From nobody Mon Apr 8 17:31:35 2019 Return-Path: X-Original-To: mls@ietf.org Delivered-To: mls@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 58FB3120108; Mon, 8 Apr 2019 17:31:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: , , X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <155476989335.30113.7447251653581680798.idtracker@ietfa.amsl.com> Date: Mon, 08 Apr 2019 17:31:33 -0700 Archived-At: Subject: [MLS] The MLS WG has placed draft-omara-mls-federation in state "Candidate for WG Adoption" X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 00:31:34 -0000 The MLS WG has placed draft-omara-mls-federation in state Candidate for WG Adoption (entered by Nick Sullivan) The document is available at https://datatracker.ietf.org/doc/draft-omara-mls-federation/ From nobody Mon Apr 8 17:32:45 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F649120108 for ; Mon, 8 Apr 2019 17:32:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nlouuro14OET for ; Mon, 8 Apr 2019 17:32:41 -0700 (PDT) Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BC4F1200E5 for ; Mon, 8 Apr 2019 17:32:41 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id g3so18457152wrx.9 for ; Mon, 08 Apr 2019 17:32:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=0dcJVCjXY6C3s5YPSkWJr4cnpiN1j4JKaiRWUkcgGwI=; b=gguOURoWtqNUQZaL7tH06T+uIfTNWramDRMQu/ukHXjmvziGtbIbzYoSyz20McTNGK ntL1bcDKrguLHqrJWDxaeOqsqCtdS8OoeLCsu6z+kWXQ1tdzxf27cXP/ija87cKrGK57 pt5jJMt5IxLPNTMq50q35GUzuty70RHqkfTPU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0dcJVCjXY6C3s5YPSkWJr4cnpiN1j4JKaiRWUkcgGwI=; b=eDe7BqzvBaai8W/gCNczhw9IqjEe2slRqwa/r0w21BC2s+5DEfhXz7EK5/TFfBbxFF L0f0THKLXX7z158w/bRFvR6CgglKj2ogm+b76TvehxMNwx6eo525a7a+Ln7FLz87eWVz NcDGG9srh4FjlJByG0z7Zz59CYs7ShY5W395XeAhrnRJC9wNDa1rrO6bNG2lAKE+Je8P Bq/zGi34+7F09WP6A80BVy92/GqbWfiYttLXloF0fJ/VljZY39SUqQ65Cv+gHN8VPNJK ASe6jiCOpx9kUM7w4/zW9dfVP6+km3gvOzuvym9brsKZEH+mp7JkkChaK/hCzDLjt56z 46fA== X-Gm-Message-State: APjAAAXxJpzy1ceFjZvwRqbyxnEXEnVvPTz+2Ip8+gYXiR0Easc0Cyqk AU3Bry1UeAE8pnGUdAoB8zbfPlsrFVxVU09YloSc+eojQibLcg== X-Google-Smtp-Source: APXvYqxYrd6hhXr8XTQF86p4mHIzzS+0OPLugC5v8Y15wY5uWb0j5ECes6KWOzP6ZL5R/BJqmpSbyGXmxt6KlcyyGwM= X-Received: by 2002:a05:6000:1209:: with SMTP id e9mr20172706wrx.35.1554769959414; Mon, 08 Apr 2019 17:32:39 -0700 (PDT) MIME-Version: 1.0 From: Nick Sullivan Date: Mon, 8 Apr 2019 17:32:27 -0700 Message-ID: To: mls@ietf.org Content-Type: multipart/alternative; boundary="00000000000023986a05860e1717" Archived-At: Subject: [MLS] Call for adoption: draft-omara-mls-federation X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 00:32:44 -0000 --00000000000023986a05860e1717 Content-Type: text/plain; charset="UTF-8" At TLS@IETF104, there was consensus in the room to adopt draft-omara-mls-federation . This message is to confirm that consensus. If you do not support adoption of draft-omara-mls-federation as WG item please say so by 2359UTC on 19 April 2019 (and say why). Thanks, Nick and Sean --00000000000023986a05860e1717 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
At TLS@IETF104, there was consensus = in the room to adopt draft-omara-mls-federation. This message is to confi= rm that consensus. If you do not support adoption of draft-omara-mls-federa= tion as WG item please say so by 2359UTC on 19 April 2019 (and say why).

Thanks,
Nick and Sean
--00000000000023986a05860e1717-- From nobody Mon Apr 8 18:18:43 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0F721201AC for ; Mon, 8 Apr 2019 18:18:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFKSfkEtzsMH for ; Mon, 8 Apr 2019 18:18:40 -0700 (PDT) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0333A1201AB for ; Mon, 8 Apr 2019 18:18:40 -0700 (PDT) Received: by mail-wr1-x42e.google.com with SMTP id q1so18602126wrp.0 for ; Mon, 08 Apr 2019 18:18:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=M4HLKm0b8KwqY2ysGhA6MqHDrV6vj6A+TmZ4obRAwD4=; b=Crd2V264uC8NZ/sCkC6FnWqjl4mWNTv9r8Drz5b/aD8QBWhwr82UXLa1Fqw6FfTfU1 6R/Niyubh0Bt1z6vv90zGu3kH/VjIvQMLb4wkk9Vr8RGUfKIze+jGkQxt7blaG8OZrCj 1TkPewvTH4r94DBObHP6keX8of82clgJvKDmo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=M4HLKm0b8KwqY2ysGhA6MqHDrV6vj6A+TmZ4obRAwD4=; b=jYRDrGiy5ptJVX8X10w9nqmO3TyxI5QRnZYlCnCoCa1ODt3VhzUYDL2eWU3CP3rehZ qmhjTcxjvCiuyDYLc4OiXh2Pa7HJsoxBU/XDpMuNGTXodoSwHO/4xl8pAXGStwEP4Rkd Z1q7qpJpyd1SnIkrLzmGagOKGtG1RQRjYWjLifMy7wOIu0G9XOMDy6mJ/4E1sM+Wt2/H r3KqosvvxclR1Z68JyXNEwWAXxjGwR8ucrDkqwEWWCcK7mw3BFqx0IEFT84keGMbSfvq O7b0i+Iild+q0p7R93rSxcZY9JNLiWiZ1Cpcqj7na5+XiArnj0gox01gBNsZlo1wtYZM 4T7w== X-Gm-Message-State: APjAAAWbjCvfJdU6c9XFZ5aOSYw9h8NSNv6Y1aofjFPXDap0oaaeTEX7 DvotxGPytVlZ4WDTvxZ3DcNmPsYDxGCBgrjb4+FwS5ZccPXG3g== X-Google-Smtp-Source: APXvYqwmKf8XnJNMJAECZ5u3z5Dhj+FH3jIuvqwC3OzWdUrI9LZ/Z4E/zWJeZZZdumnTjVZcKjwSNmBJyVYDKxZ7wFk= X-Received: by 2002:adf:dc88:: with SMTP id r8mr14373839wrj.28.1554772717811; Mon, 08 Apr 2019 18:18:37 -0700 (PDT) MIME-Version: 1.0 From: Nick Sullivan Date: Mon, 8 Apr 2019 18:18:26 -0700 Message-ID: To: mls@ietf.org Content-Type: multipart/alternative; boundary="0000000000008d627505860ebbec" Archived-At: Subject: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 01:18:42 -0000 --0000000000008d627505860ebbec Content-Type: text/plain; charset="UTF-8" Hello mlswg, The chairs would like to propose the following date for the next MLS interim: Thursday, May 16th, 2019 Berlin, Germany Host: Wire This is the Thursday before the Saturday, May 18 Messaging workshop at Eurocrypt in Darmstadt, so those people wishing to attend both have some time to travel. Please indicate if you would plan on attending an interim on this date. If this date and location are not suitable and you planned to come, please indicate your expected level of participation in the interim in your response. There will be a remote participation option. Sean and Nick --0000000000008d627505860ebbec Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello mlswg,

The chairs would like to propose the following date for the next MLS inte= rim:
Thursday, May 16th, 2019
Berlin, Germany
Host: Wire

This is the Thursday before the Saturd= ay, May 18 Messaging workshop at Eurocrypt in Darmstadt, so those people wi= shing to attend both have some time to travel.

Ple= ase indicate if you would plan on attending an interim on this date. If thi= s date and location are not suitable and you planned to come, please indica= te your expected level of participation in the interim in your response. Th= ere will be a remote participation option.

Sean an= d Nick
--0000000000008d627505860ebbec-- From nobody Mon Apr 8 18:21:32 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D3F11201A4 for ; Mon, 8 Apr 2019 18:21:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Hb2Ampgro4U for ; Mon, 8 Apr 2019 18:21:29 -0700 (PDT) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D68FF120181 for ; Mon, 8 Apr 2019 18:21:28 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,327,1549926000"; d="scan'208";a="377762582" Received: from lfbn-1-1155-200.w86-252.abo.wanadoo.fr (HELO bmbp.home) ([86.252.23.200]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Apr 2019 03:21:27 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Benjamin Beurdouche In-Reply-To: Date: Tue, 9 Apr 2019 03:21:24 +0200 Cc: ML Messaging Layer Security Content-Transfer-Encoding: quoted-printable Message-Id: <2278125E-ABE6-437C-9334-3D36CCB3E993@inria.fr> References: To: Nick Sullivan X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 01:21:31 -0000 Hi Nick, Hi all, I can confirm that I=E2=80=99ll be attending the interim meeting in = Berlin=E2=80=A6 :) Best, Benjamin > On Apr 9, 2019, at 3:18 AM, Nick Sullivan = wrote: >=20 > Hello mlswg, >=20 > The chairs would like to propose the following date for the next MLS = interim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire >=20 > This is the Thursday before the Saturday, May 18 Messaging workshop at = Eurocrypt in Darmstadt, so those people wishing to attend both have some = time to travel. >=20 > Please indicate if you would plan on attending an interim on this = date. If this date and location are not suitable and you planned to = come, please indicate your expected level of participation in the = interim in your response. There will be a remote participation option. >=20 > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Mon Apr 8 19:54:22 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45FF120254 for ; Mon, 8 Apr 2019 19:38:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.648 X-Spam-Level: X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4S82kNN80kip for ; Mon, 8 Apr 2019 19:38:15 -0700 (PDT) Received: from mail-it1-f181.google.com (mail-it1-f181.google.com [209.85.166.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2BBB12024B for ; Mon, 8 Apr 2019 19:38:15 -0700 (PDT) Received: by mail-it1-f181.google.com with SMTP id u65so2546175itc.2 for ; Mon, 08 Apr 2019 19:38:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T3JrgMn7CXfu4oNCYWa/x5Cn0xulxSMqwvdxyInsZME=; b=b9vWqQe8eKxwGq4kcr24Q5qHyK8tqvfRIwcFr1ixhtez2ep5U3oEBLNz6p2Uyi18x8 TYddgB/7jk9SdpvbTxvnB4bIOLFK2K6CQ87OrAGVWGh9P3PvtqZf+AcxBs1DcdquPW9R U8sMxkrAtti17CXPmaBAhc6amCT+puSUwVv2SOXkKW9BkBFqq5epE5YXFl9ls4fGiv66 QfpSg6GgAMHWn+yDPNZTYGvrb4yVzgXprTp8oNkguMlTwOCC//HLu15oOYiWIqPGaqRs XR1CGSGngp7EHy6pctD2txLOrxK0WufkpRAnC/oEGwcWtQVF3DG/F0RVEvxiWRD5RW3T /+ew== X-Gm-Message-State: APjAAAWaDbHAsL02RukoPQrdmB0IOPrW0I5ffzO7PXscBe1CXetDbXp8 s3xuaobsGlNdSQiGhi31QQyHStk3Ix0gNd8MZoMU4g== X-Google-Smtp-Source: APXvYqxkDJ2iyWXd2fNsq9fePsvg2Bzxb1xZdvkMhp8LQZZKQi461nIOMiZxLpa2dRzVv3V39xth7e7yUWb7/0OJX04= X-Received: by 2002:a24:2458:: with SMTP id f85mr23480894ita.83.1554777494737; Mon, 08 Apr 2019 19:38:14 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Yevgeniy Dodis Date: Mon, 8 Apr 2019 22:38:02 -0400 Message-ID: To: Nick Sullivan Cc: mls@ietf.org Content-Type: multipart/alternative; boundary="00000000000047567d05860fd8be" Archived-At: X-Mailman-Approved-At: Mon, 08 Apr 2019 19:54:21 -0700 Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 02:38:17 -0000 --00000000000047567d05860fd8be Content-Type: text/plain; charset="UTF-8" Already booked my travel, so still in NY that day. Would like to participate remotely if possible. Thanks, Yevgeniy On Mon, Apr 8, 2019, 9:18 PM Nick Sullivan wrote: > Hello mlswg, > > The chairs would like to propose the following date for the next MLS > interim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire > > This is the Thursday before the Saturday, May 18 Messaging workshop at > Eurocrypt in Darmstadt, so those people wishing to attend both have some > time to travel. > > Please indicate if you would plan on attending an interim on this date. If > this date and location are not suitable and you planned to come, please > indicate your expected level of participation in the interim in your > response. There will be a remote participation option. > > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --00000000000047567d05860fd8be Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Already booked my travel, so still in NY that day.

Would like to participate remotely i= f possible.
Thanks,
Yevgeniy<= /div>

On Mon, Apr 8, 2019, 9:18 PM Nick Sullivan <nick=3D40cloudflare.com@dmarc.ietf.org> = wrote:
Hello mlswg,

The chairs would like to p= ropose the following date for the next MLS interim:
Thursday, May= 16th, 2019
Berlin, Germany
Host: Wire

This is the Thursday before the Saturday, May 18 Messaging worksho= p at Eurocrypt in Darmstadt, so those people wishing to attend both have so= me time to travel.

Please indicate if you would pl= an on attending an interim on this date. If this date and location are not = suitable and you planned to come, please indicate your expected level of pa= rticipation in the interim in your response. There will be a remote partici= pation option.

Sean and Nick
_______________________________________________
MLS mailing list
MLS@ie= tf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000047567d05860fd8be-- From nobody Tue Apr 9 01:17:52 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 765E91201B1 for ; Tue, 9 Apr 2019 01:17:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwf54LCC1uYm for ; Tue, 9 Apr 2019 01:17:48 -0700 (PDT) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 425A21201AF for ; Tue, 9 Apr 2019 01:17:48 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id s16so14110400edr.3 for ; Tue, 09 Apr 2019 01:17:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=j56Jf0jdJ+HTFnaVmtE52K0nzv8ZRt1VhtdXO7IbG4g=; b=g9JC6LfLJ9x8rkRRFh/IQRuukukpKnkQQMYQXRsJxC8vQ0WPwmENrbgUf/4MB3lfr+ 2KFgiBOfc1wbR+3pl9BeqLVGmIkPb+m0U7XV4oD60LgbERqs9HmmYxm14BwLl3OEYKiR oOtipg/r8awEuO+2OOtkPxgEo9KZb/sNbe88w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=j56Jf0jdJ+HTFnaVmtE52K0nzv8ZRt1VhtdXO7IbG4g=; b=NfEJX6oToZGewlkLOczz4xRgeRX+bCj0DnuoUqLeYehMu91oiQeEzOn4lOrPeDRxUZ DS+LRn5cWcIyJgmX1hMcISkYqdbw8FEsDSIFKZlG7eq/pq5BFA/MYQ6P1McmG2rdNdOV 17ql1GO76OnwKCz0K4aErftfaCZP+PAxwvLKy1D3/rU9siIH+o/eC4B9gvsF+FTSIpAU NM47EedsMhe8TLYzQgbSehNVzyfOkGM4cBbna04w9xngmBJhqbaVdSKUxBZRF3TqJqtV l4/860cG/udJNjJ51acg+PB7U7CGwKNvezCHAeNLfhVXxFKnL1KSaYTYUecwCH1/SKVZ 4a1A== X-Gm-Message-State: APjAAAXc+KfuS/q7wOJwuJhy1BL0DEMuycc9pI7kqALNy04R8F2c5RWK 5RzNDh09oErZojE1YhFuf8+zQwTRiG7s65woIaMqlw== X-Google-Smtp-Source: APXvYqzIsvA3gCBilVt4y2hRslFpYmtupRicpDnxC5weYEb9l7uF27EZATj0bxpFU9TL1+nHK7280FMUsv1Wh9fuWsQ= X-Received: by 2002:a17:906:54d:: with SMTP id k13mr19818523eja.207.1554797866603; Tue, 09 Apr 2019 01:17:46 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Cridland Date: Tue, 9 Apr 2019 09:17:35 +0100 Message-ID: To: Nick Sullivan Cc: mls@ietf.org Content-Type: multipart/alternative; boundary="000000000000896afb058614968e" Archived-At: Subject: Re: [MLS] Call for adoption: draft-omara-mls-federation X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 08:17:50 -0000 --000000000000896afb058614968e Content-Type: text/plain; charset="UTF-8" I appreciate you didn't ask for affirmation, but nevertheless - the structures and architecture described by this draft look useful to me, and would benefit from being worked on within this group, so I also support adoption of the draft. On Tue, 9 Apr 2019 at 01:32, Nick Sullivan wrote: > At TLS@IETF104, there was consensus in the room to adopt > draft-omara-mls-federation > . This > message is to confirm that consensus. If you do not support adoption of > draft-omara-mls-federation as WG item please say so by 2359UTC on 19 April > 2019 (and say why). > > Thanks, > Nick and Sean > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000896afb058614968e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I appreciate you didn't ask for affirmation, but never= theless - the structures and architecture described by this draft look usef= ul to me, and would benefit from being worked on within this group, so I al= so support adoption of the draft.

On Tue, 9 Apr 2019 at 01:32, Nick Sullivan= <nick=3D40cloudflare= .com@dmarc.ietf.org> wrote:
At TLS@IETF104, t= here was consensus in the room to adopt draft-omara-mls-fed= eration. This message is to confirm that consensus. If you do not suppo= rt adoption of draft-omara-mls-federation as WG item please say so by 2359U= TC on 19 April 2019 (and say why).

Thanks,
Nick and Sean
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000896afb058614968e-- From nobody Tue Apr 9 08:33:38 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 977BE120875 for ; Tue, 9 Apr 2019 08:33:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.337 X-Spam-Level: X-Spam-Status: No, score=-1.337 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.363, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=q2qCalYt; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=K0zvjh3k Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWQHNNBiLxbe for ; Tue, 9 Apr 2019 08:33:35 -0700 (PDT) Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DDA4120870 for ; Tue, 9 Apr 2019 08:33:35 -0700 (PDT) Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x39FXSKv016048; Tue, 9 Apr 2019 08:33:32 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=facebook; bh=Jg48a8LmfTHx54VsvqZvCjfWM2R99eg+exJnHcQfQJo=; b=q2qCalYtgVAO06RcL2WIXj88ePBeLg/LxOjl24Finqei9UGBIJU8qE2JmIeBUStAAWsJ dmLkNG/T86Z/RXQHRppBM2h5YQJ/6jMSXz8rzCZ0ub2r9CZmsaNo4qW11eoL9b3Z6F89 2G08mhDtp0L0hc4cfQS2AmOb2UIhfSmG4wg= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2rrvq40djh-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 09 Apr 2019 08:33:32 -0700 Received: from prn-hub03.TheFacebook.com (2620:10d:c081:35::127) by prn-hub02.TheFacebook.com (2620:10d:c081:35::126) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Tue, 9 Apr 2019 08:33:30 -0700 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5 via Frontend Transport; Tue, 9 Apr 2019 08:33:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jg48a8LmfTHx54VsvqZvCjfWM2R99eg+exJnHcQfQJo=; b=K0zvjh3kuN/jNabxF/TjZYmz+Zps6niUJKUt+2ieoUH2WxJWzCwZXiwiiMdBU8eE9sTkcSgTIOrIjXv7zZuf0LMdh/svo2c3csCWa6nlV8v2qLGz27VNOlv2t0xv2bfgVz2kQ9WSyC77taSlI1inB2vPUxor8mBmn2z3hhWTeEE= Received: from MN2PR15MB3405.namprd15.prod.outlook.com (20.179.21.203) by MN2PR15MB3246.namprd15.prod.outlook.com (20.178.255.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Tue, 9 Apr 2019 15:33:28 +0000 Received: from MN2PR15MB3405.namprd15.prod.outlook.com ([fe80::7132:4250:bac6:349]) by MN2PR15MB3405.namprd15.prod.outlook.com ([fe80::7132:4250:bac6:349%2]) with mapi id 15.20.1771.011; Tue, 9 Apr 2019 15:33:28 +0000 From: Jon Millican To: Nick Sullivan CC: "mls@ietf.org" Thread-Topic: [MLS] May 2019 MLS Interim - Berlin, Germany Thread-Index: AQHU7nJEW3xS5DC1IE6x7LND4oZQOqYz9kMo Date: Tue, 9 Apr 2019 15:33:27 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [63.64.30.197] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3ffd9b71-31f2-490a-1da5-08d6bd00b691 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR15MB3246; x-ms-traffictypediagnostic: MN2PR15MB3246: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-forefront-prvs: 000227DA0C x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(366004)(346002)(39860400002)(376002)(53754006)(189003)(199004)(5660300002)(53546011)(229853002)(6512007)(2906002)(3846002)(966005)(26005)(4326008)(105586002)(6246003)(82746002)(6306002)(102836004)(6506007)(486006)(99286004)(2616005)(8676002)(33656002)(316002)(53936002)(6486002)(186003)(7736002)(36756003)(476003)(106356001)(8936002)(71200400001)(81166006)(83716004)(76176011)(97736004)(6436002)(256004)(478600001)(9886003)(71190400001)(446003)(81156014)(86362001)(68736007)(14454004)(6116002)(25786009)(11346002)(305945005)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR15MB3246; H:MN2PR15MB3405.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: SVwQw85A2Pr3wDUEWmRMmz+dEx6cVKne8Vc+oT9hrePjKYQ29qiY2Zrq9j38TcW58dQIaOrH7Oqt9qm/A3yHfZ+9/OFiCVG2qpA7Vj647ZTWFqFOJi78VO/tXNznoU3jM9W7yaJJLHN4Wb/T9svlqVKJ9tfMbm8i1cKyc/JylzHErRw642+Lm4s/XObyy7UiVwN+9ABJ05zGafCD4OYh6/0VHDaJxhov6kE3WWInjGhsqqHWJvtzU6axzbnq7Fcd9ZZ3ptT1FaoXZ7J8OxXaBD3CxAv5+rtONEJGF/N7RoE0ivbN+1lL6iOtE/LHq2XZ6z9SuiRRVobnig0yKxU7/7ITrQy3yH1WtQ+q7u1Q3O4Bpjpmh/YynP0ipMm8QPduo3SVMrapMNZm+vsbcv4pSWM3yKHez6jcMBrLr0J0m2I= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 3ffd9b71-31f2-490a-1da5-08d6bd00b691 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2019 15:33:27.8165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR15MB3246 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-09_07:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 15:33:37 -0000 Hello all, I will aim to attend in person. Thanks, Jon Sent from my iPhone > On 8 Apr 2019, at 18:19, Nick Sullivan wrote: >=20 > Hello mlswg, >=20 > The chairs would like to propose the following date for the next MLS inte= rim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire >=20 > This is the Thursday before the Saturday, May 18 Messaging workshop at Eu= rocrypt in Darmstadt, so those people wishing to attend both have some time= to travel. >=20 > Please indicate if you would plan on attending an interim on this date. I= f this date and location are not suitable and you planned to come, please i= ndicate your expected level of participation in the interim in your respons= e. There will be a remote participation option. >=20 > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailm= an_listinfo_mls&d=3DDwICAg&c=3D5VD0RTtNlTh3ycd41b3MUw&r=3DM0CVEJydBVUX_bvEq= Ma84Q&m=3D9Oc8GDajnOjV-PYD-YQjaA6efqIjpuCUczEOfrFCY18&s=3DyGmbhT085V0L1GiVd= Xz_H33F1iiwln366YIvG0r2O_I&e=3D From nobody Tue Apr 9 09:47:56 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3332120804 for ; Tue, 9 Apr 2019 09:47:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IW9ey5hsJ7S6 for ; Tue, 9 Apr 2019 09:47:52 -0700 (PDT) Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76324120311 for ; Tue, 9 Apr 2019 09:47:52 -0700 (PDT) Received: by mail-ua1-x931.google.com with SMTP id n16so1078161uae.10 for ; Tue, 09 Apr 2019 09:47:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rsQOKeaZ7NVpAXhyv3ensgjz2ETQ8lFiIaS+JUqQb8I=; b=UEd3bhW/tsMO+3KdNn9HXWJGvy42HjrAq0tMCNL+mWibRybVxa68LnfdINhoppxkoB dZXktq9sHOlAP44D8yoYwlo6UJI0ChqSOXUf+U0XQDkOINTCtSn1AUx2O36YuGwNhd+w 4K+OID3ZZKrGltK9ZlSUgap+3qVxEX4/nYgOmRZgIZGHQgPXAzJkk9Tj8X+1HQidM/sh QsbCrm+5JRkXy/7V+SRr8gD76WeiHimTFd5guxiI2SjnIc7AcXmr1+yFKoygcw2LXRHr e++uUVVaioESau67Dj309+qOGJt4S6DqRyHGlbASRPS6SSeXB9DyjJQcUltWPDj6Z37a sbfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rsQOKeaZ7NVpAXhyv3ensgjz2ETQ8lFiIaS+JUqQb8I=; b=iOLW5ETs15bNgcSCu8VGvLFR2bK93zcHbafmeujk7SUCFtCvJxChgjgyxFMEzDcHyo XXfUAqDwUXWZL9ScI4dstETomtSsI8VKmyr/+0v2F9I20S4k9YDCe+SwA4XwRAPoHRvy dQuCNdT9ujlI+pqPOmmmbtryPdYoHTC389oeDz15YuQFiK0EZO2Nl4uyeWSJs6Xcfpu2 7xuK+E2fgR1VzqNlOR/EGZnbLhu4sCjoo3VVO+OcjYfzfl3uGl2mBJDDxPCHqgPhhWZO Y7p4bigk8d11v90YBRFnrvB3wg3tph2lgCVPD3x9qofPaG2mJrzs9g3snInNtZoKhhcd VCYg== X-Gm-Message-State: APjAAAVy2pEbiyiWm+1sRA9hfmz8Leurj9J0kkyclsvkc6SajQBP3T4V C5HRyvdR3sSFefRLdZVY5TqmEp6PgCcJ7OMoRNGbVxTF X-Google-Smtp-Source: APXvYqwvbln6a/xnkHRCQurseVviHLFouqZ3k3uNFO/orHL9fvLDEwsNb8KvqpPGVXPGlw2Z+I3y4OIcmeR+cO7dmn4= X-Received: by 2002:ab0:156b:: with SMTP id p40mr18887471uae.83.1554828471261; Tue, 09 Apr 2019 09:47:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Karthik Bhargavan Date: Tue, 9 Apr 2019 18:47:40 +0200 Message-ID: To: Nick Sullivan Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000b7618405861bb6f8" Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 16:47:55 -0000 --000000000000b7618405861bb6f8 Content-Type: text/plain; charset="UTF-8" I plan to attend. On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan wrote: > Hello mlswg, > > The chairs would like to propose the following date for the next MLS > interim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire > > This is the Thursday before the Saturday, May 18 Messaging workshop at > Eurocrypt in Darmstadt, so those people wishing to attend both have some > time to travel. > > Please indicate if you would plan on attending an interim on this date. If > this date and location are not suitable and you planned to come, please > indicate your expected level of participation in the interim in your > response. There will be a remote participation option. > > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000b7618405861bb6f8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I plan to attend.

On Tue, Apr 9, 2019 at 3:18 AM Nick Sulli= van <nick=3D40cloudfl= are.com@dmarc.ietf.org> wrote:
Hello mlswg,

The chairs would like to propose the following date= for the next MLS interim:
Thursday, May 16th, 2019
Ber= lin, Germany
Host: Wire

This is the Thur= sday before the Saturday, May 18 Messaging workshop at Eurocrypt in Darmsta= dt, so those people wishing to attend both have some time to travel.
<= div>
Please indicate if you would plan on attending an interi= m on this date. If this date and location are not suitable and you planned = to come, please indicate your expected level of participation in the interi= m in your response. There will be a remote participation option.
=
Sean and Nick
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000b7618405861bb6f8-- From nobody Tue Apr 9 12:56:44 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5217120329 for ; Tue, 9 Apr 2019 12:56:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsUXjcS_4m8J for ; Tue, 9 Apr 2019 12:56:40 -0700 (PDT) Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E628120236 for ; Tue, 9 Apr 2019 12:56:40 -0700 (PDT) Received: by mail-ot1-x32b.google.com with SMTP id s24so11575874otk.13 for ; Tue, 09 Apr 2019 12:56:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CcbVYWRD7NGDX6HWC0Yi1m/wHAoEoCgVus3FWp1Wceo=; b=U84KFRTsG7omJHRMWtLWxvg+adO3X55QKSFBLwL94YP/Pfbcyw0ZYvo5kDPNGxPMUS /F6oOoo5FmpHsmB9SLfz7MEuL42nMpOhGaVH0nCeJfdfrhAKP779/1DPgPcziwr4MyDl lg3UjP4lde7bDihyDCl607Mdf2HFp3SVZZ0VhlOdUFg+55gY+q0KX75THYE6kcWr1uJE dJZOerKibcfgcnfjzszHu9jPVIb2+u76JEDCUnynRqtfEm8GlreDSga0E6x0js3aqJEL V7/KlNVg+NtZWF7whb047GjeQQrKXplRfe53hH3cz8W7M7IM9C8XEnjgCufYoL/HfQwr yNgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CcbVYWRD7NGDX6HWC0Yi1m/wHAoEoCgVus3FWp1Wceo=; b=ugcIGZiZujAuOIREY4ummMpV+8Be1a3fVtfBMoeKSG+sYRBGzTYy1cfQ6We00rvFyf T/Q8gII3DNC6kreeaHSfpQoOg1nmnXS/OxJEy7qkW2NECWSLqdyYLcpFxhCtKYxYNuHv iVehRLjw89py1XNsYdCW5Qjq5zd7QkphSfoDlufDuZ9QmjwmvHG1i0WdB3VpgjfU36R+ fQM2Yzuzvb+RkEjmcwBYAqnsahuHOdujLuJ2P/a8gQvrVwBXCiAISzs7QYwaYBcyDzsV 8Y49m8LNfeBC1kiVIw1mRWemtkz3gEyS91P+qIVOGWGTat3M+xb5KECD8I9dbiTN/BEH bKtw== X-Gm-Message-State: APjAAAUTlUBGnNWMpAHEf/csreydL3EE90KVam7zxReR+nkC7djOPYIq Xcs5AaRe8vhSG4IzNR9K40OCwNYGGrX9aTmZm/EBvg== X-Google-Smtp-Source: APXvYqydP4X+ilMfRauEdlggHUHCysEUXFce+O3vAXz0utDY6HHsvIm/rfSSwSH7svKdkE3nehwbXKKfjXg3YkC5/lc= X-Received: by 2002:a9d:6409:: with SMTP id h9mr24479175otl.68.1554839799457; Tue, 09 Apr 2019 12:56:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Barnes Date: Tue, 9 Apr 2019 15:56:23 -0400 Message-ID: To: Karthik Bhargavan Cc: Nick Sullivan , Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000ee05ee05861e59e0" Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 19:56:43 -0000 --000000000000ee05ee05861e59e0 Content-Type: text/plain; charset="UTF-8" I plan to attend in person. I can also hang around for the morning of the 17th (modulo train schedules to Darmstadt) if folks want to have informal discussions / interop. On Tue, Apr 9, 2019 at 12:48 PM Karthik Bhargavan < karthik.bhargavan@gmail.com> wrote: > I plan to attend. > > On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan 40cloudflare.com@dmarc.ietf.org> wrote: > >> Hello mlswg, >> >> The chairs would like to propose the following date for the next MLS >> interim: >> Thursday, May 16th, 2019 >> Berlin, Germany >> Host: Wire >> >> This is the Thursday before the Saturday, May 18 Messaging workshop at >> Eurocrypt in Darmstadt, so those people wishing to attend both have some >> time to travel. >> >> Please indicate if you would plan on attending an interim on this date. >> If this date and location are not suitable and you planned to come, please >> indicate your expected level of participation in the interim in your >> response. There will be a remote participation option. >> >> Sean and Nick >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000ee05ee05861e59e0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I plan to attend in person.=C2=A0 I can also hang around f= or the morning of the 17th (modulo train schedules to Darmstadt) if folks w= ant to have informal discussions / interop.

On Tue, Apr 9, 2019 at 12:48= PM Karthik Bhargavan <ka= rthik.bhargavan@gmail.com> wrote:
I plan to attend.

On Tue, Apr 9, 2= 019 at 3:18 AM Nick Sullivan <nick=3D40cloudflare.com@dmarc.ietf.org> w= rote:
Hello mlswg,

The ch= airs would like to propose the following date for the next MLS interim:
Thursday, May 16th, 2019
Berlin, Germany
Host: W= ire

This is the Thursday before the Saturday, May = 18 Messaging workshop at Eurocrypt in Darmstadt, so those people wishing to= attend both have some time to travel.

Please indi= cate if you would plan on attending an interim on this date. If this date a= nd location are not suitable and you planned to come, please indicate your = expected level of participation in the interim in your response. There will= be a remote participation option.

Sean and Nick
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000ee05ee05861e59e0-- From nobody Tue Apr 9 13:26:14 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C561120088 for ; Tue, 9 Apr 2019 13:26:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ki1onTX0PYF3 for ; Tue, 9 Apr 2019 13:26:10 -0700 (PDT) Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C9B912032F for ; Tue, 9 Apr 2019 13:26:10 -0700 (PDT) Received: by mail-wm1-x334.google.com with SMTP id v14so124081wmf.2 for ; Tue, 09 Apr 2019 13:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=nn22khkVx/Tv/u20kfRPlQ3uT0ead0DYl17oG5HCNMs=; b=kfrkVrb/GeTgIayKMw6y0bVAi510kKfQ0PHByhXiN54MpJF2MGJMXoFwu5k++HNuJZ S1nTtRBb2apDA6WqlEIlFYawzTB2NVq2krI0N9nXJDDxGcjD0arUO+mbeb1Ar+Fz3h/l SIGQFhQhqeyW3exGYx0eFYruWmnKm83AClZC292dENwEpL4hRzl/mUS92W+cjBJXXebt 0cflLtivfKTimqcXa7UdZVhE+dBUHF9pve6EYghSHw9meNj2xKcYdnAywYQzYe7oQjNY t4StQFBA6ikhXgzVTKJqgebLLkE1rYWHGNE3UH4sZbORoo8Jat9znfaX0VG3cHsY7ct5 vuVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=nn22khkVx/Tv/u20kfRPlQ3uT0ead0DYl17oG5HCNMs=; b=aYF45k49NPD8DPbUWqMdyyfY6CIhTMLmVZIYxWczof6uz9jgWOa4LRW745I20E3dXd 9Sn1YTIKcM0EQjuaT9ES8bh6fsRcgfEw/n5cMG0Tqfm0VTCoc2kTt7ng2NDXyb9aY5EK edd7wetMNNZJ0T8o8kMjN/NVgRsGLjOVufEA3slUGyFLieCcnHHMqtHFMe0Yeuk3Xvte qXjmpHBKdV2Kiyt0awjT6KztqQi0aUEtbGl9fCEK7y97vSc8qUW16rH2DShJDIAvMqfo brOdEyK/iZAqgStnOf7X2C7oB0MjeRGQSUEFAzPE+D1J37LcOU+efBknRXsvgThLY0rx a7DA== X-Gm-Message-State: APjAAAXQSWAkDZLh519swspOOaEHcWUl+IFzuulLWYFyHryvHI3hKG5Y RG55zx74A8aLUezW41mkpSuQFKZJlgMRRg== X-Google-Smtp-Source: APXvYqxJ2qUcXGI2A8TzV5a1K71mTyXWRI2O48taVCPk1QfSLu9Ie4ge/Mum0gLRUg7leWo9Ze9Oeg== X-Received: by 2002:a1c:6455:: with SMTP id y82mr123139wmb.104.1554841568680; Tue, 09 Apr 2019 13:26:08 -0700 (PDT) Received: from ?IPv6:2a02:8109:9ac0:13a3:747f:a235:1a4a:4550? ([2a02:8109:9ac0:13a3:747f:a235:1a4a:4550]) by smtp.gmail.com with ESMTPSA id r30sm107378839wrr.46.2019.04.09.13.26.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Apr 2019 13:26:07 -0700 (PDT) From: Raphael Robert Message-Id: <42B047DC-583D-40BF-99FF-2BB24A78D07C@wire.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_C7EE9891-1ED6-4A41-BE44-8A9F65AB3F10" Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Date: Tue, 9 Apr 2019 22:26:03 +0200 In-Reply-To: Cc: Nick Sullivan , Karthik Bhargavan To: Messaging Layer Security WG References: X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 20:26:13 -0000 --Apple-Mail=_C7EE9891-1ED6-4A41-BE44-8A9F65AB3F10 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I will attend as well. Raphael > On 9 Apr 2019, at 18:47, Karthik Bhargavan = wrote: >=20 > I plan to attend. >=20 > On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan = > wrote: > Hello mlswg, >=20 > The chairs would like to propose the following date for the next MLS = interim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire >=20 > This is the Thursday before the Saturday, May 18 Messaging workshop at = Eurocrypt in Darmstadt, so those people wishing to attend both have some = time to travel. >=20 > Please indicate if you would plan on attending an interim on this = date. If this date and location are not suitable and you planned to = come, please indicate your expected level of participation in the = interim in your response. There will be a remote participation option. >=20 > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls = > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls --Apple-Mail=_C7EE9891-1ED6-4A41-BE44-8A9F65AB3F10 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I = will attend as well.

Raphael

On 9 Apr 2019, at 18:47, = Karthik Bhargavan <karthik.bhargavan@gmail.com> wrote:

I plan to attend.

On Tue, Apr = 9, 2019 at 3:18 AM Nick Sullivan <nick=3D40cloudflare.com@dmarc.ietf.org> wrote:
Hello mlswg,

The chairs would like to = propose the following date for the next MLS interim:
Thursday, May 16th, 2019
Berlin, = Germany
Host: Wire

This is the Thursday before the = Saturday, May 18 Messaging workshop at Eurocrypt in Darmstadt, so those = people wishing to attend both have some time to travel.

Please indicate if you = would plan on attending an interim on this date. If this date and = location are not suitable and you planned to come, please indicate your = expected level of participation in the interim in your response. There = will be a remote participation option.

Sean and Nick
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
_______________________________________________
MLS = mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls

= --Apple-Mail=_C7EE9891-1ED6-4A41-BE44-8A9F65AB3F10-- From nobody Tue Apr 9 13:28:06 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65B51203DC for ; Tue, 9 Apr 2019 13:28:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wickr-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aJDgfOf9HILS for ; Tue, 9 Apr 2019 13:28:02 -0700 (PDT) Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF2C3120088 for ; Tue, 9 Apr 2019 13:28:02 -0700 (PDT) Received: by mail-pf1-x42a.google.com with SMTP id y13so10398228pfm.11 for ; Tue, 09 Apr 2019 13:28:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wickr-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kZkOTHiEAzXvdD5LRUWC+tiro83j1o/K/bb0iYr+KMM=; b=XAOWZua5Gy9L9uee7GpC+p49jaqcmxRCGNKD3o4KmeGp/DLeHTkOLDhDJgVEXsPhk1 qYVOXtz6o8bFLZjRVZ4B2BfQSl5tA3bDsuIPOn29HBYb8J5AV4G9XqG4hqokZbvZ+cy4 FTtwcYVkXdDcmEMC1ke1OGY+F1YruRQs1b8Nb4kUXF5UCbElxZ1b6qbbmspvuPZh1hI/ s2S7HjRHcIjnDzACGVH97nOt7i297KhCd/eKnC74B2unzd4dTirqdE8GePcaxcCceMSX mJcyBxzcmHc2bkZzakT9Pl0NiJ1MGNiXuiYdnb46m4lSBc7YRnbssRV1XQkstZU+XfvX PB9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kZkOTHiEAzXvdD5LRUWC+tiro83j1o/K/bb0iYr+KMM=; b=nemo0qod8wCLuf+LdtE5uWtPdUa4YnyuoTpmdH3/7TfqdS1gWfF8Y1NP6fBVrfi1h0 SQXTimUo0F6pcxewhbB7DHiR7pdT6cegJYWoHUsQ9Qbwu7Q+ZNa1fuWdWwH1yBHYxwRV w8OWWSgbVJ6slmVgAV/0pHCNFCh/GcXVBku9Nsb4BJvkilubjQvt2ZBY4kPPvw0byRN1 yCDJCCUYLgHvNRzdVAiujTSu+81lG/daaMFoaZv/6qs0L0SCZYbMpilKHex8DprtzU3z gARzzFnNeVk4M2VvnEAv7gOkbquK6KvO5wuSPL2M9vmVf4g+SAE334N6x9HuykQvHAf4 x9dQ== X-Gm-Message-State: APjAAAVFTrWb6iSZQTZUS4trP9VPDBdfHfCkLtM1dI2w5MqHasy+gPW3 KWNAGv3b0MBJSEEMdN8AoprIp/ZC1bF5xtN84Jj5dA== X-Google-Smtp-Source: APXvYqzN5NjYeHxOSTHs6bAPKhtUwsIymUIGucESTsAjvbW60fdMiKXZ/uTq1SxhlBEqAUhsVVbWgZBA6/0LKtu7Ekk= X-Received: by 2002:a63:6941:: with SMTP id e62mr35077772pgc.99.1554841682252; Tue, 09 Apr 2019 13:28:02 -0700 (PDT) MIME-Version: 1.0 References: <42B047DC-583D-40BF-99FF-2BB24A78D07C@wire.com> In-Reply-To: <42B047DC-583D-40BF-99FF-2BB24A78D07C@wire.com> From: Joel Alwen Date: Tue, 9 Apr 2019 22:28:00 +0200 Message-ID: To: Raphael Robert Cc: mls@ietf.org, Karthik Bhargavan , Nick Sullivan Content-Type: multipart/alternative; boundary="000000000000272aa705861eca37" Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 20:28:05 -0000 --000000000000272aa705861eca37 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I will be there too. - Jo=C3=ABl On Tue, 9 Apr 2019, 22:26 Raphael Robert, wrote: > I will attend as well. > > Raphael > > On 9 Apr 2019, at 18:47, Karthik Bhargavan > wrote: > > I plan to attend. > > On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan 40cloudflare.com@dmarc.ietf.org> wrote: > >> Hello mlswg, >> >> The chairs would like to propose the following date for the next MLS >> interim: >> Thursday, May 16th, 2019 >> Berlin, Germany >> Host: Wire >> >> This is the Thursday before the Saturday, May 18 Messaging workshop at >> Eurocrypt in Darmstadt, so those people wishing to attend both have some >> time to travel. >> >> Please indicate if you would plan on attending an interim on this date. >> If this date and location are not suitable and you planned to come, plea= se >> indicate your expected level of participation in the interim in your >> response. There will be a remote participation option. >> >> Sean and Nick >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000272aa705861eca37 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I will be there too.

- Jo=C3=ABl

On Tue, 9 Apr 2019, 22:26 Raphael= Robert, <raphael=3D40wire.= com@dmarc.ietf.org> wrote:
<= div style=3D"word-wrap:break-word;line-break:after-white-space">I will atte= nd as well.

Raphael

On 9 Apr 2019, at 18:47, Karthik Bhargavan <karthik.bhar= gavan@gmail.com> wrote:

I plan to attend.

On Tue, Apr 9,= 2019 at 3:18 AM Nick Sullivan <nick=3D40cloudflare.com@dma= rc.ietf.org> wrote:
Hello mlswg,
The chairs would like to propose the following date for the ne= xt MLS interim:
Thursday, May 16th, 2019
Berlin, German= y
Host: Wire

This is the Thursday before= the Saturday, May 18 Messaging workshop at Eurocrypt in Darmstadt, so thos= e people wishing to attend both have some time to travel.

Please indicate if you would plan on attending an interim on this d= ate. If this date and location are not suitable and you planned to come, pl= ease indicate your expected level of participation in the interim in your r= esponse. There will be a remote participation option.

<= div>Sean and Nick
_______________________________________________
MLS mailing list
MLS@ie= tf.org
https://www.ietf.org/mailman/listinfo/mls
_______________________________________________
MLS mailing list
MLS@ietf.o= rg
https://www.ietf.org/mailman/listinfo/mls
=

