From nobody Tue Mar 1 20:52:57 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 585C03A085D for ; Tue, 1 Mar 2022 20:52:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.108 X-Spam-Level: X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtRs7wG4BkNr for ; Tue, 1 Mar 2022 20:52:51 -0800 (PST) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 348CF3A1066 for ; Tue, 1 Mar 2022 20:52:50 -0800 (PST) Received: by mail-qk1-x72c.google.com with SMTP id z66so398932qke.10 for ; Tue, 01 Mar 2022 20:52:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=3Kirfy0pA7K8Pm6yd806Lx+VVZ6Aa96ggKzC1mfdobM=; b=QnME+7A1yDIv3Rpb/LW8hHmOCXxxBT388wJE7cCgZAbFC9G/k941y/3FyAi7BJ5+xd gJ9QDgAVU1qA/bAbAPW+PWBquEHzSHmbCczangnUSb1XizmjH+J6u5aajlD7GRmynvXF A8OtV5+/NFgsNPQvGUSDM2mSPBesGoeajA/7Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=3Kirfy0pA7K8Pm6yd806Lx+VVZ6Aa96ggKzC1mfdobM=; b=ehPQWHEsbuc5oPYgveQQ9OV9P8Xv/bg3scWJ6Z8o3/c2Lz9xhA5KToX5w8RlZXptOS UvZM41804LM2sIOxodpEOSYsgpzetGckoSdVsoJWxhRNddkRHyceqA7umT57fgOaqPjj blNKna33LzdSzst6cOZ4N3uBInZ+EWsOo/9XcpPNV4zeEqKdnUz+c1eUmwOdcjpX8Gfx dAT+RDi4i0Z8XxBFw9Mthpd3l/AZuCk3i/0WEkIbczJUiS5yLXlp6FhSUAlXSYd8KzIT ULUZXaCq/RTtBrE+ow0WG9I5HnB9ZCFBAwli74BxfDsRw1LQAS9ZXymru83cuETmSLEn 78Qw== X-Gm-Message-State: AOAM531HirQflIUIrzF0LNlwZMpZ6awcuPkUWJjhf2r3ylztOqJsiuhV DuwENpJIXwGdvbdyRDKPaUw8JejV5esmfg== X-Google-Smtp-Source: ABdhPJzxR6cmNzaFE8i6zFzvq54jYMuSveffeq7aLh0TewZkoqd0XvMmEqcQSHYICsCNiKpspRtcmw== X-Received: by 2002:a05:620a:17a0:b0:648:e2c1:b764 with SMTP id ay32-20020a05620a17a000b00648e2c1b764mr15719466qkb.427.1646196769127; Tue, 01 Mar 2022 20:52:49 -0800 (PST) Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id q9-20020a05622a030900b002dd2c3a9fccsm11043877qtw.38.2022.03.01.20.52.48 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Mar 2022 20:52:48 -0800 (PST) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Date: Tue, 1 Mar 2022 23:52:47 -0500 References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> To: secdispatch@ietf.org In-Reply-To: <164583895227.24617.1939040203283436909@ietfa.amsl.com> Message-Id: <5AD4DF12-7D12-4876-83A8-15CACEEE6A8D@sn3rd.com> X-Mailer: Apple Mail (2.3654.120.0.1.13) Archived-At: Subject: Re: [Secdispatch] secdispatch - Requested session has been scheduled for IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2022 04:52:55 -0000 Ladies and Gentleman, I my be totally jumping the gun here because you have not yet requested = agenda topics, but when you do please note that I would like to request = some time to dispatch draft-ciphersuites-in-sec-syslog. Cheers, spt > On Feb 25, 2022, at 20:29, IETF Secretariat wrote: >=20 > Dear Mohit Sethi, >=20 > The session(s) that you have requested have been scheduled. > Below is the scheduled session information followed by > the original request.=20 >=20 >=20 > secdispatch Session 1 (2:00 requested) > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > Room Name: Grand Park Hall 3 size: 250 > --------------------------------------------- >=20 >=20 > iCalendar: = https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics >=20 > Request Information: >=20 >=20 > --------------------------------------------------------- > Working Group Name: Security Dispatch > Area Name: Security Area > Session Requester: Mohit Sethi >=20 >=20 > Number of Sessions: 1 > Length of Session(s):=20 > Number of Attendees: 200 > Conflicts to Avoid:=20 >=20 >=20 >=20 >=20 > People who must be present: > Benjamin Kaduk > Kathleen Moriarty > Mohit Sethi > Paul Wouters > Richard Barnes > Roman Danyliw >=20 > Resources Requested: >=20 > Special Requests: > Please avoid conflict with any Security related BoF. > --------------------------------------------------------- >=20 >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch From nobody Wed Mar 2 03:23:26 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E14C3A120A for ; Wed, 2 Mar 2022 03:23:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.108 X-Spam-Level: X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Ni869LS9_Cz for ; Wed, 2 Mar 2022 03:23:13 -0800 (PST) Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0FBB3A129E for ; Wed, 2 Mar 2022 03:23:13 -0800 (PST) Received: by mail-qt1-x82c.google.com with SMTP id e2so1239748qte.12 for ; Wed, 02 Mar 2022 03:23:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:content-transfer-encoding:subject:mime-version:in-reply-to:cc :date:message-id:references:to; bh=pzSW+F0NQitsFII9QD6MXZakO7Z7FEok7kxWJPJeT5A=; b=Fz/1rjXecBxSwt97Xino5WhRBuxoND9v56TSxeoAted/0SltIpkVbKSmmNQ9xCkGsD mLziKwH/LdH1PUisWv2NtnzNM9tezVRXzAekQR4GcxnXPtPZ5EY20e0WhSh5X+gOZGl9 un4HC0sDoXx+pPx3ZIux7YTdrVfAfoqGAXNSSPEKzXHmSd3Y0ghsaqcRgAxtuot3jWKQ VanuMGn86DcoSo2/fUVdCi29afgxBn3HeF3z4S2hd48Cdz813cjl+otddpAXzPWAlQBc t5Ex45PJuZKL9NHgpStIU+UeKL7UDvpU79DFLdYNveW9GqOBJM55+v2/mY5nMiHMpC73 ReTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:subject :mime-version:in-reply-to:cc:date:message-id:references:to; bh=pzSW+F0NQitsFII9QD6MXZakO7Z7FEok7kxWJPJeT5A=; b=RSN089kXiwunQwBAZHW3z1Moe3Cb+p76sz8Z5IaQcTiHHBy3JsSfqVxOGsrRdZr3kX VEj/KsaNZVcSbeAs/5fUSz0oFOUN05Hbf1uD+YNbWFMno6323QAIvGwUvUjkfrm26zBV JsgjbEMSP/gXEJ2hLAyIJjPhdshbvCgl7S6jR0w/YiR1+C4cr6WGob6TixzbhiaHpaQF xGa1ALQ0BAAKDrPdm1V56rUm4NKPYS7UrJtjfEvcFE86a5bHFWWhpth5qJ28FpxT0HR9 vFjO8JwXSVGEQGwQ9fUwl0fDC3WUh+VaVYgvQk49a5cFbUCKs4mrBLl7Qex37BvPrJ89 k/3g== X-Gm-Message-State: AOAM530srwIEd8wIPuUSAb85FxuHl7iw6jP0BgFF8i8N4YGVsElrIa5G QodNp/z6XXDWYUY669A6jF7a8Dcei3I= X-Google-Smtp-Source: ABdhPJzXhkeXku7+SYKDK9X+jpbIuTg0PmaBSNiWL4uMFd/p52C+QczA3DexxERMVdhL2cNg5vq6Eg== X-Received: by 2002:ac8:7f52:0:b0:2de:3c4c:bfbc with SMTP id g18-20020ac87f52000000b002de3c4cbfbcmr24034394qtk.611.1646220191580; Wed, 02 Mar 2022 03:23:11 -0800 (PST) Received: from smtpclient.apple (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id x12-20020a05620a14ac00b0060deaee7a21sm8020557qkj.51.2022.03.02.03.23.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Mar 2022 03:23:10 -0800 (PST) From: Kathleen Moriarty X-Google-Original-From: Kathleen Moriarty Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) X-Apple-Notify-Thread: NO X-Universally-Unique-Identifier: 41964A37-713C-403D-97EE-F1DA02C8AB86 In-Reply-To: <5AD4DF12-7D12-4876-83A8-15CACEEE6A8D@sn3rd.com> Cc: secdispatch@ietf.org Date: Wed, 2 Mar 2022 06:23:09 -0500 X-Apple-Message-Smime-Encrypt: NO Message-Id: <54634222-D12B-4B8E-A5A0-354BEEBA6301@gmail.com> References: <5AD4DF12-7D12-4876-83A8-15CACEEE6A8D@sn3rd.com> To: Sean Turner X-Mailer: iPhone Mail (19D52) Archived-At: Subject: Re: [Secdispatch] secdispatch - Requested session has been scheduled for IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2022 11:23:18 -0000 Thank you, Sean. Requests are welcome and we do have at least one other. Best regards, Kathleen=20 Sent from my mobile device > On Mar 1, 2022, at 11:53 PM, Sean Turner wrote: >=20 > =EF=BB=BFLadies and Gentleman, >=20 > I my be totally jumping the gun here because you have not yet requested ag= enda topics, but when you do please note that I would like to request some t= ime to dispatch draft-ciphersuites-in-sec-syslog. >=20 > Cheers, > spt >=20 >> On Feb 25, 2022, at 20:29, IETF Secretariat wrote: >>=20 >> Dear Mohit Sethi, >>=20 >> The session(s) that you have requested have been scheduled. >> Below is the scheduled session information followed by >> the original request.=20 >>=20 >>=20 >> secdispatch Session 1 (2:00 requested) >> Tuesday, 22 March 2022, Afternoon Session II 1430-1630 >> Room Name: Grand Park Hall 3 size: 250 >> --------------------------------------------- >>=20 >>=20 >> iCalendar: https://datatracker.ietf.org/meeting/113/sessions/secdispatch.= ics >>=20 >> Request Information: >>=20 >>=20 >> --------------------------------------------------------- >> Working Group Name: Security Dispatch >> Area Name: Security Area >> Session Requester: Mohit Sethi >>=20 >>=20 >> Number of Sessions: 1 >> Length of Session(s):=20 >> Number of Attendees: 200 >> Conflicts to Avoid:=20 >>=20 >>=20 >>=20 >>=20 >> People who must be present: >> Benjamin Kaduk >> Kathleen Moriarty >> Mohit Sethi >> Paul Wouters >> Richard Barnes >> Roman Danyliw >>=20 >> Resources Requested: >>=20 >> Special Requests: >> Please avoid conflict with any Security related BoF. >> --------------------------------------------------------- >>=20 >>=20 >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch From nobody Thu Mar 3 03:19:43 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1C353A1505; Thu, 3 Mar 2022 03:19:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.092 X-Spam-Level: X-Spam-Status: No, score=0.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.998, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=iH4rbbSk; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=iH4rbbSk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JnDNoS75yzB; Thu, 3 Mar 2022 03:19:08 -0800 (PST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20609.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::609]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E253A150C; Thu, 3 Mar 2022 03:19:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V/I81O3eVtUCNgKv4C6JJpn3taxvdOzgRwLIZMt7peg=; b=iH4rbbSkYDVq3ZH0TrGP9Rzkvuf0RyhwlNpLQfK9DRnLk3yNONael8UmZtWSLuz+wj0ywTL+VShzPwzdVg14u8SkLuKFeltP9RT4voLBrrBNOO/wbbKAheI2BcLP2C/bbq2LS5RZNx2V2xhIbQWTJmvVhNhRXCmJq7z0+47CA9o= Received: from AM6PR08CA0004.eurprd08.prod.outlook.com (2603:10a6:20b:b2::16) by PR2PR08MB4905.eurprd08.prod.outlook.com (2603:10a6:101:1b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 11:19:00 +0000 Received: from AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:b2:cafe::60) by AM6PR08CA0004.outlook.office365.com (2603:10a6:20b:b2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14 via Frontend Transport; Thu, 3 Mar 2022 11:19:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT022.mail.protection.outlook.com (10.152.16.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Thu, 3 Mar 2022 11:18:58 +0000 Received: ("Tessian outbound 826a6d8e58c3:v113"); Thu, 03 Mar 2022 11:18:58 +0000 X-CR-MTA-TID: 64aa7808 Received: from ea73a31e535e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1A6B04BA-4D01-4679-A556-E6845B6F73E1.1; Thu, 03 Mar 2022 11:18:52 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ea73a31e535e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 03 Mar 2022 11:18:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CSdNX7dwl8+gecmTjn7Hp+j53SK0ktvp6Uot5GM+W5g9Ru2G0jeJcvCsH3RZ11dkjPFvXRqnNYP/IOXZC+DhVT3b514w2MIkpGSo3PVnYVa+tzBpg0BxGgs/GdRzvQ4WdRB4+ArpRDBXmeumHHYaZHX9fHSWysId9cTpwf0jgPW2tniiE7QNgTzp3KkSDOi14xtj5OecKiKxVDKaRl9L3XFon5UiuFjT/Vxmiw45/OBqgtDmlfSluOO94Yd9xPIiJjmjUo4np1k53EZwe4S3RZ8+PffQnvHd5sDNSdCBCMokJlwRdX3OvbKgK5zVeLOQMOMjBd3igzLoYSDljpbkpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V/I81O3eVtUCNgKv4C6JJpn3taxvdOzgRwLIZMt7peg=; b=Y2qv3IFgkQ6/0HvAnurS19tNJno+PWWqcHq0SuleAaxZ6K2pV4YVvPHFyjcLKUHxxds1uhmjC/xCNvDjnGyl69S2IHxjqwoCYJLKp1je+rzgHIquQ0o8CboBjqI40K9zzJrvjCIJHt5iyBKD38l4NLuUiVBKGtD6QcE3zGXKs2jEc3Yy02QaYT+0NbcQ3iXUVJAiMaZuKNJlYU7mw/fG4jSj6NqVaCw+fN5sibl6dXz8zo0RclRLn7FNbFITobacWYIT+HXLzkOca7/AAcs56K8Bfw/uIbpWLS5OTGdzzgQmql+UkcbkaimCViiV3iYmjwZooHyj7pDcQ+UFKrbnng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V/I81O3eVtUCNgKv4C6JJpn3taxvdOzgRwLIZMt7peg=; b=iH4rbbSkYDVq3ZH0TrGP9Rzkvuf0RyhwlNpLQfK9DRnLk3yNONael8UmZtWSLuz+wj0ywTL+VShzPwzdVg14u8SkLuKFeltP9RT4voLBrrBNOO/wbbKAheI2BcLP2C/bbq2LS5RZNx2V2xhIbQWTJmvVhNhRXCmJq7z0+47CA9o= Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by PAXPR08MB7393.eurprd08.prod.outlook.com (2603:10a6:102:2bd::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 11:18:49 +0000 Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8%5]) with mapi id 15.20.5038.014; Thu, 3 Mar 2022 11:18:48 +0000 From: Hannes Tschofenig To: Jim Zubov , "secdispatch@ietf.org" , Michael Richardson , "iotops@ietf.org" , "anima@ietf.org" Thread-Topic: [Iotops] [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) Thread-Index: AQHYHtVKop3offyr+0q9saoG3HE46Kyg/hiwgABVHACAAAMKAIABhbeAgAq46OA= Date: Thu, 3 Mar 2022 11:18:48 +0000 Message-ID: References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> In-Reply-To: <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: D51AC80D4A539548A7C97D9316E61FF7.0 x-checkrecipientchecked: true Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-MS-Office365-Filtering-Correlation-Id: ff45fee5-a4ba-4c2a-864d-08d9fd079cec x-ms-traffictypediagnostic: PAXPR08MB7393:EE_|AM5EUR03FT022:EE_|PR2PR08MB4905:EE_ X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: rM5MCuwg70uIfmnfVKbbkTjZP/y1szwX5BWpwufd5eB2BvchxT9NHbumCY6XZ3I7odP3/E0ux646PLdLeaPa7Ud9xOKGRSefPHUK9hIDc6GdwOpxhYWMEyx9M30Sk4Nz2hrm56fIU5lKFi2CKY4sRlFr03aJE8/bVReRPY1GVjHidcrQjz5AmV3Zpl3sKLhCWwyw725+pGKcTObcUqMQBhDHm/OWvsAa5TY/H0gby6cS+dqELsJdUqgPkcahtHBHZxoJQdVLsiFzdmCyybJl7pFTjWMN6s9OrxKtKK15oKAJ7z0sAgfX7orWUg0YJbd+ZoZrmVI0u2xIuxnC6Vt93qP5ZdKITG4kBDbX6LYFJbZq+kk/z5Nk6c74519WWFa7O0qBxlK1VgaEj6fcaUNb9n+0iG5dGJ7lhzhxWXG2IfOdPssgAUrvUj4BSAUc5oU6LRyFmzf0wwKl4PAKcvms3l3JXKAnK3YPttD1czpFQ5xDmRHP9T/QKQi7b1j6BYIhUxzaU5Zy++0qQTaSgoIu6oZD0Nq+ZEhYIZQ+JgRJFARr+rCmww9jtpV1aQqIdulOnE5A9Av/CQsqsGrwz1J+F4/Xr5l1OaFCm/KJGbOuwSq03tRVCOCofkagg8aVsQeYhikdFQ6f5BTHYljqioZGXCF67zmOp0O2hL4+m4BVguvAwAQNeTewNg+ybNEWNSDHDwtaL4KJnaTi2L0ykjzaxQhGu0yDNR1QU3DvT5W/6jQ7uECaQuLuvtPnawu/xSr+orLYzYJRStQvW/x0gCDiyNbhmR5GgwZ0lBlV7R4wgObQSSFPfGGlI9N/h7LqZqmkCPi+rOXMSbk/AGlxk5mb4w== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(508600001)(86362001)(9326002)(166002)(966005)(33656002)(52536014)(8936002)(71200400001)(55016003)(110136005)(83380400001)(30864003)(38100700002)(9686003)(186003)(38070700005)(26005)(316002)(66574015)(66476007)(66446008)(64756008)(53546011)(5660300002)(7696005)(6506007)(66556008)(8676002)(122000001)(76116006)(66946007)(2906002)(69594002); DIR:OUT; SFP:1101; Content-Type: multipart/alternative; boundary="_000_DBBPR08MB591548B0B00B68F0A4A013ACFA049DBBPR08MB5915eurp_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB7393 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 7b5357c5-7083-489d-4821-08d9fd0796b9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bmjIacCEDCznfkJZBLwV06dgTOqwE4U127Xpm3hv5qmYrKhFwoQCYvUDHkirIPQBigPEr6DCrpNTzoEUTLAolpk7+LofIhSRbVAmW9R8OdkLtK87q37dbY7K/x4iDnd1B10QGQKRUWPnPBb5i4BO/Vqt107t0gx/e2ouqzXS74D6VI9m/fti0Jfc6kQtsSg50OIgIDZafVpCByvGCBq5O4U4w9cGspZR5sl4JLAkFsFel0+bdBAGHu+fwMJ13gIQ6xHNCwEhw9qxNCb3ZqAdGsD3wBhJJKVxOkXDrVlsYOiVQdt128tBTNez3u7WQPpmtkwmJvw4CBQRqbjWRuD7XitgLeYmblq5W6RBZ1p/fh9QABgCHrDh8e7qZhNUyRIAWOFFhVcOk/Hdqdv169tJ9Su5184plYqZtBGiLQvjEjbV80cXVe6C66Y1SMSTIYD/+eztQv7OWV0NZtVKpS8vDgaQi7J7Bbzh332Lc0tEdL7hOGK/avpeiVXtWSnoRZz6smlSFV0NKKiKBiQ6TMS8xQ5UJRrHqQ7R8UX/Q75lssqM0vz84CxjrGE30q+9YbuDmknr+T9Bc5h66ey6a6FEzAqH2quh2qVAB4djvnSW6whZrNa604tQWf9Xzx8fdt4MreK0dIKoRAVsT7PokSwu8YCNGcgkgS2HzoMARDv3CH1Jwhwg+DBnzbrjScrDcPf5/0trH4PaAKJX43R/H6K8DwROvPZroN3AVUxAMK2ywSpy1iaqsEXldm+7qszCQzayr5t+r9XYmhlIpmbP6V2vf8CjgMysfFB9+JU92cMpS3U6uv1uHabSTu28YMVHpnW4 X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(110136005)(7696005)(53546011)(6506007)(66574015)(336012)(40460700003)(2906002)(33964004)(186003)(26005)(82310400004)(86362001)(33656002)(36860700001)(166002)(55016003)(81166007)(83380400001)(47076005)(356005)(30864003)(5660300002)(9326002)(70206006)(8936002)(450100002)(52536014)(966005)(508600001)(316002)(70586007)(8676002)(9686003)(69594002)(559001)(579004); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2022 11:18:58.7887 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ff45fee5-a4ba-4c2a-864d-08d9fd079cec X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4905 Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2022 11:19:14 -0000 --_000_DBBPR08MB591548B0B00B68F0A4A013ACFA049DBBPR08MB5915eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgSmltLA0KDQpUaGFua3MgZm9yIHlvdXIgcmVzcG9uc2UuDQoNCj4gVGhlcmUgYXJlIHNvbWUg SW9UIG1hbmFnZW1lbnQgc29sdXRpb25zIG9uIHRoZSBtYXJrZXQsIGJvdGggb3BlbiBzb3VyY2Ug YW5kIHByb3ByaWV0YXJ5LCBidXQgYXMgZmFyIGFzIEkgY2FuIHRlbGwgbm9uZSBvZiB0aGVtIGZ1 bGx5IGZvbGxvd3MgdGhlIGVuZCB0byBlbmQgcGFyYWRpZ20uDQpbSGFubmVzXSBJdCBkZXBlbmRz IHdoYXQgeW91IGNhbGwgZW5kLXRvLWVuZC4gQXMgYW4gSW9UIHNlcnZpY2UgcHJvdmlkZXIgeW91 IGhhdmUgdG8gbWFrZSBhIGZldyBkZWNpc2lvbnMgYWJvdXQgaG93IHRvIG1hbmFnZSBhbmQgZGVw bG95IElvVCBkZXZpY2VzLiBCcm9hZGx5IHNwZWFraW5nLCB5b3UgaGF2ZSB0aHJlZSBvcHRpb25z Og0KDQogICogICBZb3UgIHNlZWsgb3V0IHRvIGEgdGhpcmQgcGFydHkgdG8gbWFuYWdlIHlvdXIg ZGV2aWNlcy4gTmVlZGxlc3MgdG8gc2F5IHRoYXQgeW91IHNob3VsZCBwaWNrIGEgY29tcGFueSB0 aGF0IHlvdSBmZWVsIGNvbWZvcnRhYmxlIHdpdGguIFRoZXkgd2lsbCBtYW5hZ2UgeW91ciBkZXZp Y2VzIGFuZCB0aGV5IHdpbGwgYWxzbyBvZmZlciB3YXlzIHRvIHN0b3JlIHRoZSBkYXRhIG9idGFp bmVkIGZyb20gdGhlIGRldmljZXMsIHRvIG1hbmFnZSBhbmQgZGlzdHJpYnV0ZSBmaXJtd2FyZSB1 cGRhdGVzLCBhbmQgZXZlbiB0byBwZXJmb3JtIGFuYWx5c2lzIG9mIHRoZSBkYXRhIChtYWNoaW5l IGxlYXJuaW5nKS4gVGhlbiwgeW91IGNhbiB0eXBpY2FsbHkgY29ubmVjdCBiYWNrZW5kIGFwcGxp Y2F0aW9uIHNlcnZlcnMgdG8gdGhlIGRldmljZSBtYW5hZ2VtZW50IG9mZmVyaW5nLiBPZiBjb3Vy c2UsIHRoZSBkZXRhaWxzIHZhcnkgYSBsb3Qgd2l0aCB3aGF0IHlvdSBhcmUgYWN0dWFsbHkgZG9p bmcgYXMgYW4gSW9UIHNlcnZpY2UgcHJvdmlkZXIgd2l0aCB0aGUgSW9UIGRldmljZXMgYW5kIHRo ZSBkYXRhLg0KICAqICAgWW91IGdldCB0aGUgc29mdHdhcmUgZnJvbSBhIHByb3ZpZGVyIGFuZCB5 b3UgbWFuYWdlIHRoZSBkZXZpY2VzIG9uIHlvdXIgb3duLiBUaGlzIGlzIG9mdGVuIHRoZSBjYXNl IHdoZW4geW91IHdhbnQgdG8gZGVwbG95IGFuIG9uLXByZW1pc2Ugc29sdXRpb24uIEhlcmUgeW91 IGhhdmUgdG8gdHJ1c3QgdGhlIHByb3ZpZGVyIG9mIHRoZSBkZXZpY2UgbWFuYWdlbWVudCBzb2Z0 d2FyZSB0aGF0IHRoZSBjb2RlIGlzIGNvcnJlY3QgYW5kIGRvZXMgd2hhdCBpdCBpcyBzdXBwb3Nl ZCB0byBkby4gSW4gc29tZSBjYXNlcyB5b3Ugbm90IG9ubHkgZ2V0IHRoZSBiaW5hcnkgYnV0IGFs c28gdGhlIHNvdXJjZSBjb2RlLiBJbiB0aGVvcnksIHlvdSBjb3VsZCBjaGVjayB3aGF0IGNvZGUg aXMgYWN0dWFsbHkgcnVubmluZyAoYWx0aG91Z2ggSSBkb3VidCB0aGF0IGFueW9uZSByZWFsbHkg Y2hlY2tzKS4NCiAgKiAgIEZpbmFsbHksIHlvdSBidWlsZCB5b3VyIG93biBkZXZpY2UgbWFuYWdl bWVudCBzb2x1dGlvbiAob2Z0ZW4gdXNpbmcgYXZhaWxhYmxlIG9wZW4gc291cmNlIHNvZnR3YXJl KS4NCkluIHByYWN0aWNlLCBJIGhhdmUgYWxzbyBzZWVuIGEgY29tYmluYXRpb24gb2YgdGhlIHZh cmlhbnRzIGFib3ZlLiBGb3IgZXhhbXBsZSwgSSBoYXZlIHNlZW4gYSBjYXNlIHdoZXJlIHRoZSBk ZXZpY2VzIHdlcmUgbWFuYWdlZCBieSBhIHRoaXJkIHBhcnR5IGJ1dCB0aGUgdmlkZW8gc3RyZWFt IG9mIHRoZSBzdXJ2ZWlsbGFuY2UgY2FtZXJhIHdhcyBzZW50IGRpcmVjdGx5IHRvIGEgZGVkaWNh dGVkIHNlcnZlciBtYW5hZ2VkIGJ5IHRoZSBJb1Qgc2VydmljZSBwcm92aWRlci4gKFRoZXJlIHdl cmUgYWxzbyB2YXJpb3VzIHRlY2huaXF1ZXMgdG8gcHJldmVudCBtb2RpZmljYXRpb25zIHRvIHRo ZSBkZXZpY2UgdG8gaGF2ZSB0aGUgdmlkZW8gc3RyZWFtIHJlLWRpcmVjdGVkIG9yIHRoZSBjcmVk ZW50aWFscyBjaGFuZ2VzIGJ1dCBJIHRoaW5rIHlvdSBnZXQgdGhlIGlkZWEuKSBUaGUgY29tbXVu aWNhdGlvbiBtb2RlbCB0aGVyZSB3YXMgYSBiaXQgZGlmZmVyZW50IHRoYW4geW91cnMgYmVjYXVz ZSB0aGUgY2xpZW50IGluaXRpYXRlZCB0aGUgY29tbXVuaWNhdGlvbiB3aXRoIHRoZSB2aWRlbyBz ZXJ2ZXIuIEhlbmNlLCB0aGVyZSB3YXMgbm8gaXNzdWUgd2l0aCBydW5uaW5nIGEgVExTIHNlcnZl ciBvbiB0aGUgZGV2aWNlLg0KT24gdG9wIG9mIHRoaXMsIGl0IGlzIGFsc28gY29tbW9uIHRvIHBy b3ZpZGUgc3BlY2lhbCBzZWN1cml0eSBwcm90ZWN0aW9uIGZvciBzZWxlY3RlZCBkYXRhLiBGb3Ig ZXhhbXBsZSwgZmlybXdhcmUgdXBkYXRlcyBhcmUgc2lnbmVkIGJ5IHBhcnR5IGRpZmZlcmVudCBm cm9tIHRoZSBjb21wYW55IG9mZmVyaW5nIHRoZSBkZXZpY2UgbWFuYWdlbWVudCBzb2x1dGlvbi4g VGhleSBhcmUsIGZvciBleGFtcGxlLCBzaW5nZWQgYnkgdGhlIGNvbXBhbnkgZGV2ZWxvcGluZyB0 aGUgY29kZS4gVGhleSBhcmUgc3RpbGwgZGlzdHJpYnV0ZWQgYnkgdGhlIGRldmljZSBtYW5hZ2Vt ZW50IGluZnJhc3RydWN0dXJlIGFuZCBoZW5jZSB5b3UgaGF2ZSB0byByZWx5IG9uIHRoZSBkaXN0 cmlidXRpb24gb2YgdGhlbSBidXQgdGhlcmUgaXMgbm8gY2hhbmNlIGZvciB0aGUgZGV2aWNlIG1h bmFnZW1lbnQgcHJvdmlkZXIgdG8gaW5qZWN0IG1hbGljaW91cyBjb2RlIGludG8gdGhlIGRldmlj ZS4NCkZyb20gd2hhdCBJIGFtIHNlZWluZywgdGhlIGZpcnN0IGRlcGxveW1lbnQgbW9kZWwgaXMg dmVyeSBwb3B1bGFyLiBUaGUgYXBwcm9hY2ggb2Yg4oCcZGVzaWduaW5nIHlvdXIgb3duIHNvbHV0 aW9u4oCdIHdhcyBwb3B1bGFyIGluIHRoZSBlYXJseSBkYXlzIGJlY2F1c2UgY29tcGFuaWVzIHdl cmUgZ2l2ZW4gdGhlIGltcHJlc3Npb24gdGhhdCB0aGlzIElvVCBzdHVmZiBpcyBzbyBzaW1wbGUg dGhhdCB5b3UgY2FuIHB1dCBhIHNvbHV0aW9uIHRvZ2V0aGVyIGluIGEgd2Vla2VuZC4gSXQgdHVy bmVkIG91dCB0aGF0IHRoaXMgaXMgbm90IHF1aXRlIHRoZSBjYXNlIChpZiB5b3UgaGF2ZSBhIGxh cmdlciBudW1iZXIgb2YgZGV2aWNlcykuIE1hbnkgSW9UIHNlcnZpY2UgcHJvdmlkZXJzIGFsc28g bmVlZCBoZWxwIGRlc2lnbmluZyB0aGUgZW50aXJlIHNvbHV0aW9uLCBhbHNvIHRoZSBzb2x1dGlv biBvbiB0aGUgSW9UIGRldmljZSBpdHNlbGYuDQpIb3cgZG9lcyB5b3VyIHNvbHV0aW9uIGZpdCBp bnRvIHRoaXMgcGljdHVyZT8NCj4gSSBiZWxpZXZlIGl0J3Mgd29ydGggaGF2aW5nIGEgdW5pdmVy c2FsIGNyb3NzLXZlbmRvciBzb2x1dGlvbiB0aGF0IGhhbmRsZXMgU05JRiBkZXZpY2Ugb25ib2Fy ZGluZywgbWFpbnRhaW5zIHRoZSBjcmVkZW50aWFscyBpbiBhIGxvY2FsIHNlY3VyZSBzdG9yYWdl LCBhbmQgY29uc29saWRhdGVzIGh0dHBzIGJhc2VkIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGhvc3Rl ZCBieSBpbmRpdmlkdWFsIGRldmljZXMgdGhyb3VnaCBTTklGLg0KW0hhbm5lc10gVGhlcmUgaXMg ZGVmaW5pdGVseSBhIGxvdCBvZiBleGNpdGVtZW50IHdoZW4gaXQgY29tZXMgdG8gdGhlIGRldmVs b3BtZW50IG9mIGRldmljZSBvbmJvYXJkaW5nIHNvbHV0aW9ucy4gSSBoYXZlIHRvIHRydXN0IHlv dSB0aGF0IHRoZXJlIGlzIGZ1cnRoZXIgaW50ZXJlc3QgZm9yIHNvbHV0aW9ucyBiZWNhdXNlIEkg aGF2ZW7igJl0IGNoZWNrZWQuDQoNCj4gVGhlIHJlcXVpcmVtZW50cyBmb3Igc3VjaCBzb2x1dGlv biBpcyBhIHRvcGljIGZvciBhIHNlcGFyYXRlIGRyYWZ0LCBhbHRob3VnaCBJIGFscmVhZHkgb3V0 bGluZWQgdGhlIHBvc3NpYmxlIHNlY3VyZSBvbmJvYXJkaW5nIHByb2Nlc3MgaW4gdGhlIHNlY3Vy aXR5IHNlY3Rpb24uDQpJIHdpbGwgcmUtcmVhZCB5b3VyIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24g c2VjdGlvbiBhZ2Fpbi4NCg0KTm90ZSB0aGF0IEkgYW0gY2VydGFpbmx5IG5vdCBhZ2FpbnN0IHlv dXIgc29sdXRpb24uIElmIHlvdXIgYXBwcm9hY2ggaGFzIHN1Y2Nlc3MsIGt1ZG9zIHRvIHlvdS4N Cg0KQ2lhbw0KSGFubmVzDQoNCk9uIEZlYnJ1YXJ5IDI0LCAyMDIyIDU6Mzc6NDYgQU0gRVNULCBI YW5uZXMgVHNjaG9mZW5pZyA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbTxtYWlsdG86SGFubmVz LlRzY2hvZmVuaWdAYXJtLmNvbT4+IHdyb3RlOg0KDQpIaSBKaW0sDQoNClRoYW5rcyBmb3IgdGhl IHF1aWNrIHJlc3BvbnNlLiBUaGUgbGluayB0byB5b3VyIHdlYnNpdGUgaXMgaGVscGZ1bC4gSSBu b3cgdW5kZXJzdG9vZCB0aGF0IHlvdSB3b3VsZCBhbHNvIHJlbGF5IHRoZSBjb21tdW5pY2F0aW9u IHRocm91Z2ggdGhlIHByb3h5LCB3aGljaCBkZWFscyB3aXRoIHRoZSBJb1QgZGV2aWNlIGJlaW5n IGJlaGluZCBhIE5BVCBhbmQvb3IgZmlyZXdhbGwgaWYgdGhlIElvVCBkZXZpY2Uga2VlcHMgdGhl IGNvbm5lY3Rpb24gYWxpdmUuDQoNCkkgd29uZGVyIHdoZXRoZXIgeW91IGhhdmUgY29uc2lkZXJl ZCB0byByZS11c2UgYW4gZXhpc3RpbmcgZGV2aWNlIG1hbmFnZW1lbnQgc29sdXRpb25zIHNpbmNl IHRob3NlIGlzIHdpZGVseSBkZXBsb3llZCB0b2RheT8NCg0KQ2lhbw0KSGFubmVzDQoNCi0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBJb3RvcHMgPGlvdG9wcy1ib3VuY2VzQGlldGYu b3JnPG1haWx0bzppb3RvcHMtYm91bmNlc0BpZXRmLm9yZz4+IE9uIEJlaGFsZiBPZiBKaW0gWnVi b3YNClNlbnQ6IFdlZG5lc2RheSwgRmVicnVhcnkgMjMsIDIwMjIgNDoxNyBQTQ0KVG86IHNlY2Rp c3BhdGNoQGlldGYub3JnPG1haWx0bzpzZWNkaXNwYXRjaEBpZXRmLm9yZz47IEhhbm5lcyBUc2No b2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPG1haWx0bzpIYW5uZXMuVHNjaG9mZW5p Z0Bhcm0uY29tPj47IEppbSBadWJvdiA8aWV0Zi1saXN0QGNvbW1lcmNlYnl0ZS5jb208bWFpbHRv OmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tPj47IHNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0 bzpzZWNkaXNwYXRjaEBpZXRmLm9yZz47IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZAc2Fu ZGVsbWFuLmNhPG1haWx0bzptY3IraWV0ZkBzYW5kZWxtYW4uY2E+PjsgaW90b3BzQGlldGYub3Jn PG1haWx0bzppb3RvcHNAaWV0Zi5vcmc+OyBhbmltYUBpZXRmLm9yZzxtYWlsdG86YW5pbWFAaWV0 Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0lvdG9wc10gW1NlY2Rpc3BhdGNoXSBJLUQ6IERlcGxveWlu ZyBQdWJsaWNseSBUcnVzdGVkIFRMUyBTZXJ2ZXJzIG9uIElvVCBEZXZpY2VzIFVzaW5nIFNOSS1i YXNlZCBFbmQtdG8tRW5kIFRMUyBGb3J3YXJkaW5nIChTTklGKQ0KDQpUaGFuayBZb3UgZm9yIHlv dXIgZmVlZGJhY2sgSGFubmVzLCBJIGFkZHJlc3NlZCB0aGUgY29tbWVudHMgYmVsb3cgLQ0KDQpP biBGZWJydWFyeSAyMywgMjAyMiA1OjM2OjE1IEFNIEVTVCwgSGFubmVzIFRzY2hvZmVuaWcgPEhh bm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+ PiB3cm90ZToNCg0KSGkgYWxsLA0KDQpUaGFua3MgZm9yIHRoaXMgY29udHJpYnV0aW9uLCBKaW0u DQoNClJlYWRpbmcgdGhyb3VnaCB0aGUgZG9jdW1lbnQgSSBhZ3JlZSB0aGF0IHRoZSBTVUlCIHRv cGljIGRpc2N1c3NlZCBpbiB0aGUgSU9UT1BTIFdHIGFwcGVhcnMgcmVsZXZhbnQuIEkgYWxzbyB3 b25kZXIgd2hldGhlciB0aGUgd29yayBpbiB0aGUgREFOSVNIIGdyb3VwIChzZWUgaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy93Zy9kYW5pc2gvYWJvdXQvKSBpcyByZWxldmFudC4NCg0KQWdy ZWVkIGFib3V0IFNVSUIsIG5vdCBxdWl0ZSBzdXJlIGFib3V0IERBTklTSC4gREFOSVNIIGlzIGFi b3V0IGNlcnRpZmljYXRlIGJhc2VkIGF1dGhlbnRpY2F0aW9uIGFuZCBQS0kgZXh0ZW5zaW9ucywg d2hpbGUgU05JRiBpcyBhYm91dCBlbmQtdG8tZW5kIHJlbGF5ZWQgdHJ1c3RlZCBUTFMgdGhhdCBy ZWxpZXMgb24gdGhlIHN0YW5kYXJkIFBLSS4NCg0KUmVnYXJkaW5nIHRoZSB1c2UgaW4gSW9UIEkg aGF2ZSBhIHF1ZXN0aW9uIGZvciBteSB1bmRlcnN0YW5kaW5nLg0KDQpJbiBhIG51dHNoZWxsLCB5 b3UgaW50cm9kdWNlIGEgcHJveHkgdGhhdCBhbGxvY2F0ZXMgYSBob3N0bmFtZSBhbmQgcmVxdWVz dHMgYSBjcmVhdGlvbiBvZiBhIGNlcnRpZmljYXRlIG9uIGJlaGFsZiBvZiB0aGUgSW9UIGRldmlj ZS4NCg0KQ29ycmVjdCwgcGx1cyBhbiBlMmUgVExTIHJlbGF5Lg0KDQpUbyBnZXQgdGhpcyB0byB3 b3JrIHlvdSByZWx5IG9uIHRocmVlIGFzc3VtcHRpb25zOg0KKDEpIFRoZXJlIGhhcyB0byBiZSBh IGNvbW11bmljYXRpb24gaW5mcmFzdHJ1Y3R1cmUgdGhhdCBhc3NvY2lhdGVzIHRoZSAiYW5vbnlt b3VzIiBob3N0bmFtZSB3aXRoIGEgc3BlY2lmaWMgZGV2aWNlIGFuZCBjb252ZXlzIHRoZXNlIGlk ZW50aWZpZXJzIHRvIHRoZSByZWxldmFudCBwYXJ0aWVzLg0KDQpFYWNoIGRldmljZSBpcyBjb25m aWd1cmVkIHdpdGggYW4gaW5pdFVybCBwb2ludGluZyB0byBhIHNwZWNpZmljIENBIHByb3h5IHRo YXQgYWxsb2NhdGVzIGEgcmFuZG9tIGhvc3RuYW1lIChhIENOIHRvIGJlIG1vcmUgYWNjdXJhdGUp LCBub3JtYWxseSBhIHN1YmRvbWFpbiBvZiBhIG1hc3RlciBkb21haW4gdGhhdCBoYXMgYSB3aWxk Y2FyZCBETlMgcmVjb3JkIHBvaW50aW5nIHRvIHRoZSBDQSBwcm94eS4NCkV4YW1wbGUgLSB0aGUg aW5pdFVybCBmb3IgcHVibGljIGV4cGVyaW1lbnRhbCB1c2UgLSBodHRwczovL3NuaWYuc25pZi54 eXo6NDQ0MyBUaGUgYWxsb2NhdGVkIHdpbGRjYXJkIENOIGlzIGEgc3ViZG9tYWluIG9mIHRoZSBt YXN0ZXIgZG9tYWluIHNuaWYueHl6DQoNCg0KKDIpIFlvdSBhc3N1bWUgdGhhdCBhIHBhcnR5IHRo YXQgd2FudHMgdG8gY29udGFjdCB0aGUgSW9UIGRldmljZSBpcyBhYmxlIHRvIHJlYWNoIHRoZSBk ZXZpY2UgKGkuZS4gdGhlIElvVCBkZXZpY2UgaXMgbm90IGJlaGluZCBhIGZpcmV3YWxsIG9yIE5B VCkuDQoNCkJvdGggdGhlIElvVCBkZXZpY2UgYW5kIHRoZSBjbGllbnQgY29ubmVjdCB0byB0aGUg U05JRiByZWxheS4gVGhlIHdob2xlIHB1cnBvc2Ugb2YgU05JRiBpcyB0byBiZSBhYmxlIHRvIHdv cmsgZnJvbSBiZWhpbmQgTkFUIC8gZmlyZXdhbGwgL2V0YywgYW5kIGl0J3MgYmVlbiBjb25maXJt ZWQgdG8gd29yayBpbiBwcmUtcHJvZHVjdGlvbi4gSW4gZmFjdCBJIGhhZCBhIG1pbm9yIGhpY2t1 cCB3aXRoIEZvcnRpZ2F0ZSBpbiB0aGUgcHJvY2VzcyBvZiB0ZXN0aW5nIHdoaWNoIGhhcyBiZWVu IHJlc29sdmVkLg0KVGhlcmUgYXJlIHNpbXBsaWZpZWQgZGlhZ3JhbXMgb24gaHR0cHM6Ly9zbmlm Lmhvc3QgdG8gaWxsdXN0cmF0ZSB0aGUgY29uY2VwdC4NCg0KDQooMykgU29tZW9uZSBvcGVyYXRp bmcgSW9UIGRldmljZXMgaGFzIHRvIHRydXN0IHRoZSBwcm94eSBzaW5jZSBpdCBpcyBlYXN5IGZv ciB0aGUgcHJveHkgdG8gYXNzb2NpYXRlIGEgaG9zdG5hbWUgd2l0aCBhIHB1YmxpYyBrZXkgdGhh dCB3YXMgY3JlYXRlZCBieSB0aGUgcHJveHkgKHJhdGhlciB0aGFuIHRoZSBlbmQgZGV2aWNlKS4g VGhpcyBlc3NlbnRpYWxseSBhbGxvd3MgdGhlIHByb3h5IHRvIGltcGVyc29uYXRpbmcgdGhlIElv VCBkZXZpY2UuDQoNCklzIG15IHVuZGVyc3RhbmRpbmcgY29ycmVjdD8NCg0KWWVzLCBJIG1lbnRp b25lZCB0aGlzIHZ1bG5lcmFiaWxpdHkgaW4gdGhlIHNlY3VyaXR5IHNlY3Rpb24uIFRoZSBhbnN3 ZXIgaXMNCi0gd2F0Y2ggdGhlIHB1YmxpYyBUTFMgdHJhbnNwYXJlbmN5IGxvZ3MsIGFueSBwYXJ0 eSBjYW4gZG8gaXQuIElmIGFueSBvdmVybGFwcGluZyBDTnMgYXJlIGZvdW5kIC0gdGhlIENBIHBy b3h5IGlzIHBlcm1hbmVudGx5IGNvbXByb21pc2VkLA0KLSBkbyBub3QgdXNlIHJhbmRvbSBDQSBw cm94aWVzIG93bmVkIGJ5IHVua25vd24gcGFydGllcy4NCg0KDQpDaWFvDQpIYW5uZXMNCg0KQW55 IGZ1cnRoZXIgcXVlc3Rpb25zL3N1Z2dlc3Rpb25zIGFyZSB3ZWxjb21lLg0KDQotLS0tLU9yaWdp bmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU2VjZGlzcGF0Y2ggPHNlY2Rpc3BhdGNoLWJvdW5jZXNA aWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+PiBPbiBCZWhhbGYg T2YgSmltIFp1Ym92DQpTZW50OiBGcmlkYXksIEZlYnJ1YXJ5IDExLCAyMDIyIDEyOjIyIEFNDQpU bzogc2VjZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNoQGlldGYub3JnPjsgTWlj aGFlbCBSaWNoYXJkc29uIDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E8bWFpbHRvOm1jcitpZXRmQHNh bmRlbG1hbi5jYT4+Ow0KSmltIFp1Ym92IDxpZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbTxtYWls dG86aWV0Zi1saXN0QGNvbW1lcmNlYnl0ZS5jb20+PjsgaW90b3BzQGlldGYub3JnPG1haWx0bzpp b3RvcHNAaWV0Zi5vcmc+OyBhbmltYUBpZXRmLm9yZzxtYWlsdG86YW5pbWFAaWV0Zi5vcmc+DQpT dWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNoXSBJLUQ6IERlcGxveWluZyBQdWJsaWNseSBUcnVzdGVk IFRMUyBTZXJ2ZXJzDQpvbiBJb1QgRGV2aWNlcyBVc2luZyBTTkktYmFzZWQgRW5kLXRvLUVuZCBU TFMgRm9yd2FyZGluZyAoU05JRikNCg0KVGhhbmtzIGZvciB0aGUgZmVlZGJhY2sgYWdhaW4sIG15 IGNvbW1lbnQgYXJlIGJlbG93Lg0KSSBzdWJtaXR0ZWQgYSBuZXcgdmVyc2lvbiBvZiB0aGUgZHJh ZnQgdG8gcmVmbGVjdCBzb21lIGNoYW5nZXMuDQoNCk9uIEZlYnJ1YXJ5IDEwLCAyMDIyIDE6MDI6 NDggUE0gRVNULCBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRmQHNhbmRlbG1hbi5jYTxtYWls dG86bWNyK2lldGZAc2FuZGVsbWFuLmNhPj4gd3JvdGU6DQoNCkppbSBadWJvdiA8aWV0Zi1saXN0 QGNvbW1lcmNlYnl0ZS5jb208bWFpbHRvOmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tPj4gd3Jv dGU6DQoNCiBUaGlzIHdhcyBhbHNvIG9uIHRoZSBJRVRGMTEyIElPVE9QUyBXRyBhZ2VuZGE6DQog c2xpZGVzOg0KIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvbWVldGluZy8xMTIvbWF0ZXJp