From ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org  Wed Aug 29 14:44:39 2012
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3033D11E80EF for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 29 Aug 2012 14:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.26
X-Spam-Level: 
X-Spam-Status: No, score=-4.26 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, CN_BODY_35=0.339, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0piHgbCYQHW4 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 29 Aug 2012 14:44:38 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id E68FE11E80A5 for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 29 Aug 2012 14:44:34 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id AD33A86D55D for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 29 Aug 2012 21:44:34 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 9D57986D333 for <ntpwg@lists.ntp.org>; Wed, 29 Aug 2012 21:44:14 +0000 (UTC)
Received: from static-108-1-142-136.bstnma.east.verizon.net ([108.1.142.136] helo=[10.10.10.102]) by mail1.ntp.org with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <mayer@ntp.org>) id 1T6q3M-000Cij-F1; Wed, 29 Aug 2012 21:44:03 +0000
Message-ID: <503E8CF4.7030602@ntp.org>
Date: Wed, 29 Aug 2012 17:43:16 -0400
From: Danny Mayer <mayer@ntp.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Cui Yang <cuiyang@huawei.com>
References: <8CC0CB0BCAE52F46882E17828A9AE2161A032B90@SZXEML508-MBS.china.huawei.com> <4F575AF0.2060600@ntp.org> <8CC0CB0BCAE52F46882E17828A9AE2161A032D59@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC9043207DE@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A173D46@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904322E18@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A1756E8@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904324409@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A181BFC@SZXEML508-MBS.china.huawei.com>
In-Reply-To: <8CC0CB0BCAE52F46882E17828A9AE2161A181BFC@SZXEML508-MBS.china.huawei.com>
X-Enigmail-Version: 1.4.3
X-SA-Exim-Connect-IP: 108.1.142.136
X-SA-Exim-Rcpt-To: cuiyang@huawei.com, yaakov_s@rad.com, tictoc@ietf.org, zhangdacheng@huawei.com, ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: mayer@ntp.org
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Cc: NTP Working Group <ntpwg@lists.ntp.org>, "Zhangdacheng \(Dacheng\)" <zhangdacheng@huawei.com>, "tictoc@ietf.org" <tictoc@ietf.org>
Subject: Re: [ntpwg] [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org

I know that this is a rather old email message but when I was reviewing
it, it occurred to me that if IPSec requires accurate clocks to set
itself up then this won't work and you need, at least initially, to do
without IPSec.

Danny
On 3/19/2012 12:14 AM, Cui Yang wrote:
> Hi, Yaakov,
> =

> I said the IPsec tunnel =A1=B0functionality=A1=B1 is mandatory to achieve=
, which means the device MUST support IPsec ESP tunnel (confidentiality and=
 integrity).  =

> =

> More specifically, TS 33.320 does explicitly describe security requiremen=
t for time synchronization, where =

> -Sec.6.3.1, Clock Synchronization Security Mechanisms for H(e)NB =

> -=A1=B0The H(e)NB requires time synchronization with a time server. The H=
(e)NB SHALL support receiving time synchronisation messages over the secure=
 backhaul link between H(e)NB and the SeGW=A1=B1
> - =A1=B0Optionally other secure clock servers may be used, which do not u=
se the secure backhaul link. In this case the communication between these c=
lock server(s) and H(e)NB SHALL be secured.=A1=B1
> =

> From the above, my interpretation is,
> -synchronization MUST be adequately protected
> -synchronization mechanism MUST be supported by IPsec ESP tunnel mode (fo=
r devices)
> -In the case that IPsec is not chosen to use (though the devices do suppo=
rt), separate secured clock mechanism MUST be used.
> =

> Therefore, if IPsec tunnel is deployed, then synchronization protocol mus=
t support it; =

> otherwise different security mechanism is deployed, and a separate secure=
 protection (more than IPsec AH) for synchronization must be provided.
> From a vendor=A1=AFs point of view, it is required to investigate this pr=
oblem and compare the performances of different approaches. =

> =

> Finally, answering your question, Autokey is designed =A1=B0based on the =
premise that IPsec schemes cannot be adopted intact, since that would precl=
ude stateless servers and severely compromise timekeeping accuracy=A1=B1[RF=
C5906].
> But, what if the IPsec tunnel is available already? Is there any evaluati=
on on this =A1=B0severely=A1=B1 compromising accuracy? I wonder whether the=
re is any benefit to setting up separate security mechanism, if the device =
already has end-to-end IPsec tunnel connection. =

> And I believe that our investigation and analysis on this practical probl=
em is necessary and meaningful, which still could be greatly improved via t=
he discussion with you all.
> =

> Thanks,
> Yang
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>  Yang Cui,  Ph.D.
>  Huawei Technologies
>  cuiyang@huawei.com
> =

>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C218=C8=D5 22:22
>> =CA=D5=BC=FE=C8=CB: Cui Yang
>> =B3=AD=CB=CD: tictoc@ietf.org; Danny Mayer
>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for Enc=
rypted
>> Synchronization Protocol
>>
>> Yang
>>
>> What do you mean by "mandatory to achieve".
>>
>> What 33.320 says is that IPsec is mandatory to implement in HW,
>> but optional to use.
>> Furthermore, my interpretation is that timing packets are explicitly not
>> covered,
>> since they mention which types of packets should be protected,
>> and none of the types mentioned describe timing packets.
>>
>> I have a question for you.
>> Were we to use NTP with Autokey and thus provide strong proventication,
>> would you see any benefit to using IPsec ?
>> Do you agree that there is a drawback to its use ?
>>
>> Y(J)S
>>
>> -----Original Message-----
>> From: Cui Yang [mailto:cuiyang@huawei.com]
>> Sent: Thursday, March 15, 2012 05:30
>> To: Yaakov Stein
>> Cc: tictoc@ietf.org; Danny Mayer
>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypted
>> Synchronization Protocol
>>
>> Hi, Yaakov,
>>
>> Thanks for your comments. Please find my answer in the following.
>>
>> The IPsec tunnel functionality in backhaul link between femto and SeGW a=
re
>> mandatory to achieve by 3GPP Technical Specification TS.33.320
>> http://www.3gpp.org/ftp/specs/html-info/33320.htm
>> -4.3.1 Backhaul link
>> -4.4.5 Requirements on Backhaul Link
>> -7.4 IPsec Tunnel Establishment
>> -etc.
>>
>> This requirement is originated from the typical use case of home based
>> wireless base station (Femto), where the backhaul cable connection is
>> commonly leased by telecom operator and through insecure networks, not
>> belonging to operator=A1=AFs own network. Since the regulation and laws =
on
>> information security and privacy are strict in many countries, vendors a=
re
>> requested to set up this IPsec tunnel functionality to avoid the risk of
>> information or privacy leakage. The contents encrypted in IPsec tunnel
>> include not only data plane, but also control plane, where the former ca=
rries
>> the customer=A1=AFs data and voice, and the latter carries sensitive inf=
ormation,
>> such as the secret keys for air interface encryption. For most of operat=
ors
>> and vendors, it is considered necessary and responsible to protect custo=
mers=A1=AF
>> privacy and communication security, where the best way known is IPsec
>> tunnel.
>>
>> Best regards,
>> Yang
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>  Yang Cui,  Ph.D.
>>  Huawei Technologies
>>  cuiyang@huawei.com
>>
>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C215=C8=D5 2:36
>>> =CA=D5=BC=FE=C8=CB: Cui Yang
>>> =B3=AD=CB=CD: tictoc@ietf.org; Danny Mayer
>>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for En=
crypted
>>> Synchronization Protocol
>>>
>>> Yang
>>>
>>> Yes, I fully appreciate the scenario you are discussing,
>>> where ALL packets MUST be encrypted.
>>>
>>> I am just questioning whether such a scenario is really mandated by any
>>> standard (I believe it is not),
>>> in which case one can simply NOT encrypt the timing packets (even if you
>>> choose to encrypt the other packets).
>>>
>>> Y(J)S
>>>
>>> -----Original Message-----
>>> From: Cui Yang [mailto:cuiyang@huawei.com]
>>> Sent: Tuesday, March 13, 2012 04:51
>>> To: Yaakov Stein; Danny Mayer
>>> Cc: tictoc@ietf.org
>>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypt=
ed
>>> Synchronization Protocol
>>>
>>> Hi, Yaakov,
>>>
>>> Maybe my unclear description in the draft causes some confusion. Sorry =
for
>>> that.
>>> In the second motivation, we didn=A1=AFt try to argue there is a scenar=
io where
>>> timing packets must be encrypted.
>>> In contrast, we try to discuss the conditions where timing packets are
>>> transported in an insecure network and there are already IPsec ESP tunn=
el
>>> provided.
>>> When we try to transport the timing packets in a secure way, we can reu=
se
>>> the existing IPsec ESP tunnel even though the timing packets may not be
>>> confidential itself (But integrity protection is necessary, anyway).
>>>
>>> Best regards,
>>> Yang
>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>  Yang Cui,  Ph.D.
>>>  Huawei Technologies
>>>  cuiyang@huawei.com
>>>
>>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C213=C8=D5 0:47
>>>> =CA=D5=BC=FE=C8=CB: Cui Yang; Danny Mayer
>>>> =B3=AD=CB=CD: tictoc@ietf.org
>>>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for E=
ncrypted
>>>> Synchronization Protocol
>>>>
>>>> Yang
>>>>
>>>> I fully understand your motivation (actually the 2nd motivation in your
>>> draft)
>>>> to handle cases where encryption of ALL packets is mandatory, including
>>>> timing ones.
>>>>
>>>> However, I am not sure that TS 33.320 really mandates encryption of
>> timing
>>>> packets.
>>>>
>>>> First, 33.320 clearly states that while implementation of IPsec is
>> mandatory,
>>>> usage is optional and based on operator policy
>>>> (with the possible exception of direct links between H(e)NBs, but these
>>> links
>>>> are optional too).
>>>> If IPsec is not used, then a lower layer mechanism can be used
>>>> (w/o any specification of what exactly this lower layer mechanism needs
>> to
>>>> do),
>>>> a method assumedly running in HW and adding almost no delay and
>>>> absolutely no delay variation.
>>>>
>>>> Second, even if the operator decides to use IPsec, then the standard
>> states
>>>> "All signalling, user, and management plane traffic over the interface
>>>> between H(e)NB and SeGW shall be sent through an IPsec ESP tunnel".
>>>> I think we can make the case that timing is neither signaling, nor use=
r, nor
>>>> management traffic,
>>>> and thus exempt from the IPsec requirement.
>>>> Perhaps we should send 3GPP a liaison to that effect, and get an expli=
cit
>>>> waiver.
>>>>
>>>> So, we are left with no use case mandating encrypting of timing packet=
s,
>>>> and the problem goes away.
>>>>
>>>> Y(J)S
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: tictoc-bounces@ietf.org [mailto:tictoc-bounces@ietf.org] On
>> Behalf
>>> Of
>>>> Cui Yang
>>>> Sent: Thursday, March 08, 2012 03:44
>>>> To: Danny Mayer
>>>> Cc: tictoc@ietf.org
>>>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for
>> Encrypted
>>>> Synchronization Protocol
>>>>
>>>> Danny,
>>>>
>>>> Thanks for your comments. I will respond inline.
>>>>
>>>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>>>> =B7=A2=BC=FE=C8=CB: Danny Mayer [mailto:mayer@ntp.org]
>>>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C27=C8=D5 20:56
>>>>> =CA=D5=BC=FE=C8=CB: Cui Yang
>>>>> =B3=AD=CB=CD: tictoc@ietf.org
>>>>> =D6=F7=CC=E2: Re: [TICTOC] Please Comment on Practical Solutions for
>> Encrypted
>>>>> Synchronization Protocol
>>>>>
>>>>> I have already said this before and I will repeat this for the purpos=
es
>>>>> of feedback.
>>>>>
>>>>> Time packets do not need to be encrypted as not only do they not
>>> contain
>>>>> anything secret, even if you knew the contents they are useless
>> anytime
>>>>> after the packet has been delivered.
>>>>
>>>> [Cui Yang] I will repeat our motivation.
>>>> According to globally used 3GPP standard, there is a need for establish
>>> IPsec
>>>> ESP tunnel for small home base station connecting to Security GW or
>> other
>>>> core network devices.
>>>> There have existed such a great number of IPsec ESP tunnels in the
>>>> underlying use case.
>>>> For meeting the least security requirement, it is needed to set up IPs=
ec
>> AH
>>> or
>>>> IPsec ESP-NULL for the integrity protection.
>>>> Then it will increase the security cost.
>>>>
>>>> If there is a simple and practical solution for this problem, then why=
 not
>> let
>>> it
>>>> be clarified?
>>>> So that, many engineers and customers can benefit from single IPsec
>>> tunnel
>>>> protection each user, which saves the cost for both.
>>>>
>>>>> You do yourself a disfavor in encrypting something that is not worth
>>>>> encrypting. It takes processing overhead, increases packet size, and
>>>>> there is no gain in doing so. You need to justify encrypting something
>>>>
>>>> [Cui Yang] I am not doing myself a disfavor, but going to provide a so=
lution
>>> for
>>>> the practical and technical problem.
>>>> Integrity protection takes overhead, as well.
>>>> In case confidentiality is mandatory, is it a good idea to protect int=
egrity
>>>> separately?
>>>> What we need to do, is to investigate and reduce the cost as small as
>>> possible
>>>> first, and see whether it is acceptable or not.
>>>> That is our motivation of the new draft.
>>>>
>>>>> and please don't say that it is because some other document says to
>>>>> encrypt everything. I want to know what is the benefit from doing so,
>>>>
>>>> [Cui Yang] I just answered your previous email providing the referred
>>> section
>>>> and document as you required, yesterday.
>>>>
>>>>> what are the risks in not doing so and what is the cost of doing so,
>>>>> particularly in loss of accuracy, increased error budget, etc.
>>>>
>>>> [Cui Yang] That is our new draft trying to explain, please check it be=
fore
>>>> posting your opinion.
>>>>
>>>>> The whole thing is a bad idea from what I can tell.
>>>>>
>>>>> Danny
>>>>>
>>>>
>>>> Thanks,
>>>> Yang
>>>>
>>>>
>>>>> On 3/6/2012 10:35 PM, Cui Yang wrote:
>>>>>> Hi, all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I have posted a new draft that discusses the practical solutions for
>>>>>> encrypted synchronization protocols.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Since we have discussed a lot on this problem, and the security
>>>>>> requirement of synchronization also noted that confidentiality may
>>> need
>>>>>> protection, especially in case that the confidentiality protection is
>>>>>> mandatory. Synchronization should be available when the traffic is
>>>>>> encrypted. The influences by the encryption are explained, and
>> several
>>>>>> possible solutions have been discussed.
>>>>>>
>>>>>> The URL is below, please review and comment.
>>>>>>
>>>>>>
>>>>>>
>>>>>>     Title      : Practical solutions for encrypted synchronization
>>>> protocol
>>>>>>
>>>>>> Author(s)  : Y. Cui,
>>>>>>
>>>>>> M. Bhatia,
>>>>>>
>>>>>> D. Zhang
>>>>>>
>>>>>> Filename   : draft-cui-tictoc-encrypted-synchronization-00.txt
>>>>>>
>>>>>> Pages     : 10
>>>>>>
>>>>>> Date      : Mar. 1, 2012
>>>>>>
>>>>>>    This informational document analyzes the accuracy issues with
>> time
>>>>>>
>>>>>>    synchronization protocols when time synchronization packets are
>>>>>>
>>>>>>    encrypted during transmission. In addition, several candidate
>>>>>>
>>>>>>   solutions on such issues are introduced.
>>>>>>
>>>>>>
>>>>>>
>>>>>> A URL for this Internet-Draft is:
>>>>>>
>>>>>>
>>>>
>> http://datatracker.ietf.org/doc/draft-cui-tictoc-encrypted-synchronizati=
on
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Yang
>>>>>>
>>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>>>>
>>>>>> Yang Cui,  Ph.D.
>>>>>>
>>>>>> Huawei Technologies
>>>>>>
>>>>>> cuiyang@huawei.com
>>>> _______________________________________________
>>>> TICTOC mailing list
>>>> TICTOC@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tictoc

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

From ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org  Wed Aug 29 23:23:59 2012
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89F2C11E80BA for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 29 Aug 2012 23:23:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.26
X-Spam-Level: 
X-Spam-Status: No, score=-8.26 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599, CN_BODY_35=0.339, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHPpMdfs2b+N for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 29 Aug 2012 23:23:58 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id C27B211E80D3 for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 29 Aug 2012 23:23:57 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 1345F86DAB6 for <ntp-archives-ahFae6za@lists.ietf.org>; Thu, 30 Aug 2012 06:23:56 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 84EAC86D333 for <ntpwg@lists.ntp.org>; Thu, 30 Aug 2012 06:23:42 +0000 (UTC)
Received: from rcsinet15.oracle.com ([148.87.113.117]) by mail1.ntp.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <brian.utterback@oracle.com>) id 1T6yAE-000FPp-RT; Thu, 30 Aug 2012 06:23:42 +0000
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7U6NPlp004423 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 30 Aug 2012 06:23:26 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q7U6NOjg006998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Aug 2012 06:23:24 GMT
Received: from abhmt102.oracle.com (abhmt102.oracle.com [141.146.116.54]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q7U6NNnt025831; Thu, 30 Aug 2012 01:23:23 -0500
Received: from [10.195.0.201] (/10.195.0.201) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 29 Aug 2012 23:23:23 -0700
Message-ID: <503F06DA.3040204@oracle.com>
Date: Thu, 30 Aug 2012 02:23:22 -0400
From: Brian Utterback <brian.utterback@oracle.com>
Organization: Oracle
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:6.0) Gecko/20110814 Thunderbird/6.0
MIME-Version: 1.0
To: Danny Mayer <mayer@ntp.org>
References: <8CC0CB0BCAE52F46882E17828A9AE2161A032B90@SZXEML508-MBS.china.huawei.com> <4F575AF0.2060600@ntp.org> <8CC0CB0BCAE52F46882E17828A9AE2161A032D59@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC9043207DE@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A173D46@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904322E18@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A1756E8@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904324409@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A181BFC@SZXEML508-MBS.china.huawei.com> <503E8CF4.7030602@ntp.org>
In-Reply-To: <503E8CF4.7030602@ntp.org>
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
X-MIME-Autoconverted: from 8bit to quoted-printable by rcsinet15.oracle.com id q7U6NPlp004423
X-SA-Exim-Connect-IP: 148.87.113.117
X-SA-Exim-Rcpt-To: mayer@ntp.org, ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: brian.utterback@oracle.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Cc: NTP Working Group <ntpwg@lists.ntp.org>, "Zhangdacheng \(Dacheng\)" <zhangdacheng@huawei.com>, "tictoc@ietf.org" <tictoc@ietf.org>
Subject: Re: [ntpwg] [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org

One can easily imagine a two step boot process, one where the time is =

roughly determined using Autokey, and then the IPsec tunnel is set up, =

and then further timing packets sent over the tunnel. I don't know the =

precision of the timestamps,  in IPsec certificates, but I doubt that it =

is more than to the second, and more likely it is to the minute. If all =

you care about is the validity of the certs, then it shouldn't take a =

long time to get the time accurate to this level. If it were not for the =

possibility of reverse engineering the femto station, the original auth =

key scheme would work even better. But since the femto stations are =

distributed to untrusted users (I use one for instance, and who would =

trust me?) that wouldn't work.

