From nobody Wed Jun 5 13:41:38 2019 Return-Path: X-Original-To: perc@ietfa.amsl.com Delivered-To: perc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B04412027D; Wed, 5 Jun 2019 13:41:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wG0Dg3Dn-OJd; Wed, 5 Jun 2019 13:41:23 -0700 (PDT) Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8DF912019C; Wed, 5 Jun 2019 13:41:22 -0700 (PDT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x55KfKjR004220; Wed, 5 Jun 2019 16:41:21 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu x55KfKjR004220 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1559767281; bh=dzu0Ua2tpTFbpYXTpM2AfzbDtXtGnBcTLlmePGeQbjI=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Jwv5ZazzcvFsMTxyUOnqvmAUBodaPLVhO2g9RXlh1gokF0CUjkuLUCrqxPsf2cHsT jaOLCjBJT2h+s1+88pn7PrZXsGXslTpQc94BHRsVoM9HnYOUnwX1YLEt+0s5IAH+HT y8ZlI8tR662CzdAOBJyYwCEr/Q81tWHOA56yGEtI= Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x55KfHHU009267; Wed, 5 Jun 2019 16:41:17 -0400 Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0439.000; Wed, 5 Jun 2019 16:41:17 -0400 From: Roman Danyliw To: "Paul E. Jones" , The IESG CC: "nohlmeier@mozilla.com" , "draft-ietf-perc-private-media-framework@ietf.org" , "perc@ietf.org" , "perc-chairs@ietf.org" Thread-Topic: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) Thread-Index: AQHVC4oNWs1SsU32Y0aQQuQRYnDJUKZux7CAgB6rnGA= Date: Wed, 5 Jun 2019 20:41:16 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B3385357@marathon> References: <155797155680.30599.3634623355394252682.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: multipart/alternative; boundary="_000_359EC4B99E040048A7131E0F4E113AFC01B3385357marathon_" MIME-Version: 1.0 Archived-At: Subject: Re: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jun 2019 20:41:30 -0000 --_000_359EC4B99E040048A7131E0F4E113AFC01B3385357marathon_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUGF1bCENCg0KU29ycnkgZm9yIHRoZSBkZWxheSENCg0KRnJvbTogaWVzZyBbbWFpbHRvOmll c2ctYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFBhdWwgRS4gSm9uZXMNClNlbnQ6IFRo dXJzZGF5LCBNYXkgMTYsIDIwMTkgOToxNCBQTQ0KVG86IFJvbWFuIERhbnlsaXcgPHJkZEBjZXJ0 Lm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPg0KQ2M6IG5vaGxtZWllckBtb3ppbGxhLmNv bTsgZHJhZnQtaWV0Zi1wZXJjLXByaXZhdGUtbWVkaWEtZnJhbWV3b3JrQGlldGYub3JnOyBwZXJj QGlldGYub3JnOyBwZXJjLWNoYWlyc0BpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtQZXJjXSBSb21h biBEYW55bGl3J3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLXBlcmMtcHJpdmF0ZS1tZWRpYS1mcmFt ZXdvcmstMTA6ICh3aXRoIERJU0NVU1MgYW5kIENPTU1FTlQpDQoNClJvbWFuLA0KDQpUaGFua3Mg Zm9yIHJldmlld2luZyB0aGUgdGV4dC4gIFBsZWFzZSBzZWUgY29tbWVudHMgYmVsb3c6DQoNCi0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCkRJU0NVU1M6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCkkgc3VwcG9ydCBNYWdudXPi gJlzIERJU0NVU1MgYWJvdXQgdGhlIG5lZWQgdG8gZnVydGhlciBkaXNjdXNzIHRoZSBpbXBhY3Qg b2YgYQ0KY29tcHJvbWlzZWQvcm9ndWUgZW5kLXBvaW50LiBJbiBhZGRpdGlvbiB0byB0aGUgaW1w ZXJzb25hdGlvbiBvZiBvdGhlcnMgaW4gdGhlDQpjb25mZXJlbmNlLCBJIGFtIHdvbmRlcmluZyBh Ym91dCB0aGUgaW1wYWN0IChwZXJoYXBzIGEgRG9TPykgb2Ygcm9ndWUgY2xpZW50DQpmbG9vZGlu ZyB0aGUgY29uZmVyZW5jZSB3aXRoIEVLVCBLZXkgdXBkYXRlcy4NCg0KQUNLOyB3aWxsIGNvbnRp bnVlIHRvIHdvcmsgd2l0aCBNYWdudXMgb24gdGhpcy4NCg0KW1JvbWFuXSBUaGUgbmV3IGxhbmd1 YWdlIGluIC0xMSBhZGRyZXNzZWQgbXkgY29uY2VybnMuICBUaGFuayB5b3UgZm9yIHRoaXMgbmV3 LCByb2J1c3QgdGV4dC4NCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KQ09NTUVOVDoNCi0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N Cg0KKDEpIFNlY3Rpb24gMS4gUGVyIOKAnFZpcnR1YWxpemVkIHB1YmxpYyBjbG91ZCBlbnZpcm9u bWVudHMgaGF2ZSBiZWVuIHZpZXdlZCBhcw0KbGVzcyBzZWN1cmUgc2luY2UgcmVzb3VyY2VzIGFy ZSBub3QgYWx3YXlzIHBoeXNpY2FsbHkgY29udHJvbGxlZCBieSB0aG9zZSB3aG8NCnVzZSB0aGVt IGFuZCBzaW5jZSB0aGVyZSBhcmUgdXN1YWxseSBzZXZlcmFsIHBvcnRzIG9wZW4gdG8gdGhlIHB1 YmxpYy4gVGhpcw0KZG9jdW1lbnQgYWltcyB0byBpbXByb3ZlIHNlY3VyaXR5IHNvIGFzIHRvIGxv d2VyIHRoZSBiYXJyaWVyIHRvIHRha2luZw0KYWR2YW50YWdlIG9mIHRob3NlIGVudmlyb25tZW50 c+KAnSwgSSBzdHVtYmxlZCBvdmVyIHRoZXNlIHNlbnRlbmNlcy4gSW1wcm92ZQ0Kc2VjdXJpdHkg cmVsYXRpdmUgdG8gd2hhdCDigJMgc2VsZiBob3N0ZWQgZW52aXJvbm1lbnRzPyBJcyB0aGUgc2Vj dXJpdHkgdGFyZ2V0DQpoYXZlIGZld2VyIG9wZW4gcG9ydHMgYW5kIHNlY3VyZSBpbiB0aGUgZmFj ZSBvZiBhbiBhZHZlcnNhcnkgd2l0aCBwaHlzaWNhbA0KYWNjZXNzIHRvIHRoZSBzeXN0ZW0/IFRo ZSBsYXR0ZXIgc2VlbXMgbGlrZSBhIHZlcnkgaGlnaCBiYXIgYW5kIHRoZQ0KY29ycmVzcG9uZGlu ZyBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBkb2VzbuKAmXQgc2VlbSB0byByaXNlIHRvIHRoYXQu DQoNCkltcHJvdmVkIHNlY3VyaXR5IHJlbGF0aXZlIHRvIHRyYWRpdGlvbmFsIHN3aXRjaGluZyBj b25mZXJlbmNpbmcgcGxhdGZvcm1zIHdoZXJlaW4gdGhlcmUgaXMgYSBtZWRpYSBmdW5jdGlvbiBy dW5uaW5nIG9uIHRob3NlIHZpcnR1YWxpemVkIGhhcmR3YXJlIHBsYXRmb3JtcyBob2xkaW5nIHRo ZSBrZXlzIHRvIGVuY3J5cHQgYW5kIGRlY3J5cHQgbWVkaWEuDQoNClRoZSBudW1iZXIgb2Ygb3Bl biBwb3J0cyByZWFsbHkgZG9lc24ndCBtYWtlIG11Y2ggZGlmZmVyZW5jZSwgYnV0IEkgdGhpbmsg d2hvZXZlciBjcmFmdGVkIHRoYXQgdGV4dCBvcmlnaW5hbGx5IG1lYW50IHRvIGVtcGhhc2l6ZSBo b3cgcG9yb3VzIHRob3NlIHBsYXRmb3JtcyBjYW4gYmUuIEkgdGhpbmsgd2UgY291bGQgcmVtb3Zl IHRoZSBiaXQgYWJvdXQgdGhlIG9wZW4gcG9ydHMgYW5kIGl0IHdvdWxkIHN0aWxsIGNvbnZleSB0 aGUgaW50ZW5kZWQgbWVhbmluZy4gV2FudCBtZSB0byBkbyB0aGF0Pw0KDQpbUm9tYW5dIEkgZ2V0 IHRoZSBpZGVhIG9mIGJlaW5nIHBvcm91cywgYnV0IHllcywgY291bGQgeW91IHBsZWFzZSByZW1v dmUgdGhlIHRoaXMgbGFuZ3VhZ2UgYWJvdXQgcG9ydHMuDQoNCldpdGggUEVSQywgYW4gYWR2ZXJz YXJ5IGNvdWxkIGRvIGFueXRoaW5nIHdpdGggdGhlIG1pZGRsZWJveCAoZXZlbiBpZiBydW5uaW5n IGluIHRoYXQgY2xvdWQgZW52aXJvbm1lbnQpIGFuZCB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRo ZSBjb25mZXJlbmNlIHdvdWxkIG5vdCBiZSBjb21wcm9taXNlZC4gKFBFUkMgZG9lcyBub3QgdGh3 YXJ0IERPUyBhdHRhY2tzLCBidXQgdGhhdCdzIG5vdCBhbiBvYmplY3RpdmUuKQ0KDQpIb3cgd291 bGQgeW91IHN1Z2dlc3Qgd2UgbWFrZSB0aGF0IGNsZWFyZXI/DQoNCltSb21hbl0gTXkgY29uY2Vy biB3aXRoIGNsYXVzZXMgdGhhdCBzdWdnZXN0IHJlc2lzdGFudCB0byBhbiBhZHZlcnNhcnkgd2l0 aCBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIHN5c3RlbSBpcyBkaXNjdXNzaW5nIGF0dGFja3MgdGhp bmdzIG5lZWQgdG8gYmUgcmVzaXN0YW50IHRvIGF0dGFja3Mgd2hlcmUgZnVsbCBtZW1vcnkgY2Fu IGJlIGR1bXBlZCBvciBpbmxpbmUgaGFyZHdhcmUgY2FuIGJlIGluc2VydGVkLiAgSG93ZXZlciwg cHV0IGluIG1vcmUgbGltaXRlZCBjb250ZXh0IGFzIHlvdSBzdGF0ZSwgSSBzZWUgd2hhdCB5b3Ug bWVhbi4gIE5vIGNvbmNlcm4gbm93LiAgVGhhbmtzLg0KDQooMikgU2VjdGlvbiA2LjEuIOKAnEVu ZHBvaW50cyBoYXZlIHRvIHJldGFpbiBvbGQga2V5cyBmb3IgYSBwZXJpb2Qgb2YgdGltZSB0bw0K ZW5zdXJlIHRoZXkgY2FuIHByb3Blcmx5IGRlY3J5cHQgbGF0ZS1hcnJpdmluZyBvciBvdXQtb2Yt b3JkZXIgcGFja2V0c+KAnSBzZWVtcw0KdG8gcmVzdGF0ZSB3aGF0IGlzIHN0YXRlZCBpbiA0LjUu MiB1c2luZyBSRkMyMTE5IGxhbmd1YWdlLiBIZXJlIOKAnGVuZHBvaW50cw0KaGF2ZSB0byByZXRh aW7igJ0uIEluIFNlY3Rpb24gNC41LjIsIOKAnGVuZHBvaW50cyBTSE9VTEQgcmV0YWlu4oCdLiBX aGljaCBvbmUgaXMNCmNvcnJlY3Q/DQoNCiJoYXZlIHRvIiB3YXNuJ3QgaW50ZW5kZWQgdG8gYmUg