__________________________________= _____________
MLS mailing list
MLS@ie= tf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000272aa705861eca37-- From nobody Tue Apr 9 13:29:26 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D84312032F for ; Tue, 9 Apr 2019 13:29:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZygzuDG6laP for ; Tue, 9 Apr 2019 13:29:22 -0700 (PDT) Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED39B120088 for ; Tue, 9 Apr 2019 13:29:21 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id a184so131161wma.2 for ; Tue, 09 Apr 2019 13:29:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ov7bclWs53t3Rr2zHc0jEu4GkSV9zjSgV4CyEo1yNGk=; b=AQhV+Gbmi+zA/JEn2PhAE9pVniYuqI56taPXsVKqxWZ+K+vJz0sXODoC0EwuRuF+dC HGk3KZa8Q5DtQ/iy2T7o1Rji0UBPJcCc71gJRqBkQtoAApkRc206pypTSdyUZYqyBkxd wlnYZTvP4tOAOMJldJBjz7V5sXZE0KexMrqYoyykeNT8NU/1jlMg4mJw4xzTalulPXl7 u17wfE88LaU7ZxUvuS37ZkYYSgSJyGanjYnqizzCwCvTLVH+Ez4R9F6toHUCLDhLgVgd oH+IoWtCXTopTkUWLSfOSemVgvSIRfHn9rs3UgQF9Tkh56vdbZK+Mgo6cabFMhT9lC5X 3zXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ov7bclWs53t3Rr2zHc0jEu4GkSV9zjSgV4CyEo1yNGk=; b=EfKhNQ6oLXYCoKEE0gqto+TLYjKlbnLI3/WVJ2cC5HiU9XdFIK0vW+BPCYojTjJz3u xpMpKvNErHhJS4lFtw35o1VSHFBAubZe03KRt+EQSGcFqPCjMnTp2rDsv6IcI5yud4cE 3XTqE7N7XWyjA1PK4ayJCos5RIaae3qF6tZwLDnXys7yMaMJjJLLfqdOtrUhThg6/0uE VmWaXF4HC4JGwMp6kKrFvta29nhgNPZAn/eNuWyimZhnExQVjC/ej7rEmNDBEQ8IfPO7 gtIL8rm2WDXjrG+QtGNEIYvKIaCXjSjmnlIhcAFS7vK3+K2RjC0iw8JYC+f+VVciS5h0 KtJA== X-Gm-Message-State: APjAAAU/bu+ps2XtK6/7IE300dDUZI7YvmG5qI7kT13ALKHPeWgNF6y2 kGqXdDKcCCUyce9umzEySp0hEgM2aIbVo2xZGlI= X-Google-Smtp-Source: APXvYqx1Z0JI7G6zZ/tGyvWZl8J1UNyoFSoOTzOZ77thT7LxQ3h10/RwAdDKRU2+gzKATLITyoKbEo3JH4QnxtCr0RI= X-Received: by 2002:a1c:7208:: with SMTP id n8mr152201wmc.46.1554841760369; Tue, 09 Apr 2019 13:29:20 -0700 (PDT) MIME-Version: 1.0 References: <42B047DC-583D-40BF-99FF-2BB24A78D07C@wire.com> In-Reply-To: From: Cas Cremers Date: Tue, 9 Apr 2019 22:29:03 +0200 Message-ID: To: Joel Alwen Cc: Raphael Robert , ML Messaging Layer Security , Karthik Bhargavan , Nick Sullivan Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 20:29:24 -0000 I plan to attend too. Best, Cas On Tue, Apr 9, 2019 at 10:28 PM Joel Alwen wrote: > > I will be there too. > > - Jo=C3=ABl > > On Tue, 9 Apr 2019, 22:26 Raphael Robert, wrote: >> >> I will attend as well. >> >> Raphael >> >> On 9 Apr 2019, at 18:47, Karthik Bhargavan = wrote: >> >> I plan to attend. >> >> On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan wrote: >>> >>> Hello mlswg, >>> >>> The chairs would like to propose the following date for the next MLS in= terim: >>> Thursday, May 16th, 2019 >>> Berlin, Germany >>> Host: Wire >>> >>> This is the Thursday before the Saturday, May 18 Messaging workshop at = Eurocrypt in Darmstadt, so those people wishing to attend both have some ti= me to travel. >>> >>> Please indicate if you would plan on attending an interim on this date.= If this date and location are not suitable and you planned to come, please= indicate your expected level of participation in the interim in your respo= nse. There will be a remote participation option. >>> >>> Sean and Nick >>> _______________________________________________ >>> MLS mailing list >>> MLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mls >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Wed Apr 10 07:23:26 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E0C9120021 for ; Wed, 10 Apr 2019 07:23:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lhp9y0pXcA0y for ; Wed, 10 Apr 2019 07:23:21 -0700 (PDT) Received: from mx2.mailbox.org (mx2a.mailbox.org [IPv6:2001:67c:2050:104:0:2:25:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2620A1201F3 for ; Wed, 10 Apr 2019 07:23:17 -0700 (PDT) Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 6EAC0A120D for ; Wed, 10 Apr 2019 16:23:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030) with ESMTP id sjL7eZbIi4qh for ; Wed, 10 Apr 2019 16:22:55 +0200 (CEST) To: mls@ietf.org References: <42B047DC-583D-40BF-99FF-2BB24A78D07C@wire.com> From: Konrad Kohbrok Message-ID: <8b9175fb-669f-a903-044e-429504930977@datashrine.de> Date: Wed, 10 Apr 2019 07:22:44 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 14:23:25 -0000 I will also be there. Cheers, Konrad On 09/04/2019 23:29, Cas Cremers wrote: > I plan to attend too. > > Best, > > Cas > > On Tue, Apr 9, 2019 at 10:28 PM Joel Alwen wrote: >> >> I will be there too. >> >> - Joël >> >> On Tue, 9 Apr 2019, 22:26 Raphael Robert, wrote: >>> >>> I will attend as well. >>> >>> Raphael >>> >>> On 9 Apr 2019, at 18:47, Karthik Bhargavan wrote: >>> >>> I plan to attend. >>> >>> On Tue, Apr 9, 2019 at 3:18 AM Nick Sullivan wrote: >>>> >>>> Hello mlswg, >>>> >>>> The chairs would like to propose the following date for the next MLS interim: >>>> Thursday, May 16th, 2019 >>>> Berlin, Germany >>>> Host: Wire >>>> >>>> This is the Thursday before the Saturday, May 18 Messaging workshop at Eurocrypt in Darmstadt, so those people wishing to attend both have some time to travel. >>>> >>>> Please indicate if you would plan on attending an interim on this date. If this date and location are not suitable and you planned to come, please indicate your expected level of participation in the interim in your response. There will be a remote participation option. >>>> >>>> Sean and Nick >>>> _______________________________________________ >>>> MLS mailing list >>>> MLS@ietf.org >>>> https://www.ietf.org/mailman/listinfo/mls >>> >>> _______________________________________________ >>> MLS mailing list >>> MLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mls >>> >>> >>> _______________________________________________ >>> MLS mailing list >>> MLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mls >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > From btv1==003f9a48cdc==britta.hale@nps.edu Wed Apr 10 16:06:24 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71441120658 for ; Wed, 10 Apr 2019 16:06:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWVtIV1goAWv for ; Wed, 10 Apr 2019 16:06:22 -0700 (PDT) Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) by ietfa.amsl.com (Postfix) with ESMTP id 9E77E120253 for ; Wed, 10 Apr 2019 16:06:22 -0700 (PDT) X-ASG-Debug-ID: 1554937581-0e39451c4be59f0001-bGA3T6 Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id vekffPuK4ZhKlUSP; Wed, 10 Apr 2019 16:06:21 -0700 (PDT) X-Barracuda-Envelope-From: britta.hale@nps.edu Received: from skywalker.ern.nps.edu (172.20.4.117) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3; Wed, 10 Apr 2019 16:06:21 -0700 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (104.47.41.52) by skywalker.ern.nps.edu (172.20.4.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3 via Frontend Transport; Wed, 10 Apr 2019 16:06:21 -0700 Received: from MWHPR1301MB2174.namprd13.prod.outlook.com (10.174.171.33) by MWHPR1301MB2013.namprd13.prod.outlook.com (10.174.169.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.10; Wed, 10 Apr 2019 23:06:19 +0000 Received: from MWHPR1301MB2174.namprd13.prod.outlook.com ([fe80::592d:875e:5985:90f8]) by MWHPR1301MB2174.namprd13.prod.outlook.com ([fe80::592d:875e:5985:90f8%4]) with mapi id 15.20.1792.009; Wed, 10 Apr 2019 23:06:19 +0000 From: "Hale, Britta (CIV)" To: Nick Sullivan , "mls@ietf.org" Thread-Topic: [MLS] May 2019 MLS Interim - Berlin, Germany X-ASG-Orig-Subj: Re: [MLS] May 2019 MLS Interim - Berlin, Germany Thread-Index: AQHU7nIw1pd3glYSvkqTO+RqW09IQKY1kcUA Date: Wed, 10 Apr 2019 23:06:19 +0000 Message-ID: <02B76D23-51DA-436B-888A-BC18349F4487@nps.edu> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=britta.hale@nps.edu; x-originating-ip: [205.155.65.226] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd2eb2e0-73a8-472f-829b-08d6be092499 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:MWHPR1301MB2013; x-ms-traffictypediagnostic: MWHPR1301MB2013: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00032065B2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(136003)(376002)(346002)(39850400004)(199004)(189003)(82746002)(6246003)(99286004)(110136005)(316002)(66066001)(2616005)(786003)(97736004)(83716004)(14454004)(2906002)(486006)(478600001)(86362001)(4744005)(476003)(25786009)(446003)(53936002)(75432002)(6436002)(81166006)(2501003)(6486002)(88552002)(11346002)(71200400001)(33656002)(8936002)(36756003)(106356001)(105586002)(8676002)(6506007)(102836004)(3846002)(76176011)(26005)(6116002)(53546011)(186003)(68736007)(5660300002)(71190400001)(7736002)(256004)(6512007)(229853002)(54896002)(6306002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR1301MB2013; H:MWHPR1301MB2174.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nps.edu does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 5mJoLcraQTlIGx4GF3uBMKSMphVYzs49b7Mr1zIsnHiR8zrj6Bpt5/bOZywnM/GKxpdEDWhlnNrNrhjdRQXYXTxeDnhWoCLqXqH9sD0gEHjpSS9i66epmgEAg+FyCYB+lCBfE/BkdlLmIdBI6ZrYy/0CH2kGd4P6OM99KLjkytLmvB3PywLn5SxNbxrO0f1tWrssuwQI3vYM0h1gmBpNTGK9ZcFJW7eLGvub+lwkT0L5amarBPUlOoba9ZxBnHS3F11PZIQmgImhbuDRrfwWzhGGMLcQ6cqbsE/ImgLZ05QEGdrTo3EJfw2VwrlL6hfJKQlyOXvHKT8CbTdRVif4CHB3bRVG6hIXh+OnHAxx9pbCiCvpSjo6cV9RWQjVo0ATfgUVX+w7ZicfBkeLJhYMC1cZqs6sfwfy9PFCGW76BBI= Content-Type: multipart/alternative; boundary="_000_02B76D2351DA436B888ABC18349F4487npsedu_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: dd2eb2e0-73a8-472f-829b-08d6be092499 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 23:06:19.6146 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1301MB2013 X-OriginatorOrg: nps.edu X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116] X-Barracuda-Start-Time: 1554937581 X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at nps.edu X-Barracuda-Scan-Msg-Size: 4538 X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.69717 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 23:07:25 -0000 --_000_02B76D2351DA436B888ABC18349F4487npsedu_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSBhbSBwbGFubmluZyB0byBhdHRlbmQgYXMgd2VsbC4NCg0KLS0gQnJpdHRhDQoNCkZyb206IE1M UyA8bWxzLWJvdW5jZXNAaWV0Zi5vcmc+IG9uIGJlaGFsZiBvZiBOaWNrIFN1bGxpdmFuIDxuaWNr PTQwY2xvdWRmbGFyZS5jb21AZG1hcmMuaWV0Zi5vcmc+DQpEYXRlOiBNb25kYXksIEFwcmlsIDgs IDIwMTkgYXQgNjoxOCBQTQ0KVG86ICJtbHNAaWV0Zi5vcmciIDxtbHNAaWV0Zi5vcmc+DQpTdWJq ZWN0OiBbTUxTXSBNYXkgMjAxOSBNTFMgSW50ZXJpbSAtIEJlcmxpbiwgR2VybWFueQ0KDQpIZWxs byBtbHN3ZywNCg0KVGhlIGNoYWlycyB3b3VsZCBsaWtlIHRvIHByb3Bvc2UgdGhlIGZvbGxvd2lu ZyBkYXRlIGZvciB0aGUgbmV4dCBNTFMgaW50ZXJpbToNClRodXJzZGF5LCBNYXkgMTZ0aCwgMjAx OQ0KQmVybGluLCBHZXJtYW55DQpIb3N0OiBXaXJlDQoNClRoaXMgaXMgdGhlIFRodXJzZGF5IGJl Zm9yZSB0aGUgU2F0dXJkYXksIE1heSAxOCBNZXNzYWdpbmcgd29ya3Nob3AgYXQgRXVyb2NyeXB0 IGluIERhcm1zdGFkdCwgc28gdGhvc2UgcGVvcGxlIHdpc2hpbmcgdG8gYXR0ZW5kIGJvdGggaGF2 ZSBzb21lIHRpbWUgdG8gdHJhdmVsLg0KDQpQbGVhc2UgaW5kaWNhdGUgaWYgeW91IHdvdWxkIHBs YW4gb24gYXR0ZW5kaW5nIGFuIGludGVyaW0gb24gdGhpcyBkYXRlLiBJZiB0aGlzIGRhdGUgYW5k IGxvY2F0aW9uIGFyZSBub3Qgc3VpdGFibGUgYW5kIHlvdSBwbGFubmVkIHRvIGNvbWUsIHBsZWFz ZSBpbmRpY2F0ZSB5b3VyIGV4cGVjdGVkIGxldmVsIG9mIHBhcnRpY2lwYXRpb24gaW4gdGhlIGlu dGVyaW0gaW4geW91ciByZXNwb25zZS4gVGhlcmUgd2lsbCBiZSBhIHJlbW90ZSBwYXJ0aWNpcGF0 aW9uIG9wdGlvbi4NCg0KU2VhbiBhbmQgTmljaw0K --_000_02B76D2351DA436B888ABC18349F4487npsedu_ Content-Type: text/html; charset="utf-8" Content-ID: <320D7304486A9B4C80DCA628388DF519@namprd13.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpw Lm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1u YW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6 MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglm b250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNw YW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0No cERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBw dDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEu MGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2Vj dGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSIj MDU2M0MxIiB2bGluaz0iIzk1NEY3MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+SSBhbSBwbGFubmluZyB0byBhdHRlbmQgYXMgd2VsbC48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4tLSBCcml0dGE8L3Nw YW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAx LjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5Gcm9tOiA8L3NwYW4+ PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5NTFMgJmx0O21s cy1ib3VuY2VzQGlldGYub3JnJmd0OyBvbiBiZWhhbGYgb2YgTmljayBTdWxsaXZhbiAmbHQ7bmlj az00MGNsb3VkZmxhcmUuY29tQGRtYXJjLmlldGYub3JnJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5N b25kYXksIEFwcmlsIDgsIDIwMTkgYXQgNjoxOCBQTTxicj4NCjxiPlRvOiA8L2I+JnF1b3Q7bWxz QGlldGYub3JnJnF1b3Q7ICZsdDttbHNAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9i PltNTFNdIE1heSAyMDE5IE1MUyBJbnRlcmltIC0gQmVybGluLCBHZXJtYW55PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPkhlbGxvIG1sc3dnLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5UaGUgY2hhaXJzIHdvdWxkIGxpa2UgdG8gcHJvcG9zZSB0aGUgZm9s bG93aW5nIGRhdGUgZm9yIHRoZSBuZXh0IE1MUyBpbnRlcmltOjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGh1cnNkYXksIE1heSAxNnRoLCAyMDE5 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5CZXJs aW4sIEdlcm1hbnk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPkhvc3Q6IFdpcmU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+VGhpcyBpcyB0aGUgVGh1cnNkYXkgYmVmb3JlIHRoZSBTYXR1cmRheSwg TWF5IDE4IE1lc3NhZ2luZyB3b3Jrc2hvcCBhdCBFdXJvY3J5cHQgaW4gRGFybXN0YWR0LCBzbyB0 aG9zZSBwZW9wbGUgd2lzaGluZyB0byBhdHRlbmQgYm90aCBoYXZlIHNvbWUgdGltZSB0byB0cmF2 ZWwuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PlBsZWFzZSBpbmRpY2F0ZSBpZiB5b3Ugd291bGQgcGxhbiBvbiBhdHRlbmRpbmcgYW4gaW50ZXJp bSBvbiB0aGlzIGRhdGUuIElmIHRoaXMgZGF0ZSBhbmQgbG9jYXRpb24gYXJlIG5vdCBzdWl0YWJs ZSBhbmQgeW91IHBsYW5uZWQgdG8gY29tZSwgcGxlYXNlIGluZGljYXRlIHlvdXIgZXhwZWN0ZWQg bGV2ZWwgb2YgcGFydGljaXBhdGlvbiBpbiB0aGUgaW50ZXJpbSBpbiB5b3VyIHJlc3BvbnNlLiBU aGVyZSB3aWxsDQogYmUgYSByZW1vdGUgcGFydGljaXBhdGlvbiBvcHRpb24uPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlNlYW4gYW5kIE5pY2s8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0K PC9odG1sPg0K --_000_02B76D2351DA436B888ABC18349F4487npsedu_-- From nobody Wed Apr 10 22:39:57 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623C4120074 for ; Wed, 10 Apr 2019 22:39:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYJx_48EVQpM for ; Wed, 10 Apr 2019 22:39:53 -0700 (PDT) Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69F01120110 for ; Wed, 10 Apr 2019 22:39:53 -0700 (PDT) Received: by mail-vs1-xe2d.google.com with SMTP id w13so2788550vsc.4 for ; Wed, 10 Apr 2019 22:39:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hl/h67AjI3UgY7LHb8SwaG+dHV3c5yKbsPIAmTB99iI=; b=iAktydKB/xVWw8virnLu4q1P/eVxw3I7tZfNxjY/tT+PQx8TX+m7894mgN1xCtspCy MmrqO1OXdjNRmhwEwbaIwetO/5EGOKAFVDgMBh8fUcJVgSR7MP8on0tqkJshK8uZGODu hQ8sRG1ULbaIbWn9cja+4mqkdc0Amerj/aCJnKtvqzhIcNJoTErzjmXLWWhMkxluN9OB x2rvcyA4/wzj0JyxP2K1VMV+In/klpKvd1imDGC65VFPog6AgXeUKKmg4hTco14jG+lT VEr9l52lguPpfYZsNSFw4ZG58NG1FSPYSi1+dG24+Td3hDuN5nm7G0o2oklK/FosC3hG 3Zyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hl/h67AjI3UgY7LHb8SwaG+dHV3c5yKbsPIAmTB99iI=; b=PQQpxBTUOzTqTmJCnNKkR5xRSojtB/kcEznWC1AcNpry7bm11I0gou9uckzXifkYH+ d1D44ZvgeMBhHM9xSwvBBZCTRNkag6NH1ydptexlM5+M3Pm3aXggTtxMHH0wt1BIgJox wS4MpgmRBVENye/UXSnNfwYEubVuDj11uARJaaQ65k9bwckMVemkLsld0jpwV+pmcIdY ILa1WJwhtgwFjo8xhML4d7fSUCnqJiXn/SUDw23urHBLGvFx0qXnFDgoQ5yXU2ulhDax AEFTYf3ajfVgdfFd+ZOnFZyVe8ZY3AgLPjDOxjhOLJ8eG6ZKeb/YRynjB66Wb0Xu1BNh PZ9g== X-Gm-Message-State: APjAAAU5mrd6MSqwwSttHm+I1jAYG2gV9xjz+4v+ydc82OgYe0pLcbff Xui/RXMLedVNPVbCl1GsM0ICaxi5k2ruTicLd26sjA== X-Google-Smtp-Source: APXvYqxUJnwaRTRMM5ULRBp1sHAc+tmwyRJ/UA5LcnuCWyuqjCHL3n8bH1pNIeVBNQ+Bf8xD2Ta/vqG+6lDs89TRsCs= X-Received: by 2002:a67:e418:: with SMTP id d24mr26683181vsf.8.1554961192473; Wed, 10 Apr 2019 22:39:52 -0700 (PDT) MIME-Version: 1.0 References: <02B76D23-51DA-436B-888A-BC18349F4487@nps.edu> In-Reply-To: <02B76D23-51DA-436B-888A-BC18349F4487@nps.edu> From: Suhas Nandakumar Date: Wed, 10 Apr 2019 22:39:41 -0700 Message-ID: To: "Hale, Britta (CIV)" Cc: Nick Sullivan , "mls@ietf.org" Content-Type: multipart/alternative; boundary="00000000000084581305863a9d8f" Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 05:39:56 -0000 --00000000000084581305863a9d8f Content-Type: text/plain; charset="UTF-8" I like to attend as remote attendee Thanks Suhas On Wed, Apr 10, 2019 at 4:07 PM Hale, Britta (CIV) wrote: > I am planning to attend as well. > > > > -- Britta > > > > *From: *MLS on behalf of Nick Sullivan 40cloudflare.com@dmarc.ietf.org> > *Date: *Monday, April 8, 2019 at 6:18 PM > *To: *"mls@ietf.org" > *Subject: *[MLS] May 2019 MLS Interim - Berlin, Germany > > > > Hello mlswg, > > > > The chairs would like to propose the following date for the next MLS > interim: > > Thursday, May 16th, 2019 > > Berlin, Germany > > Host: Wire > > > > This is the Thursday before the Saturday, May 18 Messaging workshop at > Eurocrypt in Darmstadt, so those people wishing to attend both have some > time to travel. > > > > Please indicate if you would plan on attending an interim on this date. If > this date and location are not suitable and you planned to come, please > indicate your expected level of participation in the interim in your > response. There will be a remote participation option. > > > > Sean and Nick > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --00000000000084581305863a9d8f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I like to attend as remote attendee=C2=A0

Thanks
Suhas

On Wed, Apr 10, 2019 at 4:07 PM Hale, Britta= (CIV) <britta.hale@nps.edu&g= t; wrote:

I am planning to attend as well.

=C2=A0

-- Britta<= u>

=C2=A0

From: = MLS <mls-bounces@ietf.org> o= n behalf of Nick Sullivan <nick=3D40cloudflare.com@dmarc.ietf.org>
Date: Monday, April 8, 2019 at 6:18 PM
To: "mls@ietf= .org" <mls@ie= tf.org>
Subject: [MLS] May 2019 MLS Interim - Berlin, Germany<= /span>

=C2=A0

Hello mlswg,

=C2=A0

The chairs would like to propose the following date = for the next MLS interim:

Thursday, May 16th, 2019

Berlin, Germany

Host: Wire

=C2=A0

This is the Thursday before the Saturday, May 18 Mes= saging workshop at Eurocrypt in Darmstadt, so those people wishing to atten= d both have some time to travel.

=C2=A0

Please indicate if you would plan on attending an in= terim on this date. If this date and location are not suitable and you plan= ned to come, please indicate your expected level of participation in the in= terim in your response. There will be a remote participation option.

=C2=A0

Sean and Nick

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000084581305863a9d8f-- From nobody Thu Apr 11 21:45:24 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3A812023B for ; Thu, 11 Apr 2019 21:45:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REftCoQCnbl4 for ; Thu, 11 Apr 2019 21:45:21 -0700 (PDT) Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF65A12023E for ; Thu, 11 Apr 2019 21:45:20 -0700 (PDT) Received: by mail-qt1-x836.google.com with SMTP id v20so9784147qtv.12 for ; Thu, 11 Apr 2019 21:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=eFbM0jDDyMu3egUx4aj3IvkaBUQNuJWsK9to16zgugM=; b=mkodInAk1lKMkXjfTelXm4urZwSLZA1H7svxqRRKGII0f7mcVJT8JVfRfN7Q7mpbJ9 CokbgnmQNXrBSbwr5S3vKjjm6vjjTTpQLvWubPlR98HIgxGjaPu1pNkD00z5modi9CtA B07MO6x/wtZBLYe7raEzacPL6oU/ZqLpZ5Kbg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=eFbM0jDDyMu3egUx4aj3IvkaBUQNuJWsK9to16zgugM=; b=q+L2Z/7dlnKRMCjmrC4KdmA9J5c5Baw9iVw9DB3PwCXG3rbTuL2y+z3+esYUkXNA0k Jhh2SEG2UxdmNBiqaz9Nrgp6anoIw6Tp3ewTjEL8COuckoscAoF9nXaaNGlMDLjUrGoO 96cop6fAJPHsesLXxF/tTPBY+OYkgF6SlxmEf8X5DF/GoANLNRq3WwMeR1xOVhsxL8zj otkBXXz176zzn+sZ3Dcapim+K8HBC3yIV9HXHtlkdrxhteaYkFqcJRwM8Z5eR164mgZR mJYEEnRuYISM6WTjanstduSzXwmEnI23EmkuDXws/G4E+NCwVQoxRsJrXqysEPxL2I9H bjag== X-Gm-Message-State: APjAAAVHShoB3sQ0QVtAZYiuFJRyo5/rI/kbaYojKIN1X6tSfXu+hpBl +OkJ5RNeTnk3hl3lRXP5H4JYElVn/vE= X-Google-Smtp-Source: APXvYqzp5hwli4saNfZOhvb9woZvTueng7hhYFYTh88ipblkKXQgRfaInbsD8qMs5muvuD+RH9uerg== X-Received: by 2002:a0c:c990:: with SMTP id b16mr44339034qvk.93.1555044319861; Thu, 11 Apr 2019 21:45:19 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id h29sm26438532qtk.32.2019.04.11.21.45.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Apr 2019 21:45:19 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Date: Fri, 12 Apr 2019 00:45:18 -0400 References: <02B76D23-51DA-436B-888A-BC18349F4487@nps.edu> To: "mls@ietf.org" In-Reply-To: Message-Id: <64976BCB-397E-4D21-9AD4-426708AC9FB2@sn3rd.com> X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 04:45:23 -0000 Just for the record I=E2=80=99ll be remote as well. spt > On Apr 11, 2019, at 01:39, Suhas Nandakumar = wrote: >=20 > I like to attend as remote attendee=20 >=20 > Thanks > Suhas >=20 > On Wed, Apr 10, 2019 at 4:07 PM Hale, Britta (CIV) = wrote: > I am planning to attend as well. >=20 > =20 >=20 > -- Britta >=20 > =20 >=20 > From: MLS on behalf of Nick Sullivan = > Date: Monday, April 8, 2019 at 6:18 PM > To: "mls@ietf..org" > Subject: [MLS] May 2019 MLS Interim - Berlin, Germany >=20 > =20 >=20 > Hello mlswg, >=20 > =20 >=20 > The chairs would like to propose the following date for the next MLS = interim: >=20 > Thursday, May 16th, 2019 >=20 > Berlin, Germany >=20 > Host: Wire >=20 > =20 >=20 > This is the Thursday before the Saturday, May 18 Messaging workshop at = Eurocrypt in Darmstadt, so those people wishing to attend both have some = time to travel. >=20 > =20 >=20 > Please indicate if you would plan on attending an interim on this = date. If this date and location are not suitable and you planned to = come, please indicate your expected level of participation in the = interim in your response. There will be a remote participation option. >=20 > =20 >=20 > Sean and Nick >=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Fri Apr 12 07:07:28 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14874120716 for ; Fri, 12 Apr 2019 07:07:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wickr-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssUnBlBg5IuQ for ; Fri, 12 Apr 2019 07:07:25 -0700 (PDT) Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDEBA120715 for ; Fri, 12 Apr 2019 07:07:24 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id o25so11398581wmf.5 for ; Fri, 12 Apr 2019 07:07:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wickr-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=QpTq6bDWrGqYZsBkXvmcSDr802eE0Ie7DkdSl42cqzA=; b=p9/em7MGMYd7zJFQOzZS5cAcU9g+BbfWAa3vOhJcetPYG2i0PupGchjF3ZTBo0DHGB w3yhq9WXZxn3yDWud6DcHiSMcd/H7/4cn0zjuK4IvnUxzlJnRBnFZ+3MtCUSsv6FU+0E voAzoa3WcdFPHjxHYgEFQXIeaWcQucNHIPogO2CUqmfmdc4gNt+vcjCGdg1dTe/Mi0Qy O5jbmCmnbEWQPOeOl9qD2uE8ut5W0/d2b+Er6LrB9M5EscZhlsMoOYta+Ql9AQq+fz1G ebhp7n3Og4KBTyEutlZjc8iUukAWe0tj/ipPjxlqjKDkkVERqE9LnksYvAHsDKA3/tle dQxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version:content-language :content-transfer-encoding; bh=QpTq6bDWrGqYZsBkXvmcSDr802eE0Ie7DkdSl42cqzA=; b=hjj+ryLHyHfdErwaAW/QMLA+lc+5EY/+ef/mIiQWvIDZMtP3P8+3FGtZig9QFl67t1 aiSDOctREHVITW7IhfEpt4FIKLYxaAdlK4TlAePfe2fILiqq5vqNY64/8NsXwNzP6wKs H0rvDV/sPxuKgvbLeKdRkTN8pNWmXnlpxa4dTO9v3Zedh+n3flM5KTeBpCtBA727FRM4 vAYpOL4BUWubhNnxUDHmT2JJO/oNeAuo7zyRUE/Efbekdg4Z+/UGT4LAX2gZ7FhIOIVH ZHAUiuwguUKAnFo21SFLsHn1eaX/9rqxOfYkXovuj6XO3tRY4pKH8vSJlmZe29gDHjd/ l0Qg== X-Gm-Message-State: APjAAAX5JKMX/eUc86LTmgNFNBBFxUhf1eLB/Bvd20MH9BeKcepLvODe Wz9TBwta5oidZLWqj438lKuwjyMQH44= X-Google-Smtp-Source: APXvYqyYEuO5BOSHo300Dn8+UdV6bb/e/VLdkqSZSHqEkHOrLEb8upYJPmbYEL391w/JV5p8XLcihw== X-Received: by 2002:a7b:cbd6:: with SMTP id n22mr12085798wmi.57.1555078042697; Fri, 12 Apr 2019 07:07:22 -0700 (PDT) Received: from [192.168.1.137] (84-114-27-5.cable.dynamic.surfer.at. [84.114.27.5]) by smtp.gmail.com with ESMTPSA id o6sm44550632wrp.41.2019.04.12.07.07.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Apr 2019 07:07:21 -0700 (PDT) To: mls@ietf.org From: Joel Alwen Openpgp: preference=signencrypt Autocrypt: addr=jalwen@wickr.com; keydata= mQENBFyIZvABCAC65JupY1w7gzhhNo41ftIk09n7Lid9p31jDR8Jefv9R5sWL+HZFGDeABAY 1J1JvV6vOaMsfdy9iUFfGS1GhMJ3+mh799SIsB3JSfPq/eq6Jut57D2yPtILmc7ZbuJyBHg0 xuYfKCQQAYikW+v2LJQU1Y+BUDbVldpzxSc8Z3PPSfunWdzhY6qAAhyCv+Y8EzJlQivMwD5B f6737krf8SoBsjsqCHQrRo/r+BSj5Wtd5/K3FkmWLOUAFoYK23+cpoFntGJKZfss27gDPhyS gX9ibXcBGQqBEF4qDPEzEHK8iQmXTxLul5Y7lQ6ADf69xH15WM4GmRBeCvR3Uanxcr2/ABEB AAG0HUpvZWwgQWx3ZW4gPGphbHdlbkB3aWNrci5jb20+iQFUBBMBCAA+FiEEYFNg9IH2SV6e 03O3FR5tDZv8eygFAlyIZvICGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ FR5tDZv8eyjSywgApQNIRcL4IKTJ0I4XwcQRhICu1Bht3c2fUnG2YziJXjGf6DZ49uKKtuIu fk8mNS+vKRLoLZ7+u+Pv/Yjmk8jtrr6Saz1vnfsle3GgmXG5JaKOM5cOfeo5JnlNUP3QonR7 LMZwY1qVKg2mzNmwi0jG1zIGgQ5fiAwqe+YTNFli5bc/H1O9LcSmbrLV9OyucARq11DIiAvU fDknZ17OahQls+9mgfAXH5vZjzo296tYvzkOJQ2A6GPxdMHIXGbJM/vjuMe2QJl6C0zaqOtm JvFcx/HpNhmugYI9OsNAd7846HASDp8BKyfY5FYP7bn0/JBuCpg18Aykru6xyFjG3gv0L7kB DQRciGbxAQgA0Qx9LlxvJ0LGZlZRVyV8kPIxg8pNMmxJwJJ+JnTciW0LpfigfdAvGVf6PU0x 3V6SJKtz8D61c8KLyztxwPGRgJX2TRK3zvTlT5mqqnGYMAANttCF1+8DNpiYOMg3ibPRby46 4JPhMgWgvCJ1vHGu9cghjn1ttWIwBuKBXMc8HgACKYWsYZJiYtFEsnOdsD6aPWCg6NiImoc7 vRwNMKNNtDPxY95Yj4CRiLPVrZje3LyJlA9S+y2/p3w69R4AVLSRzAwDlupjXYs03QdNjGjP 2IR2u8RhstDgqW8+Bk3p7wjJ1kHTHgyox81/aHbnIRGKksPGPMPT3bvbpxevfqZ7ywARAQAB iQE8BBgBCAAmFiEEYFNg9IH2SV6e03O3FR5tDZv8eygFAlyIZvECGwwFCQHhM4AACgkQFR5t DZv8eygbLQf+OHSG6K9qiPdYxe61IR2kZdyogc2ArEGrl6AmcNzySXC8wlnreZo3FjfkD6xV CQWwWDxI7B0JPM86IcfCfn45ADeI8rwm6yYIs00B4ag9Mmo0GQ4kQd2aTy60/QaE2ZSrnEtt 0fuz1G8DGnhPnOnMyCnCnkSNuTNG20OlI0cn5EJSxBS4fXVeBMBaV91DEmvLU6DjL+fOBQPq CXIbFY7XffOmC4VxtAGhTadJ8WmUD8ZezXNs8c40Btpukr7j4piUshITfazPGEMXzTUTkimf fAhNX1QQBsfP9kjfjxBn6jDl+lDJY34mANWwEJ8BKjgr09P0sOz4zjjFL62GcFczQA== Message-ID: Date: Fri, 12 Apr 2019 16:07:22 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: [MLS] New Tree-based Application Key Schedule X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 14:07:27 -0000 Hey everyone, I've submitted a PR implementing a tree-based application key schedule based on the ideas proposed by Benjamin Beurdouche, Sandro Corretti, Yevgeniy Dodis and myself. On the one hand it allows for easy handling of concurrent / out of order message delivery within an epoch (as each group member has their own independent symmetric ratchet). On the other hand it avoids having to do linear amounts of hashing and key/nonce storage as soon the moment the first message in an epoch is sent (as would be the case if we immediately seed all sender ratchets directly from application_secret as in the 03 draft). Basic idea: - The Application Key Schedule consists of a left balanced binary tree of secrets (the "AS Tree") and one symmetric ratchet per group member. The AS Tree has the same node/edge structure as the ratchet tree for that epoch. Members are assigned the same leaves. - Each node in the AS Tree is assigned a secret. The root's secret = application_secret. The secrets of children are derived from that of their parent. - The secret of a leaf is the initial secret of a symmetric hash ratchet. The ratchet generates the key/nonce sequence used by the leaf's group member to encrypt messages during that epoch. Other comments: - I included a "Deletion Schedule": keys, nonces are 'consumed' if they are used to encrypt or successfully decrypt a message. Secrets are 'consumed' if a value derived from them are consumed. Any consumed value must be immediately deleted (for reasons of forward secrecy). - Maybe the most contentious issue: I was very generous with contexts for all calls to HKDF. E.g. I included Hash(GroupState_[n]) in the context of every call. I doubt its needed to prove security against more coarse adversarial models (e.g. ones that only do all-or-nothing state leakage). Still, as a matter of the "defense in depth" principle I think including as much relevant context as possible during all key/secret derivation is a good idea. Albeit only as long as the price (in computation, complexity, etc) is not too high. To that end, I used Hash(GroupState_[n]) instead of GroupState_[n] directly in the context as it is much short, needs only to be computed once at the start of the epoch and can then be used to very cheaply to construct any context needed for the rest of the new schedule. Curious what you all think! - Joël From nobody Fri Apr 12 08:56:03 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7200E1200F6 for ; Fri, 12 Apr 2019 08:56:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqPRc33lYZXp for ; Fri, 12 Apr 2019 08:56:00 -0700 (PDT) Received: from smtpext3.darkmatter.ae (smtpext3.darkmatter.ae [185.180.84.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19A73120839 for ; Fri, 12 Apr 2019 08:55:50 -0700 (PDT) IronPort-SDR: k87DFUmi9S8Y4AQTaGdf2m10v0N2rTu4KiYefQLttvOM1cRYcVkGzjDLQYEUI2TEEzvS05owDM XMKhAmKaIxGQGZyEkBaY4NoYTR+KuID/VFud4L9/8YpU9NTcqtOoOye7JGn8ZtLbErNkn97cUD p/Z4KUrqJDkWHho8cc5XLcXG09RHLlz2LULU9V/o0ZGbGnbR4FlK+3+sQabos0SM4IWTerEyA5 G+OdkeXsxPNyH1SB2++YOLuKCiqGl4+EECmQL5FISfy90EbxVB8loGFvdJJAE26i5w9TLg5cQy baw= IronPort-PHdr: =?us-ascii?q?9a23=3A3A/onRS5cMZEfMZl0iidHZ+8Udpsv+yvbD5Q0Y?= =?us-ascii?q?Iujvd0So/mwa67ZBCOt8tkgFKBZ4jH8fUM07OQ7/m5HzZZqsjQ+DBaKdoQDk?= =?us-ascii?q?dD0Z1X1yUbQ+e9QXXhK/DrayFoVO9jb3RCu0+BDE5OBczlbEfTqHDhpRQbGx?= =?us-ascii?q?H4KBYnbr+tQt2agMu4zf299IPOaAtUmjW9falyLBKrpgnNq8Uam4RvJrssxh?= =?us-ascii?q?fTvHdEZutayGJsKFmOmxrw+tq88IRs/ihNp/4t7dJMXbn/c68lUbFWETMqPn?= =?us-ascii?q?wv6sb2rxfDVwyP5nUdUmUSjBVFBhXO4Q/5UJnsrCb0r/Jx1yaGM8L4S7A0Qi?= =?us-ascii?q?mi4LxwSBD0kicHNiU2/3/Rh8dtka9UuhOhpxh4w47JfIGYMed1c63Bcd8GQ2?= =?us-ascii?q?dKQ91cXDJdDIyic4QPDvIBPedGoIn7u1sOtga1CQ21CO/y1jNEmnr60Ksn2O?= =?us-ascii?q?ojDA7GxhQtEdIQvnrJsNX7OqQcUe63w6nJwjrMc/xY1Czh6IfTcBAtve2AUa?= =?us-ascii?q?5yfMfX1EIhFxnFjlKVqYH9Iz6V0voCsmeB4OpmSO2glXQnoBxsrDiv2MgskI?= =?us-ascii?q?rJhoMTylvZ8ih03II1KsO3SUFhZ96rDYVftzuAO4VrQsMtXXtouCU7yr0Aop?= =?us-ascii?q?O0YTIFyI4kxx7acfOHb5SI7Qz5VOqLOzh3mmtodbSijBi89kigz/fzVsiy0F?= =?us-ascii?q?tSrypKjMXMtn4X2xzU8MiHRf1w9Vqi1zaXzw3f9/1ILVoqmabFJJMt2KM8mo?= =?us-ascii?q?AXvEjfBiP6hVn6gLWIekk69eWk8ebqb7r8qpKYK4N4kg/+Pbotl8CjBOk1Nx?= =?us-ascii?q?UCUHWf9Oih0bDu8lP2T65Ig/Azj6XUsJ7XKMYeq6KnHgBY04gu5hCiBDm8yt?= =?us-ascii?q?sYh2MILFdddRKCiIjmJk/BLejjDfe6n1SsiDBrx+3aPrH5ApXCMHzDkLD5cL?= =?us-ascii?q?Z+9UFdyBEzwclB6JNbFrENPuj/VVLru9zCDR85Nha7w/r7CNpjzIMSQ3iADb?= =?us-ascii?q?GBPKPTt1+H+P4vLvGRaIMJojrxNeYp6vH0gXMkg1MQebWl0YMSaH+iH/RmJ0?= =?us-ascii?q?uZYWDrgtcECWoHog4+Q/LliVKYVz5cemi9X7gm6j8mCIKpE53DRoOsgLyHxy?= =?us-ascii?q?q0A4dZZnpFClCJC3joa5mEVOkWaC6IOMBujCQIVaK9RI85yRGuqAj6xqJiLu?= =?us-ascii?q?rQ4S0VrpPj28Zp5+3djx0y8iZ0D8uF2WGXU250hn8IRyMx3K1nukxy1E2M0a?= =?us-ascii?q?5jjvxDE9xe6elJXRogOZHAyOx6DoO6ZgWURdqATh6aX8+gDCt5Gsk8ytkmeE?= =?us-ascii?q?AmAdnkhRfGiW7iSboRjJSKCYA6tKXG0DK5c8N50F7H2bUvyV48TZ0cG3ehg/?= =?us-ascii?q?tW8wXDDojFnl/RrKanb6cd2maZ3WOO3WOIsExCFjVwXL/GXHY3akLMrtHw+l?= =?us-ascii?q?/PVfmnBOJ0YUN61ceeJ/4SOZXShlJcSaKmYYyGbg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2kEAADHtLBc/1oB4ApiAxoBAQEBAQIBAQEBBwIBAQEBg?= =?us-ascii?q?VEFAQEBAQsBgniBKwqEBIgcjRuCGYE7hWWPD4FxCg8BGAsMgUmCdQIXhgM0C?= =?us-ascii?q?Q4BAwEBAQkBAQEBAgEBAQGBBQyCOikBFDEcPgEBAQEBAVACRCwBAQEBAgEBA?= =?us-ascii?q?SERHxsQBwQCAQgNBAMBAQEBAgIjAwICAh8GCxQBCAgCBAESCIMbgWkDDR6se?= =?us-ascii?q?YEvhUaCOw2CGwaBCycBhGBdhGyCdj8mg08uPoEEgRZHAQECgXYKCxuCQ4JXA?= =?us-ascii?q?4pQI4IvmE42BwKCB1KNeoNAIoIIhhqMUINciAaHcIl+giYCAgICCQIVgU+CD?= =?us-ascii?q?zMac4JsgiKIa4U/cgGPUIEgAQE?= X-IronPort-AV: E=Sophos;i="5.60,341,1549915200"; d="scan'208";a="3038897" Received: from ForcepointDLP ([10.224.1.90]) by keys-ext2.darkmatter.ae (PGP Universal service); Fri, 12 Apr 2019 19:55:35 +0400 X-PGP-Universal: processed; by keys-ext2.darkmatter.ae on Fri, 12 Apr 2019 19:55:35 +0400 Received: from ActiveEmail (ActiveEmail [127.0.0.1]) by ActiveEmail.localdomain (Service) with ESMTP id 1AA6A1800094; Fri, 12 Apr 2019 19:52:16 +0400 (+04) Received: from email.darkmatter.ae (adkdcsvmc001.darkmatter.uae [10.224.74.11]) by ActiveEmail.localdomain (Service) with ESMTP id 031701800093; Fri, 12 Apr 2019 19:52:16 +0400 (+04) Received: from ADKDCSVMC001.darkmatter.uae (10.224.74.11) by ADKDCSVMC001.darkmatter.uae (10.224.74.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Fri, 12 Apr 2019 19:55:34 +0400 Received: from ADKDCSVMC001.darkmatter.uae ([fe80::1d91:4eb7:1537:2d63]) by ADKDCSVMC001.darkmatter.uae ([fe80::1d91:4eb7:1537:2d63%18]) with mapi id 15.01.1591.012; Fri, 12 Apr 2019 19:55:34 +0400 From: Alexander Sherkin To: Sean Turner , "mls@ietf.org" Thread-Topic: [MLS] May 2019 MLS Interim - Berlin, Germany Thread-Index: AQHU7nJH4+Tk1kkTjUiNJUL2BYLcxKY1xBCAgABt6ICAAYMjAIAA/iXg Date: Fri, 12 Apr 2019 15:55:34 +0000 Message-ID: References: <02B76D23-51DA-436B-888A-BC18349F4487@nps.edu> <64976BCB-397E-4D21-9AD4-426708AC9FB2@sn3rd.com> In-Reply-To: <64976BCB-397E-4D21-9AD4-426708AC9FB2@sn3rd.com> Accept-Language: en-CA, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.224.74.90] x-exclaimer-md-config: 77ff947c-8af8-48f1-8d81-f67dcf75dbee MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 15:56:03 -0000 SSB3b3VsZCBsaWtlIHRvIGF0dGVuZCBpbiBwZXJzb24uDQoNClRoYW5rcy4NCkFsZXguDQoNCg0K DQoNCkFsZXhhbmRlciBTaGVya2luIHwgU29mdHdhcmUgQXJjaGl0ZWN0DQpUZWw6ICB8IE1vYjog KzEgNDE2IDQxNCA3MTE3DQpBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlDQoNClRoZSBp bmZvcm1hdGlvbiB0cmFuc21pdHRlZCwgaW5jbHVkaW5nIGF0dGFjaG1lbnRzLCBpcyBpbnRlbmRl ZCBvbmx5IGZvciB0aGUgcGVyc29uKHMpIG9yIGVudGl0eSB0byB3aGljaCBpdCBpcyBhZGRyZXNz ZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBhbmQvb3IgcHJpdmlsZWdlZCBtYXRlcmlh bC4gQW55IHJldmlldywgcmV0cmFuc21pc3Npb24sIGRpc3NlbWluYXRpb24gb3Igb3RoZXIgdXNl IG9mLCBvciB0YWtpbmcgb2YgYW55IGFjdGlvbiBpbiByZWxpYW5jZSB1cG9uIHRoaXMgaW5mb3Jt YXRpb24gYnkgcGVyc29ucyBvciBlbnRpdGllcyBvdGhlciB0aGFuIHRoZSBpbnRlbmRlZCByZWNp cGllbnQgaXMgcHJvaGliaXRlZC4gSWYgeW91IHJlY2VpdmVkIHRoaXMgaW4gZXJyb3IsIHBsZWFz ZSBjb250YWN0IHRoZSBzZW5kZXIgYW5kIGRlc3Ryb3kgYW55IGNvcGllcyBvZiB0aGlzIGluZm9y bWF0aW9uLg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTUxTIFttYWlsdG86 bWxzLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBTZWFuIFR1cm5lcg0KU2VudDogQXBy aWwgMTIsIDIwMTkgMTI6NDUgQU0NClRvOiBtbHNAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbTUxT XSBNYXkgMjAxOSBNTFMgSW50ZXJpbSAtIEJlcmxpbiwgR2VybWFueQ0KDQpKdXN0IGZvciB0aGUg cmVjb3JkIEnigJlsbCBiZSByZW1vdGUgYXMgd2VsbC4NCg0Kc3B0DQoNCj4gT24gQXByIDExLCAy MDE5LCBhdCAwMTozOSwgU3VoYXMgTmFuZGFrdW1hciA8c3VoYXNpZXRmQGdtYWlsLmNvbT4gd3Jv dGU6DQo+DQo+IEkgbGlrZSB0byBhdHRlbmQgYXMgcmVtb3RlIGF0dGVuZGVlDQo+DQo+IFRoYW5r cw0KPiBTdWhhcw0KPg0KPiBPbiBXZWQsIEFwciAxMCwgMjAxOSBhdCA0OjA3IFBNIEhhbGUsIEJy aXR0YSAoQ0lWKSA8YnJpdHRhLmhhbGVAbnBzLmVkdT4gd3JvdGU6DQo+IEkgYW0gcGxhbm5pbmcg dG8gYXR0ZW5kIGFzIHdlbGwuDQo+DQo+DQo+DQo+IC0tIEJyaXR0YQ0KPg0KPg0KPg0KPiBGcm9t OiBNTFMgPG1scy1ib3VuY2VzQGlldGYub3JnPiBvbiBiZWhhbGYgb2YgTmljayBTdWxsaXZhbiA8 bmljaz00MGNsb3VkZmxhcmUuY29tQGRtYXJjLmlldGYub3JnPg0KPiBEYXRlOiBNb25kYXksIEFw cmlsIDgsIDIwMTkgYXQgNjoxOCBQTQ0KPiBUbzogIm1sc0BpZXRmLi5vcmciIDxtbHNAaWV0Zi5v cmc+DQo+IFN1YmplY3Q6IFtNTFNdIE1heSAyMDE5IE1MUyBJbnRlcmltIC0gQmVybGluLCBHZXJt YW55DQo+DQo+DQo+DQo+IEhlbGxvIG1sc3dnLA0KPg0KPg0KPg0KPiBUaGUgY2hhaXJzIHdvdWxk IGxpa2UgdG8gcHJvcG9zZSB0aGUgZm9sbG93aW5nIGRhdGUgZm9yIHRoZSBuZXh0IE1MUyBpbnRl cmltOg0KPg0KPiBUaHVyc2RheSwgTWF5IDE2dGgsIDIwMTkNCj4NCj4gQmVybGluLCBHZXJtYW55 DQo+DQo+IEhvc3Q6IFdpcmUNCj4NCj4NCj4NCj4gVGhpcyBpcyB0aGUgVGh1cnNkYXkgYmVmb3Jl IHRoZSBTYXR1cmRheSwgTWF5IDE4IE1lc3NhZ2luZyB3b3Jrc2hvcCBhdCBFdXJvY3J5cHQgaW4g RGFybXN0YWR0LCBzbyB0aG9zZSBwZW9wbGUgd2lzaGluZyB0byBhdHRlbmQgYm90aCBoYXZlIHNv bWUgdGltZSB0byB0cmF2ZWwuDQo+DQo+DQo+DQo+IFBsZWFzZSBpbmRpY2F0ZSBpZiB5b3Ugd291 bGQgcGxhbiBvbiBhdHRlbmRpbmcgYW4gaW50ZXJpbSBvbiB0aGlzIGRhdGUuIElmIHRoaXMgZGF0 ZSBhbmQgbG9jYXRpb24gYXJlIG5vdCBzdWl0YWJsZSBhbmQgeW91IHBsYW5uZWQgdG8gY29tZSwg cGxlYXNlIGluZGljYXRlIHlvdXIgZXhwZWN0ZWQgbGV2ZWwgb2YgcGFydGljaXBhdGlvbiBpbiB0 aGUgaW50ZXJpbSBpbiB5b3VyIHJlc3BvbnNlLiBUaGVyZSB3aWxsIGJlIGEgcmVtb3RlIHBhcnRp Y2lwYXRpb24gb3B0aW9uLg0KPg0KPg0KPg0KPiBTZWFuIGFuZCBOaWNrDQo+DQo+IF9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IE1MUyBtYWlsaW5nIGxp c3QNCj4gTUxTQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vbWxzDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQo+IE1MUyBtYWlsaW5nIGxpc3QNCj4gTUxTQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vbWxzDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fDQpNTFMgbWFpbGluZyBsaXN0DQpNTFNAaWV0Zi5vcmcNCmh0dHBz Oi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vbWxzDQoNCg0KDQoNCg0KDQoNCg== From nobody Fri Apr 12 11:14:48 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CEE51202E1 for ; Fri, 12 Apr 2019 11:14:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZvYOoNsJZvAh for ; Fri, 12 Apr 2019 11:14:43 -0700 (PDT) Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9580A12012E for ; Fri, 12 Apr 2019 11:14:43 -0700 (PDT) Received: by mail-oi1-x22c.google.com with SMTP id j132so8748619oib.2 for ; Fri, 12 Apr 2019 11:14:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+CE5w+n6zgczCuEVEowG5fdl43vzxXGvYIWScmsG0SE=; b=LW08Sx7PR/+UE11CLbhnBuo7jybkvhUFqbrCAqz5FfiA/WW4znEn6s1dqD9Pwo1k5p MRxANPQD7hnAz1+2ePkx1yCIjL7iaoQ72obI2A3kkvXHZqmy0dEcIJ89q5XxxIM1JoA3 HaPiw/wfox8BWcAFwlFYDWMYcC6AzlBhhGMfLayERbVWCr3OdWpjQ4xwuDt2EPagGYCh CA7BqEthxuFwdarA8QZKdH4RXJ2QbG3F1eCQAbm8VtIW33PrZZa0A7cJe9n0N9/8Vgkz 8W68zaXOX56XNj0hLQfvV0U3woFDzvhPFUzKEEbBfGOoQx34F7ahgw4CMlmE6zoND+o8 tSKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+CE5w+n6zgczCuEVEowG5fdl43vzxXGvYIWScmsG0SE=; b=Gt3of/L7oc0vbc406T+S27tQNKccoQk5C8MgvJ3ep9wejsQ0qyfpCPqoKcQa5cmfbV TX1NbL9r+XVYbAhH6dra67gtccgeThY40Uq0oDGqKuUBEgbTIr466uKzqn2zKc2aXbBe yNmgzZGsDj0EmVp0EEwyTNHH4IAcHDzGHDzAKfIoiRe1w7Zc+Tq6eHv1/3VF4kiVJNRf j7r+kjR4bx5LNfx90gmN7MWIypC6yrmn8hWmvA6+oxPt09AUfffUyZTtEkrZyJcGS6La eR3zXGsMU+aNcgr9qM/uWyyJpoFOPaufO4F1SjV7zGJzXrW5ueoEtUr9Odx+SN85ppB0 uLiQ== X-Gm-Message-State: APjAAAXHLtWRvH2r859AOyHGYqwayk4FasZtRogPU3nPjpn5E7PWMj7c L7aoFD53RRNSK/sWgveAV6XsgOxAu2ApkqR966K2lw== X-Google-Smtp-Source: APXvYqwgX7VD7Uop9bYpLEnTsf7my7FYfkLSng0qnSlzm5rs0RfPRRRvvv3aFB3ObnSJBpPRmJa5Pt2xHvnjPifaFI8= X-Received: by 2002:aca:544b:: with SMTP id i72mr10443260oib.51.1555092882839; Fri, 12 Apr 2019 11:14:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Barnes Date: Fri, 12 Apr 2019 14:14:24 -0400 Message-ID: To: Joel Alwen Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000dfed9d058659461b" Archived-At: Subject: Re: [MLS] New Tree-based Application Key Schedule X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 18:14:47 -0000 --000000000000dfed9d058659461b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Jo=C3=ABl, Thanks a lot for putting this together. I'll review the PR shortly. In case other folks need it, here's the link for the PR: https://github.com/mlswg/mls-protocol/pull/146 Overall, I think this is a sane idea. The thing that really sells it to me is your observation that the AS tree has the same structure as the ratchet tree, which points to a very elegant implementation approach: - Add a field to each ratchet tree node to store an app secret or nil - On epoch update, clear out all the app secrets in the tree, and set the root node's app secret to the epoch app secret - When you need an app secret for a leaf (to encrypt or decrypt) - Search toward the root until you find a node with an app secret set - Work back out to the leaf, deriving the two app secrets for the children and deleting the parent app secret On the "deletion schedule" idea: I might be wrong, but I don't think we're going to be able to be super tight here. Applications are going to want to be able to tolerate out-of-order messages, in which case you're going to want to keep around a parent secret after one or more of its descendants have been consumed. I like the "consumed" idea and terminology, we just might have to apply it with a bit of flexibility. On the "context" question: I don't really feel strongly here. The current scheme doesn't really fold in any group context at all, which is consistent with what TLS does [1]. Given that that's simpler, I might be tempted to keep things that way until we find that there's some deficiency. --Richard [1] https://tools.ietf.org/html/rfc8446#section-7.2 On Fri, Apr 12, 2019 at 10:07 AM Joel Alwen wrote: > Hey everyone, > > I've submitted a PR implementing a tree-based application key schedule > based on the ideas proposed by Benjamin Beurdouche, Sandro Corretti, > Yevgeniy Dodis and myself. > > On the one hand it allows for easy handling of concurrent / out of order > message delivery within an epoch (as each group member has their own > independent symmetric ratchet). On the other hand it avoids having to do > linear amounts of hashing and key/nonce storage as soon the moment the > first message in an epoch is sent (as would be the case if we > immediately seed all sender ratchets directly from application_secret as > in the 03 draft). > > Basic idea: > - The Application Key Schedule consists of a left balanced binary tree > of secrets (the "AS Tree") and one symmetric ratchet per group member. > The AS Tree has the same node/edge structure as the ratchet tree for > that epoch. Members are assigned the same leaves. > - Each node in the AS Tree is assigned a secret. The root's secret =3D > application_secret. The secrets of children are derived from that of > their parent. > - The secret of a leaf is the initial secret of a symmetric hash > ratchet. The ratchet generates the key/nonce sequence used by the leaf's > group member to encrypt messages during that epoch. > > Other comments: > - I included a "Deletion Schedule": keys, nonces are 'consumed' if they > are used to encrypt or successfully decrypt a message. Secrets are > 'consumed' if a value derived from them are consumed. Any consumed value > must be immediately deleted (for reasons of forward secrecy). > - Maybe the most contentious issue: I was very generous with contexts > for all calls to HKDF. E.g. I included Hash(GroupState_[n]) in the > context of every call. I doubt its needed to prove security against more > coarse adversarial models (e.g. ones that only do all-or-nothing state > leakage). Still, as a matter of the "defense in depth" principle I think > including as much relevant context as possible during all key/secret > derivation is a good idea. Albeit only as long as the price (in > computation, complexity, etc) is not too high. To that end, I used > Hash(GroupState_[n]) instead of GroupState_[n] directly in the context > as it is much short, needs only to be computed once at the start of the > epoch and can then be used to very cheaply to construct any context > needed for the rest of the new schedule. > > Curious what you all think! > - Jo=C3=ABl > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000dfed9d058659461b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey Jo=C3=ABl,

Thanks a lot for putting this together.=C2=A0 I'll= review the PR shortly.=C2=A0 In case other folks need it, here's the l= ink for the PR:


Overall, I think this is a sane idea.=C2=A0 The t= hing that really sells it to me is your observation that the AS tree has th= e same structure as the ratchet tree, which points to a very elegant implem= entation approach:

- Add a field to each ratchet t= ree node to store an app secret or nil
- On epoch update, cle= ar out all the app secrets in the tree, and set the root node's app sec= ret to the epoch app secret
- When you need an app secret for a l= eaf (to encrypt or decrypt)
=C2=A0 - Search toward the root until= you find a node with an app secret set
=C2=A0 - Work back out to= the leaf, deriving the two app secrets for the children and deleting the p= arent app secret

On the "deletion schedule&qu= ot; idea: I might be wrong, but I don't think we're going to be abl= e to be super tight here.=C2=A0 Applications are going to want to be able t= o tolerate out-of-order messages, in which case you're going to want to= keep around a parent secret after one or more of its descendants have been= consumed.=C2=A0 I like the "consumed" idea and terminology, we j= ust might have to apply it with a bit of flexibility.

<= div>On the "context" question: I don't really feel strongly h= ere.=C2=A0 The current scheme doesn't really fold in any group context = at all, which is consistent with what TLS does [1].=C2=A0 Given that that&#= 39;s simpler, I might be tempted to keep things that way until we find that= there's some deficiency.

--Richard
<= div>
<= br>

On Fri, Apr 12, 2019 at 10:07 AM Joel Alwen <jalwen@wickr.com> wrote:
Hey everyone,

I've submitted a PR implementing a tree-based application key schedule<= br> based on the ideas proposed by Benjamin Beurdouche, Sandro Corretti,
Yevgeniy Dodis and myself.

On the one hand it allows for easy handling of concurrent / out of order message delivery within an epoch (as each group member has their own
independent symmetric ratchet). On the other hand it avoids having to do linear amounts of hashing and key/nonce storage as soon the moment the
first message in an epoch is sent (as would be the case if we
immediately seed all sender ratchets directly from application_secret as in the 03 draft).

Basic idea:
- The Application Key Schedule consists of a left balanced binary tree
of secrets (the "AS Tree") and one symmetric ratchet per group me= mber.
The AS Tree has the same node/edge structure as the ratchet tree for
that epoch. Members are assigned the same leaves.
- Each node in the AS Tree is assigned a secret. The root's secret =3D<= br> application_secret. The secrets of children are derived from that of
their parent.
- The secret of a leaf is the initial secret of a symmetric hash
ratchet. The ratchet generates the key/nonce sequence used by the leaf'= s
group member to encrypt messages during that epoch.

Other comments:
- I included a "Deletion Schedule": keys, nonces are 'consume= d' if they
are used to encrypt or successfully decrypt a message. Secrets are
'consumed' if a value derived from them are consumed. Any consumed = value
must be immediately deleted (for reasons of forward secrecy).
- Maybe the most contentious issue: I was very generous with contexts
for all calls to HKDF. E.g. I included Hash(GroupState_[n]) in the
context of every call. I doubt its needed to prove security against more coarse adversarial models (e.g. ones that only do all-or-nothing state
leakage). Still, as a matter of the "defense in depth" principle = I think
including as much relevant context as possible during all key/secret
derivation is a good idea. Albeit only as long as the price (in
computation, complexity, etc) is not too high. To that end, I used
Hash(GroupState_[n]) instead of GroupState_[n] directly in the context
as it is much short, needs only to be computed once at the start of the
epoch and can then be used to very cheaply to construct any context
needed for the rest of the new schedule.

