From nobody Sat Jul 4 14:14:57 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 121521A1A06; Sat, 4 Jul 2015 14:14:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.379 X-Spam-Level: X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYcUymAH8OID; Sat, 4 Jul 2015 14:14:54 -0700 (PDT) Received: from sasl.smtp.pobox.com (pb-smtp1.int.icgroup.com [208.72.237.35]) by ietfa.amsl.com (Postfix) with ESMTP id 1C27E1A1A02; Sat, 4 Jul 2015 14:14:53 -0700 (PDT) Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id D65AB60042; Sat, 4 Jul 2015 17:14:51 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; s=sasl; bh=hio4kJLfjGW1 LWpzdZ7sYmMHFPk=; b=L/M6R3FUMpx/ExOvkKkhvqYFLCYiqPc0iPpzsaENkBYm 2GDQTFPyv3Le9lbV99ycFIOpY5TyAQfvLslmZ/C/ZirjtK7WE52kXOZhTtkHjB/p lf9OZbpjuBfEaW4RaOjxiLZdXvtFlJSG44/S3uOohdfrGjSrGym0bmL5RkxyNFg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s=sasl; b=UXvo7o GzSxPEXBG1H/Iwa1mjUmu+QCkhmwxTGrmKHo07NRMMGLGpGlkFFjdRUbSr6/wlZp IyE75mICoOEIsZVYCI5EzdZZAzHdRUDyH071p5Rj1bX03SsV5yBa1+wNJDWpctUS D+ZxLy/uMXd8TsYJocoS9/JpXX4g5lQyxXbQQ= Received: from pb-smtp1.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id CFED560041; Sat, 4 Jul 2015 17:14:51 -0400 (EDT) Received: from mail-ob0-f180.google.com (unknown [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 72F8C6003C; Sat, 4 Jul 2015 17:14:51 -0400 (EDT) Received: by obbop1 with SMTP id op1so86450318obb.2; Sat, 04 Jul 2015 14:14:51 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.202.77.208 with SMTP id a199mr39293977oib.32.1436044491045; Sat, 04 Jul 2015 14:14:51 -0700 (PDT) Received: by 10.202.61.8 with HTTP; Sat, 4 Jul 2015 14:14:50 -0700 (PDT) In-Reply-To: <559045AF.9060607@bogus.com> References: <559045AF.9060607@bogus.com> Date: Sat, 4 Jul 2015 14:14:50 -0700 Message-ID: From: "C. M. Heard" To: joel jaeggli , Fernando Gont Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Pobox-Relay-ID: B578774C-2291-11E5-8533-561A9F42C9D4-06080547!pb-smtp1.pobox.com Archived-At: Cc: "draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org" , OPSEC , "opsec-chairs@ietf.org" , Gunter Van de Velde Subject: Re: [OPSEC] FW: I-D Action: draft-ietf-opsec-dhcpv6-shield-07.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jul 2015 21:14:56 -0000 [ Adding the working group to the reply, with apologies for the lengthy del= ay ] On Sun, Jun 28, 2015 at 12:06 PM, joel jaeggli wrote: > On 6/1/15 9:14 AM, C. M. Heard wrote: > > I failed to cc the AD, authors, and doc shepherd ... apologies for > > the duplication if you already saw this. I am making all this noise > > because if I am right this is a serious error that needs to be > > corrected prior to publication, and I see the state is > > Approved-announcement to be sent::Point Raised - writeup needed. > > sorry for the delay, imho section 5 bullet 3 I think preserves the > document's intent. There was substantial dicussion in the IESG > respecting the handling of unknown or unparasable header chains that > resulted in the slouch towards the text as you see it today. The text in bullet 3 does a fine job of saying how to handle unrecognized Next Header values. However, it does NOT say what to do when receiving a DHCPv6 packet meant for a DHCPv6 client. In -05 (the version that was the subject of intense discussion), bullet 3 did contain such instructions: "When parsing the IPv6 header chain, if the packet is identified to be a DHCPv6 packet meant for a DHCPv6 client or the packet contains an unrecognized Next Header value, DHCPv6-Shield MUST drop the packet [=E2=80=A6]." Pete Resnick's ballot comments suggested splitting th= is bullet up into two parts. The part dealing with unrecognized Next Header values made it into -07; the part dealing with DHCPv6 packets meant for DHCPv6 clients did not. The remedy I propose is to include the omitted part of Pete's suggested text, as follows: OLD: 3. DHCPv6-Shield MUST provide a configuration knob that controls whether packets with unrecognized Next Header values are dropped; this configuration knob MUST default to "drop". When parsing the IPv6 header chain, if the packet contains an unrecognized Next Header value and the configuration knob is configured to "drop", DHCPv6-Shield MUST drop the packet, and ought to log the packet drop event in an implementation-specific manner as a security fault. RATIONALE: An unrecognized Next Header value could possibly identify an IPv6 Extension Header, and thus be leveraged to conceal a DHCPv6-server packet (since there is no way for DHCPv6-Shield to parse past unrecognized Next Header values [I-D.gont-6man-rfc6564bis]). [RFC7045] requires that nodes be configurable with respect to whether packets with unrecognized headers are forwarded, and allows the default behavior to be that such packets be dropped. 4. In all other cases, DHCPv6-Shield MUST pass the packet as usual. NEW: 3. DHCPv6-Shield MUST provide a configuration knob that controls whether packets with unrecognized Next Header values are dropped; this configuration knob MUST default to "drop". When parsing the IPv6 header chain, if the packet contains an unrecognized Next Header value and the configuration knob is configured to "drop", DHCPv6-Shield MUST drop the packet, and ought to log the packet drop event in an implementation-specific manner as a security fault. RATIONALE: An unrecognized Next Header value could possibly identify an IPv6 Extension Header, and thus be leveraged to conceal a DHCPv6-server packet (since there is no way for DHCPv6-Shield to parse past unrecognized Next Header values [I-D.gont-6man-rfc6564bis]). [RFC7045] requires that nodes be configurable with respect to whether packets with unrecognized headers are forwarded, and allows the default behavior to be that such packets be dropped. 4. When parsing the IPv6 header chain, if the packet is identified to be a DHCPv6 packet meant for a DHCPv6 client, DHCPv6-Shield MUST drop the packet, and ought to the packet drop event in an implementation-specific manner as a security alert. 5. In all other cases, DHCPv6-Shield MUST pass the packet as usual. END. > imho if Fernando can live with it in it's final form I think it > preserves the WGs intent. Read literally, the document in its present form says that DHCPv6-Shield MUST pass DHCPv6 packets meant forDHCPv6 clients. From my perspective, that does not reflect what the document said when then WG passed it to the IESG nor is it technically correct. Fernando, what is your take? //cmh > > joel > > > //cmh > > > > ---------- Forwarded message ---------- > > Date: Sat, 30 May 2015 20:34:50 -0700 (PDT) > > From: C. M. Heard > > To: OPSEC > > Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-dhcpv6-shield-07.txt > > > > Greetings, > > > > The text in Section 3 seems to have dropped the step saying that if > > the packet is identified to be a DHCPv6 packet meant for a DHCPv6 > > client then a DHCPv6-Shield implementation MUST drop the packet. > > That omission defeats the entire purpose of the draft and renders it > > unsuitable for publication. > > > > As noted in http://www.ietf.org/mail-archive/web/opsec/current/msg01870= .html, > > this problem was introduced in the -06 version of the draft. Could the= authors > > PLEASE fix this, or else point out where in -07 this step is spelled ou= t? > > > > //cmh > > > > On Fri, 15 May 2015, internet-drafts@ietf.org wrote: > >> A New Internet-Draft is available from the on-line Internet-Drafts dir= ectories. > >> This draft is a work item of the Operational Security Capabilities fo= r IP Network Infrastructure Working Group of the IETF. > >> > >> Title : DHCPv6-Shield: Protecting Against Rogue DHCP= v6 Servers > >> Authors : Fernando Gont > >> Will Liu > >> Gunter Van de Velde > >> Filename : draft-ietf-opsec-dhcpv6-shield-07.txt > >> Pages : 11 > >> Date : 2015-05-15 > >> > >> Abstract: > >> This document specifies a mechanism for protecting hosts connected = to > >> a switched network against rogue DHCPv6 servers. It is based on > >> DHCPv6 packet-filtering at the layer-2 device at which the packets > >> are received. A similar mechanism has been widely deployed in IPv4 > >> networks ('DHCP snooping'), and hence it is desirable that similar > >> functionality be provided for IPv6 networks. This document specifi= es > >> a Best Current Practice for the implementation of DHCPv6 Shield. > >> > >> > >> The IETF datatracker status page for this draft is: > >> https://datatracker.ietf.org/doc/draft-ietf-opsec-dhcpv6-shield/ > >> > >> There's also a htmlized version available at: > >> https://tools.ietf.org/html/draft-ietf-opsec-dhcpv6-shield-07 > >> > >> A diff from the previous version is available at: > >> https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-opsec-dhcpv6-shield-07 > >> > >> > >> Please note that it may take a couple of minutes from the time of subm= ission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> > >> > > > From nobody Mon Jul 6 12:43:03 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99BFB1B3112; Mon, 6 Jul 2015 12:43:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uySHl85P-QMD; Mon, 6 Jul 2015 12:43:00 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8F81B3113; Mon, 6 Jul 2015 12:42:58 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.0.4.