From nobody Mon Jul 1 00:52:26 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B94712003E; Mon, 1 Jul 2019 00:52:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7T-gM6JmmdN; Mon, 1 Jul 2019 00:52:07 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA28120033; Mon, 1 Jul 2019 00:52:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20757; q=dns/txt; s=iport; t=1561967526; x=1563177126; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=7mIU3VTZmqdqtBrWqG/KMZHBhYnZXK0W12jIR1MYvSA=; b=Zgnv8z48ftbE92mI1buT+lGVWDDMVX5SVwKdKsn6MqgmFghZ/LJ28Ipy U3hKKhZdswf6SmaWbvJlDBC1Sd+Bw63Dt2hdPUajdgK/qMI1V+kBvMpLS iCNvEexyohMiRJJQLeliij/vM2bweyPBx0+yh7isKBBwrj4QN1K/Cscmq E=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BVAACXuhld/xbLJq1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBZ4EVgWyBBCEHhB2Ie4wHmm0CBwEBAQkDAQEfEAEBhEACgyU?= =?us-ascii?q?4EwEDAQEEAQECAQVtijcMhUoBAQEDASNRBQULCQIOCicDAgJGEQYTG4MHAYF?= =?us-ascii?q?7DwiIBJtrgTKFR4RtEIE0gVGKJYF/gTgfgh4uPoJWgiSCVDKCJgSMCodzWpV?= =?us-ascii?q?YCYIYgh+BC4MpjScbgxeKFIo+lBFYgXqCV4gQgwkCBAYFAhWBZyGBWDMaCBs?= =?us-ascii?q?VZQGCQQk1ggqDaopVPQMwjwkBAQ?= X-IronPort-AV: E=Sophos;i="5.63,438,1557187200"; d="asc'?scan'208,217";a="13796482" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Jul 2019 07:52:04 +0000 Received: from [10.61.167.168] ([10.61.167.168]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x617q26W007264 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 1 Jul 2019 07:52:03 GMT From: Eliot Lear Message-Id: <8D7F2AE1-9F33-4BDB-A413-870BA37EE854@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_7A3D637B-05DF-4EFA-8011-2B329655C0AF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 1 Jul 2019 09:52:01 +0200 In-Reply-To: Cc: "opsawg@ietf.org" , "mud@ietf.org" To: Qin Wu References: X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.167.168, [10.61.167.168] X-Outbound-Node: aer-core-2.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 07:52:10 -0000 --Apple-Mail=_7A3D637B-05DF-4EFA-8011-2B329655C0AF Content-Type: multipart/alternative; boundary="Apple-Mail=_C6460DE7-847E-4C1A-ADF3-809B04B43CDA" --Apple-Mail=_C6460DE7-847E-4C1A-ADF3-809B04B43CDA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 1 Jul 2019, at 09:20, Qin Wu wrote: >=20 > =E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org = ] =E4=BB=A3=E8=A1=A8 Eliot Lear > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5= 17:48 > =E6=94=B6=E4=BB=B6=E4=BA=BA: opsawg@ietf.org ; = mud@ietf.org > =E4=B8=BB=E9=A2=98: [OPSAWG] Declaring something to be a controller in = MUD >=20 > Hi everyone, >=20 > A few of us are just trying to put out an initial draft that addresses = one gap in MUD (there are several). In a MUD file one can say that one = wants to access a controller in two ways: either "my-controller=E2=80=9D = meaning a controller that services devices of a particular MUD URL or a = =E2=80=9Ccontroller=E2=80=9D class that services devices based on a = particular class name of controller. >=20 > In either case, right now the administrator has to manually know and = populate information, to say - some device 1.2.3.4 is a controller, = either for MUD URL https://example.com/mud or = a class http://example.com/mudclass1 . = That can be laborious. To assist, we are examining ways to have a = controller declare itself as a candidate controller. >=20 > [Qin]: Since MUD in RFC8520 has already specify DNS extension and DHCP = extension, why not configure MUD manager with controller=E2=80=99s = declaration? So the RESTFUL interface can be defined between NMS and = controller, if my understanding is correct. > I believe this is network initiated solution, you might have client = initiated solution, but probably more complicated than network initiated = solution. Can you say a few more words? I=E2=80=99m not sure I=E2=80=99m quite = following you. Eliot >=20 > That at least provides a hint to the administrator that this = particular device is capable of serving in a particular role. >=20 > To make that declaration, the device must- > Form the declaration; > Find the MUD manager; and > Send it. >=20 > Forming the declaration is easy: we can make this a YANG grouping and = then place it in various spots. >=20 > Finding the MUD manager depends on one question: > Was the device built to be a controller or is it a general purpose = device that has an app that is intended to be a controller? >=20 > If the device was built to be a controller, we can simply cram the = declaration into that devices own MUD file as an extension. If the = device is a general purpose computer, things get a bit more interesting. = In this case we have two choices: >=20 > Either create a MUD file that points somewhere internally - this = doesn=E2=80=99t seem very plug and play. > Make the declaration directly to the MUD manager. >=20 > I=E2=80=99m going to focus on the latter for the moment. It is easy = enough to create a RESTful interface for this purpose, but it requires a = mechanism to discovered the MUD manager, which up until now has been an = internal part of the network infrastructure. >=20 > Let me call this out plainly: letting the app itself directly call the = MUD manager requires that the MUD manager itself become exposed to the = user infrastructure, which is a change. >=20 > One possibility to address this is to incorporate the new RESTful = endpoint into an ANIMA BRSKI join registrar, which may already be = exposed. But that requires that ANIMA BRSKI be in play, which it may = not. >=20 > My thinking is that we do this work in two stages. First handle the = easy case, which is the MUD file extension, and then figure out how to = do the app version of this. >=20 > Thoughts? >=20 > Eliot --Apple-Mail=_C6460DE7-847E-4C1A-ADF3-809B04B43CDA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 1 Jul 2019, at 09:20, Qin Wu <bill.wu@huawei.com> = wrote:

=E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org] =E4=BB=A3=E8=A1=A8 Eliot Lear
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5 17:48
=E6=94=B6=E4=BB=B6=E4=BA=BA: opsawg@ietf.org; mud@ietf.org
=E4=B8=BB=E9=A2=98: [OPSAWG] Declaring = something to be a controller in MUD
 
Hi everyone,
 
A few of = us are just trying to put out an initial draft that addresses one gap in = MUD (there are several).  In a MUD file one can say that one wants = to access a controller in two ways: either "my-controller=E2=80=9D = meaning a controller that services devices of a particular MUD URL or a = =E2=80=9Ccontroller=E2=80=9D class that services devices based on a = particular class name of controller.
 
In = either case, right now the administrator has to manually know and = populate information, to say - some device 1.2.3.4 is a controller, = either for MUD URL https://example.com/mud or a class http://example.com/mudclass1. =  That can be laborious.  To assist, we are examining ways to = have a controller declare itself as a candidate controller.
 
[Qin]: Since = MUD in RFC8520 has already specify DNS extension and DHCP extension, why = not configure MUD manager with controller=E2=80=99s declaration? So the = RESTFUL interface can be defined between NMS and controller, if my = understanding is correct.
I believe this is network initiated solution, you might have = client initiated solution, but probably more complicated than network = initiated solution.

Can you say a few more words?  I=E2=80=99m not = sure I=E2=80=99m quite following you.

Eliot
 
 That at least provides = a hint to the administrator that this particular device is capable of = serving in a particular role.
 
To make that declaration, the device must-
  • Form the = declaration;
  • Find the MUD = manager; and
  • Send it.
 
Forming = the declaration is easy: we can make this a YANG grouping and then place = it in various spots.
 
Finding the MUD manager depends on one question:
  • Was the device = built to be a controller or is it a general purpose device that has an = app that is intended to be a controller?
 
If the = device was built to be a controller, we can simply cram the declaration = into that devices own MUD file as an extension.  If the device is a = general purpose computer, things get a bit more interesting.  In = this case we have two choices:
 
  • Either = create a MUD file that points somewhere internally - this doesn=E2=80=99t = seem very plug and play.
  • Make = the declaration directly to the MUD manager.
 
I=E2=80=99= m going to focus on the latter for the moment.  It is easy enough = to create a RESTful interface for this purpose, but it requires a = mechanism to discovered the MUD manager, which up until now has been an = internal part of the network infrastructure.
 
Let me = call this out plainly: letting the app itself directly call the MUD = manager requires that the MUD manager itself become exposed to the user = infrastructure, which is a change.
 
One = possibility to address this is to incorporate the new RESTful endpoint = into an ANIMA BRSKI join registrar, which may already be exposed. =  But that requires that ANIMA BRSKI be in play, which it may = not.
 
My = thinking is that we do this work in two stages.  First handle the = easy case, which is the MUD file extension, and then figure out how to = do the app version of this.
 
Thoughts?
 
Eliot

= --Apple-Mail=_C6460DE7-847E-4C1A-ADF3-809B04B43CDA-- --Apple-Mail=_7A3D637B-05DF-4EFA-8011-2B329655C0AF Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRm7oQAKCRBugA9nE248 uHQsAKC4DUk9BsbeQr+WRh2SzU5r1ztj/ACgt6lGsYiEsNkV2k1LSOSZjYxcSlk= =wvJe -----END PGP SIGNATURE----- --Apple-Mail=_7A3D637B-05DF-4EFA-8011-2B329655C0AF-- From nobody Mon Jul 1 01:49:13 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A4FA120099; Mon, 1 Jul 2019 01:49:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DIDrJzFi1mo; Mon, 1 Jul 2019 01:49:01 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A27F1201FA; Mon, 1 Jul 2019 01:49:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=33264; q=dns/txt; s=iport; t=1561970940; x=1563180540; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=V7wCXl53GwzK3esxXK03rCOXnMscHAYmGO6J26Y2t9A=; b=MACGdU+Qxp5OyMZC9O17LG40PkCmtHPEIWotK+7yGjGpptbRZf5iuNX0 BMrUafGYzOYtj2HmdUfFI0odAIukFHEhGJMBNorqCqXIVqT/TMwWgIni5 xrlb3VQjc2tLrq+qIQT++TSUMTzM6UYY2RIMXMJlgI76ArO/+uUHz4Q02 k=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BXAACfyBld/xbLJq1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBZ4EVgWyBBCEHhB2Ie4tiJZkGgWcCBwEBAQkDAQEfEAEBhEA?= =?us-ascii?q?CgyU4EwEDAQEEAQECAQVtijcMhUoBAQEDASNRBQULCQIOCiABBgMCAkYRBhM?= =?us-ascii?q?bgwcBgXsPCIgNm2uBMoVHhGoQgTSBUYolgX+BOAwTgh4uPoJWgTImEjqCVDK?= =?us-ascii?q?CJgSMCodzWpVYCYIYgh+BC4MpjScbgxeKFIo+lBFYgXqCV4gQgwkCBAYFAhW?= =?us-ascii?q?BZyGBWDMaCBsVZQGCQQk1ggqDaopVPQMwjwkBAQ?= X-IronPort-AV: E=Sophos;i="5.63,438,1557187200"; d="asc'?scan'208,217";a="13798515" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Jul 2019 08:48:57 +0000 Received: from [10.61.163.11] ([10.61.163.11]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x618muHZ016656 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 1 Jul 2019 08:48:57 GMT From: Eliot Lear Message-Id: <1539951A-88FB-4E6D-9623-2AE5B2924125@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_65C116C0-416E-4A03-B51C-849B9FB665AB"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 1 Jul 2019 10:48:55 +0200 In-Reply-To: Cc: "opsawg@ietf.org" , "mud@ietf.org" To: Qin Wu References: X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.163.11, [10.61.163.11] X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 08:49:03 -0000 --Apple-Mail=_65C116C0-416E-4A03-B51C-849B9FB665AB Content-Type: multipart/alternative; boundary="Apple-Mail=_25482C61-C038-4E40-91D7-B84DF2453752" --Apple-Mail=_25482C61-C038-4E40-91D7-B84DF2453752 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 1 Jul 2019, at 10:23, Qin Wu > wrote: >=20 > =E5=8F=91=E4=BB=B6=E4=BA=BA: Eliot Lear [mailto:lear@cisco.com = ] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B47=E6=9C=881=E6=97=A5 = 15:52 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu > > =E6=8A=84=E9=80=81: opsawg@ietf.org ; = mud@ietf.org > =E4=B8=BB=E9=A2=98: Re: [OPSAWG] Declaring something to be a = controller in MUD >=20 >=20 >=20 >=20 > On 1 Jul 2019, at 09:20, Qin Wu > wrote: >=20 > =E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org = ] =E4=BB=A3=E8=A1=A8 Eliot Lear > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5= 17:48 > =E6=94=B6=E4=BB=B6=E4=BA=BA: opsawg@ietf.org ; = mud@ietf.org > =E4=B8=BB=E9=A2=98: [OPSAWG] Declaring something to be a controller in = MUD >=20 > Hi everyone, >=20 > A few of us are just trying to put out an initial draft that addresses = one gap in MUD (there are several). In a MUD file one can say that one = wants to access a controller in two ways: either "my-controller=E2=80=9D = meaning a controller that services devices of a particular MUD URL or a = =E2=80=9Ccontroller=E2=80=9D class that services devices based on a = particular class name of controller. >=20 > In either case, right now the administrator has to manually know and = populate information, to say - some device 1.2.3.4 is a controller, = either for MUD URL https://example.com/mud or = a class http://example.com/mudclass1 . = That can be laborious. To assist, we are examining ways to have a = controller declare itself as a candidate controller. >=20 > [Qin]: Since MUD in RFC8520 has already specify DNS extension and DHCP = extension, why not configure MUD manager with controller=E2=80=99s = declaration? So the RESTFUL interface can be defined between NMS and = controller, if my understanding is correct. > I believe this is network initiated solution, you might have client = initiated solution, but probably more complicated than network initiated = solution. >=20 > Can you say a few more words? I=E2=80=99m not sure I=E2=80=99m quite = following you. > [Qin]: What I am suggesting is NMS preconfigures the MUD manager with = controller=E2=80=99s declaration information, during DHCP process or DNS = process, the controller=E2=80=99s declaration can be returned > To the router or switch between the thing and MUD manager or return to = the thing, the router or the thing can access controller through = controller delclartion. >=20 > If the MUD manager also needs to be advertised to the thing, DHCP = Discovery or DNS process can be leveraged. In this case, NMS needs to = preconfigure DHCP server with MUD manager information. I apologize, but I=E2=80=99m not quite following. Let=E2=80=99s step = through what I=E2=80=99m trying to solve, and then let=E2=80=99s step = through your flow. Device sends a MUD URL X that points to a MUD file that says to permit = ip access to my-controller. Now- how do we determine who =E2=80=9Cmy-controller=E2=80=9D for MUD URL = X is? Ways to do that: Ask the administrator (pre-configuration) Provide the administrator hints Controller says who it can control (by MUD URLs, etc) or Device says which controllers (by MUD URL) are good candidates Other If it=E2=80=99s the controller, then we can do a RESTful interface. If = it=E2=80=99s the device, we already have a communication path. Nothing = stops us from doing both. So now insert your approach. What steps would you take? Eliot >=20 > Eliot >=20 >=20 > That at least provides a hint to the administrator that this = particular device is capable of serving in a particular role. >=20 > To make that declaration, the device must- > Form the declaration; > Find the MUD manager; and > Send it. >=20 > Forming the declaration is easy: we can make this a YANG grouping and = then place it in various spots. >=20 > Finding the MUD manager depends on one question: > Was the device built to be a controller or is it a general purpose = device that has an app that is intended to be a controller? >=20 > If the device was built to be a controller, we can simply cram the = declaration into that devices own MUD file as an extension. If the = device is a general purpose computer, things get a bit more interesting. = In this case we have two choices: >=20 > Either create a MUD file that points somewhere internally - this = doesn=E2=80=99t seem very plug and play. > Make the declaration directly to the MUD manager. >=20 > I=E2=80=99m going to focus on the latter for the moment. It is easy = enough to create a RESTful interface for this purpose, but it requires a = mechanism to discovered the MUD manager, which up until now has been an = internal part of the network infrastructure. >=20 > Let me call this out plainly: letting the app itself directly call the = MUD manager requires that the MUD manager itself become exposed to the = user infrastructure, which is a change. >=20 > One possibility to address this is to incorporate the new RESTful = endpoint into an ANIMA BRSKI join registrar, which may already be = exposed. But that requires that ANIMA BRSKI be in play, which it may = not. >=20 > My thinking is that we do this work in two stages. First handle the = easy case, which is the MUD file extension, and then figure out how to = do the app version of this. >=20 > Thoughts? >=20 > Eliot >=20 --Apple-Mail=_25482C61-C038-4E40-91D7-B84DF2453752 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8


On 1 Jul 2019, at 10:23, Qin Wu <bill.wu@huawei.com> = wrote:

=E5=8F=91=E4=BB=B6=E4=BA=BA: Eliot Lear [mailto:lear@cisco.com] 
=E5=8F=91=E9=80=81=E6=97=B6=E9= =97=B4: 2019=E5=B9=B47=E6=9C=881=E6=97=A5 15:52
=E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu <bill.wu@huawei.com>
=E6=8A=84=E9=80=81: opsawg@ietf.org; mud@ietf.org
=E4=B8=BB=E9=A2=98: Re: [OPSAWG] Declaring = something to be a controller in MUD
 
 


On 1 Jul 2019, at 09:20, Qin Wu <bill.wu@huawei.com> = wrote:
 
=E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org] =E4=BB=A3=E8=A1=A8 Eliot Lear
=E5=8F=91=E9=80=81=E6=97=B6=E9= =97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5 17:48
=E6=94=B6=E4=BB=B6=E4=BA= =BA: opsawg@ietf.org; mud@ietf.org
=E4=B8=BB=E9=A2=98: [OPSAWG] Declaring something to be a controller in = MUD
 
Hi everyone,
 
A few of us are just trying to put out an initial draft that = addresses one gap in MUD (there are several).  In a MUD file one = can say that one wants to access a controller in two ways: either = "my-controller=E2=80=9D meaning a controller that = services devices of a particular MUD URL or a =E2=80=9Ccontroller=E2=80=9D class that = services devices based on a particular class name of controller.
 
In either case, right now the administrator = has to manually know and populate information, to say - some device = 1.2.3.4 is a controller, either for MUD URL https://example.com/mud or a class http://example.com/mudclass1.  That can be = laborious.  To assist, we are examining ways to have a controller = declare itself as a candidate controller.
 
[Qin]: Since = MUD in RFC8520 has already specify DNS extension and DHCP extension, why = not configure MUD manager with controller=E2=80=99s declaration? So the = RESTFUL interface can be defined between NMS and controller, if my = understanding is correct.
I believe this = is network initiated solution, you might have client initiated solution, = but probably more complicated than network initiated = solution.
 
Can you = say a few more words?  I=E2=80=99m not sure I=E2=80=99m quite = following you.
[Qin]: What I am = suggesting is NMS preconfigures the MUD manager with controller=E2=80=99s = declaration information, during DHCP process or DNS process, the = controller=E2=80=99s declaration can be returned
To the router or switch = between the thing and MUD manager or return to the thing, the router or = the thing can access controller through controller delclartion.
 
If the MUD = manager also needs to be advertised to the thing, DHCP Discovery or DNS = process can be leveraged. In this case, NMS needs to preconfigure DHCP = server with MUD manager = information.

I apologize, but I=E2=80=99m not quite = following.  Let=E2=80=99s step through what I=E2=80=99m trying to = solve, and then let=E2=80=99s step through your flow.


Device sends a MUD URL X that points to a MUD file that says = to permit ip access to my-controller.

Now- how do we determine who = =E2=80=9Cmy-controller=E2=80=9D for MUD URL X is?
Ways to do that:
  • Ask the = administrator (pre-configuration)
  • Provide the = administrator hints
    • Controller says = who it can control (by MUD URLs, etc) or
    • Device says = which controllers (by MUD URL) are good candidates
  • Other

If it=E2=80=99s the controller, then we = can do a RESTful interface.  If it=E2=80=99s the device, we already = have a communication path.  Nothing stops us from doing = both.

So now = insert your approach.  What steps would you take?

Eliot



 
Eliot

 
 That at least provides = a hint to the administrator that this particular device is capable of = serving in a particular role.
 
To make that declaration, the device must-
  • Form the declaration;
  • Find = the MUD manager; and
  • Send = it.
 
Forming the declaration is easy: we can make = this a YANG grouping and then place it in various spots.
 
Finding the MUD manager depends on one = question:
  • Was the device built to be a controller or is = it a general purpose device that has an app that is intended to be a = controller?
 
If the device was built to be a controller, we = can simply cram the declaration into that devices own MUD file as an = extension.  If the device is a general purpose computer, things get = a bit more interesting.  In this case we have two choices:
 
  • Either create a MUD file that points somewhere = internally - this doesn=E2=80=99t = seem very plug and play.
  • Make = the declaration directly to the MUD manager.
 
I=E2=80=99m going to = focus on the latter for the moment.  It is easy enough to create a = RESTful interface for this purpose, but it requires a mechanism to = discovered the MUD manager, which up until now has been an internal part = of the network infrastructure.
 
Let me call this out plainly: letting the app = itself directly call the MUD manager requires that the MUD manager = itself become exposed to the user infrastructure, which is a change.
 
One possibility to address this is to = incorporate the new RESTful endpoint into an ANIMA BRSKI join registrar, = which may already be exposed.  But that requires that ANIMA BRSKI = be in play, which it may not.
 
My thinking is that we do this work in two = stages.  First handle the easy case, which is the MUD file = extension, and then figure out how to do the app version of this.
 
Thoughts?
 
Eliot
 

= --Apple-Mail=_25482C61-C038-4E40-91D7-B84DF2453752-- --Apple-Mail=_65C116C0-416E-4A03-B51C-849B9FB665AB Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRnI9wAKCRBugA9nE248 uPpBAKCPzpZc7YOsY4mEfTYwt4x+8laskwCguFbJt6H3gy2vM+ame+GgD7w0brc= =vwzW -----END PGP SIGNATURE----- --Apple-Mail=_65C116C0-416E-4A03-B51C-849B9FB665AB-- From nobody Mon Jul 1 02:41:08 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31FCD12015E for ; Sun, 30 Jun 2019 09:50:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com header.b=aFtWVEF/; dkim=pass (2048-bit key) header.d=gmail.com header.b=VKCSbg0S Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G500FH6c9Vme for ; Sun, 30 Jun 2019 09:50:33 -0700 (PDT) Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEDBD12015D for ; Sun, 30 Jun 2019 09:50:33 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id e39so11321304qte.8 for ; Sun, 30 Jun 2019 09:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:reply-to:sender:message-id:date:subject:from:to; bh=WtyCtT5DUF7l1fIh7k9O6tlYttPQCQ3qrZ+YPmPCbHo=; b=aFtWVEF/GY/F1LVXJiM6wJTqrhmLNtS/O7YFGXYqnMY9FRWLVAhKH4pIVSMfl8x2KU JCau/XOCBzZV2h23WMeALRN7fgUbQZIUtFWlbM5e4NwTx68mDgTENG5XXQ7fyooMRItE 17zQOOyXD5uCJSjqGU0eQyU7x7i4Z+ZlulX0UwP5CMXpo5Awcnz9O4L3JuU7zxJgmYGp 2Ydg5thDbHv+PkA0iCu/Zj/4j+YY7+/upbmDnO+Gzzx9KGmpu5wQWviNRXTohumDowt/ oaFaMDO9WXTKmlw9Dptoy+XYBAAInMNbW0zryeAYdfPYLAIdMo8Qep+3mxHRggth2hmx rmew== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:sender:message-id:date:subject:from:to; bh=WtyCtT5DUF7l1fIh7k9O6tlYttPQCQ3qrZ+YPmPCbHo=; b=VKCSbg0S8hAkQt/m7xuc6VY6MESuzxW0nBk0fiOscv8vQ5bFZtA5hfHv56PHiv4JZo hm2bAMuCjv/QtY6kfNqRRMXIL1pXPj28lnYZX4ycEoeGjwdQXgXwcWOfjiZqOyGREnZ7 rfyPJavkP8E8uFMSyvAyw4ZB5OM8o8dyjEE9oUJdUY8yiYLCzCVFmzCQRa0Xm9EWVI5V vUQYPR3FtBXSd5f2HqPZsve/deDi/UxAQvz6ewluQ6Tb2aPrW7pWoB4tPuScDWEOmS1z /4mDegfXtSVpAB7+WIPgTrLr4ZxNQ2JZExoi0asvlNvY6lg/REyawJcl/Nx1bpt3HnFd SagQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:sender:message-id:date :subject:from:to; bh=WtyCtT5DUF7l1fIh7k9O6tlYttPQCQ3qrZ+YPmPCbHo=; b=KXmbP9HBA706YePWA08gVm7qYsnhBw2zqh6IqbB2jkRPrd1OrBJ5O4mhYTifmbTbGq XHhT1xj+eTkUgWJn+oPxdukvM2q8qiECuiBZlsrLBpcdLoewKeh7WasvEA+u8A4h4CUx Y1LAVlq0/2hXvClr+0PzRUWm5Rh/ecxZhjH1ZAH4K31wmFnjxEPFZAHNbH/IYuxZnfZb MXTowx5drmLl2ysE/hzokawjgr+I7DgGnnL+7OKoScDnw55xstdLQdS3CIOSWTDziZ3v A0ygHlD807RnqAmsts9MjEMSxdIQIzQGTkyz3pIC4T77yFDhH8PyLSxV+qi2mHSgKaQM kUgA== X-Gm-Message-State: APjAAAUN3F4LXkuAWcRLvICfNNFAoz/S9t9hYkNRoFx8HZeYfh7RSS1k ZzMbWzGdaWxnEOCFVvp8Fl53vnTMHytWhIv3W6c= X-Google-Smtp-Source: APXvYqyB1BdsSFOLqqWs8+yiZIJk1qlZNFJ0hcqEpzDRP3RgqR5BTnAUKniZgg4d58Om7FFkcNLUvT07H+1icLGPZPJq MIME-Version: 1.0 X-Received: by 2002:aed:2dc7:: with SMTP id i65mr16648559qtd.365.1561913432560; Sun, 30 Jun 2019 09:50:32 -0700 (PDT) Reply-To: mcharlesr@gmail.com Sender: Google Calendar Message-ID: <000000000000515a5e058c8d4f26@google.com> Date: Sun, 30 Jun 2019 16:50:32 +0000 From: mcharlesr@gmail.com To: mud@ietf.org Content-Type: multipart/mixed; boundary="000000000000515a48058c8d4f25" Archived-At: X-Mailman-Approved-At: Mon, 01 Jul 2019 02:41:07 -0700 Subject: [Mud] Invitation: MUD/IoT onboarding @ Mon 2019-07-22 08:30 - 10:30 (EDT) (mud@ietf.org) X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jun 2019 16:50:37 -0000 --000000000000515a48058c8d4f25 Content-Type: multipart/alternative; boundary="000000000000515a45058c8d4f23" --000000000000515a45058c8d4f23 Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes Content-Transfer-Encoding: base64 WW91IGhhdmUgYmVlbiBpbnZpdGVkIHRvIHRoZSBmb2xsb3dpbmcgZXZlbnQuDQoNClRpdGxlOiBN VUQvSW9UIG9uYm9hcmRpbmcNCldoZW46IE1vbiAyMDE5LTA3LTIyIDA4OjMwIOKAkyAxMDozMCBF YXN0ZXJuIFRpbWUgLSBUb3JvbnRvDQpXaGVyZTogQzIgb24gMjJzdCBmbG9vcg0KQ2FsZW5kYXI6 IG11ZEBpZXRmLm9yZw0KV2hvOg0KICAgICAqIG1jaGFybGVzckBnbWFpbC5jb20gLSBvcmdhbml6 ZXINCiAgICAgKiBtdWRAaWV0Zi5vcmcNCg0KRXZlbnQgZGV0YWlsczogIA0KaHR0cHM6Ly93d3cu Z29vZ2xlLmNvbS9jYWxlbmRhci9ldmVudD9hY3Rpb249VklFVyZlaWQ9TjJKcmNtbHdNWEZsY0hC MGRuVXlhV0ZwTnpJd2EzTjJOMklnYlhWa1FHbGxkR1l1YjNKbiZ0b2s9TVRramJXTm9ZWEpzWlhO eVFHZHRZV2xzTG1OdmJUa3pNemN3TWpneVl6aGpOemhrTVRFelpHWmtOVEUyTXpnMlltUTBORFl3 WkdZeU16bGxNMlUmY3R6PUFtZXJpY2ElMkZUb3JvbnRvJmhsPWVuJmVzPTANCg0KSW52aXRhdGlv biBmcm9tIEdvb2dsZSBDYWxlbmRhcjogaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9jYWxlbmRhci8N Cg0KWW91IGFyZSByZWNlaXZpbmcgdGhpcyBjb3VydGVzeSBlbWFpbCBhdCB0aGUgYWNjb3VudCBt dWRAaWV0Zi5vcmcgYmVjYXVzZSAgDQp5b3UgYXJlIGFuIGF0dGVuZGVlIG9mIHRoaXMgZXZlbnQu DQoNClRvIHN0b3AgcmVjZWl2aW5nIGZ1dHVyZSB1cGRhdGVzIGZvciB0aGlzIGV2ZW50LCBkZWNs aW5lIHRoaXMgZXZlbnQuICANCkFsdGVybmF0aXZlbHkgeW91IGNhbiBzaWduIHVwIGZvciBhIEdv b2dsZSBhY2NvdW50IGF0ICANCmh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vY2FsZW5kYXIvIGFuZCBj b250cm9sIHlvdXIgbm90aWZpY2F0aW9uIHNldHRpbmdzIGZvciAgDQp5b3VyIGVudGlyZSBjYWxl bmRhci4NCg0KRm9yd2FyZGluZyB0aGlzIGludml0YXRpb24gY291bGQgYWxsb3cgYW55IHJlY2lw aWVudCB0byBzZW5kIGEgcmVzcG9uc2UgdG8gIA0KdGhlIG9yZ2FuaXplciBhbmQgYmUgYWRkZWQg dG8gdGhlIGd1ZXN0IGxpc3QsIG9yIGludml0ZSBvdGhlcnMgcmVnYXJkbGVzcyAgDQpvZiB0aGVp ciBvd24gaW52aXRhdGlvbiBzdGF0dXMsIG9yIHRvIG1vZGlmeSB5b3VyIFJTVlAuIExlYXJuIG1v cmUgYXQgIA0KaHR0cHM6Ly9zdXBwb3J0Lmdvb2dsZS5jb20vY2FsZW5kYXIvYW5zd2VyLzM3MTM1 I2ZvcndhcmRpbmcNCg== --000000000000515a45058c8d4f23 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=

You have been invited to the follo= wing event.

MUD/IoT onboarding

= When
Mon 2019-07-22 = 08:30 =E2=80=93 10:30 Eastern Time - Toronto
Where
C2 on 22st floor (map)
Calendar
mud@ietf.org<= /div>
Who
mcharlesr@gmail.com - organizer
mud@iet= f.org

Going (mud@ietf.org)= ?   Yes - <= a href=3D"https://www.google.com/calendar/event?action=3DRESPOND&eid=3D= N2JrcmlwMXFlcHB0dnUyaWFpNzIwa3N2N2IgbXVkQGlldGYub3Jn&rst=3D3&tok=3D= MTkjbWNoYXJsZXNyQGdtYWlsLmNvbTkzMzcwMjgyYzhjNzhkMTEzZGZkNTE2Mzg2YmQ0NDYwZGY= yMzllM2U&ctz=3DAmerica%2FToronto&hl=3Den&es=3D0" style=3D"color= :#20c;white-space:nowrap" itemprop=3D"url">Maybe - No    more options &r= aquo;

= Invitation from Google Calendar

You are receiving this courtesy em= ail at the account mud@ietf.org because you are an attendee of this event.<= /p>

To stop receiving future updates for this event, decline this event. = Alternatively you can sign up for a Google account at https://www.google.co= m/calendar/ and control your notification settings for your entire calendar= .

Forwarding this invitation could allow any recipient to send a resp= onse to the organizer and be added to the guest list, or invite others rega= rdless of their own invitation status, or to modify your RSVP. Learn More.=

--000000000000515a45058c8d4f23 Content-Type: text/calendar; charset="UTF-8"; method=REQUEST Content-Transfer-Encoding: 7bit BEGIN:VCALENDAR PRODID:-//Google Inc//Google Calendar 70.9054//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:REQUEST BEGIN:VEVENT DTSTART:20190722T123000Z DTEND:20190722T143000Z DTSTAMP:20190630T165032Z ORGANIZER;CN=mcharlesr@gmail.com:mailto:mcharlesr@gmail.com UID:7bkrip1qepptvu2iai720ksv7b@google.com ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=ACCEPTED;RSVP=TRUE ;CN=mcharlesr@gmail.com;X-NUM-GUESTS=0:mailto:mcharlesr@gmail.com ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP= TRUE;CN=mud@ietf.org;X-NUM-GUESTS=0:mailto:mud@ietf.org X-MICROSOFT-CDO-OWNERAPPTID:-380302816 CREATED:20190630T165030Z DESCRIPTION:-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~ :~:~:~:~:~:~:~:~::~:~::-\nPlease do not edit this section of the descriptio n.\n\nView your event at https://www.google.com/calendar/event?action=VIEW& eid=N2JrcmlwMXFlcHB0dnUyaWFpNzIwa3N2N2IgbXVkQGlldGYub3Jn&tok=MTkjbWNoYXJsZX NyQGdtYWlsLmNvbTkzMzcwMjgyYzhjNzhkMTEzZGZkNTE2Mzg2YmQ0NDYwZGYyMzllM2U&ctz=A merica%2FToronto&hl=en&es=1.\n-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~ :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::- LAST-MODIFIED:20190630T165030Z LOCATION:C2 on 22st floor SEQUENCE:0 STATUS:CONFIRMED SUMMARY:MUD/IoT onboarding TRANSP:OPAQUE END:VEVENT END:VCALENDAR --000000000000515a45058c8d4f23-- --000000000000515a48058c8d4f25 Content-Type: application/ics; name="invite.ics" Content-Disposition: attachment; filename="invite.ics" Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpQUk9ESUQ6LS8vR29vZ2xlIEluYy8vR29vZ2xlIENhbGVuZGFyIDcw LjkwNTQvL0VODQpWRVJTSU9OOjIuMA0KQ0FMU0NBTEU6R1JFR09SSUFODQpNRVRIT0Q6UkVRVUVT VA0KQkVHSU46VkVWRU5UDQpEVFNUQVJUOjIwMTkwNzIyVDEyMzAwMFoNCkRURU5EOjIwMTkwNzIy VDE0MzAwMFoNCkRUU1RBTVA6MjAxOTA2MzBUMTY1MDMyWg0KT1JHQU5JWkVSO0NOPW1jaGFybGVz ckBnbWFpbC5jb206bWFpbHRvOm1jaGFybGVzckBnbWFpbC5jb20NClVJRDo3YmtyaXAxcWVwcHR2 dTJpYWk3MjBrc3Y3YkBnb29nbGUuY29tDQpBVFRFTkRFRTtDVVRZUEU9SU5ESVZJRFVBTDtST0xF PVJFUS1QQVJUSUNJUEFOVDtQQVJUU1RBVD1BQ0NFUFRFRDtSU1ZQPVRSVUUNCiA7Q049bWNoYXJs ZXNyQGdtYWlsLmNvbTtYLU5VTS1HVUVTVFM9MDptYWlsdG86bWNoYXJsZXNyQGdtYWlsLmNvbQ0K QVRURU5ERUU7Q1VUWVBFPUlORElWSURVQUw7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UEFSVFNUQVQ9 TkVFRFMtQUNUSU9OO1JTVlA9DQogVFJVRTtDTj1tdWRAaWV0Zi5vcmc7WC1OVU0tR1VFU1RTPTA6 bWFpbHRvOm11ZEBpZXRmLm9yZw0KWC1NSUNST1NPRlQtQ0RPLU9XTkVSQVBQVElEOi0zODAzMDI4 MTYNCkNSRUFURUQ6MjAxOTA2MzBUMTY1MDMwWg0KREVTQ1JJUFRJT046LTo6fjp+Ojp+On46fjp+ On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+DQogOn46fjp+ On46fjp+On46fjo6fjp+OjotXG5QbGVhc2UgZG8gbm90IGVkaXQgdGhpcyBzZWN0aW9uIG9mIHRo ZSBkZXNjcmlwdGlvDQogbi5cblxuVmlldyB5b3VyIGV2ZW50IGF0IGh0dHBzOi8vd3d3Lmdvb2ds ZS5jb20vY2FsZW5kYXIvZXZlbnQ/YWN0aW9uPVZJRVcmDQogZWlkPU4ySnJjbWx3TVhGbGNIQjBk blV5YVdGcE56SXdhM04yTjJJZ2JYVmtRR2xsZEdZdWIzSm4mdG9rPU1Ua2piV05vWVhKc1pYDQog TnlRR2R0WVdsc0xtTnZiVGt6TXpjd01qZ3lZemhqTnpoa01URXpaR1prTlRFMk16ZzJZbVEwTkRZ d1pHWXlNemxsTTJVJmN0ej1BDQogbWVyaWNhJTJGVG9yb250byZobD1lbiZlcz0xLlxuLTo6fjp+ Ojp+On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+On46fjp+DQogOn46fjp+On46fjp+On46 fjp+On46fjp+On46fjp+On46fjo6fjp+OjotDQpMQVNULU1PRElGSUVEOjIwMTkwNjMwVDE2NTAz MFoNCkxPQ0FUSU9OOkMyIG9uIDIyc3QgZmxvb3INClNFUVVFTkNFOjANClNUQVRVUzpDT05GSVJN RUQNClNVTU1BUlk6TVVEL0lvVCBvbmJvYXJkaW5nDQpUUkFOU1A6T1BBUVVFDQpFTkQ6VkVWRU5U DQpFTkQ6VkNBTEVOREFSDQo= --000000000000515a48058c8d4f25-- From nobody Mon Jul 1 02:41:14 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07FF4120225; Mon, 1 Jul 2019 00:21:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HjmmgBYZUkxz; Mon, 1 Jul 2019 00:21:53 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6798F120222; Mon, 1 Jul 2019 00:21:53 -0700 (PDT) Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 628A1267F4133DE75EC9; Mon, 1 Jul 2019 08:21:51 +0100 (IST) Received: from NKGEML414-HUB.china.huawei.com (10.98.56.75) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 1 Jul 2019 08:21:51 +0100 Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id 14.03.0415.000; Mon, 1 Jul 2019 15:20:51 +0800 From: Qin Wu To: Eliot Lear , "opsawg@ietf.org" , "mud@ietf.org" Thread-Topic: [OPSAWG] Declaring something to be a controller in MUD Thread-Index: AdUv3HjWBDQcYX3NS2OJHA5W7PRpmQ== Date: Mon, 1 Jul 2019 07:20:51 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.31.203] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49BC850nkgeml513mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: X-Mailman-Approved-At: Mon, 01 Jul 2019 02:41:07 -0700 Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 07:21:56 -0000 --_000_B8F9A780D330094D99AF023C5877DABAA49BC850nkgeml513mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 5Y+R5Lu25Lq6OiBPUFNBV0cgW21haWx0bzpvcHNhd2ctYm91bmNlc0BpZXRmLm9yZ10g5Luj6KGo IEVsaW90IExlYXINCuWPkemAgeaXtumXtDogMjAxOeW5tDbmnIgyNOaXpSAxNzo0OA0K5pS25Lu2 5Lq6OiBvcHNhd2dAaWV0Zi5vcmc7IG11ZEBpZXRmLm9yZw0K5Li76aKYOiBbT1BTQVdHXSBEZWNs YXJpbmcgc29tZXRoaW5nIHRvIGJlIGEgY29udHJvbGxlciBpbiBNVUQNCg0KSGkgZXZlcnlvbmUs DQoNCkEgZmV3IG9mIHVzIGFyZSBqdXN0IHRyeWluZyB0byBwdXQgb3V0IGFuIGluaXRpYWwgZHJh ZnQgdGhhdCBhZGRyZXNzZXMgb25lIGdhcCBpbiBNVUQgKHRoZXJlIGFyZSBzZXZlcmFsKS4gIElu IGEgTVVEIGZpbGUgb25lIGNhbiBzYXkgdGhhdCBvbmUgd2FudHMgdG8gYWNjZXNzIGEgY29udHJv bGxlciBpbiB0d28gd2F5czogZWl0aGVyICJteS1jb250cm9sbGVy4oCdIG1lYW5pbmcgYSBjb250 cm9sbGVyIHRoYXQgc2VydmljZXMgZGV2aWNlcyBvZiBhIHBhcnRpY3VsYXIgTVVEIFVSTCBvciBh IOKAnGNvbnRyb2xsZXLigJ0gY2xhc3MgdGhhdCBzZXJ2aWNlcyBkZXZpY2VzIGJhc2VkIG9uIGEg cGFydGljdWxhciBjbGFzcyBuYW1lIG9mIGNvbnRyb2xsZXIuDQoNCkluIGVpdGhlciBjYXNlLCBy aWdodCBub3cgdGhlIGFkbWluaXN0cmF0b3IgaGFzIHRvIG1hbnVhbGx5IGtub3cgYW5kIHBvcHVs YXRlIGluZm9ybWF0aW9uLCB0byBzYXkgLSBzb21lIGRldmljZSAxLjIuMy40IGlzIGEgY29udHJv bGxlciwgZWl0aGVyIGZvciBNVUQgVVJMIGh0dHBzOi8vZXhhbXBsZS5jb20vbXVkIG9yIGEgY2xh c3MgaHR0cDovL2V4YW1wbGUuY29tL211ZGNsYXNzMS4gIFRoYXQgY2FuIGJlIGxhYm9yaW91cy4g IFRvIGFzc2lzdCwgd2UgYXJlIGV4YW1pbmluZyB3YXlzIHRvIGhhdmUgYSBjb250cm9sbGVyIGRl Y2xhcmUgaXRzZWxmIGFzIGEgY2FuZGlkYXRlIGNvbnRyb2xsZXIuDQoNCltRaW5dOiBTaW5jZSBN VUQgaW4gUkZDODUyMCBoYXMgYWxyZWFkeSBzcGVjaWZ5IEROUyBleHRlbnNpb24gYW5kIERIQ1Ag ZXh0ZW5zaW9uLCB3aHkgbm90IGNvbmZpZ3VyZSBNVUQgbWFuYWdlciB3aXRoIGNvbnRyb2xsZXLi gJlzIGRlY2xhcmF0aW9uPyBTbyB0aGUgUkVTVEZVTCBpbnRlcmZhY2UgY2FuIGJlIGRlZmluZWQg YmV0d2VlbiBOTVMgYW5kIGNvbnRyb2xsZXIsIGlmIG15IHVuZGVyc3RhbmRpbmcgaXMgY29ycmVj dC4NCkkgYmVsaWV2ZSB0aGlzIGlzIG5ldHdvcmsgaW5pdGlhdGVkIHNvbHV0aW9uLCB5b3UgbWln aHQgaGF2ZSBjbGllbnQgaW5pdGlhdGVkIHNvbHV0aW9uLCBidXQgcHJvYmFibHkgbW9yZSBjb21w bGljYXRlZCB0aGFuIG5ldHdvcmsgaW5pdGlhdGVkIHNvbHV0aW9uLg0KDQogVGhhdCBhdCBsZWFz dCBwcm92aWRlcyBhIGhpbnQgdG8gdGhlIGFkbWluaXN0cmF0b3IgdGhhdCB0aGlzIHBhcnRpY3Vs YXIgZGV2aWNlIGlzIGNhcGFibGUgb2Ygc2VydmluZyBpbiBhIHBhcnRpY3VsYXIgcm9sZS4NCg0K VG8gbWFrZSB0aGF0IGRlY2xhcmF0aW9uLCB0aGUgZGV2aWNlIG11c3QtDQoNCiAgKiAgIEZvcm0g dGhlIGRlY2xhcmF0aW9uOw0KICAqICAgRmluZCB0aGUgTVVEIG1hbmFnZXI7IGFuZA0KICAqICAg U2VuZCBpdC4NCg0KRm9ybWluZyB0aGUgZGVjbGFyYXRpb24gaXMgZWFzeTogd2UgY2FuIG1ha2Ug dGhpcyBhIFlBTkcgZ3JvdXBpbmcgYW5kIHRoZW4gcGxhY2UgaXQgaW4gdmFyaW91cyBzcG90cy4N Cg0KRmluZGluZyB0aGUgTVVEIG1hbmFnZXIgZGVwZW5kcyBvbiBvbmUgcXVlc3Rpb246DQoNCiAg KiAgIFdhcyB0aGUgZGV2aWNlIGJ1aWx0IHRvIGJlIGEgY29udHJvbGxlciBvciBpcyBpdCBhIGdl bmVyYWwgcHVycG9zZSBkZXZpY2UgdGhhdCBoYXMgYW4gYXBwIHRoYXQgaXMgaW50ZW5kZWQgdG8g YmUgYSBjb250cm9sbGVyPw0KDQpJZiB0aGUgZGV2aWNlIHdhcyBidWlsdCB0byBiZSBhIGNvbnRy b2xsZXIsIHdlIGNhbiBzaW1wbHkgY3JhbSB0aGUgZGVjbGFyYXRpb24gaW50byB0aGF0IGRldmlj ZXMgb3duIE1VRCBmaWxlIGFzIGFuIGV4dGVuc2lvbi4gIElmIHRoZSBkZXZpY2UgaXMgYSBnZW5l cmFsIHB1cnBvc2UgY29tcHV0ZXIsIHRoaW5ncyBnZXQgYSBiaXQgbW9yZSBpbnRlcmVzdGluZy4g IEluIHRoaXMgY2FzZSB3ZSBoYXZlIHR3byBjaG9pY2VzOg0KDQoNCiAgKiAgIEVpdGhlciBjcmVh dGUgYSBNVUQgZmlsZSB0aGF0IHBvaW50cyBzb21ld2hlcmUgaW50ZXJuYWxseSAtIHRoaXMgZG9l c27igJl0IHNlZW0gdmVyeSBwbHVnIGFuZCBwbGF5Lg0KICAqICAgTWFrZSB0aGUgZGVjbGFyYXRp b24gZGlyZWN0bHkgdG8gdGhlIE1VRCBtYW5hZ2VyLg0KDQpJ4oCZbSBnb2luZyB0byBmb2N1cyBv biB0aGUgbGF0dGVyIGZvciB0aGUgbW9tZW50LiAgSXQgaXMgZWFzeSBlbm91Z2ggdG8gY3JlYXRl IGEgUkVTVGZ1bCBpbnRlcmZhY2UgZm9yIHRoaXMgcHVycG9zZSwgYnV0IGl0IHJlcXVpcmVzIGEg bWVjaGFuaXNtIHRvIGRpc2NvdmVyZWQgdGhlIE1VRCBtYW5hZ2VyLCB3aGljaCB1cCB1bnRpbCBu b3cgaGFzIGJlZW4gYW4gaW50ZXJuYWwgcGFydCBvZiB0aGUgbmV0d29yayBpbmZyYXN0cnVjdHVy ZS4NCg0KTGV0IG1lIGNhbGwgdGhpcyBvdXQgcGxhaW5seTogbGV0dGluZyB0aGUgYXBwIGl0c2Vs ZiBkaXJlY3RseSBjYWxsIHRoZSBNVUQgbWFuYWdlciByZXF1aXJlcyB0aGF0IHRoZSBNVUQgbWFu YWdlciBpdHNlbGYgYmVjb21lIGV4cG9zZWQgdG8gdGhlIHVzZXIgaW5mcmFzdHJ1Y3R1cmUsIHdo aWNoIGlzIGEgY2hhbmdlLg0KDQpPbmUgcG9zc2liaWxpdHkgdG8gYWRkcmVzcyB0aGlzIGlzIHRv IGluY29ycG9yYXRlIHRoZSBuZXcgUkVTVGZ1bCBlbmRwb2ludCBpbnRvIGFuIEFOSU1BIEJSU0tJ IGpvaW4gcmVnaXN0cmFyLCB3aGljaCBtYXkgYWxyZWFkeSBiZSBleHBvc2VkLiAgQnV0IHRoYXQg cmVxdWlyZXMgdGhhdCBBTklNQSBCUlNLSSBiZSBpbiBwbGF5LCB3aGljaCBpdCBtYXkgbm90Lg0K DQpNeSB0aGlua2luZyBpcyB0aGF0IHdlIGRvIHRoaXMgd29yayBpbiB0d28gc3RhZ2VzLiAgRmly c3QgaGFuZGxlIHRoZSBlYXN5IGNhc2UsIHdoaWNoIGlzIHRoZSBNVUQgZmlsZSBleHRlbnNpb24s IGFuZCB0aGVuIGZpZ3VyZSBvdXQgaG93IHRvIGRvIHRoZSBhcHAgdmVyc2lvbiBvZiB0aGlzLg0K DQpUaG91Z2h0cz8NCg0KRWxpb3QNCg0K --_000_B8F9A780D330094D99AF023C5877DABAA49BC850nkgeml513mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseTrlrovkvZM7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1 IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBh bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5b6u6L2v6ZuF6buROw0KCXBhbm9zZS0xOjIgMTEgNSAzIDIgMiA0IDIgMiA0O30NCkBmb250LWZh Y2UNCgl7Zm9udC1mYW1pbHk6IlxA5a6L5L2TIjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEg MSAxO30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxA5b6u6L2v6ZuF6buRIjsNCglwYW5v c2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5N c29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1h cmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OuWu i+S9kzt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVk LCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5 bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21z by1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29y ZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgOTAuMHB0 IDcyLjBwdCA5MC4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9 DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDoxMDI5NjIw NjI7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xMjMxMjI0ODY4O30NCkBsaXN0IGwwOmxldmVs MQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1u dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWIt c3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToi Q291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30N CkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxl dmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1s ZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u dC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3Rv cDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2lu Z2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBs aXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVs OQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674Kn Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w cHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjIy NjU3NzM0NjsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6MTQwNjk2MjUyO30NCkBsaXN0IGwxOmxl dmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw LjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1sZXZl bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10 YWItc3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt aW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWls eToiQ291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4i O30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwx OmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z by1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWIt c3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0 Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0 Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N CkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxl dmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwyDQoJe21zby1saXN0LWlk OjEzMjIwNzU1NjM7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi02MTgyMTUyOTQ7fQ0KQGxpc3Qg bDI6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMjpsZXZlbDINCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxl dmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt ZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBS b21hbiI7fQ0KQGxpc3QgbDI6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEwOC4wcHQ7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp c3QgbDI6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9u dC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw1 DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7 DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw2DQoJe21zby1sZXZl bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVs LXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZh bWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDI6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI1 Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0x OC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGlu Z3M7fQ0KQGxpc3QgbDI6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI4OC4wcHQ7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg bDI6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1z aXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRv bTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0 ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEw MjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNo YXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAv Pg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFu Zz0iWkgtQ04iIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNl Y3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7l j5Hku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGxhbmc9 IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/p m4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+IE9QU0FXRyBbbWFpbHRvOm9wc2F3Zy1ib3VuY2VzQGll dGYub3JnXQ0KPC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7ku6PooaggPC9zcGFuPg0K PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+RWxpb3QgTGVhcjxicj4NCjwv c3Bhbj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvl vq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R6YCB5pe26Ze0PHNwYW4gbGFuZz0iRU4t VVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYi PiAyMDE5PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lubQ8c3BhbiBsYW5nPSJFTi1VUyI+ Njwvc3Bhbj7mnIg8c3BhbiBsYW5nPSJFTi1VUyI+MjQ8L3NwYW4+5pelPHNwYW4gbGFuZz0iRU4t VVMiPg0KIDE3OjQ4PGJyPg0KPC9zcGFuPjxiPuaUtuS7tuS6ujxzcGFuIGxhbmc9IkVOLVVTIj46 PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IG9wc2F3Z0BpZXRmLm9yZzsgbXVkQGlldGYu b3JnPGJyPg0KPC9zcGFuPjxiPuS4u+mimDxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48 c3BhbiBsYW5nPSJFTi1VUyI+IFtPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBj b250cm9sbGVyIGluIE1VRDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkhpIGV2ZXJ5b25lLDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkEgZmV3IG9mIHVzIGFyZSBq dXN0IHRyeWluZyB0byBwdXQgb3V0IGFuIGluaXRpYWwgZHJhZnQgdGhhdCBhZGRyZXNzZXMgb25l IGdhcCBpbiBNVUQgKHRoZXJlIGFyZSBzZXZlcmFsKS4gJm5ic3A7SW4gYSBNVUQgZmlsZSBvbmUg Y2FuIHNheSB0aGF0IG9uZSB3YW50cyB0byBhY2Nlc3MgYSBjb250cm9sbGVyIGluIHR3byB3YXlz OiBlaXRoZXIgJnF1b3Q7bXktY29udHJvbGxlcuKAnSBtZWFuaW5nIGENCiBjb250cm9sbGVyIHRo YXQgc2VydmljZXMgZGV2aWNlcyBvZiBhIHBhcnRpY3VsYXIgTVVEIFVSTCBvciBhIOKAnGNvbnRy b2xsZXLigJ0gY2xhc3MgdGhhdCBzZXJ2aWNlcyBkZXZpY2VzIGJhc2VkIG9uIGEgcGFydGljdWxh ciBjbGFzcyBuYW1lIG9mIGNvbnRyb2xsZXIuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOLVVTIj5JbiBlaXRoZXIgY2FzZSwgcmlnaHQgbm93IHRoZSBhZG1pbmlz dHJhdG9yIGhhcyB0byBtYW51YWxseSBrbm93IGFuZCBwb3B1bGF0ZSBpbmZvcm1hdGlvbiwgdG8g c2F5IC0gc29tZSBkZXZpY2UgMS4yLjMuNCBpcyBhIGNvbnRyb2xsZXIsIGVpdGhlciBmb3IgTVVE IFVSTA0KPGEgaHJlZj0iaHR0cHM6Ly9leGFtcGxlLmNvbS9tdWQiPmh0dHBzOi8vZXhhbXBsZS5j b20vbXVkPC9hPiZuYnNwO29yIGEgY2xhc3MgPGEgaHJlZj0iaHR0cDovL2V4YW1wbGUuY29tL211 ZGNsYXNzMSI+DQpodHRwOi8vZXhhbXBsZS5jb20vbXVkY2xhc3MxPC9hPi4gJm5ic3A7VGhhdCBj YW4gYmUgbGFib3Jpb3VzLiAmbmJzcDtUbyBhc3Npc3QsIHdlIGFyZSBleGFtaW5pbmcgd2F5cyB0 byBoYXZlIGEgY29udHJvbGxlciBkZWNsYXJlIGl0c2VsZiBhcyBhIGNhbmRpZGF0ZSBjb250cm9s bGVyLg0KPHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+W1Fp bl06IFNpbmNlIE1VRCBpbiBSRkM4NTIwIGhhcyBhbHJlYWR5IHNwZWNpZnkgRE5TIGV4dGVuc2lv biBhbmQgREhDUCBleHRlbnNpb24sIHdoeSBub3QgY29uZmlndXJlIE1VRCBtYW5hZ2VyIHdpdGgg Y29udHJvbGxlcuKAmXMgZGVjbGFyYXRpb24/IFNvDQogdGhlIFJFU1RGVUwgaW50ZXJmYWNlIGNh biBiZSBkZWZpbmVkIGJldHdlZW4gTk1TIGFuZCBjb250cm9sbGVyLCBpZiBteSB1bmRlcnN0YW5k aW5nIGlzIGNvcnJlY3QuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JIGJlbGlldmUg dGhpcyBpcyBuZXR3b3JrIGluaXRpYXRlZCBzb2x1dGlvbiwgeW91IG1pZ2h0IGhhdmUgY2xpZW50 IGluaXRpYXRlZCBzb2x1dGlvbiwgYnV0IHByb2JhYmx5IG1vcmUgY29tcGxpY2F0ZWQgdGhhbiBu ZXR3b3JrIGluaXRpYXRlZCBzb2x1dGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Qi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDtUaGF0IGF0IGxlYXN0IHByb3ZpZGVzIGEgaGludCB0byB0aGUg YWRtaW5pc3RyYXRvciB0aGF0IHRoaXMgcGFydGljdWxhciBkZXZpY2UgaXMgY2FwYWJsZSBvZiBz ZXJ2aW5nIGluIGEgcGFydGljdWxhciByb2xlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+VG8gbWFrZSB0aGF0IGRlY2xhcmF0aW9uLCB0aGUgZGV2aWNl IG11c3QtPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHVsIHR5cGU9ImRp c2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMSBsZXZlbDEgbGZvMSI+DQo8 c3BhbiBsYW5nPSJFTi1VUyI+Rm9ybSB0aGUgZGVjbGFyYXRpb247PG86cD48L286cD48L3NwYW4+ PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwxIGxldmVsMSBsZm8xIj4NCjxz cGFuIGxhbmc9IkVOLVVTIj5GaW5kIHRoZSBNVUQgbWFuYWdlcjsgYW5kPG86cD48L286cD48L3Nw YW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwxIGxldmVsMSBsZm8xIj4N CjxzcGFuIGxhbmc9IkVOLVVTIj5TZW5kIGl0LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Rm9ybWluZyB0aGUgZGVjbGFyYXRpb24gaXMgZWFz eTogd2UgY2FuIG1ha2UgdGhpcyBhIFlBTkcgZ3JvdXBpbmcgYW5kIHRoZW4gcGxhY2UgaXQgaW4g dmFyaW91cyBzcG90cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiPkZpbmRpbmcgdGhlIE1VRCBtYW5hZ2VyIGRlcGVuZHMgb24gb25lIHF1ZXN0aW9uOjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjx1bCB0eXBlPSJkaXNjIj4NCjxs aSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzIiPg0KPHNwYW4gbGFu Zz0iRU4tVVMiPldhcyB0aGUgZGV2aWNlIGJ1aWx0IHRvIGJlIGEgY29udHJvbGxlciBvciBpcyBp dCBhIGdlbmVyYWwgcHVycG9zZSBkZXZpY2UgdGhhdCBoYXMgYW4gYXBwIHRoYXQgaXMgaW50ZW5k ZWQgdG8gYmUgYSBjb250cm9sbGVyPzxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+SWYgdGhlIGRldmljZSB3YXMgYnVpbHQgdG8gYmUgYSBjb250 cm9sbGVyLCB3ZSBjYW4gc2ltcGx5IGNyYW0gdGhlIGRlY2xhcmF0aW9uIGludG8gdGhhdCBkZXZp Y2VzIG93biBNVUQgZmlsZSBhcyBhbiBleHRlbnNpb24uICZuYnNwO0lmIHRoZSBkZXZpY2UgaXMg YSBnZW5lcmFsIHB1cnBvc2UgY29tcHV0ZXIsIHRoaW5ncyBnZXQgYSBiaXQgbW9yZSBpbnRlcmVz dGluZy4gJm5ic3A7SW4gdGhpcw0KIGNhc2Ugd2UgaGF2ZSB0d28gY2hvaWNlczo8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHVsIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMiBsZXZl bDEgbGZvMyI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+RWl0aGVyIGNyZWF0ZSBhIE1VRCBmaWxlIHRo YXQgcG9pbnRzIHNvbWV3aGVyZSBpbnRlcm5hbGx5IC0gdGhpcyBkb2VzbuKAmXQgc2VlbSB2ZXJ5 IHBsdWcgYW5kIHBsYXkuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvO21zby1saXN0OmwyIGxldmVsMSBsZm8zIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5NYWtlIHRo ZSBkZWNsYXJhdGlvbiBkaXJlY3RseSB0byB0aGUgTVVEIG1hbmFnZXIuPG86cD48L286cD48L3Nw YW4+PC9saT48L3VsPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO LVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5J4oCZbSBnb2luZyB0byBm b2N1cyBvbiB0aGUgbGF0dGVyIGZvciB0aGUgbW9tZW50LiAmbmJzcDtJdCBpcyBlYXN5IGVub3Vn aCB0byBjcmVhdGUgYSBSRVNUZnVsIGludGVyZmFjZSBmb3IgdGhpcyBwdXJwb3NlLCBidXQgaXQg cmVxdWlyZXMgYSBtZWNoYW5pc20gdG8gZGlzY292ZXJlZCB0aGUgTVVEIG1hbmFnZXIsIHdoaWNo IHVwIHVudGlsIG5vdyBoYXMgYmVlbiBhbiBpbnRlcm5hbCBwYXJ0DQogb2YgdGhlIG5ldHdvcmsg aW5mcmFzdHJ1Y3R1cmUuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj5MZXQgbWUgY2FsbCB0aGlzIG91dCBwbGFpbmx5OiBsZXR0aW5nIHRoZSBhcHAgaXRz ZWxmIGRpcmVjdGx5IGNhbGwgdGhlIE1VRCBtYW5hZ2VyIHJlcXVpcmVzIHRoYXQgdGhlIE1VRCBt YW5hZ2VyIGl0c2VsZiBiZWNvbWUgZXhwb3NlZCB0byB0aGUgdXNlciBpbmZyYXN0cnVjdHVyZSwg d2hpY2ggaXMgYSBjaGFuZ2UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj5PbmUgcG9zc2liaWxpdHkgdG8gYWRkcmVzcyB0aGlzIGlzIHRvIGluY29ycG9y YXRlIHRoZSBuZXcgUkVTVGZ1bCBlbmRwb2ludCBpbnRvIGFuIEFOSU1BIEJSU0tJIGpvaW4gcmVn aXN0cmFyLCB3aGljaCBtYXkgYWxyZWFkeSBiZSBleHBvc2VkLiAmbmJzcDtCdXQgdGhhdCByZXF1 aXJlcyB0aGF0IEFOSU1BIEJSU0tJIGJlIGluIHBsYXksIHdoaWNoIGl0IG1heSBub3QuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5NeSB0aGlua2luZyBp cyB0aGF0IHdlIGRvIHRoaXMgd29yayBpbiB0d28gc3RhZ2VzLiAmbmJzcDtGaXJzdCBoYW5kbGUg dGhlIGVhc3kgY2FzZSwgd2hpY2ggaXMgdGhlIE1VRCBmaWxlIGV4dGVuc2lvbiwgYW5kIHRoZW4g ZmlndXJlIG91dCBob3cgdG8gZG8gdGhlIGFwcCB2ZXJzaW9uIG9mIHRoaXMuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaG91Z2h0cz88bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkVsaW90PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2JvZHk+DQo8L2h0bWw+DQo= --_000_B8F9A780D330094D99AF023C5877DABAA49BC850nkgeml513mbxchi_-- From nobody Mon Jul 1 02:41:18 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3629120230; Mon, 1 Jul 2019 01:27:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id roA-pCHQK5lS; Mon, 1 Jul 2019 01:27:42 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D8C7120058; Mon, 1 Jul 2019 01:27:42 -0700 (PDT) Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 6EAA1F541CDC6B3F0224; Mon, 1 Jul 2019 09:27:40 +0100 (IST) Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 1 Jul 2019 09:27:22 +0100 Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0415.000; Mon, 1 Jul 2019 16:23:04 +0800 From: Qin Wu To: Eliot Lear CC: "opsawg@ietf.org" , "mud@ietf.org" Thread-Topic: [OPSAWG] Declaring something to be a controller in MUD Thread-Index: AdUv5UY0UsnBYD8xSFyA1RPyGtKUpw== Date: Mon, 1 Jul 2019 08:23:03 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.31.203] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49BC8F3nkgeml513mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: X-Mailman-Approved-At: Mon, 01 Jul 2019 02:41:07 -0700 Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 08:27:55 -0000 --_000_B8F9A780D330094D99AF023C5877DABAA49BC8F3nkgeml513mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 5Y+R5Lu25Lq6OiBFbGlvdCBMZWFyIFttYWlsdG86bGVhckBjaXNjby5jb21dDQrlj5HpgIHml7bp l7Q6IDIwMTnlubQ35pyIMeaXpSAxNTo1Mg0K5pS25Lu25Lq6OiBRaW4gV3UgPGJpbGwud3VAaHVh d2VpLmNvbT4NCuaKhOmAgTogb3BzYXdnQGlldGYub3JnOyBtdWRAaWV0Zi5vcmcNCuS4u+mimDog UmU6IFtPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250cm9sbGVyIGluIE1V RA0KDQoNCg0KDQpPbiAxIEp1bCAyMDE5LCBhdCAwOToyMCwgUWluIFd1IDxiaWxsLnd1QGh1YXdl aS5jb208bWFpbHRvOmJpbGwud3VAaHVhd2VpLmNvbT4+IHdyb3RlOg0KDQrlj5Hku7bkuro6IE9Q U0FXRyBbbWFpbHRvOm9wc2F3Zy1ib3VuY2VzQGlldGYub3JnXSDku6PooaggRWxpb3QgTGVhcg0K 5Y+R6YCB5pe26Ze0OiAyMDE55bm0NuaciDI05pelIDE3OjQ4DQrmlLbku7bkuro6IG9wc2F3Z0Bp ZXRmLm9yZzxtYWlsdG86b3BzYXdnQGlldGYub3JnPjsgbXVkQGlldGYub3JnPG1haWx0bzptdWRA aWV0Zi5vcmc+DQrkuLvpopg6IFtPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBj b250cm9sbGVyIGluIE1VRA0KDQpIaSBldmVyeW9uZSwNCg0KQSBmZXcgb2YgdXMgYXJlIGp1c3Qg dHJ5aW5nIHRvIHB1dCBvdXQgYW4gaW5pdGlhbCBkcmFmdCB0aGF0IGFkZHJlc3NlcyBvbmUgZ2Fw IGluIE1VRCAodGhlcmUgYXJlIHNldmVyYWwpLiAgSW4gYSBNVUQgZmlsZSBvbmUgY2FuIHNheSB0 aGF0IG9uZSB3YW50cyB0byBhY2Nlc3MgYSBjb250cm9sbGVyIGluIHR3byB3YXlzOiBlaXRoZXIg Im15LWNvbnRyb2xsZXLigJ0gbWVhbmluZyBhIGNvbnRyb2xsZXIgdGhhdCBzZXJ2aWNlcyBkZXZp Y2VzIG9mIGEgcGFydGljdWxhciBNVUQgVVJMIG9yIGEg4oCcY29udHJvbGxlcuKAnSBjbGFzcyB0 aGF0IHNlcnZpY2VzIGRldmljZXMgYmFzZWQgb24gYSBwYXJ0aWN1bGFyIGNsYXNzIG5hbWUgb2Yg Y29udHJvbGxlci4NCg0KSW4gZWl0aGVyIGNhc2UsIHJpZ2h0IG5vdyB0aGUgYWRtaW5pc3RyYXRv ciBoYXMgdG8gbWFudWFsbHkga25vdyBhbmQgcG9wdWxhdGUgaW5mb3JtYXRpb24sIHRvIHNheSAt IHNvbWUgZGV2aWNlIDEuMi4zLjQgaXMgYSBjb250cm9sbGVyLCBlaXRoZXIgZm9yIE1VRCBVUkwg aHR0cHM6Ly9leGFtcGxlLmNvbS9tdWQgb3IgYSBjbGFzcyBodHRwOi8vZXhhbXBsZS5jb20vbXVk Y2xhc3MxLiAgVGhhdCBjYW4gYmUgbGFib3Jpb3VzLiAgVG8gYXNzaXN0LCB3ZSBhcmUgZXhhbWlu aW5nIHdheXMgdG8gaGF2ZSBhIGNvbnRyb2xsZXIgZGVjbGFyZSBpdHNlbGYgYXMgYSBjYW5kaWRh dGUgY29udHJvbGxlci4NCg0KW1Fpbl06IFNpbmNlIE1VRCBpbiBSRkM4NTIwIGhhcyBhbHJlYWR5 IHNwZWNpZnkgRE5TIGV4dGVuc2lvbiBhbmQgREhDUCBleHRlbnNpb24sIHdoeSBub3QgY29uZmln dXJlIE1VRCBtYW5hZ2VyIHdpdGggY29udHJvbGxlcuKAmXMgZGVjbGFyYXRpb24/IFNvIHRoZSBS RVNURlVMIGludGVyZmFjZSBjYW4gYmUgZGVmaW5lZCBiZXR3ZWVuIE5NUyBhbmQgY29udHJvbGxl ciwgaWYgbXkgdW5kZXJzdGFuZGluZyBpcyBjb3JyZWN0Lg0KSSBiZWxpZXZlIHRoaXMgaXMgbmV0 d29yayBpbml0aWF0ZWQgc29sdXRpb24sIHlvdSBtaWdodCBoYXZlIGNsaWVudCBpbml0aWF0ZWQg c29sdXRpb24sIGJ1dCBwcm9iYWJseSBtb3JlIGNvbXBsaWNhdGVkIHRoYW4gbmV0d29yayBpbml0 aWF0ZWQgc29sdXRpb24uDQoNCkNhbiB5b3Ugc2F5IGEgZmV3IG1vcmUgd29yZHM/ICBJ4oCZbSBu b3Qgc3VyZSBJ4oCZbSBxdWl0ZSBmb2xsb3dpbmcgeW91Lg0KW1Fpbl06IFdoYXQgSSBhbSBzdWdn ZXN0aW5nIGlzIE5NUyBwcmVjb25maWd1cmVzIHRoZSBNVUQgbWFuYWdlciB3aXRoIGNvbnRyb2xs ZXLigJlzIGRlY2xhcmF0aW9uIGluZm9ybWF0aW9uLCBkdXJpbmcgREhDUCBwcm9jZXNzIG9yIERO UyBwcm9jZXNzLCB0aGUgY29udHJvbGxlcuKAmXMgZGVjbGFyYXRpb24gY2FuIGJlIHJldHVybmVk DQpUbyB0aGUgcm91dGVyIG9yIHN3aXRjaCBiZXR3ZWVuIHRoZSB0aGluZyBhbmQgTVVEIG1hbmFn ZXIgb3IgcmV0dXJuIHRvIHRoZSB0aGluZywgdGhlIHJvdXRlciBvciB0aGUgdGhpbmcgY2FuIGFj Y2VzcyBjb250cm9sbGVyIHRocm91Z2ggY29udHJvbGxlciBkZWxjbGFydGlvbi4NCg0KSWYgdGhl IE1VRCBtYW5hZ2VyIGFsc28gbmVlZHMgdG8gYmUgYWR2ZXJ0aXNlZCB0byB0aGUgdGhpbmcsIERI Q1AgRGlzY292ZXJ5IG9yIEROUyBwcm9jZXNzIGNhbiBiZSBsZXZlcmFnZWQuIEluIHRoaXMgY2Fz ZSwgTk1TIG5lZWRzIHRvIHByZWNvbmZpZ3VyZSBESENQIHNlcnZlciB3aXRoIE1VRCBtYW5hZ2Vy IGluZm9ybWF0aW9uLg0KDQpFbGlvdA0KDQoNCiBUaGF0IGF0IGxlYXN0IHByb3ZpZGVzIGEgaGlu dCB0byB0aGUgYWRtaW5pc3RyYXRvciB0aGF0IHRoaXMgcGFydGljdWxhciBkZXZpY2UgaXMgY2Fw YWJsZSBvZiBzZXJ2aW5nIGluIGEgcGFydGljdWxhciByb2xlLg0KDQpUbyBtYWtlIHRoYXQgZGVj bGFyYXRpb24sIHRoZSBkZXZpY2UgbXVzdC0NCg0KICAqICAgRm9ybSB0aGUgZGVjbGFyYXRpb247 DQogICogICBGaW5kIHRoZSBNVUQgbWFuYWdlcjsgYW5kDQogICogICBTZW5kIGl0Lg0KDQpGb3Jt aW5nIHRoZSBkZWNsYXJhdGlvbiBpcyBlYXN5OiB3ZSBjYW4gbWFrZSB0aGlzIGEgWUFORyBncm91 cGluZyBhbmQgdGhlbiBwbGFjZSBpdCBpbiB2YXJpb3VzIHNwb3RzLg0KDQpGaW5kaW5nIHRoZSBN VUQgbWFuYWdlciBkZXBlbmRzIG9uIG9uZSBxdWVzdGlvbjoNCg0KICAqICAgV2FzIHRoZSBkZXZp Y2UgYnVpbHQgdG8gYmUgYSBjb250cm9sbGVyIG9yIGlzIGl0IGEgZ2VuZXJhbCBwdXJwb3NlIGRl dmljZSB0aGF0IGhhcyBhbiBhcHAgdGhhdCBpcyBpbnRlbmRlZCB0byBiZSBhIGNvbnRyb2xsZXI/ DQoNCklmIHRoZSBkZXZpY2Ugd2FzIGJ1aWx0IHRvIGJlIGEgY29udHJvbGxlciwgd2UgY2FuIHNp bXBseSBjcmFtIHRoZSBkZWNsYXJhdGlvbiBpbnRvIHRoYXQgZGV2aWNlcyBvd24gTVVEIGZpbGUg YXMgYW4gZXh0ZW5zaW9uLiAgSWYgdGhlIGRldmljZSBpcyBhIGdlbmVyYWwgcHVycG9zZSBjb21w dXRlciwgdGhpbmdzIGdldCBhIGJpdCBtb3JlIGludGVyZXN0aW5nLiAgSW4gdGhpcyBjYXNlIHdl IGhhdmUgdHdvIGNob2ljZXM6DQoNCg0KICAqICAgRWl0aGVyIGNyZWF0ZSBhIE1VRCBmaWxlIHRo YXQgcG9pbnRzIHNvbWV3aGVyZSBpbnRlcm5hbGx5IC0gdGhpcyBkb2VzbuKAmXQgc2VlbSB2ZXJ5 IHBsdWcgYW5kIHBsYXkuDQogICogICBNYWtlIHRoZSBkZWNsYXJhdGlvbiBkaXJlY3RseSB0byB0 aGUgTVVEIG1hbmFnZXIuDQoNCknigJltIGdvaW5nIHRvIGZvY3VzIG9uIHRoZSBsYXR0ZXIgZm9y IHRoZSBtb21lbnQuICBJdCBpcyBlYXN5IGVub3VnaCB0byBjcmVhdGUgYSBSRVNUZnVsIGludGVy ZmFjZSBmb3IgdGhpcyBwdXJwb3NlLCBidXQgaXQgcmVxdWlyZXMgYSBtZWNoYW5pc20gdG8gZGlz Y292ZXJlZCB0aGUgTVVEIG1hbmFnZXIsIHdoaWNoIHVwIHVudGlsIG5vdyBoYXMgYmVlbiBhbiBp bnRlcm5hbCBwYXJ0IG9mIHRoZSBuZXR3b3JrIGluZnJhc3RydWN0dXJlLg0KDQpMZXQgbWUgY2Fs bCB0aGlzIG91dCBwbGFpbmx5OiBsZXR0aW5nIHRoZSBhcHAgaXRzZWxmIGRpcmVjdGx5IGNhbGwg dGhlIE1VRCBtYW5hZ2VyIHJlcXVpcmVzIHRoYXQgdGhlIE1VRCBtYW5hZ2VyIGl0c2VsZiBiZWNv bWUgZXhwb3NlZCB0byB0aGUgdXNlciBpbmZyYXN0cnVjdHVyZSwgd2hpY2ggaXMgYSBjaGFuZ2Uu DQoNCk9uZSBwb3NzaWJpbGl0eSB0byBhZGRyZXNzIHRoaXMgaXMgdG8gaW5jb3Jwb3JhdGUgdGhl IG5ldyBSRVNUZnVsIGVuZHBvaW50IGludG8gYW4gQU5JTUEgQlJTS0kgam9pbiByZWdpc3RyYXIs IHdoaWNoIG1heSBhbHJlYWR5IGJlIGV4cG9zZWQuICBCdXQgdGhhdCByZXF1aXJlcyB0aGF0IEFO SU1BIEJSU0tJIGJlIGluIHBsYXksIHdoaWNoIGl0IG1heSBub3QuDQoNCk15IHRoaW5raW5nIGlz IHRoYXQgd2UgZG8gdGhpcyB3b3JrIGluIHR3byBzdGFnZXMuICBGaXJzdCBoYW5kbGUgdGhlIGVh c3kgY2FzZSwgd2hpY2ggaXMgdGhlIE1VRCBmaWxlIGV4dGVuc2lvbiwgYW5kIHRoZW4gZmlndXJl IG91dCBob3cgdG8gZG8gdGhlIGFwcCB2ZXJzaW9uIG9mIHRoaXMuDQoNClRob3VnaHRzPw0KDQpF bGlvdA0KDQo= --_000_B8F9A780D330094D99AF023C5877DABAA49BC8F3nkgeml513mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk65a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0K QGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQg NSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglw YW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5 OuW+rui9r+mbhem7kTsNCglwYW5vc2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAx IDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOW+rui9r+mbhem7kSI7DQoJcGFu b3NlLTE6MiAxMSA1IDMgMiAyIDQgMiAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAu TXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCglt YXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseTrl rovkvZM7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRl ZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJ Y29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5hcHBsZS1j b252ZXJ0ZWQtc3BhY2UNCgl7bXNvLXN0eWxlLW5hbWU6YXBwbGUtY29udmVydGVkLXNwYWNlO30N CnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0No cERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBw dDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2lu OjcyLjBwdCA5MC4wcHQgNzIuMHB0IDkwLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6 V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1s aXN0LWlkOjEyMDU4MjUzMjY7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi03ODA1NjAzODt9DQpA bGlzdCBsMDpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMg0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0K CW1zby1sZXZlbC10YWItc3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3Qg bDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1z aXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNv LWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm b250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9w OjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1i b2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI4OC4wcHQ7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6 bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4 dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXpl OjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDENCgl7bXNvLWxpc3QtaWQ6 MTQyMjQxMDc4NDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTE0Nzc2NzAxNDY7fQ0KQGxpc3Qg bDE6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDINCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u dC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDox MDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot MTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9s O30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxl dmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZl bC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIu MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30N CkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVs OQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyDQoJe21zby1saXN0LWlkOjE5MTMz NDgyNTE7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0zNTU4MDY1NTI7fQ0KQGxpc3QgbDI6bGV2 ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv grc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu MHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMjpsZXZlbDINCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p bHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0 Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0 Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBs aXN0IGwyOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNQ0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0K CW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt c3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwyOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsOQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNtO30NCnVsDQoJe21h cmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8 bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFb ZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0i ZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91 dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpILUNOIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R5Lu25Lq6PHNwYW4gbGFu Zz0iRU4tVVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMt c2VyaWYiPiBFbGlvdCBMZWFyIFttYWlsdG86bGVhckBjaXNjby5jb21dDQo8YnI+DQo8L3NwYW4+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v 6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuWPkemAgeaXtumXtDxzcGFuIGxhbmc9IkVOLVVTIj46 PC9zcGFuPjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj4gMjAx OTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvl vq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5bm0PHNwYW4gbGFuZz0iRU4tVVMiPjc8L3Nw YW4+5pyIPHNwYW4gbGFuZz0iRU4tVVMiPjE8L3NwYW4+5pelPHNwYW4gbGFuZz0iRU4tVVMiPg0K IDE1OjUyPGJyPg0KPC9zcGFuPjxiPuaUtuS7tuS6ujxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFu PjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IFFpbiBXdSAmbHQ7YmlsbC53dUBodWF3ZWkuY29tJmd0 Ozxicj4NCjwvc3Bhbj48Yj7mioTpgIE8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNw YW4gbGFuZz0iRU4tVVMiPiBvcHNhd2dAaWV0Zi5vcmc7IG11ZEBpZXRmLm9yZzxicj4NCjwvc3Bh bj48Yj7kuLvpopg8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4t VVMiPiBSZTogW09QU0FXR10gRGVjbGFyaW5nIHNvbWV0aGluZyB0byBiZSBhIGNvbnRyb2xsZXIg aW4gTVVEPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48YnI+ DQo8YnI+DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2lu LXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+T24gMSBKdWwgMjAxOSwgYXQgMDk6MjAsIFFpbiBXdSAm bHQ7PGEgaHJlZj0ibWFpbHRvOmJpbGwud3VAaHVhd2VpLmNvbSI+YmlsbC53dUBodWF3ZWkuY29t PC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1z ZXJpZiI+5Y+R5Lu25Lq6PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3Bh biBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNh bnMtc2VyaWYiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5z LXNlcmlmIj5PUFNBV0cNCiBbPGEgaHJlZj0ibWFpbHRvOm9wc2F3Zy1ib3VuY2VzQGlldGYub3Jn Ij48c3BhbiBzdHlsZT0iY29sb3I6cHVycGxlIj5tYWlsdG86b3BzYXdnLWJvdW5jZXNAaWV0Zi5v cmc8L3NwYW4+PC9hPl08c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8 L3NwYW4+PC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7ku6Pooag8c3BhbiBjbGFzcz0i YXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwv c3Bhbj48L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+RWxpb3QN CiBMZWFyPGJyPg0KPC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lj5HpgIHml7bpl7Q8 c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1j b252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+Jm5ic3A7 PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPjIwMTk8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v 6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuW5tDxzcGFuIGxhbmc9IkVOLVVTIj42PC9zcGFuPuac iDxzcGFuIGxhbmc9IkVOLVVTIj4yNDwvc3Bhbj7ml6U8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVy dGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBs YW5nPSJFTi1VUyI+MTc6NDg8YnI+DQo8L3NwYW4+PGI+5pS25Lu25Lq6PHNwYW4gbGFuZz0iRU4t VVMiPjo8L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48YSBo cmVmPSJtYWlsdG86b3BzYXdnQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29sb3I6cHVycGxlIj5v cHNhd2dAaWV0Zi5vcmc8L3NwYW4+PC9hPjs8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNw YWNlIj4mbmJzcDs8L3NwYW4+PGEgaHJlZj0ibWFpbHRvOm11ZEBpZXRmLm9yZyI+PHNwYW4gc3R5 bGU9ImNvbG9yOnB1cnBsZSI+bXVkQGlldGYub3JnPC9zcGFuPjwvYT48YnI+DQo8L3NwYW4+PGI+ 5Li76aKYPHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1j b252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjxz cGFuIGxhbmc9IkVOLVVTIj5bT1BTQVdHXSBEZWNsYXJpbmcgc29tZXRoaW5nIHRvIGJlIGEgY29u dHJvbGxlciBpbiBNVUQ8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkhpIGV2ZXJ5b25lLDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPkEgZmV3IG9mIHVzIGFyZSBqdXN0IHRyeWluZyB0byBwdXQgb3V0IGFuIGluaXRp YWwgZHJhZnQgdGhhdCBhZGRyZXNzZXMgb25lIGdhcCBpbiBNVUQgKHRoZXJlIGFyZSBzZXZlcmFs KS4gJm5ic3A7SW4gYSBNVUQgZmlsZSBvbmUgY2FuIHNheSB0aGF0IG9uZSB3YW50cyB0byBhY2Nl c3MgYSBjb250cm9sbGVyIGluIHR3byB3YXlzOiBlaXRoZXIgJnF1b3Q7bXktY29udHJvbGxlcjwv c3Bhbj7igJ08c3BhbiBsYW5nPSJFTi1VUyI+DQogbWVhbmluZyBhIGNvbnRyb2xsZXIgdGhhdCBz ZXJ2aWNlcyBkZXZpY2VzIG9mIGEgcGFydGljdWxhciBNVUQgVVJMIG9yIGEgPC9zcGFuPuKAnDxz cGFuIGxhbmc9IkVOLVVTIj5jb250cm9sbGVyPC9zcGFuPuKAnTxzcGFuIGxhbmc9IkVOLVVTIj4g Y2xhc3MgdGhhdCBzZXJ2aWNlcyBkZXZpY2VzIGJhc2VkIG9uIGEgcGFydGljdWxhciBjbGFzcyBu YW1lIG9mIGNvbnRyb2xsZXIuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N CjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5JbiBlaXRoZXIgY2FzZSwg cmlnaHQgbm93IHRoZSBhZG1pbmlzdHJhdG9yIGhhcyB0byBtYW51YWxseSBrbm93IGFuZCBwb3B1 bGF0ZSBpbmZvcm1hdGlvbiwgdG8gc2F5IC0gc29tZSBkZXZpY2UgMS4yLjMuNCBpcyBhIGNvbnRy b2xsZXIsIGVpdGhlciBmb3IgTVVEIFVSTDxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3Bh Y2UiPiZuYnNwOzwvc3Bhbj48YSBocmVmPSJodHRwczovL2V4YW1wbGUuY29tL211ZCI+PHNwYW4g c3R5bGU9ImNvbG9yOnB1cnBsZSI+aHR0cHM6Ly9leGFtcGxlLmNvbS9tdWQ8L3NwYW4+PC9hPiZu YnNwO29yDQogYSBjbGFzczxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNw Ozwvc3Bhbj48YSBocmVmPSJodHRwOi8vZXhhbXBsZS5jb20vbXVkY2xhc3MxIj48c3BhbiBzdHls ZT0iY29sb3I6cHVycGxlIj5odHRwOi8vZXhhbXBsZS5jb20vbXVkY2xhc3MxPC9zcGFuPjwvYT4u ICZuYnNwO1RoYXQgY2FuIGJlIGxhYm9yaW91cy4gJm5ic3A7VG8gYXNzaXN0LCB3ZSBhcmUgZXhh bWluaW5nIHdheXMgdG8gaGF2ZSBhIGNvbnRyb2xsZXIgZGVjbGFyZSBpdHNlbGYgYXMgYQ0KIGNh bmRpZGF0ZSBjb250cm9sbGVyLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPltRaW5dOiBTaW5jZSBNVUQgaW4gUkZDODUy MCBoYXMgYWxyZWFkeSBzcGVjaWZ5IEROUyBleHRlbnNpb24gYW5kIERIQ1AgZXh0ZW5zaW9uLCB3 aHkgbm90IGNvbmZpZ3VyZSBNVUQgbWFuYWdlciB3aXRoIGNvbnRyb2xsZXLigJlzIGRlY2xhcmF0 aW9uPyBTbw0KIHRoZSBSRVNURlVMIGludGVyZmFjZSBjYW4gYmUgZGVmaW5lZCBiZXR3ZWVuIE5N UyBhbmQgY29udHJvbGxlciwgaWYgbXkgdW5kZXJzdGFuZGluZyBpcyBjb3JyZWN0Ljwvc3Bhbj48 c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6 MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjoj MUY0OTdEIj5JIGJlbGlldmUgdGhpcyBpcyBuZXR3b3JrIGluaXRpYXRlZCBzb2x1dGlvbiwgeW91 IG1pZ2h0IGhhdmUgY2xpZW50IGluaXRpYXRlZCBzb2x1dGlvbiwgYnV0IHByb2JhYmx5IG1vcmUg Y29tcGxpY2F0ZWQgdGhhbiBuZXR3b3JrIGluaXRpYXRlZCBzb2x1dGlvbi48L3NwYW4+PHNwYW4g bGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Q2FuIHlvdSBzYXkgYSBmZXcgbW9yZSB3b3Jk cz8gJm5ic3A7SeKAmW0gbm90IHN1cmUgSeKAmW0gcXVpdGUgZm9sbG93aW5nIHlvdS48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyIgc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPltRaW5dOiBXaGF0IEkgYW0gc3Vn Z2VzdGluZyBpcyBOTVMgcHJlY29uZmlndXJlcyB0aGUgTVVEIG1hbmFnZXIgd2l0aCBjb250cm9s bGVy4oCZcyBkZWNsYXJhdGlvbiBpbmZvcm1hdGlvbiwgZHVyaW5nIERIQ1AgcHJvY2VzcyBvciBE TlMgcHJvY2VzcywgdGhlIGNvbnRyb2xsZXLigJlzIGRlY2xhcmF0aW9uIGNhbiBiZSByZXR1cm5l ZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+VG8gdGhlIHJvdXRlciBvciBzd2l0Y2gg YmV0d2VlbiB0aGUgdGhpbmcgYW5kIE1VRCBtYW5hZ2VyIG9yIHJldHVybiB0byB0aGUgdGhpbmcs IHRoZSByb3V0ZXIgb3IgdGhlIHRoaW5nIGNhbiBhY2Nlc3MgY29udHJvbGxlciB0aHJvdWdoIGNv bnRyb2xsZXINCiBkZWxjbGFydGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SWYgdGhlIE1VRCBtYW5hZ2VyIGFs c28gbmVlZHMgdG8gYmUgYWR2ZXJ0aXNlZCB0byB0aGUgdGhpbmcsIERIQ1AgRGlzY292ZXJ5IG9y IEROUyBwcm9jZXNzIGNhbiBiZSBsZXZlcmFnZWQuIEluIHRoaXMgY2FzZSwgTk1TIG5lZWRzIHRv IHByZWNvbmZpZ3VyZQ0KIERIQ1Agc2VydmVyIHdpdGggTVVEIG1hbmFnZXIgaW5mb3JtYXRpb24u PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyI+RWxpb3Q8YnI+DQo8YnI+DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8YmxvY2txdW90ZSBz dHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7VGhhdCBhdCBsZWFzdCBwcm92aWRlcyBhIGhpbnQgdG8gdGhl IGFkbWluaXN0cmF0b3IgdGhhdCB0aGlzIHBhcnRpY3VsYXIgZGV2aWNlIGlzIGNhcGFibGUgb2Yg c2VydmluZyBpbiBhIHBhcnRpY3VsYXIgcm9sZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxk aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRvIG1h a2UgdGhhdCBkZWNsYXJhdGlvbiwgdGhlIGRldmljZSBtdXN0LTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBjbSIgdHlw ZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwxIGxldmVs MSBsZm8xIj48c3BhbiBsYW5nPSJFTi1VUyI+Rm9ybSB0aGUgZGVjbGFyYXRpb247PG86cD48L286 cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwxIGxl dmVsMSBsZm8xIj48c3BhbiBsYW5nPSJFTi1VUyI+RmluZCB0aGUgTVVEIG1hbmFnZXI7IGFuZDxv OnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlz dDpsMSBsZXZlbDEgbGZvMSI+PHNwYW4gbGFuZz0iRU4tVVMiPlNlbmQgaXQuPG86cD48L286cD48 L3NwYW4+PC9saT48L3VsPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+Rm9ybWluZyB0aGUgZGVjbGFyYXRpb24gaXMgZWFzeTogd2UgY2FuIG1ha2UgdGhp cyBhIFlBTkcgZ3JvdXBpbmcgYW5kIHRoZW4gcGxhY2UgaXQgaW4gdmFyaW91cyBzcG90cy48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPkZpbmRpbmcgdGhlIE1VRCBtYW5hZ2VyIGRlcGVuZHMgb24gb25l IHF1ZXN0aW9uOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0K PHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBjbSIgdHlwZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1saXN0OmwyIGxldmVsMSBsZm8yIj48c3BhbiBsYW5nPSJFTi1VUyI+ V2FzIHRoZSBkZXZpY2UgYnVpbHQgdG8gYmUgYSBjb250cm9sbGVyIG9yIGlzIGl0IGEgZ2VuZXJh bCBwdXJwb3NlIGRldmljZSB0aGF0IGhhcyBhbiBhcHAgdGhhdCBpcyBpbnRlbmRlZCB0byBiZSBh IGNvbnRyb2xsZXI/PG86cD48L286cD48L3NwYW4+PC9saT48L3VsPg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SWYgdGhlIGRldmljZSB3YXMgYnVpbHQg dG8gYmUgYSBjb250cm9sbGVyLCB3ZSBjYW4gc2ltcGx5IGNyYW0gdGhlIGRlY2xhcmF0aW9uIGlu dG8gdGhhdCBkZXZpY2VzIG93biBNVUQgZmlsZSBhcyBhbiBleHRlbnNpb24uICZuYnNwO0lmIHRo ZSBkZXZpY2UgaXMgYSBnZW5lcmFsIHB1cnBvc2UgY29tcHV0ZXIsIHRoaW5ncyBnZXQgYSBiaXQg bW9yZSBpbnRlcmVzdGluZy4gJm5ic3A7SW4gdGhpcw0KIGNhc2Ugd2UgaGF2ZSB0d28gY2hvaWNl czo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6 MGNtIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLWxpc3Q6 bDAgbGV2ZWwxIGxmbzMiPjxzcGFuIGxhbmc9IkVOLVVTIj5FaXRoZXIgY3JlYXRlIGEgTVVEIGZp bGUgdGhhdCBwb2ludHMgc29tZXdoZXJlIGludGVybmFsbHkgLSB0aGlzIGRvZXNuPC9zcGFuPuKA mTxzcGFuIGxhbmc9IkVOLVVTIj50IHNlZW0gdmVyeSBwbHVnIGFuZCBwbGF5LjxvOnA+PC9vOnA+ PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMCBsZXZl bDEgbGZvMyI+PHNwYW4gbGFuZz0iRU4tVVMiPk1ha2UgdGhlIGRlY2xhcmF0aW9uIGRpcmVjdGx5 IHRvIHRoZSBNVUQgbWFuYWdlci48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5JPC9zcGFuPuKAmTxzcGFu IGxhbmc9IkVOLVVTIj5tIGdvaW5nIHRvIGZvY3VzIG9uIHRoZSBsYXR0ZXIgZm9yIHRoZSBtb21l bnQuICZuYnNwO0l0IGlzIGVhc3kgZW5vdWdoIHRvIGNyZWF0ZSBhIFJFU1RmdWwgaW50ZXJmYWNl IGZvciB0aGlzIHB1cnBvc2UsIGJ1dCBpdCByZXF1aXJlcyBhIG1lY2hhbmlzbSB0byBkaXNjb3Zl cmVkIHRoZSBNVUQgbWFuYWdlciwgd2hpY2ggdXAgdW50aWwgbm93DQogaGFzIGJlZW4gYW4gaW50 ZXJuYWwgcGFydCBvZiB0aGUgbmV0d29yayBpbmZyYXN0cnVjdHVyZS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiPkxldCBtZSBjYWxsIHRoaXMgb3V0IHBsYWlubHk6IGxldHRpbmcgdGhlIGFwcCBpdHNl bGYgZGlyZWN0bHkgY2FsbCB0aGUgTVVEIG1hbmFnZXIgcmVxdWlyZXMgdGhhdCB0aGUgTVVEIG1h bmFnZXIgaXRzZWxmIGJlY29tZSBleHBvc2VkIHRvIHRoZSB1c2VyIGluZnJhc3RydWN0dXJlLCB3 aGljaCBpcyBhIGNoYW5nZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPk9uZSBwb3NzaWJpbGl0eSB0 byBhZGRyZXNzIHRoaXMgaXMgdG8gaW5jb3Jwb3JhdGUgdGhlIG5ldyBSRVNUZnVsIGVuZHBvaW50 IGludG8gYW4gQU5JTUEgQlJTS0kgam9pbiByZWdpc3RyYXIsIHdoaWNoIG1heSBhbHJlYWR5IGJl IGV4cG9zZWQuICZuYnNwO0J1dCB0aGF0IHJlcXVpcmVzIHRoYXQgQU5JTUEgQlJTS0kgYmUgaW4g cGxheSwgd2hpY2ggaXQgbWF5IG5vdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPk15IHRoaW5raW5n IGlzIHRoYXQgd2UgZG8gdGhpcyB3b3JrIGluIHR3byBzdGFnZXMuICZuYnNwO0ZpcnN0IGhhbmRs ZSB0aGUgZWFzeSBjYXNlLCB3aGljaCBpcyB0aGUgTVVEIGZpbGUgZXh0ZW5zaW9uLCBhbmQgdGhl biBmaWd1cmUgb3V0IGhvdyB0byBkbyB0aGUgYXBwIHZlcnNpb24gb2YgdGhpcy48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiPlRob3VnaHRzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+RWxpb3Q8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8 L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_B8F9A780D330094D99AF023C5877DABAA49BC8F3nkgeml513mbxchi_-- From nobody Mon Jul 1 03:26:07 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97313120071; Mon, 1 Jul 2019 03:26:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8jKoFMqnHAER; Mon, 1 Jul 2019 03:26:02 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D53912001A; Mon, 1 Jul 2019 03:26:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=30539; q=dns/txt; s=iport; t=1561976761; x=1563186361; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=NBRXP+VQ30fvYdQytwg14cidCtRPNjYyHGjOwLtMUg8=; b=FKsePs1AQQbUBL3IkpdUYYP1WQrzDgEL6dVsfex2M8YQoVMgugKx7JGU VYwaTOw7zFoxXHjB4XUDi3Q9CYq8PQv8Xwhoj0JD0XdfKb7LSLEaOIsG8 OOZJD+8SPgKHWZkvZch/Y8YduPHQEnbKLyF6KAhA6gkfLptnUq/G4NVR2 M=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BVAAAB3xld/xbLJq1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBZ4EVgWyBBCEHhB2Ie4wImm0CBwEBAQkDAQEfEAEBhEACgyU?= =?us-ascii?q?4EwEDAQEEAQECAQVtijcMhUoBAQEDASNRBQULCQIOCiABBgMCAkYRBhMbgwc?= =?us-ascii?q?BgXsPCIgkm2uBMoVHhGkQgTSBUYolgX+BOB+CHi4+glaBWBI6glQygiYEjAo?= =?us-ascii?q?zh0BalVgJghiCH4ELgymNJxuDF4oUij6UEViBeoJXiBCDCQIEBgUCFYFnIYF?= =?us-ascii?q?YMxoIGxVlAYJBCTWCCoNqilU9AzCPCQEB?= X-IronPort-AV: E=Sophos;i="5.63,439,1557187200"; d="asc'?scan'208,217";a="13803106" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Jul 2019 10:25:59 +0000 Received: from [10.61.163.11] ([10.61.163.11]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x61APvvq012158 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 1 Jul 2019 10:25:57 GMT From: Eliot Lear Message-Id: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_6AEA70B0-73A8-435F-A99B-2ED61626EACD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 1 Jul 2019 12:25:56 +0200 In-Reply-To: Cc: "opsawg@ietf.org" , "mud@ietf.org" To: Qin Wu References: X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.163.11, [10.61.163.11] X-Outbound-Node: aer-core-4.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 10:26:05 -0000 --Apple-Mail=_6AEA70B0-73A8-435F-A99B-2ED61626EACD Content-Type: multipart/alternative; boundary="Apple-Mail=_30DD97C1-D18E-49F7-9BC5-F03D465FB26C" --Apple-Mail=_30DD97C1-D18E-49F7-9BC5-F03D465FB26C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Qin and others: Just to get the ball rolling, I=E2=80=99ve posted today = draft-lear-opsawg-mud-controller-candidates-00. I think this should help the discussion. Eliot > On 1 Jul 2019, at 10:23, Qin Wu wrote: >=20 > =E5=8F=91=E4=BB=B6=E4=BA=BA: Eliot Lear [mailto:lear@cisco.com = ] > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B47=E6=9C=881=E6=97=A5 = 15:52 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu > > =E6=8A=84=E9=80=81: opsawg@ietf.org ; = mud@ietf.org > =E4=B8=BB=E9=A2=98: Re: [OPSAWG] Declaring something to be a = controller in MUD >=20 >=20 >=20 >=20 > On 1 Jul 2019, at 09:20, Qin Wu > wrote: >=20 > =E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org = ] =E4=BB=A3=E8=A1=A8 Eliot Lear > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5= 17:48 > =E6=94=B6=E4=BB=B6=E4=BA=BA: opsawg@ietf.org ; = mud@ietf.org > =E4=B8=BB=E9=A2=98: [OPSAWG] Declaring something to be a controller in = MUD >=20 > Hi everyone, >=20 > A few of us are just trying to put out an initial draft that addresses = one gap in MUD (there are several). In a MUD file one can say that one = wants to access a controller in two ways: either "my-controller=E2=80=9D = meaning a controller that services devices of a particular MUD URL or a = =E2=80=9Ccontroller=E2=80=9D class that services devices based on a = particular class name of controller. >=20 > In either case, right now the administrator has to manually know and = populate information, to say - some device 1.2.3.4 is a controller, = either for MUD URL https://example.com/mud or = a class http://example.com/mudclass1 . = That can be laborious. To assist, we are examining ways to have a = controller declare itself as a candidate controller. >=20 > [Qin]: Since MUD in RFC8520 has already specify DNS extension and DHCP = extension, why not configure MUD manager with controller=E2=80=99s = declaration? So the RESTFUL interface can be defined between NMS and = controller, if my understanding is correct. > I believe this is network initiated solution, you might have client = initiated solution, but probably more complicated than network initiated = solution. >=20 > Can you say a few more words? I=E2=80=99m not sure I=E2=80=99m quite = following you. > [Qin]: What I am suggesting is NMS preconfigures the MUD manager with = controller=E2=80=99s declaration information, during DHCP process or DNS = process, the controller=E2=80=99s declaration can be returned > To the router or switch between the thing and MUD manager or return to = the thing, the router or the thing can access controller through = controller delclartion. >=20 > If the MUD manager also needs to be advertised to the thing, DHCP = Discovery or DNS process can be leveraged. In this case, NMS needs to = preconfigure DHCP server with MUD manager information. >=20 > Eliot >=20 >=20 > That at least provides a hint to the administrator that this = particular device is capable of serving in a particular role. >=20 > To make that declaration, the device must- > Form the declaration; > Find the MUD manager; and > Send it. >=20 > Forming the declaration is easy: we can make this a YANG grouping and = then place it in various spots. >=20 > Finding the MUD manager depends on one question: > Was the device built to be a controller or is it a general purpose = device that has an app that is intended to be a controller? >=20 > If the device was built to be a controller, we can simply cram the = declaration into that devices own MUD file as an extension. If the = device is a general purpose computer, things get a bit more interesting. = In this case we have two choices: >=20 > Either create a MUD file that points somewhere internally - this = doesn=E2=80=99t seem very plug and play. > Make the declaration directly to the MUD manager. >=20 > I=E2=80=99m going to focus on the latter for the moment. It is easy = enough to create a RESTful interface for this purpose, but it requires a = mechanism to discovered the MUD manager, which up until now has been an = internal part of the network infrastructure. >=20 > Let me call this out plainly: letting the app itself directly call the = MUD manager requires that the MUD manager itself become exposed to the = user infrastructure, which is a change. >=20 > One possibility to address this is to incorporate the new RESTful = endpoint into an ANIMA BRSKI join registrar, which may already be = exposed. But that requires that ANIMA BRSKI be in play, which it may = not. >=20 > My thinking is that we do this work in two stages. First handle the = easy case, which is the MUD file extension, and then figure out how to = do the app version of this. >=20 > Thoughts? >=20 > Eliot >=20 --Apple-Mail=_30DD97C1-D18E-49F7-9BC5-F03D465FB26C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Qin = and others:

Just to = get the ball rolling, I=E2=80=99ve posted today draft-lear-opsawg-mud-controller-candidates-00.

I = think this should help the discussion.

