From opsec-bounces@ietf.org  Thu Jan  1 10:35:31 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 7C1993A6977;
	Thu,  1 Jan 2009 10:35:31 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id AE4223A6977
	for <opsec@core3.amsl.com>; Thu,  1 Jan 2009 10:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5eiLXFx-2nkj for <opsec@core3.amsl.com>;
	Thu,  1 Jan 2009 10:35:30 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id 9CA6B3A65A5
	for <opsec@ietf.org>; Thu,  1 Jan 2009 10:35:29 -0800 (PST)
Received: from [192.168.11.143] (c-67-171-158-173.hsd1.wa.comcast.net
	[67.171.158.173]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n01IZEuc009242
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Thu, 1 Jan 2009 18:35:15 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <495D0CE3.5020301@bogus.com>
Date: Thu, 01 Jan 2009 10:35:15 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.18 (X11/20081119)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8825/Thu Jan 1 14:56:46 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] Request for opions on accepting
 draft-gont-opsec-ip-security-01 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

I trust everyone had a eventful new year and I hope that for the sake of
our industry the next six months doesn't look worse than the previous
six months.

Working from the the action items it's time to test consensus on accepting;

draft-gont-opsec-ip-security-01

http://tools.ietf.org/html/draft-gont-opsec-ip-security-01

as a working group document.

Commentary will be accepted through Friday January 9th.

Thanks
Joel
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Thu Jan  1 10:37:59 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id B0C903A6972;
	Thu,  1 Jan 2009 10:37:59 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 13CF43A65A5
	for <opsec@core3.amsl.com>; Thu,  1 Jan 2009 10:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.399, 
	BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ETSMROE1tzMo for <opsec@core3.amsl.com>;
	Thu,  1 Jan 2009 10:37:57 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id C11023A6972
	for <opsec@ietf.org>; Thu,  1 Jan 2009 10:37:56 -0800 (PST)
Received: from [192.168.11.143] (c-67-171-158-173.hsd1.wa.comcast.net
	[67.171.158.173]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n01IbgvR009260
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Thu, 1 Jan 2009 18:37:43 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <495D0D77.3000204@bogus.com>
Date: Thu, 01 Jan 2009 10:37:43 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.18 (X11/20081119)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8825/Thu Jan 1 14:56:46 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] Request for opinions on accepting
 draft-kumari-blackhole-urpf-02 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

I trust everyone had a eventful new year and I hope that for the sake of
our industry the next six months doesn't look worse than the previous
six months.

Working from the the action items it's time to test consensus on accepting;

draft-kumari-blackhole-urpf-02

http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02

as a working group document.

Commentary will be accepted through Friday January 9th.

Thanks
Joel


_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Thu Jan  1 11:05:32 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id D56A53A6ABC;
	Thu,  1 Jan 2009 11:05:32 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 8D91F3A6ABC
	for <opsec@core3.amsl.com>; Thu,  1 Jan 2009 11:05:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.400, 
	BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lxv3Z+330lAY for <opsec@core3.amsl.com>;
	Thu,  1 Jan 2009 11:05:30 -0800 (PST)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29])
	by core3.amsl.com (Postfix) with ESMTP id B97923A6ABA
	for <opsec@ietf.org>; Thu,  1 Jan 2009 11:05:30 -0800 (PST)
Received: by yw-out-2324.google.com with SMTP id 3so2737655ywj.49
	for <opsec@ietf.org>; Thu, 01 Jan 2009 11:05:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender
	:to:subject:cc:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references
	:x-google-sender-auth;
	bh=FICv+kTRWAxhywjLRPvq3HI8h2Cc6LfAjmoRfRbrPFo=;
	b=rnJynFV72w++WXsbth446KIAjGte3JNPggiUhH7xsj7g9FYMrWBIZc0ObT07IR4ozh
	J2UC0Fou0SWVemsOU6IG/846X9QOwMeOZOIRMXb3yRawJKWkThcUQWHgeXK3SZBsMiQ7
	CPTwmSRRYIbP/ww8yrCeTv0LtaF0Y0KKSw5sQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references:x-google-sender-auth;
	b=MJwsCihQhzXT/fjmhb89Nd1UQiznrVvxZW1igxSPH0hq65PuTIHrYjz4VfMaK9Xu+j
	UYpzhK9GQXccVvG2yjqsTOUhL6TSiZCC0qh9EdmF5sozKnLWuAg0rrzopZ4uw7Ae9zD7
	izbidHOizQLXMQWJHg/8nnsAXVfLzYvtS6qas=
Received: by 10.100.251.8 with SMTP id y8mr9513158anh.16.1230836718653;
	Thu, 01 Jan 2009 11:05:18 -0800 (PST)
Received: by 10.100.38.12 with HTTP; Thu, 1 Jan 2009 11:05:18 -0800 (PST)
Message-ID: <75cb24520901011105n6459ec6k519218bde24258d@mail.gmail.com>
Date: Thu, 1 Jan 2009 14:05:18 -0500
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: "Joel Jaeggli" <joelja@bogus.com>
In-Reply-To: <495D0D77.3000204@bogus.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <495D0D77.3000204@bogus.com>
X-Google-Sender-Auth: 93f1d8c3a13eab3b
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] Request for opinions on accepting
	draft-kumari-blackhole-urpf-02 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

accept, as was the general feeling in the WG meeting (as I recall)

On Thu, Jan 1, 2009 at 1:37 PM, Joel Jaeggli <joelja@bogus.com> wrote:
> I trust everyone had a eventful new year and I hope that for the sake of
> our industry the next six months doesn't look worse than the previous
> six months.
>
> Working from the the action items it's time to test consensus on accepting;
>
> draft-kumari-blackhole-urpf-02
>
> http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
>
> as a working group document.
>
> Commentary will be accepted through Friday January 9th.
>
> Thanks
> Joel
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Fri Jan  2 00:26:47 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 3FC7B3A6AF4;
	Fri,  2 Jan 2009 00:26:47 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 48E603A689E
	for <opsec@core3.amsl.com>; Fri,  2 Jan 2009 00:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.400, 
	BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id r7obwsQBAUjV for <opsec@core3.amsl.com>;
	Fri,  2 Jan 2009 00:26:45 -0800 (PST)
Received: from sudnp799.qwest.com (sudnp799.qwest.com [155.70.32.99])
	by core3.amsl.com (Postfix) with ESMTP id 7EAE73A6AF4
	for <opsec@ietf.org>; Fri,  2 Jan 2009 00:26:45 -0800 (PST)
Received: from suomp61i.qintra.com (suomp61i.qintra.com [151.117.69.28])
	by sudnp799.qwest.com (8.14.0/8.14.0) with ESMTP id n028QNDO026364;
	Fri, 2 Jan 2009 01:26:23 -0700 (MST)
Received: from ITDENE2KSM01.AD.QINTRA.COM (localhost [127.0.0.1])
	by suomp61i.qintra.com (8.14.0/8.14.0) with ESMTP id n028QGjS026443;
	Fri, 2 Jan 2009 02:26:18 -0600 (CST)
Received: from qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) by
	ITDENE2KSM01.AD.QINTRA.COM with Microsoft SMTPSVC(6.0.3790.1830); 
	Fri, 2 Jan 2009 01:26:17 -0700
Received: from qtdenexhtm21.AD.QINTRA.COM (151.119.91.230) by
	qtdenexhtm20.AD.QINTRA.COM (151.119.91.229) with Microsoft SMTP Server
	(TLS) id 8.1.291.1; Fri, 2 Jan 2009 01:26:16 -0700
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by
	qtdenexhtm21.AD.QINTRA.COM ([151.119.91.230]) with mapi; Fri, 2 Jan 2009
	01:26:16 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, Joel Jaeggli
	<joelja@bogus.com>
Content-Class: urn:content-classes:message
Date: Fri, 2 Jan 2009 01:26:09 -0700
Thread-Topic: [OPSEC] Request for opinions on
	acceptingdraft-kumari-blackhole-urpf-02 as a working group document
Thread-Index: AclsQ+XgHB9CXTGWQeGGGh/5dczBdwAb6QYaAAAOb9U=
Message-ID: <A6C3E27A-ECD3-445E-9108-2D715E3E066F@mimectl>
References: <495D0D77.3000204@bogus.com>,
	<75cb24520901011105n6459ec6k519218bde24258d@mail.gmail.com>
In-Reply-To: <75cb24520901011105n6459ec6k519218bde24258d@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
x-mimectl: Produced By Microsoft Exchange V8.1.240.3
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Jan 2009 08:26:17.0041 (UTC)
	FILETIME=[C8319C10:01C96CB3]
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] Request for opinions on
 acceptingdraft-kumari-blackhole-urpf-02 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Accept, In my opinion this is a worthwhile effort.

Donald.Smith@qwest.com<mailto:Donald.Smith@qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: opsec-bounces@ietf.org [opsec-bounces@ietf.org] On Behalf Of Christopher Morrow [morrowc.lists@gmail.com]
Sent: Thursday, January 01, 2009 12:05 PM
To: Joel Jaeggli
Cc: opsec wg mailing list
Subject: Re: [OPSEC] Request for opinions on acceptingdraft-kumari-blackhole-urpf-02 as a working group document

accept, as was the general feeling in the WG meeting (as I recall)

On Thu, Jan 1, 2009 at 1:37 PM, Joel Jaeggli <joelja@bogus.com> wrote:
> I trust everyone had a eventful new year and I hope that for the sake of
> our industry the next six months doesn't look worse than the previous
> six months.
>
> Working from the the action items it's time to test consensus on accepting;
>
> draft-kumari-blackhole-urpf-02
>
> http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
>
> as a working group document.
>
> Commentary will be accepted through Friday January 9th.
>
> Thanks
> Joel
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Fri Jan  2 00:28:02 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 77EA53A6AF6;
	Fri,  2 Jan 2009 00:28:02 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 59AA63A6AF6
	for <opsec@core3.amsl.com>; Fri,  2 Jan 2009 00:28:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level: 
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[AWL=0.200, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4yfw3KJFHr+B for <opsec@core3.amsl.com>;
	Fri,  2 Jan 2009 00:28:00 -0800 (PST)
Received: from sudnp799.qwest.com (sudnp799.qwest.com [155.70.32.99])
	by core3.amsl.com (Postfix) with ESMTP id 7C74D3A6AF4
	for <opsec@ietf.org>; Fri,  2 Jan 2009 00:28:00 -0800 (PST)
Received: from sudnp796.qintra.com (sudnp796.qintra.com [151.116.2.212])
	by sudnp799.qwest.com (8.14.0/8.14.0) with ESMTP id n028RjgV026414;
	Fri, 2 Jan 2009 01:27:45 -0700 (MST)
Received: from ITDENE2KSM01.AD.QINTRA.COM (localhost [127.0.0.1])
	by sudnp796.qintra.com (8.14.0/8.14.0) with ESMTP id n028RdhW022428;
	Fri, 2 Jan 2009 01:27:39 -0700 (MST)
Received: from qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) by
	ITDENE2KSM01.AD.QINTRA.COM with Microsoft SMTPSVC(6.0.3790.1830); 
	Fri, 2 Jan 2009 01:27:39 -0700
Received: from qtdenexhtm21.AD.QINTRA.COM (151.119.91.230) by
	qtdenexhtm20.AD.QINTRA.COM (151.119.91.229) with Microsoft SMTP Server
	(TLS) id 8.1.291.1; Fri, 2 Jan 2009 01:27:39 -0700
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by
	qtdenexhtm21.AD.QINTRA.COM ([151.119.91.230]) with mapi; Fri, 2 Jan 2009
	01:27:39 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: Joel Jaeggli <joelja@bogus.com>, opsec wg mailing list <opsec@ietf.org>
Content-Class: urn:content-classes:message
Date: Fri, 2 Jan 2009 01:27:32 -0700
Thread-Topic: [OPSEC] Request for opions on
	acceptingdraft-gont-opsec-ip-security-01 as a working group document
Thread-Index: AclsQdivQC3iby/ZQdmNPfXMoLzSUQAcgKPQAAAGiVU=
Message-ID: <2C073F97-E07C-4F00-A15A-1EEFB4B00259@mimectl>
References: <495D0CE3.5020301@bogus.com>
In-Reply-To: <495D0CE3.5020301@bogus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
x-mimectl: Produced By Microsoft Exchange V8.1.240.3
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Jan 2009 08:27:39.0965 (UTC)
	FILETIME=[F99ECED0:01C96CB3]
Subject: Re: [OPSEC] Request for opions on
 acceptingdraft-gont-opsec-ip-security-01 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

This too has a lot of potential value.
I think we need to finalize the format etc... as most of the comments so far have been around the format (not the actual content).


Donald.Smith@qwest.com<mailto:Donald.Smith@qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: opsec-bounces@ietf.org [opsec-bounces@ietf.org] On Behalf Of Joel Jaeggli [joelja@bogus.com]
Sent: Thursday, January 01, 2009 11:35 AM
To: opsec wg mailing list
Subject: [OPSEC] Request for opions on acceptingdraft-gont-opsec-ip-security-01 as a working group document

I trust everyone had a eventful new year and I hope that for the sake of
our industry the next six months doesn't look worse than the previous
six months.

Working from the the action items it's time to test consensus on accepting;

draft-gont-opsec-ip-security-01

http://tools.ietf.org/html/draft-gont-opsec-ip-security-01

as a working group document.

Commentary will be accepted through Friday January 9th.

Thanks
Joel
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Fri Jan  2 11:27:56 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id C52653A68DA;
	Fri,  2 Jan 2009 11:27:56 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 00D773A6A11
	for <opsec@core3.amsl.com>; Fri,  2 Jan 2009 11:25:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.119
X-Spam-Level: 
X-Spam-Status: No, score=-1.119 tagged_above=-999 required=5 tests=[AWL=0.681, 
	BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9n0lhLdwC6+A for <opsec@core3.amsl.com>;
	Fri,  2 Jan 2009 11:25:02 -0800 (PST)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by core3.amsl.com (Postfix) with ESMTP id 5A8F23A69A4
	for <opsec@ietf.org>; Fri,  2 Jan 2009 11:25:02 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1098)
	id 817D21A3C39; Fri,  2 Jan 2009 11:24:50 -0800 (PST)
Date: Fri, 2 Jan 2009 11:24:50 -0800
From: bill fumerola <billf@mu.org>
To: Joel Jaeggli <joelja@bogus.com>
Message-ID: <20090102192450.GR71246@elvis.mu.org>
References: <495D0D77.3000204@bogus.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <495D0D77.3000204@bogus.com>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 6.4-MUORG-20081227 amd64
X-PGP-DEAD-Key: 1024D/7F868268
X-PGP-DEAD-Fingerprint: 5B2D 908E 4C2B F253 DAEB  FC01 8436 B70B 7F86 8268
X-PGP-Key: 1024D/AE9EB579
X-PGP-Fingerprint: 2E51 E3DE 2C52 C84D 750F  8ADE 1F18 67FB AE9E B579
OpenPGP: id=AE9EB579
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] Request for opinions on accepting
	draft-kumari-blackhole-urpf-02 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

On Thu, Jan 01, 2009 at 10:37:43AM -0800, Joel Jaeggli wrote:
> Working from the the action items it's time to test consensus on accepting;
> 
> draft-kumari-blackhole-urpf-02
> 
> http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
> 
> as a working group document.
> 

accept, willing to review.

-- bill
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Mon Jan  5 06:54:17 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 698113A68C1;
	Mon,  5 Jan 2009 06:54:17 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 003123A68DB
	for <opsec@core3.amsl.com>; Mon,  5 Jan 2009 06:54:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level: 
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5
	tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_16=0.6]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lwKxIVKhJJn8 for <opsec@core3.amsl.com>;
	Mon,  5 Jan 2009 06:54:15 -0800 (PST)
Received: from vms173001pub.verizon.net (vms173001pub.verizon.net
	[206.46.173.1]) by core3.amsl.com (Postfix) with ESMTP id 191813A6359
	for <opsec@ietf.org>; Mon,  5 Jan 2009 06:54:15 -0800 (PST)
Received: from [10.30.20.71] ([70.104.193.39]) by vms173001.mailsrvcs.net
	(Sun Java System Messaging Server 6.2-6.01 (built Apr  3 2006))
	with ESMTPA id <0KD000GF26PH8DK2@vms173001.mailsrvcs.net> for
	opsec@ietf.org; Mon, 05 Jan 2009 08:53:45 -0600 (CST)
Date: Mon, 05 Jan 2009 09:53:40 -0500
From: RJ Atkinson <rja@extremenetworks.com>
To: opsec@ietf.org
Message-id: <40937CD0-A3E4-453C-9756-CCFBBCFFE12C@extremenetworks.com>
MIME-version: 1.0 (Apple Message framework v930.3)
X-Mailer: Apple Mail (2.930.3)
References: <45c8c21a0901050600n9ab3ae4l81e1abc146035b83@mail.gmail.com>
Subject: [OPSEC] 2006 Paper on HMAC MD5/SHA attacks
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

> http://eprint.iacr.org/2006/319.pdf

Rich Graveman shared the above URL with me just now.
I encourage everyone to read the original document.
This is the extended version of a paper that appeared
in Asiacrypt 2006.[1]

The abstract from the paper reads:
	In this paper we analyze the security of HMAC and NMAC,
	both of which are hash-based message authentication codes.
	We present distinguishing, forgery, and partial key
	recovery attacks on HMAC and NMAC using collisions
	of MD4, MD5, SHA-0, and reduced SHA-1.  Our results
	demonstrate that the strength of a cryptographic
	scheme can be greatly weakened by the insecurity of
	the underlying hash function.

Note that as this paper is a refereed research paper,
it uses terms more precisely than the IETF sometimes
does.  In particular, the word "attack" has a precise
meaning that a function has less cryptographic strength
than previously expected, not that the function has
zero strength.

For example, please see Table 1, which characterises
the work required, O(number of compute operations),
to execute a particular kind of attack for a particular
construction and hash function.

Please also see Section 1.4 of the paper, which says
in part:
   The attacks presented in this paper do not imply any
   immediate practical threat to implementations of HMAC-MD5
   or HMAC-SHA1.  However, our attacks on HMAC-MD4 may not
   be out of range of some adversaries, and therefore it
   should no longer be used in practice.

Kindly note that the paper does not analyse the Keyed-Hash
mode of operation for any algorithm.

I am continuing to scout the published literature
to see what else might be relevant.  As I find other
papers, I'll try to share either URLs or formal citations
for them here.

Cheers,

Ran
rja@extremenetworks.com


[1] http://eprint.iacr.org/2006/319



_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Mon Jan  5 11:53:05 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 928523A6A12;
	Mon,  5 Jan 2009 11:53:05 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id AD6353A66B4
	for <opsec@core3.amsl.com>; Mon,  5 Jan 2009 11:53:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level: 
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 0mgkpw9-JOjw for <opsec@core3.amsl.com>;
	Mon,  5 Jan 2009 11:53:03 -0800 (PST)
Received: from vms042pub.verizon.net (vms042pub.verizon.net [206.46.252.42])
	by core3.amsl.com (Postfix) with ESMTP id 07A1C3A692A
	for <opsec@ietf.org>; Mon,  5 Jan 2009 11:53:03 -0800 (PST)
Received: from [10.30.20.71] ([70.104.193.39])
	by vms042.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01
	(built Apr
	3 2006)) with ESMTPA id <0KD0001B1KJBO3Z3@vms042.mailsrvcs.net> for
	opsec@ietf.org; Mon, 05 Jan 2009 13:52:28 -0600 (CST)
Date: Mon, 05 Jan 2009 14:52:23 -0500
From: RJ Atkinson <rja@extremenetworks.com>
To: opsec@ietf.org
Message-id: <C02E353E-5FDB-4AEB-985E-F49AB4FE1B39@extremenetworks.com>
MIME-version: 1.0 (Apple Message framework v930.3)
X-Mailer: Apple Mail (2.930.3)
References: <5F8E31B0-CD96-4ED1-83FD-883F0AD78657@cisco.com>
Subject: [OPSEC] Fwd: attacks on keyed-hash constructions
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

OPsec Folks,

David McGrew just posted a helpful note, with references,
to several other IETF/IRTF lists, partly in response to
a query I had made.

Here is a URL to his note:
    <http://www.ietf.org/mail-archive/web/saag/current/msg02428.html>

In the meantime, I have found a couple of papers that might be
relevant (likely some overlap with the ones that he cited in
his note above).  I'll try to post references and a short
summary of what they seem to say after I get a chance to read them.

So I think we're making some headway over time towards having
scientific data for the WG to evaluate.

Cheers,

Ran
rja@extremenetworks.com


_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Tue Jan  6 05:48:05 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 244103A6A32;
	Tue,  6 Jan 2009 05:48:05 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id BDAD43A6975
	for <opsec@core3.amsl.com>; Tue,  6 Jan 2009 05:48:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.157
X-Spam-Level: 
X-Spam-Status: No, score=-2.157 tagged_above=-999 required=5
	tests=[AWL=-0.357, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4ZIp7HzK3MN5 for <opsec@core3.amsl.com>;
	Tue,  6 Jan 2009 05:48:03 -0800 (PST)
Received: from vms173003pub.verizon.net (vms173003pub.verizon.net
	[206.46.173.3]) by core3.amsl.com (Postfix) with ESMTP id 1907B3A6768
	for <opsec@ietf.org>; Tue,  6 Jan 2009 05:48:03 -0800 (PST)
Received: from [10.30.20.71] ([70.104.193.39]) by vms173003.mailsrvcs.net
	(Sun Java System Messaging Server 6.2-6.01 (built Apr  3 2006))
	with ESMTPA id <0KD1007W7YBE8VU7@vms173003.mailsrvcs.net> for
	opsec@ietf.org; Tue, 06 Jan 2009 07:47:43 -0600 (CST)
Date: Tue, 06 Jan 2009 08:47:38 -0500
From: RJ Atkinson <rja@extremenetworks.com>
To: opsec@ietf.org
Message-id: <970C8DD8-0979-4721-B3D2-78FD2FC2D543@extremenetworks.com>
MIME-version: 1.0 (Apple Message framework v930.3)
X-Mailer: Apple Mail (2.930.3)
Subject: [OPSEC] IRTF CFRG & analysis of cryptographic considerations
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hi,

It turns out that a number of other IETF WGs have been facing
the same issues about cryptographic recommendations that arose
here.

As of yesterday, it seems that a set of folks will be analysing
the cryptographic considerations, including the most recent
published literature, and putting together a document summarising
the current state of things.

David McGrew, co-chair of the IRTF CFRG, is organising this,
and will be one of the reviewers for this document.

So my suggestion is that the OPsec WG defer questions of
cryptographic recommendations for now, waiting until the
document sponsored by the IRTF CFRG can be put together
and reviewed by the CFRG folks.

Cheers,

Ran
rja@extremenetworks.com


REFERENCES:

Selected IETF Security Area list notes on this topic:
	<http://www.ietf.org/mail-archive/web/saag/current/msg02373.html>
	<http://www.ietf.org/mail-archive/web/saag/current/msg02382.html>
	<http://www.ietf.org/mail-archive/web/saag/current/msg02430.html>
	<http://www.ietf.org/mail-archive/web/saag/current/msg02431.html>
	<http://www.ietf.org/mail-archive/web/saag/current/msg02435.html>
	<http://www.ietf.org/mail-archive/web/saag/current/msg02436.html>

IRTF CFRG:
	http://www.irtf.org/charter?gtype=rg&group=cfrg
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Tue Jan  6 13:37:22 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 5F0063A6893;
	Tue,  6 Jan 2009 13:37:22 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 4C9DA3A692F
	for <opsec@core3.amsl.com>; Tue,  6 Jan 2009 12:19:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.7
X-Spam-Level: **
X-Spam-Status: No, score=2.7 tagged_above=-999 required=5
	tests=[BAYES_50=0.001, EXTRA_MPART_TYPE=1, HELO_EQ_AU=0.377,
	HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id TNuHur1JmIBD for <opsec@core3.amsl.com>;
	Tue,  6 Jan 2009 12:19:35 -0800 (PST)
Received: from office.quarkgroup.com.au (office.quarkgroup.com.au
	[203.206.170.99])
	by core3.amsl.com (Postfix) with ESMTP id 833BE3A6900
	for <opsec@ietf.org>; Tue,  6 Jan 2009 12:19:34 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 7 Jan 2009 06:19:20 +1000
Message-ID: <69D384433B57A14D837F7EC9760895F7360F2D@sbs.QuarkGroup.local>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: Operational Security Capabilities for IP Network Infrastructure
Thread-Index: AclwPA7RlhXc7aSqQ+GpD21q4B0e0g==
From: "Quark IT - Hilton Travis" <Hilton@QuarkIT.com.au>
To: <opsec@ietf.org>
X-Mailman-Approved-At: Tue, 06 Jan 2009 13:37:21 -0800
Subject: [OPSEC] Operational Security Capabilities for IP Network
	Infrastructure
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1373078374=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

This is a multi-part message in MIME format.

--===============1373078374==
Content-class: urn:content-classes:message
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----_=_NextPart_001_01C9703C.0F2ADC24"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C9703C.0F2ADC24
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_002_01C9703C.0F2ADC24"


------_=_NextPart_002_01C9703C.0F2ADC24
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

G'day,

=20

I'd like to add my $0.02 to the "yes, this should be accepted as a
Working Group item" side.

=20

Many of the current TCP/IP specifications were designed over two decades
ago (or based on those designs) and since then, there has been a great
number of vulnerabilities found in those specifications and/or the code
designed to comply with those specifications.  Two major issues right
now are that were someone to design a new product based on the current
RFCs, this product would be both insecure and incompatible with a number
of current products that were keeping up to date with the lists of
amendments to these protocols that haven't been accepted and published
as RFCs.  Basically, the RFCs are starting to lag behind the times and
become, well, whilst not irrelevant, at least not as complete as they
once were.

=20

Bringing the RFCs up to date with current accepted security standards is
something that will greatly increase the benefit of these RFCs to both
current and future designers of protocols and products based around
these protocols and also provide a single port of call for people
needing to confirm that their protocol implementations are based on
latest accepted practice.

=20

http://hiltont.blogspot.com/ <http://hiltont.blogspot.com/>=20

Regards,

  <http://www.quarkit.com.au/>=20

War doesn't determine who is right. War determines who is left.

This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which=20
must not be disclosed or distributed.

Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark IT


------_=_NextPart_002_01C9703C.0F2ADC24
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
 xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/parttopart" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsig-setup" =
xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsig" =
xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/2006/digital-sig=
nature" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
 =
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" =
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/=
" =
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortalServer/Pub=
lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns:st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0cm;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-AU link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>G&#8217;day,<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>I&#8217;d like to add my $0.02 to the &#8220;yes, =
this
should be accepted as a Working Group item&#8221; side.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Many of the current TCP/IP specifications were =
designed over
two decades ago (or based on those designs) and since then, there has =
been a
great number of vulnerabilities found in those specifications and/or the =
code
designed to comply with those specifications.&nbsp; Two major issues =
right now are
that were someone to design a new product based on the current RFCs, =
this
product would be both insecure and incompatible with a number of current
products that were keeping up to date with the lists of amendments to =
these
protocols that haven&#8217;t been accepted and published as RFCs.&nbsp; =
Basically,
the RFCs are starting to lag behind the times and become, well, whilst =
not
irrelevant, at least not as complete as they once were.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Bringing the RFCs up to date with current accepted =
security
standards is something that will greatly increase the benefit of these =
RFCs to
both current and future designers of protocols and products based around =
these
protocols and also provide a single port of call for people needing to =
confirm
that their protocol implementations are based on latest accepted =
practice.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'><a
href=3D"http://hiltont.blogspot.com/"><span =
style=3D'color:blue'>http://hiltont.blogspot.com/</span></a><o:p></o:p></=
span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New =
Roman","serif"'>Regards,<o:p></o:p></span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href=3D"http://www.quarkit.com.au/"><span =
style=3D'font-size:12.0pt;font-family:
"Times New Roman","serif";color:windowtext;text-decoration:none'><img =
border=3D0
width=3D465 height=3D164 id=3D"_x0000_i1025" =
src=3D"cid:image001.jpg@01C9708E.265E7000"
alt=3D"Hilton Travis, Manager, Quark IT =
http://www.QuarkIT.com.au/"></span></a><span
style=3D'font-size:12.0pt;font-family:"Times New =
Roman","serif"'><o:p></o:p></span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'>War =
doesn't
determine who is right. War determines who is =
left.<o:p></o:p></span></p>

</div>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'>This =
document
and any attachments are for the intended recipient only.<br>
It may contain confidential, privileged or copyright material which <br>
must not be disclosed or distributed.<br>
<br>
Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark =
IT</span><o:p></o:p></p>

</div>

</body>

</html>

------_=_NextPart_002_01C9703C.0F2ADC24--

------_=_NextPart_001_01C9703C.0F2ADC24
Content-Type: image/jpeg;
	name="image001.jpg"
Content-Transfer-Encoding: base64
Content-ID: <image001.jpg@01C9708E.265E7000>
Content-Description: image001.jpg
Content-Location: image001.jpg

