From nobody Thu Feb 4 07:42:05 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B5041B31BE for ; Thu, 4 Feb 2016 07:41:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.621 X-Spam-Level: X-Spam-Status: No, score=0.621 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QNbriFOOgDX for ; Thu, 4 Feb 2016 07:41:57 -0800 (PST) Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 786341B31BC for ; Thu, 4 Feb 2016 07:41:56 -0800 (PST) Received: by mail-lf0-x234.google.com with SMTP id 78so38733808lfy.3 for ; Thu, 04 Feb 2016 07:41:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=A0GsctPaFSWReVwTMzJJADxyQm//dv7HD69x9iJGt/M=; b=Ze55ZQTfdLk+sfdTxZJQ2iG2jQUrrelTg3ROGZcHj2ts9u9h3Uj0GhjNEGshXQL2Is /LUFincdpGSTTYDgEuV3Esroeq5Bxz3PJaPB4k3tf/f8DJ43+uUkYZqhlu5wOi8x+Ixz UaR7/dkg/aBNMwdGesZJeNIAUEEDd1AqZ7fs7G0yvZfFqbZGt3nGNweQ78/SrTceYgYH NhKspNqypMmmPb2iu2bDQNPxlBliLDkzpDfJMRUIZ5qAjinySFVkWlGrjNcmfakzE5Oa r7cwQFIXVeE/sEFogP+JZp5lOP7bRUKCWqPj/futERuHPiEf8351ZQxHsbvbJBFeLsAx d9FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=A0GsctPaFSWReVwTMzJJADxyQm//dv7HD69x9iJGt/M=; b=OCLa2+ow1sPaKV0cQWhy4C2pOZYnxlZ7LZXXGX5s8XohsQlIy6WTlQrvGMCFPVLwke rtgFIHseiAK6IDePc/RnQscKo1A9t3oMgA/gAXMwD6X7pmvXQWPgcHfJmwsGM1s2I7KI zyPErSZ0zgwGH50nj/UoET4d7dXgp2wtvPu2ZgRQoQ2XY1pX70CL7ZiiQBH7Ba1Xo1in OcME0dprw11UpXjMfgJX6J4jnsGkQlrjdPYExAPqSEYGXqyQ4KH9aM2ZgKc1+4hZySKy FhlN+OxyBNjzRVsKkpTG1eIqBRZHvEVB8mlWmXb3XHnQxaffLSnQMpnRXoGnoxRfLb/T YplA== X-Gm-Message-State: AG10YOTYZhDU/47Ei5cVDbcJKZsL3+Xf/26tmnauJhNdqs4M0d3y6UTOIG24Q0IZz6BRc5h14zJke1T2TN2FkQ== MIME-Version: 1.0 X-Received: by 10.25.138.194 with SMTP id m185mr3770824lfd.67.1454600514743; Thu, 04 Feb 2016 07:41:54 -0800 (PST) Sender: hallam@gmail.com Received: by 10.112.49.80 with HTTP; Thu, 4 Feb 2016 07:41:54 -0800 (PST) In-Reply-To: <87twmje02x.fsf@vigenere.g10code.de> References: <87ziwd3yrn.wl-neal@walfield.org> <56938B98.7000707@openfortress.nl> <87r3hn4tw2.wl-neal@walfield.org> <87twmje02x.fsf@vigenere.g10code.de> Date: Thu, 4 Feb 2016 10:41:54 -0500 X-Google-Sender-Auth: GozCsJBSeIniY2Qx_Zndzooz9Co Message-ID: From: Phillip Hallam-Baker To: "Neal H. Walfield" , Rick van Rein , IETF OpenPGP , Matthew Green Content-Type: text/plain; charset=UTF-8 Archived-At: Subject: Re: [openpgp] mailing list: managing the subscriber list X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Feb 2016 15:41:59 -0000 On Tue, Jan 12, 2016 at 2:19 AM, Werner Koch wrote: > On Mon, 11 Jan 2016 23:46, neal@walfield.org said: > >> There are two types of re-encryption that I think are inappropriate: >> >> - when the mailing list software decrypts and reencrypts each >> message before forwarding it on to the list of subscriber, and, > > As soon as you are in the need for a mailing list you have severe opsec > problems which I consider not solvable: You not only need to fully trust > all participants but also need to make sure that _all_ their boxes are > properly secured against attacks. > > Adding another box to reencrypt the messages does not change the picture > much more than adding another subscriber. > > I heard that Schleuder (schleuder.nadir.org or apt-get install schleuder) > is a matured tool for encrypted group communication. There is an approach that I think works but it requires significant changes to the OpenPGP protocol. The problem with having to have a trusted box as the remailer is the same as the problem with using STARTTLS to secure SMTP - running a server is expensive. The incremental cost for sending additional messages is almost nil. But if you want to completely trust a service you have to have your own machine, run it in a trusted location, etc. That costs several $1000s a year for even a basic setup. For something that is really secure you are looking at seven figures plus. So if we want the system to be accessible, it has to be possible to run all the code on a machine managed by a data canter run by daleks without a confidentiality or integrity concern (a service provider will always be able to deny service). This is the problem that proxy re-encryption solves. Instead of decrypting the message at the server and re-encrypting it, the server recrypts the message using a key that transforms the data encrypted for one key to data encrypted with a different one. There are good ways to do this that appear to be unencumbered for Diffie Hellman (if anyone knows of patents, please let me know). The problem is that these techniques don't solve the general case of Alice sets up the server and gives it a key that allows it to convert a message encrypted under the mailing list key to Bob's public key published in a directory. What it does allow is to encrypt the message to a key that Alice has picked and assigned to Bob. That key can then be sent as an encrypted blob along with the message. What this would require is specifying a new encryption algorithm type for recryption. It is probably best to leave off doing that until CFRG is done. From nobody Wed Feb 10 01:29:51 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE901A03A9 for ; Wed, 10 Feb 2016 01:29:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.093 X-Spam-Level: ** X-Spam-Status: No, score=2.093 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DC_PNG_UNO_LARGO=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_10_20=0.093, TO_NO_BRKTS_HTML_IMG=1.999] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOnudd1EMR8g for ; Wed, 10 Feb 2016 01:29:48 -0800 (PST) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 608401A03A5 for ; Wed, 10 Feb 2016 01:29:47 -0800 (PST) Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id 6748D6D72C; Wed, 10 Feb 2016 04:29:45 -0500 (EST) To: openpgp@ietf.org From: ianG Message-ID: <56BB0308.8020504@iang.org> Date: Wed, 10 Feb 2016 09:29:44 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------080102060003030905070508" Archived-At: Subject: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 09:29:50 -0000 This is a multi-part message in MIME format. --------------080102060003030905070508 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit (we should probably fix these one day) https://saltpack.org/pgp-message-format-problems We know from re-implementing PGP's message format (RFC 4880 ) ourselves (here ), it has a lot of issues. Some make life difficult for implementers, but others are problems for end users too: 1. PGP encryption doesn't authenticate the sender. There's no way to verify who a PGP message is from unless it's signed. That means that as a sender, you can't authenticate yourself without giving up repudiability. Partly because of this, authentication is off by default. In contrast, NaCl encryption authenticates the sender in a repudiable way. That makes it easy for us to enable authentication by default. It also means that we don't need special support for a "signed and encrypted" mode, because very few applications actually want that. 2. GnuPG will output data that doesn't verify. If you run|gpg --decrypt|on a corrupt message, it will print the plaintext to stdout, and you'll only find out if the message is bad at the/end/, after you've streamed out/unsigned data/. Try it on this message signed byJack's key : |-----BEGIN PGP MESSAGE----- Version: GnuPG v2 kA0DAAIBcYdraK1ILTIBy5liAFaqa7BKb2huIEphY29iIEppbmdsZWhlaW1lciBT Y2htaWR0LApIaXMgbmFtZSBpcyBteSBuYW1lIHRvby4KV2hlbmV2ZXIgd2UgZ28g b3V0LApUaGUgcGVvcGxlIGFsd2F5cyBzaG91dCwKVGhlcmUgZ29lcyBBIE1BTiBJ TiBUSEUgTUlERExFIE9IIFNISUlJMTF0IQqJARwEAAECAAYFAlaqa7AACgkQcYdr aK1ILTK6Ewf9GIIzBmtGuNeJXUGAoDbG5mmVDyMwpu3i72OwOfoSo+4GI6mT/FuV PKh7HCKwglmTuO2oazg0sUnoktjmHxdNQuJZ+6ii/5xXb80XEHFECFDClrjwbkeE +3irJDrpnmuQzRyJVOYh+fr7dxrlN7pgMdjlkbAgWnATZ+k1zf8z40p8SANNpXHt 9yie6nuzKUd1LUujPa4sz6BfNW0Clcp3c0XFeU2je//4TcZ+4/Ql2B1/MdzqF4+G TPh+B1L8k9F9TNgyh9lXyez90oRLEvw3+3o9+CvMvQb6Gb8aR+eW/rE+wabdiwSY qfLaI0VHvwNCa1NV/5MmX6UKUzNV2c4vcAo= =uIW7 -----END PGP MESSAGE----- | 3. Anonymous recipients aren't fully anonymous. Even with the|--hidden-recipient|flag, RSA encryptionleaks some information about the recipient's key . 4. PGP ASCII armor isn't friendly to modern apps and phones. One of many manglings Almost all apps, email clients, chat clients, and web pages do post-processing on the text people post. PGP's whitespace pattern, use of hyphens and slashes, and header lines are not friendly. You shouldn't have to edit a message by hand before passing it off to your crypto program. 5. Lack of Constraints Can Be Dangerous PGP's strategy of composable, nested streams is a headache to implement and allows attackers to craft messages thatexplode memory usage . There are workarounds, but the underlying problem is that the spec gives message crafters too much flexibility. --------------080102060003030905070508 Content-Type: multipart/related; boundary="------------070604090202070300070308" --------------070604090202070300070308 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit (we should probably fix these one day)

https://saltpack.org/pgp-message-format-problems

We know from re-implementing PGP's message format (RFC 4880) ourselves (here), it has a lot of issues. Some make life difficult for implementers, but others are problems for end users too:

1. PGP encryption doesn't authenticate the sender.

There's no way to verify who a PGP message is from unless it's signed. That means that as a sender, you can't authenticate yourself without giving up repudiability. Partly because of this, authentication is off by default.

In contrast, NaCl encryption authenticates the sender in a repudiable way. That makes it easy for us to enable authentication by default. It also means that we don't need special support for a "signed and encrypted" mode, because very few applications actually want that.

2. GnuPG will output data that doesn't verify.

If you run gpg --decrypt on a corrupt message, it will print the plaintext to stdout, and you'll only find out if the message is bad at the end, after you've streamed out unsigned data. Try it on this message signed by Jack's key:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

kA0DAAIBcYdraK1ILTIBy5liAFaqa7BKb2huIEphY29iIEppbmdsZWhlaW1lciBT
Y2htaWR0LApIaXMgbmFtZSBpcyBteSBuYW1lIHRvby4KV2hlbmV2ZXIgd2UgZ28g
b3V0LApUaGUgcGVvcGxlIGFsd2F5cyBzaG91dCwKVGhlcmUgZ29lcyBBIE1BTiBJ
TiBUSEUgTUlERExFIE9IIFNISUlJMTF0IQqJARwEAAECAAYFAlaqa7AACgkQcYdr
aK1ILTK6Ewf9GIIzBmtGuNeJXUGAoDbG5mmVDyMwpu3i72OwOfoSo+4GI6mT/FuV
PKh7HCKwglmTuO2oazg0sUnoktjmHxdNQuJZ+6ii/5xXb80XEHFECFDClrjwbkeE
+3irJDrpnmuQzRyJVOYh+fr7dxrlN7pgMdjlkbAgWnATZ+k1zf8z40p8SANNpXHt
9yie6nuzKUd1LUujPa4sz6BfNW0Clcp3c0XFeU2je//4TcZ+4/Ql2B1/MdzqF4+G
TPh+B1L8k9F9TNgyh9lXyez90oRLEvw3+3o9+CvMvQb6Gb8aR+eW/rE+wabdiwSY
qfLaI0VHvwNCa1NV/5MmX6UKUzNV2c4vcAo=
=uIW7
-----END PGP MESSAGE-----

3. Anonymous recipients aren't fully anonymous.

Even with the --hidden-recipient flag, RSA encryption leaks some information about the recipient's key.

4. PGP ASCII armor isn't friendly to modern apps and phones.


One of many manglings

Almost all apps, email clients, chat clients, and web pages do post-processing on the text people post. PGP's whitespace pattern, use of hyphens and slashes, and header lines are not friendly. You shouldn't have to edit a message by hand before passing it off to your crypto program.

5. Lack of Constraints Can Be Dangerous

PGP's strategy of composable, nested streams is a headache to implement and allows attackers to craft messages that explode memory usage. There are workarounds, but the underlying problem is that the spec gives message crafters too much flexibility.


