVQ2aTN3NUI4MS9uNy81JiN4QTtOclhmK2pUL0FLZzRjMnVsL3V4K09ycE5i L2VuNGZjOHluMVNHRzU5QmtZdHNLaWxOOHNsa0FOTUlhY3lqYVU2cmVRM1VrYlJWb29JJiN4QTtO UlR2bE9TUUxtNmZFWUEyemJUdk92a1cwMHUzZ2swdTV1THJUYmFTQ3lhWlkzU1o1NTF1QzF4UjBv SVBqalNnUE5XcWVGT09VM0x2JiN4QTtiampnZVlhMTd6aCtYdCsvbDQyR2tYR210WTNEeTZ2UEdr VWtqbzBoWUxDSnBKRWY0YUFlb3Z3MC9heFBFZVpUR0VZOGdpUE1INWorJiN4QTtXTCsydDRvTkxa dnE3M0JWT0p0WWlzc3J5cHlqam1sQlpUTFFFVW9CdVhxT0VzZnBOK1RWbHg4UXJ6WHcrZS9JNHQ1 N0Y3V1I0Ym5UJiN4QTtZZFBGM05wOXQ2eVNocEM4eE1VeWlpR1VPZ0MxUEJGMks4elh3bm0zN1ZT VytWZk9QbHpTdERGbGNDNEY2MXpOTDljaXM3V1ZvRWEzJiN4QTtraGphRm5ralpuNVMxY09hZlo0 a2NmaU1nU2dVdnZ2ekt0SnA1cDdheStxOGJTK3RiTzFqU0pZUjlibll4ZXB4NDE5Q0dVbGR2dGhl JiN4QTsyRWdsakdJanlTYlF0Yjh1UVcxN2JYdHJKYmZXTFNDSko0RUZ5eG5ndVVuTWhXV1dIajZp cHdQQnR2RER2WUtTQVFSM3B2NWg4MC9sJiN4QTsrRStzZVZOSW4wN1VvYnEydUxTZVlBZ0xGSFNS WC9leWdndUFRb1hlcExIb0JHSWwxS1RSREtJUHpKL0t1Nmloc1p0Qmt0MVc3LzBlJiN4QTs4dWZq V0MxZWtwTWhoSmQvVHVHaytBSWVhRUNvb0JpRE1kV0p4WXowUUhtSHpkK1R1b2V0QmFhSmNRczQx Q0tHN0swV0wxcGxObklxJiN4QTtpWW45MGkvRlZTYUdnSGNKTXp6S3hoQ04wRVA1Ty9NM3l6NWYw dExDNTByOUl2YWlkN1M2ZU9OWEx5UEdPRC9FeDlPU0pEekZmaE5PJiN4QTtQZXNwQ3p6WThPeDk3 Q3ZOV3IyR3A2NUxjNmJBMXRwa2F4dzJFRWxPWWhoUVJxMG5HbzlSK1BONmZ0RTRpK3JPZ2xqWERF U2lnL2ZNJiN4QTtHYjJvU2R2dnlWc1JEbDVLWlpqU3BKcHNLOXNES214Tk1CUU8xUG1jTm80UTM2 ODMrL0crODQyVjRRajdUVW9vN1F4U2xtY3VDVDErJiN4QTtHb3IxUGhsa1pnQ2k0K1RDVEt4M05E V0pJNUhNYUtWT3c1VnJRRW5zZjhySHhhVTZZRWJxRnhxVjNPckk3L3UyNm9BT3hyMXBYSXl5JiN4 QTtFdGtNRVk3am1vaVJSYXRGKzBYVmg0VUFZZnh5TjdNekgxWDVLZUJrakx5OGltdVJJbGVJUUx1 TzR5eVVnUzA0c1pqR2ozcmJtN0Q4JiN4QTtmVHFLZHprVEpsQ0ZjMExrV3gyS3V4VjdYK1ZIL09T MS93Q1NQTEtlWGIvU1JxMW5hbDIwK1ZKL1FraldSaTdSdlZKQXk4bUpCNmpwJiN4QTt2dFNtZUhp TnRrY2xCNTM1KzgrNmw1MjgwWGZtRFUwV0tXZmlrTnZFVHdpaWpIRkVCSnFmRW51U2ZsbHNJaUlw cm1TVGIxSDh2UDhBJiN4QTtuS2E5OHJlVkxiUUw3UkJxbjZQajlLeHVWdVBRUHBnbmdrZzlPV3ZI b0NPM2J2bFU4SUpzTmtNaEFwNXo1bi9NQ2Z6THJsNXJ1cENsJiN4QTsvZk1Ia1NOYVJyeFVJaUxV azhVVlFvcnZtWmpuR01RQTY3THA1em1TZXJGTGk3YWE1K3NGUURzZUk2YlpYS1ZtM0toajRZMDlz LzZ4JiN4QTtKLzdYWC9KVEtQWDVObTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lV eDlma3UzbjlqditzU2YrMTEveVV4OWZrdTNuJiN4QTs5anYrc1NmKzExL3lVeDlma3Uzbjlqditz U2YrMTEveVV4OWZrdTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lVeDlmJiN4QTtr dTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lVeDlma3UzbjlqditzU2YrMTEveVV4 OWZrdTNuOWp2K3NTZisxMS95JiN4QTtVeDlma3UzbjlqditzU2YrMTEveVV4OWZrdTNuOWp2K3NT ZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lVeDlma3UzbjlqditzU2YrJiN4QTsxMS95VXg5Zmt1 M245anYrc1NmKzExL3lVeDlma3UzbjlqditzU2YrMTEveVV4OWZrdTNuOWp2K3NTZisxMS95VXg5 Zmt1M245anYrJiN4QTtzU2YrMTEveVV4OWZrdTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1Nm KzExL3lVeDlma3UzbjlqditzU2YrMTEveVV4OWZrdTNuJiN4QTs5anYrc1NmKzExL3lVeDlma3Uz bjlqditzU2YrMTEveVV4OWZrdTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lVeDlm JiN4QTtrdTNuOWp2K3NTZisxMS95VXg5Zmt1M245anYrc1NmKzExL3lVeDlma3UzbjlqditzU2Yr MTEveVV4OWZrdTNuOWp2K3NTZisxMS95JiN4QTtVeDlma3UzbjlqditzU2YrMTEveVV4OWZrdTNu OWovLzJRPT08L3htcEdJbWc6aW1hZ2U+CiAgICAgICAgICAgICAgIDwvcmRmOmxpPgogICAgICAg ICAgICA8L3JkZjpBbHQ+CiAgICAgICAgIDwveG1wOlRodW1ibmFpbHM+CiAgICAgICAgIDx4bXBN TTpSZW5kaXRpb25DbGFzcz5wcm9vZjpwZGY8L3htcE1NOlJlbmRpdGlvbkNsYXNzPgogICAgICAg ICA8eG1wTU06T3JpZ2luYWxEb2N1bWVudElEPnV1aWQ6NjVFNjM5MDY4NkNGMTFEQkE2RTJEODg3 Q0VBQ0I0MDc8L3htcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD4KICAgICAgICAgPHhtcE1NOkRvY3Vt ZW50SUQ+eG1wLmRpZDozOWRkNDcwMS03YjA0LTAzNDUtYWEwMy05OTEzZWNmY2YxN2I8L3htcE1N OkRvY3VtZW50SUQ+CiAgICAgICAgIDx4bXBNTTpJbnN0YW5jZUlEPnhtcC5paWQ6MzlkZDQ3MDEt N2IwNC0wMzQ1LWFhMDMtOTkxM2VjZmNmMTdiPC94bXBNTTpJbnN0YW5jZUlEPgogICAgICAgICA8 eG1wTU06RGVyaXZlZEZyb20gcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICA8 c3RSZWY6aW5zdGFuY2VJRD51dWlkOjNlNTkzNDUwLWJlNGItNDFmMy1hMWFjLWYwYzYwZjZjZDlm Nzwvc3RSZWY6aW5zdGFuY2VJRD4KICAgICAgICAgICAgPHN0UmVmOmRvY3VtZW50SUQ+eG1wLmRp ZDplNDYzN2Q3YS0xMDE1LTVhNGUtOGE1NC04YTQxN2Q4MzVlZDY8L3N0UmVmOmRvY3VtZW50SUQ+ CiAgICAgICAgICAgIDxzdFJlZjpvcmlnaW5hbERvY3VtZW50SUQ+dXVpZDo2NUU2MzkwNjg2Q0Yx MURCQTZFMkQ4ODdDRUFDQjQwNzwvc3RSZWY6b3JpZ2luYWxEb2N1bWVudElEPgogICAgICAgICAg ICA8c3RSZWY6cmVuZGl0aW9uQ2xhc3M+cHJvb2Y6cGRmPC9zdFJlZjpyZW5kaXRpb25DbGFzcz4K ICAgICAgICAgPC94bXBNTTpEZXJpdmVkRnJvbT4KICAgICAgICAgPHhtcE1NOkhpc3Rvcnk+CiAg ICAgICAgICAgIDxyZGY6U2VxPgogICAgICAgICAgICAgICA8cmRmOmxpIHJkZjpwYXJzZVR5cGU9 IlJlc291cmNlIj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0OmFjdGlvbj5zYXZlZDwvc3RFdnQ6 YWN0aW9uPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6aW5zdGFuY2VJRD54bXAuaWlkOjM5ZGQ0 NzAxLTdiMDQtMDM0NS1hYTAzLTk5MTNlY2ZjZjE3Yjwvc3RFdnQ6aW5zdGFuY2VJRD4KICAgICAg ICAgICAgICAgICAgPHN0RXZ0OndoZW4+MjAxNy0wMi0wOFQxMzoxMzoxOS0wNjowMDwvc3RFdnQ6 d2hlbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0OnNvZnR3YXJlQWdlbnQ+QWRvYmUgSWxsdXN0 cmF0b3IgQ0MgMjAxNyAoV2luZG93cyk8L3N0RXZ0OnNvZnR3YXJlQWdlbnQ+CiAgICAgICAgICAg ICAgICAgIDxzdEV2dDpjaGFuZ2VkPi88L3N0RXZ0OmNoYW5nZWQ+CiAgICAgICAgICAgICAgIDwv cmRmOmxpPgogICAgICAgICAgICA8L3JkZjpTZXE+CiAgICAgICAgIDwveG1wTU06SGlzdG9yeT4K ICAgICAgICAgPGlsbHVzdHJhdG9yOlN0YXJ0dXBQcm9maWxlPldlYjwvaWxsdXN0cmF0b3I6U3Rh cnR1cFByb2ZpbGU+CiAgICAgICAgIDxwZGY6UHJvZHVjZXI+QWRvYmUgUERGIGxpYnJhcnkgMTUu MDA8L3BkZjpQcm9kdWNlcj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4K PC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg ICAgICAgICAKPD94cGFja2V0IGVuZD0idyI/Pv/iDFhJQ0NfUFJPRklMRQABAQAADEhMaW5vAhAA AG1udHJSR0IgWFlaIAfOAAIACQAGADEAAGFjc3BNU0ZUAAAAAElFQyBzUkdCAAAAAAAAAAAAAAAA AAD21gABAAAAANMtSFAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAEWNwcnQAAAFQAAAAM2Rlc2MAAAGEAAAAbHd0cHQAAAHwAAAAFGJrcHQAAAIEAAAAFHJY WVoAAAIYAAAAFGdYWVoAAAIsAAAAFGJYWVoAAAJAAAAAFGRtbmQAAAJUAAAAcGRtZGQAAALEAAAA iHZ1ZWQAAANMAAAAhnZpZXcAAAPUAAAAJGx1bWkAAAP4AAAAFG1lYXMAAAQMAAAAJHRlY2gAAAQw AAAADHJUUkMAAAQ8AAAIDGdUUkMAAAQ8AAAIDGJUUkMAAAQ8AAAIDHRleHQAAAAAQ29weXJpZ2h0 IChjKSAxOTk4IEhld2xldHQtUGFja2FyZCBDb21wYW55AABkZXNjAAAAAAAAABJzUkdCIElFQzYx OTY2LTIuMQAAAAAAAAAAAAAAEnNSR0IgSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA81EAAQAAAAEWzFhZWiAAAAAA AAAAAAAAAAAAAAAAWFlaIAAAAAAAAG+iAAA49QAAA5BYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAA AAAAAAAkoAAAD4QAALbPZGVzYwAAAAAAAAAWSUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAAAAAAAAAA AAAWSUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAALklFQyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3Vy IHNwYWNlIC0gc1JHQgAAAAAAAAAAAAAALklFQyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3Vy IHNwYWNlIC0gc1JHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAABkZXNjAAAAAAAAACxSZWZlcmVuY2Ug Vmlld2luZyBDb25kaXRpb24gaW4gSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAsUmVmZXJlbmNlIFZp ZXdpbmcgQ29uZGl0aW9uIGluIElFQzYxOTY2LTIuMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA dmlldwAAAAAAE6T+ABRfLgAQzxQAA+3MAAQTCwADXJ4AAAABWFlaIAAAAAAATAlWAFAAAABXH+dt ZWFzAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAACjwAAAAJzaWcgAAAAAENSVCBjdXJ2AAAAAAAA BAAAAAAFAAoADwAUABkAHgAjACgALQAyADcAOwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEA hgCLAJAAlQCaAJ8ApACpAK4AsgC3ALwAwQDGAMsA0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZ AR8BJQErATIBOAE+AUUBTAFSAVkBYAFnAW4BdQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB 6QHyAfoCAwIMAhQCHQImAi8COAJBAksCVAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1 AwADCwMWAyEDLQM4A0MDTwNaA2YDcgN+A4oDlgOiA64DugPHA9MD4APsA/kEBgQTBCAELQQ7BEgE VQRjBHEEfgSMBJoEqAS2BMQE0wThBPAE/gUNBRwFKwU6BUkFWAVnBXcFhgWWBaYFtQXFBdUF5QX2 BgYGFgYnBjcGSAZZBmoGewaMBp0GrwbABtEG4wb1BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB+UH +AgLCB8IMghGCFoIbgiCCJYIqgi+CNII5wj7CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9 ClQKagqBCpgKrgrFCtwK8wsLCyILOQtRC2kLgAuYC7ALyAvhC/kMEgwqDEMMXAx1DI4MpwzADNkM 8w0NDSYNQA1aDXQNjg2pDcMN3g34DhMOLg5JDmQOfw6bDrYO0g7uDwkPJQ9BD14Peg+WD7MPzw/s EAkQJhBDEGEQfhCbELkQ1xD1ERMRMRFPEW0RjBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MT YxODE6QTxRPlFAYUJxRJFGoUixStFM4U8BUSFTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW+hcd F0EXZReJF64X0hf3GBsYQBhlGIoYrxjVGPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa7BsUGzsb YxuKG7Ib2hwCHCocUhx7HKMczBz1HR4dRx1wHZkdwx3sHhYeQB5qHpQevh7pHxMfPh9pH5Qfvx/q IBUgQSBsIJggxCDwIRwhSCF1IaEhziH7IiciVSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNol CSU4JWgllyXHJfcmJyZXJocmtyboJxgnSSd6J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpo KpsqzysCKzYraSudK9EsBSw5LG4soizXLQwtQS12Last4S4WLkwugi63Lu4vJC9aL5Evxy/+MDUw bDCkMNsxEjFKMYIxujHyMioyYzKbMtQzDTNGM38zuDPxNCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjau Nuk3JDdgN5w31zgUOFA4jDjIOQU5Qjl/Obw5+To2OnQ6sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9 oT3gPiA+YD6gPuA/IT9hP6I/4kAjQGRApkDnQSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTO RRJFVUWaRd5GIkZnRqtG8Ec1R3tHwEgFSEtIkUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwqTHJM uk0CTUpNk03cTiVObk63TwBPSU+TT91QJ1BxULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1Tb VShVdVXCVg9WXFapVvdXRFeSV+BYL1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhd yV4aXmxevV8PX2Ffs2AFYFdgqmD8YU9homH1YklinGLwY0Njl2PrZEBklGTpZT1lkmXnZj1mkmbo Zz1nk2fpaD9olmjsaUNpmmnxakhqn2r3a09rp2v/bFdsr20IbWBtuW4SbmtuxG8eb3hv0XArcIZw 4HE6cZVx8HJLcqZzAXNdc7h0FHRwdMx1KHWFdeF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsE e2N7wnwhfIF84X1BfaF+AX5ifsJ/I3+Ef+WAR4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauG DoZyhteHO4efiASIaYjOiTOJmYn+imSKyoswi5aL/IxjjMqNMY2Yjf+OZo7OjzaPnpAGkG6Q1pE/ kaiSEZJ6kuOTTZO2lCCUipT0lV+VyZY0lp+XCpd1l+CYTJi4mSSZkJn8mmia1ZtCm6+cHJyJnPed ZJ3SnkCerp8dn4uf+qBpoNihR6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mp qhyqj6sCq3Wr6axcrNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm2 8Ldot+C4WbjRuUq5wro7urW7LrunvCG8m70VvY++Cr6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRR xM7FS8XIxkbGw8dBx7/IPci8yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/S wdNE08bUSdTL1U7V0dZV1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE 4cziU+Lb42Pj6+Rz5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw 5fFy8f/yjPMZ86f0NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23////u AA5BZG9iZQBkwAAAAAH/2wCEAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQECAgICAgICAgICAgMDAwMDAwMDAwMBAQEBAQEBAgEBAgICAQICAwMDAwMDAwMDAwMDAwMD AwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA//AABEIAGQCHwMBEQACEQEDEQH/xADk AAEAAQQCAwEAAAAAAAAAAAAABwYICQoFCwEDBAIBAQACAgMBAQAAAAAAAAAAAAAGBwQFAgMIAQkQ AAAGAgEDAQMFBw4KBQ0AAAECAwQFBgAHCBESCRMhFAoxQSIVFiM1dbV2FzdRMkKzdLRV1TZWtpe3 GGFT0yQ01JWGljlxgZMleJFS0jNzlCbWJ1eIuBoRAAIBAwIDAwYGDgcFBwQDAAECAwARBBIFITEG QVETYXGBIhQHkbEyQnIVodFSgpKyIzNTczR0NTbBYtKzVLQWosKDk5ThJGSkJaUX8OJDY6PTJv/a AAwDAQACEQMRAD8A19M9yV+eFMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilM UpilMUpilMUqoqlT7bf7HFU+iVax3W3Tq5msHVqlCSdkscy6Iiq5O2ioSGavJORXI3QOoJEUjmAh DG6dAEc6p54MaJp8l0jgUcWYhVHnJsB6a7sfGyMuZcbFjeXIc2VUUsxPOwUAk+gV8E1CTVblX0FY oiUgJyLcGaScNNMHcXKxzogAJ2z6OfJIO2jggCHUihCmDr8mco5I5UEkTBo2FwQQQR5COBrhLFJD IYplZJVNiGBBB7iDxFcZnOuFMUpilMUpilMUpilMUpilMUr8d5O8E+4vqCUTgTuDvEgCBRMBevXt ARAOvydRz5cXt219sbarerX7z7XymKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKU xSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKVUtOpdx2JZoml6/qd mvVxn3B2sFU6dAylns006TQWdKNomBhGr6UknCbVuooYiKRzAmQxhDoAiHTPkQYsLZGU6RwKLlmI VR2cSSAPSa7sbGycydcbEjeXJc2VEUszHnYKoJPDjwFfBPQE9VpiQr1nhJeuT8S4FpKwc9GvIiYj XRSlMZtIRkgi3es3BSmARIoQpgAQ9mco5Y5oxLCyvEwuCCCCPIRwNcZYZYJDDOrJKpsVYEEHuIPE emuJzsrrpilMUpilMUpilMUpilMUrcM+GA4jMvcNzc1LXDpLPjPvzJ6gdukyGMwQbt2k7tGeZJqg cQVfi8iYxu7T7DEIjIIdxiqqFCi/e9vbasfYIW9W3iygdvMRg+azMR5VPYK9E+47p5dGT1LkLdr+ DCT2cA0rDz3RQfI47TXGfE4724wSRtc8fWNLip/lfXX8JdprZEfHsEJDX2tn8dOJNaFPTyIlk5Jz bl3qEkjFKd6LNuim7ECGcoipz90e3bwni7m0jLsrAoIyTZ5ARdwvIabFS3MkleNjbh77t12N/B2h Ilff0Ku0gAvHGQ1o2bmS9wwU8AAG4ahfUGy8a880xSmKUxSmKUxSmKUxSmKUxSo7GVdDtkkIIJe5 E12pKgPYPr+9K2VJoYBP3dvpekiHQO3r1+fNb4r/AFv4HDR7Nq8t9dv6KkHssQ6UObx8Y7gE8mkQ luXfc99SJmyqP0xSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSpN2Dqmxa7itdWJ+9hZ2sbTpTK 61GzVpw+eQzkorrRdlqz1V/HRbljcqFZGbiMmGJ0vuThIi7c7lg6ZPHOHi5sWU8sShlmhkKMrWB7 1YWJurqQyntHAgMGUZuXgTYccMzlXgniDoy3IPYym4BDxsCrrbgRcFkZWb87J1TZdUDSWlvWim07 daHBbEGrtnDtWwVODtZ3jupNri1WYt20VMWeqps59o3SWcj9TSzJVUUlVToJ/cTNizfEaDUY45Cm r5rFbBtJvxCtdCbD1lYC4FyzcCfA8JcgqJZYlk0i+pFe5TWLAAslpAAT6jqTYkgRpmXWFUpT+pLB XNP603S9k4BWubTuW0qTAwzZzJDaGD/UrHW7+ekppi5im0clByxdnM0o1w2duhXXZPU1SImQD1MO LNilzpsBQ3iwxxuTw0kSGQAA3vceGdQIFgVIvfhnS7fNDt0G5MyeDPJKigE6gYhGWLAgDSfFAUgm 5DA2txi3MysGmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKVsC/Daa c/OJ5Cz7EdsvVjNEafvV0QeqJ+o3Qs1q+rtaRDPr16EeOYa4SrhIRAQArM49QMBcrL3r5/svTHsq n18mdEt/VW8hPmuqg+erb9y+3e2dX+2MPUxcZ3v/AFmtGB5yrsR5jWYH4n+j6VJxd1BsaWrteR3y puaIp9OtSDVJC2vqGNTuMvb4R47R9NaTrDB+3j1gI49UrN4sn6Ppi5W9SDe6HI3D64nxUdvq32cs y39UPqUKQOxiNQ4cwDe9haxPfji7Z9R4+ZIiDdfaQiNb1zHocupPaoOk8b2JFrajfR5z0NXmCmKU xSmKUxSmKUxSmKVyUNDylimIqvwbBzKTU7JMYeHjGSYrPJGUk3STKPYNES/SVcvHa5E0yh7TGMAZ wkkSKNpZCFjUEknkAOJJ8wrnHHJNIsMQLSswAA5kk2AHlJrs7NQ02n+MXxvRMVJNmzuN4u8ep+7X ZNk6RbEtd5iYGUvV8+rXayRCgtcr66eEYgcpjgLpJP6QgHXyLnTz9X9Vs6Eh8zKVEv8ANQsES4/q pa/mJr29t2Nj9EdGLG4BTBw2d7H5ThS8lj/XkJ0+cCutN3Pt28b82xsLdGyZZSavOzLZMW+yPzmV FL3+XdqOAZME1VFRZxEU3EjVk2KPptWiKaJAAhCgHrHAwcfbcKLAxF048KBVHkA5nvJ5k9pJJrxX uW4ZW7Z825ZrasqeQux8pPIdwHJR2AADgKjPMysKmKUxSmKUxSmKUxSmKUxSvHye0fYAYpUEDba0 XdnrjNx4IfYAsD6/rl9D63NZgdlY+sH3L1RbD39evb0+fI+czFG+ajIun2fRe/DVrva/m41ORtO5 HovQIZNft/i2tx8PwdOq3O1+HfU7gICACAgICACAgPUBAfaAgIfKA5IKg3LgedecUpilMUpilMUp ilMUpilMUpilMUpilMUpilMUq/Th/sGnLwV+1ruKiI7ToWv4S1cmtcVt89Fo1iNsazgW8g+h5RQU 1VXOsNvV2HRibhGIeg4kE2EaukukqwT7o3vmLOJIsvBk8HJlZceRgL3jkawI/wD2RMS0TG4XU4II Y1K+nczGMUuFuMXj4kKtkxqTYCWNbkHvimUBJlFiwVCCCgqUN38muQlOvmlzUGbcO2GzNZax3BZI lvBR0zA8mNlbdamsO03e26whG/V24G6ez38xUG0TJpPmkWxhU45kk39EShh7ftG2T42R7SoDQzSR KbkHHjiOmMRte8X5MLKWUgsXLsTes7c973fGy8b2RiUngimYaQVyZJRqlMq2tN+VLwhGDBVQIoFq 8eSLU1ZqGx9Aa/03V0E66hXeQ2uqvHV0SzYvpWveR3mrX4Osln2xnB7fNQ1UcQTFN4Kqyrpn7ocp hSOljpTNmnxcnJz3/Kl4HYtwsGwcRi2n5oLazawsdXaDTrPb4MfNxMTbYx4ITIjUL61yu45qqur5 5C6FBuSRpPIiubs+xJ3VG2/J7N04jBjO0y73Kp6vllGTZy41I1meWpEn8hrRJwkq1qEqEW+ftm67 NNJRkaQVcNxSdAmsTrhxY83B2iOe5jkjRpBf85bG4CT7oXCkg3vpANxcV2T5kuBuO+S41hLFK6RG wPhA5fEx9iGxYAi2nUSLNY1Nlh2NF1fdekqUG5b5N1e5UzjjZ7Rx6aaKf36scmZzdev6Fd9hSl89 e6oH27ed0XC3SIjLPGqstEu3ZGkco0NHtioa+LEebb8jI8CJZo5J1WczBGgETuiBPU/JJEqr6oIV gCzBtRvs5s1INzxcb2mVoJIsdmxxAZFyWmjjeQyev+VeZ3b1yC6EhUK6FthfvbGDjLvco2sElU61 H2qwsa8nOkSTnCQbSXeIRJJlNERRJKlYJpg4AgiUFu4A9mT3GaR8eN5tPjFFLW5XIF7eS/LyVW2U sSZUiQavBEjBdXytIJtfy25+WqVzvropilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMU pilMUpilbtHwtem/qLQPJLfDtr2Odj7Srmt4tdX2qGiNW1s846WagIfQbO5XZZ0jmAfuijLoIfcw zz974s/xNzxNtU8IoWkPnka3HzCP7Plr0z7i9t8Lac3dWHrTTrGPNEuo28hMlvvfJWIP4hzlwPIX nC91HX5AXWv+K8Y61qzTTOUzR1sqTWaye05NPocxirs5FsyglimAvarBmEA6G7jTj3X7J9V9PDOl FsnMIkPf4Y4Rj0i7j6dV573+oPrfqg7fCb4mApjHcZDYyn0GyHypUf8Ahc8ZuufI9fd+Ru3LFe6z RtU6+ryrSR186iWEwlfb1Mvkass7dzkFYIxaLbxNUlzqNBRIq5OBBKqQEz9cnr7q3K6VxsZ8FI3y JpWuHuRoQDVYAqb3ZeN+HdxrE92vROH1ll5abg8qYuPCtjGQD4jk6bllYWAR+FrnvFqx6c0+PETx O5Sbm47QexonbEZqu0p19ve4ZsVi2lDLQ8XLOWD1im8kE2FgrLuSPFSrci6pEJNk4IUwgUByUbBu j71s+PukkTQPMmrQeNuJFwbC6sBqU2F1INRDqXZ49g33J2eKZchIJNPiKLA8ASCLmzKTpYXNmUir Xs3FaOmKUxSmKUxSmKVm78AXFb+8bz9ptxm48HdD41R5t1Tx1kk1Gy1si3aUfq+NAVCqAR8ncnKU sn9H2pQywAYpu0cr33l7z9VdMyQRm2Tlnwh9E8ZD5tN187CrO90uw/XPVseTKL4mEPGbu1g2iHn1 kP5kNZ1/iaeV35u+N+uuKVckPTsfICyFtd4RRU6nb6u1s+ZSLRk7TKciiP2m2ApHqNz/AEiHThXS Zg9oCFc+6TZfat1l3qUfksVNKfrJAQSPopqv9NTVp++3f/Y9mh2GE/lst9T/AKqMggH6Umkj6DCt G3PRFeXqYpTFKYpTFKYpTFKYpTFKYpUa7Urj2wVKU+rpGYaPmEe+cIM416s3byoemRRdjINUenv5 F0ETETII9AOf5+vTNZu2M+Rhv4TOJFUkBSQG7wQOdwLAeWpH0tuMOBu0XtEcLwSSKCzqCU4kBkY/ JsSCT3CrCPs9P/wHMf7Me/5DK+9myP0b/gn7VXv9YYH6eH8Nft1ffqGvyEHTYs8o+l13si0RcHYy Ttws3ikAOuZm1YNFwAY8Pc1SeqQPlOHyB0AMn2zY8kGEhlZy7AGzE2UcbAA8uFrjvqjOrs+DN3iV cVIVhjcgMigFzw1MzD5frA6T3VKWbaoxTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpXNwdkna0r JLQMm5i1ZeEl63JHbGKUzyCnmakfMRi3cU3VtIM1TJqAHQRKPsEM65Io5QBIAQrBh5CDcH0GuyKa WAsYmKllKm3arCxHmI4VL9E5Qb91nXGFTo+zrBBQkKrKOKuiQsc/e0Z3OLpupl9rqZlGL2a1zIyj tIqzhxBOI9dZYPUMcT/SzBydn23LlM2RCrSNbVzAe3IOAQHAHABwwA4VscXfN2woRj4s7pEt9PIl C3EmMkExkniShUk8edKNyg3/AK1q5qdR9pWavwCcvJWGLQbKM131YsUwk1RlrHSJt80dTlDscmkx RBw/hXLB4t6Ze5QemMnZ9sy5vHyIUaXSFPOzKOSuAbOoubK4IHdTF3zdsKD2bFndItRYWtdWNrsj EFo2NhdkKk251Hcrse8zj7YElLWaSfv9qSS0xsN0udMVbZJuLCFsWeyogmUFFlLGUHgiUCB63t+T 2ZlJiY8axIiALCLJ/VGnTYfe8PNWHJm5UrzPI7F52vIfuzq13P33Hz1Ila5Q8gadUI6i1natph67 BtZOPribVdt9cVOMmnDp5MRFNtCrVS0U6Flnr9wu5Zxbxo1XXcKqnTMdVQxsWbZ9snnOTNCjSsQW vyYjgCy/JYgAAFgSAAAbAVmQ75u+PjriwTyLCgIW1roGuSEa2pFJJJCkAkkkXJqBc2VaqmKUxSmK UxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSmKUxSuyx8Vut2HELxZ6HNckwizRmoJ7fl +cGIUjpBO9Hm9tuiyBQKTo+gaxLt2ByiHcQGQFMIiURHyb1lltvnWOT7PxvOsKd3qWi4eRmBPpr2 n0JhJ090Jie0+rpx2nk7/X1Sm/lVSF+9rr0qxTNzc1+Sq9d19Wnl73XyB2La7EzgWrxk3Vk7DY3s zcrE7cycq4j45kwj2/vbx27cqooN2yKiqhikKYQ9PTT4HT+0iXKcR7fixKpYg8FUBVFhckngABck kAV5Dgxty6m3ow4iGXc8uZmCgjizEuxJNgAOJJJAABJq9+kb/wDIh4f4fe/H0NbLcfbbyDbQCcve LfT3ji6s2dJJPRyMnp28tJpSjyTYqdtdJHkWyUwRqqqCjRZs4AFMj2RtnS/XMmNufi+1QYpayKw0 EvpNpUI1j5IOk6bjgwI4VJ8XdusPd3Hl7R4JxMjMC3d0OsBNQvC4Ogj1yNQD2JupU8axRunTp+6c vnzlw8evHCzp48dLKOHTp04UMs4cuXCxjqruF1TiY5zCJjGEREREcmiqFAVQAoFgB2VAmZmYsxJY m5J5k95r0Z9r5TFK3Jfhz/HBqqc1Q95yblpsZd7RZLNZKjpKItUQzl63Wq3WHBYWx3thHyCbhm8s 0vaEH0Yi4OmJo9GOV9E3e5U7KI96fVWZHmjp3AkMcKIrSlSQzM3FUJHEKFsxHziwvyFejfc50ZgS 4B6o3KNZZ3dkhDAFVVeDOAeBYtqUG3qhTb5Rq2jz86N0tsrmjxq488MtUVx9ypsUFYY3btL1LXIi GI+GdWrEjqgLQ3hiMYRlYmEInOP5J69Kio0gVGbh2uDQiJk9t7tNx3DE2DL3TfpnGzKymJ5GJtbU JNN7kqToCgXu+oKNV76X3s7Xtmb1LhbR03jod+dGEqRKBfVpMWoCyhgutmY2smksdIFpfjfhZpdx odu5k+TrOO5MLMySC8SjVzv9JtHhkTmGqGli+73ZwQFhIU04RsAFADCWLP7BHBf3xINyITDJ2m9r 