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150706194258.14120.64592.idtracker@ietfa.amsl.com> Date: Mon, 06 Jul 2015 12:42:58 -0700 Archived-At: Cc: opsec@ietf.org Subject: [OPSEC] I-D Action: draft-ietf-opsec-dhcpv6-shield-08.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 19:43:01 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. Title : DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers Authors : Fernando Gont Will Liu Gunter Van de Velde Filename : draft-ietf-opsec-dhcpv6-shield-08.txt Pages : 11 Date : 2015-07-06 Abstract: This document specifies a mechanism for protecting hosts connected to a switched network against rogue DHCPv6 servers. It is based on DHCPv6 packet-filtering at the layer-2 device at which the packets are received. A similar mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks. This document specifies a Best Current Practice for the implementation of DHCPv6 Shield. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-dhcpv6-shield/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-opsec-dhcpv6-shield-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-dhcpv6-shield-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jul 6 12:51:23 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430F01A026C for ; Mon, 6 Jul 2015 12:51:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3O6nIOo0vKo for ; Mon, 6 Jul 2015 12:51:19 -0700 (PDT) Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717FB1A0108 for ; Mon, 6 Jul 2015 12:51:19 -0700 (PDT) Received: from [186.137.82.224] (helo=[192.168.3.107]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1ZCCQ5-0000C6-W6; Mon, 06 Jul 2015 21:51:14 +0200 Message-ID: <559AD8CC.7040504@si6networks.com> Date: Mon, 06 Jul 2015 16:36:44 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: "C. M. Heard" , OPSEC References: <20150515163152.27063.80335.idtracker@ietfa.amsl.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-dhcpv6-shield-07.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 19:51:22 -0000 Hi, Mike, My sincere On 05/31/2015 12:34 AM, C. M. Heard wrote: > Greetings, > > The text in Section 3 seems to have dropped the step saying that if > the packet is identified to be a DHCPv6 packet meant for a DHCPv6 > client then a DHCPv6-Shield implementation MUST drop the packet. > That omission defeats the entire purpose of the draft and renders it > unsuitable for publication. You probably meant Section 5 rather than Section 3? > As noted in http://www.ietf.org/mail-archive/web/opsec/current/msg01870.html, > this problem was introduced in the -06 version of the draft. Could the authors > PLEASE fix this, or else point out where in -07 this step is spelled out? Good grief! It looks like the corresponding statement was mistakenly dropped while editing the document. We've fixed the document now. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From nobody Mon Jul 6 12:51:35 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6033F1A8847; Mon, 6 Jul 2015 12:51:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMxfC6dB4jBO; Mon, 6 Jul 2015 12:51:25 -0700 (PDT) Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 154B31A8746; Mon, 6 Jul 2015 12:51:25 -0700 (PDT) Received: from [186.137.82.224] (helo=[192.168.3.107]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1ZCCQB-0000C9-92; Mon, 06 Jul 2015 21:51:19 +0200 Message-ID: <559ADA13.4050709@si6networks.com> Date: Mon, 06 Jul 2015 16:42:11 -0300 From: Fernando Gont User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: "C. M. Heard" , joel jaeggli References: <559045AF.9060607@bogus.com> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Archived-At: Cc: "draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org" , OPSEC , "opsec-chairs@ietf.org" , Gunter Van de Velde Subject: Re: [OPSEC] FW: I-D Action: draft-ietf-opsec-dhcpv6-shield-07.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 19:51:29 -0000 On 07/04/2015 06:14 PM, C. M. Heard wrote: >> sorry for the delay, imho section 5 bullet 3 I think preserves the >> document's intent. There was substantial dicussion in the IESG >> respecting the handling of unknown or unparasable header chains that >> resulted in the slouch towards the text as you see it today. > > The text in bullet 3 does a fine job of saying how to handle unrecognized > Next Header values. However, it does NOT say what to do when receiving > a DHCPv6 packet meant for a DHCPv6 client. In -05 (the version that was > the subject of intense discussion), bullet 3 did contain such instructions: > "When parsing the IPv6 header chain, if the packet is identified to be a > DHCPv6 packet meant for a DHCPv6 client or the packet contains an > unrecognized Next Header value, DHCPv6-Shield MUST drop the > packet […]." Pete Resnick's ballot comments suggested splitting this > bullet up into two parts. The part dealing with unrecognized Next Header > values made it into -07; the part dealing with DHCPv6 packets meant for > DHCPv6 clients did not. You're 100% correct. > The remedy I propose is to include the omitted part of Pete's suggested > text, as follows: > > OLD: > 3. DHCPv6-Shield MUST provide a configuration knob that controls > whether packets with unrecognized Next Header values are dropped; > this configuration knob MUST default to "drop". When parsing the > IPv6 header chain, if the packet contains an unrecognized Next > Header value and the configuration knob is configured to "drop", > DHCPv6-Shield MUST drop the packet, and ought to log the packet > drop event in an implementation-specific manner as a security > fault. > > RATIONALE: An unrecognized Next Header value could possibly > identify an IPv6 Extension Header, and thus be leveraged to > conceal a DHCPv6-server packet (since there is no way for > DHCPv6-Shield to parse past unrecognized Next Header values > [I-D.gont-6man-rfc6564bis]). [RFC7045] requires that nodes be > configurable with respect to whether packets with unrecognized > headers are forwarded, and allows the default behavior to be > that such packets be dropped. > > 4. In all other cases, DHCPv6-Shield MUST pass the packet as usual. > NEW: > 3. DHCPv6-Shield MUST provide a configuration knob that controls > whether packets with unrecognized Next Header values are dropped; > this configuration knob MUST default to "drop". When parsing the > IPv6 header chain, if the packet contains an unrecognized Next > Header value and the configuration knob is configured to "drop", > DHCPv6-Shield MUST drop the packet, and ought to log the packet > drop event in an implementation-specific manner as a security > fault. > > RATIONALE: An unrecognized Next Header value could possibly > identify an IPv6 Extension Header, and thus be leveraged to > conceal a DHCPv6-server packet (since there is no way for > DHCPv6-Shield to parse past unrecognized Next Header values > [I-D.gont-6man-rfc6564bis]). [RFC7045] requires that nodes be > configurable with respect to whether packets with unrecognized > headers are forwarded, and allows the default behavior to be > that such packets be dropped. > > 4. When parsing the IPv6 header chain, if the packet is identified > to be a DHCPv6 packet meant for a DHCPv6 client, DHCPv6-Shield > MUST drop the packet, and ought to the packet drop event in an > implementation-specific manner as a security alert. > > 5. In all other cases, DHCPv6-Shield MUST pass the packet as usual. > END. This is how we've fixed the document, with the addition of a "RATIONALE" in bullet 4. Thanks so much! -- You've done a lot in keeping this document correct. Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From nobody Mon Jul 6 13:05:27 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8338C1ACE41; Mon, 6 Jul 2015 13:05:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.379 X-Spam-Level: X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLGotcYlr0Jz; Mon, 6 Jul 2015 13:05:24 -0700 (PDT) Received: from sasl.smtp.pobox.com (pb-smtp1.int.icgroup.com [208.72.237.35]) by ietfa.amsl.com (Postfix) with ESMTP id 568BA1ACE35; Mon, 6 Jul 2015 13:05:24 -0700 (PDT) Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id AB23861B27; Mon, 6 Jul 2015 16:05:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; s=sasl; bh=+pgzeugkt+O6yP5WtZ7tLsXhwC4=; b=NY7BwN tEmmB/ga+jSsHwsCXht0pwAqQqZKNJyIS2EHWhYY+P1rD1GbAKGV8wuEltK98kAB w03lD0noFZYkn7U6347y9m3sea1Kx77Px0Q/uTQVCwFMMiN3OLSkNOSpc5o46MZN G+5WmSt/DAoO2wDz8RpFE3wPFrNSfrPirTkOw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; q=dns; s=sasl; b=mD+VJEowv7I2453Bj7JmYSaMeoQbSZxu 02D1zfexThKU1YCoQnoyZf9J+T0kFao+pN+MWTwQlDQRtaIfCbI5e3oCd2ox3PBC x9DYYPUBjSKnWBD4+jgznCv76V7FlOGGmGZCvctw2vre39bikn77kMrcWLVLOOFP XkbazY7OZsM= Received: from pb-smtp1.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 9782B61B25; Mon, 6 Jul 2015 16:05:23 -0400 (EDT) Received: from mail-oi0-f42.google.com (unknown [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 172BF61B1C; Mon, 6 Jul 2015 16:05:23 -0400 (EDT) Received: by oiab3 with SMTP id b3so7915109oia.1; Mon, 06 Jul 2015 13:05:22 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.202.184.3 with SMTP id i3mr498789oif.61.1436213122502; Mon, 06 Jul 2015 13:05:22 -0700 (PDT) Received: by 10.202.61.8 with HTTP; Mon, 6 Jul 2015 13:05:22 -0700 (PDT) In-Reply-To: <559ADAC1.20608@si6networks.com> References: <559045AF.9060607@bogus.com> <559ADAC1.20608@si6networks.com> Date: Mon, 6 Jul 2015 13:05:22 -0700 Message-ID: From: "C. M. Heard" To: Fernando Gont Content-Type: text/plain; charset=UTF-8 X-Pobox-Relay-ID: 55C08D78-241A-11E5-A84F-561A9F42C9D4-06080547!pb-smtp1.pobox.com Archived-At: Cc: OPSEC , "draft-ietf-opsec-dhcpv6-shield.shepherd@ietf.org" , "opsec-chairs@ietf.org" , Gunter Van de Velde Subject: Re: [OPSEC] FW: I-D Action: draft-ietf-opsec-dhcpv6-shield-07.txt X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 20:05:25 -0000 On Mon, Jul 6, 2015 at 12:45 PM, Fernando Gont wrote: > We've rev'ed the document accordingly. It is now ready for publication. Yes, -08 indeed looks like its ready to ship. Thanks! //cmh From nobody Mon Jul 6 15:57:48 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2F321A0115; Mon, 6 Jul 2015 15:57:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHyxiqeNasQV; Mon, 6 Jul 2015 15:57:45 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 426C11A016B; Mon, 6 Jul 2015 15:57:39 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.0.4.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150706225739.12089.17217.idtracker@ietfa.amsl.com> Date: Mon, 06 Jul 2015 15:57:39 -0700 Archived-At: Cc: opsec mailing list , opsec chair , RFC Editor Subject: [OPSEC] Protocol Action: 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers' to Best Current Practice (draft-ietf-opsec-dhcpv6-shield-08.txt) X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 22:57:47 -0000 The IESG has approved the following document: - 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers' (draft-ietf-opsec-dhcpv6-shield-08.txt) as Best Current Practice This document is the product of the Operational Security Capabilities for IP Network Infrastructure Working Group. The IESG contact persons are Benoit Claise and Joel Jaeggli. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-dhcpv6-shield/ Technical Summary This document describes a mechanism for protecting hosts connected to a switched network against rogue DHCPv6 servers. This mechanism is based on DHCPv6 packet-filtering at the layer-2 device at which the packets are received. A similar mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks. Working Group Summary This document received a fair bit of in-depth review from key members of the WG. The WGLC concluded that this is useful information that is presented in an easy to read format. Document Quality This document provides advice to IPv6 implementors for protecting hosts connected to a switched network against rogue DHCPv6 servers. There is a valid implementation of this functionality on Cisco equipment. Everyone who reviewed and commented on this document agrees that this is a significant security issue and that the mechanism that this draft provides is easy to use given its similarity to a similar feature (DHCP snooping) that has existed for IPv4 networks for a while. Personnel Kiran Kumar Chittimaneni is the Document Shepherd. Joel Jaeggli is the Area Director. From nobody Mon Jul 20 17:46:48 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0587D1ACCF9 for ; Mon, 20 Jul 2015 17:46:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.749 X-Spam-Level: X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAuqPSk_b5lM for ; Mon, 20 Jul 2015 17:46:45 -0700 (PDT) Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 764C01ACCF8 for ; Mon, 20 Jul 2015 17:46:45 -0700 (PDT) Received: by wibxm9 with SMTP id xm9so105787772wib.0 for ; Mon, 20 Jul 2015 17:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=c66ivcM13QERDlJa2YIYKWxHJDaAMZHhEpCvmwPNsnI=; b=0zwdlC9+hwdZa3mPWNbORyL+l8+5IVEuaxp7U/6PfHRBUwc199cGNCsTOKrEEuF+RU jO2/Q7ImzK5X/M2nrNmi5ihhecx1mlN3R1Cxm+cUkHSKkAcCugXrq9+SMNzmw7G7F2+j GzaVo0kt5/x4hR6NaaGMYPMf/t96LouaWcziT/a4fPiPSo3na/vMnXGttIONu/26VmAe glvq4KocdTPzhqRSeV+DfkbmyKzqyvRfcKwgqcISZxdW4FT5mp/orVgs18hgHsXIE7yB oVO3JiDOIDKirrrVet8dB7EhDcr/2o1QRqNwvjac9s1xrSRosQkzMMbZHMFvcHwQnand E6Zw== MIME-Version: 1.0 X-Received: by 10.194.235.227 with SMTP id up3mr66029968wjc.132.1437439604157; Mon, 20 Jul 2015 17:46:44 -0700 (PDT) Received: by 10.194.191.232 with HTTP; Mon, 20 Jul 2015 17:46:44 -0700 (PDT) Date: Mon, 20 Jul 2015 17:46:44 -0700 Message-ID: From: Ca By To: "opsec@ietf.org" Content-Type: multipart/alternative; boundary=089e0141a510fdf1e7051b57fc99 Archived-At: Cc: draft-byrne-opsec-udp-advisory@tools.ietf.org Subject: [OPSEC] draft-byrne-opsec-udp-advisory X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2015 00:46:47 -0000 --089e0141a510fdf1e7051b57fc99 Content-Type: text/plain; charset=UTF-8 Op sec, Given the number of udp related developments, I created this I-d to express concern about further udp work and expound on some operational practices that conflict with udp growth. Your feedback is welcome. ========= A new version of I-D, draft-byrne-opsec-udp-advisory-00.txt has been successfully submitted by Cameron Byrne and posted to the IETF repository. Name: draft-byrne-opsec-udp-advisory Revision: 00 Title: Advisory Guidelines for UDP Deployment Document date: 2015-07-20 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-byrne-opsec-udp-advisory-00.txt Status: https://datatracker.ietf.org/doc/draft-byrne-opsec-udp-advisory/ Htmlized: https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00 Abstract: User Datagram Protocol (UDP) is commonly used as a volumetric attack transport on the internet. Some network operators experience surges of UDP attack traffic that are multiple orders of magnitude above the baseline traffic rate for UDP. Application developers should be advised that UDP is being rate-limited on a bits-per-second and packet-per-second basis by network operators to enforce known good baseline traffic levels for UDP. UDP has been abused to such an extent that legitimate use may become collateral damage and application and protocol developers should avoid using UDP as a transport when possible. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --089e0141a510fdf1e7051b57fc99 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Op sec,

<= /div>
Given the number of udp related developments, I created this I-d to exp= ress concern=C2=A0=C2=A0about further udp work and expound on some operatio= nal practices that conflict with udp growth.=C2=A0

<= /font>
Your feedback is welcome.=C2=A0

<= /font>
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A new version of I-D,= draft-byrne-opsec-udp-advisory-00.txt
has been successfully submitted b= y Cameron Byrne and posted to the
IETF repository.