Curious what you all think!
- Jo=C3=ABl

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000dfed9d058659461b-- From nobody Fri Apr 12 11:31:34 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E54191203D3 for ; Fri, 12 Apr 2019 11:31:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wickr-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jyeVYur9mw0i for ; Fri, 12 Apr 2019 11:31:28 -0700 (PDT) Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CF121203EC for ; Fri, 12 Apr 2019 11:31:25 -0700 (PDT) Received: by mail-pl1-x62d.google.com with SMTP id f36so5530246plb.5 for ; Fri, 12 Apr 2019 11:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wickr-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ulnVDHCUCOgNZnP/46OLBs+McqliQeV1zbrFiEOQ2KE=; b=qrPRwgWxRrXwJqR2gyrufwBPb9sPV7qiznk8kAFeTwG2/Ai82v99/bJFuc9wnK0raS KgsKywBkSl5jl27LdJqkSW4SDdI/Mfs7zBs2CievF/RQlZK0poRxUAQI4G3R9+0uYm3F lWAXncLKQA2byyaQ4K7F3C/tw8j//LqVDnq0tkUqt5cEk0PiAJWzHkJGRRC3RozA3mFg +39QmEBes2withq8brRX9TfywBQnxb2X/LxNmQ7bpJ58/8AP7sKmAVJj6St2KINriGwm qBqohEL6PHrf41O81RpiOwY2izXSASt5kgpAJHLpVd6IBSaIs2raJxXnTdoHrZ5TyCIH /01w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ulnVDHCUCOgNZnP/46OLBs+McqliQeV1zbrFiEOQ2KE=; b=JJEkhW4UbjutF3np80EPmPkNy+qcHcC1LGlc+gGGJ12O9r5uN8AKo9uVR+69KgBR2E Bq8uD29dJaGEDTqGiMf5VdekmORogiZNTop8PBt/JLqC065AuWFSHbTl75LXJIttq779 r1Esc1lSdMdYXl9IdKLZKAc3aYGZNF8lZZGQ3pvR/WDEmT6dqjusV3WaQpxPAEIwo+xq syOgkMUm44LzBG7S/bvU1nxB1iY921cULmfIeW46on1qNJz75FoZklv9Lf2BIRQMCGRc UZdmdfNAFNbcO2u4AAWtSkoJ/XPN3qBatuUoO9VnawjfkUkYvkxlgrnxqhboYX0trGXL YbrA== X-Gm-Message-State: APjAAAX8CNRpNXHmDdi7JPlNVHrmA0LPaTtyUMi78z0Swhoi91zBum49 tt1JbqlPhMJ74mS2xNrZO0BVRUJMygHcvnAVseXn4s3y X-Google-Smtp-Source: APXvYqyf2LJURhkXLM/2JSZ56l4msB4kGnSJzMSVcZJaM93NaIw/GlF/2Wpae5rqdgh/B7nScmznrXC5sf9f1vQ6fMI= X-Received: by 2002:a17:902:2ec5:: with SMTP id r63mr5506206plb.139.1555093884487; Fri, 12 Apr 2019 11:31:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Joel Alwen Date: Fri, 12 Apr 2019 20:27:58 +0200 Message-ID: To: Richard Barnes Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000093de430586598255" Archived-At: Subject: Re: [MLS] New Tree-based Application Key Schedule X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 18:31:32 -0000 --00000000000093de430586598255 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Richard, Thanks for your response! For the deletion schedule I think there's no problem with out-of-order messaging. Basically if a secret is consumed then just before deleting it derive any (unconsumed) children values that may still be needed. E.g. if in a ratchet msg j arrives before j' wrote: > Hey Jo=C3=ABl, > > Thanks a lot for putting this together. I'll review the PR shortly. In > case other folks need it, here's the link for the PR: > > https://github.com/mlswg/mls-protocol/pull/146 > > Overall, I think this is a sane idea. The thing that really sells it to > me is your observation that the AS tree has the same structure as the > ratchet tree, which points to a very elegant implementation approach: > > - Add a field to each ratchet tree node to store an app secret or nil > - On epoch update, clear out all the app secrets in the tree, and set the > root node's app secret to the epoch app secret > - When you need an app secret for a leaf (to encrypt or decrypt) > - Search toward the root until you find a node with an app secret set > - Work back out to the leaf, deriving the two app secrets for the > children and deleting the parent app secret > > On the "deletion schedule" idea: I might be wrong, but I don't think we'r= e > going to be able to be super tight here. Applications are going to want = to > be able to tolerate out-of-order messages, in which case you're going to > want to keep around a parent secret after one or more of its descendants > have been consumed. I like the "consumed" idea and terminology, we just > might have to apply it with a bit of flexibility. > > On the "context" question: I don't really feel strongly here. The curren= t > scheme doesn't really fold in any group context at all, which is consiste= nt > with what TLS does [1]. Given that that's simpler, I might be tempted to > keep things that way until we find that there's some deficiency. > > --Richard > > [1] https://tools.ietf.org/html/rfc8446#section-7.2 > > > On Fri, Apr 12, 2019 at 10:07 AM Joel Alwen wrote: > >> Hey everyone, >> >> I've submitted a PR implementing a tree-based application key schedule >> based on the ideas proposed by Benjamin Beurdouche, Sandro Corretti, >> Yevgeniy Dodis and myself. >> >> On the one hand it allows for easy handling of concurrent / out of order >> message delivery within an epoch (as each group member has their own >> independent symmetric ratchet). On the other hand it avoids having to do >> linear amounts of hashing and key/nonce storage as soon the moment the >> first message in an epoch is sent (as would be the case if we >> immediately seed all sender ratchets directly from application_secret as >> in the 03 draft). >> >> Basic idea: >> - The Application Key Schedule consists of a left balanced binary tree >> of secrets (the "AS Tree") and one symmetric ratchet per group member. >> The AS Tree has the same node/edge structure as the ratchet tree for >> that epoch. Members are assigned the same leaves. >> - Each node in the AS Tree is assigned a secret. The root's secret =3D >> application_secret. The secrets of children are derived from that of >> their parent. >> - The secret of a leaf is the initial secret of a symmetric hash >> ratchet. The ratchet generates the key/nonce sequence used by the leaf's >> group member to encrypt messages during that epoch. >> >> Other comments: >> - I included a "Deletion Schedule": keys, nonces are 'consumed' if they >> are used to encrypt or successfully decrypt a message. Secrets are >> 'consumed' if a value derived from them are consumed. Any consumed value >> must be immediately deleted (for reasons of forward secrecy). >> - Maybe the most contentious issue: I was very generous with contexts >> for all calls to HKDF. E.g. I included Hash(GroupState_[n]) in the >> context of every call. I doubt its needed to prove security against more >> coarse adversarial models (e.g. ones that only do all-or-nothing state >> leakage). Still, as a matter of the "defense in depth" principle I think >> including as much relevant context as possible during all key/secret >> derivation is a good idea. Albeit only as long as the price (in >> computation, complexity, etc) is not too high. To that end, I used >> Hash(GroupState_[n]) instead of GroupState_[n] directly in the context >> as it is much short, needs only to be computed once at the start of the >> epoch and can then be used to very cheaply to construct any context >> needed for the rest of the new schedule. >> >> Curious what you all think! >> - Jo=C3=ABl >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> > --00000000000093de430586598255 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey Richard,

Thanks for your response! For the deletion schedule I think there'= ;s no problem with out-of-order messaging. Basically if a secret is consume= d then just before deleting it derive any (unconsumed) children values that= may still be needed.=C2=A0

E.g. if in a ratchet msg j arrives before j'<j then first derive= the j'-th key/nonce for deleteing secret j'. The same goes for any= other (now consumed) secrets between j and j' in that ratchet. That wa= y if any of those msgs arrive one can still decrypt them. But if there'= s a state leakage nothing useful for decrypting the j-th msg is leaked sinc= e keys & nonces are dead ends in the derivation hierarchy.=C2=A0
<= div dir=3D"auto">
Similarly in the AS Tree if a = node's secret is marked as consumed then just before deleting it derive= and store the secrets of its unconsumed child.

=
-=C2=A0Jo=C3= =ABl


On Fri, 12 Apr 2019, 20:14 Richard Barnes, <rlb@ipv.sx&g= t; wrote:
Hey Jo=C3=ABl,

Than= ks a lot for putting this together.=C2=A0 I'll review the PR shortly.= =C2=A0 In case other folks need it, here's the link for the PR:


Overall, I think this is a sane ide= a.=C2=A0 The thing that really sells it to me is your observation that the = AS tree has the same structure as the ratchet tree, which points to a very = elegant implementation approach:

- Add a field to = each ratchet tree node to store an app secret or nil
- On epo= ch update, clear out all the app secrets in the tree, and set the root node= 's app secret to the epoch app secret
- When you need an app = secret for a leaf (to encrypt or decrypt)
=C2=A0 - Search toward = the root until you find a node with an app secret set
=C2=A0 - Wo= rk back out to the leaf, deriving the two app secrets for the children and = deleting the parent app secret

On the "deleti= on schedule" idea: I might be wrong, but I don't think we're g= oing to be able to be super tight here.=C2=A0 Applications are going to wan= t to be able to tolerate out-of-order messages, in which case you're go= ing to want to keep around a parent secret after one or more of its descend= ants have been consumed.=C2=A0 I like the "consumed" idea and ter= minology, we just might have to apply it with a bit of flexibility.

On the "context" question: I don't really f= eel strongly here.=C2=A0 The current scheme doesn't really fold in any = group context at all, which is consistent with what TLS does [1].=C2=A0 Giv= en that that's simpler, I might be tempted to keep things that way unti= l we find that there's some deficiency.

--Rich= ard



On Fri, Apr 12, 2019= at 10:07 AM Joel Alwen <jalwen@wickr.com> wrote:
Hey everyone,

I've submitted a PR implementing a tree-based application key schedule<= br> based on the ideas proposed by Benjamin Beurdouche, Sandro Corretti,
Yevgeniy Dodis and myself.

On the one hand it allows for easy handling of concurrent / out of order message delivery within an epoch (as each group member has their own
independent symmetric ratchet). On the other hand it avoids having to do linear amounts of hashing and key/nonce storage as soon the moment the
first message in an epoch is sent (as would be the case if we
immediately seed all sender ratchets directly from application_secret as in the 03 draft).

Basic idea:
- The Application Key Schedule consists of a left balanced binary tree
of secrets (the "AS Tree") and one symmetric ratchet per group me= mber.
The AS Tree has the same node/edge structure as the ratchet tree for
that epoch. Members are assigned the same leaves.
- Each node in the AS Tree is assigned a secret. The root's secret =3D<= br> application_secret. The secrets of children are derived from that of
their parent.
- The secret of a leaf is the initial secret of a symmetric hash
ratchet. The ratchet generates the key/nonce sequence used by the leaf'= s
group member to encrypt messages during that epoch.

Other comments:
- I included a "Deletion Schedule": keys, nonces are 'consume= d' if they
are used to encrypt or successfully decrypt a message. Secrets are
'consumed' if a value derived from them are consumed. Any consumed = value
must be immediately deleted (for reasons of forward secrecy).
- Maybe the most contentious issue: I was very generous with contexts
for all calls to HKDF. E.g. I included Hash(GroupState_[n]) in the
context of every call. I doubt its needed to prove security against more coarse adversarial models (e.g. ones that only do all-or-nothing state
leakage). Still, as a matter of the "defense in depth" principle = I think
including as much relevant context as possible during all key/secret
derivation is a good idea. Albeit only as long as the price (in
computation, complexity, etc) is not too high. To that end, I used
Hash(GroupState_[n]) instead of GroupState_[n] directly in the context
as it is much short, needs only to be computed once at the start of the
epoch and can then be used to very cheaply to construct any context
needed for the rest of the new schedule.

Curious what you all think!
- Jo=C3=ABl

_______________________________________________
MLS mailing list
MLS@ie= tf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000093de430586598255-- From nobody Fri Apr 12 13:36:25 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C66F120145 for ; Fri, 12 Apr 2019 13:36:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I_FDljikiXCg for ; Fri, 12 Apr 2019 13:36:23 -0700 (PDT) Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C460C1200EF for ; Fri, 12 Apr 2019 13:36:22 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id n25so12449030wmk.4 for ; Fri, 12 Apr 2019 13:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=IX/Xgp5ns3CrTShl+6pdvace0liTe6j0GSusY7is9kQ=; b=JHYYO7a2IWvuizgzU1prQsWC+cvShbQtchC+EkO39ZC8aUR615/Lf7zJ1ZBkjjXmqG dsUFYA+GS72Dr7p9Vu5ZaR597vmkUtF0un323pS3icymlBIkeidCeM4x4VVnNRzmEm8Z Re1onfUqb8WOtFBmBdsUixvYDr6kZSOLVsMmg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IX/Xgp5ns3CrTShl+6pdvace0liTe6j0GSusY7is9kQ=; b=ljLefxxfAvaue4z3WoTEsOKoYjiVcKSXP+RMV66LrX/fu8zMTDvy4L8BGUoRPNd4op +OyQ3aJ+4ehq/ZnHBv7qAFy1ibUPBPXhHl9ccKmk+IB3Cq9rEdAm+DOJL/LjXqqDQT+5 tuvaGccEBJSxD5caxdJ7L4pofrShLYXjS66VA3SRTe2ynIk3DWF8a0Ju6/OhEPjHBjnN ABADB69VQRrBUfsMCaTXGVUrLdQMCHfBAvEDwySA8dYAIP4Msj6r9Ol3KXkPVLigT164 /vf7FrV81peesYp3HHtc+UoQMSQJe6f/XRKoSRBoCjYX9dPAJrLXQEdSeEMW75GAPAPc Y/yQ== X-Gm-Message-State: APjAAAXOBO4DxXlMctG71NoDY5he/kKJoABXqGQDNX30ZOEnq9ckONjk zfWb22PuJ6kIf91AXt9m+bN8JxEA7yGmeS9HSjNIK221qeV2zg== X-Google-Smtp-Source: APXvYqybzere4f+fTUR0UzQHSUOT2ZI5Jk8uELHJ3gw8a91WKpSvLP2myCd+MCZQZEjlRMrY2RqCFhlzsACVqFG74AM= X-Received: by 2002:a1c:1aca:: with SMTP id a193mr13250172wma.40.1555101380776; Fri, 12 Apr 2019 13:36:20 -0700 (PDT) MIME-Version: 1.0 From: Nick Sullivan Date: Fri, 12 Apr 2019 13:36:09 -0700 Message-ID: To: mls@ietf.org Content-Type: multipart/alternative; boundary="00000000000064436505865b4109" Archived-At: Subject: [MLS] Meeting Notes for IETF 104 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 20:36:24 -0000 --00000000000064436505865b4109 Content-Type: text/plain; charset="UTF-8" All, The meeting notes are available in the datatracker ( https://datatracker.ietf.org/meeting/104/session/mls) and on Github ( https://github.com/mlswg/wg-materials/tree/master/ietf104). Corrections welcome. Nick and Sean --00000000000064436505865b4109 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

The meeting notes are available in= the datatracker (https://datatracker.ietf.org/meeting/104/session/mls) and on Gi= thub (https://github.com/mlswg/wg-materials/tree/master/ietf104).
=
Corrections welcome.

Nick and Sean<= /div>
--00000000000064436505865b4109-- From nobody Wed Apr 17 13:58:05 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BAFC120498 for ; Wed, 17 Apr 2019 13:57:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FfzmQelMehxQ for ; Wed, 17 Apr 2019 13:57:56 -0700 (PDT) Received: from smtpext3.darkmatter.ae (smtpext3.darkmatter.ae [185.180.84.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32A6D120605 for ; Wed, 17 Apr 2019 13:57:52 -0700 (PDT) IronPort-SDR: vCcql553l9xrDEAX2DYzOAl0Z7Yg9PKwHRPrBWBshGqYdpmK1QNr1icQJhLtDOP7R8/++vySW5 3/P/mM1DQrqtE7bkk8aREn/C8RWYe2/d6S0THzNc5xniRram6tKVN74EIwOAAVBOEPlKxnP4gI NqzuQh/r6SKRFnyp7x6WA+GZRZpG7gs+TCE1ZMNq8N9SXfS+1uw9t20BQXiUPnANuROJ8Ha6BT svf8Aq48bqNseJL8bHwY8dssaU+IerEupQKBOTW6mwmVR+6Zb6IbhUhga1C4lSdJ6pKstHd/Kh +Oc= IronPort-PHdr: =?us-ascii?q?9a23=3AWrc6aBSU2KFQiaEmippfB1zgQNpsv+yvbD5Q0Y?= =?us-ascii?q?Iujvd0So/mwa6zZx2N2/xhgRfzUJnB7Loc0qyK6vmmAjdLuMva+DBaKdoQDk?= =?us-ascii?q?dD0Z1X1yUbQ+e9QXXhK/DrayFoVO9jb3RCu0+BDE5OBczlbEfTqHDhpRQbGx?= =?us-ascii?q?H4KBYnbr+tQt2agMu4zf299IPOaAtUmjW9falyLBKrpgnNq8Uam4RvJrssxh?= =?us-ascii?q?fTrHZFdetayX5oKF+dgh3w4tu88IN5/ylfpv4t69RMXbnmc6g9ULdVECkoP2?= =?us-ascii?q?cp6cPxqBLNVxGP5nwSUmUXlhpHHQ3I5wzkU5nyryX3qPNz1DGVMsPqQ780Xy?= =?us-ascii?q?+i77pwRx/zlCgHLT85/3rJhcF2kalWvQiupx17w47TfYGVKP9zdb7TcN8GWW?= =?us-ascii?q?ZMWNtaWipcCY2+coQPFfIMM+ZGoYfgu1sAoxiwBQijC+zz0TJInGP63a8g3u?= =?us-ascii?q?g9DQ3L3gotFM8OvnTOq9X1Mb8fXPyxzKbWwjTMdfVW1irj54jSbxsvvPGMUq?= =?us-ascii?q?xqccrSyEkvER7Og1KMpIzhITyU2f4Cs26G4OV+T+KjkXMpqwFvrTi1xccsi4?= =?us-ascii?q?/Ji5kIxV/e7yV5w4M1KsekSE5nf9GkCoFcuDuEOIZvRM4pXm9muCE/yrIcuJ?= =?us-ascii?q?67ejAHyJAmxx7ZaPyIbZWH4hPlVOqLPTh4g3dldKqjhxe88Eig1vH8Wdeu0F?= =?us-ascii?q?pQsiVFldzMumgQ2BPJ8MiHSf598V292TaTyQ/T8PtILloqmqfdNpUvwaYwm4?= =?us-ascii?q?IOvUjfBCP6hlv6gaCMekk54OSl7/jrbq37qpOALYN4lB/yP6s0lsG9Duk0KA?= =?us-ascii?q?wDU3Sd9O+hzrPs51f5T69PjvAul6nZt43VKtoDq66iBg9Vzp4j6xGiDze6yN?= =?us-ascii?q?gYnWcILFZCeB+fjIjmJVHPIOvhAfihjFWsjClny+rbMbL7GJXNLX3Dn639fb?= =?us-ascii?q?Zh9UFc0hA/wspB6J5MC7EBJuz8WlPpudDFEhM1KRK4z/joBdlny48SQ2aCDr?= =?us-ascii?q?OBPKPXq1CI5+YvI+eWZI8SvTbwM+Qo5/rwgn42g1Ade7Sm0oUNaHyiA/pmI1?= =?us-ascii?q?uWYWDvgtcAF2cHpRcxQ/bwiF2BVD5cfWqyX74i6TEhEo6pF5nMSpi3gLOdxC?= =?us-ascii?q?e7AoFWZmdeB1CJFXfobJ6JW/YSZyKOLM9tiDsEVaKuS9xp6Rb7/gr+0JJmI/?= =?us-ascii?q?bavCoCutirgN1x/MXSmA08sztuAJLO/XuKSjRdmm4YTjk60bo3mkxw0FSC1+?= =?us-ascii?q?AsqvhVBdVV6/5TFDw6OITfzupSB9noWQfIYsuEUhCvT4P1UnkKUtstzopWMA?= =?us-ascii?q?5GENK4g0Wb0g=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2l6DgB7krdc/1oB4ApjAx4BBgcGgWWBDwFXgRKBLAqEB?= =?us-ascii?q?JhASpJAgkqBKzwLARcQDIFJgnUZhiI4EwEDAQEBAwEBAQECAQEBAYEFAQuCO?= =?us-ascii?q?iIYBHwLBAEBAQEBAQEBASQBAQEBAQEBAQEBAQEBARsCMwgMNQEdCiYTChsBF?= =?us-ascii?q?RABAQEfAwIEBRAPIBIBBBIBCAaDFYIXqlqBL4VHhFgQgTKEYV2DQnYQgxs/h?= =?us-ascii?q?0ICgS4BEgE2CiaCQ4JXBIpWASWCLYQ6h2eEToglBwKCCFOEPAEqUYlngiQjg?= =?us-ascii?q?gldhUCMV4txgR6ER0qQBoEHWg8IMxqDXwmCEReBAQECRYIDilNyji+BIoEhA?= =?us-ascii?q?QE?= X-IronPort-AV: E=Sophos;i="5.60,363,1549915200"; d="png'150?scan'150,208,217,150";a="3103369" Received: from ForcepointDLP ([10.224.1.90]) by keys-ext2.darkmatter.ae (PGP Universal service); Thu, 18 Apr 2019 00:57:47 +0400 X-PGP-Universal: processed; by keys-ext2.darkmatter.ae on Thu, 18 Apr 2019 00:57:47 +0400 Received: from ActiveEmail (ActiveEmail [127.0.0.1]) by ActiveEmail.localdomain (Service) with ESMTP id C27741800094 for ; Thu, 18 Apr 2019 00:54:26 +0400 (+04) Received: from email.darkmatter.ae (adkdcsvmc002.darkmatter.uae [10.224.74.12]) by ActiveEmail.localdomain (Service) with ESMTPS id A952F1800093 for ; Thu, 18 Apr 2019 00:54:26 +0400 (+04) From: Alexander Sherkin To: "mls@ietf.org" Thread-Topic: Blocking Update messages for breaking post-compromise security Thread-Index: AdT1X6+b0ZittmB8TOOUBJ3Ui56HyA== Date: Wed, 17 Apr 2019 20:57:46 +0000 Message-ID: <526edb2c61bb48c4aa34f20ad91db0f2@darkmatter.ae> Accept-Language: en-CA, en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.224.74.90] x-exclaimer-md-config: 77ff947c-8af8-48f1-8d81-f67dcf75dbee MIME-Version: 1.0 Content-Language: en-US Content-Type: multipart/related; boundary="_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_"; type="multipart/alternative" Archived-At: Subject: [MLS] Blocking Update messages for breaking post-compromise security X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 20:58:03 -0000 --_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: multipart/alternative; boundary="_000_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_" --_000_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGVsbG8sDQoNCkkgdGhpbmsgd2UgYnJpZWZseSBkaXNjdXNzZWQgdGhpcyBwcm9ibGVtIGluIHRo ZSBjb250ZXh0IG9mIOKAnGluYWN0aXZlIHVzZXJz4oCdLCBidXQgSSB3YW50IHRvIGJyaW5nIHRo aXMgdXAgYWdhaW4gZm9yIGRpc2N1c3Npb24uDQoNCkxldOKAmXMgYXNzdW1lIGFuIGF0dGFja2Vy IGNvbXByb21pc2VzIHVzZXIgQSBhbmQgcmVjb3ZlcnMgdXNlciBB4oCZcyBjcnlwdG9ncmFwaGlj IHN0YXRlIGluY2x1ZGluZyB0aGUgbGVhZiBzZWNyZXQuIEFmdGVyIHVzZXIgQSBpcyBjb21wcm9t aXNlZCwgdGhlIGF0dGFja2VyIG5vIGxvbmdlciBjb250cm9scyB1c2VyIEEuIFVzZXIgQSB3aWxs IGV2ZW50dWFsbHkgc2VuZCBhbiBVcGRhdGUgbWVzc2FnZSwgYW5kIHRoZSBhdHRhY2tlciB3aWxs IG5vIGxvbmdlciBoYXZlIGFjY2VzcyB0byB0aGUgcm9vdCBrZXkuIFdlIGdldCBwb3N0LWNvbXBy b21pc2Ugc2VjdXJpdHkgcHJvcGVydHkuDQoNCkhvd2V2ZXIsIGxldOKAmXMgYXNzdW1lIHRoYXQg YWZ0ZXIgY29tcHJvbWlzaW5nIHVzZXIgQSBhbmQgcmVjb3ZlcmluZyB1c2VyIEEgY3J5cHRvIHN0 YXRlLCB0aGUgYXR0YWNrZXIgcGVyZm9ybXMgYSBkZW5pYWwgb2Ygc2VydmljZSBhdHRhY2sgb24g dXNlciBBIFVwZGF0ZSBtZXNzYWdlcyAob3IgYWxsIG1lc3NhZ2VzIGZyb20gdXNlciBBKS4gVGhl IGF0dGFja2VyIHRoZW4gb2JzZXJ2ZXMgdGhlIHRyYWZmaWMuIFRoZSBhdHRhY2tlciB3aWxsIGJl IGFibGUgdG8gZGVjcnlwdCBVcGRhdGUgbWVzc2FnZXMgZnJvbSBvdGhlciBwYXJ0aWNpcGFudHMg YW5kIGRlY3J5cHQgZGF0YS1jYXJyeWluZyBtZXNzYWdlcyBhcyBsb25nIGFzIG90aGVyIHBhcnRp Y2lwYW50cyBpbmNsdWRlIHVzZXIgQSBpbiB0aGVpciByYXRjaGV0IHRyZWVzLg0KDQpBcyBhbiBp bnRlcmVzdGluZyB0aG91Z2h0IGV4cGVyaW1lbnQsIHdlIGNhbiB0cnkgdG8gYXBwbHkgdGhlIHNh bWUgYXR0YWNrIHRvIG9uZS1vbi1vbmUgdXNlIGNhc2Ugd2hlbiBkb3VibGUgcmF0Y2hldGluZyBp cyB1c2VkLiBUbyBwcmV2ZW50IHJhdGNoZXRpbmcsIHRoZSBhdHRhY2tlciBoYXMgdG8gYmxvY2sg bWVzc2FnZXMgZnJvbSBvbmUgb2YgdGhlIHBhcnRpY2lwYW50cy4gUHJhY3RpY2FsbHksIHRoaXMg bWVhbnMgdGhhdCB0aGUgYXR0YWNrZXIgZGVzdHJveXMgdGhlIHBvc3NpYmlsaXR5IG9mIHR3byBw YXJ0aWNpcGFudHMgaGF2aW5nIGEgY29udmVyc2F0aW9uOyBoZW5jZSwgZGF0YSBjb2xsZWN0ZWQg YnkgdGhlIGF0dGFjayB3aWxsIGJlIG9uZSBwYXJ0aWNpcGFudHPigJkgbW9ub2xvZ3VlIGFuZCBt YXkgbm90IGJlIGFzIHZhbHVhYmxlLiBJbiBjb250cmFzdCwgd2hlbiAxIG91dCBvZiAxMDAwIHVz ZXJzIGlzIGlzb2xhdGVkLCA5OTkgcmVtYWluaW5nIHVzZXJzIHdpbGwgY29udGludWUgaGF2aW5n IHByb2R1Y3RpdmUgY29udmVyc2F0aW9uIGNyZWF0aW5nIHZhbHVhYmxlIGRhdGEgdGhhdCB0aGUg YXR0YWNrZXIgbWF5IGludGVyY2VwdCBhbmQgZGVjcnlwdC4NCg0KSWYgdGhlIGFib3ZlIGF0dGFj ayB2ZWN0b3IgbWFrZXMgc2Vuc2UsIHNob3VsZCB3ZSBjb25zaWRlciBleGNsdWRpbmcgdXNlcnMg d2hvIGRpZCBub3Qgc2VuZCBVcGRhdGUgbWVzc2FnZXMgcmVjZW50bHkgZW5vdWdoIGZyb20gdGhl IHJhdGNoZXQgdHJlZT8NCg0KVGhhbmsgeW91Lg0KQWxleC4NCg0KDQoNCg0KDQoNCg0KQWxleGFu ZGVyIFNoZXJraW4NCiAgICAgICAgU29mdHdhcmUgQXJjaGl0ZWN0DQoNCg0KDQpbY2lkOmltYWdl ZWVlMzU4LlBOR0AyMzEyZTUxZi40MWI5MDgwM108aHR0cDovL3d3dy5kYXJrbWF0dGVyLmFlPg0K DQoyIFJvYmVydCBTcGVjayBQYXJrd2F5LCBTdWl0ZSAxNjEwDQpNaXNzaXNzYXVnYSBPTiAgTDRa IDFIOA0KQ2FuYWRhDQpNVCsxIDQxNiA0MTQgNzExNzx0ZWw6KzElMjA0MTYlMjA0MTQlMjA3MTE3 Pg0KRU1BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPG1haWx0bzpBbGV4YW5kZXIuU2hl cmtpbkBkYXJrbWF0dGVyLmFlPg0KDQpkYXJrbWF0dGVyLmFlPGh0dHA6Ly9kYXJrbWF0dGVyLmFl Pg0KDQpbTGlua2VkaW5dPGh0dHBzOi8vd3d3LmxpbmtlZGluLmNvbS9jb21wYW55L2RhcmstbWF0 dGVyLWxsYz4gW1R3aXR0ZXJdIDxodHRwczovL3R3aXR0ZXIuY29tL0d1YXJkZWRieUdlbml1cz4N Cg0KVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgZW1haWwgaXMgaW50ZW5kZWQgb25seSBmb3IgdGhl IHBlcnNvbihzKSBvciBlbnRpdHkgdG8gd2hvbSBpdCBpcyBhZGRyZXNzZWQgYW5kIG1heSBjb250 YWluIGNvbmZpZGVudGlhbCBvciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uLiBJZiB5b3UgcmVjZWl2 ZSB0aGlzIGVtYWlsIGJ5IGVycm9yLCBwbGVhc2Ugbm90aWZ5IHVzIGltbWVkaWF0ZWx5LCBkZWxl dGUgdGhlIG9yaWdpbmFsIG1lc3NhZ2UgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMg dG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9u IGluIGFueSBtZWRpdW0gYW5kIGZvciB3aGF0ZXZlciBwdXJwb3NlLiBBbnkgdW5hdXRob3JpemVk IHVzZSBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLg0KDQo= --_000_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjwhLS0gVGVtcGxhdGUgZ2VuZXJhdGVkIGJ5IEV4Y2xh aW1lciBTaWduYXR1cmUgTWFuYWdlciBFeGNoYW5nZSBFZGl0aW9uIG9uIDEyOjU3OjQ3IFRodXJz ZGF5LCAxOCBBcHJpbCAyMDE5IC0tPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBj b250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPHN0eWxlIHR5cGU9InRleHQvY3Nz Ij5QLkltcHJpbnRVbmlxdWVJRCB7DQoJTUFSR0lOOiAwY20gMGNtIDBwdA0KfQ0KTEkuSW1wcmlu dFVuaXF1ZUlEIHsNCglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpESVYuSW1wcmludFVuaXF1ZUlE IHsNCglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpUQUJMRS5JbXByaW50VW5pcXVlSURUYWJsZSB7 DQoJTUFSR0lOOiAwY20gMGNtIDBwdA0KfQ0KRElWLlNlY3Rpb24xIHsNCglwYWdlOiBTZWN0aW9u MQ0KfQ0KPC9zdHlsZT4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0 IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5p dGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFu b3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNh bGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5p dGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFy Z2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgltc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUzt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNp dGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjojOTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29ub3Jt YWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29u b3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCglt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXpl OjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9DQpzcGFuLkVt YWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQtZmFt aWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERl ZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgltc28tZmFyZWFzdC1sYW5ndWFn ZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJ bWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJ e3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+ DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+ PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4 dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxh eW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLUNBIiBsaW5r PSIjMDU2M0MxIiB2bGluaz0iIzk1NEY3MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVsbG8sPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgdGhp bmsgd2UgYnJpZWZseSBkaXNjdXNzZWQgdGhpcyBwcm9ibGVtIGluIHRoZSBjb250ZXh0IG9mIOKA nGluYWN0aXZlIHVzZXJz4oCdLCBidXQgSSB3YW50IHRvIGJyaW5nIHRoaXMgdXAgYWdhaW4gZm9y IGRpc2N1c3Npb24uPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkxldOKAmXMgYXNzdW1lIGFuIGF0 dGFja2VyIGNvbXByb21pc2VzIHVzZXIgQSBhbmQgcmVjb3ZlcnMgdXNlciBB4oCZcyBjcnlwdG9n cmFwaGljIHN0YXRlIGluY2x1ZGluZyB0aGUgbGVhZiBzZWNyZXQuIEFmdGVyIHVzZXIgQSBpcyBj b21wcm9taXNlZCwgdGhlIGF0dGFja2VyIG5vIGxvbmdlciBjb250cm9scyB1c2VyIEEuIFVzZXIg QSB3aWxsIGV2ZW50dWFsbHkgc2VuZCBhbiBVcGRhdGUgbWVzc2FnZSwgYW5kIHRoZQ0KIGF0dGFj a2VyIHdpbGwgbm8gbG9uZ2VyIGhhdmUgYWNjZXNzIHRvIHRoZSByb290IGtleS4gV2UgZ2V0IHBv c3QtY29tcHJvbWlzZSBzZWN1cml0eSBwcm9wZXJ0eS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ SG93ZXZlciwgbGV04oCZcyBhc3N1bWUgdGhhdCBhZnRlciBjb21wcm9taXNpbmcgdXNlciBBIGFu ZCByZWNvdmVyaW5nIHVzZXIgQSBjcnlwdG8gc3RhdGUsIHRoZSBhdHRhY2tlciBwZXJmb3JtcyBh IGRlbmlhbCBvZiBzZXJ2aWNlIGF0dGFjayBvbiB1c2VyIEEgVXBkYXRlIG1lc3NhZ2VzIChvciBh bGwgbWVzc2FnZXMgZnJvbSB1c2VyIEEpLiBUaGUgYXR0YWNrZXIgdGhlbiBvYnNlcnZlcyB0aGUg dHJhZmZpYy4gVGhlDQogYXR0YWNrZXIgd2lsbCBiZSBhYmxlIHRvIGRlY3J5cHQgVXBkYXRlIG1l c3NhZ2VzIGZyb20gb3RoZXIgcGFydGljaXBhbnRzIGFuZCBkZWNyeXB0IGRhdGEtY2Fycnlpbmcg bWVzc2FnZXMgYXMgbG9uZyBhcyBvdGhlciBwYXJ0aWNpcGFudHMgaW5jbHVkZSB1c2VyIEEgaW4g dGhlaXIgcmF0Y2hldCB0cmVlcy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QXMgYW4gaW50ZXJl c3RpbmcgdGhvdWdodCBleHBlcmltZW50LCB3ZSBjYW4gdHJ5IHRvIGFwcGx5IHRoZSBzYW1lIGF0 dGFjayB0byBvbmUtb24tb25lIHVzZSBjYXNlIHdoZW4gZG91YmxlIHJhdGNoZXRpbmcgaXMgdXNl ZC4gVG8gcHJldmVudCByYXRjaGV0aW5nLCB0aGUgYXR0YWNrZXIgaGFzIHRvIGJsb2NrIG1lc3Nh Z2VzIGZyb20gb25lIG9mIHRoZSBwYXJ0aWNpcGFudHMuIFByYWN0aWNhbGx5LCB0aGlzIG1lYW5z DQogdGhhdCB0aGUgYXR0YWNrZXIgZGVzdHJveXMgdGhlIHBvc3NpYmlsaXR5IG9mIHR3byBwYXJ0 aWNpcGFudHMgaGF2aW5nIGEgY29udmVyc2F0aW9uOyBoZW5jZSwgZGF0YSBjb2xsZWN0ZWQgYnkg dGhlIGF0dGFjayB3aWxsIGJlIG9uZSBwYXJ0aWNpcGFudHPigJkgbW9ub2xvZ3VlIGFuZCBtYXkg bm90IGJlIGFzIHZhbHVhYmxlLiBJbiBjb250cmFzdCwgd2hlbiAxIG91dCBvZiAxMDAwIHVzZXJz IGlzIGlzb2xhdGVkLCA5OTkgcmVtYWluaW5nIHVzZXJzDQogd2lsbCBjb250aW51ZSBoYXZpbmcg cHJvZHVjdGl2ZSBjb252ZXJzYXRpb24gY3JlYXRpbmcgdmFsdWFibGUgZGF0YSB0aGF0IHRoZSBh dHRhY2tlciBtYXkgaW50ZXJjZXB0IGFuZCBkZWNyeXB0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5JZiB0aGUgYWJvdmUgYXR0YWNrIHZlY3RvciBtYWtlcyBzZW5zZSwgc2hvdWxkIHdlIGNvbnNp ZGVyIGV4Y2x1ZGluZyB1c2VycyB3aG8gZGlkIG5vdCBzZW5kIFVwZGF0ZSBtZXNzYWdlcyByZWNl bnRseSBlbm91Z2ggZnJvbSB0aGUgcmF0Y2hldCB0cmVlPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5UaGFuayB5b3UuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BbGV4Ljxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGJyPg0KPGJyPg0KPHRhYmxlIGNsYXNzPSJJbXByaW50VW5pcXVlSURU YWJsZSIgc3R5bGU9IkJPUkRFUi1DT0xMQVBTRTogY29sbGFwc2UiIGNlbGxzcGFjaW5nPSIwIiBj ZWxscGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIGJvcmRlcj0iMCI+DQo8dGJvZHk+DQo8dHI+DQo8 dGQgd2lkdGg9IjM1MCI+PGZvbnQgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXpl OjEwcHQ7Y29sb3I6Izk2RDcwMDtmb250LXdlaWdodDpib2xkOyI+QWxleGFuZGVyIFNoZXJraW48 L2ZvbnQ+PGJyPg0KPHRhYmxlIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9 ImZvbnQtZmFtaWx5OlZlcmRhbmE7IGZvbnQtc2l6ZTo5cHQ7IGNvbG9yOiMwMDAwMDA7IHRleHQt YWxpZ246IGxlZnQ7IHZlcnRpY2FsLWFsaWduOiB0b3A7IiBjbGFzcz0iNmY1YzI1MGMtYjc1Zi00 NjQ3LTk4MTAtNDk2N2ZjNDExOGNjVGFibGUiPg0KPHRib2R5Pg0KPHRyIHN0eWxlPSJ0ZXh0LWFs aWduOiBsZWZ0OyB2ZXJ0aWNhbC1hbGlnbjogdG9wOyAiPg0KPHRkIGFsaWduPSJOb3RTZXQiIHN0 eWxlPSIiPjxmb250IHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo5cHQ7Y29s b3I6IzAwMDAwMDsiPjwvZm9udD48L3RkPg0KPHRkIGFsaWduPSJOb3RTZXQiIHN0eWxlPSIiPjxm b250IHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo5cHQ7Y29sb3I6IzAwMDAw MDsiPlNvZnR3YXJlIEFyY2hpdGVjdDwvZm9udD48L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8L3Rh YmxlPg0KPGJyPg0KPC90ZD4NCjwvdHI+DQo8dHI+DQo8YnI+DQo8dGQgbm93cmFwPSIiPjxhIGhy ZWY9Imh0dHA6Ly93d3cuZGFya21hdHRlci5hZSIgdGFyZ2V0PSIiPjxpbWcgd2lkdGg9IjIxOSIg aGVpZ2h0PSIzNiIgc3R5bGU9ImJvcmRlcjogMHB4IFNvbGlkIDsgIiBzcmM9ImNpZDppbWFnZWVl ZTM1OC5QTkdAMjMxMmU1MWYuNDFiOTA4MDMiPjwvYT48L3RkPg0KPC90cj4NCjwvdGJvZHk+DQo8 L3RhYmxlPg0KPGZvbnQgc3R5bGU9IkZPTlQtU0laRTogOHB0OyBDT0xPUjogI2ExYTFhMSIgc2l6 ZT0iJiM0MzswIj48Zm9udCBjb2xvcj0iI2E1YTVhNSI+PGJyPg0KPGZvbnQgc3R5bGU9ImZvbnQt ZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXplOjhwdDtjb2xvcjpCbGFjazsiPjIgUm9iZXJ0IFNwZWNr IFBhcmt3YXksIFN1aXRlIDE2MTA8YnI+DQpNaXNzaXNzYXVnYSBPTiAmbmJzcDtMNFogMUg4PC9m b250Pjxicj4NCjxmb250IHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7 Y29sb3I6QmxhY2s7Ij5DYW5hZGE8L2ZvbnQ+PGJyPg0KPGZvbnQgY29sb3I9ImJsYWNrIj48Zm9u dCBmYWNlPSJWZXJkYW5hIj48c3Ryb25nPjxmb250IGNvbG9yPSIjOTZkNzAwIiBzaXplPSIxIj5N PGZvbnQgY29sb3I9IiNmZmZmZmYiPlQ8L2ZvbnQ+PC9mb250Pjwvc3Ryb25nPjwvZm9udD48L2Zv bnQ+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXplOjhwdDtjb2xvcjpC bGFjazsiPjxhIGhyZWY9InRlbDomIzQzOzEgNDE2IDQxNCA3MTE3IiB0aXRsZT0iIiB0YXJnZXQ9 IiIgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXplOjhwdDtjb2xvcjpCbGFjazsi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hOyBmb250LXNpemU6OHB0OyBjb2xvcjpC bGFjazsiPiYjNDM7MQ0KIDQxNiA0MTQgNzExNzwvc3Bhbj48L2E+PC9zcGFuPjxicj4NCjxmb250 IGZhY2U9IlZlcmRhbmEiPjxmb250IGNvbG9yPSIjOTZkNzAwIiBzaXplPSIxIj48c3Ryb25nPkU8 Zm9udCBjb2xvcj0iI2ZmZmZmZiI+TTwvZm9udD48L3N0cm9uZz48L2ZvbnQ+PC9mb250PjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7Y29sb3I6QmxhY2s7Ij48 YSBocmVmPSJtYWlsdG86QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZSIgdGl0bGU9IkNs aWNrIHRvIHNlbmQgZW1haWwgdG8gQWxleGFuZGVyIFNoZXJraW4iIHRhcmdldD0iIiBzdHlsZT0i Zm9udC1mYW1pbHk6VmVyZGFuYTtmb250LXNpemU6OHB0O2NvbG9yOkJsYWNrOyI+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7IGZvbnQtc2l6ZTo4cHQ7IGNvbG9yOkJsYWNrOyI+QWxl eGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZTwvc3Bhbj48L2E+PC9zcGFuPjxicj4NCjxicj4N CjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7Y29sb3I6Izk2 RDcwMDtmb250LXdlaWdodDpib2xkOyI+PGEgaHJlZj0iaHR0cDovL2RhcmttYXR0ZXIuYWUiIHRp dGxlPSIiIHRhcmdldD0iIiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtmb250LXNpemU6OHB0 O2NvbG9yOiM5NkQ3MDA7Zm9udC13ZWlnaHQ6Ym9sZDsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTpWZXJkYW5hOyBmb250LXNpemU6OHB0OyBjb2xvcjojOTZENzAwOyBmb250LXdlaWdodDpib2xk OyI+ZGFya21hdHRlci5hZTwvc3Bhbj48L2E+PC9zcGFuPjxicj4NCjxicj4NCjxhIGhyZWY9Imh0 dHBzOi8vd3d3LmxpbmtlZGluLmNvbS9jb21wYW55L2RhcmstbWF0dGVyLWxsYyIgdGFyZ2V0PSIi PjxpbWcgd2lkdGg9IjMyIiBoZWlnaHQ9IjMyIiBzdHlsZT0iYm9yZGVyOiAwcHggU29saWQgOyAi IHNyYz0iY2lkOmltYWdlMDNlZjg3LlBOR0BhYTcwYWIwYi40ZmE2ZWY1MyIgYWx0PSJMaW5rZWRp biI+PC9hPiZuYnNwOzxhIGhyZWY9Imh0dHBzOi8vdHdpdHRlci5jb20vR3VhcmRlZGJ5R2VuaXVz IiB0YXJnZXQ9IiI+PGltZyB3aWR0aD0iMzIiIGhlaWdodD0iMzIiIHN0eWxlPSJib3JkZXI6IDBw eCBTb2xpZCA7ICIgc3JjPSJjaWQ6aW1hZ2VmNmFlYzIuUE5HQDU1MTdkZDM4LjRkOWI0ZTc5IiBh bHQ9IlR3aXR0ZXIiPjwvYT4NCjxwIGlkPSJ1bmRlZmluZWQiPjwvcD4NCjxicj4NCjxmb250IHNp emU9IjEiIGZhY2U9IlZlcmRhbmEiPlRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIGVtYWlsIGlzIGlu dGVuZGVkIG9ubHkgZm9yIHRoZSBwZXJzb24ocykgb3IgZW50aXR5IHRvIHdob20gaXQgaXMgYWRk cmVzc2VkIGFuZCBtYXkgY29udGFpbiBjb25maWRlbnRpYWwgb3IgcHJpdmlsZWdlZCBpbmZvcm1h dGlvbi4gSWYgeW91IHJlY2VpdmUgdGhpcyBlbWFpbCBieSBlcnJvciwgcGxlYXNlIG5vdGlmeSB1 cyBpbW1lZGlhdGVseSwgZGVsZXRlDQogdGhlIG9yaWdpbmFsIG1lc3NhZ2UgYW5kIGRvIG5vdCBk aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIG9yIHN0b3JlIG9y IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0gYW5kIGZvciB3aGF0ZXZlciBwdXJw b3NlLiBBbnkgdW5hdXRob3JpemVkIHVzZSBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLjxicj4NCjwv Zm9udD48L2ZvbnQ+PC9mb250Pjxicj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_-- --_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: image/png; name="imageeee358.PNG" Content-Description: imageeee358.PNG Content-Disposition: inline; filename="imageeee358.PNG"; size=5249; creation-date="Wed, 17 Apr 2019 20:57:47 GMT"; modification-date="Wed, 17 Apr 2019 20:57:47 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: image/png; name="image03ef87.PNG" Content-Description: image03ef87.PNG Content-Disposition: inline; filename="image03ef87.PNG"; size=663; creation-date="Wed, 17 Apr 2019 20:57:47 GMT"; modification-date="Wed, 17 Apr 2019 20:57:47 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_ Content-Type: image/png; name="imagef6aec2.PNG" Content-Description: imagef6aec2.PNG Content-Disposition: inline; filename="imagef6aec2.PNG"; size=803; creation-date="Wed, 17 Apr 2019 20:57:47 GMT"; modification-date="Wed, 17 Apr 2019 20:57:47 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --_006_526edb2c61bb48c4aa34f20ad91db0f2darkmatterae_-- From nobody Wed Apr 17 14:12:03 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84BB120075 for ; Wed, 17 Apr 2019 14:12:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.499 X-Spam-Level: X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WIXYpO52cWWO for ; Wed, 17 Apr 2019 14:12:00 -0700 (PDT) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F9C012002F for ; Wed, 17 Apr 2019 14:11:59 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id r4so150514wrq.8 for ; Wed, 17 Apr 2019 14:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IrDUpH9nlzzSJ/xpEDrgFSn/gB03Eufymf7Y/6mP5QQ=; b=VjuJP2sBTxdUlDDjog4jHYniVS+p27SbiJRmcVQW6Xx2GglAUbM8PAsxWb+kzOodWt 2DlvQtUOnT25rsPQ7dTS+wxIZAs/+1ODzJqSUoNwfZ/I5t1+A3ry+zvji0rwtWJcEKzw sDM72zzWWZQTesU7lOfCbb/L4ic308TQSgfTTbkk138f185Vgx899nw/+blMre9DTCAG SF9fTB7Se/FVJ1k8vfsWJX5QsO94CBgpmfo94qOVlesp+tRt/z3BotXLbCBgms00SAyR RjAzUofo0cu9vz9fFiL0gDH1PQLXVMZ919YtcMdqNPZFeBuM56EFI2ck29KXd+MxEzQG mABw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IrDUpH9nlzzSJ/xpEDrgFSn/gB03Eufymf7Y/6mP5QQ=; b=etBWwV0Dndv9MHi4Jw3HrP/Tw3a3eVUFA7BxvN0BaAH6k5gTf8bbHne4P2dy+cx3m8 Z2fXjZ139EqfLmGxYexwbFPyTC6Dbol6rX0s8z5Nm1vvF2Xi/ALCaBMF2waSWMqDZTSn 2CEl/gVVGbgSovBNOhItQcwQ65TVMp+KopAaudmVpdeKTeoLblSQn3/TvupBt7sc/kwQ rVVhMN/L/o3AQZNmvNREwR7rXB30LEweeWXtthgK7NLI8z05AWHLxAvgb2wM9oWa1bHJ ck6TxBTx4rpsV6taRYKXdORCPs9KaO+UmCELF7eeVGY/JhtmaEVptb2R0NqIQDmFP8gG VIog== X-Gm-Message-State: APjAAAVx0vMmzMvOqsCB+KpZIMmBi1QdcCRtB/N+Qjju2QwwZN9MrvXf 7dFE645K7X6Q/GgTUB0UOl7Q3b6n2L0VPXtu6Q2xzcc= X-Google-Smtp-Source: APXvYqwkTfvZ/YjmspK84l1m6tiHvROAtOtUKRL7Zei/YVifsJatIjT2KDdY40oKlZ34zrYDhVt75NcO77jDsaIobZA= X-Received: by 2002:adf:ff88:: with SMTP id j8mr58349395wrr.1.1555535517368; Wed, 17 Apr 2019 14:11:57 -0700 (PDT) MIME-Version: 1.0 References: <526edb2c61bb48c4aa34f20ad91db0f2@darkmatter.ae> In-Reply-To: <526edb2c61bb48c4aa34f20ad91db0f2@darkmatter.ae> From: Emad Omara Date: Wed, 17 Apr 2019 14:11:46 -0700 Message-ID: To: Alexander Sherkin Cc: "mls@ietf.org" Content-Type: multipart/related; boundary="000000000000f3d5620586c055cd" Archived-At: Subject: Re: [MLS] Blocking Update messages for breaking post-compromise security X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 21:12:02 -0000 --000000000000f3d5620586c055cd Content-Type: multipart/alternative; boundary="000000000000f3d5610586c055cc" --000000000000f3d5610586c055cc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Alex, I think the attack makes sense, however it assumes the attacker has some sort of control for the network of all A's devices in order to perform the DoS. One mitigation we discussed before that could help in this attack is to force the max update window, so if a client has issued any update in the last N days, the app can decide to kick it out of the group, ot at least issue a warning to other users. Emad On Wed, Apr 17, 2019 at 1:58 PM Alexander Sherkin < Alexander.Sherkin@darkmatter.ae> wrote: > Hello, > > > > I think we briefly discussed this problem in the context of =E2=80=9Cinac= tive > users=E2=80=9D, but I want to bring this up again for discussion. > > > > Let=E2=80=99s assume an attacker compromises user A and recovers user A= =E2=80=99s > cryptographic state including the leaf secret. After user A is compromise= d, > the attacker no longer controls user A. User A will eventually send an > Update message, and the attacker will no longer have access to the root > key. We get post-compromise security property. > > > > However, let=E2=80=99s assume that after compromising user A and recoveri= ng user A > crypto state, the attacker performs a denial of service attack on user A > Update messages (or all messages from user A). The attacker then observes > the traffic. The attacker will be able to decrypt Update messages from > other participants and decrypt data-carrying messages as long as other > participants include user A in their ratchet trees. > > > > As an interesting thought experiment, we can try to apply the same attack > to one-on-one use case when double ratcheting is used. To prevent > ratcheting, the attacker has to block messages from one of the > participants. Practically, this means that the attacker destroys the > possibility of two participants having a conversation; hence, data > collected by the attack will be one participants=E2=80=99 monologue and m= ay not be > as valuable. In contrast, when 1 out of 1000 users is isolated, 999 > remaining users will continue having productive conversation creating > valuable data that the attacker may intercept and decrypt. > > > > If the above attack vector makes sense, should we consider excluding user= s > who did not send Update messages recently enough from the ratchet tree? > > > > Thank you. > > Alex. > > > > > > > > > > > > > Alexander Sherkin > Software Architect > > > 2 Robert Speck Parkway, Suite 1610 > Mississauga ON L4Z 1H8 > Canada > *MT*+1 416 414 7117 <+1%20416%20414%207117> > *EM*Alexander.Sherkin@darkmatter.ae > > darkmatter.ae > > [image: Linkedin] [ima= ge: > Twitter] > > > The information in this email is intended only for the person(s) or entit= y > to whom it is addressed and may contain confidential or privileged > information. If you receive this email by error, please notify us > immediately, delete the original message and do not disclose the contents > to any other person, use or store or copy the information in any medium a= nd > for whatever purpose. Any unauthorized use is strictly prohibited. > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000f3d5610586c055cc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Alex,

I think the attack makes sense= , however it assumes the attacker has some sort of control for the network = of all A's devices in order to perform the DoS. One mitigation we discu= ssed before that could help in this attack is to force the max update windo= w, so if a client has issued any update in the last N days, the app can dec= ide to kick it out of the group, ot at least issue a warning=C2=A0to other = users.=C2=A0

Emad

On Wed, Apr 17, 2019 at 1:5= 8 PM Alexander Sherkin <Alexander.Sherkin@darkmatter.ae> wrote:

Hello,

=C2=A0

I think we briefly discussed this problem in the con= text of =E2=80=9Cinactive users=E2=80=9D, but I want to bring this up again= for discussion.

=C2=A0

Let=E2=80=99s assume an attacker compromises user A = and recovers user A=E2=80=99s cryptographic state including the leaf secret= . After user A is compromised, the attacker no longer controls user A. User= A will eventually send an Update message, and the attacker will no longer have access to the root key. We get post-compromis= e security property.