Eliot

On 1 Jul 2019, at 10:23, Qin Wu <bill.wu@huawei.com> = wrote:

=E5=8F=91=E4=BB=B6=E4=BA=BA: Eliot Lear [mailto:lear@cisco.com] 
=E5=8F=91=E9=80=81=E6=97=B6=E9= =97=B4: 2019=E5=B9=B47=E6=9C=881=E6=97=A5 15:52
=E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu <bill.wu@huawei.com>
=E6=8A=84=E9=80=81: opsawg@ietf.org; mud@ietf.org
=E4=B8=BB=E9=A2=98: Re: [OPSAWG] Declaring = something to be a controller in MUD
 
 


On 1 Jul 2019, at 09:20, Qin Wu <bill.wu@huawei.com> = wrote:
 
=E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [mailto:opsawg-bounces@ietf.org] =E4=BB=A3=E8=A1=A8 Eliot Lear
=E5=8F=91=E9=80=81=E6=97=B6=E9= =97=B4: 2019=E5=B9=B46=E6=9C=8824=E6=97=A5 17:48
=E6=94=B6=E4=BB=B6=E4=BA= =BA: opsawg@ietf.org; mud@ietf.org
=E4=B8=BB=E9=A2=98: [OPSAWG] Declaring something to be a controller in = MUD
 
Hi everyone,
 
A few of us are just trying to put out an initial draft that = addresses one gap in MUD (there are several).  In a MUD file one = can say that one wants to access a controller in two ways: either = "my-controller=E2=80=9D meaning a controller that = services devices of a particular MUD URL or a =E2=80=9Ccontroller=E2=80=9D class that = services devices based on a particular class name of controller.
 
In either case, right now the administrator = has to manually know and populate information, to say - some device = 1.2.3.4 is a controller, either for MUD URL https://example.com/mud or a class http://example.com/mudclass1.  That can be = laborious.  To assist, we are examining ways to have a controller = declare itself as a candidate controller.
 
[Qin]: Since = MUD in RFC8520 has already specify DNS extension and DHCP extension, why = not configure MUD manager with controller=E2=80=99s declaration? So the = RESTFUL interface can be defined between NMS and controller, if my = understanding is correct.
I believe this = is network initiated solution, you might have client initiated solution, = but probably more complicated than network initiated = solution.
 
Can you = say a few more words?  I=E2=80=99m not sure I=E2=80=99m quite = following you.
[Qin]: What I am = suggesting is NMS preconfigures the MUD manager with controller=E2=80=99s = declaration information, during DHCP process or DNS process, the = controller=E2=80=99s declaration can be returned
To the router or switch = between the thing and MUD manager or return to the thing, the router or = the thing can access controller through controller delclartion.
 
If the MUD = manager also needs to be advertised to the thing, DHCP Discovery or DNS = process can be leveraged. In this case, NMS needs to preconfigure DHCP = server with MUD manager information.
 
Eliot

 
 That at least provides = a hint to the administrator that this particular device is capable of = serving in a particular role.
 
To make that declaration, the device must-
  • Form the declaration;
  • Find = the MUD manager; and
  • Send = it.
 
Forming the declaration is easy: we can make = this a YANG grouping and then place it in various spots.
 
Finding the MUD manager depends on one = question:
  • Was the device built to be a controller or is = it a general purpose device that has an app that is intended to be a = controller?
 
If the device was built to be a controller, we = can simply cram the declaration into that devices own MUD file as an = extension.  If the device is a general purpose computer, things get = a bit more interesting.  In this case we have two choices:
 
  • Either create a MUD file that points somewhere = internally - this doesn=E2=80=99t = seem very plug and play.
  • Make = the declaration directly to the MUD manager.
 
I=E2=80=99m going to = focus on the latter for the moment.  It is easy enough to create a = RESTful interface for this purpose, but it requires a mechanism to = discovered the MUD manager, which up until now has been an internal part = of the network infrastructure.
 
Let me call this out plainly: letting the app = itself directly call the MUD manager requires that the MUD manager = itself become exposed to the user infrastructure, which is a change.
 
One possibility to address this is to = incorporate the new RESTful endpoint into an ANIMA BRSKI join registrar, = which may already be exposed.  But that requires that ANIMA BRSKI = be in play, which it may not.
 
My thinking is that we do this work in two = stages.  First handle the easy case, which is the MUD file = extension, and then figure out how to do the app version of this.
 
Thoughts?
 
Eliot
 

= --Apple-Mail=_30DD97C1-D18E-49F7-9BC5-F03D465FB26C-- --Apple-Mail=_6AEA70B0-73A8-435F-A99B-2ED61626EACD Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRnftAAKCRBugA9nE248 uKjlAJ96l9QJuzS7i7BdaBn2c0wFZb5+ZACgmPbVBNHw4vVoyPNeCy00iK3p2q0= =pcAS -----END PGP SIGNATURE----- --Apple-Mail=_6AEA70B0-73A8-435F-A99B-2ED61626EACD-- From nobody Mon Jul 1 04:52:33 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDD9B12022A; Mon, 1 Jul 2019 04:52:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1i0iaeeSrCoN; Mon, 1 Jul 2019 04:52:24 -0700 (PDT) Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CF1012008D; Mon, 1 Jul 2019 04:52:24 -0700 (PDT) Received: by mail-io1-xd2d.google.com with SMTP id j6so28121478ioa.5; Mon, 01 Jul 2019 04:52:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=nAsGyo/ohAFHnjdrqk/X4fhq6HCnDW6F7AbxKf7dsZA=; b=tcb4gKCitOggljb69cdD13t1Rfr75Nfg9mtxe3395JgKWmOuUWml69H9DJBXINNVQ0 RXn7KYzq2HbfwmNBUuF0nry8sUWqzgY0gA58SfMAbe0tZwro46ljEsTD+/iWodWE/Cr9 glsW/RtHmn7XBd1Vqxy8kBmcRW/6R8zg4z1HKfj/nHlGgAF5l12Jl+j7cZxhoD653Hbs lTUkSEM8H4FJY9kilOdqFK8JTwePOllpGLP+7mLSFf7tbMRFjsb10slx1iW3jAJ9XH/E 1OevLVO9H8QsOTJ2naY9jBrQpaxRFwFXNl8bDI9rj5EnomusH/eE26fhCZMNx3p0CH78 YWDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=nAsGyo/ohAFHnjdrqk/X4fhq6HCnDW6F7AbxKf7dsZA=; b=YQnOG/85Kaa0Vt3WSrcKk0CnUTpfkn5yNTEP7JAhFekzYbFQMlbI0pyCu+X4CCtk/x MH0wTDo4h//s8JU787aBTyQ6L9oVZZgiwDk87xDzBb2gGglzKT53e5BfZ9SaxNk4lbaM 6RI9Qmi6wAwFoD1G3iOOGS+8F1cOFeEzvVNZPREfjib48wFSV1tu0PwQZWw7PGRHbAVy cbygM2jAFQAPEJvXEE6NI3g9cNjp4P1xOjdnYItUOMF4O565hjRmuIh94TtDH/Lu6uGw ImagOWt+VSJfD1DlHzf96bD2ti5OD72zsyKiOjzCklQ4cltDnA4ajVaOhYUuFiQRTaah wNgw== X-Gm-Message-State: APjAAAWXUoNTj+Ro9Hbl2zjh96xRJtKcbwCk8qTQtERWbifS3rnO2rLs FEMDV+E8+B1XCDWY65p7+daHEQb18t5zDJoNk447ECnBwvo= X-Google-Smtp-Source: APXvYqwKv7PufIB+m0/Y8naPEkpOky2yypQl/k+KGAtV2SiayRLN21u1wZlihP6FgOiaG8JmrOinp1c7BcTKkoGT5Ks= X-Received: by 2002:a05:6638:5:: with SMTP id z5mr29129225jao.58.1561981943104; Mon, 01 Jul 2019 04:52:23 -0700 (PDT) MIME-Version: 1.0 References: <29188.1561913378@localhost> In-Reply-To: <29188.1561913378@localhost> From: "M. Ranganathan" Date: Mon, 1 Jul 2019 07:51:50 -0400 Message-ID: To: iot-onboarding@ietf.org, mud@ietf.org Content-Type: multipart/alternative; boundary="000000000000dd468f058c9d4274" Archived-At: Subject: Re: [Mud] Side meeting at the IETF Montreal - call for agenda items X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 11:52:27 -0000 --000000000000dd468f058c9d4274 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The following draft looks interesting: https://tools.ietf.org/html/draft-lear-opsawg-mud-bw-profile-00 Are there any plans for follow-on work? (I'd like to bring it up for discussion during the side meeting ). Regards On Sun, Jun 30, 2019 at 12:49 PM Michael Richardson wrote: > > Eliot Lear wrote: > > A number of people have contacted me about meeting in Montreal, and > > that they wouldn=E2=80=99t be available after Tuesday. Convenientl= y, Monday > > morning is reserved for side meetings. I propose we take advantage > of > > this from 9:00 - 10:30 (yes, this bleeds into the 1st session). > > It bleeds into teep, and I'm curious about the loops BOF, so I probably > take > off at the appointed time. > > > I=E2=80=99ve combined MUD and IoT Onboarding, just to save time, as= there is > > substantial community overlap. That=E2=80=99s because the spaces a= re clearly > > related, one being authentication of the device the other being > network > > authorization. > > Agreed. > > > This, then, is a call for agenda items. I have a few of my own, bu= t > > would prefer to hear from others first. Also, are you ok with the > > Monday morning time slot and keeping these activities together? > > > Ps: reminder: side meetings are not =E2=80=9Cofficial=E2=80=9D anyt= hing. Just a > > gathering of people with a common interest. However, the meeting > will > > run under the IPR rules of the IETF, regardless. All are invited. > > So, I'm not sure if you are asking for BRSKI items, or IoT onboarding > items in general. > > 1) Under BRSKI for non-ANIMA ACP uses, there is the question about > open/closed > registrars, and operational considerations of total sales channel > integration > (MASA knows the customers), vs retail integration (no knowledge of > customers). There are probably areas of grey in between that might be > worth enumerating. > > 2) There is a similar question for MUD, which is how does the MUD > controller > arrive at trust criteria for the signatures. This is the > enterprise/customer side of the above story: do you know who you are > buying from? > This relates to the discussion we have had about controllers: I think = if > we could pin down the quality of the signatures, we could say more. > > 3) MUD Operational considerations for devices that can grow "skills" > > Not really a topic exactly: but how do we get towards the point where we > can test > MUD/BRSKI integration. > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > --=20 M. Ranganathan --000000000000dd468f058c9d4274 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The following draft looks interesting:

h= ttps://tools.ietf.org/html/draft-lear-opsawg-mud-bw-profile-00

Are there any plans for follow-on work?

(I'd like to bring it up for discussion during the side meeting = ).

Regards

= On Sun, Jun 30, 2019 at 12:49 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote:

Eliot Lear <lear@cis= co.com> wrote:
=C2=A0 =C2=A0 > A number of people have contacted me about meeting in Mo= ntreal, and
=C2=A0 =C2=A0 > that they wouldn=E2=80=99t be available after Tuesday.= =C2=A0 Conveniently, Monday
=C2=A0 =C2=A0 > morning is reserved for side meetings.=C2=A0 I propose w= e take advantage of
=C2=A0 =C2=A0 > this from 9:00 - 10:30 (yes, this bleeds into the 1st se= ssion).

It bleeds into teep, and I'm curious about the loops BOF, so I probably= take
off at the appointed time.

=C2=A0 =C2=A0 > I=E2=80=99ve combined MUD and IoT Onboarding, just to sa= ve time, as there is
=C2=A0 =C2=A0 > substantial community overlap.=C2=A0 That=E2=80=99s beca= use the spaces are clearly
=C2=A0 =C2=A0 > related, one being authentication of the device the othe= r being network
=C2=A0 =C2=A0 > authorization.

Agreed.

=C2=A0 =C2=A0 > This, then, is a call for agenda items.=C2=A0 I have a f= ew of my own, but
=C2=A0 =C2=A0 > would prefer to hear from others first.=C2=A0 Also, are = you ok with the
=C2=A0 =C2=A0 > Monday morning time slot and keeping these activities to= gether?

=C2=A0 =C2=A0 > Ps: reminder: side meetings are not =E2=80=9Cofficial=E2= =80=9D anything.=C2=A0 Just a
=C2=A0 =C2=A0 > gathering of people with a common interest.=C2=A0 Howeve= r, the meeting will
=C2=A0 =C2=A0 > run under the IPR rules of the IETF, regardless.=C2=A0 A= ll are invited.

So, I'm not sure if you are asking for BRSKI items, or IoT onboarding i= tems in general.

1) Under BRSKI for non-ANIMA ACP uses, there is the question about open/clo= sed
=C2=A0 =C2=A0registrars, and operational considerations of total sales chan= nel integration
=C2=A0 =C2=A0(MASA knows the customers), vs retail integration (no knowledg= e of
=C2=A0 =C2=A0customers).=C2=A0 There are probably areas of grey in between = that might be
=C2=A0 =C2=A0worth enumerating.

2) There is a similar question for MUD, which is how does the MUD controlle= r
=C2=A0 =C2=A0arrive at trust criteria for the signatures.=C2=A0 This is the=
=C2=A0 =C2=A0enterprise/customer side of the above story: do you know who y= ou are
=C2=A0 =C2=A0buying from?
=C2=A0 =C2=A0This relates to the discussion we have had about controllers: = I think if
=C2=A0 =C2=A0we could pin down the quality of the signatures, we could say = more.

3) MUD Operational considerations for devices that can grow "skills&qu= ot;

Not really a topic exactly: but how do we get towards the point where we ca= n test
MUD/BRSKI integration.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-
--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud


--
M. Ranganathan

<= /div>
--000000000000dd468f058c9d4274-- From nobody Mon Jul 1 11:51:48 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01B812016E; Mon, 1 Jul 2019 11:51:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQ5OW1y_3JgU; Mon, 1 Jul 2019 11:51:44 -0700 (PDT) Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F9C612016C; Mon, 1 Jul 2019 11:51:44 -0700 (PDT) Received: by mail-io1-xd31.google.com with SMTP id s7so31106803iob.11; Mon, 01 Jul 2019 11:51:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UpKSfeZjex6alpCiDT3fuS1vDZstpiy1I4FwgAKQZs4=; b=mU8tv3Z5nrii6LutaPVspjRCVL106LdDe90EWRBUcQs8xys/j6tyrTzRhp10Vkmyps GVJAtSrAW8SPab8Pz5KYzxwOmRxtJ2EPb8DJAerfiSSxYHlxVt1ECY3m6EeEQ+kflLjS rLd8GGNcpd1DjPlEDzy73zBWeQzpc89++62vpGBPyOb0P1Odn2womIBxJ96Fi/PIAoXf OoHUACZbP6FdGAaRiXD6hsIKCP832YF+PwoWqHZPea3J6VNLR1lXXJJ+NDT2dKZk7mNk zeqhbDEahi79zlq/stvhaWv1AjCXwmOFmEls5zH4+B1SJAC0WjUy/del5ZSCBt9CbOac rE2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UpKSfeZjex6alpCiDT3fuS1vDZstpiy1I4FwgAKQZs4=; b=jBDXqPxBLkedGOaCfPRFuSHm4XtOd2GyEJhmxGRShywntqUJLaF7UPe6sVd5gKiX7X 0kZSgcLYBjxcK+yFTAuGOlYJOm71pcjGwH4cvaN4Ji/GNjXlN5l2KBR/ky0A7C77hZSI pnlnVp1ES2iChrkemwn+/O+gP5njBIXWCFLWGOYLgMTQ4u8Upe5KsxE9nC1ZrUAPeBf+ Y/syr7C/nKgP+Igp/WUjYahwGHKiEfOMiqNXemyjCEXRBH9Nf4qVnorP3wZ6bHZ9ajMx G1ZSGDivqLbRIhQqFyNJTqqKq3gY61zUDB5EhpEzse9S3JhX4AEqjTyHIUEib6OKmaho p48A== X-Gm-Message-State: APjAAAUqm8udKN+x/u1210wnX1NmUm0L4NqbNeadr3NwM66AbKAfCh4D nG6SqTWSDBdowH7EW693m/ztM2G3/RbiHtFhpp0= X-Google-Smtp-Source: APXvYqzeR+4f7bavjlpAUKDG8THbyVj+wWyLb89WS0butQiF/ct/GiLfXR0dqDS0MnjjfYH4Fwc+D3tPmkCpmuIWMtw= X-Received: by 2002:a02:3308:: with SMTP id c8mr30073263jae.103.1562007103098; Mon, 01 Jul 2019 11:51:43 -0700 (PDT) MIME-Version: 1.0 References: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> In-Reply-To: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> From: "M. Ranganathan" Date: Mon, 1 Jul 2019 14:51:06 -0400 Message-ID: To: Eliot Lear Cc: Qin Wu , "opsawg@ietf.org" , "mud@ietf.org" Content-Type: multipart/alternative; boundary="000000000000845370058ca31e5c" Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 18:51:47 -0000 --000000000000845370058ca31e5c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Jul 1, 2019 at 6:26 AM Eliot Lear wrote: > Qin and others: > > Just to get the ball rolling, I=E2=80=99ve posted today > draft-lear-opsawg-mud-controller-candidates-00. > > I think this should help the discussion. > > Eliot > Hello Eliot, In a similar vein to the question Qin is asking, I have a question (we could discuss during the upcoming IETF side meeting if you don't have time to respond now). What is the essential difference between a device declaring itself to be a "controller" for another class and the situation where the device (being controlled) just uses the "model" abstraction in an ACE? If a device with mud URL https://toothbrush.nist.local/super1 is a controller for device coffemaker.nist.local, then simply declare an ACE in the coffeemaker MUD file, with a Model abstraction naming toothbursh.nist.local : { "name": "man0-todev", "matches": { "ietf-mud:mud": { "model": "https://toothbrush.nist.local/super1" }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 8008 } } } (similarly in the "frdev") What is the difference (in behavior) between this and the new mechanism proposed in the draft? Thanks, Ranga > > On 1 Jul 2019, at 10:23, Qin Wu wrote: > > *=E5=8F=91=E4=BB=B6=E4=BA=BA:* Eliot Lear [mailto:lear@cisco.com ] > *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2019=E5=B9=B47=E6=9C=881=E6=97=A5= 15:52 > *=E6=94=B6=E4=BB=B6=E4=BA=BA:* Qin Wu > *=E6=8A=84=E9=80=81:* opsawg@ietf.org; mud@ietf.org > *=E4=B8=BB=E9=A2=98:* Re: [OPSAWG] Declaring something to be a controller= in MUD > > > > > On 1 Jul 2019, at 09:20, Qin Wu wrote: > > *=E5=8F=91=E4=BB=B6=E4=BA=BA:* OPSAWG [mailto:opsawg-bounces@ietf.org ] > *=E4=BB=A3=E8=A1=A8 *Eliot Lear > *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2019=E5=B9=B46=E6=9C=8824=E6=97= =A5 17:48 > *=E6=94=B6=E4=BB=B6=E4=BA=BA:* opsawg@ietf.org; mud@ietf.org > *=E4=B8=BB=E9=A2=98:* [OPSAWG] Declaring something to be a controller in = MUD > > Hi everyone, > > A few of us are just trying to put out an initial draft that addresses on= e > gap in MUD (there are several). In a MUD file one can say that one wants > to access a controller in two ways: either "my-controller=E2=80=9D meanin= g a > controller that services devices of a particular MUD URL or a =E2=80=9Cco= ntroller=E2=80=9D > class that services devices based on a particular class name of > controller. > > In either case, right now the administrator has to manually know and > populate information, to say - some device 1.2.3.4 is a controller, eithe= r > for MUD URL https://example.com/mud or a class > http://example.com/mudclass1. That can be laborious. To assist, we are > examining ways to have a controller declare itself as a candidate > controller. > > [Qin]: Since MUD in RFC8520 has already specify DNS extension and DHCP > extension, why not configure MUD manager with controller=E2=80=99s declar= ation? So > the RESTFUL interface can be defined between NMS and controller, if my > understanding is correct. > I believe this is network initiated solution, you might have client > initiated solution, but probably more complicated than network initiated > solution. > > > Can you say a few more words? I=E2=80=99m not sure I=E2=80=99m quite fol= lowing you. > [Qin]: What I am suggesting is NMS preconfigures the MUD manager with > controller=E2=80=99s declaration information, during DHCP process or DNS = process, > the controller=E2=80=99s declaration can be returned > To the router or switch between the thing and MUD manager or return to th= e > thing, the router or the thing can access controller through controller > delclartion. > > If the MUD manager also needs to be advertised to the thing, DHCP > Discovery or DNS process can be leveraged. In this case, NMS needs to > preconfigure DHCP server with MUD manager information. > > Eliot > > > That at least provides a hint to the administrator that this particular > device is capable of serving in a particular role. > > To make that declaration, the device must- > > - Form the declaration; > - Find the MUD manager; and > - Send it. > > > Forming the declaration is easy: we can make this a YANG grouping and the= n > place it in various spots. > > Finding the MUD manager depends on one question: > > - Was the device built to be a controller or is it a general purpose > device that has an app that is intended to be a controller? > > > If the device was built to be a controller, we can simply cram the > declaration into that devices own MUD file as an extension. If the devic= e > is a general purpose computer, things get a bit more interesting. In thi= s > case we have two choices: > > > - Either create a MUD file that points somewhere internally - this > doesn=E2=80=99t seem very plug and play. > - Make the declaration directly to the MUD manager. > > > I=E2=80=99m going to focus on the latter for the moment. It is easy enou= gh to > create a RESTful interface for this purpose, but it requires a mechanism = to > discovered the MUD manager, which up until now has been an internal part = of > the network infrastructure. > > Let me call this out plainly: letting the app itself directly call the MU= D > manager requires that the MUD manager itself become exposed to the user > infrastructure, which is a change. > > One possibility to address this is to incorporate the new RESTful endpoin= t > into an ANIMA BRSKI join registrar, which may already be exposed. But th= at > requires that ANIMA BRSKI be in play, which it may not. > > My thinking is that we do this work in two stages. First handle the easy > case, which is the MUD file extension, and then figure out how to do the > app version of this. > > Thoughts? > > Eliot > > > > > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > --=20 M. Ranganathan --000000000000845370058ca31e5c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable




On Mon, Jul 1, 2019 at 6:26 AM= Eliot Lear <lear@ci= sco.com> wrote:
Qin and others:

Just to get the ball rolling= , I=E2=80=99ve posted today=C2=A0draft-lear-opsawg-mud-controller-candidates-00.

I think this should help the discussion.

Eliot<= br>

Hello Eliot,

In a similar vein to the=20 question Qin is asking, I have a question (we could discuss during the=20 upcoming IETF side meeting if you don't have time to respond now).
=

What is the essential difference between a device declaring itself to be a=20 "controller" for another class and the situation where the device= (being controlled) just uses the "model" abstraction in an ACE?

If a device with mud URL=C2=A0=20 https://toothbrush.nist.lo= cal/super1 is a controller for device=20 coffemaker.nist.local, then simply declare an ACE in the coffeemaker MUD fi= le, with a Model=20 abstraction naming toothbursh.nist.local :

=C2= =A0 =C2=A0 =C2=A0=C2=A0 {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 "name": "man0-todev",
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 "matches": {
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "ietf-mud:mud": {
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "model": "https://toothbrush.nist.local/super1<= /a>"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 },
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "ipv4": {=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "pr= otocol": 17
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= },
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "udp&qu= ot;: {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &q= uot;source-port": {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 "operator": "eq",
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "port&q= uot;: 8008
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 }
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }






=E5=8F=91=E4=BB=B6=E4=BA=BA:= =C2=A0Eliot Lear [mailto:lear@cisco.com]=C2=A0<= br>=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:= =C2=A02019=E5=B9=B47=E6=9C=881=E6=97=A5=C2=A015:52
=E6=94=B6=E4=BB=B6=E4=BA=BA:=C2=A0Qin Wu= <bill.wu@huawei.com>
= =E6=8A=84=E9=80=81:=C2=A0opsawg@ietf.org;=C2=A0mud@ietf.org
=E4= =B8=BB=E9=A2=98:=C2=A0Re: [OPSAWG] Declaring something to be a controller in MU= D
= =C2=A0
=C2=A0


On 1 Jul 2019, at 09:20, Qin Wu <bill.wu@huawei.com> wrote:<= /div>
=C2=A0
=
=E5=8F=91=E4=BB=B6=E4=BA=BA:= =C2=A0OPSAWG [mailto:opsawg-bounces@ietf= .org]=C2=A0=E4=BB=A3= =E8=A1=A8=C2=A0Eliot Lear
=E5=8F= =91=E9=80=81=E6=97=B6=E9=97=B4:=C2=A02019=E5=B9=B46=E6=9C=8824=E6=97=A5=C2=A017:48
=E6=94= =B6=E4=BB=B6=E4=BA=BA:=C2=A0opsawg@ietf.org;=C2= =A0mud@ietf.org=
=E4=B8=BB=E9=A2=98:=C2=A0[= OPSAWG] Declaring something to be a controller in MUD
=C2=A0
Hi everyone,
=C2=A0
A few of us are just trying to put out an init= ial draft that addresses one gap in MUD (there are several).=C2=A0 In a MUD= file one can say that one wants to access a controller in two ways: either= "my-controller=E2=80=9D=C2=A0<= /span>meaning a controller that services devices of a particular MUD URL or= a=C2=A0=E2=80=9Ccontroller=E2=80=9D=C2=A0class that servi= ces devices based on a particular class name of controller.
=C2=A0
= In either case, right now the administrator has to manually know and popula= te information, to say - some device 1.2.3.4 is a controller, either for MU= D URL=C2=A0https://example.com/mud=C2=A0or a class=C2= =A0htt= p://example.com/mudclass1.=C2=A0 That can be laborious.=C2=A0 To= assist, we are examining ways to have a controller declare itself as a can= didate controller.
=C2=A0
[Qin]: Since MUD in RFC8520= has already specify DNS extension and DHCP extension, why not configure MU= D manager with controller=E2=80=99s declaration? So the RESTFUL interface c= an be defined between NMS and controller, if my understanding is correct.
= I believe this is network initiated solution, you = might have client initiated solution, but probably more complicated than ne= twork initiated solution.<= /div>
= =C2=A0
Can you = say a few more words?=C2=A0 I=E2=80=99m not sure I=E2=80=99m quite followin= g you.
[Qin]: What I am suggesting is NMS preconfig= ures the MUD manager with controller=E2=80=99s declaration information, dur= ing DHCP process or DNS process, the controller=E2=80=99s declaration can b= e returned
To = the router or switch between the thing and MUD manager or return to the thi= ng, the router or the thing can access controller through controller delcla= rtion.
= =C2=A0
If the MUD man= ager also needs to be advertised to the thing, DHCP Discovery or DNS proces= s can be leveraged. In this case, NMS needs to preconfigure DHCP server wit= h MUD manager information.
=C2=A0
Eliot

=C2=A0
=C2=A0That at least provides a hin= t to the administrator that this particular device is capable of serving in= a particular role.
=C2=A0
To make that declaration, the device = must-
  • Form the declaration;
  • Find the MUD manager; and<= /span>
  • Send it.
=C2=A0=
Forming the declaration is easy: we can make this a YANG grouping a= nd then place it in various spots.
=C2=A0
<= /div>
Finding the MUD manager= depends on one question:
  • Was the device built to be a controller or = is it a general purpose device that has an app that is intended to be a con= troller?
=C2=A0
If the device was built to be a controller, we can si= mply cram the declaration into that devices own MUD file as an extension.= =C2=A0 If the device is a general purpose computer, things get a bit more i= nteresting.=C2=A0 In this case we have two choices:
=C2=A0
  • Either c= reate a MUD file that points somewhere internally - this doesn=E2=80= =99t seem very plug and play.
  • Make the declaration dir= ectly to the MUD manager.
=C2=A0
I=E2=80=99m going to focus on the latter for the moment.=C2=A0 It is easy enough = to create a RESTful interface for this purpose, but it requires a mechanism= to discovered the MUD manager, which up until now has been an internal par= t of the network infrastructure.
=C2=A0
Let me call this out plain= ly: letting the app itself directly call the MUD manager requires that the = MUD manager itself become exposed to the user infrastructure, which is a ch= ange.
=C2=A0
One possibility to address this is to incorporate the= new RESTful endpoint into an ANIMA BRSKI join registrar, which may already= be exposed.=C2=A0 But that requires that ANIMA BRSKI be in play, which it = may not.
=C2=A0
My thinking is that we do this work in two stages= .=C2=A0 First handle the easy case, which is the MUD file extension, and th= en figure out how to do the app version of this.
=
=C2=A0
Thoughts?
=C2=A0
Eliot
=C2=A0
<= /div>

--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud


--
M. = Ranganathan

<= /div>
--000000000000845370058ca31e5c-- From nobody Mon Jul 1 18:23:37 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40BBF12018B; Mon, 1 Jul 2019 18:23:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7sL09nrO-2L; Mon, 1 Jul 2019 18:23:24 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2734012009C; Mon, 1 Jul 2019 18:23:24 -0700 (PDT) Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id F14CF346A466C4943808; Tue, 2 Jul 2019 02:23:21 +0100 (IST) Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 2 Jul 2019 02:23:21 +0100 Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0415.000; Tue, 2 Jul 2019 09:22:55 +0800 From: Qin Wu To: Eliot Lear CC: "opsawg@ietf.org" , "mud@ietf.org" Thread-Topic: [OPSAWG] Declaring something to be a controller in MUD Thread-Index: AdUwcx6+mF+fALYzSn+/zG0NMumJFw== Date: Tue, 2 Jul 2019 01:22:54 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.31.203] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49BD941nkgeml513mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 01:23:27 -0000 --_000_B8F9A780D330094D99AF023C5877DABAA49BD941nkgeml513mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIEVsaW90Og0KU29ycnkgZm9yIGxhdGUsIHNlZSBteSByZXBseSBpbmxpbmUgYmVsb3cuDQoN CuWPkeS7tuS6ujogRWxpb3QgTGVhciBbbWFpbHRvOmxlYXJAY2lzY28uY29tXQ0K5Y+R6YCB5pe2 6Ze0OiAyMDE55bm0N+aciDHml6UgMTY6NDkNCuaUtuS7tuS6ujogUWluIFd1IDxiaWxsLnd1QGh1 YXdlaS5jb20+DQrmioTpgIE6IG9wc2F3Z0BpZXRmLm9yZzsgbXVkQGlldGYub3JnDQrkuLvpopg6 IFJlOiBbT1BTQVdHXSBEZWNsYXJpbmcgc29tZXRoaW5nIHRvIGJlIGEgY29udHJvbGxlciBpbiBN VUQNCg0KDQoNCg0KT24gMSBKdWwgMjAxOSwgYXQgMTA6MjMsIFFpbiBXdSA8YmlsbC53dUBodWF3 ZWkuY29tPG1haWx0bzpiaWxsLnd1QGh1YXdlaS5jb20+PiB3cm90ZToNCg0K5Y+R5Lu25Lq6OiBF bGlvdCBMZWFyIFttYWlsdG86bGVhckBjaXNjby5jb21dDQrlj5HpgIHml7bpl7Q6IDIwMTnlubQ3 5pyIMeaXpSAxNTo1Mg0K5pS25Lu25Lq6OiBRaW4gV3UgPGJpbGwud3VAaHVhd2VpLmNvbTxtYWls dG86YmlsbC53dUBodWF3ZWkuY29tPj4NCuaKhOmAgTogb3BzYXdnQGlldGYub3JnPG1haWx0bzpv cHNhd2dAaWV0Zi5vcmc+OyBtdWRAaWV0Zi5vcmc8bWFpbHRvOm11ZEBpZXRmLm9yZz4NCuS4u+mi mDogUmU6IFtPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250cm9sbGVyIGlu IE1VRA0KDQoNCg0KDQoNCk9uIDEgSnVsIDIwMTksIGF0IDA5OjIwLCBRaW4gV3UgPGJpbGwud3VA aHVhd2VpLmNvbTxtYWlsdG86YmlsbC53dUBodWF3ZWkuY29tPj4gd3JvdGU6DQoNCuWPkeS7tuS6 ujogT1BTQVdHIFttYWlsdG86b3BzYXdnLWJvdW5jZXNAaWV0Zi5vcmddIOS7o+ihqCBFbGlvdCBM ZWFyDQrlj5HpgIHml7bpl7Q6IDIwMTnlubQ25pyIMjTml6UgMTc6NDgNCuaUtuS7tuS6ujogb3Bz YXdnQGlldGYub3JnPG1haWx0bzpvcHNhd2dAaWV0Zi5vcmc+OyBtdWRAaWV0Zi5vcmc8bWFpbHRv Om11ZEBpZXRmLm9yZz4NCuS4u+mimDogW09QU0FXR10gRGVjbGFyaW5nIHNvbWV0aGluZyB0byBi ZSBhIGNvbnRyb2xsZXIgaW4gTVVEDQoNCkhpIGV2ZXJ5b25lLA0KDQpBIGZldyBvZiB1cyBhcmUg anVzdCB0cnlpbmcgdG8gcHV0IG91dCBhbiBpbml0aWFsIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIG9u ZSBnYXAgaW4gTVVEICh0aGVyZSBhcmUgc2V2ZXJhbCkuICBJbiBhIE1VRCBmaWxlIG9uZSBjYW4g c2F5IHRoYXQgb25lIHdhbnRzIHRvIGFjY2VzcyBhIGNvbnRyb2xsZXIgaW4gdHdvIHdheXM6IGVp dGhlciAibXktY29udHJvbGxlcuKAnSBtZWFuaW5nIGEgY29udHJvbGxlciB0aGF0IHNlcnZpY2Vz IGRldmljZXMgb2YgYSBwYXJ0aWN1bGFyIE1VRCBVUkwgb3IgYSDigJxjb250cm9sbGVy4oCdIGNs YXNzIHRoYXQgc2VydmljZXMgZGV2aWNlcyBiYXNlZCBvbiBhIHBhcnRpY3VsYXIgY2xhc3MgbmFt ZSBvZiBjb250cm9sbGVyLg0KDQpJbiBlaXRoZXIgY2FzZSwgcmlnaHQgbm93IHRoZSBhZG1pbmlz dHJhdG9yIGhhcyB0byBtYW51YWxseSBrbm93IGFuZCBwb3B1bGF0ZSBpbmZvcm1hdGlvbiwgdG8g c2F5IC0gc29tZSBkZXZpY2UgMS4yLjMuNCBpcyBhIGNvbnRyb2xsZXIsIGVpdGhlciBmb3IgTVVE IFVSTCBodHRwczovL2V4YW1wbGUuY29tL211ZCBvciBhIGNsYXNzIGh0dHA6Ly9leGFtcGxlLmNv bS9tdWRjbGFzczEuICBUaGF0IGNhbiBiZSBsYWJvcmlvdXMuICBUbyBhc3Npc3QsIHdlIGFyZSBl eGFtaW5pbmcgd2F5cyB0byBoYXZlIGEgY29udHJvbGxlciBkZWNsYXJlIGl0c2VsZiBhcyBhIGNh bmRpZGF0ZSBjb250cm9sbGVyLg0KDQpbUWluXTogU2luY2UgTVVEIGluIFJGQzg1MjAgaGFzIGFs cmVhZHkgc3BlY2lmeSBETlMgZXh0ZW5zaW9uIGFuZCBESENQIGV4dGVuc2lvbiwgd2h5IG5vdCBj b25maWd1cmUgTVVEIG1hbmFnZXIgd2l0aCBjb250cm9sbGVy4oCZcyBkZWNsYXJhdGlvbj8gU28g dGhlIFJFU1RGVUwgaW50ZXJmYWNlIGNhbiBiZSBkZWZpbmVkIGJldHdlZW4gTk1TIGFuZCBjb250 cm9sbGVyLCBpZiBteSB1bmRlcnN0YW5kaW5nIGlzIGNvcnJlY3QuDQpJIGJlbGlldmUgdGhpcyBp cyBuZXR3b3JrIGluaXRpYXRlZCBzb2x1dGlvbiwgeW91IG1pZ2h0IGhhdmUgY2xpZW50IGluaXRp YXRlZCBzb2x1dGlvbiwgYnV0IHByb2JhYmx5IG1vcmUgY29tcGxpY2F0ZWQgdGhhbiBuZXR3b3Jr IGluaXRpYXRlZCBzb2x1dGlvbi4NCg0KQ2FuIHlvdSBzYXkgYSBmZXcgbW9yZSB3b3Jkcz8gIEni gJltIG5vdCBzdXJlIEnigJltIHF1aXRlIGZvbGxvd2luZyB5b3UuDQpbUWluXTogV2hhdCBJIGFt IHN1Z2dlc3RpbmcgaXMgTk1TIHByZWNvbmZpZ3VyZXMgdGhlIE1VRCBtYW5hZ2VyIHdpdGggY29u dHJvbGxlcuKAmXMgZGVjbGFyYXRpb24gaW5mb3JtYXRpb24sIGR1cmluZyBESENQIHByb2Nlc3Mg b3IgRE5TIHByb2Nlc3MsIHRoZSBjb250cm9sbGVy4oCZcyBkZWNsYXJhdGlvbiBjYW4gYmUgcmV0 dXJuZWQNClRvIHRoZSByb3V0ZXIgb3Igc3dpdGNoIGJldHdlZW4gdGhlIHRoaW5nIGFuZCBNVUQg bWFuYWdlciBvciByZXR1cm4gdG8gdGhlIHRoaW5nLCB0aGUgcm91dGVyIG9yIHRoZSB0aGluZyBj YW4gYWNjZXNzIGNvbnRyb2xsZXIgdGhyb3VnaCBjb250cm9sbGVyIGRlbGNsYXJ0aW9uLg0KDQpJ ZiB0aGUgTVVEIG1hbmFnZXIgYWxzbyBuZWVkcyB0byBiZSBhZHZlcnRpc2VkIHRvIHRoZSB0aGlu ZywgREhDUCBEaXNjb3Zlcnkgb3IgRE5TIHByb2Nlc3MgY2FuIGJlIGxldmVyYWdlZC4gSW4gdGhp cyBjYXNlLCBOTVMgbmVlZHMgdG8gcHJlY29uZmlndXJlIERIQ1Agc2VydmVyIHdpdGggTVVEIG1h bmFnZXIgaW5mb3JtYXRpb24uDQoNCkkgYXBvbG9naXplLCBidXQgSeKAmW0gbm90IHF1aXRlIGZv bGxvd2luZy4gIExldOKAmXMgc3RlcCB0aHJvdWdoIHdoYXQgSeKAmW0gdHJ5aW5nIHRvIHNvbHZl LCBhbmQgdGhlbiBsZXTigJlzIHN0ZXAgdGhyb3VnaCB5b3VyIGZsb3cuDQoNCg0KRGV2aWNlIHNl bmRzIGEgTVVEIFVSTCBYIHRoYXQgcG9pbnRzIHRvIGEgTVVEIGZpbGUgdGhhdCBzYXlzIHRvIHBl cm1pdCBpcCBhY2Nlc3MgdG8gbXktY29udHJvbGxlci4NCg0KTm93LSBob3cgZG8gd2UgZGV0ZXJt aW5lIHdobyDigJxteS1jb250cm9sbGVy4oCdIGZvciBNVUQgVVJMIFggaXM/DQoNCldheXMgdG8g ZG8gdGhhdDoNCg0KICAqICAgQXNrIHRoZSBhZG1pbmlzdHJhdG9yIChwcmUtY29uZmlndXJhdGlv bikNCiAgKiAgIFByb3ZpZGUgdGhlIGFkbWluaXN0cmF0b3IgaGludHMNCg0KICAgICAqICAgQ29u dHJvbGxlciBzYXlzIHdobyBpdCBjYW4gY29udHJvbCAoYnkgTVVEIFVSTHMsIGV0Yykgb3INCiAg ICAgKiAgIERldmljZSBzYXlzIHdoaWNoIGNvbnRyb2xsZXJzIChieSBNVUQgVVJMKSBhcmUgZ29v ZCBjYW5kaWRhdGVzDQoNCiAgKiAgIE90aGVyDQpbUWluXTogTXkgc2ltcGx5IHByb3Bvc2FsIGlz IHRvIGFzc3VtZSBOTVMga25vd3Mgd2hvIOKAnG15LWNvbnRyb2xsZXLigJ1mb3IgTVVEIFVSTCBY IGlzIGluIGFkdmFuY2Ugb3IgTk1TIGhhcyBhbHJlYWR5IHNlbGVjdCBhIGxpc3Qgb2YgbXktY29u dHJvbGxlciBkZXZpY2VzIGNvcnJlc3BvbmRpbmcgdG8gTVVEIFVSTCBmb3IgdGhlIHRoaW5nLiBT byBOTVMgY2FuIHByZWNvbmZpZ3VyZSBESENQIHNlcnZlciB3aXRoIG15LWNvbnRyb2xsZXIgaWRl bnRpdHkuDQpEdXJpbmcgREhDUCBwcm9jZXNzLCBpdCBjYW4gcmV0dXJuIE1VRCBVUkwgdG9nZXRo ZXIgd2l0aCBteS1jb250cm9sbGVyIGlkZW50aXR5Lg0KVGhpcyBpcyBjZW50cmFsaXplZCBzb2x1 dGlvbiBjb21wYXJpbmcgd2l0aCB5b3VyIHNlY29uZCBvcHRpb246IHByb3ZpZGUgYWRtaW5pc3Ry YXRvciBoaW50cy4NCldoYXQgeW91IHByb3Bvc2UgaW4gdGhlIHNlY29uZCBvcHRpb24gaXMgZGlz dHJpYnV0ZWQgc29sdXRpb24sIGFsbG93IGNvbnRyb2xsZXIgYW5kIGRldmljZSB0byBkaXNjb3Zl ciBlYWNoIG90aGVyLg0KDQpJZiBpdOKAmXMgdGhlIGNvbnRyb2xsZXIsIHRoZW4gd2UgY2FuIGRv IGEgUkVTVGZ1bCBpbnRlcmZhY2UuICBJZiBpdOKAmXMgdGhlIGRldmljZSwgd2UgYWxyZWFkeSBo YXZlIGEgY29tbXVuaWNhdGlvbiBwYXRoLg0KDQoNCk5vdGhpbmcgc3RvcHMgdXMgZnJvbSBkb2lu ZyBib3RoLg0KW1Fpbl06IEkgYW0gbm90IHN1cmUgeW91IG5lZWQgdG8gZG8gYm90aCwgZWl0aGVy IGNvbnRyb2xsZXIgZGV2aWNlIHRlbGwgdGhlIHRoaW5nIEkgYW0gY29udHJvbGxlciBvciBkZXZp Y2UgZGlzY292ZXIgb25lIGRldmljZSBjYW4gc2VydmVyIGFzIGNvbnRyb2xsZXIuDQpTbyBub3cg aW5zZXJ0IHlvdXIgYXBwcm9hY2guICBXaGF0IHN0ZXBzIHdvdWxkIHlvdSB0YWtlPw0KDQpFbGlv dA0KDQoNCg0KDQpFbGlvdA0KDQoNCg0KIFRoYXQgYXQgbGVhc3QgcHJvdmlkZXMgYSBoaW50IHRv IHRoZSBhZG1pbmlzdHJhdG9yIHRoYXQgdGhpcyBwYXJ0aWN1bGFyIGRldmljZSBpcyBjYXBhYmxl IG9mIHNlcnZpbmcgaW4gYSBwYXJ0aWN1bGFyIHJvbGUuDQoNClRvIG1ha2UgdGhhdCBkZWNsYXJh dGlvbiwgdGhlIGRldmljZSBtdXN0LQ0KDQogICogICBGb3JtIHRoZSBkZWNsYXJhdGlvbjsNCiAg KiAgIEZpbmQgdGhlIE1VRCBtYW5hZ2VyOyBhbmQNCiAgKiAgIFNlbmQgaXQuDQoNCkZvcm1pbmcg dGhlIGRlY2xhcmF0aW9uIGlzIGVhc3k6IHdlIGNhbiBtYWtlIHRoaXMgYSBZQU5HIGdyb3VwaW5n IGFuZCB0aGVuIHBsYWNlIGl0IGluIHZhcmlvdXMgc3BvdHMuDQoNCkZpbmRpbmcgdGhlIE1VRCBt YW5hZ2VyIGRlcGVuZHMgb24gb25lIHF1ZXN0aW9uOg0KDQogICogICBXYXMgdGhlIGRldmljZSBi dWlsdCB0byBiZSBhIGNvbnRyb2xsZXIgb3IgaXMgaXQgYSBnZW5lcmFsIHB1cnBvc2UgZGV2aWNl IHRoYXQgaGFzIGFuIGFwcCB0aGF0IGlzIGludGVuZGVkIHRvIGJlIGEgY29udHJvbGxlcj8NCg0K SWYgdGhlIGRldmljZSB3YXMgYnVpbHQgdG8gYmUgYSBjb250cm9sbGVyLCB3ZSBjYW4gc2ltcGx5 IGNyYW0gdGhlIGRlY2xhcmF0aW9uIGludG8gdGhhdCBkZXZpY2VzIG93biBNVUQgZmlsZSBhcyBh biBleHRlbnNpb24uICBJZiB0aGUgZGV2aWNlIGlzIGEgZ2VuZXJhbCBwdXJwb3NlIGNvbXB1dGVy LCB0aGluZ3MgZ2V0IGEgYml0IG1vcmUgaW50ZXJlc3RpbmcuICBJbiB0aGlzIGNhc2Ugd2UgaGF2 ZSB0d28gY2hvaWNlczoNCg0KDQogICogICBFaXRoZXIgY3JlYXRlIGEgTVVEIGZpbGUgdGhhdCBw b2ludHMgc29tZXdoZXJlIGludGVybmFsbHkgLSB0aGlzIGRvZXNu4oCZdCBzZWVtIHZlcnkgcGx1 ZyBhbmQgcGxheS4NCiAgKiAgIE1ha2UgdGhlIGRlY2xhcmF0aW9uIGRpcmVjdGx5IHRvIHRoZSBN VUQgbWFuYWdlci4NCg0KSeKAmW0gZ29pbmcgdG8gZm9jdXMgb24gdGhlIGxhdHRlciBmb3IgdGhl IG1vbWVudC4gIEl0IGlzIGVhc3kgZW5vdWdoIHRvIGNyZWF0ZSBhIFJFU1RmdWwgaW50ZXJmYWNl IGZvciB0aGlzIHB1cnBvc2UsIGJ1dCBpdCByZXF1aXJlcyBhIG1lY2hhbmlzbSB0byBkaXNjb3Zl cmVkIHRoZSBNVUQgbWFuYWdlciwgd2hpY2ggdXAgdW50aWwgbm93IGhhcyBiZWVuIGFuIGludGVy bmFsIHBhcnQgb2YgdGhlIG5ldHdvcmsgaW5mcmFzdHJ1Y3R1cmUuDQoNCkxldCBtZSBjYWxsIHRo aXMgb3V0IHBsYWlubHk6IGxldHRpbmcgdGhlIGFwcCBpdHNlbGYgZGlyZWN0bHkgY2FsbCB0aGUg TVVEIG1hbmFnZXIgcmVxdWlyZXMgdGhhdCB0aGUgTVVEIG1hbmFnZXIgaXRzZWxmIGJlY29tZSBl eHBvc2VkIHRvIHRoZSB1c2VyIGluZnJhc3RydWN0dXJlLCB3aGljaCBpcyBhIGNoYW5nZS4NCg0K T25lIHBvc3NpYmlsaXR5IHRvIGFkZHJlc3MgdGhpcyBpcyB0byBpbmNvcnBvcmF0ZSB0aGUgbmV3 IFJFU1RmdWwgZW5kcG9pbnQgaW50byBhbiBBTklNQSBCUlNLSSBqb2luIHJlZ2lzdHJhciwgd2hp Y2ggbWF5IGFscmVhZHkgYmUgZXhwb3NlZC4gIEJ1dCB0aGF0IHJlcXVpcmVzIHRoYXQgQU5JTUEg QlJTS0kgYmUgaW4gcGxheSwgd2hpY2ggaXQgbWF5IG5vdC4NCg0KTXkgdGhpbmtpbmcgaXMgdGhh dCB3ZSBkbyB0aGlzIHdvcmsgaW4gdHdvIHN0YWdlcy4gIEZpcnN0IGhhbmRsZSB0aGUgZWFzeSBj YXNlLCB3aGljaCBpcyB0aGUgTVVEIGZpbGUgZXh0ZW5zaW9uLCBhbmQgdGhlbiBmaWd1cmUgb3V0 IGhvdyB0byBkbyB0aGUgYXBwIHZlcnNpb24gb2YgdGhpcy4NCg0KVGhvdWdodHM/DQoNCkVsaW90 DQoNCg0K --_000_B8F9A780D330094D99AF023C5877DABAA49BD941nkgeml513mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTrlrovkvZM7DQoJcGFub3NlLTE6MiAxIDYgMCAz IDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0K CXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls eTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk65b6u6L2v6ZuF6buROw0KCXBhbm9zZS0xOjIgMTEgNSAzIDIgMiA0IDIg MiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxA5a6L5L2TIjsNCglwYW5vc2UtMToy IDEgNiAwIDMgMSAxIDEgMSAxO30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxA5b6u6L2v 6ZuF6buRIjsNCglwYW5vc2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQovKiBTdHlsZSBEZWZp bml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXtt YXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0K CWZvbnQtZmFtaWx5OuWui+S9kzt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp bmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQpzcGFuLmFwcGxlLWNvbnZlcnRlZC1zcGFjZQ0KCXttc28tc3R5bGUtbmFtZTphcHBsZS1jb252 ZXJ0ZWQtc3BhY2U7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29u YWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFG NDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglm b250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzky LjBwdDsNCgltYXJnaW46NzIuMHB0IDkwLjBwdCA3Mi4wcHQgOTAuMHB0O30NCmRpdi5Xb3JkU2Vj dGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxp c3QgbDANCgl7bXNvLWxpc3QtaWQ6NjE0OTQ2OTg1Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczo3 NTAyNjE3MTA7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlz dCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMw0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3Rv cDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3lt Ym9sO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGww OmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1s ZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u dC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoy ODguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot MTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9s O30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxDQoJ e21zby1saXN0LWlkOjgwNzg2MzEzMjsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6MzkwNjIzMjQy O30NCkBsaXN0IGwxOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNvLWxl dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFu c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2 ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpv Ow0KCW1zby1sZXZlbC10YWItc3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJU aW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDox MDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot MTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rp bmdzO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0 IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNg0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K CW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwt bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10 YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyODgu MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz O30NCkBsaXN0IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwy DQoJe21zby1saXN0LWlkOjg1NDAwMzA1MTsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTI5NDUx NDM4Njt9DQpAbGlzdCBsMjpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwy OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28tYmlkaS1mb250LWZhbWls eToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMjpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldp bmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs bGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTQ0LjBwdDsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpA bGlzdCBsMjpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1m b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZl bDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDcNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldpbmdk aW5nczt9DQpAbGlzdCBsMjpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlz dCBsMw0KCXttc28tbGlzdC1pZDoxMDAwMTU2MjE1Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczot NzY3NzY0NTM4O30NCkBsaXN0IGwzOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7 DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp c3QgbDM6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250 LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDMNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5 bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs MzpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDcNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZv bnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMzpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJv bDt9DQpAbGlzdCBsMzpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28t YW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNA0K CXttc28tbGlzdC1pZDoxMDUxMjI3ODg3Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMzE3NDA4 OTQwO30NCkBsaXN0IGw0OmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDQ6 bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4 dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6 MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNDpsZXZlbDMNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt ZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTQ0 LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4 LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9 DQpAbGlzdCBsNDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z by1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5z aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNDpsZXZl bDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C tzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu MHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsNDpsZXZlbDcNCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt aWx5OlN5bWJvbDt9DQpAbGlzdCBsNDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6 YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mjg4LjBw dDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBw dDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpA bGlzdCBsNDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1m b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpvbA0KCXttYXJnaW4tYm90 dG9tOjBjbTt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBjbTt9DQotLT48L3N0eWxlPjwhLS1baWYg Z3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0i MTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86 c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEi IC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJaSC1DTiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3Jk U2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj5IaSwgRWxpb3Q6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0 OTdEIj5Tb3JyeSBmb3IgbGF0ZSwgc2VlIG15IHJlcGx5IGlubGluZSBiZWxvdy48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+ DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7 cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5Em cXVvdDssc2Fucy1zZXJpZiI+5Y+R5Lu25Lq6PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9z cGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPiBFbGlvdCBMZWFyIFtt YWlsdG86bGVhckBjaXNjby5jb21dDQo8YnI+DQo8L3NwYW4+PGI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2Vy aWYiPuWPkemAgeaXtumXtDxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvc3Bhbj48L2I+PHNw YW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj4gMjAxOTwvc3Bhbj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fu cy1zZXJpZiI+5bm0PHNwYW4gbGFuZz0iRU4tVVMiPjc8L3NwYW4+5pyIPHNwYW4gbGFuZz0iRU4t VVMiPjE8L3NwYW4+5pelPHNwYW4gbGFuZz0iRU4tVVMiPg0KIDE2OjQ5PGJyPg0KPC9zcGFuPjxi PuaUtuS7tuS6ujxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1V UyI+IFFpbiBXdSAmbHQ7YmlsbC53dUBodWF3ZWkuY29tJmd0Ozxicj4NCjwvc3Bhbj48Yj7mioTp gIE8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBvcHNh d2dAaWV0Zi5vcmc7IG11ZEBpZXRmLm9yZzxicj4NCjwvc3Bhbj48Yj7kuLvpopg8c3BhbiBsYW5n PSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBSZTogW09QU0FXR10gRGVj bGFyaW5nIHNvbWV0aGluZyB0byBiZSBhIGNvbnRyb2xsZXIgaW4gTVVEPG86cD48L286cD48L3Nw YW4+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxi cj4NCjxicj4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJn aW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5PbiAxIEp1bCAyMDE5LCBhdCAxMDoyMywgUWluIFd1 ICZsdDs8YSBocmVmPSJtYWlsdG86YmlsbC53dUBodWF3ZWkuY29tIj5iaWxsLnd1QGh1YXdlaS5j b208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5z LXNlcmlmIj7lj5Hku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxz cGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDss c2Fucy1zZXJpZiI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNh bnMtc2VyaWYiPkVsaW90DQogTGVhciBbPGEgaHJlZj0ibWFpbHRvOmxlYXJAY2lzY28uY29tIj48 c3BhbiBzdHlsZT0iY29sb3I6cHVycGxlIj5tYWlsdG86bGVhckBjaXNjby5jb208L3NwYW4+PC9h Pl08c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PGJyPg0K PC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lj5HpgIHml7bpl7Q8c3BhbiBsYW5nPSJF Ti1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3Bh Y2UiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+Jm5ic3A7PC9zcGFuPjwvc3Bh bj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPjIwMTk8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7 LHNhbnMtc2VyaWYiPuW5tDxzcGFuIGxhbmc9IkVOLVVTIj43PC9zcGFuPuaciDxzcGFuIGxhbmc9 IkVOLVVTIj4xPC9zcGFuPuaXpTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj4x NTo1Mjxicj4NCjwvc3Bhbj48Yj7mlLbku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48 L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMi PiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPlFpbiBXdSAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmJpbGwud3VAaHVhd2VpLmNvbSI+PHNwYW4gc3R5bGU9ImNvbG9yOnB1cnBsZSI+ YmlsbC53dUBodWF3ZWkuY29tPC9zcGFuPjwvYT4mZ3Q7PGJyPg0KPC9zcGFuPjxiPuaKhOmAgTxz cGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVk LXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5n PSJFTi1VUyI+PGEgaHJlZj0ibWFpbHRvOm9wc2F3Z0BpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNv bG9yOnB1cnBsZSI+b3BzYXdnQGlldGYub3JnPC9zcGFuPjwvYT47PHNwYW4gY2xhc3M9ImFwcGxl LWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzptdWRAaWV0Zi5v cmciPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPm11ZEBpZXRmLm9yZzwvc3Bhbj48L2E+PGJy Pg0KPC9zcGFuPjxiPuS4u+mimDxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBj bGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9z cGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+UmU6IFtPUFNBV0ddIERlY2xhcmluZyBzb21l dGhpbmcgdG8gYmUgYSBjb250cm9sbGVyIGluIE1VRDwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0i RU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48YnI+DQo8YnI+DQo8YnI+DQo8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9w OjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+T24gMSBKdWwgMjAxOSwgYXQgMDk6MjAsIFFpbiBX dSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmJpbGwud3VAaHVhd2VpLmNvbSI+PHNwYW4gc3R5bGU9ImNv bG9yOnB1cnBsZSI+YmlsbC53dUBodWF3ZWkuY29tPC9zcGFuPjwvYT4mZ3Q7IHdyb3RlOjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1 b3Q7LHNhbnMtc2VyaWYiPuWPkeS7tuS6ujxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvc3Bh bj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7 kSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVT IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5Em cXVvdDssc2Fucy1zZXJpZiI+T1BTQVdHDQogWzxhIGhyZWY9Im1haWx0bzpvcHNhd2ctYm91bmNl c0BpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOnB1cnBsZSI+bWFpbHRvOm9wc2F3Zy1ib3Vu Y2VzQGlldGYub3JnPC9zcGFuPjwvYT5dPHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFj ZSI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Luj6KGoPHNw YW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw Ozwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2Vy aWYiPkVsaW90DQogTGVhcjxicj4NCjwvc3Bhbj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R 6YCB5pe26Ze0PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBjbGFz cz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2Vy aWYiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlm Ij4yMDE5PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lubQ8c3BhbiBsYW5nPSJFTi1VUyI+ Njwvc3Bhbj7mnIg8c3BhbiBsYW5nPSJFTi1VUyI+MjQ8L3NwYW4+5pelPHNwYW4gY2xhc3M9ImFw cGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3Nw YW4+PHNwYW4gbGFuZz0iRU4tVVMiPjE3OjQ4PGJyPg0KPC9zcGFuPjxiPuaUtuS7tuS6ujxzcGFu IGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNw YWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJF Ti1VUyI+PGEgaHJlZj0ibWFpbHRvOm9wc2F3Z0BpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9y OnB1cnBsZSI+b3BzYXdnQGlldGYub3JnPC9zcGFuPjwvYT47PHNwYW4gY2xhc3M9ImFwcGxlLWNv bnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzptdWRAaWV0Zi5vcmci PjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPm11ZEBpZXRmLm9yZzwvc3Bhbj48L2E+PGJyPg0K PC9zcGFuPjxiPuS4u+mimDxzcGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvYj48c3BhbiBjbGFz cz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFu Pjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+W09QU0FXR10gRGVjbGFyaW5nIHNvbWV0aGluZyB0 byBiZSBhIGNvbnRyb2xsZXIgaW4gTVVEPC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5IaSBldmVyeW9uZSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5BIGZldyBvZiB1cyBhcmUganVzdCB0cnlpbmcgdG8gcHV0 IG91dCBhbiBpbml0aWFsIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIG9uZSBnYXAgaW4gTVVEICh0aGVy ZSBhcmUgc2V2ZXJhbCkuICZuYnNwO0luIGEgTVVEIGZpbGUgb25lIGNhbiBzYXkgdGhhdCBvbmUg d2FudHMgdG8gYWNjZXNzIGEgY29udHJvbGxlciBpbiB0d28gd2F5czogZWl0aGVyICZxdW90O215 LWNvbnRyb2xsZXI8L3NwYW4+4oCdPHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMi Pm1lYW5pbmcNCiBhIGNvbnRyb2xsZXIgdGhhdCBzZXJ2aWNlcyBkZXZpY2VzIG9mIGEgcGFydGlj dWxhciBNVUQgVVJMIG9yIGE8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJz cDs8L3NwYW4+PC9zcGFuPuKAnDxzcGFuIGxhbmc9IkVOLVVTIj5jb250cm9sbGVyPC9zcGFuPuKA nTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj5jbGFzcyB0aGF0IHNlcnZpY2Vz DQogZGV2aWNlcyBiYXNlZCBvbiBhIHBhcnRpY3VsYXIgY2xhc3MgbmFtZSBvZiBjb250cm9sbGVy LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJz cDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0K PGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SW4g ZWl0aGVyIGNhc2UsIHJpZ2h0IG5vdyB0aGUgYWRtaW5pc3RyYXRvciBoYXMgdG8gbWFudWFsbHkg a25vdyBhbmQgcG9wdWxhdGUgaW5mb3JtYXRpb24sIHRvIHNheSAtIHNvbWUgZGV2aWNlIDEuMi4z LjQgaXMgYSBjb250cm9sbGVyLCBlaXRoZXIgZm9yIE1VRCBVUkw8c3BhbiBjbGFzcz0iYXBwbGUt Y29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PGEgaHJlZj0iaHR0cHM6Ly9leGFtcGxlLmNv bS9tdWQiPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPmh0dHBzOi8vZXhhbXBsZS5jb20vbXVk PC9zcGFuPjwvYT4mbmJzcDtvcg0KIGEgY2xhc3M8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVk LXNwYWNlIj4mbmJzcDs8L3NwYW4+PGEgaHJlZj0iaHR0cDovL2V4YW1wbGUuY29tL211ZGNsYXNz MSI+PHNwYW4gc3R5bGU9ImNvbG9yOnB1cnBsZSI+aHR0cDovL2V4YW1wbGUuY29tL211ZGNsYXNz MTwvc3Bhbj48L2E+LiAmbmJzcDtUaGF0IGNhbiBiZSBsYWJvcmlvdXMuICZuYnNwO1RvIGFzc2lz dCwgd2UgYXJlIGV4YW1pbmluZyB3YXlzIHRvIGhhdmUgYSBjb250cm9sbGVyIGRlY2xhcmUgaXRz ZWxmIGFzIGENCiBjYW5kaWRhdGUgY29udHJvbGxlci48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBs YW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm b250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMUY0OTdEIj5bUWluXTogU2luY2UgTVVEIGluIFJGQzg1MjAgaGFzIGFscmVhZHkg c3BlY2lmeSBETlMgZXh0ZW5zaW9uIGFuZCBESENQIGV4dGVuc2lvbiwgd2h5IG5vdCBjb25maWd1 cmUgTVVEIG1hbmFnZXIgd2l0aCBjb250cm9sbGVy4oCZcyBkZWNsYXJhdGlvbj8gU28NCiB0aGUg UkVTVEZVTCBpbnRlcmZhY2UgY2FuIGJlIGRlZmluZWQgYmV0d2VlbiBOTVMgYW5kIGNvbnRyb2xs ZXIsIGlmIG15IHVuZGVyc3RhbmRpbmcgaXMgY29ycmVjdC48L3NwYW4+PHNwYW4gbGFuZz0iRU4t VVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 IzFGNDk3RCI+SSBiZWxpZXZlIHRoaXMgaXMgbmV0d29yayBpbml0aWF0ZWQgc29sdXRpb24sIHlv dSBtaWdodCBoYXZlIGNsaWVudCBpbml0aWF0ZWQgc29sdXRpb24sIGJ1dCBwcm9iYWJseSBtb3Jl IGNvbXBsaWNhdGVkIHRoYW4gbmV0d29yayBpbml0aWF0ZWQgc29sdXRpb24uPC9zcGFuPjxzcGFu IGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPkNhbiB5b3Ugc2F5IGEgZmV3IG1vcmUgd29yZHM/ICZuYnNwO0k8L3NwYW4+4oCZPHNwYW4g bGFuZz0iRU4tVVMiPm0gbm90IHN1cmUgSTwvc3Bhbj7igJk8c3BhbiBsYW5nPSJFTi1VUyI+bSBx dWl0ZSBmb2xsb3dpbmcgeW91LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+W1Fpbl06IFdoYXQgSSBhbSBzdWdnZXN0aW5nIGlzIE5NUyBw cmVjb25maWd1cmVzIHRoZSBNVUQgbWFuYWdlciB3aXRoIGNvbnRyb2xsZXI8L3NwYW4+PHNwYW4g c3R5bGU9ImNvbG9yOiMxRjQ5N0QiPuKAmTxzcGFuIGxhbmc9IkVOLVVTIj5zIGRlY2xhcmF0aW9u IGluZm9ybWF0aW9uLCBkdXJpbmcgREhDUCBwcm9jZXNzIG9yIEROUyBwcm9jZXNzLA0KIHRoZSBj b250cm9sbGVyPC9zcGFuPuKAmTxzcGFuIGxhbmc9IkVOLVVTIj5zIGRlY2xhcmF0aW9uIGNhbiBi ZSByZXR1cm5lZDwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+VG8gdGhlIHJvdXRlciBvciBzd2l0Y2gg YmV0d2VlbiB0aGUgdGhpbmcgYW5kIE1VRCBtYW5hZ2VyIG9yIHJldHVybiB0byB0aGUgdGhpbmcs IHRoZSByb3V0ZXIgb3IgdGhlIHRoaW5nIGNhbiBhY2Nlc3MgY29udHJvbGxlciB0aHJvdWdoIGNv bnRyb2xsZXINCiBkZWxjbGFydGlvbi48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFu IGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5 N0QiPklmIHRoZSBNVUQgbWFuYWdlciBhbHNvIG5lZWRzIHRvIGJlIGFkdmVydGlzZWQgdG8gdGhl IHRoaW5nLCBESENQIERpc2NvdmVyeSBvciBETlMgcHJvY2VzcyBjYW4gYmUgbGV2ZXJhZ2VkLiBJ biB0aGlzIGNhc2UsIE5NUyBuZWVkcyB0byBwcmVjb25maWd1cmUNCiBESENQIHNlcnZlciB3aXRo IE1VRCBtYW5hZ2VyIGluZm9ybWF0aW9uLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj5JIGFwb2xvZ2l6ZSwgYnV0IEnigJltIG5vdCBxdWl0ZSBmb2xsb3dpbmcuICZu YnNwO0xldOKAmXMgc3RlcCB0aHJvdWdoIHdoYXQgSeKAmW0gdHJ5aW5nIHRvIHNvbHZlLCBhbmQg dGhlbiBsZXTigJlzIHN0ZXAgdGhyb3VnaCB5b3VyIGZsb3cuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ RGV2aWNlIHNlbmRzIGEgTVVEIFVSTCBYIHRoYXQgcG9pbnRzIHRvIGEgTVVEIGZpbGUgdGhhdCBz YXlzIHRvIHBlcm1pdCBpcCBhY2Nlc3MgdG8gbXktY29udHJvbGxlci48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPk5vdy0gaG93IGRvIHdlIGRldGVybWlu ZSB3aG8g4oCcbXktY29udHJvbGxlcuKAnSBmb3IgTVVEIFVSTCBYIGlzPzxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+V2F5cyB0byBkbyB0aGF0OjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjx1bCB0eXBlPSJkaXNjIj4NCjxsaSBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDIgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gbGFuZz0i RU4tVVMiPkFzayB0aGUgYWRtaW5pc3RyYXRvciAocHJlLWNvbmZpZ3VyYXRpb24pPG86cD48L286 cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwyIGxldmVsMSBs Zm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5Qcm92aWRlIHRoZSBhZG1pbmlzdHJhdG9yIGhpbnRz PG86cD48L286cD48L3NwYW4+PC9saT48L3VsPg0KPHVsIHR5cGU9ImRpc2MiPg0KPHVsIHR5cGU9 ImNpcmNsZSI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwyIGxldmVsMiBsZm8x Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIj5Db250cm9sbGVyIHNheXMgd2hvIGl0IGNhbiBjb250cm9s IChieSBNVUQgVVJMcywgZXRjKSBvcjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0bzttc28tbGlzdDpsMiBsZXZlbDIgbGZvMSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+ RGV2aWNlIHNheXMgd2hpY2ggY29udHJvbGxlcnMgKGJ5IE1VRCBVUkwpIGFyZSBnb29kIGNhbmRp ZGF0ZXM8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8L3VsPg0KPHVsIHR5cGU9ImRpc2Mi Pg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+DQo8c3Bh biBsYW5nPSJFTi1VUyI+T3RoZXI8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj5bUWluXTogTXkgc2ltcGx5IHByb3Bvc2FsIGlzIHRvIGFzc3VtZSBOTVMga25vd3Mgd2hv IOKAnG15LWNvbnRyb2xsZXLigJ1mb3IgTVVEIFVSTCBYIGlzIGluIGFkdmFuY2Ugb3IgTk1TIGhh cyBhbHJlYWR5IHNlbGVjdCBhIGxpc3Qgb2YgbXktY29udHJvbGxlciBkZXZpY2VzIGNvcnJlc3Bv bmRpbmcgdG8gTVVEIFVSTCBmb3IgdGhlIHRoaW5nLiBTbw0KIE5NUyBjYW4gcHJlY29uZmlndXJl IERIQ1Agc2VydmVyIHdpdGggbXktY29udHJvbGxlciBpZGVudGl0eS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPkR1cmluZyBESENQIHByb2Nlc3MsIGl0IGNhbiByZXR1cm4gTVVEIFVSTCB0 b2dldGhlciB3aXRoIG15LWNvbnRyb2xsZXIgaWRlbnRpdHkuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJjb2xvcjoj MUY0OTdEIj5UaGlzIGlzIGNlbnRyYWxpemVkIHNvbHV0aW9uIGNvbXBhcmluZyB3aXRoIHlvdXIg c2Vjb25kIG9wdGlvbjogcHJvdmlkZSBhZG1pbmlzdHJhdG9yIGhpbnRzLjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Y29sb3I6IzFGNDk3RCI+V2hhdCB5b3UgcHJvcG9zZSBpbiB0aGUgc2Vjb25kIG9wdGlvbiBpcyBk aXN0cmlidXRlZCBzb2x1dGlvbiwgYWxsb3cgY29udHJvbGxlciBhbmQgZGV2aWNlIHRvIGRpc2Nv dmVyIGVhY2ggb3RoZXIuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyI+SWYgaXTigJlzIHRoZSBjb250cm9sbGVyLCB0aGVuIHdlIGNhbiBk byBhIFJFU1RmdWwgaW50ZXJmYWNlLiAmbmJzcDtJZiBpdOKAmXMgdGhlIGRldmljZSwgd2UgYWxy ZWFkeSBoYXZlIGEgY29tbXVuaWNhdGlvbiBwYXRoLiAmbmJzcDs8c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+PG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Tm90aGluZyBzdG9wcyB1 cyBmcm9tIGRvaW5nIGJvdGguPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj5bUWluXTogSSBhbSBub3Qgc3VyZSB5b3UgbmVlZCB0byBkbyBib3RoLCBlaXRoZXIgY29u dHJvbGxlciBkZXZpY2UgdGVsbCB0aGUgdGhpbmcgSSBhbSBjb250cm9sbGVyIG9yIGRldmljZSBk aXNjb3ZlciBvbmUgZGV2aWNlIGNhbiBzZXJ2ZXIgYXMgY29udHJvbGxlci48L3NwYW4+PHNwYW4g bGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5TbyBub3cgaW5zZXJ0IHlvdXIgYXBw cm9hY2guICZuYnNwO1doYXQgc3RlcHMgd291bGQgeW91IHRha2U/PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5FbGlvdDxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVT Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGJs b2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8 ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1V UyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkVsaW90PGJyPg0KPGJyPg0K PGJyPg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0i bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPGRp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwO1RoYXQgYXQgbGVhc3QgcHJvdmlk ZXMgYSBoaW50IHRvIHRoZSBhZG1pbmlzdHJhdG9yIHRoYXQgdGhpcyBwYXJ0aWN1bGFyIGRldmlj ZSBpcyBjYXBhYmxlIG9mIHNlcnZpbmcgaW4gYSBwYXJ0aWN1bGFyIHJvbGUuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UbyBtYWtlIHRoYXQgZGVj bGFyYXRpb24sIHRoZSBkZXZpY2UgbXVzdC08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBjbSIgdHlwZT0i ZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwwIGxldmVsMSBs Zm8zIj48c3BhbiBsYW5nPSJFTi1VUyI+Rm9ybSB0aGUgZGVjbGFyYXRpb247PG86cD48L286cD48 L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwwIGxldmVs MSBsZm8zIj48c3BhbiBsYW5nPSJFTi1VUyI+RmluZCB0aGUgTVVEIG1hbmFnZXI7IGFuZDxvOnA+ PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDps MCBsZXZlbDEgbGZvMyI+PHNwYW4gbGFuZz0iRU4tVVMiPlNlbmQgaXQuPG86cD48L286cD48L3Nw YW4+PC9saT48L3VsPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkZvcm1pbmcgdGhlIGRlY2xhcmF0aW9uIGlzIGVh c3k6IHdlIGNhbiBtYWtlIHRoaXMgYSBZQU5HIGdyb3VwaW5nIGFuZCB0aGVuIHBsYWNlIGl0IGlu IHZhcmlvdXMgc3BvdHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj5GaW5kaW5nIHRoZSBNVUQgbWFuYWdlciBkZXBlbmRzIG9uIG9uZSBxdWVzdGlv bjo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0K PHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBjbSIgdHlwZT0iZGlzYyI+DQo8bGkgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1saXN0Omw0IGxldmVsMSBsZm80Ij48c3BhbiBsYW5nPSJFTi1VUyI+ V2FzIHRoZSBkZXZpY2UgYnVpbHQgdG8gYmUgYSBjb250cm9sbGVyIG9yIGlzIGl0IGEgZ2VuZXJh bCBwdXJwb3NlIGRldmljZSB0aGF0IGhhcyBhbiBhcHAgdGhhdCBpcyBpbnRlbmRlZCB0byBiZSBh IGNvbnRyb2xsZXI/PG86cD48L286cD48L3NwYW4+PC9saT48L3VsPg0KPGRpdj4NCjxkaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4N CjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPklm IHRoZSBkZXZpY2Ugd2FzIGJ1aWx0IHRvIGJlIGEgY29udHJvbGxlciwgd2UgY2FuIHNpbXBseSBj cmFtIHRoZSBkZWNsYXJhdGlvbiBpbnRvIHRoYXQgZGV2aWNlcyBvd24gTVVEIGZpbGUgYXMgYW4g ZXh0ZW5zaW9uLiAmbmJzcDtJZiB0aGUgZGV2aWNlIGlzIGEgZ2VuZXJhbCBwdXJwb3NlIGNvbXB1 dGVyLCB0aGluZ3MgZ2V0IGEgYml0IG1vcmUgaW50ZXJlc3RpbmcuICZuYnNwO0luIHRoaXMNCiBj YXNlIHdlIGhhdmUgdHdvIGNob2ljZXM6PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGNtIiB0eXBlPSJk aXNjIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLWxpc3Q6bDMgbGV2ZWwxIGxm bzUiPjxzcGFuIGxhbmc9IkVOLVVTIj5FaXRoZXIgY3JlYXRlIGEgTVVEIGZpbGUgdGhhdCBwb2lu dHMgc29tZXdoZXJlIGludGVybmFsbHkgLSB0aGlzIGRvZXNuPC9zcGFuPuKAmTxzcGFuIGxhbmc9 IkVOLVVTIj50IHNlZW0gdmVyeSBwbHVnIGFuZCBwbGF5LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+ PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMyBsZXZlbDEgbGZvNSI+PHNw YW4gbGFuZz0iRU4tVVMiPk1ha2UgdGhlIGRlY2xhcmF0aW9uIGRpcmVjdGx5IHRvIHRoZSBNVUQg bWFuYWdlci48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+STwvc3Bh bj7igJk8c3BhbiBsYW5nPSJFTi1VUyI+bSBnb2luZyB0byBmb2N1cyBvbiB0aGUgbGF0dGVyIGZv ciB0aGUgbW9tZW50LiAmbmJzcDtJdCBpcyBlYXN5IGVub3VnaCB0byBjcmVhdGUgYSBSRVNUZnVs IGludGVyZmFjZSBmb3IgdGhpcyBwdXJwb3NlLCBidXQgaXQgcmVxdWlyZXMgYSBtZWNoYW5pc20g dG8gZGlzY292ZXJlZCB0aGUgTVVEIG1hbmFnZXIsIHdoaWNoIHVwIHVudGlsIG5vdw0KIGhhcyBi ZWVuIGFuIGludGVybmFsIHBhcnQgb2YgdGhlIG5ldHdvcmsgaW5mcmFzdHJ1Y3R1cmUuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5MZXQgbWUgY2Fs bCB0aGlzIG91dCBwbGFpbmx5OiBsZXR0aW5nIHRoZSBhcHAgaXRzZWxmIGRpcmVjdGx5IGNhbGwg dGhlIE1VRCBtYW5hZ2VyIHJlcXVpcmVzIHRoYXQgdGhlIE1VRCBtYW5hZ2VyIGl0c2VsZiBiZWNv bWUgZXhwb3NlZCB0byB0aGUgdXNlciBpbmZyYXN0cnVjdHVyZSwgd2hpY2ggaXMgYSBjaGFuZ2Uu PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxk aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5PbmUg cG9zc2liaWxpdHkgdG8gYWRkcmVzcyB0aGlzIGlzIHRvIGluY29ycG9yYXRlIHRoZSBuZXcgUkVT VGZ1bCBlbmRwb2ludCBpbnRvIGFuIEFOSU1BIEJSU0tJIGpvaW4gcmVnaXN0cmFyLCB3aGljaCBt YXkgYWxyZWFkeSBiZSBleHBvc2VkLiAmbmJzcDtCdXQgdGhhdCByZXF1aXJlcyB0aGF0IEFOSU1B IEJSU0tJIGJlIGluIHBsYXksIHdoaWNoIGl0IG1heSBub3QuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5NeSB0aGlua2luZyBpcyB0aGF0IHdlIGRv IHRoaXMgd29yayBpbiB0d28gc3RhZ2VzLiAmbmJzcDtGaXJzdCBoYW5kbGUgdGhlIGVhc3kgY2Fz ZSwgd2hpY2ggaXMgdGhlIE1VRCBmaWxlIGV4dGVuc2lvbiwgYW5kIHRoZW4gZmlndXJlIG91dCBo b3cgdG8gZG8gdGhlIGFwcCB2ZXJzaW9uIG9mIHRoaXMuPG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaG91Z2h0cz88bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkVsaW90PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7 PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_B8F9A780D330094D99AF023C5877DABAA49BD941nkgeml513mbxchi_-- From nobody Mon Jul 1 18:44:56 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0045F12018D; Mon, 1 Jul 2019 18:44:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpPeIl00wdA3; Mon, 1 Jul 2019 18:44:51 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54D4A12018B; Mon, 1 Jul 2019 18:44:51 -0700 (PDT) Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 22FCA158CD8675AA82B9; Tue, 2 Jul 2019 02:44:49 +0100 (IST) Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 2 Jul 2019 02:44:48 +0100 Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0415.000; Tue, 2 Jul 2019 09:42:21 +0800 From: Qin Wu To: Eliot Lear CC: "opsawg@ietf.org" , "mud@ietf.org" Thread-Topic: [OPSAWG] Declaring something to be a controller in MUD Thread-Index: AdUwdNms2CQ7NqnHSFy07TtU1rh0VQ== Date: Tue, 2 Jul 2019 01:42:20 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.31.203] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49BD98Ankgeml513mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 01:44:55 -0000 --_000_B8F9A780D330094D99AF023C5877DABAA49BD98Ankgeml513mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TG9vayBsaWtlIHlvdXIgc29sdXRpb24gcmVxdWlyZXMgY29udHJvbGxlciBkZXZpY2UgYW5kIHRo ZSBsaWdodCBidWxiIGRpc2NvdmVyIGVhY2ggb3RoZXIsIHNvIHRoYXQgSW9UIGRldmljZXMgY2Fu IGRpc2NvdmVyIGVhY2ggb3RoZXIgaW4gaW4gYW4gYXV0b25vbWljIG5ldHdvcmssDQpJdCBpcyBu b3QgY2xlYXIgaG93IGlzIGNvbnRyb2xsZXIgZGV2aWNlIFVSTCBjb3JyZWxhdGVkIHdpdGggbGln aHQgYnVsYiBVUkwgdGhyb3VnaCBSRVNURlVMIGludGVyZmFjZSBhbmQgaWV0Zi1tdWQtY29udHJv bGxlci1jYW5kaWRhdGUgbW9kdWxlIGFuZCBpZXRmLW11ZCBtb2R1bGU/DQpBZHZlcnRpc2UgY29u dHJvbGxlciBkZXZpY2UgVVJMIHRvIGFsbCBsaWdodCBidWxicywgYW5kIHRoZW4gbGlnaHQgYnVs YiBzZWxlY3QgYXBwcm9wcmlhdGUgY29udHJvbGxlciBkZXZpY2UgVVJMIGFuZCBjb3JyZWxhdGUg aXRzIFVSTCB3aXRoIGNvbnRyb2xsZXIgZGV2aWNlIFVSTC4NCg0KQ29udHJvbGxlciBkZXZpY2Ug c2VsZWN0IGEgc2V0IG9mIGxpZ2h0IGJ1bGIgaXQgY2FuIGNvbnRyb2wgYW5kIG1hbmFnZXIgYW5k IG1haW50YWluIHRoZSBiaW5kaW5nIGJldHdlZW4gY29udHJvbGxlciBkZXZpY2UgVVJMIGFuZCBs aWdodCBidWxiIFVSTC4NCkhvdyB0byByZXZva2UgdGhlIGJpbmRpbmcgYmV0d2VlbiBjb250cm9s bGVyIGRldmljZSBVUkwgYW5kIGxpZ2h0IGJ1bGIgVVJMIHdoZW4gbGlnaHQgYnVsYiBzZWxlY3Qg b3RoZXIgY29udHJvbGxlciBkZXZpY2Ugb3IgYmUgdHVybmVkIG9mZj8NCg0KLVFpbg0K5Y+R5Lu2 5Lq6OiBFbGlvdCBMZWFyIFttYWlsdG86bGVhckBjaXNjby5jb21dDQrlj5HpgIHml7bpl7Q6IDIw MTnlubQ35pyIMeaXpSAxODoyNg0K5pS25Lu25Lq6OiBRaW4gV3UgPGJpbGwud3VAaHVhd2VpLmNv bT4NCuaKhOmAgTogb3BzYXdnQGlldGYub3JnOyBtdWRAaWV0Zi5vcmcNCuS4u+mimDogUmU6IFtP UFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250cm9sbGVyIGluIE1VRA0KDQpR aW4gYW5kIG90aGVyczoNCg0KSnVzdCB0byBnZXQgdGhlIGJhbGwgcm9sbGluZywgSeKAmXZlIHBv c3RlZCB0b2RheSBkcmFmdC1sZWFyLW9wc2F3Zy1tdWQtY29udHJvbGxlci1jYW5kaWRhdGVzLTAw Lg0KDQpJIHRoaW5rIHRoaXMgc2hvdWxkIGhlbHAgdGhlIGRpc2N1c3Npb24uDQoNCkVsaW90DQoN Cg0KT24gMSBKdWwgMjAxOSwgYXQgMTA6MjMsIFFpbiBXdSA8YmlsbC53dUBodWF3ZWkuY29tPG1h aWx0bzpiaWxsLnd1QGh1YXdlaS5jb20+PiB3cm90ZToNCg0K5Y+R5Lu25Lq6OiBFbGlvdCBMZWFy IFttYWlsdG86bGVhckBjaXNjby5jb21dDQrlj5HpgIHml7bpl7Q6IDIwMTnlubQ35pyIMeaXpSAx NTo1Mg0K5pS25Lu25Lq6OiBRaW4gV3UgPGJpbGwud3VAaHVhd2VpLmNvbTxtYWlsdG86YmlsbC53 dUBodWF3ZWkuY29tPj4NCuaKhOmAgTogb3BzYXdnQGlldGYub3JnPG1haWx0bzpvcHNhd2dAaWV0 Zi5vcmc+OyBtdWRAaWV0Zi5vcmc8bWFpbHRvOm11ZEBpZXRmLm9yZz4NCuS4u+mimDogUmU6IFtP UFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250cm9sbGVyIGluIE1VRA0KDQoN Cg0KDQoNCk9uIDEgSnVsIDIwMTksIGF0IDA5OjIwLCBRaW4gV3UgPGJpbGwud3VAaHVhd2VpLmNv bTxtYWlsdG86YmlsbC53dUBodWF3ZWkuY29tPj4gd3JvdGU6DQoNCuWPkeS7tuS6ujogT1BTQVdH IFttYWlsdG86b3BzYXdnLWJvdW5jZXNAaWV0Zi5vcmddIOS7o+ihqCBFbGlvdCBMZWFyDQrlj5Hp gIHml7bpl7Q6IDIwMTnlubQ25pyIMjTml6UgMTc6NDgNCuaUtuS7tuS6ujogb3BzYXdnQGlldGYu b3JnPG1haWx0bzpvcHNhd2dAaWV0Zi5vcmc+OyBtdWRAaWV0Zi5vcmc8bWFpbHRvOm11ZEBpZXRm Lm9yZz4NCuS4u+mimDogW09QU0FXR10gRGVjbGFyaW5nIHNvbWV0aGluZyB0byBiZSBhIGNvbnRy b2xsZXIgaW4gTVVEDQoNCkhpIGV2ZXJ5b25lLA0KDQpBIGZldyBvZiB1cyBhcmUganVzdCB0cnlp bmcgdG8gcHV0IG91dCBhbiBpbml0aWFsIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIG9uZSBnYXAgaW4g TVVEICh0aGVyZSBhcmUgc2V2ZXJhbCkuICBJbiBhIE1VRCBmaWxlIG9uZSBjYW4gc2F5IHRoYXQg b25lIHdhbnRzIHRvIGFjY2VzcyBhIGNvbnRyb2xsZXIgaW4gdHdvIHdheXM6IGVpdGhlciAibXkt Y29udHJvbGxlcuKAnSBtZWFuaW5nIGEgY29udHJvbGxlciB0aGF0IHNlcnZpY2VzIGRldmljZXMg b2YgYSBwYXJ0aWN1bGFyIE1VRCBVUkwgb3IgYSDigJxjb250cm9sbGVy4oCdIGNsYXNzIHRoYXQg c2VydmljZXMgZGV2aWNlcyBiYXNlZCBvbiBhIHBhcnRpY3VsYXIgY2xhc3MgbmFtZSBvZiBjb250 cm9sbGVyLg0KDQpJbiBlaXRoZXIgY2FzZSwgcmlnaHQgbm93IHRoZSBhZG1pbmlzdHJhdG9yIGhh cyB0byBtYW51YWxseSBrbm93IGFuZCBwb3B1bGF0ZSBpbmZvcm1hdGlvbiwgdG8gc2F5IC0gc29t ZSBkZXZpY2UgMS4yLjMuNCBpcyBhIGNvbnRyb2xsZXIsIGVpdGhlciBmb3IgTVVEIFVSTCBodHRw czovL2V4YW1wbGUuY29tL211ZCBvciBhIGNsYXNzIGh0dHA6Ly9leGFtcGxlLmNvbS9tdWRjbGFz czEuICBUaGF0IGNhbiBiZSBsYWJvcmlvdXMuICBUbyBhc3Npc3QsIHdlIGFyZSBleGFtaW5pbmcg d2F5cyB0byBoYXZlIGEgY29udHJvbGxlciBkZWNsYXJlIGl0c2VsZiBhcyBhIGNhbmRpZGF0ZSBj b250cm9sbGVyLg0KDQpbUWluXTogU2luY2UgTVVEIGluIFJGQzg1MjAgaGFzIGFscmVhZHkgc3Bl Y2lmeSBETlMgZXh0ZW5zaW9uIGFuZCBESENQIGV4dGVuc2lvbiwgd2h5IG5vdCBjb25maWd1cmUg TVVEIG1hbmFnZXIgd2l0aCBjb250cm9sbGVy4oCZcyBkZWNsYXJhdGlvbj8gU28gdGhlIFJFU1RG VUwgaW50ZXJmYWNlIGNhbiBiZSBkZWZpbmVkIGJldHdlZW4gTk1TIGFuZCBjb250cm9sbGVyLCBp ZiBteSB1bmRlcnN0YW5kaW5nIGlzIGNvcnJlY3QuDQpJIGJlbGlldmUgdGhpcyBpcyBuZXR3b3Jr IGluaXRpYXRlZCBzb2x1dGlvbiwgeW91IG1pZ2h0IGhhdmUgY2xpZW50IGluaXRpYXRlZCBzb2x1 dGlvbiwgYnV0IHByb2JhYmx5IG1vcmUgY29tcGxpY2F0ZWQgdGhhbiBuZXR3b3JrIGluaXRpYXRl ZCBzb2x1dGlvbi4NCg0KQ2FuIHlvdSBzYXkgYSBmZXcgbW9yZSB3b3Jkcz8gIEnigJltIG5vdCBz dXJlIEnigJltIHF1aXRlIGZvbGxvd2luZyB5b3UuDQpbUWluXTogV2hhdCBJIGFtIHN1Z2dlc3Rp bmcgaXMgTk1TIHByZWNvbmZpZ3VyZXMgdGhlIE1VRCBtYW5hZ2VyIHdpdGggY29udHJvbGxlcuKA mXMgZGVjbGFyYXRpb24gaW5mb3JtYXRpb24sIGR1cmluZyBESENQIHByb2Nlc3Mgb3IgRE5TIHBy b2Nlc3MsIHRoZSBjb250cm9sbGVy4oCZcyBkZWNsYXJhdGlvbiBjYW4gYmUgcmV0dXJuZWQNClRv IHRoZSByb3V0ZXIgb3Igc3dpdGNoIGJldHdlZW4gdGhlIHRoaW5nIGFuZCBNVUQgbWFuYWdlciBv ciByZXR1cm4gdG8gdGhlIHRoaW5nLCB0aGUgcm91dGVyIG9yIHRoZSB0aGluZyBjYW4gYWNjZXNz IGNvbnRyb2xsZXIgdGhyb3VnaCBjb250cm9sbGVyIGRlbGNsYXJ0aW9uLg0KDQpJZiB0aGUgTVVE IG1hbmFnZXIgYWxzbyBuZWVkcyB0byBiZSBhZHZlcnRpc2VkIHRvIHRoZSB0aGluZywgREhDUCBE aXNjb3Zlcnkgb3IgRE5TIHByb2Nlc3MgY2FuIGJlIGxldmVyYWdlZC4gSW4gdGhpcyBjYXNlLCBO TVMgbmVlZHMgdG8gcHJlY29uZmlndXJlIERIQ1Agc2VydmVyIHdpdGggTVVEIG1hbmFnZXIgaW5m b3JtYXRpb24uDQoNCkVsaW90DQoNCg0KDQogVGhhdCBhdCBsZWFzdCBwcm92aWRlcyBhIGhpbnQg dG8gdGhlIGFkbWluaXN0cmF0b3IgdGhhdCB0aGlzIHBhcnRpY3VsYXIgZGV2aWNlIGlzIGNhcGFi bGUgb2Ygc2VydmluZyBpbiBhIHBhcnRpY3VsYXIgcm9sZS4NCg0KVG8gbWFrZSB0aGF0IGRlY2xh cmF0aW9uLCB0aGUgZGV2aWNlIG11c3QtDQoNCiAgKiAgIEZvcm0gdGhlIGRlY2xhcmF0aW9uOw0K ICAqICAgRmluZCB0aGUgTVVEIG1hbmFnZXI7IGFuZA0KICAqICAgU2VuZCBpdC4NCg0KRm9ybWlu ZyB0aGUgZGVjbGFyYXRpb24gaXMgZWFzeTogd2UgY2FuIG1ha2UgdGhpcyBhIFlBTkcgZ3JvdXBp bmcgYW5kIHRoZW4gcGxhY2UgaXQgaW4gdmFyaW91cyBzcG90cy4NCg0KRmluZGluZyB0aGUgTVVE IG1hbmFnZXIgZGVwZW5kcyBvbiBvbmUgcXVlc3Rpb246DQoNCiAgKiAgIFdhcyB0aGUgZGV2aWNl IGJ1aWx0IHRvIGJlIGEgY29udHJvbGxlciBvciBpcyBpdCBhIGdlbmVyYWwgcHVycG9zZSBkZXZp Y2UgdGhhdCBoYXMgYW4gYXBwIHRoYXQgaXMgaW50ZW5kZWQgdG8gYmUgYSBjb250cm9sbGVyPw0K DQpJZiB0aGUgZGV2aWNlIHdhcyBidWlsdCB0byBiZSBhIGNvbnRyb2xsZXIsIHdlIGNhbiBzaW1w bHkgY3JhbSB0aGUgZGVjbGFyYXRpb24gaW50byB0aGF0IGRldmljZXMgb3duIE1VRCBmaWxlIGFz IGFuIGV4dGVuc2lvbi4gIElmIHRoZSBkZXZpY2UgaXMgYSBnZW5lcmFsIHB1cnBvc2UgY29tcHV0 ZXIsIHRoaW5ncyBnZXQgYSBiaXQgbW9yZSBpbnRlcmVzdGluZy4gIEluIHRoaXMgY2FzZSB3ZSBo YXZlIHR3byBjaG9pY2VzOg0KDQoNCiAgKiAgIEVpdGhlciBjcmVhdGUgYSBNVUQgZmlsZSB0aGF0 IHBvaW50cyBzb21ld2hlcmUgaW50ZXJuYWxseSAtIHRoaXMgZG9lc27igJl0IHNlZW0gdmVyeSBw bHVnIGFuZCBwbGF5Lg0KICAqICAgTWFrZSB0aGUgZGVjbGFyYXRpb24gZGlyZWN0bHkgdG8gdGhl IE1VRCBtYW5hZ2VyLg0KDQpJ4oCZbSBnb2luZyB0byBmb2N1cyBvbiB0aGUgbGF0dGVyIGZvciB0 aGUgbW9tZW50LiAgSXQgaXMgZWFzeSBlbm91Z2ggdG8gY3JlYXRlIGEgUkVTVGZ1bCBpbnRlcmZh Y2UgZm9yIHRoaXMgcHVycG9zZSwgYnV0IGl0IHJlcXVpcmVzIGEgbWVjaGFuaXNtIHRvIGRpc2Nv dmVyZWQgdGhlIE1VRCBtYW5hZ2VyLCB3aGljaCB1cCB1bnRpbCBub3cgaGFzIGJlZW4gYW4gaW50 ZXJuYWwgcGFydCBvZiB0aGUgbmV0d29yayBpbmZyYXN0cnVjdHVyZS4NCg0KTGV0IG1lIGNhbGwg dGhpcyBvdXQgcGxhaW5seTogbGV0dGluZyB0aGUgYXBwIGl0c2VsZiBkaXJlY3RseSBjYWxsIHRo ZSBNVUQgbWFuYWdlciByZXF1aXJlcyB0aGF0IHRoZSBNVUQgbWFuYWdlciBpdHNlbGYgYmVjb21l IGV4cG9zZWQgdG8gdGhlIHVzZXIgaW5mcmFzdHJ1Y3R1cmUsIHdoaWNoIGlzIGEgY2hhbmdlLg0K DQpPbmUgcG9zc2liaWxpdHkgdG8gYWRkcmVzcyB0aGlzIGlzIHRvIGluY29ycG9yYXRlIHRoZSBu ZXcgUkVTVGZ1bCBlbmRwb2ludCBpbnRvIGFuIEFOSU1BIEJSU0tJIGpvaW4gcmVnaXN0cmFyLCB3 aGljaCBtYXkgYWxyZWFkeSBiZSBleHBvc2VkLiAgQnV0IHRoYXQgcmVxdWlyZXMgdGhhdCBBTklN QSBCUlNLSSBiZSBpbiBwbGF5LCB3aGljaCBpdCBtYXkgbm90Lg0KDQpNeSB0aGlua2luZyBpcyB0 aGF0IHdlIGRvIHRoaXMgd29yayBpbiB0d28gc3RhZ2VzLiAgRmlyc3QgaGFuZGxlIHRoZSBlYXN5 IGNhc2UsIHdoaWNoIGlzIHRoZSBNVUQgZmlsZSBleHRlbnNpb24sIGFuZCB0aGVuIGZpZ3VyZSBv dXQgaG93IHRvIGRvIHRoZSBhcHAgdmVyc2lvbiBvZiB0aGlzLg0KDQpUaG91Z2h0cz8NCg0KRWxp b3QNCg0KDQo= --_000_B8F9A780D330094D99AF023C5877DABAA49BD98Ankgeml513mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk65a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0K QGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQg NSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglw YW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5 OuW+rui9r+mbhem7kTsNCglwYW5vc2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAx IDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOW+rui9r+mbhem7kSI7DQoJcGFu b3NlLTE6MiAxMSA1IDMgMiAyIDQgMiAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpN ZW5sbzsNCglwYW5vc2UtMTowIDAgMCAwIDAgMCAwIDAgMCAwO30NCi8qIFN0eWxlIERlZmluaXRp b25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdp bjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9u dC1mYW1pbHk65a6L5L2TO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNw YW4uYXBwbGUtY29udmVydGVkLXNwYWNlDQoJe21zby1zdHlsZS1uYW1lOmFwcGxlLWNvbnZlcnRl ZC1zcGFjZTt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1y ZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdE O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0 Ow0KCW1hcmdpbjo3Mi4wcHQgOTAuMHB0IDcyLjBwdCA5MC4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9u MQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBs MA0KCXttc28tbGlzdC1pZDo1NzQxMjE2OTQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjEwNDE0 MDg4MjI7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs MDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1s ZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u dC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDox NDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot MTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9s O30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxl dmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZl bC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODgu MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30N CkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxDQoJe21z by1saXN0LWlkOjExNjM5Mjk1NjI7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjMwMDIwMjkwNjt9 DQpAbGlzdCBsMTpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z by1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVs Mg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwzDQoJe21zby1sZXZlbC1u dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRh Yi1zdG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt aW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWls eTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7 DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp c3QgbDE6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9u dC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw2DQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI4OC4wcHQ7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3Qg bDE6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1z aXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDINCgl7bXNvLWxpc3Qt aWQ6MTE4MjAxNTA3NTsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6NzgxODE3MzI7fQ0KQGxpc3Qg bDI6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMjpsZXZlbDINCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9u dC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDox MDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot MTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9s O30NCkBsaXN0IGwyOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxl dmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZl bC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIu MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30N CkBsaXN0IGwyOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNp LWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVs OQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNtO30NCnVs DQoJe21hcmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4 bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94 bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2 OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFw ZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpILUNOIiBs aW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMx RjQ5N0QiPkxvb2sgbGlrZSB5b3VyIHNvbHV0aW9uIHJlcXVpcmVzIGNvbnRyb2xsZXIgZGV2aWNl IGFuZCB0aGUgbGlnaHQgYnVsYiBkaXNjb3ZlciBlYWNoIG90aGVyLCBzbyB0aGF0IElvVCBkZXZp Y2VzIGNhbiBkaXNjb3ZlciBlYWNoIG90aGVyIGluIGluIGFuIGF1dG9ub21pYw0KIG5ldHdvcmss PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JdCBpcyBub3QgY2xlYXIgaG93IGlzIGNv bnRyb2xsZXIgZGV2aWNlIFVSTCBjb3JyZWxhdGVkIHdpdGggbGlnaHQgYnVsYiBVUkwgdGhyb3Vn aCBSRVNURlVMIGludGVyZmFjZSBhbmQgaWV0Zi1tdWQtY29udHJvbGxlci1jYW5kaWRhdGUgbW9k dWxlIGFuZA0KIGlldGYtbXVkIG1vZHVsZT88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Qi PkFkdmVydGlzZSBjb250cm9sbGVyIGRldmljZSBVUkwgdG8gYWxsIGxpZ2h0IGJ1bGJzLCBhbmQg dGhlbiBsaWdodCBidWxiIHNlbGVjdCBhcHByb3ByaWF0ZSBjb250cm9sbGVyIGRldmljZSBVUkwg YW5kIGNvcnJlbGF0ZSBpdHMgVVJMIHdpdGggY29udHJvbGxlcg0KIGRldmljZSBVUkwuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMx RjQ5N0QiPkNvbnRyb2xsZXIgZGV2aWNlIHNlbGVjdCBhIHNldCBvZiBsaWdodCBidWxiIGl0IGNh biBjb250cm9sIGFuZCBtYW5hZ2VyIGFuZCBtYWludGFpbiB0aGUgYmluZGluZyBiZXR3ZWVuIGNv bnRyb2xsZXIgZGV2aWNlIFVSTCBhbmQgbGlnaHQgYnVsYiBVUkwuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEIj5Ib3cgdG8gcmV2b2tlIHRoZSBiaW5kaW5nIGJldHdlZW4gY29udHJvbGxl ciBkZXZpY2UgVVJMIGFuZCBsaWdodCBidWxiIFVSTCB3aGVuIGxpZ2h0IGJ1bGIgc2VsZWN0IG90 aGVyIGNvbnRyb2xsZXIgZGV2aWNlIG9yIGJlIHR1cm5lZCBvZmY/PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPi1RaW48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuWPkeS7tuS6ujxz cGFuIGxhbmc9IkVOLVVTIj46PC9zcGFuPjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90 OyxzYW5zLXNlcmlmIj4gRWxpb3QgTGVhciBbbWFpbHRvOmxlYXJAY2lzY28uY29tXQ0KPGJyPg0K PC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lj5HpgIHml7bpl7Q8c3BhbiBsYW5nPSJF Ti1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJp ZiI+IDIwMTk8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuW5tDxzcGFuIGxhbmc9IkVOLVVT Ij43PC9zcGFuPuaciDxzcGFuIGxhbmc9IkVOLVVTIj4xPC9zcGFuPuaXpTxzcGFuIGxhbmc9IkVO LVVTIj4NCiAxODoyNjxicj4NCjwvc3Bhbj48Yj7mlLbku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+ Ojwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBRaW4gV3UgJmx0O2JpbGwud3VAaHVhd2Vp LmNvbSZndDs8YnI+DQo8L3NwYW4+PGI+5oqE6YCBPHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+ PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj4gb3BzYXdnQGlldGYub3JnOyBtdWRAaWV0Zi5vcmc8YnI+ DQo8L3NwYW4+PGI+5Li76aKYPHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9iPjxzcGFuIGxh bmc9IkVOLVVTIj4gUmU6IFtPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250 cm9sbGVyIGluIE1VRDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5R aW4gYW5kIG90aGVyczo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5K dXN0IHRvIGdldCB0aGUgYmFsbCByb2xsaW5nLCBJ4oCZdmUgcG9zdGVkIHRvZGF5Jm5ic3A7PC9z cGFuPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTomcXVvdDtNZW5sbyZxdW90OyxzZXJpZiI+ZHJhZnQtbGVhci1vcHNhd2ctbXVkLWNvbnRyb2xs ZXItY2FuZGlkYXRlcy0wMC48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SSB0aGluayB0aGlzIHNob3VsZCBo ZWxwIHRoZSBkaXNjdXNzaW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+RWxpb3Q8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48YnI+DQo8YnI+DQo8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJn aW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+T24gMSBKdWwgMjAxOSwgYXQgMTA6MjMsIFFpbiBXdSAmbHQ7PGEgaHJlZj0ibWFp bHRvOmJpbGwud3VAaHVhd2VpLmNvbSI+YmlsbC53dUBodWF3ZWkuY29tPC9hPiZndDsgd3JvdGU6 PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R5Lu25Lq6 PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBjbGFzcz0iYXBwbGUt Y29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPiZuYnNw Ozwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj5FbGlvdA0K IExlYXIgWzxhIGhyZWY9Im1haWx0bzpsZWFyQGNpc2NvLmNvbSI+PHNwYW4gc3R5bGU9ImNvbG9y OnB1cnBsZSI+bWFpbHRvOmxlYXJAY2lzY28uY29tPC9zcGFuPjwvYT5dPHNwYW4gY2xhc3M9ImFw cGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxicj4NCjwvc3Bhbj48Yj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVv dDssc2Fucy1zZXJpZiI+5Y+R6YCB5pe26Ze0PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9z cGFuPjwvYj48c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJF Ti1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF 6buRJnF1b3Q7LHNhbnMtc2VyaWYiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7 kSZxdW90OyxzYW5zLXNlcmlmIj4yMDE5PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lubQ8 c3BhbiBsYW5nPSJFTi1VUyI+Nzwvc3Bhbj7mnIg8c3BhbiBsYW5nPSJFTi1VUyI+MTwvc3Bhbj7m l6U8c3BhbiBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+MTU6NTI8YnI+DQo8L3NwYW4+ PGI+5pS25Lu25Lq6PHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJh cHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9z cGFuPjxzcGFuIGxhbmc9IkVOLVVTIj5RaW4gV3UgJmx0OzxhIGhyZWY9Im1haWx0bzpiaWxsLnd1 QGh1YXdlaS5jb20iPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPmJpbGwud3VAaHVhd2VpLmNv bTwvc3Bhbj48L2E+Jmd0Ozxicj4NCjwvc3Bhbj48Yj7mioTpgIE8c3BhbiBsYW5nPSJFTi1VUyI+ Ojwvc3Bhbj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxhIGhyZWY9 Im1haWx0bzpvcHNhd2dAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPm9wc2F3 Z0BpZXRmLm9yZzwvc3Bhbj48L2E+OzxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2Ui PiZuYnNwOzwvc3Bhbj48YSBocmVmPSJtYWlsdG86bXVkQGlldGYub3JnIj48c3BhbiBzdHlsZT0i Y29sb3I6cHVycGxlIj5tdWRAaWV0Zi5vcmc8L3NwYW4+PC9hPjxicj4NCjwvc3Bhbj48Yj7kuLvp opg8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZl cnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4g bGFuZz0iRU4tVVMiPlJlOiBbT1BTQVdHXSBEZWNsYXJpbmcgc29tZXRoaW5nIHRvIGJlIGEgY29u dHJvbGxlciBpbiBNVUQ8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyI+PGJyPg0KPGJyPg0KPGJyPg0KPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90 dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPk9uIDEgSnVsIDIwMTksIGF0IDA5OjIwLCBRaW4gV3UgJmx0OzxhIGhyZWY9Im1h aWx0bzpiaWxsLnd1QGh1YXdlaS5jb20iPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPmJpbGwu d3VAaHVhd2VpLmNvbTwvc3Bhbj48L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7l j5Hku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGNsYXNz PSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJp ZiI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYi Pk9QU0FXRw0KIFs8YSBocmVmPSJtYWlsdG86b3BzYXdnLWJvdW5jZXNAaWV0Zi5vcmciPjxzcGFu IHN0eWxlPSJjb2xvcjpwdXJwbGUiPm1haWx0bzpvcHNhd2ctYm91bmNlc0BpZXRmLm9yZzwvc3Bh bj48L2E+XTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48 L3NwYW4+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 5b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuS7o+ihqDxzcGFuIGNsYXNzPSJhcHBsZS1j b252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjwv c3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj5FbGlvdA0KIExlYXI8 YnI+DQo8L3NwYW4+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMtc2VyaWYiPuWPkemAgeaXtumXtDxzcGFuIGxh bmc9IkVOLVVTIj46PC9zcGFuPjwvc3Bhbj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRl ZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8L3NwYW4+ PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+MjAxOTwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7ova/pm4Xpu5Em cXVvdDssc2Fucy1zZXJpZiI+5bm0PHNwYW4gbGFuZz0iRU4tVVMiPjY8L3NwYW4+5pyIPHNwYW4g bGFuZz0iRU4tVVMiPjI0PC9zcGFuPuaXpTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3Bh Y2UiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVO LVVTIj4xNzo0ODxicj4NCjwvc3Bhbj48Yj7mlLbku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwv c3Bhbj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+PHNwYW4gbGFuZz0i RU4tVVMiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxhIGhyZWY9Im1h aWx0bzpvcHNhd2dAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPm9wc2F3Z0Bp ZXRmLm9yZzwvc3Bhbj48L2E+OzxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZu YnNwOzwvc3Bhbj48YSBocmVmPSJtYWlsdG86bXVkQGlldGYub3JnIj48c3BhbiBzdHlsZT0iY29s b3I6cHVycGxlIj5tdWRAaWV0Zi5vcmc8L3NwYW4+PC9hPjxicj4NCjwvc3Bhbj48Yj7kuLvpopg8 c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRl ZC1zcGFjZSI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4gbGFu Zz0iRU4tVVMiPltPUFNBV0ddIERlY2xhcmluZyBzb21ldGhpbmcgdG8gYmUgYSBjb250cm9sbGVy IGluIE1VRDwvc3Bhbj48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyI+SGkgZXZlcnlvbmUsPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N CjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyI+QSBmZXcgb2YgdXMgYXJlIGp1c3QgdHJ5aW5nIHRvIHB1dCBvdXQgYW4gaW5pdGlhbCBk cmFmdCB0aGF0IGFkZHJlc3NlcyBvbmUgZ2FwIGluIE1VRCAodGhlcmUgYXJlIHNldmVyYWwpLiAm bmJzcDtJbiBhIE1VRCBmaWxlIG9uZSBjYW4gc2F5IHRoYXQgb25lIHdhbnRzIHRvIGFjY2VzcyBh IGNvbnRyb2xsZXIgaW4gdHdvIHdheXM6IGVpdGhlciAmcXVvdDtteS1jb250cm9sbGVyPC9zcGFu PuKAnTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPjxzcGFuIGxhbmc9IkVOLVVT Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj5tZWFuaW5nDQogYSBjb250 cm9sbGVyIHRoYXQgc2VydmljZXMgZGV2aWNlcyBvZiBhIHBhcnRpY3VsYXIgTVVEIFVSTCBvciBh PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj7i gJw8c3BhbiBsYW5nPSJFTi1VUyI+Y29udHJvbGxlcjwvc3Bhbj7igJ08c3BhbiBjbGFzcz0iYXBw bGUtY29udmVydGVkLXNwYWNlIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwvc3Bh bj48c3BhbiBsYW5nPSJFTi1VUyI+Y2xhc3MgdGhhdCBzZXJ2aWNlcw0KIGRldmljZXMgYmFzZWQg b24gYSBwYXJ0aWN1bGFyIGNsYXNzIG5hbWUgb2YgY29udHJvbGxlci48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkluIGVpdGhlciBjYXNlLCByaWdo dCBub3cgdGhlIGFkbWluaXN0cmF0b3IgaGFzIHRvIG1hbnVhbGx5IGtub3cgYW5kIHBvcHVsYXRl IGluZm9ybWF0aW9uLCB0byBzYXkgLSBzb21lIGRldmljZSAxLjIuMy40IGlzIGEgY29udHJvbGxl ciwgZWl0aGVyIGZvciBNVUQgVVJMPHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+ Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8vZXhhbXBsZS5jb20vbXVkIj48c3BhbiBzdHls ZT0iY29sb3I6cHVycGxlIj5odHRwczovL2V4YW1wbGUuY29tL211ZDwvc3Bhbj48L2E+Jm5ic3A7 b3INCiBhIGNsYXNzPHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9z cGFuPjxhIGhyZWY9Imh0dHA6Ly9leGFtcGxlLmNvbS9tdWRjbGFzczEiPjxzcGFuIHN0eWxlPSJj b2xvcjpwdXJwbGUiPmh0dHA6Ly9leGFtcGxlLmNvbS9tdWRjbGFzczE8L3NwYW4+PC9hPi4gJm5i c3A7VGhhdCBjYW4gYmUgbGFib3Jpb3VzLiAmbmJzcDtUbyBhc3Npc3QsIHdlIGFyZSBleGFtaW5p bmcgd2F5cyB0byBoYXZlIGEgY29udHJvbGxlciBkZWNsYXJlIGl0c2VsZiBhcyBhDQogY2FuZGlk YXRlIGNvbnRyb2xsZXIuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxk aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+ W1Fpbl06IFNpbmNlIE1VRCBpbiBSRkM4NTIwIGhhcyBhbHJlYWR5IHNwZWNpZnkgRE5TIGV4dGVu c2lvbiBhbmQgREhDUCBleHRlbnNpb24sIHdoeSBub3QgY29uZmlndXJlIE1VRCBtYW5hZ2VyIHdp dGggY29udHJvbGxlcuKAmXMgZGVjbGFyYXRpb24/IFNvDQogdGhlIFJFU1RGVUwgaW50ZXJmYWNl IGNhbiBiZSBkZWZpbmVkIGJldHdlZW4gTk1TIGFuZCBjb250cm9sbGVyLCBpZiBteSB1bmRlcnN0 YW5kaW5nIGlzIGNvcnJlY3QuPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkkgYmVsaWV2 ZSB0aGlzIGlzIG5ldHdvcmsgaW5pdGlhdGVkIHNvbHV0aW9uLCB5b3UgbWlnaHQgaGF2ZSBjbGll bnQgaW5pdGlhdGVkIHNvbHV0aW9uLCBidXQgcHJvYmFibHkgbW9yZSBjb21wbGljYXRlZCB0aGFu IG5ldHdvcmsgaW5pdGlhdGVkIHNvbHV0aW9uLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Js b2NrcXVvdGU+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5DYW4geW91IHNheSBh IGZldyBtb3JlIHdvcmRzPyAmbmJzcDtJPC9zcGFuPuKAmTxzcGFuIGxhbmc9IkVOLVVTIj5tIG5v dCBzdXJlIEk8L3NwYW4+4oCZPHNwYW4gbGFuZz0iRU4tVVMiPm0gcXVpdGUgZm9sbG93aW5nIHlv dS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImNvbG9yOiMxRjQ5 N0QiPltRaW5dOiBXaGF0IEkgYW0gc3VnZ2VzdGluZyBpcyBOTVMgcHJlY29uZmlndXJlcyB0aGUg TVVEIG1hbmFnZXIgd2l0aCBjb250cm9sbGVyPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj7igJk8c3BhbiBsYW5nPSJFTi1VUyI+cyBkZWNsYXJhdGlvbiBpbmZvcm1hdGlvbiwgZHVy aW5nIERIQ1AgcHJvY2VzcyBvciBETlMgcHJvY2VzcywNCiB0aGUgY29udHJvbGxlcjwvc3Bhbj7i gJk8c3BhbiBsYW5nPSJFTi1VUyI+cyBkZWNsYXJhdGlvbiBjYW4gYmUgcmV0dXJuZWQ8L3NwYW4+ PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPlRvIHRoZSByb3V0ZXIgb3Igc3dpdGNoIGJldHdlZW4gdGhlIHRoaW5n IGFuZCBNVUQgbWFuYWdlciBvciByZXR1cm4gdG8gdGhlIHRoaW5nLCB0aGUgcm91dGVyIG9yIHRo ZSB0aGluZyBjYW4gYWNjZXNzIGNvbnRyb2xsZXIgdGhyb3VnaCBjb250cm9sbGVyDQogZGVsY2xh cnRpb24uPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JZiB0aGUgTVVEIG1h bmFnZXIgYWxzbyBuZWVkcyB0byBiZSBhZHZlcnRpc2VkIHRvIHRoZSB0aGluZywgREhDUCBEaXNj b3Zlcnkgb3IgRE5TIHByb2Nlc3MgY2FuIGJlIGxldmVyYWdlZC4gSW4gdGhpcyBjYXNlLCBOTVMg bmVlZHMgdG8gcHJlY29uZmlndXJlDQogREhDUCBzZXJ2ZXIgd2l0aCBNVUQgbWFuYWdlciBpbmZv cm1hdGlvbi48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+RWxpb3Q8YnI+DQo8YnI+DQo8YnI+ DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJn aW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7 Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7VGhhdCBhdCBsZWFzdCBwcm92aWRlcyBh IGhpbnQgdG8gdGhlIGFkbWluaXN0cmF0b3IgdGhhdCB0aGlzIHBhcnRpY3VsYXIgZGV2aWNlIGlz IGNhcGFibGUgb2Ygc2VydmluZyBpbiBhIHBhcnRpY3VsYXIgcm9sZS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRvIG1ha2UgdGhhdCBkZWNsYXJh dGlvbiwgdGhlIGRldmljZSBtdXN0LTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjxkaXY+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGNtIiB0eXBlPSJkaXNj Ij4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzEi PjxzcGFuIGxhbmc9IkVOLVVTIj5Gb3JtIHRoZSBkZWNsYXJhdGlvbjs8bzpwPjwvbzpwPjwvc3Bh bj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxm bzEiPjxzcGFuIGxhbmc9IkVOLVVTIj5GaW5kIHRoZSBNVUQgbWFuYWdlcjsgYW5kPG86cD48L286 cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwxIGxl dmVsMSBsZm8xIj48c3BhbiBsYW5nPSJFTi1VUyI+U2VuZCBpdC48bzpwPjwvbzpwPjwvc3Bhbj48 L2xpPjwvdWw+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Rm9ybWluZyB0aGUgZGVjbGFyYXRpb24gaXMgZWFzeTog d2UgY2FuIG1ha2UgdGhpcyBhIFlBTkcgZ3JvdXBpbmcgYW5kIHRoZW4gcGxhY2UgaXQgaW4gdmFy aW91cyBzcG90cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiPkZpbmRpbmcgdGhlIE1VRCBtYW5hZ2VyIGRlcGVuZHMgb24gb25lIHF1ZXN0aW9uOjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8dWwg c3R5bGU9Im1hcmdpbi10b3A6MGNtIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzIiPjxzcGFuIGxhbmc9IkVOLVVTIj5XYXMg dGhlIGRldmljZSBidWlsdCB0byBiZSBhIGNvbnRyb2xsZXIgb3IgaXMgaXQgYSBnZW5lcmFsIHB1 cnBvc2UgZGV2aWNlIHRoYXQgaGFzIGFuIGFwcCB0aGF0IGlzIGludGVuZGVkIHRvIGJlIGEgY29u dHJvbGxlcj88bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SWYgdGhl IGRldmljZSB3YXMgYnVpbHQgdG8gYmUgYSBjb250cm9sbGVyLCB3ZSBjYW4gc2ltcGx5IGNyYW0g dGhlIGRlY2xhcmF0aW9uIGludG8gdGhhdCBkZXZpY2VzIG93biBNVUQgZmlsZSBhcyBhbiBleHRl bnNpb24uICZuYnNwO0lmIHRoZSBkZXZpY2UgaXMgYSBnZW5lcmFsIHB1cnBvc2UgY29tcHV0ZXIs IHRoaW5ncyBnZXQgYSBiaXQgbW9yZSBpbnRlcmVzdGluZy4gJm5ic3A7SW4gdGhpcw0KIGNhc2Ug d2UgaGF2ZSB0d28gY2hvaWNlczo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPGRpdj4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDowY20iIHR5cGU9ImRpc2Mi Pg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMiBsZXZlbDEgbGZvMyI+ PHNwYW4gbGFuZz0iRU4tVVMiPkVpdGhlciBjcmVhdGUgYSBNVUQgZmlsZSB0aGF0IHBvaW50cyBz b21ld2hlcmUgaW50ZXJuYWxseSAtIHRoaXMgZG9lc248L3NwYW4+4oCZPHNwYW4gbGFuZz0iRU4t VVMiPnQgc2VlbSB2ZXJ5IHBsdWcgYW5kIHBsYXkuPG86cD48L286cD48L3NwYW4+PC9saT48bGkg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1saXN0OmwyIGxldmVsMSBsZm8zIj48c3BhbiBs YW5nPSJFTi1VUyI+TWFrZSB0aGUgZGVjbGFyYXRpb24gZGlyZWN0bHkgdG8gdGhlIE1VRCBtYW5h Z2VyLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5JPC9zcGFuPuKA mTxzcGFuIGxhbmc9IkVOLVVTIj5tIGdvaW5nIHRvIGZvY3VzIG9uIHRoZSBsYXR0ZXIgZm9yIHRo ZSBtb21lbnQuICZuYnNwO0l0IGlzIGVhc3kgZW5vdWdoIHRvIGNyZWF0ZSBhIFJFU1RmdWwgaW50 ZXJmYWNlIGZvciB0aGlzIHB1cnBvc2UsIGJ1dCBpdCByZXF1aXJlcyBhIG1lY2hhbmlzbSB0byBk aXNjb3ZlcmVkIHRoZSBNVUQgbWFuYWdlciwgd2hpY2ggdXAgdW50aWwgbm93DQogaGFzIGJlZW4g YW4gaW50ZXJuYWwgcGFydCBvZiB0aGUgbmV0d29yayBpbmZyYXN0cnVjdHVyZS48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkxldCBtZSBjYWxsIHRo aXMgb3V0IHBsYWlubHk6IGxldHRpbmcgdGhlIGFwcCBpdHNlbGYgZGlyZWN0bHkgY2FsbCB0aGUg TVVEIG1hbmFnZXIgcmVxdWlyZXMgdGhhdCB0aGUgTVVEIG1hbmFnZXIgaXRzZWxmIGJlY29tZSBl eHBvc2VkIHRvIHRoZSB1c2VyIGluZnJhc3RydWN0dXJlLCB3aGljaCBpcyBhIGNoYW5nZS48bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPk9uZSBwb3Nz aWJpbGl0eSB0byBhZGRyZXNzIHRoaXMgaXMgdG8gaW5jb3Jwb3JhdGUgdGhlIG5ldyBSRVNUZnVs IGVuZHBvaW50IGludG8gYW4gQU5JTUEgQlJTS0kgam9pbiByZWdpc3RyYXIsIHdoaWNoIG1heSBh bHJlYWR5IGJlIGV4cG9zZWQuICZuYnNwO0J1dCB0aGF0IHJlcXVpcmVzIHRoYXQgQU5JTUEgQlJT S0kgYmUgaW4gcGxheSwgd2hpY2ggaXQgbWF5IG5vdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPk15IHRoaW5raW5nIGlzIHRoYXQgd2UgZG8gdGhp cyB3b3JrIGluIHR3byBzdGFnZXMuICZuYnNwO0ZpcnN0IGhhbmRsZSB0aGUgZWFzeSBjYXNlLCB3 aGljaCBpcyB0aGUgTVVEIGZpbGUgZXh0ZW5zaW9uLCBhbmQgdGhlbiBmaWd1cmUgb3V0IGhvdyB0 byBkbyB0aGUgYXBwIHZlcnNpb24gb2YgdGhpcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRob3VnaHRzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+RWxpb3Q8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_B8F9A780D330094D99AF023C5877DABAA49BD98Ankgeml513mbxchi_-- From nobody Mon Jul 1 23:07:38 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A42B91200B7; Mon, 1 Jul 2019 23:07:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zde2crvTADuM; Mon, 1 Jul 2019 23:07:28 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7C8A1200B5; Mon, 1 Jul 2019 23:07:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2739; q=dns/txt; s=iport; t=1562047648; x=1563257248; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=gbVD7+WkEwNqauPYYjgoGe7TvAiW+Blw6Lex7kDKubI=; b=ir0hMeHZOf1cwvTfTY5dlEOgGYP8M2VLrgXit+8MTjNytSoQnESWaViV xRnB0igW9CEy8gGv/of0lO6ivRifENINY+Awb9vK3qDQfrVRoFtMPaDyY DkBEKH2nGjmH9OgaZ/imkNRxuQPQfVA5DBEJMxOzMwHLS0b65VKPv8CbL g=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAAB38xpd/xbLJq1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVgEBAQEBAQsBAYETgj0hEiiEHIh7jAiHLoIdiSWHfQI?= =?us-ascii?q?HAQEBCQMBAS8BAYRAAoMnNwYOAQMBAQQBAQIBBW2KQ0IBEAGEdgEBAQECASN?= =?us-ascii?q?WBQsLBAETKgICITYGE4MiAYFqAw4PpRiBMoVHgkcNghYQgTQBgVCKJYF/gTg?= =?us-ascii?q?fgh4uPoIahTQygiYElFiVGEAJghiCH4EMjF6DchuNK4pAll2KcoMJAgQGBQI?= =?us-ascii?q?VgWYigVgzGggbFWUBgkE+kEk9AzCFOIkuAQE?= X-IronPort-AV: E=Sophos;i="5.63,442,1557187200"; d="asc'?scan'208,217";a="13837662" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jul 2019 06:07:25 +0000 Received: from [10.61.244.239] ([10.61.244.239]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6267Ooe005533 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 2 Jul 2019 06:07:25 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_E8DA1115-8274-43D2-AE9B-936DBED5F65D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 2 Jul 2019 08:07:22 +0200 In-Reply-To: Cc: Qin Wu , "opsawg@ietf.org" , "mud@ietf.org" To: "M. Ranganathan" References: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.244.239, [10.61.244.239] X-Outbound-Node: aer-core-4.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 06:07:30 -0000 --Apple-Mail=_E8DA1115-8274-43D2-AE9B-936DBED5F65D Content-Type: multipart/alternative; boundary="Apple-Mail=_9AF038A6-CDD0-482A-A20F-519512AB4E8D" --Apple-Mail=_9AF038A6-CDD0-482A-A20F-519512AB4E8D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Ranga, > On 1 Jul 2019, at 20:51, M. Ranganathan wrote: >=20 > What is the essential difference between a device declaring itself to = be a "controller" for another class and the situation where the device = (being controlled) just uses the "model" abstraction in an ACE? You could indeed do this with =E2=80=9Cmodel=E2=80=9D, --Apple-Mail=_9AF038A6-CDD0-482A-A20F-519512AB4E8D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Ranga,