Name: =C2=A0 = =C2=A0 =C2=A0 =C2=A0draft-byrne-opsec-udp-advisory
Revision: =C2=A0 =C2= =A000
Title: =C2=A0 =C2=A0 =C2=A0 =C2=A0Advisory Guidelines for UDP Depl= oyment
Document date: =C2=A0 =C2=A02015-07-20
Group: =C2=A0 =C2=A0 = =C2=A0 =C2=A0Individual Submission
Pages: =C2=A0 =C2=A0 =C2=A0 =C2=A05URL: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0https://www.ietf.org/internet-drafts/draft-byrne-opsec-udp-adviso= ry-00.txt
Status: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= https://datatracker.ietf.org/doc/draft-byrne-opsec-udp-advisory/
Htm= lized: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0https://tools.ietf.org/html/draft= -byrne-opsec-udp-advisory-00


Abstract:
=C2=A0=C2=A0User D= atagram Protocol (UDP) is commonly used as a volumetric attack
=C2=A0=C2= =A0transport on the internet.=C2=A0 Some network operators experience surge= s
=C2=A0=C2=A0of UDP attack traffic that are multiple orders of magnitud= e above the
=C2=A0=C2=A0baseline traffic rate for UDP.=C2=A0 Application= developers should be
=C2=A0=C2=A0advised that UDP is being rate-limited= on a bits-per-second and
=C2=A0=C2=A0packet-per-second basis by network= operators to enforce known good
=C2=A0=C2=A0baseline traffic levels for= UDP. UDP has been abused to such an
=C2=A0=C2=A0extent that legitimate = use may become collateral damage and
=C2=A0=C2=A0application and protoco= l developers should avoid using UDP as a
=C2=A0=C2=A0transport when poss= ible.





Please note that it may take a couple of minut= es from the time of submission
until the htmlized version and diff are a= vailable at=C2=A0tools.ietf.org.
=
The IETF Secretariat
--089e0141a510fdf1e7051b57fc99-- From nobody Sat Jul 25 18:21:08 2015 Return-Path: X-Original-To: opsec@ietfa.amsl.com Delivered-To: opsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64AF31ACD94 for ; Sat, 25 Jul 2015 18:21:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.226 X-Spam-Level: X-Spam-Status: No, score=0.226 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQ6ksQ5dM2Ub for ; Sat, 25 Jul 2015 18:21:03 -0700 (PDT) Received: from cdpipgw02.twcable.com (cdpipgw02.twcable.com [165.237.59.23]) by ietfa.amsl.com (Postfix) with ESMTP id 739311ACD9A for ; Sat, 25 Jul 2015 18:21:03 -0700 (PDT) X-SENDER-IP: 10.136.163.15 X-SENDER-REPUTATION: None X-IronPort-AV: E=Sophos;i="5.15,544,1432612800"; d="scan'208,217";a="730824206" Received: from unknown (HELO PRVPEXHUB06.corp.twcable.com) ([10.136.163.15]) by cdpipgw02.twcable.com with ESMTP/TLS/RC4-MD5; 25 Jul 2015 20:56:23 -0400 Received: from PRVPEXVS10.corp.twcable.com ([10.136.163.41]) by PRVPEXHUB06.corp.twcable.com ([10.136.163.15]) with mapi; Sat, 25 Jul 2015 21:21:02 -0400 From: "George, Wes" To: Ca By , "opsec@ietf.org" Date: Sat, 25 Jul 2015 21:21:02 -0400 Thread-Topic: [OPSEC] draft-byrne-opsec-udp-advisory Thread-Index: AdDHQVXPcfl8iApGTz+vyLTOanxB4w== Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.5.3.150624 acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_D1D95E775E50Dwesleygeorgetwcablecom_" MIME-Version: 1.0 Archived-At: Cc: "draft-byrne-opsec-udp-advisory@tools.ietf.org" Subject: Re: [OPSEC] draft-byrne-opsec-udp-advisory X-BeenThere: opsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: opsec wg mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 01:21:06 -0000 --_000_D1D95E775E50Dwesleygeorgetwcablecom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Q2FtZXJvbiAtDQoNClRoYW5rIHlvdSBmb3Igd3JpdGluZyB0aGlzLiBJIHRoaW5rIGl0J3MgdXNl ZnVsIGd1aWRhbmNlLCBidXQgSSBoYXZlIHNvbWUgc3BlY2lmaWMgc3VnZ2VzdGlvbnM6DQoNCkZp cnN0IG9mIGFsbCwgeW91IG5lZWQgdG8gYmUgY2xlYXJlciB3aGF0IHlvdSBtZWFuIGJ5IGJhc2Vs aW5lIGluIHlvdXIgcmVjb21tZW5kYXRpb25zIHRoYXQgb3BlcmF0b3JzIHNob3VsZCBkbyBpdC4g SSBrbm93IGZyb20gb3RoZXIgY29udmVyc2F0aW9ucyB0aGF0IHdoYXQgeW91IG1lYW4gaXMgdGhh dCB0aGUgcmF0ZS1saW1pdCBpcyBub3Qgc2V0IGFuZCBmb3JnZXQsIGJ1dCBzb21ldGhpbmcgdGhh dCBpcyBjb25zdGFudGx5IHJlLWV2YWx1YXRlZCB0byBkZXRlcm1pbmUgdGhlIGJhc2VsaW5lLCBp LmUuIEFzIGEgcGVyY2VudGFnZSBvZiBvdmVyYWxsIHRyYWZmaWMsIGFuZCB0aGlzIGlzIGludGVu ZGVkIHRvIGJlIGEgY2lyY3VpdC1icmVha2VyIG9mIHNvcnRzIHRoYXQgcHJvdGVjdHMgYWdhaW5z dCBzdWRkZW4gc3Bpa2VzIG9mIFVEUCB0cmFmZmljIHdpdGggdGhlIGxlYXN0IHBvc3NpYmxlIGlt cGFjdCB0byBsZWdpdGltYXRlIHRyYWZmaWMsIGtub3dpbmcgZnVsbCB3ZWxsIHRoYXQgbGVnaXRp bWF0ZSB0cmFmZmljIGNvbnRpbnVlcyB0byBpbmNyZWFzZSwgb3IgbWF5IGZvbGxvdyBhIGRpdXJu YWwgcGF0dGVybiwgZmxhc2ggbW9iLCBldGMuIElmIHRoZXJlIGlzIGluZm9ybWF0aW9uIGF2YWls