6rSkfdW+R95f7+tinuKkO1BnzgN7te2m8IP3F/l/f2/4ZrWe5R8UN68NtqyWneQFJdU63Mm5JKOW KsnI161QDhZZFlZqlPNRMxnYJ6o3OQFExBRFZM6C6aLhNVIltbPvW3b9hDP2yQSQE2PYyt2qw5gj 7I4gkEGqT33YN16cz223dojHkAXHarKeTIw4Mp7+w3BAIIG8H8OtxWHQ3BZDbc7HCzvPKSxG2G6M uiVJ6hrqve+17WMeqYpjAs0eNTSE62P16+hPAAgAgIZ5696W8/WXURwYzfHw00Du1tZpD5wdKHyp Xp/3PbD9VdLDcJVtlZz+Ie/w1usQ8xGpx5HrVE80/I11yT8jHICaTfHd1fVk9+YakpD0MkzhNUuH kJN+6KAAeszltgKTUkkf2gJX3sES9By5+gNqG09LY0ZFppl8Z/KZLEX8oTQvoqhPeVvLb11jlyg3 ggfwE8ixXVreQya2H0qxV5M6gdMUpilMUpilMUpilMUpilMUr0roJOkFmy5e9BwkogsTuMXvSVIK ahe4glOXuIYQ6gICHzZxZQ6lW+SRY1yjdonWRDZ1IIPlHEVYSWIpApIR/YiMyMW1YqJFeSArfaEb 2lGLiCfr+kZwFcEx+wABES/SAoG6DkA8HA0iMW8fSBza+vxdJ7bX0ejtq9jl73qbIu3sfiswOlLe F7MXHG17eNYX+V2E2q/ZBBJqgi2QL2IN0k0ESdxjdiSRATTL3HExzdpCgHURER+fJ+qhFCr8kCwq iZHaV2kc3diST5TxNe7OVcaYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKqSm0+zbCt1XoV LhnliuF1sMNU6rARxSHfzdisMi3iYWJZlUOmmLmQkXaaRO4xS9xw6iAdRzpnnhxYHychgkEalmY8 gqi5J8wF67sbHnzMiPExlL5ErhFUc2ZjYAeUk2rdf4lfDO8cqzQIOX5e2y7bN2tKMGruwVSjWX7I a2qblciC6sFHvY5j9q7O8j1O9FWRM9Zt3AD1TZp9AUNQG9+9rdZslk2NI4cIGys66pG8pBOlQeem xI7WPKvTHT/uT2aDESTqGSWfPYAsiNojQ/cgga2I5FtQB7FHOrQfI58M7BUmsy/IbgnsraD11RIm Unrtxp2BLtbVHW+vxlfXI6c6rnWcfESjG0RoN/fBiJEkl9bqmODVw2WKi2c9/THvLzcjeYod/cLj SNp1LdVUkFV1Lci2q12FtPMgi5H3q33WbZi9Mz/6cg1Z0aahqs0jAOHbS9gS2jUAvEsLKONgcLPj Q8buzfJBuWQotXl06NreisWM3tnaDuONLoVWMk1XSEJERMQV0wLNWyzOGDgrJsdwgkVFs4XUU7Ue xS0+req8TpTAGTMviZchIjjBtqItck2NlW4ubE3IAHG4pLorozO6z3I4sDeFhRANLKRfSDfSALjU 7WNhcCwJJ4WO4HSfhyfGnWIVrHWKqbX2PJJNm6TmwWnas9FvnThMVjLugZ0QlQiEPeRVAOwG4lIR MgB9LvMejcj3qdWTSF4nhiS/yVjBA9L6j9mvRGL7m+ioIwk0eRM9uLNKwJ8to9A+x2ee9Y//AM9v i1/+ylv/AK59q/8AzVnR/wDJ3WP+Ij/5Uf8AZrJ/+Iuhf8LJ/wA6X+3XExfw6vivivX9LUGxXfr+ l3fWm/NySfp+l6nT0Pfbit6Hf6g93b07ugdfkDOmL3k9XxXtlA3+6RG+C68Kysn3W9EZWnXhhdN/ kO6XvbnpIvy4X5ce+uEu3w5PjTs8K6jq7VNr64klWzhJtYKttWelHzVwoKJkHQs72S3xC/uwpCHY LcCnIocB+l2GJm4/vU6shkDyvDKl/ktGAD6U0n7NazK9zfRU8ZSGPIhe3BllYkeW0msfY7fNbT88 l/jd2b439yx9FtEunedb3pi+m9TbQaRxohC1RkYq1Qm4iWiDOn5YW2Vlw/bletiOF0jIuW66anat 2J3l0l1XidV4ByYV8PLjIEkZN9JN7EGwurWNjYG4II4XPnfrXozO6M3IYs7eLhSgtFKBbUBbUCLn S63FxcixBB42GODJXUNpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilSdpPWz/AHLuXUuoYv1g ktp7LouumBm/Z65Hd1tEXW0FEhUKdMDpqSQGATAJQ6dR9nXMPcMtcDAnzn+RDC7nzIpb+is3bMJ9 y3LH26P5c86RjzuwX+mux38uOwmHH7xe8pHkCRGJbKaib6brrFAxy+7tNnyELqNJow6qet3x8JZ1 VCiBhMQiAn6/REc8rdEYrbn1hhrJ6x8fxWPljBlufOV+zXsr3g5ibR0NnNFZR7P4KjuEpWKw8ysf grWk+F804nbOWW790vWJXbLT2mm9djnByHEIy2bXsaKMc9TUKHYVwrVaTONwKYfpJrnEAHp1C2fe /n+DsuPgKbNPPqPlWNeI/CdD6KpX3HbaMjf8rcmF1xsbSPI8rcD+Cjj0ms4fxCu59Oay4BWKm7Ep 9Wvd83HPsqfpqJn2iLl9WLKzAslO7QhFw7ZGKd0evgchHLY5O93INmq/e2dLJnr33YYGfl9SrPiy PHjQKWlKngyngIz2EO3YexSRxANWf73ty27B6SfGzI45cvJcJCGFyrDi0q9oKL2jtZVN1Ygxf4fe MHCblz4x9IPdncUNDWWxxKt7pF0nXutoMLVJT9cuEuzJP/bkWhLiErOVsY5w6XQfkArg5k0+xNMi ZMvrneOoNk6uyFw83JSJtDoBIdIVlB06L6bBtQAI5cTxN6wfd3sfTPUPRGK2dgYjzLrR2Ma6iyuR q1213ZdJJDc+AsBasIPnm8Y/H/gjK6S2JxwY2+uU/ccjfIadostJSdprVRl6ohWX8Yav2eZUeT7d ObaTjgAZSLx6sb3I6iSvYU5CWF7t+rtz6jTIxd1KPPAEIcAKzBtQOpRZeBA4qAONiOVVh71uiNp6 VkxczZhImNkmQMhJZUKaSNLG7esGPBix9UkG1xWEbj1oPZXJ/ctA0TqOEPO3vYk82hIlAQVKwjkD dVpSwTjpFFc0fXq7GJKvX7jsN6LVA5gKYQAo2Fum5Ym0YEu45zacaJbnvPco72Y2AHaTVZbRtObv m5Q7Vt668qZwo7h3sx7FUXZj2AGt9nmxy71X4V+BmqtLa1GMsO5Geu2WtNEVR0iQpJGXhY1Bvaty 3ZgmscyVfYzLxSTdolN3yku8I0TEiajhy1829P7Hmdf9STbhl3XAMpkmYdgJ9WJD90QNIPzVBY3I APq3qbqHA92nSmPtmFpfchCI4EPaVHrTOPuQx1EfOchRYEssL+ArhlaKvru4eQLkMZ/ZuRnLVzIT 8HYLT3u7LF6ul5L63UnXLhwQp0JXbE2mEoqJOpBiUI7sEnqLJBn+8rfoZsqPpna7JtWEApVeCmQC 1vNGPV+kW7ga1vun6bngw5Ord4u+87gSys3FhETfUfLK3rH+oEta5FZMOUPMuR1vujTHEjQ9citj 8pN3PEJkImVFy5p2l9NxkgVO4br2qhFSMXKnhGLNBylERqTpitNP0jIJuUjAQqsS2fYUy8DI3vcn aLZ8cWuODSykerFHcEXJtqaxCKbkHsm2+dSPhbljdP7Uizb7lG9jcpDCD680tiDpAuEUFS7CwYdu v78SVY6dvTkDwd4hUR5GyW8j2SXay4ETbLGq7fd85r6p0OIk3iRjOm7mbkIdV6dmIkMRqRuuYolX SNlme6iKfbts3HfMkEbdoFv63hB2cgeQEC/fcdhqpPfPNjbru+19PYhVt01kHl6vjtGkYJ53Ygm3 dY9orZu2DY6tw84k26zRzVsSocZuP0s/how5VEm60PqTX6owkORIiwrf54jBItk0yqCcTHApTCYQ HKjxYpt93tIWJ8fLygCfLI/E+i5NXdmTQdOdPyToB7Pg4hIHkij9UenSBXVPzc1KWOal7DNvFJGa npR/NS8gsBAWfSko7VfSDxUEiJpgo5drnOYClKXqb2AAZ7MjjSKNYoxaNQAB3ACwHwV4MlkeaRpp TeV2JJ7yTcn0muBevmca0XfP3KLNm2IKrhy4OVJFFMBABOooYQKUoCPyjh5EiQySEKg5k8hX2GCb JlWCBS8zGwUC5J8grgoy6VKZeJx8VYoiQeqlUMm1aPUVlzlSIKiglTIYTCBCFER/UAM6Is3Dnfw4 ZEZz2Agms7J2bdcOEz5WPNHCLXZlIAvwHE95qpElUl0k10VCKorJkVSVTMB01UlCgdNRM5REpyHK ICAh7BAcyQQwDKbqRWuZWRijghwbEHgQRzBr2Z9r5TFKYpTFKYpTFKYpTFKxtsf0jM/y1b/j0mVn H/El/Xj8evRk/wDLr/uR/uqySZZlec6YpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpTFKYpWUz wnvKix8o/ENe7e6fUx7pa2bL330vR+10jrC8x+v+z1jEJ739vHUb7v0Hv9fs7QE3QBhvvAWduj84 Y9/E8NSbfciRC/o0ar+Sp17s2x066245VvD8VwL/AHZicR+nxCtvLauy3zybXtWvWqqkgkossomi iimdVVVU5U0kkkyidRRRQ4gQiZCAIiIiAAAdRxStZ/4aLYGg7rq3ng30zIxT1zHc0rjJFQZLIKu2 WoJ6JaBphNb0wA540xYqdBoqXubqCRUEhESn6WL7wpp5n23xXLadvRWvfhKCfEvft4peq293WDHh HdtMQjEm5yOltNjCVXw7AcgDrsOHPlWzJldVZNMUpilMUrV++KWf01PivxvjHwtPzhO+QD1/WAOd AHw02O11Z297FumYfeTNAm5SuesYgemU4pAf2iTLf9zqznect1v7KMYBu7UXXR6bB7eny1R3v1fG Gw4SNb2w5ZK9+gRtrt221GO/o8laPueha8w0xSmKUxStnPwZ+HGlcqIL+9xylh3E3pVpOSMPqjWB nDtgx2fM118LGbttofRzts9Vo9enGq0elHpnJ9ZyLZcrkQaNzIPai94nXeRs0n1Js7BdwKgyScCY wwuFUEW1sLNq+apFvWN1u73Xe7nG36L/AFBvqltsDERRcQJSpszsQQdCsCoX5zA6vVFmza7T8wPi b4TXKY47VqCaKnqKryo26F476arBqDVHzFdNnJ1WQdN16nBSbhgqj2OkY0sgkgqidFUxV0zJFr7D 6G616ggXdJWPr2ZTPK2tgeIYD1iL9hbTcG44G9Wbn+8ToDpnJbZ4EH5O6OuPCvhoRwKk+opt2hdQ BFjxFq9nJPx6eP8A8t3GZTd3GphrqCv9lh5iU1bvfXFdSpbmQtkeDhAaxtyBQiop7Ks1JZuVpIpS zL65jC/TbnT9pFm09T9TdE7v9X7sZWxkYCSGRtdlPzojcgG3FSp0t237Pu9dIdJe8HZPrPZRCmW6 kxTxrou4+bKtgSLizB11rzW3I66viQ5P8FeFH952geQHVMbYryteatDV6PsGkYHa7ytPKR9s4W8R R1plk8NArJy67ciqaYgCxkuo9ewMtLrbaOo+oPY8npmYpj+GxYrK0YYPoKHgRfhfzXqnfd9vnS3T Pt2J1djq+UZVVQ0KylSmtXHrA6eNr99vJWKjnFsXUe2+Wm99k6Gh21f09cLy7l9fwrOstKa2joBR kySRbo1diki0hSFXSUH0UylKHXr8+TLp7FzsLZMbE3Ji2dHGA5LFrtc/OPE+eoH1RmbfuHUGVm7U oTbpJSY1ChAFsPmjgvmqJkdGbscR5Jdvp7aa8Uo19+Tk0dfW1WPUY+l63vhHpIgzYzX0fp+oBuzt 9vXpmadx28NoM8Ou9ra1vfutfnWvG17mU8QY05jte/hva3fe1reWouMUxDGIcolOURKYpgEpimKP QxTFHoICAh7QzMrB5VCm1nGy1pel1/VzGxzE9OfX/wD3JVoNewy8j7iWHMn6Ea0YSD1b3crhQR9M nsA3tyNdRbhPgLE0Unhq2q54W4abc/OasLoLZdv3g5S5sPjMnhaR63DV4l/kkc7D4K4ObY8hKDq2 xz+yqtsWjSYzcQ0gX90pEpVhcJKqIg8RYBNQrBF4PaYe7tKcSgPzZrcXeZ59snmSdXnR0sQVJAJ4 8B3+Wt/n9L7Xj9S4eGcXRhSxSFgdYDMoJHEm9x5DVBas2NdZ6bmGstPOHqDaqzb9BM6DIgJu2pUB QXAUWqZhMmJx6AIiA9faGdu1blnZE7rNIWUQsRwHMWseArr6o6d2XBwoZcSBUdsqNSQWN1a9xxY8 6qnT0Vyf2bM12QrNL2peam4n2sc/lKxryZnoUe1chXbVWVha+5apqJkN9MvqAYnX29MwMTf8gZsc WVkKELi4YoOH2K2279H7Sm0ZE+DhkzrExUr4jHUBwsLm58lXTSEdIRL11GSrF5GSTFY7d7HyDZdk 9ZuEx6KIOmjkia7dYg+wSnKBg+cMsBWV1DoQUPIjiD6ao50eNikgKuDxBFiPODWVvwb66S2T5QuL zF43FeNqk1c9ivjeh7wVqrQ9eWuwwDg5TFMRMAtjOPIChhL2HOAlHvAoDCfeNm+xdI5VvlyhYx9+ w1f7Ab4qsH3V7cdx63xOAMcGuZvvFOm3/EKfH2Vsr/FI7khtTeOSpMJd6qgnsrk3rinnaNASWduW kbTdl3pZYzQTguqwavqi1BRQgdE1lUQMId4ANMe7CbHxuo2ysi+iPGe1hfiWRfiJr0D71sDO3Tph cDA0mV8qO4JAGlVdvxgtcH8Lfr5ow4NbI3Wml2n3Vut4ESsZMSKuahQqpAR0SouBgAxFSWSbmien 9IClKA9ephAud72NyTN3rHhiJMUeKG498jEn/ZCVqvc1s0u17JlyZIAyZM1kNuItEqqOP0y9Yevi UeQ350udUPpeOcLHguNet4SvO25lfVaje9kNmOwbI/Z9EyEJ6lXkK+zWADHEq7A4GEDAJC2D7p9r 9j6cbPcflMuUsPoR3RQfvg5HkNVf76d49u6pXbUJ8LChVT3a5AJGI+9MYPlWs0PwwFlPJ8E9s1xb 1DK1jlDbTtzekiRAsbOay1Q7RRIoQ/rLLlkm7s5xOUO0ihAKYQ9hYD73otHUcEo5Phr8IkkHxWqy fcdNr6VyITzTOf4GiiPx3+xUZfFNkhR428YlF2nfYi7wsBIt/wBoj7tCnocgM807/UAC+/Pk40/T sMI+7/KXp0Nl+5zxPrbMAP5L2dbjy6xpPoGr4awvfsIvqXBJH5b2prHuXwzqHpOn4KgT4frSVB4r 8Z+RXlL5Aqnr1bb1uyVCiyDpv3Lpa0pztnIX2cgWyqhE5eVvN8jmkBFopmI5O9iFm5O4HYAOz95m 4ZO87vi9HbZ60pdWcf8A7GBCA9wRCXY8rMD82tT7pNsxNh2TM663f1IQjIhP6NCDIyjtLyARqOep CB8qsNupSbM8xHlMpo7Sey8oz2/tBebs0cd8sq0oWhqapIWySo8C4BRslDxkJR41WNYnJ2CrIOCr GBV04OKs7zfZOhejpPYwoaCGym3F5msoc95LnUe5RbgBwrnb/bfeL13H7cWZcifUwvwjgS7lF7gq AqvexvxYm/YT7829ReKHHXZe451mzjqPpPW8rPt4JgCMY2XRrsV6FbqEORJEzdktNSBGsYyIUnpk VXTL0AueYttwcnet1hwIyTkZEoW54/KPrMe+wux8gNeu923HF2DZ59xlAXFxYS2kcB6o9VB3ajZV 8pFaN+0fiD+RE3K3W5aH0Fxz42bc2e3imeyt5VWmI3HbFrY12ORiq0xcT1tRXilWsKwSBNIr9hI+ mBE/RFHsHv8AQ+H7sdrjSODcsnKy8GEkxws2mNSxuxsvHie4r23vXl7O97u8SyS5O1YmHhbhOAJJ 1TXK4UWUan4WA4DUrdlrduG6q8gdnV3kLUOT0lYXt327Uts1Xc/2kuzt5YHdhu1StMdbmLyxuXS4 vJJJzKRaYLAKgCZLqUBAOnSdzbZhy7W+0IojwXgaLSgChUZSpC24DgeFVxBu+dDu8e+O5l3CPIWb U5LFnRg4LE8Tcjj5K3efJzz30nvbwpX7bmv75WGUxyDquraxA0VSyRzy1MLTN7ApjrYuvX7GLdKO CT9PrLCa98A5SJCmzEw9SKEA/nvpHpvcNu94EWDlRuY8V5GL6SFKhHCOCR8lmKW8/eK9O9b9V7Zu vuzl3DElQSZccSqmoFgzSIZIyAflIoe/Zw7iL9dNva12CqxMC4r8krGrO5Fyi4Okk3UFVIjYDlII OEVgAAN7fYADl67/AJeTiRRtjsVYsQeXd5Qaojofatv3XLnjz4xIiRggEkWJNuwiotrVxsts13tj 7Qyq0n7hFQ3ufqpNkvQ96Vk/eO33dBHu9T3YnXr16dvs+fNTjZuVmbbl+0uW0otuA4XLX5AdwqUb ls+27V1DtX1fEIvElk1WLG+kJbmTyufhqjtEfpKh/wByy/4sdZh7B/E0+i3xGtv1z/Lk304/xxU8 aLun1ozk6k+WAz6DcOV43vH6a8Oq5MBkw69RMMe5U7f8CapCgHQub/Yc7xVfDkP5SMkr5Vv/AEH7 BFQXrjZvZZYt2gH5CdQH7hIF5/fqL+dWJ51cDkiqBVTMpcqpCOxYy9hiY14UhFTNnj1FBYE1AEUz imcwG7TgHsH58xZc3Egfw5pEV+4kA1scXZ91zYvHxMeWSG5GpVJFxz4iuO/OTQf54V//AGk2/wDT zr+s9v8A00f4QrI/05v3+EyPwD9qqmi5eMm2gPoh+1kmZjnSK5ZrEXRFRMQBQgKEES9xBH2h82ZM U0U6eJCwZO8G4rXZWJk4UvgZcbRzWvpYWNjy4GuRztrHpilMUpilY22P6Rmf5at/x6TKzj/iS/rx +PXoyf8Al1/3I/3VZJMsyvOdMUpilMUpilcevKxbVUUXUkwbLFABMku8boqlAwAYoimooUwAYB6h 7PaGdTTQodLsobykCu+PFypV1xRyMh7QpI+ECvylMRC6hEUJWNWWUHtTSSfNVFDm/wDNIQiomMP+ AAwJ4WOlXUsfKK+vh5cal3ikVBzJVgB6bVyWdtY9Wq8g7FYIWZryUNOTESkvGOlFk4yTesE1lCug KU6pGq6RVDlL7AEeogGRLqLJyIJ4xDI6Aob6WI7fIatHoDb8DNw8hsyCGVllUAuisQNPIagbVFzM dpvW7Z0jdZ0E3Xufpd9pmym/z6LmZdHuAFTAH+aQS4G9o9DiUPkERDVJ9bSKHWeSxt/+Ru1Wb4lP 2Kk83+l4JGifCg1JqvaCP5rxxns+6lW3kv3cSw7TQTcKnus72tmCkip22mbEfd0oGKsRgKHqh1U+ r5hEAD2fdO4OvQOo/W+tlBJnksFv+cbloV/iYemif6XdlUYUF2kCD8hHzMrw93LXG3osfJX1rs9s t3KrRS7TXqou3LI/ba5wSes1sELWlRAfUARJ9YzqAgPT2pgY3ygADyZN3Vyhne4JH5xuYdU+Nx6L 10pN0pJGJVwodJQN+Yj5NFJMOz7iJvTYdtxNOkzWskhNoWeckJgF4qPfsSvJZ9JkQTLMT0SsJQeH MCKijmJP17Q+kQCiI/MG82P2sSSLlSM90Ui7Fres6nny4r8VQ3rQbU2PA+2QRw6ZXVtKKlz4cUg+ TzADjn23q4fJHVf0xSoA27t1OrprVyuLEWsaxOx27J2qJwiahf8ArKeSOUepCD1BIB7jfsSjHd43 gYoONjG+SeZ+5/8Au+LmanvSXSTbmy7juKkbcD6q8jIR/ud57eQ7SIf1RuB3V3YQ9kcuHteeuDqe 9rGUcOoh04UE6ropjCdVdmuqcTLE9pgMIqE+l3FPpto3l8V/BySWxmPPmVJ7fKD2j0jtvLuqukYt zi9s25VTcEW2kWCyKBYL3BgOCnlb1TwsVvaQXRcopOWyqa7ddMiyC6JyqJLJKFA6aqShBEh0zkEB AQEQEBycqyuoZSCpFwRVLOjxOY5AVkUkEEWII5gjsIrmoKdmavOQ1lrko/g7DXZWOnYGbinSzGUh 5mIdoyEXKRr1udNwzfx75uRZFUhinTUIBiiAgGfJI45o2ilUNEykEEXBBFiCO0EcCK+xSyQSrPCx SZGDKwNiCDcEHsIPEGtunjZ8UvTabqlFtzW0nsSfuFPgwLJbE0K2psma8/V7cCjKydDuFmoEbW5p 4RMDOQZyazJZwYx0UGqYlQJRHUPumkieTM2SeMYgu3hy6gVHOyuobUO7UAbcCSeNekek/fMmX4O2 b9jyHPYqgli06XJ4BmRiug/daSwJuQqjhWMXypfFYTXKDTVz46cH9UXXStP2ZByVV2DuTaj6CS2q 6ps23WYTlYpVTpsvYa/SXM3HKGbOpc8zKOQaOFU2qLRcE3hdJs3Rq4c65W4OskiG6qt9NxyJJAJt 3WHHnccKn259TtkwnHwlZEYWLNbVbuAFwPPc+S3OsEfjK8lO+fGLvFnunTD6gTUNPQ7esbU1XaTS rOC2TTwdEeBHS7yJae9xVnhnAGXipZP11I90Y3ek5arOmjiZbts+LveCMXIaJGHFWHB1PwcQfnA8 /IQCIbt265Gz7g2VBHlODcMpIMbC/YC3D+qQAR5iQd1So/GBePV7Xo1zfNIcp63a1W5DS8LUYbUV 2rzF0JSiojG2eZ2zr+SlW5T9QKorEMzGAAESB16BXr+73cgxEeThlOwlpAfgEbW+E1Nk67wyt3w8 0N5FjI+HxR8Vcu++MD8ZDNMihNQc2XwmP2Cmx1vohRQgdoj3nBbkmgUCezp7BEeo/JnTJ0DuyC4n xG8zSf8A9QrIg612+Zipx8tLDmyxgfYlNeiO+MH8aMlIMY5DR3Ogi8g8bMkTra00EVIqrpYiCZlT E5NKHKmU6gCYQKYQD5AHOMfQW8SyLEsmNqZgB6z9pt+jrsyOs9rxsd8mSPIKRozGypeygk29cceH DiKlizfFG8K2sI/Xp2iuUc9Y00TmjIqzQmp6nCO3AFESJP5+L2vdH0ciY/QBUTjHRigPXsHp0GRw +57f2kAnycNYu0qZGI8ymNAfwhUBn9+fTSxE42LnPNbgGWJFJ8rCVyPwT5q1PufnPrcvkL3Ubbe1 ix0DFw0ceu661zXlnilZoNX96O6Fk0UeqGXlZ2VXMC0pJqFTUfLlKBU0GyTZshdHTXTWB0xt/sWF dnY6ndranbvNuQHJV7B2kkk0H1Z1ZuXV+5/WGfZI1GmONb6Y1vewvzY82Y8WPYFCqLHMkVRemKUx SmKV2TFPkXXGTwiw1l1iodvPa48c5bxWpWIQBUE7u60Oe3HtqaRVRD3YLfJKSiwgce1LvHqPTqPl GdBu/vBaHL4xy7roYH7jxtOn8EaRXs/Hdtk92Kz4PCWHZtakfdmDXr/DOo11tSiiiyiiqqh1VVTm UVVUMY6iihzCY6ihzCJjnOYREREeojnq0AAWHKvGBJJuedXl8cfIZzM4kU+XoHHXe1i1lTp2xr22 VgI2GqEuyc2N1GxsQ5lSjZq5NrtnDiOh2qRwSOQhgRKIl6h1zQ7r0vsO9zrk7pjJNOqaQxLA6QSb eqw7ST6akmzdX9SdP47Ymz5TwYzvrKgIQWIAJ9ZWtwAHDuraR+GRvVr2gh5ANk3uWPP3e/7Y1jc7 hPKtWDFactFmQ2jMz0w4axjVlHouZOUeKrqAiimT1FBECh1ynve5jQ4Z2zExl048UMiKLk2VfDAF zc8AAOJq9PcjlZGcN3zcpteVNkRO7WA1M3iljYAC5JJNhUg8CNA6Q2l5mvKjs7ZNbrls2JpbYOvX GpI2xoMZNOEUuBbH9qrvEwr4qpDTteWq0U2byBUxPH/WJuwxDrENmL1Jue44fQWzYmI7pi5ET+IV uL6dOlCR2NqYlfnafJWX0ptO153vI37OzUSTMxpozEGsdOvVqcKfnLpQBvm6uwmrp+ZfkR538T+T hIZnwAsm1OGjJzVwkt1a9Ttl3tTuDkY+JXtlmM3pzKZj6UepyLt41TjZpikMgdkQxHaabpM5dPsP S/Tm9bR4jbmkO/ENaJ9KKCCdK+sQX1AA6kPq3+SSDW+6k6w6q2DfPCXaHn6bBW80et2KkDW3qAhN BJGl1GrT8oBgawSeXbbHjz8i940IjwyfH/vj3TeVV07Z0HGqLrrn7cQV/cua+wf3J/MV2KZSlnq1 4NHNklFgGQM0frkOc5G6KZLG6IwuqOlsfJO/D/0KPHaVfyiPoKesQoDEhWTUTb1bgd5NVX7ws/pD rHKxB02f/wDRy5Swt+SePWshKguSoBZX0gE+tZiCbAAZsd+XfiD8OZ49C7IqWqkr3a1JWu6zh1kv quv7C5BbisTCXnCnut8NGy7uEryLCuSUmomVJ22imDP3dm2OoKZD1TPmbv13vZbLkKx8WC8SkScB ZVuOPIE8Cx4savDbNn2boPZBBgRAycAz2AeZ+Ju7cTbmQOIUcFFWb8B/iDuFnkq03uzW3kXoWhuO cVFlj4+Tgdv3GFs+kttVedUOmVu2G9w8YRhZYN4CQKsVgcmOUybtssBiqJN8jcej912tV3DaDLNG GsSgIdDwIvpPJuw9/A8xfjidW7Vm5R2ndPDiyHj1qGIKuASGAv8AOXmR3G45G2L3xX+HzhZvPy/c z7Bq63U/kP49eMjei2bWLOCsze8Uq6WXebNK1VTVtgmxF2ncanqn7Pz7GTbKOF1nnuMcSROsm6cp rbnP6n3Xa9kisDDu2SjxsSLMqggMwHYzi1jbhclbEAjWR9MbVvG5kTWm2zGlSVVvdWax0q3eqkkk dtgGuCQco3kk+Ixovjn5e1rgjoTjLW9lN9Xo0WJ2s++1ieuarTkrJBRs7Ea61tCVyrzLEjuGqkww WWdqAVoyWUMyBmc6R1Cafp3o6Tf0TIyZzH4zkKdOo87amuRfjfhe553rZdSdWJ09DK0EIl9njLMN WkcBfSLA24dtjbuNXm8yuMXHHzF+PiP5O61p8bF7gltUSGx9MX00eiyubGyVpu7LM6lucnHpkUsE OrNQDyAXIt703ZOw98aAIkD1MzYd33XoXqc7RlyE4KzBJUvdCrWtIgPyTZg4tYkeq3k0HUmx7N7x ukRvmFGq7i2OZIZLWcMt7xOR8oalMZvcKfWXy4E/hg6/Hy/Pbasy5VZKOqhxbtrtkzF0Ysig9n9m auiEJFNoQPujL6tSfoHOcQADql7QMPUS2J7351Xp+DHB/KNlqbcPkiOX087fAaq73HYsrdS5GYVP gLhOuqxtqMkJte1r6Qbi9+INqn/4zq2mZcfeEVEBZQpLJuTadtMgCqQJKGpVJr8MRY6A/dlFEAv4 lKcv0SAoYDe05crLoNL5WRJ3RqPhJP8Au1e3VzWghTvdj8AH26zb/D7U1CkeHrhEwSAgrTeu7Dcn ixVCKmXXuWxblY0hUOmBSd7dhIooAXp3EKkBTdTAIjp+sJ/aOoJm7FWNR97Ein7INZfSWN7LscaE WZpZnPl1zSMD8BHorR+8oS0048ivNU8/MmnnxeSW1kUHxgUAUIVta5BvW4boqkibtrldSax4dAEo g1+iYxehh9NdHiMdLbeIl0r7JHw8ukaj98129NePuuTKesdzMra29tl4/wBUOQo+9Wy+itmH4VuZ 9fTPLevdq3/deztcTPcZTq3H6+qs8x7Ukuv0Fi/Zz7ob9kUSB+xypffJHbPwZe+GQfAwP+9V1+4i W+27hDx9WeNvwlYf7vxVe55wuKNh5oxXBrj/AFNRGOmr3ypXjZCzLJmUJVKMx1NfrTfpwS9BTVPH 12sqLoIHEgO3iSCAHKZUByP+7zeotgfcdzn4xx4dwv3TmRFQelmsT2Ak9lSf3n7BN1LHte049lll z7FvuEEUjSN6FW4HaQBfjWJr4hrkRUtI6x49+LnQ4FgqLr+m0+2bFjmS5TGSgK2zNCalpcsuiBBe PVhYOLBKAuX1HDgY50IiY5hGae6/a59wzMrrDcvWyZZGVCfumN5HHcOIRbchrWoB7394x9swcPob avUxYY0eQD7lRpiQ954GRr8zoavd8LNoyPlL/wAn+R0m0TUe0+tU7UNQXUIVX0lLq/fWu6LpAcog 2dt21Qh0iKF+mKLtYnUCmMBnvi3FkxsPakPqyO0rfeAKno9Zj5wK++4ra0fLzt5cetGiQp9+S7+m yIL9xIq7T4nzkg4pXHPTPGWEfGRf7xvD663FJuuXuUo2qSRy0fFSLf8AXA1mrxYWDxA4/KrBnAPk HNJ7odqGRuuRu8g9XHjCL9OS9yPMikH6dSD34bycbZsbZIjZ8qUu/wBCK1gR3M7KR5UrSurOvrzd Iu5zlSqNhscNruvEtl7lIaKeSEfUK0pKx0EnOWF22SUQio1SYlmzcqqxilFVUoB8/S/psrHx3jjn dUklbSgJALNYmyjtNgTw7q80wYmVkxyS48bvHCmtyASEW4XUxHIXIFz2msh/jp8UfITyPublK63l qlQNb6/eM4mz7FvJ5Q0epYJBqL1vWq3FQ7F49nptFiJHDoombN2jdVMyiwHWRTVi3VPWe2dKiNMt Xly5QSqJa+kG2piSABfgOZJBsOBImHR3QW79ZtJJhNHDhQkBpHvbURfSoAJZrcTyABFzcgG3fnDx AunBbkXbuOd8tNVuc7VmFdlyWKnqPhin8XaYZrORZlmkm2aSEZJEaOylXbqFMBDh1IoqkYihtr09 vmP1FtSbrjI8cblhpa1wVJB4i4IuOB+EA8K0/VHTuT0tvMmzZckcksYU6kvYhgGHAgEGx4g+gkWN YseS33jrP4Vd/vMMwup/zEX0z8VSj3b/ALbk/ql/GqKdcfo73H+Cq9+2zWanbf4bm/QT42qVdRfz Ds/62X4o6+PRH6Sof9yy/wCLHWcNg/iafRb4jXb1z/Lk304/xxVLVSae1+9xskwP2rEnAQUIP6xd q7dC1dN1A+ciyCpg/VKPQwe0AHMTEnfH3BZY+Ykt5wTYj4K2m64UOfsUmNOLoYLjvDKupSPMQPPy 5Grud62CZrdRjn0HIuIx2rY2jRRdsYpVDtzxkusdERMUwdhlUCG/6Shkw3/InxsNZIGKuZQLju0t 9qqm6HwMPcd2kgzo1liGOzAHlcPGL/AT8NWRzE1Kz700jMvl5F6ZNNIzlwIGUFNIBBMgiUpQ6EAf Z7Mg008uQ/iTMWe3M1dWJhYuBD7PhoscIJNhyuedcXnVWTVWQ96t8AyLHQ0+/jmRVFFStm5yAmCi ogKhwAxDD1OIe3MuHPzMdPDgkZUvyFarL2Pac+b2jMgjkmIAub3sOXbXK/nV2J/O2W/7RL/JZ2/W 25fpnrF/0t09/hIvgP26fnV2J/O2W/7RL/JY+tty/TPT/S3T3+Ei+A/bq+PXUg9laRW5GRcKO3ru OIq5cqiAqLKCooAnOIAACPQMnm2yPNgRSSEmQrxPfVJdQ48OLveTj46hIUkIAHICwqtczq01Yz2j kRurV4QAII2lFyUDe0Cj9bFVKBh9gCBR+XKvRv8Avwcc/Fv/ALVekpYx9StC3Eeykf8A8dqyYZaF ebaYpTFKYpTFKsG3v+kqY/csR+LGuV9v/wDE3+ivxCr36G/lyH6cn45rgNVfpEqX4WT/AGpXMbaf 4lD9Os/qn+Xsv9UfjFZGMsqvPNWe8lvv5WfwS7/fgZDOp/2iL6B+Ord92/7Dk/rV/FrxXfvNC/7u f0E2TjG/MJ95/dTU3H9sm/4v+aw68SP+hS35JvP7KKFn2X5D/qj/AJeKmP8Anov3pf8APZVVDKff t/8AlBNf2va0zIl/Pt+sb/MQVr8b9iT93j/yGZVbay+/Ln8lG39PNgZnbX+eP6kf3s1aXqX9jX96 b/K4tTbm8qGVBG3Nto1FBWAgVU17M4S6LKh2qJQiKpeoLKh7SnkDkN1SSH2FAQOcOnaU+g3jeFw1 OPjkHKI/B/7e4ek+Wc9J9JvuzjPzgV21TwHIyEdg/qD5zdvyRxuVsgVVUXUUWWUOsssc6qqqpzKK KqKGE51FDnETHOcwiIiIiIiOQUksdTcSautVVFCIAEAsAOAAHIAd1fjPlfanbUm21qislAzyqi9Z XU6JKj3KKwiqhuplkSh1Odgc49VUg6iURE5A69xT7/Z94bDYY+QScUn8H/s7x6R5YP1Z0mm7Ic7B AXc1HEchIB2HuYfNbt+S3CxXLDxL0BP8ueQ+meP1JkmzOR29cIqASsHpkkGkJAKJqyljtQtiuWoS TevVdk7kPQIsQzkrf0yGAxgHJNvG7QbRtE27yetDFGWAB+UeSgHj8piBfsveqr2TZMret8g2OO6Z E0wQ3HFAOLkg2PqKGJHAm1q7NTifwj41cLKBEULQutIGtmYsEW01d3bBlIbGuz4Cf55M3K5qNiS0 u8fLidT0QMkxaAf0Wjdu3KmiTyVvXUO7b/ktk7lMz3PBASEQdgVOQA7+Z5sSbmva+wdMbL01iLib TAiWFmcgGRz2l3tck93BRyUAWFWU+Vbw28XfJPpe8s32uqVR+TreDl5HUvICChGsFbY+7JoGdRUd fZWGRaurzRpl6kDZ8zkwe+6ouVXDMEHgEWDns2+5m0zqQ7Nh3GpCbi3bpB5EdhFu43FZO57RjbjC wKhcm3qsBY38veO+/o411PEpBzFTlJOq2JOnxFgrUk/r87EyrFNaTjJiGdrR0nHv1UWDlJR2zetj pqCVQ5RMUehhD25fMLq8SurQaSoIuONj38KpPIQrO6smbqDEHS1l9Hrjh6KkDSep7jv7cWq9G68H Xb697h2HTdZU9q4jzpNVLHeLBH1uIM+XThVTNY9J7IkO4W7RBFEpjj7CjnHJyI8XHkypTj+HGhY2 HGyi5tw58OFfMfGfJnTHjTP1yOFF34XJtx9fl3+Su2u8e/iy4k+OfV9ZqWntZ1F/s1tENUr7vyXq kD+dPYM8ZIxpN+6sJGZn8FXxcrqAxhmaxGTFuIF6KrGWcLUHu++Z285DS5DaYr+qi8EUeYcz3k8T 5rAXdtWz4e044hgBaTtdiWdj5zcgdwHAfCa9vP8A8W3EjyI69lq9uLWtZj9nIoEda/33Xq/EMtr0 GwsVEXUU7a2dJslJTldM6apkfwz1VRi+bdS9qaxUXCPLZt9ztly48nHYmJHBMZJ0sAb2t2HuI4j7 FcN52XE3rBlw5wFeSNlDgDUuoEX8tu48DXWs7b1laNK7T2Pp+7oItrhq282rX1nSanOszCcqE49g ZM7Fc6aRnLBZ2wMdBXtAFUTFOHsMGewMHLh3DDizsc3gmjV177MARfy2PEdhrwnuGDPtmfNt2UAM iCVo2ty1IxU27xccD2io9zKrEpilMUrj5V+EXFyUmZMVixzB4/MiBgIKoNG6jgUwOIGAgnBPp16D 