On 1 Jul 2019, at 20:51, M. Ranganathan = <mranga@gmail.com> wrote:

What is the essential difference = between a device declaring itself to be a "controller" for another class = and the situation where the device (being controlled) just uses the = "model" abstraction in an ACE? 


You= could indeed do this with =E2=80=9Cmodel=E2=80=9D, 
= --Apple-Mail=_9AF038A6-CDD0-482A-A20F-519512AB4E8D-- --Apple-Mail=_E8DA1115-8274-43D2-AE9B-936DBED5F65D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRr0mwAKCRBugA9nE248 uEzIAJ941sJQ4y8+tb4frImgddSPdWOn0ACg23ZYrz+ur/oWUUwYH1YxPpxBOEQ= =NcJr -----END PGP SIGNATURE----- --Apple-Mail=_E8DA1115-8274-43D2-AE9B-936DBED5F65D-- From nobody Mon Jul 1 23:11:02 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 945E41200A4; Mon, 1 Jul 2019 23:11:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zF-yme4YMO3m; Mon, 1 Jul 2019 23:10:58 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0111200B3; Mon, 1 Jul 2019 23:10:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4013; q=dns/txt; s=iport; t=1562047858; x=1563257458; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=sl2T3sxJ82MVOAbNx7E72mp/3OIxFRJ67L4ugGjW/ZU=; b=IFk6zJiKB2Y+B4zI/366CqoU4h7GT5Qw4MSc5Gekapv/tbYADNqLPZBr odfXbYecTDWSA19LRFuW9buISNJujoqUua7BuZokwAOdO0kiKpe843sJh KCT5G0J81cMEpXmt9lJvC9/i135Zh88OclfgGPtxhuiHmG8DZ8OTcsJ1s k=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAABA9Bpd/xbLJq1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVgEBAQEBAQsBAYETgj0hEiiEHIh7jAiHLoIdiSWHfQI?= =?us-ascii?q?HAQEBCQMBAS8BAYRAAoMnNwYOAQMBAQQBAQIBBW2KQ0IBEAGEdgEBAQECASN?= =?us-ascii?q?WBQsLBBQqAgIhNgYTgyIBgWoDDg+lGYEyhUeCRw2CFhCBNAGBUIolgX+BOB+?= =?us-ascii?q?CHi4+ghqFNDKCJgSMJIg0lRhACYIYgh+BDIxeg3IbjSuKQJZdinKDCQIEBgU?= =?us-ascii?q?CFYFmIoFYMxoIGxVlAYJBPpBJPQMwhTiJLgEB?= X-IronPort-AV: E=Sophos;i="5.63,442,1557187200"; d="asc'?scan'208,217";a="13775770" Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jul 2019 06:10:55 +0000 Received: from [10.61.244.239] ([10.61.244.239]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x626AsuO019248 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 2 Jul 2019 06:10:55 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_F73EB660-D21E-4395-B602-4A50B5DF6A0F"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 2 Jul 2019 08:10:53 +0200 In-Reply-To: Cc: Qin Wu , "opsawg@ietf.org" , "mud@ietf.org" To: "M. Ranganathan" References: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.244.239, [10.61.244.239] X-Outbound-Node: aer-core-1.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 06:11:01 -0000 --Apple-Mail=_F73EB660-D21E-4395-B602-4A50B5DF6A0F Content-Type: multipart/alternative; boundary="Apple-Mail=_5FC2D4BD-8A03-40E3-954E-982BC5CFF986" --Apple-Mail=_5FC2D4BD-8A03-40E3-954E-982BC5CFF986 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Ranga, Sorry for the pre-mature send. > On 1 Jul 2019, at 20:51, M. Ranganathan wrote: >=20 > What is the essential difference between a device declaring itself to = be a "controller" for another class and the situation where the device = (being controlled) just uses the "model" abstraction in an ACE? >=20 You could indeed do this with =E2=80=9Cmodel=E2=80=9D. The reason I = hadn=E2=80=99t thought of that was because in my mind, same-manufacturer = and model were for NxN communications, and that it might be a hint to = the NMS to use appropriate scale mechanisms. But that=E2=80=99s not = actually in the text. I think, by the way, that there=E2=80=99s another reason to think about = doing this from the controller side: if the standards are open like we = like them to be, a device may not know who should be the controller for = a particular device or class. Eliot --Apple-Mail=_5FC2D4BD-8A03-40E3-954E-982BC5CFF986 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Ranga,

Sorry for the = pre-mature send.

On 1 Jul 2019, at 20:51, M. = Ranganathan <mranga@gmail.com> wrote:

What = is the essential difference between a device declaring itself to be a = "controller" for another class and the situation where the device (being = controlled) just uses the "model" abstraction in an ACE? 


You could indeed do this with = =E2=80=9Cmodel=E2=80=9D.  The reason I hadn=E2=80=99t thought of = that was because in my mind, same-manufacturer and model were for NxN = communications, and that it might be a hint to the NMS to use = appropriate scale mechanisms.  But that=E2=80=99s not actually in = the text.

I = think, by the way, that there=E2=80=99s another reason to think about = doing this from the controller side: if the standards are open like we = like them to be, a device may not know who should be the controller for = a particular device or class.

Eliot
= --Apple-Mail=_5FC2D4BD-8A03-40E3-954E-982BC5CFF986-- --Apple-Mail=_F73EB660-D21E-4395-B602-4A50B5DF6A0F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRr1bQAKCRBugA9nE248 uHXOAJ9KR7LG6BnC15Z9RP3l8px4f5tj4gCeO9evervAJodAwZ/UH/ICyW4ZlsY= =9lGI -----END PGP SIGNATURE----- --Apple-Mail=_F73EB660-D21E-4395-B602-4A50B5DF6A0F-- From nobody Tue Jul 2 10:22:43 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34B8F120651; Tue, 2 Jul 2019 10:22:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0UepgOR0pge; Tue, 2 Jul 2019 10:22:34 -0700 (PDT) Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFDB2120664; Tue, 2 Jul 2019 10:22:33 -0700 (PDT) Received: by mail-io1-xd30.google.com with SMTP id k20so12493934ios.10; Tue, 02 Jul 2019 10:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Eh4A6O4fI5KBqveVJ+iBGVjgfPgJJJKshdYVhiDIhVY=; b=ogVo4D7QzQDIxD+ZnK9IVBBthYOnsv/NnuqKq538TZCUpfx4k5roAiK9klpuV+fML/ jskf/OlhKB+LG2ZzqZWIwOvR3x1s/3+CNhcJqdOvBXiKK0aferw1O4qdqdv9G8Je5IlA WwxDEuQBL4QnsRqSfMPngEBIEbZZfoDkdkr7lo1Q6cOBV0c432P5Tu3l6RefjbKKA2IK JoNOviq3vvAqF4LK2ilCj96zbu07xXBxrWuagjlrJY6jwPAUlIwZrULFdCVwk44nAwWw UrKfLgTjaGpZT1WhfYPvDYl9eGeKqNaoBL1Cx21ipvtoYpJEbZ755HXMJCj7M4RUhbQd WqFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Eh4A6O4fI5KBqveVJ+iBGVjgfPgJJJKshdYVhiDIhVY=; b=poak//GXhQE8S7gmI4aMXC77xxoAVPccTL0I58Oe7GKxcBMmB1bE7cvaXf2Lt9v6C+ xMdPQtzQ2GM5LnYM8Ag9OqhRHjv6a/rjfWe75IELkLnPR0KWvXqYB/Q8ccqAWNDfCg5Z SHm5exdIjNIzL3vl/YT0azttyda3yx50EvbsNJdUq9viBSPByuludAZ8fv/6NT5qJz5U P0/S38cl2gy1/UglcEq5LbSDJSbbsx8ZigKAec46h5wA+01/Xkfd7JDUDmDs611rRhhz WKhpwZGjSv+eesOuNCRn5cxV8A0lMxWdTmWNcR0NEtMw8DWYAhJuxQlXmp8csAKDjNVY aqnw== X-Gm-Message-State: APjAAAWKpf/QEKVhDhILPCyabDkAZr6fr4nKMeCptzaqERMX3pHdZy4K q2jhElUpDc5TwwUfQ41K0a5Vc9rYUZYd/IugbZE= X-Google-Smtp-Source: APXvYqz5EiLCk5b66fyAIt7miS4/UNs7g2B1EcZTnuZgDkIiC2wvuqg/TpKuJ+xrtqP+/qRVgUAc18NbxUbYklkNmB4= X-Received: by 2002:a05:6602:2252:: with SMTP id o18mr31961684ioo.63.1562088152789; Tue, 02 Jul 2019 10:22:32 -0700 (PDT) MIME-Version: 1.0 References: <230EB786-36AB-4E79-A6DD-20278E895763@cisco.com> In-Reply-To: From: "M. Ranganathan" Date: Tue, 2 Jul 2019 13:21:56 -0400 Message-ID: To: Eliot Lear Cc: Qin Wu , "opsawg@ietf.org" , "mud@ietf.org" Content-Type: multipart/alternative; boundary="0000000000007479be058cb5fdb7" Archived-At: Subject: Re: [Mud] [OPSAWG] Declaring something to be a controller in MUD X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 17:22:36 -0000 --0000000000007479be058cb5fdb7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Eliot, On Tue, Jul 2, 2019 at 2:10 AM Eliot Lear wrote: > Hi Ranga, > > Sorry for the pre-mature send. > > On 1 Jul 2019, at 20:51, M. Ranganathan wrote: > > What is the essential difference between a device declaring itself to be = a > "controller" for another class and the situation where the device (being > controlled) just uses the "model" abstraction in an ACE? > > > You could indeed do this with =E2=80=9Cmodel=E2=80=9D. The reason I hadn= =E2=80=99t thought of > that was because in my mind, same-manufacturer and model were for NxN > communications, and that it might be a hint to the NMS to use appropriate > scale mechanisms. But that=E2=80=99s not actually in the text. > > I think, by the way, that there=E2=80=99s another reason to think about d= oing this > from the controller side: if the standards are open like we like them to > be, a device may not know who should be the controller for a particular > device or class. > > Yes I agree with your reasoning - especially the second part. I think some wording providing justification for this in the draft would be good (maybe even as an addendum to the MUD specification). Looking forward to further discussion on how applications can become controllers. Regards, Ranga > Eliot > --=20 M. Ranganathan --0000000000007479be058cb5fdb7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Hello Eliot,
On Tue, Jul 2, 2019 at 2:10 AM Eliot Lear <lear@cisco.com> wrote:
Hi Ranga,
Sorry for the pre-mature send.

On 1 Jul 2019, at 20:51, M. Ranganathan <mranga@gmail.com> wrote:
What is the essential difference between a device declar= ing itself to be a "controller" for another class and the situati= on where the device (being controlled) just uses the "model" abst= raction in an ACE?=C2=A0


You could in= deed do this with =E2=80=9Cmodel=E2=80=9D.=C2=A0 The reason I hadn=E2=80=99= t thought of that was because in my mind, same-manufacturer and model were = for NxN communications, and that it might be a hint to the NMS to use appro= priate scale mechanisms.=C2=A0 But that=E2=80=99s not actually in the text.=

I think, by the way, that there=E2=80=99s another= reason to think about doing this from the controller side: if the standard= s are open like we like them to be, a device may not know who should be the= controller for a particular device or class.


Yes I agree with your reasoning - especially = the second part. I think some wording providing justification for this in t= he draft would be good=C2=A0 (maybe even as an addendum to the MUD specific= ation).

Looking forward to further discussion= on how applications can become controllers.

R= egards, Ranga
Eliot


--
=
M. Ranganathan

--0000000000007479be058cb5fdb7-- From nobody Wed Jul 3 07:48:52 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7BA512033D for ; Wed, 3 Jul 2019 07:48:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.441 X-Spam-Level: X-Spam-Status: No, score=-12.441 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_12=2.059, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuQzAyct5r4r for ; Wed, 3 Jul 2019 07:48:48 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5DB9120368 for ; Wed, 3 Jul 2019 07:48:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=67692; q=dns/txt; s=iport; t=1562165319; x=1563374919; h=from:mime-version:subject:message-id:date:cc:to; bh=X1ZeijsxfUh+PvDGJvmXZ1bBHXuYPoVi5ZMyrrQr5X8=; b=l1CluRRQsj1HPBNbi7SE4p9dNcOsnPjVFhgbhgGbrS50dGTypzaXA7A7 OmLDKPVXibuCyayUx4h2vZmAC8LCI+Vqo1epl5GskUCqMNku7TVsolS7a pPzsTZ0sIO4wVJle4mjE8TjUsVpF/1N4zk147JnpRdDRJTMW28Dh5DpYn I=; X-Files: PastedGraphic-1.png, signature.asc : 47518, 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAAAevxxd/xbLJq1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBVAQBAQEBCwEBgRYDgjczKI0XmhGEUIJNgzWBewIHAQEBCQE?= =?us-ascii?q?CAQEvAQGEQIJHNQgOAQMBAQQBAQIBBW2KQ0IBDAGEcRUTYRwBAQEZAQEBKBU?= =?us-ascii?q?BDkkBBoMcAYIKpjSKMxCBNAGBUIolgX+BOB+CHwGFe4JvgiYElF2MWYRGhD8?= =?us-ascii?q?JghgDghyBDIIgjjQbjSyKRaFagwkCBAYFAhWBUgMzgVgzGggbFWUBgkE+kEk?= =?us-ascii?q?9AzCIKIV2AQE?= X-IronPort-AV: E=Sophos;i="5.63,446,1557187200"; d="asc'?png'150?scan'150,208,217,150";a="13900345" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jul 2019 14:48:36 +0000 Received: from [10.61.244.239] ([10.61.244.239]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x63EmZ76017078 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 3 Jul 2019 14:48:36 GMT From: Eliot Lear Content-Type: multipart/signed; boundary="Apple-Mail=_5078B863-FC5B-4C30-AE75-BD7273CA63BE"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: Date: Wed, 3 Jul 2019 16:48:35 +0200 Cc: collaborators-mitigating-iot-ddos-nccoe@list.nist.gov To: mud@ietf.org X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.244.239, [10.61.244.239] X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: [Mud] Hackathon survey results X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 14:48:50 -0000 --Apple-Mail=_5078B863-FC5B-4C30-AE75-BD7273CA63BE Content-Type: multipart/alternative; boundary="Apple-Mail=_E35BC5C0-E6D6-45C7-BB03-0CA46413DF5E" --Apple-Mail=_E35BC5C0-E6D6-45C7-BB03-0CA46413DF5E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi everyone, Here are the poll results for the Hackathon. I think we need to do some = work on reporting and interoperability testing. I will also be prepared = to work on controller/mycontroller registration protocol (left undefined = in the spec). The BYIOT requires that people really BYIOT. Eliot --Apple-Mail=_E35BC5C0-E6D6-45C7-BB03-0CA46413DF5E Content-Type: multipart/related; type="text/html"; boundary="Apple-Mail=_7F21D98A-EF23-45E9-81B3-A2FB90EF8444" --Apple-Mail=_7F21D98A-EF23-45E9-81B3-A2FB90EF8444 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
Hi everyone,

Here are the poll results for the Hackathon.  I think we need to do some work on reporting and interoperability testing.  I will also be prepared to work on controller/mycontroller registration protocol (left undefined in the spec).  The BYIOT requires that people really BYIOT.