YWJsZSBhYm91dCBob3cgdGhpcyBpcyBhY2NvbXBsaXNoZWQgb24gc29tZSB0eXBlcyBvZiBoYXJk d2FyZSAoaS5lLiBUaGUgd2F5IHRoYXQgeW91J3JlIGRvaW5nIGl0IGlzbid0IHByb3ByaWV0YXJ5 KSBpdCBtaWdodCBiZSB1c2VmdWwgdG8gZGlzY3VzcyB0aGlzLCBiZWNhdXNlIHRoYXQgbWFrZXMg cGVvcGxlIG1vcmUgbGlrZWx5IHRvIGltcGxlbWVudCBpdC4NCg0KU2Vjb25kLCBJIHdvdWxkIHJl bW92ZSB0aGUgcmVjb21tZW5kYXRpb24gYWdhaW5zdCB1c2luZyBVRFAuIFlvdXIgZGlzY3Vzc2lv biBvZiB0aGUgcHJhY3RpY2Ugb2YgZG9pbmcgdGhpcyBzb3J0IG9mIHJhdGUgbGltaXRpbmcgYW5k IGFuIGV4cGxhbmF0aW9uIG9mIHRoZSByaXNrIHRvIFVEUCB0cmFmZmljIHNob3VsZCBiZSBlbm91 Z2ggdG8gbWFrZSBwZW9wbGUgY29uc2lkZXIgdGhlaXIgdXNlIG9mIFVEUCBmb3IgdGhlaXIgYXBw bGljYXRpb25zIG1vcmUgY2FyZWZ1bGx5LiBEb2luZyB0aGF0IG1ha2VzIHRoaXMgZG9jdW1lbnQg bW9yZSBsaWtlbHkgdG8gYWNoaWV2ZSBjb25zZW5zdXMgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIG1p c2ludGVycHJldGVkIGFzIHRoZSBJRVRGIHNheWluZyAiVURQIGNvbnNpZGVyZWQgaGFybWZ1bCIg b3Igc2ltaWxhci4NCg0KTGFzdCDigJMgSSBoYWQgYSBjb252ZXJzYXRpb24gd2l0aCBzb21lb25l ICh3aG9zZSBuYW1lIGlzIHVuZm9ydHVuYXRlbHkgZXNjYXBpbmcgbWUpIGluIFByYWd1ZSByZWdh cmRpbmcgdGhpcywgYW5kIGhlIG1lbnRpb25lZCBvbmUgcG9pbnQgdG8gcG90ZW50aWFsbHkgaGln aGxpZ2h0IGlzIHRoYXQgVURQIGF0dGFja3MgdGhhdCBhcmUgYWJ1c2luZyBvcGVuIHJlZmxlY3Rv cnMgKE5UUCwgQ2hhcmdlbiwgZXRjKSBjYW4gYmUgZGlzdGluZ3Vpc2hlZCBmcm9tIGxlZ2l0aW1h dGUgdHJhZmZpYyBpZiB0aGVyZSBpcyBzb21ldGhpbmcgaW4gdGhlIGhlYWRlciBvZiBtb3N0IGxl Z2l0aW1hdGUgVURQIHRyYWZmaWMgKGVzcGVjaWFsbHkgdGhhdCB3aGljaCBpcyBjb25nZXN0aW9u LWF3YXJlIGF0IHRoZSBhcHAgbGV2ZWwsIG9yIG90aGVyd2lzZSB3ZWxsLWJlaGF2ZWQpIGJlY2F1 c2Ugd2hpbGUgYW4gYXBwIGNvdWxkIGdlbmVyYXRlIHBhY2tldHMgd2l0aCB0aGUgcmlnaHQgZmxh ZywgdHJhZmZpYyBjb21pbmcgaW4gZnJvbSBhIHJlZmxlY3RvciBpcyB1bmxpa2VseSB0byBoYXZl IHRoYXQgaW5mb3JtYXRpb24gb24gdGhlIGhlYWRlciBzaW5jZSB0aGUgYXR0YWNrZXIgZG9lcyBu b3QgaGF2ZSBhbnkgYWN0dWFsIGNvbnRyb2wgb3ZlciB0aGUgcmVmbGVjdG9yLiAgSXQgd291bGRu J3QgZml4IHJhdyBVRFAgZmxvb2RzIChub24tcmVmbGVjdGVkIEREb1MpIHdoZXJlIHRoZSBhdHRh Y2tlciBnZW5lcmF0ZXMgcGFja2V0cyB3aXRoIHRoYXQgYml0IHNldCBidXQgaXQgd291bGQgYXQg bGVhc3QgZ2l2ZSB5b3UgYW5vdGhlciBwaWVjZSBvZiBkYXRhIHdoZW4gZXN0YWJsaXNoaW5nIHlv dXIgYmFzZWxpbmUuIEkgaGF0ZSB0byBzYXkgaXQsIGJ1dCBpdCdzIGFsbW9zdCBsaWtlIHRoZSBv cHBvc2l0ZSBvZiB0aGUgImV2aWwgYml0Ii4NCg0KVGhhbmtzLA0KDQpXZXMNCg0KDQpGcm9tOiBP UFNFQyA8b3BzZWMtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86b3BzZWMtYm91bmNlc0BpZXRmLm9y Zz4+IG9uIGJlaGFsZiBvZiBDYSBCeSA8Y2IubGlzdDZAZ21haWwuY29tPG1haWx0bzpjYi5saXN0 NkBnbWFpbC5jb20+Pg0KRGF0ZTogTW9uZGF5LCBKdWx5IDIwLCAyMDE1IGF0IDg6NDYgUE0NClRv OiAib3BzZWNAaWV0Zi5vcmc8bWFpbHRvOm9wc2VjQGlldGYub3JnPiIgPG9wc2VjQGlldGYub3Jn PG1haWx0bzpvcHNlY0BpZXRmLm9yZz4+DQpDYzogImRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZp c29yeUB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5 QHRvb2xzLmlldGYub3JnPiIgPGRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeUB0b29scy5p ZXRmLm9yZzxtYWlsdG86ZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5QHRvb2xzLmlldGYu b3JnPj4NClN1YmplY3Q6IFtPUFNFQ10gZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5DQoN Ck9wIHNlYywNCg0KR2l2ZW4gdGhlIG51bWJlciBvZiB1ZHAgcmVsYXRlZCBkZXZlbG9wbWVudHMs IEkgY3JlYXRlZCB0aGlzIEktZCB0byBleHByZXNzIGNvbmNlcm4gIGFib3V0IGZ1cnRoZXIgdWRw IHdvcmsgYW5kIGV4cG91bmQgb24gc29tZSBvcGVyYXRpb25hbCBwcmFjdGljZXMgdGhhdCBjb25m bGljdCB3aXRoIHVkcCBncm93dGguDQoNCllvdXIgZmVlZGJhY2sgaXMgd2VsY29tZS4NCg0KPT09 PT09PT09DQoNCkEgbmV3IHZlcnNpb24gb2YgSS1ELCBkcmFmdC1ieXJuZS1vcHNlYy11ZHAtYWR2 aXNvcnktMDAudHh0DQpoYXMgYmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0dGVkIGJ5IENhbWVyb24g QnlybmUgYW5kIHBvc3RlZCB0byB0aGUNCklFVEYgcmVwb3NpdG9yeS4NCg0KTmFtZTogICAgICAg IGRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeQ0KUmV2aXNpb246ICAgIDAwDQpUaXRsZTog ICAgICAgIEFkdmlzb3J5IEd1aWRlbGluZXMgZm9yIFVEUCBEZXBsb3ltZW50DQpEb2N1bWVudCBk YXRlOiAgICAyMDE1LTA3LTIwDQpHcm91cDogICAgICAgIEluZGl2aWR1YWwgU3VibWlzc2lvbg0K UGFnZXM6ICAgICAgICA1DQpVUkw6ICAgICAgICAgICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50 ZXJuZXQtZHJhZnRzL2RyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeS0wMC50eHQNClN0YXR1 czogICAgICAgICBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1ieXJuZS1v cHNlYy11ZHAtYWR2aXNvcnkvDQpIdG1saXplZDogICAgICAgaHR0cHM6Ly90b29scy5pZXRmLm9y Zy9odG1sL2RyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeS0wMA0KDQoNCkFic3RyYWN0Og0K ICBVc2VyIERhdGFncmFtIFByb3RvY29sIChVRFApIGlzIGNvbW1vbmx5IHVzZWQgYXMgYSB2b2x1 bWV0cmljIGF0dGFjaw0KICB0cmFuc3BvcnQgb24gdGhlIGludGVybmV0LiAgU29tZSBuZXR3b3Jr