YWxzL3NsaWRlcy0xMTItaW90b3BzLXN1aWItYnJvd3NpbmctbG9jYWwtd2ViLXJlc291cmNlcy1p bi1hLXNlY3VyZS11c2FibGUtbWFubmVyLWlvdC1kZXZpY2UtY29uZmlndXJhdGlvbi1hcy1hLXNw ZWNpYWwtY2FzZS0wMA0KIHZpZGVvOiAgaHR0cHM6Ly95b3V0dS5iZS9PSWxKclV2d0RjST90PTE2 NDkNCg0KIGFuZCB3ZSBob3BlIHRvIHJldHVybiBhdCBJRVRGMTEzLg0KDQoNCg0KUmlnaHQsIGxv b2tzIGxpa2UgU1VJQiBpcyB3b3JraW5nIG9uIGEgc2ltaWxhciBwcm9ibGVtLiBUaGFua3MgZm9y DQpwb2ludGluZyB0aGlzIG91dC4gSW4gcGFydGljdWxhciwgdGhlICJTb2wgIzYgRGV2aWNlIG5h bWUgRE5TIiBzbGlkZQ0KbG9va3MgcXVpdGUgc2ltaWxhciB0byBTTklGIENBIFByb3h5IChTZWN0 aW9uIDMpLiBIb3dldmVyLCBTVUlCIHB1cnN1ZXMNCmJpZ2dlciBpbmZyYXN0cnVjdHVyYWwgZ29h bHMgc3VjaCBhcyBjaGFuZ2luZyB0aGUgbG9jYWxob3N0IFRMUw0KY29ubmVjdGlvbiBwb2xpY2ll cyAoSSB0b3RhbGx5IGFncmVlIGFuZCByZWFsbHkgYXBwcmVjaWF0ZSB0aGUgZWZmb3J0KSwNCndo aWxlIFNOSUYgaXMgYSBmdW5jdGlvbmluZyBzb2x1dGlvbiB3aXRoaW4gdGhlIGV4aXN0aW5nDQpp bmZyYXN0cnVjdHVyZSwgdGVzdGVkIGFuZCBwcm92ZW4gdG8gd29yayBpbiBwcmUtcHJvZHVjdGlv bi4NCg0KVGhlIHNsaWRlcyBtYXkgYmUgdG9vIHZhZ3VlLiAgQ2hhbmdpbmcgdGhlIFRMUyBwb2xp Y2llcyBpcyBhIHBvc3NpYmxlDQpzb2x1dGlvbiwgYnV0IHByb2JhYmx5IGFuIGltcHJhY3RpY2Fs IG9uZS4gIE5ldmVydGhlbGVzcywgbWFueSBwZW9wbGUNCihub3Qgc3RlZXBlZCBpbiB0aGUgYXJ0 cywgYW5kIG9mdGVuIGZhaWxsaW5nIGludG8gdGhlIFBIQiBjYXRlZ29yeSkNCnRoaW5rIHRoYXQg aXQgaXMgYW4gb2J2aW91cyBzb2x1dGlvbiwgc28gd2UgbGlzdCBpdCBpbiBvcmRlciB0byBleHBs YWluIHdoeSBpdCB3b24ndCB3b3JrLg0KDQpZZXMsIHN0aWxsIHNhZCB0aGF0IGxvY2FsaG9zdCBz bGlwcGVkIHRocm91Z2ggdGhlIGNyYWNrcyB3aGVuIHRoZSBvcmlnaW5hbCBzZWN1cml0eSBzdGFu ZGFyZHMgd2VyZSB3cml0dGVuLg0KDQoNCg0KIFRoZSBTVUlCIHByb2JsZW0gYWRkcmVzc2VzIHRo ZSBjaGFsbGVuZ2Ugb2YgY29ubmVjdGluZyAqbG9jYWxseSogdG8gYQ0KIGRldmljZSwNCiBhbmQg ZG9pbmcgaXQgc2VjdXJlbHkuICBGb3IgdGhpcyB0byBiZSBwb3NzaWJsZSB3aXRoIFJGQzYxMjUt RE5TLUlEDQogc3RhbmRhcmQNCiBicm93c2VyLCB3ZSBuZWVkIGEgbmFtZSBmb3IgdGhlIGRldmlj ZSwgYW5kIHdlIG5lZWQgYSB3YXkgdG8gdHJhbnNsYXRlDQogdGhhdA0KIG5hbWUgaW50byBhIGxv Y2FsbHkgcmVhY2hhYmxlIElQIGFkZHJlc3MuDQoNCiBUaGUgU05JRiBwcm9wb3NhbCBkb2VzIG5v dCBxdWl0ZSBzb2x2ZSB0aGUgYWJvdmUgcHJvYmxlbS4NCg0KDQoNCkluIGZhY3QsIEkgb3JpZ2lu YWxseSBkZXNpZ25lZCBTTklGIHRvIHNvbHZlIHRoaXMgc3BlY2lmaWMgcHJvYmxlbSAtDQpsb2Nh bC10by1sb2NhbCB0cnVzdGVkIFRMUyBjb25uZWN0aW9ucy4NCg0KQWgsIHZlcnkgbmljZSB0byBr bm93Lg0KDQoqIElzc3VlIGEgd2lsZGNhcmQgY2VydCB0aHJvdWdoIFNOSUYgQ0EgUHJveHkNCihl LmcuIENOPSouZG9tYWluLnNuaWYueHl6KSwgc2V0IGEgRE5TIHJlY29yZCBmb3INCmxvY2FsaG9z dC5kb21haW4uc25pZi54eXogdG8gcG9pbnQgdG8gbG9jYWxob3N0J3MgSVB2NC92NiwgYW5kIHVz ZQ0KaHR0cHM6Ly9sb2NhbGhvc3QuZG9tYWluLnNuaWYueHl6IChvciBvdGhlciBhcHAgcHJvdG9j b2wgLSBpbWFwcw0KZXRjKS4gSG93ZXZlciwgbG9va3MgbGlrZSBzb21lIGNsaWVudHMgdHJlYXQg dGhlIGxvY2FsaG9zdCBJUCBhcw0KaW5oZXJlbnRseSB1bnNlY3VyZSwgYW5kIGlzc3VlIGEgd2Fy bmluZyBldmVyIGlzIHRoZSBjZXJ0IGlzIHBlcmZlY3RseQ0KdmFsaWQuIFRoZSBvcHRpb24gaXMg c3RpbGwgcG9zc2libGUsIGJ1dCB0aGUgYXBwbGljYWJpbGl0eSBtaWdodCBiZQ0KbGltaXRlZC4N Cg0KVGhlIHByb2Nlc3Mgd2UgZGVzY3JpYmVkIGF0DQoNCmh0dHBzOi8vc3BlY3MubWFueXNlY3Vy ZWQub3JnL3N1aWIvU29sdXRpb25zL2Ruc25hbWUtZW1iZWRkZWQtc29sdXRpb24NCg0KYWxzbyB1 c2VzIGEgd2lsZGNhcmQgY2VydCwgYnV0IGhhcyBhIG1hZ2ljIGF1dGhvcml0YXRpdmUgRE5TIHNl cnZlcg0KdGhhdCB0cmFuc2xhdGVzIHRoZSBsZWZ0LW1vc3QgbGFiZWwgaW50byBhbiBBIG9yIEFB QUEgcmVjb3JkLiAgSXQncw0KcmF0aGVyIGEgY3V0ZSBoYWNrLCBidXQgYXQgbGVhc3Q6DQogIGEp IGl0J3MgY2FjaGFibGUNCiAgYikgaXQgY291bGQgZXZlbiBiZSBjYWxjdWxhdGVkIGxvY2FsbHks IGlmIG9uZSBpZ25vcmVzIEROU1NFQy4NCg0KWWVzLCB1c2luZyBhIGxvY2FsIG5ldHdvcmsgSVAg aW5zdGVhZCBvZiBhIGxvY2FsaG9zdCBJUCBpcyBhY3R1YWxseSBhIHNtYXJ0IGlkZWEuDQpIb3dl dmVyLCBpbmxpbmluZyB0aGUgbG9jYWwgSVAgaW4gdGhlIGhvc3RuYW1lLCBhcyBTVUlCIGRvZXMs IG1lYW5zIHlvdSdsbCBoYXZlIHRvIGNoYW5nZSB0aGUgaG9zdG5hbWUgaW4geW91ciBjbGllbnQg ZXZlcnkgdGltZSB5b3VyIG5ldHdvcmsgaXMgY2hhbmdlZC4NCkkgaGF2ZSBhbiB0aG91Z2h0IGZv ciBTTklGIGltcHJvdmVtZW50IC0gU05JRiBjb25uZWN0b3Igc2VuZHMgYSBTTklGIEROUyBjb21t YW5kIHRvIHNldCBhIGR5bmFtaWMgRE5TIEEvQUFBQSBmb3IgYSBjZXJ0YWluIGhvc3RuYW1lIHdp dGhpbiB0aGUgQ04gd2lsZGNhcmQsIGFuZCB0aGUgQ0EgcHJveHkgdXBkYXRlcyB0aGUgRE5TIGFj Y29yZGluZ2x5LiBUaGlzIHdheSB0aGUgaG9zdG5hbWUgY2FuIGJlIHBlcm1hbmVudCwgYnV0IHdp dGggZHluYW1pYyBETlMuDQpBbm90aGVyIHByb2JsZW0gLSBtb3N0IHBsYXRmb3JtcyB3b24ndCBs ZXQgeW91IGJpbmQgdG8gcG9ydCA8IDEwMjQgdW5sZXNzIHlvdSdyZSBhIHJvb3QuIE1pZ2h0IGJl IG9rIGZvciBhIGRldmljZSBtYW51ZmFjdHVyZXIsIGJ1dCBpcyBhIHBvdGVudGlhbCBzaG93IHN0 b3BwZXIgZm9yIGFueSB1c2VyIHNwYWNlIGFwcC4gUmVsYXllZCBTTklGIHdvcmtzIGFyb3VuZCB0 aGlzIHByb2JsZW0gc2luY2UgdGhlIGxpc3RlbmluZyBwb3J0cyBhcmUgb24gdGhlIHJlbGF5Lg0K DQoNCg0KDQoqIEFub3RoZXIgb3B0aW9uIGlzIHRvIG92ZXJyaWRlIHRoZSBJUCByb3V0aW5nIHJ1 bGVzLiBJdCBpcyB0b3RhbGx5DQpwb3NzaWJsZSBvbiBpT1MgYW5kIE1hYyB0aHJvdWdoIGEgdXNl cnNwYWNlIFZQTiAob25seSBvbmUgVlBOIHBlcg0KZGV2aWNlIHRob3VnaCAtIGJld2FyZSBvZiBw b3NzaWJsZSBjb25mbGljdHMpLiBJbiBmYWN0IEkgaGF2ZSBhDQpmdW5jdGlvbmluZyBzb2x1dGlv biBmb3IgaXQsIGluIGJldGEgbm93IC0NCg0KVGhhdCBkb2Vzbid0IHJlYWxseSBzY2FsZSB0byBt YW55IGRpZmZlcmVudCBkb21haW5zLg0KDQpUb3RhbGx5IGFncmVlZCwgSSBqdXN0IG1lbnRpb25l ZCB0aGF0IHRoaXMgb3B0aW9uIHdvcmtzIGZvciAqc29tZSogY2FzZXMsIHR1bi90YXAgYSBpcyBw b3NzaWJsZSBvcHRpb24gdG9vIGlmIHlvdSdyZSBhIHJvb3QuDQoNCg0KDQpTdGlsbCwgaWYgU05J RiBpcyByZXBsYWNpbmcgYSBtYW51ZmFjdHVyZXIgcHJvcHJpZXRhcnkgY2FsbC1ob21lIHByb3Rv Y29sLA0KdGhlcmUgY291bGQgYmUgYWR2YW50YWdlcyBmcm9tIGhhdmluZyB3ZWxsIHJldmlld2Vk IGNvZGUgYmFzZXMsIGFuZA0KcG90ZW50aWFsbHkgYW4gZWNvc3lzdGVtIG9mIFNOSUYgUHJvdmlk ZXJzIHRoYXQgbWFudWZhY3R1cmVycyBjb3VsZA0Kb3V0c291cmNlDQoNCg0KDQp0by4gIEF6dXJl L0FtYXpvbi8uLi4gY291bGQgZWFzaWx5IHJ1biBzdWNoIHNlcnZpY2VzLg0KDQoNCg0KSSBzZWUg dHdvIG9wdGlvbnMgLSBhIFNOSUYgc2VydmVyIGltcGxlbWVudGVkIGJ5IGVhY2ggdmVuZG9yIGZv ciB0aGVpcg0Kb3duIGRldmljZXMvc2VydmljZXMsIG9yIGEgYmlnZ2VyIFNOSUYgU2FhUyBpbXBs ZW1lbnRlZCBieSBhIHRydXN0ZWQNCnByb3ZpZGVyLCB1c2VkIGJ5IHZlbmRvcnMuDQoNClllcywg YnV0IHdoYXQncyB0aGUgZmluYW5jaWFsIG1vdGl2ZSBmb3IgdGhpcyBwcm92aWRlcj8NCg0KKDEp IEZvciBhIHZlbmRvciB0byBydW4gdGhlaXIgb3duIFNOSUYgc2VydmVyOiBtYXJrZXQgYXMgYSB0 cnVlIGF1ZGl0YWJsZSBlbmQtdG8tZW5kIGZvciBJb1QgZGV2aWNlcyB0aGV5IG9mZmVyLg0KKDIp IEZvciBhIHZlbmRvciB1c2luZyBTTklGIFNhYVM6IG1hcmtldCBhcyAoMSkgYmFja2VkIGJ5DQp7 VHJ1c3RlZEJpZ05hbWV9DQooMykgRm9yIGEge1RydXN0ZWRCaWdOYW1lfSB0byBydW4gU05JRiBT YWFTOiBjb2xsZWN0IGZlZXMgZnJvbSAoMikgZm9yIHVzaW5nIHRoZWlyIHNlcnZpY2UgYW5kIGJp ZyBuYW1lLg0KDQpBcyBhIG1hdHRlciBvZiBmYWN0LCBTTklGIHJlbGF5IGlzIGxpZ2h0IG9uIHNl cnZlciByZXNvdXJjZXMuIEkndmUgYmVlbiBydW5uaW5nIGl0IG9uIGEgbWluaW11bSBEaWdpdGFs T2NlYW4gdmlydHVhbCBzZXJ2ZXIgZm9yIG1vbnRocyB3aXRoIG1vcmUgdGhhbiBhIGRvemVuIGNv bm5lY3RvcnMsICAgdGhlIHNlcnZlciBsb2FkIGlzIGEgZnJhY3Rpb24gb2YgYSBwZXJjZW50LiBP ZiBjb3Vyc2UgaWYgc29tZWJvZHkgY29ubmVjdHMgSW9UIGNhbWVyYXMgdGhleSBjYW4gZ2VuZXJh dGUgc29tZSB0cmFmZmljLCBidXQgSW9UIHZlbmRvcnMgYWxyZWFkeSBoYW5kbGUgaXQgdGhyb3Vn aCB0aGVpciBwcm9wcmlldGFyeSByZWxheXMuDQoNCg0KDQpTTklGIHNlZW1zIHZlcnkgbXVjaCBJ UHY0IE5BVDQ0IGZvY3VzZWQsIGFuZCBpdCBjb3VsZCBiZW5lZml0IGZyb20gc29tZQ0KdW5kZXJz dGFuZGluZyBvZiBJUHY2IGFuZCBJUHY2LW92ZXItSVB2NCB0ZWNobm9sb2dpZXMsDQoNCiBwYXJ0 aWN1bGFybHkNCg0KVGVyZWRvLg0KDQoNCg0KU05JRiBpcyBub3QgZXhhY3RseSBmb2N1c2VkIG9u IHY0LCBpdCB3b3JrcyBmaW5lIHdpdGggdjYgYXMgd2VsbC4gSXQncw0KZGVzaWduZWQgdG8gd29y ayBhcm91bmQgTkFULCB0aGF0J3MgdHJ1ZS4gSG93ZXZlciwgSVB2NiBuZXR3b3JrcyBtYXkNCnBv c2UgaXNzdWVzIHRvbyAtIGZpcmV3YWxscyBldGMsIHdoaWNoIHdpbGwgcHJldmVudCB0byBkaXJl Y3RseSBhY2NlcHQNCmluY29taW5nIFRDUCBvbiBJUHY2IGFkZHJlc3MuDQoNClRlcmVkbyBjb3Vs ZCBiZSB1c2VkIGluc3RlYWQgYW5kIGFsbG93cyB0aGUgcmVsYXkgdG8gYmUgc3RhdGVsZXNzIGFu ZA0KZGlzdHJpYnV0ZWQsIGFuZCBkZXZvbHZlcyB0byBvcmRpbmFyeSBJUHY2IHdoZW4gaXQgaXMg cHJlc2VudC4NCg0KWWVzLCBidXQgVGVyZWRvIGlzIElQdjYgc3BlY2lmaWMsIHRoZSB3b3JsZCBp cyBub3Qgc3RyaWN0bHkgSVB2NiB5ZXQuIEFuZCBpdCdzIGEgc3lzdGVtIGxldmVsIHNvbHV0aW9u LCB3aGlsZSBTTklGIHdvcmtzIGZpbmUgaW4gYSB1c2VyIHNwYWNlLg0KDQoNCg0KSXQgY2xlYXJs eSBoYXMgdG8gc3BlYWsgSFRUUFMgb25seS4NCg0KDQoNCkkgc3BlY2lmaWVkIEhUVFAgYmVjYXVz ZSBQS0NTIzEwIGFuZCBYLjUwOSBhcmUgaW5oZXJlbnRseSBzZWN1cmUgdG8gYmUNCnNlbnQgb3Zl ciBhIHBsYWluIGNvbm5lY3Rpb24uDQoNClllcywgYnV0IHRoZXJlIGFyZSBwcml2YWN5IGNvbmNl cm5zIHdoaWNoIHdpbGwgYmVjb21lIGEgcGFpbiwgc28NCmJldHRlciB0byBqdXN0IHNheSBIVFRQ UyBoZXJlLg0KDQpJIHJlc3BlY3RmdWxseSBkaXNhZ3JlZSwgc3RpbGwgdGhpbmsgSFRUUCBpcyBh biBlYXNpZXIgYW5zd2VyIGZvciBTTklGLiBUaGUgcHJvYmxlbSB3aXRoIEhUVFBTIGlzIC0gU05J RiByZWxheSAodXN1YWxseSkgcm91dGVzIGh0dHBzIHBvcnQgdG8gU05JRiBjb25uZWN0b3JzLCBh bmQgZG9lcyBub3Qgc2VydmUgaXQgd2l0aGluIHRoZSBzZXJ2ZXIuIEhhdmluZyBhIGRlZGljYXRl ZCBob3N0bmFtZSBvciBhbiBhbHRlcm5hdGUgcG9ydCBtZWFucyB0aGFuIFNOSUYgY29ubmVjdG9y cyBuZWVkIGFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiBvcHRpb25zLCBvciBhZGRpdGlvbmFsIGRp c2NvdmVyeSBwcm90b2NvbHMuIE9uIHRoZSBvdGhlciBoYW5kLCBIVFRQIGFsbG93cyB0byBkZXJp dmUgYWxsIEFQSSBVUkxzIGRldGVybWluaXN0aWNhbGx5IGZyb20gdGhlIENOLg0KSSBhZGRyZXNz ZWQgdGhlIHBvc3NpYmxlIHNlY3VyaXR5IGNvbmNlcm5zIGluIG1vcmUgZGV0YWlscyBhbmQgYW1l bmRlZCB0aGUgU2VjdXJpdHkgc2VjdGlvbiBpbiB0aGUgZHJhZnQuDQoNCg0KDQoNClRoZSBiZXN0 IG9wdGlvbiBpcyB0aGUgbWFudWZhY3R1cmVyIEkgYmVsaWV2ZS4gVGhlIG1hbnVmYWN0dXJlciBj YW4NCmhhdmUgZWl0aGVyIHRoZWlyIG93biBTTklGIHNlcnZlciwgb3Igd29yayB3aXRoIGEgdHJ1 c3RlZCBTYWFTLiBUaGlzDQp3YXkgaXQncyB6ZXJvIHNldHVwIGZvciB0aGUgZW5kIHVzZXIsIGFu ZCBkb2Vzbid0IG5lZWQgYW55DQppbmZyYXN0cnVjdHVyZSBhZGRpdGlvbnMuDQoNCkFncmVlZCwg dGhlIG1hbnVmYWN0dXJlciBoYXMgdG8gcHJvdmlzaW9uIGEgY3JlZGVudGlhbC4NCg0KWWVzIEkg cHJvcG9zZWQgc29tZSBvdXRsaW5lcyBpbiB0aGUgc2VjdXJpdHkgc2VjdGlvbiwgbW9yZSBkZXRh aWxlZCBzcGVjcyBhcmUgcHJvYmFibHkgYmV0dGVyIHRvIGRlc2NyaWJlIGluIGEgc2VwYXJhdGUg ZHJhZnQuDQoNCg0KDQpTdXJlLCBlbGxpcHRpYyBjdXJ2ZXMgYXJlIGJldHRlciwgYnV0IHNvbWUg b2xkIHNjaG9vbCBjbGllbnRzIG1heSBoYXZlDQpwcm9ibGVtcyB3aXRoIHRoZW0uIEl0IG1heSBt YWtlIHNlbnNlIHRvIG5vdCBtZW50aW9uIHRoZSByZWNvbW1lbmRlZA0KYWxnb3JpdGhtIGluIHRo ZSBkcmFmdCwgYW5kIGp1c3QgdG8gZm9sbG93IHRoZSBDQSdzIHJlY29tbWVuZGF0aW9ucy4NCg0K RUNEU0EgYWNjZWxlcmF0aW9uIGlzIHByZXR0eSBtdWNoIHViaXF1aXRvdXMsIHdoaWxlIFJTQSBp cyBub3QuDQoNCkhvbmVzdGx5IEkgZG9uJ3QgdGhpbmsgYWNjZWxlcmF0aW9uIGlzIHN1Y2ggYSBi aWcgZGVhbCwgbW9zdCBvZiBUTFMgam9iIGlzIHN5bW1ldHJpYyBjaXBoZXJzIGFueXdheS4gQnV0 IEkgYWdyZWUgLSBpdCdzIGJldHRlciB0byBmb2xsb3cgdGhlIENBIHN1Z2dlc3Rpb25zIGFuZCBp bmR1c3RyeSBwcmFjdGljZXMuDQoNCg0KDQpJIGJlbGlldmUgdGhlcmUncyBubyBzZWN1cml0eSBp c3N1ZSwgYXMgbG9uZyBhcyB0aGUgQ04gZW50cm9weSBpcyBzdWZmaWNpZW50Lg0KDQoNCg0KSSBz cGVjaWZpZWQgdGhlIFgtU05JRi1DTjogYXMgbWFuZGF0b3J5LCBhbmQgdGV4dC9wbGFpbiBib2R5 IGFzIGFuDQpvcHRpb25hbCBkdXBsaWNhdGUgb2YgaXQuIFRvIG1ha2UgaXQgY2xlYW5lciwgSSBj YW4gcmVtb3ZlIHRoZSBib2R5DQpmcm9tIHRoZSBzcGVjcyBhbmQgc2F5IHRoZSByZXNwb25zZSBi b2R5IGlzIHRvIGJlIGlnbm9yZWQuDQoNCklmIGJvdGggYXJlIHByZXNlbnQsIGFuZCB0aGV5IGRv bid0IG1hdGNoLCB0aGVuIHRoZXJlIGlzIGNvbmZ1c2lvbi4NClNvIGp1c3QgZ28gd2l0aCBvbmUu ICBJIHRoaW5rIHRoYXQgaXQgc2hvdWxkIGFjdHVhbGx5IGJlIGEgSlNPTiBvciBDQk9SIHBheWxv YWQgcmV0dXJuLg0KDQpBZ3JlZWQsIEkgcmVtb3ZlZCB0aGUgcmVzcG9uc2UgYm9keSBmcm9tIHRo ZSBkcmFmdCwgZ29pbmcgd2l0aCB0aGUgaGVhZGVyLg0KDQoNCg0KDQpUaGV5ICphcmVuJ3QqIHdo YXQgSUFOQSB3b3VsZCBjYWxsICJJUCBwcm90b2NvbHMiLCB3aGljaCB3b3VsZCBiZSB0aGluZ3MN Cmxpa2UNClRDUCwgVURQLCBTQ1RQLCBFU1AsIC4uLg0KDQoNCg0KSGFzIElBTkEgKmFscmVhZHkq IHJlZ2lzdGVyZWQgcG9ydCA3MTIzIHRoZW4/DQoNCg0KDQpJdCdzIG5vdCBhbiBJUCBwcm90b2Nv bC4gSXQncyBhIHNlcnZpY2UgdGhhdCBsaXN0ZW5zIG9uIFRDUCA3MTIzLCBJDQpyZWdpc3RlcmVk IHdpdGggSUFOQSBiYXNlZCBvbiBhIHByZXZpb3VzIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50LA0K YmVmb3JlIEkgdHVybmVkIGl0IGludG8gYW4gSS1ELg0KDQpJIHRoaW5rIHlvdSBzaG91bGQgZHJv cCB0aGUgInNuaWYtKiIgc2VudGVuY2UgYXMgaXQgbWFrZXMgbm8gc2Vuc2UuDQpZb3UgaGF2ZSBh bHJlYWR5IGFsbG9jYXRlZCBUQ1AgcG9ydCA3MTIzIHRvIHRoZSBTTklGICpzZXJ2aWNlKiwgc28N CnRoYXQncyBncmVhdC4NCg0KSXQncyBhY3R1YWxseSBjYWxsZWQgIlNlcnZpY2UgTmFtZXMiIGlu IElBTkEgdGVybWlub2xvZ3ksIHNvcnJ5IGZvciB0aGUgY29uZnVzaW9uLiBJIHVwZGF0ZWQgaW4g dGhlIGRyYWZ0Lg0KDQoNCg0KLS0NCl0gICAgICAgICAgICAgICBOZXZlciB0ZWxsIG1lIHRoZSBv ZGRzISAgICAgICAgICAgICAgICAgfCBpcHY2IG1lc2ggbmV0d29ya3MgWw0KXSAgIE1pY2hhZWwg UmljaGFyZHNvbiwgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzICAgICAgICB8ICAgIElvVCBhcmNo aXRlY3QgICBbDQpdICAgICBtY3JAc2FuZGVsbWFuLmNhPG1haWx0bzptY3JAc2FuZGVsbWFuLmNh PiAgaHR0cDovL3d3dy5zYW5kZWxtYW4uY2EvICAgICAgICB8ICAgcnVieSBvbiByYWlscyAgICBb DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQoNClNlY2Rpc3BhdGNoIG1haWxp bmcgbGlzdA0KU2VjZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOlNlY2Rpc3BhdGNoQGlldGYub3Jn Pg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaA0KSU1Q T1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2ht ZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3Ug YXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIg aW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVy IHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5m b3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KDQpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGll dGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0KLS0NCklvdG9wcyBtYWlsaW5nIGxpc3QN CklvdG9wc0BpZXRmLm9yZzxtYWlsdG86SW90b3BzQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pb3RvcHMNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250 ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBh bmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJl Y2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3Qg ZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55 IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0u IFRoYW5rIHlvdS4NCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1h aWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBw cml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ug bm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29u dGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3Rv cmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K --_000_DBBPR08MB591548B0B00B68F0A4A013ACFA049DBBPR08MB5915eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OldpbmdkaW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAw O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6 MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFu Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZh bWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZh Y2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4iOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEg MSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToy IDExIDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCWZvbnQtc2l6 ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBz cGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsN Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxpLk1zb0xpc3RQYXJh Z3JhcGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlvcml0eTozNDsNCglt YXJnaW4tdG9wOjBpbjsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1hcmdpbi1ib3R0b206MGluOw0K CW1hcmdpbi1sZWZ0Oi41aW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkhUTUxQcmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHls ZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIjsNCglmb250LWZhbWlseTpDb25z b2xhczt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBs eTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0 O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0K CW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3Bh Z2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21z by1saXN0LWlkOjE0ODkwNTA3Mzg7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3Qt dGVtcGxhdGUtaWRzOjQ1OTY5NzUyNCA2MTkxMTU5MzIgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2 ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0KQGxpc3Qg bDA6bGV2ZWwxDQoJe21zby1sZXZlbC1zdGFydC1hdDowOw0KCW1zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5v bmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp bjsNCglmb250LWZhbWlseTpTeW1ib2w7DQoJbXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6RGVuZ1hp YW47DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDA6 bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4 dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3 Ijt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFt aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxldmVsLW51 bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsNg0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K CW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0 IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9s O30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5 OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5v bmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp bjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDENCgl7bXNvLWxpc3QtaWQ6MTc2 NjQ4ODQ0NjsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 MTkyMTM5MDQ0NiAtMzQzNjE3MjQ4IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4Njkx IDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwxOmxldmVsMQ0K CXttc28tbGV2ZWwtc3RhcnQtYXQ6MDsNCgltc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674OYOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6V2luZ2RpbmdzOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9t YW4iOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OkNhbGlicmk7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1z by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlz dCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5Oldpbmdk aW5nczt9DQpAbGlzdCBsMTpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQt ZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVs Nw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVy IE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250 LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFy Z2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxv OnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtl bmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJl ZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0 PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJs dWUiIHZsaW5rPSJwdXJwbGUiIHN0eWxlPSJ3b3JkLXdyYXA6YnJlYWstd29yZCI+DQo8ZGl2IGNs YXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGkgSmltLCA8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+VGhhbmtzIGZvciB5b3VyIHJlc3BvbnNlLiA8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij4mZ3Q7IFRoZXJlIGFyZSBz b21lIElvVCBtYW5hZ2VtZW50IHNvbHV0aW9ucyBvbiB0aGUgbWFya2V0LCBib3RoIG9wZW4gc291 cmNlIGFuZCBwcm9wcmlldGFyeSwgYnV0IGFzIGZhciBhcyBJIGNhbiB0ZWxsIG5vbmUgb2YgdGhl bSBmdWxseSBmb2xsb3dzIHRoZSBlbmQgdG8gZW5kIHBhcmFkaWdtLjxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5bSGFubmVz XSBJdCBkZXBlbmRzIHdoYXQgeW91IGNhbGwgZW5kLXRvLWVuZC4gQXMgYW4gSW9UIHNlcnZpY2Ug cHJvdmlkZXIgeW91IGhhdmUgdG8gbWFrZSBhIGZldyBkZWNpc2lvbnMgYWJvdXQgaG93IHRvIG1h bmFnZSBhbmQgZGVwbG95IElvVCBkZXZpY2VzLiBCcm9hZGx5IHNwZWFraW5nLCB5b3UgaGF2ZSB0 aHJlZSBvcHRpb25zOg0KPG86cD48L286cD48L3A+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGlu IiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0O21hcmdpbi1sZWZ0OjBpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+ DQpZb3UgJm5ic3A7c2VlayBvdXQgdG8gYSB0aGlyZCBwYXJ0eSB0byBtYW5hZ2UgeW91ciBkZXZp Y2VzLiBOZWVkbGVzcyB0byBzYXkgdGhhdCB5b3Ugc2hvdWxkIHBpY2sgYSBjb21wYW55IHRoYXQg eW91IGZlZWwgY29tZm9ydGFibGUgd2l0aC4gVGhleSB3aWxsIG1hbmFnZSB5b3VyIGRldmljZXMg YW5kIHRoZXkgd2lsbCBhbHNvIG9mZmVyIHdheXMgdG8gc3RvcmUgdGhlIGRhdGEgb2J0YWluZWQg ZnJvbSB0aGUgZGV2aWNlcywgdG8gbWFuYWdlIGFuZCBkaXN0cmlidXRlDQogZmlybXdhcmUgdXBk YXRlcywgYW5kIGV2ZW4gdG8gcGVyZm9ybSBhbmFseXNpcyBvZiB0aGUgZGF0YSAobWFjaGluZSBs ZWFybmluZykuIFRoZW4sIHlvdSBjYW4gdHlwaWNhbGx5IGNvbm5lY3QgYmFja2VuZCBhcHBsaWNh dGlvbiBzZXJ2ZXJzIHRvIHRoZSBkZXZpY2UgbWFuYWdlbWVudCBvZmZlcmluZy4gT2YgY291cnNl LCB0aGUgZGV0YWlscyB2YXJ5IGEgbG90IHdpdGggd2hhdCB5b3UgYXJlIGFjdHVhbGx5IGRvaW5n IGFzIGFuIElvVCBzZXJ2aWNlDQogcHJvdmlkZXIgd2l0aCB0aGUgSW9UIGRldmljZXMgYW5kIHRo ZSBkYXRhLjxvOnA+PC9vOnA+PC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxl PSJtYXJnaW4tYm90dG9tOjEyLjBwdDttYXJnaW4tbGVmdDowaW47bXNvLWxpc3Q6bDAgbGV2ZWwx IGxmbzEiPg0KWW91IGdldCB0aGUgc29mdHdhcmUgZnJvbSBhIHByb3ZpZGVyIGFuZCB5b3UgbWFu YWdlIHRoZSBkZXZpY2VzIG9uIHlvdXIgb3duLiBUaGlzIGlzIG9mdGVuIHRoZSBjYXNlIHdoZW4g eW91IHdhbnQgdG8gZGVwbG95IGFuIG9uLXByZW1pc2Ugc29sdXRpb24uIEhlcmUgeW91IGhhdmUg dG8gdHJ1c3QgdGhlIHByb3ZpZGVyIG9mIHRoZSBkZXZpY2UgbWFuYWdlbWVudCBzb2Z0d2FyZSB0 aGF0IHRoZSBjb2RlIGlzIGNvcnJlY3QgYW5kIGRvZXMgd2hhdA0KIGl0IGlzIHN1cHBvc2VkIHRv IGRvLiBJbiBzb21lIGNhc2VzIHlvdSBub3Qgb25seSBnZXQgdGhlIGJpbmFyeSBidXQgYWxzbyB0 aGUgc291cmNlIGNvZGUuIEluIHRoZW9yeSwgeW91IGNvdWxkIGNoZWNrIHdoYXQgY29kZSBpcyBh Y3R1YWxseSBydW5uaW5nIChhbHRob3VnaCBJIGRvdWJ0IHRoYXQgYW55b25lIHJlYWxseSBjaGVj a3MpLg0KPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9 Im1hcmdpbi1ib3R0b206MTIuMHB0O21hcmdpbi1sZWZ0OjBpbjttc28tbGlzdDpsMCBsZXZlbDEg bGZvMSI+DQpGaW5hbGx5LCB5b3UgYnVpbGQgeW91ciBvd24gZGV2aWNlIG1hbmFnZW1lbnQgc29s dXRpb24gKG9mdGVuIHVzaW5nIGF2YWlsYWJsZSBvcGVuIHNvdXJjZSBzb2Z0d2FyZSkuDQo8bzpw PjwvbzpwPjwvbGk+PC91bD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjEyLjBwdCI+SW4gcHJhY3RpY2UsIEkgaGF2ZSBhbHNvIHNlZW4gYSBjb21iaW5hdGlvbiBv ZiB0aGUgdmFyaWFudHMgYWJvdmUuIEZvciBleGFtcGxlLCBJIGhhdmUgc2VlbiBhIGNhc2Ugd2hl cmUgdGhlIGRldmljZXMgd2VyZSBtYW5hZ2VkIGJ5IGEgdGhpcmQgcGFydHkgYnV0IHRoZSB2aWRl byBzdHJlYW0gb2YgdGhlIHN1cnZlaWxsYW5jZSBjYW1lcmEgd2FzIHNlbnQgZGlyZWN0bHkNCiB0 byBhIGRlZGljYXRlZCBzZXJ2ZXIgbWFuYWdlZCBieSB0aGUgSW9UIHNlcnZpY2UgcHJvdmlkZXIu IChUaGVyZSB3ZXJlIGFsc28gdmFyaW91cyB0ZWNobmlxdWVzIHRvIHByZXZlbnQgbW9kaWZpY2F0 aW9ucyB0byB0aGUgZGV2aWNlIHRvIGhhdmUgdGhlIHZpZGVvIHN0cmVhbSByZS1kaXJlY3RlZCBv ciB0aGUgY3JlZGVudGlhbHMgY2hhbmdlcyBidXQgSSB0aGluayB5b3UgZ2V0IHRoZSBpZGVhLikg VGhlIGNvbW11bmljYXRpb24gbW9kZWwgdGhlcmUNCiB3YXMgYSBiaXQgZGlmZmVyZW50IHRoYW4g eW91cnMgYmVjYXVzZSB0aGUgY2xpZW50IGluaXRpYXRlZCB0aGUgY29tbXVuaWNhdGlvbiB3aXRo IHRoZSB2aWRlbyBzZXJ2ZXIuIEhlbmNlLCB0aGVyZSB3YXMgbm8gaXNzdWUgd2l0aCBydW5uaW5n IGEgVExTIHNlcnZlciBvbiB0aGUgZGV2aWNlLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5PbiB0b3Agb2YgdGhpcywgaXQg aXMgYWxzbyBjb21tb24gdG8gcHJvdmlkZSBzcGVjaWFsIHNlY3VyaXR5IHByb3RlY3Rpb24gZm9y IHNlbGVjdGVkIGRhdGEuIEZvciBleGFtcGxlLCBmaXJtd2FyZSB1cGRhdGVzIGFyZSBzaWduZWQg YnkgcGFydHkgZGlmZmVyZW50IGZyb20gdGhlIGNvbXBhbnkgb2ZmZXJpbmcgdGhlIGRldmljZSBt YW5hZ2VtZW50IHNvbHV0aW9uLg0KIFRoZXkgYXJlLCBmb3IgZXhhbXBsZSwgc2luZ2VkIGJ5IHRo ZSBjb21wYW55IGRldmVsb3BpbmcgdGhlIGNvZGUuIFRoZXkgYXJlIHN0aWxsIGRpc3RyaWJ1dGVk IGJ5IHRoZSBkZXZpY2UgbWFuYWdlbWVudCBpbmZyYXN0cnVjdHVyZSBhbmQgaGVuY2UgeW91IGhh dmUgdG8gcmVseSBvbiB0aGUgZGlzdHJpYnV0aW9uIG9mIHRoZW0gYnV0IHRoZXJlIGlzIG5vIGNo YW5jZSBmb3IgdGhlIGRldmljZSBtYW5hZ2VtZW50IHByb3ZpZGVyIHRvIGluamVjdA0KIG1hbGlj aW91cyBjb2RlIGludG8gdGhlIGRldmljZS4gPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkZyb20gd2hhdCBJIGFtIHNlZWlu ZywgdGhlIGZpcnN0IGRlcGxveW1lbnQgbW9kZWwgaXMgdmVyeSBwb3B1bGFyLiBUaGUgYXBwcm9h Y2ggb2Yg4oCcZGVzaWduaW5nIHlvdXIgb3duIHNvbHV0aW9u4oCdIHdhcyBwb3B1bGFyIGluIHRo ZSBlYXJseSBkYXlzIGJlY2F1c2UgY29tcGFuaWVzIHdlcmUgZ2l2ZW4gdGhlIGltcHJlc3Npb24g dGhhdCB0aGlzIElvVCBzdHVmZg0KIGlzIHNvIHNpbXBsZSB0aGF0IHlvdSBjYW4gcHV0IGEgc29s dXRpb24gdG9nZXRoZXIgaW4gYSB3ZWVrZW5kLiBJdCB0dXJuZWQgb3V0IHRoYXQgdGhpcyBpcyBu b3QgcXVpdGUgdGhlIGNhc2UgKGlmIHlvdSBoYXZlIGEgbGFyZ2VyIG51bWJlciBvZiBkZXZpY2Vz KS4gTWFueSBJb1Qgc2VydmljZSBwcm92aWRlcnMgYWxzbyBuZWVkIGhlbHAgZGVzaWduaW5nIHRo ZSBlbnRpcmUgc29sdXRpb24sIGFsc28gdGhlIHNvbHV0aW9uIG9uIHRoZSBJb1QgZGV2aWNlDQog aXRzZWxmLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0Ij5Ib3cgZG9lcyB5b3VyIHNvbHV0aW9uIGZpdCBpbnRvIHRoaXMgcGlj dHVyZT88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t Ym90dG9tOjEyLjBwdCI+Jmd0OyBJIGJlbGlldmUgaXQncyB3b3J0aCBoYXZpbmcgYSB1bml2ZXJz YWwgY3Jvc3MtdmVuZG9yIHNvbHV0aW9uIHRoYXQgaGFuZGxlcyBTTklGIGRldmljZSBvbmJvYXJk aW5nLCBtYWludGFpbnMgdGhlIGNyZWRlbnRpYWxzIGluIGEgbG9jYWwgc2VjdXJlIHN0b3JhZ2Us IGFuZCBjb25zb2xpZGF0ZXMgaHR0cHMgYmFzZWQgbWFuYWdlbWVudCBpbnRlcmZhY2UgaG9zdGVk DQogYnkgaW5kaXZpZHVhbCBkZXZpY2VzIHRocm91Z2ggU05JRi48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+W0hhbm5lc10g VGhlcmUgaXMgZGVmaW5pdGVseSBhIGxvdCBvZiBleGNpdGVtZW50IHdoZW4gaXQgY29tZXMgdG8g dGhlIGRldmVsb3BtZW50IG9mIGRldmljZSBvbmJvYXJkaW5nIHNvbHV0aW9ucy4gSSBoYXZlIHRv IHRydXN0IHlvdSB0aGF0IHRoZXJlIGlzIGZ1cnRoZXIgaW50ZXJlc3QgZm9yIHNvbHV0aW9ucyBi ZWNhdXNlIEkgaGF2ZW7igJl0IGNoZWNrZWQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj4NCiZndDsgVGhlIHJlcXVp cmVtZW50cyBmb3Igc3VjaCBzb2x1dGlvbiBpcyBhIHRvcGljIGZvciBhIHNlcGFyYXRlIGRyYWZ0 LCBhbHRob3VnaCBJIGFscmVhZHkgb3V0bGluZWQgdGhlIHBvc3NpYmxlIHNlY3VyZSBvbmJvYXJk aW5nIHByb2Nlc3MgaW4gdGhlIHNlY3VyaXR5IHNlY3Rpb24uPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkkgd2lsbCByZS1y ZWFkIHlvdXIgc2VjdXJpdHkgY29uc2lkZXJhdGlvbiBzZWN0aW9uIGFnYWluLg0KPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0Ij5Ob3RlIHRoYXQgSSBhbSBjZXJ0YWlubHkgbm90IGFnYWluc3QgeW91 ciBzb2x1dGlvbi4gSWYgeW91ciBhcHByb2FjaCBoYXMgc3VjY2Vzcywga3Vkb3MgdG8geW91Lg0K PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRv bToxMi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5DaWFvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkhhbm5lczxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBGZWJy dWFyeSAyNCwgMjAyMiA1OjM3OjQ2IEFNIEVTVCwgSGFubmVzIFRzY2hvZmVuaWcgJmx0OzxhIGhy ZWY9Im1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tIj5IYW5uZXMuVHNjaG9mZW5pZ0Bh cm0uY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0i Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAw aW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW4iPg0KPHByZT5I aSBKaW0sPGJyPjxicj5UaGFua3MgZm9yIHRoZSBxdWljayByZXNwb25zZS4gVGhlIGxpbmsgdG8g eW91ciB3ZWJzaXRlIGlzIGhlbHBmdWwuIEkgbm93IHVuZGVyc3Rvb2QgdGhhdCB5b3Ugd291bGQg YWxzbyByZWxheSB0aGUgY29tbXVuaWNhdGlvbiB0aHJvdWdoIHRoZSBwcm94eSwgd2hpY2ggZGVh bHMgd2l0aCB0aGUgSW9UIGRldmljZSBiZWluZyBiZWhpbmQgYSBOQVQgYW5kL29yIGZpcmV3YWxs IGlmIHRoZSBJb1QgZGV2aWNlIGtlZXBzIHRoZSBjb25uZWN0aW9uIGFsaXZlLjxicj48YnI+SSB3 b25kZXIgd2hldGhlciB5b3UgaGF2ZSBjb25zaWRlcmVkIHRvIHJlLXVzZSBhbiBleGlzdGluZyBk ZXZpY2UgbWFuYWdlbWVudCBzb2x1dGlvbnMgc2luY2UgdGhvc2UgaXMgd2lkZWx5IGRlcGxveWVk IHRvZGF5Pzxicj48YnI+Q2lhbzxicj5IYW5uZXM8YnI+PGJyPi0tLS0tT3JpZ2luYWwgTWVzc2Fn ZS0tLS0tPGJyPkZyb206IElvdG9wcyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlvdG9wcy1ib3VuY2Vz QGlldGYub3JnIj5pb3RvcHMtYm91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7IE9uIEJlaGFsZiBPZiBK aW0gWnVib3Y8YnI+U2VudDogV2VkbmVzZGF5LCBGZWJydWFyeSAyMywgMjAyMiA0OjE3IFBNPGJy PlRvOiA8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoQGll dGYub3JnPC9hPjsgSGFubmVzIFRzY2hvZmVuaWcgJmx0OzxhIGhyZWY9Im1haWx0bzpIYW5uZXMu VHNjaG9mZW5pZ0Bhcm0uY29tIj5IYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPC9hPiZndDs7IEpp bSBadWJvdiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tIj5p ZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbTwvYT4mZ3Q7OyA8YSBocmVmPSJtYWlsdG86c2VjZGlz cGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoQGlldGYub3JnPC9hPjsgTWljaGFlbCBSaWNoYXJk c29uICZsdDs8YSBocmVmPSJtYWlsdG86bWNyK2lldGZAc2FuZGVsbWFuLmNhIj5tY3IraWV0ZkBz YW5kZWxtYW4uY2E8L2E+Jmd0OzsgPGEgaHJlZj0ibWFpbHRvOmlvdG9wc0BpZXRmLm9yZyI+aW90 b3BzQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmFuaW1hQGlldGYub3JnIj5hbmltYUBp ZXRmLm9yZzwvYT48YnI+U3ViamVjdDogUmU6IFtJb3RvcHNdIFtTZWNkaXNwYXRjaF0gSS1EOiBE ZXBsb3lpbmcgUHVibGljbHkgVHJ1c3RlZCBUTFMgU2VydmVycyBvbiBJb1QgRGV2aWNlcyBVc2lu ZyBTTkktYmFzZWQgRW5kLXRvLUVuZCBUTFMgRm9yd2FyZGluZyAoU05JRik8YnI+PGJyPlRoYW5r IFlvdSBmb3IgeW91ciBmZWVkYmFjayBIYW5uZXMsIEkgYWRkcmVzc2VkIHRoZSBjb21tZW50cyBi ZWxvdyAtPGJyPjxicj5PbiBGZWJydWFyeSAyMywgMjAyMiA1OjM2OjE1IEFNIEVTVCwgSGFubmVz IFRzY2hvZmVuaWcgJmx0OzxhIGhyZWY9Im1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29t Ij5IYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3By ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzI5 RkNGIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SGkgYWxsLDxicj48YnI+ VGhhbmtzIGZvciB0aGlzIGNvbnRyaWJ1dGlvbiwgSmltLjxicj48YnI+UmVhZGluZyB0aHJvdWdo IHRoZSBkb2N1bWVudCBJIGFncmVlIHRoYXQgdGhlIFNVSUIgdG9waWMgZGlzY3Vzc2VkIGluIHRo ZSBJT1RPUFMgV0cgYXBwZWFycyByZWxldmFudC4gSSBhbHNvIHdvbmRlciB3aGV0aGVyIHRoZSB3 b3JrIGluIHRoZSBEQU5JU0ggZ3JvdXAgKHNlZSA8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL3dnL2RhbmlzaC9hYm91dC8pIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L3dnL2RhbmlzaC9hYm91dC8pPC9hPiBpcyByZWxldmFudC48bzpwPjwvbzpwPjwvcHJlPg0KPC9i bG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5BZ3JlZWQg YWJvdXQgU1VJQiwgbm90IHF1aXRlIHN1cmUgYWJvdXQgREFOSVNILiBEQU5JU0ggaXMgYWJvdXQg Y2VydGlmaWNhdGUgYmFzZWQgYXV0aGVudGljYXRpb24gYW5kIFBLSSBleHRlbnNpb25zLCB3aGls ZSBTTklGIGlzIGFib3V0IGVuZC10by1lbmQgcmVsYXllZCB0cnVzdGVkIFRMUyB0aGF0IHJlbGll cyBvbiB0aGUgc3RhbmRhcmQgUEtJLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRkaW5nOjBp biAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2lu LWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxicj5SZWdhcmRpbmcgdGhlIHVzZSBpbiBJb1QgSSBoYXZl IGEgcXVlc3Rpb24gZm9yIG15IHVuZGVyc3RhbmRpbmcuPGJyPjxicj5JbiBhIG51dHNoZWxsLCB5 b3UgaW50cm9kdWNlIGEgcHJveHkgdGhhdCBhbGxvY2F0ZXMgYSBob3N0bmFtZSBhbmQgcmVxdWVz dHMgYSBjcmVhdGlvbiBvZiBhIGNlcnRpZmljYXRlIG9uIGJlaGFsZiBvZiB0aGUgSW9UIGRldmlj