--------------070604090202070300070308 Content-Type: image/png; name="gpg-fail.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="gpg-fail.png" iVBORw0KGgoAAAANSUhEUgAAAroAAAIKCAIAAABDVXs7AAAACXBIWXMAAAsTAAALEwEAmpwY AAAKsGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjarZZnUBTZHsX/3T05kGZAQMKQkyA5 So5DlgwmhhnCwDAOE1ARM6KCa0BEBBRFlyAKrgGQNSCimBYFA+YFWVTUdTFgQuV9YBn2var3 4VW9f1VX/+rUveee2/3lANAuc0QiAaoEkC2UiqMCfVgJiUks4u9AARTo4AZ4Dlci8o6MDAUA mHr/YxCAj3cBAQC4ZckRiQTwv40yL1XCBUAiASCFJ+FmAyAnAJCjXJFYCoDxAMBgiVQkBcA2 AgBTnJCYBIBVAQAzfZKPAgAzZZK7AIApjonyBcDuAZBoHI44HYD6BwCwcrnpUgAaDgCshTy+ EIBmDwAe3AwOD4AmBYBZ2dmLeQC0fQBgmvIPn/R/80yRe3I46XKevAsAAJD8+BKRgLMM/t+T LZBNnaEPALQMcVAUAJAAkPqsxSFyFqaER0wxnzeZCQCpz5AFxU4xV+KbNMU8jl/IFMuyYr2n mCOe3suXsmOmWLw4Su4vFISHyv1T2XJOlfhHT3EaP4A9xXkZMfFTnMuPC59iSVZ0yPQaX7ku lkXJM6eJA+R3zJZMZ+Nyps+SZsQETWdIkOfhpfr5y3VhrHy9SOoj9xQJIqfzCwLluiQ3Wr5X Ko6R65mc4Mhpn0j59wE+hAEHuNLUpVIAAN/FomVifnqGlOUtEglSWWwh12oWy9baxgEgITGJ NflL398DBAAQNdK0JrkN4GoMgAintYWFAO1OAIw/pzXDfADqAYAzfVyZOHdSwwEA4IECisAE DdABAzAFS7AFR3ADL/CHYIiAGEiEhcCFDMgGMSyBfFgDhVAM22AnVEA1HIB6OALHoBVOw3m4 BNfgJtyBhzAAw/AKRuEjjCMIQkToCAPRQHQRI8QCsUWcEQ/EHwlFopBEJBlJR4SIDMlH1iHF SAlSgexHGpBfkFPIeeQK0ovcRwaREeQd8hXFUBrKRLVRY3Q26ox6oyFoDLoATUdz0Dy0AN2C lqM16GG0BT2PXkPvoAPoK3QMA4yKqWF6mCXmjPliEVgSloaJsZVYEVaG1WBNWDvWjd3CBrDX 2BccAcfAsXCWODdcEC4Wx8Xl4FbiNuMqcPW4FlwX7hZuEDeK+4Gn47XwFnhXPBufgE/HL8EX 4svwtfiT+Iv4O/hh/EcCgaBGMCE4EYIIiYRMwnLCZsIeQjOhg9BLGCKMEYlEDaIF0Z0YQeQQ pcRC4m7iYeI5Yh9xmPiZRCXpkmxJAaQkkpC0llRGOkQ6S+ojPSeNk5XIRmRXcgSZR15G3ko+ SG4n3yAPk8cpyhQTijslhpJJWUMppzRRLlIeUd5TqVR9qgt1LpVPXU0tpx6lXqYOUr/QVGjm NF/afJqMtoVWR+ug3ae9p9PpxnQvehJdSt9Cb6BfoD+hf1ZgKFgpsBV4CqsUKhVaFPoU3iiS FY0UvRUXKuYplikeV7yh+FqJrGSs5KvEUVqpVKl0SqlfaUyZoWyjHKGcrbxZ+ZDyFeUXKkQV YxV/FZ5KgcoBlQsqQwyMYcDwZXAZ6xgHGRcZw0wC04TJZmYyi5lHmD3MUVUVVXvVONWlqpWq Z1QH1DA1YzW2mkBtq9oxtbtqX2doz/CekTpj04ymGX0zPqnPVPdST1UvUm9Wv6P+VYOl4a+R pbFdo1XjsSZO01xzruYSzb2aFzVfz2TOdJvJnVk089jMB1qolrlWlNZyrQNa17XGtHW0A7VF 2ru1L2i/1lHT8dLJ1CnVOaszosvQ9dDl65bqntN9yVJlebMErHJWF2tUT0svSE+mt1+vR29c 30Q/Vn+tfrP+YwOKgbNBmkGpQafBqKGuYZhhvmGj4QMjspGzUYbRLqNuo0/GJsbxxhuMW41f mKibsE3yTBpNHpnSTT1Nc0xrTG+bEcyczbLM9pjdNEfNHcwzzCvNb1igFo4WfIs9Fr2z8LNc Zgln1czqt6RZelvmWjZaDlqpWYVarbVqtXoz23B20uzts7tn/7B2sBZYH7R+aKNiE2yz1qbd 5p2tuS3XttL2th3dLsBulV2b3Vt7C/tU+7329xwYDmEOGxw6Hb47OjmKHZscR5wMnZKdqpz6 nZnOkc6bnS+74F18XFa5nHb54uroKnU95vqXm6VbltshtxdzTOakzjk4Z8hd353jvt99wIPl keyxz2PAU8+T41nj+dTLwIvnVev13NvMO9P7sPcbH2sfsc9Jn0++rr4rfDv8ML9AvyK/Hn8V /1j/Cv8nAfoB6QGNAaOBDoHLAzuC8EEhQduD+tnabC67gT0a7BS8IrgrhBYSHVIR8jTUPFQc 2h6GhgWH7Qh7FG4ULgxvjYAIdsSOiMeRJpE5kb/OJcyNnFs591mUTVR+VHc0I3pR9KHojzE+ MVtjHsaaxspiO+MU4+bHNcR9iveLL4kfSJidsCLhWqJmIj+xLYmYFJdUmzQ2z3/eznnD8x3m F86/u8BkwdIFVxZqLhQsPLNIcRFn0fFkfHJ88qHkb5wITg1nLIWdUpUyyvXl7uK+4nnxSnkj qe6pJanP09zTStJepLun70gfyfDMKMt4zfflV/DfZgZlVmd+yorIqsuaEMQLmrNJ2cnZp4Qq wixh12KdxUsX94osRIWigRzXnJ05o+IQca0EkSyQtEmZUpH0usxUtl42mOuRW5n7eUnckuNL lZcKl15fZr5s07LneQF5Py/HLecu78zXy1+TP7jCe8X+lcjKlJWdqwxWFawaXh24un4NZU3W mt/WWq8tWfthXfy69gLtgtUFQ+sD1zcWKhSKC/s3uG2o3ojbyN/Ys8lu0+5NP4p4RVeLrYvL ir9t5m6++pPNT+U/TWxJ29Kz1XHr3m2EbcJtd7d7bq8vUS7JKxnaEbajpZRVWlT6YeeinVfK 7Muqd1F2yXYNlIeWt+023L1t97eKjIo7lT6VzVVaVZuqPu3h7enb67W3qVq7urj66z7+vnv7 A/e31BjXlB0gHMg98Oxg3MHun51/bqjVrC2u/V4nrBuoj6rvanBqaDikdWhrI9ooaxw5PP/w zSN+R9qaLJv2N6s1Fx+Fo7KjL39J/uXusZBjncedjzedMDpRdZJxsqgFaVnWMtqa0TrQltjW eyr4VGe7W/vJX61+rTutd7ryjOqZrWcpZwvOTpzLOzfWIep4fT79/FDnos6HFxIu3O6a29Vz MeTi5UsBly50e3efu+x++fQV1yunrjpfbb3meK3lusP1k785/Hayx7Gn5YbTjbabLjfbe+f0 nu3z7Dt/y+/Wpdvs29fuhN/pvRt7917//P6Be7x7L+4L7r99kPtg/OHqR/hHRY+VHpc90XpS 87vZ780DjgNnBv0Grz+NfvpwiDv06g/JH9+GC57Rn5U9133e8ML2xemRgJGbL+e9HH4lejX+ uvBP5T+r3pi+OfGX11/XRxNGh9+K30682/xe433dB/sPnWORY08+Zn8c/1T0WeNz/RfnL91f 478+H1/yjfit/LvZ9/YfIT8eTWRPTIg4Yg4AAGAAgKalAbyrA6AnAjBuAlAUJjvx310emW71 /40nezMAADgC1HUAxAJAyGqAfQBgDAA0AIj0AojxAtTOTv78PZI0O9tJL2orAL5sYuJ9PADR DOB7/8TEeOvExPdaAOwBQMfHyS4OAEBQAmjCcj7ncm+Eb1n9n534X6lGAekIHONUAAA6MmlU WHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0w TXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczpt ZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS42LWMwNjcgNzkuMTU3NzQ3LCAyMDE1 LzAzLzMwLTIzOjQwOjQyICAgICAgICAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6 Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRl c2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9u cy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnhtcE1NPSJodHRwOi8v bnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgICAgICAgICB4bWxuczpzdEV2dD0iaHR0 cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlRXZlbnQjIgogICAgICAg ICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iCiAgICAg ICAgICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3Av MS4wLyIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZm LzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhp Zi8xLjAvIj4KICAgICAgICAgPHhtcDpDcmVhdG9yVG9vbD5BZG9iZSBQaG90b3Nob3AgQ0Mg MjAxNSAoTWFjaW50b3NoKTwveG1wOkNyZWF0b3JUb29sPgogICAgICAgICA8eG1wOkNyZWF0 ZURhdGU+MjAxNi0wMS0wN1QxMToyMjoyMC0wNTowMDwveG1wOkNyZWF0ZURhdGU+CiAgICAg ICAgIDx4bXA6TWV0YWRhdGFEYXRlPjIwMTYtMDEtMDdUMTE6MjI6MjAtMDU6MDA8L3htcDpN ZXRhZGF0YURhdGU+CiAgICAgICAgIDx4bXA6TW9kaWZ5RGF0ZT4yMDE2LTAxLTA3VDExOjIy OjIwLTA1OjAwPC94bXA6TW9kaWZ5RGF0ZT4KICAgICAgICAgPHhtcE1NOkluc3RhbmNlSUQ+ eG1wLmlpZDo3YTUyYjgyOC0xY2ExLTRlZTItOTU2NS1hYzM4MjU1ZTM5NWY8L3htcE1NOklu c3RhbmNlSUQ+CiAgICAgICAgIDx4bXBNTTpEb2N1bWVudElEPmFkb2JlOmRvY2lkOnBob3Rv c2hvcDo2OWU3MGM2Yy1mNWU5LTExNzgtYmY0NC04OGFjNmQwNWY0MmY8L3htcE1NOkRvY3Vt ZW50SUQ+CiAgICAgICAgIDx4bXBNTTpPcmlnaW5hbERvY3VtZW50SUQ+eG1wLmRpZDpkZjdm ZTViZS0zMDc4LTQyNDAtYTAwZC05Zjk0YjI3YjNmYWE8L3htcE1NOk9yaWdpbmFsRG9jdW1l bnRJRD4KICAgICAgICAgPHhtcE1NOkhpc3Rvcnk+CiAgICAgICAgICAgIDxyZGY6U2VxPgog ICAgICAgICAgICAgICA8cmRmOmxpIHJkZjpwYXJzZVR5cGU9IlJlc291cmNlIj4KICAgICAg ICAgICAgICAgICAgPHN0RXZ0OmFjdGlvbj5jcmVhdGVkPC9zdEV2dDphY3Rpb24+CiAgICAg ICAgICAgICAgICAgIDxzdEV2dDppbnN0YW5jZUlEPnhtcC5paWQ6ZGY3ZmU1YmUtMzA3OC00 MjQwLWEwMGQtOWY5NGIyN2IzZmFhPC9zdEV2dDppbnN0YW5jZUlEPgogICAgICAgICAgICAg ICAgICA8c3RFdnQ6d2hlbj4yMDE2LTAxLTA3VDExOjIyOjIwLTA1OjAwPC9zdEV2dDp3aGVu PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6c29mdHdhcmVBZ2VudD5BZG9iZSBQaG90b3No b3AgQ0MgMjAxNSAoTWFjaW50b3NoKTwvc3RFdnQ6c29mdHdhcmVBZ2VudD4KICAgICAgICAg ICAgICAgPC9yZGY6bGk+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0i UmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6YWN0aW9uPnNhdmVkPC9zdEV2 dDphY3Rpb24+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDppbnN0YW5jZUlEPnhtcC5paWQ6 N2E1MmI4MjgtMWNhMS00ZWUyLTk1NjUtYWMzODI1NWUzOTVmPC9zdEV2dDppbnN0YW5jZUlE PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6d2hlbj4yMDE2LTAxLTA3VDExOjIyOjIwLTA1 OjAwPC9zdEV2dDp3aGVuPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6c29mdHdhcmVBZ2Vu dD5BZG9iZSBQaG90b3Nob3AgQ0MgMjAxNSAoTWFjaW50b3NoKTwvc3RFdnQ6c29mdHdhcmVB Z2VudD4KICAgICAgICAgICAgICAgICAgPHN0RXZ0OmNoYW5nZWQ+Lzwvc3RFdnQ6Y2hhbmdl ZD4KICAgICAgICAgICAgICAgPC9yZGY6bGk+CiAgICAgICAgICAgIDwvcmRmOlNlcT4KICAg ICAgICAgPC94bXBNTTpIaXN0b3J5PgogICAgICAgICA8ZGM6Zm9ybWF0PmltYWdlL3BuZzwv ZGM6Zm9ybWF0PgogICAgICAgICA8cGhvdG9zaG9wOkNvbG9yTW9kZT4zPC9waG90b3Nob3A6 Q29sb3JNb2RlPgogICAgICAgICA8cGhvdG9zaG9wOklDQ1Byb2ZpbGU+RGlzcGxheTwvcGhv dG9zaG9wOklDQ1Byb2ZpbGU+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6 T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlhSZXNvbHV0aW9uPjcyMDAwMC8xMDAwMDwv dGlmZjpYUmVzb2x1dGlvbj4KICAgICAgICAgPHRpZmY6WVJlc29sdXRpb24+NzIwMDAwLzEw MDAwPC90aWZmOllSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpSZXNvbHV0aW9uVW5pdD4y PC90aWZmOlJlc29sdXRpb25Vbml0PgogICAgICAgICA8ZXhpZjpDb2xvclNwYWNlPjY1NTM1 PC9leGlmOkNvbG9yU3BhY2U+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj42OTg8 L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+ NTIyPC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAg IDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz6H/xl7 AAAAIGNIUk0AAG4nAABzrwAA/fAAAIJXAABvWAAA7hgAADD0AAAPphtNY+kAAXgzSURBVHja 7J15XFTl9/ifmWEYhhl2FDHCBVlUyFDTXKI009JMMzM1+aBCaO64h/sC4q65pAglH8vULCVz QU2TJJNQ3AURRUKRBEUcGIZZ+P1xvj2/+7n3zp3LMJjVef/h63q5c5dnPec855xHQhCkfrRp 02bWrFn0vzNmzPjjjz+wWBAEQf5JyLAIkHpSVVXl7u5eVVV16dKllStXlpeXY5kgCIIgCIIg CIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIg CIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIg CIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIg CIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIIgCIL8M5D8Y76kadOmHh4eBoPh/3+b RCKTyQwGg1arLS0t1Wg0vD9s1aqVUqlk/pCnmCQSmUz25MmTgoICc9c4Ozu/+OKLwcHBzZs3 J4RUVFTk5eVlZmYWFBTU1tby/iQgIEChUFRVVeXn59OTXl5ejRs3JoTcvHlTq9Wae5xCoQgI CLCzs7t06ZLRaBQuHE9PT29vb95v1Ov1VVVV5eXlVVVVFgvZim8MCQkxGo28f9VqtY8fP378 +LHJZBJZy/7+/g4ODrwfUlNTU1lZ+fDhw5qaGu5fg4ODJRLJw4cP7969K3D/1q1b29nZsSq6 devWEomE+QnQHrRaLTQtnU7H22ZefPFFg8FQWFj4+PFjMV8XGhpqMBju3r378OFDc9d4eHiE hoa+9NJLbm5uhJBHjx6dOnUqKyuL96vr9JksmjRp0qhRI4PBoFQqL1++rNfroRhNJpO5uqbY 2dnBVyuVyoCAgJqaGjs7u8uXLwv/Cpq0wWAQvhgKtrq6mntep9NVVFSUlZXxtiiVStWqVSup VCqmy3Bp3LhxWFhYp06d7OzsDAbDo0ePzp49e+7cOZGVSwjx9fXt1KlTQECAq6srIeTOnTsn T568du2abesIQVBcsEBkZGRYWJjwNfHx8bm5uayTmzZtUqvVYh5RUFCwYMECXoFj9uzZcrnc 3A937dp1+PBh7nl4NOu29EM0Gs348ePN3bNt27YzZ84khEydOrWsrKz+hUMIWbly5ZUrV8wJ VVZ8o1Kp3LJli8XnZmdnb9q0ScxgJ6aydDpdbGxsaWkp9zXM1aBwjVh8qE6nmz59ekVFBe+3 Jycnp6enW/w0en1SUtLPP/9c1yo4evTozp07LU7kzC8qLCycN28e7wWBgYGxsbFwnJOTs2zZ MvG1CcBXyOXypKQkOHPgwIG9e/cK/CQhIcHb25sQcvbs2c2bN1ssKAFyc3OXLVvGKo06dRkm Li4u8fHx5tqAXq+fM2dOSUmJwB169OgxcuRIc3/dvHnz2bNnbVJHCNJwSP8xXyKgiFNiY2Pb t2/PHevr89yIiIh58+YxB/Hi4uLc3FzmbYcOHfrJJ5/wTjMgFvB+iFqt7tevn7nn0slV2C4i vnAIITNmzHjjjTds+I0iZ6/Q0NBNmzbZ2dlZvFJMZSkUitWrVzdp0oT7GuYsTMI1YvGhCoVi w4YNLi4uzJNUwRXZwOj1vHaC8PBwZhUYjcasrKx79+7RC3r37r1t2zYxZUhfiSXfMC0xdB5K T0+n85B4IxDo+tBKly5dCmf69+/v4eFh7vpu3bqBrKDVagVkBZGvERgY+Nlnn3HtT+K7DKVz 586ffvopU1bIyclhah1yuXzFihWvvPKKuTusWbOGKSuUlZVlZmYyxYtx48bFxcXZpI4QpOGw +4d9j06nmzVrFtOubmdn5+npGR4e7u/vTwiZPHnymDFjuJZMo9E4bdo0YYM8d5x65ZVXevbs Ccfnz5/fvn070zIplUpfe+21iIgIQkhQUFC/fv0OHjxYp88ZMmTIL7/88ujRI1uVz6pVq3Jy cqRSKbN8PDw8Jk2a1KhRI0LIiBEjsrKymE+0yTdqNJrp06ezCtDR0TE0NBR+q1AoxowZs2nT JpEfMm3atCdPnrDmbF9f3xkzZsB/58+fP378eJHyihgKCwvj4uKYN1QqlT4+Ph9//DHMJfHx 8QLWoPrQrVu3Xr16USvCt99+y2zA7dq1mzp1KsxbMTExK1eurM+zgoODaRkePXr0q6++Elmb /6OFSKX0DfPy8s6cOdOlSxdCyOLFi3mLSKlURkdHw7E5ZZrLgQMHUlNTaWOWSqUqlap169ZR UVFwz9GjR3/++ef1LHn6YsXFxcuXL2d2DQ8Pjzlz5oAMFBUVVVpaev36ddYdFi5cSIWkxMTE X375hTYhqVTav3//QYMGEUJ8fHy6dOly5swZW9URgqB1wTKPHj3SMaisrLxz587SpUtPnjwJ F/j4+HB/VV1dzfohF5a1XK1Ww8BECNm0adP69etZq5gmk+nEiRPz58+H/w4YMIA5T4uEKmc2 oaCgQK/Xs8qnsLBw+vTpOTk5cE3Hjh1t/o1Xr17VarWs8nz06NGJEydmzZpFpz2R5VNZWQke A0wqKiquXLkSGRkJtgGVSuXl5WXDoisuLq6urmY+sby8/MqVKxMmTABXA7Va7eDgYPP27Ozs TGesBQsWfPXVVyxh9+LFi3QODg4OFtDg6zQPHThwwNw8xFubTLRaLVOuSkxMpM2J13w1d+5c ONizZ8+DBw9Evu2tW7eYjRn8SH7++ecpU6bABR06dKhPyTOFmB07dsyePZsluJeVlU2dOnXP nj3UOMey7oSGhrZo0QKsLNHR0RkZGcxiMZlMqampVLyLjIwEk4xN6ghBUFywnh9++IHqBDxm Frs6G1rGjh0LB/v378/MzDR32Z07d/bv3w/qb9u2bev6FOEliTrXt/n5mGr2zPUaW32jSqUy 99v79++DUqVQKJycnETZxMxXlsFgoIvlMFLbCnOfUFtbS5fkFQqFzdvt6NGj6VRqzutNo9Gk pKSwrq+PrLBnzx4BPwOB2jRnllu8eDEcjxgxgrVq06lTJ5DgNRpNncxv5tw4Hj16BJ6S9ayO wYMHw0Fqaurx48fNXXbw4MHbt28TQmQy2ZAhQ5h/omLcwoULza1JXblyBX4ul8tDQ0NtVUcI guKC9YhcvxeJvb19SEgIIUSn08FMKcCRI0cIISUlJUz/O2E0Gs3ChQvheMiQIfVRGcV/ERxQ I39DfyPl+eeft+GHeHp60lnq6TStysrKBrqznZ0dTCF6vZ7XW5by008/EULS09Otm0KY89Cu Xbvqumpmkfz8fGppp6IDzOh0Tp09e7atHmduyb9OsggsAOn1eouNf/ny5XDQs2dPaiHw9vYG gaawsLCoqEjg51u3bjUajfv372dGSD39OkIQC8PRv+dTu3btSlXh+t8NPCFgmLa4QK7VamGF XjwSieT27dspKSnwQ3OLvg0x51EVv6G/kZKTk8O7QmQd1AHQiqUf62SC999/nxBiNBpZ7hT1 p2nTpnCwb98+YenHZDJZXf7MeUhMHIeYmFsuiYmJ4MHg6urasWPHrKwsQgh1j01OTrZV6cnl 8k6dOoHwavVNIFRYTMlD48/Ozg4NDZXL5U2aNCkuLiaEvPzyy1QaEP55cXGxRZtQXesIQdC6 YBmuBVKlUg0fPnzEiBGEkPLy8vv37/OXRV1mF2qxb6B+C/b2EydOQMSXWq1+9913G7TcqB01 Ly/P5t8oMNeqVCpQ44xGo3XzEAvqbAGjtq1gmdBBpPP09FyzZg3IOgcOHLC5PYM65FthsxFZ Kcx5KDExUUxdOzs7W/E45pLEuHHjJBJJy5YtYcGoqKjIijbGXbqSSqW+vr6fffYZqPXbtm2r fykVFhaKuYy6RlE5w93dHQ7qIwZZXUcIgtYFy7IC9aviotFoJk+ebO6HX3zxhcCddTod9XuC ua3+Y4EYFi9evH79ekLIwIEDT58+Ld4RTKQsBRPhqFGj6LrpsWPHbP6N3LmW/JlvhzqmZWVl ic8zI5VKuXOzr6/vrFmzYIqtrKwUyG9jBUFBQdQ/gEt6evq+fftsXvvUWe/WrVs2v7lMJgsJ CZk+fTo9A+mD6lkUhJArV67wBmjk5+dnZGR069ZNJpNt376dnl+yZIkV7x8eHh4eHm7ur6tW rapPA2jXrh0ciLwJ9YKkzTI4OJgQotfr67MyYnUdIQiKC/VCqVR6eXnVx0TJlSF4p9IuXbr4 +vqyPNjlcnlFRcXRo0fr9Ijy8vJdu3YNHTqUELJw4cJ6LklYjLJLS0tjfZFNvtHiBEMIER/z ZlG2I4SsXr36aTatVq1aKRSKeubw4EIltjolbRRJx44dmVEwYGHKyckRXkGvJ0lJSZ06dWJ6 Ka5atYob2Fx/AgMDLeaRFFPyjo6OYsRlrimLrt/VJ5r3L6kjBPm3iAtpaWlM07dcLvf39w8K CgJRfcWKFQkJCdzwaELI+fPny8vLzcUyUU/A/yk+Ozt7e3vuYNeqVSsaKM+aeusqLhBCDh8+ /MYbb3h4eKjV6sGDBzecOzRvZsan8I2QFdGGc0ZcXJzNx1Oj0chabnBwcHjhhRdgJaJp06aJ iYnjxo2zrdujUql8Cl1myZIlTZs2jYyMJITMmTNnzJgxFs086enpArMgM38UC5PJtGzZMhp5 m5mZafWkXlJScuLECabBzM3NrXv37iCL9O/fv0ePHg3t8UOhDrYUGEnqlBLKtnWEIH8DccHe 3p531XDDhg1ZWVlr1qzh+vlD2lc/Pz86jjCZNGmSVqsVuCftnDqdbufOnbxv9c4777z33nuE kBkzZkRFRbFM2TqdDmz+IpHJZPCvQqHgznO8soVIeOWVRYsWffrppzAInjp1qq5LEvSeer3+ l19+YU5C1dXVd+/ezcnJKSoqYg1ttv3GrKwsVpmXlpbeunXr5s2bVuShys/PLy0tZZYVJNi4 fv061zdFTDi7mPfnLjfs3r1bKpXOmjUL5NH4+Hhzq11WPxSydzs5OYnfm6BOLF68OD8//+bN m3379vX29pbJZKtWrRL+iszMzOTkZKufmJ+ff/nyZdhMxKIboLB0e/78edbJ7du3u7i4rF69 Wi6XQxCydREEtI+InO+5KaKvX7/erVs3Ozs72GPiKdRRy5YteXOcT5o0qaqqigYYc8fPwYMH 9+/fn/UnvV4fFRUlcM8GapDIM0uD7Bnh4ODAOwpAavS1a9dSJyAKLHYGBATMmTOHt2nqdDpz 9wwNDQWPawRBkH8nWVlZaWlp5sbP6upqXqcuGJPDw8O5lkIQFwTGZBQX/m00SGSEOf9wWNnl Xd8FE645c7TJZDJ3z4ZY00UQBPnbYfX4ybsDKlhEBO6JBY7Whb8rw4cP79OnDyt+gQWVlLds 2UKTxsDiiPAPeaEbFZpzhmDC+xQ4yXIjF/gQZ2fnDRs2WCHmwz2t0Anq+Y3UzmTOVb6uWF1Z sNuhTqcbO3asuZGuWbNmEOnH8uHgrSYWH374Ye/evZklTIN0ePcb5GLu+ri4OHCPWLBggYCX vpeX14oVK4iljUwtftH06dMhN5derx87dizTik7fsP61CQ0S9Ne6/lZkwcI3Mh/h7+8P2aZF 9gK6Q+aSJUtu3rwpcCXdtqOoqIjq4nZ2drBkYzQahV0NevXqBSEe6enpdJXHujpCkL+ZdeGZ heaxsUlEPo0Emz17Nm+gIMXR0dG6UHUWFRUVO3bseJol9vS/sYG4dOkSzDSvv/66wBwGBzdu 3KjTze3s7Hr06EFslzqCtwrmzp0r4IQRExMDB4cOHaqnQAYTm1wuF97s+1nG29sbHKTq43lK N8aMjY0VaPxubm4gKxBCmNtgGgyGtLQ0QohMJmNGQrKQy+U0HFSkm8U/o44QFBee1e+USiMj I2nqQAHPbfH89ttvNLfrp59+yt0aG57bs2dPmjem/hw/fhwSNz0d/pJvbAh+/PFHOBgxYgRo ZixGjhwJ7oo6na5OSQ6cnJxWrlwJ367Vam3ur56XlwdVIJfLP/vsM25uInt7+7lz54IebDFX tEWYyZR8fX3B0fLvhY+PT0JCAhz//PPPVt+nsLAQbJAymezTTz8NDAzkXhMSErJu3To4Pnv2 LCvZM919Kigo6KOPPuImgvP09KQSRmFhobkMcv+8OkL+jvwD0zQlJCQw86I4OTnRTLpAUlIS 1+NBoVCsWbNGOHeej4/PzJkzYcNDqvBt3LgRzPXgqJydnZ2ZmVlZWenu7t6rVy9WbmOIbqgn Cxcu5C5JNBx/yTfanJKSEkjTSwiZPn260Wjcs2dPYWFhbW1tcHDw22+/zXx/3hDB4ODguXPn MhcyXF1dWZte8sb1jBkzxpxJw9XVNTExUdjQTQhZunTpli1bCCFKpXLjxo35+fmpqaklJSUO Dg6vvPIK00ltwYIF9V9ULiwsPHDgALjKR0ZGXr9+nRWJwy0KXimKJnhuILgFy6oRvV7/7bff cn+4YMECcz3d19c3JiaG7i+zZcuWwMBAcM2OjY3V6/WbNm36/fffCSEtW7aMjo6mIrJGo6HW CKaBIS4uDpYnunfv3r179/T09PT09CdPnri4uAwbNozugqbX6xctWmTDOkIQFBfMAlF/hBBv b2/QtHjZtWsXS+GgBl4PDw+LOznRpwC1tbUTJkyYPHkyTYkYGhrKu63c+fPnt2zZwnLz5LUt sx7BBZYkBPLZWXFPAer5jbalPiGR69ato1E5Mpls2LBh3Gv2799/5coVcw+lm2jwsnjxYl7D j0wm41VMgUaNGlkUF7Ra7ZQpU6gW6+fnR63fTGJjY+/evWuTYty7d2+3bt2grJYtW/bRRx+x RCjhooD5r4EapMiC1ev1kydP5pX8hHu6vb09czu6mJiYiRMnQq4kuVxOk5Ayyc7OprXD4saN GytXrqQpnMPCwrjGAK1WO3nyZJYLQv3rCEFQXDA7pJr704MHD+7cuXPmzJlLly5x7Qp1mt64 GlVtbe26descHBxef/111va1hBDQYtPT03mXtOHRrOVVsF4Iuy8dP368V69eIBWJ0SapRcQ6 U7nV30jfzVYLKFBiVhv8Y2JiWrVqFRER4evry/rTqVOnvvnmG978fTTBH5fi4uKcnJyzZ89a 9AO1WDW0rHgf9+jRo4iIiICAgFGjRrGsZYSQlJSUEydO1KlCiaV1/QULFoARSy6X9+3b9+DB g3WyWwg3YOitDeGjl5eXd/XqVeYimkDn5YVb/hs2bHBycnrnnXfAm5XJoUOHDh06JJz28cqV KyNHjuzateuoUaNYC3Z6vX7FihW8vjLW1RFOaUgDamtYBDZXf+3t7WFHgwbVs/Eb64lCoYC1 ZIPB8LdLkEdfXq/Xo2P800Qul8P2bzU1NQJypEDfcXBwgOPq6mq0ByAIgiAIgiAIgiAIgiAI giAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAI giAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAI8o9E8tSe5OnpGRoa 2rFjRzc3N0LIo0ePTp06de7cOZ1Oh9Xw16JQKNq0adOuXbvAwECZTGYymfLy8rKysnJycszV TkhIiNForK2t5f5Jq9U+fvz48ePHJpPJ4qO9vLw6d+7ctm1b2iqys7PPnz//xx9/1Omh/9Om JRKZTGYwGK5fv97QRde0aVMPD4+qqqr8/Py/sAa9vLzc3d0NBkNeXt4/qWU2bty4V69ejx8/ PnjwIPN8+/btg4KCLl68ePXqVey//v7+dnZ2JSUlDx8+xNJAGg67p9OaZ82aJZfLWQNcUFAQ IeTo0aM7d+60OAcglHHjxu3evbusrKz+t3JxcYmJiWnRogXrvLe3d1hYGCEkOzv7008/ZU38 SqVy+vTpFm+enZ29adMmvV7P+9dXXnklKiqKO+0FBQUNGzaMEBIfH5+bm1vXh1J0Ol10dHRD 18Vbb70VFhZWUFCwYMGCv7BJtGvXztPTE+Q88YLOSy+9lJqayjofGhoqkUjOnz//LDR1Pz8/ EEBZ51u2bEkIqaqqega7p0qleuutt/bu3fvUnti+fXuZTJaTk4PiAtKgSBv6AeHh4XPnzqWy gtFozMrKKioqohf07t1769atdnZ2WBkWkcvlKSkpnTt3NhgMNpljPv30U6as8ODBg9zc3JKS EubksWXLFnt7e+YPRcp2oaGhmzZt4q3ZtWvXsmSF3NxcpnBACImNje3Vq9czXiMwk2k0mr/2 NeraHrp06fLaa69xfzV48ODWrVsbjcZnpHh9fHwIITk5OcyT9vb20CB///33Z609PPfccwMG DHjKoxlI889OrSFoXbCGV155hY74aWlp3333XXV1NXO6mjp1KiFEoVDExMSsXLkS60MYmUxm q1s1atQICh8U8YULF967d495QZs2bWbNmgW1s3LlysmTJ3NvotFopk+fzrI9ODo6hoaGRkRE wG/HjBmzadMm5gULFy50d3eH4127dv344481NTXMn0dGRnbs2BFkzZycHBAutVrtmDFjmJKK yWTq0qVLZGQkISQhIeHmzZtSqRQbiUgNmLc52bCB1R8HBwe5XG4yme7fv8+VIaqrq20iNNsW hUKBrQtB60KdcXFxoRrkggULdu7cyZQVCCEXL14cP348HAcHB3t4eGB9PDUWLlwIB6dOnYqO jmbJCoSQa9euRUdHw1KCq6trkyZNuDe5evWqVqvV/S+PHj06ceIEiBogFDJn8RdffJHaM6ZP n3748GGmrEAIqaqq2rBhw5dffgn//eijj+ifqqurmQ/S6/V0IikqKtLr9aw3wVquqz4qxt3k qfH888+DmMh6q4CAAEJIQUEB1iOC/EPEhVGjRsHBnj17zPVtjUaTkpICx6NHjzYnsLu4uLi4 uCiVSvHKk4uLC1fSVyqVcCsxaihc7OjoyDovl8vd3Nx472/uSicnJ5Fv7uzs7OLiolKpJBIJ 7w1togV26dJFrVYTQsrLyz///HNzl+l0usWLF8Nx3759zSmpvNy/f//MmTNQfczPnzBhAhzM nz//wYMH5n5+7Nix4uJiQkjz5s25VcDTjsXZFeralqAhiWwwvD93dnYW325taIVycXFxdnY2 10TBmM+1mYv5TKlU6uzs7OzszFqi4i1tZ2dntVpt8UpeWrVqxSsWuLi4mBMXoM86Ozvzdh+B KhZTR3K5HLqnwOfQIhUoSdqoxBSLTCaDh0KHtaIlqNXqejZCK3oN79tKJBL4lqffIxCb0FCL EXZ2dqGhoTDlHD58WODKn376KSIi4tSpUydOnGD9qW3btjNnzmSdXLt27YULF1jaxpw5czQa zeTJk/v27fvee+8xJ7zY2NjS0lKFQrFs2TKmASMtLW3nzp30vw4ODlu3boX5zMfHZ/bs2cxH rFu3Ljs7mxAycuTIHj160PP37t2bP38+15vPyclp2rRpLBfCXbt2sYqCPnTs2LHu7u7x8fHM v7LcDNeuXUtt+GvXriWEXLlyBVZw6H3Onj27efNmi7Xz/vvvs2wM5igsLNRoNEql8vLly9Zp h0z8/PxA4rl27dqdO3eEf75jx46ZM2eePXvWnLNknRDZluhsOnLkyG7durGq47PPPhNjtFCr 1dOnT2fVfklJyerVq5l+ITantrZWqVR27969UaNGzPNZWVk3btyA45YtW7788st0WB8+fDgh 5NChQ506dfL09KRl1bZtW5PJtGvXLvoTo9G4f//+sLAw5s1NJtNPP/3EWiwghISGhrZu3Zp1 sqioKD09ndX+Bw0aRAjhxj5QseD27dvMk66urjKZzGg0stz6WrduDQMO5ebNm5cvX3733Xfh A8vLy5lPPHToUPPmzdu0acP8iblQCy8vr9dee40poz9+/PjYsWNvv/22g4PD1atXL168SO8M ssLQoUOhnTMbWJcuXVitwmQynTx5krdVeHp6vv766yzFgFuG5vD19e3atStLann8+PHx48fF G978/f1feukl1skLFy5cu3aNeYa2kMOHD7/11lv0nTMzM2/evAnF3qtXL2dnZ+aH//DDD+3a tWvWrJlGo/n+++9xMv73igvPPfccHKSmpgpbOE0mE6xzs4iLi4NFShYxMTE5OTnLli3jjtHJ yclcuTghISEhIWH27Nms0Iw+ffq4urpyJ9eNGzdyHzplypQ1a9b07dsXojkoTZs2Xb9+/bhx 41gjF0vaAIYOHdq/f/9JkyZx11y3bNnCvT40NHTDhg10vYari3BFeAF1n+Lo6Ahik0ajefTo kcXr6QvUlZycHFYNvvbaa3Dw7bffWvz51atXeRuGFdSpLbVq1WrevHm81ZGYmLhgwQJhM7iT kxNvE/Ly8lqxYsWSJUtgAG0gowLMjiw6duxYW1sLQRO8XngymYzVO3ivYQridF7s2bMna5Z9 8803qVzLxMfH54MPPti9ezfvzVlnPDw8pFKp0WisqKhgzUyEEJas8NZbb0EgLqsewT7BC6+1 rF27ds2bN2cJLu3atWvbti1XlBk8eDBLdRYwNiiVSt6qkUqlr7/++u3bt8EUR+natWvz5s15 y3Do0KHff/+9cFRIQEAAeP9wX/u9997bv3+/mKCSQYMGOTg4cM+/+OKL/v7+3JgamUz29ttv M8/QpUxuaUul0nfeeQeO0Unz3y4u0JlMwOAsQHh4OB3f4+LiQDfy9/efO3cuISQoKGjcuHG8 arTRaFy9enVubq6Li8vixYvVarVcLofR//z5859//nl1dXWnTp0gxK5z587bt2/n7TkpKSm/ /PKLRCIZM2YMaC3gGKjT6RYsWPDgwQNfX1+InVOpVG3atKHitqenJ5UV9uzZc+zYsZqaGpVK FRMT4+/vr1KpVq9ezes2SAjZv39/WlqaXq8PDg6eMmUKFCO9+cyZM5s2bQolsGrVqlu3blE5 jA5VYiyWVOn/4Ycf6lnLlZWVAgZJ8HI1Go20hIODg+HM01x4rlNbUiqVVFY4f/78tm3bqqqq HBwcPvzwQ4gsXbRo0fjx4wVCIaZNmwYHiYmJZ8+eNRgMcrm8b9++oHrGxMRYLX6JxGQy/frr r0VFRY6Ojj169AAJsn379iAu3Lx58969e6+//rpKpaqurj5+/LhEInn8+PGPP/6oVqt79eol lUqLioqysrLMufenp6eD8yk1IbRr1+7WrVsQJNK4cWOQFWpqak6ePAnhvk2aNHn11VdlMplM JmvVqhUVmGi75T4LQii5owdMosz24+/vT2WFc+fO3bhxQyqVtmvXjiXZm5NoIWT0ueeee/XV V2FCZb6ho6MjlRXu3LkDFdq8efOuXbuybqXVar///vuQkJAWLVqAzUCr1dKWT6dGk8n0448/ PnjwQCaTtW/f3t/fnxDSokWL8vJymiakVatWVFbIz88/d+6cwWBwd3d/4403ZDKZVCrt378/ r9RFZ2KQFaAl3Llzp7a21snJ6dVXXwX9vlu3bseOHRMumV69elFZITMzMz8/v7a2lpqmVCpV v379uAYhagJRKBQeHh5gQezTpw8dLo4fP15ZWenq6tqnTx8qIz5TDraIAA3lu9C+fXs4YNkS xeDi4gIzDYTOUztqXl7eRx99BBJr586duQ4BOp1uzJgxV69eNRgMZWVlzDD9/fv3r1+//smT J3q9PiMjY8eOHXCeV6maM2fOiRMnqqurtVrtunXraIaDwsLC6Ojo4uJig8Fw69YtKhbwrs3H xcUdPHgQ/PgqKyuXLl166NAhkLV59YYFCxbs27evqqpKr9dnZ2fTSYtq5JWVldSAf/v27crK ShqPrtVqo6KioqKixET/0+CC+mduAHMxC4lEEhoaSifgrKwsupoAjzYYDE/Np72ubYnaM77+ +uv169fDcF9dXZ2cnJyUlAR/+s9//mOxTA4cOJCRkQGfqdfrU1NTwYasVqvFO7JYgdFo3LVr V0FBgcFgqKioSE1NBf9imUwGcoPJZNJoNE+ePIEyqaioePz4MXxjaWkp6HkPHz6sqqpiqfXA 999/T6Ogs7Ozs7Ky4Lhnz55wQA3OqamptIHdv3+fWpuZ9n+tVvvNN9988803+/bt49rSuaOH nZ0dzGHMlSw61Bw8eDA3N7e2ttZoNJ4/f/7UqVPCZXXu3DmaXuLu3btUeu7QoQNTy6cX0wot KCjYu3cv12iq0WjA4YYQUlJSUlFRAde3bdsWZsTq6updu3aBDGQ0Gn/77beTJ0/C9S+88AK9 D32B06dPg4AClbJ7924Q0GUyGUjevFCHlTNnzhQUFECne/LkyQ8//AD1a9Gp3NnZuXHjxtBa vvvuu5s3b8JNbt26RT8cfES4ouq+ffvS09OPHTsGK1mtWrWCby8tLU1NTYX3Ly8v3717N8vz Hfn3WheofYnl9y4G2nNWr17NWmarqamJj4+HSbF///5M5wNCSHJyMnOdW6vVlpWVeXh4GI1G lunszJkz4eHhvE8/e/YsMy0ETHggIIN/AKW4uPjhw4dMu6uDgwOsTZ46dYrOTJRvvvkGjHLv v/8+K2r07NmzLIW7sLAQXp65vkBXIrnyuBUL/LzeA7BMy+3Jcrl83759LLNhUFAQ9VQ1B9eV kg6pLAYMGCCVSlmjsIODQ05OzsWLF61rh3VqSxKJBNQyjUZz5MgR1q1+/vnnd99918PDo3Pn zmCmEnhuhw4dvv32W2bY586dO9PS0srKyrhJh2xIWloa68yFCxdAI+RKxua0OnPnb968yTKr 3Lhx44UXXrC3t+fKQC1btmQm0tBqtRkZGeXl5SyLFG+7pZkVWD0RljiNRiMdVcCVAbRwkHso d+/eZXVPJtXV1aw8HxUVFUVFRT4+PjKZzNXVFXwdYGblXlxTU3Pu3Dnuuj6vhyNYSgghXC+u 4uLiu3fvPvfcczKZrEWLFrdv3/bw8IAvevDgQWFhIev6w4cPwyJI27Ztr1y5ItwYmjdvzurj P/30k8lk4hUEmdBFnHPnzrHaeU1Nza+//gpSVMeOHVkOZzdu3GA1b7DxmEym48ePc7+Fd4EG +deJC/XxfQXlW6fTcWdckHA1Go1arabuERSWAw7l999/Z01CAqtlv/76K+95nU7HjTZkJSwC lYgQwpvDWCKRwJtz19HNPbRBUavVXB8r3oVGgNqWRaLT6aZPn86dVqlLHYvXXnuNd3Bv3ry5 1eJCndqSQqGAOdWcpTclJYVmCjEnLlRVVbm7uzdt2nT79u1paWmnTp0qLi42mUxarZY1+TWE jA6TXAPB6xZ69erV0NBQqVTq4OBQXV1N5YkOHTqEhITk5ubeunULRASLzq0UmlmBJUzAvMvM zkQbDGs6B3777TdqCeeaFrgnz58/D492c3MrLy93cHCAmfvWrVu8wlOHDh1ExljB5/BKillZ WdD8QFmnFjve0q6pqQEZSCD0g4rFzz333PDhw2/fvp2bmwveHiI9baFUTSYTr59NQUFB586d IeaC9SduKnTQdqqqqrjGGK1WC70Pp+F/u7iQlZUFa71OTk4sqd8i4Cug1+vNZQ/U6XRqtZrb Uc113Tq5owv4fImPSn///fdp9IEYWcqio5kNoaXq6enJ7d4C64i8KwhZWVks2ausrCw/Pz8/ P5/rRwljnLmPNRdXVp9kAHVqS1QANedwQ5eiBdL2rV27dvXq1XDcp08fmK7Kysq+/vrrCxcu WDQCDR48uH///lzTETdhNq882qCyCK+lkE5OIC7cv3+fzgH29vYhISEhISFQpJcvX+bGUAho t1zpCoIymImu4YzJZOIdZARcTHidfGkLh5nb1dWVmvp4+5HRaLQoLlCZw5wkR7sPXEZXKs15 I9JakEgkvK3aZDLl5ORQ140WLVqAybOysvLy5cu8og8L8AWpra0112tMJpNMJuO2N9YZOzs7 +ChzgjKKCyguEEIILI4SQtq1a2dRqXJzc2N2+AcPHnh4eAh4w8EFVJW3iJh4gada6H9pxms6 vnfo0OHs2bNcCw0rHmHKlCmsEDXKlStXNmzYUNdHQyYG2kIoLB9Ad3d3iBetD3VqS3R24ZqR ADriN23a1JyhpbS0dOLEiWPGjGGuLnt4eIBTCzeY1oZmuQZFJpPZ2dmJcTr5/vvvuYGUjRo1 6tmzp8lkSk1NtbgcA9MVS7VVq9Ww/1lpaSk9SXVx3olNQH5ycnKyaJO3iZdJTU2NyWSSSqXm NnSgF8DCR3l5eZMmTUwmkzk/YrhAKpU6Ojqau+b8+fOPHj3q1KkTU/pXqVQvv/zyyy+/fPr0 aV4BiPlKcrlcoJrgAt64ib9KC0L+xuICFRF69+5tzoGWMn/+fDB/TZgwAbwRmVI2F3DDeZY3 o9uyZcuFCxeezZzEv//+u16vl8vlL774ItdXgAvvwop1HD16FGSRl19+2aJvtkDYhXjq1Jao 3ubr68ubZ4KavoUjOyoqKlauXCmRSJ5//vlOnToxrQVDhw4tKioSSGLBO6k8C9mOjUaj+NfI zs7Ozs52cnJq2bKln58fnVcgfE7Aq5/86Y5gMplYRQEq8pMnT5iSQXl5uaenJ10KMWdIE9Bn BK6nCoyLi4vVuzeZTCa4LSsZBtOoBgMF+PSAsUEqlapUKt4uAI3QaDQKd5Dbt2/fvn3b3t6+ efPmfn5+zEDT7t27U69DAQOkgOQKFWpxqxSdTgeSUIO69yJ/e3GhpqYG/IYgEEBgeIW9d6Hx QR++d+9eSEiIXC43N5mB1foZbIJ0uPnjjz8a1KOtni+ZmZnZrVs3hUIxdOhQlrtog3L27FkQ F0aMGJGRkSEc/G2TTUrr1JZolXl5efHO6FSXFRYEwUpcW1tbWFhYWFi4d+9elUo1cODA3r17 E0I6deokIC4cPHjQonj9lwDbgnOdfqjFnrnOAiXw5MmTixcvgt9Jy5YtO3XqJJVKYc1bYKaB zArc6RxiDlm29NLSUli5cHd359qEvL29zT3F0dGRa12ghnEQHOkF3t7e3Agv2NJCfAGaG6/o GhwYHemHmzMewFRtceEJKqumpubGjRvguNOoUaNXXnkFfu7r6yuwvTusEUgkEmF1wqKVlIpK 5mIxMPH/34sGVH+3b98OB7GxsQKNOyYmBg5oIBMsKyoUCm52FEJIYGAg9OrffvvtWStNalMZ OXIk74CbkpKSkpLC2nLp6QMxToSQPn360Dg0c/DWgnVUVlZCckxCCOjfAhfTxab67FNcp7ZE 50Kano8F7Kyt0+l4dVOQM1JSUrZv386yZ1RWVn711VcwR5rz1f9LDAZ1GCmkUt7gPZjFqbI7 YMCA4cOHDxkyhHXZrVu3qDlQeJqBomO5poL9gHDcCOjCBG9WIoG23alTJ+5JGukA6k11dTUU Ee+6p7kVOnMmLgcHB951evom4NhBWzvv/R0cHMCvQiDirH379sOHD//ggw9Y0syDBw9oeIJw AnuQm6VSaWBgIK88B2sc5kKcuDZCBwcHbrNv0qQJrlaguPB/5OXlwfSpUCg2bdrEFa4VCsXc uXNBA9DpdDQGjMYix8TEsDqYo6PjjBkz4JjXt/mvhXq/+/r6vvLKK6y/jhgxgiUYWQ03BY1S qVQqlSITnlRUVNDME5MnTx40aBBvvw0MDExJSaFxHDZxuaAZD9Vq9bZt23iTLSqVysjISJp5 AtYLrKNObUmv10MjVKlUXImhX79+MOTl5eWZU7mo0gyCBROaSP/u3bvPSHM1p+82a9bMnODI 2r+ja9eu0OSo+RDcU2QymZeXF3d6YF7DbLe0adHMCqzNqaENcC3wFRUVsAahVqtZEsCrr74q sLiuVqtZ+ZibN28O9csMYQCpRSqVDhgwgCUksX7OEm6o0YUQQrM7vPnmm1zZiGY4AHHh/v37 IF54enpys1LSqCWukzJrsucVOGgVMD1DoQqYAgSV6UNDQ1m9RqlU0nLmjTZiQbNV9u7dm1kd Li4uNFcH8nehYX3uli5dCumNVSrVxo0b8/PzU1NTS0pKHBwcmHtbE0IWLVpEh+Dq6uoDBw70 799fJpNt2rRp/fr1ly5dqq2tDQ4Opnsup6Wl1TXg4unw6aefrlixghASFRXVoUOHzz//XKPR uLi4REREQO81Go0Wl+3NQdXxMWPGuLm5lZaWQp4cpVIJ5VxQUCAmUxMh5Pjx4wEBAZ07dwaN cMCAASUlJYcPH3748KGjo2O7du26dOnCvB5yBtS/fAwGw7Rp0yB2QC6Xx8XFwc3z8vJqamqa NWv2zjvvMGUXo9G4bt06qx9X17b03XffQSzDgAEDgoKCNm/e/PjxYycnp9GjR9PBV8A4VFlZ CWtwQUFBCQkJa9eu/eOPPyQSSevWrakVLTMz86/XEqRS+Pftt99+8ODBlStXYBqG82q1umfP nhqNhvWqJpNp4MCBmZmZt27dUiqVr732GqzOmEwm6jN74cIFmAZef/31mzdvXrhwwWAwqNXq l19+GQJojUYjnc9oauTq6urvvvsOzDNwDcsRAXah5A2sOH78OOQebtWqla+vb25urkwmCwwM FBadjUZjly5dGjdufO7cOYlEAomN4U/MXALZ2dkBAQGQ5Gr48OE3b96sqqpq3rw5N0MRQB/a q1evO3fu3Lt37+7duwUFBS+99JJcLre3tx86dOjPP/9cXFwsl8s7dOhArVBM5ee3336DxAad OnVq2rTpb7/9Vl1d7eXlBZkx4eUFQotzc3OhrbZq1crV1fXMmTOVlZVyubxdu3ZU/mAaBt55 5x1wFqFGx+rqasgGAX+9ePEixKn6+/vTXnD//n0xUbtlZWUQ+SmVSgcNGlRUVPTw4UMPDw9u GDzybxcXtFrtlClT6HDv5+dHx2gmsbGxLJVr7969jRs3hsmMmzK5sLCQueIusMhtk9AygXGH e/+SkpL4+PjY2Fjy56YPrAsSEhJEuoxxbw47OCsUCplMNmzYMJ1OB+ICLQGLzkdMNm/efOvW LaoHe3l58a6h6HS6efPm2XBvpNLS0vHjxy9fvpwqLjTgkMXXX3/NTZdUV+rUlqqrq6k0ExgY uH79etb18+bNE14ciYuL++yzzwgh3t7eIDiypK6G2DOirk61Dx8+BKUW9pbU6XQQ5a/X66G1 gxp648YN5pQAT+nUqRNLjz969Cg9vn//Pp1peHdtYHpm0HZLewRYv1mmBSpGMEMomQaGo0eP gl8IhG6K79R+fn40hxJw9epV1iz47bffvvfee3C9wCYUtGDhwN7e3t/f//nnnwcxaN++fXAT qVQK2aaZ3L59m/lpBQUFLi4usHzm4+PDssBBdInAO5hMpl9++QUEDk9PT25cbmZmJlMag6hI 1jWnTp3q168fiIPt2rVr164dayDi7ghojiNHjtBNPbifg/yNaHDX/UePHkVERMTFxfGGU27f vj0iIoLXPLt58+YFCxawMvHpdLqlS5eydgCiZgluUDtMn2J87OnIxb0Y1kd553hY2mQ9Nzc3 Nzo6mhr0mD2QmYdY+KHUZsv8U21t7axZs2iZsPaGJnXP63zkyJGRI0du3LiRV844derUzJkz o6OjWbICLXCr7Q0ajWb8+PExMTHcXG+EkAcPHmzcuHHUqFEWZQVagMLxHeLbElT3qFGjmFMg nemjo6NZa+c0yTc9U1VVNWrUKG52Rb1ev3Tp0gZyLIUWyCs3069mFtH58+eZ/ZGqevv27WO6 6LJG9tOnT7N68YMHD7755htW1MCpU6cyMjK4jhH379//5ptveFsafSiED7D8GZVKJRiczKVt KC0t3bVrF/Pd7t+/v2fPHoE80Ddu3GD1UK1We+jQIa7WbjAYdu/efenSJVqAlZWVhw4d+uab b3iVaaadgNrJ4CZc70KtVpuWlsbaX4oQcvHixe+//54b65GTk7Nr1y7eFGHMAi8oKDh48CD3 MnhzXoGV23gOHjx4+vRpVs+CfShABhIzAgOHDx/+6aef6Pvo9frMzMydO3dakfMX+QuRPOXn KRQK0FH0er1IJdvOzk4ul5tMppqaGpt4yz9NlEol9CXxm8b+hUDtPP2ilkqlsHRqMBhssl21 rdoSVJ/JZLLurSAi4+9S++agGwv98MMPECwAlWXxoyQSCbj9iy9ACN7jRhVBRfA+kTdeA6D7 Lx88eBDWm+g207DrNP0WvV7PK3GaS4VEGCsply5dspiPmbeXiWkVEonEwcHBZDLVKZCV9TiW 4GhFM7azs4NKtCJnmkB4xQcffCCTyXi3L0eeQZ52viArmuzT3JHI5jyz4ZS2qh2bADmSn8KD 6tqW6vlWDSr6PH3okofIdlJbW1vXFmWuwM2dp9M/3VuSCSxMmMv5KOZbhgwZIpPJKisrufb/ F198EQ7qmtu7TmVSW1tbz0ZY/06t1+utbsm9e/f29PRkOkZQmjRpIpzzEXnmRgAsAgRB/qbQ WMeAgABWHETHjh3hTH0CcUHOUKlUrBQOTZs2hcgIk8nUoPt0/N0BNxSpVMoKalWpVNSHQ/xm Isi/y7qAIAhiQx48eABJkQcNGlRRUQGBV88//zy94Mcff7T65jk5OeAz2KNHj5qamsLCQolE 0rx5c+ob+AyGcz9T3L59G4IpgoKCgoKCbt++bTAYvL29qZuzyAgLBK0LCII88yrFn0kRns2k 5idOnKBrDc7OzhCPQP967NgxpiMqjTYSmSCooKAgJycHju3t7Vu1auXn50dlhatXr/IGayAU VgxFixYt/P39qaxQWloqPsIC+cuRYBEgCCIAKOu1tbUNEQJqK1QqVdu2bemSQUVFRW5uLu9W Ya1atZJIJEVFReJ9AmQyWXBwcNOmTcFzs6qq6s6dO3l5eX87z+u/ENg9BNJ8GQyGe/fuXb9+ 3dwu8AiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC IAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC IAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC IAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIMgzheTv9bpOTk6h oaHdunVzc3MjhFRUVGRlZf32229lZWUi76BQKNq0adOuXbvAwECZTGYymfLy8rKysnJycnQ6 He9PQkNDDQZDfn5+VVUVnGndurVEIqmtrf3/5SiRyGQyrVar1WpLS0vN3So4ONhkMjF/yFMl EolMJissLHz8+DEhRKVStWrVSq/Xy2Syy5cvC/zwueeec3d3J4TQ31pXwv7+/i4uLtXV1YWF hXfv3mVd4O/vL5fLBV7Gx8cHaqeqqio/P5/3mjZt2hBCjEZjbm4uIcTT09Pb29tgMFhorBIJ 67nC5anVajUazcOHD00mE/evVlcii+bNmzs5OdW12KVSaevWrV966SXaDrOzs9PT04uLi+vT QeRyeVBQECGkoKDgyZMnAldCq2a+s0QiefHFF1knBWjatKmHh4dALTfQe9ZhdJNIXnzxxerq au55nU5XUVFRVlbG2zYUCkVAQAAhpLS0VLhGWK/XEL3Dig9kYWdnR4cvGE+kUumlS5eMRqPA r5o0adKoUSNCSE1NjcU3gS5MCHny5ElBQQEhxMvLq3HjxoQQ4VHL4g0tthBmRdCnWwFMDa6u rlDvOTk5er3+6cxrUqlULpdbrGta0UqlMiAgoKamxs7OTkwHhBYlk8nqUz5/J3GhUaNGsbGx MB1y0ev1S5YsuXPnjsAdXFxcYmJiWrRoYe6C7OzsTz/9lDV8KJXKLVu2EEKSk5PT09Ph5KZN m9RqtcCzdDrd9OnTKyoqeG8lhqSkpJ9//pkQ4uDgsHXrVji5Y8eO48ePm+tdq1evhuOPP/6Y SjZ1GsFnzZrl7+/POp+YmJiRkUH/GxcX5+PjQwgZM2YM7zi1du1aqCadTjdmzBjuXG5nZ5ec nEwIKS8vnzx5MiEkOjq6W7duYl5Sp9NFR0fXtTzv3bs3b948ljhiXSVy+/D27dvhuKCgYMGC BRZfxs7OLiIiIiwsjPevRqNx4cKFhYWF1nWTtm3bzpw5k9VcudCio83MXFMXIDIyMiwsrLCw cN68eU/zPcUjpoXk5uYuW7aM1Urp6wn3Jm6Jie8der3+o48+EtM76vmBAH1D+mlTp04V1rJ8 fX2XLFkCxwsWLBCYZuRyeVJSEhxv2LAhKyuLNg+9Xh8VFWVFS37xxRdjYmIIIVeuXFm5cqXw xQEBAXPmzCGEpKWl7dy504rHffDBB3379mWdTE1N/e67757C7DZx4sSOHTtaUYkCDYni6uq6 fv16OLaut/5/seZvISt06dJl1apVTFkhJycnJyeH2V4XL148aNAgc3do167dp59+ypQVHjx4 kJubW1JSwpRPt2zZYm9vb27y4D02J6hu2LDBxcWFeVLYqMCdh+Cgurp64cKFcBweHu7h4cF7 cUJCAhwvXrzYCllBKpV+9tlnVFbIzc2l3xgdHd27d29mF6LGDN7xi1aTQqEA9YIFPbl37144 0Gg0It/Tzs7OivJs2rTpp59+KlCh4iuRa2vhmhkEUKvVycnJTFkhLy8vMzOT6jEymWzJkiW9 evWyrqfU1NSI+ToqE9PrmSdFmlW0Wi1Y+J7ye4qH13LAIjAw8LPPPjP3eoSQZcuWWbw//Qrx vUMul/P2DlDoCSHffvutTT7Q3KdZNOYVFhampaXB8dy5c+mIxIWKNWfPngVZgTYPq7l48SJ0 itatWzN7PS/Dhw+Hg/3791vxrDVr1lBZoaysjHbGAQMGjBs37ilMcHUdsZntUy6XN2vWTHj2 pMfW9db/P/w++7JCs2bNxo4dS7vlvHnzmHO8i4vLxIkTYdQeMGBAcXHxmTNnuD1w6tSp9A4L Fy68d+8ey1Yza9YsmCFWrlzJFOp1Ot3p06dramq4Cl9hYWFcXBxz0lIqlT4+Ph9//DGorfHx 8ePHj+d+kUajmT59ukBXl0qlTNXk9u3bx48fhylkyZIl3BY8e/ZssGWlpaVZYRkmhERFRcEd Tp8+nZSUBB/VpEmT5cuXE0I+/PDDc+fOgS5y48YNKl1xnxUYGMj8b8eOHQ8ePMjVLOHgypUr rD+tWrUqJydHKq2bFGtOZFYqlW+++ebAgQPBBvvGG28cO3bMVpXIGqeAPn36UBmIt1rXrVtH rQhxcXHMAnR0dJw6dSq05PDw8HPnzj169IggtuDAgQOpqam0XUmlUpVK1bp1a1B8lUrl6NGj P//8c3PKWZcuXbijCi/CvQMWOET2jjrZ8FkfyFUnLC5Y8LJz585u3bqp1Wq5XD58+PCvvvqK e02bNm1CQkJAzRVvPbVIbW3tiRMn+vTpI5PJWrduLVAaCoUC9MDCwkIrNKXIyEjQwXJzc1eu XAmyAjXWdu7c+bvvvrt//36Dts+DBw+eOXOGq/9otdpJkybB6+n1+l9++YX356+//jpYpHhh Knv15Fm3LkgkEjoTpKWlRUdHM2UFQsjjx4+XLl1Km+nYsWO5FmaqnZ86dSo6OpolKxBCrl27 Fh0dDQ3F1dW1SZMmTPl927ZtKSkp3CXM4uLi6upqHYPy8vIrV65MmDDh4cOHoEo6ODhwP+rq 1atarVZnHq1Wy2o6O3bsgHuqVKrIyEjmn8LCwmAZWKPRWGeIk0qlsBZQXl6+bds2+uj79+/T wm/VqhUclJeXgzHglVde4d7qtddeAwkdCpm3pcI1lZWV3OmwoKBAr9frBOHe0Nzqslar3bdv H7Vkgtxgq0qEaQbGqeTkZFCqevfuLaCERUdHg0xWVFQ0evRo1nRSVVW1dOlSuthERWSk/ty6 dYvZrsA35eeff54yZQpc0KFDB4Gfjx071tHRUcyDhHtHjx49LPYOuEar1dZJWGR9IAvrZAVq raSzDnNgpNY+ULRgmLXC2iHA4cOH4WDIkCECl1Ez/pdfflnXRygUCjD1aTSa+Ph4alcoLS2d PXs2HHfv3r2h2+f9+/evXbt2nUNBQQEdT6ZNm8ZrEHr48GGXLl3MDTseHh7UoFV/V4ynJy4o lUoXFxdur5PL5W5ubi4uLgqFgvurvn37wgh79uxZgbnwzJkzdJz9+OOPWaYYECDKy8vNKRBg RaAdg7uIxYtKpTInF1MVk/ejzP1QGLouHhYW5ufnB8deXl5Uepg2bZp1VQOrraBMcJVvGP6o 0gN2QkKIk5MTy0gokUiCg4Oh38KtXF1dWXOtVCr18vLiNS3AX614f+HyvHLlCnwCrzOR1ZXI HEeys7PBbKtQKKAEuDg7O4NV0Gg0Crg4fPnll9Crg4KCLC5tICIx50f26NEjUFvNVTFFYEmC hU16x6VLl/itwXZ2zs7O3M+x6ChnNSUlJQcOHGDpXZQJEyZQXa6oqKhOd7azs3N1dXV2djbn QvTo0SOwaPr6+poT2Qkh7733HsyF1LQjnnbt2sEB9dJgKhKgMJhzCJVIJCqVytnZWalUNlDh T5kyBSb7zZs387r65ubmuru7C6xHMNc9699IGmoxgjroTZgwwcfHh0pqwLp167KzswkhI0eO BGkauHfv3vz585lCEF3EFZjpga+++goubt26tVwupzd5//33zbV13qlRqVQyDV/0Q9avX3/+ /HmRn19ZWWnzIq2oqEhMTARHvzlz5kRFRdXW1sbFxcFf4+PjWTrE8OHD+/TpI3zPSZMmPX78 uLCwcNSoUW5ubtA9mNjb20NnZmrwv/zyS7du3WQymaenJ9NM17hxY2iRN27coH3M39+fWZ6N GjWCa8Q40/21WKxEECs1Gs2TJ0/oSm1UVBSvhxr15fz6668Flo1BTOndu/eRI0eqqqqo45s5 h69evXqFh4dDRxPjQN5w+Pv7z507V/iazZs3nz17tj5PSUhI8Pb2NudA5+XltWLFCkLImjVr YNoW063M/QkWjMaPH+/h4eHq6hoWFiam0dqkdzD9OsE7cvny5S4uLtTmpNFoBNbIbMvevXt7 9OihVquVSuXgwYOpGO3v7x8aGgq2kDrZNdVq9fTp01le57t27aLmBMrXX38NEkloaCjvepCH hwfY6o8cOQJm0Tq1kKFDh4ImybvcAL6WXJo0aTJx4kSqZVEDMNMPPTw8vFevXrzdlvYU4T7r 5+cHxVtUVMTba4xG4+7duydMmODu7m5uPQLmRPCX4rqxP3PWhY0bN7JkBRCa2rVr98knnzBl BUJI06ZNqQ8nIcTNzQ1kq1OnTlm0p5lMJpCCZTIZtZw7OjpCY9JoNGKMe+PHjx89evRvv/0m RkERmE5ARjEajbytwWphIiMj4/bt2/CNsbGx06dPpy4L3EgnXqdIroBPS6+srIy7ePbuu+/C we+//05PUis6S5MGq2BlZaVGo9FqtSB8sKyy1Epx8+bNpzPYOTo6CkRAWF2JTZs2hca5b98+ QojBYID4EVdXV4iUY/Hqq6/C3U6ePCn8wkeOHJk6derRo0eNRqPBYIDpxJzDV79+/ajI8tdK V+Z8hFm233o+Bfq4XC5v3rw5968DBgyAg+vXr4u0OnTq1Al0aO5fZTLZ/fv3wX2HEBIZGSkc SiPcO9q3b0/+DO612Dvy8vKYEiQhZNasWcz1KYuOiraFWl779+8Pzr9SqZQuQ0BUgkgCAwM3 bdrEjVAbOnToli1bWI0ctEr4K+/dqEZE3ZKsaCE//fQTHSuaNWvm5+fHXXahvPLKK8uXL2fJ CiAfbNq0iTmXE0s+jMLGVOpvZ86yJZPJ/vjjDxBhedcjvLy81Gq1Xq/PysoS03T/MusCi5SU lF9++UUikYwZMwYkJigLnU63YMGCBw8e+Pr6goVWpVK1adPm2rVrhBCIuyWEXLhwQcxTfv31 1/79+4OQDq3h+eefhz/98MMPNv8ors+8RCLx8PCIjY2FqfrAgQO8i3nCzvbCxMfHb9u2jTB8 8s25LHzxxRfffPMNS3PV6/UrVqwAIUOj0ZiLpJJIJI0bN/7444+hV2s0GubaAQx27u7uL730 ElOghrGPukb/9ttvffr0efHFF7nGMY1Gwyv/WTedCEz5Tk5ONGbk119/tWElvv3221SbpOMU mBDeffddrjEMPs1kMtV1oN+3b19ISIhMJgsJCaGjJx0OQGT573//+5cbY3Jzc+n8wWwqo0aN gi5PDfX1ISsrCwxsffv23bx5M2vwhfK/cuUKK5KCu6wjlUp9fHzmz58PfQH6FK88XVJSQh2N 4+LiLAY3musdIC9SVQR6B8gQInsHGPlOnDgxZMgQ1jq9dat44ikpKdm/fz94/8ycOXPOnDlD hw6Fovvyyy/Fp72BngXHe/bsOXbsWE1NjUqliomJ8ff3VyqVq1evZpYwSOHdunVzdXV1cXFh GeQlEknPnj3BPED/JL6FyOVy6OM5OTlqtXrdunUsnXDlypWsNVMPDw9qtNi1a9exY8cMBoOX l9f8+fPVarVare7cuTPTEiDS5YXXGAkT/IEDBwQCx0wmU3p6+sCBA2E9ghXs+vrrr0PHrKqq EiPNPxPiwpw5c+iy1rp169asWQOVxHRov3Xr1uzZs2Fkp32bDqwifTQePHgAB507dwaZi6rL 4hu0eIKCglJSUsz9NT09HfTOuv6QCIYa19TUzJ8/nwr7RqNx+vTpvFdqNBpuO2vWrBl0CaPR aM7U9uabbw4bNox5hq5QUmCwa9GiBc105ODgAOIdTdLw66+/9unTR6FQNGrUCKpGIpGAVP7j jz/yPtpigDWsnrBOdu7c+f79+6wlRjc3t+7du9P+bzQad+zYYatKlMvlMO4UFBRQBaK4uFij 0ajV6u7du2/fvp0pZNAIOiviVvLz8/V6vVwuHzx4MEtcAF85o9Eofpms4TAYDFyLrlwup0r2 ggULrM4eRtHpdJcvXw4JCenYsaNUKmUWMhWgWVIyaH6wZMPLqlWrhHPX7Nix4+WXX1ar1SKX JKB3+Pn50d6hUCigd5w+fZrZO+RyObd3mLM/7dmzByIpjh49yvrT2LFjzfnGarVam7jN7tu3 r1evXmq12sfHh3YZjUbDjTYSYOLEiVTtoQbRysrKpUuXQuYDV1fX5s2bM6uDSuHdu3dnBZK0 bNkSOjjN+lCnFkJlLK79G5gxYwYtc4H3LykpmTx5MqwF/Oc//6nnchu8GEg8er1eOPGDnZ1d WVkZDDvc9QiQpWAEE3DBfoYWI86ePctygaHaJ80+REdb1tp5586d4UBkIipaIlx1kzeDk5eX 1wcffDCAw+DBg2UyWT0/vFWrVvU3vfLCDOk0GAzi45sbNWpE5Yzp06ebi2XnLnGxwgWppq5Q KJydneEM9b6E5RLCWL8Aey/I5tC9MzMzbVsmAwYMGPS/9OjRgw4HlZWVH3/8sRWOweYqESLH uDMTGLFkMhlLa6RjlnVxzzBg+fj4MJUViUQCCuv169efWvq5uo56n332GdT4li1b6pNOjgkM oDKZDAKCKCDj6vX6uj6IFf3Ly9KlS+FAzJIE9A65XC7QO2gvpr0DfNbMmcH0ev2hQ4es0Qjt bKYT0tGDwrUnCUAjHtPT07mLp7QrUW8z1rwAlmMmsFSq1+uvXr1a/xZSXFw8adKkiIiIqKgo mr9hyJAh4HwKJQnvn5OTw3p/g8EAP6mrvycvNE5n9+7dYoJNQENjrUf4+PiAD9+tW7dIHbP+ /GXWBd6mDzIgN6CR9Uk5OTlgA1SpVGKWZunPue7uarWauzzp6upqLgji5MmTFg0SRqORZal2 cHB44YUXQEVo2rRpYmLiuHHjeE3lp06dEmgH3JJhMmbMGGYPjIyMFAi6ZZrFVq1aRbs916uR kpSUlJiYqNfrW7VqBauSvXv39vX1ZS6h0V7h7+8P8h8NxaRSiF6vLyoq8vHx6d27N0x4MC7z Vj2V08+dO8fraSyVSl1dXeuUrkcmk+Xk5JhzKq5PJUJkl06nY9kqT5w4AYuso0aNomJx/W3F J0+eBDtwx44dqWpLVSuuMv2MsGrVKupbIzJvgRhu3boF6tSwYcOoeZJORUeOHOFtVydOnGBK fkzjU//+/Xv06CHsOVhcXCx+SYIKyrR3QBANs3cYDAZW74C5Ta/X8/aO7OxsgRHfaDSacway yTxBi5EuSYAIKD7BGiHE19eX3secQRSsF1xxOTw8XKlUenl50d/K5XKQ2s+cOcMaS61oIVlZ WRs2bKAD1759++7evQtNYvTo0TD0NW3aFC7gTQa1b98+c+bkukKNu6dOnRJz/Y8//giWKuZ6 BExt58+ft2F0a4OLCwLBGxY/o7y8nJrQxSTKoM59dKanXcXT05NrBxYwIYhZYM7KyuK2j927 d4MTEHT++Ph47shy9uxZi4Ee5ujUqRMzSxchJCws7KeffhK2ckulUmrnT05OFr6Ymitu3LgR GRm5fv16tVodFBTUpEkTWgs1NTXFxcXe3t6dOnWCARFCklhd8ccff4yIiHB1dbW3t6+pqYE3 Ly4uNlf1ixcvrtMARMVKpihDl0IJIS1atBCWMKyoRDc3NzAsKxSKDz/8kDYVk8lEU/Kp1Wrm 0AYObmq1mo44daK8vBxK+4MPPqDiAlWtmKpSwwXU1ZXp06fThWGub0093/P48eMDBw6E+DpY 5qcRcby28V27dnHXa7Zv3+7i4rJ69Wq5XK5Wq/v168dNmsRE/JKEXq/n7R2sRYQ69Q7hVfCt W7fW3wYuBrokUVRUZLUI+P7777NMCEy4yl5GRgasJb3++uu0LVGHGN7Ju64thGXqBgvooEGD vL29qWWIips2MSGYw9nZGTpOZmamSO2opKQEhhfqriGRSMBqZZ1Fyuw8Qp5h6Gq0yAB0ehl1 jaRZfXjTsFy7di3if2GtDQtjLmTfZDItW7YM1HdXV1fuy1uXd4EQ4uLiQnWgyZMnJyYmwvGc OXOEx9/4+HiwoJ46dapOEYwGg4F6hrNCe0HyBV9uT09PuD9rUKaubTCPwuzLK91bFOAEYBkP YCmUxtNv2rRJYFXIikoEByKgd+/eff/k7bffpstn5M9wcKY5jRDi7e0txtLAvQxSAqvVagi7 oKoVa4aji27Cuwc10DIZZfDgwfB6Go2G16+7nu9JfV/onAEJ4Jkub2Kkk8ePH1NBkGvrFrDG R0ZGOjo6Cig8zN7h4eEBvYNpcDLXO2w7vjcE0JKFLaD1mpM4HUSr1YKG07NnT2pvBzOeOX9t MS2EPignJ4d3YqbZL1gL/+KNhVZkmezatSu1qdRJgCaEtG/fHl61RYsWsBIhvI/SP0pcoGqT cFYvyqhRo+CAuXwOy7ovvviimDr+448/bPXy1AXahk7L8fHxcLBnz57y8vKMjAxIhyCTyebP ny+g54E2XFhYaIVVg6rILJELZDJIENuyZUsYR1gFCG44hBA/Pz8nJycYtSHsxYbwTvmrVq2C R8tkMoi0tlUlvvnmm9RAXfK/wBn4a8eOHZneyBBAIZPJqEnWHAEBAQkJCV988QUz2zcVZEFY ofEmJ06c4LWK0QVXXmicWEN41Hfp0gWmXr1eT9MmmrPeWfeeFRUV0PJhznBycoIWzuvNKkxl ZSXMN2LW+EtKSug2Cp988olA7iBu79Dr9QK9A65siN7RQFjt808I2bJly9ixY8eZgboTMoH8 0zQfkaurK6jg5mKCxLQQsPkRxi42LCC8Ti6Xw/IoFTrFm/d5S0n45+C/XNeZHpRAWj5wE97E 0v9YccFkMlEdkWWBJ4SEhIQkJSXRNOwtW7aEBsFMsVBbWwtedQqFwlzkbgNhE09UJtHR0TQ9 JRU8qbrj6+vLu8kh1fMqKyvNiRTBwcEpKSkpKSkCwx/h5Fqm86KPjw949l24cIHbOqEGAwMD QXmqrKysv3u8SOj3gvXYJpUYEBAAo0Zqaurs2bNn/i9wBjyPZDLZyy+/zDSowoG5gBQKdSxl 5uoxGAxg+4VUJbB+zFWm6UhEdRReaHw/M52GTfDz86N++DNmzDDng1n/99y1axfUrEKheOml l8BQITLiuj7s3LkT5hhfX9+NGzdaFLKfe+45kLN5nQ9o72jdujVMYE+td/yF/PHHH1qtttI8 3J9AfBD5M9EITZB67tw5c08R00LAqGAuyBCCevR6PRgJmCMer9Iybty4Hj16ME2kvF60AjtC qVQqEIPqOtOXlZWBKbRnz55SqRRS4NTJPvG3FxcIIdSJb+zYsazUGRD4O2fOnC1btgQGBtIU yKz95aDREEK4Uc4Cw1M9sbOzg2HdaDRaYY/ibbg0LSDTG7mqqoruWhQZGclKENS5c2fQ84xG 49SpU821Pzp2U8MdE7rmd/fuXdavwIozceJE6L28O6BA5Fj37t0hGpNlj21QysrKaO2D9bj+ lUjncnOxoISxLeEHH3zAFLZAi4Uti8z91tfXFxyyjEYjy98bwi5glR0GLG4IqF6vh6f4+PiY SzUjkUhgzCWElJaW2rDA3dzcqIi2ZMkSgcRo9X9P6mT63nvvQSPPysqyInmRt7c3DNDik6dx AwR4+xT0jkmTJonvHbwJ4v4x0CX/0aNH81Y3KC3MZEdMYPILDQ11cHCAmCDhGhfTQkApV6vV 1OuICYj7dEWbulXx7j7zyiuvdO7ceeTIkaDUCayrCkxD1LdJYHgRNjB07dr17bfflsvlWq3W 5jtjPeviwqNHj6gny/Lly2nQEYgFoG8plcrY2FiopMLCQpazekVFBTVATZ48edCgQbwLmYGB gSkpKVRsrE/0kZOT08qVK+EpWq22/kFuKpVqxowZcMxN9pydnU3zyNKc0KDngTXbaDROmTJF IC0mXfQZNWoUq3Dc3NyotwR3lwdwGqIeprw521lulTb0kBfD4cOHaQzIJ598Us9KpHtKaTQa AS2wpKSEbk/FVESot+nYsWOp8McymNHc9Tt37mQZLYuKimDAgrU5o9HIu7MAXfyOj4/n5pd0 cHAA5z7oLPXZfIiFQqGgkuuqVassZu2s53vSNJp9+vSBnBbff/99Xd/Zx8eHZvFi2nKEYS5J CMDqHdzQQW7vMLfl4D8DrVYLEoOPjw93C64RI0awGgYLmEHlcvnWrVvBkCyck0BMC6F5tJYs WcJa8OrXrx/MKXQC0ul0IAIGBQWxzAZSqXTw4MFM+xA45cjlcrAbMfs4DcPmQvMRW5EoCHJT yuVy8JpipgizFX+DDaz37dvXvn17WPEdP358dHT01q1bIT3OtWvXWIoab3a248ePBwQEgBsa ZFYoKSmBicTR0bFdu3asm6SlpYmpreDg4Llz5zLHdFdXV9ZaLK/9n/tDXhGBplalMd+nTp3i HXTWrFnzxRdfkD/3q0xOTra3t58/f77RaAQh9/nnn6ch4BS5XF5aWnrt2rWqqqq0tDRIqbR1 69bly5fn5eXJZLJOnTpBthBCyJ49e7hmEuY6q0aj4bWjaLXasrIyOmhStxJe1q5dKzzNuLq6 7tixo057+65YsQKmBF9f35CQENZv61SJtJ1Qo4U59u7dC0UXHh5Off2Ki4uhnAkh0dHR0dHR e/bsuXjxosFg8PX1pftVgmTA29t/+OEHuqZmTrU6fvz4u+++q1arZTLZunXrSkpKUlNTS0pK lErlG2+8QW1FIH/zvvyYMWOY7pys8k9MTOStI6ZLo1wu57Wg2NnZ0Vm5/u9JE/gwpyKRX8Sq Zb1eD86kIqE7OwtcY/PeYVsWLFhgzrbk6+sbExMjPqGLeD799FNwJIqKiurQoUNycrJGo3Fx cRk5ciSYNo1GozlRDNwRaKpfjUZjUXu22EKePHkCWSOVSmViYuKyZctu375tb2//4YcfwvKl Xq9n9sQNGzasWbOGEBIbG5uamvrDDz9AwDndLYWaRk6fPg09ffbs2cnJyRcvXpTL5QMGDBBe FQW5Wa/XW5HT/dGjR5BOlE4W/wRxQcBKY269f968eXQzKrlczkwyyCwgEBITExPpOjFl8+bN t27dovGsXl5eI0eO5D5Ip9PNmzfPXFgw9z2FN+1YvHixObHD4m4f1AIWHh4OH1hZWWnOUdFk Ms2bNw8UUwjxgrVeKGqZTDZz5kxzdgXIvb1z587WrVv7+vrCbhSsy9LS0niXwR49egQJB4Wt Zz///DNda+dVZ2mTkMlkFnPm1HVNobi4OD09HXppTEzMmDFjwFRgRSVS53mLRmOaiTYoKMjR 0ZFOFTt37jQajTTbx5AhQ7huvMwQcK69kYoLAsr0J598Qu/g5eVFZT4mS5YsMRezKlwLjRo1 4hUXmJ3XXFoCvV7PVOLr+Z40jSb5c6cAgTFH4Iv0ev3kyZPr6hS2ePFiYRdaZu8Q2CjEYu+w uRcUQDdn4sXe3t6cuCDyfXjH+ZKSkvj4eBhhQkNDuc4fy5cvF1hf+PLLL6mddffu3WL6vsUW kpiYaGdn17lzZ7lcztXuZs+ezWwYZWVlCQkJkAUSNE9W96TaSGFhIRVu6KbBtIPTTbdZgCue 1RuCHD16lAaM0BzHNmxFDbUYQYuYuyIIIi1viYABh9d6v3379rFjx9JVYYq7u/upU6emTJlC x53o6GgaYcjkyJEjI0eO3LhxI+/oc+rUqZkzZ0ZHR7NkBap3Mj9EIPqruLj45MmTCQkJERER LEtjndJlQPl4eHjQPTmF93EpLCyk/SEmJkZkhnDmx86bNw8EZ5bU8sknnwhsN0fzMwrYUWmq Lm71MZuESKggRcvToinoiy++oFESdK+Hulaio6MjyG05OTkWbfg6nY4uu7Rp04b5p927d48d O5Z38MrLy5sxY4Y5WQEaYU5ODgwHAsp0RUUFNHXervT1119HRkZavcUX7T7gJkYlITHTLavX 1/89ac4MK3SpvLy8/fv3w+aurGGKmUtDoO9QM7W5+HjaO2juZ4HeYW4+g4IVDlwUjke1YhQS uCG8j0WXLGgn3HE+Nzc3OjqaG7Kenp4eHR3Naz1lGmygqRiNRnMJAK1oIZs3b+ZasLKyssaM GcMdmq5fv/7xxx8z9wCDOWvx4sWsdHmzZ89mLZfo9fpJkyZRCwS32YNwadF6SiuRVZtUT+bm koFhs55bJTeI3NrQ2NnZQbEaDAZmiSsUio8//jg0NJQqzQIoFArIKF5TU2PbaJO/OxDsLpVK 9Xr9U9747t8Gbckmk4mKQbZFIpHY29vDumxNTY34eeUp83d5T8SGKJVKmPAaqPFbMfTBpCDm fSQSiYODg8lkMplMwg5qdbot8lRRqVQ22awTQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAE QRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAE QRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAE4SBpuFu3bt3azs7uyZMnBQUFIn/i6en51ltv hYSEmEymx48fr127Vq1We3t7GwwGi7+1s7O7fPmy8DX+/v4ODg4Gg+H69es2+UaVStWtW7eL Fy+WlJSw/tS0aVMPD4+qqqr8/PxnrdZbt24tkUhqa2sdHByuXLmi1+sFLnZ2dm7RokVNTY2D g8OlS5eMRiOcDwgIUCgUpaWlxcXFdXq6QqFo06aNq6srIaS0tDQnJ0f4BSzSq1ev4uLiq1ev Clzj4eEREBDg4OCg0Whu3rz56NEj7jV1/SIxLbxJkyaNGjUyGAxKpfLy5ct6vV4ikbz44osG g6GgoODJkycC9w8NDTUYDIWFhY8fPzZ3TbNmzZydnQkhwpexkEqlHTt2fP3115s1a1ZRUWEy mW7cuPHzzz/fvHmztrZW1MAhkbRo0aJDhw7+/v5Qlb///vv58+cvXryo0Whs0kqDg4NNJpO5 99FqtRqN5uHDhyaTCcdxBHkK2DXcrSdMmKBWqwsKChYsWCDm+oCAgDlz5tD/ent7q9XqQYMG devWTczPdTpddHS08DVTpkxRq9VirhTJ0qVL3d3dnzx5whUX3nrrrbCwMPGf/zSBqoHj5OTk 9PR04ULz8/OD46lTp5aVlcHx5MmT61S/wAcffNC3b1/WydTU1O+++4578bhx43bv3k2fyEt4 eHivXr2uXbtmTlxwcXGJj4+n3wvo9frJkydXVlYyT8IXFRYWzps3T3wxClwfGBgYGxsLxzk5 OefPnyeEODg4TJkyxWLJK5VKuCwpKennn382N2cvXrwYjsW/9ptvvjls2DDmg6C7vfrqq4SQ Xbt2HT58WFgu/+CDD3r37s067+Xl1bFjRyjbqVOnVlRU1KeJKpXKGTNmiLny3r17c+fOpVIs giANhLThbq3T6Qgh4lWNsWPH0uPc3FydTldWVib+53Z2diJfyVZMnz7d3d2dEMKr32i12jp9 /tOEWQ7vvfeecKlSWYEQwjTzwE24cpIAa9asobJCWVkZNSoMGDBg3LhxzCvlcnlKSkrnzp2F DUtdunTp1auXuSqAWefTTz+lskJubi69/4YNG+zt7bnFcv/+/ToVo7l5MTg4mMoK6enpy5Yt g2P6qsKtkV5WU1Nj7ppWrVrRY19fXycnJ4t9ZO3atUxZoaysLDMzk2ndGTp0aFJSkrne5Ozs nJyczJQVjEZjbm7uvXv3mHW3YcOG5557rj5NVLzNoGnTpps2bcKhHEH+xtaFuqJQKASUpFWr VuXk5Eil0mfhVaVSaXx8vLe39z+gBbi6ujo6OlZVVZkz+Qj/XKVSiXxQZGSkh4cHzNkrV66E KapRo0arVq0ihHTu3Pm7776jU7VMJrN4w8GDB/fv31/4mvHjx8PBgQMH9u7dC8cjR47s0aOH TCabNm0ancUpjo6O9S/V4OBgqhwfPXr0q6++aoi6+/DDD5n/7dOnD/1G3ka7ZcsWuVwO/01M TPzll1+oqV8qlXbp0gWsbnK5fP369bTomHdYs2YN/e+6desuXrzInNe9vLxmz54NMvSSJUui o6PFLCMKU1RUxDQ6MgXBN998c+DAgXD8xhtvHDt2DAd0BPlbWhfqhFKpBBVw3759vBcUFBTo 9XqdIE/nVX18fL744ou/u6zw8OFDegw2ZF6GDBkCV9bT2KtQKMLCwsDcEh8fT9XZBw8efPLJ J3DctWtXkXdTqVRr1661KCs4OzuHhISAcs+cR7dv33727FlCSFBQkE2EAwFZ4cCBAw0kKyiV yhYtWhBCkpOTs7KyCCFvvvmmRGLWG2nUqFEgK+j1+rFjx2ZkZDDdAkwmU0ZGBrXwqdXqfv36 se4QFRUFd9BqtaNHj87OzmbZAEpKSmJiYoqKikDg69GjR/0/k2m3YKLVavft27dy5Ur4L8gN CIL888UFavxkrTEzNZunILI4OzurVCoB1XbhwoVxcXH/gIp3d3enywHm1iPs7e1btGgByqJF dd/e3t7Z2VmtVvPasdu1awcHS5Ys4c4HIJEwZy+qBHOf26tXr82bN8NbCUPlD67OvWPHDoui kvAXiZEV9uzZI6Du1xPq05OdnZ2WlgaFFhwcbK5tg7hmNBo//vhjWCnjnYNnzpxJJUUHBwem FQqeaDQaJ06cKCA+Lly40OIUrlAooGzBpiiAsDx35coVWO8zdx87OztnZ2c3NzeRlSiVSp2d neHdcHpAkP/pTX/5Gzg4OGzdupX+NzIyMjIykhAyadIk8Z7e9UEikQwfPpzlumU0Gjds2JCd nc262MXFBQ5WrVp18+bNLVu2iH8Q+HLyOlrSQli/fv358+flcnlSUhKMhlR/Yk2Z4eHhhJAJ EyY8efIE3P14L6YOpHAl80/Z2dm5ubnjx483tx7Rpk0bQkhxcfH3338/ZswYc1YKJyenxYsX M+dvnU43a9YsZvTB0KFDCSHl5eW8ngExMTHM/65du5bebe3ataxyoHadtLS0Xbt2CawKwdxZ WVnJbUhPnjx5+PChu7t7t27dWP6GDx8+VKvVS5YsYX6RXq+fMWMGbzyFOVnBos9gPQHtX6PR PHnyhNZdVFTU5MmTuRe/+eabcPD1118Lx6GUlJQcP34cPEI6depEC4eaCrZt2yZ8B71en56e HhYWxnXkdHZ2joqKorIjJSsra8uWLfUMkGHRpEmTefPmMWf9tLS0nTt3JiQkeHt7Q0djXu/p 6TlnzhyWGLp//35z9k4EQevC08ac+bROKl19WLNmDdfNWyaTTZkyZfDgwVyNMzU1ddSoUZcv X26ICC5qLoagUAjVE54qyJ8rBSw/f4vmGXt7+0uXLgko2e+//z4h5NChQ+YCCx8+fBgWFrZx 40bWIKtQKNatW8fVC3/66SeqMjZr1szPz69Jkya8aj3rDHPQd3V1zc3NnTBhws6dO00mk4B6 Ct52V65c4f0rzBZMR076RZs2bWJ9kVwu5/0ic7JCcnKyRVlBeHYUbl3e3t7whvv374cGkJGR AYXj5ubGvR5MC3q9/uTJkxYbYWpqKhz06dOHdQeQMi3eITk5OSIiYvfu3cyTfn5+GzZs4MoK 0Pw+++wzKyyIdBGTRWho6PLly1l/6tOnT0pKCgiX1HxFO9Tq1au5JquBAwcmJSVB8AiCoHXh L0ar1Y4bN65Zs2azZs0ihBw/fnzv3r1yuZzlcG7RaGkdPXv2hDEiLS1t//79VVVVEonkhRde mDp1KiGkf//+P/zwQ3V1Nb2e6f8lsE5cf/bv3x8SEiKTyUJCQlgDtJeXF7zzf//7X+Z58V6H tEirq6uLiop8fHzee+89li7o4ODg4+NDCDl37lzjxo1570CH1+zs7B07dpSXl3t5ec2ZMweG 6aFDh37++ecw/YOTY05OjpOT09q1a1mD9cqVK5mT+syZM5977jkwiqxaterWrVvMuXPDhg3M 3wrkCQCxw1yx8JrTuV/UuHHjuXPnwhcNGzYsOTmZ9ROQ0piyQmJiIkzewgQFBV29epV3jjSZ TE2bNhX4LfXboA86cOAALBa8++67UOzcUtLpdGJ8DysqKjQajVqt9vLyorMylExRURGzO9RB L5FK58+fD8c7duxIT0+vqamRSCStW7eGji+Xy1966SXwKeEWLy9qtXr58uVwfObMGaYMATGo zLrw8fExt4wYGBg4ZMgQOP7yyy9PnjxpMBg8PDzmzp3r7u4ul8vXrl3LjNtCEBQX/jIqKytv 3rwJx1evXtVqtdy1VV6bPBPrFi9AAdVoNDt37qQD68WLF5cvXw6jWEhIyG+//fb0y+TmzZt6 vV4ulw8aNIglLoAtxGg0sqypdQXm0f3790+YMMHV1VWtVjPDPl944QUomcrKSmFLDzNrwr17 9yZPngxzaocOHWDeojPi7Nmzee8wY8aMPXv2HDx4kLYHmvjo9u3bwlYTi3qncFYJi19UXFxM v6h9+/ZccQFEuunTpzPtH2Ke0qdPH6b6XodOa2cHkkFhYSFdhiguLoY5vnv37tu3b2cKWHK5 HMQ14UxWTJ48ecJUzendysvLrWtsQUFB1PBAa6S2tvbatWsTJ04EETAsLIwrLnTu3Pn+/fss 2c7Nza179+5U6DQajUzRmRoFV61aRVO3FRUVjRs3bvPmzbxDBxwsWLCANryysrKYmJhPPvkk KChIqVR27NgR/EkRBMWFvxg6o7D0zqeDUql0cXFhShvXrl1bvHhxSUnJX5g44eDBgwMHDvT1 9WU6FkgkEkinc/36dZus9dL1iPbt2zNn1kGDBpE/bd0CdpTKykpWhiWDwQCL3+aqsri4eNmy ZY8fP5bL5W+//TY4xA0ZMiQrK4tmcaDtQUxEJS96vR7krbrapbRarbkv4r1Vx44dWUs5Q4YM ycnJabhsnhDuQQjZs2cP8/wPP/wwdOhQmUzWvn173rlNfDjP2bNneR0VeVci7Ozshg0bxs0/ 4ezsfPjw4dLSUpjRT548+dJLL50+fZprzCgrK4MUqLwvM2DAAAHjkFarnTx5MrMvvPzyyyDZ sNK8VlZWpqSkREREME96eHhQsZKbnXPVqlXgRTRq1CgUFxAUF/4elJSUnDt3zpxh2d3dXSCb jQAPHjyAOenTTz/Nzs4+dOjQ7du3Yej5y5M3//TTTzBkd+zYkU7kfn5+MA1/8803NnmKTqfj rkc4OjrC1PLrr78K/5zXM0DAbT4rK4uuJuj1+n379t29exeWeEaPHs3NgmA1MpkMCqquEbZU fhL5RZQlS5Y0bdoUHHXnzJkzZswYYXkuOzt7//79vPKQ0Wh87rnnzOUe/eCDDwjDwYVy4sQJ cCmt/9xmLmCEd1lKJpOBaySXO3fuQKPKzc3Nzc3dvn0718QVHBwMxo86BbXKZLKcnJzNmzez bIrUqvTtt99yf3XmzBmuuAAH33//Pa/QmZGR0a1btwZaDEUQFBdsz+LFixtC0T969OjgwYNh XgkNDQ0NDYXB+ptvvjl9+rRwSv+G5tGjR8XFxd7e3h988AGdyEGA0Ol04nfisMg333wTExPD XI+AcigvL7dYAnV1mGBGwQCZmZmDBg3y9vaGLAK2QqfTgXG+rgN9Xb+Its/8/PybN2/27dvX 29tbJpOtWrWKN0iBwqvOUu7evcsrLri6ulJnvQ8//JD6IphMpkaNGsExuB1wTTXm1Hcu5mZu 3lyNAi6KLFlNKpX6+/uHhIQEBAQEBgaKeZOcnBymEKlSqWJiYvz9/UF05ioJwkkztVotRMRw BSNza1502IFtVnDOQP61SP8uL2q1UVoYk8kUHR0NYevMZw0dOnTjxo00g9BfBWhIarUa3N3t 7e3BEM3rdW/dGj8h5Nq1a3DQvn17OIBMDLz6mRXQtYxr167xGoGoQm9b71GYMDp37tzQ1TR/ /nxqi1q0aBGd17mZjpgIr7uZm4OZenzv3r37/snbb7/N/FJmLg2dTgeZLVhhIAL1BfmkmbII NW7xzsER/wtvVubOnTt/8cUXsbGx/fv3FykrEE6O7crKyqVLl4JZRS6Xb9q0iRtHA5gTE1lT /p07d8CKYE6WggvkcjnGRyAoLvwDUalUvr6+IiUMk8m0c+fOiIiIqVOn7tixg2lADgoKYu1l 0ECY01ouXLgABxD1ToPQTpw4IVItFhPtWVNTc/v2bTrHODs7g4XWVou1sHkgIYQ3bJIQAhuE KhQK247IIHyYm3fBrm61jEW5cuUKzCj0Y2mm5CFDhtRz6wQuNINCcXFxyf8CZ6jSzJxHwStW Lpc3b97c4iPatWsHogy1aen1emghSqXSXCWyDGOsM/7+/rQrGY3GQ4cOrVmzZvr06SNHjoyI iBDYRYzXzrFq1SpoUTKZzJwTtEhTCvR3uVxuzqDSsmVLqFbxthkEQXHh74GDg8PmzZuXLFli ToMxF0tWVlZ2/PjxqKioyMjIxMREOGkuTZ7VKBQKmuuJYs6XXq/XQ4TY66+/Tv5ciSgvL+eN AQELLQtfX18xbwXJB11dXZVKJRgwmF739QeMCuYUQShknU5n2xEZSolXIZZIJPBQuumUDbl4 8SL1Kli0aJENM4j4+/vDRH7gwIHZs2fP/F/gDMQNymQy8PgDjh8/Dgditnn86KOPuFIpOL0S QsTse8l19fj444/hYN26daNHj969e/fFixcfPHgAgrIVngE0LNPV1ZXmhGBKh7z5JxQKBXVW YEk25jboguufWhoYBEFx4elBDdrctXAYlUBPgpElKSkpJSUFHMSY8kRGRgY4gT+dYULASnzo 0CHyZw5/SISQkpLCukbAjkLXF4Shs2a/fv3eeOMNwsjVYxNAT1Wr1XR9nQlMbLZN6kf+DBxQ KBRQbkyee+45mHfN7Q1dT9asWUPVVhvuYE73lBLYTolWHHhEUlME5NpSq9WsjalYjBw5ElwF WSk4L1y4AAq9Wq0Gd04BWrduzdsrCwsLubEVjRs3tiLjcllZ2a5du+A4MjKS2gbAO4H1+RRI VMqEuia8/fbbvOIF+PGYy1SGICgu/I1hbovMTHr/xhtvwKh09+5dOGMymWB5u2fPnlyTdbNm zWw7h9F1AdaStrOzs7kUyzDCwogGmWSMRiPXdR+UOYVCwRqmQ0JCaNCdxUIDhbh///4gZvEG CFjNjz/+SLVtVlH369cP6oXqr0xovL4V5OXlwcHcuXOZD5VKpeCVotfrxaciqGtdL168mBp4 mOqv1dA9pTQajUCKkZKSEpgv1Wo1U06Kj4+Hg969e8fGxnLlYLlcnpCQQJM9z507l3XB0qVL 4SAsLCw2NpZXHff09Fy7di3NesQyG3CFRYlEQj2E6mpbOnz4MN0pjblrJZjK5HL58OHDWQVI 0zcxBSlYCgkLC+PaI6kN44cffsDZAvmX0+Cqc3Bw8Ny5c3lX0J2cnDIzM0WmZF+7di1N5cSL q6vrjh07Ll++bDAYIGW9QqHYunVrUlJSaWnpBx98QI0NTBPrgQMHhg0bplAokpKSli9fnp+f bzQamzRpMnPmTHCfFpOeTyR0hbtPnz5KpRKC+0NDQ1mRXVwgnh6Os7KyuIspGRkZkPBn9uzZ ycnJFy9elMvlAwYMqNMsdejQISpbmPNJtJqKigoISFOpVImJicuWLbt9+7a9vf2HH34IL6nT 6ajBnGkiGjNmjJubW2lpqRWOFHq9Pi0tDUo7MTFxzpw5JSUlXl5ecXFxYFrYvXt3Q2TypnLe gQMHIP1iZGTk9evXIWrXarp06QIHrOTKXPbu3QtRFeHh4TSsoKKiYuXKlbAYERgYmJycnJaW lp6eXl1d7ejo+OqrrzKdKBMSErhBMcXFxZs2bYKo18DAwI0bNxqNxj179hQXF8tkMj8/P5aC fu/ePdp9QC5XKpXjx4///PPPtVqtVCpt1arVzJkzqcuns7NzXctkxYoVCQkJhBAfH5+QkBAQ eTMyMmD7zT59+jRv3nzDhg0ajaZVq1ZcAQjYtGkTiAWxsbGpqamHDh3S6XRNmjSh2Tw1Gg03 fxSCoLhgM+iIz7umDrRq1Ur4JtTMLpPJLHpTU4Pkjh076EwZFRXFvCYtLY1pYj1y5Ejv3r09 PDxkMllsbCzrhsxsjzYxe+zZswcUr7CwMOZcnpWVJbA1Ynp6OhUXeKPD79y5AyGXMDMx/8R7 Z94AhBs3bjBFB/H1K1BrTBITE+3s7Dp37iyXy6nSRomNjWX6e1ZXV0OSJZlMNmzYMJ1OZ05c EA6m2LlzZ9u2bX18fORy+YoVK5h/Ki8vZ5n06/pFFuM49u7d261bN5A7ly1b9tFHH9UnEo8m fs7MzBS+MisrC8QF2KGbau1XrlxZsGABjd0wl1YSgkJ575yZmVlWVkarD2qH90pWYu+VK1eC B2inTp06derEvBJyNBFC/Pz8pFJpnQS44uJi0A0IITExMTTXxaRJkz777DMq1gjfJD8/f/Pm zeCJOWDAAFZWKL1eDynhEeRfTgMuRogZGalHNB0jWAZJSAknEqoQ19TUcDPVGI3GjRs3cqf/ qVOnUsdG5sUpKSnMHSK4UH8uXkUcTrIc7w8ePLh+/XruwLphwwZYHOW1x1ZWVubk5ID4UlRU xPsys2fPZuUi1Ol0kyZNoiFtzFUVqBqWO7rBYAC3Sp1OB6EKzFuZq19en3aoNa4VZPPmzTTJ P3NuGzNmDKuia2trZ86cSd9ZoVCY80SDEhMIcJgzZw53D4XExERuUgT4ImrftvhFcL1wbAV1 XJDL5X379uVtrsJAM6O7NuTk5FjctUGn09E9FFir9QUFBREREWvWrOFmMSkpKVm5cmVERIRw grL8/PyIiIiFCxfyZujKzc1dunRpREQE669lZWWTJk1ila1er1+5cuXUqVNhKUEul1PPXDog 8FYHky+++IJGSVDzRlVV1ciRI0+dOsW8MjU1ddq0abw3OXv27Pjx46lXE7OdREVF1TXTF4L8 I5H8wz9PInF0dDSZTAaDwaIXglQqBbuowWAQk8WvXlYdOzt4Fnd3jHqiUChARXuWx7i/5CUh SvMZL5mn3Dvs7e3rWRFyuRzcIGpqasT0GqlUqlAoTCZTTU3N08l6pFQq6QcqFArQDTZv3sy7 viCRSBwcHGDEaOhBAEH+XvzDo4Nqa2vFB9Y/zYnEYDCI2RvQCv4Wc+Ff8pI2l8z+Ab2j/hUB e3OIv95kMj3liqjT42pra7GdIAi/rI9FgCAIgiAIigsIgiAIgqC4gCAIIma8+zP9Bu4wiSB1 RYJFgCDIv4fAwECpVHr79m2LASYIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAI giAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiDPNA24I6Wf n5+jo6PBYBC+zM7O7smTJwUFBfRMcHCwRCJ5+PDh3bt3BX7YunVr7m+Bbt26vf322zKZrLy8 /Ndffz1x4gT3582bN/f39//pp5/0en19PrNNmzaEEIVCcenSJaPRWNefq1SqVq1a1dTU2NnZ Xb58WeDKpk2benh4EEIKCwsfP35s3avKZLJHjx4VFRXVtWBDQ0MNBkN+fn5VVdVTa53+/v4O Dg7mmlBNTU1lZeWjR490Op3ATRwdHQMDA11dXQkhGo3mxo0bYkrP19e3U6dOAQEB8MM7d+6c PHny2rVr9f8oLy+vxo0bGwyG69evE0I8PT29vb0tdhPaWVhVILARc01NTW1t7dMbSiSSF198 sbq62sHB4eLFiyaTydyVSqWyVatWhBBu51Wr1QEBAS4uLtXV1YWFhcIjACHEw8MjICDAwcGB EFJaWnrjxg3hxvDJJ58EBQVNmjSpTj1IqVQGBASI6aRQIwEBAQaDgV4sXMU1NTXV1dUPHz7U arU2qYjg4GCTyWSx6u3s7OhIYsNRyNHRsWvXrq+//rqXl1dpaWlFRcXVq1d//fXX4uJi3qFG IpHIZLKSkpI//vhDzGjAfDR0JUIIfeenM5zWs89aN1A8C9g13K2nTp2qVqvFXFlQULBgwQLa M2fMmME6ycuECRPUajX3sjVr1kA7gBI3Go1ccUGlUi1atIgQkpmZad3US9vNrFmz4PjLL788 duxYXe9gNBqnTp0Kxzt27Dh+/Li5By1btgyOP/74Y+vedvz48bwlZrFglUrllClTCCHJycnp 6elPrXVOmTJFTBPS6XSxsbGlpaWs8/b29jNnzvT392ed12q106ZNq6ys5L1bjx49Ro4cye26 nTp1IoRs3rz57Nmz9fmot99+OywsTK/XR0VFEUIGDBgQFhYm/ufMKhg9evSrr74q5sqnQG1t bXh4OB2C582bZ06q2LBhg1wuJ4QsX76cOarOnj2bW1mJiYkZGRm8PSIhIQHuw+T06dPbtm0z N3AHBQVBg6nTpxkMBtpJDxw4sHfvXoGLFy1a5O3tTQg5e/YszFiDBg3q1q2bmAetXbv2woUL 9akFOn6KISkp6eeff2Z9oMAo5OHhITAKSaXSSZMmhYaGMnuNl5eXv7//wIEDCSErV668cuUK 8ydBQUHwJ6PROGbMGAHNzdfXd+7cuXSA4u1KtvoQi9Snz1o9UDwLSBvu1nXtk3TQgQONRiPm /qzL/Pz8qKxQVlam0WhOnz7NHTVWrFhhk2/s3bs3PX733XetuEN1dTUILoQQOtpyR9iEhAQ4 Xrx4sdX6PW+J1emyelpiGqgJKRSK1atXswQLhUKxbds2Ov2UlZXdu3ePDqmbN292c3Pj3mrN mjVMWaGsrCwzM7OkpISeGTduXFxcnA2/0dHRsT4GPDFd6alBRWdfX19z4+m0adNgjk9LS6PW GqlUumXLFlpZeXl5tKVFR0czexn98NWrV1NZgXl99+7dk5KSJBIJ75RDCCkvL6+urq7Td+n1 +qVLl8Jx//79eTsptWuCrKDVajdv3ixyKKPExMSEhITUpwoEjDq8AwvtaAsXLrQ4ClHxjjsK eXl5ffHFF0xZIS8vLycnh3nNjBkzPvnkE+aZffv2lZWVEUJkMtn06dMF3nP+/PlwvGHDhidP nlC5nzti1PNDGrrPisdW1qa/h3WBas/Tpk0TrpI6NXFhnJ2daTvIz8/nXuDi4vLpp5/ayvra s2dPpsWiefPm3JURi9y6dev48eO9evUihCxZsmTcuHGsC2bPnk1HWN6PegrT9unTp/V6vRVf Z5OnT5w4kSs62NnZhYaGUlVj1qxZTI124sSJcJCTk7Nq1SqYTiQSyejRo2EmW7p06fjx45k3 XLhwIR1fEhMTf/nlFzrjSqXS/v37Dxo0iBDi4+PTpUuXM2fOWPc52dnZWq22pqYG/rtp0yaW igzirFqtLioqWrJkCXPWl0gkzKkOFkrS09NPnTrFvUlhYeFTrim9Xh8XFzdnzhxCSGRk5MWL F1mmu27dusF0qNFodu7cSc9HRUXB+58+fTopKQk+uUmTJjCsf/jhh+fOnYN5BQqBzjq7du06 fPgwHcTj4uLc3d3lcvmwYcOY96dPJ4T88MMPVnxaXl7emTNnunTpAmMLq+VQMTQ6OhqOeY0r sbGx3OUViUTSvHnzOXPmQAnExMRERUXVf0jUaDTTp08XuI9UKmW2pdu3b9NRKC4ubuzYseJH IU9PT6qAGY3GuLg45gUODg7Dhw8HM1hQUNDw4cOZVbNw4cINGzbAn1q3bs1reB8xYgQ8Oicn JysrS/jD6/MhIqlPn/1bI23oB1RXV8PqsgA21FmDg4NhguFtB127drWVrEAICQgIgEazatWq hw8fEkI++OAD6261Y8cOuINKpRo9ejTzT6+88gpYUFkj7NPEZDJt27Zt+/btvAuQwPDhw1NS UriyjkDppaSkUA3MCjODwWD47bff6BN9fX2p1K9QKGBaKi8vX7ZsGW1gtbW1ycnJoPSo1WoX Fxd6t9DQ0BYtWsCcFx0dnZGRwezzJpMpNTV15cqV8N/IyEhe/VUM58+f37lzJzVom0wmVneo rKyE77137151dTXzT8xxR6lUgkHl9OnTN2/evP6/XL58uT6rbFZz48YNunYQHx/PUkDpbDpt 2jTmvAUTeXl5+bZt22ix379/n0664OtAj6Hf7d+/n8oKhJCqqqpp06ZBXTPleEr79u0JIeas /RYbcGJiIhyo1eo33niDewG1lu/Zs+fBgwe8UzivEej27dtRUVFUz27btq25d/D3909JSdmy ZYvFirh69apWqxUYdbVaLcv+REchpVIZGRkpfhQCAZEQkpWVNXr0aNbYW11d/fnnny9evBj+ 26dPHx8fH/rXioqKHTt20FZhZ8fWYL29vWHuNxqNtAOKHE7r+iHix0Pr+iyKC5bMF3Z2T/N7 lEolHYOY5+VyeVJS0pgxY6x4f2dnZ+4SKSHkP//5D8xkly9fhjW5Nm3aiLFT8d6T2tBeffVV amT28vKiC1fMEdaciczNzU2tVj/lMmeiUqmecvOorKyk8xMtUjA7E0LoIg6T7du3wwFzPYLq iwsXLjS3CHLlypXbt2/Dg5h2V1YJuLi4mGszNrR5gtEbRqhnakxJTEyEeVGtVg8fPpz2R7qI s3TpUuYYSiePXbt2sW5VWFgItwI1AHjppZdg8khNTeWO499++y08zt7envknJycnd3d3vV7P O5GLacAmk4nOeSNGjGDKmoSQTp06wYdoNJqDBw9aUW5JSUkibd1iek1deyJA3ZXCwsJEjkKB gYHu7u4g7YGdgJf8/Hwqb7GWJI4fPw6iklwu5w7RVAiLj48X6V1o3YewSs/Z2Znaqm3VZ1lT lbOzs0qlqv9AwcTBwQHe3Gp9Rqjh/WMEn/DwcBBCQbn84osvYHwHgVQmk0GtwOKIi4sL9Rjg snbtWnd39+XLl7u4uFBblkajYVogVSoVjA6//vorIeTw4cNg4u7RowfvYGHxno8fP05MTAT1 a86cOVFRUbW1tXSETUhI4EqpcM+EhIRbt26tWbOGuXiv0+mmT59eUVFhqya4detWQsj69evP nz//7DeGhw8fnjp1qkOHDnSZkwldCHB3d4flFW9vb2gehYWFwmEjW7dujYuLO3DgANd81aVL F5blU6/Xz549m+WDOXz48D59+mi1Wq6ZtE60bNkSHsH7jcypJTk5mdkXWPTq1Ss8PBw+DQbr BQsWsFadFi5cCKaXqKgopi1QKpVCR2M5c82fP3/NmjWgSp46deru3bvz58+nFuC8vDyWTDBq 1Cg3NzfQCFlSPrTq+/fv05OXL192cHDo0KEDr6Ud2rxMJlMoFLSiCSGtW7cG0059yjw/P5+5 JDF58mQ64NCOPHv2bOtu3hDje12pqKio6yhEJ3jqPGiOjIyMwYMHu7u7q9VqDw8PurpEGEsS nTp1OnjwIG1+w4cPhwZw9uzZmzdvNuiHAAMGDIA1RwDmCycnpyVLltS/zxJCmjdvPmPGDK4H 9/79+/ft2yfmDgkJCaAq5OTkMMu8Xbt21M2TWlkyMjLAFlXXaKB/uLgA67gsaK1AV9y4ceNv v/1GCGnUqJHArcBGR/22qOmb+V/qyXXo0CHQ8DQajVqtHjBgAK+4IOaeGRkZb7zxRosWLWQy WWxsrE6noyMs75Ie3JN3eFIoFBs2bBg/fjzX/mkuIkAMthWEbQVYF5mUlZV9/vnnn3/+Oe/1 EOMAoz8cvPzyy1QaEH5WcXExa7WI1YdZxbV69Wrqf25bswoo3Pn5+fb29u3atQsJCVEqlZWV lT/99BNzsjcYDJcvXw4JCYH4WK5+1q9fP5Bcs7Oz4UzXrl2Zd5BKpSArgNmGKSdRwwCrfZaV le3YsQOkkEWLFp0+fRruYM4CbDKZmJMHBdzmQaRgiguXL182V7n9+/fnlaL69u1LCOFWhBW2 ExAXXF1dO3bsCEvpVF1OTk4Wlt4EgLUSrmXUOqx2iK7TKKRQKMDdp6ioiCnSmWPnzp3gbPTy yy8zx0lYkoAGM3v2bJiVvby8+vTpA7X52WefNeiHAJs2bWJN5DKZbN26dbbqs4MHD4b2ydvU 27dvby6eiDvOFBUVMWWFsWPHQrNkqdBQpLZC+hRGc5u0fots27ZtwoQJsLhuNBpnzZo1btw4 aovWarUREREgK9SJ4uLir776Sq/Xf/nll8zzb7/9Ngx/tJOAC5VCoQA9xop7EsZyr7+/P8wH ItfYcnNzwUlqzpw5VEQYMmQI98q2bduqVCqlGdzc3KwwwVkhi0COCjHWRYFrwOsNBiyNRiNG fFYqlUOHDoUXoG8L1lRCiHVj/fz586EPgzkhIiJi5MiRoF6DRs5crLUVzZo1e/jwYVBQELT8 V199tVOnTj169Fi0aFFSUhLTFg1ai0wm43rde3l5wbf/97//1Wq1YFlhRf01bdqUHnfu3Jn5 J/Bf02q1XAv/8ePHoTPK5fIePXrASfExfo0bN164cCHtZRazHQABAQFQEcxgFqbEwzJsWNGA mUsS48aNk0gkLVu2hJsXFRUJx8sJ5GV54403qHH04sWL9e819enFVAsXPwrdunVLzJ1pLMwL L7zAbTAgMiqVSnANocrV3LlzrQvzqdOHhIeHg6yg1WonTJgQERExatQoG4Yie3l5gawAThij Ro2KiIiIior6+uuvqSzOWuESsCtQfxFCSJs2baissHLlSnhzuvRjQxrcukDXBcyh0+moA1R9 qK6urq6uvnTpkre3d3V1tRhR1yJ79uwBEfjo0aPM876+vtCw9u/fT0+mp6fDPDR8+HABIdHc PamdfMGCBXShxGg0CsQXUZj+4UVFRTExMZs3b5bL5S+//DJXCVOr1SIdDIUJCQmhw5Zerw8I CAANKTg4mA6LzGQpAQEBMpmMfiYo9CqVqkuXLg8fPgSZ0s7OLi8vj2UnVKlUkZGRLJO+vb19 +/btmTOZSDcoKpDt3LmTvj8MJXq93orlGw8PD1gcZS4t1dbWXrx4ceLEiWBinTFjBjVc26pb wTT/8OFDOMjNzW3ZsiXoT3K5fPPmzdS2lJ+fr9fr5XL54MGDqQkBgBhFo9EIVvrU1FRIzqFW q6nQCb4CQLdu3ZijLVSiuSF1wYIFzDFryZIlYlTeN998c9iwYcwzNPhFGDc3NzqGsjyavby8 oIKYTauuDZiSn5+fkZHRrVs3mUxG/WDgA4XfcOrUqRcuXGAtOrRp04ZpHjtw4ACzlHh7jVKp tNhrgoKCUlJSBF7G3OIUlMb8+fOpVCQwCj333HNwwGpX5qDLQ7wdbcGCBRs3biSEjBgxYsSI EbRArB7MxX+IUqkEcY3Zi00mU3JyckVFBYit9YTeZNasWVS81uv1R44cKSkpgcQ2QUFB5tK6 mFuDIIR89NFHcEBXHEwmU0ZGxu+//26xTT5b4sJfgk18/XQ6HSw0cKGLW8wEMpWVlUVFRT4+ PiAk8mq6Avek3Llzh6lYW4y+raysZPqHQ588ceIE2PEaCKVSydvx5HI5S4OcOnUqKA2TJ0/m zbnEWg7kTWliMSkKb4galzVr1sDkqtFomClcqO5ihRJDy5m7KlRRUbFr166hQ4e6urqaaxJW ayrULsKMGXZxcYmPj4dyjouLozLKwYMHBw4c6OPj4+joSGcjiUQC5oHr16+DR8LVq1fpZEMj 1l555RWmrOng4AAzk6urKzzInLig0+mgR8B/WRq/ObiZmoYPH/7VV18J/0qlUlGjcVpaGutZ MMsya9yKBswkKSmpU6dOzLW5VatWWfSB9/PzE06Vwc1JVZ9eUx+Yqz8mk8ncKET7i0AuCtb8 XVZW5uHhwesS+OTJk5SUlIiICHpGo9EIJ8Wy1YdQiY0rQu3du7dPnz71X4cFA0zjxo25prhL ly4JTEN2dnZz584FWSErK4vlT+rq6gpj2pdffskaYQoLC0Gu/TuJC9nZ2eXl5eaWJP5CN35h Lly4wDt52Nvbg1f8tWvXWNpSSkoK6Df9+vXjNXmZuycTpm+wQqEYPXq0uWVaqiXUVeIWcEqy s7ObMWOGDX0UxDsz09erk0g3b948MfOQRCJZvXo1DGp6vZ6l64PCV9dXBTp27AiKC9OxjkJn Gjc3NxuKC2VlZcnJyYGBgXv37n306BE9//jx44kTJyYmJsrlcqaMcvLkSfAD6NixI51XqDXi m2++oaInjOY9evQAcQEWp41G4/LlyydNmqRWq1u0aAFLv7DWrtfrzQlqNFiAqke86Qq4M3Fi YqJer2/VqhX0pt69e/v6+go0WmdnZzqG5uTkcLseSDzglWyTBmwymZYtW0ZzB2VmZopcLhEw euXl5VmdboG316SnpwuMNsIBNcxRSC6XR0ZGgsNs/RU5YcHixIkTvXv3pm5ANCzCakR+CLUv MrU1KhJlZmbWf9I9efLkyZMnueOSu7u7gDqkVqvpCxcVFXFjTyANNjRC7s+//fbbv5O4oNPp qNQvhmfBPZjqK7zn27VrR62I7777Lo3XqqmpobX+2muv7dq1i9v5LUY3vfTSSyyPlVdfffXU qVMC6UTqGjF1/vx54eQkFRUVFnUFrVbL9Pirra2Njo7u0qVLeXk50zu3traWFsLEiRNp5RqN xs6dO48bN85oNE6aNKmqqor5J24TGjduHB217ezs+vfvD5OfQqGgobMCKBQKGjmi1+vHjh3L mgOuX7/erVs3Ozs7XmdAMS1WJpMJLxZ6e3vbMMlVZWVleno6r0JpMpm2bt0KBnxq2ywvLy8u Lvb29v7ggw/oryAPKSv71rFjx4YOHRoYGCiRSGpra0Eb1mq1ubm55eXlarW6a9euIC7AQsb5 8+d55yRXV1eWcABxlRYdcaj+d+PGjcjIyPXr16vV6qCgoCZNmvAapZ977jm6wMTVvcCQ4OHh odfrmWKlFQ2YRX5+PviQGo1Gix6ywIwZM5g7IzBd2Z9//vnc3FzuT6zuNZmZmVZP8NxRKCws 7KeffuKOG1TZE5mAlS6sCJCQkLB+/XpCyJ49e5iicIN+CC1A3sZ8+vRpW026Dg4OrVu3bteu XWBgIHMtVQze3t7Utkdp1qwZMb+QKj6jqBiehhNindBqtRBPZdHnCDbXqY+fv3UwF1YHDhzY 908GDhxIPeYUCsWLL75Y1zu7uLjQZdrJkyfT6YdmfGtQMaiuGBmYTCZorLm5uazzzGmMnieE wEBQXV2t0WhYfxLW8AwGw759+2jhLFq0qHnz5gLv6ePjk5iYCLKCRqP56KOPuAIBNDm5XC4c MgM0adIEtroRGF+4PM2gEt6tsCAhgVqthmwTcrkcPB9ZgTygo8jlctBaunfvTv5cdIN86mBU sLe3BxWQ1wWHMLzMNmzYQGPc+/TpI1xZ3Hqn+XphWGQRFhZGZYX09HTeuP/AwECY3VkTP28D vnHjhrkGbE5BN5lMIkVM1px68eJFWjLh4eEQosIV/phdAxpqTU2NxV5jdaJiZ2dn8aMQjTpm +cCag76VwLhN5UWRq1c2+RAbmjwFGDly5NatW6dMmdKjR4+6ygogbHG94miOmaeQ9P2ZExfo Z3PD0lgyGkwATk5OT/Pd3NzcqOadl5dX8r8wc9czV+DEGyThYM+ePeXl5RkZGeBbLpPJqNnz GeeppWnKyMigaZgXLVrEysnDtDHSeSsrK2v8+PG8nYqG41vUIRQKxfLly7du3crKrKfVascJ 8ssvvzy1WuCdvagz2uuvv04IoeIsawM22GmF/Om7DrY0kCEgH6JarVYoFDB5G41GXpNJdHQ0 dM+ioqKsrKzS0lLqFDx37tw6VTqdMzp06MD6U3h4OM3Zl5ycbE6ZBhc2kdu/PZ3tACilpaXU +DpkyBCRslSDLuDSRR/uKERTyXG1u9atW5vrg0zef/99ODAnZdbVFGGrDxHoOLZi+PDhNESo rKzs66+/TkhImDRpUkREhLCzf2pqakREBEhmkIGe+VdYPZFKpUwd5l8kLsAasJeXl0AEJnX1 quvKfT1566234GDBggVLly6d+b8sXbo0KioK+o+rq6sYVZU7wpaXl1OFj/r0CuzZ869l69at VDhjhhVRQkJCqNvarl27BFLOUX+ovn37Cmse1O+PBuWCQRjCMgWw7Ug0ePDgFStWmEsGzKu4 GAwGELBgzILVnPLycq5HBazxd+zY0dPTE9oklA+duYOCgsB5MC8vj/tdoaGhIHUZjUY6Lu/b t4+acFi+hMHBwSkpKSkpKcLjHWslgpmWbcGCBeYc/SQSCXix8Zr6nwWys7Op38PcuXOfTth5 nUYhGqjl4+PDHYVg4pfJZIMHD7aoS9CGITLw8ql9CIgmdnZ2vOXPDA6yDrlcDj7RkPdp6tSp R44cuX79OvQ+AUlLr9d/9913TGVy7NixTKEW+qZMJvP09OS1rf7DxQVwE1UoFKAGmZPU4OBp jgJ0TymdTiewDn3gwAE4MJeRg1cJpnotM5VTVVUVVT4iIyN5N1F8RgAfgqc52NXW1lJxqnnz 5qx0F76+vtT1ff369azgEe5UmpaWRiztjCeXy2naEzoGgcCqVqt5e2bPnj1hLmSmMa4/Pj4+ Xl5eSqWSVyR977334IC1KgGpQdRqdb9+/eBteWPtTp06BTLB6tWrYcAFCd5kMkEO7KlTp8JU feTIEe6UACFhhJC4uDimFZfm5Q0KCmJqSNTgz5tXmwboMx0q+/XrR2WFadOmCXTGxo0by+Vy jUZjMaMGNOC/xPOa9nG5XD5q1CjhIajhXsPcKKTVagVGIRpv0qdPH4HtNKVSKd3V89tvv7Xh toI2+ZBz585B+fNKBvV3XKAD4/bt21kx4SLFkcrKSrq5BlM7omI0K/wY4M0p948SF3788Uc4 GDFiBG/7GzlyJN23/mnu0Ej3lGLZb1lQs3P37t1FZnen+hY3OylT+bDt1sm25dq1a2lpacIl w+Tx48eHDh0SY5MUACKF4DgmJob2SeaOt6tWrRKT+nfPnj10Mvvoo4+4co+npydNLVdYWEh7 KY2MXbhwIcsyoVKpYE3KaDSyNvOtJzCjE0JoDnymcg+9pqioiDVHFhUVwUID5O8yGo28EVys NNg//fQTPWaZ9LnZ8eiUcPToUVbfrKio2LRpE9WQaEYaEEFgBGf1Fzc3N7r8THuBm5sbzT82 fvx47uDLBDwtWNGJAg2YGWz51DAYDDSpV1hYWJMmTYR7DVdKqz/iRyFWiIper6dz8PTp08F/ ltt3vvjiC3Dt0mq11u2p0aAfQmOJx4wZw4pc7devH28sq9WiDOuMm5ubyJXr48ePg4mOuSRR UVEBPSg4OJjK0NQGaVvrwtNI07RmzRrhLu3j4zNz5kzqw1lSUpKdnQ2qxvTp041G4549ewoL C41GY0hICFNl37Bhw1Pw76BQ8U14HbS6uvr27duQfPSll16yuNMxHWFPnTrFm510zZo1kOoK 9qsUjqv8qzhz5kyd9nQuKSnZvXt3/Z+blJQEsr9CoRg7dixkoOratSuducPDw8vLy7k/dHV1 TU5OptYpg8FAN1/u3r179+7dIfTgyZMnLi4uw4YNo4mQ9Xo9c8OR4uJiqG7YxmzlypUgGQQH B8fExFCRwraLEdnZ2ZB0PCgoKCkpac6cOSUlJUqlctCgQRCwQAgB2wCLH374AZKJEUKysrLM RQmCzz/8l5kLlSn0FBUVscbi8PBwmtaCN1NCZmZm3759oSTj4+MhdEKr1aalpUFoe2Ji4vLl y/Py8qRSaefOnema7p49e2jQMnOPwaioKF5vA19f36lTp1ZVVUFiCTGOI3VtwLbl4sWLNEfF woULze1NIL7XBAcHz507V1iJd3Jyoumr6SiUnp4uPArBNo9MT5Hs7Gy6Z/TAgQMHDhyYkpJy 7do1g8Hg4eHB7DswpDdoSVr3IbW1tdu2bRs3bpxMJtu0adPKlSuvXbumUCiioqIgUrqeUHfU zp0737hx48SJEyaTSaFQdOzYkem4AP77wl8HkuXYsWMvXrwInWLNmjWw0gordN9++62dnd2I ESNsKOU0uLhA7WYeHh4WA/NYXi3r1q2D/ZPgT7xmltTUVG6scz29YwQsfiqViua9581vz+TL L78EF9YRI0bAGGTOikhH2MrKSnNygMlkornJXn311Z9//hly2QpYJutTDs9OLKuYNzGZTMuX LweTY+fOnb///vuioiJqjSeEeHl5UU8XFjSSBbhx48bKlSupahIWFsZdqdVqtZMnT2bNsosW LVq2bBk453LzHLNSzdikiRJCZs6cCbKRXC5fsWIF66+xsbHcHZsII/coIeT77783d/MjR46A uGA0GplOA2VlZZAgkhACyzeUNm3aUOUmNjbW3J3j4uJg60VmXOXOnTvbtm3r4+MD6f1ZPzl6 9CjVR+nW5NSUYu5BcrlcoVB4e3sbjUbhbcOsRmRVirwsPj4eKlSpVPbr16/+Kjg34RULulRE RyGtVmvOY9RkMs2bNw+yBIaFhaWnpzMzau/YsaOwsJCavnnVZch3YsNYNm7B1udDzp496+Xl BUOH+Gzl4g1IdMsr7lYOJSUlMEb16dOHeuHwNpuysrL9+/eD49GyZcsgf0xFRcW0adNAPfD2 9haZBdUKGnAxQmQkLq1C1pmYmJglS5bw9vP09PQJEyaAAwgLGCItanJUK+KVvsFiwUo+Q+O4 xEj3N2/epHv4gtGV956enp50hOV11qPcuXOHukRQnRXuySu7CJSDxe4Kt2VeRkvJ6n1r6tOE LEYxXbt2jQqO0M95MyZx4QYlX7lyZeTIkZAmiDvYxcXFjR07ltuwa2trZ8+eTe3JzJ+sWLGC lX4AHiqmdwjXVGVlZUREBLcX5ObmRkdHm0udVFlZCRYCjUYjMIlSowvXmZFmg2Eu8UgkEppC YNOmTQIJqfR6PfU46dOnD41smjNnDm8BfvLJJ0xDhfg1b6PR2KpVK0LIkydPGsjjHUL+LN6c 2lYF9oyAqqHBfu+99551kbd18gmAN/fw8KCjEGtraRaFhYV0FOJuAH3q1KnIyEi6vs4yhs2e PTsqKqpOsoJwcdGuRMu//h/y/fffL1iwgNn39Xr9zJkzwelHDAIfmJGRwU3JnJ+fD27yEDrk 7e1N3R7NDRTUa9jV1ZUmCS0tLR01ahRzU4K0tLTRo0db3LOqbvob+TugUChgLdlgMNgqBBZB LNo2qK9+dXW1+PwKsABfU1NjcbyzFdTPVKvVNqgT2dPp7PAter2+ntM81ODTrAjk/9RQqRTq 8W86YkMvpi8Pm87r9Xquq5AV2Nvby2Qyk8lUJ41auLTN9fo2bdqA5fVftIG1rYoVQcRTW1tr ccMOXu356Y+PVrznv6GzW1eDSP0R2J3hb0GD9mKRtk/x4jUYpXj3Dfnwww/hc2ySgV6KLRtB EARB/qbiNSxb/Oc//2F5SoaFhYHzrK3SDdhhcSMIgiDI35SMjAwaWJSdnX3x4kUnJyemuzcN YEZxAUEQBEEaCptHJNqWnTt3urq6wrYdoaGhrHChadOm2cpFXYJNAUEQBEHM4enp2ahRo5qa mqeZFbCuODo6du3a9aWXXoK9ZG/dupWRkdFAIcQIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAI giAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiDI s8LT25HSy8vrpZdeeuGFF1xdXQkhv//++7lz57Kzs7VarcXfent7+/v7y2QynU53+/bt4uJi iz+B7blef/11Ly+v0tLSioqKq1ev/vrrrwK/9fT09Pb2NhgMFm9uZ2d3+fLl/ytBieTFF180 GAyFhYWPHz8295OAgACFQmEwGJRKZW5ubkBAgMFgePLkSUFBgcXHtW7dWiKRyGQyeKjwe9bU 1FRXVz98+FBMwVrZaCQSf3//5557jhCi0Whu3LjB++HWlad1hIaGGgyG/Px8ulUrFHhpaamY 1iL+VQkh169fr+frSaVSuVxusZCrq6v/wqFBoVBAK+VtY48fPy4vLzdXYkqlslWrVnZ2dtnZ 2TjIIgiKC2Jp06bNrFmzzP01Ly9v/fr1T5484f1rkyZNli9fzjppNBo/+eSTkpIS3p9IpdJJ kyax9vxmsnLlyitXrnDPR0dHd+vWTcwX6XS66OhoOjJu2bKFEJKcnJyens57/fvvv//222/D 8Y4dOzIzMzds2MC6jzkcHBy2bt0KE/P48ePr9J5r1669cOGCbWuzS5cuY8eOZZ0sLi6eN2+e Xq+vf3kC8MOMjAwxP+etgk2bNqnV6sLCwnnz5lm8g/hX1ev1UVFRdSox7utNnDixY8eOFn8o 0KLEiMsLFy6cOXOm1RXdtm1biz8vKSlZsWJFaWmpud9OnTq1rKyMnvfx8QkPD1+2bBmOvAjy t0Pa0A8YN24cU1YwGo1ZWVn37t2jZ/z9/Tdu3BgYGMj9bdOmTZmyQm5uLhzIZLIVK1b4+Pjw ihdffPEFU1bIy8vLyclhXjNjxoxPPvmE+1uNRiPyo+zs7OhxbW0tnfN4Lw4PD6eywvr1648f P15RUXH79m1Q4Hi/gkmHDh3gAKacOr1nTExMSEiIDWvzrbfeorKC0WikNeLt7b1161ZmsVhd noSQhISE6Ohokbq+uSqA4/v374u5g9FofAqdjYpT1ATSQPj6+n722Wfu7u71uUlNTY3Fa7y8 vFavXv3GG2+wztO6Y1biW2+9FRcXV1FRgcMugvwdsWvQu/fr169z585wnJ2dvXXrVqaFvFmz ZvPmzQOrbGxsbExMzMOHD1nzOtXIjx8/DsdvvPHGiBEj4Cfjxo1jXt+oUSMqXhiNxri4uPz8 fKaaPnz48FdffZUQEhQUNHz48J07d/K+9qpVq3JycqRSG8hS4eHhvXr1orelJvedO3fOmTOH ENK7d+/PP/9c4A7vvfceTH5Xr15l/Sk2Nvbu3btse5FE0qJFi9jYWCjYmJiYqKgok8lU/29R qVRDhw6F48WLF0PZSiSSCRMmdOzYUSaT/ec//+H9lrqWp0KhsFULdHR0FHPZ559/vnPnTt5S MplMXl5ecXFx8F9mixKJTqc7ffq0Xq+nC08HDx48c+YMlXIoWq120qRJHh4eIFv88ssv1n21 DQuQEHL06NE9e/bQ6pNKpSqVyt/fPzIyEtrYiBEj7t69e+3aNfqTsrKykydPsgQjT09P8TWC IMi/yLrg6ek5ZMgQOmGsW7eOtZp+586dqKios2fPwn+XLl3K/KtSqQT16NSpU1RWIIQcO3YM /qtSqdzc3FjTJxxkZWWNHj2aNbJXV1d//vnnS5Ysgf/26dPHnGZfUFCg1+t1gtRVVoiPj2cu z9+4cQN0zZdffllgHvX09ITJ46effuJOZrzqe21t7a1bt6KiosAILJPJ2rZta5MKbdasGa1N Wra1tbUbNmyAZ7388ss2KU/uPNrQ1NbWarVa3hfT6/UTJkyg07kVhnSTybRt27bt27dTL4r7 9+9fu3btOoeCggKJ5P/WB6dNmybevtKgXL9+nVl9Wq22tLT0zJkzzM47depU+uaEkNLS0u3b t2/fvp25PgUmnIa2rCAI8vcTF2JiYuBgw4YNAo5smzdvBqOCSqXq0qULPf/888/DweHDh1k/ OXfuHB2I6cnAwEAQL8rLy8EzgJebN28mJibCMe+SBOhPtrUrLF68mNrtKQcPHgRF0N/f39xN evfuDQdpaWl1fYGkpKQ6adgWgWURo9HItXNwz9SnPGHiEfiVnZ2ds7OzWq0WL17Y29vDT1gL HxaJjo729vamk2KD9sYpU6ZAG968ebOA26zzn5grImpdEC55Z2dnFxcXlUol/FYCXpmbN28G SVEul5sTFilQX87OzjjsIsjfkYZajFCpVKC7azSarKws4YsTEhJWrFhBCBk6dOiZM2fg5KNH j+DA29tbjHP7mDFj4MCi/peRkTF48GB3d3e1Wu3h4cF0xbIVTFlh/vz5d+7c4V5z4sSJgQMH EkIGDhzIdeeEWbNnz55Qhla8JFPbI4T4+fnNnz+fELJgwQJWOMbChQtbtGhBCImKimKqg1Kp 9IsvviB/+tzdunULzBUqlYrlmiqTyWxSbpGRkWFhYXA8duzYsWPHsrwgmzRpMm/ePCooEEJS U1N/+uknczd8+PChk5PT4sWLmQv5er1+xowZtIEJ0KlTJ+oCOWfOHKoZv/XWW7AuM2nSJO68 Tsvt7NmzmzdvVigUIKGuX7/+/Pnz5p7l5+cHPjdFRUVUa2dV6PDhw6kECWRnZ2/atInWGn0W TOHwGlu2bDlz5gz909ixY93c3FjdJDs7e/369VbYdeLi4tasWcPqvP7+/nPnziWETJgw4cmT JwEBAbD0RggJCgpKSUkxV3QIgvzrrAvt2rWDA+qgJ0BJSQlMh66urg4ODixxISoqiqkkSSSS jz76CI6pEdvBwQGM9oWFhWK826jXgkWVqJ6ywqxZs3hlBULI48ePQQwKDAzkVeD8/f3h/H// +18rXqN9+/ZMFfP333+H/3bt2pU1t4GsQAjx9fVl/okaeCB0ENwzCSEjR45kXubi4gJzKisy wgqEDSGdOnVavnw5U1YghAwYMGDt2rXmZIWwsLCNGzeynP7kcvm6dessGl28vLwgFAUEpqKi IvqnzMxMOAB5jkVQUBCvTUg4eJKaLnjlXZVKtX37dpasQAgJDQ1NSkpq0qSJgDmB9dwtW7Zw HxEaGrpx40YrqqysrIxaB7lPhzO8H15XMw+CIP9McaF169ZwICavACHk2LFjcODk5AQHBoNh x44dhBB7e/ukpCQIo/fz89u2bRuM/qmpqTQwnWpFdEoThobOBwcHc/9qnacYTJZMWWHGjBnC ssuuXbtANafSFZN33nmHEGI0GuniCwsBf/433niDvsbFixcJITU1NTDhsSIGmQ4cL730EvNP oOhXVlY+ePCAEHLv3j24Q8eOHRMSEry8vJRKZadOnT799FO4fuXKlbwvI748t23bNn36dCjJ 1NTUsWPHTp8+Hf6kVCrp5L1r165Ro0ZFRETwWmUoVErIzs6eOnXq6NGjZ8+eTR0+hg0bJvBb uVwOFi8QDlgBjWVlZSDg9unTh/tbcNnR6/Xi/SK7desGYtCBAwe4LikSiWT9+vVwnJubO2HC hIiIiKioqP3798PJ+Ph4mH21Wu24ceO+/vpreIGZM2dOnDiR12UyNTX1448/joqKWrduHZxR q9Vt2rSxouWDyUQul9POy+1u48ePhwCloqKiCRMmTJw4sSGsegiCNBwNJeBTr0aRIWp0YG3Z siVMToQQcGkMDw8nhFBjJh3svvvuO+6cJzLNAA0S4833YG7ao/DaUdVq9TvvvEMnaSLCaeDS pUvUIMFaslEoFBADmZWVZc7lberUqRcuXGAtOrRp04Zqt1BQ1ISempo6fvx4tVqtVqvpnEQD NQkhr7zyCkgwTNPL6dOn6Zk5c+bExcX5+Ph4e3vT2RTgrnFYUZ7V1dXV1dUVFRUeHh4FBQVa rZY2pHfffRcOmCb9a9euTZw4UcBVhdVUiouLJ0+enJycDNYXOOCFCiIajWbTpk28ot748eOV SmWTJk2YQqFSqQRrzZEjR8TK7FIpLLjo9Xpmq6Z07doVFHTmt+j1+n379uXl5c2YMUMmk/Xv 33/fvn0g3t24cYPa7XifyKys7OzsefPmgQtwjx49mAEOtsJkMmk0mjt37gQFBd27d89ckhUE Qf6N1gXQUysrK+vjCO3m5tavXz/eP/Xq1YvpokWtC7AkIUZcAOXGop+XeCIjIyHokTJ//ny6 tmJuGIVMRK6urizZgqbx4Z0/AD8/v/fee2/Q/8KUFRITE5k/pw6JzGteeeUVpsRDX9jNzQ30 XaZi3bp1a3PhJAMGDLBtE2JZsKFFlZeXs5b/KyoqwAplTmxlFaDBYAAxVMDmER0dDQ3JaDRO mTKF9xqar5DVROkaEDWYWYRKbLt37+YN5hw8eDDvtxBCrly5AiYf5msIu5JkZmayBLvCwkLo DtZ5xYpxLRIvQyMI8u+yLty5c8fd3d3Ozs7Ozk5MPBh3lHRycqJm0vT09K+++qq6ulqpVA4f PjwsLEylUm3evPnjjz+2ThyRy+UCgkVJScm5c+fMSRLu7u4CGWx0Ot2sWbPGjh0bFBQkk8mW L18+efJkYd0XVge6du3KjBcFyUOj0YhMNMQiPj4+Ly+PVaqVlZVlZWUeHh49evQAYwb4fBiN xuXLl0+aNEmtVrdo0QJWasDtTqfT0dQOwcHBNBNGUlLSmTNnDAaDp6fnnDlz3N3d27dvv2nT JrpeYKvypCo7rCx8++233L/++uuvYIISsN8wEbZ4Md0bY2NjzTlk6PX67Ozs0NDQLl26fP75 51RghYorLy8X78dHl0VOnTrF/atCoYBvNxe+++DBAx8fH0gsLcZ9hDok2goaOYIgCIoLdeaP P/6AkU6lUokZN2kwIZ3+aaQD+HVTZTE5Ofn8+fOg802cOBGMxtRtSmRGBGH1a/HixeIzErLm ocmTJ2u12tWrV2/btg3MBv369YOYSXOiycOHD93d3d99910qLri5uYE0s3v3boHHzZgxA8oZ aNeuHXWXe/7557mhm6DyDh061N/fXyKR1NbWtmzZEko1Nze3vLxcrVZ36dIFxAXwqrtw4QKd CKmePW3aNJr3t7S0NCYmZuzYsV26dIGfc2cjq8uTaz3ird+qqiq9Xs/rT1dX6xHTvXHLli3C stp3330XGhoql8v9/Pxu3rwJ1Q0VJ2DwYOHs7Aw/yczMFBabXF1dIabAXJN2dHQU09csbldh RbPHkRRB/vE01GIEXXIWtsZTIOMbIaSwsJAQIpFIwGBeXl7OnX6ys7PBAOvn5wcr99TtnyaR tKitUoW7rsKEgF3h448/hg+vqamheQCHDBkinOl57969hBCI6oQzr732GtWbhZ/I/O/Fixep Y2B4eDjvOs5vv/0GYlzjxo0JId27dyd/bs0APgpgGFcoFKAyHj16lFYQTDP79+/n7hFAg/do GGT9y5MJDdmAYE6uacomqYWZ7o1Hjx61qIUXFhaCGPT+++/DmR49esD0KX6rDhqoIiBTipX9 /6JYg4CAAPhqTMGEICgu1BkaOM4KujM3TIOHoE6nA/XIwcEBJqcffviB9yd79uyBWQ2yvmi1 Wojmat26tb29vcUn0vGdTof1Z8uWLcz5+8aNG3SHpPnz5wsM5dTJERJUkz/Xoa9cuSImbz+T Bw8e0BWcIUOGNG/enHVBaWkpzHAvvPAC+TPeFcICIYBCrVYrFAqYno1GI13kBvGCEMLrZk+d MPz8/BqiOVFxEMwhXGyS9pi6N5aXl3/11VdifgLt09/fH+oXmvG5c+fEJ2QEK45erzcXcEvJ zMwcM2bMODNMmDDhL4k1oK6dNTU19Y+kRRDkXycu3Lt3D8aONm3asFI1E0Kio6Pnzp1LZyC6 AxNVpqnx2VxoFtf+CRO/TCYDvzAB1Go1LE4bjUZebdVq3ZR1Ztu2bTA3KxQKgX0RdTodZL18 8803CSFNmzaFW0E4XF3Jzs6mOTRjY2O5ofBQyB07dmzUqBE4M4JFhxreg4KCICYiNzeXu1cQ Ncz8JfC2B6VSyUrGYAXUvVGv10+bNk3kr8AkI5PJmjdv7uXlBa+Rmpoq8ucqlQoeyruFBIuS kpLq6upKM/xV4QbUiHXgwAEcTxEExQVrgIxyoLQxdWupVNqtWzd/f/+VK1dOmTKlffv2kNyQ /JmHgBBSXV0N1gKqcLMAmYBaIwghP/74Ixz06dNHYBtGqVRKt4349ttvbbL3kjlqa2sXL14M x82bN2fGWLL45ptvQKrw8vKC9ZTKykpmXqA6QWP0FQoF17oDkQ5BQUGrVq0CTRpsGCaTCbJW TJ06FV6VaXqhL0M9/1mlChKYFTswiYFajwYNGsT9a/133WS6N86cOVO8beDJkycQF/DOO++A k6NWqxVfcU2bNmW1Xl5pEr69b9++vFmYFi5cmJKSkpKS8vSDDnx9ffv37w/HsKeURXDBAkFQ XGCTkZEBIylkn6Xu0yaTaeXKlTAChoaG0sCBPXv2MIcScMh3dXXlbo8bGhoK9k9mWHlNTQ21 w0+fPp2G6TNp1KjRF198AX7mlZWV9V8ttkhJSQmVgcLDwxs1asR72Z07d8AOsWLFChCeIIbe OvR6PeTlBXmLpvwDqGEfYGZQZsX+0WRWMAuCuWjAgAHPPfcc64kffvghHAgkOa4rLDcIkF1U KhW1RQGOjo684RjiYbo3LlmyhLUtqkWgftu1awdyXp2U7FatWsGB8DoCZIeUyWTcLw0ICIC+ UF5ezpqJ5XK5i4tLQw0cUmnPnj2p5J2WliZSDmBuLo8gyN+IhvWNmjdvHmx0JJPJEhISiouL //vf/xYXF9+/fz8vL4/llsjaSmrz5s2fffYZIWTEiBFt27bdvn17eXm5UqkcNGgQTYVLJ0Ug Ozv7+PHjoBkPHDhw4MCBKSkp165dMxgMHh4ew4YNo9mOQYk099pr164FR3dzuLq67tixQ2Df LNZ3vfHGG2BzjouLGzNmDK/Z+YcffqDbQ5M/3Q+t5uLFi0VFReBiOX/+fOZO3yaT6fLly1Qj B+dHgBlMUVhYSJNmgqVkzZo1s2bNIoTEx8fv2bPnxx9/rK6u9vDwmDNnDnydTqdjxoJaXZ7g vhocHDx8+PA//vgD7nnkyJH33ntPLpe///77rVq1SkxM1Gq1rVu3hleqD0z5Y/jw4cKmBV9f 36lTpzKnxitXrnCNNyKBdTq9Xi+8lHD06FEItuzYsWNSUtK8efPu37/v4ODQu3dvam5hZsKm 62Jz5sw5cuTIzZs3Yb3JOsaNG/f6668zK8vLy4t5QXl5ubm94JmAx6tcLp8yZcrVq1d/+eUX XkdjBEH+jeKCXq//6KOPEhISYDrx9vZmDu6s4LekpKRFixZRh6+qqqoFCxYsWrQINBKuUpKQ kMDdJWjHjh2FhYWjR4+G/0ZERHDfSqfTxcTEcIcq6sAvk8kCAwOFP61Oht958+Zt3rwZDC0z Z87kTV2cnp5OxYWCggIBXU1koEF8fDw8VKVSsYI5jxw5AuKC0WhkxgqWlpbSSuFmGbp27dqX X345YsQIQsiQIUPo7uSA0WicMWMGUxKyujwfP34MFiBIsXzu3LlHjx7V1tZ+8sknsIASGhoK oqQArGSXAgXI3FddjKsmy0nFYDBkZGTAWkZRUVGdfAggpsDi2ofJZKLJK+VyeUJCAleeYGZe olY3Ly+viIiIwsJCAdcZi8VFCBGovrS0NDGyAmFEtUB31mg0Ns8AgSBIwyFt6AfU1NRMnTp1 xowZ4HjPGna//vrrCRMmUFvr4sWLaSIgmDWjoqK46lpWVtbYsWOZpnImp06dioyM5A18z87O nj17dnR0NK9aw40PFP4u1hmB6PPKykq6UNKmTRveuMrKykpIqk8s7SlF31M43r2yspLGN4Je Tv9EkwTn5eWx5iq6eRLvssKxY8emTp3KNdfv2bNn9OjRrKB/q8tz0aJFeXl59L/UJvTgwYPo 6GiaTpFOVxEREbDsxaxWEFx4VxbgxeiH1zX8hOvvQn0bmSm0uddzRUCoFDFmqoqKioiICG5W x+Li4pkzZ7LiOMrKykCuAlhLYLyNH4J6mH8SSGFSVlaWnp6+bt26jz76iFdWoGXLbKIZGRl0 kwuCqxII8ndD8pSfp1AowF1Lp9Mxh10vL6/58+er1WrYK5n7Q+qQz9QFLUtDUimE2BkMBozy sqWY+WfBmkwmkamxGqIh1dTU/AtzBNFOVKe+gCAI8s/B09NT2CiKIAiCIAiCIAiCIAiCIAiC IAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC IAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC/KVIGu7WoaGhBoMhPz+/ qqrKip+3adOGEKJQKC5dumQ0Gs1dplKpWrVqJZVKL1y4UFv7/9h787ioqv9//MxyGcYZkUVD jHBFwCSjUDOM0lQyNbXM1CRMFFFcEDfcdwXFLZcQISXXbFHfloaaJWUmkfsCIi6EEgWKODQM lxl+f7y+vX7nc++dyzCA2vt9nn/wuMzcuctZXuf1er6WU2XttAYNGnh7eyuVSvmrWYNGo2nb tm1lZaX4q4qKigcPHpSUlEh+W3s0aNDg5Zdffv31193d3YuKikpLSy9fvvzLL78UFBTUU8sD 2rZtq9FoioqKZG70r0Djxo09PDzUarUdI0ShUDz//PPl5eXyt1Cr1djaOCDlR5q/v7/ZbFap VJWVlVevXq3vRtBoNG+++WaXLl0IISaT6fz585cvX1ar1RcvXrRx5OPJfn5+arX6zp079+7d g3M4jvP19bU2/nmer6ysvH///oMHD/4LJKa3t7ejoyPdazBICCGXLl3ieR4+hFayffrgZSUl TFlZWXFxMV5cPMJ79+7t7+9vsVgePHiwZs2aakdsbaDX69u2bduoUaPy8vK8vLw7d+7U8oJK pbJDhw7l5eW2DMiaCm1CSLW9AAIzLy9Pcoh6eHh4e3urVCqTyXTz5s36kIetWrUKCgpq166d SqUihGRnZ2dkZFy+fNlisUg+bXl5uaOj45UrV0wmU7WrsMlkqnYZfczqglarTUxMJISkpKSk p6fbIeJXrVoFxzt27Dh69KiMVjFjxgxCSExMTHFxsbXTnn322enTpxNCoqOj79+/X9PnwZ/L oLCwcMWKFUVFRXXVhkqlcuLEiQEBAdZOWLly5aVLl+q25REbN27U6/W3bt2aP3/+v1q+R0RE BAUF2TdCsDGrBbY2XkfmdqtXr3Zzc4PjWbNm1V7gVis3k5KS6HGFYujgwYNffPGFzG/j4uI8 PDwIIadPn960aRMOjOTk5B9//NH22QE4dOjQZ5999q8eTvD6PM+PGjVKMEjokQOn5eXlzZ07 1/bLyp/D83xsbKxAwnh7e8+ZM4f+RH6c11IizZgxw9fXV/zwGRkZdl82KCgoIiICjqdPn15Y WFgnT0sPy7Fjx1qznWQEpru7+4oVKwTnm83mmTNn1tVDvvHGG0OHDrX2bVpa2u7duwVGDk7J kpKSSZMmyVx84MCBAwYMIIQYjcbIyMg6GAD1NKnwDatVfyTRq1cv+p1lzkR9XN64R8VcUl+r Ftb0esHYWrVqVc+ePeukAZs2bbp161ZaV8jJycnKyqLPmTZt2syZM+u25RHw87qaFY8RBoPB lhFSUVEhHiF2jBa8jrXb0bpCdHR0fesKhJB33nmHHkUWi2X79u3wb79+/fBhJOU4CCaj0Qi6 Ag4MfE3BsTzefPPN8PDwf/VwEk8rHCT0aIHT/vjjD7svKwbHcatWrWratCn94dixY/E4Ozub 53lkfeoWarU6KSkJdQWz2YzCISoqatiwYXUyPunjWoIelsuXL7d2GvaaoAs8PDxoXSE7OxsO VCrVihUrPD09a697bdy4kdYViouLMzIyaJEbEhKSkpKi0+noH6L95uzsHBwcbO36bm5uoCsQ QsCiroMx8AROSIVC0b17d/xXp9O1aNHi1q1bT8KzHTlyZO/evUqlErtcp9N5e3uHh4dzHEcI GT58+J07d65cuVKbuzRp0iQ+Ph6n5dKlS3Nzc/FbR0fHYcOGvfrqq4QQX1/fYcOG7dq1q57e VzBS/2dx8ODBAwcOYL+LR6yN9C+tK0ycOPHR8PNOTk6g8k6YMMFoNMKHbdq0Ad/EokWLoqKi JK0utPlsNJH37t37zTffiD93dXUdN26ct7c3ISQ4OPibb76xfR39V6NBgwY1/cmUKVMePnwo IIe8vLymTZsG/y5YsGDs2LFoFWg0GkJIfn7+7Nmz6/VdoqOjQcTxPB8TE1NaWgovuHTpUldX 15CQkJ9//tkOKe3m5kYrrIGBgRzH2WKe1QjOzs5dunQ5deqU7T9BZmL79u3Hjh2D4549ew4f PpwQMmfOnFra68uWLUM+ac+ePWlpabS62bFjx/Hjx4N2sm7dutGjR9N24Nq1a6Ojowkh4eHh mZmZksQJck4pKSl1JWeUT+Aca9u2LYzLhIQE0JTfe++9J+TZrl69yvO86R8YjcaioqJTp06N GjXq9OnTOK8Uilp5eWbNmgUHmZmZI0eOpHUFQkh5efknn3yyePFi1EBrr+oyyOPGjRt0vwtQ U13BbDZHRUU9Ml++j48PIeTs2bOoKxBC0D2h1+slKTEUN3v37v3rr79suZE1LurevXtLlixB mdunTx82oiQB8kQwukpLSy9duhQeHg48mVardXd3R5UOlpwvv/yyXh/MxcXF398fdIXIyEjQ FQghf//9d0xMDDwYKjQ1wptvvgkvvnr1algdQYutc0RGRtquvWm1WldXV0JIeno6jltCyNGj R+FfrVbr4uJi98Mgb2c2m6Ojow8fPiwgMn/99VfscY7jRo4cSX979uzZmzdvwrGkmti7d294 /pKSktq4pB+buqDT6ZycnGyxVj/44APQoS5evAi++Xbt2tmhp9eIF4LH02q11fKB1r7atGkT uAw1Gs1LL71kjdBzcnJycXFRq9Uywh17ev369dZOu379Okp8sUvCDkYHWgAfrFqNR6lUOjk5 0T9BNGzYEL6q9r6Ojo7WLiI5hyX7SK1Wu7i4ODk5gaVVH5Dpdxsh0BXQRSLfMnXC7jg4OCDH gLBYLIsWLYLj4cOHN2rUiP62U6dOoIMaDAZJwkASEKhlDRgkAcO7bgED2MXFpdop/Fhgo3iR mQWVlZVbtmyB45YtWwoa3Frcg4ODg5OTk16vr+UAbtKkCRysW7dO4GWrqqratm0bPEPDhg1l BrOYnFMqlT169CCE5Obmnj9/vkbGYYMGDUB02P5qMi4JAdAAO3TokOCr3377DWeQfY2pVquR t5s8ebK1WLrKykpkOIKDgwXaCb6Lp6dnYGCggEoZMmQIHNeVG+L/PXl9zxOe5z08POLi4ugP MzMzN23aJBmoqdPpoKt++eUXQsjhw4fBPdOtWzfbxZbtaNmy5ezZswUDLjMzMykpyQ7f/7Jl yyBCc8iQIQLiq2nTpnPnzqVndVpa2q5duyBuZd26dWfOnIHPx4wZY+PgPnny5KBBg1xdXfV6 vZubm3x8k4+PD5IWdDCUVqsdO3Zshw4d8Mz8/Pz4+Hjx6w8bNiwkJCQtLe3zzz+fMWMGcMuA 7Ozs+Ph4s9nctGlTdKOgfMFXoyGO8SkoKIiPj8fJ4+jouHnzZkJIVFTUM888ExsbS5+8du3a s2fPEkJGjBjRrVs3+uEXLFhQ52RmLbFmzRpYI3mej4qKkhxacE58fPy9e/cEbbh///59+/bh vz169AgNDSVSsU46nQ6DDMaNG7dkyRJcm319fVNTU0GvBSYsNzf31KlT6JLAS2k0GnRPCJq9 TgDcKcdxycnJRCrcsnv37mFhYYSQ+fPnC/jtpUuXenp6ZmVl4eyAp6UHcEFBwZw5c3r27Dlk yBCM0CSEhIaG9ujR49KlSytXrhQ8EgYMjh8/XuALqA1KSkrc3d2XLl1KS5gDBw589dVXtVmz LRaLIHw1PDwcgkLQw0XHD0oOJKVSuXXrVjhetGiRgMKEtkIx1bx5c/hccBoAA65btGgBqQ3w eGazedq0ae+++y4SBnA1/CFGQoBsP3LkyJAhQ/R6vaenZ35+vrV2EIsOnudnz54tSW6BMzcq KsrNzQ2c/bZY2yiFPDw8bEmFgMmbmJgo9neA2KSDDfGtT5w4IU8xlpWVbd++HSb766+/Tk8T 2iUxbty4yMhIjNWYN28eCsm6zZGpd3Zh0qRJAl2BEBIYGPjRRx9Jno+xG6DW3b17F+yw/v37 y99IPktE8tv27dsvWLBArJwGBgYmJSXZYaYUFRWBgqzVamlVOiAgID4+XmABhISEpKamAiWF z+Do6Ag2aF5eni3+XZx71vgMQNu2bVFXmD9/PuoKLi4uiYmJtKgFdXX9+vXwYGKEhIQkJyfT ugLoIjNmzPD39xesczAAgMaklevk5GRxPLCHh8fatWsFJxNCNm7cKF60oqOj/f39Z86cSesK +PBPlK6wevVq1BXGjh1rTQ0F3+SMGTPEbThgwIDExETke44dOwbDTBzrhC6qxMTEsrIy4BUE oDkYXHKcnZ3RRkGyKiUlpQ7XzmeeeQbtQmgNEMSCHgTJiDNRwPGALXHy5En4xMnJKSkpSTCA PTw8UlJSwMCi6RkQAvLZxdbCU+zAvXv3unbtumLFCoGE6d+//8aNG+24IEbFKpVKa88J/ERE RIRYV4CBhLe2WCyoNs2cOZO+oLe3N+gKPM/v3r2bEOLl5UUIMRqNkq2HvxXQeyqVavXq1bRz QbB6vf/++3AXCOLGhRwWSEl+MTU1VSw6OI5bsWJF7969JRmvP/74A+dUeHh4tRkooOfBQURE hKCpR48ejQu2YPLK8A00b/TGG2/Awd69e6t9Esw/Ek8TdEmoVCp8qu7du8MKkpWVBQbVv0ld QK127NixI0eOBAcVMFfihYEQ0rdvX6BAcbH8+uuvYSD6+fnJ8wQajUYrBY1G06pVK/EQB2cb z/OLFi0KCwsLCwuLiorCJrYvYAIsaY1Gg7ycVqsFHRCkM9zIWuwYxrOga0oemPzdvn17a+e0 adMG/VuzZs2izTXUQ7Ozs8eMGRMWFjZt2rRqeXIw4GJjY0eOHLl06VLUGKZOnUoI2bNnT0RE RGRkJE5+QUzQrFmzQICaTKbp06eHhYV9+OGHaG9NmDBB8o7bt28fM2ZMZGQkdtDUqVN9fX1N JlNsbGx4eDhS61qtFop21OU8qfkqAovTmjVrYPbyPB8REWEj7fHTTz99+OGHYWFh48ePRwWU lpIYHU2Lv4EDB6KkACtnxowZU6ZMgW8NBsOECRMmTJjw888/S7okxo0bp1AoWrVqBVx3fn5+ Tb2eMm/XokULHIRIE4IbWK/X065GtVqNVLBARLZo0QIFJRwsXLgQWyw8PJxuMRkS+9EIPeR1 zp49C5Nr+vTp0ER6vd6ODBFcEgoKCoxG47hx43AVPHbsWGRk5IQJE4qLi93d3SFzuKCgYMqU KSBwYmNjYV7r9XqIZQFWAFqS47gPP/wQl14MW5k5cyZIJOAMtFqtpLsBLSuB3kbzoBBdQafE I5F86tQpWGjLysqAVPD19XV0dJSkb3GkoegAzgw4Xck1Ra1WFxYWYggCiiwZVFZWQvYQ2DZQ hKZ169bJycnQrQcPHrTbcH/66afhFWyRtCaTCbRqjUYjdhAjx9apUyd3d3eO44CW43leTKH9 C5wRYPFcv34djs+fPz9z5kx4yY4dOwqKcnh5eYHs279/P36Ynp4OhsKwYcNkIrRhrbIdqAgv WbIEV1CDwbB27Vpgll5++WXwydUSgwYNgoOEhAR837y8vHHjxiFNShvHcHDu3DlbLo4ElDUr sHXr1thoM2bMoBmLNm3awNA/ceLEJ598Ah/++eefUVFRdAC/GHQ2+bVr15YuXYorAd3XKSkp rVq18vT0pK2rxo0bt27dmvzfWG6LxXLgwIG///57+PDhGo2mTZs2eBHA7NmzkZxcu3YtPh79 JLm5ubGxsUBlWfOh2o3IyEhrgdDWcpo9PDxGjBhB++nVarUtOYdHjhzZuXMnduvkyZNhQIaE hHzzzTfAXpaWliYlJYEFuXTp0kmTJnl4eEDeFM/zuIoYDAaDwVBcXOzm5nb58mWMUKORm5t7 8uTJoKAglUpFD3gkKmzHuHHjvvjiC4GJ+fTTT3fu3Jm22zBvKDMzE+zI1q1b49RAEgLWNkdH R5TLoD0YDAYY7Rjlk56enpKSQreY/AB+lKB7s7CwMCIiYv369Xq9Pjg4eOfOneIlh66KQYuF mTNngmw0Go0gr8rKynJycuCEy5cvG41GCGV1dnaGD+fOnYsKXEFBwdSpU6HAwFtvvYVrybp1 67Zs2cJxXHBwcFpaGvjycP5iiCta2z169KD9YoC3335boCHRQI/Sf/7zH0kimfYy7927NyYm Bhgmgfc5ICAAri8QHcePH0fnVFRUlLV5un379pdeekmv19vokgD1AsanIJyw2mol8gANzHZn 94ULFzw8PDiOc3JyEjgvTCbT6tWrocXotM/ly5fXR9nAemcXTp8+LRD9d+/eBfVfPJ9x2CHZ SKucXl5egoCsOsELL7wg+CQ+Pn7q1KnWzNxqzW7BJ+AmKCkpEehGZWVlqBeL2QUbhV1FRQV4 FsQxcaWlpU2bNkX+YMqUKQLvBmSrms3mTz/9VNwC8uw6/e/t27dRpgj6Wsy2dezYUfIihJDv v/8e+UPBEBI4MjMzM+EAghvoxq+npHM5jdtKeNqcOXPojBWO42zR93meF6fFrlmzBg7oCjkn T56EZnF2dh49ejSu7nPmzJEkRWWiJpOTkwXEQEJCgh3GE8dxQ4cOffv/onPnztgpmZmZdLBF SUkJfPXKK6/ghy+++CJ9TfSagwlFqOgz0B4kB7AtFuQjgLg3LRbL2rVr4VjMgXEct3Xr1lQR li5dihwSPYqQ9JIM90MWAfXa+fPnT5w4kZ56VVVVqHAvWLBg3LhxMGjz8vLoBRXJzgEDBghY 3hdeeAHIDElkZWVZy64UE8mg9yBVJjgfXVRiRfbu3bsHDx4EngOsEUksWbLEdpeEi4uLtRSe Hj162B2DrNFoQLbjm1YL+Qji8+fPC6jo9PR0yRCTfwG7ABGL1hZFGg4ODlCV6MqVKwIPWWpq Kuh3ffr0sVZjYO/evZcvX5ZsWbPZHBQURJd+opW7/v379+3bd+/evRkZGSC8apMULnD5y2c6 nTp1Crgju8FxnDXFgvb3z5gxQ1xuEqZ9dna2WA8tLCw0GAySM6qsrEwQyosUGcxYgYQSfALl IsDkFROAkq0hOYRAFt+9e9eWoVV7mM1mgSZk4x3z8/NXrVoFDmxnZ+e3335bPszt0KFD4gvm 5eVBd7Ru3RrzdUG+Q7Rg165d4ZMdO3bYMXotFsvy5ctRs8zIyKjDWrxgdO7cufPHH38Uj4df f/01JCSEVtlh7dmwYUOPHj18fX1ffPFFqJADXCs9HmA5zMnJETtBiouL7927Vx8pGDXCN998 I+5NeGCO4wICAiSjgGWwbNmyalcC5JCmTZtWWFj4+eefX758GSSq5MpdUFCwf//+AQMGcBwH PBDP8+jlwbm2e/ducIfFxsZmZ2fv2bNHoVAMHTqUDmMSq87WCvIikSyQ55WVlWlpaSEhIRzH CVhG4PDz8vIkFdnDhw/369cP+EtrTVRQUHDs2DEIywBOzlob6vV61OrS09OBB9JqtcOGDQsO DtZqtZs2bZKpFCnvXIC5bC04TFL4yJ+wfPlyDELieR6p4n+fumB7lgv6vdq1azdw4ECM0qqo qEDa6rXXXtuzZ4+k8XTixAkZV5BKpRKoCxaLBelclUo1dOhQmAzZ2dmff/45snx2rCuSa4kk 9WQ0GgVCDeebjVSVvOKJePnll62tUta8GH/99ZekuiCT64WMpbxyXSPNWn4I2ZLLZGMTyWPz 5s30Om0jkDVdtGgRmET9+/c/c+aMTDUba1+ZTCa9Xg8SkxbitCcoLy9Pply6PHJzcy9evAg7 WQg4G9shKKPbtGnTJUuWQPe1a9fuyJEj4p98//33sDZAag/mu1+4cMHNzc3X1zcoKAhWFFAp jEYjKpowuSQ9LISQS5cuydS8ezRA4k28oru5uUlqM7m5uUVFRbSXuqys7Pbt21evXrVRESwo KICuBB0Lqv3AsmetQNa+ffteeeUVNDzmzJkjNiG+/fbbpk2bAqPj4+ND14ZPTk6GjAZB2VmZ 2YdE8ocffti4cWOMVCgvLw8JCYFjOsZLo9FAc4lvgXoGLWGswUaXBHo06GQHo9GYkpJy5swZ iEWbNGmS7ZmZ4rlsu7rw7LPP4ny3dsGNGzdCNtOCBQvqyWQiT1SZJjqSa8CAAW/+gwEDBuC8 0mg0sJtLTVcFyW9Pnjy5aNEigZLh4+MzZ86c1NRUjKuqEWBTE7PZLFA8rQ1iQdf+/vvvcEC7 e2WAQUZlZWUyp/Xv319QO9bR0RFaVbzrBODatWs1fXdbFmZ430dZLNLG8GD0+NYVsrKy6IUc I63mzZsno3KJC/LLg64hXctSiUDVWCwWu72eAh33jz/+iIiIgPkVEBCwbt068U/++OMPEILA LML0MRgMsA8WoQIhoZaUWL5bK+8hZjIAtdl3raaQlyHiJ4Gw602bNm2ksG3btu+//75GnZuQ kECnWQKCg4Pj4+OTk5Mlc75o9tFa023btm3+/Pn0opWZmTl+/Pgff/wRgnLEbJ81AwDL23Mc 9/bbb6O0RzUCGAgMQuJ5Hu5748YNa1wjnCBI2hIDY3vDw8MbNGggNjkUCgVMw5KSEnFi5Nmz Z8EJ2Lp161qW47MxgBoziWSGLjK+dZjK9OSqCy4uLqjb5uTkFP5f0HxjLdl7sS4fFRU1evTo FStWCEbGwoULaxpErdVqIaq8vLxcoAnaKKSAbyCE+Pn5SWbBCfDuu+/Cgdh0M5vNkZGRmBS3 aNEienCXl5fDjazpJbYUWbID8Azyyk3dAqML5eMfcZ2uq1S6DRs2CMwaWDhVKpWA6RUoGTW6 Cx3826lTJ8nI8McIi8WCI9DZ2RnDfmn1ESJRwEsFoxFClzDO7plnnkGnm1hdsMYuyAvfamkq nU7n5eVVS2pKPr+pnqYY2kKQ6rVp0yY69IfjOAyFQbRs2ZIOdMAEBEn2a9SoUWH/YP369Q8f PnRycgLbw8a+gBgUkFHZ2dkCaY+7MxBCkGmwWCygjFpLeuI4Dnisas2DwsLCtLQ0OJ45c6Y4 BcPR0REuBUl5YkBIFsQe2tE1IKs5jkMfogw8PT2hbespHKFGeFL2jMCUWXFhFgTEhzs7Ozdp 0sTGqrS26HcWi6WiouLy5cuXL19OTEx86qmnxo0bB6s+HbBtCzA0BmN6cYWWrBiKYS+CwTRk yBCVSjVo0CD5zSD0ej04es1ms1jp3rx5MwRLQ9y7RqMZOnSo+ILWQn4EcVJ1hTt37ri6uiK9 JkDPnj31ev2lS5fsdgbJsJR+fn4ytV/gkXieryv1XKx2zJkzBxyinp6ePXr0oIvLIiQpSoVC AYJJEMjZo0cPwflTp04dM2ZMve5fXFOUlpYiU9qvX78TJ04IJu/x48e7dOni4eHRqFEjUNrA 71NZWZmfn+/p6env7w8GMc/zNJsCk6tZs2aS9xXUbJAf2HRAJUxMyFqKj4+X3P/FRgLGz89P vHqp1WqY9RcuXKi/ZlcoFFVVVQaD4fTp09Cebdu2nT59OsdxEFCFrKparcZsCJQJ4p1olEql VquVVPRRSZWZXzRgHymz2TxmzBhJgh2rjb3xxhtffvklUJKg91sjbJC+taW0665du4KCgvR6 vZeXl0Ctp3VHa5H11oIJgoODxS5LIMxo/PLLL0Clf/DBB2L1d+PGjSdPnty3bx9wPOhLorMF HxeeCHYB95QymUwybl2MpIOQllrilVdeSU1N3bp1q4AZ/vPPP+niELZfsHnz5vhgGOSPbAHS ADQkNeXvvvsONWsZY1GpVGKE8JdffinjxYdoOCLaXQJqNrRo0UL8mi4uLvUUJgZ0JZShFL/R 8OHDBwwYQBOStQeKsPfee88ac+Dm5gbrrslkqo8EJCQMcSvI0NBQgXsIILn/aocOHcDcOXHi BP3MkOXF83xYWBgms8hntTwWZGRkYMaQYGVCE5zjuI8++sjNzc1sNufl5dFzoV+/fpMnTyaE nDlzhnbeQZygp6enWKw3bNhQPMBkqAJBehSOEyy3LFiWbDT1JIMnkIe3pVygHZg5c2Zqaqp4 Fbx27RpGpdBNgVVhEhMTw8LCQF6FhITQC7NWq926deumTZskN3QA0ggTXOWBe0rB/juS55SV leGowIoyQNBijKQAWMfPxoo16JIQw2QyiRN2xO/L8zymNcp4JcQb+mCWHMdxgvw7Dw8PvV4f EhKSmJjYs2fPPn36gFwyGAxYYud/XV3APaWOHz8ucxqWl+natastWwxUa/TAwWuvvSb4CkqY 0XRotXZk9+7dcfylpaXRrgfI0NVoNII9Xhs0aIATlUZFRQUG5U6dOlVy/WjSpMnWrVthRS8r K5Mvj22xWDCvbN68eTiyv/32WzgQ1xWv20rjYiJOcrqiJBLXaa8NKioqQGPgOG7p0qXikdO0 aVNUED/77LN6HerHjh3DRWLJkiVi9QVcuQJqFBZLnudpDgkbENLDrly5AoLS2dkZYr+fKKBq K97Riud5WsQ/fPgQVxEIXxAPHsE4EZPnkvvugFHIcZwgFdDf31+gl+MDDBw4kCargf0i/zdk RAYQSy+wm8Fe5Hm+zovuASAUVK/Xi/VR9LhhlElAQAC8O/rpsQjvnDlzcHwajUZoE9iPUbB2 giDC0hfygD2lCCHyKUJYrGLUqFFwgAH/4s5t3bo1lqG0MciDdklIkqAwlcS7rwUEBIASSdec Bi22ffv2AldXaGioZKQ2xvEEBgZu3LgRo0n++usvzGoePnz44MGD4XP7Yir/O9UFDHKUj+su Ly/HmpeYvm830MsQGhoKabgKhUKj0XTv3h23VhNza+PGjZtFYcWKFUBRYERFSUmJgMQ7efIk dH9ISMisWbMaNmyoUCjatm378ccfW3u2s2fPIlM9YMCA1NTU7t27N23atHHjxj4+PgsWLEhI SMCTcRsSGVy7dg1ruWNr5+XlQXt6eXklJSW5u7srFAp3d/eNGzfaHrVbUxQVFcFN9Xp9UlIS 3Eir1YaHh0OWSllZWd1m8REqVb1Zs2YpKSnR0dEdO3Zs3bp1586dN27ciOa40Wisw93brAFD yjmOE6tlZrO5f//+0dHRDRo0gHGCFuGWLVuQQwoNDYV1Kz09HQk5lCmhoaGPPYdQbC8iszJ8 +HBBHAmt79I6wb1793DlNpvNAuqxuLgYhoper09OToYB7ObmtmbNGskB/NNPP8FBbGxscHBw o0aNGjduHB4eLq7wVllZCSOB47jNmze/8sorfn5+CxYswMVS3rChERISMnr0aAcHB4VC0a5d O6zM9umnn9ZTBDuysPHx8T169IBbN2zYMDw8HNZUg8EA7iq64CyuwYWFhXAFwfiEPtLr9XFx cUAPNGrUKDo6GihVg8FgS1Io7ikl0H3FuH79OnS9s7MzeHJzc3NBE2rWrFlycrKnpydI7D59 +mAOMGzZYyN27dplLZkOS2UPHz48Ojoa4qC1Wu3777+PLUYLYSzVvGHDhrZt2zo5OXl5eS1Y sMCa4s7zPMb06PX6xMTE8PDwFi1aNGzY8Pr164KQYYPBYKOXp77xeGIXaOpGp9OBsiaZiy/A jh07ILZr+PDhNdq8XNLmXrx4MVwtODhYTBsuW7ZM0gcs49QXbKCCmDRpEogJHx8fMUkoie3b t+fl5eG+pZIBniaTafLkyTaGDX700Uewo11ISEh6ejqMv0WLFiUlJXEcp9Fo6KJgkqiTjERC yMKFC1etWuXm5qbRaMT7idiyu6bMk0iygiUlJQkJCbgqBAQEICFMr9NgxNc3TCbTypUrQSX1 9fXt0qULjmTMqg0ICBBokxkZGegWpW0pOsea3nVm2bJlmAxmY/y23f1r4/WPHTvWp08feMEl S5bQWe90fAC96lRVVWVlZYH5m5OTI/YTJSQkwCZtsGuA/APk5eUVFBSAJiGowZyZmSmIdfj0 009RJqCBiwpNtSYs3SZdu3YVBLWlpaUJFNNaxtjTKCgoOHjwIKzioaGhgv0XzGYzGhhIOqak pNAL5xdffNGtWze9Xu/r6/vCCy9Aj+zbty84ONjV1dXDw0NQYw22krLl2dD9evz4cXltqaqq 6vjx4xDq+PbbbwN1MX369JUrV7q6ugJTKPjJnj17asrYL1q0SHLYGI3GefPmAYEnKS7i4uLo 8jNff/011FRVqVQ0+cHzfGFhodgfQQi5e/fu9OnT8e6SaxDqE3FxccuWLatpVO+/hl3AoSC5 mIH2BF9hkJEtPPD169ex8rnAYSmfgi/57fXr1ydOnCj2dWVlZUVHR9MBujJVEIqLi9PT09eu XTt69GhrkYllZWUjRoygHc+EkAMHDsgXrj5x4kR4eDjaZAL6ITY2NiIiQty8+KaCXAzax4FL ssViGTVq1J49e+gz8/PzP/zwQ/iQVuAg9EbsbsTAH/FX8DDiHW9jYmLEatOJEydGjhyJ7kCZ IQRJX5JBBvArcSzSxYsXx4wZI7mnC8/za9euHTlypLX8MWJDpRQbxyHg0qVLqCKMHj0a/SOu rq6ZmZkzZ86kWxKKK9CbEmH0kzjH+uzZs5BbodVq0bkDo7faepfw+jaGbtANglp1tek/KOKd nZ1pGVpWVgY+GhCv9E+QcbQWph4bGytIGszOzp40aZJkZEBsbKyAA+d5fuLEidi82PI8z3/4 4YdYPxTfesOGDciTVysAFy9ePHHiRMEVFi1aJBYU0Ec13QXX2mT/4osv5s+fLzad09LSUGi0 a9cOSALJzUHonUTww8mTJ8OOU4JFeuTIkda6XrDCYR6WLQVC0NmEXHJlZeXkyZPFOaI5OTkx MTGHDx8WUETVTsnCwkIMIRQUaL99+/aoUaPELZOZmRkZGSnQS3ieHz16tMB3lp2dPXr0aBB0 kj1bWFgYFha2dOlScQIqCKWJEyeCBPbw8Fi/fr1k4IjtYqcO7HzCQAih4mnt2Le6RtBqtZgU hLvQ4p7CMiQePGFlZWU97c6s0WggT6S+W+Cx3xQbE5a6+qtqUiPANge4vTLHcUqlsrKy0nZN hU1hEPrQoZBIJblddY0GnkKhgOz82kw9R0dHhUJRf5NX5uEhH9tisdThrcHX/oin7WMUHRhb IGNRCB6M5/maBk1beyN/f38wLGNiYqol4OsVaiZlHo2WILDhaspAWiwWW0bqv6IFHvtNH0Fj 1h6PeF3575vC8lqg7QOvqqqq9mVCHldqa1VVVX1MsSdh+jxK0VGj97X7waz98OLFi2FhYZ6e no9XVyBPVFVHBgYGBgYGBjGehGhHpi4wMDxBeJQlill7MjAwMHXh3wF0RthSiYzhvxswBiRr NzGw9mRgePwLFmuCxwsfHx+lUnnz5s0nqnAvw6NHy5YtHR0di4uL//zzT9YarD0ZGBgYGBgY GBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgY GBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBiqQb3sSKnR aNq2bVtZWWnLyWq1uqioqKCggBDi7e3t6Ogo+cOKioqysrLi4mKe5+1+MK1W27ZtW4vFcvHi RVvOd3d3f+qppwgh169fNxqN8u+rVqsvXLhgNpvhw6ZNmzZp0qSysvLq1avwSePGjT08PGxs FvyVAE5OTi1btrRYLA8fPrx165YdXVBRUfHgwYOSkhJbnqRly5bPPPNMZWXlw4cPc3Nz//77 72p/otfrX3jhhaCgIBcXF0JIaWlpZmbmr7/+WlxcbO0nbdu21Wg0OAwkP/n/h6xC4e3t/fTT TxNCDAbDtWvXHjx4UJdTQqFo2bLliy++6O3t7ezsTAj5/fffz5w5c/78eYPB8ORM3QYNGvj7 +7/44ostWrTAdj516lSdtwbd2levXq3zRlAqlR06dKisrBTPyoCAgMrKShsHHgMDw79PXXj2 2WenT59u+/m3bt2aP38+IWTjxo16vV7+ZJPJNGvWrKKioto8WExMjMzqhQgPDw8ODgZBGRUV VaPLwm9NJlNERAR8EhERERQUZMtz0r8SYMGCBS1btiSEmM3mUaNGWSwWu7ugsLBwxYoV1lrS 399/6tSpgg/LysomT55sMpkkf9KkSZNZs2a5urpKfsvz/OLFi2/fvi3+Cvodh4HkJ4AuXbpE RkYKfl5QUDB37tza6JGoub733nu9evWydgLP8zExMaWlpY930jZq1Gj69Omenp6S3xYUFCxe vLisrKz2N3rhhRcmTZok+DA7Ozs+Ph7V4tpj6tSp/v7+PM+PGjVKoNwnJiYSQlJSUtLT05mw ZmB4vFA+UU9jbR0S2M2rVq1q2rSpHdfHFcVGEx8ZBb1e36dPnxpdtqKiQnBa7SWso6Mj6AqE EJVK9eyzz1b7SPLcyapVq3r27Cn+6pVXXkFdwWw2Z2dnw7FOp1u/fj3HceKfdOnSJSEhgdYV srKysrKy8F+O4xYtWvT2229LEh6EENqCFH9CCOnduzfqCvRTeXh4bN68Wa1W16ZtnZycUlJS aF0BbnH37l36FdavXw+m9uNC+/btP/roI1pXyMnJodvZw8Nj06ZN9k0QGu+++y7qCmazGdvB x8dn48aNdfU6AQEB/v7+Nk5bBgaGxwh1fVz08uXLkZGRtOFrsVhGjx7duXNns9k8ZcoUwTIg FgdTpkx5+PChQEvw8vKaNm0a/Dtv3ryoqKiqqqpH1lKDBw/++eef79+/b+P5169fd3BwoBWI Tz75ZNeuXZJ8gMVi8fDwWLx4Mfybm5srec2XX36Z/nfUqFFi40+AI0eO7N27V6n8f3qhUqnU 6XTe3t7h4eGw6g8fPvzOnTtXrlzBn+h0OrTz5s6dm5eXB8cjRozo1q2bRqOJiYmJj4+n79K8 eXNcyE0m09y5cwsLC2lreMKECd7e3oSQ/v37FxQUnDp1iv75Dz/84Ojo+Pvvv8t8otPphgwZ AseLFi2CJlIoFOPHjw8MDFSpVB988MEnn3xip9asVK5evRr/Xbt27fnz5+mecnd3j42NBWVo 8eLFERERNmqcdQt3d3ecAgUFBStXrqRJsqZNm86dOxf4uSVLlgiM9RqhXbt2ffv2hbk5bdo0 GPYODg5xcXFubm5arbZnz55Hjx6t5evodLro6GgZ4+Gnn37ieV7G6cbAwPCvZxeMRqOJAs/z JSUlhJDy8vL79++b/i8EK2hZWVlRUZHgnNLS0kuXLoWHh4PrVKfTubu7P+LGWrJkie0nnzp1 KiUlJTU1FT+pqqoSNAvdPuPGjcPXFyzGiH79+hFCfvrpp+3btxNCnJ2d3dzc5B/j6tWrPM/j jYxGY1FR0alTp0aNGnX69Gk4Jzo6WqFQ0NQCHMyfPx91BULItm3bIJKgdevW9C0UCsXcuXPh OC0tLSIigtYVCCEPHjxYsmQJEMuEkMjISIHL6cCBA5999tnPP/8s80nz5s3hICEhAdWpqqqq 9evXw5L50ksv2d2zo0aNAuXJaDSOHDny7NmzgjFZWFg4efLk/Px84HW6dev2WKbrvHnz4GDP nj2xsbECh9off/wRFRUFH3IcB340uxsEDiZOnIgqckVFBXq4BgwYUPvXQf1YEhaLZcuWLTjq GBgY/jvVBatshg2Mscw5lZWVW7ZsgWOk5e0ALAZKpdLJyUmv19vIY8u7JGqDiIgIDw8POBZH DKBlCdbtb7/99tNPP8GH/fv3l7+ypOMAsGnTJlhaNBoNvdYCIW8ymcRW3Zdffgnn0+v9G2+8 AXc5ffr0rl27ZPSnY8eOwfHYsWNr2kQvvvgiIcRsNl++fFnMZtWm8Z2dnSGmxGw2T5gwQcZn tGDBgjpcLGuKjh07QrOXlJQcPnzY2mlLly6Fgw8++EDyBEdHRycnJycnJ1pHFDQIqKHbt28X EIGVlZUnT56EZ6jl6/Tu3btaZZeBgeHJgfpf98RNmjShl/y4uDgPDw9rsYHu7u4rVqwghKxe vfr8+fP4uZOTU7du3d555x38xGQyzZ8/X9KOMRgMq1atgpi7wYMH//LLL7aESQ4bNiwkJKSs rAxpA2vo1KkThkDOnj3bWhA4agZZWVnl5eUFBQUeHh5du3b99NNP7SbGly1btmrVKkLIkCFD 0EEQExPj6OgoGXMKJr7JZCovLxeoF4SQan0BO3fu7NGjByHEz8+P4zh0Qq1evdrNze306dOb Nm2y9smNGzfAstfpdAJHlUqlov/V6XTwq8OHD+/Zs0f8GKGhoT169MDYOqQKtmzZIu8m53k+ PT09ODgYI+9wgJnN5nHjxtHNQghZs2YNaHhxcXGjR492c3MrKSkR+I/wCgcPHvziiy/or3r0 6BEaGorPiTrK8uXLZR6yuLg4Pz/fZDKJVYoOHTrExMTQn2zfvv3kyZNA/EycOBGyKt588014 ox9++EF8/aSkpKSkJPwXglKtxQL7+PjMmjWLiIKL3d3dwbW0fv36v/76a9GiReLfajQauNG6 devOnDnDhDUDw/8Wu1B73Llz5/89ulIJQhYkC6STWVtiBXmJy5Yto3UFuEJcXJxk1JVCobhx 4wa6FSRFm91sStOmTVHOpqSkAN0t0U9KJagUt27dAn1i9+7dsFJ27NjR7sYsKiq6d+8eIUSr 1WJ8AyGkvLxcnDGh1+vBG1JZWYkKiouLC6yIJ06cECyWkqQO9JdKpWrTpo3gW51OJ/PJzZs3 4WDEiBH0OY0aNYKWwZW+rKwMXqp79+6Svfnqq68SQnAFQtL+7Nmz1bZYSkpKWFjYZ599Bv8W FhYCZaJSqWbPni3QF6FlMjIyrl69+uOPP4Lh7ujoSJ8WEBAAB2IHB6hW4HnhOA7CG/Pz8//4 4w/5h5w9e/aiRYt+/fVX+sPIyEiBrgCaEzqJBHj48CH0MsdxHh4erVu3btGihXg8//LLLzA2 IG9WgKFDhxJCjEajQMMGr0pJSUlmZqaDg4PdDBkDAwNTF6xi9OjRcABMQGZmJvwLJpHkEnvp 0iVxngIoDWFhYR9++OH+/fvhk6lTpzZo0EByyT9+/DiIPL1eP3DgwDp5FwcHBwxTOH36tEy2 GOoxuFAhAz98+PDaPAOsmhqNpmHDhjLyOigoCOPhP/74Y/wKfSjnzp2z5XYZGRkClshG3L17 F3SpwMDAuLg4d3d3rVbbqVOnjz76CE5YuXIlniyjRLZp0waWn//85z+gJ8Ginp+fX626I4nt 27dDPI2Xlxd2k5eXV0hICCgxQHVgHIbAifbaa6+hNkZrEhqNBtr222+/pfVO+7wA7dq169Kl CzYUDHuaJKDx3HPPEUIuXLigVCpnzpyZnJwcFxc3b968hQsXpqSkCAb/oUOH4OD1118X0wPw stAdiIiICOCuZsyYwUQwAwNTF2r3WEqJB/P09Ny4cSMI97KyMvCsm0wmqO4SGBgo+BWE4hNC Pv/8c8GlzGZzVFQUZOJZLJZ9+/ahjSXjlsbIrAEDBtR0tZNEXFwcHBgMBmTdJQFWmslkwpQ5 9CLr9fraZ83JdERqampycjL6enbs2EGX00GawcZsN4yC7Ny5c00fZvbs2aAxeHh4rFixIjEx EYmZ+fPn05EW6FgRK5Fo78KlMKSxNs54LA4xefJkpVKpVCpxqMycORPydwoLC6GJ6PQWMNzp EY7Hvr6+NDH2zDPPoFpZGyV74sSJly5dghc/efIkxqgKlnkgXbZu3YqPgRgwYACGRxBCiouL gcsBLoRGYGAgHNB6cNu2bUGJT0hIsE8/Y2BgeCx4EmMXNBrN1q1b5c8Bjztg3759/v7+KpXK 19eXTgjEJVYcsrdt2zZBcbpTp04NHjzY1dX1tddesxavd//+/T179oDPdcGCBTKFm2xBREQE hHqZzWaZdDJCSKNGjWBR+eWXX+iI/a+//hok79tvvy2vbchAPuwcVg4a77777oULF8Srvo3Z bhheZ0cdIT8/P2u1ifr3779u3Tr812g03rx5s2XLloGBgWq1GnUajUYDaR0Ce5dY8USo1eqh Q4eK6zI5OTkdPnwY/TVFRUUwMFQq1Zw5c7DRtm/f/tdff9HMSlBQUMeOHVNSUpCEoC/bqVOn 69evwzHUwygpKYE1FXOGbalNIoCzszMo2Tt27BDUfMzLyzt58qSgehidn2w2mxctWnTr1i2F QvHcc8+BO8PT05NOpPziiy8iIiK0Wq2npyftTQN/X0lJCcaacBwHLpusrCwbK6syMDAwdsF+ LFu2jK5MkJubC2v/e++9hx9iRSPgcgXUgiDvHwDRABqNRuyPQBw+fBhdEpIVh2wEHd44a9Ys edMcffD79u2jP7979y48TOfOnQUecdtBW7diGI3G6OjoESNGjBs3DmxEjUazYsUKJFeQ7RBH HkgClyIbz0e0b98+NjYWjpOTk8PDw8PCwqZMmQKm7QsvvCCoHbRz505CiEql8vPzww87dOgg tncBUO1bAJVK1aNHj7dF6NGjR7t27QQDA7NMMcgAM0EA3333HSFEq9U2atQIPgGm4eDBgzD2 cEgolUrwa0AqCqH893YU+8JXQ08QDbyFGDzPR0REgCJYVVV1/vx51Gvfe+89JPPQIQj+F9RR QBumc4khtYTneWupwgwMDExdqBlyc3NPnz6dQeH777/ftm3bjBkzwsLCsJwfAuRyixYtcNUE /yvKaBrl5eWSyzPS0fKhVQsXLkSL1j6XBB3emJiYWG3kGtK8UVFRgwYNeu8fvPvuu5iK1rVr V/uautrl5/79+1VVVWVlZSkpKcnJyfDhxIkT4QCtVayLIA98YFuyS2jgQjVlypQff/wRCIOi oqLJkyeD8qfX69E9Twi5fv069PKgQYPwQ2CGaHsXIVmrUdIpZs3Kx4EBK6KgfDUhBAtgo9by wgsvEEJ+++034Db0ej2oqs2aNRNwHmi121FuBLqG53nJ8tUye0AsX75ckHRz//59CPThOA6D XUwmEwSidunSBVsMIjfNZvOFCxfgk6CgIFCk5syZQ5NkMAIfS9krBgYG2/EkOiNMJlONsg8I IcePH4eYg4CAAFg8wPQvKSkR77ij0+mUSqW13RaqxYMHD7Zv3x4aGgorxLhx42pUXJIOb0xL S5PkOWi0bt0acxq9vb0xIEOAt99+W2DL2oi2bduCyLZlF58ff/yxT58+Hh4euGihtiETKUkD 3wVXEVvQuHFj0OH2798vTtlISkoCReG1117D9qyqqjp+/HhISAgokeXl5U5OTmJ7F4eBoPYU kithYWECWsiaE0qwCZl4/ausrAQXSc+ePdPT03U6HfgI7ty5gye3bt364sWLuFMJqjV48Zdf fvmbb76Rby6O45ydndEPgi4PGwcqOIx4nofkVQHOnz8Pc43OaNi5c+ecOXM4jvPx8YFgC9Bx MzMzMb0Cw1+aNGlCp1EAxeLg4NCxY8fy8nL5vdMYGBgYu1ArPHjwAKhgMB+dnJyAY4fqhwKU lZVZq8Rs4+2OHTsGxrFOp+vVq1eNDCMMbywpKZEpaoTAQPTi4uK7d+8WUigoKMBK/jqdTjKV VB5arRZcNtYYFzFgmcdMCsxvHDx4sC0/HzlyJBJItj8n0ul0nUe64yDqU7DkHzlyBNd48g/V T9u7sCjCK2i1WlsiRmWqgNMpAxzHhYeHi885cOAAMhmQSmowGCoqKiwWC/AHkBYLfzHpAJ4T hpyHh0e1iYXvvvtuQkJCamoqsBfAaiiVShs9Vni+5LeortHNhVwOaBKenp6gF0L6ieBqU6dO jaUAupFKpRo/fvzUqVMl242BgYGpC3UGKMjj7Oys0WggJNtsNktm9+l0Okm5CcutyWSyJQoP mef3338fi/1VCwxvNJlMU6ZMqfZ8R0dH8GGXlJTExMTMnDlzOoXY2NiZM2ciV0GHbtgILFJJ G6yrV69OTU3FdV0SZrMZQvBwN3CNRkP7AgDt27dPTk4GAoMQ0qpVK1DjDAaD7btv0Ja6Vqu1 /VdFRUWwxELYIPxFexeBabSSaQLiF5f83MPDQ5BTExwcLKaCINRDpVJ5enqCvwwUHULI999/ Twh58cUXPT09gXWAkgYICC1UqVSwm4PVKa1UYgwB3A4qeatUqsaNG4vPF0ePQqOpVCrJ1kYt gS4QDlwOaGwKhQLUHUw/IbJuHQYGBqYuPFJAehgh5J133oFqQuKFASFJ6YN1SNcgkuczJKkL GdDhjbGxsbbcBSofE0JkeAjYFYIQ0q5dO5kgTTGaN28ODYVrFQC4aGtbMMArVFZWIhuBcf6R kZECA33o0KEQDJ+YmNi2bVvUkKyVBrIGXHXAXBYvkPBUYsYC4vg8PDw6duwIihrau4hz586B /16v11dr2tKBk3SLYebkxIkTcbetmTNnCpgAo9EINNjSpUuBrke+BLQuvV4PaYri0kawHoMF L7nwA3r37o2NBg4mDI6BXCFrfA/ixIkTcICZkDSwUIQgegOKSHIc98orr8C2I3T6Cbh1JLF2 7VryT1hlWFiYLUobAwMDUxfsB9YhCAkJAeNMvDAgJk+eLIjMf/fdd4E+lSwbLAl0SdgCOrxx 8eLFEM9fLTBMT6bgYFVVFcp3G7c+UiqV3bt3xwCRtLQ0OnABfM8ajUacSR8aGgqtRDsFMPyN EBIfHw/MP+Djjz+GYAKtVjt79mz4bV5eXk2T6IxGI2gn/fv3F8ckvv/++3CAIfoIyAXgOG78 +PECe5cGbh4WHBw8a9YsyTiMxo0br1mzBn0udIrpmDFjMLTiwYMHRqMRwiNUKhVuCkUPG5qr wOf5888/aX+QOHfDZDLh4Fy1apVkbOl7772HT4gFrEpLS8Hh0r59e0GfDho0SMwu5OXlgf4U Hh5O70gOKiZoZnl5eYKqCffv34fpEB4eDpqZTNkxGhhraUeOKAMDwyOD+r/pZbAOASGkrKzM WkFlkOObNm2CfZB1Ot3o0aOhFq/JZIJivTZi4cKFKJTlQe9NNWzYMHlqwdPTc+rUqQ0bNgRh feXKFcmqlLRhB8tA//79BXFw48aNo8vtOTs7C0LrxSEU27dvh2YMDQ1t1arVjh07/v77bzc3 t9mzZ2OhiB07dtA/2bdvX2BgICw8UVFRERERmzdvvnnzZllZ2eXLlwVOCtwkzHZUVVWtXr0a igAuW7Zs79693333XXl5Of1UJpNJHOzJ8/zFixex2KK43AKgoKBg48aNoM/5+Phs2LDBbDbv 3bu3oKBApVK1bt1awP/fvXsXnQhYMNFgMGCm6/Hjx/v27evm5ubl5dWlSxc6oDUzMxPiZAlV aBneMSsrCx9Vcq09fPhwz5494X0XLVrE8/zWrVtzc3MVCkX79u3p+p47d+6k9wVdvXr1+vXr yT/7ZXz55ZdqtXr48OGSO4NAH02ePJkQsmbNmqSkpIyMDIvF8uqrr2LgJ73fN2LPnj2oE0um nzAwMDB1oW5gbYs8G3H37l2DwQASsNrocUJtB4ymXkxMDB09Lti7SAw6S6Ja+xiPJYPwBXBw cMANL9B2twZw0ru5uWk0Gj8/P8EGGT4+PtZ+mJaWJnZzGI3G+fPnQ3BGUFCQoIYPIWTKlCli dWf27NkjRowAegOtecC9e/doI3Xx4sVJSUm43Er2u/iTK1eu7NixA1bEwYMHCyIrzWbztGnT JCP/oYqXzBqMPERxcTEOCZVKJUndE0JWrlyJni+NRoOVjAUhLAsWLIAVOjIy8sqVK5ihU1JS gg2CwZj4ePCoPM/j3ijixl+1ahVoDHS6AY2UlBTBm5aWlsIPCSEeHh5070ji3LlzycnJsLVV RESE4C6JiYmSoSc0B1ZTVx0DA8MTjkftjJC3qoGNtDFEXxJo3iE/TwNyHwwGw8iRI+mwc5DU o0aNEuSgw7/yz3zs2DEsjCiTWyFPD0jocWo1uMlNJlNOTk6150OdH/KPP0KG1y0uLk5PT1+7 du3o0aOthUTcunUrIiKC3sMTFZewsDBrUYrbtm2LjIyE4H8arq6u6enp0dHRsHzCCkRvWABP S3t2xJ8QQo4ePRoTEyP24+zdu3fkyJHijFkAVvGq1t7Nzc0NCwtbsGABagM0srOzlyxZEhYW Rn+LBv2ePXvoAo6wQmOZCsGupLiWC+omYc2rU6dOWUt6rKqqiomJmTZtmrh3QP8bM2aMpFZU VFREb48CJ48cOdJarMCPP/44ZcoUwYwoKCiYPn26texfnudBY7AWZSwJmDXiWYazyZYUXwYG hnq35/+ndSWlEjzQgoz5OgFsYG1tZ+1/zfhQKBwdHS0Wi1KprFErqdVqcOfTQZFgjo8dOzYg IODWrVviQkY17TiLxVKtw9vR0XHz5s2EkPXr14uDG2TAcRxs7FRRUWFHLcVHA41GA0kH8k0h U2ikXbt2QJDgBtbWurK8vLzayg2w83hGRoagyCYDA8O/Her/5Ze3WCz1oSgAwJGBZQn+paiq qrKviawlmJhMprVr1+p0uto4nmrUcRDJXyN7F23l2hBdjwa2hAdqNBrgcsROCvJPoCjP89bo GRtzhQghHh4e4CURM0wMDAz/egObNUE9ARIRWWlbSZSVlcnUHq5DeHp6QgjCyZMn/2f7wmQy QWt/8MEHgj3DgoODIUBVXFi9pmjQoMGcOXMIIQaDQSbKmIGBgbELDIQQ0rZt2yFDhnh5eQF/ W6PahQx1BZ1OJ9ii87PPPvtfbpCTJ0+GhIRwHJeUlHT27Nnz5883bNgQdowE1MZ3sHHjRjrD oqZFNRgYGJi68L+IV155hU58EO+HyfAIIPDTp6SkPBoy44nFrl27nJ2dYbfxgIAASBtGTJky pTbhhHQYL9uZmoHhvxUK1gR1i06dOvXo0aNhw4bXr1/fsWMHqzzzuPD+++83b978wYMHBw4c YNw4oEGDBi+//HLHjh0VCkVVVdWNGzdOnjxZ+8bp1q1bly5dqqqqDh8+XNMAEQYGBgYGBgYG BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgY78eh2pHR3 d+/YseNzzz3n7OxMCPn9999/++23s2fPGo3GR/zOfn5+arW6qKiooKDgkd1Uq9UKdlUWg+d5 OMfBwUGhqKZrlEpltU3Xtm1bjUZT0zf19PRs1aqVSqUymUzXr1//888/bfxh69atGzRoUFlZ KX+aWq2+d+/enTt3ZM5p166dRqO5dOkSz/OSJzRo0MDHxwfGksFguHbt2oMHDwTnNG7c2MPD o9rnAVy9ehUOvL29HR0dBb9Sq9WVlZWlpaUlJSVlZWW1HAxubm4BAQEdO3Z0cXEhhNy/f//E iROZmZn0TtDYDoQQlUqVl5cnfkEaAQEB5eXlarUa949u166dSqW6f/++/J6TMB0ePnx469Yt /LBZs2Zubm62NB22Gz3TW7Vq5eDg8Pfff+fm5t67d0/mgaFtq93zukWLFg0bNqysrBScXCed pVQq169fr1KpIiMjxd86OTm1bNnSYrEImuhJQNOmTZs0aVJZWYm9oFAonn/++crKSvkBA5Kh srJSq9WeOXNGsk38/Pw6duzo4+OjUqksFsvZs2fT09PrW2aK30iMVq1aBQUFwfAmhGRnZ2dk ZFy+fNmagNVqtW3btrVYLDhyaipg3d3dn3rqKfmnkkH79u0tFktVVZXkt0aj0WAw3Lt3T/D8 8CulUnnp0iUb202tVl+4cMFsNkue07FjxwYNGpw4ccLu3lE/gjHdrl27GTNmiGVKYGAgISQn J2fdunUPHz58ZHNs/Pjxer3+1q1b8+fPfzR3fPbZZ6dPn17tafhIa9as0ev11Z4fHR19//59 /HfcuHGfffZZcXExfjJp0qQavWmTJk0SEhIEH5pMphkzZtA3AgQFBRFCTp48iZ/ExMTY8tj0 m0oiKCgoIiJC/II41adPn+7t7S34vKysbNq0afTy8Pbbb8NDVgue50eNGoWtWu1b7Nmz5/Dh w9aUrdDQ0OXLl0t+26ZNm9jYWI7jBHPB19d3zJgxR44c2bVrFy1WfHx8BgwYAE8YERFhTSBO nTrV39+fEJKeno4yMSoqSq/X5+XlzZ07t9rpIDitd+/ewcHBNWo3QkijRo2WLVsmaD2e5+fO nStYZrRabXR0ND1y6HErxpw5c6DRBHesZWehbqTX6w0Gg+S3MTExLVu2JISYzeZRo0ZVq/Q/ SvTp0yc4OJhuE0dHR2jYlJSU9PR0yV+9++67ffv2hePt27eLtfmwsDBx73t4eLz55ptms3nB ggV5eXmP7I1ovPHGG0OHDhUvJfC0aWlpu3fvFq/KrVq1iomJoYdZTQVs3759ZZ6qWkNx2rRp tpx59+7dOXPm4GI/duxYeMjx48dXuz7OmDHD1dWVEDJ69GhJdaF9+/bjx4/neb426oKyvgf0 uHHjaF3BbDZnZmbevXuXtg82bNjg4+PzyOaYyWQihBQWFv7bqSGl8v91H8dxqampnTt3FphZ NXpTHx8fWlfIzs6GA41Gs3bt2oYNG9Inx8XFRURE2Gi4i/H3339b+6pRo0agKxBCxKLZ0dFx y5YtqCsUFxfjWNLpdJs2bQJ7HQeb3cNDHkOGDElOTtZoNILPe/fuvXTp0tLSUslfhYaGzp07 F3UF8Vzo1avXli1b1Or/X4nft28fLLQcx4l1btSuQFcwGAwpKSmCF7H2MPKn2cH5eXh4fPTR RyiFi4uLgRniOC4uLs7Pz48+WdCz8qqJh4eHQMGqk85CvPTSS4SQQ4cOib/SaDSgKwDH8+yz zz5REkDcTdiw1lomNDQUdYV169YdO3aM/lav16ekpNDdkZOTk5GRgSSfSqVavHhxjx49Htkb oazbuHEjrSsUFxdnZGTQwi0kJCQlJUWn04mVWjioqbxCAVsb2K5fNmvWbOPGjfjvrl27bJkd wFaCrpCeni5mKEGjslFleZzsQp8+fTp37gzHZ8+e3bx5Mz0amjdvjtJz1qxZkydPtsZb1gfE o6r+cOPGjYSEBPFg5Xn+xRdffPPNN+Hfjz/+GKcx8GwClJeXL1iwAI6zsrLQIJM8uUZv2qBB g1mzZsFxQkICWqjDhg0LCQkB+5XmAySF76RJk6w9idls7tat2/Dhw+Ffa3YPIQRf0JopjK+f kJAAgkChUIwcORIm1ZIlS6KiouCcTz75ZNeuXZLT1WKxuLu7L126FP7Nzc0VnzNlyhRaqVer 1U2bNn399deBseA4bvXq1XgvQOPGjaExJRd1FLJHjhz58ssvgYoHdOjQAQwgjuMmT568cuVK /GrhwoWJiYmEEF9f38DAwMzMTMEdUbuaMmVK3Y5bnuenTZsmo9vRWLx4MXZNfHw8NLunpyc0 8rRp08aMGWPNtRQSErJv3z5rV8YJIgM7Ogvx8ssvE0J+++03yV6j/x01atSkSZP+vQZGaGgo DkJ6muPquHbtWpywS5cupedFgwYNYmJiQFMPDQ397bffxMxf/YFmrfbs2ZOWlkbP644dO4Jk UKlU69atGz16NM0xPHjw4PTp07SVYk3AGo3GhQsXigUsOM0lV2LbkZ+fP3v2bEn64Y033gAS UavV9uzZ8+jRo4SQzMxMmNpvvvnmN998I3NlENGEkK+//lr8rZ+fX2xsbN0YqPXXwY0bNx48 eDAOzbVr1wo0x9u3b48aNQo6EgQ9+S+F0Wi8ePHiVRGuX7+O1vC6dev++OMPOL527dpVKZSU lMAJZWVl1uhu+wCDFWgDWojs2rULPN8tWrRwcHDAzyX9cJWVlSYrUCqVqCucOHHi1KlTko8x aNAgUJMlodFowIwuKSlZvnw5rj1VVVUpKSlZWVlgHjVq1Ag/NxqNks/D8zxqHkajUdyYRqOx qKiI/klZWVlubm5SUhJa+Xq9XqD4A58hXl+dnJxwUZ8/f/7OnTtpXYEQcv78eVzM2rdv7+bm Rj8Jag8TJkygdRGlUhkXFwfHixYtElyzTnD//n2TLOC0Tp06gd6flZW1fPlyFOX5+fmgBqlU qnfffVfS7Lt3755Wq6VfmYZCoejSpQueaW1+2dFZKKzd3Nx4npck4fr160cI+emnn4C0d3Z2 tvac/y5dYdmyZeJ4kYiICOjE/Pz8kSNHCnTov//+e8mSJchGSMZ51BOCgoI8PDxgfkVHRx8+ fFhgA/z666/h4eHgTuI4buTIkfS3hYWFmzZt2rRpE0qMagWsQCacOXNm165dX3zxRW3eguYR BaN33759OMdRFJtMJugjvV7v7u5u7bIKhaJ79+5ALgrGsEKhCA8PrytdoX7VhcmTJ8PB+vXr ZUKZNm3aBFJAp9N16dLF2mlO/6BOCCKB8e3k5KTVam08X6vVSp6vVqtdXFycnJxkaE8BOnbs CK98+vRpyYAjAVCjmjlzJv05UrXyNIMMYMDdunVLHMuzc+dOGLs0SQ6BQrb3RXx8PBwYDIZP PvnEGhcH0tkamjdvjjqN+NvU1FQ4oP0R1hAREQECiBAC65m4N6399o8//sCO+OCDD+iYKTCA nJycBD9B+bV3715r4XIGgwFfQSDvLl26hAoWTTzMmzcPuj4tLU2SIHlkQGfi+vXrBV8VFxef PXtWklPlOC4nJwcUxG7dukleuUWLFhzHwWtaUyXt6yz6ybOzs8UasLu7O9zxt99++/HHHwXS XI6zVatBWFnzodBwcHBwcnLS6/W2nAzCynYJI6krLFq0CF2NtIAFWWQ2m2Xiinbs2AGLrq+v r8BBaZ+srvaN1Go1qtqTJ0+2RmlUVlZifFhwcLAtQkAMpButOf5qA0nSkZ7joO7QTfHVV1/B weuvv27th23atIGR89lnn9Gfe3h4bNu2jZ50tSfv68sZodPpPD09QQgK6FMx4uLiVqxYQQgZ MmSIwO5UKBTDhg3r1asX/eHZs2c3btyIqqJerweXz+HDh/fs2WNtqphMJhx2YKE2bdp0yZIl 9Cw9cOAA9hDA0dFx8+bNhJCoqKhnnnlGoKmtXbsWROGIESNoeZefn79gwQJr1CvaymDgmkwm YJvlMXDgQFiNduzYQcc8r1mzBsXomjVrYOTRi4oA2FyEkMTExFOnTuGA27Jli/j8K1euhIWF 4b/h4eE4BCMjIyMjIwUNK8bUqVPhCcE4kNZblcpFixYRQjIyMrZt27Zp0ybxOcXFxSdOnHjx xRclA3+QKnR1dZWPYO/UqROSzLNnz7aRbKeRk5Nz8eJFf39/juOefvrp/Pz8tm3bItPo6+sL C//EiRMfPHigVqsDAgLAmJaPufvhhx/CwsLS09OPHz8u+Grz5s2BgYEcx+n1+j59+nzzzTfd u3cHt7rBYEA35+OCr68vPIlkwOCRI0cCAgK0Wq04ovC7777Lz8/v1q1bjx49JK03IFqPHDlS VVWFpGstO4v+FhbR7777TvzD/v37Iy9tMpkKCgo8PDyCgoJSU1OtecGbNm06d+5cOowuMzMz MTFxwYIFnp6emzZtQjKVUCG9NPbv3y/pl+nfv//bb79NEzOxsbE20uO0rjBv3rzbt29LWvBw sHv3bhkff1VV1RdffNGrV69vv/1WMHFskdV2vBEMLWAl5ZODysrKtm/fHhoaCusrDiecm/Ix g9YELPnHJ2s0GoFTiYuL8/DwsBb56O7uDsvZ6tWrz58/X5tpdePGDYPBoNfru3fvLhnFSQjB eI5ffvmF/hyVubt3786bNy8kJOTdd9+VX5IeG7vQoUMHXJCqPbmwsBC8RM7Ozo6OjvTCtm3b NsH4I4QEBAQkJyc3bdoUzTLQm8BEFnM1r776KiHk3LlztJ7VtWvX+Ph4gUbfv39/OtiExsaN G8WsTnR0tL+//8yZMwW2kaen57p16+Tf+sMPP0SDrNpwmEaNGoFZU1ZWBp4t2joRKwQyGi6+ 4J49e0A5AyPAbDaDN0ShULi7u7du3RoSI2ukI4vRo0cP8CCAzm5tvMbExHAcZzabP/74Y2tC sLi4+JNPPomKipJckzp27AgH8na2u7s70v4pKSnySYYyOHjwIC3OJE1DsHqbNWsG/+7bt0++ oy0WS1hYWEpKys2bN8ViGtWRwYMHDxw4EHU4+SCm2qd92m45Xb582ZoBbY39MhgM33//PZB2 TZo0ESuRYPIeP35cfqmoUWfRwgE+AU+W4Nawgubl5cG6uHv3bngFHGliNTQ+Pl4w+wIDA5OT k8F2EvBbkkr2gAEDxCJo48aN9MoK423VqlXybJxYV5gxY4akrkAIASFpNpuhO2Tw7bffxsTE HDlyhA4l1ul0tshqO97ojTfeQGau2pdFEogWyLjKyrAdTk5OIGCNRqNAwIpJLBhOHMe1aNFC RsusUdYlKNPiz8H7w3EccqsCm7N169ZgZQnEJsdxkJQ0c+ZMnufto1seEbuAgdA2ZiofPXp0 yJAhoBOBC1ahUGDcTXZ29vr16x8+fMhxXN++faFfly1bhsH5Bw8eDAsL02g0LVq0ENzR29sb RPl//vMf/BDN8bNnzyYmJpaXl0PgG1hvI0eOtEaYb9++/aefflIoFGPGjAGTcerUqcAQzJ8/ /6+//mrevPm8efNg/rRr1+7KlSuS12ncuDHIwZKSkmqTzgnl2QG9lcb06dOffvppWEsSEhJu 3LhhbU1q0KABRlPu2LEDZwXEexuNRrPZ3LdvX4GPOTs7Oy4uDq+5ZcuWPXv2LF++nOO4AwcO HD58WIZEbd68OSj7hJB169b99ddfkqe1b98eVIply5ZZLBaxAmTLZIPxYzabZRZIjuOwATMy MmQiLqsFDrOOHTseO3bs6tWrUVFREyZM8PX1zc/Pj4uLUygUkG6AUqCoqKg2c6qwsHDPnj3w mnSsiTw78uyzz+p0OmtDwtHRUew6ESyo1vLFady+fdvV1fW5556zxjXCgZeXl2C0cxyHC9ir r74qIBhAFPI8X1BQYGOOri2dhZ8/9dRTHMcZDAZxG6KOC1oCrQwNHz5cHHyj1WpRDd27d29a WlplZWWrVq0kiX13d3fQRQoKChISEmBgeHh4zJkzR6/X6/V6Hx8f9BeEhobCu4P9XVRU5Ojo GBkZCfLHGkAvp3WFadOmydRQAQ7cYrHYke6kUCjQOqpWVtf0jZ5++mk401qmKw0kgTQajY1D F80VnFDVnkwHIQp4UNQyL126JFi/ZeSSXq9Hd61gaB05cgTasE+fPmI9EooRAC8u+Ory5cs0 +WFfmtgjUhcwqtHGp0SLsFWrVrCovPzyy7AO0Q4Cnuf37duXk5Mzbdo0lUrVr18/IO5OnToF xpa4/0C8lpWVie3ItLQ0ZHELCwsjIiLWr1+v1+tfffXVXbt2iQPHZs+ejRdZu3bt6tWrIe6J zlnPzc2dOXMmhMlY8+0RKsLflohFd3d3oJ1v3bolVr/Kysrww5s3b1oblI6OjqgrJCcnoxqO 6xlwOeIf+vj4JCYmjh8/HkZ/eXl5eXl5aWmpm5vbrVu3jEajtdynBg0agH8BmtpacAbmJZ84 ceL69et2DDaFQrFs2TI43rVrl4y8o0MorNFINQXoBBaLxWAw3L5929fX9+7duzTn+eKLLyK1 WMt7HT58+NVXX8WoiwMHDlRrwej1eknPji3gOE5ySADo0Hp4X61WK9bXgcu1Rk3BHD979mxA QIDYHwGGGrhm7I7LEXcW4oUXXiD/t3aIgOPleR6Jh8rKypMnTwYFBen1+qZNm2JgMmDQoEHi Zrlx48aoUaM+/vhjgUoN5cUIIXPnzkW+raCgYOrUqUDHvvXWW+BP1Gg0sN4bDIbx48fD+lde Xr527VpaFZDs97feeos+QYYX1Gq1YEHZFwFTI1ld0zeCE2zJmAVcuHABMm+dnJxsZKRQwObl 5dli30IQor+/f2BgoFKppHVxzPH+/PPPBb/q3LnzH3/8IVgQXVxcunbtSidXf/rppwLxnp+f 7+np+eKLL0L9Mfrbd955B1Zbu1nSJ8IZAXxdWVmZHY5hevqVlZUJgglAcYPW6d27N2onwN8G BgbScU/I1YgTUUwmE9oNSAWjjgzV9GicPn1a0CUYkwHBDYi7d+/KB5U0atQIR6dA6EgCvVO4 3ouJU2tkL3heHB0dN2zYgO4hWlcQq3SbNm368MMPw8LCgMWCZpRMAZIPzsK4oby8PBnnOphf JpNp69at9g2VVatWgbAzGAyCPHIB/QvqnUwIhe3ARqvWX4Nn1jIRC60NsdH8WECb+8hUzZs3 DzNTACNGjKiWGAB2V+CPUKvVYOLXXl2w1lnAwItJJicnJ9DJTp06RS8G6NQAMU0Dijfk5+cL 6BOe51evXm3twQT1ZoxG4/z58ydOnIg/AfFFCFm5cqXAVt6xY4fMK4eHhwsect68ebSrVyD6 JNWpGslqo9EoI6v79OljxxtpNBqYs9b8XGLYMU5QwNpuQsCbqlQqgXsLtUzJuQnhGjS6deuG 0ttoNI4dO1bsroVgc5VKJShe4uLiAo3z5ZdfPpopX1/sApCTarVarBDJj1c0hWEBsObq/uuv vzw9PdVqNXhowKycPXs2tCnOWAyhEEuEw4cPi6mqa9eu8TzPcdzzzz8vsIYFgSS02iHOkJEn wXr27AkHdFEda3BwcACOzmAw2KJbiBEcHIzBidu3b7eWxChmLO/evTt69OgNGzbo9foWLVo0 adLEmjdBDAxvBDeNtdN69OgBcnnevHm2M4c0r7Bq1SqYMyaTSSYnng5vnDVrVi1DfqpVlQSm W11NK2dnZzrsdNKkSWPHjpXXyHmel2Gw1Gr1tGnTZN4lJydH0pHRsGFDWifOy8sDG0ilUn30 0UcHDx48deqUq6trZGQkrStYcx5jrAbtj2jbti3IUBj2tWFTJV9Qo9F4eHiYzWbx/MVAdMH6 V1BQUFxc7Obm1qlTp5SUFCQgNRoNvKZk4vvVq1dBqohJjmnTphUWFn7++eeXL1+GfhQsM0BN 8TwvjjmoqqoCtkO+96dNmxYZGenr66tSqeLj4yXnSG3SzTQaDc50GVmtVCpBVtfojUwmE8T6 IaNmu2po+9iwQ8BiEOLQoUORWsaiXt9++63tD6BSqbKysjZt2mSNC0F+a/DgwbQyiqNUkh77 N6kLsORoNBqdTmcLI4QcjkD2OTs7Y3aZZEM3aNAArp+TkwNzctCgQdim4IkoKSkRB8RaC/kB ml2cXS0jUmtaFxbCcGgnggxQ47Hb+BaYUzL294EDBwTezaqqqlWrVsF636ZNGxvVBUF4o7X2 ady4MUQ2pKam0hMVJ7z8zNdoNKtXrwYxbTKZxo0bZ00xpcMbExMT7dO67O70zMxMUNcaNmxY m3g9mrBBrFy50lr1IcCZM2fkGWYY8NYWG9urocydOxdpnn79+mHMGs/zn3zyyZgxY2C5tdaY p06d6tKlC+2PgKotMsO1lp0FZu6dO3fE3yIlHhUVlZWVhQarxWLBturatSs+G8ZCXbt2TXyj qqoqQSMXFBQAmw2DE12T6enp33zzjeT4lFSmb9y4IaMumM3mCRMmGI3GhISE5ORkEKeQViM4 E7Yt0Ov1GJZrny5ro6yu0RuZTKYaqQtYedNGk+D555+3T8AeO3ZswIABXl5ejo6OoDiirJYM loSSJPivTqebPHkyLHytW7eWoR4tFsuxY8d69OhB34v8EwSalZVlN4VfU9SXMwL92dboL/HK gWZKzfSdf1wPVVVVQFq2aNECbtqoUSOYopKDWDKoFVF/8eRQoN7akBID4lzMZnMtc3IAXl5e yAqKzV/JcuLogrHRnqbDG+Pi4mRKv2EdSQcHBx8fH79/ABQxIeSVV17x8/NDzYOGp6dnUlIS tKTBYBgzZow1XcHBwQHDG48cOSJPrtRIOMJBte5eVFVRmsjAxcVFQOYj0FLPyMgYNWoUSEO9 Xj9w4ECZCz6y6qUWi2Xy5MlJSUn0h/v37x89ejQkGxNCZAYDOFnQH8FxHBhq1Qbq291ZXbt2 lZyGrVq1QkbE29u7X79+b/4DLJ9MqGAFYlupDwESEhIEbQVEYHx8fHJyMk5JiK6wNsZkomF4 nh87dizIYZ7nUdEcPHiwOE0DuQEPDw9bmAYbT5OU1Xa/kY13BH8Tz/M2LqJ2C1hMvsUITcj1 