From msec-admin@securemulticast.org  Fri Feb  1 11:34:57 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02428
	for <msec-archive@lists.ietf.org>; Fri, 1 Feb 2002 11:34:56 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 1AE4C53653; Fri,  1 Feb 2002 11:34:29 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id EBED653910
	for <msec@lists.securemulticast.org>; Wed, 30 Jan 2002 11:13:29 -0500 (EST)
Received: (qmail 87908 invoked by uid 3269); 30 Jan 2002 16:13:28 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 87904 invoked from network); 30 Jan 2002 16:13:28 -0000
Received: from chmls06.ne.ipsvc.net (HELO chmls06.mediaone.net) (24.147.1.144)
  by klesh.pair.com with SMTP; 30 Jan 2002 16:13:28 -0000
Received: from THARDJONO-LAP.mediaone.net (dca6-tgn-zua-vty40.as.wcom.net [216.193.54.40])
	by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id g0UGEKr03985
	for <msec@securemulticast.org>; Wed, 30 Jan 2002 11:14:20 -0500 (EST)
Message-Id: <5.0.0.25.2.20020130105623.0191dec0@10.25.1.45>
X-Sender: thardjono@pop.ne.mediaone.net
X-Mailer: QUALCOMM Windows Eudora Version 5.0
To: msec@securemulticast.org
From: Euchner Martin ICN M SR 3 <Martin.Euchner@icn.siemens.de>(by way of Thomas Hardjono <thardjono@mediaone.net>)
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=====================_3339902==_"
Subject: [MSEC] FW: new draft draft-euchner-MIKEY-DHHMAC-00.txt
 "HMAC-authenticat ed Diffie-Hellman for MIKEY"
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Wed, 30 Jan 2002 10:57:19 -0500

--=====================_3339902==_
Content-Type: text/plain; charset="us-ascii"; format=flowed




-----Original Message-----
-From: 	Euchner Martin  ICN M SR 3
Sent:	Monday, January 28, 2002 10:36 AM
To:	'Thomas Hardjono'; Euchner Martin  ICN M SR 3
Subject:	new draft draft-euchner-MIKEY-DHHMAC-00.txt
"HMAC-authenticated Diffie-Hellman for MIKEY"
Thomas,

as indicated at the past IETF MSEC WG meeting, I see reasons for a fourth
key management protocol variant in MIKEY. Please find attached my
corresponding Internet Draft with a proposed specification of such a scheme.
However, before submitting my ID to the IETF secretariat, I would like to
consult with you how to best handle this issue.
Please let me hear your advice on whether to make this an MSEC WG draft or
keep it as an individual draft for the time being? Of course, I appreciate
any other feedback as well.

  <<draft-euchner-MIKEY-DHHMAC-00.txt>>

With kind regards

Martin Euchner.
-----------------------------------------------------------------------
| Dipl.-Inf.                     Phone: +49 89 722 55790
| Martin Euchner                 Fax  : +49 89 722 47713
| Siemens AG
| ICN M SR 3                     mailto:Martin.Euchner@icn.siemens.de
|                                mailto:martin.euchner@ties.itu.int
| Hofmannstr. 51                 Intranet:
http://intranet.icn.siemens.de/marketing/sr/pages/122/122_euchner.htm
| D-81359 Muenchen               Internet: http://www.siemens.de/
| __________________
| Germany
-----------------------------------------------------------------------

-----Original Message-----
-From: 	Thomas Hardjono [mailto:thardjono@mediaone.net]
Sent:	Monday, January 14, 2002 11:19 PM
To:	Euchner Martin  ICN M SR 3
Subject:	RE: [MSEC] Draft of minutes from IETF52 Salt Lake City

Thanks Martin.
cheers,
thomas
------

At 1/14/2002||10:43 AM, you wrote:
 >Thomas,
 >
 >In your meeting report you mentioned the following statement:
 >
 >Another person (?) mentioned that he has a fourth key establishment scheme
 >in mind.  Will write an I-D and post to the mailing list.
 >
 >
 >Actually, it was me myself who made that true statement. Thus, you can
 >frankly substitute my name there.
 >
 >To be honest, I had not yet time to start writing such an ID as desired,
but
 >I hope, I will find some time and be productive until the next meeting.
 >Watch out"
 >
 >With kind regards
 >
 >Martin Euchner.
 >-----------------------------------------------------------------------
 >| Dipl.-Inf.                     Phone: +49 89 722 55790
 >| Martin Euchner                 Fax  : +49 89 722 47713
 >| Siemens AG
 >| ICN M SR 3                     mailto:Martin.Euchner@icn.siemens.de
 >|                                mailto:martin.euchner@ties.itu.int
 >| Hofmannstr. 51                 Intranet:
 >http://intranet.icn.siemens.de/marketing/sr/pages/122/122_euchner.htm
 >| D-81359 Muenchen               Internet: http://www.siemens.de/
 >| __________________
 >| Germany
 >-----------------------------------------------------------------------
 >
 >  -----Original Message-----
 >From:   Thomas Hardjono [mailto:thardjono@mediaone.net]
 >Sent:   Friday, January 11, 2002 11:42 PM
 >To:     msec@securemulticast.org
 >Cc:     canetti@watson.ibm.com
 >Subject:        [MSEC] Draft of minutes from IETF52 Salt Lake City
 >
 >  << File: msec52_minutes-draft1.txt >>
 >Folks,
 >
 >Attached is the draft of the minutes from the MSEC WG meeting
 >at IETF52 in Salt Lake City.
 >
 >My apologies for being late.
 >
 >Please look at it and comment a.s.a.p.  This was my effort at merging
 >the two pieces of the minutes (Thanks to Dennis and Lakshminath for
 >consecutively taking the minutes).
 >
 >If there are no major objections I might try to include it with the slides
 >for submission to the formal IETF52 Proceedings (deadline Jan/14).
 >
 >All the slides are now on the website, and only this minutes-file
 >is missing/late.
 >
 >cheers,
 >
 >thomas
 >------


--=====================_3339902==_
Content-Type: text/plain; name="draft-euchner-MIKEY-DHHMAC-001.txt";
 x-mac-type="42494E41"; x-mac-creator="74747874"
Content-Disposition: attachment; filename="draft-euchner-MIKEY-DHHMAC-001.txt"
Content-Transfer-Encoding: base64