/9j/4AAQSkZJRgABAQEAyADIAAD/4QGGRXhpZgAASUkqAAgAAAAFABoBBQABAAAASgAAABsBBQAB
AAAAUgAAACgBAwABAAAAAgAREDEBAgAQAAAAWgAAAGmHBAABAAAAagAAAAAAAADIAAAAAQAAAMgA
AAABAAAAUGFpbnQuTkVUIHYzLjM1AAEAhpICAAEBAAB8AAAAAAAAACMA/ggwDgQJmA4ECQAPBAkI
EQQJcBEECdgRBAlAEgQJqBIECRATBAl4EwQJ4BMECUgUBAmwFAQJGBUECYAVBAnoFQQJUBYECbgW
BAkgFwQJiBcECfAXBAlYGAQJwBgECSgZBAmQGQQJ+BkECWAaBAnIGgQJMBsECZgbBAkAHAQJaBwE
CdAcBAk4HQQJoB0ECQgeBAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAP/bAEMAAwICAwICAwMDAwQDAwQFCAUFBAQFCgcHBggMCgwMCwoLCw0OEhAN
DhEOCwsQFhARExQVFRUMDxcYFhQYEhQVFP/bAEMBAwQEBQQFCQUFCRQNCw0UFBQUFBQUFBQUFBQU
FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFP/AABEIAKQB0QMBIgACEQEDEQH/
xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMA
BBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVG
R0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0
tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEB
AQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2Fx
EyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZ
WmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TF
xsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APzhk165Ez/6v7zf
wU0a9d/9M/8Aviqs8IWVzn+KoNyhuma+tp4zn6nUsLh5fDBGtD4jvoZVkQRbgdw/d1tWHinWbht4
jjZR/wBMK5SK6dCuwCugsPFt5YoscaJtHtXq4erza87PHx2Dhyfu6SbNuXxlrSLtEUecf8+9UrK9
8S6xcCCysJLyY9I4LUu3/fK19DfBr4YxX+gDxl8RJxonhePmOFV2z3n+yq1teKf2z7/wrbnSfhZo
en+DdJT5BdRwJJdy/wC0zsvFepUhPlTbPgKWY03XnhsPhlNrd9E/X9D55vfAvxKtbXzrnwjq0UOM
75NMdV/9BrlJdT1i0do5LTynHVXgwwr2h/20PjPbXHnr4z1GXn7sjKV/7527a1B+19/wmqra/Efw
lpuvxn5f7RsYVtrxP9rcPlauaK5naUrHte0xlOHOsLGa7J2f4ngK+ItUX/lgn/fmmza3fycvFH/3
6r2bxR4Qh1zSpdb+Hl+mvWCDfLYOm27tv95O4/2lrxa41y+eRklXay/Ky7fu06sHS3Z15diqWPu4
Ukmt09GvVWv+j6EX/CQ3af8ALOFf+2dPXxLedAtv/wB+1qrLNJN1iVqrFXU/6vbXE5NdT6aGHoT+
KmjpdF8c6lo9z5tultuI2lWgVlrpk+K2uzQ/LBZf9+VrzaLzW6R10WmyyOFxDG23+Fjtrqo1qmyb
PDzHLsH8bppskuNb1iSRpXig+c54iG2mpq+pn+GD/v0tbS297NalRawrvG0LlqzZtM1C127rYMp/
iU1q4TXvXZ58K9F+5yxX3GjpPizWdPKhHghx/EIq6Wx8WarqQP2m8t5I0/g8nrXErHfBf+PYYp0c
+pWxzHbbTWsKk49TgxGEoV/eSin8jq9b1a/1AIkcFrCidxFyf/Hq5abUtVjmaPbbnB2/6pafLqur
Ou3ygv0WqP8Ap8h3fZP/AEKic+buXhcP7FWko2+RrC31aRFJa1H+z5QqreHVbNFc/Z2XO3/VLVu1
m1vy1BsVP+0x21BfQ6xdMqSWYRO237tLl93qEZONS0uW3yM/+1NQHeD/AL8rTk1fUOwt/wDvytXk
0K/Xk2y/nVm20u88xENnGq/3qlQmdE8Rh1sl+BnprOpjtAv/AGyqaPxFqu5Y1aH/AL9V0sWgam67
YrBH/wB1SayNU8Para3CkWflf+gitXTqJX1OCGKw1SfJJR/Alh8Z6xYjCG2H/butS/8ACztdTjzb
f/vwtZx02/mHzxKlNj8G6rqJ2W8LyM39yNjU81VfBcFSwL96so/gGofEfVZDkm2B74hAqGx8d3j7
hKYOOi+UK3LP9nzxhqQ3CyMEbf8ALS4/dr/49WrD+zdcQbTqfizQtM9VlvFLL/wFaz5cW3ex1LE5
FCHs+aN/JX/I5ZvHtwvVYW/7ZipI/HSH/WQwt/2yWu6tPgJ4DgK/2n8VtOX1WztZZv8A2Wuk034P
/Am2C/bvH+t33r9j0xl/9CajlxHWxyPE5RH4YTfpF/rY8tt/G+nj/WQQ/wDfpf8A4mtW08aaA337
aL/v0n/xNev2XgT9mCyVftFx4x1D/dMUW6t200j9lOEKB4X8X3P/AF01ED/0E0068dkjjq4rK5fZ
qL5Hjtr4q8MPt32sP/fpP/ia17XWvCcu3dZxf9+k/wDia9s0+2/ZeBAh8AeIn/2pNSb/ABrobC1/
Zs+Xy/AOtJ/vag3+NdUHX/59/l/mfP4nFZetpyX3/wCR4noWqeEY7uPNhA6H+GS3iZT/AOOV3EOq
+CmX59A0/d/16Rf/ABNeoW2mfs7yjCeEtZg/7fT/AI1rQaD8BpECRWGvWy9v9IVv/Qq6Un9uk/uX
+Z83XzClD+DWa+b/AMjwzW7nwXNa5XSrODHTy7SJW/8AQaxLe88J27Epp0DZ4+aFP/ia+iJ/hp8E
tSOY77Wrc9vNQPj9arP8B/hbc82XimRPRbi0cfyrphZaKFv+3X/kebPMaSX7ybf/AG8v80eDLqvh
1f8AVWsSf7IhT/4mmy3Ph274e2jP/bJP/ia91/4Zv8Nyt/oPiCwuPRfMKN+oqaP9my3t2yES4/2o
pUf/ANmrpioy91tfkcE81w8PeSm/TX8jxvT9J8G3iLuto0f+60Sf/E1ov4f8GwKu23SR+yrEn/xN
erS/BO3svlNmU/3o67/w3+zfFdwW8zJBb27hTvZcs3sq/wAVXP6vQherJWOGGaVsVU5cOpt9j5/0
jSvD7ReYttEGB2hfJi4/8dqXVdB8P3sYE1vFhem23iX/ANkr7L0f9njwP4PtBfazpsup3Z+5aZ27
/chen/AjWf478IaA2jQ33hzw/ZaZPGcTWE1okmV/vg4ry4Znhq1RU4Qutr9P8/wPXq4HGYWi8TVn
yytfkv71vy+V7vofCOv+EfC1nCsqWy7s7dvlJz/47WdYaV4Qki2vaorjtsT/AAr6n1nwXouqRMut
eG4Rhf8AX2e6Fk/4D0rhb74HaVeRyT6MFv0HzG3Zds6f8B/i/wCA16TpK9+h51DP4OPJUlK54zLo
/g63Xc9qiKO+xP8A4muW1B/CYncxWY2dv3Sf/E169ffCqL5gtntYfw4rlrv4W+dNs8geXnlsYonh
Z292J6uEzvCt+9Ul95528/hY8CzVv92NP/iapvq3hiD5Rbon+9En/wARXqGqfBgIgMUeE7bKwdR+
C4Nk7SjaMcA9a5pYStHY9yhnmXT3m/vOKfWvDmOVVf8Adii/+JqCfxT4fhTCqpC/9Mk/+JpL/wCG
bWqfKgbb/DtxXI6r4X8uNlAKMK4JRqw3ifV4aWX4h6SZtS+LvDzN/qf/ACGn/wATVWTxB4dkfebd
mb/cT/4mvP7zw5dIjEKePSsGSG4hbYd615NWtWX2T7nC5Vl1Zfu5v7z1o6z4cb/lg/8A3yn/AMTR
/bPhr/ng/wCSf/E15NHDcOPkL8ULBdZwBJXJ9YxH8qPQ/sfBrTn/ABPbP7W8N/8APs/5J/8AE0V5
f9hvv7ktFHt8R/IiP7JwX/Pz8TJmksGmdWW5+9/DtqWG206baFt9Rf8A65qrV2p+Msli7pp3hzSL
VQeGeHzj/wCPVY0/45eMZ5wsE9vbxr/z7WiJ/wCy1FLC4Ze7z/8Akv8AwQq1syjByhQsvOdvyTMf
RvBFlfKGkttai/2haKVr6A+AP7N3hbVbqbxR4m1S9tNB0z96Vu7IhZXH3VrB+HXxA+IPjDWLTTrT
V5t8j4Y+WnyL/Ea93+Jv7Tfizw3Y2fg7SJre8sLRAtwZrWJ1mb/a+WvoqWEpwp88Fon6fdufmGb5
1mc631GM+VyT2d9F3uo2T2unfsjyz4tXT/FXVVisNftIdKtf3VrZsrRKi9vl2157N8CdeYKYHhu0
/wCneVTXvvgX4o3njjUI9Nn+GsWtXEnH/Ekt2Sf/AL5Xiva779mS+1nS47nSpE8M6pINy6RrtzCk
rey7Tn/vquqo8Le9aR8zh8ZmeBjHD4anovSX32sfCD/BjWLMYls50H+3EaxdW+FN5n92gQ/3dtfV
fi/wj8SvhZcGPWNGvbaFWws+wvbyfR/u1X07xNd6hEq6hodvc/7Xl4b862p4XC143pyNp8RZtgpc
04r77P7mfL3hn4feJfDGow6hptzNZXkZ3KYK9O1T4aW3xbsmnkso9G8WoPmkRNkN5+HZ69xtdL0L
U13S2Fxp7/3kIdauN8Ori5Rf7Nu4JF/2/keuqGXwgrPVHiYvjGtXqqpL3Ki2f6abryZ8gW/wN1td
QeyltHjnVtrAjpXbaX+zPK6Kbp1DY+7X154c0B5oBaa9ZPDepxFesn3v9lmpbvQUsbh4ZoxFIP71
XSy3Dt8sjz8bx3mUtIu3mj5Qn/Z3tbJUSaN0z0ZPu1SufgbJpgDpGZ4m7qvSvrG60ObVGjtbSF7m
VjwqLlj9K2P+FYJoFosviO/TT1I3Cyg/eXR/Dov41VXC4Wk+VnNh+KszrQ53K6W/b7+h8s6J8NpP
KVW0uWTHAIGK6qL4C3GqRxq2mzqp5CRRlv1219G6bqunWAWPQ9DgLfdFxqTec/8A3z0Wuwg1XxRq
tmY5NRNuCMKLdvLT8gq1nOmqS+D3fN/5XOGWf1qs/dm7+Sv+bX5M+ZdP/ZMuvJWU6RfO5GQr27kf
+g1d/wCGa5LVMXOmyQ47Nbkf0r6gsLbVo0QS6jO7gct57mtq1m1SIfJcXrfQuy1xPEez2hH8TZYr
GYn4qk19x8Y6j+zpYzxkeQ0b9mEeK5f/AIZ/m026SRo1nhXsFxj8K+/WS+vvludNF4P+mtsob+Hu
Np/iqhP4J0ybdJcWdxpv+07q6f4/zo+u4d/xIW9GbQq5vBfuqvMvNW/zX4nw1H8JxK2DbY/CtSb4
NLb2Jd1jiUr8qlea+lNV+EWtOxuNMsJL22Z/la1Yn/x3HFSp8JNfuDFHqAsLFjwGvbkB/wAuteks
RgUr86PMlic6lJJQlb0dvv2PjG9+Hj2DFZEDemBWfJ4Y8v5VgH5V9zXHwD0O0UTeIvFenWka/eS3
jMh+gqilj8I/C5It9K1TxBOP+WrIsafgOP5Vxe3oVP4EXP0T/N2R9FDFYylDmxcow9ZL8ld/gfKf
hLwbqF3a+XDaNEgPzSv8qfnWjqvhTw3pkDjV9Vjncj/j3sl3n/vqve9Z8WeC5iwbwdf3EfZJb9kT
/vlBXOT+OPA9of3Xwws5MfxS3Mz11OUlG3sn+H+Z5scS69TndZL0v+bifOs2taBpGRpPhpJnHSa/
O/8A8drm9a+IniVw0dvMLGL+5aRLGo/75r6Xu/i14RiDBPhXpr/QzH+tcxqvxM0S6BEPwrs0/wBw
zCuWTqPTlcfS3+Z9JQrU07uCn6tv80fJeuahqupMxubmeVv+mkjGuYm0i8lfrn619XXGrW+sXAit
fhjdGR+i27M380qLUNJtNMUNqOiXVhL/AM+cEMU0o/3m+ULXFLDqW8j67D55LDpKNJL5o+YbLwtq
czKI52+boqiunsfhvrmFMoZEb/nqQn/oVes3/iC6hVo9NtYdPi/6aQ7Zf++v/ia5qO8uherLcRQy
/wC15iGpWHpw3OmpnGKrr3Ipf18iPw98GtX1VvvxIg6s0i13Vn8D3tI1Mq5/2vNTFN8M+M7DTZdl
5NJGD/cC/wDxVelaV458OzRYbUW2Y5zsx/6FXsYehh7H53mmZ5tGfux08kc9pfwR1K6jMtt5TRJ1
3SJW/ZfB69iRS8fmL/0yYGuo8O+MdJ1aFLDSZLi9vWGwQQoCf0aulMHh7wyiyeJdcS2lHP8AZ1my
yXH+63OE/wCBV1v2FL3j5GeMzOtPkkrfgcXafDCViFFuxJ/hr0Dwp+z1q2ov5k9lDptr3nvmCL+A
NUrb432ekAw+GLNNKQ/8vU/764b8W4X8BUafEP8Atecvqt3NqDv1LylWqH9Yqfwko+ur+7b8TFyV
F3xLlPyWi+/V/h8z1gfAvwRoFgZNY1yK4cD/AFNngkn2p/hbwL4LuxOun+HZb2SEAqL2727/AMEr
itI1HwzcbS8t1C3+3Irr/wB9KtekeA/FXhvw3dyXEqTSQvEUMsREij/vn7teHiaeJp05Sc5yl935
Ho4PFYavXpwVONOF9bvmfq+a/wCSPQ9D8K6Fa2UKp4Y0233AZR4w7LWofDOjFdv9h6Z/um3WoPC/
xC0HXpliULBkbgzELXVy6hpsLbYwWPZtvy18LiJV6dS04tP1Z+0ZfSwGIoKdGcGlpsv8kZtt4e0a
ziUtpFnvI+RI48V0dhFYNMsy2Ceeqbd+OF9hUVhYRXA3ylvm/h9a6CGwt0XATivHr1b6Ns+0y/AR
j70IpL0X+Rx2q+Ere/vJLmOe5t5nOTwHX/vmuV8R+EtRe2aKJrO7Hb5fKcV62YbZOOKo6iLbZzHx
/tcf+hVdDG1KckomeOyLD4iE5S0b3t/VvwPCNa8PQQ6Aset6Xdzkfde3TIHsdtcDHpXhm0vUngkk
tZk+6rlkYf8AfVfUclis0W23JiB6iIZU/geKx7vRdIld4rvRDOAvLyAJn6Cvo8LnDp3jJPXs/wDM
/N8x4NjVtKlNaLdq/wCK1/A+dr+x0XxP+7lha3v/ALq3iDart/t//FVxOrfDvU7a7dG01wM7htGV
/wCAt/FX1nZeDdEgYLpmk2tqW5dZYC3/ANatiGwvvK8ie1xGOI5I4Yx5f0+Zq9KHETw7tTj7vZv8
jwv9Q54mN61XXvFX+/b7z4UuPCGpwyMFtZBt7baq6l4KvtUdI4tPlklbgKqMWz/u191SeF795HE7
mK3H/LcyoP0CVNHfeHPD1pJGNdtluD/y2d0kcfQV1S4plKNoUrvyf/AMYcASpTvWxPIl1aS/9u1/
I+JLT9knxTqVkLy//s7QrZujalLsb/vkV538SP2L/G2jWc2q29rZa3p33jcaVIZSB7qfmr7P8Sa/
4UvL3GpeMNRukz08hCg/NazNP+I9n4Pnk/4RcRa5A3LQm6RWYf8AXLaDU/XMdXXNy/LlaX3v+vI6
af8AZ2AnyKem11OMpevLG+nl+J+Y938JdWjLgQqCvY1z178Nb1d3mRQr+C1+n2vweA/ivYX0+meH
EtPF6Lvm0l5mtpJB/EVXufwr5I8XyeGItQuLa4tbrSrmN2V4Jxko390/dNevhY08SmmnCS3Tt/Vv
MVbNcXhKi5JKpB7OKf4p2s+66Hy/N4NmsXyrJ/uqi1GYbWy4eBfN+mK9zm0LQ523wz20v+y0mw/+
PVzut+HtJRG82wwv99TkfnVzwiguaJ6lDPHWajVT/I4D+0YP+ecX5UV0/wDwj/h3/n1f86K5vZS8
j1fr9Ds/6+Z87W/hq6muW3QyKuf4hXX6V4b2IsccRLf3VWvo+P8Ab88ZTuwuPAHga6bO3c+jD/4q
vTfg9+1V408ZarJct4M8F6PpVovmTXFvpAVvorbq8fD0J3UKcdf68j6vNs5rwpOriPdgvNHKfA74
IeKvDXg2bWdN8K6hqGtakuy2VLY4RT3Lfw10+nfs4eHPh6j6z8Z/FNppkz/vBoGjTi5v5T/dbslc
b8WP23vif4v8QXdlp2pjS9HiPlRxWQ8rev1FeE6n8VNevbp3uLeK5cnLu4LM3/Aq7+epKKp1JckV
21/H/gHxlPA1KlaeJj70qlnq7WXRWTf5+p9QeJP2jvJ09/D3ws0u38BaCRseeGPZf3Q/vPMP6V5X
NomrX07XkkM17Ozbjc+d5jE+u7dmuF0j4iz4AudPhH+7xXW2XjtCqGG3RG/2Wrvw9OhTXunmY2nj
YPSP+X4WPavhN+0h4y8AY0jXbd/EnhmQbJtP1JfOKr/s7q9U8Y/Cvwh470IeK/BVldWFm65ni0we
Y1q3+3btyB7o3/Aa+dNB+IFzGY/OWN0/uy4Ir3L4W/tFW3gS4Fzb6PpxdhskKu6F1+mcf+O1dXCq
H77C/H91/U+dni60pqhi42p91rb0Vvw2fqcxoPwr8RCdZLKex122/wCnWTEv/Ao32n+ddfbeEdbi
kWK4sJ7dv7rxkV754R8QfDX4vQvd6Ja6bp3iY/M1ncEAM3+70auv0uLxx5y2pEek2sXAlaCExqvs
d1cX9tVKF6coWa3Unb7mr3+4zr8NrF2mpuUXs6ceb70+XlfqzwrQ/hn41njVtPtbgj+FWU7P/HuK
9a8M/CDV/FOn/YvG2kWltHEmIL+1YJOntjoRXVSfGPQPB6Paah4kTWL8DBW2iUqjf8BrnLr416Fr
LE3uppKvZPsrbV/8eryq+NzPHK8KPKujSd/lse1hcp4eydx9viHOfWDcLekt/wAHf0Nm9+Dlv4as
ktPDV3Z6Y7piS6um3XEn0bsPpXITfs8vOWm1DVLR9x++oZ2P610+n/FLwy9usM+onbjCOsCqY/50
mp/E3TvD+x4XvLyJvmicyhYpfyFefSqZpRlZXu+tt/mz18TR4ZxUFUaSilspaL5L8/v1MHS/gBo1
mfNudSDKnzbjEUH4sa9SsPBWjWVpElvFa7FUBAiZrgLP432dzHvuvDJVSf8AWRRiUfpXS6D8TtI1
q5KRX32Z9vFrLH5Y/wC+qxxv9p1FevfT0/Q68ofDVCVsLy3fe6f/AJMdHBosAl2i1ix/eMarWrH4
etGjXMKt7JGKq2GswyvmNY3/ANpGDVsDVlx0A/3uK+dqzrLQ/R8HQwMlze6V08O2YX/jzH4kD+VV
LnRre3P7mxtVf1dctWo+pBIy5UKBWPea3LO/lqoXd2x81Yw9rJnTXjg6UPdj+COQ8UwXdzKsUTtg
H5mjldFH/fNcz4kkbwpFbXlv4YtdRvOkl9Ku1k4+XGeWPvXpIvksjzGryfT5VqK+1WO7iWOe2V0+
9tYV7NKvKHLFwuvuufEYvAU6jnUVTlm9tE7ffc+WvEuu6rqty8ken2O/+5Pb7WH+63SuJ1PVvEls
cPYW1qO3+jKtfUXjW/s4PDV3FaWFs7I2SrKGw1eRW82u667W+mabFcL3Cx5j/wDia/QsvxkZ0+ZU
1FLuz8MzjLZYPEKDq+1nPXRdTxW+8Ua9F/y0VPpAtctqfirxK+dl24H+zEBX0fffCPxDcQNLqGl6
dpVv/FdTTLCq/wDoX8qwbnwb4Q0P57vVhrVyP+WFriOHd/tP1b/gIr1ljMPU0pu8vLX8v1POhh6+
H1xFLkX97T8Hq/lc+dLa78b67ci208Xt3Oegthz/AOO1fvvCPiTQYvO8T63cmX+HSdNmWa4Ps7fd
T+de13vie/Nk9npP9m6JafdMFgVRn+rty1crELizhuLiYW7Mp6tsPFXGnOXvVHy/1/Xc6v7ShD3a
FNP5fl/SPCtf8R+MNStntdKs7nQdP+6xtbk+dJ/vueW/SvP7jwVrVzJ+81WZHPa7kIX8wWr3jVfF
EIeSOW0ROTjaAtcTr2s2U8bh7CVv9zBrnqYen8TZ9Vl+ZYmyhTopL7/zPOE+FGtXbAo+n3p/2dSj
Lf8AfJbdU0nwd1aMA3NnaW6+rz8VtG2sJ9rS6XLaR/8APa7kjhQf8CYrWtpvxB+HPgxd15rWtXty
P+XXRmKRfRpW/wDZVrgcKcPemfV/WMfVajQjr6f5PQ5TTvhLc395HZ2up6e07/KIIpndv++QK7my
+B/h/wAKSq3jDxzpqOvzf2RpMpluT/su23an/jxp7ftf6JCjWun2T2NmV2mNbSN5JV/25W+ZqrWv
x18A3sge48E2F0x6yfZ/KY/98MtJKk/hkjmqvNk7VKUlG3Zb/M6R/Emn29o1hoOs6f4c04jayWEM
hmlH+3L95v0Wsi30jQC2ZfEPmMepW2cmtjTPjL8Ktq+d8Prdm/2J5R/7PXSWfxr+FMQXZ8OUP0vn
roVZR+x/X3ngywlbvJeqX58rMrSdJ8OkL/xO7rH+za112naX4cUcaret/wBsAKfpnxn8B6jKsWm/
C9Ll/wC6LqU/yrqoPHGk2kfnz+AtC0iEc5u5JJW/753V1wrzfw03+H+Z85jMLyfxK1vvv/6Sihaa
V4cGP9N1CT/ZUBa7vwh4Kt9TuIzp2ma46j/lunyKP+BYrmk/ah0Dw+gXSfCmjNdL0mFqFUfTNZ99
+1V4p16RVfVJbGI/KsdmFiUfiFrnnUxdX3YRUfNy/RIxp5dh4pVa05PyUf1bX5M+mdL8MaV4aS0u
P+EYuNQ1BRuM88qQrH9TwpNaVrf2U+rLJNqmmRO3P2c3W+VfbaODXytD4vuvEMii7vLq67lpblyt
VrnWLPTbnCTqWXud1cTyOdX3qlX3vn+r/Q648Rxw1qNDD6R6afe7JN/Ns+2LXx5pVvJt8q6mdO7r
5af+PVeb4o6ZAMOLdPYybq+TvD/xcFtp0Vk0sEyDd+5nG9fyNdRZ/EPQLxf9Jt/sj/37M8fkf8a8
Orw64yvKLaPq6HHVaMIxi1B+a/XX9D6CPxd03tKoX/pliqN38TtLm3HbO7f3tleOJ4j8Ozx/utc8
hv7txbsP5ZqtcXWnTL8niPTl/wB5pF/9krOOS0IvaS+T/wAi6nGOY1I+7OL+a/zPX5fi1Z2aMscN
wR7cV5p40+Ous/anGnl7W36DLHdXDTXPh+3uJ11DxbblG/ht4pJWX9BXM6v4s8B6HM3lSXOsyjkf
apRDEPwXn9a9jC5Vg6U7uDl8v87I+bxvEOdYyn7ONRQXk1f8Ls7LSfip4s8QXi2VrcX91KT0ic7l
/wB6upj8ft4MZZtY8Q3mpX6HjTLe73qG9JH6fgK+e734zSakHsbK9g0yzYcW9gvkq/8AvN1b8axb
DxHbrep5s/y+tew8uoV9HGMY+W/3/wCX3niwxmOw3v8APOU/Nu33dfn9x9J3P7QV54oWaw8RaWk+
iy/LstN0ckXuG3fNXD6/pmmWMxlsdWuo7SYZje4+Ybf7u5a8+k8SRKc+YCtVr/4t6boNk8F+UuLS
X5XhB+Zf9pfeuiGAw+CfPh/dXbp/w5xVsbmebtU8X+8fRvdeXp5dOh0t5YTum+OaO5T+9A++uD8V
Wq3Y8v5omTncTsrDvLyGyi/tbTtSa40t/wDVzRN9z/Zf+61U/wDhcgQeXJPb3sY/hmAau11o8vLM
rDZXiKc+eir2+Vje8N/EDXvB8sMo1GLVordt0cOqN5vl/wC4/wB9P+Astek634w+E37RdlHbeKNv
gnxXGm1dUV1kt5T/ALb9f++v++q8Mk+IXhTUpClzpwjZv4rZ/wClZ9xY+Dr2TzLfVGtJG/huE/8A
ia8fEYWnXalCXLJdn/SPscJXq4a/t6b18r/lqvVWPQNV/Y38dxyedoC6P4l0g8x6hY6jGEx6ncy4
qC0+FfgH4Xg3vxI8a2l9dw8r4b8K3QuJ3b0lk+4lYXhPXb/wfIW0HxEAjdYIrkFH/wB5DWj4g8Ye
HNcjY+JvBCXkn8V5pkHlOf8Aa+X5a45YbEWtKp7vkj1VmFPnSjRb+f6WX5nU/wDDQnwR/wCiOj/w
YrRXmv8Axaj/AKFjxN+YorD6nH+aX/gT/wAzv+ur/oHf/gMTxX4X+DdT+KWuNZ6XYtHbRHdcXjj9
1CndmavRPid8R9F8F6MngrwpMrwQ8Xd8n/LZ+5rifF/7Xd/qmjv4f0DwbZeFPD/T7Fpjkb/999u5
q8in8YwyBm/4R9FLfxF2rCGLhTp2g9fRn188ixePxPtcVC1OL92N07vu9fuR0Fx4ltoEYmQb6qWv
iG0ml+dwi/e3NXEX2ri9fK20UI/ujdWezE9HryamYRTsvyPuKGQwlD33ZnqUvjPSrUbY8u396qMn
jK1O6SKeRG/uqBXmzKcdaUZxWf8AaUn9k6o8OYWOrkz0m3+IMS7Q08xrdsPGccyZiuX/AOBGvGlJ
Wp7e8mg+5mtqWYy6meJ4aws4/u9z6G8P+NpIHVxLIrDoyvivYtH+MOo6hpkNtPrN/PEg2mKW6dl/
753V8caLr1xBwEZv9nFdLY+LLuM5jt5VP95a9mjjE/iR+eZnwzduMGfZfh7xMt2+FbgdWL11B1q2
urjEUy78YNfFmkfFHUrDdFIJlRq6Cy+Kt5GVbL4HbFe5SzKCR+Z43gyup8yZ9df2/FYt5csgVvrX
a+FPiaukweWI4rm0f/WQSn9V9K+I5PitcXsyFo5EVBgV02j/ABDvpEXy7aR09TwK2liqOIjyTjdH
iy4XxWFtUhKzPuVvG/2i18/QPKu8HMlq3+uj/wCA91/3a0vCvxY82eRL+zt1hIwXK5cN7V8VW3xT
1LTCs6WcqMnIkib5lrufDH7RkurSrbapo0ep5/5eP9VMF/3h97/gWa4J4fDzXI1f8zNYXM6D9tTd
relv+AfYfhzUrG71GeSCeSUD598LsHA9a7XS/E+oT3AtdPvnvG7RzIrV8oeFPjTo3hzVodRsrLVY
riP/AJZmRHQr/dbheK7fVf2wXt7SYaB4QtdMmkH72d3yX/75Va8HG5bVnNKjT5o2620/ryPpslzO
NCnJ4qr7OV+ieq8rW19dD6nuPFkGnwrFLDDdXiAecU2iOM+7VxWtfGvQNPvZ7WO0cy/deQsyrn24
NfGGs/tG6xrRCyfaXC/dhiARB/wEVyWo/FfU1ke4ltJ0zSw3DlCHvYif3XO/HcX5rX9zB07L+9Zv
/h/P8D7pX4t6dcSnytMklz/cvk/kaivfilDbpn/hE9UuBj/llMGH/jpr8+rz476gowsTf8CFU0/a
D121fMMksWP7mRXbLJ8Evhl+f+Zw08xz+ovfS+6P/wAifYviH4s3CXFxJb/D/wAozffN4ZJd3+8v
Sua/4X/4s0+B7e00yDTYifu2sAj21852v7W/jbTwogvrjj+FiWrcsP21/iA7rH5Vrcjv51qh/wDZ
a3jh6MFyqkn6t/qmczwuYTftZVHF+SivycTrvFHxE17xCxe/W6u/7olc7RXF3niHUY+Ft2UemK6S
P9szxGExc+HtEuT/ALenCsvUf249SsmxP8PfDM4PQ/ZGGa63i6tFWjTSXk/+Ac1LJFXleUuZ+a/+
2ZxupeKtR2sMMn4VxOseItSVmcSSq3+zXpN9+3zKA2PhX4Wf/etmrmdS/b5uzu8v4UeFE/7dWrjl
mNSXxQPq8Fw7Ug/dgjyvU/G2ujcI2m/3sGuS1LxH4nvdwN3ehf7qsQterah+3d4hkZvs/wAP/Ctr
/u2O6uavf23vHM24QaN4fs/+uWlp/wDE159TEqfxNn3WEybE0fgoQ+9Hk91Y63ePudbpz/eZGNRx
eD/Ed22IrDUJf9y3dq9Auv2vfibeL8mo2tmp/wCeFjEn/stYl5+0R8S9SXEvim7RW/ubU/8AQVrl
vR+02fRwp5pTVlTpr5v9IlHTfhJ4yvHVl0LUGX1eNkX9a7XSfg34gtVDX72Wmp63V2gYf8BrzbUP
iN4v1Hc13rt7OvfdMayRql5dHM93K7f7T1ar0KeyZlWwGaYxe/Ugo+Sb/Vfke/23hbw1pR/4mXim
CRh1jsYWkP51pQ+KvBGjf8eelXGqSDo97JsX/vkV8+2fzBS8rN+Na9olu+0OSy/WuqOPX2II+dxH
DvN/HrSfpovwt+Z9D6X8bJER4IRb6VG3QWyKv/j1T3HjK1uEaSe/WRyPuk5Y14LBZWyNvjz+bVrx
zWgHKN/321dsMfO2p4dbhnCRlz0k/uO1n8RwwStk4GeMNTF8YJ2kxXEXElvLtHlFlHT52qqY4m+5
AV/4G1ZPFT6HbTyOjJe9c9U074qtpkZga7dVJ3D5/lqSf4pmU5Mgx/e315XbaXFczKHj2r9WrSHh
uwYf8e//AI+1UsXX2RzVcgy6D5p3v6f8E6zVfit5qIsM2GQ58xTVjSvjrqOmp5b3LTJ/tH5lrz+b
w3Ak2xIty/VquW3g+CRFd0K7uiqWpLFYi+hrLJspVK01deh6Yv7QssiYMsq/7uKqyfHy+iLfZXYE
93Of0rz+48IRIjGON22/w/NVD+w4l+UxFfxareMxK6nNT4fyZ/BA7+P4xXl3OBNMFDdWH3jSXPj0
Tbh5CNn3+avPX0SJePL/AFarNjpsKbkkD+3ztWaxVXaR2SyPL4LmpIuaj4uu4pXMTHaDxtNUx8Wt
VgGx5d6j+996nzaDG4/d2x/77asa58MlpGxAVrnnVrR1iz2MJl+W1FyVoFyf4uaxMGUTsi/7JasK
98TahfHdLcu49zV7/hFZFX/UUqeGtn37d9tczq15/Ge3TwOV4f3qUEP8G/ErWPBd4Xhf7VYy8XFl
PzFMv0rr9X8KQfEKyfVvA90wuVG+40SU7Z4/9z1Fcivhy2VsSKU/CtXR9OttHu4ru0nnguIjlJYt
ysK3pSnbknqv62PNxtDCqXt8KuWoutrp+Ul1/NdGcSsmp6RePHcedBMjbWSTcGH+8K1U8QXEyqFl
aNq9xh+IvhXxNbpaePPD41bA2jU7P9zdJ/vMvyt/wKnL8L/gxrDebp/j260tW/5YanYPuT/gS0nC
UPglocscdSrL/a8M4yXVK6/r1R4al1f3DY89lr0j4SeAPFfj7WBFaXtxaaXB891fMzBIk/i+au80
/wAGfA7we63OqeL7/wATSJ8ws9OtHiV/9lnaoPHnx4s/EOjL4c8OWQ8M+G1GPstrnfN/vv8AxVrS
ai/fkedjK060fZ4Sjv1a0Xmen/8ACLeAf+h6m/7/ANFfM/8AZWjesn/j1Fdf1nyX3ngf2DU/5/y/
8BX+Z9J3H7DvxYkkZh8Kbjk/9BrTv/j1Z95+wd8Xp49qfCydf+41p3/x6v113GjefWvzx8QYpq1o
/cfqEeG8HB3Upfefjs3/AAT3+Lrfd+Fkv461p3/x+oG/4J3/ABfPT4XSf+DrTv8A4/X7Ibj615H4
7/aR0T4e+L7rQL/Tb+aW3WNmng2FSHUMMZYHvXlY3in6hTVXFSjGN7K66/L0PcwHClTMqjo4PnnJ
K7tLorK+vqj8yv8Ah3Z8YP8Aol8n/g607/49SD/gnX8YP+iYyf8Ag507/wCPV+oXh79pTwH4idY/
7WbTZWOAmoRGL/x7lf1r0u2vIryBJreZJ4XGUkjYMrD1BHWnhuKVjVzYacJLysysXwvWy+XLilUg
/wC9dfdfQ/HYf8E6vi9/F8M5f/Bxp3/x6pY/+Cd3xbHX4aTf+DjTv/j1fsTuPrRvPrXf/beI7R+4
8x5LRf8Ay8n95+Qdv/wT8+LcH3fhrOv01jTv/j1aUH7BXxYA2yfDm4VfbWLD/wCPV+tW8+tG8+tW
s+xS6R+45pcO4We85/efk8v7B/xNQcfDi7Le+r6d/wDHqmj/AGHvinHwPhfO3/cZsP8A49X6t7z6
0bj61suI8Uvsx+7/AIJzvhbBy3nP7z8q0/Ym+KcZyPhdP/4OtP8A/j1dXY/sqfE+1gijb4W3K7Bj
/kM2B/8Aa1fpTvb1o3sO9aR4nxkNox+7/gnJW4My2urTlP8A8CPzj/4Ze+JyrgfDG4+n9sWH/wAd
rIsP2T/ivp14LiL4Z3A+b7o1mwxj/v8AV+mZYmjcfWtHxVjn9mP3f8E5Y8B5XFSSlPX+9/wD4O0H
9mrx6y7r7wVdWR/upf2cn/tapNW/Z2+IESFdP8C3Vzu4zLf2KY/8jNX3bvY96N59aX+teYXv7v3H
O/DrJJRs1O/fmPgCx/Zw+IttbjPw3uPNzk/8TWx/+O1HN+zj8SZD/wAk3uT/ANxax/8AjtfoGWJo
3EVX+teP7R+7/gmf/EOsn5ua8/8AwL/gH5sah+yb8R7qcvH8MbnafTWLAf8Ataqw/ZD+JPf4Y3P/
AIONP/8Aj1fphvb1o3t61H+tON/lj93/AATujwLlkVZTqf8AgX/APzQT9kj4kDp8Lbr/AMHFh/8A
Hq3vDf7K3jqwvFe/+F969uRhkg1rT8/+PS1+iO8+tG8+tS+J8bJWaj93/BKXA2V/alN/9vHxNF+z
XqLxgP8ACbVFb/a1yx/pLXNeL/2RfEGqQgaV8PNRtHX5ts+rWLhj9fN4r7+3t60vmN61yLiDHJ35
jujwflEFaNN/e/8AM/Li5/Yt+JbuQPhdO49RrNgB/wCjazJ/2Hvie4+X4Vz/APg60/8A+PV+raOc
80/NbviPGS6R+4mHCOAhtOf/AIEfkXdfsHfFiT/V/Cydf+41p3/x6sq4/wCCfPxfm6fDGZf+41p3
/wAer9idvtQR7Csnn2KfRfcehT4ew1P4Zz+8/Gh/+CdvxjcY/wCFaTL/ALutad/8fqpP/wAE4vjO
33PhvP8A+DvTv/j1fslr+t2HhnRb/V9VvIdO0vT7eS7u7u4cJHBDGpZ5HY8BVUEk9gKybj4heG7W
Hw7NNrtjHF4ikSLSHadQL93jMiLD/fJQFhjsM1k87xL6L7jrjlFKG05fefjjc/8ABN347PxF8OZl
X/sOad/8fqqP+Cavx8Tp8O5Nv/Yb07/5Ir9i9J+L/gvXb3SbTTvFWl3l1q0l5FYQw3Ss1y9oQLpU
GfmMRID4+73rpdP1O11eyhvLG7hvbOZd8VxbyCSNx6qwJBH0rJ5viH0X3HbTwkaaspP7z8VY/wDg
m/8AHxP+aey/+DrTv/kirkP/AATq+PSdfh3N/wCDzTv/AI9X7Tbj6mqWua5Y+GtF1DV9VvItP0vT
7eS7u7u4cJHBCilnd2PAVVBJPYChZvXXRfcKeDjPeTPx3tf+CfPx2h6/Dif/AMHmnf8Ax6r0f7An
xvQc/Di4/wDB3p3/AMer9NfCX7VHwh8eeIrLQfDvxK8N61rV6xS2sLLUY5JpiFLEKoOTwpP4V6nu
Pqa0WdYldF9xyPKaD6v7z8gY/wBgr41L1+G1x/4O9O/+PVci/YP+MQ+98Nbr/wAHenf/AB6v1xyf
U1k6d4v0bV/EWsaDZara3WtaOsD6hYRShprVZlZoTIvVd4RiM9dpq1nuKXRfcc7yPDv7cvvPyvh/
YU+LadfhtdD/ALjdh/8AHqtw/sOfFgEBvhzdIv8AeOs2H/x6v1byfWjJrRcQYpdI/d/wTnlw5hZ7
zl95+aWhfsMeMbaNjqHga/ndv4YtWsVUf+Ra2V/Yx8SRDA+HGpOo/hGt2P8A8dr9FMn1o3H1NZPP
cW3fT7jX/V7AuPK0/vZ+aGsfsa/EO5lK2Xw6v4rcdFk1mw3f+Oy1jv8AsS/Exlx/wru8/wDBzYf/
AB2v1I3H1NJk+proXEeLStaP3f8ABOD/AFTwSd4zmvn/AMA/K5v2Hvih2+HN3/4ObD/49T7b9h/4
mpMGk+HN1t/7C9h/8er9Tsn1NNlmWCJ5HbaiAsxPYCn/AKxYr+SP3f8ABL/1Xwlre1n/AOBf8A/M
+2/Yt+IaL8/w7uc/9hex/wDjtJffsV/EGaD938PLrze2dXsf/jtfZ/iH9prR9D1SezSye5MR2lvO
28/QKcfnWX/w1lpf/QJk/wDAg/8AxuvVjmObSV1Rj93/AATyXw9lUZa4id/8X/APknTf2J/H0y4v
PA9zbY/iTULF/wD2tSar+w949iTdZ+C7i6P91tRs0/8AatfWr/ta6Yo+XSHJ9Dckf+06pz/tfW6A
+X4dMgHrfkf+0qlYzOG7+yX4f5miyXKYq3tp/e/8j4sl/Yf+LE828/De52/3RrNh/wDHqvH9iT4m
kD/i3Fyv/cXsP/j1fW0v7ZrJny/CG/8A7imP/aNV3/bTuQPl8D7j76uB/wC0a1WKzhf8uI/h/wDJ
DeVZW1b28/vf+R8l3H7EXxReJgnw1uWbHGdZsP8A49WR/wAMH/FrGP8AhW9x/wCDrT//AI9X2DJ+
23qKdPh+CvvrY/8AjFRH9uLUlz/xb3/ytjn/AMgUnic4f/LiP4f/ACRpDLssp7V5/j/kfIP/AAwX
8Wzx/wAK4uB/3GrD/wCPU5P2Bviqq/N8P7vd7axYf/Hq+uz+3JqQ/wCaeZ/7jY/+MV6n8Fv2itL+
L9xc6e9hLoWuW6eY1hPMJQ6f3kcAbgO/ArnrY3NKEHUqUYpLyT/JnTDLcvrSUIVpX9f+AfAH/DCX
xU/6EG7/APBrYf8Ax6iv1ZyfU0V5f9v4n+WP3f8ABO3/AFfof8/J/f8A8AKKKjnnjtoXlmkWKJBu
Z3YBVHqSelfMt21Z9Sk27Ikr5h+Np+F03xJ1KLxMNft9Z8uHzbix2mHHljbgHPbGeOteqa9+0V4C
0CVopNbW9lUkFbGNphn/AHgNv615J4p8Q/BX4n+IZ9U1S91fT9QuAiNcbXRflUKDjDAcAdq+B4hx
2ExeHWHoVqUpqSdpyVtn9z18up+lcL5fjcDiZYrE0K0YOLSdOLve6fzWnn0OPj+DHhjxev8AxRXj
m0u7sjK6dqyfZ5m9ge5+i1h2Os+PvgHrgt2+06X82TaXH7y1uB3IGdp+qkGuv1f9mhNW01tV8BeJ
LXxLbr832cuqyj2DA4z7ELWT4c+LF9owl8H/ABF0+bWdDDeVLDeoftdkf7yMeePTr6H1/NauGWEq
RnVg8NN/DODbpv8AFteqk7dYn6vRxbxlKcKNRYumvipzio1UvS0U/SUVfpK59GfCD456T8U7f7MV
Gna5Em6Wxdshx3aM/wAQ9uo/WvTK+EPH/gO8+FuraZ4g8Pai95oV0wn0vVoG+ZSOdjnsw/Xn3FfV
XwR+K8PxS8L+dKFh1izxFeQrwCccSKP7rYP0IIr9MyDPquJqvLsxVq8dn0kt7rptrpo1qj8l4l4c
o4Wis0yt82HluusHtZ31tfTXVPRnotFFFfeH5uFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB
RRRQA+L7x+lS1FF94/SpapFIKKKKYzyf9rT/AJNa+MX/AGJus/8ApDNXyJb+F/iDo7/sfXvifx5p
3iTQLjV9P+waVa+HhYy2mdKlKb5/tEnm7U+X7i5PPHSv0Pl7Vl23iHSrxbBrfU7OddQDNZmO4Rhc
gDcTHg/PgcnGeKQj80tJvNX+JOp/B+LUtS1G91C4X4oWUdxDM32kKu1I1RhzkABRirHwq8e6Zpvw
k/Z80fWviV4h8M/CV9Dul13W9L1ee18jW40g8vT5ryLD20aK7lYgyAt8vOMD9HtZ8X6F4dvtPstW
1vTtMvNRk8qyt7y7jhkun4+WNWILnkcLnqKuXer2Fhe2Nnc3tvb3d87R2kEsqrJcOqF2WNScsQis
xAzgKT0FFwufA3gbxN8RfiLr37O/hbxL4w8W6ZoviM+L1ku7e6fTdR1jTLYQNp087IFdJChDBwEc
hs5+ck/Q/wCw34q1j4hfsqeENR8UalceIdTkbUbKe91BhJLcxwX9zboZWx87eXEgJPJ5J5Ne5xap
ZXGo3NhFdwSX1skcs9qkqmWJHLBGZc5UNsfBPXa2Ohqlo3i/QfEd7qFnpOt6dql3p8nlXkFldxzS
Wz8/LIqklDweDjpSEfEOrXD+C9G/bf13QdukazpFws+n31mgjmtHGkxENGwGVOeeK5H4+eI9e+GX
gzwb4ZT4ieOp/EGs+Gb7xSPEGreKLu0iub94oQtrbR2kJkmlDgtHa+YkKKzEh9wx99eKfir4K8Da
hHYeJPGGg+H76SITpbapqcFtK0ZJUOFdgSpKsM9MqfStK48X6DaeIbfQJ9b06HXbmMywaXJdxrdS
oM5ZYidzDg8gdqAPgjxd8bPir4W8BfDLUdG1vUdev/jJ4B0nRtMk8zemmeJWWBXugQMRBobmaVsf
x2uT7J8YvE3jLwv4k+O/h2x+JWoaFbeHk8EW0eq6jLeFGje3uBcCe6tlaW0WcohkuQRg9WG7Nfel
t448OXviOfw/b+INLn16BS8ulxXsbXUajqWiDbgPcil8T+NvDvgqCCbxFr2maDDO2yKTU7yO2WRu
OFLsMnkcD1oA8H/YN+IGo+PvhBqZ1E6xdNput3NnFqWqa0dZhvEwjh7S8aNHmgBcqpk3sMEGR8cf
SVYup+NfD2i3OmW2oa9plhcaowWwhubyON7snGBEGILnkfdz1FX7vV7CwvbGzub23t7u+do7SCWV
VkuHVC7LGpOWIRWYgZwFJ6CgC3RRRSEFFFFABVDXpUg0e7eQbkEZyPUVfrnPiJIYfBOruDjEJ5/E
VrSXNUivNETdoN+R8PXMMN74nlQsSkt6VI9QZMdfpXq+r/A/TtKu/E92JzNpcEMjaWgl+d3jmWOb
dxnCMdpzjJYEZAzXjYcT6tzMsG+4x5rcBMv978Oterar8L/EUmvX9ppOs3Mw8iN5rvUpxCl+1xJl
RC4ZllEjJuGSCSvI3DFfpGJk4OKVTl/4df8ADfM+JoJSUvc5v6Znav8ACS0sNcezu9TOnyubu7MV
paNNbwWsDTbtrs+5n/cthD2Iy2aji+DFvPJbqdeMLK1sLlpbXaii4iaSERsWw7ELg7toDEc45GhH
4B8fX091paa2LgPavqWIdReWK4Z9ySKCoIMhPmRnOASSMnIzF4r0jV/BWi6LdWnifU/3Vwtvbx+c
yC3ElrDKxXB4/wBcV47D3rnVWo2oRqpt/wBdv6/A2dOCTlKm7f15kmi/A2wbXbC31XULxN8kU8ts
bII32d7n7Ois28hZS+Ny8hQSQWIwed+IHw/sYre01PwxFe3NrNbS3t0kkAjitoxcPEu3LsQMrjBL
HgHPzYHYePfhv4h8HacRpviXUb2ysXlvZI5ZfLETxMn71NjsA2ZFwCQ45OB1rMj+GPixLS3sdW1a
VNPWW6tk062vPMdSkbSyEKTsCllG7Lbu4U5GSlXbarOsmu3l10HOilen7Kz/AK6njjRlRyOPWoyi
t2r022+CPii8n0+KGKzY3ZUfJchzAGjMqmVVyy5QEgYJOOAeKnn/AGf/ABMlxFDI1gkst8bFB5zc
kJv8zhMBduflP7w4ICZBFep9coLRzX3nB9WrNX5WeTmE5OMYruP2c43T9onwkwyo8q8DYPX/AEaQ
4Pr61zWpaYdOvrm28+O4MEjR+bFnY+DjK5AOD7gH2Feh/s26Y0vxi0K72nEIuFJx628gqcbJfVKr
/uv8h4WLWIh6r8z7booor8oP0Ax/FvivTvBPh+71jVZhDaW65OOWc9lUd2J4Ar4g+KPxn134n38g
uJnstIDfudNhchAOxf8Avt7nj0Fd5+1r46l1bxdb+GoJCLLTEEkyjo87jPP+6pH/AH0ag/Zq+DNt
44u5vEGtwibR7OTy4bdh8txKME59VXjjuT7GvxnPsfjM9zL+xsC7QTs/NrdvyW1ur76H71w5luB4
dyr+3cxV5yV49Wk/hUV/NLe/RdtTzjwp8KPFvjaJZtH0S4ubYnAuHxHEfozYB/DNbOr/ALPXj/Rb
dp5vD8k8ajJ+ySpMwH+6pz+lfdsUSQRrHGixxoAqoowAPQCn161PgHBKnapVk5d1ZL7rP8zxKniT
j3VvToQUOzu3991+R+b+geItY8Fawt5pd3caZfwthtuVP+66nqPYivoKKXSP2ovCM6PDBpnxA0yL
crr8q3C/zKHpg/dJ9Ovf/Hv4KWfj3QrnVdOtkh8R2sZkR0GPtKjkxt6n0Prx0NfIvgjxbdeBvFWn
a3aMySWkoZ0zjenR0P1GRXx1fD1uGsT9Rxr9phqm/Zruu0o76H3eGxVDivCf2hgF7PF0tu6f8rf2
oS218+x6J8HNbS4n1L4Z+KFddM1V2hhEo+ayvBwCuemSPzA9TWR8Odfvvgr8XVgv2MUcNydP1BAf
laMtjd744cV0X7TmhxaR410vxTpJKW+tW6XaSJx++XHzD3IKH65qh+0TFHrN54X8WwLtXX9KjlmK
jjzkADfoQPwrDERrYFSSlephJLlfenJ6fJO1vKTR04adDMHCTjaljYSUo9qkVr82k7+cE9z7YBDA
EEEHkEUtcb8HfED+J/hj4c1CVt0z2ixyHuXTKN+q12Vf0Bh60cTRhXjtJJr5q5/M2Kw8sJXqYee8
G0/k7BRRRXQcoUUV8Nft06h+0/Z/E/R1+Cmqw2Pho6SrXMb3unQk3PmyZO25Ib7uzkcce1MZ9y0V
8T/tCft86l+x94W+F2neLvCMvivxHrmgx3WoXEOoxwhLlFjWUfKjK2WYnKnHpX1H8FfiUnxj+E3h
PxvHYNpcevafFfrZtL5hhDjO0tgZx64FAHa0UUUhBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGH45
1m78OeCvEGrWFlPqV9YafcXVvZWsLTS3EiRsyxoigs7MQAFAJJIAr45+F/wa+Ifwz8TfDSC/ttUv
9C+Hd7a2VhOivM+oRavCyX7ygDO21mkT5uiopJ2gGvtfVtWsdB0q81PU7y307TbKF7m6vLuVYoYI
kUs8juxAVVUEliQAASazPB3j3wx8Q9MbUvCviPSfE2nK/ltd6PfRXcQbGdpeNiM8jjNMZ5D8c9Gv
7jWfG1vDomo6pP4m8JQaLotxZ2D3EdverNdljJIoIgGZ7aTfIVX9yecqBVfxH4O8eP8AG7wX4jvv
D2kapFD4lnSDU7fVrh3stMNjfIFaD7HthyrqzN5jeZN5SFgpQx+rX/xf8B6Va65dXvjbw7Z22hOk
WrTXGrQImnuz+Wi3BL4iJf5AHxluOtXPCXxH8JePtDuNa8MeKNF8R6PbyNFNqGk6hDdW8TqoZlaS
NioIVlJBPAYHvQB5v4Fn0PRv2hvGyaT4Z1LSIdYsLGKS8i8MXdraXd/DPqT3Uj3HkLEzFZYT5rNi
TcoVmPFUfg94G1fw98RLO3SeS78M+FtDudAt7ufRJdNlnZriBkDPI5+1FFt3JnRFjYykruLNj1Xw
n8SPCXj3SrnU/DPinRfEWm2zFJ7zSdQhuoYmAyQzxsQpA55NJP8AEnwja22g3E3irRYbfX1RtIlk
1GFU1EOFKG3JbEoYOhGzOd646igCt4/0mXxUul+HfJkbTr24E+pSbCYzawlXaEnpmV/LQqfvRmXH
3a80+IHgbV5vidFb6JPJPFrOuaTr+oJNokrLaraPCrFNQ3rGgaO12+RteQmVj8qyE16d/wALX8Ef
8J1/whP/AAmPh/8A4TP/AKF3+1IP7R/1Xnf8e+7zP9V+8+7935unNW7rx/4XsfFtr4WufEmkW/ie
7iM9vost9Et7NGM5dIS29l4PIGODQB5/omuaZ4o+KyWtxoGuaMNC1C7/ALMjfw/ew2txdNHIs969
z5Igw6vKsf7z5t7Mcs6Bd74w6hb2mjeQ0HiCC+u7eaG21jw5ov8AaVxa8xloseVIEEuApLKFwpyy
EKw6yfxXolrc6rbzaxp8NxpVsl5qEUl0ivZwPvKSzAnMaN5UuGbAPlvg/KcVYfiD4WuPCU3imLxJ
pEnhiGN5ZdaS/iNlGiEh2abdsAUggknjBzQB4D48+GniBvh9o9hpNsul+Ite8H2nhm40WLRpr+2s
jCpIMd2JAtp5T3DHfKzlxEhUMyCtnxH4O8eP8bvBfiO+8PaRqkUPiWdINTt9WuHey0w2N8gVoPse
2HKurM3mN5k3lIWClDH9CUUAFFFFIQUUUUAFcd8X7kWnwz8QzE4CWpOfxFdjXD/G6xutR+EviqCz
iM1y1i7JGoyWxzgfgDXThre3hfuvzMa1/ZSt2f5Hw1ZSzz6pCsAV5ZJx5avgqWLcZzxjJr1rXNS8
fW+tjStOe11O40wwTzWmhWA8uxkhkkZFZQgAIZnJxlWz1NeJaZqEM4t58LOmVLpuxn1U45HpXuFn
8cdI/sjUBPpMiyQHT10+2a+lNxL5DzPvkuFUEhCyDBA+U4HIyP0nFxneLhDm+7uv6/U+Jw8o6qU+
X+mZGi+NfiFpen2rWVpcPbzyG0tn+wB8yiR3wnGd4aV8Hr8xA6VFrdp428Q2NjZ3Nrc3lwbqXbp8
VkRNE8MUMZJwoB+QRjAJIxkgZ51rb9pTUVs7OK40qGSSOZzcCGQRRzQt5m5QAm5WHmthgxUcfKec
0PDXxutfCa2kVl4cSWCynuJrU3V0ZJI/M8oqNxXnBj5OMkNxtIBrm5K8ZOaopP5a79fuN+ak0ouq
7fPy/wCCdBe694+mtbHUvNtr6XUI0f8AsyDTQwuDOZFPnIE2M/8Aoxzu54XGdpxR1zxZ8Q9B0iPU
9Stl0+1v7qdWuRZRq7zYdHWTjOcGQDdzgHH3eILD49NG1k76NIfsxiLG3uthfYbo45Rhg/aQCDkE
IR/Fxy/ijx4vijQrPT30xbJrS8uLmBoJD5apM25o9hB6EJg54AIwc5E08PPnSnSio37LbX/gDnWh
ytxqO/z30Llj8VfE1lcNPb3sLMxj3I0CMHEcJhUFSOR5bEEd85681JH8YPEdp5qxrp8KSzieWNNP
hCSMBhQyhcEDAIHqN3XmuGBI5BwakErtgfe9iM5r0XhqL1cF9xxKvVW0mS6pqVxrWpXV/eSGa7uZ
DLLIeNzHqa9Y/Zki/wCK8t2A4Bf/ANFPXk2wSnlGQ+w4r6A/Ze8L3S3E2rPEy26yERu3G4bCCQPq
cZrjzGUaeEmttLHTgoueIi/O59J0UUV+Zn3B+e/xduHuvij4qkkzu/tGZefRWKj9AK+x/gDYxWPw
f8MrEqjzbbznK92dixz75NfK37RnhyXw78WdYLKRDfkXsLY4YOPm/Jg1e8/sp+O4Nc8D/wDCPyyg
ahpLELGTy0DElWH0JK+3HrX4rwzOOF4hxNGvpKXMl681/wAUrn79xbCWM4ZwtfD6wjyN26Llt+Dd
j3Giub8f+PtM+G+gf2xqy3D2nnJDi2QO+5s44JHHFYnw5+Nfh74o6heWejJerLaxCaQ3UIQbScDG
GPNfrc8fhaeIWFlUSqPaPU/FIZbjKmFljYUm6Ud5W0X9XR39fnd8S9Ph0z4heJbSAAQRajOqADgD
eeK++fF3iiy8GeHL7WdQkEdtaxlyCeXb+FR6knAH1r87tSvrnxDrVzduDJeX1w0hUcku7Zx+ZxX5
jx/WpuOHoLWd2/Rbfi/yP1zw0w9VTxOJekLJer3/AAX5nv8A8QNAbxT+z38PtRu9X0jRIbKMJLea
5fJaQgMuxV8x+MnaOM1h+LrDRte+CPgpIvHfgopo91cWdxqDeILcWgkcl0iEudpfaAdvXHauZ/4K
d6D/AMIv+wNFpJwWs73TIWP+0G+Y/nmvzbjRR/wTvmbAyfiWuTj/AKhpr6uHDWFxFLnxHNzzhGMr
P+Xl8t7xR8dPivGYaqoYbl5KdSc4XX83NvrtaT/A/bb9nu703w/8HIZZvEWh6hp1nLcNLqem6jHc
Wca7yxzMDtGM85PFWvDX7UXwh8Ya+uh6L8S/C+pau7+XHZwapCZJG/uoN3zH2Ga/KDwt8Nvin8Wv
+Ccvgrwz8NtGv9ZtZ/FmpXGswWMyRqY0VPKEhZlyu4k46ZUE9BXzv8fPBXhH4c+GvhnYaJNFF48j
02dvFsFte/aPs96Ll/KBZWZFby8cIeMDPNfVYXDQwlCGHp/DFJK/ZHx2MxM8biKmJq/FNtu213qf
0HeKvir4K8C3sdn4l8YaB4evJI/OS31XU4LaRkyRuCyMCVyCM9OK8B/bf/bAm/Z7+EVz4g8BXnh3
xD4ks9Rsbe7sbuQ3C28FzHK6O6xSKylhGCpJwQc4ORX5d/8ABQTxPd+NR8Bte1CaS51C/wDhvps1
xcTHMksm+Xc7HuSckn3q/wCKfgT8QPhj+w94o8ZeOYlij8b65od7p5lufNuZI1iu23yj+HKuhAJz
jsK6rHJY/Sb9in9tOT44fA+98b/FDUfC3g2ZNcm0m3cXH2G3lCQxSAAzytl/3h4B6AcV8Gf8FjNY
sPEPx68F6npV9banp114Wilt7yzmWWGZDcT4ZHUkMPcGvkbTfFGq+N/Cng74YWzCGzXXJbmPcwCv
c3XkQhm+ixKMn1NfVH/BWfwlZ+APir8M/DGnxpFY6N4KtNPgVBgbI5ZlHH4UAch/wUF8D3uhSfBj
xHNqIubPXvAumC3s8tm2MFvEj9eMMWB49Dmv0y/4JffDDU/ht+ynok+o6wNWXxHINctUXf8A6JDL
DEqw/MexQn5cDmvz/wD+Cln/ACTz9mP/ALEeP/0CCv1I/Yh/5NE+En/Yu2n/AKAKGDPb6KKKkkKK
KKACiiigAooooAKKKKACiiigAooooA81/aZ0m+179m/4raZplncajqV74T1a2tbO0iaWaeV7OVUj
RFBLMzEAKASSQBUvw1+GWq+FfFXifxV4j1yw1vxHr8Nna3D6RpR020SG284xbYmmmcuTcSbnaRiQ
EAwEArutW1ax0HSrzU9TvLfTtNsoXubq8u5VihgiRSzyO7EBVVQSWJAABJrA8DfFfwR8T/tv/CG+
MfD/AIt+w7PtX9hapBe/Z9+7Z5nlM23dsfGcZ2tjoaYzwT4I2WseGofA19feG9dt7nwH8Pb7R/EK
NpcySajqJlsXH2bKj7WzNZXbhot4JuF5y+K9k8D+G7jQfhPMviLSv7Z1nUrafUtb02NEmN1czgyT
WyhyFdRu8lA5A2IikgCu5sdRtNUgaayuobuFZZIGkgkDqJI3aORCR/ErqysOoZSDyDVbS/EWla5s
/s3U7PUN9rDfL9luEl3W827yZhtJyj7H2t0bY2CcGgDwv4e+FNK+LXjH4l3mpeFdWj8Ea7puh2Md
p4h0mbSXY2puTJZC3dY3e3jLRtuZSJDcTJueJVVfJNN8D+JrL4H2Ph278M64dW8SfBfQvCukhdLm
k/szVo4rlZluCF/0Uq1zaOWl2D/RjzlMV9wUUAeB2uk674T/AGmbo+HtV8QX2leJ9TOp+JNLudCM
ek2UKaRHbRTQ37QjzJzNZ2qmNZmG2V8xqULHG+J3wk8UXfxo0xfDeoA6L4j8S6X4o14T6KXNkNNW
3AEeoeaFQSi1hj+ziN3JllYMqGTP0rRQB8q/Eb4TTaJ4/wDivqPhzwxeyWep2vg3Wb9raCSZtWe2
12/udRiUnPnSfZVRPKBJCPEgUKUFRfE/4Xf8LO/Z7/aIuZ/DOo6hHrk+o614a0e5sZ4bl549EgtY
nFowVy7XME0iI6ZLMjhd2019X0UAFFV31G0i1CGwe6hS+niknitmkAlkjQoruq9SqmSMEjgF1z1F
CajaS6hNYJdQvfQRRzy2yyAyxxuXVHZeoVjHIATwSjY6GkIsUUUUAFFFFABSEBgQRkHgg0tFAHy1
8bLn9lz4YeMRY/ES+0nw5r97AL8WrXV3CXjZ2USbIW2jLI46Doap/Edf2U/gxqlhp3jHUtP0C+v7
Rb+2t7nUr9mkgYlVkwrnAJVgM+hr8xv+CkWuXnxS/a++J19YI0um+FYbaxmdjgRJEIoX/O4lYD/e
rkPGPiDUP2lf2kfC3ibxen9meH/EU0Cwxs4YwaRat5LnAx0SCX6sGPeu5YzEpWVWX3sw+q0Hq4L7
kfsP8PdE/Zz+JvinWPDXhKW11rXNGTdf2lvfXu+3G7b8zM4GcnGM5/KvSU/Zz+Hkf3fD/wCd7cH/
ANqV+T/wg/bH+N3xAutH8B+G9bj0fxN8Q/EXlW3iW5sbcNp9grBdkYWMb8MZCzNlv3YC4JJr1v8A
aG+Jv7Qn7JPgTx8t78atL8Y6beXlrp2g34mhfWrO4EokkZ4RGQimOOdGDM2Dtxgmj65if+fsvvYf
VaH8i+5H6GJ8AfAcYwuhYH/X5P8A/HKsJ8EPBMYwuiKB6faZv/i6/Mb4e/EP9qrxv+0PofwN8Q/F
ubRNR1bT7TVtUv7O1hNxp1uLUz+SjBFHmFHTcV6uR8xCnNvT/j1+1E3g/wCMvhPwN4luPHkPh7Xh
Y6T4tuIoBqFxbxyyxzLagjE7nbEflDMo37TkjE/WsQ/+XkvvY/q1H+Rfcj9NF+DXg5TkaMuf+viX
/wCLp4+EPhEdNHQf9t5f/iq/KLwH+3f4q+FC+LdYuPiN4w1jWdM0hY38AfEHTkeR9QkMcbSpcoQU
SKR/M8sohKAr1+Ybfjv4z/tA/BX4X/Bn4tXXxhvvEXif4gXYnHgue0hNkbVwHjCoAOqvEDtCkGUA
HjJn6zX/AOfj+9j+r0v5V9yP0P8AEnib4L+CfG+neENa1rR9N8UagnmW+lT3r+eyYJ3Fd3yrhWOW
wMA+lek+Ebzw/qGkCfw3eWN/ppYoJ9PuFnjLDqN6kjI9M1+FviD/AIS+/wBU/aW+KB+IuoX93oLx
eGJNXnsYfP1pLqc2piIPEC+RA7Ex8gKFyN1fp5/wT9+AfiH4TfALwDJfeMtRntLy1/thvD72kUcN
uLqFX8gkZYlXdn3E5JOMADnOdSpNWlJv5lqnCGsUkfWNFFFYlHlH7Qfwkb4l+GY7jT0X+3dO3Pb5
OPOQ/eiJ98Aj3HvXxvoWvav4G8QR31hNLpuqWchUgjDKRwyOp6jsQa/R+vNPih8BPD3xMZryRW0z
WcYF9bKMv6CRejfXg+9fnPEnDNTH1Vj8A+WsrXW17bNPo1/Vj9U4V4tpZdReW5lHmoO9na/LfdNd
Yv8ADXR3PD/H3xok+LXwb1GG604WN/p15aNNJE+Ypd5cZUHlfu9Dn61ifs7+Nbf4eDxj4gureW7h
tbG3XyYSAzF59o5PA5NXfHPwa1X4S/DnxGb+7tb22vbyyWCW33AnaZCdykcfeHc1z/wb8IX/AI80
jxroemGIXtzaWhQzttQBbkM2Tg9ga+DnUzNZpQnXT+sqEuivdKfLotH09T9Ip0splk2IhhmvqrqR
vq7crdPm1eq6+hQ+Kfxl1v4qXifbNtlpkLFoNPhYlFP95j/E3v0HYV6B+zH8HZ9c1iDxbq0Bj0qz
bfZJIMfaJR0cD+6vXPc49DXa/D79knTNHnjvPFF4NZmQ5FlCpS3z/tE8t9OB9a+gIYI7aFIoY1ii
RQqIgAVQOgAHQV9Tk3DOMxGLWZZy7yTuovVt9L9El0S/BaP43PuLcDhsE8qyKNotWckrJLry31bf
WT/F6r40/wCCuETyfsa6uyqWVNXsGYgfdHmYyfxIH41+UyeMdDH7DUnhc6rbf8JGfiAuoDS9/wC/
+zf2eU87b/c3fLn1r9+fi1pfhHWPhr4jtvHtnb3/AIP+xySanDdRNKnkoNzNtUFsjbkFfmBAI5xX
jOk/8E7v2dbTw8+nQ/DexuLO4nW8MlxcTvMW2kKBIX3hQGPy5xz0zX60j8WR+VXirxfrugf8E3Ph
zpmmald2Gm6r4v1VNQitpGRbhUSMokmOq5LHaeDjPavKvjDaeArT4O/Bn/hFJbGXxJNpl9N4mMD7
rhbk3RESzf3cRgbR6c98n9vPCX7PP7PvxM+C0vgvw74e0fXfh7Bqc0iw2k8skcd4vyyPFNu3Bucb
kbGKpp/wTt/Z4XRbDS2+GmnSW9mXaN2nn81i+NxeQSBnPyj7xOMcYp3Hc/In9tL/AJFT9nT/ALJn
pv8A6Mmr7m/4KI/8o1/hv/100P8A9I3r6s8X/sR/BLx7baDBrvgKzv4tC06PSdOVridfs9qhYpGN
sgyAWbk5PNdX8Qfgj8OPiL4G0b4feK9Es9R8O2piOn6RPcOmDBGUTZtYM2xGI6ng80XC5/PHqPgW
fRPhL4S8e2haM3ur3untKG+7LbrbyIR6cS/pX0n/AMFOvHUXxO8XfB/xbC5kXWvAVjesx673lmLj
8GyK/Ubw7+yJ+z344+FtnoeleCLG98GR6pc38Ft5lygF4v8Ao0z/ADMHz+52c8HYCOxq9rv7CHwJ
8TWGiWWqfD6zvLbRbT7BYI91cfuIPMeTYCJMkb5HPOetFwufmV/wUts5l+GH7MF0Y2+zt4LSISY4
3CO2JGfXDCv0N/4JvfF7w78T/wBlrwlp2hyXD3fhWyg0XU0nhKBLhIwSFPRlIIII9a9X8YfAP4Xf
FDwZp/gbxB4Z0rXtC8PLFBa6dKxZ7DbEFjCsG3ofL29xkYzmr/wg+BHgT4CaPfaV4C8PQeHbC9nF
zcQwSyOJJNoXcS7MegApXFc76isvw34m0rxfpCapot9FqOnySSwpcwHKM8cjRSAHvh0ZfwrUpCCi
szRvEmmeIZdTj029ivH0y7awvBEc+TOqK7Rn3CuhP1rToAKKKKACisu28TaVeeI7/QYL6KbWLC3h
u7qzQ5eCKZpFiZ/TeYZcZ5Ow1da9t0vI7Rp4lu5I2lSAuN7IpUMwXqQC6gntuHqKAJ6KzPDXiXTf
F+i22r6Rc/a9PuN3lTbGTdtYqeGAI5Ujkdq06ACik7jg/gKUj8ecfrTGFFBGD1FB4GTwM4osFjzX
9pnSb7Xv2b/itpmmWdxqOpXvhPVra1s7SJpZp5Xs5VSNEUEszMQAoBJJAFHwR8Sw61pWp2i+IPG/
iae2mWV77xv4Xk0SZVdcLHEDYWaSqDGxJVGZS/zNgoK9B1TU7PRNNu9Q1C7gsNPtIXuLm7uZBHFD
GgLO7u2AqqASSTgAHNZ974z8P6a+pJea7ptq2mWaahfLPeRobS1bftnlyfkjPlSYdsKfLfn5TgA8
T+G95rvh3V/D0sWvzzaPr3jvxPpc2iyW0HkRKtzq1yJUkCebv8y15y5Xa5G0EZrz7VNR1Xxv4Vsf
EOo+ILvTL2Xwx8O9Z1TVLWK2Xj+1LuSedxJE0aLHlp+FABiGcpuRvsaigD57n+J2pweOrOws/HB1
GVdQ0m00zRjBayf8JBps8VubjU98cYY7fMuH3wlYl+z4K/OKv+FPFfix/EnhnUb3xNPf6frXjHXv
Dz6RJZ2yQQ29s2ptAyOkYk3qLGNSS5BVjkbvmPutFAHwTeaR4k8Q51u00rU5/HMhAkurXQ1vGt7p
9Jdg7X3kvLC8eqmOLyVkRIoowTGE3NXuHj74n6tovxCuNNPjZtFvbXxDoOm2Hh0W9qTqtlcz2a3N
yxkiaQg+dcR5iZFQw88kV7SfAfhk+KF8S/8ACO6T/wAJGilV1j7DF9sAKlSBNt342kjr0OKua7oF
h4lso7TUoPtNvHdW96qb2XE0EyTwtlSD8skaNjocYIIJFFwueN6D8Zbm/wDFXhXwzLr0EniGTxpr
Wn6ppgSMTpp8UeqSWgdAuUUpDZsr8Fwuctl8+eL+0F4ov08dahpmvobQ+C9c1+xsZrm0urvR7q18
jyo5Yo7WPyWXzzmKZ52yo3EYO/6t1bVrHQdKvNT1O8t9O02yhe5ury7lWKGCJFLPI7sQFVVBJYkA
AEmnX+pWmlQLNe3UNnC0scCyTyBFMkjrHGgJP3md1VR1LMAOSKAPDfiVdeI/CHxW8L3FlcXuv3t1
outGS4+zQsNLt2utHEkkUKBWlSMKzKhMkhLYJYDAzfjdqmpazLqumx+K7uz0HR4vB2tf2hapaNhX
1i4FxdO7wsu1Y7eKfIAQG3BxsMiv9C2OoWupwtNZ3MN3EsskLSQSB1EkbskiEj+JXVlI6gqQeRVi
gDzLxb8RItK8ETw6Dr/9r6naWWlXU+rmJJtthd3HknUcxosL4jiuZsINv7rO0KQDw2vfExbO10iK
H4u+V4Zma/LeNBZ2cm+4iS2MFnvEX2eTf5s7ZjRS3leWpDgk/Q1FAHzX4q8feP7jw54l1xdfufC9
74f+Hem+KJNHhsbaSN7+RdQeaKUyxs4T/RUQqrKRjIIOc9/oviq+8A+JvHVn4s8UXGs6JoWg2PiC
TULy0iSS3SRr4TqFt413Iq2YZRtZ/mYZbivVaKAPnj4pfGPWdG+L2naRo+rx6dFZ6vpGmXuk3t5b
Kb+K7uIEeeG2Nq88iqtzt8wTxIHjIwxUq2loPxlub/xV4V8My69BJ4hk8aa1p+qaYEjE6afFHqkl
oHQLlFKQ2bK/BcLnLZfPutFAHx9q/wDwTz+DnjLXvi3DL4n1u51rx3eC/wBYhh1G2aexP2z7VthX
yiUQvtX5w3yqBnPNU/E//BO74IX/AIxsnufE+raXqFv4eTwzY6Ump2q+Tbm2NsHRHiLmVg7tuJOX
djjmvdfBHgXUtH8czXV54Y02FIr7UrxdeW6zNKtzMZFjVFAJwGAO/pt+XrVHVPAHiBfjxN4mh097
rRrhLOMvHPbgL5YYMXWRGfjII8sqeOvSvfWBwrqyh7bRQuneOrva17vda2evRrqfOvMMWqMJ+xd3
PlatLSNr3asno9LrTqn0PFfF/wDwTm+Clj8PPBHhaXxTrHhPUvDMs8mk+JI9VgttSYSTNK6sxQKw
DvwVUFeMHk5NQ/4JkfArSvBGjWGo6lq1tBbammqX+tXeoQC41if+FbmV4yCnzPhE2/fY8k5r2n46
fCzX/iBrdjdaM0MS2+kX9t5kqxODLIE2JhwcBtpG8cr1yK6bxL4Gk1X4IXHhe206MXg0X7JbWlzI
JPKlEO1BvPGVP8X41CwmE9lh5utrN2ktPdV7X+7X/LS+jxuM9riIKjpBXi9fedr2+/T/AD1t458f
/wBiv4ZftD+JrP4kp4q1Xwbrtrbm3l8R+FdTjgE8CgptkchlG1cruUjg4OQAByfjD/gmN8BE+Gvh
/SoLi/8AB11o9x9ph8XW2oRx388rbSWlldSrZKKVAC7cfJtyc/Rvi3wNd3vwQv8AwvplnBFqEuli
2S3QrHH5pUbuenXJzVf4ueANT8b+BtD0ewCJcQajZTTu2w+VGh+dgHBViBztIIPoazpYbDVKkFKr
yxc2ne2kVa0vnd/caVcXi6dObjS5pKCatfWTvePysvvPDPBX/BPH4MaX4a8Zal4l1jU/iTc+K7Xy
NQ8U+JdTSedI1dW3RTKAEYPGh3kk5jAzjIMPwu/4J1/CX4IeKNK8X654o1vxW2jBY9CHi7UYns9M
IO5DCm1V3DGVByoIyFyAR9D+OfA95ffBzVvC+mmO7v5dPa2iYxx26yuf4iqBUXJyeABmsv42eBtZ
8YeBdE0/SIBPe2WpWl3IgljRgkYO7aZAVzzxuBHqCKKGFw1apCMqtlKTT8oq1nrbe7+4MRi8VRpz
lGlzSjBNW6yd7xVr7WWz6nh+lf8ABOz4MW/wL8UeEG8Q63qHhzxBqceu3Ouy6nAZkmiDKrJKsQj2
jdJkMrcu3tj6M+DHg3RPh38MtB8MeHdZufEGkaVB9mh1C9vFu55RuJJeRcAnLdgABgAYFZniTwpq
2v8AwM1Dw/DY/Z9YuNOa3W1mli+/0+ZowqZPXgAc0fCPwbqfh2/8S6lf6Za6DFqs0DQ6VaSiRYvL
i2NIxUBdznkhfQd6UsLQWHqVfaLmjJpK6d1dfPW7d0re75oI4zEPEUqXsnyyim3Zqzs/KytZKzd/
e8mekUUUV457IUV84H/goj+z+pIbxzcDH/Uvan/8jUo/4KIfs/t08c3B/wC5e1P/AORq29jU/lZj
7an/ADI9S+NHw8u/id4LOi2d3DZTfaY5/NnUlcLnI4+tcn8CvgXqXwn1vVL6+1O0vku7dYVW3RgV
IbOTmucH/BQr4BHp43uT/wBy9qf/AMjVIn/BQH4EP08Y3h+nh3VD/wC21eNUyGjWx0cwnTftY7PX
z6fM96lxHiKGXzyyFReym7tWXl136I+h6K+fV/b2+Brfd8XXx/7lvVP/AJGqUft3fBJunirUT/3L
Wqf/ACNXt/V638j+5nz31mh/OvvR137SHg7XfH/wnvfD/hxbwapf3+nxefY6g1lJbQfbYTcTeYro
cRwiV9gJL7du1s4r5h8a+AvHXgDwt4n8c+KrjxJbG+8O+K5NStZPFNxPDJe3l+o0XS7aBLkiMqkh
VWhA+Zgu7JxXui/tyfBhuniXUz/3LOqf/I1OH7cHwbbp4j1Q/wDcs6p/8jU/q9b+R/cxfXMP/wA/
F96PGrb9m/4l+Etb8LeEvDcOv2vhzQrbRY9D16DxbJHYaOsUnm6n9otPOEl3LKfMREZHiCOiDylU
irafs4fEHUPDfha81SXxhLruralquu+LLSHxnPCI08m9ey0uIx3SpHE0tzEreRhT5ZLMPlI9dT9t
r4PyHC6/qzH28L6r/wDI1P8A+G0/hH/0G9Z/8JbVf/kan9Wr/wAj+4n69hv+fi+9Hz/pnwB+NXg3
TLe2J8Y+J9GuLLQIfEenQ+NmW/1WeOzuzfvb3E1z/o6m5ks43CPFuigYLuzk9B4G+APjO38ZfCrU
/F3hTxJqiaF4Y1SB3h8ZOTp9/NdtcJHLJ9qEky7EjhRh5gIdTJjylK+y/wDDZfwo/wCgtrv/AISe
rf8AyLUUv7anwjg/1mta1H/veFdWH/ttTWGrvam/uZX1zD/8/F96PBfD/wADPjpaDwXpWonxFLd6
dp+hyWviCDxaY7PSJkcTaqlzbCfffTOxkhQuJI2QoCyAMT6h+zZ8I/iB4M8c6Vr/AIrm15HvvCbP
rkWo+JJNStjq8975vkpE8zqn2aJPLDxqqMJT8znJHTj9tn4QsMjXNYx/2K2q/wDyNUR/bk+DKnB8
R6sP+5X1X/5Gp/VMT/z7f3MSxmHe1RfejxXxT8BPijbeH/jDc+FNF1/RvFHiXxsb2e9s/EwLapoz
SkAWatdosEgjjh3bzA+0tGr7VTHU+CPg98Q/B/jPwna+ILLxp440DRdFtptKuv8AhMBBFZaiGmnu
EvoxcI90dxhhj3edGI1Ctj5mPoI/bk+DJ6eI9V/8JfVf/karNv8AtpfCS7IEGta1Nnps8K6sf/ba
j6pif+fb+5jeMw63qL70fPvw2/ZY+KHhxvB/h+eTxNpvhy9tdDk8Vy23i2WIfagL+61MwiO53RL5
psrbEAUP5juPu7wk3wO+PV94f8O6DKviaJk0pV0nU4/GXlJ4avpNRuJZJb8LOZL8xWz20cS/vkIi
ZWwXL19HJ+158MJDhdQ8QE+3hHV//kWpH/a1+Gka7mvfEIH/AGKOr/8AyLS+rV/5H9zH9cw//Pxf
ej5/8U/Bf4wzaDDaQ+H9au01W88S6nd2eh+K00f7Nqt1qDNp91czRTK8ltFb7SqRlmyBviJAC8xp
d3LL+0R4z0fxd8V9TvLfQfDd9/aGv2erXMdrbH7Hb2TQXdqsojtmjmlnnicRlpmfcGHl/N9QP+2F
8LY03NqWvqvqfCOr/wDyLUf/AA2V8Kf+grr3/hJav/8AItL6vX/kf3MPrmHX/LxfejA/ZXg+IN38
HL3x140N3qfjDW9PhWy0hLh4kS3toPLg8sTqvlvcv5lwzOoP+kIH/wBXgeHaf8FPjjbeDdPsL/QP
F2r2FzcanJcaePHz2moyXRitlsLy+uBeuqxqwumeK0k2lzG/ldI0+j/+GzPhP/0F9d/8JPVv/kWk
b9s74TL11jWx9fCmrf8AyNR9Wr/yP7mL65h1/wAvF96PIU+Fnxo8GavBrR0y+8ZarD4j0MalPp2q
21rLrOn2Oh+UZS0sqDa+oySu8b4IXlVfOarfDz4C+P7Xx3pXijxp4X13VdZh8AvDHdW3ispHbatP
Pe3F3aSBLpS2TPbxRsoaMeWG3qUQj2Zf20fhK7bV1nWmb0HhXVf/AJGq7Z/tafDfUIjJa3XiO4RT
gtH4O1hgPytKHh60d4P7mVDFUKjtGafzR896P8E/jnpWqeFbK5HiLULnQ7bQHsfESeLfKs7eO3hi
k1WCe0E2bq4uZxcRBpUePy5Y/nXYc1ZPgN8Z9A8EywwR+NdW1fVfCukxax9n8ZGRpdWa4kmu1Xz7
1dkMSRxW7eTLCXjuH2OxBI+lx+1H4Ab7reKT/wByXrX/AMiUN+1H4AT7zeKB/wByXrP/AMiVlyT7
HRzI7P4V6LfeG/hx4X0zVUaPVLXTLeK8je+lvSk4jXzFE8rNJIA+4BmJJGK6vOeg/WvCL39tj4Q6
ZctBd67rFtOp2mOXwtqysD9Da1UuP29fghaD994q1CL/AH/DWqD/ANtq1+r1rX5H9xz/AFqhe3tF
f1R9B55pcZ7V84t/wUK+Aife8Z3Y/wC5d1T/AORqhb/gon+z+nXxzcL/ANy9qf8A8jVPsKv8j+40
Vek9pL7z6E1zSrXXtIvdMvoxPZXsEltPGejxupVh+IJr4H8I/CP4kX+peGL/AFvQNT+0+JNSi8Ge
IWlt2Hl6XpjWTJdSf3Ypzp2o7XPB/tJME5TPuJ/4KL/s+H/mep//AAn9T/8AkamN/wAFGv2eE6+P
pR/3AdS/+RqXsai+yx+1h3N39pvRfHWt3PhnTvBWoa1ph19Lrw3eX+kvIF0xLh7eVtQbaQEeKG1u
VjkOCHnVQwMnPjMFr8b/ABr4dRribxb4d1zxPqtz4WvGiNxHHo0ZtdNjn1GJeAiKdO1B4JgAC94N
rAzc+iH/AIKS/s4r1+IjD/uB6l/8j04f8FI/2cW6fEQ/+CTUf/kep5J9i7nnMFr8b/Gvh1GuJvFv
h3XPE+q3Pha8aI3EcejRm102OfUYl4CIp07UHgmAAL3g2sDNz7L+zh4o8bT6FeXXj3SNfi1vWfER
sPInt5PJsBb6ZFHJKofGy1lns52R1G13uUI/1hNYB/4KR/s5D/mojf8Agj1L/wCR6B/wUi/Zzbp8
Q2/8Eepf/I9Hs59gueYXniPxxp9/8PIvP8fHxemjHV/GGm51FluJ7XX/AA8199jhP7uWMQPqCKls
CGil2YPmYOz458X+N/Gc/i23s9L8c6T4d1jxVJNpmry6VryXFnDDo+lpFFFaWc1rOkU9w9426SSO
BXjkMg3nA69/+Cgf7Ndxqtvqb+MUk1K2hltobxvDmomaKKRo2kjV/s2QrtFEWUHBMaE52jF3/h4r
+z3/AND1P/4T+p//ACNT9lU/lZHtYdzgtf8AC3xE8b/Bfxw3iWDxZd643wP01I9MV7lIbrXZrLWI
72M26EJNcZa3DR7WIJhO3IjI9I8UWXjS/wDCi/bl8QR+M9N8ceH7ieXQ7q8jsbiyfUrVZTCqFVe1
WzlnSaNwQDG7yA7UkNYf8FEP2fm+744uT/3L2p//ACNUq/8ABQf4CP08aXZ+nh3VP/kaq9hW/kf3
Mn21L+ZfeS/s6+G7f4N6F4u0xtK8Z3OqjxXdrNFfXGpahC1teaxctZ3Fu9zI0LKILlJbiSFi/wAr
tPmQc1L9/GL2vjf7MPFw+KIm10aIFF0ND8ry7j+zM7v9D2+X9lz/AMtfO3Z431ft/wBvX4HXf+p8
V6hKf9jw1qp/9tav2P7a3wh1O4W3tNc1m5nY7RHF4W1VmJ+n2Wn9XrfyP7iHiqC3mvvR5Zofh/xN
4q8XaBpGjXfxTsvhre6zZx3s+uXeqWmppKNJ1h7zM0xFxHbGZdKAIKxecSIjgiuy/Zx1Txv4V0aw
/wCEstPF2rC/8KeE7+6GpxTzzxazey3MGoj97gxrDstZJYVwIV3NsG7nul/aj+H7dG8Un6eDNZ/+
RKG/ak+H6EBm8Uj/ALkzWf8A5ErP2c+xvzI+cvjHcfGHxT8QfFUvhK28W6JeSw+INI/s6yh1hLfy
k0i+XTrxLuS5Firy3Mdo6C1gEiM6h5Q25X+hfhb421Hx98ZPGmpRad4p03wovh7RIrGPxBpV3p0T
XYuNUa6MUNwiHeFa1V2CgkLH1XYS28/a1+G2nxCS6ufEluhOA0ng/WAD/wCSlUn/AG0fhJG2H1nW
1PofCurD/wBta0WHrS2g/uMJ4mhTdpTS+aPb6K8SH7Z/wlPTWNcP/cq6t/8AItL/AMNmfCc9NW13
/wAJPVv/AJFo+rV/5H9xH1zD/wDPxfej0CT4WeGZJHdrCUs5LE/bJxkn/gdN/wCFU+GP+gfL/wCB
s/8A8XXA/wDDZXwp/wCgrr3/AISWr/8AyLUifthfC2QZXUfEDD28I6v/APItdvtMx/mn98ji9nlj
+zD7oieKm8F+E9dmsrjR5Jra2RHuZItSuGnQMrtlYQSWUBQScjrwCabrk/gnTNPaWDQdQmuCxVEu
Li5hT5W2yszbjhYzndwT6A1C37S/wlvEvSZNfkW9dZLjPhLWP3jKFCk/6L2CLx7VnT/tBfBRrmeW
4/t6V5fM3iXwprTr8+7eAptiAG3sSAACTnqBXsU8TK0eeNW6396Wui89Nb7dPM8WphY3lySpWe3u
x019NdLb9fI6MN8OQjM9nepsikmkXzrhiiKobJAc5yCDxnGecUqQeAnvHhGm3jBLdLlwlzcM8aEs
GdwHwFUBSWyfvDFcZd/tI/Aa3ihjur/xAqwZMfm6BrmVPPzAmDORk4PUdsVRh/aa/Z0tyxjv9UjZ
zmRl8PayDLkgkOfs+XBIBIbIJ5Iq/aSt/wAvvvf+f9fnPsl/05+5f5f1+XoEg+HkVpJdNp+oCBAJ
N7TXA3RHf+9XMnK/u39+OAcjPR6L8PvC+s2Rul0uaJPOljTN9OdypIyBvv8AfbnHvXj1z+07+zre
upk1DVWZYkgG3w5rK/u1ACocW4yvA4PB710Vh+2V8F9Kso7a11jWIbaMYRB4X1Y45z3tveuavUxD
gvYe15r9W9vvOqhSw6m/rHsuW3RLf5r9T03/AIVT4Y/6B8v/AIGz/wDxdbOg+GNN8MxzR6dA0Cyk
M4aV5MkdPvE15JD+2r8IrgZj1rWnH+z4V1Y/+2tSf8Nl/Cj/AKC2u/8AhJ6t/wDIteVU+vVI8tTn
a7O7PVpvLqUuanyJ91ZHtlFeJf8ADZvwl/6DOtf+Etqv/wAi0VzfVa/8j+5nT9dw3/Pxfej8BptQ
vfOf/Trnr/z1NRnVL5el/dD/ALamiivfTZ7Psaf8q+4kbVdRQYGpXg/7bGmr4m1gHjVb5fpcv/jR
RXRTbMfYUv5V9yJ08Wa7H93W9RX6XT/41YHjDxCm3b4g1Qf9vj/40UV3QbG8PR/kX3Il/wCE18SI
OPEWrD/t9k/xqX/hOPEyHaviXWAP+v6T/GiiuqByPD0f5F9yJ7fx34pVxt8U60v0v5P8avQ/EDxb
wP8AhLdc/wDBhJ/jRRXTE4auHo/yL7kaC/EHxh/0OPiD/wAGUv8AjUr+N/FMschk8V65JtHG/UJD
/WiiqR586FL+RfchE8b+KM/8jTrX/gfJ/jUWpeLvEWI2PiTWCWGDm+k/xoorfoc8aNL2i91fcUh4
x8SY/wCRl1j/AMDpP8a29C8c+KYoiU8U62m1+Nt/IP60UUol4ijS9m/dX3I6i0+I/jExhx4w19W9
tSm/+Kqtd/E/xtOxRvGviLavQDVJv/iqKKmWx8xShHn2Ma/+JXjU27g+NfETDPfU5f8A4qsVviP4
yx/yOXiDp/0Epf8A4qiis0fW0KFK3wL7kV2+I/jLH/I4a/8A+DKX/wCKqufiN4wf73i7XT/3EZf/
AIqiipO9Yej/ACL7kMT4jeL0k3L4s1xTjtqEo/8AZq3Y/ix4/sIBFbeP/FNvEp4ji1idB+jUUVjU
+E2o0KKatBfciNfjR8R1+78RfFq/TW7n/wCLqnL8bviQTg/ETxW311q4/wDi6KK4GlYuCVjFuviB
4quHMk3ijWZpHb5nkvpCT+tZ9x4r12ZcS63qU3+/dOf60UVc2+Q7aOGo83wL7kQjVdRfrqV4f+2x
po1S/dfmv7k/9tTRRXmyb7m/sKX8i+5CDULsj/j7n/7+GmNeXBPzXErfVzRRXHJs4VFdhpd8ffb8
6fFI3940UVhdnSwkd16O350wSSL0kf8AOiii7JsKL25A+W4lX6Oak/tC8UDF3Px/00NFFbxbMOVd
hRqd8BxfXK/SU04arqI6aleL9JjRRXTBvudsaNL+VfcTWvivXYR+61zUof8AcunH9a0LP4geKreQ
PD4o1mGRG+V476QEfrRRXp0W7GVbDUP5F9yNmP43fEgHA+InixfprVz/APF1cb41fEgkE/EXxa2P
XW7n/wCLooqIpGMoR5I6El18V/H1zA8Vx4+8U3EX/POXWJ2H/oVYsnxF8XuwZvFmuMcd9Ql/+Koo
r0aWxz1qFFz1gvuQ5fiN4wT7vi7XR9NRl/8AiqnT4leM8D/isdf/APBlL/8AFUUVsjmeHo/yL7kT
p8SPGeMf8Jl4g/8ABlL/APFVtaZ8SfGgtUx408RLz21OX/4qiiqitThrUKXJ8C+5G1ZfE/xvDJsX
xr4i2t1H9qTf/FVaufiP4xEe7/hMNfJ99Sm/+KoorSOx8jVjHnWhy2seOvFM8R8zxTrT7nXOb+T/
ABrD/wCEy8Sbf+Rk1f8A8DZP8aKKa3PpcNQpez+Fb9kXNM8W+Iv3jjxJrAZemL6T/GppfG/ihRx4
p1of9v8AJ/jRRVPYU6NL2r91fcJD438UxRr5fivXI8j+DUJB/Wkf4heMEHHjHxAP+4lL/jRRWLRv
ChS/kX3I0P8AhO/Fv/Q3a/8A+DGX/GiiioOn6vR/kX3I/9k=