=C2=A0

However, let=E2=80=99s assume that after compromisin= g user A and recovering user A crypto state, the attacker performs a denial= of service attack on user A Update messages (or all messages from user A).= The attacker then observes the traffic. The attacker will be able to decrypt Update messages from other participants a= nd decrypt data-carrying messages as long as other participants include use= r A in their ratchet trees.

=C2=A0

As an interesting thought experiment, we can try to = apply the same attack to one-on-one use case when double ratcheting is used= . To prevent ratcheting, the attacker has to block messages from one of the= participants. Practically, this means that the attacker destroys the possibility of two participants having a co= nversation; hence, data collected by the attack will be one participants=E2= =80=99 monologue and may not be as valuable. In contrast, when 1 out of 100= 0 users is isolated, 999 remaining users will continue having productive conversation creating valuable data that t= he attacker may intercept and decrypt.

=C2=A0

If the above attack vector makes sense, should we co= nsider excluding users who did not send Update messages recently enough fro= m the ratchet tree?

=C2=A0

Thank you.

Alex.

=C2=A0

=C2=A0

=C2=A0

=C2=A0

=C2=A0



Alexander Sherkin
Software Architect



2 Robert Spec= k Parkway, Suite 1610
Mississauga ON =C2=A0L4Z 1H8
Canada=
MT+1 416 414 7117
EMAlexander.Sherkin@darkmatter= .ae

darkmatter.ae

3D"Linkedin"=C2=A03D"Twitter"=


The information in this email is intended= only for the person(s) or entity to whom it is addressed and may contain c= onfidential or privileged information. If you receive this email by error, = please notify us immediately, delete the original message and do not disclose the contents to any other person,= use or store or copy the information in any medium and for whatever purpos= e. Any unauthorized use is strictly prohibited.

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000f3d5610586c055cc-- --000000000000f3d5620586c055cd Content-Type: image/png; name="imageeee358.PNG" Content-Disposition: inline; filename="imageeee358.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a2d200ded10fe671> X-Attachment-Id: 16a2d200ded10fe671 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --000000000000f3d5620586c055cd Content-Type: image/png; name="image03ef87.PNG" Content-Disposition: inline; filename="image03ef87.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a2d200ded66d25192> X-Attachment-Id: 16a2d200ded66d25192 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --000000000000f3d5620586c055cd Content-Type: image/png; name="imagef6aec2.PNG" Content-Disposition: inline; filename="imagef6aec2.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a2d200dedbf674d193> X-Attachment-Id: 16a2d200dedbf674d193 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --000000000000f3d5620586c055cd-- From nobody Thu Apr 18 11:55:14 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D829B120187 for ; Thu, 18 Apr 2019 11:55:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MZdDaKg-Se9 for ; Thu, 18 Apr 2019 11:55:03 -0700 (PDT) Received: from smtpext3.darkmatter.ae (smtpext3.darkmatter.ae [185.180.84.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7C11203F1 for ; Thu, 18 Apr 2019 11:55:01 -0700 (PDT) IronPort-SDR: eA/Iytu4H/K0qf71GbPODU59fSC7Q4eH8WYMiI8N11di8NFeQLEMoaBkic6VZoaLY5ZrvSNnNR Wmb5cG/0PFZXrPwaaINtHUGPgON+TJI6uXGFJADiPUspvFvQZwxuxXOnVo6siSX+ZMU0qibWND HCqIKJIi5hfBUYSBe48QUOXqb7uOeYK0rYPAN4+QbPL9jR1P0xoecfj93/PC8VFpHW2YvV3+z1 II7tY6l9/aC0wtEh1pXkceWak00uKJECGSObVRd+uPSQkjnTxCA6lObYIb8ZV1ui8SGt2gsFOk 3bA= IronPort-PHdr: =?us-ascii?q?9a23=3ACgJk+RHqQQwIZvwT+w5Xbp1GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ76p8m/bnLW6fgltlLVR4KTs6sC17OP9fu9EjJfqdbZ6TZeKcQKD0?= =?us-ascii?q?dEwewt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBw?= =?us-ascii?q?mtfVEtfre9FYHdldm42P6v8JPPfQpImCC9YbRvJxmqsAndrMYbjZZ/JqorxB?= =?us-ascii?q?bEonREduVUyGh1IV6fgwvw6t2/8ZJ+7yhcoe4t+9JFXa7nY6k2ULtUASg8PW?= =?us-ascii?q?so/sPrrx7DTQWO5nsYTGoblwdDDhbG4h/nQJr/qzP2ueVh1iaUO832Vq00Vi?= =?us-ascii?q?+576h3Uh/oiTwIOCA//WrKl8F/lqNboBampxxi347ZZZyeOfRicq/Be94RWH?= =?us-ascii?q?FMVdhNWSNfHoy8bpMPD+sfMuZes4n9vEYFoR+nCQWxGO/j1jpEi3nr1qM4zu?= =?us-ascii?q?shCxnL0gw+EdwTrHTaotb7NKYdXu+p16TI1ynPb/FM1Dvh9ITFcBYsquyMU7?= =?us-ascii?q?JqdsrRzFEiGh/BjlqOpo3qJTWV2fkTvGiB8uFuSOKvhHA9qwFyozivwNonh4?= =?us-ascii?q?7Vi4IR1F/F+j92wIAoKtKmUk53e8OqEJtOuCGANIt2Q8UiTnp1tykg0L0Gup?= =?us-ascii?q?u7czIWyJQ72RHfceaLfJKW7R/6UuuaPDl2hHVgeL2lhhay91Ctyun9Vsmy01?= =?us-ascii?q?ZFsDdKktjKtnwXyxPT7c2HRuNh/kav2DaPyxzT5f9eIUwuiaXbLJshzqYxlp?= =?us-ascii?q?UNrUTDEDX6mELsjK+Zbkkr5/Kn6/7kYrXjvJCcK5N0hR/kMqg0gMOwH+I1OR?= =?us-ascii?q?UNUWiD4emwyaHv8VfnTLlUgfA6iLTVvIreKMgHvqK1HhNZ3pw95xqhADqqyt?= =?us-ascii?q?YVkHYdIF9BZB6KiZXiNUvUL/DiF/i/hkyhkDJsx//bILLsGo7NLn3fkLf5er?= =?us-ascii?q?Z99lJcxBIzzd9B45JUDakMIPHtVU7xr9zUFwE2MgOow+r5Etlyy5kRWXiMAq?= =?us-ascii?q?+cKqzSrUOI6fw1I+WWfoAapi7xK/kj5/HwkX80gUIRcbWz0ZcJdny1Ee5qL1?= =?us-ascii?q?iDbXfontsNCWIKsRA/TOzuhl2CSzlTZ3OqUq8g4jE0Fo2nAp3FRo+wnrOBxj?= =?us-ascii?q?23EIBWZm9YEFCMEnbod4OfVvgRci2SOMxhkjkeWri9V48uywuuuBXgxLV5Nu?= =?us-ascii?q?bU4DEXtYr/1Nhp4O3ejQ899TluAMuA1GGNSnt7nnkSSDIt06B/pkt9yliH0a?= =?us-ascii?q?dmmfBXCdtT5/ZRWAcgKZHc1/B6C8z1Wg/Ze9eJTE2mT86nAT4vUtIxzcUCY0?= =?us-ascii?q?FnG9Wt3Vj/2H+HBrYZ35uODYY9uvbR2nH9IMN00X/u264mgF0rBMBIMDv1qL?= =?us-ascii?q?R48l36A4PZmkOVmrziTqQRxi3M8i/X5G6DrEheXANqF57FUGocZ03+od3j5U?= =?us-ascii?q?bLU6OjE/IuP10Smoa5NqJWZ4ix3h19T/D5NYGbOjrplg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2nPAABcx7hc/1oB4ApiAxoBAQEBAQIBAQEBBwIBAQEBg?= =?us-ascii?q?WWBDwFXgRKBLAqEBJU1ghlxSoddjS2BKxcdAwULARwBCgyBSYJ1AheGJjgTA?= =?us-ascii?q?QMBAQEEAQEBAQIBAQEBgQUMgjopARAEMRwvCwQBAQEBAQEBAQEkAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBFAIzCAkDKQEBAQEDAQEDAR0CCAElEwgCCRIBCA0EB?= =?us-ascii?q?AEBBgEBARgHAwIEBRAPAR8JCQEEDgQBCAaDFYIXqQSBL4VHhFcQgTKEYV2DQ?= =?us-ascii?q?nYQgxs/hCM+gmEBAQKBLAESAQ0ZBwkKFQIGCYJDglcEilAHASUkggmEPYdqh?= =?us-ascii?q?E+CMoV2BwKCCFSEPAEqUYQnhUWCJCOCC16FQ4xbimaCMIRLSpAHVzBaDwgzG?= =?us-ascii?q?nOCbAmBDYEEF4EBAQJFggOFFIU/co4vgSKBIQEB?= X-IronPort-AV: E=Sophos;i="5.60,367,1549915200"; d="png'150?scan'150,208,217,150";a="3118136" Received: from ForcepointDLP ([10.224.1.90]) by keys-ext2.darkmatter.ae (PGP Universal service); Thu, 18 Apr 2019 22:54:54 +0400 X-PGP-Universal: processed; by keys-ext2.darkmatter.ae on Thu, 18 Apr 2019 22:54:54 +0400 Received: from PassiveEmail (PassiveEmail [127.0.0.1]) by PassiveEmail.localdomain (Service) with ESMTP id 248E61800099; Thu, 18 Apr 2019 22:54:15 +0400 (+04) Received: from email.darkmatter.ae (unknown [10.224.74.12]) by PassiveEmail.localdomain (Service) with ESMTPS id ED59C1800098; Thu, 18 Apr 2019 22:54:14 +0400 (+04) From: Alexander Sherkin To: Emad Omara CC: "mls@ietf.org" Thread-Topic: [MLS] Blocking Update messages for breaking post-compromise security Thread-Index: AdT2Fq8EwGQ6z+aDQLeq2OeQXxI1ZA== Date: Thu, 18 Apr 2019 18:54:53 +0000 Message-ID: Accept-Language: en-CA, en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.224.74.90] x-exclaimer-md-config: 77ff947c-8af8-48f1-8d81-f67dcf75dbee MIME-Version: 1.0 Content-Language: en-US Content-Type: multipart/related; boundary="_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_"; type="multipart/alternative" Archived-At: Subject: Re: [MLS] Blocking Update messages for breaking post-compromise security X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2019 18:55:13 -0000 --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: multipart/alternative; boundary="_000_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_" --_000_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRW1hZCwNCg0KQ291bGQgdGhlcmUgYmUgYSBzZXR1cCB3aGVyZSBlYWNoIEHigJlzIHBvaW50 IG9mIHByZXNlbmNlIChkZXZpY2UpIHBhcnRpY2lwYXRlcyBhcyBhIHNlcGFyYXRlIGxlYWYgaW4g dGhlIHJhdGNoZXQgdHJlZT8gVGhlIGFkdmFudGFnZSBvZiBzdWNoIGFwcHJvYWNoIG1heSBiZSB0 byBhdm9pZCB0aGUga2V5IHN5bmNocm9uaXphdGlvbiBwcm9ibGVtIGJldHdlZW4gcG9pbnRzIG9m IHByZXNlbmNlLg0KDQpEbyB5b3Ugc2VlIHRoZSBtZWNoYW5pc20gb2YgcmVtb3ZpbmcgdXNlcnMg d2hvIGRpZCBub3Qgc2VuZCBVcGRhdGVzIHJlY2VudGx5IHNob3VsZCBiZSBwYXJ0IG9mIHRoZSBw cm90b2NvbCBvciBzaG91bGQgaXQgYmUgZHJpdmVuIGJ5IHRoZSBhcHA/DQoNClRoYW5rIHlvdS4N CkFsZXguDQoNCg0KDQoNCg0KQWxleGFuZGVyIFNoZXJraW4NCiAgICAgICAgU29mdHdhcmUgQXJj aGl0ZWN0DQoNCg0KDQpbY2lkOmltYWdlNTMwMTdmLlBOR0A2YjE5MWFiYS40MmFlMzgzZV08aHR0 cDovL3d3dy5kYXJrbWF0dGVyLmFlPg0KDQoyIFJvYmVydCBTcGVjayBQYXJrd2F5LCBTdWl0ZSAx NjEwDQpNaXNzaXNzYXVnYSBPTiAgTDRaIDFIOA0KQ2FuYWRhDQpNVCsxIDQxNiA0MTQgNzExNzx0 ZWw6KzElMjA0MTYlMjA0MTQlMjA3MTE3Pg0KRU1BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVy LmFlPG1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPg0KDQpkYXJrbWF0dGVy LmFlPGh0dHA6Ly9kYXJrbWF0dGVyLmFlPg0KDQpbTGlua2VkaW5dPGh0dHBzOi8vd3d3Lmxpbmtl ZGluLmNvbS9jb21wYW55L2RhcmstbWF0dGVyLWxsYz4gW1R3aXR0ZXJdIDxodHRwczovL3R3aXR0 ZXIuY29tL0d1YXJkZWRieUdlbml1cz4NCg0KVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgZW1haWwg aXMgaW50ZW5kZWQgb25seSBmb3IgdGhlIHBlcnNvbihzKSBvciBlbnRpdHkgdG8gd2hvbSBpdCBp cyBhZGRyZXNzZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBvciBwcml2aWxlZ2VkIGlu Zm9ybWF0aW9uLiBJZiB5b3UgcmVjZWl2ZSB0aGlzIGVtYWlsIGJ5IGVycm9yLCBwbGVhc2Ugbm90 aWZ5IHVzIGltbWVkaWF0ZWx5LCBkZWxldGUgdGhlIG9yaWdpbmFsIG1lc3NhZ2UgYW5kIGRvIG5v dCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIG9yIHN0b3Jl IG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0gYW5kIGZvciB3aGF0ZXZlciBw dXJwb3NlLiBBbnkgdW5hdXRob3JpemVkIHVzZSBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLg0KDQpG cm9tOiBFbWFkIE9tYXJhIFttYWlsdG86ZW1hZG9tYXJhQGdvb2dsZS5jb21dDQpTZW50OiBBcHJp bCAxNywgMjAxOSA1OjEyIFBNDQpUbzogQWxleGFuZGVyIFNoZXJraW4gPEFsZXhhbmRlci5TaGVy a2luQGRhcmttYXR0ZXIuYWU+DQpDYzogbWxzQGlldGYub3JnDQpTdWJqZWN0OiBNYWx3YXJlW1NV U1BJQ0lPVVMgTUVTU0FHRV0gSXQgbWF5IHRyaWNrIHZpY3RpbXMgaW50byBjbGlja2luZyBhIGxp bmsgYW5kIGRvd25sb2FkaW5nIG1hbHdhcmUuIERvIG5vdCBvcGVuIHN1c3BpY2lvdXMgbGlua3Mu UmU6IFtNTFNdIEJsb2NraW5nIFVwZGF0ZSBtZXNzYWdlcyBmb3IgYnJlYWtpbmcgcG9zdC1jb21w cm9taXNlIHNlY3VyaXR5DQoNCkhpIEFsZXgsDQoNCkkgdGhpbmsgdGhlIGF0dGFjayBtYWtlcyBz ZW5zZSwgaG93ZXZlciBpdCBhc3N1bWVzIHRoZSBhdHRhY2tlciBoYXMgc29tZSBzb3J0IG9mIGNv bnRyb2wgZm9yIHRoZSBuZXR3b3JrIG9mIGFsbCBBJ3MgZGV2aWNlcyBpbiBvcmRlciB0byBwZXJm b3JtIHRoZSBEb1MuIE9uZSBtaXRpZ2F0aW9uIHdlIGRpc2N1c3NlZCBiZWZvcmUgdGhhdCBjb3Vs ZCBoZWxwIGluIHRoaXMgYXR0YWNrIGlzIHRvIGZvcmNlIHRoZSBtYXggdXBkYXRlIHdpbmRvdywg c28gaWYgYSBjbGllbnQgaGFzIGlzc3VlZCBhbnkgdXBkYXRlIGluIHRoZSBsYXN0IE4gZGF5cywg dGhlIGFwcCBjYW4gZGVjaWRlIHRvIGtpY2sgaXQgb3V0IG9mIHRoZSBncm91cCwgb3QgYXQgbGVh c3QgaXNzdWUgYSB3YXJuaW5nIHRvIG90aGVyIHVzZXJzLg0KDQpFbWFkDQoNCk9uIFdlZCwgQXBy IDE3LCAyMDE5IGF0IDE6NTggUE0gQWxleGFuZGVyIFNoZXJraW4gPEFsZXhhbmRlci5TaGVya2lu QGRhcmttYXR0ZXIuYWU8bWFpbHRvOkFsZXhhbmRlci5TaGVya2luQGRhcmttYXR0ZXIuYWU+PiB3 cm90ZToNCkhlbGxvLA0KDQpJIHRoaW5rIHdlIGJyaWVmbHkgZGlzY3Vzc2VkIHRoaXMgcHJvYmxl bSBpbiB0aGUgY29udGV4dCBvZiDigJxpbmFjdGl2ZSB1c2Vyc+KAnSwgYnV0IEkgd2FudCB0byBi cmluZyB0aGlzIHVwIGFnYWluIGZvciBkaXNjdXNzaW9uLg0KDQpMZXTigJlzIGFzc3VtZSBhbiBh dHRhY2tlciBjb21wcm9taXNlcyB1c2VyIEEgYW5kIHJlY292ZXJzIHVzZXIgQeKAmXMgY3J5cHRv Z3JhcGhpYyBzdGF0ZSBpbmNsdWRpbmcgdGhlIGxlYWYgc2VjcmV0LiBBZnRlciB1c2VyIEEgaXMg Y29tcHJvbWlzZWQsIHRoZSBhdHRhY2tlciBubyBsb25nZXIgY29udHJvbHMgdXNlciBBLiBVc2Vy IEEgd2lsbCBldmVudHVhbGx5IHNlbmQgYW4gVXBkYXRlIG1lc3NhZ2UsIGFuZCB0aGUgYXR0YWNr ZXIgd2lsbCBubyBsb25nZXIgaGF2ZSBhY2Nlc3MgdG8gdGhlIHJvb3Qga2V5LiBXZSBnZXQgcG9z dC1jb21wcm9taXNlIHNlY3VyaXR5IHByb3BlcnR5Lg0KDQpIb3dldmVyLCBsZXTigJlzIGFzc3Vt ZSB0aGF0IGFmdGVyIGNvbXByb21pc2luZyB1c2VyIEEgYW5kIHJlY292ZXJpbmcgdXNlciBBIGNy eXB0byBzdGF0ZSwgdGhlIGF0dGFja2VyIHBlcmZvcm1zIGEgZGVuaWFsIG9mIHNlcnZpY2UgYXR0 YWNrIG9uIHVzZXIgQSBVcGRhdGUgbWVzc2FnZXMgKG9yIGFsbCBtZXNzYWdlcyBmcm9tIHVzZXIg QSkuIFRoZSBhdHRhY2tlciB0aGVuIG9ic2VydmVzIHRoZSB0cmFmZmljLiBUaGUgYXR0YWNrZXIg d2lsbCBiZSBhYmxlIHRvIGRlY3J5cHQgVXBkYXRlIG1lc3NhZ2VzIGZyb20gb3RoZXIgcGFydGlj aXBhbnRzIGFuZCBkZWNyeXB0IGRhdGEtY2FycnlpbmcgbWVzc2FnZXMgYXMgbG9uZyBhcyBvdGhl ciBwYXJ0aWNpcGFudHMgaW5jbHVkZSB1c2VyIEEgaW4gdGhlaXIgcmF0Y2hldCB0cmVlcy4NCg0K QXMgYW4gaW50ZXJlc3RpbmcgdGhvdWdodCBleHBlcmltZW50LCB3ZSBjYW4gdHJ5IHRvIGFwcGx5 IHRoZSBzYW1lIGF0dGFjayB0byBvbmUtb24tb25lIHVzZSBjYXNlIHdoZW4gZG91YmxlIHJhdGNo ZXRpbmcgaXMgdXNlZC4gVG8gcHJldmVudCByYXRjaGV0aW5nLCB0aGUgYXR0YWNrZXIgaGFzIHRv IGJsb2NrIG1lc3NhZ2VzIGZyb20gb25lIG9mIHRoZSBwYXJ0aWNpcGFudHMuIFByYWN0aWNhbGx5 LCB0aGlzIG1lYW5zIHRoYXQgdGhlIGF0dGFja2VyIGRlc3Ryb3lzIHRoZSBwb3NzaWJpbGl0eSBv ZiB0d28gcGFydGljaXBhbnRzIGhhdmluZyBhIGNvbnZlcnNhdGlvbjsgaGVuY2UsIGRhdGEgY29s bGVjdGVkIGJ5IHRoZSBhdHRhY2sgd2lsbCBiZSBvbmUgcGFydGljaXBhbnRz4oCZIG1vbm9sb2d1 ZSBhbmQgbWF5IG5vdCBiZSBhcyB2YWx1YWJsZS4gSW4gY29udHJhc3QsIHdoZW4gMSBvdXQgb2Yg MTAwMCB1c2VycyBpcyBpc29sYXRlZCwgOTk5IHJlbWFpbmluZyB1c2VycyB3aWxsIGNvbnRpbnVl IGhhdmluZyBwcm9kdWN0aXZlIGNvbnZlcnNhdGlvbiBjcmVhdGluZyB2YWx1YWJsZSBkYXRhIHRo YXQgdGhlIGF0dGFja2VyIG1heSBpbnRlcmNlcHQgYW5kIGRlY3J5cHQuDQoNCklmIHRoZSBhYm92 ZSBhdHRhY2sgdmVjdG9yIG1ha2VzIHNlbnNlLCBzaG91bGQgd2UgY29uc2lkZXIgZXhjbHVkaW5n IHVzZXJzIHdobyBkaWQgbm90IHNlbmQgVXBkYXRlIG1lc3NhZ2VzIHJlY2VudGx5IGVub3VnaCBm cm9tIHRoZSByYXRjaGV0IHRyZWU/DQoNClRoYW5rIHlvdS4NCkFsZXguDQoNCg0KDQoNCg0KDQpB bGV4YW5kZXIgU2hlcmtpbg0KDQpTb2Z0d2FyZSBBcmNoaXRlY3QNCg0KDQoNCltjaWQ6aW1hZ2Uw MDEucG5nQDAxRDRGNUM3LjJEOEIwNkQwXTxodHRwOi8vd3d3LmRhcmttYXR0ZXIuYWUvPg0KDQoN CjIgUm9iZXJ0IFNwZWNrIFBhcmt3YXksIFN1aXRlIDE2MTANCk1pc3Npc3NhdWdhIE9OICBMNFog MUg4DQpDYW5hZGENCk1UKzEgNDE2IDQxNCA3MTE3PHRlbDorMSUyMDQxNiUyMDQxNCUyMDcxMTc+ DQpFTUFsZXhhbmRlci5TaGVya2luQGRhcmttYXR0ZXIuYWU8bWFpbHRvOkFsZXhhbmRlci5TaGVy a2luQGRhcmttYXR0ZXIuYWU+DQoNCmRhcmttYXR0ZXIuYWU8aHR0cDovL2RhcmttYXR0ZXIuYWU+ DQoNCltMaW5rZWRpbl08aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvZGFyay1tYXR0 ZXItbGxjPiBbVHdpdHRlcl0gPGh0dHBzOi8vdHdpdHRlci5jb20vR3VhcmRlZGJ5R2VuaXVzPg0K DQpUaGUgaW5mb3JtYXRpb24gaW4gdGhpcyBlbWFpbCBpcyBpbnRlbmRlZCBvbmx5IGZvciB0aGUg cGVyc29uKHMpIG9yIGVudGl0eSB0byB3aG9tIGl0IGlzIGFkZHJlc3NlZCBhbmQgbWF5IGNvbnRh aW4gY29uZmlkZW50aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24uIElmIHlvdSByZWNlaXZl IHRoaXMgZW1haWwgYnkgZXJyb3IsIHBsZWFzZSBub3RpZnkgdXMgaW1tZWRpYXRlbHksIGRlbGV0 ZSB0aGUgb3JpZ2luYWwgbWVzc2FnZSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0 byBhbnkgb3RoZXIgcGVyc29uLCB1c2Ugb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24g aW4gYW55IG1lZGl1bSBhbmQgZm9yIHdoYXRldmVyIHB1cnBvc2UuIEFueSB1bmF1dGhvcml6ZWQg dXNlIGlzIHN0cmljdGx5IHByb2hpYml0ZWQuDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KTUxTIG1haWxpbmcgbGlzdA0KTUxTQGlldGYub3JnPG1haWx0 bzpNTFNAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL21s cw0K --_000_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjwhLS0gVGVtcGxhdGUgZ2VuZXJhdGVkIGJ5IEV4Y2xh aW1lciBTaWduYXR1cmUgTWFuYWdlciBFeGNoYW5nZSBFZGl0aW9uIG9uIDEwOjU0OjUzIFRodXJz ZGF5LCAxOCBBcHJpbCAyMDE5IC0tPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBj b250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPHN0eWxlIHR5cGU9InRleHQvY3Nz Ij5QLkltcHJpbnRVbmlxdWVJRCB7DQoJTUFSR0lOOiAwY20gMGNtIDBwdA0KfQ0KTEkuSW1wcmlu dFVuaXF1ZUlEIHsNCglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpESVYuSW1wcmludFVuaXF1ZUlE IHsNCglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpUQUJMRS5JbXByaW50VW5pcXVlSURUYWJsZSB7 DQoJTUFSR0lOOiAwY20gMGNtIDBwdA0KfQ0KRElWLlNlY3Rpb24xIHsNCglwYWdlOiBTZWN0aW9u MQ0KfQ0KPC9zdHlsZT4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0 IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtpZiAhbXNvXT48c3R5bGU+dlw6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0KLnNoYXBlIHtiZWhh dmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwhW2VuZGlmXS0tPjxzdHlsZT48IS0t DQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1i cmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6VmVyZGFuYTsNCglwYW5vc2UtMToyIDExIDYgNCAz IDUgNCA0IDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1z b05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAw MDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4i LHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0 ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K CWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnANCgl7bXNvLXN0 eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdo dDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0K CWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsc2VyaWY7 fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5 bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1tYXJnaW4t dG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1p bHk6IlRpbWVzIE5ldyBSb21hbiIsc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0 eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2Vy aWY7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpl eHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRTZWN0 aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3Mi4w cHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+ PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9 ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBt c28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0 PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0K PC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tQ0EiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0K PGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IaSBFbWFk LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7 Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+Q291bGQgdGhlcmUgYmUg YSBzZXR1cCB3aGVyZSBlYWNoIEHigJlzIHBvaW50IG9mIHByZXNlbmNlIChkZXZpY2UpIHBhcnRp Y2lwYXRlcyBhcyBhIHNlcGFyYXRlIGxlYWYgaW4gdGhlIHJhdGNoZXQgdHJlZT8gVGhlIGFkdmFu dGFnZQ0KIG9mIHN1Y2ggYXBwcm9hY2ggbWF5IGJlIHRvIGF2b2lkIHRoZSBrZXkgc3luY2hyb25p emF0aW9uIHByb2JsZW0gYmV0d2VlbiBwb2ludHMgb2YgcHJlc2VuY2UuPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5 N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO21z by1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5EbyB5b3Ugc2VlIHRoZSBtZWNoYW5pc20gb2YgcmVt b3ZpbmcgdXNlcnMgd2hvIGRpZCBub3Qgc2VuZCBVcGRhdGVzIHJlY2VudGx5IHNob3VsZCBiZSBw YXJ0IG9mIHRoZSBwcm90b2NvbCBvciBzaG91bGQgaXQgYmUgZHJpdmVuDQogYnkgdGhlIGFwcD88 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPlRoYW5rIHlvdS48YnI+DQpB bGV4LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPjwvc3Bhbj48L2I+PC9wPg0KPC9kaXY+DQo8YnI+DQo8YnI+DQo8dGFibGUgY2xh c3M9IkltcHJpbnRVbmlxdWVJRFRhYmxlIiBzdHlsZT0iQk9SREVSLUNPTExBUFNFOiBjb2xsYXBz ZSIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0aD0iMTAwJSIgYm9yZGVyPSIw Ij4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB3aWR0aD0iMzUwIj48Zm9udCBzdHlsZT0iZm9udC1mYW1p bHk6VmVyZGFuYTtmb250LXNpemU6MTBwdDtjb2xvcjojOTZENzAwO2ZvbnQtd2VpZ2h0OmJvbGQ7 Ij5BbGV4YW5kZXIgU2hlcmtpbjwvZm9udD48YnI+DQo8dGFibGUgY2VsbHBhZGRpbmc9IjAiIGNl bGxzcGFjaW5nPSIwIiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTsgZm9udC1zaXplOjlwdDsg Y29sb3I6IzAwMDAwMDsgdGV4dC1hbGlnbjogbGVmdDsgdmVydGljYWwtYWxpZ246IHRvcDsiIGNs YXNzPSI0ZmZmYjMwZS1lY2ZkLTQ5MjYtYWM3Yi0zMjI3YTRlZDc3NDRUYWJsZSI+DQo8dGJvZHk+ DQo8dHIgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7IHZlcnRpY2FsLWFsaWduOiB0b3A7ICI+DQo8 dGQgYWxpZ249Ik5vdFNldCIgc3R5bGU9IiI+PGZvbnQgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRh bmE7Zm9udC1zaXplOjlwdDtjb2xvcjojMDAwMDAwOyI+PC9mb250PjwvdGQ+DQo8dGQgYWxpZ249 Ik5vdFNldCIgc3R5bGU9IiI+PGZvbnQgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1z aXplOjlwdDtjb2xvcjojMDAwMDAwOyI+U29mdHdhcmUgQXJjaGl0ZWN0PC9mb250PjwvdGQ+DQo8 L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8YnI+DQo8L3RkPg0KPC90cj4NCjx0cj4NCjxicj4N Cjx0ZCBub3dyYXA9IiI+PGEgaHJlZj0iaHR0cDovL3d3dy5kYXJrbWF0dGVyLmFlIiB0YXJnZXQ9 IiI+PGltZyB3aWR0aD0iMjE5IiBoZWlnaHQ9IjM2IiBzdHlsZT0iYm9yZGVyOiAwcHggU29saWQg OyAiIHNyYz0iY2lkOmltYWdlNTMwMTdmLlBOR0A2YjE5MWFiYS40MmFlMzgzZSI+PC9hPjwvdGQ+ DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8Zm9udCBzdHlsZT0iRk9OVC1TSVpFOiA4cHQ7 IENPTE9SOiAjYTFhMWExIiBzaXplPSImIzQzOzAiPjxmb250IGNvbG9yPSIjYTVhNWE1Ij48YnI+ DQo8Zm9udCBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtmb250LXNpemU6OHB0O2NvbG9yOkJs YWNrOyI+MiBSb2JlcnQgU3BlY2sgUGFya3dheSwgU3VpdGUgMTYxMDxicj4NCk1pc3Npc3NhdWdh IE9OICZuYnNwO0w0WiAxSDg8L2ZvbnQ+PGJyPg0KPGZvbnQgc3R5bGU9ImZvbnQtZmFtaWx5OlZl cmRhbmE7Zm9udC1zaXplOjhwdDtjb2xvcjpCbGFjazsiPkNhbmFkYTwvZm9udD48YnI+DQo8Zm9u dCBjb2xvcj0iYmxhY2siPjxmb250IGZhY2U9IlZlcmRhbmEiPjxzdHJvbmc+PGZvbnQgY29sb3I9 IiM5NmQ3MDAiIHNpemU9IjEiPk08Zm9udCBjb2xvcj0iI2ZmZmZmZiI+VDwvZm9udD48L2ZvbnQ+ PC9zdHJvbmc+PC9mb250PjwvZm9udD48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtm b250LXNpemU6OHB0O2NvbG9yOkJsYWNrOyI+PGEgaHJlZj0idGVsOiYjNDM7MSA0MTYgNDE0IDcx MTciIHRpdGxlPSIiIHRhcmdldD0iIiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtmb250LXNp emU6OHB0O2NvbG9yOkJsYWNrOyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7IGZv bnQtc2l6ZTo4cHQ7IGNvbG9yOkJsYWNrOyI+JiM0MzsxDQogNDE2IDQxNCA3MTE3PC9zcGFuPjwv YT48L3NwYW4+PGJyPg0KPGZvbnQgZmFjZT0iVmVyZGFuYSI+PGZvbnQgY29sb3I9IiM5NmQ3MDAi IHNpemU9IjEiPjxzdHJvbmc+RTxmb250IGNvbG9yPSIjZmZmZmZmIj5NPC9mb250Pjwvc3Ryb25n PjwvZm9udD48L2ZvbnQ+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXpl OjhwdDtjb2xvcjpCbGFjazsiPjxhIGhyZWY9Im1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBkYXJr bWF0dGVyLmFlIiB0aXRsZT0iQ2xpY2sgdG8gc2VuZCBlbWFpbCB0byBBbGV4YW5kZXIgU2hlcmtp biIgdGFyZ2V0PSIiIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7Y29s b3I6QmxhY2s7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTsgZm9udC1zaXplOjhw dDsgY29sb3I6QmxhY2s7Ij5BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPC9zcGFuPjwv YT48L3NwYW4+PGJyPg0KPGJyPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9u dC1zaXplOjhwdDtjb2xvcjojOTZENzAwO2ZvbnQtd2VpZ2h0OmJvbGQ7Ij48YSBocmVmPSJodHRw Oi8vZGFya21hdHRlci5hZSIgdGl0bGU9IiIgdGFyZ2V0PSIiIHN0eWxlPSJmb250LWZhbWlseTpW ZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7Y29sb3I6Izk2RDcwMDtmb250LXdlaWdodDpib2xkOyI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7IGZvbnQtc2l6ZTo4cHQ7IGNvbG9yOiM5NkQ3 MDA7IGZvbnQtd2VpZ2h0OmJvbGQ7Ij5kYXJrbWF0dGVyLmFlPC9zcGFuPjwvYT48L3NwYW4+PGJy Pg0KPGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvZGFyay1t YXR0ZXItbGxjIiB0YXJnZXQ9IiI+PGltZyB3aWR0aD0iMzIiIGhlaWdodD0iMzIiIHN0eWxlPSJi b3JkZXI6IDBweCBTb2xpZCA7ICIgc3JjPSJjaWQ6aW1hZ2VkMWIxMmUuUE5HQDMxOWNjNGM4LjQ1 ODI3YmFlIiBhbHQ9IkxpbmtlZGluIj48L2E+Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90d2l0dGVy LmNvbS9HdWFyZGVkYnlHZW5pdXMiIHRhcmdldD0iIj48aW1nIHdpZHRoPSIzMiIgaGVpZ2h0PSIz MiIgc3R5bGU9ImJvcmRlcjogMHB4IFNvbGlkIDsgIiBzcmM9ImNpZDppbWFnZTE3ZTc0MC5QTkdA YWMwZGVjMmIuNDNiOWQyMzYiIGFsdD0iVHdpdHRlciI+PC9hPg0KPHAgaWQ9InVuZGVmaW5lZCI+ PC9wPg0KPGJyPg0KPGZvbnQgc2l6ZT0iMSIgZmFjZT0iVmVyZGFuYSI+VGhlIGluZm9ybWF0aW9u IGluIHRoaXMgZW1haWwgaXMgaW50ZW5kZWQgb25seSBmb3IgdGhlIHBlcnNvbihzKSBvciBlbnRp dHkgdG8gd2hvbSBpdCBpcyBhZGRyZXNzZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBv ciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uLiBJZiB5b3UgcmVjZWl2ZSB0aGlzIGVtYWlsIGJ5IGVy cm9yLCBwbGVhc2Ugbm90aWZ5IHVzIGltbWVkaWF0ZWx5LCBkZWxldGUNCiB0aGUgb3JpZ2luYWwg bWVzc2FnZSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVy c29uLCB1c2Ugb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bSBh bmQgZm9yIHdoYXRldmVyIHB1cnBvc2UuIEFueSB1bmF1dGhvcml6ZWQgdXNlIGlzIHN0cmljdGx5 IHByb2hpYml0ZWQuPGJyPg0KPC9mb250PjwvZm9udD48L2ZvbnQ+PGJyPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVT IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm Ij4gRW1hZCBPbWFyYSBbbWFpbHRvOmVtYWRvbWFyYUBnb29nbGUuY29tXQ0KPGJyPg0KPGI+U2Vu dDo8L2I+IEFwcmlsIDE3LCAyMDE5IDU6MTIgUE08YnI+DQo8Yj5Ubzo8L2I+IEFsZXhhbmRlciBT aGVya2luICZsdDtBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlJmd0Ozxicj4NCjxiPkNj OjwvYj4gbWxzQGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IE1hbHdhcmVbU1VTUElDSU9V UyBNRVNTQUdFXSBJdCBtYXkgdHJpY2sgdmljdGltcyBpbnRvIGNsaWNraW5nIGEgbGluayBhbmQg ZG93bmxvYWRpbmcgbWFsd2FyZS4gRG8gbm90IG9wZW4gc3VzcGljaW91cyBsaW5rcy5SZTogW01M U10gQmxvY2tpbmcgVXBkYXRlIG1lc3NhZ2VzIGZvciBicmVha2luZyBwb3N0LWNvbXByb21pc2Ug c2VjdXJpdHk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBBbGV4LDxv OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSB0aGluayB0aGUg YXR0YWNrIG1ha2VzIHNlbnNlLCBob3dldmVyIGl0IGFzc3VtZXMgdGhlIGF0dGFja2VyIGhhcyBz b21lIHNvcnQgb2YgY29udHJvbCBmb3IgdGhlIG5ldHdvcmsgb2YgYWxsIEEncyBkZXZpY2VzIGlu IG9yZGVyIHRvIHBlcmZvcm0gdGhlIERvUy4gT25lIG1pdGlnYXRpb24gd2UgZGlzY3Vzc2VkIGJl Zm9yZSB0aGF0IGNvdWxkIGhlbHAgaW4gdGhpcyBhdHRhY2sgaXMgdG8gZm9yY2UgdGhlIG1heA0K IHVwZGF0ZSB3aW5kb3csIHNvIGlmIGEgY2xpZW50IGhhcyBpc3N1ZWQgYW55IHVwZGF0ZSBpbiB0 aGUgbGFzdCBOIGRheXMsIHRoZSBhcHAgY2FuIGRlY2lkZSB0byBraWNrIGl0IG91dCBvZiB0aGUg Z3JvdXAsIG90IGF0IGxlYXN0IGlzc3VlIGEgd2FybmluZyZuYnNwO3RvIG90aGVyIHVzZXJzLiZu YnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5FbWFkPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPk9uIFdlZCwgQXByIDE3LCAyMDE5IGF0IDE6NTggUE0gQWxleGFuZGVyIFNoZXJraW4gJmx0 OzxhIGhyZWY9Im1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlIj5BbGV4YW5k ZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAj Q0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7 bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0K PGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhlbGxvLDxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+SSB0aGluayB3ZSBicmllZmx5IGRpc2N1c3NlZCB0aGlzIHByb2JsZW0g aW4gdGhlIGNvbnRleHQgb2Yg4oCcaW5hY3RpdmUgdXNlcnPigJ0sIGJ1dCBJIHdhbnQgdG8gYnJp bmcgdGhpcyB1cCBhZ2FpbiBmb3IgZGlzY3Vzc2lvbi48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPkxldOKAmXMgYXNzdW1lIGFuIGF0dGFja2VyIGNvbXByb21pc2VzIHVzZXIgQSBhbmQgcmVj b3ZlcnMgdXNlciBB4oCZcyBjcnlwdG9ncmFwaGljIHN0YXRlIGluY2x1ZGluZyB0aGUgbGVhZiBz ZWNyZXQuIEFmdGVyIHVzZXIgQSBpcyBjb21wcm9taXNlZCwgdGhlIGF0dGFja2VyIG5vIGxvbmdl ciBjb250cm9scyB1c2VyDQogQS4gVXNlciBBIHdpbGwgZXZlbnR1YWxseSBzZW5kIGFuIFVwZGF0 ZSBtZXNzYWdlLCBhbmQgdGhlIGF0dGFja2VyIHdpbGwgbm8gbG9uZ2VyIGhhdmUgYWNjZXNzIHRv IHRoZSByb290IGtleS4gV2UgZ2V0IHBvc3QtY29tcHJvbWlzZSBzZWN1cml0eSBwcm9wZXJ0eS48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhvd2V2ZXIsIGxldOKAmXMgYXNzdW1lIHRoYXQg YWZ0ZXIgY29tcHJvbWlzaW5nIHVzZXIgQSBhbmQgcmVjb3ZlcmluZyB1c2VyIEEgY3J5cHRvIHN0 YXRlLCB0aGUgYXR0YWNrZXIgcGVyZm9ybXMgYSBkZW5pYWwgb2Ygc2VydmljZSBhdHRhY2sgb24g dXNlciBBIFVwZGF0ZSBtZXNzYWdlcyAob3IgYWxsIG1lc3NhZ2VzDQogZnJvbSB1c2VyIEEpLiBU aGUgYXR0YWNrZXIgdGhlbiBvYnNlcnZlcyB0aGUgdHJhZmZpYy4gVGhlIGF0dGFja2VyIHdpbGwg YmUgYWJsZSB0byBkZWNyeXB0IFVwZGF0ZSBtZXNzYWdlcyBmcm9tIG90aGVyIHBhcnRpY2lwYW50 cyBhbmQgZGVjcnlwdCBkYXRhLWNhcnJ5aW5nIG1lc3NhZ2VzIGFzIGxvbmcgYXMgb3RoZXIgcGFy dGljaXBhbnRzIGluY2x1ZGUgdXNlciBBIGluIHRoZWlyIHJhdGNoZXQgdHJlZXMuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5BcyBhbiBpbnRlcmVzdGluZyB0aG91Z2h0IGV4cGVyaW1lbnQs IHdlIGNhbiB0cnkgdG8gYXBwbHkgdGhlIHNhbWUgYXR0YWNrIHRvIG9uZS1vbi1vbmUgdXNlIGNh c2Ugd2hlbiBkb3VibGUgcmF0Y2hldGluZyBpcyB1c2VkLiBUbyBwcmV2ZW50IHJhdGNoZXRpbmcs IHRoZSBhdHRhY2tlciBoYXMgdG8gYmxvY2sNCiBtZXNzYWdlcyBmcm9tIG9uZSBvZiB0aGUgcGFy dGljaXBhbnRzLiBQcmFjdGljYWxseSwgdGhpcyBtZWFucyB0aGF0IHRoZSBhdHRhY2tlciBkZXN0 cm95cyB0aGUgcG9zc2liaWxpdHkgb2YgdHdvIHBhcnRpY2lwYW50cyBoYXZpbmcgYSBjb252ZXJz YXRpb247IGhlbmNlLCBkYXRhIGNvbGxlY3RlZCBieSB0aGUgYXR0YWNrIHdpbGwgYmUgb25lIHBh cnRpY2lwYW50c+KAmSBtb25vbG9ndWUgYW5kIG1heSBub3QgYmUgYXMgdmFsdWFibGUuIEluIGNv bnRyYXN0LA0KIHdoZW4gMSBvdXQgb2YgMTAwMCB1c2VycyBpcyBpc29sYXRlZCwgOTk5IHJlbWFp bmluZyB1c2VycyB3aWxsIGNvbnRpbnVlIGhhdmluZyBwcm9kdWN0aXZlIGNvbnZlcnNhdGlvbiBj cmVhdGluZyB2YWx1YWJsZSBkYXRhIHRoYXQgdGhlIGF0dGFja2VyIG1heSBpbnRlcmNlcHQgYW5k IGRlY3J5cHQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JZiB0aGUgYWJvdmUgYXR0YWNr IHZlY3RvciBtYWtlcyBzZW5zZSwgc2hvdWxkIHdlIGNvbnNpZGVyIGV4Y2x1ZGluZyB1c2VycyB3 aG8gZGlkIG5vdCBzZW5kIFVwZGF0ZSBtZXNzYWdlcyByZWNlbnRseSBlbm91Z2ggZnJvbSB0aGUg cmF0Y2hldCB0cmVlPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmsgeW91LjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5BbGV4LjxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBw dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8dGFibGUgY2xhc3M9Ik1zb05vcm1hbFRhYmxlIiBi b3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIHN0 eWxlPSJ3aWR0aDoxMDAuMCU7Ym9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlIj4NCjx0Ym9keT4NCjx0 cj4NCjx0ZCB3aWR0aD0iMzUwIiBzdHlsZT0id2lkdGg6MjYyLjVwdDtwYWRkaW5nOjBjbSAwY20g MGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 Izk2RDcwMDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+QWxleGFuZGVyIFNoZXJraW48L3Nw YW4+PC9iPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJsZSIgYm9yZGVyPSIwIiBj ZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHZhbGln bj0idG9wIiBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwvdGQ+DQo8dGQgdmFsaWdu PSJ0b3AiIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRh bmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjazttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1V UyI+U29mdHdhcmUgQXJjaGl0ZWN0PG86cD48L286cD48L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+ DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHN0eWxlPSJwYWRk aW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBub3dyYXA9IiIgc3R5bGU9InBhZGRpbmc6 MGNtIDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxhIGhyZWY9Imh0dHA6Ly93 d3cuZGFya21hdHRlci5hZS8iIHRhcmdldD0iX2JsYW5rIj48c3BhbiBzdHlsZT0idGV4dC1kZWNv cmF0aW9uOm5vbmUiPjxpbWcgYm9yZGVyPSIwIiB3aWR0aD0iMjE5IiBoZWlnaHQ9IjM2IiBpZD0i UGljdHVyZV94MDAyMF8xIiBzcmM9ImNpZDppbWFnZTAwMS5wbmdAMDFENEY1QzcuMkQ4QjA2RDAi IGFsdD0iY2lkOmltYWdlMDAxLnBuZ0AwMUQ0RjVDNy4yRDhCMDZEMCI+PC9zcGFuPjwvYT48c3Bh biBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2NvbG9yOiNBNUE1QTUiPjxicj4NCjwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+MiBSb2JlcnQgU3BlY2sgUGFya3dheSwgU3Vp dGUgMTYxMDxicj4NCk1pc3Npc3NhdWdhIE9OICZuYnNwO0w0WiAxSDg8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZTo4LjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6YmxhY2siPkNhbmFkYTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjgu MHB0O2NvbG9yOiNBNUE1QTUiPjxicj4NCjwvc3Bhbj48c3Ryb25nPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOiM5NkQ3MDAiPk08L3NwYW4+PC9zdHJvbmc+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1z aXplOjcuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjp3aGl0ZSI+VDwvc3Bhbj48L3N0cm9uZz48YSBocmVmPSJ0ZWw6JiM0MzsxJTIwNDE2JTIwNDE0 JTIwNzExNyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj4mIzQz OzENCiA0MTYgNDE0IDcxMTc8L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7 Y29sb3I6I0E1QTVBNSI+PGJyPg0KPC9zcGFuPjxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZTo3LjVwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 Izk2RDcwMCI+RTwvc3Bhbj48L3N0cm9uZz48c3Ryb25nPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOndo aXRlIj5NPC9zcGFuPjwvc3Ryb25nPjxhIGhyZWY9Im1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBk YXJrbWF0dGVyLmFlIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9IkNsaWNrIHRvIHNlbmQgZW1haWwg dG8gQWxleGFuZGVyIFNoZXJraW4iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5BbGV4YW5k ZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPC9zcGFuPjwvYT48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjguMHB0O2NvbG9yOiNBNUE1QTUiPjxicj4NCjxicj4NCjwvc3Bhbj48YSBocmVmPSJodHRwOi8v ZGFya21hdHRlci5hZSIgdGFyZ2V0PSJfYmxhbmsiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 OC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiM5 NkQ3MDAiPmRhcmttYXR0ZXIuYWU8L3NwYW4+PC9iPjwvYT48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjguMHB0O2NvbG9yOiNBNUE1QTUiPjxicj4NCjxicj4NCjwvc3Bhbj48YSBocmVmPSJodHRwczov L3d3dy5saW5rZWRpbi5jb20vY29tcGFueS9kYXJrLW1hdHRlci1sbGMiIHRhcmdldD0iX2JsYW5r Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O3RleHQtZGVjb3JhdGlvbjpub25lIj48aW1n IGJvcmRlcj0iMCIgd2lkdGg9IjMyIiBoZWlnaHQ9IjMyIiBpZD0iUGljdHVyZV94MDAyMF8yIiBz cmM9ImNpZDppbWFnZTAwMi5wbmdAMDFENEY1QzcuMkQ4QjA2RDAiIGFsdD0iTGlua2VkaW4iPjwv c3Bhbj48L2E+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij4mbmJz cDs8L3NwYW4+PGEgaHJlZj0iaHR0cHM6Ly90d2l0dGVyLmNvbS9HdWFyZGVkYnlHZW5pdXMiIHRh cmdldD0iX2JsYW5rIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O3RleHQtZGVjb3JhdGlv bjpub25lIj48aW1nIGJvcmRlcj0iMCIgd2lkdGg9IjMyIiBoZWlnaHQ9IjMyIiBpZD0iUGljdHVy ZV94MDAyMF8zIiBzcmM9ImNpZDppbWFnZTAwMy5wbmdAMDFENEY1QzcuMkQ4QjA2RDAiIGFsdD0i VHdpdHRlciI+PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2NvbG9yOiNB NUE1QTUiPg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2Nv bG9yOiNBNUE1QTUiPjxicj4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjcuNXB0O2Zv bnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojQTVBNUE1Ij5U aGUgaW5mb3JtYXRpb24gaW4gdGhpcyBlbWFpbCBpcyBpbnRlbmRlZCBvbmx5IGZvciB0aGUgcGVy c29uKHMpIG9yIGVudGl0eSB0byB3aG9tIGl0IGlzIGFkZHJlc3NlZCBhbmQgbWF5IGNvbnRhaW4g Y29uZmlkZW50aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24uIElmIHlvdSByZWNlaXZlIHRo aXMNCiBlbWFpbCBieSBlcnJvciwgcGxlYXNlIG5vdGlmeSB1cyBpbW1lZGlhdGVseSwgZGVsZXRl IHRoZSBvcmlnaW5hbCBtZXNzYWdlIGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRv IGFueSBvdGhlciBwZXJzb24sIHVzZSBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBp biBhbnkgbWVkaXVtIGFuZCBmb3Igd2hhdGV2ZXIgcHVycG9zZS4gQW55IHVuYXV0aG9yaXplZCB1 c2UgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fPGJyPg0KTUxTIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpN TFNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5NTFNAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJl Zj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9tbHMiIHRhcmdldD0iX2Js YW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL21sczwvYT48bzpwPjwv bzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+ DQo= --_000_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_-- --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5249; creation-date="Thu, 18 Apr 2019 18:54:51 GMT"; modification-date="Thu, 18 Apr 2019 18:54:51 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="image002.png" Content-Description: image002.png Content-Disposition: inline; filename="image002.png"; size=663; creation-date="Thu, 18 Apr 2019 18:54:52 GMT"; modification-date="Thu, 18 Apr 2019 18:54:52 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="image003.png" Content-Description: image003.png Content-Disposition: inline; filename="image003.png"; size=803; creation-date="Thu, 18 Apr 2019 18:54:52 GMT"; modification-date="Thu, 18 Apr 2019 18:54:52 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="image53017f.PNG" Content-Description: image53017f.PNG Content-Disposition: inline; filename="image53017f.PNG"; size=5249; creation-date="Thu, 18 Apr 2019 18:54:53 GMT"; modification-date="Thu, 18 Apr 2019 18:54:53 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="imaged1b12e.PNG" Content-Description: imaged1b12e.PNG Content-Disposition: inline; filename="imaged1b12e.PNG"; size=663; creation-date="Thu, 18 Apr 2019 18:54:53 GMT"; modification-date="Thu, 18 Apr 2019 18:54:53 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_ Content-Type: image/png; name="image17e740.PNG" Content-Description: image17e740.PNG Content-Disposition: inline; filename="image17e740.PNG"; size=803; creation-date="Thu, 18 Apr 2019 18:54:53 GMT"; modification-date="Thu, 18 Apr 2019 18:54:53 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --_009_f57fdfc23287463cb3ad3713faaf25b4darkmatterae_-- From nobody Thu Apr 18 20:40:58 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBAC8120268 for ; Thu, 18 Apr 2019 20:40:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.499 X-Spam-Level: X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgKasZ2B2_0e for ; Thu, 18 Apr 2019 20:40:54 -0700 (PDT) Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C72B120266 for ; Thu, 18 Apr 2019 20:40:53 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id w15so5065192wmc.3 for ; Thu, 18 Apr 2019 20:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EthggRPQVO6GGINvOardvh7OTjmF+z40qz2w0WSDu9I=; b=C3L1lMMclmYK5EWIJNwT6+COS2xsrZ42kIRJmrpQBSGtWmdEtuB/8x4F07lEb0OUQF GdsDI8D2zjaJAQ2WF/Ye+vEnYpP3b4fdrHkovfMa6eyNsPSQgaLG6NignU/5K/l+nZ6c aGLl8MDojNDwfALTXjGkavChxN4WLnWJmqyh8qwp8/+XFSrU0iPbgw7tPgwxA6NmPgfh XXUv7r9WfXXjKWYNXspAPExHrInLSERVQklBB3r9HzGwCGIO0fpVQpuuB749JkIgNfyK QGonJBKcTcwXeHPZZcOghEdwzqKLE6GMYuIqvX9celXg1Jh98gNp/ug8L3JiFq9F8wWU yIxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EthggRPQVO6GGINvOardvh7OTjmF+z40qz2w0WSDu9I=; b=HZHA4eC4zp1c26mq95bbtLsnqcMZaFai7j2Yza9JKD02F4QWm+SfErm/7eiDi4DooV Ui9idzDsS3yJlqleOrykdHfrdk5ye25wLGdUGKKTGxeSw3KQNhaEzcHvNNJR9cMF9o7B xG6NMrArZzcuPljqgVwxy25rHKFNqKi1Bv4UFvj/KPVprz0VZZ/957c5B9IQwrBgp6Sx 7ciCBzYtcfQEu1DXdrPatQVf2IrxVRjLs1IlrhTfCxL4xPUREFflGxOp7EtlLLQvwf5f EAxESsFz4u/zI0ZuICzgP9qpd2nnSsYa8d/2Vy8euRN7B7irYA+Tf/lIgKOj+ZoegRLM +lsg== X-Gm-Message-State: APjAAAUxwKVE+y2wQC5N7Hcsz28M1Q6f63S2Sz0R6hnVAqu6X6FJGOUx txZBGEsKiS/hiu2LxzpssXtoRtTbDqB55LWE+7Dn X-Google-Smtp-Source: APXvYqxHDlDJkChNX7/z9iwD2FVWuhmQQq9VeQ9avhxZflO32LFOf7eL2lWD1ooBeyeiZwa+rIqp3HsPBaOJWWstIws= X-Received: by 2002:a1c:eb18:: with SMTP id j24mr1095781wmh.32.1555645251193; Thu, 18 Apr 2019 20:40:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Emad Omara Date: Thu, 18 Apr 2019 20:40:40 -0700 Message-ID: To: Alexander Sherkin Cc: "mls@ietf.org" Content-Type: multipart/related; boundary="00000000000099395a0586d9e266" Archived-At: Subject: Re: [MLS] Blocking Update messages for breaking post-compromise security X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 03:40:57 -0000 --00000000000099395a0586d9e266 Content-Type: multipart/alternative; boundary="0000000000009939590586d9e265" --0000000000009939590586d9e265 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 18, 2019 at 11:55 AM Alexander Sherkin < Alexander.Sherkin@darkmatter.ae> wrote: > Hi Emad, > > > > Could there be a setup where each A=E2=80=99s point of presence (device) > participates as a separate leaf in the ratchet tree? The advantage of suc= h > approach may be to avoid the key synchronization problem between points o= f > presence. > This is actually the current assumption in the architecture document, each device is represented as a separate client, however we are also currently looking into using a virtual client mode where all devices are presented in a single node. > > Do you see the mechanism of removing users who did not send Updates > recently should be part of the protocol or should it be driven by the app= ? > Well, I see this as just a recommendation to the app, not sure what can be done at the protocol layer! > > > Thank you. > Alex. > > > > > > > > > > Alexander Sherkin > Software Architect > > > 2 Robert Speck Parkway, Suite 1610 > Mississauga ON L4Z 1H8 > Canada > *MT*+1 416 414 7117 <+1%20416%20414%207117> > *EM*Alexander.Sherkin@darkmatter.ae > > darkmatter.ae > > [image: Linkedin] [ima= ge: > Twitter] > > > The information in this email is intended only for the person(s) or entit= y > to whom it is addressed and may contain confidential or privileged > information. If you receive this email by error, please notify us > immediately, delete the original message and do not disclose the contents > to any other person, use or store or copy the information in any medium a= nd > for whatever purpose. Any unauthorized use is strictly prohibited. > > *From:* Emad Omara [mailto:emadomara@google.com] > *Sent:* April 17, 2019 5:12 PM > *To:* Alexander Sherkin > *Cc:* mls@ietf.org > *Subject:* Malware[SUSPICIOUS MESSAGE] It may trick victims into clicking > a link and downloading malware. Do not open suspicious links.Re: [MLS] > Blocking Update messages for breaking post-compromise security > > > > Hi Alex, > > > > I think the attack makes sense, however it assumes the attacker has some > sort of control for the network of all A's devices in order to perform th= e > DoS. One mitigation we discussed before that could help in this attack is > to force the max update window, so if a client has issued any update in t= he > last N days, the app can decide to kick it out of the group, ot at least > issue a warning to other users. > > > > Emad > > > > On Wed, Apr 17, 2019 at 1:58 PM Alexander Sherkin < > Alexander.Sherkin@darkmatter.ae> wrote: > > Hello, > > > > I think we briefly discussed this problem in the context of =E2=80=9Cinac= tive > users=E2=80=9D, but I want to bring this up again for discussion. > > > > Let=E2=80=99s assume an attacker compromises user A and recovers user A= =E2=80=99s > cryptographic state including the leaf secret. After user A is compromise= d, > the attacker no longer controls user A. User A will eventually send an > Update message, and the attacker will no longer have access to the root > key. We get post-compromise security property. > > > > However, let=E2=80=99s assume that after compromising user A and recoveri= ng user A > crypto state, the attacker performs a denial of service attack on user A > Update messages (or all messages from user A). The attacker then observes > the traffic. The attacker will be able to decrypt Update messages from > other participants and decrypt data-carrying messages as long as other > participants include user A in their ratchet trees. > > > > As an interesting thought experiment, we can try to apply the same attack > to one-on-one use case when double ratcheting is used. To prevent > ratcheting, the attacker has to block messages from one of the > participants. Practically, this means that the attacker destroys the > possibility of two participants having a conversation; hence, data > collected by the attack will be one participants=E2=80=99 monologue and m= ay not be > as valuable. In contrast, when 1 out of 1000 users is isolated, 999 > remaining users will continue having productive conversation creating > valuable data that the attacker may intercept and decrypt. > > > > If the above attack vector makes sense, should we consider excluding user= s > who did not send Update messages recently enough from the ratchet tree? > > > > Thank you. > > Alex. > > > > > > > > > > > > > > *Alexander Sherkin* > > Software Architect > > [image: cid:image001.png@01D4F5C7.2D8B06D0] > > > 2 Robert Speck Parkway, Suite 1610 > Mississauga ON L4Z 1H8 > Canada > *M**T*+1 416 414 7117 <+1%20416%20414%207117> > *E**M*Alexander.Sherkin@darkmatter.ae > > *darkmatter.ae* > > [image: Linkedin] [ima= ge: > Twitter] > > > The information in this email is intended only for the person(s) or entit= y > to whom it is addressed and may contain confidential or privileged > information. If you receive this email by error, please notify us > immediately, delete the original message and do not disclose the contents > to any other person, use or store or copy the information in any medium a= nd > for whatever purpose. Any unauthorized use is strictly prohibited. > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > > --0000000000009939590586d9e265 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Apr 18, 2019 at 11:55 AM Alex= ander Sherkin <Alexan= der.Sherkin@darkmatter.ae> wrote:

Hi Emad,

=C2=A0

Could there be a setup where each A=E2=80=99= s point of presence (device) participates as a separate leaf in the ratchet= tree? The advantage of such approach may be to avoid the key synchronization problem between p= oints of presence.