Eliot


--Apple-Mail=_7F21D98A-EF23-45E9-81B3-A2FB90EF8444 Content-Transfer-Encoding: base64 Content-Disposition: inline; filename=PastedGraphic-1.png Content-Type: image/png; name="PastedGraphic-1.png" Content-Id: <22DF3369-F89C-4BF7-9867-57BF83CB4238@cisco.com> iVBORw0KGgoAAAANSUhEUgAAAUAAAADMCAYAAAAClXq9AABmMGlDQ1BJQ0MgUHJvZmlsZQAAeJyk 3HdUE2n8P/qxrp0UuoUkoFKEFEAUgSQ0RYSEJjZIALuEBFRsJBNAsQCZIHYhE+w1CfaykGBvkNh1 FRLsZSXBsq5lnfs8u7/vOfd37x+/c88lx5fZySSfycwzn/fz7FERpJiWI5Pl90YQZHFeQVHqxGja tOkzaL/ZkB7g8e9PTt5iGV8onAKf/8/v//vPXw/+2/duIPys9OV81xJx7IGp3E+O8QZiz/97///t p9/sOYvzwO8vwK9VebKiJQjSQwyeey9bIoPPV4PnznxONAc834YgS6bkzc+ZjSBL4f5jcnJkKxCk mASeDwH7sP5nH/Cc/T/P/9fnwx86HxzfHFrmgtlzaDHSfGkRLW1+TtGCgnk0YZF07oL8Of+HY/3/ /LNkzvIl8PcYqWxF0YJ585fQ/juChIK8oDE0Dos9FkHg+f5/nMdwCT/63229ev37AnwuBL+U4JcN fOqwvKVFxf+rRE8EIYj/038jSPgfCBJ4GkEo4PfhwQgy4zaC/PYPOEehCDJAgCDZbv/345blFOX8 +wTW7zl3LoJ8PIQgg6ciCNUC9if9/32dTCb/b+ep5//2X04NUC8ZlMmFcodAk59Csw9DC1ZCFQlQ lTu0/hX06Elo0xp4JluXQdv3QbvGQcGZOOb0Be5BIpFGgkpvaeXAZtZ64FaeCLhMOBwoEt0BJknX ALnoeGCoygEM1IDv4TRaB76Rk3fzKGjbAOCYjkC4Z9cJYBFB9LB7df974UKcIoCetHDwfb6wwJF7 3eA9BOLCe8BicSMwVQa+i1ewMgzogX0A9sa1CDLioz4N+NzYD9jRBq77iFcdfwF/2QvBPhMJotcX 5gdYhZU6GANyvcB2ljcLXE0mwbsJfJACzhvzcA44TqayEIwi5tRScBaYLDW4+swh2s0IEmQ3gJEV dN/UH3jVbAXesIJvGvTCAe4aJo8g+rZz38AqvIIB94HiEeAu401mgvfyAnlgH94A4WtwhZ7lgLPE PV0I7iFuVSkY9dycmkXAsAZwPFxSow+CRP1p6gI+sIDqUfdsb4GO7mzw6iyCGHBOAO9oRLiurxEo HwbOsDA/CFwdYTr3GDBMuBzoDIeV4ENhFvBi6XbgtpozwPyGFiC/8RTQvaUejJV/boMjTP7e2Qy2 uH2MAm4iiCEfRTZYRbyrxwbgdo9PwMpAF+DyqN+BIkErkCeuBo4o9EAQ0d+lCqC55jJwT8NH4Ipj 4FyJki+Acyvi3KEDg56BkSMSfATfTvSUIKj+0icI0vumbMO/99JJVw3wYEAkcFskCixPBt9dtkAE RqxssmwX0LcUnFVZz5o6BJH+0fAn0HDMG1hxYRJw4Z2lwPnPrgNVnxaCPQMIwi0XBSNpEEW5EFZR msl/Ay/7gk9Wnp7wGbgn6QawWgSOU1kk/QVMV4IOoOTUTAQObgDnDX15zAnYdCEFuOsO6Jfo7udg hKDmT8fBPisJYugO7C7oGmo17D+I+u0AMBbUtpGgc6jvhTsDL02RAg3ZfYDbpExgiRKcT3WW+hYw ogFcX7VbI/gMrPsC6MnYoztq4NPng8H2QZ/agBcJwusODp65x2sjYJWGXggY/9ofjGSgIwyMFu2z yVDLLHAGtOcLQNfU7kLhqxXqMcB52k5gXCMYdVpGC7gK2oF3QEZoSc/A9dXGfAIjqqEnQfgM1IMz MrzG4A960CfDv92k0WU4OJ7GQaHDEMRATHoPtM/MBD6VgBZluKIAA85wBAPn2KDWxgALDaB/GIQt lcDxd0DXNHCfgVFnWPwJbGkMJQjfGOMVBGHsMIFPdC4xnYNVWlhuAcDR7A7gsHjQJVqGTD+CIKaf i8Cxmd7Ik4C3VWuBp/EK4A7DdOCqFtBbTLNvwz3nP5sB3PkJdImWGQQxBjWDTjp6pWUEggx9b/m3 J96ePngZMCUQdInb8bHgrr89PvMa0H9hLNCtZCiwZzU4Tss7DeiTFosefLLluEkOrLoN9rdUdj4D nvt4CewpJQhWixWMpDF8G+hfjIU28F16FneqYa3OWj+QyJ0b+CA/OhUZB4Gy+aBvd4pWgjuoM7Gq BBhaD0Zo53AdOJ7OnkYwMm0vLWDU2Q52gp5gM3+E711CEKFODh7oXD8cIN98ZzvA+aWM7T4Nq3QT 3uC+6P4r0gz8M20ysGMu+Mxu8wrQH7qbKkEf6D5QB/pV90YduL+6VxjBtevOsoC7ppvX6Ykgjj+6 wfftnksQ4+UwB0MvQoNo0GEHoTAVhvpDx/8JFZ6Fziagy3+DbpgKrWNCYb4QRPO/r1qGQTtdoN0O KEE4LUbAWXZSgYShOoEx6NXtFA/66AkncLa4hU7gHAtYTuCaZX90At2l4JSTK0gxuRO4k1RxThQE 0Tg5gXF39LETmNM07YXbWzc5eYEUMzmFgBQTOi2AdUh9SOB+c/r1Pw+v3VBmDpQ7Cppsh2afgxZU QBVpUBUdWt8FPfo7tKmS1IvUq7WE5ERyaj9EGkUa2TWBNIs0E1T50+sbgpAzvR6TFOQUrz+8PpAn e/3BrCNzvR5xZ5OZXncF4eThXjdFLuT+Xi0F3aTPXqcUt0g2r0Oq3aRWL41mGem8V61uEumw17pm D1KD15q2fiStl6ojhHTIa3+XifTAq5sgKMlM0FWpI5nXyb0oBuZjmi+lgXmf+RelmtnGvU9ZzLwk OE+Zyjwt2k0Zyzwo3UBxZm5DC8jdzAosmWxmLsZ9yTpmjo4gY0xB8x3yMubEtovkeczkjg/kOcx8 +zLyGuYNgnD25YKr6xLPvUiWUZ9wu7xeUm9yXzN/UU9x23mDqDu5FiGVWsI1iZ2p07hHZSQqm7td 2Zvaj1uGfaRYuYvwx5ST3DT9OUoVN8K4hbKAyzJXUQTcMOtZSjR3miOGkskFVVwlApCFbqcERvJN 56fCAV5U5zZhT2a98znBV26Xc4PgrdDHuVzwSJzgLBZclOU4hwuOKqXOZMEmdSH1hWCldhH1tEBk mEWtFMSY4qk5glDLJCpfMMFWQh0jyOkeSJ0geEUQHoNF4C71LBA1UTxdmsR+w/e5NIrpQXddcLEr V+6yTtxP0OUiEX0VR7kki57JVrj4iW4qd7v0FDWqTc4PRVu0FufDohWGB85y0UzTHedUUaLluTNL lNbp7ewqknefdfYSU8E98Ze0HXTLHOk5SrbrGlnC0DWuq2T8wJ2ui2RhUWddM2V+gkLXKJm76Isr Q9ZHNs21p7QLVGmX3lM/dTkpPdvQ16VSurPR20UslbeEuIRIJbczXUjS4s69zn9L936MdSZkiaDz D0UfgxnSOvQMpc4tTDnfHXULUuYEvHOjK6dF4m4kZWJyo+sP5QRRoetzpa+sp+sVJUVZ6Lob/a6+ 7qpArQ1DXKeiFxpjXYPQ3S35rv3R2ttal+eopvMfl+vo3Y/7XMzKtQTBkGFgvuX9CDtJuePJU+e5 IW531KV+x9yuqpdHBLqdUecnHXHbp87KPuGmVidKl7stU4cpyW4z1TT1BrcwdV/tn25k7F3jBNd3 2K2WVa6XsKbbF133YtefBbli6h4fba7b1CaCGPkeB31q9GT8OLXniNnaFNdq9wVa7ajH7iLttvAZ 7ina6ik57jwtmtXsPkZbUNDs7qydia52+66NUzPc2rWB2t1uzVpK42C3evxLy2y3EvzVbaPbdPzj s3FuPG3gx09usdpPBOG3Wg/mdv5/6A1UDkNj4LuGun8zNHuPd+82nBrn5f7KcGRym/sjg3YW5n7F oJbcc9cbFIpb7psNC7GN7ssMadpQ92mGcMN597EGr5Yx7s4Gp9s73b4aPJ/R3Z4ZMj4+c3vbOJwg Ascar4I+qTDqqNNGvTZxXH56FJnaR6zyWGh6EJrrITLdmvTSI9XUMpPuwTcdzz/lEWTaJX/r4WHC VO0eiGkFvtv9lSnHkOB+3TTRdNf9qCn0dob7JlNU5xv3MlPxR537hpYJIF8IM8h1Trj5LLUkgGPh uFwbmmv54XHY483tnpyhHlbL93idxz2LfXqJx1VL5yKpx2nLnZKXHnstJtVAjxrLYc0Pj5WWzfoL HrmWEtNCjzjLdMtHj1GW7E61xxBLzceZHoNugzEWYoUpNtbJ2kHdz6ywJbvsoe/u7Ovh7FnQOTHI z3NOJzd2uOe0ztDMes+ETr8FhOe4zqGrLnh6dw6o9vYcZPuq4Xl8sj3TB3k8st00fvU4Z2u07PHY bFvROdwDte3ufuch75xCEOMewRQbTzgCqH8Ev3PUuuwYvaI7yn2jZ1v3Kb8wz8vder6H5/nuvRkr PHXdO+bneuLdVSvLPFXd8qrRniu7F9Wv9JzTnanb5JnUzTeWewZ3+1lSPN26h3T28bA7jnTP8njf HUEQEf/AzIryAB2NOk5GEC76wECCcE8cGksQ3sjQSIKIPDI0hCDS/If6EcTcs0OHEcSKhKFDCKIy 2hO8t+6R5zuC0Pl53icI4yRPI0gxruc+kGIentUgxR57ZsIU8/JDEkF2rQIpNsArFdyfI7xGg4Tu 7QUWalzLiJcgxWpGWOAseIQJzEkHjQCpqLg5AswmVFUj9oEUE4wAcwGd8wgwE296Ap+3Xh4B1jrt H+C7ulZ4ecEU8yqDazCvMBKPNALqdRLKzIdymUBu8jevsaQJ2de9QkljC3Z4BZPYikVeLNIY1QSv QJKvZoBXAMnn6CMvPxKt6YBXEInRus0rihTQftkrm8TtyvDSkRYTBK0/DczXvX55/SJthf73YNZD ualQARmafR9a8O92xVyoig2t/wk9eh3atJXWl9antYLmTnNrP0YbTxvfxaNV0apAlSfMnwhC92Ja yST6eOYD2mIo8z2UWwkVRNLHMh9k/6IzmfcKrtNHMW8r6uhDmbdURfQhzMuaRHoPZpPOh/aJebLp J+1P5snWz7Ru5qWOUfS+zDddp+lTWGCM0X9ywYyWUca9TV7GeMz9nd6XcZp7gZXA0HNbuC8Zu7lG QT1jM/d30VxGOfe0dDxDym1EqYzp3AOqbgafq9FYGKO5G3U6xhBuRXM1/Qd3ddt6+mdubUcz/R/u 7/YUxjgeGDveUgHISp9Rgutks88xgY6+1ocsuMqa69NHcJFH9/4iaBZ0ez8TnBG1et8SGKQ672OC fegm7y2Cndgq72UCFZ7rnSlA9ZO8xwqkxiDvoYJFZqb3QEGJdR7wkP2Hd4RwLOiWbLj+GTVQdIky fFSLaB/975Hxoscs2sjxons855F+ojbhoJEuosviPj7/iM5LCZ9nIh361eeiSIt1+ewSqfHnPgoR qr/vM10kMV7yCRfNN7f6+IhW2Ab4jBAddWh9EsTgjI2OkIK1gW+Q1EQR+/WV7mLMGpUl/cQsHJUi /cA9NYonfSl4MSpQ+lTcZ5Sr1CIbPvK79IIyaORT6TF1+Mhz0gYtf+QWabUhZmShdIWJN1IgXWxJ HxkmrbBtHxkoNXZzRqbJJKAnb0DBasK/Gv2dUh+gQDWMU6NnKElBKaOTlQO4vUZzlT0FxaMD0a+i a6Pd0PeyvqP+QZ8qx46yobfUM0eZ0LPaZaPq0L2GqlHLULVp56gMdL3l91ERaF1n/1Fs9HH3/lFp ys1gzu+MPUCQQBp2lnI3yAer8/7Nl69mjjnlO1btF/nN109NS77o6652FaX49lb3l54f/R77oRw8 2oK9UwtGH8MeateMrsEuGPSj87GjptujE7G9t5HRwdjZzmmjR2Lfun+MjlODfhB0F78DZqzP8VPU nqwv+HbvFD9XbbJ/jd9g7aSIjX6Ilpd0zbdbOzZb49uh9ZNO8L2mHYqe8jVoB6g9fDfif2sX+Bbh zw2HfYV4q+mZLxu/dJvu64E/6iz3Haj1+Bjg66t9SRBskx6sEzh39MepwcHv9Vu9NweMMmT4jfS7 Z5gfftXvukE8ZbXfecPULL3fYcPkgvV+WwwRKMdPYRiDnfHLNXhqR/vFGfoayv1G6h0mi18//avb NN9u/dfOat/nhnEfx/n+bOwDOv99I1gxhr4wGqjTwnobN3vfC5ptmuR70h8zrRtX7b/GpJz80X+5 admscv8FpkWSPf5TTdkKpT/XlIyx/EeZInGT/wCTn2Gc358mZ1O9n9n0m+WX32mTS+dSvyOmtI8+ fpdaQH8dRzaDMzZ+qPk8tSSca27wobLbLZN9cwO4llOh9wPGWnQJpAB/y96ZIwKGWXbk1wQMtFTL D/l/s6Cq9f4vLAV4lP8Ny0z9A/8jlnjTVP9Ki6+lyb/Iwu6M8s+zzO+2+xffHkUQE4qsYGUUscJq pe6P3Gm94iMMXWub7RsQ8N72k1MZ8Mz2Jf5xwEPbh+mKgBu2Z4vSA87ZHpScCDhgu1Z9LaDWdkZz MKDEtk8/JyDPttHUJ2CSrcSiChhpS7C9DXCzFXfvCPDpZBBE1DeYYtyfMMX4wxxUn83j0x0HfHuO qeteFFQzZnP37NhJY6q6Z2XuG6PsTl3wcUxR98RVe8aIusdX/TUmsdtf039MSLeHrmuMZ3dfY2MA 4ei2TA945vjD9iHguEPe7RdwttuJIKLPwRSLOQ1SjBJ7F6zMX0Zmg5Vzb+YPMMpVgSCz+VMD+QSR 0RAIOsV8RaAvQazcGuhOEFVhgb8RRP36MWAmpNs1ph2kWO2YyyDF8sYcASk2dIwapFjzmGSYYkFW ZAcYyWAF7/SICb4VbTgTrNdZ/kFglc+jBl0EKfY6CGST6GjQGpBikqACBEEDgsCaUvUmKBmk2L4g sOLXzQ2agCDNvkFgfdk2KAisXDtYQcUgxU6DzwcpxhxBmglmSntIh0mpwENed4L2kQ4wy4MOknZz JwYdJu0UuABrst+CLRUFTeDVVYqaoF0kmWp2UD1priYkaDspS9c7aDMpo+lu0A5SauvFIB0ps90R 9JA0r0vB5JO2gSpyGshKJocWRjrL9KOF04ZCmQYoVwwVDINmd0AL9gDHKwqYvrQw1QTmaFqoZgBz FI1z9DHTh8ZsOsQcQwtu3cmMpkW3X2NKaDldmcxHtEYwHxvMGgzOUE9WTzKD+Yv5i6aG/vfgbocK JkFFPaAFLVDFGqhqClTjDD3aDm06yOrH6te6mUVj0dqbWUmsKV2TWOdY4Mqz7nHB1Wf34L4ml7Lp 3Ed0d7Y/9z5LAuW+gwrWQkUh0IL3UMVBth/3viqfPZJ7VxPG9uLe1v3Gdue2Nj1le3Dvtd5hj+a+ 7+jFnswb1rWJfYRXBzrMQwG4XzhswWPyA84KwUX6Rs5hwQnWL84+wSleGmeX4JTgKadecEqk5GwW nJSO5VQJTij+5pQKjqkuchYLdJrNnNmCg7p8Tppgd3M8Z7LgYBufIxBc6FjKmSf4Zv+NYxKCGVOw i+gDggRvEpkptBBEdIqBhOSItOzKkKGiI7xdIRTRYSEn5DfRQZE1+Ltov7Q++J1oNzov+JFIg40P viTahpODdaIa3YfgraL1za3Ba0XVbTeDy0UHrPAzX9prgp+LwewiRC0F68pQf+l1Sl7oKelRRs5Y rrSWMyC0UHqCdyh0rrRROC10uvSoeFhogvSA9M/QMOku9EooQ7oT2xM6QFqLrw1xSNfr80PuS1Fj eohJWmaeGnJaqrGqQi5IbY4RoQNkWwlibDxqA/PkL+hFCh62A93PODcuHq3kKMYeQa/wZo/VoheE 3LG16O/ikWPL0FMy8tgCVKdExk5D92LdY7noTvz5WB8U098f2xctM14LtaOrzXdCn6Fa25DQN+gr R/3YAOUh0C2DsScIMu4jZqTcH38U2+09IHwptobzOqwNa+deD7uIPRI8DzuJ3RF9CduL3ZT1CgOZ pRwStgo7o3YNy8WOaIeGxWO4YUSYL6Y20cKcsBpLSBiCHbEtDeuNfe7uG8ZTXyCI8HT8PoJMGIGf p/aa8A7HvdMibuKlwZPGPcG/RT0Ydxv/JOCPu4R/EFWOO4G/kF4c14A/Qe3jKnGLmjJuMX5RGzRu Gn7SEDcuHN9nyhxHx/dYlo8j4c020ziy9rfulHEJ2j/AbHy/HsxnI1foT1NDolL1dd5buXF6eXDD +IcG18iK8a0GUnLmeJOhf/ar8Y2GHlLBeI3+K7pr/Ab9e+zF+MX6Dq3n+Ol6i2Hi+Ai9ySQZz9D/ btk5nqy/a3s/3sng2S0fzzd0EQR3lPEW7MnGE9RpPJtxu/d9/gvjquDP4RdMoRNuh581MZPo4UdN vtm9wnETreBAeLXJFR0dvsI0AKsOzzP+g9vCJxu7DKPCWcZ2U064q/GBRRPey/jO9td4wjSme314 gAn0Xf5dM1gjRx82N1NLYraZ9/g4x+43V4TERZyxJIRbJuywzErUTsAsGbNeTyizJEnuTiiyxCjW ThBbwjDXCYkWf7xyQqhlqL5rgqdloIkf/t380VIW/spM2J6F2ywTupdO6GMB649YnfUvBImrsHZS 98cvt17zSZlYYz0cspW7zjYvvCRimW13wp0Iia1u5qaIHFtt/t2IVNt6+eUIvk2hWhMRZCvEGRHu tlz93gmELdXkMuG5jW9ZOqHJRrHpJpywxXbzJ1hsnwli4mmYYpPUMMUSVsMUm7zb/jXEHr3NcSSc H5neTZ5oiJzcPWBG/8io7p6LjkayHX+XvI6kOz5UWyOdHJ2aQxE/HHf06REvHBeMLyOuOxotuRFH HRrb7YhVjnhHV0S14ylBJPaCKZb4BKQYaYoFpljSV4IIFcV9A+MvNCqOIOJio8CabdrMKDZBLFwV 5U0QJaQoZ4KoTo4C79WkRjoIQh8YCT7B+CbyEkixqkiYYsMjMZBimkgeTLGozT0GgasfC1JsDdcf rmS4fUCPDowCdxEvNEqPIEJ6VAVIse9RYpBiV6LAN0cro3wQBJscBbo53i/yO0ixy5Eg9ZpXR74F KTYnEqxVOlZHgU+z9406DFMs6jLpEFhXBpFDSeqoSPJIr+9RXPII5uGoaDKVWxgVQ+4riI7ik76K 3KOiSK8K7FHjSfcVl6OCSZdVO6LGkE5q8qNGkvbpIqK8SNuaB0X5kGpaf0ZNINV0jI6SkOq7TkQ5 SDfASB5CA/kZpaWVkmxR5TSMFgtl3oRyl0AFAdDs91GradUFx6LW0NYrUOBqlQBsUWjoUWW0ZUc/ RSlphU1Xo9bTClvPRe2hydvfRD2ibetazs2igbklt4QFVqtcHotFHs+ls8bSTnFprDCWB5R7FCrI hIqGQAtuQRUqqCoNqvEEjj36AtrUyA1gRbXi3ImstPYbXAVL0ZXB6816SxA8Mo8MrkBfXl8yxkN4 CJ3F/cX9xVoH/e8h2AIV8aEFf0EVjVBVEVQTCj36g0twfzVd5A3gDWg9whvNG91u4WXzsrvSeS95 4Lvw7gp7gSrdAju5gz9QYKXv4nsJ7rOd+XTBPd5CqOAdVLQaKg2EKjqhqh1QzXSozhPaZOP7C2yt 1/kxQqTdzl8ijOpayv8kfAzu/Quiv8G930tko4yKjhDdZAyIlonOsndGbxA18rqhwrTo9aJG0WOo dEn0WlEj6hW9WtSouheNiho1tdHLRXrddPAuXfNo+N42l2il6ElHVPRBsVfX5ZgR4lYw63smtYNZ H1d6nzIvplbaxFgQ80a6n+Ma6y/dwq+IJUl3CptiB0h3isNje0l3Su/GfJfuQBUxDul2LCzmhXSr 5nvMQ+km3eWYa9Ka5i0xLdK6trUx16XGDkPMO1k/e3DsVNkV0GE46BsEid2DtlIa4ijoCYYxbg26 g1MR9x5dHU2KK0G3Cb/GLUG3ipVxC9HNMp+4bHQj+jhOgGLYzjguWonPjQtE1+rHxXmipUZS3BC0 0tw7jozqrGPiAtAf9iNxKuVVcGc3YmBdGT8Wu0p5GH8GO+o9ZGIctpHzYeItbHm0Kv421iD8GH8V 04i3xJ/HdsoE8UexrUrX+HpsI/Y6vhKrxo3xy7AKfV18DoYa5fEpWIV5WbwAO2htiJ+N/e0YEW9U 3wJ9TISDu3xiN36B2mdSBX7Ae2pCAF4ZPCWhDZfG9JrkhB8THp7UB9eJl078Gz8kmzLxLb5XOWbi YxxXkydexrfi3ycacEz/auJ2vMJ4b+JavNJ8f2IZfsTWc2IN/sMhn/hCe48gEsL1ICsTHumbqKGT V+l3e29PDNZXBO9JtOsXxEgTxuuvCUckMPWXxJ4JDL1R5p5A1Z9Vuib01B9TO0+y6w9qKZP+0GsN pEkX9FtMgyfp9VstHpP26U/aJk86ZujhuDDphwFkZSLfCLIy8aXxLHXalM1G3PthkshYFvxXMts4 O+be5BTjc0HC5InGDtGayROMj6SNkwONt9G7k4cZr2P2yf2NJm2fhE/GUwb3hHbjYdPohKvGgxZu wnlji6044ZKpv+P95N4m0JOTlpofIUjyCPMFqjz5D/NBHxfBMXNVyEThFnNB7LhEkWVQclDiVMtv 2WcSJ1t6SIcnRpi/o4sSA8zd2KFED/MbvCOxt7nd0H9yl/m2KWjyHXOTJX7yRbPZVj75isXJ8XXy L8t9ghA8soL7RVhhfU49kJJgvemTmhpk1YdsT2NY1bH1U+bZBFNuTsm2Tc46OSXNFlsgnhJvi1A8 mzLWFoJNnuJj88e1U5xsXvq3id9sVNPoxGe2PpasxGbrU1th4nkb2fE88ZUNpEGqBKZYGg2k2JO0 Nw5nn03pD+x/hzgyHtkfx/VP3uaon5KeNNdxcpYiaaZDL1mVlOzYr4hI4jpw1YMkpmMznpE0zLFB b0rq55Cbhk9xOKQWyZQHjhzbiSm7HEMchikXHPvAGisJptjUHiDFhkwFd6nPi8zLMMWmgXVZ3MaU TIKYwkteRxAz/ZIVBJGvSi4iCLkmeTZBqIqTMwgC90uOBilmSg4kCFNssitIsdNJv0CKjUh6DlJs VRIGUyx5So/dYL0FUsmJLHACKXYtuRukmHvyDdDdJiRrwdnkJS9BEHFQcgKCyAYlM0CKPU0CR4bt TQLrLHx+0iUE0Y9OOgpS7FXSfpBiV5LOghR7ltQFUiwneTVMseRCMhVBkizku6QbSd/IdTQ34Ebm 7aS/yWu4mqS/yEsFS5I+knNFyUl/kpOlvkkvyOPRHklPyD6qR0l3yE6aI0nXSD90iqRm0ptmQdIF 0pM2blI76WHHwmQ3krXrS/Ixcj9Q5QhtHRhjAbQ/yP2SPtMI2ioo05H0hfaLiyX9TfshiEn6Tvsq 6p30D627oC2JoL1V1ANtKlnSL9oDTWzST9pNnQfYx9TUldyb1tT6PNmHdqmDkpxLe9q1S4DQR4Ix 1oeVCKocYS0kpyUXsxS0zuQCVhkrCsq9ChXkQ0UjoAWPoYrtUFUWsFTjA0SPOoAlTcbkVayyVkNy PWtz+9PkdlZT1wKBnD0KVCnhgVmAIIkXRNYKAngcepLAkxfKOgLleUAFh6GiFKi0F1TRBFWVQDVR UF1PwVBeaNMNgS+P33pMkMjLar8vqOJt6pomHMP3IAihi9AFXOGBwoHkd8Lewt70UwJCQLBZgl+C X7zV0P8eok1Q6QSo4k+oag9UkwPVMeC7ml4JBwkHtd4QBgkD218LC4QFXXkpg1IGgSp3xX1Blbei L5Qg4U/RK4Z7ipPoMVuXMlR0lz8QKpwPFb2FSsugqC9U9QiqwaC6ycB7zQNSfEXPWt+kJIj7tRMp 68QpXYtT6Tlg1pZySvoDQVJeS19RFqU6S+8yilKjpSaOT+o86TH+jtQiqV74BipOgUofQdFCKOYG 1VyB6lalyqT65nGpK6TNba6ptdJXHYGpN2QhXdq0GTIwi0y9gIL7I60f+oSyJ20KeplxJW0TqufU pN1Hd0aPSEdQdYo87TtaI76a9hWtkUWmfQIpdjOtC92I5ae9QWtwj7ROtEZnSXuEqptr0h6jeJss 7U/0WkdFuqfSs+tLukb5jiDSvmBgPpiehN2h/JG+FzvvTc3og+3ifMnIxSqjt2fosBWpgzOKsdU5 9AwZVi7bmjEfK1f6ZoiwMuxmRgZWisszEjBUPz4jApM3/5MRhq1v68iIwY51fMxYoO5rn5nxTG0F HUaIP0OQjNP4TWrfqXT8uPeMqVvw7cGpmYNwNGZgZjE+P3XT1HZ8dc7kqffxclnbVLBSUy6casJR tcfU43gJfm/qHny5ftvUzfhS45yplThqTphag++1Zk1txL/ZTZle2ocEMfWOHmRlZrz+MnVcZrP+ qHfdtEn6jcEHp93TF8cUT5+hn5VGnsbSq3Iipo3WV8keTRumX69cN42kX6OeNK2HvlRLzuzWl+if ZVr1y4znMu/qFeY9mff0WuuZzA/6jw7XaUKDGczlS4wgK6f9bTRRp09HjQe8H8/wMFYFf59x3iiN eTxzmjE9be30QiMu/jJ9nrFOdmz6LOM2pXy6wLhJnTqdZ1RpmdOZxnUG0vRhxlLjl+mDjKvNb6b3 NzZYf4EtHxyZ04tMoPPPSDE/RZAZ98xXqfKZc80GH9dZJPOmkMmzLpmXxUZkLTPPSPsxY5+5Rbx8 Rp25SSaeUWM+q0yasdp8XM2dsdR8VBs8I8+8z+A7Q2jGTV4zxpkxC2kGy7zX5jcj0vzWIZ+x1nKc IGalW8HKYFaH9RX1QNYKq9knLZtpPRGyM/uzdUusVnTeujy9aOYD6y/R9Zmt1m/SVzNbrJ/Rf2Ye t9rV5Jl7rG+0jJm1VpuBPbPU+sgUOXORtc0yaWaC9ZBt3EyB9blj7cxK23aCyF7n4ILViYdjDPWJ 6JzDxWeTuMT+PcSRI7A/jRuQ62tvTu/O6uvIy34966cjWxo/q9sxHd0464UjDTPPuu9I1PaaddkR Y2DNOuYIN2XOqnewLCtnrXWMtG2blW5/7Fgyq9SxmCByBsAUy9GAFBuYGw9S7HkeFaRYdt4nkGI1 s8EKK0OdXQqOxiM7kSAKtNlgbYUGZgcTBNaQ7UMQ2p7ZYF1myMzuCVKsIQusui0vssDMuJOWZQIp lpk1F6ZYds+eueC79EaQISuyP4EUK8kGsw2mI/s0/NNw2RjoPgnZs0GKTckeB1JsQjZYfymHZb0E KebIMoIUa8qqBylWnoUiiDE+aymCmEdngbWbNQa+am/JXgRTLJtG3oogWQrKajKSdYMykOaVdZXS g/ku6yL5E/diVjO5U9CQdYrcKirNOko+LRVn7SLjaGTWFvJazD1rPVmqcWSVkDN1l7KkZF7z1qwi MrNtXRZGHtVxLMtC9rdHZpeTk0GVVNodUOUaPZrMzlpOX0M7m1VGX8XyzFpDX8Y9lbWOXihYmFVJ ny8ak6WiZxd8zcLoaYprWWp6vKoObBmnKcqqovvpJoE9hzZ7ZW2iU9ucs87Q3Tpiswh6QNe97FN0 GahSx1qJINkclp4szXrLukd3yrrDsrHyody3UEEFVBQMLXifdZdlUxzMusfqUEmy7rOeaMKyHrAe 6PpkPWRZmh5mvWLdbb2RPYT1vP1r9jR2v641IjJbAqoQPJCV2Wd4IvLx7FJeAV2SLeKtZD3Ozuat 5IVDBZehorlQqQtUcQuqWgfVJEB1g8C7VjXdzS7gVbSey97Ca2hvz+7kPejKEW3nTycIkUIYCK5+ ppBJ/ksUJmTRb4mGC4PZKSJXYQhvL1ToDhUdhEqnQBU/oKpGqEYC1Y0RuQlDmuyiUUJ+621RkjCv /YNoq3B31zxxUgoYlWIPsQcYQSQxiTJW3E/cj+Er7inuyb4i+iX6xfeHCkuh/z2ktVA0DKp6CdXs gOrSRYSIaKaKB4sHtzrEweLgjj7iVeJVXctyAnPATE18TzYAVHkh/UEpFH+SfmAocnpJbZzQHLL0 Ab8xx016N6UHVDwXKn0LRZVQzAequQ3VrYE2R+WMlD5rc8lJkA3s8M7BZDO6NuRGFHqBu1KP/gJ3 5T30T8qBnG/oHwxzLg29xtHkxqJnopm52agupTY3Bz0q7oTKhFD0IRSTQnEqVGcE6pqLcgvQprbo XDX6piM+944ysmtX3vJSJ4LIPYJ9RpDc55iN8jTPE7vl7ZGXiZ3mEHm12O7ofXmXsdrUEXntWFVO IVR2Ne8pVqWMzHuCVWHX8v7AqvDcvIdYlf63vHtYdfNpsL2ubXXeZ+xqx5rZgWqvriezL6m/E0Te Tfw9gswm4w+p/WdPxy94i2Yfwg8Fz5j9E6+NcZ0Tj6OpDXPkeGFu3zlz8OLCsDk5eLFyz5xZeLHa b04GXoy3zEnGl+rngT2XGt2B5W0v5kzDj3R0zlmn7W1nziVrXxDEnEH65wgyR6Q3U8fPOaU/690w 10OvDdbPVerXxijmduqlacPmhehn5dbOfaIvKCyde08vUXbPvaXPV5fMvahfpPWYe1a/UH95rk4/ 37hq7gH9YvOkucf12618sH+Xfe28qYY2gpgrNYJ8mXvTeI06fR7LeMy7fd4e47ZgYv4IoyLGNn+L cXaaekFPY1Ke+/woY2Fh3fyxRlnpsPmBxgL18fkMY7525nxX4wIDaX4/41yjeR5hzDdr5/c2Vlm3 zfc2PrXfn4+ZThLEvO9mkPvzReY2qmK+2XzGx31BqlkTkrSgw1wWy1+40DwvvefCLnNy3s4FW81r C1ULVOY1pT4LVpvL1OYFy82odt2CReYSw5QFs8zLTG4LJpnzzc8XTDSvsT5ZkGVudZAXnLNsI4gF jVYwxhYOt76jHly41XrPJ2PRaOu5kPpFF62a2N35uday9GX5P6zzZjMWvrOeK5y20GY9XTpk4QPr cfWdhTeseu2uhb9bDxtWLDxi3WfKXLjTqrWMXyi3ltr6LtxgbXKELHxgW0IQi7bBFMsfCFLsaX61 w81nk8TP/k/IR8lduy1uUEG5/WL6JynTvm92Y36Uw1VG5Ic4KMqn+X6OIeqL+cMd/bX6fCdHb4N2 EWH/Zapd1GX/alm/6IndYStddMh+2BG56JkjjiAkbTDFCsAz534FYLbh80xaDFJsliwIppjsA0yx wiNglMyRnCAIGS45RBDK4xItQaivSGpBij2WrAEp9qdkKUgxQgLWaLfJkhSQYt6SCJBioflWmGKS M72SQBUwzgafLoB/Dn1oQTNIsTMFYBXGG1JQAlKMW5AOukNGgR9IsUzJPyDFJkluI4g6QHIAQbS9 JKUgxe5IskGK1UsEIMXKJWKQYg0SDYI4vAqyYYpJblNCEUTCoU4CLXovpYjmJGmgzGc6JDspM7iP JbWUBMEFyTpKiOiwpIQyXLpRUkDpjS6ViMjvsQyJgGzB2ZIo8kl9f0kQua7ZJmGR17XdAdtXdfyS bCWvsq8vEJPrQJWf9DGgipR+ljxN4sRwp/0lCaT/xeJKmHQHt13Cob8W1EqC6U9F0yQhdIt0FLBF 8Q1saVS1SVh0rWYf2B/TySW+dHnzVPBqUVuSZBa9qEMuOUIvsw8qWEW/COYLE1gnQZVrrF/kKkkR O5QeKYljp7H2QHkUqGCfZCJIgmRJAlsg7S1JZCcqLkmS2fGqDRIhm6uZKkllh+lGStLYzKZvkjns oNY/JRvZEzo8Ja/ZWV0HCs6wjaCKmgdWwAXhvK3ka5LPvBN0TGLk3WT3l5zlmXl5UMELqEgJlfpD FR1Q1TYoqALUuUvO8dqarJJbvIetVyXfeN3tfxYk8727ZFIv/h5Q5Sf8OzwFF4TTKX0K1MI59JcF s4Uy9tKCVOFSXhtUOA4qugiV5kLRwVBVC1SzEqobV5AmLG76Dt5b1vqkABPuaf9S8Fz4vCtfakhB CUKqFLMRRCoWsyk8aYyYzQiX+orZ7E6pqziYnySlioOFDVCxO1R6AIomQFWfoZr9UmdxsE4MbR4u 9RFHt36TJovndQyWasW6rlWy+TkicAcMlw0HI9RF5kJZIRssG8yokvWV9eUkyBAZwr8p/SX9lUKH ilHofw90IxQLhmqsUF2NlJASzQmyIbIhbV6ysbKxHf6yNbI1XVjhxMKJoMoD5RBQ5ZmyB+WorAv9 zHgs+4G+5hwt/A19Eh1bSEHvphwtdEbviL9DZXOg6FsohkJxOlR3E3i3WV7IQJ+1JRZOUg7qSCqs VYq79hUll7IJovCwugeCFF7DuinWwldYpze96DfMEjywaDRmjD5VFIsdS+UUpWNHctZDZU+hSgEU ewjFC6B6p6IM7EjzuaIc7HwbWrQae9VRXHRTHdXVslhRA1biRfX4VwQpuo6/pA4q+orf9Z67OAA3 BuctFuGHYxiL1fj21MbFJ/HqXM/FLfj6wjlQ5UWoOgKKX4Hqs4EbjMjim/i2tt8Xv8UvdOxf4qcd 2vViSZv2B0EsPqr/gCCLX+qfUMOXMPTXvPctmac/FnxqiU6/M2bdkk/6ijS/pUz90tzdSzP0iwp/ Lk3S55fylibqJeqDSyfpJVq/pbF6if7cUq6+wDh9abR+pZm0dJp+V8fnpdX6b/aRxTQDmJsv+cMI ZtZLhxvvUmcsnWc0etuW/m7cH9Kn2MWIxbwtLjAuS9tZbDTm5Y0sJoxpRariNmNW6a7i68asmn7F F41Z2nXFvxuzDB7FJ4yzjGeLG41zzAXFzca11inFb42P7YXLFpnAKql4jPkNghQvNz+gosWt5gs+ nstY5kMhqct2mtWxE5f3NS9LH7B8kVmUt3f5RXPiYq/lcebZpS+WR5nzalKXjzXnah8vDzTnGIqW e5vFJvflzuZp5kvLPc2LrfXLw81N9tPLD1rWE8SyfTZw9Zd9t9qph5ZPtz7xyVx+w3ohpGFFrPVA 7IEVJmt1unzleOvi2X4r91uzFh9fcdq6rqzfCr11bU3Fin3WNQ1DV9RZyw0tK9TWUtOSFeVWhYW1 YoF1trVjBWrdZf+w4g8bmMGuEDiiEGTFYUcgtX0lxeHus2mlyoGEfFrlZn8Z57Rqt/16+l8lQXbd 7JMljfbNS1JWBdgfllFWedvv1xxc5WG/05C2aojd3DhoVQ/7LZNl5Wf7NUvdypf2SzbpylP2CseQ lT8cNIJYNQmm2KoDIMV6l7iBFOsswUGKzZSHgBRTyy0wxRT5IMXmomC1tdSjBKx4y7xLfieImvaS RoJo2F+yjyAaS0rA6rFlRkklSDFuySqQYr4lC0GKuZYMItoJQl7Qey6CKFoQZNAlBejOI/YoGkCK SRVrEYTbqZgHUmy0gg9STKBwB3dvrhyMSGWuHOyvTpdvASk2Xp6PIAZneSxIsdfyYJBi9+VxIMX+ lq8DKbZcMQummHw1Bbyv5K2zFzlLvpZi8XopL6NcZb6Qr6Sc41rlMspBwQN5HmWL6Lo8g4JKz8rj KHPRPfJgyhSsUk6jsHCJfBDFWT+55Bv5m3FkyXdyp3mo3JN815ogX0g22+8pJpFBqssP0LchiHwY I5IsLznOOENnlXxgSFiZJV2MOdyfwJmCs0CBqBxs50vTS94xWKh/yWuGF9ar5BljoKa9pJ3+VXeq 5AH9eXNNyXP6/bb18iH0Ox3n5HPpVvskRSJjOKhiY/0EVeazp5EPyfuxd9HzSy6zH7Keldxi3+Zx S8zsVkFryR32ddHikvvsi1K/kkfsJsXbkifsE6rGkg72YY2ixMrW6pJLOtmbm71LPrNr2tzko9g7 O+Lkq9nnum4rJBx3glD48/aDKjd4j8kd8hX8XvTj8lC+LztczuAH8zZBhQOgIg1UGgNVfIKqDsm9 +RzNfLkPn6ULkI/iBzZ9lk/gh7R2yAv4iR295K38lV0VilP8v0GVdcIicPV5wg0UF0UPoZaByK8I T7F3yvcKL/J+yfcILwqzoKJOqHQVFGVAVXehmg1QXTzY/1JzX/kZoaX1lfyNsLv9H0VcCqurCPVL uQ6qfBcngyo3xJmUKYp6sYiRrCgUz2f/UgjFMv5iRYK4SHgFKh4LlbZA0Wwo9htUcxqqK1BMFhc1 +ytmipVtvRUbxHs7XBQvxH92laIXcnYSBFomAzMldL4smFKGJss4jJ1osIzNEaHDZRz+W5Qs46TE QcX1UJkbFN0PxeKhGjtUh6MUWXDzVJQhi27zA5+zoCMY3Ss73bVJKS9cDuaJdCUd3AGeSk/KCSVF SWG8UA5QDuA0K3spe0XPRAmUSLmB/kJ/5bhDZQrofw+sBoqzobrHcM/mDcohyiFtU5VhyrCOqcoN yg1dh0unl4IOo3ykpoAqneq+lGfK99h3b3/lF+xDsHspgnVGXysdgD1MTSglY3dy9kJlX6DK2VDs LRRXQPUjSinYnearpV5YZ9uG0jj1wA60dJM6t+tK2bSacIIoPaDtgyClJvwrlVT6GH/jnV/6GX8Y XFBGxq/GsMvG4GdTL5VF47pcVlkifrhQAVU+hqqTofgDqD4fahxcNhU/23albAX+rENX1qIN73pZ vrIBjOSyjfrvCFJ2Sv+OGl7Wrn/sfbi8v/5KsLE8TH88ZlP5bH1D2rjyKv3G3JPl+/Xriyjlh/Vr S2dB1SaoNhyqvwxcZ5xVfkJfax5Qfkd/ruPFamcDyd5vtRH+6Y7yLUYHgpRfNtqoM8v/NrZ5v1wd bDwbMmh1kXFPzMfVjUZV2v7V740leSFrPI0FRdo1bOO8Uge0hreGZZynPbyGaZxv8FsTaJxvPAW2 F5qnr5lo3GQduUZhfGUfV+FsaiaI1efN3Qiy+pO5k1q6hm1u8xm+ZpX5TMi0NdfN2tjkCg/z+nTn ijnmJXmNFQfMuYsDKx6ZM8qqKlrMM2rOVTSZZzYMrzhrnmnYWnHCPNNErzhknmo+WXHaXGQtrnhm /t2+Ym2uZS1BVPS19UWQinjrX9QjFSrrc58ZFS+st0L2ruVbj8ceXdtg3Zlevpawls9mr8uwFixu WldnzSoPXJdklWykr5tklTSsXce35jf2XhduzTfVruNYF1lY64ZZp1ovgS2b7GfW7bYlEsRaOUyx tZdAinWsc3F4+mxaV+zoFfJl3TP7uzjy+hS7Jf37eqP91OxzG0bb8SWZG8rtleWP1nfYD28sXv/Q fqjhzXqz/WCjbP0V+/6WAet/t++zHFvfaN9jm72+wi6xv1v/wPEbQayPgSm2HiMI6q/1b0CKWTdk gBSbvqEVpJiqEhxHBlZ5Ha7FqmJgilWBucJqfeVmgtj4tLKaIHbNqQRrsWM9K0FytRgqZSDFFlXm gRRjVmYShOPHhu/EWYKo9umjRxAVjiADt6o2gRRzVZWDFHNXgWziHlCBtZWwpyoQpFiECpxZWXZ1 O7i7CqobQYpJqitAiomrZ4AUi69mIYhpZPUIBLF4VoOZty22egVIsWuqHJhi1WHUJgSp2uXSj7y2 WkL19dJWz6V6MS9VZ1Op3PvVqdRegqfVcZRu0ZPqUMoT6f1qBuUier3aiXIAO131nVKNa6teUGT6 1VVtlHTj7KpWygSzqMpBCbBi1fGUkY5hqvEUPqiSyXABVdoYZnJDVbb3bPrcqvOMDlZ21TnGA55T 1RnGLcH9qlMMo2hf1TGGQaqo0jE06LSqA4xKLLRqF2MZTqnawcjR2atqGInNt6rqGRParlTdZIR2 fK0OYHDtFapRjJWgyjq2EEGqndhN5CtVBznu9O1VGZw5bFpVPieJN79Kypkk+FJVxIkW1VUt5YRL 06qWc9ioc9VKzihVe1UJx1NzuErOGayTV8nZRHNa1Ub2t7aJVVc5PTqWVgdxhtsRVSBnGahyg/cM VJnNZ5A/Vw/kz6Q/qjrPV7ElVZv5+3mtUGFY1Rb+ftEF4D5pTtU2/l50SNUO/i7V5ap6Pq4pr8L5 O3STqnbzNzVTqs7xt7X+rPrIP9JBr57Bf9y1RzUjOo0gVMOF4MpX3xJepIysLhM+Zwyrjkjpzb5Y PTBlKJ9d3TdlhHA9VNwHKt0ORSOgqrdQTT1Ul1n9W8qIZpfqoSkBrR+rhSmTO/pXn0qp6JKrjqWC 3FeViQvBGIsXl1OmqQaLNzFmV98T7+UMr94rPsmvq94kPi/8CBXPgEqtUHQZFBsG1dyA6tDqzeLf m8dXHxBfbyNXPxF/6PBSReYEd63D2DmdoMp3WQqocluWSdmgOiibxTisUsryOMtVM2ULo/urYmXS FIkqWiYVt0BloVDUBMVmQvGeUJ0BKGueo0qXKdrGqlbL9nZEqp7LPnbtxNoKDQSBrVGOQxCsQBlG acIylaGMbixKGcy5jY1WcqKXYK5KTso7zEnJyZkAle2EKt2g2H4oHgvVvcNIyuDm7RhNyW/Lw5KU CzvE2H7l713H1OtL1xGEeqR6JLjDRqhHUF6r3dRu3iFqJ7VT8Gh1P3W/6HZ1T3XP1DyMwIicS9gv 7FchBaqUQ/974GqoPgju0/xAPVg9uG2reqx6bMd6daW6squ1JqcmB1R5ooV/U/qZdiDVRf1Wi3gv Vn/EPwevVH/HX8fwa3rh7amPagbi93MTapzwO4U7ocruGhJ+R50Hxd9C9XKocVjNMNzadreGr+3X caYG02Z1vd84rWEcmFPvN/RDkJpz+p/UCTVmfZe3oea13hp8fSOiN8c0bPTQm9ISNjL1x3NvbOTq Dxf5b4zRHypdClU/gGqToPp/nxsXbUzSnzS7bZTon3R0bTxhYNmH1EoaB4CeV2n8B0E2HjDaqVkb rxtt3u832o1tIc617sbzMf/U8o0H007WzjNuz4urXWusKjpRu91YUdYPWjMVqm2GGsKhxku1WqPK nFd7zmiw+td+MxL20E1a012CqK00/0CQ2mPmP6lltR3mpz60TWTztZCsTQnmE7GZm0rNeLrXpjPm qjzjpjfmVYsjNw8yy8rwze5mSc07aAMfajBATazNLub55jOb/czlVsnmLPMte85mu6WWIDbpbYMQ ZFOH9R/q0c3O1j99sjanWx+GHNi83doSe3xzp/VQetWW0dZNsydsmW8tXXx9C24tKg/f0mKdv7F2 y1nrwoZ7W05ZFzWO23LCushk2GIAKRa2RWudYT235Yp1q33H1kjbZILY/I8jEkG2hDiCqNYtRY7h Ppu2NDl+C/m6lWR3xDlvnWt/lE5sPW83zTZtG2w/tES0LcO+tdy2TWXfUJuwLcdeuytn2yx7bePl bZn2TS1R21LstZZr2xLttTbxNh97nv3eNtT+nSC2bocptvU+SLFv24aBFOvYVghSLHPbbZBi1dvB iiyjevt2mGLbv8MU25EOUsywowGchcAdHILY3W/HGJBiy3aMBCn2cwfoJrdrd7iAFAvbMQik2Kvt xwktQdT98ZsfgmjkCDLAW7MEQYYXaOYgSJBBI4T/DoRmLIII7mhc4b+pUP8RpJig/iZIMUk9WK+p V9YXgxRbUT8ZpFh+vRdIsYz6wSDF0uvBbNW2ul6GIN1DNPn//g3s9857EaQuy7UX+Uh9GnWFF68+ iVrIVNfHUudyz9ePo04T3K33o8aLOuvdqWzpq/o+1KHo8zoHFcH+qHtMeYXfrGuh3NCfqjtEOWKs qztA2WSuq2ullFkt9f6UVY5sDZsC0rv+N8ZuUKXUW0a+WOfkM4y+o67GezIrvQ7zjua51FV5hwle 163z9he11JV5D5XidSXe/VFl3RLGX1hu3SKGDY+ty2Hc0PvUZTKOGfvU5TK05h51tYzt1pC674wG +wVNf8ZjUCWYbQBVznECyc/rhJwd9Cs7uzk/2TPraJyrvHV1DE6L0L3Om3NOdKFuJMcgLakbzdmH 8up8OduxgcAqzROgXKcH2yXNFXURnDltq+qWcBZ2HKh7zim3c+r/5jwBVQr4vghS34e/lDKgbh// PP1nXRL/HzZeR4325w+sc48eKZxbNzTaW/S+bng0Tbq2jhY9DOXU+US7qd7WjY4maQ7U+Uf310nq gqJ7NI+ri4/u1eZdVx7t3DGx7nN0VNc1zYDoE6DKWeFdUCU3pSclrJ6UEsgIrzOlTGe/rytLkfPn 1BWlVAh/h4qDoNLzUHQaFOsJ1RyH6hbWLUlZ0+xbV5mCtfWtu5xypGNYfWjKyy61Jj4VrF80VPFO UKVNfJIyt75KbGasqp8kfseJqh+c05N/pc6e45TiAxWXQWU9oOgmKBYK1diguo11jhxS8+T63jnD 22j14Tm8joD6vTlrujDNkVw2qKKQgXWlJlGGUjZp3GVVjKb6Z7IdnI31jbID0QH1KtnxlK31a2Un xW+hskwo2g7FlkBxN6juYv062anm4vodskttcfVtsncdkzQhhaFdu/Hgwm5Q5bsyHVR5qJxGuaA5 oZzFIDTVSjHnlWa+ck60WjNZuTB1kCZCKcmZDZU1QZUhUMwIxadDdf8AC5oPaZKUJW1FGrlyT0e+ xqr83HUOv1PaRBD4OnUEguBL1OGUD7hIHebNxSepQ4PH4Rx1cPQnfISak4riZDUn5xU+RM0pDIEq t0PVblB8H1QfDW1+jQ9X89r24Qnq+R2b8b3q8133tJU1KoLQ+mnBva/11npTh2nBw7tE66x1Dl6r HaQdFJOm7aPtk2rX9tD2yJ2DEzhR+Du0dAhUXQL976FXQ42B2oHagW3PtMHa4I5L2rXatV2fGrIb skGVDoMHqPLcQKJGat8a+nqf0jr034Pvar/qu2IM2l/652mzGvrqH+d2NgzS3y2Kaxiiv1NaA1V3 QbV5UP1bqLGkwV3/1DyqIdzQo+NbQ4Uhze66K7HRD/6fJxPo/A2nTT2oooZrxs/ejoZ248uQYQ2f jA9i++/qb7yadmnXCOO5vGm7WEZ90c1dEcZDZYxdkcaDNQVQ7V2oIQlqfLArxthoLtolMt62hu5q MHnZI3enmcCKb9cGy28Ismu3+Tt1zS6j+U+fkbts5ichebt7m6/H5uz2M59OD9idZN6f17ZbYt6+ WLC7wqwqO7Fbba7c2APakAE1tEBN3N0q81rz1d27zA3W5bv/ML+2z99TbDkIOrfKRkWQ/6uy+3Br 6vzDBn5cda+cUBQ3CVqtkwRFW1EScLUVSYJ1CwGsW0JA6yoEHFXbkgCuaiUBRCwJJIAzG9zZ4KpZ BxytSnKCs1Ux7/fx975/wCtXP+WCkDs55znnfh5CkrIaohuuLLvjfUNfXd7Z+4gpL2d47XGXytd4 Nbzi8mPeyrQ55de9R4V3y0nvgfwFp3t5cwtPn+7vzZGRSNV3SIMBaWed7uLN8BpPT/ZWkUdP16Hf KJZfRi1W/jAwCfeeHhAYSS8+PS/Qh/nu9D7ybXzo6WtkS1KXiu6kKe1aRTx5IeuHil1kRf6zikry eBGvQg8tVlmhgxb7t0JLFhmTKzRksf1BxWWymOBX/E6uJ80VQfJDMFgxBbVYxWposRcVR6DFXBX3 ocWSzoRDix06swVa7JczsMpNT6vshVqsMhFaTFUJo7N4UuVl2BZHKsugxSyV0FUNUZUnocVUlceg xWZWQt8H7lXODsK1ysU97mNY9XIM6/FDNQfDhv5ZHQ8tNq0avXZH/+oh6NWGFB8xbPVrBazCMqYq LkKLpSjE0GI7FWvQq9EoZkCL7VH0hxb7UQ7zIXuuAmZ4xCXFemixudXbUYvJS0JKMUweGtp/oF3x FX51eKOCiesmzVd8idfNkihG4BUJOsUA/PDqB/Ignrflufw5vinnhfwOzit4Idfi00va5OX48BqP /BDeWW+SH6D8Y3PIlZS7RE8FTrEHjldPpPwNKRdpLEiZRh85sLXqCr1llEm+maaaPFW+gXZ2dh/5 GtqphDZ5Ck2y2iFfRsvbclHOoWXkSOXzaCsLfpbPpM0t2SKfQptckySPoA3ST5dPpnWzRctTwz94 N8nttC7ke8VL2nRIISKHQcq6yMqBH6s+MCJGBaoOM/6YcriqhREz+4+qVsa0RQxw0urWqoeMiC1S cHDOWvhK74JpVS2RH0p6VXkj26qJKnekU3epqj3SYa2RT4i87XHLSyOfk+mKW4zZwaAiJHYbpMhj 7ZRR8vksWvjIqn9Y2VPsVSWs+tj5VSpW2aLCqnpWSTK16gLr9y01VZdZxTnLq7SsXwsoVQbW3lOO qkbWruqjVddZmbrUKoIlsC6Uj2TleATy46wz/oCikR0GKUsTB0DKx8T5lPnyysSc8O/lCYnnI0Pk nyU+iT1e9STx/aI3yOQVyC0tVX8nvs/ZXvVP4ruCEVVPE/89Zat6nvimel8VmfhSFyfvkfjOGi6f y6F6ouV6zgL/WcUjDvS+oir5FoYpkpN9FKEiNKV/eJH8VgozcrV8b8ri2BfyJSkbE5fKeSlbklXI jDHInHPIAg7y1H/I6kp5UsoW3Sr5hpRd1sny8pRTnmjF5ymt/mPVU/gHg8Hq3hnHIcWeoaDIFIcz jOEORVLGvUiFYnCGj5Ugf5bxMbFR7hR0SxmEzNiNzPmILJAgSyYjq/+SuwTddAflAQHFulgxWhDt WawoFuT5q6rLM7+ClJ25MNerTsjdTblZHZ67n9ZPEcgtivyg0OeeYikUR3LPciYrducqUwoUu3JV GQ+RuUnIAheyJBNZgyN1OsVvuXprnsKY+9izvXqsiOlvqBkvgjlp9Xvx95DiFi+jvKrWilfQvqk+ Ll7NWFC9VZzK7l29WPwD54/qGPF6fq/qaeKNgmXI3MtIMQNZokfWfI/UvaueK95uPV+dLZZ6Sqvv il/43TUmiSEYrDkknY1hNTukMfiImh+kX9H213Ck0YwjNV9Lo9g/1IyRMrg9akKlkfz8mr7SKQIv UjQRKT6GlIYiayrASP3smjBpjPVFDVua5nHUnJSe939QimSwrlROUE6AM8QY5Rh8lnKkciRNpxys HMzwKgcqB7INyp7KntwMZVdlV/47JabEMlNrgjVBkQop6YWU7kT+70MvVvZQ9rBNVY5Xjvd+ptyl 3EUOV32n+g5SWgxwVCofG0JwvvKZoTfttZI0YMzRytf6V3GfK9/rn3LvqDrpvambVD309zIfqfro m/JmqfrqHZKDSGkbUslH6p+qcP19W75qkv6tl6XKNrDI+NopRpj7q+R2KoapLtl74T+rbtg+0sep /rK1Mzeo2mytcRtqMVszb3otbrua6qkdbbskTK1l2lR5ptqvbYrCIUjZRqTyDtKQWDvDVmW7V7vQ 1uDdW3vA/hmZUTfe3gjn7GIiDMNqzxL98dpaI9GZnlzr8b5gqmo/elviDHUjvHbeqbrZXn0ap261 Vyl8XLfDW56/vO5X78nCi3WF3t9LuyBVq5AGK9K+sO5n729ea9157zVSWj+L2BwM1pWiFqvTB6bg f9V5AzT64frugYHMD/WR5Mf4IfXJ5POkHvW/kffTLPVq8lrWlvqH5Pn8V+e6klVFyedCyfLS8+cG keW13ZDG9Uh7C5JYU99Bisjmc2sDsMXq/0Mtdm4ItNjzc3HQYg/Oob/u4J5TQIsdOAdn7aRD56HR 0lPPr0Atdr4Qtdj5BtRi5x9Dix07D3PH2jZkw3yk4zKy5Wtk4Nb5yuCJYFAzv5caw3RfYdhnWToG hg25rhuDYROqdaEYFqPUdYIW42n/hha7or0BLUbVwpoq9zttDrSYUAtHmvSgFo3RYi0GLSbWkNBi pdpe0GItWljTtWfr9qMW0yz+/ByGqW8PmjCwXUun9h0+Tjuc+tlEvzYE/zBrqbYnTiac1LzDidU3 NE9x65Ynmjv4pZz/NDq8TNxFU4EflHbT/IJvrglqMnCO/oVmM/6VrUNzFB9LTNd2wkcEzLoJ+DRI 2UR7CSkBuofSSb07om7UO00inTK5u+Y7eu9ZrzTz6FjCY00s7dXqe5rptMdbbmgm05pzLmkiaIaC Ss0gWlXJYU1vWnGNSP2etlO/VtONtta2AS65yivTKGhpgcnaVhrMAjTiyKMYphnKmEQZpK5haMLD 1Czm3CkW+Fw1+zT456I4dTVDtvq9WsE4usWgljMO5vymPsvYVZCirmBsLIlWlzGW1wxU/8GYp3uu VjFmWh+q/YwY7wDNOgaXPKotZ5yGFGOsA1KWsKZSotUvWYfD49S/sN5EdlJPY8+N3a9exR656JI6 mT0k+Ss1nx2y5Z46nd03Z696LbtbwUz1etb7U0H1Rlag+jr4SCdR72O1WHerb7J8nhLNPDaFHKLd wxZBSjAxCVJKE49SlmvmJd4Pz1Y/5QyNjFEf4SyJtanTOD8lRqnXcnYmF6jXc7Zn9FVv5GzNkam3 cIQF8epMTsapV+pszobqKvU2TrpurbqQs84ar77DEXmWaXicev8N7SHurGBQOz8FxpHmfcp4Sp5G nvJ9uFyzJGVfZJ6mV4qKNULtSGlOFKuvpDxIfoLM4CFznMgCofpqyoOSUGR1o7ox5YEuS/0g5Yk1 TjOI/5lnvqaQP9d/RqvnP4MUWcY1DNMmZ7RQ/tQOz/gQ/lhzVxAWeUsjEUSzsjRLBJzEF5qZgtUp 3yIzziJz6ciCWmTJQmT1S83XglU6qWaRYIN1neagoMCTrukQ3Pef0w3L/DUY1HXPha7U3s49S2nS nsq9RBuuTc01MajaL3LdLLPmdS7J+V7TlPs+Rasx53YI+iNzdyALOpAlBciaCRpTbofutsYj6mU9 rMVFkzw/a3NFu/xmXVFeDKTsEMMcRscT/0Tp0I0X76Mt0X4UFzBWam3iY+wIbbm4lKPV5on/5E/W ZomrBXuRuV6kmIcscSFrBFqhuFo/QJsvvmy9qa0TEx6VbrBkkv+JfqgEzi66DinMXnUPpSvxUbpr 0lU0se60NJlxWpcv5bN36VKl6Vyabp50Lb9MN1W6IbObjiHdIOIixReRUgayRo/UL9bNlm61ddOt l/7uIXQ3pM/IbvpLsovBoL5AiR4zz1WycJZ+s3IW7YZ+ufIrRpt+jjKa7dBHKqO4+/UjlYzUED1F GZmZr++jjBTdRUrGIaVHkcpB4BR9hT5EOcM2Xz9DucIbov9VeZb8wrBOhf5+bYphCpyBxhvG4+mG CEME7b1hmGE4c4rhc8PncRGGfoZ+3H8M3Q3dU/MNnQ2dMz/qg/pg3kqk5CxS1h2p3InUBw1dDV1t hw2jDKO8iYb1hvVkgnGicSKk/G2nQ8oz+1D8kMFnx+mTDS/sPZhCwxtbR9xWw3tbO2+uEbP9nRow fmbzCH809rbdy3tk7Ge7XTgNKduHVLYhDWnGvrYm2zPjKNs/3iLjSvtYckdDD7s3GDReIGgYZmwg wvBzRhvRn843eojOzPNGv/dV3M0GzPuYV9kw0Hs/bXUDzWsSvm6I9BrzNzXEeC8XWhpivRdLByNV AqTBg7Qvb5jhVXrdDWu9j8mzDW+IfdAJVajFGrSBSLypoSkwmn644XkglNnR2CPQPX5kYwT5Jqlf I5t8nHa7MZm8m/Vj407yxh6ssZDUFW1qlJIXS682lpIXaylIoxBp/wdJrG88RJ4k3Y3/or/uaHyI WqzxPbTYwyuDoMXuX4G5YFTilVRosf1XfoEWO3jlPLQY/woBLTboanfUYlfHQYtNvgqtV3b86iJo MT+yYQ7SUY9siUQGtFf7BeXBoHl+HxWGWVMxrOs31hUYFmazJkKLjbbCqiZmlXUiei6Z9XNosWrL f9BiuOUvaLFVFugk8RHLb9BiOgusyJT3LdCDhsdmAlrsohnWbkTQkgItdsxajFrMzAuFJjTdG7yG MtiSRF02bLclgcqbWGSZQ/121peWGdTZCYcsX1KnrLZZwqgjMzDLZ9Q+uTRzAH8r/tp8Hyek35q1 +HUlzyzD5YYk82J8v32kWYRnEylwmc2BN9aJOOwX8w/0K5BCRqgpY0y7RsvCo8y76TmT7pp/pG+b 9cScSd+cEDBvoKesfm3m07lb3pi/p7NyXpu/oU8qeGGOoYeVPDdPonetaTGPoD3X3zF5aTdsR8wh NK3XZv6N1hBYZblNew0p+xiwTjWHMO5SZpoqmYLwRNO0qP6RoaabzKjZF0zXmRMXrTVdZUYkTzA1 MsO2BE0GZt+c+yYNI1hwznSRQZYcMdUy3DXbTXLGLf1K04+MShtuusCo9Maaoxlq8roln9kbUpSs hZAyj6WhfG9qZY8JzzZtYx+NjDMNZr+PdZqWsmsXvTAtYyuSd5tWsCsyRplWsf/IuWtazS4uOGJK YR8oWW3is3fXTAQz9J1M09iJVrlpJ3uFx2LG2D+RcyzfsuHMb36SqIOUA5yelG3m8RxuuMx0k1MW ucO0meNjhZkmcGmJBaavuSHJHlMMl5Kx0hTL7ZfzyhTH7VVwwjSP27UkwfQN52NNb9NCzhud1fQF x2ndBD8b8OSaXnJH+p9bvuKeCQYto1NWQsqdFDHlhDk/pTG8yTw25X3kBdNt/hQW3yTmr0psMWXz M1JikBlnkLlfIgsaTFv5W0rWmLbxN9dQTdv5G3W3TDx+knW16Qhf6OGbQ/lKv9aSlLoQUjIFMPOy TBRMp2jNTwTLad3MRwV5kf+aFwgqWTXmHoJbnGgTISBSSkxuQWvGO2SuAFnQgSw5jqyZhdT5TJcE FutPpteCgCfbvDlzmt9g+SPzKaTczG2FFEnuv5RHliRRP9pXFopoDGOG2SaKZX00F4qWcorN6aKN /G7mJaJMwQpkbiNSzEaW3EHWZCH1Q8zRopXWP80ZIpHnmLlVZPbfs3bOg3Wldbz4IqQExVfwPha7 2EHLsBwXE4yfLCniADvBMl4c5LRbOkn68jebn0pCBGbzP5IQEQ0pPoKUDkXWqJD6RLNF0tnqMQcl oz1GyzqJ0N9u/bEwGlJOSOHotO6QHsfHWZOkJbQy65fSCobB8lFazS6x3Jae5y601Eh1/HuWYumV zNmWX6XXRBKk+BVSuglZ8y9SX2DZJj1nC7OUSe95AtausghygA2T+YJBW6hSiGE2TJmFz7c+VmbT 7lmvK7cyO1nPKLexfdafldu5Z60blDtTY6xJyt2ZtdZ5ypy8PkjJKqT0JlI5D6m/Y41WZtpWWVcq Jd4Ia53SRUbajqlKIaXEwIMUiSER32DLMyykd7NtMXzDnG1bbpgbN902z8DmdbZFGWanltpGG2KE NNsQQ0zeftsgw0zJHaRsMlIpQxpotgGGqbY/beMNi7wptm2GI+RSO9vICwbtUfYoOMNNtk/GC+zj 7OPo0+zh9nDmbnuYPSwu347bcd739t723mld7d3s3YQF9k72TnlBG3wULkbKSpGqbkjDDtun79gp doq33J5gTyD32IP2IKQECDjv2l8Qo/FL9tfEcHqa/V+CytTYPxA94xwOzNvBq3N09b5M2+To4X2a 9Zmjr7clX+QY6HUVPnLg3gelkUjVXqSBRNrXO/p773h9jplEd7LOYSGk0AZm1GKOOwEmbnIQgXH0 Iw5fYDgz6HgfGBBPa+od6JwU0jSEfJXmbvqS/Dsrr2k66drTu2kO2Vy0symBtJbeaUokLbWjkMaf kHYSSWxpmk1eJv9uUgSmBoNNT1CLNcF5E3/Q3ANa7G7zCGixhGYYf/F7mznQYvubYWWYntx8AFos tLkMPS7WfBm1WLMFWuz35rvQYiSygY10KJAtY5CB6uaSoC4YdJn7XcAwb38M6/TY2xPDBl/xQOr4 M552aLEIjwdabLAHVmGrr3sU6LXAPQXQYirPJgyTdPbMwzAZ2zMK1tjZ7n9h9vC72wLbpd71AsNa KG6Y57XXeE6hFnPdHjwLw1wrw65QOJ6e1PqhjZ4u1JqJse531DOzcLefejLhlJugipM7u21UUUaC W03NyP3VfZq6XKx1/0plSx+5hdRxqi7uxdQBxsHu6fhrxxeujbiRyHW14Or2UM9EHHa/61GEAVIy RhspK50fx1wM3+ceH9Fpkso9hv5uVsA9ih5YNNQ9iP44eZa7P/1exjJ3F/r1XIHrDb1enO/6hy6V Slz36QeVJ1zX6JmGUlc9fan9tPM1Pcz71iWkDwvsc1+nJ0DKB8YHSPmNeZay2TUqihte4qye2iUy x/UD8+7sVlc607aoxsVnXkv+1bWKqc7Ici1jVuemuJKYJWKOK4FZII13zWPuVs5wzWauN0xyRTOT 7HTnPuYA72ZXH2Y4+cKdzoS96h7OQikX2ELKPlci+1m4ztkaty7ytHN3nIfFcz6I25CY6HTGpSf7 nK64lRmlIC93rdMdt0A8HYyRDgSn1ATg6zR9E1ySarvonMq+5XnnNLCfkQJ3WByMIPc8DvSL6xlH SSlz/cLtGv7IFcFNjrztbOReYB1ybuN2cEKdR7melJXO49y/Mp44T3Jv5x5wlnCt4pnOUu71kg7n aa6h5pqzkntBf9RZxVXYNjkHclM8Z50nuAXkAFc7bwCk7EiBEeH+gj+eYnA18dfS+ruy+H8yeroG 8Z+zbjpNqTTOSmdJKjvF6ixNjRVMc5alzso1OE+nxohXOitTv5L2cv6ZGl3T4FSkMvV5TmXqZNsC 5wj+Q4/IWZE6zH/f9TIVZnPuekEFpGwSWCmEO1zwL+1rlyVzNIPl2p65mN3HNSkzl3PW+T5Tyqc5 A5kVgn1IEYYUS5DSSGSNF6k/jLQlOtdkLvPsdz7KLPFb3KOE30DKW9F6SLks2ot3c+8QyWjr3VNE DYxdrieih2yOS5bXhfOfa0PeMP4uFydvrKAFKVqAFFuR0nSksidSfxFp2+y8LXJ6/nQtyKP7W93b 8tzBoIclicYwzwDJfJzmfiBZQTvuPikRMC66V0j2s4+5R0j+4C5wPZco+XddtyTazDjXVYlBJENK PkdKpUgYY6CeQNoKXEkSoafZ1SjR+Tvc7sKfIOWwrBekbJZR8RgPSzaCdt0zQPYl44XbKYtme9xn ZHO4J9zbZZzUKe7FspWZZ9zzZPy8rkjJWiQclaBSiDT0Q9rqXU9lQ7yd3d/J0smhnsTSLyClHb2O vee2sgVf7qlVPqa99BxSPmeO86Qo2+PCPdHKf7lPPRTlx9QD7peqbsKebq+qZ95mt0vVS3IVKZuC VNYiDSykzesWK83eaPdTFZWM8dxR3Q4GvUkGOZzHYg1yfId3rEFOH+bta1Awkz2kQRGX6nEYqnlM T72hJtXrOWFQCdd6Dhhq8+56RIb6wvFI2X6k8j+kYTfS3s/zjWGvV+g5arhOpnvXGmGLeRvtWyHl vF2In/BW2jPoc7xH7RuZRd499rVxUq/Ansbb5V1lT06b7F1oXyVs8MbaV+RP9063ryg86p1mXy57 jFTNRRq0SHusdwj8d967xL6DFBO9HeHBIDGdmA7rACbBxDXERGIi/QdiDDGG2UiMIEbEPSBCiVCe gRhADEjbRfQkemaFEl2JrvlHCIzACj94g95g6bdI1UmksTPSvgPpDRLjifGkntARcOYnPqIWa8EC U/ErLZ0DE+nHWroGIqI6tXQPhMWPaekV6J8U1tI30DXtcctA8l3Wry0hZPueQS2DyWdFB1uGkk9K n7QMIx/XTkEaDyLt/yKJrBacdJIvWnIDMLdseYdarLUztJijtQ+02O3WUGixb1vp0GKi1khosT2t s6HFVrXCpbM/b12BWqx1HWqx1izUYq07oMUCrTuhxWKRjtPIliHIwKlWTtARDPrHDLiPYYGd2E1Q jGGDzgT2Q4vFBHZAi4UG1kGLLQig54uNC8BqK+OvwAgME60l4ZZJCBJGZ2k8eR7Dak+QsC5reESm YVjzKBL2wcMkHxe9ir+/ArWYf0IYNKHv8tBEipQ8HDJ2aBeyIIQ2sTu5P2TIrDHkrpCBCc/IzSHd kn8iV1LfZLwmF1AfiZaSTKpDUk0OpWpk/5KdqBW10/2Pqb81CPzXqVubZP5K6tJWU1sTHmyf7J9I pULKtNGvIOX6FxjlT9/isV3D3/vrIiomlfurI0pm0/1nIo4syvefijiUbPcXR/wkwP0/R2wWLfTv jFghyfNviJgvq/Uvi2Cq3P55EUMbuvijIro0jfaPpD9tjWtbSt8WOONT0ysgZW5UV0hxRmkoat+W qZm0/m3/TYtiUH3uqIrYaN+DqFOJk3z3og6nMHxNUQcFMT5L1E+ib33Xo7ZIVvr0UatlGb4LUd+p 8nzVUdONh33lUXTHGd/xqH4tF58/Yu4LDPYtYEIj+1ewA5DyNk5AsfjEcS9pY30j43MZUW31cz5j d/cx41cmPgW/TzntY8QnCLaD8aIVvsj4GZIFvinxE2WzfJPiR6mm+ybEU4zTfF/Gd3ZM842JC7TM eL43Lon8va0tDuY7/q3ofRf8YdzTlIe+S7wutPm+Rbz1jBVt//Bs7Ki2wqQITmvbDd5zPr3tFu+J 4FqbhUeIRG023l+ShW0OnkM2pu0274aqZ9tdns7wou0+r87e0vYX7wxx5/m33A5yapuCB2PQf5jv hpTY1OGUDt/TVD5tk29/ajXjZ9/o1P/Y69rsaTO5Q9uOpG3ky9vK0viZw9pOp60WXWirTFshWdtW lbZENratOo2rfNumSltosLadS5tnl7ddTIslxM9jUn/xv207mgbzO/+FTBi//k2ZOnyIf0QmSSvy XROOZlz0bRSuYkt9YcIi7vI2p1DDf9HWKDRnbkKKXiIlhW1XhGYZG6nq1HZVaDLcbLsmvGk/3nZD eJ3Y8jxV2NtPtCmEKkhx58G49v+RJ8Sj/UvyjtA0/p55WsZT38W8J+wHvo35/bh/+CbkT0qd4euR H5d52dctPz5vClLSgJT9gFQNQRr+QtqlSGLz84t5e/1kG5kPs1Tys8JhkGIvZOAJ/iOFC2gt/sTC dGaYv1dhXhzVd7WwhOv1HSi8lLrHt6rQLOzl4xQ25W1HSt4hZRIk7H3Q4EPaq5BERhu9cADZyzen 8BakMGR/YxjZXfYa/8F/p7Qrvaf/ZGkIc75/denYuG/9tNKveSN8vtKFqWafsXSVcKnvz9I1eSbf 2dIfCmcgZUakajnS2BVpv4AkhG0lMjn5ha+qdC2k8FVVkDJLVYfnkoNUGvo4/1PVNeY2/wWVIy7P v1fl5q30L1b9kzbQP1H1Uljup6je5w/z91Z1FIqQsrdIVR7S+Onr9iv+PqoOIts3TpVIfuMfWtsL UoqNayBlh3E9/ju5wriJ/h0ZbcxkSskBxq1xdf6nxl28I/5Goygt0S8z7hc+9+83/pK/zr/dWFBo 9/9oLCiNRKrkSGM00t6EJLb5rhk+kJn+E8YqSLnlCIGUC44Q/BxZ6qDS15E/O6jMq+RGBzWuhVzo wHm3yEgHNe0XcpAjJGs82cXxeb7S/8oRWjTEH3AMKs1Cqh4gjYuR9hYksd0vtJ8lT5JjHPPh3NyZ qIOUt4QSv0I+IxR0EfkXUcn8h7xBlMf3JM8RUt5/ZBlxMs1AFhLHstLJPcSRfD+5nSguWkUKieLS S2QmUVzbF2ncirS3I4kd5GQiiTSTRsIDKTNRiwWmB6bjmgAjwKD/HhgfGB/VNUAP0OPHB4YGhiaN ClAD1DRfoG+gb9bRQPdA9z0RgS6BLkXHA1gAK31LBslgLQtpPIZ0dEJCShB9BNYFoIvaw1CLtQ+F FrvePgxarKkdrcXmt4+CFtvdToMWy2sfDS22vB1mPNl4+3hoser2SehxsXb0N4q/t0dBi7UjG2Yi HX8gW/ohA7+2Dw/+jZ73jCeinulC/O8d0UIVyPGfXv0q5gJy0ZJPryFyFJl5Cpmfiyz+9Hy28g+f Hr0rQV6LQt7VIf+eiXxb+/Hs/94BZqgF/X/4Cjw2GAwJDNkGPp84F3w06x/QmYiDdj50dkhjphWs y88HS4vhHoaIy7Xgj+dgD4esumoG4+6in/3iCZyJQ/q8Hf1xHPXTK/R/YUQpY+/h8N1xbTS45tE3 J0P3j26MhdXs6MuJ10AlH7bu6LLMDrAofy+YV/wZuKU8B1xW/xKMu8oHv7wDa9rRA54wgsGI12+K O6rp71HK1AaUMi0fh9VM9Hza22Bw+nAm3LZpg1kwq5hG4fwC9uR74ZIfhbBNprbn/wY+LILtPbWp HLbAVEP976Diygvw2B342amix7ANp657/apjctQklBJ/AaXMmY0ng1Y6HKlzNzDh83ld43bB56Fc mLXMHZAKX5nbXbgdLvMxXwa+KGoGn5T3Bu/Xwz6ac+PKz+CF2ybw9OP+YOHrpA+G+FEoJYmOUpL2 45kgSYeZ4OJUJlz/4rtxJ4PB72fy4JYv9qbCllz8l/Am2JzfCJqKYB8tbih7Al6s7w4qrsCtXiy7 vRIsflQA7nt15cNm3iOUkvZp76d/ju9HvwGnfwVeZJ4IBtcMiNODKbxzYEkafHfN3qzhoCifBHcV /QVuK4N7tEZQ9wDc0NgGpt7uCi5/BMfAGs6ruR9i0w6glKxPv73Ouon/AcdDJ/piMJapAfPj4FZk N/Dg2M1+k4aevYpnbQAH7oHjauuAIrjOrf3KbGCfOgPYqxHG29buzXBPt3Z5CHOK7ODLRx9isgaj lD3pKGXPIVwO1tEzwFamMxjcS42HMQZTBNgaezenwd7f+0vWcbBwz2xk0QckStlbWKdCNkqRzUeR D48gX/7+YW3+CZRSzEApxQtxNbiBDvev+Ffmf6AqHj1mcDsJjvbi1+mQeLh/1hVwyJ41yOJ+SJRy eEhdKbIxD9m8EflwNfLlkg91RcNQStkblFLeA4dOKx9Kh6O7nBEFR2L5t/EwJsvXJMH8uPyndMgq L8p6Bsr2/AqWFdOQKKW8rE6MbExGNn+NfDgS+bJPR89SBUqp+zSTrVPhsDfrdHQlaIkaC3ri4Sir I5PgeKwLpkNiff/snuCQPfBz9SOLZyDL7Mi6XcjGT19p7oZsfYB8caFjfW08SmmciVIa2TiM1cZv 6A0gNwpGWuPK+GxwTRKspRoF6bAFGndkw5m0MX8P7N/GA8WLwIMopfFg3RpkY39k03Vk6yHkiyUd 94xulNJ0HqU0XcLhqG9S02+A+qg5YEM8bOem60lw+SZTOmztJns2bLem23tgKzXdL14GPkApTQ/q FiIbCGTTHmQrE9lOfkxwZKKU1r4opbUPDiOztTfdjIz6BuwVD8dIa88kMTI9A5k9EbnHjr5bvBRd sgxdvk8dA9mgQDbNQLbcQbbv+tjc0gmltH/96T26ZuB3wal0uJ3tkVELwAnxcKvax6L70k5PR100 MjsCHLYHRlr7kGJ0mbCyS+Dgus+RDdlIxzNky2ZkIBhMDewLfvr3vwbANUi6BRnF/nSG2/7pDLQb mb4EmT3g0xFW9ekImPBphB5D1gaQDTOQjiIk8emaA9v/X8L/73t/Ctegx4XgX6c+MG66uYLBl19g WPcCDOsoDAbfw5HTUYphXZwYZtidlpL16X07O/3ft+78P2LQcw/iM3JtAAABnWlUWHRYTUw6Y29t LmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0 az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMu b3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJk ZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4 aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj43OTg8L2V4aWY6UGl4ZWxY RGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+NTA5PC9leGlmOlBpeGVs WURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94Onht cG1ldGE+CgcrM3UAAEAASURBVHgB7X1nd1zXleVBzjlnECCYM0XlZMmyZTm2Q7fd7ulZvebD/Ah/ 6X8ya83qWdPd7nbb4yBZojIpiqTEJBIkkYicc86Yvc+rWyiABRBgFYEC61yyUK/eu3Hfe/c9N7xz Yqamp1fEnCFgCBgCUYhAbBSW2YpsCBgChoAiYARoDcEQMASiFgEjwKiteiu4IWAIGAFaGzAEDIGo RcAIMGqr3gpuCBgCRoDWBgwBQyBqEQiJAGNiYrYN3OOE2XYiuxiA5duojBvdD0d2WRVPMv5w5DEc ccQ+RpsLNd3N6jTUuLcbPhrqeLuYhOI/KAGuLK89Griy5id/xMjE5KQMDo881OkWFhZkcWkpaJ6W cL+7p1dW1ka4zi8IZN2drf5cXFwUpr9bjo1zdnZOenr7H8KFeepC2TfCJpQ8kxNm5xc2THezuD3M Fjfz8sSeaWfeBqGx/XR296zJD9vS3Pz8mnvh/KHYzs37sdX2vRi8fT9uul5737zVE6vJyamgfe6R 6Qb0t+WVZVlaXhJiyW/it7zs7i3j2vcMz/mM/9Qv/eNDv169icyjzeExR95HZiFSPQQlwC+uXJXJ qWmJjY2V0dEx+a8/vqsFj4uLk46uXrl7v0GaH7TJtWu3JDExwV+2hPh4ufDlV/LgQbvEw2+gI2gE 7N0PPtmQAOlnamoSDXohKIEExrf+Oh5pNzQ/kMtf3xDmYzcc8z8yOirnP/5ciFWg47O/nv9YZqZn tl22wHiCXcfEoJ5GRuWDjz97KN01/pGHQEfMbt+9L9du3pKEhOCYkSAn0PGY/3A6Rjc9Mws8prcU N9Ofx+D27gcfa1tkXnhvdm5O/vLXD3Xg204eg/t9uIyKLev0k88lKSlJPr90RZpb2/zt+1GwBE9n LZIk8KmphzEmAY1PTGh/iY+Pk8aWB3Lt+to+tzamh3+xHV6+dlOGhoZ18P3X3/4/+c8//EX79H/+ /i/SjcH65jf18h+//7P82+/+IP/r//xWfof+/sf3zivel69ck3/59/+C//fkP/7wJ7l5+64O8u++ /5H815/elT/99bxMB8n7wzmJzDsPESAJrW9gSFrbOyQpMVHaOrvkiytfyTA6GDvJnTv3ZAGdgsy/ jApi5xgdH9fSUbp55vRxqawoxeiyDD8rMjI2hkqc1OdsDLirjXV4eBTfi2saP5+/d/5TudvQqA3b CyQyhkbg0uA9jkL8MN6xMaYdo6NTTWWFnDp+VCuaDZN5Gx4Z0wbEpr2CMEOQWic0P6uNnXExL3Rs dGuvPTImETDsDDqta9SUBuifjs9ZZqZLXOjoj6MmsZuZnUWe9bb/z4JvVHU3mK4bYcfHJ2WUZfPF tbS0jDQ8ycPL48OS7jIk92kQ7NDIiD8exRwJD+Pe1DoiY94O7q+RY0cOadyMfxbSziA7C8rDztPV 26cdAm8MaVkYH8vNDkXy4W/mh2FJaFM6cMaoVMZ45imdwQ/98fnA4JAsYIBj3FcxWF24/JXMIU06 +pli/oEzy8vfrCW2N+Z/fp74eNjSP9MlKb3+yotCMmeeiR/bBPFjuoGO8bHMnLk4wqEP1tcwSG4S sxr6oeNUm9I8624J8TItfp87c1Kqy8s0T6zvqakZjY+SlTqEm0ZdDw4xv/Paj7QveE81T5w9DSMP TJc43G1olvcxeBFP5p+O+aC/f//dn9D2J5CeT1pDGNYF24ZDQvOKsKwTnQH5ysB4KMQ0QTBgX2B+ hkeH5e1vf0u+++br8vZb35LCgjw5cuiA/ODtt7QdMF1ev/nay5KeliZNIPtjhw/KO995Q7731pty 4ugh+fjCF5KclCw//9H3wREJ8vHnlzYcQJmHSHYPDfus6LrafdLe1iXPnjklvRghXn7+nLS1d0l5 abEMDA/Lyy89p9JWJ6Z0n1+8rCPTmZMn5NUXn5UraNT7qirlAOJ496PPIUGOYiSZl+NHDsvhg3Uy h8bxBUaVvv5+HWF+/Yu/kTg0XlYiK5USCTsOO8kLz52VTwFuNzohmoQU5OfJt994Re7Az+36+6iE JEhcY1JRXiJvvf6q3G67hzgmUHkvyUVIovebWyQeDSA3O1u+++3X5a/IzzgIeRKd7NzZE3Ly2FE0 uCV0lilU4hfyi7/5ocZ78fJV+Z//9A9yv6EJA0CPvPjsafnju+e1k03PTMtLwKO2ukp++/s/aWPK y82RTy58KaVFBZKTm631zTbIxsiRdAmNNyszAx1zTGJivQ7GEb2hsVk6unvle8jb4tKi/AWj6rde fVHTfYABKC42TnJykPc3X5M7926DGEblrW+9Ir19A/LRZxflb5Ffdmg6NnQOFJ9euKQ4JqBh/vDt byuBvv/hZ7KAcrLTP//MWdlfW63h2Pkamlu1Ts6cPqGjeWZ6OqbqfZBwYuVXqJv76Jz19xoVn1de fE7Tef/DTyFlJwDHKXkbHYnk8wnwI5HV7KuSmqoKOf/pBXSOJJkF6X3/7TeV/N7/6BNJSkiU+cUF 5O0tlKlBByPWI9tOS2u7fAVpJQEDb1wcOuJ3EA7t5Y9//kCSU5Ix24gHSawOQOysC+j4H35KLH4g tyDJ9A4MYrCZ06WW19FOTxw/ouRMv7xPjEHZyPu0fOvlF6Ucbeev73+MvM9hGWFejh4+IGdPnZS2 jk5I1J9r2/EGumUtJ/NXWVEheaiXi19ekTgIBewj+WgDP/3xO9LW1imfok9kZqVLPwSJjLR0qaos Rz0IwsfJNxAgLl+9LjHAtxDt+Z3vvqk4NDQ9kPTUVHnt5eeV1JW4WlpVGPj0sy/k5RfOgWQSMCB5 fY71dgID12uvvCCdEFI+Q5qJyUk68Hz/rTckLS1VSZttg/XM8tMlJ6VIdmamXksMJrhkUUzi6CcD dZ+OcGyrLHMs2ipnclmZ6ZKVlalTZpbjmZPH0S5zJDUlRfJQBpZ5r7qHJECOvBVlpSC6IZlAh5mY nIZUd1J6+noxGkIiAY65qPxFkNo8Gs33MDL86J3vgPiueZ0QI+8SJBmOHD2orF//3U/lB9/9NsKD xIA2pa+jh/bLf//7X6DjzWFK3YOOHqsjX0F+LkaYw/LG6y/Ly+gQXSCHuyAJEtPf/exHaJQd0tnR BZF7Rgb6B+XH3/+O/P0vfiL377dIb/8A4pvHs2kZQx6uoqH+/IffU5LgyEqp4l5jk/z4B9+Vn/7w bUiDyA5GW0oUmRnpMgryGIMk2z/Qr5IAR19OdYoLc+XS1WtKvr/6+Y/l9ZdfwBT3gkp7o6Pjmm82 rglM3dnBXEOLj4uX6zfvgNhj5b/98mdKmjOzq9Nf4lxWWiIPkAbzx84yiTgoxdy8c1d+8ZMfyC+R XmdXl7Sj3JR+3FSUpEfiD3QrqBhKeK+g0//jr36uEtSd+41yG+S1tLIkP/vROyDyZ+TCpS+RRy8k 8zoNItDlDlzX322QUyeOyv/4x19CUhgD0fbKqZNHIRkclJ/98B3t5J+BYEtLiuWnP/qeDnSXgQ3r j1OjNzDwvHDuDKaLF+XIgVr1k4c6vX77Noi2WThQ/B3KdOzIEW0rZyCtv/DcGZD6q1oPH39+UfP/ 85+8I5NoJ22d3XLx8tdSVlGq9Xzq+DGte4cxS8H+O4K65b2BoSEsBYzJr9BW3sBA8sXVGzqI0B+X Rb6+dkPSQKS//tufykvPndOBtb6+AfjPK9n/+J3vyqUvr+la20efXJAXnjmjxFpVWQaC9GYCYxgs SZYk8bv3m+XNV1+Sf0Abvw9CmpmelStod8eOHlC8SouLpKSkQBJB+nQkG0rB72BAYLt9gGWkuZkZ OYNyPXPqmLbnRJA/hRBKgkchmR2B0PCTH7wtpWgrFArYxr/zxmvyN2j7X2PpgpFSAjt+7LDWMUn0 5u36oMtArCf2wz+99wEGuw+0HauErnkjGa79UP5mW/vsiyvCKe97GCgowRejXJwpNj94IDdu3IYE /oIOMlrIPfbnIQmQwOfmZKlI29DYgpEkWSWsL7+6Lk0tD6QgL19HBYKzDyN9HEYyisrJyckQ6Zd1 1IjFSNffO4CREiMfXE52lpIgp6x5ebmSn5eH0JDoCvJ1muHrj/4KQO0jVIz0A+ySokLfOmMMroul ByM8pah9kMC4PpOCUagYjawfBMhRLBafMUidHOU4onF95ScgPRIdG9T//c8/SllJIaTb0/6pKhtd WWGhtLS0YYo7J6dPHcd1q4ygM1H6vYXO/fILz2lcJUVFKq3NQjKJRdmdi2WJHLMw97juBZnW1VYp qaWnp0lpcYksg/jo2NhygHMu8OiAlNnd0yOHDuxHmqOKEfEkS5eXlkEiG9CpBtPwHNJCYw50K5Dw SkqKtC64FFFXs096uvuQzjIGs1Fdf5xF58mGNBw4jWQ++eE9DkDZGOlZjALka2FhSZJA5MyrTu+R YGdnr5LQe5Mf6TSzsDBfOwn9czrFdbru3h5IMQnobANK1DojqKvBOtJf5be/+6Ps31+t6Swib1rV iJ/TuoGBYcX6DqT7JeSH06tB1DcletZjHqRrth+2UUpIznlYeNPJispSHaSzszJUYmTenevpH5LT J47oVHA/ZihsD//5hz9LbU21LptkZ2dKKto7ZzYzILl91RU6OFWAfCgF0zFZ4sV4C4vyhfXKte1c hKUEWY7BoaO9W4oKCtAOxzFTqER+V5cuKstLtYwsA6VbFBMkDsLzYezyym+m4bDXa/hjn4uH1JmO tp2akqpSNzfX2Ac7u7ohYExISXGhv20Hxsc0sjDYH8GUlo4SKfsM4w7mmC/2sSr041pI9tw0SQPB khQZ5gMIAhSAWO9u2ShYPJF87yECZGY5pSkG8Vy++rWchfSXkkyxOV2+un4TRPCsVtgKO47E+isp EEJ2pmQQUz9GZDaWOXYKTOnYKLR3IQ36J4iuSzNdOr2vFyuSChLgmpDnD1OYmSlJSy6TKa41YSrK aTMrZXpyRtLQIGZmh9RvIqZUswtzXqdFBTZhpC2CqP7c2ZNaNo7Sf/jLe/JPv/47XcshcbMTXMAC dyWmK4dqa+RDTDETMeXIzspCR0pSyZUj6OQcFu2RP9dw2Bj421tX9MrkZR8dOD5Rp9skShLD2OSE 4sHndMTpGDrhrTt30OHm5ftoTENYO5pD+bTMyPvU9KSUlBZiqsfddW/tldPA+QBpk3ERi5kpdCjk h4Q+Oj4qGZlpkBoW5TDK8zyWE6YhbXDEZ+fzO3/F4YK9G479wX8SQH94nZ7lzEA7OHniGDpEpdZN HAYjblolJ3mSC+s7C5idxZS6CAMc18i4dkxS/uXPfqhLFH/48191ahiPKT727TVNTu84s3j5+Wc0 /xws+ZtEx/rmQDuHspAomUagc0Xg/ZgVj5yYba81eT75LDUF9QjJnnU3jjXFXrStjIwMmYDkz7qd x8xlHqSfgWkgWzclc07zuGSy2sG91LQNoH5YT/yQyIhrRQUIrv4epLB7cuLYETkISZjro0yf33/4 y/u6vlYCKaoF7ZIko/lEHEwz0DEMq0rLxbL5Pi5NhsQttNFsLOmcVAl7EjM2Smdsl37nZVnzmQbC rqut9h7hPuuF8W3k2K44hT9Uh3Kg/XHmQv+cqbyK2UYZlsVWsdkolsi9vzqMBuSRHbO6qlIrkiMW RzBKa/ebWlSq0xGY/rGG4FxgRMsA6tCBGhkcHJabt+7IJUxjvrr+jTbiQH8aNiAO/s7ByH0L6yT3 mpp1ijg/P4d1oVsQ929imjqlRMUKaMKU4x7W6C5CPF9cXsQoVaaEt7KEkRlkl4pF2gt4drv+rnyI tRxuQvz2v/4k7ZhyJ4MgKB263LNSy8tKpBkknYUOUYJRvLW9EyNbvja6E8cOyVc3biqRfoq1rv2Q rjji5ufmYpC4hqlQIzr2mHZWdpgprI31YI3zxPHD8g06AqWHG8CBvYSN2Dkuqtfuq8Yaaps+ywFx cJ2VnYLx3rx1W5cd9ldVSS6mjw/aOnRJ4O7dRklNTVnTcCkFkfSuI50bmAI1QYI9dvgQpJw6hGnS 9bULl67ieb0OAi4P6MNIzcvTmrrBLUoM6ZAYuDRwHXnh9Oc0psjEoh3SxvvnP5EHwMkbDBAjACVR kdRZ5x04svLn98/rmu6du/fkLx98ogTMJQeu+2ZlZ2Aa1aFruiS6iooSuYj14VYsc/zpvfNKVpyC X8CaLNfIvqlH3gOkbpaBeLp8K4W4H1rAVazZ0U+CkG5gnZDt+H1IL41oQ6cRfyNOLdRjPfLCpcsq yZVD4qvbv0/XADl43m9oBIm7XX3GiYKSNFaj1zwwL+PjE76ljHlpaGlBvE1Krl5e8RdtYARr3W2t HVq+PkjJOZDKKcXdwtIHiZ9rb3QcFJbQtq/fvC09eE5pTNPFM1du4njkUC3W1YE3ZhJ/xPSW9RQo Ibt8kuRHhsew+XRT+xSXibjJ49LTRF2n0B9MCFkGcZPwSODse0yb670dWKLYy+THIsb95je/+Wde BDpOm9IhXnMtsEIJcAUjZbpUY5e1FFNAdgzuvnFTgout7NPsoJSWuIjKaUomFlIZthkL25QAvoV1 AkqWnA7zQ8fpQz78UmKhI/GWFhfret0KSKkSpFaDqW47gObuK9ffOEXjznQSJA4usnOq8uZrr+h0 iSMfp3GMt7amCmuQfbox8C2s01Aa4XpUS3MbOl+ccEGfHdc55rEUUm81phhaNpSnFkRHP8wjpxyc FpMUnz/nTZ85Mg6A5LnJ89y5szoCE4M4TBuXsEbE8JRiSEZ5eTkqTWcgb4GNMwVrUo1YajiKdTZO 90lk3GAhwXBt7rWXnlcsuTBN4mgDCXKqfAAjchpI0Dnms662BtLSDJYDhlC+Z7V+iAXz3IQNofT0 VGyCnF6TPjcgCpE3+ssOqBumxXrMQrmZdifqoKiwQOuDAwiXC1i/x7EryP6q9Y/w3mBCEhdpRSc/ gF1mbqoVo93wCFAH6u4ISJlTKnZ8DnDjGNhI/Nw44w4uOzs3ZTgL4WCWgjw+QDuqLC/TzTRiyE5I x7/cKGKb4vpeHpZXUjBzIB5cc+TiPTstP/TDaTR3RYsQ97OQmohhCcrVhPKwTb0KvBk32x7XqLux Ds0pI5cUOOjowAdc0jAAsszEhnETuwzc+/zLq1pn7CupmDm9+8FHcubkMc0P650CRXt7l26SnD55 XKXo/cCC+eU6MAdi5oNxcgOiCBtrrR0duiTBemSdcBpKEs7FRkQWBIYK4EJyasMAzvV1trtAKZ99 l0sUydgkYTunRM0ZyRyw52YOy8T0OONhW2ff5W+mQUGBwg/7lnPEh32VJw6KsATi6sI930vfMZhS rOd8zT8LRcLSbXXcWf+blcl7OgXENyuQowS/SaAEiH64zsDewKMMWqmIk/7oAv3qDfxhnBz5GAdH F92JQhg6VjLDXMJox8XuH33/OyqW0x/jXp8nPQ+IHsJwbBAMyw88+/OjEfv+0L+bEvCa616uIbEx cn3R5YtBvLxyjYzk7U0N+M3885vYuDQDnzOvDMsNiFYQ2g2M/H+LTQ/i7Z6xodK5vPOaz1lGN71x 33zG+PiMUxaSKKVLd/zC5SFYuT3MRImL8bu6YXkZ3tUZ/fEZy+Hy4bBg2kzDhWV+iB/zQf+8Dy8I l6D5dPfoj52OTo9WoaE4PyybK59Lj9N7NlZ3XwPij8s3JRw+Z/xenpjngKkgnjksWC7Xtim18n5g O2XcrAPGQ1KnY7r0x3KzzhnOxc/yconhX/71d/L8s2dBGnnYROrTjaVf/OSHwMIjbOLI/DKPrq6J j0vLtWVNEH+YHuuC00+m6eXHK5MrN/2ux9uF53dgXVLY8HKCB7hgeswLnWLGekY5nWNYPqfQE+jo l32b4fey25AAI7VQbED9A4MqgnOUXt8ZIjXf6/PlysFjQ+dOn8TOWuGeLcv6skXrb9Ypp59c7iBp cL3t1PEjOiuiQGAu8hDYcwRICNnQKFG4kTnyYN1ajlgOb3T3JNSthTJfkYyA1ikkI50BoZG6mU8k 5zma87YnCTCaK8zKbggYAuFDYM2eWfiitZgMAUPAEIh8BIwAI7+OLIeGgCHwhBAwAnxCwFq0hoAh EPkIGAFGfh1ZDg0BQ+AJIbCzBMit20CH3zxPpFu6gfeDXNOf+g14prGtjzPg+frL9eH5fBvB10dn vw0BQ2CPIxD0XWASxSQ0wfBgKN8Q8DvvJKYeNo3xHYzk6aZVIqKiId+LVc5vgL++vn59I8ORGd8M GMIrZPk4jc6X/3kwNJjj/QGoyKJLwWl2Hr7kyXaq5kpDOA27LqA7ZMrbvOah1W6oeeLpfR4apeNp +H7Em4u3BXi6fqP01XPAH31/05dVlt2PwRo/qz+cH3dH8XI/Ar6Dl97DN1gaDLrTYYKVJVjeAvMV LExAsf2XgWH8N3HhwgfDbSfDBBtAA/Np13sPgQ0IMFbuQA8cj54/j9eFOqEF2tN0UQRlqcPQ6RYn VDjAxsd3M/nGAF+I58l6ktkA1BNRrxzfeaSWDOqOa8P7ncMgO75ak4gT9nxboh6qrlLw2k8iCIla XYIREM9VUYHlg7Z2vNqVr6qKFnAqnm+IULUQ1U314zlJka+SUSUST+dX4jU+vo9LsuPrPi1tPfpu 6kkSJtIk4TU3NOqp/Aa8gkRFj0zrUY4Hr52CzDU90/VESqqIJFhZNG5fb2Zn8vuhGLoB+QfmZ7th HorWl3bQOIM8U/F4s3y5MO6bEbP8wEIHicCE3LXz6759YUIuf2B869Py/4andeXxY+oLz9rz550A spWzbnFJv3xTZSvtxCVp35GNwEMEyEqexsv8y3g9h47aaJvb2yQ7I0ta8R4nFRxQzxlJx9P+G6va M8bwEjfDUisKNW7M58yrOisqCeBrPnznlB2ecceCBNlR+O4jVfdQWwybWjDHMOkgRxLmDF414ruX 9++2eJpi8JsvZfP0fWZGmiqxHEN++f4qX3QfHhtVsmV++G4xDx0vQBsKSYzvi05T9dWJ/arLjppA KF36SSlIZvhsaoLaefH6EF6H2sgFdiKvXE4yDuhcQQIHhlt97OuEqzfWXAWG8XdmoOmFcqy8Joj/ h+fL++k6/Zr4EIu77wK55+7b3d/s2/n1vulz83ytj4vhvFAPh3Nxrw2zFrPgfshpj6qXgHiQNImP Wo74HrC5pwOBhwiQlTwAlUwkHI6W/f2Dqm4nB9NEavfNgURHSY5TTyUEaFmpwAvclPYoaVE7BV+a 5zupfFcwDy9sj4OA+A4i406BkgUSEd/bzILWXMZL0oop9xp5MFjnoGyAU15KglTUSYlyDoRFlU3s ElQ3xXuURHlNfWmc3vL1S74AT2KI0TS994yp7IASJPXNdWNazlgoKW5GfswX30WliiROud27nbzP cHz1ienQ8b3NRKjColP9f7it/pFZ54dpsgMGOr4Tyvzz37pHq95Y4LXBvGe4T9VgnOq716603MzT JmGYD+Y/mFSj+UE9uWeM71EYuYyybBwktIy+/DqMGAc/+v6tCxD4HZhfXDMehmU+XF4Cves1/Cmm vjpg/C6/DEtcBKqy1BES33MXD3/TuTD+b4KtwajOagH6K2egFIEKQHxxuQjse08i8JA2GFbrEhoD 1UtRgwpVd2dBuSg1zaamJmvnpEYKajmhNo8CfOdBLVQSpCcSG7VJUJKiaicqtaT2FhIjtXyUQWEn X4mkP9oboZaKcejIqyovV7IMhiAbGjsKNS5npKZhmlugOsgYBzWWkKgpSRYi3Wyk0wtCy83Nkn3Q xsHOwqk19RBSzRDVllMSXQRR8JsaXkagF668tFQ1iXhdIFguvHvUIE2N0+iO8tXVr6C7b0getDyA BDogt259o9NqvtxfD7VNucCEWmJ4PYy1Sv5mXhuhmoqq6Zk+10CZR/6ma7jfoEouGY5l5nN2Xr70 Pg9J19PH5ikJoELWRQ4CPgKjtukLFy5Ci0mFan5pb4f2FGBALTrs3FyecHYwKAFz8GAfpsmCr7/+ GhpjCnVQYn2QtDhg3bl9B0sdiZoOkpHbd25DU4g3EDJOakZmXNSa4iyMUUqn6v8HrQ9UMwsVdHLa SD2EFy5cUBzGMIgRO6bhKQLwlEfQJgfTYVzMK/FiuS99+aUqRqVmZSd5MxyVSdARH+pIZBkZbw/U cBWhrTU0QOU+VHldg7by4pIS1QI0gfIRU7aLa9euQTNLu7z37ntQlzYtXdB48/vf/15NGFy9elXq 79Rr+T768GPVpEKMmIYRoML+VPx5SAKk1oc8kJaSATphASQ4Ov4mOWZnQpUV/LjffMYwJVCLQx9u JGWIWqiW4m/6PQD9ak7JJn8zTA46E+11sEGuhsPDAMf7JAOSJB1/Mx+ZnIagB5MIqH8uHyqdOCXn NdUgcZ2O6ryYDwQRqhxiuvoDX5SSUqE+iUaBmC/m51HOKwuUvSYmS0dHB9R2DYOkpqUCREMiaX3w QE6dOqWd9+OPPDsTC5Aa2rF+OQCN1d9753ty6dIlTKOSQLhp0MU2LFXQ9XcbKuNL0EHzcvMgDY9J U0OjnH3mGSWmSuhlfOs7b8mVK1dgewK2OiBVcx2VGqRJniXQMs2w7Mj9/X1y/vyH0EH4jRw9Snsn K/LFF19gygadfsxfa6scPHhQ8aYth8wMbP5Afdmnn3wq3VC/dQDPPvv0Uzlx4oTmlUTGMD3Q8Fy3 f7+QFEhIl5GX2poaJbpCaNJuamqC9pMCKYIqs+bmJqixKobxrDs6uFyF39dffx1aUeqlEeU6efKk khWvP/74Y+QhQ372859DG/SAvPuXd+XIkSO6AdfS3Cznzp3TeFpaWuT5F56HRbRr0gUTAVWVVVpV jU2N0Ll4Qt588w35BHi3AQMOzlSnxTJcxIDAQY7+SIwnYevj/AfnoXewXH75q19Bc3OH1hXrtbys QlVkccA6fvy4pvXiiy9KPtadqUaqC8s/xI7tydzTg8BDBMiiBZJBYHXrdQBRBD7zpl2BdyhJrq6T LUFR6Xqn6UCC2IojSTrnjwl54XSW0hQ3Qdw1pQM6SmzOUapd79jwg+VrvT//b532QGUTpti5IJDu 7m41DsP0ysvKQQBF0gQJj6RM5ZWvvvaKShmvvvoq9Pi1KSnX1tYoiYyMjih53a2/iyWDIr3Hzk0p 7xg6IDUVUwLq7OjUPkeSrgepUCImuVEdOjHReIFhN6QeJKnSJkmETrUZQ6qiZFkMJa8HDh6AnZUu xWUcktH+ujpJgY47PsuBhHrl8mUlVSeJMY+jWEc9c+aMEuSxY8fVXsospDz64cBUgOUOSpCUcDm4 ULqrqqyWQ4cPqXScDvKl1JuTnQui5oAkupbbB1VRB+qQH5SZywokmCLoDCwGiV68eBF526/Y8V5Z eZnGOzMzDXMFp+Xu3bs6GpdCcu8HcXJNtn9wUMm6AhJwHcrFJYfa2lqVDolTZUUl4ruuEifri9Iz JUdizHLQD40xUbqj1MtnXL6gyQJiRAKm9OeJARyCzT0NCDw0Bd6LhQqktsDrcJeFnYTTLhJgIqZ1 2bDpQRJhp82FIk7uUnMpgISShbXH5qZmKFit1t/sWPmQkrhrzWliKiQvTg/LIdlSOiJpVe+r1o5a jw5OrdRU3MqpGu+T3DMgsXGKe+o0rPVByqGltNOnT6uUVAOJjFNeEifJ8OjRIyqRcTpI98orr8j1 69fl2XPP6tSTEtcJEG06/HdCmuWa7WuvvwareeNy/MRxLQ+N8FAqJdFkpGcoKSjRof+TTEncTJcG jJhHKhnl8alDkJSI0z48I2m89PJLSuQ8OXDs2DGQbJxKVSS2dMRbmE9rejly795dkA0UuEKqbH3Q Km++9aYSL0nq0KHDkPLzpRRSPcvIJZDrILSa/bVKeCwD71MCJ2nTHwcL2ksmKZKoKSmT/GohzZZg 3ZpT92zMcEZB9Jxel0Ey5JS+EOUg3mfPnVW+m4aa+dLyUgwc3qBqU2BtUk/FH9MGs41q5LSa6320 kaKbFSAzrge6WRElShKcztED4iVxcrpK85gxcVTh7vmh5NGDqSwtyLGDOsmVfhmGEXGzhtIKJRr6 p2Mn5bVOyZkm/NPxN8PQL6UXKu7klK6srEwlVRIC4+U3wzA9hiHBqIU8XDMszQponuM8pbcuDMNp GX3541oh1+tUWkK8fEZTnrr54fMbGIbXJFWm4crIb+KCTCEeTxKjP340D3jurllG3mN+GxsbVfo9 dfKUDjYkVWJFbOifcbKOmEf+d2Vg/eimCvBxzx1e9MNBh2HdN9OkP+LJsvIZBzKmYW7vI2AEuI06 5C4w1+i4oM+ORqfdgJ1hvejJB7jHFVDXWTyCUoryAuI5OxcdO586F8bXcYOF8Tzir+uDLkxAPjRd eOEGBOP2x78+jD8SX14Dfm+Wzmq+mI+Ny884kD3PixK0L9ubhAnEDKzqhffhwR+8Q9Il2XLJQMke 9xRnJgbnld8V1runf3lrAz8bhmFAhOOgw6UHKjpV+xwaof3ZywgEXQPcywV6knmntMI1rdn4OT0n 6etHXpLoIJQ29J6vo/OBk0DUk+vM6PxKIK4zkgxWe6XXkTUA7jrSWB+GzxmMDomy83v54V88YLiA 5+qPT9QfN5LcQ1/KGng1jJYlMG3E7u55ROMRk4uX0XnPeUcj00eaHuLZKIx6ZfldfpkF/va5R5Wf khrj0HQ0DNMOiM8fkXfh+QtSfj52ecClKytvu/zwiBdPOBj5EZWnwxkBbqce0TE5/aL0gV7ghdRO 4+twgXG5To172ul8/hjKSRquc2tc6+Lxh2FXZPQaN/56F6vp8z7D0gWk6f/NC/ec177IPK8IxwsX KaPR3/jiXRfO84w7dHjCh84F5jvQX8C1kgnT8MXtpYdI1scfGAbXmj6+NS9IT78DwwTmgdcB4fUR f9O5MLz23VuNC1feqyt8GuT52nsuvPq1P3seAZsC7/kqtAIYAobA4yLgLUA9bmgLZwgYAobAHkbA CHCHK8+tJ+1wspacIWAIBEHACDAIKE/yFg9J+3dkQ0yIa2T+dbqnNC6u34WrjIQo8HB8iJCFN64w ljOseIUxX+HGP9T6Y3gjwHCguMU4KP3x1Tl3Vm2LwTb0RiINV4dmp3FHezZMcIsP1hy72WKYjbyF M1/c4wlXGZlfxhUusonUuNQYPdpGuFw48Q9HnowAw4HiNuKwKfA2wDKvhsATRsAI8AkDbNEbAoZA 5CJgBBi5dWM5MwQMgSeMgBHgEwbYojcEDIHIRcAI8FF1494mCPAXuI4X5HGAT1w+0sNa7/bLEDAE dg4BI8BgWIO0qKtwFuqSFqAANJDwqAWZqp6o5onvBtMwE68D/QRGyV00c4aAIRCZCBgBBqmXOBDg QP+gfPjZBbkMtemT0DS9CCKj0tXevgE1uNSH59QKc/vOPVifG1QynJiYUq3UVNBJy3XzUP3U0toG fXPj+jxIUnbLEDAEdhEBU4YQDHwQICW7OOiOm56cgUr1ZsmCsk3aIU5OSoGJ0DnYkJiTS1e+hrr4 AdjTyFct0F/duAHFmgmwM5wNxaiJah60t7dfDtbVwoYKTAmYMwQMgYhCwAgwSHXw2CeVa/I7MSkB 5DYPtetUDw+Tm5lQ+glinIKRphhMgctKi1TB5zQMGKXCWlwcCHACpj/HMU0eH5uEIahiyYZ2aHOG gCEQeQgYAQarE7xhkZObrQabqPaetovvw1A8DStRlT12NmARbVbVpnN6TMNOtHCnJj+hn66qEmru 7zXK/poqSYY9CVqko9F2c4aAIRBZCJg6rA3qgzYyqGyTxp74ulmsqqDnq2e+14Koqh1hufnhXmNy Kuv5Khjt0NKvvioFP7xHv6Mww5kKi3Y0CRnqa1RMl3lg3kJ17vU11XUYYmTudSeHRyjREXvaew5H vlhzS9iwioeUHg63iLioJHWjDbDtpEHzBNxU4ydUx7iIfTjyRTMQnOmEI18sFzELF/6h4sTwJgGu Q5GNRlXeo9PR0eIcyWF2ioaMklWXJ4krBvdofJ0NzXVO1/EZbpF2LpwL47uULkr7NgQMgdARiGoC VLIDiVHao5RB2xI8/jIwMIR1vxk13l5eUSZ9sOlL40Unjh1VfxOTU97RF+BPq20JkAKoKZr2PXQt EPcSE2FoyIgv9BZqMRgCTxCBqCfAfhxrGYWN3CWQX3x8rLR39kh5abFOfWdxzGWqoUnaO7p0Ony/ sQVk2K/GtnnkpaqyTEZgB7cPNmmzYN6RFsf6Bvphha1UTh0HWdoZwCfYdC1qQyB0BEJfcAg9D7sW AyW0/II8qb/fpOslUzNzMgXpbpIqq5YX9fwfz/BVV1XCAlks7PhO6k5wOjY2KmBXdn5xAWYyh6QY 9oDnF+ZlFHZ+62CndnRkXG3l0kYuJcIJfIdrDWXXwLKEDYGnEIGolgBJgCk4unLiyCEpKS2Unu5+ qaoql/zcXF3fK6Ihc9jsbWltldqafTI5OanHYvJAeINDQ5KXky0lMA7Ow86lOO7CM4ApMIDO6e8g jG3T/i8XfLnwm5We/hQ2HyuSIbC3EbBdYNQfNzK428g1QX64Dug5fOM/1/Z095cGxPDP7ei6NT7u knnXnn9EstYSGSJjnIzbdoF90G7xy3aBtwhUgDfbBQ4A4xGXUS0BOmz8a3V+4nNPvO/lwB1d9yjQ 7/q1vsBnzr99GwKGQMQhENVrgBFXG5YhQ8AQ2FEEjAB3FG5LzBAwBCIJASPASKoNy4shYAjsKAJG gDsKtyVmCBgCkYSAEWAk1YblxRAwBHYUASPAHYXbEjMEDIFIQsCOwexCbfCYIM8EhuoYB0ewcMQF 9YeygvjCEZeLw32HVE4fVmGJK6SMWOCnEQEjwF2o1Zm5ZVlcWQhZWQKVN9DFxnnfoRTFU/u1JHFL 7hD448cWznzxAPrycnjyxRLFq5rbxy+bhXy6EDAC3IX6/LK+V2YWQk94eQVvryCaGChhCNXxTRa+ rcJ3nkN1zJe+QROGuMKWL32jJ0ZeOlIgeUl8MyfUUlr4pwEBI8BdqMXz17ulaxg2R8JAELuQ/T2Z JF/OSUyIkZP7siU/G1q97W2dPVmP4c501BGgW0ty7/GuAZTrciF0DMYdGO9Gaam2aZBfHBfezO0I AqxWG3B2BOo9lUhUESCVGExC3RXf/U1TtfRQjR5AeoswY0k1+H7iQlUqqWG+RG+bORLfzOysKkgl iTKtCWiP4RpWGuyIJEAFvjlDwBCILASihgBJZAtQavBN/T0ZGhmVMyePSmpKqqRBe/M0iCsJaqva OjulHMpMM2ECk+S1BP8pKckyBj1/GVBntQi7wLMwjE7dfklQlU/LcVMwiqRW30B69Xcb5fDB/UqE VIl141a9qtB64blnoGILNkAiq+4tN4ZA1CMQNQRICS05OUmqKytUqluYX5Ivbl2V/bX7oO6+T3Jz c+R+Uwu0PWfAhm+O3IWS1DmQXWF+rnTDtm8hFKeOT8DU5cQYiC8eluCyVI1WJ1TlP3v6lJLgADRD S8yKTMN+SF1dDRSplks34i6E/sBFGEp3kmXUtzoDwBCIEASihgCJdwxIMCExXqW6ickJ2PxI0ilq PJSeUpKrhJbnNGh7pg66BNwbnRmVYWiEzs/Lw/MZXR8sKiiS2HhIfpPTMgsN0cmIY3kF1tkwRU6A 1EfSpClNTrUzMM1OAelSUpQAG0kRUveWDUMg6hGIKgLkFDQdGptLiosx/SVxreC6SA0aqXU3KEYl Ea7k50lBYT60PydKESS/1vZOaIqu0HU9KkeNi42TBdgLYXyDg8OSnZWl0+IDtTUq5Q1AWzTtitAy HNPy6xuM+uZmABgCkYVAdBEgCI+bH+n40J05eVylulyotvcc7fhCWMMmSQUIjHY/OHUuLMhfs7vr 86xfZVCFTyKk1EiD6LiSSliSc7vBmTCYTotz5gwBQyDyEIgqAiT8JCYSljpcc11uGkaQ6FKxIeKI i34o5VG9OE1f6n3Oc8mQ7ltDrehmCTdGVJU+n6+mEHClnu2PIWAIRBACUUeA67HnWl1za7vuBnOj g/QVj6kw1/NGRsbUPjA3SHichTu7E5giZ+BYy/TMrG6qcJ2vpb1NMrBznK73ZzAlzlRj6Y5M16dp vw0BQyAyEIhqAiRBfXPnrgwMDUsp1gLbOjpU2tNzezB2Pjs3i1fN4qSzu0/ycrMgES7iugcW4qrg twvT5BI5Cfu/97B7XFZcqDVK0jx4sA7xFYJMvSk1jxDaDnBkNHjLhSEQiEDoL34GxraHrklI8yC0 RbxoT/JbwFR3HgehExLiJRln/BqbWyHRZeAM4BhobFkKcJRleGxUpUCeD6QR9DHsApNESwoLJCsj U8//5WAHeGxsDJspUzKF55xezyFenTbvIXwsq4ZANCAQtRIgiSs5OVHP6HHndz/s/g4MDEpqWooU g9AWYMu3rKRIp7U0iM7D04fq6qSnr0+KsfFBAk2CTWFucJRhs2RsfELKSks1jkLsII/iN5cKY2Pi cBRmWVJxHIbTa3OGgCEQOQhELQGyCkiChw7s92oD11wD5CYHierEsSN67IXrehARvc0P3C8GudHl Yp2Pqli4SVKMXWJ+6KqwA6wbJfrL+8P4nF1g3kES+A1y5IW5HUHAYW6I7wjceyaRqCZA1hLf2fW7 AEJyZ/e0wwTc9/vlha836e6ve7CRX/cc36nJcZKRHI83Sbg6GIJzvTnEaPw5YHzhiCsC88UBJyke ZzhRvi1UkR8Su3i6EYh6AtyN6n35aJHMLEL7smPQx8yEI15qlwnVkSAwHOjaZuhxeQwYjnwRouUw 5Is54oCTlgIFGOYMAR8CRoC70BReP1WqmymhSiJLfL8Y+Y/Fa3uhOioxpSbneOx+h+qYL7q4MORr BflaClO+SIILc/PeeU3Nof2JdgRCb+3RjuBjlH8J4hb6NKZinqT0GFFoEMZBAlyBAoZQHVXi8xPj iYIhRcd8qQtDvnj+kniFI19EKXSkfGWzr6cCgag9BvNU1J4VwhAwBEJCwAgwJPgssCFgCOxlBIwA 93LtWd4NAUMgJARsDTAk+B4zMA5HSwyhd4tljxuPb/d3O1bhdN0xxHQfM7sWzBCINASMAHehRlZm 22UF9ndD3AOBggYoYkX+V6CfcEsOCcYkZEHbAw9t23bAljAzT081AkaAu1C9S73/G+8g90EK3CJx bZBH7iJT0fSWFS2szEts9psSW/wrCJ/eUZUNorbbhkBUIGAEuAvVvDJ6EfzTiJTDA/+WZbllaLdJ LEG6JF4jwF2oeksywhAITw+MsEJtJTvORixfhdsygayL2LcCt/3wumaH/aftrN2tS/uxfmp6LteP FYMFMgSeKgSijgDZ/Xngt627G1NHKEDIL4BxJM8+MLXCTEF9FcmxAHZBxmEOc2Z2Tq/10DIX7Xyv nTEeqrmKgcGjBChQ9Tv/a2mk1VWyCfXQsz9+uzAEDIGwIRB1BEgCW1hagNnLRiU+Gi6iUSNS1SR0 +A3AyFESVFfRXxN0AiYmJUhJUaF09fTi+bQU5OWqBphYkF5HZ5dqjj5Utx+ao+dgPhOKU2FfhPHM 45WrDNgDoRZp6hnMwf2YnZb4wtZMLCJD4OlEIPoIEPXId16pqDQ+LkPt9o5D3x/vUfKjQXSSYVNL K9TeT+O90WSt+ZYHbRIPZamTeO52b/v7ByQfkiItyo2Nj8s9kCqtzE1NT/H9NEmH3wWQXzyMrlOt vu28KpT2xxCIGASi8iA0DRjxpf84mLik+vtxKC8dnxjHWh6UnEIbNJWcUuszr52hJNUSiFktJT8S 5uj4mBRAB2B8QpxahKMESK3SJEKGy87JhCLUZJUckyBF0s6IOUPAEIgsBKJOAuTKXHx8nBw5dEDi QYTZmJqOjI6qVJeVmaEmMakNmlPgKRhMys3LUe0h+6qr9HcJtEQPpA+pfxo/IhkugjAzs9Ll0MH9 SnokTRIeiTQL0+CykhK9jqyqt9wYAoZA1BEgmYsSYE11pe7ecrpL272Bzr99UeTdXYadYNr9WIY2 aGrxq6qg/V/PkTQZZ3Zmln7cfRLo7MyMHAbRZqSnwQvkS9wzZwgYApGDQFROgQm/29Ul2TlHYhyG 7Q8aNOK6Xj9shIyMwsAR1gvnIRVymssNjkAi4zU/Spr4npqekaHhEY0yKTFRinyq8l0a9m0IGAKR g0D0SYAB2JO4ZiCl9fYPShGkOx57uXe/SaqrKvW6/h6uYeNjAeuB3BCpLC8FCc7L+NgE9zggOWZg 13gQhpPSMPVNklHffa4pFmJzZNFHjAFJ2qUhYAhEEALRTYA4w0cJj6RHKW9yclqmIeUNDAzpEb5p HHuhdbc52AeenJoBSRbAKly/7hKTPIch6ZHs4rChkp+bKw1NLVKKNUJKl1Q34FTWs77Doh4+ghqO ZcUQeBoQiG4CBJVxyjq/MK/SWywORqelJMM2cJxKeulYuyPRUcKjeUvuDK+4N0cgAVJVO4/BjEHy 4y7y3Py8xpUAVfCDg0NKlNxZRiDJy8+1UzBPQ4+xMjxVCEQ1AZLMcrCTe/hgnZDseCh6HiRWALLi Oh43PLhBouf8QHAZIMKMjBqcFfTWAbnDC4aUXOwkz+Hgc3p6OjY80rEeCPmPmx5YU+S2xwoOQFM7 fOB641PViqwwhsAeRSCqCZBT1Hy82cHPGgdSy8L6HsnNOR55cRsdudlQKUXH54jD87eW4daTHdOi NKluBTpc+FF69G7tyF9N03QB7gjWlsieQCCqCZA1tJ6otNZIanTu2/vluxUQwj133wH+NruMSSqG JqxZeAntcLTLySpNb5Yqni3PIV17I+URKNnjKEIg6glwN+o6tvjXMNA9jaS3TF1Bs0lNNoyBU+0t OUiAMSn7QYSmCmtLeJmnpx4BI8BdqOLY7DckDmcEtyk4PpTTlceyC0y50abBD4FpN6ISASPAXal2 lduQcqhE5CRINxnelcJYoobAnkXACHBXqo6EFQ7SCkccuwKAJWoIRAQCW1w8ioi8WiYMAUPAEAgr AkaAYYXTIjMEDIG9hIBNgXehtjjq8LPizgU+Zh44AeYqYFhes0NemJ9wxOUm5sHiCnw98DGLbcEM gbAhYAQYNii3HtHA3JzE4ghLqNvA1DdIF0f9hSG6JdhJgbEUvNcc2tlEZkPjwhpnsHzlYPc7Ecd2 HEmGmG0LbgiEhIARYEjwPV7gD/sGZAyG0d0e7uPFwm0UF0eoMTEHqvMaeQo9Li8mSqdr46JE+OOK EimFwlgzEvW4tW7hwomAEWA40dxiXAPUOEMbJFv0/zR4o6waBwJcQLnX0uLTUDorw15FwDZBNqg5 vrebADVX62158L77MGjgdbCo+DyYC343mM+n4x7LG21lfjpq7ukuhRFgkPolaVG7y636u9Lc2qbT NU7fSIbUAdje0aV6BJOSEqUPluFGRsZ084AapfUDv/TP69nZWVWhFSQZu2UIGAK7jIBNgYNUACWV CRg7au/olmRYeAOtSXpGKkxcLsoMlKNSVT79jI6Nye36e3Li2BHoBcxRxaqLsB9SDDvC3KBYhJ7B 23cboGG6Qur2VdvCfxCs7ZYhsJsIGAEGQx/S2+LykkpvMVDk19PfJxlT6TIGlfnx8QmwKTwrE7AN Mjo2DrOZaUp209AY3QdipJlNaoZO95nbXIaOwfTUVJ0q28J/MLDtniGwewjYFHgD7Ln+x6lwUmKS ZMHiWw+muvMwcp6UmADFp5AGcfRkEXaAFxbnJQV+aDSdvycnpqBfMEd6sdM7v7ComqCpdt/IbwOg 7bYhsIsImAQYBHwe1qVC1BefPQtiS5BUGDjPz83W60T85nOqoiLhLWHKmwVlqVzv41SYZ/uoFZrh GZZEugitLWsUogZJ024ZAobAziNgBBgMc5AYDwTnwd6H7lxCEszFhkewXUy3y0sJLweaovXtDPqH lmnn36S/YCDbPUNg9xGwKfAmdcBza7qbCyaLC9jhpY0Q3RUGSXKzpA/TXUp69MMw6hffzjmSdL/t 2xAwBCIDAZMAN6iHWJjM7O7t182MSRhBolF07uxmZWZIZ1ePlJYW6/GW2/X3paAgT2Zw3IWf0pJi 6erukerKCklLTVljGnODpOy2IWAI7BICRoAbAB8DS248w9fQ0ARLcOkyODQsKTCZOQBzlyTH5pZW THFhPCkzXYaGRnDkBermIfQ1NLfIHMjyUF2tEqaL3qRAh4R9GwKRg4BNgTeoC25yFOTlqWH0kuIi 2N2Ik8SEREkGCebBCDoPQXORb2RsUtf+5hfmYC5zUjdM8nJzpBsG1AeHhrAb3C+9kCRJmuYMAUMg shAwCXCD+uDGBaewL73wrNoOPoujLrFxsSDBBJBhjJQU47AzdoBnIO3RXvAcNLxwisxzgAxLm8M0 pq7XUH2PW+YMAUMgwhAwAtysQjCnzYPRc7rsHNgCBoutn8qmg/xolY2SYeBz3Q1GOMd7JEIXVo/R BDxj/NHgYmwUiIZq3lNlNALcYnXpBDZgZ9cFU1IjufFGwHM34XXfzj+/c6ETLwb69yAfBt7e9rUL HSyN7UamceFPQBG2G4Xff7B8qTYYDBTxWFs1ZwhECgJGgLtQE29i+hyLqTSlwlAc1ynpeAg7VEep lNN2HvEJ1W2Wr9zkRNsZDxVgCx82BIwAwwbl1iMqxnQ5Ue0Ch0aAXIOk9BcbDtJCXCTBeJxnDNUx X3QbkWlopQ41dxbeEFhFIHTRYTUuu9oFBMIx/WW23frkLhTBkjQEdg0BI8Bdgz48CYdLmgpXPOEp lcViCOwMAkaAO4OzpWIIGAIRiIARYARWimXJEDAEdgaB0Fe8dyafT1cq3LXV4yAhTjyhrFVdOI6W 8E0VRheOuDbNFxIJcff76WoMVprdRMAIcDfQnximibTQU/bttmK7NfS4oAFbeSsccW2Wr1QcKI/D a4QhnoEMvcAWgyEgYgS4C61g5cpvZXkGJBjiqWP3ZsVKiPEoBBDMYkBK4YjLEwCDxAXpMualfxTJ r4QRdu+ozC7Ab0kaAn4EjAD9UOzcxcoQLM2N9fCgXFgS9U2EIzsuvPmCA4sSszgTMvGHpaAWiSEA BKKWAKnQlAd/neM5uO2+mbFRmPX316flpYm0SQpR41hWvLkSTUWOmrrduwWNyl1gvqo1DItufIWM bz6QsBZg8IhEpdqesSHAZ+5De8CqARrf7u0GxsE3Htx9Lyw0QkNjzML8vL9FrKwsS2dPX/COz2XA aPkoImFY9/QjaxeGQOgIRJ0ESLKjdbc7d+7Lvqpy6O3rk9KiIrl87Ya8+tIL0N/XCyWnmSoNLsIf 1+nGYQ6zEhqeOzo61Urc0SMHYQO4QVpaO+TF589JU/MD1RA9MjyqBpKu3bojtdWVcuRQHQyoT0hP T49UQIN0oMQZetVZDIaAIRAqAlFHgAQMy/PQ3bck91seqM3eju4uyc7IlJnpKWlofCDFxQUyPj4p dbXV0jvQL5mw8nbz1m3o+ksDGU7J1PQ0JL0EKEbNlo7Obuno7pZZ6AMcHx+XkvlC2AeJlVyoz6Jt kP7+QTWQpBseAVPuUCvOwhsChkDoCETlFJhSYHJykioypbnLlGQYLse0d3pmDlPiOL2fk50pRQX5 sry4DBIbktS0FGlv71RTmAkwjp6VlSHjsBVC/1w7zMnOllQoUB0dm5BcXNMuMKfJQyOjUox4tru+ GHrVWgyGgCHwKASiTgIkESVBE8tJ2vCFo5ZnsJPMYd0uLi5eySoBxs+pYSURxs7PnDyOtb5lGYN0 x3AH9tfqOh9NYJ7FM9oJKYD5zFR8l0F1Ps1pcp1wfmEeRtMXpaykCGSbrGRI4jVnCBgCkYNA1BEg oScRqU2PgHpIgH4+OhIaCZGbGtywpFRH/ykpSVJUWCAJIEWSKO9lYq2QE+rsLC9sAgiS4UhzjA+X IMAS9Ytb5gwBQyDCEIjKKfCmdQByo92PbkxhaQ6T9n5JaCRMkqPbEaaRo3igiUVrAAARdElEQVSs 9Tmpjru/CZD+uDN8q/4eptPT+iyGEqY5Q8AQiEgEolICfFRN3LxdLw1NzXL21AlpaWuXkqJCNYA+ MjYGAsQ02WcQqbunV44fOSTJSUlyr6EZpjEXhNPne/ea5OihA14yIFRzhoAhEJkIGAEG1Aunr7T7 y/W+7KwsudfYgk2PeZmcmpbp6RmJp2nMpASpv3tfkrCJwt3hlrZOqaosk6HhEWh5TsAO8QyMoxfq +UJugjgJ0TZBAoC2S0MgQhAwAgyoCL4Hm4Rp7uTktCxh9zc/PweEOCy5WZl6pIVmMjkV7sPRlrjY eP0+eKBGEjFNnp9bwLR3RirLS9VUZmt7h06fFxeX9NhNVUUZlxbNGQKGQAQhYAQYUBk0CpSemirn zp7Euh82PkB4XAdMTUlRXzwqw3/lZaW6ETIzM6uSItf/Tp86ip1ez5aw/y0RnAMk55H4jPwCgLZL QyBCEDACDFIRfBMEc1dlLR53We8SfK9Qp+B4Cx2ntxkZ6bhY73P1t9s51jt4PU61oXB3JVoc33sm ppuBFC1YWDkjBgEjwI2qYrsi2ybktz6JmLRc6N5bBCGEtkPskgwHj+5IXCxvLHQBbhfb9QDab0Mg TAgYAYYJyG1F88o/4rwgp8eOdrYV2u95mUpM8SsGmzOhOipt4NSdu9yhOuaLLjZYvjLyQYCQgM0Z AhGAQOitPQIKsdeyEJNRKNgyRrZDI0DBRo06nEcM2S0hLyBASQidTDfNF4tsEmDI1WURhAcBI8Dw 4Lj9WLgeFrIg5CPQlXBMgpkZxBeWuDbLl+/Z9hGzEIZA2BEwAgw7pFuMUKWgcJFBuOJh3iM1ri3i at4MgW0gEIa50zZSM6+GgCFgCEQQAkaAEVQZlhVDwBDYWQRsCryzeGtqeqAay3ae3pjHz8CKHszG bquer3v8eDQk4mKOwhEX80UXLC7Tiq3Q2J8IQcAIcBcqYnpiRubjFrEHEtouyApes6OLgRaakB10 HvJNltgw7AKv6O40VIatyxdpMRlqxeKYRjiXGkMuvEUQrQgYAe5CzZ//t0syOTIdVELaTnYcfYZj HYN8xE844gqWL555pImAt379shRVQNM2CNecIbDbCBgB7kINjPSPyUgvrNKF4/zeLuT/cZLkq4Bq MW9h0a8h53HisTCGQDgRCMeAH8787EhcNHdJtfW66uUtVz1SGqNaq8A1rfW/t51xX7rbDrfXA9jU d6/X4FOV/6gjQJJYX/+ANMOU5RLefOC61yK0OHf29qkOPxLbqtZnzzYw701MTEo3wlHVPTVGj8DY 0eDQiIZRMmU4rHkxfmdPmNe8x/DmDAFDIPIQiKopMAlpYGhYbnxTD7OV2dI/PKymLGurq1Wj8wRM YdbAVnBrR5fk5uaosfTFpUWpriiHctQm2PcolsamFjWpSdX3oDpZWlmSSZjKLC4qkPbOHjWCNAqF qnF4DzYjI026unpgU7jcr1Ir8pqA5cgQiF4EoosAMe3tg8bnLKiuOnygVj746ILuSqZAByDd0PAQ zFqOySD85OXlytjYuFqP49GN8fEJqamukrsNTaoDkKSXX5Aj12/e0ak0FQm0QQnq+OSEEmIWlKg+ aJ0VqtHnsZfDB+tU2ozepmYlNwQiD4GoIkAqPC0pzJerHd0qBdbUVAqlvpGRESksyFNbwTOzs/o6 LNXdc3qcDbvBdIlQXjAx6fmlJhfaBZ6e9NTkJyUnqDZoEibNYjLsMCTNLNgWptSZmZ5hxz4ir+1b jgwBn2bPKAFiCWqYaLT8uXOnoMJ+Xqe5JDxOZxMTk3ybIjFSVV4uaWmQCrF0l6xaWwQSYx2mz0OY 6harwSMaSp+dnQNyWENcWFLD6ZwGMx46GtVMSkpW+yI5mG4vQYq0lUCFxv4YAhGDQFRJgDzoRrsf 1PhMXQScmmZAWltvsKgA0qDTCM2a4vQ2Ly8HdoAzsJ63KKk+TdDcDHH+uNHhNESTFEl3JMHklEKo v8OZN03QKDBiWr5lxBAAAlG3C+x00YGvlJTWk5+/VZCwfC4eRo+4s5sMS3DZGRm6q8udX+4WMxoS 4fz8glqU6+7pkw5shvDZEg77trV32i6wA9K+DYEIQyC6JMDHAJ8k1tTcKNmwDUILb30DA3Jwfy2O wAzrbnBBfh6et8J2cIGM46jM5a9vyKnjR2RqakrNafbAdnAKLMkVwbbwhmT7GPmyIIaAIRA6AkaA m2DIae0MTF3eud8I0tsnnV29WAMslCvXbsBa3ATMYSbiXo/k48jMDNYDe/sGJBMSIl/5uvzVdZ1q F2DTZXB0VEpKiiARrkqVmyRrjwwBQ2CHEIi+KfA2geXrW2mwFTwwOCozcyA5HJjOxhGX+LhEycCa YBY+PCA9h2cJCfGSjiM2NTXV0tbRKcUgv7HRcclIfXidcZvZMO+GgCHwBBAwCXATUDllTUpKkrOn T0oyvq/fvC3VOChNKXBfVYVOaWkzuBjHXzJBfBUwfs41wZlpGkgvl2zs/o7j6ExpSaGuB9obIZuA bY8MgV1AwAjwEaBz84O2gUleZ04dlyRshJDkuHvsXAEOTXNyG0hwzz5zSkmzrrbGefN/83whd4aj SR8KBxPipkD5kbALQ2B3ETAC3CL+7MApmAoH28hwK3vuGc//cZfZ/V6fRFauZ0Sd0+tQnDOrGapi VeZBy0CS0u3xUHLFuDxEAvNFLGJR3vhE0wUYGroWOpwIGAFuA82NCO3hKEABjhUffihv/8Mr0EZD 6DfxFCTc+ltOpx6JJVS3AqmU5x35JkuobrN8Jacm68HzUNOw8IZAOBAwAgwHituMIyU9WdcWORUO xS1BUQOnlbFhMmauhtHjcbg7RMd80Xkkvz6y0Mq8Pjb7bQiEgoARYCjohRDWkybDRQbhiocFitS4 QgDbghoCGyBgBLgBME/sNtbYlvHu8eLCQshUQ4mNEmA4DA3ppsxm8/ZtAMJ80W19yWDjyMOZL1I7 sdcF2o2T3PITvkPOOMOxbqpxcWMMm26hOo0rTOu5xCsmTPliucLRJkLFJzC8EWAgGk/4mpWfBtVb s1DAsAACDNW5xhSODqhyX5g6TTjzRYwYXzjK6I8rDNj74wrDppGLi8SsO+W8EYILN17hyheLlIyN xEhyMVPT0+Gc80RS2SwvhoAhYAhsikDo8vam0dtDQ8AQMAQiFwEjwMitG8uZIWAIPGEEjACfMMAW vSFgCEQuAkaAu1A3VJPPhWq+ZsfF/VgoZt3KIr/n1wvjss24/PfdzS18M0xgHgKvXZxbiEa9uLy7 fATG5d3b3tI+0+dbMmvjXS3nVvNFf4xDd8vx7X678hH/7Tj6Z9kYp+ZtTR2u5nercbq4NF/4s9oe GNdWY2E4X10ikMvjalxba1suNZbLq7+H4+IzphXo3D3FAw+836s4reZje1gHpvEkr+N+85vf/POT TMDiXosAFak2NDTL1zdvSRLU5zc0NssclKnSEBN1DrqGtDaU1znGYG3uo88uqjaaq9duyuDAII5h xMjt+ntqhW5yahq2SqjtevN9LZJLT2+/XIHKLva0fug4vAFFD9yh+wZx0eZJH7TeUAv2oxzzOz09 jbhuyDDUfi3C8PmXX13TOB60dahexOHhMUmHiQEqln2UIz7UtXjpytfQplMgn1+8LCOjY8BoXpqa PFOmc7Pz0M69NQ07Fy5dQfkGkX4a4rymtloWoNex/n4DDpDHqbozavp+FGbsyI2NLXL77n1oB0qV +03NakkwERqAbty6A52PSdI/OKyq0TY7lkS8qFfy0wtfyp17DbhelJYHrdIOtWrEnXVJnEahRYiW CzeLi1gSr67uXoS7rxgNoR1dY10iP/egxm0e9TEEPKnBaKO25eqEZRxAeNYlzT3MzMxCrds1bVsP YPBrCoo9hmEKNgOKP5guyZA6MM9/8rnkZGXJ1zduSU9fH4yOZcgXl6/CwNg46n8axsHa9e0fmqHI wLNHYe3ysxPfRoA7gXJAGkto/N+g4Z84ekS+uXMXzAZTneigJCI20iQoTw3m2GioebqvfwiGnCak oCBfG/cYSIcNjdbsaKgpHcdsqOp/M8eOwA6WBcKlJbvJiWk5evSg3GWHmVsE4YygZ8HwE0wHJCY+ +s0QdgaePevt75fB4REohD0mjbC7PAsVYbSmNz8/h7xlBZgMCJ475otqxa5+fRP6FWdUg04hSJAW +Ej+4+hMIyNj0LKTBTOjKCf8b+b4pk0DzJhSbdnE5BRswGTLNI4gMa7RkXE1cpWJMqalpmwhrmX5 4GN2dKhCQz2wDqpg7rQB5ZwDUQyjDtKgGSg9PV1tQW+WLz4rzM+VWYSbAzZUrJGUlCA90CZO0hmC uVZqF0pLT1OJbrO4qHm8vbMTny4l1inorzx66KASPMvPgRWReG3LZ99mo/hYj63t7fr43v0m1MGs nDl5QurRXnlAniZlaUM7JytbtaN7bTJR+qEHc2xiXPJyc6EkeEWaW1qFSkAmJiYwKI4JTproIEbt SKlbwHqj/D2J+5Eplz6JkkZInDFojOy342gc6WjgZ08eV5vBtCL31fVbaoluo6zSMl0CpIMYNFR2 lLm5Wdm/v0Zqa6t1RL5df1e6env1eqM4eJ8Nl3oMGxuapKKsFOS7oh06G2TwPAxGkfSGBobkKyh+ pVSwmSMJkegoqWCCBC03iAtli4+LkRfOnUXZktHJl+Tipasq7TwqLpaL+AxAmqL0QIW0s4vzcuTw QakoLQK5xCJfNyHVDKGcm+dtaXFB9lVXQkIFgWKAILnyDOYREEQ11JlRgrl+8xtVZMvOv5kjZpQY EyC194Pol0EIYyDBitISOX7ssMQDpyZIcg3NLY8kQE96ipMplLUM+E/NzEG6mpE61GUd6pJkePN2 PUwrdD8yLsr6U9OzKoGxfDy4PAGpLD05Rc6dhRq3lCQtOzFzB9Q3KiefF+QXYGCdV61HCXgtchzE xvw8c+okrBum6aBx5etreo6Vdc+2koABgXVPqXEeeWCa1Ig+C4nv9Imj0JZeiNlOgnx5+WsMYKOP bFMb5e9J3DcJ8Emgukmc7LScNnWDqI6iU1Oq49QzF6Mnp4l50C69oUMn5EnZsuIiGYYpz/S0dO3I C3MLUl5WgkcxUopnbJCbOeaB2qs5otNiHU2C9kKp69FDB1QS4jSFUhMlUk7L2fk3cuwElGo7MQ3j lJXEQomkrqZGCZ6dvTAfJkch2VKa28wxHepfrKwohfW+HBD7Punq6ZG87FypKC9RibcchENSLoGR +vhHvQONvPWjXImIk2Xr6etXoqhA/JxSV5RBfyPwLIW2bg4smzmWIwMEMAlyP3rkEDARaAWfUnvP CyCdkqIinSoWoYye1qCNYyPxTkFnJO1Tl6Icw5D4EkAQ+/dVK0mXlpSC3GOkBHVJPDbDn5JZIvJO aa0KuioL0I56+nrlsLateJWUcyExs23lbta2fNmlhDcMKZt4lRQXSntHlxzYv18lN7Yr1mUSjIIV Ygbid8CwvBTlALnRmiIlUGpPz4PEXYb6or2c8tJSDNyxaLuFULixOdb+eHfgwg5C7wDIDyWBXsd/ KzDTyR6I9uN3mzd28h/C4Z9O/xCQEpf2YvTIGKwhaZz+2Da+YHidKiO8pglSUet1CKJx+4I+Kj8u BW4srNIkS+SL15WPz32vyLkwm327PDhsdC0McSCzmr+t5ouY0BEzXjGPDOvl0Cvr1uNCYGKMcih+ iITTTF5rnJSWEfdW40NA9e/KquH897ZZl74ysmTaRta0LZbayyMuHulI0CiGz3lI+fOGu3i8Zqbi y7Li4ID1QjmsER/xh0d9SXI1cpfIrn0bAe4a9JawIWAI7DYC3vC427mw9A0BQ8AQ2AUEjAB3AXRL 0hAwBCIDASPAyKgHy4UhYAjsAgJGgLsAuiVpCBgCkYGAEWBk1IPlwhAwBHYBASPAXQDdkjQEDIHI QMAIMDLqwXJhCBgCu4DA/weZmre0iiE9ewAAAABJRU5ErkJggg== --Apple-Mail=_7F21D98A-EF23-45E9-81B3-A2FB90EF8444-- --Apple-Mail=_E35BC5C0-E6D6-45C7-BB03-0CA46413DF5E-- --Apple-Mail=_5078B863-FC5B-4C30-AE75-BD7273CA63BE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXRzAQwAKCRBugA9nE248 uIX/AKCI88VL9DOtkMCj2gL/CZas+InEDQCbB4Ndinl+L2gyA2clbvybyijFaQ8= =RkX1 -----END PGP SIGNATURE----- --Apple-Mail=_5078B863-FC5B-4C30-AE75-BD7273CA63BE-- From nobody Sun Jul 7 07:24:01 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB5691200A4 for ; Sun, 7 Jul 2019 07:23:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.452 X-Spam-Level: X-Spam-Status: No, score=-0.452 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KnX8lIaRmyJw for ; Sun, 7 Jul 2019 07:23:46 -0700 (PDT) Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0526120194 for ; Sun, 7 Jul 2019 07:23:45 -0700 (PDT) Received: by mail-io1-xd35.google.com with SMTP id k8so29178897iot.1 for ; Sun, 07 Jul 2019 07:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z+9QjOXSRruMcnb8Mo6Ypp111ho8c0GeLSYQ9Rh7HxM=; b=FLuw93GK1va9BYICIQ01xDamkGbqkokNAC+r0Le7S6N7j82Xj8J0eHJLP6G5vueJV5 luXv0uKWCTrHxw+h3jv2cUgSYIP2C5sorYXzWOqJi1NJ2QXQMpmBSRBJYt0MKm7Gt43o CaOquAvZ53p+zlKOPPtF7bBbGYc9boqQ/d+x5GAu+8HvcuSLtG++saURO7+5r5kinjBM 7mJ6sugF+Sc1aNpu1UpyEkSdZGq6Ndq57DI/a5DpFI351FEKMIZ/5ZdzQqi/XG/fonrd uW6X6NSHAJwfMwOyywlGofBQLdcqHYIHtjV+5bbjLJWvpK8cL6SIWfz2E7r8VMwt36h5 68CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z+9QjOXSRruMcnb8Mo6Ypp111ho8c0GeLSYQ9Rh7HxM=; b=Ikn3sMbhbE4gv4vY8CzvJx7M9kDQRSb7vaQYRaQw9OTlAi6ImKQ55BRRE4ZWG0+m4O pdM58Lp2N8uqDcPR6o7wDxF1AWfyhS9s6F9iu2iLA4P6BLCJZ+FQ+kFpWe8ajU2D9w1M U/9lzilkCYfdsf3p1xzIbvlziwimwNAo+W8XQDntuCmY6K1UQM2SqSZG+brQzmP0c8/h bRtWgSQxcaGxplsgdQASQrf4orC04wCxjuvY882PwvqoJ20OxnzjNL55OmnCtk66zF4Z 6mCYXEzmhEZpODuhOrPlNVFvUDX1Eq6EutxMpJ+wqDWusvjKkKf4Tl73FTsOGaJElc0C ZKLA== X-Gm-Message-State: APjAAAUWTHQQWZ1cALcEf+Ko/PxCs5zLaRGi80c2GZvmntNw/SaWq3Ux BbUkorXJ2Khx1NrxUYSgJjvKFywS0kAoNIJSKV8= X-Google-Smtp-Source: APXvYqxjMbLwYsQ5mPiPdN6a4Kj3PDEj9BWw2FvFUi/6HA4wl5kzuFRjVVrmsUXxkIabrccOSFZxywA+e6hQViV47qk= X-Received: by 2002:a6b:7317:: with SMTP id e23mr11975627ioh.37.1562509424515; Sun, 07 Jul 2019 07:23:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "M. Ranganathan" Date: Sun, 7 Jul 2019 10:23:08 -0400 Message-ID: To: Eliot Lear Cc: mud@ietf.org, collaborators-mitigating-iot-ddos-nccoe@list.nist.gov Content-Type: multipart/related; boundary="00000000000034ffbe058d1813a4" Archived-At: Subject: Re: [Mud] Hackathon survey results X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 14:24:00 -0000 --00000000000034ffbe058d1813a4 Content-Type: multipart/alternative; boundary="00000000000034ffbc058d1813a3" --00000000000034ffbc058d1813a3 Content-Type: text/plain; charset="UTF-8" Hello Eliot, Thanks for the survey. Please let us know by Wednesday next week if anybody ( i.e. "manufacturers" especially ) have signed up to bring IOT devices for interop testing so we, the MUD implementers can know whether or not to bring a lot of gear. I prefer to travel light if nobody signs up. If anybody does sign up, we should spin up MUD profiles for these devices. Best regards, Ranga On Wed, Jul 3, 2019 at 10:48 AM Eliot Lear wrote: > Hi everyone, > > Here are the poll results for the Hackathon. I think we need to do some > work on reporting and interoperability testing. I will also be prepared to > work on controller/mycontroller registration protocol (left undefined in > the spec). The BYIOT requires that people really BYIOT. > > Eliot > > > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > -- M. Ranganathan --00000000000034ffbc058d1813a3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello Eliot,

Thanks for the = survey. Please let us know by Wednesday next week if anybody ( i.e. "m= anufacturers" especially ) have signed up to bring IOT devices for int= erop testing so we, the MUD implementers can know whether or not to bring a= lot of gear. I prefer to travel light if nobody signs up. If anybody does = sign up, we should spin up MUD profiles for these devices.
Best regards,

Ranga



<= div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 3, 2019 at 10:48 AM Eliot = Lear <lear@cisco.com> wrote:
Hi everyone,

Here are= the poll results for the Hackathon.=C2=A0 I think we need to do some work = on reporting and interoperability testing.=C2=A0 I will also be prepared to= work on controller/mycontroller registration protocol (left undefined in t= he spec).=C2=A0 The BYIOT requires that people really BYIOT.