------_=_NextPart_001_01C9703C.0F2ADC24--

--===============1373078374==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============1373078374==--


From opsec-bounces@ietf.org  Fri Jan  9 09:33:16 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 0FC9D28C19A;
	Fri,  9 Jan 2009 09:33:16 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id A45933A6A70
	for <opsec@core3.amsl.com>; Fri,  9 Jan 2009 08:08:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.368
X-Spam-Level: *
X-Spam-Status: No, score=1.368 tagged_above=-999 required=5 tests=[AWL=1.016, 
	BAYES_50=0.001, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id st49DnoWd17r for <opsec@core3.amsl.com>;
	Fri,  9 Jan 2009 08:08:19 -0800 (PST)
Received: from smtp02.msg.oleane.net (smtp02.msg.oleane.net [62.161.4.2])
	by core3.amsl.com (Postfix) with ESMTP id D686C3A6358
	for <opsec@ietf.org>; Fri,  9 Jan 2009 08:08:18 -0800 (PST)
Received: from oppida.cesti.fr (173-118.252-81.static-ip.oleane.fr
	[81.252.118.173]) 
	by smtp02.msg.oleane.net (MTA) with ESMTP id n09G82pL022070
	for <opsec@ietf.org>; Fri, 9 Jan 2009 17:08:02 +0100
X-DKIM: Sendmail DKIM Filter v2.7.2 smtp02.msg.oleane.net n09G82pL022070
Authentication-Results: smtp02.msg.oleane.net; dkim=none (no signature)
	header.i=unknown; dkim-adsp=none
X-Oleane-Rep: REPA
Received: (from uucp@localhost) by oppida.cesti.fr id n09GKMn0019573
	for <opsec@ietf.org>; Fri, 9 Jan 2009 17:20:22 +0100
Received: from UNKNOWN(192.168.3.250), claiming to be "PATATUM3.oppida.fr"
	via SMTP by oppida, id smtpdxxoYoc; Fri, 09 Jan 2009 16:20:16 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 9 Jan 2009 17:07:47 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Message-ID: <72F9DD55D83BC743801AA2BCEE815AFA0330B6@PATATUM3.oppida.fr>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Voicing my support for making draft-gont-opsec-ip-security-01 a
	WG document
Thread-Index: AclydGmf5dBv2rD4SimZhizqbRVXUQ==
From: "Bruno ROHEE" <bruno.rohee@oppida.fr>
To: <opsec@ietf.org>
X-PMX-Spam: Probability=8%
X-PFSI-Info: PMX 5.5.0.356843, Antispam-Engine: 2.6.1.350677,
	Antispam-Data: 2009.1.9.155221 (no antivirus check)
Subject: [OPSEC] Voicing my support for making
	draft-gont-opsec-ip-security-01 a WG document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0897205025=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

This is a multi-part message in MIME format.