ZS48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48YnI+Q29ycmVjdCwgcGx1 cyBhbiBlMmUgVExTIHJlbGF5LjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0i Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRkaW5nOjBpbiAw aW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJv dHRvbTo2LjBwdCI+DQo8cHJlPjxicj5UbyBnZXQgdGhpcyB0byB3b3JrIHlvdSByZWx5IG9uIHRo cmVlIGFzc3VtcHRpb25zOjxicj4oMSkgVGhlcmUgaGFzIHRvIGJlIGEgY29tbXVuaWNhdGlvbiBp bmZyYXN0cnVjdHVyZSB0aGF0IGFzc29jaWF0ZXMgdGhlICZxdW90O2Fub255bW91cyZxdW90OyBo b3N0bmFtZSB3aXRoIGEgc3BlY2lmaWMgZGV2aWNlIGFuZCBjb252ZXlzIHRoZXNlIGlkZW50aWZp ZXJzIHRvIHRoZSByZWxldmFudCBwYXJ0aWVzLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVv dGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPkVhY2ggZGV2aWNlIGlz IGNvbmZpZ3VyZWQgd2l0aCBhbiBpbml0VXJsIHBvaW50aW5nIHRvIGEgc3BlY2lmaWMgQ0EgcHJv eHkgdGhhdCBhbGxvY2F0ZXMgYSByYW5kb20gaG9zdG5hbWUgKGEgQ04gdG8gYmUgbW9yZSBhY2N1 cmF0ZSksIG5vcm1hbGx5IGEgc3ViZG9tYWluIG9mIGEgbWFzdGVyIGRvbWFpbiB0aGF0IGhhcyBh IHdpbGRjYXJkIEROUyByZWNvcmQgcG9pbnRpbmcgdG8gdGhlIENBIHByb3h5Ljxicj5FeGFtcGxl IC0gdGhlIGluaXRVcmwgZm9yIHB1YmxpYyBleHBlcmltZW50YWwgdXNlIC0gPGEgaHJlZj0iaHR0 cHM6Ly9zbmlmLnNuaWYueHl6OjQ0NDMiPmh0dHBzOi8vc25pZi5zbmlmLnh5ejo0NDQzPC9hPiBU aGUgYWxsb2NhdGVkIHdpbGRjYXJkIENOIGlzIGEgc3ViZG9tYWluIG9mIHRoZSBtYXN0ZXIgZG9t YWluIHNuaWYueHl6PGJyPjxicj48bzpwPjwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM3MjlGQ0YgMS4wcHQ7cGFkZGluZzowaW4g MGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1i b3R0b206Ni4wcHQiPg0KPHByZT4oMikgWW91IGFzc3VtZSB0aGF0IGEgcGFydHkgdGhhdCB3YW50 cyB0byBjb250YWN0IHRoZSBJb1QgZGV2aWNlIGlzIGFibGUgdG8gcmVhY2ggdGhlIGRldmljZSAo aS5lLiB0aGUgSW9UIGRldmljZSBpcyBub3QgYmVoaW5kIGEgZmlyZXdhbGwgb3IgTkFUKS48bzpw PjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbTox Mi4wcHQiPjxicj5Cb3RoIHRoZSBJb1QgZGV2aWNlIGFuZCB0aGUgY2xpZW50IGNvbm5lY3QgdG8g dGhlIFNOSUYgcmVsYXkuIFRoZSB3aG9sZSBwdXJwb3NlIG9mIFNOSUYgaXMgdG8gYmUgYWJsZSB0 byB3b3JrIGZyb20gYmVoaW5kIE5BVCAvIGZpcmV3YWxsIC9ldGMsIGFuZCBpdCdzIGJlZW4gY29u ZmlybWVkIHRvIHdvcmsgaW4gcHJlLXByb2R1Y3Rpb24uIEluIGZhY3QgSSBoYWQgYSBtaW5vciBo aWNrdXAgd2l0aCBGb3J0aWdhdGUgaW4gdGhlIHByb2Nlc3Mgb2YgdGVzdGluZyB3aGljaCBoYXMg YmVlbiByZXNvbHZlZC48YnI+VGhlcmUgYXJlIHNpbXBsaWZpZWQgZGlhZ3JhbXMgb24gPGEgaHJl Zj0iaHR0cHM6Ly9zbmlmLmhvc3QiPmh0dHBzOi8vc25pZi5ob3N0PC9hPiB0byBpbGx1c3RyYXRl IHRoZSBjb25jZXB0Ljxicj48YnI+PG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzI5RkNGIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t Ym90dG9tOjYuMHB0Ij4NCjxwcmU+KDMpIFNvbWVvbmUgb3BlcmF0aW5nIElvVCBkZXZpY2VzIGhh cyB0byB0cnVzdCB0aGUgcHJveHkgc2luY2UgaXQgaXMgZWFzeSBmb3IgdGhlIHByb3h5IHRvIGFz c29jaWF0ZSBhIGhvc3RuYW1lIHdpdGggYSBwdWJsaWMga2V5IHRoYXQgd2FzIGNyZWF0ZWQgYnkg dGhlIHByb3h5IChyYXRoZXIgdGhhbiB0aGUgZW5kIGRldmljZSkuIFRoaXMgZXNzZW50aWFsbHkg YWxsb3dzIHRoZSBwcm94eSB0byBpbXBlcnNvbmF0aW5nIHRoZSBJb1QgZGV2aWNlLjxicj48YnI+ SXMgbXkgdW5kZXJzdGFuZGluZyBjb3JyZWN0PzxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVv dGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPlllcywgSSBtZW50aW9u ZWQgdGhpcyB2dWxuZXJhYmlsaXR5IGluIHRoZSBzZWN1cml0eSBzZWN0aW9uLiBUaGUgYW5zd2Vy IGlzPGJyPi0gd2F0Y2ggdGhlIHB1YmxpYyBUTFMgdHJhbnNwYXJlbmN5IGxvZ3MsIGFueSBwYXJ0 eSBjYW4gZG8gaXQuIElmIGFueSBvdmVybGFwcGluZyBDTnMgYXJlIGZvdW5kIC0gdGhlIENBIHBy b3h5IGlzIHBlcm1hbmVudGx5IGNvbXByb21pc2VkLDxicj4tIGRvIG5vdCB1c2UgcmFuZG9tIENB IHByb3hpZXMgb3duZWQgYnkgdW5rbm93biBwYXJ0aWVzLjxicj48YnI+PG86cD48L286cD48L3By ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzI5 RkNGIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PGJyPkNpYW88YnI+SGFu bmVzPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1i b3R0b206MTIuMHB0Ij48YnI+QW55IGZ1cnRoZXIgcXVlc3Rpb25zL3N1Z2dlc3Rpb25zIGFyZSB3 ZWxjb21lLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLWxlZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0 O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+ DQo8cHJlPjxicj4tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj5Gcm9tOiBTZWNkaXNwYXRj aCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmciPnNlY2Rp c3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBPbiBCZWhhbGYgT2YgSmltIFp1Ym92PGJy PlNlbnQ6IEZyaWRheSwgRmVicnVhcnkgMTEsIDIwMjIgMTI6MjIgQU08YnI+VG86IDxhIGhyZWY9 Im1haWx0bzpzZWNkaXNwYXRjaEBpZXRmLm9yZyI+c2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+OyBN aWNoYWVsIFJpY2hhcmRzb24gJmx0OzxhIGhyZWY9Im1haWx0bzptY3IraWV0ZkBzYW5kZWxtYW4u Y2EiPm1jcitpZXRmQHNhbmRlbG1hbi5jYTwvYT4mZ3Q7Ozxicj5KaW0gWnVib3YgJmx0OzxhIGhy ZWY9Im1haWx0bzppZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbSI+aWV0Zi1saXN0QGNvbW1lcmNl Ynl0ZS5jb208L2E+Jmd0OzsgPGEgaHJlZj0ibWFpbHRvOmlvdG9wc0BpZXRmLm9yZyI+aW90b3Bz QGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmFuaW1hQGlldGYub3JnIj5hbmltYUBpZXRm Lm9yZzwvYT48YnI+U3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0gSS1EOiBEZXBsb3lpbmcgUHVi bGljbHkgVHJ1c3RlZCBUTFMgU2VydmVyczxicj5vbiBJb1QgRGV2aWNlcyBVc2luZyBTTkktYmFz ZWQgRW5kLXRvLUVuZCBUTFMgRm9yd2FyZGluZyAoU05JRik8YnI+PGJyPlRoYW5rcyBmb3IgdGhl IGZlZWRiYWNrIGFnYWluLCBteSBjb21tZW50IGFyZSBiZWxvdy48YnI+SSBzdWJtaXR0ZWQgYSBu ZXcgdmVyc2lvbiBvZiB0aGUgZHJhZnQgdG8gcmVmbGVjdCBzb21lIGNoYW5nZXMuPGJyPjxicj5P biBGZWJydWFyeSAxMCwgMjAyMiAxOjAyOjQ4IFBNIEVTVCwgTWljaGFlbCBSaWNoYXJkc29uICZs dDs8YSBocmVmPSJtYWlsdG86bWNyK2lldGZAc2FuZGVsbWFuLmNhIj5tY3IraWV0ZkBzYW5kZWxt YW4uY2E8L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNBRDdGQTggMS4wcHQ7cGFkZGluZzowaW4g MGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1i b3R0b206Ni4wcHQiPg0KPHByZT48YnI+SmltIFp1Ym92ICZsdDs8YSBocmVmPSJtYWlsdG86aWV0 Zi1saXN0QGNvbW1lcmNlYnl0ZS5jb20iPmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tPC9hPiZn dDsgd3JvdGU6PG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0 Ij4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNB RjNFIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+IFRoaXMgd2FzIGFsc28g b24gdGhlIElFVEYxMTIgSU9UT1BTIFdHIGFnZW5kYTo8YnI+IHNsaWRlczo8YnI+IDxhIGhyZWY9 Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvbWVldGluZy8xMTIvbWF0ZXJpYWxzL3NsaWRl cy0xMTItaW90b3BzLXN1aWItYnJvd3NpbmctbG9jYWwtd2ViLXJlc291cmNlcy1pbi1hLXNlY3Vy ZS11c2FibGUtbWFubmVyLWlvdC1kZXZpY2UtY29uZmlndXJhdGlvbi1hcy1hLXNwZWNpYWwtY2Fz ZS0wMCI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9tZWV0aW5nLzExMi9tYXRlcmlhbHMv c2xpZGVzLTExMi1pb3RvcHMtc3VpYi1icm93c2luZy1sb2NhbC13ZWItcmVzb3VyY2VzLWluLWEt c2VjdXJlLXVzYWJsZS1tYW5uZXItaW90LWRldmljZS1jb25maWd1cmF0aW9uLWFzLWEtc3BlY2lh bC1jYXNlLTAwPC9hPjxicj4gdmlkZW86Jm5ic3A7IDxhIGhyZWY9Imh0dHBzOi8veW91dHUuYmUv T0lsSnJVdndEY0k/dD0xNjQ5Ij5odHRwczovL3lvdXR1LmJlL09JbEpyVXZ3RGNJP3Q9MTY0OTwv YT48YnI+PGJyPiBhbmQgd2UgaG9wZSB0byByZXR1cm4gYXQgSUVURjExMy48bzpwPjwvbzpwPjwv cHJlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpw PjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlk ICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0Ljhw dDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5SaWdodCwgbG9v a3MgbGlrZSBTVUlCIGlzIHdvcmtpbmcgb24gYSBzaW1pbGFyIHByb2JsZW0uIFRoYW5rcyBmb3I8 YnI+cG9pbnRpbmcgdGhpcyBvdXQuIEluIHBhcnRpY3VsYXIsIHRoZSAmcXVvdDtTb2wgIzYgRGV2 aWNlIG5hbWUgRE5TJnF1b3Q7IHNsaWRlPGJyPmxvb2tzIHF1aXRlIHNpbWlsYXIgdG8gU05JRiBD QSBQcm94eSAoU2VjdGlvbiAzKS4gSG93ZXZlciwgU1VJQiBwdXJzdWVzPGJyPmJpZ2dlciBpbmZy YXN0cnVjdHVyYWwgZ29hbHMgc3VjaCBhcyBjaGFuZ2luZyB0aGUgbG9jYWxob3N0IFRMUzxicj5j b25uZWN0aW9uIHBvbGljaWVzIChJIHRvdGFsbHkgYWdyZWUgYW5kIHJlYWxseSBhcHByZWNpYXRl IHRoZSBlZmZvcnQpLDxicj53aGlsZSBTTklGIGlzIGEgZnVuY3Rpb25pbmcgc29sdXRpb24gd2l0 aGluIHRoZSBleGlzdGluZzxicj5pbmZyYXN0cnVjdHVyZSwgdGVzdGVkIGFuZCBwcm92ZW4gdG8g d29yayBpbiBwcmUtcHJvZHVjdGlvbi48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0K PHByZT48YnI+VGhlIHNsaWRlcyBtYXkgYmUgdG9vIHZhZ3VlLiZuYnNwOyBDaGFuZ2luZyB0aGUg VExTIHBvbGljaWVzIGlzIGEgcG9zc2libGU8YnI+c29sdXRpb24sIGJ1dCBwcm9iYWJseSBhbiBp bXByYWN0aWNhbCBvbmUuJm5ic3A7IE5ldmVydGhlbGVzcywgbWFueSBwZW9wbGU8YnI+KG5vdCBz dGVlcGVkIGluIHRoZSBhcnRzLCBhbmQgb2Z0ZW4gZmFpbGxpbmcgaW50byB0aGUgUEhCIGNhdGVn b3J5KTxicj50aGluayB0aGF0IGl0IGlzIGFuIG9idmlvdXMgc29sdXRpb24sIHNvIHdlIGxpc3Qg aXQgaW4gb3JkZXIgdG8gZXhwbGFpbiB3aHkgaXQgd29uJ3Qgd29yay48bzpwPjwvbzpwPjwvcHJl Pg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5Z ZXMsIHN0aWxsIHNhZCB0aGF0IGxvY2FsaG9zdCBzbGlwcGVkIHRocm91Z2ggdGhlIGNyYWNrcyB3 aGVuIHRoZSBvcmlnaW5hbCBzZWN1cml0eSBzdGFuZGFyZHMgd2VyZSB3cml0dGVuLjxvOnA+PC9v OnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29s aWQgI0FEN0ZBOCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQu OHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxvOnA+Jm5i c3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxl ZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1s ZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8YmxvY2tx dW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0ZDQUYzRSAxLjBwdDtw YWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDow aW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPiBUaGUgU1VJQiBwcm9ibGVtIGFkZHJlc3Nl cyB0aGUgY2hhbGxlbmdlIG9mIGNvbm5lY3RpbmcgKmxvY2FsbHkqIHRvIGE8YnI+IGRldmljZSw8 YnI+IGFuZCBkb2luZyBpdCBzZWN1cmVseS4mbmJzcDsgRm9yIHRoaXMgdG8gYmUgcG9zc2libGUg d2l0aCBSRkM2MTI1LUROUy1JRDxicj4gc3RhbmRhcmQ8YnI+IGJyb3dzZXIsIHdlIG5lZWQgYSBu YW1lIGZvciB0aGUgZGV2aWNlLCBhbmQgd2UgbmVlZCBhIHdheSB0byB0cmFuc2xhdGU8YnI+IHRo YXQ8YnI+IG5hbWUgaW50byBhIGxvY2FsbHkgcmVhY2hhYmxlIElQIGFkZHJlc3MuPGJyPjxicj4g VGhlIFNOSUYgcHJvcG9zYWwgZG9lcyBub3QgcXVpdGUgc29sdmUgdGhlIGFib3ZlIHByb2JsZW0u PG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PG86 cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFy Z2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxw cmU+SW4gZmFjdCwgSSBvcmlnaW5hbGx5IGRlc2lnbmVkIFNOSUYgdG8gc29sdmUgdGhpcyBzcGVj aWZpYyBwcm9ibGVtIC08YnI+bG9jYWwtdG8tbG9jYWwgdHJ1c3RlZCBUTFMgY29ubmVjdGlvbnMu PG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0 b206MTIuMHB0Ij48YnI+QWgsIHZlcnkgbmljZSB0byBrbm93LjxvOnA+PC9vOnA+PC9wcmU+DQo8 YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAx LjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1y aWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPiogSXNzdWUgYSB3aWxkY2FyZCBj ZXJ0IHRocm91Z2ggU05JRiBDQSBQcm94eTxicj4oZS5nLiBDTj0qLmRvbWFpbi5zbmlmLnh5eiks IHNldCBhIEROUyByZWNvcmQgZm9yPGJyPmxvY2FsaG9zdC5kb21haW4uc25pZi54eXogdG8gcG9p bnQgdG8gbG9jYWxob3N0J3MgSVB2NC92NiwgYW5kIHVzZTxicj48YSBocmVmPSJodHRwczovL2xv Y2FsaG9zdC5kb21haW4uc25pZi54eXoiPmh0dHBzOi8vbG9jYWxob3N0LmRvbWFpbi5zbmlmLnh5 ejwvYT4gKG9yIG90aGVyIGFwcCBwcm90b2NvbCAtIGltYXBzPGJyPmV0YykuIEhvd2V2ZXIsIGxv b2tzIGxpa2Ugc29tZSBjbGllbnRzIHRyZWF0IHRoZSBsb2NhbGhvc3QgSVAgYXM8YnI+aW5oZXJl bnRseSB1bnNlY3VyZSwgYW5kIGlzc3VlIGEgd2FybmluZyBldmVyIGlzIHRoZSBjZXJ0IGlzIHBl cmZlY3RseTxicj52YWxpZC4gVGhlIG9wdGlvbiBpcyBzdGlsbCBwb3NzaWJsZSwgYnV0IHRoZSBh cHBsaWNhYmlsaXR5IG1pZ2h0IGJlPGJyPmxpbWl0ZWQuPG86cD48L286cD48L3ByZT4NCjwvYmxv Y2txdW90ZT4NCjxwcmU+PGJyPlRoZSBwcm9jZXNzIHdlIGRlc2NyaWJlZCBhdDxicj48YnI+PGEg aHJlZj0iaHR0cHM6Ly9zcGVjcy5tYW55c2VjdXJlZC5vcmcvc3VpYi9Tb2x1dGlvbnMvZG5zbmFt ZS1lbWJlZGRlZC1zb2x1dGlvbiI+aHR0cHM6Ly9zcGVjcy5tYW55c2VjdXJlZC5vcmcvc3VpYi9T b2x1dGlvbnMvZG5zbmFtZS1lbWJlZGRlZC1zb2x1dGlvbjwvYT48YnI+PGJyPmFsc28gdXNlcyBh IHdpbGRjYXJkIGNlcnQsIGJ1dCBoYXMgYSBtYWdpYyBhdXRob3JpdGF0aXZlIEROUyBzZXJ2ZXI8 YnI+dGhhdCB0cmFuc2xhdGVzIHRoZSBsZWZ0LW1vc3QgbGFiZWwgaW50byBhbiBBIG9yIEFBQUEg cmVjb3JkLiZuYnNwOyBJdCdzPGJyPnJhdGhlciBhIGN1dGUgaGFjaywgYnV0IGF0IGxlYXN0Ojxi cj4mbmJzcDsgYSkgaXQncyBjYWNoYWJsZTxicj4mbmJzcDsgYikgaXQgY291bGQgZXZlbiBiZSBj YWxjdWxhdGVkIGxvY2FsbHksIGlmIG9uZSBpZ25vcmVzIEROU1NFQy48bzpwPjwvbzpwPjwvcHJl Pg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5Z ZXMsIHVzaW5nIGEgbG9jYWwgbmV0d29yayBJUCBpbnN0ZWFkIG9mIGEgbG9jYWxob3N0IElQIGlz IGFjdHVhbGx5IGEgc21hcnQgaWRlYS48YnI+SG93ZXZlciwgaW5saW5pbmcgdGhlIGxvY2FsIElQ IGluIHRoZSBob3N0bmFtZSwgYXMgU1VJQiBkb2VzLCBtZWFucyB5b3UnbGwgaGF2ZSB0byBjaGFu Z2UgdGhlIGhvc3RuYW1lIGluIHlvdXIgY2xpZW50IGV2ZXJ5IHRpbWUgeW91ciBuZXR3b3JrIGlz IGNoYW5nZWQuPGJyPkkgaGF2ZSBhbiB0aG91Z2h0IGZvciBTTklGIGltcHJvdmVtZW50IC0gU05J RiBjb25uZWN0b3Igc2VuZHMgYSBTTklGIEROUyBjb21tYW5kIHRvIHNldCBhIGR5bmFtaWMgRE5T IEEvQUFBQSBmb3IgYSBjZXJ0YWluIGhvc3RuYW1lIHdpdGhpbiB0aGUgQ04gd2lsZGNhcmQsIGFu ZCB0aGUgQ0EgcHJveHkgdXBkYXRlcyB0aGUgRE5TIGFjY29yZGluZ2x5LiBUaGlzIHdheSB0aGUg aG9zdG5hbWUgY2FuIGJlIHBlcm1hbmVudCwgYnV0IHdpdGggZHluYW1pYyBETlMuPGJyPkFub3Ro ZXIgcHJvYmxlbSAtIG1vc3QgcGxhdGZvcm1zIHdvbid0IGxldCB5b3UgYmluZCB0byBwb3J0ICZs dDsgMTAyNCB1bmxlc3MgeW91J3JlIGEgcm9vdC4gTWlnaHQgYmUgb2sgZm9yIGEgZGV2aWNlIG1h bnVmYWN0dXJlciwgYnV0IGlzIGEgcG90ZW50aWFsIHNob3cgc3RvcHBlciBmb3IgYW55IHVzZXIg c3BhY2UgYXBwLiBSZWxheWVkIFNOSUYgd29ya3MgYXJvdW5kIHRoaXMgcHJvYmxlbSBzaW5jZSB0 aGUgbGlzdGVuaW5nIHBvcnRzIGFyZSBvbiB0aGUgcmVsYXkuPGJyPjxicj48bzpwPjwvbzpwPjwv cHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNB RDdGQTggMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDtt YXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT48bzpwPiZuYnNwOzwv bzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNv bGlkICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0 LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT4qIEFub3Ro ZXIgb3B0aW9uIGlzIHRvIG92ZXJyaWRlIHRoZSBJUCByb3V0aW5nIHJ1bGVzLiBJdCBpcyB0b3Rh bGx5PGJyPnBvc3NpYmxlIG9uIGlPUyBhbmQgTWFjIHRocm91Z2ggYSB1c2Vyc3BhY2UgVlBOIChv bmx5IG9uZSBWUE4gcGVyPGJyPmRldmljZSB0aG91Z2ggLSBiZXdhcmUgb2YgcG9zc2libGUgY29u ZmxpY3RzKS4gSW4gZmFjdCBJIGhhdmUgYTxicj5mdW5jdGlvbmluZyBzb2x1dGlvbiBmb3IgaXQs IGluIGJldGEgbm93IC08bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48YnI+ VGhhdCBkb2Vzbid0IHJlYWxseSBzY2FsZSB0byBtYW55IGRpZmZlcmVudCBkb21haW5zLjxvOnA+ PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEy LjBwdCI+PGJyPlRvdGFsbHkgYWdyZWVkLCBJIGp1c3QgbWVudGlvbmVkIHRoYXQgdGhpcyBvcHRp b24gd29ya3MgZm9yICpzb21lKiBjYXNlcywgdHVuL3RhcCBhIGlzIHBvc3NpYmxlIG9wdGlvbiB0 b28gaWYgeW91J3JlIGEgcm9vdC48bzpwPjwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNBRDdGQTggMS4wcHQ7cGFkZGluZzowaW4g MGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1i b3R0b206Ni4wcHQiPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUg c3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4wcHQ7cGFkZGlu ZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21h cmdpbi1ib3R0b206Ni4wcHQiPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl ci1sZWZ0OnNvbGlkICNGQ0FGM0UgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJn aW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHBy ZT5TdGlsbCwgaWYgU05JRiBpcyByZXBsYWNpbmcgYSBtYW51ZmFjdHVyZXIgcHJvcHJpZXRhcnkg Y2FsbC1ob21lIHByb3RvY29sLDxicj50aGVyZSBjb3VsZCBiZSBhZHZhbnRhZ2VzIGZyb20gaGF2 aW5nIHdlbGwgcmV2aWV3ZWQgY29kZSBiYXNlcywgYW5kPGJyPnBvdGVudGlhbGx5IGFuIGVjb3N5 c3RlbSBvZiBTTklGIFByb3ZpZGVycyB0aGF0IG1hbnVmYWN0dXJlcnMgY291bGQ8YnI+b3V0c291 cmNlPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+ PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7 bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4N CjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNF IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2lu LXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+dG8uJm5ic3A7IEF6dXJlL0Ft YXpvbi8uLi4gY291bGQgZWFzaWx5IHJ1biBzdWNoIHNlcnZpY2VzLjxvOnA+PC9vOnA+PC9wcmU+ DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9w cmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhB RTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21h cmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPkkgc2VlIHR3byBvcHRp b25zIC0gYSBTTklGIHNlcnZlciBpbXBsZW1lbnRlZCBieSBlYWNoIHZlbmRvciBmb3IgdGhlaXI8 YnI+b3duIGRldmljZXMvc2VydmljZXMsIG9yIGEgYmlnZ2VyIFNOSUYgU2FhUyBpbXBsZW1lbnRl ZCBieSBhIHRydXN0ZWQ8YnI+cHJvdmlkZXIsIHVzZWQgYnkgdmVuZG9ycy48bzpwPjwvbzpwPjwv cHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48YnI+WWVzLCBidXQgd2hhdCdzIHRoZSBmaW5hbmNp YWwgbW90aXZlIGZvciB0aGlzIHByb3ZpZGVyPzxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVv dGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPigxKSBGb3IgYSB2ZW5k b3IgdG8gcnVuIHRoZWlyIG93biBTTklGIHNlcnZlcjogbWFya2V0IGFzIGEgdHJ1ZSBhdWRpdGFi bGUgZW5kLXRvLWVuZCBmb3IgSW9UIGRldmljZXMgdGhleSBvZmZlci48YnI+KDIpIEZvciBhIHZl bmRvciB1c2luZyBTTklGIFNhYVM6IG1hcmtldCBhcyAoMSkgYmFja2VkIGJ5PGJyPntUcnVzdGVk QmlnTmFtZX08YnI+KDMpIEZvciBhIHtUcnVzdGVkQmlnTmFtZX0gdG8gcnVuIFNOSUYgU2FhUzog Y29sbGVjdCBmZWVzIGZyb20gKDIpIGZvciB1c2luZyB0aGVpciBzZXJ2aWNlIGFuZCBiaWcgbmFt ZS48YnI+PGJyPkFzIGEgbWF0dGVyIG9mIGZhY3QsIFNOSUYgcmVsYXkgaXMgbGlnaHQgb24gc2Vy dmVyIHJlc291cmNlcy4gSSd2ZSBiZWVuIHJ1bm5pbmcgaXQgb24gYSBtaW5pbXVtIERpZ2l0YWxP Y2VhbiB2aXJ0dWFsIHNlcnZlciBmb3IgbW9udGhzIHdpdGggbW9yZSB0aGFuIGEgZG96ZW4gY29u bmVjdG9ycywmbmJzcDsmbmJzcDsgdGhlIHNlcnZlciBsb2FkIGlzIGEgZnJhY3Rpb24gb2YgYSBw ZXJjZW50LiBPZiBjb3Vyc2UgaWYgc29tZWJvZHkgY29ubmVjdHMgSW9UIGNhbWVyYXMgdGhleSBj YW4gZ2VuZXJhdGUgc29tZSB0cmFmZmljLCBidXQgSW9UIHZlbmRvcnMgYWxyZWFkeSBoYW5kbGUg aXQgdGhyb3VnaCB0aGVpciBwcm9wcmlldGFyeSByZWxheXMuPG86cD48L286cD48L3ByZT4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQUQ3RkE4IDEu MHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJp Z2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3By ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFF MjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxibG9ja3F1b3RlIHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNFIDEuMHB0O3BhZGRpbmc6MGluIDBp biAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90 dG9tOjYuMHB0Ij4NCjxwcmU+U05JRiBzZWVtcyB2ZXJ5IG11Y2ggSVB2NCBOQVQ0NCBmb2N1c2Vk LCBhbmQgaXQgY291bGQgYmVuZWZpdCBmcm9tIHNvbWU8YnI+dW5kZXJzdGFuZGluZyBvZiBJUHY2 IGFuZCBJUHY2LW92ZXItSVB2NCB0ZWNobm9sb2dpZXMsPG86cD48L286cD48L3ByZT4NCjwvYmxv Y2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0 Ij4gcGFydGljdWxhcmx5PG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAw aW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9t OjYuMHB0Ij4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xp ZCAjRkNBRjNFIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44 cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+VGVyZWRvLjxv OnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdp bi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJl PlNOSUYgaXMgbm90IGV4YWN0bHkgZm9jdXNlZCBvbiB2NCwgaXQgd29ya3MgZmluZSB3aXRoIHY2 IGFzIHdlbGwuIEl0J3M8YnI+ZGVzaWduZWQgdG8gd29yayBhcm91bmQgTkFULCB0aGF0J3MgdHJ1 ZS4gSG93ZXZlciwgSVB2NiBuZXR3b3JrcyBtYXk8YnI+cG9zZSBpc3N1ZXMgdG9vIC0gZmlyZXdh bGxzIGV0Yywgd2hpY2ggd2lsbCBwcmV2ZW50IHRvIGRpcmVjdGx5IGFjY2VwdDxicj5pbmNvbWlu ZyBUQ1Agb24gSVB2NiBhZGRyZXNzLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8 cHJlPjxicj5UZXJlZG8gY291bGQgYmUgdXNlZCBpbnN0ZWFkIGFuZCBhbGxvd3MgdGhlIHJlbGF5 IHRvIGJlIHN0YXRlbGVzcyBhbmQ8YnI+ZGlzdHJpYnV0ZWQsIGFuZCBkZXZvbHZlcyB0byBvcmRp bmFyeSBJUHY2IHdoZW4gaXQgaXMgcHJlc2VudC48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1 b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5ZZXMsIGJ1dCBUZXJl ZG8gaXMgSVB2NiBzcGVjaWZpYywgdGhlIHdvcmxkIGlzIG5vdCBzdHJpY3RseSBJUHY2IHlldC4g QW5kIGl0J3MgYSBzeXN0ZW0gbGV2ZWwgc29sdXRpb24sIHdoaWxlIFNOSUYgd29ya3MgZmluZSBp biBhIHVzZXIgc3BhY2UuPG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQUQ3RkE4IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAw aW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9t OjYuMHB0Ij4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t Ym90dG9tOjYuMHB0Ij4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjRkNBRjNFIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SXQg Y2xlYXJseSBoYXMgdG8gc3BlYWsgSFRUUFMgb25seS48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9j a3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJs b2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4w cHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmln aHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5JIHNwZWNpZmllZCBIVFRQIGJlY2F1 c2UgUEtDUyMxMCBhbmQgWC41MDkgYXJlIGluaGVyZW50bHkgc2VjdXJlIHRvIGJlPGJyPnNlbnQg b3ZlciBhIHBsYWluIGNvbm5lY3Rpb24uPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4N CjxwcmU+PGJyPlllcywgYnV0IHRoZXJlIGFyZSBwcml2YWN5IGNvbmNlcm5zIHdoaWNoIHdpbGwg YmVjb21lIGEgcGFpbiwgc288YnI+YmV0dGVyIHRvIGp1c3Qgc2F5IEhUVFBTIGhlcmUuPG86cD48 L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIu MHB0Ij48YnI+SSByZXNwZWN0ZnVsbHkgZGlzYWdyZWUsIHN0aWxsIHRoaW5rIEhUVFAgaXMgYW4g ZWFzaWVyIGFuc3dlciBmb3IgU05JRi4gVGhlIHByb2JsZW0gd2l0aCBIVFRQUyBpcyAtIFNOSUYg cmVsYXkgKHVzdWFsbHkpIHJvdXRlcyBodHRwcyBwb3J0IHRvIFNOSUYgY29ubmVjdG9ycywgYW5k IGRvZXMgbm90IHNlcnZlIGl0IHdpdGhpbiB0aGUgc2VydmVyLiBIYXZpbmcgYSBkZWRpY2F0ZWQg aG9zdG5hbWUgb3IgYW4gYWx0ZXJuYXRlIHBvcnQgbWVhbnMgdGhhbiBTTklGIGNvbm5lY3RvcnMg bmVlZCBhZGRpdGlvbmFsIGNvbmZpZ3VyYXRpb24gb3B0aW9ucywgb3IgYWRkaXRpb25hbCBkaXNj b3ZlcnkgcHJvdG9jb2xzLiBPbiB0aGUgb3RoZXIgaGFuZCwgSFRUUCBhbGxvd3MgdG8gZGVyaXZl IGFsbCBBUEkgVVJMcyBkZXRlcm1pbmlzdGljYWxseSBmcm9tIHRoZSBDTi48YnI+SSBhZGRyZXNz ZWQgdGhlIHBvc3NpYmxlIHNlY3VyaXR5IGNvbmNlcm5zIGluIG1vcmUgZGV0YWlscyBhbmQgYW1l bmRlZCB0aGUgU2VjdXJpdHkgc2VjdGlvbiBpbiB0aGUgZHJhZnQuPGJyPjxicj48bzpwPjwvbzpw PjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlk ICNBRDdGQTggMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0Ljhw dDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT48bzpwPiZuYnNw OzwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0 OnNvbGlkICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVm dDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5UaGUg YmVzdCBvcHRpb24gaXMgdGhlIG1hbnVmYWN0dXJlciBJIGJlbGlldmUuIFRoZSBtYW51ZmFjdHVy ZXIgY2FuPGJyPmhhdmUgZWl0aGVyIHRoZWlyIG93biBTTklGIHNlcnZlciwgb3Igd29yayB3aXRo IGEgdHJ1c3RlZCBTYWFTLiBUaGlzPGJyPndheSBpdCdzIHplcm8gc2V0dXAgZm9yIHRoZSBlbmQg dXNlciwgYW5kIGRvZXNuJ3QgbmVlZCBhbnk8YnI+aW5mcmFzdHJ1Y3R1cmUgYWRkaXRpb25zLjxv OnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxicj5BZ3JlZWQsIHRoZSBtYW51 ZmFjdHVyZXIgaGFzIHRvIHByb3Zpc2lvbiBhIGNyZWRlbnRpYWwuPG86cD48L286cD48L3ByZT4N CjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48YnI+WWVz IEkgcHJvcG9zZWQgc29tZSBvdXRsaW5lcyBpbiB0aGUgc2VjdXJpdHkgc2VjdGlvbiwgbW9yZSBk ZXRhaWxlZCBzcGVjcyBhcmUgcHJvYmFibHkgYmV0dGVyIHRvIGRlc2NyaWJlIGluIGEgc2VwYXJh dGUgZHJhZnQuPG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjQUQ3RkE4IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0 Ij4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAw aW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9t OjYuMHB0Ij4NCjxwcmU+U3VyZSwgZWxsaXB0aWMgY3VydmVzIGFyZSBiZXR0ZXIsIGJ1dCBzb21l IG9sZCBzY2hvb2wgY2xpZW50cyBtYXkgaGF2ZTxicj5wcm9ibGVtcyB3aXRoIHRoZW0uIEl0IG1h eSBtYWtlIHNlbnNlIHRvIG5vdCBtZW50aW9uIHRoZSByZWNvbW1lbmRlZDxicj5hbGdvcml0aG0g aW4gdGhlIGRyYWZ0LCBhbmQganVzdCB0byBmb2xsb3cgdGhlIENBJ3MgcmVjb21tZW5kYXRpb25z LjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxicj5FQ0RTQSBhY2NlbGVy YXRpb24gaXMgcHJldHR5IG11Y2ggdWJpcXVpdG91cywgd2hpbGUgUlNBIGlzIG5vdC48bzpwPjwv bzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4w cHQiPjxicj5Ib25lc3RseSBJIGRvbid0IHRoaW5rIGFjY2VsZXJhdGlvbiBpcyBzdWNoIGEgYmln IGRlYWwsIG1vc3Qgb2YgVExTIGpvYiBpcyBzeW1tZXRyaWMgY2lwaGVycyBhbnl3YXkuIEJ1dCBJ IGFncmVlIC0gaXQncyBiZXR0ZXIgdG8gZm9sbG93IHRoZSBDQSBzdWdnZXN0aW9ucyBhbmQgaW5k dXN0cnkgcHJhY3RpY2VzLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9y ZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZBOCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4g MGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRv bTo2LjBwdCI+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBp biAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2lu LWJvdHRvbTo2LjBwdCI+DQo8cHJlPkkgYmVsaWV2ZSB0aGVyZSdzIG5vIHNlY3VyaXR5IGlzc3Vl LCBhcyBsb25nIGFzIHRoZSBDTiBlbnRyb3B5IGlzIHN1ZmZpY2llbnQuPG86cD48L286cD48L3By ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1 b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3Bh ZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBp bjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SSBzcGVjaWZpZWQgdGhlIFgtU05JRi1DTjog YXMgbWFuZGF0b3J5LCBhbmQgdGV4dC9wbGFpbiBib2R5IGFzIGFuPGJyPm9wdGlvbmFsIGR1cGxp Y2F0ZSBvZiBpdC4gVG8gbWFrZSBpdCBjbGVhbmVyLCBJIGNhbiByZW1vdmUgdGhlIGJvZHk8YnI+ ZnJvbSB0aGUgc3BlY3MgYW5kIHNheSB0aGUgcmVzcG9uc2UgYm9keSBpcyB0byBiZSBpZ25vcmVk LjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxicj5JZiBib3RoIGFyZSBw cmVzZW50LCBhbmQgdGhleSBkb24ndCBtYXRjaCwgdGhlbiB0aGVyZSBpcyBjb25mdXNpb24uPGJy PlNvIGp1c3QgZ28gd2l0aCBvbmUuJm5ic3A7IEkgdGhpbmsgdGhhdCBpdCBzaG91bGQgYWN0dWFs bHkgYmUgYSBKU09OIG9yIENCT1IgcGF5bG9hZCByZXR1cm4uPG86cD48L286cD48L3ByZT4NCjwv YmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48YnI+QWdyZWVk LCBJIHJlbW92ZWQgdGhlIHJlc3BvbnNlIGJvZHkgZnJvbSB0aGUgZHJhZnQsIGdvaW5nIHdpdGgg dGhlIGhlYWRlci48YnI+PGJyPjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0i Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZBOCAxLjBwdDtwYWRkaW5nOjBpbiAw aW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJv dHRvbTo2LjBwdCI+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5n OjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFy Z2luLWJvdHRvbTo2LjBwdCI+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgI0ZDQUYzRSAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdp bi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJl PlRoZXkgKmFyZW4ndCogd2hhdCBJQU5BIHdvdWxkIGNhbGwgJnF1b3Q7SVAgcHJvdG9jb2xzJnF1 b3Q7LCB3aGljaCB3b3VsZCBiZSB0aGluZ3M8YnI+bGlrZTxicj5UQ1AsIFVEUCwgU0NUUCwgRVNQ LCAuLi48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPHBy ZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25l O2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBw dDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQi Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNGQ0FG M0UgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJn aW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5IYXMgSUFOQSAqYWxyZWFk eSogcmVnaXN0ZXJlZCBwb3J0IDcxMjMgdGhlbj88bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1 b3RlPg0KPC9ibG9ja3F1b3RlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJsb2Nr cXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4wcHQ7 cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6 MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5JdCdzIG5vdCBhbiBJUCBwcm90b2NvbC4g SXQncyBhIHNlcnZpY2UgdGhhdCBsaXN0ZW5zIG9uIFRDUCA3MTIzLCBJPGJyPnJlZ2lzdGVyZWQg d2l0aCBJQU5BIGJhc2VkIG9uIGEgcHJldmlvdXMgdmVyc2lvbiBvZiB0aGUgZG9jdW1lbnQsPGJy PmJlZm9yZSBJIHR1cm5lZCBpdCBpbnRvIGFuIEktRC48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9j a3F1b3RlPg0KPHByZT48YnI+SSB0aGluayB5b3Ugc2hvdWxkIGRyb3AgdGhlICZxdW90O3NuaWYt KiZxdW90OyBzZW50ZW5jZSBhcyBpdCBtYWtlcyBubyBzZW5zZS48YnI+WW91IGhhdmUgYWxyZWFk eSBhbGxvY2F0ZWQgVENQIHBvcnQgNzEyMyB0byB0aGUgU05JRiAqc2VydmljZSosIHNvPGJyPnRo YXQncyBncmVhdC48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0i bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5JdCdzIGFjdHVhbGx5IGNhbGxlZCAmcXVvdDtTZXJ2 aWNlIE5hbWVzJnF1b3Q7IGluIElBTkEgdGVybWlub2xvZ3ksIHNvcnJ5IGZvciB0aGUgY29uZnVz aW9uLiBJIHVwZGF0ZWQgaW4gdGhlIGRyYWZ0Ljxicj48YnI+PGJyPjxvOnA+PC9vOnA+PC9wcmU+ DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZB OCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdp bi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjEyLjBwdCI+PGJyPi0tPGJyPl0mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgTmV2ZXIg dGVsbCBtZSB0aGUgb2RkcyEmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCBpcHY2IG1lc2ggbmV0d29ya3MgWzxicj5dJm5ic3A7Jm5ic3A7IE1pY2hhZWwgUmljaGFyZHNv biwgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsgSW9UIGFyY2hpdGVjdCZuYnNwOyZuYnNw OyBbPGJyPl0mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPGEgaHJlZj0ibWFpbHRvOm1jckBzYW5k ZWxtYW4uY2EiPm1jckBzYW5kZWxtYW4uY2E8L2E+Jm5ic3A7IDxhIGhyZWY9Imh0dHA6Ly93d3cu c2FuZGVsbWFuLmNhLyI+aHR0cDovL3d3dy5zYW5kZWxtYW4uY2EvPC9hPiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7IHJ1Ynkgb24gcmFpbHMm bmJzcDsmbmJzcDsmbmJzcDsgWzxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJl IHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PGhyIHNpemU9IjIiIHdpZHRoPSIxMDAlIiBhbGln bj0iY2VudGVyIj48L3ByZT4NCjxwcmU+U2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0PGJyPjxhIGhy ZWY9Im1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZyI+U2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+ PGJyPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlz cGF0Y2giPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8 L2E+PGJyPklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBh bnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdl ZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0 aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRv IGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNv cHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS48bzpwPjwvbzpwPjwv cHJlPg0KPHByZSBzdHlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxociBzaXplPSIyIiB3aWR0aD0i