DQoNCiAgICAgICAgICAgICAgICAgICAgSW50ZXJuZXQgRW5naW5lZXJpbmcgVGFzayBGb3JjZSAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNLiBFdWNobmVyIA0KICAgICAgICAgICAgICAg
ICAgICBJbnRlcm5ldCBEcmFmdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIFNpZW1lbnMgQUcgDQogICAgICAgICAgICAgICAgICAgIEV4cGlyZXM6IEp1bHkg
MjAwMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgSmFudWFyeSAyMDAyIA0KICAgICAgICAgICAgICAg
ICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMtYXV0aGVudGlj
YXRlZCBEaWZmaWUtSGVsbG1hbiBmb3IgTUlLRVkgDQogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAoZHJhZnQtZXVjaG5lci1NSUtFWS1ESEhNQUMtMDAudHh0KSANCiAgICAg
ICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAg
ICAgICANCiAgICAgICAgICAgICAgICAgICAgU3RhdHVzIG9mIHRoaXMgbWVtbyANCiAgICAgICAg
ICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIFRoaXMgZG9jdW1lbnQgaXMg
YW4gSW50ZXJuZXQtRHJhZnQgYW5kIGlzIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCANCiAgICAg
ICAgICAgICAgICAgICAgICAgICBhbGwgcHJvdmlzaW9ucyBvZiBTZWN0aW9uIDEwIG9mIFJGQzIw
MjYuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgSW50
ZXJuZXQtRHJhZnRzIGFyZSB3b3JraW5nIGRvY3VtZW50cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5l
ZXJpbmcgDQogICAgICAgICAgICAgICAgICAgICAgICAgVGFzayBGb3JjZSAoSUVURiksIGl0cyBh
cmVhcywgYW5kIGl0cyB3b3JraW5nIGdyb3Vwcy4gIE5vdGUgdGhhdCANCiAgICAgICAgICAgICAg
ICAgICAgICAgICBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZSB3b3JraW5nIGRvY3Vt
ZW50cyBhcyBJbnRlcm5ldCANCiAgICAgICAgICAgICAgICAgICAgICAgICBEcmFmdHMuIA0KICAg
ICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgSW50ZXJuZXQtRHJh
ZnRzIGFyZSBkcmFmdCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggDQogICAg
ICAgICAgICAgICAgICAgICAgICAgbW9udGhzIGFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQs
IG9yIG9ic29sZXRlZCBieSBvdGhlciANCiAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVu
dHMgYXQgYW55IHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFm
dHMgDQogICAgICAgICAgICAgICAgICAgICAgICAgYXMgcmVmZXJlbmNlIG1hdGVyaWFsIG9yIHRv
IGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3b3JrIGluIA0KICAgICAgICAgICAgICAgICAgICAg
ICAgIHByb2dyZXNzLiIgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAg
ICAgICAgICBUaGUgbGlzdCBvZiBjdXJyZW50IEludGVybmV0LURyYWZ0cyBjYW4gYmUgYWNjZXNz
ZWQgYXQgDQogICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5pZXRmLm9yZy9pZXRm
LzFpZC1hYnN0cmFjdHMudHh0IA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAg
ICAgICAgICAgICAgICAgICBUaGUgbGlzdCBvZiBJbnRlcm5ldC1EcmFmdCBTaGFkb3cgRGlyZWN0
b3JpZXMgY2FuIGJlIGFjY2Vzc2VkIGF0IA0KICAgICAgICAgICAgICAgICAgICAgICAgIGh0dHA6
Ly93d3cuaWV0Zi5vcmcvc2hhZG93Lmh0bWwuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAg
ICAgICAgICAgICAgICAgICAgICAgVGhlIGRpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5s
aW1pdGVkLiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAg
ICAgICAgQ29tbWVudHMgc2hvdWxkIGJlIHNlbnQgdG8gdGhlIE1TRUMgV0cgbWFpbGluZyBsaXN0
IGF0IA0KICAgICAgICAgICAgICAgICAgICAgICAgIG1zZWNAc2VjdXJlbXVsdGljYXN0Lm9yZyBh
bmQgdG8gdGhlIGF1dGhvci4gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAg
ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIEFic3Ry
YWN0IA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgVGhp
cyBkb2N1bWVudCBkZXNjcmliZXMgYSBrZXkgbWFuYWdlbWVudCBwcm90b2NvbCB2YXJpYW50IGZv
ciB0aGUgDQogICAgICAgICAgICAgICAgICAgICAgICAgbXVsdGltZWRpYSBJbnRlcm5ldCBrZXlp
bmcgKE1JS0VZKS4gSW4gcGFydGljdWxhciwgdGhlIGNsYXNzaWMgDQogICAgICAgICAgICAgICAg
ICAgICAgICAgRGlmZmllLUhlbGxtYW4ga2V5IGFncmVlbWVudCBwcm90b2NvbCBpcyB1c2VkIGZv
ciBrZXkgDQogICAgICAgICAgICAgICAgICAgICAgICAgZXN0YWJsaXNobWVudCBpbiBjb25qdW5j
dGlvbiB3aXRoIGEga2V5ZWQgaGFzaCAoSE1BQy1TSEExKSBmb3IgDQogICAgICAgICAgICAgICAg
ICAgICAgICAgYWNoaWV2aW5nIG11dHVhbCBhdXRoZW50aWNhdGlvbiBhbmQgbWVzc2FnZSBpbnRl
Z3JpdHkgb2YgdGhlIGtleSANCiAgICAgICAgICAgICAgICAgICAgICAgICBtYW5hZ2VtZW50IG1l
c3NhZ2VzIGV4Y2hhbmdlZC4gVGhpcyBNSUtFWSB2YXJpYW50IGlzIGNhbGxlZCB0aGUgDQogICAg
ICAgICAgICAgICAgICAgICAgICAgSE1BQy1hdXRoZW50aWNhdGVkIERpZmZpZS1IZWxsbWFubi4g
SXQgYWRkcmVzc2VzIHRoZSByZWFsLXRpbWUgDQogICAgICAgICAgICAgICAgICAgICAgICAgYXNw
ZWN0cyBvZiBtdWx0aW1lZGlhIGtleSBtYW5hZ2VtZW50IGluIE1JS0VZLiANCiAgICAgICAgICAg
ICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAN
CiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAg
ICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgTWFydGluIEV1Y2huZXIgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBbUGFnZSAxXSAKDA0KICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgSE1BQy1hdXRoZW50aWNhdGVkIERpZmZpZS1IZWxs
bWFuIGZvciBNSUtFWSBKYW51YXJ5IDIwMDIgDQoNCiAgICAgICAgICAgICAgICAgICAgVGFibGUg
b2YgQ29udGVudHMgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAg
MS4gICBJbnRyb2R1Y3Rpb24uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4yIA0K
ICAgICAgICAgICAgICAgICAgICAxLjEuIE5vdGF0aW9uYWwgQ29udmVudGlvbnMuLi4uLi4uLi4u
Li4uLi4uLi4uLi4uLi4uLjMgDQogICAgICAgICAgICAgICAgICAgIDEuMi4gRGVmaW5pdGlvbnMu
Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uNCANCiAgICAgICAgICAgICAgICAg
ICAgMS4zLiBBYmJyZXZpYXRpb25zLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi40
IA0KICAgICAgICAgICAgICAgICAgICAyLiAgIFNjZW5hcmlvLi4uLi4uLi4uLi4uLi4uLi4uLi4u
Li4uLi4uLi4uLi4uLi4uLi4uLjQgDQogICAgICAgICAgICAgICAgICAgIDIuMS4gREgtSE1BQyBT
ZWN1cml0eSBQcm90b2NvbC4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uNSANCiAgICAgICAgICAgICAg
ICAgICAgMy4gICBESC1ITUFDIHBheWxvYWQgZm9ybWF0cy4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u
Li42IA0KICAgICAgICAgICAgICAgICAgICAzLjEuIENvbW1vbiBoZWFkZXIgcGF5bG9hZC4uLi4u
Li4uLi4uLi4uLi4uLi4uLi4uLi4uLjYgDQogICAgICAgICAgICAgICAgICAgIDMuMi4gREgtSE1B
QyBkYXRhIHBheWxvYWQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uNiANCiAgICAgICAgICAg
ICAgICAgICAgMy4zLiBITUFDIHBheWxvYWQuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u
Li4uLi42IA0KICAgICAgICAgICAgICAgICAgICA0LiAgIFNlY3VyaXR5IENvbnNpZGVyYXRpb25z
Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLjggDQogICAgICAgICAgICAgICAgICAgIDUuICAgQWNr
bm93bGVkZ2VtZW50cy4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uOSANCiAgICAgICAg
ICAgICAgICAgICAgNi4gICBJbnRlbGxlY3R1YWwgUHJvcGVydHkgUmlnaHRzLi4uLi4uLi4uLi4u
Li4uLi4uLi45IA0KICAgICAgICAgICAgICAgICAgICA3LiAgIE5vcm1hdGl2ZSBSZWZlcmVuY2Vz
Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLjkgDQogICAgICAgICAgICAgICAgICAgIDguICAg
SW5mb3JtYXRpdmUgUmVmZXJlbmNlcy4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4xMCANCiAgICAg
ICAgICAgICAgICAgICAgOS4gICBBdXRob3IncyBBZGRyZXNzLi4uLi4uLi4uLi4uLi4uLi4uLi4u
Li4uLi4uLi4uLjEwIA0KICAgICAgICAgICAgICAgICAgICAxMC4gIEV4cGlyYXRpb24gRGF0ZS4u
Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uMTAgDQogICAgICAgICAgICAgICAgICAgICAN
CiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAxLiBJbnRyb2R1Y3Rp
b24gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgQXMgcG9p
bnRlZCBvdXQgaW4gTUlLRVkgKHNlZSBbMV0pLCBzZWN1cmUgcmVhbC10aW1lIG11bHRpbWVkaWEg
DQogICAgICAgICAgICAgICAgICAgICAgIGFwcGxpY2F0aW9ucyBkZW1hbmQgYSBwYXJ0aWN1bGFy
IGFkZXF1YXRlIGtleSBtYW5hZ2VtZW50IHNjaGVtZSB0aGF0IA0KICAgICAgICAgICAgICAgICAg
ICAgICBjYXJlcyBmb3IgaG93IHRvIHNlY3VyZWx5IGFuZCBlZmZpY2llbnRseSBlc3RhYmxpc2gg
ZHluYW1pYyBzZXNzaW9uIA0KICAgICAgICAgICAgICAgICAgICAgICBrZXlzIGluIGEgY29udmVy
c2F0aW9uYWwgbXVsdGltZWRpYSBzY2VuYXJpby4gDQogICAgICAgICAgICAgICAgICAgICAgICAN
CiAgICAgICAgICAgICAgICAgICAgICAgSW4gZ2VuZXJhbCwgTUlLRVkgc2NlbmFyaW9zIGNvdmVy
IHBlZXItdG8tcGVlciwgc2ltcGxlLW9uZS10by1tYW55IA0KICAgICAgICAgICAgICAgICAgICAg
ICBhbmQgc21hbGwtc2l6ZWQgZ3JvdXBzLiBNSUtFWSBpbiBwYXJ0aWN1bGFyLCBkZXNjcmliZXMg
dGhyZWUga2V5IA0KICAgICAgICAgICAgICAgICAgICAgICBtYW5hZ2VtZW50IHNjaGVtZXMgZm9y
IHRoZSBwZWVyLXRvLXBlZXIgY2FzZSB0aGF0IGFsbCBmaW5pc2ggdGhlaXIgDQogICAgICAgICAg
ICAgICAgICAgICAgIHRhc2sgd2l0aGluIG9uZSByb3VuZCB0cmlwOiANCiAgICAgICAgICAgICAg
ICAgICAgICAgICAtICAgIGEgc3ltbWV0cmljIGtleSBkaXN0cmlidXRpb24gcHJvdG9jb2wgYmFz
ZWQgdXBvbiBwcmUtc2hhcmVkIA0KICAgICAgICAgICAgICAgICAgICAgICAgIG1hc3RlciBrZXlz
OyANCiAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAg
LSAgICBhIHB1YmxpYy1rZXkgZW5jcnlwdGlvbi1iYXNlZCBrZXkgZGlzdHJpYnV0aW9uIHByb3Rv
Y29sIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGFzc3VtaW5nIGEgcHVibGljLWtleSBpbmZy
YXN0cnVjdHVyZSB3aXRoIFJTQS1iYXNlZCBwcml2YXRlL3B1YmxpYyANCiAgICAgICAgICAgICAg
ICAgICAgICAgICBrZXlzIGFuZCBkaWdpdGFsIGNlcnRpZmljYXRlczsgDQogICAgICAgICAgICAg
ICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIC0gICAgYW5kIGEgRGlmZmll
LUhlbGxtYW4ga2V5IGFncmVlbWVudCBwcm90b2NvbCBkZXBsb3lpbmcgZGlnaXRhbCANCiAgICAg
ICAgICAgICAgICAgICAgICAgICBzaWduYXR1cmVzIGFuZCBjZXJ0aWZpY2F0ZXMuIA0KICAgICAg
ICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAg
ICAgICAgQWxsIHRoZXNlIHRocmVlIGtleSBtYW5hZ2VtZW50IHByb3RvY29scyBhcmUgZGVzaWdu
ZWQgc3VjaCB0aGF0IHRoZXkgDQogICAgICAgICAgICAgICAgICAgICAgIGNvbXBsZXRlIHRoZWly
IHdvcmsgd2l0aGluIGp1c3Qgb25lIHJvdW5kIHRyaXAuIFRoaXMgcmVxdWlyZXMgDQogICAgICAg
ICAgICAgICAgICAgICAgIGRlcGVuZGluZyBvbiBsb29zZWx5IHN5bmNocm9uaXplZCBjbG9ja3Mg
YW5kIGRlcGxveWluZyB0aW1lc3RhbXBzIA0KICAgICAgICAgICAgICAgICAgICAgICB3aXRoaW4g
dGhlIGtleSBtYW5hZ2VtZW50IHByb3RvY29scy4gDQogICAgICAgICAgICAgICAgICAgICAgICAN
CiAgICAgICAgICAgICAgICAgICAgICAgSG93ZXZlciwgaXQgaXMga25vd24gWzRdIHRoYXQgZWFj
aCBvZiB0aGUgdGhyZWUga2V5IG1hbmFnZW1lbnQgDQogICAgICAgICAgICAgICAgICAgICAgIHNj
aGVtZXMgaGFzIGl0cyBzdWJ0bGUgY29uc3RyYWludHMgYW5kIGxpbWl0YXRpb25zOiANCiAgICAg
ICAgICAgICAgICAgICAgICAgICAtICAgIFRoZSBzeW1tZXRyaWMga2V5IGRpc3RyaWJ1dGlvbiBw
cm90b2NvbCBpcyBzaW1wbGUgdG8gDQogICAgICAgICAgICAgICAgICAgICAgICAgaW1wbGVtZW50
IGJ1dCBkb2VzIG5vdCBuaWNlbHkgc2NhbGUgaW4gYW55IGxhcmdlciBjb25maWd1cmF0aW9uIG9m
IA0KICAgICAgICAgICAgICAgICAgICAgICAgIHBvdGVudGlhbCBwZWVyIGVudGl0aWVzIGR1ZSB0
byB0aGUgbmVlZCBvZiBtdXR1YWxseSBwcmUtYXNzaWduZWQgDQogICAgICAgICAgICAgICAgICAg
ICAgICAgc2hhcmVkIG1hc3RlciBzZWNyZXRzLiANCiAgICAgICAgICAgICAgICAgICAgIA0KICAg
ICAgICAgICAgICAgICAgICBFdWNobmVyICAgICAgICAgICAgICAgICAgIEV4cGlyYXRpb246IDcv
MjAwMiAgICAgICAgICAgICAgICAgIFtQYWdlIDJdIAoMDQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBITUFDLWF1dGhlbnRpY2F0ZWQgRGlmZmllLUhlbGxtYW4gZm9yIE1JS0VZIEph
bnVhcnkgMjAwMiANCg0KICAgICAgICAgICAgICAgICAgICAgICAgIE1vcmVvdmVyLCB0aGUgc2Vj
dXJpdHkgcHJvdmlkZWQgZG9lcyBub3QgYWNoaWV2ZSB0aGUgcHJvcGVydHkgb2YgDQogICAgICAg
ICAgICAgICAgICAgICAgICAgcGVyZmVjdCBmb3J3YXJkIHNlY3JlY3k7IGkuZS4gY29tcHJvbWlz
ZSBvZiB0aGUgc2hhcmVkIG1hc3RlciANCiAgICAgICAgICAgICAgICAgICAgICAgICBzZWNyZXQg
d291bGQgcmVuZGVyIHBhc3QgYW5kIGV2ZW4gZnV0dXJlIHNlc3Npb24ga2V5cyBzdXNjZXB0aWJs
ZSANCiAgICAgICAgICAgICAgICAgICAgICAgICB0byBjb21wcm9taXNlLiANCiAgICAgICAgICAg
ICAgICAgICAgICAgICBGdXJ0aGVyLCB0aGUgZ2VuZXJhdGlvbiBvZiB0aGUgc2Vzc2lvbiBrZXkg
aGFwcGVucyBqdXN0IGF0IHRoZSANCiAgICAgICAgICAgICAgICAgICAgICAgICBpbml0aWF0b3Iu
IFRodXMsIHRoZSByZXNwb25kZXIgaGFzIHRvIGZ1bGx5IHRydXN0IHRoZSBpbml0aWF0b3Igb24g
DQogICAgICAgICAgICAgICAgICAgICAgICAgY2hvb3NpbmcgYSBnb29kIGFuZCBzZWN1cmUgc2Vz
c2lvbiBzZWNyZXQ7IHRoZSByZXNwb25kZXIgbmVpdGhlciANCiAgICAgICAgICAgICAgICAgICAg
ICAgICBpcyBhYmxlIHRvIHBhcnRpY2lwYXRlIGluIHRoZSBrZXkgZ2VuZXJhdGlvbiBub3IgdG8g
aW5mbHVlbmNlIHRoYXQgDQogICAgICAgICAgICAgICAgICAgICAgICAgcHJvY2Vzcy4gVGhpcyBp
cyBjb25zaWRlcmVkIGFzIGEgc3BlY2lmaWMgbGltaXRhdGlvbiBpbiBsZXNzIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgIHRydXN0ZWQgZW52aXJvbm1lbnRzLiANCiAgICAgICAgICAgICAgICAg
ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIC0gICAgVGhlIHB1YmxpYy1rZXkgZW5j
cnlwdGlvbiBzY2hlbWUgZGVwZW5kcyB1cG9uIGEgcHVibGljLWtleSANCiAgICAgICAgICAgICAg
ICAgICAgICAgICBpbmZyYXN0cnVjdHVyZSB0aGF0IGNlcnRpZmllcyB0aGUgcHJpdmF0ZS1wdWJs
aWMga2V5cyBieSBpc3N1aW5nIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGFuZCBtYWludGFp
bmluZyBkaWdpdGFsIGNlcnRpZmljYXRlcy4gV2hpbGUgc3VjaCBhIGtleSBtYW5hZ2VtZW50IA0K
ICAgICAgICAgICAgICAgICAgICAgICAgIHNjaGVtZSBwcm92aWRlcyBmdWxsIHNjYWxhYmlsaXR5
IGluIGxhcmdlIG5ldHdvcmtlZCANCiAgICAgICAgICAgICAgICAgICAgICAgICBjb25maWd1cmF0
aW9ucywgcHVibGljLWtleSBpbmZyYXN0cnVjdHVyZXMgYXJlIHN0aWxsIG5vdCB3aWRlbHkgDQog
ICAgICAgICAgICAgICAgICAgICAgICAgYXZhaWxhYmxlIGFuZCBpbiBnZW5lcmFsLCBpbXBsZW1l
bnRhdGlvbnMgYXJlIHNpZ25pZmljYW50bHkgbW9yZSANCiAgICAgICAgICAgICAgICAgICAgICAg
ICBjb21wbGV4LiANCiAgICAgICAgICAgICAgICAgICAgICAgICBGdXJ0aGVyIGFkZGl0aW9uYWwg
cm91bmQgdHJpcHMgbWlnaHQgYmUgbmVjZXNzYXJ5IGZvciBlYWNoIHNpZGUgaW4gDQogICAgICAg
ICAgICAgICAgICAgICAgICAgb3JkZXIgdG8gYXNjZXJ0YWluIHZlcmlmaWNhdGlvbiBvZiB0aGUg
ZGlnaXRhbCBjZXJ0aWZpY2F0ZXMuIA0KICAgICAgICAgICAgICAgICAgICAgICAgIEZpbmFsbHks
IGFzIGluIHRoZSBzeW1tZXRyaWMgY2FzZSwgdGhlIHJlc3BvbmRlciBkZXBlbmRzIA0KICAgICAg
ICAgICAgICAgICAgICAgICAgIGNvbXBsZXRlbHkgdXBvbiB0aGUgaW5pdGlhdG9yIGNob29zaW5n
IGdvb2QgYW5kIHNlY3VyZSBzZXNzaW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGtleXMu
IA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgLSAg
ICBUaGUgdGhpcmQgTUlLRVkga2V5IG1hbmFnZW1lbnQgcHJvdG9jb2wgZGVwbG95cyB0aGUgRGlm
ZmllLQ0KICAgICAgICAgICAgICAgICAgICAgICAgIEhlbGxtYW4ga2V5IGFncmVlbWVudCBzY2hl
bWUgYW5kIGF1dGhlbnRpY2F0ZXMgdGhlIGV4Y2hhbmdlIG9mIHRoZSANCiAgICAgICAgICAgICAg
ICAgICAgICAgICBEaWZmaWUtSGVsbG1hbiBoYWxmLWtleXMgaW4gZWFjaCBkaXJlY3Rpb24gYnkg
dXNpbmcgYSBkaWdpdGFsIA0KICAgICAgICAgICAgICAgICAgICAgICAgIHNpZ25hdHVyZSB1cG9u
LiBBcyBpbiB0aGUgcHJldmlvdXMgbWV0aG9kLCB0aGlzIGludHJvZHVjZXMgdGhlIA0KICAgICAg
ICAgICAgICAgICAgICAgICAgIGRlcGVuZGVuY3kgdXBvbiBhIHB1YmxpYy1rZXkgaW5mcmFzdHJ1
Y3R1cmUgd2l0aCBpdHMgc3RyZW5ndGggb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgc2Nh
bGFiaWxpdHkgYnV0IGFsc28gdGhlIGxpbWl0YXRpb25zIG9uIGNvbXB1dGF0aW9uYWwgY29zdHMg
aW4gDQogICAgICAgICAgICAgICAgICAgICAgICAgcGVyZm9ybWluZyB0aGUgYXN5bW1ldHJpYyBs
b25nLWludGVnZXIgb3BlcmF0aW9ucyBhbmQgdGhlIA0KICAgICAgICAgICAgICAgICAgICAgICAg
IHBvdGVudGlhbCBuZWVkIGZvciBhZGRpdGlvbmFsIGNvbW11bmljYXRpb24gZm9yIHZlcmlmaWNh
dGlvbiBvZiANCiAgICAgICAgICAgICAgICAgICAgICAgICB0aGUgZGlnaXRhbCBjZXJ0aWZpY2F0
ZXMuIA0KICAgICAgICAgICAgICAgICAgICAgICAgIEhvd2V2ZXIsIHRoZSBEaWZmaWUtSGVsbG1h
biBrZXkgYWdyZWVtZW50IHByb3RvY29sIGlzIGtub3duIGZvciANCiAgICAgICAgICAgICAgICAg
ICAgICAgICBpdHMgc3VidGxlIHNlY3VyaXR5IHN0cmVuZ3RocyBpbiB0aGF0IGl0IGlzIGFibGUg
dG8gcHJvdmlkZSBmdWxsIA0KICAgICAgICAgICAgICAgICAgICAgICAgIHBlcmZlY3Qgc2VjcmVj
eSBhbmQgZnVydGhlciBoYXZlIGJvdGggcGFydGllcyBhY3RpdmVseSBpbnZvbHZlZCBpbiANCiAg
ICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uIGtleSBnZW5lcmF0aW9uLiANCiAgICAgICAg
ICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAg
ICAgICAgICAgIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgZm91cnRoIGtleSBtYW5hZ2VtZW50
IHNjaGVtZSBmb3IgTUlLRVkgdGhhdCANCiAgICAgICAgICAgICAgICAgICAgICAgY291bGQgc29t
ZWhvdyBiZSBzZWVuIGFzIGEgc3luZXJnZXRpYyBvcHRpbWl6YXRpb24gYW1vbmcgdGhlIHByZS0N
CiAgICAgICAgICAgICAgICAgICAgICAgc2hhcmVkIGtleSBkaXN0cmlidXRpb24gc2NoZW1lIGFu
ZCB0aGUgRGlmZmllLUhlbGxtYW4ga2V5IGFncmVlbWVudC4gDQogICAgICAgICAgICAgICAgICAg
ICAgIFRoZSBpZGVhIG9mIHRoYXQgcHJvdG9jb2wgaXMgdG8gYXBwbHkgdGhlIERpZmZpZS1IZWxs
bWFuIGtleSANCiAgICAgICAgICAgICAgICAgICAgICAgYWdyZWVtZW50IGJ1dCBpbnN0ZWFkIG9m
IGRlcGxveWluZyBhIGRpZ2l0YWwgc2lnbmF0dXJlIGZvciANCiAgICAgICAgICAgICAgICAgICAg
ICAgYXV0aGVudGljaXR5IG9mIHRoZSBleGNoYW5nZWQga2V5aW5nIG1hdGVyaWFsIHJhdGhlciB1
c2VzIGEga2V5ZWQtDQogICAgICAgICAgICAgICAgICAgICAgIGhhc2ggdXBvbiB1c2luZyBzeW1t
ZXRyaWNhbGx5IHByZS1hc3NpZ25lZCBzaGFyZWQgc2VjcmV0cy4gVGhpcyANCiAgICAgICAgICAg
ICAgICAgICAgICAgY29tYmluYXRpb24gb2Ygc2VjdXJpdHkgbWVjaGFuaXNtcyBpcyBjYWxsZWQg
dGhlIEhNQUMtYXV0aGVudGljYXRlZCANCiAgICAgICAgICAgICAgICAgICAgICAgRGlmZmllLUhl