0651yyeFE0tr6VJt5heu/FgOVkx4wNjJIq37tRAv6L1bb/eZY/zQdf7YR/i7Iz/qiP8AQt+EPtVY 3/xrP/i0/wCWf7ddk34J+XuovJN4tIzR88omFo1JruR4p7w18eSQVmGtFXrT+p0iba+ol6ykDbdY KJIIujIeiWSZPW5e/wB2ER899WR5G29TtvOMpSOWfx4yeIDhg7C4txD8bc7EHtr0Z0tDBldKp09m usrxYvgSAcCYypjU2NyAUFr8RcHurWi5EeB/yGab2lN0+h6YmN6UU0k7+xWytevoFzHTsELkAj1p 2KeyzKVqM2m2VTK8bvEioEXBT3ddygUFzXjtfvH6Xz8NZ8nIXGybDXG4Nwe2xAIYdxBva1wDwrzd vHuq6v23ObGxcZsrF1HRJGVsy9moEgo3eCLXvYsONbOfjC8Wmp+DvEC0WPm5QdHWbY8s6m9s7Olr 9W6VfYLT1Ngq8gKVYJZpqNlY70q7Fxrl/LOmShmZnThQiai6KCS6lRdX9Y5vUO+JF09LkJiKBHGE Z0MrlvlaQQfWJCqDxsBcAkgXf0P0Lt/S/Tsk3U8OK+YxaWUyKkiwoq/J1MCPVALOV4XJAJABMKfD 3bHq+3tleT7Z9GrUVTaPeeQVKsdJqkJFNYOMrtOkVdrK1WIbRDJJBnH+4wIt0zppJppgoBu0hC9C hsPedizYOJs+HkO0mRHiursTcsw8PUbnibm/OtZ7osyDcc3fM7FRY8WXLRkRQFCofF0gAcBZbcBw qzqv8O+Ym9fLD5Bd5cKeTmvNBbK0tutrAT7S1Kzjt9NV+7wCLpqSUrTWp2qvWKoSTmurEO3kkFEf e2hVCkBRJNQu9l33Ytu6L2zbuoMOXJxMjH1ArYAMjdjalZWGocVN7G3IkVHIeneo916+3fdOmc6H EzcbJCsH1EsrrcXUI6shKngwtcXtcA1drQfLb5H9N8s2vEDlZwjDbkoGwW1GabI4/Ve+1ZSzVxzM sY5ttOuNbIWxVG11xxHyKL4w+815u2SVBN2ozUTVKXSZPRPSmfsp3zZtw8BPC1mOZkbS1ifDbTpZ WuCOTk81DAipBie8DrPbd/HTu/bZ7RJ4wQSY6yLqXUB4qhtSOtiG5xgA2YqQauO8y+tuNWnv7rPk Btlbr1b2loXmBx1ev7dFxjJCx7CoJLuhK3CmyiSbUwWl/E12HdS8WquB3caePVFsomVVYimq6Dy9 2zvbOmYHZ8PJwZwFJOlH0WVhx9UFiFa3BtQuDYW3PvIwtl272Dq3IREzsTccclwBqkj13dDw9YhQ XUniuk6SLm8M/E0cONvc5vHLUZvjPXn+2LPpfbVa3mSnUtI1gnL5rZ3RrjWZtzRI2NTcurTNMU7U yk27VoJ1njBByDci64oJH0nSebDtm7NHmnww6FCW4aWDA2a/LkQb8ja9uNTPqDGfcNtWXE/KaWDj Tx1KQeK258wRbmOVaqXig+Ht5M8/tc7nLuF9sDhTQ4aYgW1ZuGzNDzs1L3yytV01ZOKr1Hsly1RK Kw0K1SEHcsC6jUjo5WyYKqlcA3sXdOs8DZ9uOFAFycmaQEhXACKvG5IVhcngBwNrnuvXWH0bnbtv 8W6SsYMXGgZQWS5d3JFgCy2CjiTx42HaSNgf4evV+mfHrzx8mHjFheQLHfF+q0XoDYjC8o01vrtr ZHdZgLC32vVo+tEu9/KWR1jJ7KhGbsSyayqjlV2QyCHuanfBep5cjdNtxN3MRjiOsEX1WuRpJNl4 NpNuHdxN6nuxJBt+dkbaJA8g0kG1rkA6gBc8VuO3v7qwb+dDxhcwa15c7/uDX2g9wbc1HyTv9Q2F QLvrigWS+R5ZqTgYBjbKZOqVCLlCV6fhrVHvQatXnpLO4v0HJO8DKdkx6H3rbhjYyZE0UUkDANrY LYAkhvWI4Wtc9huKhnXm058mNm+zRSS+NC2jQpYklbabKCb35DmRW6bwqrb3xm+JKjfn/XZ16Z0V qLYmzr4wevRXTiZy22y4bNaUfuRUMmvNoyNsbQoN2gnBzJ/QQFU6hTnhm/yr1b1tJ9WAtHkzpGhA 5hVWMv5rKXueS87WrfdNQt0T7v4vrchJMXHklkBPJnd5Qn0ruEsObcBe/HSi8FvN3XnDDyt1Rtt2 WYVvXPJTSS/H5/b5Zw3ZQ1Mtk7fmNpoU9OSDgSEYQr2xVYkMuuocjZqEsDlwYiLc6hLP96W3y58K mAEyxIr2HMgGQMB5bG/osOdVp7l8yPDxJBKbRyZLrfuJSIgn0i3pvWXP4zvWMlL6I4O7kRYLqxVA 2xt7W7+SICot2T3bNRqFljGi/acEgUkEtNOTEExRH/NzAAh1EDVz0HMFyciC/rMit+CSP96ra6uj Jghm7Fdh+EAf92s4/wAP9b4m7eHng1KQ6pVEIzWc/UHZQOBjoy1G2RdqdLpKB0KZM31jCKGKAh/6 sxRDqAgYY91MjR77kBuZcH0FQR8dbrYnD7TCR2KR8BIrr1/KVvMKd5JueVcfwTqWcR3LffvR8Ev2 go2ebMsb9iiUizJQ6ZWbF0miBe4SkBPoX6IBnoPpzqSKHp/ChEJ9TFiX5Q4lUAJ5dpF683dSe76f M6hzsz2pR4uXK9ihNg7swF9XGwNvRWyH8IPyAg75Zud2u1CrRE2eC49XSEg3Eom7B7FQ0huGDtUq 1adjcUhZO7HDIrqEIYDeukBzB0IA1/70876zjwshIyiRGVSb3uXCFRyH3DfZ8tWH7qdgbp2TNx5J xK04iZQFK2EZkDHix5+IvwDyVuYbRu9J1VQbht7YCzVhVtVVOz3ybmV0G6riHhK9BvZGbcsDrmTE jpWLbqplKU5BWE3p9fpdMqnDx8jNyY8HFuZpnVAO8sQBfyX+DnVs52VjYGJJuGWQIMeNpGPcqqSx Hltfz8q6rPk9vu1co+Qe3uQV0MqE/ta8TNpUZKOVHZYSKcLA2rdZauFfuikdVa21aRrXr8jZqQPm z2RtG2w7PtkG2Y/5qGMLflc/Obzs12PlNeEN83affd3yN3yfzuRKWte+kclUeRVAUeQCto/4Xrk1 rGHiN48TJyUbwu0rXb09w0Rs/VSQTu8Kzq0bA2mGhVDiX3mdqqMGm/O0ARWWYOFl0imSaOjJ0973 9ozHfH3uMFsNE8J7fMJYlSfI19N+QIAPFhe8/cbveDHHldPysFz5JPGQH56hQrKvey6Q1uZUkjgr WjPzjcZuUvN3yj680vpPVlqsqUHoCgRUbPOI17Ga+hY2Utl5nLDdLDcHSH1JFw7FzJ+6uFvUMqqq xK2QSWdCmipl+7zd9n6e6Plz9wmRC2S5K3BckKgVFXmSbXA5AG5IFyML3obJvvU/XUO27ZBI4TEj AaxEagu7M7OfVABNieZK6QC1gbK/I8rprx+aIZ+LjjvYELtsewy1W2Vzx3U1SSQXuFxhG4P6Dppl 6aqqjSp0505+txjDCcGKwtTGVM9XkyhIOlRn9TbkesN0Xw8RVaPDi+5U8HlPezD1dXaNXDSEqM9Z HbekdqHQuzuJc12WTOmHz3XjHCO5EJ16fmnTx1F62ufDlqmucZfF7x8fTrqLgG9q12+5F3yxvl2r JiRpslJe/tZuYfGFNBBCE14vGt1VVTfcm7IO8Q7R6Ux13my7v1hlLGCxSUQIouTeP1LAeV9Rt3mr 793OBDsnQ2I8pVBJCciRjYC0n5QMx/qx6QSeQWtCXn9yke8zeXu7uQ6ySrWHu1sO2pTBdBNs4jte Vdm2q9CaPUUwAhZT7KxDVR4Ide94oqbr7c9JdM7Ouw7Hj7WOMkaeue92OpyPJqJt5LV5R6t31upO ocreDwjlksg5ERqAsYPl0gavLesUfJb7x1n8Ku/3mGYnU/5iL6Z+KpN7t/23J/VL+NUU64/R3uP8 FV79tms1O2/w3N+gnxtUq6i/mHZ/1svxR18eiP0lQ/7ll/xY6zhsH8TT6LfEa7euf5cm+nH+OKj9 h/Kpl+UDb8YkzXJ+1j9YPxq38/8AC3/dz+JV2/JD+Q8V+VbH8UTuTDqb9gT9cPxWqp/d1/G5f3Vv 7yKrKMg9XPV0Hvtt/wAZuD+qSB/jHJX4mZ/43/p0+3VZeBtPdtH/AF8v9invtt/xm4P6pIH+MceJ mf8Ajf8Ap0+3TwNp7to/6+X+xT322/4zcH9UkD/GOPEzP/G/9On26eBtPdtH/Xy/2Ke+23/Gbg/q kgf4xx4mZ/43/p0+3TwNp7to/wCvl/sVctUjOD1uHO7GSFyZmUVhmI5GIk+/vP198jUDqIs1unyk KYQAMk2GWOMhfVqt85QrelRwBqt92Ea7jMIvD8PXw8NzIn3rmxYeUiudcLFboLLmDqVBFRYwdQDq VMhjiHUfYHsLnexCqWPICsGNDI6xjmxA+GsWSap0nCa5gExyKpr/AExHqcQMVQBMI+0e/wCXr8/X KpDFWDdoN69QMoeMxjgpBH9FZUSmKcpTkMBiHKBimKPUDFMHUpgH5wEBy1wbi45V5dIINjwIr9Z9 pXyvXjaOZu5B6qCDNi2XeO1zAYxUWzVI666pikKY5gTSIIiAAIj09gZwd1jQyObIoJJ7gOJrshhk yJkx4RqmdgqjvLGwHHvJqPfzxa1/nU1/9zk/9RzXfXO2fpl+A/aqQf6Q6j/wr/hJ/arg77emEnrO zztMnVDKxy8S2CQYe9NFmy6sxElVTIdVJBUBUauBARD2CUwhnRuGfHLtcuRhScVKi4uLHUvm7DWb sWxz43UuNg7zAAkiudDaWBAjex4Ejgw+EVY7JSkjMu1H8q9cyD1UqZVHTtU665ypEKmmBlDiJhAh CgAfqAGQSWaWd/EmYs57TxNXbjYuPhwiDFRY4ReyqLAX4ngO816mT55Gu0HzByszeNjgo3ct1DJL IqAAgB01CiBiGAB+UM4pI8TiSMlXHIjmK5zQQ5MTQTqHhYWKkXBHlFZM6yus6rdfcuFTrOHEHErr rKGEyiqyrBuoqqoYfaY6hzCIj84jlo4rFsaNmN2KKT8ArzXuSJFuORHGAI1ncADkAGIAHmFWs8lv v5WfwS7/AH4GRPqf9oi+gfjq0Pdv+w5P61fxa8V37zQv+7n9BNk4xvzCfef3U1Nx/bJv+L/msOvE j/oUt+Sbz+yihZ9l+Q/6o/5eKmP+ei/el/z2VVQyn37f/lBNf2va0zIl/Pt+sb/MQVr8b9iT93j/ AMhmVW2svvy5/JRt/TzYGZ21/nj+pH97NWl6l/Y1/em/yuLXy7b22jUUVYGBVTXsy6fRVUO1RKES UL1KssUepDvzkHqkkPUCgIHOHTtKfhvG8LhqcfHIOUR+D/29w9J8vb0n0m+7OM7OBXbFPAcjIR2D uUfObt+SvG5WyJddZysq5cqqLuF1DrLrrHMoqsqoYTqKqqHETnUOcRERERERHIKzM7FmJLE3JNXW iJEgjjAWNQAABYADkAOwCvVnyuVMUpilbCXwyt9lW/l/4j0d0YzyKki8gVI71DdTxTltxh3VIKgi YeoizcptzgZP5CqiBi9Op+7WdUbhKvSWXgP60LeFb+qRNGfgNuXfx77/ADZNixZOssLe4gEyozKH tydTBIgv/WBIsfueBvwt2pWURV10xSumR5yIoE5scxCFlNftik5UchilbvYx0d2iUu3bgBUnBk4J dMVSAHQe05g6/IOejtpAO1YxL44PgR/KBv8AIHP1TxqgN1ZhueQBFnkeM/FHUKfWPyR4o4d3Aeap 38QZEg8o3AUQl6CsIcqtOdEo+NdpPVB+2Eb9FqoeCQKRcf2IicoAPzhmN1CB9RZfr4x/IPyBvy7P VHGu/YWb66xbxZ4Hjpxd1Kjj84eKeHfwPmrt9889VfFMUrq7PKJ/zFuav/iQ2p/Sl/nsDo/+Vtv/ AHSP8UV4a65/nHc/32X8c1YfkkqK0xSmKVT1t/kpZvyemvxa5zHy/wBkl/Vt8RrP2r+KY37xH+OK xj5VtelqydeNzk3vLiZb5LbegNgzGvbtGyTZso7j/d3cXNxazXq5g7NASKLuFscI6EoCZs8QWTKo UqpAIqRM5ZBtu0bdvW2z4O5xLLjlxwPAg25qwsVPlBHdyJFVv1fve6dP73ibhtMzQ5SxMLixDDVx VlN1ZT3EHjxHEA1tYUX4pfkbFV4rHYnGfT10saTUqCc/WbNb6IyXcETEhXshAvS3f1lFTAU6pG7p qmY3d2FTKIAWL5Pud2p5dWLlzxxX+Syq58wI0fZB9NbfF9+u8xw6czCxpZrfKVnjHnKnX6bEeS1Y 2udvme5hc8a2tre3yFY1Zptw5TcSOstWtJWOY2oWrhB3G/bqemZWXnLKSOdNyqptiKNI0yxSKmaG VSSOSWdOdBbF03L7XAHmzwOEkhBK34HQAAFuOF+LW4arE1C+qveT1F1XD7FkGODbSbmKIEBrG41s SWax42uFvY6bgEWP8QfN/wAsvFhPbro3H+icfbpC7Lk6JKzJ9zVLYdgfRrit156LROFXo21NdJpI OTWdwK4OSOjCJE+wxAAwGjnW+0Y+/bkseY0irjiy6Co+WqMb3Vr8Rw5VY3uyym2TYfasNVM2WSX1 XP5t5EWwBFuHPneuF0F5kuaqfPbZHMupz9K17sfaZpedvVSqFckh1dYGbk8Ok4q8lWLPYbLJvq4c WhFUwXkFXrZwUFm7lJUpDlytt2fB3fbo+mdwXxNuhjOg8BIpB4MHAFjxPZYjgQRWB1JnZXTebJ1j tDmLdp5wJBcmJ1YG6shvceqCONweKkHjWw4x+Ka5LpxKKMlxl0W7nStBI4kWM5f4+JVfdpgK4RhV 5aTeINAOICKJn6hxABD1Q69Q1re53aS90y8kR35EITbz2Av5dPorrX3672I7Pg4pltzDSAX+jcm3 k1emsM/ObyS8o/IPYoST3xZYdtV6os7c07WNEi3Fe19WHb9NNF5Ito53IS8xLzDhBPs98k3z5ykm YyaJ0kjmIM86d6U2fpiJk21GMz21SOdTsByFwAAPIoAPM3PGq36o6033q6ZX3V1EEZJSJBpjUnmQ CSSfKzMRyBA4VX3Hn4hXm745KZRtTQDKgb4063Tl20JS9vtrArL0uPYqxSiMXSLpXZqKlY2IL74o VNm/TlGbUnQrZJAodBhnXPR2z5+UmcitDmS6tbJazkabFlIIvxNyLE9t6s/3V9XbxDhT7dM4mwsf w/DV+JQNruqsOOn1RYG4X5oAqcd2/Flc7tu6Fv7fUurdLceLGodjAEv0AlY73boZGWORJxIVf7Vv i1iMlSIqiVNZ3GSHpD9MhSqAU5Izge73aVxJM/IkllaN1AXgqm5HyrDUfQRU33Hr7dV3rG2fHjhS KeKRmf1i40g208dI8twfJatb/i5v3dGteRLzkTSNmW+C3hEpW2/t9nJy6722OLfJOgkJibl5GTF6 M+vPuXq/1kR8DlGSTcKpuiKpqqFNM9swsTLWbByI0fEbGYFCOFha1u61gQRYggEWIqH9U52ZhQ42 diyOmWudEQ4PG51A37wQSGBuGBINwTWypof4v/m4g2qtK2rx548bKn1nsfEuLzFmu9BfSaSgkQPI S0Exm5yDNLLGETqGYpsGnX2EbkD2ZAYvd/tuXmJFHNNHG7AW9VrX7rgfZv56sDP64z9u2ybMaKKS WKNmHNb2F+Nr/Yq0PygeYvmZzc15KMbzY69QdbQT+Gk4rU2tot1F05xJFmY9ohK2lWYkJuduMk3Q WEyQPnZ2LVfqq1bNziIjZWB0jtHR+FJm7aGfcgAPFkszAFgCFFgqggnkLkcCTVJydZbx7wN6g2re iqbOxcmGLUikrGzKWNy7EEA8W0g8lF61zbRbJy5SCMnPuU3TxBmmwSUTbINSg2SXcOCEFNummQRB V0ceoh19vT5gzW5eZPmyCXIILhbcgOFyezzmp/te1YWz45xsBSsLOWIJLcSAOZJ7FFZaq55tOVbn gTsnx27yiaRyR0laae3q+trDtVtIv9oaPXiDIKVV5Srek7MEmwqazYgx7eSbuXLNMpW7Z0g1L6GR l+n8Mbkm6Y5aLIVrsF+S9+dx5e23PmQTxqULvGScFsCcCSEiwLfKXusfJ2X9BtVa+HXzCctPHTcJ mg62k4e/6Pt4PJ2w6W2J9Zvas2sDdEpBs1Mex75pJUuwu0uibpRsY7R8QhPemy50kDpbGTpPbups kQ5RaOYKbOltXDsIIIYfZHYRUf3Lq7cekttObhqkqeIoKPfSb8CQQQVPl5d4NWMeRrli25yczt3c p0dYR+nnW2JiAey9DibGraothNVuoV+lycq0mF4OvuVTWdzXBk3BFEBEjt2qAHEvaAfMDb/qrFXb 9ZkERYBiLEjUSOFzyvbnyrYT5/1pJ9YaBGZVVioNwCVHbYfFVT+OPkTuHivvI26NGXSSo9+rEe19 2kGRgVZSsas/TPIV2xxS3cwn63LlRKV0yckOir2lN0BQhDlkm2bXg7zFkYG4xiTGdBwPMG/BlPNW HYRx9FQPrHeNx2FsPctrlaLLSZrEciNPFWHJlPap4HzgVsX8zfPfyP5ncZZ7jdZNY641yzurit/b u20KRtaTufi4CRQmnEEzi5eSkPqiLmZhg1O4KLpyYzdI6BhORU+cNh9221bDu67rFNLK0YbQrhbK SLXJAFyATbgOPHsrRdSe9feepNkfZZoIYVlK63jL3YKdWkAk2BIF+J4C3I1gmyxqqyqz13sS76kv VU2ZrazStNvlHm2NiqtnhF/d5KHmI5UFmzpAxinSVIIgJFUVSKILpGMmqQ6ZzFHHysXHzcZ8TLRZ MaRSrKeRB/8ArnzB4jjWTh5mVt+VHm4TtHlxMGVl5gjkftg8COBBFZeOQXxZfPiPoL7UtO1doam7 KeVhrHut6MYqzSUuycPEFElrDXaNLzbuqRtjBMCnKZ2EhHkX7jlZgQSJJ0Zn+77Z9t3YhHlkxRZg jEdvHSWABI81jbt7T6h6e693fftgE06xRZjFkLoD2cNQVtQDH0i/IAcBrb1Dfmzdo7SK4vU6axSd wlbFO2eckiqvJ2cmnrSVnJCXk5Z0uu8eyUjK9V3C6pjqLKHMYwiJhHLJ2fdcqXKiwrIuMFICqoAA VDYC3ICwAA7OFVd1V0tteHtWTusfitnalYs7liWeRQxa/MnUSSeN+NbI2/PN5v8A3Bw2q/Cen67o ml9Zw+u6Xqiel6jJWWUstj19SK9E11lVE3cw8OSHiZdnEJkkQKC6ztsItxUBI6wK4W2+73bMHfn6 gnlkyMtpXkAYKFV3YsWsBxIJ9XkAeNr2tg7t7zt33HpyPpnHhixsJYUiYoWLNGihQlyeAIHrcyRw vYm+FbJ/VaVbRyW+8dZ/Crv95hkX6n/MRfTPxVZHu3/bcn9Uv41RTrj9He4/wVXv22azU7b/AA3N +gnxtUq6i/mHZ/1svxR18eiP0lQ/7ll/xY6zhsH8TT6LfEa7euf5cm+nH+OKj9h/Kpl+UDb8YkzX J+1j9YPxq38/8Lf93P4lXb8kP5DxX5VsfxRO5MOpv2BP1w/Faqn93X8bl/dW/vIqsoyD1c9XAe6v P4BD+vCD/jLJD4b/AKP/AM0n26gPiw/p/wD22X+xT3V5/AIf14Qf8ZY8N/0f/mk+3TxYf0//ALbL /Yp7q8/gEP68IP8AjLHhv+j/APNJ9uniw/p//bZf7FPdXn8Ah/XhB/xljw3/AEf/AJpPt08WH9P/ AO2y/wBirsKSUxKpBlOj6BgZF7kfrVKc9Me8/wBH62QOoi//APaFMID/ANWS7BBGJGCLHTy1av8A aHPz1Ve9EHdJyDqGvnoMd+X/AOMgFfMRXvtzn3OqWZ38nutfmXAewB9qMc5UD2CIAI9S/J8+csxt GJK/dGx+wa69pj8bdcaL7rIjHwuBWPx1V5b69WjwipASkZCqQwMnZye6IsvRSfgYEgE7QqxA6Kfr BH2dcrx8SX2gx6Gtp7jyAsD5r9tX7FumL7CMjxY7l7H1l+UWuV5/Kt2c6yF1x177XoF73d3vcNFu u7qUe73higr3dS/RHr3/ADezLFxm140b96KfhArz/uMXg7hPDy0TOvwMRXNZ31h1Sd8/kPc/yUsX 4oeZh7h+wT/qX/FNbTYv43h/vUX94tY0srGvSNTtWv0DbF/KCG/GFczf4v8AL+T+sX40qDbl/Pe3 /u8n4s1QTmgqc0xSr2NV7bb2RzDU4kGs0UZQiaQvzPiLEUGLZoomEG4NUzF9bs6h9Me3/Dk42reF ynTCEZBCc7/cjut21S/VHScm2xTbw06urzk6dJBGtieeo8vNUfclvv5WfwS7/fgZrup/2iL6B+Op B7t/2HJ/Wr+LXiu/eaF/3c/oJsnGN+YT7z+6mpuP7ZN/xf8ANYdeJH/Qpb8k3n9lFCz7L8h/1R/y 8VMf89F+9L/nsqqhlPv2/wDygmv7XtaZkS/n2/WN/mIK1+N+xJ+7x/5DMqjpHZCtNBdGEFFaYf14 IwHPemqSHVRuN1eLHVR+l3Pfdn6JkiGDtADgc3UAApsKTczhArBYzNFpv9zaSUn02IsPLfyHcY/T ibwVfNuMOPI16eI8QHHx1Fj9zdGDEceFhY8Rb+uus5WVcuVVF3C6h1l11jmUVWVUMJ1FVVDiJzqH OIiIiIiIjkdZmdizElibkmp8iJEgjjAWNQAABYADkAOwCvVnyuVMUpilMUrOv8NH/wA7PhX/APkd /wDqXvjI51Z/L+R95/eJW76d/jEP3/4jV2wuUxVn0xSumc5yL9vNnmKX601wl05U8hw9OSgfeH5P /q9cPovFvs459VwH7I3qH6j8456Q2hv/AEnG9fFH/d4/lJc/IHM6Dx9NefN2S+6ZJ8LcT+Xfiktk PrH5I8YWHcLDzVOviFX7vKJwGL9aa4V68qdOB6cbA+7vz/8AxhG/RZrfZtt6Tgf2JvUJ0H5wzH6i b/0LL9fFP/d3+SljyPI6Bx9Nd+wJbe8U+FuQ/LpxeW6jj84eMbjvFj5q7e7PO9X5TFK6uzyif8xb mr/4kNqf0pf57A6P/lbb/wB0j/FFeGuuf5x3P99l/HNWH5JKitW47f2rZ6NZWMTCkizNXEG2kVBe tFV1feFn8m2OBTpukQBP02hOgdOvXr7cjW87tlYGUsMATQYweIJ43Yd47qsTpHpbbN7218vNMolW coNLACwVD2qeN2NUNXt7XeUfuGzlKDBNKDs8iX0mDghveIitS0s0ARF6YBTF0yJ3h06iTqHUOvUM DG3/ADpZCrCOwjc8jzVGYdveBW73DobZcWBZIzPqM8KcWHKSaONvm89LG3ltV01t/kpZvyemvxa5 yWZf7JL+rb4jVX7V/FMb94j/ABxWMfKtr0tWU7xlVSjXxlzcZ3mtKz4al4LcguRVLURnJKGFhsLW SVQSrTlwWOMn7+zS+ulhOgsKiCnUO9M3QOn19+y9mSBMUD8rmRK97cUOrUvEG1+HEcR2VqM7pLC6 kmkmzGYGHDl0AX4PcFX4EX08fVPA341kAoXjk3nb+SvIrjW/u2noid43cnONXFa0WMsldnUNYb1y hf3uNpEzXEwpqb4a3DuqC4CRM6TbuSgul6KSv0+3Yx+8XEEEWVPA6wy48sosQTaIAlbcBdrgDjbv tUVyvdDlK7wYWUsmQk8UZ1LpX8oSNVwSbLa54XtyBNSxS/FxYdpH1TIae5L6E3BTbuy5DqX+5a5R 2rYUdPS/FttVXu3a3PU9LXSexrNPJN7xDhCNIqHXdTp5Jso3SBk5bPFshveHtcSTe0QZEc0Zj0K2 gGUS30kNrKKBY69TDSAebAqNaPdPvzyQCCbGkhkEniOuu0JisWDKUDuTcBNCnUe5bMcPXkn4XXni Lt2hSNnmgs2u9+0GP2RrC5J0nYGvZx7BQ8k6oNniLRrLbNco96ptxrdkrLgqzF42BBZss2cIOVUl wMXQneoN8ypsmFSjqwVl1KwuEWxDIWVgewg37CARVj7XsM/T21Y+BOwf1WYMFZbhpHNirgMCL2IP DtBI41mA478W/GrvHWTfcWndFcj9A6kp28+KvHih8jt/7chWtj5jWvZN9jY3kXAPtZsE5uhUB/rr X5XU+R1V5h20ikWhCvTGO6BNHX7RuO+YO6PGXimyTiZEjIiEiEIhaM34M2pwqWYXN+HKuzq7btl3 DZI/FEkON7dioHZgDKXkCSC3ELpjZ3up4aeNeOSXBittrXcW/DvjbAXFgPJ+yaMYbH0nzkY8v5h5 OpBbJer69uOna5W2Y62tt+gI363bmI7eEZniXccJhWBQpdt0nv8AMdwnm3vJZB7MZGWSIwqPXXUw ZjyUnTaw+UDyqNdfdOQLseHjbBirI3tSRK0TiVmHhPpU6RclgNWq5uQe01bG411XuGu3IOG8gvGb lo8mrZR5h5ozjvSYKNocpujZT2bjIGnRl3s1hA11gNdOHoPW51KvHSEy6f8ApJJFKBTAfd791BPk 4Uc3S+ZjeH4hEsnqyBQACbCxXVY39YgW51HejukMYZ0+P1hg5IkESNFGdcRYszLckMraSRbgCbjh V2mxOAOgW2xeTc23417v5V7L4+6Q4PXB943abtRw5u2mdn8rW9hU5DVmx37UlNcbPv8AC8cFa3At +9mx72D22NSy5zkarevXuR1Lu+4xY65uTGkTSThZzGqhlTTpIU2UGTjzPJDp51b+3dJ7Hsj5DbXj P4hSEvEJHYhjquCSWPqX7APlDVe1YnvI7xZqnC/fvKrjrRVbCNOqM7o+z1pjbZCNmLNX4fbupNb7 kZVCcm4dFvFz0lSkr+EQrIN000n5mXvBSFBTtCWdP5j5/SkmVJbxGkANuAJVytwDxF9N7dl7VD+o cZcPr7Dx0voGPIRfmNSarE9tr2v21dr4ktL+PrkgwidJXLUPIKU3NIUPed95W8sZXYMNQNJcQdNV aMlhq9xosDFHn219bJIki3UurbUowVZNc8WwSV9RFzmjyM7d9tmkzMeWJY9CpFFoLvO7MoKHkVJu bFL2A1HgCKkOXt217rjQ4eVFK35bXJLr0LAqK7CTtDAEC4a2otpHEg1WmpuEHDMk7x64lSOv9jOu VO5fHW05+wXJ1vs56hAROzXui7jysqukSagLXFqwfV59TVZOIk5Z27JMjOqqLt1iIJpIOOjC3TOi z13HUnsUWesJj08SviLEX1Xvq1G4AFrcD5MnettxJ9lyNvs3tcm3SSB78NXhNIF02tpsLE878vLT vKbUnGCN8X+oOSVDq2z5C7r8l3Gl93Eutti2kZcHFSpWntlWBnRmFfjFCVCuGdXlSOYuXB30kom3 F0t2CqVqhN9zzt2bcM7astofZRixyxaFN1DTtGNZJ9ZrJcgAKL2F7XNU9L7dsqwbXvGEs/thzJ4Z i7CzFcQSHQqj1Vu+lbksQNRtfSLc+UeruFTTxx6g5MUHjncOOW7+QPIW0VnTFTld/wBk3E2tOgdQ wLiP2vtKSQmqVUkItgvtWbjq9EgUpzOXEdJmA/RuYowfDm3A7q+JLKsuPFEC5CBbOx9VeBPzQWPn HfVx5MeGNvTISMxzSSEKNRa6qPWbiB86wHmPdWO64cWN/UHj9qPlPb9cSULoHe81ba9qXY68nXl4 25zNFmpmvWxiyjGcu5sLFSGma+8QOZ4zbkOZARTMcolMOzjzMaXJfDRwcmMAstjwBAI42txBHI1g PjTpAmS6kQOSFPDjbgfL2VfturjxrbTO1OCkdrCNCvKb18e/Hzdt7czljdrx73Z+zjWtC0T6r+ee qNa9EODRbcxkSGRYtCEMYpSB3Dmx6Oy5ZtwyHm4iKaZRYcdKgWFhxJ+yainvIxo02GJIrAyCEkk2 Gpibkk8APsCrqLN8PZu+WsuhD615NaC2JW+QG+5TQTy8JQG8afUKpslHTt55ACnVJO36uilt4VOV omvJdvEy9TRfN5OeSRjEylcrCCUVl6oxzJkNLDKjxqZNJKFipcJ6wDHQQWFw1rC55VOcXp+ZMbGj jljdWCpqGoLqCavVJUagQDYgcTYc6sm2/ouv+NHkxr+u3u2U/k/r+wNqdc7fXqyx2rpm9takxuKr e1a62NrnaNUoO1dTXmTjYlcEUnTdHuZvEHTdyIiYEpBsm/TNjTy40ZjyGQopJVgGtdXUrqRwCR6R Yioz1N0vj7hNjQ5curHikDsoDAst7MjAlGQkAi448bg1mQq/BGtu+XHOjXqFVb3HTNQjdOVjhJJJ 3aSjmu1dh+QSx1pvwbchPt1WozEDXdc2KSstgWBycgJVdyVymUgrAnyXr/JfDwjKBFMWJyGA1EJA D49ktwLsAq92oWPI1pJfdRhxZGa+OzTpoIxoz6o1zG0BL6rsqA6m5X0m45ivVZ/EBtSJlayMNt6i u6OvsLYOstkbLvdA3rpeqawndV6su26btY1h2rrCsyF/1kXW+t55/GWKuJSTORGNOn0ROdLv3EPv H2h4pGlilWZUV0RWjkaQOwRVGhyEfUy6lciwNwTxqNT+6Tf0miSCWF4GdkkciSNYiqlyxDoGdCFO lkDXIsQtxUb1nx70bYD3j/M615u8d7vqjka05AvqJsFnA7mjJ1Y/Gw2sUdg1FDUkprtDZE5tN2tt FqeKrUeycvZBk3VeEMDbtUHuXrzHKzRviZC50RjGjVHY+JrIbxNegIoT13YgC4Fib10Te6/cIWil GXjnb5BITJpluvh6Bp8LR4jSOXsiIG1WJuLi/A7M+H53ZNby3bG3XkLqvX9D1TQ+Pdra7D/N1yAu 42CG5DJ3YmvZmdolL1fK3jVlXi3NDkW9ll7K0j2FdXIUF1DpiZUsM3frLEzZkyoIZC8mpShaMWaK wYBtel73BXSTqHLuq1OlujszaNubByZoyqMHDhZPWWUalJUqHS3JtQGkix76wJ0mqq0XkK5pDibr VlXp1pvVVWsdMmUbFT7ArXmlhiFJuqWBsRNvO1qVOzFdi8TKUjpqoRQoABgyU9PP4m4wSAEBgTYi xF0Y2I7CO0VG+uF0dOZaXBsYxccQbTJyPaO6tsea8WHGCx8ruBlh0u0uEpRHkpxB1P5C9SvLfZXj ivWTlFqej7Y1puSAell3kxAUHa7OemK2oqmoxbRs/ApooJlO8IdWLw9U7tFlbnJkSAZCJlNjtYWP gll0abaSyBQ3I3BJPI1tcjpHZpdk2jHhhvjSS4a5A46vy+li2sesFcuV5ixAA7Kt2d8MtTX/AG/4 6tlUwJSkcQNz6Tsu7+VjpKWczKlOZ8Oa9aJTmbXUZiZWeytdSsP2PZHiFTrkUbKW1kCZipikIyHd upt227CzcXWPrfHzBHGdK+tHONWObWsbXIaw4+Gb8b1E+m+j9g3fPwst4Sdmydu8Rxrf1JoHCZIu GDAHgygngJBbhatZLaOzpDY1im3iTUsJU17LOS9VqRTpPS1WIkHzhWLgizKrdOVmCw8aom2Bw6UU WW9PvOInMI5xnz87LiSPMk8Qr26VW5tYn1QOfdUp2/Yto2mZ5dsh8IvwPru3C9wPXZuXfzrnNcfo 73H+Cq9+2zWbLbf4bm/QT42rQ9RfzDs/62X4o6+PRH6Sof8Acsv+LHWcNg/iafRb4jXb1z/Lk304 /wAcVGCrhRpLKOkRAFm0idwkJg7igoi5FQgmKPyh3FDqGatmKTFxzDX+A1JkjWXEET/IaMA+YrY1 WVt2harrGoRU4syUaN3qcgmDZmRuoDhJBy2IInKYREnpOz+z9Xp+pmZmbrl50QinKlA1+AtxsR/T Wn2npna9lyGysEOJWQobtcWJB5edRUeZrqkFVr9tlv5sUr/hljmd7c36KD8AVpvqVP8AE5v/ADmp 9tlv5sUr/hljj25v0UH4Ap9Sp/ic3/nNT7bLfzYpX/DLHHtzfooPwBT6lT/E5v8Azmp9tlv5sUr/ AIZY49ub9FB+AKfUqf4nN/5zVMGr9rWmStFbqqhYhtCLKLNvdGMYk1KkikzdOCEQFM3RIAUTAfYG bnat2y5cuLEOgQEkWCgdhPCoj1P0tteNtmTui+K2aADqZy1yWUXN+fA1cLtJQ5KDZCJj0UdtEI0n sAep5R81jSgACA9RMZ106fL+p0H25It1JG3ygcyAv4RC/wBNV/0woO/YzN8lHLn7xWf/AHa+JZok rshVh06IqazO06D1N0SPPCj0HqPU3Qg/q+3OLIDuRj+aca3+1au1JWTp0T/PG5BvT4V65LWTgzig 1Qx/16EQ3YnAR69po0TR5i9egAPYLXp7Ooez2CIe3Oza2LbfDfmEA/B4f0Vj9SxiPfsoL8lpi34f r/71crabbB02PRk59yo1ZrvE2CaiTZd0YXKqDhwQgptyKHABSanHqIdPZ0+cM7cvMgwoxLkEhC1u RPGxPZ5jWLte1Zu8ZBxsBQ0yoWIJC8AQOZI7WFRHa90a/lavZIxlKOlHklATDBomaLkEyncvI5y3 QIZQ7cpCAZVQAEREAD5RzT5e97dLiSxI5LtGwHqnmQQOypZtXRu/4u542TNEohjnjZjrQ2CuCeAP HgKsnyD1dFTtWv0DbF/KCG/GFczf4v8AL+T+sX40qDbl/Pe3/u8n4s1QTmgqc0xSps0B+kRt+CpT 9qJm86e/iQ+g3xVDOvf5eb9anxmqr5Lffys/gl3+/AzL6n/aIvoH461Xu3/Ycn9av4teK795oX/d z+gmycY35hPvP7qam4/tk3/F/wA1h14kf9ClvyTef2UULPsvyH/VH/LxUx/z0X70v+eyq4fYdpJE yMwzYKkNKHmbWkcSGD1Iw4XStzzF0YpkzpnOoevCUCD8xu4fZ069G5ZYhldIz+V1yfe/lEcH/Y5V mdPbW2XjwzTgjFEMB48nHs80TLzuLCW9/JYcb2gVRRRZRRVU5lFVTmUUUOYTHUUOYTHOcw9RMYxh EREfaI5HiSTc8SanaqqKEUAKBYAcgBX4xX2mKUxSmKUxSsj3iK5W1bhH5IOKHJe9dydFoewJCHvT 4qR3BoWk7Optn1NbrIVskU6zo1Yrt5cyIJJgKivuvYQBMIZqt7wn3DapsSP84y3HlKkMB6SLVsNq ylw9wiyH+QrcfMQVJ9AN67iOs2au3SuwNvqE9D2mqWmHjbDWrLXpJnMQNggZhmjIRM1Cy0es4Yyc XJsXCayC6Kh0lUjlMUwlEByjHR43McgKupsQeBBHMEVbCsrqHQgqRcEciKijkpyM1LxL0dsjkNvG 1MKfrTV9af2Ofk3i6Kbh4ZskIR1egmqyqR5e02WSMkwi2CPcu+fOEkUyic4BndiYs+bkJi46lpXN h9s9wHMnsFdeRkRYsLZExtGouftDynkB2mumh2bs6V3DsrYu2515rKPm9pXy47GmWLqDI6cM5W72 OSs0g1Vcp1UE1zoO5M5e4oABunUAD5A9IYaLj4kUCvi6UjVRqS7WAA4+oePpPnrz5nEzZsszRbiS 