On 08/29/12 17:43, Danny Mayer wrote:
> I know that this is a rather old email message but when I was reviewing
> it, it occurred to me that if IPSec requires accurate clocks to set
> itself up then this won't work and you need, at least initially, to do
> without IPSec.
>
> Danny
> On 3/19/2012 12:14 AM, Cui Yang wrote:
>> Hi, Yaakov,
>>
>> I said the IPsec tunnel =A1=B0functionality=A1=B1 is mandatory to achiev=
e, which means the device MUST support IPsec ESP tunnel (confidentiality an=
d integrity).
>>
>> More specifically, TS 33.320 does explicitly describe security requireme=
nt for time synchronization, where
>> -Sec.6.3.1, Clock Synchronization Security Mechanisms for H(e)NB
>> -=A1=B0The H(e)NB requires time synchronization with a time server. The =
H(e)NB SHALL support receiving time synchronisation messages over the secur=
e backhaul link between H(e)NB and the SeGW=A1=B1
>> - =A1=B0Optionally other secure clock servers may be used, which do not =
use the secure backhaul link. In this case the communication between these =
clock server(s) and H(e)NB SHALL be secured.=A1=B1
>>
>>  From the above, my interpretation is,
>> -synchronization MUST be adequately protected
>> -synchronization mechanism MUST be supported by IPsec ESP tunnel mode (f=
or devices)
>> -In the case that IPsec is not chosen to use (though the devices do supp=
ort), separate secured clock mechanism MUST be used.
>>
>> Therefore, if IPsec tunnel is deployed, then synchronization protocol mu=
st support it;
>> otherwise different security mechanism is deployed, and a separate secur=
e protection (more than IPsec AH) for synchronization must be provided.
>>  From a vendor=A1=AFs point of view, it is required to investigate this =
problem and compare the performances of different approaches.
>>
>> Finally, answering your question, Autokey is designed =A1=B0based on the=
 premise that IPsec schemes cannot be adopted intact, since that would prec=
lude stateless servers and severely compromise timekeeping accuracy=A1=B1[R=
FC5906].
>> But, what if the IPsec tunnel is available already? Is there any evaluat=
ion on this =A1=B0severely=A1=B1 compromising accuracy? I wonder whether th=
ere is any benefit to setting up separate security mechanism, if the device=
 already has end-to-end IPsec tunnel connection.
>> And I believe that our investigation and analysis on this practical prob=
lem is necessary and meaningful, which still could be greatly improved via =
the discussion with you all.
>>
>> Thanks,
>> Yang
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>   Yang Cui,  Ph.D.
>>   Huawei Technologies
>>   cuiyang@huawei.com
>>
>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C218=C8=D5 22:22
>>> =CA=D5=BC=FE=C8=CB: Cui Yang
>>> =B3=AD=CB=CD: tictoc@ietf.org; Danny Mayer
>>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for En=
crypted
>>> Synchronization Protocol
>>>
>>> Yang
>>>
>>> What do you mean by "mandatory to achieve".
>>>
>>> What 33.320 says is that IPsec is mandatory to implement in HW,
>>> but optional to use.
>>> Furthermore, my interpretation is that timing packets are explicitly not
>>> covered,
>>> since they mention which types of packets should be protected,
>>> and none of the types mentioned describe timing packets.
>>>
>>> I have a question for you.
>>> Were we to use NTP with Autokey and thus provide strong proventication,
>>> would you see any benefit to using IPsec ?
>>> Do you agree that there is a drawback to its use ?
>>>
>>> Y(J)S
>>>
>>> -----Original Message-----
>>> From: Cui Yang [mailto:cuiyang@huawei.com]
>>> Sent: Thursday, March 15, 2012 05:30
>>> To: Yaakov Stein
>>> Cc: tictoc@ietf.org; Danny Mayer
>>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypt=
ed
>>> Synchronization Protocol
>>>
>>> Hi, Yaakov,
>>>
>>> Thanks for your comments. Please find my answer in the following.
>>>
>>> The IPsec tunnel functionality in backhaul link between femto and SeGW =
are
>>> mandatory to achieve by 3GPP Technical Specification TS.33.320
>>> http://www.3gpp.org/ftp/specs/html-info/33320.htm
>>> -4.3.1 Backhaul link
>>> -4.4.5 Requirements on Backhaul Link
>>> -7.4 IPsec Tunnel Establishment
>>> -etc.
>>>
>>> This requirement is originated from the typical use case of home based
>>> wireless base station (Femto), where the backhaul cable connection is
>>> commonly leased by telecom operator and through insecure networks, not
>>> belonging to operator=A1=AFs own network. Since the regulation and laws=
 on
>>> information security and privacy are strict in many countries, vendors =
are
>>> requested to set up this IPsec tunnel functionality to avoid the risk of
>>> information or privacy leakage. The contents encrypted in IPsec tunnel
>>> include not only data plane, but also control plane, where the former c=
arries
>>> the customer=A1=AFs data and voice, and the latter carries sensitive in=
formation,
>>> such as the secret keys for air interface encryption. For most of opera=
tors
>>> and vendors, it is considered necessary and responsible to protect cust=
omers=A1=AF
>>> privacy and communication security, where the best way known is IPsec
>>> tunnel.
>>>
>>> Best regards,
>>> Yang
>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>   Yang Cui,  Ph.D.
>>>   Huawei Technologies
>>>   cuiyang@huawei.com
>>>
>>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C215=C8=D5 2:36
>>>> =CA=D5=BC=FE=C8=CB: Cui Yang
>>>> =B3=AD=CB=CD: tictoc@ietf.org; Danny Mayer
>>>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for E=
ncrypted
>>>> Synchronization Protocol
>>>>
>>>> Yang
>>>>
>>>> Yes, I fully appreciate the scenario you are discussing,
>>>> where ALL packets MUST be encrypted.
>>>>
>>>> I am just questioning whether such a scenario is really mandated by any
>>>> standard (I believe it is not),
>>>> in which case one can simply NOT encrypt the timing packets (even if y=
ou
>>>> choose to encrypt the other packets).
>>>>
>>>> Y(J)S
>>>>
>>>> -----Original Message-----
>>>> From: Cui Yang [mailto:cuiyang@huawei.com]
>>>> Sent: Tuesday, March 13, 2012 04:51
>>>> To: Yaakov Stein; Danny Mayer
>>>> Cc: tictoc@ietf.org
>>>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encryp=
ted
>>>> Synchronization Protocol
>>>>
>>>> Hi, Yaakov,
>>>>
>>>> Maybe my unclear description in the draft causes some confusion. Sorry=
 for
>>>> that.
>>>> In the second motivation, we didn=A1=AFt try to argue there is a scena=
rio where
>>>> timing packets must be encrypted.
>>>> In contrast, we try to discuss the conditions where timing packets are
>>>> transported in an insecure network and there are already IPsec ESP tun=
nel
>>>> provided.
>>>> When we try to transport the timing packets in a secure way, we can re=
use
>>>> the existing IPsec ESP tunnel even though the timing packets may not be
>>>> confidential itself (But integrity protection is necessary, anyway).
>>>>
>>>> Best regards,
>>>> Yang
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>>   Yang Cui,  Ph.D.
>>>>   Huawei Technologies
>>>>   cuiyang@huawei.com
>>>>
>>>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>>>> =B7=A2=BC=FE=C8=CB: Yaakov Stein [mailto:yaakov_s@rad.com]
>>>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C213=C8=D5 0:47
>>>>> =CA=D5=BC=FE=C8=CB: Cui Yang; Danny Mayer
>>>>> =B3=AD=CB=CD: tictoc@ietf.org
>>>>> =D6=F7=CC=E2: RE: [TICTOC] Please Comment on Practical Solutions for =
Encrypted
>>>>> Synchronization Protocol
>>>>>
>>>>> Yang
>>>>>
>>>>> I fully understand your motivation (actually the 2nd motivation in yo=
ur
>>>> draft)
>>>>> to handle cases where encryption of ALL packets is mandatory, includi=
ng
>>>>> timing ones.
>>>>>
>>>>> However, I am not sure that TS 33.320 really mandates encryption of
>>> timing
>>>>> packets.
>>>>>
>>>>> First, 33.320 clearly states that while implementation of IPsec is
>>> mandatory,
>>>>> usage is optional and based on operator policy
>>>>> (with the possible exception of direct links between H(e)NBs, but the=
se
>>>> links
>>>>> are optional too).
>>>>> If IPsec is not used, then a lower layer mechanism can be used
>>>>> (w/o any specification of what exactly this lower layer mechanism nee=
ds
>>> to
>>>>> do),
>>>>> a method assumedly running in HW and adding almost no delay and
>>>>> absolutely no delay variation.
>>>>>
>>>>> Second, even if the operator decides to use IPsec, then the standard
>>> states
>>>>> "All signalling, user, and management plane traffic over the interface
>>>>> between H(e)NB and SeGW shall be sent through an IPsec ESP tunnel".
>>>>> I think we can make the case that timing is neither signaling, nor us=
er, nor
>>>>> management traffic,
>>>>> and thus exempt from the IPsec requirement.
>>>>> Perhaps we should send 3GPP a liaison to that effect, and get an expl=
icit
>>>>> waiver.
>>>>>
>>>>> So, we are left with no use case mandating encrypting of timing packe=
ts,
>>>>> and the problem goes away.
>>>>>
>>>>> Y(J)S
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: tictoc-bounces@ietf.org [mailto:tictoc-bounces@ietf.org] On
>>> Behalf
>>>> Of
>>>>> Cui Yang
>>>>> Sent: Thursday, March 08, 2012 03:44
>>>>> To: Danny Mayer
>>>>> Cc: tictoc@ietf.org
>>>>> Subject: Re: [TICTOC] Please Comment on Practical Solutions for
>>> Encrypted
>>>>> Synchronization Protocol
>>>>>
>>>>> Danny,
>>>>>
>>>>> Thanks for your comments. I will respond inline.
>>>>>
>>>>>> -----=D3=CA=BC=FE=D4=AD=BC=FE-----
>>>>>> =B7=A2=BC=FE=C8=CB: Danny Mayer [mailto:mayer@ntp.org]
>>>>>> =B7=A2=CB=CD=CA=B1=BC=E4: 2012=C4=EA3=D4=C27=C8=D5 20:56
>>>>>> =CA=D5=BC=FE=C8=CB: Cui Yang
>>>>>> =B3=AD=CB=CD: tictoc@ietf.org
>>>>>> =D6=F7=CC=E2: Re: [TICTOC] Please Comment on Practical Solutions for
>>> Encrypted
>>>>>> Synchronization Protocol
>>>>>>
>>>>>> I have already said this before and I will repeat this for the purpo=
ses
>>>>>> of feedback.
>>>>>>
>>>>>> Time packets do not need to be encrypted as not only do they not
>>>> contain
>>>>>> anything secret, even if you knew the contents they are useless
>>> anytime
>>>>>> after the packet has been delivered.
>>>>> [Cui Yang] I will repeat our motivation.
>>>>> According to globally used 3GPP standard, there is a need for establi=
sh
>>>> IPsec
>>>>> ESP tunnel for small home base station connecting to Security GW or
>>> other
>>>>> core network devices.
>>>>> There have existed such a great number of IPsec ESP tunnels in the
>>>>> underlying use case.
>>>>> For meeting the least security requirement, it is needed to set up IP=
sec
>>> AH
>>>> or
>>>>> IPsec ESP-NULL for the integrity protection.
>>>>> Then it will increase the security cost.
>>>>>
>>>>> If there is a simple and practical solution for this problem, then wh=
y not
>>> let
>>>> it
>>>>> be clarified?
>>>>> So that, many engineers and customers can benefit from single IPsec
>>>> tunnel
>>>>> protection each user, which saves the cost for both.
>>>>>
>>>>>> You do yourself a disfavor in encrypting something that is not worth
>>>>>> encrypting. It takes processing overhead, increases packet size, and
>>>>>> there is no gain in doing so. You need to justify encrypting somethi=
ng
>>>>> [Cui Yang] I am not doing myself a disfavor, but going to provide a s=
olution
>>>> for
>>>>> the practical and technical problem.
>>>>> Integrity protection takes overhead, as well.
>>>>> In case confidentiality is mandatory, is it a good idea to protect in=
tegrity
>>>>> separately?
>>>>> What we need to do, is to investigate and reduce the cost as small as
>>>> possible
>>>>> first, and see whether it is acceptable or not.
>>>>> That is our motivation of the new draft.
>>>>>
>>>>>> and please don't say that it is because some other document says to
>>>>>> encrypt everything. I want to know what is the benefit from doing so,
>>>>> [Cui Yang] I just answered your previous email providing the referred
>>>> section
>>>>> and document as you required, yesterday.
>>>>>
>>>>>> what are the risks in not doing so and what is the cost of doing so,
>>>>>> particularly in loss of accuracy, increased error budget, etc.
>>>>> [Cui Yang] That is our new draft trying to explain, please check it b=
efore
>>>>> posting your opinion.
>>>>>
>>>>>> The whole thing is a bad idea from what I can tell.
>>>>>>
>>>>>> Danny
>>>>>>
>>>>> Thanks,
>>>>> Yang
>>>>>
>>>>>
>>>>>> On 3/6/2012 10:35 PM, Cui Yang wrote:
>>>>>>> Hi, all,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I have posted a new draft that discusses the practical solutions for
>>>>>>> encrypted synchronization protocols.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Since we have discussed a lot on this problem, and the security
>>>>>>> requirement of synchronization also noted that confidentiality may
>>>> need
>>>>>>> protection, especially in case that the confidentiality protection =
is
>>>>>>> mandatory. Synchronization should be available when the traffic is
>>>>>>> encrypted. The influences by the encryption are explained, and
>>> several
>>>>>>> possible solutions have been discussed.
>>>>>>>
>>>>>>> The URL is below, please review and comment.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>      Title      : Practical solutions for encrypted synchronization
>>>>> protocol
>>>>>>> Author(s)  : Y. Cui,
>>>>>>>
>>>>>>> M. Bhatia,
>>>>>>>
>>>>>>> D. Zhang
>>>>>>>
>>>>>>> Filename   : draft-cui-tictoc-encrypted-synchronization-00.txt
>>>>>>>
>>>>>>> Pages     : 10
>>>>>>>
>>>>>>> Date      : Mar. 1, 2012
>>>>>>>
>>>>>>>     This informational document analyzes the accuracy issues with
>>> time
>>>>>>>     synchronization protocols when time synchronization packets are
>>>>>>>
>>>>>>>     encrypted during transmission. In addition, several candidate
>>>>>>>
>>>>>>>    solutions on such issues are introduced.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> A URL for this Internet-Draft is:
>>>>>>>
>>>>>>>
>>> http://datatracker.ietf.org/doc/draft-cui-tictoc-encrypted-synchronizat=
ion
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Yang
>>>>>>>
>>>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>>>>>
>>>>>>> Yang Cui,  Ph.D.
>>>>>>>
>>>>>>> Huawei Technologies
>>>>>>>
>>>>>>> cuiyang@huawei.com
>>>>> _______________________________________________
>>>>> TICTOC mailing list
>>>>> TICTOC@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/tictoc
> _______________________________________________
> ntpwg mailing list
> ntpwg@lists.ntp.org
> http://lists.ntp.org/listinfo/ntpwg


-- =

blu

Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. - Martin Golding
-----------------------------------------------------------------------|
Brian Utterback - Solaris RPE, Oracle Corporation.
Ph:603-262-3916, Em:brian.utterback@oracle.com