bGxtYW4ga2V5IGFncmVlbWVudCBmb3IgTUlLRVkgKERILUhNQUMpLiANCiAgICAgICAgICAgICAg
ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIDEu
MS4gICBOb3RhdGlvbmFsIENvbnZlbnRpb25zIA0KICAgICAgICAgICAgICAgICAgICAgDQoNCg0K
ICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIEV1Y2huZXIgICAgICAg
ICAgICAgICAgICAgRXhwaXJhdGlvbjogNy8yMDAyICAgICAgICAgICAgICAgICAgW1BhZ2UgM10g
CgwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMtYXV0aGVudGljYXRlZCBE
aWZmaWUtSGVsbG1hbiBmb3IgTUlLRVkgSmFudWFyeSAyMDAyIA0KDQogICAgICAgICAgICAgICAg
ICAgICAgICAgVGhlIGtleSB3b3JkICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNI
QUxMIiwgIlNIQUxMIE5PVCIsIA0KICAgICAgICAgICAgICAgICAgICAgICAgICJTSE9VTEQiLCAi
U0hPVUxEIE5PVCIsICJSRUNPTU1FTkRFRCIsICJNQVkiLCBhbmQgIk9QVElPTkFMIiBpbiANCiAg
ICAgICAgICAgICAgICAgICAgICAgICB0aGlzIGRvY3VtZW50IGFyZSB0byBiZSBpbnRlcnByZXRl
ZCBhcyBkZXNjcmliZWQgaW4gUkZDLTIxMTkuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAg
ICAgICAgICAgICAgICAgICAgIDEuMi4gICBEZWZpbml0aW9ucyANCiAgICAgICAgICAgICAgICAg
ICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGF1dGgta2V5ICBwcmUtc2hhcmVkIGF1dGhl
bnRpY2F0aW9uIGtleSANCiAgICAgICAgICAgICAgICAgICAgICAgICBJRGEsIElEYiAgSWRlbnRp
dHkgb2Ygc2VuZGVyIGFuZCByZWNlaXZlciANCiAgICAgICAgICAgICAgICAgICAgICAgICBrX3Ag
ICAgICAgY29tbW9uIERpZmZpZS1IZWxsbWFuIHNoYXJlZCBzZWNyZXQgDQogICAgICAgICAgICAg
ICAgICAgICAgICAgVCAgICAgICAgIHRpbWVzdGFtcCANCiAgICAgICAgICAgICAgICAgICAgICAg
ICB4LCB5ICAgICAgc2VjcmV0LCByYW5kb20gdmFsdWUgDQogICAgICAgICAgICAgICAgICAgICAg
ICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAxLjMuICAgQWJicmV2aWF0aW9ucyANCiAgICAg
ICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIERIICAgICAgICBEaWZm
aWUtSGVsbG1hbiANCiAgICAgICAgICAgICAgICAgICAgICAgICBESC1ITUFDICAgSE1BQy1hdXRo
ZW50aWNhdGVkIERpZmZpZS1IZWxsbWFuIA0KICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMg
ICAgICBrZXllZCBIYXNoIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gDQogICAgICAgICAgICAgICAg
ICAgICAgICAgSE1BQy1TSEExIEhNQUMgdXNpbmcgU0hBMSBhcyBoYXNoIGZ1bmN0aW9uIA0KICAg
ICAgICAgICAgICAgICAgICAgICAgIE1JS0VZICAgICBNdWx0aW1lZGlhIEludGVybmV0IEtFWWlu
ZyANCiAgICAgICAgICAgICAgICAgICAgICAgICBQTUsgICAgICAgUHJlLU1hc3RlciBLZXkgDQog
ICAgICAgICAgICAgICAgICAgICAgICAgUlNBICAgICAgIFJpdmVzdCwgU2hhbWlyIGFuZCBBZGxl
bWFuIA0KICAgICAgICAgICAgICAgICAgICAgICAgIFRFSyAgICAgICBUcmFmZmljIEVuY3J5cHRp
b24gS2V5IA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAg
ICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAyLiBTY2VuYXJpbyANCiAg
ICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICBUaGUgSE1BQy1hdXRo
ZW50aWNhdGVkIERpZmZpZS1IZWxsbWFuIGtleSBhZ3JlZW1lbnQgcHJvdG9jb2wgKERILQ0KICAg
ICAgICAgICAgICAgICAgICAgICBITUFDKSBmb3IgTUlLRVkgYWRkcmVzc2VzIHRoZSBzYW1lIHNj
ZW5hcmlvcyBhbmQgc2NvcGUgYXMgdGhlIG90aGVyIA0KICAgICAgICAgICAgICAgICAgICAgICB0
aHJlZSBrZXkgbWFuYWdlbWVudCBzY2hlbWVzIGluIE1JS0VZIGFkZHJlc3MuIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIERILUhNQUMgaXMgYXBwbGlj
YWJsZSBpbiBhIHNtYWxsLXNpemVkLCBwZWVyLXRvLXBlZXIgZ3JvdXAgd2hlcmUgbm8gDQogICAg
ICAgICAgICAgICAgICAgICAgIGFjY2VzcyB0byBhIHB1YmxpYy1rZXkgaW5mcmFzdHJ1Y3R1cmUg
Y2FuIGJlIGFzc3VtZWQgYXZhaWxhYmxlLiANCiAgICAgICAgICAgICAgICAgICAgICAgUmF0aGVy
LCBwcmUtc2hhcmVkIG1hc3RlciBzZWNyZXRzIGFyZSBhdmFpbGFibGUgYW1vbmcgdGhlIGVudGl0
aWVzIGluIA0KICAgICAgICAgICAgICAgICAgICAgICBzdWNoIGEgc21hbGwtc2l6ZWQgZ3JvdXAu
IA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIEluIGEg
c21hbGwtc2l6ZWQgZ3JvdXAsIGl0IGlzIGFzc3VtZWQgdGhhdCBlYWNoIGNsaWVudCB3aWxsIGJl
IA0KICAgICAgICAgICAgICAgICAgICAgICBzZXR0aW5nIHVwIGEgc2Vzc2lvbiBrZXkgZm9yIGl0
cyBvdXRnb2luZyBsaW5rcyB3aXRoIGl0cyBwZWVyIHVzaW5nIA0KICAgICAgICAgICAgICAgICAg
ICAgICB0aGUgREgtTUFDIGtleSBhZ3JlZW1lbnQgcHJvdG9jb2wuIA0KICAgICAgICAgICAgICAg
ICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIEFzIGlzIHRoZSBjYXNlIGZvciB0aGUg
b3RoZXIgdGhyZWUgTUlLRVkga2V5IG1hbmFnZW1lbnQgcHJvdG9jb2wsIA0KICAgICAgICAgICAg
ICAgICAgICAgICBESC1ITUFDIGFzc3VtZXMgbG9vc2VseSBzeW5jaHJvbml6ZWQgY2xvY2tzIGFt
b25nIHRoZSBlbnRpdGllcyBpbiB0aGUgDQogICAgICAgICAgICAgICAgICAgICAgIHNtYWxsIGdy
b3VwLiANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAg
DQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAg
ICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAg
IA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAg
ICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAg
ICANCiAgICAgICAgICAgICAgICAgICAgRXVjaG5lciAgICAgICAgICAgICAgICAgICBFeHBpcmF0
aW9uOiA3LzIwMDIgICAgICAgICAgICAgICAgICBbUGFnZSA0XSAKDA0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgSE1BQy1hdXRoZW50aWNhdGVkIERpZmZpZS1IZWxsbWFuIGZvciBN
SUtFWSBKYW51YXJ5IDIwMDIgDQoNCiAgICAgICAgICAgICAgICAgICAgICAgMi4xLiAgIERILUhN
QUMgU2VjdXJpdHkgUHJvdG9jb2wgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgQSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBCIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIEkgPSAo
SURhKSANCiAgICAgICAgICAgICAgICAgICAgICAgSyA9IGcqKnggfHwgVCBbfHwgSV0gDQogICAg
ICAgICAgICAgICAgICAgICAgIEEgPSBITUFDIChhdXRoLWtleSxLKSANCiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSyxBICAgICAgICAgICAgIEknID0g
KElEYikgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLT4gICBLJyA9IGcqKnkgfHwgVCBbfHwgSSddIA0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQicgPSBI
TUFDIChhdXRoLWtleSxLJykgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgSycsQicgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgPC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAg
ICAgICAgICAgICAgICAgICAga19wPSBnKiooeHkpICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIGtfcD1nKiooeHkpIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAg
ICAgICANCiAgICAgICAgICAgICAgICAgICAgIEZpZ3VyZSAxOiBITUFDLWF1dGhlbnRpY2F0ZWQg
RGlmZmllLUhlbGxtYW4ga2V5IGJhc2VkIGV4Y2hhbmdlLCB3aGVyZSB4IA0KICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIGFuZCB5IGFyZSByYW5kb21seSBjaG9zZW4gcmVzcGVjdGl2ZWx5
IGJ5IEEgYW5kIEIuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAg
ICANCiAgICAgICAgICAgICAgICAgICAgICAgICBUaGUga2V5IGV4Y2hhbmdlIGlzIGRvbmUgYWNj
b3JkaW5nIHRvIEZpZ3VyZSAxLiBUaGUgaW5pdGlhdG9yIA0KICAgICAgICAgICAgICAgICAgICAg
ICAgIGNob29zZXMgYSByYW5kb20gdmFsdWUgeCwgYW5kIHNlbmRzIGFuIEhNQUNlZCBtZXNzYWdl
IGluY2x1ZGluZyANCiAgICAgICAgICAgICAgICAgICAgICAgICBnKip4IGFuZCBhIHRpbWVzdGFt
cCB0byB0aGUgcmVzcG9uZGVyIChvcHRpb25hbGx5IGFsc28gaW5jbHVkaW5nIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgIGl0cyBpZGVudGl0eSkuIA0KICAgICAgICAgICAgICAgICAgICAgICAg
DQogICAgICAgICAgICAgICAgICAgICAgICAgVGhlIGdyb3VwIHBhcmFtZXRlcnMgKGUuZy4sIHRo
ZSBncm91cCBHKSBhcmUgYSBzZXQgb2YgcGFyYW1ldGVycyANCiAgICAgICAgICAgICAgICAgICAg
ICAgICBjaG9zZW4gYnkgdGhlIGluaXRpYXRvci4gVGhlIHJlc3BvbmRlciBjaG9vc2VzIGEgcmFu
ZG9tIHBvc2l0aXZlIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGludGVnZXIgeSwgYW5kIHNl
bmRzIGFuIEhNQUNlZCBtZXNzYWdlIGluY2x1ZGluZyBnKip5IGFuZCB0aGUgDQogICAgICAgICAg
ICAgICAgICAgICAgICAgdGltZXN0YW1wIHRvIHRoZSBpbml0aWF0b3IgKG9wdGlvbmFsbHkgYWxz
byBwcm92aWRpbmcgaXRzIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGlkZW50aXR5KS4gDQog
ICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICBCb3RoIHBh
cnRpZXMgdGhlbiBjYWxjdWxhdGUgdGhlIFBNSywgZyoqKHh5KS4gDQogICAgICAgICAgICAgICAg
ICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICBUaGUgSE1BQyBhdXRoZW50aWNhdGlv
biBpcyBkdWUgdG8gcHJvdmlkZSBhdXRoZW50aWNhdGlvbiBvZiB0aGUgREggDQogICAgICAgICAg
ICAgICAgICAgICAgICAgaGFsZi1rZXlzLCBhbmQgaXMgbmVjZXNzYXJ5IHRvIGF2b2lkIG1hbi1p
bi10aGUtbWlkZGxlIGF0dGFja3MuIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAg
ICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICBUaGlzIGFwcHJvYWNo
IGlzIHRoZSBsZXNzIGV4cGVuc2l2ZSB0aGFuIGRpZ2l0YWxseSBzaWduZWQgRGlmZmllLQ0KICAg
ICAgICAgICAgICAgICAgICAgICAgIEhlbGxtYW4uIEl0IHJlcXVpcmVzIGZpcnN0IG9mIGFsbCwg
dGhhdCBib3RoIHNpZGVzIGNvbXB1dGUgb25lIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGV4
cG9uZW50aWF0aW9uIGFuZCBvbmUgSE1BQywgdGhlbiBvbmUgSE1BQyB2ZXJpZmljYXRpb24gYW5k
IA0KICAgICAgICAgICAgICAgICAgICAgICAgIGZpbmFsbHkgYW5vdGhlciBEaWZmaWUtSGVsbG1h
biBleHBvbmVudGlhdGlvbi4gDQogICAgICAgICAgICAgICAgICAgICAgICAgV2l0aCBvZmYtbGlu
ZSBwcmUtY29tcHV0YXRpb24sIHRoZSBpbml0aWFsIERpZmZpZS1IZWxsbWFuIE1BWSBiZSANCiAg
ICAgICAgICAgICAgICAgICAgICAgICBjb21wdXRlZCBiZWZvcmUgdGhlIGtleSBtYW5hZ2VtZW50
IHRyYW5zYWN0aW9uIGFuZCB0aGVyZWJ5IE1BWSANCiAgICAgICAgICAgICAgICAgICAgICAgICBm
dXJ0aGVyIHJlZHVjZSB0aGUgb3ZlcmFsbCByb3VuZCB0cmlwIGRlbGF5IGFzIHdlbGwgYXMgcmVk
dWNlIHRoZSANCiAgICAgICAgICAgICAgICAgICAgICAgICByaXNrIG9mIGRlbmlhbC1vZi1zZXJ2
aWNlIGF0dGFja3MuIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAg
ICAgICAgICAgUHJvY2Vzc2luZyBvZiB0aGUgVEVLIFNIQUxMIGJlIGFjY29tcGxpc2hlZCBhcyBk
ZXNjcmliZWQgaW4gTUlLRVkgDQogICAgICAgICAgICAgICAgICAgICAgICAgY2hhcHRlciA0LiAN
CiAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBj
b21wdXRlZCBITUFDIHJlc3VsdCBBIG9yIEInIFNIQUxMIGJlIGNvbnZleWVkIGluIHRoZSBESC1I
TUFDIA0KICAgICAgICAgICAgICAgICAgICAgICAgIHBheWxvYWQgZmllbGQgb2YgdGhlIE1JS0VZ
IHBheWxvYWQgYXMgc3BlY2lmaWVkIGluIGNoYXB0ZXIgNSBvZiANCiAgICAgICAgICAgICAgICAg
ICAgICAgICBNSUtFWS4gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAg
ICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIEV1Y2huZXIg
ICAgICAgICAgICAgICAgICAgRXhwaXJhdGlvbjogNy8yMDAyICAgICAgICAgICAgICAgICAgW1Bh
Z2UgNV0gCgwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMtYXV0aGVudGlj
YXRlZCBEaWZmaWUtSGVsbG1hbiBmb3IgTUlLRVkgSmFudWFyeSAyMDAyIA0KDQogICAgICAgICAg
ICAgICAgICAgIDMuIERILUhNQUMgcGF5bG9hZCBmb3JtYXRzIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIFRoaXMgc2VjdGlvbiBzcGVjaWZpZXMgdGhl
IHBheWxvYWQgZm9ybWF0cyBhbmQgZGF0YSB0eXBlIHZhbHVlcyBmb3IgDQogICAgICAgICAgICAg
ICAgICAgICAgIERILUhNQUMuIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAg
ICAgICAgICAgICAgIDMuMS4gICBDb21tb24gaGVhZGVyIHBheWxvYWQgDQogICAgICAgICAgICAg
ICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgRm9yIERILUhNQUMgdGhlIGZvbGxv
d2luZyBkYXRhIHR5cGUgU0hBTEwgYmUgdXNlZDogDQogICAgICAgICAgICAgICAgICAgICANCiAg
ICAgICAgICAgICAgICAgICAgICAgRGF0YSB0eXBlICAgICB8IFZhbHVlIHwgQ29tbWVudCANCiAg
ICAgICAgICAgICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0gDQogICAgICAgICAgICAgICAgICAgICAgIERISE1BQyBpbml0ICAgfCAgICAgNyB8IEluaXRp
YXRvcidzIERILUhNQUMgZXhjaGFuZ2UgbWVzc2FnZSANCiAgICAgICAgICAgICAgICAgICAgICAg
REhNSEFDIHJlc3AgICB8ICAgICA4IHwgUmVzcG9uZGVyJ3MgREgtSE1BQyBleGNoYW5nZSBtZXNz
YWdlIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgVGhl
IEVycm9yIHBheWxvYWQgZGF0YSB0eXBlIFNIQUxMIGJlIGFwcGxpZWQgYnkgdGhlIHJlc3BvbmRl
ciBpbiANCiAgICAgICAgICAgICAgICAgICAgICAgICBjYXNlIG9mIGEgZGVjb2RpbmcgZXJyb3Ig
b3Igb2YgYSBmYWlsZWQgSE1BQyBhdXRoZW50aWNhdGlvbiANCiAgICAgICAgICAgICAgICAgICAg
ICAgICB2ZXJpZmljYXRpb24uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAg
ICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIEhhc2ggZnVuYyAgICAgfCBWYWx1ZSB8IENvbW1lbnRzIA0KICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNI
QS0xICAgICAgICAgfCAgICAgMCB8IE1hbmRhdG9yeSwgRGVmYXVsdCAoc2VlIFtTSEExXSkgDQog
ICAgICAgICAgICAgICAgICAgICAgICAgICAgU0hBLTEtOTYgICAgICB8ICAgICA1IHwgT3B0aW9u
YWwsIFNIQTEgdHJ1bmNhdGVkIHRvIHRoZSA5NiANCiAgICAgICAgICAgICAgICAgICAgICAgICBs
ZWZ0bW9zdCBiaXRzIG9mIFNIQS0xIHJlc3VsdCB3aGVuIHJlcHJlc2VudGVkIGluIG5ldHdvcmsg
Ynl0ZSANCiAgICAgICAgICAgICAgICAgICAgICAgICBvcmRlci4gDQogICAgICAgICAgICAgICAg
ICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICBTSEEtMSBpcyB0aGUgZGVmYXVsdCBoYXNo
IGZ1bmN0aW9uIHRoYXQgTVVTVCBiZSBpbXBsZW1lbnRlZCBhcyANCiAgICAgICAgICAgICAgICAg
ICAgICAgICBwYXJ0IG9mIHRoZSBESC1ITUFDLiBUaGUgbGVuZ3RoIG9mIHRoZSBITUFDIHJlc3Vs
dCBpcyAxNjAgYml0cy4gDQogICAgICAgICAgICAgICAgICAgICAgICAgU0hBLTEtOTYgcHJvZHVj
ZXMgYSBzbGlnaHRseSBzaG9ydGVyIEhNQUMgcmVzdWx0IHdoZXJlIHRoZSBTSEEtMSANCiAgICAg
ICAgICAgICAgICAgICAgICAgICByZXN1bHQgU0hBTEwgYmUgdHJ1bmNhdGVkIHRvIHRoZSA5NiBs
ZWZ0bW9zdCBiaXRzIHdoZW4gcmVwcmVzZW50ZWQgDQogICAgICAgICAgICAgICAgICAgICAgICAg
aW4gbmV0d29yayBieXRlIG9yZGVyLiBUaGlzIHdpbGwgc2F2ZSBzb21lIGJhbmR3aWR0aC4gDQog
ICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICAgICAzLjIuICAgREgtSE1BQyBkYXRhIHBheWxvYWQgDQogICAgICAgICAgICAgICAg
ICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICBUaGVyZSBpcyBubyBzZXBhcmF0ZSBwYXls
b2FkIGRlZmluZWQgZm9yIERILUhNQUMuIFJhdGhlciwgdGhlIERIIA0KICAgICAgICAgICAgICAg
ICAgICAgICAgIHBheWxvYWQgZGF0YSBhcyBkZWZpbmVkIGluIE1JS0VZIEFwcGVuZGl4IEEuNCBT
SEFMTCBiZSB1c2VkLiANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAg
ICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgMy4zLiAg
IEhNQUMgcGF5bG9hZCANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgIFRoZSBITUFDIHBheWxvYWQgY2FycmllcyB0aGUgY29tcHV0ZWQgSE1BQyB2YWx1ZSB1
cG9uIHRoZSBESC1NQUMgDQogICAgICAgICAgICAgICAgICAgICAgICAgbWVzc2FnZSBhbmQgY29y
cmVzcG9uZGluZyBwYXlsb2FkIGRhdGEuIFRoZSBITUFDIE1VU1QgYWx3YXlzIGJlIA0KICAgICAg
ICAgICAgICAgICAgICAgICAgIHRoZSBsYXN0IHBheWxvYWQgaW4gdGhlIERILUhNQUMgZXhjaGFu
Z2UgbWVzc2FnZXMuICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAxICAgICAgICAgICAgICAgICAgIDIgICAgICAgICAg
ICAgICAgICAgMyANCiAgICAgICAgICAgICAgICAgICAgICAgIDAgMSAyIDMgNCA1IDYgNyA4IDkg
MCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSANCiAgICAgICAgICAg
ICAgICAgICAgICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSsgDQogICAgICAgICAgICAgICAgICAgICAgICAgIH4gICAgICAg
ICAgICAgICAgICAgICAgICBITUFDICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB+IA0K
ICAgICAgICAgICAgICAgICAgICAgICAhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgISANCiAgICAgICAgICAgICAgICAgICAgICAg
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSsgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0K
ICAgICAgICAgICAgICAgICAgICBFdWNobmVyICAgICAgICAgICAgICAgICAgIEV4cGlyYXRpb246
IDcvMjAwMiAgICAgICAgICAgICAgICAgIFtQYWdlIDZdIAoMDQogICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBITUFDLWF1dGhlbnRpY2F0ZWQgRGlmZmllLUhlbGxtYW4gZm9yIE1JS0VZ
IEphbnVhcnkgMjAwMiANCg0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAg
ICAgICAgICogSE1BQzogVGhlIGNvbXB1dGVkIEhNQUMgdXBvbiB0aGUgZW50aXJlIG1lc3NhZ2Uu
IFRoZSBoYXNoaW5nIA0KICAgICAgICAgICAgICAgICAgICBmdW5jdGlvbiB3aXRoaW4gSE1BQyBz
aGFsbCBiZSB1c2VkIGFzIGluZGljYXRlZCBieSB0aGUgaGFzaCBmdW5jIHZhbHVlIA0KICAgICAg
ICAgICAgICAgICAgICAoMCBvciA1KS4gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAg
ICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICBBcHBlbmRpeCBCLiAtIFBheWxvYWQg
dXNhZ2Ugc3VtbWFyeSANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgIFRoaXMgc2VjdGlvbiBkZXNjcmliZXMgdGhlIHJlbGF0aW9uc2hpcCBvZiBESC1ITUFD
IG1lc3NhZ2VzIGFuZCANCiAgICAgICAgICAgICAgICAgICAgICAgICB0aGUgTUlLRVkgcGF5bG9h
ZCB0eXBlcy4gDQogICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgIERlcGVuZGluZyBvbiB0aGUgdHlwZSBvZiBtZXNzYWdlLCBkaWZmZXJlbnQgcGF5bG9h
ZHMgTVVTVCBhbmQgTUFZIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGJlIGluY2x1ZGVkLiBU
aGVyZSBhcmUgc2l4IGRpc3RpbmN0IHR5cGVzIG9mIG1lc3NhZ2VzOiANCiAgICAgICAgICAgICAg
ICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqIFByZS1zaGFyZWQg
a2V5IHRyYW5zcG9ydCBtZXNzYWdlIA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICogUHVibGljIGtleSB0cmFuc3BvcnQgbWVzc2FnZSAN
CiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKiBW
ZXJpZmljYXRpb24gbWVzc2FnZSAoZm9yIGVpdGhlciBwcmUtc2hhcmVkIGtleSBvciBwdWJsaWMg
DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBrZXkpIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICogREggZXhjaGFuZ2UgbWVz
c2FnZSAoYmktZGlyZWN0aW9uYWwpIA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICogREgtSE1BQyBleGNoYW5nZSBtZXNzYWdlIChiaS1k
aXJlY3Rpb25hbCkgDQogICAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgKiBFcnJvciBtZXNzYWdlIA0KICAgICAgICAgICAgICAgICAgICAgDQog
ICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgTWVzc2FnZSBUeXBlIA0KICAgICAg
ICAgICAgICAgICAgICAgICBQYXlsb2FkIHR5cGUgIHwgUFMgICB8IFBLICAgfCBESCAgIHwgREgt
SE1BQyB8IFZlciAgfCBFcnJvciANCiAgICAgICAgICAgICAgICAgICAgICAgLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gDQogICAgICAg
ICAgICAgICAgICAgICAgIFBTIGRhdGEgICAgICAgfCBNICAgICAgLSAgICAgIC0gICAgICAgIC0g
ICAgICAgIC0gICAgICAtIA0KICAgICAgICAgICAgICAgICAgICAgICBQSyBkYXRhICAgICAgIHwg
LSAgICAgIE0qICAgICAtICAgICAgICAtICAgICAgICAtICAgICAgLSANCiAgICAgICAgICAgICAg
ICAgICAgICAgREggZGF0YSAgICAgICB8IC0gICAgICAtICAgICAgTSAgICAgICAgTSAgICAgICAg
LSAgICAgIC0gDQogICAgICAgICAgICAgICAgICAgICAgIFZlciBtc2cgICAgICAgfCAtICAgICAg
LSAgICAgIC0gICAgICAgIC0gICAgICAgIE0gICAgICAtIA0KICAgICAgICAgICAgICAgICAgICAg
ICBFcnJvciAgICAgICAgIHwgLSAgICAgIC0gICAgICAtICAgICAgICAtICAgICAgICAtICAgICAg
TSANCiAgICAgICAgICAgICAgICAgICAgICAgVGltZXN0YW1wICAgICB8IE0gICAgICBNICAgICAg
TSAgICAgICAgTyAgICAgICAgLSAgICAgIE8gDQogICAgICAgICAgICAgICAgICAgICAgIElEICAg
ICAgICAgICAgfCBPICAgICAgTyAgICAgIE8gICAgICAgIE8gICAgICAgIE8gICAgICBPIA0KICAg
ICAgICAgICAgICAgICAgICAgICBTaWduYXR1cmUgICAgIHwgLSAgICAgIE8gICAgICBNICAgICAg
ICAtICAgICAgICAtICAgICAgLSANCiAgICAgICAgICAgICAgICAgICAgICAgSE1BQyAgICAgICAg
ICB8IC0gICAgICAtICAgICAgLSAgICAgICAgTSAgICAgICAgLSAgICAgIC0gDQogICAgICAgICAg
ICAgICAgICAgICAgIENlcnRpZmljYXRlICAgfCAtICAgICAgTyAgICAgIE8gICAgICAgIC0gICAg
ICAgIC0gICAgICAtIA0KICAgICAgICAgICAgICAgICAgICAgICBDZXJ0IGhhc2ggICAgIHwgLSAg
ICAgIE8gICAgICBPICAgICAgICAtICAgICAgICAtICAgICAgLSANCiAgICAgICAgICAgICAgICAg
ICAgICAgbl9zdGFydCAgICAgICB8IE8gICAgICBPICAgICAgTyAgICAgICAgTyAgICAgICAgLSAg
ICAgIC0gDQogICAgICAgICAgICAgICAgICAgICAgIG5fZW5kICAgICAgICAgfCBPICAgICAgTyAg
ICAgIE8gICAgICAgIE8gICAgICAgIC0gICAgICAtIA0KICAgICAgICAgICAgICAgICAgICAgICBT
UEkgICAgICAgICAgIHwgTyAgICAgIE8gICAgICBPICAgICAgICBPICAgICAgICAtICAgICAgLSAN
CiAgICAgICAgICAgICAgICAgICAgICAgU1AgICAgICAgICAgICB8IE8gICAgICBPICAgICAgTyAg
ICAgICAgTyAgICAgICAgLSAgICAgIE8gDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAg
ICAgICAgICAgICAgICAgV2hlbiBhIHBheWxvYWQgaXMgbm90IGluY2x1ZGVkLCB0aGUgZGVmYXVs
dCB2YWx1ZXMgZm9yIHRoZSANCiAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gY2Fy
cmllZCBieSBpdCBTSEFMTCBiZSB1c2VkICh3aGVuIGFwcGxpY2FibGUpLiBUaGUgDQogICAgICAg
ICAgICAgICAgICAgICAgIGZvbGxvd2luZyB0YWJsZSBzdW1tYXJpemVzIHdoYXQgbWVzc2FnZXMg
bWF5IGJlIGluY2x1ZGVkIGluIGEgDQogICAgICAgICAgICAgICAgICAgICAgIHNwZWNpZmljIG1l
c3NhZ2UuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAg
ICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICBFdWNobmVyICAgICAgICAg
ICAgICAgICAgIEV4cGlyYXRpb246IDcvMjAwMiAgICAgICAgICAgICAgICAgIFtQYWdlIDddIAoM
DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBITUFDLWF1dGhlbnRpY2F0ZWQgRGlm
ZmllLUhlbGxtYW4gZm9yIE1JS0VZIEphbnVhcnkgMjAwMiANCg0KICAgICAgICAgICAgICAgICAg
ICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAg
ICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIDQuIFNlY3VyaXR5IENvbnNpZGVy
YXRpb25zIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAg
ICAgICAgICAgICAgICAgICAgICAgVGhpcyBkb2N1bWVudCBhZGRyZXNzZXMga2V5IG1hbmFnZW1l
bnQgc2VjdXJpdHkgaXNzdWVzIHRocm91Z2hvdXQuIA0KICAgICAgICAgICAgICAgICAgICAgICBG
b3IgYSBjb21wcmVoZW5zaXZlIGV4cGxhbmF0aW9uIG9mIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25z
LCBwbGVhc2UgDQogICAgICAgICAgICAgICAgICAgICAgIHJlZmVyIHRvIE1JS0VZIHNlY3Rpb24g
MTAuIEluIGFkZGl0aW9uIHRvIHRoYXQsIHRoZSBmb2xsb3dpbmcgDQogICAgICAgICAgICAgICAg
ICAgICAgIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGFwcGx5IGluIHBhcnRpY3VsYXIgdG8gdGhp
cyBkb2N1bWVudDogDQogICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAg
ICAgICAgT3RoZXIgdGhhbiB0aGUgTUlLRVkgcHJlLXNoYXJlZCBhbmQgcHVibGljLWtleSBiYXNl
ZCBrZXkgZGlzdHJpYnV0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICBwcm90b2NvbHMsIHRo
ZSBEaWZmaWUtSGVsbG1hbiBrZXkgYWdyZWVtZW50IHByb3RvY29sIGZlYXR1cmVzIGEgDQogICAg
ICAgICAgICAgICAgICAgICAgIHNlY3VyaXR5IHByb3BlcnR5IGNhbGxlZCBwZXJmZWN0IGZvcndh
cmQgc2VjcmVjeS4gIFRoYXQgaXMsIHRoYXQgZXZlbiANCiAgICAgICAgICAgICAgICAgICAgICAg
aWYgdGhlIGxvbmctdGVybSBtYXN0ZXIgd291bGQgYmUgY29tcHJvbWlzZWQgYXQgc29tZSBwb2lu
dCBpbiB0aW1lLCANCiAgICAgICAgICAgICAgICAgICAgICAgdGhpcyB3b3VsZCBub3QgcmVuZGVy
IHBhc3Qgc2Vzc2lvbiBrZXlzIGNvbXByb21pc2VkLiANCiAgICAgICAgICAgICAgICAgICAgICAg
IA0KICAgICAgICAgICAgICAgICAgICAgICBGdXJ0aGVyLCBEaWZmaWUtSGVsbG1hbiBrZXkgbWFu
YWdlbWVudCBwcm90b2NvbCBpcyBub3QgYSBzdHJpY3Qga2V5IA0KICAgICAgICAgICAgICAgICAg
ICAgICBkaXN0cmlidXRpb24gcHJvdG9jb2wgcGVyIHNlLiBBY3R1YWxseSwgYm90aCBwYXJ0aWVz
IGludm9sdmVkIGluIHRoZSANCiAgICAgICAgICAgICAgICAgICAgICAgcHJvdG9jb2wgZXhjaGFu
Z2UgYXJlIGFibGUgdG8gZXF1YWxseSBjb250cmlidXRlIHRvIHRoZSBjb21tb24gDQogICAgICAg
ICAgICAgICAgICAgICAgIERpZmZpZS1IZWxsbWFuIG1hc3RlciBzZXNzaW9uIGtleS4gVGhpcyBy
ZWR1Y2VzIHRoZSByaXNrIG9mIGVpdGhlciANCiAgICAgICAgICAgICAgICAgICAgICAgcGFydHkg
Y2hlYXRpbmcgb3IgdW5pbnRlbnRpb25hbGx5IGdlbmVyYXRpbmcgYSB3ZWFrIHNlc3Npb24ga2V5
LiBJbiANCiAgICAgICAgICAgICAgICAgICAgICAgb3JkZXIgZm9yIERpZmZpZS1IZWxsbWFuIGtl
eSBhZ3JlZW1lbnQgdG8gYmUgc2VjdXJlLCBlYWNoIHBhcnR5IHNoYWxsIA0KICAgICAgICAgICAg
ICAgICAgICAgICBnZW5lcmF0ZSBpdHMgeCBvciB5IHZhbHVlcyB1c2luZyBhIHN0cm9uZywgdW5w
cmVkaWN0YWJsZSBwc2V1ZG8tDQogICAgICAgICAgICAgICAgICAgICAgIHJhbmRvbSBnZW5lcmF0
b3IuIEZ1cnRoZXIgdGhlc2UgdmFsdWVzIHggb3IgeSBzaGFsbCBiZSBrZXB0IHByaXZhdGUuIA0K
ICAgICAgICAgICAgICAgICAgICAgICBJdCBpcyByZWNvbW1lbmRlZCB0aGF0IHRoZXNlIHNlY3Jl
dCB2YWx1ZXMgYmUgZGVzdHJveWVkIG9uY2UgdGhlIA0KICAgICAgICAgICAgICAgICAgICAgICBj
b21tb24gRGlmZmllLUhlbGxtYW4gc2hhcmVkIHNlY3JldCBrZXkgaGFzIGJlZW4gZXN0YWJsaXNo
ZWQuIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgIEZv
ciB0aGUgc2FrZSBvZiBpbXByb3ZlZCBwZXJmb3JtYW5jZSBhbmQgcmVkdWNlZCByb3VuZCB0cmlw
IGRlbGF5IA0KICAgICAgICAgICAgICAgICAgICAgICBlaXRoZXIgcGFydHkgbWF5IG9mZi1saW5l
IHByZS1jb21wdXRlIGl0cyBwdWJsaWMgRGlmZmllLUhlbGxtYW4gaGFsZi0NCiAgICAgICAgICAg
ICAgICAgICAgICAga2V5LiANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICAgICBBcyBzdWNoLCBESC1ITUFDIGJ1dCBhbHNvIGRpZ2l0YWxseSBzaWduZWQgREgg
cHJvdmlkZXMgYSBmYXIgc3VwZXJpb3IgDQogICAgICAgICAgICAgICAgICAgICAgIHNlY3VyaXR5
IGxldmVsIG92ZXIgdGhlIHByZS1zaGFyZWQgb3IgcHVibGljLWtleSBiYXNlZCBrZXkgDQogICAg
ICAgICAgICAgICAgICAgICAgIGRpc3RyaWJ1dGlvbiBwcm90b2NvbCBpbiB0aGF0IHJlc3BlY3Qu
ICANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgDQog
ICAgICAgICAgICAgICAgICAgICAgIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIHRoZSBITUFDLWF1
dGhlbnRpY2F0ZWQgRGlmZmllLUhlbGxtYW4ga2V5IA0KICAgICAgICAgICAgICAgICAgICAgICBh
Z3JlZW1lbnQgcHJvdG9jb2wgdGhhdCBjb21wbGV0ZWx5IGF2b2lkcyBkaWdpdGFsIHNpZ25hdHVy
ZXMgYW5kIHRoZSANCiAgICAgICAgICAgICAgICAgICAgICAgYXNzb2NpYXRlZCBwdWJsaWMta2V5
IGluZnJhc3RydWN0dXJlIGFzIHdvdWxkIGJlIG5lY2Vzc2FyeSBmb3IgdGhlIA0KICAgICAgICAg
ICAgICAgICAgICAgICBYLjUwOSBSU0EgcHVibGljLWtleSBiYXNlZCBrZXkgZGlzdHJpYnV0aW9u
IHByb3RvY29sIG9yIHRoZSBkaWdpdGFsbHkgDQogICAgICAgICAgICAgICAgICAgICAgIHNpZ25l
ZCBEaWZmaWUtSGVsbG1hbiBrZXkgYWdyZWVtZW50IHByb3RvY29sIGFzIGRlc2NyaWJlZCBpbiBN
SUtFWS4gDQogICAgICAgICAgICAgICAgICAgICAgIFB1YmxpYy1rZXkgaW5mcmFzdHJ1Y3R1cmVz
IG1heSBub3QgYWx3YXlzIGJlIGF2YWlsYWJsZSBpbiBjZXJ0YWluIA0KICAgICAgICAgICAgICAg
ICAgICAgICBlbnZpcm9ubWVudHMgbm9yIG1heSB0aGV5IGJlIGRlZW1lZCBhZGVxdWF0ZSBmb3Ig
cmVhbC10aW1lIG11bHRpbWVkaWEgDQogICAgICAgICAgICAgICAgICAgICAgIGFwcGxpY2F0aW9u
cyB3aGVuIHRha2luZyBhZGRpdGlvbmFsIHN0ZXBzIGZvciBjZXJ0aWZpY2F0ZSB2YWxpZGF0aW9u
IA0KICAgICAgICAgICAgICAgICAgICAgICBhbmQgY2VydGlmaWNhdGUgcmV2b2NhdGlvbiBtZXRo
b2RzIHdpdGggYWRkaXRpb25hbCByb3VuZC10cmlwcyBpbnRvIA0KICAgICAgICAgICAgICAgICAg
ICAgICBhY2NvdW50LiANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAg
ICAgICAgICBUaGUgSE1BQyBjb21wdXRhdGlvbiBjb3Jyb2JvcmF0ZXMgZm9yIGF1dGhlbnRpY2F0
aW9uIGFuZCBtZXNzYWdlIA0KICAgICAgICAgICAgICAgICAgICAgICBpbnRlZ3JpdHkgb2YgdGhl
IGV4Y2hhbmdlZCBEaWZmaWUtSGVsbG1hbiBoYWxmLWtleXMgYW5kIGFzc29jaWF0ZWQgDQogICAg
ICAgICAgICAgICAgICAgICAgIG1lc3NhZ2VzLiBUaGUgYXV0aGVudGljYXRpb24gaXMgYWJzb2x1
dGUgbmVjZXNzYXJ5IGluIG9yZGVyIHRvIGF2b2lkIA0KICAgICAgICAgICAgICAgICAgICAgICBt
YW4taW4tdGhlLW1pZGRsZSBhdHRhY2tzIG9uIHRoZSBleGNoYW5nZWQgbWVzc2FnZXMgaW4gdHJh
bnNpdC4gDQogICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0K
ICAgICAgICAgICAgICAgICAgICBFdWNobmVyICAgICAgICAgICAgICAgICAgIEV4cGlyYXRpb246
IDcvMjAwMiAgICAgICAgICAgICAgICAgIFtQYWdlIDhdIAoMDQogICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBITUFDLWF1dGhlbnRpY2F0ZWQgRGlmZmllLUhlbGxtYW4gZm9yIE1JS0VZ
IEphbnVhcnkgMjAwMiANCg0KICAgICAgICAgICAgICAgICAgICAgICBVc2luZyBITUFDIGluIGNv
bmp1bmN0aW9uIHdpdGggYSBzdHJvbmcgb25lLXdheSBoYXNoIGZ1bmN0aW9uIHN1Y2ggYXMgDQog
ICAgICAgICAgICAgICAgICAgICAgIFNIQTEgbWF5IGJlIGFjaGlldmVkIG1vcmUgZWZmaWNpZW50
bHkgaW4gc29mdHdhcmUgdGhhbiBleHBlbnNpdmUgDQogICAgICAgICAgICAgICAgICAgICAgIHB1
YmxpYy1rZXkgb3BlcmF0aW9ucy4gVGhpcyB5aWVsZHMgYSBwYXJ0aWN1bGFyIHBlcmZvcm1hbmNl
IGJlbmVmaXQgDQogICAgICAgICAgICAgICAgICAgICAgIG9mIERILUhNQUMgb3ZlciBzaWduZWQg
REggb3IgdGhlIHB1YmxpYy1rZXkgZW5jcnlwdGlvbiBwcm90b2NvbC4gDQogICAgICAgICAgICAg
ICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgICAgREgtSE1BQyBvcHRpb25hbGx5IGZlYXR1
cmVzIGEgdmFyaWFudCB3aGVyZSB0aGUgSE1BQy1TSEEtMSByZXN1bHQgaXMgDQogICAgICAgICAg
ICAgICAgICAgICAgIHRydW5jYXRlZCB0byA5Ni1iaXQgaW5zdGVhZCBvZiAxNjAgYml0cy4gSXQg
aXMgYmVsaWV2ZWQgdGhhdCBhbHRob3VnaCANCiAgICAgICAgICAgICAgICAgICAgICAgdGhlIHRy
dW5jYXRlZCBITUFDIGFwcGVhcnMgc2lnbmlmaWNhbnRseSBzaG9ydGVyLCB0aGUgc2VjdXJpdHkg
DQogICAgICAgICAgICAgICAgICAgICAgIHByb3ZpZGVkIHdvdWxkIG5vdCBzdWZmZXI7IGl0IGFw
cGVhcnMgZXZlbiByZWFzb25hYmxlIHRoYXQgdGhlIA0KICAgICAgICAgICAgICAgICAgICAgICBz
aG9ydGVyIEhNQUMgY291bGQgcHJvdmlkZSBpbmNyZWFzZWQgc2VjdXJpdHkgYWdhaW5zdCBrbm93
bi1wbGFpbnRleHQgDQogICAgICAgICAgICAgICAgICAgICAgIGNyeXB0LWFuYWx5c2lzLCBzZWUg
UkZDIDIxMDQgZm9yIG1vcmUgZGV0YWlscy4gSW4gYW55IHdheSwgdHJ1bmNhdGVkIA0KICAgICAg
ICAgICAgICAgICAgICAgICBESC1ITUFDIGlzIGFibGUgdG8gcmVkdWNlIHRoZSBiYW5kd2lkdGgg
ZHVyaW5nIERpZmZpZS1IZWxsbWFuIGtleSANCiAgICAgICAgICAgICAgICAgICAgICAgYWdyZWVt
ZW50IGFuZCB5aWVsZCBiZXR0ZXIgcm91bmQgdHJpcCBkZWxheSBvbiBsb3ctYmFuZHdpZHRoIGxp
bmtzLiANCiAgICAgICAgICAgICAgICAgICAgICAgSWYgdmVyeSBoaWdoIHNlY3VyaXR5IGxldmVs
IGlzIGRlc2lyZWQgZm9yIGxvbmctdGVybSBzZWNyZWN5IG9mIHRoZSANCiAgICAgICAgICAgICAg
ICAgICAgICAgbmVnb3RpYXRlZCBEaWZmaWUtSGVsbG1hbiBzaGFyZWQgc2VjcmV0LCBsb25nZXIg
aGFzaCB2YWx1ZXMgbWF5IGJlIA0KICAgICAgICAgICAgICAgICAgICAgICBkZXBsb3llZCBzdWNo
IGFzIFNIQTI1NiwgU0hBMzg0IG9yIFNIQTUxMiBwcm92aWRlLCBwb3NzaWJseSBpbiANCiAgICAg
ICAgICAgICAgICAgICAgICAgY29uanVuY3Rpb24gd2l0aCBzdHJvbmdlciBEaWZmaWUtSGVsbG1h
biBncm91cHMuIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAN
CiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAg
ICAgICAgICAgIDUuIEFja25vd2xlZGdlbWVudHMgDQogICAgICAgICAgICAgICAgICAgICANCiAg
ICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgICAgICA2LiBJbnRlbGxlY3R1YWwg
UHJvcGVydHkgUmlnaHRzIA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAg
ICAgICAgICAgICAgICBUaGlzIHByb3Bvc2FsIGluIGlzIGZ1bGwgY29uZm9ybWl0eSB3aXRoIFtS
RkMtMjAyNl0uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAg
ICAgICAgICBTaWVtZW5zIG1heSBoYXZlIHBhdGVudCByaWdodHMgb24gdGVjaG5vbG9neSBkZXNj
cmliZWQgaW4gdGhpcyANCiAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudCB3aGljaCBl
bXBsb3llZXMgb2YgU2llbWVucyBjb250cmlidXRlIGZvciB1c2UgaW4gSUVURiANCiAgICAgICAg
ICAgICAgICAgICAgICAgICBzdGFuZGFyZHMgZGlzY3Vzc2lvbnMuIEluIHJlbGF0aW9uIHRvIGFu
eSBJRVRGIHN0YW5kYXJkIA0KICAgICAgICAgICAgICAgICAgICAgICAgIGluY29ycG9yYXRpbmcg
YW55IHN1Y2ggdGVjaG5vbG9neSwgU2llbWVucyBoZXJlYnkgYWdyZWVzIHRvIA0KICAgICAgICAg
ICAgICAgICAgICAgICAgIGxpY2Vuc2Ugb24gZmFpciwgcmVhc29uYWJsZSBhbmQgbm9uLWRpc2Ny
aW1pbmF0b3J5IHRlcm1zLCBiYXNlZCBvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICByZWNp
cHJvY2l0eSwgYW55IHBhdGVudCBjbGFpbXMgaXQgb3ducyBjb3ZlcmluZyBzdWNoIHRlY2hub2xv
Z3ksIA0KICAgICAgICAgICAgICAgICAgICAgICAgIHRvIHRoZSBleHRlbnQgc3VjaCB0ZWNobm9s
b2d5IGlzIGVzc2VudGlhbCB0byBjb21wbHkgd2l0aCBzdWNoIA0KICAgICAgICAgICAgICAgICAg
ICAgICAgIHN0YW5kYXJkLiANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAg
ICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAg
ICAgICAgICAgICAgICAgICA3LiBOb3JtYXRpdmUgUmVmZXJlbmNlcyANCiAgICAgICAgICAgICAg
ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICBbMV0gIEouIEFya2tvLCBFLiBDYXJyYXJhLCBG
LiBMaW5kaG9sbSwgTS4gTmFzbHVuZCwgSy4gTm9ycm1hbjsgDQogICAgICAgICAgICAgICAgICAg
ICJNSUtFWTpNdWx0aW1lZGlhIEludGVybmV0IEtFWWluZyIsIEludGVybmV0IERyYWZ0LCBXb3Jr
IGluIFByb2dyZXNzIA0KICAgICAgICAgICAgICAgICAgICAoTVNFQyBXRykgDQogICAgICAgICAg
ICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgWzJdICBILiBLcmF3Y3p5aywgTS4gQmVs
bGFyZSwgUi4gQ2FuZXR0aTsgIkhNQUM6IEtleWVkLUhhc2hpbmcgZm9yIA0KICAgICAgICAgICAg
ICAgICAgICBNZXNzYWdlIEF1dGhlbnRpY2F0aW9uIiwgUkZDIDIxMDQsIEZlYnJ1YXJ5IDE5OTcu
IA0KICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIFszXSBOSVNULCBG
SUJTLVBVQiAxODAtMSwgIlNlY3VyZSBIYXNoIFN0YW5kYXJkIiwgQXByaWwgMTk5NSwgDQogICAg
ICAgICAgICAgICAgICAgIGh0dHA6Ly9jc3JjLm5pc3QuZ292L2ZpcHMvZmlwMTgwLTEucHMgDQog
ICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgRXVj
aG5lciAgICAgICAgICAgICAgICAgICBFeHBpcmF0aW9uOiA3LzIwMDIgICAgICAgICAgICAgICAg
ICBbUGFnZSA5XSAKDA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSE1BQy1hdXRo
ZW50aWNhdGVkIERpZmZpZS1IZWxsbWFuIGZvciBNSUtFWSBKYW51YXJ5IDIwMDIgDQoNCiAgICAg
ICAgICAgICAgICAgICAgOC4gSW5mb3JtYXRpdmUgUmVmZXJlbmNlcyANCiAgICAgICAgICAgICAg
ICAgICAgIA0KICAgICAgICAgICAgICAgICAgICBbNF0gQS5KLiBNZW5lemVzLCBQIHYuIE9vcnNj
aG90LCBTLiBWYW5zdG9uZTogIkFwcGxpZWQgQ3J5cHRvZ3JhcGh5IiwgDQogICAgICAgICAgICAg
ICAgICAgIENSQyBQcmVzcywgMTk5NiANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAg
ICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAg
OS4gQXV0aG9yJ3MgQWRkcmVzcyANCiAgICAgICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAg
ICAgICAgICAgICBQbGVhc2UgYWRkcmVzcyBhbGwgY29tbWVudHMgdG86IA0KICAgICAgICAgICAg
ICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgIE1hcnRpbiBFdWNobmVyICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIFNpZW1lbnMgQUcgDQogICAgICAgICAgICAgICAgICAgIEVt
YWlsOiBtYXJ0aW4uZXVjaG5lckBpY24uc2llbWVucy5kZSAgICAgICAgICAgIElDTiBNIFNSIDMg
DQogICAgICAgICAgICAgICAgICAgIFBob25lOiArNDkgODkgNzIyIDU1NzkwICAgICAgICAgICAg
ICAgICAgICAgICAgIEhvZm1hbm5zdHIuIDUxIA0KICAgICAgICAgICAgICAgICAgICBGYXg6ICAg
KzQ5IDg5IDcyMiA0NzcxMyAgICAgICAgICAgICAgICAgICAgICAgICA4MTM1OSBNdW5pY2gsIEdl
cm1hbnkgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgIA0KICAg
ICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAg
ICAgICAgMTAuICBFeHBpcmF0aW9uIERhdGUgDQogICAgICAgICAgICAgICAgICAgICANCiAgICAg
ICAgICAgICAgICAgICAgICAgVGhpcyBJbnRlcm5ldCBEcmFmdCBleHBpcmVzIG9uIDMwIEp1bHkg
MjAwMi4gDQogICAgICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgT3Bl
biBpc3N1ZXM6IA0KICAgICAgICAgICAgICAgICAgICAgICBNYWtlIHRoaXMgYSBNU0VHIFdHIGRy
YWZ0PyANCiAgICAgICAgICAgICAgICAgICAgICAgT3IgbWFrZSBhbiBpbmRpdmlkdWFsIHN1Ym1p
c3Npb24/IA0KICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAg
ICANCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQog
ICAgICAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICAgICAgRXVjaG5lciAgICAgICAg
ICAgICAgICAgICBFeHBpcmF0aW9uOiA3LzIwMDIgICAgICAgICAgICAgICAgIFtQYWdlIDEwXSAK
DA==
--=====================_3339902==_--