=
Eliot


--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud


--
M. Ranganathan

<= /div>
--00000000000034ffbc058d1813a3-- --00000000000034ffbe058d1813a4 Content-Type: image/png; name="PastedGraphic-1.png" Content-Disposition: inline; filename="PastedGraphic-1.png" Content-Transfer-Encoding: base64 Content-ID: <16bcccd34305b206ef61> X-Attachment-Id: 16bcccd34305b206ef61 iVBORw0KGgoAAAANSUhEUgAAAUAAAADMCAYAAAAClXq9AABmMGlDQ1BJQ0MgUHJvZmlsZQAAeJyk 3HdUE2n8P/qxrp0UuoUkoFKEFEAUgSQ0RYSEJjZIALuEBFRsJBNAsQCZIHYhE+w1CfaykGBvkNh1 FRLsZSXBsq5lnfs8u7/vOfd37x+/c88lx5fZySSfycwzn/fz7FERpJiWI5Pl90YQZHFeQVHqxGja tOkzaL/ZkB7g8e9PTt5iGV8onAKf/8/v//vPXw/+2/duIPys9OV81xJx7IGp3E+O8QZiz/97///t p9/sOYvzwO8vwK9VebKiJQjSQwyeey9bIoPPV4PnznxONAc834YgS6bkzc+ZjSBL4f5jcnJkKxCk mASeDwH7sP5nH/Cc/T/P/9fnwx86HxzfHFrmgtlzaDHSfGkRLW1+TtGCgnk0YZF07oL8Of+HY/3/ /LNkzvIl8PcYqWxF0YJ585fQ/juChIK8oDE0Dos9FkHg+f5/nMdwCT/63229ev37AnwuBL+U4JcN fOqwvKVFxf+rRE8EIYj/038jSPgfCBJ4GkEo4PfhwQgy4zaC/PYPOEehCDJAgCDZbv/345blFOX8 +wTW7zl3LoJ8PIQgg6ciCNUC9if9/32dTCb/b+ep5//2X04NUC8ZlMmFcodAk59Csw9DC1ZCFQlQ lTu0/hX06Elo0xp4JluXQdv3QbvGQcGZOOb0Be5BIpFGgkpvaeXAZtZ64FaeCLhMOBwoEt0BJknX ALnoeGCoygEM1IDv4TRaB76Rk3fzKGjbAOCYjkC4Z9cJYBFB9LB7df974UKcIoCetHDwfb6wwJF7 3eA9BOLCe8BicSMwVQa+i1ewMgzogX0A9sa1CDLioz4N+NzYD9jRBq77iFcdfwF/2QvBPhMJotcX 5gdYhZU6GANyvcB2ljcLXE0mwbsJfJACzhvzcA44TqayEIwi5tRScBaYLDW4+swh2s0IEmQ3gJEV dN/UH3jVbAXesIJvGvTCAe4aJo8g+rZz38AqvIIB94HiEeAu401mgvfyAnlgH94A4WtwhZ7lgLPE PV0I7iFuVSkY9dycmkXAsAZwPFxSow+CRP1p6gI+sIDqUfdsb4GO7mzw6iyCGHBOAO9oRLiurxEo HwbOsDA/CFwdYTr3GDBMuBzoDIeV4ENhFvBi6XbgtpozwPyGFiC/8RTQvaUejJV/boMjTP7e2Qy2 uH2MAm4iiCEfRTZYRbyrxwbgdo9PwMpAF+DyqN+BIkErkCeuBo4o9EAQ0d+lCqC55jJwT8NH4Ipj 4FyJki+Acyvi3KEDg56BkSMSfATfTvSUIKj+0icI0vumbMO/99JJVw3wYEAkcFskCixPBt9dtkAE RqxssmwX0LcUnFVZz5o6BJH+0fAn0HDMG1hxYRJw4Z2lwPnPrgNVnxaCPQMIwi0XBSNpEEW5EFZR msl/Ay/7gk9Wnp7wGbgn6QawWgSOU1kk/QVMV4IOoOTUTAQObgDnDX15zAnYdCEFuOsO6Jfo7udg hKDmT8fBPisJYugO7C7oGmo17D+I+u0AMBbUtpGgc6jvhTsDL02RAg3ZfYDbpExgiRKcT3WW+hYw ogFcX7VbI/gMrPsC6MnYoztq4NPng8H2QZ/agBcJwusODp65x2sjYJWGXggY/9ofjGSgIwyMFu2z yVDLLHAGtOcLQNfU7kLhqxXqMcB52k5gXCMYdVpGC7gK2oF3QEZoSc/A9dXGfAIjqqEnQfgM1IMz MrzG4A960CfDv92k0WU4OJ7GQaHDEMRATHoPtM/MBD6VgBZluKIAA85wBAPn2KDWxgALDaB/GIQt lcDxd0DXNHCfgVFnWPwJbGkMJQjfGOMVBGHsMIFPdC4xnYNVWlhuAcDR7A7gsHjQJVqGTD+CIKaf i8Cxmd7Ik4C3VWuBp/EK4A7DdOCqFtBbTLNvwz3nP5sB3PkJdImWGQQxBjWDTjp6pWUEggx9b/m3 J96ePngZMCUQdInb8bHgrr89PvMa0H9hLNCtZCiwZzU4Tss7DeiTFosefLLluEkOrLoN9rdUdj4D nvt4CewpJQhWixWMpDF8G+hfjIU28F16FneqYa3OWj+QyJ0b+CA/OhUZB4Gy+aBvd4pWgjuoM7Gq BBhaD0Zo53AdOJ7OnkYwMm0vLWDU2Q52gp5gM3+E711CEKFODh7oXD8cIN98ZzvA+aWM7T4Nq3QT 3uC+6P4r0gz8M20ysGMu+Mxu8wrQH7qbKkEf6D5QB/pV90YduL+6VxjBtevOsoC7ppvX6Ykgjj+6 wfftnksQ4+UwB0MvQoNo0GEHoTAVhvpDx/8JFZ6Fziagy3+DbpgKrWNCYb4QRPO/r1qGQTtdoN0O KEE4LUbAWXZSgYShOoEx6NXtFA/66AkncLa4hU7gHAtYTuCaZX90At2l4JSTK0gxuRO4k1RxThQE 0Tg5gXF39LETmNM07YXbWzc5eYEUMzmFgBQTOi2AdUh9SOB+c/r1Pw+v3VBmDpQ7Cppsh2afgxZU QBVpUBUdWt8FPfo7tKmS1IvUq7WE5ERyaj9EGkUa2TWBNIs0E1T50+sbgpAzvR6TFOQUrz+8PpAn e/3BrCNzvR5xZ5OZXncF4eThXjdFLuT+Xi0F3aTPXqcUt0g2r0Oq3aRWL41mGem8V61uEumw17pm D1KD15q2fiStl6ojhHTIa3+XifTAq5sgKMlM0FWpI5nXyb0oBuZjmi+lgXmf+RelmtnGvU9ZzLwk OE+Zyjwt2k0Zyzwo3UBxZm5DC8jdzAosmWxmLsZ9yTpmjo4gY0xB8x3yMubEtovkeczkjg/kOcx8 +zLyGuYNgnD25YKr6xLPvUiWUZ9wu7xeUm9yXzN/UU9x23mDqDu5FiGVWsI1iZ2p07hHZSQqm7td 2Zvaj1uGfaRYuYvwx5ST3DT9OUoVN8K4hbKAyzJXUQTcMOtZSjR3miOGkskFVVwlApCFbqcERvJN 56fCAV5U5zZhT2a98znBV26Xc4PgrdDHuVzwSJzgLBZclOU4hwuOKqXOZMEmdSH1hWCldhH1tEBk mEWtFMSY4qk5glDLJCpfMMFWQh0jyOkeSJ0geEUQHoNF4C71LBA1UTxdmsR+w/e5NIrpQXddcLEr V+6yTtxP0OUiEX0VR7kki57JVrj4iW4qd7v0FDWqTc4PRVu0FufDohWGB85y0UzTHedUUaLluTNL lNbp7ewqknefdfYSU8E98Ze0HXTLHOk5SrbrGlnC0DWuq2T8wJ2ui2RhUWddM2V+gkLXKJm76Isr Q9ZHNs21p7QLVGmX3lM/dTkpPdvQ16VSurPR20UslbeEuIRIJbczXUjS4s69zn9L936MdSZkiaDz D0UfgxnSOvQMpc4tTDnfHXULUuYEvHOjK6dF4m4kZWJyo+sP5QRRoetzpa+sp+sVJUVZ6Lob/a6+ 7qpArQ1DXKeiFxpjXYPQ3S35rv3R2ttal+eopvMfl+vo3Y/7XMzKtQTBkGFgvuX9CDtJuePJU+e5 IW531KV+x9yuqpdHBLqdUecnHXHbp87KPuGmVidKl7stU4cpyW4z1TT1BrcwdV/tn25k7F3jBNd3 2K2WVa6XsKbbF133YtefBbli6h4fba7b1CaCGPkeB31q9GT8OLXniNnaFNdq9wVa7ajH7iLttvAZ 7ina6ik57jwtmtXsPkZbUNDs7qydia52+66NUzPc2rWB2t1uzVpK42C3evxLy2y3EvzVbaPbdPzj s3FuPG3gx09usdpPBOG3Wg/mdv5/6A1UDkNj4LuGun8zNHuPd+82nBrn5f7KcGRym/sjg3YW5n7F oJbcc9cbFIpb7psNC7GN7ssMadpQ92mGcMN597EGr5Yx7s4Gp9s73b4aPJ/R3Z4ZMj4+c3vbOJwg Ascar4I+qTDqqNNGvTZxXH56FJnaR6zyWGh6EJrrITLdmvTSI9XUMpPuwTcdzz/lEWTaJX/r4WHC VO0eiGkFvtv9lSnHkOB+3TTRdNf9qCn0dob7JlNU5xv3MlPxR537hpYJIF8IM8h1Trj5LLUkgGPh uFwbmmv54XHY483tnpyhHlbL93idxz2LfXqJx1VL5yKpx2nLnZKXHnstJtVAjxrLYc0Pj5WWzfoL HrmWEtNCjzjLdMtHj1GW7E61xxBLzceZHoNugzEWYoUpNtbJ2kHdz6ywJbvsoe/u7Ovh7FnQOTHI z3NOJzd2uOe0ztDMes+ETr8FhOe4zqGrLnh6dw6o9vYcZPuq4Xl8sj3TB3k8st00fvU4Z2u07PHY bFvROdwDte3ufuch75xCEOMewRQbTzgCqH8Ev3PUuuwYvaI7yn2jZ1v3Kb8wz8vder6H5/nuvRkr PHXdO+bneuLdVSvLPFXd8qrRniu7F9Wv9JzTnanb5JnUzTeWewZ3+1lSPN26h3T28bA7jnTP8njf HUEQEf/AzIryAB2NOk5GEC76wECCcE8cGksQ3sjQSIKIPDI0hCDS/If6EcTcs0OHEcSKhKFDCKIy 2hO8t+6R5zuC0Pl53icI4yRPI0gxruc+kGIentUgxR57ZsIU8/JDEkF2rQIpNsArFdyfI7xGg4Tu 7QUWalzLiJcgxWpGWOAseIQJzEkHjQCpqLg5AswmVFUj9oEUE4wAcwGd8wgwE296Ap+3Xh4B1jrt H+C7ulZ4ecEU8yqDazCvMBKPNALqdRLKzIdymUBu8jevsaQJ2de9QkljC3Z4BZPYikVeLNIY1QSv QJKvZoBXAMnn6CMvPxKt6YBXEInRus0rihTQftkrm8TtyvDSkRYTBK0/DczXvX55/SJthf73YNZD ualQARmafR9a8O92xVyoig2t/wk9eh3atJXWl9antYLmTnNrP0YbTxvfxaNV0apAlSfMnwhC92Ja yST6eOYD2mIo8z2UWwkVRNLHMh9k/6IzmfcKrtNHMW8r6uhDmbdURfQhzMuaRHoPZpPOh/aJebLp J+1P5snWz7Ru5qWOUfS+zDddp+lTWGCM0X9ywYyWUca9TV7GeMz9nd6XcZp7gZXA0HNbuC8Zu7lG QT1jM/d30VxGOfe0dDxDym1EqYzp3AOqbgafq9FYGKO5G3U6xhBuRXM1/Qd3ddt6+mdubUcz/R/u 7/YUxjgeGDveUgHISp9Rgutks88xgY6+1ocsuMqa69NHcJFH9/4iaBZ0ez8TnBG1et8SGKQ672OC fegm7y2Cndgq72UCFZ7rnSlA9ZO8xwqkxiDvoYJFZqb3QEGJdR7wkP2Hd4RwLOiWbLj+GTVQdIky fFSLaB/975Hxoscs2sjxons855F+ojbhoJEuosviPj7/iM5LCZ9nIh361eeiSIt1+ewSqfHnPgoR qr/vM10kMV7yCRfNN7f6+IhW2Ab4jBAddWh9EsTgjI2OkIK1gW+Q1EQR+/WV7mLMGpUl/cQsHJUi /cA9NYonfSl4MSpQ+lTcZ5Sr1CIbPvK79IIyaORT6TF1+Mhz0gYtf+QWabUhZmShdIWJN1IgXWxJ HxkmrbBtHxkoNXZzRqbJJKAnb0DBasK/Gv2dUh+gQDWMU6NnKElBKaOTlQO4vUZzlT0FxaMD0a+i a6Pd0PeyvqP+QZ8qx46yobfUM0eZ0LPaZaPq0L2GqlHLULVp56gMdL3l91ERaF1n/1Fs9HH3/lFp ys1gzu+MPUCQQBp2lnI3yAer8/7Nl69mjjnlO1btF/nN109NS77o6652FaX49lb3l54f/R77oRw8 2oK9UwtGH8MeateMrsEuGPSj87GjptujE7G9t5HRwdjZzmmjR2Lfun+MjlODfhB0F78DZqzP8VPU nqwv+HbvFD9XbbJ/jd9g7aSIjX6Ilpd0zbdbOzZb49uh9ZNO8L2mHYqe8jVoB6g9fDfif2sX+Bbh zw2HfYV4q+mZLxu/dJvu64E/6iz3Haj1+Bjg66t9SRBskx6sEzh39MepwcHv9Vu9NweMMmT4jfS7 Z5gfftXvukE8ZbXfecPULL3fYcPkgvV+WwwRKMdPYRiDnfHLNXhqR/vFGfoayv1G6h0mi18//avb NN9u/dfOat/nhnEfx/n+bOwDOv99I1gxhr4wGqjTwnobN3vfC5ptmuR70h8zrRtX7b/GpJz80X+5 admscv8FpkWSPf5TTdkKpT/XlIyx/EeZInGT/wCTn2Gc358mZ1O9n9n0m+WX32mTS+dSvyOmtI8+ fpdaQH8dRzaDMzZ+qPk8tSSca27wobLbLZN9cwO4llOh9wPGWnQJpAB/y96ZIwKGWXbk1wQMtFTL D/l/s6Cq9f4vLAV4lP8Ny0z9A/8jlnjTVP9Ki6+lyb/Iwu6M8s+zzO+2+xffHkUQE4qsYGUUscJq pe6P3Gm94iMMXWub7RsQ8N72k1MZ8Mz2Jf5xwEPbh+mKgBu2Z4vSA87ZHpScCDhgu1Z9LaDWdkZz MKDEtk8/JyDPttHUJ2CSrcSiChhpS7C9DXCzFXfvCPDpZBBE1DeYYtyfMMX4wxxUn83j0x0HfHuO qeteFFQzZnP37NhJY6q6Z2XuG6PsTl3wcUxR98RVe8aIusdX/TUmsdtf039MSLeHrmuMZ3dfY2MA 4ei2TA945vjD9iHguEPe7RdwttuJIKLPwRSLOQ1SjBJ7F6zMX0Zmg5Vzb+YPMMpVgSCz+VMD+QSR 0RAIOsV8RaAvQazcGuhOEFVhgb8RRP36MWAmpNs1ph2kWO2YyyDF8sYcASk2dIwapFjzmGSYYkFW ZAcYyWAF7/SICb4VbTgTrNdZ/kFglc+jBl0EKfY6CGST6GjQGpBikqACBEEDgsCaUvUmKBmk2L4g sOLXzQ2agCDNvkFgfdk2KAisXDtYQcUgxU6DzwcpxhxBmglmSntIh0mpwENed4L2kQ4wy4MOknZz JwYdJu0UuABrst+CLRUFTeDVVYqaoF0kmWp2UD1priYkaDspS9c7aDMpo+lu0A5SauvFIB0ps90R 9JA0r0vB5JO2gSpyGshKJocWRjrL9KOF04ZCmQYoVwwVDINmd0AL9gDHKwqYvrQw1QTmaFqoZgBz FI1z9DHTh8ZsOsQcQwtu3cmMpkW3X2NKaDldmcxHtEYwHxvMGgzOUE9WTzKD+Yv5i6aG/vfgbocK JkFFPaAFLVDFGqhqClTjDD3aDm06yOrH6te6mUVj0dqbWUmsKV2TWOdY4Mqz7nHB1Wf34L4ml7Lp 3Ed0d7Y/9z5LAuW+gwrWQkUh0IL3UMVBth/3viqfPZJ7VxPG9uLe1v3Gdue2Nj1le3Dvtd5hj+a+ 7+jFnswb1rWJfYRXBzrMQwG4XzhswWPyA84KwUX6Rs5hwQnWL84+wSleGmeX4JTgKadecEqk5GwW nJSO5VQJTij+5pQKjqkuchYLdJrNnNmCg7p8Tppgd3M8Z7LgYBufIxBc6FjKmSf4Zv+NYxKCGVOw i+gDggRvEpkptBBEdIqBhOSItOzKkKGiI7xdIRTRYSEn5DfRQZE1+Ltov7Q++J1oNzov+JFIg40P viTahpODdaIa3YfgraL1za3Ba0XVbTeDy0UHrPAzX9prgp+LwewiRC0F68pQf+l1Sl7oKelRRs5Y rrSWMyC0UHqCdyh0rrRROC10uvSoeFhogvSA9M/QMOku9EooQ7oT2xM6QFqLrw1xSNfr80PuS1Fj eohJWmaeGnJaqrGqQi5IbY4RoQNkWwlibDxqA/PkL+hFCh62A93PODcuHq3kKMYeQa/wZo/VoheE 3LG16O/ikWPL0FMy8tgCVKdExk5D92LdY7noTvz5WB8U098f2xctM14LtaOrzXdCn6Fa25DQN+gr R/3YAOUh0C2DsScIMu4jZqTcH38U2+09IHwptobzOqwNa+deD7uIPRI8DzuJ3RF9CduL3ZT1CgOZ pRwStgo7o3YNy8WOaIeGxWO4YUSYL6Y20cKcsBpLSBiCHbEtDeuNfe7uG8ZTXyCI8HT8PoJMGIGf p/aa8A7HvdMibuKlwZPGPcG/RT0Ydxv/JOCPu4R/EFWOO4G/kF4c14A/Qe3jKnGLmjJuMX5RGzRu Gn7SEDcuHN9nyhxHx/dYlo8j4c020ziy9rfulHEJ2j/AbHy/HsxnI1foT1NDolL1dd5buXF6eXDD +IcG18iK8a0GUnLmeJOhf/ar8Y2GHlLBeI3+K7pr/Ab9e+zF+MX6Dq3n+Ol6i2Hi+Ai9ySQZz9D/ btk5nqy/a3s/3sng2S0fzzd0EQR3lPEW7MnGE9RpPJtxu/d9/gvjquDP4RdMoRNuh581MZPo4UdN vtm9wnETreBAeLXJFR0dvsI0AKsOzzP+g9vCJxu7DKPCWcZ2U064q/GBRRPey/jO9td4wjSme314 gAn0Xf5dM1gjRx82N1NLYraZ9/g4x+43V4TERZyxJIRbJuywzErUTsAsGbNeTyizJEnuTiiyxCjW ThBbwjDXCYkWf7xyQqhlqL5rgqdloIkf/t380VIW/spM2J6F2ywTupdO6GMB649YnfUvBImrsHZS 98cvt17zSZlYYz0cspW7zjYvvCRimW13wp0Iia1u5qaIHFtt/t2IVNt6+eUIvk2hWhMRZCvEGRHu tlz93gmELdXkMuG5jW9ZOqHJRrHpJpywxXbzJ1hsnwli4mmYYpPUMMUSVsMUm7zb/jXEHr3NcSSc H5neTZ5oiJzcPWBG/8io7p6LjkayHX+XvI6kOz5UWyOdHJ2aQxE/HHf06REvHBeMLyOuOxotuRFH HRrb7YhVjnhHV0S14ylBJPaCKZb4BKQYaYoFpljSV4IIFcV9A+MvNCqOIOJio8CabdrMKDZBLFwV 5U0QJaQoZ4KoTo4C79WkRjoIQh8YCT7B+CbyEkixqkiYYsMjMZBimkgeTLGozT0GgasfC1JsDdcf rmS4fUCPDowCdxEvNEqPIEJ6VAVIse9RYpBiV6LAN0cro3wQBJscBbo53i/yO0ixy5Eg9ZpXR74F KTYnEqxVOlZHgU+z9406DFMs6jLpEFhXBpFDSeqoSPJIr+9RXPII5uGoaDKVWxgVQ+4riI7ik76K 3KOiSK8K7FHjSfcVl6OCSZdVO6LGkE5q8qNGkvbpIqK8SNuaB0X5kGpaf0ZNINV0jI6SkOq7TkQ5 SDfASB5CA/kZpaWVkmxR5TSMFgtl3oRyl0AFAdDs91GradUFx6LW0NYrUOBqlQBsUWjoUWW0ZUc/ RSlphU1Xo9bTClvPRe2hydvfRD2ibetazs2igbklt4QFVqtcHotFHs+ls8bSTnFprDCWB5R7FCrI hIqGQAtuQRUqqCoNqvEEjj36AtrUyA1gRbXi3ImstPYbXAVL0ZXB6816SxA8Mo8MrkBfXl8yxkN4 CJ3F/cX9xVoH/e8h2AIV8aEFf0EVjVBVEVQTCj36g0twfzVd5A3gDWg9whvNG91u4WXzsrvSeS95 4Lvw7gp7gSrdAju5gz9QYKXv4nsJ7rOd+XTBPd5CqOAdVLQaKg2EKjqhqh1QzXSozhPaZOP7C2yt 1/kxQqTdzl8ijOpayv8kfAzu/Quiv8G930tko4yKjhDdZAyIlonOsndGbxA18rqhwrTo9aJG0WOo dEn0WlEj6hW9WtSouheNiho1tdHLRXrddPAuXfNo+N42l2il6ElHVPRBsVfX5ZgR4lYw63smtYNZ H1d6nzIvplbaxFgQ80a6n+Ma6y/dwq+IJUl3CptiB0h3isNje0l3Su/GfJfuQBUxDul2LCzmhXSr 5nvMQ+km3eWYa9Ka5i0xLdK6trUx16XGDkPMO1k/e3DsVNkV0GE46BsEid2DtlIa4ijoCYYxbg26 g1MR9x5dHU2KK0G3Cb/GLUG3ipVxC9HNMp+4bHQj+jhOgGLYzjguWonPjQtE1+rHxXmipUZS3BC0 0tw7jozqrGPiAtAf9iNxKuVVcGc3YmBdGT8Wu0p5GH8GO+o9ZGIctpHzYeItbHm0Kv421iD8GH8V 04i3xJ/HdsoE8UexrUrX+HpsI/Y6vhKrxo3xy7AKfV18DoYa5fEpWIV5WbwAO2htiJ+N/e0YEW9U 3wJ9TISDu3xiN36B2mdSBX7Ae2pCAF4ZPCWhDZfG9JrkhB8THp7UB9eJl078Gz8kmzLxLb5XOWbi YxxXkydexrfi3ycacEz/auJ2vMJ4b+JavNJ8f2IZfsTWc2IN/sMhn/hCe48gEsL1ICsTHumbqKGT V+l3e29PDNZXBO9JtOsXxEgTxuuvCUckMPWXxJ4JDL1R5p5A1Z9Vuib01B9TO0+y6w9qKZP+0GsN pEkX9FtMgyfp9VstHpP26U/aJk86ZujhuDDphwFkZSLfCLIy8aXxLHXalM1G3PthkshYFvxXMts4 O+be5BTjc0HC5InGDtGayROMj6SNkwONt9G7k4cZr2P2yf2NJm2fhE/GUwb3hHbjYdPohKvGgxZu wnlji6044ZKpv+P95N4m0JOTlpofIUjyCPMFqjz5D/NBHxfBMXNVyEThFnNB7LhEkWVQclDiVMtv 2WcSJ1t6SIcnRpi/o4sSA8zd2KFED/MbvCOxt7nd0H9yl/m2KWjyHXOTJX7yRbPZVj75isXJ8XXy L8t9ghA8soL7RVhhfU49kJJgvemTmhpk1YdsT2NY1bH1U+bZBFNuTsm2Tc46OSXNFlsgnhJvi1A8 mzLWFoJNnuJj88e1U5xsXvq3id9sVNPoxGe2PpasxGbrU1th4nkb2fE88ZUNpEGqBKZYGg2k2JO0 Nw5nn03pD+x/hzgyHtkfx/VP3uaon5KeNNdxcpYiaaZDL1mVlOzYr4hI4jpw1YMkpmMznpE0zLFB b0rq55Cbhk9xOKQWyZQHjhzbiSm7HEMchikXHPvAGisJptjUHiDFhkwFd6nPi8zLMMWmgXVZ3MaU TIKYwkteRxAz/ZIVBJGvSi4iCLkmeTZBqIqTMwgC90uOBilmSg4kCFNssitIsdNJv0CKjUh6DlJs VRIGUyx5So/dYL0FUsmJLHACKXYtuRukmHvyDdDdJiRrwdnkJS9BEHFQcgKCyAYlM0CKPU0CR4bt TQLrLHx+0iUE0Y9OOgpS7FXSfpBiV5LOghR7ltQFUiwneTVMseRCMhVBkizku6QbSd/IdTQ34Ebm 7aS/yWu4mqS/yEsFS5I+knNFyUl/kpOlvkkvyOPRHklPyD6qR0l3yE6aI0nXSD90iqRm0ptmQdIF 0pM2blI76WHHwmQ3krXrS/Ixcj9Q5QhtHRhjAbQ/yP2SPtMI2ioo05H0hfaLiyX9TfshiEn6Tvsq 6p30D627oC2JoL1V1ANtKlnSL9oDTWzST9pNnQfYx9TUldyb1tT6PNmHdqmDkpxLe9q1S4DQR4Ix 1oeVCKocYS0kpyUXsxS0zuQCVhkrCsq9ChXkQ0UjoAWPoYrtUFUWsFTjA0SPOoAlTcbkVayyVkNy PWtz+9PkdlZT1wKBnD0KVCnhgVmAIIkXRNYKAngcepLAkxfKOgLleUAFh6GiFKi0F1TRBFWVQDVR UF1PwVBeaNMNgS+P33pMkMjLar8vqOJt6pomHMP3IAihi9AFXOGBwoHkd8Lewt70UwJCQLBZgl+C X7zV0P8eok1Q6QSo4k+oag9UkwPVMeC7ml4JBwkHtd4QBgkD218LC4QFXXkpg1IGgSp3xX1Blbei L5Qg4U/RK4Z7ipPoMVuXMlR0lz8QKpwPFb2FSsugqC9U9QiqwaC6ycB7zQNSfEXPWt+kJIj7tRMp 68QpXYtT6Tlg1pZySvoDQVJeS19RFqU6S+8yilKjpSaOT+o86TH+jtQiqV74BipOgUofQdFCKOYG 1VyB6lalyqT65nGpK6TNba6ptdJXHYGpN2QhXdq0GTIwi0y9gIL7I60f+oSyJ20KeplxJW0TqufU pN1Hd0aPSEdQdYo87TtaI76a9hWtkUWmfQIpdjOtC92I5ae9QWtwj7ROtEZnSXuEqptr0h6jeJss 7U/0WkdFuqfSs+tLukb5jiDSvmBgPpiehN2h/JG+FzvvTc3og+3ifMnIxSqjt2fosBWpgzOKsdU5 9AwZVi7bmjEfK1f6ZoiwMuxmRgZWisszEjBUPz4jApM3/5MRhq1v68iIwY51fMxYoO5rn5nxTG0F HUaIP0OQjNP4TWrfqXT8uPeMqVvw7cGpmYNwNGZgZjE+P3XT1HZ8dc7kqffxclnbVLBSUy6casJR tcfU43gJfm/qHny5ftvUzfhS45yplThqTphag++1Zk1txL/ZTZle2ocEMfWOHmRlZrz+MnVcZrP+ qHfdtEn6jcEHp93TF8cUT5+hn5VGnsbSq3Iipo3WV8keTRumX69cN42kX6OeNK2HvlRLzuzWl+if ZVr1y4znMu/qFeY9mff0WuuZzA/6jw7XaUKDGczlS4wgK6f9bTRRp09HjQe8H8/wMFYFf59x3iiN eTxzmjE9be30QiMu/jJ9nrFOdmz6LOM2pXy6wLhJnTqdZ1RpmdOZxnUG0vRhxlLjl+mDjKvNb6b3 NzZYf4EtHxyZ04tMoPPPSDE/RZAZ98xXqfKZc80GH9dZJPOmkMmzLpmXxUZkLTPPSPsxY5+5Rbx8 Rp25SSaeUWM+q0yasdp8XM2dsdR8VBs8I8+8z+A7Q2jGTV4zxpkxC2kGy7zX5jcj0vzWIZ+x1nKc IGalW8HKYFaH9RX1QNYKq9knLZtpPRGyM/uzdUusVnTeujy9aOYD6y/R9Zmt1m/SVzNbrJ/Rf2Ye t9rV5Jl7rG+0jJm1VpuBPbPU+sgUOXORtc0yaWaC9ZBt3EyB9blj7cxK23aCyF7n4ILViYdjDPWJ 6JzDxWeTuMT+PcSRI7A/jRuQ62tvTu/O6uvIy34966cjWxo/q9sxHd0464UjDTPPuu9I1PaaddkR Y2DNOuYIN2XOqnewLCtnrXWMtG2blW5/7Fgyq9SxmCByBsAUy9GAFBuYGw9S7HkeFaRYdt4nkGI1 s8EKK0OdXQqOxiM7kSAKtNlgbYUGZgcTBNaQ7UMQ2p7ZYF1myMzuCVKsIQusui0vssDMuJOWZQIp lpk1F6ZYds+eueC79EaQISuyP4EUK8kGsw2mI/s0/NNw2RjoPgnZs0GKTckeB1JsQjZYfymHZb0E KebIMoIUa8qqBylWnoUiiDE+aymCmEdngbWbNQa+am/JXgRTLJtG3oogWQrKajKSdYMykOaVdZXS g/ku6yL5E/diVjO5U9CQdYrcKirNOko+LRVn7SLjaGTWFvJazD1rPVmqcWSVkDN1l7KkZF7z1qwi MrNtXRZGHtVxLMtC9rdHZpeTk0GVVNodUOUaPZrMzlpOX0M7m1VGX8XyzFpDX8Y9lbWOXihYmFVJ ny8ak6WiZxd8zcLoaYprWWp6vKoObBmnKcqqovvpJoE9hzZ7ZW2iU9ucs87Q3Tpiswh6QNe97FN0 GahSx1qJINkclp4szXrLukd3yrrDsrHyody3UEEFVBQMLXifdZdlUxzMusfqUEmy7rOeaMKyHrAe 6PpkPWRZmh5mvWLdbb2RPYT1vP1r9jR2v641IjJbAqoQPJCV2Wd4IvLx7FJeAV2SLeKtZD3Ozuat 5IVDBZehorlQqQtUcQuqWgfVJEB1g8C7VjXdzS7gVbSey97Ca2hvz+7kPejKEW3nTycIkUIYCK5+ ppBJ/ksUJmTRb4mGC4PZKSJXYQhvL1ToDhUdhEqnQBU/oKpGqEYC1Y0RuQlDmuyiUUJ+621RkjCv /YNoq3B31zxxUgoYlWIPsQcYQSQxiTJW3E/cj+Er7inuyb4i+iX6xfeHCkuh/z2ktVA0DKp6CdXs gOrSRYSIaKaKB4sHtzrEweLgjj7iVeJVXctyAnPATE18TzYAVHkh/UEpFH+SfmAocnpJbZzQHLL0 Ab8xx016N6UHVDwXKn0LRZVQzAequQ3VrYE2R+WMlD5rc8lJkA3s8M7BZDO6NuRGFHqBu1KP/gJ3 5T30T8qBnG/oHwxzLg29xtHkxqJnopm52agupTY3Bz0q7oTKhFD0IRSTQnEqVGcE6pqLcgvQprbo XDX6piM+944ysmtX3vJSJ4LIPYJ9RpDc55iN8jTPE7vl7ZGXiZ3mEHm12O7ofXmXsdrUEXntWFVO IVR2Ne8pVqWMzHuCVWHX8v7AqvDcvIdYlf63vHtYdfNpsL2ubXXeZ+xqx5rZgWqvriezL6m/E0Te Tfw9gswm4w+p/WdPxy94i2Yfwg8Fz5j9E6+NcZ0Tj6OpDXPkeGFu3zlz8OLCsDk5eLFyz5xZeLHa b04GXoy3zEnGl+rngT2XGt2B5W0v5kzDj3R0zlmn7W1nziVrXxDEnEH65wgyR6Q3U8fPOaU/690w 10OvDdbPVerXxijmduqlacPmhehn5dbOfaIvKCyde08vUXbPvaXPV5fMvahfpPWYe1a/UH95rk4/ 37hq7gH9YvOkucf12618sH+Xfe28qYY2gpgrNYJ8mXvTeI06fR7LeMy7fd4e47ZgYv4IoyLGNn+L cXaaekFPY1Ke+/woY2Fh3fyxRlnpsPmBxgL18fkMY7525nxX4wIDaX4/41yjeR5hzDdr5/c2Vlm3 zfc2PrXfn4+ZThLEvO9mkPvzReY2qmK+2XzGx31BqlkTkrSgw1wWy1+40DwvvefCLnNy3s4FW81r C1ULVOY1pT4LVpvL1OYFy82odt2CReYSw5QFs8zLTG4LJpnzzc8XTDSvsT5ZkGVudZAXnLNsI4gF jVYwxhYOt76jHly41XrPJ2PRaOu5kPpFF62a2N35uday9GX5P6zzZjMWvrOeK5y20GY9XTpk4QPr cfWdhTeseu2uhb9bDxtWLDxi3WfKXLjTqrWMXyi3ltr6LtxgbXKELHxgW0IQi7bBFMsfCFLsaX61 w81nk8TP/k/IR8lduy1uUEG5/WL6JynTvm92Y36Uw1VG5Ic4KMqn+X6OIeqL+cMd/bX6fCdHb4N2 EWH/Zapd1GX/alm/6IndYStddMh+2BG56JkjjiAkbTDFCsAz534FYLbh80xaDFJsliwIppjsA0yx wiNglMyRnCAIGS45RBDK4xItQaivSGpBij2WrAEp9qdkKUgxQgLWaLfJkhSQYt6SCJBioflWmGKS M72SQBUwzgafLoB/Dn1oQTNIsTMFYBXGG1JQAlKMW5AOukNGgR9IsUzJPyDFJkluI4g6QHIAQbS9 JKUgxe5IskGK1UsEIMXKJWKQYg0SDYI4vAqyYYpJblNCEUTCoU4CLXovpYjmJGmgzGc6JDspM7iP JbWUBMEFyTpKiOiwpIQyXLpRUkDpjS6ViMjvsQyJgGzB2ZIo8kl9f0kQua7ZJmGR17XdAdtXdfyS bCWvsq8vEJPrQJWf9DGgipR+ljxN4sRwp/0lCaT/xeJKmHQHt13Cob8W1EqC6U9F0yQhdIt0FLBF 8Q1saVS1SVh0rWYf2B/TySW+dHnzVPBqUVuSZBa9qEMuOUIvsw8qWEW/COYLE1gnQZVrrF/kKkkR O5QeKYljp7H2QHkUqGCfZCJIgmRJAlsg7S1JZCcqLkmS2fGqDRIhm6uZKkllh+lGStLYzKZvkjns oNY/JRvZEzo8Ja/ZWV0HCs6wjaCKmgdWwAXhvK3ka5LPvBN0TGLk3WT3l5zlmXl5UMELqEgJlfpD FR1Q1TYoqALUuUvO8dqarJJbvIetVyXfeN3tfxYk8727ZFIv/h5Q5Sf8OzwFF4TTKX0K1MI59JcF s4Uy9tKCVOFSXhtUOA4qugiV5kLRwVBVC1SzEqobV5AmLG76Dt5b1vqkABPuaf9S8Fz4vCtfakhB CUKqFLMRRCoWsyk8aYyYzQiX+orZ7E6pqziYnySlioOFDVCxO1R6AIomQFWfoZr9UmdxsE4MbR4u 9RFHt36TJovndQyWasW6rlWy+TkicAcMlw0HI9RF5kJZIRssG8yokvWV9eUkyBAZwr8p/SX9lUKH ilHofw90IxQLhmqsUF2NlJASzQmyIbIhbV6ysbKxHf6yNbI1XVjhxMKJoMoD5RBQ5ZmyB+WorAv9 zHgs+4G+5hwt/A19Eh1bSEHvphwtdEbviL9DZXOg6FsohkJxOlR3E3i3WV7IQJ+1JRZOUg7qSCqs VYq79hUll7IJovCwugeCFF7DuinWwldYpze96DfMEjywaDRmjD5VFIsdS+UUpWNHctZDZU+hSgEU ewjFC6B6p6IM7EjzuaIc7HwbWrQae9VRXHRTHdXVslhRA1biRfX4VwQpuo6/pA4q+orf9Z67OAA3 BuctFuGHYxiL1fj21MbFJ/HqXM/FLfj6wjlQ5UWoOgKKX4Hqs4EbjMjim/i2tt8Xv8UvdOxf4qcd 2vViSZv2B0EsPqr/gCCLX+qfUMOXMPTXvPctmac/FnxqiU6/M2bdkk/6ijS/pUz90tzdSzP0iwp/ Lk3S55fylibqJeqDSyfpJVq/pbF6if7cUq6+wDh9abR+pZm0dJp+V8fnpdX6b/aRxTQDmJsv+cMI ZtZLhxvvUmcsnWc0etuW/m7cH9Kn2MWIxbwtLjAuS9tZbDTm5Y0sJoxpRariNmNW6a7i68asmn7F F41Z2nXFvxuzDB7FJ4yzjGeLG41zzAXFzca11inFb42P7YXLFpnAKql4jPkNghQvNz+gosWt5gs+ nstY5kMhqct2mtWxE5f3NS9LH7B8kVmUt3f5RXPiYq/lcebZpS+WR5nzalKXjzXnah8vDzTnGIqW e5vFJvflzuZp5kvLPc2LrfXLw81N9tPLD1rWE8SyfTZw9Zd9t9qph5ZPtz7xyVx+w3ohpGFFrPVA 7IEVJmt1unzleOvi2X4r91uzFh9fcdq6rqzfCr11bU3Fin3WNQ1DV9RZyw0tK9TWUtOSFeVWhYW1 YoF1trVjBWrdZf+w4g8bmMGuEDiiEGTFYUcgtX0lxeHus2mlyoGEfFrlZn8Z57Rqt/16+l8lQXbd 7JMljfbNS1JWBdgfllFWedvv1xxc5WG/05C2aojd3DhoVQ/7LZNl5Wf7NUvdypf2SzbpylP2CseQ lT8cNIJYNQmm2KoDIMV6l7iBFOsswUGKzZSHgBRTyy0wxRT5IMXmomC1tdSjBKx4y7xLfieImvaS RoJo2F+yjyAaS0rA6rFlRkklSDFuySqQYr4lC0GKuZYMItoJQl7Qey6CKFoQZNAlBejOI/YoGkCK SRVrEYTbqZgHUmy0gg9STKBwB3dvrhyMSGWuHOyvTpdvASk2Xp6PIAZneSxIsdfyYJBi9+VxIMX+ lq8DKbZcMQummHw1Bbyv5K2zFzlLvpZi8XopL6NcZb6Qr6Sc41rlMspBwQN5HmWL6Lo8g4JKz8rj KHPRPfJgyhSsUk6jsHCJfBDFWT+55Bv5m3FkyXdyp3mo3JN815ogX0g22+8pJpFBqssP0LchiHwY I5IsLznOOENnlXxgSFiZJV2MOdyfwJmCs0CBqBxs50vTS94xWKh/yWuGF9ar5BljoKa9pJ3+VXeq 5AH9eXNNyXP6/bb18iH0Ox3n5HPpVvskRSJjOKhiY/0EVeazp5EPyfuxd9HzSy6zH7Keldxi3+Zx S8zsVkFryR32ddHikvvsi1K/kkfsJsXbkifsE6rGkg72YY2ixMrW6pJLOtmbm71LPrNr2tzko9g7 O+Lkq9nnum4rJBx3glD48/aDKjd4j8kd8hX8XvTj8lC+LztczuAH8zZBhQOgIg1UGgNVfIKqDsm9 +RzNfLkPn6ULkI/iBzZ9lk/gh7R2yAv4iR295K38lV0VilP8v0GVdcIicPV5wg0UF0UPoZaByK8I T7F3yvcKL/J+yfcILwqzoKJOqHQVFGVAVXehmg1QXTzY/1JzX/kZoaX1lfyNsLv9H0VcCqurCPVL uQ6qfBcngyo3xJmUKYp6sYiRrCgUz2f/UgjFMv5iRYK4SHgFKh4LlbZA0Wwo9htUcxqqK1BMFhc1 +ytmipVtvRUbxHs7XBQvxH92laIXcnYSBFomAzMldL4smFKGJss4jJ1osIzNEaHDZRz+W5Qs46TE QcX1UJkbFN0PxeKhGjtUh6MUWXDzVJQhi27zA5+zoCMY3Ss73bVJKS9cDuaJdCUd3AGeSk/KCSVF SWG8UA5QDuA0K3spe0XPRAmUSLmB/kJ/5bhDZQrofw+sBoqzobrHcM/mDcohyiFtU5VhyrCOqcoN yg1dh0unl4IOo3ykpoAqneq+lGfK99h3b3/lF+xDsHspgnVGXysdgD1MTSglY3dy9kJlX6DK2VDs LRRXQPUjSinYnearpV5YZ9uG0jj1wA60dJM6t+tK2bSacIIoPaDtgyClJvwrlVT6GH/jnV/6GX8Y XFBGxq/GsMvG4GdTL5VF47pcVlkifrhQAVU+hqqTofgDqD4fahxcNhU/23albAX+rENX1qIN73pZ vrIBjOSyjfrvCFJ2Sv+OGl7Wrn/sfbi8v/5KsLE8TH88ZlP5bH1D2rjyKv3G3JPl+/Xriyjlh/Vr S2dB1SaoNhyqvwxcZ5xVfkJfax5Qfkd/ruPFamcDyd5vtRH+6Y7yLUYHgpRfNtqoM8v/NrZ5v1wd bDwbMmh1kXFPzMfVjUZV2v7V740leSFrPI0FRdo1bOO8Uge0hreGZZynPbyGaZxv8FsTaJxvPAW2 F5qnr5lo3GQduUZhfGUfV+FsaiaI1efN3Qiy+pO5k1q6hm1u8xm+ZpX5TMi0NdfN2tjkCg/z+nTn ijnmJXmNFQfMuYsDKx6ZM8qqKlrMM2rOVTSZZzYMrzhrnmnYWnHCPNNErzhknmo+WXHaXGQtrnhm /t2+Ym2uZS1BVPS19UWQinjrX9QjFSrrc58ZFS+st0L2ruVbj8ceXdtg3Zlevpawls9mr8uwFixu WldnzSoPXJdklWykr5tklTSsXce35jf2XhduzTfVruNYF1lY64ZZp1ovgS2b7GfW7bYlEsRaOUyx tZdAinWsc3F4+mxaV+zoFfJl3TP7uzjy+hS7Jf37eqP91OxzG0bb8SWZG8rtleWP1nfYD28sXv/Q fqjhzXqz/WCjbP0V+/6WAet/t++zHFvfaN9jm72+wi6xv1v/wPEbQayPgSm2HiMI6q/1b0CKWTdk gBSbvqEVpJiqEhxHBlZ5Ha7FqmJgilWBucJqfeVmgtj4tLKaIHbNqQRrsWM9K0FytRgqZSDFFlXm gRRjVmYShOPHhu/EWYKo9umjRxAVjiADt6o2gRRzVZWDFHNXgWziHlCBtZWwpyoQpFiECpxZWXZ1 O7i7CqobQYpJqitAiomrZ4AUi69mIYhpZPUIBLF4VoOZty22egVIsWuqHJhi1WHUJgSp2uXSj7y2 WkL19dJWz6V6MS9VZ1Op3PvVqdRegqfVcZRu0ZPqUMoT6f1qBuUier3aiXIAO131nVKNa6teUGT6 1VVtlHTj7KpWygSzqMpBCbBi1fGUkY5hqvEUPqiSyXABVdoYZnJDVbb3bPrcqvOMDlZ21TnGA55T 1RnGLcH9qlMMo2hf1TGGQaqo0jE06LSqA4xKLLRqF2MZTqnawcjR2atqGInNt6rqGRParlTdZIR2 fK0OYHDtFapRjJWgyjq2EEGqndhN5CtVBznu9O1VGZw5bFpVPieJN79Kypkk+FJVxIkW1VUt5YRL 06qWc9ioc9VKzihVe1UJx1NzuErOGayTV8nZRHNa1Ub2t7aJVVc5PTqWVgdxhtsRVSBnGahyg/cM VJnNZ5A/Vw/kz6Q/qjrPV7ElVZv5+3mtUGFY1Rb+ftEF4D5pTtU2/l50SNUO/i7V5ap6Pq4pr8L5 O3STqnbzNzVTqs7xt7X+rPrIP9JBr57Bf9y1RzUjOo0gVMOF4MpX3xJepIysLhM+Zwyrjkjpzb5Y PTBlKJ9d3TdlhHA9VNwHKt0ORSOgqrdQTT1Ul1n9W8qIZpfqoSkBrR+rhSmTO/pXn0qp6JKrjqWC 3FeViQvBGIsXl1OmqQaLNzFmV98T7+UMr94rPsmvq94kPi/8CBXPgEqtUHQZFBsG1dyA6tDqzeLf m8dXHxBfbyNXPxF/6PBSReYEd63D2DmdoMp3WQqocluWSdmgOiibxTisUsryOMtVM2ULo/urYmXS FIkqWiYVt0BloVDUBMVmQvGeUJ0BKGueo0qXKdrGqlbL9nZEqp7LPnbtxNoKDQSBrVGOQxCsQBlG acIylaGMbixKGcy5jY1WcqKXYK5KTso7zEnJyZkAle2EKt2g2H4oHgvVvcNIyuDm7RhNyW/Lw5KU CzvE2H7l713H1OtL1xGEeqR6JLjDRqhHUF6r3dRu3iFqJ7VT8Gh1P3W/6HZ1T3XP1DyMwIicS9gv 7FchBaqUQ/974GqoPgju0/xAPVg9uG2reqx6bMd6daW6squ1JqcmB1R5ooV/U/qZdiDVRf1Wi3gv Vn/EPwevVH/HX8fwa3rh7amPagbi93MTapzwO4U7ocruGhJ+R50Hxd9C9XKocVjNMNzadreGr+3X caYG02Z1vd84rWEcmFPvN/RDkJpz+p/UCTVmfZe3oea13hp8fSOiN8c0bPTQm9ISNjL1x3NvbOTq Dxf5b4zRHypdClU/gGqToPp/nxsXbUzSnzS7bZTon3R0bTxhYNmH1EoaB4CeV2n8B0E2HjDaqVkb rxtt3u832o1tIc617sbzMf/U8o0H007WzjNuz4urXWusKjpRu91YUdYPWjMVqm2GGsKhxku1WqPK nFd7zmiw+td+MxL20E1a012CqK00/0CQ2mPmP6lltR3mpz60TWTztZCsTQnmE7GZm0rNeLrXpjPm qjzjpjfmVYsjNw8yy8rwze5mSc07aAMfajBATazNLub55jOb/czlVsnmLPMte85mu6WWIDbpbYMQ ZFOH9R/q0c3O1j99sjanWx+GHNi83doSe3xzp/VQetWW0dZNsydsmW8tXXx9C24tKg/f0mKdv7F2 y1nrwoZ7W05ZFzWO23LCushk2GIAKRa2RWudYT235Yp1q33H1kjbZILY/I8jEkG2hDiCqNYtRY7h Ppu2NDl+C/m6lWR3xDlvnWt/lE5sPW83zTZtG2w/tES0LcO+tdy2TWXfUJuwLcdeuytn2yx7bePl bZn2TS1R21LstZZr2xLttTbxNh97nv3eNtT+nSC2bocptvU+SLFv24aBFOvYVghSLHPbbZBi1dvB iiyjevt2mGLbv8MU25EOUsywowGchcAdHILY3W/HGJBiy3aMBCn2cwfoJrdrd7iAFAvbMQik2Kvt xwktQdT98ZsfgmjkCDLAW7MEQYYXaOYgSJBBI4T/DoRmLIII7mhc4b+pUP8RpJig/iZIMUk9WK+p V9YXgxRbUT8ZpFh+vRdIsYz6wSDF0uvBbNW2ul6GIN1DNPn//g3s9857EaQuy7UX+Uh9GnWFF68+ iVrIVNfHUudyz9ePo04T3K33o8aLOuvdqWzpq/o+1KHo8zoHFcH+qHtMeYXfrGuh3NCfqjtEOWKs qztA2WSuq2ullFkt9f6UVY5sDZsC0rv+N8ZuUKXUW0a+WOfkM4y+o67GezIrvQ7zjua51FV5hwle 163z9he11JV5D5XidSXe/VFl3RLGX1hu3SKGDY+ty2Hc0PvUZTKOGfvU5TK05h51tYzt1pC674wG +wVNf8ZjUCWYbQBVznECyc/rhJwd9Cs7uzk/2TPraJyrvHV1DE6L0L3Om3NOdKFuJMcgLakbzdmH 8up8OduxgcAqzROgXKcH2yXNFXURnDltq+qWcBZ2HKh7zim3c+r/5jwBVQr4vghS34e/lDKgbh// PP1nXRL/HzZeR4325w+sc48eKZxbNzTaW/S+bng0Tbq2jhY9DOXU+US7qd7WjY4maQ7U+Uf310nq gqJ7NI+ri4/u1eZdVx7t3DGx7nN0VNc1zYDoE6DKWeFdUCU3pSclrJ6UEsgIrzOlTGe/rytLkfPn 1BWlVAh/h4qDoNLzUHQaFOsJ1RyH6hbWLUlZ0+xbV5mCtfWtu5xypGNYfWjKyy61Jj4VrF80VPFO UKVNfJIyt75KbGasqp8kfseJqh+c05N/pc6e45TiAxWXQWU9oOgmKBYK1diguo11jhxS8+T63jnD 22j14Tm8joD6vTlrujDNkVw2qKKQgXWlJlGGUjZp3GVVjKb6Z7IdnI31jbID0QH1KtnxlK31a2Un xW+hskwo2g7FlkBxN6juYv062anm4vodskttcfVtsncdkzQhhaFdu/Hgwm5Q5bsyHVR5qJxGuaA5 oZzFIDTVSjHnlWa+ck60WjNZuTB1kCZCKcmZDZU1QZUhUMwIxadDdf8AC5oPaZKUJW1FGrlyT0e+ xqr83HUOv1PaRBD4OnUEguBL1OGUD7hIHebNxSepQ4PH4Rx1cPQnfISak4riZDUn5xU+RM0pDIEq t0PVblB8H1QfDW1+jQ9X89r24Qnq+R2b8b3q8133tJU1KoLQ+mnBva/11npTh2nBw7tE66x1Dl6r HaQdFJOm7aPtk2rX9tD2yJ2DEzhR+Du0dAhUXQL976FXQ42B2oHagW3PtMHa4I5L2rXatV2fGrIb skGVDoMHqPLcQKJGat8a+nqf0jr034Pvar/qu2IM2l/652mzGvrqH+d2NgzS3y2Kaxiiv1NaA1V3 QbV5UP1bqLGkwV3/1DyqIdzQo+NbQ4Uhze66K7HRD/6fJxPo/A2nTT2oooZrxs/ejoZ248uQYQ2f jA9i++/qb7yadmnXCOO5vGm7WEZ90c1dEcZDZYxdkcaDNQVQ7V2oIQlqfLArxthoLtolMt62hu5q MHnZI3enmcCKb9cGy28Ismu3+Tt1zS6j+U+fkbts5ichebt7m6/H5uz2M59OD9idZN6f17ZbYt6+ WLC7wqwqO7Fbba7c2APakAE1tEBN3N0q81rz1d27zA3W5bv/ML+2z99TbDkIOrfKRkWQ/6uy+3Br 6vzDBn5cda+cUBQ3CVqtkwRFW1EScLUVSYJ1CwGsW0JA6yoEHFXbkgCuaiUBRCwJJIAzG9zZ4KpZ BxytSnKCs1Ux7/fx975/wCtXP+WCkDs55znnfh5CkrIaohuuLLvjfUNfXd7Z+4gpL2d47XGXytd4 Nbzi8mPeyrQ55de9R4V3y0nvgfwFp3t5cwtPn+7vzZGRSNV3SIMBaWed7uLN8BpPT/ZWkUdP16Hf KJZfRi1W/jAwCfeeHhAYSS8+PS/Qh/nu9D7ybXzo6WtkS1KXiu6kKe1aRTx5IeuHil1kRf6zikry eBGvQg8tVlmhgxb7t0JLFhmTKzRksf1BxWWymOBX/E6uJ80VQfJDMFgxBbVYxWposRcVR6DFXBX3 ocWSzoRDix06swVa7JczsMpNT6vshVqsMhFaTFUJo7N4UuVl2BZHKsugxSyV0FUNUZUnocVUlceg xWZWQt8H7lXODsK1ysU97mNY9XIM6/FDNQfDhv5ZHQ8tNq0avXZH/+oh6NWGFB8xbPVrBazCMqYq LkKLpSjE0GI7FWvQq9EoZkCL7VH0hxb7UQ7zIXuuAmZ4xCXFemixudXbUYvJS0JKMUweGtp/oF3x FX51eKOCiesmzVd8idfNkihG4BUJOsUA/PDqB/Ignrflufw5vinnhfwOzit4Idfi00va5OX48BqP /BDeWW+SH6D8Y3PIlZS7RE8FTrEHjldPpPwNKRdpLEiZRh85sLXqCr1llEm+maaaPFW+gXZ2dh/5 GtqphDZ5Ck2y2iFfRsvbclHOoWXkSOXzaCsLfpbPpM0t2SKfQptckySPoA3ST5dPpnWzRctTwz94 N8nttC7ke8VL2nRIISKHQcq6yMqBH6s+MCJGBaoOM/6YcriqhREz+4+qVsa0RQxw0urWqoeMiC1S cHDOWvhK74JpVS2RH0p6VXkj26qJKnekU3epqj3SYa2RT4i87XHLSyOfk+mKW4zZwaAiJHYbpMhj 7ZRR8vksWvjIqn9Y2VPsVSWs+tj5VSpW2aLCqnpWSTK16gLr9y01VZdZxTnLq7SsXwsoVQbW3lOO qkbWruqjVddZmbrUKoIlsC6Uj2TleATy46wz/oCikR0GKUsTB0DKx8T5lPnyysSc8O/lCYnnI0Pk nyU+iT1e9STx/aI3yOQVyC0tVX8nvs/ZXvVP4ruCEVVPE/89Zat6nvimel8VmfhSFyfvkfjOGi6f y6F6ouV6zgL/WcUjDvS+oir5FoYpkpN9FKEiNKV/eJH8VgozcrV8b8ri2BfyJSkbE5fKeSlbklXI jDHInHPIAg7y1H/I6kp5UsoW3Sr5hpRd1sny8pRTnmjF5ymt/mPVU/gHg8Hq3hnHIcWeoaDIFIcz jOEORVLGvUiFYnCGj5Ugf5bxMbFR7hR0SxmEzNiNzPmILJAgSyYjq/+SuwTddAflAQHFulgxWhDt WawoFuT5q6rLM7+ClJ25MNerTsjdTblZHZ67n9ZPEcgtivyg0OeeYikUR3LPciYrducqUwoUu3JV GQ+RuUnIAheyJBNZgyN1OsVvuXprnsKY+9izvXqsiOlvqBkvgjlp9Xvx95DiFi+jvKrWilfQvqk+ Ll7NWFC9VZzK7l29WPwD54/qGPF6fq/qaeKNgmXI3MtIMQNZokfWfI/UvaueK95uPV+dLZZ6Sqvv il/43TUmiSEYrDkknY1hNTukMfiImh+kX9H213Ck0YwjNV9Lo9g/1IyRMrg9akKlkfz8mr7SKQIv UjQRKT6GlIYiayrASP3smjBpjPVFDVua5nHUnJSe939QimSwrlROUE6AM8QY5Rh8lnKkciRNpxys HMzwKgcqB7INyp7KntwMZVdlV/47JabEMlNrgjVBkQop6YWU7kT+70MvVvZQ9rBNVY5Xjvd+ptyl 3EUOV32n+g5SWgxwVCofG0JwvvKZoTfttZI0YMzRytf6V3GfK9/rn3LvqDrpvambVD309zIfqfro m/JmqfrqHZKDSGkbUslH6p+qcP19W75qkv6tl6XKNrDI+NopRpj7q+R2KoapLtl74T+rbtg+0sep /rK1Mzeo2mytcRtqMVszb3otbrua6qkdbbskTK1l2lR5ptqvbYrCIUjZRqTyDtKQWDvDVmW7V7vQ 1uDdW3vA/hmZUTfe3gjn7GIiDMNqzxL98dpaI9GZnlzr8b5gqmo/elviDHUjvHbeqbrZXn0ap261 Vyl8XLfDW56/vO5X78nCi3WF3t9LuyBVq5AGK9K+sO5n729ea9157zVSWj+L2BwM1pWiFqvTB6bg f9V5AzT64frugYHMD/WR5Mf4IfXJ5POkHvW/kffTLPVq8lrWlvqH5Pn8V+e6klVFyedCyfLS8+cG keW13ZDG9Uh7C5JYU99Bisjmc2sDsMXq/0Mtdm4ItNjzc3HQYg/Oob/u4J5TQIsdOAdn7aRD56HR 0lPPr0Atdr4Qtdj5BtRi5x9Dix07D3PH2jZkw3yk4zKy5Wtk4Nb5yuCJYFAzv5caw3RfYdhnWToG hg25rhuDYROqdaEYFqPUdYIW42n/hha7or0BLUbVwpoq9zttDrSYUAtHmvSgFo3RYi0GLSbWkNBi pdpe0GItWljTtWfr9qMW0yz+/ByGqW8PmjCwXUun9h0+Tjuc+tlEvzYE/zBrqbYnTiac1LzDidU3 NE9x65Ynmjv4pZz/NDq8TNxFU4EflHbT/IJvrglqMnCO/oVmM/6VrUNzFB9LTNd2wkcEzLoJ+DRI 2UR7CSkBuofSSb07om7UO00inTK5u+Y7eu9ZrzTz6FjCY00s7dXqe5rptMdbbmgm05pzLmkiaIaC Ss0gWlXJYU1vWnGNSP2etlO/VtONtta2AS65yivTKGhpgcnaVhrMAjTiyKMYphnKmEQZpK5haMLD 1Czm3CkW+Fw1+zT456I4dTVDtvq9WsE4usWgljMO5vymPsvYVZCirmBsLIlWlzGW1wxU/8GYp3uu VjFmWh+q/YwY7wDNOgaXPKotZ5yGFGOsA1KWsKZSotUvWYfD49S/sN5EdlJPY8+N3a9exR656JI6 mT0k+Ss1nx2y5Z46nd03Z696LbtbwUz1etb7U0H1Rlag+jr4SCdR72O1WHerb7J8nhLNPDaFHKLd wxZBSjAxCVJKE49SlmvmJd4Pz1Y/5QyNjFEf4SyJtanTOD8lRqnXcnYmF6jXc7Zn9FVv5GzNkam3 cIQF8epMTsapV+pszobqKvU2TrpurbqQs84ar77DEXmWaXicev8N7SHurGBQOz8FxpHmfcp4Sp5G nvJ9uFyzJGVfZJ6mV4qKNULtSGlOFKuvpDxIfoLM4CFznMgCofpqyoOSUGR1o7ox5YEuS/0g5Yk1 TjOI/5lnvqaQP9d/RqvnP4MUWcY1DNMmZ7RQ/tQOz/gQ/lhzVxAWeUsjEUSzsjRLBJzEF5qZgtUp 3yIzziJz6ciCWmTJQmT1S83XglU6qWaRYIN1neagoMCTrukQ3Pef0w3L/DUY1HXPha7U3s49S2nS nsq9RBuuTc01MajaL3LdLLPmdS7J+V7TlPs+Rasx53YI+iNzdyALOpAlBciaCRpTbofutsYj6mU9 rMVFkzw/a3NFu/xmXVFeDKTsEMMcRscT/0Tp0I0X76Mt0X4UFzBWam3iY+wIbbm4lKPV5on/5E/W ZomrBXuRuV6kmIcscSFrBFqhuFo/QJsvvmy9qa0TEx6VbrBkkv+JfqgEzi66DinMXnUPpSvxUbpr 0lU0se60NJlxWpcv5bN36VKl6Vyabp50Lb9MN1W6IbObjiHdIOIixReRUgayRo/UL9bNlm61ddOt l/7uIXQ3pM/IbvpLsovBoL5AiR4zz1WycJZ+s3IW7YZ+ufIrRpt+jjKa7dBHKqO4+/UjlYzUED1F GZmZr++jjBTdRUrGIaVHkcpB4BR9hT5EOcM2Xz9DucIbov9VeZb8wrBOhf5+bYphCpyBxhvG4+mG CEME7b1hmGE4c4rhc8PncRGGfoZ+3H8M3Q3dU/MNnQ2dMz/qg/pg3kqk5CxS1h2p3InUBw1dDV1t hw2jDKO8iYb1hvVkgnGicSKk/G2nQ8oz+1D8kMFnx+mTDS/sPZhCwxtbR9xWw3tbO2+uEbP9nRow fmbzCH809rbdy3tk7Ge7XTgNKduHVLYhDWnGvrYm2zPjKNs/3iLjSvtYckdDD7s3GDReIGgYZmwg wvBzRhvRn843eojOzPNGv/dV3M0GzPuYV9kw0Hs/bXUDzWsSvm6I9BrzNzXEeC8XWhpivRdLByNV AqTBg7Qvb5jhVXrdDWu9j8mzDW+IfdAJVajFGrSBSLypoSkwmn644XkglNnR2CPQPX5kYwT5Jqlf I5t8nHa7MZm8m/Vj407yxh6ssZDUFW1qlJIXS682lpIXaylIoxBp/wdJrG88RJ4k3Y3/or/uaHyI WqzxPbTYwyuDoMXuX4G5YFTilVRosf1XfoEWO3jlPLQY/woBLTboanfUYlfHQYtNvgqtV3b86iJo MT+yYQ7SUY9siUQGtFf7BeXBoHl+HxWGWVMxrOs31hUYFmazJkKLjbbCqiZmlXUiei6Z9XNosWrL f9BiuOUvaLFVFugk8RHLb9BiOgusyJT3LdCDhsdmAlrsohnWbkTQkgItdsxajFrMzAuFJjTdG7yG MtiSRF02bLclgcqbWGSZQ/121peWGdTZCYcsX1KnrLZZwqgjMzDLZ9Q+uTRzAH8r/tp8Hyek35q1 +HUlzyzD5YYk82J8v32kWYRnEylwmc2BN9aJOOwX8w/0K5BCRqgpY0y7RsvCo8y76TmT7pp/pG+b 9cScSd+cEDBvoKesfm3m07lb3pi/p7NyXpu/oU8qeGGOoYeVPDdPonetaTGPoD3X3zF5aTdsR8wh NK3XZv6N1hBYZblNew0p+xiwTjWHMO5SZpoqmYLwRNO0qP6RoaabzKjZF0zXmRMXrTVdZUYkTzA1 MsO2BE0GZt+c+yYNI1hwznSRQZYcMdUy3DXbTXLGLf1K04+MShtuusCo9Maaoxlq8roln9kbUpSs hZAyj6WhfG9qZY8JzzZtYx+NjDMNZr+PdZqWsmsXvTAtYyuSd5tWsCsyRplWsf/IuWtazS4uOGJK YR8oWW3is3fXTAQz9J1M09iJVrlpJ3uFx2LG2D+RcyzfsuHMb36SqIOUA5yelG3m8RxuuMx0k1MW ucO0meNjhZkmcGmJBaavuSHJHlMMl5Kx0hTL7ZfzyhTH7VVwwjSP27UkwfQN52NNb9NCzhud1fQF x2ndBD8b8OSaXnJH+p9bvuKeCQYto1NWQsqdFDHlhDk/pTG8yTw25X3kBdNt/hQW3yTmr0psMWXz M1JikBlnkLlfIgsaTFv5W0rWmLbxN9dQTdv5G3W3TDx+knW16Qhf6OGbQ/lKv9aSlLoQUjIFMPOy TBRMp2jNTwTLad3MRwV5kf+aFwgqWTXmHoJbnGgTISBSSkxuQWvGO2SuAFnQgSw5jqyZhdT5TJcE FutPpteCgCfbvDlzmt9g+SPzKaTczG2FFEnuv5RHliRRP9pXFopoDGOG2SaKZX00F4qWcorN6aKN /G7mJaJMwQpkbiNSzEaW3EHWZCH1Q8zRopXWP80ZIpHnmLlVZPbfs3bOg3Wldbz4IqQExVfwPha7 2EHLsBwXE4yfLCniADvBMl4c5LRbOkn68jebn0pCBGbzP5IQEQ0pPoKUDkXWqJD6RLNF0tnqMQcl oz1GyzqJ0N9u/bEwGlJOSOHotO6QHsfHWZOkJbQy65fSCobB8lFazS6x3Jae5y601Eh1/HuWYumV zNmWX6XXRBKk+BVSuglZ8y9SX2DZJj1nC7OUSe95AtausghygA2T+YJBW6hSiGE2TJmFz7c+VmbT 7lmvK7cyO1nPKLexfdafldu5Z60blDtTY6xJyt2ZtdZ5ypy8PkjJKqT0JlI5D6m/Y41WZtpWWVcq Jd4Ia53SRUbajqlKIaXEwIMUiSER32DLMyykd7NtMXzDnG1bbpgbN902z8DmdbZFGWanltpGG2KE NNsQQ0zeftsgw0zJHaRsMlIpQxpotgGGqbY/beMNi7wptm2GI+RSO9vICwbtUfYoOMNNtk/GC+zj 7OPo0+zh9nDmbnuYPSwu347bcd739t723mld7d3s3YQF9k72TnlBG3wULkbKSpGqbkjDDtun79gp doq33J5gTyD32IP2IKQECDjv2l8Qo/FL9tfEcHqa/V+CytTYPxA94xwOzNvBq3N09b5M2+To4X2a 9Zmjr7clX+QY6HUVPnLg3gelkUjVXqSBRNrXO/p773h9jplEd7LOYSGk0AZm1GKOOwEmbnIQgXH0 Iw5fYDgz6HgfGBBPa+od6JwU0jSEfJXmbvqS/Dsrr2k66drTu2kO2Vy0symBtJbeaUokLbWjkMaf kHYSSWxpmk1eJv9uUgSmBoNNT1CLNcF5E3/Q3ANa7G7zCGixhGYYf/F7mznQYvubYWWYntx8AFos tLkMPS7WfBm1WLMFWuz35rvQYiSygY10KJAtY5CB6uaSoC4YdJn7XcAwb38M6/TY2xPDBl/xQOr4 M552aLEIjwdabLAHVmGrr3sU6LXAPQXQYirPJgyTdPbMwzAZ2zMK1tjZ7n9h9vC72wLbpd71AsNa KG6Y57XXeE6hFnPdHjwLw1wrw65QOJ6e1PqhjZ4u1JqJse531DOzcLefejLhlJugipM7u21UUUaC W03NyP3VfZq6XKx1/0plSx+5hdRxqi7uxdQBxsHu6fhrxxeujbiRyHW14Or2UM9EHHa/61GEAVIy RhspK50fx1wM3+ceH9Fpkso9hv5uVsA9ih5YNNQ9iP44eZa7P/1exjJ3F/r1XIHrDb1enO/6hy6V Slz36QeVJ1zX6JmGUlc9fan9tPM1Pcz71iWkDwvsc1+nJ0DKB8YHSPmNeZay2TUqihte4qye2iUy x/UD8+7sVlc607aoxsVnXkv+1bWKqc7Ici1jVuemuJKYJWKOK4FZII13zWPuVs5wzWauN0xyRTOT 7HTnPuYA72ZXH2Y4+cKdzoS96h7OQikX2ELKPlci+1m4ztkaty7ytHN3nIfFcz6I25CY6HTGpSf7 nK64lRmlIC93rdMdt0A8HYyRDgSn1ATg6zR9E1ySarvonMq+5XnnNLCfkQJ3WByMIPc8DvSL6xlH SSlz/cLtGv7IFcFNjrztbOReYB1ybuN2cEKdR7melJXO49y/Mp44T3Jv5x5wlnCt4pnOUu71kg7n aa6h5pqzkntBf9RZxVXYNjkHclM8Z50nuAXkAFc7bwCk7EiBEeH+gj+eYnA18dfS+ruy+H8yeroG 8Z+zbjpNqTTOSmdJKjvF6ixNjRVMc5alzso1OE+nxohXOitTv5L2cv6ZGl3T4FSkMvV5TmXqZNsC 5wj+Q4/IWZE6zH/f9TIVZnPuekEFpGwSWCmEO1zwL+1rlyVzNIPl2p65mN3HNSkzl3PW+T5Tyqc5 A5kVgn1IEYYUS5DSSGSNF6k/jLQlOtdkLvPsdz7KLPFb3KOE30DKW9F6SLks2ot3c+8QyWjr3VNE DYxdrieih2yOS5bXhfOfa0PeMP4uFydvrKAFKVqAFFuR0nSksidSfxFp2+y8LXJ6/nQtyKP7W93b 8tzBoIclicYwzwDJfJzmfiBZQTvuPikRMC66V0j2s4+5R0j+4C5wPZco+XddtyTazDjXVYlBJENK PkdKpUgYY6CeQNoKXEkSoafZ1SjR+Tvc7sKfIOWwrBekbJZR8RgPSzaCdt0zQPYl44XbKYtme9xn ZHO4J9zbZZzUKe7FspWZZ9zzZPy8rkjJWiQclaBSiDT0Q9rqXU9lQ7yd3d/J0smhnsTSLyClHb2O vee2sgVf7qlVPqa99BxSPmeO86Qo2+PCPdHKf7lPPRTlx9QD7peqbsKebq+qZ95mt0vVS3IVKZuC VNYiDSykzesWK83eaPdTFZWM8dxR3Q4GvUkGOZzHYg1yfId3rEFOH+bta1Awkz2kQRGX6nEYqnlM T72hJtXrOWFQCdd6Dhhq8+56RIb6wvFI2X6k8j+kYTfS3s/zjWGvV+g5arhOpnvXGmGLeRvtWyHl vF2In/BW2jPoc7xH7RuZRd499rVxUq/Ansbb5V1lT06b7F1oXyVs8MbaV+RP9063ryg86p1mXy57 jFTNRRq0SHusdwj8d967xL6DFBO9HeHBIDGdmA7rACbBxDXERGIi/QdiDDGG2UiMIEbEPSBCiVCe gRhADEjbRfQkemaFEl2JrvlHCIzACj94g95g6bdI1UmksTPSvgPpDRLjifGkntARcOYnPqIWa8EC U/ErLZ0DE+nHWroGIqI6tXQPhMWPaekV6J8U1tI30DXtcctA8l3Wry0hZPueQS2DyWdFB1uGkk9K n7QMIx/XTkEaDyLt/yKJrBacdJIvWnIDMLdseYdarLUztJijtQ+02O3WUGixb1vp0GKi1khosT2t s6HFVrXCpbM/b12BWqx1HWqx1izUYq07oMUCrTuhxWKRjtPIliHIwKlWTtARDPrHDLiPYYGd2E1Q jGGDzgT2Q4vFBHZAi4UG1kGLLQig54uNC8BqK+OvwAgME60l4ZZJCBJGZ2k8eR7Dak+QsC5reESm YVjzKBL2wcMkHxe9ir+/ArWYf0IYNKHv8tBEipQ8HDJ2aBeyIIQ2sTu5P2TIrDHkrpCBCc/IzSHd kn8iV1LfZLwmF1AfiZaSTKpDUk0OpWpk/5KdqBW10/2Pqb81CPzXqVubZP5K6tJWU1sTHmyf7J9I pULKtNGvIOX6FxjlT9/isV3D3/vrIiomlfurI0pm0/1nIo4syvefijiUbPcXR/wkwP0/R2wWLfTv jFghyfNviJgvq/Uvi2Cq3P55EUMbuvijIro0jfaPpD9tjWtbSt8WOONT0ysgZW5UV0hxRmkoat+W qZm0/m3/TYtiUH3uqIrYaN+DqFOJk3z3og6nMHxNUQcFMT5L1E+ib33Xo7ZIVvr0UatlGb4LUd+p 8nzVUdONh33lUXTHGd/xqH4tF58/Yu4LDPYtYEIj+1ewA5DyNk5AsfjEcS9pY30j43MZUW31cz5j d/cx41cmPgW/TzntY8QnCLaD8aIVvsj4GZIFvinxE2WzfJPiR6mm+ybEU4zTfF/Gd3ZM842JC7TM eL43Lon8va0tDuY7/q3ofRf8YdzTlIe+S7wutPm+Rbz1jBVt//Bs7Ki2wqQITmvbDd5zPr3tFu+J 4FqbhUeIRG023l+ShW0OnkM2pu0274aqZ9tdns7wou0+r87e0vYX7wxx5/m33A5yapuCB2PQf5jv hpTY1OGUDt/TVD5tk29/ajXjZ9/o1P/Y69rsaTO5Q9uOpG3ky9vK0viZw9pOp60WXWirTFshWdtW lbZENratOo2rfNumSltosLadS5tnl7ddTIslxM9jUn/xv207mgbzO/+FTBi//k2ZOnyIf0QmSSvy XROOZlz0bRSuYkt9YcIi7vI2p1DDf9HWKDRnbkKKXiIlhW1XhGYZG6nq1HZVaDLcbLsmvGk/3nZD eJ3Y8jxV2NtPtCmEKkhx58G49v+RJ8Sj/UvyjtA0/p55WsZT38W8J+wHvo35/bh/+CbkT0qd4euR H5d52dctPz5vClLSgJT9gFQNQRr+QtqlSGLz84t5e/1kG5kPs1Tys8JhkGIvZOAJ/iOFC2gt/sTC dGaYv1dhXhzVd7WwhOv1HSi8lLrHt6rQLOzl4xQ25W1HSt4hZRIk7H3Q4EPaq5BERhu9cADZyzen 8BakMGR/YxjZXfYa/8F/p7Qrvaf/ZGkIc75/denYuG/9tNKveSN8vtKFqWafsXSVcKnvz9I1eSbf 2dIfCmcgZUakajnS2BVpv4AkhG0lMjn5ha+qdC2k8FVVkDJLVYfnkoNUGvo4/1PVNeY2/wWVIy7P v1fl5q30L1b9kzbQP1H1Uljup6je5w/z91Z1FIqQsrdIVR7S+Onr9iv+PqoOIts3TpVIfuMfWtsL UoqNayBlh3E9/ju5wriJ/h0ZbcxkSskBxq1xdf6nxl28I/5Goygt0S8z7hc+9+83/pK/zr/dWFBo 9/9oLCiNRKrkSGM00t6EJLb5rhk+kJn+E8YqSLnlCIGUC44Q/BxZ6qDS15E/O6jMq+RGBzWuhVzo wHm3yEgHNe0XcpAjJGs82cXxeb7S/8oRWjTEH3AMKs1Cqh4gjYuR9hYksd0vtJ8lT5JjHPPh3NyZ qIOUt4QSv0I+IxR0EfkXUcn8h7xBlMf3JM8RUt5/ZBlxMs1AFhLHstLJPcSRfD+5nSguWkUKieLS S2QmUVzbF2ncirS3I4kd5GQiiTSTRsIDKTNRiwWmB6bjmgAjwKD/HhgfGB/VNUAP0OPHB4YGhiaN ClAD1DRfoG+gb9bRQPdA9z0RgS6BLkXHA1gAK31LBslgLQtpPIZ0dEJCShB9BNYFoIvaw1CLtQ+F FrvePgxarKkdrcXmt4+CFtvdToMWy2sfDS22vB1mPNl4+3hoser2SehxsXb0N4q/t0dBi7UjG2Yi HX8gW/ohA7+2Dw/+jZ73jCeinulC/O8d0UIVyPGfXv0q5gJy0ZJPryFyFJl5Cpmfiyz+9Hy28g+f Hr0rQV6LQt7VIf+eiXxb+/Hs/94BZqgF/X/4Cjw2GAwJDNkGPp84F3w06x/QmYiDdj50dkhjphWs y88HS4vhHoaIy7Xgj+dgD4esumoG4+6in/3iCZyJQ/q8Hf1xHPXTK/R/YUQpY+/h8N1xbTS45tE3 J0P3j26MhdXs6MuJ10AlH7bu6LLMDrAofy+YV/wZuKU8B1xW/xKMu8oHv7wDa9rRA54wgsGI12+K O6rp71HK1AaUMi0fh9VM9Hza22Bw+nAm3LZpg1kwq5hG4fwC9uR74ZIfhbBNprbn/wY+LILtPbWp HLbAVEP976Diygvw2B342amix7ANp657/apjctQklBJ/AaXMmY0ng1Y6HKlzNzDh83ld43bB56Fc mLXMHZAKX5nbXbgdLvMxXwa+KGoGn5T3Bu/Xwz6ac+PKz+CF2ybw9OP+YOHrpA+G+FEoJYmOUpL2 45kgSYeZ4OJUJlz/4rtxJ4PB72fy4JYv9qbCllz8l/Am2JzfCJqKYB8tbih7Al6s7w4qrsCtXiy7 vRIsflQA7nt15cNm3iOUkvZp76d/ju9HvwGnfwVeZJ4IBtcMiNODKbxzYEkafHfN3qzhoCifBHcV /QVuK4N7tEZQ9wDc0NgGpt7uCi5/BMfAGs6ruR9i0w6glKxPv73Ouon/AcdDJ/piMJapAfPj4FZk N/Dg2M1+k4aevYpnbQAH7oHjauuAIrjOrf3KbGCfOgPYqxHG29buzXBPt3Z5CHOK7ODLRx9isgaj lD3pKGXPIVwO1tEzwFamMxjcS42HMQZTBNgaezenwd7f+0vWcbBwz2xk0QckStlbWKdCNkqRzUeR D48gX/7+YW3+CZRSzEApxQtxNbiBDvev+Ffmf6AqHj1mcDsJjvbi1+mQeLh/1hVwyJ41yOJ+SJRy eEhdKbIxD9m8EflwNfLlkg91RcNQStkblFLeA4dOKx9Kh6O7nBEFR2L5t/EwJsvXJMH8uPyndMgq L8p6Bsr2/AqWFdOQKKW8rE6MbExGNn+NfDgS+bJPR89SBUqp+zSTrVPhsDfrdHQlaIkaC3ri4Sir I5PgeKwLpkNiff/snuCQPfBz9SOLZyDL7Mi6XcjGT19p7oZsfYB8caFjfW08SmmciVIa2TiM1cZv 6A0gNwpGWuPK+GxwTRKspRoF6bAFGndkw5m0MX8P7N/GA8WLwIMopfFg3RpkY39k03Vk6yHkiyUd 94xulNJ0HqU0XcLhqG9S02+A+qg5YEM8bOem60lw+SZTOmztJns2bLem23tgKzXdL14GPkApTQ/q FiIbCGTTHmQrE9lOfkxwZKKU1r4opbUPDiOztTfdjIz6BuwVD8dIa88kMTI9A5k9EbnHjr5bvBRd sgxdvk8dA9mgQDbNQLbcQbbv+tjc0gmltH/96T26ZuB3wal0uJ3tkVELwAnxcKvax6L70k5PR100 MjsCHLYHRlr7kGJ0mbCyS+Dgus+RDdlIxzNky2ZkIBhMDewLfvr3vwbANUi6BRnF/nSG2/7pDLQb mb4EmT3g0xFW9ekImPBphB5D1gaQDTOQjiIk8emaA9v/X8L/73t/Ctegx4XgX6c+MG66uYLBl19g WPcCDOsoDAbfw5HTUYphXZwYZtidlpL16X07O/3ft+78P2LQcw/iM3JtAAABnWlUWHRYTUw6Y29t LmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0 az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMu b3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJk ZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4 aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj43OTg8L2V4aWY6UGl4ZWxY RGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+NTA5PC9leGlmOlBpeGVs WURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94Onht cG1ldGE+CgcrM3UAAEAASURBVHgB7X1nd1zXleVBzjlnECCYM0XlZMmyZTm2Q7fd7ulZvebD/Ah/ 6X8ya83qWdPd7nbb4yBZojIpiqTEJBIkkYicc86Yvc+rWyiABRBgFYEC61yyUK/eu3Hfe/c9N7xz Yqamp1fEnCFgCBgCUYhAbBSW2YpsCBgChoAiYARoDcEQMASiFgEjwKiteiu4IWAIGAFaGzAEDIGo RcAIMGqr3gpuCBgCRoDWBgwBQyBqEQiJAGNiYrYN3OOE2XYiuxiA5duojBvdD0d2WRVPMv5w5DEc ccQ+RpsLNd3N6jTUuLcbPhrqeLuYhOI/KAGuLK89Griy5id/xMjE5KQMDo881OkWFhZkcWkpaJ6W cL+7p1dW1ka4zi8IZN2drf5cXFwUpr9bjo1zdnZOenr7H8KFeepC2TfCJpQ8kxNm5xc2THezuD3M Fjfz8sSeaWfeBqGx/XR296zJD9vS3Pz8mnvh/KHYzs37sdX2vRi8fT9uul5737zVE6vJyamgfe6R 6Qb0t+WVZVlaXhJiyW/it7zs7i3j2vcMz/mM/9Qv/eNDv169icyjzeExR95HZiFSPQQlwC+uXJXJ qWmJjY2V0dEx+a8/vqsFj4uLk46uXrl7v0GaH7TJtWu3JDExwV+2hPh4ufDlV/LgQbvEw2+gI2gE 7N0PPtmQAOlnamoSDXohKIEExrf+Oh5pNzQ/kMtf3xDmYzcc8z8yOirnP/5ciFWg47O/nv9YZqZn tl22wHiCXcfEoJ5GRuWDjz97KN01/pGHQEfMbt+9L9du3pKEhOCYkSAn0PGY/3A6Rjc9Mws8prcU N9Ofx+D27gcfa1tkXnhvdm5O/vLXD3Xg204eg/t9uIyKLev0k88lKSlJPr90RZpb2/zt+1GwBE9n LZIk8KmphzEmAY1PTGh/iY+Pk8aWB3Lt+to+tzamh3+xHV6+dlOGhoZ18P3X3/4/+c8//EX79H/+ /i/SjcH65jf18h+//7P82+/+IP/r//xWfof+/sf3zivel69ck3/59/+C//fkP/7wJ7l5+64O8u++ /5H815/elT/99bxMB8n7wzmJzDsPESAJrW9gSFrbOyQpMVHaOrvkiytfyTA6GDvJnTv3ZAGdgsy/ jApi5xgdH9fSUbp55vRxqawoxeiyDD8rMjI2hkqc1OdsDLirjXV4eBTfi2saP5+/d/5TudvQqA3b CyQyhkbg0uA9jkL8MN6xMaYdo6NTTWWFnDp+VCuaDZN5Gx4Z0wbEpr2CMEOQWic0P6uNnXExL3Rs dGuvPTImETDsDDqta9SUBuifjs9ZZqZLXOjoj6MmsZuZnUWe9bb/z4JvVHU3mK4bYcfHJ2WUZfPF tbS0jDQ8ycPL48OS7jIk92kQ7NDIiD8exRwJD+Pe1DoiY94O7q+RY0cOadyMfxbSziA7C8rDztPV 26cdAm8MaVkYH8vNDkXy4W/mh2FJaFM6cMaoVMZ45imdwQ/98fnA4JAsYIBj3FcxWF24/JXMIU06 +pli/oEzy8vfrCW2N+Z/fp74eNjSP9MlKb3+yotCMmeeiR/bBPFjuoGO8bHMnLk4wqEP1tcwSG4S sxr6oeNUm9I8624J8TItfp87c1Kqy8s0T6zvqakZjY+SlTqEm0ZdDw4xv/Paj7QveE81T5w9DSMP TJc43G1olvcxeBFP5p+O+aC/f//dn9D2J5CeT1pDGNYF24ZDQvOKsKwTnQH5ysB4KMQ0QTBgX2B+ hkeH5e1vf0u+++br8vZb35LCgjw5cuiA/ODtt7QdMF1ev/nay5KeliZNIPtjhw/KO995Q7731pty 4ugh+fjCF5KclCw//9H3wREJ8vHnlzYcQJmHSHYPDfus6LrafdLe1iXPnjklvRghXn7+nLS1d0l5 abEMDA/Lyy89p9JWJ6Z0n1+8rCPTmZMn5NUXn5UraNT7qirlAOJ496PPIUGOYiSZl+NHDsvhg3Uy h8bxBUaVvv5+HWF+/Yu/kTg0XlYiK5USCTsOO8kLz52VTwFuNzohmoQU5OfJt994Re7Az+36+6iE JEhcY1JRXiJvvf6q3G67hzgmUHkvyUVIovebWyQeDSA3O1u+++3X5a/IzzgIeRKd7NzZE3Ly2FE0 uCV0lilU4hfyi7/5ocZ78fJV+Z//9A9yv6EJA0CPvPjsafnju+e1k03PTMtLwKO2ukp++/s/aWPK y82RTy58KaVFBZKTm631zTbIxsiRdAmNNyszAx1zTGJivQ7GEb2hsVk6unvle8jb4tKi/AWj6rde fVHTfYABKC42TnJykPc3X5M7926DGEblrW+9Ir19A/LRZxflb5Ffdmg6NnQOFJ9euKQ4JqBh/vDt byuBvv/hZ7KAcrLTP//MWdlfW63h2Pkamlu1Ts6cPqGjeWZ6OqbqfZBwYuVXqJv76Jz19xoVn1de fE7Tef/DTyFlJwDHKXkbHYnk8wnwI5HV7KuSmqoKOf/pBXSOJJkF6X3/7TeV/N7/6BNJSkiU+cUF 5O0tlKlBByPWI9tOS2u7fAVpJQEDb1wcOuJ3EA7t5Y9//kCSU5Ix24gHSawOQOysC+j4H35KLH4g tyDJ9A4MYrCZ06WW19FOTxw/ouRMv7xPjEHZyPu0fOvlF6Ucbeev73+MvM9hGWFejh4+IGdPnZS2 jk5I1J9r2/EGumUtJ/NXWVEheaiXi19ekTgIBewj+WgDP/3xO9LW1imfok9kZqVLPwSJjLR0qaos Rz0IwsfJNxAgLl+9LjHAtxDt+Z3vvqk4NDQ9kPTUVHnt5eeV1JW4WlpVGPj0sy/k5RfOgWQSMCB5 fY71dgID12uvvCCdEFI+Q5qJyUk68Hz/rTckLS1VSZttg/XM8tMlJ6VIdmamXksMJrhkUUzi6CcD dZ+OcGyrLHMs2ipnclmZ6ZKVlalTZpbjmZPH0S5zJDUlRfJQBpZ5r7qHJECOvBVlpSC6IZlAh5mY nIZUd1J6+noxGkIiAY65qPxFkNo8Gs33MDL86J3vgPiueZ0QI+8SJBmOHD2orF//3U/lB9/9NsKD xIA2pa+jh/bLf//7X6DjzWFK3YOOHqsjX0F+LkaYw/LG6y/Ly+gQXSCHuyAJEtPf/exHaJQd0tnR BZF7Rgb6B+XH3/+O/P0vfiL377dIb/8A4pvHs2kZQx6uoqH+/IffU5LgyEqp4l5jk/z4B9+Vn/7w bUiDyA5GW0oUmRnpMgryGIMk2z/Qr5IAR19OdYoLc+XS1WtKvr/6+Y/l9ZdfwBT3gkp7o6Pjmm82 rglM3dnBXEOLj4uX6zfvgNhj5b/98mdKmjOzq9Nf4lxWWiIPkAbzx84yiTgoxdy8c1d+8ZMfyC+R XmdXl7Sj3JR+3FSUpEfiD3QrqBhKeK+g0//jr36uEtSd+41yG+S1tLIkP/vROyDyZ+TCpS+RRy8k 8zoNItDlDlzX322QUyeOyv/4x19CUhgD0fbKqZNHIRkclJ/98B3t5J+BYEtLiuWnP/qeDnSXgQ3r j1OjNzDwvHDuDKaLF+XIgVr1k4c6vX77Noi2WThQ/B3KdOzIEW0rZyCtv/DcGZD6q1oPH39+UfP/ 85+8I5NoJ22d3XLx8tdSVlGq9Xzq+DGte4cxS8H+O4K65b2BoSEsBYzJr9BW3sBA8sXVGzqI0B+X Rb6+dkPSQKS//tufykvPndOBtb6+AfjPK9n/+J3vyqUvr+la20efXJAXnjmjxFpVWQaC9GYCYxgs SZYk8bv3m+XNV1+Sf0Abvw9CmpmelStod8eOHlC8SouLpKSkQBJB+nQkG0rB72BAYLt9gGWkuZkZ OYNyPXPqmLbnRJA/hRBKgkchmR2B0PCTH7wtpWgrFArYxr/zxmvyN2j7X2PpgpFSAjt+7LDWMUn0 5u36oMtArCf2wz+99wEGuw+0HauErnkjGa79UP5mW/vsiyvCKe97GCgowRejXJwpNj94IDdu3IYE /oIOMlrIPfbnIQmQwOfmZKlI29DYgpEkWSWsL7+6Lk0tD6QgL19HBYKzDyN9HEYyisrJyckQ6Zd1 1IjFSNffO4CREiMfXE52lpIgp6x5ebmSn5eH0JDoCvJ1muHrj/4KQO0jVIz0A+ySokLfOmMMroul ByM8pah9kMC4PpOCUagYjawfBMhRLBafMUidHOU4onF95ScgPRIdG9T//c8/SllJIaTb0/6pKhtd WWGhtLS0YYo7J6dPHcd1q4ygM1H6vYXO/fILz2lcJUVFKq3NQjKJRdmdi2WJHLMw97juBZnW1VYp qaWnp0lpcYksg/jo2NhygHMu8OiAlNnd0yOHDuxHmqOKEfEkS5eXlkEiG9CpBtPwHNJCYw50K5Dw SkqKtC64FFFXs096uvuQzjIGs1Fdf5xF58mGNBw4jWQ++eE9DkDZGOlZjALka2FhSZJA5MyrTu+R YGdnr5LQe5Mf6TSzsDBfOwn9czrFdbru3h5IMQnobANK1DojqKvBOtJf5be/+6Ps31+t6Swib1rV iJ/TuoGBYcX6DqT7JeSH06tB1DcletZjHqRrth+2UUpIznlYeNPJispSHaSzszJUYmTenevpH5LT J47oVHA/ZihsD//5hz9LbU21LptkZ2dKKto7ZzYzILl91RU6OFWAfCgF0zFZ4sV4C4vyhfXKte1c hKUEWY7BoaO9W4oKCtAOxzFTqER+V5cuKstLtYwsA6VbFBMkDsLzYezyym+m4bDXa/hjn4uH1JmO tp2akqpSNzfX2Ac7u7ohYExISXGhv20Hxsc0sjDYH8GUlo4SKfsM4w7mmC/2sSr041pI9tw0SQPB khQZ5gMIAhSAWO9u2ShYPJF87yECZGY5pSkG8Vy++rWchfSXkkyxOV2+un4TRPCsVtgKO47E+isp EEJ2pmQQUz9GZDaWOXYKTOnYKLR3IQ36J4iuSzNdOr2vFyuSChLgmpDnD1OYmSlJSy6TKa41YSrK aTMrZXpyRtLQIGZmh9RvIqZUswtzXqdFBTZhpC2CqP7c2ZNaNo7Sf/jLe/JPv/47XcshcbMTXMAC dyWmK4dqa+RDTDETMeXIzspCR0pSyZUj6OQcFu2RP9dw2Bj421tX9MrkZR8dOD5Rp9skShLD2OSE 4sHndMTpGDrhrTt30OHm5ftoTENYO5pD+bTMyPvU9KSUlBZiqsfddW/tldPA+QBpk3ERi5kpdCjk h4Q+Oj4qGZlpkBoW5TDK8zyWE6YhbXDEZ+fzO3/F4YK9G479wX8SQH94nZ7lzEA7OHniGDpEpdZN HAYjblolJ3mSC+s7C5idxZS6CAMc18i4dkxS/uXPfqhLFH/48191ahiPKT727TVNTu84s3j5+Wc0 /xws+ZtEx/rmQDuHspAomUagc0Xg/ZgVj5yYba81eT75LDUF9QjJnnU3jjXFXrStjIwMmYDkz7qd x8xlHqSfgWkgWzclc07zuGSy2sG91LQNoH5YT/yQyIhrRQUIrv4epLB7cuLYETkISZjro0yf33/4 y/u6vlYCKaoF7ZIko/lEHEwz0DEMq0rLxbL5Pi5NhsQttNFsLOmcVAl7EjM2Smdsl37nZVnzmQbC rqut9h7hPuuF8W3k2K44hT9Uh3Kg/XHmQv+cqbyK2UYZlsVWsdkolsi9vzqMBuSRHbO6qlIrkiMW RzBKa/ebWlSq0xGY/rGG4FxgRMsA6tCBGhkcHJabt+7IJUxjvrr+jTbiQH8aNiAO/s7ByH0L6yT3 mpp1ijg/P4d1oVsQ929imjqlRMUKaMKU4x7W6C5CPF9cXsQoVaaEt7KEkRlkl4pF2gt4drv+rnyI tRxuQvz2v/4k7ZhyJ4MgKB263LNSy8tKpBkknYUOUYJRvLW9EyNbvja6E8cOyVc3biqRfoq1rv2Q rjji5ufmYpC4hqlQIzr2mHZWdpgprI31YI3zxPHD8g06AqWHG8CBvYSN2Dkuqtfuq8Yaaps+ywFx cJ2VnYLx3rx1W5cd9ldVSS6mjw/aOnRJ4O7dRklNTVnTcCkFkfSuI50bmAI1QYI9dvgQpJw6hGnS 9bULl67ieb0OAi4P6MNIzcvTmrrBLUoM6ZAYuDRwHXnh9Oc0psjEoh3SxvvnP5EHwMkbDBAjACVR kdRZ5x04svLn98/rmu6du/fkLx98ogTMJQeu+2ZlZ2Aa1aFruiS6iooSuYj14VYsc/zpvfNKVpyC X8CaLNfIvqlH3gOkbpaBeLp8K4W4H1rAVazZ0U+CkG5gnZDt+H1IL41oQ6cRfyNOLdRjPfLCpcsq yZVD4qvbv0/XADl43m9oBIm7XX3GiYKSNFaj1zwwL+PjE76ljHlpaGlBvE1Krl5e8RdtYARr3W2t HVq+PkjJOZDKKcXdwtIHiZ9rb3QcFJbQtq/fvC09eE5pTNPFM1du4njkUC3W1YE3ZhJ/xPSW9RQo Ibt8kuRHhsew+XRT+xSXibjJ49LTRF2n0B9MCFkGcZPwSODse0yb670dWKLYy+THIsb95je/+Wde BDpOm9IhXnMtsEIJcAUjZbpUY5e1FFNAdgzuvnFTgout7NPsoJSWuIjKaUomFlIZthkL25QAvoV1 AkqWnA7zQ8fpQz78UmKhI/GWFhfret0KSKkSpFaDqW47gObuK9ffOEXjznQSJA4usnOq8uZrr+h0 iSMfp3GMt7amCmuQfbox8C2s01Aa4XpUS3MbOl+ccEGfHdc55rEUUm81phhaNpSnFkRHP8wjpxyc FpMUnz/nTZ85Mg6A5LnJ89y5szoCE4M4TBuXsEbE8JRiSEZ5eTkqTWcgb4GNMwVrUo1YajiKdTZO 90lk3GAhwXBt7rWXnlcsuTBN4mgDCXKqfAAjchpI0Dnms662BtLSDJYDhlC+Z7V+iAXz3IQNofT0 VGyCnF6TPjcgCpE3+ssOqBumxXrMQrmZdifqoKiwQOuDAwiXC1i/x7EryP6q9Y/w3mBCEhdpRSc/ gF1mbqoVo93wCFAH6u4ISJlTKnZ8DnDjGNhI/Nw44w4uOzs3ZTgL4WCWgjw+QDuqLC/TzTRiyE5I x7/cKGKb4vpeHpZXUjBzIB5cc+TiPTstP/TDaTR3RYsQ97OQmohhCcrVhPKwTb0KvBk32x7XqLux Ds0pI5cUOOjowAdc0jAAsszEhnETuwzc+/zLq1pn7CupmDm9+8FHcubkMc0P650CRXt7l26SnD55 XKXo/cCC+eU6MAdi5oNxcgOiCBtrrR0duiTBemSdcBpKEs7FRkQWBIYK4EJyasMAzvV1trtAKZ99 l0sUydgkYTunRM0ZyRyw52YOy8T0OONhW2ff5W+mQUGBwg/7lnPEh32VJw6KsATi6sI930vfMZhS rOd8zT8LRcLSbXXcWf+blcl7OgXENyuQowS/SaAEiH64zsDewKMMWqmIk/7oAv3qDfxhnBz5GAdH F92JQhg6VjLDXMJox8XuH33/OyqW0x/jXp8nPQ+IHsJwbBAMyw88+/OjEfv+0L+bEvCa616uIbEx cn3R5YtBvLxyjYzk7U0N+M3885vYuDQDnzOvDMsNiFYQ2g2M/H+LTQ/i7Z6xodK5vPOaz1lGN71x 33zG+PiMUxaSKKVLd/zC5SFYuT3MRImL8bu6YXkZ3tUZ/fEZy+Hy4bBg2kzDhWV+iB/zQf+8Dy8I l6D5dPfoj52OTo9WoaE4PyybK59Lj9N7NlZ3XwPij8s3JRw+Z/xenpjngKkgnjksWC7Xtim18n5g O2XcrAPGQ1KnY7r0x3KzzhnOxc/yconhX/71d/L8s2dBGnnYROrTjaVf/OSHwMIjbOLI/DKPrq6J j0vLtWVNEH+YHuuC00+m6eXHK5MrN/2ux9uF53dgXVLY8HKCB7hgeswLnWLGekY5nWNYPqfQE+jo l32b4fey25AAI7VQbED9A4MqgnOUXt8ZIjXf6/PlysFjQ+dOn8TOWuGeLcv6skXrb9Ypp59c7iBp cL3t1PEjOiuiQGAu8hDYcwRICNnQKFG4kTnyYN1ajlgOb3T3JNSthTJfkYyA1ikkI50BoZG6mU8k 5zma87YnCTCaK8zKbggYAuFDYM2eWfiitZgMAUPAEIh8BIwAI7+OLIeGgCHwhBAwAnxCwFq0hoAh EPkIGAFGfh1ZDg0BQ+AJIbCzBMit20CH3zxPpFu6gfeDXNOf+g14prGtjzPg+frL9eH5fBvB10dn vw0BQ2CPIxD0XWASxSQ0wfBgKN8Q8DvvJKYeNo3xHYzk6aZVIqKiId+LVc5vgL++vn59I8ORGd8M GMIrZPk4jc6X/3kwNJjj/QGoyKJLwWl2Hr7kyXaq5kpDOA27LqA7ZMrbvOah1W6oeeLpfR4apeNp +H7Em4u3BXi6fqP01XPAH31/05dVlt2PwRo/qz+cH3dH8XI/Ar6Dl97DN1gaDLrTYYKVJVjeAvMV LExAsf2XgWH8N3HhwgfDbSfDBBtAA/Np13sPgQ0IMFbuQA8cj54/j9eFOqEF2tN0UQRlqcPQ6RYn VDjAxsd3M/nGAF+I58l6ktkA1BNRrxzfeaSWDOqOa8P7ncMgO75ak4gT9nxboh6qrlLw2k8iCIla XYIREM9VUYHlg7Z2vNqVr6qKFnAqnm+IULUQ1U314zlJka+SUSUST+dX4jU+vo9LsuPrPi1tPfpu 6kkSJtIk4TU3NOqp/Aa8gkRFj0zrUY4Hr52CzDU90/VESqqIJFhZNG5fb2Zn8vuhGLoB+QfmZ7th HorWl3bQOIM8U/F4s3y5MO6bEbP8wEIHicCE3LXz6759YUIuf2B869Py/4andeXxY+oLz9rz550A spWzbnFJv3xTZSvtxCVp35GNwEMEyEqexsv8y3g9h47aaJvb2yQ7I0ta8R4nFRxQzxlJx9P+G6va M8bwEjfDUisKNW7M58yrOisqCeBrPnznlB2ecceCBNlR+O4jVfdQWwybWjDHMOkgRxLmDF414ruX 9++2eJpi8JsvZfP0fWZGmiqxHEN++f4qX3QfHhtVsmV++G4xDx0vQBsKSYzvi05T9dWJ/arLjppA KF36SSlIZvhsaoLaefH6EF6H2sgFdiKvXE4yDuhcQQIHhlt97OuEqzfWXAWG8XdmoOmFcqy8Joj/ h+fL++k6/Zr4EIu77wK55+7b3d/s2/n1vulz83ytj4vhvFAPh3Nxrw2zFrPgfshpj6qXgHiQNImP Wo74HrC5pwOBhwiQlTwAlUwkHI6W/f2Dqm4nB9NEavfNgURHSY5TTyUEaFmpwAvclPYoaVE7BV+a 5zupfFcwDy9sj4OA+A4i406BkgUSEd/bzILWXMZL0oop9xp5MFjnoGyAU15KglTUSYlyDoRFlU3s ElQ3xXuURHlNfWmc3vL1S74AT2KI0TS994yp7IASJPXNdWNazlgoKW5GfswX30WliiROud27nbzP cHz1ienQ8b3NRKjColP9f7it/pFZ54dpsgMGOr4Tyvzz37pHq95Y4LXBvGe4T9VgnOq716603MzT JmGYD+Y/mFSj+UE9uWeM71EYuYyybBwktIy+/DqMGAc/+v6tCxD4HZhfXDMehmU+XF4Cves1/Cmm vjpg/C6/DEtcBKqy1BES33MXD3/TuTD+b4KtwajOagH6K2egFIEKQHxxuQjse08i8JA2GFbrEhoD 1UtRgwpVd2dBuSg1zaamJmvnpEYKajmhNo8CfOdBLVQSpCcSG7VJUJKiaicqtaT2FhIjtXyUQWEn X4mkP9oboZaKcejIqyovV7IMhiAbGjsKNS5npKZhmlugOsgYBzWWkKgpSRYi3Wyk0wtCy83Nkn3Q xsHOwqk19RBSzRDVllMSXQRR8JsaXkagF668tFQ1iXhdIFguvHvUIE2N0+iO8tXVr6C7b0getDyA BDogt259o9NqvtxfD7VNucCEWmJ4PYy1Sv5mXhuhmoqq6Zk+10CZR/6ma7jfoEouGY5l5nN2Xr70 Pg9J19PH5ikJoELWRQ4CPgKjtukLFy5Ci0mFan5pb4f2FGBALTrs3FyecHYwKAFz8GAfpsmCr7/+ GhpjCnVQYn2QtDhg3bl9B0sdiZoOkpHbd25DU4g3EDJOakZmXNSa4iyMUUqn6v8HrQ9UMwsVdHLa SD2EFy5cUBzGMIgRO6bhKQLwlEfQJgfTYVzMK/FiuS99+aUqRqVmZSd5MxyVSdARH+pIZBkZbw/U cBWhrTU0QOU+VHldg7by4pIS1QI0gfIRU7aLa9euQTNLu7z37ntQlzYtXdB48/vf/15NGFy9elXq 79Rr+T768GPVpEKMmIYRoML+VPx5SAKk1oc8kJaSATphASQ4Ov4mOWZnQpUV/LjffMYwJVCLQx9u JGWIWqiW4m/6PQD9ak7JJn8zTA46E+11sEGuhsPDAMf7JAOSJB1/Mx+ZnIagB5MIqH8uHyqdOCXn NdUgcZ2O6ryYDwQRqhxiuvoDX5SSUqE+iUaBmC/m51HOKwuUvSYmS0dHB9R2DYOkpqUCREMiaX3w QE6dOqWd9+OPPDsTC5Aa2rF+OQCN1d9753ty6dIlTKOSQLhp0MU2LFXQ9XcbKuNL0EHzcvMgDY9J U0OjnH3mGSWmSuhlfOs7b8mVK1dgewK2OiBVcx2VGqRJniXQMs2w7Mj9/X1y/vyH0EH4jRw9Snsn K/LFF19gygadfsxfa6scPHhQ8aYth8wMbP5Afdmnn3wq3VC/dQDPPvv0Uzlx4oTmlUTGMD3Q8Fy3 f7+QFEhIl5GX2poaJbpCaNJuamqC9pMCKYIqs+bmJqixKobxrDs6uFyF39dffx1aUeqlEeU6efKk khWvP/74Y+QhQ372859DG/SAvPuXd+XIkSO6AdfS3Cznzp3TeFpaWuT5F56HRbRr0gUTAVWVVVpV jU2N0Ll4Qt588w35BHi3AQMOzlSnxTJcxIDAQY7+SIwnYevj/AfnoXewXH75q19Bc3OH1hXrtbys QlVkccA6fvy4pvXiiy9KPtadqUaqC8s/xI7tydzTg8BDBMiiBZJBYHXrdQBRBD7zpl2BdyhJrq6T LUFR6Xqn6UCC2IojSTrnjwl54XSW0hQ3Qdw1pQM6SmzOUapd79jwg+VrvT//b532QGUTpti5IJDu 7m41DsP0ysvKQQBF0gQJj6RM5ZWvvvaKShmvvvoq9Pi1KSnX1tYoiYyMjih53a2/iyWDIr3Hzk0p 7xg6IDUVUwLq7OjUPkeSrgepUCImuVEdOjHReIFhN6QeJKnSJkmETrUZQ6qiZFkMJa8HDh6AnZUu xWUcktH+ujpJgY47PsuBhHrl8mUlVSeJMY+jWEc9c+aMEuSxY8fVXsospDz64cBUgOUOSpCUcDm4 ULqrqqyWQ4cPqXScDvKl1JuTnQui5oAkupbbB1VRB+qQH5SZywokmCLoDCwGiV68eBF526/Y8V5Z eZnGOzMzDXMFp+Xu3bs6GpdCcu8HcXJNtn9wUMm6AhJwHcrFJYfa2lqVDolTZUUl4ruuEifri9Iz JUdizHLQD40xUbqj1MtnXL6gyQJiRAKm9OeJARyCzT0NCDw0Bd6LhQqktsDrcJeFnYTTLhJgIqZ1 2bDpQRJhp82FIk7uUnMpgISShbXH5qZmKFit1t/sWPmQkrhrzWliKiQvTg/LIdlSOiJpVe+r1o5a jw5OrdRU3MqpGu+T3DMgsXGKe+o0rPVByqGltNOnT6uUVAOJjFNeEifJ8OjRIyqRcTpI98orr8j1 69fl2XPP6tSTEtcJEG06/HdCmuWa7WuvvwareeNy/MRxLQ+N8FAqJdFkpGcoKSjRof+TTEncTJcG jJhHKhnl8alDkJSI0z48I2m89PJLSuQ8OXDs2DGQbJxKVSS2dMRbmE9rejly795dkA0UuEKqbH3Q Km++9aYSL0nq0KHDkPLzpRRSPcvIJZDrILSa/bVKeCwD71MCJ2nTHwcL2ksmKZKoKSmT/GohzZZg 3ZpT92zMcEZB9Jxel0Ey5JS+EOUg3mfPnVW+m4aa+dLyUgwc3qBqU2BtUk/FH9MGs41q5LSa6320 kaKbFSAzrge6WRElShKcztED4iVxcrpK85gxcVTh7vmh5NGDqSwtyLGDOsmVfhmGEXGzhtIKJRr6 p2Mn5bVOyZkm/NPxN8PQL6UXKu7klK6srEwlVRIC4+U3wzA9hiHBqIU8XDMszQponuM8pbcuDMNp GX3541oh1+tUWkK8fEZTnrr54fMbGIbXJFWm4crIb+KCTCEeTxKjP340D3jurllG3mN+GxsbVfo9 dfKUDjYkVWJFbOifcbKOmEf+d2Vg/eimCvBxzx1e9MNBh2HdN9OkP+LJsvIZBzKmYW7vI2AEuI06 5C4w1+i4oM+ORqfdgJ1hvejJB7jHFVDXWTyCUoryAuI5OxcdO586F8bXcYOF8Tzir+uDLkxAPjRd eOEGBOP2x78+jD8SX14Dfm+Wzmq+mI+Ny884kD3PixK0L9ubhAnEDKzqhffhwR+8Q9Il2XLJQMke 9xRnJgbnld8V1runf3lrAz8bhmFAhOOgw6UHKjpV+xwaof3ZywgEXQPcywV6knmntMI1rdn4OT0n 6etHXpLoIJQ29J6vo/OBk0DUk+vM6PxKIK4zkgxWe6XXkTUA7jrSWB+GzxmMDomy83v54V88YLiA 5+qPT9QfN5LcQ1/KGng1jJYlMG3E7u55ROMRk4uX0XnPeUcj00eaHuLZKIx6ZfldfpkF/va5R5Wf khrj0HQ0DNMOiM8fkXfh+QtSfj52ecClKytvu/zwiBdPOBj5EZWnwxkBbqce0TE5/aL0gV7ghdRO 4+twgXG5To172ul8/hjKSRquc2tc6+Lxh2FXZPQaN/56F6vp8z7D0gWk6f/NC/ec177IPK8IxwsX KaPR3/jiXRfO84w7dHjCh84F5jvQX8C1kgnT8MXtpYdI1scfGAbXmj6+NS9IT78DwwTmgdcB4fUR f9O5MLz23VuNC1feqyt8GuT52nsuvPq1P3seAZsC7/kqtAIYAobA4yLgLUA9bmgLZwgYAobAHkbA CHCHK8+tJ+1wspacIWAIBEHACDAIKE/yFg9J+3dkQ0yIa2T+dbqnNC6u34WrjIQo8HB8iJCFN64w ljOseIUxX+HGP9T6Y3gjwHCguMU4KP3x1Tl3Vm2LwTb0RiINV4dmp3FHezZMcIsP1hy72WKYjbyF M1/c4wlXGZlfxhUusonUuNQYPdpGuFw48Q9HnowAw4HiNuKwKfA2wDKvhsATRsAI8AkDbNEbAoZA 5CJgBBi5dWM5MwQMgSeMgBHgEwbYojcEDIHIRcAI8FF1494mCPAXuI4X5HGAT1w+0sNa7/bLEDAE dg4BI8BgWIO0qKtwFuqSFqAANJDwqAWZqp6o5onvBtMwE68D/QRGyV00c4aAIRCZCBgBBqmXOBDg QP+gfPjZBbkMtemT0DS9CCKj0tXevgE1uNSH59QKc/vOPVifG1QynJiYUq3UVNBJy3XzUP3U0toG fXPj+jxIUnbLEDAEdhEBU4YQDHwQICW7OOiOm56cgUr1ZsmCsk3aIU5OSoGJ0DnYkJiTS1e+hrr4 AdjTyFct0F/duAHFmgmwM5wNxaiJah60t7dfDtbVwoYKTAmYMwQMgYhCwAgwSHXw2CeVa/I7MSkB 5DYPtetUDw+Tm5lQ+glinIKRphhMgctKi1TB5zQMGKXCWlwcCHACpj/HMU0eH5uEIahiyYZ2aHOG gCEQeQgYAQarE7xhkZObrQabqPaetovvw1A8DStRlT12NmARbVbVpnN6TMNOtHCnJj+hn66qEmru 7zXK/poqSYY9CVqko9F2c4aAIRBZCJg6rA3qgzYyqGyTxp74ulmsqqDnq2e+14Koqh1hufnhXmNy Kuv5Khjt0NKvvioFP7xHv6Mww5kKi3Y0CRnqa1RMl3lg3kJ17vU11XUYYmTudSeHRyjREXvaew5H vlhzS9iwioeUHg63iLioJHWjDbDtpEHzBNxU4ydUx7iIfTjyRTMQnOmEI18sFzELF/6h4sTwJgGu Q5GNRlXeo9PR0eIcyWF2ioaMklWXJ4krBvdofJ0NzXVO1/EZbpF2LpwL47uULkr7NgQMgdARiGoC VLIDiVHao5RB2xI8/jIwMIR1vxk13l5eUSZ9sOlL40Unjh1VfxOTU97RF+BPq20JkAKoKZr2PXQt EPcSE2FoyIgv9BZqMRgCTxCBqCfAfhxrGYWN3CWQX3x8rLR39kh5abFOfWdxzGWqoUnaO7p0Ony/ sQVk2K/GtnnkpaqyTEZgB7cPNmmzYN6RFsf6Bvphha1UTh0HWdoZwCfYdC1qQyB0BEJfcAg9D7sW AyW0/II8qb/fpOslUzNzMgXpbpIqq5YX9fwfz/BVV1XCAlks7PhO6k5wOjY2KmBXdn5xAWYyh6QY 9oDnF+ZlFHZ+62CndnRkXG3l0kYuJcIJfIdrDWXXwLKEDYGnEIGolgBJgCk4unLiyCEpKS2Unu5+ qaoql/zcXF3fK6Ihc9jsbWltldqafTI5OanHYvJAeINDQ5KXky0lMA7Ow86lOO7CM4ApMIDO6e8g jG3T/i8XfLnwm5We/hQ2HyuSIbC3EbBdYNQfNzK428g1QX64Dug5fOM/1/Z095cGxPDP7ei6NT7u knnXnn9EstYSGSJjnIzbdoF90G7xy3aBtwhUgDfbBQ4A4xGXUS0BOmz8a3V+4nNPvO/lwB1d9yjQ 7/q1vsBnzr99GwKGQMQhENVrgBFXG5YhQ8AQ2FEEjAB3FG5LzBAwBCIJASPASKoNy4shYAjsKAJG gDsKtyVmCBgCkYSAEWAk1YblxRAwBHYUASPAHYXbEjMEDIFIQsCOwexCbfCYIM8EhuoYB0ewcMQF 9YeygvjCEZeLw32HVE4fVmGJK6SMWOCnEQEjwF2o1Zm5ZVlcWQhZWQKVN9DFxnnfoRTFU/u1JHFL 7hD448cWznzxAPrycnjyxRLFq5rbxy+bhXy6EDAC3IX6/LK+V2YWQk94eQVvryCaGChhCNXxTRa+ rcJ3nkN1zJe+QROGuMKWL32jJ0ZeOlIgeUl8MyfUUlr4pwEBI8BdqMXz17ulaxg2R8JAELuQ/T2Z JF/OSUyIkZP7siU/G1q97W2dPVmP4c501BGgW0ty7/GuAZTrciF0DMYdGO9Gaam2aZBfHBfezO0I AqxWG3B2BOo9lUhUESCVGExC3RXf/U1TtfRQjR5AeoswY0k1+H7iQlUqqWG+RG+bORLfzOysKkgl iTKtCWiP4RpWGuyIJEAFvjlDwBCILASihgBJZAtQavBN/T0ZGhmVMyePSmpKqqRBe/M0iCsJaqva OjulHMpMM2ECk+S1BP8pKckyBj1/GVBntQi7wLMwjE7dfklQlU/LcVMwiqRW30B69Xcb5fDB/UqE VIl141a9qtB64blnoGILNkAiq+4tN4ZA1CMQNQRICS05OUmqKytUqluYX5Ivbl2V/bX7oO6+T3Jz c+R+Uwu0PWfAhm+O3IWS1DmQXWF+rnTDtm8hFKeOT8DU5cQYiC8eluCyVI1WJ1TlP3v6lJLgADRD S8yKTMN+SF1dDRSplks34i6E/sBFGEp3kmXUtzoDwBCIEASihgCJdwxIMCExXqW6ickJ2PxI0ilq PJSeUpKrhJbnNGh7pg66BNwbnRmVYWiEzs/Lw/MZXR8sKiiS2HhIfpPTMgsN0cmIY3kF1tkwRU6A 1EfSpClNTrUzMM1OAelSUpQAG0kRUveWDUMg6hGIKgLkFDQdGptLiosx/SVxreC6SA0aqXU3KEYl Ea7k50lBYT60PydKESS/1vZOaIqu0HU9KkeNi42TBdgLYXyDg8OSnZWl0+IDtTUq5Q1AWzTtitAy HNPy6xuM+uZmABgCkYVAdBEgCI+bH+n40J05eVylulyotvcc7fhCWMMmSQUIjHY/OHUuLMhfs7vr 86xfZVCFTyKk1EiD6LiSSliSc7vBmTCYTotz5gwBQyDyEIgqAiT8JCYSljpcc11uGkaQ6FKxIeKI i34o5VG9OE1f6n3Oc8mQ7ltDrehmCTdGVJU+n6+mEHClnu2PIWAIRBACUUeA67HnWl1za7vuBnOj g/QVj6kw1/NGRsbUPjA3SHichTu7E5giZ+BYy/TMrG6qcJ2vpb1NMrBznK73ZzAlzlRj6Y5M16dp vw0BQyAyEIhqAiRBfXPnrgwMDUsp1gLbOjpU2tNzezB2Pjs3i1fN4qSzu0/ycrMgES7iugcW4qrg twvT5BI5Cfu/97B7XFZcqDVK0jx4sA7xFYJMvSk1jxDaDnBkNHjLhSEQiEDoL34GxraHrklI8yC0 RbxoT/JbwFR3HgehExLiJRln/BqbWyHRZeAM4BhobFkKcJRleGxUpUCeD6QR9DHsApNESwoLJCsj U8//5WAHeGxsDJspUzKF55xezyFenTbvIXwsq4ZANCAQtRIgiSs5OVHP6HHndz/s/g4MDEpqWooU g9AWYMu3rKRIp7U0iM7D04fq6qSnr0+KsfFBAk2CTWFucJRhs2RsfELKSks1jkLsII/iN5cKY2Pi cBRmWVJxHIbTa3OGgCEQOQhELQGyCkiChw7s92oD11wD5CYHierEsSN67IXrehARvc0P3C8GudHl Yp2Pqli4SVKMXWJ+6KqwA6wbJfrL+8P4nF1g3kES+A1y5IW5HUHAYW6I7wjceyaRqCZA1hLf2fW7 AEJyZ/e0wwTc9/vlha836e6ve7CRX/cc36nJcZKRHI83Sbg6GIJzvTnEaPw5YHzhiCsC88UBJyke ZzhRvi1UkR8Su3i6EYh6AtyN6n35aJHMLEL7smPQx8yEI15qlwnVkSAwHOjaZuhxeQwYjnwRouUw 5Is54oCTlgIFGOYMAR8CRoC70BReP1WqmymhSiJLfL8Y+Y/Fa3uhOioxpSbneOx+h+qYL7q4MORr BflaClO+SIILc/PeeU3Nof2JdgRCb+3RjuBjlH8J4hb6NKZinqT0GFFoEMZBAlyBAoZQHVXi8xPj iYIhRcd8qQtDvnj+kniFI19EKXSkfGWzr6cCgag9BvNU1J4VwhAwBEJCwAgwJPgssCFgCOxlBIwA 93LtWd4NAUMgJARsDTAk+B4zMA5HSwyhd4tljxuPb/d3O1bhdN0xxHQfM7sWzBCINASMAHehRlZm 22UF9ndD3AOBggYoYkX+V6CfcEsOCcYkZEHbAw9t23bAljAzT081AkaAu1C9S73/G+8g90EK3CJx bZBH7iJT0fSWFS2szEts9psSW/wrCJ/eUZUNorbbhkBUIGAEuAvVvDJ6EfzTiJTDA/+WZbllaLdJ LEG6JF4jwF2oeksywhAITw+MsEJtJTvORixfhdsygayL2LcCt/3wumaH/aftrN2tS/uxfmp6LteP FYMFMgSeKgSijgDZ/Xngt627G1NHKEDIL4BxJM8+MLXCTEF9FcmxAHZBxmEOc2Z2Tq/10DIX7Xyv nTEeqrmKgcGjBChQ9Tv/a2mk1VWyCfXQsz9+uzAEDIGwIRB1BEgCW1hagNnLRiU+Gi6iUSNS1SR0 +A3AyFESVFfRXxN0AiYmJUhJUaF09fTi+bQU5OWqBphYkF5HZ5dqjj5Utx+ao+dgPhOKU2FfhPHM 45WrDNgDoRZp6hnMwf2YnZb4wtZMLCJD4OlEIPoIEPXId16pqDQ+LkPt9o5D3x/vUfKjQXSSYVNL K9TeT+O90WSt+ZYHbRIPZamTeO52b/v7ByQfkiItyo2Nj8s9kCqtzE1NT/H9NEmH3wWQXzyMrlOt vu28KpT2xxCIGASi8iA0DRjxpf84mLik+vtxKC8dnxjHWh6UnEIbNJWcUuszr52hJNUSiFktJT8S 5uj4mBRAB2B8QpxahKMESK3SJEKGy87JhCLUZJUckyBF0s6IOUPAEIgsBKJOAuTKXHx8nBw5dEDi QYTZmJqOjI6qVJeVmaEmMakNmlPgKRhMys3LUe0h+6qr9HcJtEQPpA+pfxo/IhkugjAzs9Ll0MH9 SnokTRIeiTQL0+CykhK9jqyqt9wYAoZA1BEgmYsSYE11pe7ecrpL272Bzr99UeTdXYadYNr9WIY2 aGrxq6qg/V/PkTQZZ3Zmln7cfRLo7MyMHAbRZqSnwQvkS9wzZwgYApGDQFROgQm/29Ul2TlHYhyG 7Q8aNOK6Xj9shIyMwsAR1gvnIRVymssNjkAi4zU/Spr4npqekaHhEY0yKTFRinyq8l0a9m0IGAKR g0D0SYAB2JO4ZiCl9fYPShGkOx57uXe/SaqrKvW6/h6uYeNjAeuB3BCpLC8FCc7L+NgE9zggOWZg 13gQhpPSMPVNklHffa4pFmJzZNFHjAFJ2qUhYAhEEALRTYA4w0cJj6RHKW9yclqmIeUNDAzpEb5p HHuhdbc52AeenJoBSRbAKly/7hKTPIch6ZHs4rChkp+bKw1NLVKKNUJKl1Q34FTWs77Doh4+ghqO ZcUQeBoQiG4CBJVxyjq/MK/SWywORqelJMM2cJxKeulYuyPRUcKjeUvuDK+4N0cgAVJVO4/BjEHy 4y7y3Py8xpUAVfCDg0NKlNxZRiDJy8+1UzBPQ4+xMjxVCEQ1AZLMcrCTe/hgnZDseCh6HiRWALLi Oh43PLhBouf8QHAZIMKMjBqcFfTWAbnDC4aUXOwkz+Hgc3p6OjY80rEeCPmPmx5YU+S2xwoOQFM7 fOB641PViqwwhsAeRSCqCZBT1Hy82cHPGgdSy8L6HsnNOR55cRsdudlQKUXH54jD87eW4daTHdOi NKluBTpc+FF69G7tyF9N03QB7gjWlsieQCCqCZA1tJ6otNZIanTu2/vluxUQwj133wH+NruMSSqG JqxZeAntcLTLySpNb5Yqni3PIV17I+URKNnjKEIg6glwN+o6tvjXMNA9jaS3TF1Bs0lNNoyBU+0t OUiAMSn7QYSmCmtLeJmnpx4BI8BdqOLY7DckDmcEtyk4PpTTlceyC0y50abBD4FpN6ISASPAXal2 lduQcqhE5CRINxnelcJYoobAnkXACHBXqo6EFQ7SCkccuwKAJWoIRAQCW1w8ioi8WiYMAUPAEAgr AkaAYYXTIjMEDIG9hIBNgXehtjjq8LPizgU+Zh44AeYqYFhes0NemJ9wxOUm5sHiCnw98DGLbcEM gbAhYAQYNii3HtHA3JzE4ghLqNvA1DdIF0f9hSG6JdhJgbEUvNcc2tlEZkPjwhpnsHzlYPc7Ecd2 HEmGmG0LbgiEhIARYEjwPV7gD/sGZAyG0d0e7uPFwm0UF0eoMTEHqvMaeQo9Li8mSqdr46JE+OOK EimFwlgzEvW4tW7hwomAEWA40dxiXAPUOEMbJFv0/zR4o6waBwJcQLnX0uLTUDorw15FwDZBNqg5 vrebADVX62158L77MGjgdbCo+DyYC343mM+n4x7LG21lfjpq7ukuhRFgkPolaVG7y636u9Lc2qbT NU7fSIbUAdje0aV6BJOSEqUPluFGRsZ084AapfUDv/TP69nZWVWhFSQZu2UIGAK7jIBNgYNUACWV CRg7au/olmRYeAOtSXpGKkxcLsoMlKNSVT79jI6Nye36e3Li2BHoBcxRxaqLsB9SDDvC3KBYhJ7B 23cboGG6Qur2VdvCfxCs7ZYhsJsIGAEGQx/S2+LykkpvMVDk19PfJxlT6TIGlfnx8QmwKTwrE7AN Mjo2DrOZaUp209AY3QdipJlNaoZO95nbXIaOwfTUVJ0q28J/MLDtniGwewjYFHgD7Ln+x6lwUmKS ZMHiWw+muvMwcp6UmADFp5AGcfRkEXaAFxbnJQV+aDSdvycnpqBfMEd6sdM7v7ComqCpdt/IbwOg 7bYhsIsImAQYBHwe1qVC1BefPQtiS5BUGDjPz83W60T85nOqoiLhLWHKmwVlqVzv41SYZ/uoFZrh GZZEugitLWsUogZJ024ZAobAziNgBBgMc5AYDwTnwd6H7lxCEszFhkewXUy3y0sJLweaovXtDPqH lmnn36S/YCDbPUNg9xGwKfAmdcBza7qbCyaLC9jhpY0Q3RUGSXKzpA/TXUp69MMw6hffzjmSdL/t 2xAwBCIDAZMAN6iHWJjM7O7t182MSRhBolF07uxmZWZIZ1ePlJYW6/GW2/X3paAgT2Zw3IWf0pJi 6erukerKCklLTVljGnODpOy2IWAI7BICRoAbAB8DS248w9fQ0ARLcOkyODQsKTCZOQBzlyTH5pZW THFhPCkzXYaGRnDkBermIfQ1NLfIHMjyUF2tEqaL3qRAh4R9GwKRg4BNgTeoC25yFOTlqWH0kuIi 2N2Ik8SEREkGCebBCDoPQXORb2RsUtf+5hfmYC5zUjdM8nJzpBsG1AeHhrAb3C+9kCRJmuYMAUMg shAwCXCD+uDGBaewL73wrNoOPoujLrFxsSDBBJBhjJQU47AzdoBnIO3RXvAcNLxwisxzgAxLm8M0 pq7XUH2PW+YMAUMgwhAwAtysQjCnzYPRc7rsHNgCBoutn8qmg/xolY2SYeBz3Q1GOMd7JEIXVo/R BDxj/NHgYmwUiIZq3lNlNALcYnXpBDZgZ9cFU1IjufFGwHM34XXfzj+/c6ETLwb69yAfBt7e9rUL HSyN7UamceFPQBG2G4Xff7B8qTYYDBTxWFs1ZwhECgJGgLtQE29i+hyLqTSlwlAc1ynpeAg7VEep lNN2HvEJ1W2Wr9zkRNsZDxVgCx82BIwAwwbl1iMqxnQ5Ue0Ch0aAXIOk9BcbDtJCXCTBeJxnDNUx X3QbkWlopQ41dxbeEFhFIHTRYTUuu9oFBMIx/WW23frkLhTBkjQEdg0BI8Bdgz48CYdLmgpXPOEp lcViCOwMAkaAO4OzpWIIGAIRiIARYARWimXJEDAEdgaB0Fe8dyafT1cq3LXV4yAhTjyhrFVdOI6W 8E0VRheOuDbNFxIJcff76WoMVprdRMAIcDfQnximibTQU/bttmK7NfS4oAFbeSsccW2Wr1QcKI/D a4QhnoEMvcAWgyEgYgS4C61g5cpvZXkGJBjiqWP3ZsVKiPEoBBDMYkBK4YjLEwCDxAXpMualfxTJ r4QRdu+ozC7Ab0kaAn4EjAD9UOzcxcoQLM2N9fCgXFgS9U2EIzsuvPmCA4sSszgTMvGHpaAWiSEA BKKWAKnQlAd/neM5uO2+mbFRmPX316flpYm0SQpR41hWvLkSTUWOmrrduwWNyl1gvqo1DItufIWM bz6QsBZg8IhEpdqesSHAZ+5De8CqARrf7u0GxsE3Htx9Lyw0QkNjzML8vL9FrKwsS2dPX/COz2XA aPkoImFY9/QjaxeGQOgIRJ0ESLKjdbc7d+7Lvqpy6O3rk9KiIrl87Ya8+tIL0N/XCyWnmSoNLsIf 1+nGYQ6zEhqeOzo61Urc0SMHYQO4QVpaO+TF589JU/MD1RA9MjyqBpKu3bojtdWVcuRQHQyoT0hP T49UQIN0oMQZetVZDIaAIRAqAlFHgAQMy/PQ3bck91seqM3eju4uyc7IlJnpKWlofCDFxQUyPj4p dbXV0jvQL5mw8nbz1m3o+ksDGU7J1PQ0JL0EKEbNlo7Obuno7pZZ6AMcHx+XkvlC2AeJlVyoz6Jt kP7+QTWQpBseAVPuUCvOwhsChkDoCETlFJhSYHJykioypbnLlGQYLse0d3pmDlPiOL2fk50pRQX5 sry4DBIbktS0FGlv71RTmAkwjp6VlSHjsBVC/1w7zMnOllQoUB0dm5BcXNMuMKfJQyOjUox4tru+ GHrVWgyGgCHwKASiTgIkESVBE8tJ2vCFo5ZnsJPMYd0uLi5eySoBxs+pYSURxs7PnDyOtb5lGYN0 x3AH9tfqOh9NYJ7FM9oJKYD5zFR8l0F1Ps1pcp1wfmEeRtMXpaykCGSbrGRI4jVnCBgCkYNA1BEg oScRqU2PgHpIgH4+OhIaCZGbGtywpFRH/ykpSVJUWCAJIEWSKO9lYq2QE+rsLC9sAgiS4UhzjA+X IMAS9Ytb5gwBQyDCEIjKKfCmdQByo92PbkxhaQ6T9n5JaCRMkqPbEaaRo3igiUVrAAARdElEQVSs 9Tmpjru/CZD+uDN8q/4eptPT+iyGEqY5Q8AQiEgEolICfFRN3LxdLw1NzXL21AlpaWuXkqJCNYA+ MjYGAsQ02WcQqbunV44fOSTJSUlyr6EZpjEXhNPne/ea5OihA14yIFRzhoAhEJkIGAEG1Aunr7T7 y/W+7KwsudfYgk2PeZmcmpbp6RmJp2nMpASpv3tfkrCJwt3hlrZOqaosk6HhEWh5TsAO8QyMoxfq +UJugjgJ0TZBAoC2S0MgQhAwAgyoCL4Hm4Rp7uTktCxh9zc/PweEOCy5WZl6pIVmMjkV7sPRlrjY eP0+eKBGEjFNnp9bwLR3RirLS9VUZmt7h06fFxeX9NhNVUUZlxbNGQKGQAQhYAQYUBk0CpSemirn zp7Euh82PkB4XAdMTUlRXzwqw3/lZaW6ETIzM6uSItf/Tp86ip1ez5aw/y0RnAMk55H4jPwCgLZL QyBCEDACDFIRfBMEc1dlLR53We8SfK9Qp+B4Cx2ntxkZ6bhY73P1t9s51jt4PU61oXB3JVoc33sm ppuBFC1YWDkjBgEjwI2qYrsi2ybktz6JmLRc6N5bBCGEtkPskgwHj+5IXCxvLHQBbhfb9QDab0Mg TAgYAYYJyG1F88o/4rwgp8eOdrYV2u95mUpM8SsGmzOhOipt4NSdu9yhOuaLLjZYvjLyQYCQgM0Z AhGAQOitPQIKsdeyEJNRKNgyRrZDI0DBRo06nEcM2S0hLyBASQidTDfNF4tsEmDI1WURhAcBI8Dw 4Lj9WLgeFrIg5CPQlXBMgpkZxBeWuDbLl+/Z9hGzEIZA2BEwAgw7pFuMUKWgcJFBuOJh3iM1ri3i at4MgW0gEIa50zZSM6+GgCFgCEQQAkaAEVQZlhVDwBDYWQRsCryzeGtqeqAay3ae3pjHz8CKHszG bquer3v8eDQk4mKOwhEX80UXLC7Tiq3Q2J8IQcAIcBcqYnpiRubjFrEHEtouyApes6OLgRaakB10 HvJNltgw7AKv6O40VIatyxdpMRlqxeKYRjiXGkMuvEUQrQgYAe5CzZ//t0syOTIdVELaTnYcfYZj HYN8xE844gqWL555pImAt379shRVQNM2CNecIbDbCBgB7kINjPSPyUgvrNKF4/zeLuT/cZLkq4Bq MW9h0a8h53HisTCGQDgRCMeAH8787EhcNHdJtfW66uUtVz1SGqNaq8A1rfW/t51xX7rbDrfXA9jU d6/X4FOV/6gjQJJYX/+ANMOU5RLefOC61yK0OHf29qkOPxLbqtZnzzYw701MTEo3wlHVPTVGj8DY 0eDQiIZRMmU4rHkxfmdPmNe8x/DmDAFDIPIQiKopMAlpYGhYbnxTD7OV2dI/PKymLGurq1Wj8wRM YdbAVnBrR5fk5uaosfTFpUWpriiHctQm2PcolsamFjWpSdX3oDpZWlmSSZjKLC4qkPbOHjWCNAqF qnF4DzYjI026unpgU7jcr1Ir8pqA5cgQiF4EoosAMe3tg8bnLKiuOnygVj746ILuSqZAByDd0PAQ zFqOySD85OXlytjYuFqP49GN8fEJqamukrsNTaoDkKSXX5Aj12/e0ak0FQm0QQnq+OSEEmIWlKg+ aJ0VqtHnsZfDB+tU2ozepmYlNwQiD4GoIkAqPC0pzJerHd0qBdbUVAqlvpGRESksyFNbwTOzs/o6 LNXdc3qcDbvBdIlQXjAx6fmlJhfaBZ6e9NTkJyUnqDZoEibNYjLsMCTNLNgWptSZmZ5hxz4ir+1b jgwBn2bPKAFiCWqYaLT8uXOnoMJ+Xqe5JDxOZxMTk3ybIjFSVV4uaWmQCrF0l6xaWwQSYx2mz0OY 6harwSMaSp+dnQNyWENcWFLD6ZwGMx46GtVMSkpW+yI5mG4vQYq0lUCFxv4YAhGDQFRJgDzoRrsf 1PhMXQScmmZAWltvsKgA0qDTCM2a4vQ2Ly8HdoAzsJ63KKk+TdDcDHH+uNHhNESTFEl3JMHklEKo v8OZN03QKDBiWr5lxBAAAlG3C+x00YGvlJTWk5+/VZCwfC4eRo+4s5sMS3DZGRm6q8udX+4WMxoS 4fz8glqU6+7pkw5shvDZEg77trV32i6wA9K+DYEIQyC6JMDHAJ8k1tTcKNmwDUILb30DA3Jwfy2O wAzrbnBBfh6et8J2cIGM46jM5a9vyKnjR2RqakrNafbAdnAKLMkVwbbwhmT7GPmyIIaAIRA6AkaA m2DIae0MTF3eud8I0tsnnV29WAMslCvXbsBa3ATMYSbiXo/k48jMDNYDe/sGJBMSIl/5uvzVdZ1q F2DTZXB0VEpKiiARrkqVmyRrjwwBQ2CHEIi+KfA2geXrW2mwFTwwOCozcyA5HJjOxhGX+LhEycCa YBY+PCA9h2cJCfGSjiM2NTXV0tbRKcUgv7HRcclIfXidcZvZMO+GgCHwBBAwCXATUDllTUpKkrOn T0oyvq/fvC3VOChNKXBfVYVOaWkzuBjHXzJBfBUwfs41wZlpGkgvl2zs/o7j6ExpSaGuB9obIZuA bY8MgV1AwAjwEaBz84O2gUleZ04dlyRshJDkuHvsXAEOTXNyG0hwzz5zSkmzrrbGefN/83whd4aj SR8KBxPipkD5kbALQ2B3ETAC3CL+7MApmAoH28hwK3vuGc//cZfZ/V6fRFauZ0Sd0+tQnDOrGapi VeZBy0CS0u3xUHLFuDxEAvNFLGJR3vhE0wUYGroWOpwIGAFuA82NCO3hKEABjhUffihv/8Mr0EZD 6DfxFCTc+ltOpx6JJVS3AqmU5x35JkuobrN8Jacm68HzUNOw8IZAOBAwAgwHituMIyU9WdcWORUO xS1BUQOnlbFhMmauhtHjcbg7RMd80Xkkvz6y0Mq8Pjb7bQiEgoARYCjohRDWkybDRQbhiocFitS4 QgDbghoCGyBgBLgBME/sNtbYlvHu8eLCQshUQ4mNEmA4DA3ppsxm8/ZtAMJ80W19yWDjyMOZL1I7 sdcF2o2T3PITvkPOOMOxbqpxcWMMm26hOo0rTOu5xCsmTPliucLRJkLFJzC8EWAgGk/4mpWfBtVb s1DAsAACDNW5xhSODqhyX5g6TTjzRYwYXzjK6I8rDNj74wrDppGLi8SsO+W8EYILN17hyheLlIyN xEhyMVPT0+Gc80RS2SwvhoAhYAhsikDo8vam0dtDQ8AQMAQiFwEjwMitG8uZIWAIPGEEjACfMMAW vSFgCEQuAkaAu1A3VJPPhWq+ZsfF/VgoZt3KIr/n1wvjss24/PfdzS18M0xgHgKvXZxbiEa9uLy7 fATG5d3b3tI+0+dbMmvjXS3nVvNFf4xDd8vx7X678hH/7Tj6Z9kYp+ZtTR2u5nercbq4NF/4s9oe GNdWY2E4X10ikMvjalxba1suNZbLq7+H4+IzphXo3D3FAw+836s4reZje1gHpvEkr+N+85vf/POT TMDiXosAFak2NDTL1zdvSRLU5zc0NssclKnSEBN1DrqGtDaU1znGYG3uo88uqjaaq9duyuDAII5h xMjt+ntqhW5yahq2SqjtevN9LZJLT2+/XIHKLva0fug4vAFFD9yh+wZx0eZJH7TeUAv2oxzzOz09 jbhuyDDUfi3C8PmXX13TOB60dahexOHhMUmHiQEqln2UIz7UtXjpytfQplMgn1+8LCOjY8BoXpqa PFOmc7Pz0M69NQ07Fy5dQfkGkX4a4rymtloWoNex/n4DDpDHqbozavp+FGbsyI2NLXL77n1oB0qV +03NakkwERqAbty6A52PSdI/OKyq0TY7lkS8qFfy0wtfyp17DbhelJYHrdIOtWrEnXVJnEahRYiW CzeLi1gSr67uXoS7rxgNoR1dY10iP/egxm0e9TEEPKnBaKO25eqEZRxAeNYlzT3MzMxCrds1bVsP YPBrCoo9hmEKNgOKP5guyZA6MM9/8rnkZGXJ1zduSU9fH4yOZcgXl6/CwNg46n8axsHa9e0fmqHI wLNHYe3ysxPfRoA7gXJAGkto/N+g4Z84ekS+uXMXzAZTneigJCI20iQoTw3m2GioebqvfwiGnCak oCBfG/cYSIcNjdbsaKgpHcdsqOp/M8eOwA6WBcKlJbvJiWk5evSg3GWHmVsE4YygZ8HwE0wHJCY+ +s0QdgaePevt75fB4REohD0mjbC7PAsVYbSmNz8/h7xlBZgMCJ475otqxa5+fRP6FWdUg04hSJAW +Ej+4+hMIyNj0LKTBTOjKCf8b+b4pk0DzJhSbdnE5BRswGTLNI4gMa7RkXE1cpWJMqalpmwhrmX5 4GN2dKhCQz2wDqpg7rQB5ZwDUQyjDtKgGSg9PV1tQW+WLz4rzM+VWYSbAzZUrJGUlCA90CZO0hmC uVZqF0pLT1OJbrO4qHm8vbMTny4l1inorzx66KASPMvPgRWReG3LZ99mo/hYj63t7fr43v0m1MGs nDl5QurRXnlAniZlaUM7JytbtaN7bTJR+qEHc2xiXPJyc6EkeEWaW1qFSkAmJiYwKI4JTproIEbt SKlbwHqj/D2J+5Eplz6JkkZInDFojOy342gc6WjgZ08eV5vBtCL31fVbaoluo6zSMl0CpIMYNFR2 lLm5Wdm/v0Zqa6t1RL5df1e6env1eqM4eJ8Nl3oMGxuapKKsFOS7oh06G2TwPAxGkfSGBobkKyh+ pVSwmSMJkegoqWCCBC03iAtli4+LkRfOnUXZktHJl+Tipasq7TwqLpaL+AxAmqL0QIW0s4vzcuTw QakoLQK5xCJfNyHVDKGcm+dtaXFB9lVXQkIFgWKAILnyDOYREEQ11JlRgrl+8xtVZMvOv5kjZpQY EyC194Pol0EIYyDBitISOX7ssMQDpyZIcg3NLY8kQE96ipMplLUM+E/NzEG6mpE61GUd6pJkePN2 PUwrdD8yLsr6U9OzKoGxfDy4PAGpLD05Rc6dhRq3lCQtOzFzB9Q3KiefF+QXYGCdV61HCXgtchzE xvw8c+okrBum6aBx5etreo6Vdc+2koABgXVPqXEeeWCa1Ig+C4nv9Imj0JZeiNlOgnx5+WsMYKOP bFMb5e9J3DcJ8Emgukmc7LScNnWDqI6iU1Oq49QzF6Mnp4l50C69oUMn5EnZsuIiGYYpz/S0dO3I C3MLUl5WgkcxUopnbJCbOeaB2qs5otNiHU2C9kKp69FDB1QS4jSFUhMlUk7L2fk3cuwElGo7MQ3j lJXEQomkrqZGCZ6dvTAfJkch2VKa28wxHepfrKwohfW+HBD7Punq6ZG87FypKC9RibcchENSLoGR +vhHvQONvPWjXImIk2Xr6etXoqhA/JxSV5RBfyPwLIW2bg4smzmWIwMEMAlyP3rkEDARaAWfUnvP CyCdkqIinSoWoYye1qCNYyPxTkFnJO1Tl6Icw5D4EkAQ+/dVK0mXlpSC3GOkBHVJPDbDn5JZIvJO aa0KuioL0I56+nrlsLateJWUcyExs23lbta2fNmlhDcMKZt4lRQXSntHlxzYv18lN7Yr1mUSjIIV Ygbid8CwvBTlALnRmiIlUGpPz4PEXYb6or2c8tJSDNyxaLuFULixOdb+eHfgwg5C7wDIDyWBXsd/ KzDTyR6I9uN3mzd28h/C4Z9O/xCQEpf2YvTIGKwhaZz+2Da+YHidKiO8pglSUet1CKJx+4I+Kj8u BW4srNIkS+SL15WPz32vyLkwm327PDhsdC0McSCzmr+t5ouY0BEzXjGPDOvl0Cvr1uNCYGKMcih+ iITTTF5rnJSWEfdW40NA9e/KquH897ZZl74ysmTaRta0LZbayyMuHulI0CiGz3lI+fOGu3i8Zqbi y7Li4ID1QjmsER/xh0d9SXI1cpfIrn0bAe4a9JawIWAI7DYC3vC427mw9A0BQ8AQ2AUEjAB3AXRL 0hAwBCIDASPAyKgHy4UhYAjsAgJGgLsAuiVpCBgCkYGAEWBk1IPlwhAwBHYBASPAXQDdkjQEDIHI QMAIMDLqwXJhCBgCu4DA/weZmre0iiE9ewAAAABJRU5ErkJggg== --00000000000034ffbe058d1813a4-- From nobody Mon Jul 8 07:03:32 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D3F120228; Mon, 8 Jul 2019 07:03:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VL4G4_8Pw_Lv; Mon, 8 Jul 2019 07:03:15 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FA031201E6; Mon, 8 Jul 2019 07:03:15 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id h6so27232930iom.7; Mon, 08 Jul 2019 07:03:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=GhwliavTGitXxoUmNmqlBfO8jz27HAdT+VFkaZMif38=; b=V2ZW/jBqQ+msnsTnnTprX/NI5oMif4Yt6aEN89/s123FuCDy64g9qIcaEPJZ5J+eeH gaKOSP/e8CLLK9+Zwkl5MlvohGQvsqMOn5cgjhF5oGy+qwTsBUWnwyRXTmk7SRavgBGP erp54+bHI5dIcPE+lFDebM1Xtq7k8Rq7QV2FSIlW1N7xSTdX8fMhnYafWv9o+MwMAnMl qN4gGe3XXN/at3/bU3UvAU1xqT8EqJVNDRZ5TTXr+DjO0JrCBNw5YVyWC1kT2z3jw1Re S/6fIQMd0R+POQ/CHecMk4n+K0HtjcgKMaB4DkouN71nmJdGibOzi8bGIAxhyKXbCEXv td9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=GhwliavTGitXxoUmNmqlBfO8jz27HAdT+VFkaZMif38=; b=OyFqIUrZTcRVF1A90MTifNgBcFo0ZTQWSwuprn1cvj3j0avSEgJfaVM5ZGk2BjFEaH XVK3I+6c/1Dk17ySDq6kE/xOCPvMfXfK9han2T1enNAQrRruky4liyO/74Un+NmmzjaJ dJNemZLBkLNEqzZlWfEeCnHwi+PUHyiswWj98eDjBTnm+IyG3EdeNTcik69EvJq23gPO QbEAXPhkDANg4k179hvnHGBnJIe7DYF3I8wX1KrSXt2U4OKQnzNrpaKAUd94Gj22OP9S Jq5Y8/jsdKUF21tChHmkRrp0Y7QN5+TOIYM4G5Oy3ZK/azNdhZRVCGCsswCjOTwa+Vnu d9mQ== X-Gm-Message-State: APjAAAVOT7z80/5IhzhGmaDyV5UQsoAZxXPzg9lP1eVL/jROVOUpIUo4 huxM/7dHB9QP089JmsdLKqkZiEvfO35EH2/HNWtjk+Is X-Google-Smtp-Source: APXvYqwiKuSVR0zHy7k2vxhshOfy9vs0ODbu8wrcnOoSWrMesWdeIwo7q6wfIXk3eSn3AA/L3vlqw1sFIbhXjpysWqw= X-Received: by 2002:a02:5a02:: with SMTP id v2mr21106631jaa.124.1562594594412; Mon, 08 Jul 2019 07:03:14 -0700 (PDT) MIME-Version: 1.0 References: <156259372138.1051.8615205410511124401.idtracker@ietfa.amsl.com> In-Reply-To: <156259372138.1051.8615205410511124401.idtracker@ietfa.amsl.com> From: tirumal reddy Date: Mon, 8 Jul 2019 19:33:03 +0530 Message-ID: To: opsawg@ietf.org, mud@ietf.org Content-Type: multipart/alternative; boundary="000000000000ba6116058d2be7a7" Archived-At: Subject: [Mud] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 14:03:30 -0000 --000000000000ba6116058d2be7a7 Content-Type: text/plain; charset="UTF-8" This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) extension to model (D)TLS profile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other software running on the endpoint, typically malware. Comments, suggestions, and questions are more than welcome. Cheers, -Tiru ---------- Forwarded message --------- From: Date: Mon, 8 Jul 2019 at 19:18 Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt To: Tirumaleswar Reddy , Dan Wing A new version of I-D, draft-reddy-opswg-mud-tls-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-opswg-mud-tls Revision: 00 Title: MUD (D)TLS profiles for IoT devices Document date: 2019-07-08 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls Abstract: This memo extends Manufacturer Usage Description (MUD) to model DTLS and TLS usage. This allows a network element to notice abnormal DTLS or TLS usage which has been strong indicator of other software running on the endpoint, typically malware. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --000000000000ba6116058d2be7a7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