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

From ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org  Thu Aug 30 04:29:02 2012
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B444721F855A for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Thu, 30 Aug 2012 04:29:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zb2HbqhTdb1Z for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Thu, 30 Aug 2012 04:29:01 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [IPv6:2001:4f8:fff7:1::7]) by ietfa.amsl.com (Postfix) with ESMTP id 73CA621F8559 for <ntp-archives-ahFae6za@lists.ietf.org>; Thu, 30 Aug 2012 04:29:00 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 0F08386DAA7 for <ntp-archives-ahFae6za@lists.ietf.org>; Thu, 30 Aug 2012 11:28:55 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id AF1C086D333 for <ntpwg@lists.ntp.org>; Thu, 30 Aug 2012 02:52:03 +0000 (UTC)
Received: from szxga01-in.huawei.com ([119.145.14.64]) by mail1.ntp.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <cuiyang@huawei.com>) id 1T6urP-000E8u-6Q; Thu, 30 Aug 2012 02:52:03 +0000
Received: from 172.24.2.119 (EHLO szxeml211-edg.china.huawei.com) ([172.24.2.119]) by szxrg01-dlp.huawei.com (MOS 4.3.4-GA FastPath queued) with ESMTP id ANZ11288; Thu, 30 Aug 2012 10:51:47 +0800 (CST)
Received: from SZXEML426-HUB.china.huawei.com (10.72.61.34) by szxeml211-edg.china.huawei.com (172.24.2.182) with Microsoft SMTP Server (TLS) id 14.1.323.3; Thu, 30 Aug 2012 10:50:39 +0800
Received: from SZXEML508-MBS.china.huawei.com ([169.254.6.203]) by szxeml426-hub.china.huawei.com ([10.72.61.34]) with mapi id 14.01.0323.003; Thu, 30 Aug 2012 10:50:38 +0800
From: Cuiyang <cuiyang@huawei.com>
To: Yoav Nir <ynir@checkpoint.com>, Danny Mayer <mayer@ntp.org>
Thread-Topic: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol
Thread-Index: AQHNhjFRZNnN0QHKzUuipAJ6ZnWUdZdxprGA
Date: Thu, 30 Aug 2012 02:50:37 +0000
Message-ID: <8CC0CB0BCAE52F46882E17828A9AE216368615B5@SZXEML508-MBS.china.huawei.com>
References: <8CC0CB0BCAE52F46882E17828A9AE2161A032B90@SZXEML508-MBS.china.huawei.com> <4F575AF0.2060600@ntp.org> <8CC0CB0BCAE52F46882E17828A9AE2161A032D59@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC9043207DE@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A173D46@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904322E18@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A1756E8@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904324409@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A181BFC@SZXEML508-MBS.china.huawei.com> <503E8CF4.7030602@ntp.org> <5203A602-5BCC-4793-8B32-759E9EEF7026@checkpoint.com>
In-Reply-To: <5203A602-5BCC-4793-8B32-759E9EEF7026@checkpoint.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-cr-hashedpuzzle: Dawd MvNH VFVq YaGZ Zcay gebp gqlZ jSmG pJh4 reH3 sMZ0 sqnb unXf wTHP xih8 xxAS; 4; bQBhAHkAZQByAEAAbgB0AHAALgBvAHIAZwA7AG4AdABwAHcAZwBAAGwAaQBzAHQAcwAuAG4AdABwAC4AbwByAGcAOwB0AGkAYwB0AG8AYwBAAGkAZQB0AGYALgBvAHIAZwA7AHkAbgBpAHIAQABjAGgAZQBjAGsAcABvAGkAbgB0AC4AYwBvAG0A; Sosha1_v1; 7; {DE12BDB6-D4C7-49B5-9901-D883683D5BE7}; YwB1AGkAeQBhAG4AZwBAAGgAdQBhAHcAZQBpAC4AYwBvAG0A; Thu, 30 Aug 2012 02:50:27 GMT; UgBlADoAIABbAFQASQBDAFQATwBDAF0AIABQAGwAZQBhAHMAZQAgAEMAbwBtAG0AZQBuAHQAIABvAG4AIABQAHIAYQBjAHQAaQBjAGEAbAAgAFMAbwBsAHUAdABpAG8AbgBzACAAZgBvAHIAIABFAG4AYwByAHkAcAB0AGUAZAAgAFMAeQBuAGMAaAByAG8AbgBpAHoAYQB0AGkAbwBuACAAUAByAG8AdABvAGMAbwBsAA==
x-cr-puzzleid: {DE12BDB6-D4C7-49B5-9901-D883683D5BE7}
x-originating-ip: [10.111.48.119]
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-SA-Exim-Connect-IP: 119.145.14.64
X-SA-Exim-Rcpt-To: mayer@ntp.org, ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: cuiyang@huawei.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
X-Mailman-Approved-At: Thu, 30 Aug 2012 11:28:41 +0000
Cc: NTP Working Group <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Subject: Re: [ntpwg] [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org