_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Fri Feb  1 14:55:20 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10279
	for <msec-archive@odin.ietf.org>; Fri, 1 Feb 2002 14:55:20 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id D764C536F9; Fri,  1 Feb 2002 14:54:53 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id 4D1A3535F8
	for <msec@lists.securemulticast.org>; Fri,  1 Feb 2002 14:52:03 -0500 (EST)
Received: (qmail 94926 invoked by uid 3269); 1 Feb 2002 19:52:03 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 94923 invoked from network); 1 Feb 2002 19:52:02 -0000
Received: from nisser.cisco.com (171.71.176.85)
  by klesh.pair.com with SMTP; 1 Feb 2002 19:52:02 -0000
Received: from cisco.com (dhcp-128-107-163-206.cisco.com [128.107.163.206]) by nisser.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id LAA04182; Fri, 1 Feb 2002 11:37:45 -0800 (PST)
Message-ID: <3C5AEE89.2B77D619@cisco.com>
From: Brian Weis <bew@cisco.com>
X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Lakshminath Dondeti <ldondeti@nortelnetworks.com>
Cc: Ran Canetti <canetti@watson.ibm.com>, msec@securemulticast.org,
        jis@mit.edu, Marcus Leech <mleech@pte.nortelnetworks.com>,
        thardjono@verisign.com
Subject: Re: [MSEC] GDOI: Last call for proposed standard
References: <200201181726.MAA25550@ornavella.watson.ibm.com> <3C58299C.E7B44B93@nortelnetworks.com> <3C589DDE.8A20A2CF@cisco.com> <3C59D393.6233BCA0@nortelnetworks.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Fri, 01 Feb 2002 11:37:45 -0800
Content-Transfer-Encoding: 7bit