MTAwJSIgYWxpZ249ImNlbnRlciI+PC9wcmU+DQo8cHJlPlNlY2Rpc3BhdGNoIG1haWxpbmcgbGlz dDxicj48YSBocmVmPSJtYWlsdG86U2VjZGlzcGF0Y2hAaWV0Zi5vcmciPlNlY2Rpc3BhdGNoQGll dGYub3JnPC9hPjxicj48YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL3NlY2Rpc3BhdGNoIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3Nl Y2Rpc3BhdGNoPC9hPjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxicj4t LTxicj5Jb3RvcHMgbWFpbGluZyBsaXN0PGJyPjxhIGhyZWY9Im1haWx0bzpJb3RvcHNAaWV0Zi5v cmciPklvdG9wc0BpZXRmLm9yZzwvYT48YnI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9pb3RvcHMiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vaW90b3BzPC9hPjxicj5JTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhp cyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNv IGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBs ZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRo ZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBv ciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3Uu PG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRB TlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRz IGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUg bm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1l ZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVy c29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_DBBPR08MB591548B0B00B68F0A4A013ACFA049DBBPR08MB5915eurp_-- From nobody Fri Mar 4 13:09:50 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C12C3A1064 for ; Fri, 4 Mar 2022 13:09:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.107 X-Spam-Level: X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=VTH9ilyp; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LoPAklPj Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49tKm5KXbnrU for ; Fri, 4 Mar 2022 13:09:42 -0800 (PST) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C95383A1061 for ; Fri, 4 Mar 2022 13:09:42 -0800 (PST) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id E86845C006D for ; Fri, 4 Mar 2022 16:09:41 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Fri, 04 Mar 2022 16:09:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; bh=a5f/HLnbLdKn4KdColCY2S1Ey8xlPRuPrskmOw QB3vI=; b=VTH9ilyp6HvdMolAoraLcRdiz1D6b/MzpFWiE39wmhNF62zc1B9bQA 6HXwJnY/S/K6AndHvzc62iPPhbexANqVZAWLjJe8W2rWm8fAWX0B982TtESlpfXh TPPP5CEqnlTEgXHE79mnR1hS6Xgj24FDwimmcvg3nKZ4sFyMenWkxHE50DFbkk6X R7sOGQ7ALUktuCg1dLSMhWy/OYaPz7rsDKiyc+lRhT0r9fZvm20wYotNtqROV8or BpMGqhtho4++bLCzbnGNk7ZNMjGqg0rI0RK6wn5SPzredTjQtVWbYjAX30IBQXHS nHhiDg/WsIbw+Tfl2NrkxDuQpU1s5UFg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=a5f/HLnbLdKn4KdCo lCY2S1Ey8xlPRuPrskmOwQB3vI=; b=LoPAklPj7sYe71DfgUOYa1y2kLGrYnBWt KeQWyuJ1YOrcQ67rDqeqpgReSnHTDfIz+fgHSREgZ2yeP88rkOl18COLjUQw+4eC LTZrVrlMz8gsHKBLHKUFOa5qL4kCTBT03edU3axZ9vNRMwM5MsB2/OwS6lCjzTXX osGeubB1pKnnblHrSUus3xGjDIJdGgXCzpQaY5NYfl5zTu96RD78zkqJx8WfOf7y AucABA8vpuNpQnzbPdCM7CiQDACXaSfMHODbEcEOvWXQfv49pYPx30CRZ5ffBnCi kPVsdT/z89oNbl2YWBhMiiNUWwjhgSNvaWH+8oBicQBUOeyr+/CiQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddtkedgudegiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmd enucfjughrpefhtgfgggfukfffvffosehtqhhmtdhhtdejnecuhfhrohhmpeevhhhrihhs thhophhhvghrucghohhougcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqeenuc ggtffrrghtthgvrhhnpefgudevffeutdevjeegtdefieefueeuteejueetfeejjedthefh teetfeegleevtdenucffohhmrghinhepihgvthhfrdhorhhgpdhgihhthhhusgdrihhone cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfies hhgvrghpihhnghgsihhtshdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Fri, 4 Mar 2022 16:09:41 -0500 (EST) From: Christopher Wood Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\)) Message-Id: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> Date: Fri, 4 Mar 2022 13:09:38 -0800 To: secdispatch@ietf.org X-Mailer: Apple Mail (2.3693.40.0.1.81) Archived-At: Subject: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2022 21:09:49 -0000 There are a number of different protocols that require multiple clients = to discover a common =E2=80=94 or consistent =E2=80=94 cryptographic = public key for use, including: Privacy Pass [1], Oblivious DoH [2], and = Oblivious HTTP [3]. Consistency here means that all clients obtain the = same view of the public key. An inconsistent view can lead to privacy = attacks.=20 For example, in Privacy Pass, if an attacker can somehow force a single = (set of) client(s) to use a public key that is distinct from all other = clients, then the key used effectively partitions the set of clients = into two buckets, and the size and number of these partitions influence = the overall privacy posture of the protocol.=20 As this was a pattern across at least two disjoint protocols, we felt it = would be useful to document some approaches for building key consistency = into systems. The result is [4]. This has been previously presented in = the context of the Privacy Pass working group [5], but was not pushed = forward as a work item.=20 We=E2=80=99d like to ask for time during SECDISPATCH to (a) determine if = there=E2=80=99s interest in moving this document forward in some way, = and if so, (b) determine what venue would be best to move it forward. Thanks, Chris, for the authors [1] https://datatracker.ietf.org/wg/privacypass/about/ [2] https://datatracker.ietf.org/doc/draft-pauly-dprive-oblivious-doh/ [3] = https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ [5] = https://datatracker.ietf.org/doc/slides-110-privacypass-key-consistency-an= d-discovery/= From nobody Fri Mar 4 17:11:21 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21CB43A13E0; Fri, 4 Mar 2022 17:10:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.108 X-Spam-Level: X-Spam-Status: No, score=-0.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.998, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=commercebyte.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5TIDIREQ663; Fri, 4 Mar 2022 17:10:37 -0800 (PST) Received: from ocean1.commercebyte.com (ocean1.commercebyte.com [104.131.120.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90B803A13D6; Fri, 4 Mar 2022 17:10:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=commercebyte.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:References:In-Reply-To:Subject:To:From:Date; bh=SwmF6A4541GVnfGuvjTaTYrjpHBqD4fcEbHRGmXVbjc=; b=JMflBwunUBgMyozQqNB+tJbAnpLnjN9EXRfH8ZStexNhpKKkJKiZbV1FlMs5fUMxFo7Ei3+1KULOuQ3grCgPfWu9uSZnz9LjhKxQyl2Y+4xzoe1tFjbhxN2zT/RXj1c5H74Z2V3McH4kDRADWDkVW4M5HPVM81HT3sc6KuVyC2I=; Received: from [47.204.174.73] (port=39590 helo=[127.0.0.1]) by ocean1.commercebyte.com with esmtpsa (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1nQIwM-0006FG-9y; Fri, 04 Mar 2022 20:10:34 -0500 Received: from [206.81.2.95]:7120 (helo=[127.0.0.1]) by [192.168.254.152]:48276 (localhost) with VESmail ESMTP Proxy 1.59 (encrypt=FALSE mode=FALLBACK); Fri, 04 Mar 2022 20:10:33 -0500 Date: Fri, 04 Mar 2022 20:10:26 -0500 From: Jim Zubov To: secdispatch@ietf.org, Hannes Tschofenig , Jim Zubov , "secdispatch@ietf.org" , Michael Richardson , "iotops@ietf.org" , "anima@ietf.org" User-Agent: K-9 Mail for Android In-Reply-To: References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----IZU1C3FBSABSWSQA60NDZM9OFRL82B Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ocean1.commercebyte.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - commercebyte.com X-Get-Message-Sender-Via: ocean1.commercebyte.com: authenticated_id: jz@nixob.com Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 01:10:42 -0000 ------IZU1C3FBSABSWSQA60NDZM9OFRL82B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Hannes, Good overview of strategic approaches, let me add another dimension - - Can the relay access any information communicated between the device and= the user, - If the answer is _no_ - can the user or some independent party verify th= e validity of such claim=2E In case of SNIF, the setup consists of - an IoT device capable of serving HTTPS (user friendly pages or an API), = running a SNIF connector, - a web based device manager on the user side that works with the device's= HTTPS content (and expects a trusted cert), - a SNIF relay / CA proxy server in the cloud, - potentially, an independent observer that watches TLS transparency logs = and raises an alert if any duplicate certs are found for the CNs issued by = the CA proxy=2E This way, the IoT device owns the private key, and there's a proof through= the public trust PKI that the device manager is communicating to the authe= ntic device=2E In case if the public CA trust is not enough, the device manager can exami= ne the public key on the cert on every connection (should be possible to do= with the Forge project in regular js), and raise an alert if the key is ch= anged (just like ssh does)=2E SNIF is the answer for a smart home, a security cam, or any other private = IoT you don't want anybody to sniff on (pun intended)=2E If you're deploying a device accessable to a large group, like a public we= bcam, SNIF might be not a good option, it might be better to have an interm= idiate proxy that handles all traffic without choking the device=2E But, en= d-to-end privacy is a lesser concern in such case=2E Regarding the conversion of any existing devices to SNIF - - serve the content on the device over HTTPS or local plain HTTP, whether = it's a web page, a video stream or an API, listening on a local port (say 4= 43) - run a SNIF connector process to maintain the cert and to relay to incomi= ng SNIF connections to the local port=2E On March 3, 2022 6:18:48 AM EST, Hannes Tschofenig wrote: >Hi Jim, > >Thanks for your response=2E > >> There are some IoT management solutions on the market, both open source= and proprietary, but as far as I can tell none of them fully follows the e= nd to end paradigm=2E >[Hannes] It depends what you call end-to-end=2E As an IoT service provide= r you have to make a few decisions about how to manage and deploy IoT devic= es=2E Broadly speaking, you have three options: > > * You seek out to a third party to manage your devices=2E Needless t= o say that you should pick a company that you feel comfortable with=2E They= will manage your devices and they will also offer ways to store the data o= btained from the devices, to manage and distribute firmware updates, and ev= en to perform analysis of the data (machine learning)=2E Then, you can typi= cally connect backend application servers to the device management offering= =2E Of course, the details vary a lot with what you are actually doing as a= n IoT service provider with the IoT devices and the data=2E > * You get the software from a provider and you manage the devices on = your own=2E This is often the case when you want to deploy an on-premise so= lution=2E Here you have to trust the provider of the device management soft= ware that the code is correct and does what it is supposed to do=2E In some= cases you not only get the binary but also the source code=2E In theory, y= ou could check what code is actually running (although I doubt that anyone = really checks)=2E > * Finally, you build your own device management solution (often using= available open source software)=2E >In practice, I have also seen a combination of the variants above=2E For = example, I have seen a case where the devices were managed by a third party= but the video stream of the surveillance camera was sent directly to a ded= icated server managed by the IoT service provider=2E (There were also vario= us techniques to prevent modifications to the device to have the video stre= am re-directed or the credentials changes but I think you get the idea=2E) = The communication model there was a bit different than yours because the cl= ient initiated the communication with the video server=2E Hence, there was = no issue with running a TLS server on the device=2E >On top of this, it is also common to provide special security protection = for selected data=2E For example, firmware updates are signed by party diff= erent from the company offering the device management solution=2E They are,= for example, singed by the company developing the code=2E They are still d= istributed by the device management infrastructure and hence you have to re= ly on the distribution of them but there is no chance for the device manage= ment provider to inject malicious code into the device=2E >From what I am seeing, the first deployment model is very popular=2E The = approach of =E2=80=9Cdesigning your own solution=E2=80=9D was popular in th= e early days because companies were given the impression that this IoT stuf= f is so simple that you can put a solution together in a weekend=2E It turn= ed out that this is not quite the case (if you have a larger number of devi= ces)=2E Many IoT service providers also need help designing the entire solu= tion, also the solution on the IoT device itself=2E >How does your solution fit into this picture? >> I believe it's worth having a universal cross-vendor solution that hand= les SNIF device onboarding, maintains the credentials in a local secure sto= rage, and consolidates https based management interface hosted by individua= l devices through SNIF=2E >[Hannes] There is definitely a lot of excitement when it comes to the dev= elopment of device onboarding solutions=2E I have to trust you that there i= s further interest for solutions because I haven=E2=80=99t checked=2E > >> The requirements for such solution is a topic for a separate draft, alt= hough I already outlined the possible secure onboarding process in the secu= rity section=2E >I will re-read your security consideration section again=2E > >Note that I am certainly not against your solution=2E If your approach ha= s success, kudos to you=2E > >Ciao >Hannes > >On February 24, 2022 5:37:46 AM EST, Hannes Tschofenig > wrote: > >Hi Jim, > >Thanks for the quick response=2E The link to your website is helpful=2E I= now understood that you would also relay the communication through the pro= xy, which deals with the IoT device being behind a NAT and/or firewall if t= he IoT device keeps the connection alive=2E > >I wonder whether you have considered to re-use an existing device managem= ent solutions since those is widely deployed today? > >Ciao >Hannes > >-----Original Message----- >From: Iotops = > On Behalf Of Jim Zubov >Sent: Wednesday, February 23, 2022 4:17 PM >To: secdispatch@ietf=2Eorg; Hannes Tschofe= nig >; = Jim Zubov >; secdispatch@ietf=2Eorg; Michael Richards= on >; iotops@ietf= =2Eorg; anima@ietf=2Eorg >Subject: Re: [Iotops] [Secdispatch] I-D: Deploying Publicly Trusted TLS S= ervers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) > >Thank You for your feedback Hannes, I addressed the comments below - > >On February 23, 2022 5:36:15 AM EST, Hannes Tschofenig > wrote: > >Hi all, > >Thanks for this contribution, Jim=2E > >Reading through the document I agree that the SUIB topic discussed in the= IOTOPS WG appears relevant=2E I also wonder whether the work in the DANISH= group (see https://datatracker=2Eietf=2Eorg/wg/danish/about/) is relevant= =2E > >Agreed about SUIB, not quite sure about DANISH=2E DANISH is about certifi= cate based authentication and PKI extensions, while SNIF is about end-to-en= d relayed trusted TLS that relies on the standard PKI=2E > >Regarding the use in IoT I have a question for my understanding=2E > >In a nutshell, you introduce a proxy that allocates a hostname and reques= ts a creation of a certificate on behalf of the IoT device=2E > >Correct, plus an e2e TLS relay=2E > >To get this to work you rely on three assumptions: >(1) There has to be a communication infrastructure that associates the "a= nonymous" hostname with a specific device and conveys these identifiers to = the relevant parties=2E > >Each device is configured with an initUrl pointing to a specific CA proxy= that allocates a random hostname (a CN to be more accurate), normally a su= bdomain of a master domain that has a wildcard DNS record pointing to the C= A proxy=2E >Example - the initUrl for public experimental use - https://snif=2Esnif= =2Exyz:4443 The allocated wildcard CN is a subdomain of the master domain s= nif=2Exyz > > >(2) You assume that a party that wants to contact the IoT device is able = to reach the device (i=2Ee=2E the IoT device is not behind a firewall or NA= T)=2E > >Both the IoT device and the client connect to the SNIF relay=2E The whole= purpose of SNIF is to be able to work from behind NAT / firewall /etc, and= it's been confirmed to work in pre-production=2E In fact I had a minor hic= kup with Fortigate in the process of testing which has been resolved=2E >There are simplified diagrams on https://snif=2Ehost to illustrate the co= ncept=2E > > >(3) Someone operating IoT devices has to trust the proxy since it is easy= for the proxy to associate a hostname with a public key that was created b= y the proxy (rather than the end device)=2E This essentially allows the pro= xy to impersonating the IoT device=2E > >Is my understanding correct? > >Yes, I mentioned this vulnerability in the security section=2E The answer= is >- watch the public TLS transparency logs, any party can do it=2E If any o= verlapping CNs are found - the CA proxy is permanently compromised, >- do not use random CA proxies owned by unknown parties=2E > > >Ciao >Hannes > >Any further questions/suggestions are welcome=2E > >-----Original Message----- >From: Secdispatch > On Behalf Of Jim Zubov >Sent: Friday, February 11, 2022 12:22 AM >To: secdispatch@ietf=2Eorg; Michael Richar= dson >; >Jim Zubov >; iotops@ietf=2Eorg; anima@ietf=2Eorg >Subject: Re: [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers >on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) > >Thanks for the feedback again, my comment are below=2E >I submitted a new version of the draft to reflect some changes=2E > >On February 10, 2022 1:02:48 PM EST, Michael Richardson > wrote: > >Jim Zubov > wrote: > > This was also on the IETF112 IOTOPS WG agenda: > slides: > https://datatracker=2Eietf=2Eorg/meeting/112/materials/slides-112-iotops= -suib-browsing-local-web-resources-in-a-secure-usable-manner-iot-device-con= figuration-as-a-special-case-00 > video: https://youtu=2Ebe/OIlJrUvwDcI?t=3D1649 > > and we hope to return at IETF113=2E > > > >Right, looks like SUIB is working on a similar problem=2E Thanks for >pointing this out=2E In particular, the "Sol #6 Device name DNS" slide >looks quite similar to SNIF CA Proxy (Section 3)=2E However, SUIB pursues >bigger infrastructural goals such as changing the localhost TLS >connection policies (I totally agree and really appreciate the effort), >while SNIF is a functioning solution within the existing >infrastructure, tested and proven to work in pre-production=2E > >The slides may be too vague=2E Changing the TLS policies is a possible >solution, but probably an impractical one=2E Nevertheless, many people >(not steeped in the arts, and often failling into the PHB category) >think that it is an obvious solution, so we list it in order to explain w= hy it won't work=2E > >Yes, still sad that localhost slipped through the cracks when the origina= l security standards were written=2E > > > > The SUIB problem addresses the challenge of connecting *locally* to a > device, > and doing it securely=2E For this to be possible with RFC6125-DNS-ID > standard > browser, we need a name for the device, and we need a way to translate > that > name into a locally reachable IP address=2E > > The SNIF proposal does not quite solve the above problem=2E > > > >In fact, I originally designed SNIF to solve this specific problem - >local-to-local trusted TLS connections=2E > >Ah, very nice to know=2E > >* Issue a wildcard cert through SNIF CA Proxy >(e=2Eg=2E CN=3D*=2Edomain=2Esnif=2Exyz), set a DNS record for >localhost=2Edomain=2Esnif=2Exyz to point to localhost's IPv4/v6, and use >https://localhost=2Edomain=2Esnif=2Exyz (or other app protocol - imaps >etc)=2E However, looks like some clients treat the localhost IP as >inherently unsecure, and issue a warning ever is the cert is perfectly >valid=2E The option is still possible, but the applicability might be >limited=2E > >The process we described at > >https://specs=2Emanysecured=2Eorg/suib/Solutions/dnsname-embedded-solutio= n > >also uses a wildcard cert, but has a magic authoritative DNS server >that translates the left-most label into an A or AAAA record=2E It's >rather a cute hack, but at least: > a) it's cachable > b) it could even be calculated locally, if one ignores DNSSEC=2E > >Yes, using a local network IP instead of a localhost IP is actually a sma= rt idea=2E >However, inlining the local IP in the hostname, as SUIB does, means you'l= l have to change the hostname in your client every time your network is cha= nged=2E >I have an thought for SNIF improvement - SNIF connector sends a SNIF DNS = command to set a dynamic DNS A/AAAA for a certain hostname within the CN wi= ldcard, and the CA proxy updates the DNS accordingly=2E This way the hostna= me can be permanent, but with dynamic DNS=2E >Another problem - most platforms won't let you bind to port < 1024 unless= you're a root=2E Might be ok for a device manufacturer, but is a potential= show stopper for any user space app=2E Relayed SNIF works around this prob= lem since the listening ports are on the relay=2E > > > > >* Another option is to override the IP routing rules=2E It is totally >possible on iOS and Mac through a userspace VPN (only one VPN per >device though - beware of possible conflicts)=2E In fact I have a >functioning solution for it, in beta now - > >That doesn't really scale to many different domains=2E > >Totally agreed, I just mentioned that this option works for *some* cases,= tun/tap a is possible option too if you're a root=2E > > > >Still, if SNIF is replacing a manufacturer proprietary call-home protocol= , >there could be advantages from having well reviewed code bases, and >potentially an ecosystem of SNIF Providers that manufacturers could >outsource > > > >to=2E Azure/Amazon/=2E=2E=2E could easily run such services=2E > > > >I see two options - a SNIF server implemented by each vendor for their >own devices/services, or a bigger SNIF SaaS implemented by a trusted >provider, used by vendors=2E > >Yes, but what's the financial motive for this provider? > >(1) For a vendor to run their own SNIF server: market as a true auditable= end-to-end for IoT devices they offer=2E >(2) For a vendor using SNIF SaaS: market as (1) backed by >{TrustedBigName} >(3) For a {TrustedBigName} to run SNIF SaaS: collect fees from (2) for us= ing their service and big name=2E > >As a matter of fact, SNIF relay is light on server resources=2E I've been= running it on a minimum DigitalOcean virtual server for months with more t= han a dozen connectors, the server load is a fraction of a percent=2E Of = course if somebody connects IoT cameras they can generate some traffic, but= IoT vendors already handle it through their proprietary relays=2E > > > >SNIF seems very much IPv4 NAT44 focused, and it could benefit from some >understanding of IPv6 and IPv6-over-IPv4 technologies, > > particularly > >Teredo=2E > > > >SNIF is not exactly focused on v4, it works fine with v6 as well=2E It's >designed to work around NAT, that's true=2E However, IPv6 networks may >pose issues too - firewalls etc, which will prevent to directly accept >incoming TCP on IPv6 address=2E > >Teredo could be used instead and allows the relay to be stateless and >distributed, and devolves to ordinary IPv6 when it is present=2E > >Yes, but Teredo is IPv6 specific, the world is not strictly IPv6 yet=2E A= nd it's a system level solution, while SNIF works fine in a user space=2E > > > >It clearly has to speak HTTPS only=2E > > > >I specified HTTP because PKCS#10 and X=2E509 are inherently secure to be >sent over a plain connection=2E > >Yes, but there are privacy concerns which will become a pain, so >better to just say HTTPS here=2E > >I respectfully disagree, still think HTTP is an easier answer for SNIF=2E= The problem with HTTPS is - SNIF relay (usually) routes https port to SNIF= connectors, and does not serve it within the server=2E Having a dedicated = hostname or an alternate port means than SNIF connectors need additional co= nfiguration options, or additional discovery protocols=2E On the other hand= , HTTP allows to derive all API URLs deterministically from the CN=2E >I addressed the possible security concerns in more details and amended th= e Security section in the draft=2E > > > > >The best option is the manufacturer I believe=2E The manufacturer can >have either their own SNIF server, or work with a trusted SaaS=2E This >way it's zero setup for the end user, and doesn't need any >infrastructure additions=2E > >Agreed, the manufacturer has to provision a credential=2E > >Yes I proposed some outlines in the security section, more detailed specs= are probably better to describe in a separate draft=2E > > > >Sure, elliptic curves are better, but some old school clients may have >problems with them=2E It may make sense to not mention the recommended >algorithm in the draft, and just to follow the CA's recommendations=2E > >ECDSA acceleration is pretty much ubiquitous, while RSA is not=2E > >Honestly I don't think acceleration is such a big deal, most of TLS job i= s symmetric ciphers anyway=2E But I agree - it's better to follow the CA su= ggestions and industry practices=2E > > > >I believe there's no security issue, as long as the CN entropy is suffici= ent=2E > > > >I specified the X-SNIF-CN: as mandatory, and text/plain body as an >optional duplicate of it=2E To make it cleaner, I can remove the body >from the specs and say the response body is to be ignored=2E > >If both are present, and they don't match, then there is confusion=2E >So just go with one=2E I think that it should actually be a JSON or CBOR= payload return=2E > >Agreed, I removed the response body from the draft, going with the header= =2E > > > > >They *aren't* what IANA would call "IP protocols", which would be things >like >TCP, UDP, SCTP, ESP, =2E=2E=2E > > > >Has IANA *already* registered port 7123 then? > > > >It's not an IP protocol=2E It's a service that listens on TCP 7123, I >registered with IANA based on a previous version of the document, >before I turned it into an I-D=2E > >I think you should drop the "snif-*" sentence as it makes no sense=2E >You have already allocated TCP port 7123 to the SNIF *service*, so >that's great=2E > >It's actually called "Service Names" in IANA terminology, sorry for the c= onfusion=2E I updated in the draft=2E > > > >-- >] Never tell me the odds! | ipv6 mesh netwo= rks [ >] Michael Richardson, Sandelman Software Works | IoT architec= t [ >] mcr@sandelman=2Eca http://www=2Esandelm= an=2Eca/ | ruby on rails [ > >________________________________ > >Secdispatch mailing list >Secdispatch@ietf=2Eorg >https://www=2Eietf=2Eorg/mailman/listinfo/secdispatch >IMPORTANT NOTICE: The contents of this email and any attachments are conf= idential and may also be privileged=2E If you are not the intended recipien= t, please notify the sender immediately and do not disclose the contents to= any other person, use it for any purpose, or store or copy the information= in any medium=2E Thank you=2E > >________________________________ > >Secdispatch mailing list >Secdispatch@ietf=2Eorg >https://www=2Eietf=2Eorg/mailman/listinfo/secdispatch > >-- >Iotops mailing list >Iotops@ietf=2Eorg >https://www=2Eietf=2Eorg/mailman/listinfo/iotops >IMPORTANT NOTICE: The contents of this email and any attachments are conf= idential and may also be privileged=2E If you are not the intended recipien= t, please notify the sender immediately and do not disclose the contents to= any other person, use it for any purpose, or store or copy the information= in any medium=2E Thank you=2E > >IMPORTANT NOTICE: The contents of this email and any attachments are conf= idential and may also be privileged=2E If you are not the intended recipien= t, please notify the sender immediately and do not disclose the contents to= any other person, use it for any purpose, or store or copy the information= in any medium=2E Thank you=2E ------IZU1C3FBSABSWSQA60NDZM9OFRL82B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Hannes,