SGksIFlvYXYsDQoNClJpZ2h0LCBJUHNlYyBkb2VzIG5vdCBuZWVkIHByZWNpc2Ugc3luY2hyb25p
emF0aW9uIGFzIGluIHRoaXMgZHJhZnQuDQpBY3R1YWxseSwgdGhpcyBpcyBjb21pbmcgZnJvbSB0
aGUgcmVxdWlyZW1lbnQgdGhhdCBzeW5jaHJvbml6YXRpb24gaW4gSVBzZWMgdHVubmVsIHdoZXJl
IGVuY3J5cHRpb24gaGFzIGJlZW4gZW5hYmxlZCwgc3VjaCBhcyBIKGUpTkIuDQoNCllhbmcNCj09
PT09PT09PT09PT09PT09PQ0KIFlhbmcgQ3VpLCAgUGguRC4NCiBIdWF3ZWkgVGVjaG5vbG9naWVz
DQogY3VpeWFuZ0BodWF3ZWkuY29tDQoNCj4gLS0tLS3pgq7ku7bljp/ku7YtLS0tLQ0KPiDlj5Hk
u7bkuro6IFlvYXYgTmlyIFttYWlsdG86eW5pckBjaGVja3BvaW50LmNvbV0NCj4g5Y+R6YCB5pe2
6Ze0OiAyMDEy5bm0OOaciDMw5pelIDU6NTcNCj4g5pS25Lu25Lq6OiBEYW5ueSBNYXllcg0KPiDm
ioTpgIE6IEN1aXlhbmc7IE5UUCBXb3JraW5nIEdyb3VwOyB0aWN0b2NAaWV0Zi5vcmcNCj4g5Li7
6aKYOiBSZTogW1RJQ1RPQ10gUGxlYXNlIENvbW1lbnQgb24gUHJhY3RpY2FsIFNvbHV0aW9ucyBm
b3IgRW5jcnlwdGVkDQo+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbA0KPiANCj4gSGkgRGFubnkN
Cj4gDQo+IEknbSBub3Qgc3VyZSB3aGVyZSB0aGlzIGlzIGNvbWluZyBmcm9tLCBidXQgdG8gY2xh
cmlmeSwgSVBzZWMgZG9lcyBub3QgbmVlZA0KPiBhY2N1cmF0ZSBjbG9ja3MgdG8gc2V0IGl0c2Vs
ZiB1cC4NCj4gDQo+IFRoZSBIKGUpTkIgcmVxdWlyZXMgdGltZSBzeW5jaHJvbml6YXRpb24gZm9y
IG90aGVyIHB1cnBvc2VzLCBub3QgZm9yIHNldHRpbmcNCj4gdXAgSVBzZWMgdHVubmVscy4NCj4g
DQo+IFlvYXYNCj4gDQo+IE9uIEF1ZyAzMCwgMjAxMiwgYXQgMTI6NDMgQU0sIERhbm55IE1heWVy
IHdyb3RlOg0KPiANCj4gPiBJIGtub3cgdGhhdCB0aGlzIGlzIGEgcmF0aGVyIG9sZCBlbWFpbCBt
ZXNzYWdlIGJ1dCB3aGVuIEkgd2FzIHJldmlld2luZw0KPiA+IGl0LCBpdCBvY2N1cnJlZCB0byBt
ZSB0aGF0IGlmIElQU2VjIHJlcXVpcmVzIGFjY3VyYXRlIGNsb2NrcyB0byBzZXQNCj4gPiBpdHNl
bGYgdXAgdGhlbiB0aGlzIHdvbid0IHdvcmsgYW5kIHlvdSBuZWVkLCBhdCBsZWFzdCBpbml0aWFs
bHksIHRvIGRvDQo+ID4gd2l0aG91dCBJUFNlYy4NCj4gPg0KPiA+IERhbm55DQo+ID4gT24gMy8x
OS8yMDEyIDEyOjE0IEFNLCBDdWkgWWFuZyB3cm90ZToNCj4gPj4gSGksIFlhYWtvdiwNCj4gPj4N
Cj4gPj4gSSBzYWlkIHRoZSBJUHNlYyB0dW5uZWwgwqHCsGZ1bmN0aW9uYWxpdHnCocKxIGlzIG1h
bmRhdG9yeSB0byBhY2hpZXZlLCB3aGljaA0KPiBtZWFucyB0aGUgZGV2aWNlIE1VU1Qgc3VwcG9y
dCBJUHNlYyBFU1AgdHVubmVsIChjb25maWRlbnRpYWxpdHkgYW5kDQo+IGludGVncml0eSkuDQo+
ID4+DQo+ID4+IE1vcmUgc3BlY2lmaWNhbGx5LCBUUyAzMy4zMjAgZG9lcyBleHBsaWNpdGx5IGRl
c2NyaWJlIHNlY3VyaXR5IHJlcXVpcmVtZW50DQo+IGZvciB0aW1lIHN5bmNocm9uaXphdGlvbiwg
d2hlcmUNCj4gPj4gLVNlYy42LjMuMSwgQ2xvY2sgU3luY2hyb25pemF0aW9uIFNlY3VyaXR5IE1l
Y2hhbmlzbXMgZm9yIEgoZSlOQg0KPiA+PiAtwqHCsFRoZSBIKGUpTkIgcmVxdWlyZXMgdGltZSBz
eW5jaHJvbml6YXRpb24gd2l0aCBhIHRpbWUgc2VydmVyLiBUaGUNCj4gSChlKU5CIFNIQUxMIHN1
cHBvcnQgcmVjZWl2aW5nIHRpbWUgc3luY2hyb25pc2F0aW9uIG1lc3NhZ2VzIG92ZXIgdGhlDQo+
IHNlY3VyZSBiYWNraGF1bCBsaW5rIGJldHdlZW4gSChlKU5CIGFuZCB0aGUgU2VHV8KhwrENCj4g
Pj4gLSDCocKwT3B0aW9uYWxseSBvdGhlciBzZWN1cmUgY2xvY2sgc2VydmVycyBtYXkgYmUgdXNl
ZCwgd2hpY2ggZG8gbm90IHVzZQ0KPiB0aGUgc2VjdXJlIGJhY2toYXVsIGxpbmsuIEluIHRoaXMg
Y2FzZSB0aGUgY29tbXVuaWNhdGlvbiBiZXR3ZWVuIHRoZXNlIGNsb2NrDQo+IHNlcnZlcihzKSBh
bmQgSChlKU5CIFNIQUxMIGJlIHNlY3VyZWQuwqHCsQ0KPiA+Pg0KPiA+PiBGcm9tIHRoZSBhYm92
ZSwgbXkgaW50ZXJwcmV0YXRpb24gaXMsDQo+ID4+IC1zeW5jaHJvbml6YXRpb24gTVVTVCBiZSBh
ZGVxdWF0ZWx5IHByb3RlY3RlZA0KPiA+PiAtc3luY2hyb25pemF0aW9uIG1lY2hhbmlzbSBNVVNU
IGJlIHN1cHBvcnRlZCBieSBJUHNlYyBFU1AgdHVubmVsDQo+IG1vZGUgKGZvciBkZXZpY2VzKQ0K
PiA+PiAtSW4gdGhlIGNhc2UgdGhhdCBJUHNlYyBpcyBub3QgY2hvc2VuIHRvIHVzZSAodGhvdWdo
IHRoZSBkZXZpY2VzIGRvDQo+IHN1cHBvcnQpLCBzZXBhcmF0ZSBzZWN1cmVkIGNsb2NrIG1lY2hh
bmlzbSBNVVNUIGJlIHVzZWQuDQo+ID4+DQo+ID4+IFRoZXJlZm9yZSwgaWYgSVBzZWMgdHVubmVs
IGlzIGRlcGxveWVkLCB0aGVuIHN5bmNocm9uaXphdGlvbiBwcm90b2NvbCBtdXN0DQo+IHN1cHBv
cnQgaXQ7DQo+ID4+IG90aGVyd2lzZSBkaWZmZXJlbnQgc2VjdXJpdHkgbWVjaGFuaXNtIGlzIGRl
cGxveWVkLCBhbmQgYSBzZXBhcmF0ZQ0KPiBzZWN1cmUgcHJvdGVjdGlvbiAobW9yZSB0aGFuIElQ
c2VjIEFIKSBmb3Igc3luY2hyb25pemF0aW9uIG11c3QgYmUNCj4gcHJvdmlkZWQuDQo+ID4+IEZy
b20gYSB2ZW5kb3LCocKvcyBwb2ludCBvZiB2aWV3LCBpdCBpcyByZXF1aXJlZCB0byBpbnZlc3Rp
Z2F0ZSB0aGlzIHByb2JsZW0NCj4gYW5kIGNvbXBhcmUgdGhlIHBlcmZvcm1hbmNlcyBvZiBkaWZm
ZXJlbnQgYXBwcm9hY2hlcy4NCj4gPj4NCj4gPj4gRmluYWxseSwgYW5zd2VyaW5nIHlvdXIgcXVl
c3Rpb24sIEF1dG9rZXkgaXMgZGVzaWduZWQgwqHCsGJhc2VkIG9uIHRoZQ0KPiBwcmVtaXNlIHRo
YXQgSVBzZWMgc2NoZW1lcyBjYW5ub3QgYmUgYWRvcHRlZCBpbnRhY3QsIHNpbmNlIHRoYXQgd291
bGQNCj4gcHJlY2x1ZGUgc3RhdGVsZXNzIHNlcnZlcnMgYW5kIHNldmVyZWx5IGNvbXByb21pc2Ug
dGltZWtlZXBpbmcNCj4gYWNjdXJhY3nCocKxW1JGQzU5MDZdLg0KPiA+PiBCdXQsIHdoYXQgaWYg
dGhlIElQc2VjIHR1bm5lbCBpcyBhdmFpbGFibGUgYWxyZWFkeT8gSXMgdGhlcmUgYW55IGV2YWx1
YXRpb24NCj4gb24gdGhpcyDCocKwc2V2ZXJlbHnCocKxIGNvbXByb21pc2luZyBhY2N1cmFjeT8g
SSB3b25kZXIgd2hldGhlciB0aGVyZSBpcyBhbnkNCj4gYmVuZWZpdCB0byBzZXR0aW5nIHVwIHNl
cGFyYXRlIHNlY3VyaXR5IG1lY2hhbmlzbSwgaWYgdGhlIGRldmljZSBhbHJlYWR5IGhhcw0KPiBl
bmQtdG8tZW5kIElQc2VjIHR1bm5lbCBjb25uZWN0aW9uLg0KPiA+PiBBbmQgSSBiZWxpZXZlIHRo
YXQgb3VyIGludmVzdGlnYXRpb24gYW5kIGFuYWx5c2lzIG9uIHRoaXMgcHJhY3RpY2FsIHByb2Js
ZW0NCj4gaXMgbmVjZXNzYXJ5IGFuZCBtZWFuaW5nZnVsLCB3aGljaCBzdGlsbCBjb3VsZCBiZSBn
cmVhdGx5IGltcHJvdmVkIHZpYSB0aGUNCj4gZGlzY3Vzc2lvbiB3aXRoIHlvdSBhbGwuDQo+ID4+
DQo+ID4+IFRoYW5rcywNCj4gPj4gWWFuZw0KPiA+PiA9PT09PT09PT09PT09PT09PT0NCj4gPj4g
WWFuZyBDdWksICBQaC5ELg0KPiA+PiBIdWF3ZWkgVGVjaG5vbG9naWVzDQo+ID4+IGN1aXlhbmdA
aHVhd2VpLmNvbQ0KPiA+Pg0KPiA+Pj4gLS0tLS3Dk8OKwrzDvsOUwq3CvMO+LS0tLS0NCj4gPj4+
IMK3wqLCvMO+w4jDizogWWFha292IFN0ZWluIFttYWlsdG86eWFha292X3NAcmFkLmNvbV0NCj4g
Pj4+IMK3wqLDi8ONw4rCscK8w6Q6IDIwMTLDhMOqM8OUw4IxOMOIw5UgMjI6MjINCj4gPj4+IMOK
w5XCvMO+w4jDizogQ3VpIFlhbmcNCj4gPj4+IMKzwq3Di8ONOiB0aWN0b2NAaWV0Zi5vcmc7IERh
bm55IE1heWVyDQo+ID4+PiDDlsO3w4zDojogUkU6IFtUSUNUT0NdIFBsZWFzZSBDb21tZW50IG9u
IFByYWN0aWNhbCBTb2x1dGlvbnMgZm9yIEVuY3J5cHRlZA0KPiA+Pj4gU3luY2hyb25pemF0aW9u
IFByb3RvY29sDQo+ID4+Pg0KPiA+Pj4gWWFuZw0KPiA+Pj4NCj4gPj4+IFdoYXQgZG8geW91IG1l
YW4gYnkgIm1hbmRhdG9yeSB0byBhY2hpZXZlIi4NCj4gPj4+DQo+ID4+PiBXaGF0IDMzLjMyMCBz
YXlzIGlzIHRoYXQgSVBzZWMgaXMgbWFuZGF0b3J5IHRvIGltcGxlbWVudCBpbiBIVywNCj4gPj4+
IGJ1dCBvcHRpb25hbCB0byB1c2UuDQo+ID4+PiBGdXJ0aGVybW9yZSwgbXkgaW50ZXJwcmV0YXRp
b24gaXMgdGhhdCB0aW1pbmcgcGFja2V0cyBhcmUgZXhwbGljaXRseSBub3QNCj4gPj4+IGNvdmVy
ZWQsDQo+ID4+PiBzaW5jZSB0aGV5IG1lbnRpb24gd2hpY2ggdHlwZXMgb2YgcGFja2V0cyBzaG91
bGQgYmUgcHJvdGVjdGVkLA0KPiA+Pj4gYW5kIG5vbmUgb2YgdGhlIHR5cGVzIG1lbnRpb25lZCBk
ZXNjcmliZSB0aW1pbmcgcGFja2V0cy4NCj4gPj4+DQo+ID4+PiBJIGhhdmUgYSBxdWVzdGlvbiBm
b3IgeW91Lg0KPiA+Pj4gV2VyZSB3ZSB0byB1c2UgTlRQIHdpdGggQXV0b2tleSBhbmQgdGh1cyBw
cm92aWRlIHN0cm9uZw0KPiBwcm92ZW50aWNhdGlvbiwNCj4gPj4+IHdvdWxkIHlvdSBzZWUgYW55
IGJlbmVmaXQgdG8gdXNpbmcgSVBzZWMgPw0KPiA+Pj4gRG8geW91IGFncmVlIHRoYXQgdGhlcmUg
aXMgYSBkcmF3YmFjayB0byBpdHMgdXNlID8NCj4gPj4+DQo+ID4+PiBZKEopUw0KPiA+Pj4NCj4g
Pj4+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+ID4+PiBGcm9tOiBDdWkgWWFuZyBbbWFp
bHRvOmN1aXlhbmdAaHVhd2VpLmNvbV0NCj4gPj4+IFNlbnQ6IFRodXJzZGF5LCBNYXJjaCAxNSwg
MjAxMiAwNTozMA0KPiA+Pj4gVG86IFlhYWtvdiBTdGVpbg0KPiA+Pj4gQ2M6IHRpY3RvY0BpZXRm
Lm9yZzsgRGFubnkgTWF5ZXINCj4gPj4+IFN1YmplY3Q6IFJlOiBbVElDVE9DXSBQbGVhc2UgQ29t
bWVudCBvbiBQcmFjdGljYWwgU29sdXRpb25zIGZvcg0KPiBFbmNyeXB0ZWQNCj4gPj4+IFN5bmNo
cm9uaXphdGlvbiBQcm90b2NvbA0KPiA+Pj4NCj4gPj4+IEhpLCBZYWFrb3YsDQo+ID4+Pg0KPiA+
Pj4gVGhhbmtzIGZvciB5b3VyIGNvbW1lbnRzLiBQbGVhc2UgZmluZCBteSBhbnN3ZXIgaW4gdGhl
IGZvbGxvd2luZy4NCj4gPj4+DQo+ID4+PiBUaGUgSVBzZWMgdHVubmVsIGZ1bmN0aW9uYWxpdHkg
aW4gYmFja2hhdWwgbGluayBiZXR3ZWVuIGZlbXRvIGFuZCBTZUdXDQo+IGFyZQ0KPiA+Pj4gbWFu
ZGF0b3J5IHRvIGFjaGlldmUgYnkgM0dQUCBUZWNobmljYWwgU3BlY2lmaWNhdGlvbiBUUy4zMy4z
MjANCj4gPj4+IGh0dHA6Ly93d3cuM2dwcC5vcmcvZnRwL3NwZWNzL2h0bWwtaW5mby8zMzMyMC5o
dG0NCj4gPj4+IC00LjMuMSBCYWNraGF1bCBsaW5rDQo+ID4+PiAtNC40LjUgUmVxdWlyZW1lbnRz
IG9uIEJhY2toYXVsIExpbmsNCj4gPj4+IC03LjQgSVBzZWMgVHVubmVsIEVzdGFibGlzaG1lbnQN
Cj4gPj4+IC1ldGMuDQo+ID4+Pg0KPiA+Pj4gVGhpcyByZXF1aXJlbWVudCBpcyBvcmlnaW5hdGVk
IGZyb20gdGhlIHR5cGljYWwgdXNlIGNhc2Ugb2YgaG9tZSBiYXNlZA0KPiA+Pj4gd2lyZWxlc3Mg
YmFzZSBzdGF0aW9uIChGZW10byksIHdoZXJlIHRoZSBiYWNraGF1bCBjYWJsZSBjb25uZWN0aW9u
IGlzDQo+ID4+PiBjb21tb25seSBsZWFzZWQgYnkgdGVsZWNvbSBvcGVyYXRvciBhbmQgdGhyb3Vn
aCBpbnNlY3VyZSBuZXR3b3JrcywNCj4gbm90DQo+ID4+PiBiZWxvbmdpbmcgdG8gb3BlcmF0b3LC
ocKvcyBvd24gbmV0d29yay4gU2luY2UgdGhlIHJlZ3VsYXRpb24gYW5kIGxhd3MNCj4gb24NCj4g
Pj4+IGluZm9ybWF0aW9uIHNlY3VyaXR5IGFuZCBwcml2YWN5IGFyZSBzdHJpY3QgaW4gbWFueSBj
b3VudHJpZXMsIHZlbmRvcnMNCj4gYXJlDQo+ID4+PiByZXF1ZXN0ZWQgdG8gc2V0IHVwIHRoaXMg
SVBzZWMgdHVubmVsIGZ1bmN0aW9uYWxpdHkgdG8gYXZvaWQgdGhlIHJpc2sgb2YNCj4gPj4+IGlu
Zm9ybWF0aW9uIG9yIHByaXZhY3kgbGVha2FnZS4gVGhlIGNvbnRlbnRzIGVuY3J5cHRlZCBpbiBJ
UHNlYyB0dW5uZWwNCj4gPj4+IGluY2x1ZGUgbm90IG9ubHkgZGF0YSBwbGFuZSwgYnV0IGFsc28g
Y29udHJvbCBwbGFuZSwgd2hlcmUgdGhlIGZvcm1lcg0KPiBjYXJyaWVzDQo+ID4+PiB0aGUgY3Vz
dG9tZXLCocKvcyBkYXRhIGFuZCB2b2ljZSwgYW5kIHRoZSBsYXR0ZXIgY2FycmllcyBzZW5zaXRp
dmUNCj4gaW5mb3JtYXRpb24sDQo+ID4+PiBzdWNoIGFzIHRoZSBzZWNyZXQga2V5cyBmb3IgYWly
IGludGVyZmFjZSBlbmNyeXB0aW9uLiBGb3IgbW9zdCBvZg0KPiBvcGVyYXRvcnMNCj4gPj4+IGFu
ZCB2ZW5kb3JzLCBpdCBpcyBjb25zaWRlcmVkIG5lY2Vzc2FyeSBhbmQgcmVzcG9uc2libGUgdG8g
cHJvdGVjdA0KPiBjdXN0b21lcnPCocKvDQo+ID4+PiBwcml2YWN5IGFuZCBjb21tdW5pY2F0aW9u
IHNlY3VyaXR5LCB3aGVyZSB0aGUgYmVzdCB3YXkga25vd24gaXMgSVBzZWMNCj4gPj4+IHR1bm5l
bC4NCj4gPj4+DQo+ID4+PiBCZXN0IHJlZ2FyZHMsDQo+ID4+PiBZYW5nDQo+ID4+PiA9PT09PT09
PT09PT09PT09PT0NCj4gPj4+IFlhbmcgQ3VpLCAgUGguRC4NCj4gPj4+IEh1YXdlaSBUZWNobm9s
b2dpZXMNCj4gPj4+IGN1aXlhbmdAaHVhd2VpLmNvbQ0KPiA+Pj4NCj4gPj4+PiAtLS0tLcOTw4rC
vMO+w5TCrcK8w74tLS0tLQ0KPiA+Pj4+IMK3wqLCvMO+w4jDizogWWFha292IFN0ZWluIFttYWls
dG86eWFha292X3NAcmFkLmNvbV0NCj4gPj4+PiDCt8Kiw4vDjcOKwrHCvMOkOiAyMDEyw4TDqjPD
lMOCMTXDiMOVIDI6MzYNCj4gPj4+PiDDisOVwrzDvsOIw4s6IEN1aSBZYW5nDQo+ID4+Pj4gwrPC
rcOLw406IHRpY3RvY0BpZXRmLm9yZzsgRGFubnkgTWF5ZXINCj4gPj4+PiDDlsO3w4zDojogUkU6
IFtUSUNUT0NdIFBsZWFzZSBDb21tZW50IG9uIFByYWN0aWNhbCBTb2x1dGlvbnMgZm9yDQo+IEVu
Y3J5cHRlZA0KPiA+Pj4+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbA0KPiA+Pj4+DQo+ID4+Pj4g
WWFuZw0KPiA+Pj4+DQo+ID4+Pj4gWWVzLCBJIGZ1bGx5IGFwcHJlY2lhdGUgdGhlIHNjZW5hcmlv
IHlvdSBhcmUgZGlzY3Vzc2luZywNCj4gPj4+PiB3aGVyZSBBTEwgcGFja2V0cyBNVVNUIGJlIGVu
Y3J5cHRlZC4NCj4gPj4+Pg0KPiA+Pj4+IEkgYW0ganVzdCBxdWVzdGlvbmluZyB3aGV0aGVyIHN1
Y2ggYSBzY2VuYXJpbyBpcyByZWFsbHkgbWFuZGF0ZWQgYnkNCj4gYW55DQo+ID4+Pj4gc3RhbmRh
cmQgKEkgYmVsaWV2ZSBpdCBpcyBub3QpLA0KPiA+Pj4+IGluIHdoaWNoIGNhc2Ugb25lIGNhbiBz
aW1wbHkgTk9UIGVuY3J5cHQgdGhlIHRpbWluZyBwYWNrZXRzIChldmVuIGlmDQo+IHlvdQ0KPiA+
Pj4+IGNob29zZSB0byBlbmNyeXB0IHRoZSBvdGhlciBwYWNrZXRzKS4NCj4gPj4+Pg0KPiA+Pj4+
IFkoSilTDQo+ID4+Pj4NCj4gPj4+PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiA+Pj4+
IEZyb206IEN1aSBZYW5nIFttYWlsdG86Y3VpeWFuZ0BodWF3ZWkuY29tXQ0KPiA+Pj4+IFNlbnQ6
IFR1ZXNkYXksIE1hcmNoIDEzLCAyMDEyIDA0OjUxDQo+ID4+Pj4gVG86IFlhYWtvdiBTdGVpbjsg
RGFubnkgTWF5ZXINCj4gPj4+PiBDYzogdGljdG9jQGlldGYub3JnDQo+ID4+Pj4gU3ViamVjdDog
UmU6IFtUSUNUT0NdIFBsZWFzZSBDb21tZW50IG9uIFByYWN0aWNhbCBTb2x1dGlvbnMgZm9yDQo+
IEVuY3J5cHRlZA0KPiA+Pj4+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbA0KPiA+Pj4+DQo+ID4+
Pj4gSGksIFlhYWtvdiwNCj4gPj4+Pg0KPiA+Pj4+IE1heWJlIG15IHVuY2xlYXIgZGVzY3JpcHRp
b24gaW4gdGhlIGRyYWZ0IGNhdXNlcyBzb21lIGNvbmZ1c2lvbi4NCj4gU29ycnkgZm9yDQo+ID4+
Pj4gdGhhdC4NCj4gPj4+PiBJbiB0aGUgc2Vjb25kIG1vdGl2YXRpb24sIHdlIGRpZG7CocKvdCB0
cnkgdG8gYXJndWUgdGhlcmUgaXMgYSBzY2VuYXJpbw0KPiB3aGVyZQ0KPiA+Pj4+IHRpbWluZyBw
YWNrZXRzIG11c3QgYmUgZW5jcnlwdGVkLg0KPiA+Pj4+IEluIGNvbnRyYXN0LCB3ZSB0cnkgdG8g
ZGlzY3VzcyB0aGUgY29uZGl0aW9ucyB3aGVyZSB0aW1pbmcgcGFja2V0cyBhcmUNCj4gPj4+PiB0
cmFuc3BvcnRlZCBpbiBhbiBpbnNlY3VyZSBuZXR3b3JrIGFuZCB0aGVyZSBhcmUgYWxyZWFkeSBJ
UHNlYyBFU1ANCj4gdHVubmVsDQo+ID4+Pj4gcHJvdmlkZWQuDQo+ID4+Pj4gV2hlbiB3ZSB0cnkg
dG8gdHJhbnNwb3J0IHRoZSB0aW1pbmcgcGFja2V0cyBpbiBhIHNlY3VyZSB3YXksIHdlIGNhbg0K
PiByZXVzZQ0KPiA+Pj4+IHRoZSBleGlzdGluZyBJUHNlYyBFU1AgdHVubmVsIGV2ZW4gdGhvdWdo
IHRoZSB0aW1pbmcgcGFja2V0cyBtYXkgbm90DQo+IGJlDQo+ID4+Pj4gY29uZmlkZW50aWFsIGl0
c2VsZiAoQnV0IGludGVncml0eSBwcm90ZWN0aW9uIGlzIG5lY2Vzc2FyeSwgYW55d2F5KS4NCj4g