8jH1JbJxN/VHjLYd3Aeapi4X79j+MfLjjTyGmF9by8HpjeGtNjWCLjIBRGVkK7VrbFylhaQ66dfZ ChMrwqC5WZxUKQjkSCfqUBAevc8Y5+3z4YkxFMsTKCFtYkEDj4fDjXLbpvYc+HM8Dc2EcitYygg2 NyCDNY+Y13HGttkUPcNAp+09XWyFvWu7/Xoy1U23114m/hbDX5hsR3HyTByn+uTWRUDuKYCqJHAS HKU5TFDzfNDLjytDMpWVSQQeYIr0JFLHNGssRDRsLg94Ne3YWwaTqej2rZWybPD0uh0iEf2O12mf dkZREHCxqJl3j544P1HtIQvQhCgZRVQSkIUxzFKPLHgmyp0xsdS88jBVUcySbACuGRkQYkD5WSwT HjUszHkFAuSfMK6rDlluVnyH5O8gN6RserExW2dv7AvkNGOC9rthB2OyyMjCtHwAs4IMihFLIlcC QwkFcDiUAKIAHsrZcBtr2jG25zqeCBEJ7CVUAkeS97eSvBu/7ku8b5l7og0x5GRJIB2hWYlQfLa1 /LVvmbStRVk/JD+XEV+SjH8bzuQbqb9vT9SPxmq5/d1/BJf3pv7uKoppn33efkpfP6D2LNThfnm/ Uy/3T1Kt4/ZE/esX/MxVcdN8hazJw0vGpQk6mrIRj9ikooEf6ZFHbVVuQ5+14Y3YUygCPQBHpkln 6jxZYXjCSXZSOztFu+q6wvd/uWNmRZLzQFI5VYga7kKwJt6vkq0bIfVs1lMh/JslWePM/q6p8S+P 1S3bbOKo8LLZyerSVuhbXZNBry7R7JpTGto+bb6vkNqz0PHNouQuC7BWYdtESmOb1wBUNM20a8oT PPK2Os3iiM2ID27Gtq0g8Qt7CtmNx0wGNYoxMYvDLi9yvmvbUeRa16u8e+fa4LbNl9zRPDXj9Utp bD3txW5Ib1uFWs22Gy+49q8Vnk2vWXshCTNsnKvT4KcQn3QLNIdi1WK4duHC7h2dRMEMIdNR+CMd p5WhWOSNAQvqrJa/EAEkWHEk8gABWX9eP4hmEMYlZ0diC3rMl7cLkAG/YPhq1Di95X9ocXa0zpdf 1lTbXUJHafKq7bFhJiw3WBWvlN5b610vrW/a8SsdKmK7a6UtANtJx0nCzsQ+bybOUMCnUxEgTPm5 myw5j+IzsrhIwpABsY2ZlaxBBvrIIIsRWLjbpJjLoVQULOSLkXDhQRcWItpBBBverdua3MVxzCuF AmGmpajpeo6w18w19VKlWrLfr5LP0EHzyUk7VfNi7Pslput3uU08eARZ24cJJEat0EyIgcqqq2Tt +CMFGUu0ju2okgAeYKoAAHd56x8zL9rdSECIq2ABJ9JJJJJrJHtvzRai27HagbKeOTR9Df8AHaBq NZ0EWL2hu276v1tW63c63aputk433C6BoSzRuzGcEows7mShHElNJujLunCroiaxOOx7a+1Zck0u XkNFMriTSEWRiylQRKAHUoSGUqw0kAAWJFYXU7nfNvjxsfGxhPDLG0fiF2jXQwYgxcUcOLowZSCG JPrAEQJsrydUW0a+v2ntRcSNacZdbbX3MTfm1WmtbDfLXK3vYsSxm4qootQ2Fa5iP19Q6sytsyo0 gogoN0l3/QFBSRITNrsix7buz7pmSz5MnhNGhYIGCswYlrW1M2kXY/BxrSdTbflb3sEOy4KY2Kqy I8gXXoJRGUKl9RVFLHSO61zwqiOE/kai+FPKCX5MsePNL3tOp0d9VdfR+zLBZIBXV05LpRzOUv8A SZGpPCuoW6DDtnLJtIIGTds0nqp26qSo92dXVEf+oiUSSSGAlSRwN7DkQbixPEjttxrM6MxD0thr HMkUuUNXrC45sSCDYG4BsO7sr7YryB8fYbdW09ktPHjqhWl7epTKCs9Dk+Q3KyZt7W5/X05L2rYk NvuX2q9283e7KZTyjCyxq79zGyzZMgqJgcVBU1DbZktjpEcp/ERrg6IwLWAClAun1bXU2uKkYzoB M0gx10OtiNb3vfiQ2rVxvYi9jVL8pOZ2tuWerdr3rYusW0dzR2xyzrt+SulPQlIbW+vOKlE0WjrK paBrsU6t79BzFxEo0hk4oqsad4xj64X1pBcXIJk7cLDyMGRIIZD9WrCQVJ4tIX1Fzw5878eJbgBa unKnx8sHIljX6wMlwwHyYwunQON7cvQOJN6mrjx5UdVaZ4SteEF34B6p3BSJS6Pr/tO4F3nyF01b N12Uk5Lv6mbZr3St0pbyywVEhXzVhFw7pyvEIHYJvitQfGOuOPkbRkS7j9ZQ5UkcoXSoCowQWsdO oGxbjcjib2vbhWRFuGOuD7BPjxyRFtTXZhqINxqsRfTwsOQsDz41ScL5X7jD6gha+bQWqHvJKqcU Jfg9TuXS0xsFHYVd40ysS9qaNdRpDazpa6XvsBrqXe1iNswsSPmsGsRESHURKsPI7MntHiCWQYxn Exj4WMgN76rarFgGK3tfjXH6yJg8No0M3hGLWb30EWta+m+klb25VaFK8q7bL8Na1w2dwzVStVzk veeShLmpKya06+mLxrDXGsV6m5YKmMw+pYxrrlF6ioAiqLhyoAh0KUc2JgY57Z7OxdoVjIPKyszg /C3KtephjxFxI4o1VZWkBAA4soU8h3Dnz7K+rl1yxsXLC16ykHVRgda0HSWkNbcf9P6vqzp89gaT QddxJ0z9j6R6Ppaet9rkZOdlny4eu6kJJUTCIFJ068HCXCRwGLyySM7MeZLfEALADuFd+VlNlMps FjRAqgcgB/STck95q3N9c7hJ1qFpkla7LIU+trvXVdqj6dlHdagHUkuu6kXMLBLulIuKXfunSqix 0EkzKqKGMYREwiOUI0DmQKA55m3E+c10F3KhCToHIX4D0VlmP5SdPTFF0EnfPHjpTYm+uNGhdd6N 1Nv+ybp5GM141DUjZ6rruxWDUVYv8Bqe3pwtifGfuYuSjnLKUKJmrv1WxuwNOm1ZMUsrQZcscE0j MyKqcdfygHILC44XBuOY41sJM7FmijTIxopJY0VVZix+T8klb6TY8eIq43d/n9mN5KQJLLwV44yM YPKCP5VbJirxbtybRT2dd0tb7e1o6hV5C83GSlqFWYRhtg8jU2lcXjW9Qlo8i7FISrrpmw8fppce +jJlB8Hw1sFXSNStfgLMTpsxa+oGxrLm3wzW1QR28XWblmubMO08ANV1tbSRwrHb5AOf9j54zekV H+sYLVVR4+6nT1Dr6vs7zsra9nWgTWSZtTp3cNqbests2Bbnf1nNqEaJunfu8e1KVFAhS9wm2m2b Ym2rJZy7yvqY2VRewHBVAUcuPDjWBnZzZpS6hUjXSBcsbXvxZiSf6Kmt35kOSiWkeB2pK1AUSuzv BHY1J2XXdnAxdyNk21K6afTiXH6I2ayUWbMZKu6bp9qlIBg3KImWjHhid6QgImxxsWJ7RkzuWK5K FSvYoa2sr5WIDHyiu47tkeDBEoUNAwIPa2m+m/kUEgeSrwdS+aylTnIjQa1v0lSeNmkY7ae2Ltvq zMC7Y5fTl1abc1Lf9VytLmKtu3aJ35NDqxt+eNZGrwUhHrpRzpRdgqV+3Q78GfYJFxZNEjS5BRQg 9WIDSwYEFF+XwFmIPHgeBNZcW8IciPUgjhDMWPrOTqUrazH5PHiARw5canC1eY7ixxHU43a/4d6y 1btXXFE1zzp15tWN1lUuSHHWnDTuW170NYa+0oFr2Ht2w8jm22INLjwxWm7A6mjIlayx4yNMVsgk KHzC2bJych8nc3kjYvCyk+FK2qJXHFdIiKkvwUjsuePPp3PcUXD9l21I3JjkQi8sS6ZGS9nVvFVg F+UDzNhw5QpaPiCBsm/4zfD3gto083Tqlp6t6ukaxft16kvmug03P2uZiY2P2PrO+xNusGvrIlY0 STdZlXT2Ik3DIrhRMDqKFHJyOnIShhx8nIMTFi3iLG2ova5K2Kggj1WFiAbVj4G8ZUaK2Zj4yzIF CiIyKFVPkgEkMRa2oG4JF+2scvIjllo7c0tpLcURqBKocj5y18rts8x7dWGryJrF+2HvfeuwbpQ4 WkwMnbrC3Z1zW9BmmbRFUhI0RI4FsdFdRoL53venxLtGd4kzM+DGqLGvAsFWLQSTYcWbieJ5X7bD RdV4o3/Z3wscLHmynU7G4UnxhIOVzYKLDh227L1d1o7zjbU0Xz3R5oV7W8E/gnXHvUnHi36ak3rl 5V7xX9K69olTotjlTLKGNHWmFtOvI6faO2/3Zk7IdJE4IrKlNg5eybbmxS40rzCF5pJFdQutTIxZ hzsVIZkIJ4qePGszE3Dd8HHx2gXHbKiijjZWLeE4iUKpvbUGBVXBtwYcOFQZGeWHaNR4Xb74R1Cm 11Wl7vdidnsifKqfZGsYSzP6A529TqQ5QWcMm9X28y1ZBNpVAwgTsQWOUnqreoTP3zGxN23uLeE1 qY0AKm1mK69LNbtXWbH+itZ0nj5nT2wSbLOY5GeVmDi91VtGpRcDg2gXHL01ibznWyr3puXKKayK LhdJFyBSuEk1VCJrlJ3CQqxCmAqoF7h6AYB6dRz6GZQQpIB5+Xz1waON2Duql15EgEjzHs9FeEHD hqqCzVdZssUBAqqCp0VSgYBKYAUTMUwAYB6D7faGFZkOpSQ3kr7JHHKuiVQydxAI+A16hERERERE RERERHqIiPtEREflEc+Vy5cByrxilMUpilMUpilMUqrKLYG1VtkNPvEV3DaNXWVVRben66gKNHDc AT9U6afUDLAI9RD2BmXgZC4mWmQ4JVSeA58iP6a1W+bfJum1TYELKskigAm9hZgeNrnsqebZveu2 GPZx6MPNIpknIKQe+sDHosxi5RtIOEEwK6UKKyoNgAncHZ1+XJBl7/jZMaxqjgeIhN7cQrAkc+fC oLtXQ24bfkPkPNCWMEqLbVwZ0KAn1RwF+NuPdVB7I2dHXF4q6i2knHipCNIsBcGQIcFG8waROcTN 3Cn3IyQ9oe3r3fN0zA3PdY81y0IdfUC8bdjX7DW96d6ZyNnhEWU8Ulpmfhcixj0DmBxvx81Q8R47 IUCEdOCFDr0KRdUpQ6iIj0ADAAdRHNKJHAsGNvPUuMMTG7KpPmFflRy4WKBVnCypQHuAqiqhygYA EAMAGMIdegj7f8OC7sLMSR56+rFGhuiqD5ABXpzjXOmKVI0TcmMfre00tRq7O/nZNg+buiej7oim 0cxS5yLdyoLd5isDAHaUQ6iH+HNlDmxx7ZLgkHxJHBB4W4FTx7eyo9l7PPkdR4u8qyCCCJlKm+ol g4FuFvnDmew1HOa2pDTFKkDWluZUm0JTr9s6dt02TxsKLP0vWE7khSlMHrKJE7SiHt9vXNhteYmD ljIkBKhSLDnx89aHqTaZt62w4OOypIXU3a9uHmBNcztnYEbsCRiXkayfMiR7JdsqV97v3nOquCoG J7ussHaAeweogPXO/d9xi3GVHiVlCqRxt3+QmsLpTYMnYMeWHJdHaRwRpvwsLcbgUi9gRrBhHtVG T452n1V3mJ7v2m9wrlrhlO3uWAfprz6Zy9en0CG6+3oAotxijjVCrXGnu7EkXv73HwGmVsGTPPJK roA+u17/ADpoJB2d0RB8pHlr5pPYCC7VwixYreo6jfqxQzoSFImirUKzWnCpARUOY6gKQipyAPQO 05BH2gJc4y7irKVjU3K249xjRDy+iSPOPNXZjbA6Sq87jSkmsaeZIyJpgOI5WkUHyg27DUbOXLh6 4Xdu11XLpyqou4cLHMosssqYTqKqqGETHOc5hERH2iOatmZ2LuSXJuSe01JI444Y1iiULEoAAAsA BwAA7hXoz5XOmKUxSmKUxSmKUxSsmfELzF+SLgvWEKFxx5P26s64bKrqtNb2uHqOz6LGA6WK5do1 2A2TX7U3p6Lt0AqqhDDHioqc5zCJlFBPqM7Ytq3F/EyoVMv3QJU+kqRf03rZYm7bhhLox5CI+42I 9AINvRaot5geSXnHz2cxR+WPIu77ZjIF2MhB1JdKBqOv4eS93O0CWjtd0OHq9HbzQM1DI+/BH++C kcxRVEDG692DtW3baD7FEqE8zxLHyaiSbeS9q6svcM3Ot7VIzgchwA+AWH2Ks6j55xGt/dk2EG5L 6hlAUkIOLfuAEwF6l94dNlFhTDp7AERAOo9M3MWQ0S6QsZF/nIpPwkVpcjAjyZPEaSdTa1kldB8C kC9fd9rnn8EVX/haD/1LOftr/cQ/8tftV0fVMP6bK/58n9qr+OJfly8hHBuNUr3GDkPNa2pbh+aS d68NW6Zb9dLOl1wXkHDakXiu2SuQr6WMHR09jm7N+sXp1X6lKIafdNt27eLHNgiMg+cq6G9LJYkD sBuBW42ufM2cn2Oeco3zXdpF9AcsAT2kWJr18rPLNz+5yuoBlyq5I3XYdGgrBHzrfW0MxrGvtdgt HyScgzXdUbXsLVK1PykWBRIzeyiDx8gHyL9TGEeO07Tte0ZCT4kIVlYEnizWBF7FiSL9wsK5bxm7 hu+FLizyk+JGygclBYEAkKONr87E1Fv95Oq/wDYP/JHf67lif6mxP0cn+z9uqX/+ON0/T4/+3/Zq hNibwZWmAJGV5CwQj8sg3dGee8JNerdJJwRRH1WLwy30zKlHp+tHt9vzZgblvseVj+FjCRJNQN72 4ceHA3redPdEzbZnnJ3BseaDwyumxbiSLGzLbhY+WrensjISSpV5F88kFyJgiRZ65WdKlSKY5ypF UXOocqZTqGECgPQBMI/PkckkklOqVmZrcySfjqwYMfHxk8PGRI0JvZVCi/fYAceA4+SvnSWVRMJ0 VVETmTWRE6RzJmFJwkdBdITEEBFNZBQxDl+QxDCA9QEc4glTdSQbfHwPwjhXNkRxZwCLg8RfiCCD 5wQCD2EA168+VypilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpi lMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpilMUpil MUpilMUpilMUpilMUpilMUpilMUpilf/2Q== --_005_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_ Content-Type: image/gif; name="image002.gif" Content-Description: image002.gif Content-Disposition: inline; filename="image002.gif"; size=134; creation-date="Thu, 14 Sep 2017 00:30:13 GMT"; modification-date="Thu, 14 Sep 2017 00:30:13 GMT" Content-ID: Content-Transfer-Encoding: base64 R0lGODlhEgATAIEAAAAAAP///wCZAP///yH/C05FVFNDQVBFMi4wAwEBAAAh+QQBAAADACwAAAAA EgATAAAIRAADCBxIsKDBgwEECEB4UKFChgYfQiTocOHEhBUtTqx4ESNHiBkddpQ4MKTJkAJPqgSp MmPEliRLwny5smBLhCZZKgwIADs= --_005_fb6183ce8f97468aaec4c8d1137dc8f8XCHALN017ciscocom_-- From nobody Thu Sep 14 11:25:13 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65356132397; Thu, 14 Sep 2017 11:25:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UtAVD-1-Xe83; Thu, 14 Sep 2017 11:25:08 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9306F1320D9; Thu, 14 Sep 2017 11:25:08 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3xtRlh3KlczCJ2; Thu, 14 Sep 2017 20:25:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1505413504; bh=m43cM8c4oHOm+LzxKMg1M8E90PA0XtDfiuyb1smT6Do=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Ew3w2p47Hu908Wj1hAClQ1fSUACkQDMqT2CP7mCs3iwlw0AiYCZyZEzPtJcuruVae UDb+JLxQV1y/kMNTa3JfxgdyEus5lSgQyu0EVxbIxewIGgSP+9ZrUko/ZBybaJ3X/z nVcKLtoluJrUcMpqmzNG47qNJZjY+3val+0WQU3Q= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id A4HeDA91M33b; Thu, 14 Sep 2017 20:25:02 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 14 Sep 2017 20:25:01 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id CC4ED1255FE; Thu, 14 Sep 2017 14:25:00 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca CC4ED1255FE Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C4E2240B8284; Thu, 14 Sep 2017 14:25:00 -0400 (EDT) Date: Thu, 14 Sep 2017 14:25:00 -0400 (EDT) From: Paul Wouters To: "Mike Sullenberger (mls)" cc: Linda Dunbar , "i2nsf@ietf.org" , IPsecME WG , Yoav Nir In-Reply-To: Message-ID: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 18:25:11 -0000 On Thu, 14 Sep 2017, Mike Sullenberger (mls) wrote: > If you want to securely encrypt traffic between endpoints then you are going to need to build point-point encrypted tunnels > between these endpoints, this is the main reason that SD-WAN implementations use either a full-mesh or dynamic-mesh of > point-point tunnels.  If you rely on a multi-point connection model then you end up using a group key encryption model which > is less secure (many customers will not accept using group keys). See also Opportunistic IPsec, which is a way of creating a mesh with IPsec using some kind of central (X.509) or decentral (DNSSEC) authentication. See: https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec_using_LetsEncrypt http://events.linuxfoundation.org/sites/events/files/slides/LinuxSecuritySummit-2016-OE-16x9.pdf https://docs.openshift.com/container-platform/3.5/admin_guide/ipsec.html https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-ipsec Paul From nobody Fri Sep 15 08:01:38 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67A72133425; Fri, 15 Sep 2017 08:01:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KybKgHnbSJYS; Fri, 15 Sep 2017 08:01:29 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DE6D1333DD; Fri, 15 Sep 2017 08:01:29 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 722462009E; Fri, 15 Sep 2017 11:05:49 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7C70D806FA; Fri, 15 Sep 2017 11:01:28 -0400 (EDT) From: Michael Richardson To: "i2nsf@ietf.org" , IPsecME WG In-Reply-To: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Date: Fri, 15 Sep 2017 11:01:28 -0400 Message-ID: <29103.1505487688@obiwan.sandelman.ca> Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 15:01:31 -0000 Paul Wouters wrote: > See also Opportunistic IPsec, which is a way of creating a mesh with > IPsec using some kind of central (X.509) or decentral (DNSSEC) > authentication. See: And it's important to note that the reverse map that is used doesn't have to be the public (DNS) one! -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ From nobody Fri Sep 15 08:14:07 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA18132F65; Fri, 15 Sep 2017 08:14:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMjWDjW03GG1; Fri, 15 Sep 2017 08:14:04 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE104132153; Fri, 15 Sep 2017 08:14:03 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3xtzSl4bSgz9K; Fri, 15 Sep 2017 17:13:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1505488439; bh=IathGVPbDznzXn98dsO+OFofgL7PVAQhzIYtB7sTM70=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Bilaspiu+B7YXFNdei643t11HoZZHnRJVFuo3hni/V4bMT7qE1C77u5lTJf3K184G lM5bzTO5fmaB/x1tCn0cm+Of8lFp3U8gmSvEdWMObG/l7EbB3b8B7aV9/mkaGLEo+M t9VlFmf8xnT+/WO4JthbsrEMTTK/Ciz/0hVIwyOk= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 3t835oQrwOiE; Fri, 15 Sep 2017 17:13:57 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 15 Sep 2017 17:13:57 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 1BBE92E75B5; Fri, 15 Sep 2017 11:13:56 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 1BBE92E75B5 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 046A64167596; Fri, 15 Sep 2017 11:13:55 -0400 (EDT) Date: Fri, 15 Sep 2017 11:13:55 -0400 (EDT) From: Paul Wouters To: Michael Richardson cc: "i2nsf@ietf.org" , IPsecME WG In-Reply-To: <29103.1505487688@obiwan.sandelman.ca> Message-ID: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <29103.1505487688@obiwan.sandelman.ca> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 15:14:06 -0000 On Fri, 15 Sep 2017, Michael Richardson wrote: > Paul Wouters wrote: > > See also Opportunistic IPsec, which is a way of creating a mesh with > > IPsec using some kind of central (X.509) or decentral (DNSSEC) > > authentication. See: > > And it's important to note that the reverse map that is used doesn't have to > be the public (DNS) one! Right. But also we support the forward DNS. That is libreswan can also use the IDr for a forward DNS lookup, which can also be an internal-only zone. I believe in that case we also then do another lookup of the IDr in the forward to ensure it includes an A/AAAA record to the IP we are connecting to. Paul From nobody Fri Sep 15 09:25:00 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630CE132F3F for ; Fri, 15 Sep 2017 09:24:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQWnCrvNG1Fs for ; Fri, 15 Sep 2017 09:24:56 -0700 (PDT) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 320E7132D89 for ; Fri, 15 Sep 2017 09:24:56 -0700 (PDT) Received: by mail-wm0-x234.google.com with SMTP id r68so9688959wmg.3 for ; Fri, 15 Sep 2017 09:24:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:references:to:date; bh=l/z8z39WzOs0+4v9NJUZT2TBLCcGQsU15YSNZXzsOQg=; b=kHIeS+8mMviZJ7z1TZ6NBY2OONWG0XOtadx+PLXreUHrv9hbRcvITHD/0zHNPpVWe8 f3Dnoj4rqHPwoYaW3GeWBpVIQI8+pow6e9cLwPTDH7snO8u5LzHccxXsUame/MqxgXva oC7EcQhiptow+zLSc2lVi+fizfpVsD2+cRF+kcEChgpZJNkIT/frsnvNVkrZ876APSYA 4FNtnJlVWE/YJGZk9anF0eZSFjw4/Lai7b2+Q3y+1u9qRMpyjGUsGL8QdcB6iP4iHPed GipXduOV2Iv5BPZg8bIoNs8wntw+hKFSLTmwB2Q84qqYotaNN3X7hzoYhrSigdzpiZOm JMPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=l/z8z39WzOs0+4v9NJUZT2TBLCcGQsU15YSNZXzsOQg=; b=h6h2o0EpRNmkDPlbJopzAtB+FJLOMMb1RlhnsC7LbnaQUK33Hix8sTmz7BKXaMdgwG XEC6SKs2aoo/S0S6plfutJ8agB1g7g/Kzuh9PKi4nL94V/s+BQgVT2wdPc+15v9LtlL3 cGecTqTSbOp6sYjCkAGY4onmXtKRKv7R+T0HaSHowg3ZiUpkRjPbdG3CQX9+Lirp9Sij FvzIYGxpjXBFsNY95Lvt3UTHos5S4cusmUbumZGiBXlioe2+VkdZGOWJxC/p3DgbmSKG 0lamZu/P4RzKJlAUsoRWW2xlh9dJz+GoqOCrGAb9Lwce385/NEXT3iiJgn5PqK8b8O0a wwUQ== X-Gm-Message-State: AHPjjUgClhQwOJOnQ0cSxx2UmIjXV/G4AfEzKNHO9pa0l2oJLa1lB0FM vWjHroIKE8hoxDXhrNo= X-Google-Smtp-Source: ADKCNb4VW4RnG43y3sLzmM0FTzdr0cW5ukk9l/Hs4VW5/aPzHXBQYaUp4s4RXxpuIxP11pYV5rhBsw== X-Received: by 10.80.163.141 with SMTP id s13mr17679427edb.248.1505492694415; Fri, 15 Sep 2017 09:24:54 -0700 (PDT) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id m10sm747813eda.30.2017.09.15.09.24.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Sep 2017 09:24:53 -0700 (PDT) From: Yoav Nir Content-Type: multipart/signed; boundary="Apple-Mail=_70C5B07A-BC71-489B-B6D7-CDB1F85BAB04"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <69EA5914-A493-46F5-A160-A3525C3BEF70@gmail.com> References: <79CC25F6-4B4D-4171-9DB7-274C629D38FE@gmail.com> To: IPsecME WG Date: Fri, 15 Sep 2017 19:24:50 +0300 X-Mailer: Apple Mail (2.3273) Archived-At: Subject: [IPsec] Fwd: Call for adoption of draft-abad-i2nsf-sdn-ipsec-flow-protection X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 16:24:58 -0000 --Apple-Mail=_70C5B07A-BC71-489B-B6D7-CDB1F85BAB04 Content-Type: multipart/alternative; boundary="Apple-Mail=_1ABAE788-A50B-4245-ACFB-F6C00BD4F305" --Apple-Mail=_1ABAE788-A50B-4245-ACFB-F6C00BD4F305 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii FYI Following the virtual interim earlier this month, we are now calling for = adoption of the draft in I2NSF. All discussion of that draft should = take place on the I2NSF list. Yoav > Begin forwarded message: >=20 > From: Yoav Nir > Subject: Call for adoption of = draft-abad-i2nsf-sdn-ipsec-flow-protection > Date: 15 September 2017 at 11:09:39 GMT+3 > To: i2nsf@ietf.org > Cc: Kathleen Moriarty , = draft-abad-i2nsf-sdn-ipsec-flow-protection@ietf.org >=20 > Hi all >=20 > This starts a two-week call for adoption of = draft-abad-i2nsf-sdn-ipsec-flow-protection. Please send in your comments = both for and against adopting this as a working group document by EOD = Monday, October 2nd. As always, adoption by the working group does not = require consensus on the details, and the group will have plenty of time = to discuss the contents and modify them as appropriate. >=20 > This draft was proposed a while ago, and the interim meeting earlier = this month was dedicated to discussing its issues. For more information: > The draft: = https://datatracker.ietf.org/doc/draft-abad-i2nsf-sdn-ipsec-flow-protectio= n/ = > The minutes of the interim meeting: = https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials/minut= es-interim-2017-i2nsf-01-201709061600/ = >=20 > Thanks >=20 > Yoav --Apple-Mail=_1ABAE788-A50B-4245-ACFB-F6C00BD4F305 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii FYI

Following the virtual interim earlier this month, we are now = calling for adoption of the draft in I2NSF.  All discussion of that = draft should take place on the I2NSF list.