Good overview of strategic approaches, let me ad= d another dimension -
- Can the relay access any information communicate= d between the device and the user,
- If the answer is _no_ - can the use= r or some independent party verify the validity of such claim=2E

In = case of SNIF, the setup consists of
- an IoT device capable of serving H= TTPS (user friendly pages or an API), running a SNIF connector,
- a web = based device manager on the user side that works with the device's HTTPS co= ntent (and expects a trusted cert),
- a SNIF relay / CA proxy server in = the cloud,
- potentially, an independent observer that watches TLS trans= parency logs and raises an alert if any duplicate certs are found for the C= Ns issued by the CA proxy=2E

This way, the IoT device owns the priva= te key, and there's a proof through the public trust PKI that the device ma= nager is communicating to the authentic device=2E
In case if the public = CA trust is not enough, the device manager can examine the public key on th= e cert on every connection (should be possible to do with the Forge project= in regular js), and raise an alert if the key is changed (just like ssh do= es)=2E

SNIF is the answer for a smart home, a security cam, or any o= ther private IoT you don't want anybody to sniff on (pun intended)=2E
If you're deploying a device accessable to a large group, like a public w= ebcam, SNIF might be not a good option, it might be better to have an inter= midiate proxy that handles all traffic without choking the device=2E But, e= nd-to-end privacy is a lesser concern in such case=2E

Regarding the = conversion of any existing devices to SNIF -
- serve the content on the = device over HTTPS or local plain HTTP, whether it's a web page, a video str= eam or an API, listening on a local port (say 443)
- run a SNIF connecto= r process to maintain the cert and to relay to incoming SNIF connections to= the local port=2E

On March 3, 2022 6:18:= 48 AM EST, Hannes Tschofenig <Hannes=2ETschofenig@arm=2Ecom> wrote:

Hi Jim,

 

Thanks for your response=2E

 

> There are som= e IoT management solutions on the market, both open source and proprietary,= but as far as I can tell none of them fully follows the end to end paradig= m=2E

[Hannes] It depend= s what you call end-to-end=2E As an IoT service provider you have to make a= few decisions about how to manage and deploy IoT devices=2E Broadly speaki= ng, you have three options:

  • You  seek out to a third party to manage your devices=2E Needless to = say that you should pick a company that you feel comfortable with=2E They w= ill manage your devices and they will also offer ways to store the data obt= ained from the devices, to manage and distribute firmware updates, and even to perform analysis of the data (machine learn= ing)=2E Then, you can typically connect backend application servers to the = device management offering=2E Of course, the details vary a lot with what y= ou are actually doing as an IoT service provider with the IoT devices and the data=2E
  • You get the software from a provider and you manage the devices on your ow= n=2E This is often the case when you want to deploy an on-premise solution= =2E Here you have to trust the provider of the device management software t= hat the code is correct and does what it is supposed to do=2E In some cases you not only get the binary but als= o the source code=2E In theory, you could check what code is actually runni= ng (although I doubt that anyone really checks)=2E
  • Finally, you build your own device management solution (often using availa= ble open source software)=2E

In practice, I hav= e also seen a combination of the variants above=2E For example, I have seen= a case where the devices were managed by a third party but the video strea= m of the surveillance camera was sent directly to a dedicated server managed by the IoT service provider=2E (There were = also various techniques to prevent modifications to the device to have the = video stream re-directed or the credentials changes but I think you get the= idea=2E) The communication model there was a bit different than yours because the client initiated the communica= tion with the video server=2E Hence, there was no issue with running a TLS = server on the device=2E

On top of this, it= is also common to provide special security protection for selected data=2E= For example, firmware updates are signed by party different from the compa= ny offering the device management solution=2E They are, for example, singed by the company developing the code=2E They = are still distributed by the device management infrastructure and hence you= have to rely on the distribution of them but there is no chance for the de= vice management provider to inject malicious code into the device=2E

From what I am see= ing, the first deployment model is very popular=2E The approach of =E2=80= =9Cdesigning your own solution=E2=80=9D was popular in the early days becau= se companies were given the impression that this IoT stuff is so simple that you can put a solution together in a weekend=2E It turn= ed out that this is not quite the case (if you have a larger number of devi= ces)=2E Many IoT service providers also need help designing the entire solu= tion, also the solution on the IoT device itself=2E

How does your solu= tion fit into this picture?

> I believe it'= s worth having a universal cross-vendor solution that handles SNIF device o= nboarding, maintains the credentials in a local secure storage, and consoli= dates https based management interface hosted by individual devices through SNIF=2E

[Hannes] There is = definitely a lot of excitement when it comes to the development of device o= nboarding solutions=2E I have to trust you that there is further interest f= or solutions because I haven=E2=80=99t checked=2E


> The requirements for such solution is a topic for a separate draft, a= lthough I already outlined the possible secure onboarding process in the se= curity section=2E

I will re-read you= r security consideration section again=2E

 <= /p>

Note that I am cer= tainly not against your solution=2E If your approach has success, kudos to = you=2E

 <= /p>

Ciao

Hannes<= /p>

 <= /p>

On February 24, 2022 5:37:46 AM EST, Hannes Tschofe= nig <Hannes=2ETschofeni= g@arm=2Ecom> wrote:

Hi Jim,

Thanks for the quick response=2E The link to your webs=
ite is helpful=2E I now understood that you would also relay the communicat=
ion through the proxy, which deals with the IoT device being behind a NAT a=
nd/or firewall if the IoT device keeps the connection alive=2E

I won=
der whether you have considered to re-use an existing device management sol=
utions since those is widely deployed today?

Ciao
Hannes

-=
----Original Message-----
From: Iotops <iotops-bounces@ietf=2Eorg> On Behalf Of Jim ZubovSent: Wednesday, February 23, 2022 4:17 PM
To: secdispatch@ietf=2Eorg; Hannes Tschofenig <Hannes=2ETschofenig@arm=2Ecom=
>; Jim Zubov <ietf-li=
st@commercebyte=2Ecom>; se=
cdispatch@ietf=2Eorg; Michael Richardson <mcr+ietf@sandelman=2Eca>; iotops@ietf=2Eorg; anim=
a@ietf=2Eorg
Subject: Re: [Iotops] [Secdispatch] I-D: Deploying Publ=
icly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forw=
arding (SNIF)

Thank You for your feedback Hannes, I addressed the co=
mments below -

On February 23, 2022 5:36:15 AM EST, Hannes Tschofeni=
g <Hannes=2ETschofenig@=
arm=2Ecom> wrote:
Hi all,

Thanks for this contribution, Jim=2E

Reading th=
rough the document I agree that the SUIB topic discussed in the IOTOPS WG a=
ppears relevant=2E I also wonder whether the work in the DANISH group (see =
https://data=
tracker=2Eietf=2Eorg/wg/danish/about/) is relevant=2E

Agreed about SUIB, not quite sur=
e about DANISH=2E DANISH is about certificate based authentication and PKI =
extensions, while SNIF is about end-to-end relayed trusted TLS that relies =
on the standard PKI=2E

Regarding the use in IoT I have a question for my understanding=
=2E

In a nutshell, you introduce a proxy that allocates a hostname a=
nd requests a creation of a certificate on behalf of the IoT device=2E=


Correct, plus an e2e TLS relay=2E

To get this to work you rely on three assumptions:
(1) There h=
as to be a communication infrastructure that associates the "anonymous" hos=
tname with a specific device and conveys these identifiers to the relevant =
parties=2E

Each device is configured with a=
n initUrl pointing to a specific CA proxy that allocates a random hostname =
(a CN to be more accurate), normally a subdomain of a master domain that ha=
s a wildcard DNS record pointing to the CA proxy=2E
Example - the initUr=
l for public experimental use - =
https://snif=2Esnif=2Exyz:4443 The allocated wildcard CN is a subdomain=
 of the master domain snif=2Exyz

(2) You assume that a party that wants to contact the IoT device is a=
ble to reach the device (i=2Ee=2E the IoT device is not behind a firewall o=
r NAT)=2E

Both the IoT device and the clie=
nt connect to the SNIF relay=2E The whole purpose of SNIF is to be able to =
work from behind NAT / firewall /etc, and it's been confirmed to work in pr=
e-production=2E In fact I had a minor hickup with Fortigate in the process =
of testing which has been resolved=2E
There are simplified diagrams on <=
a href=3D"https://snif=2Ehost">https://snif=2Ehost to illustrate the co=
ncept=2E

(3) Someone operating IoT devices has to trust the proxy since it is =
easy for the proxy to associate a hostname with a public key that was creat=
ed by the proxy (rather than the end device)=2E This essentially allows the=
 proxy to impersonating the IoT device=2E

Is my understanding correc=
t?

Yes, I mentioned this vulnerabil=
ity in the security section=2E The answer is
- watch the public TLS tran=
sparency logs, any party can do it=2E If any overlapping CNs are found - th=
e CA proxy is permanently compromised,
- do not use random CA proxies ow=
ned by unknown parties=2E


Ciao
Hannes

Any further questions/suggestion=
s are welcome=2E

-----Original Message-----
From: Secdispatch <secdispatch-bounces@ietf=2Eorg>=
 On Behalf Of Jim Zubov
Sent: Friday, February 11, 2022 12:22 AM
To: =
secdispatch@ietf=2Eorg; Micha=
el Richardson <mcr+ietf@sande=
lman=2Eca>;
Jim Zubov <ietf-list@commercebyte=2Ecom>; iotops@ietf=2Eorg; anima@i=
etf=2Eorg
Subject: Re: [Secdispatch] I-D: Deploying Publicly Trusted=
 TLS Servers
on IoT Devices Using SNI-based End-to-End TLS Forwarding (S=
NIF)

Thanks for the feedback again, my comment are below=2E
I sub=
mitted a new version of the draft to reflect some changes=2E

On Febr=
uary 10, 2022 1:02:48 PM EST, Michael Richardson <mcr+ietf@sandelman=2Eca> wrote:




Jim Zubov <iet=
f-list@commercebyte=2Ecom> wrote:






 This was also on the IETF112 IOTOPS WG agenda:
 slides:
 https://datatracker=2Eietf=2Eorg/meetin=
g/112/materials/slides-112-iotops-suib-browsing-local-web-resources-in-a-se=
cure-usable-manner-iot-device-configuration-as-a-special-case-00
 vi=
deo:  https://yout=
u=2Ebe/OIlJrUvwDcI?t=3D1649

 and we hope to return at IETF113=2E=







 




Right, looks like SUIB is working on a similar problem=2E Thanks for<=
br>pointing this out=2E In particular, the "Sol #6 Device name DNS" slidelooks quite similar to SNIF CA Proxy (Section 3)=2E However, SUIB pursues=

bigger infrastructural goals such as changing the localhost TLS
conn=
ection policies (I totally agree and really appreciate the effort),
whil=
e SNIF is a functioning solution within the existing
infrastructure, tes=
ted and proven to work in pre-production=2E





The slides may be too vague=2E  Changing the TLS policies is=
 a possible
solution, but probably an impractical one=2E  Neverthel=
ess, many people
(not steeped in the arts, and often failling into the P=
HB category)
think that it is an obvious solution, so we list it in orde=
r to explain why it won't work=2E





Yes, still sad that localhost sl=
ipped through the cracks when the original security standards were written=
=2E




 






 The SUIB problem addresses the challenge of connecting *locally* to =
a
 device,
 and doing it securely=2E  For this to be possible wi=
th RFC6125-DNS-ID
 standard
 browser, we need a name for the device, =
and we need a way to translate
 that
 name into a locally reachable I=
P address=2E

 The SNIF proposal does not quite solve the above probl=
em=2E






 




In fact, I originally designed SNIF to solve this specific problem -<=
br>local-to-local trusted TLS connections=2E





Ah, very nice to know=2E




* Issue a wildcard cert through SNIF CA Proxy
(e=2Eg=2E CN=3D*=2Ed=
omain=2Esnif=2Exyz), set a DNS record for
localhost=2Edomain=2Esnif=2Exy=
z to point to localhost's IPv4/v6, and use
https://localhost=2Edomain=2Esnif=2Exyz (or oth=
er app protocol - imaps
etc)=2E However, looks like some clients treat t=
he localhost IP as
inherently unsecure, and issue a warning ever is the =
cert is perfectly
valid=2E The option is still possible, but the applica=
bility might be
limited=2E





The process we described at

https://specs=2Ema=
nysecured=2Eorg/suib/Solutions/dnsname-embedded-solution

also us=
es a wildcard cert, but has a magic authoritative DNS server
that transl=
ates the left-most label into an A or AAAA record=2E  It's
rather a=
 cute hack, but at least:
  a) it's cachable
  b) it could =
even be calculated locally, if one ignores DNSSEC=2E





Yes, using a local network IP in=
stead of a localhost IP is actually a smart idea=2E
However, inlining th=
e local IP in the hostname, as SUIB does, means you'll have to change the h=
ostname in your client every time your network is changed=2E
I have an t=
hought for SNIF improvement - SNIF connector sends a SNIF DNS command to se=
t a dynamic DNS A/AAAA for a certain hostname within the CN wildcard, and t=
he CA proxy updates the DNS accordingly=2E This way the hostname can be per=
manent, but with dynamic DNS=2E
Another problem - most platforms won't l=
et you bind to port < 1024 unless you're a root=2E Might be ok for a dev=
ice manufacturer, but is a potential show stopper for any user space app=2E=
 Relayed SNIF works around this problem since the listening ports are on th=
e relay=2E





 




* Another option is to override the IP routing rules=2E It is totally=

possible on iOS and Mac through a userspace VPN (only one VPN per
de=
vice though - beware of possible conflicts)=2E In fact I have a
function=
ing solution for it, in beta now -





That doesn't really scale to many different domains=2E=






Totally agreed, I just mentioned=
 that this option works for *some* cases, tun/tap a is possible option too =
if you're a root=2E




 






Still, if SNIF is replacing a manufacturer proprietary call-home prot=
ocol,
there could be advantages from having well reviewed code bases, an=
d
potentially an ecosystem of SNIF Providers that manufacturers couldoutsource






 






to=2E  Azure/Amazon/=2E=2E=2E could easily run such services=2E<=
o:p>






 




I see two options - a SNIF server implemented by each vendor for thei=
r
own devices/services, or a bigger SNIF SaaS implemented by a trustedprovider, used by vendors=2E





Yes, but what's the financial motive for this provider?





(1) For a vendor to run their ow=
n SNIF server: market as a true auditable end-to-end for IoT devices they o=
ffer=2E
(2) For a vendor using SNIF SaaS: market as (1) backed by
{Tr=
ustedBigName}
(3) For a {TrustedBigName} to run SNIF SaaS: collect fees =
from (2) for using their service and big name=2E

As a matter of fact=
, SNIF relay is light on server resources=2E I've been running it on a mini=
mum DigitalOcean virtual server for months with more than a dozen connector=
s,   the server load is a fraction of a percent=2E Of course if s=
omebody connects IoT cameras they can generate some traffic, but IoT vendor=
s already handle it through their proprietary relays=2E




 






SNIF seems very much IPv4 NAT44 focused, and it could benefit from so=
me
understanding of IPv6 and IPv6-over-IPv4 technologies,





 particularly






Teredo=2E






 




SNIF is not exactly focused on v4, it works fine with v6 as well=2E I=
t's
designed to work around NAT, that's true=2E However, IPv6 networks m=
ay
pose issues too - firewalls etc, which will prevent to directly accep=
t
incoming TCP on IPv6 address=2E





Teredo could be used instead and allows the relay to be stateless=
 and
distributed, and devolves to ordinary IPv6 when it is present=2E





Yes, but Teredo is IPv6 specific=
, the world is not strictly IPv6 yet=2E And it's a system level solution, w=
hile SNIF works fine in a user space=2E




 






It clearly has to speak HTTPS only=2E






 




I specified HTTP because PKCS#10 and X=2E509 are inherently secure to=
 be
sent over a plain connection=2E





Yes, but there are privacy concerns which will become a pain, so<=
br>better to just say HTTPS here=2E





I respectfully disagree, still t=
hink HTTP is an easier answer for SNIF=2E The problem with HTTPS is - SNIF =
relay (usually) routes https port to SNIF connectors, and does not serve it=
 within the server=2E Having a dedicated hostname or an alternate port mean=
s than SNIF connectors need additional configuration options, or additional=
 discovery protocols=2E On the other hand, HTTP allows to derive all API UR=
Ls deterministically from the CN=2E
I addressed the possible security co=
ncerns in more details and amended the Security section in the draft=2E
=





 




The best option is the manufacturer I believe=2E The manufacturer can=

have either their own SNIF server, or work with a trusted SaaS=2E This<=
br>way it's zero setup for the end user, and doesn't need any
infrastruc=
ture additions=2E





Agreed, the manufacturer has to provision a credential=2E





Yes I proposed some outlines in =
the security section, more detailed specs are probably better to describe i=
n a separate draft=2E




 




Sure, elliptic curves are better, but some old school clients may hav=
e
problems with them=2E It may make sense to not mention the recommended=

algorithm in the draft, and just to follow the CA's recommendations=2E<=
o:p>





ECDSA acceleration is pretty much ubiquitous, while RSA is not=2E=






Honestly I don't think accelerat=
ion is such a big deal, most of TLS job is symmetric ciphers anyway=2E But =
I agree - it's better to follow the CA suggestions and industry practices=
=2E




 




I believe there's no security issue, as long as the CN entropy is suf=
ficient=2E




 




I specified the X-SNIF-CN: as mandatory, and text/plain body as anoptional duplicate of it=2E To make it cleaner, I can remove the body
f=
rom the specs and say the response body is to be ignored=2E




If both are present, and they don't match, then there is confusio=
n=2E
So just go with one=2E  I think that it should actually be a J=
SON or CBOR payload return=2E





Agreed, I removed the response b=
ody from the draft, going with the header=2E





 






They *aren't* what IANA would call "IP protocols", which would be thi=
ngs
like
TCP, UDP, SCTP, ESP, =2E=2E=2E






 






Has IANA *already* registered port 7123 then?