This draft https://tools.ietf.org/ht= ml/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Descriptio= n (MUD) extension to model (D)TLS profile on IoT devices. This allows a fir= ewall to notice abnormal DTLS or TLS usage, which has been a strong indicat= or of other software running on the endpoint, typically malware.=C2=A0

<= p class=3D"MsoNormal" style=3D"margin:0in 0in 0.0001pt;font-size:11pt;font-= family:Calibri,sans-serif">
Comments, suggestions, and questions are mor= e than welcome.

Cheers,
-Tiru

=

--= -------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Mon, 8 Jul 2019 at 19:18
Subject: New Version Notification f= or draft-reddy-opswg-mud-tls-00.txt
To: Tirumaleswar Reddy <kondtir@gmail.com>, Dan Wing <danwing@gmail.com>


=
A new version of I-D, draft-reddy-opswg-mud-tls-00.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-reddy-opswg-mud-tls
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A000
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 MUD (D)TLS profiles for IoT device= s
Document date:=C2=A0 2019-07-08
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 16
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-t= ls-00.txt
Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://= tools.ietf.org/html/draft-reddy-opswg-mud-tls-00
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0h= ttps://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls


Abstract:
=C2=A0 =C2=A0This memo extends Manufacturer Usage Description (MUD) to mode= l DTLS
=C2=A0 =C2=A0and TLS usage.=C2=A0 This allows a network element to notice a= bnormal DTLS
=C2=A0 =C2=A0or TLS usage which has been strong indicator of other software=
=C2=A0 =C2=A0running on the endpoint, typically malware.




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

--000000000000ba6116058d2be7a7-- From nobody Mon Jul 8 07:33:37 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA00412024E; Mon, 8 Jul 2019 07:33:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ej68am4nZ2j6; Mon, 8 Jul 2019 07:33:24 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68843120222; Mon, 8 Jul 2019 07:32:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8977; q=dns/txt; s=iport; t=1562596378; x=1563805978; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=r+deaq67uas/uRJ7/FunlxLeHOW2nwzeus4Iya7Hveo=; b=b3lUVhkI0rzGO7tZiv38KGHVE5zb7EyNkdJcf0OpxuRWtFuWMNtt6eMY mhIpeZi3VTbAt57UtFeFSvHnBN4VYIFRpDxLLJt16RuUjETe/wFYMFMei vLh3hYBCw3Jrji3xtFpRCW1GhENJ2DHzJy5pytwoPyHOO2t7c5cd0ZN5P o=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAAAvUyNd/xbLJq1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUwQBAQEBAQsBgRSBbIEEKIw4X4tMJYcugh+FToNXhgK?= =?us-ascii?q?BewIHAQEBCQMBARgBCgwBAYFLgnUCgls0CQ4BAwEBBAEBAgEFbYo3DIVKAQE?= =?us-ascii?q?BAQIBAQFsCQIFCwsRAwECAScHIQYfCQgGE4MiAYFqAw4PD6sYhDYCDkFAgjI?= =?us-ascii?q?NghYQgTQBgVCKJYF/gREnDBOCTD6CGkcBAQIBAYF9gxyCJgSMGhaHXFqVLEA?= =?us-ascii?q?JghmCH4EMgyuIbE+DcxuCLC8+hjSOMZRwgXOLAIMKAgQGBQIVgT0TOIFYMxo?= =?us-ascii?q?IGxUaISoBgkEJNYEKiX6FQT0DMAGOcAEB?= X-IronPort-AV: E=Sophos;i="5.63,466,1557187200"; d="asc'?scan'208,217";a="14021538" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Jul 2019 14:32:56 +0000 Received: from ams3-vpn-dhcp6619.cisco.com (ams3-vpn-dhcp6619.cisco.com [10.61.89.218]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x68EWsig004469 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 8 Jul 2019 14:32:55 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_E3F821F1-5D93-4987-9B60-C3B8157FC3A3"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 8 Jul 2019 16:32:54 +0200 In-Reply-To: Cc: opsawg@ietf.org, mud@ietf.org To: tirumal reddy References: <156259372138.1051.8615205410511124401.idtracker@ietfa.amsl.com> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.89.218, ams3-vpn-dhcp6619.cisco.com X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] New Version Notification for draft-reddy-opswg-mud-tls-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 14:33:36 -0000 --Apple-Mail=_E3F821F1-5D93-4987-9B60-C3B8157FC3A3 Content-Type: multipart/alternative; boundary="Apple-Mail=_9FD7192D-3DCA-4818-A754-CBD500918C65" --Apple-Mail=_9FD7192D-3DCA-4818-A754-CBD500918C65 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I think this is a pretty cool idea. You should talk about it if you can = make the side meeting, or otherwise if you can get time at opsawg. Eliot > On 8 Jul 2019, at 16:03, tirumal reddy wrote: >=20 > This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 = discusses = Manufacturer Usage Description (MUD) extension to model (D)TLS profile = on IoT devices. This allows a firewall to notice abnormal DTLS or TLS = usage, which has been a strong indicator of other software running on = the endpoint, typically malware. >=20 > Comments, suggestions, and questions are more than welcome. >=20 > Cheers, > -Tiru >=20 > ---------- Forwarded message --------- > From: > > Date: Mon, 8 Jul 2019 at 19:18 > Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt > To: Tirumaleswar Reddy >, = Dan Wing > >=20 >=20 >=20 > A new version of I-D, draft-reddy-opswg-mud-tls-00.txt > has been successfully submitted by Tirumaleswar Reddy and posted to = the > IETF repository. >=20 > Name: draft-reddy-opswg-mud-tls > Revision: 00 > Title: MUD (D)TLS profiles for IoT devices > Document date: 2019-07-08 > Group: Individual Submission > Pages: 16 > URL: = https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt = > Status: = https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ = > Htmlized: = https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 = > Htmlized: = https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls = >=20 >=20 > Abstract: > This memo extends Manufacturer Usage Description (MUD) to model = DTLS > and TLS usage. This allows a network element to notice abnormal = DTLS > or TLS usage which has been strong indicator of other software > running on the endpoint, typically malware. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org = . >=20 > The IETF Secretariat >=20 > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud --Apple-Mail=_9FD7192D-3DCA-4818-A754-CBD500918C65 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I = think this is a pretty cool idea.  You should talk about it if you = can make the side meeting, or otherwise if you can get time at = opsawg.

Eliot

On 8 Jul 2019, at 16:03, tirumal reddy <kondtir@gmail.com> = wrote:

This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 = discusses Manufacturer Usage Description (MUD) extension to model (D)TLS = profile on IoT devices. This allows a firewall to notice abnormal DTLS = or TLS usage, which has been a strong indicator of other software = running on the endpoint, typically malware. 

Comments, suggestions, = and questions are more than welcome.

Cheers,
-Tiru

---------- = Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: = Mon, 8 Jul 2019 at 19:18
Subject: New Version Notification = for draft-reddy-opswg-mud-tls-00.txt
To: Tirumaleswar = Reddy <kondtir@gmail.com>, Dan Wing <danwing@gmail.com>



A new version of I-D, draft-reddy-opswg-mud-tls-00.txt
has been successfully submitted by Tirumaleswar Reddy and posted to = the
IETF repository.

Name:          =  draft-reddy-opswg-mud-tls
Revision:       00
Title:          MUD (D)TLS profiles for IoT = devices
Document date:  2019-07-08
Group:          Individual Submission
Pages:          16
URL:            https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-= 00.txt
Status:         https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/=
Htmlized:       https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 Htmlized:       https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls=


Abstract:
   This memo extends Manufacturer Usage Description (MUD) to = model DTLS
   and TLS usage.  This allows a network element to = notice abnormal DTLS
   or TLS usage which has been strong indicator of other = software
   running on the endpoint, typically malware.




Please note that it may take a couple of minutes from the time of = submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud

= --Apple-Mail=_9FD7192D-3DCA-4818-A754-CBD500918C65-- --Apple-Mail=_E3F821F1-5D93-4987-9B60-C3B8157FC3A3 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSNUFgAKCRBugA9nE248 uK/6AKCVOIlj6H4U1sSGP8FbXMpjS9oP7ACgt8lEb3G165U8ViHQ9qncb6TikBA= =Cn0L -----END PGP SIGNATURE----- --Apple-Mail=_E3F821F1-5D93-4987-9B60-C3B8157FC3A3-- From nobody Mon Jul 8 15:12:10 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8E7120337 for ; Mon, 8 Jul 2019 15:11:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8sJzWaQeUDHQ for ; Mon, 8 Jul 2019 15:11:53 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A568E120348 for ; Mon, 8 Jul 2019 15:11:53 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 4406E3818F for ; Mon, 8 Jul 2019 18:09:50 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 69972EC9 for ; Mon, 8 Jul 2019 18:11:51 -0400 (EDT) From: Michael Richardson To: mud@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Mud] iot-mud-dns operational considerations X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 22:12:09 -0000 --=-=-= Content-Type: text/plain I threw this together while waiting for the DT to process my other submissions. (It got rather slow...) It's very drafty! https://datatracker.ietf.org/doc/draft-richardson-opsawg-mud-iot-dns-considerations/ I'll just past the intro, which is all there really is! I'll probably push this at ADD effort, after the BOF is better understood. 1. Introduction [RFC8520] provides a standardized way to describe how a specific purpose device makes use of Internet resources. Access Control Lists (ACLs) can be defined in an RFC8520 Manufacturer Usage Description (MUD) file that permit a device to access Internet resources by DNS name. Use of a DNS name rather than IP address in the ACL has many advantages: not only does the layer of indirection permit the mapping of name to IP address to be changed over time, it also generalizes automatically to IPv4 and IPv6 addresses, as well as permitting loading balancing of traffic by many different common ways, including geography. At the MUD policy enforcement point - the firewall - there is a problem. The firewall has only access to the layer-3 headers of the packet. This includes the source and destination IP address, and if not encrypted by IPsec, the destination UDP or TCP port number present in the transport header. The DNS name is not present! In order to implement this, there must be a mapping between the names in the ACLs and layer-3 IP addresses. The first section of this document details a few strategies that are used. The second section of this document details how common manufacturer anti-patterns get in the way this mapping. The third section of this document details how current trends in DNS resolution such as public DNS servers, DNS over TLS (DoT), and DNS over HTTPS (DoH) cause problems for the strategies employed. Poor interactions with content-distribution networks is a frequent pathology that results. The fourth section of this document makes a series of recommendations ("best current practices") for manufacturers on how to use DNS, and IP addresses with specific purpose IoT devices. The Privacy Considerations section concerns itself with issues that DNS-over-TLS and DNS-over-HTTPS are frequently used to deal with. The question is how these concerns apply to IoT devices located within a residence or enterprise is dealt with. The Security Considerations section covers some of the negative outcomes should MUD/firewall managers and IoT manufacturers choose not to cooperate. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0jv6cACgkQgItw+93Q 3WVigggAwwwlObz2JtK+w1VUeTr29dGbXoD0FqxRa5P0xhECK7yipLYFFawmdcd8 QAVgSO7RZBAxUCwYYeHlO2yLUPrOOHXVn1oy9M4lBpOlK/0ibsQoFNV+l1KB8TLI zWTaAtfrns7JDuo2E04SujjnnnTVjRcl9WlmZoaNDAHUHZHNvtbAibeG8FUJK5yF s+wZQDYxlH+C2Lpagct+0rB0MslskA36Nh1mAAUJ9fPYZyAL/C/TvOiGu1qWp1PQ dzbSQmPanh+YfmEpO/Ha6OY3I0agICJoXp6u5Jni1JjXBKMpbs/Dj2ZD/8N3y1uu hf1af8do43YrxxmKoj+V8F9sXoz1mg== =ZXuH -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Jul 8 20:00:19 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1FBE1200EF; Mon, 8 Jul 2019 20:00:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6fnJo_VPyT4; Mon, 8 Jul 2019 20:00:13 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81F291200DB; Mon, 8 Jul 2019 20:00:13 -0700 (PDT) Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id B29D23DBCA851177A11A; Tue, 9 Jul 2019 04:00:11 +0100 (IST) Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 9 Jul 2019 04:00:10 +0100 Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0415.000; Tue, 9 Jul 2019 11:00:05 +0800 From: Qin Wu To: tirumal reddy , "opsawg@ietf.org" , "mud@ietf.org" Thread-Topic: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt Thread-Index: AdU2AVjIwWlWa71ASK6RTWGQe4z2rw== Date: Tue, 9 Jul 2019 03:00:05 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.31.203] Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49CD8C1nkgeml513mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Mud] [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 03:00:17 -0000 --_000_B8F9A780D330094D99AF023C5877DABAA49CD8C1nkgeml513mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SW50ZXJlc3Rpbmcgd29yaywgdGhyZWUgcXVlc3Rpb25zOg0KDQoxLiAgICAgICBDYW4gdGhlIElv VCBkZXZpY2UgKEQpVExTIHByb2ZpbGUgYmUgZGlzY2xvc2VkIHRvIG1hbGljaW91cyBhZ2VudCBv ciBJb1QgZGV2aWNlPyBJZiBub3QsIGhvdyBkbyB5b3UgcHJldmVudCB0aGVzZSBzZW5zaXRpdmUg aW5mb3JtYXRpb24gbGVha2luZz8NCg0KMi4gICAgICAgRG8geW91IGZyZXF1ZW50bHkgdXBkYXRl IERUTFMgcHJvZmlsZSBkaXNjbG9zZWQgdG8gSW9UIGRldmljZSB0byBwcmV2ZW50IG1hbGljaW91 cyBhZ2VudCBmcm9tIHNub29waW5nPw0KDQozLiAgICAgICBIb3cgZG9lcyBlbnRlcnByaXNlIGZp cmV3YWwgdXNlIERUTFMgcHJvZmlsZSB0byBkZXRlY3QgbWFsaWNpb3VzIGZsb3cgb3IgbGVnaXRp bWF0ZSBmbG93Pw0KDQotUWluDQrlj5Hku7bkuro6IE9QU0FXRyBbbWFpbHRvOm9wc2F3Zy1ib3Vu Y2VzQGlldGYub3JnXSDku6PooaggdGlydW1hbCByZWRkeQ0K5Y+R6YCB5pe26Ze0OiAyMDE55bm0 N+aciDjml6UgMjI6MDMNCuaUtuS7tuS6ujogb3BzYXdnQGlldGYub3JnOyBtdWRAaWV0Zi5vcmcN CuS4u+mimDogW09QU0FXR10gRndkOiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0 LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAudHh0DQoNClRoaXMgZHJhZnQgaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAgZGlzY3Vzc2VzIE1hbnVm YWN0dXJlciBVc2FnZSBEZXNjcmlwdGlvbiAoTVVEKSBleHRlbnNpb24gdG8gbW9kZWwgKEQpVExT IHByb2ZpbGUgb24gSW9UIGRldmljZXMuIFRoaXMgYWxsb3dzIGEgZmlyZXdhbGwgdG8gbm90aWNl IGFibm9ybWFsIERUTFMgb3IgVExTIHVzYWdlLCB3aGljaCBoYXMgYmVlbiBhIHN0cm9uZyBpbmRp Y2F0b3Igb2Ygb3RoZXIgc29mdHdhcmUgcnVubmluZyBvbiB0aGUgZW5kcG9pbnQsIHR5cGljYWxs eSBtYWx3YXJlLg0KDQpDb21tZW50cywgc3VnZ2VzdGlvbnMsIGFuZCBxdWVzdGlvbnMgYXJlIG1v cmUgdGhhbiB3ZWxjb21lLg0KDQpDaGVlcnMsDQotVGlydQ0KDQotLS0tLS0tLS0tIEZvcndhcmRl ZCBtZXNzYWdlIC0tLS0tLS0tLQ0KRnJvbTogPGludGVybmV0LWRyYWZ0c0BpZXRmLm9yZzxtYWls dG86aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPj4NCkRhdGU6IE1vbiwgOCBKdWwgMjAxOSBhdCAx OToxOA0KU3ViamVjdDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC1yZWRkeS1v cHN3Zy1tdWQtdGxzLTAwLnR4dA0KVG86IFRpcnVtYWxlc3dhciBSZWRkeSA8a29uZHRpckBnbWFp bC5jb208bWFpbHRvOmtvbmR0aXJAZ21haWwuY29tPj4sIERhbiBXaW5nIDxkYW53aW5nQGdtYWls LmNvbTxtYWlsdG86ZGFud2luZ0BnbWFpbC5jb20+Pg0KDQoNCg0KQSBuZXcgdmVyc2lvbiBvZiBJ LUQsIGRyYWZ0LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAudHh0DQpoYXMgYmVlbiBzdWNjZXNzZnVs bHkgc3VibWl0dGVkIGJ5IFRpcnVtYWxlc3dhciBSZWRkeSBhbmQgcG9zdGVkIHRvIHRoZQ0KSUVU RiByZXBvc2l0b3J5Lg0KDQpOYW1lOiAgICAgICAgICAgZHJhZnQtcmVkZHktb3Bzd2ctbXVkLXRs cw0KUmV2aXNpb246ICAgICAgIDAwDQpUaXRsZTogICAgICAgICAgTVVEIChEKVRMUyBwcm9maWxl cyBmb3IgSW9UIGRldmljZXMNCkRvY3VtZW50IGRhdGU6ICAyMDE5LTA3LTA4DQpHcm91cDogICAg ICAgICAgSW5kaXZpZHVhbCBTdWJtaXNzaW9uDQpQYWdlczogICAgICAgICAgMTYNClVSTDogICAg ICAgICAgICBodHRwczovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtcmVkZHkt b3Bzd2ctbXVkLXRscy0wMC50eHQNClN0YXR1czogICAgICAgICBodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9kcmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLw0KSHRtbGl6ZWQ6ICAgICAg IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLTAw DQpIdG1saXplZDogICAgICAgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9k cmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzDQoNCg0KQWJzdHJhY3Q6DQogICBUaGlzIG1lbW8gZXh0 ZW5kcyBNYW51ZmFjdHVyZXIgVXNhZ2UgRGVzY3JpcHRpb24gKE1VRCkgdG8gbW9kZWwgRFRMUw0K ICAgYW5kIFRMUyB1c2FnZS4gIFRoaXMgYWxsb3dzIGEgbmV0d29yayBlbGVtZW50IHRvIG5vdGlj ZSBhYm5vcm1hbCBEVExTDQogICBvciBUTFMgdXNhZ2Ugd2hpY2ggaGFzIGJlZW4gc3Ryb25nIGlu ZGljYXRvciBvZiBvdGhlciBzb2Z0d2FyZQ0KICAgcnVubmluZyBvbiB0aGUgZW5kcG9pbnQsIHR5 cGljYWxseSBtYWx3YXJlLg0KDQoNCg0KDQpQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEg Y291cGxlIG9mIG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNzaW9uDQp1bnRpbCB0aGUg aHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3Jn PGh0dHA6Ly90b29scy5pZXRmLm9yZz4uDQoNClRoZSBJRVRGIFNlY3JldGFyaWF0DQo= --_000_B8F9A780D330094D99AF023C5877DABAA49CD8C1nkgeml513mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5 OuW+rui9r+mbhem7kTsNCglwYW5vc2UtMToyIDExIDUgMyAyIDIgNCAyIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOW+rui9r+mbhem7kSI7DQoJcGFub3NlLTE6MiAxMSA1IDMg MiAyIDQgMiAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5N c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4w MDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseTrlrovkvZM7fQ0KYTpsaW5r LCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1 ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBl cmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0K CXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCDpooTorr7moLzlvI8gQ2hhciI7DQoJbWFyZ2luOjBj bTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZh bWlseTrlrovkvZM7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29u YWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFG NDk3RDt9DQpzcGFuLkhUTUxDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIOmihOiuvuagvOW8 jyBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwg 6aKE6K6+5qC85byPIjsNCglmb250LWZhbWlseTrlrovkvZM7fQ0KLk1zb0NocERlZmF1bHQNCgl7 bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMt c2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1h cmdpbjo3Mi4wcHQgOTAuMHB0IDcyLjBwdCA5MC4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtw YWdlOldvcmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXtt c28tbGlzdC1pZDoxMDQ0MDYyNzM4Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0 LXRlbXBsYXRlLWlkczoyMDY0NzI1MzIgODg3Mzg2OTM4IDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4 NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1O30NCkBsaXN0 IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6MTguMHB0Ow0KCXRleHQtaW5kZW50Oi0xOC4w cHQ7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxv d2VyOw0KCW1zby1sZXZlbC10ZXh0OiIlMlwpIjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6NDIuMHB0Ow0K CXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246cmlnaHQ7DQoJbWFyZ2luLWxlZnQ6NjMuMHB0Ow0KCXRleHQt aW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDo4NC4w cHQ7DQoJdGV4dC1pbmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRleHQ6IiU1XCkiOw0KCW1z by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN CgltYXJnaW4tbGVmdDoxMDUuMHB0Ow0KCXRleHQtaW5kZW50Oi0yMS4wcHQ7fQ0KQGxpc3QgbDA6 bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246cmlnaHQ7DQoJbWFy Z2luLWxlZnQ6MTI2LjBwdDsNCgl0ZXh0LWluZGVudDotMjEuMHB0O30NCkBsaXN0IGwwOmxldmVs Nw0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJbWFyZ2luLWxlZnQ6MTQ3LjBwdDsNCgl0ZXh0LWluZGVudDotMjEuMHB0O30NCkBs aXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCglt c28tbGV2ZWwtdGV4dDoiJThcKSI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxl dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjE2OC4wcHQ7DQoJdGV4dC1p bmRlbnQ6LTIxLjBwdDt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpyaWdodDsNCgltYXJnaW4tbGVmdDoxODkuMHB0Ow0KCXRleHQtaW5kZW50 Oi0yMS4wcHQ7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRv bTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVm YXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxv OmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwh W2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iWkgtQ04iIGxpbms9ImJsdWUiIHZsaW5r PSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SW50ZXJlc3Rp bmcgd29yaywgdGhyZWUgcXVlc3Rpb25zOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwcmUgc3R5 bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxl dmVsMSBsZm8xIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0QiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPjEuPHNwYW4g c3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZd PjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+Q2FuIHRoZSBJb1Qg ZGV2aWNlIChEKVRMUyBwcm9maWxlIGJlIGRpc2Nsb3NlZCB0byBtYWxpY2lvdXMgYWdlbnQgb3Ig SW9UIGRldmljZT8gSWYgbm90LCBob3cgZG8geW91IHByZXZlbnQgdGhlc2Ugc2Vuc2l0aXZlIGlu Zm9ybWF0aW9uIGxlYWtpbmc/PG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJt YXJnaW4tbGVmdDoxOC4wcHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEg bGZvMSI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4yLjxzcGFuIHN0eWxl PSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3Bh biBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkRvIHlvdSBmcmVxdWVudGx5 IHVwZGF0ZSBEVExTIHByb2ZpbGUgZGlzY2xvc2VkIHRvIElvVCBkZXZpY2UgdG8gcHJldmVudCBt YWxpY2lvdXMgYWdlbnQgZnJvbSBzbm9vcGluZz88bzpwPjwvbzpwPjwvc3Bhbj48L3ByZT4NCjxw cmUgc3R5bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0 OmwwIGxldmVsMSBsZm8xIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBsYW5nPSJFTi1VUyIg c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPjMu PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFb ZW5kaWZdPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SG93IGRv ZXMgZW50ZXJwcmlzZSBmaXJld2FsIHVzZSBEVExTIHByb2ZpbGUgdG8gZGV0ZWN0IG1hbGljaW91 cyBmbG93IG9yIGxlZ2l0aW1hdGUgZmxvdz8gPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5 N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+LVFpbjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlm Ij7lj5Hku7bkuro8c3BhbiBsYW5nPSJFTi1VUyI+Ojwvc3Bhbj48L3NwYW4+PC9iPjxzcGFuIGxh bmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDvlvq7o va/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+IE9QU0FXRyBbbWFpbHRvOm9wc2F3Zy1ib3VuY2Vz QGlldGYub3JnXQ0KPC9zcGFuPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7ku6PooaggPC9zcGFu Pg0KPC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+dGlydW1hbCByZWRkeTxi cj4NCjwvc3Bhbj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDvlvq7ova/pm4Xpu5EmcXVvdDssc2Fucy1zZXJpZiI+5Y+R6YCB5pe26Ze0PHNwYW4gbGFu Zz0iRU4tVVMiPjo8L3NwYW4+PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q75b6u6L2v6ZuF6buRJnF1b3Q7LHNhbnMt c2VyaWYiPiAyMDE5PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O+W+rui9r+mbhem7kSZxdW90OyxzYW5zLXNlcmlmIj7lubQ8c3BhbiBsYW5nPSJF Ti1VUyI+Nzwvc3Bhbj7mnIg8c3BhbiBsYW5nPSJFTi1VUyI+ODwvc3Bhbj7ml6U8c3BhbiBsYW5n PSJFTi1VUyI+DQogMjI6MDM8YnI+DQo8L3NwYW4+PGI+5pS25Lu25Lq6PHNwYW4gbGFuZz0iRU4t VVMiPjo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj4gb3BzYXdnQGlldGYub3JnOyBtdWRA aWV0Zi5vcmc8YnI+DQo8L3NwYW4+PGI+5Li76aKYPHNwYW4gbGFuZz0iRU4tVVMiPjo8L3NwYW4+ PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj4gW09QU0FXR10gRndkOiBOZXcgVmVyc2lvbiBOb3RpZmlj YXRpb24gZm9yIGRyYWZ0LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAudHh0PG86cD48L286cD48L3Nw YW4+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+VGhpcyBkcmFmdA0KPGEgaHJlZj0iaHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAiPmh0dHBz Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLTAwPC9hPiBk aXNjdXNzZXMgTWFudWZhY3R1cmVyIFVzYWdlIERlc2NyaXB0aW9uIChNVUQpIGV4dGVuc2lvbiB0 byBtb2RlbCAoRClUTFMgcHJvZmlsZSBvbiBJb1QgZGV2aWNlcy4gVGhpcyBhbGxvd3MgYSBmaXJl d2FsbCB0byBub3RpY2UNCiBhYm5vcm1hbCBEVExTIG9yIFRMUyB1c2FnZSwgd2hpY2ggaGFzIGJl ZW4gYSBzdHJvbmcgaW5kaWNhdG9yIG9mIG90aGVyIHNvZnR3YXJlIHJ1bm5pbmcgb24gdGhlIGVu ZHBvaW50LCB0eXBpY2FsbHkgbWFsd2FyZS4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48YnI+DQpD b21tZW50cywgc3VnZ2VzdGlvbnMsIGFuZCBxdWVzdGlvbnMgYXJlIG1vcmUgdGhhbiB3ZWxjb21l Ljxicj4NCjxicj4NCkNoZWVycyw8YnI+DQotVGlydTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0t PGJyPg0KRnJvbTogJmx0OzxhIGhyZWY9Im1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmci PmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KRGF0ZTogTW9uLCA4IEp1bCAy MDE5IGF0IDE5OjE4PGJyPg0KU3ViamVjdDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBk cmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLTAwLnR4dDxicj4NClRvOiBUaXJ1bWFsZXN3YXIgUmVk ZHkgJmx0OzxhIGhyZWY9Im1haWx0bzprb25kdGlyQGdtYWlsLmNvbSI+a29uZHRpckBnbWFpbC5j b208L2E+Jmd0OywgRGFuIFdpbmcgJmx0OzxhIGhyZWY9Im1haWx0bzpkYW53aW5nQGdtYWlsLmNv bSI+ZGFud2luZ0BnbWFpbC5jb208L2E+Jmd0OzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48c3Bh biBsYW5nPSJFTi1VUyI+PGJyPg0KPGJyPg0KPGJyPg0KQSBuZXcgdmVyc2lvbiBvZiBJLUQsIGRy YWZ0LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAudHh0PGJyPg0KaGFzIGJlZW4gc3VjY2Vzc2Z1bGx5 IHN1Ym1pdHRlZCBieSBUaXJ1bWFsZXN3YXIgUmVkZHkgYW5kIHBvc3RlZCB0byB0aGU8YnI+DQpJ RVRGIHJlcG9zaXRvcnkuPGJyPg0KPGJyPg0KTmFtZTombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwO2RyYWZ0LXJlZGR5LW9wc3dnLW11ZC10bHM8YnI+DQpSZXZpc2lvbjom bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDswMDxicj4NClRpdGxlOiZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgTVVEIChEKVRMUyBwcm9maWxlcyBmb3IgSW9UIGRldmljZXM8YnI+ DQpEb2N1bWVudCBkYXRlOiZuYnNwOyAyMDE5LTA3LTA4PGJyPg0KR3JvdXA6Jm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBJbmRpdmlkdWFsIFN1Ym1pc3Npb248YnI+DQpQYWdlczom bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IDE2PGJyPg0KVVJMOiZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYu b3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLTAwLnR4dCIgdGFy Z2V0PSJfYmxhbmsiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0 LXJlZGR5LW9wc3dnLW11ZC10bHMtMDAudHh0PC9hPjxicj4NClN0YXR1czombmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9y Zy9kb2MvZHJhZnQtcmVkZHktb3Bzd2ctbXVkLXRscy8iIHRhcmdldD0iX2JsYW5rIj5odHRwczov L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1yZWRkeS1vcHN3Zy1tdWQtdGxzLzwvYT48 YnI+DQpIdG1saXplZDombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDs8YSBocmVmPSJodHRwczov L3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtcmVkZHktb3Bzd2ctbXVkLXRscy0wMCIgdGFyZ2V0 PSJfYmxhbmsiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1yZWRkeS1vcHN3Zy1t dWQtdGxzLTAwPC9hPjxicj4NCkh0bWxpemVkOiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOzxh IGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtcmVkZHkt b3Bzd2ctbXVkLXRscyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2h0bWwvZHJhZnQtcmVkZHktb3Bzd2ctbXVkLXRsczwvYT48YnI+DQo8YnI+DQo8YnI+ DQpBYnN0cmFjdDo8YnI+DQombmJzcDsgJm5ic3A7VGhpcyBtZW1vIGV4dGVuZHMgTWFudWZhY3R1 cmVyIFVzYWdlIERlc2NyaXB0aW9uIChNVUQpIHRvIG1vZGVsIERUTFM8YnI+DQombmJzcDsgJm5i c3A7YW5kIFRMUyB1c2FnZS4mbmJzcDsgVGhpcyBhbGxvd3MgYSBuZXR3b3JrIGVsZW1lbnQgdG8g bm90aWNlIGFibm9ybWFsIERUTFM8YnI+DQombmJzcDsgJm5ic3A7b3IgVExTIHVzYWdlIHdoaWNo IGhhcyBiZWVuIHN0cm9uZyBpbmRpY2F0b3Igb2Ygb3RoZXIgc29mdHdhcmU8YnI+DQombmJzcDsg Jm5ic3A7cnVubmluZyBvbiB0aGUgZW5kcG9pbnQsIHR5cGljYWxseSBtYWx3YXJlLjxicj4NCjxi cj4NCjxicj4NCjxicj4NCjxicj4NClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3Vw bGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb248YnI+DQp1bnRpbCB0aGUg aHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IDxhIGhyZWY9Imh0dHA6 Ly90b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KdG9vbHMuaWV0Zi5vcmc8L2E+Ljxi cj4NCjxicj4NClRoZSBJRVRGIFNlY3JldGFyaWF0PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_B8F9A780D330094D99AF023C5877DABAA49CD8C1nkgeml513mbxchi_-- From nobody Tue Jul 9 02:53:26 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C695B1200B6; Tue, 9 Jul 2019 02:53:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pF3S_iMTEYs; Tue, 9 Jul 2019 02:53:13 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B56AD12011C; Tue, 9 Jul 2019 02:53:13 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id i10so41735634iol.13; Tue, 09 Jul 2019 02:53:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NCTSu/qlK2zhK7stVSW1rm+bGOdxyN28jjGM/t2tt38=; b=L4RdDN9O/BSxBu2hpCCYQFOMpkzaCPKICy0XXlQUW0DVRydWqZZgChjugUdqLdJcUZ UV3ZlbumJF0pNpTGMxSaIIMo8V6uBFLgJ/LOzskGKBSZ/rtwjLNYY7iNA7mHGgb1fxy2 qfiFJtwcKfocDM7ViQo8GSj+AHEvjbGjkXIGxyO+x7l1I6I1tzGlQMJ8qtfF+SXtnvN4 ZXjC1BpJRCPPSRwoFQKOrVp+JifJG8RDfbSyT5E4CmYsezPJC4w4msRySvGHscYJxkIu H9CXA9jcDyB4bhVsUdkyjzRPdNvqvRlW3ZUtYdQ9jv651Qy4rrh94FmnRkMTMjNAR3nv nzhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NCTSu/qlK2zhK7stVSW1rm+bGOdxyN28jjGM/t2tt38=; b=Y1QZp9NnxAzZHfDAWoPd5FlUBy/0hgpAg/cSPyltDdn9dydPJZ7ZUtYeE3aEFvQQX0 ryV6J35ZB+OUYMGP238iqyfXHij2QN5cwhVOLIdA/GE8m/J+hWwivgIxs9SuiMcqUbHt jNAJ27i6RhV3IOK2PoZC46CwRyNdUHJDkN4O0IjoU6xMqlPfc2emkAgxl+soW8sryTwE 71+fyycELJZdmCvUSRr55NMG+WFpPCJ0d4Z4AudElVnQ2DBNUHhStCj5CegOb0z4Xbzq 0r8dmu1ptbmkLfIRjZpa4Up/krzx8JiVZCdDPgdGyF4KLIHx/q8HTDVIjCZN7q02VwBe AhhA== X-Gm-Message-State: APjAAAWC6HvWxAUZZMFRmKAIFfw4YMNyCT16qBFPXk+guMWmO8eluTlZ t4+mnx6Mfrr1PcHfl5bBqwK+EKPLW5AQtcJdPRM= X-Google-Smtp-Source: APXvYqytAxnE7pP5uR1df8wnPkuGf5/JRK4Q7wS83TNrHF1VFdXUYxtFlINfCmxQWy5QuWQs2okualagjrcsKNZiBww= X-Received: by 2002:a02:bb08:: with SMTP id y8mr26847852jan.51.1562665993041; Tue, 09 Jul 2019 02:53:13 -0700 (PDT) MIME-Version: 1.0 References: <156259372138.1051.8615205410511124401.idtracker@ietfa.amsl.com> In-Reply-To: From: tirumal reddy Date: Tue, 9 Jul 2019 15:23:00 +0530 Message-ID: To: Eliot Lear Cc: opsawg@ietf.org, mud@ietf.org Content-Type: multipart/alternative; boundary="0000000000006afc09058d3c87fc" Archived-At: Subject: Re: [Mud] New Version Notification for draft-reddy-opswg-mud-tls-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 09:53:16 -0000 --0000000000006afc09058d3c87fc Content-Type: text/plain; charset="UTF-8" Thanks Eliot, glad to present the draft. -Tiru On Mon, 8 Jul 2019 at 20:02, Eliot Lear wrote: > I think this is a pretty cool idea. You should talk about it if you can > make the side meeting, or otherwise if you can get time at opsawg. > > Eliot > > On 8 Jul 2019, at 16:03, tirumal reddy wrote: > > This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > discusses Manufacturer Usage Description (MUD) extension to model (D)TLS > profile on IoT devices. This allows a firewall to notice abnormal DTLS or > TLS usage, which has been a strong indicator of other software running on > the endpoint, typically malware. > > Comments, suggestions, and questions are more than welcome. > > Cheers, > -Tiru > > ---------- Forwarded message --------- > From: > Date: Mon, 8 Jul 2019 at 19:18 > Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt > To: Tirumaleswar Reddy , Dan Wing > > > > A new version of I-D, draft-reddy-opswg-mud-tls-00.txt > has been successfully submitted by Tirumaleswar Reddy and posted to the > IETF repository. > > Name: draft-reddy-opswg-mud-tls > Revision: 00 > Title: MUD (D)TLS profiles for IoT devices > Document date: 2019-07-08 > Group: Individual Submission > Pages: 16 > URL: > https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt > Status: > https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ > Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls > > > Abstract: > This memo extends Manufacturer Usage Description (MUD) to model DTLS > and TLS usage. This allows a network element to notice abnormal DTLS > or TLS usage which has been strong indicator of other software > running on the endpoint, typically malware. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > > > --0000000000006afc09058d3c87fc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Eliot, glad to present the draft.
-Tiru

On Mon, 8 Jul 2019 at 20:02, Eliot Lear <<= a href=3D"mailto:lear@cisco.com" target=3D"_blank">lear@cisco.com> w= rote:
I thi= nk this is a pretty cool idea.=C2=A0 You should talk about it if you can ma= ke the side meeting, or otherwise if you can get time at opsawg.

Eliot

On 8 Jul 2019, at= 16:03, tirumal reddy <kondtir@gmail.com> wrote:

This draft https://tools.ietf.org/html/draft-re= ddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) ext= ension to model (D)TLS profile on IoT devices. This allows a firewall to no= tice abnormal DTLS or TLS usage, which has been a strong indicator of other= software running on the endpoint, typically malware.=C2=A0
=
Comments, suggestions, and questions are more than welcome.

Chee= rs,
-Tiru

---------- Forwarded message ---------
F= rom: <internet-drafts@ietf.org>
Date: Mon, 8 Jul = 2019 at 19:18
Subject: New Version Notification for draft-reddy-opswg-mu= d-tls-00.txt
To: Tirumaleswar Reddy <kondtir@gmail.com>, Dan Wing <danwing@gmail.com>



A new version of I-D, draft-reddy-opswg-mud-tls-00.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-reddy-opswg-mud-tls
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A000
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 MUD (D)TLS profiles for IoT device= s
Document date:=C2=A0 2019-07-08
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 16
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-t= ls-00.txt
Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://= tools.ietf.org/html/draft-reddy-opswg-mud-tls-00
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0h= ttps://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls


Abstract:
=C2=A0 =C2=A0This memo extends Manufacturer Usage Description (MUD) to mode= l DTLS
=C2=A0 =C2=A0and TLS usage.=C2=A0 This allows a network element to notice a= bnormal DTLS
=C2=A0 =C2=A0or TLS usage which has been strong indicator of other software=
=C2=A0 =C2=A0running on the endpoint, typically malware.




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud
<= /blockquote>

--0000000000006afc09058d3c87fc-- From nobody Tue Jul 9 03:09:19 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5ADC1203FC; Tue, 9 Jul 2019 03:09:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4O7MJFGp6mE; Tue, 9 Jul 2019 03:09:11 -0700 (PDT) Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8880A120390; Tue, 9 Jul 2019 03:09:11 -0700 (PDT) Received: by mail-io1-xd35.google.com with SMTP id z3so26945225iog.0; Tue, 09 Jul 2019 03:09:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PKD773QIkIdrevgSbOBwAzLvGCy598u0iw5tFMZdZes=; b=E3tMSQ0hM4CAVsx4tRMzVrGJnwNuu5Vod+oR8ecFVihaJVjvHz583Cei5XfTupMqMb Qj4VinTaaqB5fIjwA6C4Fkdz9sAMV74wUSk5srFvKbmMyW7GlwR3+n53fPQVkBqc4jCH MfAQ0QMxX4MugMo/pU+CSH6XWhXfrkX7vsmOp0zkcwg+tqNS2CKzvtzeIRO9X+KRZEeu q+xvIArw9Kc4ZyPu6lmWUDx0+Czcy/QHsqH8z29JeVl2LoujtUXU7Ok6rXETY0ThLWfZ v8SqB1Spq+8JqE0bI/zu/xJkuBTw9BPQZAswcY3t0jucU5fEYBGm/ba2hCN6n8I7LLa7 ByEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PKD773QIkIdrevgSbOBwAzLvGCy598u0iw5tFMZdZes=; b=FYEOHtUz1DHk3MYizCE685DORt5i4KrhMcN9+vOA6zUadrh5h1UCUzO7+yROTQKEIt 5W5bFbEEwKkBB3ezwBswljtYsSEmvOpxIyJILWK7aGDv57Qn8gFatSC5eSvwkHFQIxXU +WXWLfQ9xSDhrpK3D8EZZsEdWJp9ea4NI+I9tFTlw8fUx4gwGPK6ldW3HyonAcnjgC1H YIDGxtQvezOxdQjBASAphj5DfD8B+AphRAmsmYUVg845zKD3hRaDVbnK4SqqMWzYcnLW JcyT3ibUUprR0aVe64G3DbxKSCoPgYydidNdh3JosJZtCn68YJEokExgGcRV765Mch0N Lv/w== X-Gm-Message-State: APjAAAVhhMwVR2S9HdZDAD5hWA+ZKhr6hDuYk6haTgMwUTfNDCcGq+wa JGzv46nn+UEc1fTi73hVlkUFIkMLhut8Fyei+IU= X-Google-Smtp-Source: APXvYqwrIokumQT7AIOrBjfW5E+1MCTY4POXfQRin9NB4CoKH+X52P0uNMyDs03W0aA+fZSnErNIZxalm1e0R27F//c= X-Received: by 2002:a5d:940b:: with SMTP id v11mr8518007ion.69.1562666950790; Tue, 09 Jul 2019 03:09:10 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: tirumal reddy Date: Tue, 9 Jul 2019 15:38:59 +0530 Message-ID: To: Qin Wu Cc: "opsawg@ietf.org" , "mud@ietf.org" Content-Type: multipart/alternative; boundary="0000000000008110da058d3cc006" Archived-At: Subject: Re: [Mud] [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 10:09:14 -0000 --0000000000008110da058d3cc006 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Qin, Please see inline On Tue, 9 Jul 2019 at 08:30, Qin Wu wrote: > Interesting work, three questions: > > 1. Can the IoT device (D)TLS profile be disclosed to malicious agen= t or IoT device? If not, how do you prevent these sensitive information lea= king? > > It is not sensitive information, on-path network devices can inspect or monitor the TLS handshake without acting as a TLS proxy. In TLS 1.3, ClientHello message is not encrypted and few parameters in the ServerHello message are still visible (such as the chosen cipher). > 2. Do you frequently update DTLS profile disclosed to IoT device to= prevent malicious agent from snooping? > > No, Malware frequently uses its own libraries (SSL config) for its activities, and malware developers will have to develop malicious agents per IoT device type, manufacturer and model (which will be several thousands and practically not possible). > 3. How does enterprise firewal use DTLS profile to detect malicious= flow or legitimate flow? > > If (D)TLS session from the IoT device violates MUD (D)TLS profile, firewall detects the flow is malicious and blocks it. As you may know, Enterprise firewalls inspect TLS handshake and are capable of acting as a (D)TLS proxy (please see https://tools.ietf.org/html/draft-camwinget-tls-use-cases-05). Cheers, -Tiru -Qin > > *=E5=8F=91=E4=BB=B6=E4=BA=BA:* OPSAWG [mailto:opsawg-bounces@ietf.org] *= =E4=BB=A3=E8=A1=A8 *tirumal reddy > *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2019=E5=B9=B47=E6=9C=888=E6=97=A5= 22:03 > *=E6=94=B6=E4=BB=B6=E4=BA=BA:* opsawg@ietf.org; mud@ietf.org > *=E4=B8=BB=E9=A2=98:* [OPSAWG] Fwd: New Version Notification for > draft-reddy-opswg-mud-tls-00.txt > > > > This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > discusses Manufacturer Usage Description (MUD) extension to model (D)TLS > profile on IoT devices. This allows a firewall to notice abnormal DTLS or > TLS usage, which has been a strong indicator of other software running on > the endpoint, typically malware. > > > Comments, suggestions, and questions are more than welcome. > > Cheers, > -Tiru > > > > ---------- Forwarded message --------- > From: > Date: Mon, 8 Jul 2019 at 19:18 > Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt > To: Tirumaleswar Reddy , Dan Wing > > > > > A new version of I-D, draft-reddy-opswg-mud-tls-00.txt > has been successfully submitted by Tirumaleswar Reddy and posted to the > IETF repository. > > Name: draft-reddy-opswg-mud-tls > Revision: 00 > Title: MUD (D)TLS profiles for IoT devices > Document date: 2019-07-08 > Group: Individual Submission > Pages: 16 > URL: > https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt > Status: > https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ > Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls > > > Abstract: > This memo extends Manufacturer Usage Description (MUD) to model DTLS > and TLS usage. This allows a network element to notice abnormal DTLS > or TLS usage which has been strong indicator of other software > running on the endpoint, typically malware. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > --0000000000008110da058d3cc006 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Qin,

Please see inline
On = Tue, 9 Jul 2019 at 08:30, Qin Wu <= bill.wu@huawei.com> wrote:

Interesting work, three que= stions:

1.=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 Can the I=
oT device (D)TLS profile be disclosed to malicious agent or IoT device? If =
not, how do you prevent these sensitive information leaking?
It is not sensitive information, on-path networ= k devices can inspect or monitor the TLS handshake without acting as a TLS = proxy. In TLS 1.3,=C2=A0ClientHello message is not encrypted and few parame= ters in the ServerHello message are still visible (such as the chosen ciphe= r).
=C2=A0
2.=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 Do you fr=
equently update DTLS profile disclosed to IoT device to prevent malicious a=
gent from snooping?
No, Malware f= requently uses its own libraries (SSL config) for its activities, and malwa= re developers will have to develop malicious agents per IoT device type, ma= nufacturer and model (which will be several thousands and practically not p= ossible).=C2=A0
<= /pre> 
3.=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 How does =
enterprise firewal use DTLS profile to detect malicious flow or legitimate =
flow?
If (D)TLS session from the= IoT device violates MUD (D)TLS profile, firewall detects the flow is malic= ious and blocks it. As you may know, Enterprise firewalls inspect TLS hands= hake and are capable of acting as a (D)TLS proxy (please see=C2=A0https://t= ools.ietf.org/html/draft-camwinget-tls-use-cases-05).=C2=A0
<= br>
Cheers,
-Tiru

-Qin

=E5=8F=91=E4=BB=B6=E4=BA=BA: OPSAWG [= mailto:opsawg-= bounces@ietf.org] =E4=BB=A3=E8=A1=A8 tirumal reddy
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B47=E6=9C=888=E6=97=A5 22:03
=E6=94=B6=E4=BB=B6=E4=BA=BA: opsaw= g@ietf.org; mud@ietf.= org
=E4=B8=BB=E9=A2=98: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tl= s-00.txt

=C2=A0

This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 di= scusses Manufacturer Usage Description (MUD) extension to model (D)TLS prof= ile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other sof= tware running on the endpoint, typically malware.=C2=A0


Comments, suggestions, and questions are more than welcome.

Cheers,
-Tiru

=C2=A0

---------- Forwarded message --= -------
From: <int= ernet-drafts@ietf.org>
Date: Mon, 8 Jul 2019 at 19:18
Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
To: Tirumaleswar Reddy <kondtir@gmail.com>, Dan Wing <danwing@gmail.com>



A new version of I-D, draft-reddy-opswg-mud-tls-00.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-reddy-opswg-mud-tls
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A000
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 MUD (D)TLS profiles for IoT device= s
Document date:=C2=A0 2019-07-08
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 16
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker= .ietf.org/doc/draft-reddy-opswg-mud-tls/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://tools.ietf.org/html= /draft-reddy-opswg-mud-tls-00
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker.= ietf.org/doc/html/draft-reddy-opswg-mud-tls


Abstract:
=C2=A0 =C2=A0This memo extends Manufacturer Usage Description (MUD) to mode= l DTLS
=C2=A0 =C2=A0and TLS usage.=C2=A0 This allows a network element to notice a= bnormal DTLS
=C2=A0 =C2=A0or TLS usage which has been strong indicator of other software=
=C2=A0 =C2=A0running on the endpoint, typically malware.




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

--0000000000008110da058d3cc006-- From nobody Tue Jul 9 07:42:04 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5F9120476; Tue, 9 Jul 2019 07:42:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMRYd3dqy1Hl; Tue, 9 Jul 2019 07:42:00 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5314A120438; Tue, 9 Jul 2019 07:42:00 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 4D4323808A; Tue, 9 Jul 2019 10:39:56 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 67CFA5BE; Tue, 9 Jul 2019 10:41:58 -0400 (EDT) From: Michael Richardson To: "opsawg\@ietf.org" , "mud\@ietf.org" , capport@ietf.org In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Mud] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 14:42:04 -0000 --=-=-= Content-Type: text/plain Between editing drafts yesterday, I got to thinking about CAPPORT. I have been working on what to do when an IoT device violates it's MUD profile. There are a bunch of issues around this. Yesterday, it occured to me that when such a device is quarantined (I really think it should be "quaranteed", but that's not a word) that the capport controls and APIs should be available to the device to learn what went on. This is not new, I think that this as been the approach of most enterprise NEA systems upon encountering "infection". This has, I assume, involved forced HTTP proxies to inform human. But, if we have APIs, we can inform device as well. Is this on anyone's radar? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0kp7YACgkQgItw+93Q 3WVfGQgAshsJZLknCa1KT1bCVy8JMaU3h0aXlhpxTbNQPuqRn7Cs0FEKCAvSl2p1 XuCHDdp0GGM4gBjbovauCaTX6UMcKHsFiMWSIflbdBnjuQZ41u4AmN5+7uNVzwyD fIMWhNQMp6+E2ikxfwFz9SR/HiNsIlmKPQDDa4o83OqgJHWy9NRO2YWTVzrkMw3c NeySMvNxwa5Hzwal4dWv8OAgYsT5z2cDo9WI6wsk8aUb9Ac89+RZl1JVjeMmlXjm S2aaVzGM1RIvnIrsFbQYupg/HP2F2P0vKUHNBKASoJYv6fu595eqDHYzKktBsbDx dZ44Ak1NefKNZAbvec9DWgjfGzFocA== =pFHc -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 07:54:12 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6BFD120165; Tue, 9 Jul 2019 07:54:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbrG76NsrjAW; Tue, 9 Jul 2019 07:54:08 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DCE612016A; Tue, 9 Jul 2019 07:54:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1819; q=dns/txt; s=iport; t=1562684048; x=1563893648; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=pX7SE1Yy28cTJo69wsR84zkvGex97mjQdAogoJWaVKE=; b=WAqqMNKchzkEtnQhEXCEDnStnHlUUtlDvPmktR4lTMO1RYtmOboq1JW7 Vsl/mMOQ2X42YuHPB/Nu/Q2CF853A+RjCy2zK6kyfa1ZUGS91C6pnigcR iobJf/Bc9bWEbdqThrq8p9Xigh7+zplkszigPsSiBel+iEZHqTUJ9wYlB 0=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AWAACXqSRd/xbLJq1mGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBVgIBAQEBCwGCFmpSIBIohByIe4tzmm8CBwEBAQkDAQEvAQG?= =?us-ascii?q?BS4J1AoJmNwYOAQMBAQQBAQIBBW2FSIVKAQEBAQIBI1YFCwsYKgICVwYTgyI?= =?us-ascii?q?BgXsPq3OBMoVHhF0QgTQBgVCKJYF/gTgfgkw+h04ygiYElGaVbAmCGYIfgQy?= =?us-ascii?q?EbYttG4IslVShZIMKAgQGBQIVgWYigVgzGggbFWUBgkE+kEk9AzCQBAEB?= X-IronPort-AV: E=Sophos;i="5.63,470,1557187200"; d="asc'?scan'208";a="14118064" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Jul 2019 14:54:05 +0000 Received: from dhcp-10-61-105-202.cisco.com (dhcp-10-61-105-202.cisco.com [10.61.105.202]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x69Es56w016592 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 Jul 2019 14:54:05 GMT From: Eliot Lear Message-Id: <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_6DD4917D-FC86-4217-A788-C0367EA1BB1C"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 9 Jul 2019 16:54:04 +0200 In-Reply-To: <4486.1562683318@localhost> Cc: "opsawg@ietf.org" , "mud@ietf.org" , capport@ietf.org To: Michael Richardson References: <4486.1562683318@localhost> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.105.202, dhcp-10-61-105-202.cisco.com X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 14:54:11 -0000 --Apple-Mail=_6DD4917D-FC86-4217-A788-C0367EA1BB1C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I=E2=80=99m not quite certain how it would work. Can you show a flow = that will work for an IoT device (e.g., headless and no display)? Eliot > On 9 Jul 2019, at 16:41, Michael Richardson = wrote: >=20 > Signed PGP part >=20 > Between editing drafts yesterday, I got to thinking about CAPPORT. > I have been working on what to do when an IoT device violates it's MUD > profile. There are a bunch of issues around this. >=20 > Yesterday, it occured to me that when such a device is quarantined > (I really think it should be "quaranteed", but that's not a word) > that the capport controls and APIs should be available to the device = to > learn what went on. >=20 > This is not new, I think that this as been the approach of most = enterprise > NEA systems upon encountering "infection". This has, I assume, = involved > forced HTTP proxies to inform human. But, if we have APIs, we can = inform > device as well. >=20 > Is this on anyone's radar? >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 >=20 >=20 --Apple-Mail=_6DD4917D-FC86-4217-A788-C0367EA1BB1C Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSSqjAAKCRBugA9nE248 uL/sAJ9FcwIHbPZOOmRd15FQFxsy5l9OzgCgkVGhWAXynktZWlHLnTLVwpXJgOE= =MOwf -----END PGP SIGNATURE----- --Apple-Mail=_6DD4917D-FC86-4217-A788-C0367EA1BB1C-- From nobody Tue Jul 9 11:39:09 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A64D120A1E; Tue, 9 Jul 2019 11:39:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFmnVk7byNww; Tue, 9 Jul 2019 11:39:05 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 029C9120A3A; Tue, 9 Jul 2019 11:39:00 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id E57313808A; Tue, 9 Jul 2019 14:36:55 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 45AC05D0; Tue, 9 Jul 2019 14:38:58 -0400 (EDT) From: Michael Richardson To: Eliot Lear cc: "opsawg\@ietf.org" , "mud\@ietf.org" , capport@ietf.org In-Reply-To: <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:39:08 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Eliot Lear wrote: > I=E2=80=99m not quite certain how it would work. Can you show a flow= that will > work for an IoT device (e.g., headless and no display)? Device gets quarantined, and the MUD-controller moves it into an isolated "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-address VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. {We have no way to force the mishaving device into tagging it's packets, nor can we force it onto some other ESSID. We can't do a "port-based" VLAN, because wifi has no ports, and we don't really know how many unmanaged switches might be on the port anyway. One might map this onto a IEEE 802.1Q VLAN across a backbone} Instead of just dropping all traffic for a device in this category, all traffic (other than excepted traffic if you implement https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-acces= s/) would go into a captive portal system. Such a system would, according to https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ receive a message when it initiates connections which are not allowed. (While the capport WG contemplated an ICMP unreachable message with a URI in it at one point, that is not the current design) Actually, I have no idea from reviewing the documentation what the appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? Once the IoT device gets such a message, it can use the API described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ to retrieve a JSON object telling it that it is captive. At which point, it can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a timer goes off. (%) This requires that the IoT device get the captive portal API end point, whi= ch https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can deliver via DHCPv4/v6 or RA. >> On 9 Jul 2019, at 16:41, Michael Richardson >> wrote: >> >> Signed PGP part >> >> Between editing drafts yesterday, I got to thinking about CAPPORT. I >> have been working on what to do when an IoT device violates it's MUD >> profile. There are a bunch of issues around this. >> >> Yesterday, it occured to me that when such a device is quarantined (I >> really think it should be "quaranteed", but that's not a word) that >> the capport controls and APIs should be available to the device to >> learn what went on. >> >> This is not new, I think that this as been the approach of most >> enterprise NEA systems upon encountering "infection". This has, I >> assume, involved forced HTTP proxies to inform human. But, if we ha= ve >> APIs, we can inform device as well. >> >> Is this on anyone's radar? >> >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >> >> >> >> >> =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0k30EACgkQgItw+93Q 3WVCFgf9HXMbqXU95/TvL9H3KN0m/fWasiZPiknBzfW9W+6oNb+6Rve99Sxk4wbu EmeK2AgJp7NkrPJHcMj8UohCAY3od3synNvUH7RnxoKJnbKCFM6BsN2ZWFqsG5M0 NuZ0e86VAAfBMhpuH5re7ilqY0pWkSCfKT+1UURGHk0cjaKy7/Uo4J2D6L1KmdW2 pEJYzp3cdh/JYcpZRcbMobeZlOy5kTftTZ94w8OnAZRbv9hBw3xoJW+bN2UU6sy+ GIGV9IIHJx9/K+doe8LporjdZV3IrcruokuU8kMK0T+V0KiugUyXoisQbKKjakpE MM6cSxkL33eChPtH2lv1zFTdT4V2Bg== =8Zjt -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 11:41:39 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F18B120A5B; Tue, 9 Jul 2019 11:41:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFG6u4iTe67u; Tue, 9 Jul 2019 11:41:34 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA5C0120A51; Tue, 9 Jul 2019 11:41:23 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 887973808A; Tue, 9 Jul 2019 14:39:20 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E44DC5D0; Tue, 9 Jul 2019 14:41:22 -0400 (EDT) From: Michael Richardson To: captive-portals@ietf.org, opsawg@ietf.org, mud@ietf.org X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Mud] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:41:38 -0000 --===-=-= Content-Type: multipart/mixed; boundary="==-=-=" --==-=-= Content-Type: text/plain Again, a WG whose ML is not the WG name, and there is no alias. ARGH. Here are some emails that didn't get to captive-portals@ietf.org. Sorry for the duplication for others. --==-=-= Content-Type: message/rfc822 Content-Disposition: inline; filename=2966 Content-Description: forwarded message From: Michael Richardson To: "opsawg\@ietf.org" , "mud\@ietf.org" , capport@ietf.org Subject: putting quarantined IoT devices behind a captive portal In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m --=-=-= Content-Type: text/plain Between editing drafts yesterday, I got to thinking about CAPPORT. I have been working on what to do when an IoT device violates it's MUD profile. There are a bunch of issues around this. Yesterday, it occured to me that when such a device is quarantined (I really think it should be "quaranteed", but that's not a word) that the capport controls and APIs should be available to the device to learn what went on. This is not new, I think that this as been the approach of most enterprise NEA systems upon encountering "infection". This has, I assume, involved forced HTTP proxies to inform human. But, if we have APIs, we can inform device as well. Is this on anyone's radar? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0kp7YACgkQgItw+93Q 3WVfGQgAshsJZLknCa1KT1bCVy8JMaU3h0aXlhpxTbNQPuqRn7Cs0FEKCAvSl2p1 XuCHDdp0GGM4gBjbovauCaTX6UMcKHsFiMWSIflbdBnjuQZ41u4AmN5+7uNVzwyD fIMWhNQMp6+E2ikxfwFz9SR/HiNsIlmKPQDDa4o83OqgJHWy9NRO2YWTVzrkMw3c NeySMvNxwa5Hzwal4dWv8OAgYsT5z2cDo9WI6wsk8aUb9Ac89+RZl1JVjeMmlXjm S2aaVzGM1RIvnIrsFbQYupg/HP2F2P0vKUHNBKASoJYv6fu595eqDHYzKktBsbDx dZ44Ak1NefKNZAbvec9DWgjfGzFocA== =pFHc -----END PGP SIGNATURE----- --=-=-=-- --==-=-= Content-Type: message/rfc822 Content-Disposition: inline; filename=2978 Content-Description: forwarded message From: Michael Richardson To: Eliot Lear cc: "opsawg\@ietf.org" , "mud\@ietf.org" , capport@ietf.org Subject: Re: [OPSAWG] putting quarantined IoT devices behind a captive portal In-Reply-To: <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Eliot Lear wrote: > I=E2=80=99m not quite certain how it would work. Can you show a flow= that will > work for an IoT device (e.g., headless and no display)? Device gets quarantined, and the MUD-controller moves it into an isolated "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-address VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. {We have no way to force the mishaving device into tagging it's packets, nor can we force it onto some other ESSID. We can't do a "port-based" VLAN, because wifi has no ports, and we don't really know how many unmanaged switches might be on the port anyway. One might map this onto a IEEE 802.1Q VLAN across a backbone} Instead of just dropping all traffic for a device in this category, all traffic (other than excepted traffic if you implement https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-acces= s/) would go into a captive portal system. Such a system would, according to https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ receive a message when it initiates connections which are not allowed. (While the capport WG contemplated an ICMP unreachable message with a URI in it at one point, that is not the current design) Actually, I have no idea from reviewing the documentation what the appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? Once the IoT device gets such a message, it can use the API described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ to retrieve a JSON object telling it that it is captive. At which point, it can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a timer goes off. (%) This requires that the IoT device get the captive portal API end point, whi= ch https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can deliver via DHCPv4/v6 or RA. >> On 9 Jul 2019, at 16:41, Michael Richardson >> wrote: >> >> Signed PGP part >> >> Between editing drafts yesterday, I got to thinking about CAPPORT. I >> have been working on what to do when an IoT device violates it's MUD >> profile. There are a bunch of issues around this. >> >> Yesterday, it occured to me that when such a device is quarantined (I >> really think it should be "quaranteed", but that's not a word) that >> the capport controls and APIs should be available to the device to >> learn what went on. >> >> This is not new, I think that this as been the approach of most >> enterprise NEA systems upon encountering "infection". This has, I >> assume, involved forced HTTP proxies to inform human. But, if we ha= ve >> APIs, we can inform device as well. >> >> Is this on anyone's radar? >> >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >> >> >> >> >> =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0k30EACgkQgItw+93Q 3WVCFgf9HXMbqXU95/TvL9H3KN0m/fWasiZPiknBzfW9W+6oNb+6Rve99Sxk4wbu EmeK2AgJp7NkrPJHcMj8UohCAY3od3synNvUH7RnxoKJnbKCFM6BsN2ZWFqsG5M0 NuZ0e86VAAfBMhpuH5re7ilqY0pWkSCfKT+1UURGHk0cjaKy7/Uo4J2D6L1KmdW2 pEJYzp3cdh/JYcpZRcbMobeZlOy5kTftTZ94w8OnAZRbv9hBw3xoJW+bN2UU6sy+ GIGV9IIHJx9/K+doe8LporjdZV3IrcruokuU8kMK0T+V0KiugUyXoisQbKKjakpE MM6cSxkL33eChPtH2lv1zFTdT4V2Bg== =8Zjt -----END PGP SIGNATURE----- --=-=-=-- --==-=-= Content-Type: text/plain -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --==-=-=-- --===-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0k39IACgkQgItw+93Q 3WUt7ggAgtXKlL/AdI86uOdbGYo8CDEVKCp91uZPx1biyL7TgecvAfVcKQ8o4CQx me1fsw7BzttGdxEOCbl+i80W/NC2oGu2ZKWJ0cRyXXdAfnW6xqXzJuhycrtkWUlF /N9iD7n8TveHwApksLpjZVyqsqj9efDlGRxgWjxtkqQXFphN45nVulDnVxBxw1GK UQttxaCM2YCG329NLYB0cjGHyPmm3FCVNcAO/8Ap82jE34GZO8IxCQZQtBweAmG/ jbDhx0oCPW/+AK+cVhlEJLDuaKHFVv4vMf8b8Xr3aanlAhLMcFEzJxoEey/bBLtK Rs9qeehNRVKicR2Kf34Gl7JSHrBe6g== =0Bmg -----END PGP SIGNATURE----- --===-=-=-- From nobody Tue Jul 9 11:52:41 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51026120AD3; Tue, 9 Jul 2019 11:52:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsecRfnD0lbs; Tue, 9 Jul 2019 11:52:30 -0700 (PDT) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88DDC120AB5; Tue, 9 Jul 2019 11:52:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3398; q=dns/txt; s=iport; t=1562698349; x=1563907949; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=hFEByi7QRzay1zhP9A6ajkGn5me3qf5ObSZJajw7kN8=; b=MC04zu7Yz3+lZjS0HTKR/Fr8YI6n4AySEgh31t/vUYFDBKz4eEUw9NVA PMb034SFfbUgGs9ouTfAg1JupcxxpWyugEock3r5D58gFjAZgcfPxVjCy Kk3XF77WtpNPfNBtuXSbzx29VD5iRj89cTZF9yUgRNZaj7Je6Vr+FIOyZ k=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAAD64SRd/xbLJq1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUwQBAQEBAQsBghZqUjIohByIHF+LTyWYdIF7AgcBAQE?= =?us-ascii?q?JAwEBIwwBAYFLgnUCgmY0CQ4BAwEBBAEBAgEFbYU8DIVKAQEBAQIBI1YFCws?= =?us-ascii?q?SBioCAkkOBhODIgGBew8PrFWBMoRGQUCEXgoGgTQBgVCKJYF/gREnDBOCTD6?= =?us-ascii?q?CYQIDAYRnMoImBIxKiByVbAmCGYIfgQyDK4FCi20UB4IslVSUcYxzgwoCBAY?= =?us-ascii?q?FAhWBUDiBWDMaCBsVZQGCQT6LCIVBPQMwj1gBAQ?= X-IronPort-AV: E=Sophos;i="5.63,471,1557187200"; d="asc'?scan'208";a="14123268" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Jul 2019 18:52:27 +0000 Received: from dhcp-10-61-102-2.cisco.com (dhcp-10-61-102-2.cisco.com [10.61.102.2]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x69IqPBV027822 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 Jul 2019 18:52:26 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_83F63F30-421B-40DD-B387-6592867E8E25"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 9 Jul 2019 20:52:25 +0200 In-Reply-To: <27334.1562697538@localhost> Cc: "opsawg@ietf.org" , "mud@ietf.org" , capport@ietf.org To: Michael Richardson References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.102.2, dhcp-10-61-102-2.cisco.com X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:52:33 -0000 --Apple-Mail=_83F63F30-421B-40DD-B387-6592867E8E25 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 It=E2=80=99s the following part that I=E2=80=99m thinking about: > On 9 Jul 2019, at 20:38, Michael Richardson = wrote: >=20 > Such a system would, according to > https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ > receive a message when it initiates connections which are not allowed. > (While the capport WG contemplated an ICMP unreachable message with a > URI in it at one point, that is not the current design) >=20 > Actually, I have no idea from reviewing the documentation what the > appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? >=20 > Once the IoT device gets such a message, it can use the API > described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ > to retrieve a JSON object telling it that it is captive. At which = point, it > can flash a LED, or attempt a firmware upgrade, or maybe just reboot = if a > timer goes off. (%) >=20 You are suggesting that a device self-remediate. Some devices may be = able to eventually do that, but I have my doubts. Were I a hacker, I = would have the device pretend to do just that. And so this ties = somewhat to RATS. I think a MUD extension might be able to help in as = much as one could imagine a =E2=80=9Cremediation=E2=80=9D = recommendation. Eliot > This requires that the IoT device get the captive portal API end = point, which > https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can = deliver > via DHCPv4/v6 or RA. >=20 >=20 >>> On 9 Jul 2019, at 16:41, Michael Richardson >>> wrote: >>>=20 >>> Signed PGP part >>>=20 >>> Between editing drafts yesterday, I got to thinking about CAPPORT. = I >>> have been working on what to do when an IoT device violates it's MUD >>> profile. There are a bunch of issues around this. >>>=20 >>> Yesterday, it occured to me that when such a device is quarantined = (I >>> really think it should be "quaranteed", but that's not a word) that >>> the capport controls and APIs should be available to the device to >>> learn what went on. >>>=20 >>> This is not new, I think that this as been the approach of most >>> enterprise NEA systems upon encountering "infection". This has, I >>> assume, involved forced HTTP proxies to inform human. But, if we = have >>> APIs, we can inform device as well. >>>=20 >>> Is this on anyone's radar? >>>=20 >>> -- >>> Michael Richardson , Sandelman Software Works >>> -=3D IPv6 IoT consulting =3D- >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >=20 >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 --Apple-Mail=_83F63F30-421B-40DD-B387-6592867E8E25 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSTiaQAKCRBugA9nE248 uMHIAKDUcRacYBgbWRZhQ5d0clIC/SXP6ACg5cAWlKZqPtw273AD/Mp4sMmk5Qg= =CmVm -----END PGP SIGNATURE----- --Apple-Mail=_83F63F30-421B-40DD-B387-6592867E8E25-- From nobody Tue Jul 9 13:13:48 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5642D12007A; Tue, 9 Jul 2019 13:13:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q300ZOUDJTka; Tue, 9 Jul 2019 13:13:45 -0700 (PDT) Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B7B12006D; Tue, 9 Jul 2019 13:13:45 -0700 (PDT) Received: by mail-io1-xd32.google.com with SMTP id k20so45886112ios.10; Tue, 09 Jul 2019 13:13:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5M+w7LovCm6hcYDPkf71k+gOyQv0IdqrizW2vYtzcs8=; b=rzu+PnzEoBS/qd7p7p17jnL0zDmqJNLHV7Ww9y81fICacncrVByzVtTHFwvVVt5dd9 2lm9H4qS+vgca4rcm5jAp8+hMT/vgMCW6ZnrE/CAGkbN9nV8fNb4o7XrJr7GpDGC0PkO vwF7sWlS3XKOkyxnzAjLiw/wN83eeQxyk1Ng4nyv2i2gLIqWK+2R2PlqDa1cfMAQhP5T R/TDVISs0e5lDLyqRL/tbwOC2KDrU2WK1mFaZ400q0+UK2/mB6IVc9uYaiTrYrzebmMv jrsO1Nxw9t0FHWocz5hFzPtttTApOMJfeR8fEzwbPDHYFgMBByot7tib9VnHIIK8ohV+ 94iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5M+w7LovCm6hcYDPkf71k+gOyQv0IdqrizW2vYtzcs8=; b=QInsQPBKjtZS5Z489+rYjZBvlekn+Jrbq2GA2h8mTtdYFz33pUwcVlKqQh5mnwhCmL 9cDRHi3/k1E8n4Fzur8lTZanczNMwkmzb/8mMmGnDOOpSPd4di/S8U6LlhHhEjfArIbM osq0AvMJZZy4md4ZKlgBV2rMG6KrLZJlfgdjJxhFU/NHpwmDfHA0dZopYEAlne6vH5tC 4VLhVoDo5Lgzot43tPMkMTwBK6tfvykD0CqDnx00TRXhU5kw85PTD8QZxt0nZfU4O1Oz aCLR7eEDeU/RUjDTBP34qW2nQArCafivWeDJ3XUEaCLg3tzDIxQ52eNaZfmt+7JiwxG3 enrw== X-Gm-Message-State: APjAAAVA+791ZgmDSCC1o3aKUYaDD8VKCjMziE0jK3LdfnYJSUM+GNzc Rd7xhGiQVJQrJ594+bW6fT83p6US0g8YgkRij08= X-Google-Smtp-Source: APXvYqzat/lg3Zzyt7gIDMSmoEKE6sBzWPqNNmKVtlLkbPn0H75lTQfVDetSQCiZ8uMRL+RsCD6TomjyuyqpMg13DLQ= X-Received: by 2002:a02:340d:: with SMTP id x13mr30066336jae.125.1562703222955; Tue, 09 Jul 2019 13:13:42 -0700 (PDT) MIME-Version: 1.0 References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> In-Reply-To: <27334.1562697538@localhost> From: "M. Ranganathan" Date: Tue, 9 Jul 2019 16:13:06 -0400 Message-ID: To: Michael Richardson Cc: Eliot Lear , "opsawg@ietf.org" , "mud@ietf.org" , capport@ietf.org Content-Type: multipart/alternative; boundary="0000000000007f53ed058d4532ca" Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 20:13:47 -0000 --0000000000007f53ed058d4532ca Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The current draft https://datatracker.ietf.org/doc/draft-ietf-capport-api/ Assumes that the "quarantined device" can access a subset of the ACE's allowed to the "unquarantined" device. However, I can think of a scenario where this does not have to be the case. I'd propose to generalize this. i.e. There are two sets of ACL's - one for normal operation and one for quarantined access. (i.e. quarantine access is not necessarily a subset of regular access). Use case: Under normal circumstances, the device does not need SSH access (port 22 is not open). However, if the device is misbehaving some external agent (or human maybe) logs in and investigates the issue. The fix could involve copying new firmware. Does this make sense? Another thing that is missing currently is how to "clear" the quarantine state at the enforcement point. This would need an API defintion of we want to make that portable. Regards, Ranga On Tue, Jul 9, 2019 at 2:39 PM Michael Richardson wrote: > > Eliot Lear wrote: > > I=E2=80=99m not quite certain how it would work. Can you show a fl= ow that > will > > work for an IoT device (e.g., headless and no display)? > > Device gets quarantined, and the MUD-controller moves it into an isolated > "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-address > VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. > > {We have no way to force the mishaving device into tagging it's packets, > nor > can we force it onto some other ESSID. We can't do a "port-based" VLAN, > because wifi has no ports, and we don't really know how many unmanaged > switches might be on the port anyway. > One might map this onto a IEEE 802.1Q VLAN across a backbone} > > Instead of just dropping all traffic for a device in this category, > all traffic (other than excepted traffic if you implement > > https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-acc= ess/ > ) > would go into a captive portal system. > > Such a system would, according to > https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ > receive a message when it initiates connections which are not allowed. > (While the capport WG contemplated an ICMP unreachable message with a > URI in it at one point, that is not the current design) > > Actually, I have no idea from reviewing the documentation what the > appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? > > Once the IoT device gets such a message, it can use the API > described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ > to retrieve a JSON object telling it that it is captive. At which point, = it > can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a > timer goes off. (%) > > This requires that the IoT device get the captive portal API end point, > which > https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can > deliver > via DHCPv4/v6 or RA. > > > >> On 9 Jul 2019, at 16:41, Michael Richardson > >> wrote: > >> > >> Signed PGP part > >> > >> Between editing drafts yesterday, I got to thinking about CAPPORT. > I > >> have been working on what to do when an IoT device violates it's M= UD > >> profile. There are a bunch of issues around this. > >> > >> Yesterday, it occured to me that when such a device is quarantined > (I > >> really think it should be "quaranteed", but that's not a word) tha= t > >> the capport controls and APIs should be available to the device to > >> learn what went on. > >> > >> This is not new, I think that this as been the approach of most > >> enterprise NEA systems upon encountering "infection". This has, I > >> assume, involved forced HTTP proxies to inform human. But, if we > have > >> APIs, we can inform device as well. > >> > >> Is this on anyone's radar? > >> > >> -- > >> Michael Richardson , Sandelman Software > Works > >> -=3D IPv6 IoT consulting =3D- > >> > >> > >> > >> > >> > > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > --=20 M. Ranganathan --0000000000007f53ed058d4532ca Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Assumes that the "quar= antined device" can access a subset of the ACE's allowed to the &q= uot;unquarantined" device.
However, I can think of a scenari= o where this does not have to be the case. I'd propose to generalize th= is.

i.e. There are two sets of ACL's - one for= normal operation and one for quarantined access. (i.e. quarantine access i= s not necessarily a subset of regular access).

Use case:

Under normal circumstances, the device = does not need SSH access (port 22 is not open). However, if the device is m= isbehaving some external agent (or human maybe) logs in and investigates th= e issue.=C2=A0 The fix could involve copying new firmware.

Does this=C2=A0make sense?

Another thing = that is missing currently is how to "clear" the quarantine state = at the enforcement point. This would need an API defintion of we want to ma= ke that portable.

Regards,

Ranga


On Tue, Jul 9, 2019 at 2:39 PM Michael Richar= dson <mcr+i= etf@sandelman.ca> wrote:

Eliot Lear <lear@cis= co.com> wrote:
=C2=A0 =C2=A0 > I=E2=80=99m not quite certain how it would work.=C2=A0 C= an you show a flow that will
=C2=A0 =C2=A0 > work for an IoT device (e.g., headless and no display)?<= br>
Device gets quarantined, and the MUD-controller moves it into an isolated "VLAN".=C2=A0 I put air/scare quotes around VLAN, because it'= s a "MAC-address
VLAN", not an 802.1Q thing.=C2=A0 It's really just a layer-2 ACL.<= br>
{We have no way to force the mishaving device into tagging it's packets= , nor
can we force it onto some other ESSID. We can't do a "port-based&q= uot; VLAN,
because wifi has no ports, and we don't really know how many unmanaged<= br> switches might be on the port anyway.
One might map this onto a IEEE 802.1Q VLAN across a backbone}

Instead of just dropping all traffic for a device in this category,
all traffic (other than excepted traffic if you implement
https://datatracker.iet= f.org/doc/draft-richardson-shg-mud-quarantined-access/)
would go into a captive portal system.