IG9wZXJhdG9ycyBleHBlcmllbmNlIHN1cmdlcw0KICBvZiBVRFAgYXR0YWNrIHRyYWZmaWMgdGhh dCBhcmUgbXVsdGlwbGUgb3JkZXJzIG9mIG1hZ25pdHVkZSBhYm92ZSB0aGUNCiAgYmFzZWxpbmUg dHJhZmZpYyByYXRlIGZvciBVRFAuICBBcHBsaWNhdGlvbiBkZXZlbG9wZXJzIHNob3VsZCBiZQ0K ICBhZHZpc2VkIHRoYXQgVURQIGlzIGJlaW5nIHJhdGUtbGltaXRlZCBvbiBhIGJpdHMtcGVyLXNl Y29uZCBhbmQNCiAgcGFja2V0LXBlci1zZWNvbmQgYmFzaXMgYnkgbmV0d29yayBvcGVyYXRvcnMg dG8gZW5mb3JjZSBrbm93biBnb29kDQogIGJhc2VsaW5lIHRyYWZmaWMgbGV2ZWxzIGZvciBVRFAu IFVEUCBoYXMgYmVlbiBhYnVzZWQgdG8gc3VjaCBhbg0KICBleHRlbnQgdGhhdCBsZWdpdGltYXRl IHVzZSBtYXkgYmVjb21lIGNvbGxhdGVyYWwgZGFtYWdlIGFuZA0KICBhcHBsaWNhdGlvbiBhbmQg cHJvdG9jb2wgZGV2ZWxvcGVycyBzaG91bGQgYXZvaWQgdXNpbmcgVURQIGFzIGENCiAgdHJhbnNw b3J0IHdoZW4gcG9zc2libGUuDQoNCg0KDQoNCg0KUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFr ZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbg0KdW50aWwg dGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRm Lm9yZzxodHRwOi8vdG9vbHMuaWV0Zi5vcmcvPi4NCg0KVGhlIElFVEYgU2VjcmV0YXJpYXQNCg0K X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NClRoaXMgRS1tYWlsIGFuZCBhbnkgb2Yg aXRzIGF0dGFjaG1lbnRzIG1heSBjb250YWluIFRpbWUgV2FybmVyIENhYmxlIHByb3ByaWV0YXJ5 IGluZm9ybWF0aW9uLCB3aGljaCBpcyBwcml2aWxlZ2VkLCBjb25maWRlbnRpYWwsIG9yIHN1Ympl Y3QgdG8gY29weXJpZ2h0IGJlbG9uZ2luZyB0byBUaW1lIFdhcm5lciBDYWJsZS4gVGhpcyBFLW1h aWwgaXMgaW50ZW5kZWQgc29sZWx5IGZvciB0aGUgdXNlIG9mIHRoZSBpbmRpdmlkdWFsIG9yIGVu dGl0eSB0byB3aGljaCBpdCBpcyBhZGRyZXNzZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRl ZCByZWNpcGllbnQgb2YgdGhpcyBFLW1haWwsIHlvdSBhcmUgaGVyZWJ5IG5vdGlmaWVkIHRoYXQg YW55IGRpc3NlbWluYXRpb24sIGRpc3RyaWJ1dGlvbiwgY29weWluZywgb3IgYWN0aW9uIHRha2Vu IGluIHJlbGF0aW9uIHRvIHRoZSBjb250ZW50cyBvZiBhbmQgYXR0YWNobWVudHMgdG8gdGhpcyBF LW1haWwgaXMgc3RyaWN0bHkgcHJvaGliaXRlZCBhbmQgbWF5IGJlIHVubGF3ZnVsLiBJZiB5b3Ug aGF2ZSByZWNlaXZlZCB0aGlzIEUtbWFpbCBpbiBlcnJvciwgcGxlYXNlIG5vdGlmeSB0aGUgc2Vu ZGVyIGltbWVkaWF0ZWx5IGFuZCBwZXJtYW5lbnRseSBkZWxldGUgdGhlIG9yaWdpbmFsIGFuZCBh bnkgY29weSBvZiB0aGlzIEUtbWFpbCBhbmQgYW55IHByaW50b3V0Lg0K --_000_D1D95E775E50Dwesleygeorgetwcablecom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj4NCjxkaXY+DQo8 ZGl2PkNhbWVyb24gLSZuYnNwOzwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+VGhhbmsg eW91IGZvciB3cml0aW5nIHRoaXMuIEkgdGhpbmsgaXQncyB1c2VmdWwgZ3VpZGFuY2UsIGJ1dCBJ IGhhdmUgc29tZSBzcGVjaWZpYyBzdWdnZXN0aW9uczo8L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+ DQo8ZGl2PkZpcnN0IG9mIGFsbCwgeW91IG5lZWQgdG8gYmUgY2xlYXJlciB3aGF0IHlvdSBtZWFu IGJ5IGJhc2VsaW5lIGluIHlvdXIgcmVjb21tZW5kYXRpb25zIHRoYXQgb3BlcmF0b3JzIHNob3Vs ZCBkbyBpdC4gSSBrbm93IGZyb20gb3RoZXIgY29udmVyc2F0aW9ucyB0aGF0IHdoYXQgeW91IG1l YW4gaXMgdGhhdCB0aGUgcmF0ZS1saW1pdCBpcyBub3Qgc2V0IGFuZCBmb3JnZXQsIGJ1dCBzb21l dGhpbmcgdGhhdCBpcyBjb25zdGFudGx5IHJlLWV2YWx1YXRlZA0KIHRvIGRldGVybWluZSB0aGUg YmFzZWxpbmUsIGkuZS4gQXMgYSBwZXJjZW50YWdlIG9mIG92ZXJhbGwgdHJhZmZpYywgYW5kIHRo aXMgaXMgaW50ZW5kZWQgdG8gYmUgYSBjaXJjdWl0LWJyZWFrZXIgb2Ygc29ydHMgdGhhdCBwcm90 ZWN0cyBhZ2FpbnN0IHN1ZGRlbiBzcGlrZXMgb2YgVURQIHRyYWZmaWMgd2l0aCB0aGUgbGVhc3Qg cG9zc2libGUgaW1wYWN0IHRvIGxlZ2l0aW1hdGUgdHJhZmZpYywga25vd2luZyBmdWxsIHdlbGwg dGhhdCBsZWdpdGltYXRlDQogdHJhZmZpYyBjb250aW51ZXMgdG8gaW5jcmVhc2UsIG9yIG1heSBm b2xsb3cgYSBkaXVybmFsIHBhdHRlcm4sIGZsYXNoIG1vYiwgZXRjLiBJZiB0aGVyZSBpcyBpbmZv cm1hdGlvbiBhdmFpbGFibGUgYWJvdXQgaG93IHRoaXMgaXMgYWNjb21wbGlzaGVkIG9uIHNvbWUg dHlwZXMgb2YgaGFyZHdhcmUgKGkuZS4gVGhlIHdheSB0aGF0IHlvdSdyZSBkb2luZyBpdCBpc24n dCBwcm9wcmlldGFyeSkgaXQgbWlnaHQgYmUgdXNlZnVsIHRvIGRpc2N1c3MgdGhpcywNCiBiZWNh dXNlIHRoYXQgbWFrZXMgcGVvcGxlIG1vcmUgbGlrZWx5IHRvIGltcGxlbWVudCBpdC4mbmJzcDs8 L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PlNlY29uZCwgSSB3b3VsZCByZW1vdmUgdGhl IHJlY29tbWVuZGF0aW9uIGFnYWluc3QgdXNpbmcgVURQLiBZb3VyIGRpc2N1c3Npb24gb2YgdGhl IHByYWN0aWNlIG9mIGRvaW5nIHRoaXMgc29ydCBvZiByYXRlIGxpbWl0aW5nIGFuZCBhbiBleHBs YW5hdGlvbiBvZiB0aGUgcmlzayB0byBVRFAgdHJhZmZpYyBzaG91bGQgYmUgZW5vdWdoIHRvIG1h a2UgcGVvcGxlIGNvbnNpZGVyIHRoZWlyIHVzZSBvZiBVRFAgZm9yIHRoZWlyIGFwcGxpY2F0aW9u cw0KIG1vcmUgY2FyZWZ1bGx5LiBEb2luZyB0aGF0IG1ha2VzIHRoaXMgZG9jdW1lbnQgbW9yZSBs aWtlbHkgdG8gYWNoaWV2ZSBjb25zZW5zdXMgYW5kIGxlc3MgbGlrZWx5IHRvIGJlIG1pc2ludGVy cHJldGVkIGFzIHRoZSBJRVRGIHNheWluZyAmcXVvdDtVRFAgY29uc2lkZXJlZCBoYXJtZnVsJnF1 b3Q7IG9yIHNpbWlsYXIuJm5ic3A7PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5MYXN0 IOKAkyBJIGhhZCBhIGNvbnZlcnNhdGlvbiB3aXRoIHNvbWVvbmUgKHdob3NlIG5hbWUgaXMgdW5m b3J0dW5hdGVseSBlc2NhcGluZyBtZSkgaW4gUHJhZ3VlIHJlZ2FyZGluZyB0aGlzLCBhbmQgaGUg