 




It's not an IP protocol=2E It's a service that listens on TCP 7123, I=

registered with IANA based on a previous version of the document,
be=
fore I turned it into an I-D=2E





I think you should drop the "snif-*" sentence as it makes no sens=
e=2E
You have already allocated TCP port 7123 to the SNIF *service*, so<=
br>that's great=2E





It's actually called "Service Na=
mes" in IANA terminology, sorry for the confusion=2E I updated in the draft=
=2E







--
]    &=
nbsp;          Never tell me t=
he odds!           &=
nbsp;     | ipv6 mesh networks [
]   Micha=
el Richardson, Sandelman Software Works      =
  |    IoT architect   [
]  &nbs=
p;  mcr@sandelman=2Eca =
 http://www=2Esandelman=2Eca/&=
nbsp;       |   ruby on rails =
   [






Secdispatch mailing list
Secdispatch@ietf=2Eorg
https://www=2Eietf=2Eorg/mailman/listinfo/secdispatch=

IMPORTANT NOTICE: The contents of this email and any attachments ar=
e confidential and may also be privileged=2E If you are not the intended re=
cipient, please notify the sender immediately and do not disclose the conte=
nts to any other person, use it for any purpose, or store or copy the infor=
mation in any medium=2E Thank you=2E




Secdispatch mailing list
Secdispatch@ietf=2Eorg
https://www=2Eietf=2Eorg/mailman/listinfo/secdispatch=