Yoav

Begin = forwarded message:

From: = Yoav Nir <ynir.ietf@gmail.com>
Subject: = Call for adoption = of draft-abad-i2nsf-sdn-ipsec-flow-protection
Date: = 15 September 2017 at 11:09:39 = GMT+3
To: = i2nsf@ietf.org
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, draft-abad-i2nsf-sdn-ipsec-flow-protection@ietf.org

Hi all

This starts a two-week = call for adoption of draft-abad-i2nsf-sdn-ipsec-flow-protection. = Please send in your comments both for and against adopting this as a = working group document by EOD Monday, October 2nd.  As always, = adoption by the working group does not require consensus on the details, = and the group will have plenty of time to discuss the contents and = modify them as appropriate.

This draft was proposed a while ago, and the interim meeting = earlier this month was dedicated to discussing its issues. For more = information:

Thanks

Yoav

= --Apple-Mail=_1ABAE788-A50B-4245-ACFB-F6C00BD4F305-- --Apple-Mail=_70C5B07A-BC71-489B-B6D7-CDB1F85BAB04 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJZu/7TAAoJELhJCxUKWMyZ0DgH/0cQfnnDeyyRiv1JOE9ozLxl /+UwxES13Aj8k/CcbZzDi3lb7DbbT3zFpEqTIlJv80hbXSCe09XXd0KfGbIdHCBf ckH78BtE2kOwNkgYYQTFYh/oPzh+gUYr3p5sew48TXFEOD2pMkOBE7m01TBWemh8 8A0i9bIRHIuZKI3yZ35Pd6Jb4XDX1jJ5BZhlhgvbSscjkf3QirsbrHi2SemwL8Qr gxi+31VBthpbgEnK7AN1mWE5T6cJRVMRNvQ5L7ZjDaSS4bYQ1DXZEBJM6nvJd0Tk pK1gARWclA1DmRkWaM5HbGvhByqxIgUcoA0/YCZm2pdhAGFajjDy3i1wPsxU+mg= =n/SI -----END PGP SIGNATURE----- --Apple-Mail=_70C5B07A-BC71-489B-B6D7-CDB1F85BAB04-- From nobody Fri Sep 15 17:37:19 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34280132025 for ; Fri, 15 Sep 2017 17:37:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CW8zr98_s5y for ; Fri, 15 Sep 2017 17:37:16 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 811FF1200F3 for ; Fri, 15 Sep 2017 17:37:16 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6AAB22009E; Fri, 15 Sep 2017 20:41:37 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1E59781637; Fri, 15 Sep 2017 20:37:15 -0400 (EDT) From: Michael Richardson To: Paul Wouters cc: IPsecME WG In-Reply-To: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <29103.1505487688@obiwan.sandelman.ca> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2017 00:37:18 -0000 --=-=-= Content-Type: text/plain Paul Wouters wrote: >> Paul Wouters wrote: >> > See also Opportunistic IPsec, which is a way of creating a mesh with >> > IPsec using some kind of central (X.509) or decentral (DNSSEC) >> > authentication. See: >> >> And it's important to note that the reverse map that is used doesn't have to >> be the public (DNS) one! > Right. But also we support the forward DNS. That is libreswan can also > use the IDr for a forward DNS lookup, which can also be an internal-only > zone. I believe in that case we also then do another lookup of the IDr > in the forward to ensure it includes an A/AAAA record to the IP we are > connecting to. What's happening to your document about this? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlm8cjoACgkQgItw+93Q 3WUDOQf9HJ7kYoRdxie4j3KoFGH8BkNWxhXmvYNPjutjGtNZ3VAx0HVCkyjlfM1Y EHGS10v+GdZ59q5dTXt6FX19ySPhTdTCSuABdfn6VcanuxfcJM0lb0nAJ5KjO0f6 oNiXwnxJA2fOJjEr3vLQO7BQ9dxB+Ktt7fhSS4NeCAKDG92pBihJ0ypZIaXOfhny m6+IvdnrcchYTpB3xHW5dEyZaHUTMykeV1UIjd2wxYNSOfhwLjujVFTvEGGJw5zZ pbkF5VzAnKiAH7bJzrzVIfzAFPN2JeuMaLZAtdOFh0fVjOQUwmIHFST7gKl9drt1 0aoOhbSLnPAkjahxP/hhUUDXbthbSg== =8UIx -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Sep 15 20:30:37 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6ABB132D48 for ; Fri, 15 Sep 2017 20:30:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOP01ErISCu2 for ; Fri, 15 Sep 2017 20:30:33 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9502132D42 for ; Fri, 15 Sep 2017 20:30:33 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3xvHpY3Nx8z1Kg; Sat, 16 Sep 2017 05:30:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1505532629; bh=yF0r3k0F0BHhQBMrmAZ0jpVfbA8yr1ZuLIfcWqlTDdA=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=mE/lZU1wHb2Te8TdmNG1iarAVLlScp42eMMkukb1rtgy0ooqt0p6/gP0IGOJNdWSX aAWMzOhw8Couv0oA53xfn7jTexnMQtSfqfpF25vLdADZCi2kEUM4Q5NPJ6CM49/KsM XU4uyLzvCj9jZuMT8Qm2qwIibiVnJABM+ZtkD258= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id ilHyXUV6VIVo; Sat, 16 Sep 2017 05:30:28 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 16 Sep 2017 05:30:28 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 1152B41853E; Fri, 15 Sep 2017 23:30:26 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 1152B41853E Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id E437F41A580C; Fri, 15 Sep 2017 23:30:26 -0400 (EDT) Date: Fri, 15 Sep 2017 23:30:26 -0400 (EDT) From: Paul Wouters To: Michael Richardson cc: IPsecME WG In-Reply-To: <30126.1505522235@obiwan.sandelman.ca> Message-ID: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <29103.1505487688@obiwan.sandelman.ca> <30126.1505522235@obiwan.sandelman.ca> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2017 03:30:36 -0000 On Fri, 15 Sep 2017, Michael Richardson wrote: > > Right. But also we support the forward DNS. That is libreswan can also > > use the IDr for a forward DNS lookup, which can also be an internal-only > > zone. I believe in that case we also then do another lookup of the IDr > > in the forward to ensure it includes an A/AAAA record to the IP we are > > connecting to. > > What's happening to your document about this? Once it gains a little more experience and we see some interest for interop, I'll start a document. I do see an increase in IPsec mesh networking. Paul From nobody Mon Sep 18 15:16:19 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF651342C1; Mon, 18 Sep 2017 15:16:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.22 X-Spam-Level: X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOQg0LP-2rfV; Mon, 18 Sep 2017 15:16:14 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AB49132F69; Mon, 18 Sep 2017 15:16:13 -0700 (PDT) Received: from 172.18.7.190 (EHLO LHREML710-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DVS38560; Mon, 18 Sep 2017 22:16:10 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by LHREML710-CAH.china.huawei.com (10.201.108.33) with Microsoft SMTP Server (TLS) id 14.3.301.0; Mon, 18 Sep 2017 23:16:09 +0100 Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.207]) by SJCEML703-CHM.china.huawei.com ([169.254.5.15]) with mapi id 14.03.0301.000; Mon, 18 Sep 2017 15:16:04 -0700 From: Linda Dunbar To: Paul Wouters , "Mike Sullenberger (mls)" CC: "i2nsf@ietf.org" , IPsecME WG , Yoav Nir Thread-Topic: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. Thread-Index: AQHTLPCs8cfJI5zcbEaOItHOhqMBxqK1KQQAgAYTdbA= Date: Mon, 18 Sep 2017 22:16:04 +0000 Message-ID: <4A95BA014132FF49AE685FAB4B9F17F659497EC6@SJCEML702-CHM.china.huawei.com> References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.78] Content-Type: multipart/related; boundary="_004_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_"; type="multipart/alternative" MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.59C045AB.015F, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.207, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 9a381d8c73947f894a14168a9d81ef91 Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 22:16:16 -0000 --_004_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_ Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_" --_000_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UGF1bCwNCg0KSWYgd2UgbmVlZCB0byB1c2UgSVBzZWMgdHVubmVscyB0byBjb25uZWN0IGEgZ3Jv dXAgb2YgQ1BFIGRldmljZXMsIChhcyBzaG93biBpbiB0aGUgZmlndXJlIEkgc2VudCBlYXJsaWVy KSwgZG8geW91IHN0aWxsIG5lZWQgRE5TPyBPciB0aGUgS2V5IG1hbmFnZW1lbnQgd2lsbCBiZSBt YW5hZ2VkIGJ5IHRoZSAiWmVybyBUb3VjaCBEZXBsb3ltZW50IFNlcnZpY2UiIGluIHRoZSBmaWd1 cmUgYmVsb3c/DQoNClRoYW5rcywgTGluZGENCg0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0t LS0tDQpGcm9tOiBQYXVsIFdvdXRlcnMgW21haWx0bzpwYXVsQG5vaGF0cy5jYV0NClNlbnQ6IFRo dXJzZGF5LCBTZXB0ZW1iZXIgMTQsIDIwMTcgMToyNSBQTQ0KVG86IE1pa2UgU3VsbGVuYmVyZ2Vy IChtbHMpIDxtbHNAY2lzY28uY29tPg0KQ2M6IExpbmRhIER1bmJhciA8bGluZGEuZHVuYmFyQGh1 YXdlaS5jb20+OyBpMm5zZkBpZXRmLm9yZzsgSVBzZWNNRSBXRyA8aXBzZWNAaWV0Zi5vcmc+OyBZ b2F2IE5pciA8eW5pci5pZXRmQGdtYWlsLmNvbT4NClN1YmplY3Q6IFJlOiBbSVBzZWNdIHlvdXIg ZXhhbXBsZSAobGlrZSBHYXApIGFib3V0IElQU2VjIFZQTiBnYXRld2F5IGRlcGxveWVkIGluIHNo b3BwaW5nIG1hbGwgbm90IGF3YXJlIG9mIHdoZXJlIHRoZSBjb250cm9sbGVyIGlzLg0KDQpPbiBU aHUsIDE0IFNlcCAyMDE3LCBNaWtlIFN1bGxlbmJlcmdlciAobWxzKSB3cm90ZToNCg0KPiBJZiB5 b3Ugd2FudCB0byBzZWN1cmVseSBlbmNyeXB0IHRyYWZmaWMgYmV0d2VlbiBlbmRwb2ludHMgdGhl biB5b3UgYXJlDQo+IGdvaW5nIHRvIG5lZWQgdG8gYnVpbGQgcG9pbnQtcG9pbnQgZW5jcnlwdGVk IHR1bm5lbHMgYmV0d2VlbiB0aGVzZQ0KPiBlbmRwb2ludHMsIHRoaXMgaXMgdGhlIG1haW4gcmVh c29uIHRoYXQgU0QtV0FOIGltcGxlbWVudGF0aW9ucyB1c2UNCj4gZWl0aGVyIGEgZnVsbC1tZXNo IG9yIGR5bmFtaWMtbWVzaCBvZiBwb2ludC1wb2ludCB0dW5uZWxzLiAgSWYgeW91IHJlbHkgb24g YSBtdWx0aS1wb2ludCBjb25uZWN0aW9uIG1vZGVsIHRoZW4geW91IGVuZCB1cCB1c2luZyBhIGdy b3VwIGtleSBlbmNyeXB0aW9uIG1vZGVsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlIChtYW55IGN1c3Rv bWVycyB3aWxsIG5vdCBhY2NlcHQgdXNpbmcgZ3JvdXAga2V5cykuDQoNClNlZSBhbHNvIE9wcG9y dHVuaXN0aWMgSVBzZWMsIHdoaWNoIGlzIGEgd2F5IG9mIGNyZWF0aW5nIGEgbWVzaCB3aXRoIElQ c2VjIHVzaW5nIHNvbWUga2luZCBvZiBjZW50cmFsIChYLjUwOSkgb3IgZGVjZW50cmFsIChETlNT RUMpIGF1dGhlbnRpY2F0aW9uLiBTZWU6DQoNCmh0dHBzOi8vbGlicmVzd2FuLm9yZy93aWtpL0hP V1RPOl9PcHBvcnR1bmlzdGljX0lQc2VjDQpodHRwczovL2xpYnJlc3dhbi5vcmcvd2lraS9IT1dU TzpfT3Bwb3J0dW5pc3RpY19JUHNlY191c2luZ19MZXRzRW5jcnlwdA0KDQpodHRwOi8vZXZlbnRz LmxpbnV4Zm91bmRhdGlvbi5vcmcvc2l0ZXMvZXZlbnRzL2ZpbGVzL3NsaWRlcy9MaW51eFNlY3Vy aXR5U3VtbWl0LTIwMTYtT0UtMTZ4OS5wZGYNCg0KaHR0cHM6Ly9kb2NzLm9wZW5zaGlmdC5jb20v Y29udGFpbmVyLXBsYXRmb3JtLzMuNS9hZG1pbl9ndWlkZS9pcHNlYy5odG1sDQoNCmh0dHBzOi8v YWNjZXNzLnJlZGhhdC5jb20vZG9jdW1lbnRhdGlvbi9lbi11cy9vcGVuc2hpZnRfY29udGFpbmVy X3BsYXRmb3JtLzMuNC9odG1sL2NsdXN0ZXJfYWRtaW5pc3RyYXRpb24vYWRtaW4tZ3VpZGUtaXBz ZWMNCg0KUGF1bA0KDQo= --_000_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVu dD0iTWljcm9zb2Z0IEV4Y2hhbmdlIFNlcnZlciI+DQo8IS0tIGNvbnZlcnRlZCBmcm9tIHJ0ZiAt LT4NCjxzdHlsZT48IS0tIC5FbWFpbFF1b3RlIHsgbWFyZ2luLWxlZnQ6IDFwdDsgcGFkZGluZy1s ZWZ0OiA0cHQ7IGJvcmRlci1sZWZ0OiAjODAwMDAwIDJweCBzb2xpZDsgfSAtLT48L3N0eWxlPg0K PC9oZWFkPg0KPGJvZHk+DQo8Zm9udCBmYWNlPSJDYWxpYnJpIiBzaXplPSIyIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExcHQ7Ij4NCjxkaXY+UGF1bCwgPC9kaXY+DQo8ZGl2PiZuYnNwOzwvZGl2 Pg0KPGRpdj5JZiB3ZSBuZWVkIHRvIHVzZSBJUHNlYyB0dW5uZWxzIHRvIGNvbm5lY3QgYSBncm91 cCBvZiBDUEUgZGV2aWNlcywgKGFzIHNob3duIGluIHRoZSBmaWd1cmUgSSBzZW50IGVhcmxpZXIp LCBkbyB5b3Ugc3RpbGwgbmVlZCBETlM/IE9yIHRoZSBLZXkgbWFuYWdlbWVudCB3aWxsIGJlIG1h bmFnZWQgYnkgdGhlICZxdW90O1plcm8gVG91Y2ggRGVwbG95bWVudCBTZXJ2aWNlJnF1b3Q7IGlu IHRoZSBmaWd1cmUgYmVsb3c/IDwvZGl2Pg0KPGRpdj4mbmJzcDs8L2Rpdj4NCjxkaXY+VGhhbmtz LCBMaW5kYTwvZGl2Pg0KPGRpdj4mbmJzcDs8L2Rpdj4NCjxkaXY+PGZvbnQgZmFjZT0iVGltZXMg TmV3IFJvbWFuIj4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8YSBuYW1lPSJfTWFpbEVuZENvbXBvc2Ui PjwvYT4NCjxkaXY+PGltZyBzcmM9ImNpZDpBREQ0MzY3OTlGMDVCQjQzQkNDNzMzMTNDMzhEQTU4 NUBodWF3ZWkuY29tIj4gPC9kaXY+DQo8ZGl2Pi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJy Pg0KDQpGcm9tOiBQYXVsIFdvdXRlcnMgWzxhIGhyZWY9Im1haWx0bzpwYXVsQG5vaGF0cy5jYSI+ bWFpbHRvOnBhdWxAbm9oYXRzLmNhPC9hPl0gPGJyPg0KDQpTZW50OiBUaHVyc2RheSwgU2VwdGVt YmVyIDE0LCAyMDE3IDE6MjUgUE08YnI+DQoNClRvOiBNaWtlIFN1bGxlbmJlcmdlciAobWxzKSAm bHQ7bWxzQGNpc2NvLmNvbSZndDs8YnI+DQoNCkNjOiBMaW5kYSBEdW5iYXIgJmx0O2xpbmRhLmR1 bmJhckBodWF3ZWkuY29tJmd0OzsgaTJuc2ZAaWV0Zi5vcmc7IElQc2VjTUUgV0cgJmx0O2lwc2Vj QGlldGYub3JnJmd0OzsgWW9hdiBOaXIgJmx0O3luaXIuaWV0ZkBnbWFpbC5jb20mZ3Q7PGJyPg0K DQpTdWJqZWN0OiBSZTogW0lQc2VjXSB5b3VyIGV4YW1wbGUgKGxpa2UgR2FwKSBhYm91dCBJUFNl YyBWUE4gZ2F0ZXdheSBkZXBsb3llZCBpbiBzaG9wcGluZyBtYWxsIG5vdCBhd2FyZSBvZiB3aGVy ZSB0aGUgY29udHJvbGxlciBpcy48L2Rpdj4NCjxkaXY+PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJv bWFuIj4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8ZGl2Pk9uIFRodSwgMTQgU2VwIDIwMTcsIE1pa2Ug U3VsbGVuYmVyZ2VyIChtbHMpIHdyb3RlOjwvZGl2Pg0KPGRpdj4mbmJzcDs8L2Rpdj4NCjxkaXY+ Jmd0OyBJZiB5b3Ugd2FudCB0byBzZWN1cmVseSBlbmNyeXB0IHRyYWZmaWMgYmV0d2VlbiBlbmRw b2ludHMgdGhlbiB5b3UgYXJlIDwvZGl2Pg0KPGRpdj4mZ3Q7IGdvaW5nIHRvIG5lZWQgdG8gYnVp bGQgcG9pbnQtcG9pbnQgZW5jcnlwdGVkIHR1bm5lbHMgYmV0d2VlbiB0aGVzZSA8L2Rpdj4NCjxk aXY+Jmd0OyBlbmRwb2ludHMsIHRoaXMgaXMgdGhlIG1haW4gcmVhc29uIHRoYXQgU0QtV0FOIGlt cGxlbWVudGF0aW9ucyB1c2UgPC9kaXY+DQo8ZGl2PiZndDsgZWl0aGVyIGEgZnVsbC1tZXNoIG9y IGR5bmFtaWMtbWVzaCBvZiBwb2ludC1wb2ludCB0dW5uZWxzLiZuYnNwOyBJZiB5b3UgcmVseSBv biBhIG11bHRpLXBvaW50IGNvbm5lY3Rpb24gbW9kZWwgdGhlbiB5b3UgZW5kIHVwIHVzaW5nIGEg Z3JvdXAga2V5IGVuY3J5cHRpb24gbW9kZWwgd2hpY2ggaXMgbGVzcyBzZWN1cmUgKG1hbnkgY3Vz dG9tZXJzIHdpbGwgbm90IGFjY2VwdCB1c2luZyBncm91cCBrZXlzKS48L2Rpdj4NCjxkaXY+Jm5i c3A7PC9kaXY+DQo8ZGl2PlNlZSBhbHNvIE9wcG9ydHVuaXN0aWMgSVBzZWMsIHdoaWNoIGlzIGEg d2F5IG9mIGNyZWF0aW5nIGEgbWVzaCB3aXRoIElQc2VjIHVzaW5nIHNvbWUga2luZCBvZiBjZW50 cmFsIChYLjUwOSkgb3IgZGVjZW50cmFsIChETlNTRUMpIGF1dGhlbnRpY2F0aW9uLiBTZWU6PC9k aXY+DQo8ZGl2PiZuYnNwOzwvZGl2Pg0KPGRpdj48Zm9udCBmYWNlPSJUaW1lcyBOZXcgUm9tYW4i PjxhIGhyZWY9Imh0dHBzOi8vbGlicmVzd2FuLm9yZy93aWtpL0hPV1RPOl9PcHBvcnR1bmlzdGlj X0lQc2VjIj48Zm9udCBmYWNlPSJDYWxpYnJpIj5odHRwczovL2xpYnJlc3dhbi5vcmcvd2lraS9I T1dUTzpfT3Bwb3J0dW5pc3RpY19JUHNlYzwvZm9udD48L2E+PC9mb250PjwvZGl2Pg0KPGRpdj48 Zm9udCBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPjxhIGhyZWY9Imh0dHBzOi8vbGlicmVzd2FuLm9y Zy93aWtpL0hPV1RPOl9PcHBvcnR1bmlzdGljX0lQc2VjX3VzaW5nX0xldHNFbmNyeXB0Ij48Zm9u dCBmYWNlPSJDYWxpYnJpIj5odHRwczovL2xpYnJlc3dhbi5vcmcvd2lraS9IT1dUTzpfT3Bwb3J0 dW5pc3RpY19JUHNlY191c2luZ19MZXRzRW5jcnlwdDwvZm9udD48L2E+PC9mb250PjwvZGl2Pg0K PGRpdj48Zm9udCBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPiZuYnNwOzwvZm9udD48L2Rpdj4NCjxk aXY+PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48YSBocmVmPSJodHRwOi8vZXZlbnRzLmxp bnV4Zm91bmRhdGlvbi5vcmcvc2l0ZXMvZXZlbnRzL2ZpbGVzL3NsaWRlcy9MaW51eFNlY3VyaXR5 U3VtbWl0LTIwMTYtT0UtMTZ4OS5wZGYiPjxmb250IGZhY2U9IkNhbGlicmkiPmh0dHA6Ly9ldmVu dHMubGludXhmb3VuZGF0aW9uLm9yZy9zaXRlcy9ldmVudHMvZmlsZXMvc2xpZGVzL0xpbnV4U2Vj dXJpdHlTdW1taXQtMjAxNi1PRS0xNng5LnBkZjwvZm9udD48L2E+PC9mb250PjwvZGl2Pg0KPGRp dj48Zm9udCBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPiZuYnNwOzwvZm9udD48L2Rpdj4NCjxkaXY+ PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48YSBocmVmPSJodHRwczovL2RvY3Mub3BlbnNo aWZ0LmNvbS9jb250YWluZXItcGxhdGZvcm0vMy41L2FkbWluX2d1aWRlL2lwc2VjLmh0bWwiPjxm b250IGZhY2U9IkNhbGlicmkiPmh0dHBzOi8vZG9jcy5vcGVuc2hpZnQuY29tL2NvbnRhaW5lci1w bGF0Zm9ybS8zLjUvYWRtaW5fZ3VpZGUvaXBzZWMuaHRtbDwvZm9udD48L2E+PC9mb250PjwvZGl2 Pg0KPGRpdj48Zm9udCBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPiZuYnNwOzwvZm9udD48L2Rpdj4N CjxkaXY+PGZvbnQgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48YSBocmVmPSJodHRwczovL2FjY2Vz cy5yZWRoYXQuY29tL2RvY3VtZW50YXRpb24vZW4tdXMvb3BlbnNoaWZ0X2NvbnRhaW5lcl9wbGF0 Zm9ybS8zLjQvaHRtbC9jbHVzdGVyX2FkbWluaXN0cmF0aW9uL2FkbWluLWd1aWRlLWlwc2VjIj48 Zm9udCBmYWNlPSJDYWxpYnJpIj5odHRwczovL2FjY2Vzcy5yZWRoYXQuY29tL2RvY3VtZW50YXRp b24vZW4tdXMvb3BlbnNoaWZ0X2NvbnRhaW5lcl9wbGF0Zm9ybS8zLjQvaHRtbC9jbHVzdGVyX2Fk bWluaXN0cmF0aW9uL2FkbWluLWd1aWRlLWlwc2VjPC9mb250PjwvYT48L2ZvbnQ+PC9kaXY+DQo8 ZGl2Pjxmb250IGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Jm5ic3A7PC9mb250PjwvZGl2Pg0KPGRp dj5QYXVsPC9kaXY+DQo8ZGl2Pjxmb250IGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Jm5ic3A7PC9m b250PjwvZGl2Pg0KPC9zcGFuPjwvZm9udD4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_-- --_004_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_ Content-Type: image/jpeg; name="ATT92358 1.jpg" Content-Description: ATT92358 1.jpg Content-Disposition: inline; filename="ATT92358 1.jpg"; creation-date="Mon, 18 Sep 2017 22:15:59 GMT"; modification-date="Mon, 18 Sep 2017 22:15:59 GMT" Content-ID: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAFaAnwDASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKyP FGrS6H4bvNRgVWlhC7Q3TJYLz+dAGvRXIaV4xVL+fTtXf98txBbw3EMDmOV5UDKoIBAI5zzgcZxk VWufiDYweJ4rcTu2m+RMZGS1kZlkjPzdFyAB36HtmgDuKK4lPGbNqmoL9pthZR6la20MjI3zJJDG 5xgdcueTwK6Oy1/T9Rs5ru2eZoIlLl2gdQyjOSuQNw4PSgDTorgrvxVrzeGrrxDawWqWLSKtsj53 7C6rvPHUktx9K3X8ZaNbymC4uZFkSeO0kcW8hRZ3VWVCwXGSHXvjnHWgDoKK55/HHh2OOCSS/KrP A9xGTBJyiHDH7vBB4x19qj0LxKNb13VbeBmNtapCyB4WjdS6B8EMAehB/GgDpaK8vufiFq9vHOWW 1czNJ9n8qNiYAhAxJ1HPzYJx1A69ezvfFenaVbq180yyFMgCFsO2zeVU4wTj/DrQBu0Vwdz4/jm1 fR44POs9PuLU3s81xasMRj+HkcdDnuOPUVuHxroS2lxctcXCJb+XvVrSUORIQEKpt3MCWA4B75xg 0AdBRXPS+N9CgmuYpbi4SS1khhnBtJf3by7fLU/L1O5fpnnFaWl6xZawly1nI7G2nNvMrxsjJIAC QQwB6MDnoQRQBfooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACszxBo6a/odzpkkhjScKCwGcYYN/StOigDnNT8JQXWn2 FvYzGxksrqO7jaNVId14+YEHII+h6c1iw/Dq4tZBND4gufOZZUnZ4Iz5qyEE5G3jHbGK72igDiV+ HNoltJbDULkxvdW9xuYLuHlRJHjpjnZnp1Nbui6LPpmmtp1xfNd2yoY4g0aqVTngkAZODj8K2aKA ONPgm7GhyaEutzHTN6NErxIZFVWVtuQo4ypPr8x56APm8EySyTQDVZk0+a+S+kiWNN7OoX5dxH3S UB9feuvooA88f4Wi58uO7127lgt4TDABHGGALiTcSF5JYDPbHTFdNoug3GnX97e3d+bqe6VFP7tU VAqhRjA74zz61u1HNMlvC0shIReuBmgG7HLjwJZR+H7/AE2GXypb2bzZbpI13t86tg5HTChfp71W 1DwKup6qJrnVpWiSQOkeBlR5YTaPbgn15rp7e6kvfOARo4xwj4PPAog0xYp/OeaR3znBIx/Kq5Ut yOZv4Ucfd+CrS/tobS/1dysFq9mvlIFIQkFex5GB9asN4MW5k36nrUs9zutijBEQbIXSReAo5LJz 9TjtjrG0+2aUyFMsTk80lzp8N0dzF0bgblI/rT90PfMaXwlHNc6xOLtwdSvLa7bAHyGERgAfXyx+ daWl6QumXeqzrKznULv7UwI+4fLRMD/vgH8aklSeztFW2LylTzuAJIqazuftUJcoyMDghhjnH/16 TjpdDUtbPcsUUUVJQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB RRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFF FFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRUUt1DDxJIARxii1xNpbktRzTx28Rklbag71HLe 28JAkkCkjI4NV5LdNSkSRZ2MKnBUcZP41Sj1exLl0juOuLqZokezQyBuc7T0o869Fi7+V+/3AKuO 2Rn+tXVVUUKoAA6AVzHxE1m90DwLqGo6dMIbuNoUjkKhtu+VEJwQRnDHqKOZdg5X3Nm31HfFK00T o0XUFSM0li814kr3CnyWbCIy44ryTTW+KWsafFe2niJmglGV3Q2oP5eXVv8As/4t/wDQw/8AkO1/ +N07rog5Xpdnr4AUAAYA7UteafD3W/Es/iTUtI8Qakbx7ZQfmjjXaeOhRRmvS6gsKKKKACq17BJN bkQuUcEMMd+as0U07O4mrqxT06aeaBhcIyujbcsuN3A5q5VDUxMix3EUkgEbDcijORkVdjcSRq4B GR3pyX2iYv7I6iiipLCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo AKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiimSyxwRPLK4SNBlmPQCgB9Fef6x49mkkkh0d QsasALiRfvdCcKR9RzWN/wAJb4i/6Ch/78R//E11RwdWSvscssZTi7bnrNFeTf8ACW+Iv+gof+/E f/xNH/CW+Iv+gof+/Ef/AMTVfUavkR9ep9n/AF8z1mivJv8AhLfEX/QUP/fiP/4mj/hLfEX/AEFD /wB+I/8A4mj6jV8g+vU+z/r5nrNFeTf8Jb4i/wCgof8AvxH/APE0f8Jb4i/6Ch/78R//ABNH1Gr5 B9ep9n/XzPWaK8m/4S3xF/0FD/34j/8AiacnjDxDG4Y6gsgBGUaFADz7DNH1Gr5DWOp9mer0VzHh /wAY22rSC1uV+z3hOEXB2vx2OMZ9q6euWcJQdpI6oTjNXiwoooqSgooooAKKKKACiiigAooooAKK Kzbm4nl1BLW3Zk2MDI23qOuOfaqjG5MpcofbLie9EcEbiFWAZmXGR+NTNplu9w8zBizHJGeP88Vc oo5u2glD+bUhltYZgA8YOOBT4okhTZGoVfSn0UrvYqy3CuG+MGf+FYapgkHzLXkdR/pEVdzXEfF3 /kmepf8AXa1/9KYqQzzXSJ/A6aXANU8R69a3oX97DbRSmNT7EREfrV0Xfw2J48XeJjj/AKYzf/Ga 4e3MQvLdpwTAJkMoAySm4bgPcjNanii40O61uSbQIJobQqu4SZALbQPlB6Dj88nvVCO4+F5sm8aa udNurm6sjHmGa5UrIw9wVU+3I7V7BXivwc/5GG+/64D+de1VIwooooAKKKKAAjIwap2ly0k88MhG 5G4GOgxVyqQNrDqZ+Z/tEw+7gkdPpx0qo9SZbpl2iiipKCiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACuS8f3jRaKl ojFftEgDY7qDnH6V1tcR8RP9TY/75rbDpOrFMxxDtSkcLRRRXvHiBRRRQAUUUUAFFFFABRRRQACV oJI50OHhdZFI7FSCD+le02NyLywguVziWNXGRjqK8Tl/1T/7pr1uzvBYeE7a5KhtlumFzjJOAB+t ebmCVos78C9ZGzRXEah4t1K1uoWewmihMsUYwm5HLkDlsZHXqPxrpNL1Vr9bvzYPKkt5NjIG3Eja Gz+teFQx+GxEnClNN/1/mem01ujTormpPiB4Yg0+G9uNTEEMrmNBJE4YkPs+7jON3GcY75xVW8+I FhaR6w32W6f+zZIYywiIRzLsCYYjH8YP057iusR19FebD4gatql7pNrZae1itzetbTz3ELlfk2Md hIGQwYqD65IyBWTP4i8XmyeePUZ5pL157SO3SzUC3mTBUAhN3Iz94nk8UAepX2r6fps1tDe3cUD3 L+XCJDje3oPfmrteNW3h+6vtMh1EJrN/dWOp2t4tpe2jxhcFRKqGVQxGPmPOAVyO4PrjX0ENustz IkGQMh2AwT2ppN7Bcs0Vy2s+M9Ot7OVLG9V70Y8tREzA8jPOMdM1S0nxzPczpb3Fg8kjsADACfTk itlhqrjzWMHiKaly3OyuJlggeVuijPTNQ2ErTwGaRArk4zjGRTrzyms3EzmNGwCwHIyeKkgjWKFE QkqBwTWWnKa68xJRRRUlBRRRQAVxHxd/5JnqX/Xa1/8ASmKu3rA8a6BL4m8JXukwyCOWYxujN0yk iuAfrtxQB83UV3Y+EfiXH37P/v5R/wAKk8Sf37P/AL+VQi38HP8AkYb7/rgP517VXnfw78D6n4Z1 C8u9Rkiy6hI1jOcjg5r0SpGFFFFABRRRQAVmTj/idwHB6Vp1VW6V794AmSg5bHTjP9aqPUidtC1R RRUlhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUU UUAFFFFABRRRQAUUUUAFFFFABXEfET/U2P8Avmu3riPiJ/qbH/fNdGF/jRMMT/CkcLRRRXuHihRU qW7yWdzcgjZb7NwPU7mC8fnVbz4iCfMXA75/z60lrsD03JKKVVLxTyLysAVpPVQSAP50RYmmjiVw DI4QE+uf/r0AJRVu+059PE7Szo4iuTbcLjJCq2ev+1VIuoJBYAg4IPXPpQmmroH7ujHUUgIYZBBH tS0wGS/6p/8AdNenyWZu/B1kyeaZIY45UWMbtxGDjHevMJf9U/8AumvQrnxTDovh2yggaOTUGgj2 xv0UEDk49q8/H0fbRVO173R2YScYc0pM5nW21q+8S2omtJTpdvNBNDb/AOraVwQSzAoWO08gDGSo rudGs2k1G6v5ftEZV/LjR02ArtXkgjJ5zzXKWPi3W5UkSK1hvLoy7kdoywjBwMYB+vfvWxGvjPUY /wB69tZgkfdQqQOPcmvncJw3RwVVVFL4VZfPr6+eh3fXfa6JN/IyrbwTPbaldT3csMdp9ouY0MhX It5UXAHHB37j/nFVJtD0O2tZbbUfE9w8E0UUd3BDCGEjRlfLcEISCu1enpzW1J4IvbmQyalr5dWI JTyjz07lvb0qe10DwraSQxyXkE8s0oSINOCWcDO0AdemcV6/JQj8Ur+n/BJ568to29f+AZlvqej2 0Cxxyaprs8dws8Ut0o3IwAAxtVeBj0qYa54guTImm6E9sGk3bnt2HJxk/MAM0Xfi6z0HxodDEWnW sCmMyM52uVcKAwOcfeYLg80eLNf1fQ9Wmka5gOnyiKO1ijHzq7EDLgHcQTwCAAM80lVpR+GF/Ubp 1JfFL7izBpHi6/z9u1YwxlgdihQcf8BAqO/8JadarHNqur37iSZYxtwQzHgKflOMnjt1qCWTxXql wLq01HZaPKrRwRWwBUBEcbnLHIY7geOh46VTsfCfiCfXr+dtRjWP7UruZVdt+PKYKBvwMYcAj+8O uDkeJqfZ09EH1aFveu/VirfeGLK91C0+wy/Z7MxrNdurNt3x7wVwpzgdv8RVjw/rui6ZaRS6dDeS wT3KRS3t5EYwocJtwdo4O9cD1JHWt6y8HwQQSQ3Fx58chQsuzaDtbI7ntx9Ksw+HdJ0+3jidj5KT K0SySYCHI2qOmeexzWbqzaabNFSgmmkX9VikmsGWJSzbkOB6bhn9KtRAiJAeoApX3eW2372OKp6Z dNcxSB2BeNypx9BS1cfQein6luWVIInlkOEQZJxnAqrp+r2GqmUWVwsphIEgAIKkjIyCPSn6lcy2 em3NxDbPcyxxlkhTq57AV5WI/FL6M15bx3NveXt8JtSK6c25WIjSMIvmAlEVeeff2MFnr1V72+tt OtHuruURQJjc5BOMnHauCurDxMlpq1xNd300sd3ZhfIj2mS3CQmby13cEnzM8nvjPFbGiQ6pL4Z1 dbyOcrLLKbGK4H70QlF2hvfdv/DFAHQ6bqllq9u1xYTieFW2F1BAzgHv7EVcry20g8R2Edhai1vF kzaLa7FPlRLvXzvNwRzjcfy60XT+NGnvbeCG8At2YeaQCsiF0J2YPJ2FwOnP5kA9JS/tZL+WxSUG 5iQO8eDkKehqtqXiDSdIlji1C+it3kIChye5CjPpyQOa89uNN1xru51bSYdSjbbaeQk5+dlE6iQM D/sbuPStXxYtzb+IxP8A2Lc6lDdWX2QLFFvUSM4A3+ijOSewBoA75WDKGUgqRkEd6gvL620+JJLu ZYkeVIVZu7uwVR+JIH415imn+KdKuhazajPDDbCOSGSO2MkfkrGDIhfcAp3Bhkg8VR06PxR4i0WC 5tjNNaG6sZQ11h/NdJ43MkZDDCBQc+uOPcA9korye5vPFek6RfapPNIn9nxrNd/alKpPKsgJEfzc KU46kdKs/YfFl9bfaxfXKmZLaaJY0wF3zqZB15AiOPwJ9AAD0+kZgqlmIAHJJPSvM9Tg8VQf6PBc XUVqt80UMxtmuWwSmxioZTt5YZzgdTxVjUNO8RXV1fhzcvFLdPb4XKq0JgjwwGePnL/5HIB6H5iG PzAwKYzuByMVVtIYjPNdRymTzT+XAGP0rF0CCYeDrS0jiuIpUVUdbgfOuCM/hXQW0AtoFjHbqfeq 2iQ9ZE1FFFSWFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFcR8RP8AU2P++a7euI+In+psf9810YX+NEwxP8KRwtFF Fe4eKXrK5ig06+ikbDytDsGOu2RSf0BrZvNchuLy/Jut0T3UEkG9SVUKVyQM8Ywa5iisnSi3d/1t /kWqjSt/XX/M2p71ZJ7yP+1mXz1TM0ats3BlOFGSQCBjk9zVn+1LVNJlhN95zu9vhdjBgVdSx5OM YB6VzlFHsloP2j1t1Ogk1azGoSzBtytqJlUkfdUoih/wIP5VBdao8U0jw3UTSrAI0mhRsklgTyzH tWNRQqUUDqNiszO5d2LMxySepNJRRWhmMl/1T/7pr0LUNVj0vw3ofnafHdwXDQxTbiP3SHGX98df wrz2X/VP/umvWbLTrfU/Dmlx3KlliEMy4P8AEmCPw4rgx7so2O/A7yOPtPE8OnWutXWiDT5kNyhs 