bm9ybWF0aXZlLiBUaGUgcHVycG9zZSBvZiB0aGUgc2VudGVuY2Ugd2FzIHJlYWxseSB0byByZW1p bmQgcmVhZGVycyB0aGF0IHRoZXJlIG1pZ2h0IGJlIHF1aXRlIGEgZmV3IGtleXMgaGVsZCBhdCBh bnkgZ2l2ZW4gcG9pbnQgaW4gdGltZSwgZXNwZWNpYWxseSB3aGVuIHRoZSBjb25mZXJlbmNlIGlz IHJla2V5ZWQuIEJ1dCwgSSBjYW4gc2VlIHRoYXQgd2Fzbid0IGNsZWFyLiBIb3cgYWJvdXQgdGhp cyB0ZXh0Pw0KDQpDb21wbGljYXRpbmcga2V5IG1hbmFnZW1lbnQgaXMgdGhlIGZhY3QgdGhhdCB0 aGUgS0VLIGNhbiBjaGFuZ2UgYW5kLCB3aGVuDQppdCBkb2VzLCB0aGUgRW5kcG9pbnRzIGdlbmVy YXRlIG5ldyBTUlRQIG1hc3RlciBrZXlzIHRoYXQgYXJlIGFzc29jaWF0ZWQgd2l0aA0KYSBuZXcg RUtUIFNQSS4gRW5kcG9pbnRzIG1pZ2h0IHJldGFpbiBvbGQga2V5cyBmb3IgYSBwZXJpb2Qgb2Yg dGltZSB0bw0KZW5zdXJlIHRoZXkgY2FuIHByb3Blcmx5IGRlY3J5cHQgbGF0ZS1hcnJpdmluZyBv ciBvdXQtb2Ytb3JkZXIgcGFja2V0cywgd2hpY2gNCm1lYW5zIHRoZSBudW1iZXIgb2Yga2V5cyBo ZWxkIGR1cmluZyB0aGF0IHBlcmlvZCBvZiB0aW1lIG1pZ2h0IHN1YnN0YW50aWFsbHkNCm1vcmUu DQoNCltSb21hbl0gIExvb2tzIGdvb2QuICBUaGFuayB5b3UgZm9yIHRoaXMgbmV3IGxhbmd1YWdl Lg0KDQooMykgU2VjdGlvbiA4LjEuIFBlciDigJxPZmYtcGF0aCBhdHRhY2tlcnMgY291bGQgdHJ5 IGNvbm5lY3RpbmcgdG8gZGlmZmVyZW50IFBFUkMNCmVudGl0aWVzIGFuZCBzZW5kIHNwZWNpZmlj YWxseSBjcmFmdGVkIHBhY2tldHPigJ0sIGNvdWxkIHlvdSBiZSBtb3JlIHNwZWNpZmljIG9uDQp0 aGUgdGhyZWF0LiBJcyB0aGlzIHNvbWV0aGluZyBkaWZmZXJlbnQgdGhhbiBhbnkgc2VydmljZSBi ZWluZyBleHBvc2VkIG9uIHRoZQ0KSW50ZXJuZXQ/DQoNClRoaXMgaXMgc2F5aW5nIHRoYXQgaXQn cyBub3QgcG9zc2libGUgZm9yIGFuIGF0dGFja2VyIHRvIHNlbmQgcGFja2V0cyBvZiBhbnkgZm9y bSB0aGF0IGNvdWxkIGJlIG1pc2NvbnN0cnVlZCB0byBiZSB2YWxpZCBtZWRpYSB0aGF0IG5lZWRz IHRvIGJlIGZvcndhcmRlZCBvciByZW5kZXJlZCBzaW5jZSBwYWNrZXRzIGFyZSBhdXRoZW50aWNh dGVkIGJlZm9yZSBjb25zdW1wdGlvbi4gKEl0IGRvZXNuJ3QgcHJldmVudCBhIERvUyBhdHRhY2ss IGJ1dCB0aGF0J3MgY292ZXJlZCBpbiBzdWJzZXF1ZW50IHBhcmFncmFwaHMuKSBCdXQsIEkgY2Fu IHNlZSBob3cgdGhpcyBtaWdodCBub3QgbWFrZSBzZW5zZS4gSSB0aGluayBhIGZldyBtb3JlIHdv cmRzIGFyZSBuZWVkZWQuIEhvdyBpcyB0aGlzPw0KDQpPZmYtcGF0aCBhdHRhY2tlcnMgY291bGQg dHJ5IGNvbm5lY3RpbmcgdG8gZGlmZmVyZW50IFBFUkMgZW50aXRpZXMgdG8NCnNlbmQgc3BlY2lm aWNhbGx5IGNyYWZ0ZWQgcGFja2V0cyB3aXRoIGFuIGFpbSBvZiBmb3JjaW5nIHRoZSByZWNlaXZl ciB0bw0KZm9yd2FyZCBvciByZW5kZXIgYm9ndXMgbWVkaWEgcGFja2V0cy4gIEVuZHBvaW50cyBh bmQgTWVkaWEgRGlzdHJpYnV0b3JzDQptaXRpZ2F0ZSBzdWNoIGFuIGF0dGFjayBieSBwZXJmb3Jt aW5nIGhvcC1ieS1ob3AgYXV0aGVudGljYXRpb24gYW5kDQpkaXNjYXJkaW5nIHBhY2tldHMgdGhh dCBmYWlsIGF1dGhlbnRpY2F0aW9uLg0KDQpbUm9tYW5dICBUaGF04oCZcyBtb3JlIHByZWNpc2Uu ICBUaGFuayB5b3UgZm9yIHRoaXMgbmV3IGxhbmd1YWdlLg0KDQooNCkgRWRpdG9yaWFsIE5pdHM6 DQoqKiBTZWN0aW9uIDMuIFR5cG8uIHMvdGhlIHRoZS90aGUvDQoNCg0KT2ghIEFuIGVhc3kgb25l ISA6KQ0KDQpJIG1hZGUgdGhvc2UgY2hhbmdlcyBhYm92ZSB0byBteSBsb2NhbCBjb3B5LCBidXQg SSdtIGhhcHB5IHRvIG1ha2UgYWRkaXRpb25hbCBjaGFuZ2VzIGFzIHlvdSBzdWdnZXN0IGlmIHRo ZSB0ZXh0IHN0aWxsIGlzbid0IGNsZWFyLg0KDQpUaGFua3MhDQpQYXVsDQoNCg== --_000_359EC4B99E040048A7131E0F4E113AFC01B3385357marathon_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBz cGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojOTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxl MTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRT ZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4g MS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0 eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRp dCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5 XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVk aXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hl YWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0K PGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMUY0OTdEIj5IaSBQYXVsITxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RCI+U29ycnkgZm9yIHRoZSBkZWxheSE8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDQuMHB0Ij4NCjxk aXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4w cHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBpZXNnIFtt YWlsdG86aWVzZy1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5QYXVsIEUu IEpvbmVzPGJyPg0KPGI+U2VudDo8L2I+IFRodXJzZGF5LCBNYXkgMTYsIDIwMTkgOToxNCBQTTxi cj4NCjxiPlRvOjwvYj4gUm9tYW4gRGFueWxpdyAmbHQ7cmRkQGNlcnQub3JnJmd0OzsgVGhlIElF U0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBub2hsbWVpZXJAbW96aWxs YS5jb207IGRyYWZ0LWlldGYtcGVyYy1wcml2YXRlLW1lZGlhLWZyYW1ld29ya0BpZXRmLm9yZzsg cGVyY0BpZXRmLm9yZzsgcGVyYy1jaGFpcnNAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4g UmU6IFtQZXJjXSBSb21hbiBEYW55bGl3J3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLXBlcmMtcHJp dmF0ZS1tZWRpYS1mcmFtZXdvcmstMTA6ICh3aXRoIERJU0NVU1MgYW5kIENPTU1FTlQpPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZiI+Um9tYW4sPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWYiPlRoYW5rcyBmb3IgcmV2aWV3aW5nIHRoZSB0ZXh0LiAmbmJzcDtQbGVhc2Ugc2VlIGNvbW1l bnRzIGJlbG93OjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gOC4wcHQ7bWFyZ2luLWxlZnQ6My43NXB0O21hcmdpbi10b3A6Mi4yNXB0O21hcmdp bi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OyxzYW5zLXNlcmlmIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5E SVNDVVNTOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp ZiI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5JIHN1cHBvcnQgTWFnbnVz4oCZcyBESVNDVVNT IGFib3V0IHRoZSBuZWVkIHRvIGZ1cnRoZXIgZGlzY3VzcyB0aGUgaW1wYWN0IG9mIGE8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPmNvbXByb21pc2VkL3JvZ3VlIGVuZC1wb2ludC4gSW4gYWRkaXRpb24gdG8g dGhlIGltcGVyc29uYXRpb24gb2Ygb3RoZXJzIGluIHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+Y29u ZmVyZW5jZSwgSSBhbSB3b25kZXJpbmcgYWJvdXQgdGhlIGltcGFjdCAocGVyaGFwcyBhIERvUz8p IG9mIHJvZ3VlIGNsaWVudDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+Zmxvb2RpbmcgdGhlIGNvbmZlcmVu Y2Ugd2l0aCBFS1QgS2V5IHVwZGF0ZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXYgaWQ9Ing1NzE3Mjhh YzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5BQ0s7IHdp bGwgY29udGludWUgdG8gd29yayB3aXRoIE1hZ251cyBvbiB0aGlzLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Qi PltSb21hbl0gVGhlIG5ldyBsYW5ndWFnZSBpbiAtMTEgYWRkcmVzc2VkIG15IGNvbmNlcm5zLiZu YnNwOyBUaGFuayB5b3UgZm9yIHRoaXMgbmV3LCByb2J1c3QgdGV4dC48L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z LXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0Mg MS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA4LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2lu LXRvcDoyLjI1cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPi0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPkNPTU1FTlQ6PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPigxKSBTZWN0aW9u IDEuIFBlciDigJxWaXJ0dWFsaXplZCBwdWJsaWMgY2xvdWQgZW52aXJvbm1lbnRzIGhhdmUgYmVl biB2aWV3ZWQgYXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPmxlc3Mgc2VjdXJlIHNpbmNlIHJlc291cmNl cyBhcmUgbm90IGFsd2F5cyBwaHlzaWNhbGx5IGNvbnRyb2xsZWQgYnkgdGhvc2Ugd2hvPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmIj51c2UgdGhlbSBhbmQgc2luY2UgdGhlcmUgYXJlIHVzdWFsbHkgc2V2ZXJh bCBwb3J0cyBvcGVuIHRvIHRoZSBwdWJsaWMuIFRoaXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPmRvY3Vt