Hi Lakshimath,

Lakshminath Dondeti wrote:
> 
> Brian,
> 
> Many thanks for the reply.  Please see inline.
> 
> Brian Weis wrote:
> >
> > Hi Lakshminath,
> >
> > As always, thanks for your comments. I'm going to deal with the issues
> > in reverse order:
> >
> > > 2) LKH definitions:  LKH interoperability issues need further
> > > discussion.  That stuff might be pulled out of the GDOI draft; instead
> > > the authors might propose generic payloads that accommodate any
> > > key management algorithm.
> >
> > We would prefer not to pull the LKH text out of the draft since we think
> > it provides a substantial benefit of allowing group membership changes
> > in the rekey message. However, we do indeed mean to accommodate other
> > key management algorithms, not just LKH.
> >
> > > Besides, Sun has a PATENT on LKH.  Of course, LKH is also published
> > > as an RFC by another group.  I am not a lawyer, so I don't understand
> > > how that can be resolved.
> >
> > I wasn't aware that anyone claimed IP on key hierarchies. LKH is
> > certainly defined in RFC2627 though, and I have seen companies claim
> > that they use the algorithm in their systems. So it seems safe to
> > declare how it would be used in GDOI since it isn't intended to be a
> > required feature.
> >
> > > Proposal:  Make GDOI LKH independent.
> >
> > There's (at least) two facets to independence.
> >
> > A. Making sure LKH isn't a required feature for an implementation. This
> > will be clarified in the draft.
> >
> > B. Making sure that other key management algorithms can be used. The
> > attribute list in section 5.5 lists possible key download types. There
> > are two KEK related types: KEK (which defines a single key for the
> > group), and LKH (which defines an LKH structure of keys). The list also
> > has RESERVED and PRIVATE USE namespaces which were intended to be used
> > for defining new key management types, as necessary. In particular,
> > whatever type of key management policy becomes defined the MSEC GKMARCH
> > document should be allocated from the RESERVED list at a later time via
> > the standard IANA namespace allocation process.
> 
> Thanks.  I noticed that -02- has references to OFT, but -03- did not.
> It may be because you did not want to have references to I-Ds.  But, in
> its current state, it appears from Section 5.3.2 that LKH is the only
> choice (especially to someone not familiar with research in this area)
> for a KEK_MANAGEMENT_ALGORITHM.

That's a good point. I've found that we can have non-normative
references, so I'll add some text mentioning possible alternatives and
site them.

> > > 1) The PUSH message:  For scalable and reliable transport of batch
> > > rekey messages, it may be appropriate to have two types of PUSH
> > > messages.
> > >
> > > Briefly, for group initialization and batch rekeying, the rekey/PUSH
> > > message can get too long (initialization of a logical hierarchy with
> > > n=2^16 members requires sending 2^16 KP payloads = ~2845 packets; note
> > > that each member needs only logn = 16 KP payloads = ~1 packet.  There
> > > are proposals in the literature for various groupings of keys for
> > > efficient transport).
> > >
> > > Proposal:  Allow splitting PUSH messages.
> >
> > Actually I thought splitting the messages could be achieved with what's
> > in the draft now, at least with respect to dealing with large LKH
> > updates. There is a single LKH attribute in the KD payload. That LKH
> > attribute is defined in section 5.5.3 as a list of attributes. Each
> > KEK_LKH attribute is specific to one leaf (i.e., user). If multiple
> > leafs need to be rekeyed by a group membership change, then multiple
> > KEK_LKH attributes should be included. But nothing says that all of the
> > leafs for a particular change need to be in a single rekey packet. It
> > should be feasible to split up the attributes into multiple messages.
> >
> > It would be necessary for each message to be a full rekey message
> > including the SA payload as well, since the SA payload defines the
> > policy for the KD payload.
> 
> Splitting the rekey message would have some overhead.  But including the
> SA payload with each message (within a rekeying instance, i.e., same
> SPI) would make it even worse.  Consider that we may end up sending
> hundreds of these messages per rekey instance.
> 
> In any event, I wanted to bring this discussion to the mailing list.
> Looks like no one else is interested in it anyway :-).  Furthermore,
> there are some advantages to including the SA payload with each message.
> 
> It would be good if you could add some text reflecting this discussion
> in the I-D (soon to be RFC).  Many thanks.

Will do!

Thanks,
Brian

> best regards,
> Lakshminath
> 
> >
> > Does that seem sufficient to you?
> >
> > Thanks,
> > Brian
> >
> > ---
> > Brian Weis
> > Strategic Cryptographic Development, ITD, Cisco Systems
> > Telephone: +1 408 526 4796
> > Email: bew@cisco.com
> >
> > _______________________________________________
> > msec mailing list
> > msec@securemulticast.org
> > http://www.pairlist.net/mailman/listinfo/msec

-- 
Brian Weis
Strategic Cryptographic Development, ITD, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Fri Feb  1 16:40:19 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12588
	for <msec-archive@odin.ietf.org>; Fri, 1 Feb 2002 16:40:19 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id C06A55373B; Fri,  1 Feb 2002 16:38:48 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id AED9553776
	for <msec@lists.securemulticast.org>; Fri,  1 Feb 2002 16:36:29 -0500 (EST)
Received: (qmail 10264 invoked by uid 3269); 1 Feb 2002 21:36:28 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 10261 invoked from network); 1 Feb 2002 21:36:28 -0000
Received: from sj-msg-core-2.cisco.com (171.69.24.11)
  by klesh.pair.com with SMTP; 1 Feb 2002 21:36:28 -0000
Received: from mira-sjc5-6.cisco.com (mira-sjc5-6.cisco.com [171.71.163.23])
	by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id g11LV9605977;
	Fri, 1 Feb 2002 13:31:10 -0800 (PST)
Received: from mbaugher-w2k1.cisco.com (sjc-vpn3-987.cisco.com [10.21.67.219])
	by mira-sjc5-6.cisco.com (Mirapoint)
	with ESMTP id AAU24837;
	Fri, 1 Feb 2002 13:29:42 -0800 (PST)
Message-Id: <4.3.2.7.2.20020201132408.044171d0@mira-sjc5-6.cisco.com>
X-Sender: mbaugher@mira-sjc5-6.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
To: Brian Weis <bew@cisco.com>,
        Lakshminath Dondeti <ldondeti@nortelnetworks.com>
From: Mark Baugher <mbaugher@cisco.com>
Subject: Re: [MSEC] GDOI: Last call for proposed standard
Cc: msec@securemulticast.org, jis@mit.edu,
        Marcus Leech <mleech@pte.nortelnetworks.com>
In-Reply-To: <3C5AEE89.2B77D619@cisco.com>
References: <200201181726.MAA25550@ornavella.watson.ibm.com>
 <3C58299C.E7B44B93@nortelnetworks.com>
 <3C589DDE.8A20A2CF@cisco.com>
 <3C59D393.6233BCA0@nortelnetworks.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Fri, 01 Feb 2002 13:28:56 -0800

I could not find a published description of OFT aside
from an expired I-D.  I believe we have a journal
reference to subset difference and can add that
to the draft.  And we need to make it clear that
the KEK can be used to encrypt a rekey message
without the use of a group key management algorithm
like RFC 2627 or subset difference.  That option
is in the current GDOI draft.  We should just make
this more clear in the text.

thanks, Mark
At 11:37 AM 2/1/2002 -0800, Brian Weis wrote:
>Hi Lakshimath,
>
>Lakshminath Dondeti wrote:
> >
> > Brian,
> >
> > Many thanks for the reply.  Please see inline.
> >
> > Brian Weis wrote:
> > >
> > > Hi Lakshminath,
> > >
> > > As always, thanks for your comments. I'm going to deal with the issues
> > > in reverse order:
> > >
> > > > 2) LKH definitions:  LKH interoperability issues need further
> > > > discussion.  That stuff might be pulled out of the GDOI draft; instead
> > > > the authors might propose generic payloads that accommodate any
> > > > key management algorithm.
> > >
> > > We would prefer not to pull the LKH text out of the draft since we think
> > > it provides a substantial benefit of allowing group membership changes
> > > in the rekey message. However, we do indeed mean to accommodate other
> > > key management algorithms, not just LKH.
> > >
> > > > Besides, Sun has a PATENT on LKH.  Of course, LKH is also published
> > > > as an RFC by another group.  I am not a lawyer, so I don't understand
> > > > how that can be resolved.
> > >
> > > I wasn't aware that anyone claimed IP on key hierarchies. LKH is
> > > certainly defined in RFC2627 though, and I have seen companies claim
> > > that they use the algorithm in their systems. So it seems safe to
> > > declare how it would be used in GDOI since it isn't intended to be a
> > > required feature.
> > >
> > > > Proposal:  Make GDOI LKH independent.
> > >
> > > There's (at least) two facets to independence.
> > >
> > > A. Making sure LKH isn't a required feature for an implementation. This
> > > will be clarified in the draft.
> > >
> > > B. Making sure that other key management algorithms can be used. The
> > > attribute list in section 5.5 lists possible key download types. There
> > > are two KEK related types: KEK (which defines a single key for the
> > > group), and LKH (which defines an LKH structure of keys). The list also
> > > has RESERVED and PRIVATE USE namespaces which were intended to be used
> > > for defining new key management types, as necessary. In particular,
> > > whatever type of key management policy becomes defined the MSEC GKMARCH
> > > document should be allocated from the RESERVED list at a later time via
> > > the standard IANA namespace allocation process.
> >
> > Thanks.  I noticed that -02- has references to OFT, but -03- did not.
> > It may be because you did not want to have references to I-Ds.  But, in
> > its current state, it appears from Section 5.3.2 that LKH is the only
> > choice (especially to someone not familiar with research in this area)
> > for a KEK_MANAGEMENT_ALGORITHM.
>
>That's a good point. I've found that we can have non-normative
>references, so I'll add some text mentioning possible alternatives and
>site them.
>
> > > > 1) The PUSH message:  For scalable and reliable transport of batch
> > > > rekey messages, it may be appropriate to have two types of PUSH
> > > > messages.
> > > >
> > > > Briefly, for group initialization and batch rekeying, the rekey/PUSH
> > > > message can get too long (initialization of a logical hierarchy with
> > > > n=2^16 members requires sending 2^16 KP payloads = ~2845 packets; note
> > > > that each member needs only logn = 16 KP payloads = ~1 packet.  There
> > > > are proposals in the literature for various groupings of keys for
> > > > efficient transport).
> > > >
> > > > Proposal:  Allow splitting PUSH messages.
> > >
> > > Actually I thought splitting the messages could be achieved with what's
> > > in the draft now, at least with respect to dealing with large LKH
> > > updates. There is a single LKH attribute in the KD payload. That LKH
> > > attribute is defined in section 5.5.3 as a list of attributes. Each
> > > KEK_LKH attribute is specific to one leaf (i.e., user). If multiple
> > > leafs need to be rekeyed by a group membership change, then multiple
> > > KEK_LKH attributes should be included. But nothing says that all of the
> > > leafs for a particular change need to be in a single rekey packet. It
> > > should be feasible to split up the attributes into multiple messages.
> > >
> > > It would be necessary for each message to be a full rekey message
> > > including the SA payload as well, since the SA payload defines the
> > > policy for the KD payload.
> >
> > Splitting the rekey message would have some overhead.  But including the
> > SA payload with each message (within a rekeying instance, i.e., same
> > SPI) would make it even worse.  Consider that we may end up sending
> > hundreds of these messages per rekey instance.
> >
> > In any event, I wanted to bring this discussion to the mailing list.
> > Looks like no one else is interested in it anyway :-).  Furthermore,
> > there are some advantages to including the SA payload with each message.
> >
> > It would be good if you could add some text reflecting this discussion
> > in the I-D (soon to be RFC).  Many thanks.
>
>Will do!
>
>Thanks,
>Brian
>
> > best regards,
> > Lakshminath
> >
> > >
> > > Does that seem sufficient to you?
> > >
> > > Thanks,
> > > Brian
> > >
> > > ---
> > > Brian Weis
> > > Strategic Cryptographic Development, ITD, Cisco Systems
> > > Telephone: +1 408 526 4796
> > > Email: bew@cisco.com
> > >
> > > _______________________________________________
> > > msec mailing list
> > > msec@securemulticast.org
> > > http://www.pairlist.net/mailman/listinfo/msec
>
>--
>Brian Weis
>Strategic Cryptographic Development, ITD, Cisco Systems
>Telephone: +1 408 526 4796
>Email: bew@cisco.com
>
>_______________________________________________
>msec mailing list
>msec@securemulticast.org
>http://www.pairlist.net/mailman/listinfo/msec