KCkpkbQKBI6esrKyJUuWgGXLcdzGjRtlQryxQnmnTp1wlIJAtiVh5ElnF06fPg3dMGLECIwv k6GDQJ03mUyChs7IyEhJSbHmjlIqlTRtcOTIEcjM7tSpU3p6OtR2NZvNFy5ckOE/JSETpVhL vPbaa2hJVHuyo6MjzO3s7Oza8OeLFy++ffs2WBiDBw/++eefacF98eJFMH8ly91UVFSA5dGm TZtqn5kOb6w2EA9r5oi3jaHJIXFdh/bt22P2YGZmprg0EA0MdS4pKQEvYJ0Ac8aqpYh+//13 /Il8MVdCyLx588BUFeSIBwQEQCoNz/ObN2+urKxcvnw55OAMGDDg1KlTdUKZ1B4nT54UU6Pt 27ev1uC7efMmsIPgjwAb0WAwyG89VZvOAu1NvEhggl9xcbHJZKKFD+wrCCY4HdeJD+ns7Gz7 A0Nb6fX6Z5999q233sJVnOO4NWvWQIr/mTNnevTogf5+AaxploSQTZs20d6Ba9euIc+/YMGC yMhIgXr9888/9+vXT6VSeXl5yQ9pLGNw+vRpOorWRlld0zc6cuTI0KFDOY7r2rVrtfLH09Oz RjGbGo0Gmh3I6RoNqtLSUsjCgHJBDRs2BApEvGsXrceItcaNGzfq9XqVSrVy5Upr7tTi4mLw gr3zzjvQCDBKeZ5/lPXZ6otduHv3LrR+u3btxKp3RETEnDlznnrqKfgXdXZxfEBBQUF5eXmZ FQhcDEVFRTBXwakDIQKZmZmSdqfkplZqtRoICVv2DLUPEARqoxzEh6SzQGuKS5cuXb9+nQ65 EjDMWPoUe0SgsoCxZUu0ERoxt27dEsc9ie1+O17H398fdYU9e/bI6woY3sjzfB1uqYDR3daU UYGdBwyNs7OzPKeFZQQNBgM9tp2cnDA2c8mSJTCec3NzkQxfsmRJnVc7rSk4jrOmZAOhZTQa ZQy+qqqqjIwM8o+rDowNyW2f6qSz3Nzc9Hq90WgU2Cd0ofGYmJiZM2dOpxAbGztz5ky0f1DN xRkkCHzDa0q6e0BdNhgMp0+fnj17dlhY2NKlS0FsirPwJfsXLHVr3SH4ZMuWLVgmWRxOhEoe 5mxbA+a5CCKmCwsLbZfVtr8RLgoffPCB+PyNGzcOGzYMyRh06+zfv9+WsYH9ZeP5AkBVQGdn Z41GA4LdbDbTBX5sASj9cB2Z3aTwXnq9XqlUwiit1vz4d6gLhHIFxcfH02YrZKZ6e3uvXLky Ojr6hRdewCRyrMlYXl4OgVR9+/aVHFULFixITU1NTU0VqGwQI/r000937NgRpqi1hVayY5BW qqdt3TGEU7KKnBhgY5nN5tqokOhYOX/+PKxbUBkQT0BjguZaxSpLtWUD6PBG+Z2iAFFRUWFS QIEVGxsbFhZGUwvNmzeHQheEkHXr1skXSaTDG6dPn273/pkyM/zkyZPiy4oXRUxHnDNnjrgO MQJfXLBM4rY3Bw8epC2/7du34wJQH2Vrbcezzz6bnJy8YcMGsW2g0+nArQDagAzgrWFwgs33 008/1VNnwUz/9ddfBSdjIrtMLg+ELsJiA/IHIvIIIZKOIXH5uJkzZ6ampmKyEs0BYJoVmOmw 8RXHcZKbYcpUzZdUyJD58/LyEqQsQhQnLEgyl/Xy8sLtvMF+MJlMIKvffPNNW2R1Td8IK9Nw HDdhwgT6Kw8PD71eHxISkpiY2LNnzz59+oB9bzAYbCyRVEsBi1blO++8A8E61qxTGRQXF+PC Fx4ebi3fFT16zz33HO6SWieRPU+EunDy5ElYdDUaTVJSEsaqWCyWlStXwggLCAhA+mXv3r20 nE1LS4M5I47katu2LbRXSUmJQDTD/Oc4DtRMyXILKMVQTQbo9Xqsyox9U7fAkCgbU+BgNJeX l9uYgydp3NDea+QVBg8ejJK9oqIC3tfX11cwXTUaDRQwMZlMYrcirXJheCOkKdqR5iDWb8RV ZjEIOSEhQX6XDTq8cfHixXW12am7u/vGjRuRN5b0boirzeTk5MA45Dju448/FlvhDg4Oc+bM gTkiqBUdERGBlIO4TPKcOXOw63Gpe/S4c+cOHIh3j8SdKsWZ6ALk5+fDMjx48GConlTLyFCZ zgIOQxysgxEJMhKgqqoKf4jVA0G94DhOsJ+Ln58f+NQEKwQIHHG5Q5zC4ErA2MlJkyYJUmwG DRpke3oOEgC4MoWGhgrKaGLl+MjISMkISn9/f+xNeq/XGslqO94I89sDAwM3btyIv/rrr7+S k5NhzAwfPhx3NLR9+z0QsBUVFfYlOUMpDkJISEgITFL7aODDhw+jgJJMWQexAGNyzJgxoAHn 5+fL1LSuD9TvBtZz584Ff7lKpYqLiysoKPj0008LCgr++OOPnJwc3Nsam4z+F1xWMESSkpLm z5//xx9/ODo69urVC52LsEUCjYqKCgw5rparCQkJ0el0qampPM/7+fmhfbZjx47arHYyQILR RmUWJoZ8mAWhggDGjBnj4uJSVFRkbZ8Oo9GYlJQE9jq91/PWrVthkYuMjGzVqtW+ffuMRqO3 tzeO3a1bt9JtAnds3779sGHD/vzzzxMnTiBdoVKpwsPD5YM/dDqdtVlBv44AWA0GhB0ywDSc nZ1TUlKys7NppmTYsGHyKr+Xl1dMTAytncCWxzShgrFFCPEmkGARchwXHR19+fLln3/+GVWf JUuWQAUerVa7YcOG3NzcAwcOFBYWOjo6vvLKK7SpN3/+fBTE7du3R8EtyR/cv38f6+RPmDDB WoXs+kZJSQn4cXv16uXo6Lhz506TydS0aVMoU0gISU9Pt0W0nThxAptCsGWODGraWRzHeXp6 ms1mQXoUOoOysrLk149Dhw7Bcw4cOBCEzMmTJ4cNG6bX6319fT/55JMdO3aUlpYGBwdLxrce PHgQujU+Pn779u3p6ek8z+v1+sGDB4MKbjAY4GkrKythwnIcl5iYuGzZspycHK1WO3r0aPmq jjIrU8+ePYF5Xb58Ob3Xc0FBQVpaGoR/QY3qvXv3nj9/vrKy0svLC/erhIWKtmtpWZ2cnDx3 7lwZWW3HG/E8j7Xv9Hp9YmJienr6d9999+DBg+vXr5tMJrqvDQaD7TWLQMDWhrvFriS1K5e0 YsUKiLLy9PT09/eXLPX72Wef0U1Uh5FYT4S6wPP86NGj4+LiYHR6eHjQIk+Qi5ycnLxw4UKc wBaLZeLEiR999BHYuOLanGlpaZI2+r59+1BdkAyNoVejrl27QoA0fVkbawPL1AOxtuCJq+LL MT9KJRTorTZNo7y8HBpTpVINHTrUZDKBuiD5GCdPnuzXrx/weJhV9eDBgxkzZoBTtlevXoLa 75mZmYKEggcPHoBgBeFy4cIFWpmo1sy1vUYbDbrsjLu7u7VNXeHB6FqT1uKqBEuOoO8k82kB ZrN51qxZ4uhCJGACAgICAgIMBgO2m9FojI6OxrrmrVu3ltwJc9asWWip63Q6jNJYv369NT0A kqyAmYiPj5fPq7RxrNpR62bJkiVQ5Yau84ES3JYSI/guOOqqfST7OsvLywtWR0F0G1b7rzbs BkPPOI7z8/MD6nvSpEkrV650dXVVqVR0eQwxCgoKDh48CPR1aGgoZhLhA+PmijBhu3TpAjIN k4lqacVBiCLHcbGxsbQtvmvXLrPZjBTR4MGD0WSnpYEgYMhisUyYMAE+5DhOLKuPHDlCy2o7 3uju3bvTp0/HFCfxGKNNsri4uGXLllVbcsp2ASszHQoKCiASnFBVvOxAQUFBeno6vNTkyZPH jBkjDr0sKCi4d+8eViSq0Z4UdVIUtd7DoyoqKmJiYqZNmyaOQOY4bvfu3ePHj0cua9GiRfR+ OQ8ePAgLCxNP3YKCgunTp1tzLubm5oJglSy3QP7J9128eLEgDNVsNi9atEhwWVwFxUMKrBlJ sxV+JS4bgKPTFpZVpVLBGlat07eqqmr69Ok4vDQaDRj3sCqLYyqxZPLgwYMx3vCPP/6gc96w TdasWSMOJ1y4cGFOTg7+Kx/BJ0ni2TeWbDkNer+m7CIa9DKqTE5OzldffTVjxoyRI0dKZiKc PHmSjpkSWEv379+HcDZxXSBCSGpqalhYGOoKhNo7KiMjQ35bV4xc0+v1gmCxakUhjFWB3weU rRp1k8FgGDVqlHj8yFeGEHQTCF+wXwWPBJ8LHsm+zoLlUJxSC1XzeJ6nx7Y1YE1YDE2orKyc PHnyhg0bcCZmZWVFR0eHh4eLf/7FF1/Mnz9frAKmpaVFREQIei0hISEhIUHQsBMnTgTfnGQj yNQsKSsrQ7XV19dXkFf52WefRUZGSq58UNFZMri4tLRURlaL7WA73qiwsNDa9OF5fu3atRMn TgRZ5+HhsX79+moDO6BylC0CFrrJ2mDDHUQlE9FRsFTrD926dSvcSKVSSYaR0RrJoUOHakSB w93rMH7rUUCj0Wi1Wq1WKwiKAS9jamqqNZ0Rf1jtLRwdHSGyxkZXrqOjo1arrakX8L8YCoUC mpq1yaOZC5L5q2z81B8cHBzqsNSmPKFICNFqtTISSaFQaDQajUZjS3Op1WobxWDdkM//3A42 oKrpwK7RLeybPuIH8/f3h9ZGtsnb2xs+kck7ZbCpsx7x/awpaIWFhVFRUY0bN7aWXmg7fQ2F DWxPaBFvJfU/jqqqKmu7RjE8grnAxk99o0427xBg9erVrq6ugsp9tEQC61yyuWwfCZWVlY/S QLTvdjUa2Ha/kbW7XLx4MSwszNPTE5cSME15nn/EgYH/fVA+UU9TVFRUyxhDT09PCLr56aef /mXECwMDw78W4Ej29fWFDZdpiQSZETzP1zLRg8F20CGHWI+8ptX6GR4zu1BP0Ov1gs3EHmVp TAYGhv9xfPfddxAhv2zZssLCwiNHjigUigEDBmAy1KpVq1grPUpotdr169cXFhZCcEb91fVn 6sK/DIK4npSUlMeSTsbAwPC/idzc3JSUFIhqdHd3FyQ7bNq0qUZx7Ay1R8uWLSFjFv6FNGaG 2kDxX/Mm77//fvPmzR88eHDgwAG7k18ZGBgY7IZSqQwMDAwMDIRNrQoLC3/55ZcrV67UUx0X Bhm4u7tjTkpKSkphYSFrEwYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYG BgYGBgYGBgYGBgYGhv82PLk7Unp7ezs6OlZWVtbhxq/t2rUjhGg0mgsXLgj2vLYRTZs2bdKk id1PFRAQUFlZ+fDhw1u3bsk8oUqlunv3bnFxsUSHKRTPP/98ZWVlUVFRQUGBTqdr06aNxWK5 ePEinqPVatu0aaNWqy9dusTzPHzo4OCgUFTT3Uql0mg0wrG7u/tTTz1V7Zt27NixQYMGJ06c sHaCRqOx9pXFYsHHk0SLFi28vb1/+OEH+dMQjRs39vDwUKvV586dwz0A4cPKykrx+TzP//33 3/fv38e3puHn56dWq2U6ix4PWq324sWLPM9D4xNC6B55BJg5c6avr+/EiRMfPHhAN367du1g d8SioqLs7OyKiopqL9W8eXMnJydCSF5eHn01AbRarcViqfZqJpOJyVkGhv8CqJ/YJ4uOjtbr 9SaTKSIiok4u2Lhx4xkzZsDxjh07jh49asdF+vTpExwcbN9TKZXK6OhoQojBYIiKipJcWfEJ b926NX/+fPE5Hh4ecJEDBw589dVXLVq0iImJETxPq1atpk6dCm14//59+HDNmjV6vd6WZoef 9O3bt9o3bd++/fjx400mkzV1oW3btrNnz7b2c2vvCNDpdAsXLiSEZGRkyCxaNN5+++2goCBC SExMDCpb/fv3Dw4Orva3K1euvHTpEv3J+PHj9Xp9Xl7e3LlzJX/i4+Mza9YsOM7Kyjpz5gzd +PQz1Ps0Vqt9fX0Fa/OIESO6desmODMtLW3Xrl1yBoRCsWjRIjiWeXetVpuYmFjtg/E8P2rU KCZnGRj+C6B8Yp+szo2SXr164fHAgQPtu4ikGWojkAPQ6/WOjo6SxjStFiiVEr3z3HPPwcGP P/4I4lhSRuMd7dBpbCdapk2bJn+Ol5eX3evfihUravorg8EABzSXYGOXTZs2rWfPnuIRWFpa ak1VQl0hPT19+fLlcIzmuySfUU+Adi4pKSkvL4dPli5dirpCcXHx3bt34TgkJGTp0qUylwJq BC/bsGFDJiUZGBieaHahbqFQKLp3705bri1atJAhmesJJ06c8Pf3h7VWfPdXX32VZhqaNWuW n58vOOeVV16Bleyvv/6q0a3XrVunUqnEn5eXly9YsABNZDSIz549azQarXHXfn5+sbGx1d60 ffv2hJCCgoKUlBS1Wm2j7tWoUaOPPvqozhs/ISEhKyuL1ofUarWbm1t0dLSbmxshZPjw4ZmZ mcjHyL8XqkpHjhzZuXPn4x3ewKl8/fXX8G+HDh08PT1BcYyJiQGNR6/Xx8fH6/V6T09Pf39/ a76S999/n/43JCTkiy++kNSbExISJFUirVY7adIkOP7000+ZkGVgYOrCvwlt27blOA7WjJEj R7q6ur733nvx8fGP+DGuXbsGB88++6xYXejQoQMhJCcnp0WLFhzHderUSaAuKJVKWAbOnTtn 960FcHFxgYOysjI0kQkhZ86cAXZdrHiNHDnSFnqfENK8eXPQQnJycmx8zpdffnnMmDH10fi3 bt0SkDEmk6msrCwmJgYc/4SQwMDAar1UtK5w8OBBydX0EeOFF16gR0VgYCAcREdHI+NiMBim T5++adMmQkjfvn0l1QWtVtuyZUtCSEpKSocOHQIDA994440vv/wSA0FoWFM4AgIC4CAjIyM9 PZ0JWQaG/w4o/6XPrVAodDqdi4uLVqu15fwPPvgAloeLFy+Ci7pdu3YNGjSo9oc6nc7JyUkm Xu//KF9qtZOTk5OTE6gmYjx48ADE90svvSRetiG24OOPP4ZQgNdff11wTpMmTeAAPBF1giVL lsDBzJkzqz25WbNm27Zto3WFe/fuWTvZwcHB1dWVEHLhwgVbnoTjuOTk5HrSFYisn2XDhg2C hdYWXWHv3r226AowJGwcqHagYcOGrq6uPM8j4QSkTklJCeoKqBFCf1nzsABLAdxSWloadApc zUY4OztDbI3RaNy4cSOTsAwMjF2oBmvWrIGlwhrsjmHUaDRRUVFgiAMKCgrmzJnTs2fPIUOG nD59GuwnwZIPRvkvv/xCCDl8+DAseN26dfvmm2+s3ah///5vv/02/cCzZs2yRs43bdp07ty5 dCxhZmbm5s2b58+f7+npuWnTptOnT8Pn58+fDwoKcnd3VyqVdGwB2GQmk6m4uPi3337r0aOH Xq9v0KDB33//jec8++yzcJCbm1sn3TRw4EB45h07dgjCCYcNGxYSElJWVjZu3Dj8EF8wPz9/ wYIFvXr1Gjx4sLUok8aNG9foaVUqFahZZrN5ypQpjRo1glDHRwAHBwc4sLaOinWFPXv2HD58 WP6aXbp0iYyMpD+kfzVw4MABAwaYzeYxY8bQtIdCodi2bRus98jqA9zd3SGkg46j9PPzAzYI T/vzzz9dXV1ldFxrinKfPn2Ah3j48CEOvFGjRgkeQwbz5s2DA/RwMTAwMHXBJvlbt5D0ant4 eKSkpKBmIP4VWsOHDh0ihNy9e9dgMOj1+v79+0uqCwqFYsOGDYI8Ao1Gs2rVKsmn6tSpkzjT ITAwUNJU/emnn4KCgjQaTZMmTQoLC/Fz4BKAT7558yZ86OvrSy8D8CIGg4HWIWrTmAMGDACj 0xoDLwg44DiO5/lFixbl5eURQuQ1wqeffhoUIJ7nW7Ro8corrzRs2NBkMv3222/nz58X89uQ 57lhw4Zff/2VplIeAbA9IYGwWl0hJSWlWpo9ISFB/OGQIUOaNWsGw/W3334bMGCASqVq3rz5 9evXadUTLXUHBwdaQ3355ZcJITzP06TOm2++KSCczp075+vrq9Vqu3TpcurUKVolhS67c+eO +Nk8PDzg2/3794PSdvLkyaCgIGdnZxcXF1tCOgICAiAKJD09/Y8//mDilYGBqQs2GRkCQr6y stLBwQG942Do1xRosvz0009bt26trKx0cnJauHCh/LrVt29fWGVRhH399ddDhgzRaDR+fn7i ugLDhw8HXQEYhaKiIkdHx8jISHTKCgw11BX27t2blpZWWVnZunVrNLMEQFXAx8cH1QUHBwfg P0DoG43G4uJiNze3nj17orqgUCjoc2qPyZMnw4HtOQiXL1+m8+Lka1dAEodGo/n444/F2tui RYsErIPRaAwLC3ss02DQoEFwII6xKCsrE+gKSUlJJ0+etPHKGzduPHfunEKheOONN4CsCg4O 3r17999//42BKa+++iqtLjz//PN47OXlRX8Fga5nzpxBZUupVEK0Af3kR48eHTJkiNlsjoyM bNeu3RdffFFVVdW3b9+QkBDotc8//1z8qP369YMDfLuDBw+Ce2LgwIGffPKJ/JsqFAqYCGaz mUU4MjD896G+YheKi4v/+L8oKirC5TYvL69a6SOGj48PqAUnTpzYsmULRGWXlpZOnjxZJsHd y8sL1n6wmQBoGg4bNkxwvkaj6dGjB6gXY8aMKSoqIoSUl5evXbv22LFj4uu/8847aE1+8803 8FS5ubmjR4+WzHIEVYAQ0qVLF/ohBcsV6AStW7fG2kpubm6ggdmnaQng7u4Oy8ytW7fqKUME XCeoUuTk5GA6HyiUkCTyyCBJzjdq1Cg6Ohp6nBACDnsaKpXK39+fThmFqkfVAlbrjIyMiooK k8l04MCBHTt2wFetW7cmVGJtx44d6R/SCTKdOnXCY51OB7b7kSNH6H6EsYoplKCaf/jhh5AI Exwc/NFHH61fvx50BULI2LFjxSNTrVaDZpCXl4dcS0FBAUQ/dO3atdoM227dusH43L17t41l tRgYGJi6IIGgoKDBgweDyW7N8q5WHoEU3r59u+CrZcuWWfsVxh/QFmFZWRnYdl5eXo0aNaLP B1FOCFm5cqWAMJfMl4Ogxby8PEGgeEVFxerVqyUf6eeff6ZvhKoDLfR/++03WOFgPQBtCV5f nF1pB4YOHQoHAtO/ruDg4ABrm0qlSkpKCgsLW7JkycyZM0eNGpWZmYn0hji7sv6wcuXKVBE+ +ugj1GLT0tIePnwo+FVgYCCUXUIMHjyY7jtr2Lx5syBT9KeffkJGCg6+/fZbQohWq8XyBhqN xsPDg541YvWLVu9g+IkVWbrKiABAUQiAqtvevXvpzyE5U6VSQfKFDEBv5nn+u+++Y4KVgYGp C3aibdu2GNgYHR0tmZdlC7tACMnOzhbbLkVFRZIh+g4ODrAYXLlyReDvT01NhQMI70K8+OKL oNPcvn1bcDWLxSJgoR0dHYG6gKgIAa5evSppZoFvXqPR4CIhFvpoiIO7GlWK33//vfb1f7BZ aAdN3YLn+U2bNn399ddr1qyhG43n+fXr14NqpVKpBIb1Y8TevXvlyx0uXrwYQ2Rmz55tLfkF ceXKFfH4EXyCZBIU/0ae6e7duxD6QFf0ghiFnJwcegDA2i8gnCIiIkAdNJvNixYtCgsLGzFi BMaNhoaGCoorEELee+896B2B1nv8+HE4+PDDD2VetlWrVjARvv32WzuKgzEwMDz5eBS2XZMm TbAS8IwZM+wO0wMlQ2z/AS5duiQuBoAJFO3atRs4cCAGYFZUVODJr7322p49e8QyTlKnuXHj Bm3wYcyEZFWDqqqq0tJSMLJpoCrQpk2bs2fPNmrUCEQtHZVWWVl58+bNli1bvv7661999RUh BAoD1Inphs2ydevWeur0qqqq06dPYz6IACkpKWvXriWEdO3alX7regXP8z///DOd0FheXn7n zp2srKz8/Hx5JQwiLa5fv/7mm296eHioVKqEhAT5fAFb6mOaTKb8/HxPT8/u3btDW8GwvHjx ImobLVu2vHr1qlqtBucREBIArVbr5ubG8zwdM+vs7AxD1Gg0jhs3DgZ2VVXVjRs3RowYsXr1 aldX1169eh06dAijF52dnYHS4Dju/fffx6awWCwYcKrX693d3ekb0XjrrbfgwL7a6gwMDExd II6OjhginpCQUHtb1lpVWskSgUi5E0IgC0AMjUbz/PPPY0QhkK7Wcv8wUBHlrH3rVkFBgYeH R0BAwNmzZyGv3WQy/fnnn/RpR48ejYiI0Gq1SqVSr9eDOVsnGxdBU5jN5vPnzz+WYXf//v17 9+65urpCIOGjAV2zqEaYN28eUk0LFy6EvRKcnZ379Okjk4hrIw4dOhQREQFBKlVVVTD8MjIy zGYzDJKXX3756tWrGN1CR+YC35abm0sru5htGxcXJ1CCq6qqVqxYERcXRwjx9/fHCB4M3SCy Xox33nlHnKUMihGQVSUlJTbu7sHAwPCvQ/06IxQKBSYf7t27V3Kp0+l0Xl5ekvWJJWGNXRDD xcUFLfucnJzC/4ucnBz0FNAB+aA3WHNOCxLtMMSypnrDDz/8gFY+pFAKhD75h81WqVQuLi6t WrUClcKWfLZqFTjIsJB06zwyAHkjmfhaLRwcHNzd3QVBJ9XC9jEmYK1ot5TRaMSQlMGDB0Oy aG0ANaw4jnvqqae0Wi3wTBCeAtW6QIEAdxW9KwQu8wKDHoYKz/Nibxqhohc7d+6MH77xxhv4 rWCawCfwbWBgoGSCNNAehJAvv/ySiVQGBsYu2IPly5eD+Dt9+rSkHebo6Aj2Snx8vNjXS/7v Pj2QI0AHgtEQFzno3bs3HMyfP99a8D+Uk3J2dm7SpIlgFwZBGSWae0CgLeXr6ysmJBwdHcWe CMDZs2eHDh2q1WqbNGkCwYygQAhMcKgP0bZtW7Aj7aj9LAZcihDyn//8p/66vn379h988IG7 u/v48ePFGh4GQtoH2F0zPT0dgwkEqFf3+fnz5y9evAixgQsXLoyMjKxNNMnDhw+BaHnuueeA e8OI1zNnzgwZMkSr1Xp6esLwptdjhUIB/qns7GzxZTmOU6vVkuogFHJAn6C3tzcQVzIFrSMi IoKCglQq1UsvvSQuOIHlRzGIlYGBgbELNcDUqVNhaTcYDJIcJmoAtIGCgLQ3mvwHu1+cywBG v2D5wT2lTCaTTKLgwYMH4QCTzjElAUldGnT2IyGkvLwcbLX+/fuLTxZvH4z4888/eZ7XaDRj x44FjUpSWwJnQWRkJFyqTiouYIB9XZWGlNZD1WpQgySLVWBpAftCMWDBw805EdCSPM/bTkHZ h9WrV8NKzHGczB7cNgIW4OHDh0MKxvfff08PEpVKtXTpUhjeZ8+exV899dRTHMdBBUb6ajCA yT9lsgRwd3eHgBuk+jDsUSbs4MCBA3AAEZECQFnJkpKSOqkexsDA8L+lLvTp0wfMr4KCAnHF QwRaP/3796f3dO7ZsyeIfrr8HFbPFadN4lbCCNxTCkO7JQE5jYSQrl27QlIfBqtPmDBBUOd/ 0KBB4nh4CKfXaDSCPRf8/PyGDBli7b5VVVVAOIPXQyz0AUBHI2zfqKladaG8vNxaQes6Aep5 w4cPFzSaq6sr1vOxjy+BZcnZ2Zne8vvpp5+GEL863/pckr1YtGgRHHt5edm44Va1g1Bgo+Mg AQgGCRBd4oJR6DuYM2eOoOUVCgXuIwrBubinlMFgkAk7KCwshMwj2NBSoBeC/iFJcjAwMDB1 QQ7NmzcfPHgwyBez2ezv799FhG7dujVu3LiyshJMK41Gs3nz5ldeecXPz2/BggXDhw+HS9GL fVFREZhEer0+KSnJ3d1doVA0btx4zZo1Yg8FBjnKh2qXl5fDwoZJfTzPJyUlwSMlJib6+Pgo lUqdThcdHY0MBI2TJ08CweDr6/vJJ5907949MDAwJiam2v2d6WI71qoE0ryIoBSP3QAdSBCz Wed48OABvJRGo0lOTn722WeVSiXUAlqzZg2cs2XLFvu8BlgAY+HChcOGDfP29g4NDUUlkq7H VX/Iy8tDaio8PLw2JasLCwsxBlNQV4MevYJkXajmJFA1CCHFxcUwpziO27x5c0BAgFqtVigU rVq12rZtGyztly5dAscHsmWfffaZ/EOinyI0NJT+HCNCkNVgYGD4r0S9xC6AHwEEk6enp6DK DQIK72/fvh2NM7rAMCEkLS1NkEmRkJAQFxfn4eGh0WhkShfrdDq0mWQKPgJ27Ngxd+5csIMh qe/kyZNdunQBdkTMW4gxadKklStXurq6qlQq28sY0yHuYqEPMJlMEB5P6iiFUqlUQrRmtSkJ tgQGyp+TlJTk6+sLLPr06dPFzW53CuWVK1ewWUJCQrBeIfS4QEG0L8KRUJ4ymRU0KCgIxvny 5ctHjx5tX0ER8s/GY8DG0ZEQly9fxmO6uAJUc7JWsyslJeWpp57y9fVVqVSwPyQNg8GwcuVK OEYNOCMjQ/4JMzMzoXSKr68vvfMZBvnKVwRnYGBg7IIEbDQZgVmtqKj48MMPBUFSZrN5w4YN kmVzYmNjwfpHZGdnR0dHFxQU0PSGjTYTIeT69etg2+n1eoyKSEhIEGwRZDabJ06cCPUoBRFk lZWVkydP3rBhA36elZUVHR0t0H4EgGRC8k/yvbXTsHaTpEoBTS0ItZOJvMNdH6tdHqBN5FMn oEK2zO1iYmLEpS1NJtP06dOrTdBHKkVyOMXGxoqLbO7fv1/s+ULDvaZpILD2y+tVGLjAcRyU UcKnFd8OvxK7gbA1MHABUFJSAoNEoPi2adMGZpC1xl++fHlcXJzgGcxm85o1a7CJtFot6DpZ WVnVElcmkwnVOywqBS8OB3XiKWNgYHhioXiCHkWhaNCggcViqaystEWyA4dRUVEBYh1yHC5d uoSWU93QL2o1CETJug7w2NZsSq1WCzn669ev/x8PGndwcFCpVEqlsqKiom6zN8G3YrFYHkHI whM1WRwdHSsqKqq16SFFArQ6tpUDAwOD/avhk/MoVVVVNSraI1ge7OaB5VFZWSmfJgdl8q5c uRIfHy/46rXXXmOGlzV7uq5gTY3770ZVVZWNL87zPNMSGBgYag8la4JaAkIQ2rVrJ8hb8/T0 hMwIk8nESt0xMDAwMDB24QnCoywqDDh+/DgEqS1btqywsPDIkSMKhWLAgAGQCEoIwUQABgYG BgaGfylU/zVv8tZbbzk4OFRWVorLI9Yr7t27d+/ePUiC1+v1HTp0eO6557BW7qZNm+qkFCMD AwMDA8NjhOK/5k1atmzp6OhYXFws2Kjp0UCpVAYGBgYGBkJeWWFh4S+//HLlypV6iqhgYGBg YGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBg YGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGD4 n0Z97UipUCief/55QsilS5d4nhd8q1Qqvb29mzVrZjKZ/vzzzxs3blgsllresW3bthqNpqio qKCgoEY/bNCgwcsvv/z666+7u7sXFRWVlpZevnz5l19+kbmOn5+fWq224161hEajadu2bWVl pfirioqKBw8elJSUSH4rvk67du1g88yioqKsrCxxH8ncixBiNBrv3btXWlpq97twHNe+ffvy 8vJqz3R0dDx37hzs7VnTlvf39zebzYJ9QRUKRUVFhcFguH//vslksmUwe3t7P/3004QQg8Fw 9epVg8EgeaaDg4NCYXVO2XKvOum7mk40d3f3p556ihBy8eLFJ1ZUNW7c2MPDgxBy69athw8f Vnt+QEBAZWXlw4cPb926JXmCTqcLCgo6f/58YWGhtYuo1WpfX98mTZqUl5cXFRXdvHnTlvlV V2jXrh30+IULF8xms+0j3Nq7VFZWXr16Fd69TZs2SqUSZ5Y12ejt7a1UKiUfQDAvrl279uDB A3lJ6+/v/+KLL7Zo0YIQcv/+/StXrpw+ffqPP/6Qf/KgoKCIiIh169adOXOmbuUSDCq1Wg3t 0LRp0yZNmoA4zc7OtnFAyowxQoi3t7ejoyO2PMDT09PFxaWqqurSpUsyt2jWrJmbmxtOTD8/ P4VCoVKpCgsLq9142dvbu0GDBoSQ27dvl5SU1MmAVNfTQHd0dIyOjiaEREdH379/n/7qjTfe GDp0qOD83bt3f/vtt7W546RJk/R6/a1bt+bPn09/Pm7cuM8++6y4uFhSmE6cODEgIICWm+7u 7t7e3gMGDCCErFy5UrI7x48fL3mv+kabNm2mTp0qf05hYeGKFSuKioqsnfDee++9+eabgg8P HDjw1Vdf1fRehJA9e/YcPnzYPvUORogtiImJgR6sUctrtdpqX8FsNq9evVpm0r7wwguTJk0S fJidnR0fHy8QoBqNJikpSeZGI0eOrOUAsLHvajrR+vbtGxwczPP8qFGjnlh1wdPTc/LkyWCB rFy50sbRlZaWZk2UL1myxNXV9eHDh9bUBckGTEtL27Vr1yN4Xzc3txkzZsDxjh07jh49at8I p4Fd3Lx585iYGHpmSaJly5ZwmliMd+nSJTIyUnB+QUHB3LlzJfXXmTNn+vr6CpRUX1/ft99+ mxAyf/58mRW3X79+hBDQRepWLr399ttBQUHYDg4ODnhx+UfiOG7VqlVwvH79epkzo6Oj9Xq9 YHKFhITYMuN69+5Nn+br6wsLk9lsHjNmjIyd4OXlNWfOHDieMGFCXY1JZT2NddRYBdbMsGHD cAYWFxfjCw8dOrRPnz61uWNFRQUh5O+//6Z7NDU1tXPnzpKqaNOmTbdu3UrrCjk5OVlZWfQ5 06ZNmzlzpi33ejSQGR/0JFy1alXPnj0lv129ejWuN3T79+/ff9y4cTW9FyFkyJAhixcvfmQt AAa6jDkoOQhloFKprPUyIeTdd99FXcFsNt+9exeOfXx8Nm7cKDjZ1dVV5ka1589s77uaTjSj 0fjkE6Hnz5+HtwCGSf7kYcOGwcH+/fslT5g6dSr0l7V+Wbp0Ka0rYNeHhISIu74+EBISgsfv vPNOPUkSebIEBJ24lXr37o26gtlsRkPcw8Nj8+bN4t5ZvXo1rSsUFxcLpvDChQvbtGljbWH2 8PAwm823b9+mH6laubR06dJqT0OaENohLy8vLS0NPpkzZ44MU4hi4fTp05mZmdWKLPtmnOC0 ffv2gW6nUqlkdCaFQjFv3jw43rBhQ2044EfELkjCxcUF5oDJZJo6dSq8RpMmTRISEgghgwcP /uWXX2RUXXn88MMPjo6Ov//+O70SWDu5SZMm8fHxONyXLl2am5tLUyPDhg179dVXQaEbNmyY wJ749ddfHR0dBbrFo8SRI0f27t2rVCqRJtHpdN7e3uHh4RzHEUKGDx9+586dK1eu0L8KDw8H ais7O3vlypUgMrD9O3fu/NVXX4mJQcG98Hb9+/cPDg4GTbZLly6nTp2q0Stcvnx5zJgx1lZ0 tVq9adMmnG8Cy0an09XoXgaDYerUqbTI02g0Xl5eQ4cO9fT0hF4ODw9PSUkRUMF9+/YF2Tpt 2jR4BgcHh7i4ODc3N61W27NnT9rmg0uZzeYNGzaUlZXRLQZvVJsel+y7xo0bg4kj6DucaDzP x8TEwETDk2s50R4Xqqqqjh8/HhISolKp/Pz8ZPwmGo2mZcuWIP3FOr1SqVy2bBnQyNbQuXNn 6E1CyKJFi0A4KBSKsWPHdu7cWa/XDxo06Isvvqi/l1UoFN27d6dZhBYtWohNWKPRKJhEFoul S5cu4eHhhJC4uLjr168LxmHtodPphgwZIm6c8ePHBwYGqlSqsLAweioFBQXB0BVL2oYNG06a NMnb25sQMnfu3NGjR4u1AfBcFBQUCDSbauWSp6enHXJp165dQUFBer2e47hhw4bt3LlTfE67 du38/f1hfiUmJj7KWbBgwYL169eDyPLz86MdHIjhw4fDKpCVlfXrr7/W4d2Vj/JV33vvPeSW UeX566+/kJTu37+/3Rc/cODAZ5999vPPP9ty8qxZs+AgMzNz5MiR9AgmhJSXl3/yySdoNIeE hKDswCH1ySef2Hiv+sDVq1d5njf9A6PRWFRUdOrUqVGjRp0+fRpJMFo71mg0MIsMBsOyZcvQ vPjrr7/Qtn755ZervRfeLiUlJTk5GWlbO96ivLzcZAWvvfYazfHU0jS/fPmy0Wikr19aWnrp 0qXZs2fjKwQHB4NQQyBPOHHiRNRXKioqpk+fDsdADCKee+45kOBnzpzJzs6++n9Rm7AAa31X VFQUGxsLx127dhVPtOjoaJxoRUVFONEET/5vAdLLgwcPljktMDAQDnbs2CH4ytPTc+vWrfK6 gkKhGD16NBzPmDEDhUNVVdWmTZugH/v16+fg4FB/b9q2bVuQ+AkJCffu3QNayJZJxPM8hvXk 5+cLZm6dRM80b94cDhISEujGWb9+PeigXbp0oc8HasRsNo8bN04gaR8+fLhkyRK0uyQJhm7d uhFC0OivkVwSe+5swaJFi+CgV69eTZs2FVsy6CRasGBB7VnDGqG0tHT79u1wPGXKFLER4uHh 0aNHD2hwsAP/leqCUqmEYXT69GlBpNj9+/fPnj1LCHnppZes8T9ardbJyUmn08EssgV4poBm 8PHxAR6ypKQENDVJXL9+HV3R1sjqxwWZRti0aRNMWo1G89JLL+HnHTp0gAOx7+Du3bsgkiRt fZl7/fjjj9CV8vK3pggICMD1YMmSJTLxUzqdzsnJSavVVmsPybzCwYMH4TgiIgI/d3Z2Bu1h +/btAgu1srLy5MmTMH7oz5999llQTeww1xo1auTk5GStqWX6rqCgAPoOAylwomVkZFibaF26 dJEhWuscOp1Or9fX/jr379+Hse3l5eXo6GjtNFifeJ6/du2awDKzhaB2cHCAjkhPTxeTbSgT 2rdvL3MFJycnyVd2cXGxZcR+8MEH8AoXL16EwBpfX1+IXKuRyK2P3nzxxRdhvImHuuTgh5GW mZlpLa4ZnTsQ2ik5+MXadv3JpcLCQpQJCxYsEHw7fvx4OEhLS8vPz3/0wv/YsWMwCziOGzNm jOBbDFlYvny5jQ5l2/HonBHo2ZVkh44cORIQEKDRaFxdXWmatEWLFtOmTRNPvP379+/bt4/+ ZPXq1W5ubqdPnwYSe82aNXjHNWvWECpCCpt4+fLl8s988uTJQYMGubq66vV6Nzc3fDC4ONzL y8sLhPimTZvQsqexdOlST09Pk8n03Xffvfnmm+IoFYVCsW3bNlh+BFF17u7uK1asINVFJAmw bNkyoJ2HDBmCrQ38YUlJiWQcMgSR2QG6a3r37g13mThxoniNVyqVW7duBX0RHQ2S8hSN4L17 9+bk5IjPKSkpadq06ZIlS2iRYS3ir1p8+eWXb7zxBsdx3t7eED2OdonZbP7hhx/EP0lKShJE NarValAvYD22EeJ4MZ7nY2NjBZGqNeo7FxcXOJBkv2CicRwnmGg0WrVqBZGk4mivBQsWAM8/ atQoegxj56akpKSnp7dt23b27NkGg2HmzJnLly+HQaJUKs+ePduhQ4faTIHdu3eDvA4ICJCU JG5ubtAR3377rUD9bdSoEZrF169ft0Yjo9yQbMDS0tJ79+65uroGBAScOXOGFghxcXF3795d tWqV5LAU9DXP87Nnz5aMwtHpdEBnwgseOnQIuKVu3bp98803j91WuXHjBthgOp1OkKIi4/8F ZdqaxZyWllZUVCRefZ2dnfV6vdFoFLgjaySX7MAXX3zRrVs3vV6v1Wppx5O3tzeEuxmNxkcT 8SoJdEl06tTpm2++wUk6bNgwePHTp09LSs5/DbuAkxBGmwA3b94U81GDBg1auHChZMcPGDBg 4cKFMnakmCqE6zg6OoI0ycvLqzaBhxCCY4K21EEMwb1+//13EHwYXUWjQYMGMPOPHDnyyy+/ wIxCNg/pI5wbgscG74DJZAIL0kYUFRXB+VqtVmBh4OLXoEGD5s2bt27dWsy21Qj0g6GfjHa7 IjDWScwr0osuBr1nZWVJCsd79+517do1Pj5eYF7079/fvhi0qqqqEydOQNc0btxYQJaC9gDx Vq1bt27RooVkFAJafr///rurq+vbb789cuTIcePGde/e3ZodHBcXJ44th4jrV155RXy+jX2H LhXbJ5oAGAAkcE4plUrQFcC+F5D8SBHjBNHr9evXr8f5a7FYIJhGPAXwRaxNAZ7nYaShNobu cwEwQlCcSuDg4HDw4MEPP/zw4sWLMhwy6lvWbEd4Qrpb4X1jY2M/+ugj8bDs06cPHRuIHb1i xQpJ4QbKASEExn9BQQHYygMHDqxzsWwtP1PmWxxXI0aMEGhjkGUgcHnASq/X62fNmmWNVtm1 a9eRI0cEsVaoZNjhgK+RwJQEuiT69esHiqZSqUQ3xOzZs2vf+HYn5dIuCXRHuru7Y8TSxx9/ XB+L+KNjF+TD08Q0uLu7O+TPQKrblStXLBYLx3Gvv/46uPFatGjRqFEja0z19OnTn376aejU hIQEzDjHG6HclAfGkrRv315y9aqqqvr222/79evn7OzcsGFDgbqNAvfo0aP4VXBw8PXr18VU M0hh+itYNuRzoyVx5syZHj16aDSahg0bPnjwwMHBAVaRrKyshg0brlmzRiDUrKWMyqN9+/ag BUIEb1FRUXFxsZubW8+ePQXcD/nH32wymQT+SxpIGJSVlVnjflDvPHv2bGJiYnl5ubu7+9Kl SzmO0+v1I0eO/OSTT2r6Ir/88gs4/Fq2bAlKJAQiXLhwAWSEIAdMTG7heimguzt37hwWFrZ9 +/Zjx47Rn8+bNw/URJ7n586dW1BQoFAonnvuOchbGzVq1M2bN2G54jgO+06v169du1a+7+Qn mi2uVp7n8/PzPT09g4KCaBOqWbNm9HvR/QhxwUaj8a+//hJfcP/+/Y0aNerateuJEydg8r76 6qv0OIcaLTJT4MyZMzAFwBMUFBTk7Owsnv4YIVhSUiKWDFFRUbYMBvT9e3t7I39A30Kj0Vhj zsGFsXfv3r///rtnz57wsuhZW7lyZVZWVqNGjWbPng19+t577wkCbAkhEGBrMBjQnvn666+H DBnCcZy16Da70bJly2vXrkm6LSwWS+vWrSXbB4ZHYGBgXFzcmjVrSktL/f39sXkFaa579uwB Oezj45OYmFhQULB79+7c3FxrxUtoAMlX0ygxlEtlZWV2t0xhYeH+/fshymf69OmzZ8+GLiCE 7Nixo04ihR0cHBo3bizzkAKtWuCSePPNN+mYa1Rl5syZU9P14olTF1544QVYLeRLeQjmDCFk xowZKIN4nv/2228LCwuBr/b19ZXk/2GgIEVz8+ZN7BIU6+fOnbPlMTBSV6YyzHfffQeaTXBw sEClgKQ1FF4XL1709/cPDAyklzQQtYBOnTqhrAQPCDATtSWR/hEHqIoKMG3atL1790rqQyAc xQO9d+/ekDNNCElNTUXREBUVpdPpmjZtSpM3Wq0WDFOZ6hrDhg1DoqXa1Go6/b2wsDAiIgIM 2VdffXXXrl22VH8SrAGC1RTeOjg4GE09AbkVGBhIWxj0gkcIKS4uLioq8vHxgX9DQ0ObN2+O C4ObmxsIYoPBgEK2qqrq/PnzEyZMAJpx2rRpQMvXtO9govE8b+NEk8SBAweioqL0er1er0ex 3rFjRzxBoEkA95aeni7WPMaPHw/dAe4GmAIdO3akl0lrU0Cn04mnwMGDB8GK7dq1q2DEtmrV CgQ6BrvZAQxVCQsLE6sLzz33HNxCcl7QHfHtt982adIE487GjRsH7VBcXDx16lTw3YiTbz09 PYFyoFNA09PTgU0ZPnx4ndi1iBqVbUDMnj0bfKweHh7gKkKIHVjXrl1LTExEcsXDwwN0Ypi5 n3/++fnz5yXTI9VqNYhrSQOjRnLJPuzbt69Hjx56vd7T0xMvZTAYJGtg2AGVSoXFG+zA/Pnz N2zYAKNi+PDhODtsYc2fdHUBsmZtB1BeTz31lNhesTHIHOUs7VFDtUsQBi+jLoDFLGO0QQSW m5vbm2++Scuvxo0bgzhAwfrtt9/6+/vrdDrkIRwdHel4HFoKg/liNptlaoBUayFZ+3b58uUP HjzgOK5v376gQQ8ePDgzM1PsTA0PD4e8LGswGAwoVVEJe/PNN2mVCNYwUK0kLxIQEIA08vz5 8+VrWphMpt27dwssoXXr1oEkbdeunVjKy0OsC9LqudlsXrRo0a1bt2gCwNPTk06kBDaCEJKZ mfnxxx8jzYilfoKDgzE2Ct9UrAGUlpbu2bNnyJAhktazLX1X04kmCYxZ8/X1xbRy2kWi1+sd HR1h/QMHs6S68OmnnwpUN5gCWq0Wp4BGo7E2BYCLFkwBiO50dXXt16+fQF0Aup7neTsCTunR VVBQ4OHh4ezsLEiYbNy4MS51kqyM4Hl+/vlnUBe+/PJLuh0sFgtwJOKLDBo0CA4gnBaNHzDo PT09ZSjVRwY/Pz9BshitSa9du1bw4alTp65cufLee+8JXtnd3R0iUSTrnj3zzDNga0kqEzWS S7VxSQj0ITTiHzsePnyYmpoaFhZGv3K95vc+OnUBqszaju+///77778XW4Gurq6SBl89Aalg eUAEll6vb9KkCeo3vXr1AmGHoxbNpnbt2gEvAj7gu3fv7tq1a+rUqbQUBiIuOzvbDheXTEhw ZmYm5oPwPL9v3747d+6AjTty5Mhqwz8FyM7OXrZsGa1dnT17NiAg4KWXXtq6dSsuuhCsLkkR k/8b3rh9+/Zq1aPDhw+L2bZr167xPM9xHB2DZiMaNmwoswZERkZCFwABEB0dDQLxvffe++67 74CQ2L17NzCH//nPfwSr48OHDyHnYujQocDTQqaf2WyWlIPIc7q4uAiay5a+q+lEs0bOgQbc rVs3UBc0Go2bm5vZbI6Pj584caJer2/ZsiUQ48hn3LlzR3Cd8+fPCz7BCCzbp0BOTo5gCnzz zTehoaFardbd3R0VXI7jIBv+1KlTtUxvW7duXVxcHCGkX79+b7zxxpo1a0pKSl599VW6dJIY 4ihXtFh+++038WImKW0gki4rK0ugMW/btg2C3vv06VOHQXZ79+69fPmyZIii2WwOCgoCISag +qdNmwbHycnJp06dqqysdHNzmzNnDkSAbty4Uez3efDgAQQIu7u7d+zYccCAAbRPzcfHZ/Pm zWPHjqUDYCHBxz5uVSCX6sQlQQhJTEy0xYdiO9auXXv//n1r7T9x4kT51ef48eO9evVCaY9p Ef96deHq1asw2RQKhe2eFUdHRz8/vw4dOvj4+NCuU/tf+J84NRtTkGVifSXFYs+ePXEygxs1 MzMT50B5eTlYCa+99hrISrDYLl68iC5JkMIcxwF7b99skYlg2rx5s+CTjIyMt99+28PDAwPZ BEhPTxcEdt25c+fGjRu5ubliGmDfvn2Q5NK6dWtQj1xcXDApUbJH0Nl5+vRpgY+/RkxVaWmp m5ubfHVF+eYSO3GXL18uWKvu378PEoTjOAgNgQEgXhrRTPzwww85jkPfBPg+VCqVTNFo0PkE mpNM36Gb2b6JJsbRo0eHDBni4+MD14HrG43G7OzskpISvV7/8ssvw6CFFQXDC6q13WEKdO/e HaYAaP8XL17ESDeYAmq12poD6+TJk6GhoYSQ119/HacbVmi1VsmxRuTc2rVrQYXlOA4rbQDZ 6+npGRAQIHY5yyQ62ljFD11avr6+AwcOxKjPiooKtJG6d+++Z8+eukr3P3HihMz6p1QqxeoC avZTpkzBFJ7i4uLJkydHRkZ26dJFr9fL1EcqLCz8+uuvv/76a4VC8cwzzwwaNAiCtziOmzdv 3ty5c/FMcH7J1EyskVyqvUsiPz+/pkWf5GE0GuUTqTIzM+U1VEJIXFzcunXrQPOraf7Ik6su wOzSaDROTk4yZBotr0eMGAE1OuoQGPXduXNnMXcqBobyykfNoFX92muvgfxCN6rA3Dx06FBE RETr1q1BCoNllpGRUVlZCRRoly5drl69ipHn9kU2tW3bFlZBmDbom79y5YqkRXvhwgVQUcVr DOzsYvutb9++bTAY9Hr9O++8A6UzoeaS2WyWjBfB8EaDwSCTYEmjRYsWMo9kh6TAkCJ04kCL 8TwvmV9w/vx5MDhsrNWTkZFB07A2ruLQLDgjsrKybOk7kP4cx9k+0aw9M8R2PfXUU4WFhVAG Chjyn376aciQIS+88EJKSoqDgwPc3Xa91toUMJvNMAVAEZGZAkajMTc3t3Xr1t27d9+9eze0 J3j3DQZDnYShnT17dsKECTExMahDFxYWfvzxxzdv3gSuqD5y7ulaTNZKaXEc9/zzz9eeZrfF HBJ/6+bmBsNy//794o1pkpKSgBJ47bXXql1Zq6qq8vLyVq9ejbnoXl5eDRo0gPmr0+lcXV15 nre2l1JN5VJtYDKZ9Ho9FgKvs9VXXQfrL2qiNpbG/3eoC7hiScopjFtBeT1s2DDUFYqLi48c OXL79u27d+8+ePDA0dFRbGbZ3rjg+PTz83NwcKi2Avm7774LB9VKw6+++gqsaijX+tZbb5F/ nI70aRB4odFonnrqqdLSUnD6wjknTpwYMmTIiy+++Mknn3Tu3BnY+5pG7REqrrC8vByIDaPR CEu4tbRJMEk1Go1WqxUst7bXxUJAILePjw+UMQD3bWZmptirguGNZrNZxissgHxWi5OTU00f GCJVaUfA7du3XV1dra2pKCibNm0qmQtgC/NsNBqnTJkiL6TovrPmZYC+4zgO+o4uDW7LRLOG 4uJiuO9zzz139OhRMAEzMjIIIefOnRsyZIher4da2qSGETYXLlyAcWVtCoAiAuGT1qbAzp07 582bx3Fc8+bNb926hWW1Pv3007oSWaWlpeIqPeSfVCax56WWQBKOEJKTkyMYxqWlpS1atIDJ KBmD+Wjg7u4OB5LZChiTgVzXsGHDQkJC5PdSysvL2759O9BFKG0gcuvs2bPWdOsaySUHBwcX F5fy8vLahH3Il8mCsNw7d+7I56bWH2wkwv8d6gImwvr7+4vNeiyRBvLawcEBSBiz2Tx9+nSB GlvL8qtHjhwZMmSISqUaNGiQvBdQr9eDUWg2myWtTMGgB/H68ssv5+fnAzUqzjXAMi/PPfcc hLAaDAYQiGfOnBkyZIhWq4UkJULIl19+accL4h5C9N1BMbLWdND+JpOpTki8kydPQgu3aNHi 4cOHsB4IWBbyf8MbZ82aZXuFWh8fHzGJh4WSYDWyHa1bt8YqnxjziFu5iPUnQtUJyMvLAwVl 5syZTZo02bRpk6Qcx7LEtOpsNpttTPSype94nofnRI1HcqKBd58+TQaQXxoYGHj27FnoRHhf tGN8fX0hxlMcXiCDhw8f1n4K5ObmQqhKnz59Nm7cCEat2WwWRwnYZ9vApsPiunhubm7QFHW+ 2Xfv3r3hQGYvRKgH5ezsTMdIPUpgL1dbmJI+DSLAZIac2L0IQswWAtgWrFmzRq/Xp6eni9NW UdGpzfU1Gg0wo/Hx8eLqEaQWJRaeKDy6Mk1//fUXaAySmyWCeVdWVgbyGg2jbdu2iSkvgfCt KTA4PyQkBKWnJFuLNXe//PJLW8bT119/TQjp3r07FlSRHO7w4fDhwyGLCZ/nzz//5HlepVIt XbrUjhKBgObNm6OtTMeKwk0hGFP8K7Dk6qpoaGlpKRivb731FgQ5ilkWOrwxMTGxRsk/krGu 6Lqu1m4W2ChY4ZvOvoPCTdYGG25pASqO2Wxu1qwZx3GShXTQ8EVNAsokQIKW+Pzu3bunpqam pqaiDm1L36GyhUW6JL2eMDaMRqNMYrCgEXx9fSHdC2PULRYLEDwxMTFAHdV093nBFMCBWqMp ANpwQECAo6MjpGJKMlh2YMOGDYmJibitHw3cHLJuq+ZhxQie52V4GixODOTlowc6czHXSfAW YF9h6iNGHshzh7hbEIhZLAgmU6OlRoBxi+lLtEEIbW7LdJBbR/9ZsMThX8Dn1dWL/K+oCygj vLy8OnXqRH8eFBQEjLS4to+4MLuLiwudOmILBDV2KioqMNVn6tSpkiK+SZMmW7duxVofNtZe /fHHH2EFgqIRtLVKQ8Dj4SpSVVVFr6kGg6FGg1ipVHbv3h2LkaWlpdFmMSolCxcuFNDUffr0 Ead61xJ79uwB2ha8KoIG5DgOwxsPHjxY0wAinU4nqKGp1+shI8tkMtmuY7Vt2zY5ORkjJ2h7 EbgiQkh4eLggdrJ58+YgE/Py8sAmLisrg5O9vLwEOSkKhQIKKtPD+9ChQ3CwYMECAaeq0+lg eJvNZtx6B8M/Fy9ebEvfwUTz9PS0NtFsZK0EGh5dD1uQel7TCBvBFMBFpUZTAIY0x3GbN2+G 97KvCrgYoAyBK10wYKDrT58+bYeXUH4owkg4fvy4PG+HXVknnu+aAv2b/fv3f/rppwXfYvY/ duiFCxfgfE9Pz7i4OElOIjQ0FMw2FJjg8jAYDHUVsQjXcXZ2hv0tAc2aNZMsQ2kH0NAaOHAg HX3Zs2dPmJ517rp6LHikA+7w4cMQvxMVFdWkSRPYX65///7wIeyqAGei+6dz587Xrl07fvy4 xWLRaDSBgYH0PkCSlToElC8hZMyYMS4uLkVFRTiIz549e+zYMTCMBgwYMGDAgNTU1CtXrkBG 0NChQ2klkY6LlofBYICob6RGJE8rLCwEtwW8KS0fjx49ii+Ii4oY48aNe/3112n7FX2KgJKS EoGfpbS0FNyKOp0uKSlp+fLlN2/edHBweP/998FYN5lMtmQl2AhBjUgBy+Lt7Y3L5BtvvOHt 7S2z45Gzs/PWrVsFC1JISIhOp0tNTeV53s/PD5Ohd+zYIXZ2tm/ffs6cOTQ/hEkKON7EYQRb tmyB7RjWrFmTlJSUkZFhsVheffVV1FZXr14tPjkuLm7Hjh0nTpzgeb5ly5aoK2RlZSHtUVBQ cPPmzZYtW3Icl5ycDMX+4DlxA4hDhw6hofzw4UPoO61WK9l3PM/TfXfo0CGZicbzvLXqF2KG Fqoqwb90LV569/b8/Pyarp21nwJIYqF+RpdBrCX27t0Lb71hw4alS5feuHHDwcGhR48eWJ/R 2tS2GxjkKFMiHSYpjByVStWxY8e6DdS3BVVVVatXr4bptmzZsr1793733Xfl5eWurq5z5swB QogejVVVVcuXLweexsPDIzExsbCw8Ntvv4WNUv38/EAIoyVDE2biRHq7sXPnTnjmhQsXpqWl /frrry+99BLeuvZmUmVlZXp6enBwMCivycnJRUVF7733Hq4j8logUxekNdP58+fDmBg8eLBg F9r4+HgU6DzPJyUlgdQIDQ2FKBha1sDq2LNnT1yHxOsNKMIcx6lUqqFDh5pMJjonZ/v27Xl5 eSNHjoR/JRkLk8k0efLkGlUS3bt3L9BuZrNZxrt5/vx5UGzv3LlD06e03wv2mLAGwYJHg654 SCMpKUmtVnfu3BlylgTfzpo1qw5Lh2KxXrDCBTYi/cocxwnoHzEw7Ivu5a5du9K7NsOLW3N2 ent7W7t4QUHB/PnzxRbGuXPnkpOTIUQrIiKC1lMJIYmJiXTa0rlz577++mtglegia7i4Cgpa LFy4cPny5bDUYRY7rXcKyq3I911sbCzddyaTad68ecAziSfa8uXLBZ41mSApqKoE45lejIuL i2FyVbvCVTsFCgoK6PFAV1iSnwKgHWLrffbZZ3U1evPy8sCcUKlU4tZetmyZwOq1puzKKMF0 m+t0OlhXbEnr2L59OzzS8OHDH726ADJqx44dMMLFows0b3o05ubmxsXF0VsbSArbefPmYXwb pJdX2/s1embULENCQmg/nS1VGm3ZvvXTTz9FJ6kgrvPIkSP2KbKPIHqxRlA+4vvdunVr/Pjx gv0/CgoKJkyYIPDunDx5csmSJYKf5+bmTp8+ffr06aAPPv300xj/BeKenmxVVVXTp09Hmgg2 UKCvduLEifDwcMliAGfPno2NjY2IiJDRFSS/unjxItzxp59+knGjovaNPnLA/fv3oXEkBYcM aVZcXJyenr527drRo0fLxG9u2rQJkhsFVPCYMWMEMSJ4L7v5wAMHDqAKJTZba3QpTGABMbR4 8WLBvoVQeFHw4jJ3MZvNmZmZqamp48ePj42NtdawP/7445QpUwR5DQUFBdOnTxdL6s8//3zG jBniJIi1a9eKi19VVVXFxsbS/AQqyitWrJDc3cD2viOE3L59OyoqypaJRv5J3JAcrtnZ2XAg DmaELAlCedPELS8TDYMyWmBElpSUyEwB8TIAtzCbzTVaXZC/tJYbtX37dqjUJG5tbBO6N4nU tkY4d8RDEfLf4ATM47VF48HdFvR6Pe6xaY0csoVAsuPbo0ePTp48Wfy+e/fuHTlypDj74OrV q6NHj96+fbvkeNi9e3d4eDhGO2q1WmApJBMX7ZZLsbGxO3fuFHy4f/9+W3YSgf6VvyPP8x9+ +KGgSoTZbN6wYYP4vmKrSRIwSGwMx3kEGRmPbs97Ia2hVoNpYjKZ5Iesg4ODSqWyWCy19zDJ 6U1KJbg2JMOhBYDNsq9cuSIW3/8WaDQapVJZ361a33B0dFQoFLZ0WV0N1/Ly8mo5GBxLNjYv x3Hgh66oqLBlzteo72yfaAyPUf78S1HToU4PYJkxqdVq66/BIX6i/q6vUCgaNGhgsVgegVx6 1Kv247pxZWWljUpTtaUR6gQWi8XGymvITT0WJrCu8N8h++o23KxOhmtNxxLYJTUSKzXquxo9 OcPjkj//UtR0qNs4gO24pu2o14sDFVGbnTCfaO2QjfiawsXFBULlmbXBwMDAwPA/AjVrAtsR GhrapEkTqOlGHknRTQYGBgYGBqYu/MvwwgsvYAq+wWCwY19pBgYGBgaGfyNUrAlsh7Ozs8Vi MZvNBw8e/Oijj1iDMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwPB4o6uOifn5+CoVCpVIVFhb++eef8id7e3s7OjoSQvLy8h48eFCD R1conn/++fLycvHnJpOptLS0uLjYYrHU5kXatm2r0WiKiooKCgpsOd/T09PFxaWqqurSpUsy pzVr1szNzY0QcvHiRcFXGo3G2q8sFgvP8/hvQEAAvLtarRZfR4AWLVo0bNiwsrLSlpPlG7yy svLWrVsPHz6UOTMgIKCystJah7Zs2fKZZ55RKBT37t3Lzc39+++/63b4ubu7d+zY0d/f38XF hRBy//79s2fPnjlzRnIo+vv7m83mqqqqai+rVqsrKyuvXr0q34OPDO3bt7dYLNae3Gg0GgyG e/fu2TIF3NzcAgICOnbsiC124sSJzMzMiooK8cmNGzf28PBQq9Xnzp2TabcGDRp4e3srlcoL Fy6YzWb4UKfTtWnTRvChtU5RqVTY4HaIBUdHx/Pnz8u8vlarbdOmDSHk4cOHbDN6BobHoy4M HDhwwIABhBCz2TxmzBh6kROgefPmixYtguPx48fLL0Li2Z6YmCh/TnZ29vLly21ZDCSxceNG vV5/69at+fPn23J+eHh4cHCwyWSKiIiw47S2bdvOnj3b2q/oxxC8e0xMTHFxscwdk5OTOY4j hFT7bLY0eEpKSnp6erWnJScn//jjj/RXPj4+s2bNEpyfk5OzatUqo9FY+4EXFBQk/3bLli3L zs6u0RCiwfP8qFGjsAfx30cP25/87t27c+bMsbY2t2nTJjY2FsaGGEeOHNm1a5dg+kRERAQF BVU76p599tnp06cTQqKjo+/fvy/4UOa3q1evBlWMEDJr1qw7d+7UtHHwCnl5eXPnzrWmVWzZ sgVePD4+/sqVK2wxYGCQh7I+Lrpv3z6QBSqVKiYmRsYOwMm8fv36GukKhBBblAAfH5+NGzfa /SImk4kQUlhYaOP5Nq551k7z8vKy792Dg4PlyQxr64F9DQ7NUu1pAtu0Z8+etK6Qm5uL9FJi YmKDBg1q+Xhr1qwR6Ao5OTm0cgDLT48ePWrfFHWi3NQGttNmzZo1szYFQkND586di2PDbDZn ZmbevXsXT+jVq9eWLVvUajX9K4PBAAeVlZUy98Xepx8VP7T2W1pXiI6OtkNXIITMmDEDJ5S1 qTFlyhR48bS0NKYrMDDYAnU9XXfhwoUfffQRIaRdu3Z+fn6SjOLw4cNhxmZlZWVmZtp9r4MH Dx44cECp/H+qj1Kp1Ol0fn5+YPnpdLoRI0Zs27bN7uvrdLpH0xnt27cnhBQUFKSkpAhktPwS 1bNnz3379ln7tnfv3o99nLm4uAwfPhyO9+7d+80338Dxyy+/PGbMGELI8uXLJ02aZPf1FyxY 4Orqitc/evQoraw0aNAgPDw8MDAQ1sisrKz8/Hxo0jFjxtC6l8Vi6dKlS3h4OCEkLi7u+vXr OK6eTOTn50syUlqt9o033gCST6vV9uzZ8+jRowImBjWnI0eOfPnll7Rfr0OHDqDocxw3efLk lStXPoJ3oXWFiRMn1sg1KSCBli5dCs0SHh5+/vx5waWCgoL8/f1B9dm1axdbBhgYHhu7QAh5 8ODB9u3b4Xjy5Mnixa9Zs2Ygrcxmcy2F0Y0bN3ieN/0Do9FYVFT0448/RkdHwwkdO3b8V3RG 8+bNQXnKycm5KoLYvQpennv37ul0OpSzYgqnS5cueObjejVYgAkhKSkpqCsQQn7++Wcg1Z2d ncGRbAc6dOjQsmVLOJ46deo333wjIDb+/vvv9evX79ixA/4FBQVQXl5uosDzPMap5Ofn0+MK 8KSNGZoMECiX+/btw5kFegPCyckJmZj58+fv3LlTEAN0/vz5qKgo1GKtja760BXMZnNUVJTd ugLg2rVrJ0+ehONly5bRX7m7u+O7T5kyha0BDAyPWV0ghBw7dgxcEhqNRuxRRpNo2bJl8qxm tbDGtN+/fx8i0WSoeLVa7eTk5OTkJBNjiHBwcHByctLr9WLtp/ZwcHAA+/jChQu2v3hOTg78 6tVXX5U8p2XLlhzHQQug/S2pVUA7aLXa+hgMTz/9NCGkrKxMHPRw6tQp4Ld79epl38UnTJiA K99ff/1l7bSjR4+CKuDl5WWL7+MJ5xWQOJH59tKlS9C2guE9cuRIZGKsRfkZDIbU1FTB+Y9G V0B/h8w0rHasJiUlwXX0ev2wYcOwT5cuXQrHS5YsEQdKMzAwWF0u6/Xq6JLo3LnzoUOHUDAN GzZMr9cTQk6fPn39+nU8v0ePHqGhoYSQkpISATWt0+k2bdqE1qGN87y0tFTGJJ0wYQKtSZjN 5ri4uGvXrgnOvHfvXsOGDRctWkQvtyaTacaMGRjDVXs0btwYDtCpbwu+++67/Pz8bt269ejR 46uvvhKfAGvwkSNHqqqqQkJCxCdoNJqoqKgOHTrQrzZ58uTXXntt8ODBly5dqj0RzXEcNJ01 l9OZM2eCg4PBF8NxXHJyMix1krfGQQKxsa1bt4ZOvHLlSrXx7du3b58+fXpGRoZM+G3dIjo6 OiAggBAyevRocaIBHRaakZGRlJQkf7U66Q61Wg2PxPP84cOHZc784YcfwsLC0tPTjx8/Xn9N tGbNGhgePM9HRUXJUDjt2rXDuAT65+fOnZM8f968eatXryaEhISEnDhx4s6dO/P+P/auNaiJ qw2fGJZIE0soVCRF64gXtNLRakXHe2vrVEupjlV/SIOgeL/EoVaFQdREkcs0VkAbxUutMxZ1 CtWp1fGGU8bBIql3nNTWogU7FYMWisuS8P1453u/7dnNGkCQfp7n12azm71k97zP+7yXk5KC KQsOh4MZAAaGDqEukH+GJCAjmhASHBwMdovn+W3btlGCBAjmer2eylHasGEDLGzfvt1LrsBx 3LBhw4hcrmJqauqKFSso1UGtViclJVGO1IMHD8aMGZOdnU255hqNxmq1yvp2LRNLwP8GPbxn z54xMTELFy6Mj48fNGiQSuWxgKW2tvbs2bNAp15++WWpfzxixAhCyOnTp2XV3YCAAJvNJuYK cGm5ubnTp08HPUC6l7KtlWbhoRjjaViH2wibCYIAmlD//v1lVZzJkyfDhUNu7Lhx42D94cOH n3iTr127ZjQac3Jy2o0unDhxAhaGDBki/Rb+Hbgz3ogZzZW1/Pz8gJeLYTAYYOGbb75RTpl0 u91GozEvL+/XX39tO10BucKCBQsUuILFYpFyBUKIyWRavXq17C7V1dU4/qxbty42NhaCVixl gYGhw6kLwAAmTZoUGBio1Woh3wrf+ZSUFGl1Q2pqKggS8fHxZWVlICdOmTIFtMrr16+fP3+e 2qVLly5SM9m9e3fM+s7LyxN/O3LkSAx1Z2RkQI+EiIiIxMREQsjYsWMPHz6MxhVZgt1u37dv X01NTXBwcFJSEozCM2fO3LVrF3X0zp07BwUFyRpaAOQoUHj99dfBVFMUCmjT+vXrZVUHjuPQ pR49ejQlMEA2AM/zVVVVUrMBfwEs3Lx502q1/v333wEBASkpKXjVsmme4eHh165dkzVvbrcb eI8Y0ANAp9MNHz68rKxMuhecm0aj0el0tbW1BQUFERERarU6IiLCbreLtwwODoZz+/LLL2EN aBIul6tjls7fuHFDEASO42bOnCl9dN9//33Q0oD6rFy5kqKGPM/37t178eLF8PHo0aPULyg8 ZjqdbvPmzbAsPjQ+Cffv339WtwUKO8W6QkJCggJ3iYmJCQ0NhWWshu3Tp09ycjI8kAsXLkT1 kRp/JkyYEBISwnHc+PHjYeUnn3zChn4Ghg5HF4ABbN26lRAya9YsTI8vLCy8d++erCBhs9kg 18FisSxbtsxgMECiFs/zskpsTEwMqNOyyMzMFBsSlUoFP+5yuRYvXow9gq5cubJ69epNmzYR Qt57770DBw6If6SwsBAtcWVl5bJly4CCDBkyREoX1Gp1VlZWc+/Sa6+9BmelVqsJIQ6HQ6vV oiOYkpKSmZkpbQoEfMhutw8ePFgaj/jggw8IISA/wM+K0a9fPxisi4qK8CqcTqfJZLJYLDg6 SzFx4kTZuIYCQIcfOnQox3GUZ6/T6cLDw/HWEUJ+/vlnMLFTp06l6ALEVlwuF9IOYJyNjY2t zIBpIzQ1NRUVFU2YMEGv1/v7+4s1nsDAQCDBmCIgW7KL9Qv5+fnSByAyMvLevXtUW4WAgIBR o0aJKySRXYl1jl9++eVZ3ZaQkJDY2FixYufj4yPbFYoQ8uKLL8JNoKIVDodjzpw527Zt4zgu MjJy3759ssXYa9euFUd5NmzY8NQ7gzEwPA9oj2SuR48e4YAIqK2tlQ20A4qLi6HOTa/Xz507 F/s4paSktKBLY79+/cQfu3fvDgt79uyhRo3KykpIhaMU0bq6OupsGxsbT548SRSTKJsFX19f sBxqtdpmsxmNRrPZvHr16jlz5mC8X7bAROx0UvEIHx8fqBaDwLOULkCBJc/z0ipTs9n81EUm OIfU1FSxA+3j44NhJjGgeoLKSVSpVJDRCS67eHtPbTejo6OnTJkS/U/MmDGDir+0Kb777jtY GDVqFMW6wJYrJLcmJiYClyotLRVXlFDXOPWfGD9+PGo/9fX1CxYsEN8u5BaezHM7IDk5WcxH OY5TyMmAx5gQkpWVRb2bgiBg4UNUVJTs7jzPw3iiwMkYGBg6hLoAFuvdd98NCQnBwUJ5+3Xr 1u3YsUM8wn711VeyagS8/6dPnxbnfou9q6ioqPHjx2NVGLpWFy5ckP7UqlWrpCtlOzortLAl hFitVqfTKbXQsOPSpUupyjRBEHJzc3v06OFwOMQBfkEQtm7dmpiYCOL8m2++KRW0xW6iOB7R t29f4Dpw36QnDDERh8MhJWH19fVXrlzBYZqC3W4vKCjwdHWvvPKKtBDm2LFjkAwRGhq6Z88e m812+/btsLAwLLCkcPbsWZCUhg4disUUmNV48OBBantMFKUwbtw42XqQXr16Xbp0qX0e/urq 6urq6sDAwKioKLHJf+utt4AHeNJFpk2bhu0BQJ/zHmq1ury8PDc3V5qz0kbFLy3A3bt3s7Ky 0tPTOY7T6/VTp06V9SJ69eoF70J5ebnsww+hLmkUDDBs2DAxNUlLS8PRgIGBocPRBULI5s2b rVYrISQ/P/+JBQUNDQ3YaIUQcvv2barJjBgHDhyQRsT37Nnj7++flZXFcZxOp5s8eTKM1BC4 raur876Gqrltmurq6igJnUJpaSkl5jc1NZWUlJSUlMhun5eXB7du1KhRsnTB7XafP39+xIgR 4ngEmGdw66XAagVPB62srPREF86dO6eQKPD7779L6YLb7TaZTJ999hl8FG9w8+bNy5cvf/TR Ry6XC/Uep9NZVVUVEhIyY8YMpAsYk6KiSwoyj6+vr+z6do5cHD58OCEhwc/PLzg4GLxbKHAl hHz77beyu4wYMQLcZUEQFBpYlZeXQwQNn1WTydSnTx9gV7L6QWlpKSTEdOnSpQXtDWRpYsu4 Arzg69evB4UpOjq6rKxM+mhBHQfP854aufI876m8Wa/XU+QA6ipZqiMDQ3PRfpXl2JTQSzFQ 3P9VeRdPpuLhw4fYqQnS6dHJbovGCf+jYE/7x51OJxSMKOS1AZ3CeISvry+kcxYVFSmfZAsm 1FAOwXgyJw8ePJg9ezZWCsB/kZ2dvXHjRlBHGhsbxZo5VDrodDqY98jX1xfoC1X7B+q0RqOR ZrwSQhYtWmQUAZ+HdgZGlN5++21YiI6OhpdCrJMjwsLC5s+fD8vLly9XIDdUqXBdXZ3ZbMZ2 Izk5OVLChAF+byIyAQEB/v7+lLbkzSXr9XqFb8vLy9EZqKioQFKbkpIifX2gl4YCQ4UNZLNt sMvC1q1bsSnTxIkTe/bsyUZ/BoYOShea652I54aJjIz05Okqo7a2FlpF4RgER++YaXEKAKOu oHNAa0tCyOjRowkhAwYMEF++rEMG20vLL9sObrd7//79RqMxNjbWaDTGxcX9+OOP5L8JjFQ6 AgZlIKEdbRvVAwD5x/Dhw594As8qx43neTDhEIBQq9XgMR85ckS6cVBQEFasJCUlKfcski3l zczMhL3UarU0J+DOnTuw4E1frJSUlM8//3zv3r3IxjB7QJafITB9VbaCJjs7W/xx3759eMLr 1q2jNoYHQ8HAd+3alRBy7do1an1CQgKoiXfv3i0tLb1//35BQQF8lZyc3KY+AwMDowvtBKh9 Eq9JTEyEea5bCShH1Gq1suNsWFhYXFwcVsO3GwYOHJieni4elMXAREhlPgHZGOC/gm6PSXay lhu8TLBbUsAMC08RGo0G6Y5Y0lCpVFAMSQ33giBA5EV8RTU1NZR+jjkos2bNemKvxlZOaN4a wKQeHMcFBQVhlF3a41Kj0WBZzfbt22W1B2+AhEPawkQQBEwlVnaysWwVu1yIqXb//v0V9oVK H0EQZKsVpBwC85lCQ0OpacCg0bVGo/HUmgIUFEoFGTx4MMyc6XK5UlNT8V8AoY7jOFZOycDw r6cLQUFBUBjJ87zRaMTacVzwHgaDAQwthkKw1lzWHMbFxY0dO3b27NntfMk+Pj7BwcGejPeg QYNg4dSpUwo/8v333xNCIFEDhNkffvhBYfvffvuNENKjRw9Q+2Xv29PCkiVLbDYb5i5QdgWi G2fOnKG+ArojviKqxAYsGcrjGRkZCi2tiGjOz/aXGW7dugVe8rhx49555x0iarcgZk7QhRCE B9k8FS9RXV2NxcDx8fEUkcJamOTkZIU7ZjKZxH8EABnMjBkzPNnvwMBAoPs8z3up5DmdTmyp FBMT061bN/FXYOCBglDo27cvSAigVAG0Wi0GniwWi1i4wlngw8PD298xYGBgdOFpAtVIKJG6 fv06NJXT6/XNmn24R48emAWGIXyHwwFjR2xsLNW5KDg4GGySp+aDbQfsmoezdCJeeuklyNVy uVzKJ1ZRUQGXNn36dI7jamtrlRPZcMqlzZs3i+tK/P39xdlzTwWQUKnRaCiX9IUXXgAnr66u TjptaUVFBWjUkLbpqeYQlW2dTrdjxw7ZGHbnzp3j4+PR5xZbo3YD8LmoqChw96XUZ9OmTfBM Hj9+/NChQ6083LFjx3BSMWrWSofDAVaf47ht27ZJNS1fX9/k5GQw+VSvaBQnOI6zWCxSSb9b t25Ier7++mvvT/jkyZNYEGs2m5GLYPjJZDJR76yfnx+2ixXTBawEPnHiBNXf7NGjRzij9/z5 8ylNgoGBwaNb29FOKCYmBkaEoqIiTG5KS0v74osv4NuysjJqZsV58+ZhBhlAr9eDsw7geR7n d25qatq9e3dCQoJarc7JybFarZcuXVKr1cOHD4cJrwkh6OW0Gx4+fFhcXDxy5EiNRrNz5870 9PQbN2506tQpMjISiwh27NjxRC0dOgJ5OVLfv38fD2qz2QoKCu7cudOzZ09P9eutARKdVatW 7dy58/z5801NTQMHDoRZkgkhngoFjx49OnPmTFj2VHPY2NiYmJiYmZmJNoz8d1KAx48fv/rq qx9++CE1OQjas9aA47i0tDRP85JotVrKSJ88eRLvrZT6TJkyBQNwTqfzjTfekE57ptVqz5w5 o1zEK0Z6enpaWhohJDQ0NCIiQtzlyWw2w3QVfn5+2dnZt27dKiws/OOPPzp37jx69GgxL1+7 di314GVkZGzZsgVUqLy8PLvdXlxc/ODBg6CgoI8//hgten19vTTaogxsqcRx3Keffgq0lef5 I0eOREVFwTu7ZcuWy5cvu93uiIgIfH6OHz+O5DgmJgZjKPv375ce5cKFC5MmTYJc4I0bN7K6 SgaGfx9d6N27N4xTPM/v3r0b1z9+/NhqtYK6aDabFy5cKN5LrVZTvZjEgAmTxMHy4uJig8EA /XelqfKZmZkoESvotK0pJ5Pd12azhYeHQwgAHSaxEuCNNH3q1Ckc6Kn5nDwdFOeVoOY4frpo aGjIyMgAIWHOnDnIzACFhYVSaQFw7tw5pAueag4JIX/++efixYvT0tLQVnlqPXngwAHleZWa 9Q+GhIRQSTZiL5xaU1NTAw0YZKmP2G/GS5bCbrd7Sl+Voqqq6ty5cyBmmEymefPm4VnV19cv X74cCnQJIWFhYWh6xVizZo24RgkvJDMzE5qmE0IGDx4sDaK5XC6MZXgP6NwKzwkEC+CxP3To UNeuXSMjIwkh0rLSu3fvYmHkgAED8BVYs2aNpwNZLBaYyYzVVTIweIlnEIxQ8I2Q5q9fv54q 8LPb7dCkRavVehNxdDgcBQUFSUlJCQkJ0vrDgwcPJiUlSTsDLl26VOyBwTnIjs6QA+HJ2VU+ N0ikkG62YsUKqdfL8/zKlSs9tZ2gCusrKytBva+oqKDC87BeetDt27cnJSVhQLq6utpisRiN Rk99EonX3QCpP/rq1auJiYmUMlRVVbVy5UqFFp91dXXwv9fW1irn/f3111+LFi0ymUyyrSaq q6uzs7Nnz57tPVdQ0HIwFUbZ8klXonAlpT7e/CbefDw36n5KsXv3biw6AIqMcDqdRqPRYrFA LiGFvXv3Go1GKVcAXLlyZd68efn5+bI8yWq1xsXFSa/Im1TTq1evIjOeO3cuBjtyc3PXrl1L vbOCIJjNZlRxVCoVkp6cnByFYJwgCNguduLEicpVHgwMDIQQ1fOurvj4cBzndrsFQXiGafMU fH191Wp1p06dGhoa2nTuRJVK5anvAkz/U1JSIjtzT6soaqdOILM/fvy4BV0fmnsUqp3Ds8W0 adOioqLq6+uxrULHAZYeCILQrEpjvNVt/Z9S72xDQ0NbH4uBgeF/r95zfv0dc2qi9mnmHx8f P2bMGJ7npU0YDQYDRH8vXrz41I/rdru99KQ7/lGay2Agd0G23cIzh8Lk0R3qVnfY6cQYGP6/ 0YndgucWkNyg0Wiounxxjp5sl36GFkClUmGsTVoyysDAwMDUBYYOips3b6LMEBsbm5+fz/P8 0KFDoWkS+We2OUOLsWTJEnGTj5KSEjaBMgMDw7/P52G34HmGwWDw1GKhqKho165d7Ba1HhD0 gWVBEBISEjpOlgwDAwMDowsM3qJPnz4jR440GAyEkJqamp9++unixYstjmQzUAgLC5s+fbpK pSorKzt+/DjLzmNgYPg34j8DAPwp4Z92VT2YAAAAAElFTkSuQmCC --------------070604090202070300070308-- --------------080102060003030905070508-- From nobody Wed Feb 10 02:46:40 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 676241A1A9D for ; Wed, 10 Feb 2016 02:46:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.348 X-Spam-Level: X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_ebKpyLLS7M for ; Wed, 10 Feb 2016 02:46:35 -0800 (PST) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 96AF11A1A9E for ; Wed, 10 Feb 2016 02:46:35 -0800 (PST) Received: from p5ddfa629.dip0.t-ipconnect.de ([93.223.166.41] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1aTSI2-0001nT-Kr; Wed, 10 Feb 2016 10:46:30 +0000 Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aTSI0-00065R-2E; Wed, 10 Feb 2016 11:46:30 +0100 Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from ) id 1aTSHy-0001qm-Uh; Wed, 10 Feb 2016 11:46:26 +0100 Date: Wed, 10 Feb 2016 11:46:26 +0100 Message-ID: <87io1wc071.wl-neal@walfield.org> From: "Neal H. Walfield" To: ianG In-Reply-To: <56BB0308.8020504@iang.org> References: <56BB0308.8020504@iang.