--
Iotops mailing list
Iotops@ietf=2Eorg
https://www=2Eietf=2Eorg/mailman/listinfo/iotops
IMPORTA=
NT NOTICE: The contents of this email and any attachments are confidential =
and may also be privileged=2E If you are not the intended recipient, please=
 notify the sender immediately and do not disclose the contents to any othe=
r person, use it for any purpose, or store or copy the information in any m=
edium=2E Thank you=2E
IMPORTANT NOTICE: The contents of this email and any attachments are confi= dential and may also be privileged=2E If you are not the intended recipient= , please notify the sender immediately and do not disclose the contents to = any other person, use it for any purpose, or store or copy the information in any medium=2E Thank you=2E
------IZU1C3FBSABSWSQA60NDZM9OFRL82B-- From nobody Sat Mar 5 03:51:59 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 433E23A16D1; Sat, 5 Mar 2022 03:51:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.092 X-Spam-Level: X-Spam-Status: No, score=0.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.998, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=r/wry6xI; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=r/wry6xI Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njG3_N0iCI_M; Sat, 5 Mar 2022 03:51:39 -0800 (PST) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on062d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A69733A16CD; Sat, 5 Mar 2022 03:51:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UGUOQmZUj2Gs0xPz3UB4kysUXjMRxkW3fcFcXP4tiEc=; b=r/wry6xI9N5EvWOfG3ro8Pc/B0YqqyW+XXlDmLOBLp/HvjoCOfnIM/h/N5Hh+ngzNvUaaKBuuHwWTY4OJ1voBtRCPDPml+De9DW8WvBR38adUrjArBBSErA2LL4SwSy8aviXW0//CUEv7NZQQT8mFyfPCCB4Y7W+2eHxcedWEKM= Received: from DB3PR06CA0020.eurprd06.prod.outlook.com (2603:10a6:8:1::33) by VI1PR08MB5344.eurprd08.prod.outlook.com (2603:10a6:803:13e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.16; Sat, 5 Mar 2022 11:51:32 +0000 Received: from DB5EUR03FT005.eop-EUR03.prod.protection.outlook.com (2603:10a6:8:1:cafe::6f) by DB3PR06CA0020.outlook.office365.com (2603:10a6:8:1::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14 via Frontend Transport; Sat, 5 Mar 2022 11:51:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT005.mail.protection.outlook.com (10.152.20.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Sat, 5 Mar 2022 11:51:31 +0000 Received: ("Tessian outbound 1f399c739551:v113"); Sat, 05 Mar 2022 11:51:31 +0000 X-CR-MTA-TID: 64aa7808 Received: from 66cf2fc34903.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 80CAC27A-9AAA-4D1C-985A-119CF831BDC2.1; Sat, 05 Mar 2022 11:51:25 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 66cf2fc34903.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 05 Mar 2022 11:51:25 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A+lBMYaJNEeSnJ9UdfsvRy8XjGyE2rADgMb+9A6b9ZKeoi5LYQCA6A5E1x/msHWd0Ua6GPNB01PtCdWdDRWXoAXxGpzEVSRFa6Wju1BqzjbNwcG3uDTpv7arHL/ZIbSSUIYo7BUAVca8ImH5PZjjGR9PRCyM36eWFJDpJySUHCM3f0NDJXUY15biqb2hORbsYpl5LUFeLTKtixZJKh8vy0a/U0zxCJevJx421dbZMY2HbwBELlbHWUEVvoJ/3CPfkPFo5XwbUEw3NCQoY/UwqMZxBLq5W29gwFhyFFwCrwfJXPPD4Gelr10S5fbdAMQBB1dXS3rulyix21kMibuj5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UGUOQmZUj2Gs0xPz3UB4kysUXjMRxkW3fcFcXP4tiEc=; b=Y+kuq8HT083QI8WQNHoa7vaSBglw3HOxl48IoxBm4xyjs3HDufOmBvVAMRcB7S4ki60++zFyJPLE3SNQHoCibX/LnkT0vD1i0SWlGzuec/GHdYFUN4bghB0X3JWbWRZORMvxDEoxkhcx9iS1OOA0C17q8imSyibnbx+xvIszJ4XaCrl82ajHUDjcTCTjM/HYtK6joVQ4WfcYy1Jr/sTwZX0R2ZDPJYiEIfMARwv8BZBEJvkQlJsnFV737cgsH4LkgQdBnvqrkFxk+ANGUfgVsMF2Czm0lwwmwRLHyIJ6Huh7cigb5AXZW8Pk/BwzzGBkYfim7rJdgrMxPJbDpM69nw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UGUOQmZUj2Gs0xPz3UB4kysUXjMRxkW3fcFcXP4tiEc=; b=r/wry6xI9N5EvWOfG3ro8Pc/B0YqqyW+XXlDmLOBLp/HvjoCOfnIM/h/N5Hh+ngzNvUaaKBuuHwWTY4OJ1voBtRCPDPml+De9DW8WvBR38adUrjArBBSErA2LL4SwSy8aviXW0//CUEv7NZQQT8mFyfPCCB4Y7W+2eHxcedWEKM= Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by AS8PR08MB6024.eurprd08.prod.outlook.com (2603:10a6:20b:23d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.17; Sat, 5 Mar 2022 11:50:32 +0000 Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8%5]) with mapi id 15.20.5038.016; Sat, 5 Mar 2022 11:50:31 +0000 From: Hannes Tschofenig To: Jim Zubov , "secdispatch@ietf.org" , "secdispatch@ietf.org" , Michael Richardson , "iotops@ietf.org" , "anima@ietf.org" Thread-Topic: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) Thread-Index: AQHYMC30YaXh1baPBkeosHdKaSSDsaywrUdQ Date: Sat, 5 Mar 2022 11:50:31 +0000 Message-ID: References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: BCF5F38E5AB0EF46B59FEE34BE7E1065.0 x-checkrecipientchecked: true Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-MS-Office365-Filtering-Correlation-Id: 2cd52fee-0907-46f2-d59c-08d9fe9e7dc2 x-ms-traffictypediagnostic: AS8PR08MB6024:EE_|DB5EUR03FT005:EE_|VI1PR08MB5344:EE_ X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: IPs+WWV8Ivfnkkq+ruWeDtMO3y59qT+QA4h4777yaR4Mi9PQbCG85GVBYGobQG2QGGRR28FQ01zKKBdZqeSqyzub/vhjOHCttOcEyEVKOHt8db7EKD6DRitCwgaOf1dKZjRyo3heuA1/nuBEt402Yw0xJJiAT7vPjYxe2OVNof7jC/7OvplqNsdEoTbTFCJ+Tv0cbJx5sfqrZOkuMbVco1ZNPM4dIQ61v2Ow9D23oDuP9I5eQcZhnYKZ/k4BDR6yzsZhQc5TxCKMeusgtrWgesPMkAuJYjuR43CVlDroIVoIcfvISOU19yXP/etUjTxVmFC6E7W7fG6lmPJG5v7Bq1mrGP9Ck0MCdHooNSSvpJFmHyfUPUhwGxQ1GXZ6qhszmmKc+YqbMG028s16Gv+p8Cu49hVehwwdcnyFnbQ+uCLcRdNCrEB+BNlhTo1ObG3zcTCsJuFcaJAtkLW5vgkMPLUgzGEFR3KxMnyXidLMnBMiXRlhoi2zjNGr7uuSOtrxsjKRdabA+CPrvH8ml1TFh5P/isyw7rzEXAheeOqQkG0qMgT2mtmv1WkZv7hQYncfzHMXcR4dwOYC5pcdQVDOWBzj9eNgdh82x+rzOnwsCLwHeK+fu7iSKMSMZHIKFQ+Z0Ze64uCGf3aLiXsOs0xTHDkTg+A3zuncj+0KnV9nOsN2SI04IopKzTzveRInoqsGei4IiSBgzpgztiHE2rTKk+mzLxKYOKY9JTXjKRruOtKI6q9Fp4+xfshSkSmesMKxb089WpBPTlchJIQa+WnxOTJ9kF4aDRWMROBRm9YI7EYI00eUxyIkRJlBAKRUdLv7j6TTFdDYyVbt3xeLk9VYBw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66574015)(5660300002)(26005)(186003)(9326002)(52536014)(30864003)(110136005)(122000001)(966005)(83380400001)(66476007)(76116006)(38100700002)(66446008)(66556008)(64756008)(8676002)(66946007)(8936002)(316002)(2906002)(9686003)(6506007)(33656002)(7696005)(53546011)(508600001)(71200400001)(38070700005)(55016003)(166002)(86362001)(69594002)(579004); DIR:OUT; SFP:1101; Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915AC6A162154A6B53D27B7FA069DBBPR08MB5915eurp_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6024 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT005.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 6e6df3bf-e8b5-4875-67ff-08d9fe9e5a11 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K6dPejW8sbRrMdP9lRBpIHlEMBalWT7llmBWzQGRtTBAq2KwbQHvnLzsY6rEiM1+P5dDdg8rDXGWnyYL2Yy5MxJhvomHMZFtNgKk8mm4nG2d1PQQ5J6omu9az4tkig43nQtFMORv8VKoo7lPshVsmNZ6ZzmRV4vPseIetlr3nf20nRK1uNGERh9dA9fCg15WHKyKMJRI9irE0ACiSmEL6jaYBgVRn2AqgAwtsAgN9wTeHW9tMyDfXb0BnD1FZXON3FK6gN6iZnDmFVMuU+k7rqCbLLcZxOiPZCFKsX05Sv5wnH6XpMP278NR7IIWt0VIHhORTidwzF0464hw6UqsStHSLGPfQN7+cSw4PKkMC86Q+OlfYh9ZJ7Lqs0uCuqPdWpHpWrWccUt1hkeyfIEFinaziKEkdWNzs7QZS5WETWZ0u6L1Hxrt5lhi9JJvjozNVwYUjYfNwlPCkY+wdz3R6xfJK36aho21PjUpNsHO8vKEXK4xgp4J+xvlwmHlYA9kyg4W/H8CLAVVYngak2ul54t5PnIxZxdgayORdQKJPJG+oIy6oehg4aY1V2B+OKhwS+cG7yjVfGcGG3skrXJDn87iTD4f80yfOWva/hurL6u9gOQYeQ6fgVZdIZJZyFuiOeEENp2ptQqXLTyeuYz0tkZs94faKlGtUnBEKKnZE6e5fvZc/m3DGpFqVLxVMF41dAbKh9qySSu4khZQcntsgFUH6hB/aYjY/wx+0zpZw2Tjh+tilc/R4MXGdGkwngwkuSPQ3O2yFT4flTml02lE5BCRe0QMi7XA6ERZH7EJ9sLxSZTCrwyaU2GEl4RGNMTC X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(166002)(66574015)(30864003)(86362001)(9326002)(52536014)(110136005)(8676002)(83380400001)(356005)(450100002)(5660300002)(70206006)(70586007)(316002)(53546011)(33964004)(7696005)(9686003)(47076005)(82310400004)(8936002)(36860700001)(55016003)(6506007)(2906002)(33656002)(81166007)(26005)(186003)(336012)(40460700003)(966005)(508600001)(69594002)(579004)(559001); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Mar 2022 11:51:31.7694 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2cd52fee-0907-46f2-d59c-08d9fe9e7dc2 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT005.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB5344 Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 11:51:46 -0000 --_000_DBBPR08MB5915AC6A162154A6B53D27B7FA069DBBPR08MB5915eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgSmltLA0KDQpHb29kIGRpc2N1c3Npb24uDQoNCkJhc2VkIG9uIHdoYXQgeW91IHdyb3RlIGJl bG93IEkgd2FzIGFjdHVhbGx5IHdvbmRlcmluZyBpZiB0aGUgdXNlIG9mIFRMUyBvciBEVExTIGF0 IHRoZSBhcHBsaWNhdGlvbiBsYXllciB3b3VsZG7igJl0IGV2ZW4gYmUgYSBiZXR0ZXIgc29sdXRp b24uIFRoaXMgd2F5IHlvdSBjb3VsZCByZS11c2UgYW4gZXhpc3RpbmcgSW9UIGRldmljZSBtYW5h Z2VtZW50IGluZnJhc3RydWN0dXJlICh3aGljaCBtYXkgYmUgYmFzZWQgb24gSFRUUCBidXQgd2ls bCBtb3N0IGxpa2VseSB1c2UgTVFUVCBvciBDb0FQKSBhbmQgdGhlbiB5b3UgYWRkIHRoZSBlbmQt dG8tZW5kIHNlY3VyaXR5IG9uIHRvcCBvZiBpdCBmb3IgdGhvc2UgY2FzZXMgd2hlcmUgeW91IG5l ZWQgaXQuIFlvdSB0aGVuIGFsc28gZG8gbm90IGhhdmUgdG8gd29ycnkgYWJvdXQgZGVwbG95aW5n IGEgc2VwYXJhdGUgcHJveHkuDQoNCkhlcmUgaXMgc29tZSBpbmZvcm1hdGlvbiBhYm91dCB0aGlz IGFwcHJvYWNoOg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1m cmllbC10bHMtYXRscy0wNQ0KDQpDaWFvDQpIYW5uZXMNCg0KRnJvbTogU2VjZGlzcGF0Y2ggPHNl Y2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBKaW0gWnVib3YNClNlbnQ6 IFNhdHVyZGF5LCBNYXJjaCA1LCAyMDIyIDI6MTAgQU0NClRvOiBzZWNkaXNwYXRjaEBpZXRmLm9y ZzsgSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyBKaW0gWnVi b3YgPGlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tPjsgc2VjZGlzcGF0Y2hAaWV0Zi5vcmc7IE1p Y2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZAc2FuZGVsbWFuLmNhPjsgaW90b3BzQGlldGYub3Jn OyBhbmltYUBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0gW0lvdG9wc10gSS1E OiBEZXBsb3lpbmcgUHVibGljbHkgVHJ1c3RlZCBUTFMgU2VydmVycyBvbiBJb1QgRGV2aWNlcyBV c2luZyBTTkktYmFzZWQgRW5kLXRvLUVuZCBUTFMgRm9yd2FyZGluZyAoU05JRikNCg0KSGkgSGFu bmVzLA0KDQpHb29kIG92ZXJ2aWV3IG9mIHN0cmF0ZWdpYyBhcHByb2FjaGVzLCBsZXQgbWUgYWRk IGFub3RoZXIgZGltZW5zaW9uIC0NCi0gQ2FuIHRoZSByZWxheSBhY2Nlc3MgYW55IGluZm9ybWF0 aW9uIGNvbW11bmljYXRlZCBiZXR3ZWVuIHRoZSBkZXZpY2UgYW5kIHRoZSB1c2VyLA0KLSBJZiB0 aGUgYW5zd2VyIGlzIF9ub18gLSBjYW4gdGhlIHVzZXIgb3Igc29tZSBpbmRlcGVuZGVudCBwYXJ0 eSB2ZXJpZnkgdGhlIHZhbGlkaXR5IG9mIHN1Y2ggY2xhaW0uDQoNCkluIGNhc2Ugb2YgU05JRiwg dGhlIHNldHVwIGNvbnNpc3RzIG9mDQotIGFuIElvVCBkZXZpY2UgY2FwYWJsZSBvZiBzZXJ2aW5n IEhUVFBTICh1c2VyIGZyaWVuZGx5IHBhZ2VzIG9yIGFuIEFQSSksIHJ1bm5pbmcgYSBTTklGIGNv bm5lY3RvciwNCi0gYSB3ZWIgYmFzZWQgZGV2aWNlIG1hbmFnZXIgb24gdGhlIHVzZXIgc2lkZSB0 aGF0IHdvcmtzIHdpdGggdGhlIGRldmljZSdzIEhUVFBTIGNvbnRlbnQgKGFuZCBleHBlY3RzIGEg dHJ1c3RlZCBjZXJ0KSwNCi0gYSBTTklGIHJlbGF5IC8gQ0EgcHJveHkgc2VydmVyIGluIHRoZSBj bG91ZCwNCi0gcG90ZW50aWFsbHksIGFuIGluZGVwZW5kZW50IG9ic2VydmVyIHRoYXQgd2F0Y2hl cyBUTFMgdHJhbnNwYXJlbmN5IGxvZ3MgYW5kIHJhaXNlcyBhbiBhbGVydCBpZiBhbnkgZHVwbGlj YXRlIGNlcnRzIGFyZSBmb3VuZCBmb3IgdGhlIENOcyBpc3N1ZWQgYnkgdGhlIENBIHByb3h5Lg0K DQpUaGlzIHdheSwgdGhlIElvVCBkZXZpY2Ugb3ducyB0aGUgcHJpdmF0ZSBrZXksIGFuZCB0aGVy ZSdzIGEgcHJvb2YgdGhyb3VnaCB0aGUgcHVibGljIHRydXN0IFBLSSB0aGF0IHRoZSBkZXZpY2Ug bWFuYWdlciBpcyBjb21tdW5pY2F0aW5nIHRvIHRoZSBhdXRoZW50aWMgZGV2aWNlLg0KSW4gY2Fz ZSBpZiB0aGUgcHVibGljIENBIHRydXN0IGlzIG5vdCBlbm91Z2gsIHRoZSBkZXZpY2UgbWFuYWdl ciBjYW4gZXhhbWluZSB0aGUgcHVibGljIGtleSBvbiB0aGUgY2VydCBvbiBldmVyeSBjb25uZWN0 aW9uIChzaG91bGQgYmUgcG9zc2libGUgdG8gZG8gd2l0aCB0aGUgRm9yZ2UgcHJvamVjdCBpbiBy ZWd1bGFyIGpzKSwgYW5kIHJhaXNlIGFuIGFsZXJ0IGlmIHRoZSBrZXkgaXMgY2hhbmdlZCAoanVz dCBsaWtlIHNzaCBkb2VzKS4NCg0KU05JRiBpcyB0aGUgYW5zd2VyIGZvciBhIHNtYXJ0IGhvbWUs IGEgc2VjdXJpdHkgY2FtLCBvciBhbnkgb3RoZXIgcHJpdmF0ZSBJb1QgeW91IGRvbid0IHdhbnQg YW55Ym9keSB0byBzbmlmZiBvbiAocHVuIGludGVuZGVkKS4NCg0KSWYgeW91J3JlIGRlcGxveWlu ZyBhIGRldmljZSBhY2Nlc3NhYmxlIHRvIGEgbGFyZ2UgZ3JvdXAsIGxpa2UgYSBwdWJsaWMgd2Vi Y2FtLCBTTklGIG1pZ2h0IGJlIG5vdCBhIGdvb2Qgb3B0aW9uLCBpdCBtaWdodCBiZSBiZXR0ZXIg dG8gaGF2ZSBhbiBpbnRlcm1pZGlhdGUgcHJveHkgdGhhdCBoYW5kbGVzIGFsbCB0cmFmZmljIHdp dGhvdXQgY2hva2luZyB0aGUgZGV2aWNlLiBCdXQsIGVuZC10by1lbmQgcHJpdmFjeSBpcyBhIGxl c3NlciBjb25jZXJuIGluIHN1Y2ggY2FzZS4NCg0KUmVnYXJkaW5nIHRoZSBjb252ZXJzaW9uIG9m IGFueSBleGlzdGluZyBkZXZpY2VzIHRvIFNOSUYgLQ0KLSBzZXJ2ZSB0aGUgY29udGVudCBvbiB0 aGUgZGV2aWNlIG92ZXIgSFRUUFMgb3IgbG9jYWwgcGxhaW4gSFRUUCwgd2hldGhlciBpdCdzIGEg d2ViIHBhZ2UsIGEgdmlkZW8gc3RyZWFtIG9yIGFuIEFQSSwgbGlzdGVuaW5nIG9uIGEgbG9jYWwg cG9ydCAoc2F5IDQ0MykNCi0gcnVuIGEgU05JRiBjb25uZWN0b3IgcHJvY2VzcyB0byBtYWludGFp biB0aGUgY2VydCBhbmQgdG8gcmVsYXkgdG8gaW5jb21pbmcgU05JRiBjb25uZWN0aW9ucyB0byB0 aGUgbG9jYWwgcG9ydC4NCk9uIE1hcmNoIDMsIDIwMjIgNjoxODo0OCBBTSBFU1QsIEhhbm5lcyBU c2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPG1haWx0bzpIYW5uZXMuVHNjaG9m ZW5pZ0Bhcm0uY29tPj4gd3JvdGU6DQpIaSBKaW0sDQoNClRoYW5rcyBmb3IgeW91ciByZXNwb25z ZS4NCg0KPiBUaGVyZSBhcmUgc29tZSBJb1QgbWFuYWdlbWVudCBzb2x1dGlvbnMgb24gdGhlIG1h cmtldCwgYm90aCBvcGVuIHNvdXJjZSBhbmQgcHJvcHJpZXRhcnksIGJ1dCBhcyBmYXIgYXMgSSBj YW4gdGVsbCBub25lIG9mIHRoZW0gZnVsbHkgZm9sbG93cyB0aGUgZW5kIHRvIGVuZCBwYXJhZGln bS4NCltIYW5uZXNdIEl0IGRlcGVuZHMgd2hhdCB5b3UgY2FsbCBlbmQtdG8tZW5kLiBBcyBhbiBJ b1Qgc2VydmljZSBwcm92aWRlciB5b3UgaGF2ZSB0byBtYWtlIGEgZmV3IGRlY2lzaW9ucyBhYm91 dCBob3cgdG8gbWFuYWdlIGFuZCBkZXBsb3kgSW9UIGRldmljZXMuIEJyb2FkbHkgc3BlYWtpbmcs IHlvdSBoYXZlIHRocmVlIG9wdGlvbnM6DQoNCiAgKiAgIFlvdSAgc2VlayBvdXQgdG8gYSB0aGly ZCBwYXJ0eSB0byBtYW5hZ2UgeW91ciBkZXZpY2VzLiBOZWVkbGVzcyB0byBzYXkgdGhhdCB5b3Ug c2hvdWxkIHBpY2sgYSBjb21wYW55IHRoYXQgeW91IGZlZWwgY29tZm9ydGFibGUgd2l0aC4gVGhl eSB3aWxsIG1hbmFnZSB5b3VyIGRldmljZXMgYW5kIHRoZXkgd2lsbCBhbHNvIG9mZmVyIHdheXMg dG8gc3RvcmUgdGhlIGRhdGEgb2J0YWluZWQgZnJvbSB0aGUgZGV2aWNlcywgdG8gbWFuYWdlIGFu ZCBkaXN0cmlidXRlIGZpcm13YXJlIHVwZGF0ZXMsIGFuZCBldmVuIHRvIHBlcmZvcm0gYW5hbHlz aXMgb2YgdGhlIGRhdGEgKG1hY2hpbmUgbGVhcm5pbmcpLiBUaGVuLCB5b3UgY2FuIHR5cGljYWxs eSBjb25uZWN0IGJhY2tlbmQgYXBwbGljYXRpb24gc2VydmVycyB0byB0aGUgZGV2aWNlIG1hbmFn ZW1lbnQgb2ZmZXJpbmcuIE9mIGNvdXJzZSwgdGhlIGRldGFpbHMgdmFyeSBhIGxvdCB3aXRoIHdo YXQgeW91IGFyZSBhY3R1YWxseSBkb2luZyBhcyBhbiBJb1Qgc2VydmljZSBwcm92aWRlciB3aXRo IHRoZSBJb1QgZGV2aWNlcyBhbmQgdGhlIGRhdGEuDQogICogICBZb3UgZ2V0IHRoZSBzb2Z0d2Fy ZSBmcm9tIGEgcHJvdmlkZXIgYW5kIHlvdSBtYW5hZ2UgdGhlIGRldmljZXMgb24geW91ciBvd24u IFRoaXMgaXMgb2Z0ZW4gdGhlIGNhc2Ugd2hlbiB5b3Ugd2FudCB0byBkZXBsb3kgYW4gb24tcHJl bWlzZSBzb2x1dGlvbi4gSGVyZSB5b3UgaGF2ZSB0byB0cnVzdCB0aGUgcHJvdmlkZXIgb2YgdGhl IGRldmljZSBtYW5hZ2VtZW50IHNvZnR3YXJlIHRoYXQgdGhlIGNvZGUgaXMgY29ycmVjdCBhbmQg ZG9lcyB3aGF0IGl0IGlzIHN1cHBvc2VkIHRvIGRvLiBJbiBzb21lIGNhc2VzIHlvdSBub3Qgb25s eSBnZXQgdGhlIGJpbmFyeSBidXQgYWxzbyB0aGUgc291cmNlIGNvZGUuIEluIHRoZW9yeSwgeW91 IGNvdWxkIGNoZWNrIHdoYXQgY29kZSBpcyBhY3R1YWxseSBydW5uaW5nIChhbHRob3VnaCBJIGRv dWJ0IHRoYXQgYW55b25lIHJlYWxseSBjaGVja3MpLg0KICAqICAgRmluYWxseSwgeW91IGJ1aWxk IHlvdXIgb3duIGRldmljZSBtYW5hZ2VtZW50IHNvbHV0aW9uIChvZnRlbiB1c2luZyBhdmFpbGFi bGUgb3BlbiBzb3VyY2Ugc29mdHdhcmUpLg0KSW4gcHJhY3RpY2UsIEkgaGF2ZSBhbHNvIHNlZW4g YSBjb21iaW5hdGlvbiBvZiB0aGUgdmFyaWFudHMgYWJvdmUuIEZvciBleGFtcGxlLCBJIGhhdmUg c2VlbiBhIGNhc2Ugd2hlcmUgdGhlIGRldmljZXMgd2VyZSBtYW5hZ2VkIGJ5IGEgdGhpcmQgcGFy dHkgYnV0IHRoZSB2aWRlbyBzdHJlYW0gb2YgdGhlIHN1cnZlaWxsYW5jZSBjYW1lcmEgd2FzIHNl bnQgZGlyZWN0bHkgdG8gYSBkZWRpY2F0ZWQgc2VydmVyIG1hbmFnZWQgYnkgdGhlIElvVCBzZXJ2 aWNlIHByb3ZpZGVyLiAoVGhlcmUgd2VyZSBhbHNvIHZhcmlvdXMgdGVjaG5pcXVlcyB0byBwcmV2 ZW50IG1vZGlmaWNhdGlvbnMgdG8gdGhlIGRldmljZSB0byBoYXZlIHRoZSB2aWRlbyBzdHJlYW0g cmUtZGlyZWN0ZWQgb3IgdGhlIGNyZWRlbnRpYWxzIGNoYW5nZXMgYnV0IEkgdGhpbmsgeW91IGdl dCB0aGUgaWRlYS4pIFRoZSBjb21tdW5pY2F0aW9uIG1vZGVsIHRoZXJlIHdhcyBhIGJpdCBkaWZm ZXJlbnQgdGhhbiB5b3VycyBiZWNhdXNlIHRoZSBjbGllbnQgaW5pdGlhdGVkIHRoZSBjb21tdW5p Y2F0aW9uIHdpdGggdGhlIHZpZGVvIHNlcnZlci4gSGVuY2UsIHRoZXJlIHdhcyBubyBpc3N1ZSB3 aXRoIHJ1bm5pbmcgYSBUTFMgc2VydmVyIG9uIHRoZSBkZXZpY2UuDQpPbiB0b3Agb2YgdGhpcywg aXQgaXMgYWxzbyBjb21tb24gdG8gcHJvdmlkZSBzcGVjaWFsIHNlY3VyaXR5IHByb3RlY3Rpb24g Zm9yIHNlbGVjdGVkIGRhdGEuIEZvciBleGFtcGxlLCBmaXJtd2FyZSB1cGRhdGVzIGFyZSBzaWdu ZWQgYnkgcGFydHkgZGlmZmVyZW50IGZyb20gdGhlIGNvbXBhbnkgb2ZmZXJpbmcgdGhlIGRldmlj ZSBtYW5hZ2VtZW50IHNvbHV0aW9uLiBUaGV5IGFyZSwgZm9yIGV4YW1wbGUsIHNpbmdlZCBieSB0 aGUgY29tcGFueSBkZXZlbG9waW5nIHRoZSBjb2RlLiBUaGV5IGFyZSBzdGlsbCBkaXN0cmlidXRl ZCBieSB0aGUgZGV2aWNlIG1hbmFnZW1lbnQgaW5mcmFzdHJ1Y3R1cmUgYW5kIGhlbmNlIHlvdSBo YXZlIHRvIHJlbHkgb24gdGhlIGRpc3RyaWJ1dGlvbiBvZiB0aGVtIGJ1dCB0aGVyZSBpcyBubyBj aGFuY2UgZm9yIHRoZSBkZXZpY2UgbWFuYWdlbWVudCBwcm92aWRlciB0byBpbmplY3QgbWFsaWNp b3VzIGNvZGUgaW50byB0aGUgZGV2aWNlLg0KRnJvbSB3aGF0IEkgYW0gc2VlaW5nLCB0aGUgZmly c3QgZGVwbG95bWVudCBtb2RlbCBpcyB2ZXJ5IHBvcHVsYXIuIFRoZSBhcHByb2FjaCBvZiDigJxk ZXNpZ25pbmcgeW91ciBvd24gc29sdXRpb27igJ0gd2FzIHBvcHVsYXIgaW4gdGhlIGVhcmx5IGRh eXMgYmVjYXVzZSBjb21wYW5pZXMgd2VyZSBnaXZlbiB0aGUgaW1wcmVzc2lvbiB0aGF0IHRoaXMg SW9UIHN0dWZmIGlzIHNvIHNpbXBsZSB0aGF0IHlvdSBjYW4gcHV0IGEgc29sdXRpb24gdG9nZXRo ZXIgaW4gYSB3ZWVrZW5kLiBJdCB0dXJuZWQgb3V0IHRoYXQgdGhpcyBpcyBub3QgcXVpdGUgdGhl IGNhc2UgKGlmIHlvdSBoYXZlIGEgbGFyZ2VyIG51bWJlciBvZiBkZXZpY2VzKS4gTWFueSBJb1Qg c2VydmljZSBwcm92aWRlcnMgYWxzbyBuZWVkIGhlbHAgZGVzaWduaW5nIHRoZSBlbnRpcmUgc29s dXRpb24sIGFsc28gdGhlIHNvbHV0aW9uIG9uIHRoZSBJb1QgZGV2aWNlIGl0c2VsZi4NCkhvdyBk b2VzIHlvdXIgc29sdXRpb24gZml0IGludG8gdGhpcyBwaWN0dXJlPw0KPiBJIGJlbGlldmUgaXQn cyB3b3J0aCBoYXZpbmcgYSB1bml2ZXJzYWwgY3Jvc3MtdmVuZG9yIHNvbHV0aW9uIHRoYXQgaGFu ZGxlcyBTTklGIGRldmljZSBvbmJvYXJkaW5nLCBtYWludGFpbnMgdGhlIGNyZWRlbnRpYWxzIGlu IGEgbG9jYWwgc2VjdXJlIHN0b3JhZ2UsIGFuZCBjb25zb2xpZGF0ZXMgaHR0cHMgYmFzZWQgbWFu YWdlbWVudCBpbnRlcmZhY2UgaG9zdGVkIGJ5IGluZGl2aWR1YWwgZGV2aWNlcyB0aHJvdWdoIFNO SUYuDQpbSGFubmVzXSBUaGVyZSBpcyBkZWZpbml0ZWx5IGEgbG90IG9mIGV4Y2l0ZW1lbnQgd2hl biBpdCBjb21lcyB0byB0aGUgZGV2ZWxvcG1lbnQgb2YgZGV2aWNlIG9uYm9hcmRpbmcgc29sdXRp b25zLiBJIGhhdmUgdG8gdHJ1c3QgeW91IHRoYXQgdGhlcmUgaXMgZnVydGhlciBpbnRlcmVzdCBm b3Igc29sdXRpb25zIGJlY2F1c2UgSSBoYXZlbuKAmXQgY2hlY2tlZC4NCg0KPiBUaGUgcmVxdWly ZW1lbnRzIGZvciBzdWNoIHNvbHV0aW9uIGlzIGEgdG9waWMgZm9yIGEgc2VwYXJhdGUgZHJhZnQs IGFsdGhvdWdoIEkgYWxyZWFkeSBvdXRsaW5lZCB0aGUgcG9zc2libGUgc2VjdXJlIG9uYm9hcmRp bmcgcHJvY2VzcyBpbiB0aGUgc2VjdXJpdHkgc2VjdGlvbi4NCkkgd2lsbCByZS1yZWFkIHlvdXIg c2VjdXJpdHkgY29uc2lkZXJhdGlvbiBzZWN0aW9uIGFnYWluLg0KDQpOb3RlIHRoYXQgSSBhbSBj ZXJ0YWlubHkgbm90IGFnYWluc3QgeW91ciBzb2x1dGlvbi4gSWYgeW91ciBhcHByb2FjaCBoYXMg c3VjY2Vzcywga3Vkb3MgdG8geW91Lg0KDQpDaWFvDQpIYW5uZXMNCg0KT24gRmVicnVhcnkgMjQs IDIwMjIgNTozNzo0NiBBTSBFU1QsIEhhbm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5p Z0Bhcm0uY29tPG1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPj4gd3JvdGU6DQoNCkhp IEppbSwNCg0KVGhhbmtzIGZvciB0aGUgcXVpY2sgcmVzcG9uc2UuIFRoZSBsaW5rIHRvIHlvdXIg d2Vic2l0ZSBpcyBoZWxwZnVsLiBJIG5vdyB1bmRlcnN0b29kIHRoYXQgeW91IHdvdWxkIGFsc28g cmVsYXkgdGhlIGNvbW11bmljYXRpb24gdGhyb3VnaCB0aGUgcHJveHksIHdoaWNoIGRlYWxzIHdp dGggdGhlIElvVCBkZXZpY2UgYmVpbmcgYmVoaW5kIGEgTkFUIGFuZC9vciBmaXJld2FsbCBpZiB0 aGUgSW9UIGRldmljZSBrZWVwcyB0aGUgY29ubmVjdGlvbiBhbGl2ZS4NCg0KSSB3b25kZXIgd2hl dGhlciB5b3UgaGF2ZSBjb25zaWRlcmVkIHRvIHJlLXVzZSBhbiBleGlzdGluZyBkZXZpY2UgbWFu YWdlbWVudCBzb2x1dGlvbnMgc2luY2UgdGhvc2UgaXMgd2lkZWx5IGRlcGxveWVkIHRvZGF5Pw0K DQpDaWFvDQpIYW5uZXMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IElvdG9w cyA8aW90b3BzLWJvdW5jZXNAaWV0Zi5vcmc8bWFpbHRvOmlvdG9wcy1ib3VuY2VzQGlldGYub3Jn Pj4gT24gQmVoYWxmIE9mIEppbSBadWJvdg0KU2VudDogV2VkbmVzZGF5LCBGZWJydWFyeSAyMywg MjAyMiA0OjE3IFBNDQpUbzogc2VjZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNo QGlldGYub3JnPjsgSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208 bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+PjsgSmltIFp1Ym92IDxpZXRmLWxpc3RA Y29tbWVyY2VieXRlLmNvbTxtYWlsdG86aWV0Zi1saXN0QGNvbW1lcmNlYnl0ZS5jb20+Pjsgc2Vj ZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNoQGlldGYub3JnPjsgTWljaGFlbCBS aWNoYXJkc29uIDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E8bWFpbHRvOm1jcitpZXRmQHNhbmRlbG1h bi5jYT4+OyBpb3RvcHNAaWV0Zi5vcmc8bWFpbHRvOmlvdG9wc0BpZXRmLm9yZz47IGFuaW1hQGll dGYub3JnPG1haWx0bzphbmltYUBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbSW90b3BzXSBbU2Vj ZGlzcGF0Y2hdIEktRDogRGVwbG95aW5nIFB1YmxpY2x5IFRydXN0ZWQgVExTIFNlcnZlcnMgb24g SW9UIERldmljZXMgVXNpbmcgU05JLWJhc2VkIEVuZC10by1FbmQgVExTIEZvcndhcmRpbmcgKFNO SUYpDQoNClRoYW5rIFlvdSBmb3IgeW91ciBmZWVkYmFjayBIYW5uZXMsIEkgYWRkcmVzc2VkIHRo ZSBjb21tZW50cyBiZWxvdyAtDQoNCk9uIEZlYnJ1YXJ5IDIzLCAyMDIyIDU6MzY6MTUgQU0gRVNU LCBIYW5uZXMgVHNjaG9mZW5pZyA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbTxtYWlsdG86SGFu bmVzLlRzY2hvZmVuaWdAYXJtLmNvbT4+IHdyb3RlOg0KDQpIaSBhbGwsDQoNClRoYW5rcyBmb3Ig dGhpcyBjb250cmlidXRpb24sIEppbS4NCg0KUmVhZGluZyB0aHJvdWdoIHRoZSBkb2N1bWVudCBJ IGFncmVlIHRoYXQgdGhlIFNVSUIgdG9waWMgZGlzY3Vzc2VkIGluIHRoZSBJT1RPUFMgV0cgYXBw ZWFycyByZWxldmFudC4gSSBhbHNvIHdvbmRlciB3aGV0aGVyIHRoZSB3b3JrIGluIHRoZSBEQU5J U0ggZ3JvdXAgKHNlZSBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL3dnL2RhbmlzaC9hYm91 dC8pIGlzIHJlbGV2YW50Lg0KDQpBZ3JlZWQgYWJvdXQgU1VJQiwgbm90IHF1aXRlIHN1cmUgYWJv dXQgREFOSVNILiBEQU5JU0ggaXMgYWJvdXQgY2VydGlmaWNhdGUgYmFzZWQgYXV0aGVudGljYXRp b24gYW5kIFBLSSBleHRlbnNpb25zLCB3aGlsZSBTTklGIGlzIGFib3V0IGVuZC10by1lbmQgcmVs YXllZCB0cnVzdGVkIFRMUyB0aGF0IHJlbGllcyBvbiB0aGUgc3RhbmRhcmQgUEtJLg0KDQpSZWdh cmRpbmcgdGhlIHVzZSBpbiBJb1QgSSBoYXZlIGEgcXVlc3Rpb24gZm9yIG15IHVuZGVyc3RhbmRp bmcuDQoNCkluIGEgbnV0c2hlbGwsIHlvdSBpbnRyb2R1Y2UgYSBwcm94eSB0aGF0IGFsbG9jYXRl cyBhIGhvc3RuYW1lIGFuZCByZXF1ZXN0cyBhIGNyZWF0aW9uIG9mIGEgY2VydGlmaWNhdGUgb24g YmVoYWxmIG9mIHRoZSBJb1QgZGV2aWNlLg0KDQpDb3JyZWN0LCBwbHVzIGFuIGUyZSBUTFMgcmVs YXkuDQoNClRvIGdldCB0aGlzIHRvIHdvcmsgeW91IHJlbHkgb24gdGhyZWUgYXNzdW1wdGlvbnM6 DQooMSkgVGhlcmUgaGFzIHRvIGJlIGEgY29tbXVuaWNhdGlvbiBpbmZyYXN0cnVjdHVyZSB0aGF0 IGFzc29jaWF0ZXMgdGhlICJhbm9ueW1vdXMiIGhvc3RuYW1lIHdpdGggYSBzcGVjaWZpYyBkZXZp Y2UgYW5kIGNvbnZleXMgdGhlc2UgaWRlbnRpZmllcnMgdG8gdGhlIHJlbGV2YW50IHBhcnRpZXMu DQoNCkVhY2ggZGV2aWNlIGlzIGNvbmZpZ3VyZWQgd2l0aCBhbiBpbml0VXJsIHBvaW50aW5nIHRv IGEgc3BlY2lmaWMgQ0EgcHJveHkgdGhhdCBhbGxvY2F0ZXMgYSByYW5kb20gaG9zdG5hbWUgKGEg Q04gdG8gYmUgbW9yZSBhY2N1cmF0ZSksIG5vcm1hbGx5IGEgc3ViZG9tYWluIG9mIGEgbWFzdGVy IGRvbWFpbiB0aGF0IGhhcyBhIHdpbGRjYXJkIEROUyByZWNvcmQgcG9pbnRpbmcgdG8gdGhlIENB IHByb3h5Lg0KRXhhbXBsZSAtIHRoZSBpbml0VXJsIGZvciBwdWJsaWMgZXhwZXJpbWVudGFsIHVz ZSAtIGh0dHBzOi8vc25pZi5zbmlmLnh5ejo0NDQzIFRoZSBhbGxvY2F0ZWQgd2lsZGNhcmQgQ04g aXMgYSBzdWJkb21haW4gb2YgdGhlIG1hc3RlciBkb21haW4gc25pZi54eXoNCg0KKDIpIFlvdSBh c3N1bWUgdGhhdCBhIHBhcnR5IHRoYXQgd2FudHMgdG8gY29udGFjdCB0aGUgSW9UIGRldmljZSBp cyBhYmxlIHRvIHJlYWNoIHRoZSBkZXZpY2UgKGkuZS4gdGhlIElvVCBkZXZpY2UgaXMgbm90IGJl aGluZCBhIGZpcmV3YWxsIG9yIE5BVCkuDQoNCkJvdGggdGhlIElvVCBkZXZpY2UgYW5kIHRoZSBj bGllbnQgY29ubmVjdCB0byB0aGUgU05JRiByZWxheS4gVGhlIHdob2xlIHB1cnBvc2Ugb2YgU05J RiBpcyB0byBiZSBhYmxlIHRvIHdvcmsgZnJvbSBiZWhpbmQgTkFUIC8gZmlyZXdhbGwgL2V0Yywg YW5kIGl0J3MgYmVlbiBjb25maXJtZWQgdG8gd29yayBpbiBwcmUtcHJvZHVjdGlvbi4gSW4gZmFj dCBJIGhhZCBhIG1pbm9yIGhpY2t1cCB3aXRoIEZvcnRpZ2F0ZSBpbiB0aGUgcHJvY2VzcyBvZiB0 ZXN0aW5nIHdoaWNoIGhhcyBiZWVuIHJlc29sdmVkLg0KVGhlcmUgYXJlIHNpbXBsaWZpZWQgZGlh Z3JhbXMgb24gaHR0cHM6Ly9zbmlmLmhvc3QgdG8gaWxsdXN0cmF0ZSB0aGUgY29uY2VwdC4NCg0K KDMpIFNvbWVvbmUgb3BlcmF0aW5nIElvVCBkZXZpY2VzIGhhcyB0byB0cnVzdCB0aGUgcHJveHkg c2luY2UgaXQgaXMgZWFzeSBmb3IgdGhlIHByb3h5IHRvIGFzc29jaWF0ZSBhIGhvc3RuYW1lIHdp dGggYSBwdWJsaWMga2V5IHRoYXQgd2FzIGNyZWF0ZWQgYnkgdGhlIHByb3h5IChyYXRoZXIgdGhh biB0aGUgZW5kIGRldmljZSkuIFRoaXMgZXNzZW50aWFsbHkgYWxsb3dzIHRoZSBwcm94eSB0byBp bXBlcnNvbmF0aW5nIHRoZSBJb1QgZGV2aWNlLg0KDQpJcyBteSB1bmRlcnN0YW5kaW5nIGNvcnJl Y3Q/DQoNClllcywgSSBtZW50aW9uZWQgdGhpcyB2dWxuZXJhYmlsaXR5IGluIHRoZSBzZWN1cml0 eSBzZWN0aW9uLiBUaGUgYW5zd2VyIGlzDQotIHdhdGNoIHRoZSBwdWJsaWMgVExTIHRyYW5zcGFy ZW5jeSBsb2dzLCBhbnkgcGFydHkgY2FuIGRvIGl0LiBJZiBhbnkgb3ZlcmxhcHBpbmcgQ05zIGFy ZSBmb3VuZCAtIHRoZSBDQSBwcm94eSBpcyBwZXJtYW5lbnRseSBjb21wcm9taXNlZCwNCi0gZG8g bm90IHVzZSByYW5kb20gQ0EgcHJveGllcyBvd25lZCBieSB1bmtub3duIHBhcnRpZXMuDQoNCkNp YW8NCkhhbm5lcw0KDQpBbnkgZnVydGhlciBxdWVzdGlvbnMvc3VnZ2VzdGlvbnMgYXJlIHdlbGNv bWUuDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBTZWNkaXNwYXRjaCA8c2Vj ZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRm Lm9yZz4+IE9uIEJlaGFsZiBPZiBKaW0gWnVib3YNClNlbnQ6IEZyaWRheSwgRmVicnVhcnkgMTEs IDIwMjIgMTI6MjIgQU0NClRvOiBzZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0 Y2hAaWV0Zi5vcmc+OyBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRmQHNhbmRlbG1hbi5jYTxt YWlsdG86bWNyK2lldGZAc2FuZGVsbWFuLmNhPj47DQpKaW0gWnVib3YgPGlldGYtbGlzdEBjb21t ZXJjZWJ5dGUuY29tPG1haWx0bzppZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbT4+OyBpb3RvcHNA aWV0Zi5vcmc8bWFpbHRvOmlvdG9wc0BpZXRmLm9yZz47IGFuaW1hQGlldGYub3JnPG1haWx0bzph bmltYUBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hdIEktRDogRGVwbG95aW5n IFB1YmxpY2x5IFRydXN0ZWQgVExTIFNlcnZlcnMNCm9uIElvVCBEZXZpY2VzIFVzaW5nIFNOSS1i YXNlZCBFbmQtdG8tRW5kIFRMUyBGb3J3YXJkaW5nIChTTklGKQ0KDQpUaGFua3MgZm9yIHRoZSBm ZWVkYmFjayBhZ2FpbiwgbXkgY29tbWVudCBhcmUgYmVsb3cuDQpJIHN1Ym1pdHRlZCBhIG5ldyB2 ZXJzaW9uIG9mIHRoZSBkcmFmdCB0byByZWZsZWN0IHNvbWUgY2hhbmdlcy4NCg0KT24gRmVicnVh cnkgMTAsIDIwMjIgMTowMjo0OCBQTSBFU1QsIE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZA c2FuZGVsbWFuLmNhPG1haWx0bzptY3IraWV0ZkBzYW5kZWxtYW4uY2E+PiB3cm90ZToNCg0KSmlt IFp1Ym92IDxpZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbTxtYWlsdG86aWV0Zi1saXN0QGNvbW1l cmNlYnl0ZS5jb20+PiB3cm90ZToNCg0KIFRoaXMgd2FzIGFsc28gb24gdGhlIElFVEYxMTIgSU9U T1BTIFdHIGFnZW5kYToNCiBzbGlkZXM6DQogaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9t ZWV0aW5nLzExMi9tYXRlcmlhbHMvc2xpZGVzLTExMi1pb3RvcHMtc3VpYi1icm93c2luZy1sb2Nh bC13ZWItcmVzb3VyY2VzLWluLWEtc2VjdXJlLXVzYWJsZS1tYW5uZXItaW90LWRldmljZS1jb25m aWd1cmF0aW9uLWFzLWEtc3BlY2lhbC1jYXNlLTAwDQogdmlkZW86ICBodHRwczovL3lvdXR1LmJl L09JbEpyVXZ3RGNJP3Q9MTY0OQ0KDQogYW5kIHdlIGhvcGUgdG8gcmV0dXJuIGF0IElFVEYxMTMu DQoNCg0KDQpSaWdodCwgbG9va3MgbGlrZSBTVUlCIGlzIHdvcmtpbmcgb24gYSBzaW1pbGFyIHBy b2JsZW0uIFRoYW5rcyBmb3INCnBvaW50aW5nIHRoaXMgb3V0LiBJbiBwYXJ0aWN1bGFyLCB0aGUg IlNvbCAjNiBEZXZpY2UgbmFtZSBETlMiIHNsaWRlDQpsb29rcyBxdWl0ZSBzaW1pbGFyIHRvIFNO SUYgQ0EgUHJveHkgKFNlY3Rpb24gMykuIEhvd2V2ZXIsIFNVSUIgcHVyc3Vlcw0KYmlnZ2VyIGlu ZnJhc3RydWN0dXJhbCBnb2FscyBzdWNoIGFzIGNoYW5naW5nIHRoZSBsb2NhbGhvc3QgVExTDQpj b25uZWN0aW9uIHBvbGljaWVzIChJIHRvdGFsbHkgYWdyZWUgYW5kIHJlYWxseSBhcHByZWNpYXRl IHRoZSBlZmZvcnQpLA0Kd2hpbGUgU05JRiBpcyBhIGZ1bmN0aW9uaW5nIHNvbHV0aW9uIHdpdGhp biB0aGUgZXhpc3RpbmcNCmluZnJhc3RydWN0dXJlLCB0ZXN0ZWQgYW5kIHByb3ZlbiB0byB3b3Jr IGluIHByZS1wcm9kdWN0aW9uLg0KDQpUaGUgc2xpZGVzIG1heSBiZSB0b28gdmFndWUuICBDaGFu Z2luZyB0aGUgVExTIHBvbGljaWVzIGlzIGEgcG9zc2libGUNCnNvbHV0aW9uLCBidXQgcHJvYmFi bHkgYW4gaW1wcmFjdGljYWwgb25lLiAgTmV2ZXJ0aGVsZXNzLCBtYW55IHBlb3BsZQ0KKG5vdCBz dGVlcGVkIGluIHRoZSBhcnRzLCBhbmQgb2Z0ZW4gZmFpbGxpbmcgaW50byB0aGUgUEhCIGNhdGVn b3J5KQ0KdGhpbmsgdGhhdCBpdCBpcyBhbiBvYnZpb3VzIHNvbHV0aW9uLCBzbyB3ZSBsaXN0IGl0 IGluIG9yZGVyIHRvIGV4cGxhaW4gd2h5IGl0IHdvbid0IHdvcmsuDQoNClllcywgc3RpbGwgc2Fk IHRoYXQgbG9jYWxob3N0IHNsaXBwZWQgdGhyb3VnaCB0aGUgY3JhY2tzIHdoZW4gdGhlIG9yaWdp bmFsIHNlY3VyaXR5IHN0YW5kYXJkcyB3ZXJlIHdyaXR0ZW4uDQoNCg0KDQogVGhlIFNVSUIgcHJv YmxlbSBhZGRyZXNzZXMgdGhlIGNoYWxsZW5nZSBvZiBjb25uZWN0aW5nICpsb2NhbGx5KiB0byBh DQogZGV2aWNlLA0KIGFuZCBkb2luZyBpdCBzZWN1cmVseS4gIEZvciB0aGlzIHRvIGJlIHBvc3Np YmxlIHdpdGggUkZDNjEyNS1ETlMtSUQNCiBzdGFuZGFyZA0KIGJyb3dzZXIsIHdlIG5lZWQgYSBu YW1lIGZvciB0aGUgZGV2aWNlLCBhbmQgd2UgbmVlZCBhIHdheSB0byB0cmFuc2xhdGUNCiB0aGF0 DQogbmFtZSBpbnRvIGEgbG9jYWxseSByZWFjaGFibGUgSVAgYWRkcmVzcy4NCg0KIFRoZSBTTklG IHByb3Bvc2FsIGRvZXMgbm90IHF1aXRlIHNvbHZlIHRoZSBhYm92ZSBwcm9ibGVtLg0KDQoNCg0K SW4gZmFjdCwgSSBvcmlnaW5hbGx5IGRlc2lnbmVkIFNOSUYgdG8gc29sdmUgdGhpcyBzcGVjaWZp YyBwcm9ibGVtIC0NCmxvY2FsLXRvLWxvY2FsIHRydXN0ZWQgVExTIGNvbm5lY3Rpb25zLg0KDQpB aCwgdmVyeSBuaWNlIHRvIGtub3cuDQoNCiogSXNzdWUgYSB3aWxkY2FyZCBjZXJ0IHRocm91Z2gg U05JRiBDQSBQcm94eQ0KKGUuZy4gQ049Ki5kb21haW4uc25pZi54eXopLCBzZXQgYSBETlMgcmVj b3JkIGZvcg0KbG9jYWxob3N0LmRvbWFpbi5zbmlmLnh5eiB0byBwb2ludCB0byBsb2NhbGhvc3Qn cyBJUHY0L3Y2LCBhbmQgdXNlDQpodHRwczovL2xvY2FsaG9zdC5kb21haW4uc25pZi54eXogKG9y IG90aGVyIGFwcCBwcm90b2NvbCAtIGltYXBzDQpldGMpLiBIb3dldmVyLCBsb29rcyBsaWtlIHNv bWUgY2xpZW50cyB0cmVhdCB0aGUgbG9jYWxob3N0IElQIGFzDQppbmhlcmVudGx5IHVuc2VjdXJl LCBhbmQgaXNzdWUgYSB3YXJuaW5nIGV2ZXIgaXMgdGhlIGNlcnQgaXMgcGVyZmVjdGx5DQp2YWxp ZC4gVGhlIG9wdGlvbiBpcyBzdGlsbCBwb3NzaWJsZSwgYnV0IHRoZSBhcHBsaWNhYmlsaXR5IG1p Z2h0IGJlDQpsaW1pdGVkLg0KDQpUaGUgcHJvY2VzcyB3ZSBkZXNjcmliZWQgYXQNCg0KaHR0cHM6 Ly9zcGVjcy5tYW55c2VjdXJlZC5vcmcvc3VpYi9Tb2x1dGlvbnMvZG5zbmFtZS1lbWJlZGRlZC1z b2x1dGlvbg0KDQphbHNvIHVzZXMgYSB3aWxkY2FyZCBjZXJ0LCBidXQgaGFzIGEgbWFnaWMgYXV0 aG9yaXRhdGl2ZSBETlMgc2VydmVyDQp0aGF0IHRyYW5zbGF0ZXMgdGhlIGxlZnQtbW9zdCBsYWJl bCBpbnRvIGFuIEEgb3IgQUFBQSByZWNvcmQuICBJdCdzDQpyYXRoZXIgYSBjdXRlIGhhY2ssIGJ1 dCBhdCBsZWFzdDoNCiAgYSkgaXQncyBjYWNoYWJsZQ0KICBiKSBpdCBjb3VsZCBldmVuIGJlIGNh bGN1bGF0ZWQgbG9jYWxseSwgaWYgb25lIGlnbm9yZXMgRE5TU0VDLg0KDQpZZXMsIHVzaW5nIGEg bG9jYWwgbmV0d29yayBJUCBpbnN0ZWFkIG9mIGEgbG9jYWxob3N0IElQIGlzIGFjdHVhbGx5IGEg c21hcnQgaWRlYS4NCkhvd2V2ZXIsIGlubGluaW5nIHRoZSBsb2NhbCBJUCBpbiB0aGUgaG9zdG5h bWUsIGFzIFNVSUIgZG9lcywgbWVhbnMgeW91J2xsIGhhdmUgdG8gY2hhbmdlIHRoZSBob3N0bmFt ZSBpbiB5b3VyIGNsaWVudCBldmVyeSB0aW1lIHlvdXIgbmV0d29yayBpcyBjaGFuZ2VkLg0KSSBo YXZlIGFuIHRob3VnaHQgZm9yIFNOSUYgaW1wcm92ZW1lbnQgLSBTTklGIGNvbm5lY3RvciBzZW5k cyBhIFNOSUYgRE5TIGNvbW1hbmQgdG8gc2V0IGEgZHluYW1pYyBETlMgQS9BQUFBIGZvciBhIGNl cnRhaW4gaG9zdG5hbWUgd2l0aGluIHRoZSBDTiB3aWxkY2FyZCwgYW5kIHRoZSBDQSBwcm94eSB1 cGRhdGVzIHRoZSBETlMgYWNjb3JkaW5nbHkuIFRoaXMgd2F5IHRoZSBob3N0bmFtZSBjYW4gYmUg cGVybWFuZW50LCBidXQgd2l0aCBkeW5hbWljIEROUy4NCkFub3RoZXIgcHJvYmxlbSAtIG1vc3Qg cGxhdGZvcm1zIHdvbid0IGxldCB5b3UgYmluZCB0byBwb3J0IDwgMTAyNCB1bmxlc3MgeW91J3Jl IGEgcm9vdC4gTWlnaHQgYmUgb2sgZm9yIGEgZGV2aWNlIG1hbnVmYWN0dXJlciwgYnV0IGlzIGEg cG90ZW50aWFsIHNob3cgc3RvcHBlciBmb3IgYW55IHVzZXIgc3BhY2UgYXBwLiBSZWxheWVkIFNO SUYgd29ya3MgYXJvdW5kIHRoaXMgcHJvYmxlbSBzaW5jZSB0aGUgbGlzdGVuaW5nIHBvcnRzIGFy ZSBvbiB0aGUgcmVsYXkuDQoNCg0KDQoqIEFub3RoZXIgb3B0aW9uIGlzIHRvIG92ZXJyaWRlIHRo ZSBJUCByb3V0aW5nIHJ1bGVzLiBJdCBpcyB0b3RhbGx5DQpwb3NzaWJsZSBvbiBpT1MgYW5kIE1h YyB0aHJvdWdoIGEgdXNlcnNwYWNlIFZQTiAob25seSBvbmUgVlBOIHBlcg0KZGV2aWNlIHRob3Vn aCAtIGJld2FyZSBvZiBwb3NzaWJsZSBjb25mbGljdHMpLiBJbiBmYWN0IEkgaGF2ZSBhDQpmdW5j dGlvbmluZyBzb2x1dGlvbiBmb3IgaXQsIGluIGJldGEgbm93IC0NCg0KVGhhdCBkb2Vzbid0IHJl YWxseSBzY2FsZSB0byBtYW55IGRpZmZlcmVudCBkb21haW5zLg0KDQpUb3RhbGx5IGFncmVlZCwg SSBqdXN0IG1lbnRpb25lZCB0aGF0IHRoaXMgb3B0aW9uIHdvcmtzIGZvciAqc29tZSogY2FzZXMs IHR1bi90YXAgYSBpcyBwb3NzaWJsZSBvcHRpb24gdG9vIGlmIHlvdSdyZSBhIHJvb3QuDQoNCg0K DQpTdGlsbCwgaWYgU05JRiBpcyByZXBsYWNpbmcgYSBtYW51ZmFjdHVyZXIgcHJvcHJpZXRhcnkg Y2FsbC1ob21lIHByb3RvY29sLA0KdGhlcmUgY291bGQgYmUgYWR2YW50YWdlcyBmcm9tIGhhdmlu ZyB3ZWxsIHJldmlld2VkIGNvZGUgYmFzZXMsIGFuZA0KcG90ZW50aWFsbHkgYW4gZWNvc3lzdGVt IG9mIFNOSUYgUHJvdmlkZXJzIHRoYXQgbWFudWZhY3R1cmVycyBjb3VsZA0Kb3V0c291cmNlDQoN Cg0KDQp0by4gIEF6dXJlL0FtYXpvbi8uLi4gY291bGQgZWFzaWx5IHJ1biBzdWNoIHNlcnZpY2Vz Lg0KDQoNCg0KSSBzZWUgdHdvIG9wdGlvbnMgLSBhIFNOSUYgc2VydmVyIGltcGxlbWVudGVkIGJ5 IGVhY2ggdmVuZG9yIGZvciB0aGVpcg0Kb3duIGRldmljZXMvc2VydmljZXMsIG9yIGEgYmlnZ2Vy IFNOSUYgU2FhUyBpbXBsZW1lbnRlZCBieSBhIHRydXN0ZWQNCnByb3ZpZGVyLCB1c2VkIGJ5IHZl bmRvcnMuDQoNClllcywgYnV0IHdoYXQncyB0aGUgZmluYW5jaWFsIG1vdGl2ZSBmb3IgdGhpcyBw cm92aWRlcj8NCg0KKDEpIEZvciBhIHZlbmRvciB0byBydW4gdGhlaXIgb3duIFNOSUYgc2VydmVy OiBtYXJrZXQgYXMgYSB0cnVlIGF1ZGl0YWJsZSBlbmQtdG8tZW5kIGZvciBJb1QgZGV2aWNlcyB0 aGV5IG9mZmVyLg0KKDIpIEZvciBhIHZlbmRvciB1c2luZyBTTklGIFNhYVM6IG1hcmtldCBhcyAo MSkgYmFja2VkIGJ5DQp7VHJ1c3RlZEJpZ05hbWV9DQooMykgRm9yIGEge1RydXN0ZWRCaWdOYW1l fSB0byBydW4gU05JRiBTYWFTOiBjb2xsZWN0IGZlZXMgZnJvbSAoMikgZm9yIHVzaW5nIHRoZWly IHNlcnZpY2UgYW5kIGJpZyBuYW1lLg0KDQpBcyBhIG1hdHRlciBvZiBmYWN0LCBTTklGIHJlbGF5 IGlzIGxpZ2h0IG9uIHNlcnZlciByZXNvdXJjZXMuIEkndmUgYmVlbiBydW5uaW5nIGl0IG9uIGEg bWluaW11bSBEaWdpdGFsT2NlYW4gdmlydHVhbCBzZXJ2ZXIgZm9yIG1vbnRocyB3aXRoIG1vcmUg dGhhbiBhIGRvemVuIGNvbm5lY3RvcnMsICAgdGhlIHNlcnZlciBsb2FkIGlzIGEgZnJhY3Rpb24g b2YgYSBwZXJjZW50LiBPZiBjb3Vyc2UgaWYgc29tZWJvZHkgY29ubmVjdHMgSW9UIGNhbWVyYXMg dGhleSBjYW4gZ2VuZXJhdGUgc29tZSB0cmFmZmljLCBidXQgSW9UIHZlbmRvcnMgYWxyZWFkeSBo YW5kbGUgaXQgdGhyb3VnaCB0aGVpciBwcm9wcmlldGFyeSByZWxheXMuDQoNCg0KDQpTTklGIHNl ZW1zIHZlcnkgbXVjaCBJUHY0IE5BVDQ0IGZvY3VzZWQsIGFuZCBpdCBjb3VsZCBiZW5lZml0IGZy b20gc29tZQ0KdW5kZXJzdGFuZGluZyBvZiBJUHY2IGFuZCBJUHY2LW92ZXItSVB2NCB0ZWNobm9s b2dpZXMsDQoNCiBwYXJ0aWN1bGFybHkNCg0KVGVyZWRvLg0KDQoNCg0KU05JRiBpcyBub3QgZXhh Y3RseSBmb2N1c2VkIG9uIHY0LCBpdCB3b3JrcyBmaW5lIHdpdGggdjYgYXMgd2VsbC4gSXQncw0K ZGVzaWduZWQgdG8gd29yayBhcm91bmQgTkFULCB0aGF0J3MgdHJ1ZS4gSG93ZXZlciwgSVB2NiBu ZXR3b3JrcyBtYXkNCnBvc2UgaXNzdWVzIHRvbyAtIGZpcmV3YWxscyBldGMsIHdoaWNoIHdpbGwg cHJldmVudCB0byBkaXJlY3RseSBhY2NlcHQNCmluY29taW5nIFRDUCBvbiBJUHY2IGFkZHJlc3Mu DQoNClRlcmVkbyBjb3VsZCBiZSB1c2VkIGluc3RlYWQgYW5kIGFsbG93cyB0aGUgcmVsYXkgdG8g YmUgc3RhdGVsZXNzIGFuZA0KZGlzdHJpYnV0ZWQsIGFuZCBkZXZvbHZlcyB0byBvcmRpbmFyeSBJ UHY2IHdoZW4gaXQgaXMgcHJlc2VudC4NCg0KWWVzLCBidXQgVGVyZWRvIGlzIElQdjYgc3BlY2lm aWMsIHRoZSB3b3JsZCBpcyBub3Qgc3RyaWN0bHkgSVB2NiB5ZXQuIEFuZCBpdCdzIGEgc3lzdGVt IGxldmVsIHNvbHV0aW9uLCB3aGlsZSBTTklGIHdvcmtzIGZpbmUgaW4gYSB1c2VyIHNwYWNlLg0K DQoNCg0KSXQgY2xlYXJseSBoYXMgdG8gc3BlYWsgSFRUUFMgb25seS4NCg0KDQoNCkkgc3BlY2lm aWVkIEhUVFAgYmVjYXVzZSBQS0NTIzEwIGFuZCBYLjUwOSBhcmUgaW5oZXJlbnRseSBzZWN1cmUg dG8gYmUNCnNlbnQgb3ZlciBhIHBsYWluIGNvbm5lY3Rpb24uDQoNClllcywgYnV0IHRoZXJlIGFy