_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Sat Feb 16 04:50:03 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA09745
	for <msec-archive@odin.ietf.org>; Sat, 16 Feb 2002 04:50:03 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id A9DFC53C7C; Sat, 16 Feb 2002 04:49:12 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id B849B53C81
	for <msec@lists.securemulticast.org>; Sat, 16 Feb 2002 04:48:28 -0500 (EST)
Received: (qmail 41308 invoked by uid 3269); 16 Feb 2002 09:48:51 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 41305 invoked from network); 16 Feb 2002 09:48:51 -0000
Received: from softdnserror (HELO mailweb25.rediffmail.com) (203.199.83.29)
  by klesh.pair.com with SMTP; 16 Feb 2002 09:48:51 -0000
Received: (qmail 14249 invoked by uid 510); 16 Feb 2002 09:45:17 -0000
Message-ID: <20020216094517.14248.qmail@mailweb25.rediffmail.com>
Received: from unknown (210.126.9.133) by rediffmail.com via HTTP; 16 Feb 2002 09:45:17 -0000
MIME-Version: 1.0
From: "gampu  katwa" <multicast@rediffmail.com>
Reply-To: "gampu  katwa" <multicast@rediffmail.com>
To: msec@securemulticast.org
Content-type: text/plain;
	charset=iso-8859-1
Content-Disposition: inline
Subject: [MSEC] Hai!!!
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: 16 Feb 2002 09:45:17 -0000
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id EAA09745


hai all,
       i am looking for more mailing lists related to multicasting and DVMRP, if anybody knows the same please inform me.
thanx,
regards,
gampu 


_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Sat Feb 16 12:02:54 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA14205
	for <msec-archive@odin.ietf.org>; Sat, 16 Feb 2002 12:02:54 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id F3ACB53D4E; Sat, 16 Feb 2002 11:57:13 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id E1F2453D42
	for <msec@lists.securemulticast.org>; Sat, 16 Feb 2002 11:56:35 -0500 (EST)
Received: (qmail 74224 invoked by uid 3269); 16 Feb 2002 16:56:59 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 74221 invoked from network); 16 Feb 2002 16:56:59 -0000
Received: from lennon.multicasttech.com (HELO multicasttech.com) (root@63.105.122.7)
  by klesh.pair.com with SMTP; 16 Feb 2002 16:56:59 -0000
Received: from [165.247.109.193] (account <marshall_eubanks@multicasttech.com>)
  by multicasttech.com (CommuniGate Pro WebUser 3.4.8)
  with HTTP id 1256714; Sat, 16 Feb 2002 11:56:24 -0500
From: "Marshall Eubanks" <tme@multicasttech.com>
Subject: Re: [MSEC] Hai!!!
To: "gampu  katwa" <multicast@rediffmail.com>, msec@securemulticast.org
X-Mailer: CommuniGate Pro Web Mailer v.3.4.8
Message-ID: <web-1256714@multicasttech.com>
In-Reply-To: <20020216094517.14248.qmail@mailweb25.rediffmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Sat, 16 Feb 2002 11:56:24 -0500
Content-Transfer-Encoding: 8bit

On 16 Feb 2002 09:45:17 -0000
 "gampu  katwa" <multicast@rediffmail.com> wrote:
> 
> hai all,
>        i am looking for more mailing lists related to
> multicasting and DVMRP, if anybody knows the same please
> inform me.
> thanx,
> regards,
> gampu 

I would suspect that you want to join the IPMI mailing list
- contact Scott Mace (see below).

I would also recommend that you stay away from DVMRP if at
all possible - use PIM-SM if you can.

The current DVMRP draft is being maintained by IDMR - see
http://www.ietf.org/html.charters/idmr-charter.html

They have a (pretty quiet) mailing list.

Regards
Marshall Eubanks


------ Forwarded Message
From: Scott Mace <smace@PENTON.COM>
Reply-To: Scott Mace <smace@PENTON.COM>
Date: Fri, 1 Feb 2002 13:21:50 -0800
To: IPMULTICAST@STARDUST.COM
Subject: IP Multicast Mailing List is moving next week

All--

The IP Multicast Mailing List is moving to its new home
sometime next week.

All current members of the list will be automatically moved
to the new list
home at the time of the changeover. You will be asked to
confirm your
continuing membership in the list through an email you will
receive at that
time.

The big change is that this list will now be managed by
software from
Lyris, instead of Listserv from Lsoft.

There will be a new Web interface for subscribing and
unsubscribing to the
list, and I will post info on this at changeover time. As
you may know, the
old Web interface for doing this has been disabled for about
a month.

A new, threaded message archive will be created capturing
messages from the
date of the changeover moving forward. The threaded message
archive from
the list's December 1996 inception to the present will be
moved to a series
of flat HTML pages, one for each month of the present list's
time. I
apologize for the loss of the older threaded archive. One
benefit of the
changeover is that I am able to remove a number of message
attachments
which you and we have identified over time as viruses.

If anyone reading this knows of an easy way to convert the
current threaded
archive (at http://www.stardustwireless.com/archives/ipmulticast.html)
into
a fully-threaded archive that does not require the purchase
of a Listserv
license, please let me know immediately. But for now the
older archive will
be the set of HTML pages mentioned above. The current
threaded archive will
cease to operate shortly after the list changeover.

I also want to let members of this list know that the Web
site
http://www.ipmulticast.com will be going away. A
reorganization of Penton
Media has closed down Stardust.com, which was operating the
site and the IP
Multicast Forum. But Penton is committed to supporting IP
Multicast through
sponsorship of this mailing list and through discussion of
multicast at our
Service Networks event.

If you have any questions, please send them to me at
smace@penton.com.

Regards,
Scott Mace


****************************************************
Scott Mace
Editorial Director, Penton Service Provider Events
Tel 510-843-0310 or 510-354-2210
47817 Fremont Blvd.
Fremont, CA 94538
email smace@penton.com
(In the event your email fails to reach me, please resend
email to
scottmace@wiredmuse.com)


> 
> 
> _______________________________________________
> msec mailing list
> msec@securemulticast.org
> http://www.pairlist.net/mailman/listinfo/msec


_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Wed Feb 20 02:13:46 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA24037
	for <msec-archive@odin.ietf.org>; Wed, 20 Feb 2002 02:13:45 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 7545D53862; Wed, 20 Feb 2002 02:09:22 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id 93DD453903
	for <msec@lists.securemulticast.org>; Sat,  2 Feb 2002 18:31:01 -0500 (EST)
Received: (qmail 79671 invoked by uid 3269); 2 Feb 2002 23:31:00 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 79666 invoked from network); 2 Feb 2002 23:31:00 -0000
Received: from smtp03.mrf.mail.rcn.net (207.172.4.62)
  by klesh.pair.com with SMTP; 2 Feb 2002 23:31:00 -0000
X-Info: This message was accepted for relay by
	smtp03.mrf.mail.rcn.net as the sender used SMTP authentication
X-Trace: UmFuZG9tSVbHQI4yzFqgzD6ZY6OFpGSgpJcbfx9SQvgZvqPtNBvoxqZmMbrY6A7u
Received: from sense-sea-focal-dynamic-2-broadcast.oz.net ([216.39.134.127] helo=erols.com)
	by smtp03.mrf.mail.rcn.net with asmtp (Exim 3.33 #10)
	id 16X9cZ-0004HQ-00
	for msec@securemulticast.org; Sat, 02 Feb 2002 18:30:59 -0500
Message-ID: <3C5C7696.B34D976B@erols.com>
From: Chuck Harrison <cfharr@erols.com>
X-Mailer: Mozilla 4.78 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: msec@securemulticast.org
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [MSEC] Announce: RfT on Key Management - SMPTE DCinema
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Sat, 02 Feb 2002 15:30:30 -0800
Content-Transfer-Encoding: 7bit

The Society of Motion Picture and Television Engineers (SMPTE),
an international engineering society and ANSI-accredited standards
body, is pleased to announce it has issued a Request for Technology
(RfT) regarding Key Management for Digital Cinema.

You are invited to review the material at
 ftp://eng.smpte.org/pub/KM-RFT-cover.doc
 ftp://eng.smpte.org/pub/kmrqmtsv1.2.zip
 ftp://eng.smpte.org/pub/dc28-4_interim_report_v1.pdf
and to forward this announcement to your colleagues.

If you have technologies in this area which you would like to
propose for standardization, we encourage you to advise SMPTE
of your intent to respond at your earliest convenience. Please
refer to the documents cited above for further information.

Regards,
  Chuck Harrison
  Far Field Associates, LLC
  co-chair, SMPTE DC28.4W Working Group on Content Protection
    and Conditional Access for Digital Cinema
  +1 360 863 8340 (voice)  PST = GMT-0800

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Wed Feb 20 02:15:48 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA24074
	for <msec-archive@odin.ietf.org>; Wed, 20 Feb 2002 02:15:47 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 197635386A; Wed, 20 Feb 2002 02:11:28 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id C594853FC0
	for <msec@lists.securemulticast.org>; Tue, 19 Feb 2002 11:30:14 -0500 (EST)
Received: (qmail 31110 invoked by uid 3269); 19 Feb 2002 16:30:44 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 31107 invoked from network); 19 Feb 2002 16:30:44 -0000
Received: from zrc2s0jx.nortelnetworks.com (47.103.122.112)
  by klesh.pair.com with SMTP; 19 Feb 2002 16:30:44 -0000
Received: from zrc2c011.us.nortel.com (zrc2c011.us.nortel.com [47.103.120.51])
	by zrc2s0jx.nortelnetworks.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id g1JGTOO19372;
	Tue, 19 Feb 2002 10:29:24 -0600 (CST)
Received: by zrc2c011.us.nortel.com with Internet Mail Service (5.5.2653.19)
	id <19H2267Z>; Tue, 19 Feb 2002 10:29:24 -0600
Message-ID: <1B54FA3A2709D51195C800508BF9386A0311A13D@zrc2c000.us.nortel.com>
From: "Peter Barany" <pbarany@nortelnetworks.com>
To: "'Roman Shpount'" <roman@atelo.com>,
        "Sanjoy Sen" <sanjoy@nortelnetworks.com>, jdrosen@dynamicsoft.com,
        mmusic@ietf.org
Cc: "'msec@securemulticast.org'" <msec@securemulticast.org>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C1B962.918E24F0"
Subject: [MSEC] RE: [MMUSIC] RE: summarizing discussion on codec placement in ans
 wer
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Tue, 19 Feb 2002 10:29:14 -0600

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1B962.918E24F0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi,

If we assume that we are talking about SRTP (draft-ietf-avt-srtp-02.txt)
with the key exchange mechanism/SDP extensions being defined in
draft-ietf-msec-mikey-00.txt and draft-ietf-mmusic-kmgmt-ext-01.txt,
respectively, then there should be no ambiguity with early media solution(s)
provided that the new proposed SDP attribute "a=keymgmt-data:" contains
based-64 encoded MIKEY payloads in the UPDATE request method contains all of
the parameters (e.g., SSRC,etc.) required to create a cryptographic
context(s) (...and then provided that the response code to the UPDATE
request method accepts the codec(s) offered to it).

The potential problem with the previous e-mail regarding offer/answer issue
related to a conflict regarding the sending of "a=keymgmt-data:" in SDP
with, for example, 3 cryptographic context(s) (3 SSRCs) but only two
codec(s). See below. Thanks.

Regards,

Pete

-----Original Message-----
From: Roman Shpount [mailto:roman@atelo.com]
Sent: Monday, February 18, 2002 6:49 PM
To: Sen, Sanjoy [NGC:B692:EXCH]; jdrosen@dynamicsoft.com;
mmusic@ietf.org
Subject: [MMUSIC] RE: summarizing discussion on codec placement in
answer


Sanjoy Sen wrote:

> Also, its not clear to some of us how would you negotiate the 
> attributes that're associated with the media session (e.g., security 
> parameters). Example, suppose Offerer sends 3 codecs - 2,3,4 and the 
> answerer responds with 3,4 and adds an a=keymgmt-data: attribute for
> this media, should the offerer be ready to accept 2 with the security 
> keys applied?

I have a related question: How would the same security parameter negotiation
work with early media?
___________________________________
Roman Shpount, VP of Technology
aTelo, Inc. 
2107 Wilson Blvd., Suite 301 
Arlington, VA 22201 
PCN: 703-621-4040 for voice / fax
www.atelo.com






_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

------_=_NextPart_001_01C1B962.918E24F0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.89">
<TITLE>RE: [MMUSIC] RE: summarizing discussion on codec placement in =
answer</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Hi,</FONT>
</P>

<P><FONT SIZE=3D2>If we assume that we are talking about SRTP =
(draft-ietf-avt-srtp-02.txt) with the key exchange mechanism/SDP =
extensions being defined in draft-ietf-msec-mikey-00.txt and =
draft-ietf-mmusic-kmgmt-ext-01.txt, respectively, then there should be =
no ambiguity with early media solution(s) provided that the new =
proposed SDP attribute &quot;a=3Dkeymgmt-data:&quot; contains based-64 =
encoded MIKEY payloads in the UPDATE request method contains all of the =
parameters (e.g., SSRC,etc.) required to create a cryptographic =
context(s) (...and then provided that the response code to the UPDATE =
request method accepts the codec(s) offered to it).</FONT></P>

<P><FONT SIZE=3D2>The potential problem with the previous e-mail =
regarding offer/answer issue related to a conflict regarding the =
sending of &quot;a=3Dkeymgmt-data:&quot; in SDP with, for example, 3 =
cryptographic context(s) (3 SSRCs) but only two codec(s). See below. =
Thanks.</FONT></P>

<P><FONT SIZE=3D2>Regards,</FONT>
</P>

<P><FONT SIZE=3D2>Pete</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Roman Shpount [<A =
HREF=3D"mailto:roman@atelo.com">mailto:roman@atelo.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Monday, February 18, 2002 6:49 PM</FONT>
<BR><FONT SIZE=3D2>To: Sen, Sanjoy [NGC:B692:EXCH]; =
jdrosen@dynamicsoft.com;</FONT>
<BR><FONT SIZE=3D2>mmusic@ietf.org</FONT>
<BR><FONT SIZE=3D2>Subject: [MMUSIC] RE: summarizing discussion on =
codec placement in</FONT>
<BR><FONT SIZE=3D2>answer</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Sanjoy Sen wrote:</FONT>
</P>

<P><FONT SIZE=3D2>&gt; Also, its not clear to some of us how would you =
negotiate the </FONT>
<BR><FONT SIZE=3D2>&gt; attributes that're associated with the media =
session (e.g., security </FONT>
<BR><FONT SIZE=3D2>&gt; parameters). Example, suppose Offerer sends 3 =
codecs - 2,3,4 and the </FONT>
<BR><FONT SIZE=3D2>&gt; answerer responds with 3,4 and adds an =
a=3Dkeymgmt-data: attribute for</FONT>
<BR><FONT SIZE=3D2>&gt; this media, should the offerer be ready to =
accept 2 with the security </FONT>
<BR><FONT SIZE=3D2>&gt; keys applied?</FONT>
</P>

<P><FONT SIZE=3D2>I have a related question: How would the same =
security parameter negotiation work with early media?</FONT>
<BR><FONT SIZE=3D2>___________________________________</FONT>
<BR><FONT SIZE=3D2>Roman Shpount, VP of Technology</FONT>
<BR><FONT SIZE=3D2>aTelo, Inc. </FONT>
<BR><FONT SIZE=3D2>2107 Wilson Blvd., Suite 301 </FONT>
<BR><FONT SIZE=3D2>Arlington, VA 22201 </FONT>
<BR><FONT SIZE=3D2>PCN: 703-621-4040 for voice / fax</FONT>
<BR><FONT SIZE=3D2>www.atelo.com</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<BR>

<P><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>mmusic mailing list</FONT>
<BR><FONT SIZE=3D2>mmusic@ietf.org</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"https://www1.ietf.org/mailman/listinfo/mmusic" =
TARGET=3D"_blank">https://www1.ietf.org/mailman/listinfo/mmusic</A></FON=
T>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C1B962.918E24F0--

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Wed Feb 27 12:44:45 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05807
	for <msec-archive@odin.ietf.org>; Wed, 27 Feb 2002 12:44:39 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 1889253AEE; Wed, 27 Feb 2002 12:43:23 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id 2E58453555
	for <msec@lists.securemulticast.org>; Wed, 27 Feb 2002 12:42:38 -0500 (EST)
Received: (qmail 44208 invoked by uid 3269); 27 Feb 2002 17:43:26 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 44205 invoked from network); 27 Feb 2002 17:43:26 -0000
Received: from igw3.watson.ibm.com (198.81.209.18)
  by klesh.pair.com with SMTP; 27 Feb 2002 17:43:26 -0000
Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57])
	by igw3.watson.ibm.com (8.11.4/8.11.4) with ESMTP id g1RHgn711792;
	Wed, 27 Feb 2002 12:42:49 -0500
Received: from ornavella.watson.ibm.com (ornavella.watson.ibm.com [9.2.16.80])
	by sp1n293en1.watson.ibm.com (8.11.4/8.11.4) with ESMTP id g1RHgnM31636;
	Wed, 27 Feb 2002 12:42:49 -0500
Received: (from canetti@localhost)
	by ornavella.watson.ibm.com (AIX4.3/8.9.3/8.9.3/01-10-2000) id MAA27416;
	Wed, 27 Feb 2002 12:42:49 -0500
From: Ran Canetti <canetti@watson.ibm.com>
Message-Id: <200202271742.MAA27416@ornavella.watson.ibm.com>
To: msec@securemulticast.org
Cc: thardjono@yahoo.com
Subject: [MSEC] Call for agenda items
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Wed, 27 Feb 2002 12:42:49 -0500


Folks,

In the upcoming IETF, MSEC is going to meet on 9:00-11:30, monday 3/18.
Please send proposals for agenda items to Thomas and me.