Pj4+Pg0KPiA+Pj4+IEJlc3QgcmVnYXJkcywNCj4gPj4+PiBZYW5nDQo+ID4+Pj4gPT09PT09PT09
PT09PT09PT09DQo+ID4+Pj4gWWFuZyBDdWksICBQaC5ELg0KPiA+Pj4+IEh1YXdlaSBUZWNobm9s
b2dpZXMNCj4gPj4+PiBjdWl5YW5nQGh1YXdlaS5jb20NCj4gPj4+Pg0KPiA+Pj4+PiAtLS0tLcOT
w4rCvMO+w5TCrcK8w74tLS0tLQ0KPiA+Pj4+PiDCt8KiwrzDvsOIw4s6IFlhYWtvdiBTdGVpbiBb
bWFpbHRvOnlhYWtvdl9zQHJhZC5jb21dDQo+ID4+Pj4+IMK3wqLDi8ONw4rCscK8w6Q6IDIwMTLD
hMOqM8OUw4IxM8OIw5UgMDo0Nw0KPiA+Pj4+PiDDisOVwrzDvsOIw4s6IEN1aSBZYW5nOyBEYW5u
eSBNYXllcg0KPiA+Pj4+PiDCs8Ktw4vDjTogdGljdG9jQGlldGYub3JnDQo+ID4+Pj4+IMOWw7fD
jMOiOiBSRTogW1RJQ1RPQ10gUGxlYXNlIENvbW1lbnQgb24gUHJhY3RpY2FsIFNvbHV0aW9ucyBm
b3INCj4gRW5jcnlwdGVkDQo+ID4+Pj4+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbA0KPiA+Pj4+
Pg0KPiA+Pj4+PiBZYW5nDQo+ID4+Pj4+DQo+ID4+Pj4+IEkgZnVsbHkgdW5kZXJzdGFuZCB5b3Vy
IG1vdGl2YXRpb24gKGFjdHVhbGx5IHRoZSAybmQgbW90aXZhdGlvbiBpbg0KPiB5b3VyDQo+ID4+
Pj4gZHJhZnQpDQo+ID4+Pj4+IHRvIGhhbmRsZSBjYXNlcyB3aGVyZSBlbmNyeXB0aW9uIG9mIEFM
TCBwYWNrZXRzIGlzIG1hbmRhdG9yeSwNCj4gaW5jbHVkaW5nDQo+ID4+Pj4+IHRpbWluZyBvbmVz
Lg0KPiA+Pj4+Pg0KPiA+Pj4+PiBIb3dldmVyLCBJIGFtIG5vdCBzdXJlIHRoYXQgVFMgMzMuMzIw
IHJlYWxseSBtYW5kYXRlcyBlbmNyeXB0aW9uIG9mDQo+ID4+PiB0aW1pbmcNCj4gPj4+Pj4gcGFj
a2V0cy4NCj4gPj4+Pj4NCj4gPj4+Pj4gRmlyc3QsIDMzLjMyMCBjbGVhcmx5IHN0YXRlcyB0aGF0
IHdoaWxlIGltcGxlbWVudGF0aW9uIG9mIElQc2VjIGlzDQo+ID4+PiBtYW5kYXRvcnksDQo+ID4+
Pj4+IHVzYWdlIGlzIG9wdGlvbmFsIGFuZCBiYXNlZCBvbiBvcGVyYXRvciBwb2xpY3kNCj4gPj4+
Pj4gKHdpdGggdGhlIHBvc3NpYmxlIGV4Y2VwdGlvbiBvZiBkaXJlY3QgbGlua3MgYmV0d2VlbiBI
KGUpTkJzLCBidXQNCj4gdGhlc2UNCj4gPj4+PiBsaW5rcw0KPiA+Pj4+PiBhcmUgb3B0aW9uYWwg
dG9vKS4NCj4gPj4+Pj4gSWYgSVBzZWMgaXMgbm90IHVzZWQsIHRoZW4gYSBsb3dlciBsYXllciBt
ZWNoYW5pc20gY2FuIGJlIHVzZWQNCj4gPj4+Pj4gKHcvbyBhbnkgc3BlY2lmaWNhdGlvbiBvZiB3
aGF0IGV4YWN0bHkgdGhpcyBsb3dlciBsYXllciBtZWNoYW5pc20NCj4gbmVlZHMNCj4gPj4+IHRv
DQo+ID4+Pj4+IGRvKSwNCj4gPj4+Pj4gYSBtZXRob2QgYXNzdW1lZGx5IHJ1bm5pbmcgaW4gSFcg
YW5kIGFkZGluZyBhbG1vc3Qgbm8gZGVsYXkgYW5kDQo+ID4+Pj4+IGFic29sdXRlbHkgbm8gZGVs
YXkgdmFyaWF0aW9uLg0KPiA+Pj4+Pg0KPiA+Pj4+PiBTZWNvbmQsIGV2ZW4gaWYgdGhlIG9wZXJh
dG9yIGRlY2lkZXMgdG8gdXNlIElQc2VjLCB0aGVuIHRoZSBzdGFuZGFyZA0KPiA+Pj4gc3RhdGVz
DQo+ID4+Pj4+ICJBbGwgc2lnbmFsbGluZywgdXNlciwgYW5kIG1hbmFnZW1lbnQgcGxhbmUgdHJh
ZmZpYyBvdmVyIHRoZSBpbnRlcmZhY2UNCj4gPj4+Pj4gYmV0d2VlbiBIKGUpTkIgYW5kIFNlR1cg
c2hhbGwgYmUgc2VudCB0aHJvdWdoIGFuIElQc2VjIEVTUCB0dW5uZWwiLg0KPiA+Pj4+PiBJIHRo
aW5rIHdlIGNhbiBtYWtlIHRoZSBjYXNlIHRoYXQgdGltaW5nIGlzIG5laXRoZXIgc2lnbmFsaW5n
LCBub3IgdXNlciwNCj4gbm9yDQo+ID4+Pj4+IG1hbmFnZW1lbnQgdHJhZmZpYywNCj4gPj4+Pj4g
YW5kIHRodXMgZXhlbXB0IGZyb20gdGhlIElQc2VjIHJlcXVpcmVtZW50Lg0KPiA+Pj4+PiBQZXJo
YXBzIHdlIHNob3VsZCBzZW5kIDNHUFAgYSBsaWFpc29uIHRvIHRoYXQgZWZmZWN0LCBhbmQgZ2V0
IGFuDQo+IGV4cGxpY2l0DQo+ID4+Pj4+IHdhaXZlci4NCj4gPj4+Pj4NCj4gPj4+Pj4gU28sIHdl
IGFyZSBsZWZ0IHdpdGggbm8gdXNlIGNhc2UgbWFuZGF0aW5nIGVuY3J5cHRpbmcgb2YgdGltaW5n
DQo+IHBhY2tldHMsDQo+ID4+Pj4+IGFuZCB0aGUgcHJvYmxlbSBnb2VzIGF3YXkuDQo+ID4+Pj4+
DQo+ID4+Pj4+IFkoSilTDQo+ID4+Pj4+DQo+ID4+Pj4+DQo+ID4+Pj4+IC0tLS0tT3JpZ2luYWwg
TWVzc2FnZS0tLS0tDQo+ID4+Pj4+IEZyb206IHRpY3RvYy1ib3VuY2VzQGlldGYub3JnIFttYWls
dG86dGljdG9jLWJvdW5jZXNAaWV0Zi5vcmddIE9uDQo+ID4+PiBCZWhhbGYNCj4gPj4+PiBPZg0K
PiA+Pj4+PiBDdWkgWWFuZw0KPiA+Pj4+PiBTZW50OiBUaHVyc2RheSwgTWFyY2ggMDgsIDIwMTIg
MDM6NDQNCj4gPj4+Pj4gVG86IERhbm55IE1heWVyDQo+ID4+Pj4+IENjOiB0aWN0b2NAaWV0Zi5v
cmcNCj4gPj4+Pj4gU3ViamVjdDogUmU6IFtUSUNUT0NdIFBsZWFzZSBDb21tZW50IG9uIFByYWN0
aWNhbCBTb2x1dGlvbnMgZm9yDQo+ID4+PiBFbmNyeXB0ZWQNCj4gPj4+Pj4gU3luY2hyb25pemF0
aW9uIFByb3RvY29sDQo+ID4+Pj4+DQo+ID4+Pj4+IERhbm55LA0KPiA+Pj4+Pg0KPiA+Pj4+PiBU
aGFua3MgZm9yIHlvdXIgY29tbWVudHMuIEkgd2lsbCByZXNwb25kIGlubGluZS4NCj4gPj4+Pj4N
Cj4gPj4+Pj4+IC0tLS0tw5PDisK8w77DlMKtwrzDvi0tLS0tDQo+ID4+Pj4+PiDCt8KiwrzDvsOI
w4s6IERhbm55IE1heWVyIFttYWlsdG86bWF5ZXJAbnRwLm9yZ10NCj4gPj4+Pj4+IMK3wqLDi8ON
w4rCscK8w6Q6IDIwMTLDhMOqM8OUw4I3w4jDlSAyMDo1Ng0KPiA+Pj4+Pj4gw4rDlcK8w77DiMOL
OiBDdWkgWWFuZw0KPiA+Pj4+Pj4gwrPCrcOLw406IHRpY3RvY0BpZXRmLm9yZw0KPiA+Pj4+Pj4g
w5bDt8OMw6I6IFJlOiBbVElDVE9DXSBQbGVhc2UgQ29tbWVudCBvbiBQcmFjdGljYWwgU29sdXRp
b25zIGZvcg0KPiA+Pj4gRW5jcnlwdGVkDQo+ID4+Pj4+PiBTeW5jaHJvbml6YXRpb24gUHJvdG9j
b2wNCj4gPj4+Pj4+DQo+ID4+Pj4+PiBJIGhhdmUgYWxyZWFkeSBzYWlkIHRoaXMgYmVmb3JlIGFu
ZCBJIHdpbGwgcmVwZWF0IHRoaXMgZm9yIHRoZSBwdXJwb3Nlcw0KPiA+Pj4+Pj4gb2YgZmVlZGJh
Y2suDQo+ID4+Pj4+Pg0KPiA+Pj4+Pj4gVGltZSBwYWNrZXRzIGRvIG5vdCBuZWVkIHRvIGJlIGVu
Y3J5cHRlZCBhcyBub3Qgb25seSBkbyB0aGV5IG5vdA0KPiA+Pj4+IGNvbnRhaW4NCj4gPj4+Pj4+
IGFueXRoaW5nIHNlY3JldCwgZXZlbiBpZiB5b3Uga25ldyB0aGUgY29udGVudHMgdGhleSBhcmUg
dXNlbGVzcw0KPiA+Pj4gYW55dGltZQ0KPiA+Pj4+Pj4gYWZ0ZXIgdGhlIHBhY2tldCBoYXMgYmVl
biBkZWxpdmVyZWQuDQo+ID4+Pj4+DQo+ID4+Pj4+IFtDdWkgWWFuZ10gSSB3aWxsIHJlcGVhdCBv
dXIgbW90aXZhdGlvbi4NCj4gPj4+Pj4gQWNjb3JkaW5nIHRvIGdsb2JhbGx5IHVzZWQgM0dQUCBz
dGFuZGFyZCwgdGhlcmUgaXMgYSBuZWVkIGZvcg0KPiBlc3RhYmxpc2gNCj4gPj4+PiBJUHNlYw0K
PiA+Pj4+PiBFU1AgdHVubmVsIGZvciBzbWFsbCBob21lIGJhc2Ugc3RhdGlvbiBjb25uZWN0aW5n
IHRvIFNlY3VyaXR5IEdXIG9yDQo+ID4+PiBvdGhlcg0KPiA+Pj4+PiBjb3JlIG5ldHdvcmsgZGV2
aWNlcy4NCj4gPj4+Pj4gVGhlcmUgaGF2ZSBleGlzdGVkIHN1Y2ggYSBncmVhdCBudW1iZXIgb2Yg
SVBzZWMgRVNQIHR1bm5lbHMgaW4gdGhlDQo+ID4+Pj4+IHVuZGVybHlpbmcgdXNlIGNhc2UuDQo+
ID4+Pj4+IEZvciBtZWV0aW5nIHRoZSBsZWFzdCBzZWN1cml0eSByZXF1aXJlbWVudCwgaXQgaXMg
bmVlZGVkIHRvIHNldCB1cA0KPiBJUHNlYw0KPiA+Pj4gQUgNCj4gPj4+PiBvcg0KPiA+Pj4+PiBJ
UHNlYyBFU1AtTlVMTCBmb3IgdGhlIGludGVncml0eSBwcm90ZWN0aW9uLg0KPiA+Pj4+PiBUaGVu
IGl0IHdpbGwgaW5jcmVhc2UgdGhlIHNlY3VyaXR5IGNvc3QuDQo+ID4+Pj4+DQo+ID4+Pj4+IElm
IHRoZXJlIGlzIGEgc2ltcGxlIGFuZCBwcmFjdGljYWwgc29sdXRpb24gZm9yIHRoaXMgcHJvYmxl
bSwgdGhlbiB3aHkNCj4gbm90DQo+ID4+PiBsZXQNCj4gPj4+PiBpdA0KPiA+Pj4+PiBiZSBjbGFy
aWZpZWQ/DQo+ID4+Pj4+IFNvIHRoYXQsIG1hbnkgZW5naW5lZXJzIGFuZCBjdXN0b21lcnMgY2Fu
IGJlbmVmaXQgZnJvbSBzaW5nbGUgSVBzZWMNCj4gPj4+PiB0dW5uZWwNCj4gPj4+Pj4gcHJvdGVj
dGlvbiBlYWNoIHVzZXIsIHdoaWNoIHNhdmVzIHRoZSBjb3N0IGZvciBib3RoLg0KPiA+Pj4+Pg0K
PiA+Pj4+Pj4gWW91IGRvIHlvdXJzZWxmIGEgZGlzZmF2b3IgaW4gZW5jcnlwdGluZyBzb21ldGhp
bmcgdGhhdCBpcyBub3Qgd29ydGgNCj4gPj4+Pj4+IGVuY3J5cHRpbmcuIEl0IHRha2VzIHByb2Nl
c3Npbmcgb3ZlcmhlYWQsIGluY3JlYXNlcyBwYWNrZXQgc2l6ZSwgYW5kDQo+ID4+Pj4+PiB0aGVy
ZSBpcyBubyBnYWluIGluIGRvaW5nIHNvLiBZb3UgbmVlZCB0byBqdXN0aWZ5IGVuY3J5cHRpbmcg
c29tZXRoaW5nDQo+ID4+Pj4+DQo+ID4+Pj4+IFtDdWkgWWFuZ10gSSBhbSBub3QgZG9pbmcgbXlz
ZWxmIGEgZGlzZmF2b3IsIGJ1dCBnb2luZyB0byBwcm92aWRlIGENCj4gc29sdXRpb24NCj4gPj4+
PiBmb3INCj4gPj4+Pj4gdGhlIHByYWN0aWNhbCBhbmQgdGVjaG5pY2FsIHByb2JsZW0uDQo+ID4+
Pj4+IEludGVncml0eSBwcm90ZWN0aW9uIHRha2VzIG92ZXJoZWFkLCBhcyB3ZWxsLg0KPiA+Pj4+
PiBJbiBjYXNlIGNvbmZpZGVudGlhbGl0eSBpcyBtYW5kYXRvcnksIGlzIGl0IGEgZ29vZCBpZGVh
IHRvIHByb3RlY3QNCj4gaW50ZWdyaXR5DQo+ID4+Pj4+IHNlcGFyYXRlbHk/DQo+ID4+Pj4+IFdo
YXQgd2UgbmVlZCB0byBkbywgaXMgdG8gaW52ZXN0aWdhdGUgYW5kIHJlZHVjZSB0aGUgY29zdCBh
cyBzbWFsbCBhcw0KPiA+Pj4+IHBvc3NpYmxlDQo+ID4+Pj4+IGZpcnN0LCBhbmQgc2VlIHdoZXRo
ZXIgaXQgaXMgYWNjZXB0YWJsZSBvciBub3QuDQo+ID4+Pj4+IFRoYXQgaXMgb3VyIG1vdGl2YXRp
b24gb2YgdGhlIG5ldyBkcmFmdC4NCj4gPj4+Pj4NCj4gPj4+Pj4+IGFuZCBwbGVhc2UgZG9uJ3Qg
c2F5IHRoYXQgaXQgaXMgYmVjYXVzZSBzb21lIG90aGVyIGRvY3VtZW50IHNheXMgdG8NCj4gPj4+
Pj4+IGVuY3J5cHQgZXZlcnl0aGluZy4gSSB3YW50IHRvIGtub3cgd2hhdCBpcyB0aGUgYmVuZWZp
dCBmcm9tIGRvaW5nDQo+IHNvLA0KPiA+Pj4+Pg0KPiA+Pj4+PiBbQ3VpIFlhbmddIEkganVzdCBh
bnN3ZXJlZCB5b3VyIHByZXZpb3VzIGVtYWlsIHByb3ZpZGluZyB0aGUgcmVmZXJyZWQNCj4gPj4+
PiBzZWN0aW9uDQo+ID4+Pj4+IGFuZCBkb2N1bWVudCBhcyB5b3UgcmVxdWlyZWQsIHllc3RlcmRh
eS4NCj4gPj4+Pj4NCj4gPj4+Pj4+IHdoYXQgYXJlIHRoZSByaXNrcyBpbiBub3QgZG9pbmcgc28g
YW5kIHdoYXQgaXMgdGhlIGNvc3Qgb2YgZG9pbmcgc28sDQo+ID4+Pj4+PiBwYXJ0aWN1bGFybHkg
aW4gbG9zcyBvZiBhY2N1cmFjeSwgaW5jcmVhc2VkIGVycm9yIGJ1ZGdldCwgZXRjLg0KPiA+Pj4+
Pg0KPiA+Pj4+PiBbQ3VpIFlhbmddIFRoYXQgaXMgb3VyIG5ldyBkcmFmdCB0cnlpbmcgdG8gZXhw
bGFpbiwgcGxlYXNlIGNoZWNrIGl0DQo+IGJlZm9yZQ0KPiA+Pj4+PiBwb3N0aW5nIHlvdXIgb3Bp
bmlvbi4NCj4gPj4+Pj4NCj4gPj4+Pj4+IFRoZSB3aG9sZSB0aGluZyBpcyBhIGJhZCBpZGVhIGZy
b20gd2hhdCBJIGNhbiB0ZWxsLg0KPiA+Pj4+Pj4NCj4gPj4+Pj4+IERhbm55DQo+ID4+Pj4+Pg0K
PiA+Pj4+Pg0KPiA+Pj4+PiBUaGFua3MsDQo+ID4+Pj4+IFlhbmcNCj4gPj4+Pj4NCj4gPj4+Pj4N
Cj4gPj4+Pj4+IE9uIDMvNi8yMDEyIDEwOjM1IFBNLCBDdWkgWWFuZyB3cm90ZToNCj4gPj4+Pj4+
PiBIaSwgYWxsLA0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+IEkg
aGF2ZSBwb3N0ZWQgYSBuZXcgZHJhZnQgdGhhdCBkaXNjdXNzZXMgdGhlIHByYWN0aWNhbCBzb2x1
dGlvbnMgZm9yDQo+ID4+Pj4+Pj4gZW5jcnlwdGVkIHN5bmNocm9uaXphdGlvbiBwcm90b2NvbHMu
DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4gU2luY2Ugd2UgaGF2
ZSBkaXNjdXNzZWQgYSBsb3Qgb24gdGhpcyBwcm9ibGVtLCBhbmQgdGhlIHNlY3VyaXR5DQo+ID4+
Pj4+Pj4gcmVxdWlyZW1lbnQgb2Ygc3luY2hyb25pemF0aW9uIGFsc28gbm90ZWQgdGhhdCBjb25m
aWRlbnRpYWxpdHkgbWF5DQo+ID4+Pj4gbmVlZA0KPiA+Pj4+Pj4+IHByb3RlY3Rpb24sIGVzcGVj
aWFsbHkgaW4gY2FzZSB0aGF0IHRoZSBjb25maWRlbnRpYWxpdHkgcHJvdGVjdGlvbiBpcw0KPiA+
Pj4+Pj4+IG1hbmRhdG9yeS4gU3luY2hyb25pemF0aW9uIHNob3VsZCBiZSBhdmFpbGFibGUgd2hl
biB0aGUgdHJhZmZpYyBpcw0KPiA+Pj4+Pj4+IGVuY3J5cHRlZC4gVGhlIGluZmx1ZW5jZXMgYnkg
dGhlIGVuY3J5cHRpb24gYXJlIGV4cGxhaW5lZCwgYW5kDQo+ID4+PiBzZXZlcmFsDQo+ID4+Pj4+
Pj4gcG9zc2libGUgc29sdXRpb25zIGhhdmUgYmVlbiBkaXNjdXNzZWQuDQo+ID4+Pj4+Pj4NCj4g
Pj4+Pj4+PiBUaGUgVVJMIGlzIGJlbG93LCBwbGVhc2UgcmV2aWV3IGFuZCBjb21tZW50Lg0KPiA+
Pj4+Pj4+DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+ICAgIFRpdGxlICAgICAgOiBQ
cmFjdGljYWwgc29sdXRpb25zIGZvciBlbmNyeXB0ZWQgc3luY2hyb25pemF0aW9uDQo+ID4+Pj4+
IHByb3RvY29sDQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+PiBBdXRob3IocykgIDogWS4gQ3VpLA0KPiA+
Pj4+Pj4+DQo+ID4+Pj4+Pj4gTS4gQmhhdGlhLA0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4gRC4gWmhh
bmcNCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+IEZpbGVuYW1lICAgOiBkcmFmdC1jdWktdGljdG9jLWVu
Y3J5cHRlZC1zeW5jaHJvbml6YXRpb24tMDAudHh0DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+PiBQYWdl
cyAgICAgOiAxMA0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4gRGF0ZSAgICAgIDogTWFyLiAxLCAyMDEy
DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+PiAgIFRoaXMgaW5mb3JtYXRpb25hbCBkb2N1bWVudCBhbmFs
eXplcyB0aGUgYWNjdXJhY3kgaXNzdWVzIHdpdGgNCj4gPj4+IHRpbWUNCj4gPj4+Pj4+Pg0KPiA+
Pj4+Pj4+ICAgc3luY2hyb25pemF0aW9uIHByb3RvY29scyB3aGVuIHRpbWUgc3luY2hyb25pemF0
aW9uIHBhY2tldHMNCj4gYXJlDQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+PiAgIGVuY3J5cHRlZCBkdXJp
bmcgdHJhbnNtaXNzaW9uLiBJbiBhZGRpdGlvbiwgc2V2ZXJhbCBjYW5kaWRhdGUNCj4gPj4+Pj4+
Pg0KPiA+Pj4+Pj4+ICBzb2x1dGlvbnMgb24gc3VjaCBpc3N1ZXMgYXJlIGludHJvZHVjZWQuDQo+
ID4+Pj4+Pj4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4gQSBVUkwgZm9yIHRoaXMg
SW50ZXJuZXQtRHJhZnQgaXM6DQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pg0KPiA+Pj4N
Cj4gaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1jdWktdGljdG9jLWVuY3J5
cHRlZC1zeW5jaHJvbml6YXRpb24NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+DQo+ID4+Pj4+Pj4NCj4g
Pj4+Pj4+PiBUaGFua3MsDQo+ID4+Pj4+Pj4NCj4gPj4+Pj4+PiBZYW5nDQo+ID4+Pj4+Pj4NCj4g
Pj4+Pj4+PiA9PT09PT09PT09PT09PT09PT0NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+IFlhbmcgQ3Vp
LCAgUGguRC4NCj4gPj4+Pj4+Pg0KPiA+Pj4+Pj4+IEh1YXdlaSBUZWNobm9sb2dpZXMNCj4gPj4+
Pj4+Pg0KPiA+Pj4+Pj4+IGN1aXlhbmdAaHVhd2VpLmNvbQ0KPiA+Pj4+PiBfX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiA+Pj4+PiBUSUNUT0MgbWFpbGlu
ZyBsaXN0DQo+ID4+Pj4+IFRJQ1RPQ0BpZXRmLm9yZw0KPiA+Pj4+PiBodHRwczovL3d3dy5pZXRm
Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3RpY3RvYw0KPiA+DQo+ID4gX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBUSUNUT0MgbWFpbGluZyBsaXN0DQo+
ID4gVElDVE9DQGlldGYub3JnDQo+ID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0
aW5mby90aWN0b2MNCj4gPg0KPiA+IFNjYW5uZWQgYnkgQ2hlY2sgUG9pbnQgVG90YWwgU2VjdXJp
dHkgR2F0ZXdheS4NCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX18KbnRwd2cgbWFpbGluZyBsaXN0Cm50cHdnQGxpc3RzLm50cC5vcmcKaHR0cDovL2xpc3Rz
Lm50cC5vcmcvbGlzdGluZm8vbnRwd2c=

From ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org  Fri Aug 31 08:19:53 2012
Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9A221F8613 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 31 Aug 2012 08:19:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.448
X-Spam-Level: 
X-Spam-Status: No, score=-4.448 tagged_above=-999 required=5 tests=[AWL=2.151, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFGNZje19fe6 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Fri, 31 Aug 2012 08:19:52 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by ietfa.amsl.com (Postfix) with ESMTP id 21E2C21F8623 for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 31 Aug 2012 08:19:51 -0700 (PDT)
Received: from lists.ntp.org (lists.ntp.org [149.20.68.7]) by lists.ntp.org (Postfix) with ESMTP id 9C0AA86DABA for <ntp-archives-ahFae6za@lists.ietf.org>; Fri, 31 Aug 2012 15:19:51 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (mail1.ntp.org [IPv6:2001:4f8:fff7:1::5]) by lists.ntp.org (Postfix) with ESMTP id 5298A86D333 for <ntpwg@lists.ntp.org>; Fri, 31 Aug 2012 15:19:36 +0000 (UTC)
Received: from elasmtp-kukur.atl.sa.earthlink.net ([209.86.89.65]) by mail1.ntp.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <tglassey@earthlink.net>) id 1T7T0P-00074N-1x for ntpwg@lists.ntp.org; Fri, 31 Aug 2012 15:19:36 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=sM8aHEwVbYPS7iU3kES52wQj1SymX1/1WgHCaoV9uVr1EnBCCBN/EPo9hw9eh23G; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [67.180.133.21] (helo=[192.168.15.2]) by elasmtp-kukur.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1T7T0I-0004Iu-JO for ntpwg@lists.ntp.org; Fri, 31 Aug 2012 11:19:26 -0400
Message-ID: <5040D5FC.9090700@earthlink.net>
Date: Fri, 31 Aug 2012 08:19:24 -0700
From: tglassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: ntpwg@lists.ntp.org
References: <8CC0CB0BCAE52F46882E17828A9AE2161A032B90@SZXEML508-MBS.china.huawei.com> <4F575AF0.2060600@ntp.org> <8CC0CB0BCAE52F46882E17828A9AE2161A032D59@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC9043207DE@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A173D46@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904322E18@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A1756E8@SZXEML508-MBS.china.huawei.com> <07F7D7DED63154409F13298786A2ADC904324409@EXRAD5.ad.rad.co.il> <8CC0CB0BCAE52F46882E17828A9AE2161A181BFC@SZXEML508-MBS.china.huawei.com> <503E8CF4.7030602@ntp.org> <5203A602-5BCC-4793-8B32-759E9EEF7026@checkpoint.com> <8CC0CB0BCAE52F46882E17828A9AE216368615B5@SZXEML508-MBS.china.huawei.com>
In-Reply-To: <8CC0CB0BCAE52F46882E17828A9AE216368615B5@SZXEML508-MBS.china.huawei.com>
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec793587ca3d446f30a224bdc455e9207cac350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 67.180.133.21
X-SA-Exim-Connect-IP: 209.86.89.65
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: tglassey@earthlink.net
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org