Such a system would, according to
https://datatracker.ietf.org/doc/dr= aft-ietf-capport-architecture/
receive a message when it initiates connections which are not allowed.
(While the capport WG contemplated an ICMP unreachable message with a
URI in it at one point, that is not the current design)

Actually, I have no idea from reviewing the documentation what the
appropriate "you might be captive" ICMP is now.. THERE IS ONE RIG= HT?

Once the IoT device gets such a message, it can use the API
described at: https://datatracker.ietf.org/d= oc/draft-ietf-capport-api/
to retrieve a JSON object telling it that it is captive. At which point, it=
can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a timer goes off.=C2=A0 (%)

This requires that the IoT device get the captive portal API end point, whi= ch
https://datatracker.ietf.org/doc/draf= t-ietf-capport-rfc7710bis/ can deliver
via DHCPv4/v6 or RA.


=C2=A0 =C2=A0 >> On 9 Jul 2019, at 16:41, Michael Richardson <mcr+ietf@sandelman= .ca>
=C2=A0 =C2=A0 >> wrote:
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Signed PGP part
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Between editing drafts yesterday, I got to thinking = about CAPPORT.=C2=A0 I
=C2=A0 =C2=A0 >> have been working on what to do when an IoT device v= iolates it's MUD
=C2=A0 =C2=A0 >> profile.=C2=A0 There are a bunch of issues around th= is.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Yesterday, it occured to me that when such a device = is quarantined (I
=C2=A0 =C2=A0 >> really think it should be "quaranteed", bu= t that's not a word) that
=C2=A0 =C2=A0 >> the capport controls and APIs should be available to= the device to
=C2=A0 =C2=A0 >> learn what went on.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> This is not new, I think that this as been the appro= ach of most
=C2=A0 =C2=A0 >> enterprise NEA systems upon encountering "infec= tion".=C2=A0 This has, I
=C2=A0 =C2=A0 >> assume, involved forced HTTP proxies to inform human= .=C2=A0 But, if we have
=C2=A0 =C2=A0 >> APIs, we can inform device as well.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Is this on anyone's radar?
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> --
=C2=A0 =C2=A0 >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman So= ftware Works
=C2=A0 =C2=A0 >> -=3D IPv6 IoT consulting =3D-
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-



--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud


--
M. = Ranganathan

<= /div>
--0000000000007f53ed058d4532ca-- From nobody Tue Jul 9 13:17:27 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821E912007A; Tue, 9 Jul 2019 13:17:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 097UFWMFz6mP; Tue, 9 Jul 2019 13:17:16 -0700 (PDT) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3016812006D; Tue, 9 Jul 2019 13:17:16 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id m24so36486571ioo.2; Tue, 09 Jul 2019 13:17:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ndbP5W7bl6Bhdiads/fWhSSSVWrzXxM5wWavxX1razI=; b=lteGNO0psZktOloQM6WpfaXa8Edgy/nx4jSTTYlFHcNoblASM+vVk7s4HvtDdj1zIO h+5ujcqKZjWADiajAco65nCKRIxfAxlZZzJr4yAdtrzirJd4T0r/KcTk5o+mUn549njN pZ9wWz5hfqT44U7zEmYkb9AAZIVyQZHvUKaC2ExRUfgJYCPDnDXXyk/p3cJ4yKUzAX7w QjjT3Q+odwobfgkaNpHw3xUhdUv5jscY7BkL1rBSujkzvX6tPcKiJkleloTj3cWhNzSc 71VS9wQq6/ccxUTEdo0VblROhMlZslj7V4dshqFskQg0Eg+Rd27G2GIzSq9mUkzlk/kb zx0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ndbP5W7bl6Bhdiads/fWhSSSVWrzXxM5wWavxX1razI=; b=mWGBkPcnhOCzmXr9Oz9QvmNmNvcAM1HdMz2h4JnlyAyfbwW0N642Q22sCGsnmSxL9g oIfLBORjE3UWiiIU3jgAVOEbcMYcjQw1J+I57keZY1tZI508XrHwE5kpIpDcWJO6q0I9 RSUZg48CfXpB2BS3CmYK3jODsZbqWrbHpnFH5B1T6Q0tEM0A6Vw1Ovo/y02l/MQptAFj Q7vAc+jRVxat9lgYEfkVVDHDIJ2IlSRRGErpx5C4xSKSkGdD3kYDVcseKjXW1iru9zFZ sPDQt42KAKYUk8JTiqRmH8h6ste+ARR4i7Y318B8sjB98GW2drTm5IGDHRluKToF7NBi CmYg== X-Gm-Message-State: APjAAAXYDaVQnErBbP9YTv3bFvaAe2BHTeUYjKtx3KyUzryhrR5D8XD6 T51AKelsZ7QpxaJwgOnin+4u67ZaoxS8Gq9zCwtG7oHWXME= X-Google-Smtp-Source: APXvYqxWts1wA9VPzp8smFra9D0UOK+z1L0l7TNwP/O+dRzFwJAcE2j9KsSLwF/A58oavk/MqtqWgUVgxyoA9V+K9U0= X-Received: by 2002:a5d:9448:: with SMTP id x8mr28851064ior.102.1562703435320; Tue, 09 Jul 2019 13:17:15 -0700 (PDT) MIME-Version: 1.0 References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> In-Reply-To: From: "M. Ranganathan" Date: Tue, 9 Jul 2019 16:16:39 -0400 Message-ID: To: Michael Richardson Cc: Eliot Lear , "opsawg@ietf.org" , "mud@ietf.org" Content-Type: multipart/alternative; boundary="00000000000026dcba058d453f0e" Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 20:17:19 -0000 --00000000000026dcba058d453f0e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jul 9, 2019 at 4:13 PM M. Ranganathan wrote: > The current draft https://datatracker.ietf.org/doc/draft-ietf-capport-api= / > Wrong reference, I meant https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-acces= s/ (sorry for extra email load). Assumes that the "quarantined device" can access a subset of the ACE's > allowed to the "unquarantined" device. > However, I can think of a scenario where this does not have to be the > case. I'd propose to generalize this. > > i.e. There are two sets of ACL's - one for normal operation and one for > quarantined access. (i.e. quarantine access is not necessarily a subset o= f > regular access). > > Use case: > > Under normal circumstances, the device does not need SSH access (port 22 > is not open). However, if the device is misbehaving some external agent (= or > human maybe) logs in and investigates the issue. The fix could involve > copying new firmware. > > Does this make sense? > > Another thing that is missing currently is how to "clear" the quarantine > state at the enforcement point. This would need an API defintion of we wa= nt > to make that portable. > > Regards, > > Ranga > > > On Tue, Jul 9, 2019 at 2:39 PM Michael Richardson > wrote: > >> >> Eliot Lear wrote: >> > I=E2=80=99m not quite certain how it would work. Can you show a f= low that >> will >> > work for an IoT device (e.g., headless and no display)? >> >> Device gets quarantined, and the MUD-controller moves it into an isolate= d >> "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-address >> VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. >> >> {We have no way to force the mishaving device into tagging it's packets, >> nor >> can we force it onto some other ESSID. We can't do a "port-based" VLAN, >> because wifi has no ports, and we don't really know how many unmanaged >> switches might be on the port anyway. >> One might map this onto a IEEE 802.1Q VLAN across a backbone} >> >> Instead of just dropping all traffic for a device in this category, >> all traffic (other than excepted traffic if you implement >> >> https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-ac= cess/ >> ) >> would go into a captive portal system. >> >> Such a system would, according to >> https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ >> receive a message when it initiates connections which are not allowed. >> (While the capport WG contemplated an ICMP unreachable message with a >> URI in it at one point, that is not the current design) >> >> Actually, I have no idea from reviewing the documentation what the >> appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? >> >> Once the IoT device gets such a message, it can use the API >> described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ >> to retrieve a JSON object telling it that it is captive. At which point, >> it >> can flash a LED, or attempt a firmware upgrade, or maybe just reboot if = a >> timer goes off. (%) >> >> This requires that the IoT device get the captive portal API end point, >> which >> https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can >> deliver >> via DHCPv4/v6 or RA. >> >> >> >> On 9 Jul 2019, at 16:41, Michael Richardson > > >> >> wrote: >> >> >> >> Signed PGP part >> >> >> >> Between editing drafts yesterday, I got to thinking about >> CAPPORT. I >> >> have been working on what to do when an IoT device violates it's >> MUD >> >> profile. There are a bunch of issues around this. >> >> >> >> Yesterday, it occured to me that when such a device is quarantine= d >> (I >> >> really think it should be "quaranteed", but that's not a word) th= at >> >> the capport controls and APIs should be available to the device t= o >> >> learn what went on. >> >> >> >> This is not new, I think that this as been the approach of most >> >> enterprise NEA systems upon encountering "infection". This has, = I >> >> assume, involved forced HTTP proxies to inform human. But, if we >> have >> >> APIs, we can inform device as well. >> >> >> >> Is this on anyone's radar? >> >> >> >> -- >> >> Michael Richardson , Sandelman Software >> Works >> >> -=3D IPv6 IoT consulting =3D- >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >> >> >> >> -- >> Mud mailing list >> Mud@ietf.org >> https://www.ietf.org/mailman/listinfo/mud >> > > > -- > M. Ranganathan > > --=20 M. Ranganathan --00000000000026dcba058d453f0e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Jul 9, 2019 at 4:13 PM M. Ranganathan <mranga@gmail.com> wro= te:


<= /div>
Wrong reference, I meant


=

(sorry for extra email = load).

Assumes that the "quarantined device"= ; can access a subset of the ACE's allowed to the "unquarantined&q= uot; device.
However, I can think of a scenario where this does n= ot have to be the case. I'd propose to generalize this.

<= /div>
i.e. There are two sets of ACL's - one for normal operation a= nd one for quarantined access. (i.e. quarantine access is not necessarily a= subset of regular access).

Use case:

Under normal circumstances, the device does not need SSH a= ccess (port 22 is not open). However, if the device is misbehaving some ext= ernal agent (or human maybe) logs in and investigates the issue.=C2=A0 The = fix could involve copying new firmware.

Does this= =C2=A0make sense?

Another thing that is missing cu= rrently is how to "clear" the quarantine state at the enforcement= point. This would need an API defintion of we want to make that portable.<= br>

Regards,

Ranga


On Tue, Jul 9, 2019 at 2:39 PM Michael Richardson <mcr+ietf@sandelman.ca= > wrote:
=
Eliot Lear <lear@cis= co.com> wrote:
=C2=A0 =C2=A0 > I=E2=80=99m not quite certain how it would work.=C2=A0 C= an you show a flow that will
=C2=A0 =C2=A0 > work for an IoT device (e.g., headless and no display)?<= br>
Device gets quarantined, and the MUD-controller moves it into an isolated "VLAN".=C2=A0 I put air/scare quotes around VLAN, because it'= s a "MAC-address
VLAN", not an 802.1Q thing.=C2=A0 It's really just a layer-2 ACL.<= br>
{We have no way to force the mishaving device into tagging it's packets= , nor
can we force it onto some other ESSID. We can't do a "port-based&q= uot; VLAN,
because wifi has no ports, and we don't really know how many unmanaged<= br> switches might be on the port anyway.
One might map this onto a IEEE 802.1Q VLAN across a backbone}

Instead of just dropping all traffic for a device in this category,
all traffic (other than excepted traffic if you implement
https://datatracker.iet= f.org/doc/draft-richardson-shg-mud-quarantined-access/)
would go into a captive portal system.

Such a system would, according to
https://datatracker.ietf.org/doc/dr= aft-ietf-capport-architecture/
receive a message when it initiates connections which are not allowed.
(While the capport WG contemplated an ICMP unreachable message with a
URI in it at one point, that is not the current design)

Actually, I have no idea from reviewing the documentation what the
appropriate "you might be captive" ICMP is now.. THERE IS ONE RIG= HT?

Once the IoT device gets such a message, it can use the API
described at: https://datatracker.ietf.org/d= oc/draft-ietf-capport-api/
to retrieve a JSON object telling it that it is captive. At which point, it=
can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a timer goes off.=C2=A0 (%)

This requires that the IoT device get the captive portal API end point, whi= ch
https://datatracker.ietf.org/doc/draf= t-ietf-capport-rfc7710bis/ can deliver
via DHCPv4/v6 or RA.


=C2=A0 =C2=A0 >> On 9 Jul 2019, at 16:41, Michael Richardson <mcr+ietf@sandelman= .ca>
=C2=A0 =C2=A0 >> wrote:
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Signed PGP part
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Between editing drafts yesterday, I got to thinking = about CAPPORT.=C2=A0 I
=C2=A0 =C2=A0 >> have been working on what to do when an IoT device v= iolates it's MUD
=C2=A0 =C2=A0 >> profile.=C2=A0 There are a bunch of issues around th= is.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Yesterday, it occured to me that when such a device = is quarantined (I
=C2=A0 =C2=A0 >> really think it should be "quaranteed", bu= t that's not a word) that
=C2=A0 =C2=A0 >> the capport controls and APIs should be available to= the device to
=C2=A0 =C2=A0 >> learn what went on.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> This is not new, I think that this as been the appro= ach of most
=C2=A0 =C2=A0 >> enterprise NEA systems upon encountering "infec= tion".=C2=A0 This has, I
=C2=A0 =C2=A0 >> assume, involved forced HTTP proxies to inform human= .=C2=A0 But, if we have
=C2=A0 =C2=A0 >> APIs, we can inform device as well.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Is this on anyone's radar?
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> --
=C2=A0 =C2=A0 >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman So= ftware Works
=C2=A0 =C2=A0 >> -=3D IPv6 IoT consulting =3D-
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-



--
Mud mailing list
Mud@ietf.org
https://www.ietf.org/mailman/listinfo/mud


--
M. Ranganathan

=


--
M.= Ranganathan

=
--00000000000026dcba058d453f0e-- From nobody Tue Jul 9 13:33:43 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B151A120025; Tue, 9 Jul 2019 13:33:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMSAoLOgvq8Z; Tue, 9 Jul 2019 13:33:29 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840112.outbound.protection.outlook.com [40.107.84.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41F47120024; Tue, 9 Jul 2019 13:33:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4ig92cIQ/7U5BpDIU02odRbICnBMLI2eLH2213MB8s0=; b=KNARROfZa78xmisbY0tCBwhKcspkfjJVs3n3saqcEX3sPPyb5AcIG6fhWpqsOfZeLWLnyX+g+a+9S0K/nHRcxr9eDJtNtfSFTdDxnu3WC3LLT+9RhgTJwd2Bz0qvql+Iz37EAK8balpXRxoom0W3BfQaPhHarAIB+t0lP28EJ+Y= Received: from BN7PR09MB2596.namprd09.prod.outlook.com (52.135.255.12) by BN7PR09MB2849.namprd09.prod.outlook.com (52.135.243.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.20; Tue, 9 Jul 2019 20:33:26 +0000 Received: from BN7PR09MB2596.namprd09.prod.outlook.com ([fe80::a073:b2d8:358d:ab15]) by BN7PR09MB2596.namprd09.prod.outlook.com ([fe80::a073:b2d8:358d:ab15%7]) with mapi id 15.20.2008.014; Tue, 9 Jul 2019 20:33:26 +0000 From: "Montgomery, Douglas (Fed)" To: "M. Ranganathan" , Michael Richardson CC: "opsawg@ietf.org" , "mud@ietf.org" , Eliot Lear , "capport@ietf.org" Thread-Topic: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal Thread-Index: AQHVNmYv+E60kSQqYEK6zQx8mYoeGKbCnlYAgAAaTQD//8KfgA== Date: Tue, 9 Jul 2019 20:33:26 +0000 Message-ID: <420BE1C3-BA84-4306-BD72-B7CE9905B659@nist.gov> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1c.0.190703 authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-originating-ip: [2610:20:6222:140:9d21:29d9:8e52:24c8] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5c6de76b-c50e-4cf6-f239-08d704acb246 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BN7PR09MB2849; x-ms-traffictypediagnostic: BN7PR09MB2849: x-ms-exchange-purlcount: 7 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 0093C80C01 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(136003)(39860400002)(366004)(376002)(396003)(189003)(199004)(51444003)(6246003)(186003)(81156014)(6436002)(6306002)(54896002)(236005)(86362001)(6486002)(6512007)(4326008)(53936002)(6506007)(53546011)(2906002)(81166006)(102836004)(68736007)(76176011)(446003)(11346002)(2616005)(476003)(486006)(316002)(229853002)(110136005)(8936002)(54906003)(99286004)(58126008)(25786009)(76116006)(7736002)(256004)(14444005)(606006)(14454004)(5660300002)(478600001)(36756003)(33656002)(6116002)(64756008)(8676002)(66556008)(66476007)(46003)(66446008)(66946007)(966005)(71190400001)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR09MB2849; H:BN7PR09MB2596.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: XLBIa/IFxfcAg2N4awS8kQRjXAoVFwZd8GuccDHUj7bIvrfh5vscf8fib5KKY0jHb9v8Sq5hrRapX3nfUlIbzeem14Vi5r+zKs7DZ8TvGawNXVv6bXSbN6BlcuEne8Y+q2HP4416BBrxIZF/y5dIuFz8h1Yvl+AhRABaNqU1VHWucKJHpOhwL2/N5DdKKVmxUVA1/v71bcwAFw3OusAziS6FtnZqdGVauZA5sR0p+qjZeVVahWA5WgSWWUkZh4yLhU3HExNUMERj1jmYFmM1QSwv1sk5Z/KvTGREd+/pD5wUD0PwRu9gw3qnXRS+1SyyMdE9oBgJwG/TJUjuoiUDoBvsOIbW8fDn7hL/DWXmwC7Hfit6anELYlLYIAeMmdxTAnqncSqeqJ9vbOce6rMS9dawCoar9dR7QHbnRaZ8FI4= Content-Type: multipart/alternative; boundary="_000_420BE1C3BA844306BD72B7CE9905B659nistgov_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 5c6de76b-c50e-4cf6-f239-08d704acb246 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 20:33:26.6035 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dougm@nist.gov X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR09MB2849 Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 20:33:34 -0000 --_000_420BE1C3BA844306BD72B7CE9905B659nistgov_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TW9zdCBvZiB0aGUgZGV2aWNlcyBJIHRoaW5rIG9mIGFzIGFjdHVhbCBJb1QgZGV2aWNlcyBoYXZl IG5vIGRpcmVjdCBVSS9zaGVsbC4gIFlvdXIgb25seSBpbnRlcmFjdGlvbiB3aXRoIHRoZW0gYWZ0 ZXIgaW5pdGlhbCDigJxpbnN0YWxsL2NvbmZpZ3VyZeKAnSBpcyB0aHJvdWdoIHRoZWlyIGNsb3Vk IHdlYiBzZXJ2aWNlIGludGVyZmFjZS4gIEhhdmluZyBzYWlkIHRoYXQgSSB0aGluayB5b3VyIG1v ZGVsIGlzIGZpbmUuDQoNCkkgd291bGQgc3VnZ2VzdCBkZXRlY3RpbmcgZGV2aWNlIHJlYm9vdCB3 b3VsZCBiZSBvbmUgc2lnbmFsIHRvIGNsZWFyIHF1YXJhbnRpbmUgc3RhdGUuICBTaW5jZSBNVUQg 4oCcbWlzYmVoYXZpb3LigJ0gaXMgbW9zdGx5IGluc3RhbnRhbmVvdXNseSBkZXRlY3RhYmxlICgx IHBhY2tldCksIEkgYW0gbm90IHRoYXQgY29uY2VybmVkIHRoYXQgdGhlIGRldmljZSBtaWdodCBy ZWJvb3QgZm9yIG90aGVycyByZWFzb25zIGFuZCBzdGlsbCBiZSBpbmZlY3RlZC4NCg0KT25lIG1p Z2h0IGtlZXAgYSBjb3VudGVyIGFuZCBhIHRpbWUgc3RhbXAgb2YgcXVhcmFudGluZSBjbGVhcnMg YW5kIGlmIHlvdSBhIGRldmljZSBoYWQgTiBNVUQgdmlvbGF0aW9ucyBhZnRlciBxdWFyYW50aW5l IGNsZWFycyBpbiBYIHRpbWUsIGxvY2sgaXQgZG93biBpbiBxdWFyYW50aW5lIG9yIGNvbXBsZXRl bHkgdGFrZSBpdCBvZmYgbGluZS4NCg0KZG91Z20NCg0KLS0NCkRvdWdNIGF0IE5JU1QNCg0KDQpG cm9tOiAiSUVURi1NVUQgTElTVDoiIDxtdWQtYm91bmNlc0BpZXRmLm9yZz4gb24gYmVoYWxmIG9m IE11ZHVtYmFpIFJhbmdhbmF0aGFuIDxtcmFuZ2FAZ21haWwuY29tPg0KRGF0ZTogVHVlc2RheSwg SnVseSA5LCAyMDE5IGF0IDQ6MTMgUE0NClRvOiBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRm QHNhbmRlbG1hbi5jYT4NCkNjOiAib3BzYXdnQGlldGYub3JnIiA8b3BzYXdnQGlldGYub3JnPiwg Im11ZEBpZXRmLm9yZyIgPG11ZEBpZXRmLm9yZz4sIEVsaW90IExlYXIgPGxlYXJAY2lzY28uY29t PiwgImNhcHBvcnRAaWV0Zi5vcmciIDxjYXBwb3J0QGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtN dWRdIFtPUFNBV0ddIHB1dHRpbmcgcXVhcmFudGluZWQgSW9UIGRldmljZXMgYmVoaW5kIGEgY2Fw dGl2ZSBwb3J0YWwNCg0KVGhlIGN1cnJlbnQgZHJhZnQgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRm Lm9yZy9kb2MvZHJhZnQtaWV0Zi1jYXBwb3J0LWFwaS88aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRm Li5vcmcvZG9jL2RyYWZ0LWlldGYtY2FwcG9ydC1hcGkvPg0KQXNzdW1lcyB0aGF0IHRoZSAicXVh cmFudGluZWQgZGV2aWNlIiBjYW4gYWNjZXNzIGEgc3Vic2V0IG9mIHRoZSBBQ0UncyBhbGxvd2Vk IHRvIHRoZSAidW5xdWFyYW50aW5lZCIgZGV2aWNlLg0KSG93ZXZlciwgSSBjYW4gdGhpbmsgb2Yg YSBzY2VuYXJpbyB3aGVyZSB0aGlzIGRvZXMgbm90IGhhdmUgdG8gYmUgdGhlIGNhc2UuIEknZCBw cm9wb3NlIHRvIGdlbmVyYWxpemUgdGhpcy4NCg0KaS5lLiBUaGVyZSBhcmUgdHdvIHNldHMgb2Yg QUNMJ3MgLSBvbmUgZm9yIG5vcm1hbCBvcGVyYXRpb24gYW5kIG9uZSBmb3IgcXVhcmFudGluZWQg YWNjZXNzLiAoaS5lLiBxdWFyYW50aW5lIGFjY2VzcyBpcyBub3QgbmVjZXNzYXJpbHkgYSBzdWJz ZXQgb2YgcmVndWxhciBhY2Nlc3MpLg0KDQpVc2UgY2FzZToNCg0KVW5kZXIgbm9ybWFsIGNpcmN1 bXN0YW5jZXMsIHRoZSBkZXZpY2UgZG9lcyBub3QgbmVlZCBTU0ggYWNjZXNzIChwb3J0IDIyIGlz IG5vdCBvcGVuKS4gSG93ZXZlciwgaWYgdGhlIGRldmljZSBpcyBtaXNiZWhhdmluZyBzb21lIGV4 dGVybmFsIGFnZW50IChvciBodW1hbiBtYXliZSkgbG9ncyBpbiBhbmQgaW52ZXN0aWdhdGVzIHRo ZSBpc3N1ZS4gIFRoZSBmaXggY291bGQgaW52b2x2ZSBjb3B5aW5nIG5ldyBmaXJtd2FyZS4NCg0K RG9lcyB0aGlzIG1ha2Ugc2Vuc2U/DQoNCkFub3RoZXIgdGhpbmcgdGhhdCBpcyBtaXNzaW5nIGN1 cnJlbnRseSBpcyBob3cgdG8gImNsZWFyIiB0aGUgcXVhcmFudGluZSBzdGF0ZSBhdCB0aGUgZW5m b3JjZW1lbnQgcG9pbnQuIFRoaXMgd291bGQgbmVlZCBhbiBBUEkgZGVmaW50aW9uIG9mIHdlIHdh bnQgdG8gbWFrZSB0aGF0IHBvcnRhYmxlLg0KDQpSZWdhcmRzLA0KDQpSYW5nYQ0KDQoNCk9uIFR1 ZSwgSnVsIDksIDIwMTkgYXQgMjozOSBQTSBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRmQHNh bmRlbG1hbi5jYTxtYWlsdG86bWNyJTJCaWV0ZkBzYW5kZWxtYW4uY2E+PiB3cm90ZToNCg0KRWxp b3QgTGVhciA8bGVhckBjaXNjby5jb208bWFpbHRvOmxlYXJAY2lzY28uY29tPj4gd3JvdGU6DQog ICAgPiBJ4oCZbSBub3QgcXVpdGUgY2VydGFpbiBob3cgaXQgd291bGQgd29yay4gIENhbiB5b3Ug c2hvdyBhIGZsb3cgdGhhdCB3aWxsDQogICAgPiB3b3JrIGZvciBhbiBJb1QgZGV2aWNlIChlLmcu LCBoZWFkbGVzcyBhbmQgbm8gZGlzcGxheSk/DQoNCkRldmljZSBnZXRzIHF1YXJhbnRpbmVkLCBh bmQgdGhlIE1VRC1jb250cm9sbGVyIG1vdmVzIGl0IGludG8gYW4gaXNvbGF0ZWQNCiJWTEFOIi4g IEkgcHV0IGFpci9zY2FyZSBxdW90ZXMgYXJvdW5kIFZMQU4sIGJlY2F1c2UgaXQncyBhICJNQUMt YWRkcmVzcw0KVkxBTiIsIG5vdCBhbiA4MDIuMVEgdGhpbmcuICBJdCdzIHJlYWxseSBqdXN0IGEg bGF5ZXItMiBBQ0wuDQoNCntXZSBoYXZlIG5vIHdheSB0byBmb3JjZSB0aGUgbWlzaGF2aW5nIGRl dmljZSBpbnRvIHRhZ2dpbmcgaXQncyBwYWNrZXRzLCBub3INCmNhbiB3ZSBmb3JjZSBpdCBvbnRv IHNvbWUgb3RoZXIgRVNTSUQuIFdlIGNhbid0IGRvIGEgInBvcnQtYmFzZWQiIFZMQU4sDQpiZWNh dXNlIHdpZmkgaGFzIG5vIHBvcnRzLCBhbmQgd2UgZG9uJ3QgcmVhbGx5IGtub3cgaG93IG1hbnkg dW5tYW5hZ2VkDQpzd2l0Y2hlcyBtaWdodCBiZSBvbiB0aGUgcG9ydCBhbnl3YXkuDQpPbmUgbWln aHQgbWFwIHRoaXMgb250byBhIElFRUUgODAyLjFRIFZMQU4gYWNyb3NzIGEgYmFja2JvbmV9DQoN Ckluc3RlYWQgb2YganVzdCBkcm9wcGluZyBhbGwgdHJhZmZpYyBmb3IgYSBkZXZpY2UgaW4gdGhp cyBjYXRlZ29yeSwNCmFsbCB0cmFmZmljIChvdGhlciB0aGFuIGV4Y2VwdGVkIHRyYWZmaWMgaWYg eW91IGltcGxlbWVudA0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcmlj aGFyZHNvbi1zaGctbXVkLXF1YXJhbnRpbmVkLWFjY2Vzcy88aHR0cHM6Ly9nY2MwMS5zYWZlbGlu a3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIu aWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1yaWNoYXJkc29uLXNoZy1tdWQtcXVhcmFudGluZWQtYWNj ZXNzJTJGJmRhdGE9MDIlN0MwMSU3Q2RvdWdtJTQwbmlzdC5nb3YlN0NhMDhlYWJkMjk3ZTI0MmNi ZTdmYjA4ZDcwNGE5Zjc3MiU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3 QzAlN0M2MzY5ODMwMDAzNjM0MTk2NDkmc2RhdGE9dDVHUUtac3QlMkJDZXpvZk80YTd2R2Vra0lM YklrZiUyRlNXbUc1dmZjWDlBbzQlM0QmcmVzZXJ2ZWQ9MD4pDQp3b3VsZCBnbyBpbnRvIGEgY2Fw dGl2ZSBwb3J0YWwgc3lzdGVtLg0KDQpTdWNoIGEgc3lzdGVtIHdvdWxkLCBhY2NvcmRpbmcgdG8N Cmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2FwcG9ydC1hcmNo aXRlY3R1cmUvPGh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20v P3VybD1odHRwcyUzQSUyRiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtaWV0 Zi1jYXBwb3J0LWFyY2hpdGVjdHVyZSUyRiZkYXRhPTAyJTdDMDElN0Nkb3VnbSU0MG5pc3QuZ292 JTdDYTA4ZWFiZDI5N2UyNDJjYmU3ZmIwOGQ3MDRhOWY3NzIlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkz ZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2OTgzMDAwMzYzNDI5NjQ2JnNkYXRhPSUyRllzazdk YVNWNXF2JTJCJTJCNWdTN1lEeUglMkJobHdEWmhrZGJyWWlqOVJRbjhHQSUzRCZyZXNlcnZlZD0w Pg0KcmVjZWl2ZSBhIG1lc3NhZ2Ugd2hlbiBpdCBpbml0aWF0ZXMgY29ubmVjdGlvbnMgd2hpY2gg YXJlIG5vdCBhbGxvd2VkLg0KKFdoaWxlIHRoZSBjYXBwb3J0IFdHIGNvbnRlbXBsYXRlZCBhbiBJ Q01QIHVucmVhY2hhYmxlIG1lc3NhZ2Ugd2l0aCBhDQpVUkkgaW4gaXQgYXQgb25lIHBvaW50LCB0 aGF0IGlzIG5vdCB0aGUgY3VycmVudCBkZXNpZ24pDQoNCkFjdHVhbGx5LCBJIGhhdmUgbm8gaWRl YSBmcm9tIHJldmlld2luZyB0aGUgZG9jdW1lbnRhdGlvbiB3aGF0IHRoZQ0KYXBwcm9wcmlhdGUg InlvdSBtaWdodCBiZSBjYXB0aXZlIiBJQ01QIGlzIG5vdy4uIFRIRVJFIElTIE9ORSBSSUdIVD8N Cg0KT25jZSB0aGUgSW9UIGRldmljZSBnZXRzIHN1Y2ggYSBtZXNzYWdlLCBpdCBjYW4gdXNlIHRo ZSBBUEkNCmRlc2NyaWJlZCBhdDogaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJh ZnQtaWV0Zi1jYXBwb3J0LWFwaS88aHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5v dXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2Ml MkZkcmFmdC1pZXRmLWNhcHBvcnQtYXBpJTJGJmRhdGE9MDIlN0MwMSU3Q2RvdWdtJTQwbmlzdC5n b3YlN0NhMDhlYWJkMjk3ZTI0MmNiZTdmYjA4ZDcwNGE5Zjc3MiU3QzJhYjVkODJmZDhmYTQ3OTdh OTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY5ODMwMDAzNjM0Mjk2NDYmc2RhdGE9TmElMkZX V1Z5YkN1WVd4T1lJTGIlMkJPbEw5OXExYlpOejBxb3BiaFZXZ2dxSTQlM0QmcmVzZXJ2ZWQ9MD4N CnRvIHJldHJpZXZlIGEgSlNPTiBvYmplY3QgdGVsbGluZyBpdCB0aGF0IGl0IGlzIGNhcHRpdmUu IEF0IHdoaWNoIHBvaW50LCBpdA0KY2FuIGZsYXNoIGEgTEVELCBvciBhdHRlbXB0IGEgZmlybXdh cmUgdXBncmFkZSwgb3IgbWF5YmUganVzdCByZWJvb3QgaWYgYQ0KdGltZXIgZ29lcyBvZmYuICAo JSkNCg0KVGhpcyByZXF1aXJlcyB0aGF0IHRoZSBJb1QgZGV2aWNlIGdldCB0aGUgY2FwdGl2ZSBw b3J0YWwgQVBJIGVuZCBwb2ludCwgd2hpY2gNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcv ZG9jL2RyYWZ0LWlldGYtY2FwcG9ydC1yZmM3NzEwYmlzLzxodHRwczovL2djYzAxLnNhZmVsaW5r cy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZkYXRhdHJhY2tlci5p ZXRmLm9yZyUyRmRvYyUyRmRyYWZ0LWlldGYtY2FwcG9ydC1yZmM3NzEwYmlzJTJGJmRhdGE9MDIl N0MwMSU3Q2RvdWdtJTQwbmlzdC5nb3YlN0NhMDhlYWJkMjk3ZTI0MmNiZTdmYjA4ZDcwNGE5Zjc3 MiU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY5ODMwMDAz NjM0Mzk2MzEmc2RhdGE9TmFmdXY3R0pFd0Z1UWVBNUd4QnlXUFU4YUpHZDVEeHVudiUyRmJPeXFz RmpBJTNEJnJlc2VydmVkPTA+IGNhbiBkZWxpdmVyDQp2aWEgREhDUHY0L3Y2IG9yIFJBLg0KDQoN CiAgICA+PiBPbiA5IEp1bCAyMDE5LCBhdCAxNjo0MSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3Ir aWV0ZkBzYW5kZWxtYW4uLmNhPG1haWx0bzptY3IlMkJpZXRmQHNhbmRlbG1hbi5jYT4+DQogICAg Pj4gd3JvdGU6DQogICAgPj4NCiAgICA+PiBTaWduZWQgUEdQIHBhcnQNCiAgICA+Pg0KICAgID4+ IEJldHdlZW4gZWRpdGluZyBkcmFmdHMgeWVzdGVyZGF5LCBJIGdvdCB0byB0aGlua2luZyBhYm91 dCBDQVBQT1JULiAgSQ0KICAgID4+IGhhdmUgYmVlbiB3b3JraW5nIG9uIHdoYXQgdG8gZG8gd2hl biBhbiBJb1QgZGV2aWNlIHZpb2xhdGVzIGl0J3MgTVVEDQogICAgPj4gcHJvZmlsZS4gIFRoZXJl IGFyZSBhIGJ1bmNoIG9mIGlzc3VlcyBhcm91bmQgdGhpcy4NCiAgICA+Pg0KICAgID4+IFllc3Rl cmRheSwgaXQgb2NjdXJlZCB0byBtZSB0aGF0IHdoZW4gc3VjaCBhIGRldmljZSBpcyBxdWFyYW50 aW5lZCAoSQ0KICAgID4+IHJlYWxseSB0aGluayBpdCBzaG91bGQgYmUgInF1YXJhbnRlZWQiLCBi dXQgdGhhdCdzIG5vdCBhIHdvcmQpIHRoYXQNCiAgICA+PiB0aGUgY2FwcG9ydCBjb250cm9scyBh bmQgQVBJcyBzaG91bGQgYmUgYXZhaWxhYmxlIHRvIHRoZSBkZXZpY2UgdG8NCiAgICA+PiBsZWFy biB3aGF0IHdlbnQgb24uDQogICAgPj4NCiAgICA+PiBUaGlzIGlzIG5vdCBuZXcsIEkgdGhpbmsg dGhhdCB0aGlzIGFzIGJlZW4gdGhlIGFwcHJvYWNoIG9mIG1vc3QNCiAgICA+PiBlbnRlcnByaXNl IE5FQSBzeXN0ZW1zIHVwb24gZW5jb3VudGVyaW5nICJpbmZlY3Rpb24iLiAgVGhpcyBoYXMsIEkN CiAgICA+PiBhc3N1bWUsIGludm9sdmVkIGZvcmNlZCBIVFRQIHByb3hpZXMgdG8gaW5mb3JtIGh1 bWFuLi4gIEJ1dCwgaWYgd2UgaGF2ZQ0KICAgID4+IEFQSXMsIHdlIGNhbiBpbmZvcm0gZGV2aWNl IGFzIHdlbGwuDQogICAgPj4NCiAgICA+PiBJcyB0aGlzIG9uIGFueW9uZSdzIHJhZGFyPw0KICAg ID4+DQogICAgPj4gLS0NCiAgICA+PiBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitJRVRGQHNhbmRl bG1hbi5jYTxtYWlsdG86bWNyJTJCSUVURkBzYW5kZWxtYW4uY2E+PiwgU2FuZGVsbWFuIFNvZnR3 YXJlIFdvcmtzDQogICAgPj4gLT0gSVB2NiBJb1QgY29uc3VsdGluZyA9LQ0KICAgID4+DQogICAg Pj4NCiAgICA+Pg0KICAgID4+DQogICAgPj4NCg0KDQotLQ0KTWljaGFlbCBSaWNoYXJkc29uIDxt Y3IrSUVURkBzYW5kZWxtYW4uY2E8bWFpbHRvOm1jciUyQklFVEZAc2FuZGVsbWFuLmNhPj4sIFNh bmRlbG1hbiBTb2Z0d2FyZSBXb3Jrcw0KIC09IElQdjYgSW9UIGNvbnN1bHRpbmcgPS0NCg0KDQoN Ci0tDQpNdWQgbWFpbGluZyBsaXN0DQpNdWRAaWV0Zi5vcmc8bWFpbHRvOk11ZEBpZXRmLm9yZz4N Cmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vbXVkPGh0dHBzOi8vZ2NjMDEu c2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5p ZXRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRm11ZCZkYXRhPTAyJTdDMDElN0Nkb3VnbSU0 MG5pc3QuZ292JTdDYTA4ZWFiZDI5N2UyNDJjYmU3ZmIwOGQ3MDRhOWY3NzIlN0MyYWI1ZDgyZmQ4 ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2OTgzMDAwMzYzNDM5NjMxJnNkYXRh PWpmWDlETUhHOWNjZkVXOTJKQ1FXaFBPMUZBWEtGR2YybzRMMU0zbFRsSlklM0QmcmVzZXJ2ZWQ9 MD4NCg0KDQotLQ0KTS4gUmFuZ2FuYXRoYW4NCg== --_000_420BE1C3BA844306BD72B7CE9905B659nistgov_ Content-Type: text/html; charset="utf-8" Content-ID: <7D6D4509A861B146A36BB0E0B49D8976@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpDb3VyaWVyOw0KCXBhbm9zZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToy IDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsN CglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OiJUaW1lcyBOZXcgUm9tYW4gXChCb2R5IENTXCkiOw0KCXBhbm9zZS0xOjIgMiA2IDMgNSA0 IDUgMiAzIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29O b3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAx cHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBz cGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxp Lm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsN Cgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0 Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4 DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OkNvdXJpZXI7 DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpl eHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtz aXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2 LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPg0KPC9oZWFk Pg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBj bGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPk1vc3Qgb2YgdGhlIGRldmljZXMg SSB0aGluayBvZiBhcyBhY3R1YWwgSW9UIGRldmljZXMgaGF2ZSBubyBkaXJlY3QgVUkvc2hlbGwu Jm5ic3A7IFlvdXIgb25seSBpbnRlcmFjdGlvbiB3aXRoIHRoZW0gYWZ0ZXIgaW5pdGlhbCDigJxp bnN0YWxsL2NvbmZpZ3VyZeKAnSBpcyB0aHJvdWdoIHRoZWlyIGNsb3VkIHdlYiBzZXJ2aWNlIGlu dGVyZmFjZS4mbmJzcDsNCiBIYXZpbmcgc2FpZCB0aGF0IEkgdGhpbmsgeW91ciBtb2RlbCBpcyBm aW5lLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPkkgd291bGQgc3VnZ2VzdCBkZXRlY3Rpbmcg ZGV2aWNlIHJlYm9vdCB3b3VsZCBiZSBvbmUgc2lnbmFsIHRvIGNsZWFyIHF1YXJhbnRpbmUgc3Rh dGUuJm5ic3A7IFNpbmNlIE1VRCDigJxtaXNiZWhhdmlvcuKAnSBpcyBtb3N0bHkgaW5zdGFudGFu ZW91c2x5IGRldGVjdGFibGUgKDEgcGFja2V0KSwgSSBhbSBub3QgdGhhdCBjb25jZXJuZWQNCiB0 aGF0IHRoZSBkZXZpY2UgbWlnaHQgcmVib290IGZvciBvdGhlcnMgcmVhc29ucyBhbmQgc3RpbGwg YmUgaW5mZWN0ZWQuJm5ic3A7Jm5ic3A7IDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNv dXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPk9uZSBt aWdodCBrZWVwIGEgY291bnRlciBhbmQgYSB0aW1lIHN0YW1wIG9mIHF1YXJhbnRpbmUgY2xlYXJz IGFuZCBpZiB5b3UgYSBkZXZpY2UgaGFkIE4gTVVEIHZpb2xhdGlvbnMgYWZ0ZXIgcXVhcmFudGlu ZSBjbGVhcnMgaW4gWCB0aW1lLCBsb2NrIGl0IGRvd24gaW4gcXVhcmFudGluZSBvciBjb21wbGV0 ZWx5IHRha2UNCiBpdCBvZmYgbGluZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3Vy aWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5kb3VnbSA8 bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tLSZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RG91Z00gYXQgTklTVDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEy LjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZh bWlseTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAw aW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVp biI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206DQo8 L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj4mcXVv dDtJRVRGLU1VRCBMSVNUOiZxdW90OyAmbHQ7bXVkLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IG9uIGJl aGFsZiBvZiBNdWR1bWJhaSBSYW5nYW5hdGhhbiAmbHQ7bXJhbmdhQGdtYWlsLmNvbSZndDs8YnI+ DQo8Yj5EYXRlOiA8L2I+VHVlc2RheSwgSnVseSA5LCAyMDE5IGF0IDQ6MTMgUE08YnI+DQo8Yj5U bzogPC9iPk1pY2hhZWwgUmljaGFyZHNvbiAmbHQ7bWNyJiM0MztpZXRmQHNhbmRlbG1hbi5jYSZn dDs8YnI+DQo8Yj5DYzogPC9iPiZxdW90O29wc2F3Z0BpZXRmLm9yZyZxdW90OyAmbHQ7b3BzYXdn QGlldGYub3JnJmd0OywgJnF1b3Q7bXVkQGlldGYub3JnJnF1b3Q7ICZsdDttdWRAaWV0Zi5vcmcm Z3Q7LCBFbGlvdCBMZWFyICZsdDtsZWFyQGNpc2NvLmNvbSZndDssICZxdW90O2NhcHBvcnRAaWV0 Zi5vcmcmcXVvdDsgJmx0O2NhcHBvcnRAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9i PlJlOiBbTXVkXSBbT1BTQVdHXSBwdXR0aW5nIHF1YXJhbnRpbmVkIElvVCBkZXZpY2VzIGJlaGlu ZCBhIGNhcHRpdmUgcG9ydGFsPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDouNWluIj5UaGUgY3VycmVudCBkcmFmdCA8YSBocmVmPSJodHRwczov L2RhdGF0cmFja2VyLmlldGYuLm9yZy9kb2MvZHJhZnQtaWV0Zi1jYXBwb3J0LWFwaS8iIHRhcmdl dD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYt Y2FwcG9ydC1hcGkvPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPkFzc3VtZXMgdGhhdCB0aGUgJnF1 b3Q7cXVhcmFudGluZWQgZGV2aWNlJnF1b3Q7IGNhbiBhY2Nlc3MgYSBzdWJzZXQgb2YgdGhlIEFD RSdzIGFsbG93ZWQgdG8gdGhlICZxdW90O3VucXVhcmFudGluZWQmcXVvdDsgZGV2aWNlLjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1sZWZ0Oi41aW4iPkhvd2V2ZXIsIEkgY2FuIHRoaW5rIG9mIGEgc2NlbmFyaW8gd2hlcmUg dGhpcyBkb2VzIG5vdCBoYXZlIHRvIGJlIHRoZSBjYXNlLiBJJ2QgcHJvcG9zZSB0byBnZW5lcmFs aXplIHRoaXMuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+ aS5lLiBUaGVyZSBhcmUgdHdvIHNldHMgb2YgQUNMJ3MgLSBvbmUgZm9yIG5vcm1hbCBvcGVyYXRp b24gYW5kIG9uZSBmb3IgcXVhcmFudGluZWQgYWNjZXNzLiAoaS5lLiBxdWFyYW50aW5lIGFjY2Vz cyBpcyBub3QgbmVjZXNzYXJpbHkgYSBzdWJzZXQgb2YgcmVndWxhciBhY2Nlc3MpLjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPlVzZSBjYXNlOjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPlVuZGVyIG5vcm1hbCBjaXJj dW1zdGFuY2VzLCB0aGUgZGV2aWNlIGRvZXMgbm90IG5lZWQgU1NIIGFjY2VzcyAocG9ydCAyMiBp cyBub3Qgb3BlbikuIEhvd2V2ZXIsIGlmIHRoZSBkZXZpY2UgaXMgbWlzYmVoYXZpbmcgc29tZSBl eHRlcm5hbCBhZ2VudCAob3IgaHVtYW4gbWF5YmUpIGxvZ3MgaW4gYW5kIGludmVzdGlnYXRlcyB0 aGUgaXNzdWUuJm5ic3A7IFRoZSBmaXggY291bGQNCiBpbnZvbHZlIGNvcHlpbmcgbmV3IGZpcm13 YXJlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPkRvZXMg dGhpcyZuYnNwO21ha2Ugc2Vuc2U/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6LjVpbiI+QW5vdGhlciB0aGluZyB0aGF0IGlzIG1pc3NpbmcgY3VycmVudGx5IGlzIGhv dyB0byAmcXVvdDtjbGVhciZxdW90OyB0aGUgcXVhcmFudGluZSBzdGF0ZSBhdCB0aGUgZW5mb3Jj ZW1lbnQgcG9pbnQuIFRoaXMgd291bGQgbmVlZCBhbiBBUEkgZGVmaW50aW9uIG9mIHdlIHdhbnQg dG8gbWFrZSB0aGF0IHBvcnRhYmxlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1sZWZ0Oi41aW4iPlJlZ2FyZHMsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6LjVpbiI+UmFuZ2E8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4i PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+T24gVHVlLCBKdWwgOSwgMjAxOSBhdCAyOjM5IFBN IE1pY2hhZWwgUmljaGFyZHNvbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1jciUyQmlldGZAc2FuZGVs bWFuLmNhIiB0YXJnZXQ9Il9ibGFuayI+bWNyJiM0MztpZXRmQHNhbmRlbG1hbi5jYTwvYT4mZ3Q7 IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVy Om5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGlu IDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW4iPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxicj4NCkVsaW90IExlYXIgJmx0Ozxh IGhyZWY9Im1haWx0bzpsZWFyQGNpc2NvLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmxlYXJAY2lzY28u Y29tPC9hPiZndDsgd3JvdGU6PGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7IEnigJltIG5vdCBxdWl0 ZSBjZXJ0YWluIGhvdyBpdCB3b3VsZCB3b3JrLiZuYnNwOyBDYW4geW91IHNob3cgYSBmbG93IHRo YXQgd2lsbDxicj4NCiZuYnNwOyAmbmJzcDsgJmd0OyB3b3JrIGZvciBhbiBJb1QgZGV2aWNlIChl LmcuLCBoZWFkbGVzcyBhbmQgbm8gZGlzcGxheSk/PGJyPg0KPGJyPg0KRGV2aWNlIGdldHMgcXVh cmFudGluZWQsIGFuZCB0aGUgTVVELWNvbnRyb2xsZXIgbW92ZXMgaXQgaW50byBhbiBpc29sYXRl ZDxicj4NCiZxdW90O1ZMQU4mcXVvdDsuJm5ic3A7IEkgcHV0IGFpci9zY2FyZSBxdW90ZXMgYXJv dW5kIFZMQU4sIGJlY2F1c2UgaXQncyBhICZxdW90O01BQy1hZGRyZXNzPGJyPg0KVkxBTiZxdW90 Oywgbm90IGFuIDgwMi4xUSB0aGluZy4mbmJzcDsgSXQncyByZWFsbHkganVzdCBhIGxheWVyLTIg QUNMLjxicj4NCjxicj4NCntXZSBoYXZlIG5vIHdheSB0byBmb3JjZSB0aGUgbWlzaGF2aW5nIGRl dmljZSBpbnRvIHRhZ2dpbmcgaXQncyBwYWNrZXRzLCBub3I8YnI+DQpjYW4gd2UgZm9yY2UgaXQg b250byBzb21lIG90aGVyIEVTU0lELiBXZSBjYW4ndCBkbyBhICZxdW90O3BvcnQtYmFzZWQmcXVv dDsgVkxBTiw8YnI+DQpiZWNhdXNlIHdpZmkgaGFzIG5vIHBvcnRzLCBhbmQgd2UgZG9uJ3QgcmVh bGx5IGtub3cgaG93IG1hbnkgdW5tYW5hZ2VkPGJyPg0Kc3dpdGNoZXMgbWlnaHQgYmUgb24gdGhl IHBvcnQgYW55d2F5Ljxicj4NCk9uZSBtaWdodCBtYXAgdGhpcyBvbnRvIGEgSUVFRSA4MDIuMVEg VkxBTiBhY3Jvc3MgYSBiYWNrYm9uZX08YnI+DQo8YnI+DQpJbnN0ZWFkIG9mIGp1c3QgZHJvcHBp bmcgYWxsIHRyYWZmaWMgZm9yIGEgZGV2aWNlIGluIHRoaXMgY2F0ZWdvcnksPGJyPg0KYWxsIHRy YWZmaWMgKG90aGVyIHRoYW4gZXhjZXB0ZWQgdHJhZmZpYyBpZiB5b3UgaW1wbGVtZW50PGJyPg0K PGEgaHJlZj0iaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/ dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1yaWNo YXJkc29uLXNoZy1tdWQtcXVhcmFudGluZWQtYWNjZXNzJTJGJmFtcDtkYXRhPTAyJTdDMDElN0Nk b3VnbSU0MG5pc3QuZ292JTdDYTA4ZWFiZDI5N2UyNDJjYmU3ZmIwOGQ3MDRhOWY3NzIlN0MyYWI1 ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2OTgzMDAwMzYzNDE5NjQ5 JmFtcDtzZGF0YT10NUdRS1pzdCUyQkNlem9mTzRhN3ZHZWtrSUxiSWtmJTJGU1dtRzV2ZmNYOUFv NCUzRCZhbXA7cmVzZXJ2ZWQ9MCIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LXJpY2hhcmRzb24tc2hnLW11ZC1xdWFyYW50aW5lZC1hY2Nlc3Mv PC9hPik8YnI+DQp3b3VsZCBnbyBpbnRvIGEgY2FwdGl2ZSBwb3J0YWwgc3lzdGVtLjxicj4NCjxi cj4NClN1Y2ggYSBzeXN0ZW0gd291bGQsIGFjY29yZGluZyB0bzxicj4NCjxhIGhyZWY9Imh0dHBz Oi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUy RiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtaWV0Zi1jYXBwb3J0LWFyY2hp dGVjdHVyZSUyRiZhbXA7ZGF0YT0wMiU3QzAxJTdDZG91Z20lNDBuaXN0LmdvdiU3Q2EwOGVhYmQy OTdlMjQyY2JlN2ZiMDhkNzA0YTlmNzcyJTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFk ZWMlN0MxJTdDMCU3QzYzNjk4MzAwMDM2MzQyOTY0NiZhbXA7c2RhdGE9JTJGWXNrN2RhU1Y1cXYl MkIlMkI1Z1M3WUR5SCUyQmhsd0RaaGtkYnJZaWo5UlFuOEdBJTNEJmFtcDtyZXNlcnZlZD0wIiB0 YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0 Zi1jYXBwb3J0LWFyY2hpdGVjdHVyZS88L2E+PGJyPg0KcmVjZWl2ZSBhIG1lc3NhZ2Ugd2hlbiBp dCBpbml0aWF0ZXMgY29ubmVjdGlvbnMgd2hpY2ggYXJlIG5vdCBhbGxvd2VkLjxicj4NCihXaGls ZSB0aGUgY2FwcG9ydCBXRyBjb250ZW1wbGF0ZWQgYW4gSUNNUCB1bnJlYWNoYWJsZSBtZXNzYWdl IHdpdGggYTxicj4NClVSSSBpbiBpdCBhdCBvbmUgcG9pbnQsIHRoYXQgaXMgbm90IHRoZSBjdXJy ZW50IGRlc2lnbik8YnI+DQo8YnI+DQpBY3R1YWxseSwgSSBoYXZlIG5vIGlkZWEgZnJvbSByZXZp ZXdpbmcgdGhlIGRvY3VtZW50YXRpb24gd2hhdCB0aGU8YnI+DQphcHByb3ByaWF0ZSAmcXVvdDt5 b3UgbWlnaHQgYmUgY2FwdGl2ZSZxdW90OyBJQ01QIGlzIG5vdy4uIFRIRVJFIElTIE9ORSBSSUdI VD88YnI+DQo8YnI+DQpPbmNlIHRoZSBJb1QgZGV2aWNlIGdldHMgc3VjaCBhIG1lc3NhZ2UsIGl0 IGNhbiB1c2UgdGhlIEFQSTxicj4NCmRlc2NyaWJlZCBhdDogPGEgaHJlZj0iaHR0cHM6Ly9nY2Mw MS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0 YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1pZXRmLWNhcHBvcnQtYXBpJTJGJmFtcDtk YXRhPTAyJTdDMDElN0Nkb3VnbSU0MG5pc3QuZ292JTdDYTA4ZWFiZDI5N2UyNDJjYmU3ZmIwOGQ3 MDRhOWY3NzIlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2 OTgzMDAwMzYzNDI5NjQ2JmFtcDtzZGF0YT1OYSUyRldXVnliQ3VZV3hPWUlMYiUyQk9sTDk5cTFi Wk56MHFvcGJoVldnZ3FJNCUzRCZhbXA7cmVzZXJ2ZWQ9MCIgdGFyZ2V0PSJfYmxhbmsiPg0KaHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1jYXBwb3J0LWFwaS88L2E+ PGJyPg0KdG8gcmV0cmlldmUgYSBKU09OIG9iamVjdCB0ZWxsaW5nIGl0IHRoYXQgaXQgaXMgY2Fw dGl2ZS4gQXQgd2hpY2ggcG9pbnQsIGl0PGJyPg0KY2FuIGZsYXNoIGEgTEVELCBvciBhdHRlbXB0 IGEgZmlybXdhcmUgdXBncmFkZSwgb3IgbWF5YmUganVzdCByZWJvb3QgaWYgYTxicj4NCnRpbWVy IGdvZXMgb2ZmLiZuYnNwOyAoJSk8YnI+DQo8YnI+DQpUaGlzIHJlcXVpcmVzIHRoYXQgdGhlIElv VCBkZXZpY2UgZ2V0IHRoZSBjYXB0aXZlIHBvcnRhbCBBUEkgZW5kIHBvaW50LCB3aGljaDxicj4N CjxhIGhyZWY9Imh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20v P3VybD1odHRwcyUzQSUyRiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtaWV0 Zi1jYXBwb3J0LXJmYzc3MTBiaXMlMkYmYW1wO2RhdGE9MDIlN0MwMSU3Q2RvdWdtJTQwbmlzdC5n b3YlN0NhMDhlYWJkMjk3ZTI0MmNiZTdmYjA4ZDcwNGE5Zjc3MiU3QzJhYjVkODJmZDhmYTQ3OTdh OTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY5ODMwMDAzNjM0Mzk2MzEmYW1wO3NkYXRhPU5h ZnV2N0dKRXdGdVFlQTVHeEJ5V1BVOGFKR2Q1RHh1bnYlMkZiT3lxc0ZqQSUzRCZhbXA7cmVzZXJ2 ZWQ9MCIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry YWZ0LWlldGYtY2FwcG9ydC1yZmM3NzEwYmlzLzwvYT4NCiBjYW4gZGVsaXZlcjxicj4NCnZpYSBE SENQdjQvdjYgb3IgUkEuPGJyPg0KPGJyPg0KPGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7Jmd0OyBP biA5IEp1bCAyMDE5LCBhdCAxNjo0MSwgTWljaGFlbCBSaWNoYXJkc29uICZsdDs8YSBocmVmPSJt YWlsdG86bWNyJTJCaWV0ZkBzYW5kZWxtYW4uY2EiIHRhcmdldD0iX2JsYW5rIj5tY3ImIzQzO2ll dGZAc2FuZGVsbWFuLi5jYTwvYT4mZ3Q7PGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7Jmd0OyB3cm90 ZTo8YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7PGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7Jmd0 OyBTaWduZWQgUEdQIHBhcnQ8YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7PGJyPg0KJm5ic3A7 ICZuYnNwOyAmZ3Q7Jmd0OyBCZXR3ZWVuIGVkaXRpbmcgZHJhZnRzIHllc3RlcmRheSwgSSBnb3Qg dG8gdGhpbmtpbmcgYWJvdXQgQ0FQUE9SVC4mbmJzcDsgSTxicj4NCiZuYnNwOyAmbmJzcDsgJmd0 OyZndDsgaGF2ZSBiZWVuIHdvcmtpbmcgb24gd2hhdCB0byBkbyB3aGVuIGFuIElvVCBkZXZpY2Ug dmlvbGF0ZXMgaXQncyBNVUQ8YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7IHByb2ZpbGUuJm5i c3A7IFRoZXJlIGFyZSBhIGJ1bmNoIG9mIGlzc3VlcyBhcm91bmQgdGhpcy48YnI+DQombmJzcDsg Jm5ic3A7ICZndDsmZ3Q7PGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7Jmd0OyBZZXN0ZXJkYXksIGl0 IG9jY3VyZWQgdG8gbWUgdGhhdCB3aGVuIHN1Y2ggYSBkZXZpY2UgaXMgcXVhcmFudGluZWQgKEk8 YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7IHJlYWxseSB0aGluayBpdCBzaG91bGQgYmUgJnF1 b3Q7cXVhcmFudGVlZCZxdW90OywgYnV0IHRoYXQncyBub3QgYSB3b3JkKSB0aGF0PGJyPg0KJm5i c3A7ICZuYnNwOyAmZ3Q7Jmd0OyB0aGUgY2FwcG9ydCBjb250cm9scyBhbmQgQVBJcyBzaG91bGQg YmUgYXZhaWxhYmxlIHRvIHRoZSBkZXZpY2UgdG88YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7 IGxlYXJuIHdoYXQgd2VudCBvbi48YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7PGJyPg0KJm5i c3A7ICZuYnNwOyAmZ3Q7Jmd0OyBUaGlzIGlzIG5vdCBuZXcsIEkgdGhpbmsgdGhhdCB0aGlzIGFz IGJlZW4gdGhlIGFwcHJvYWNoIG9mIG1vc3Q8YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7IGVu dGVycHJpc2UgTkVBIHN5c3RlbXMgdXBvbiBlbmNvdW50ZXJpbmcgJnF1b3Q7aW5mZWN0aW9uJnF1 b3Q7LiZuYnNwOyBUaGlzIGhhcywgSTxicj4NCiZuYnNwOyAmbmJzcDsgJmd0OyZndDsgYXNzdW1l LCBpbnZvbHZlZCBmb3JjZWQgSFRUUCBwcm94aWVzIHRvIGluZm9ybSBodW1hbi4uJm5ic3A7IEJ1 dCwgaWYgd2UgaGF2ZTxicj4NCiZuYnNwOyAmbmJzcDsgJmd0OyZndDsgQVBJcywgd2UgY2FuIGlu Zm9ybSBkZXZpY2UgYXMgd2VsbC48YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7PGJyPg0KJm5i c3A7ICZuYnNwOyAmZ3Q7Jmd0OyBJcyB0aGlzIG9uIGFueW9uZSdzIHJhZGFyPzxicj4NCiZuYnNw OyAmbmJzcDsgJmd0OyZndDs8YnI+DQombmJzcDsgJm5ic3A7ICZndDsmZ3Q7IC0tPGJyPg0KJm5i c3A7ICZuYnNwOyAmZ3Q7Jmd0OyBNaWNoYWVsIFJpY2hhcmRzb24gJmx0OzxhIGhyZWY9Im1haWx0 bzptY3IlMkJJRVRGQHNhbmRlbG1hbi5jYSIgdGFyZ2V0PSJfYmxhbmsiPm1jciYjNDM7SUVURkBz YW5kZWxtYW4uY2E8L2E+Jmd0OywgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzPGJyPg0KJm5ic3A7 ICZuYnNwOyAmZ3Q7Jmd0OyAtPSBJUHY2IElvVCBjb25zdWx0aW5nID0tPGJyPg0KJm5ic3A7ICZu YnNwOyAmZ3Q7Jmd0Ozxicj4NCiZuYnNwOyAmbmJzcDsgJmd0OyZndDs8YnI+DQombmJzcDsgJm5i c3A7ICZndDsmZ3Q7PGJyPg0KJm5ic3A7ICZuYnNwOyAmZ3Q7Jmd0Ozxicj4NCiZuYnNwOyAmbmJz cDsgJmd0OyZndDs8YnI+DQo8YnI+DQo8YnI+DQotLTxicj4NCk1pY2hhZWwgUmljaGFyZHNvbiAm bHQ7PGEgaHJlZj0ibWFpbHRvOm1jciUyQklFVEZAc2FuZGVsbWFuLmNhIiB0YXJnZXQ9Il9ibGFu ayI+bWNyJiM0MztJRVRGQHNhbmRlbG1hbi5jYTwvYT4mZ3Q7LCBTYW5kZWxtYW4gU29mdHdhcmUg V29ya3M8YnI+DQombmJzcDstPSBJUHY2IElvVCBjb25zdWx0aW5nID0tPGJyPg0KPGJyPg0KPGJy Pg0KPGJyPg0KLS0gPGJyPg0KTXVkIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpN dWRAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5NdWRAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJl Zj0iaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0 dHBzJTNBJTJGJTJGd3d3LmlldGYub3JnJTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGbXVkJmFtcDtk YXRhPTAyJTdDMDElN0Nkb3VnbSU0MG5pc3QuZ292JTdDYTA4ZWFiZDI5N2UyNDJjYmU3ZmIwOGQ3 MDRhOWY3NzIlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2 OTgzMDAwMzYzNDM5NjMxJmFtcDtzZGF0YT1qZlg5RE1IRzljY2ZFVzkySkNRV2hQTzFGQVhLRkdm Mm80TDFNM2xUbEpZJTNEJmFtcDtyZXNlcnZlZD0wIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9tdWQ8L2E+PG86cD48L286cD48L3A+DQo8L2Js b2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDouNWluIj48YnIgY2xlYXI9ImFsbCI+DQo8YnI+DQotLSA8bzpwPjwvbzpwPjwvcD4NCjxkaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4N CjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjEyLjBwdDttYXJnaW4tbGVm dDouNWluIj4NCk0uIFJhbmdhbmF0aGFuIDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_420BE1C3BA844306BD72B7CE9905B659nistgov_-- From nobody Tue Jul 9 14:04:17 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00789120046; Tue, 9 Jul 2019 14:04:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99Y4D96y3TG6; Tue, 9 Jul 2019 14:04:15 -0700 (PDT) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57E3A12000E; Tue, 9 Jul 2019 14:04:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3206; q=dns/txt; s=iport; t=1562706254; x=1563915854; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=oI9zADzJArfY1gwTPou08A+SH6PNDHygR9TpU/yNsqI=; b=Dikr1VnlwyQgWpnX7thDzavcwcb5nYDCT0Q0A+erri2Nk3Ru63Jo8IUA 1q54Pg7Nc3gcHTcWppmXALIXSFjfnPWNRoFZps75wmERruaFolcdOSRLk Lxal1XmHdXwqohN7glJgtqtNt6BlLWVAsMDdSVsR5E0pqQ+xZ/Nn9Mb6W U=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0APAABMACVd/xbLJq1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVgEBAQEBAQsBg1IyKIQciHuLTyWabwIHAQEBCQMBAS8?= =?us-ascii?q?BAYFLgnUCgmY3Bg4BAwEBBAEBAgEFbYVIhUoBAQEBAgEdBlYFCwsYKgICVwY?= =?us-ascii?q?TFIMOAYF7D6xKgTKFR4RcEIE0AYFQiiWBf4ERJwwTgh4uPodOMoImBJRmlWw?= =?us-ascii?q?JghmCH4EMkFobjTKKToQRnVODCgIEBgUCFYFmIoFYMxoIGxVlAYJBPpBJPQM?= =?us-ascii?q?wj1gBAQ?= X-IronPort-AV: E=Sophos;i="5.63,472,1557187200"; d="asc'?scan'208";a="14066915" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Jul 2019 21:04:12 +0000 Received: from [10.61.166.105] ([10.61.166.105]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x69L3PBw020970 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 Jul 2019 21:04:11 GMT From: Eliot Lear Message-Id: <7A0D6F9C-F3A3-4207-BFCE-38AB0AFA4E7D@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_409D4659-929B-40F4-A44A-DFC93E1AF07F"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 9 Jul 2019 23:04:11 +0200 In-Reply-To: <29188.1561913378@localhost> Cc: iot-onboarding@ietf.org, mud@ietf.org To: Michael Richardson References: <29188.1561913378@localhost> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.166.105, [10.61.166.105] X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] Side meeting at the IETF Montreal - call for agenda items X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 21:04:17 -0000 --Apple-Mail=_409D4659-929B-40F4-A44A-DFC93E1AF07F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Good conversation to have in Montreal. > On 30 Jun 2019, at 18:49, Michael Richardson = wrote: >=20 > Signed PGP part >=20 > Eliot Lear wrote: >> A number of people have contacted me about meeting in Montreal, and >> that they wouldn=E2=80=99t be available after Tuesday. Conveniently, = Monday >> morning is reserved for side meetings. I propose we take advantage = of >> this from 9:00 - 10:30 (yes, this bleeds into the 1st session). >=20 > It bleeds into teep, and I'm curious about the loops BOF, so I = probably take > off at the appointed time. >=20 >> I=E2=80=99ve combined MUD and IoT Onboarding, just to save time, as = there is >> substantial community overlap. That=E2=80=99s because the spaces are = clearly >> related, one being authentication of the device the other being = network >> authorization. >=20 > Agreed. >=20 >> This, then, is a call for agenda items. I have a few of my own, but >> would prefer to hear from others first. Also, are you ok with the >> Monday morning time slot and keeping these activities together? >=20 >> Ps: reminder: side meetings are not =E2=80=9Cofficial=E2=80=9D = anything. Just a >> gathering of people with a common interest. However, the meeting = will >> run under the IPR rules of the IETF, regardless. All are invited. >=20 > So, I'm not sure if you are asking for BRSKI items, or IoT onboarding = items in general. >=20 > 1) Under BRSKI for non-ANIMA ACP uses, there is the question about = open/closed > registrars, and operational considerations of total sales channel = integration > (MASA knows the customers), vs retail integration (no knowledge of > customers). There are probably areas of grey in between that might = be > worth enumerating. >=20 > 2) There is a similar question for MUD, which is how does the MUD = controller > arrive at trust criteria for the signatures. This is the > enterprise/customer side of the above story: do you know who you are > buying from? > This relates to the discussion we have had about controllers: I = think if > we could pin down the quality of the signatures, we could say more. >=20 > 3) MUD Operational considerations for devices that can grow "skills" >=20 > Not really a topic exactly: but how do we get towards the point where = we can test > MUD/BRSKI integration. >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 --Apple-Mail=_409D4659-929B-40F4-A44A-DFC93E1AF07F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSUBSwAKCRBugA9nE248 uOmjAJ4wMwk2L38eJVdIb6A5wGKMnF7AQgCgsxrw7R1pQPf+LAqliVgIsbhYRhI= =W0Cm -----END PGP SIGNATURE----- --Apple-Mail=_409D4659-929B-40F4-A44A-DFC93E1AF07F-- From nobody Tue Jul 9 17:49:39 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262F21200CE; Tue, 9 Jul 2019 17:49:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbwBYzHgIqFi; Tue, 9 Jul 2019 17:49:26 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 938FF1200C4; Tue, 9 Jul 2019 17:49:25 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B64353808A; Tue, 9 Jul 2019 20:47:20 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 6B33C5BE; Tue, 9 Jul 2019 20:49:23 -0400 (EDT) From: Michael Richardson To: Eliot Lear cc: "opsawg\@ietf.org" , "mud\@ietf.org" , captive-portal@ietf.org In-Reply-To: References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 00:49:29 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Eliot Lear wrote: > It=E2=80=99s the following part that I=E2=80=99m thinking about: ... >> to retrieve a JSON object telling it that it is captive. At which po= int, it >> can flash a LED, or attempt a firmware upgrade, or maybe just reboot= if a >> timer goes off. (%) > You are suggesting that a device self-remediate. Some devices may be > able to eventually do that, but I have my doubts. Were I a hacker, I > would have the device pretend to do just that. And so this ties > somewhat to RATS. I think a MUD extension might be able to help in as > much as one could imagine a =E2=80=9Cremediation=E2=80=9D recommendat= ion. Yes, so a full attack on the IoT device would do what you describe. A partial attack might miss messing this. A reboot might clear out the malware, or might mitigate it enough (such as going to boot firmware) that would permit new firmware to be loaded. Yes, getting completely out of the quarantine would require either attestation or human intervention. But, if the device now has good firmwar= e, it would be able to send the "please unquarantine me" signal. =2D- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0lNhMACgkQgItw+93Q 3WU12wf/UULW/3tZ3bmXiOiCwAftppacxs1lAmQC8+UdvKWjVMIBV5UeA2qHl+l3 5Jnhi0vnrRv/5REpw+FCRqJXHMiAz0xPf7t69XMjvjF1WwUvdZPWRQdDfBQn6L/4 6RrdlCePkmHT0W2cHT/LJLP8UXCUL1sqzGXs8iD9ji0s6torjKFTIKhWR3h8bLPF j0fLSkSkIoeqyuEdexOIUZu8/kU2RJY3LOGGwEcaszwc3eqcdjOyT7J2ZJvKZ+mP pJWyd/ZLHSEOxf9llYqgb7zos1mGkikNhuYB/OX1bMcC86j7C7pEk8UMtEtHu4ls xphT0AY4kYSqPDI5HXW3F1rI3f8uzg== =6OhK -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 17:53:20 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B41E120251; Tue, 9 Jul 2019 17:53:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiEnXlVsK-dt; Tue, 9 Jul 2019 17:53:01 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 628E912029F; Tue, 9 Jul 2019 17:53:01 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 807AE3808A; Tue, 9 Jul 2019 20:50:57 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 457275BE; Tue, 9 Jul 2019 20:53:00 -0400 (EDT) From: Michael Richardson To: Eliot Lear , "opsawg\@ietf.org" , "mud\@ietf.org" , captive-portals@ietf.org In-Reply-To: <20190709194614.pbqcbi7dvk75w4ms@anna.jacobs.jacobs-university.de> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> <20190709194614.pbqcbi7dvk75w4ms@anna.jacobs.jacobs-university.de> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 00:53:11 -0000 --=-=-= Content-Type: text/plain Juergen Schoenwaelder wrote: > would an ICMP "administratively prohibited" not be a sufficient > signal? Sure, things can be made much more complex, but I doubt that > devices will try to actively investigate why they can't communicate Probably good enough. Some wanted a more specific signal. It's intended to just be a signal to go ask the captive portal API if the device is captive. > (and implement additional protocols for this) if all they can do at > the end is to change the color of an led or simply shut-off (i.e., > stop assuming its a temporary network issue and reduce/stop probing > effort). -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0lNusACgkQgItw+93Q 3WXCvAf+IDwK6e2CRmcF9OnSO9Dbzj0G3nFZy7WMDZtsTqAdVKDAR//xF5ULBYON dSi5c0bDG+WGdy929VGVFgk6GhLoXEgHMbWnOQCF7n4TaaiIufJB3E7XTjiuZrdK xu7NJjAnphyLctZYXFE9WsJKAj1MqZoJ2vxC/tLvSAFgo59o2l/viLazRNszIDAd lhsnMfGAmwCwKoOIThKjR0z4eVUL2QnYRXAa8oTUwIMwQqHZ9jurEA3pNPqFEI1/ cpJqumD56Bn8fdHNs1UNqFQVx7qyd1GYhkylJC0E+KHv5a5PowIURfclMB6hR73a VKx2UEI+lLsNLcjsWSGb4EkA8XypZA== =X51p -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 18:01:10 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D031200C4 for ; Tue, 9 Jul 2019 18:01:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1fU37KUt2Hk for ; Tue, 9 Jul 2019 18:01:07 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BCDE1200F6 for ; Tue, 9 Jul 2019 18:01:07 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id DFB173808A; Tue, 9 Jul 2019 20:59:02 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 989D95BE; Tue, 9 Jul 2019 21:01:05 -0400 (EDT) From: Michael Richardson To: "M. Ranganathan" , "mud\@ietf.org" X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Mud] different modes for MUD files X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 01:01:10 -0000 --=-=-= Content-Type: text/plain {starting a new thread with a new subject line} M. Ranganathan wrote: > The current draft https://datatracker.ietf.org/doc/draft-ietf-capport-api/ > Assumes that the "quarantined device" can access a subset of the ACE's > allowed to the "unquarantined" device. > However, I can think of a scenario where this does not have to be the case. > I'd propose to generalize this. > i.e. There are two sets of ACL's - one for normal operation and one for > quarantined access. (i.e. quarantine access is not necessarily a subset of > regular access). I can agree with the idea. > Use case: > Under normal circumstances, the device does not need SSH access (port 22 is > not open). However, if the device is misbehaving some external agent (or > human maybe) logs in and investigates the issue. The fix could involve > copying new firmware. > Does this make sense? Yes, but I'd like to term this the "debug" or "diagnostic" access. I suggest that this is easily done by switching MUD files in/out. Rather than try to create profiles within A mud file, I suggest multiple mud files. What we should do is to create references to alternate profiles that could be used. > Another thing that is missing currently is how to "clear" the quarantine > state at the enforcement point. This would need an API defintion of we want > to make that portable. Yes, that does require an API. The SHG project has developed one, but the document is stale. It can't be the device that invokes the API, it must be be the operator. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0lONEACgkQgItw+93Q 3WVNzQf7BjLl3CPcsC6dRqK8G6dh54wVVtVMh3Dchepo/Op/+3rAIznmE+44gdgE qOHTSWdTGzL5IbmSYJymEyk4P5kRVesGFiNj9sZZRzvd6Frkk+fRMjPqMq4XpEyq muApQjXvIcGE0a6GSr8IqqorXTZkE5NYK6+DjQg40g1xj0Xyrn7+XzVpSKCRsjVV HRDpZcUYKgeaUYgA7ptpFLu+EnmhKm5ETvUFqEQXClXONwGVhq8fizugaTYS2O0o 3edvJap79moGhRE3p07Djdf6eiHs0Kq/zHn611JzRz3pvH4bVwyz3jeSViG62v9C mFM7opOupUfpe5CWrt6s0GCuuwUfyQ== =nAis -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 18:05:13 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D94C1200C4; Tue, 9 Jul 2019 18:05:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuE763QwAASr; Tue, 9 Jul 2019 18:05:03 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CCF51200F6; Tue, 9 Jul 2019 18:05:02 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 21B8D3808A; Tue, 9 Jul 2019 21:02:59 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D37E45D0; Tue, 9 Jul 2019 21:05:01 -0400 (EDT) From: Michael Richardson To: "Montgomery\, Douglas \(Fed\)" cc: "M. Ranganathan" , "opsawg\@ietf.org" , "mud\@ietf.org" , Eliot Lear , captive-portals@ietf.org In-Reply-To: <420BE1C3-BA84-4306-BD72-B7CE9905B659@nist.gov> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> <420BE1C3-BA84-4306-BD72-B7CE9905B659@nist.gov> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 01:05:06 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Montgomery, Douglas (Fed) wrote: > Most of the devices I think of as actual IoT devices have no direct > UI/shell. Your only interaction with them after initial > =E2=80=9Cinstall/configure=E2=80=9D is through their cloud web servic= e interface. That's true for many devices, but not all. Even light bulbs have output interfaces :-) > Having said that I think your model is fine. Good. > I would suggest detecting device reboot would be one signal to clear > quarantine state. Since MUD =E2=80=9Cmisbehavior=E2=80=9D is mostly = instantaneously > detectable (1 packet), I am not that concerned that the device might > reboot for others reasons and still be infected. Device reboot probably needs an attestation to be believed. > One might keep a counter and a time stamp of quarantine clears and if > you a device had N MUD violations after quarantine clears in X time, > lock it down in quarantine or completely take it off line. Reasonable, but in the space of quality of implementation, I think. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0lOb0ACgkQgItw+93Q 3WUy2Af/TjU5TjVJOZN1N/Vh90bGxFVgbe0W/bmMkZNrTYq4giKl9iz3cPJEWYdf Q/MnjY0H1LNan3gKfBEO3NFbITeoXFlzw5zApqevYBcWk9D9Z0CW8CsFKzoa1MYf NXD/1ZAjbmX2nt8JsoA7Z2RZsEhg+HZWucq9BopQTaUNDYIT0nt1b7O3k1fi/oxN YbaxYO5X6BzYopByEk5JnMYmhlEyJz5miG2qehvRB4lE4gv/rTR1D1qaaDARZxVg TVDGx3SvqyVMzQiPRJ67bpK/dU2nc63KfvbSjF9uVjgmKQL/MMErJ7Ljb6TzUziJ p+xSuJpiE1PXAkIFPwnVws786LDReA== =Jkny -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 9 18:16:16 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8978A12008F; Tue, 9 Jul 2019 18:16:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lU1pcIyLSn61; Tue, 9 Jul 2019 18:15:58 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B1AB120048; Tue, 9 Jul 2019 18:15:57 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E05813808A; Tue, 9 Jul 2019 21:13:53 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9D23B5D0; Tue, 9 Jul 2019 21:15:56 -0400 (EDT) From: Michael Richardson To: John Romkey cc: Eliot Lear , captive-portals@ietf.org, "opsawg\@ietf.org" , "mud\@ietf.org" In-Reply-To: <46656FBE-06E8-4E65-AF61-4BDE2F206F00@romkey.com> References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> <18178.1562719763@localhost> <46656FBE-06E8-4E65-AF61-4BDE2F206F00@romkey.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 01:16:01 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable {my appologies for still getting captive-portal vs captive-portals@ wrong} John Romkey wrote: >> Eliot Lear wrote: >> >>>> to retrieve a JSON object telling it that it is captive. At which = point, it >>>> can flash a LED, or attempt a firmware upgrade, or maybe just rebo= ot if a >>>> timer goes off. (%) >> >>> You are suggesting that a device self-remediate. Some devices may = be >>> able to eventually do that, but I have my doubts. Were I a hacker,= I >>> would have the device pretend to do just that. And so this ties >>> somewhat to RATS. I think a MUD extension might be able to help in= as >>> much as one could imagine a =E2=80=9Cremediation=E2=80=9D recommend= ation. >> >> Yes, so a full attack on the IoT device would do what you describe. >> A partial attack might miss messing this. A reboot might clear out = the >> malware, or might mitigate it enough (such as going to boot firmware= ) that >> would permit new firmware to be loaded. >> >> Yes, getting completely out of the quarantine would require either >> attestation or human intervention. But, if the device now has good = firmware, >> it would be able to send the "please unquarantine me" signal. > I believe strongly that the only safe thing you can do with a device > that=E2=80=99s been in any way compromised is completely isolate it.It > shouldn=E2=80=99t be able to send an =E2=80=9Cunquarantine=E2=80=9D s= ignal. You shouldn=E2=80=99t even > try to talk to it. That's a reasonable view. The question is: what next? draft-richardson-shg-un-quarantine-00 tries to discuss this. > Let the firewall which is implementing MUD notify the user about the > problem. Let the device=E2=80=99s app or cloud services notify the us= er that > the device is offline. Possibly in a later evolution of MUD the > firewall might have a way to notify the device=E2=80=99s cloud servic= e, but I > wouldn=E2=80=99t hamstring the initial version of MUD with an attempt= to do > that. I fully expect any notifications out should be done by the firewall. There are two issues I'm trying to address: 1) there will be false positives from use of MUD. Manufacturers will screw up, DNS mappings will be updated out of sync with firmware, etc. If it is too painful to diagnose and fix, then MUD will get disabled by operators (ISPs, who will get the call), or by end users. 2) not every user of a device will get the notifications. So devices with displays (think: thermostats, refridgerators, SIP phon= es, TV sets, etc.) whether they have real malware on them, or false positives should be able to indicate that they are offline. This matters a lot if you are trying to dial 911 on a broken phone, and you aren't the person with the app that gets the notifications from the firewall. Putting them behind the captive-portal API when quarantined lets them get exactly the kind of information they want. It also helps them when they turned on where there really is a captive-portal. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0lPEwACgkQgItw+93Q 3WVHLggAhv9AXmBAzHWkMJBU6LwQZG+v9a7kdpKRKsEJE/EdEtF5Y+OkspkPl58s coHh4EqVS0s7a0pJrD3lBvFmZvf6MSyd+PWJZl60jVJU6lWnNaYfd7y0hLXM2UIk fQOt/m8GePVmcwZskZJ/Q0IgSZpnnG2MxYAXKFANLRa/dQkr99pX64ctg8ShVWV4 Xc24joEku4lqEIhS2Vy5Tz76evsm1wgb7+7nvoVA2WdJkTI/io5casZwLign8Rdg 8TTArntZqiNKR/wxUUJg6BxtRm5vUN4q7niGF6Cy0WNT19gX78mmEdpZFrhTQbMZ Vciomg3d8LXybuiq0XWXu+zdHctoqA== =Idwo -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jul 10 01:14:54 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3839712018C; Wed, 10 Jul 2019 01:14:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXFC2RIdlhyZ; Wed, 10 Jul 2019 01:14:43 -0700 (PDT) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5E961200D6; Wed, 10 Jul 2019 01:14:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5329; q=dns/txt; s=iport; t=1562746482; x=1563956082; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=WREPVnpTWeH84o47JA6ys0Aw4o7PxmEEMD5gmxxFRC8=; b=T6mM7SJeLrgOBADvwUPi5sRd+nnBlMcXqFSg4rqxZhpE6LatxR9pLe+v S7zKA6sa7YmR2TtJK7HaSjVbnrKu9BaphnDrzj9xmq6bUrwM4M9tyqNTR 2HP3mbLBou+AOJAC9QW2xOecT6H5LHYI6XGEXxv1CgOAGg/nJM7Ig+CtE E=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BWAAD2nSVd/xbLJq1mGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBZ4MBUiASKIQciHuLb5J0hyYDVAIHAQEBCQMBARsUAQGEQAK?= =?us-ascii?q?CbjgTAQMBAQQBAQIBBW2FPAyFSwEEASNWBQsLBD4CAlcGgzUBgXsPrgOBMoV?= =?us-ascii?q?HhGEQgTSBUYg7gWqBfxJ/Jx+CTD6ELoMgMoImBJRmlW4JghuCH4EMgyyNLxu?= =?us-ascii?q?DGYoZik6UcYxzgwoCBAYFAhWBZyGBWDMaCBsVZQGCQQk1hXSCbodnPQMwj1M?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.63,473,1557187200"; d="asc'?scan'208,217";a="14087066" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Jul 2019 08:14:38 +0000 Received: from [10.61.166.105] ([10.61.166.105]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x6A8EbwB021041 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 10 Jul 2019 08:14:38 GMT From: Eliot Lear Message-Id: <2708D89A-90CD-41DE-900D-0BFC8AB5B814@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_5E4F39DB-41C2-4810-9A71-D01416EBA89C"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 10 Jul 2019 10:14:37 +0200 In-Reply-To: <46656FBE-06E8-4E65-AF61-4BDE2F206F00@romkey.com> Cc: Michael Richardson , captive-portal@ietf.org, "opsawg@ietf.org" , "mud@ietf.org" To: John Romkey References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> <18178.1562719763@localhost> <46656FBE-06E8-4E65-AF61-4BDE2F206F00@romkey.com> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.166.105, [10.61.166.105] X-Outbound-Node: aer-core-2.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 08:14:45 -0000 --Apple-Mail=_5E4F39DB-41C2-4810-9A71-D01416EBA89C Content-Type: multipart/alternative; boundary="Apple-Mail=_B69F180E-96CB-48D1-85C9-5922A856905C" --Apple-Mail=_B69F180E-96CB-48D1-85C9-5922A856905C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi John, >=20 > I believe strongly that the only safe thing you can do with a device = that=E2=80=99s been in any way compromised is completely isolate it.It = shouldn=E2=80=99t be able to send an =E2=80=9Cunquarantine=E2=80=9D = signal. You shouldn=E2=80=99t even try to talk to it. >=20 It=E2=80=99s important to tease out the device model here a bit. If the = device is a single processor unit, I can only but agree with you. = However, if there is a TPM/TEE present, things get a bit grayer. It is = possible that even a device with a TEE could have been compromised. = This could have happened through a classic bug in some unprotected code, = like a web server. If code within the TEE is able to detect that it has = been messed with, then it is possible it might want to remediate. It is = then up to the process in the TEE to communicate to some sort of remote = attestation service to demonstrate that the system is in a nominal = state, and up to the RATS server to believe that system or not. But I must say that this would not my first use of MUD ;-) Eliot > Let the firewall which is implementing MUD notify the user about the = problem. Let the device=E2=80=99s app or cloud services notify the user = that the device is offline. Possibly in a later evolution of MUD the = firewall might have a way to notify the device=E2=80=99s cloud service, = but I wouldn=E2=80=99t hamstring the initial version of MUD with an = attempt to do that. > - john romkey > https;//romkey.com >=20 --Apple-Mail=_B69F180E-96CB-48D1-85C9-5922A856905C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = John,


I believe strongly that = the only safe thing you can do with a device that=E2=80=99s been in any = way compromised is completely isolate it.It shouldn=E2=80=99t be able to = send an =E2=80=9Cunquarantine=E2=80=9D signal. You shouldn=E2=80=99t = even try to talk to it.


It=E2=80= =99s important to tease out the device model here a bit.  If the = device is a single processor unit, I can only but agree with you. =  However, if there is a TPM/TEE present, things get a bit grayer. =  It is possible that even a device with a TEE could have been = compromised.  This could have happened through a classic bug in = some unprotected code, like a web server.  If code within the TEE = is able to detect that it has been messed with, then it is possible it = might want to remediate.  It is then up to the process in the TEE = to communicate to some sort of remote attestation service to demonstrate = that the system is in a nominal state, and up to the RATS server to = believe that system or not.

But I = must say that this would not my first use of MUD ;-)

Eliot


Let the firewall which is = implementing MUD notify the user about the problem. Let the device=E2=80=99= s app or cloud services notify the user that the device is offline. = Possibly in a later evolution of MUD the firewall might have a way to = notify the device=E2=80=99s cloud service, but I wouldn=E2=80=99t = hamstring the initial version of MUD with an attempt to do = that.
- john romkey
= https;//romkey.com


= --Apple-Mail=_B69F180E-96CB-48D1-85C9-5922A856905C-- --Apple-Mail=_5E4F39DB-41C2-4810-9A71-D01416EBA89C Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSWebQAKCRBugA9nE248 uCMbAKCzaAgF18AM8c6Ko38A2beMWmz/LACghagCTFQI7SIAAolVEMInHAMJ744= =bD/1 -----END PGP SIGNATURE----- --Apple-Mail=_5E4F39DB-41C2-4810-9A71-D01416EBA89C-- From nobody Wed Jul 10 01:18:17 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A031206AC; Tue, 9 Jul 2019 12:46:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-mWnIOCuZxw; Tue, 9 Jul 2019 12:46:20 -0700 (PDT) Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2293C12068C; Tue, 9 Jul 2019 12:46:19 -0700 (PDT) Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id DCC046FC; Tue, 9 Jul 2019 21:46:16 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from atlas5.jacobs-university.de ([10.70.0.198]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id M3AXkV3-XxEd; Tue, 9 Jul 2019 21:46:16 +0200 (CEST) Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Tue, 9 Jul 2019 21:46:16 +0200 (CEST) Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id 8F4DA20128; Tue, 9 Jul 2019 21:46:16 +0200 (CEST) X-Virus-Scanned: amavisd-new at jacobs-university.de Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id jZloRrSN_9mu; Tue, 9 Jul 2019 21:46:16 +0200 (CEST) Received: from exchange.jacobs-university.de (sxchmb04.jacobs.jacobs-university.de [10.70.0.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id CC74E20129; Tue, 9 Jul 2019 21:46:15 +0200 (CEST) Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 9 Jul 2019 21:46:14 +0200 Received: by anna.localdomain (Postfix, from userid 501) id A3498300AB1A6A; Tue, 9 Jul 2019 21:46:14 +0200 (CEST) Date: Tue, 9 Jul 2019 21:46:14 +0200 From: Juergen Schoenwaelder To: Michael Richardson CC: Eliot Lear , "opsawg@ietf.org" , "mud@ietf.org" , Message-ID: <20190709194614.pbqcbi7dvk75w4ms@anna.jacobs.jacobs-university.de> Reply-To: Juergen Schoenwaelder Mail-Followup-To: Michael Richardson , Eliot Lear , "opsawg@ietf.org" , "mud@ietf.org" , capport@ietf.org References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline In-Reply-To: <27334.1562697538@localhost> User-Agent: NeoMutt/20180716 X-ClientProxiedBy: SXCHMB02.jacobs.jacobs-university.de (10.70.0.121) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155) X-Clacks-Overhead: GNU Terry Pratchett Content-Transfer-Encoding: quoted-printable Archived-At: X-Mailman-Approved-At: Wed, 10 Jul 2019 01:18:16 -0700 Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 19:46:24 -0000 Michael, would an ICMP "administratively prohibited" not be a sufficient signal? Sure, things can be made much more complex, but I doubt that devices will try to actively investigate why they can't communicate (and implement additional protocols for this) if all they can do at the end is to change the color of an led or simply shut-off (i.e., stop assuming its a temporary network issue and reduce/stop probing effort). /js On Tue, Jul 09, 2019 at 02:38:58PM -0400, Michael Richardson wrote: >=20 > Eliot Lear wrote: > > I=E2=80=99m not quite certain how it would work. Can you show a = flow that will > > work for an IoT device (e.g., headless and no display)? >=20 > Device gets quarantined, and the MUD-controller moves it into an isolat= ed > "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-addres= s > VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. >=20 > {We have no way to force the mishaving device into tagging it's packets= , nor > can we force it onto some other ESSID. We can't do a "port-based" VLAN, > because wifi has no ports, and we don't really know how many unmanaged > switches might be on the port anyway. > One might map this onto a IEEE 802.1Q VLAN across a backbone} >=20 > Instead of just dropping all traffic for a device in this category, > all traffic (other than excepted traffic if you implement > https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-a= ccess/) > would go into a captive portal system. >=20 > Such a system would, according to > https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ > receive a message when it initiates connections which are not allowed. > (While the capport WG contemplated an ICMP unreachable message with a > URI in it at one point, that is not the current design) >=20 > Actually, I have no idea from reviewing the documentation what the > appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? >=20 > Once the IoT device gets such a message, it can use the API > described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ > to retrieve a JSON object telling it that it is captive. At which point= , it > can flash a LED, or attempt a firmware upgrade, or maybe just reboot if= a > timer goes off. (%) >=20 > This requires that the IoT device get the captive portal API end point,= which > https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can del= iver > via DHCPv4/v6 or RA. >=20 >=20 > >> On 9 Jul 2019, at 16:41, Michael Richardson > >> wrote: > >> > >> Signed PGP part > >> > >> Between editing drafts yesterday, I got to thinking about CAPPOR= T. I > >> have been working on what to do when an IoT device violates it's= MUD > >> profile. There are a bunch of issues around this. > >> > >> Yesterday, it occured to me that when such a device is quarantin= ed (I > >> really think it should be "quaranteed", but that's not a word) t= hat > >> the capport controls and APIs should be available to the device = to > >> learn what went on. > >> > >> This is not new, I think that this as been the approach of most > >> enterprise NEA systems upon encountering "infection". This has,= I > >> assume, involved forced HTTP proxies to inform human. But, if w= e have > >> APIs, we can inform device as well. > >> > >> Is this on anyone's radar? > >> > >> -- > >> Michael Richardson , Sandelman Software W= orks > >> -=3D IPv6 IoT consulting =3D- > >> > >> > >> > >> > >> >=20 >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Wed Jul 10 01:18:23 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D8AC12013B for ; Tue, 9 Jul 2019 17:58:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.703 X-Spam-Level: X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=romkey.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WkbZ5VD1ltJH for ; Tue, 9 Jul 2019 17:58:31 -0700 (PDT) Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF77F120048 for ; Tue, 9 Jul 2019 17:58:30 -0700 (PDT) Received: by mail-pf1-x42c.google.com with SMTP id b13so214642pfo.1 for ; Tue, 09 Jul 2019 17:58:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=romkey.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=KYxPYYwfJYEg0J6VJZhNj35oQnEjNX56ul0U8vMIFf8=; b=fbpck0y6mzEkuS+cqKzvWUtWPFnglTHmytptimrjYIHyx192jfxaVsF+8lhocUodoa jmBr+ySNKNc2/82FERq+ZUh+83AibvxdKhS8WRPUbb0qxUG3pKfYd6LL8To+ysqQ4Ce6 mvueY0S3jm4NvjFv7Ihly58vESk4HEsBFQsAOC0d3tCPrOn2F+uFhQ41H+0r7HdQY94i /Ep6jdHLyOZcG9PzkOpqpyuSXO88aX75EL9zWX/OO/DHTGVY2B5jgv1M9YJLA7ejYr2Q vdVcV2PqhE1Mqot5Df8aJhmqSMSU/q0n+cITt7hL65InTraEA7QDA1jEu61xpChOj0Nj p9lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=KYxPYYwfJYEg0J6VJZhNj35oQnEjNX56ul0U8vMIFf8=; b=bZgakJT+IFt7CDnumtdFwlD2Of4a0v4pbG3r1Vy1404doBIhCSWrV/FCD3/B9e2a7w nV2LeoqCUzAiyg34YeF9O3mEmLx4bLZ91UaFxdPT7ogDKFC8ZeEDFSt6YjjjRiLmCzzN BnekvBNwLlFRIe23N5szKzycIsNe0dAY/J01V8eIvCx5+dhPrpNxgH+p4KJtWk0j2NPW aePxWsWAPeGli/1+mCnJyXX0ShfpXnXWVpD15mNCXee/Dxav3gm6IJu+IHg2HMnYh94F /wtlJummcBaJZIndszPFhxAnFpB0zqpElBK7kO1OmIiTSF3HSy/lOcSr/87QPyHycK4r rq3g== X-Gm-Message-State: APjAAAV4+I++x+zbmUDJRaJdXLi8HsiosPv2imU5na+mmKrhHLD3Fglr Ok4L0gKsseqvYcUhix3yzg2avQ== X-Google-Smtp-Source: APXvYqzboKQcWA3uXQ9wWP5vDNJTUum17vFMCm8bjI+D9XPyjMMSwlGGvQEZc1A/kkesuVBG2NbGPQ== X-Received: by 2002:a63:e20a:: with SMTP id q10mr33131317pgh.24.1562720310181; Tue, 09 Jul 2019 17:58:30 -0700 (PDT) Received: from johns-mbp-3.localdomain ([97.115.131.172]) by smtp.gmail.com with ESMTPSA id e5sm279242pfd.56.2019.07.09.17.58.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 17:58:28 -0700 (PDT) From: John Romkey Message-Id: <46656FBE-06E8-4E65-AF61-4BDE2F206F00@romkey.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_EABAD983-EB6E-4F93-A1D3-3C6FB9586844" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 9 Jul 2019 17:58:27 -0700 In-Reply-To: <18178.1562719763@localhost> Cc: Eliot Lear , captive-portal@ietf.org, "opsawg@ietf.org" , "mud@ietf.org" To: Michael Richardson References: <4486.1562683318@localhost> <7534958E-E1A6-470D-B4BB-6B88CD27B54C@cisco.com> <27334.1562697538@localhost> <18178.1562719763@localhost> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: X-Mailman-Approved-At: Wed, 10 Jul 2019 01:18:16 -0700 Subject: Re: [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 00:58:33 -0000 --Apple-Mail=_EABAD983-EB6E-4F93-A1D3-3C6FB9586844 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jul 9, 2019, at 5:49 PM, Michael Richardson = wrote: >=20 >=20 > Eliot Lear wrote: >=20 >>> to retrieve a JSON object telling it that it is captive. At which = point, it >>> can flash a LED, or attempt a firmware upgrade, or maybe just reboot = if a >>> timer goes off. (%) >=20 >> You are suggesting that a device self-remediate. Some devices may be >> able to eventually do that, but I have my doubts. Were I a hacker, I >> would have the device pretend to do just that. And so this ties >> somewhat to RATS. I think a MUD extension might be able to help in = as >> much as one could imagine a =E2=80=9Cremediation=E2=80=9D = recommendation. >=20 > Yes, so a full attack on the IoT device would do what you describe. > A partial attack might miss messing this. A reboot might clear out = the > malware, or might mitigate it enough (such as going to boot firmware) = that > would permit new firmware to be loaded. >=20 > Yes, getting completely out of the quarantine would require either > attestation or human intervention. But, if the device now has good = firmware, > it would be able to send the "please unquarantine me" signal. I believe strongly that the only safe thing you can do with a device = that=E2=80=99s been in any way compromised is completely isolate it.It = shouldn=E2=80=99t be able to send an =E2=80=9Cunquarantine=E2=80=9D = signal. You shouldn=E2=80=99t even try to talk to it. Let the firewall which is implementing MUD notify the user about the = problem. Let the device=E2=80=99s app or cloud services notify the user = that the device is offline. Possibly in a later evolution of MUD the = firewall might have a way to notify the device=E2=80=99s cloud service, = but I wouldn=E2=80=99t hamstring the initial version of MUD with an = attempt to do that. - john romkey https;//romkey.com --Apple-Mail=_EABAD983-EB6E-4F93-A1D3-3C6FB9586844 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
On = Jul 9, 2019, at 5:49 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:


Eliot Lear <lear@cisco.com> wrote:

to retrieve a JSON object telling it that it is captive. At = which point, it
can flash a LED, or attempt a firmware = upgrade, or maybe just reboot if a
timer goes off. =  (%)

You are suggesting that = a device self-remediate.  Some devices may be
able to = eventually do that, but I have my doubts.  Were I a hacker, I
would have the device pretend to do just that.  And so = this ties
somewhat to RATS.  I think a MUD extension = might be able to help in as
much as one could imagine a = =E2=80=9Cremediation=E2=80=9D recommendation.

Yes, so a full attack on the IoT = device would do what you describe.
A partial attack might = miss messing this.  A reboot might clear out the
malware, or might mitigate it enough (such as going to boot = firmware) that
would permit new firmware to be loaded.

Yes, getting completely out of the quarantine = would require either
attestation or human intervention. =  But, if the device now has good firmware,
it would = be able to send the "please unquarantine me" signal.

I= believe strongly that the only safe thing you can do with a device = that=E2=80=99s been in any way compromised is completely isolate it.It = shouldn=E2=80=99t be able to send an =E2=80=9Cunquarantine=E2=80=9D = signal. You shouldn=E2=80=99t even try to talk to it.

Let the firewall which = is implementing MUD notify the user about the problem. Let the = device=E2=80=99s app or cloud services notify the user that the device = is offline. Possibly in a later evolution of MUD the firewall might have = a way to notify the device=E2=80=99s cloud service, but I wouldn=E2=80=99t= hamstring the initial version of MUD with an attempt to do = that.
- john romkey
= https;//romkey.com

= --Apple-Mail=_EABAD983-EB6E-4F93-A1D3-3C6FB9586844-- From nobody Thu Jul 11 10:15:24 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E23B12049E for ; Thu, 11 Jul 2019 10:15:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.703 X-Spam-Level: X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qz4NYDXhJ8of for ; Thu, 11 Jul 2019 10:15:17 -0700 (PDT) Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEECB12047F for ; Thu, 11 Jul 2019 10:15:17 -0700 (PDT) Received: by mail-io1-xd2d.google.com with SMTP id g20so14133369ioc.12 for ; Thu, 11 Jul 2019 10:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=CorDw7cVS5iGvl714KF/EGzwvnhBDWoy8Te8dbhpq6M=; b=sdIf64TGbczd3RSSIR/9dUgSVN6wvEdxqwfd2PBZQcvwwlvtXUUhIMTr8SMJZ6Haa4 A60BsxtKOgWMs/Svrg6Zap/0jiksU5/0bQ0JRGRtDr2E2uLco/DwoG7PzsxTlZQMl8Nd Noi+nj+cQFK+TXt+vFEnbLBLbZsJ8jkRpeMzLMiALEGB6vYKayHG3SbrBPjPjXls1OYn 60bcSrhjgRfk1ZVWKIZdgllhOz4k64Oj4P/pab2HgTRsTt6XQXk5jekaTMzlPc0wTC/0 nigAuwyAyaUyjcx3nNotkyFqRZ+3NwTsbihnBmDLEmlF/XsFEMAgPykCU9A1JcCTVwI6 /Lig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=CorDw7cVS5iGvl714KF/EGzwvnhBDWoy8Te8dbhpq6M=; b=ZI0v4WJhtRJjvJBmlXmqeHMXm6V+ZZlDBTLV0ih7R+XLod44LiHxzoCdXW0M5IOTZe 01OwhEswCg0lk39qrHhGST/zRfNrwLE1FR6kQU7XdUK22dnw7L80gQ5srMdSEC6NQcKm +bivBxtisCMMyV+4mv2qkoBrGxhdos3Lm7H8t0jR9b0KPuKoSzF3LkS3rAbUYtr904TU X4oE9TmRvDGYVkY+8xwurKFNbYeDcX9HgBlyelJsCito1ECnlhH9o7j82iRYTIupmm1Y DXKRAhjKBr98doB9YkmWSqQ1uQGMahDPUmlPUeMhsNVtEbvqCGUaZK2+WWCXwYRv8NQX ohsw== X-Gm-Message-State: APjAAAW4G6OjzT8lwyG1PpIFOCpoIQfFH5GeTv7of23rFzcjJsszc23O PX3IlLtDEvQYAkKuqUz4bMkejXJotjbWirH25zAJYrxa X-Google-Smtp-Source: APXvYqzfnvBkgggcXFOfqvfIy4PQx0lGzrxW6mtx80F7VIih3NTYxqQZFgW0xS7spJqJSGujkmVffhPCbjAQ362nJpI= X-Received: by 2002:a05:6602:2248:: with SMTP id o8mr5428237ioo.90.1562865316554; Thu, 11 Jul 2019 10:15:16 -0700 (PDT) MIME-Version: 1.0 From: "M. Ranganathan" Date: Thu, 11 Jul 2019 13:14:40 -0400 Message-ID: To: mud@ietf.org Content-Type: multipart/alternative; boundary="000000000000066cb5058d6af0bd" Archived-At: Subject: [Mud] mudmaker ICMP support? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 17:15:23 -0000 --000000000000066cb5058d6af0bd Content-Type: text/plain; charset="UTF-8" Mudmaker leaves out ICMP as a protocol choice. Was this intentional or simply a matter of not having enough time to add it? Thanks, Ranga -- M. Ranganathan --000000000000066cb5058d6af0bd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Mudmaker=C2=A0 leaves out ICMP as a protocol choice.= =C2=A0 Was this intentional or simply a matter of not having enough time to= add it?