ZW50IGFpbXMgdG8gaW1wcm92ZSBzZWN1cml0eSBzbyBhcyB0byBsb3dlciB0aGUgYmFycmllciB0 byB0YWtpbmc8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPmFkdmFudGFnZSBvZiB0aG9zZSBlbnZpcm9ubWVu dHPigJ0sIEkgc3R1bWJsZWQgb3ZlciB0aGVzZSBzZW50ZW5jZXMuIEltcHJvdmU8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPnNlY3VyaXR5IHJlbGF0aXZlIHRvIHdoYXQg4oCTIHNlbGYgaG9zdGVkIGVudmly b25tZW50cz8gSXMgdGhlIHNlY3VyaXR5IHRhcmdldDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+aGF2ZSBm ZXdlciBvcGVuIHBvcnRzIGFuZCBzZWN1cmUgaW4gdGhlIGZhY2Ugb2YgYW4gYWR2ZXJzYXJ5IHdp dGggcGh5c2ljYWw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPmFjY2VzcyB0byB0aGUgc3lzdGVtPyBUaGUg bGF0dGVyIHNlZW1zIGxpa2UgYSB2ZXJ5IGhpZ2ggYmFyIGFuZCB0aGU8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWYiPmNvcnJlc3BvbmRpbmcgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgZG9lc27igJl0IHNlZW0g dG8gcmlzZSB0byB0aGF0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp diBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiPkltcHJvdmVkIHNlY3VyaXR5IHJlbGF0aXZlIHRvIHRyYWRpdGlvbmFsIHN3aXRjaGlu ZyBjb25mZXJlbmNpbmcgcGxhdGZvcm1zIHdoZXJlaW4gdGhlcmUgaXMgYSBtZWRpYSBmdW5jdGlv biBydW5uaW5nIG9uIHRob3NlIHZpcnR1YWxpemVkIGhhcmR3YXJlIHBsYXRmb3JtcyBob2xkaW5n IHRoZSBrZXlzDQogdG8gZW5jcnlwdCBhbmQgZGVjcnlwdCBtZWRpYS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmIj5UaGUgbnVtYmVyIG9mIG9wZW4gcG9ydHMgcmVhbGx5IGRvZXNuJ3Qg bWFrZSBtdWNoIGRpZmZlcmVuY2UsIGJ1dCBJIHRoaW5rIHdob2V2ZXIgY3JhZnRlZCB0aGF0IHRl eHQgb3JpZ2luYWxseSBtZWFudCB0byBlbXBoYXNpemUgaG93IHBvcm91cyB0aG9zZSBwbGF0Zm9y bXMgY2FuIGJlLiBJIHRoaW5rDQogd2UgY291bGQgcmVtb3ZlIHRoZSBiaXQgYWJvdXQgdGhlIG9w ZW4gcG9ydHMgYW5kIGl0IHdvdWxkIHN0aWxsIGNvbnZleSB0aGUgaW50ZW5kZWQgbWVhbmluZy4g V2FudCBtZSB0byBkbyB0aGF0PzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFG NDk3RCI+W1JvbWFuXSBJIGdldCB0aGUgaWRlYSBvZiBiZWluZyBwb3JvdXMsIGJ1dCB5ZXMsIGNv dWxkIHlvdSBwbGVhc2UgcmVtb3ZlIHRoZSB0aGlzIGxhbmd1YWdlIGFib3V0IHBvcnRzLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPldpdGggUEVSQywgYW4gYWR2ZXJzYXJ5IGNvdWxk IGRvIGFueXRoaW5nIHdpdGggdGhlIG1pZGRsZWJveCAoZXZlbiBpZiBydW5uaW5nIGluIHRoYXQg Y2xvdWQgZW52aXJvbm1lbnQpIGFuZCB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZSBjb25mZXJl bmNlIHdvdWxkIG5vdCBiZSBjb21wcm9taXNlZC4NCiAoUEVSQyBkb2VzIG5vdCB0aHdhcnQgRE9T IGF0dGFja3MsIGJ1dCB0aGF0J3Mgbm90IGFuIG9iamVjdGl2ZS4pPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZiI+SG93IHdvdWxkIHlvdSBzdWdnZXN0IHdlIG1ha2UgdGhhdCBjbGVhcmVy PzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4 YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0QiPltSb21hbl0gTXkgY29uY2VybiB3aXRoIGNsYXVzZXMgdGhhdCBz dWdnZXN0IHJlc2lzdGFudCB0byBhbiBhZHZlcnNhcnkgd2l0aCBwaHlzaWNhbCBhY2Nlc3MgdG8g dGhlIHN5c3RlbSBpcyBkaXNjdXNzaW5nIGF0dGFja3MgdGhpbmdzIG5lZWQgdG8gYmUgcmVzaXN0 YW50IHRvDQogYXR0YWNrcyB3aGVyZSBmdWxsIG1lbW9yeSBjYW4gYmUgZHVtcGVkIG9yIGlubGlu ZSBoYXJkd2FyZSBjYW4gYmUgaW5zZXJ0ZWQuJm5ic3A7IEhvd2V2ZXIsIHB1dCBpbiBtb3JlIGxp bWl0ZWQgY29udGV4dCBhcyB5b3Ugc3RhdGUsIEkgc2VlIHdoYXQgeW91IG1lYW4uJm5ic3A7IE5v IGNvbmNlcm4gbm93LiZuYnNwOyBUaGFua3MuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PGJyPg0K PGJyPg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpu b25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA4 LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXRvcDoyLjI1cHQ7bWFyZ2luLXJpZ2h0OjBp bjttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPigyKSBTZWN0aW9uIDYuMS4g4oCcRW5kcG9pbnRzIGhhdmUgdG8gcmV0YWlu IG9sZCBrZXlzIGZvciBhIHBlcmlvZCBvZiB0aW1lIHRvPG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5lbnN1 cmUgdGhleSBjYW4gcHJvcGVybHkgZGVjcnlwdCBsYXRlLWFycml2aW5nIG9yIG91dC1vZi1vcmRl ciBwYWNrZXRz4oCdIHNlZW1zPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj50byByZXN0YXRlIHdoYXQgaXMg c3RhdGVkIGluIDQuNS4yIHVzaW5nIFJGQzIxMTkgbGFuZ3VhZ2UuIEhlcmUg4oCcZW5kcG9pbnRz PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OyxzYW5zLXNlcmlmIj5oYXZlIHRvIHJldGFpbuKAnS4gSW4gU2VjdGlvbiA0LjUuMiwg 4oCcZW5kcG9pbnRzIFNIT1VMRCByZXRhaW7igJ0uIFdoaWNoIG9uZSBpczxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZiI+Y29ycmVjdD88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90 ZT4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYg aWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmIj4mcXVvdDtoYXZlIHRvJnF1b3Q7IHdhc24ndCBpbnRlbmRlZCB0byBiZSBub3JtYXRpdmUu IFRoZSBwdXJwb3NlIG9mIHRoZSBzZW50ZW5jZSB3YXMgcmVhbGx5IHRvIHJlbWluZCByZWFkZXJz IHRoYXQgdGhlcmUgbWlnaHQgYmUgcXVpdGUgYSBmZXcga2V5cyBoZWxkIGF0IGFueSBnaXZlbiBw b2ludCBpbiB0aW1lLCBlc3BlY2lhbGx5DQogd2hlbiB0aGUgY29uZmVyZW5jZSBpcyByZWtleWVk LiBCdXQsIEkgY2FuIHNlZSB0aGF0IHdhc24ndCBjbGVhci4gSG93IGFib3V0IHRoaXMgdGV4dD88 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEi Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3 JnF1b3Q7Ij5Db21wbGljYXRpbmcga2V5IG1hbmFnZW1lbnQgaXMgdGhlIGZhY3QgdGhhdCB0aGUg S0VLIGNhbiBjaGFuZ2UgYW5kLCB3aGVuPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij5pdCBkb2VzLCB0aGUgRW5kcG9pbnRzIGdlbmVyYXRl IG5ldyBTUlRQIG1hc3RlciBrZXlzIHRoYXQgYXJlIGFzc29jaWF0ZWQgd2l0aDwvc3Bhbj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3 MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+YSBuZXcgRUtU IFNQSS4gRW5kcG9pbnRzIG1pZ2h0IHJldGFpbiBvbGQga2V5cyBmb3IgYSBwZXJpb2Qgb2YgdGlt ZSB0bzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZx dW90OyI+ZW5zdXJlIHRoZXkgY2FuIHByb3Blcmx5IGRlY3J5cHQgbGF0ZS1hcnJpdmluZyBvciBv dXQtb2Ytb3JkZXIgcGFja2V0cywgd2hpY2g8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPm1lYW5zIHRoZSBudW1iZXIgb2Yga2V5cyBoZWxk IGR1cmluZyB0aGF0IHBlcmlvZCBvZiB0aW1lIG1pZ2h0IHN1YnN0YW50aWFsbHk8L3NwYW4+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1 NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPm1vcmUuPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+W1JvbWFuXSZuYnNw OyBMb29rcyBnb29kLiZuYnNwOyBUaGFuayB5b3UgZm9yIHRoaXMgbmV3IGxhbmd1YWdlLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA4LjBwdDttYXJnaW4t bGVmdDozLjc1cHQ7bWFyZ2luLXRvcDoyLjI1cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90 dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PigzKSBTZWN0aW9uIDguMS4gUGVyIOKAnE9mZi1wYXRoIGF0dGFja2VycyBjb3VsZCB0cnkgY29u bmVjdGluZyB0byBkaWZmZXJlbnQgUEVSQzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+ZW50aXRpZXMgYW5k IHNlbmQgc3BlY2lmaWNhbGx5IGNyYWZ0ZWQgcGFja2V0c+KAnSwgY291bGQgeW91IGJlIG1vcmUg c3BlY2lmaWMgb248bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPnRoZSB0aHJlYXQuIElzIHRoaXMgc29tZXRo aW5nIGRpZmZlcmVudCB0aGFuIGFueSBzZXJ2aWNlIGJlaW5nIGV4cG9zZWQgb24gdGhlPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmIj5JbnRlcm5ldD88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv YmxvY2txdW90ZT4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs aWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmIj5UaGlzIGlzIHNheWluZyB0aGF0IGl0J3Mgbm90IHBvc3NpYmxlIGZvciBh biBhdHRhY2tlciB0byBzZW5kIHBhY2tldHMgb2YgYW55IGZvcm0gdGhhdCBjb3VsZCBiZSBtaXNj b25zdHJ1ZWQgdG8gYmUgdmFsaWQgbWVkaWEgdGhhdCBuZWVkcyB0byBiZSBmb3J3YXJkZWQgb3Ig cmVuZGVyZWQgc2luY2UNCiBwYWNrZXRzIGFyZSBhdXRoZW50aWNhdGVkIGJlZm9yZSBjb25zdW1w dGlvbi4gKEl0IGRvZXNuJ3QgcHJldmVudCBhIERvUyBhdHRhY2ssIGJ1dCB0aGF0J3MgY292ZXJl ZCBpbiBzdWJzZXF1ZW50IHBhcmFncmFwaHMuKSBCdXQsIEkgY2FuIHNlZSBob3cgdGhpcyBtaWdo dCBub3QgbWFrZSBzZW5zZS4gSSB0aGluayBhIGZldyBtb3JlIHdvcmRzIGFyZSBuZWVkZWQuIEhv dyBpcyB0aGlzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcy OGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4 YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+T2ZmLXBhdGggYXR0YWNrZXJzIGNv dWxkIHRyeSBjb25uZWN0aW5nIHRvIGRpZmZlcmVudCBQRVJDIGVudGl0aWVzIHRvPGJyPg0Kc2Vu ZCBzcGVjaWZpY2FsbHkgY3JhZnRlZCBwYWNrZXRzIHdpdGggYW4gYWltIG9mIGZvcmNpbmcgdGhl IHJlY2VpdmVyIHRvPGJyPg0KZm9yd2FyZCBvciByZW5kZXIgYm9ndXMgbWVkaWEgcGFja2V0cy4m bmJzcDsgRW5kcG9pbnRzIGFuZCBNZWRpYSBEaXN0cmlidXRvcnM8L3NwYW4+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBm NDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPm1pdGlnYXRlIHN1Y2ggYW4g YXR0YWNrIGJ5IHBlcmZvcm1pbmcgaG9wLWJ5LWhvcCBhdXRoZW50aWNhdGlvbiBhbmQ8L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9 Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPmRpc2Nh cmRpbmcgcGFja2V0cyB0aGF0IGZhaWwgYXV0aGVudGljYXRpb24uPC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZiI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMw ZjQyNDhhIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0 OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+W1JvbWFuXSZuYnNwOyBUaGF04oCZcyBtb3Jl IHByZWNpc2UuJm5ic3A7IFRoYW5rIHlvdSBmb3IgdGhpcyBuZXcgbGFuZ3VhZ2UuPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVv dGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFk ZGluZzowaW4gMGluIDBpbiA4LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXRvcDoyLjI1 cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPig0KSBFZGl0b3JpYWwgTml0czo8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPioqIFNlY3Rpb24gMy4gVHlwby4gcy90aGUgdGhlL3RoZS88bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPGRpdiBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp diBpZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiPk9oISBBbiBlYXN5IG9uZSEgOik8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz YW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9 Ing1NzE3MjhhYzBmNDI0OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm Ij5JIG1hZGUgdGhvc2UgY2hhbmdlcyBhYm92ZSB0byBteSBsb2NhbCBjb3B5LCBidXQgSSdtIGhh cHB5IHRvIG1ha2UgYWRkaXRpb25hbCBjaGFuZ2VzIGFzIHlvdSBzdWdnZXN0IGlmIHRoZSB0ZXh0 IHN0aWxsIGlzbid0IGNsZWFyLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBp ZD0ieDU3MTcyOGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieDU3MTcy OGFjMGY0MjQ4YSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPlRoYW5r cyE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Ing1NzE3MjhhYzBmNDI0 OGEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5QYXVsPG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJ4NTcxNzI4YWMwZjQyNDhhIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_359EC4B99E040048A7131E0F4E113AFC01B3385357marathon_-- From nobody Wed Jun 5 15:34:51 2019 Return-Path: X-Original-To: perc@ietf.org Delivered-To: perc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 85DA71200C5; Wed, 5 Jun 2019 15:34:49 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: perc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.97.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: perc@ietf.org Message-ID: <155977408951.22451.8983506005901397361@ietfa.amsl.com> Date: Wed, 05 Jun 2019 15:34:49 -0700 Archived-At: Subject: [Perc] I-D Action: draft-ietf-perc-private-media-framework-12.txt X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jun 2019 22:34:49 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Privacy Enhanced RTP Conferencing WG of the IETF. Title : A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (PERC) Authors : Paul E. Jones David Benham Christian Groves Filename : draft-ietf-perc-private-media-framework-12.txt Pages : 28 Date : 2019-06-05 Abstract: This document describes a solution framework for ensuring that media confidentiality and integrity are maintained end-to-end within the context of a switched conferencing environment where media distributors are not trusted with the end-to-end media encryption keys. The solution builds upon existing security mechanisms defined for the real-time transport protocol (RTP). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-perc-private-media-framework/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-perc-private-media-framework-12 https://datatracker.ietf.org/doc/html/draft-ietf-perc-private-media-framework-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-perc-private-media-framework-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Jun 5 15:38:03 2019 Return-Path: X-Original-To: perc@ietfa.amsl.com Delivered-To: perc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E89A120043; Wed, 5 Jun 2019 15:37:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZAy8_tCfsEB; Wed, 5 Jun 2019 15:37:50 -0700 (PDT) Received: from dublin.packetizer.com (dublin.packetizer.com [IPv6:2600:1f18:24d6:2e01:e842:9b2b:72a2:d2c6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5484120025; Wed, 5 Jun 2019 15:37:49 -0700 (PDT) Received: from authuser (localhost [127.0.0.1]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1559774265; bh=1GYHGbijUbwMuAcfQMMS+2AsZDtg8r5ON2mhzvIljAw=; h=From:To:Subject:Cc:Date:In-Reply-To:References:Reply-To; b=iiBXBCNlAKO1QZXZ5NAWFvNr4imnMkw8vkDFxPDii+Y3EfmpNL9Tq6Qlj3o5Uqss4 6bpn72X67mqdyHFoGtROwmX2fbJEtuYPsneDG04rjiDjCoGc3NP3vjMnLZrIADJDzR BZZcELJ4vYVMNGpiuxMfQH4sj5sZiME4ADjfdgxY= From: "Paul E. Jones" To: "Roman Danyliw" , "The IESG" Cc: "nohlmeier@mozilla.com" , "draft-ietf-perc-private-media-framework@ietf.org" , "perc@ietf.org" , "perc-chairs@ietf.org" Date: Wed, 05 Jun 2019 22:37:42 +0000 Message-Id: In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B3385357@marathon> References: <155797155680.30599.3634623355394252682.idtracker@ietfa.amsl.com> <359EC4B99E040048A7131E0F4E113AFC01B3385357@marathon> Reply-To: "Paul E. Jones" User-Agent: eM_Client/7.2.35595.0 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="------=_MB177A639F-14C3-4161-A72A-0BEF028227BB" Archived-At: Subject: Re: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jun 2019 22:37:55 -0000 --------=_MB177A639F-14C3-4161-A72A-0BEF028227BB Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Roman, Thanks for the reply. I made the change as you