0Ep2zRbVDEEE5OQ2MYHT61N/wk3iHUlurqwa3ls3mSGGGGFt6q0CyK/mZwcsxHAxgYzk8b1hrPgy 0uG0uz1DSopYyyGHzVHKnLAZ64Oc46HNT3vjbw3p0PmTarbeWJFiYxtuEZJUfNj7o+ZSSegIPSvM cnJ3Z6MYqKsjz3V7DxFd3+mfb/tcn+kKU2AhiocYx8wA65Oc5CnA5FdRY/D+4jsmhutTgM4uYZ1u ba1McnyBAeSx+9sx9DjnrUNz8Qbu3UwRW1lcXsTBpkE4T90ZAgdQSSeufwpZfFWuarCw0k29tJDe fZZ0ltmkZXESuU+8BklhhuRgjjNIZ0t94X0zUb1rm6jd9+0yRljscr90keoqebUNIstnmXFuGR0g HzBmVmICg9x2ri7/AEjxfqSQkXzvHFcJKoKiN8FUb1IO1gw6dD6jNbEPguRDLIt6sMsjFiRFu53h 1JyeSCDQA3VfHI03xLJpItUk8l4Q48weY6yFRuRe4XcM+lZl18T0KwSWMNoyMIZDFNcASSRSSiMN GB97rn9K7RdJhOqRalId12kHkM4GAw6nj61LDpdjAkaR2kQEbF0+UHaSc5HpQBwVx4j8S372T6Zc 2zxJc7NQSK0Znt2G0iM/P3H/AKEKvS6B4hudSlm+0o0SXUdxA0w5B+XcCM4KgA4HXPOe1d1RQAgz gZ696p3lz9hKOsQ2O4Dt0xk4q7TZI1ljZHGVYc000nqKSbWgRyJKgeNgynkEHINOrPuHbTLdPJQN ED82QT3qxb3sNxbiYOoUnGSe9NxdrrYlTV7PcsUUxZY2BKupA6kHpSLPEzbVlQn0DCpsVdElYniT xJb+HLe0kmQM91cLbxBpFQbie7MQBxmtczwq20yoG9CwzWfrtl/aVg9n9qt4UlBDiaISBh7Akcjr mnZhdED+L9Ah1D+zrnV7KC/VFd7Z51DJkAjP1yMeuR60QeMPDlzFLLDrVk6Q7d5Eo4y+wfm3yj34 rHsfBFpYG5kW9gljuGRmeaEMyssSx5Vt3H3AfarEnhOKZdHa31JVfTigkYRhhPGGDFCM/Lkjrzil YLosQeONAeVLe51SyguZZmhjhM6szFW29B0545rQ0rxDoutSTRaVqdpdvBgyJBKGKgjIOB2I6Hoa xIPCyxXNy0WsIy3aNFNGYgSVZicAhuDyeeaueGvD9r4aheHz7R5CAvmJAInIHA3Hcdxxj8qdmF0d CQCMEAj3paY0saY3yIuemWApr3MCR+Y0qbM4znv6UWYXRLUNxMYoXZAGdRkLUKXq3cM32Rg0iHHP rSWVnJC7zTy75H7DtT5bbk81/hGabDODJcXDfPKR8o6AYFaFZ+uXtxp2j3F5bJG8kIDbZM425G79 M1gab49tbp0iu7doZJJFRNnzAkkAfqa0VKdROcUQ6kKb5Wzr6KKKxNgooooAKKKKACiiigAooooA KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr iPiJ/qbH/fNdvXE/ERT9lsZMgKJCv44rfC/xomGJ/hM4SiiivdPFCiiigAooooAKKKKACiiigBkv +qf/AHTXsmh/8gGw/wCuCfyrxuX/AFTfTFezaKjR6JYo33hCgP5V52YfDE78BvI5e68GXt5Pf2rX drHplzf/AGwYhJlUGNVZAdwA+YE5wevSorn4c+fFYxLqYiSKdZLpobfy3uUAUbWIbqdigk5444ru 6K8w9IoDRdN3o/2OIvHJ5iMV5VuOR+Qq3FBHC0jRqAZW3ufU4Az+QFSUUAFFFFABRRRQAUUUUAFF FFAFe8vrWwh827uI4U6ZdgMn0Fc9Ya9F4h1a40+KJVtIxuSQHDtjHPsM8VB47vLV7OPTlMb30sib Bn5kyw/LPSp/DPh6bQJZ7i6njKPGCW+7t9c5rrjCEaXPLd7HLKc5VeRfCtzch0+G3ikQO22Tgkmm waTBBMsqs5K9MmuL8deJI72O40HTLhPtUUlu80oYsse5lZAwRgwU5U7umOvGa6Hwjda5c6fM2uCJ ZI2VE2xFDwo3E5Y7hnJB9K5ueXc6OSPY0pNJgluGmLPknOM8VJdabFdOrOzjaMDBrN0bxfpGuajf WNpcKZrScwMCR87AAnb64zz6VvUc8u4ckexT/s2L7H9m3Ps3bs55pLfTYbZZQrORIMHJ6Vdoo5mH JHsZ8OkQQzLIrOSpyMmibSIJrh5izhnIJwfTH+FaFFHPK97i9nHaxTudNiudm5mGwYGDUFydM0PS ZrjULqKCyjIeSa4kCquSAOT0ycD6mo9W8T6Rogf7df28bRlPNVpVBjV22hmBPAzTtZ0wa5ZwwpcK iRzxz8pvDMjBlBGRwGAP4UcztYfJG97EWj+JtI1a4mtLW5hW5jP/AB7tIolK4BD7M5AOeMitqvML 9NW0zXtSF1qthZG5ZL37abckW6IiowUs2CX2DI4Aye5yOo8K+J21TTIf7VMNtekqnP7tZWYZXYpJ OSMHGT1qSjpiAwIIyDwa4W88D3ULzXtjdr56TiWCPYQNoIOM565zW34y1y60Hw/LdWEUT3ZZVjM3 EUYyN0jnIwqrubqOlUPAniK61ewni1a8tXvo5ysaqoikaPYjAtHuYqcseM9Np71rSrTpv3TOpSjU XvEvh/xYLp3stXeG2vkk8sD7ofOMDk/e56d+K6W5ureytZbm6njgt4lLySyuFVFHUkngCsjxB4bh 1qHfEywXqkFJtuenY8j/AOtXOw6zHvn8N+K1ieLco3vwCMgruOeRnHPT1rV041VzUt+q/wAjKNSV J8tTbo/8y94f8cWuta7fwPqGnRWvnCHToi+2e4wo3PgnlS24LgfwmuwryzxLpE+kQyXswtrq2e8g vbm/MADgRvGIbeEK3BLKo3EkcnitzQfFqWl1LZeJdZsV1O4nUx20ZwLcMq7Y2OT82SPruFcp0m3r OuTWE5gtI4p5VjLtHnLD04BrA0nxjeywXz3SRq9rdJFPHMAjRB9hHRjxhsjNX9ejn0+7uZ7aF5xd KGKBcYYAL97sMD9K5bw7a3dk2t+QYyl/eRPFFHmbySUjRy755Jxnb2x74HzWMxeYwxbhTj7unL1v qr627fd373FQcbt6nqiOroHVgykZBByDS1XsbSOxs47aMsVQYBY81Yr6UgKKKKACiiigAooooAKK KKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKzde0r+2tHmsRI InfaySFc7WBBHGR6VpUU02ndClFSTTPE761m0y+ks7wBJUOM9A4wDkevWoPMT++v517hJFHMmyVF dT2YZFV/7MsP+fOD/v2K9COP01icDwOujPF/MT++v50eYn99fzr1Uaj4ULqn2zSt7XRswvmJkzjG Yv8Af5Hy9eRVqzGhagszWX2G5EMphlMJV9kgxlTjowyOPeq/tBfyi+oP+Y8g8xP76/nR5if31/Ov XNObQtXgkmsEtLiOORomZEBAYdRTUn8OSavJpKTaa2pRrue0DIZVGAcleo4IP0NH9oL+UPqD/mPJ fMT++v50eYn99fzr2j+zbD/n0g/74FH9mWB6WcH/AHwKP7QX8ofUH/MeL+Yn99fzoMsYBJdcDrzX tH9mWH/PnB/37FKunWSsCtpACDkEIKP7QX8ofUH/ADHmfhjQLjW7uO5VhHZwTKXcrnzMEEqOe44z 716sOBgUdKK4q1aVWV2ddGiqUbIKKKKxNgooooAKKKKACiiigAoorO13VDoui3Ooi3e5MChvJQgM /IGBnvzQBo1W1C+h02xlu7hwscY5JPUngD8TgVz/AIX8c6Z4gtIBNd2trqcrsh095QJlYDO0oTkn HPFZmvahL4i8QpoFnLEbZJFMzLyTggtzntnH1rWjT9pLXZbmVap7OOm729R/ha0bXtXuvEV3g4m2 RJtOAVAwRz2/nmug8T6l/ZmjMyT28NxcSx21u1wheMyOwVQwBGRz61pRxwWFmEBWOCFOSTgKAOSa 81urq88XeLI30++judJzsFuwKqVUhWY/NhxuDdMEYx25K1T2kr9OgUafs4269TY8M6Vd3mqzXepG Jns5QFaIq0fmbF3eUQ25U9VbJyT2xS+Pdcns7Y6Zb3UCXFy0ZiXaS+1XUycbhuG3qFwwBJGa6C/v NM8IeHZLqRY7eytguQCFGWYKOSe5IrltE0NPEWo3F/q8YleO9iu7W5hYxthQjKkiZOCGH4rj1rI1 NvwrowgN1q1zb2aXd7IJFNsG2hNir/ETydpJxjr0zknpqKKACiiigAooooA5zxR4a/tiJJ7JYI9S jkRo5pVLKu1gQxUEbiMZHPBwfauM0jxHceG9Wv8ATjLazJFdRC4g+0b3i3hRkE4yxJZ26gAe2B6t Wdqui2Wr2b21xEAGYMWUYbgg9ffGD7UAR6Xrula/5/2G4huVglKblYMGIAO5fUZOM+oPpXmviDw5 qXhvWBrU2pRSWiXPnte3ULTOksjKipFErD2x7nJ4rRmufEHhTVpIhJbyW8l8sskht2USQlEURIN5 +ckYXHA5JB5ru9G1yy1y2kktZVLwyNDNGHBaKQAblOO4yKAMHQ/FenavZzwand2PkNdLYwGWdC1x KVUlCM/fyfujkcVjeKNJl8KtBqun3GxZLtVeQw+Y0e8hVVV3DLMcKGPQHpVrW/Bd3BdWcuiCF5Gv lkMlwm4Wq53NIBkbm3c/gB71uaNr+h3FwNGg1aDULq3HzyCVXJcdc4JwfagBnhPxKdVsRBqN3Ytq UTtFJ9mbCSMoBbYCSTt3AEgkBsjtWtrOjwa1YNbTfKTgpIBkqa5bxJ4LQwzXOl3H2QyzpLOcbgig gnA/u5GSBgn1HWmaN45trSWDStQ1C1u55LpbK2a2OZJWwpLMmSVHzgk9h1pxk4u6E0pKzIob+98L 3g0fV0S70x3UJI6djjkZOMDrjrwaqap4SllivdR0SazvxdahBc2u1D8j7owRKwJEka7N+MAjGMjq PRL6xt9Ss5LW5QSRPjIPYg5B+ucGuIkj1PwNcM8LRz6VNMpcupyucA9+G7A/Tiuq0a+2kvz/AOCc vvUN9Y/l/wAAZo3im60bVr3TdT1J9bt4rlEn1GOARx2kj7QIiQx3csPcZwa9CVFTO1QMnJwOprzv xVaNqmhDU/Dl5EEtJkna1jh3fvi6bpXAYElEJYKepA6jisbTfEWreF7W6jXUotanvrmE2CTS7pLg Mq+ZKqZ3IgCv8hzypwcVytNOzOpNNXR69RTIXMkEbnqygnjFPpDCiiigAooooAKKKKACiiigAooo oAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooA8f8S+BvE13 4m1e902C1+ywXcWqaYGb/WXQWNX3DPH3Dj6d6zZvAvjy1vtCuYLoFBcJcXkcDbQkrygyNjdyAv1z jpzXuVFAHkfgXwV4o0Lx1e31x/o+nzTTSy4n3LOGxtAT+EjHWm3XhDxYfE8vi93s0mGonNpHCA/2 UqsZYybucIM4x1H0A9eooA+dNOg8Qy+CNR1n7Xc/YbmW3iBN4Wa5f7Soyp/5Z8YXv0r134daRq2j aDdwasHRpL2SW3heYytFCQoVSxPJyCfxrrsD0ooAKKKKACiiigAooooAKKKKACiiigAooooAK8q+ Iniax1OI6bY3m+S2vUgkiYlI53JXKJKGUb1DZwTjIIIPQ9d4y8Qx6ZpctlZ6pY22tXCgWkVxKFLH cM4H0J56Zxmuf8LWcWb2+S6NlZrLjWdKvbQH/SAifOr5GM/Kc4bPTjHBuA5bqfRvDxubqytrbVHZ YbFJcNOsACAl2zktnefQZArpfCWjS6Vp0j3Lh7i5fzW4wVGB8vv0J/GsPRrZvFPiObWJXH2S1mVY o8Z5UAgfyP412t1d29pGGuLiKAOdqtIwAJ/Guqr+6h7Jb9f8jmpL2k/avbp/mcl421xpLObSdKu3 W/SeAT+VwVUujMm/kI7IeMjuPXNX9Dtrfw1olxfX95tWeQSyNKvlBSQEVduSAx4Bx1Y5xzWdpHh+ /utbnu9SMTwLIrpcQzE/asbSpYdAAQRj2HNR67ft4jvb7TrI217Z6ZIn2uzB/eSuNrjac4+XKn/e Fcp0jdTuD4zmuINE1ZIJ7QGCexu7YneWCsHwWHADKe+enB5rsNN0630yzW3t4kjHV9g4ZsAE/pWJ 4Y0oGT+15bu5uN8flWyXMWySCPujHPzHdnnjjA9z09ABRRRQAUUUUAFFFFABRRRQBFcW8d1C0Ug4 YYyOo9x6GvPtV0u88LXP2vTYIJDJex/Zyxk+SHaodCobBY4YjoCTz3NejUEAjBGaAM/TNS+120C3 Xlw3rxiR7fPzKPXHWuR8TeBnZri80RoLdp5FluEYMu5l2hW3KwJVdu4p/F0yBxTfFvh/VodWOv2e rJFALmCaeOSM4jijx8oCnLksM4PHOPep9F8dKbq6g1aQII2ij83aFUSuF2wjBOXIYEr1GaAKfhDx RDp102j6leCaaWZf9KfhmkfaqB0yfLL8bVPbH1rqpbWJJ9Q1jSfLuNQePySu8FCy9jjoR3qLxH4f /te1DW8hinRxKo25DNkZOMj5towG/hODg4xWZ4Yu9as77UbTVpLIabZqoEiRNH5TlQdm5mO8BSCW 45JoAxPDHiGTRtdu9KvdStry5utTEcsbuVnEzRRltkZJIiXj17nPYek7oLoSw7klCnZImc4OM4P4 EVk6lDcX9mbjw/PYx3VwQjXrR+btTOCRgjJA6c1xNn4jvPC+pz2N7doIRceSEuo/LDOQu3a7N+8Z i2444A47UAa2qaVfeFbifWNLnU2m9S9uUOFXgHPPIz34x+FaGgy6TrWtvrtvKY9RMIgngLjlRyDj rj3FdBpt9DqFkk0VxBP2doGyu70/WuZ17wzcQ3ja1o0my5Qh2gC8OQRnHPoOR3rqjONZctTR9H/n /mcrhKi+aGq6r/L/ACOxorm/DniuHVY/IvZIIL4Ps8vdt3n/AGQT168V0lYTpyg+WRvCcZq8Qooo qCwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiioLu8gsbcz3MgjjBC7j6k4H60 N21YE9UdZvV0/Sbi4N3aWjAbY5rs/ug5OF3cjOSQMZHWsuHxnpE2q3Vkt3ATbhd22QFlyAfmXqo5 4z1rlfF+p6vGY7i7vLWDQlvIZ7bUo4yUjwy/u7hCwypbjcCOvTtUQqQn8LuK5gQavqWt6vbyXWtW dnq8lykSiytWurO7X5TGwYPxsJy3J6du3TaxJLstfCVvd/aZnlQXU7rklyQ2cZ4A64z0FXIX/wCE Y8P3usOlrBqV+ysYYJC1u7cKHRSeBtG4gH1rR8HabLHby6peENdXbbgcdFwP65/SuyiuSPtn029T nrPnl7JfP0N2wsoNJ05LePCxxLkseM+pNcDqepyeMb2S0057C4sob2GPyrkuruFZTIU2kZwN3qvB UjrWn488Ri2t20awnI1NvJnYI6hki81QcgkHaRlSRyMnGTxWn4Y0VbV7rVLjT7e1vbyTeVhkZwq7 VHGeATjJxj881zttu7OhJJWRakez8I+GWd3H2a0TlmIUcnHJ6Ac/hXPQQReMorO90y9i08wSoblI lWYTwbw+0MGG3dg/Nz9KyPED6hq/iiWz/tcW6xXcfk6bcL5byL+7DSROD82CSdpDZJxkZGPRdMsE 06yWBdhbq7pGE3t64H0pDLgGBiiiigAooooAKKKKACiiigAooooAKKKKACuR13wRBqKn7MY0LzLJ iZSyRHepd0Gfv4Xg9jzXXUUAcLceOG0vV7uC5FqmmQXENhau8u2a5nYJuxkgbV3cnH8Jrc8U+H/+ Eo0NbSO7FvIssc8Uu0uoZWDA4DLnpxz1weehZ4k8Nx6pZ3D237q7kCBnAyXRWDFB6BsYJ9CazdB1 XUND0m7u/F2qWSWolVbeTyjCQCqgqVJOMNkDBPHNAGbp+pXfhWSa3nVxbrdR28FrK6BthVN824ty MlznA9Mcc9if7K8S6cWt57W8gJwJIpBIoYEHGVPqBkUmq6ZaeIdKaMOhEgUxzqN2MEH8RxgjPSuM dtS8Kazq95cXlvDbSzQSAJaFRduQkSqDvITgKuAOo3Z5wAC7qWrzeEIZ7YXUE2p3Uv22We6UxW6R AorD73y4QYHON3J611Oi67Ya/aPPYTrII2CSDoVbAYZHuCCPUEVUhuLHxJp13YT3dtNIrBZkgbmI kB1HU84KnPQ1yeuWN94PnOtJqU86SXcLygrw+SkbbznksoVFAAAOCc80AdL4h8LJqb/bbNlg1BWV w+OHIxjPvgcH2FVND8Vut1LpmuPFDdxuEV/ug5AwGyepz+orU8M+I4PElpdSxR+XJa3Bt5kznY4V WIz6gMM+hzUmv6BDrlkYywhuFwY5tuSpz6cZFdEKqkuSpt37HPOk4vnp79u5r5yMiivNf+El1fQJ ZtIklgnNvKo8wqSQuASOvofwzXodpdRXlpFcxOrRyKGBByKmrQlTs3syqVeNRtLdE9ISFGSQB6mu Su/FFzPd3EOn+SsEL+WZWBZmIAzgZwOePwrHnN1eSM93eSy5YEIPlUDjjA+lVHDye+gpYiK21O/e 9tIzh7mFT/tSAVCdY0tThtSswfedf8a4UQxDogpfKj/uL+VaLDLqyPrL7Hcf21pX/QTs/wDv+v8A jUq6jYv9y9t27cSqf61wflp/cX8qQxRnqi/lR9WXcPrL7HoiSRyfcdW+hzTq81a3PWGWSF8hgUYj kdOh9q0Ydd1i0j/10V2d4+WRMHbwCAQfxqHhn0ZUcRF76Hc0VT0vUotUsxcRArg7XU9VYdR+tXK5 2mnZm6aaugooopDCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK KKACiiigAooooAKKKKACiiigAooooAKwPEvnqLR3dRZCePzFAw27cNpznpnFb9RXFtDdwmKeNZIy QdrdMg5H61jiKPtqM6V7cya+8OtzynT7izh+K2ssF8tJbSJTJsIWRwMn5uhOMV3/AIckZNIkmllQ Wu9mhLEfLHjufrmph4es/tMkjgvCxBWA/cU8cj8qwfF2pwpFD4dsHjSaeWONwp+5lgQvsTkfga4M nyaWHrOTle6S8rR6vz8undixFdRjzMrRJJ4v8VNOJl/s6xlUptGd2MHB57nP4Guj8Uatc6JowvLW 383E8SSNtLCGNnAaQqOSFBJx7VPoekxaHpaWqspbO6WQDbubABP6D8q5i58SajqfiG5tdEureFrO VIDHcoHWfO0ttw42sA3fsM45Fe3WqKTtHZbGVGm4q8t3uR+EbGTxDDJrOoXWn39tdXAuI0jjbdC4 VR8rbz8p2htpAxu75zU/jTxUlgy6ZYatbWt7L8g87Cr1GR5mcI2DxkckiuvdoLG2luJBHEv+slZV 4Jxgk469BXmmhSX3izxjqxkt7eOxguY1leKTzBJtRG2sh4KupGDjIIJz6Ymx2vhQ3k+jrNfXRugz boTLEFkRcDhmBIY5yQwxwRW9TURY0VEUKqjAAGABTqACiiigAooooAKKKKACiiigAooooAKKKKAC iiigArL1rSG1RLZ4blre5tZRLFIFDDjqpB7EcfjWpRQB5dY6prPhO+1D7Xb5iM6ST+dcDYseEDzl iQqDGQE77c8k897BdaT4q0VntbmK7spwULxNn9exq7eWVvfwCG6iWWIOkm1hkblYMp/AgH8K4G5i 17w/4oa4TUIbptQmPlwXHyRqvyjO/PYA4XGcnrjigDL1Xw3e+F7o3UcrS2/9oW9xC4wpeT5VPmnO Niogwo68nOTx3Oja3a+ILRrO9EK3m3Mtq3B2knB2nkA4J/CrGi67ZeIbS5Me1vs0vkXC5BUPtDEA 9CMMOazr/TL7RNLv5tIvF+03E6OZ75fMS1iG0MQAQWwoYgE9T1xxQB00USQxrHGoVVGABT64rwv4 6sr110zVdWsDqzSFI0jHlGRcArlSxwxHOM967WgDD1Pwnpeps8jRmKdyCZIzyT/kVZ0fSRo2nNaL cPMm4spYYKgjp/n1rTpG+6fpWjqzceVvQhU4KXMlqeMi+u7O4ukhMbI1wzEOpJHOMDkelX4NchYA Tgxt0Py8VlXH/H3cf9dW/nUeQO9e0qcWkeM6jTZ0ialZOSBcoMHHzHFK2o2KDL3tuo6ZMoFc1mk4 z2pexXcftmdINU04nA1C1J9BMv8AjTjqFmBn7VCfo4NcwSi9do5xTsjtij2K7iVZm/LrFnGDiTef RVzWfLrV1IxECxxpnguuW/nWezquNzAZOBk0tUqKW4nVbPRfh6XbQbhncuzXbkk/Ra6yuT+Hv/Iv z/8AX0/8lrrK8bEaVZHr4f8AhRCiiisTYKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigA ooooAKKKKACiiigAooooAKKKKACiis7UNbsdNkEdxL+8IzsXkgetAGjRWD/wl2l/3pP++aP+Eu0v +9J/3zQBvUVg/wDCXaX/AHpP++aP+Eu0v+9J/wB80Ab1FYP/AAl2l/3pP++aafGWkAkGVgR2xQB0 FFc//wAJno//AD2P5Uf8Jno//PY/lQA/xbqM+maIbi2cJKJUAJGe/Nc14NuU1DxBd3l0rS3j4w6L 8q8Dr6HpXRStpvi6BYUuG2QyK7oAMsBg4+hq3ql1Z6DorS+dFZQoyIrFNwyWAChcjJOcD610xrRj ScUtWc8qUpVVJvRGD441CC/0e50mF42cyKs4+0eSyAFW4PXk4GenWpPBWiRRJLrMqo9xdbQjNDtk RVUJ8xBIc/KPmwOMVi+GLR/EF5PN/aVrf28GoedJId0rIwVCEjkDAIBgZQg9Tnqa6jxjrZ0TQnkg e3W4kkjiT7Q21MM6hgW/hO0tjPGcVzHQc3q3i7VL69n0/SDYxahZXSBUe5BFwAUZlGOOVbbtOGBI 9RXd6ddG9sYbloWheRctG4wVPcGuX8F6G9mk939teSCacyrA9qImVtqr85yd5AXhvTHpXZUAFFFF ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFV72ziv7Ka1mB8uVSrYODz6VYooA8/8A HFlqVl4etNPsXWPS45IInWNW86U+YuACpG0DGTx82MZGc1Y0X4jaPPPcxX+o6dZwpKsNqWulLSjC gsecY3HbuHGQRnINduyq6FGAKsMEHuK5S+0TUNNfVJ9HSxl/tGSL93dRErBhUjJ4IyoVS23jJ7jr QAniHw7GLO71HToo2u2mF0CU3EcLv2YIyWCjrVvwdd67e6R5+uRLHKzEoDH5bbTzyuTjHT8K5XwL 4tf7K8N5qUd+j3wt4Z+jTyNsyIlyf3ahhk84z1r0ygApG+6fpS0jfdP0oA8TuP8Aj7uP+urfzq5Z yommzqs0MVwZQcyAfMmBwPxzVSRPN1Jot4TzLry95Gdu58Zx361Yn00QW93N9uhZbeREU7cCUMyg kc8Y3DPWvoNLJPyPC1u2lsWLkaZEoa2aORsAjcSeSBwy5z1z6UxltVWZI3tvLE7OuRlm/dpjv0yC Khj0yeR5AHiUKVCszYD7sAY/E4qNLGaWFZYyjIZPLLbhhSMEkn2H8qSS7g039k0IY7GCNZftULSv nKqCNoKjjqe+afONNe5kLTQMjXHysp5C7VwCPQnOT6VSOlT5YCSIlZBHw3Ukgcfif50n9lzkErLC /wAwA2uDnJAz+ZxSsr35irStblJZ/sqRXL28luEY4Cs25z93GzB6Z9vWs0dBV3+y5ikjiWAKjiME uBuY44Hvziq9xAbW4aFpUkKhTlRjGVBwR+NXFrZMiV+qsegfD3/kX5/+vp/5LXWVyfw9/wCRfn/6 +n/ktdZXiYj+LL1PYw/8KIUUUVibBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAVxXitPN16xhJwJWjjJ9AzAH+ddrXF+KGWPxFp0jsFRJImZicAAOCSf bFAEt14e0axdVutTWBmGVEjqpI/GoP7M8N/9ByD/AL/L/jWlqp8P6tJG8+rW6mMEDbOv+NUP7K8M f9BiH/wIWgBn9meG/wDoOQf9/l/xrQHg2zIBFzKQehql/ZPhfIzq8JwQf+Pha6FNc0dEVRqlngDH +vX/ABoAzP8AhDLT/n4lq9aaTZaLYTnZ5wBMrFlBPQDH6VP/AG9pH/QUs/8Av+v+NTR3UV/aSPYX UMnVRIjBwrfh9RQBmw6lp80Vk4sWAu32IDHyp96tWUllfPcKlqqmCTy23IOTjPFIltqwW0DX0JKP mc+Uf3i56DnjjNWbSK6ie4NzcCVXk3RALjYuBx785P40Ac/4dULr2ohQAAeAPrT/ABH4avtUkeax 1ER+Zs8y2nUtG20jDKVYFHGODzz1Bpvh7/kYNS+p/nXUM6oMswUepOKAM+LyND0ky3dxkRgGadwN zngZOOp6D8q4lfO8XazcReXOsa3IH2mJwEe2wp2smSQSdwweeMjium8W2Wp3+ksumyQMNp3wSxbx J6dCOh5xkfUVN4W0QaJo0UUgH2qRVacgkjdgDAzk4Hpk0AbMcaxRLGgCogCqB2Ap1FRXFzDaQNPc SpFEuNzucAZOKAJaKwm8WaYupC0M6bTx5u8Y3YBxjqeCOa17a7t7yLzbaZJUyV3IcjI7VEakJ6Ra YXJqKKKsAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiimSTRRDMkiIB3ZgKAMyy0GG 11a51KaTz7mVsRkrgQpgDaoycdMkjGc1rVSk1azQErMsn+4c1Tl108+VD9C1Wqcn0IdSK6mzSN90 /SueOs3jZ/1SjttU5/nVeW+unDEztz2HFWqMupDrI88mYrfSupwyTllPoQ2RTxe3QCgTNhcbR6Yb d/PmoWOZZSeu9v50h7fWvcSVlc8ZvVkr6pNI7O90pLOjdsblIK/qM1MNavFMeZ1YK4YAgZ7ZI98V eu9WinuJoRs+zlQFkKknO1QQORxweO9DXVnbwzRxy27vIYiziIhSVkU9OccD9KzurK8S7at839fe ZranPKX2yxqGlEu1V+6wwQRnPoDSLfzxklZyCf8AHP8AOta4vLO6uriaSW38t7gFlMZ3uo24IPYD Bzn0qBr+APcbEtdvnP5YMJ+4FXZjn13U07r4RNNO9yi19cuWbzfvSrMcDq64wf0FMlmkmYNI25gM ZxzT71oXv52t8eSSpXAwPujP65qCrSVr2IbeqPQfh/cQpoU6vNGrfa34LAHotdeHVujA/Q15l4VA /s+5/wCvpv8A0Fa3ld1+67D6GvKr0b1G7np0K1qaVjsKK5Vby5T7s79c1ONYvVHBiP8AvKf6GsHQ kb+2R0dFYkeuv/y1hX6rVyLV7Rx80nl/7/FQ6cl0LVSL6l+io47iGYZimjcf7LA1JUFhRRRQAUUU UAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUVyl38RPDtj4pPh25uZY78TRwcxHZv kAKLu9Tn+dAHV1ha34ebVrmOZbkRbV2lSm7P61kp8UvDEljqV8txObXTpViuJfJO0MzBQAe/JFXL v4g+GLHUbOxuNUhSS7h8+Niw2BMbtzN0AxzzQBW/4QmX/n+T/v1/9ej/AIQmX/n+T/v1/wDXquPi 34NdL0pqgdrQbmQL8zgdSg/iAHJx2BPSmxfFzwnNpyX0d1O0L3P2VMQnLSYU4A/4EPzoAtf8ITL/ AM/yf9+v/r0f8ITL/wA/yf8Afr/69bes6/aaJoo1S5WQwl4kVFHzFpHVFGPqw/Ws7xB490HwvqVn YarcvFcXZXYAmQASBknsMmgCr/whMv8Az/J/36/+vU0Hha/tUKW+r+UhO4hYzyfXr7UsnxC8PQ+K T4dmuXjvvNSEbozsZ3ClVDdMncKkl8feG4bfWJv7RjddIYLeeWQxQkgcAdeTj6gigA/4R/V/+g43 /fs/40h8PaswwdcfqDwhH9aSP4g+GZbKa8TU4mtobdLh5QcgKzbQPru4x61XtfiZ4Xuo0f7cYAzS L/pCeXgogds7unysD+NAF/T/AA7c2S3jf2iTPOMJII/ue/XmuG11NXt9XFhfXElw7yIIeyynjGBn 1IFelaNrFnr2lQalp8hktZgSjEYzzirrIr43KDg5GR0Nb0K/sntcwr0Parexwtt48lsNttq1gInQ hP3eV447E/jXR2nivRbtcjUIYmyF2zOEJJ9M9auavf2+l6RdX10FMMEZdg3fHQfnXFWX9i+I9Ojv b6G0sZLhRMssFypXyzjDH0znH1qnOjN6q3oTyVo/DJP1O/jmimXdFIki+qsDWN4mM62MTB41tBNH 5+R82N64wc4Az1rDj8G3do5udJ1zCEh1XbwenVg2D09Kiv7/AMU2sLx3tla3tmWXcTGTuHHQhh39 utZ1sJGvTlTpz3TXZ6j9vKKvOLX4nDanc3rfFPSLq+tJI2a+eCz5BUwCNct165LE+gxXq+gSyIuo yvNF9gSYlCeq4UbiTnGOtcvZa5oM9yftKS2yGRS9uOUL8DOeoHTI9q6K7n03UfD93puh6jYpNMmx QJR8u7APGc9M14uByStgqinU6R5Va9mr3v8A8DXvc2+s06mzL2g+I7DxDp6XtpIBFI7LGHIBcA43 D1BI4rWBBJAIyOteX6h4Iktd1zGhe5N9p8FnJGmfIijMe98bsckOfUZ7msey8aanp9zLHY6hb3F3 q+pTOFuEMgtY4wF2BA6lmO3OMjGeleqUe00VwFj8S02tFqNg6y2lvHNqMsfCW2/7u5SSRkYODXR6 R4x0DXLe5nsdShZLYp53mHZs3qGUndjggjB6Hn0oA3KKiS6t5BGUniYSfcIcHd9PWniRDIYw67wM lc8gfSgB1FFFABRRRQAUUUUAFFFFABRTJJY4ULyuqIOrMcCsq71oqSlqFJH8bDIqowctiZTUdzVk ljiUtI6oo7scCqFxrMEYIh/et2I6fnWJNPLcOXlcsT27VHW8aK6mMqz6F6TV7uTcAURT02jn881S ZmdizsWJ6k0lFbKKWxk23uFFFFMQVj+I/Eul+GdOa61K6SMn/VwggyS8gHaucnGRn0rA1vxvdHxB /wAI74btEvNTSRRPLMpMMC8ZJwRnANde9pDciB7uCGWWIh1Ypna4xyuenIpXT2C3c4G1u4r63W6h OY5fnX1APPNTV1eo6Fb30jzIxhuHIJkAyD0HIzzwKy5vDV7GuYrmGbkcFNh/ma7Y1421OKVGV9DI oq82jaipP+j5A7hgc1A1hfKcG1k/CtfaQ7kckuxBRUwsr0/8uknp0qVNK1BxkWrD6kCjnj3EoSfQ qUdK1I/D1/I3zNDEM9WO6rcPhcCQNc3fmoGB2LHt6dicmodeBaozfQk8KEHTrkgjH2pv/QVrdrDn 0K7bxFa6nbavLb2sK7HsRHmOQfXPH5GoJvHGhWniK40O8vUtbuHZzOQiNuVWGGJx0YVxTlzSbOyE OWNjo6KRWV1DIwZSMgg5BpaRQUUUUAAJBBBII54q5Fqt5EAA6uP9sZqnRScU9xptbG5b61G52zr5 ZzjI5FaMU8M67oZUkHqjA1yVOjkeJw0bFSDng1lKinsaRrNbnX0Vh22tSBttyqlSeGUYx9a2IZ4r hS0MiuAcHac4NYSg47m8ZqWxJRRRUFBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV51qnwzm vfG0viaLUlWVr+3uRbSqzRMkaKpBXI+fK5Dc4r0WigDzHQvhnqGm6VqWl3Vzpz213eJc+bFE4lfE gYh8sR0GBgCs1/gvdyFi+swFmnlAkMDEpA0IjRQN3VeT1r2CigDz3TvAuum706TV9V0+SLSrSS1t FtLZ0L7k27nJY447Csx/hdqq6B4csReaZcy6RM8jLcQyeXJlsjG1gQR9eor1WigDjNdtdT1bxRoG leQF0+0ZL+6nCHaZIyCiDJ9Rn8qzfH3w+1LxVrNtfWN1YxBI1iJuUcvF84Yum0gbgBwDx9Oo9Foo A8yu/hlqh8RTeILTWYG1A3McqJcxM0JCwpHuKBhh8qWBB9BWXH8HdZtILhbfxLFO97B5V0txA20f vRJlMN656+tew0UAeaj4Z3ttLq5sdStYo7j7M9mkkBcQPG6yMCMjKllJGMEbqk1r4f6r4vurC48U XGlzfZRKPKtIpY1OVGw8sTkMCTzgjjHr6NRQBg+DNAl8MeE7HR550nktkKmRAQDyT0Nb1FFAFLVr D+07BrXMeGZWIkTcp2sGHGR3Ari9f0PVJr77RdWkdzC00Mjm3XcMRsGUGMnONwBOCeleg0UAeOBt T02IWdpexq8EXk+bKpjDl8Akoz9Azk4B4C9TXR6v4wfw2U0+2n0+cx2q+SrOS00nyjHDcZLrjrnI Gea7ye3huYjFPEksbdVdcg1iXnhKwnt5Y7VnszIQT5f3eMdV6HoKAMq18X6FqMh0zXBa2+ox4S4j kI2CUIshVWPXAIP4H0pH8K6FrG640fUo0YuQGgcSKGXqMA9R6ZqLUfCmspYTJBqlozSXEU8krweW cIytgfNtGdgBz1BPrxo6DpGo2en3FxcLbvqM2+UsY9uZmABIwSApAXA6+9aQqzh8LM50oT+JGZZ6 frdj9o/sjXrXUjDLsliHOxsD5WG44OMcZ71Uv9fu1UxeJNGt3iSQHesbJtPHQknmqPh/Tdf8NSz3 M6rA0sw3STKZR5Q+eQkKRyckKfpWrB8TbT7NNJIkVwxufKt44nVWlQRrIzbSxPyq2T0+nINa/WFL +JFP8DL6vy/w5NfiEtz4X1nTb6IX/wBgN9dQTzvJgbjGYyBk9iIwv0zVTxD4fuL2S81fR79L83Gp 29zLDasrERxpGgTGSGA2liOM5PTrWtqWreC7ywubu4mtgImjE7BhGUZ9mMngZ+Zc0w+CAzC60bWf KjYhl+Xepx6MGFCjQl1cfXUblXj0UvwOLt9Og8OeKDf6xq1zAumRC7ij2GITPIR+7C5IwDhcDu1W NX1fV9H1e2u57yK1v764gvr8Rg/uLVWijERDNwCTlm4+909env7bxTZInnxWuqQQzJMhkjLEMMYI AIIwee+OtZ19r2k6xFe6d4g07yZLsJFM0LbX2gqw688Hmj6rNq8LP0F9agnad16k998TvK8U3lnY x2VzpdjAXlnSYM8khC7VXBwASwXkdc4rd0fxxZ3izQ6rENLv4buGza2mkBLSSorxhSOuQ36Guem0 Lw3qSz28Wt2SW07WkSWkuFMcUTo5QfMCWZlzn1PQ93a5YR6DrmjTWWnzzaMt39pupoczN5uAidW4 A+U9+h4yawlGUd0bxnGXwu56B/aFl9tNn9st/tQGTB5o3gf7uc1Zry7TtS0q++JjLZix1Fb2T7Q7 pEVubKRERQHOeVO30HXHavUakoKKKKACqd7qEVojDcrSjGEB5/GmajqAtYykTIZzjCnnA9TXPu7S SNI5yzHJNbU6XNqzGpUtoiS4u5rpy0rcdlXgCoaKQkKCSQAO5rpSSRzt31YFgoyxAHqTVVtStVGR Mrj1TkVmX169xI8QK+QCNuOpx3P41TrGVXWyOKpine0TfXUrUjLTKg6ZbirQIYZBBHqK5aue1Txp qFhq6eH9Et1l1CZkLSTozRwqdo3cEcAdewpRrfzFUa8pys0d3rms2ugaNcapesy28AG4qu45JCgY +pFYvhHWtf8AELz6ld2sFlpLHFrAyHznGB85bOMde1bmkw38GnxpqV7FeXXVpo49in6DJq9W++p2 aWEVVXdtUDcctgYyfU0tFFMQUUUUAFV5b62iJDTLuBAKjkg1S1G/KsYIHAYEb2HJHfFZXJPPJNYz q2dkclXE8r5Ymf8AD3VvMstaF3dPK66vKqM5Jwm1MD2FdvFNFMpMUiOAcEq2cH0rjLCWwle8FiY9 yT7bjYuP3m0dfU4xzWjBcy2z7o24yMgjINRGq1oxfW3zarQ6Wiore4juY98bA9iAeh9DUtdKdzrT TV0FZ+s6LYa/pkun6jAJYJMEjoQQQQQe3QVoUUDOevd3g7wef7Ls57/7IEVIAS7sCwBP4Ak/hS+G vGei+KIM2N2guR961kIWVeAT8vUjnqOK6Cqi6XYpqcmpJaQreygLJOF+dgAByfoAPwpWfQd11LdN d1jUs7BVHUk4AriNZ8aar4a8SSR6xpsY0CSREgvoQSUyFyZPmPQn0HStWfU11KMSQSpJaPhoyvRh wQfeplNRMa1T2cbmy+pWq9JQw9V5FKmoWz9ZVXnHzcVz9FY+2kcn1qZ1QIIyDkUVh2OomAiOZsxF vvH+Ht+VbnXpW8ZqSOunVVRXQU+KeW3ffC+1s59j9aZRVGp0NjqcdyoSUrHLnAXON30rQrjuhBHU HIrd0zUvOHlXDqJM4U9Nw/xrmqUrao6KdW+kjUooorA2CiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAOV8c3ckNnptsqBobm+jE42sSY0Pm EDBGCdoHcexrN0fxFrgvIEurWz+z3V2sIRNwlTKBmOCcAAEce3vx3TxRybd6K207l3DOD6imG3gM qymGMyKSVcqMgnrg0AYF14wtbO6mhuIzCI76OzEkp2o28LyD7bsYrSltNM1Z54ZbdJTFhHYr6gNg H0IxWPqXgLSdQ+1sY13XMrzMJFDqJHRUZgD3KLj8ay7HwZqGl+ILW4t4bOaBrlp7qV5mUjhQNqbT lsIvORQBqXHg3fC8EN+wtTfJepbSRBkVl2kL2ON67uaoy6RrWh6XpVjZyPcQQAtO1smxnkyT0JOF z2qrqHjPUtFbUpr0Kri68q2t5YWRNoVSAJP4i2SAR3OOoNa8PjeBFn/tG2FrJA0MciLLuPmSKrBR kDI+br3x68UAYOleMvEBF4JzZX8iTRRALbvbCFyoaRCSzbtqnOfU4+m5ZeLrXUftqajYPb2dukTN PKN0bF1Dfpn9K1LrVdES0sp7gwtDfTLDATHne8nygfj0NZ2reBdG1bzQiiBmlDyLEBtzsCH5ex2A DNAD7zwpoWpKzwusLttfdE44Bxjj0P8AWqMfhLWdL3Npmshl3BhE8ZX06nJzVW88CSDTryyjstMu re41GC4beGjkaFGjLKxA5YbOO3QH3uQXfiDSdK1a6lha6nl1CKKwguHCBI3Mac4HAUl275x2zgbx xNRK17rz1MZYem3e1n5EE3iHxPpEzC/sIJYQwBkSNgT075x+laVh450y5bZcB7Z9wUbxkc459qzJ fHhstROnX1pHc3nnxQSQ2cm9ULFFYjKgnBcHkdATU9pqHhbXFvZLyxsreSK7FtvdArOSVVCGIGck gcZ549qr2lKS9+NvQj2dWPwSv6nXwXMFym6CVJF9VbNFzOttbvK3RRXH3/w/sZJjJY3HkXAIZA3O 3GOneqNza+J9Ki+zTXMN1CWDKA5Y8Y9RTjQpy+Gf36CdapH44/NamrLK08zyvjc5ycflTK58+I7i Gby7nTwuDhmEhyOnbHv61pW+r2dwBiZVJIGGOOTXS6UorYwVWL6l6s7V5ttv5IJBcjp6A5qeO/hk vZbQNiWPGQe+QDx+dYWs3JguJ5WUMFZVUA9eAP8AGsat4q3cxxFRKm7ddCMsFGWIA9Saq3OpW1tG 7F9xUZ2oMk+1Y8ztczNLMoycYXOQP8mmqipwqhfoKxVLueU6vYoabqms+Ir5bprpNJ06C5XbA0JM s6jBIJJwAemRXaZyODwfSuaZEb7yKfqKWEtaOZLYKrEjcvQMM8j2odLsXKupPayO90mZnhdGbJU8 fTFaNcrpF8sk6ShMZcREemSP8RXVVrTd1Znp4afNC3YKKKK0OgKr3s7W9nJKn3hgDjPJOKsVka5d LDGquQE4JP6VM3ZGdWXLBszWYuxZjkk5JqvJeW8J+eQAgjgDJrGurmS9JWRQsIYFV4OePpUSxopy qKD04FYKn3PFlU7B4ecWV3rRn+RLm+82IkfeUqoz+ldIrK4yrAj1Fc4VVhhgCPcU0RqjB4lVXUhg cdxR7JdGN1nJ3Z2em3LRXAiyPLc9Mc57Vu1xWnX32lj5iqskTg4Bznoc/nXZxvvQN6jNaUm/hZ6W EneLQ6iiitTrCiiigDL1a4wgtxg7sFgR+Irl9cTU2sA2k3UFvcpIrfvlyrjPKnnj/I96ua3eG3up miVWlkccMeAAACf0rAkUTSNJMFd26kjP+elc7i5u7PIrVv3nMJoHiW5vPtdtq9ulve20mxzCCY2B AIxknsa34ryCYkLIM5xg8ZrCAAGAMD2prRxufmRT9RR7JGMq13dKx01bml3Dz27CTqjbQfUYH/16 4O3uZbIEQojRlgSpOMdBx+FdVpVxi4Qphkk4zmlFOEjow1S00dBRRRXSeqFKCVZWHVSGH1HNJRQB 09hdfa7USHG8HawHrVqsHRJtlw8OBhxuz71vVxVI8srHXCXNG4UUUVBYUUUUAFFFFABRRRQAUUUU AFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUARzW8NymyeGO VAQdrqGGfXmsHVPBGgaorM+m2sVw1xHcmeOFQ5kQ/KxOOfTnsTXRUUAcb4j8HXF/HZf2S1jB9g8s 2kM0WIo3EisXAUcEKGxgdcViDw5f6drZGpQST6TdXrSyGCRmZz5aIjSDt8wY4HHQ9c16bRQB5tp/ iLVrDxMNJiiE8GoXafZFnlbMFsgVZD905PDED3HNdLL4oeLV9Ys5tN/0fTY45PtAmB8wsAcbcfKR n1PSt1rK1e6juWtoTcRgqkpjG9QeoB6iuf1HwkkouxYsif2jdwT3plJ+ZY2UkDHJJVdvJx+HFACX XgzTdS1qDWsKku5ZeIlJHAzhsZXd3x1qO98E20k1q9t5PlxXMMjxTpvUxoQdo98jd9a6tVVFCqAF AwAOwpaAPOdc0XxDbeKrzXrO1hnMzCCFhLhra3EShnA28tu34X6c1zNodds1ksr7VEtJNNMMpj3G RrneFkfJZR8uGK8eh6V7ZXPeJdHsL0JdXNlbTMAY2aSJWO09skdD6VpSdpEVPhOC0PX7jxBe3Fhq OiwAQsd7Ft4xhCh2le+49+Ntbc+h6fLGVW1jjz/zzG3+VT22mWdpd3N1BAiTXJUyMO+1QoHsMKOB Vuu2MpR6nHOMZO9jkW8P3iuzW8USIrgqZGx368A1k6m8st35cxRjHySOfm9a9Cf/AFbY9K881EEa jKSpAYjB9eBSq1XNpM83GU+RLlK42+ZGWClVdWIYZHBBq15tu3ngwxDdKjglQeOMjp9aq0qLukRP 7zhc+mTismupwKTRNCYFEqTrG+WQbgM4XIJwcfpUcxQzOY1VUzwFHFMI2sy+hIootrcTfQt6TKsF +quBtkkVv+BAjFehV5zYQm4vlxjETKSffINejDoPpVR3Z6mA+FhRRRVneFcX4olaW8eAomwOvJ56 AHpXaVxPiRSNSmk7CRV/NVqJ9Dixzapq3f8ARmQOoz0zViQ22+dkiiG91C4GAAAMnGOpxiq9FKx5 KdictGLgyhIni4IiPHOB149qgbYZnZECKSDgHPYUMpV8YGOuO49M0UJWBiD5ZopAiswdepx39a9D 0599kntxXnoUySRoBktIoxn3Fd/pP/Hl/wACNC+I7sA/eaL1FFFaHqhTJTtiY+gp9RXP/HtJ9KT2 E9jzmdxNfXMpUBy+DznsP8KfAYAX8+NXBwBkdORyPp1qJ4zHdXCnGfMzwfYUVG6Pnm9WSStH5bJH FGrBwFfPuvzE49jQnk+U0UsUTMZN5kH0GO3PSmpGZDgAZyBycf8A6/pTce1FkF2g7VpaCxExjQY2 3CN1xx8uaza0dBQi6kkGMGRV68g8VM9iqWsrHeUUHrRWx9AFFFFAFrTRnUYfrXT1g6LBvuGmIGEG B9a3q5azvI6aS90KKKKxNQooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACormBbm3eFwCG/n2qWihOwNX 0ORmiaCZ4nxuQ4OKZXRajp63UZeJUE4xhjxkehrn3Ro5GjcYZTgiu2E1JHHOLixhGQR61x2q6eJR