This is actually= the current assumption in the architecture document, each device is repres= ented as a separate client, however we are also currently looking into usin= g a virtual client mode where all devices are presented in a single node.
<= div class=3D"gmail-m_5672706016823396356WordSection1">

=C2=A0

Do you see the mechanism of removing users w= ho did not send Updates recently should be part of the protocol or should i= t be driven by the app?

Well, I see this as ju= st a recommendation to the app, not sure what can be done at the protocol l= ayer!=C2=A0

=C2=A0

Thank you.
Alex.

=C2=A0

=C2=A0

=C2=A0



Alexander Sherkin
Software Architect



2 Robert Spec= k Parkway, Suite 1610
Mississauga ON =C2=A0L4Z 1H8
Canada=
MT+1 416 414 7117
EMAlexander.Sherkin@darkmatter= .ae

darkmatter.ae

3D"Linkedin"=C2=A03D"Twitter"=


The information in this email is intended= only for the person(s) or entity to whom it is addressed and may contain c= onfidential or privileged information. If you receive this email by error, = please notify us immediately, delete the original message and do not disclose the contents to any other person,= use or store or copy the information in any medium and for whatever purpos= e. Any unauthorized use is strictly prohibited.

From: Emad Omara [mailto:emadomara@google.com= ]
Sent: April 17, 2019 5:12 PM
To: Alexander Sherkin <Alexander.Sherkin@darkmatter.ae>
Cc: mls@ietf.org
Subject: Malware[SUSPICIOUS MESSAGE] It may trick victims into click= ing a link and downloading malware. Do not open suspicious links.Re: [MLS] = Blocking Update messages for breaking post-compromise security

=C2=A0

Hi Alex,

=C2=A0

I think the attack makes sense, however it assumes t= he attacker has some sort of control for the network of all A's devices= in order to perform the DoS. One mitigation we discussed before that could= help in this attack is to force the max update window, so if a client has issued any update in the last N days, th= e app can decide to kick it out of the group, ot at least issue a warning= =C2=A0to other users.=C2=A0

=C2=A0

Emad

=C2=A0

Hello,

=C2=A0

I think we briefly discussed this problem in the con= text of =E2=80=9Cinactive users=E2=80=9D, but I want to bring this up again= for discussion.

=C2=A0

Let=E2=80=99s assume an attacker compromises user A = and recovers user A=E2=80=99s cryptographic state including the leaf secret= . After user A is compromised, the attacker no longer controls user A. User A will eventually send an Update message, and the attacker will no= longer have access to the root key. We get post-compromise security proper= ty.

=C2=A0

However, let=E2=80=99s assume that after compromisin= g user A and recovering user A crypto state, the attacker performs a denial= of service attack on user A Update messages (or all messages from user A). The attacker then observes the traffic. The attacker will be= able to decrypt Update messages from other participants and decrypt data-c= arrying messages as long as other participants include user A in their ratc= het trees.

=C2=A0

As an interesting thought experiment, we can try to = apply the same attack to one-on-one use case when double ratcheting is used= . To prevent ratcheting, the attacker has to block messages from one of the participants. Practically, this means that the at= tacker destroys the possibility of two participants having a conversation; = hence, data collected by the attack will be one participants=E2=80=99 monol= ogue and may not be as valuable. In contrast, when 1 out of 1000 users is isolated, 999 remaining users will continue ha= ving productive conversation creating valuable data that the attacker may i= ntercept and decrypt.

=C2=A0

If the above attack vector makes sense, should we co= nsider excluding users who did not send Update messages recently enough fro= m the ratchet tree?

=C2=A0

Thank you.

Alex.

=C2=A0

=C2=A0

=C2=A0

=C2=A0

=C2=A0

=C2=A0

Alexander Sherkin=

Software Architect

3D"cid:image001.png@01D4F5C7.2D8B06D0"


2 Robert Speck Parkway, Suite 1610
Mississauga ON =C2=A0L4Z 1H8
Canada
MT+1 416 414 7117
EMAlexander.Sherkin@darkmatter.ae<= /a>

darkmat= ter.ae<= br>
3D"Linkedin"=C2=A03D"Twitter"


The information in this email is intended only for the pe= rson(s) or entity to whom it is addressed and may contain confidential or p= rivileged information. If you receive this email by error, please notify us immediately, delete the original message = and do not disclose the contents to any other person, use or store or copy = the information in any medium and for whatever purpose. Any unauthorized us= e is strictly prohibited.

_______________________________________________
MLS mailing list
MLS@ietf.org
htt= ps://www.ietf.org/mailman/listinfo/mls

--0000000000009939590586d9e265-- --00000000000099395a0586d9e266 Content-Type: image/png; name="image001.png" Content-Disposition: inline; filename="image001.png" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b4cff311> X-Attachment-Id: 16a33abb59b4cff311 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --00000000000099395a0586d9e266 Content-Type: image/png; name="image002.png" Content-Disposition: inline; filename="image002.png" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b5b16b22> X-Attachment-Id: 16a33abb59b5b16b22 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --00000000000099395a0586d9e266 Content-Type: image/png; name="image003.png" Content-Disposition: inline; filename="image003.png" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b692e333> X-Attachment-Id: 16a33abb59b692e333 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --00000000000099395a0586d9e266 Content-Type: image/png; name="image53017f.PNG" Content-Disposition: inline; filename="image53017f.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b577544244> X-Attachment-Id: 16a33abb59b577544244 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --00000000000099395a0586d9e266 Content-Type: image/png; name="imaged1b12e.PNG" Content-Disposition: inline; filename="imaged1b12e.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b49cc9bc55> X-Attachment-Id: 16a33abb59b49cc9bc55 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --00000000000099395a0586d9e266 Content-Type: image/png; name="image17e740.PNG" Content-Disposition: inline; filename="image17e740.PNG" Content-Transfer-Encoding: base64 Content-ID: <16a33abb59b8e4d6a4a6> X-Attachment-Id: 16a33abb59b8e4d6a4a6 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --00000000000099395a0586d9e266-- From nobody Fri Apr 19 12:18:27 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB143120006 for ; Fri, 19 Apr 2019 12:18:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFjb9oTAE37f for ; Fri, 19 Apr 2019 12:18:23 -0700 (PDT) Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C86781200F5 for ; Fri, 19 Apr 2019 12:18:23 -0700 (PDT) Received: by mail-oi1-x22e.google.com with SMTP id v84so4632351oif.4 for ; Fri, 19 Apr 2019 12:18:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=9kqk1oEpTbEGvHaKAcIr1suKE86FUIuw/wmNB776CxM=; b=nxMVKQyobbCGRdpkFfHas+XVYw01w4ki0VuLrtfPo7JgjF2h3slMS0BBcDOxIwXEfT bDsXHqN5D+TJbld6VwW96JvhqYAYYiRhtPS5IsMxtaRLgoh5BsZ3KbsZbtpMCDJgy/j8 /CJsHgoTKd2Uq+UzILM3UQbDD/ngaJD46nIvDs0GU/mfcVv+QjpOxuFf5wiJfdZ+0bpv IQCu0EWdFx4FovJrGf6VzjEOgDaWS6aFamEwoAUqidLsHMV0xWTGyMqvWZAohIJWW/ca lSxOXsf4m+4zbUyldjekWfvQotd4Mf8CtNbBsVVBrNHGwsuEIPCB4yOv7JyQsJ4OkE+o e9LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9kqk1oEpTbEGvHaKAcIr1suKE86FUIuw/wmNB776CxM=; b=flSmrg4XDsm3tFUfTVeCCxqHZe7/aeDQwGuCn6Xqny8scU80ds6VqvI34ifD+6XDGT sTJCIWsYe74bsbfnmzU3yPXKQRuBqVkPXHYEkQmvOZjOC7D9wk/Sbc09xEN84M9Jd0e1 TCAYVOSWSUqIHMsZDZXWuo0v41JrG3hXtKqlVvyFKZJI0Muox8PARNnsM3rBFjqShyIQ ab5KA/dfUY75bKtzv5hnPFX6s65XvWBzh/SLTB4X4vAAbB+G6YG4tjeyfGFGuYcCnnhm jlnIfRrfRVLQo1/hdtj5FiX8I9nxiM6hYQhdRoZ9+dlqi0ipldZv4eXFXlCwrrw4S/Y6 pqPw== X-Gm-Message-State: APjAAAXe4C5RQvbzDrU8wzBpP9OB+9lZekZS7xSEzcWj5QibqYn0Lghv JwoqjW0pLxJrcoGr5Al+Pca+VjdVPoPwkRHC/D6wV7SnR0Prag== X-Google-Smtp-Source: APXvYqzV64WAEerB/+z7D/2a1kSFLZS5IthR/CEtUX53e7AwjbIBbDSNHFLaCJS4j58g6qxCnf9sbNketxzDziUBRCI= X-Received: by 2002:aca:544b:: with SMTP id i72mr2676668oib.51.1555701502485; Fri, 19 Apr 2019 12:18:22 -0700 (PDT) MIME-Version: 1.0 From: Richard Barnes Date: Fri, 19 Apr 2019 15:18:03 -0400 Message-ID: To: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="0000000000006ebab70586e6fb04" Archived-At: Subject: [MLS] Tree hashes - ready to land? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 19:18:26 -0000 --0000000000006ebab70586e6fb04 Content-Type: text/plain; charset="UTF-8" Hey all, I've been working on implementing the tree-hashing scheme we discussed in Prague. I just updated the PR with what I think is a pretty ready-to-merge change set: https://github.com/mlswg/mls-protocol/pull/134 Please send comments there in the next few days. Otherwise, we authors will make a decision on our own :) Thanks, --Richard --0000000000006ebab70586e6fb04 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey all,

I&= #39;ve been working on implementing the tree-hashing scheme we discussed in= Prague.=C2=A0 I just=C2=A0 updated the PR with what I think is a pretty re= ady-to-merge change set:


Please send comments there in the next f= ew days.=C2=A0 Otherwise, we authors will make a decision on our own :)

Thanks,
--Richard
--0000000000006ebab70586e6fb04-- From nobody Fri Apr 19 15:17:38 2019 Return-Path: X-Original-To: mls@ietf.org Delivered-To: mls@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DD1A3120098; Fri, 19 Apr 2019 15:17:36 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: mls-chairs@ietf.org, mls@ietf.org, nick@cloudflare.com, kaduk@mit.edu X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <155571225682.5416.4060178659094008144.idtracker@ietfa.amsl.com> Date: Fri, 19 Apr 2019 15:17:36 -0700 Archived-At: Subject: [MLS] mls - New Interim Meeting Request X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 22:17:37 -0000 A new interim meeting request has just been submitted by Nick Sullivan. This request requires approval by the Area Director of the Security Area The meeting can be approved here: https://datatracker.ietf.org/meeting/interim/request/interim-2019-mls-02 --------------------------------------------------------- Working Group Name: Messaging Layer Security Area Name: Security Area Session Requester: Nick Sullivan City: Berlin Country: DE Session 1: Date: 2019-05-16 Start Time: 09:00 Europe/Berlin Duration: 08:00 Remote Participation Information: https://ietf.webex.com/ietf/j.php?MTID=md546be15e628910271eed585d1ad8567 Agenda Note: --------------------------------------------------------- From nobody Mon Apr 22 08:07:37 2019 Return-Path: X-Original-To: mls@ietf.org Delivered-To: mls@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 842531200C5; Mon, 22 Apr 2019 08:07:35 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IESG Secretary To: "IETF-Announce" Cc: mls@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <155594565535.21228.7364044433851017827@ietfa.amsl.com> Date: Mon, 22 Apr 2019 08:07:35 -0700 Archived-At: Subject: [MLS] Messaging Layer Security (mls) WG Interim Meeting: 2019-05-16 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 15:07:36 -0000 The Messaging Layer Security (mls) Working Group will hold an interim meeting on 2019-05-16 from 09:00 to 17:00 Europe/Berlin. Meeting Location: Berlin, DE Agenda: https://github.com/mlswg/wg-materials/blob/master/interim-2019-05/agenda.md Information about remote participation: https://ietf.webex.com/ietf/j.php?MTID=md546be15e628910271eed585d1ad8567 From nobody Mon Apr 22 09:08:12 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96951120132 for ; Mon, 22 Apr 2019 09:08:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cornell.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Q6lm5Ywcwpl for ; Mon, 22 Apr 2019 09:08:06 -0700 (PDT) Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A035112009E for ; Mon, 22 Apr 2019 09:08:06 -0700 (PDT) Received: by mail-it1-x134.google.com with SMTP id y134so18524782itc.5 for ; Mon, 22 Apr 2019 09:08:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cornell.edu; s=g.20171207; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LO5LkzogRCzCI10etA6FzN/80wJ7gQ6uTjPlGVomoss=; b=DPbjpj80VjY/8nNCpCYpgPhB0L19KgSpCBcxDIxHtToDcjASvaWcDyOQjXmEAtzqzH xBWhTeQ21Uf/wD7fz5R7EybXgk7UvsggZ7xK+5xudDZK9TUY3TNTR9VIZip1UGyi8ng+ XjxtypDbkAn8MLfZa1GJ/WPzEqpzWFe8kZOVE8/dz2MObN1Hj2+oro6hrmOdRd7rTU9s b2RK2X6uhNbFJIgti5HUcjfxbpwYzhELT9EEu6HAGaP6o1XlcutzuZwVnCjUR5XinSQW 7TDDs/1AppQocsG/e30DXmgjwXU6FA0BRr0WRzfpe+Jv+0ZbQ9LhBcS2E3RR1PppGWdE 6FlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LO5LkzogRCzCI10etA6FzN/80wJ7gQ6uTjPlGVomoss=; b=WkqusptbWAwLFVPb9AiwRpLCVojExPuHTfvJT41FsO70nrprQI2M5OWJYJNeOspTFA oeywBzacv1e4byBQB7VwlJ9sr2kfFfEpHAFjoJ0QbJ7E/rbHuPBPkyMPXJZordXMHVvc xSHYUQRbR2ZsEaRZVWKbKTyRR37mWx1pghvJyuUToroetbYpqGJVbdYZYDDzx/pqHl5m +kxYsmsv5ELfY3KkNBdRfS7JDHPxn9wLuug8PssVYzbHhVYt5lfpy38zw5cnXc+Yn3G7 Tt4dYeIZ3+VDgXhPTqcenlveIMrvQM7wJLl1yrdlEuZL4f1e1/S/EbOI2ZmP3JbmKiK7 kWgw== X-Gm-Message-State: APjAAAWCFl3s5HxCds4qfs3XLynAeYr+O37gmAjCfjTcMzuCqkNYHT9U GJn3VvmVrL+AtUCFybqock/fUTY6sTEK1P7MqHZGQg== X-Google-Smtp-Source: APXvYqx3yDtRJBHB/PY8BokNvjaoTlUMWKtV50s5JhJujMgC+GZhnLBHCZ4pGsiZ4jbLReBP40LGDZsQwdqO94oKULA= X-Received: by 2002:a24:ac56:: with SMTP id m22mr15492370iti.25.1555949285404; Mon, 22 Apr 2019 09:08:05 -0700 (PDT) MIME-Version: 1.0 References: <155594565535.21228.7364044433851017827@ietfa.amsl.com> In-Reply-To: <155594565535.21228.7364044433851017827@ietfa.amsl.com> From: Paul Grubbs Date: Mon, 22 Apr 2019 12:07:54 -0400 Message-ID: To: IESG Secretary Cc: IETF-Announce , mls@ietf.org Content-Type: multipart/alternative; boundary="0000000000007204ba058720ac85" Archived-At: Subject: Re: [MLS] Messaging Layer Security (mls) WG Interim Meeting: 2019-05-16 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 16:08:09 -0000 --0000000000007204ba058720ac85 Content-Type: text/plain; charset="UTF-8" Just a heads-up: the file https://github.com/mlswg/wg-materials/blob/master/interim-2019-05/agenda.md does not exist. On Mon, Apr 22, 2019 at 11:07 AM IESG Secretary wrote: > The Messaging Layer Security (mls) Working Group will hold > an interim meeting on 2019-05-16 from 09:00 to 17:00 Europe/Berlin. > > Meeting Location: > Berlin, DE > > Agenda: > https://github.com/mlswg/wg-materials/blob/master/interim-2019-05/agenda.md > > Information about remote participation: > https://ietf.webex.com/ietf/j.php?MTID=md546be15e628910271eed585d1ad8567 > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --0000000000007204ba058720ac85 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Just a heads-up: the file=C2=A0https://github.com/mlswg/wg-materia= ls/blob/master/interim-2019-05/agenda.md=C2=A0does not exist.

On M= on, Apr 22, 2019 at 11:07 AM IESG Secretary <iesg-secretary@ietf.org> wrote:
The Messaging Layer Security (mls) W= orking Group will hold
an interim meeting on 2019-05-16 from 09:00 to 17:00 Europe/Berlin.

Meeting Location:
Berlin, DE

Agenda:
https://github.com/mlswg/= wg-materials/blob/master/interim-2019-05/agenda.md

Information about remote participation:
https://ietf.webex.com/iet= f/j.php?MTID=3Dmd546be15e628910271eed585d1ad8567