suggested below and=20 published a new version: https://tools.ietf.org/html/draft-ietf-perc-private-media-framework-12 Let me know if there are any other changes you feel should be made. Thanks! Paul ------ Original Message ------ From: "Roman Danyliw" To: "Paul E. Jones" ; "The IESG" Cc: "nohlmeier@mozilla.com" ;=20 "draft-ietf-perc-private-media-framework@ietf.org"=20 ; "perc@ietf.org"=20 ; "perc-chairs@ietf.org" Sent: 6/5/2019 4:41:16 PM Subject: RE: [Perc] Roman Danyliw's Discuss on=20 draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) >Hi Paul! > > > >Sorry for the delay! > > > >From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Paul E. Jones >Sent: Thursday, May 16, 2019 9:14 PM >To: Roman Danyliw ; The IESG >Cc:nohlmeier@mozilla.com;=20 >draft-ietf-perc-private-media-framework@ietf.org; perc@ietf.org;=20 >perc-chairs@ietf.org >Subject: Re: [Perc] Roman Danyliw's Discuss on=20 >draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) > > > >Roman, > > > >Thanks for reviewing the text. Please see comments below: > > > >>---------------------------------------------------------------------- >> >>DISCUSS: >> >>---------------------------------------------------------------------- >> >> >> >>I support Magnus=E2=80=99s DISCUSS about the need to further discuss the= =20 >>impact of a >> >>compromised/rogue end-point. In addition to the impersonation of=20 >>others in the >> >>conference, I am wondering about the impact (perhaps a DoS?) of rogue=20 >>client >> >>flooding the conference with EKT Key updates. >> >> >> >ACK; will continue to work with Magnus on this. > > > >[Roman] The new language in -11 addressed my concerns. Thank you for=20 >this new, robust text. > > > >>---------------------------------------------------------------------- >> >>COMMENT: >> >>---------------------------------------------------------------------- >> >> >> >>(1) Section 1. Per =E2=80=9CVirtualized public cloud environments have be= en=20 >>viewed as >> >>less secure since resources are not always physically controlled by=20 >>those who >> >>use them and since there are usually several ports open to the public.=20 >>This >> >>document aims to improve security so as to lower the barrier to taking >> >>advantage of those environments=E2=80=9D, I stumbled over these sentences= .=20 >>Improve >> >>security relative to what =E2=80=93 self hosted environments? Is the secu= rity=20 >>target >> >>have fewer open ports and secure in the face of an adversary with=20 >>physical >> >>access to the system? The latter seems like a very high bar and the >> >>corresponding Security Considerations doesn=E2=80=99t seem to rise to tha= t. >> > > >Improved security relative to traditional switching conferencing=20 >platforms wherein there is a media function running on those=20 >virtualized hardware platforms holding the keys to encrypt and decrypt=20 >media. > > > >The number of open ports really doesn't make much difference, but I=20 >think whoever crafted that text originally meant to emphasize how=20 >porous those platforms can be. I think we could remove the bit about=20 >the open ports and it would still convey the intended meaning. Want me=20 >to do that? > > > >[Roman] I get the idea of being porous, but yes, could you please=20 >remove the this language about ports. > > > >With PERC, an adversary could do anything with the middlebox (even if=20 >running in that cloud environment) and the confidentiality of the=20 >conference would not be compromised. (PERC does not thwart DOS attacks,=20 >but that's not an objective.) > > > >How would you suggest we make that clearer? > > > >[Roman] My concern with clauses that suggest resistant to an adversary=20 >with physical access to the system is discussing attacks things need to=20 >be resistant to attacks where full memory can be dumped or inline=20 >hardware can be inserted. However, put in more limited context as you=20 >state, I see what you mean. No concern now. Thanks. > > >>(2) Section 6.1. =E2=80=9CEndpoints have to retain old keys for a period= of=20 >>time to >> >>ensure they can properly decrypt late-arriving or out-of-order=20 >>packets=E2=80=9D seems >> >>to restate what is stated in 4.5.2 using RFC2119 language. Here=20 >>=E2=80=9Cendpoints >> >>have to retain=E2=80=9D. In Section 4.5.2, =E2=80=9Cendpoints SHOULD reta= in=E2=80=9D. Which=20 >>one is >> >>correct? >> > > >"have to" wasn't intended to be normative. The purpose of the sentence=20 >was really to remind readers that there might be quite a few keys held=20 >at any given point in time, especially when the conference is rekeyed.=20 >But, I can see that wasn't clear. How about this text? > > > >Complicating key management is the fact that the KEK can change and,=20 >when > >it does, the Endpoints generate new SRTP master keys that are=20 >associated with > >a new EKT SPI. Endpoints might retain old keys for a period of time to > >ensure they can properly decrypt late-arriving or out-of-order packets,=20 >which > >means the number of keys held during that period of time might=20 >substantially > >more. > > > >[Roman] Looks good. Thank you for this new language. > > > >>(3) Section 8.1. Per =E2=80=9COff-path attackers could try connecting to= =20 >>different PERC >> >>entities and send specifically crafted packets=E2=80=9D, could you be mor= e=20 >>specific on >> >>the threat. Is this something different than any service being exposed=20 >>on the >> >>Internet? >> > > >This is saying that it's not possible for an attacker to send packets=20 >of any form that could be misconstrued to be valid media that needs to=20 >be forwarded or rendered since packets are authenticated before=20 >consumption. (It doesn't prevent a DoS attack, but that's covered in=20 >subsequent paragraphs.) But, I can see how this might not make sense. I=20 >think a few more words are needed. How is this? > > > >Off-path attackers could try connecting to different PERC entities to >send specifically crafted packets with an aim of forcing the receiver=20 >to >forward or render bogus media packets. Endpoints and Media=20 >Distributors > >mitigate such an attack by performing hop-by-hop authentication and > >discarding packets that fail authentication. > > > >[Roman] That=E2=80=99s more precise. Thank you for this new language. > > > >>(4) Editorial Nits: >> >>** Section 3. Typo. s/the the/the/ >> >> >> > > >Oh! An easy one! :) > > > >I made those changes above to my local copy, but I'm happy to make=20 >additional changes as you suggest if the text still isn't clear. > > > >Thanks! > >Paul > > > --------=_MB177A639F-14C3-4161-A72A-0BEF028227BB Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Roman,