T24gOC8yOS8yMDEyIDc6NTAgUE0sIEN1aXlhbmcgd3JvdGU6Cj4gSGksIFlvYXYsCj4KPiBSaWdo
dCwgSVBzZWMgZG9lcyBub3QgbmVlZCBwcmVjaXNlIHN5bmNocm9uaXphdGlvbiBhcyBpbiB0aGlz
IGRyYWZ0Lgo+IEFjdHVhbGx5LCB0aGlzIGlzIGNvbWluZyBmcm9tIHRoZSByZXF1aXJlbWVudCB0
aGF0IHN5bmNocm9uaXphdGlvbiBpbiBJUHNlYyB0dW5uZWwgd2hlcmUgZW5jcnlwdGlvbiBoYXMg
YmVlbiBlbmFibGVkLCBzdWNoIGFzIEgoZSlOQi4KU2luY2UgdGhlIHR1bm5lbGluZyBydW5zIGFz
eW5jaHJvbm91c2x5IGFuZCBtYXkgdXNlIHBhcnRzIG9mIHRoZSBOSUMgCmNhcmRzIGZvciBvZmZs
b2FkaW5nIHRoZSBrZXkgcGllY2VzIG9mIHRoaXMgdGhlcmUgaXMgbm8gcmVhbCB3YXkgdG8gCnBy
b3ZpZGUgcHJlY2lzaW9uIHRpbWUgdGhyb3VnaCB0aGUgSVBTZWMgdHVubmVsLiBZb3Ugd2lsbCBi
ZSBhYmxlIHRvIGdldCAKcmVhc29uYWJseSBhY2N1cmF0ZSB0aW1lIHRocm91Z2ggaXQgYnV0IHRo
ZSBpc3N1ZSBpcyB3aGF0IHlvdSBhcmUgdHJ5aW5nIAp0byBhY2NvbXBsaXNoIHdpdGggdGhlIG1v
dmVtZW50IG9mIHRoZSB0aW1lIGRhdGEgaW4gdGhlIGZpcnN0IHBsYWNlLgoKVG9kZCBHbGFzc2V5
Cj4KPiBZYW5nCj4gPT09PT09PT09PT09PT09PT09Cj4gICBZYW5nIEN1aSwgIFBoLkQuCj4gICBI
dWF3ZWkgVGVjaG5vbG9naWVzCj4gICBjdWl5YW5nQGh1YXdlaS5jb20KPgo+PiAtLS0tLemCruS7
tuWOn+S7ti0tLS0tCj4+IOWPkeS7tuS6ujogWW9hdiBOaXIgW21haWx0bzp5bmlyQGNoZWNrcG9p
bnQuY29tXQo+PiDlj5HpgIHml7bpl7Q6IDIwMTLlubQ45pyIMzDml6UgNTo1Nwo+PiDmlLbku7bk
uro6IERhbm55IE1heWVyCj4+IOaKhOmAgTogQ3VpeWFuZzsgTlRQIFdvcmtpbmcgR3JvdXA7IHRp
Y3RvY0BpZXRmLm9yZwo+PiDkuLvpopg6IFJlOiBbVElDVE9DXSBQbGVhc2UgQ29tbWVudCBvbiBQ
cmFjdGljYWwgU29sdXRpb25zIGZvciBFbmNyeXB0ZWQKPj4gU3luY2hyb25pemF0aW9uIFByb3Rv
Y29sCj4+Cj4+IEhpIERhbm55Cj4+Cj4+IEknbSBub3Qgc3VyZSB3aGVyZSB0aGlzIGlzIGNvbWlu
ZyBmcm9tLCBidXQgdG8gY2xhcmlmeSwgSVBzZWMgZG9lcyBub3QgbmVlZAo+PiBhY2N1cmF0ZSBj
bG9ja3MgdG8gc2V0IGl0c2VsZiB1cC4KPj4KPj4gVGhlIEgoZSlOQiByZXF1aXJlcyB0aW1lIHN5
bmNocm9uaXphdGlvbiBmb3Igb3RoZXIgcHVycG9zZXMsIG5vdCBmb3Igc2V0dGluZwo+PiB1cCBJ
UHNlYyB0dW5uZWxzLgo+Pgo+PiBZb2F2Cj4+Cj4+IE9uIEF1ZyAzMCwgMjAxMiwgYXQgMTI6NDMg
QU0sIERhbm55IE1heWVyIHdyb3RlOgo+Pgo+Pj4gSSBrbm93IHRoYXQgdGhpcyBpcyBhIHJhdGhl
ciBvbGQgZW1haWwgbWVzc2FnZSBidXQgd2hlbiBJIHdhcyByZXZpZXdpbmcKPj4+IGl0LCBpdCBv
Y2N1cnJlZCB0byBtZSB0aGF0IGlmIElQU2VjIHJlcXVpcmVzIGFjY3VyYXRlIGNsb2NrcyB0byBz
ZXQKPj4+IGl0c2VsZiB1cCB0aGVuIHRoaXMgd29uJ3Qgd29yayBhbmQgeW91IG5lZWQsIGF0IGxl
YXN0IGluaXRpYWxseSwgdG8gZG8KPj4+IHdpdGhvdXQgSVBTZWMuCj4+Pgo+Pj4gRGFubnkKPj4+
IE9uIDMvMTkvMjAxMiAxMjoxNCBBTSwgQ3VpIFlhbmcgd3JvdGU6Cj4+Pj4gSGksIFlhYWtvdiwK
Pj4+Pgo+Pj4+IEkgc2FpZCB0aGUgSVBzZWMgdHVubmVsIMKhwrBmdW5jdGlvbmFsaXR5wqHCsSBp
cyBtYW5kYXRvcnkgdG8gYWNoaWV2ZSwgd2hpY2gKPj4gbWVhbnMgdGhlIGRldmljZSBNVVNUIHN1
cHBvcnQgSVBzZWMgRVNQIHR1bm5lbCAoY29uZmlkZW50aWFsaXR5IGFuZAo+PiBpbnRlZ3JpdHkp
Lgo+Pj4+IE1vcmUgc3BlY2lmaWNhbGx5LCBUUyAzMy4zMjAgZG9lcyBleHBsaWNpdGx5IGRlc2Ny
aWJlIHNlY3VyaXR5IHJlcXVpcmVtZW50Cj4+IGZvciB0aW1lIHN5bmNocm9uaXphdGlvbiwgd2hl
cmUKPj4+PiAtU2VjLjYuMy4xLCBDbG9jayBTeW5jaHJvbml6YXRpb24gU2VjdXJpdHkgTWVjaGFu
aXNtcyBmb3IgSChlKU5CCj4+Pj4gLcKhwrBUaGUgSChlKU5CIHJlcXVpcmVzIHRpbWUgc3luY2hy
b25pemF0aW9uIHdpdGggYSB0aW1lIHNlcnZlci4gVGhlCj4+IEgoZSlOQiBTSEFMTCBzdXBwb3J0
IHJlY2VpdmluZyB0aW1lIHN5bmNocm9uaXNhdGlvbiBtZXNzYWdlcyBvdmVyIHRoZQo+PiBzZWN1
cmUgYmFja2hhdWwgbGluayBiZXR3ZWVuIEgoZSlOQiBhbmQgdGhlIFNlR1fCocKxCj4+Pj4gLSDC
ocKwT3B0aW9uYWxseSBvdGhlciBzZWN1cmUgY2xvY2sgc2VydmVycyBtYXkgYmUgdXNlZCwgd2hp
Y2ggZG8gbm90IHVzZQo+PiB0aGUgc2VjdXJlIGJhY2toYXVsIGxpbmsuIEluIHRoaXMgY2FzZSB0
aGUgY29tbXVuaWNhdGlvbiBiZXR3ZWVuIHRoZXNlIGNsb2NrCj4+IHNlcnZlcihzKSBhbmQgSChl
KU5CIFNIQUxMIGJlIHNlY3VyZWQuwqHCsQo+Pj4+ICBGcm9tIHRoZSBhYm92ZSwgbXkgaW50ZXJw
cmV0YXRpb24gaXMsCj4+Pj4gLXN5bmNocm9uaXphdGlvbiBNVVNUIGJlIGFkZXF1YXRlbHkgcHJv
dGVjdGVkCj4+Pj4gLXN5bmNocm9uaXphdGlvbiBtZWNoYW5pc20gTVVTVCBiZSBzdXBwb3J0ZWQg
YnkgSVBzZWMgRVNQIHR1bm5lbAo+PiBtb2RlIChmb3IgZGV2aWNlcykKPj4+PiAtSW4gdGhlIGNh
c2UgdGhhdCBJUHNlYyBpcyBub3QgY2hvc2VuIHRvIHVzZSAodGhvdWdoIHRoZSBkZXZpY2VzIGRv
Cj4+IHN1cHBvcnQpLCBzZXBhcmF0ZSBzZWN1cmVkIGNsb2NrIG1lY2hhbmlzbSBNVVNUIGJlIHVz
ZWQuCj4+Pj4gVGhlcmVmb3JlLCBpZiBJUHNlYyB0dW5uZWwgaXMgZGVwbG95ZWQsIHRoZW4gc3lu
Y2hyb25pemF0aW9uIHByb3RvY29sIG11c3QKPj4gc3VwcG9ydCBpdDsKPj4+PiBvdGhlcndpc2Ug
ZGlmZmVyZW50IHNlY3VyaXR5IG1lY2hhbmlzbSBpcyBkZXBsb3llZCwgYW5kIGEgc2VwYXJhdGUK
Pj4gc2VjdXJlIHByb3RlY3Rpb24gKG1vcmUgdGhhbiBJUHNlYyBBSCkgZm9yIHN5bmNocm9uaXph
dGlvbiBtdXN0IGJlCj4+IHByb3ZpZGVkLgo+Pj4+ICBGcm9tIGEgdmVuZG9ywqHCr3MgcG9pbnQg
b2YgdmlldywgaXQgaXMgcmVxdWlyZWQgdG8gaW52ZXN0aWdhdGUgdGhpcyBwcm9ibGVtCj4+IGFu
ZCBjb21wYXJlIHRoZSBwZXJmb3JtYW5jZXMgb2YgZGlmZmVyZW50IGFwcHJvYWNoZXMuCj4+Pj4g
RmluYWxseSwgYW5zd2VyaW5nIHlvdXIgcXVlc3Rpb24sIEF1dG9rZXkgaXMgZGVzaWduZWQgwqHC
sGJhc2VkIG9uIHRoZQo+PiBwcmVtaXNlIHRoYXQgSVBzZWMgc2NoZW1lcyBjYW5ub3QgYmUgYWRv
cHRlZCBpbnRhY3QsIHNpbmNlIHRoYXQgd291bGQKPj4gcHJlY2x1ZGUgc3RhdGVsZXNzIHNlcnZl
cnMgYW5kIHNldmVyZWx5IGNvbXByb21pc2UgdGltZWtlZXBpbmcKPj4gYWNjdXJhY3nCocKxW1JG
QzU5MDZdLgo+Pj4+IEJ1dCwgd2hhdCBpZiB0aGUgSVBzZWMgdHVubmVsIGlzIGF2YWlsYWJsZSBh
bHJlYWR5PyBJcyB0aGVyZSBhbnkgZXZhbHVhdGlvbgo+PiBvbiB0aGlzIMKhwrBzZXZlcmVsecKh
wrEgY29tcHJvbWlzaW5nIGFjY3VyYWN5PyBJIHdvbmRlciB3aGV0aGVyIHRoZXJlIGlzIGFueQo+
PiBiZW5lZml0IHRvIHNldHRpbmcgdXAgc2VwYXJhdGUgc2VjdXJpdHkgbWVjaGFuaXNtLCBpZiB0
aGUgZGV2aWNlIGFscmVhZHkgaGFzCj4+IGVuZC10by1lbmQgSVBzZWMgdHVubmVsIGNvbm5lY3Rp
b24uCj4+Pj4gQW5kIEkgYmVsaWV2ZSB0aGF0IG91ciBpbnZlc3RpZ2F0aW9uIGFuZCBhbmFseXNp
cyBvbiB0aGlzIHByYWN0aWNhbCBwcm9ibGVtCj4+IGlzIG5lY2Vzc2FyeSBhbmQgbWVhbmluZ2Z1
bCwgd2hpY2ggc3RpbGwgY291bGQgYmUgZ3JlYXRseSBpbXByb3ZlZCB2aWEgdGhlCj4+IGRpc2N1
c3Npb24gd2l0aCB5b3UgYWxsLgo+Pj4+IFRoYW5rcywKPj4+PiBZYW5nCj4+Pj4gPT09PT09PT09
PT09PT09PT09Cj4+Pj4gWWFuZyBDdWksICBQaC5ELgo+Pj4+IEh1YXdlaSBUZWNobm9sb2dpZXMK
Pj4+PiBjdWl5YW5nQGh1YXdlaS5jb20KPj4+Pgo+Pj4+PiAtLS0tLcOTw4rCvMO+w5TCrcK8w74t
LS0tLQo+Pj4+PiDCt8KiwrzDvsOIw4s6IFlhYWtvdiBTdGVpbiBbbWFpbHRvOnlhYWtvdl9zQHJh
ZC5jb21dCj4+Pj4+IMK3wqLDi8ONw4rCscK8w6Q6IDIwMTLDhMOqM8OUw4IxOMOIw5UgMjI6MjIK
Pj4+Pj4gw4rDlcK8w77DiMOLOiBDdWkgWWFuZwo+Pj4+PiDCs8Ktw4vDjTogdGljdG9jQGlldGYu
b3JnOyBEYW5ueSBNYXllcgo+Pj4+PiDDlsO3w4zDojogUkU6IFtUSUNUT0NdIFBsZWFzZSBDb21t
ZW50IG9uIFByYWN0aWNhbCBTb2x1dGlvbnMgZm9yIEVuY3J5cHRlZAo+Pj4+PiBTeW5jaHJvbml6
YXRpb24gUHJvdG9jb2wKPj4+Pj4KPj4+Pj4gWWFuZwo+Pj4+Pgo+Pj4+PiBXaGF0IGRvIHlvdSBt
ZWFuIGJ5ICJtYW5kYXRvcnkgdG8gYWNoaWV2ZSIuCj4+Pj4+Cj4+Pj4+IFdoYXQgMzMuMzIwIHNh
eXMgaXMgdGhhdCBJUHNlYyBpcyBtYW5kYXRvcnkgdG8gaW1wbGVtZW50IGluIEhXLAo+Pj4+PiBi
dXQgb3B0aW9uYWwgdG8gdXNlLgo+Pj4+PiBGdXJ0aGVybW9yZSwgbXkgaW50ZXJwcmV0YXRpb24g
aXMgdGhhdCB0aW1pbmcgcGFja2V0cyBhcmUgZXhwbGljaXRseSBub3QKPj4+Pj4gY292ZXJlZCwK
Pj4+Pj4gc2luY2UgdGhleSBtZW50aW9uIHdoaWNoIHR5cGVzIG9mIHBhY2tldHMgc2hvdWxkIGJl
IHByb3RlY3RlZCwKPj4+Pj4gYW5kIG5vbmUgb2YgdGhlIHR5cGVzIG1lbnRpb25lZCBkZXNjcmli
ZSB0aW1pbmcgcGFja2V0cy4KPj4+Pj4KPj4+Pj4gSSBoYXZlIGEgcXVlc3Rpb24gZm9yIHlvdS4K
Pj4+Pj4gV2VyZSB3ZSB0byB1c2UgTlRQIHdpdGggQXV0b2tleSBhbmQgdGh1cyBwcm92aWRlIHN0
cm9uZwo+PiBwcm92ZW50aWNhdGlvbiwKPj4+Pj4gd291bGQgeW91IHNlZSBhbnkgYmVuZWZpdCB0
byB1c2luZyBJUHNlYyA/Cj4+Pj4+IERvIHlvdSBhZ3JlZSB0aGF0IHRoZXJlIGlzIGEgZHJhd2Jh
Y2sgdG8gaXRzIHVzZSA/Cj4+Pj4+Cj4+Pj4+IFkoSilTCj4+Pj4+Cj4+Pj4+IC0tLS0tT3JpZ2lu
YWwgTWVzc2FnZS0tLS0tCj4+Pj4+IEZyb206IEN1aSBZYW5nIFttYWlsdG86Y3VpeWFuZ0BodWF3
ZWkuY29tXQo+Pj4+PiBTZW50OiBUaHVyc2RheSwgTWFyY2ggMTUsIDIwMTIgMDU6MzAKPj4+Pj4g
VG86IFlhYWtvdiBTdGVpbgo+Pj4+PiBDYzogdGljdG9jQGlldGYub3JnOyBEYW5ueSBNYXllcgo+
Pj4+PiBTdWJqZWN0OiBSZTogW1RJQ1RPQ10gUGxlYXNlIENvbW1lbnQgb24gUHJhY3RpY2FsIFNv
bHV0aW9ucyBmb3IKPj4gRW5jcnlwdGVkCj4+Pj4+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbAo+
Pj4+Pgo+Pj4+PiBIaSwgWWFha292LAo+Pj4+Pgo+Pj4+PiBUaGFua3MgZm9yIHlvdXIgY29tbWVu
dHMuIFBsZWFzZSBmaW5kIG15IGFuc3dlciBpbiB0aGUgZm9sbG93aW5nLgo+Pj4+Pgo+Pj4+PiBU
aGUgSVBzZWMgdHVubmVsIGZ1bmN0aW9uYWxpdHkgaW4gYmFja2hhdWwgbGluayBiZXR3ZWVuIGZl
bXRvIGFuZCBTZUdXCj4+IGFyZQo+Pj4+PiBtYW5kYXRvcnkgdG8gYWNoaWV2ZSBieSAzR1BQIFRl
Y2huaWNhbCBTcGVjaWZpY2F0aW9uIFRTLjMzLjMyMAo+Pj4+PiBodHRwOi8vd3d3LjNncHAub3Jn
L2Z0cC9zcGVjcy9odG1sLWluZm8vMzMzMjAuaHRtCj4+Pj4+IC00LjMuMSBCYWNraGF1bCBsaW5r
Cj4+Pj4+IC00LjQuNSBSZXF1aXJlbWVudHMgb24gQmFja2hhdWwgTGluawo+Pj4+PiAtNy40IElQ
c2VjIFR1bm5lbCBFc3RhYmxpc2htZW50Cj4+Pj4+IC1ldGMuCj4+Pj4+Cj4+Pj4+IFRoaXMgcmVx
dWlyZW1lbnQgaXMgb3JpZ2luYXRlZCBmcm9tIHRoZSB0eXBpY2FsIHVzZSBjYXNlIG9mIGhvbWUg
YmFzZWQKPj4+Pj4gd2lyZWxlc3MgYmFzZSBzdGF0aW9uIChGZW10byksIHdoZXJlIHRoZSBiYWNr
aGF1bCBjYWJsZSBjb25uZWN0aW9uIGlzCj4+Pj4+IGNvbW1vbmx5IGxlYXNlZCBieSB0ZWxlY29t
IG9wZXJhdG9yIGFuZCB0aHJvdWdoIGluc2VjdXJlIG5ldHdvcmtzLAo+PiBub3QKPj4+Pj4gYmVs
b25naW5nIHRvIG9wZXJhdG9ywqHCr3Mgb3duIG5ldHdvcmsuIFNpbmNlIHRoZSByZWd1bGF0aW9u
IGFuZCBsYXdzCj4+IG9uCj4+Pj4+IGluZm9ybWF0aW9uIHNlY3VyaXR5IGFuZCBwcml2YWN5IGFy
ZSBzdHJpY3QgaW4gbWFueSBjb3VudHJpZXMsIHZlbmRvcnMKPj4gYXJlCj4+Pj4+IHJlcXVlc3Rl
ZCB0byBzZXQgdXAgdGhpcyBJUHNlYyB0dW5uZWwgZnVuY3Rpb25hbGl0eSB0byBhdm9pZCB0aGUg
cmlzayBvZgo+Pj4+PiBpbmZvcm1hdGlvbiBvciBwcml2YWN5IGxlYWthZ2UuIFRoZSBjb250ZW50
cyBlbmNyeXB0ZWQgaW4gSVBzZWMgdHVubmVsCj4+Pj4+IGluY2x1ZGUgbm90IG9ubHkgZGF0YSBw
bGFuZSwgYnV0IGFsc28gY29udHJvbCBwbGFuZSwgd2hlcmUgdGhlIGZvcm1lcgo+PiBjYXJyaWVz
Cj4+Pj4+IHRoZSBjdXN0b21lcsKhwq9zIGRhdGEgYW5kIHZvaWNlLCBhbmQgdGhlIGxhdHRlciBj
YXJyaWVzIHNlbnNpdGl2ZQo+PiBpbmZvcm1hdGlvbiwKPj4+Pj4gc3VjaCBhcyB0aGUgc2VjcmV0
IGtleXMgZm9yIGFpciBpbnRlcmZhY2UgZW5jcnlwdGlvbi4gRm9yIG1vc3Qgb2YKPj4gb3BlcmF0
b3JzCj4+Pj4+IGFuZCB2ZW5kb3JzLCBpdCBpcyBjb25zaWRlcmVkIG5lY2Vzc2FyeSBhbmQgcmVz
cG9uc2libGUgdG8gcHJvdGVjdAo+PiBjdXN0b21lcnPCocKvCj4+Pj4+IHByaXZhY3kgYW5kIGNv
bW11bmljYXRpb24gc2VjdXJpdHksIHdoZXJlIHRoZSBiZXN0IHdheSBrbm93biBpcyBJUHNlYwo+
Pj4+PiB0dW5uZWwuCj4+Pj4+Cj4+Pj4+IEJlc3QgcmVnYXJkcywKPj4+Pj4gWWFuZwo+Pj4+PiA9
PT09PT09PT09PT09PT09PT0KPj4+Pj4gWWFuZyBDdWksICBQaC5ELgo+Pj4+PiBIdWF3ZWkgVGVj
aG5vbG9naWVzCj4+Pj4+IGN1aXlhbmdAaHVhd2VpLmNvbQo+Pj4+Pgo+Pj4+Pj4gLS0tLS3Dk8OK
wrzDvsOUwq3CvMO+LS0tLS0KPj4+Pj4+IMK3wqLCvMO+w4jDizogWWFha292IFN0ZWluIFttYWls
dG86eWFha292X3NAcmFkLmNvbV0KPj4+Pj4+IMK3wqLDi8ONw4rCscK8w6Q6IDIwMTLDhMOqM8OU
w4IxNcOIw5UgMjozNgo+Pj4+Pj4gw4rDlcK8w77DiMOLOiBDdWkgWWFuZwo+Pj4+Pj4gwrPCrcOL
w406IHRpY3RvY0BpZXRmLm9yZzsgRGFubnkgTWF5ZXIKPj4+Pj4+IMOWw7fDjMOiOiBSRTogW1RJ
Q1RPQ10gUGxlYXNlIENvbW1lbnQgb24gUHJhY3RpY2FsIFNvbHV0aW9ucyBmb3IKPj4gRW5jcnlw
dGVkCj4+Pj4+PiBTeW5jaHJvbml6YXRpb24gUHJvdG9jb2wKPj4+Pj4+Cj4+Pj4+PiBZYW5nCj4+
Pj4+Pgo+Pj4+Pj4gWWVzLCBJIGZ1bGx5IGFwcHJlY2lhdGUgdGhlIHNjZW5hcmlvIHlvdSBhcmUg
ZGlzY3Vzc2luZywKPj4+Pj4+IHdoZXJlIEFMTCBwYWNrZXRzIE1VU1QgYmUgZW5jcnlwdGVkLgo+
Pj4+Pj4KPj4+Pj4+IEkgYW0ganVzdCBxdWVzdGlvbmluZyB3aGV0aGVyIHN1Y2ggYSBzY2VuYXJp
byBpcyByZWFsbHkgbWFuZGF0ZWQgYnkKPj4gYW55Cj4+Pj4+PiBzdGFuZGFyZCAoSSBiZWxpZXZl
IGl0IGlzIG5vdCksCj4+Pj4+PiBpbiB3aGljaCBjYXNlIG9uZSBjYW4gc2ltcGx5IE5PVCBlbmNy
eXB0IHRoZSB0aW1pbmcgcGFja2V0cyAoZXZlbiBpZgo+PiB5b3UKPj4+Pj4+IGNob29zZSB0byBl
bmNyeXB0IHRoZSBvdGhlciBwYWNrZXRzKS4KPj4+Pj4+Cj4+Pj4+PiBZKEopUwo+Pj4+Pj4KPj4+
Pj4+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tCj4+Pj4+PiBGcm9tOiBDdWkgWWFuZyBbbWFp
bHRvOmN1aXlhbmdAaHVhd2VpLmNvbV0KPj4+Pj4+IFNlbnQ6IFR1ZXNkYXksIE1hcmNoIDEzLCAy
MDEyIDA0OjUxCj4+Pj4+PiBUbzogWWFha292IFN0ZWluOyBEYW5ueSBNYXllcgo+Pj4+Pj4gQ2M6
IHRpY3RvY0BpZXRmLm9yZwo+Pj4+Pj4gU3ViamVjdDogUmU6IFtUSUNUT0NdIFBsZWFzZSBDb21t
ZW50IG9uIFByYWN0aWNhbCBTb2x1dGlvbnMgZm9yCj4+IEVuY3J5cHRlZAo+Pj4+Pj4gU3luY2hy
b25pemF0aW9uIFByb3RvY29sCj4+Pj4+Pgo+Pj4+Pj4gSGksIFlhYWtvdiwKPj4+Pj4+Cj4+Pj4+
PiBNYXliZSBteSB1bmNsZWFyIGRlc2NyaXB0aW9uIGluIHRoZSBkcmFmdCBjYXVzZXMgc29tZSBj
b25mdXNpb24uCj4+IFNvcnJ5IGZvcgo+Pj4+Pj4gdGhhdC4KPj4+Pj4+IEluIHRoZSBzZWNvbmQg
bW90aXZhdGlvbiwgd2UgZGlkbsKhwq90IHRyeSB0byBhcmd1ZSB0aGVyZSBpcyBhIHNjZW5hcmlv
Cj4+IHdoZXJlCj4+Pj4+PiB0aW1pbmcgcGFja2V0cyBtdXN0IGJlIGVuY3J5cHRlZC4KPj4+Pj4+
IEluIGNvbnRyYXN0LCB3ZSB0cnkgdG8gZGlzY3VzcyB0aGUgY29uZGl0aW9ucyB3aGVyZSB0aW1p
bmcgcGFja2V0cyBhcmUKPj4+Pj4+IHRyYW5zcG9ydGVkIGluIGFuIGluc2VjdXJlIG5ldHdvcmsg
YW5kIHRoZXJlIGFyZSBhbHJlYWR5IElQc2VjIEVTUAo+PiB0dW5uZWwKPj4+Pj4+IHByb3ZpZGVk
Lgo+Pj4+Pj4gV2hlbiB3ZSB0cnkgdG8gdHJhbnNwb3J0IHRoZSB0aW1pbmcgcGFja2V0cyBpbiBh
IHNlY3VyZSB3YXksIHdlIGNhbgo+PiByZXVzZQo+Pj4+Pj4gdGhlIGV4aXN0aW5nIElQc2VjIEVT
UCB0dW5uZWwgZXZlbiB0aG91Z2ggdGhlIHRpbWluZyBwYWNrZXRzIG1heSBub3QKPj4gYmUKPj4+