JFGkYlRhsJGMAHOK7Kue1CJo7+Zj91yCv5AfzzU1dEmjhxkbxTOTIZJGjkXa6nBGaAcMGGMggg46 EVuz2UFwh8yFDk53bRn86pS6Uc/uX4PZm6fpUqonueY6T6Gf+AH0GKTksqqMszBQPqcVox6Tx+9k Oc9FPb8quQWNtb8xQIpBzuxz6daHUXQFTd9Rum2n2Rk8wK0skq5I7ZIGM+ldn0rn9PgM10h2qVQh jn9P1roKqldptnp4SLUWwooorU7ArmddslmnnV1UiTDLkdCAB/SumrM1eHdEswA+U4NZ1F7pz4mH ND0OGljkt5WjmABB+VgeGFJ0OfSuge3jnH7yJXA/vLnH+eKoyaSgDeSdnPC9AKzVRdTyHT7GczF3 Ltgsepxgn600nA/wq+mlOT+8kAH+yc/0q5Bp1tE25YVZ853MMkfT06U3USD2T6lPTrF95nuol3Ag xA87ffpxXbWEfl2aDHJGTXPqMyImPvOq/mcV1CqEUKOgopXk3JnoYOKTdhaKKK3O8KbIu6NlHUjF OooA4PU7F1keaGMGTOHGTlugHb/OKzgc/wCFdVex+VezKECrnIx3yAf55rPm061myxgRXJyXVQCT 9a5lPldmeHUp6sxCAeqqfqoNKAAMAYFXn0pw37uQbf8AaOP6U+PSYyv78l+eV7fyq/aIj2UjPWOW ZwkK5O4Ak5wo9a3tPsxC8EUagM0qM+D15Gf0FEVvDCD5USJnrtXGfrWlpcDSXPmYGxOpJ5zWfM5N I2pUrtI3KKKK6j2QpQCzKo6sQo+ppOpAHUnAFbum6Z5P764RDLnKDrtH+NROairsqMXJ2RasLQWd sE43sdzkdzVqiiuNu7uzrSsrIKKKKQwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAqne6fFdoT tVZeMOBz+NXKKabTuhNJqzOUuLSe1YrKoxnhl5BrL1O2863LoitKvQnrjPIrvJYo5ozHLGroeqsM isq80UsWe2Kgn+BjgV0KqpK0jlq0OaLXQ+cPEb2g8aT3CWax3ljJHIhDNuvJdqFF6YAB4Prjjk1P Z+KfElzaSlVtmd7uKFJmjKrGXCgpjbngk8/z7er6toD290862keSwLAKMg8cjjn161leRGny+Ui4 bdjaBg+tYuPKzz5z5PcnHY82PjPxI01lC1mkYNwscsuziTDKCBkcDBNa3jE2K63oc8jSNdx30LFA CVRNyknpXYm3gICmGMjPA2jqeP8ACtS00dJZBNdwRHaQUDAE8c88U4x5nYUJqU1yRsXdMtDbxO7h d8hyDjkLgYH8z+NXqKK64qysdcIKEeVBRRRTLCormEXFu8TAEH19RyKlooeomk1ZnjPjWHS38R2l heWKC6aSMz3hZsIgZTtGBySM9cfrms+58Y+Ire4vljtbdVibatv5ZbyQNgU5CjIbP6+leyajpMF4 DIIITPkfMyjke5x6VjS2ixyOJYVDnhiVHNck4crOSclTtGUbo86vfE/iiysroPBBI6XMX79BwiMi tt2leRycknPJx2NaPia7S98EwTalao01xtVEV2CBjj5iQCQB1xjtXZeTEQR5SYbGRtHOOlWLbShd bR5EQhRwCHTtwTgYpJX0RnGonJcsdfIqeA7YNoNoxkSYQRiMuueXxkkZA9RzXYVHDBFbxCOGNI0H RUGBUldUY8qsdsI8qCiiiqLCiiigDP1S1EkXnIgMi4BwOSM//XrxcXkOma5rWqWmoo6W8yxRWk05 +ZiUDOQBwi5P5V7wQCMEZFcve+FNOSaWeLStPKPnIFsm7kYI6cg85+tc9anf3kYTjyNySvfc89k8 b6oseyNNOnkNy8QmjdvKZUjVyV4z3IpLb4hXdxr1pZfYYFimeBDmT5v3gXkcdtx/Ku1/sjTAFT+z bMBM7V+zphc9cDHGe/rSjSdN82Nxp1n5iFRGwgXK4PygHHGD0xXPrc5vaUf5Th9dee1+IFlJBfKf Ov7eJ7dbklgp2AgxlcAe+T1r2HTrQ2kDBgN7tubH0AH8qzrHw7Zrem/uLC0N1uDLKYlL5AABLYzk Yx17VvxxvKwWNCxJxwK6aUOX3mdNKF1FtaobUkUEtw+yFCxzj2H1rSttFkLBrllCg52qc5HvWvDB FbqVhjVATk7RjJpyrJbHZGk3uU7HS47Yb5Qskucg4zt+laFFFczk5O7OhRUVZBRRRSGFFFFABRRR QAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFA BRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUANkjjlQpIiup6hhkVk3nhvT7o+YttCsuQQ SgIFbFFNSa2InCM1aSucs3h1rZmkitbc85zGAGP6VAyNGcOpUj1FdhTJIY5RiSNHB7MoNbRrNboy +rxXw6HI0V0kmlWbjiIJ/ucVTl0LqYZvoGrRVosl0pIx6KvHRr5e0LD2c/4VDJYXUed0LYHcc1an F9SOV9ivRSsjr95GH1FJmqEFRy28M67ZoY5B6OoNSZooE0mrMriwswysLWDK9D5Y4qwAAMAYoopW SEoxjsgoooplBRRmlCs33VY/QUAJRU8dldSfdgb8eKnGj3rdFiH+85/wqXKK6j5X2KNFa0WhOeZp gPZKuR6RaJ95N/8AvVDrRRapSZyxsbWWXebSJ5Cc7vLBOfrV210BwN0NrBBz1ICn68Cunjt4YRiK GNB/sqBUlZut2Q44WCd2tTKttFiTmdvMOcgDgVoxQRQLtiiSMeiqBUlFZSm5bm6ilsFFFFSUFFFF ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUA FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAU UUUAIUVvvKD9RUZtoG+9DGfqoqWindhYrHTrJiSbSAk/9MxSf2bY/wDPpD/3wKtUUcz7kuEXuit/ Z9pjH2eP/vmj7Baf8+8f5VZoo5n3HyrsVf7Nsf8An0h/74FA06xHSzg/79irVFPmfcShFdCIWtuv SCIfRBTwiL91VH0FOopXZVgooopAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAf//Z --_004_4A95BA014132FF49AE685FAB4B9F17F659497EC6SJCEML702CHMchi_-- From nobody Mon Sep 18 15:32:14 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE6041342EC; Mon, 18 Sep 2017 15:32:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_l3WE4TXPoT; Mon, 18 Sep 2017 15:32:11 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA58B1342EB; Mon, 18 Sep 2017 15:32:10 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3xx12t29wTzCQl; Tue, 19 Sep 2017 00:32:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1505773926; bh=7k2yIE0CoznE2VVdm9uwWSJQ37y5BA3z6JxBITxMqc4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=nmA2D8SRqrN2ysRyUidPdfqxoD51P42pY7q1wgS1a+NxtWAgy1XENaeq39yX0jtgy u2Q16pNOXQaNxXrH7P1WilTGpBjUrU5RGyGLLdzmxD5Y3G0ywc9eqInvvTU51vIpgN thSf1eXRUGf875swkiXxM4MtRyyJhJ+c4YMiWrgY= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id sJuE76310cVT; Tue, 19 Sep 2017 00:32:00 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 19 Sep 2017 00:32:00 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 4A2F043F6EB; Mon, 18 Sep 2017 18:31:59 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 4A2F043F6EB Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 422D340005A3; Mon, 18 Sep 2017 18:31:59 -0400 (EDT) Date: Mon, 18 Sep 2017 18:31:59 -0400 (EDT) From: Paul Wouters To: Linda Dunbar cc: "Mike Sullenberger (mls)" , "i2nsf@ietf.org" , IPsecME WG , Yoav Nir In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F659497EC6@SJCEML702-CHM.china.huawei.com> Message-ID: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F659497EC6@SJCEML702-CHM.china.huawei.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 22:32:13 -0000 On Mon, 18 Sep 2017, Linda Dunbar wrote: > If we need to use IPsec tunnels to connect a group of CPE devices, (as shown in the figure I sent earlier), do you still need DNS? Or the Key > management will be managed by the "Zero Touch Deployment Service" in the figure below? You can use any protocol you want to validate the public key needed. It can come from DNSSEC, a supplied X.509 CA cert, or you can specify/implement another secure method. IKE allows for the pubkey to be transmited and received. External processes can then determine the authenticity of the pubkey (along with the ID presented) The idea remains the same, you connect to a remote hostname or IP, are given an ID and you use that ID to somehow/somewhere lookup what pubkey belongs to that ID. Possibly also match that ID to the IP as additional assurance. Then once the pubkey is trusted out-of-band, you use it in-band to authenticate. It could be querying a blockchain, confirming a bitcoin payment, a centralised DNS zone, the LetsEncrypt CA, a hardcoded list of pubkeys, etc. If you have the ID of entities you connect to (eg a hostname) then things are easier to lookup then if you only know and IP address, and are then given an ID. Because then you need to somehow verify the ID-IP set. Otherwise, one node in a network can take over another node's IP address, and present its own (valid!) credentials. Paul From nobody Mon Sep 18 20:44:30 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A26C1342B4; Mon, 18 Sep 2017 20:44:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fc5ed2FqVETa; Mon, 18 Sep 2017 20:44:21 -0700 (PDT) Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4541412EC30; Mon, 18 Sep 2017 20:44:21 -0700 (PDT) Received: by mail-wm0-x22c.google.com with SMTP id 189so16302380wmh.1; Mon, 18 Sep 2017 20:44:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=+OTnL8CKvh3fwRgrz+blYdmk0sWnDpcWhnf8tAhWBpI=; b=KXDJ3oqT+C8ALMgMOe4PBLgJHfQcnZzev133BylsWoNoXsrK+P+OeSKz+u9C8nw9lk UWk0JoXRuHX9zgVjiJsWgRgmidsnxm8cgw2HOOX9Qkw/lgpkx7QNnQkTO3Fmf4c6eoKV VJzf5rEeNU96SGz/0mlpueCT32MF3Km4KYWvvJZEMb/3TLxg4DAQw/6VY2a5bqsOH9ee IFNS36ZWEZOvQv0o/oYnibCcOXJgpSEkLK1m6vIMXnnDjhDSX1X/eg82qfclUCrthd18 f/rhuUhtZp84B/aBB8T74gqXwEHq7rLFhbyUatJmtFe0X5fU3h1llz6zVTwd/oTC5c3F rNFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=+OTnL8CKvh3fwRgrz+blYdmk0sWnDpcWhnf8tAhWBpI=; b=QXllm3GQAmdBPQ7WmE9NdUYzXc1e7WGo7QJUUiuRZsTcSvgWfYKD3OFXuQASO6gE5E OoiGhIMvYMw2ynIrasA6QQq5e82G1asNVSaYsQLEt8QYVlLvcswFyCjQ7ifZ8yP5zdBl mgilIbU95xAUg3x8DYpiZras430cxhVOOlpdGaC6jMbz2QDKFkimaxUWP6vbHJnWFXUh nmimtsMiYIBiqdOea42prmHc18KV0Vt8z9INTkr6jx3Dh47OPCQy45dcpA/gOAJ9jevp 79vvSJETnFWK/4USY/sDRAWlB2jN9Br5Qi+Pw/6renYVJM7vGYvMCQK6OomygOtc/trE lVLw== X-Gm-Message-State: AHPjjUjioiltjlqJSYHrG4j5kZcmCXnJPRmrI05aYKKaNRFmhvdOgK2F LCAKNm4XYF1woaHDrqCkTSQ= X-Google-Smtp-Source: AOwi7QA4iLa9GUAxXm/QLVNiBbA4/tiyXTwIpJ4zo1c9jkcmkIpluJEURi0O0wstA/ullCA87kttlw== X-Received: by 10.80.135.170 with SMTP id a39mr329534eda.207.1505792659762; Mon, 18 Sep 2017 20:44:19 -0700 (PDT) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id l50sm5469085eda.80.2017.09.18.20.44.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Sep 2017 20:44:18 -0700 (PDT) From: Yoav Nir Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_83CB385C-8E1F-48A2-9FF9-2333CD11DEBD"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Tue, 19 Sep 2017 06:44:15 +0300 In-Reply-To: Cc: Linda Dunbar , "Mike Sullenberger (mls)" , "i2nsf@ietf.org" , IPsecME WG To: Paul Wouters References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F659497EC6@SJCEML702-CHM.china.huawei.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 03:44:23 -0000 --Apple-Mail=_83CB385C-8E1F-48A2-9FF9-2333CD11DEBD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi, Paul > On 19 Sep 2017, at 1:31, Paul Wouters wrote: >=20 > On Mon, 18 Sep 2017, Linda Dunbar wrote: >=20 >> If we need to use IPsec tunnels to connect a group of CPE devices, = (as shown in the figure I sent earlier), do you still need DNS? Or the = Key >> management will be managed by the "Zero Touch Deployment Service" in = the figure below? >=20 > You can use any protocol you want to validate the public key > needed. It can come from DNSSEC, a supplied X.509 CA cert, or you can > specify/implement another secure method. IKE allows for the pubkey to > be transmited and received. External processes can then determine the > authenticity of the pubkey (along with the ID presented) >=20 > The idea remains the same, you connect to a remote hostname or IP, > are given an ID and you use that ID to somehow/somewhere lookup what > pubkey belongs to that ID. Possibly also match that ID to the IP as > additional assurance. Then once the pubkey is trusted out-of-band, > you use it in-band to authenticate. >=20 > It could be querying a blockchain, confirming a bitcoin payment, a > centralised DNS zone, the LetsEncrypt CA, a hardcoded list of = pubkeys, > etc. >=20 > If you have the ID of entities you connect to (eg a hostname) then > things are easier to lookup then if you only know and IP address, and = are > then given an ID. Because then you need to somehow verify the ID-IP = set. > Otherwise, one node in a network can take over another node's IP > address, and present its own (valid!) credentials. This is what you do if all you have is a DNS. However, if you have this SDN controller/SDWAN controller/Zero-Touch = deployment thingie, why do you need public keys at all. You can just = have the controller provision the CPEs with identities and pair-wise = shared secrets plus addresses and domains of peers. Then you don=E2=80=99t= need any PKI, lookups DNSSEC and the like. Yoav --Apple-Mail=_83CB385C-8E1F-48A2-9FF9-2333CD11DEBD Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJZwJKQAAoJELhJCxUKWMyZlJ8H/jZuq/WYZ32NMs6FRtUOJWCw APJ5BF84S2++VmuFd1+TPiTS5RJLHMLoub0f08ZfmZX6Syq8RzWeHWK6lpTHDUWe xSDKSC6ZLmdRjpNYZQ94k74WIRk6By9ufqfEAy0VZrishngXWFU3BFlDPZH7Lsuf FINlFH2Gv8VUp0ncYypbf7jy/qeyTI+1gGqDCxxyCqJ/LJChxtiHdCxFmfeQHMht VQNr2HhEHL8lz9jUgjCesSWMQHLOCDQs4nPRY1Gc1vgWzQm20YxuHH5fJRtZTFtf RVC76FLIxXr4jdbZ99w1O+RJsFBdjd2SPFEEqPlUYQdBavfWaqXW0rxnBjW+IsA= =NWC4 -----END PGP SIGNATURE----- --Apple-Mail=_83CB385C-8E1F-48A2-9FF9-2333CD11DEBD-- From nobody Tue Sep 19 13:56:25 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79107132351; Tue, 19 Sep 2017 13:56:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4hBg6GZTVco; Tue, 19 Sep 2017 13:56:15 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06CA41321A4; Tue, 19 Sep 2017 13:56:15 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 73DE12009E; Tue, 19 Sep 2017 17:00:49 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3504F81637; Tue, 19 Sep 2017 16:56:14 -0400 (EDT) From: Michael Richardson To: "i2nsf\@ietf.org" , IPsecME WG In-Reply-To: References: <4A95BA014132FF49AE685FAB4B9F17F65946FE7F@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F6594703D1@SJCEML702-CHM.china.huawei.com> <4A95BA014132FF49AE685FAB4B9F17F659497EC6@SJCEML702-CHM.china.huawei.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is. X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 20:56:16 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yoav Nir wrote: >> If you have the ID of entities you connect to (eg a hostname) then >> things are easier to lookup then if you only know and IP address, an= d are >> then given an ID. Because then you need to somehow verify the ID-IP = set. >> Otherwise, one node in a network can take over another node's IP >> address, and present its own (valid!) credentials. > This is what you do if all you have is a DNS. DNS is a really well established distributed database with well established and secure implementations which caches really well. It has decades of proven interoperation. > However, if you have this SDN controller/SDWAN controller/Zero-Touch > deployment thingie, why do you need public keys at all. You can just > have the controller provision the CPEs with identities and pair-wise > shared secrets plus addresses and domains of peers. Then you don=E2= =80=99t need > any PKI, lookups DNSSEC and the like. yes, the highly available SDN controller can configure all the information, remembering to update all the nodes regularly with new information. Or the SDN controller could simply do exactly the same thing using DNS zone transfers using private DNS zones. (whether forward or reverse,etc.) No PKI. DNSSEC if you like, TSIG authenticated zone transfers otherwise, and numerous competing services that can provide DDoS resistance so that the SDN controller doesn't have to be so available. I don't really see the difference except new people can get paid to re-discover the last 30 years of mistakes in DNS implementations. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlnBhG0ACgkQgItw+93Q 3WUDQQf8CAd3q/WwZCO80SNY6ixIGFlVDz4KO/fNaB3zFe8qaQ2kfawTZJr+a0hN 1mhRlvheMqtcFWpWzNPDaQk4Qx6dGg00mGgaVEZOc9DgplZSNF4fCVUIsIr4GWG2 g1M7apg3O78Lv02IOEsOYK3/YeOLOSJq2ZIjGGYUB0ObLPhK/nCPWm4CXcfAKB3V 6Ga9FLMHf/TWPz3Jj+wBNrUHcgnKG9W5Nf8coE0997uNmeH4NOrg3zcmMs7V0d2e kaut8G+SNDVztiP4i8wKfWuh4Yx+D9b+qwPSvl+2q7aGXVY3nGCZD+B2aNfbcHVA 99cSvL3evOY2fZJBaVDZDrF9evstkQ== =upMd -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Sep 22 11:40:22 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CE013219F for ; Fri, 22 Sep 2017 11:40:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CHHKCP0GXR9b for ; Fri, 22 Sep 2017 11:40:18 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4075127005 for ; Fri, 22 Sep 2017 11:40:18 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0874E2009E for ; Fri, 22 Sep 2017 14:45:02 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 052AA806CE for ; Fri, 22 Sep 2017 14:40:17 -0400 (EDT) From: Michael Richardson To: ipsec@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Content-Transfer-Encoding: quoted-printable Date: Fri, 22 Sep 2017 14:40:16 -0400 Message-ID: <734.1506105616@obiwan.sandelman.ca> Archived-At: Subject: [IPsec] IANA IKEv2 parameters, encryption type=17 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 18:40:21 -0000 Why did we skip IKEv2_UNASSIGNED_17 =3D 17, for IKEv2 Encryption Transforms? https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml= #ikev2-parameters-5 -- ] Never tell me the odds! | ipv6 mesh networ= ks [ ] Michael Richardson, Sandelman Software Works | network architec= t [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ From nobody Wed Sep 27 13:04:54 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0DD1342F7 for ; Wed, 27 Sep 2017 13:04:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lj692oZZC1Hd for ; Wed, 27 Sep 2017 13:04:46 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C932713501E for ; Wed, 27 Sep 2017 13:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7270; q=dns/txt; s=iport; t=1506542682; x=1507752282; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=322TCE0XipyD/l6wuG7nfeEXjqjaVOftcQp0vxNTtqg=; b=ayu0jLtvAo8snH8Rhl5eEfg8efS/Trcp19rdaN7US6znoFnxhcguGR/o fFeMJQBYHsA1bYYZBiCUF/A9Mpmkm26MpNTvBvltKHq2Z2BOUtFczYYeV 6xCxpk0yfyqv5sIajZvKUgM0QUiq1eeCFH6N6qVU6mqHMSlGRAspn5Q1n k=; X-Files: smime.p7s : 4557 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CeAADpAsxZ/4ENJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUicHg3GKH49emCGCEgcDhTsCI4Q5PxgBAgEBAQEBAQFrKIU?= =?us-ascii?q?ZBiNmAgEIQgICAjAlAgQBEg6KI6d9gieLAgEBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?Q4PgyuCAoFRgWksgn2FG4J8L4IxBaEjAoQ6giGOApMGlRwCERkBgTgBHziBDng?= =?us-ascii?q?VSRIBhwp2h0aBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="p7s'?scan'208";a="298939667" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 20:04:41 +0000 Received: from XCH-ALN-009.cisco.com (xch-aln-009.cisco.com [173.36.7.19]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v8RK4fJQ030523 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 20:04:41 GMT Received: from xch-aln-007.cisco.com (173.36.7.17) by XCH-ALN-009.cisco.com (173.36.7.19) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:04:41 -0500 Received: from xch-aln-007.cisco.com ([173.36.7.17]) by XCH-ALN-007.cisco.com ([173.36.7.17]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:04:41 -0500 From: "Graham Bartlett (grbartle)" To: Michael Richardson , "ipsec@ietf.org" Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2 Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ0fkoAgAIguwCABYr/gIAAg/cAgE012QA= Date: Wed, 27 Sep 2017 20:04:41 +0000 Message-ID: <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> In-Reply-To: <7769.1502301632@obiwan.sandelman.ca> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1a.0.160910 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.142.69] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3589391116_935333229" MIME-Version: 1.0 Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 20:04:52 -0000 --B_3589391116_935333229 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable Hi Michael Is the main rational for not having fragmentation in IKE_SA_INIT that it co= uld break the features of IKE that you list below? The reason I ask, we=E2=80=99re working on the current draft and looking to imple= ment optional fragmentation in the IKE_SA_INIT, but this would be friendly t= o cookies, TCP encaps, NAT-T etc cheers On 09/08/2017, 19:00, "IPsec on behalf of Michael Richardson" wrote: I agree. All of the DoS (cookie, etc.) defense and switch to TCP, and detection of NAT-T, etc. is in the IKE_SA_INIT, and so doing any kind o= f framentation in IKE_SA_INIT is a bad idea. --B_3589391116_935333229 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIRyQYJKoZIhvcNAQcCoIIRujCCEbYCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGggg9+MIIFbTCCBFWgAwIBAgIQDZu2aTrsxkrY+ilxZLyNgTANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln aWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTYw NTE2MDAwMDAwWhcNMTgwNTE2MTIwMDAwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRwwGgYDVQQKExNDaXNjbyBTeXN0ZW1zLCBJ bmMuMRgwFgYDVQQDEw9HcmFoYW0gQmFydGxldHQxITAfBgkqhkiG9w0BCQEWEmdyYmFydGxl QGNpc2NvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqOS+hfMCqvKj+e gZdgQIEPbPvc6Mv9fJvK/hNbeOiOwBepKx73eSUh+gABrR8i7ui5/V7XlyMPg/OgQr/6UZX2 QGaqBNkiVkOqNDjwjDz6+voKVS2MNU0cCvxP5Xwb9VXgw2JzFAMMshknhP7G+9V6qxda7e5m fmBzYgCgewiITHD83tGiS/YuoOogmPfYnpQyCcnSdwj8MqnlvVfBQVdAOg+a7hv8zPcTA4mH H0Y3dqCIdNtj1QEm9D9YbDlCS1MZl/7byqLpEZA+la8Pva/r/lydbVuM7BXygqI+itXM9963 8kZim8zTh4r/wCi8uklBSeMRUHSmgocw5BpnIk8CAwEAAaOCAeswggHnMB8GA1UdIwQYMBaA FOcCI4AAT9jXvJQL2T90OUkyPIp5MB0GA1UdDgQWBBQmnj6AyXbjUyNRGN6Y2JOK17/CkzAM BgNVHRMBAf8EAjAAMB0GA1UdEQQWMBSBEmdyYmFydGxlQGNpc2NvLmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZI AYb9bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGI BgNVHR8EgYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hB MkFzc3VyZWRJRENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUH MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0B AQsFAAOCAQEAna7Ws4vfNhrcm0Od6wb6xiOBURSSXAgX7LE8chrD7UfTF+b7DKits6QY1Vvo 5s0ryCy2T4ikMMKzpAnQ9O0vvF5wbb2iF9zTyKv2M36uY6L6EbMC7QoQAihAiOGnLy4wwhsB qtoGHPL8f1ROW2xpK3twQm2jthhv7fzHRPnFFh4bwWLLISHsw7JKzaL1GuxghNr9W9CN7o2r OtnnvoSwdkPBlMmquWrUgCZ06UQfsD6nbVDvqlBlJGBsrfXk3y8yg3q+rN6LTqHccW4Rk1KS OkE8i/8NKTo8QXHSOa+jcK0o7mnjGXERklDnFGMiNVLbVhVa9CJynUpLjNct3q6+ATCCBk4w ggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMC VVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEk MCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEzMTEwNTEyMDAwMFoX DTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1 cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/AJ3kb LQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAf JUXo8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ 9ZEXjsYhrTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1x GOSm4IksG/OyczzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgw BgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhho dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0 LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1s AAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQG CCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUA cgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAA dABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAA UwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIA ZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUA aQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP2Ne8lAvZ P3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcNAQEL BQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mg VgxIEM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0 k4f5lpaBVUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEy br1DDE0023vGQtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIwggO3MIIC n6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0z MTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5 cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+Y MjZ2zN7dPKii72r7IfJSYd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nY Lxj+KA+zp4PWw25EwGE1lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGY M2wi6YfQMlqiuhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSS plazvbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8G A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQY MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQCiDrzf4u3w43Jz emSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwSTFjk0z2DSUVYlzVpGqhH6lbGeasS 2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1 bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/ N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHS oyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMYICDzCCAgsCAQEweTBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29t MSQwIgYDVQQDExtEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ0ECEA2btmk67MZK2PopcWS8 jYEwDQYJYIZIAWUDBAIBBQCgaTAvBgkqhkiG9w0BCQQxIgQgSbxUp288e+/p5AyesBQCT7Od vXADxUxaAGiQmA2XQKQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMTcwOTI3MjAwNTE2WjANBgkqhkiG9w0BAQEFAASCAQAvLqUCyAWU6A+PueRJCXwS7waY 3m8fIz4Z01q18Ziu/Zyr6d22Jdp6MMcpB/BCqvWFu0VbeeI+rR2xQfu+aisRcHC48PohsFXf +xqU9bLO3PKO7o5lurJN3q5UXPvgAEEBSQLrBbGfriLPq2fdv/D38Fknrfnoz0QSmZFqN0S6 xs00FaOSAYWKn8ObYtRAN8/gsHHfieSfq94Lk7b0PMAUZYPQUF61xJJWyoSkwR/7ME5YSh8S z/pp4a7mXp+yHyJa0NzxsnM1VW0FpFRgeKiaicSN8ZnpwbmOrILMcrkE/Sw9DCue5RT+gFPT jiB8WQzVasR6DD+25rjEqcxVSusr --B_3589391116_935333229-- From nobody Wed Sep 27 18:32:51 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCBD135236 for ; Wed, 27 Sep 2017 18:32:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.12 X-Spam-Level: X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wGOEUTBH6XO for ; Wed, 27 Sep 2017 18:32:48 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [212.16.101.