--===============0897205025==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C97274.69A6FBF6"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C97274.69A6FBF6
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I think an up to date, vendor neutral document summarizing current
issues and best practices with IP could be invaluable for both users and
implementers. Fernando's draft is a very good start toward that goal and
should IMHO become a WG item.

=20

Bruno, a not completely neutral party as he submitted potential
improvements


------_=_NextPart_001_01C97274.69A6FBF6
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DFR link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><span lang=3DEN-US>I think an up to date, vendor =
neutral
document summarizing current issues and best practices with IP could be
invaluable for both users and implementers. Fernando&#8217;s draft is a =
very
good start toward that goal and should IMHO become a WG =
item.<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Bruno, a not completely neutral =
party as he
submitted potential improvements<o:p></o:p></span></p>

</div>

</body>

</html>

------_=_NextPart_001_01C97274.69A6FBF6--

--===============0897205025==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============0897205025==--


From opsec-bounces@ietf.org  Fri Jan  9 10:38:37 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 092293A6883;
	Fri,  9 Jan 2009 10:38:37 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 541AB3A67FC
	for <opsec@core3.amsl.com>; Fri,  9 Jan 2009 10:38:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.466
X-Spam-Level: 
X-Spam-Status: No, score=-2.466 tagged_above=-999 required=5 tests=[AWL=0.133, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id qZeAbudR8vUV for <opsec@core3.amsl.com>;
	Fri,  9 Jan 2009 10:38:34 -0800 (PST)
Received: from suomp64i.qwest.com (suomp64i.qwest.com [155.70.16.237])
	by core3.amsl.com (Postfix) with ESMTP id 67F603A6883
	for <opsec@ietf.org>; Fri,  9 Jan 2009 10:38:34 -0800 (PST)
Received: from suomp61i.qintra.com (suomp61i.qintra.com [151.117.69.28])
	by suomp64i.qwest.com (8.14.0/8.14.0) with ESMTP id n09IcKnF012466;
	Fri, 9 Jan 2009 12:38:20 -0600 (CST)
Received: from ITDENE2KSM01.AD.QINTRA.COM (localhost [127.0.0.1])
	by suomp61i.qintra.com (8.14.0/8.14.0) with ESMTP id n09IcEYS021974;
	Fri, 9 Jan 2009 12:38:14 -0600 (CST)
Received: from qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) by
	ITDENE2KSM01.AD.QINTRA.COM with Microsoft SMTPSVC(6.0.3790.1830); 
	Fri, 9 Jan 2009 11:38:14 -0700
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by
	qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) with mapi; Fri, 9 Jan 2009
	11:38:14 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: Bruno ROHEE <bruno.rohee@oppida.fr>, "opsec@ietf.org" <opsec@ietf.org>
Content-Class: urn:content-classes:message
Date: Fri, 9 Jan 2009 11:38:08 -0700
Thread-Topic: [OPSEC] Voicing my support for
	makingdraft-gont-opsec-ip-security-01 a WG document
Thread-Index: AclydGmf5dBv2rD4SimZhizqbRVXUQAFL3WFAAAQ434=
Message-ID: <FD6E9372-5ABA-45BF-BD4A-6FD1443A8C2E@mimectl>
References: <72F9DD55D83BC743801AA2BCEE815AFA0330B6@PATATUM3.oppida.fr>
In-Reply-To: <72F9DD55D83BC743801AA2BCEE815AFA0330B6@PATATUM3.oppida.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
x-mimectl: Produced By Microsoft Exchange V8.1.240.3
MIME-Version: 1.0
X-OriginalArrivalTime: 09 Jan 2009 18:38:14.0481 (UTC)
	FILETIME=[6E629410:01C97289]
Subject: Re: [OPSEC] Voicing my support for
 makingdraft-gont-opsec-ip-security-01 a WG document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

I too feel draft-gont-opsec-ip-security is a good start and should be inclu=
ded as a WG item.
If it is adopted I will provide comments on this work.

Donald.Smith@qwest.com<mailto:Donald.Smith@qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: opsec-bounces@ietf.org [opsec-bounces@ietf.org] On Behalf Of Bruno RO=
HEE [bruno.rohee@oppida.fr]
Sent: Friday, January 09, 2009 9:07 AM
To: opsec@ietf.org
Subject: [OPSEC] Voicing my support for makingdraft-gont-opsec-ip-security-=
01 a WG document

I think an up to date, vendor neutral document summarizing current issues a=
nd best practices with IP could be invaluable for both users and implemente=
rs. Fernando=92s draft is a very good start toward that goal and should IMH=
O become a WG item.

Bruno, a not completely neutral party as he submitted potential improvements
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Fri Jan  9 11:56:18 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 6B4FC3A687F;
	Fri,  9 Jan 2009 11:56:18 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 31FCC3A6848
	for <opsec@core3.amsl.com>; Fri,  9 Jan 2009 11:56:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.8
X-Spam-Level: *
X-Spam-Status: No, score=1.8 tagged_above=-999 required=5 tests=[AWL=-0.900,
	BAYES_50=0.001, EXTRA_MPART_TYPE=1, HELO_EQ_AU=0.377,
	HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id KLvNj7G+kCHJ for <opsec@core3.amsl.com>;
	Fri,  9 Jan 2009 11:56:12 -0800 (PST)
Received: from office.quarkgroup.com.au (office.quarkgroup.com.au
	[203.206.170.99])
	by core3.amsl.com (Postfix) with ESMTP id 8DB433A687F
	for <opsec@ietf.org>; Fri,  9 Jan 2009 11:56:10 -0800 (PST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Sat, 10 Jan 2009 05:55:55 +1000
Message-ID: <69D384433B57A14D837F7EC9760895F7360F9B@sbs.QuarkGroup.local>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: Operational Security Capabilities for IP Network Infrastructure
Thread-Index: AclwPA7RlhXc7aSqQ+GpD21q4B0e0g==
From: "Quark IT - Hilton Travis" <Hilton@QuarkIT.com.au>
To: <opsec@ietf.org>
Subject: [OPSEC] Operational Security Capabilities for IP Network
	Infrastructure
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0531422011=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

This is a multi-part message in MIME format.

--===============0531422011==
Content-class: urn:content-classes:message
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----_=_NextPart_001_01C97294.48C4CE1C"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C97294.48C4CE1C
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_002_01C97294.48C4CE1C"


------_=_NextPart_002_01C97294.48C4CE1C
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

G'day,

=20

I'd like to add my $0.02 to the "yes, this should be accepted as a
Working Group item" side.  *This item* here refers to "Security
Assessment of the Internet Protocol"
(draft-gont-opsec-ip-security-01.txt) internet-draft, by the way, in
case that wasn't clear in my original post.

=20

Many of the current TCP/IP specifications were designed over two decades
ago (or based on those designs) and since then, there has been a great
number of vulnerabilities found in those specifications and/or the code
designed to comply with those specifications.  Two major issues right
now are that were someone to design a new product based on the current
RFCs, this product would be both insecure and incompatible with a number
of current products that were keeping up to date with the lists of
amendments to these protocols that haven't been accepted and published
as RFCs.  Basically, the RFCs are starting to lag behind the times and
become, well, whilst not irrelevant, at least not as complete as they
once were.

=20

Bringing the RFCs up to date with current accepted security standards is
something that will greatly increase the benefit of these RFCs to both
current and future designers of protocols and products based around
these protocols and also provide a single port of call for people
needing to confirm that their protocol implementations are based on
latest accepted practice.

=20

http://hiltont.blogspot.com/

Regards,

 <http://www.quarkit.com.au/> Hilton Travis, Manager, Quark IT
http://www.QuarkIT.com.au/

War doesn't determine who is right. War determines who is left.

This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which=20
must not be disclosed or distributed.

Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark IT


------_=_NextPart_002_01C97294.48C4CE1C
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
 xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/parttopart" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsig-setup" =
xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsig" =
xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/2006/digital-sig=
nature" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
 =
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" =
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/=
" =
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortalServer/Pub=
lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns:st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">


<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0cm;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
span.EmailStyle19
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"3074" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-AU link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>G&#8217;day,<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>I&#8217;d like to add my $0.02 to the &#8220;yes, =
this
should be accepted as a Working Group item&#8221; side.&nbsp; *<b>This =
item</b>*
here refers to &quot;Security Assessment of the Internet Protocol&quot;
(draft-gont-opsec-ip-security-01.txt) internet-draft, by the way, in =
case that
wasn&#8217;t clear in my original post.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Many of the current TCP/IP specifications were =
designed over
two decades ago (or based on those designs) and since then, there has =
been a
great number of vulnerabilities found in those specifications and/or the =
code
designed to comply with those specifications.&nbsp; Two major issues =
right now
are that were someone to design a new product based on the current RFCs, =
this
product would be both insecure and incompatible with a number of current
products that were keeping up to date with the lists of amendments to =
these
protocols that haven&#8217;t been accepted and published as RFCs.&nbsp;
Basically, the RFCs are starting to lag behind the times and become, =
well,
whilst not irrelevant, at least not as complete as they once =
were.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Bringing the RFCs up to date with current accepted =
security
standards is something that will greatly increase the benefit of these =
RFCs to
both current and future designers of protocols and products based around =
these
protocols and also provide a single port of call for people needing to =
confirm
that their protocol implementations are based on latest accepted =
practice.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'><a
href=3D"http://hiltont.blogspot.com/">http://hiltont.blogspot.com/</a><o:=
p></o:p></span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New =
Roman","serif"'>Regards,<o:p></o:p></span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a
href=3D"http://www.quarkit.com.au/"><span =
style=3D'font-size:12.0pt;font-family:
"Times New Roman","serif";color:windowtext;text-decoration:none'><img =
border=3D0
width=3D465 height=3D164 id=3D"Picture_x0020_1"
src=3D"cid:image001.jpg@01C9708E.265E7000"
alt=3D"Hilton Travis, Manager, Quark IT =
http://www.QuarkIT.com.au/"></span></a><span
style=3D'font-size:12.0pt;font-family:"Times New =
Roman","serif"'><o:p></o:p></span></p>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'>War =
doesn't
determine who is right. War determines who is =
left.<o:p></o:p></span></p>

</div>

<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style=3D'font-size:12.0pt;font-family:"Times New Roman","serif"'>This =
document
and any attachments are for the intended recipient only.<br>
It may contain confidential, privileged or copyright material which <br>
must not be disclosed or distributed.<br>
<br>
Quark Group Pty Ltd T/A Quark Automation, Quark AudioVisual, Quark =
IT</span><o:p></o:p></p>

</div>

 <BR><BR>__________ Information from ESET NOD32 Antivirus, version of =
virus signature database 3755 (20090109) __________<BR><BR>The message =
was checked by ESET NOD32 Antivirus.<BR><BR><A =
HREF=3D"http://www.eset.com">http://www.eset.com</A><BR> </body>

</html>

------_=_NextPart_002_01C97294.48C4CE1C--

------_=_NextPart_001_01C97294.48C4CE1C
Content-Type: image/jpeg;
	name="image001.jpg"
Content-Transfer-Encoding: base64
Content-ID: <image001.jpg@01C9708E.265E7000>
Content-Description: image001.jpg
Content-Location: image001.jpg