Thanks,

Ranga

--
=
M. R= anganathan

--000000000000066cb5058d6af0bd-- From nobody Thu Jul 11 11:22:28 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD0C1202A6 for ; Thu, 11 Jul 2019 11:22:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.703 X-Spam-Level: X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vpjqqCD4liby for ; Thu, 11 Jul 2019 11:22:25 -0700 (PDT) Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A21B120228 for ; Thu, 11 Jul 2019 11:22:25 -0700 (PDT) Received: by mail-io1-xd34.google.com with SMTP id j6so14657412ioa.5 for ; Thu, 11 Jul 2019 11:22:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=m4yyYSq67s9nzy9o1OxX0LKjzduKmjEyo4gHulIYxEI=; b=PAeV1ya6v/sonc35FtXkGO5Cge7uq4TeCFlfzDJetoYC8pUO7oO+8NGsBsuQm81tZJ idaH6mETdrHJzdfdSJ5PxhJU0jKC0k5iZKcI6EYpJDR29cb1ejwbHFC42AIbCDT0jK5x aFa8zGsqhoIzOBKdRUua+4KYet7C7HcXVtceiqCLWuMH8TUrdFgEkKl2eJg48hw1cgpB d4rvDildkhMfJClLrBJoIU+ABUawvHYoXotyIyjgnF3ekM0pLM+ayUKaWuJACOSvuG9I s74FKTk9nHR6Ugf0rjwXESRJ1bX2WxRr0pJntiLTPwH6FGsUQF6bynOS0KZdVhIR0i6a Bh+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=m4yyYSq67s9nzy9o1OxX0LKjzduKmjEyo4gHulIYxEI=; b=AevlajcqcKhd3i+T511iEyCiFbTGzLmxEqTnDL4cpuzM19twtLd5ddnZu0Lz/uYof8 iCHdV6VO7K+Ohs2gbTg181YQr9JrF/wEW0pQUxjeULHWjBuPaVGePlJVrUDvoIPUzFi7 b8VXr1ASSYWm6f/UetaZoA2e9jCXaXhHRKc5n3R6gcYsnZCj8vR4an4f2FDDuY9LZHQ8 DfjZguoWmOGKXIbflxKJTJJKPHePoXC2B5Pr62f5+0I0LoI64gZjGtl2tjZPRDNFF8ub /UcQKAWCdbCujQ2PpRMiUWxlcEdep05U2FnL9ku+xn8SQrXIuaoO0MyZbfeSOv+vNycp AeXQ== X-Gm-Message-State: APjAAAV+PHe005rJ+MnmZQXfwNy9VdlmnzLdcb+0O6tTzQkBvxupjr6u voNU9MUpFTDU2s/4C/IcoXvvEwH+E6JSNVw29cu9Kevq X-Google-Smtp-Source: APXvYqx1+tpcrziiGQK2IXKgiDS3HVM5e/nwLu/cV7BrSfIqYT265em3Dgn1aOqMU54TtT9c/Syg/VsemXsKTNXR86o= X-Received: by 2002:a5e:d615:: with SMTP id w21mr6117962iom.0.1562869344164; Thu, 11 Jul 2019 11:22:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "M. Ranganathan" Date: Thu, 11 Jul 2019 14:21:47 -0400 Message-ID: To: mud@ietf.org Content-Type: multipart/alternative; boundary="00000000000016e7be058d6be0a9" Archived-At: Subject: Re: [Mud] mudmaker ICMP support? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 18:22:27 -0000 --00000000000016e7be058d6be0a9 Content-Type: text/plain; charset="UTF-8" Reason I am asking the question is to know if one would expect to see ICMP ACE's in a MUD profile (i.e. would you expect a manufacturer to specify ICMP ACE's in a MUD profile?) Thanks, On Thu, Jul 11, 2019 at 1:14 PM M. Ranganathan wrote: > Mudmaker leaves out ICMP as a protocol choice. Was this intentional or > simply a matter of not having enough time to add it? > > Thanks, > > Ranga > > -- > M. Ranganathan > > -- M. Ranganathan --00000000000016e7be058d6be0a9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Reason I am asking the question is to know if one wou= ld expect to see ICMP ACE's in a MUD profile (i.e.=C2=A0 would you expe= ct a manufacturer to specify ICMP ACE's in a MUD profile?)
Thanks,

On Thu, Jul 11, 2019 at 1:14 PM M. Ranganatha= n <mranga@gmail.com> wrote:
=
Mudmaker=C2=A0 leaves out ICMP as a protocol choice.=C2=A0 Was this in= tentional or simply a matter of not having enough time to add it?

Thanks,

Ranga
<= div>
--
M. Ranganathan

=


--
M. Ranganathan

<= /div>
--00000000000016e7be058d6be0a9-- From nobody Thu Jul 11 12:43:45 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56111120155 for ; Thu, 11 Jul 2019 12:43:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuijzXMYKK6Y for ; Thu, 11 Jul 2019 12:43:40 -0700 (PDT) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E89A912013B for ; Thu, 11 Jul 2019 12:43:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1145; q=dns/txt; s=iport; t=1562874219; x=1564083819; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=1PGW1l9MMZlPeI+3MBc+qVqH4oPC3MRkEM+hl/odMZI=; b=h5zP5VTEvE7HBZ7QvsvqWzcJleaX2wUazicjpfNTsHPTsWssONsDtcKp 5OVItqZMNtFJ0N6tpuo3+jJgkYmbzgF7uMWcH+XxUKJAxswR8c4Ac7S6n E5+Tj6ms0WEVRuob0oZYfV8KsAD7s1V5Vm3mSjb/r14vnfXLPuCGgLm4j s=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAADfkCdd/xbLJq1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVAMBAQEBAQsBgwBRASASKIQciHuLTiWJUI8ogXsCBwE?= =?us-ascii?q?BAQkDAQEYCwwBAYRAAoJ2NQgOAQMBAQQBAQIBBW2FPAyFSgEBAQECAQEBIUs?= =?us-ascii?q?LBQsLGCoCAiEGMAYTgyIBgWoDDg8PrCyBMoVHgkANghYKBoE0AYFQiiWBf4E?= =?us-ascii?q?4DBOCTD6CGkcBAYRrMoImBJRslS9ACYIbgh+BDIxpg3QbghwBixiKTpZsiwa?= =?us-ascii?q?DCwIEBgUCFYFSATWBWDMaCBsVOyoBgkE+iwiFQT0DMJAGAQE?= X-IronPort-AV: E=Sophos;i="5.63,479,1557187200"; d="asc'?scan'208";a="14201651" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Jul 2019 19:43:36 +0000 Received: from [10.61.233.35] ([10.61.233.35]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x6BJhZfn030914 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 11 Jul 2019 19:43:36 GMT From: Eliot Lear Message-Id: <87E54DD5-1184-4529-866E-2B0CDF5B33CD@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_F20FBD18-1D46-419D-8E18-4C1A01E218C6"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Thu, 11 Jul 2019 21:43:35 +0200 In-Reply-To: Cc: mud@ietf.org To: "M. Ranganathan" References: X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.233.35, [10.61.233.35] X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Mud] mudmaker ICMP support? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 19:43:43 -0000 --Apple-Mail=_F20FBD18-1D46-419D-8E18-4C1A01E218C6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 11 Jul 2019, at 19:14, M. Ranganathan wrote: >=20 > Mudmaker leaves out ICMP as a protocol choice. Was this intentional = or simply a matter of not having enough time to add it? It=E2=80=99s allowed. See Page 13, middle of the page, what ACL model = features are recommended. Eliot >=20 > Thanks, >=20 > Ranga >=20 > -- > M. Ranganathan >=20 > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud --Apple-Mail=_F20FBD18-1D46-419D-8E18-4C1A01E218C6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSeRZwAKCRBugA9nE248 uCwwAKCqc+7EINBF9AsKNi9Z0704uRsDYACfbYk5FnpGARQ2R4f2NGVEPNw7KH8= =1sRm -----END PGP SIGNATURE----- --Apple-Mail=_F20FBD18-1D46-419D-8E18-4C1A01E218C6-- From nobody Sun Jul 14 05:41:25 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE0212008A for ; Sun, 14 Jul 2019 05:41:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RX_HC7whcMvQ for ; Sun, 14 Jul 2019 05:41:21 -0700 (PDT) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA31E120133 for ; Sun, 14 Jul 2019 05:41:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=900; q=dns/txt; s=iport; t=1563108080; x=1564317680; h=from:mime-version:subject:message-id:date:to; bh=2YsYyo/VDxR0GHrMawVJ4LZpQbM57IW/DOpHSuigvK0=; b=dENpuQ7MFEJV5/IzexQ6pWfqGFlX9dBdG54hYr2U0smjhnCrHZHK3BOG VmNZsTIQJGbb1vcoFvdNYVx824sAHcPBIEXr9X+KhHm0G7z4SlHm2bliJ gISdSXCpYSvD0CwpS2IbQbHff/FTg34PRJ56bW+OyWOqqwLTMxoNxBHUh Y=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BUAACnIitd/xbLJq1mHAEBAQQBAQc?= =?us-ascii?q?EAQGBVQUBAQsBgwBRASAShESIe4tTj2SJPoF7AgcBAQEJAwEBHxABAYc7Ngc?= =?us-ascii?q?OAQMBAQQBAQIBBW2FPAyFdIEzAoQUAYIKmxuOfIEyii0KBoE0AYFQiiWBf4E?= =?us-ascii?q?4DBOFawKCLoI9MoImBJRxlXIJghuCH4EMgy2NNBuCHQGLGYpTlCJbhgeGdoM?= =?us-ascii?q?LAgQGBQIVgVcHKoFYMxoIGxVlAYJCPYV0hRSFQT0DkRkBAQ?= X-IronPort-AV: E=Sophos;i="5.63,490,1557187200"; d="asc'?scan'208";a="14287328" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jul 2019 12:41:18 +0000 Received: from [10.61.168.132] ([10.61.168.132]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6ECfHYP007432 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 14 Jul 2019 12:41:18 GMT From: Eliot Lear Content-Type: multipart/signed; boundary="Apple-Mail=_219BE25F-D1CC-4346-8DAA-B165A7F32036"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: Date: Sun, 14 Jul 2019 14:41:17 +0200 To: mud@ietf.org X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.168.132, [10.61.168.132] X-Outbound-Node: aer-core-4.cisco.com Archived-At: Subject: [Mud] An improved mud maker? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jul 2019 12:41:23 -0000 --Apple-Mail=_219BE25F-D1CC-4346-8DAA-B165A7F32036 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I have a beta version of a new MUD maker for those who would like to = take a look. It=E2=80=99s at https://mudmaker.org/beta. If you would = like to make changes, feel free to submit PRs to = https://github.com/elear/mud. Eliot --Apple-Mail=_219BE25F-D1CC-4346-8DAA-B165A7F32036 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXSsi7QAKCRBugA9nE248 uCFvAKDxCp4PSuuHUMJeMqyVVxyaMH+cNgCgvNJ/pESyDzeg23KyvWq8lN8+uUo= =n3he -----END PGP SIGNATURE----- --Apple-Mail=_219BE25F-D1CC-4346-8DAA-B165A7F32036-- From nobody Wed Jul 17 14:26:01 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32CA7120116 for ; Wed, 17 Jul 2019 14:26:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94jlCG1Qgncz for ; Wed, 17 Jul 2019 14:25:58 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE2F120113 for ; Wed, 17 Jul 2019 14:25:57 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 902CD3808A for ; Wed, 17 Jul 2019 17:25:51 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F2FC6AC2 for ; Wed, 17 Jul 2019 17:25:55 -0400 (EDT) From: Michael Richardson To: mud@ietf.org X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Date: Wed, 17 Jul 2019 17:25:55 -0400 (EDT) Archived-At: Subject: [Mud] =?utf-8?q?=5BDumpsterfire=5D_Vulnerabilities_found_in_GE_a?= =?utf-8?q?nesthesia_machines_=28fwd=29_Jos=C3=A9_Mar=C3=ADa_Mateos_via_Du?= =?utf-8?q?mpsterfire?= X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2019 21:26:00 -0000 : [Dumpsterfire] Vulnerabilities found in GE anesthesia machines Date: Wed, 17 Jul 2019 17:25:55 -0400 Message-ID: <18806.1563398755@localhost> Content-Type: text/plain -------- --=-=-= Content-Type: message/rfc822 Content-Disposition: inline; filename=1185 Content-Description: forwarded message Return-Path: Received: from tuna.sandelman.ca [2607:f0b0:f:3:216:3eff:fe7c:d1f3] by localhost with IMAP (fetchmail-6.3.26) for (single-drop); Wed, 17 Jul 2019 08:03:17 -0400 (EDT) Received: from tuna.sandelman.ca ([unix socket]) by tuna (Cyrus git2.4.17+0-Debian-2.4.17+nocaldav-0+deb8u2) with LMTPA; Tue, 16 Jul 2019 18:26:06 -0400 X-Sieve: CMU Sieve 2.4 Received: from delivery.mtaroutes.com (delivery.mtaroutes.com [185.201.16.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tuna.sandelman.ca (Postfix) with ESMTPS id CDE583808A for ; Tue, 16 Jul 2019 18:26:05 -0400 (EDT) X-DKIM-Failure: signature_incorrect Received: from ukiah.firemountain.net ([207.114.3.55]) by mx41.antispamcloud.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1hnVtb-0007lM-TZ for mcr@sandelman.ca; Wed, 17 Jul 2019 00:26:08 +0200 Received: from ukiah.firemountain.net (localhost [127.0.0.1]) by ukiah.firemountain.net (8.14.9/8.14.9) with ESMTP id x6GMOd4g005148; Tue, 16 Jul 2019 18:24:39 -0400 (EDT) Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by ukiah.firemountain.net (8.14.9/8.14.9) with ESMTP id x6GMOY2G012765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 16 Jul 2019 18:24:35 -0400 (EDT) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by taos.firemountain.net (8.15.1/8.14.9) with ESMTPS id x6GMON4M001547 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 16 Jul 2019 18:24:33 -0400 (EDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id D5470222B2; Tue, 16 Jul 2019 18:24:17 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Tue, 16 Jul 2019 18:24:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rinzewind.org; h=date:from:to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=fm2; bh=HNcMPKhVXXGPlIsR+7wTdkm1H9 l4iS7SqCKhn3G92vw=; b=aVWO3Dgq15azpH0bFaRKp6/BGQrvauG+CVQ6dPL+Aj kci6SGnY8s1fySs6DprHXTvh3glw/V/bk3fHwlro/4KHYSGg5PIPbmzmqFG6vUUW 4kxWWfeQ+WJ3jaFmNQLe3fRrbjTo/VaKBalcCOey+iW0SioiwJZde3XtQspamsgp 4ZNCo8GhsrRbokftmg1jZtCp9B/PvWfkWIFF/TyunDN4UdTRILT4TFm9YPkXdUS9 IzGkeNv2c09QHOXewZUr0OkG0S7HSdGoNDLlj0XIjAVhteZihxulkOLMQOGGBY8x 6GP7oQOArWGKv455amEzSqeLmvp/DUVOLzYi/S5ao87w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=HNcMPK hVXXGPlIsR+7wTdkm1H9l4iS7SqCKhn3G92vw=; b=mccek+l7PvG2/m4jCqSAH+ cCubS1xQdERAlPjPfRlamj5bQMp5S6kxmePYEbIxzcjhFUPHWFNazaZuz5ELUZwK bacU0oEKG49gVHoefhdom+jXXJBWnizrsbolepvTp7ZBI49Zsz068zkvh//RUZFD rj0LOd1MwHt/Xj1944iYobiuF3fcVO0JBI8y6ujlXzBWxZ8JRlywecOaFMBwjpAz OZmOwt8ekLyjC214A3q1E9AaSS8QY2PrwJ/hr3HRMtDTv427d9Ms3ahFTeXUVllu sakzSvNVgtU6jUNzJYHr/XEB/RtzD4NNwQc4X22ogxzGxVDB95Hc+wbAUWc5PlkQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddriedugddtlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkgggtugfgfgesthekredttderudenucfhrhhomheplfhoshorpgfo rghrvogrucforghtvghoshcuoegthhgvmhgrsehrihhniigvfihinhgurdhorhhgqeenuc ffohhmrghinhepiigunhgvthdrtghomhdprhhinhiivgifihhnugdrohhrghenucfkphep udefhedrvdefrdduleeirddujedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegthhgvmh grsehrihhniigvfihinhgurdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from miniequipaje (135-23-196-172.cpe.pppoe.ca [135.23.196.172]) by mail.messagingengine.com (Postfix) with ESMTPA id 3A638380074 for ; Tue, 16 Jul 2019 18:24:17 -0400 (EDT) Date: Tue, 16 Jul 2019 18:24:16 -0400 To: Dumpsterfire mailing list Message-ID: <20190716222416.GA2350@miniequipaje> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Subject: [Dumpsterfire] Vulnerabilities found in GE anesthesia machines X-BeenThere: dumpsterfire@firemountain.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Dumpsterfire - the mailing list for IoT security and privacy failures List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: =?utf-8?q?Jos=C3=A9_Mar=C3=ADa_Mateos_via_Dumpsterfire?= Reply-To: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors-To: dumpsterfire-bounces@firemountain.net Sender: "Dumpsterfire" Received-SPF: pass (mx41.antispamcloud.com: domain of firemountain.net designates 207.114.3.55 as permitted sender) client-ip=207.114.3.55; envelope-from=dumpsterfire-bounces@firemountain.net; helo=ukiah.firemountain.net; X-SPF-Result: mx41.antispamcloud.com: domain of firemountain.net designates 207.114.3.55 as permitted sender Authentication-Results: mx41.antispamcloud.com; dmarc=pass header.from=firemountain.net Authentication-Results: antispamcloud.com; spf=pass smtp.mailfrom=dumpsterfire-bounces@firemountain.net; dkim=fail (signature_incorrect) header.i=rinzewind.org; dkim=fail (signature_incorrect) header.i=messagingengine.com X-Filter-Label: newsletter X-MailAssure-Class: ham X-MailAssure-Evidence: Combined (0.00) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0U6y6flTXvu8AHhQTLy0w52pSDasLI4SayDByyq9LIhVgMu2a8D7qgB7 B9U4GDgqtkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDR6k3ZaTOixxpyXIRqqgntMfT L5Vk7ZSjJErBan4vOMxxIUnMvvXvHBexVSJctfI+49GmogNFq1JMiIbb9waeVyYcRR/5VyJsip7X LWF9fUZLBN/b7WXe4hadMNjwOSBXZnvBUmYAD0T/UDk7jlMguK6smANquCQb08BMF1ayWZd8HYiQ werCikpdDoQ79eRe4xtx8X6g2fqY88vRFjo/T4JgKqW8gub69l+DnsJgVmid90ArxoqrpRyIYE+9 NXr5NOrb0lF/P2SeAS7yGgBJLlI1FgIZkSGL9esOjm3jsmQ/+ndkjgQT3Tr5P9eHCeWFhMJ8sp46 CdzmGgq7NTUlHxnyh5UIg/OAyRsA+PeSM3HUG218mAsMhCybw2uuG0D8fPtnX77FkO9dFKmg3yDY 9YxJ4/tP7LpAV9e4/IZ+noh0nriuedFx+PXd4OnYu4BlehIqUczFWeS6sE8e1b5/UoWX1tvr272h z+zoHarCTxZFXYii8rs+f8KpwKAO5iwimz3NJmJzTE1T6wyg1SHXC2eviac8nqMC3QrXL0rL+0mg Gl1aPxAtivmw3hSDPS17OqvibrUUrEv6oRjaRvV8440AOHAuMgaMkRL4ioiXWfsrBGniPBhM7TNy 99XV1rf5lpMV7NNMSm7dWOrJ5dyfVS8QeiPLIqS2h+VkQHnMR6m49OCXYgtWWDdULZ6irGSrhvF3 4FmABKZdjYZYeFqNewkyCUctcfKsRSG94Q+C0Q4CQyjD30PEK5ROhdLDyBZLfqb5R4VemuUI6bcE ARsm0NxqEOPQOJoeUrlPzxd3rKtafqUtWly0E+LhAqXOW3tHXuPifZp7rqHq2NDb9vrEPvAFMvX7 q8M4x6bP/gjzw0OrPM2L4EAGpWL0lg0ttbr6 X-Report-Abuse-To: spam@quarantine10.antispamcloud.com Via RISKS Digest 31.33: https://www.zdnet.com/article/vulnerabilities-found-in-ge-anesthesia-machin= es/ GE recommends not connecting vulnerable anesthesia machines to hospital networks. Security researchers have discovered vulnerabilities in two models of hospital anesthesia machines manufactured by General Electric (GE). The two devices found to be vulnerable are GE Aestiva and GE Aespire -- models 7100 and 7900. According to researchers from CyberMDX, a healthcare cybersecurity firm, the vulnerabilities reside in the two devices' firmware. CyberMDX said attackers on the same network as the devices -- a hospital's network -- can send remote commands that can alter devices' settings. The researcher claims the commands can be used to make unauthorized adjustments to the anesthetic machines' gas composition, such as modifying the concentration of oxygen, CO2, N2O, and other anesthetic agents, or the gas' barometric pressure. Cheers, -- = Jos=E9 Mar=EDa (Chema) Mateos || https://rinzewind.org ********************************************************************** The Dumpsterfire mailing list is hosted by firemountain.net. To unsubscribe or change delivery options: http://www.firemountain.net/mailman/listinfo/dumpsterfire --=-=-=-- From nobody Fri Jul 19 02:49:38 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD083120179 for ; Fri, 19 Jul 2019 02:49:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.502 X-Spam-Level: X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOB5ci4aI8WP for ; Fri, 19 Jul 2019 02:49:34 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD8931200B1 for ; Fri, 19 Jul 2019 02:49:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=805; q=dns/txt; s=iport; t=1563529774; x=1564739374; h=from:mime-version:subject:message-id:date:to; bh=2Uc8RUyqcQJr1Wxdh2wRJVZVm5AQp4szi1FWa4suLoM=; b=e1M+2aNNwfvNhzUC3kVeldyYIo7f0D6ODxrSVuUuZy+lokd/T1O/os5c +3/RfxJG3+xt/SSvRdD+qlohOsB1B4Rm9WvQOO9PyeoDzHW62cbMLtNNf GIPyFOEthQ/NLh/Z7jp6HY1FycuVQmy/A1vK0SpTh13ztf3AwH5vYO32/ 8=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A6AAAckTFd/xbLJq1mHAEBAQQBAQc?= =?us-ascii?q?EAQGBVAYBAQsBgwNRASAShEeIe5pliT6BewIHAQEBCQMBASUKAQGHMTUIDgE?= =?us-ascii?q?DAQEEAQECAQVthTwMhXSBMwJggzQBggoPqz2BMoQ2A4VsCgaBNAGBUIolgX+?= =?us-ascii?q?BEScfilkygiYElHGVcgmCG4IfgQyDLY00G4IdAYsZilONNYdIjH2DCwIEBgU?= =?us-ascii?q?CFYFRATaBWDMaCBsVZQGCQj2KTYV8PQOQFAEB?= X-IronPort-AV: E=Sophos;i="5.64,281,1559520000"; d="asc'?scan'208";a="14475989" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Jul 2019 09:49:32 +0000 Received: from [10.61.235.245] ([10.61.235.245]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6J9nVQM000331 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 19 Jul 2019 09:49:31 GMT From: Eliot Lear Content-Type: multipart/signed; boundary="Apple-Mail=_AF5B1F5F-50BE-4033-BDEF-2EA052B12004"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <891E5B96-F170-4C38-B0C5-4CFD99644A23@cisco.com> Date: Fri, 19 Jul 2019 11:49:30 +0200 To: mud@ietf.org, collaborators-mitigating-iot-ddos-nccoe@list.nist.gov X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.235.245, [10.61.235.245] X-Outbound-Node: aer-core-4.cisco.com Archived-At: Subject: [Mud] As we start hacking tomorrow... X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jul 2019 09:49:36 -0000 --Apple-Mail=_AF5B1F5F-50BE-4033-BDEF-2EA052B12004 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 =E2=80=A6 we can think about continuing our hacking at RIPE. = https://labs.ripe.net/Members/becha/iot-hackathon-at-ripe-79-in-rotterdam --Apple-Mail=_AF5B1F5F-50BE-4033-BDEF-2EA052B12004 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXTGSKgAKCRBugA9nE248 uChZAJ9K0v0jpD8MQDtIy8luhGTyInE4SwCgoitA+7JSLICFiqTNzJihuKWFLpk= =7RcO -----END PGP SIGNATURE----- --Apple-Mail=_AF5B1F5F-50BE-4033-BDEF-2EA052B12004-- From nobody Sun Jul 21 07:48:24 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CC9F120020 for ; Sun, 21 Jul 2019 07:48:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOCEQ_ndBbsf for ; Sun, 21 Jul 2019 07:48:20 -0700 (PDT) Received: from mx2.cira.ca (mx2.cira.ca [192.228.22.117]) by ietfa.amsl.com (Postfix) with ESMTP id 4E8A7120019 for ; Sun, 21 Jul 2019 07:48:20 -0700 (PDT) X-Virus-Scanned: by SpamTitan at cira.ca Authentication-Results: mx2.cira.ca; none Received: from CRP-EX16-01.CORP.CIRA.CA (10.2.36.120) by CRP-EX16-02.CORP.CIRA.CA (10.2.36.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1531.3; Sun, 21 Jul 2019 10:48:16 -0400 Received: from CRP-EX16-01.CORP.CIRA.CA ([fe80::55ed:64a1:685a:4753]) by CRP-EX16-01.CORP.CIRA.CA ([fe80::55ed:64a1:685a:4753%13]) with mapi id 15.01.1531.010; Sun, 21 Jul 2019 10:48:16 -0400 From: Lucas Estienne To: "mud@ietf.org" CC: Daniel Innes Thread-Topic: Python package for MUD file generation Thread-Index: AdU/0ivIz0bk2Y9URkqsZANoz/EjIA== Date: Sun, 21 Jul 2019 14:48:16 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.2.36.1] Content-Type: multipart/alternative; boundary="_000_c4d115b09bfc41aa867224e650e58339ciraca_" MIME-Version: 1.0 Archived-At: Subject: [Mud] Python package for MUD file generation X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jul 2019 14:48:22 -0000 --_000_c4d115b09bfc41aa867224e650e58339ciraca_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Here's the library we worked on during the hackathon to generate mud files: https://github.com/lstn/muddy https://pypi.org/project/muddy/ pip3 install muddy It comes with a cli (muddy make ...) however the actual logic to make it w= ork isn't implemented yet... if someone wants to make a PR for that :) Lucas --_000_c4d115b09bfc41aa867224e650e58339ciraca_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

Here’s the library we worked on during the hac= kathon to generate mud files:

https://gi= thub.com/lstn/muddy

https://= pypi.org/project/muddy/

pip3 install muddy

 

It comes with a cli (muddy make  …) howev= er the actual logic to make it work isn’t implemented yet… if s= omeone wants to make a PR for that J

 

Lucas

 

 

 

 

--_000_c4d115b09bfc41aa867224e650e58339ciraca_-- From nobody Sun Jul 21 11:12:52 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03323120133; Sun, 21 Jul 2019 11:12:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JFkSnf34NQP; Sun, 21 Jul 2019 11:12:41 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE8B912012E; Sun, 21 Jul 2019 11:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1938; q=dns/txt; s=iport; t=1563732761; x=1564942361; h=from:mime-version:subject:message-id:date:to; bh=HwCB7g4pMt7WT8t6xSK5i07xE3za6/kYl6Wx6q4PIHQ=; b=l4RjzimfnOLipVkqsWUwytwj+Gl8zRNgE+YOaIOqTD0B4F6gDs7afYVs 4n5wIts7HKkyCc893fpD4FwWrQ21CSF08F4mU5/pGBN61B2oMjmSV0ehU +RQmbz8OO62vvmPS7o3hCVI/QnXGyY+djPkQPl2VLiJQNshv3VfB0jZMa o=; X-Files: signature.asc : 195 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AbAAB/qjRd/4oNJK1mGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBVAUBAQELAYFnL4E/MpZbgWqTIIYDgXsCBwEBAQkDAQEvAQGHFCM?= =?us-ascii?q?1CA4BAwEBBAEBAgEGbYUqhUGBJwGBIIM0AYIKqm2KJhCBNAGBUIoOF4F/gTg?= =?us-ascii?q?ME4JMPoEEAYZ8giYElHGVcgmCGwOCHIEMkGEbjTeKU401lEWDCwIEBgUCFYF?= =?us-ascii?q?SAzOBWDMaCBsVZQGCQj2CHI5IIwOQBQEB?= X-IronPort-AV: E=Sophos;i="5.64,292,1559520000"; d="asc'?scan'208,217";a="601152886" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Jul 2019 18:12:40 +0000 Received: from [10.86.245.105] ([10.86.245.105]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x6LICd5A032108 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 21 Jul 2019 18:12:40 GMT From: Eliot Lear Content-Type: multipart/signed; boundary="Apple-Mail=_B2DD0258-28ED-4483-93BC-9ECE1CCF2A2D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <393A54CA-DE46-450C-9398-DCD78EF52E30@cisco.com> Date: Sun, 21 Jul 2019 14:12:38 -0400 To: iot-onboarding@ietf.org, mud@ietf.org X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.86.245.105, [10.86.245.105] X-Outbound-Node: alln-core-5.cisco.com Archived-At: Subject: [Mud] Reminder tomorrow: IoT Onboarding / MUD meeting X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jul 2019 18:12:43 -0000 --Apple-Mail=_B2DD0258-28ED-4483-93BC-9ECE1CCF2A2D Content-Type: multipart/alternative; boundary="Apple-Mail=_51BC2C38-64DC-4EE8-B6D0-444A9DC1275A" --Apple-Mail=_51BC2C38-64DC-4EE8-B6D0-444A9DC1275A Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii 9:00am Room C2 on the 21st Floor Agenda: Results of the Hackathon New drafts this time around and changes to old ones Skills for MUD files non-ANIMA ACP different forms of integration Trust model for MUD signatures Other stuff Eliot --Apple-Mail=_51BC2C38-64DC-4EE8-B6D0-444A9DC1275A Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii 9:00am Room C2 on the 21st Floor

Agenda:
  • Results of the Hackathon
  • New drafts this time around and changes to old ones
  • Skills for MUD files
  • non-ANIMA ACP different forms of integration
  • Trust model for MUD signatures
  • Other stuff

Eliot
--Apple-Mail=_51BC2C38-64DC-4EE8-B6D0-444A9DC1275A-- --Apple-Mail=_B2DD0258-28ED-4483-93BC-9ECE1CCF2A2D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXTSrFgAKCRBugA9nE248 uOZ1AJ9jNSH/JLydvFFxGZ5SbDcx+1mdjACg5vduHimXMPMNHoDMz/R3oJAELQs= =Ix4n -----END PGP SIGNATURE----- --Apple-Mail=_B2DD0258-28ED-4483-93BC-9ECE1CCF2A2D-- From nobody Sun Jul 21 11:38:45 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CFB81200C4 for ; Sat, 20 Jul 2019 20:34:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.25 X-Spam-Level: X-Spam-Status: No, score=-9.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=loon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BTI2BSmRG7_1 for ; Sat, 20 Jul 2019 20:33:59 -0700 (PDT) Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79EF31200D8 for ; Sat, 20 Jul 2019 20:33:57 -0700 (PDT) Received: by mail-io1-xd2d.google.com with SMTP id g20so66597803ioc.12 for ; Sat, 20 Jul 2019 20:33:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=loon.com; s=google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=YVKouiH4IryHPCGvbLhozYilZxCVzqr30tRpJy48F68=; b=L8AIKYprWBT8GAbw3dYd1ZW+9D1joHdcb/QJZ1npWYpfocdXAh/YRqUbTyuL8CTnDb 8kL0rjDfQJkCtlkOTtpQxwWfffrXyXDB2Wt6vXzv5QPEyBuCYWtkg7e6z0ohOKhZR5rZ pb68PSSJED1ELBbCd5kGTqTO2E9KUb0NKafEk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=YVKouiH4IryHPCGvbLhozYilZxCVzqr30tRpJy48F68=; b=IuFNVgKuv7KJWzR/zUXb6Yjt9DnFBAIm3qVtA8xy2iag4yhP3gbpvstMV5slChtjeA sUWmDUX5/dsAny8sXhowGah420X9KJytmF+TYO2KHUMpJCqLpLIU0yxATHFoDn8MpT4h FrVdCvY+nBYcBfpsNUjQz2BwvO+z8dmhp5Knhr0D+gVabthrh3BfVcmsnVDJzGTy6CRb k1glBNloXDW3HSqK6tlU9xGakzFdzr6f0eyTsdYAuH4ocWwHyx0EjhZxCNtTNg2C0hQH 3a/SE8rwHS1wfDUol3VQx5vstizMqZfkoj7sS0JmsSnklSgMNqrfgNowkJvppU7ZFQgx CtGg== X-Gm-Message-State: APjAAAWy50pko40hs/rSgITS424vXpkybQoKulFP+4e0LvHsOkpqs8Fk P4SIaeJl5YjVop7V3DLibPd/MIbgcYZ3tJbytw+Upg== X-Google-Smtp-Source: APXvYqx7WQH3n8air9grurutLZyjmulQroGtyb6Psp83zhcRMIZWN5sUKM+v+JwcFeKOe3+0aXmF2RMg4/G18cgQhzk= X-Received: by 2002:a02:1a86:: with SMTP id 128mr15179903jai.95.1563680036325; Sat, 20 Jul 2019 20:33:56 -0700 (PDT) MIME-Version: 1.0 References: <27897.1562697682@localhost> In-Reply-To: <27897.1562697682@localhost> Reply-To: ek@loon.com From: Erik Kline Date: Sat, 20 Jul 2019 23:33:44 -0400 Message-ID: To: Michael Richardson Cc: captive-portals , opsawg@ietf.org, mud@ietf.org Content-Type: multipart/alternative; boundary="0000000000001be4ce058e28a124" Archived-At: X-Mailman-Approved-At: Sun, 21 Jul 2019 11:38:42 -0700 Subject: Re: [Mud] [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jul 2019 03:34:01 -0000 --0000000000001be4ce058e28a124 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Most discussion has, co-chair hat off, be circling around some minimal working API mechanism to get things started. That said, one could easily imagine, for example, something as simple as an additional API boolean key, "quarantined": true|false, Perhaps once there's some experience with 7710bis+API implementation... On Tue, 9 Jul 2019 at 14:41, Michael Richardson wrote: > > Again, a WG whose ML is not the WG name, and there is no alias. ARGH. > Here are some emails that didn't get to captive-portals@ietf.org. > Sorry for the duplication for others. > > > > > ---------- Forwarded message ---------- > From: Michael Richardson > To: "opsawg@ietf.org" , "mud@ietf.org" , > capport@ietf.org > Cc: > Bcc: > Date: Tue, 09 Jul 2019 10:41:58 -0400 > Subject: putting quarantined IoT devices behind a captive portal > > Between editing drafts yesterday, I got to thinking about CAPPORT. > I have been working on what to do when an IoT device violates it's MUD > profile. There are a bunch of issues around this. > > Yesterday, it occured to me that when such a device is quarantined > (I really think it should be "quaranteed", but that's not a word) > that the capport controls and APIs should be available to the device to > learn what went on. > > This is not new, I think that this as been the approach of most enterpris= e > NEA systems upon encountering "infection". This has, I assume, involved > forced HTTP proxies to inform human. But, if we have APIs, we can inform > device as well. > > Is this on anyone's radar? > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > > > > > ---------- Forwarded message ---------- > From: Michael Richardson > To: Eliot Lear > Cc: "opsawg@ietf.org" , "mud@ietf.org" , > capport@ietf.org > Bcc: > Date: Tue, 09 Jul 2019 14:38:58 -0400 > Subject: Re: [OPSAWG] putting quarantined IoT devices behind a captive > portal > > Eliot Lear wrote: > > I=E2=80=99m not quite certain how it would work. Can you show a fl= ow that > will > > work for an IoT device (e.g., headless and no display)? > > Device gets quarantined, and the MUD-controller moves it into an isolated > "VLAN". I put air/scare quotes around VLAN, because it's a "MAC-address > VLAN", not an 802.1Q thing. It's really just a layer-2 ACL. > > {We have no way to force the mishaving device into tagging it's packets, > nor > can we force it onto some other ESSID. We can't do a "port-based" VLAN, > because wifi has no ports, and we don't really know how many unmanaged > switches might be on the port anyway. > One might map this onto a IEEE 802.1Q VLAN across a backbone} > > Instead of just dropping all traffic for a device in this category, > all traffic (other than excepted traffic if you implement > > https://datatracker.ietf.org/doc/draft-richardson-shg-mud-quarantined-acc= ess/ > ) > would go into a captive portal system. > > Such a system would, according to > https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ > receive a message when it initiates connections which are not allowed. > (While the capport WG contemplated an ICMP unreachable message with a > URI in it at one point, that is not the current design) > > Actually, I have no idea from reviewing the documentation what the > appropriate "you might be captive" ICMP is now.. THERE IS ONE RIGHT? > > Once the IoT device gets such a message, it can use the API > described at: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ > to retrieve a JSON object telling it that it is captive. At which point, = it > can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a > timer goes off. (%) > > This requires that the IoT device get the captive portal API end point, > which > https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ can > deliver > via DHCPv4/v6 or RA. > > > >> On 9 Jul 2019, at 16:41, Michael Richardson > >> wrote: > >> > >> Signed PGP part > >> > >> Between editing drafts yesterday, I got to thinking about CAPPORT. > I > >> have been working on what to do when an IoT device violates it's M= UD > >> profile. There are a bunch of issues around this. > >> > >> Yesterday, it occured to me that when such a device is quarantined > (I > >> really think it should be "quaranteed", but that's not a word) tha= t > >> the capport controls and APIs should be available to the device to > >> learn what went on. > >> > >> This is not new, I think that this as been the approach of most > >> enterprise NEA systems upon encountering "infection". This has, I > >> assume, involved forced HTTP proxies to inform human. But, if we > have > >> APIs, we can inform device as well. > >> > >> Is this on anyone's radar? > >> > >> -- > >> Michael Richardson , Sandelman Software > Works > >> -=3D IPv6 IoT consulting =3D- > >> > >> > >> > >> > >> > > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals > --0000000000001be4ce058e28a124 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Most discussion has, co-chair hat off, be circling around = some minimal working API mechanism to get things started.

That said, one could easily imagine, for example, something as simple as= =C2=A0an additional API boolean key,

=C2=A0 =C2=A0= "quarantined": true|false,

Perhaps once= there's some experience with 7710bis+API implementation...
=
On Tue= , 9 Jul 2019 at 14:41, Michael Richardson <mcr+ietf@sandelman.ca> wrote:

Again, a WG whose ML is not the WG name, and there is no alias. ARGH.
Here are some emails that didn't get to captive-portals@ietf.org.
Sorry for the duplication for others.




---------- Forwarded message ----------
From:=C2=A0Michael R= ichardson <= mcr+ietf@sandelman.ca>
To:=C2=A0"opsawg@ietf.org" <opsawg@ietf.org>, "mud@ietf.org" <mud@ietf.org>, capport@ietf.org
Cc:=C2= =A0
Bcc:=C2=A0
Date:=C2=A0Tue, 09 Jul 2019 10:41:58 -0400
Subject:= =C2=A0putting quarantined IoT devices behind a captive portal

Between editing drafts yesterday, I got to thinking about CAPPORT.
I have been working on what to do when an IoT device violates it's MUD<= br> profile.=C2=A0 There are a bunch of issues around this.

Yesterday, it occured to me that when such a device is quarantined
(I really think it should be "quaranteed", but that's not a w= ord)
that the capport controls and APIs should be available to the device to
learn what went on.

This is not new, I think that this as been the approach of most enterprise<= br> NEA systems upon encountering "infection".=C2=A0 This has, I assu= me, involved
forced HTTP proxies to inform human.=C2=A0 But, if we have APIs, we can inf= orm
device as well.

Is this on anyone's radar?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-






---------- Forwarded message ----------
From:=C2=A0Michael R= ichardson <= mcr+ietf@sandelman.ca>
To:=C2=A0Eliot Lear <lear@cisco.com>
Cc:=C2=A0"= opsawg@ietf.org&qu= ot; <opsawg@ietf.or= g>, "mud@ietf= .org" <mud@ie= tf.org>, cappo= rt@ietf.org
Bcc:=C2=A0
Date:=C2=A0Tue, 09 Jul 2019 14:38:58 -0400=
Subject:=C2=A0Re: [OPSAWG] putting quarantined IoT devices behind a cap= tive portal

Eliot Lear <lear@cis= co.com> wrote:
=C2=A0 =C2=A0 > I=E2=80=99m not quite certain how it would work.=C2=A0 C= an you show a flow that will
=C2=A0 =C2=A0 > work for an IoT device (e.g., headless and no display)?<= br>
Device gets quarantined, and the MUD-controller moves it into an isolated "VLAN".=C2=A0 I put air/scare quotes around VLAN, because it'= s a "MAC-address
VLAN", not an 802.1Q thing.=C2=A0 It's really just a layer-2 ACL.<= br>
{We have no way to force the mishaving device into tagging it's packets= , nor
can we force it onto some other ESSID. We can't do a "port-based&q= uot; VLAN,
because wifi has no ports, and we don't really know how many unmanaged<= br> switches might be on the port anyway.
One might map this onto a IEEE 802.1Q VLAN across a backbone}

Instead of just dropping all traffic for a device in this category,
all traffic (other than excepted traffic if you implement
https://datatracker.iet= f.org/doc/draft-richardson-shg-mud-quarantined-access/)
would go into a captive portal system.

Such a system would, according to
https://datatracker.ietf.org/doc/dr= aft-ietf-capport-architecture/
receive a message when it initiates connections which are not allowed.
(While the capport WG contemplated an ICMP unreachable message with a
URI in it at one point, that is not the current design)

Actually, I have no idea from reviewing the documentation what the
appropriate "you might be captive" ICMP is now.. THERE IS ONE RIG= HT?

Once the IoT device gets such a message, it can use the API
described at: https://datatracker.ietf.org/d= oc/draft-ietf-capport-api/
to retrieve a JSON object telling it that it is captive. At which point, it=
can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a timer goes off.=C2=A0 (%)

This requires that the IoT device get the captive portal API end point, whi= ch
https://datatracker.ietf.org/doc/draf= t-ietf-capport-rfc7710bis/ can deliver
via DHCPv4/v6 or RA.


=C2=A0 =C2=A0 >> On 9 Jul 2019, at 16:41, Michael Richardson <mcr+ietf@sandelman= .ca>
=C2=A0 =C2=A0 >> wrote:
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Signed PGP part
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Between editing drafts yesterday, I got to thinking = about CAPPORT.=C2=A0 I
=C2=A0 =C2=A0 >> have been working on what to do when an IoT device v= iolates it's MUD
=C2=A0 =C2=A0 >> profile.=C2=A0 There are a bunch of issues around th= is.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Yesterday, it occured to me that when such a device = is quarantined (I
=C2=A0 =C2=A0 >> really think it should be "quaranteed", bu= t that's not a word) that
=C2=A0 =C2=A0 >> the capport controls and APIs should be available to= the device to
=C2=A0 =C2=A0 >> learn what went on.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> This is not new, I think that this as been the appro= ach of most
=C2=A0 =C2=A0 >> enterprise NEA systems upon encountering "infec= tion".=C2=A0 This has, I
=C2=A0 =C2=A0 >> assume, involved forced HTTP proxies to inform human= .=C2=A0 But, if we have
=C2=A0 =C2=A0 >> APIs, we can inform device as well.
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> Is this on anyone's radar?
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >> --
=C2=A0 =C2=A0 >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman So= ftware Works
=C2=A0 =C2=A0 >> -=3D IPv6 IoT consulting =3D-
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>
=C2=A0 =C2=A0 >>


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-




--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-



_______________________________________________
Captive-portals mailing list
Captive-porta= ls@ietf.org
https://www.ietf.org/mailman/listinfo/captive-p= ortals
--0000000000001be4ce058e28a124-- From nobody Mon Jul 22 06:45:45 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EBC51202C4; Mon, 22 Jul 2019 06:45:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nP5aQcBry8vh; Mon, 22 Jul 2019 06:45:36 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47B521202E2; Mon, 22 Jul 2019 06:45:35 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:1232:144:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id F23441F44B; Mon, 22 Jul 2019 13:45:33 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 2A16613CB; Mon, 22 Jul 2019 09:45:55 -0400 (EDT) From: Michael Richardson To: iot-onboarding@ietf.org cc: mud@ietf.org, Carsten Bormann X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Mon, 22 Jul 2019 09:45:55 -0400 Message-ID: <9805.1563803155@dooku.sandelman.ca> Archived-At: Subject: [Mud] updates to diagram X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 13:45:44 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I have updated the dia/svg version of the diagram that Eliot put on the screen, but some were too far away to see. There is also an asciio version, but I think that I will maintain the pretty version only. The key changes is that I inserted RFC8572 and RFC8366 labels. I will think about how to insert BRSKI-TEEP. It is at: https://github.com/anima-wg/enrollment-roadmap https://github.com/anima-wg/enrollment-roadmap/blob/master/technology-compo= nents.svg https://github.com/anima-wg/enrollment-roadmap/blob/master/building-block-d= iagram.txt =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl01vhIACgkQlUzhVv38 QpA6OwgAjgXN+2p7qyesf78iMxJsCcUsVOeyTIc7MTsyoId2qSCukSAovvPZMFZm aPEZWk1YqmM7E1EEKAygOHSWKrl71q4STCkQzMwilJ56PtVB+8R8kNs+GnH6E2oI Q9o9DVaOMkjRqnA9SGBifwmvII3Lex2Gs4B/YtlUuYgylCDjauiVe98nXyKocLEs qZ8qYVfm8w7/bpysHV7TnyPRWIYcNB7w/qgc5yEFydpuf2aSeApXtWFDusHbSg+g H8m9TytpJQCgSqRjY5t5Tw1nbcZIyJjJQihprCEuDsgY7Yoz79K15m9eBPmty+Ok 8cdyPJJ/RcVgd+q4UZw6NMF0F+/U6g== =YHU2 -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 23 16:07:18 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F8A1200B8 for ; Tue, 23 Jul 2019 16:07:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sKYU1YCTjGdH for ; Tue, 23 Jul 2019 16:07:14 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E8FD120154 for ; Tue, 23 Jul 2019 16:07:13 -0700 (PDT) Received: from dooku.sandelman.ca (dhcp-8960.meeting.ietf.org [31.133.137.96]) by relay.sandelman.ca (Postfix) with ESMTPS id 31BF11F44B; Tue, 23 Jul 2019 23:07:12 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id B7E401BBF; Tue, 23 Jul 2019 19:07:34 -0400 (EDT) From: Michael Richardson To: tirumal reddy cc: "M. Ranganathan" , mud@ietf.org In-reply-to: References: Comments: In-reply-to tirumal reddy message dated "Tue, 21 May 2019 12:33:12 +0530." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Tue, 23 Jul 2019 19:07:34 -0400 Message-ID: <2235.1563923254@dooku.sandelman.ca> Archived-At: Subject: Re: [Mud] Simplified Quarantine model X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2019 23:07:16 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable tirumal reddy wrote: > How do you identify an attacker is using the victim device's MAC and = IP > address to send attack traffic (e.g. SYN flood) ? On wired, this has to be protected by using a managed switch and then locking ports down to mac addresses. On wireless, one needs unique PSKs (or Enterprise WPA), which then one can identify which device is which, and lock the MAC address down. Of course, all this fails if the devices are expected to randomize the L2 address. =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl03kzYACgkQlUzhVv38 QpDggAf/VjLVc8Kp92xIvegZv9Q+iuB+4uZYb3o2zBMD8aPmdnEbwrfcdShejXq/ bjK8wX+RlQhZqSo5gfvybC09q1FucXOmNcXqz3qpywxy+Nhtq+LiDbF/+wShtICM 6KxbmYsJA4F0Pn3dU4QegWQceSteusiTj3M4ZOpNu5n6M3CpEY9PrHe1Z4aM/fsb LUDzSS9ya2PT+ksaAJhc/JXn056zRWWh50ik7LOAKth+cOLaiExUuj9pSbo1qHVt sSTrSlBe52maYmR1XxaFsrcdqdwjKsCKF6C8BPWliFUECzmYkIudmcqW3aEqyefE GLIOTVzvrDB7oWpCATvZgSyb3KyxCA== =fGC+ -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 23 17:03:39 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87B45120995; Tue, 23 Jul 2019 17:03:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a6iGpyu56X5u; Tue, 23 Jul 2019 17:03:30 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FA6F120991; Tue, 23 Jul 2019 17:03:29 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:370:128:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id 558411F47F; Wed, 24 Jul 2019 00:03:27 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id B2D951BBF; Tue, 23 Jul 2019 20:03:49 -0400 (EDT) From: Michael Richardson To: ek@loon.com cc: captive-portals , opsawg@ietf.org, mud@ietf.org In-reply-to: References: <27897.1562697682@localhost> Comments: In-reply-to Erik Kline message dated "Sat, 20 Jul 2019 23:33:44 -0400." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Tue, 23 Jul 2019 20:03:49 -0400 Message-ID: <7357.1563926629@dooku.sandelman.ca> Archived-At: Subject: Re: [Mud] [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 00:03:33 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Erik Kline wrote: > Most discussion has, co-chair hat off, be circling around some minimal > working API mechanism to get things started. > That said, one could easily imagine, for example, something as simple > as an additional API boolean key, > "quarantined": true|false, I think that I want to implement exactly this then. This means providing the API info in the DHCPv4 to all devices, but for many devices, even though there is no restriction at all.=20 A concern that was recently raised is attackers that might attempt to impersonate other devices (same L2/L3 address), and do things to trigger quarantine. Once you train the users to unquarantine without thinking... =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl03oGUACgkQlUzhVv38 QpDTUwgAiNwG4V2jzQpgAYxvl8vV0WilqX5eUUCIMQW2VqEqSq27gdlDMp8Dak0U cgAaIQ91v70VeiPo3qIbArDbymdp6jXKQxvXbuy6D7md98O+Dj9k6CAoPhwQmh2u ZdjlOSBidt/0Pu0RPHYskN2b65uB2kkLqRjPcMYp5+GOueFe1QhlJM62Lb72qdXT hOnWgX07mpyLWFG0yCedXRlgSlIuHqIe4sP68+YiMo/gMzaqhr4HagvdkclisZMv FGjQn1XCRKg+8O7Pr1Tq1OcFJjRqm2YSJrMhBOp7WTTv/I7DaJdcRQKuO+6eNnWJ vResXFkagg38tUbmpvdzrQTS5qjSJw== =4iTu -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Jul 23 22:56:10 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5BB512003F for ; Tue, 23 Jul 2019 22:56:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWgehkcLhz_3 for ; Tue, 23 Jul 2019 22:56:02 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF7E120332 for ; Tue, 23 Jul 2019 22:56:02 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id k20so87002180ios.10 for ; Tue, 23 Jul 2019 22:56:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iHji0cKMvAYqk3jI31pfY5G7yTUUegpeNqTl65PvQMI=; b=jtmd/y9ccSJ8F0OzAp4Ph0A9/3857uPgdxYeXusj210U3ihgpBTSV/+5uWNrfA7u7B +HrzPuwki5cYmPkgeL9nWFiXlefAIspqIfIZoU3rzl0IpcDl3iQaWQaonwKPFy9/bmNM 9SxxLoxyvr+wmj5yeJzdRxJXCCmZ0Rjtyxr+z6C4O2wvp0+t1fv6hQ6bynD6zbifEa36 aK7D/F/hvtmhuFY8zB8RZRIAn9VbUNhbInflCTQJSwu+Rk0ZE3hnoYQR5/rqMfW+Yfid mFVZboTDus1EdDwxITBO2GdWc7QGZl5wH1CQqWVCYY65KlpIqZZYXqEGsZGaywYpoSSl xqpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iHji0cKMvAYqk3jI31pfY5G7yTUUegpeNqTl65PvQMI=; b=badxYIyZvMxfWes9p1M81u3ps2t24rLLL3tIg/oQwO5b7jHaeroLpu55Bn2fXmQV04 cm3LUWuR7ICPVJ00ykBVozBTWCzLnMqTfZnNCTEMcTeEM6VgfE/bLJY8G7Fm0o+A9mRY QMVl6inaLhWNpLsAigVa2WaPC7V1PeEnuVVqvV+XnMHqzoRidP/FSO80zgpsHe1684S0 zcch8ILPHwwU7uybnPgxtiD1VRtySZAWZ7rutMXwGIIrlow08iatheqLnMSL6wNoVSLd Uv7tntvRJHc+XVSTT+4/Q+ZJK0/2bz5svLyS705C9si4cTU7mmOWb9YX9nDPMszUjlYy VnXQ== X-Gm-Message-State: APjAAAVpcswTkliHe4zEFEJxgHz/Ek+8YOZgTtpJTiSUWKjOA6h0EXW8 I/gaxk2xFir10ZPa3NYxTMwZHfk/d+nbA8BY2eA= X-Google-Smtp-Source: APXvYqw1SqaxedZBTS6Jnq0G6RY+UM1/h6qUEz8nma/6wa0DH4HGor6FZwoafnveMdAMY0RtW67o5gdDCeiYlqjiduw= X-Received: by 2002:a02:bb08:: with SMTP id y8mr38718044jan.51.1563947762091; Tue, 23 Jul 2019 22:56:02 -0700 (PDT) MIME-Version: 1.0 References: <2235.1563923254@dooku.sandelman.ca> In-Reply-To: <2235.1563923254@dooku.sandelman.ca> From: tirumal reddy Date: Wed, 24 Jul 2019 11:25:50 +0530 Message-ID: To: Michael Richardson Cc: "M. Ranganathan" , mud@ietf.org Content-Type: multipart/alternative; boundary="000000000000ce8a77058e66f632" Archived-At: Subject: Re: [Mud] Simplified Quarantine model X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 05:56:09 -0000 --000000000000ce8a77058e66f632 Content-Type: text/plain; charset="UTF-8" On Wed, 24 Jul 2019 at 04:37, Michael Richardson wrote: > > tirumal reddy wrote: > > How do you identify an attacker is using the victim device's MAC and > IP > > address to send attack traffic (e.g. SYN flood) ? > > On wired, this has to be protected by using a managed switch and > then locking ports down to mac addresses. > > On wireless, one needs unique PSKs (or Enterprise WPA), which then one can > identify which device is which, and lock the MAC address down. > > Of course, all this fails if the devices are expected to randomize the L2 > address. > Yes, the problem is in Home networks and Enterprise networks already use various techniques to detect MAC spoofing. -Tiru > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works | network > architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on > rails [ > > --000000000000ce8a77058e66f632 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, 24 Jul 2019 at 04:37, Michael Ric= hardson <mcr@sandelman.ca> wr= ote:

tirumal reddy <ko= ndtir@gmail.com> wrote:
=C2=A0 =C2=A0 > How do you identify an attacker is using the victim devi= ce's MAC and IP
=C2=A0 =C2=A0 > address to send attack traffic (e.g. SYN flood) ?

On wired, this has to be protected by using a managed switch and
then locking ports down to mac addresses.

On wireless, one needs unique PSKs (or Enterprise WPA), which then one can<= br> identify which device is which, and lock the MAC address down.

Of course, all this fails if the devices are expected to randomize the L2 address.

Yes, the problem is in Home ne= tworks and Enterprise networks already use various techniques to detect MAC= spoofing.

-Tiru
=C2=A0

--
]=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Never tell me the o= dds!=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| ipv6 me= sh networks [
]=C2=A0 =C2=A0Michael Richardson, Sandelman Software Works=C2=A0 =C2=A0 =C2= =A0 =C2=A0 | network architect=C2=A0 [
]=C2=A0 =C2=A0 =C2=A0= mcr@sandelman.ca=C2=A0 http://www.sandelman.ca/=C2=A0 =C2=A0 =C2=A0 = =C2=A0 |=C2=A0 =C2=A0ruby on rails=C2=A0 =C2=A0 [

--000000000000ce8a77058e66f632-- From nobody Wed Jul 24 11:35:05 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99CC7120338; Wed, 24 Jul 2019 11:35:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qh3JUGx0tq8; Wed, 24 Jul 2019 11:35:01 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA891120141; Wed, 24 Jul 2019 11:35:01 -0700 (PDT) Received: from dooku.sandelman.ca (dhcp-8550.meeting.ietf.org [31.133.133.80]) by relay.sandelman.ca (Postfix) with ESMTPS id 927FA1F44B; Wed, 24 Jul 2019 18:34:59 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 887CD1624; Wed, 24 Jul 2019 14:35:22 -0400 (EDT) From: Michael Richardson To: Kent Watsen cc: iot-onboarding@ietf.org, mud@ietf.org, Carsten Bormann In-reply-to: <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com> References: <9805.1563803155@dooku.sandelman.ca> <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com> Comments: In-reply-to Kent Watsen message dated "Wed, 24 Jul 2019 16:39:16 -0000." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Wed, 24 Jul 2019 14:35:22 -0400 Message-ID: <21846.1563993322@dooku.sandelman.ca> Archived-At: Subject: Re: [Mud] [Iot-onboarding] updates to diagram X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 18:35:04 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Kent, thanks for the updates. I will adjust the diagram as you suggest! I have abandonned the enrollment-roadmap document, and I moved it to the iot-dir wiki at: https://trac.ietf.org/trac/int/wiki/EnrollmentRoadmap but, the wiki doesn't really help people to edit/update/maintain the diagra= m, so it is still in github. I'll change the github to indicate the text is no longer live. If you want to update the text in the wiki directly, that would be appreciated. =2D-=20 Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl04pOoACgkQlUzhVv38 QpD09Qf/Q+u4mIUkP7OAXYIjbgo5lkKpRL3cZqMsE2E/hV+ZnoQB6RfxFJS1GY6h IHDiNKE9EK4tY8FbgwwUuTmw2pmDdSG79i00mxrvH8iYrQjridmMzhe+sRh3w/6r FLdZPritE2Is5SxMmSuwkbpMMOuJJrppCgEMe6XhkkZM2wCfCkbkJsioJAYnmdAR Z7O+rgjHeuyadcyfuP3YDulqsVjdm4vXNtflEM8hsN3R9kiuFzIc/BrnMIkAtkiR uRwJwrVeLJDU9cNK3HJnZ0gjQ+tzUVQo++S23P/pAsNzHLqFRog0Y4tSJCvW1/NC ET+R0OoMrkubC/t4LWlLYXDgaZTl0w== =Kwos -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jul 24 13:34:51 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B9F120623; Wed, 24 Jul 2019 13:34:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLt_TsDL94IB; Wed, 24 Jul 2019 13:34:45 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 914361206BF; Wed, 24 Jul 2019 13:34:38 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:370:128:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id CD1C11F44B; Wed, 24 Jul 2019 20:34:35 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 27EF7138B; Wed, 24 Jul 2019 16:34:58 -0400 (EDT) From: Michael Richardson To: Kent Watsen cc: iot-onboarding@ietf.org, mud@ietf.org, Carsten Bormann In-reply-to: <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com> References: <9805.1563803155@dooku.sandelman.ca> <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com> Comments: In-reply-to Kent Watsen message dated "Wed, 24 Jul 2019 16:39:16 -0000." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Wed, 24 Jul 2019 16:34:58 -0400 Message-ID: <28771.1564000498@dooku.sandelman.ca> Archived-At: Subject: Re: [Mud] [Iot-onboarding] updates to diagram X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 20:34:49 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Kent Watsen wrote: > The diagram has the label "NETCONF", but this is confusing...while > produced by the NETCONF WG, the solution itself does not depend on the > NETCONF=20 > protocol (though it MAY bootstrap a secure NETCONF session) From a pr= otocol > perspective, it might be more appropriate to have HTTP, or REST, or e= ven > RESTCONF. That said, I think the label "SZTP" is best, as that is the > acronyms used in the RFC. For lack of a better term, I'll change "NETCONF" to "SZTP (netconf)" > I'm unsure about what is implied by the label MASA. If just the acron= ym as > defined in the voucher draft, then there should be an arrow pointing = to > the SZTP box as well. However, if it implies a functional component > (protocol API), then there should be another box called "OVIS" > (ownership voucher=20 > issuance service) that points to the SZTP box. My intention of the MASA box is that it involves itself in the middle three items, but not the left-most "ultra-contrained bootstrap" I have added an equivalent box and marked it "OVIS" > Lastly, the bottom row appears to capture statefulness of the > connection to MASA. No, it's not connection to the MASA, the MASA box is just at the bottom in order to not overlap. The statefulness is intended to be the transport that is under the boxes above. That is, BRSKI is: JSON-voucher -over- CMS -over- TCP -over- circuit-level while 6tisch-zero-touch is: CBOR -over- COSE -over- EDHOC/LAKE -over- OSCORE -over- stateless CoAP proxy > FWIW, the SZTP solution doesn't necessitate a MASA > at the time of the=20 > bootstrapping event. To be clearer, the pledge MAY send a nonce to a = local > SZTP server, which MAY in turn use that nonce to retrieve an ephemeral > voucher from a MASA/OVIS system. Agreed... I'm in general assuming that it could be USB/sneaker-net. I don't know how to represent this well. =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl04wPEACgkQlUzhVv38 QpCSJggAo4ridovtuV4fbsFr8yjf0YQ1qbSEC/3qpXT5NTHbwG06qfch/U3chaPl a4nld1AHofm5X7b2dXcB+8jdS6WtkCdS5r6lBlCm7j4FXYJTfOStxEPtdcjzCWhp 1xJwJvyLDA9ACDjv6qfLtA2VZIxCxs4n005eZUtBrsubsH+9rfgoA7Lg0fXeas3W 26opl9KG/OuNCEziyGyk4p9K+sX0CLRXnM9BzAoez5n33F0vSdXHoP0UHisymxBU ARPzVxmeCxhRO5KeTbvLuB47wJ+ylFQ+sXtTIdgIikLHfuz7DJAtGG9vZhs3aaHb y6dmY+uHrz3BEhqzdaJMQghp+bM8kQ== =/sgd -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Jul 26 16:31:59 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74ED21201CF for ; Fri, 26 Jul 2019 16:31:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZzI9r_HAOs4V for ; Fri, 26 Jul 2019 16:31:54 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82010120181 for ; Fri, 26 Jul 2019 16:31:54 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [75.98.19.134]) by relay.sandelman.ca (Postfix) with ESMTPS id C4C8A1F44B for ; Fri, 26 Jul 2019 23:31:52 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 1743B1A97; Fri, 26 Jul 2019 19:31:54 -0400 (EDT) From: Michael Richardson To: mud@ietf.org X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Fri, 26 Jul 2019 19:31:54 -0400 Message-ID: <27593.1564183914@dooku.sandelman.ca> Archived-At: Subject: [Mud] more from the ADD debate X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2019 23:31:57 -0000 --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain In case you missed this long tussle. --=-=-= Content-Type: message/rfc822 Content-Disposition: inline; filename=1062 Content-Description: forwarded message Return-Path: Received: from tuna.sandelman.ca [2607:f0b0:f:3::184] by dooku.sandelman.ca with IMAP (fetchmail-6.3.26) for (single-drop); Fri, 26 Jul 2019 12:24:52 -0400 (EDT) Received: from tuna.sandelman.ca ([unix socket]) by tuna (Cyrus git2.4.17+0-Debian-2.4.17+nocaldav-0+deb8u2) with LMTPA; Fri, 26 Jul 2019 11:53:48 -0400 X-Sieve: CMU Sieve 2.4 Received: from out4-200.antispamcloud.com (out4-200.antispamcloud.com [185.201.19.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tuna.sandelman.ca (Postfix) with ESMTPS id 53C563818E for ; Fri, 26 Jul 2019 11:53:48 -0400 (EDT) X-DKIM-Failure: signature_incorrect Received: from mail.ietf.org ([4.31.198.44]) by mx125.antispamcloud.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1hr2Xl-000v6t-49 for mcr+ietf@sandelman.ca; Fri, 26 Jul 2019 17:54:05 +0200 Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 92F2212009C for ; Fri, 26 Jul 2019 08:54:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1564156443; bh=pv85oKoBbedyALPV45bOMP/Lv9se0v6cSi84BDMIzr8=; h=References:In-Reply-To:From:Date:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Cc; b=pKmcOoHNPWmx9O3Fa77+w+d6IOw6xszvzEgqfxiceYTEn9qtzDOIWjNJiUhOGIiN8 ooWN2SxVc7IshfTWt1pF0zTzTY3I5bFHAaar1iwIjOGLEvjcleU2WOtaBZHt45U7cO GCb1CzwXlQNCBItDqiMVoWwdU7xHIPD5TkfoOOv4= X-Mailbox-Line: From add-bounces@ietf.org Fri Jul 26 08:54:02 2019 Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D2E5120044; Fri, 26 Jul 2019 08:54:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1564156442; bh=Y5fYRmcQB+zRicpYsnIdD3eQuxnrQ/uYNnrMZtpsHyw=; h=References:In-Reply-To:From:Date:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Cc; b=qbTJ7UedIFk5goUf/F7ySKesjXrE8kAG8povHwAWrL+giitDcv78ylu15nZESDYKE 86lEUHiYZZ9ObZ6neAtQqKEDSqH1epOHyDRLSuqMvr5Ko9F+PrcyozDBRYOArVXJPw gshG4YVzuN1J/fsQgNYzYcuQUTeO2FW3oyP0eGS4= X-Original-To: add@ietfa.amsl.com Delivered-To: add@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FAAD120048 for ; Fri, 26 Jul 2019 08:54:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fN6PxB4icR3Y for ; Fri, 26 Jul 2019 08:53:57 -0700 (PDT) Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A6D2120041 for ; Fri, 26 Jul 2019 08:53:57 -0700 (PDT) Received: by mail-vs1-xe32.google.com with SMTP id y16so36371774vsc.3 for ; Fri, 26 Jul 2019 08:53:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xSMqXg/9x0rook37PBv5D3GFE7vlalICltUepMkIcMs=; b=Mpal88JaIQnf1H5CtEKafNbsapB5GXfWAwZpxciinvpvxP3iuicUWBNK/euCXqRIrh loNqRyVo4h3CB0414qLoj3qj2WWz1aRtpFdIS6Nj85mL3qOAmAs1HMMeqEV/4uW+bvlk xjluOJjdGFNRQb2D+/le67G7HHW5LjynpD7fzsy3K/Ig+JhaEekApBqIM2Gb34tTPq4/ giSUhCFtGvpVT/Jg5kBx1ot84Fp8tZaz5c55yZr8yjyM9oigrIH4mA/4T4yrqAmv9rMS QsvNVq7jiGnsdpYzw726ZRJO6XJ1UjYbt4E2hNp4YwHEdiLq3t5N4H14hoGnaAS9h7r3 taWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xSMqXg/9x0rook37PBv5D3GFE7vlalICltUepMkIcMs=; b=P8IhNvdgZnUHOLwD6P60zT9qCpl8Z2AtRyMPLxVDtY0OUfnLaS4OzXX0JLxLD1TBlb aIUsf6UzaxJCvVi9Ypd07LCszdvCmx0p45bD4GFz/pfsnjiUf7uUSDGSeMbbsHubbB1g LLsXtuQ94Hhaw7qB+nX95mRYn4fmYPThoOew2SNObf2z4fjCqrH5FyGEYQXckmkExf6b cj/6EpjWwm8ncZparANNEt4P801dPTQ8keLsXWBaYfRPPRttwm0BsrVM5iHs2rqRIjTK Np/clNMBKryh9+LolIHVfbdQlTrLyDH+h86Syx3cPCTjSJOcuFUEYPGDrVgZZs6wQbDC S0JQ== X-Gm-Message-State: APjAAAXeTh0MQQhn+K+/IasyGSa98NR8YmlxR4d77SVJz89Z7+QFH2g8 c2fuYh2W9ULnYqONHxsCordqak/JOBx+ay+oAx8= X-Google-Smtp-Source: APXvYqzpI1132YKMV4E0Nl1ex+tQz72q0r5/s4pCCm++//kmCJoU0ZZ6H7WCYPDErYQUbz+QNleQNDiHaVPDrKHHW6o= X-Received: by 2002:a67:f043:: with SMTP id q3mr20389223vsm.219.1564156436632; Fri, 26 Jul 2019 08:53:56 -0700 (PDT) MIME-Version: 1.0 References: <112384FB-C68D-4308-8ED9-C0BBF615751D@frobbit.se> <1C02AB5B-D01E-49F6-86CE-BAEF4779E776@frobbit.se> <2E080C62-CFC9-4851-B2AE-701E5D543A71@frobbit.se> <45A7F1E2-B619-40C4-A4CD-F3DE246CD60C@fugue.com> In-Reply-To: <45A7F1E2-B619-40C4-A4CD-F3DE246CD60C@fugue.com> From: Brian Dickson Date: Fri, 26 Jul 2019 11:53:45 -0400 Message-ID: To: Ted Lemon Archived-At: Subject: Re: [Add] My longer list of questions [from partial distribution at the MIC] X-BeenThere: add@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Applications Doing DNS List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?B?UGF0cmlrIEbDpGx0c3Ryw7Zt?= , ADD Mailing list , Rob Sayre , Wes Hardaker Content-Type: multipart/mixed; boundary="===============5030205708597811842==" Errors-To: add-bounces@ietf.org Sender: "Add" Received-SPF: pass (mx125.antispamcloud.com: domain of ietf.org designates 4.31.198.44 as permitted sender) client-ip=4.31.198.44; envelope-from=add-bounces@ietf.org; helo=mail.ietf.org; X-SPF-Result: mx125.antispamcloud.com: domain of ietf.org designates 4.31.198.44 as permitted sender Authentication-Results: mx125.antispamcloud.com; dmarc=none header.from=gmail.com Authentication-Results: antispamcloud.com; spf=pass smtp.mailfrom=add-bounces@ietf.org; dkim=pass header.i=ietf.org; dkim=fail (signature_incorrect) header.i=gmail.com X-Filter-Label: newsletter X-MailAssure-Class: whitelisted X-MailAssure-Evidence: sender X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0STiPCilqAig5bem4hJMKBmpSDasLI4SayDByyq9LIhVRJKuoL20070G U5Ufdh+41WqUuh2MpmQbQvmrab9RbAHqH6xvmyo++UsFY6JUjVh4shsxya8iQXED5vSUQ++rDser 6nXFRBneIuQ/tHetyAj9hGAhRc93NPXjiXB3/m5sWmuNA8WTybi1JN85FSnfKfltWGvLbCuZaQoe 5UGcu4BAnt6zjlciusZNFHgrwL12kVWClPVvbW5lVyQanRxw5nmS7Qi4DDvwnPe/m0ZwJguF4MXC BjASdP/gQilaCwuE7H2ZC56yr6xDfRL3L1neeyODJgPrCtC9pJVsir/Bwp2kDci70QkCOxa9CI+8 v8i3KLTFpngmCzMfOMV6XuhaoY5WQalhwZktt5CZh2miEJOYgisbzJ0S6rR70RDllHBX8K+I8p+Q na8XwVJgUE8fgT3dKxLhoxcmaInYbR5vlqFg3eKzPG9E5MikC2dVXWcpAA1m6zMBZL/nitqfxQqB rXwCY8vmv+JqOVJamBHfOGXHHVx5mFXlUdMlhfvLRMZjuvExD7f6C2dHfLRhGXswyPE8b6CLjusa z22hMkFhvN90DAR32uxK0sKi0q2H6tLFTCAAaaqkRisg7PMbozN3Kn4JfDN1VUERxQJyo1woJwsn qb41W7lmdFimS5/3IKGSqWIBip8QFSv+hhCfcAu14vQD2d0jJX+zqj7M72yx2ma3AHNWiybFOZmN WNJ/NeyhxjnI8mwlsL5v9PnJbVLQozYS81XWtV8eIrPJDfA0cwOGHk5hPAZsqaYzaLuT2e3sUV8S hebT8U8Xw9HTDfreWfBXKHhP/bkmKFsOzFSaKkbDqcigOvSxdRnthmhn8Zn6Do/N7ZLb2zzB/II8 ANmMUANW7/99Dy9nHLy5ZjpT/CPB9dQUyNMfYPIPyLmQ7ltmVgW9/bktU41htiJ8fk7NkM23J7LH DHZzGBAiCeuHbrg= X-Report-Abuse-To: spam@quarantine10.antispamcloud.com --===============5030205708597811842== Content-Type: multipart/alternative; boundary="000000000000c75980058e978cfb" --000000000000c75980058e978cfb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jul 26, 2019 at 11:06 AM Ted Lemon wrote: > > > On Jul 26, 2019, at 10:50 AM, Brian Dickson > wrote: > > > - One approach to enforcing the policy has a larger scope than the OS. > It is to view DoH itself as the problem, and ask, how can we put the D= oH > genie (djinn) back in the bottle? > > The djinn was never in the bottle in the first place. If this discussion > is going to continue to entertain the fantasy that malware isn=E2=80=99t = already > doing this, it=E2=80=99s not likely to be very useful. > One important distinction about malware "doing this": prior to the scenario where DoH (to an independently-operated resolver) was used, it was possible to detect this malware activity by correlation between DNS queries and TLS connections. In order to establish a TLS connection, the client app needs to do a DNS query to identify the IP address of the server to which it plans to connect= .. A hypothetical anti-malware system with integration to the DNS query feed, would be aware of specific clients requesting specific DNS records, and the TTLs of the responses. Connections not conforming to tuples of (current time, client IP, server IP, TTL expiry time) would be detectable and alert-able. (Additional information on connections' SNI and servers' names allows much greater accuracy, but if/when ESNI happens, this signal goes away.) In an environment where DNS resolver choice cannot be detected or enforced, negates this model, particularly if all DNS query traffic becomes unobservable to the hypothetical anti-malware system. This is a change to the threat detection and blocking environment, and exists only when encrypted DNS is commingled with HTTPS traffic. Brian --000000000000c75980058e978cfb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Jul 26, 2019 at 11:06 AM Ted = Lemon <mellon@fugue.com> wrot= e:


On Jul 26, 2019, at 10:50 AM, Brian Dickson &= lt;brian= ..peter.dickson@gmail.com> wrote:
  • One approa= ch to enforcing the policy has a larger scope than the OS. It is to view Do= H itself as the problem, and ask, how can we put the DoH genie (djinn) back= in the bottle?
The djinn was never in the bottle in the first plac= e. If this discussion is going to continue to entertain the fantasy that ma= lware isn=E2=80=99t already doing this, it=E2=80=99s not likely to be very = useful.

One important disti= nction about malware "doing this": prior to the scenario where Do= H (to an independently-operated resolver) was used, it was possible to dete= ct this malware activity by correlation between DNS queries and TLS connect= ions.

In order to establish a TLS connection, the = client app needs to do a DNS query to identify the IP address of the server= to which it plans to connect.

A hypothetical anti= -malware system with integration to the DNS query feed, would be aware of s= pecific clients requesting specific DNS records, and the TTLs of the respon= ses.

Connections not conforming to tuples of (curr= ent time, client IP, server IP, TTL expiry time) would be detectable and al= ert-able. (Additional information on connections' SNI and servers' = names allows much greater accuracy, but if/when ESNI happens, this signal g= oes away.)

In an environment where DNS resolver ch= oice cannot be detected or enforced, negates this model, particularly if al= l DNS query traffic becomes unobservable to the hypothetical anti-malware s= ystem.

This is a change to the threat detection an= d blocking environment, and exists only when encrypted DNS is commingled wi= th HTTPS traffic.

Brian
=C2=A0
--000000000000c75980058e978cfb-- --===============5030205708597811842== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- Add mailing list Add@ietf.org https://www.ietf.org/mailman/listinfo/add --===============5030205708597811842==-- --=-=-= Content-Type: text/plain -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl07jWkACgkQlUzhVv38 QpD0Lgf/Tvm2Z0170BTn2C87bvLBy6J7jE4liU7mEDItUK/8wo58HtLmO+h6LYpv 3sPJS4owqAggMJuLJeuWMNnsmEJ5ZTyf0hmmUL8j1iK0n822FQIoOXNAO8CMPT8m 7WGsXMjIUuDsEkzXilUMRbzVcqL7osnr5pd9OUMrMZA8ITcXbyHRQcY/fpKUJI9I /S2qM/Vg9sgnG1pgEEkoSrUXq8Pie2lVCSY98KoQMkQfWe7iyThLWesRVoi/BX6w aUsvDfo+wV7H+xlTdyi4ZDj76yCn1SPkFs5xaP+dpHqHbze3EupmcED4fyC7dl0y A9/9DXbhuo1iWFerDpJkObKO7eD3Ow== =HOhq -----END PGP SIGNATURE----- --==-=-=-- From nobody Sun Jul 28 09:09:07 2019 Return-Path: <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@amazonses.watsen.net> X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 979871205D7; Wed, 24 Jul 2019 09:39:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_HvmUUkzefg; Wed, 24 Jul 2019 09:39:19 -0700 (PDT) Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03FC21205D1; Wed, 24 Jul 2019 09:39:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1563986356; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=zlN4HLbjc9S8yfwdSiI7GrEuOkisRXARv/KTFeaN7PI=; b=SxJ5xNTv3zkV0HAF8P+hfX6MbMRp8viZLQ8o3UDbq2KdD9w0b/wFU/SLpt866NdM eaUUDKQ1t8eaPgDnV6MNGwYY07HUvPg17Zfzo3XsYpgbyZAEgzcovz9uQRkcHMkUtCr w2BpycflnautFn1FUFqkRBHC9HD8+ZaBl+OqUC9I= From: Kent Watsen Message-ID: <0100016c24d9e7c7-ec4bf062-b68a-403b-b09c-0092a28fb104-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_D6666BF6-9A8C-4D76-8753-E68750DFBBA5" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 24 Jul 2019 16:39:16 +0000 In-Reply-To: <9805.1563803155@dooku.sandelman.ca> Cc: iot-onboarding@ietf.org, mud@ietf.org, Carsten Bormann To: Michael Richardson References: <9805.1563803155@dooku.sandelman.ca> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.07.24-54.240.8.96 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: X-Mailman-Approved-At: Sun, 28 Jul 2019 09:09:05 -0700 Subject: Re: [Mud] [Iot-onboarding] updates to diagram X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 16:39:23 -0000 --Apple-Mail=_D6666BF6-9A8C-4D76-8753-E68750DFBBA5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Michael, Cool diagram. A few comments: The diagram has the label "NETCONF", but this is confusing...while = produced by the NETCONF WG, the solution itself does not depend on the = NETCONF protocol (though it MAY bootstrap a secure NETCONF session) = =46rom a protocol perspective, it might be more appropriate to have = HTTP, or REST, or even RESTCONF. That said, I think the label "SZTP" is = best, as that is the acronyms used in the RFC. I'm unsure about what is implied by the label MASA. If just the acronym = as defined in the voucher draft, then there should be an arrow pointing = to the SZTP box as well. However, if it implies a functional component = (protocol API), then there should be another box called "OVIS" = (ownership voucher issuance service) that points to the SZTP box. Lastly, the bottom row appears to capture statefulness of the connection = to MASA. FWIW, the SZTP solution doesn't necessitate a MASA at the time = of the bootstrapping event. To be clearer, the pledge MAY send a nonce = to a local SZTP server, which MAY in turn use that nonce to retrieve an = ephemeral voucher from a MASA/OVIS system. Also, I skimmed the enrollment-roadmap draft and found a couple the = SZTP-related sections needing fixing: Section 5 (call-home ssh/tls/usbkey): NEW: SZTP assumes that the pledge can access a "source of bootstrapping=20 information", which is unbounded, though the draft defines four: = removable storage devices (e.g., USB key), DNS/mDNS, DHCP v4/v6, and SZTP bootstrap server (i.e., HTTPS). Pledges MAY have well-known SZTP bootstrap servers preconfigured during manufacturing, which entails Internet connectivity). The end-state of the bootstrapping process is the pledge running an = initial=20 configuration that may configure the pledge to either open ports to = accept inbound management connections, or cause the pledge to proactively = initiate outbound call home management connections (e.g., RFC 8071). And also Section 7.1 (NETCONF): NEW SZTP is defined in RFC 8572. SZTP provides the pledge an initial configuration via a mix of = sources including removable storage devices (e.g., USB Key, DHCPv4, DHCPv6, mDNS, and SZTP bootstrap servers). Ownership vouchers are only required when the pledge is otherwise unable to trust the network=20 (e.g., using built-in anchors). =20 The initial configuration can be any valid configuration, but = typically it is the minimal necessary to enable the pledge to establish connectivity = to its owner's controller/NMS application. The pledge MAY open ports = for=20 inbound management connections, but it is more typical for the pledge to initiate a call home connection (e.g., RFC 8071). SZTP is seen as an updated version of TR-69 by some, appropriate for configuration of residential appliances which are drop-shiped by ISPs or other service providers to homes. It is also used for other deployments including, e.g., campus, retail, kiosks, satellite = offices. Kent > On Jul 22, 2019, at 9:45 AM, Michael Richardson = wrote: >=20 >=20 > I have updated the dia/svg version of the diagram that Eliot put on = the > screen, but some were too far away to see. >=20 > There is also an asciio version, but I think that I will maintain the = pretty > version only. The key changes is that I inserted RFC8572 and RFC8366 > labels. >=20 > I will think about how to insert BRSKI-TEEP. >=20 > It is at: > https://github.com/anima-wg/enrollment-roadmap >=20 > = https://github.com/anima-wg/enrollment-roadmap/blob/master/technology-comp= onents.svg >=20 > = https://github.com/anima-wg/enrollment-roadmap/blob/master/building-block-= diagram.txt >=20 > --=20 > ] Never tell me the odds! | ipv6 mesh = networks [=20 > ] Michael Richardson, Sandelman Software Works | network = architect [=20 > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on = rails [=20 > =09 >=20 >=20 > --=20 > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding --Apple-Mail=_D6666BF6-9A8C-4D76-8753-E68750DFBBA5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Hi Michael,

Cool diagram.  A few comments:

The diagram has the label "NETCONF", = but this is confusing...while produced by the NETCONF WG, the solution = itself does not depend on the NETCONF protocol (though it MAY bootstrap = a secure NETCONF session)  =46rom a protocol perspective, it might = be more appropriate to have HTTP, or REST, or even RESTCONF.  That = said, I think the label "SZTP" is best, as that is the acronyms used in = the RFC.

I'm = unsure about what is implied by the label MASA.  If just the = acronym as defined in the voucher draft, then there should be an arrow = pointing to the SZTP box as well.  However, if it implies a = functional component (protocol API), then there should be another box = called "OVIS" (ownership voucher issuance service) that points to the = SZTP box.

Lastly, the bottom row appears to capture statefulness of the = connection to MASA.  FWIW, the SZTP solution doesn't necessitate a = MASA at the time of the bootstrapping event.  To be clearer, the = pledge MAY send a nonce to a local SZTP server, which MAY in turn use = that nonce to retrieve an ephemeral voucher from a MASA/OVIS = system.

Also, = I skimmed the enrollment-roadmap draft and found a couple the = SZTP-related sections needing fixing:


Section 5 (call-home ssh/tls/usbkey):

NEW:

   SZTP assumes that the = pledge can access a "source of bootstrapping 
   information", which is unbounded, though the = draft defines four: removable
   storage = devices (e.g., USB key), DNS/mDNS, DHCP v4/v6, and SZTP
   bootstrap server (i.e., HTTPS).   Pledges = MAY have well-known SZTP
   bootstrap = servers preconfigured during manufacturing, which entails
   Internet connectivity).

   The end-state of the = bootstrapping process is the pledge running an initial 
   configuration that may configure = the pledge to either open ports to accept
   inbound management connections, or cause the = pledge to proactively initiate
  =  outbound call home management connections (e.g., RFC = 8071).



And = also Section 7.1 (NETCONF):

NEW

   SZTP is = defined in RFC 8572.

  =  SZTP provides the pledge an initial configuration via a mix = of sources
   including removable storage = devices (e.g., USB Key,  DHCPv4, DHCPv6,
  =  mDNS, and SZTP bootstrap servers).  Ownership vouchers are = only
   required when the pledge is = otherwise unable to trust the network 
  =  (e.g., using built-in anchors).  

   The initial configuration = can be any valid configuration, but typically it is
   the minimal necessary to enable the pledge to = establish connectivity to
   its owner's =  controller/NMS application.  The pledge MAY open = ports for 
   inbound management = connections, but it is more typical for the pledge
   to initiate a call home connection (e.g., RFC = 8071).

  =  SZTP is seen as an updated version of TR-69 by some, = appropriate
   for configuration of residential = appliances which are drop-shiped by
   ISPs or = other service providers to homes.  It is also used for = other
   deployments including, e.g., = campus, retail, kiosks, satellite offices.



Kent



On Jul 22, 2019, at 9:45 AM, Michael = Richardson <mcr+ietf@sandelman.ca> wrote:


I have updated the dia/svg version of the diagram that Eliot = put on the
screen, but some were too far away to see.

There is also an asciio version, but I think = that I will maintain the pretty
version only. =   The key changes is that I inserted RFC8572 and RFC8366
labels.

I will think about how = to insert BRSKI-TEEP.

It is at:
 https://github.com/anima-wg/enrollment-roadmap

https://github.com/anima-wg/enrollment-roadmap/blob/master/tech= nology-components.svg

https://github.com/anima-wg/enrollment-roadmap/blob/master/buil= ding-block-diagram.txt

--
] =             &n= bsp; Never tell me the odds! =             &n= bsp;   | ipv6 mesh networks [
] =   Michael Richardson, Sandelman Software Works =        | network architect  [ =
]     mcr@sandelman.ca =  http://www.sandelman.ca/ =        |   ruby on rails =    [



--
Iot-onboarding mailing list
Iot-onboarding@ietf.org
https://www.ietf.org/mailman/listinfo/iot-onboarding

= --Apple-Mail=_D6666BF6-9A8C-4D76-8753-E68750DFBBA5-- From nobody Tue Jul 30 10:38:36 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3B3120299 for ; Tue, 30 Jul 2019 10:38:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sr3I8B3VZleI for ; Tue, 30 Jul 2019 10:38:31 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76C551201CC for ; Tue, 30 Jul 2019 10:38:30 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id CFB173808A; Tue, 30 Jul 2019 13:38:04 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 47160980; Tue, 30 Jul 2019 13:38:29 -0400 (EDT) From: Michael Richardson To: mud@ietf.org, canada-iot-security-discussion-request@elists.isoc.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Mud] a place MUD would have helped --- US security cameras X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 17:38:34 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable btw: I don't think it's actually fair to single-out cameras from a single country. I haven't read the Act (nor am I likely to), but it imagine if it had used positive language like, "the country of origin and the manufacturing firm MUST be easily identifiable on packaging and via firmware provided information, such as RFC8520" {I am taking everything Bloomberg writes with a medium sized grain of salt, after the spy chip story.} https://www.bloomberg.com/news/articles/2019-07-10/banned-chinese-security-= cameras-are-almost-impossible-to-remove says: But thousands of the devices are still in place and chances are most won= =E2=80=99t be removed before the Aug. 13 deadline. A complex web of supply chain logistics and licensing agreements make it almost impossible to know whether a security camera is actually made in China or contains componen= ts that would violate U.S. rules.=20=20 The National Defense Authorization Act, or NDAA, which outlines the budg= et and spending for the Defense Department each year, included an amendment for fiscal 2019 that would ensure federal agencies do not purchase Chinese-made surveillance cameras. The amendment singles out Zhejiang Dahua Technology Co. and Hangzhou Hikvision Digital Technology Co., both of which have raised security concerns with the U.S. government and surveillance industry. ... I wrote on the IoTSF basecamp in the thread about this: It's amazing, but hardly surprising. The lack of comprehension of among the (US) supply chain of the risks of relabelling has been going on for decades. Swapping internal components (even moving to completely different CPUs) without changing the label on the outside is something that many US based suppliers of equipment including Cisco/Linksys, Norte= l, Polycom, Belkin, etc. have done repeatedly to the frustration of their customers who want to do simple things like just upgrade firmware regularly.=20 If Honeywell doesn't know what they sold, then they can hardly be expect= ed to comply to needs to issue CVEs, etc. which suggests that both the cust= omer and the supplier had no plans at all to ever think about firmware update= s to the devices. Were I in charge, I'd be firing/demoting people in the *govern= ment* who did this procurement, and not just cancelling contracts but going for breach of contract.=20=20=20 Let me suggest some ways in which this could have been prevented. (You'll hardly be surprised at my self-promotion, but I'm working in this area for a reason...) Two key and usefully intertwined technologies: had RFC8520 (MUD) been required for the cameras, then the MUD URL presented by the *firmware* might have sliced through all relabelling BS, and would identified the product relatively well. If a proper onboarding system had been used that transferred ownership control to the legal owner, then that could have resulted in a clear IDevID reference to the manufacturer, and through the onboarding process,= an=20 actual inventory of devices. The "BRSKI" (draft-ietf-anima-bootstrapping-keyinfra) system that I'm a key author of= =20 is one such system; there were two talks at last year's IoTSF on BRSKI. BRSKI is one of the better ways to pass the MUD URL on.=20=20=20 Firmware attestation is also important, not because it detects malicious firmware like was shipped by Dahua (honestly, how is that not a death sentence for the company?) , but because it forces the manufacturer of the firmware to identify itself.=20 =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl1AgJUACgkQgItw+93Q 3WU4eQgAk926k6mEetf+RmyIiMqbajhJWo33L20B0ebE1bqgp2BlhHg3oT8bajGT mg9T4s7vknXJegTGR/LqlIP/RteESdEpQ2TOKcu+RTcxkniS9reDjrO1vzC//xKp TYndoQIYj2VxBEDbKDaij04zFAaUc1eitvDfIkf+tanu78GkQ5St6ESJYrUIiNOv rU3AmfdIZ9iEXFtvnQKYQViLi8iBpgi3JVs+wplvmbcmXmO2Q4ENiO2rcq08VV5O +oLJAqTEBqvyA09B0rd3GdZO9ssBjpL4Z9b98Wju6UH2xiczTrQEn2zHW5YvNm7a r90hHMyqJqyEi14KqewaH7paTT/r0g== =lK4M -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jul 31 01:46:00 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C28A120118; Wed, 31 Jul 2019 01:45:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktVQ1ePKaJu2; Wed, 31 Jul 2019 01:45:27 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13BD61201F8; Wed, 31 Jul 2019 01:45:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9265; q=dns/txt; s=iport; t=1564562727; x=1565772327; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=Xgqzfo6jg9TltdJT8HS+dDKr4IMqHj0AQP6TyyTkwTA=; b=JyBENslti0UN29H05QjEOoN9uFAU10EJvoX3P7DZ9uex3sCIDcQJndHl z79dDEQ8yQZX13oDYXD8GrDq0KHUXpL6xZp22RE4Iu+DL6/m+xMA1i7P0 41PcY8bvRrR8O28doSFp536L5Nqc5VDEjVx6rUBkhbRqLd6fKlqgXTOBv c=; X-Files: signature.asc : 195 X-IronPort-AV: E=Sophos;i="5.64,329,1559520000"; d="asc'?scan'208,217";a="14846925" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Jul 2019 08:45:25 +0000 Received: from dhcp-10-61-107-110.cisco.com (dhcp-10-61-107-110.cisco.com [10.61.107.110]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x6V8jOqF012018 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 31 Jul 2019 08:45:25 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_DB460E03-43F5-451D-BFC3-591A91EE8F1F"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 31 Jul 2019 10:45:23 +0200 In-Reply-To: <849DED7F-6701-4B26-9645-0B076A224C05@cisco.com> Cc: "opsawg@ietf.org" , "ops-ads@ietf.org" , mud@ietf.org To: "Joe Clarke (jclarke)" References: <849DED7F-6701-4B26-9645-0B076A224C05@cisco.com> X-Mailer: Apple Mail (2.3445.104.11) X-Outbound-SMTP-Client: 10.61.107.110, dhcp-10-61-107-110.cisco.com X-Outbound-Node: aer-core-4.cisco.com Archived-At: Subject: Re: [Mud] [OPSAWG] The future of MUD work X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 08:45:32 -0000 --Apple-Mail=_DB460E03-43F5-451D-BFC3-591A91EE8F1F Content-Type: multipart/alternative; boundary="Apple-Mail=_A5BDDA8B-1942-4347-A379-557A158292EC" --Apple-Mail=_A5BDDA8B-1942-4347-A379-557A158292EC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On the other hand, it shouldn=E2=80=99t just be me. It=E2=80=99d be a = very small working group ;-) If others are interested, they should speak = up. > On 30 Jul 2019, at 11:09, Eliot Lear wrote: >=20 > Signed PGP part > Hi Joe, >=20 >> On 29 Jul 2019, at 23:44, Joe Clarke (jclarke) = wrote: >>=20 >> OpsAWG members and our Ops ADs, it was discussed in opsawg at IETF = 105 that with the amount of MUD work being proposed (and discussions = happening outside of opsawg) that perhaps MUD should evolve into its own = WG. Some cons to this approached were discussed (maybe it would be too = heavy-weight with a charter, milestones, etc.). However, I wanted to = take this conversation to the list so we can close on it publicly. >>=20 >> Speaking as WG co-chair, I am happy to continue to support the MUD = work in opsawg, but I want to make sure the WG feels compelled to work = on it; and I want to make sure the full community that is interested in = MUD can follow and discuss items here. That said, it was mentioned in = 105 that perhaps a bigger =E2=80=9Con-boarding=E2=80=9D set of work = would be better served in its own WG. I think if the scope of MUD grows = beyond the definition and its extensions (as we=E2=80=99ve been seeing = the work progress thus far) it might be better served in its own WG = space. >>=20 >> Thoughts? >=20 > I think it is probably time for at least one WG to spring from OPSAWG. = We didn=E2=80=99t really complete the agenda at the IETF, and a good = reason of that was MUD. There are at least four active drafts on that = one subject, one of which we didn=E2=80=99t really talk about = (bw-profile). For me it=E2=80=99s a matter of what can reasonably be = coded, tested, and be useful for manufacturers. In as much as we can = bring a bit more focus to manufacturers by offering them more of a venue = for discussion, the additional WG would be welcome. On the other hand, = if we find that we=E2=80=99re not making progress, or if we progress = extensions quickly, we can close the WG and continue the mailing list, = and move back to OPSAWG. I don=E2=80=99t see a MUD working group as a = long term activity (famous last words), but targeted more at producing = the necessary for broader adoption and then going out of business. >=20 > Eliot >=20 >>=20 >> Joe >> _______________________________________________ >> OPSAWG mailing list >> OPSAWG@ietf.org >> https://www.ietf.org/mailman/listinfo/opsawg = >=20 >=20 >=20 --Apple-Mail=_A5BDDA8B-1942-4347-A379-557A158292EC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 On = the other hand, it shouldn=E2=80=99t just be me.  It=E2=80=99d be a = very small working group ;-) If others are interested, they should speak = up.

On 30 Jul 2019, at 11:09, Eliot Lear <lear@cisco.com> = wrote:

Signed PGP = part
Hi Joe,

On 29 Jul 2019, at = 23:44, Joe Clarke (jclarke) <jclarke@cisco.com> wrote:

OpsAWG members and our Ops ADs, it was discussed in opsawg at = IETF 105 that with the amount of MUD work being proposed (and = discussions happening outside of opsawg) that perhaps MUD should evolve = into its own WG.  Some cons to this approached were discussed = (maybe it would be too heavy-weight with a charter, milestones, etc.). =  However, I wanted to take this conversation to the list so we can = close on it publicly.

Speaking as WG = co-chair, I am happy to continue to support the MUD work in opsawg, but = I want to make sure the WG feels compelled to work on it; and I want to = make sure the full community that is interested in MUD can follow and = discuss items here.  That said, it was mentioned in 105 that = perhaps a bigger =E2=80=9Con-boarding=E2=80=9D set of work would be = better served in its own WG.  I think if the scope of MUD grows = beyond the definition and its extensions (as we=E2=80=99ve been seeing = the work progress thus far) it might be better served in its own WG = space.

Thoughts?

I think it is probably time for = at least one WG to spring from OPSAWG.  We didn=E2=80=99t really = complete the agenda at the IETF, and a good reason of that was MUD. =  There are at least four active drafts on that one subject, one of = which we didn=E2=80=99t really talk about (bw-profile).  For me = it=E2=80=99s a matter of what can reasonably be coded, tested, and be = useful for manufacturers.  In as much as we can bring a bit more = focus to manufacturers by offering them more of a venue for discussion, = the additional WG would be welcome.  On the other hand, if we find = that we=E2=80=99re not making progress, or if we progress extensions = quickly, we can close the WG and continue the mailing list, and move = back to OPSAWG.  I don=E2=80=99t see a MUD working group as a long = term activity (famous last words), but targeted more at producing the = necessary for broader adoption and then going out of business.

Eliot


Joe
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg




= --Apple-Mail=_A5BDDA8B-1942-4347-A379-557A158292EC-- --Apple-Mail=_DB460E03-43F5-451D-BFC3-591A91EE8F1F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTgo4LlIIJ5lIBumWpugA9nE248uAUCXUFVIwAKCRBugA9nE248 uB7eAJ0cKvNIe8QlNNYq6czGTzSseZYg2wCgs1Ma/00RPREyaaHIicJy0G9Fc88= =gaAO -----END PGP SIGNATURE----- --Apple-Mail=_DB460E03-43F5-451D-BFC3-591A91EE8F1F-- From nobody Wed Jul 31 03:14:50 2019 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE631120033 for ; Wed, 31 Jul 2019 03:14:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCFG8vTf3kxz for ; Wed, 31 Jul 2019 03:14:41 -0700 (PDT) Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D91DD12009C for ; Wed, 31 Jul 2019 03:14:39 -0700 (PDT) Received: by mail-qk1-x72e.google.com with SMTP id a27so48791012qkk.5 for ; Wed, 31 Jul 2019 03:14:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=AnXKg57BlOJEQ6PFxzwyenc3+jBLtDsFufrmxh6GIP0=; b=s8QvICSvvMUIaXS7vl59B+Hcm4Cse9f+pD7JxC5UeGrWz8xsQNLl5WxS3vgwWK7Vzw YG+9AnhwWvk1mdOoC707gWgWjX70Q0MASD3koTZRDRG5QWne2d2r1IEgyaTUJtKhngJG sRDz54cfVEfvmKbfDNq1w0bFiRr14HFXKIsgnsw3GGa762gjMCfZz3Qw8INWvarEHHpN OG2aa+C5SIC6G68j2JLgBent3tN322+Ly8kg+fERf7aWWerdRkAyjefcPI5vOe25ue7x NuHWQXLUs/NRJd6EYBtVqzU9dWOwAMiHW399vR1u8J7u3XCsLc4a4LykM8Z+0yhhDhsl vtiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=AnXKg57BlOJEQ6PFxzwyenc3+jBLtDsFufrmxh6GIP0=; b=oifrVvzCX//WwttS8qeT8z5uzillqSOzf6b8I0aEp7DxVwo/AJyp2nD87GsR5Qxwsa f5l/svoNU7O4shSFfo3hDNExmJvMEmHg80ir/TH1A1Ro89sjSrJ7lENOuqAjyX7uZEiO yqeqJhmIGeDANPhAJgL2aBKyKrxLAVBhlG8T6V5QQ8+vyZqTtBYjYV0YXUPrdSPwCELq 8gTe7dfVihWyMphzPUVImVt9WB5CZlIj9WEVWVIEKCGmd7zdofD1hR6osrnuyw6QPzKA 2alyxlcFi6EMk3NwXIvWwIQWgTCeZZE1rOaOA6sHGvD2brqdhF1+qNHfBbQExwXtYnsR +C9Q== X-Gm-Message-State: APjAAAUGDgkGVF0o46U2kmyTxHAVLLydBpRvxWQQWP3VMliFU9Id4tpF QeUpT2o804n37C6Omd1tjZPGtQ== X-Google-Smtp-Source: APXvYqwNFHvJlTjM8eICSna/SN4bbmOAgho6FG0IXcNtrHdOZdQrM8BKwz9IBuWHmB8N5Ye11KSx8w== X-Received: by 2002:ae9:dfc3:: with SMTP id t186mr76438342qkf.461.1564568078838; Wed, 31 Jul 2019 03:14:38 -0700 (PDT) Received: from ?IPv6:2601:182:cc01:fc23:c976:18a2:7bd2:d55d? ([2601:182:cc01:fc23:c976:18a2:7bd2:d55d]) by smtp.gmail.com with ESMTPSA id s7sm28799840qtq.8.2019.07.31.03.14.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 03:14:38 -0700 (PDT) From: Ted Lemon Message-Id: <19F53DA6-C652-4695-ACB1-12745271A0CB@fugue.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_6302382F-92B1-4C3E-8C3A-FEC81B63F3C1" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 31 Jul 2019 06:14:36 -0400 In-Reply-To: Cc: "Joe Clarke (jclarke)" , "opsawg@ietf.org" , "ops-ads@ietf.org" , mud@ietf.org To: Eliot Lear References: <849DED7F-6701-4B26-9645-0B076A224C05@cisco.com> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Mud] [OPSAWG] The future of MUD work X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 10:14:43 -0000 --Apple-Mail=_6302382F-92B1-4C3E-8C3A-FEC81B63F3C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On Jul 31, 2019, at 4:45 AM, Eliot Lear wrote: > On the other hand, it shouldn=E2=80=99t just be me. It=E2=80=99d be a = very small working group ;-) If others are interested, they should speak = up. I don=E2=80=99t think I would necessarily initiate work, but I suspect = if there were a MUD WG I would show up for it and review documents. The = fact that MUD is in OPSAWG has meant that I don=E2=80=99t go because = that=E2=80=99s not a WG I normally go to, and I didn=E2=80=99t realize = that was where the MUD work was happening. --Apple-Mail=_6302382F-92B1-4C3E-8C3A-FEC81B63F3C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 On = Jul 31, 2019, at 4:45 AM, Eliot Lear <lear@cisco.com> wrote:
On the other hand, it shouldn=E2=80=99t just be me. =  It=E2=80=99d be a very small working group ;-) If others are = interested, they should speak up.

I don=E2=80=99t = think I would necessarily initiate work, but I suspect if there were a = MUD WG I would show up for it and review documents.  The fact that = MUD is in OPSAWG has meant that I don=E2=80=99t go because that=E2=80=99s = not a WG I normally go to, and I didn=E2=80=99t realize that was where = the MUD work was happening.

= --Apple-Mail=_6302382F-92B1-4C3E-8C3A-FEC81B63F3C1--