Thanks for the reply. =C2=A0I= made the change as you suggested below and published a new version:

Let me know if there are any other = changes you feel should be made.

Thanks!
<= div>Paul

------ Original Message ------
From: "Roman Danyliw" <rdd@cert.org= >
To: "Paul E. Jones" <paule= j@packetizer.com>; "The IESG" <i= esg@ietf.org>
Cc: "nohlmeier@mozilla.com" <nohlmeier@mozilla.com>; "draft-ietf-perc-private-media-framework@= ietf.org" <draft-ietf-perc-private-media-framework@ietf.org>; "perc@ietf= .org" <perc@ietf.org>; "perc-cha= irs@ietf.org" <perc-chairs@ietf.= org>
Sent: 6/5/2019 4:41:16 PM
Subject: RE: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-private= -media-framework-10: (with DISCUSS and COMMENT)

Hi Paul!

=C2=A0

Sorry for the delay!

=C2=A0

From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Paul E. Jones
Sent: Thursday, May 16, 2019 9:14 PM
To: Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org>=
Cc: nohlmeier@mozilla.com; dra= ft-ietf-perc-private-media-framework@ietf.org; perc@ietf.org; perc-ch= airs@ietf.org
Subject: Re: [Perc] Roman Danyliw's Discuss on draft-ietf-perc-priva= te-media-framework-10: (with DISCUSS and COMMENT)=

=C2=A0

Roman,

=C2=A0

Thanks for reviewing the text. =C2=A0Please see com= ments below:

=C2=A0

---------------------------------------------------= -------------------

DISCUSS:

---------------------------------------------------= -------------------

=C2=A0

I support Magnus=E2=80=99s DISCUSS about the need t= o further discuss the impact of a

compromised/rogue end-point. In addition to the imp= ersonation of others in the

conference, I am wondering about the impact (perhap= s a DoS?) of rogue client

flooding the conference with EKT Key updates.

=C2=A0

ACK; will continue to work with Magnus on this.

=C2=A0

[Roman] The new language in -11 addre= ssed my concerns.=C2=A0 Thank you for this new, robust text.

=C2=A0

---------------------------------------------------= -------------------

COMMENT:

---------------------------------------------------= -------------------

=C2=A0

(1) Section 1. Per =E2=80=9CVirtualized public clou= d environments have been viewed as

less secure since resources are not always physical= ly controlled by those who

use them and since there are usually several ports= open to the public. This

document aims to improve security so as to lower th= e barrier to taking

advantage of those environments=E2=80=9D, I stumble= d over these sentences. Improve

security relative to what =E2=80=93 self hosted env= ironments? Is the security target

have fewer open ports and secure in the face of an= adversary with physical

access to the system? The latter seems like a very= high bar and the

corresponding Security Considerations doesn=E2=80= =99t seem to rise to that.

=C2=A0

Improved security relative to traditional switching = conferencing platforms wherein there is a media function running on those= virtualized hardware platforms holding the keys to encrypt and decrypt media.

=C2=A0

The number of open ports really doesn't make much d= ifference, but I think whoever crafted that text originally meant to emphas= ize how porous those platforms can be. I think we could remove the bit about the open ports and it would still convey the = intended meaning. Want me to do that?

=C2=A0

[Roman] I get the idea of being porou= s, but yes, could you please remove the this language about ports.

=C2=A0

With PERC, an adversary could do anything with the= middlebox (even if running in that cloud environment) and the confidentiali= ty of the conference would not be compromised. (PERC does not thwart DOS attacks, but that's not an objective.)

=C2=A0

How would you suggest we make that clearer?

=C2=A0

[Roman] My concern with clauses that= suggest resistant to an adversary with physical access to the system is dis= cussing attacks things need to be resistant to attacks where full memory can be dumped or inline hardware can be inserted= .=C2=A0 However, put in more limited context as you state, I see what you m= ean.=C2=A0 No concern now.=C2=A0 Thanks.