/9j/4AAQSkZJRgABAQEAyADIAAD/4QGGRXhpZgAASUkqAAgAAAAFABoBBQABAAAASgAAABsBBQAB
AAAAUgAAACgBAwABAAAAAgAREDEBAgAQAAAAWgAAAGmHBAABAAAAagAAAAAAAADIAAAAAQAAAMgA
AAABAAAAUGFpbnQuTkVUIHYzLjM1AAEAhpICAAEBAAB8AAAAAAAAACMA/ggwDgQJmA4ECQAPBAkI
EQQJcBEECdgRBAlAEgQJqBIECRATBAl4EwQJ4BMECUgUBAmwFAQJGBUECYAVBAnoFQQJUBYECbgW
BAkgFwQJiBcECfAXBAlYGAQJwBgECSgZBAmQGQQJ+BkECWAaBAnIGgQJMBsECZgbBAkAHAQJaBwE
CdAcBAk4HQQJoB0ECQgeBAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAP/bAEMAAwICAwICAwMDAwQDAwQFCAUFBAQFCgcHBggMCgwMCwoLCw0OEhAN
DhEOCwsQFhARExQVFRUMDxcYFhQYEhQVFP/bAEMBAwQEBQQFCQUFCRQNCw0UFBQUFBQUFBQUFBQU
FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFP/AABEIAKQB0QMBIgACEQEDEQH/
xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMA
BBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVG
R0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0
tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEB
AQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2Fx
EyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZ
WmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TF
xsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APzhk165Ez/6v7zf
wU0a9d/9M/8Aviqs8IWVzn+KoNyhuma+tp4zn6nUsLh5fDBGtD4jvoZVkQRbgdw/d1tWHinWbht4
jjZR/wBMK5SK6dCuwCugsPFt5YoscaJtHtXq4erza87PHx2Dhyfu6SbNuXxlrSLtEUecf8+9UrK9
8S6xcCCysJLyY9I4LUu3/fK19DfBr4YxX+gDxl8RJxonhePmOFV2z3n+yq1teKf2z7/wrbnSfhZo
en+DdJT5BdRwJJdy/wC0zsvFepUhPlTbPgKWY03XnhsPhlNrd9E/X9D55vfAvxKtbXzrnwjq0UOM
75NMdV/9BrlJdT1i0do5LTynHVXgwwr2h/20PjPbXHnr4z1GXn7sjKV/7527a1B+19/wmqra/Efw
lpuvxn5f7RsYVtrxP9rcPlauaK5naUrHte0xlOHOsLGa7J2f4ngK+ItUX/lgn/fmmza3fycvFH/3
6r2bxR4Qh1zSpdb+Hl+mvWCDfLYOm27tv95O4/2lrxa41y+eRklXay/Ky7fu06sHS3Z15diqWPu4
Ukmt09GvVWv+j6EX/CQ3af8ALOFf+2dPXxLedAtv/wB+1qrLNJN1iVqrFXU/6vbXE5NdT6aGHoT+
KmjpdF8c6lo9z5tultuI2lWgVlrpk+K2uzQ/LBZf9+VrzaLzW6R10WmyyOFxDG23+Fjtrqo1qmyb
PDzHLsH8bppskuNb1iSRpXig+c54iG2mpq+pn+GD/v0tbS297NalRawrvG0LlqzZtM1C127rYMp/
iU1q4TXvXZ58K9F+5yxX3GjpPizWdPKhHghx/EIq6Wx8WarqQP2m8t5I0/g8nrXErHfBf+PYYp0c
+pWxzHbbTWsKk49TgxGEoV/eSin8jq9b1a/1AIkcFrCidxFyf/Hq5abUtVjmaPbbnB2/6pafLqur
Ou3ygv0WqP8Ap8h3fZP/AEKic+buXhcP7FWko2+RrC31aRFJa1H+z5QqreHVbNFc/Z2XO3/VLVu1
m1vy1BsVP+0x21BfQ6xdMqSWYRO237tLl93qEZONS0uW3yM/+1NQHeD/AL8rTk1fUOwt/wDvytXk
0K/Xk2y/nVm20u88xENnGq/3qlQmdE8Rh1sl+BnprOpjtAv/AGyqaPxFqu5Y1aH/AL9V0sWgam67
YrBH/wB1SayNU8Para3CkWflf+gitXTqJX1OCGKw1SfJJR/Alh8Z6xYjCG2H/butS/8ACztdTjzb
f/vwtZx02/mHzxKlNj8G6rqJ2W8LyM39yNjU81VfBcFSwL96so/gGofEfVZDkm2B74hAqGx8d3j7
hKYOOi+UK3LP9nzxhqQ3CyMEbf8ALS4/dr/49WrD+zdcQbTqfizQtM9VlvFLL/wFaz5cW3ex1LE5
FCHs+aN/JX/I5ZvHtwvVYW/7ZipI/HSH/WQwt/2yWu6tPgJ4DgK/2n8VtOX1WztZZv8A2Wuk034P
/Am2C/bvH+t33r9j0xl/9CajlxHWxyPE5RH4YTfpF/rY8tt/G+nj/WQQ/wDfpf8A4mtW08aaA337
aL/v0n/xNev2XgT9mCyVftFx4x1D/dMUW6t200j9lOEKB4X8X3P/AF01ED/0E0068dkjjq4rK5fZ
qL5Hjtr4q8MPt32sP/fpP/ia17XWvCcu3dZxf9+k/wDia9s0+2/ZeBAh8AeIn/2pNSb/ABrobC1/
Zs+Xy/AOtJ/vag3+NdUHX/59/l/mfP4nFZetpyX3/wCR4noWqeEY7uPNhA6H+GS3iZT/AOOV3EOq
+CmX59A0/d/16Rf/ABNeoW2mfs7yjCeEtZg/7fT/AI1rQaD8BpECRWGvWy9v9IVv/Qq6Un9uk/uX
+Z83XzClD+DWa+b/AMjwzW7nwXNa5XSrODHTy7SJW/8AQaxLe88J27Epp0DZ4+aFP/ia+iJ/hp8E
tSOY77Wrc9vNQPj9arP8B/hbc82XimRPRbi0cfyrphZaKFv+3X/kebPMaSX7ybf/AG8v80eDLqvh
1f8AVWsSf7IhT/4mmy3Ph274e2jP/bJP/ia91/4Zv8Nyt/oPiCwuPRfMKN+oqaP9my3t2yES4/2o
pUf/ANmrpioy91tfkcE81w8PeSm/TX8jxvT9J8G3iLuto0f+60Sf/E1ov4f8GwKu23SR+yrEn/xN
erS/BO3svlNmU/3o67/w3+zfFdwW8zJBb27hTvZcs3sq/wAVXP6vQherJWOGGaVsVU5cOpt9j5/0
jSvD7ReYttEGB2hfJi4/8dqXVdB8P3sYE1vFhem23iX/ANkr7L0f9njwP4PtBfazpsup3Z+5aZ27
/chen/AjWf478IaA2jQ33hzw/ZaZPGcTWE1okmV/vg4ry4Znhq1RU4Qutr9P8/wPXq4HGYWi8TVn
yytfkv71vy+V7vofCOv+EfC1nCsqWy7s7dvlJz/47WdYaV4Qki2vaorjtsT/AAr6n1nwXouqRMut
eG4Rhf8AX2e6Fk/4D0rhb74HaVeRyT6MFv0HzG3Zds6f8B/i/wCA16TpK9+h51DP4OPJUlK54zLo
/g63Xc9qiKO+xP8A4muW1B/CYncxWY2dv3Sf/E169ffCqL5gtntYfw4rlrv4W+dNs8geXnlsYonh
Z292J6uEzvCt+9Ul95528/hY8CzVv92NP/iapvq3hiD5Rbon+9En/wARXqGqfBgIgMUeE7bKwdR+
C4Nk7SjaMcA9a5pYStHY9yhnmXT3m/vOKfWvDmOVVf8Adii/+JqCfxT4fhTCqpC/9Mk/+JpL/wCG
bWqfKgbb/DtxXI6r4X8uNlAKMK4JRqw3ifV4aWX4h6SZtS+LvDzN/qf/ACGn/wATVWTxB4dkfebd
mb/cT/4mvP7zw5dIjEKePSsGSG4hbYd615NWtWX2T7nC5Vl1Zfu5v7z1o6z4cb/lg/8A3yn/AMTR
/bPhr/ng/wCSf/E15NHDcOPkL8ULBdZwBJXJ9YxH8qPQ/sfBrTn/ABPbP7W8N/8APs/5J/8AE0V5
f9hvv7ktFHt8R/IiP7JwX/Pz8TJmksGmdWW5+9/DtqWG206baFt9Rf8A65qrV2p+Msli7pp3hzSL
VQeGeHzj/wCPVY0/45eMZ5wsE9vbxr/z7WiJ/wCy1FLC4Ze7z/8Akv8AwQq1syjByhQsvOdvyTMf
RvBFlfKGkttai/2haKVr6A+AP7N3hbVbqbxR4m1S9tNB0z96Vu7IhZXH3VrB+HXxA+IPjDWLTTrT
V5t8j4Y+WnyL/Ea93+Jv7Tfizw3Y2fg7SJre8sLRAtwZrWJ1mb/a+WvoqWEpwp88Fon6fdufmGb5
1mc631GM+VyT2d9F3uo2T2unfsjyz4tXT/FXVVisNftIdKtf3VrZsrRKi9vl2157N8CdeYKYHhu0
/wCneVTXvvgX4o3njjUI9Nn+GsWtXEnH/Ekt2Sf/AL5Xiva779mS+1nS47nSpE8M6pINy6RrtzCk
rey7Tn/vquqo8Le9aR8zh8ZmeBjHD4anovSX32sfCD/BjWLMYls50H+3EaxdW+FN5n92gQ/3dtfV
fi/wj8SvhZcGPWNGvbaFWws+wvbyfR/u1X07xNd6hEq6hodvc/7Xl4b862p4XC143pyNp8RZtgpc
04r77P7mfL3hn4feJfDGow6hptzNZXkZ3KYK9O1T4aW3xbsmnkso9G8WoPmkRNkN5+HZ69xtdL0L
U13S2Fxp7/3kIdauN8Ori5Rf7Nu4JF/2/keuqGXwgrPVHiYvjGtXqqpL3Ki2f6abryZ8gW/wN1td
QeyltHjnVtrAjpXbaX+zPK6Kbp1DY+7X154c0B5oBaa9ZPDepxFesn3v9lmpbvQUsbh4ZoxFIP71
XSy3Dt8sjz8bx3mUtIu3mj5Qn/Z3tbJUSaN0z0ZPu1SufgbJpgDpGZ4m7qvSvrG60ObVGjtbSF7m
VjwqLlj9K2P+FYJoFosviO/TT1I3Cyg/eXR/Dov41VXC4Wk+VnNh+KszrQ53K6W/b7+h8s6J8NpP
KVW0uWTHAIGK6qL4C3GqRxq2mzqp5CRRlv1219G6bqunWAWPQ9DgLfdFxqTec/8A3z0Wuwg1XxRq
tmY5NRNuCMKLdvLT8gq1nOmqS+D3fN/5XOGWf1qs/dm7+Sv+bX5M+ZdP/ZMuvJWU6RfO5GQr27kf
+g1d/wCGa5LVMXOmyQ47Nbkf0r6gsLbVo0QS6jO7gct57mtq1m1SIfJcXrfQuy1xPEez2hH8TZYr
GYn4qk19x8Y6j+zpYzxkeQ0b9mEeK5f/AIZ/m026SRo1nhXsFxj8K+/WS+vvludNF4P+mtsob+Hu
Np/iqhP4J0ybdJcWdxpv+07q6f4/zo+u4d/xIW9GbQq5vBfuqvMvNW/zX4nw1H8JxK2DbY/CtSb4
NLb2Jd1jiUr8qlea+lNV+EWtOxuNMsJL22Z/la1Yn/x3HFSp8JNfuDFHqAsLFjwGvbkB/wAuteks
RgUr86PMlic6lJJQlb0dvv2PjG9+Hj2DFZEDemBWfJ4Y8v5VgH5V9zXHwD0O0UTeIvFenWka/eS3
jMh+gqilj8I/C5It9K1TxBOP+WrIsafgOP5Vxe3oVP4EXP0T/N2R9FDFYylDmxcow9ZL8ld/gfKf
hLwbqF3a+XDaNEgPzSv8qfnWjqvhTw3pkDjV9Vjncj/j3sl3n/vqve9Z8WeC5iwbwdf3EfZJb9kT
/vlBXOT+OPA9of3Xwws5MfxS3Mz11OUlG3sn+H+Z5scS69TndZL0v+bifOs2taBpGRpPhpJnHSa/
O/8A8drm9a+IniVw0dvMLGL+5aRLGo/75r6Xu/i14RiDBPhXpr/QzH+tcxqvxM0S6BEPwrs0/wBw
zCuWTqPTlcfS3+Z9JQrU07uCn6tv80fJeuahqupMxubmeVv+mkjGuYm0i8lfrn619XXGrW+sXAit
fhjdGR+i27M380qLUNJtNMUNqOiXVhL/AM+cEMU0o/3m+ULXFLDqW8j67D55LDpKNJL5o+YbLwtq
czKI52+boqiunsfhvrmFMoZEb/nqQn/oVes3/iC6hVo9NtYdPi/6aQ7Zf++v/ia5qO8uherLcRQy
/wC15iGpWHpw3OmpnGKrr3Ipf18iPw98GtX1VvvxIg6s0i13Vn8D3tI1Mq5/2vNTFN8M+M7DTZdl
5NJGD/cC/wDxVelaV458OzRYbUW2Y5zsx/6FXsYehh7H53mmZ5tGfux08kc9pfwR1K6jMtt5TRJ1
3SJW/ZfB69iRS8fmL/0yYGuo8O+MdJ1aFLDSZLi9vWGwQQoCf0aulMHh7wyiyeJdcS2lHP8AZ1my
yXH+63OE/wCBV1v2FL3j5GeMzOtPkkrfgcXafDCViFFuxJ/hr0Dwp+z1q2ov5k9lDptr3nvmCL+A
NUrb432ekAw+GLNNKQ/8vU/764b8W4X8BUafEP8Atecvqt3NqDv1LylWqH9Yqfwko+ur+7b8TFyV
F3xLlPyWi+/V/h8z1gfAvwRoFgZNY1yK4cD/AFNngkn2p/hbwL4LuxOun+HZb2SEAqL2727/AMEr
itI1HwzcbS8t1C3+3Irr/wB9KtekeA/FXhvw3dyXEqTSQvEUMsREij/vn7teHiaeJp05Sc5yl935
Ho4PFYavXpwVONOF9bvmfq+a/wCSPQ9D8K6Fa2UKp4Y0233AZR4w7LWofDOjFdv9h6Z/um3WoPC/
xC0HXpliULBkbgzELXVy6hpsLbYwWPZtvy18LiJV6dS04tP1Z+0ZfSwGIoKdGcGlpsv8kZtt4e0a
ziUtpFnvI+RI48V0dhFYNMsy2Ceeqbd+OF9hUVhYRXA3ylvm/h9a6CGwt0XATivHr1b6Ns+0y/AR
j70IpL0X+Rx2q+Ere/vJLmOe5t5nOTwHX/vmuV8R+EtRe2aKJrO7Hb5fKcV62YbZOOKo6iLbZzHx
/tcf+hVdDG1KckomeOyLD4iE5S0b3t/VvwPCNa8PQQ6Aset6Xdzkfde3TIHsdtcDHpXhm0vUngkk
tZk+6rlkYf8AfVfUclis0W23JiB6iIZU/geKx7vRdIld4rvRDOAvLyAJn6Cvo8LnDp3jJPXs/wDM
/N8x4NjVtKlNaLdq/wCK1/A+dr+x0XxP+7lha3v/ALq3iDart/t//FVxOrfDvU7a7dG01wM7htGV
/wCAt/FX1nZeDdEgYLpmk2tqW5dZYC3/ANatiGwvvK8ie1xGOI5I4Yx5f0+Zq9KHETw7tTj7vZv8
jwv9Q54mN61XXvFX+/b7z4UuPCGpwyMFtZBt7baq6l4KvtUdI4tPlklbgKqMWz/u191SeF795HE7
mK3H/LcyoP0CVNHfeHPD1pJGNdtluD/y2d0kcfQV1S4plKNoUrvyf/AMYcASpTvWxPIl1aS/9u1/
I+JLT9knxTqVkLy//s7QrZujalLsb/vkV538SP2L/G2jWc2q29rZa3p33jcaVIZSB7qfmr7P8Sa/
4UvL3GpeMNRukz08hCg/NazNP+I9n4Pnk/4RcRa5A3LQm6RWYf8AXLaDU/XMdXXNy/LlaX3v+vI6
af8AZ2AnyKem11OMpevLG+nl+J+Y938JdWjLgQqCvY1z178Nb1d3mRQr+C1+n2vweA/ivYX0+meH
EtPF6Lvm0l5mtpJB/EVXufwr5I8XyeGItQuLa4tbrSrmN2V4Jxko390/dNevhY08SmmnCS3Tt/Vv
MVbNcXhKi5JKpB7OKf4p2s+66Hy/N4NmsXyrJ/uqi1GYbWy4eBfN+mK9zm0LQ523wz20v+y0mw/+
PVzut+HtJRG82wwv99TkfnVzwiguaJ6lDPHWajVT/I4D+0YP+ecX5UV0/wDwj/h3/n1f86K5vZS8
j1fr9Ds/6+Z87W/hq6muW3QyKuf4hXX6V4b2IsccRLf3VWvo+P8Ab88ZTuwuPAHga6bO3c+jD/4q
vTfg9+1V408ZarJct4M8F6PpVovmTXFvpAVvorbq8fD0J3UKcdf68j6vNs5rwpOriPdgvNHKfA74
IeKvDXg2bWdN8K6hqGtakuy2VLY4RT3Lfw10+nfs4eHPh6j6z8Z/FNppkz/vBoGjTi5v5T/dbslc
b8WP23vif4v8QXdlp2pjS9HiPlRxWQ8rev1FeE6n8VNevbp3uLeK5cnLu4LM3/Aq7+epKKp1JckV
21/H/gHxlPA1KlaeJj70qlnq7WXRWTf5+p9QeJP2jvJ09/D3ws0u38BaCRseeGPZf3Q/vPMP6V5X
NomrX07XkkM17Ozbjc+d5jE+u7dmuF0j4iz4AudPhH+7xXW2XjtCqGG3RG/2Wrvw9OhTXunmY2nj
YPSP+X4WPavhN+0h4y8AY0jXbd/EnhmQbJtP1JfOKr/s7q9U8Y/Cvwh470IeK/BVldWFm65ni0we
Y1q3+3btyB7o3/Aa+dNB+IFzGY/OWN0/uy4Ir3L4W/tFW3gS4Fzb6PpxdhskKu6F1+mcf+O1dXCq
H77C/H91/U+dni60pqhi42p91rb0Vvw2fqcxoPwr8RCdZLKex122/wCnWTEv/Ao32n+ddfbeEdbi
kWK4sJ7dv7rxkV754R8QfDX4vQvd6Ja6bp3iY/M1ncEAM3+70auv0uLxx5y2pEek2sXAlaCExqvs
d1cX9tVKF6coWa3Unb7mr3+4zr8NrF2mpuUXs6ceb70+XlfqzwrQ/hn41njVtPtbgj+FWU7P/HuK
9a8M/CDV/FOn/YvG2kWltHEmIL+1YJOntjoRXVSfGPQPB6Paah4kTWL8DBW2iUqjf8BrnLr416Fr
LE3uppKvZPsrbV/8eryq+NzPHK8KPKujSd/lse1hcp4eydx9viHOfWDcLekt/wAHf0Nm9+Dlv4as
ktPDV3Z6Y7piS6um3XEn0bsPpXITfs8vOWm1DVLR9x++oZ2P610+n/FLwy9usM+onbjCOsCqY/50
mp/E3TvD+x4XvLyJvmicyhYpfyFefSqZpRlZXu+tt/mz18TR4ZxUFUaSilspaL5L8/v1MHS/gBo1
mfNudSDKnzbjEUH4sa9SsPBWjWVpElvFa7FUBAiZrgLP432dzHvuvDJVSf8AWRRiUfpXS6D8TtI1
q5KRX32Z9vFrLH5Y/wC+qxxv9p1FevfT0/Q68ofDVCVsLy3fe6f/AJMdHBosAl2i1ix/eMarWrH4
etGjXMKt7JGKq2GswyvmNY3/ANpGDVsDVlx0A/3uK+dqzrLQ/R8HQwMlze6V08O2YX/jzH4kD+VV
LnRre3P7mxtVf1dctWo+pBIy5UKBWPea3LO/lqoXd2x81Yw9rJnTXjg6UPdj+COQ8UwXdzKsUTtg
H5mjldFH/fNcz4kkbwpFbXlv4YtdRvOkl9Ku1k4+XGeWPvXpIvksjzGryfT5VqK+1WO7iWOe2V0+
9tYV7NKvKHLFwuvuufEYvAU6jnUVTlm9tE7ffc+WvEuu6rqty8ken2O/+5Pb7WH+63SuJ1PVvEls
cPYW1qO3+jKtfUXjW/s4PDV3FaWFs7I2SrKGw1eRW82u667W+mabFcL3Cx5j/wDia/QsvxkZ0+ZU
1FLuz8MzjLZYPEKDq+1nPXRdTxW+8Ua9F/y0VPpAtctqfirxK+dl24H+zEBX0fffCPxDcQNLqGl6
dpVv/FdTTLCq/wDoX8qwbnwb4Q0P57vVhrVyP+WFriOHd/tP1b/gIr1ljMPU0pu8vLX8v1POhh6+
H1xFLkX97T8Hq/lc+dLa78b67ci208Xt3Oegthz/AOO1fvvCPiTQYvO8T63cmX+HSdNmWa4Ps7fd
T+de13vie/Nk9npP9m6JafdMFgVRn+rty1crELizhuLiYW7Mp6tsPFXGnOXvVHy/1/Xc6v7ShD3a
FNP5fl/SPCtf8R+MNStntdKs7nQdP+6xtbk+dJ/vueW/SvP7jwVrVzJ+81WZHPa7kIX8wWr3jVfF
EIeSOW0ROTjaAtcTr2s2U8bh7CVv9zBrnqYen8TZ9Vl+ZYmyhTopL7/zPOE+FGtXbAo+n3p/2dSj
Lf8AfJbdU0nwd1aMA3NnaW6+rz8VtG2sJ9rS6XLaR/8APa7kjhQf8CYrWtpvxB+HPgxd15rWtXty
P+XXRmKRfRpW/wDZVrgcKcPemfV/WMfVajQjr6f5PQ5TTvhLc395HZ2up6e07/KIIpndv++QK7my
+B/h/wAKSq3jDxzpqOvzf2RpMpluT/su23an/jxp7ftf6JCjWun2T2NmV2mNbSN5JV/25W+ZqrWv
x18A3sge48E2F0x6yfZ/KY/98MtJKk/hkjmqvNk7VKUlG3Zb/M6R/Emn29o1hoOs6f4c04jayWEM
hmlH+3L95v0Wsi30jQC2ZfEPmMepW2cmtjTPjL8Ktq+d8Prdm/2J5R/7PXSWfxr+FMQXZ8OUP0vn
roVZR+x/X3ngywlbvJeqX58rMrSdJ8OkL/xO7rH+za112naX4cUcaret/wBsAKfpnxn8B6jKsWm/
C9Ll/wC6LqU/yrqoPHGk2kfnz+AtC0iEc5u5JJW/753V1wrzfw03+H+Z85jMLyfxK1vvv/6Sihaa
V4cGP9N1CT/ZUBa7vwh4Kt9TuIzp2ma46j/lunyKP+BYrmk/ah0Dw+gXSfCmjNdL0mFqFUfTNZ99
+1V4p16RVfVJbGI/KsdmFiUfiFrnnUxdX3YRUfNy/RIxp5dh4pVa05PyUf1bX5M+mdL8MaV4aS0u
P+EYuNQ1BRuM88qQrH9TwpNaVrf2U+rLJNqmmRO3P2c3W+VfbaODXytD4vuvEMii7vLq67lpblyt
VrnWLPTbnCTqWXud1cTyOdX3qlX3vn+r/Q648Rxw1qNDD6R6afe7JN/Ns+2LXx5pVvJt8q6mdO7r
5af+PVeb4o6ZAMOLdPYybq+TvD/xcFtp0Vk0sEyDd+5nG9fyNdRZ/EPQLxf9Jt/sj/37M8fkf8a8
Orw64yvKLaPq6HHVaMIxi1B+a/XX9D6CPxd03tKoX/pliqN38TtLm3HbO7f3tleOJ4j8Ozx/utc8
hv7txbsP5ZqtcXWnTL8niPTl/wB5pF/9krOOS0IvaS+T/wAi6nGOY1I+7OL+a/zPX5fi1Z2aMscN
wR7cV5p40+Ous/anGnl7W36DLHdXDTXPh+3uJ11DxbblG/ht4pJWX9BXM6v4s8B6HM3lSXOsyjkf
apRDEPwXn9a9jC5Vg6U7uDl8v87I+bxvEOdYyn7ONRQXk1f8Ls7LSfip4s8QXi2VrcX91KT0ic7l
/wB6upj8ft4MZZtY8Q3mpX6HjTLe73qG9JH6fgK+e734zSakHsbK9g0yzYcW9gvkq/8AvN1b8axb
DxHbrep5s/y+tew8uoV9HGMY+W/3/wCX3niwxmOw3v8APOU/Nu33dfn9x9J3P7QV54oWaw8RaWk+
iy/LstN0ckXuG3fNXD6/pmmWMxlsdWuo7SYZje4+Ybf7u5a8+k8SRKc+YCtVr/4t6boNk8F+UuLS
X5XhB+Zf9pfeuiGAw+CfPh/dXbp/w5xVsbmebtU8X+8fRvdeXp5dOh0t5YTum+OaO5T+9A++uD8V
Wq3Y8v5omTncTsrDvLyGyi/tbTtSa40t/wDVzRN9z/Zf+61U/wDhcgQeXJPb3sY/hmAau11o8vLM
rDZXiKc+eir2+Vje8N/EDXvB8sMo1GLVordt0cOqN5vl/wC4/wB9P+Astek634w+E37RdlHbeKNv
gnxXGm1dUV1kt5T/ALb9f++v++q8Mk+IXhTUpClzpwjZv4rZ/wClZ9xY+Dr2TzLfVGtJG/huE/8A
ia8fEYWnXalCXLJdn/SPscJXq4a/t6b18r/lqvVWPQNV/Y38dxyedoC6P4l0g8x6hY6jGEx6ncy4
qC0+FfgH4Xg3vxI8a2l9dw8r4b8K3QuJ3b0lk+4lYXhPXb/wfIW0HxEAjdYIrkFH/wB5DWj4g8Ye
HNcjY+JvBCXkn8V5pkHlOf8Aa+X5a45YbEWtKp7vkj1VmFPnSjRb+f6WX5nU/wDDQnwR/wCiOj/w
YrRXmv8Axaj/AKFjxN+YorD6nH+aX/gT/wAzv+ur/oHf/gMTxX4X+DdT+KWuNZ6XYtHbRHdcXjj9
1CndmavRPid8R9F8F6MngrwpMrwQ8Xd8n/LZ+5rifF/7Xd/qmjv4f0DwbZeFPD/T7Fpjkb/999u5
q8in8YwyBm/4R9FLfxF2rCGLhTp2g9fRn188ixePxPtcVC1OL92N07vu9fuR0Fx4ltoEYmQb6qWv
iG0ml+dwi/e3NXEX2ri9fK20UI/ujdWezE9HryamYRTsvyPuKGQwlD33ZnqUvjPSrUbY8u396qMn
jK1O6SKeRG/uqBXmzKcdaUZxWf8AaUn9k6o8OYWOrkz0m3+IMS7Q08xrdsPGccyZiuX/AOBGvGlJ
Wp7e8mg+5mtqWYy6meJ4aws4/u9z6G8P+NpIHVxLIrDoyvivYtH+MOo6hpkNtPrN/PEg2mKW6dl/
753V8caLr1xBwEZv9nFdLY+LLuM5jt5VP95a9mjjE/iR+eZnwzduMGfZfh7xMt2+FbgdWL11B1q2
urjEUy78YNfFmkfFHUrDdFIJlRq6Cy+Kt5GVbL4HbFe5SzKCR+Z43gyup8yZ9df2/FYt5csgVvrX
a+FPiaukweWI4rm0f/WQSn9V9K+I5PitcXsyFo5EVBgV02j/ABDvpEXy7aR09TwK2liqOIjyTjdH
iy4XxWFtUhKzPuVvG/2i18/QPKu8HMlq3+uj/wCA91/3a0vCvxY82eRL+zt1hIwXK5cN7V8VW3xT
1LTCs6WcqMnIkib5lrufDH7RkurSrbapo0ep5/5eP9VMF/3h97/gWa4J4fDzXI1f8zNYXM6D9tTd
relv+AfYfhzUrG71GeSCeSUD598LsHA9a7XS/E+oT3AtdPvnvG7RzIrV8oeFPjTo3hzVodRsrLVY
riP/AJZmRHQr/dbheK7fVf2wXt7SYaB4QtdMmkH72d3yX/75Va8HG5bVnNKjT5o2620/ryPpslzO
NCnJ4qr7OV+ieq8rW19dD6nuPFkGnwrFLDDdXiAecU2iOM+7VxWtfGvQNPvZ7WO0cy/deQsyrn24
NfGGs/tG6xrRCyfaXC/dhiARB/wEVyWo/FfU1ke4ltJ0zSw3DlCHvYif3XO/HcX5rX9zB07L+9Zv
/h/P8D7pX4t6dcSnytMklz/cvk/kaivfilDbpn/hE9UuBj/llMGH/jpr8+rz476gowsTf8CFU0/a
D121fMMksWP7mRXbLJ8Evhl+f+Zw08xz+ovfS+6P/wAifYviH4s3CXFxJb/D/wAozffN4ZJd3+8v
Sua/4X/4s0+B7e00yDTYifu2sAj21852v7W/jbTwogvrjj+FiWrcsP21/iA7rH5Vrcjv51qh/wDZ
a3jh6MFyqkn6t/qmczwuYTftZVHF+SivycTrvFHxE17xCxe/W6u/7olc7RXF3niHUY+Ft2UemK6S
P9szxGExc+HtEuT/ALenCsvUf249SsmxP8PfDM4PQ/ZGGa63i6tFWjTSXk/+Ac1LJFXleUuZ+a/+
2ZxupeKtR2sMMn4VxOseItSVmcSSq3+zXpN9+3zKA2PhX4Wf/etmrmdS/b5uzu8v4UeFE/7dWrjl
mNSXxQPq8Fw7Ug/dgjyvU/G2ujcI2m/3sGuS1LxH4nvdwN3ehf7qsQterah+3d4hkZvs/wAP/Ctr
/u2O6uavf23vHM24QaN4fs/+uWlp/wDE159TEqfxNn3WEybE0fgoQ+9Hk91Y63ePudbpz/eZGNRx
eD/Ed22IrDUJf9y3dq9Auv2vfibeL8mo2tmp/wCeFjEn/stYl5+0R8S9SXEvim7RW/ubU/8AQVrl
vR+02fRwp5pTVlTpr5v9IlHTfhJ4yvHVl0LUGX1eNkX9a7XSfg34gtVDX72Wmp63V2gYf8BrzbUP
iN4v1Hc13rt7OvfdMayRql5dHM93K7f7T1ar0KeyZlWwGaYxe/Ugo+Sb/Vfke/23hbw1pR/4mXim
CRh1jsYWkP51pQ+KvBGjf8eelXGqSDo97JsX/vkV8+2fzBS8rN+Na9olu+0OSy/WuqOPX2II+dxH
DvN/HrSfpovwt+Z9D6X8bJER4IRb6VG3QWyKv/j1T3HjK1uEaSe/WRyPuk5Y14LBZWyNvjz+bVrx
zWgHKN/321dsMfO2p4dbhnCRlz0k/uO1n8RwwStk4GeMNTF8YJ2kxXEXElvLtHlFlHT52qqY4m+5
AV/4G1ZPFT6HbTyOjJe9c9U074qtpkZga7dVJ3D5/lqSf4pmU5Mgx/e315XbaXFczKHj2r9WrSHh
uwYf8e//AI+1UsXX2RzVcgy6D5p3v6f8E6zVfit5qIsM2GQ58xTVjSvjrqOmp5b3LTJ/tH5lrz+b
w3Ak2xIty/VquW3g+CRFd0K7uiqWpLFYi+hrLJspVK01deh6Yv7QssiYMsq/7uKqyfHy+iLfZXYE
93Of0rz+48IRIjGON22/w/NVD+w4l+UxFfxareMxK6nNT4fyZ/BA7+P4xXl3OBNMFDdWH3jSXPj0
Tbh5CNn3+avPX0SJePL/AFarNjpsKbkkD+3ztWaxVXaR2SyPL4LmpIuaj4uu4pXMTHaDxtNUx8Wt
VgGx5d6j+996nzaDG4/d2x/77asa58MlpGxAVrnnVrR1iz2MJl+W1FyVoFyf4uaxMGUTsi/7JasK
98TahfHdLcu49zV7/hFZFX/UUqeGtn37d9tczq15/Ge3TwOV4f3qUEP8G/ErWPBd4Xhf7VYy8XFl
PzFMv0rr9X8KQfEKyfVvA90wuVG+40SU7Z4/9z1Fcivhy2VsSKU/CtXR9OttHu4ru0nnguIjlJYt
ysK3pSnbknqv62PNxtDCqXt8KuWoutrp+Ul1/NdGcSsmp6RePHcedBMjbWSTcGH+8K1U8QXEyqFl
aNq9xh+IvhXxNbpaePPD41bA2jU7P9zdJ/vMvyt/wKnL8L/gxrDebp/j260tW/5YanYPuT/gS0nC
UPglocscdSrL/a8M4yXVK6/r1R4al1f3DY89lr0j4SeAPFfj7WBFaXtxaaXB891fMzBIk/i+au80
/wAGfA7we63OqeL7/wATSJ8ws9OtHiV/9lnaoPHnx4s/EOjL4c8OWQ8M+G1GPstrnfN/vv8AxVrS
ai/fkedjK060fZ4Sjv1a0Xmen/8ACLeAf+h6m/7/ANFfM/8AZWjesn/j1Fdf1nyX3ngf2DU/5/y/
8BX+Z9J3H7DvxYkkZh8Kbjk/9BrTv/j1Z95+wd8Xp49qfCydf+41p3/x6v113GjefWvzx8QYpq1o
/cfqEeG8HB3Upfefjs3/AAT3+Lrfd+Fkv461p3/x+oG/4J3/ABfPT4XSf+DrTv8A4/X7Ibj615H4
7/aR0T4e+L7rQL/Tb+aW3WNmng2FSHUMMZYHvXlY3in6hTVXFSjGN7K66/L0PcwHClTMqjo4PnnJ
K7tLorK+vqj8yv8Ah3Z8YP8Aol8n/g607/49SD/gnX8YP+iYyf8Ag507/wCPV+oXh79pTwH4idY/
7WbTZWOAmoRGL/x7lf1r0u2vIryBJreZJ4XGUkjYMrD1BHWnhuKVjVzYacJLysysXwvWy+XLilUg
/wC9dfdfQ/HYf8E6vi9/F8M5f/Bxp3/x6pY/+Cd3xbHX4aTf+DjTv/j1fsTuPrRvPrXf/beI7R+4
8x5LRf8Ay8n95+Qdv/wT8+LcH3fhrOv01jTv/j1aUH7BXxYA2yfDm4VfbWLD/wCPV+tW8+tG8+tW
s+xS6R+45pcO4We85/efk8v7B/xNQcfDi7Le+r6d/wDHqmj/AGHvinHwPhfO3/cZsP8A49X6t7z6
0bj61suI8Uvsx+7/AIJzvhbBy3nP7z8q0/Ym+KcZyPhdP/4OtP8A/j1dXY/sqfE+1gijb4W3K7Bj
/kM2B/8Aa1fpTvb1o3sO9aR4nxkNox+7/gnJW4My2urTlP8A8CPzj/4Ze+JyrgfDG4+n9sWH/wAd
rIsP2T/ivp14LiL4Z3A+b7o1mwxj/v8AV+mZYmjcfWtHxVjn9mP3f8E5Y8B5XFSSlPX+9/wD4O0H
9mrx6y7r7wVdWR/upf2cn/tapNW/Z2+IESFdP8C3Vzu4zLf2KY/8jNX3bvY96N59aX+teYXv7v3H
O/DrJJRs1O/fmPgCx/Zw+IttbjPw3uPNzk/8TWx/+O1HN+zj8SZD/wAk3uT/ANxax/8AjtfoGWJo
3EVX+teP7R+7/gmf/EOsn5ua8/8AwL/gH5sah+yb8R7qcvH8MbnafTWLAf8Ataqw/ZD+JPf4Y3P/
AIONP/8Aj1fphvb1o3t61H+tON/lj93/AATujwLlkVZTqf8AgX/APzQT9kj4kDp8Lbr/AMHFh/8A
Hq3vDf7K3jqwvFe/+F969uRhkg1rT8/+PS1+iO8+tG8+tS+J8bJWaj93/BKXA2V/alN/9vHxNF+z
XqLxgP8ACbVFb/a1yx/pLXNeL/2RfEGqQgaV8PNRtHX5ts+rWLhj9fN4r7+3t60vmN61yLiDHJ35
jujwflEFaNN/e/8AM/Li5/Yt+JbuQPhdO49RrNgB/wCjazJ/2Hvie4+X4Vz/APg60/8A+PV+raOc
80/NbviPGS6R+4mHCOAhtOf/AIEfkXdfsHfFiT/V/Cydf+41p3/x6sq4/wCCfPxfm6fDGZf+41p3
/wAer9idvtQR7Csnn2KfRfcehT4ew1P4Zz+8/Gh/+CdvxjcY/wCFaTL/ALutad/8fqpP/wAE4vjO
33PhvP8A+DvTv/j1fslr+t2HhnRb/V9VvIdO0vT7eS7u7u4cJHBDGpZ5HY8BVUEk9gKybj4heG7W
Hw7NNrtjHF4ikSLSHadQL93jMiLD/fJQFhjsM1k87xL6L7jrjlFKG05fefjjc/8ABN347PxF8OZl
X/sOad/8fqqP+Cavx8Tp8O5Nv/Yb07/5Ir9i9J+L/gvXb3SbTTvFWl3l1q0l5FYQw3Ss1y9oQLpU
GfmMRID4+73rpdP1O11eyhvLG7hvbOZd8VxbyCSNx6qwJBH0rJ5viH0X3HbTwkaaspP7z8VY/wDg
m/8AHxP+aey/+DrTv/kirkP/AATq+PSdfh3N/wCDzTv/AI9X7Tbj6mqWua5Y+GtF1DV9VvItP0vT
7eS7u7u4cJHBCilnd2PAVVBJPYChZvXXRfcKeDjPeTPx3tf+CfPx2h6/Dif/AMHmnf8Ax6r0f7An
xvQc/Di4/wDB3p3/AMer9NfCX7VHwh8eeIrLQfDvxK8N61rV6xS2sLLUY5JpiFLEKoOTwpP4V6nu
Pqa0WdYldF9xyPKaD6v7z8gY/wBgr41L1+G1x/4O9O/+PVci/YP+MQ+98Nbr/wAHenf/AB6v1xyf
U1k6d4v0bV/EWsaDZara3WtaOsD6hYRShprVZlZoTIvVd4RiM9dpq1nuKXRfcc7yPDv7cvvPyvh/
YU+LadfhtdD/ALjdh/8AHqtw/sOfFgEBvhzdIv8AeOs2H/x6v1byfWjJrRcQYpdI/d/wTnlw5hZ7
zl95+aWhfsMeMbaNjqHga/ndv4YtWsVUf+Ra2V/Yx8SRDA+HGpOo/hGt2P8A8dr9FMn1o3H1NZPP
cW3fT7jX/V7AuPK0/vZ+aGsfsa/EO5lK2Xw6v4rcdFk1mw3f+Oy1jv8AsS/Exlx/wru8/wDBzYf/
AB2v1I3H1NJk+proXEeLStaP3f8ABOD/AFTwSd4zmvn/AMA/K5v2Hvih2+HN3/4ObD/49T7b9h/4
mpMGk+HN1t/7C9h/8er9Tsn1NNlmWCJ5HbaiAsxPYCn/AKxYr+SP3f8ABL/1Xwlre1n/AOBf8A/M
+2/Yt+IaL8/w7uc/9hex/wDjtJffsV/EGaD938PLrze2dXsf/jtfZ/iH9prR9D1SezSye5MR2lvO
28/QKcfnWX/w1lpf/QJk/wDAg/8AxuvVjmObSV1Rj93/AATyXw9lUZa4id/8X/APknTf2J/H0y4v
PA9zbY/iTULF/wD2tSar+w949iTdZ+C7i6P91tRs0/8AatfWr/ta6Yo+XSHJ9Dckf+06pz/tfW6A
+X4dMgHrfkf+0qlYzOG7+yX4f5miyXKYq3tp/e/8j4sl/Yf+LE828/De52/3RrNh/wDHqvH9iT4m
kD/i3Fyv/cXsP/j1fW0v7ZrJny/CG/8A7imP/aNV3/bTuQPl8D7j76uB/wC0a1WKzhf8uI/h/wDJ
DeVZW1b28/vf+R8l3H7EXxReJgnw1uWbHGdZsP8A49WR/wAMH/FrGP8AhW9x/wCDrT//AI9X2DJ+
23qKdPh+CvvrY/8AjFRH9uLUlz/xb3/ytjn/AMgUnic4f/LiP4f/ACRpDLssp7V5/j/kfIP/AAwX
8Wzx/wAK4uB/3GrD/wCPU5P2Bviqq/N8P7vd7axYf/Hq+uz+3JqQ/wCaeZ/7jY/+MV6n8Fv2itL+
L9xc6e9hLoWuW6eY1hPMJQ6f3kcAbgO/ArnrY3NKEHUqUYpLyT/JnTDLcvrSUIVpX9f+AfAH/DCX
xU/6EG7/APBrYf8Ax6iv1ZyfU0V5f9v4n+WP3f8ABO3/AFfof8/J/f8A8AKKKjnnjtoXlmkWKJBu
Z3YBVHqSelfMt21Z9Sk27Ikr5h+Np+F03xJ1KLxMNft9Z8uHzbix2mHHljbgHPbGeOteqa9+0V4C
0CVopNbW9lUkFbGNphn/AHgNv615J4p8Q/BX4n+IZ9U1S91fT9QuAiNcbXRflUKDjDAcAdq+B4hx
2ExeHWHoVqUpqSdpyVtn9z18up+lcL5fjcDiZYrE0K0YOLSdOLve6fzWnn0OPj+DHhjxev8AxRXj
m0u7sjK6dqyfZ5m9ge5+i1h2Os+PvgHrgt2+06X82TaXH7y1uB3IGdp+qkGuv1f9mhNW01tV8BeJ
LXxLbr832cuqyj2DA4z7ELWT4c+LF9owl8H/ABF0+bWdDDeVLDeoftdkf7yMeePTr6H1/NauGWEq
RnVg8NN/DODbpv8AFteqk7dYn6vRxbxlKcKNRYumvipzio1UvS0U/SUVfpK59GfCD456T8U7f7MV
Gna5Em6Wxdshx3aM/wAQ9uo/WvTK+EPH/gO8+FuraZ4g8Pai95oV0wn0vVoG+ZSOdjnsw/Xn3FfV
XwR+K8PxS8L+dKFh1izxFeQrwCccSKP7rYP0IIr9MyDPquJqvLsxVq8dn0kt7rptrpo1qj8l4l4c
o4Wis0yt82HluusHtZ31tfTXVPRnotFFFfeH5uFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAB
RRRQA+L7x+lS1FF94/SpapFIKKKKYzyf9rT/AJNa+MX/AGJus/8ApDNXyJb+F/iDo7/sfXvifx5p
3iTQLjV9P+waVa+HhYy2mdKlKb5/tEnm7U+X7i5PPHSv0Pl7Vl23iHSrxbBrfU7OddQDNZmO4Rhc
gDcTHg/PgcnGeKQj80tJvNX+JOp/B+LUtS1G91C4X4oWUdxDM32kKu1I1RhzkABRirHwq8e6Zpvw
k/Z80fWviV4h8M/CV9Dul13W9L1ee18jW40g8vT5ryLD20aK7lYgyAt8vOMD9HtZ8X6F4dvtPstW
1vTtMvNRk8qyt7y7jhkun4+WNWILnkcLnqKuXer2Fhe2Nnc3tvb3d87R2kEsqrJcOqF2WNScsQis
xAzgKT0FFwufA3gbxN8RfiLr37O/hbxL4w8W6ZoviM+L1ku7e6fTdR1jTLYQNp087IFdJChDBwEc
hs5+ck/Q/wCw34q1j4hfsqeENR8UalceIdTkbUbKe91BhJLcxwX9zboZWx87eXEgJPJ5J5Ne5xap
ZXGo3NhFdwSX1skcs9qkqmWJHLBGZc5UNsfBPXa2Ohqlo3i/QfEd7qFnpOt6dql3p8nlXkFldxzS
Wz8/LIqklDweDjpSEfEOrXD+C9G/bf13QdukazpFws+n31mgjmtHGkxENGwGVOeeK5H4+eI9e+GX
gzwb4ZT4ieOp/EGs+Gb7xSPEGreKLu0iub94oQtrbR2kJkmlDgtHa+YkKKzEh9wx99eKfir4K8Da
hHYeJPGGg+H76SITpbapqcFtK0ZJUOFdgSpKsM9MqfStK48X6DaeIbfQJ9b06HXbmMywaXJdxrdS
oM5ZYidzDg8gdqAPgjxd8bPir4W8BfDLUdG1vUdev/jJ4B0nRtMk8zemmeJWWBXugQMRBobmaVsf
x2uT7J8YvE3jLwv4k+O/h2x+JWoaFbeHk8EW0eq6jLeFGje3uBcCe6tlaW0WcohkuQRg9WG7Nfel
t448OXviOfw/b+INLn16BS8ulxXsbXUajqWiDbgPcil8T+NvDvgqCCbxFr2maDDO2yKTU7yO2WRu
OFLsMnkcD1oA8H/YN+IGo+PvhBqZ1E6xdNput3NnFqWqa0dZhvEwjh7S8aNHmgBcqpk3sMEGR8cf
SVYup+NfD2i3OmW2oa9plhcaowWwhubyON7snGBEGILnkfdz1FX7vV7CwvbGzub23t7u+do7SCWV
VkuHVC7LGpOWIRWYgZwFJ6CgC3RRRSEFFFFABVDXpUg0e7eQbkEZyPUVfrnPiJIYfBOruDjEJ5/E
VrSXNUivNETdoN+R8PXMMN74nlQsSkt6VI9QZMdfpXq+r/A/TtKu/E92JzNpcEMjaWgl+d3jmWOb
dxnCMdpzjJYEZAzXjYcT6tzMsG+4x5rcBMv978Oterar8L/EUmvX9ppOs3Mw8iN5rvUpxCl+1xJl
RC4ZllEjJuGSCSvI3DFfpGJk4OKVTl/4df8ADfM+JoJSUvc5v6Znav8ACS0sNcezu9TOnyubu7MV
paNNbwWsDTbtrs+5n/cthD2Iy2aji+DFvPJbqdeMLK1sLlpbXaii4iaSERsWw7ELg7toDEc45GhH
4B8fX091paa2LgPavqWIdReWK4Z9ySKCoIMhPmRnOASSMnIzF4r0jV/BWi6LdWnifU/3Vwtvbx+c
yC3ElrDKxXB4/wBcV47D3rnVWo2oRqpt/wBdv6/A2dOCTlKm7f15kmi/A2wbXbC31XULxN8kU8ts
bII32d7n7Ois28hZS+Ny8hQSQWIwed+IHw/sYre01PwxFe3NrNbS3t0kkAjitoxcPEu3LsQMrjBL
HgHPzYHYePfhv4h8HacRpviXUb2ysXlvZI5ZfLETxMn71NjsA2ZFwCQ45OB1rMj+GPixLS3sdW1a
VNPWW6tk062vPMdSkbSyEKTsCllG7Lbu4U5GSlXbarOsmu3l10HOilen7Kz/AK6njjRlRyOPWoyi
t2r022+CPii8n0+KGKzY3ZUfJchzAGjMqmVVyy5QEgYJOOAeKnn/AGf/ABMlxFDI1gkst8bFB5zc
kJv8zhMBduflP7w4ICZBFep9coLRzX3nB9WrNX5WeTmE5OMYruP2c43T9onwkwyo8q8DYPX/AEaQ
4Pr61zWpaYdOvrm28+O4MEjR+bFnY+DjK5AOD7gH2Feh/s26Y0vxi0K72nEIuFJx628gqcbJfVKr
/uv8h4WLWIh6r8z7booor8oP0Ax/FvivTvBPh+71jVZhDaW65OOWc9lUd2J4Ar4g+KPxn134n38g
uJnstIDfudNhchAOxf8Avt7nj0Fd5+1r46l1bxdb+GoJCLLTEEkyjo87jPP+6pH/AH0ag/Zq+DNt
44u5vEGtwibR7OTy4bdh8txKME59VXjjuT7GvxnPsfjM9zL+xsC7QTs/NrdvyW1ur76H71w5luB4
dyr+3cxV5yV49Wk/hUV/NLe/RdtTzjwp8KPFvjaJZtH0S4ubYnAuHxHEfozYB/DNbOr/ALPXj/Rb
dp5vD8k8ajJ+ySpMwH+6pz+lfdsUSQRrHGixxoAqoowAPQCn161PgHBKnapVk5d1ZL7rP8zxKniT
j3VvToQUOzu3991+R+b+geItY8Fawt5pd3caZfwthtuVP+66nqPYivoKKXSP2ovCM6PDBpnxA0yL
crr8q3C/zKHpg/dJ9Ovf/Hv4KWfj3QrnVdOtkh8R2sZkR0GPtKjkxt6n0Prx0NfIvgjxbdeBvFWn
a3aMySWkoZ0zjenR0P1GRXx1fD1uGsT9Rxr9phqm/Zruu0o76H3eGxVDivCf2hgF7PF0tu6f8rf2
oS218+x6J8HNbS4n1L4Z+KFddM1V2hhEo+ayvBwCuemSPzA9TWR8Odfvvgr8XVgv2MUcNydP1BAf
laMtjd744cV0X7TmhxaR410vxTpJKW+tW6XaSJx++XHzD3IKH65qh+0TFHrN54X8WwLtXX9KjlmK
jjzkADfoQPwrDERrYFSSlephJLlfenJ6fJO1vKTR04adDMHCTjaljYSUo9qkVr82k7+cE9z7YBDA
EEEHkEUtcb8HfED+J/hj4c1CVt0z2ixyHuXTKN+q12Vf0Bh60cTRhXjtJJr5q5/M2Kw8sJXqYee8
G0/k7BRRRXQcoUUV8Nft06h+0/Z/E/R1+Cmqw2Pho6SrXMb3unQk3PmyZO25Ib7uzkcce1MZ9y0V
8T/tCft86l+x94W+F2neLvCMvivxHrmgx3WoXEOoxwhLlFjWUfKjK2WYnKnHpX1H8FfiUnxj+E3h
PxvHYNpcevafFfrZtL5hhDjO0tgZx64FAHa0UUUhBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGH45
1m78OeCvEGrWFlPqV9YafcXVvZWsLTS3EiRsyxoigs7MQAFAJJIAr45+F/wa+Ifwz8TfDSC/ttUv
9C+Hd7a2VhOivM+oRavCyX7ygDO21mkT5uiopJ2gGvtfVtWsdB0q81PU7y307TbKF7m6vLuVYoYI
kUs8juxAVVUEliQAASazPB3j3wx8Q9MbUvCviPSfE2nK/ltd6PfRXcQbGdpeNiM8jjNMZ5D8c9Gv
7jWfG1vDomo6pP4m8JQaLotxZ2D3EdverNdljJIoIgGZ7aTfIVX9yecqBVfxH4O8eP8AG7wX4jvv
D2kapFD4lnSDU7fVrh3stMNjfIFaD7HthyrqzN5jeZN5SFgpQx+rX/xf8B6Va65dXvjbw7Z22hOk
WrTXGrQImnuz+Wi3BL4iJf5AHxluOtXPCXxH8JePtDuNa8MeKNF8R6PbyNFNqGk6hDdW8TqoZlaS
NioIVlJBPAYHvQB5v4Fn0PRv2hvGyaT4Z1LSIdYsLGKS8i8MXdraXd/DPqT3Uj3HkLEzFZYT5rNi
TcoVmPFUfg94G1fw98RLO3SeS78M+FtDudAt7ufRJdNlnZriBkDPI5+1FFt3JnRFjYykruLNj1Xw
n8SPCXj3SrnU/DPinRfEWm2zFJ7zSdQhuoYmAyQzxsQpA55NJP8AEnwja22g3E3irRYbfX1RtIlk
1GFU1EOFKG3JbEoYOhGzOd646igCt4/0mXxUul+HfJkbTr24E+pSbCYzawlXaEnpmV/LQqfvRmXH
3a80+IHgbV5vidFb6JPJPFrOuaTr+oJNokrLaraPCrFNQ3rGgaO12+RteQmVj8qyE16d/wALX8Ef
8J1/whP/AAmPh/8A4TP/AKF3+1IP7R/1Xnf8e+7zP9V+8+7935unNW7rx/4XsfFtr4WufEmkW/ie
7iM9vost9Et7NGM5dIS29l4PIGODQB5/omuaZ4o+KyWtxoGuaMNC1C7/ALMjfw/ew2txdNHIs969
z5Igw6vKsf7z5t7Mcs6Bd74w6hb2mjeQ0HiCC+u7eaG21jw5ov8AaVxa8xloseVIEEuApLKFwpyy
EKw6yfxXolrc6rbzaxp8NxpVsl5qEUl0ivZwPvKSzAnMaN5UuGbAPlvg/KcVYfiD4WuPCU3imLxJ
pEnhiGN5ZdaS/iNlGiEh2abdsAUggknjBzQB4D48+GniBvh9o9hpNsul+Ite8H2nhm40WLRpr+2s
jCpIMd2JAtp5T3DHfKzlxEhUMyCtnxH4O8eP8bvBfiO+8PaRqkUPiWdINTt9WuHey0w2N8gVoPse
2HKurM3mN5k3lIWClDH9CUUAFFFFIQUUUUAFcd8X7kWnwz8QzE4CWpOfxFdjXD/G6xutR+EviqCz
iM1y1i7JGoyWxzgfgDXThre3hfuvzMa1/ZSt2f5Hw1ZSzz6pCsAV5ZJx5avgqWLcZzxjJr1rXNS8
fW+tjStOe11O40wwTzWmhWA8uxkhkkZFZQgAIZnJxlWz1NeJaZqEM4t58LOmVLpuxn1U45HpXuFn
8cdI/sjUBPpMiyQHT10+2a+lNxL5DzPvkuFUEhCyDBA+U4HIyP0nFxneLhDm+7uv6/U+Jw8o6qU+
X+mZGi+NfiFpen2rWVpcPbzyG0tn+wB8yiR3wnGd4aV8Hr8xA6VFrdp428Q2NjZ3Nrc3lwbqXbp8
VkRNE8MUMZJwoB+QRjAJIxkgZ51rb9pTUVs7OK40qGSSOZzcCGQRRzQt5m5QAm5WHmthgxUcfKec
0PDXxutfCa2kVl4cSWCynuJrU3V0ZJI/M8oqNxXnBj5OMkNxtIBrm5K8ZOaopP5a79fuN+ak0ouq
7fPy/wCCdBe694+mtbHUvNtr6XUI0f8AsyDTQwuDOZFPnIE2M/8Aoxzu54XGdpxR1zxZ8Q9B0iPU
9Stl0+1v7qdWuRZRq7zYdHWTjOcGQDdzgHH3eILD49NG1k76NIfsxiLG3uthfYbo45Rhg/aQCDkE
IR/Fxy/ijx4vijQrPT30xbJrS8uLmBoJD5apM25o9hB6EJg54AIwc5E08PPnSnSio37LbX/gDnWh
ytxqO/z30Llj8VfE1lcNPb3sLMxj3I0CMHEcJhUFSOR5bEEd85681JH8YPEdp5qxrp8KSzieWNNP
hCSMBhQyhcEDAIHqN3XmuGBI5BwakErtgfe9iM5r0XhqL1cF9xxKvVW0mS6pqVxrWpXV/eSGa7uZ
DLLIeNzHqa9Y/Zki/wCK8t2A4Bf/ANFPXk2wSnlGQ+w4r6A/Ze8L3S3E2rPEy26yERu3G4bCCQPq
cZrjzGUaeEmttLHTgoueIi/O59J0UUV+Zn3B+e/xduHuvij4qkkzu/tGZefRWKj9AK+x/gDYxWPw
f8MrEqjzbbznK92dixz75NfK37RnhyXw78WdYLKRDfkXsLY4YOPm/Jg1e8/sp+O4Nc8D/wDCPyyg
ahpLELGTy0DElWH0JK+3HrX4rwzOOF4hxNGvpKXMl681/wAUrn79xbCWM4ZwtfD6wjyN26Llt+Dd
j3Giub8f+PtM+G+gf2xqy3D2nnJDi2QO+5s44JHHFYnw5+Nfh74o6heWejJerLaxCaQ3UIQbScDG
GPNfrc8fhaeIWFlUSqPaPU/FIZbjKmFljYUm6Ud5W0X9XR39fnd8S9Ph0z4heJbSAAQRajOqADgD
eeK++fF3iiy8GeHL7WdQkEdtaxlyCeXb+FR6knAH1r87tSvrnxDrVzduDJeX1w0hUcku7Zx+ZxX5
jx/WpuOHoLWd2/Rbfi/yP1zw0w9VTxOJekLJer3/AAX5nv8A8QNAbxT+z38PtRu9X0jRIbKMJLea
5fJaQgMuxV8x+MnaOM1h+LrDRte+CPgpIvHfgopo91cWdxqDeILcWgkcl0iEudpfaAdvXHauZ/4K
d6D/AMIv+wNFpJwWs73TIWP+0G+Y/nmvzbjRR/wTvmbAyfiWuTj/AKhpr6uHDWFxFLnxHNzzhGMr
P+Xl8t7xR8dPivGYaqoYbl5KdSc4XX83NvrtaT/A/bb9nu703w/8HIZZvEWh6hp1nLcNLqem6jHc
Wca7yxzMDtGM85PFWvDX7UXwh8Ya+uh6L8S/C+pau7+XHZwapCZJG/uoN3zH2Ga/KDwt8Nvin8Wv
+Ccvgrwz8NtGv9ZtZ/FmpXGswWMyRqY0VPKEhZlyu4k46ZUE9BXzv8fPBXhH4c+GvhnYaJNFF48j
02dvFsFte/aPs96Ll/KBZWZFby8cIeMDPNfVYXDQwlCGHp/DFJK/ZHx2MxM8biKmJq/FNtu213qf
0HeKvir4K8C3sdn4l8YaB4evJI/OS31XU4LaRkyRuCyMCVyCM9OK8B/bf/bAm/Z7+EVz4g8BXnh3
xD4ks9Rsbe7sbuQ3C28FzHK6O6xSKylhGCpJwQc4ORX5d/8ABQTxPd+NR8Bte1CaS51C/wDhvps1
xcTHMksm+Xc7HuSckn3q/wCKfgT8QPhj+w94o8ZeOYlij8b65od7p5lufNuZI1iu23yj+HKuhAJz
jsK6rHJY/Sb9in9tOT44fA+98b/FDUfC3g2ZNcm0m3cXH2G3lCQxSAAzytl/3h4B6AcV8Gf8FjNY
sPEPx68F6npV9banp114Wilt7yzmWWGZDcT4ZHUkMPcGvkbTfFGq+N/Cng74YWzCGzXXJbmPcwCv
c3XkQhm+ixKMn1NfVH/BWfwlZ+APir8M/DGnxpFY6N4KtNPgVBgbI5ZlHH4UAch/wUF8D3uhSfBj
xHNqIubPXvAumC3s8tm2MFvEj9eMMWB49Dmv0y/4JffDDU/ht+ynok+o6wNWXxHINctUXf8A6JDL
DEqw/MexQn5cDmvz/wD+Cln/ACTz9mP/ALEeP/0CCv1I/Yh/5NE+En/Yu2n/AKAKGDPb6KKKkkKK
KKACiiigAooooAKKKKACiiigAooooA81/aZ0m+179m/4raZplncajqV74T1a2tbO0iaWaeV7OVUj
RFBLMzEAKASSQBUvw1+GWq+FfFXifxV4j1yw1vxHr8Nna3D6RpR020SG284xbYmmmcuTcSbnaRiQ
EAwEArutW1ax0HSrzU9TvLfTtNsoXubq8u5VihgiRSzyO7EBVVQSWJAABJrA8DfFfwR8T/tv/CG+
MfD/AIt+w7PtX9hapBe/Z9+7Z5nlM23dsfGcZ2tjoaYzwT4I2WseGofA19feG9dt7nwH8Pb7R/EK
NpcySajqJlsXH2bKj7WzNZXbhot4JuF5y+K9k8D+G7jQfhPMviLSv7Z1nUrafUtb02NEmN1czgyT
WyhyFdRu8lA5A2IikgCu5sdRtNUgaayuobuFZZIGkgkDqJI3aORCR/ErqysOoZSDyDVbS/EWla5s
/s3U7PUN9rDfL9luEl3W827yZhtJyj7H2t0bY2CcGgDwv4e+FNK+LXjH4l3mpeFdWj8Ea7puh2Md
p4h0mbSXY2puTJZC3dY3e3jLRtuZSJDcTJueJVVfJNN8D+JrL4H2Ph278M64dW8SfBfQvCukhdLm
k/szVo4rlZluCF/0Uq1zaOWl2D/RjzlMV9wUUAeB2uk674T/AGmbo+HtV8QX2leJ9TOp+JNLudCM
ek2UKaRHbRTQ37QjzJzNZ2qmNZmG2V8xqULHG+J3wk8UXfxo0xfDeoA6L4j8S6X4o14T6KXNkNNW
3AEeoeaFQSi1hj+ziN3JllYMqGTP0rRQB8q/Eb4TTaJ4/wDivqPhzwxeyWep2vg3Wb9raCSZtWe2
12/udRiUnPnSfZVRPKBJCPEgUKUFRfE/4Xf8LO/Z7/aIuZ/DOo6hHrk+o614a0e5sZ4bl549EgtY
nFowVy7XME0iI6ZLMjhd2019X0UAFFV31G0i1CGwe6hS+niknitmkAlkjQoruq9SqmSMEjgF1z1F
CajaS6hNYJdQvfQRRzy2yyAyxxuXVHZeoVjHIATwSjY6GkIsUUUUAFFFFABSEBgQRkHgg0tFAHy1
8bLn9lz4YeMRY/ES+0nw5r97AL8WrXV3CXjZ2USbIW2jLI46Doap/Edf2U/gxqlhp3jHUtP0C+v7
Rb+2t7nUr9mkgYlVkwrnAJVgM+hr8xv+CkWuXnxS/a++J19YI0um+FYbaxmdjgRJEIoX/O4lYD/e
rkPGPiDUP2lf2kfC3ibxen9meH/EU0Cwxs4YwaRat5LnAx0SCX6sGPeu5YzEpWVWX3sw+q0Hq4L7
kfsP8PdE/Zz+JvinWPDXhKW11rXNGTdf2lvfXu+3G7b8zM4GcnGM5/KvSU/Zz+Hkf3fD/wCd7cH/
ANqV+T/wg/bH+N3xAutH8B+G9bj0fxN8Q/EXlW3iW5sbcNp9grBdkYWMb8MZCzNlv3YC4JJr1v8A
aG+Jv7Qn7JPgTx8t78atL8Y6beXlrp2g34mhfWrO4EokkZ4RGQimOOdGDM2Dtxgmj65if+fsvvYf
VaH8i+5H6GJ8AfAcYwuhYH/X5P8A/HKsJ8EPBMYwuiKB6faZv/i6/Mb4e/EP9qrxv+0PofwN8Q/F
ubRNR1bT7TVtUv7O1hNxp1uLUz+SjBFHmFHTcV6uR8xCnNvT/j1+1E3g/wCMvhPwN4luPHkPh7Xh
Y6T4tuIoBqFxbxyyxzLagjE7nbEflDMo37TkjE/WsQ/+XkvvY/q1H+Rfcj9NF+DXg5TkaMuf+viX
/wCLp4+EPhEdNHQf9t5f/iq/KLwH+3f4q+FC+LdYuPiN4w1jWdM0hY38AfEHTkeR9QkMcbSpcoQU
SKR/M8sohKAr1+Ybfjv4z/tA/BX4X/Bn4tXXxhvvEXif4gXYnHgue0hNkbVwHjCoAOqvEDtCkGUA
HjJn6zX/AOfj+9j+r0v5V9yP0P8AEnib4L+CfG+neENa1rR9N8UagnmW+lT3r+eyYJ3Fd3yrhWOW
wMA+lek+Ebzw/qGkCfw3eWN/ppYoJ9PuFnjLDqN6kjI9M1+FviD/AIS+/wBU/aW+KB+IuoX93oLx
eGJNXnsYfP1pLqc2piIPEC+RA7Ex8gKFyN1fp5/wT9+AfiH4TfALwDJfeMtRntLy1/thvD72kUcN
uLqFX8gkZYlXdn3E5JOMADnOdSpNWlJv5lqnCGsUkfWNFFFYlHlH7Qfwkb4l+GY7jT0X+3dO3Pb5
OPOQ/eiJ98Aj3HvXxvoWvav4G8QR31hNLpuqWchUgjDKRwyOp6jsQa/R+vNPih8BPD3xMZryRW0z
WcYF9bKMv6CRejfXg+9fnPEnDNTH1Vj8A+WsrXW17bNPo1/Vj9U4V4tpZdReW5lHmoO9na/LfdNd
Yv8ADXR3PD/H3xok+LXwb1GG604WN/p15aNNJE+Ypd5cZUHlfu9Dn61ifs7+Nbf4eDxj4gureW7h
tbG3XyYSAzF59o5PA5NXfHPwa1X4S/DnxGb+7tb22vbyyWCW33AnaZCdykcfeHc1z/wb8IX/AI80
jxroemGIXtzaWhQzttQBbkM2Tg9ga+DnUzNZpQnXT+sqEuivdKfLotH09T9Ip0splk2IhhmvqrqR
vq7crdPm1eq6+hQ+Kfxl1v4qXifbNtlpkLFoNPhYlFP95j/E3v0HYV6B+zH8HZ9c1iDxbq0Bj0qz
bfZJIMfaJR0cD+6vXPc49DXa/D79knTNHnjvPFF4NZmQ5FlCpS3z/tE8t9OB9a+gIYI7aFIoY1ii
RQqIgAVQOgAHQV9Tk3DOMxGLWZZy7yTuovVt9L9El0S/BaP43PuLcDhsE8qyKNotWckrJLry31bf
WT/F6r40/wCCuETyfsa6uyqWVNXsGYgfdHmYyfxIH41+UyeMdDH7DUnhc6rbf8JGfiAuoDS9/wC/
+zf2eU87b/c3fLn1r9+fi1pfhHWPhr4jtvHtnb3/AIP+xySanDdRNKnkoNzNtUFsjbkFfmBAI5xX
jOk/8E7v2dbTw8+nQ/DexuLO4nW8MlxcTvMW2kKBIX3hQGPy5xz0zX60j8WR+VXirxfrugf8E3Ph
zpmmald2Gm6r4v1VNQitpGRbhUSMokmOq5LHaeDjPavKvjDaeArT4O/Bn/hFJbGXxJNpl9N4mMD7
rhbk3RESzf3cRgbR6c98n9vPCX7PP7PvxM+C0vgvw74e0fXfh7Bqc0iw2k8skcd4vyyPFNu3Bucb
kbGKpp/wTt/Z4XRbDS2+GmnSW9mXaN2nn81i+NxeQSBnPyj7xOMcYp3Hc/In9tL/AJFT9nT/ALJn
pv8A6Mmr7m/4KI/8o1/hv/100P8A9I3r6s8X/sR/BLx7baDBrvgKzv4tC06PSdOVridfs9qhYpGN
sgyAWbk5PNdX8Qfgj8OPiL4G0b4feK9Es9R8O2piOn6RPcOmDBGUTZtYM2xGI6ng80XC5/PHqPgW
fRPhL4S8e2haM3ur3untKG+7LbrbyIR6cS/pX0n/AMFOvHUXxO8XfB/xbC5kXWvAVjesx673lmLj
8GyK/Ubw7+yJ+z344+FtnoeleCLG98GR6pc38Ft5lygF4v8Ao0z/ADMHz+52c8HYCOxq9rv7CHwJ
8TWGiWWqfD6zvLbRbT7BYI91cfuIPMeTYCJMkb5HPOetFwufmV/wUts5l+GH7MF0Y2+zt4LSISY4
3CO2JGfXDCv0N/4JvfF7w78T/wBlrwlp2hyXD3fhWyg0XU0nhKBLhIwSFPRlIIII9a9X8YfAP4Xf
FDwZp/gbxB4Z0rXtC8PLFBa6dKxZ7DbEFjCsG3ofL29xkYzmr/wg+BHgT4CaPfaV4C8PQeHbC9nF
zcQwSyOJJNoXcS7MegApXFc76isvw34m0rxfpCapot9FqOnySSwpcwHKM8cjRSAHvh0ZfwrUpCCi
szRvEmmeIZdTj029ivH0y7awvBEc+TOqK7Rn3CuhP1rToAKKKKACisu28TaVeeI7/QYL6KbWLC3h
u7qzQ5eCKZpFiZ/TeYZcZ5Ow1da9t0vI7Rp4lu5I2lSAuN7IpUMwXqQC6gntuHqKAJ6KzPDXiXTf
F+i22r6Rc/a9PuN3lTbGTdtYqeGAI5Ujkdq06ACik7jg/gKUj8ecfrTGFFBGD1FB4GTwM4osFjzX
9pnSb7Xv2b/itpmmWdxqOpXvhPVra1s7SJpZp5Xs5VSNEUEszMQAoBJJAFHwR8Sw61pWp2i+IPG/
iae2mWV77xv4Xk0SZVdcLHEDYWaSqDGxJVGZS/zNgoK9B1TU7PRNNu9Q1C7gsNPtIXuLm7uZBHFD
GgLO7u2AqqASSTgAHNZ974z8P6a+pJea7ptq2mWaahfLPeRobS1bftnlyfkjPlSYdsKfLfn5TgA8
T+G95rvh3V/D0sWvzzaPr3jvxPpc2iyW0HkRKtzq1yJUkCebv8y15y5Xa5G0EZrz7VNR1Xxv4Vsf
EOo+ILvTL2Xwx8O9Z1TVLWK2Xj+1LuSedxJE0aLHlp+FABiGcpuRvsaigD57n+J2pweOrOws/HB1
GVdQ0m00zRjBayf8JBps8VubjU98cYY7fMuH3wlYl+z4K/OKv+FPFfix/EnhnUb3xNPf6frXjHXv
Dz6RJZ2yQQ29s2ptAyOkYk3qLGNSS5BVjkbvmPutFAHwTeaR4k8Q51u00rU5/HMhAkurXQ1vGt7p
9Jdg7X3kvLC8eqmOLyVkRIoowTGE3NXuHj74n6tovxCuNNPjZtFvbXxDoOm2Hh0W9qTqtlcz2a3N
yxkiaQg+dcR5iZFQw88kV7SfAfhk+KF8S/8ACO6T/wAJGilV1j7DF9sAKlSBNt342kjr0OKua7oF
h4lso7TUoPtNvHdW96qb2XE0EyTwtlSD8skaNjocYIIJFFwueN6D8Zbm/wDFXhXwzLr0EniGTxpr
Wn6ppgSMTpp8UeqSWgdAuUUpDZsr8Fwuctl8+eL+0F4ov08dahpmvobQ+C9c1+xsZrm0urvR7q18
jyo5Yo7WPyWXzzmKZ52yo3EYO/6t1bVrHQdKvNT1O8t9O02yhe5ury7lWKGCJFLPI7sQFVVBJYkA
AEmnX+pWmlQLNe3UNnC0scCyTyBFMkjrHGgJP3md1VR1LMAOSKAPDfiVdeI/CHxW8L3FlcXuv3t1
outGS4+zQsNLt2utHEkkUKBWlSMKzKhMkhLYJYDAzfjdqmpazLqumx+K7uz0HR4vB2tf2hapaNhX
1i4FxdO7wsu1Y7eKfIAQG3BxsMiv9C2OoWupwtNZ3MN3EsskLSQSB1EkbskiEj+JXVlI6gqQeRVi
gDzLxb8RItK8ETw6Dr/9r6naWWlXU+rmJJtthd3HknUcxosL4jiuZsINv7rO0KQDw2vfExbO10iK
H4u+V4Zma/LeNBZ2cm+4iS2MFnvEX2eTf5s7ZjRS3leWpDgk/Q1FAHzX4q8feP7jw54l1xdfufC9
74f+Hem+KJNHhsbaSN7+RdQeaKUyxs4T/RUQqrKRjIIOc9/oviq+8A+JvHVn4s8UXGs6JoWg2PiC
TULy0iSS3SRr4TqFt413Iq2YZRtZ/mYZbivVaKAPnj4pfGPWdG+L2naRo+rx6dFZ6vpGmXuk3t5b
Kb+K7uIEeeG2Nq88iqtzt8wTxIHjIwxUq2loPxlub/xV4V8My69BJ4hk8aa1p+qaYEjE6afFHqkl
oHQLlFKQ2bK/BcLnLZfPutFAHx9q/wDwTz+DnjLXvi3DL4n1u51rx3eC/wBYhh1G2aexP2z7VthX
yiUQvtX5w3yqBnPNU/E//BO74IX/AIxsnufE+raXqFv4eTwzY6Ump2q+Tbm2NsHRHiLmVg7tuJOX
djjmvdfBHgXUtH8czXV54Y02FIr7UrxdeW6zNKtzMZFjVFAJwGAO/pt+XrVHVPAHiBfjxN4mh097
rRrhLOMvHPbgL5YYMXWRGfjII8sqeOvSvfWBwrqyh7bRQuneOrva17vda2evRrqfOvMMWqMJ+xd3
PlatLSNr3asno9LrTqn0PFfF/wDwTm+Clj8PPBHhaXxTrHhPUvDMs8mk+JI9VgttSYSTNK6sxQKw
DvwVUFeMHk5NQ/4JkfArSvBGjWGo6lq1tBbammqX+tXeoQC41if+FbmV4yCnzPhE2/fY8k5r2n46
fCzX/iBrdjdaM0MS2+kX9t5kqxODLIE2JhwcBtpG8cr1yK6bxL4Gk1X4IXHhe206MXg0X7JbWlzI
JPKlEO1BvPGVP8X41CwmE9lh5utrN2ktPdV7X+7X/LS+jxuM9riIKjpBXi9fedr2+/T/AD1t458f
/wBiv4ZftD+JrP4kp4q1Xwbrtrbm3l8R+FdTjgE8CgptkchlG1cruUjg4OQAByfjD/gmN8BE+Gvh
/SoLi/8AB11o9x9ph8XW2oRx388rbSWlldSrZKKVAC7cfJtyc/Rvi3wNd3vwQv8AwvplnBFqEuli
2S3QrHH5pUbuenXJzVf4ueANT8b+BtD0ewCJcQajZTTu2w+VGh+dgHBViBztIIPoazpYbDVKkFKr
yxc2ne2kVa0vnd/caVcXi6dObjS5pKCatfWTvePysvvPDPBX/BPH4MaX4a8Zal4l1jU/iTc+K7Xy
NQ8U+JdTSedI1dW3RTKAEYPGh3kk5jAzjIMPwu/4J1/CX4IeKNK8X654o1vxW2jBY9CHi7UYns9M
IO5DCm1V3DGVByoIyFyAR9D+OfA95ffBzVvC+mmO7v5dPa2iYxx26yuf4iqBUXJyeABmsv42eBtZ
8YeBdE0/SIBPe2WpWl3IgljRgkYO7aZAVzzxuBHqCKKGFw1apCMqtlKTT8oq1nrbe7+4MRi8VRpz
lGlzSjBNW6yd7xVr7WWz6nh+lf8ABOz4MW/wL8UeEG8Q63qHhzxBqceu3Ouy6nAZkmiDKrJKsQj2
jdJkMrcu3tj6M+DHg3RPh38MtB8MeHdZufEGkaVB9mh1C9vFu55RuJJeRcAnLdgABgAYFZniTwpq
2v8AwM1Dw/DY/Z9YuNOa3W1mli+/0+ZowqZPXgAc0fCPwbqfh2/8S6lf6Za6DFqs0DQ6VaSiRYvL
i2NIxUBdznkhfQd6UsLQWHqVfaLmjJpK6d1dfPW7d0re75oI4zEPEUqXsnyyim3Zqzs/KytZKzd/
e8mekUUUV457IUV84H/goj+z+pIbxzcDH/Uvan/8jUo/4KIfs/t08c3B/wC5e1P/AORq29jU/lZj
7an/ADI9S+NHw8u/id4LOi2d3DZTfaY5/NnUlcLnI4+tcn8CvgXqXwn1vVL6+1O0vku7dYVW3RgV
IbOTmucH/BQr4BHp43uT/wBy9qf/AMjVIn/BQH4EP08Y3h+nh3VD/wC21eNUyGjWx0cwnTftY7PX
z6fM96lxHiKGXzyyFReym7tWXl136I+h6K+fV/b2+Brfd8XXx/7lvVP/AJGqUft3fBJunirUT/3L
Wqf/ACNXt/V638j+5nz31mh/OvvR137SHg7XfH/wnvfD/hxbwapf3+nxefY6g1lJbQfbYTcTeYro
cRwiV9gJL7du1s4r5h8a+AvHXgDwt4n8c+KrjxJbG+8O+K5NStZPFNxPDJe3l+o0XS7aBLkiMqkh
VWhA+Zgu7JxXui/tyfBhuniXUz/3LOqf/I1OH7cHwbbp4j1Q/wDcs6p/8jU/q9b+R/cxfXMP/wA/
F96PGrb9m/4l+Etb8LeEvDcOv2vhzQrbRY9D16DxbJHYaOsUnm6n9otPOEl3LKfMREZHiCOiDylU
irafs4fEHUPDfha81SXxhLruralquu+LLSHxnPCI08m9ey0uIx3SpHE0tzEreRhT5ZLMPlI9dT9t
r4PyHC6/qzH28L6r/wDI1P8A+G0/hH/0G9Z/8JbVf/kan9Wr/wAj+4n69hv+fi+9Hz/pnwB+NXg3
TLe2J8Y+J9GuLLQIfEenQ+NmW/1WeOzuzfvb3E1z/o6m5ks43CPFuigYLuzk9B4G+APjO38ZfCrU
/F3hTxJqiaF4Y1SB3h8ZOTp9/NdtcJHLJ9qEky7EjhRh5gIdTJjylK+y/wDDZfwo/wCgtrv/AISe
rf8AyLUUv7anwjg/1mta1H/veFdWH/ttTWGrvam/uZX1zD/8/F96PBfD/wADPjpaDwXpWonxFLd6
dp+hyWviCDxaY7PSJkcTaqlzbCfffTOxkhQuJI2QoCyAMT6h+zZ8I/iB4M8c6Vr/AIrm15HvvCbP
rkWo+JJNStjq8975vkpE8zqn2aJPLDxqqMJT8znJHTj9tn4QsMjXNYx/2K2q/wDyNUR/bk+DKnB8
R6sP+5X1X/5Gp/VMT/z7f3MSxmHe1RfejxXxT8BPijbeH/jDc+FNF1/RvFHiXxsb2e9s/EwLapoz
SkAWatdosEgjjh3bzA+0tGr7VTHU+CPg98Q/B/jPwna+ILLxp440DRdFtptKuv8AhMBBFZaiGmnu
EvoxcI90dxhhj3edGI1Ctj5mPoI/bk+DJ6eI9V/8JfVf/karNv8AtpfCS7IEGta1Nnps8K6sf/ba
j6pif+fb+5jeMw63qL70fPvw2/ZY+KHhxvB/h+eTxNpvhy9tdDk8Vy23i2WIfagL+61MwiO53RL5
psrbEAUP5juPu7wk3wO+PV94f8O6DKviaJk0pV0nU4/GXlJ4avpNRuJZJb8LOZL8xWz20cS/vkIi
ZWwXL19HJ+158MJDhdQ8QE+3hHV//kWpH/a1+Gka7mvfEIH/AGKOr/8AyLS+rV/5H9zH9cw//Pxf
ej5/8U/Bf4wzaDDaQ+H9au01W88S6nd2eh+K00f7Nqt1qDNp91czRTK8ltFb7SqRlmyBviJAC8xp
d3LL+0R4z0fxd8V9TvLfQfDd9/aGv2erXMdrbH7Hb2TQXdqsojtmjmlnnicRlpmfcGHl/N9QP+2F
8LY03NqWvqvqfCOr/wDyLUf/AA2V8Kf+grr3/hJav/8AItL6vX/kf3MPrmHX/LxfejA/ZXg+IN38
HL3x140N3qfjDW9PhWy0hLh4kS3toPLg8sTqvlvcv5lwzOoP+kIH/wBXgeHaf8FPjjbeDdPsL/QP
F2r2FzcanJcaePHz2moyXRitlsLy+uBeuqxqwumeK0k2lzG/ldI0+j/+GzPhP/0F9d/8JPVv/kWk
b9s74TL11jWx9fCmrf8AyNR9Wr/yP7mL65h1/wAvF96PIU+Fnxo8GavBrR0y+8ZarD4j0MalPp2q
21rLrOn2Oh+UZS0sqDa+oySu8b4IXlVfOarfDz4C+P7Xx3pXijxp4X13VdZh8AvDHdW3ispHbatP
Pe3F3aSBLpS2TPbxRsoaMeWG3qUQj2Zf20fhK7bV1nWmb0HhXVf/AJGq7Z/tafDfUIjJa3XiO4RT
gtH4O1hgPytKHh60d4P7mVDFUKjtGafzR896P8E/jnpWqeFbK5HiLULnQ7bQHsfESeLfKs7eO3hi
k1WCe0E2bq4uZxcRBpUePy5Y/nXYc1ZPgN8Z9A8EywwR+NdW1fVfCukxax9n8ZGRpdWa4kmu1Xz7
1dkMSRxW7eTLCXjuH2OxBI+lx+1H4Ab7reKT/wByXrX/AMiUN+1H4AT7zeKB/wByXrP/AMiVlyT7
HRzI7P4V6LfeG/hx4X0zVUaPVLXTLeK8je+lvSk4jXzFE8rNJIA+4BmJJGK6vOeg/WvCL39tj4Q6
ZctBd67rFtOp2mOXwtqysD9Da1UuP29fghaD994q1CL/AH/DWqD/ANtq1+r1rX5H9xz/AFqhe3tF
f1R9B55pcZ7V84t/wUK+Aife8Z3Y/wC5d1T/AORqhb/gon+z+nXxzcL/ANy9qf8A8jVPsKv8j+40
Vek9pL7z6E1zSrXXtIvdMvoxPZXsEltPGejxupVh+IJr4H8I/CP4kX+peGL/AFvQNT+0+JNSi8Ge
IWlt2Hl6XpjWTJdSf3Ypzp2o7XPB/tJME5TPuJ/4KL/s+H/mep//AAn9T/8AkamN/wAFGv2eE6+P
pR/3AdS/+RqXsai+yx+1h3N39pvRfHWt3PhnTvBWoa1ph19Lrw3eX+kvIF0xLh7eVtQbaQEeKG1u
VjkOCHnVQwMnPjMFr8b/ABr4dRribxb4d1zxPqtz4WvGiNxHHo0ZtdNjn1GJeAiKdO1B4JgAC94N
rAzc+iH/AIKS/s4r1+IjD/uB6l/8j04f8FI/2cW6fEQ/+CTUf/kep5J9i7nnMFr8b/Gvh1GuJvFv
h3XPE+q3Pha8aI3EcejRm102OfUYl4CIp07UHgmAAL3g2sDNz7L+zh4o8bT6FeXXj3SNfi1vWfER
sPInt5PJsBb6ZFHJKofGy1lns52R1G13uUI/1hNYB/4KR/s5D/mojf8Agj1L/wCR6B/wUi/Zzbp8
Q2/8Eepf/I9Hs59gueYXniPxxp9/8PIvP8fHxemjHV/GGm51FluJ7XX/AA8199jhP7uWMQPqCKls
CGil2YPmYOz458X+N/Gc/i23s9L8c6T4d1jxVJNpmry6VryXFnDDo+lpFFFaWc1rOkU9w9426SSO
BXjkMg3nA69/+Cgf7Ndxqtvqb+MUk1K2hltobxvDmomaKKRo2kjV/s2QrtFEWUHBMaE52jF3/h4r
+z3/AND1P/4T+p//ACNT9lU/lZHtYdzgtf8AC3xE8b/Bfxw3iWDxZd643wP01I9MV7lIbrXZrLWI
72M26EJNcZa3DR7WIJhO3IjI9I8UWXjS/wDCi/bl8QR+M9N8ceH7ieXQ7q8jsbiyfUrVZTCqFVe1
WzlnSaNwQDG7yA7UkNYf8FEP2fm+744uT/3L2p//ACNUq/8ABQf4CP08aXZ+nh3VP/kaq9hW/kf3
Mn21L+ZfeS/s6+G7f4N6F4u0xtK8Z3OqjxXdrNFfXGpahC1teaxctZ3Fu9zI0LKILlJbiSFi/wAr
tPmQc1L9/GL2vjf7MPFw+KIm10aIFF0ND8ry7j+zM7v9D2+X9lz/AMtfO3Z431ft/wBvX4HXf+p8
V6hKf9jw1qp/9tav2P7a3wh1O4W3tNc1m5nY7RHF4W1VmJ+n2Wn9XrfyP7iHiqC3mvvR5Zofh/xN
4q8XaBpGjXfxTsvhre6zZx3s+uXeqWmppKNJ1h7zM0xFxHbGZdKAIKxecSIjgiuy/Zx1Txv4V0aw
/wCEstPF2rC/8KeE7+6GpxTzzxazey3MGoj97gxrDstZJYVwIV3NsG7nul/aj+H7dG8Un6eDNZ/+
RKG/ak+H6EBm8Uj/ALkzWf8A5ErP2c+xvzI+cvjHcfGHxT8QfFUvhK28W6JeSw+INI/s6yh1hLfy
k0i+XTrxLuS5Firy3Mdo6C1gEiM6h5Q25X+hfhb421Hx98ZPGmpRad4p03wovh7RIrGPxBpV3p0T
XYuNUa6MUNwiHeFa1V2CgkLH1XYS28/a1+G2nxCS6ufEluhOA0ng/WAD/wCSlUn/AG0fhJG2H1nW
1PofCurD/wBta0WHrS2g/uMJ4mhTdpTS+aPb6K8SH7Z/wlPTWNcP/cq6t/8AItL/AMNmfCc9NW13
/wAJPVv/AJFo+rV/5H9xH1zD/wDPxfej0CT4WeGZJHdrCUs5LE/bJxkn/gdN/wCFU+GP+gfL/wCB
s/8A8XXA/wDDZXwp/wCgrr3/AISWr/8AyLUifthfC2QZXUfEDD28I6v/APItdvtMx/mn98ji9nlj
+zD7oieKm8F+E9dmsrjR5Jra2RHuZItSuGnQMrtlYQSWUBQScjrwCabrk/gnTNPaWDQdQmuCxVEu
Li5hT5W2yszbjhYzndwT6A1C37S/wlvEvSZNfkW9dZLjPhLWP3jKFCk/6L2CLx7VnT/tBfBRrmeW
4/t6V5fM3iXwprTr8+7eAptiAG3sSAACTnqBXsU8TK0eeNW6396Wui89Nb7dPM8WphY3lySpWe3u
x019NdLb9fI6MN8OQjM9nepsikmkXzrhiiKobJAc5yCDxnGecUqQeAnvHhGm3jBLdLlwlzcM8aEs
GdwHwFUBSWyfvDFcZd/tI/Aa3ihjur/xAqwZMfm6BrmVPPzAmDORk4PUdsVRh/aa/Z0tyxjv9UjZ
zmRl8PayDLkgkOfs+XBIBIbIJ5Iq/aSt/wAvvvf+f9fnPsl/05+5f5f1+XoEg+HkVpJdNp+oCBAJ
N7TXA3RHf+9XMnK/u39+OAcjPR6L8PvC+s2Rul0uaJPOljTN9OdypIyBvv8AfbnHvXj1z+07+zre
upk1DVWZYkgG3w5rK/u1ACocW4yvA4PB710Vh+2V8F9Kso7a11jWIbaMYRB4X1Y45z3tveuavUxD
gvYe15r9W9vvOqhSw6m/rHsuW3RLf5r9T03/AIVT4Y/6B8v/AIGz/wDxdbOg+GNN8MxzR6dA0Cyk
M4aV5MkdPvE15JD+2r8IrgZj1rWnH+z4V1Y/+2tSf8Nl/Cj/AKC2u/8AhJ6t/wDIteVU+vVI8tTn
a7O7PVpvLqUuanyJ91ZHtlFeJf8ADZvwl/6DOtf+Etqv/wAi0VzfVa/8j+5nT9dw3/Pxfej8BptQ
vfOf/Trnr/z1NRnVL5el/dD/ALamiivfTZ7Psaf8q+4kbVdRQYGpXg/7bGmr4m1gHjVb5fpcv/jR
RXRTbMfYUv5V9yJ08Wa7H93W9RX6XT/41YHjDxCm3b4g1Qf9vj/40UV3QbG8PR/kX3Il/wCE18SI
OPEWrD/t9k/xqX/hOPEyHaviXWAP+v6T/GiiuqByPD0f5F9yJ7fx34pVxt8U60v0v5P8avQ/EDxb
wP8AhLdc/wDBhJ/jRRXTE4auHo/yL7kaC/EHxh/0OPiD/wAGUv8AjUr+N/FMschk8V65JtHG/UJD
/WiiqR586FL+RfchE8b+KM/8jTrX/gfJ/jUWpeLvEWI2PiTWCWGDm+k/xoorfoc8aNL2i91fcUh4
x8SY/wCRl1j/AMDpP8a29C8c+KYoiU8U62m1+Nt/IP60UUol4ijS9m/dX3I6i0+I/jExhx4w19W9
tSm/+Kqtd/E/xtOxRvGviLavQDVJv/iqKKmWx8xShHn2Ma/+JXjU27g+NfETDPfU5f8A4qsVviP4
yx/yOXiDp/0Epf8A4qiis0fW0KFK3wL7kV2+I/jLH/I4a/8A+DKX/wCKqufiN4wf73i7XT/3EZf/
AIqiipO9Yej/ACL7kMT4jeL0k3L4s1xTjtqEo/8AZq3Y/ix4/sIBFbeP/FNvEp4ji1idB+jUUVjU
+E2o0KKatBfciNfjR8R1+78RfFq/TW7n/wCLqnL8bviQTg/ETxW311q4/wDi6KK4GlYuCVjFuviB
4quHMk3ijWZpHb5nkvpCT+tZ9x4r12ZcS63qU3+/dOf60UVc2+Q7aOGo83wL7kQjVdRfrqV4f+2x
po1S/dfmv7k/9tTRRXmyb7m/sKX8i+5CDULsj/j7n/7+GmNeXBPzXErfVzRRXHJs4VFdhpd8ffb8
6fFI3940UVhdnSwkd16O350wSSL0kf8AOiii7JsKL25A+W4lX6Oak/tC8UDF3Px/00NFFbxbMOVd
hRqd8BxfXK/SU04arqI6aleL9JjRRXTBvudsaNL+VfcTWvivXYR+61zUof8AcunH9a0LP4geKreQ
PD4o1mGRG+V476QEfrRRXp0W7GVbDUP5F9yNmP43fEgHA+InixfprVz/APF1cb41fEgkE/EXxa2P
XW7n/wCLooqIpGMoR5I6El18V/H1zA8Vx4+8U3EX/POXWJ2H/oVYsnxF8XuwZvFmuMcd9Ql/+Koo
r0aWxz1qFFz1gvuQ5fiN4wT7vi7XR9NRl/8AiqnT4leM8D/isdf/APBlL/8AFUUVsjmeHo/yL7kT
p8SPGeMf8Jl4g/8ABlL/APFVtaZ8SfGgtUx408RLz21OX/4qiiqitThrUKXJ8C+5G1ZfE/xvDJsX
xr4i2t1H9qTf/FVaufiP4xEe7/hMNfJ99Sm/+KoorSOx8jVjHnWhy2seOvFM8R8zxTrT7nXOb+T/
ABrD/wCEy8Sbf+Rk1f8A8DZP8aKKa3PpcNQpez+Fb9kXNM8W+Iv3jjxJrAZemL6T/GppfG/ihRx4
p1of9v8AJ/jRRVPYU6NL2r91fcJD438UxRr5fivXI8j+DUJB/Wkf4heMEHHjHxAP+4lL/jRRWLRv
ChS/kX3I0P8AhO/Fv/Q3a/8A+DGX/GiiioOn6vR/kX3I/9k=