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552D5135235 for ; Wed, 27 Sep 2017 18:32:47 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v8S1WiEO020551 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 28 Sep 2017 04:32:44 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v8S1Wiww005110; Thu, 28 Sep 2017 04:32:44 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22988.20795.994513.729963@fireball.acr.fi> Date: Thu, 28 Sep 2017 04:32:43 +0300 From: Tero Kivinen To: Michael Richardson Cc: ipsec@ietf.org In-Reply-To: <734.1506105616@obiwan.sandelman.ca> References: <734.1506105616@obiwan.sandelman.ca> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 8 min X-Total-Time: 12 min Archived-At: Subject: [IPsec] IANA IKEv2 parameters, encryption type=17 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 01:32:50 -0000 Michael Richardson writes: > Why did we skip > IKEv2_UNASSIGNED_17 = 17, > > for IKEv2 Encryption Transforms? > https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5 The original draft-ietf-ipsec-ciph-aes-gcm [1] had four differnet ICV lengths: 4, 8, 12, and 16 octets, and they got numbers for all of them [2]: ---------------------------------------------------------------------- IANA has assigned four ESP Transform Identifiers for AES-GCM with an eight-byte explicit IV: for AES-GCM with a 4 octet ICV; for AES-GCM with an 8 octet ICV; for AES-GCM with a 12 octet ICV; and for AES-GCM with a 16 octet ICV. ---------------------------------------------------------------------- Then after the IESG approval the 4 octet ICV was removed from the RFC 4106 (most likely it was considered unsafe and too short), but IANA had most likely already given out the numbers, thus the final numbers for 8, 12, 16 octet versions came to be 18, 19, and 20, and the number 17 which was most likely allocated for the 4 octet ICV was marked as reserved. [1] https://tools.ietf.org/html/draft-ietf-ipsec-ciph-aes-gcm-00 [2] https://www.ietf.org/mail-archive/web/ipsec/current/msg01012.html -- kivinen@iki.fi From nobody Wed Sep 27 20:18:02 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C82135290 for ; Wed, 27 Sep 2017 20:18:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56ITn7PSYFdP for ; Wed, 27 Sep 2017 20:17:58 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40BA1135291 for ; Wed, 27 Sep 2017 20:17:57 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3y2fyT406Nz3B4; Thu, 28 Sep 2017 05:17:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1506568673; bh=PphXhJHmmWEXwBu04oOilEhUu8Nx3agqIB6vNGHrK4c=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=P9A/rSpfJlhlTN5s5+XIgB7hOiAPyANPWste5IrKx6qPCGdRB/JljPMaqsy+xCbwf m3rKwrr5+4mWVq7JUjrI8ocCvEwrgpv0x0JV1gMhNoQcVAHIbHUWa4GwTYcMwYrfwO baJUxRDPe4hE8KaWk914hDJ/4CIqc2Fwsa7nCCKY= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id wEQ-3h2hgMsF; Thu, 28 Sep 2017 05:17:51 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 28 Sep 2017 05:17:51 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id A0D2B2E75BA; Wed, 27 Sep 2017 23:17:50 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca A0D2B2E75BA Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 8D7F34129B69; Wed, 27 Sep 2017 23:17:50 -0400 (EDT) Date: Wed, 27 Sep 2017 23:17:50 -0400 (EDT) From: Paul Wouters To: Tero Kivinen cc: "ipsec@ietf.org WG" In-Reply-To: <22988.20795.994513.729963@fireball.acr.fi> Message-ID: References: <734.1506105616@obiwan.sandelman.ca> <22988.20795.994513.729963@fireball.acr.fi> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [IPsec] IANA IKEv2 parameters, encryption type=17 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 03:18:01 -0000 On Thu, 28 Sep 2017, Tero Kivinen wrote: > The original draft-ietf-ipsec-ciph-aes-gcm [1] had four differnet ICV > lengths: 4, 8, 12, and 16 octets, and they got numbers for all of them > [2]: Ahh, so that's where it came from :) > for 8, 12, 16 octet versions came to be 18, 19, and 20, and the number > 17 which was most likely allocated for the 4 octet ICV was marked as > reserved. Except it is marked unassigned, not reserved. So one could use this number in the future. I for sure have never seen it in the wild on the wire or in source code. And if it is too weak, I guess we don't mind breaking implementations who mistakenly still support it :) Paul From nobody Thu Sep 28 09:18:31 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C626513421F for ; Thu, 28 Sep 2017 09:18:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dzM0oZ7RgYH6 for ; Thu, 28 Sep 2017 09:18:28 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C976B13300C for ; Thu, 28 Sep 2017 09:18:25 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1D846200A3; Thu, 28 Sep 2017 12:23:29 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5AD7C806A8; Thu, 28 Sep 2017 12:18:24 -0400 (EDT) From: Michael Richardson To: "Graham Bartlett \(grbartle\)" cc: "ipsec\@ietf.org" In-Reply-To: <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 16:18:30 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Graham Bartlett (grbartle) wrote: > Is the main rational for not having fragmentation in IKE_SA_INIT that > it could break the features of IKE that you list below? 1) we are currently working on IKE over TCP because we already know that IKE packets (and UDP encapsulated IPsec) are not get through. Adding IP fragmentation to the process will just make it worse. Adding IP-level fragmentation to the process adds additional state to the gateway, often hidden to the IKE daemon itself. Adding IKE-level fragmentation to the process adds an additional place that DDoS attacks can hit. So, one would have to have some mechanism to know what would get through, and if to switch to TCP, etc. before even trying. > The reason I ask, we=E2=80=99re working on the current draft and look= ing to > implement optional fragmentation in the IKE_SA_INIT, but this would be > friendly to cookies, TCP encaps, NAT-T etc 2) I think it's not possible to do fragmentation on IKE_SA_INIT (and any level) without opening up gateways up for DDoS attacks. So, don't do it in IKE_SA_INIT in my opinion. If you you want to do something, then it needs to be a new state between IKE_SA_INIT and IKE_AUTH. > I agree. All of the DoS (cookie, etc.) defense and switch to TCP, and > detection of NAT-T, etc. is in the IKE_SA_INIT, and so doing any kind= of > framentation in IKE_SA_INIT is a bad idea. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlnNINAACgkQgItw+93Q 3WX41Af/SWpWgZGt/tA8IwEGbNejmO7qKfAgVxXFSTYKCL8YJdZvx16ObC2FAn88 nArTHcO+AX3HpFrXhzsuLwAFaRElhsiUSE7PEopM6A6XpP7Ue4MVmg78Vya0oV4g Nde+g3cL8QTW39Fj7Z0f6YIAJfR21/MvdiKe1UuEUYZKA+9hYNqCL8qf+JE+IDXD LuZT6SCS3iO9znKgIkOoZ+m8Vsbfr+p9roZgMjjkCfyZyZXReQC+DOcqZY9OMPXv p17dhrapu9KG91Qh1JQb3WqeUqTa02WGUChC15X0sEVOlvJiipYt4b3k1wZdGCRm q8n7WGnaXGPWNWYahRcyrUmGqdRujQ== =SgCR -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Sep 29 05:58:45 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F21134525 for ; Fri, 29 Sep 2017 05:58:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOdjmI4KGkAE for ; Fri, 29 Sep 2017 05:58:42 -0700 (PDT) Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63C62134530 for ; Fri, 29 Sep 2017 05:58:39 -0700 (PDT) Received: by mail-lf0-x233.google.com with SMTP id 80so74099lfy.4 for ; Fri, 29 Sep 2017 05:58:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=sntKNauOEBR1IvjYywqid+d8cLF6S7tiVae3EyoploM=; b=Uw+QRZ6/eVs355gooDulf7sYyC+kDmgKvZIjJjWPJEM/J5kRDnZPwdq4j0NsPzO0SS exKp4KstvSr9XbAJpCsirMWjZpOnM45TGKyZRlpnl1n14W6eP0ve5IXpBTqbb5CRDvVz hOzANF9+Q8Hk2E3WguM+f3Ae2YJ2N7cKe6VUTBppPcGXrCJWCLVdW9S4b+Ia1Y8dqTvW KAKBTi5gzMAFy8vdF+XuOfIvPC72KE5AwFvE/Zn8Zcn8NoPpVDkyHSzLdn5V4oK0Xp62 op9DSq7UYx8fpU7Y+vdaRbvFZGnqgh0a8V8e+HqzypWoQyUya1KZcFsK4lFWpJQClkbp BHKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=sntKNauOEBR1IvjYywqid+d8cLF6S7tiVae3EyoploM=; b=gUlqZwKYBDK0X4vpUoRtU2AX66oXwih7LFTqtJG0sIU3IBheHhj+R6XJrCw3OgUm8w kkGYleApqT03JC6IZEcUXOM+ZtijO5jBM624sZB+DPyuOUlmoUP28MJ6Bwt/2maFTHmR 4rDIAx/aJmHKAe3zQKx/4u6rxIALxbZ8ZibuUgwiNWjPTU02UFjaDp/Ph01SC1Nxxe1G 01c+MwDfamVl/yeyAYtMdDWZmPRqKN62rI2GPNa1x6zztzmww4F29vzFBUoF6yN/00A5 QaMuACXLO5toakC9yAfYf3MmYd1Rn8tGLc0007vOylYI3M3dNT/JK+BTsjrQOD243Yix iPSg== X-Gm-Message-State: AHPjjUhNDJ1XZoRTHluQjxAdymaR/7cgeURER6ERCRsgghNQbfzj987X 41LOUobULXHajf/Vvg0C17Q= X-Google-Smtp-Source: AOwi7QDCLPPKVEwqfY1GO2/qwIxhiQJrJqWWMm8ZKGS0NM3aqyuzyi0C7bvwcSC8dp3tFb0QwyY+0w== X-Received: by 10.46.29.139 with SMTP id w11mr3429556lje.171.1506689917537; Fri, 29 Sep 2017 05:58:37 -0700 (PDT) Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id z204sm554804lff.33.2017.09.29.05.58.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 29 Sep 2017 05:58:34 -0700 (PDT) From: "Valery Smyslov" To: "'Michael Richardson'" , "'Graham Bartlett \(grbartle\)'" Cc: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> <14600.1506615504@obiwan.sandelman.ca> In-Reply-To: <14600.1506615504@obiwan.sandelman.ca> Date: Fri, 29 Sep 2017 15:58:24 +0300 Message-ID: <00bd01d33922$a487c970$ed975c50$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQJGClSbub5RkghZHKgMD6H8pOsCcwJfffzfAsuJTr8A5HSrWwGr2GqAAXTHICQBwMm63KGOlXzw Content-Language: ru Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 12:58:44 -0000 Hi Michael, > > Is the main rational for not having fragmentation in IKE_SA_INIT = that > > it could break the features of IKE that you list below? >=20 > 1) we are currently working on IKE over TCP because we already know = that > IKE packets (and UDP encapsulated IPsec) are not get through. = Adding > IP fragmentation to the process will just make it worse. >=20 > Adding IP-level fragmentation to the process adds additional state = to the > gateway, often hidden to the IKE daemon itself. That's true and that's one of the reason to avoid it by all means=20 (the other and probably even more important reason - crippled middleboxes that don't pass UDP fragments through). > Adding IKE-level fragmentation to the process adds an additional = place > that DDoS attacks can hit. We have DDoS protection mechanisms. I think it's possible to define=20 IKE_SA_INIT fragmentation so that these mechanisms be still able to = work. > So, one would have to have some mechanism to know what would get = through, > and if to switch to TCP, etc. before even trying. TCP has a lot of shortcomings. It's a last resort. > > The reason I ask, we=E2=80=99re working on the current draft and = looking to > > implement optional fragmentation in the IKE_SA_INIT, but this = would be > > friendly to cookies, TCP encaps, NAT-T etc >=20 > 2) I think it's not possible to do fragmentation on IKE_SA_INIT (and = any > level) without opening up gateways up for DDoS attacks. > So, don't do it in IKE_SA_INIT in my opinion. Repeating myself - I don't think it is impossible to define IKE_SA_INIT fragmentation in such a way, that it won't weaken IKE DDoS protection. There are two obstacles in my opinion. 1) Complexity. The exchange would most likely become overly complex and even very unusual comparing to other exchanges (e.g. it is possible = to=20 acknowledge each fragment individually, this way a better DDoS = protection can be achieved, but this is non-standard behavior for IKE and could = open=20 its own can of worms). 2). Backward compatibility. It's difficult to negotiate using IKE = fragmentation in IKE_SA_INIT. Pre-configuration is a bad option. Most probably the = cost=20 would be an extra round trip + some tricks playing with invalid syntax = and/or unknown exchange type). > If you you want to do something, then it needs to be a new state = between > IKE_SA_INIT and IKE_AUTH. Having an intermediate exchange that will reuse existing IKE = Fragmentation mechanism is a very attractive idea. It is even possible to leave out = MessageID =3D 1=20 for IKE_AUTH. The main problem with this approach is that it doesn't = allow to completely get rid of traditional DH in the future - we need to = exchange=20 KE to compute SK_* to use IKE fragmentation. Regards, Valery. From nobody Fri Sep 29 08:01:58 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F62D133044 for ; Fri, 29 Sep 2017 08:01:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEVD--1a5vdI for ; Fri, 29 Sep 2017 08:01:55 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65545132396 for ; Fri, 29 Sep 2017 08:01:55 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3y3ZXK0jMcz3BD; Fri, 29 Sep 2017 17:01:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1506697313; bh=OKhLboXqVBdKqoK7lZCcL5wDGZBjXa2A8hmXVc9RqOI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=CR1OZJmLeEyWv6ZSAfFSdBr6tJNkhC4BFqdo4+cujtLUZ/cVoNV+rVmbxYCYAz8qQ 9bIgI3PJFgBbXUBY4QMFMHwaUp2v98rPv5Zbc1TT1F1vY3nkdqyMCdrUJqLmRtHb32 0R7RbuOjYnbuXGerQHRzQUi9UUhnW1Yqr3NGbZgQ= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id YAD4YPrm79xu; Fri, 29 Sep 2017 17:01:50 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 29 Sep 2017 17:01:50 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 56AC43A7986; Fri, 29 Sep 2017 11:01:49 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 56AC43A7986 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 4296342B4FC8; Fri, 29 Sep 2017 11:01:49 -0400 (EDT) Date: Fri, 29 Sep 2017 11:01:49 -0400 (EDT) From: Paul Wouters To: Valery Smyslov cc: "ipsec@ietf.org WG" In-Reply-To: <00bd01d33922$a487c970$ed975c50$@gmail.com> Message-ID: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> <14600.1506615504@obiwan.sandelman.ca> <00bd01d33922$a487c970$ed975c50$@gmail.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 15:01:57 -0000 On Fri, 29 Sep 2017, Valery Smyslov wrote: >> Adding IKE-level fragmentation to the process adds an additional place >> that DDoS attacks can hit. > > We have DDoS protection mechanisms. I think it's possible to define > IKE_SA_INIT fragmentation so that these mechanisms be still able to work. That would be tricky. Either a new exchange or an untrusted stream of fragments. Either way, a lot of complexity for a rather moving target goal that we don't understand yet. I'd personally rather wait until we know a bit more about the direction that quantum safe protocols are really going to. >> So, one would have to have some mechanism to know what would get through, >> and if to switch to TCP, etc. before even trying. > > TCP has a lot of shortcomings. It's a last resort. Agreed. It's the emergency backup parachute, not the real parachute. People are suggesting a lot of complicated bells and whistles. I wish we would not compete with TLS on which can be more complicated :P Paul From nobody Fri Sep 29 08:21:58 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438C21321C9 for ; Fri, 29 Sep 2017 08:21:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5hFX5VLUj1c for ; Fri, 29 Sep 2017 08:21:54 -0700 (PDT) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D647F12EC30 for ; Fri, 29 Sep 2017 08:21:53 -0700 (PDT) Received: by mail-lf0-x22d.google.com with SMTP id r17so536842lff.6 for ; Fri, 29 Sep 2017 08:21:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=2D3KcwHCcf0IwwyK0+tTz+K/ii6gSeED7SnNsddV7Ms=; b=cZXP86HqU7QyUvF4ZMSfmDGEJ/IRD6Wr4Ki7WINV4+c5tWx+iwOhCBuVBssd3G7ZJg ah9cSa3GZg0MI3AyUsHRX1eHRQe5r165s0jSTMfkykim6jHFmIef5Y1LqTuUMWDqv+qZ uf+1V5LrAm/1K6QqlbTYFS5y9OlolS4KA+jD0bm0nJpKD9wfefqTe/qP0lT7fdpC7p1R YtXWCGMwWCU7+G8xMY0urh5eUPtq4UPmB/BjPXvd9WvDs6L1yKIvKhGUvwg9/mt9fcat 74AyDUADDA6KuvP0rGIUtx7KF+rv9g+h7ySyRVjlUPTc4Zwj7dUjqZcrtg1M4CTSjQTn Zipg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=2D3KcwHCcf0IwwyK0+tTz+K/ii6gSeED7SnNsddV7Ms=; b=PL15cljXZXwLMn7+GB9ruvHEPModnq0lVrVDNbiPXalcOckS/LSFVLejexWk3ifdsO p6wLK2Cg49pUnWxPXBVWZ6AlN0VVUIfoLSATVYr0vY2oNjrLdtqglOmXxyO21N5z8kqg /tE8D39/4D0AuSun5Wi2v8pnYDG4vQ97+FolBxLhgRvqGFplooDO5WFshHMbT+TwZQji zJqDTy/CK9t61VNe7yJ8Tbl+nEeb5sqDpU/Ly+xPslNNqOjt/ukaE6p67HB1LRuxTm7D JyWnTR/iDMB0qI/kQCC/Njr+HOKxa+jBy3Vfq3FjrtrQvT8Gee2VV7X8ie20C463EFLM dI+w== X-Gm-Message-State: AHPjjUhpAMM7qO7pr0jmqC4viLXytEpP634rbxZEnbmokQ0ICYezrUcT ZshAiyBeQQTnyz7Qw11YOJM5sw== X-Google-Smtp-Source: AOwi7QDFM4Ac+4GtQ7NGzP/QElVHxlJoUQKGmr4idOoUih9y5b8bBMLpxy+KotzdMYyHg9KA7aLYhA== X-Received: by 10.46.34.3 with SMTP id i3mr3664613lji.20.1506698511814; Fri, 29 Sep 2017 08:21:51 -0700 (PDT) Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id h29sm828269ljf.36.2017.09.29.08.21.50 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 29 Sep 2017 08:21:51 -0700 (PDT) From: "Valery Smyslov" To: "'Paul Wouters'" Cc: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> <14600.1506615504@obiwan.sandelman.ca> <00bd01d33922$a487c970$ed975c50$@gmail.com> In-Reply-To: Date: Fri, 29 Sep 2017 18:21:43 +0300 Message-ID: <00d001d33936$a8948800$f9bd9800$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQJGClSbub5RkghZHKgMD6H8pOsCcwJfffzfAsuJTr8A5HSrWwGr2GqAAXTHICQBwMm63AHWDhOWAqAfTjmhax1WAA== Content-Language: ru Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 15:21:55 -0000 Hi Paul, > >> Adding IKE-level fragmentation to the process adds an additional place > >> that DDoS attacks can hit. > > > > We have DDoS protection mechanisms. I think it's possible to define > > IKE_SA_INIT fragmentation so that these mechanisms be still able to work. > > That would be tricky. Sure. But not impossible, I think. > Either a new exchange or an untrusted stream of > fragments. Either way, a lot of complexity for a rather moving target > goal that we don't understand yet. I'd personally rather wait until we > know a bit more about the direction that quantum safe protocols are > really going to. Fully agree. And the size of the quantum safe KE payload is really important for IKE. When I hear that it could be several MB, it makes me nervous - it seems that transferring so much unauthenticated data will become a good target for DoS attacks. Several KB is a bit better, at least it seems that we can deal with this amount. > >> So, one would have to have some mechanism to know what would get through, > >> and if to switch to TCP, etc. before even trying. > > > > TCP has a lot of shortcomings. It's a last resort. > > Agreed. It's the emergency backup parachute, not the real parachute. > > People are suggesting a lot of complicated bells and whistles. I wish we > would not compete with TLS on which can be more complicated :P Haven't we already won? :-) > Paul Regards, Valery. From nobody Fri Sep 29 08:37:42 2017 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533421330B0 for ; Fri, 29 Sep 2017 08:37:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWQVSw0I0vtj for ; Fri, 29 Sep 2017 08:37:38 -0700 (PDT) Received: from relay.ezis.com (relay.ezis.com [5.153.73.19]) by ietfa.amsl.com (Postfix) with ESMTP id 64932133063 for ; Fri, 29 Sep 2017 08:37:38 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.42,453,1500937200"; d="scan'208";a="2493890" Received: from unknown (HELO pqex01.post-quantum.com) ([192.168.142.3]) by ironport.ezis.com with ESMTP; 29 Sep 2017 16:37:38 +0100 Received: from PQEX02.post-quantum.com (192.168.142.18) by PQEX01.post-quantum.com (192.168.142.3) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 29 Sep 2017 16:37:40 +0100 Received: from PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3]) by PQEX02.post-quantum.com ([fe80::f470:9812:e4eb:5bd3%13]) with mapi id 15.00.1320.000; Fri, 29 Sep 2017 16:37:39 +0100 From: Cen Jung Tjhai To: Valery Smyslov , Paul Wouters CC: "ipsec@ietf.org" Thread-Topic: [IPsec] Proposed method to achieve quantum resistant IKEv2 Thread-Index: AQHTDE+mPH5PNqQgTkK9LOvm4SvL2qJ0GbUAgAIwNdWABXuFgIAAg/cAgE0k7ICAAVMcAIABWnMAgAAifICAAAWPgIAABHAA Date: Fri, 29 Sep 2017 15:37:39 +0000 Message-ID: References: <041b01d30d21$8d33f230$a79bd690$@gmail.com> <1501968567726.89885@post-quantum.com> <22922.57101.227283.113155@fireball.acr.fi> <7769.1502301632@obiwan.sandelman.ca> <04B7D970-30B0-4AE8-BAF9-210746B56FFF@cisco.com> <14600.1506615504@obiwan.sandelman.ca> <00bd01d33922$a487c970$ed975c50$@gmail.com> <00d001d33936$a8948800$f9bd9800$@gmail.com> In-Reply-To: <00d001d33936$a8948800$f9bd9800$@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3124) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.3.255.7] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [IPsec] Proposed method to achieve quantum resistant IKEv2 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 15:37:40 -0000 Hi Paul and Valery, >> Either a new exchange or an untrusted stream of >> fragments. Either way, a lot of complexity for a rather moving target >> goal that we don't understand yet. I'd personally rather wait until we >> know a bit more about the direction that quantum safe protocols are >> really going to. >=20 > Fully agree. And the size of the quantum safe KE payload is really import= ant for IKE. > When I hear that it could be several MB, it makes me nervous - it seems > that transferring so much unauthenticated data will become a good target = for DoS attacks. > Several KB is a bit better, at least it seems that we can deal with this = amount. There is a type of PQ key-exchange primitive (the oldest one) whose public = key is around 1MB. Whether or not this primitive needs to be considered, we= can wait until we have more information. However, for the rest of known PQ= the primitives (except one) so far, their public key size is still larger = than 1KB. So fragmentation may still occur for nodes whose MTU is set to ar= ound 1KB. Best regards, CJ=