Best,

Ran
 

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Thu Feb 28 04:16:10 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA15100
	for <msec-archive@odin.ietf.org>; Thu, 28 Feb 2002 04:16:10 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 1CF71535AC; Thu, 28 Feb 2002 04:14:03 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id BEFC653570
	for <msec@lists.securemulticast.org>; Thu, 28 Feb 2002 04:13:10 -0500 (EST)
Received: (qmail 87086 invoked by uid 3269); 28 Feb 2002 09:14:00 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 87083 invoked from network); 28 Feb 2002 09:13:59 -0000
Received: from beamer.mchh.siemens.de (194.138.158.163)
  by klesh.pair.com with SMTP; 28 Feb 2002 09:13:59 -0000
Received: from blues.mchh.siemens.de (mail2.mchh.siemens.de [194.138.158.227])
	by beamer.mchh.siemens.de (8.9.3/8.9.3) with ESMTP id KAA17613;
	Thu, 28 Feb 2002 10:13:21 +0100 (MET)
Received: from mchh159e.mch4.siemens.de ([139.21.130.171])
	by blues.mchh.siemens.de (8.9.1/8.9.1) with ESMTP id KAA01849;
	Thu, 28 Feb 2002 10:13:12 +0100 (MET)
Received: by mchh159e.mch.pn.siemens.de with Internet Mail Service (5.5.2653.19)
	id <1M5GC1NR>; Thu, 28 Feb 2002 10:13:24 +0100
Message-ID: <DA6599EBFD6CF042B0B77964CFF620955300B9@MCHH162E>
From: Euchner Martin ICN M SR 3 <Martin.Euchner@icn.siemens.de>
To: "'Ran Canetti'" <canetti@watson.ibm.com>, msec@securemulticast.org,
        Euchner Martin ICN M SR 3 <Martin.Euchner@icn.siemens.de>
Cc: thardjono@yahoo.com
Subject: RE: [MSEC] Call for agenda items
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Thu, 28 Feb 2002 10:13:22 +0100
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id EAA15100

Ran and Thomas,

please let me ask for a time slot (at least 5-10 minutes) for my ID 


	Title		: HMAC-authenticated Diffie-Hellman for MIKEY
	Author(s)	: M. Euchner
	Filename	: draft-euchner-mikey-dhhmac-00.txt
	Pages		: 10
	Date		: 25-Feb-02
	
This document describes a key management protocol variant for the 
multimedia Internet keying (MIKEY). In particular, the classic 
Diffie-Hellman key agreement protocol is used for key 
establishment in conjunction with a keyed hash (HMAC-SHA1) for 
achieving mutual authentication and message integrity of the key 
management messages exchanged. This MIKEY variant is called the 
HMAC-authenticated Diffie-Hellmann. It addresses the real-time 
aspects of multimedia key management in MIKEY.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-euchner-mikey-dhhmac-00.txt


With kind regards


Martin Euchner.
-----------------------------------------------------------------------
| Dipl.-Inf.                     Rapporteur Q.G/SG16
| Martin Euchner                 Phone: +49 89 722 55790
| Siemens AG.....................Fax  : +49 89 722 47713
| ICN M SR 3                     mailto:Martin.Euchner@icn.siemens.de
|                                mailto:martin.euchner@ties.itu.int
| Hofmannstr. 51                 Intranet:
http://intranet.icn.siemens.de/marketing/cs27/topics/security/
| D-81359 Muenchen               Internet: http://www.siemens.de/
| __________________
| Germany     
-----------------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
Gesendet: Dienstag, 26. Februar 2002 13:02
Betreff: I-D ACTION:draft-euchner-mikey-dhhmac-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts
directories.


	Title		: HMAC-authenticated Diffie-Hellman for MIKEY
	Author(s)	: M. Euchner
	Filename	: draft-euchner-mikey-dhhmac-00.txt
	Pages		: 10
	Date		: 25-Feb-02
	
This document describes a key management protocol variant for the 
multimedia Internet keying (MIKEY). In particular, the classic 
Diffie-Hellman key agreement protocol is used for key 
establishment in conjunction with a keyed hash (HMAC-SHA1) for 
achieving mutual authentication and message integrity of the key 
management messages exchanged. This MIKEY variant is called the 
HMAC-authenticated Diffie-Hellmann. It addresses the real-time 
aspects of multimedia key management in MIKEY.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-euchner-mikey-dhhmac-00.txt

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-euchner-mikey-dhhmac-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-euchner-mikey-dhhmac-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.



 -----Original Message-----
From: 	Ran Canetti [mailto:canetti@watson.ibm.com] 
Sent:	Wednesday, February 27, 2002 6:43 PM
To:	msec@securemulticast.org
Cc:	thardjono@yahoo.com
Subject:	[MSEC] Call for agenda items


Folks,

In the upcoming IETF, MSEC is going to meet on 9:00-11:30, monday 3/18.
Please send proposals for agenda items to Thomas and me.

Best,

Ran
 

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec

_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec


From msec-admin@securemulticast.org  Thu Feb 28 07:37:22 2002
Received: from pairlist.net (pairlist.net [216.92.1.92])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA19556
	for <msec-archive@odin.ietf.org>; Thu, 28 Feb 2002 07:37:21 -0500 (EST)
Received: from pairlist.net (localhost.pair.com [127.0.0.1])
	by pairlist.net (Postfix) with ESMTP
	id 16CE5535C2; Thu, 28 Feb 2002 07:33:01 -0500 (EST)
Delivered-To: msec@pairlist.net
Received: from klesh.pair.com (klesh.pair.com [209.68.2.45])
	by pairlist.net (Postfix) with SMTP id 6D2FD53672
	for <msec@lists.securemulticast.org>; Thu, 28 Feb 2002 07:32:29 -0500 (EST)
Received: (qmail 10609 invoked by uid 3269); 28 Feb 2002 12:33:19 -0000
Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org
Received: (qmail 10606 invoked from network); 28 Feb 2002 12:33:18 -0000
Received: from albatross-ext.wise.edt.ericsson.se (HELO albatross.wise.edt.ericsson.se) (193.180.251.46)
  by klesh.pair.com with SMTP; 28 Feb 2002 12:33:18 -0000
Received: from esealnt461 (esealnt461.al.sw.ericsson.se [153.88.251.61])
	by albatross.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with SMTP id g1SCXHZc013629
	for <msec@securemulticast.org>; Thu, 28 Feb 2002 13:33:17 +0100 (MET)
Received: FROM esealnt742.al.sw.ericsson.se BY esealnt461 ; Thu Feb 28 13:31:03 2002 +0100
Received: by esealnt742.al.sw.ericsson.se with Internet Mail Service (5.5.2653.19)
	id <F4G222XF>; Thu, 28 Feb 2002 13:21:21 +0100
Message-ID: <0DAEDF148988D411BB980008C7E65D2E04FE40AC@esealnt416>
From: "Fredrik Lindholm (ERA)" <Fredrik.Lindholm@era.ericsson.se>
To: "'Euchner Martin ICN M SR 3'" <Martin.Euchner@icn.siemens.de>,
        msec@securemulticast.org
Cc: "Fredrik Lindholm (ERA)" <Fredrik.Lindholm@era.ericsson.se>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: [MSEC] RE:FW: new draft draft-euchner-MIKEY-DHHMAC-00.txt "HMAC-authenti
 cat ed Diffie-Hellman for MIKEY"
Sender: msec-admin@securemulticast.org
Errors-To: msec-admin@securemulticast.org
X-BeenThere: msec@securemulticast.org
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:msec-request@securemulticast.org?subject=help>
List-Post: <mailto:msec@securemulticast.org>
List-Subscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=subscribe>
List-Id: IETF Multicast Security list <msec.securemulticast.org>
List-Unsubscribe: <http://www.pairlist.net/mailman/listinfo/msec>,
	<mailto:msec-request@securemulticast.org?subject=unsubscribe>
List-Archive: <http://www.pairlist.net/pipermail/msec/>
Date: Thu, 28 Feb 2002 13:30:36 +0100


Hi,

Some comments on the proposal. I had an off-line 
discussion with Martin, a few weeks ago. Some of these 
comments were raised then as well. 

The primary intention of DHHMAC is not to depend on a PKI 
(or the use of certificates). By introducing pre-shared 
keys, a PKI will of course not be needed. However, I 
personally don't see that MIKEY requires a PKI which is 
stated in DHHMAC (it is only stated that a PKI may be 
needed for scalability). There are no requirements in 
MIKEY that the public-keys must be distributed in a 
specific way. Of course, I see a few very obvious ways 
to distribute the public keys:

1) using a "full-fledge" PKI solution (with well defined 
distribution channels)

2) using self-signed certificates (which will lead to 
different requirements on the distribution)

3) ignore certificates and share the public-keys in whatever 
way you like (e.g. manually inserting the key in the user 
key database like a pre-shared key). The implication of this 
would be that the public keys would be just like pre-shared 
keys. In MIKEY, it is not specified how the user key database 
is built up (as this is viewed as implementation specific), 
e.g. if it is built only on certificates or if it may 
contain "hard coded" public keys. 

Another comment concerns the scenarios addressed. The DHHMAC 
will not work for some of these scenarios it will only work 
in a one-to-one scenario, not in small-size groups as stated. 

A comment concerning the HMAC. The HMAC in DHHMAC may be used 
with either SHA-1 or a truncated SHA-1. Using HMAC with a 
truncated hash, rather than truncated HMAC with full hash, is 
highly non-standard. In particular, what are the security 
effects of truncating the 'inner' hash in the HMAC? It seems 
that, e.g., under heuristic assumptions on the keying and the 
use of the padding strings in HMAC, the collision probability 
(hence also forgery probability), appears to increase by a 
factor of two.

So my personal opinion is that the DHHMAC will solve a problem 
that already can be solved by MIKEY. By using the HMAC instead 
of signatures will of course decrease the overall computational 
workload. However, due to the DH computations needed, I don't 
think a new method can be motivated from an efficiency point 
of view either.

Best Regards,
Fredrik

> -----Original Message-----
> From: Euchner Martin ICN M SR 3 [mailto:Martin.Euchner@icn.siemens.de]
> Sent: den 30 januari 2002 16:57
> To: msec@securemulticast.org
> Subject: [MSEC] FW: new draft draft-euchner-MIKEY-DHHMAC-00.txt
> "HMAC-authenticat ed Diffie-Hellman for MIKEY"
> 
> 
> 
> 
> 
> -----Original Message-----
> -From: 	Euchner Martin  ICN M SR 3
> Sent:	Monday, January 28, 2002 10:36 AM
> To:	'Thomas Hardjono'; Euchner Martin  ICN M SR 3
> Subject:	new draft draft-euchner-MIKEY-DHHMAC-00.txt
> "HMAC-authenticated Diffie-Hellman for MIKEY"
> Thomas,
> 
> as indicated at the past IETF MSEC WG meeting, I see reasons 
> for a fourth
> key management protocol variant in MIKEY. Please find attached my
> corresponding Internet Draft with a proposed specification of 
> such a scheme.
> However, before submitting my ID to the IETF secretariat, I 
> would like to
> consult with you how to best handle this issue.
> Please let me hear your advice on whether to make this an 
> MSEC WG draft or
> keep it as an individual draft for the time being? Of course, 
> I appreciate
> any other feedback as well.
> 
>   <<draft-euchner-MIKEY-DHHMAC-00.txt>>
> 
> With kind regards
> 
> Martin Euchner.
> --------------------------------------------------------------
> ---------
> | Dipl.-Inf.                     Phone: +49 89 722 55790
> | Martin Euchner                 Fax  : +49 89 722 47713
> | Siemens AG
> | ICN M SR 3                     mailto:Martin.Euchner@icn.siemens.de
> |                                mailto:martin.euchner@ties.itu.int
> | Hofmannstr. 51                 Intranet:
> http://intranet.icn.siemens.de/marketing/sr/pages/122/122_euchner.htm
> | D-81359 Muenchen               Internet: http://www.siemens.de/
> | __________________
> | Germany
> --------------------------------------------------------------
> ---------
> 
> -----Original Message-----
> -From: 	Thomas Hardjono [mailto:thardjono@mediaone.net]
> Sent:	Monday, January 14, 2002 11:19 PM
> To:	Euchner Martin  ICN M SR 3
> Subject:	RE: [MSEC] Draft of minutes from IETF52 Salt Lake City
> 
> Thanks Martin.
> cheers,
> thomas
> ------
> 
> At 1/14/2002||10:43 AM, you wrote:
>  >Thomas,
>  >
>  >In your meeting report you mentioned the following statement:
>  >
>  >Another person (?) mentioned that he has a fourth key 
> establishment scheme
>  >in mind.  Will write an I-D and post to the mailing list.
>  >
>  >
>  >Actually, it was me myself who made that true statement. 
> Thus, you can
>  >frankly substitute my name there.
>  >
>  >To be honest, I had not yet time to start writing such an 
> ID as desired,
> but
>  >I hope, I will find some time and be productive until the 
> next meeting.
>  >Watch out"
>  >
>  >With kind regards
>  >
>  >Martin Euchner.
>  
> >-------------------------------------------------------------
> ----------
>  >| Dipl.-Inf.                     Phone: +49 89 722 55790
>  >| Martin Euchner                 Fax  : +49 89 722 47713
>  >| Siemens AG
>  >| ICN M SR 3                     
mailto:Martin.Euchner@icn.siemens.de
 >|                                mailto:martin.euchner@ties.itu.int
 >| Hofmannstr. 51                 Intranet:
 >http://intranet.icn.siemens.de/marketing/sr/pages/122/122_euchner.htm
 >| D-81359 Muenchen               Internet: http://www.siemens.de/
 >| __________________
 >| Germany
 >-----------------------------------------------------------------------
 >
 >  -----Original Message-----
 >From:   Thomas Hardjono [mailto:thardjono@mediaone.net]
 >Sent:   Friday, January 11, 2002 11:42 PM
 >To:     msec@securemulticast.org
 >Cc:     canetti@watson.ibm.com
 >Subject:        [MSEC] Draft of minutes from IETF52 Salt Lake City
 >
 >  << File: msec52_minutes-draft1.txt >>
 >Folks,
 >
 >Attached is the draft of the minutes from the MSEC WG meeting
 >at IETF52 in Salt Lake City.
 >
 >My apologies for being late.
 >
 >Please look at it and comment a.s.a.p.  This was my effort at merging
 >the two pieces of the minutes (Thanks to Dennis and Lakshminath for
 >consecutively taking the minutes).
 >
 >If there are no major objections I might try to include it with the slides
 >for submission to the formal IETF52 Proceedings (deadline Jan/14).
 >
 >All the slides are now on the website, and only this minutes-file
 >is missing/late.
 >
 >cheers,
 >
 >thomas
 >------


_______________________________________________
msec mailing list
msec@securemulticast.org
http://www.pairlist.net/mailman/listinfo/msec