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--0000000000007204ba058720ac85-- From nobody Mon Apr 22 15:05:10 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4346212012C for ; Mon, 22 Apr 2019 15:05:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJC15W8cMZC8 for ; Mon, 22 Apr 2019 15:05:05 -0700 (PDT) Received: from smtpext3.darkmatter.ae (smtpext3.darkmatter.ae [185.180.84.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23D51203D6 for ; Mon, 22 Apr 2019 15:05:03 -0700 (PDT) IronPort-SDR: XYlIPK8hmFbT0Z7bSqIPUczmyxo04xDLookGG3mHvHk+kFKPBBuoNndbWedjGxKzikFEBSZ0gi TfP5i96Y49dG2tHsB9LYfn0SB2qJNyX03C2hfT5Dodl5FAVR94bdAjaHVTWlVBWGfKhBeALpIy eLxi8EEm+5eqYM2zlCAEgEtCWHSHzxEQN59+5KZEq6xv7fhmxPz9SB8uw2IE62a7jI2RoBy3gc JWx3DU+L6M/2X4kpLdQl/8uPUkB8oRD6+aMDzQw19jAQW40kVIZlzB8avs69um7d2Wyq2sMgNG R9w= IronPort-PHdr: =?us-ascii?q?9a23=3AIBUjjBWCEsi5nIQvzzTygYX083zV8LGtZVwlr6?= =?us-ascii?q?E/grcLSJyIuqrYZRSBv6dThVPEFb/W9+hDw7KP9fy5ACpcv93Y7S5KMMQVEU?= =?us-ascii?q?Nc0YNOx01oKfXGIHWzFOTtYS0+EZYKf35e1Fb/D3JoHt3jbUbZuHy44G1aMB?= =?us-ascii?q?z+MQ1oOra9QdaK3Iy42O+o5pLcfRhDiiajbrNuNhW2qhjautULjYd4Jas91w?= =?us-ascii?q?bFrmFHdulXym9kOFKekhfh7cu04JJv7j5ctv08+8JcS6n2Y7g0QblFBzk6Lm?= =?us-ascii?q?4549HmuwPeRgWV/HscVWsWkhtMAwfb6RzxQ4n8vCjnuOdjwSeWJcL5Q6w6Vj?= =?us-ascii?q?Sk9KdrVQTniDwbOD4j8WHYkdJ/gaRGqx+8vRN/worUYIaINPpie67WYN0XSX?= =?us-ascii?q?ZdUstXSidMGZ23YZcRAOUdPOZYt4j9qEUIrRuiHgmnGefjxiZVinPqwaE21u?= =?us-ascii?q?IsGhzE0gM9BdIDqHTaosvoOqcOX+67z6fIwjfCb/xZxTjw85LIfgwjofyWQb?= =?us-ascii?q?58bcjcxE8yHA3FlFWQronlMiuJ2+QJrWea4PBvVeSyhGE5sQF6vyWhxscyhY?= =?us-ascii?q?nThYIVy1bE/jh+zYspId23VkF6bsSiEJRNqS6aLZF6TN4iQ252oiY6ybwGuZ?= =?us-ascii?q?igcScX0psn3R3fa/mdfIiU/hLsSvyRLS1ii317Yb+ygQu5/0anyu35TMa00V?= =?us-ascii?q?BKozJBktnNsHAN1ALc5dWGSvt75EuuxTGP1wXL5uFYL0E0lLbbK4I/zb4qjJ?= =?us-ascii?q?YcrUPDHirulEX3kqCWaksk9vKv6+T9bbXqvoKTOJVuigH9N6QhgNC/AfgmPQ?= =?us-ascii?q?gURWSU4/qz2bv+9kP6WLVHluA6nrXDvJzEO8gWqbS1DxJP3osn9xqzFyqq3M?= =?us-ascii?q?gCkXUZMl5IdwiLgormNl3UJP30EfGyiEm2njhx3fDJJLjhD43ILnjEjbjuY6?= =?us-ascii?q?5w61VZyAov1dBf4I9UCq0ZLPLzREDxsNvYAwc6MwOqw+fnE8xx2Z0RWGKTHK?= =?us-ascii?q?OVKr7dvkWS5uIsJumDfpMVuCrjJPg//fLhl2E2lUccfamvw5QXdGi1Eul6L0?= =?us-ascii?q?mDf3bgnNgMHX0XsgYkSOHmlEWOUTtJaHazW6I86Cs7CIWjDYrbWo2thKKO3S?= =?us-ascii?q?ihEZ1Qe29JFEqMHW31eYWERfgMciGSIs5nkjEfSLeuUZUh1RKrtADg17pnMv?= =?us-ascii?q?Tb+jcCuZ35ytd5//fTmg0q9TxoE8Sd1HmAQH9xnmwSWjA226V/rlZnyliZyq?= =?us-ascii?q?V4jPtYFdtc5/NNTAg2L4LTz+t/C9rqQALOYs+JSEq6QtWhGTwxS9Yxw8QVbk?= =?us-ascii?q?Z8Bdqikh7D0zCtA78PmLzYTKAzp4/Z1nS5AMN00X+OgKQkhlUhR8JVPEWpga?= =?us-ascii?q?lw8wWVDInMxRa3jaGvII0Y0T7E8muO1yK1vExCUw92GfHsWX0Pb03aoM6/3U?= =?us-ascii?q?PPVbyvD5wrOxFCzMeeNqZQLNTk2wYVDMz/McjTNjri01y7AgyFk/bVNNLn?= X-IPAS-Result: =?us-ascii?q?A2kJAAD0Ob5c/1oB4ApjAxkBAQEBAQEBAQEBAQEHAQEBA?= =?us-ascii?q?QEBgVMCAQEBAQELAYEOAVeBEoEsCoQElTWCGXFKh12NGhSBKxcWBwQECwEcA?= =?us-ascii?q?QoMgUmCdQIXhjA2Bw4BAwEBAQQBAQEBAgEBAQGBBQyCOikBEAQxHC8LBAEBA?= =?us-ascii?q?QEBAQEBASQBAQEBAQEBAQEBAQEBAQEBAQEBAQEUAjMICQMpAQEBAQMBAQMBH?= =?us-ascii?q?QIIASUTCAIJEAIBCA0EAQMBAQYBAQEYAQYDAgICBRAPAR8DBggBAQQOBAEIB?= =?us-ascii?q?oMVghenKoEvhUeEVRCBMgGEYF2DQnYQgxs/hCM+gmEBAQKBLAESAQ0ZBwkKF?= =?us-ascii?q?QIGCYJDglcEilMHASUkggmEP4duhFGCMoV5BwKCClSEPgErUYQqhUWCJCOCC?= =?us-ascii?q?16FS4xginKCMIRUS498AWYwWg8IMxpzgmwJgQ2BBBeBAQECRYIDhRSFP3KOL?= =?us-ascii?q?4EigSEBAQ?= X-IronPort-AV: E=Sophos;i="5.60,383,1549915200"; d="png'150?scan'150,208,217,150";a="3152597" Received: from ForcepointDLP ([10.224.1.90]) by keys-ext2.darkmatter.ae (PGP Universal service); Tue, 23 Apr 2019 02:04:58 +0400 X-PGP-Universal: processed; by keys-ext2.darkmatter.ae on Tue, 23 Apr 2019 02:04:58 +0400 Received: from ActiveEmail (ActiveEmail [127.0.0.1]) by ActiveEmail.localdomain (Service) with ESMTP id DB9C71800094; Tue, 23 Apr 2019 02:01:35 +0400 (+04) Received: from email.darkmatter.ae (adkdcsvmc002.darkmatter.uae [10.224.74.12]) by ActiveEmail.localdomain (Service) with ESMTPS id AE26D1800093; Tue, 23 Apr 2019 02:01:35 +0400 (+04) From: Alexander Sherkin To: Emad Omara CC: "mls@ietf.org" Thread-Topic: [MLS] Blocking Update messages for breaking post-compromise security Thread-Index: AdT2Fq8EwGQ6z+aDQLeq2OeQXxI1ZAAKXJsAAMFatJA= Date: Mon, 22 Apr 2019 22:04:57 +0000 Message-ID: <557a3023828245169ebb15939aa5d172@darkmatter.ae> References: In-Reply-To: Accept-Language: en-CA, en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.224.74.90] x-exclaimer-md-config: 77ff947c-8af8-48f1-8d81-f67dcf75dbee MIME-Version: 1.0 Content-Language: en-US Content-Type: multipart/related; boundary="_009_557a3023828245169ebb15939aa5d172darkmatterae_"; type="multipart/alternative" Archived-At: Subject: Re: [MLS] Blocking Update messages for breaking post-compromise security X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 22:05:08 -0000 --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: multipart/alternative; boundary="_000_557a3023828245169ebb15939aa5d172darkmatterae_" --_000_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRW1hZCwNCg0KVGhhbmsgeW91IGZvciB5b3VyIGNvbW1lbnRzLiBQbGVhc2UgZmluZCBhIGNv dXBsZSBvZiBjb21tZW50cyBiZWxvdyBpbmxpbmUuDQoNClRoYW5rcy4NCkFsZXguDQoNCg0KDQoN CkFsZXhhbmRlciBTaGVya2luDQogICAgICAgIFNvZnR3YXJlIEFyY2hpdGVjdA0KDQoNCg0KW2Np ZDppbWFnZWIyZTY2MS5QTkdAMzc1NTBiYjEuNDI5MTNkMjJdPGh0dHA6Ly93d3cuZGFya21hdHRl ci5hZT4NCg0KMiBSb2JlcnQgU3BlY2sgUGFya3dheSwgU3VpdGUgMTYxMA0KTWlzc2lzc2F1Z2Eg T04gIEw0WiAxSDgNCkNhbmFkYQ0KTVQrMSA0MTYgNDE0IDcxMTc8dGVsOisxJTIwNDE2JTIwNDE0 JTIwNzExNz4NCkVNQWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZTxtYWlsdG86QWxleGFu ZGVyLlNoZXJraW5AZGFya21hdHRlci5hZT4NCg0KZGFya21hdHRlci5hZTxodHRwOi8vZGFya21h dHRlci5hZT4NCg0KW0xpbmtlZGluXTxodHRwczovL3d3dy5saW5rZWRpbi5jb20vY29tcGFueS9k YXJrLW1hdHRlci1sbGM+IFtUd2l0dGVyXSA8aHR0cHM6Ly90d2l0dGVyLmNvbS9HdWFyZGVkYnlH ZW5pdXM+DQoNClRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIGVtYWlsIGlzIGludGVuZGVkIG9ubHkg Zm9yIHRoZSBwZXJzb24ocykgb3IgZW50aXR5IHRvIHdob20gaXQgaXMgYWRkcmVzc2VkIGFuZCBt YXkgY29udGFpbiBjb25maWRlbnRpYWwgb3IgcHJpdmlsZWdlZCBpbmZvcm1hdGlvbi4gSWYgeW91 IHJlY2VpdmUgdGhpcyBlbWFpbCBieSBlcnJvciwgcGxlYXNlIG5vdGlmeSB1cyBpbW1lZGlhdGVs eSwgZGVsZXRlIHRoZSBvcmlnaW5hbCBtZXNzYWdlIGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNv bnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZv cm1hdGlvbiBpbiBhbnkgbWVkaXVtIGFuZCBmb3Igd2hhdGV2ZXIgcHVycG9zZS4gQW55IHVuYXV0 aG9yaXplZCB1c2UgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4NCg0KRnJvbTogTUxTIFttYWlsdG86 bWxzLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBFbWFkIE9tYXJhDQpTZW50OiBBcHJp bCAxOCwgMjAxOSAxMTo0MSBQTQ0KVG86IEFsZXhhbmRlciBTaGVya2luIDxBbGV4YW5kZXIuU2hl cmtpbkBkYXJrbWF0dGVyLmFlPg0KQ2M6IG1sc0BpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtNTFNd IEJsb2NraW5nIFVwZGF0ZSBtZXNzYWdlcyBmb3IgYnJlYWtpbmcgcG9zdC1jb21wcm9taXNlIHNl Y3VyaXR5DQoNCg0KDQpPbiBUaHUsIEFwciAxOCwgMjAxOSBhdCAxMTo1NSBBTSBBbGV4YW5kZXIg U2hlcmtpbiA8QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZTxtYWlsdG86QWxleGFuZGVy LlNoZXJraW5AZGFya21hdHRlci5hZT4+IHdyb3RlOg0KSGkgRW1hZCwNCg0KQ291bGQgdGhlcmUg YmUgYSBzZXR1cCB3aGVyZSBlYWNoIEHigJlzIHBvaW50IG9mIHByZXNlbmNlIChkZXZpY2UpIHBh cnRpY2lwYXRlcyBhcyBhIHNlcGFyYXRlIGxlYWYgaW4gdGhlIHJhdGNoZXQgdHJlZT8gVGhlIGFk dmFudGFnZSBvZiBzdWNoIGFwcHJvYWNoIG1heSBiZSB0byBhdm9pZCB0aGUga2V5IHN5bmNocm9u aXphdGlvbiBwcm9ibGVtIGJldHdlZW4gcG9pbnRzIG9mIHByZXNlbmNlLg0KVGhpcyBpcyBhY3R1 YWxseSB0aGUgY3VycmVudCBhc3N1bXB0aW9uIGluIHRoZSBhcmNoaXRlY3R1cmUgZG9jdW1lbnQs IGVhY2ggZGV2aWNlIGlzIHJlcHJlc2VudGVkIGFzIGEgc2VwYXJhdGUgY2xpZW50LCBob3dldmVy IHdlIGFyZSBhbHNvIGN1cnJlbnRseSBsb29raW5nIGludG8gdXNpbmcgYSB2aXJ0dWFsIGNsaWVu dCBtb2RlIHdoZXJlIGFsbCBkZXZpY2VzIGFyZSBwcmVzZW50ZWQgaW4gYSBzaW5nbGUgbm9kZS4N Cg0KW0FsZXhdIERvZXMgaXQgbWVhbiB0aGF0IEkgZG8gbm90IG5lZWQgdG8gY29udHJvbCBhbGwg QeKAmXMgZGV2aWNlcywgYW5kIHByZXZlbnRpbmcganVzdCBvbmUgZGV2aWNlIGZyb20gc2VuZGlu ZyBVcGRhdGVzIHdpbGwgbWFrZSBhdHRhY2sgc3VjY2Vzc2Z1bD8NCg0KRG8geW91IHNlZSB0aGUg bWVjaGFuaXNtIG9mIHJlbW92aW5nIHVzZXJzIHdobyBkaWQgbm90IHNlbmQgVXBkYXRlcyByZWNl bnRseSBzaG91bGQgYmUgcGFydCBvZiB0aGUgcHJvdG9jb2wgb3Igc2hvdWxkIGl0IGJlIGRyaXZl biBieSB0aGUgYXBwPw0KV2VsbCwgSSBzZWUgdGhpcyBhcyBqdXN0IGEgcmVjb21tZW5kYXRpb24g dG8gdGhlIGFwcCwgbm90IHN1cmUgd2hhdCBjYW4gYmUgZG9uZSBhdCB0aGUgcHJvdG9jb2wgbGF5 ZXIhDQoNCltBbGV4XSBTYXkgSSB3YW50IHRvIGludGVncmF0ZSBNTFMgaW50byBteSBhcHAgYW5k IGZvbGxvdyB0aGUgcmVjb21tZW5kYXRpb24gb2Yga2lja2luZyBkZXZpY2VzIHRoYXQgaGF2ZSBu b3Qgc2VudCBVcGRhdGUgcmVjZW50bHkuIFRoaXMgbWVhbnMgdGhhdCBkZXZpY2VzIHRoYXQgaGF2 ZSBiZWVuIG9mZmxpbmUgZm9yIGEgd2hpbGUgKHZhY2F0aW9uLCBldGMpIHdpbGwgYmUgdW5hYmxl IHRvIHBhcnRpY2lwYXRlIGluIHRoZSBncm91cCBhZnRlciB0aGV5IGFyZSBiYWNrIG9ubGluZS4g SWRlYWxseSwgYXMgYW4gYXBwIGRldmVsb3BlciwgSSB3b3VsZCB3YW50IHRoZXNlIGRldmljZXMg dG8gYmUgYWJsZSB0byByZS1qb2luIGdyYWNlZnVsbHkgc28gd2UgYXJlIGJhY2sgaW4g4oCcU2Vs Zi1BZGTigJ0gcHJvYmxlbSBkb21haW4uDQoNCkkgZ3Vlc3MgdGhlIGFwcCBtYXkgYWxsb3cgZGV2 aWNlcyB0byByZS1qb2luIGJ5IHNlbmRpbmcgYWxsIHVzZXJzIEFkZCBjb21tYW5kIGVzc2VudGlh bGx5IHJlc2V0dGluZyB0aGUgcmF0Y2hldCB0cmVlLCBidXQgaXMgaXQgdGhlIGJlc3QgYXBwcm9h Y2g/IFNob3VsZCB0aGVyZSBiZSBtb3JlIGd1aWRhbmNlIGZyb20gdGhlIHByb3RvY29sPyBPciBz aG91bGQgdGhlIHByb3RvY29sIGV4cGxpY2l0bHkgc3RhdGUgd2hlbiBkZXZpY2VzIHNob3VsZCBy ZW1vdmUgaW5hY3RpdmUgbGVhZiBub2Rlcz8gSWYgdGhpcyBkZWNpc2lvbiBpcyBub3QgcGFydCBv ZiB0aGUgcHJvdG9jb2wsIGl0IG1heSBub3QgYmUgY2xlYXIgd2hhdCBwb3N0LWNvbXByb21pc2Ug c2VjdXJpdHkgcHJvcGVydGllcyBhcmUgZ3VhcmFudGVlZCBieSB0aGUgcHJvdG9jb2wuDQoNCg0K VGhhbmsgeW91Lg0KQWxleC4NCg0KDQoNCg0KQWxleGFuZGVyIFNoZXJraW4NCg0KU29mdHdhcmUg QXJjaGl0ZWN0DQoNCg0KDQpbY2lkOmltYWdlMDAxLnBuZ0AwMUQ0RjkyNC4xOTYzRDk2MF08aHR0 cDovL3d3dy5kYXJrbWF0dGVyLmFlLz4NCg0KDQoyIFJvYmVydCBTcGVjayBQYXJrd2F5LCBTdWl0 ZSAxNjEwDQpNaXNzaXNzYXVnYSBPTiAgTDRaIDFIOA0KQ2FuYWRhDQpNVCsxIDQxNiA0MTQgNzEx Nzx0ZWw6KzElMjA0MTYlMjA0MTQlMjA3MTE3Pg0KRU1BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0 dGVyLi5hZTxtYWlsdG86QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZT4NCg0KZGFya21h dHRlci5hZTxodHRwOi8vZGFya21hdHRlci5hZT4NCg0KW0xpbmtlZGluXTxodHRwczovL3d3dy5s aW5rZWRpbi5jb20vY29tcGFueS9kYXJrLW1hdHRlci1sbGM+IFtUd2l0dGVyXSA8aHR0cHM6Ly90 d2l0dGVyLmNvbS9HdWFyZGVkYnlHZW5pdXM+DQoNClRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIGVt YWlsIGlzIGludGVuZGVkIG9ubHkgZm9yIHRoZSBwZXJzb24ocykgb3IgZW50aXR5IHRvIHdob20g aXQgaXMgYWRkcmVzc2VkIGFuZCBtYXkgY29udGFpbiBjb25maWRlbnRpYWwgb3IgcHJpdmlsZWdl ZCBpbmZvcm1hdGlvbi4gSWYgeW91IHJlY2VpdmUgdGhpcyBlbWFpbCBieSBlcnJvciwgcGxlYXNl IG5vdGlmeSB1cyBpbW1lZGlhdGVseSwgZGVsZXRlIHRoZSBvcmlnaW5hbCBtZXNzYWdlIGFuZCBk byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBvciBz dG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtIGFuZCBmb3Igd2hhdGV2 ZXIgcHVycG9zZS4gQW55IHVuYXV0aG9yaXplZCB1c2UgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4N CkZyb206IEVtYWQgT21hcmEgW21haWx0bzplbWFkb21hcmFAZ29vZ2xlLmNvbTxtYWlsdG86ZW1h ZG9tYXJhQGdvb2dsZS5jb20+XQ0KU2VudDogQXByaWwgMTcsIDIwMTkgNToxMiBQTQ0KVG86IEFs ZXhhbmRlciBTaGVya2luIDxBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPG1haWx0bzpB bGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPj4NCkNjOiBtbHNAaWV0Zi5vcmc8bWFpbHRv Om1sc0BpZXRmLm9yZz4NClN1YmplY3Q6IE1hbHdhcmVbU1VTUElDSU9VUyBNRVNTQUdFXSBJdCBt YXkgdHJpY2sgdmljdGltcyBpbnRvIGNsaWNraW5nIGEgbGluayBhbmQgZG93bmxvYWRpbmcgbWFs d2FyZS4gRG8gbm90IG9wZW4gc3VzcGljaW91cyBsaW5rcy5SZTogW01MU10gQmxvY2tpbmcgVXBk YXRlIG1lc3NhZ2VzIGZvciBicmVha2luZyBwb3N0LWNvbXByb21pc2Ugc2VjdXJpdHkNCg0KSGkg QWxleCwNCg0KSSB0aGluayB0aGUgYXR0YWNrIG1ha2VzIHNlbnNlLCBob3dldmVyIGl0IGFzc3Vt ZXMgdGhlIGF0dGFja2VyIGhhcyBzb21lIHNvcnQgb2YgY29udHJvbCBmb3IgdGhlIG5ldHdvcmsg b2YgYWxsIEEncyBkZXZpY2VzIGluIG9yZGVyIHRvIHBlcmZvcm0gdGhlIERvUy4gT25lIG1pdGln YXRpb24gd2UgZGlzY3Vzc2VkIGJlZm9yZSB0aGF0IGNvdWxkIGhlbHAgaW4gdGhpcyBhdHRhY2sg aXMgdG8gZm9yY2UgdGhlIG1heCB1cGRhdGUgd2luZG93LCBzbyBpZiBhIGNsaWVudCBoYXMgaXNz dWVkIGFueSB1cGRhdGUgaW4gdGhlIGxhc3QgTiBkYXlzLCB0aGUgYXBwIGNhbiBkZWNpZGUgdG8g a2ljayBpdCBvdXQgb2YgdGhlIGdyb3VwLCBvdCBhdCBsZWFzdCBpc3N1ZSBhIHdhcm5pbmcgdG8g b3RoZXIgdXNlcnMuDQoNCkVtYWQNCg0KT24gV2VkLCBBcHIgMTcsIDIwMTkgYXQgMTo1OCBQTSBB bGV4YW5kZXIgU2hlcmtpbiA8QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZTxtYWlsdG86 QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZT4+IHdyb3RlOg0KSGVsbG8sDQoNCkkgdGhp bmsgd2UgYnJpZWZseSBkaXNjdXNzZWQgdGhpcyBwcm9ibGVtIGluIHRoZSBjb250ZXh0IG9mIOKA nGluYWN0aXZlIHVzZXJz4oCdLCBidXQgSSB3YW50IHRvIGJyaW5nIHRoaXMgdXAgYWdhaW4gZm9y IGRpc2N1c3Npb24uDQoNCkxldOKAmXMgYXNzdW1lIGFuIGF0dGFja2VyIGNvbXByb21pc2VzIHVz ZXIgQSBhbmQgcmVjb3ZlcnMgdXNlciBB4oCZcyBjcnlwdG9ncmFwaGljIHN0YXRlIGluY2x1ZGlu ZyB0aGUgbGVhZiBzZWNyZXQuLiBBZnRlciB1c2VyIEEgaXMgY29tcHJvbWlzZWQsIHRoZSBhdHRh Y2tlciBubyBsb25nZXIgY29udHJvbHMgdXNlciBBLiBVc2VyIEEgd2lsbCBldmVudHVhbGx5IHNl bmQgYW4gVXBkYXRlIG1lc3NhZ2UsIGFuZCB0aGUgYXR0YWNrZXIgd2lsbCBubyBsb25nZXIgaGF2 ZSBhY2Nlc3MgdG8gdGhlIHJvb3Qga2V5LiBXZSBnZXQgcG9zdC1jb21wcm9taXNlIHNlY3VyaXR5 IHByb3BlcnR5Lg0KDQpIb3dldmVyLCBsZXTigJlzIGFzc3VtZSB0aGF0IGFmdGVyIGNvbXByb21p c2luZyB1c2VyIEEgYW5kIHJlY292ZXJpbmcgdXNlciBBIGNyeXB0byBzdGF0ZSwgdGhlIGF0dGFj a2VyIHBlcmZvcm1zIGEgZGVuaWFsIG9mIHNlcnZpY2UgYXR0YWNrIG9uIHVzZXIgQSBVcGRhdGUg bWVzc2FnZXMgKG9yIGFsbCBtZXNzYWdlcyBmcm9tIHVzZXIgQSkuIFRoZSBhdHRhY2tlciB0aGVu IG9ic2VydmVzIHRoZSB0cmFmZmljLiBUaGUgYXR0YWNrZXIgd2lsbCBiZSBhYmxlIHRvIGRlY3J5 cHQgVXBkYXRlIG1lc3NhZ2VzIGZyb20gb3RoZXIgcGFydGljaXBhbnRzIGFuZCBkZWNyeXB0IGRh dGEtY2FycnlpbmcgbWVzc2FnZXMgYXMgbG9uZyBhcyBvdGhlciBwYXJ0aWNpcGFudHMgaW5jbHVk ZSB1c2VyIEEgaW4gdGhlaXIgcmF0Y2hldCB0cmVlcy4NCg0KQXMgYW4gaW50ZXJlc3RpbmcgdGhv dWdodCBleHBlcmltZW50LCB3ZSBjYW4gdHJ5IHRvIGFwcGx5IHRoZSBzYW1lIGF0dGFjayB0byBv bmUtb24tb25lIHVzZSBjYXNlIHdoZW4gZG91YmxlIHJhdGNoZXRpbmcgaXMgdXNlZC4uIFRvIHBy ZXZlbnQgcmF0Y2hldGluZywgdGhlIGF0dGFja2VyIGhhcyB0byBibG9jayBtZXNzYWdlcyBmcm9t IG9uZSBvZiB0aGUgcGFydGljaXBhbnRzLiBQcmFjdGljYWxseSwgdGhpcyBtZWFucyB0aGF0IHRo ZSBhdHRhY2tlciBkZXN0cm95cyB0aGUgcG9zc2liaWxpdHkgb2YgdHdvIHBhcnRpY2lwYW50cyBo YXZpbmcgYSBjb252ZXJzYXRpb247IGhlbmNlLCBkYXRhIGNvbGxlY3RlZCBieSB0aGUgYXR0YWNr IHdpbGwgYmUgb25lIHBhcnRpY2lwYW50c+KAmSBtb25vbG9ndWUgYW5kIG1heSBub3QgYmUgYXMg dmFsdWFibGUuIEluIGNvbnRyYXN0LCB3aGVuIDEgb3V0IG9mIDEwMDAgdXNlcnMgaXMgaXNvbGF0 ZWQsIDk5OSByZW1haW5pbmcgdXNlcnMgd2lsbCBjb250aW51ZSBoYXZpbmcgcHJvZHVjdGl2ZSBj b252ZXJzYXRpb24gY3JlYXRpbmcgdmFsdWFibGUgZGF0YSB0aGF0IHRoZSBhdHRhY2tlciBtYXkg aW50ZXJjZXB0IGFuZCBkZWNyeXB0Lg0KDQpJZiB0aGUgYWJvdmUgYXR0YWNrIHZlY3RvciBtYWtl cyBzZW5zZSwgc2hvdWxkIHdlIGNvbnNpZGVyIGV4Y2x1ZGluZyB1c2VycyB3aG8gZGlkIG5vdCBz ZW5kIFVwZGF0ZSBtZXNzYWdlcyByZWNlbnRseSBlbm91Z2ggZnJvbSB0aGUgcmF0Y2hldCB0cmVl Pw0KDQpUaGFuayB5b3UuDQpBbGV4Lg0KDQoNCg0KDQoNCg0KQWxleGFuZGVyIFNoZXJraW4NCg0K U29mdHdhcmUgQXJjaGl0ZWN0DQoNCg0KDQpbY2lkOmltYWdlMDAxLnBuZ0AwMUQ0RjVDNy4yRDhC MDZEMF08aHR0cDovL3d3dy5kYXJrbWF0dGVyLmFlLz4NCg0KDQoyIFJvYmVydCBTcGVjayBQYXJr d2F5LCBTdWl0ZSAxNjEwDQpNaXNzaXNzYXVnYSBPTiAgTDRaIDFIOA0KQ2FuYWRhDQpNVCsxIDQx NiA0MTQgNzExNzx0ZWw6KzElMjA0MTYlMjA0MTQlMjA3MTE3Pg0KRU1BbGV4YW5kZXIuU2hlcmtp bkBkYXJrbWF0dGVyLmFlPG1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPg0K DQpkYXJrbWF0dGVyLmFlPGh0dHA6Ly9kYXJrbWF0dGVyLmFlPg0KDQpbTGlua2VkaW5dPGh0dHBz Oi8vd3d3LmxpbmtlZGluLmNvbS9jb21wYW55L2RhcmstbWF0dGVyLWxsYz4gW1R3aXR0ZXJdIDxo dHRwczovL3R3aXR0ZXIuY29tL0d1YXJkZWRieUdlbml1cz4NCg0KVGhlIGluZm9ybWF0aW9uIGlu IHRoaXMgZW1haWwgaXMgaW50ZW5kZWQgb25seSBmb3IgdGhlIHBlcnNvbihzKSBvciBlbnRpdHkg dG8gd2hvbSBpdCBpcyBhZGRyZXNzZWQgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBvciBw cml2aWxlZ2VkIGluZm9ybWF0aW9uLiBJZiB5b3UgcmVjZWl2ZSB0aGlzIGVtYWlsIGJ5IGVycm9y LCBwbGVhc2Ugbm90aWZ5IHVzIGltbWVkaWF0ZWx5LCBkZWxldGUgdGhlIG9yaWdpbmFsIG1lc3Nh Z2UgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwg dXNlIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0gYW5kIGZv ciB3aGF0ZXZlciBwdXJwb3NlLiBBbnkgdW5hdXRob3JpemVkIHVzZSBpcyBzdHJpY3RseSBwcm9o aWJpdGVkLg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N Ck1MUyBtYWlsaW5nIGxpc3QNCk1MU0BpZXRmLm9yZzxtYWlsdG86TUxTQGlldGYub3JnPg0KaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9tbHMNCg== --_000_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjwhLS0gVGVtcGxhdGUgZ2VuZXJhdGVkIGJ5IEV4Y2xh aW1lciBTaWduYXR1cmUgTWFuYWdlciBFeGNoYW5nZSBFZGl0aW9uIG9uIDAyOjA0OjU3IFR1ZXNk YXksIDIzIEFwcmlsIDIwMTkgLS0+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNv bnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3Mi PlAuSW1wcmludFVuaXF1ZUlEIHsNCglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpMSS5JbXByaW50 VW5pcXVlSUQgew0KCU1BUkdJTjogMGNtIDBjbSAwcHQNCn0NCkRJVi5JbXByaW50VW5pcXVlSUQg ew0KCU1BUkdJTjogMGNtIDBjbSAwcHQNCn0NClRBQkxFLkltcHJpbnRVbmlxdWVJRFRhYmxlIHsN CglNQVJHSU46IDBjbSAwY20gMHB0DQp9DQpESVYuU2VjdGlvbjEgew0KCXBhZ2U6IFNlY3Rpb24x DQp9DQo8L3N0eWxlPg0KPG1ldGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQg V29yZCAxNSAoZmlsdGVyZWQgbWVkaXVtKSI+DQo8IS0tW2lmICFtc29dPjxzdHlsZT52XDoqIHti ZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQpvXDoqIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQj Vk1MKTt9DQp3XDoqIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQouc2hhcGUge2JlaGF2 aW9yOnVybCgjZGVmYXVsdCNWTUwpO30NCjwvc3R5bGU+PCFbZW5kaWZdLS0+PHN0eWxlPjwhLS0N Ci8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJy aWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0K QGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpWZXJkYW5hOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDMg NSA0IDQgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNv Tm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAw MXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIs c2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRl ZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJ Y29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5 bGUtcHJpb3JpdHk6OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0 OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHls ZS1uYW1lOm1zb25vcm1hbDsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls eToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5 bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp ZjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4 cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNh bnMtc2VyaWY7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29yZFNlY3Rp b24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBw dCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48 L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0i ZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1z byA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9 ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8 L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1DQSIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8 ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkhpIEVtYWQs PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5UaGFuayB5b3UgZm9yIHlv dXIgY29tbWVudHMuIFBsZWFzZSBmaW5kIGEgY291cGxlIG9mIGNvbW1lbnRzIGJlbG93IGlubGlu ZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPlRoYW5rcy48YnI+DQpB bGV4LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZiI+PC9zcGFuPjwvYj48L3A+DQo8L2Rpdj4NCjxicj4NCjxicj4NCjx0YWJs ZSBjbGFzcz0iSW1wcmludFVuaXF1ZUlEVGFibGUiIHN0eWxlPSJCT1JERVItQ09MTEFQU0U6IGNv bGxhcHNlIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIHdpZHRoPSIxMDAlIiBib3Jk ZXI9IjAiPg0KPHRib2R5Pg0KPHRyPg0KPHRkIHdpZHRoPSIzNTAiPjxmb250IHN0eWxlPSJmb250 LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZToxMHB0O2NvbG9yOiM5NkQ3MDA7Zm9udC13ZWlnaHQ6 Ym9sZDsiPkFsZXhhbmRlciBTaGVya2luPC9mb250Pjxicj4NCjx0YWJsZSBjZWxscGFkZGluZz0i MCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hOyBmb250LXNpemU6 OXB0OyBjb2xvcjojMDAwMDAwOyB0ZXh0LWFsaWduOiBsZWZ0OyB2ZXJ0aWNhbC1hbGlnbjogdG9w OyIgY2xhc3M9ImQ2MTg4NWUyLTdlMWMtNDUxMC1hOTQxLTZmZjliNWNkMGQwZlRhYmxlIj4NCjx0 Ym9keT4NCjx0ciBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDsgdmVydGljYWwtYWxpZ246IHRvcDsg Ij4NCjx0ZCBhbGlnbj0iTm90U2V0IiBzdHlsZT0iIj48Zm9udCBzdHlsZT0iZm9udC1mYW1pbHk6 VmVyZGFuYTtmb250LXNpemU6OXB0O2NvbG9yOiMwMDAwMDA7Ij48L2ZvbnQ+PC90ZD4NCjx0ZCBh bGlnbj0iTm90U2V0IiBzdHlsZT0iIj48Zm9udCBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtm b250LXNpemU6OXB0O2NvbG9yOiMwMDAwMDA7Ij5Tb2Z0d2FyZSBBcmNoaXRlY3Q8L2ZvbnQ+PC90 ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjxicj4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0K PGJyPg0KPHRkIG5vd3JhcD0iIj48YSBocmVmPSJodHRwOi8vd3d3LmRhcmttYXR0ZXIuYWUiIHRh cmdldD0iIj48aW1nIHdpZHRoPSIyMTkiIGhlaWdodD0iMzYiIHN0eWxlPSJib3JkZXI6IDBweCBT b2xpZCA7ICIgc3JjPSJjaWQ6aW1hZ2ViMmU2NjEuUE5HQDM3NTUwYmIxLjQyOTEzZDIyIj48L2E+ PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjxmb250IHN0eWxlPSJGT05ULVNJWkU6 IDhwdDsgQ09MT1I6ICNhMWExYTEiIHNpemU9IiYjNDM7MCI+PGZvbnQgY29sb3I9IiNhNWE1YTUi Pjxicj4NCjxmb250IHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2ZvbnQtc2l6ZTo4cHQ7Y29s b3I6QmxhY2s7Ij4yIFJvYmVydCBTcGVjayBQYXJrd2F5LCBTdWl0ZSAxNjEwPGJyPg0KTWlzc2lz c2F1Z2EgT04gJm5ic3A7TDRaIDFIODwvZm9udD48YnI+DQo8Zm9udCBzdHlsZT0iZm9udC1mYW1p bHk6VmVyZGFuYTtmb250LXNpemU6OHB0O2NvbG9yOkJsYWNrOyI+Q2FuYWRhPC9mb250Pjxicj4N Cjxmb250IGNvbG9yPSJibGFjayI+PGZvbnQgZmFjZT0iVmVyZGFuYSI+PHN0cm9uZz48Zm9udCBj b2xvcj0iIzk2ZDcwMCIgc2l6ZT0iMSI+TTxmb250IGNvbG9yPSIjZmZmZmZmIj5UPC9mb250Pjwv Zm9udD48L3N0cm9uZz48L2ZvbnQ+PC9mb250PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpWZXJk YW5hO2ZvbnQtc2l6ZTo4cHQ7Y29sb3I6QmxhY2s7Ij48YSBocmVmPSJ0ZWw6JiM0MzsxIDQxNiA0 MTQgNzExNyIgdGl0bGU9IiIgdGFyZ2V0PSIiIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hO2Zv bnQtc2l6ZTo4cHQ7Y29sb3I6QmxhY2s7Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFu YTsgZm9udC1zaXplOjhwdDsgY29sb3I6QmxhY2s7Ij4mIzQzOzENCiA0MTYgNDE0IDcxMTc8L3Nw YW4+PC9hPjwvc3Bhbj48YnI+DQo8Zm9udCBmYWNlPSJWZXJkYW5hIj48Zm9udCBjb2xvcj0iIzk2 ZDcwMCIgc2l6ZT0iMSI+PHN0cm9uZz5FPGZvbnQgY29sb3I9IiNmZmZmZmYiPk08L2ZvbnQ+PC9z dHJvbmc+PC9mb250PjwvZm9udD48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTtmb250 LXNpemU6OHB0O2NvbG9yOkJsYWNrOyI+PGEgaHJlZj0ibWFpbHRvOkFsZXhhbmRlci5TaGVya2lu QGRhcmttYXR0ZXIuYWUiIHRpdGxlPSJDbGljayB0byBzZW5kIGVtYWlsIHRvIEFsZXhhbmRlciBT aGVya2luIiB0YXJnZXQ9IiIgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmE7Zm9udC1zaXplOjhw dDtjb2xvcjpCbGFjazsiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpWZXJkYW5hOyBmb250LXNp emU6OHB0OyBjb2xvcjpCbGFjazsiPkFsZXhhbmRlci5TaGVya2luQGRhcmttYXR0ZXIuYWU8L3Nw YW4+PC9hPjwvc3Bhbj48YnI+DQo8YnI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFu YTtmb250LXNpemU6OHB0O2NvbG9yOiM5NkQ3MDA7Zm9udC13ZWlnaHQ6Ym9sZDsiPjxhIGhyZWY9 Imh0dHA6Ly9kYXJrbWF0dGVyLmFlIiB0aXRsZT0iIiB0YXJnZXQ9IiIgc3R5bGU9ImZvbnQtZmFt aWx5OlZlcmRhbmE7Zm9udC1zaXplOjhwdDtjb2xvcjojOTZENzAwO2ZvbnQtd2VpZ2h0OmJvbGQ7 Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6VmVyZGFuYTsgZm9udC1zaXplOjhwdDsgY29sb3I6 Izk2RDcwMDsgZm9udC13ZWlnaHQ6Ym9sZDsiPmRhcmttYXR0ZXIuYWU8L3NwYW4+PC9hPjwvc3Bh bj48YnI+DQo8YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5saW5rZWRpbi5jb20vY29tcGFueS9k YXJrLW1hdHRlci1sbGMiIHRhcmdldD0iIj48aW1nIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgc3R5 bGU9ImJvcmRlcjogMHB4IFNvbGlkIDsgIiBzcmM9ImNpZDppbWFnZTg4ZjVjOC5QTkdAOTI5ZDQz MTkuNGViNTU4MDMiIGFsdD0iTGlua2VkaW4iPjwvYT4mbmJzcDs8YSBocmVmPSJodHRwczovL3R3 aXR0ZXIuY29tL0d1YXJkZWRieUdlbml1cyIgdGFyZ2V0PSIiPjxpbWcgd2lkdGg9IjMyIiBoZWln aHQ9IjMyIiBzdHlsZT0iYm9yZGVyOiAwcHggU29saWQgOyAiIHNyYz0iY2lkOmltYWdlMzk2ZTAy LlBOR0A4NTY0ZThlNy40YTlkODBmZCIgYWx0PSJUd2l0dGVyIj48L2E+DQo8cCBpZD0idW5kZWZp bmVkIj48L3A+DQo8YnI+DQo8Zm9udCBzaXplPSIxIiBmYWNlPSJWZXJkYW5hIj5UaGUgaW5mb3Jt YXRpb24gaW4gdGhpcyBlbWFpbCBpcyBpbnRlbmRlZCBvbmx5IGZvciB0aGUgcGVyc29uKHMpIG9y IGVudGl0eSB0byB3aG9tIGl0IGlzIGFkZHJlc3NlZCBhbmQgbWF5IGNvbnRhaW4gY29uZmlkZW50 aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24uIElmIHlvdSByZWNlaXZlIHRoaXMgZW1haWwg YnkgZXJyb3IsIHBsZWFzZSBub3RpZnkgdXMgaW1tZWRpYXRlbHksIGRlbGV0ZQ0KIHRoZSBvcmln aW5hbCBtZXNzYWdlIGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhl ciBwZXJzb24sIHVzZSBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVk aXVtIGFuZCBmb3Igd2hhdGV2ZXIgcHVycG9zZS4gQW55IHVuYXV0aG9yaXplZCB1c2UgaXMgc3Ry aWN0bHkgcHJvaGliaXRlZC48YnI+DQo8L2ZvbnQ+PC9mb250PjwvZm9udD48YnI+DQo8ZGl2IGNs YXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0i RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiPiBNTFMgW21haWx0bzptbHMtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBP ZiA8L2I+RW1hZCBPbWFyYTxicj4NCjxiPlNlbnQ6PC9iPiBBcHJpbCAxOCwgMjAxOSAxMTo0MSBQ TTxicj4NCjxiPlRvOjwvYj4gQWxleGFuZGVyIFNoZXJraW4gJmx0O0FsZXhhbmRlci5TaGVya2lu QGRhcmttYXR0ZXIuYWUmZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBtbHNAaWV0Zi5vcmc8YnI+DQo8Yj5T dWJqZWN0OjwvYj4gUmU6IFtNTFNdIEJsb2NraW5nIFVwZGF0ZSBtZXNzYWdlcyBmb3IgYnJlYWtp bmcgcG9zdC1jb21wcm9taXNlIHNlY3VyaXR5PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+T24gVGh1LCBBcHIgMTgsIDIwMTkgYXQgMTE6NTUgQU0gQWxleGFuZGVyIFNo ZXJraW4gJmx0OzxhIGhyZWY9Im1haWx0bzpBbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFl Ij5BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlPC9hPiZndDsgd3JvdGU6PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206 NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj5IaSBFbWFkLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwv c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0QiPkNvdWxkIHRoZXJlIGJlIGEgc2V0dXAgd2hlcmUgZWFjaCBB4oCZ cyBwb2ludCBvZiBwcmVzZW5jZSAoZGV2aWNlKSBwYXJ0aWNpcGF0ZXMgYXMgYSBzZXBhcmF0ZSBs ZWFmIGluDQogdGhlIHJhdGNoZXQgdHJlZT8gVGhlIGFkdmFudGFnZSBvZiBzdWNoIGFwcHJvYWNo IG1heSBiZSB0byBhdm9pZCB0aGUga2V5IHN5bmNocm9uaXphdGlvbiBwcm9ibGVtIGJldHdlZW4g cG9pbnRzIG9mIHByZXNlbmNlLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhpcyBpcyBhY3R1 YWxseSB0aGUgY3VycmVudCBhc3N1bXB0aW9uIGluIHRoZSBhcmNoaXRlY3R1cmUgZG9jdW1lbnQs IGVhY2ggZGV2aWNlIGlzIHJlcHJlc2VudGVkIGFzIGEgc2VwYXJhdGUgY2xpZW50LCBob3dldmVy IHdlIGFyZSBhbHNvIGN1cnJlbnRseSBsb29raW5nIGludG8gdXNpbmcgYSB2aXJ0dWFsIGNsaWVu dCBtb2RlIHdoZXJlIGFsbCBkZXZpY2VzIGFyZSBwcmVzZW50ZWQgaW4gYSBzaW5nbGUgbm9kZS48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM1NDgyMzU7bXNvLXN0 eWxlLXRleHRmaWxsLWZpbGwtY29sb3I6IzU0ODIzNTttc28tc3R5bGUtdGV4dGZpbGwtZmlsbC1h bHBoYToxMDAuMCUiPltBbGV4XSBEb2VzIGl0IG1lYW4gdGhhdCBJIGRvIG5vdCBuZWVkIHRvIGNv bnRyb2wgYWxsIEHigJlzIGRldmljZXMsIGFuZCBwcmV2ZW50aW5nIGp1c3Qgb25lIGRldmljZSBm cm9tIHNlbmRpbmcgVXBkYXRlcyB3aWxsIG1ha2UgYXR0YWNrDQogc3VjY2Vzc2Z1bD8gPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0 O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJn aW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4m bmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8Ymxv Y2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBw dDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6 NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+ RG8geW91IHNlZSB0aGUgbWVjaGFuaXNtIG9mIHJlbW92aW5nIHVzZXJzIHdobyBkaWQgbm90IHNl bmQgVXBkYXRlcyByZWNlbnRseSBzaG91bGQgYmUgcGFydCBvZiB0aGUNCiBwcm90b2NvbCBvciBz aG91bGQgaXQgYmUgZHJpdmVuIGJ5IHRoZSBhcHA/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5X ZWxsLCBJIHNlZSB0aGlzIGFzIGp1c3QgYSByZWNvbW1lbmRhdGlvbiB0byB0aGUgYXBwLCBub3Qg c3VyZSB3aGF0IGNhbiBiZSBkb25lIGF0IHRoZSBwcm90b2NvbCBsYXllciEmbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM1NDgyMzU7bXNvLXN0eWxlLXRl eHRmaWxsLWZpbGwtY29sb3I6IzU0ODIzNTttc28tc3R5bGUtdGV4dGZpbGwtZmlsbC1hbHBoYTox MDAuMCUiPltBbGV4XSBTYXkgSSB3YW50IHRvIGludGVncmF0ZSBNTFMgaW50byBteSBhcHAgYW5k IGZvbGxvdyB0aGUgcmVjb21tZW5kYXRpb24gb2Yga2lja2luZyBkZXZpY2VzIHRoYXQgaGF2ZSBu b3Qgc2VudCBVcGRhdGUgcmVjZW50bHkuIFRoaXMNCiBtZWFucyB0aGF0IGRldmljZXMgdGhhdCBo YXZlIGJlZW4gb2ZmbGluZSBmb3IgYSB3aGlsZSAodmFjYXRpb24sIGV0Yykgd2lsbCBiZSB1bmFi bGUgdG8gcGFydGljaXBhdGUgaW4gdGhlIGdyb3VwIGFmdGVyIHRoZXkgYXJlIGJhY2sgb25saW5l LiBJZGVhbGx5LCBhcyBhbiBhcHAgZGV2ZWxvcGVyLCBJIHdvdWxkIHdhbnQgdGhlc2UgZGV2aWNl cyB0byBiZSBhYmxlIHRvIHJlLWpvaW4gZ3JhY2VmdWxseSBzbyB3ZSBhcmUgYmFjayBpbiDigJxT ZWxmLUFkZOKAnQ0KIHByb2JsZW0gZG9tYWluLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzU0ODIzNTttc28tc3R5bGUtdGV4 dGZpbGwtZmlsbC1jb2xvcjojNTQ4MjM1O21zby1zdHlsZS10ZXh0ZmlsbC1maWxsLWFscGhhOjEw MC4wJSI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImNvbG9yOiM1NDgyMzU7bXNvLXN0eWxlLXRleHRmaWxsLWZpbGwtY29sb3I6 IzU0ODIzNTttc28tc3R5bGUtdGV4dGZpbGwtZmlsbC1hbHBoYToxMDAuMCUiPkkgZ3Vlc3MgdGhl IGFwcCBtYXkgYWxsb3cgZGV2aWNlcyB0byByZS1qb2luIGJ5IHNlbmRpbmcgYWxsIHVzZXJzIEFk ZCBjb21tYW5kIGVzc2VudGlhbGx5IHJlc2V0dGluZyB0aGUgcmF0Y2hldCB0cmVlLCBidXQgaXMg aXQgdGhlIGJlc3QNCiBhcHByb2FjaD8gU2hvdWxkIHRoZXJlIGJlIG1vcmUgZ3VpZGFuY2UgZnJv bSB0aGUgcHJvdG9jb2w/IE9yIHNob3VsZCB0aGUgcHJvdG9jb2wgZXhwbGljaXRseSBzdGF0ZSB3 aGVuIGRldmljZXMgc2hvdWxkIHJlbW92ZSBpbmFjdGl2ZSBsZWFmIG5vZGVzPyBJZiB0aGlzIGRl Y2lzaW9uIGlzIG5vdCBwYXJ0IG9mIHRoZSBwcm90b2NvbCwgaXQgbWF5IG5vdCBiZSBjbGVhciB3 aGF0IHBvc3QtY29tcHJvbWlzZSBzZWN1cml0eSBwcm9wZXJ0aWVzIGFyZQ0KIGd1YXJhbnRlZWQg YnkgdGhlIHByb3RvY29sLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojNTQ4MjM1O21zby1zdHlsZS10ZXh0ZmlsbC1maWxsLWNv bG9yOiM1NDgyMzU7bXNvLXN0eWxlLXRleHRmaWxsLWZpbGwtYWxwaGE6MTAwLjAlIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20g Ni4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNt O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0 OTdEIj5UaGFuayB5b3UuPGJyPg0KQWxleC48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3Nw YW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+ PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn aW4tYm90dG9tOjEyLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8dGFibGUgY2xhc3M9Ik1z b05vcm1hbFRhYmxlIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIg d2lkdGg9IjEwMCUiIHN0eWxlPSJ3aWR0aDoxMDAuMCU7Ym9yZGVyLWNvbGxhcHNlOmNvbGxhcHNl Ij4NCjx0Ym9keT4NCjx0cj4NCjx0ZCB3aWR0aD0iMzUwIiBzdHlsZT0id2lkdGg6MjYyLjVwdDtw YWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6Izk2RDcwMDttc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+QWxleGFu ZGVyIFNoZXJraW48L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHRhYmxlIGNsYXNzPSJNc29Ob3JtYWxUYWJs ZSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiPg0KPHRib2R5Pg0K PHRyPg0KPHRkIHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPjwv dGQ+DQo8dGQgdmFsaWduPSJ0b3AiIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjazttc28tZmFyZWFz dC1sYW5ndWFnZTpFTi1VUyI+U29mdHdhcmUgQXJjaGl0ZWN0PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0K PHRkIHN0eWxlPSJwYWRkaW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBub3dyYXA9IiIg c3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxh IGhyZWY9Imh0dHA6Ly93d3cuZGFya21hdHRlci5hZS8iIHRhcmdldD0iX2JsYW5rIj48c3BhbiBz dHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmUiPjxpbWcgYm9yZGVyPSIwIiB3aWR0aD0iMjE5IiBo ZWlnaHQ9IjM2IiBpZD0iUGljdHVyZV94MDAyMF8xIiBzcmM9ImNpZDppbWFnZTAwMS5wbmdAMDFE NEY5MjQuMTk2M0Q5NjAiIGFsdD0iY2lkOmltYWdlMDAxLnBuZ0AwMUQ0RjkyNC4xOTYzRDk2MCI+ PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2NvbG9yOiNBNUE1 QTUiPjxicj4NCjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjguMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+MiBSb2JlcnQgU3Bl Y2sgUGFya3dheSwgU3VpdGUgMTYxMDxicj4NCk1pc3Npc3NhdWdhIE9OICZuYnNwO0w0WiAxSDg8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJk YW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkNhbmFkYTwvc3Bhbj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjguMHB0O2NvbG9yOiNBNUE1QTUiPjxicj4NCjwvc3Bhbj48c3Ryb25nPjxz cGFuIHN0eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiM5NkQ3MDAiPk08L3NwYW4+PC9zdHJvbmc+PHN0cm9uZz48c3Bh biBzdHlsZT0iZm9udC1zaXplOjcuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjp3aGl0ZSI+VDwvc3Bhbj48L3N0cm9uZz48YSBocmVmPSJ0ZWw6JiM0 MzsxJTIwNDE2JTIwNDE0JTIwNzExNyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOmJsYWNrIj4mIzQzOzENCiA0MTYgNDE0IDcxMTc8L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJm b250LXNpemU6OC4wcHQ7Y29sb3I6I0E1QTVBNSI+PGJyPg0KPC9zcGFuPjxzdHJvbmc+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo3LjVwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6Izk2RDcwMCI+RTwvc3Bhbj48L3N0cm9uZz48c3Ryb25nPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOndoaXRlIj5NPC9zcGFuPjwvc3Ryb25nPjxhIGhyZWY9Im1haWx0bzpBbGV4 YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9IkNsaWNr IHRvIHNlbmQgZW1haWwgdG8gQWxleGFuZGVyIFNoZXJraW4iPjxzcGFuIHN0eWxlPSJmb250LXNp emU6OC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OmJsYWNrIj5BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLi5hZTwvc3Bhbj48L2E+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8YnI+DQo8L3NwYW4+ PGEgaHJlZj0iaHR0cDovL2RhcmttYXR0ZXIuYWUiIHRhcmdldD0iX2JsYW5rIj48Yj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjguMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojOTZENzAwIj5kYXJrbWF0dGVyLmFlPC9zcGFuPjwvYj48L2E+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8YnI+DQo8L3NwYW4+ PGEgaHJlZj0iaHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvZGFyay1tYXR0ZXItbGxj IiB0YXJnZXQ9Il9ibGFuayI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDt0ZXh0LWRlY29y YXRpb246bm9uZSI+PGltZyBib3JkZXI9IjAiIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgaWQ9IlBp Y3R1cmVfeDAwMjBfMiIgc3JjPSJjaWQ6aW1hZ2UwMDIucG5nQDAxRDRGOTI0LjE5NjNEOTYwIiBh bHQ9IkxpbmtlZGluIj48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Y29s b3I6I0E1QTVBNSI+Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8vdHdpdHRlci5jb20vR3Vh cmRlZGJ5R2VuaXVzIiB0YXJnZXQ9Il9ibGFuayI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBw dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+PGltZyBib3JkZXI9IjAiIHdpZHRoPSIzMiIgaGVpZ2h0 PSIzMiIgaWQ9IlBpY3R1cmVfeDAwMjBfMyIgc3JjPSJjaWQ6aW1hZ2UwMDMucG5nQDAxRDRGOTI0 LjE5NjNEOTYwIiBhbHQ9IlR3aXR0ZXIiPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZTo3LjVwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7 Y29sb3I6I0E1QTVBNSI+VGhlIGluZm9ybWF0aW9uIGluIHRoaXMgZW1haWwgaXMgaW50ZW5kZWQg b25seSBmb3IgdGhlIHBlcnNvbihzKSBvciBlbnRpdHkgdG8gd2hvbSBpdCBpcyBhZGRyZXNzZWQg YW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBvciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uLiBJ ZiB5b3UgcmVjZWl2ZSB0aGlzDQogZW1haWwgYnkgZXJyb3IsIHBsZWFzZSBub3RpZnkgdXMgaW1t ZWRpYXRlbHksIGRlbGV0ZSB0aGUgb3JpZ2luYWwgbWVzc2FnZSBhbmQgZG8gbm90IGRpc2Nsb3Nl IHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2Ugb3Igc3RvcmUgb3IgY29weSB0 aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bSBhbmQgZm9yIHdoYXRldmVyIHB1cnBvc2UuIEFu eSB1bmF1dGhvcml6ZWQgdXNlIGlzIHN0cmljdGx5IHByb2hpYml0ZWQuPC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWYiPiBFbWFkDQogT21hcmEgW21haWx0bzo8L3NwYW4+PGEgaHJlZj0ibWFpbHRvOmVtYWRvbWFy YUBnb29nbGUuY29tIiB0YXJnZXQ9Il9ibGFuayI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp ZiI+ZW1hZG9tYXJhQGdvb2dsZS5jb208L3NwYW4+PC9hPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBBcHJpbCAxNywgMjAxOSA1OjEyIFBNPGJyPg0K PGI+VG86PC9iPiBBbGV4YW5kZXIgU2hlcmtpbiAmbHQ7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzpB bGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVyLmFlIiB0YXJnZXQ9Il9ibGFuayI+PHNwYW4gbGFu Zz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZiI+QWxleGFuZGVyLlNoZXJraW5AZGFya21hdHRlci5hZTwvc3Bh bj48L2E+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+Jmd0Ozxicj4NCjxiPkNjOjwvYj4g PC9zcGFuPjxhIGhyZWY9Im1haWx0bzptbHNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj48c3Bh biBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5tbHNAaWV0Zi5vcmc8L3NwYW4+PC9hPjxzcGFuIGxh bmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBNYWx3YXJlW1NVU1BJ Q0lPVVMgTUVTU0FHRV0gSXQgbWF5IHRyaWNrIHZpY3RpbXMgaW50byBjbGlja2luZyBhIGxpbmsg YW5kIGRvd25sb2FkaW5nIG1hbHdhcmUuIERvIG5vdCBvcGVuIHN1c3BpY2lvdXMgbGlua3MuUmU6 IFtNTFNdIEJsb2NraW5nIFVwZGF0ZSBtZXNzYWdlcyBmb3IgYnJlYWtpbmcgcG9zdC1jb21wcm9t aXNlIHNlY3VyaXR5PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhp IEFsZXgsPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ SSB0aGluayB0aGUgYXR0YWNrIG1ha2VzIHNlbnNlLCBob3dldmVyIGl0IGFzc3VtZXMgdGhlIGF0 dGFja2VyIGhhcyBzb21lIHNvcnQgb2YgY29udHJvbCBmb3IgdGhlIG5ldHdvcmsgb2YgYWxsIEEn cyBkZXZpY2VzIGluIG9yZGVyIHRvIHBlcmZvcm0gdGhlIERvUy4gT25lIG1pdGlnYXRpb24gd2Ug ZGlzY3Vzc2VkDQogYmVmb3JlIHRoYXQgY291bGQgaGVscCBpbiB0aGlzIGF0dGFjayBpcyB0byBm b3JjZSB0aGUgbWF4IHVwZGF0ZSB3aW5kb3csIHNvIGlmIGEgY2xpZW50IGhhcyBpc3N1ZWQgYW55 IHVwZGF0ZSBpbiB0aGUgbGFzdCBOIGRheXMsIHRoZSBhcHAgY2FuIGRlY2lkZSB0byBraWNrIGl0 IG91dCBvZiB0aGUgZ3JvdXAsIG90IGF0IGxlYXN0IGlzc3VlIGEgd2FybmluZyZuYnNwO3RvIG90 aGVyIHVzZXJzLiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+RW1hZDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+T24gV2VkLCBBcHIgMTcsIDIwMTkgYXQgMTo1OCBQTSBB bGV4YW5kZXIgU2hlcmtpbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOkFsZXhhbmRlci5TaGVya2luQGRh cmttYXR0ZXIuYWUiIHRhcmdldD0iX2JsYW5rIj5BbGV4YW5kZXIuU2hlcmtpbkBkYXJrbWF0dGVy LmFlPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6 MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJn aW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPkhlbGxvLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSB0aGlu ayB3ZSBicmllZmx5IGRpc2N1c3NlZCB0aGlzIHByb2JsZW0gaW4gdGhlIGNvbnRleHQgb2Yg4oCc aW5hY3RpdmUgdXNlcnPigJ0sIGJ1dCBJIHdhbnQgdG8gYnJpbmcgdGhpcyB1cCBhZ2FpbiBmb3Ig ZGlzY3Vzc2lvbi48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7 PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkxldOKAmXMgYXNzdW1lIGFu IGF0dGFja2VyIGNvbXByb21pc2VzIHVzZXIgQSBhbmQgcmVjb3ZlcnMgdXNlciBB4oCZcyBjcnlw dG9ncmFwaGljIHN0YXRlIGluY2x1ZGluZyB0aGUgbGVhZiBzZWNyZXQuLiBBZnRlciB1c2VyIEEg aXMgY29tcHJvbWlzZWQsIHRoZSBhdHRhY2tlciBubyBsb25nZXIgY29udHJvbHMgdXNlcg0KIEEu IFVzZXIgQSB3aWxsIGV2ZW50dWFsbHkgc2VuZCBhbiBVcGRhdGUgbWVzc2FnZSwgYW5kIHRoZSBh dHRhY2tlciB3aWxsIG5vIGxvbmdlciBoYXZlIGFjY2VzcyB0byB0aGUgcm9vdCBrZXkuIFdlIGdl dCBwb3N0LWNvbXByb21pc2Ugc2VjdXJpdHkgcHJvcGVydHkuPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj5Ib3dldmVyLCBsZXTigJlzIGFzc3VtZSB0aGF0IGFmdGVyIGNvbXByb21pc2luZyB1 c2VyIEEgYW5kIHJlY292ZXJpbmcgdXNlciBBIGNyeXB0byBzdGF0ZSwgdGhlIGF0dGFja2VyIHBl cmZvcm1zIGEgZGVuaWFsIG9mIHNlcnZpY2UgYXR0YWNrIG9uIHVzZXIgQSBVcGRhdGUgbWVzc2Fn ZXMgKG9yIGFsbCBtZXNzYWdlcw0KIGZyb20gdXNlciBBKS4gVGhlIGF0dGFja2VyIHRoZW4gb2Jz ZXJ2ZXMgdGhlIHRyYWZmaWMuIFRoZSBhdHRhY2tlciB3aWxsIGJlIGFibGUgdG8gZGVjcnlwdCBV cGRhdGUgbWVzc2FnZXMgZnJvbSBvdGhlciBwYXJ0aWNpcGFudHMgYW5kIGRlY3J5cHQgZGF0YS1j YXJyeWluZyBtZXNzYWdlcyBhcyBsb25nIGFzIG90aGVyIHBhcnRpY2lwYW50cyBpbmNsdWRlIHVz ZXIgQSBpbiB0aGVpciByYXRjaGV0IHRyZWVzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ QXMgYW4gaW50ZXJlc3RpbmcgdGhvdWdodCBleHBlcmltZW50LCB3ZSBjYW4gdHJ5IHRvIGFwcGx5 IHRoZSBzYW1lIGF0dGFjayB0byBvbmUtb24tb25lIHVzZSBjYXNlIHdoZW4gZG91YmxlIHJhdGNo ZXRpbmcgaXMgdXNlZC4uIFRvIHByZXZlbnQgcmF0Y2hldGluZywgdGhlIGF0dGFja2VyIGhhcyB0 byBibG9jaw0KIG1lc3NhZ2VzIGZyb20gb25lIG9mIHRoZSBwYXJ0aWNpcGFudHMuIFByYWN0aWNh bGx5LCB0aGlzIG1lYW5zIHRoYXQgdGhlIGF0dGFja2VyIGRlc3Ryb3lzIHRoZSBwb3NzaWJpbGl0 eSBvZiB0d28gcGFydGljaXBhbnRzIGhhdmluZyBhIGNvbnZlcnNhdGlvbjsgaGVuY2UsIGRhdGEg Y29sbGVjdGVkIGJ5IHRoZSBhdHRhY2sgd2lsbCBiZSBvbmUgcGFydGljaXBhbnRz4oCZIG1vbm9s b2d1ZSBhbmQgbWF5IG5vdCBiZSBhcyB2YWx1YWJsZS4gSW4gY29udHJhc3QsDQogd2hlbiAxIG91 dCBvZiAxMDAwIHVzZXJzIGlzIGlzb2xhdGVkLCA5OTkgcmVtYWluaW5nIHVzZXJzIHdpbGwgY29u dGludWUgaGF2aW5nIHByb2R1Y3RpdmUgY29udmVyc2F0aW9uIGNyZWF0aW5nIHZhbHVhYmxlIGRh dGEgdGhhdCB0aGUgYXR0YWNrZXIgbWF5IGludGVyY2VwdCBhbmQgZGVjcnlwdC48bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPklmIHRoZSBhYm92ZSBhdHRhY2sgdmVjdG9yIG1ha2VzIHNlbnNl LCBzaG91bGQgd2UgY29uc2lkZXIgZXhjbHVkaW5nIHVzZXJzIHdobyBkaWQgbm90IHNlbmQgVXBk YXRlIG1lc3NhZ2VzIHJlY2VudGx5IGVub3VnaCBmcm9tIHRoZSByYXRjaGV0IHRyZWU/PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFuayB5b3UuPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPkFsZXguPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21hcmdpbi1ib3R0b206 MTIuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjx0YWJsZSBjbGFzcz0iTXNvTm9ybWFsVGFi bGUiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiB3aWR0aD0iMTAw JSIgc3R5bGU9IndpZHRoOjEwMC4wJTtib3JkZXItY29sbGFwc2U6Y29sbGFwc2UiPg0KPHRib2R5 Pg0KPHRyPg0KPHRkIHdpZHRoPSIzNTAiIHN0eWxlPSJ3aWR0aDoyNjIuNXB0O3BhZGRpbmc6MGNt IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiM5NkQ3MDA7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkFsZXhhbmRlciBTaGVy a2luPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjx0YWJsZSBjbGFzcz0iTXNvTm9ybWFsVGFibGUiIGJvcmRl cj0iMCIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIj4NCjx0Ym9keT4NCjx0cj4NCjx0 ZCB2YWxpZ249InRvcCIgc3R5bGU9InBhZGRpbmc6MGNtIDBjbSAwY20gMGNtIj48L3RkPg0KPHRk IHZhbGlnbj0idG9wIiBzdHlsZT0icGFkZGluZzowY20gMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjazttc28tZmFyZWFzdC1sYW5n dWFnZTpFTi1VUyI+U29mdHdhcmUgQXJjaGl0ZWN0PC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tZmFy ZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+ DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIHN0eWxlPSJwYWRk aW5nOjBjbSAwY20gMGNtIDBjbSI+PC90ZD4NCjx0ZCBub3dyYXA9IiIgc3R5bGU9InBhZGRpbmc6 MGNtIDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGEgaHJlZj0iaHR0cDov L3d3dy5kYXJrbWF0dGVyLmFlLyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJ0ZXh0LWRl Y29yYXRpb246bm9uZSI+PGltZyBib3JkZXI9IjAiIHdpZHRoPSIyMTkiIGhlaWdodD0iMzYiIGlk PSJnbWFpbC1tXzU2NzI3MDYwMTY4MjMzOTYzNTZQaWN0dXJlX3gwMDIwXzEiIHNyYz0iY2lkOmlt YWdlMDAxLnBuZ0AwMUQ0RjkyNC4xOTYzRDk2MCIgYWx0PSJjaWQ6aW1hZ2UwMDEucG5nQDAxRDRG NUM3LjJEOEIwNkQwIj48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFn ZTpFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0K PC90YWJsZT4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4 LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4 LjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Ymxh Y2siPjIgUm9iZXJ0IFNwZWNrIFBhcmt3YXksIFN1aXRlIDE2MTA8YnI+DQpNaXNzaXNzYXVnYSBP TiAmbmJzcDtMNFogMUg4PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Y29sb3I6 I0E1QTVBNSI+PGJyPg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5DYW5hZGE8 L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtjb2xvcjojQTVBNUE1Ij48YnI+DQo8 L3NwYW4+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1zaXplOjcuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O1ZlcmRhbmEmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojOTZENzAwIj5NPC9zcGFuPjwvc3Ry b25nPjxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1ZlcmRhbmEmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjp3aGl0ZSI+VDwvc3Bhbj48L3N0cm9uZz48YSBocmVmPSJ0ZWw6JiM0 MzsxJTIwNDE2JTIwNDE0JTIwNzExNyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOmJsYWNrIj4mIzQzOzENCiA0MTYgNDE0IDcxMTc8L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJm b250LXNpemU6OC4wcHQ7Y29sb3I6I0E1QTVBNSI+PGJyPg0KPC9zcGFuPjxzdHJvbmc+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo3LjVwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6Izk2RDcwMCI+RTwvc3Bhbj48L3N0cm9uZz48c3Ryb25nPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6d2hp dGUiPk08L3NwYW4+PC9zdHJvbmc+PGEgaHJlZj0ibWFpbHRvOkFsZXhhbmRlci5TaGVya2luQGRh cmttYXR0ZXIuYWUiIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0iQ2xpY2sgdG8gc2VuZCBlbWFpbCB0 byBBbGV4YW5kZXIgU2hlcmtpbiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjBwdDtmb250LWZh bWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkFsZXhhbmRl ci5TaGVya2luQGRhcmttYXR0ZXIuYWU8L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 OC4wcHQ7Y29sb3I6I0E1QTVBNSI+PGJyPg0KPGJyPg0KPC9zcGFuPjxhIGhyZWY9Imh0dHA6Ly9k YXJrbWF0dGVyLmFlIiB0YXJnZXQ9Il9ibGFuayI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4 LjBwdDtmb250LWZhbWlseTomcXVvdDtWZXJkYW5hJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Izk2 RDcwMCI+ZGFya21hdHRlci5hZTwvc3Bhbj48L2I+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 OC4wcHQ7Y29sb3I6I0E1QTVBNSI+PGJyPg0KPGJyPg0KPC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8v d3d3LmxpbmtlZGluLmNvbS9jb21wYW55L2RhcmstbWF0dGVyLWxsYyIgdGFyZ2V0PSJfYmxhbmsi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPjxpbWcg Ym9yZGVyPSIwIiB3aWR0aD0iMzIiIGhlaWdodD0iMzIiIGlkPSJnbWFpbC1tXzU2NzI3MDYwMTY4 MjMzOTYzNTZQaWN0dXJlX3gwMDIwXzIiIHNyYz0iY2lkOmltYWdlMDAyLnBuZ0AwMUQ0RjkyNC4x OTYzRDk2MCIgYWx0PSJMaW5rZWRpbiI+PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjguMHB0O2NvbG9yOiNBNUE1QTUiPiZuYnNwOzwvc3Bhbj48YSBocmVmPSJodHRwczovL3R3aXR0 ZXIuY29tL0d1YXJkZWRieUdlbml1cyIgdGFyZ2V0PSJfYmxhbmsiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OC4wcHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPjxpbWcgYm9yZGVyPSIwIiB3aWR0aD0i MzIiIGhlaWdodD0iMzIiIGlkPSJnbWFpbC1tXzU2NzI3MDYwMTY4MjMzOTYzNTZQaWN0dXJlX3gw MDIwXzMiIHNyYz0iY2lkOmltYWdlMDAzLnBuZ0AwMUQ0RjkyNC4xOTYzRDk2MCIgYWx0PSJUd2l0 dGVyIj48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Y29sb3I6I0E1QTVB NSI+DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6OC4wcHQ7Y29sb3I6I0E1QTVBNSI+PGJyPg0KPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VmVyZGFuYSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiNBNUE1QTUiPlRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIGVtYWlsIGlzIGludGVu ZGVkIG9ubHkgZm9yIHRoZSBwZXJzb24ocykgb3IgZW50aXR5IHRvIHdob20gaXQgaXMgYWRkcmVz c2VkIGFuZCBtYXkgY29udGFpbiBjb25maWRlbnRpYWwgb3IgcHJpdmlsZWdlZCBpbmZvcm1hdGlv bi4gSWYgeW91IHJlY2VpdmUgdGhpcw0KIGVtYWlsIGJ5IGVycm9yLCBwbGVhc2Ugbm90aWZ5IHVz IGltbWVkaWF0ZWx5LCBkZWxldGUgdGhlIG9yaWdpbmFsIG1lc3NhZ2UgYW5kIGRvIG5vdCBkaXNj bG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIG9yIHN0b3JlIG9yIGNv cHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0gYW5kIGZvciB3aGF0ZXZlciBwdXJwb3Nl LiBBbnkgdW5hdXRob3JpemVkIHVzZSBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLjwvc3Bhbj48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCk1MUyBtYWlsaW5nIGxpc3Q8 YnI+DQo8YSBocmVmPSJtYWlsdG86TUxTQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+TUxTQGll dGYub3JnPC9hPjxicj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vbWxzIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9tbHM8L2E+PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jv ZHk+DQo8L2h0bWw+DQo= --_000_557a3023828245169ebb15939aa5d172darkmatterae_-- --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5249; creation-date="Mon, 22 Apr 2019 22:04:55 GMT"; modification-date="Mon, 22 Apr 2019 22:04:55 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="image002.png" Content-Description: image002.png Content-Disposition: inline; filename="image002.png"; size=663; creation-date="Mon, 22 Apr 2019 22:04:56 GMT"; modification-date="Mon, 22 Apr 2019 22:04:56 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="image003.png" Content-Description: image003.png Content-Disposition: inline; filename="image003.png"; size=803; creation-date="Mon, 22 Apr 2019 22:04:56 GMT"; modification-date="Mon, 22 Apr 2019 22:04:56 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="imageb2e661.PNG" Content-Description: imageb2e661.PNG Content-Disposition: inline; filename="imageb2e661.PNG"; size=5249; creation-date="Mon, 22 Apr 2019 22:04:57 GMT"; modification-date="Mon, 22 Apr 2019 22:04:57 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAANsAAAAkCAYAAAAAR0+MAAAACXBIWXMAAC4iAAAuIgGq4t2SAAAU M0lEQVR4Xu2cacx2R1nH4aVsiqGlUBCQsre0BWnRPng/qOwNUCKgggJC3eISXJAghgDiEiJGKWug GpREoSprRJYQsQhhkS0CCpZFEaiAIHsBWf3/rnNdM9fMmXPuu/cX3w/Ph987M9c2c5brnjlzzvNe 6exzDx8mKMXGy8o5pb5J9e1gm+2jPYqxJA+yb0/oc7krOU4Q8pFtL1tj2Z5zHMz11a+1Qb4PEWOq r8cK/YiRPYxsd2fbOVjqoz2mtXE0sQ7mtrRHsqke12C3/pb0tIHGR1V56qSYH3x1PEq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHQfJ9j5Vvq3ywtHBV8ejZOtlayzbtxew p/q1Nsj3IWJM9fVYoR8xsoeR7e5sOwdLfbTHtDaOJtb/d7Lpn38VJBs8XVwljKA6HiVbL1tj2b69 gD3Vr7VBvg8RY6qvxwr9iJE9jGx3Z9s5WOqjPaa1cTSxjodkk8CSTXXKPxNXxQiq41Gy9bI1lu3b C9hT/Vob5PsQMab6eqzQjxjZw8h2d7adg6U+2mNaG0cT6zhYRpZkAwkpnydshquOR8nWy9ZYtm8v YE/1a22Q70PEmOrrsUI/YmQPI9vd2XYOlvpoj2ltHE2s4yHZVLEkCySzGU71qwp3Okq2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHS8zmxpldgske6G4muqyO0q2XrbGsn17 AXuqX2uDfB8ixlRfjxX6ESN7GNnuzrZzsNRHe0xr42hiHU/LSAlGSfci8R102AdZQ7bXFNdS/TtB 9YLL0F1DlMFQHxH6EdKXmCpLzB04hl+P5KVMnCDZKEbPCcKO2WNQ9x+roLmA1xTlHFGX33VUXtlt VE464gn0nNfhuRjh/eRjIsY1sk0g3YhyPALfq4U9dLac+3w8W9gMZIdXVlz2DPJ57Jj8Qjewwdf2 HaTjHOr+ld3B3Jb2QIa/3fOOxQi73j5wuZ0flQXaQKN5ZgMp+vYr1SGdNUEgAg0gST8i/jOQzPA2 ug+o/SbxBHGa2rP4W/hhUWKrJOa7NNZT0okypO+5qXi/iPHksWXZh1Wy1H61yp8RJEP03/NAYcdM LEH9Ca5zYkyH9xEfEh+JflV+UjxVN8Wxs/UrLNmN1ObVTIwN239XeZ79Svcofo9sn+Wx45gY08UC XaH3c35FunI81FW+OumbGOJ5kpl9oHbue9YOmdc5tuuLXxL5PM58RiQ7fH9KMKYThe6Juf0SioH/ P4qri1mMPJbBuP5N/IPgGK4nyrninw9K0CTXAq+SLZmbT24J1CPdW8TSbGl08q+I54pri6aPJeT/ GpWljxTvt3OigXQ9t5LdN1WaD2XUt/Af4kdEGUfi50Rjr5jPEH3fZ4rPiMnuoNi/TrKT3AZOlexr rsvj+7R8zrKEzMin45FidFyvFyP7DLPUe/HN/l4/b3ReJS/XI9tfkbbgB+axIc8km4Ze5+1HCMbE j+MXQx62uR7tTk7i2ApAx3kdlRZjRPIppfNR8SBiAIP59aQs5ADRVqkZrk04flFzO/EGkX135W3i u8UoZubW4qsRu+vjUtGOc84tJf+KyuKf62ul+F9xruhj/7TrMxcKH4fdnNdV/V9cZ3jcD0ivX8Jm uX4T8SVswO2ifK+4XrK1+JXD+0j3TZV53FF/rXCfCeJ03F80vuDtF6d+vLT6K8JuiYiX46Z+vi5u qPpjttg1hLzVbTSz2JhItv/JuqiP/FJd16Mst0uMbLtE2LntN1TeVaUlG/xCNoo65QCmyDL7rCTb P/cxcntNJ96h9nepLPHU7vldtzVfyG2VDxaNf26LkmzZt2ekc9lLRYntzJJNsgvRYaeLzzMay5M+ 7ifUPv0cv2mxd5pkC/AF1V+vsjzDTTeXcSDd53qf1J4lWwfPKH8vRr7AKuR2ovfj3ig+A7+hLHAf ZrbH9/Lc7uV96fVfFYzJEiXJi80WPiGUbHY9mNkWY0SbMteTDRPICeVEScmNQhaOjPtAzFo3EEvL F+D55om68M7hE+VnZaD2H6v8JzHrRzxTxE3Xxz5ZfFLMxpZ4sygv5wfcUj7cNNmX57N7irtKxq8R sPZ+5yD+FyW7scjPS2szG+8t/8pluU8u4sb9e0qyqR72BZddrPLY9KNniXZzyT6c7fu6aJJN7QbJ vg/bQLJZDJVPER4jkvzwHoLrznkIHi6aVY77/6Hrels2Jm4rm58VWXeBeJL7FtR+h+vMzn00hs3p PqZmVnL/j4tHCVZ1huSlLh6p9gUiNsZKwro/0L6v2vlewecS1/fEySonmYfKsvQA6rmdZGTrKTXZ 7MAGlAsRfRS8zQ7eY8S3IraXXxVnZv/Ez6dxhA9Lu172AyLfRBmb2US2f49K02d71U8VzVLEuZvr Ay50bxM3JTeXyYjjsXgeu5cofXUMZ7bAY1D+gSc8q4G3hTzbBS6bJVtui78UxTfqGck/q9I2ABau UeYiEX4R846uG1Bn9053tmjGIf5GFJvqM41J7WZmc94tig/0fXX9j2bH/xKWjJ0vjy/9V1mUDy1G yYEdteZZhjLXU/lGldMMt3jCq1z2ST5rN0sH5zdFtgG2ht/NGEBt4MIzA33L24b0eraovl1/TbJ5 LE5SbBn39rb86+gThV/W3uZ3JHt4yCm9rrFuHlbPz+jcLT+zRT21HyGY5RpdtknttZntxpJ9XmR7 Vh+/38mAWSCPdwk+kOjHzIwwshWLyXYnEf4R6yWi2GQfj2FLwGQPbPywpNcP/YbrbUgWXEXkWKOE ZXa0x6lqW67jX2AjWRrn5oIIlgMDzzs2w2WqYwMznBJu6aapsq6P1DYb3kexjCv9qHwlNp3fvdXu Z8GL5c9JKh9VU4rLVWdZlf2DUbKVmQ0kizon++MR2/m62mdgk+xGyUYCXx7yVD66npt6jjpGyfYZ Yc9jua8+ftQFN8XXOv3iM5v0v6eyiaHylwU3lsWJWOL9ovlwfQG+ty0xHds0GLN7sql8SdguMEo2 Vk1sMHG/cH0M6uJ9qv+WyP3Okk12zGzl2NXO9m9X28YIasP5xSAbe/2BKssMNwKdo5t0c9b4xqlt 2SX5vC3Y7czxeQ92dewCyV+ebdzufNf9hsqQGar/kch9BKNkY6v2x8X9QTLKhwhuTrNL6Dlkc4xj k10wWkY20A+o3r1/q8eYsGRTmWOwBGL5Wm6gvgzU5nnm3oIfhtK3WEq2a0vHu64ch8TmnSTj+Wtk xEj6HxOjWJkysyXfvZIt/COW2CfZSoxe5jxT5H6bDRLns5Jxb+R75UHCzhEQ3/vg/eRJOeBsoJLd T3xB9dxJM0ivayAb/erkZJsSbInoo+NvRY7LO8D8lQlrdnvvhN55j4iEvJl0/TPOx4Q/WzTYBomI vnLM7F/o5A8Q/bFYsoVdZ9+3WTmwoVDG5DEyJdlAdWBLGvs7C2a5HDPDKoFZndnXZCnGUrKVmTnZ Ph+d2sCqIuRhw65lE8dtMzazqcx+W5NtoCszG3icWbJJlimzkttbmUGWkexpIscqydbb0w6yPOtV 2ju/PKilwd5dss/lYF39MnH7XZMskM9Ibn/IGqh9icXj4X/aAHiGZM0YVPL1iXxL33zhUPQOz3PR R1BmthSrKVd40sJx2s2a/XPMgZwvFUY/BMFsZlPd3v/48XLDfiF0rgeSkB8mYvAaoOi8fK0o13va 3rZnF165lFiCl/752Yqlvj0vux54Tt6IsBkxm9lUWtwRC+cWhskmRrZBk2wOjyG80+OHm1mfuuF1 dslnMfBVGf3245jh8ov8Wg2T7baqc4H4djBkdxGfliwHoeRrittjEwHV3onJp8QHNhHKFx0O79JC f33RP7jT5oE+x2E71sYYSM/XLP0YytZ/j/uMZB9Tyda2/IfHO3pmC9jhK89OCZYdvNfqY8FoGZmS zY6Xz76yDc+p56FzePme/aHMbPIL7kyMFIc6S1Ybm9vA48OG0uvPcV0Bn8RsZhOLybbC1g2SAc2s 5HxQ8J7wjIx+0CnPku4GwvpU22IIiwGSR99D0AvenfoG0nSvRDBDyjuKT+Eg3qI6LwZPE+i+X7L/ dh1cJuzFJvrBjbfK5DOV4r6ql0RSO0p7/4SdeHTIE6MXy3wQyqc2EYOSJdsPhR2lmG39C3Y1+b6P m+NS983w5Uf4jyjPbPgGaj/Zzw83ZdGncjTzwk2k75fFfGliS2uQHjh/8Y6U3eSsOxd5RrrRMvLP RenHbA8OHxefgqkd3EZ62/X1WMB9cZIo/UbdsZlNZR7Hysy2SDOzgex3XkYmmJ0ne47PbX31NNVb 3SzZxJdV5wdU98rmnUkefbB51HzFVCqCj3oj0bITv5QvVZuNg58UzHBsJGjpOPlKl+ME5wiWOUPk Q8l7vReI6Kv0q3I6idMJ4INQPtotds7dhfVnthU2H3pbzSDTL4zFPJhvkAjbjSSGSmZ4jr2P8ydx AxqTbdAkm9f/Tmh2sL75vMqOw/sLW5aCZ4k+XrMbCbLl4+3y1b5kASsD+2qik5dkUz0oy0i34VmX H5psw810pjCbsBeseF7lNobalI+K82vnuPUpyZbsuf7R/66UDZLEFVpGesmKjGfeO+k+IIEL0kV5 B+n8Y4F2GQmqp93IDeePj8hDF3Yv9nvNsAFJyYP6bGbJdS8/pZLteKZbOgl/Kzveik+gdomT2z2u u0yDO9UGaRduw3d+vR/LKd6VWH/5oMRtZHu5kiHbK3E2p8WYxWgZWd6zOb/W9Rk8VEz9tox2I3mZ bXpKcb5oPoCmFDwvlZ1XtWGYbCrLzJYJ3+QPs2Wk9H2yjd5xllXDAH54++vBrF+uR8f8PduBfnDb a1ZIfj07JRvHlSi7kRnZNfVBm69w/EPkNtm85FUQu7fRL/8lZNYH/OWE2fDPA6Rc3OJHnnRc6Fup 7R2UG3dE+UQniDi5DJIdvxh3EBGHZwZmh8ZO9SeLclIl6+Ei5LiQNzZGy0jes6S/Tj88Jvhrh2Lj dTaM7DwkW5gtI1VPHyIXLnJdg2S8AM8xS7Il+63J1smbZaTakJeR3DD9O0RgJzrHybA8YpmUY1L/ UTEaRzOzgdpbNkiGzJaRYueZDRS/KTPIkjzvhJdkS/rZS239UPCnS6GPeLzTs/sZI/7+JgeZ4Tp+ uewFsdp+IJyA5sAKsuHrkuy/C/zpB88E9QCm5ZzpUxySZNvfv7E1X3y81EnfXJdxq02ylT9fcRte aKaZzS4w/bOkamIJkrB8ruOweRL64GlTrMbuZMEzbx5boOVVOa8km/0ghI3KD4myjAS3nbWdA8li LBGD7/fCvvm6hVKw1M0z/Ag9hxb7gBlz9AkT/6dNP4a7hV1P8uv5QdH3+TIxsg1IlNlH2UG0s87r nIM8s/Ux+DZ3+iC/zsZ8TcVkke2Av4U7EQPepBcluEGpq8SGC29BJfPgy8km+NussqUaIEvwN0Ks n19+zsGGl69lV0664NniG5LlOOXLkgCfDr655Aci982D/S8KfG6hkv5z3HdJbjNbjqk6fxdm28SB ZJwX220Ke8GNG3pD9bKNjE3UxU+IL4e9wybHpTqv8TrgewQXOWIBr0eaZAPJ+/gBG1vFn1K8Blv9 EnOO+AIoYgePFU2cvMxzbqEYvGIocVVyneiv8RV/KpoxqLyL664IhyKOIeC/7pidiwSJQmJY3yPk M5KX86z6KAb7FuWvXxK83ObHOduSR09ByXNKSTRX5GR7q0rbXg98AGI12W4qeMCetlWdqKNTyc3E n6zr4i3GYgbDNnzZmj156rsi2QjGbb66OaxPwcMsNwt/vs4sGnHRkYBpG77EZznJc6DZgtszNrc3 O/6iNx8zmx7+7egsJm3+gFX2m7CH71VdccyG2eX06Jc+Bc+afB/aHKv0TTvBn+BYbGIIxscfpaLj G0A/rmkMKtF3/5WDbOfJBiRcuTbCro2wvpP/DUW+hvTR7NS15HPUwL3icWy8xOEekm7Rn00MrlOM cReIq5UP/x0CMWwjJMeQfnNrYV8QQXde/Lo28c4g0CzZAh0UiXaKwK5QT6QNZCfwCb++tPpyshnZ Z6pPB1kONukyxUcnoYnHScntVK/kPrbZV7tgl5hVNtlXn2oTstCP2KaHKW6l1cV48rgq6UZqQZft Etk/dLlcJo59RPhP9TFzn/1Y88/xZ8nmNi0MvHy823GJ5PxV8cypnqylgczBJ/z60upHyWb21afa hCz0I7bpYYpbaXUxnjyuSr6RGtBlu0T2D10ul4ljHxH+U33M3Gc/1vxz/B2TTf/YzKYDyMvH14kT l05KlS8NZA4+4deXVj9KNrOvPtUmZKEfsU0PU9xKq4vx5HFV8o3UgC7bJbJ/6HK5TBz7iPCf6mPm Pvux5p/j75FslIKdKv4SevGkVPnSQObgE359afWjZDP76lNtQhb6Edv0MMWttLoYTx5XJd9IDeiy XSL7hy6Xy8Sxjwj/qT5m7rMfa/45/hVINg0+Eo0vA3jIN+XSSanypYHMwSf8+tLqR8lm9tWn2oQs 9CO26WGKW2l1MZ48rkq+kRrQZbtE9g9dLpeJYx8R/lN9zNxnP9b8c/wdk00Dt2QTs/+qbjqoOVW+ NJA5+IRfX1r9KNnMvvpUm5CFfsQ2PUxxK60uxpPHVck3UgO6bJfI/qHL5TJx7CPCf6qPmfvsx5p/ jr/7zMab8FfoAPiAt1EunZQqXxrIHHzCry+tfpRsZl99qk3IQj9imx6muJVWF+PJ46rkG6kBXbZL ZP/Q5XKZOPYR4T/Vx8x99mPNP8ffPdn4aNcSrT8JSyelypcGMifH70urHyWb2VefahOy0I/Ypocp bqXVxXjyuCr5RmpAl+0S2T90uVwmjn1E+E/1MXOf/Vjzz/F3SbbDK/0fVHbyZgY1MwUAAAAASUVO RK5CYII= --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="image88f5c8.PNG" Content-Description: image88f5c8.PNG Content-Disposition: inline; filename="image88f5c8.PNG"; size=663; creation-date="Mon, 22 Apr 2019 22:04:57 GMT"; modification-date="Mon, 22 Apr 2019 22:04:57 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC SUlEQVRYR2NgSJv5f0AxVkF6YqyC9MRYBemJsQrSE2MVhOHUGRCMTY5aGKsg0FK5ssX/i1ce/d+x /fx/30nb/jNhU0cNjE2QO2vO/xvP3/+HgV9//v5PmLePNqGBTdCxcyPUagTYcvEB/RwgX7r4/8/f f6BWQ0DPzgv/GVLo5ACQReHTd/0/df/l/xsv3v+fd/j6fx5gtGBVSynGKgjCwOBmz5j1nzd7zn9G UoIepJYU9dgEQSneZ+K2/37A1A/DylXLwAYrVyxFEXfv2/yfI3P2f9GC+f+jZ+0GRtXF//17Lv1P W3Dgv1L5EsKOwSbIkTX7//dfqGmgeNUxsGG5Sw5BRSDg6fsv/127Nvy/9uzd/7///kFF////B2S/ /PTtf+TM3fgdgU0Q4oDfUKMgoAjqgMyFB6AiEPDlx6//Lz5+g/Iwwdefv/87dW/E7QhsgqQ4AAY+ ff/5/+rTd/+/AS1EB1suPvzPkDwdwx4wxiZIqgN2Xnn0XzB37n+GpGn/FYAl6JUnb6EyEAByFBfQ TGx2UeyAz8AoMGhYhdAPVJO3/AhUFgGUK4AJEskOOMYmSIoDnn34+l+qaCGKfve+LVBZBNCqWY6i Bo6xCVLqADdg1kQHw8cBOYtRywG6O6Bg2WGoCASMOoAmDmAD1oLrzt37vxnYCIHhwGk7wQ7wn7wd RXzR8Zv/hfLmoeg3alqDogaE5YBtDGQ1cIxVMBWIQUUnMoY1RkA0uhzQYaj6iVADw1gF6YmxCtIT YxWkJ8YqSE+MVZBueOZ/ABxdinkisai7AAAAAElFTkSuQmCC --_009_557a3023828245169ebb15939aa5d172darkmatterae_ Content-Type: image/png; name="image396e02.PNG" Content-Description: image396e02.PNG Content-Disposition: inline; filename="image396e02.PNG"; size=803; creation-date="Mon, 22 Apr 2019 22:04:57 GMT"; modification-date="Mon, 22 Apr 2019 22:04:57 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAC 1UlEQVRYR8WWS2jUUBSGW4vjAxVEFHysqkhx0ZVIwZ3FpRuXbrW6Fd0IIoi4FO3ChWsXCrbVtlqf 1YqIigWfWBxhtIIFH5lkHplXJpnjf9K5nTE5SWYspAc+Jvlv7jnnvs6djo7hNC0pohgnohgnohgn ohgnohgnovi/DGkNpHYJUWSG6khtXhBw87hOR6fzdO5TgY5Mm7RxVG8kckOjNTf5u6Y+Cp9Qp+ee QXsfZxpOAlgGp4df5ylXrVGzaWXH1Q8+z9H172Xqf5qVffkEBk7PfCzQXNGh3Q/Dk9gPx6YnuLKq UyMLXEoWqfe+Qat5Frw+fAKDKbs6W3adGBWHBjCSBOveRPDdk1+W+12QFZBcKm/TibcmdbY+Axqd nynWXcyPZOxHhfomMRsIqhJZDnQkGGZlu0an3hewVAGzKIpgz6MM5T1TW8PrK61Kpz8UqH8qS7uw TwxLnn5lKdOm9bfkGC6iiGy77+h0FvvA4aiC2dCzCM6/YZbM2bRWWnuFKCKBK6kSfUP2JUzhYmzq t0VdwwHTz4giTgEfn6jRtWKDOAG+zduMKIIV4BrO72JtH/ZKaEETRQaduHoNfi5SOmKnB9lXLGEi LDgjinVWjqRpfK7iOmrXePmOoSSHjp4RRQXW7vgb060D7doLzaJ1YbtfIYpNdCGJAVwyswXbLaut 2B/cAz13jejRM6LoBUlsGdPp8pcSRaXApfvAs5zbR/TlxScg6wTWfhXgArJ9wqBDL3PulAYVJTZu 4qLThwracnDGJyCBTRjtxWSJZrK2ewLCArNxseLzvhX/CdoKzogi6MSl0/vAoAs4hlz/+WrOWI57 7/MFxCdj8qdFJ9+ZtO02AvMlJfiJRBQVvIkwIr6K+R/PDmysnbiAuid02jDKG3S+XezbKv8KIc7U jpYCqjb1HPiOvt72hYcoVCevg6B3pQW1q/eFh6VCFONEFONEFGMjTX8B57Ce1IdKF4gAAAAASUVO RK5CYII= --_009_557a3023828245169ebb15939aa5d172darkmatterae_-- From nobody Mon Apr 22 15:11:26 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B85B120151 for ; Mon, 22 Apr 2019 15:11:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1H5kB33IsrG for ; Mon, 22 Apr 2019 15:11:21 -0700 (PDT) Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBC1812013F for ; Mon, 22 Apr 2019 15:11:21 -0700 (PDT) Received: by mail-oi1-x22b.google.com with SMTP id l7so113111oil.11 for ; Mon, 22 Apr 2019 15:11:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=TrtSQLhT+6XvCthkvay0OMmoy9jdPCeMI8Gq9aH/9eY=; b=BPr6PKvvzexWTOUwDa6Nq4G9d+7pAB21Ql+NJsI23RdHC8w3uGodPBna1qQy77Yk/2 PbsGMzUTPiD16LB6g3eeN8nBJsB7m0L+S6tS/xXpU9Xme+ZNnOJEUn1/SorYlkL+C+/i ns6A+6VMY9Fu3vwsdUFFt9wh1FtP6Evb3Vnt7t1tcsTmcwrAXMB2KDIIJCHTU7/4M2Tu 6RSYLh6VbsFj4U9lAkJuKFaRHrp1+qp+O+3JEMzK4J4h/q/UlPCSlZ9dYme20U1uPudA lPpJzQkU+c/Eht16fQcY2G+WgeBgrMzp2sNKLgAMdrvpGRZxfw0xRZhBLVayxPbvwtVy +s0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=TrtSQLhT+6XvCthkvay0OMmoy9jdPCeMI8Gq9aH/9eY=; b=FsEMFsHgKs+fpXgp1hNDq/bJyl/Z3f31DxuM+sQPIqdRXYENqv8Kac//PcvCq5IhLb 7aGVz9OZDSC7qTe0TcCumEENmnniI8S8kAi/Y2Anw6nkCKC8UNwFiLsDZOIIRAVL3xbD QoHfRpbzXXQb9F1w4rEG4sP7qCz0WbSbz64hOlQxhN28LrHEkH3bIdfH+YPLsmwWTswl /Suxrx8vw9PLjNObTDpf85OdgICwP8A75OJOKI5VWS4V0wttcBCDwDjdSemkgiDUyu9U /FLQVXdSZ5i/dz0mSRp9Dc9yMtQ0/yt47gvPw1qpdl/QVGHILW9sOsQmpBkslWg0OR4V pSPQ== X-Gm-Message-State: APjAAAW2LS5brrpeoS5h4naI47SopO9yPi+qhJX9MB++OgteTcIbXSJS pe7bwlJbKq/TF+pPfiDg7gBPa9DMFhVziYIqXCTttuSI2cZbSQ== X-Google-Smtp-Source: APXvYqz0s3Z1kcm90l+mGm2ocgju1bWTNJ2/yTOAaW2Z64fe0vzomNIPAlTrzvrq0qVUl0SO3RisKz3TWCWxeBFQR1A= X-Received: by 2002:aca:b886:: with SMTP id i128mr265398oif.169.1555971080396; Mon, 22 Apr 2019 15:11:20 -0700 (PDT) MIME-Version: 1.0 From: Richard Barnes Date: Mon, 22 Apr 2019 18:11:00 -0400 Message-ID: To: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000873420058725bf63" Archived-At: Subject: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 22:11:24 -0000 --000000000000873420058725bf63 Content-Type: text/plain; charset="UTF-8" Hey all, As I've been working with Benjamin on updating and landing the common framing PR, I noticed that the epoch is still exposing more information to the DS than it needs to. Right now, the epoch just increments by one every time the epoch changes. This lets the DS track epochs statelessly -- it can take any two messages and see which was before the other, without the need for any ongoing tracking. However, the epoch only needs to be intelligible to members of the group, so we could generate epoch values in a way that would only be intelligible to members. For example [1]: epoch_[n] = HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], "epoch", 4) That way, the DS could observe epoch changes, and observe how many messages were sent within each epoch. But it wouldn't be able to understand the sequence unless it tracked things all along. A side benefit of this is that it allows the group to have forks in its history more cleanly, since different forks will have different epoch numbers. That could allow some softness in the ordering requirement, as long as the group can eventually figure out which branch is the right one [2]. Does this seem worthwhile to people? The cost is a few extra hashes. To me, the completeness/consistency seems like a marginal benefit, but the clean forking seems pretty convincing. If folks think this worthwhile, I'm happy to write up a PR. Thanks, --Richard [1] I would probably keep epochs at 4 bytes, because any more seems wasteful. [2] http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-Paths-Jorge-Luis-Borges-1941.pdf --000000000000873420058725bf63 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey all,