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.253 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000) X-SA-Exim-Scanned: Yes (on mail.huenfield.org) Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 10:46:37 -0000 On Wed, 10 Feb 2016 10:29:44 +0100, ianG wrote: > > (we should probably fix these one day) > > https://saltpack.org/pgp-message-format-problems > > We know from re-implementing PGP's message format (RFC 4880) ourselves > (here), it has a lot of issues. Some make life difficult for > implementers, but others are problems for end users too: > > 1. PGP encryption doesn't authenticate the sender. > > There's no way to verify who a PGP message is from unless it's signed. > That means that as a sender, you can't authenticate yourself without > giving up repudiability. Partly because of this, authentication is off > by default. > > In contrast, NaCl encryption authenticates the sender in a repudiable > way. That makes it easy for us to enable authentication by default. It > also means that we don't need special support for a "signed and > encrypted" mode, because very few applications actually want that. For normal users, this is probably a bug. But, for advanced users, I'd consider this a feature. Correspondingly, I think it makes sense for signing+encryption to be the default for an OpenPGP implementation and for mail clients to not offer an option to only encrypt. But, whatever the case, I don't think this should be removed. > 2. GnuPG will output data that doesn't verify. > > If you run gpg --decrypt on a corrupt message, it will print the > plaintext to stdout, and you'll only find out if the message is bad at > the end, after you've streamed out unsigned data. Try it on this > message signed by Jack's key: > > -----BEGIN PGP MESSAGE----- > Version: GnuPG v2 > > kA0DAAIBcYdraK1ILTIBy5liAFaqa7BKb2huIEphY29iIEppbmdsZWhlaW1lciBT > Y2htaWR0LApIaXMgbmFtZSBpcyBteSBuYW1lIHRvby4KV2hlbmV2ZXIgd2UgZ28g > b3V0LApUaGUgcGVvcGxlIGFsd2F5cyBzaG91dCwKVGhlcmUgZ29lcyBBIE1BTiBJ > TiBUSEUgTUlERExFIE9IIFNISUlJMTF0IQqJARwEAAECAAYFAlaqa7AACgkQcYdr > aK1ILTK6Ewf9GIIzBmtGuNeJXUGAoDbG5mmVDyMwpu3i72OwOfoSo+4GI6mT/FuV > PKh7HCKwglmTuO2oazg0sUnoktjmHxdNQuJZ+6ii/5xXb80XEHFECFDClrjwbkeE > +3irJDrpnmuQzRyJVOYh+fr7dxrlN7pgMdjlkbAgWnATZ+k1zf8z40p8SANNpXHt > 9yie6nuzKUd1LUujPa4sz6BfNW0Clcp3c0XFeU2je//4TcZ+4/Ql2B1/MdzqF4+G > TPh+B1L8k9F9TNgyh9lXyez90oRLEvw3+3o9+CvMvQb6Gb8aR+eW/rE+wabdiwSY > qfLaI0VHvwNCa1NV/5MmX6UKUzNV2c4vcAo= > =uIW7 > -----END PGP MESSAGE----- Guilhem Moulin raised this point in December and suggested using chuncked streams, which would preserve OpenPGP's streaming property: http://mailarchive.ietf.org/arch/msg/openpgp/YZP6dZMPzqlF4-9ISturX_Q_vQQ I think it is worth fixing. If not with Guilhem's solution, then with something else. > 3. Anonymous recipients aren't fully anonymous. > > Even with the --hidden-recipient flag, RSA encryption leaks some > information about the recipient's key. Is the argument here that NaCL solves this problem? > 4. PGP ASCII armor isn't friendly to modern apps and phones. > > * > One of many manglings > > Almost all apps, email clients, chat clients, and web pages do > post-processing on the text people post. PGP's whitespace pattern, use > of hyphens and slashes, and header lines are not friendly. You > shouldn't have to edit a message by hand before passing it off to your > crypto program. This is a serious problem and I think the suggestion to use base-62 encoding is a good one. Do others agree that this is worth solving? Thanks, :) Neal From nobody Wed Feb 10 08:06:51 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 993851B2C4D for ; Wed, 10 Feb 2016 08:06:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.003 X-Spam-Level: X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vd_BVkBKda0y for ; Wed, 10 Feb 2016 08:06:48 -0800 (PST) Received: from singpolyma.net (singpolyma.net [184.107.182.218]) by ietfa.amsl.com (Postfix) with ESMTP id ED14D1B2C24 for ; Wed, 10 Feb 2016 08:06:47 -0800 (PST) Received: by singpolyma.net (Postfix, from userid 1000) id 21C6326C0007; Wed, 10 Feb 2016 16:06:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=singpolyma.net; s=iweb; t=1455120406; bh=jkaVUGIVipyQZ9y7SfLehwG65A84zXsJYr+F2bATcA4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=j/iBSVNFXrn7GIfY2tEZm20n/x0dWZUUnYQi8bgWAeJLC31OkWAYb4zn8zOIMAVKa AskVPgX0ZOYDoXB3fyagbFwuBgvyaA7PrIFkSayjTvAAd8lOUlz/HUsnWjVR7KHUlb S+O2jOPO4Pg7rmT/h+ub1zTVKMP0A6puBsguqK7o= Date: Wed, 10 Feb 2016 11:06:41 -0500 From: Stephen Paul Weber To: ianG Message-ID: <20160210160641.GA3090@singpolyma-liberty> References: <56BB0308.8020504@iang.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="C7zPtVaVf+AK4Oqc" Content-Disposition: inline In-Reply-To: <56BB0308.8020504@iang.org> Jabber-ID: singpolyma@singpolyma.net OpenPGP: id=CE519CDE; url=https://singpolyma.net/public.asc X-URL: https://singpolyma.net User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 16:06:50 -0000 --C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > 4. PGP ASCII armor isn't friendly to modern apps and phones. Couldn't we just say "PGP is binary, encode however you like"? In email we= =20 have transport encodings, and so do most other reasonable places. The only= =20 real use for ASCII armor anymore is in "clearsign" context when posting=20 a plain text file that contains the signature, etc. --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWu2ARAAoJENEcKRHOUZzeH+AP/1Jo8zh/fZhDvvZ0c/3YeS9n Bzh61SZ30kPGUYufZoBEddatOMQWx5GtCWe8xuJzDi2DVV/kczPEEmyr1RH40p/F TBP0P78EFz1HSb60ypxSAqtKc9rmkSSluz16eqOW+Da01OQmkmN7i7WlVmBfQQw6 FVTVousMaN/f/knjvSbBfLMSQNRBZKyJB1hAbW/lfsAhboc74GRbCiOtrefFYEoI nHtAx0Bs7P5dIa6G4FhOQnI3z7gkmA9l/jIIVo9dlLDw4lJ+RWN25XvyuSZwk9Fa d2FwxoUVdXGGWEgi863b78GnPHlkB6peQdoffBmSlNGHTgfluyss2Nztpqx0E1P4 CEmtTIwv+MYgTGgBIhE6kJINAgljX5+V1kIHzn6cIDcEFZ+CIUt8oQVVII16hXig yN7YQwrQLMzQjb+Vznl2auk6CBBLJUvr7nzxYwo89VuGr+QT4b+q4vUb18BIYEa/ 6f+sODKbJpKN1qJ1/6+zjsnMcYoK/wTgEMUDJep2mRZ937PeIZU5liAAHPAME49p hr7Hwy1Tg2PmD5IIX/7gD5Zq4+Eee5vDe3cV9l1Ev0aKpN+k5KFJNBczdyB3nnYa MRrmx7kNdf8Jpvojgp/4c2cQ+qVTHHwzUFrLZnAL/ktehAkLkMgCQCg7X0GHY3of JXryO/AzxtjfvGu1a4VF =G7Ee -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc-- From nobody Wed Feb 10 11:54:30 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A9781B2F35 for ; Wed, 10 Feb 2016 11:54:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YS34sRoLCYys for ; Wed, 10 Feb 2016 11:54:28 -0800 (PST) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 084371B2F2F for ; Wed, 10 Feb 2016 11:54:27 -0800 (PST) Received: from p5ddfa629.dip0.t-ipconnect.de ([93.223.166.41] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1aTaqD-0005CS-Tf; Wed, 10 Feb 2016 19:54:22 +0000 Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aTaqC-0006hf-HG; Wed, 10 Feb 2016 20:54:21 +0100 Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from ) id 1aTaqB-0003OL-D7; Wed, 10 Feb 2016 20:54:19 +0100 Date: Wed, 10 Feb 2016 20:54:19 +0100 Message-ID: <87egckbatw.wl-neal@walfield.org> From: "Neal H. Walfield" To: Stephen Paul Weber In-Reply-To: <20160210160641.GA3090@singpolyma-liberty> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.253 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000) X-SA-Exim-Scanned: Yes (on mail.huenfield.org) Archived-At: Cc: openpgp@ietf.org, ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 19:54:29 -0000 On Wed, 10 Feb 2016 17:06:41 +0100, Stephen Paul Weber wrote: > > 4. PGP ASCII armor isn't friendly to modern apps and phones. > > Couldn't we just say "PGP is binary, encode however you like"? In > email we have transport encodings, and so do most other reasonable > places. The only real use for ASCII armor anymore is in "clearsign" > context when posting a plain text file that contains the signature, > etc. I disagree. If you are being really paranoid, then you don't want to use OpenPGP from an email client. Instead, you write your message using something like vi, encrypt it from the command line, and then copy and paste the result into your mail client. Then you are certain that your mail was encrypted and that you don't accidentally send an unencrypted draft, etc. :) Neal From nobody Wed Feb 10 13:31:12 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D23A31B3006 for ; Wed, 10 Feb 2016 13:31:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.003 X-Spam-Level: X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QP6EHY_1Yk0z for ; Wed, 10 Feb 2016 13:31:09 -0800 (PST) Received: from singpolyma.net (singpolyma.net [184.107.182.218]) by ietfa.amsl.com (Postfix) with ESMTP id D0ABB1B3000 for ; Wed, 10 Feb 2016 13:31:09 -0800 (PST) Received: by singpolyma.net (Postfix, from userid 1000) id 643DF26C0007; Wed, 10 Feb 2016 21:31:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=singpolyma.net; s=iweb; t=1455139869; bh=RayflUspNGEua12I/b01hAAJolf6wUAxp39g2vHRLgg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=P2KYRUsG5CN6zRMLwdhpEdwP6w9Af+E7JD4QIWT/QyzjFe7WU6RFwOPRGe6ZNC142 xq9cR6oIzHUdw4UMJ/DncBaD9H6yxG7tPPZbOLz1Bzd9/o8MA1eMRtXex6zPnsqTbG ts2jyqO8n+vafROmaT2uvpLAEYy1P9/4hYdmN5UE= Date: Wed, 10 Feb 2016 16:31:08 -0500 From: Stephen Paul Weber To: "Neal H. Walfield" Message-ID: <20160210213108.GD3090@singpolyma-liberty> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <87egckbatw.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="P+33d92oIH25kiaB" Content-Disposition: inline In-Reply-To: <87egckbatw.wl-neal@walfield.org> Jabber-ID: singpolyma@singpolyma.net OpenPGP: id=CE519CDE; url=https://singpolyma.net/public.asc X-URL: https://singpolyma.net User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Cc: openpgp@ietf.org, ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 21:31:11 -0000 --P+33d92oIH25kiaB Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable >I disagree. If you are being really paranoid, then you don't want to >use OpenPGP from an email client. Instead, you write your message >using something like vi, encrypt it from the command line, and then >copy and paste the result into your mail client. Then you are certain >that your mail was encrypted and that you don't accidentally send an >unencrypted draft, etc. Sure, but then just attach the binary file instead of cut-pasting some ASCI= I=20 stuff. Same effect. --P+33d92oIH25kiaB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWu6wbAAoJENEcKRHOUZze8EgQAMPpWQYiXg9XuD+zXY+NKN40 DWmnw3mmN35osJKJtwtgvgP4/5GoNs0i6Kh73X+Pof2QM8twA/G24RvOz1tYqH7v LTSdVwFoWbQDWUwDxKAJrRYNb6mFxUv4V+VqYKLoDXySTAN69BNW0NfkUrBHU3TE GRpVf2sLm7hcU8JUsOJqF6C3KWFxXiE7Qb0ougoY4EaKCE8Kxoro1lcYzC1QfU8i 03oijQzEBqfILvQpPPv41Jw5DCHHQHGSsDLxLeTNvW3KoHRHKTeeVEzeCnsqOK/+ MO7fVPzO9ugHbZ4T9eo9Awz9qkIKCQ0g1AZ27+iTT+k5d721n7yM2mcG2cMURhTO C4dVOzrGFp4vfMRteK5jd/fI8+e7LJh2pOIXfEsgMrACOsfLvF3n15MEbkTdjG4r U5CTwBY9+lOYLqUDzj6CO6cgTnmIJOw16lBeupsfU/KGMhz/ZK3uafBILdEsGOu8 mi/XbAdnqG6dxkfEkwaJEGjwxxc9LxRvI3P51ghYanZtFOwUk5/F+E80LGoIzwB6 IYz4nzBOaGY4qr09/gCGDVq9VfJ4jd5np6pR2lLmSLDw4i3R0ygpup0edXFx2u6z 0kNwjMKrJZ0TpcdfACq2+N9hiprI3hvKNQqJp817Z/UO+b0JX30l3F5slXqu3yCm KwiteijcTTrG2iuQ2Lqd =BiNr -----END PGP SIGNATURE----- --P+33d92oIH25kiaB-- From nobody Wed Feb 10 13:53:06 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BA691B305D for ; Wed, 10 Feb 2016 13:53:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3w0Y8F06iUFV for ; Wed, 10 Feb 2016 13:53:04 -0800 (PST) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F04AC1B29F9 for ; Wed, 10 Feb 2016 13:53:03 -0800 (PST) Received: by mail-wm0-x22e.google.com with SMTP id g62so45442917wme.0 for ; Wed, 10 Feb 2016 13:53:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=6KE7APqyRwbxjLpVOmaS/qY/iy/ntWOnGMxBQprddhw=; b=bCT3csvQBAhQzbJZQE6i6xOh7lOJrjih3+xGe6DdHnvd6LQlW43TeqTxMGhh2QvdWz DlH9VrC/oFr8Hq5Rc5fzuKXQsnqUbCsdkzoSrz6EppHstaW7476MgL3c638UWrlh7UoP Ea6arBJIug1sZZPruacTNgNycskNmU2g9QYSYAkK1k623k9J6yePAWS0Ypmvf0Qu1G/1 QwIH6o0NZrewvB+FPRgNei9w+VftRT5FHrh0pXiMN9qFTDDmmYX5AlqHFnwnN5PrSeo5 1iyM8jcIprR1YEQWc4I2YbcgspRR8/rokVuMpMtYEyeingB8UYq663oTIPIq7BF9L/6W YFyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=6KE7APqyRwbxjLpVOmaS/qY/iy/ntWOnGMxBQprddhw=; b=PRHHGimQOYkD/SPC/j7AO9G3Mbyr9/TPwoL/y4kXfyEtS3m5B97KeANBnXBUdRwpif TJLLvxg/TA9P+P2bdqJjlC2TGZtWv8JjZhXns3ieZjjhJ/fl579l6Eg5goj6ivdp4IKx qdGsosJvihRw3md+xCir/brSZanbgJH/Smjm8wF75yqpxVk+d1LVcOO3qVe5ioqYzA6L SRrOPpAvyywHNDyxyg9mKvSoJV43Z+CCqd9txBV9+QOOa3KxTgMUochVgtnZQazlHWdB TkhCT1K0BIQTgtG4CPIjXXYMjG9Ti1Bm3XbrvZLc+eBE8maO/SvRewK9d7kRQG2F0Xsg ygyA== X-Gm-Message-State: AG10YOSmrIbff/z9+CPOWsI7L1Wud46UrCniLm430G8/9/VCsCM1+73V06EHYO9TM4ghYQ== X-Received: by 10.28.60.84 with SMTP id j81mr13906893wma.91.1455141182411; Wed, 10 Feb 2016 13:53:02 -0800 (PST) Received: from [192.168.188.20] (x590cf192.dyn.telefonica.de. [89.12.241.146]) by smtp.googlemail.com with ESMTPSA id v191sm5184419wme.1.2016.02.10.13.52.59 for (version=TLSv1/SSLv3 cipher=OTHER); Wed, 10 Feb 2016 13:53:00 -0800 (PST) To: openpgp@ietf.org References: <87twp91d8r.fsf@alice.fifthhorseman.net> <3A98EA92-0C2F-46A7-8D06-880FC83CB110@gmail.com> From: Nils Durner X-Enigmail-Draft-Status: N1110 Message-ID: <56BBB13B.3000507@googlemail.com> Date: Wed, 10 Feb 2016 22:52:59 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <3A98EA92-0C2F-46A7-8D06-880FC83CB110@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [openpgp] [Cfrg] streamable AEAD construct for stored data? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 21:53:05 -0000 Hi, > To be clear, there are two separate use-cases, each of which make > sense without the other and require different technical solutions (but > could also make sense together): > > 1. Streaming-mode integrity protection: > > [...] > > To achieve goal #1 properly, it appears that what we need is not only > a MAC per chunk but a signature per chunk. Different ideas: 1. asymmetrically encrypt and sign the MAC key, make this a new packet type to be prepended to the symmetrically encrypted data 2. derive the MAC key from the symmetric encryption key, sign it (but do not store it) and make this a new packet type to be prepended (thus saving the asymmetric encryption from #1) 3. use an authenticating sym cipher mode with intermediate authentication tags, with the symmetric key asymmetrically signed (like #2) > 4. What are reasonable upper- and lower-bounds for chunk sizes, and > what are the considerations behind them?=20 =2E.. or put differently in light of idea #3: at what intervals would authentication tags ideally be generated? Best regards, Nils From nobody Wed Feb 10 14:02:32 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0391B3081 for ; Wed, 10 Feb 2016 14:02:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5m-P--hLHrjR for ; Wed, 10 Feb 2016 14:02:28 -0800 (PST) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 154EE1B307F for ; Wed, 10 Feb 2016 14:02:28 -0800 (PST) Received: from p50813b37.dip0.t-ipconnect.de ([80.129.59.55] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1aTcq6-0005iU-I4; Wed, 10 Feb 2016 22:02:22 +0000 Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aTcq5-0006qx-2E; Wed, 10 Feb 2016 23:02:22 +0100 Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from ) id 1aTcq3-0003ni-TN; Wed, 10 Feb 2016 23:02:19 +0100 Date: Wed, 10 Feb 2016 23:02:19 +0100 Message-ID: <87d1s4b4wk.wl-neal@walfield.org> From: "Neal H. Walfield" To: Stephen Paul Weber In-Reply-To: <20160210213108.GD3090@singpolyma-liberty> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <87egckbatw.wl-neal@walfield.org> <20160210213108.GD3090@singpolyma-liberty> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.253 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000) X-SA-Exim-Scanned: Yes (on mail.huenfield.org) Archived-At: Cc: openpgp@ietf.org, ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 22:02:28 -0000 On Wed, 10 Feb 2016 22:31:08 +0100, Stephen Paul Weber wrote: > > [1 ] > > I disagree. If you are being really paranoid, then you don't want to > > use OpenPGP from an email client. Instead, you write your message > > using something like vi, encrypt it from the command line, and then > > copy and paste the result into your mail client. Then you are certain > > that your mail was encrypted and that you don't accidentally send an > > unencrypted draft, etc. > > Sure, but then just attach the binary file instead of cut-pasting some > ASCII stuff. Same effect. I still think the copy and paste work flow will lead to less mistakes. But, of course, if you send the wrong encrypted file to someone, the she won't be able to read it. :) Neal From nobody Wed Feb 10 15:25:03 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1419E1A6F9F for ; Wed, 10 Feb 2016 15:25:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFFwBe8SdSrT for ; Wed, 10 Feb 2016 15:25:00 -0800 (PST) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 619071A6F9B for ; Wed, 10 Feb 2016 15:24:58 -0800 (PST) Received: from localhost (p5798E6AB.dip0.t-ipconnect.de [87.152.230.171]) by mail.mugenguild.com (Postfix) with ESMTPSA id 61A085FC0A; Thu, 11 Feb 2016 00:24:56 +0100 (CET) Date: Thu, 11 Feb 2016 00:24:53 +0100 From: Vincent Breitmoser To: "Neal H. Walfield" Message-ID: <20160210232453.GA17127@littlepip.fritz.box> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <87egckbatw.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <87egckbatw.wl-neal@walfield.org> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Cc: Stephen Paul Weber , openpgp@ietf.org, ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 23:25:02 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Instead, you write your message using something like vi, encrypt it > from the command line, and then copy and paste the result into your > mail client. Then you are certain that your mail was encrypted and > that you don't accidentally send an unencrypted draft, etc. If you want to work around your e-mail client, how about an encrypted attachment? - V --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWu8bEAAoJEHvRgyDerfoRVMgP/RB9BQ9XQXSfnuUo+QJgZhgc SNFN4eTSgjj/7d9EhrUPyL2oJElztewb9GZgNqyJ7+KJv4o+WaU5O4KKTiFi2u6G 98QAr2/8UaETiB/lNL8+WyqJja0D6M6RumycoRmyFq2WbMqYaBAD0rNn5vcrpYEk vQnX/Q7rHQ1+hNn23usP+1Ui3EBuPm3yVEGZXG9TNQ5g2lt9s6ArpRrlBu9fpGdg 8Opuq/V26OcZoVAj1z/tu3XD/yXIib68SNpi/cE1xqf2XCh+sVDy2xRHPEUGqvNg 9wkrnmzbBifkAU8KzUlh2BfrvOe1eC2FhbjYeI1Knp8zsCG10ycjeomRIbCvdPkf RMeSNspz/05Eql47J6L4HUS5m4RbQELlh9pAzLvIVkLIMnA46IwH1WA1VPF/3cSx aXFn1OynhxFDJK97nFKV37erIoA0klTW49vsm89us3n6P/Nmk2rDRpLFbEoY+P8D je40la+2+dEi85PQgHbjSGTNbvVagTYq2Dr0IxQFOwQ7F5lbDIO/CVcZsfEwAueC 59adiwZ5RtJ0qovryljvS/lZlvj2qhr+BJ+LOUtdr9Q23h+8UTp65XtkVKpJ5pCB 4R/C+zBKl8P45MCkQQQTJaARuFWZYQNu/ZWJGIme/1U9GTTgE7hfqfHLZvj0bIF1 LRVJxTZX6msG6zu1Kqlk =RUzm -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7-- From nobody Wed Feb 10 15:33:34 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49A9E1A6FB8 for ; Wed, 10 Feb 2016 15:33:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.551 X-Spam-Level: X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RE7vQrZppvaP for ; Wed, 10 Feb 2016 15:33:32 -0800 (PST) Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 03F5F1A6FB4 for ; Wed, 10 Feb 2016 15:33:32 -0800 (PST) Received: from p50813b37.dip0.t-ipconnect.de ([80.129.59.55] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1aTeGE-00063i-75; Wed, 10 Feb 2016 23:33:26 +0000 Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aTeGC-0006wz-He; Thu, 11 Feb 2016 00:33:25 +0100 Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from ) id 1aTeGB-0004Ch-Db; Thu, 11 Feb 2016 00:33:23 +0100 Date: Thu, 11 Feb 2016 00:33:23 +0100 Message-ID: <87bn7ob0os.wl-neal@walfield.org> From: "Neal H. Walfield" To: Vincent Breitmoser In-Reply-To: <20160210232453.GA17127@littlepip.fritz.box> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <87egckbatw.wl-neal@walfield.org> <20160210232453.GA17127@littlepip.fritz.box> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 192.168.20.253 X-SA-Exim-Mail-From: neal@walfield.org X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000) X-SA-Exim-Scanned: Yes (on mail.huenfield.org) Archived-At: Cc: Stephen Paul Weber , openpgp@ietf.org, ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 23:33:33 -0000 Hi, On Thu, 11 Feb 2016 00:24:53 +0100, Vincent Breitmoser wrote: > > Instead, you write your message using something like vi, encrypt it > > from the command line, and then copy and paste the result into your > > mail client. Then you are certain that your mail was encrypted and > > that you don't accidentally send an unencrypted draft, etc. > > If you want to work around your e-mail client, how about an encrypted > attachment? As I responded to Stephen, I think copy and pasting is more robust. If you're still not convinced, then replace command line use of gpg with GPA (the GNU Privacy Assistant). GPA is a simple GUI that allows a user to write a message in a notepad-like editor, press encrypt and then copy and paste the message. As I understand it, there are some legitimately scared people who rely on GPA to prevent mistakes. Complicating the work flow by requiring them to save to disk and then load a file would be bad for them. :) Neal From nobody Wed Feb 10 15:40:01 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C199C1A6FD2 for ; Wed, 10 Feb 2016 15:39:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9PYXoto5oJ4P for ; Wed, 10 Feb 2016 15:39:59 -0800 (PST) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8A731A6FD1 for ; Wed, 10 Feb 2016 15:39:58 -0800 (PST) Received: from localhost (p5798E6AB.dip0.t-ipconnect.de [87.152.230.171]) by mail.mugenguild.com (Postfix) with ESMTPSA id C85B75FC0A; Thu, 11 Feb 2016 00:39:56 +0100 (CET) Date: Thu, 11 Feb 2016 00:39:53 +0100 From: Vincent Breitmoser To: "Neal H. Walfield" Message-ID: <20160210233953.GA29000@littlepip.fritz.box> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <87egckbatw.wl-neal@walfield.org> <20160210232453.GA17127@littlepip.fritz.box> <87bn7ob0os.wl-neal@walfield.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <87bn7ob0os.wl-neal@walfield.org> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2016 23:39:59 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > As I responded to Stephen, I think copy and pasting is more robust. Didn't see that mail until after I answered, sorry about that. - V --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWu8pJAAoJEHvRgyDerfoRX08P/3SPVrwwNA1x92Tqgp+ywvck vUcAVA/GhlBwyIP+e/nnp7j2EhsQVIJ047oK6RpqEywP41IvxJKFQNsAX6G6J9BK aEwzHYPKd3TQCSjaUF8lrLnZZu3sHVBFM4UOiqqU+/5cwOKIogycq3R7rWUt2wg2 x2lo7a/ST/Fh29LLdi5VQoyOQeksOvWv+B5x+JsagAQramKXeaK9xOEsARNu+0J9 USD3FsuzTLOVGLiTO2Pf2e4iPdRC1mc8FvstytnXl4gM447Mi16MoOtwaCBO6r2l +seeiN/3WGsnUcqp/t3XpfHA4/D5kU1elQKbdm5Mmc/tS3E6NVj50o4YFoyRXb+9 PIf+CdzhZBTGAX4+4Hye3Wgf4jcpONxObPG7CfcyXSyzkM167Sm+B4hDs1XgV5mt u2C7wG/bvjCxcHUGBapgZje8fVgosG7zrV4wUo5CENFH4YFy8OIGf9tJkMD2/qWA +Zsq19l/yDgk9slOIpR45DDOmBxXHD6eGszQCY7NksTnGuHFoj5wm2KdX2c/pr0G rXQfpNxooKZ22BawllF6hzzDwl8sbDVXTRtOoaGuyx8tfYfZ7FovwaLpj9WfFsyC LHiHr6aH8PvP3EZMV6xHmH1RfunNkw7WCkzKq/zHyIT8/9bc/I/63blZnbJ3e57b 9eIYP8aq9Yh0qV8bdDar =fiRq -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- From nobody Wed Feb 10 19:42:03 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9DFB1A8A3A for ; Wed, 10 Feb 2016 19:42:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GcsnXqTAOXz for ; Wed, 10 Feb 2016 19:41:58 -0800 (PST) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C32761A8A39 for ; Wed, 10 Feb 2016 19:41:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1455162118; x=1486698118; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=hcP4+UqpDyg5Tr5ihZdJftfb2uFxwwcxP3WRBDBxtBI=; b=y3sM7UVZpLC9TYLDGFjh0lIAMvYaw4COwv+hAegR5ikgb46aVfY0lf9J ONg9EgFVIcqLWYjEWZ8hs4ZLdpG3STllPVmy3XOT+mPSsmXUcG3bboS5o BVeEhgbxLeo9c3rxNeubhuPJTaNHEDt3vGkwTOihls4kEhYWPxQB2li9H yZpvCE1NbYE2Kc6ZcJMd/3mHM2h3tL3IVzThaXBYyXFIrmnX1lko+q6Hr vqDr0KTaKo92eTWDTpZhcj1n2yl5a+u1opL2e9GoNpexLmCiu57cgpEsY jSeO+ZlgYJy+VrtTtRgFzdDYJSM+xAwBuxadGyQlBYy7euf1gCRwTEgZf Q==; X-IronPort-AV: E=Sophos;i="5.22,429,1449486000"; d="scan'208";a="67332791" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe4.UoA.auckland.ac.nz) ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 11 Feb 2016 16:41:54 +1300 Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Thu, 11 Feb 2016 16:41:54 +1300 From: Peter Gutmann To: Stephen Paul Weber , ianG Thread-Topic: [openpgp] saltpack on OpenPGP message format problems Thread-Index: AQHRY+WcrCMKgX/VlESZgKvALMTRbp8kmFWAgAGbgEQ= Date: Thu, 11 Feb 2016 03:41:53 +0000 Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> References: <56BB0308.8020504@iang.org>, <20160210160641.GA3090@singpolyma-liberty> In-Reply-To: <20160210160641.GA3090@singpolyma-liberty> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: "openpgp@ietf.org" Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2016 03:42:01 -0000 Stephen Paul Weber writes:=0A= =0A= >Couldn't we just say "PGP is binary, encode however you like"? In email w= e=0A= >have transport encodings, and so do most other reasonable places. The onl= y=0A= >real use for ASCII armor anymore is in "clearsign" context when posting=0A= >a plain text file that contains the signature, etc.=0A= =0A= The "ASCII armoring" was written in order to, among other things, allow PGP= =0A= to traverse Fidonet systems running on MSDOS with 2400bps modems. That's = =0A= what it dates back to. It should have died a long, long time ago, we can = =0A= send pretty much any other binary-only format over pretty much any medium i= n =0A= a manner that's totally invisible to the user, there's no need to still =0A= retain it.=0A= =0A= Peter.=0A= From nobody Thu Feb 11 01:02:20 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2F9F1ACD81 for ; Thu, 11 Feb 2016 01:02:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0BAIRttdX3Ef for ; Thu, 11 Feb 2016 01:02:16 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B0E1ACD6D for ; Thu, 11 Feb 2016 01:02:15 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aTn8f-0001Zt-P7 for ; Thu, 11 Feb 2016 10:02:13 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aTn3k-0003fO-Sv; Thu, 11 Feb 2016 09:57:08 +0100 From: Werner Koch To: Peter Gutmann References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Peter Gutmann , Stephen Paul Weber , ianG , "openpgp\@ietf.org" Date: Thu, 11 Feb 2016 09:57:08 +0100 In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> (Peter Gutmann's message of "Thu, 11 Feb 2016 03:41:53 +0000") Message-ID: <87lh6rbp5n.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Stephen Paul Weber , "openpgp@ietf.org" , ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2016 09:02:18 -0000 On Thu, 11 Feb 2016 04:41, pgut001@cs.auckland.ac.nz said: > The "ASCII armoring" was written in order to, among other things, allow PGP > to traverse Fidonet systems running on MSDOS with 2400bps modems. That's Right. And that, along with the slower boxes we had back then, was the reason for the ASCII Armor's checksum. I am all in favor of dropping the requirement for that checksum. > what it dates back to. It should have died a long, long time ago, we can > send pretty much any other binary-only format over pretty much any > medium in That is not true. How do you want to paste binary data into a contact web form or a Git commit message? The OpenPGP Armor makes this really easy and, fwiw, X.509 uses a similar armoring technique. Of course you could argue that this should not be part of OpenPGP proper, but given 25 years of existence it would be surprising to factor this out to a different RFC. Regarding PGP/MIME, it might be worth to consider dropping the need for the ASCII armor in favor of standard MIME encoding. This would also help to sort out faulty PGP/MIME implementations. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Thu Feb 11 01:19:18 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB5C1ACDA2 for ; Thu, 11 Feb 2016 01:19:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6Y-AEcXdTCb for ; Thu, 11 Feb 2016 01:19:09 -0800 (PST) Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 339FB1ACD94 for ; Thu, 11 Feb 2016 01:19:09 -0800 (PST) Received: by mail-lb0-x22c.google.com with SMTP id cw1so24268155lbb.1 for ; Thu, 11 Feb 2016 01:19:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=XmqAZWMAcT0LJYwZt4pAh3uTAqTAJY4p/NmHqDtg7aA=; b=Tol3+4TElJKigOwEQ/3/egkHg++JnCUAEA5uo+/reRzYxTEmjV8fLA++k1Tx3d9RJo LcxJ6WmP8bJXrqKNtn9zvoRxR2I6Tcj/JcgH8PAVpGTv/1WcBQe9wPx2OCddepjjDSqX 5Abq0MI6cFVlv0Dt5zQ9oX3jHcX6Gjoj1UkQTAUmpqDXuek7vEAz10+UD4LB/dDv50+W uDysDNi0R/L/STcGyFHxeJwEAf0aLwBN+2YdTYkeGg/RLlF33QJevcjusrZiX8zeI/9Z auB8J2djZTfhr1U4bPfi78CCrAFm0ZRzo2pmY7xsSL5FS+AUVcm6AF2kPlVhXyHHf9aw 2eFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=XmqAZWMAcT0LJYwZt4pAh3uTAqTAJY4p/NmHqDtg7aA=; b=jZhSMrTB791lIIYCWs+asIYIml3/03vDVc3bSqWJzpsXHscOQawIINafJOsX7F41PL 8AV8RUQM5YfuyixBZjquo6levckH18lNv7FNYLDigeTeU8urMYFKXXZGPUylhTiXv9ON NWI3zhZzRj81GpmrFn5cp9mIBWwF1XMBNn0uxXLsw9eBukVLfSC+3ttQoZ1jN9IvY3Pm NqPsIOCwvJ6A/9RQkv3Prv8i6wHxNhJFgWLo0IimrK1xgKVlRcxsgdgOHYQM1pS6iGWb srZK8HoZpkXsfVhRVfzZYdzwn3GzpMdTLg04jO8byAugTIB8skiT2mwlGcXNkDzkjyG2 /06g== X-Gm-Message-State: AG10YOTxNJzqip+icRpYsYOHfH/4+SLy4wOltE0Ym3cNpp2Vdsy8hFWHksXJCD5uqOET0yrCUp0+UEZDko3Wog== MIME-Version: 1.0 X-Received: by 10.112.136.136 with SMTP id qa8mr18009465lbb.51.1455182346053; Thu, 11 Feb 2016 01:19:06 -0800 (PST) Sender: benlaurie@gmail.com Received: by 10.112.148.226 with HTTP; Thu, 11 Feb 2016 01:19:05 -0800 (PST) In-Reply-To: <56BB0308.8020504@iang.org> References: <56BB0308.8020504@iang.org> Date: Thu, 11 Feb 2016 09:19:05 +0000 X-Google-Sender-Auth: dPL0Ztn19MF1lCHiDwmAjaUL57k Message-ID: From: Ben Laurie To: ianG Content-Type: multipart/alternative; boundary=089e01183116d1f2f9052b7b0ad8 Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2016 09:19:12 -0000 --089e01183116d1f2f9052b7b0ad8 Content-Type: text/plain; charset=UTF-8 On 10 February 2016 at 09:29, ianG wrote: > In contrast, NaCl encryption authenticates the sender in a repudiable way. Really? How? I couldn't find any documentation for that. --089e01183116d1f2f9052b7b0ad8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