------_=_NextPart_001_01C97294.48C4CE1C--

--===============0531422011==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============0531422011==--


From opsec-bounces@ietf.org  Sat Jan 10 08:32:01 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 6EA9F3A688E;
	Sat, 10 Jan 2009 08:32:01 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id D1E3F3A688E
	for <opsec@core3.amsl.com>; Sat, 10 Jan 2009 08:19:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.111
X-Spam-Level: *
X-Spam-Status: No, score=1.111 tagged_above=-999 required=5 tests=[AWL=1.110, 
	BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 2ldBGvnyz-vu for <opsec@core3.amsl.com>;
	Sat, 10 Jan 2009 08:19:41 -0800 (PST)
Received: from rebar.astron.com (rebar.astron.com [38.117.134.202])
	by core3.amsl.com (Postfix) with ESMTP id 186D83A684D
	for <opsec@ietf.org>; Sat, 10 Jan 2009 08:19:41 -0800 (PST)
Received: by rebar.astron.com (Postfix, from userid 10080)
	id 4CE715654E; Sat, 10 Jan 2009 11:19:24 -0500 (EST)
From: christos@zoulas.com (Christos Zoulas)
Date: Sat, 10 Jan 2009 11:19:24 -0500
Organization: Astron Software
X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103)
To: opsec@ietf.org
Message-Id: <20090110161924.4CE715654E@rebar.astron.com>
Subject: [OPSEC] Fernando Gont's "Security Assessment of the Internet
	Protocol"
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org


Dear Opsec Members,

I have read and reviewed Fernando Gont's paper
draft-gont-opsec-ip-security-01.txt "Security Assessment of the
Internet Protocol version 4", and I think it should be included in
the list of your Working Group items. I think that the paper is
unique in that it aims (and I think succeeds) to summarize *all* the
known flaws in various IPV4 implementations and the protocol itself,
and provides recommendations for implementers on how to avoid or
correct known pitfalls. This is the first attempt that I know of
to present this information in one place.

Best Regards,

Christos Zoulas
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Sun Jan 11 15:15:49 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 74C8C28C261;
	Sun, 11 Jan 2009 15:15:49 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 1F9E03A67B6
	for <opsec@core3.amsl.com>; Sun, 11 Jan 2009 12:39:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.383
X-Spam-Level: **
X-Spam-Status: No, score=2.383 tagged_above=-999 required=5 tests=[AWL=-0.357, 
	BAYES_05=-1.11, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35,
	MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6hyfSttwl6XN for <opsec@core3.amsl.com>;
	Sun, 11 Jan 2009 12:39:23 -0800 (PST)
Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147])
	by core3.amsl.com (Postfix) with ESMTP id 6DE973A6940
	for <opsec@ietf.org>; Sun, 11 Jan 2009 12:39:22 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP
	($Revision: 1.37.109.26 $/16.3) id AA234436236;
	Sun, 11 Jan 2009 21:37:16 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id
	VAA13907; Sun, 11 Jan 2009 21:37:11 +0100 (MEZ)
From: Alfred =?hp-roman8?B?SM5uZXM=?= <ah@tr-sys.de>
Message-Id: <200901112037.VAA13907@TR-Sys.de>
To: opsec@ietf.org
Date: Sun, 11 Jan 2009 21:37:11 +0100 (MEZ)
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
X-Mailman-Approved-At: Sun, 11 Jan 2009 15:15:48 -0800
Subject: Re: [OPSEC] Request for opions on accepting
	draft-gont-opsec-ip-security-01 as a working group document
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: base64
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Rm9sa3MsCnNvcnJ5IGZvciBjb21pbmcgaW4gYSBiaXQgbGF0ZSAtIGJ1dCB3ZSBhbGwgc3VmZmVy
ZWQgZnJvbQoiSGFzaCBSdXNoIEhvdXIiIGZvciB0d28gd2Vla3Mgbm93LCB3aXRoIHRoZSAoU290
aXJvdiBldCBhbC4pCk1ENSBkZW1vbnN0cmF0aW9uIGF0IDI1QzMgdHJpZ2dlcmluZyB0aGUgcmVu
ZXdhbCBvZiBxdWl0ZSBhCmNvdXBsZSBvZiBkaXNjdXNzaW9ucyBhYm91dCBJRVRGIHdvcmsgaW4g
cHJvZ3Jlc3MgLi4uCgpUaGlzIGV2ZW50IG9uY2UgYWdhaW4gaGFzIGNsZWFybHkgc2hvd24gdGhh
dCB0aGUgSUVURiBoYXMgbm90CnByb3Blcmx5IGZ1bGZpbGxlZCBpdHMgbWlzc2lvbiB0byBtYWlu
dGFpbiBpbXBvcnRhbnQgSW50ZXJuZXQKcHJvdG9jb2xzIGFuZCBib29zdCB2ZW5kb3JzIHRvIHRh
a2UgcHJvcGVyIGNhcmUgb2Ygc2VjdXJpdHkKdGhyZWF0cyBpbiBhIHNlbnNpYmxlIGFuZCBpbnRl
cm9wZXJhYmxlIHdheS4KCkRvY3VtZW50cyBsaWtlIHRoZSBTZWN1cml0eSBBc3Nlc3NtZW50IG9m
IElQIGNhbiBwbGF5IGFuIGltcG9ydGFudApyb2xlLCBpbiBwYXJ0aWN1bGFyIGlmIHRoZXkgaGF2
ZSB1bmRlcmdvbmUgYSBicm9hZCByZXZpZXcgLS0gbm90Cm9ubHkgYnkgcHJvdG9jb2wgcHVyaXN0
cywgYnV0IGltcGxlbWVudGVycyBhbmQgb3BlcmF0b3JzIGF0IGxhcmdlLgoKSSBhbHJlYWR5IGhh
ZCBzdXBwb3J0ZWQgdGhpcyB3b3JrIGVhcmxpZXIsIGFuZCBJJ20gY29uZmlkZW50IHRoYXQKYWRh
cHRpbmcgaXQgYXMgYSB3b3JrIGl0ZW0gb2YgdGhpcyBXRyBncmVhdGx5IGluY3JlYXNlcyB0aGUg
Y2hhbmNlcwpvZiBhcnJpdmluZyBhdCByZWFzb25hYmx5IHF1aWNrIHByb2dyZXNzIHRvd2FyZHMg
YSB1c2VmdWwgSUVURgpwdWJsaWNhdGlvbiBwcmVzZW50aW5nIHRoZSAnc2VjdXJpdHkgc3RhdGUg
b2YgdGhlIGFydCcgZm9yIElQIC0tCnVuZm9ydHVuYXRlbHksIHByZXZpb3VzIGF0dGVtcHRzIHRv
IHN0cmVuZ3RoZW4gYW5kIGNsYXJpZnkgdGhlCnNwZWNpZmljYXRpb25zIGZvciBJUCBoYXZlIG5v
dCBmb3VuZCB0aGUgbmVjZXNzYXJ5IHN1cHBvcnQgd2l0aGluCnRoZSBJRVRGIG92ZXIgbWFueSB5
ZWFycywgZHVlIHRvIHZhcmlvdXMgY2lyY3Vtc3RhbmNlcy4KClRoZXJlZm9yZSwgSSBzdHJvbmds
eSByZWNvbW1lbmQgdG8gdGFrZSBvdmVyIHRoaXMgd29yaywgYW5kIEkgaG9wZQpmb3IgYSBicm9h
ZCBhbmQgc3Ryb25nIGNvbW1pdHRtZW50IG9mIHRoZSBXRyB0byBsZWFkIGl0IHRvIHN1Y2Nlc3Mu
CgpCZWluZyBidXN5IHdpdGggb3RoZXIgdG9waWNzLCBJIGRpZCBub3QgaGF2ZSB0aGUgdGltZSB5
ZXQgdG8gcGVyZm9ybQphIGNvbXBsZXRlIHJldmlldyBvZiB0aGUgZHJhZnQgdW50aWwgbm93LCBi
dXQgSSB3aWxsIGRvIHNvIGFzIHNvb24gYXMKcG9zc2libGUgLS0gYW5kIHRoYXQgcmVhc29uYWJs
eSBtZWFuczogYmFzZWQgb24gYW4gZHJhZnQtb3BzZWMtLi4tMDAKdmVyc2lvbiBJIGhvcGUgdG8g
c2VlIHNvb24hCgpNZkcsCkJlc3QgcmVnYXJkcywKICBBbGZyZWQgSM5uZXMuCgotLSAKCistLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0rCnwgVFItU3lzIEFsZnJlZCBIb2VuZXMgICB8ICBBbGZyZWQgSG9lbmVzICAgRGlw
bC4tTWF0aC4sIERpcGwuLVBoeXMuICB8CnwgR2VybGluZ2VyIFN0cmFzc2UgMTIgICB8ICBQaG9u
ZTogKCs0OSk3MTU2Lzk2MzUtMCwgRmF4OiAtMTggICAgICAgICB8CnwgRC03MTI1NCAgRGl0emlu
Z2VuICAgICB8ICBFLU1haWw6ICBhaEBUUi1TeXMuZGUgICAgICAgICAgICAgICAgICAgICB8Cist
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0rCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fXwpPUFNFQyBtYWlsaW5nIGxpc3QKT1BTRUNAaWV0Zi5vcmcKaHR0cHM6Ly93d3cuaWV0Zi5v
cmcvbWFpbG1hbi9saXN0aW5mby9vcHNlYwo=


From opsec-bounces@ietf.org  Sun Jan 11 16:37:19 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 8313828C0E1;
	Sun, 11 Jan 2009 16:37:19 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id C73FF28C0E1
	for <opsec@core3.amsl.com>; Sun, 11 Jan 2009 16:37:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.598
X-Spam-Level: 
X-Spam-Status: No, score=-1.598 tagged_above=-999 required=5 tests=[AWL=1.193, 
	BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1,
	SARE_RECV_SPEEDY_AR=0.808]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lHXGTkN9dN0W for <opsec@core3.amsl.com>;
	Sun, 11 Jan 2009 16:37:18 -0800 (PST)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80])
	by core3.amsl.com (Postfix) with ESMTP id C896E3A6407
	for <opsec@ietf.org>; Sun, 11 Jan 2009 16:37:16 -0800 (PST)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56])
	by smtp1.xmundo.net (Postfix) with ESMTP id 21DB46B68F4
	for <opsec@ietf.org>; Sun, 11 Jan 2009 21:37:04 -0300 (ART)
Received: from notebook.gont.com.ar (201-254-55-114.speedy.com.ar
	[201.254.55.114] (may be forged)) (authenticated bits=0)
	by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id n0C0aiPF007451
	for <opsec@ietf.org>; Sun, 11 Jan 2009 22:36:46 -0200
Message-Id: <200901120036.n0C0aiPF007451@venus.xmundo.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sun, 11 Jan 2009 21:29:48 -0300
To: opsec@ietf.org
From: Fernando Gont <fernando@gont.com.ar>
Mime-Version: 1.0
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by
	milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]);
	Sun, 11 Jan 2009 21:37:02 -0300 (ART)
Subject: [OPSEC] Fwd: Fernando Gont's "Security Assessment of the Internet
 Protocol"
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hello, folks,

This one is probably is waiting for moderator approval. I'm 
forwarding it to the mailing-list for your convenience.