As= I've been working with Benjamin on updating and landing the common fra= ming PR, I noticed that the epoch is still exposing more information to the= DS than it needs to.=C2=A0

Right now, the ep= och just increments by one every time the epoch changes.=C2=A0 This lets th= e DS track epochs statelessly -- it can take any two messages and see which= was before the other, without the need for any ongoing tracking.

However, the epoch only needs to be intelligible to members= of the group, so we could generate epoch values in a way that would only b= e intelligible to members.=C2=A0 For example [1]:

= epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], &qu= ot;epoch", 4)

That way, the DS could observe = epoch changes, and observe how many messages were sent within each epoch.= =C2=A0 But it wouldn't be able to understand the sequence unless it tra= cked things all along.

A side benefit of this is t= hat it allows the group to have forks in its history more cleanly, since di= fferent forks will have different epoch numbers.=C2=A0 That could allow som= e softness in the ordering requirement, as long as the group can eventually= figure out which branch is the right one [2].

Doe= s this seem worthwhile to people?=C2=A0 The cost is a few extra hashes.=C2= =A0 To me, the completeness/consistency seems like a marginal benefit, but = the clean forking seems pretty convincing.=C2=A0 If folks think this worthw= hile, I'm happy to write up a PR.

Thanks,<= /div>
--Richard


[1] I would= probably keep epochs at 4 bytes, because any more seems wasteful.
[2] http://mycours.es/gamedesign20= 12/files/2012/08/The-Garden-of-Forking-Paths-Jorge-Luis-Borges-1941.pdf=
--000000000000873420058725bf63-- From nobody Mon Apr 22 15:42:11 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D377120199 for ; Mon, 22 Apr 2019 15:42:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOq4HOqN7dh4 for ; Mon, 22 Apr 2019 15:42:06 -0700 (PDT) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 292A7120168 for ; Mon, 22 Apr 2019 15:42:06 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,383,1549926000"; d="scan'208,217";a="379704174" Received: from unknown (HELO [10.131.166.155]) ([37.171.231.17]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Apr 2019 00:42:03 +0200 Content-Type: multipart/alternative; boundary=Apple-Mail-223F77F6-BB08-45CE-886C-6300CBBF8F15 Mime-Version: 1.0 (1.0) From: Benjamin Beurdouche X-Mailer: iPhone Mail (16E227) In-Reply-To: Date: Tue, 23 Apr 2019 00:42:03 +0200 Cc: Messaging Layer Security WG Content-Transfer-Encoding: 7bit Message-Id: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> References: To: Richard Barnes Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 22:42:09 -0000 --Apple-Mail-223F77F6-BB08-45CE-886C-6300CBBF8F15 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Side note before I forget. After merging the common framing, the only two th= ings potentially remaining in the clear will be the group identifier and the= epoch number (because we need those to pick the group key necessary to decr= ypt the sender info). Raphael and I talked about adopting a similar approach= but generating an ephemeral Group Id at the same time. That could help a bi= t on the meta data protection side by making it harder for an adversarial DS= to be able to correlate messages in delivery queues across groups and acros= s epochs. The fact that this might be useful or not depends a lot on archite= cture assumptions though.... B. > On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: >=20 > Hey all, >=20 > As I've been working with Benjamin on updating and landing the common fram= ing PR, I noticed that the epoch is still exposing more information to the D= S than it needs to. =20 >=20 > Right now, the epoch just increments by one every time the epoch changes. = This lets the DS track epochs statelessly -- it can take any two messages a= nd see which was before the other, without the need for any ongoing tracking= . >=20 > However, the epoch only needs to be intelligible to members of the group, s= o we could generate epoch values in a way that would only be intelligible to= members. For example [1]: >=20 > epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], "e= poch", 4) >=20 > That way, the DS could observe epoch changes, and observe how many message= s were sent within each epoch. But it wouldn't be able to understand the se= quence unless it tracked things all along. >=20 > A side benefit of this is that it allows the group to have forks in its hi= story more cleanly, since different forks will have different epoch numbers.= That could allow some softness in the ordering requirement, as long as the= group can eventually figure out which branch is the right one [2]. >=20 > Does this seem worthwhile to people? The cost is a few extra hashes. To m= e, the completeness/consistency seems like a marginal benefit, but the clean= forking seems pretty convincing. If folks think this worthwhile, I'm happy= to write up a PR. >=20 > Thanks, > --Richard >=20 >=20 > [1] I would probably keep epochs at 4 bytes, because any more seems wastef= ul. > [2] http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-P= aths-Jorge-Luis-Borges-1941.pdf > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls --Apple-Mail-223F77F6-BB08-45CE-886C-6300CBBF8F15 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Side note before I forget. Af= ter merging the common framing, the only two things potentially remaining in= the clear will be the group identifier and the epoch number (because we nee= d those to pick the group key necessary to decrypt the sender info). Raphael= and I talked about adopting a similar approach but generating an ephemeral G= roup Id at the same time. That could help a bit on the meta data protection s= ide by making it harder for an adversarial DS to be able to correlate messag= es in delivery queues across groups and across epochs. The fact that this mi= ght be useful or not depends a lot on architecture assumptions though....

B.

= On Apr 23, 2019, at 12:11 AM, Richard Barnes <rlb@ipv.sx> wrote:

Hey all,

As I've been working with Benjamin on updating and landing the common f= raming PR, I noticed that the epoch is still exposing more information to th= e DS than it needs to. 

Right now, the ep= och just increments by one every time the epoch changes.  This lets the= DS track epochs statelessly -- it can take any two messages and see which w= as before the other, without the need for any ongoing tracking.
However, the epoch only needs to be intelligible to members of t= he group, so we could generate epoch values in a way that would only be inte= lligible to members.  For example [1]:

epoch_[= n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], "epoch", 4)=

That way, the DS could observe epoch changes, and o= bserve how many messages were sent within each epoch.  But it wouldn't b= e able to understand the sequence unless it tracked things all along.
<= div>
A side benefit of this is that it allows the group to hav= e forks in its history more cleanly, since different forks will have differe= nt epoch numbers.  That could allow some softness in the ordering requi= rement, as long as the group can eventually figure out which branch is the r= ight one [2].

Does this seem worthwhile to people?&= nbsp; The cost is a few extra hashes.  To me, the completeness/consiste= ncy seems like a marginal benefit, but the clean forking seems pretty convin= cing.  If folks think this worthwhile, I'm happy to write up a PR.
<= /div>

Thanks,
--Richard


[1] I would probably keep epochs at 4 bytes, because an= y more seems wasteful.
________= _______________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org= /mailman/listinfo/mls
= --Apple-Mail-223F77F6-BB08-45CE-886C-6300CBBF8F15-- From nobody Mon Apr 22 15:50:10 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0EF6120177 for ; Mon, 22 Apr 2019 15:50:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APrJl1UnrzDS for ; Mon, 22 Apr 2019 15:50:06 -0700 (PDT) Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5042120168 for ; Mon, 22 Apr 2019 15:50:06 -0700 (PDT) Received: by mail-ot1-x330.google.com with SMTP id 64so11060966otb.8 for ; Mon, 22 Apr 2019 15:50:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XSdy/Ssoymxp5+GJ8rAQy+exF9AZi+jm4o4OoZC39NM=; b=cWOQy2DJPpy8NJD+vjmYRs3ULbkifZo1WJQDbSy3/9UI06sF51Bmb5Xr9BmrbZpnz6 Negsua13KvDhB/VQ9n1DVrHh3HeKYPhgmpeMntqDgdjtXBVInxjTfNas+noiOnQrJuol K3RLA6gqMr6ZV8zJbGlxn2g5HqNLYIoDbiyxTNZS+YVFiEwEQyvTx4g54KHDNThJSbMZ ZwdsDZ//Jwd779FxHJa8MKagNEuSCPOjFfec0Ybutfsf7vno/i17o+48NPspaEp5Vcl1 6tHfwtUOhMUaWfGb+1zNNxnijZZU+D08ClWBc0NHQ1ur4tBoXTwekDRtVZQMeDOL0b8+ pRtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XSdy/Ssoymxp5+GJ8rAQy+exF9AZi+jm4o4OoZC39NM=; b=gaOelS/Cusaif/VCbjHnY9N9IoUJJi4cpqrevWwf961mAxMB8+yyxQCEz2gVX45X9N oT9r/DPcl7ksvr7RSyC+RBvK0+GoF71JxTVVINRJQlkMk0WdmyYHdiMEJKrOd4Dw3rOV qy4k++S+4Tgovf6kkWdXKiUZFhO5i+ecQLDpU3+H7Tx73d7HMIzegjFAkXBUDCXnv/4Y BDlG3esUfKFffoQlGWzoXZh7LvHJhwS6sRudjqToJLtkx/Opw+i+Bzw+qSVyuaD93QUx TgMo2OBY7SaD57wUeI3FMaTOGtcP5FoAM5Mg9h3GU0XE4O5mQo97CAo1HiWoCkayLMTa X7IA== X-Gm-Message-State: APjAAAWc48AcTSQ47V2tLJ8Ja9fcovh263CRL+2akLLQnrsTCFOUqw4n gMXJmYgqObZE/jHAic3I5sIipqtmowJ4BmKXBgn7qQ== X-Google-Smtp-Source: APXvYqyZdhw/HI8BeZgfEVEKZU72pCsf0FQ0XK9rISQVoIzCnSrQnvz5sNaoGL2B7yCECAIkBfnB45ra85Zw3RL8LXY= X-Received: by 2002:a9d:518e:: with SMTP id y14mr12943742otg.23.1555973405925; Mon, 22 Apr 2019 15:50:05 -0700 (PDT) MIME-Version: 1.0 References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> In-Reply-To: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> From: Richard Barnes Date: Mon, 22 Apr 2019 18:49:46 -0400 Message-ID: To: Benjamin Beurdouche Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000023f5290587264a37" Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 22:50:09 -0000 --00000000000023f5290587264a37 Content-Type: text/plain; charset="UTF-8" True, you could have one unpredictable identifier that identifies both the group ID and the epoch. I like how that looks on the wire, but would require a bit more bookkeeping in clients. I might be inclined to go ahead and land an unpredictable-epoch PR in -05 (since that's a pretty small change), then look at folding in the group ID later. --RLB On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche < benjamin.beurdouche@inria.fr> wrote: > Side note before I forget. After merging the common framing, the only two > things potentially remaining in the clear will be the group identifier and > the epoch number (because we need those to pick the group key necessary to > decrypt the sender info). Raphael and I talked about adopting a similar > approach but generating an ephemeral Group Id at the same time. That could > help a bit on the meta data protection side by making it harder for an > adversarial DS to be able to correlate messages in delivery queues across > groups and across epochs. The fact that this might be useful or not depends > a lot on architecture assumptions though.... > > B. > > On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: > > Hey all, > > As I've been working with Benjamin on updating and landing the common > framing PR, I noticed that the epoch is still exposing more information to > the DS than it needs to. > > Right now, the epoch just increments by one every time the epoch changes. > This lets the DS track epochs statelessly -- it can take any two messages > and see which was before the other, without the need for any ongoing > tracking. > > However, the epoch only needs to be intelligible to members of the group, > so we could generate epoch values in a way that would only be intelligible > to members. For example [1]: > > epoch_[n] = HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], > "epoch", 4) > > That way, the DS could observe epoch changes, and observe how many > messages were sent within each epoch. But it wouldn't be able to > understand the sequence unless it tracked things all along. > > A side benefit of this is that it allows the group to have forks in its > history more cleanly, since different forks will have different epoch > numbers. That could allow some softness in the ordering requirement, as > long as the group can eventually figure out which branch is the right one > [2]. > > Does this seem worthwhile to people? The cost is a few extra hashes. To > me, the completeness/consistency seems like a marginal benefit, but the > clean forking seems pretty convincing. If folks think this worthwhile, I'm > happy to write up a PR. > > Thanks, > --Richard > > > [1] I would probably keep epochs at 4 bytes, because any more seems > wasteful. > [2] > http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-Paths-Jorge-Luis-Borges-1941.pdf > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > > --00000000000023f5290587264a37 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
True, you could have one unpredictable identifier tha= t identifies both the group ID and the epoch.=C2=A0 I like how that looks o= n the wire, but would require a bit more bookkeeping in clients.=C2=A0 I mi= ght be inclined to go ahead and land an unpredictable-epoch PR in -05 (sinc= e that's a pretty small change), then look at folding in the group ID l= ater.
--RLB


On Mon, Apr 22, 2019 at 6:42 PM Benjamin= Beurdouche <benjamin.be= urdouche@inria.fr> wrote:
Side note before I for= get. After merging the common framing, the only two things potentially rema= ining in the clear will be the group identifier and the epoch number (becau= se we need those to pick the group key necessary to decrypt the sender info= ). Raphael and I talked about adopting a similar approach but generating an= ephemeral Group Id at the same time. That could help a bit on the meta dat= a protection side by making it harder for an adversarial DS to be able to c= orrelate messages in delivery queues across groups and across epochs. The f= act that this might be useful or not depends a lot on architecture assumpti= ons though....

B.

On Apr 23, 2019, at 12:11 AM, Richard Barnes <rlb@ipv.sx> wrote:

<= /div>
Hey all,

As I've been working wi= th Benjamin on updating and landing the common framing PR, I noticed that t= he epoch is still exposing more information to the DS than it needs to.=C2= =A0

Right now, the epoch just increments by o= ne every time the epoch changes.=C2=A0 This lets the DS track epochs statel= essly -- it can take any two messages and see which was before the other, w= ithout the need for any ongoing tracking.

However,= the epoch only needs to be intelligible to members of the group, so we cou= ld generate epoch values in a way that would only be intelligible to member= s.=C2=A0 For example [1]:

epoch_[n] =3D HKDF-Expan= d-Label(some_secret_for_epoch_[n], epoch_[n-1], "epoch", 4)
=

That way, the DS could observe epoch changes, and obser= ve how many messages were sent within each epoch.=C2=A0 But it wouldn't= be able to understand the sequence unless it tracked things all along.

A side benefit of this is that it allows the group to= have forks in its history more cleanly, since different forks will have di= fferent epoch numbers.=C2=A0 That could allow some softness in the ordering= requirement, as long as the group can eventually figure out which branch i= s the right one [2].

Does this seem worthwhile to = people?=C2=A0 The cost is a few extra hashes.=C2=A0 To me, the completeness= /consistency seems like a marginal benefit, but the clean forking seems pre= tty convincing.=C2=A0 If folks think this worthwhile, I'm happy to writ= e up a PR.

Thanks,
--Richard


[1] I would probably keep epochs at 4 = bytes, because any more seems wasteful.
_______= ________________________________________
MLS mailing list
MLS@ietf.o= rg
https://www.ietf.org/mailman/listinfo/mls
--00000000000023f5290587264a37-- From nobody Mon Apr 22 15:52:32 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D981201F3 for ; Mon, 22 Apr 2019 15:52:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENDIlElHcPus for ; Mon, 22 Apr 2019 15:52:27 -0700 (PDT) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 001F3120168 for ; Mon, 22 Apr 2019 15:52:26 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,383,1549926000"; d="scan'208,217";a="379704753" Received: from unknown (HELO [10.131.166.155]) ([37.171.231.17]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Apr 2019 00:52:25 +0200 Content-Type: multipart/alternative; boundary=Apple-Mail-C9FCEB9D-F9A6-4616-BD56-0B4E5911C189 Mime-Version: 1.0 (1.0) From: Benjamin Beurdouche X-Mailer: iPhone Mail (16E227) In-Reply-To: Date: Tue, 23 Apr 2019 00:52:24 +0200 Cc: Messaging Layer Security WG Content-Transfer-Encoding: 7bit Message-Id: References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> To: Richard Barnes Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 22:52:30 -0000 --Apple-Mail-C9FCEB9D-F9A6-4616-BD56-0B4E5911C189 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable +1 > On Apr 23, 2019, at 12:49 AM, Richard Barnes wrote: >=20 > True, you could have one unpredictable identifier that identifies both the= group ID and the epoch. I like how that looks on the wire, but would requi= re a bit more bookkeeping in clients. I might be inclined to go ahead and l= and an unpredictable-epoch PR in -05 (since that's a pretty small change), t= hen look at folding in the group ID later. > --RLB >=20 >=20 >> On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche wrote: >> Side note before I forget. After merging the common framing, the only two= things potentially remaining in the clear will be the group identifier and t= he epoch number (because we need those to pick the group key necessary to de= crypt the sender info). Raphael and I talked about adopting a similar approa= ch but generating an ephemeral Group Id at the same time. That could help a b= it on the meta data protection side by making it harder for an adversarial D= S to be able to correlate messages in delivery queues across groups and acro= ss epochs. The fact that this might be useful or not depends a lot on archit= ecture assumptions though.... >>=20 >> B. >>=20 >>> On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: >>>=20 >>> Hey all, >>>=20 >>> As I've been working with Benjamin on updating and landing the common fr= aming PR, I noticed that the epoch is still exposing more information to the= DS than it needs to. =20 >>>=20 >>> Right now, the epoch just increments by one every time the epoch changes= . This lets the DS track epochs statelessly -- it can take any two messages= and see which was before the other, without the need for any ongoing tracki= ng. >>>=20 >>> However, the epoch only needs to be intelligible to members of the group= , so we could generate epoch values in a way that would only be intelligible= to members. For example [1]: >>>=20 >>> epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], "= epoch", 4) >>>=20 >>> That way, the DS could observe epoch changes, and observe how many messa= ges were sent within each epoch. But it wouldn't be able to understand the s= equence unless it tracked things all along. >>>=20 >>> A side benefit of this is that it allows the group to have forks in its h= istory more cleanly, since different forks will have different epoch numbers= . That could allow some softness in the ordering requirement, as long as th= e group can eventually figure out which branch is the right one [2]. >>>=20 >>> Does this seem worthwhile to people? The cost is a few extra hashes. T= o me, the completeness/consistency seems like a marginal benefit, but the cl= ean forking seems pretty convincing. If folks think this worthwhile, I'm ha= ppy to write up a PR. >>>=20 >>> Thanks, >>> --Richard >>>=20 >>>=20 >>> [1] I would probably keep epochs at 4 bytes, because any more seems wast= eful. >>> [2] http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking= -Paths-Jorge-Luis-Borges-1941.pdf >>> _______________________________________________ >>> MLS mailing list >>> MLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mls --Apple-Mail-C9FCEB9D-F9A6-4616-BD56-0B4E5911C189 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
+1<= /div>

On Apr 23, 2019, at 12:49 AM, Richard Barnes <<= a href=3D"mailto:rlb@ipv.sx">rlb@ipv.sx> wrote:

True, you could hav= e one unpredictable identifier that identifies both the group ID and the epo= ch.  I like how that looks on the wire, but would require a bit more bo= okkeeping in clients.  I might be inclined to go ahead and land an unpr= edictable-epoch PR in -05 (since that's a pretty small change), then look at= folding in the group ID later.
--RLB


On Mon, Apr 22, 2= 019 at 6:42 PM Benjamin Beurdouche <benjamin.beurdouche@inria.fr> wrote:
Side n= ote before I forget. After merging the common framing, the only two things p= otentially remaining in the clear will be the group identifier and the epoch= number (because we need those to pick the group key necessary to decrypt th= e sender info). Raphael and I talked about adopting a similar approach but g= enerating an ephemeral Group Id at the same time. That could help a bit on t= he meta data protection side by making it harder for an adversarial DS to be= able to correlate messages in delivery queues across groups and across epoc= hs. The fact that this might be useful or not depends a lot on architecture a= ssumptions though....

B.

On Apr 23, 2019, at 12:11 AM, Richard Barnes <rlb@ipv.sx> wrote:
Hey all,

As I've been working with Benja= min on updating and landing the common framing PR, I noticed that the epoch i= s still exposing more information to the DS than it needs to. 

Right now, the epoch just increments by one every time= the epoch changes.  This lets the DS track epochs statelessly -- it ca= n take any two messages and see which was before the other, without the need= for any ongoing tracking.

However, the epoch only n= eeds to be intelligible to members of the group, so we could generate epoch v= alues in a way that would only be intelligible to members.  For example= [1]:

epoch_[n] =3D HKDF-Expand-Label(some_secret_f= or_epoch_[n], epoch_[n-1], "epoch", 4)

That way, th= e DS could observe epoch changes, and observe how many messages were sent wi= thin each epoch.  But it wouldn't be able to understand the sequence un= less it tracked things all along.

A side benefit of= this is that it allows the group to have forks in its history more cleanly,= since different forks will have different epoch numbers.  That could a= llow some softness in the ordering requirement, as long as the group can eve= ntually figure out which branch is the right one [2].

Does this seem worthwhile to people?  The cost is a few extra hashes= .  To me, the completeness/consistency seems like a marginal benefit, b= ut the clean forking seems pretty convincing.  If folks think this wort= hwhile, I'm happy to write up a PR.

Thanks,
--Richard


[1] I would pro= bably keep epochs at 4 bytes, because any more seems wasteful.
________= _______________________________________
MLS mailing list
MLS@ietf.org<= /a>
https://www.ietf.org/mailman/listinfo/mls
= --Apple-Mail-C9FCEB9D-F9A6-4616-BD56-0B4E5911C189-- From igor@status.im Tue Apr 23 01:54:42 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91D1412036E for ; Tue, 23 Apr 2019 01:54:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=status-im.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dougiy10p1QH for ; Tue, 23 Apr 2019 01:54:40 -0700 (PDT) Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E2D812023C for ; Tue, 23 Apr 2019 01:54:40 -0700 (PDT) Received: by mail-lj1-x22f.google.com with SMTP id q66so12743204ljq.7 for ; Tue, 23 Apr 2019 01:54:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=status-im.20150623.gappssmtp.com; s=20150623; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=pQIdzaBqxEwC5pHi5K6X5jCt2R4r3l2b9JaS1N//tgU=; b=Hb78QUjb0RIyDnWj/xWdWGLju/H2rDiWPsW/7z2Dq2LBSrfWxpOlFcXhyEEtbkAJcn Y++srdC3rHqv2CoD00TEEaSeDTMZv697HUpCRxECaNd5YTb9/Xbrwxmby7NYYC6D4jCH 2I0n0ZzGHErR6WsS0mr+jlBcK/+nIfm66C4jx3HJNlpLWK8dPPofwP+c3WgjZJLSHUot SjDxx7sFa95XoYTZeSps5Gg8Me/89Ga0mzwBQsI+9oJ4gFNsjl4+qbHg74mSw/USFjYS rY/rhk5U+5qN0Kg2rDElE4C7H0scXMyT61ESYqVftuaItjQDuRCK6MiPWcIIEP5I6nSf Tygw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=pQIdzaBqxEwC5pHi5K6X5jCt2R4r3l2b9JaS1N//tgU=; b=Kom/civwk382sSuKtG6GJgRXU+E67zHzjTVAmvCJ5qQNCNjBh7GtKFol/nB6TmhDnF dta8B4BtMd+yjKMpCD6BBFs+e/NuNB0fJeLU656L7jZONBXmnAyVJb4qgPHS/edxyvSc YEaJO5BkP3AMDIB2wnO5ZQYQq5wb/6aRPmMtppSomsNOAZJ6zSMmpnHihoPTreVh3f3R rxWKNhmSfzgmonV99UUFTBT7EERFicRJ5X+KmhFU50y6pkip9q9a7KcZHD2aiMG7sI5n 4SHLObBGLG/GQtCXn8MtnN1ViKqKXtPAqLIc17HWWyiZ+JXbQlmHoyY6XxNTqKQh75ot xXwQ== X-Gm-Message-State: APjAAAWs0Va8n6TDdH6dexo4GtxeztVITyWbNv6kDpb+AkXNPery96XC hxizXq5o6EeMFnc2+ST80T2OF8uN7gF01w== X-Google-Smtp-Source: APXvYqwyYyaEn0ExxdtS4uSdP2ZyiC2/nqjSqPZCR4Nq0yvymb7Bxqe6wVczwHGbXMcfo1vyJoraYA== X-Received: by 2002:a2e:8719:: with SMTP id m25mr13288046lji.50.1556009678441; Tue, 23 Apr 2019 01:54:38 -0700 (PDT) Received: from mandrigin02s-iMac-Pro.local ([2a04:ae08:7009:fb00:2da9:6be4:3ccc:5a25]) by smtp.gmail.com with ESMTPSA id u6sm3557943lfu.5.2019.04.23.01.54.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 01:54:37 -0700 (PDT) From: Igor Mandrigin X-Google-Original-From: Igor Mandrigin To: mls@ietf.org References: Message-ID: <93f30893-9f95-7138-7b9a-8c33596e66d7@imap.ietf.org> Date: Tue, 23 Apr 2019 10:54:36 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [MLS] May 2019 MLS Interim - Berlin, Germany X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 08:55:39 -0000 Hi! It's Igor, from Status (https://status.im). I'd like to attend in person too. / Igor On 2019-04-09 03:18, Nick Sullivan wrote: > Hello mlswg, > > The chairs would like to propose the following date for the next MLS > interim: > Thursday, May 16th, 2019 > Berlin, Germany > Host: Wire > > This is the Thursday before the Saturday, May 18 Messaging workshop at > Eurocrypt in Darmstadt, so those people wishing to attend both have > some time to travel. > > Please indicate if you would plan on attending an interim on this > date. If this date and location are not suitable and you planned to > come, please indicate your expected level of participation in the > interim in your response. There will be a remote participation option. > > Sean and Nick From nobody Tue Apr 23 08:03:47 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D463112008C for ; Tue, 23 Apr 2019 08:03:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Az1bdhE_6WcS for ; Tue, 23 Apr 2019 08:03:42 -0700 (PDT) Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F5AA120033 for ; Tue, 23 Apr 2019 08:03:42 -0700 (PDT) Received: by mail-oi1-x22f.google.com with SMTP id v84so11548046oif.4 for ; Tue, 23 Apr 2019 08:03:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G6i6Jw9Yc6o9decvm+LaSoRqDsseXKvUDOO8iXcFhjg=; b=VWs//Ik0fv5xvWVdutqOdHfMnTOEWS9CrVnrsYveuWe8jF4SXV3H4Dgnu3C/ZFtXuy dvIOi1QRtVcDdLuwNmjWW1WI3L/mOtXbQ6mPu4aFQGElKnKreAe1SK0ClQjyqLiE2/lO fzuPgNgkzePg4X+rX2xgLeYZP4P3O2TLM4r3O4Ob4qGpJ52mV4lD7pswAh/5cew4ZCPA WuNlo7iwcCkQw96poutEFjTYcuISFcQ7+ZTR14Nbb9hje6ZiykG/syoYMMpnsCEGZIFl 1uY6bVZRBuWD3a6VzR7nJrpBwy/f3BSA0yRIvakH4C9hUFJSy4Cg6D78qgjNt7H1Hgit aeWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G6i6Jw9Yc6o9decvm+LaSoRqDsseXKvUDOO8iXcFhjg=; b=qii20Im4wbY4/LAj7+SJsjddh+lG7aAvwWWgvlUX2/VY3gN2Sxf+ziPpjhUIPQ7apR 5qwkbuwW8VlHELpmXn86HiX8nGioBbVW/YucQwtKfrnrFHcBjA/hM2FOSoIeSRSQp52k gRhmyUgYV+rdbtE2hH2Gxp8E4NTFc6P+n+bKGWoKM6fHqcfZ9GCtEPkYZEh2UlurpLhR Zw26aZHhzFqkM/Zs6qwVY9fpl7NgIE51WVxRiUEqjybuo4Qv7u3evPXyTAbX9mLRuXFp 1DPgY+CNWIarzrr651C1FlB4iBQ7bbw5Y7irvdotta9zUyM7LBePTF+na5V6HbomVQCi Ju/Q== X-Gm-Message-State: APjAAAW2gLHXLFOBfFyJ99DfiLUlCrxJ5x0W3CGpKZmc0ZOlkpsD2Xrm OdX+HRhQVFvykFhjZLcrXY+rDEHPtdDM9PfSDk14tA== X-Google-Smtp-Source: APXvYqwJbtJFAg35as0ZZizGdqee95IYwkbRBJd/fYstU7bwBcpr+rLEGmhlnt3ZbGgNMH0mBEuYre92BKV8ICSi3S8= X-Received: by 2002:aca:d614:: with SMTP id n20mr1971928oig.135.1556031821142; Tue, 23 Apr 2019 08:03:41 -0700 (PDT) MIME-Version: 1.0 References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> In-Reply-To: From: Richard Barnes Date: Tue, 23 Apr 2019 11:03:20 -0400 Message-ID: To: Benjamin Beurdouche Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000f57086058733e332" Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 15:03:45 -0000 --000000000000f57086058733e332 Content-Type: text/plain; charset="UTF-8" Here's a PR: https://github.com/mlswg/mls-protocol/pull/152/files On Mon, Apr 22, 2019 at 6:52 PM Benjamin Beurdouche < benjamin.beurdouche@inria.fr> wrote: > +1 > > On Apr 23, 2019, at 12:49 AM, Richard Barnes wrote: > > True, you could have one unpredictable identifier that identifies both the > group ID and the epoch. I like how that looks on the wire, but would > require a bit more bookkeeping in clients. I might be inclined to go ahead > and land an unpredictable-epoch PR in -05 (since that's a pretty small > change), then look at folding in the group ID later. > --RLB > > > On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche < > benjamin.beurdouche@inria.fr> wrote: > >> Side note before I forget. After merging the common framing, the only two >> things potentially remaining in the clear will be the group identifier and >> the epoch number (because we need those to pick the group key necessary to >> decrypt the sender info). Raphael and I talked about adopting a similar >> approach but generating an ephemeral Group Id at the same time. That could >> help a bit on the meta data protection side by making it harder for an >> adversarial DS to be able to correlate messages in delivery queues across >> groups and across epochs. The fact that this might be useful or not depends >> a lot on architecture assumptions though.... >> >> B. >> >> On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: >> >> Hey all, >> >> As I've been working with Benjamin on updating and landing the common >> framing PR, I noticed that the epoch is still exposing more information to >> the DS than it needs to. >> >> Right now, the epoch just increments by one every time the epoch >> changes. This lets the DS track epochs statelessly -- it can take any two >> messages and see which was before the other, without the need for any >> ongoing tracking. >> >> However, the epoch only needs to be intelligible to members of the group, >> so we could generate epoch values in a way that would only be intelligible >> to members. For example [1]: >> >> epoch_[n] = HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], >> "epoch", 4) >> >> That way, the DS could observe epoch changes, and observe how many >> messages were sent within each epoch. But it wouldn't be able to >> understand the sequence unless it tracked things all along. >> >> A side benefit of this is that it allows the group to have forks in its >> history more cleanly, since different forks will have different epoch >> numbers. That could allow some softness in the ordering requirement, as >> long as the group can eventually figure out which branch is the right one >> [2]. >> >> Does this seem worthwhile to people? The cost is a few extra hashes. To >> me, the completeness/consistency seems like a marginal benefit, but the >> clean forking seems pretty convincing. If folks think this worthwhile, I'm >> happy to write up a PR. >> >> Thanks, >> --Richard >> >> >> [1] I would probably keep epochs at 4 bytes, because any more seems >> wasteful. >> [2] >> http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-Paths-Jorge-Luis-Borges-1941.pdf >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> >> --000000000000f57086058733e332 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<= br>
On Mon,= Apr 22, 2019 at 6:52 PM Benjamin Beurdouche <benjamin.beurdouche@inria.fr> wrote:
=
+1

On Apr 23, 20= 19, at 12:49 AM, Richard Barnes <rlb@ipv.sx> wrote:

<= div dir=3D"ltr">
True, you could have one unpredictabl= e identifier that identifies both the group ID and the epoch.=C2=A0 I like = how that looks on the wire, but would require a bit more bookkeeping in cli= ents.=C2=A0 I might be inclined to go ahead and land an unpredictable-epoch= PR in -05 (since that's a pretty small change), then look at folding i= n the group ID later.
--RLB


On Mon, Apr 22, 2019 at = 6:42 PM Benjamin Beurdouche <benjamin.beurdouche@inria.fr> wrote:
Side note before I forget. After merging the common framing, th= e only two things potentially remaining in the clear will be the group iden= tifier and the epoch number (because we need those to pick the group key ne= cessary to decrypt the sender info). Raphael and I talked about adopting a = similar approach but generating an ephemeral Group Id at the same time. Tha= t could help a bit on the meta data protection side by making it harder for= an adversarial DS to be able to correlate messages in delivery queues acro= ss groups and across epochs. The fact that this might be useful or not depe= nds a lot on architecture assumptions though....

=
B.

On Apr 23, 2019, at 12:= 11 AM, Richard Barnes <r= lb@ipv.sx> wrote:

Hey all,

<= div>As I've been working with Benjamin on updating and landing the comm= on framing PR, I noticed that the epoch is still exposing more information = to the DS than it needs to.=C2=A0

Right now, = the epoch just increments by one every time the epoch changes.=C2=A0 This l= ets the DS track epochs statelessly -- it can take any two messages and see= which was before the other, without the need for any ongoing tracking.

However, the epoch only needs to be intelligible to m= embers of the group, so we could generate epoch values in a way that would = only be intelligible to members.=C2=A0 For example [1]:

epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1= ], "epoch", 4)

That way, the DS could ob= serve epoch changes, and observe how many messages were sent within each ep= och.=C2=A0 But it wouldn't be able to understand the sequence unless it= tracked things all along.

A side benefit of this = is that it allows the group to have forks in its history more cleanly, sinc= e different forks will have different epoch numbers.=C2=A0 That could allow= some softness in the ordering requirement, as long as the group can eventu= ally figure out which branch is the right one [2].

Does this seem worthwhile to people?=C2=A0 The cost is a few extra hashes.= =C2=A0 To me, the completeness/consistency seems like a marginal benefit, b= ut the clean forking seems pretty convincing.=C2=A0 If folks think this wor= thwhile, I'm happy to write up a PR.

Thank= s,
--Richard


[1] I wo= uld probably keep epochs at 4 bytes, because any more seems wasteful.
=
_______= ________________________________________
MLS mailing list
MLS@ietf.o= rg
https://www.ietf.org/mailman/listinfo/mls
--000000000000f57086058733e332-- From nobody Thu Apr 25 10:17:40 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38295120074 for ; Thu, 25 Apr 2019 10:17:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8ziOL1WDLUB for ; Thu, 25 Apr 2019 10:17:36 -0700 (PDT) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71A091201DC for ; Thu, 25 Apr 2019 10:17:36 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id c6so513093wrm.1 for ; Thu, 25 Apr 2019 10:17:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=hoIsouoHvQoxA9H9mrnmCFm9wM7rEfyO5Wg55lOMQnc=; b=QuK5GolK22gGyFmNoYS9pGCzk40IEnCtUxizfbJmrYKcpD/f7dE3x0N9ubp7Q5A06i gmAKiM/O/85zRxgBqdk8tUV+FBTMmDMb7u/75M8kr0U+MzzsKzBBXgP4QiDRkjsmE2fE +eNAp617UfYd3uZXCKdFZs2CObATB7km94S/U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=hoIsouoHvQoxA9H9mrnmCFm9wM7rEfyO5Wg55lOMQnc=; b=LSREY+c5zrrZWTJcK0l/vODmh07pwGn4ArYQ+RJDmmCqR6LlcnovSKf1azm+HZjXL9 DUjG7lFTLEckX1GCUOxtdUL5kq+npS2NfxDDdzq/kFy423sYcmRTCWgQAWZluUdpdmaj TeX8kzqS5uh9V7SFZRCX1QQM7XpFaAb/zduWUN4w/snRfoCuZRS5WyJZQACReBCsz4TQ zB0u3c+iNRtIDUsJkHJ9hK9QxpiMyFOxG0veYGADOC83YszAX+ij8syqDr/zZTN7hd1i Bk1qeDzC8n+Ck9m/PhDQyg5nUot4erpgjQyY4PpiNgJKg4qcalsWsxUqMBqkaEUbb+ms tAow== X-Gm-Message-State: APjAAAXFjOeYTi3suU7MBPL1UWvGoC+uGacMlVxSBKtA2m7TaMVYTd1R 8Qe8JNWnJY+ec64rVfZqVQUTpZDaYrl9BoGKfmv74NE3w+cpbw== X-Google-Smtp-Source: APXvYqwH4keQ74dCciBXOiYs9nOxzbXYBmFPXyM79kjjDCKGbTgZyahxAWski22PivnbbI0+9x/G3+JZdM+6zcEOhI0= X-Received: by 2002:adf:f309:: with SMTP id i9mr26117696wro.258.1556212654278; Thu, 25 Apr 2019 10:17:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nick Sullivan Date: Thu, 25 Apr 2019 10:17:23 -0700 Message-ID: To: mls@ietf.org Content-Type: multipart/alternative; boundary="00000000000074323905875dfe2c" Archived-At: Subject: Re: [MLS] Call for adoption: draft-omara-mls-federation X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 17:17:39 -0000 --00000000000074323905875dfe2c Content-Type: text/plain; charset="UTF-8" Since there was no dissent, a consensus is declared and the document is adopted. The chairs invite the authors to submit draft-ietf-mls-federation-00 and to move the working draft to Github: https://github.com/mlswg/mls-federation Nick and Sean On Tue, Apr 9, 2019 at 1:17 AM Dave Cridland wrote: > I appreciate you didn't ask for affirmation, but nevertheless - the > structures and architecture described by this draft look useful to me, and > would benefit from being worked on within this group, so I also support > adoption of the draft. > > On Tue, 9 Apr 2019 at 01:32, Nick Sullivan 40cloudflare..com@dmarc.ietf.org <40cloudflare.com@dmarc.ietf.org>> wrote: > >> At TLS@IETF104, there was consensus in the room to adopt >> draft-omara-mls-federation >> . This >> message is to confirm that consensus. If you do not support adoption of >> draft-omara-mls-federation as WG item please say so by 2359UTC on 19 April >> 2019 (and say why). >> >> Thanks, >> Nick and Sean >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> > --00000000000074323905875dfe2c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Since there was no dissent, a consensus is declared a= nd the document is adopted.