(2) Section 6.1. =E2=80=9CEndpoints have to retain= old keys for a period of time to

ensure they can properly decrypt late-arriving or o= ut-of-order packets=E2=80=9D seems

to restate what is stated in 4.5.2 using RFC2119 la= nguage. Here =E2=80=9Cendpoints

have to retain=E2=80=9D. In Section 4.5.2, =E2=80= =9Cendpoints SHOULD retain=E2=80=9D. Which one is=

correct?

=C2=A0

"have to" wasn't intended to be normative. The purp= ose of the sentence was really to remind readers that there might be quite= a few keys held at any given point in time, especially when the conference is rekeyed. But, I can see that wasn't clear. How abou= t this text?

=C2=A0

= Complicating key management is the fact that the KEK can change and, when

it does, the Endpoints generate new SRTP master keys that= are associated with

a new EKT SPI. Endpoints might retain old keys for a perio= d of time to

ensure they can properly decrypt late-arriving or out-of-o= rder packets, which

means the number of keys held during that period of time m= ight substantially

more.

=C2=A0

[Roman]=C2=A0 Looks good.=C2=A0 Thank = you for this new language.

=C2=A0

(3) Section 8.1. Per =E2=80=9COff-path attackers co= uld try connecting to different PERC=

entities and send specifically crafted packets=E2= =80=9D, could you be more specific on

the threat. Is this something different than any se= rvice being exposed on the

Internet?

=C2=A0

This is saying that it's not possible for an attack= er to send packets of any form that could be misconstrued to be valid media = that needs to be forwarded or rendered since packets are authenticated before consumption. (It doesn't prevent a DoS at= tack, but that's covered in subsequent paragraphs.) But, I can see how this = might not make sense. I think a few more words are needed. How is this?

=C2=A0

Off-path attackers could try connecting to different PERC= entities to
send specifically crafted packets with an aim of forcing the receiver to
forward or render bogus media packets.=C2=A0 Endpoints and Media Distributo= rs

mitigate such an attack by performing hop-by-hop authentic= ation and

discarding packets that fail authentication.

=C2=A0

[Roman]=C2=A0 That=E2=80=99s more pre= cise.=C2=A0 Thank you for this new language.

=C2=A0

(4) Editorial Nits:=

** Section 3. Typo. s/the the/the/

=C2=A0

=C2=A0

Oh! An easy one! :)=

=C2=A0

I made those changes above to my local copy, but I'= m happy to make additional changes as you suggest if the text still isn't c= lear.

=C2=A0

Thanks!