Thanks!
Fernando




>From: christos@zoulas.com (Christos Zoulas)
>Date: Sat, 10 Jan 2009 11:19:24 -0500
>Organization: Astron Software
>X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103)
>To: opsec@ietf.org
>Subject: Fernando Gont's "Security Assessment of the Internet Protocol"
>Cc: fernando@gont.com.ar
>
>Dear Opsec Members,
>
>I have read and reviewed Fernando Gont's paper
>draft-gont-opsec-ip-security-01.txt "Security Assessment of the
>Internet Protocol version 4", and I think it should be included in
>the list of your Working Group items. I think that the paper is
>unique in that it aims (and I think succeeds) to summarize *all* the
>known flaws in various IPV4 implementations and the protocol itself,
>and provides recommendations for implementers on how to avoid or
>correct known pitfalls. This is the first attempt that I know of
>to present this information in one place.
>
>Best Regards,
>
>Christos Zoulas

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Sun Jan 11 16:52:18 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 1889828C27C;
	Sun, 11 Jan 2009 16:52:18 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 2022528C27C
	for <opsec@core3.amsl.com>; Sun, 11 Jan 2009 16:52:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id oZzPfaaYltLZ for <opsec@core3.amsl.com>;
	Sun, 11 Jan 2009 16:52:16 -0800 (PST)
Received: from linuxbox.org (linuxbox.org [24.155.83.21])
	by core3.amsl.com (Postfix) with ESMTP id 3E96D28C160
	for <opsec@ietf.org>; Sun, 11 Jan 2009 16:52:16 -0800 (PST)
Received: from linuxbox.org (ge@localhost.localdomain [127.0.0.1])
	by linuxbox.org (8.13.8/8.13.8/Debian-3) with ESMTP id n0C0poe9023522
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sun, 11 Jan 2009 18:51:50 -0600
Received: from localhost (ge@localhost)
	by linuxbox.org (8.13.8/8.13.8/Submit) with ESMTP id n0C0pnvH023519;
	Sun, 11 Jan 2009 18:51:49 -0600
Date: Sun, 11 Jan 2009 18:51:49 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: Fernando Gont <fernando@gont.com.ar>
In-Reply-To: <200901120036.n0C0aiPF007451@venus.xmundo.net>
Message-ID: <alpine.DEB.0.999999.0901111851290.5951@linuxbox.org>
References: <200901120036.n0C0aiPF007451@venus.xmundo.net>
User-Agent: Alpine 0.999999 (DEB 847 2007-12-06)
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.7.5
	(linuxbox.org [127.0.0.1]); Sun, 11 Jan 2009 18:51:51 -0600 (CST)
Cc: opsec@ietf.org
Subject: Re: [OPSEC] Fwd: Fernando Gont's "Security Assessment of the
 Internet Protocol"
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

I'd support the idea.


On Sun, 11 Jan 2009, Fernando Gont wrote:

> Hello, folks,
>
> This one is probably is waiting for moderator approval. I'm forwarding it to 
> the mailing-list for your convenience.
>
> Thanks!
> Fernando
>
>
>
>
>> From: christos@zoulas.com (Christos Zoulas)
>> Date: Sat, 10 Jan 2009 11:19:24 -0500
>> Organization: Astron Software
>> X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103)
>> To: opsec@ietf.org
>> Subject: Fernando Gont's "Security Assessment of the Internet Protocol"
>> Cc: fernando@gont.com.ar
>> 
>> Dear Opsec Members,
>> 
>> I have read and reviewed Fernando Gont's paper
>> draft-gont-opsec-ip-security-01.txt "Security Assessment of the
>> Internet Protocol version 4", and I think it should be included in
>> the list of your Working Group items. I think that the paper is
>> unique in that it aims (and I think succeeds) to summarize *all* the
>> known flaws in various IPV4 implementations and the protocol itself,
>> and provides recommendations for implementers on how to avoid or
>> correct known pitfalls. This is the first attempt that I know of
>> to present this information in one place.
>> 
>> Best Regards,
>> 
>> Christos Zoulas
>
> --
> Fernando Gont
> e-mail: fernando@gont.com.ar || fgont@acm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Thu Jan 15 04:03:46 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id DA6B83A690B;
	Thu, 15 Jan 2009 04:03:46 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 1E3B33A691A
	for <opsec@core3.amsl.com>; Thu, 15 Jan 2009 04:03:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id SVrorYUfloLg for <opsec@core3.amsl.com>;
	Thu, 15 Jan 2009 04:03:45 -0800 (PST)
Received: from av-tac-bru.cisco.com (odd-brew.cisco.com [144.254.15.119])
	by core3.amsl.com (Postfix) with ESMTP id C5E903A67A1
	for <opsec@ietf.org>; Thu, 15 Jan 2009 04:03:44 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost [127.0.0.1])
	by av-tac-bru.cisco.com (8.11.7p3+Sun/8.11.7) with ESMTP id
	n0FC3TQ27361
	for <opsec@ietf.org>; Thu, 15 Jan 2009 13:03:29 +0100 (CET)
Received: from kk-son (dhcp-peg3-vl30-144-254-7-191.cisco.com [144.254.7.191])
	by strange-brew.cisco.com (8.11.7p3+Sun/8.11.7) with ESMTP id
	n0FC3St29019
	for <opsec@ietf.org>; Thu, 15 Jan 2009 13:03:28 +0100 (CET)
Date: Thu, 15 Jan 2009 13:04:03 +0100 (CET)
From: Andrew Yourtchenko <ayourtch@cisco.com>
X-X-Sender: ayourtch@zippy.stdio.be
To: opsec@ietf.org
Message-ID: <Pine.LNX.4.64.0901151301470.3534@zippy.stdio.be>
MIME-Version: 1.0
Subject: Re: [OPSEC] Request for opions on accepting
 draft-gont-opsec-ip-security-01 as a working group document (fwd)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ayourtch@cisco.com
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Hi all,

It's my first activity on OPSEC, and I was a tad late to react - so 
initially sent unicast, but forwarding to the list now nonetheless FYI.

thanks,
andrew

---------- Forwarded message ----------
Date: Wed, 14 Jan 2009 19:54:34 +0100 (CET)
From: Andrew Yourtchenko <ayourtch@cisco.com>
To: Joel Jaeggli <joelja@bogus.com>
Cc: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [OPSEC] Request for opions on accepting
     draft-gont-opsec-ip-security-01 as a working group document

Hello Joel,

I've been only reading the mails on the WG up till now, so, given my very late 
reaction - not sure if it is still OK to send the opinion now - unicasting..

In my opinion this work is definitely something that should be adopted by the 
WG for further review and discussion.

To illustrate - one point, which rose upon a quick scan of the document:

With my security hat on, the trivially incrementing IP ID is obviously a Bad 
Thing(tm).

With my digger-debugger hat on, the trivially incrementing IP ID within the 
session more than once allowed to spot a misbehaving middlebox unknown to be 
there and save some real pain to real customers.
>From this operational perspective, the incrementing ID is a good property 
because it provides an ephemeral "identity" to the endpoint besides the easily 
spoofable IP address - hence allows to detect the latter.

So I think there might be more than just black and white, and it might be 
useful to discuss.

If the document gets adopted, I volunteer to review it in more detail.

thanks,
andrew





On Thu, 1 Jan 2009, Joel Jaeggli wrote:

>  I trust everyone had a eventful new year and I hope that for the sake of
>  our industry the next six months doesn't look worse than the previous
>  six months.
>
>  Working from the the action items it's time to test consensus on accepting;
>
>  draft-gont-opsec-ip-security-01
>
>  http://tools.ietf.org/html/draft-gont-opsec-ip-security-01
>
>  as a working group document.
>
>  Commentary will be accepted through Friday January 9th.
>
>  Thanks
>  Joel
>  _______________________________________________
>  OPSEC mailing list
>  OPSEC@ietf.org
>  https://www.ietf.org/mailman/listinfo/opsec
>
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Fri Jan 16 02:54:00 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 8DD1C28C1FB;
	Fri, 16 Jan 2009 02:54:00 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 4573C28C1FB
	for <opsec@core3.amsl.com>; Fri, 16 Jan 2009 02:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.528
X-Spam-Level: *
X-Spam-Status: No, score=1.528 tagged_above=-999 required=5
	tests=[BAYES_50=0.001, HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id HmTr5zkqTJu4 for <opsec@core3.amsl.com>;
	Fri, 16 Jan 2009 02:53:58 -0800 (PST)
Received: from web35306.mail.mud.yahoo.com (web35306.mail.mud.yahoo.com
	[66.163.179.100])
	by core3.amsl.com (Postfix) with SMTP id 7A1D03A6831
	for <opsec@ietf.org>; Fri, 16 Jan 2009 02:53:58 -0800 (PST)
Received: (qmail 20423 invoked by uid 60001); 16 Jan 2009 10:53:43 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=bismhv/7RULige+TE+XHl5XMitkm6jqvJ2zsRA2jJTPy+RqNBGL8XXE8D1Z9HwXl2cpfUp/w77aGvSm0aLKBX1B4Q3iZI6wbRyYTRmt5jlZ5oiaNFugougLcIw5xEF2IPy9e3LGYqKZzDU8a7s+eLyZIXnUEPBjGbG+FlH74QYY=;
X-YMail-OSG: FY27bKEVM1m15V1CkyHhjm0FiVC0WjYtwlemm7INaKFaUriGFWySy_MaHrWtBD2vf3zb8CKvVrr1m0R4XSgmzqzfWZ4aAUtueI1seHxfCvo_u8a4brU20LmLysyRXc9ju0H96xHdkZPRKSNs8sQx2rA_Wwh8MA1CtB6T9aiwODX7mhVemLiSX61RIK0z6Z_s_CT35y31gzUMnbRQZrNqhlxNuN2__Fuy4cL4JkN4
Received: from [94.249.25.221] by web35306.mail.mud.yahoo.com via HTTP;
	Fri, 16 Jan 2009 02:53:43 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Fri, 16 Jan 2009 02:53:43 -0800 (PST)
From: Alaa Al-Din Al-Radhi <alradhi2000@yahoo.ca>
To: opsec@ietf.org
MIME-Version: 1.0
Message-ID: <118153.19157.qm@web35306.mail.mud.yahoo.com>
Subject: [OPSEC] Cisco 2008 Annual Security Report
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1152915997=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

--===============1152915997==
Content-Type: multipart/alternative; boundary="0-1051656554-1232103223=:19157"

--0-1051656554-1232103223=:19157
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Dear Colleagues
=A0
A very good resource to read
=A0
http://cisco.com/en/US/prod/vpndevc/annual_security_report.html
=A0
Alaa
=A0=0A=0A=0A      _________________________________________________________=
_________=0AYahoo! Canada Toolbar: Search from anywhere on the web, and boo=
kmark your favourite sites. Download it now at=0Ahttp://ca.toolbar.yahoo.co=
m.
--0-1051656554-1232103223=:19157
Content-Type: text/html; charset=us-ascii

<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Dear Colleagues</DIV>
<DIV>&nbsp;</DIV>
<DIV>A very good resource to read</DIV>
<DIV>&nbsp;</DIV>
<DIV><A href="http://cisco.com/en/US/prod/vpndevc/annual_security_report.html" target=_blank rel=nofollow>http://cisco.com/en/US/prod/vpndevc/annual_security_report.html</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>Alaa</DIV>
<DIV>&nbsp;</DIV></td></tr></table><br>
      <p class="MsoNormal"> </p>

  <tbody><tr>

    <td style="padding: 0.75pt;">

    <div class="MsoNormal" style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">

    <hr align="center" size="1" width="100%">

    </span></font></div>

 

      <p class="MsoNormal"><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><img id="_x0000_i1026" src="http://us.i1.yimg.com/us.yimg.com/i/ca/iotg_search.jpg" align="absbottom" border="0" height="25" hspace="4" width="25"><a href="http://ca.toolbar.yahoo.com/" target="_new"><b><span style="font-weight: bold;" lang="NO-BOK">Yahoo! 
        Canada Toolbar :</span></b><span lang="NO-BOK"> Search from anywhere on 
        the web and bookmark your favourite sites. Download it now! </span></a> 
        </span></font><span lang="NO-BOK"><o:p></o:p></span></p>
--0-1051656554-1232103223=:19157--

--===============1152915997==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============1152915997==--


From opsec-bounces@ietf.org  Fri Jan 16 07:41:02 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id D5E1728C172;
	Fri, 16 Jan 2009 07:41:02 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id A2C1D28C124
	for <opsec@core3.amsl.com>; Fri, 16 Jan 2009 07:41:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level: 
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lA3oqbZqipQQ for <opsec@core3.amsl.com>;
	Fri, 16 Jan 2009 07:41:00 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id 7F0B528C172
	for <opsec@ietf.org>; Fri, 16 Jan 2009 07:40:59 -0800 (PST)
Received: from [192.168.1.118] (c-24-130-16-195.hsd1.ca.comcast.net
	[24.130.16.195]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0GFef82008084
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Fri, 16 Jan 2009 15:40:42 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <4970AA76.8090104@bogus.com>
Date: Fri, 16 Jan 2009 07:40:38 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/mixed; boundary="------------050508060207090708040904"
X-Virus-Scanned: ClamAV 0.94.2/8871/Fri Jan 16 04:16:59 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] [Fwd: BGP Session Teardown due to AS_CONFED_SEQUENCE in
	AS4_PATH]
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

This is a multi-part message in MIME format.
--------------050508060207090708040904
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

something to think about in the context of forwarding transitive
attributes that may not be understood by all devices in the path.

-------- Original Message --------
Subject: BGP Session Teardown due to AS_CONFED_SEQUENCE in AS4_PATH
Date: Fri, 16 Jan 2009 12:57:19 +0000
From: Rob Shakir <rjs@eng.gxn.net>
To: cisco-nsp@puck.nether.net, nanog@nanog.org

Strict RFC 4893 (4-byte ASN support) BGP4 implementations are vulnerable
to a
session reset by distant (not directly connected) ASes. This
vulnerability is a
feature of the standard, and unless immediate action is taken an
increasingly
significant number of networks will be open to attack. Accidental
triggering of
this vulnerability has already been seen in the wild, although the limited
number of RFC 4893 deployments has limited its effect.

Summary:
It is possible to cause BGP sessions to remotely reset by injecting
invalid data
into the AS4_PATH attribute provided to store 4-byte ASN paths. Since
AS4_PATH
is an optional transitive attribute, the invalid data will be transited
through
many intermediate ASes which will not examine the content. To be
vulnerable, an
operator does not have to be actively using 4-byte AS support. This
problem was
first reported by Andy Davidson on NANOG in December 2008 [0],
furthermore we
have been able to demonstrate that a device running Cisco IOS release
12.0(32)S12 behaves as per this description.

Details:

When a prefix is learnt from a BGP neighbour that does not support
4-byte ASNs,
the AS4_PATH attribute is retained, and appended to UPDATE messages sent to
other neighbours [1, 3]. RFC4893 specifies that AS_CONFED_SEQUENCE and
AS_CONFED_SET are invalid in an AS4_PATH, the intention of which is to
ensure
that an AS with a mix of AS4-aware BGP speakers, and AS4-unaware BGP
speakers
does not propagate confederation AS paths outside of the confederation
[1, 3].
Upon receiving an invalid BGP UPDATE message, a BGP speaker must send a
NOTIFICATION message [2, 6.3], after a NOTIFICATION message, the BGP
connection
is closed [2, 4.5].

Analysis of the Reported Path:

On 10th December 2008, a BGP update was propagated with illegal/invalid
confederation attributes in the AS4_PATH.  When this update was received
by AS4
aware BGP speakers, the RFCs described above were interpreted literally
and the
session was torn down. Because the illegal attributes were learned on a
transit
session, an affected network can have global reachability impaired.

Please note that the analysis of this path describes what we expect to have
happened in this case, it has not been confirmed by any of the ASNs
involved.

91.207.218.0/23
	Path Attributes - Origin: Incomplete
	Flags: 0x40 (Well-known, Transitive, Complete)
	Origin: Incomplete (2)
	AS_PATH: xx xx 35320 23456 (13 bytes)
	AS4_PATH: (65044 65057) 196629 (7 bytes)

In this data, the AS_PATH indicates that a prefix is announced by an AS4
speaker
(as indicated by AS23456) and propagated through by AS35320. The
AS4_PATH data
shows that the AS4 originator is AS196629, the rest of this path is an
AS_CONFED_SEQUENCE [3, 5]. It would appear that in this case, AS196629 peers
with AS35320, which is AS4-aware on this border. The prefix is then
propagated
through AS35320, with the AS4 aware routers appending their ASN to the
AS_CONFED_SEQUENCE. This is in contravention of RFC 4893 [1, 3]. The border
which announces this route to AS35320's upstream does not appear to be
AS4-aware. During normal announcements, the BGP speaker on a border with an
upstream ASN that is not part of the confederation will remove the left-most
AS_CONFED_SETs or AS_CONFED_SEQUENCEs that exist in the AS_PATH [3, 6.1] and
replace them with the confederation identifier. However, due to the fact
that
both AS_CONFED_SET and AS_CONFED_SEQUENCE are invalid in an AS4_PATH,
then no
such action is taken on the border between an AS4 aware AS, and a
non-AS4 aware
AS. In addition, since the AS35320 border is not AS4 aware, then it does not
update the AS4_PATH.

This malformed UPDATE is then sent to AS35320's upstream, if there are no
AS4-aware routers in the path between the AS35320 border, and an AS
receiving
this update, the AS4_PATH will not have been analysed. The first AS4-aware
router to receive this update will reset the session towards the
neighbour from
whom it receives the update.

The border which announces this route to AS35320's upstream does not
appear to
be AS4-aware; If it were a strict AS4 implementation it would reset the BGP
session due to the malformed AS4_PATH, and a broken implementation that
treats
AS4_PATH as an equivalent of the AS_PATH would sanitise the AS4_PATH. This
allows the AS4_PATH containing an AS_CONFED_SET to be passed to neighbouring
networks.

This escape of an AS_CONFED_SET from a network with only partial AS4
support is
exactly the situation that RFC 4893 attempts to avoid by forbidding the
presence
of an AS_CONFED_SET in the AS4_PATH. In the ideal world the neighbouring
network
receiving an UPDATE containing this obviously malformed AS4_PATH would
reset the
session, preventing further propagation and isolating the broken network.

Unfortunately the vast majority of networks do not support AS4 so pass
on this
malformed AS4_PATH to their neighbours. The first AS4-aware router to
receive
this update will reset the session towards the neighbour from whom it
received
the update.

Cisco IOS Behaviour:

In a lab environment, a Cisco 7200 running IOS 12.0(32)S12, which is able to
support 4-byte ASNs, was peered with a Cisco 2811 running 12.4(19). When
the BGP
session to the upstream 2811 is established by the 7200, the following log
messages are observed:

*Jan 16 11:29:58.531: %BGP-5-ADJCHANGE: neighbor 193.239.32.2 Up
*Jan 16 11:30:02.595: %BGP-6-ASPATH: Invalid AS path (65044 65048 65062)
3.21 23456 received from 193.239.32.2: Confederation found in AS4_PATH
*Jan 16 11:30:02.595: %BGP-5-ADJCHANGE: neighbor 193.239.32.2 Down BGP
Notification sent
*Jan 16 11:30:02.595: %BGP-3-NOTIFICATION: sent to neighbor 193.239.32.2
3/1 (update malformed) 27 bytes E0111803 030000FE 140000FE 180000FE 26
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0050 0200 0000 3540 0101 0240
020C 0205 3D25 2114 89F8 5BA0 5BA0 4003 04C1 EF20 02E0 1118 0303 0000
FE14 0000 FE18 0000 FE26 0202 0003 0015 0000 5BA0 175B CFDA

The configuration on the 7200 is as follows:

router bgp 65123
 no synchronization
 bgp log-neighbor-changes
 neighbor 193.239.32.2 remote-as 15653
 no auto-summary

The BGP session will continue to be reset each time the invalid AS4_PATH is
received.

Possible Impact:

During a BGP conversation, it is expected that a neighbour's UPDATE
messages are
sanitised by the immediate neighbour, during a 'normal' BGP
conversation, if a
BGP speaker receives an invalid UPDATE, it will teardown the session,
and this
invalid UPDATE will not propagate any further. In the case of optional
transitive attributes such as AS4_PATH, this invalid update can be transited
through many ASes, as the content of the invalid attribute in the UPDATE
message
is not examined.

In a hypothetical scenario, an AS4 aware service provider (A) has a transit
provider (T) that is not AS4 aware. BGP speaker B, a large distance from
A has a
bug affecting their equipment that introduces an AS_CONFED_SET in the
AS4_PATH.
Since B's updates are propagated through to A via T, A will tear down the
session to T due to the malformed attribute. This is an out of proportion
reaction as the update may affect only one prefix in a full BGP table.
If this
update is also propagated through A's other transit providers A may lose
full-table visibility until one of their transit providers filters the
route.
Examining the UPDATE message to establish which route caused session
teardown
may be a non-trivial activity.


Conclusion:

Whilst this description may be applied to invalid data in any optional
transitive element, it has a greater impact with AS4_PATH due to the large
number of BGP speakers that currently do not examine any 4-byte ASN data
in an
UPDATE. There has been a discussion of this matter on the IETF IDR
mailing list
[4], however, due to availability of Cisco IOS containing AS4 support
(12.0(32)S12), and an observation of this problem 'in the wild', we
believe that
it is of operational concern to those that are planning on deployment of
AS4-aware platforms [5].

Any input from the operational community relating to this problem is much
appreciated, either publicly, or privately.

Regards,
	Andy Davidson, NetSumo (andy.davidson@netsumo.com),
	Jonathan Oddy, Hostway UK (jonathan.oddy@hostway.co.uk),
	Rob Shakir, GX Networks (rjs@eng.gxn.net)

References:
[0]: Andy Davidson - 91.207.218.0/23 prefix in DFZ - AS3.21 / AS196629 -
     announced with AS_CONFED_SEQUENCE in AS4_PATH - propagated by 35320,
     http://markmail.org/message/3ofvjyggayfxezna
[1]: rfc4893: BGP Support for Four-octet AS Number Space
[2]: rfc4271: A Border Gateway Protocol 4 (BGP-4)
[3]: rfc3054: Autonomous System Confederations for BGP
[4]: Kaliraj Vairavakkalai, Juniper Networks, [Idr] RFC-4893 handling
malformed
     AS4_PATH attributes,
     http://www.ietf.org/mail-archive/web/idr/current/msg03368.html
[5]: http://as4.cluepon.net/index.php/Software_Support

Thanks to Will Hargrave (LONAP) for assistance with this document.


--------------050508060207090708040904
Content-Type: application/pgp-signature;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="Attached Message Part"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC40IChT
dW5PUykKCmlEOERCUUZKY0lRdUliSWhWY0IrYmVzUkFpQmFBSnNIdHpSMGR1bHhBUFpLd2Jj
empzNlgwWUNOTHdDZlZ3enAKd2MvMyt3MTN4UlVsbUhpTlJEYlRpV0k9Cj1RTitvCi0tLS0t
RU5EIFBHUCBTSUdOQVRVUkUtLS0tLQoK
--------------050508060207090708040904
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--------------050508060207090708040904--


From opsec-bounces@ietf.org  Sun Jan 18 01:26:01 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id B16DC3A68EC;
	Sun, 18 Jan 2009 01:26:01 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 6E5233A68EC
	for <opsec@core3.amsl.com>; Sun, 18 Jan 2009 01:26:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.485
X-Spam-Level: 
X-Spam-Status: No, score=-0.485 tagged_above=-999 required=5 tests=[AWL=0.254, 
	BAYES_20=-0.74, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id hF9xheansxIM for <opsec@core3.amsl.com>;
	Sun, 18 Jan 2009 01:25:59 -0800 (PST)
Received: from web35305.mail.mud.yahoo.com (web35305.mail.mud.yahoo.com
	[66.163.179.99]) by core3.amsl.com (Postfix) with SMTP id ABA983A67A4
	for <opsec@ietf.org>; Sun, 18 Jan 2009 01:25:59 -0800 (PST)
Received: (qmail 82006 invoked by uid 60001); 18 Jan 2009 09:25:44 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=Xv36lhO3xTzaztEuCIVELiqobOsw3E5KTpKkxik0tOo2ibVSqoYs8WW5v0IfVRZX1KWCuVKQg+oGfjFOm3sqoascSuYTBU72Xc0p9gMdtjwEJmyEHltQPqxAAYdCDSh6P57smfNZq4JYs1fsDPqNQ/vOTcWeK7W7TXe4lxH9onM=;
X-YMail-OSG: kyxVUIoVM1kOPFE0ZG3kycX7zfisDKSF2fbppQpNBiXPfGlsCuSl746Gg1dvn96cUJzo.ZP7rj6dLo6yb9e3ecwXFu5RTunVDDMPSVcP.8f6rcf83mR58Y2capUTluN.rcgRtyC6JUfLBUdppZ.xOB58imf.7n24H6dcm8RmbYDckvNbhUKXAfDsqWFjlxM8EI1IZADV1kC.AXmbh72C8y._5XcaW7sJlW0ieEp95QVdYE_S7l1kBdpWWl5Usqo-
Received: from [79.173.250.240] by web35305.mail.mud.yahoo.com via HTTP;
	Sun, 18 Jan 2009 01:25:44 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Sun, 18 Jan 2009 01:25:44 -0800 (PST)
From: Alaa Al-Din Al-Radhi <alradhi2000@yahoo.ca>
To: opsec@ietf.org
MIME-Version: 1.0
Message-ID: <248860.80193.qm@web35305.mail.mud.yahoo.com>
Subject: [OPSEC] IPv6 Latest Report 2009
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0026021429=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

--===============0026021429==
Content-Type: multipart/alternative; boundary="0-2048085602-1232270744=:80193"

--0-2048085602-1232270744=:80193
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Dear Colleagues
=A0
A new report on IPv6. May be you find it interesting
=A0
http://tinyurl.com/7q8kbw
=A0
Alaa=0A=0A=0A      ________________________________________________________=
__________=0ALooking for the perfect gift? Give the gift of Flickr! =0A=0Ah=
ttp://www.flickr.com/gift/
--0-2048085602-1232270744=:80193
Content-Type: text/html; charset=us-ascii

<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Dear Colleagues</DIV>
<DIV>&nbsp;</DIV>
<DIV>A new report on IPv6. May be you find it interesting</DIV>
<DIV>&nbsp;</DIV>
<DIV><A href="http://tinyurl.com/7q8kbw" target=_blank rel=nofollow>http://tinyurl.com/7q8kbw</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>Alaa</DIV></td></tr></table><br>



      <hr size=1>Now with a new friend-happy design! Try the new <a href="http://ca.beta.messenger.yahoo.com/"><b>Yahoo! Canada Messenger</b></a>
--0-2048085602-1232270744=:80193--

--===============0026021429==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============0026021429==--


From opsec-bounces@ietf.org  Sun Jan 18 09:47:31 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 009883A696B;
	Sun, 18 Jan 2009 09:47:31 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 19F593A685C
	for <opsec@core3.amsl.com>; Sun, 18 Jan 2009 09:47:29 -0800 (PST)
X-Quarantine-ID: <9msos1KvWFPD>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER, Improper folded header field made up entirely of
	whitespace (char 20 hex): Subject: ...rity-01  and
	draft-kumari-blackhole-urpf-02\n \n
X-Spam-Flag: NO
X-Spam-Score: -2.166
X-Spam-Level: 
X-Spam-Status: No, score=-2.166 tagged_above=-999 required=5
	tests=[AWL=-0.366, BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9msos1KvWFPD for <opsec@core3.amsl.com>;
	Sun, 18 Jan 2009 09:47:28 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id 3007B3A6A0B
	for <opsec@ietf.org>; Sun, 18 Jan 2009 09:47:27 -0800 (PST)
Received: from [192.168.11.143] (c-67-171-158-173.hsd1.wa.comcast.net
	[67.171.158.173]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0IHl9xJ033116
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Sun, 18 Jan 2009 17:47:09 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <49736B1C.4090701@bogus.com>
Date: Sun, 18 Jan 2009 09:47:08 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8874/Sun Jan 18 05:02:00 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] draft-gont-opsec-ip-security-01 and
	draft-kumari-blackhole-urpf-02
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

I have avoided up till now closing off discussion on acceptance, as
comments have continued to trickle in.

I will summarize and we can move on in the next day or so.

thanks
joel
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Tue Jan 20 07:59:56 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 5948228C13A;
	Tue, 20 Jan 2009 07:59:56 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id CD6B928C124
	for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 07:59:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id XKNNPG+44nDe for <opsec@core3.amsl.com>;
	Tue, 20 Jan 2009 07:59:54 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id C9A993A6880
	for <opsec@ietf.org>; Tue, 20 Jan 2009 07:59:53 -0800 (PST)
Received: from [172.168.1.103] (adsl-75-36-133-162.dsl.pltn13.sbcglobal.net
	[75.36.133.162]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0KFxZda048493
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Tue, 20 Jan 2009 15:59:36 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <4975F4E1.8050003@bogus.com>
Date: Tue, 20 Jan 2009 07:59:29 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8881/Tue Jan 20 14:48:51 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] draft-gont-opsec-ip-security-01
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Since the request on january 1, 8 people have voiced support for
accepting this document as a working  group document, with none opposed,
in  conjunction with the goodwill expressed in the previous working
group meeting, I think we can consider it accepted. I think it's
heartening that there were numerous offers for review or collaboration
on the doucment.
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Tue Jan 20 08:05:33 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 59B363A6C07;
	Tue, 20 Jan 2009 08:05:33 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id A3EC13A6C07
	for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 08:05:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.400, 
	BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5GanccIdRxye for <opsec@core3.amsl.com>;
	Tue, 20 Jan 2009 08:05:30 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81])
	by core3.amsl.com (Postfix) with ESMTP id 5AC2F3A6880
	for <opsec@ietf.org>; Tue, 20 Jan 2009 08:05:30 -0800 (PST)
Received: from [172.168.1.103] (adsl-75-36-133-162.dsl.pltn13.sbcglobal.net
	[75.36.133.162]) (authenticated bits=0)
	by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0KG5C7G048912
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <opsec@ietf.org>; Tue, 20 Jan 2009 16:05:13 GMT
	(envelope-from joelja@bogus.com)
Message-ID: <4975F632.8060007@bogus.com>
Date: Tue, 20 Jan 2009 08:05:06 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8881/Tue Jan 20 14:48:51 2009 on
	nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] draft-kumari-blackhole-urpf-02
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

Since the request on january 1, this has been no opposition to the
accpetance of this document, comment referming support for the document.
 in conjunction with previous discussion on the mailing list (9/05/08 to
~10/30/08) and in the working group (ietf 73) I think we can conclude
that the working group is prepared to house it.

Thanks
joel
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec


From opsec-bounces@ietf.org  Tue Jan 20 09:30:03 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id E55AA28C1F8;
	Tue, 20 Jan 2009 09:30:03 -0800 (PST)
X-Original-To: opsec@ietf.org
Delivered-To: opsec@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0)
	id 2068E3A6C0D; Tue, 20 Jan 2009 09:30:01 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20090120173002.2068E3A6C0D@core3.amsl.com>
Date: Tue, 20 Jan 2009 09:30:02 -0800 (PST)
Cc: opsec@ietf.org
Subject: [OPSEC] I-D Action:draft-ietf-opsec-blackhole-urpf-00.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org


--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF.


	Title           : Remote Triggered Black Hole filtering with uRPF
	Author(s)       : W. Kumari, D. McPherson
	Filename        : draft-ietf-opsec-blackhole-urpf-00.txt
	Pages           : 13
	Date            : 2009-01-20

Remote Triggered Black Hole (RTBH) filtering is a popular and
effective technique for the mitigation of denial-of-service attacks.
This document expands upon destination-based RTBH filtering by
outlining a method to enable filtering by source address as well. It
also defines a standard BGP community for black hole prefixes to
simplify associated semantics.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-opsec-blackhole-urpf-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Message/External-body;
	name="draft-ietf-opsec-blackhole-urpf-00.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID: <2009-01-20092602.I-D@ietf.org>


--NextPart
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--NextPart--


From opsec-bounces@ietf.org  Tue Jan 20 10:21:32 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id E5F293A6895;
	Tue, 20 Jan 2009 10:21:32 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9B8FA3A6895
	for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 10:21:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5
	tests=[BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LzbvitdOlACZ for <opsec@core3.amsl.com>;
	Tue, 20 Jan 2009 10:21:30 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.33.17])
	by core3.amsl.com (Postfix) with ESMTP id 753B43A6878
	for <opsec@ietf.org>; Tue, 20 Jan 2009 10:21:30 -0800 (PST)
Received: from wpaz13.hot.corp.google.com (wpaz13.hot.corp.google.com
	[172.24.198.77]) by smtp-out.google.com with ESMTP id n0KILCAs000513
	for <opsec@ietf.org>; Tue, 20 Jan 2009 18:21:12 GMT
Received: from dhcp-172-29-120-232.ame.corp.google.com
	(dhcp-172-29-120-232.ame.corp.google.com [172.29.120.232])
	(authenticated bits=0)
	by wpaz13.hot.corp.google.com with ESMTP id n0KIL99v010435
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
	for <opsec@ietf.org>; Tue, 20 Jan 2009 10:21:10 -0800
Message-Id: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
From: Warren Kumari <warren@kumari.net>
To: opsec@ietf.org
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 20 Jan 2009 13:21:09 -0500
X-Mailer: Apple Mail (2.929.2)
Subject: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>,
	<mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0922403527=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org


--===============0922403527==
Content-Type: multipart/signed; boundary=Apple-Mail-5-765399142; micalg=sha1; protocol="application/pkcs7-signature"


--Apple-Mail-5-765399142
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

Hello all,

I have just posted draft-ietf-opsec-blackhole-urpf-00 (ex raft-kumari- 
blackhole-blckhole-02)

I appreciate all of the feedback (and especially the suggested  
text :-)) that people have been supplying and hope that I have  
accurately captured your input -- if not, I *do* apologize, I decided  
to batch up all the changes and they might have gotten away from me.  
Please let me know if I messed up and I will fix it...

Now, for the big question:

In the draft we are are requesting a registered BGP community to be  
used to signal your provider that you want destination based RTBH  
applied to an announced prefix.

There are two viewpoints on this -- I will try to capture them both,  
apologies if I mess this up:
Viewpoint 1:
This should be removed -- different providers will implement RTBH (src  
and dest) in different ways and will provide different capabilities  
(drop on the "edge", only install in a specific region, etc) and so  
there will need to be multiple communities. Getting this info from  
your provider (and having them enable the feature), etc is (and should  
remain) a required step.

Viewpoint 2:
I'd like to keep the registered community -- while different providers  
will support different subsets of this, having a well known way to  
enable this seems good to me. Currently providers support different  
communities for different things (e.g: announce this only to peers,  
set the MED, etc) but there are still some well known (e.g NO_EXPORT)  
communities that the provider probably implements. I dislike being in  
the situation where I am experiencing a DoS attack and have misplaced  
the napkin that I scribbled the secret community on last time. Now,  
while I am down I need to fight my way through Tier 1 - Tier N trying  
to find the magic community to apply for provider X. I'd rather just  
tag an announcement with the registerd RTBH community. If the provider  
doesn't support this, I'm no worse off, if they do, I've bought some  
time.

I'd appreciate any feedback on this, and the rest of the doc. And,  
once again, thnaks to all who have already provided feedback...


W


--
"Go on, prove me wrong. Destroy the fabric of the universe. See if I  
care."  -- Terry Prachett



--Apple-Mail-5-765399142
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO7jCCBwQw
ggXsoAMCAQICAkqjMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMDkwMTEyMTQ1NjU2WhcNMTAwMTEyMTQ1NjU2WjBtMR4wHAYDVQQKExVQZXJzb25hIE5vdCBW
YWxpZGF0ZWQxKTAnBgNVBAMTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMSAwHgYJ
KoZIhvcNAQkBFhF3YXJyZW5Aa3VtYXJpLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOpIMArXNarz9bdruFNHpMNz+sUcBEF3f1RluhE8ql3r1N5BCbcbPBqY8wHRJ3yH59lge/e2
gtktfNk3YEc7rO3liKat365evpVYbWsb8aB9hDMp72JBNw8pfXB9Rck3EONNidTSEXzIAV8Wqmpn
5MNkQEvAwca2RBiqTVXUAUSFehgRrdzs+atQJZY5LYf+SS262jnUmeAEhqkTeL/bSGoKJw8gdm6E
LtBeMnZNivWXYWkx/FH9T9dsLHa+91GAt7wLwGkF4j0wuDZjipttxqXgyb37rrmEXFtprrgoTkfP
d+o2ToD82+cRZ5SHiPMX5Jdj40NDJ6088cnM1dC5ZGcCAwEAAaOCA4wwggOIMAwGA1UdEwQFMAMC
AQAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU
GOTT7VrujcbZuYjov6zCuOXWGucwHAYDVR0RBBUwE4ERd2FycmVuQGt1bWFyaS5uZXQwgagGA1Ud
IwSBoDCBnYAUU3Ltkpzg2ssBXHx+ljVO8tS4UYKhgYGkfzB9MQswCQYDVQQGEwJJTDEWMBQGA1UE
ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
bmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQ0wggFHBgNV
HSAEggE+MIIBOjCCATYGCysGAQQBgbU3AQIAMIIBJTAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5z
dGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5j
b20vaW50ZXJtZWRpYXRlLnBkZjCBvAYIKwYBBQUHAgIwga8wFBYNU3RhcnRDb20gTHRkLjADAgEB
GoGWTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25z
KiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJs
ZSBhdCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeG
JWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwu
c3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGG
LWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcw
AoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0
MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEA
PIQakfJqAW8o9+7fyY93sn1/X5qgpMXZv/VPbNVpZDCjTTU/VZVgMxad3gAvMOvDpoSkk3U6Gyx9
+Y9mhHdUpYIVxjKN5r9vak/AkbsjKdRyoZaPPIdABIF3y8mnvxfYchzRQk7vEESSticddQyrWjHh
gMAAdKoqHgA6zcWfebD0+/4rrB+JUEBy9AlzeQpuKiZ5Y9dtD1IJ24bL+tCCSZqR5P/hyMXmm4tM
G5AQb4EEUS5ikx0+WrKaagC6zGrBeYRHmOXPKQ3aGAadY/NIZQ6EC1VosbR1FhIvg7V4lLGGyVEB
x4r+W9zg4vLRvSboJ4cPrqHB95+hYF7E7zA9hjCCB+IwggXKoAMCAQICAQ0wDQYJKoZIhvcNAQEF
BQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NFoXDTEyMTAyMjIxMDE1NFowgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zO
LdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKT
pT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirM
cNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD
kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95m4Jg
rM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCA1swggNXMAwGA1UdEwQFMAMBAf8wCwYDVR0P
BAQDAgGmMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjCBqAYDVR0jBIGgMIGdgBROC+8a
pEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM
dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQD
EyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNVHRIEAjAAMD0GCCsGAQUF
BwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MGAG
A1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCeg
JaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFdBgNVHSAEggFUMIIBUDCC
AUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2NlcnQuc3RhcnRjb20ub3Jn
L3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbnRlcm1l
ZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJjaWFsIChTdGFydENvbSkg
THRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxlZ2FsIExp
bWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5
IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjARBglghkgB
hvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqGSIb3DQEBBQUAA4ICAQCq
muHgW4zOHRv8HcYsMCCgt5Mm/fECts0RKL8p/8cwz/+B/wXPBRQ04KCUfp19i4tBD91O07Ixvgmi
IvdPvGJUoQA6ZD635v/Es4xrSbXzOhGpbiToaXKjK9zssyt2mBiT+USHmery0930Gg2bCKKF5emE
hUf9B6VOBSQ3NMLshWmZhWwq406fETWMkVk01+plkr/k62jsLo98663XUqYFBItlqsDPRv+aOCF0
Gxh8e6F07y+s68PSDmDt0DimQ4BTYR3ilIKjAFIi3IP/loXBnvmOLpirsYIbcGmLIA/2y3yH6Kdz
Qv7uSasAwloswCa7oZmzleCxvOfTBQm9sP2HmOecwz1RpkNzGXa4sHTiq4ZRYzo2IoZptvFBzrzQ
9ht5CtC757oni6o0DHOhrlHGQEDlr/eqVuAX24kF6QKomzDHm9D2SEmuzxRMxogXNsQLlUZDOJAf
f/oongNQ/zk4kScLH+q5KFYDrDfXwsOdtrczprlX4qg0uGxWL9NLF/3RRsGrB1FH9w7C4aQ0mHXo
2++Eio7bqiwyDrgJtmwNWsQOvu5IxXjSJ4ElOjj0jK3vsQI6HP+nKGjBrYRQ/popq/4v/BfMA8Hc
s2rO6MZHQrWlvIVYq/JiZ26eAm3JJZQzD5HkOqkDZsUg4Tnql9Y8sdnE4v7z6vv08sVf7LZXoTGC
A2wwggNoAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkG
A1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD
b20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkqjMAkGBSsOAwIaBQCg
ggGtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA5MDEyMDE4MjEw
OVowIwYJKoZIhvcNAQkEMRYEFKT+h1/bXzFpwMcb9Q0JGDVWyjmYMIGkBgkrBgEEAYI3EAQxgZYw
gZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAx
IFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQICSqMwgaYGCyqGSIb3DQEJEAILMYGWoIGT
MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl
IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ
cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAkqjMA0GCSqGSIb3DQEBAQUABIIBALh0uGBu
/6Pdk8LctHCl0lJXSNLz6oVFxFoO1LnHWAll0Y2QbpftpSf5rAXUkk1QgeNBEn06dVCc19v5Vw4F
2Scmrlzb7P1IBnJ5NI/cbwiJNIe8FmJF14cK0ua7LX8q4PY/jyNHwxkosnKaYotBw/X7V+rV53C/
evHX/ke76vx+S8sSVcW86FGf3SZsxh5P2TiAMFKrCj/JNi8OhaAurjs/VhP4ZctClT6SuO11EhGM
c4e0by9bShtiDjWfikTbl4rjU8alsRfkK2gITjQ82VxBXGPdhbK7BNCMUFGbrI73B8SMHJLh1voT
CY8uLBCFcBduHb2AkvsR/l7hiTXOdOQAAAAAAAA=

--Apple-Mail-5-765399142--

--===============0922403527==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============0922403527==--



From opsec-bounces@ietf.org  Tue Jan 20 19:56:11 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07B9B3A6935; Tue, 20 Jan 2009 19:56:11 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 618753A6935 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 19:56:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.684
X-Spam-Level: 
X-Spam-Status: No, score=-0.684 tagged_above=-999 required=5 tests=[AWL=-0.366, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOiEJS3yRnYy for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 19:56:09 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 91B6A3A682C for <opsec@ietf.org>; Tue, 20 Jan 2009 19:56:09 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id 7B6802684EA; Tue, 20 Jan 2009 20:55:53 -0700 (MST)
Received: from jchouinard-sim-105.eng.ellacoya.com (97-122-99-176.hlrn.qwest.net [97.122.99.176]) (authenticated-user danny) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; for opsec@ietf.org; Tue, 20 Jan 2009 20:55:53 -0700 (MST) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=97.122.99.176; client-port=52044; syn-fingerprint=65535:55:1:64:M1408,N,W3,N,N,T,S; data-bytes=0
Message-Id: <337CC62A-F021-49D0-AA8E-AF1250124C72@tcb.net>
From: Danny McPherson <danny@tcb.net>
To: opsec wg mailing list <opsec@ietf.org>
In-Reply-To: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Tue, 20 Jan 2009 20:55:52 -0700
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
X-Mailer: Apple Mail (2.930.3)
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org On Jan 20, 2009, at 11:21 AM, Warren Kumari wrote:

> Now, for the big question:
>
> In the draft we are are requesting a registered BGP community to be  
> used to signal your provider that you want destination based RTBH  
> applied to an announced prefix.
>
> There are two viewpoints on this -- I will try to capture them both,  
> apologies if I mess this up:
> Viewpoint 1:
> This should be removed -- different providers will implement RTBH  
> (src and dest) in different ways and will provide different  
> capabilities (drop on the "edge", only install in a specific region,  
> etc) and so there will need to be multiple communities. Getting this  
> info from your provider (and having them enable the feature), etc is  
> (and should remain) a required step.
>

Viewpoint 1 is mine..  I've seen providers with 10 communities
or more, and I'm not sure that defining well-known ones fixes
anything.