The chairs invite the = authors to submit draft-ietf-mls-federation-00 and to move the working draf= t to Github:=C2=A0https://github.com/mlswg/mls-federation

=
Nick and Sean

On Tue, Apr 9, 2019 at 1:17 AM Dave Cridland <dave@cridland.net> w= rote:
I appreciate you didn't ask for affirmation, but nevertheless = - the structures and architecture described by this draft look useful to me= , and would benefit from being worked on within this group, so I also suppo= rt adoption of the draft.

On Tue, 9 Apr 2019 at 01:32, Nick Sullivan <nic= k=3D40= cloudflare..com@dmarc.ietf.org> wrote:
At TLS= @IETF104, there was consensus in the room to adopt draft-o= mara-mls-federation. This message is to confirm that consensus. If you = do not support adoption of draft-omara-mls-federation as WG item please say= so by 2359UTC on 19 April 2019 (and say why).

Tha= nks,
Nick and Sean
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000074323905875dfe2c-- From nobody Thu Apr 25 10:38:23 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00001201DC for ; Thu, 25 Apr 2019 10:38:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.991 X-Spam-Level: X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFNWK58doY0H for ; Thu, 25 Apr 2019 10:38:19 -0700 (PDT) Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD69B120241 for ; Thu, 25 Apr 2019 10:38:18 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id b1so569905wru.3 for ; Thu, 25 Apr 2019 10:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=1Qi7SaoyjUqDnhbTWWAB2VdnfFIJ5KpcpSNlDPyKu00=; b=qRXsjVu1bDP1Jr9XfIN/x49h3IwLDMN8BODFAsf8nxP78B9QYcBiEd3bHKcd7w/sGI SilS/szmn+V1vj2pb7T2k4q7oqAxsLZfR6hl9EUCapZGvpdEyltLqeIYd+JfIKCbeNHA kjTfIsc9B4hUI2fOzs4bdH1oM+fUHhLEw3w9Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1Qi7SaoyjUqDnhbTWWAB2VdnfFIJ5KpcpSNlDPyKu00=; b=FhCuoJDPPz5/iBtOhbp1r+PQP+uLHbpNUNZBgeG7o8CO8OXDdXmKx3BFBIOaCCC/3d 1ZOoO7AI5ZhdVm5/Uey0JzxYvd+eGfyqxI/cpsoisAqHMgS1MpgLXnHXTj/ppgZT8JpP ISR2jKdQPnPTAYkFTP3kDVX95S9T3lSxrdfiXhCNpwoR0f7HlpnyVoFUXsGhXQSLAWGv RVZ0qC+RovXe//Pq9VMz3ZA6ZRoi5UT/9j/cTx8ArClA4DV05rmHVxsnQG0n5d+49OmY TZs3rWhVFXC4xk07XQSss9DptGXoQ2LZl/01MluyFepoM6gNrlqB/cebDIZaJOlJod30 +4rw== X-Gm-Message-State: APjAAAXoL50XNkgDHbHecov7oaLWkSoyKT490oZlVRFp0wZ9vjcCmcRv CJLbxm5k2efcgq73BmD2IwZzlMYrak2pNFmCeE9B8TfCXiPmtA== X-Google-Smtp-Source: APXvYqw2WIVQbKLvz66oLozYQuimOHn5azQNjfFzTk5hbuzxWljUIkFQiqWY9kBAsWDlmzG/RnS5Cki8mKEJ1oIpFvM= X-Received: by 2002:adf:e2c3:: with SMTP id d3mr18951027wrj.189.1556213896808; Thu, 25 Apr 2019 10:38:16 -0700 (PDT) MIME-Version: 1.0 From: Nick Sullivan Date: Thu, 25 Apr 2019 10:38:05 -0700 Message-ID: To: mls@ietf.org Content-Type: multipart/alternative; boundary="00000000000083b5b405875e48e0" Archived-At: Subject: [MLS] May 2019 Interim Registration and Issue discussion X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 17:38:22 -0000 --00000000000083b5b405875e48e0 Content-Type: text/plain; charset="UTF-8" The date and location are set for the May 2019 Interim meeting. It will be on May 16 at the Wire headquarters in Berlin. More details can be found on Github: https://github.com/mlswg/wg-materials/tree/master/interim-2019-05. Please register with the following form if you intend on attending either remotely or in person. Registration Link ( https://forms.gle/8vK6ZKSrFzgX6KTr8) Registration deadline closes on May 2nd. We are soliciting proposals for presentations to add to the agenda for the meeting. Please send proposals to mls-chairs@ietf.org. Due to time limitations, these should be restricted to discussions about current active drafts. Here are the active documents: *Protocol* (https://tools.ietf.org/html/draft-ietf-mls-protocol-04) Issues: https://github.com/mlswg/mls-protocol/issues Milestones: https://github.com/mlswg/mls-protocol/milestones *Architecture* (https://tools.ietf.org/html/draft-ietf-mls-architecture-02) Issues: https://github.com/mlswg/mls-architecture *Federation* (https://tools.ietf.org/html/draft-omara-mls-federation-00) Issues: https://github.com/mlswg/mls-federation/issues As a reminder for the working group, the target milestone for the -05 draft of the protocol document is May 1st, 2019. There are still a number of open issues that should be discussed here: https://github.com/mlswg/mls-protocol/milestone/2. We encourage the authors and other participants to read these issues, distill the main questions raised by them and propose answers for discussion on the list in the coming week. Nick and Sean --00000000000083b5b405875e48e0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

The date and location are set for the May 2019 Interim meeting. It = will be on May 16 at the Wire headquarters in Berlin. More details can be f= ound on Github: https://github.com/mlswg/w= g-materials/tree/master/interim-2019-05.


Please register with the following form if= you intend on attending either remotely or in person.

<= span style=3D"font-size:11pt;font-family:Arial;background-color:transparent= ;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration= -line:underline;vertical-align:baseline;white-space:pre-wrap">Registration = Link (https://forms.gle/8vK6ZKSrFzgX6KTr8)


Registration deadline closes on May 2nd.


<= p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><= span style=3D"font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-= color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma= l;vertical-align:baseline;white-space:pre-wrap">We are soliciting proposals= for presentations to add to the agenda for the meeting. Please send propos= als to mls-chairs@ietf.org. Due = to time limitations, these should be restricted to discussions about curren= t active drafts.


Here are the active documents:

Protocol (https://tools.i= etf.org/html/draft-ietf-mls-protocol-04)

Issues: https://github.com/mlswg/mls-protocol/issues=

Milestones:= https://github.com/mlswg/mls-protocol/milestones<= /a>


Architecture= (https://tools.ietf.org/html/draft-ietf-mls= -architecture-02)

Issues: https://gith= ub.com/mlswg/mls-architecture


Federation (https://= tools.ietf.org/html/draft-omara-mls-federation-00)

Issues: https://github.com/mlswg/mls-fed= eration/issues



As a reminder for the working group, the target milestone for th= e -05 draft of the protocol document is May 1st, 2019. There are still a nu= mber of open issues that should be discussed here: https:= //github.com/mlswg/mls-protocol/milestone/2. We encourage the authors and other participan= ts to read these issues, distill the main questions raised by them and prop= ose answers for discussion on the list in the coming week.


Nick and Sean

=
--00000000000083b5b405875e48e0-- From nobody Thu Apr 25 10:50:35 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D096612025D for ; Thu, 25 Apr 2019 10:50:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pmfw9jzV-4eC for ; Thu, 25 Apr 2019 10:50:31 -0700 (PDT) Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9D43120291 for ; Thu, 25 Apr 2019 10:50:30 -0700 (PDT) Received: by mail-ot1-x331.google.com with SMTP id c16so307651otn.4 for ; Thu, 25 Apr 2019 10:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ncLpEVAyEn3GzkG3yJDRFd4IQW0hGe5aUJmGRRy/Bf4=; b=F9t4t0R5WmcJvsD1Z1iOIyTr0WKpX20pglsDMQqcbXUBkHA21DXpGjHCG1f626ZDG5 m7rV3x+VI3/yr62DLXlKDbBiXc/Ya6SVv3XbTmt/V43FQRPNNXb/RZvc/hB9t4BikECd DxGQ1le7XofDOvjrfteC8dSC6gY2B0CDu+EPcWbcNh2ChqE22Os5PSrZ41j089T/fQve pG5xQfDO2/53S9X67IV3VDgXHdYcfMQ0dP5kKo/fVGsVuGuGlQ61KTCgo7EiNa18Fb1P uFU95XrFecY91N8s3Q7KdtFw//gjUyz/2Hj1j7D+Xmd2kucTXqPdPQ06NqLq7Lr+F5yO dSmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ncLpEVAyEn3GzkG3yJDRFd4IQW0hGe5aUJmGRRy/Bf4=; b=bkn+EKn4BF/RWxNx/Gk1D9N+Wm1NIuP2dmgrv1vD3+M/UkBAyrO5TGJ6K7o6HzBS6J SsDgoFv8bWJp0RBvgNjPKQTKTrFrmviAXHUtUamQZLVkgkEgyJ/DPlvyydqYutaY+OB3 reWGsPhKGftCk34qUl7gnVp4MTXPaYmyybuMd4KbPrTLQo8FKCZ5cRzujrBy/UVWE1U5 JjxdzjpiUGcE789QF549H7sr2jA7JdkBbW7WR8RBPyzrjikRr/K1tJM7AFT1mvKSjEH/ 7XUnYLprIdvLvOiZam066y9326eWbykee/zSf+up33DoLgYhdfduW++TSkTDPpILWm5c GKHA== X-Gm-Message-State: APjAAAWs9pZ+C71SH6YmSaSp+Jf1mwU/haGnaMSIOWu2yaYhGbL09Wz0 XMQYw2ExCaIea+67chSHHwn84GI5PZeV3LFgk+GVA7GIfyRuHg== X-Google-Smtp-Source: APXvYqwZ1UqrZAquW1tHGUprw6/iAe+VmX3AD8NTXd0qIeopvE2J/hUhNbpbXfXZhuixXvYpp/wpejvp3p0rcdnIYb4= X-Received: by 2002:a9d:604a:: with SMTP id v10mr88911otj.81.1556214629573; Thu, 25 Apr 2019 10:50:29 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Barnes Date: Thu, 25 Apr 2019 13:50:04 -0400 Message-ID: To: Nick Sullivan Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000030bd9305875e740a" Archived-At: Subject: Re: [MLS] May 2019 Interim Registration and Issue discussion X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 17:50:34 -0000 --00000000000030bd9305875e740a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Couple of notes on plans for the protocol document: As Nick notes, we are hoping to publish draft-05 of the protocol document before the interim. I have marked a handful of PRs for inclusion in that release: https://github.com/mlswg/mls-protocol/milestone/2 If folks could review those PRs ASAP, that would be helpful, as we will be working to get a few major things merged next week. Thanks to Jo=C3=ABl Al= wen and Michael Rosenberg for reviews so far. In general, my thinking is that draft-05 will be a "feature release" and draft-06 will be a "performance relase", in the following sense: In draft-05, we're getting in a lot of the big changes to the security model (tree hashing, common signing/encryption). We'll try to keep these things stable for a bit, to let some analysis get done. While that's going on, we can focus on issues that relate more to performance / scalability / maintainability, such as server assist, server-initiated add/remove, or KDF trees for application secrets. I've already put a few issues / PRs into the draft-06 milestone: https://github.com/mlswg/mls-protocol/milestone/3 --Richard On Thu, Apr 25, 2019 at 1:38 PM Nick Sullivan wrote: > The date and location are set for the May 2019 Interim meeting. It will b= e > on May 16 at the Wire headquarters in Berlin. More details can be found o= n > Github: https://github.com/mlswg/wg-materials/tree/master/interim-2019-05= . > > Please register with the following form if you intend on attending either > remotely or in person. > > Registration Link ( > https://forms.gle/8vK6ZKSrFzgX6KTr8) > > Registration deadline closes on May 2nd. > > We are soliciting proposals for presentations to add to the agenda for th= e > meeting. Please send proposals to mls-chairs@ietf.org. Due to time > limitations, these should be restricted to discussions about current acti= ve > drafts. > > Here are the active documents: > > *Protocol* (https://tools.ietf.org/html/draft-ietf-mls-protocol-04) > > Issues: https://github.com/mlswg/mls-protocol/issues > > Milestones: https://github.com/mlswg/mls-protocol/milestones > > *Architecture* (https://tools.ietf.org/html/draft-ietf-mls-architecture-0= 2 > ) > > Issues: https://github.com/mlswg/mls-architecture > > *Federation* (https://tools.ietf.org/html/draft-omara-mls-federation-00) > > Issues: https://github.com/mlswg/mls-federation/issues > > > As a reminder for the working group, the target milestone for the -05 > draft of the protocol document is May 1st, 2019. There are still a number > of open issues that should be discussed here: > https://github.com/mlswg/mls-protocol/milestone/2. We encourage the > authors and other participants to read these issues, distill the main > questions raised by them and propose answers for discussion on the list i= n > the coming week. > > > Nick and Sean > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --00000000000030bd9305875e740a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Couple of notes on = plans for the protocol document:

As Nick notes= , we are hoping to publish draft-05 of the protocol document before the int= erim.=C2=A0 I have marked a handful of PRs for inclusion in that release:

=
If folks could review those PRs ASAP, that would be helpful,= as we will be working to get a few major things merged next week.=C2=A0 Th= anks to Jo=C3=ABl Alwen and Michael Rosenberg for reviews so far.

In general, my thinking is that draft-05 will be a "fe= ature release" and draft-06 will be a "performance relase", = in the following sense: In draft-05, we're getting in a lot of the big = changes to the security model (tree hashing, common signing/encryption).=C2= =A0 We'll try to keep these things stable for a bit, to let some analys= is get done.=C2=A0 While that's going on, we can focus on issues that r= elate more to performance / scalability / maintainability, such as server a= ssist, server-initiated add/remove, or KDF trees for application secrets.= =C2=A0 I've already put a few issues / PRs into the draft-06 milestone:=


--Richard

On Thu, Apr 25, 2019 at 1:3= 8 PM Nick Sullivan <nick=3D40cloudflare.com@dmarc.ietf.org> wrote:

Th= e date and location are set for the May 2019 Interim meeting. It will be on= May 16 at the Wire headquarters in Berlin. More details can be found on Gi= thub: https://github.com= /mlswg/wg-materials/tree/master/interim-2019-05.


Please register with the followi= ng form if you intend on attending either remotely or in person.

=

= Registration Link (https://forms.gle/8v= K6ZKSrFzgX6KTr8= )


Registrati= on deadline closes on May 2nd.


We are soliciting proposals for presentations to add to = the agenda for the meeting. Please send proposals to mls-chairs@ietf.org. Due to time lim= itations, these should be restricted to discussions about current active dr= afts.


Here a= re the active documents:

Protocol (https://= tools.ietf.org/html/draft-ietf-mls-protocol-04)

Issues: https://github.com/= mlswg/mls-protocol/issues

Milestones: https://github= .com/mlswg/mls-protocol/milestones


Architecture (https://tools.ietf.org/html/draft-ietf-mls-architecture= -02)

=

= Issues: https:/= /github.com/mlswg/mls-architecture


Federation (https://tools.ietf.org/html/draft-omara-mls-federation-00<= /span>)

Issues: https://github.com/mlswg/mls-federation/issues


As a reminder for the= working group, the target milestone for the -05 draft of the protocol docu= ment is May 1st, 2019. There are still a number of open issues that should = be discussed here: https://github.com/m= lswg/mls-protocol/milestone/2. We encourage the authors and other participants to read the= se issues, distill the main questions raised by them and propose answers fo= r discussion on the list in the coming week.



Nick and Sean


<= /div> _______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000030bd9305875e740a-- From nobody Thu Apr 25 23:31:51 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10E212017E for ; Thu, 25 Apr 2019 23:23:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.com header.b=m6g0JS5m; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UV1+Gynl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SDMD-c8sacns for ; Thu, 25 Apr 2019 23:22:59 -0700 (PDT) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 032A71200BA for ; Thu, 25 Apr 2019 23:22:59 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E85A020963; Fri, 26 Apr 2019 02:22:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Fri, 26 Apr 2019 02:22:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=c Yfr6jM6F0MP7+ekkQEaWZi+FA8RZcww202OHcx1MCo=; b=m6g0JS5maxPp7Eh0I vLDSIFn/DgUKS5aJN8Gaz3iXrrOnd4ZjsvgJKjkglhXneCRVcG6JTbxRDoQDx5Cc 0zx7aUgKz2vpnLa1PALLnBsI/fATsXxFNL10VkiXHFkaczffXGFS7krDKBrnq0rX +U64L3REtWyTAIOm0edCYfstv5emuqTLIgbGOxMrrm3Q69hq+qTQs3p9gUy2Oaol KIXhWx9Qp9JG62UCYh+SKy9op1O7dBfmLa/m5SSam23TOOJ/XZIgvpKUetLHWwp0 8a6yTiRZ1W36052tSGb272IKOtRy4YeLZL5aw5nZUnt6KBydzClZ7ZpW7WXqeCjb Mrvng== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=cYfr6jM6F0MP7+ekkQEaWZi+FA8RZcww202OHcx1M Co=; b=UV1+Gynlgnr+3bPqHaAoq0K5Ko3XWTLFJBlF015CU7eYiIAJ3YpIXuyJF jiUK/B2tUyLKZu/vRXbOm9yTXyqp77aDfDBzXrmWC5cmbmqoIDhj0C8+QJBD44Oq 1Cs3NKFigOHsEgQ2Ni0N0KvdngCe27PlcSxYghRrcyrSLPwbfRo0WvN/50T29Kxn r1ja9Ue7zYHwcMGBYfcZ7Xx/jXuj02wleRZFXfllzMHMsSuuPksec/xHt72ap48i 6SLdGv2Vb9bHjY4D8I6gy67fcsc9Uk1Z1jUa4IolqkcGiOlWnRacLaTbyQboBdGG wVUqJ7NwiOmjbdIhtbxqG5WuCVqQQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrheehgddutdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtggfuhfgjfffgkfhfvffosehtqh hmtdhhtddvnecuhfhrohhmpefoihgthhgrvghlucftohhsvghnsggvrhhguceomhhitghr ohesfhgrshhtmhgrihhlrdgtohhmqeenucffohhmrghinhepghhithhhuhgsrdgtohhmpd hivghtfhdrohhrghdpmhihtghouhhrshdrvghsnecukfhppeejgedrjedurdektddrledt necurfgrrhgrmhepmhgrihhlfhhrohhmpehmihgtrhhosehfrghsthhmrghilhdrtghomh enucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from [192.168.1.157] (cpe-74-71-80-90.nyc.res.rr.com [74.71.80.90]) by mail.messagingengine.com (Postfix) with ESMTPA id 1629AE4122; Fri, 26 Apr 2019 02:22:57 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Michael Rosenberg In-Reply-To: Date: Fri, 26 Apr 2019 02:22:56 -0400 Cc: Messaging Layer Security WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> To: Richard Barnes X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 06:23:02 -0000 I like this idea, especially because it allows for partial ordering of = GroupStates. One question: could the tree_hash be used instead of an = epoch? The tree_hash... * ...is not "predictable" in that it would require the DS to maintain = state in order to establish an ordering on GroupStates * ...necessarily changes after any GroupOperation is applied to a = GroupState * ...is already built into the GroupState So why not remove epoch entirely? Also, side note: given that the tree hash necessarily changes upon each = update of the transcript, why is transcript_hash necessary anymore? -Michael > On Apr 23, 2019, at 11:03 AM, Richard Barnes wrote: >=20 > Here's a PR: >=20 > https://github.com/mlswg/mls-protocol/pull/152/files >=20 > On Mon, Apr 22, 2019 at 6:52 PM Benjamin Beurdouche = wrote: > +1 >=20 > On Apr 23, 2019, at 12:49 AM, Richard Barnes wrote: >=20 >> True, you could have one unpredictable identifier that identifies = both the group ID and the epoch. I like how that looks on the wire, but = would require a bit more bookkeeping in clients. I might be inclined to = go ahead and land an unpredictable-epoch PR in -05 (since that's a = pretty small change), then look at folding in the group ID later. >> --RLB >>=20 >>=20 >> On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche = wrote: >> Side note before I forget. After merging the common framing, the only = two things potentially remaining in the clear will be the group = identifier and the epoch number (because we need those to pick the group = key necessary to decrypt the sender info). Raphael and I talked about = adopting a similar approach but generating an ephemeral Group Id at the = same time. That could help a bit on the meta data protection side by = making it harder for an adversarial DS to be able to correlate messages = in delivery queues across groups and across epochs. The fact that this = might be useful or not depends a lot on architecture assumptions = though.... >>=20 >> B. >>=20 >> On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: >>=20 >>> Hey all, >>>=20 >>> As I've been working with Benjamin on updating and landing the = common framing PR, I noticed that the epoch is still exposing more = information to the DS than it needs to. =20 >>>=20 >>> Right now, the epoch just increments by one every time the epoch = changes. This lets the DS track epochs statelessly -- it can take any = two messages and see which was before the other, without the need for = any ongoing tracking. >>>=20 >>> However, the epoch only needs to be intelligible to members of the = group, so we could generate epoch values in a way that would only be = intelligible to members. For example [1]: >>>=20 >>> epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], = epoch_[n-1], "epoch", 4) >>>=20 >>> That way, the DS could observe epoch changes, and observe how many = messages were sent within each epoch. But it wouldn't be able to = understand the sequence unless it tracked things all along. >>>=20 >>> A side benefit of this is that it allows the group to have forks in = its history more cleanly, since different forks will have different = epoch numbers. That could allow some softness in the ordering = requirement, as long as the group can eventually figure out which branch = is the right one [2]. >>>=20 >>> Does this seem worthwhile to people? The cost is a few extra = hashes. To me, the completeness/consistency seems like a marginal = benefit, but the clean forking seems pretty convincing. If folks think = this worthwhile, I'm happy to write up a PR. >>>=20 >>> Thanks, >>> --Richard >>>=20 >>>=20 >>> [1] I would probably keep epochs at 4 bytes, because any more seems = wasteful. >>> [2] = http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-Paths= -Jorge-Luis-Borges-1941.pdf >>> _______________________________________________ >>> MLS mailing list >>> MLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mls > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Fri Apr 26 05:29:22 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A45B5120045 for ; Fri, 26 Apr 2019 05:29:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLhX4fAk8zNH for ; Fri, 26 Apr 2019 05:29:17 -0700 (PDT) Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67C4D120091 for ; Fri, 26 Apr 2019 05:29:17 -0700 (PDT) Received: by mail-oi1-x22f.google.com with SMTP id v10so2790260oib.1 for ; Fri, 26 Apr 2019 05:29:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cEBiV01rY8DBvriUVslb6NCquNHNs+GGygBm9O/iXgw=; b=yJC4hb53xIFewMotYXWgHX5kkqOAVBZTi9lW/zpkWRPnpU5JK/L7ncsYyNzZ/AKe8Z 6JVXarq405gkNt2oCcYO8KiTVi4lmpDzS1yrCf+5yWqxAyYfs/+lRJWR/PjlDh8lRzJC zBAzOIVQXK70zTDyVwi9RnqneoQP7+kfkC5z4VsDoLKKNeb7io/Dp2GedRleHzsyg5sd VFTjWqcYRYfNxxdwbAqv/PjXIy6s3NmEv+SSohxOgA461E15u/cVb8CMiJrZZlI6CKll UUkoujS/NWzO+E9MSlTnfbGeY93GVlAf2cHdOt78eQiDxqjb8wDTCoRHDD46mQi3XRFe U5/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cEBiV01rY8DBvriUVslb6NCquNHNs+GGygBm9O/iXgw=; b=dRYWMuVp1s4bhSTkA+Sygs9a200c/gFw/hVUhJ4N8Xh48lV+CEK2ScxEh+Q+ZOXVv9 FlRrYeLpMGPb0XsrXh8WS5a7/jge60EB9NPQBotJa4eWmIHeKQ6VkFQHLpzjCPf2N6Xo +qXTXLnfUj5bngchhNQDJgcRVYI8rc12jZUcC1XPS2eqtqpS7N6/vcFNXULlDhcl8513 2IRyFH6tP+63pQyesTy7+gBD1BzVGlKfvuaIYzMZVvVbpH17rSW+Nbp+dtyPeVsoQets adffBDUUII3UsyKqFwP8vyOiu+eQ1SdyuUJow8/J8h/kTqSqzc39gN5oMY9eYkDTW2Cs Mwgw== X-Gm-Message-State: APjAAAXf6W8qDc78HMJeGztc4WOxaifCsX74sDsUHsiPJRgjfza8EcrQ pm8M7TQif/dTYqeZ43+dRXyH9dKUeneWQuDdo4+xuw== X-Google-Smtp-Source: APXvYqyGrytSw2VnvgvKfJ0BqS21EXiH7ajbgpgT2x9uvgJql85v1mRJGVTje2X9GRx8w5C/n161f/83rxRh2ZfeZfA= X-Received: by 2002:a54:468a:: with SMTP id k10mr6827357oic.36.1556281756300; Fri, 26 Apr 2019 05:29:16 -0700 (PDT) MIME-Version: 1.0 References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> In-Reply-To: From: Richard Barnes Date: Fri, 26 Apr 2019 08:28:50 -0400 Message-ID: To: Michael Rosenberg Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000414ed205876e15f7" Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 12:29:21 -0000 --000000000000414ed205876e15f7 Content-Type: text/plain; charset="UTF-8" Well, I don't think we can get rid of the epoch entirely. For handshake messages, you could maybe get by with the theory that if a message doesn't apply to the single most recent state, then it's no good, so you don't need to explicitly say which state it applies to. But that seems painful, especially if you want to tolerate a degree of partial order / forking history. For application messages, you definitely need it, otherwise you have an issue with application messages being out of order with handshake messages. That said, it does seem like we could maybe steal the epoch from elsewhere and save a few hash invocations. The question is what value we could re-use that wouldn't be leaking information. The tree hash seems bad from that perspective, because it is never transmitted in the clear otherwise. Another option I had pondered was re-using the confirmation MAC value. In any case, as a first effort, it seemed simpler to derive a value for the purpose. W.r.t. the transcript hash - I have the same suspicion you do, but I am waiting for someone with a security proof in hand to tell me it's OK to remove :) On Fri, Apr 26, 2019 at 2:22 AM Michael Rosenberg wrote: > I like this idea, especially because it allows for partial ordering of > GroupStates. One question: could the tree_hash be used instead of an epoch? > The tree_hash... > * ...is not "predictable" in that it would require the DS to maintain > state in order to establish an ordering on GroupStates > * ...necessarily changes after any GroupOperation is applied to a > GroupState > * ...is already built into the GroupState > > So why not remove epoch entirely? > > Also, side note: given that the tree hash necessarily changes upon each > update of the transcript, why is transcript_hash necessary anymore? > > -Michael > > > On Apr 23, 2019, at 11:03 AM, Richard Barnes wrote: > > > > Here's a PR: > > > > https://github.com/mlswg/mls-protocol/pull/152/files > > > > On Mon, Apr 22, 2019 at 6:52 PM Benjamin Beurdouche < > benjamin.beurdouche@inria.fr> wrote: > > +1 > > > > On Apr 23, 2019, at 12:49 AM, Richard Barnes wrote: > > > >> True, you could have one unpredictable identifier that identifies both > the group ID and the epoch. I like how that looks on the wire, but would > require a bit more bookkeeping in clients. I might be inclined to go ahead > and land an unpredictable-epoch PR in -05 (since that's a pretty small > change), then look at folding in the group ID later. > >> --RLB > >> > >> > >> On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche < > benjamin.beurdouche@inria.fr> wrote: > >> Side note before I forget. After merging the common framing, the only > two things potentially remaining in the clear will be the group identifier > and the epoch number (because we need those to pick the group key necessary > to decrypt the sender info). Raphael and I talked about adopting a similar > approach but generating an ephemeral Group Id at the same time. That could > help a bit on the meta data protection side by making it harder for an > adversarial DS to be able to correlate messages in delivery queues across > groups and across epochs. The fact that this might be useful or not depends > a lot on architecture assumptions though.... > >> > >> B. > >> > >> On Apr 23, 2019, at 12:11 AM, Richard Barnes wrote: > >> > >>> Hey all, > >>> > >>> As I've been working with Benjamin on updating and landing the common > framing PR, I noticed that the epoch is still exposing more information to > the DS than it needs to. > >>> > >>> Right now, the epoch just increments by one every time the epoch > changes. This lets the DS track epochs statelessly -- it can take any two > messages and see which was before the other, without the need for any > ongoing tracking. > >>> > >>> However, the epoch only needs to be intelligible to members of the > group, so we could generate epoch values in a way that would only be > intelligible to members. For example [1]: > >>> > >>> epoch_[n] = HKDF-Expand-Label(some_secret_for_epoch_[n], epoch_[n-1], > "epoch", 4) > >>> > >>> That way, the DS could observe epoch changes, and observe how many > messages were sent within each epoch. But it wouldn't be able to > understand the sequence unless it tracked things all along. > >>> > >>> A side benefit of this is that it allows the group to have forks in > its history more cleanly, since different forks will have different epoch > numbers. That could allow some softness in the ordering requirement, as > long as the group can eventually figure out which branch is the right one > [2]. > >>> > >>> Does this seem worthwhile to people? The cost is a few extra hashes. > To me, the completeness/consistency seems like a marginal benefit, but the > clean forking seems pretty convincing. If folks think this worthwhile, I'm > happy to write up a PR. > >>> > >>> Thanks, > >>> --Richard > >>> > >>> > >>> [1] I would probably keep epochs at 4 bytes, because any more seems > wasteful. > >>> [2] > http://mycours.es/gamedesign2012/files/2012/08/The-Garden-of-Forking-Paths-Jorge-Luis-Borges-1941.pdf > >>> _______________________________________________ > >>> MLS mailing list > >>> MLS@ietf.org > >>> https://www.ietf.org/mailman/listinfo/mls > > _______________________________________________ > > MLS mailing list > > MLS@ietf.org > > https://www.ietf.org/mailman/listinfo/mls > > --000000000000414ed205876e15f7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Well, I don't think we can get rid of the epoch e= ntirely.=C2=A0 For handshake messages, you could maybe get by with the theo= ry that if a message doesn't apply to the single most recent state, the= n it's no good, so you don't need to explicitly say which state it = applies to.=C2=A0 But that seems painful, especially if you want to tolerat= e a degree of partial order / forking history.=C2=A0 For application messag= es, you definitely need it, otherwise you have an issue with application me= ssages being out of order with handshake messages.

That said, it does seem like we could maybe steal the epoch from elsewhere= and save a few hash invocations.=C2=A0 The question is what value we could= re-use that wouldn't be leaking information.=C2=A0 The tree hash seems= bad from that perspective, because it is never transmitted in the clear ot= herwise.=C2=A0 Another option I had pondered was re-using the confirmation = MAC value.=C2=A0 In any case, as a first effort, it seemed simpler to deriv= e a value for the purpose.

W.r.t. the transcri= pt hash - I have the same suspicion you do, but I am waiting for someone wi= th a security proof in hand to tell me it's OK to remove :)


On Fri, Apr 26, 2019 at 2:22 AM Michael Rosenberg <micro@fastmail.com> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">I like this idea, especial= ly because it allows for partial ordering of GroupStates. One question: cou= ld the tree_hash be used instead of an epoch? The tree_hash...
=C2=A0 * ...is not "predictable" in that it would require the DS = to maintain state in order to establish an ordering on GroupStates
=C2=A0 * ...necessarily changes after any GroupOperation is applied to a Gr= oupState
=C2=A0 * ...is already built into the GroupState

So why not remove epoch entirely?

Also, side note: given that the tree hash necessarily changes upon each upd= ate of the transcript, why is transcript_hash necessary anymore?

-Michael

> On Apr 23, 2019, at 11:03 AM, Richard Barnes <rlb@ipv.sx> wrote:=
>
> Here's a PR:
>
> https://github.com/mlswg/mls-protocol/pul= l/152/files
>
> On Mon, Apr 22, 2019 at 6:52 PM Benjamin Beurdouche <benjamin.beurdouche@inr= ia.fr> wrote:
> +1
>
> On Apr 23, 2019, at 12:49 AM, Richard Barnes <rlb@ipv.sx> wrote:=
>
>> True, you could have one unpredictable identifier that identifies = both the group ID and the epoch.=C2=A0 I like how that looks on the wire, b= ut would require a bit more bookkeeping in clients.=C2=A0 I might be inclin= ed to go ahead and land an unpredictable-epoch PR in -05 (since that's = a pretty small change), then look at folding in the group ID later.
>> --RLB
>>
>>
>> On Mon, Apr 22, 2019 at 6:42 PM Benjamin Beurdouche <benjamin.beurdouche= @inria.fr> wrote:
>> Side note before I forget. After merging the common framing, the o= nly two things potentially remaining in the clear will be the group identif= ier and the epoch number (because we need those to pick the group key neces= sary to decrypt the sender info). Raphael and I talked about adopting a sim= ilar approach but generating an ephemeral Group Id at the same time. That c= ould help a bit on the meta data protection side by making it harder for an= adversarial DS to be able to correlate messages in delivery queues across = groups and across epochs. The fact that this might be useful or not depends= a lot on architecture assumptions though....
>>
>> B.
>>
>> On Apr 23, 2019, at 12:11 AM, Richard Barnes <rlb@ipv.sx> wr= ote:
>>
>>> Hey all,
>>>
>>> As I've been working with Benjamin on updating and landing= the common framing PR, I noticed that the epoch is still exposing more inf= ormation to the DS than it needs to.=C2=A0
>>>
>>> Right now, the epoch just increments by one every time the epo= ch changes.=C2=A0 This lets the DS track epochs statelessly -- it can take = any two messages and see which was before the other, without the need for a= ny ongoing tracking.
>>>
>>> However, the epoch only needs to be intelligible to members of= the group, so we could generate epoch values in a way that would only be i= ntelligible to members.=C2=A0 For example [1]:
>>>
>>> epoch_[n] =3D HKDF-Expand-Label(some_secret_for_epoch_[n], epo= ch_[n-1], "epoch", 4)
>>>
>>> That way, the DS could observe epoch changes, and observe how = many messages were sent within each epoch.=C2=A0 But it wouldn't be abl= e to understand the sequence unless it tracked things all along.
>>>
>>> A side benefit of this is that it allows the group to have for= ks in its history more cleanly, since different forks will have different e= poch numbers.=C2=A0 That could allow some softness in the ordering requirem= ent, as long as the group can eventually figure out which branch is the rig= ht one [2].
>>>
>>> Does this seem worthwhile to people?=C2=A0 The cost is a few e= xtra hashes.=C2=A0 To me, the completeness/consistency seems like a margina= l benefit, but the clean forking seems pretty convincing.=C2=A0 If folks th= ink this worthwhile, I'm happy to write up a PR.
>>>
>>> Thanks,
>>> --Richard
>>>
>>>
>>> [1] I would probably keep epochs at 4 bytes, because any more = seems wasteful.
>>> [2] http://mycours.es/gamedesign2012/files/2012/08/The-Garden= -of-Forking-Paths-Jorge-Luis-Borges-1941.pdf
>>> _______________________________________________
>>> MLS mailing list
>>> MLS@ietf.org=
>>> https://www.ietf.org/mailman/listinfo/mls<= br> > _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls

--000000000000414ed205876e15f7-- From nobody Fri Apr 26 06:08:22 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BFAF1201D9 for ; Fri, 26 Apr 2019 06:08:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69OjkzKjeI-v for ; Fri, 26 Apr 2019 06:08:18 -0700 (PDT) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE1741201D8 for ; Fri, 26 Apr 2019 06:08:17 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,397,1549926000"; d="scan'208";a="304094947" Received: from 91-165-78-144.subs.proxad.net (HELO [192.168.0.18]) ([91.165.78.144]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2019 15:08:15 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Benjamin Beurdouche In-Reply-To: Date: Fri, 26 Apr 2019 15:08:14 +0200 Cc: Michael Rosenberg , ML Messaging Layer Security Content-Transfer-Encoding: quoted-printable Message-Id: References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> To: Richard Barnes X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 13:08:21 -0000 > On Apr 26, 2019, at 2:28 PM, Richard Barnes wrote: >=20 > Well, I don't think we can get rid of the epoch entirely. For = handshake messages, you could maybe get by with the theory that if a = message doesn't apply to the single most recent state, then it's no = good, so you don't need to explicitly say which state it applies to. = But that seems painful, especially if you want to tolerate a degree of = partial order / forking history. For application messages, you = definitely need it, otherwise you have an issue with application = messages being out of order with handshake messages. >=20 > That said, it does seem like we could maybe steal the epoch from = elsewhere and save a few hash invocations. The question is what value = we could re-use that wouldn't be leaking information. The tree hash = seems bad from that perspective, because it is never transmitted in the = clear otherwise. Another option I had pondered was re-using the = confirmation MAC value. In any case, as a first effort, it seemed = simpler to derive a value for the purpose. >=20 > W.r.t. the transcript hash - I have the same suspicion you do, but I = am waiting for someone with a security proof in hand to tell me it's OK = to remove :) I will do a round of review next week but *from what I remember* about = the proposal, I don=E2=80=99t think you can do that. The transcript hash contains = strictly more information than the tree hash anyway, especially for authentication. I=E2=80=99ll check = when reviewing but if the tree hash doesn=E2=80=99t cover the signatures, for example, then you can=E2=80=99t = replace one by the other. B.= From nobody Fri Apr 26 06:22:14 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8CA120072 for ; Fri, 26 Apr 2019 06:22:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXFDC8Knb6ef for ; Fri, 26 Apr 2019 06:22:11 -0700 (PDT) Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 010F512004B for ; Fri, 26 Apr 2019 06:22:10 -0700 (PDT) Received: by mail-ot1-x331.google.com with SMTP id j10so2640083otq.0 for ; Fri, 26 Apr 2019 06:22:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8AKL/jbUg10rWSrWRwETW+pBmaj8gVQZx2G59MfeYTM=; b=Pw/Lzdn0BCg4bzV1YYMN6xsIUcQes335SYd/zlmdr5y7g9JFP3p6zK2WkdKhaRSmt5 gPRBpkdyFqoRRRZmawnPVB/lU4h1pP5KRWjgKMclWf1IyGQWd5dzmMJjv4UlqDYT56lU 0P7zxZCjjpuNh6sI8wtATK8L18jHsHAodf0EU/7ZerXBFFQfsh/bZNyELNPH0x/Wx86v 6tGLGS702P+Guj4D+5kwCLe9NSFsd69Oe5WN63k1yZVMGpeP1Weuu8R7hzzOtPHaWkWB KNwPF8FlbEptEnezFDE1a5KYSZ3a310sauB5cg397UpjHLuKFf2tqwi3iFao/iHLoaQF W9Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8AKL/jbUg10rWSrWRwETW+pBmaj8gVQZx2G59MfeYTM=; b=UdLEHPGU7PnNnFcp0ANj6+RBw/FUbrgVBhJIu4gY3RJLYCgI/SIT4oMtx8BYjenKGm JObHwS1jIfpqByWKPLB4wB7nAunWNGxz3KnfQQqyHfWeEdPllTi0LaqpRZH18KA3NgRi /jNz8mhMUljWOj2UPGXp4cWH1d2rxA9NxK2mIUs+DO8GEc1zWtMGvtSyCZgyD942BZwN s+O6IEhfVN+SgmTcVBxdG6RTAWH1g32oe5tGBs+YOwnVJJRj6PtC8cf1gBCAQ2uIkUPx N269nSKpaMNf1ASsgqJ3qWLNq0VoA9EYY7dR7M3cV5BUG3GpLofVpLr3l86L1/PGwyut mbCw== X-Gm-Message-State: APjAAAWU7Gjt6VWxw5VvbcUw4ejX0jRbu8lL16026wkTZZvfgAtEaSE1 R9l6WxvhV1IJLNuZb+DN0VFVoeG/7ncaykaFLEyy3g== X-Google-Smtp-Source: APXvYqz7Y5CNFhM3YSXl8ch6XfwOQijvfgECDRfXciYUNp806TfKVimK31Y4h2frC6s3ryNnTdWCXdlip1mWFyvNViY= X-Received: by 2002:a9d:4d07:: with SMTP id n7mr16339003otf.162.1556284930244; Fri, 26 Apr 2019 06:22:10 -0700 (PDT) MIME-Version: 1.0 References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> In-Reply-To: From: Richard Barnes Date: Fri, 26 Apr 2019 09:21:45 -0400 Message-ID: To: Benjamin Beurdouche Cc: Michael Rosenberg , ML Messaging Layer Security Content-Type: multipart/alternative; boundary="0000000000006fdbc605876ed25b" Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 13:22:14 -0000 --0000000000006fdbc605876ed25b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Apr 26, 2019 at 9:08 AM Benjamin Beurdouche < benjamin.beurdouche@inria.fr> wrote: > > > > On Apr 26, 2019, at 2:28 PM, Richard Barnes wrote: > > > > Well, I don't think we can get rid of the epoch entirely. For handshak= e > messages, you could maybe get by with the theory that if a message doesn'= t > apply to the single most recent state, then it's no good, so you don't ne= ed > to explicitly say which state it applies to. But that seems painful, > especially if you want to tolerate a degree of partial order / forking > history. For application messages, you definitely need it, otherwise you > have an issue with application messages being out of order with handshake > messages. > > > > That said, it does seem like we could maybe steal the epoch from > elsewhere and save a few hash invocations. The question is what value we > could re-use that wouldn't be leaking information. The tree hash seems b= ad > from that perspective, because it is never transmitted in the clear > otherwise. Another option I had pondered was re-using the confirmation M= AC > value. In any case, as a first effort, it seemed simpler to derive a val= ue > for the purpose. > > > > W.r.t. the transcript hash - I have the same suspicion you do, but I am > waiting for someone with a security proof in hand to tell me it's OK to > remove :) > > I will do a round of review next week but *from what I remember* about th= e > proposal, > I don=E2=80=99t think you can do that. The transcript hash contains stric= tly more > information than > the tree hash anyway, especially for authentication. I=E2=80=99ll check w= hen > reviewing but if the tree hash > doesn=E2=80=99t cover the signatures, for example, then you can=E2=80=99t= replace one by > the other. > We might have a problem in any case, then, since the transcript hash doesn't cover the signatures either. --Richard > > B. --0000000000006fdbc605876ed25b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Apr 26, 2019 at 9:08 AM Benja= min Beurdouche <benjamin= .beurdouche@inria.fr> wrote:


> On Apr 26, 2019, at 2:28 PM, Richard Barnes <rlb@ipv.sx> wrote:<= br> >
> Well, I don't think we can get rid of the epoch entirely.=C2=A0 Fo= r handshake messages, you could maybe get by with the theory that if a mess= age doesn't apply to the single most recent state, then it's no goo= d, so you don't need to explicitly say which state it applies to.=C2=A0= But that seems painful, especially if you want to tolerate a degree of par= tial order / forking history.=C2=A0 For application messages, you definitel= y need it, otherwise you have an issue with application messages being out = of order with handshake messages.
>
> That said, it does seem like we could maybe steal the epoch from elsew= here and save a few hash invocations.=C2=A0 The question is what value we c= ould re-use that wouldn't be leaking information.=C2=A0 The tree hash s= eems bad from that perspective, because it is never transmitted in the clea= r otherwise.=C2=A0 Another option I had pondered was re-using the confirmat= ion MAC value.=C2=A0 In any case, as a first effort, it seemed simpler to d= erive a value for the purpose.
>
> W.r.t. the transcript hash - I have the same suspicion you do, but I a= m waiting for someone with a security proof in hand to tell me it's OK = to remove :)

I will do a round of review next week but *from what I remember* about the = proposal,
I don=E2=80=99t think you can do that. The transcript hash contains strictl= y more information than
the tree hash anyway, especially for authentication. I=E2=80=99ll check whe= n reviewing but if the tree hash
doesn=E2=80=99t cover the signatures, for example, then you can=E2=80=99t r= eplace one by the other.

We might have = a problem in any case, then, since the transcript hash doesn't cover th= e signatures either.

--Richard
=C2= =A0

B.
--0000000000006fdbc605876ed25b-- From nobody Fri Apr 26 07:10:26 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6C012047F for ; Fri, 26 Apr 2019 07:10:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YEa3eHc7qob for ; Fri, 26 Apr 2019 07:10:12 -0700 (PDT) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE8B120481 for ; Fri, 26 Apr 2019 07:10:11 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,397,1549926000"; d="scan'208,217";a="304103179" Received: from 91-165-78-144.subs.proxad.net (HELO [192.168.0.18]) ([91.165.78.144]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2019 16:10:09 +0200 From: Benjamin Beurdouche Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_2A909498-B7AA-47F7-9E63-B3151E4ECADB" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Date: Fri, 26 Apr 2019 16:10:08 +0200 In-Reply-To: Cc: ML Messaging Layer Security To: Richard Barnes References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 14:10:25 -0000 --Apple-Mail=_2A909498-B7AA-47F7-9E63-B3151E4ECADB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Apr 26, 2019, at 3:21 PM, Richard Barnes wrote: >=20 > We might have a problem in any case, then, since the transcript hash = doesn't cover the signatures either. >=20 Ok, there might be an issue then, I am quite sure that it was covered at = some point, so it might have been lost. The slight difference with TLS is = that some messages can be discarded from processing = (add_send/receive_current_member or add_send/receive_new_member) while I expect that all of the messages = must somehow be contributed to the transcript-hash to provide the strongest = authentication properties. I=E2=80=99ll have a look into this... B.= --Apple-Mail=_2A909498-B7AA-47F7-9E63-B3151E4ECADB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On Apr 26, 2019, at 3:21 PM, Richard Barnes <rlb@ipv.sx> wrote:

We = might have a problem in any case, then, since the transcript hash = doesn't cover the signatures either.


Ok, there might be an issue then, I am quite = sure that it was covered at some
point, so it might = have been lost. The slight difference with TLS is that some
messages can be discarded from processing = (add_send/receive_current_member
or = add_send/receive_new_member) while I expect that all of the messages = must
somehow be contributed to the transcript-hash = to provide the strongest authentication
properties. = I=E2=80=99ll have a look into this...

B.
= --Apple-Mail=_2A909498-B7AA-47F7-9E63-B3151E4ECADB-- From nobody Fri Apr 26 12:27:00 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A2CE12011D for ; Fri, 26 Apr 2019 12:26:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=callas.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ayMyPsIH1XJv for ; Fri, 26 Apr 2019 12:26:57 -0700 (PDT) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ADEC12012E for ; Fri, 26 Apr 2019 12:26:57 -0700 (PDT) Received: by mail-qk1-x736.google.com with SMTP id w20so2562454qka.7 for ; Fri, 26 Apr 2019 12:26:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=callas.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vkfZhidVX4o4X5Z4Zz8OB11kfXJizeIVKREP4gQo7ms=; b=bXpiC1sa7/tQKnyVfSNo+Gn7djCduh10UlDmEsgdFRvnntsWBLsoiZUmnlyNPUCvmT 4NtObktuKe+gR1+m7hnZHY+cwQoP45VBNi51GCJd7V4oOjDC8Eo0xHWrpRaZeqiyLhj3 sI2dtqNmHDJTnx4ye21xL6s4Ggc+G7hCYxUUcmWTR9pmJOACzqDv3X6/v5vnCg59TajG T5Y8IDzWzdImvV38He0TVSKehlGN+zK9KmCZyAQobq4fHX/CKbZCZ6FtTnD++Sp/tHGE 9hBF9llbBLXCgFIcC9pDeERdlOeknhHxtDCrQck6QW2fNF0K1fRiZx9qaS6xBua16QDg pLqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vkfZhidVX4o4X5Z4Zz8OB11kfXJizeIVKREP4gQo7ms=; b=eDvAW5HlnjWF8nuvdteY+kj5ksbzIsGiR08WPc5ULaF8sD58WV8sZ1e2CgAyjr0IHd efv74PgzaZn1g9vq/lWtEC0h4Se5vXr2ETIidgqoXazedAL97QxmDdsFZmQAaVNu7xLL a3TKalbrwko+zDVzXLf2oiG8e00ct4bjtbftsan5QqmZ4a6Wg5oTSPe4pTFIdzZnHWkP vU4pHhtN+Q+hN3cdq+qzSyYsprA1pPiipzOtpThu6Kcf+Iq31DoAzKRoPtXcA0puz6Gj Cwjm9/KsXmrEfqmqCt/feOpGUBsINA/pAlWfOewuWtr+bIFtwhK1fK/AKLWwsjRMEsME Yzfg== X-Gm-Message-State: APjAAAWblSK5+TXKy6DEGOji4EaH4iW5RxuShZQMV5NnLQi0x1xecYDo Z3cJ3SN/CkgplRqcG1U/om3Y6Q== X-Google-Smtp-Source: APXvYqx6gUWxG1o+NBQaruzrjpdr5AOdEeFMrH0vbrFbZeALOLnxKcK6NgVsgHiFaUs9IJJkb/7sEA== X-Received: by 2002:a37:4896:: with SMTP id v144mr35191012qka.194.1556306816709; Fri, 26 Apr 2019 12:26:56 -0700 (PDT) Received: from [10.137.13.58] ([45.56.171.31]) by smtp.gmail.com with ESMTPSA id i123sm9006218qkf.9.2019.04.26.12.26.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Apr 2019 12:26:55 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) From: Jon Callas In-Reply-To: Date: Fri, 26 Apr 2019 15:26:54 -0400 Cc: Jon Callas , Richard Barnes , Messaging Layer Security WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> To: Michael Rosenberg X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 19:26:59 -0000 > On Apr 26, 2019, at 2:22 AM, Michael Rosenberg = wrote: >=20 > So why not remove epoch entirely? An epoch lets you deal with things happening neither too often nor not = often enough. Presume there is a client that is either malicious or just = stupid. You want to keep it from forcing a rekey every 100=C2=B5s. You = want to force a rekey every so often. Hence epochs. Yeah, picking the = right epoch size is an exercise left to the reader. Jon From nobody Fri Apr 26 13:18:18 2019 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5556512051D for ; Fri, 26 Apr 2019 13:18:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQz4qEfQIMs0 for ; Fri, 26 Apr 2019 13:18:14 -0700 (PDT) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3B51205D4 for ; Fri, 26 Apr 2019 13:18:13 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.60,398,1549926000"; d="scan'208";a="304131690" Received: from 91-165-78-144.subs.proxad.net (HELO [192.168.0.15]) ([91.165.78.144]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2019 22:18:11 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) From: Benjamin Beurdouche X-Mailer: iPhone Mail (16E227) In-Reply-To: Date: Fri, 26 Apr 2019 22:18:10 +0200 Cc: Michael Rosenberg , Richard Barnes , Messaging Layer Security WG Content-Transfer-Encoding: quoted-printable Message-Id: <80ABB08C-AEE6-4E94-A972-4983E12241B6@inria.fr> References: <2D195D14-9F9A-4D64-92EF-35C601C52C01@inria.fr> To: Jon Callas Archived-At: Subject: Re: [MLS] Unpredictable epochs? X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Apr 2019 20:18:17 -0000 > On Apr 26, 2019, at 9:26 PM, Jon Callas wrote: >=20 >> On Apr 26, 2019, at 2:22 AM, Michael Rosenberg wrote= : >>=20 >> So why not remove epoch entirely? >=20 > An epoch lets you deal with things happening neither too often nor not oft= en enough. Presume there is a client that is either malicious or just stupid= . You want to keep it from forcing a rekey every 100=C2=B5s. You want to for= ce a rekey every so often. Hence epochs. Yeah, picking the right epoch size i= s an exercise left to the reader. You can=E2=80=99t use the epoch number for that as it is just global counter= for group operations, we will have to keep track of the latest group operat= ion =E2=80=9Ctimestamp=E2=80=9D for each member within the group state to ch= eck =E2=80=9Cupdate frequency=E2=80=9D and handle some of the situations you= described. Btw in the TreeKEM formal spec I use a 64 bit unsigned integer, and I feel l= ike having more than 2^32 group operations over the lifetime of a group is n= ot unrealistic in certain extreme use cases, especially with large groups fo= rcing PCS for application messages by triggering an update after each app me= ssage... We could remove the epoch number if we really want but it is necessary to gi= ve the Delivery Service some ordering information (unpredictable or not is a= n interesting question) to handle concurrent handshake messages which is, I b= elieve, the main current goal of that information. Benjamin=