bWVudGlvbmVkIG9uZSBwb2ludCB0byBwb3RlbnRpYWxseSBoaWdobGlnaHQgaXMgdGhhdCBVRFAg YXR0YWNrcyB0aGF0IGFyZSBhYnVzaW5nIG9wZW4gcmVmbGVjdG9ycyAoTlRQLCBDaGFyZ2VuLCBl dGMpIGNhbiBiZSBkaXN0aW5ndWlzaGVkDQogZnJvbSBsZWdpdGltYXRlIHRyYWZmaWMgaWYgdGhl cmUgaXMgc29tZXRoaW5nIGluIHRoZSBoZWFkZXIgb2YgbW9zdCBsZWdpdGltYXRlIFVEUCB0cmFm ZmljIChlc3BlY2lhbGx5IHRoYXQgd2hpY2ggaXMgY29uZ2VzdGlvbi1hd2FyZSBhdCB0aGUgYXBw IGxldmVsLCBvciBvdGhlcndpc2Ugd2VsbC1iZWhhdmVkKSBiZWNhdXNlIHdoaWxlIGFuIGFwcCBj b3VsZCBnZW5lcmF0ZSBwYWNrZXRzIHdpdGggdGhlIHJpZ2h0IGZsYWcsIHRyYWZmaWMgY29taW5n DQogaW4gZnJvbSBhIHJlZmxlY3RvciBpcyB1bmxpa2VseSB0byBoYXZlIHRoYXQgaW5mb3JtYXRp b24gb24gdGhlIGhlYWRlciBzaW5jZSB0aGUgYXR0YWNrZXIgZG9lcyBub3QgaGF2ZSBhbnkgYWN0 dWFsIGNvbnRyb2wgb3ZlciB0aGUgcmVmbGVjdG9yLiAmbmJzcDtJdCB3b3VsZG4ndCBmaXggcmF3 IFVEUCBmbG9vZHMgKG5vbi1yZWZsZWN0ZWQgRERvUykgd2hlcmUgdGhlIGF0dGFja2VyIGdlbmVy YXRlcyBwYWNrZXRzIHdpdGggdGhhdCBiaXQgc2V0IGJ1dCBpdA0KIHdvdWxkIGF0IGxlYXN0IGdp dmUgeW91IGFub3RoZXIgcGllY2Ugb2YgZGF0YSB3aGVuIGVzdGFibGlzaGluZyB5b3VyIGJhc2Vs aW5lLiBJIGhhdGUgdG8gc2F5IGl0LCBidXQgaXQncyBhbG1vc3QgbGlrZSB0aGUgb3Bwb3NpdGUg b2YgdGhlICZxdW90O2V2aWwgYml0JnF1b3Q7LiZuYnNwOzwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7Ij5UaGFua3MsPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6 IDExcHQ7Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsiPldlczxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7Ij48YnI+DQo8L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8c3BhbiBpZD0iT0xLX1NS Q19CT0RZX1NFQ1RJT04iPg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6Q2FsaWJyaTsgZm9udC1z aXplOjExcHQ7IHRleHQtYWxpZ246bGVmdDsgY29sb3I6YmxhY2s7IEJPUkRFUi1CT1RUT006IG1l ZGl1bSBub25lOyBCT1JERVItTEVGVDogbWVkaXVtIG5vbmU7IFBBRERJTkctQk9UVE9NOiAwaW47 IFBBRERJTkctTEVGVDogMGluOyBQQURESU5HLVJJR0hUOiAwaW47IEJPUkRFUi1UT1A6ICNiNWM0 ZGYgMXB0IHNvbGlkOyBCT1JERVItUklHSFQ6IG1lZGl1bSBub25lOyBQQURESU5HLVRPUDogM3B0 Ij4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5Gcm9tOiA8L3NwYW4+T1BTRUMgJmx0 OzxhIGhyZWY9Im1haWx0bzpvcHNlYy1ib3VuY2VzQGlldGYub3JnIj5vcHNlYy1ib3VuY2VzQGll dGYub3JnPC9hPiZndDsgb24gYmVoYWxmIG9mIENhIEJ5ICZsdDs8YSBocmVmPSJtYWlsdG86Y2Iu bGlzdDZAZ21haWwuY29tIj5jYi5saXN0NkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCjxzcGFuIHN0 eWxlPSJmb250LXdlaWdodDpib2xkIj5EYXRlOiA8L3NwYW4+TW9uZGF5LCBKdWx5IDIwLCAyMDE1 IGF0IDg6NDYgUE08YnI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+VG86IDwvc3Bh bj4mcXVvdDs8YSBocmVmPSJtYWlsdG86b3BzZWNAaWV0Zi5vcmciPm9wc2VjQGlldGYub3JnPC9h PiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOm9wc2VjQGlldGYub3JnIj5vcHNlY0BpZXRmLm9y ZzwvYT4mZ3Q7PGJyPg0KPHNwYW4gc3R5bGU9ImZvbnQtd2VpZ2h0OmJvbGQiPkNjOiA8L3NwYW4+ JnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeUB0b29s cy5pZXRmLm9yZyI+ZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5QHRvb2xzLmlldGYub3Jn PC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZp c29yeUB0b29scy5pZXRmLm9yZyI+ZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5QHRvb2xz LmlldGYub3JnPC9hPiZndDs8YnI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+U3Vi amVjdDogPC9zcGFuPltPUFNFQ10gZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5PGJyPg0K PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGZvbnQgc2l6ZT0iMiI+PHNwYW4gc3R5bGU9Ii13 ZWJraXQtdGFwLWhpZ2hsaWdodC1jb2xvcjogcmdiYSgyNiwgMjYsIDI2LCAwLjMwMTk2MSk7Ij5P cCBzZWMsPC9zcGFuPjwvZm9udD4NCjxkaXY+PGZvbnQgc2l6ZT0iMiI+PHNwYW4gc3R5bGU9Ii13 ZWJraXQtdGFwLWhpZ2hsaWdodC1jb2xvcjogcmdiYSgyNiwgMjYsIDI2LCAwLjMwMTk2MSk7Ij48 YnI+DQo8L3NwYW4+PC9mb250PjwvZGl2Pg0KPGRpdj4NCjxkaXY+PGZvbnQgc2l6ZT0iMiIgc3R5 bGU9ImJhY2tncm91bmQtY29sb3I6cmdiYSgyNTUsMjU1LDI1NSwwKSI+R2l2ZW4gdGhlIG51bWJl ciBvZiB1ZHAgcmVsYXRlZCBkZXZlbG9wbWVudHMsIEkgY3JlYXRlZCB0aGlzIEktZCB0byBleHBy ZXNzIGNvbmNlcm4mbmJzcDsmbmJzcDthYm91dCBmdXJ0aGVyIHVkcCB3b3JrIGFuZCBleHBvdW5k IG9uIHNvbWUgb3BlcmF0aW9uYWwgcHJhY3RpY2VzIHRoYXQgY29uZmxpY3Qgd2l0aCB1ZHAgZ3Jv d3RoLiZuYnNwOzwvZm9udD48L2Rpdj4NCjxkaXY+PGZvbnQgc2l6ZT0iMiI+PHNwYW4gc3R5bGU9 ImJhY2tncm91bmQtY29sb3I6cmdiYSgyNTUsMjU1LDI1NSwwKSI+PGJyPg0KPC9zcGFuPjwvZm9u dD48L2Rpdj4NCjxkaXY+PGZvbnQgc2l6ZT0iMiI+PHNwYW4gc3R5bGU9ImJhY2tncm91bmQtY29s b3I6cmdiYSgyNTUsMjU1LDI1NSwwKSI+WW91ciBmZWVkYmFjayBpcyB3ZWxjb21lLiZuYnNwOzwv c3Bhbj48L2ZvbnQ+PC9kaXY+DQo8ZGl2Pjxmb250IHNpemU9IjIiPjxzcGFuIHN0eWxlPSJiYWNr Z3JvdW5kLWNvbG9yOnJnYmEoMjU1LDI1NSwyNTUsMCkiPjxicj4NCjwvc3Bhbj48L2ZvbnQ+PC9k aXY+DQo8Zm9udCBzaXplPSIyIiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjpyZ2JhKDI1NSwyNTUs MjU1LDApIj4NCjxkaXY+PT09PT09PT09PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KQSBuZXcg