= On 10 February 2016 at 09:29, ianG <iang@iang.org> wrote:
In contrast, NaCl encryption authenticates the sender in a repudiable way.=

Really? How? I couldn't find any documentation for that.

--089e01183116d1f2f9052b7b0ad8-- From nobody Thu Feb 11 13:44:00 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 431291B3AE9 for ; Thu, 11 Feb 2016 13:43:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.321 X-Spam-Level: * X-Spam-Status: No, score=1.321 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nkHWRyXapCl for ; Thu, 11 Feb 2016 13:43:56 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F03F1B3AE5 for ; Thu, 11 Feb 2016 13:43:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 4A0B1E2036; Thu, 11 Feb 2016 16:43:53 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 17739-06; Thu, 11 Feb 2016 16:43:48 -0500 (EST) Received: from securerf.ihtfp.org (IHTFP-DHCP-159.IHTFP.ORG [192.168.248.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 6C230E2030; Thu, 11 Feb 2016 16:43:48 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1455227028; bh=bMiPjhK4H6X8H+4AEBVOYGUaj8b3PqiQY6TS9kIVWQE=; h=From:To:Cc:Subject:Date; b=KX6vP1eU3QEtAAkXqnNT+Mb9DKl/2Ao6X1/Mg4GwLr3uF0vrcCnzVZDN1aPge14Y0 vXGRNKbyQjATnZYd9Wt5zAOzlZMyxJKEjGFE6jCSC5QS7gxTVV9ia6P9TQLAnGAHF+ wtwDJSqXwAp6f8+hewGCcCp0SfNE0vmKokGykJHI= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id u1BLhlPd016407; Thu, 11 Feb 2016 16:43:47 -0500 From: Derek Atkins To: Werner Koch Date: Thu, 11 Feb 2016 16:43:47 -0500 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: openpgp@ietf.org Subject: [openpgp] Device Certificates for RFC4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2016 21:43:59 -0000 --=-=-= Content-Type: text/plain Hi, Over the past year or so I've posted several versions of draft-atkins-openpgp-device-certificates. It seemed to have general approval among the crowd and I received many good comments and suggested improvements. Then the working group opened up again and we started working on 4880bis. To that end, I took it upon myself to integrate the device-certificates into a patch to 4880bis markdown instead of leaving it as a standalone document. Please see the attached patch. -derek --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=4880bis.device-certs.diff Content-Description: Device Certs Patch >From ce8b2bf371348340df22c1f73f29cff2acf32c70 Mon Sep 17 00:00:00 2001 From: Derek Atkins Date: Thu, 11 Feb 2016 16:35:20 -0500 Subject: [PATCH] Integrate Device-Certificate Draft --- middle.mkd | 196 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 188 insertions(+), 8 deletions(-) diff --git a/middle.mkd b/middle.mkd index 80c0a61..2b41bb1 100644 --- a/middle.mkd +++ b/middle.mkd @@ -1317,6 +1317,75 @@ addresses. If there is a critical notation, the criticality applies to that specific notation and not to notations in general. +The following subsections define a set of standard notations. + +##### {5.2.3.16.1} The 'manu' Notation + +The "manu" notation is a string that declares the device +manufacturer's name. The certifier key is asserting this string +(which may or may not be related to the User ID of the certifier's +key). + +##### {5.2.3.16.2} The 'make' Notation + +This notation defines the product make. It is a free form string. + +##### {5.2.3.16.3} The 'model' Notation + +This notation defines the product model name/number. It is a free form string. + +##### {5.2.3.16.4} The 'prodid' Notation + +This notation contains the product identifier. It is a free form string. + +##### {5.2.3.16.5} The 'pvers' Notation + +This notation defines the product version number (which could be a +release number, year, or some other identifier to differentiate +different versions of the same make/model). It is a free form string. + +##### {5.2.3.16.6} The 'lot' Notation + +This notation defines the product lot number (which is an indicator of +the batch of product). It is a free form string. + +##### {5.2.3.16.7} The 'qty' Notation + +This notation defines the quantity of items in this package. It is a +decimal integer representation with no punctuation, e.g. "10", "1000", +"10000", etc. + +##### {5.2.3.16.8} The 'loc' and 'dest' Notations + +The "loc" and 'dest' notations declare a GeoLocation as defined by RFC +5870 [](#RFC5870) but without the leading "geo:" header. For example, +if you had a GeoLocation URI of "geo:13.4125,103.8667" you would +encode that in these notations as "13.4125,103.8667". + +The 'loc' notation is meant to encode the geo location where the +signature was made. The 'dest' notation is meant to encode the geo +location where the device is "destined" (i.e., a "destination" for the +device). + +##### {5.2.3.16.9} The 'hash' Notation + +A 'hash' notation is a means to include external data in the contents +of a signature without including the data itself. This is done by +hashing the external data separately and then including the data's +name and hash in the signature via this notation. This is useful, for +example, to have an external "manifest," "image," or other data that +might not be vital to the signature itself but still needs to be +protected and authenticated without requiring a second signature. + +The 'hash' notation has the following structure: +* A single byte specifying the length of the name of the hashed data +* A UTF-8 string of the name of the hashed data +* A single byte specifying the hash algorithm (see section 9.4) +* The binary hash output of the hashed data using the specified algorithm. (The length of this data is implicit based on the algorithm specified). + +Due to its nature a 'hash' notation is not human readable and MUST NOT +be marked as such when used. + #### {5.2.3.17} Key Server Preferences (N octets of flags) @@ -2123,10 +2192,16 @@ The header consists of: and is followed by the subpacket specific data. -The only currently defined subpacket type is 1, signifying an -image. An implementation SHOULD ignore any subpacket of a type that it -does not recognize. Subpacket types 100 through 110 are reserved for -private or experimental use. +The following table lists the currently known subpackets: + + Type Attribute Subpacket + ------- --------------------------------------------------------- + 1 Image Attribute Subpacket + [TBD1] User ID Attribute Subpacket + 100-110 Private/Experimental Use + +An implementation SHOULD ignore any subpacket of a type that it +does not recognize. ### {5.12.1} The Image Attribute Subpacket @@ -2159,6 +2234,22 @@ examination of the image data if it is unable to handle a particular version of the image header or if a specified encoding format value is not recognized. +### {5.12.2} User ID Attribute Subpacket + +A User ID Attribute subpacket has type #[IANA -- assignment TBD1]. + +A User ID Attribute subpacket, just like a User ID packet, consists of +UTF-8 text that is intended to represent the name and email address of +the key holder. By convention, it includes an RFC 2822 [](#RFC2822) +mail name-addr, but there are no restrictions on its content. For +devices using OpenPGP for device certificates, it may just be the +device identifier. The packet length in the header specifies the +length of the User ID. + +Because User Attribute subpackets can be used anywhere a User ID +packet can be used, implementations MAY choose to trust a signed User +Attribute subpacket that includes a User ID Attribute subpacket. + ## {5.13} Sym. Encrypted Integrity Protected Data Packet (Tag 18) The Symmetrically Encrypted Integrity Protected Data packet is a @@ -2897,6 +2988,13 @@ defining specification. The initial values for this registry can be found in Section 5.12. Adding a new User Attribute type MUST be done through the IETF CONSENSUS method, as described in [](#RFC2434). +This document requests that IANA register the User ID Attribute Type +found in Section 5.12.2: + + Value Attribute Reference + ----- --------- ---------- + TBD1 User ID This Document Section 5.12 + ### {10.2.1.1} Image Format Subpacket Types Within User Attribute packets, there is an extensible mechanism for @@ -2934,6 +3032,28 @@ registry can be found in Section 5.2.3.16. Adding a new Signature Notation Data subpacket MUST be done through the EXPERT REVIEW method, as described in [](#RFC2434). +This document requests IANA register the following Signature +Notatation Data types: + + Allowed Values Name Type Reference + -------------- ------- ------------ ---------------- + Any String manu Manufacturer Name This Doc Section 5.2.3.16.1 + Any String make Product Make This Doc Section 5.2.3.16.2 + Any String model Product Model This Doc Section 5.2.3.16.3 + Any String prodid Product ID This Doc Section 5.2.3.16.4 + Any String pvers Product Version This Doc Section 5.2.3.16.5 + Any String lot Product Lot Number This Doc Section 5.2.3.16.6 + Decimal Integer qty Package Quantity This Doc Section 5.2.3.16.7 + String + A geo: URI loc Current Geo- This Doc Section 5.2.3.16.8 + without the location + "geo:" Latitude/Longitude + A geo: URI dest Destination Geo- This Doc Section 5.2.3.16.8 + without the location + "geo:" Latitude/Longitude + Hash Notation hash The Hash of This Doc Section 5.2.3.16.9 + data external data + #### {10.2.2.2} Key Server Preference Extensions OpenPGP signatures contain a mechanism for preferences to be specified @@ -3059,7 +3179,7 @@ transferable public key are as follows: - Zero or more revocation signatures - - One or more User ID packets + - Zero or more User ID packets - After each User ID packet, zero or more Signature packets (certifications) @@ -3198,7 +3318,6 @@ of the primary key. Primary-Key [Revocation Self Signature] [Direct Key Signature...] - User ID [Signature ...] [User ID [Signature ...] ...] [User Attribute [Signature ...] ...] [[Subkey [Binding-Signature-Revocation] @@ -3213,8 +3332,19 @@ embedded primary key binding signature. In the above diagram, if the binding signature of a subkey has been revoked, the revoked key may be removed, leaving only one key. -In a V4 key, the primary key MUST be a key capable of -certification. The subkeys may be keys of any other type. There may be +In a V4 key, the primary key SHOULD be a key capable of +certification. There are cases, such as device certificates, where +the primary key may not be capable of certification. A primary key +capable of making signatures SHOULD be accompanied by either a +certification signature (on a User ID or User Attribute) or a +signature directly on the key. + +Implementations MUST accept encryption-only primary keys without a +signature. It also MUST allow importing any key accompanied either by +a certification signature or a signature on itself. It MAY accept +signature-capable primary keys without an accompanying signature. + +The subkeys may be keys of any other type. There may be other constructions of V4 keys, too. For example, there may be a single- key RSA key in V4 format, a DSA primary key with an RSA encryption key, or RSA primary key with an Elgamal subkey, etc. @@ -4135,6 +4265,56 @@ SHOULD be rejected. seek to eliminate any measurable distinction between the ECC point addition and doubling operations. +OpenPGP was designed with security in mind, with many smart, +intelligent people spending a lot of time thinking about the +ramifications of their decisions. Removing the requirement for +self-certifying User ID (and User Attribute) packets on a key means +that someone could surreptitiously add an unwanted ID to a key and +sign it. If enough "trusted" people sign that surreptitious identity +then other people might believe it. The attack could wind up sending +encrypted mail destined for alice to some other target, bob, because +someone added "alice" to bob's key without bob's consent. + +In the case of device certificates the device itself does not have any +consent. It is given an identity by the device manufacturer and the +manufacturer can insert that ID on the device certificate, signing it +with the manufacturer's key. If another people wants to label the +device by another name, they can do so. There is no harm in multiple +IDs, because the verification is all done based on who has signed +those IDs. + +When a key can self-sign, it is still suggested to self-certify IDs, +even if it no longer required by this modification to OpenPGP. This +at least signals to recipients of keys that yes, the owner of this key +asserts that this identity belongs to herself. Note, however, that +mallet could still assert that he is 'alice' and could even +self-certify that. So the attack is not truly different. Moreover, +in the case of device certificates, it's more the manufacturer than +the device that wants to assert an identity (even if the device could +self-certify). + +There is no signaling whether a key is using this looser-requirement +key format. An attacker could therefore just remove the +self-signature off a published key. However one would hope that wide +publication would result in another copy still having that signature +and it being returned quickly. However, the lack of signaling also +means that a user with an application following RFC 4880 directly +would see a key following this specification as "broken" and may not +accept it. + +On a different note, including the "geo" notation could leak +information about where a signer is located. However it is just an +assertion (albeit a signed assertion) so there is no verifiable truth +to the location information released. Similarly, all the rest of the +signature notations are pure assertions, so they should be taken with +the trustworthiness of the signer. + +Combining the User ID with the User Attribute means that an ID and +image would not be separable. For a person this is probably not good, +but for a device it's unlikely the image will change so it makes sense +to combine the ID and image into a single signed packet with a single +signature. + # Compatibility Profiles -- 2.5.0 --=-=-= Content-Type: text/plain -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant --=-=-=-- From nobody Fri Feb 12 00:17:20 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D741B419E for ; Fri, 12 Feb 2016 00:17:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2PDxvdyEpKb for ; Fri, 12 Feb 2016 00:17:16 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B0E1B419D for ; Fri, 12 Feb 2016 00:17:15 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aU8uf-0004jt-Ru for ; Fri, 12 Feb 2016 09:17:13 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aU8pS-00065x-FN; Fri, 12 Feb 2016 09:11:50 +0100 From: Werner Koch To: Derek Atkins References: Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Derek Atkins , openpgp@ietf.org Date: Fri, 12 Feb 2016 09:11:50 +0100 In-Reply-To: (Derek Atkins's message of "Thu, 11 Feb 2016 16:43:47 -0500") Message-ID: <8737sybb5l.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Device Certificates for RFC4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 08:17:18 -0000 On Thu, 11 Feb 2016 22:43, derek@ihtfp.com said: > +Implementations MUST accept encryption-only primary keys without a > +signature. It also MUST allow importing any key accompanied either by > +a certification signature or a signature on itself. It MAY accept > +signature-capable primary keys without an accompanying signature. Why do you want a MUST accept/import here? I think it would be better to relax it to SHOULD so that implementations which do not want to support operations on device certifications can still claim to be OpenPGP compliant. Having a need to support encryption only primary keys does not make sense to all implementations. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Fri Feb 12 04:32:05 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2071B44B9 for ; Fri, 12 Feb 2016 04:32:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.389 X-Spam-Level: X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4DLj2GqaeeT for ; Fri, 12 Feb 2016 04:32:01 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 983521B44C0 for ; Fri, 12 Feb 2016 04:32:01 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id D5170E2030; Fri, 12 Feb 2016 07:31:58 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 24176-10; Fri, 12 Feb 2016 07:31:55 -0500 (EST) Received: by mail2.ihtfp.org (Postfix, from userid 48) id 2D461E2036; Fri, 12 Feb 2016 07:31:55 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1455280315; bh=Tjl37f+WsL0hW8VzjGaxwIOtknyk/rCXk3REWv9yAc4=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=PjITWTDLbunbFHTWMDs37iJgS54ZFvuuiurfCsq24S6XCG+vOxw61u+ljLlcffUVU 99mHO4t58R6qsQ98begY/skUOFgE4DMDq3HFU/uqSKgNcSHO+hKlJgsVcqEYl6XKUg +lRQDFzgdCi068OarKoIXiRegaPG9vHFFN5Pvml4= Received: from 192.168.248.159 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Fri, 12 Feb 2016 07:31:55 -0500 Message-ID: <03fe2fe4a9bef61c569bb436a5303d40.squirrel@mail2.ihtfp.org> In-Reply-To: <8737sybb5l.fsf@vigenere.g10code.de> References: <8737sybb5l.fsf@vigenere.g10code.de> Date: Fri, 12 Feb 2016 07:31:55 -0500 From: "Derek Atkins" To: openpgp@ietf.org User-Agent: SquirrelMail/1.4.22-14.fc20 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: Werner Koch Subject: Re: [openpgp] Device Certificates for RFC4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 12:32:03 -0000 On Fri, February 12, 2016 3:11 am, Werner Koch wrote: > On Thu, 11 Feb 2016 22:43, derek@ihtfp.com said: > >> +Implementations MUST accept encryption-only primary keys without a >> +signature. It also MUST allow importing any key accompanied either by >> +a certification signature or a signature on itself. It MAY accept >> +signature-capable primary keys without an accompanying signature. > > Why do you want a MUST accept/import here? I think it would be better > to relax it to SHOULD so that implementations which do not want to > support operations on device certifications can still claim to be > OpenPGP compliant. Having a need to support encryption only primary > keys does not make sense to all implementations. OOPS. You are absolutely correct. This was an oversight when I did a cut-and-paste from my previous document. The MUST made sense when device certificates were a standalone document, but you're right that this should be a SHOULD now that it's integrated into 4880bis. Would you like an updated patch? Or just change it in your copy? Thanks, > > Shalom-Salam, > > Werner -derek > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Fri Feb 12 05:51:20 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 322091A00F9 for ; Fri, 12 Feb 2016 05:51:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BNnF90orjNrU for ; Fri, 12 Feb 2016 05:51:14 -0800 (PST) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104851A00FD for ; Fri, 12 Feb 2016 05:51:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1455285074; x=1486821074; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=aglYDygfIfpVGaBxXAtkj5PcLpAVCM/9pcsm6CUPnOY=; b=4Zq4e5xxXcIwLO+xuh6roj6j2P2r9EmBe8xcvXuAg/LhD/Y0ztczu+Ob G/F2dFaqyM4CcLTNsgVyuA19q1e0wPelHvgzBjPLDYtnoyKgt4NmpTnwG 5y8x3pJ3oJQ7E5UMrrzDsz/+BBEn4BwhnRyWunCS5Vrolq+NGYPSSxSmi N6BrwWka9z45Wo/a6H8hQx3Au2cPlC54iTK28bRBuhGkoRbvo8Vw9mIQh YqyafBY+nO6qBw33H2lTdWuUdCOEmAf8IPUQXwO+c0+1ZOjOlxg5YVPHi uYQO+q3KaxjX99J7GPV4KdWsaEFymU46iSn7SRbrSwhuz0XvZXgNh2PcB w==; X-IronPort-AV: E=Sophos;i="5.22,436,1449486000"; d="scan'208";a="67627147" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe4.UoA.auckland.ac.nz) ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 13 Feb 2016 02:51:12 +1300 Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Sat, 13 Feb 2016 02:51:12 +1300 From: Peter Gutmann To: Werner Koch Thread-Topic: [openpgp] saltpack on OpenPGP message format problems Thread-Index: AQHRZKovrCMKgX/VlESZgKvALMTRbp8ob3DK Date: Fri, 12 Feb 2016 13:51:11 +0000 Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz>, <87lh6rbp5n.fsf@vigenere.g10code.de> In-Reply-To: <87lh6rbp5n.fsf@vigenere.g10code.de> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: Stephen Paul Weber , "openpgp@ietf.org" , ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 13:51:19 -0000 Werner Koch writes:=0A= =0A= >How do you want to paste binary data into a contact web form or a Git comm= it=0A= >message? The OpenPGP Armor makes this really easy and, fwiw, X.509 uses a= =0A= >similar armoring technique.=0A= =0A= I dunno because that's not my area of expertise, but somehow every other=0A= software mechanism in existence has managed to get by without needing its o= wn=0A= custom "ASCII armoring" (is there anything other than PGP that does this?),= so=0A= I'm guessing it's a solved problem.=0A= =0A= >Regarding PGP/MIME, it might be worth to consider dropping the need for th= e=0A= >ASCII armor in favor of standard MIME encoding. This would also help to s= ort=0A= >out faulty PGP/MIME implementations.=0A= =0A= That would certainly help with usability, since 99.9% of the time it's=0A= completely redundant and better handled through other mechanisms.=0A= =0A= Peter.= From nobody Fri Feb 12 07:47:20 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 733161A1BCC for ; Fri, 12 Feb 2016 07:47:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YfE-H9E7nhZw for ; Fri, 12 Feb 2016 07:47:16 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B60691A1BBD for ; Fri, 12 Feb 2016 07:47:16 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aUFwA-0005QC-Gd for ; Fri, 12 Feb 2016 16:47:14 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aUFtb-00077r-AD; Fri, 12 Feb 2016 16:44:35 +0100 From: Werner Koch To: "Derek Atkins" References: <8737sybb5l.fsf@vigenere.g10code.de> <03fe2fe4a9bef61c569bb436a5303d40.squirrel@mail2.ihtfp.org> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Derek Atkins" , openpgp@ietf.org Date: Fri, 12 Feb 2016 16:44:34 +0100 In-Reply-To: <03fe2fe4a9bef61c569bb436a5303d40.squirrel@mail2.ihtfp.org> (Derek Atkins's message of "Fri, 12 Feb 2016 07:31:55 -0500") Message-ID: <87h9he7x25.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Device Certificates for RFC4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 15:47:18 -0000 On Fri, 12 Feb 2016 13:31, derek@ihtfp.com said: > Would you like an updated patch? Or just change it in your copy? I can change that easily. @list: Okay to add Derek's "Device Certificates for RFC4880bis" so that it will be part of the first RFC-4880bis I-D? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Fri Feb 12 07:52:25 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FFEF1A1BF3 for ; Fri, 12 Feb 2016 07:52:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NC7Q_5Go11qS for ; Fri, 12 Feb 2016 07:52:16 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 688D31A1BEF for ; Fri, 12 Feb 2016 07:52:16 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aUG10-0005S6-NL for ; Fri, 12 Feb 2016 16:52:14 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aUFwz-00078V-F5; Fri, 12 Feb 2016 16:48:05 +0100 From: Werner Koch To: Peter Gutmann References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> <87lh6rbp5n.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Peter Gutmann , Stephen Paul Weber , "openpgp\@ietf.org" , ianG Date: Fri, 12 Feb 2016 16:48:05 +0100 In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> (Peter Gutmann's message of "Fri, 12 Feb 2016 13:51:11 +0000") Message-ID: <87d1s27wwa.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: Stephen Paul Weber , "openpgp@ietf.org" , ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 15:52:22 -0000 On Fri, 12 Feb 2016 14:51, pgut001@cs.auckland.ac.nz said: > I dunno because that's not my area of expertise, but somehow every other > software mechanism in existence has managed to get by without needing its own > custom "ASCII armoring" (is there anything other than PGP that does this?), so X.509 and OpenSSL private key format is basically the same - except for the armor checksum. You also need that PEM format to paste a CSR into a CA's web form. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Fri Feb 12 09:06:59 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3641A7021 for ; Fri, 12 Feb 2016 09:06:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.389 X-Spam-Level: X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fecj5ICuXfDt for ; Fri, 12 Feb 2016 09:06:53 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 621901A701C for ; Fri, 12 Feb 2016 09:06:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 1E901E2036; Fri, 12 Feb 2016 12:06:21 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 26242-01; Fri, 12 Feb 2016 12:06:17 -0500 (EST) Received: from securerf.ihtfp.org (IHTFP-DHCP-159.IHTFP.ORG [192.168.248.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id D4E4BE2030; Fri, 12 Feb 2016 12:06:16 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1455296776; bh=h7oSP9IjOeZ28HMtqyGO5EouIdWEXHQt3e+Gw/17JVc=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=I3lDAZ5W+sLTDtnIhb19cG+20fbC4UBg1lsZOCQHQ+7M5rekGYRk/lYUZJI1QtOC3 l7n3fxfp4LgFmAhK5SaY7Ykf36HevDIHJEX8pSETM6xdoivle+8n9X/GrAVO8P+M+G K1I/glBt5nuhfHD4YpjR7MOzPX1+49vJzdixw/+Q= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id u1CH6FGa028819; Fri, 12 Feb 2016 12:06:15 -0500 From: Derek Atkins To: Peter Gutmann References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> <87lh6rbp5n.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> Date: Fri, 12 Feb 2016 12:06:15 -0500 In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> (Peter Gutmann's message of "Fri, 12 Feb 2016 13:51:11 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Cc: Stephen Paul Weber , Werner Koch , "openpgp@ietf.org" , ianG Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2016 17:06:54 -0000 Peter, Peter Gutmann writes: > Werner Koch writes: > >>How do you want to paste binary data into a contact web form or a Git commit >>message? The OpenPGP Armor makes this really easy and, fwiw, X.509 uses a >>similar armoring technique. > > I dunno because that's not my area of expertise, but somehow every other > software mechanism in existence has managed to get by without needing its own > custom "ASCII armoring" (is there anything other than PGP that does this?), so > I'm guessing it's a solved problem. The only thing custom about PGP's ASCII Armor is the extra CRC. I agree that can probably be dropped, except of course there's the backwards-compatibility issue. As others have mentioned, there are definitely reasons to keep *an* ascii armor format, especially for key/certificate transit (ala an x509 csr/crt submission/retrieval). >>Regarding PGP/MIME, it might be worth to consider dropping the need for the >>ASCII armor in favor of standard MIME encoding. This would also help to sort >>out faulty PGP/MIME implementations. > > That would certainly help with usability, since 99.9% of the time it's > completely redundant and better handled through other mechanisms. For messages I agree, it's redundant in most current situations. > Peter. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Sun Feb 14 09:24:43 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDB21B2A99 for ; Sun, 14 Feb 2016 09:24:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bq0nkejuwY6U for ; Sun, 14 Feb 2016 09:24:39 -0800 (PST) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 844E11B2A98 for ; Sun, 14 Feb 2016 09:24:39 -0800 (PST) Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id B0AC56D727; Sun, 14 Feb 2016 12:24:37 -0500 (EST) From: ianG To: openpgp@ietf.org Message-ID: <56C0B854.2060406@iang.org> Date: Sun, 14 Feb 2016 17:24:36 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------030202020303050103090209" Archived-At: Subject: [openpgp] ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Feb 2016 17:24:41 -0000 This is a multi-part message in MIME format. --------------030202020303050103090209 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit http://eprint.iacr.org/2016/129 h/t to zooko Cryptology ePrint Archive: Report 2016/129 *ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs* /Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer/ *Abstract:*We present the first physical side-channel attack on elliptic curve cryptography running on a PC. The attack targets the ECDH public-key encryption algorithm, as implemented in the latest version of GnuPG. By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall. The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, to achieve full key extraction. --------------030202020303050103090209 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit http://eprint.iacr.org/2016/129 h/t to zooko