Paul

=C2=A0

--------=_MB177A639F-14C3-4161-A72A-0BEF028227BB-- From nobody Tue Jun 11 06:44:28 2019 Return-Path: X-Original-To: perc@ietf.org Delivered-To: perc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DDF91201F0; Tue, 11 Jun 2019 06:44:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.97.0 Auto-Submitted: auto-generated Precedence: bulk Cc: nohlmeier@mozilla.com, The IESG , Nils Ohlmeier , perc@ietf.org, draft-ietf-perc-private-media-framework@ietf.org, perc-chairs@ietf.org, alexey.melnikov@isode.com, rfc-editor@rfc-editor.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <156026064350.31020.6215820830218488143.idtracker@ietfa.amsl.com> Date: Tue, 11 Jun 2019 06:44:03 -0700 Archived-At: Subject: [Perc] Protocol Action: 'A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (PERC)' to Proposed Standard (draft-ietf-perc-private-media-framework-12.txt) X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jun 2019 13:44:08 -0000 The IESG has approved the following document: - 'A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (PERC)' (draft-ietf-perc-private-media-framework-12.txt) as Proposed Standard This document is the product of the Privacy Enhanced RTP Conferencing Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-perc-private-media-framework/ Technical Summary This document describes a framework for enabling end-to-end encrypted switched conferencing where the media distributor is not trusted to decrypt and encrypt the media. Working Group Summary The document defines the over arching framework for the Privacy Enhanced RTP Conferencing WG. It has been extensively discussed in the begining of the WG, but has been stable now for a long time. There was contentious discussion for a while, but this version achieved WG consensus, primarily to the lack of alternative proposals that met the security objectives. Some of these discussions points have been raised again during IETF LC, but these seem to be mainly repetition of old arguments that the WG has already considered. (Much of that discussion is really more about perc-double than the framework.) Document Quality Since the IETF 102 hackathon a branch of Firefox exists which implements the double encryption as per this framework document. libsrtp, a widely used SRTP library, has Pull Requests has patches in Pull Requests waiting to be merged. Cisco and Mozilla have both signaled desire to ship implementations based on this document. Personnel The document shepherd is Nils Ohlmeier. The responsible AD is Alexey Melnikov. From nobody Fri Jun 14 14:04:34 2019 Return-Path: X-Original-To: perc@ietf.org Delivered-To: perc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 15739120100; Fri, 14 Jun 2019 14:04:27 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: Cc: perc@ietf.org, ipr-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.97.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <156054626707.28242.12607748137715269792@ietfa.amsl.com> Date: Fri, 14 Jun 2019 14:04:27 -0700 Archived-At: Subject: [Perc] IPR Disclosure Telefonaktiebolaget LM Ericsson (publ)' s Statement about IPR related to draft-ietf-perc-dtls-tunnel X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2019 21:04:27 -0000 Dear Paul Jones, Paul M. Ellenbogen, Nils H. Ohlmeier: An IPR disclosure that pertains to your Internet-Draft entitled "DTLS Tunnel between a Media Distributor and Key Distributor to Facilitate Key Exchange" (draft-ietf-perc-dtls-tunnel) was submitted to the IETF Secretariat on and has been posted on the "IETF Page of Intellectual Property Rights Disclosures" (https://datatracker.ietf.org/ipr/3586/). The title of the IPR disclosure is "Telefonaktiebolaget LM Ericsson (publ)'s Statement about IPR related to draft-ietf-perc-dtls-tunnel" Thank you IETF Secretariat From nobody Mon Jun 17 06:42:01 2019 Return-Path: X-Original-To: perc@ietfa.amsl.com Delivered-To: perc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25D87120114; Mon, 17 Jun 2019 06:41:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msnye8LJGbCy; Mon, 17 Jun 2019 06:41:42 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0628.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D63AB1200F7; Mon, 17 Jun 2019 06:41:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gXL9i3pwAHbVdhFcWv1SRZi15E/lq9nEOYxi9QJKwiU=; b=DDEP9Kk5VC0jbxR5hJTTKlO4Tw0k4v7v4eJ9WR5AJTrB8v9XyKT5KWYSfle08cTvZH6FxnbjY9R2c1oKF0plhH4928OqtgGh/sw5Urj2LOPVRJULUhiecc+IR1CfoUlEsLvP3BLXQBJLQ7/3DI8Z8AFTC+0nRMeJ0PfvvGo+slU= Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2444.eurprd07.prod.outlook.com (10.168.130.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.11; Mon, 17 Jun 2019 13:41:39 +0000 Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::98a6:615b:5699:1cf2]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::98a6:615b:5699:1cf2%7]) with mapi id 15.20.2008.007; Mon, 17 Jun 2019 13:41:39 +0000 From: Magnus Westerlund To: Cullen Jennings , The IESG CC: "perc@ietf.org" , "draft-ietf-perc-private-media-framework@ietf.org" , IETF Crazy Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) Thread-Index: AQHVCpou6R9yAhphm0qqCd+nrV/WHQ== Date: Mon, 17 Jun 2019 13:41:39 +0000 Message-ID: References: <155786852996.30194.6992264311523885594.idtracker@ietfa.amsl.com> Accept-Language: sv-SE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com; x-originating-ip: [192.176.1.87] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cfda19d4-f2fd-47cc-a294-08d6f329864a x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB2444; x-ms-traffictypediagnostic: HE1PR0701MB2444: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0071BFA85B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(136003)(396003)(39860400002)(376002)(51444003)(199004)(189003)(76176011)(9686003)(186003)(478600001)(25786009)(55016002)(86362001)(66446008)(229853002)(14444005)(6436002)(71200400001)(33656002)(68736007)(446003)(966005)(76116006)(73956011)(66476007)(66556008)(66946007)(6306002)(53936002)(71190400001)(44832011)(64756008)(52536014)(66066001)(476003)(3846002)(6116002)(14454004)(256004)(2906002)(99286004)(4326008)(486006)(102836004)(53546011)(6506007)(26005)(561944003)(81166006)(81156014)(74316002)(110136005)(8676002)(5660300002)(54906003)(316002)(6246003)(7736002)(8936002)(305945005)(66574012)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2444; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: wVVhylILJx/C/bxksRCSP3PKdkj2q/Y1qgE0BmlG6dylT+bCuJ1EBBDh48zXkgJF/88CesF30ttjDQlUi9lPYvYOy0K3ue+Tpmte8VZewD34SnuHNQs/gCVW+czGyLBlchLD2y706fPLKoGEWtWSVg6D10Udo0lZ8wZxFFU3/BnTaVNFdw3zn9n6ZKON1D0XzMLOcwAqTBrehmLBjMI9qniRkTOWDxOz2mWYJyQVVIV92Z0x0STHcb7W+48MpV2Oz4IOAoaAp/6FLzVW5OPwsKOr1USDUZwBhbEtQS8El9zn5mBChHw5ImiDA1WTu/N0sI6kGVF1Mja8/oEPPVEfXvI06zDjrspWHpA4MCixPa+iU6Kb9f2EZWeI43YBX4Hw384yXbUWGLSfTOuaw7Uhw+iMqRPSCLnz2uLSq7xrMA8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: cfda19d4-f2fd-47cc-a294-08d6f329864a X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2019 13:41:39.0239 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: magnus.westerlund@ericsson.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2444 Archived-At: Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT) X-BeenThere: perc@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Privacy Enhanced RTP Conferencing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jun 2019 13:41:46 -0000 Hi Cullen,=0A= =0A= Sorry this took longer than expected to get the IPR disclosure prepared=0A= and submitted.=0A= =0A= The claims define the scope of the invention. There is much case law=0A= regarding how the claims terms are to be interpreted. For WebRTC, the=0A= first below mentioned invention's purpose is to address a weakness in=0A= that the signaling messages to establish peer connections. And the main=0A= embodiment shown uses CSP, which does not appear to be described in=0A= WebRTC. When it comes to PERC at least one of the claims could be=0A= interpreted to apply on the part of how the Key Distributor knowns which=0A= identities that the Endpoint has and which to allow into the conference.=0A= Therefore we have made an IPR declaration on draft-ietf-perc-dtls-tunnel=0A= and draft-jones-perc-dtls-tunnel.=0A= =0A= https://datatracker.ietf.org/ipr/3580/=0A= =0A= https://datatracker.ietf.org/ipr/3586/=0A= =0A= =0A= Cheers=0A= =0A= Magnus=0A= =0A= =0A= On 2019-05-16 08:21, Cullen Jennings wrote:=0A= >=0A= >> On May 14, 2019, at 3:15 PM, Magnus Westerlund via Datatracker wrote:=0A= >>=0A= >>=0A= >> A significant security vunerability in PERC that should be made more exp= licit=0A= >> and is totally missing is the risks with compromised endpoints. Beyond t= he very=0A= >> evident thing that this endpoint can decrypt all media it receives there= are=0A= >> far more sinister risk here. Namely the potential for injection of media= that=0A= >> attempts to impersonate another endpoints media stream. Most of SRTP's c= ipher=0A= >> suits only use symmetric crypto functions, thus enabling anyone with the= key to=0A= >> send a packet with any SSRC, and have that being accepted as that source= . Where=0A= >> it is has no practical usage in point to point communication, in confere= ncing=0A= >> it becomes an issue. It allows the usage of media level replay or deep f= akes to=0A= >> be used to create media streams that are injected into the media distrib= utors=0A= >> using an SSRC of another endpoint.=0A= >>=0A= >> The mitiagations that are missing from this document. The fact that a me= dia=0A= >> distributor that is not compromised or collaborating with the compromise= d=0A= >> endpoint could actually prevent such media injection by applying source= =0A= >> filtering of SSRCs and drop all that aren't associated with the endpoint= . The=0A= >> other potential mitigation is to introduce another cipher suit that uses= a non=0A= >> symmetric integrity protection mechanism, such as TESLA to prevent this = type of=0A= >> injection.=0A= > And the related issue that the main way this can happen is attacker manip= ulation of the fingerprint so the providing ways to protect that along with= SSRC based signalling or TELSA is the obvious solution space to this. And= just to frame the discussion, let me point out the issue you raise is not = so much about an SSRC but binding the identity of a member of the group to = the audio received. =0A= >=0A= > As other have pointed out, which member inside the conference the media i= s from is not something PERC provides any information about. Many existing = conference systems have existing approaches to solve this problem and they = can add PERC as a tool with out breaking theses so it to be specified here.= Something that used TESLA could work fine with PERC as well. I do think fu= ture work can look at what we need for rosters and active speakers and how = to use things like STIR and fingerprints and SDP to tie identity to the med= ia. However, I think that problem is fairly separable from the issue of mak= ing sure the operator of the media switch does not have access to the media= content. =0A= >=0A= > But just to explore what solutions could be build on top of PERC to solve= this, let me cary on. =0A= >=0A= > Early on the WG did consider one an Ericssons proposal that used SSRC bas= ed signalling for many things but the WG moved away from that at least part= ially over concerns of Ericsson IPR in this space. In trying to refresh som= e of the state on possible solutions to this I came across. =0A= >=0A= > https://patentimages.storage.googleapis.com/07/b2/6a/f34fd49f38a5a4/US201= 80205720A1.pdf=0A= >=0A= > which has the following claim =0A= >=0A= > 39) A method for a server for enabling setting up a secure peer - to - pe= er connection between a first peer and a second peer , wherein at least one= of the first peer and the second peer is a web browser , the method compri= sing : receiving a request for a web application from the first peer ; send= ing a directive to the first peer requesting a fingerprint of a certificate= of the first peer ; receiving a first fingerprint from the first peer ; an= d sending the first fingerprint to the second peer .=0A= >=0A= > So just to make sure I understand this, if we have a case where a webapp = sends an SDP offer that goes to the first peer, this requests the certifica= te and of the first peer and sends it in the SDP answer to the webapp that = then sends that answer on to the second peer. It seems this claim surely co= vers a bunch stuff we are doing in WebRTC as well as PERC and needs to be d= isclosed. You agree ?=0A= >=0A= > One thing that would work well is an approach like the CSP protection in = the above patent mixed with the ability for the KD to bind the client to th= e web conference application as described in =0A= >=0A= > https://patentimages.storage.googleapis.com/d0/de/1a/5cbafd9903417b/WO201= 8063041A1.pdf=0A= >=0A= > Actually claim 1 seems like that is pretty much perfect for solving this.= Claim 1 reads =0A= >=0A= > 1. A method for a server to bind a device application to a web service, w= herein Web Real Time Control, WebRTC, functionality is provided to the serv= er, the method comprises:=0A= > -receiving a request for the web service from the device application, whe= rein communication between the server and the device application is done vi= a https and WebRTC and the device application has generated WebRTC credenti= als comprising a private key, certificate of the private key and a fingerpr= int of the certificate,=0A= > -receiving the fingerprint and fingerprint generation algorithm of the c= ertificate,=0A= > -storing the fingerprint and fingerprint generation algorithm and associ= ating the fingerprint with the device application, and=0A= > -using Datagram Transport Layer Security, DTLS, providing the certificate= of the device application, in combination with the stored fingerprint to i= dentify the device application to bind the device application to the web se= rvice.=0A= >=0A= > So to walk thorough the parts of this claim. When a user joins the web co= nference that uses PERC, the request and responses for the fingerprints are= send via the SDP offer and answers over HTTPS, the website learns the fing= erprint for the user and then when the DTLS connection to the KD is formed,= the way the KD correlates to the user to make sure they are the right one = to authorize into the conference is by using that same fingerprint. Let me = know if I am misunderstanding this or if a disclosure is needed. =0A= >=0A= > I think you should propose this stuff to dispatch as way to solve the pro= blem of knowing who in a conference the media is coming from. Please let me= know if I am misunderstanding theses claims and if disclosures need to be = made. =0A= >=0A= >=0A= >=0A= >=0A= >=0A= >=0A= =0A= -- =0A= =0A= Magnus Westerlund =0A= =0A= ----------------------------------------------------------------------=0A= Network Architecture & Protocols, Ericsson Research=0A= ----------------------------------------------------------------------=0A= Ericsson AB | Phone +46 10 7148287=0A= Torshamnsgatan 23 | Mobile +46 73 0949079=0A= SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com=0A= ----------------------------------------------------------------------=0A= =0A=