dmVyc2lvbiBvZiBJLUQsIGRyYWZ0LWJ5cm5lLW9wc2VjLXVkcC1hZHZpc29yeS0wMC50eHQ8YnI+ DQpoYXMgYmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0dGVkIGJ5IENhbWVyb24gQnlybmUgYW5kIHBv c3RlZCB0byB0aGU8YnI+DQpJRVRGIHJlcG9zaXRvcnkuPGJyPg0KPGJyPg0KTmFtZTogJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlzb3J5PGJyPg0K UmV2aXNpb246ICZuYnNwOyAmbmJzcDswMDxicj4NClRpdGxlOiAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDtBZHZpc29yeSBHdWlkZWxpbmVzIGZvciBVRFAgRGVwbG95bWVudDxicj4NCkRvY3Vt ZW50IGRhdGU6ICZuYnNwOyAmbmJzcDsyMDE1LTA3LTIwPGJyPg0KR3JvdXA6ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwO0luZGl2aWR1YWwgU3VibWlzc2lvbjxicj4NClBhZ2VzOiAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDs1PGJyPg0KVVJMOiAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwczov L3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtYnlybmUtb3BzZWMtdWRwLWFkdmlz b3J5LTAwLnR4dCI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LWJ5 cm5lLW9wc2VjLXVkcC1hZHZpc29yeS0wMC50eHQ8L2E+PGJyPg0KU3RhdHVzOiAmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwczovL2Rh dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1ieXJuZS1vcHNlYy11ZHAtYWR2aXNvcnkvIj5o dHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1ieXJuZS1vcHNlYy11ZHAtYWR2 aXNvcnkvPC9hPjxicj4NCkh0bWxpemVkOiAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDs8YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtYnlybmUtb3Bz ZWMtdWRwLWFkdmlzb3J5LTAwIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtYnly bmUtb3BzZWMtdWRwLWFkdmlzb3J5LTAwPC9hPjxicj4NCjxicj4NCjxicj4NCkFic3RyYWN0Ojxi cj4NCiZuYnNwOyZuYnNwO1VzZXIgRGF0YWdyYW0gUHJvdG9jb2wgKFVEUCkgaXMgY29tbW9ubHkg dXNlZCBhcyBhIHZvbHVtZXRyaWMgYXR0YWNrPGJyPg0KJm5ic3A7Jm5ic3A7dHJhbnNwb3J0IG9u IHRoZSBpbnRlcm5ldC4mbmJzcDsgU29tZSBuZXR3b3JrIG9wZXJhdG9ycyBleHBlcmllbmNlIHN1 cmdlczxicj4NCiZuYnNwOyZuYnNwO29mIFVEUCBhdHRhY2sgdHJhZmZpYyB0aGF0IGFyZSBtdWx0 aXBsZSBvcmRlcnMgb2YgbWFnbml0dWRlIGFib3ZlIHRoZTxicj4NCiZuYnNwOyZuYnNwO2Jhc2Vs aW5lIHRyYWZmaWMgcmF0ZSBmb3IgVURQLiZuYnNwOyBBcHBsaWNhdGlvbiBkZXZlbG9wZXJzIHNo b3VsZCBiZTxicj4NCiZuYnNwOyZuYnNwO2FkdmlzZWQgdGhhdCBVRFAgaXMgYmVpbmcgcmF0ZS1s aW1pdGVkIG9uIGEgYml0cy1wZXItc2Vjb25kIGFuZDxicj4NCiZuYnNwOyZuYnNwO3BhY2tldC1w ZXItc2Vjb25kIGJhc2lzIGJ5IG5ldHdvcmsgb3BlcmF0b3JzIHRvIGVuZm9yY2Uga25vd24gZ29v ZDxicj4NCiZuYnNwOyZuYnNwO2Jhc2VsaW5lIHRyYWZmaWMgbGV2ZWxzIGZvciBVRFAuIFVEUCBo YXMgYmVlbiBhYnVzZWQgdG8gc3VjaCBhbjxicj4NCiZuYnNwOyZuYnNwO2V4dGVudCB0aGF0IGxl Z2l0aW1hdGUgdXNlIG1heSBiZWNvbWUgY29sbGF0ZXJhbCBkYW1hZ2UgYW5kPGJyPg0KJm5ic3A7 Jm5ic3A7YXBwbGljYXRpb24gYW5kIHByb3RvY29sIGRldmVsb3BlcnMgc2hvdWxkIGF2b2lkIHVz aW5nIFVEUCBhcyBhPGJyPg0KJm5ic3A7Jm5ic3A7dHJhbnNwb3J0IHdoZW4gcG9zc2libGUuPGJy Pg0KPGJyPg0KPGJyPg0KPGJyPg0KPGJyPg0KPGJyPg0KUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkg dGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbjxicj4N CnVudGlsIHRoZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQmbmJz cDs8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0Zi5vcmcvIj50b29scy5pZXRmLm9yZzwvYT4uPGJy Pg0KPGJyPg0KVGhlIElFVEYgU2VjcmV0YXJpYXQ8L2ZvbnQ+PGZvbnQgc2l6ZT0iMiI+PHNwYW4g c3R5bGU9Ii13ZWJraXQtdGFwLWhpZ2hsaWdodC1jb2xvcjogcmdiYSgyNiwgMjYsIDI2LCAwLjMw MTk2MSk7Ij48YnI+DQo8L3NwYW4+PC9mb250PjwvZGl2Pg0KPC9zcGFuPjxicj4NCjxocj4NCjxm b250IGZhY2U9IkFyaWFsIiBjb2xvcj0iR3JheSIgc2l6ZT0iMSI+VGhpcyBFLW1haWwgYW5kIGFu eSBvZiBpdHMgYXR0YWNobWVudHMgbWF5IGNvbnRhaW4gVGltZSBXYXJuZXIgQ2FibGUgcHJvcHJp ZXRhcnkgaW5mb3JtYXRpb24sIHdoaWNoIGlzIHByaXZpbGVnZWQsIGNvbmZpZGVudGlhbCwgb3Ig c3ViamVjdCB0byBjb3B5cmlnaHQgYmVsb25naW5nIHRvIFRpbWUgV2FybmVyIENhYmxlLiBUaGlz IEUtbWFpbCBpcyBpbnRlbmRlZCBzb2xlbHkNCiBmb3IgdGhlIHVzZSBvZiB0aGUgaW5kaXZpZHVh bCBvciBlbnRpdHkgdG8gd2hpY2ggaXQgaXMgYWRkcmVzc2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUg aW50ZW5kZWQgcmVjaXBpZW50IG9mIHRoaXMgRS1tYWlsLCB5b3UgYXJlIGhlcmVieSBub3RpZmll ZCB0aGF0IGFueSBkaXNzZW1pbmF0aW9uLCBkaXN0cmlidXRpb24sIGNvcHlpbmcsIG9yIGFjdGlv biB0YWtlbiBpbiByZWxhdGlvbiB0byB0aGUgY29udGVudHMgb2YgYW5kIGF0dGFjaG1lbnRzIHRv DQogdGhpcyBFLW1haWwgaXMgc3RyaWN0bHkgcHJvaGliaXRlZCBhbmQgbWF5IGJlIHVubGF3ZnVs LiBJZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIEUtbWFpbCBpbiBlcnJvciwgcGxlYXNlIG5vdGlm eSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBwZXJtYW5lbnRseSBkZWxldGUgdGhlIG9yaWdp bmFsIGFuZCBhbnkgY29weSBvZiB0aGlzIEUtbWFpbCBhbmQgYW55IHByaW50b3V0Ljxicj4NCjwv Zm9udD4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_D1D95E775E50Dwesleygeorgetwcablecom_--