I too, as you might imagine, agree with Warren that we'd very
much like to see what the WG thinks about this.

-danny

> Viewpoint 2:
> I'd like to keep the registered community -- while different  
> providers will support different subsets of this, having a well  
> known way to enable this seems good to me. Currently providers  
> support different communities for different things (e.g: announce  
> this only to peers, set the MED, etc) but there are still some well  
> known (e.g NO_EXPORT) communities that the provider probably  
> implements. I dislike being in the situation where I am experiencing  
> a DoS attack and have misplaced the napkin that I scribbled the  
> secret community on last time. Now, while I am down I need to fight  
> my way through Tier 1 - Tier N trying to find the magic community to  
> apply for provider X. I'd rather just tag an announcement with the  
> registerd RTBH community. If the provider doesn't support this, I'm  
> no worse off, if they do, I've bought some time.
>
> I'd appreciate any feedback on this, and the rest of the doc. And,  
> once again, thnaks to all who have already provided feedback...

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Tue Jan 20 20:07:25 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD77C3A69B3; Tue, 20 Jan 2009 20:07:25 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5FEAD3A69B3 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.2
X-Spam-Level: 
X-Spam-Status: No, score=-6.2 tagged_above=-999 required=5 tests=[AWL=-0.400,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AAt338OyA+d2 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:07:24 -0800 (PST)
Received: from ind-iport-1.cisco.com (ind-iport-1.cisco.com [64.104.129.195]) by core3.amsl.com (Postfix) with ESMTP id B9FAC3A684C for <opsec@ietf.org>; Tue, 20 Jan 2009 20:07:23 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,298,1231113600"; d="scan'208";a="41144189"
Received: from hkg-dkim-1.cisco.com ([10.75.231.161]) by ind-iport-1.cisco.com with ESMTP; 21 Jan 2009 04:07:05 +0000
Received: from hkg-core-1.cisco.com (hkg-core-1.cisco.com [64.104.123.94]) by hkg-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n0L474Bg031075 for <opsec@ietf.org>; Wed, 21 Jan 2009 12:07:04 +0800
Received: from [10.74.6.110] (sin-vpn-client-16-186.cisco.com [10.68.16.186]) by hkg-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n0L472Vp029849 for <opsec@ietf.org>; Wed, 21 Jan 2009 04:07:03 GMT
Message-Id: <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
From: Roland Dobbins <rdobbins@cisco.com>
To: opsec wg mailing list <opsec@ietf.org>
In-Reply-To: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 21 Jan 2009 12:07:01 +0800
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
X-Mailer: Apple Mail (2.930.3)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1288; t=1232510824; x=1233374824; c=relaxed/simple; s=hkgdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdobbins@cisco.com; z=From:=20Roland=20Dobbins=20<rdobbins@cisco.com> |Subject:=20Re=3A=20[OPSEC]=20draft-ietf-opsec-blackhole-ur pf-00 |Sender:=20; bh=78+2Qd7ihu7t01Ehtl0M0eOHVQ2J5a8CtDqHS64up30=; b=QlnSdeqMg2H2uSo8c7LPCI+yRUFrQeB5xDvIrYuiRFpF/8d8ETRznKVRb/ RdIe7xt338T+U61E+lK+cKgvuJ3IrooHUk6LwBvJ4GsbTFDgNwoi24Re4Obp 88tY3tCCrbCZq/VF4INEp5wV8F6i0B0iKx4hctE54UaOBah1xzPDw=;
Authentication-Results: hkg-dkim-1; header.DKIM-Signature=rdobbins@cisco.com; dkim=fail ( DNS lookup for cisco.com/hkgdkim1002 failed; cisco.com/hkgdk im1002 fail; );  header.From=rdobbins@cisco.com; dkim=neutral
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote:

> I'd like to keep the registered community -- while different  
> providers will support different subsets of this, having a well  
> known way to enable this seems good to me.

The problem with this is that it lacks granularity, and if this were  
to come to pass and you tagged your announcement accordingly, you  
don't know what the result will be, nor where, nor how.

We've all seen instances of uncoordinated mitigation which have gone  
awry and made things worse, not better.  Any kind of inter-provider  
signaling of this type should only be undertaken/work after an  
explicit mutual understanding has been reached regarding expectations  
and actual behavior.

Given the fact that various operators have implemented various  
communities for various purposes over time, and given the  
situationally-specific nature of the blackholing mechanisms  
themselves, I think that while this is a noble goal, that it simply  
isn't practical in this particular milieu and should probably be  
removed.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile

      All behavior is economic in motivation and/or consequence.




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Tue Jan 20 20:09:34 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B5813A6A46; Tue, 20 Jan 2009 20:09:34 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC4EB3A6A43 for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6
X-Spam-Level: 
X-Spam-Status: No, score=-6 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8bTX29BzLSy for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:09:32 -0800 (PST)
Received: from ind-iport-1.cisco.com (ind-iport-1.cisco.com [64.104.129.195]) by core3.amsl.com (Postfix) with ESMTP id 44B343A6A33 for <opsec@ietf.org>; Tue, 20 Jan 2009 20:09:30 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,298,1231113600"; d="scan'208";a="41144420"
Received: from hkg-dkim-1.cisco.com ([10.75.231.161]) by ind-iport-1.cisco.com with ESMTP; 21 Jan 2009 04:09:12 +0000
Received: from hkg-core-1.cisco.com (hkg-core-1.cisco.com [64.104.123.94]) by hkg-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n0L49Cjw031427 for <opsec@ietf.org>; Wed, 21 Jan 2009 12:09:12 +0800
Received: from [10.74.6.110] (sin-vpn-client-16-186.cisco.com [10.68.16.186]) by hkg-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n0L49AAC000139 for <opsec@ietf.org>; Wed, 21 Jan 2009 04:09:11 GMT
Message-Id: <C6978D5F-2B4B-4E72-AC92-0D9962137C74@cisco.com>
From: Roland Dobbins <rdobbins@cisco.com>
To: opsec wg mailing list <opsec@ietf.org>
In-Reply-To: <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 21 Jan 2009 12:09:08 +0800
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
X-Mailer: Apple Mail (2.930.3)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=341; t=1232510952; x=1233374952; c=relaxed/simple; s=hkgdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdobbins@cisco.com; z=From:=20Roland=20Dobbins=20<rdobbins@cisco.com> |Subject:=20Re=3A=20[OPSEC]=20draft-ietf-opsec-blackhole-ur pf-00 |Sender:=20; bh=9fEGOUpEgvD0ZDN1YRuUUYXe8Pt1q7HqFNz+Brb4HW4=; b=i456lGMmqCmdRyTXHyLMAuqqO3kW01yLMgWsS7mGpIkXJHraTlMPKkFHm0 qVNa+SvDyANncME3XpPx6/QH2MudVEfeKJLJrydAh/PjP2KLTt0Fo5oo7EyL 0x8YRskJygRq1RF5mt4fr59ywPGGchLfp3LcQvopsEf4Re+l1xDfY=;
Authentication-Results: hkg-dkim-1; header.DKIM-Signature=rdobbins@cisco.com; dkim=fail ( DNS lookup for cisco.com/hkgdkim1002 failed; cisco.com/hkgdk im1002 fail; );  header.From=rdobbins@cisco.com; dkim=neutral
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org On Jan 21, 2009, at 12:07 PM, Roland Dobbins wrote:

> Any kind of inter-provider

Typo - should be 'inter-operator', apologies.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile

      All behavior is economic in motivation and/or consequence.




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Tue Jan 20 20:59:47 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 345943A6A1C; Tue, 20 Jan 2009 20:59:47 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0729A3A6A1C for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:59:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[AWL=-0.400,  BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIDcRQKZvkic for <opsec@core3.amsl.com>; Tue, 20 Jan 2009 20:59:45 -0800 (PST)
Received: from mail-bw0-f21.google.com (mail-bw0-f21.google.com [209.85.218.21]) by core3.amsl.com (Postfix) with ESMTP id 088073A68B5 for <opsec@ietf.org>; Tue, 20 Jan 2009 20:59:43 -0800 (PST)
Received: by bwz14 with SMTP id 14so12045136bwz.13 for <opsec@ietf.org>; Tue, 20 Jan 2009 20:59:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=YQeCQoulsLtd5nu9CZcut49mRtIQB41ps4OEvYQWaA4=; b=U7EkGCSa2WoxFQtR6SmnEtVjC/5kRwNpw8zMarzhcmuWJSlyFD1E8e5Y6Qs7W6Pu1w G1GGRovPmYwYFJ/xCFhjIgluavADVMSVxPZTFirpROdxqQOzuEogQqQEM8vShavtiCDg 0YjTyHnPnLEYct2HArHz4cApCvndBqS+FFNVI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=FNKxeJjcCR6mvxkbJC3aOCPlwwoh3caIL8DUKf4eqIF0Vg4v9goh70NbesYfEeLBYy EHT+BM1Rn56ijGR32c5EVlKSBJ6KNaR33Sgp1VdMBU8rMjIcOUsJ4edT1cG4iJT0YTku hACZc1ncTyI0aFf35CWVlWQzh4WI+kKKNFOgc=
MIME-Version: 1.0
Received: by 10.223.105.208 with SMTP id u16mr658299fao.14.1232513965302; Tue,  20 Jan 2009 20:59:25 -0800 (PST)
In-Reply-To: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>
Date: Tue, 20 Jan 2009 23:59:25 -0500
X-Google-Sender-Auth: f4bfd797093b807c
Message-ID: <75cb24520901202059h313c2ff2oafa4d4c4d517d062@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: opsec@ietf.org
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org On Tue, Jan 20, 2009 at 1:21 PM, Warren Kumari <warren@kumari.net> wrote:

> Now, for the big question:
>
> In the draft we are are requesting a registered BGP community to be used to
> signal your provider that you want destination based RTBH applied to an
> announced prefix.

I don't believe a 'well known community' helps here... I believe it
will cause more issues than it resolves. I fear that folks will assume
their provider has this enabled (because configuration is required on
the provider side, unlike no-advertise and no-export). This will cause
unpredictable behaviour for customers and operators.

-Chris
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Wed Jan 21 05:49:24 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19D1B3A6A95; Wed, 21 Jan 2009 05:49:24 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 929B03A6A4C for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 05:49:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0feuoXjPVzY for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 05:49:22 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.33.17]) by core3.amsl.com (Postfix) with ESMTP id AB8283A694F for <opsec@ietf.org>; Wed, 21 Jan 2009 05:49:21 -0800 (PST)
Received: from zps75.corp.google.com (zps75.corp.google.com [172.25.146.75]) by smtp-out.google.com with ESMTP id n0LDn1gW032686; Wed, 21 Jan 2009 13:49:02 GMT
Received: from smtp.corp.google.com (spacemonkey3.corp.google.com [192.168.120.116]) by zps75.corp.google.com with ESMTP id n0LDmxdD021259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 21 Jan 2009 05:48:59 -0800
Received: from [192.168.0.5] (pool-71-114-41-74.washdc.dsl-w.verizon.net [71.114.41.74]) (authenticated bits=0) by smtp.corp.google.com (8.13.8/8.13.8) with ESMTP id n0LDmuwN018800 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 21 Jan 2009 05:48:58 -0800
Message-Id: <269E78A6-369F-4D53-B587-4A726F9FF854@kumari.net>
From: Warren Kumari <warren@kumari.net>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <75cb24520901202059h313c2ff2oafa4d4c4d517d062@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v926)
Date: Wed, 21 Jan 2009 08:49:04 -0500
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <75cb24520901202059h313c2ff2oafa4d4c4d517d062@mail.gmail.com>
X-Mailer: Apple Mail (2.926)
Cc: opsec@ietf.org
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0687370433=="
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org --===============0687370433==
Content-Type: multipart/signed; boundary=Apple-Mail-24-835474366; micalg=sha1; protocol="application/pkcs7-signature"


--Apple-Mail-24-835474366
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

Cool...

Well, it looks fairly obvious that Danny's view (viewpoint 1) here is  
the prevalent one --- I'll update the draft soon to reflect this (I'll  
give it a couple of days so I can also incorporate any other feed  
back, hint hint...)

W


On Jan 20, 2009, at 11:59 PM, Christopher Morrow wrote:

> On Tue, Jan 20, 2009 at 1:21 PM, Warren Kumari <warren@kumari.net>  
> wrote:
>
>> Now, for the big question:
>>
>> In the draft we are are requesting a registered BGP community to be  
>> used to
>> signal your provider that you want destination based RTBH applied  
>> to an
>> announced prefix.
>
> I don't believe a 'well known community' helps here... I believe it
> will cause more issues than it resolves. I fear that folks will assume
> their provider has this enabled (because configuration is required on
> the provider side, unlike no-advertise and no-export). This will cause
> unpredictable behaviour for customers and operators.
>
> -Chris


--Apple-Mail-24-835474366
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF5TCCAt0w
ggHFoAMCAQICAQIwCwYJKoZIhvcNAQEFMGAxLjAsBgNVBAMMJVdhcnJlbiBLdW1hcmkncyBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJ3a3VtYXJpQGdv
b2dsZS5jb20wHhcNMDkwMTEzMDE0MTEzWhcNMTEwMjIwMDE0MTEzWjBQMR8wHQYDVQQDDBZ2cG4u
ZG5zc2VjLWV4YW1wbGUuY29tMQswCQYDVQQGEwJVUzEgMB4GCSqGSIb3DQEJARYRd2FycmVuQGt1
bWFyaS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkaHLi+mSGuP7zrTKg+DBJODNRO
Q57lqOIuWZNr7CkQXJrPWinVKRfffbP6Z1NOXZnNe7khxGv/mq2Qj4J7VEoPEnp3VLcKLawpxLMN
4VnbBFKOLlb+ui1Rs0lzfKrWlI/ecZe3q2AV8dyRlaRd3U23Qf7Oh7wKV1OhLEeyQS2dAgMBAAGj
ODA2MDQGA1UdEQQtMCuBEXdhcnJlbkBrdW1hcmkubmV0ghZ2cG4uZG5zc2VjLWV4YW1wbGUuY29t
MA0GCSqGSIb3DQEBBQUAA4IBAQAXgT9iMlkHTv83Gjx2G6EvOi/zkzEKM7VSYfN3MjKPzaJF12bV
xx5cHGHeLR/1gJlFz018dNsKlpdSH4c0NTqBxgr8Y8FOeN7XnZWY2x/2X47qKbrtQQqsZHGRqF7l
eoMeUR/YsOMuz3aoIXSKXO5m46JGESUq65JOfFFj1V+QOYmFpK1BtM7FG5GYpLYo5SGKcyyOpY19
ULMMVj5PbmYf6B3w83Sb6JE1Ww77gLPXEF/nIrmTwF4Y38mkUwA6M2JsaryqqlNgRWAOLXAKhIXk
wLIVWSnZMQcJQjr+kWO8JOQkX1TCbdIKquBCGZZyEOnxfsv4/Zhdq63+nSYf/dMfMIIDADCCAeig
AwIBAgIBBDALBgkqhkiG9w0BAQUwYDEuMCwGA1UEAwwlV2FycmVuIEt1bWFyaSdzIENlcnRpZmlj
YXRlIEF1dGhvcml0eTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEWEndrdW1hcmlAZ29vZ2xl
LmNvbTAeFw0wOTAxMTMxNDM0MDdaFw0xMTAyMjAxNDM0MDdaMEcxFjAUBgNVBAMMDVdLIC0gVlBO
IENlcnQxCzAJBgNVBAYTAlVTMSAwHgYJKoZIhvcNAQkBFhF3YXJyZW5Aa3VtYXJpLm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7DL24PTWK0cxSNZkG8f36ONGbV5ZlDYaAcXIqeJ85sBc
63Gam1AjHOzg5TicvfY+0TxbBxR7DDVXT1Zs0idpM0TCH83lxto1gPiZIls7ijMDixPmZakP3oFJ
eHfqw5QZPytYRrOrz8QSkak2Z13NjYEDewwaypr8nGXcZcbwI5UCAwEAAaNkMGIwCwYDVR0PBAQD
AgSQMDUGA1UdJQQuMCwGCCsGAQUFBwMCBggrBgEFBQcDAQYHKwYBBQIDBAYHKwYBBQIDBQYEVR0l
ADAcBgNVHREEFTATgRF3YXJyZW5Aa3VtYXJpLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAt7MNGeeK
DMrhUQzkP3IyxmkCYUxlZmKEuA471Mj2rHMfBuU3nkGc4N80jFts7eILyhewgVDB7HhvmXCtB61o
E/deBU2t5JqA+BkL+ddIbKsOcZdGaUR7NjqOY7XcYmOlwn5MQPPFJKBiXqUO+JmqOr4cEpeDDPNx
wO5/6AJea7bAF7Mwv3lmCC/xU1AxEVy9Snqqf0y9sn44hWHV797Zc0TvBs9N1HFdJ/YFoLF/Pryd
HhSMNZR/fnV09RsUd843WhLOqq1wqvmu/hx3QmOR5ApjK7X3NflDoDoPGp95TYD+0sMeVOFIibj1
F29BcQmTH34u1V2ry9sKrmd5anCCQDGCAlowggJWAgEBMGUwYDEuMCwGA1UEAwwlV2FycmVuIEt1
bWFyaSdzIENlcnRpZmljYXRlIEF1dGhvcml0eTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEW
EndrdW1hcmlAZ29vZ2xlLmNvbQIBBDAJBgUrDgMCGgUAoIIBSzAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTAxMjExMzQ5MDVaMCMGCSqGSIb3DQEJBDEWBBRMQpKu
oaimdFhEGf9MdJu7YwHQjzB0BgkrBgEEAYI3EAQxZzBlMGAxLjAsBgNVBAMMJVdhcnJlbiBLdW1h
cmkncyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJ3
a3VtYXJpQGdvb2dsZS5jb20CAQIwdgYLKoZIhvcNAQkQAgsxZ6BlMGAxLjAsBgNVBAMMJVdhcnJl
biBLdW1hcmkncyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcN
AQkBFhJ3a3VtYXJpQGdvb2dsZS5jb20CAQIwDQYJKoZIhvcNAQEBBQAEgYAtnGyob0ERairsiuqb
bB4npVSsSP4kWFtA9Ges6ouTw7UWBAGlZVPDQGXaKBctf+ftEbEVFSKyNz4t9Iaa6Xl8HELnwcOZ
K8Do1WAKQlsfKuPNlfBC/FFuJVbiyBdfx+lu96pAZBCHhyzutex+BeA06y7mqTeEiCmi/HmAA3cY
EwAAAAAAAA==

--Apple-Mail-24-835474366--

--===============0687370433==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--===============0687370433==--

From opsec-bounces@ietf.org  Wed Jan 21 07:28:59 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0D5C3A68C0; Wed, 21 Jan 2009 07:28:59 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27ED23A6924 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 07:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[AWL=-0.300,  BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptz-3qJMt6h1 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 07:28:57 -0800 (PST)
Received: from suomp64i.qwest.com (suomp64i.qwest.com [155.70.16.237]) by core3.amsl.com (Postfix) with ESMTP id 318153A67F4 for <opsec@ietf.org>; Wed, 21 Jan 2009 07:28:57 -0800 (PST)
Received: from suomp60i.qintra.com (suomp60i.qintra.com [151.117.69.27]) by suomp64i.qwest.com (8.14.0/8.14.0) with ESMTP id n0LFSbJ8024900; Wed, 21 Jan 2009 09:28:37 -0600 (CST)
Received: from ITDENE2KSM01.AD.QINTRA.COM (localhost [127.0.0.1]) by suomp60i.qintra.com (8.14.0/8.14.0) with ESMTP id n0LFSV0H025945; Wed, 21 Jan 2009 09:28:31 -0600 (CST)
Received: from qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) by ITDENE2KSM01.AD.QINTRA.COM with Microsoft SMTPSVC(6.0.3790.1830);  Wed, 21 Jan 2009 08:28:31 -0700
Received: from qtdenexmbm24.AD.QINTRA.COM ([151.119.91.226]) by qtdenexhtm20.AD.QINTRA.COM ([151.119.91.229]) with mapi; Wed, 21 Jan 2009 08:28:31 -0700
From: "Smith, Donald" <Donald.Smith@qwest.com>
To: "'Warren Kumari'" <warren@kumari.net>, "'Christopher Morrow'" <morrowc.lists@gmail.com>
Date: Wed, 21 Jan 2009 08:28:26 -0700
Thread-Topic: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Thread-Index: Acl7zwrFafq90/XnSVOAEacEVbWXyQADRk9Q
Message-ID: <B01905DA0C7CDC478F42870679DF0F100493CCEB99@qtdenexmbm24.AD.QINTRA.COM>
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <75cb24520901202059h313c2ff2oafa4d4c4d517d062@mail.gmail.com> <269E78A6-369F-4D53-B587-4A726F9FF854@kumari.net>
In-Reply-To: <269E78A6-369F-4D53-B587-4A726F9FF854@kumari.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Jan 2009 15:28:31.0239 (UTC) FILETIME=[EA66B170:01C97BDC]
Cc: "'opsec@ietf.org'" <opsec@ietf.org>
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org I agree with Danny. A standards based community would imply the customer might try it without any coordination with their isp. A configuration mistake within the ips might then allow a customer to src base black hole ip addresses that shouldn't be src base blackholed for one reason or another. The ISP has to be involved and it has to be coordinated between the ips and customer as to which addresses and how many can be advertised for src based blackholing.



(coffee != sleep) & (!coffee == sleep)
Donald.Smith@qwest.com gcia   

> -----Original Message-----
> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] 
> On Behalf Of Warren Kumari
> Sent: Wednesday, January 21, 2009 6:49 AM
> To: Christopher Morrow
> Cc: opsec@ietf.org
> Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
> 
> Cool...
> 
> Well, it looks fairly obvious that Danny's view (viewpoint 1) 
> here is  
> the prevalent one --- I'll update the draft soon to reflect 
> this (I'll  
> give it a couple of days so I can also incorporate any other feed  
> back, hint hint...)
> 
> W
> 
> 
> On Jan 20, 2009, at 11:59 PM, Christopher Morrow wrote:
> 
> > On Tue, Jan 20, 2009 at 1:21 PM, Warren Kumari <warren@kumari.net>  
> > wrote:
> >
> >> Now, for the big question:
> >>
> >> In the draft we are are requesting a registered BGP 
> community to be  
> >> used to
> >> signal your provider that you want destination based RTBH applied  
> >> to an
> >> announced prefix.
> >
> > I don't believe a 'well known community' helps here... I believe it
> > will cause more issues than it resolves. I fear that folks 
> will assume
> > their provider has this enabled (because configuration is 
> required on
> > the provider side, unlike no-advertise and no-export). This 
> will cause
> > unpredictable behaviour for customers and operators.
> >
> > -Chris
> 
> 
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Wed Jan 21 16:05:49 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49A313A6998; Wed, 21 Jan 2009 16:05:49 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA29628C12C for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 16:05:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.8
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VGvE84S-6yN2 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 16:05:47 -0800 (PST)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id C9BE63A6978 for <opsec@ietf.org>; Wed, 21 Jan 2009 16:05:46 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,303,1231113600"; d="scan'208";a="34465151"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-2.cisco.com with ESMTP; 22 Jan 2009 00:05:30 +0000
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n0M05UjM012384 for <opsec@ietf.org>; Wed, 21 Jan 2009 19:05:30 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id n0M05UUo019108 for <opsec@ietf.org>; Thu, 22 Jan 2009 00:05:30 GMT
Received: from xmb-rtp-20e.amer.cisco.com ([64.102.31.40]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830);  Wed, 21 Jan 2009 19:05:29 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 21 Jan 2009 19:06:17 -0500
Message-ID: <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Thread-Index: Acl7fci3riQSCU4XTd2nIH2FNRMTKQApZqXw
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net> <19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com>
From: "Ryan Mcdowell (rymcdowe)" <rymcdowe@cisco.com>
To: "Roland Dobbins (rdobbins)" <rdobbins@cisco.com>, "opsec wg mailing list" <opsec@ietf.org>
X-OriginalArrivalTime: 22 Jan 2009 00:05:29.0903 (UTC) FILETIME=[22F733F0:01C97C25]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2577; t=1232582730; x=1233446730; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rymcdowe@cisco.com; z=From:=20=22Ryan=20Mcdowell=20(rymcdowe)=22=20<rymcdowe@cis co.com> |Subject:=20RE=3A=20[OPSEC]=20draft-ietf-opsec-blackhole-ur pf-00 |Sender:=20 |To:=20=22Roland=20Dobbins=20(rdobbins)=22=20<rdobbins@cisc o.com>,=0A=20=20=20=20=20=20=20=20=22opsec=20wg=20mailing=20 list=22=20<opsec@ietf.org>; bh=Oc82MegQlFe4O8Vpl1+6s0q2pKi0LE6HN0XATbEi0vE=; b=P4MOpV7ij/hgA9o202zLG7EuajjMZzU4P5TWoZhq3vsF0hockqrcJ3gbSj UCP7V+puh+clcl5pHuPO8Vow4gCA1iNkn3bRnW4ZQXn0t2kx/MKDHnjcHicU fQ9UXoz0Ph;
Authentication-Results: rtp-dkim-2; header.From=rymcdowe@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; ); 
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org Agree with Roland, too many ISP's do slightly different things.  I think
a standard community could capture all the power and options possible.
A standard community would greatly reduce the flexibility.  

Does the provider set no-advertise on such updates so I have to
advertise them over every eBGP session?  Does the provider do source,
destination, or both blackholing?  Does the provider attempt to
propagate it to their upstreams?  If so, which ones?  Can I control
which ones?  If the provider has multiple ASes, do they propagate it to
all their ASes?  If so, which ones?  Can I control which ones?  Does the
provider offer QPPB instead of blackholing? Etc...  

----------------------------
Ryan McDowell
Systems Engineer
Cisco Systems, Inc
(W) +1 703.484.0040
(M) +1 703.201.5742
PGP Fingerprint: EED9 192F 9F45 FAE4 F6A3 8764 FEE1 299D 1B62 A361 
----------------------------

-----Original Message-----
From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf
Of Roland Dobbins (rdobbins)
Sent: Tuesday, January 20, 2009 11:07 PM
To: opsec wg mailing list
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00


On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote:

> I'd like to keep the registered community -- while different providers

> will support different subsets of this, having a well known way to 
> enable this seems good to me.

The problem with this is that it lacks granularity, and if this were to
come to pass and you tagged your announcement accordingly, you don't
know what the result will be, nor where, nor how.

We've all seen instances of uncoordinated mitigation which have gone
awry and made things worse, not better.  Any kind of inter-provider
signaling of this type should only be undertaken/work after an explicit
mutual understanding has been reached regarding expectations and actual
behavior.

Given the fact that various operators have implemented various
communities for various purposes over time, and given the
situationally-specific nature of the blackholing mechanisms themselves,
I think that while this is a noble goal, that it simply isn't practical
in this particular milieu and should probably be removed.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile

      All behavior is economic in motivation and/or consequence.




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Wed Jan 21 17:04:30 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 995E03A6A5D; Wed, 21 Jan 2009 17:04:30 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30F433A6A5D for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.8
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXmtdkmizppL for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:04:29 -0800 (PST)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id F3E123A69EC for <opsec@ietf.org>; Wed, 21 Jan 2009 17:04:28 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.37,303,1231113600"; d="scan'208";a="34505886"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-1.cisco.com with ESMTP; 22 Jan 2009 01:03:45 +0000
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n0M13jsT003742 for <opsec@ietf.org>; Wed, 21 Jan 2009 20:03:45 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n0M13jGq025002 for <opsec@ietf.org>; Thu, 22 Jan 2009 01:03:45 GMT
Received: from xmb-rtp-20e.amer.cisco.com ([64.102.31.40]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830);  Wed, 21 Jan 2009 20:03:45 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 21 Jan 2009 20:04:09 -0500
Message-ID: <A759481225F9064586B34D2B490AB73206B93277@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
Thread-Index: Acl7fci3riQSCU4XTd2nIH2FNRMTKQApZqXwAAJ0YeA=
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net><19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com> <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
From: "Ryan Mcdowell (rymcdowe)" <rymcdowe@cisco.com>
To: "Roland Dobbins (rdobbins)" <rdobbins@cisco.com>, "opsec wg mailing list" <opsec@ietf.org>
X-OriginalArrivalTime: 22 Jan 2009 01:03:45.0360 (UTC) FILETIME=[466B9D00:01C97C2D]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3281; t=1232586225; x=1233450225; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rymcdowe@cisco.com; z=From:=20=22Ryan=20Mcdowell=20(rymcdowe)=22=20<rymcdowe@cis co.com> |Subject:=20RE=3A=20[OPSEC]=20draft-ietf-opsec-blackhole-ur pf-00 |Sender:=20 |To:=20=22Roland=20Dobbins=20(rdobbins)=22=20<rdobbins@cisc o.com>,=0A=20=20=20=20=20=20=20=20=22opsec=20wg=20mailing=20 list=22=20<opsec@ietf.org>; bh=c6gjqk1Q1ssi9vttJbwC5XLI+ywYoQvn7kNmz55grLY=; b=O1Nt/KALwdAc5Z/vqFpiFf+FtAaGulnQRFaNrX51ba2BTV3iNDExSJdqIv n3nDv4P9HAvMZkLs73SLx4rD76ef/hrq5NhxdFdPacAfGqnsAfwwQ2U+Czjd ldDJFyR3Qk;
Authentication-Results: rtp-dkim-1; header.From=rymcdowe@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; ); 
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org Doah...

s/I think a standard/I don't think a standard/ 


----------------------------
Ryan McDowell
Systems Engineer
Cisco Systems, Inc
(W) +1 703.484.0040
(M) +1 703.201.5742
PGP Fingerprint: EED9 192F 9F45 FAE4 F6A3 8764 FEE1 299D 1B62 A361 
----------------------------
-----Original Message-----
From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf
Of Ryan Mcdowell (rymcdowe)
Sent: Wednesday, January 21, 2009 7:06 PM
To: Roland Dobbins (rdobbins); opsec wg mailing list
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00

Agree with Roland, too many ISP's do slightly different things.  I think
a standard community could capture all the power and options possible.
A standard community would greatly reduce the flexibility.  

Does the provider set no-advertise on such updates so I have to
advertise them over every eBGP session?  Does the provider do source,
destination, or both blackholing?  Does the provider attempt to
propagate it to their upstreams?  If so, which ones?  Can I control
which ones?  If the provider has multiple ASes, do they propagate it to
all their ASes?  If so, which ones?  Can I control which ones?  Does the
provider offer QPPB instead of blackholing? Etc...  

----------------------------
Ryan McDowell
Systems Engineer
Cisco Systems, Inc
(W) +1 703.484.0040
(M) +1 703.201.5742
PGP Fingerprint: EED9 192F 9F45 FAE4 F6A3 8764 FEE1 299D 1B62 A361
----------------------------

-----Original Message-----
From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf
Of Roland Dobbins (rdobbins)
Sent: Tuesday, January 20, 2009 11:07 PM
To: opsec wg mailing list
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00


On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote:

> I'd like to keep the registered community -- while different providers

> will support different subsets of this, having a well known way to 
> enable this seems good to me.

The problem with this is that it lacks granularity, and if this were to
come to pass and you tagged your announcement accordingly, you don't
know what the result will be, nor where, nor how.

We've all seen instances of uncoordinated mitigation which have gone
awry and made things worse, not better.  Any kind of inter-provider
signaling of this type should only be undertaken/work after an explicit
mutual understanding has been reached regarding expectations and actual
behavior.

Given the fact that various operators have implemented various
communities for various purposes over time, and given the
situationally-specific nature of the blackholing mechanisms themselves,
I think that while this is a noble goal, that it simply isn't practical
in this particular milieu and should probably be removed.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile

      All behavior is economic in motivation and/or consequence.




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec
_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Wed Jan 21 17:50:47 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0DEA3A699E; Wed, 21 Jan 2009 17:50:47 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B31A33A699E for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level: 
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[AWL=-0.350,  BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKt-LW9y8ut0 for <opsec@core3.amsl.com>; Wed, 21 Jan 2009 17:50:45 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id A2A253A687A for <opsec@ietf.org>; Wed, 21 Jan 2009 17:50:45 -0800 (PST)
Received: from [192.168.1.118] (c-24-130-16-195.hsd1.ca.comcast.net [24.130.16.195]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id n0M1oPBs036089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 22 Jan 2009 01:50:26 GMT (envelope-from joelja@bogus.com)
Message-ID: <4977D0DE.8040409@bogus.com>
Date: Wed, 21 Jan 2009 17:50:22 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: "Ryan Mcdowell (rymcdowe)" <rymcdowe@cisco.com>
References: <E3B4452D-A984-439F-9069-7E43F51E3F42@kumari.net>	<19805DE9-0FB7-46C6-8984-DD82A6BB11E4@cisco.com> <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <A759481225F9064586B34D2B490AB73206B93254@xmb-rtp-20e.amer.cisco.com>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.94.2/8886/Wed Jan 21 22:46:06 2009 on nagasaki.bogus.com
X-Virus-Status: Clean
Cc: opsec wg mailing list <opsec@ietf.org>
Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org The value of having a commonly understood convention for usage is that
the facility can then get used more, becuase you can teach it document
it reference texts etc. That doesn't mean a more expressive set of
situationially useful tools cannot also be provided, the fact that their
 is some variation is what providers offer their customers and how they
express them reflects different priorties, vendor specfic limitations
and so on.

Ryan Mcdowell (rymcdowe) wrote:
> Agree with Roland, too many ISP's do slightly different things.  I think
> a standard community could capture all the power and options possible.
> A standard community would greatly reduce the flexibility.  
> 
> Does the provider set no-advertise on such updates so I have to
> advertise them over every eBGP session?  Does the provider do source,
> destination, or both blackholing?  Does the provider attempt to
> propagate it to their upstreams?  If so, which ones?  Can I control
> which ones?  If the provider has multiple ASes, do they propagate it to
> all their ASes?  If so, which ones?  Can I control which ones?  Does the
> provider offer QPPB instead of blackholing? Etc...  
> 
> ----------------------------
> Ryan McDowell
> Systems Engineer
> Cisco Systems, Inc
> (W) +1 703.484.0040
> (M) +1 703.201.5742
> PGP Fingerprint: EED9 192F 9F45 FAE4 F6A3 8764 FEE1 299D 1B62 A361 
> ----------------------------
> 
> -----Original Message-----
> From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] On Behalf
> Of Roland Dobbins (rdobbins)
> Sent: Tuesday, January 20, 2009 11:07 PM
> To: opsec wg mailing list
> Subject: Re: [OPSEC] draft-ietf-opsec-blackhole-urpf-00
> 
> 
> On Jan 21, 2009, at 2:21 AM, Warren Kumari wrote:
> 
>> I'd like to keep the registered community -- while different providers
> 
>> will support different subsets of this, having a well known way to 
>> enable this seems good to me.
> 
> The problem with this is that it lacks granularity, and if this were to
> come to pass and you tagged your announcement accordingly, you don't
> know what the result will be, nor where, nor how.
> 
> We've all seen instances of uncoordinated mitigation which have gone
> awry and made things worse, not better.  Any kind of inter-provider
> signaling of this type should only be undertaken/work after an explicit
> mutual understanding has been reached regarding expectations and actual
> behavior.
> 
> Given the fact that various operators have implemented various
> communities for various purposes over time, and given the
> situationally-specific nature of the blackholing mechanisms themselves,
> I think that while this is a noble goal, that it simply isn't practical
> in this particular milieu and should probably be removed.
> 
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile
> 
>       All behavior is economic in motivation and/or consequence.
> 
> 
> 
> 
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
> 

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

From opsec-bounces@ietf.org  Thu Jan 29 12:15:03 2009
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 598223A68F7; Thu, 29 Jan 2009 12:15:03 -0800 (PST)
X-Original-To: opsec@ietf.org
Delivered-To: opsec@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id C10D83A687E; Thu, 29 Jan 2009 12:15:01 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20090129201501.C10D83A687E@core3.amsl.com>
Date: Thu, 29 Jan 2009 12:15:01 -0800 (PST)
Cc: opsec@ietf.org
Subject: [OPSEC] I-D Action:draft-ietf-opsec-ip-security-00.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF.


	Title           : Security Assessment of the Internet Protocol version 4
	Author(s)       : F. Gont
	Filename        : draft-ietf-opsec-ip-security-00.txt
	Pages           : 71
	Date            : 2009-01-28

This document contains a security assessment of the IETF
specifications of the Internet Protocol version 4, and of a number of
mechanisms and policies in use by popular IPv4 implementations.  It
is based on the results of a project carried out by the UK's Centre
for the Protection of National Infrastructure (CPNI).

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-opsec-ip-security-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Message/External-body;
	name="draft-ietf-opsec-ip-security-00.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID: <2009-01-29120054.I-D@ietf.org>


--NextPart
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/opsec

--NextPart--