Cryptology ePrint Archive: Report 2016/129

ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs

Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer

Abstract: We present the first physical side-channel attack on elliptic curve cryptography running on a PC. The attack targets the ECDH public-key encryption algorithm, as implemented in the latest version of GnuPG.

By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall. The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, to achieve full key extraction.


--------------030202020303050103090209-- From nobody Thu Feb 18 02:15:15 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1102B1B3C79 for ; Thu, 18 Feb 2016 02:15:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Au_bnJN2v3SP for ; Thu, 18 Feb 2016 02:15:11 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4AA1B3C77 for ; Thu, 18 Feb 2016 02:15:11 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1aWLc5-0005Br-BS for ; Thu, 18 Feb 2016 11:15:09 +0100 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1aWLW3-0005jC-7I; Thu, 18 Feb 2016 11:08:55 +0100 From: Werner Koch To: "Derek Atkins" References: <8737sybb5l.fsf@vigenere.g10code.de> <03fe2fe4a9bef61c569bb436a5303d40.squirrel@mail2.ihtfp.org> <87h9he7x25.fsf@vigenere.g10code.de> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Derek Atkins" , openpgp@ietf.org Date: Thu, 18 Feb 2016 11:08:55 +0100 In-Reply-To: <87h9he7x25.fsf@vigenere.g10code.de> (Werner Koch's message of "Fri, 12 Feb 2016 16:44:34 +0100") Message-ID: <871t8acoug.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] Device Certificates for RFC4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Feb 2016 10:15:14 -0000 On Fri, 12 Feb 2016 16:44, wk@gnupg.org said: > @list: Okay to add Derek's "Device Certificates for RFC4880bis" so that > it will be part of the first RFC-4880bis I-D? Silence means agreement ;-). commit 3c3120a02d7b44621f3a7361ef75bdb7b7ade259 Author: Derek Atkins Date: Thu Feb 11 16:35:20 2016 -0500 Integrate Device-Certificate Draft Changes from Derek's original draft (wk): - Change two MUST to SHOULD as agreed upon on the ML. - Remove new section numbers. The section numbers in curly braces are only used to refer the RFC-4880 section numbers. See Let me know if you want me to provide a formatted draft. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nobody Fri Feb 19 10:00:23 2016 Return-Path: X-Original-To: openpgp@ietf.org Delivered-To: openpgp@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 40BEF1A88F0; Fri, 19 Feb 2016 05:52:40 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Meeting Session Request Tool\"" To: X-Test-IDTracker: no X-IETF-IDTracker: 6.14.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20160219135240.24879.48860.idtracker@ietfa.amsl.com> Date: Fri, 19 Feb 2016 05:52:40 -0800 Archived-At: X-Mailman-Approved-At: Fri, 19 Feb 2016 10:00:21 -0800 Cc: openpgp-chairs@ietf.org, openpgp@ietf.org, dkg@fifthhorseman.net, stephen.farrell@cs.tcd.ie Subject: [openpgp] openpgp - New Meeting Session Request for IETF 95 X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2016 13:52:40 -0000 A new meeting session request has just been submitted by Daniel Kahn Gillmor, a Chair of the openpgp working group. --------------------------------------------------------- Working Group Name: Open Specification for Pretty Good Privacy Area Name: Security Area Session Requester: Daniel Kahn Gillmor Number of Sessions: 1 Length of Session(s): 1.5 Hours Number of Attendees: 30 Conflicts to Avoid: First Priority: tls dnsop hrpc Second Priority: dprive trans dhc Third Priority: acme tcpinc Special Requests: --------------------------------------------------------- From nobody Sun Feb 21 09:03:38 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D121A8837 for ; Sun, 21 Feb 2016 09:03:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ooQwHCU4EKd3 for ; Sun, 21 Feb 2016 09:03:35 -0800 (PST) Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AAA81A8830 for ; Sun, 21 Feb 2016 09:03:35 -0800 (PST) Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id DD8CA6D728; Sun, 21 Feb 2016 12:03:33 -0500 (EST) To: openpgp@ietf.org References: <56BB0308.8020504@iang.org> <20160210160641.GA3090@singpolyma-liberty> <9A043F3CF02CD34C8E74AC1594475C73F4BED18C@uxcn10-5.UoA.auckland.ac.nz> <87lh6rbp5n.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4BEE527@uxcn10-5.UoA.auckland.ac.nz> From: ianG Message-ID: <56C9EDE4.2020009@iang.org> Date: Sun, 21 Feb 2016 17:03:32 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [openpgp] saltpack on OpenPGP message format problems X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2016 17:03:37 -0000 On 12/02/2016 17:06 pm, Derek Atkins wrote: > As others have mentioned, there are > definitely reasons to keep *an* ascii armor format, especially for > key/certificate transit (ala an x509 csr/crt submission/retrieval). An additional use is the signature in cleartext signed documents, and incorporating the keys into cleartext signed documents so that they carry the documents can carry own PKI. iang ps; personal bias - above pattern is what I do, and/or was a key requirement for my work - but I'm not arguing to keep it for personal reasons as I moved away from using OpenPGP for this purpose some time ago. From nobody Tue Feb 23 09:36:51 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E73D1ACE22 for ; Tue, 23 Feb 2016 09:36:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcUWFTgooFQ6 for ; Tue, 23 Feb 2016 09:36:47 -0800 (PST) Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927F81AC439 for ; Tue, 23 Feb 2016 09:36:47 -0800 (PST) Received: by mail-pa0-x22b.google.com with SMTP id fl4so113781017pad.0 for ; Tue, 23 Feb 2016 09:36:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=h6AHTkHXoSiHfqwxpE+a8ZBhy4kgJPUECDcEA0L3tmg=; b=0MUwdf01Oi2STDsrRvPlirkYC4ZlETtO1qbfox8Mj6ptlfMKW5XLvdejs8bgF6qbxi K3wW1oMF4I5t6sIkJAZjlSBdQSbyXTVDZYw+0SVHC57dD0HvgCtkxVDbz/542fKt8iv8 4Tkz6CXggavExvQjmkfRtvwGcD9XpeJnb9iUXZFcm2uYSZLTrKbxZu9v7m9CmsWLCLub EkCObvfrnqgv94EVPpvbXbG74f/XBW/LIuFvh77MvrlZhV/os4OGUgNJAOD0DoHsB8yr U7mkE8Yi/KuNhAMIy1+ZUa3tQsoWI3NajZdPnxUA+TEAHTpRtIJRHGLKJO8aVnlFKJMB +iYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=h6AHTkHXoSiHfqwxpE+a8ZBhy4kgJPUECDcEA0L3tmg=; b=UWRB/w6wdMwzNDDlnZYhlSRVwV+K9Ys6vx+gw7+/ITvL+aSB1vkBLVprjQvT+b7KHy OTwh52ZGbBtFBxh8CH9N7EzV7On5s2UzbJngUwYkoOVlXeHJThZCssdU9gRkXrSb13W6 fIQuBgxuqe0jKBAafH5aKV2n6kezo3Wvwl/uiGfOS6g3bshPHbdrjPA0D22keNfNpdlV RGAe8Uss7bWbHSZznCfaRbOjy8Bq/jD9xTRkb7009YwRG0OSbpL9FXuv7anYjl0ZBEiD i7Mzi9CGWLc6vFpxuKG3Isuy+YflBLqg4qZwxJldU0HmvIQIh6W6F+OzSf/iVRivMrzU sL5w== X-Gm-Message-State: AG10YOT+Kn9EMg3lOXcnVU5OY6RcNzfD+iruehVjGZrMq0jrn+ND/U5Q60m8ePGmxTOgWA== X-Received: by 10.66.226.238 with SMTP id rv14mr48012920pac.41.1456249007169; Tue, 23 Feb 2016 09:36:47 -0800 (PST) Received: from [172.25.0.204] (rrcs-67-52-140-5.west.biz.rr.com. [67.52.140.5]) by smtp.gmail.com with ESMTPSA id 144sm45523366pfa.83.2016.02.23.09.36.45 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Feb 2016 09:36:45 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_A0F2AEC1-F6F9-45DB-B784-00470668A61F"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Bryan Ford In-Reply-To: <56BBB13B.3000507@googlemail.com> Date: Tue, 23 Feb 2016 09:36:44 -0800 Message-Id: <6CC794D8-3BE2-454C-A53B-AAA67E2DE84D@gmail.com> References: <87twp91d8r.fsf@alice.fifthhorseman.net> <3A98EA92-0C2F-46A7-8D06-880FC83CB110@gmail.com> <56BBB13B.3000507@googlemail.com> To: Nils Durner X-Mailer: Apple Mail (2.3112) Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] [Cfrg] streamable AEAD construct for stored data? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Feb 2016 17:36:49 -0000 --Apple-Mail=_A0F2AEC1-F6F9-45DB-B784-00470668A61F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On Feb 10, 2016, at 1:52 PM, Nils Durner wrote: > Hi, >=20 >> To be clear, there are two separate use-cases, each of which make >> sense without the other and require different technical solutions = (but >> could also make sense together): >>=20 >> 1. Streaming-mode integrity protection: >>=20 >> [...] >>=20 >> To achieve goal #1 properly, it appears that what we need is not only >> a MAC per chunk but a signature per chunk. >=20 > Different ideas: >=20 > 1. asymmetrically encrypt and sign the MAC key, make this a new packet > type to be prepended to the symmetrically encrypted data By this, do you mean just write one asymmetrically encrypted-and-signed = MAC key at the beginning of the stream, followed by a bunch of records = that are only MAC-authenticated with that symmetric key? =20 This would appear insecure to me, at least in the case the stream is = encrypted to two or more recipients. Say Alice signs-and-encrypts a = stream to Bob and Charlie. Bob takes Alice=E2=80=99s = encrypted-and-signed MAC key record, then uses the same MAC key to = construct a completely different stream of actual content (all of whose = MAC records verify just fine) and sends it to Charlie, claiming that = it=E2=80=99s from Alice. Maybe this is only a problem in the two-or-more-receivers case, but even = if so it makes me nervous. If PGP had a reputable, non-signing = sender-authentication mode for 2-party communication only, then it might = make sense for an asymmetric =E2=80=9Crepudiable authentication = record=E2=80=9D to be followed by a stream of MAC-authenticated records. = But that seems like a fairly different protocol (or at least a fairly = different mode). > 2. derive the MAC key from the symmetric encryption key, sign it (but > do not store it) and make this a new packet type to be prepended > (thus saving the asymmetric encryption from #1) > 3. use an authenticating sym cipher mode with intermediate > authentication tags, with the symmetric key asymmetrically signed > (like #2) Assuming I=E2=80=99m correctly understanding that in cases #2 and #3 = also just have one asymmetric record at the beginning of the stream, it = seems like the same considerations apply as with #1. Perhaps OK for = 2-party repudiable authentication, but not if we need to retain the = signed-message semantics that PGP currently provides especially in the = multiple-receiver case. Cheers Bryan --Apple-Mail=_A0F2AEC1-F6F9-45DB-B784-00470668A61F Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ+DCCBK8w ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW 51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7 BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK 2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7 mzCCBUEwggQpoAMCAQICEBalm03EcGSFWgbYcpp5puowDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNV BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xNTA2MjQwMDAwMDBaFw0xNjA2 MjMyMzU5NTlaMCYxJDAiBgkqhkiG9w0BCQEWFWJyeW5vc2F1cnVzQGdtYWlsLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMA89U5ktW7a1k5qjaiycbEbBjLucLdRfzKh5us59o1a Qi0iRQfo1BEq6rG4MTvXburjxUdzuTCaDgOJ+g6PFKNfJP5H2lH962EXCNeJYKOwhpZtwVzpfsPV 8iKw7XjPwPiW4E7Ut7M1UHoN57yUy60/047gyYpZirf4lpv1G//cFcLKIMNB/GGK5YXNlBNalvMY Z/CK1yo8cf3s83gI4KGGE65RL1i3WpAFjwaffp5V6kp3PdiIXuKL8kO2HWID/McrynKKb46ARFzC joiV2qHn27LQiMwBwoDUxzfgCAxAl0uWaFgBqLmcws4lCIXN8jIHp6CNLKKyHHXWukv/EqUCAwEA AaOCAfMwggHvMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBSlca2J DhGBY+vVSOfJ1I+3I9NqLzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BT MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGA MFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRB dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wIAYDVR0RBBkwF4EVYnJ5bm9zYXVydXNAZ21haWwuY29tMA0GCSqGSIb3 DQEBCwUAA4IBAQAMNIE1FhYCtEA9JMwLoNKtQ4hZDcnUKYRcRihDhAHIKSTJtFQKBchp1MBTCP4P 1lfgdDHG+06Rv65VAKfBsjqMZmPQylvsxZg5kPJ5BPVgShQxGl5RSlMN3qLDcSbQt/6uPv9U+Vgq 8StMI6fIRSbbPwyKyZyM8gUnxR34dxzJ+mSGi0kdtUE36FIabTeXtjFVXN/2jDOrsvm8IHlp8nJM 23nHuqUsJyyIYFbaRKhApoMAzC5gynlg6APV2hz/JYlKSJABwpxZjYAtpyz5rQVIi2pPWs2Te2cd faykisGAOu/7nJtlcEGMCSd61tM43matZPa3MuBiko8kuzj0RMigMYIDwzCCA78CAQEwgbAwgZsx CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZv cmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQFqWbTcRwZIVaBthymnmm 6jAJBgUrDgMCGgUAoIIB5zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjAyMjMxNzM2NDRaMCMGCSqGSIb3DQEJBDEWBBQ5RPMUnfKpsVC+dxFsQsp1adv0DTCBwQYJ KwYBBAGCNxAEMYGzMIGwMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwg Q0ECEBalm03EcGSFWgbYcpp5puowgcMGCyqGSIb3DQEJEAILMYGzoIGwMIGbMQswCQYDVQQGEwJH QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK ExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEBalm03EcGSFWgbYcpp5puowDQYJKoZIhvcN AQEBBQAEggEAZb6Sb0wp/CGZX/st4wZ3WWN9T63sMoeIKq/MLIMEX5KoO/9rj0/s5TdvMWrWJ6UI s5wdFgM6kLwt/k2/FrWrTlw2lh2SuYVaV4PS2xFdu8LXpYDvQN+B+GrAt4bx1rBDEyIjRoTrmleQ NZUudHL7xK1tErJEV/g8h6zI7eRZyjrzqfjfUJxeCBXoarJacBKTkq8zLp4YjSVJYhhMw15dKYx+ TxRHuaVAR/GyiVRN09JWNJvLYo7pj3rjzLZIawgBF5GQRBMYLX0AfTqcFOUkTGFcONav/ceRfCEU UGDNIq+SyFZLuvM6pLC2dxgX6HPEePs/xRzKmW5CC8fhTitZMAAAAAAAAA== --Apple-Mail=_A0F2AEC1-F6F9-45DB-B784-00470668A61F-- From nobody Fri Feb 26 05:51:43 2016 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45BB61A1BA7 for ; Fri, 26 Feb 2016 05:51:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.999 X-Spam-Level: X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id md62txMLY9fx for ; Fri, 26 Feb 2016 05:51:40 -0800 (PST) Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 585171A1BA4 for ; Fri, 26 Feb 2016 05:51:40 -0800 (PST) Received: by mail-qk0-x22e.google.com with SMTP id x1so31776917qkc.1 for ; Fri, 26 Feb 2016 05:51:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=ADrf2eiLCxCBgCYsZHewUm8nsGniED9tEGAKc3SWjwE=; b=l2rqQp2qqJ39fSdpBHjA7iycsWB3iuLTztdLg4bepne7zcxzds6Ymc99dTT5vAnOQc szcpVMIzL7R5aowbMSeFL4iA7QPrt+a7wEJ6P1nY1tj79aPs/50lRR3hBV5mqBOV/GoO Jje8cb+x4reLFQOrviXH2ZOzr2fUTFr4Df3GZyjbTBvuVlgfZuclv8KaBAdCnX/lR9vD RilJpBTo2cOusBssNq0328rYmdCDUHxrfXdiNU3y7x0Nl/rJ1TQMRLWTyYqCfYpiFZXf ILRWjl1r/FSwIDTL15J/MvlOf08wq1slmZqLqEM0U3iDdouBDzkCHcbtM55S9l5Nflxa yGMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ADrf2eiLCxCBgCYsZHewUm8nsGniED9tEGAKc3SWjwE=; b=hTDEf7XRO763FWLSwBmaDcVBwbYb4PjqK4KObUftLhotdsh+HFA4vGzhb6lwMoGrIg Hlu1DUYmhqnEC2lEQB9ly+eqkcL9+0BJ7JOtTBeKS/W9loHQovLySNNw7x+rzxhEJU2O Op4NLeM4Z6PgCmp2zAFMAN/sGprCm17uAk+GV4skCWGtIEwhX4R74DTf0zH5Y9YLiZrp YlIkSkdQgAYBkQCZgIrFnYm4UynKX0wUVjfiMloWDIlPXLYtq3u33sCmhs3VBOPe9G6g VcH3ppFBJiotSYjFeDrDIuriKgcPX3fyMkWJQHHfdpI7aCPNRUCp0R3f2S+e8xELgrnO SeTw== X-Gm-Message-State: AD7BkJI9Qi7vQURwOILcVRE7cqAqYGmgmS/3cMEmxxVb4WICrJdN7afiTovqSZ6iChYROg== X-Received: by 10.55.82.85 with SMTP id g82mr1942470qkb.107.1456494699534; Fri, 26 Feb 2016 05:51:39 -0800 (PST) Received: from [10.0.0.200] (173-9-75-145-NewEngland.hfc.comcastbusiness.net. [173.9.75.145]) by smtp.gmail.com with ESMTPSA id n35sm5350663qgn.10.2016.02.26.05.51.38 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 26 Feb 2016 05:51:38 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_18834A69-CACF-4138-9C5B-770A3B0B9E08"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Bryan Ford In-Reply-To: <6CC794D8-3BE2-454C-A53B-AAA67E2DE84D@gmail.com> Date: Fri, 26 Feb 2016 08:51:47 -0500 Message-Id: <17F4B1B2-F2E4-441D-9B2E-066293FBD860@gmail.com> References: <87twp91d8r.fsf@alice.fifthhorseman.net> <3A98EA92-0C2F-46A7-8D06-880FC83CB110@gmail.com> <56BBB13B.3000507@googlemail.com> <6CC794D8-3BE2-454C-A53B-AAA67E2DE84D@gmail.com> To: Nils Durner X-Mailer: Apple Mail (2.3112) Archived-At: Cc: openpgp@ietf.org Subject: Re: [openpgp] [Cfrg] streamable AEAD construct for stored data? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2016 13:51:42 -0000 --Apple-Mail=_18834A69-CACF-4138-9C5B-770A3B0B9E08 Content-Type: multipart/alternative; boundary="Apple-Mail=_D2AAFB2D-86A3-436D-8FB7-D04897D4AD7D" --Apple-Mail=_D2AAFB2D-86A3-436D-8FB7-D04897D4AD7D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 P.S. Wherever =E2=80=98reputable=E2=80=99 appears in the message below = that should have said =E2=80=98repudiable=E2=80=99. Thanks Apple for = spelling auto-corrections that completely obliterate the technical = meaning of sentences=E2=80=A6 :( On Feb 23, 2016, at 12:36 PM, Bryan Ford wrote: > On Feb 10, 2016, at 1:52 PM, Nils Durner > wrote: >> Hi, >>=20 >>> To be clear, there are two separate use-cases, each of which make >>> sense without the other and require different technical solutions = (but >>> could also make sense together): >>>=20 >>> 1. Streaming-mode integrity protection: >>>=20 >>> [...] >>>=20 >>> To achieve goal #1 properly, it appears that what we need is not = only >>> a MAC per chunk but a signature per chunk. >>=20 >> Different ideas: >>=20 >> 1. asymmetrically encrypt and sign the MAC key, make this a new = packet >> type to be prepended to the symmetrically encrypted data >=20 > By this, do you mean just write one asymmetrically = encrypted-and-signed MAC key at the beginning of the stream, followed by = a bunch of records that are only MAC-authenticated with that symmetric = key? =20 >=20 > This would appear insecure to me, at least in the case the stream is = encrypted to two or more recipients. Say Alice signs-and-encrypts a = stream to Bob and Charlie. Bob takes Alice=E2=80=99s = encrypted-and-signed MAC key record, then uses the same MAC key to = construct a completely different stream of actual content (all of whose = MAC records verify just fine) and sends it to Charlie, claiming that = it=E2=80=99s from Alice. >=20 > Maybe this is only a problem in the two-or-more-receivers case, but = even if so it makes me nervous. If PGP had a reputable, non-signing = sender-authentication mode for 2-party communication only, then it might = make sense for an asymmetric =E2=80=9Crepudiable authentication = record=E2=80=9D to be followed by a stream of MAC-authenticated records. = But that seems like a fairly different protocol (or at least a fairly = different mode). >=20 >> 2. derive the MAC key from the symmetric encryption key, sign it (but >> do not store it) and make this a new packet type to be prepended >> (thus saving the asymmetric encryption from #1) >> 3. use an authenticating sym cipher mode with intermediate >> authentication tags, with the symmetric key asymmetrically signed >> (like #2) >=20 > Assuming I=E2=80=99m correctly understanding that in cases #2 and #3 = also just have one asymmetric record at the beginning of the stream, it = seems like the same considerations apply as with #1. Perhaps OK for = 2-party repudiable authentication, but not if we need to retain the = signed-message semantics that PGP currently provides especially in the = multiple-receiver case. >=20 > Cheers > Bryan --Apple-Mail=_D2AAFB2D-86A3-436D-8FB7-D04897D4AD7D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
P.S. Wherever =E2=80=98reputable=E2=80=99 = appears in the message below that should have said =E2=80=98repudiable=E2=80= =99.  Thanks Apple for spelling auto-corrections that completely = obliterate the technical meaning of sentences=E2=80=A6 :(

On Feb 23, 2016, at 12:36 PM, Bryan Ford = <brynosaurus@gmail.com> wrote:
On Feb 10, 2016, at = 1:52 PM, Nils Durner <ndurner@googlemail.com> wrote:
Hi,

To be clear, there are two separate use-cases, each of which = make
sense without the other and require different = technical solutions (but
could also make sense = together):

1. Streaming-mode integrity = protection:

[...]

To achieve goal #1 properly, it appears that what we need is = not only
a MAC per chunk but a signature per chunk.

Different ideas:

1. asymmetrically encrypt and sign the MAC key, make this a = new packet
  type to be prepended to the = symmetrically encrypted data

By this, do you mean just = write one asymmetrically encrypted-and-signed MAC key at the beginning = of the stream, followed by a bunch of records that are only = MAC-authenticated with that symmetric key?  

This would appear insecure to me, at = least in the case the stream is encrypted to two or more recipients. =  Say Alice signs-and-encrypts a stream to Bob and Charlie. =  Bob takes Alice=E2=80=99s encrypted-and-signed MAC key record, = then uses the same MAC key to construct a completely different stream of = actual content (all of whose MAC records verify just fine) and sends it = to Charlie, claiming that it=E2=80=99s from Alice.

Maybe this is only a problem in the = two-or-more-receivers case, but even if so it makes me nervous.  If = PGP had a reputable, non-signing sender-authentication mode for 2-party = communication only, then it might make sense for an asymmetric = =E2=80=9Crepudiable authentication record=E2=80=9D to be followed by a = stream of MAC-authenticated records. But that seems like a fairly = different protocol (or at least a fairly different mode).

2. = derive the MAC key from the symmetric encryption key, sign it (but
  do not store it) and make this a new packet type = to be prepended
  (thus saving the asymmetric = encryption from #1)
3. use an authenticating sym cipher = mode with intermediate
  authentication tags, = with the symmetric key asymmetrically signed
  (like #2)

Assuming I=E2=80=99m = correctly understanding that in cases #2 and #3 also just have one = asymmetric record at the beginning of the stream, it seems like the same = considerations apply as with #1.  Perhaps OK for 2-party repudiable = authentication, but not if we need to retain the signed-message = semantics that PGP currently provides especially in the = multiple-receiver case.

Cheers
Bryan

= --Apple-Mail=_D2AAFB2D-86A3-436D-8FB7-D04897D4AD7D-- --Apple-Mail=_18834A69-CACF-4138-9C5B-770A3B0B9E08 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ+DCCBK8w ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW 51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7 BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK 2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7 mzCCBUEwggQpoAMCAQICEBalm03EcGSFWgbYcpp5puowDQYJKoZIhvcNAQELBQAwgZsxCzAJBgNV BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xNTA2MjQwMDAwMDBaFw0xNjA2 MjMyMzU5NTlaMCYxJDAiBgkqhkiG9w0BCQEWFWJyeW5vc2F1cnVzQGdtYWlsLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMA89U5ktW7a1k5qjaiycbEbBjLucLdRfzKh5us59o1a Qi0iRQfo1BEq6rG4MTvXburjxUdzuTCaDgOJ+g6PFKNfJP5H2lH962EXCNeJYKOwhpZtwVzpfsPV 8iKw7XjPwPiW4E7Ut7M1UHoN57yUy60/047gyYpZirf4lpv1G//cFcLKIMNB/GGK5YXNlBNalvMY Z/CK1yo8cf3s83gI4KGGE65RL1i3WpAFjwaffp5V6kp3PdiIXuKL8kO2HWID/McrynKKb46ARFzC joiV2qHn27LQiMwBwoDUxzfgCAxAl0uWaFgBqLmcws4lCIXN8jIHp6CNLKKyHHXWukv/EqUCAwEA AaOCAfMwggHvMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBSlca2J DhGBY+vVSOfJ1I+3I9NqLzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BT MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGA MFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRB dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wIAYDVR0RBBkwF4EVYnJ5bm9zYXVydXNAZ21haWwuY29tMA0GCSqGSIb3 DQEBCwUAA4IBAQAMNIE1FhYCtEA9JMwLoNKtQ4hZDcnUKYRcRihDhAHIKSTJtFQKBchp1MBTCP4P 1lfgdDHG+06Rv65VAKfBsjqMZmPQylvsxZg5kPJ5BPVgShQxGl5RSlMN3qLDcSbQt/6uPv9U+Vgq 8StMI6fIRSbbPwyKyZyM8gUnxR34dxzJ+mSGi0kdtUE36FIabTeXtjFVXN/2jDOrsvm8IHlp8nJM 23nHuqUsJyyIYFbaRKhApoMAzC5gynlg6APV2hz/JYlKSJABwpxZjYAtpyz5rQVIi2pPWs2Te2cd faykisGAOu/7nJtlcEGMCSd61tM43matZPa3MuBiko8kuzj0RMigMYIDwzCCA78CAQEwgbAwgZsx CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZv cmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQFqWbTcRwZIVaBthymnmm 6jAJBgUrDgMCGgUAoIIB5zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjAyMjYxMzUxNDhaMCMGCSqGSIb3DQEJBDEWBBTPO4LrjGwqKaqjF30KeD1OPb0D+zCBwQYJ KwYBBAGCNxAEMYGzMIGwMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwg Q0ECEBalm03EcGSFWgbYcpp5puowgcMGCyqGSIb3DQEJEAILMYGzoIGwMIGbMQswCQYDVQQGEwJH QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK ExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEBalm03EcGSFWgbYcpp5puowDQYJKoZIhvcN AQEBBQAEggEAr5NFAQUK05vQHc3gAT7Wk9HDJOBDQ73Bckm+oFFx30wUCap2y2pSsgeWxqNqpUm9 Jy+Scwn6DjRY/Gw+sHTsJ7JphoS+rkhDPQVelbZqgIPS/1L5uRvN6cCQaV7hOpPLHqKWaGy2rYhb CMXFtDUCVB/5D9ds15axsWsBHWM+lZTPXTkkZLLl/cfS27QxxVmd8e3fVeAvrAQiGFuposqoQJSO H+1CjMbFY/skGqEaYKCKRIx8ziOZSD3Cp5DYYITsDo21VnwRSsaPSw1wOu2XHR7mDJOh2r/n1tp5 hlGmKVqbToJ6W+6Jt535i0d2wxDyUSCkGJpvhGI0HUt9htKlEwAAAAAAAA== --Apple-Mail=_18834A69-CACF-4138-9C5B-770A3B0B9E08--