Pj4+IGNvbmZpZGVudGlhbCBpdHNlbGYgKEJ1dCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBpcyBuZWNl
c3NhcnksIGFueXdheSkuCj4+Pj4+Pgo+Pj4+Pj4gQmVzdCByZWdhcmRzLAo+Pj4+Pj4gWWFuZwo+
Pj4+Pj4gPT09PT09PT09PT09PT09PT09Cj4+Pj4+PiBZYW5nIEN1aSwgIFBoLkQuCj4+Pj4+PiBI
dWF3ZWkgVGVjaG5vbG9naWVzCj4+Pj4+PiBjdWl5YW5nQGh1YXdlaS5jb20KPj4+Pj4+Cj4+Pj4+
Pj4gLS0tLS3Dk8OKwrzDvsOUwq3CvMO+LS0tLS0KPj4+Pj4+PiDCt8KiwrzDvsOIw4s6IFlhYWtv
diBTdGVpbiBbbWFpbHRvOnlhYWtvdl9zQHJhZC5jb21dCj4+Pj4+Pj4gwrfCosOLw43DisKxwrzD
pDogMjAxMsOEw6ozw5TDgjEzw4jDlSAwOjQ3Cj4+Pj4+Pj4gw4rDlcK8w77DiMOLOiBDdWkgWWFu
ZzsgRGFubnkgTWF5ZXIKPj4+Pj4+PiDCs8Ktw4vDjTogdGljdG9jQGlldGYub3JnCj4+Pj4+Pj4g
w5bDt8OMw6I6IFJFOiBbVElDVE9DXSBQbGVhc2UgQ29tbWVudCBvbiBQcmFjdGljYWwgU29sdXRp
b25zIGZvcgo+PiBFbmNyeXB0ZWQKPj4+Pj4+PiBTeW5jaHJvbml6YXRpb24gUHJvdG9jb2wKPj4+
Pj4+Pgo+Pj4+Pj4+IFlhbmcKPj4+Pj4+Pgo+Pj4+Pj4+IEkgZnVsbHkgdW5kZXJzdGFuZCB5b3Vy
IG1vdGl2YXRpb24gKGFjdHVhbGx5IHRoZSAybmQgbW90aXZhdGlvbiBpbgo+PiB5b3VyCj4+Pj4+
PiBkcmFmdCkKPj4+Pj4+PiB0byBoYW5kbGUgY2FzZXMgd2hlcmUgZW5jcnlwdGlvbiBvZiBBTEwg
cGFja2V0cyBpcyBtYW5kYXRvcnksCj4+IGluY2x1ZGluZwo+Pj4+Pj4+IHRpbWluZyBvbmVzLgo+
Pj4+Pj4+Cj4+Pj4+Pj4gSG93ZXZlciwgSSBhbSBub3Qgc3VyZSB0aGF0IFRTIDMzLjMyMCByZWFs
bHkgbWFuZGF0ZXMgZW5jcnlwdGlvbiBvZgo+Pj4+PiB0aW1pbmcKPj4+Pj4+PiBwYWNrZXRzLgo+
Pj4+Pj4+Cj4+Pj4+Pj4gRmlyc3QsIDMzLjMyMCBjbGVhcmx5IHN0YXRlcyB0aGF0IHdoaWxlIGlt
cGxlbWVudGF0aW9uIG9mIElQc2VjIGlzCj4+Pj4+IG1hbmRhdG9yeSwKPj4+Pj4+PiB1c2FnZSBp
cyBvcHRpb25hbCBhbmQgYmFzZWQgb24gb3BlcmF0b3IgcG9saWN5Cj4+Pj4+Pj4gKHdpdGggdGhl
IHBvc3NpYmxlIGV4Y2VwdGlvbiBvZiBkaXJlY3QgbGlua3MgYmV0d2VlbiBIKGUpTkJzLCBidXQK
Pj4gdGhlc2UKPj4+Pj4+IGxpbmtzCj4+Pj4+Pj4gYXJlIG9wdGlvbmFsIHRvbykuCj4+Pj4+Pj4g
SWYgSVBzZWMgaXMgbm90IHVzZWQsIHRoZW4gYSBsb3dlciBsYXllciBtZWNoYW5pc20gY2FuIGJl
IHVzZWQKPj4+Pj4+PiAody9vIGFueSBzcGVjaWZpY2F0aW9uIG9mIHdoYXQgZXhhY3RseSB0aGlz
IGxvd2VyIGxheWVyIG1lY2hhbmlzbQo+PiBuZWVkcwo+Pj4+PiB0bwo+Pj4+Pj4+IGRvKSwKPj4+
Pj4+PiBhIG1ldGhvZCBhc3N1bWVkbHkgcnVubmluZyBpbiBIVyBhbmQgYWRkaW5nIGFsbW9zdCBu
byBkZWxheSBhbmQKPj4+Pj4+PiBhYnNvbHV0ZWx5IG5vIGRlbGF5IHZhcmlhdGlvbi4KPj4+Pj4+
Pgo+Pj4+Pj4+IFNlY29uZCwgZXZlbiBpZiB0aGUgb3BlcmF0b3IgZGVjaWRlcyB0byB1c2UgSVBz
ZWMsIHRoZW4gdGhlIHN0YW5kYXJkCj4+Pj4+IHN0YXRlcwo+Pj4+Pj4+ICJBbGwgc2lnbmFsbGlu
ZywgdXNlciwgYW5kIG1hbmFnZW1lbnQgcGxhbmUgdHJhZmZpYyBvdmVyIHRoZSBpbnRlcmZhY2UK
Pj4+Pj4+PiBiZXR3ZWVuIEgoZSlOQiBhbmQgU2VHVyBzaGFsbCBiZSBzZW50IHRocm91Z2ggYW4g
SVBzZWMgRVNQIHR1bm5lbCIuCj4+Pj4+Pj4gSSB0aGluayB3ZSBjYW4gbWFrZSB0aGUgY2FzZSB0
aGF0IHRpbWluZyBpcyBuZWl0aGVyIHNpZ25hbGluZywgbm9yIHVzZXIsCj4+IG5vcgo+Pj4+Pj4+
IG1hbmFnZW1lbnQgdHJhZmZpYywKPj4+Pj4+PiBhbmQgdGh1cyBleGVtcHQgZnJvbSB0aGUgSVBz
ZWMgcmVxdWlyZW1lbnQuCj4+Pj4+Pj4gUGVyaGFwcyB3ZSBzaG91bGQgc2VuZCAzR1BQIGEgbGlh
aXNvbiB0byB0aGF0IGVmZmVjdCwgYW5kIGdldCBhbgo+PiBleHBsaWNpdAo+Pj4+Pj4+IHdhaXZl
ci4KPj4+Pj4+Pgo+Pj4+Pj4+IFNvLCB3ZSBhcmUgbGVmdCB3aXRoIG5vIHVzZSBjYXNlIG1hbmRh
dGluZyBlbmNyeXB0aW5nIG9mIHRpbWluZwo+PiBwYWNrZXRzLAo+Pj4+Pj4+IGFuZCB0aGUgcHJv
YmxlbSBnb2VzIGF3YXkuCj4+Pj4+Pj4KPj4+Pj4+PiBZKEopUwo+Pj4+Pj4+Cj4+Pj4+Pj4KPj4+
Pj4+PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQo+Pj4+Pj4+IEZyb206IHRpY3RvYy1ib3Vu
Y2VzQGlldGYub3JnIFttYWlsdG86dGljdG9jLWJvdW5jZXNAaWV0Zi5vcmddIE9uCj4+Pj4+IEJl
aGFsZgo+Pj4+Pj4gT2YKPj4+Pj4+PiBDdWkgWWFuZwo+Pj4+Pj4+IFNlbnQ6IFRodXJzZGF5LCBN
YXJjaCAwOCwgMjAxMiAwMzo0NAo+Pj4+Pj4+IFRvOiBEYW5ueSBNYXllcgo+Pj4+Pj4+IENjOiB0
aWN0b2NAaWV0Zi5vcmcKPj4+Pj4+PiBTdWJqZWN0OiBSZTogW1RJQ1RPQ10gUGxlYXNlIENvbW1l
bnQgb24gUHJhY3RpY2FsIFNvbHV0aW9ucyBmb3IKPj4+Pj4gRW5jcnlwdGVkCj4+Pj4+Pj4gU3lu
Y2hyb25pemF0aW9uIFByb3RvY29sCj4+Pj4+Pj4KPj4+Pj4+PiBEYW5ueSwKPj4+Pj4+Pgo+Pj4+
Pj4+IFRoYW5rcyBmb3IgeW91ciBjb21tZW50cy4gSSB3aWxsIHJlc3BvbmQgaW5saW5lLgo+Pj4+
Pj4+Cj4+Pj4+Pj4+IC0tLS0tw5PDisK8w77DlMKtwrzDvi0tLS0tCj4+Pj4+Pj4+IMK3wqLCvMO+
w4jDizogRGFubnkgTWF5ZXIgW21haWx0bzptYXllckBudHAub3JnXQo+Pj4+Pj4+PiDCt8Kiw4vD
jcOKwrHCvMOkOiAyMDEyw4TDqjPDlMOCN8OIw5UgMjA6NTYKPj4+Pj4+Pj4gw4rDlcK8w77DiMOL
OiBDdWkgWWFuZwo+Pj4+Pj4+PiDCs8Ktw4vDjTogdGljdG9jQGlldGYub3JnCj4+Pj4+Pj4+IMOW
w7fDjMOiOiBSZTogW1RJQ1RPQ10gUGxlYXNlIENvbW1lbnQgb24gUHJhY3RpY2FsIFNvbHV0aW9u
cyBmb3IKPj4+Pj4gRW5jcnlwdGVkCj4+Pj4+Pj4+IFN5bmNocm9uaXphdGlvbiBQcm90b2NvbAo+
Pj4+Pj4+Pgo+Pj4+Pj4+PiBJIGhhdmUgYWxyZWFkeSBzYWlkIHRoaXMgYmVmb3JlIGFuZCBJIHdp
bGwgcmVwZWF0IHRoaXMgZm9yIHRoZSBwdXJwb3Nlcwo+Pj4+Pj4+PiBvZiBmZWVkYmFjay4KPj4+
Pj4+Pj4KPj4+Pj4+Pj4gVGltZSBwYWNrZXRzIGRvIG5vdCBuZWVkIHRvIGJlIGVuY3J5cHRlZCBh
cyBub3Qgb25seSBkbyB0aGV5IG5vdAo+Pj4+Pj4gY29udGFpbgo+Pj4+Pj4+PiBhbnl0aGluZyBz
ZWNyZXQsIGV2ZW4gaWYgeW91IGtuZXcgdGhlIGNvbnRlbnRzIHRoZXkgYXJlIHVzZWxlc3MKPj4+
Pj4gYW55dGltZQo+Pj4+Pj4+PiBhZnRlciB0aGUgcGFja2V0IGhhcyBiZWVuIGRlbGl2ZXJlZC4K
Pj4+Pj4+PiBbQ3VpIFlhbmddIEkgd2lsbCByZXBlYXQgb3VyIG1vdGl2YXRpb24uCj4+Pj4+Pj4g
QWNjb3JkaW5nIHRvIGdsb2JhbGx5IHVzZWQgM0dQUCBzdGFuZGFyZCwgdGhlcmUgaXMgYSBuZWVk
IGZvcgo+PiBlc3RhYmxpc2gKPj4+Pj4+IElQc2VjCj4+Pj4+Pj4gRVNQIHR1bm5lbCBmb3Igc21h
bGwgaG9tZSBiYXNlIHN0YXRpb24gY29ubmVjdGluZyB0byBTZWN1cml0eSBHVyBvcgo+Pj4+PiBv
dGhlcgo+Pj4+Pj4+IGNvcmUgbmV0d29yayBkZXZpY2VzLgo+Pj4+Pj4+IFRoZXJlIGhhdmUgZXhp
c3RlZCBzdWNoIGEgZ3JlYXQgbnVtYmVyIG9mIElQc2VjIEVTUCB0dW5uZWxzIGluIHRoZQo+Pj4+
Pj4+IHVuZGVybHlpbmcgdXNlIGNhc2UuCj4+Pj4+Pj4gRm9yIG1lZXRpbmcgdGhlIGxlYXN0IHNl
Y3VyaXR5IHJlcXVpcmVtZW50LCBpdCBpcyBuZWVkZWQgdG8gc2V0IHVwCj4+IElQc2VjCj4+Pj4+
IEFICj4+Pj4+PiBvcgo+Pj4+Pj4+IElQc2VjIEVTUC1OVUxMIGZvciB0aGUgaW50ZWdyaXR5IHBy
b3RlY3Rpb24uCj4+Pj4+Pj4gVGhlbiBpdCB3aWxsIGluY3JlYXNlIHRoZSBzZWN1cml0eSBjb3N0
Lgo+Pj4+Pj4+Cj4+Pj4+Pj4gSWYgdGhlcmUgaXMgYSBzaW1wbGUgYW5kIHByYWN0aWNhbCBzb2x1
dGlvbiBmb3IgdGhpcyBwcm9ibGVtLCB0aGVuIHdoeQo+PiBub3QKPj4+Pj4gbGV0Cj4+Pj4+PiBp
dAo+Pj4+Pj4+IGJlIGNsYXJpZmllZD8KPj4+Pj4+PiBTbyB0aGF0LCBtYW55IGVuZ2luZWVycyBh
bmQgY3VzdG9tZXJzIGNhbiBiZW5lZml0IGZyb20gc2luZ2xlIElQc2VjCj4+Pj4+PiB0dW5uZWwK
Pj4+Pj4+PiBwcm90ZWN0aW9uIGVhY2ggdXNlciwgd2hpY2ggc2F2ZXMgdGhlIGNvc3QgZm9yIGJv
dGguCj4+Pj4+Pj4KPj4+Pj4+Pj4gWW91IGRvIHlvdXJzZWxmIGEgZGlzZmF2b3IgaW4gZW5jcnlw
dGluZyBzb21ldGhpbmcgdGhhdCBpcyBub3Qgd29ydGgKPj4+Pj4+Pj4gZW5jcnlwdGluZy4gSXQg
dGFrZXMgcHJvY2Vzc2luZyBvdmVyaGVhZCwgaW5jcmVhc2VzIHBhY2tldCBzaXplLCBhbmQKPj4+
Pj4+Pj4gdGhlcmUgaXMgbm8gZ2FpbiBpbiBkb2luZyBzby4gWW91IG5lZWQgdG8ganVzdGlmeSBl
bmNyeXB0aW5nIHNvbWV0aGluZwo+Pj4+Pj4+IFtDdWkgWWFuZ10gSSBhbSBub3QgZG9pbmcgbXlz
ZWxmIGEgZGlzZmF2b3IsIGJ1dCBnb2luZyB0byBwcm92aWRlIGEKPj4gc29sdXRpb24KPj4+Pj4+
IGZvcgo+Pj4+Pj4+IHRoZSBwcmFjdGljYWwgYW5kIHRlY2huaWNhbCBwcm9ibGVtLgo+Pj4+Pj4+
IEludGVncml0eSBwcm90ZWN0aW9uIHRha2VzIG92ZXJoZWFkLCBhcyB3ZWxsLgo+Pj4+Pj4+IElu
IGNhc2UgY29uZmlkZW50aWFsaXR5IGlzIG1hbmRhdG9yeSwgaXMgaXQgYSBnb29kIGlkZWEgdG8g
cHJvdGVjdAo+PiBpbnRlZ3JpdHkKPj4+Pj4+PiBzZXBhcmF0ZWx5Pwo+Pj4+Pj4+IFdoYXQgd2Ug
bmVlZCB0byBkbywgaXMgdG8gaW52ZXN0aWdhdGUgYW5kIHJlZHVjZSB0aGUgY29zdCBhcyBzbWFs
bCBhcwo+Pj4+Pj4gcG9zc2libGUKPj4+Pj4+PiBmaXJzdCwgYW5kIHNlZSB3aGV0aGVyIGl0IGlz
IGFjY2VwdGFibGUgb3Igbm90Lgo+Pj4+Pj4+IFRoYXQgaXMgb3VyIG1vdGl2YXRpb24gb2YgdGhl
IG5ldyBkcmFmdC4KPj4+Pj4+Pgo+Pj4+Pj4+PiBhbmQgcGxlYXNlIGRvbid0IHNheSB0aGF0IGl0
IGlzIGJlY2F1c2Ugc29tZSBvdGhlciBkb2N1bWVudCBzYXlzIHRvCj4+Pj4+Pj4+IGVuY3J5cHQg
ZXZlcnl0aGluZy4gSSB3YW50IHRvIGtub3cgd2hhdCBpcyB0aGUgYmVuZWZpdCBmcm9tIGRvaW5n
Cj4+IHNvLAo+Pj4+Pj4+IFtDdWkgWWFuZ10gSSBqdXN0IGFuc3dlcmVkIHlvdXIgcHJldmlvdXMg
ZW1haWwgcHJvdmlkaW5nIHRoZSByZWZlcnJlZAo+Pj4+Pj4gc2VjdGlvbgo+Pj4+Pj4+IGFuZCBk
b2N1bWVudCBhcyB5b3UgcmVxdWlyZWQsIHllc3RlcmRheS4KPj4+Pj4+Pgo+Pj4+Pj4+PiB3aGF0
IGFyZSB0aGUgcmlza3MgaW4gbm90IGRvaW5nIHNvIGFuZCB3aGF0IGlzIHRoZSBjb3N0IG9mIGRv
aW5nIHNvLAo+Pj4+Pj4+PiBwYXJ0aWN1bGFybHkgaW4gbG9zcyBvZiBhY2N1cmFjeSwgaW5jcmVh
c2VkIGVycm9yIGJ1ZGdldCwgZXRjLgo+Pj4+Pj4+IFtDdWkgWWFuZ10gVGhhdCBpcyBvdXIgbmV3
IGRyYWZ0IHRyeWluZyB0byBleHBsYWluLCBwbGVhc2UgY2hlY2sgaXQKPj4gYmVmb3JlCj4+Pj4+
Pj4gcG9zdGluZyB5b3VyIG9waW5pb24uCj4+Pj4+Pj4KPj4+Pj4+Pj4gVGhlIHdob2xlIHRoaW5n
IGlzIGEgYmFkIGlkZWEgZnJvbSB3aGF0IEkgY2FuIHRlbGwuCj4+Pj4+Pj4+Cj4+Pj4+Pj4+IERh
bm55Cj4+Pj4+Pj4+Cj4+Pj4+Pj4gVGhhbmtzLAo+Pj4+Pj4+IFlhbmcKPj4+Pj4+Pgo+Pj4+Pj4+
Cj4+Pj4+Pj4+IE9uIDMvNi8yMDEyIDEwOjM1IFBNLCBDdWkgWWFuZyB3cm90ZToKPj4+Pj4+Pj4+
IEhpLCBhbGwsCj4+Pj4+Pj4+Pgo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiBJIGhhdmUg
cG9zdGVkIGEgbmV3IGRyYWZ0IHRoYXQgZGlzY3Vzc2VzIHRoZSBwcmFjdGljYWwgc29sdXRpb25z
IGZvcgo+Pj4+Pj4+Pj4gZW5jcnlwdGVkIHN5bmNocm9uaXphdGlvbiBwcm90b2NvbHMuCj4+Pj4+
Pj4+Pgo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiBTaW5jZSB3ZSBoYXZlIGRpc2N1c3Nl
ZCBhIGxvdCBvbiB0aGlzIHByb2JsZW0sIGFuZCB0aGUgc2VjdXJpdHkKPj4+Pj4+Pj4+IHJlcXVp
cmVtZW50IG9mIHN5bmNocm9uaXphdGlvbiBhbHNvIG5vdGVkIHRoYXQgY29uZmlkZW50aWFsaXR5
IG1heQo+Pj4+Pj4gbmVlZAo+Pj4+Pj4+Pj4gcHJvdGVjdGlvbiwgZXNwZWNpYWxseSBpbiBjYXNl
IHRoYXQgdGhlIGNvbmZpZGVudGlhbGl0eSBwcm90ZWN0aW9uIGlzCj4+Pj4+Pj4+PiBtYW5kYXRv
cnkuIFN5bmNocm9uaXphdGlvbiBzaG91bGQgYmUgYXZhaWxhYmxlIHdoZW4gdGhlIHRyYWZmaWMg
aXMKPj4+Pj4+Pj4+IGVuY3J5cHRlZC4gVGhlIGluZmx1ZW5jZXMgYnkgdGhlIGVuY3J5cHRpb24g
YXJlIGV4cGxhaW5lZCwgYW5kCj4+Pj4+IHNldmVyYWwKPj4+Pj4+Pj4+IHBvc3NpYmxlIHNvbHV0
aW9ucyBoYXZlIGJlZW4gZGlzY3Vzc2VkLgo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+IFRoZSBVUkwgaXMg
YmVsb3csIHBsZWFzZSByZXZpZXcgYW5kIGNvbW1lbnQuCj4+Pj4+Pj4+Pgo+Pj4+Pj4+Pj4KPj4+
Pj4+Pj4+Cj4+Pj4+Pj4+PiAgICAgVGl0bGUgICAgICA6IFByYWN0aWNhbCBzb2x1dGlvbnMgZm9y
IGVuY3J5cHRlZCBzeW5jaHJvbml6YXRpb24KPj4+Pj4+PiBwcm90b2NvbAo+Pj4+Pj4+Pj4gQXV0
aG9yKHMpICA6IFkuIEN1aSwKPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiBNLiBCaGF0aWEsCj4+Pj4+Pj4+
Pgo+Pj4+Pj4+Pj4gRC4gWmhhbmcKPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiBGaWxlbmFtZSAgIDogZHJh
ZnQtY3VpLXRpY3RvYy1lbmNyeXB0ZWQtc3luY2hyb25pemF0aW9uLTAwLnR4dAo+Pj4+Pj4+Pj4K
Pj4+Pj4+Pj4+IFBhZ2VzICAgICA6IDEwCj4+Pj4+Pj4+Pgo+Pj4+Pj4+Pj4gRGF0ZSAgICAgIDog
TWFyLiAxLCAyMDEyCj4+Pj4+Pj4+Pgo+Pj4+Pj4+Pj4gICAgVGhpcyBpbmZvcm1hdGlvbmFsIGRv
Y3VtZW50IGFuYWx5emVzIHRoZSBhY2N1cmFjeSBpc3N1ZXMgd2l0aAo+Pj4+PiB0aW1lCj4+Pj4+
Pj4+PiAgICBzeW5jaHJvbml6YXRpb24gcHJvdG9jb2xzIHdoZW4gdGltZSBzeW5jaHJvbml6YXRp
b24gcGFja2V0cwo+PiBhcmUKPj4+Pj4+Pj4+ICAgIGVuY3J5cHRlZCBkdXJpbmcgdHJhbnNtaXNz
aW9uLiBJbiBhZGRpdGlvbiwgc2V2ZXJhbCBjYW5kaWRhdGUKPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiAg
IHNvbHV0aW9ucyBvbiBzdWNoIGlzc3VlcyBhcmUgaW50cm9kdWNlZC4KPj4+Pj4+Pj4+Cj4+Pj4+
Pj4+Pgo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+IEEgVVJMIGZvciB0aGlzIEludGVybmV0LURyYWZ0IGlz
Ogo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+Cj4+IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2Mv
ZHJhZnQtY3VpLXRpY3RvYy1lbmNyeXB0ZWQtc3luY2hyb25pemF0aW9uCj4+Pj4+Pj4+Pgo+Pj4+
Pj4+Pj4KPj4+Pj4+Pj4+IFRoYW5rcywKPj4+Pj4+Pj4+Cj4+Pj4+Pj4+PiBZYW5nCj4+Pj4+Pj4+
Pgo+Pj4+Pj4+Pj4gPT09PT09PT09PT09PT09PT09Cj4+Pj4+Pj4+Pgo+Pj4+Pj4+Pj4gWWFuZyBD
dWksICBQaC5ELgo+Pj4+Pj4+Pj4KPj4+Pj4+Pj4+IEh1YXdlaSBUZWNobm9sb2dpZXMKPj4+Pj4+
Pj4+Cj4+Pj4+Pj4+PiBjdWl5YW5nQGh1YXdlaS5jb20KPj4+Pj4+PiBfX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwo+Pj4+Pj4+IFRJQ1RPQyBtYWlsaW5nIGxp
c3QKPj4+Pj4+PiBUSUNUT0NAaWV0Zi5vcmcKPj4+Pj4+PiBodHRwczovL3d3dy5pZXRmLm9yZy9t
YWlsbWFuL2xpc3RpbmZvL3RpY3RvYwo+Pj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX18KPj4+IFRJQ1RPQyBtYWlsaW5nIGxpc3QKPj4+IFRJQ1RPQ0BpZXRm
Lm9yZwo+Pj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby90aWN0b2MKPj4+
Cj4+PiBTY2FubmVkIGJ5IENoZWNrIFBvaW50IFRvdGFsIFNlY3VyaXR5IEdhdGV3YXkuCj4gX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPiBudHB3ZyBtYWls
aW5nIGxpc3QKPiBudHB3Z0BsaXN0cy5udHAub3JnCj4gaHR0cDovL2xpc3RzLm50cC5vcmcvbGlz
dGluZm8vbnRwd2cKPgo+IC0tLS0tCj4gTm8gdmlydXMgZm91bmQgaW4gdGhpcyBtZXNzYWdlLgo+
IENoZWNrZWQgYnkgQVZHIC0gd3d3LmF2Zy5jb20KPiBWZXJzaW9uOiAyMDEyLjAuMjE5NyAvIFZp
cnVzIERhdGFiYXNlOiAyNDM3LzUyMzEgLSBSZWxlYXNlIERhdGU6IDA4LzI4LzEyCgoKLS0gCi8v
Q29uZmlkZW50aWFsIE1haWxpbmcgLSBQbGVhc2UgZGVzdHJveSB0aGlzIGlmIHlvdSBhcmUgbm90
IHRoZSBpbnRlbmRlZCByZWNpcGllbnQuCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXwpudHB3ZyBtYWlsaW5nIGxpc3QKbnRwd2dAbGlzdHMubnRwLm9yZwpo
dHRwOi8vbGlzdHMubnRwLm9yZy9saXN0aW5mby9udHB3Zw==