ZSBwcml2YWN5IGNvbmNlcm5zIHdoaWNoIHdpbGwgYmVjb21lIGEgcGFpbiwgc28NCmJldHRlciB0 byBqdXN0IHNheSBIVFRQUyBoZXJlLg0KDQpJIHJlc3BlY3RmdWxseSBkaXNhZ3JlZSwgc3RpbGwg dGhpbmsgSFRUUCBpcyBhbiBlYXNpZXIgYW5zd2VyIGZvciBTTklGLiBUaGUgcHJvYmxlbSB3aXRo IEhUVFBTIGlzIC0gU05JRiByZWxheSAodXN1YWxseSkgcm91dGVzIGh0dHBzIHBvcnQgdG8gU05J RiBjb25uZWN0b3JzLCBhbmQgZG9lcyBub3Qgc2VydmUgaXQgd2l0aGluIHRoZSBzZXJ2ZXIuIEhh dmluZyBhIGRlZGljYXRlZCBob3N0bmFtZSBvciBhbiBhbHRlcm5hdGUgcG9ydCBtZWFucyB0aGFu IFNOSUYgY29ubmVjdG9ycyBuZWVkIGFkZGl0aW9uYWwgY29uZmlndXJhdGlvbiBvcHRpb25zLCBv ciBhZGRpdGlvbmFsIGRpc2NvdmVyeSBwcm90b2NvbHMuIE9uIHRoZSBvdGhlciBoYW5kLCBIVFRQ IGFsbG93cyB0byBkZXJpdmUgYWxsIEFQSSBVUkxzIGRldGVybWluaXN0aWNhbGx5IGZyb20gdGhl IENOLg0KSSBhZGRyZXNzZWQgdGhlIHBvc3NpYmxlIHNlY3VyaXR5IGNvbmNlcm5zIGluIG1vcmUg ZGV0YWlscyBhbmQgYW1lbmRlZCB0aGUgU2VjdXJpdHkgc2VjdGlvbiBpbiB0aGUgZHJhZnQuDQoN Cg0KDQpUaGUgYmVzdCBvcHRpb24gaXMgdGhlIG1hbnVmYWN0dXJlciBJIGJlbGlldmUuIFRoZSBt YW51ZmFjdHVyZXIgY2FuDQpoYXZlIGVpdGhlciB0aGVpciBvd24gU05JRiBzZXJ2ZXIsIG9yIHdv cmsgd2l0aCBhIHRydXN0ZWQgU2FhUy4gVGhpcw0Kd2F5IGl0J3MgemVybyBzZXR1cCBmb3IgdGhl IGVuZCB1c2VyLCBhbmQgZG9lc24ndCBuZWVkIGFueQ0KaW5mcmFzdHJ1Y3R1cmUgYWRkaXRpb25z Lg0KDQpBZ3JlZWQsIHRoZSBtYW51ZmFjdHVyZXIgaGFzIHRvIHByb3Zpc2lvbiBhIGNyZWRlbnRp YWwuDQoNClllcyBJIHByb3Bvc2VkIHNvbWUgb3V0bGluZXMgaW4gdGhlIHNlY3VyaXR5IHNlY3Rp b24sIG1vcmUgZGV0YWlsZWQgc3BlY3MgYXJlIHByb2JhYmx5IGJldHRlciB0byBkZXNjcmliZSBp biBhIHNlcGFyYXRlIGRyYWZ0Lg0KDQoNCg0KU3VyZSwgZWxsaXB0aWMgY3VydmVzIGFyZSBiZXR0 ZXIsIGJ1dCBzb21lIG9sZCBzY2hvb2wgY2xpZW50cyBtYXkgaGF2ZQ0KcHJvYmxlbXMgd2l0aCB0 aGVtLiBJdCBtYXkgbWFrZSBzZW5zZSB0byBub3QgbWVudGlvbiB0aGUgcmVjb21tZW5kZWQNCmFs Z29yaXRobSBpbiB0aGUgZHJhZnQsIGFuZCBqdXN0IHRvIGZvbGxvdyB0aGUgQ0EncyByZWNvbW1l bmRhdGlvbnMuDQoNCkVDRFNBIGFjY2VsZXJhdGlvbiBpcyBwcmV0dHkgbXVjaCB1YmlxdWl0b3Vz LCB3aGlsZSBSU0EgaXMgbm90Lg0KDQpIb25lc3RseSBJIGRvbid0IHRoaW5rIGFjY2VsZXJhdGlv biBpcyBzdWNoIGEgYmlnIGRlYWwsIG1vc3Qgb2YgVExTIGpvYiBpcyBzeW1tZXRyaWMgY2lwaGVy cyBhbnl3YXkuIEJ1dCBJIGFncmVlIC0gaXQncyBiZXR0ZXIgdG8gZm9sbG93IHRoZSBDQSBzdWdn ZXN0aW9ucyBhbmQgaW5kdXN0cnkgcHJhY3RpY2VzLg0KDQoNCg0KSSBiZWxpZXZlIHRoZXJlJ3Mg bm8gc2VjdXJpdHkgaXNzdWUsIGFzIGxvbmcgYXMgdGhlIENOIGVudHJvcHkgaXMgc3VmZmljaWVu dC4NCg0KDQoNCkkgc3BlY2lmaWVkIHRoZSBYLVNOSUYtQ046IGFzIG1hbmRhdG9yeSwgYW5kIHRl eHQvcGxhaW4gYm9keSBhcyBhbg0Kb3B0aW9uYWwgZHVwbGljYXRlIG9mIGl0LiBUbyBtYWtlIGl0 IGNsZWFuZXIsIEkgY2FuIHJlbW92ZSB0aGUgYm9keQ0KZnJvbSB0aGUgc3BlY3MgYW5kIHNheSB0 aGUgcmVzcG9uc2UgYm9keSBpcyB0byBiZSBpZ25vcmVkLg0KDQpJZiBib3RoIGFyZSBwcmVzZW50 LCBhbmQgdGhleSBkb24ndCBtYXRjaCwgdGhlbiB0aGVyZSBpcyBjb25mdXNpb24uDQpTbyBqdXN0 IGdvIHdpdGggb25lLiAgSSB0aGluayB0aGF0IGl0IHNob3VsZCBhY3R1YWxseSBiZSBhIEpTT04g b3IgQ0JPUiBwYXlsb2FkIHJldHVybi4NCg0KQWdyZWVkLCBJIHJlbW92ZWQgdGhlIHJlc3BvbnNl IGJvZHkgZnJvbSB0aGUgZHJhZnQsIGdvaW5nIHdpdGggdGhlIGhlYWRlci4NCg0KDQoNClRoZXkg KmFyZW4ndCogd2hhdCBJQU5BIHdvdWxkIGNhbGwgIklQIHByb3RvY29scyIsIHdoaWNoIHdvdWxk IGJlIHRoaW5ncw0KbGlrZQ0KVENQLCBVRFAsIFNDVFAsIEVTUCwgLi4uDQoNCg0KDQpIYXMgSUFO QSAqYWxyZWFkeSogcmVnaXN0ZXJlZCBwb3J0IDcxMjMgdGhlbj8NCg0KDQoNCkl0J3Mgbm90IGFu IElQIHByb3RvY29sLiBJdCdzIGEgc2VydmljZSB0aGF0IGxpc3RlbnMgb24gVENQIDcxMjMsIEkN CnJlZ2lzdGVyZWQgd2l0aCBJQU5BIGJhc2VkIG9uIGEgcHJldmlvdXMgdmVyc2lvbiBvZiB0aGUg ZG9jdW1lbnQsDQpiZWZvcmUgSSB0dXJuZWQgaXQgaW50byBhbiBJLUQuDQoNCkkgdGhpbmsgeW91 IHNob3VsZCBkcm9wIHRoZSAic25pZi0qIiBzZW50ZW5jZSBhcyBpdCBtYWtlcyBubyBzZW5zZS4N CllvdSBoYXZlIGFscmVhZHkgYWxsb2NhdGVkIFRDUCBwb3J0IDcxMjMgdG8gdGhlIFNOSUYgKnNl cnZpY2UqLCBzbw0KdGhhdCdzIGdyZWF0Lg0KDQpJdCdzIGFjdHVhbGx5IGNhbGxlZCAiU2Vydmlj ZSBOYW1lcyIgaW4gSUFOQSB0ZXJtaW5vbG9neSwgc29ycnkgZm9yIHRoZSBjb25mdXNpb24uIEkg dXBkYXRlZCBpbiB0aGUgZHJhZnQuDQoNCg0KLS0NCl0gICAgICAgICAgICAgICBOZXZlciB0ZWxs IG1lIHRoZSBvZGRzISAgICAgICAgICAgICAgICAgfCBpcHY2IG1lc2ggbmV0d29ya3MgWw0KXSAg IE1pY2hhZWwgUmljaGFyZHNvbiwgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzICAgICAgICB8ICAg IElvVCBhcmNoaXRlY3QgICBbDQpdICAgICBtY3JAc2FuZGVsbWFuLmNhPG1haWx0bzptY3JAc2Fu ZGVsbWFuLmNhPiAgaHR0cDovL3d3dy5zYW5kZWxtYW4uY2EvICAgICAgICB8ICAgcnVieSBvbiBy YWlscyAgICBbDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQoNClNlY2Rpc3Bh dGNoIG1haWxpbmcgbGlzdA0KU2VjZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOlNlY2Rpc3BhdGNo QGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNw YXRjaA0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFu eSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2Vk LiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRo ZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8g YW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29w eSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KDQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXw0KDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rp c3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0KLS0NCklvdG9wcyBtYWls aW5nIGxpc3QNCklvdG9wc0BpZXRmLm9yZzxtYWlsdG86SW90b3BzQGlldGYub3JnPg0KaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pb3RvcHMNCklNUE9SVEFOVCBOT1RJQ0U6 IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZp ZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGlu dGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFu ZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBp dCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu eSBtZWRpdW0uIFRoYW5rIHlvdS4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0 aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFs c28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwg cGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2Ug dGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2Us IG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlv dS4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg YXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUg c2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFu eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkg dGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg== --_000_DBBPR08MB5915AC6A162154A6B53D27B7FA069DBBPR08MB5915eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OldpbmdkaW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAw O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6 MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFu Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZh bWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZh Y2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4iOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEg MSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToy IDExIDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCWZvbnQtc2l6 ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBz cGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsN Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxpLk1zb0xpc3RQYXJh Z3JhcGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlvcml0eTozNDsNCglt YXJnaW4tdG9wOjBpbjsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1hcmdpbi1ib3R0b206MGluOw0K CW1hcmdpbi1sZWZ0Oi41aW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkhUTUxQcmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHls ZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIjsNCglmb250LWZhbWlseTpDb25z b2xhczt9DQpzcGFuLkVtYWlsU3R5bGUyMw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBs eTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0 O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0K CW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3Bh Z2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21z by1saXN0LWlkOjEwNzUwMTA3MzE7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xOTkxOTk0Mjcy O30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDouNWluOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2kt Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwy DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7 DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOjEuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1i b2w7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuMGluOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFu c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2 ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv grc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1u dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRh Yi1zdG9wOjMuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNv LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6 bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4 dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw LjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZl bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVs LXRhYi1zdG9wOjQuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWls eTpTeW1ib2w7fQ0KQGxpc3QgbDENCgl7bXNvLWxpc3QtaWQ6MTQ4OTA1MDczODsNCgltc28tbGlz dC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6NDU5Njk3NTI0IDYxOTExNTkz MiA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2 NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMTpsZXZlbDENCgl7bXNvLWxldmVsLXN0YXJ0LWF0 OjA7DQoJbXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C tzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDsNCgltc28t ZmFyZWFzdC1mb250LWZhbWlseTpEZW5nWGlhbjsNCgltc28tYmlkaS1mb250LWZhbWlseToiVGlt ZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMTpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVs NA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVy IE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250 LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDE6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw4DQoJe21zby1sZXZl bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10 YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZl bDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpv bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQotLT48 L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0i ZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1z byA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9 ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8 L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSIgc3R5 bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBKaW0sIDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Hb29k IGRpc2N1c3Npb24uIDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5CYXNlZCBvbiB3aGF0IHlvdSB3 cm90ZSBiZWxvdyBJIHdhcyBhY3R1YWxseSB3b25kZXJpbmcgaWYgdGhlIHVzZSBvZiBUTFMgb3Ig RFRMUyBhdCB0aGUgYXBwbGljYXRpb24gbGF5ZXIgd291bGRu4oCZdCBldmVuIGJlIGEgYmV0dGVy IHNvbHV0aW9uLiBUaGlzIHdheSB5b3UgY291bGQgcmUtdXNlIGFuIGV4aXN0aW5nIElvVCBkZXZp Y2UgbWFuYWdlbWVudCBpbmZyYXN0cnVjdHVyZSAod2hpY2ggbWF5IGJlIGJhc2VkDQogb24gSFRU UCBidXQgd2lsbCBtb3N0IGxpa2VseSB1c2UgTVFUVCBvciBDb0FQKSBhbmQgdGhlbiB5b3UgYWRk IHRoZSBlbmQtdG8tZW5kIHNlY3VyaXR5IG9uIHRvcCBvZiBpdCBmb3IgdGhvc2UgY2FzZXMgd2hl cmUgeW91IG5lZWQgaXQuIFlvdSB0aGVuIGFsc28gZG8gbm90IGhhdmUgdG8gd29ycnkgYWJvdXQg ZGVwbG95aW5nIGEgc2VwYXJhdGUgcHJveHkuDQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVy ZSBpcyBzb21lIGluZm9ybWF0aW9uIGFib3V0IHRoaXMgYXBwcm9hY2g6PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYu b3JnL2RvYy9odG1sL2RyYWZ0LWZyaWVsLXRscy1hdGxzLTA1Ij5odHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9odG1sL2RyYWZ0LWZyaWVsLXRscy1hdGxzLTA1PC9hPjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5DaWFvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5I YW5uZXM8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQg I0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxiPkZyb206PC9iPiBTZWNkaXNwYXRjaCAmbHQ7c2VjZGlzcGF0Y2gtYm91bmNlc0Bp ZXRmLm9yZyZndDsgPGI+T24gQmVoYWxmIE9mDQo8L2I+SmltIFp1Ym92PGJyPg0KPGI+U2VudDo8 L2I+IFNhdHVyZGF5LCBNYXJjaCA1LCAyMDIyIDI6MTAgQU08YnI+DQo8Yj5Ubzo8L2I+IHNlY2Rp c3BhdGNoQGlldGYub3JnOyBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7SGFubmVzLlRzY2hvZmVuaWdA YXJtLmNvbSZndDs7IEppbSBadWJvdiAmbHQ7aWV0Zi1saXN0QGNvbW1lcmNlYnl0ZS5jb20mZ3Q7 OyBzZWNkaXNwYXRjaEBpZXRmLm9yZzsgTWljaGFlbCBSaWNoYXJkc29uICZsdDttY3IraWV0ZkBz YW5kZWxtYW4uY2EmZ3Q7OyBpb3RvcHNAaWV0Zi5vcmc7IGFuaW1hQGlldGYub3JnPGJyPg0KPGI+ U3ViamVjdDo8L2I+IFJlOiBbU2VjZGlzcGF0Y2hdIFtJb3RvcHNdIEktRDogRGVwbG95aW5nIFB1 YmxpY2x5IFRydXN0ZWQgVExTIFNlcnZlcnMgb24gSW9UIERldmljZXMgVXNpbmcgU05JLWJhc2Vk IEVuZC10by1FbmQgVExTIEZvcndhcmRpbmcgKFNOSUYpPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkhpIEhhbm5lcyw8 YnI+DQo8YnI+DQpHb29kIG92ZXJ2aWV3IG9mIHN0cmF0ZWdpYyBhcHByb2FjaGVzLCBsZXQgbWUg YWRkIGFub3RoZXIgZGltZW5zaW9uIC08YnI+DQotIENhbiB0aGUgcmVsYXkgYWNjZXNzIGFueSBp bmZvcm1hdGlvbiBjb21tdW5pY2F0ZWQgYmV0d2VlbiB0aGUgZGV2aWNlIGFuZCB0aGUgdXNlciw8 YnI+DQotIElmIHRoZSBhbnN3ZXIgaXMgX25vXyAtIGNhbiB0aGUgdXNlciBvciBzb21lIGluZGVw ZW5kZW50IHBhcnR5IHZlcmlmeSB0aGUgdmFsaWRpdHkgb2Ygc3VjaCBjbGFpbS48YnI+DQo8YnI+ DQpJbiBjYXNlIG9mIFNOSUYsIHRoZSBzZXR1cCBjb25zaXN0cyBvZjxicj4NCi0gYW4gSW9UIGRl dmljZSBjYXBhYmxlIG9mIHNlcnZpbmcgSFRUUFMgKHVzZXIgZnJpZW5kbHkgcGFnZXMgb3IgYW4g QVBJKSwgcnVubmluZyBhIFNOSUYgY29ubmVjdG9yLDxicj4NCi0gYSB3ZWIgYmFzZWQgZGV2aWNl IG1hbmFnZXIgb24gdGhlIHVzZXIgc2lkZSB0aGF0IHdvcmtzIHdpdGggdGhlIGRldmljZSdzIEhU VFBTIGNvbnRlbnQgKGFuZCBleHBlY3RzIGEgdHJ1c3RlZCBjZXJ0KSw8YnI+DQotIGEgU05JRiBy ZWxheSAvIENBIHByb3h5IHNlcnZlciBpbiB0aGUgY2xvdWQsPGJyPg0KLSBwb3RlbnRpYWxseSwg YW4gaW5kZXBlbmRlbnQgb2JzZXJ2ZXIgdGhhdCB3YXRjaGVzIFRMUyB0cmFuc3BhcmVuY3kgbG9n cyBhbmQgcmFpc2VzIGFuIGFsZXJ0IGlmIGFueSBkdXBsaWNhdGUgY2VydHMgYXJlIGZvdW5kIGZv ciB0aGUgQ05zIGlzc3VlZCBieSB0aGUgQ0EgcHJveHkuPGJyPg0KPGJyPg0KVGhpcyB3YXksIHRo ZSBJb1QgZGV2aWNlIG93bnMgdGhlIHByaXZhdGUga2V5LCBhbmQgdGhlcmUncyBhIHByb29mIHRo cm91Z2ggdGhlIHB1YmxpYyB0cnVzdCBQS0kgdGhhdCB0aGUgZGV2aWNlIG1hbmFnZXIgaXMgY29t bXVuaWNhdGluZyB0byB0aGUgYXV0aGVudGljIGRldmljZS48YnI+DQpJbiBjYXNlIGlmIHRoZSBw dWJsaWMgQ0EgdHJ1c3QgaXMgbm90IGVub3VnaCwgdGhlIGRldmljZSBtYW5hZ2VyIGNhbiBleGFt aW5lIHRoZSBwdWJsaWMga2V5IG9uIHRoZSBjZXJ0IG9uIGV2ZXJ5IGNvbm5lY3Rpb24gKHNob3Vs ZCBiZSBwb3NzaWJsZSB0byBkbyB3aXRoIHRoZSBGb3JnZSBwcm9qZWN0IGluIHJlZ3VsYXIganMp LCBhbmQgcmFpc2UgYW4gYWxlcnQgaWYgdGhlIGtleSBpcyBjaGFuZ2VkIChqdXN0IGxpa2Ugc3No IGRvZXMpLjxicj4NCjxicj4NClNOSUYgaXMgdGhlIGFuc3dlciBmb3IgYSBzbWFydCBob21lLCBh IHNlY3VyaXR5IGNhbSwgb3IgYW55IG90aGVyIHByaXZhdGUgSW9UIHlvdSBkb24ndCB3YW50IGFu eWJvZHkgdG8gc25pZmYgb24gKHB1biBpbnRlbmRlZCkuPGJyPg0KPGJyPg0KSWYgeW91J3JlIGRl cGxveWluZyBhIGRldmljZSBhY2Nlc3NhYmxlIHRvIGEgbGFyZ2UgZ3JvdXAsIGxpa2UgYSBwdWJs aWMgd2ViY2FtLCBTTklGIG1pZ2h0IGJlIG5vdCBhIGdvb2Qgb3B0aW9uLCBpdCBtaWdodCBiZSBi ZXR0ZXIgdG8gaGF2ZSBhbiBpbnRlcm1pZGlhdGUgcHJveHkgdGhhdCBoYW5kbGVzIGFsbCB0cmFm ZmljIHdpdGhvdXQgY2hva2luZyB0aGUgZGV2aWNlLiBCdXQsIGVuZC10by1lbmQgcHJpdmFjeSBp cyBhIGxlc3NlciBjb25jZXJuDQogaW4gc3VjaCBjYXNlLjxicj4NCjxicj4NClJlZ2FyZGluZyB0 aGUgY29udmVyc2lvbiBvZiBhbnkgZXhpc3RpbmcgZGV2aWNlcyB0byBTTklGIC08YnI+DQotIHNl cnZlIHRoZSBjb250ZW50IG9uIHRoZSBkZXZpY2Ugb3ZlciBIVFRQUyBvciBsb2NhbCBwbGFpbiBI VFRQLCB3aGV0aGVyIGl0J3MgYSB3ZWIgcGFnZSwgYSB2aWRlbyBzdHJlYW0gb3IgYW4gQVBJLCBs aXN0ZW5pbmcgb24gYSBsb2NhbCBwb3J0IChzYXkgNDQzKTxicj4NCi0gcnVuIGEgU05JRiBjb25u ZWN0b3IgcHJvY2VzcyB0byBtYWludGFpbiB0aGUgY2VydCBhbmQgdG8gcmVsYXkgdG8gaW5jb21p bmcgU05JRiBjb25uZWN0aW9ucyB0byB0aGUgbG9jYWwgcG9ydC48bzpwPjwvbzpwPjwvcD4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBNYXJjaCAzLCAyMDIyIDY6MTg6NDggQU0gRVNU LCBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2Zlbmln QGFybS5jb20iPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xp ZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44 cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBKaW0sIDxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFua3MgZm9yIHlvdXIgcmVzcG9uc2UuIDxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPiZndDsgVGhlcmUgYXJl IHNvbWUgSW9UIG1hbmFnZW1lbnQgc29sdXRpb25zIG9uIHRoZSBtYXJrZXQsIGJvdGggb3BlbiBz b3VyY2UgYW5kIHByb3ByaWV0YXJ5LCBidXQgYXMgZmFyIGFzIEkgY2FuIHRlbGwgbm9uZSBvZiB0 aGVtIGZ1bGx5IGZvbGxvd3MgdGhlIGVuZCB0byBlbmQgcGFyYWRpZ20uPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPltIYW5u ZXNdIEl0IGRlcGVuZHMgd2hhdCB5b3UgY2FsbCBlbmQtdG8tZW5kLiBBcyBhbiBJb1Qgc2Vydmlj ZSBwcm92aWRlciB5b3UgaGF2ZSB0byBtYWtlIGEgZmV3IGRlY2lzaW9ucyBhYm91dCBob3cgdG8g bWFuYWdlIGFuZCBkZXBsb3kgSW9UIGRldmljZXMuIEJyb2FkbHkgc3BlYWtpbmcsIHlvdSBoYXZl IHRocmVlIG9wdGlvbnM6DQo8bzpwPjwvbzpwPjwvcD4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDow aW4iIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFy Z2luLWJvdHRvbToxMi4wcHQ7bWFyZ2luLWxlZnQ6MGluO21zby1saXN0OmwxIGxldmVsMSBsZm8z Ij4NCllvdSAmbmJzcDtzZWVrIG91dCB0byBhIHRoaXJkIHBhcnR5IHRvIG1hbmFnZSB5b3VyIGRl dmljZXMuIE5lZWRsZXNzIHRvIHNheSB0aGF0IHlvdSBzaG91bGQgcGljayBhIGNvbXBhbnkgdGhh dCB5b3UgZmVlbCBjb21mb3J0YWJsZSB3aXRoLiBUaGV5IHdpbGwgbWFuYWdlIHlvdXIgZGV2aWNl cyBhbmQgdGhleSB3aWxsIGFsc28gb2ZmZXIgd2F5cyB0byBzdG9yZSB0aGUgZGF0YSBvYnRhaW5l ZCBmcm9tIHRoZSBkZXZpY2VzLCB0byBtYW5hZ2UgYW5kIGRpc3RyaWJ1dGUNCiBmaXJtd2FyZSB1 cGRhdGVzLCBhbmQgZXZlbiB0byBwZXJmb3JtIGFuYWx5c2lzIG9mIHRoZSBkYXRhIChtYWNoaW5l IGxlYXJuaW5nKS4gVGhlbiwgeW91IGNhbiB0eXBpY2FsbHkgY29ubmVjdCBiYWNrZW5kIGFwcGxp Y2F0aW9uIHNlcnZlcnMgdG8gdGhlIGRldmljZSBtYW5hZ2VtZW50IG9mZmVyaW5nLiBPZiBjb3Vy c2UsIHRoZSBkZXRhaWxzIHZhcnkgYSBsb3Qgd2l0aCB3aGF0IHlvdSBhcmUgYWN0dWFsbHkgZG9p bmcgYXMgYW4gSW9UIHNlcnZpY2UNCiBwcm92aWRlciB3aXRoIHRoZSBJb1QgZGV2aWNlcyBhbmQg dGhlIGRhdGEuPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5 bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0O21hcmdpbi1sZWZ0OjBpbjttc28tbGlzdDpsMSBsZXZl bDEgbGZvMyI+DQpZb3UgZ2V0IHRoZSBzb2Z0d2FyZSBmcm9tIGEgcHJvdmlkZXIgYW5kIHlvdSBt YW5hZ2UgdGhlIGRldmljZXMgb24geW91ciBvd24uIFRoaXMgaXMgb2Z0ZW4gdGhlIGNhc2Ugd2hl biB5b3Ugd2FudCB0byBkZXBsb3kgYW4gb24tcHJlbWlzZSBzb2x1dGlvbi4gSGVyZSB5b3UgaGF2 ZSB0byB0cnVzdCB0aGUgcHJvdmlkZXIgb2YgdGhlIGRldmljZSBtYW5hZ2VtZW50IHNvZnR3YXJl IHRoYXQgdGhlIGNvZGUgaXMgY29ycmVjdCBhbmQgZG9lcyB3aGF0DQogaXQgaXMgc3VwcG9zZWQg dG8gZG8uIEluIHNvbWUgY2FzZXMgeW91IG5vdCBvbmx5IGdldCB0aGUgYmluYXJ5IGJ1dCBhbHNv IHRoZSBzb3VyY2UgY29kZS4gSW4gdGhlb3J5LCB5b3UgY291bGQgY2hlY2sgd2hhdCBjb2RlIGlz IGFjdHVhbGx5IHJ1bm5pbmcgKGFsdGhvdWdoIEkgZG91YnQgdGhhdCBhbnlvbmUgcmVhbGx5IGNo ZWNrcykuDQo8bzpwPjwvbzpwPjwvbGk+PGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHls ZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQ7bWFyZ2luLWxlZnQ6MGluO21zby1saXN0OmwxIGxldmVs MSBsZm8zIj4NCkZpbmFsbHksIHlvdSBidWlsZCB5b3VyIG93biBkZXZpY2UgbWFuYWdlbWVudCBz b2x1dGlvbiAob2Z0ZW4gdXNpbmcgYXZhaWxhYmxlIG9wZW4gc291cmNlIHNvZnR3YXJlKS4NCjxv OnA+PC9vOnA+PC9saT48L3VsPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1i b3R0b206MTIuMHB0Ij5JbiBwcmFjdGljZSwgSSBoYXZlIGFsc28gc2VlbiBhIGNvbWJpbmF0aW9u IG9mIHRoZSB2YXJpYW50cyBhYm92ZS4gRm9yIGV4YW1wbGUsIEkgaGF2ZSBzZWVuIGEgY2FzZSB3 aGVyZSB0aGUgZGV2aWNlcyB3ZXJlIG1hbmFnZWQgYnkgYSB0aGlyZCBwYXJ0eSBidXQgdGhlIHZp ZGVvIHN0cmVhbSBvZiB0aGUgc3VydmVpbGxhbmNlIGNhbWVyYSB3YXMgc2VudCBkaXJlY3RseQ0K IHRvIGEgZGVkaWNhdGVkIHNlcnZlciBtYW5hZ2VkIGJ5IHRoZSBJb1Qgc2VydmljZSBwcm92aWRl ci4gKFRoZXJlIHdlcmUgYWxzbyB2YXJpb3VzIHRlY2huaXF1ZXMgdG8gcHJldmVudCBtb2RpZmlj YXRpb25zIHRvIHRoZSBkZXZpY2UgdG8gaGF2ZSB0aGUgdmlkZW8gc3RyZWFtIHJlLWRpcmVjdGVk IG9yIHRoZSBjcmVkZW50aWFscyBjaGFuZ2VzIGJ1dCBJIHRoaW5rIHlvdSBnZXQgdGhlIGlkZWEu KSBUaGUgY29tbXVuaWNhdGlvbiBtb2RlbCB0aGVyZQ0KIHdhcyBhIGJpdCBkaWZmZXJlbnQgdGhh biB5b3VycyBiZWNhdXNlIHRoZSBjbGllbnQgaW5pdGlhdGVkIHRoZSBjb21tdW5pY2F0aW9uIHdp dGggdGhlIHZpZGVvIHNlcnZlci4gSGVuY2UsIHRoZXJlIHdhcyBubyBpc3N1ZSB3aXRoIHJ1bm5p bmcgYSBUTFMgc2VydmVyIG9uIHRoZSBkZXZpY2UuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPk9uIHRvcCBvZiB0aGlzLCBp dCBpcyBhbHNvIGNvbW1vbiB0byBwcm92aWRlIHNwZWNpYWwgc2VjdXJpdHkgcHJvdGVjdGlvbiBm b3Igc2VsZWN0ZWQgZGF0YS4gRm9yIGV4YW1wbGUsIGZpcm13YXJlIHVwZGF0ZXMgYXJlIHNpZ25l ZCBieSBwYXJ0eSBkaWZmZXJlbnQgZnJvbSB0aGUgY29tcGFueSBvZmZlcmluZyB0aGUgZGV2aWNl IG1hbmFnZW1lbnQgc29sdXRpb24uDQogVGhleSBhcmUsIGZvciBleGFtcGxlLCBzaW5nZWQgYnkg dGhlIGNvbXBhbnkgZGV2ZWxvcGluZyB0aGUgY29kZS4gVGhleSBhcmUgc3RpbGwgZGlzdHJpYnV0 ZWQgYnkgdGhlIGRldmljZSBtYW5hZ2VtZW50IGluZnJhc3RydWN0dXJlIGFuZCBoZW5jZSB5b3Ug aGF2ZSB0byByZWx5IG9uIHRoZSBkaXN0cmlidXRpb24gb2YgdGhlbSBidXQgdGhlcmUgaXMgbm8g Y2hhbmNlIGZvciB0aGUgZGV2aWNlIG1hbmFnZW1lbnQgcHJvdmlkZXIgdG8gaW5qZWN0DQogbWFs aWNpb3VzIGNvZGUgaW50byB0aGUgZGV2aWNlLiA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+RnJvbSB3aGF0IEkgYW0gc2Vl aW5nLCB0aGUgZmlyc3QgZGVwbG95bWVudCBtb2RlbCBpcyB2ZXJ5IHBvcHVsYXIuIFRoZSBhcHBy b2FjaCBvZiDigJxkZXNpZ25pbmcgeW91ciBvd24gc29sdXRpb27igJ0gd2FzIHBvcHVsYXIgaW4g dGhlIGVhcmx5IGRheXMgYmVjYXVzZSBjb21wYW5pZXMgd2VyZSBnaXZlbiB0aGUgaW1wcmVzc2lv biB0aGF0IHRoaXMgSW9UIHN0dWZmDQogaXMgc28gc2ltcGxlIHRoYXQgeW91IGNhbiBwdXQgYSBz b2x1dGlvbiB0b2dldGhlciBpbiBhIHdlZWtlbmQuIEl0IHR1cm5lZCBvdXQgdGhhdCB0aGlzIGlz IG5vdCBxdWl0ZSB0aGUgY2FzZSAoaWYgeW91IGhhdmUgYSBsYXJnZXIgbnVtYmVyIG9mIGRldmlj ZXMpLiBNYW55IElvVCBzZXJ2aWNlIHByb3ZpZGVycyBhbHNvIG5lZWQgaGVscCBkZXNpZ25pbmcg dGhlIGVudGlyZSBzb2x1dGlvbiwgYWxzbyB0aGUgc29sdXRpb24gb24gdGhlIElvVCBkZXZpY2UN CiBpdHNlbGYuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWJvdHRvbToxMi4wcHQiPkhvdyBkb2VzIHlvdXIgc29sdXRpb24gZml0IGludG8gdGhpcyBw aWN0dXJlPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0Ij4mZ3Q7IEkgYmVsaWV2ZSBpdCdzIHdvcnRoIGhhdmluZyBhIHVuaXZl cnNhbCBjcm9zcy12ZW5kb3Igc29sdXRpb24gdGhhdCBoYW5kbGVzIFNOSUYgZGV2aWNlIG9uYm9h cmRpbmcsIG1haW50YWlucyB0aGUgY3JlZGVudGlhbHMgaW4gYSBsb2NhbCBzZWN1cmUgc3RvcmFn ZSwgYW5kIGNvbnNvbGlkYXRlcyBodHRwcyBiYXNlZCBtYW5hZ2VtZW50IGludGVyZmFjZSBob3N0 ZWQNCiBieSBpbmRpdmlkdWFsIGRldmljZXMgdGhyb3VnaCBTTklGLjxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5bSGFubmVz XSBUaGVyZSBpcyBkZWZpbml0ZWx5IGEgbG90IG9mIGV4Y2l0ZW1lbnQgd2hlbiBpdCBjb21lcyB0 byB0aGUgZGV2ZWxvcG1lbnQgb2YgZGV2aWNlIG9uYm9hcmRpbmcgc29sdXRpb25zLiBJIGhhdmUg dG8gdHJ1c3QgeW91IHRoYXQgdGhlcmUgaXMgZnVydGhlciBpbnRlcmVzdCBmb3Igc29sdXRpb25z IGJlY2F1c2UgSSBoYXZlbuKAmXQgY2hlY2tlZC48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPg0KJmd0OyBUaGUgcmVx dWlyZW1lbnRzIGZvciBzdWNoIHNvbHV0aW9uIGlzIGEgdG9waWMgZm9yIGEgc2VwYXJhdGUgZHJh ZnQsIGFsdGhvdWdoIEkgYWxyZWFkeSBvdXRsaW5lZCB0aGUgcG9zc2libGUgc2VjdXJlIG9uYm9h cmRpbmcgcHJvY2VzcyBpbiB0aGUgc2VjdXJpdHkgc2VjdGlvbi48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+SSB3aWxsIHJl LXJlYWQgeW91ciBzZWN1cml0eSBjb25zaWRlcmF0aW9uIHNlY3Rpb24gYWdhaW4uDQo8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBw dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWJvdHRvbToxMi4wcHQiPk5vdGUgdGhhdCBJIGFtIGNlcnRhaW5seSBub3QgYWdhaW5zdCB5 b3VyIHNvbHV0aW9uLiBJZiB5b3VyIGFwcHJvYWNoIGhhcyBzdWNjZXNzLCBrdWRvcyB0byB5b3Uu DQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjEyLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPkNpYW88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+SGFubmVzPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIEZl YnJ1YXJ5IDI0LCAyMDIyIDU6Mzc6NDYgQU0gRVNULCBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEg aHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20iPkhhbm5lcy5Uc2Nob2Zlbmln QGFybS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t cmlnaHQ6MGluO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHByZT5IaSBKaW0sPGJyPjxicj5UaGFu a3MgZm9yIHRoZSBxdWljayByZXNwb25zZS4gVGhlIGxpbmsgdG8geW91ciB3ZWJzaXRlIGlzIGhl bHBmdWwuIEkgbm93IHVuZGVyc3Rvb2QgdGhhdCB5b3Ugd291bGQgYWxzbyByZWxheSB0aGUgY29t bXVuaWNhdGlvbiB0aHJvdWdoIHRoZSBwcm94eSwgd2hpY2ggZGVhbHMgd2l0aCB0aGUgSW9UIGRl dmljZSBiZWluZyBiZWhpbmQgYSBOQVQgYW5kL29yIGZpcmV3YWxsIGlmIHRoZSBJb1QgZGV2aWNl IGtlZXBzIHRoZSBjb25uZWN0aW9uIGFsaXZlLjxicj48YnI+SSB3b25kZXIgd2hldGhlciB5b3Ug aGF2ZSBjb25zaWRlcmVkIHRvIHJlLXVzZSBhbiBleGlzdGluZyBkZXZpY2UgbWFuYWdlbWVudCBz b2x1dGlvbnMgc2luY2UgdGhvc2UgaXMgd2lkZWx5IGRlcGxveWVkIHRvZGF5Pzxicj48YnI+Q2lh bzxicj5IYW5uZXM8YnI+PGJyPi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyPkZyb206IElv dG9wcyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlvdG9wcy1ib3VuY2VzQGlldGYub3JnIj5pb3RvcHMt Ym91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7IE9uIEJlaGFsZiBPZiBKaW0gWnVib3Y8YnI+U2VudDog V2VkbmVzZGF5LCBGZWJydWFyeSAyMywgMjAyMiA0OjE3IFBNPGJyPlRvOiA8YSBocmVmPSJtYWls dG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoQGlldGYub3JnPC9hPjsgSGFubmVz IFRzY2hvZmVuaWcgJmx0OzxhIGhyZWY9Im1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29t Ij5IYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPC9hPiZndDs7IEppbSBadWJvdiAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29tIj5pZXRmLWxpc3RAY29tbWVyY2Vi eXRlLmNvbTwvYT4mZ3Q7OyA8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciPnNl Y2Rpc3BhdGNoQGlldGYub3JnPC9hPjsgTWljaGFlbCBSaWNoYXJkc29uICZsdDs8YSBocmVmPSJt YWlsdG86bWNyK2lldGZAc2FuZGVsbWFuLmNhIj5tY3IraWV0ZkBzYW5kZWxtYW4uY2E8L2E+Jmd0 OzsgPGEgaHJlZj0ibWFpbHRvOmlvdG9wc0BpZXRmLm9yZyI+aW90b3BzQGlldGYub3JnPC9hPjsg PGEgaHJlZj0ibWFpbHRvOmFuaW1hQGlldGYub3JnIj5hbmltYUBpZXRmLm9yZzwvYT48YnI+U3Vi amVjdDogUmU6IFtJb3RvcHNdIFtTZWNkaXNwYXRjaF0gSS1EOiBEZXBsb3lpbmcgUHVibGljbHkg VHJ1c3RlZCBUTFMgU2VydmVycyBvbiBJb1QgRGV2aWNlcyBVc2luZyBTTkktYmFzZWQgRW5kLXRv LUVuZCBUTFMgRm9yd2FyZGluZyAoU05JRik8YnI+PGJyPlRoYW5rIFlvdSBmb3IgeW91ciBmZWVk YmFjayBIYW5uZXMsIEkgYWRkcmVzc2VkIHRoZSBjb21tZW50cyBiZWxvdyAtPGJyPjxicj5PbiBG ZWJydWFyeSAyMywgMjAyMiA1OjM2OjE1IEFNIEVTVCwgSGFubmVzIFRzY2hvZmVuaWcgJmx0Ozxh IGhyZWY9Im1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tIj5IYW5uZXMuVHNjaG9mZW5p Z0Bhcm0uY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzI5RkNGIDEuMHB0O3BhZGRpbmc6 MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJn aW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5IaSBhbGwsPGJyPjxicj5U aGFua3MgZm9yIHRoaXMgY29udHJpYnV0aW9uLCBKaW0uPGJyPjxicj5SZWFkaW5nIHRocm91Z2gg dGhlIGRvY3VtZW50IEkgYWdyZWUgdGhhdCB0aGUgU1VJQiB0b3BpYyBkaXNjdXNzZWQgaW4gdGhl IElPVE9QUyBXRyBhcHBlYXJzIHJlbGV2YW50LiBJIGFsc28gd29uZGVyIHdoZXRoZXIgdGhlIHdv cmsgaW4gdGhlIERBTklTSCBncm91cCAoc2VlIDxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvd2cvZGFuaXNoL2Fib3V0LykiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcv d2cvZGFuaXNoL2Fib3V0Lyk8L2E+IGlzIHJlbGV2YW50LjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Js b2NrcXVvdGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPkFncmVlZCBh Ym91dCBTVUlCLCBub3QgcXVpdGUgc3VyZSBhYm91dCBEQU5JU0guIERBTklTSCBpcyBhYm91dCBj ZXJ0aWZpY2F0ZSBiYXNlZCBhdXRoZW50aWNhdGlvbiBhbmQgUEtJIGV4dGVuc2lvbnMsIHdoaWxl IFNOSUYgaXMgYWJvdXQgZW5kLXRvLWVuZCByZWxheWVkIHRydXN0ZWQgVExTIHRoYXQgcmVsaWVz IG9uIHRoZSBzdGFuZGFyZCBQS0kuPG86cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzI5RkNGIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t cmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT48YnI+UmVnYXJkaW5nIHRoZSB1 c2UgaW4gSW9UIEkgaGF2ZSBhIHF1ZXN0aW9uIGZvciBteSB1bmRlcnN0YW5kaW5nLjxicj48YnI+ SW4gYSBudXRzaGVsbCwgeW91IGludHJvZHVjZSBhIHByb3h5IHRoYXQgYWxsb2NhdGVzIGEgaG9z dG5hbWUgYW5kIHJlcXVlc3RzIGEgY3JlYXRpb24gb2YgYSBjZXJ0aWZpY2F0ZSBvbiBiZWhhbGYg b2YgdGhlIElvVCBkZXZpY2UuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+ PGJyPkNvcnJlY3QsIHBsdXMgYW4gZTJlIFRMUyByZWxheS48bzpwPjwvbzpwPjwvcHJlPg0KPGJs b2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM3MjlGQ0YgMS4w cHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9w OjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxicj5U byBnZXQgdGhpcyB0byB3b3JrIHlvdSByZWx5IG9uIHRocmVlIGFzc3VtcHRpb25zOjxicj4oMSkg VGhlcmUgaGFzIHRvIGJlIGEgY29tbXVuaWNhdGlvbiBpbmZyYXN0cnVjdHVyZSB0aGF0IGFzc29j aWF0ZXMgdGhlICZxdW90O2Fub255bW91cyZxdW90OyBob3N0bmFtZSB3aXRoIGEgc3BlY2lmaWMg ZGV2aWNlIGFuZCBjb252ZXlzIHRoZXNlIGlkZW50aWZpZXJzIHRvIHRoZSByZWxldmFudCBwYXJ0 aWVzLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4t Ym90dG9tOjEyLjBwdCI+PGJyPkVhY2ggZGV2aWNlIGlzIGNvbmZpZ3VyZWQgd2l0aCBhbiBpbml0 VXJsIHBvaW50aW5nIHRvIGEgc3BlY2lmaWMgQ0EgcHJveHkgdGhhdCBhbGxvY2F0ZXMgYSByYW5k b20gaG9zdG5hbWUgKGEgQ04gdG8gYmUgbW9yZSBhY2N1cmF0ZSksIG5vcm1hbGx5IGEgc3ViZG9t YWluIG9mIGEgbWFzdGVyIGRvbWFpbiB0aGF0IGhhcyBhIHdpbGRjYXJkIEROUyByZWNvcmQgcG9p bnRpbmcgdG8gdGhlIENBIHByb3h5Ljxicj5FeGFtcGxlIC0gdGhlIGluaXRVcmwgZm9yIHB1Ymxp YyBleHBlcmltZW50YWwgdXNlIC0gPGEgaHJlZj0iaHR0cHM6Ly9zbmlmLnNuaWYueHl6OjQ0NDMi Pmh0dHBzOi8vc25pZi5zbmlmLnh5ejo0NDQzPC9hPiBUaGUgYWxsb2NhdGVkIHdpbGRjYXJkIENO IGlzIGEgc3ViZG9tYWluIG9mIHRoZSBtYXN0ZXIgZG9tYWluIHNuaWYueHl6PG86cD48L286cD48 L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAj NzI5RkNGIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7 bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0K PHByZT4oMikgWW91IGFzc3VtZSB0aGF0IGEgcGFydHkgdGhhdCB3YW50cyB0byBjb250YWN0IHRo ZSBJb1QgZGV2aWNlIGlzIGFibGUgdG8gcmVhY2ggdGhlIGRldmljZSAoaS5lLiB0aGUgSW9UIGRl dmljZSBpcyBub3QgYmVoaW5kIGEgZmlyZXdhbGwgb3IgTkFUKS48bzpwPjwvbzpwPjwvcHJlPg0K PC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5Cb3Ro IHRoZSBJb1QgZGV2aWNlIGFuZCB0aGUgY2xpZW50IGNvbm5lY3QgdG8gdGhlIFNOSUYgcmVsYXku IFRoZSB3aG9sZSBwdXJwb3NlIG9mIFNOSUYgaXMgdG8gYmUgYWJsZSB0byB3b3JrIGZyb20gYmVo aW5kIE5BVCAvIGZpcmV3YWxsIC9ldGMsIGFuZCBpdCdzIGJlZW4gY29uZmlybWVkIHRvIHdvcmsg aW4gcHJlLXByb2R1Y3Rpb24uIEluIGZhY3QgSSBoYWQgYSBtaW5vciBoaWNrdXAgd2l0aCBGb3J0 aWdhdGUgaW4gdGhlIHByb2Nlc3Mgb2YgdGVzdGluZyB3aGljaCBoYXMgYmVlbiByZXNvbHZlZC48 YnI+VGhlcmUgYXJlIHNpbXBsaWZpZWQgZGlhZ3JhbXMgb24gPGEgaHJlZj0iaHR0cHM6Ly9zbmlm Lmhvc3QiPmh0dHBzOi8vc25pZi5ob3N0PC9hPiB0byBpbGx1c3RyYXRlIHRoZSBjb25jZXB0Ljxv OnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxl ZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1s ZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9t OjYuMHB0Ij4NCjxwcmU+KDMpIFNvbWVvbmUgb3BlcmF0aW5nIElvVCBkZXZpY2VzIGhhcyB0byB0 cnVzdCB0aGUgcHJveHkgc2luY2UgaXQgaXMgZWFzeSBmb3IgdGhlIHByb3h5IHRvIGFzc29jaWF0 ZSBhIGhvc3RuYW1lIHdpdGggYSBwdWJsaWMga2V5IHRoYXQgd2FzIGNyZWF0ZWQgYnkgdGhlIHBy b3h5IChyYXRoZXIgdGhhbiB0aGUgZW5kIGRldmljZSkuIFRoaXMgZXNzZW50aWFsbHkgYWxsb3dz IHRoZSBwcm94eSB0byBpbXBlcnNvbmF0aW5nIHRoZSBJb1QgZGV2aWNlLjxicj48YnI+SXMgbXkg dW5kZXJzdGFuZGluZyBjb3JyZWN0PzxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8 cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPlllcywgSSBtZW50aW9uZWQgdGhp cyB2dWxuZXJhYmlsaXR5IGluIHRoZSBzZWN1cml0eSBzZWN0aW9uLiBUaGUgYW5zd2VyIGlzPGJy Pi0gd2F0Y2ggdGhlIHB1YmxpYyBUTFMgdHJhbnNwYXJlbmN5IGxvZ3MsIGFueSBwYXJ0eSBjYW4g ZG8gaXQuIElmIGFueSBvdmVybGFwcGluZyBDTnMgYXJlIGZvdW5kIC0gdGhlIENBIHByb3h5IGlz IHBlcm1hbmVudGx5IGNvbXByb21pc2VkLDxicj4tIGRvIG5vdCB1c2UgcmFuZG9tIENBIHByb3hp ZXMgb3duZWQgYnkgdW5rbm93biBwYXJ0aWVzLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRk aW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PGJyPkNpYW88YnI+ SGFubmVzPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0Ij48YnI+QW55IGZ1cnRoZXIgcXVlc3Rpb25zL3N1Z2dlc3Rpb25zIGFy ZSB3ZWxjb21lLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5v bmU7Ym9yZGVyLWxlZnQ6c29saWQgIzcyOUZDRiAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYu MHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjtt YXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PGJyPi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0t PGJyPkZyb206IFNlY2Rpc3BhdGNoICZsdDs8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2gtYm91 bmNlc0BpZXRmLm9yZyI+c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7IE9uIEJl aGFsZiBPZiBKaW0gWnVib3Y8YnI+U2VudDogRnJpZGF5LCBGZWJydWFyeSAxMSwgMjAyMiAxMjoy MiBBTTxicj5UbzogPGEgaHJlZj0ibWFpbHRvOnNlY2Rpc3BhdGNoQGlldGYub3JnIj5zZWNkaXNw YXRjaEBpZXRmLm9yZzwvYT47IE1pY2hhZWwgUmljaGFyZHNvbiAmbHQ7PGEgaHJlZj0ibWFpbHRv Om1jcitpZXRmQHNhbmRlbG1hbi5jYSI+bWNyK2lldGZAc2FuZGVsbWFuLmNhPC9hPiZndDs7PGJy PkppbSBadWJvdiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlldGYtbGlzdEBjb21tZXJjZWJ5dGUuY29t Ij5pZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbTwvYT4mZ3Q7OyA8YSBocmVmPSJtYWlsdG86aW90 b3BzQGlldGYub3JnIj5pb3RvcHNAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJtYWlsdG86YW5pbWFA aWV0Zi5vcmciPmFuaW1hQGlldGYub3JnPC9hPjxicj5TdWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNo XSBJLUQ6IERlcGxveWluZyBQdWJsaWNseSBUcnVzdGVkIFRMUyBTZXJ2ZXJzPGJyPm9uIElvVCBE ZXZpY2VzIFVzaW5nIFNOSS1iYXNlZCBFbmQtdG8tRW5kIFRMUyBGb3J3YXJkaW5nIChTTklGKTxi cj48YnI+VGhhbmtzIGZvciB0aGUgZmVlZGJhY2sgYWdhaW4sIG15IGNvbW1lbnQgYXJlIGJlbG93 Ljxicj5JIHN1Ym1pdHRlZCBhIG5ldyB2ZXJzaW9uIG9mIHRoZSBkcmFmdCB0byByZWZsZWN0IHNv bWUgY2hhbmdlcy48YnI+PGJyPk9uIEZlYnJ1YXJ5IDEwLCAyMDIyIDE6MDI6NDggUE0gRVNULCBN aWNoYWVsIFJpY2hhcmRzb24gJmx0OzxhIGhyZWY9Im1haWx0bzptY3IraWV0ZkBzYW5kZWxtYW4u Y2EiPm1jcitpZXRmQHNhbmRlbG1hbi5jYTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wcmU+ DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZB OCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdp bi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+ PGJyPkppbSBadWJvdiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmlldGYtbGlzdEBjb21tZXJjZWJ5dGUu Y29tIj5pZXRmLWxpc3RAY29tbWVyY2VieXRlLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+ PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg IzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4N CjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNF IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2lu LXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT4g VGhpcyB3YXMgYWxzbyBvbiB0aGUgSUVURjExMiBJT1RPUFMgV0cgYWdlbmRhOjxicj4gc2xpZGVz Ojxicj4gPGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9tZWV0aW5nLzExMi9t YXRlcmlhbHMvc2xpZGVzLTExMi1pb3RvcHMtc3VpYi1icm93c2luZy1sb2NhbC13ZWItcmVzb3Vy Y2VzLWluLWEtc2VjdXJlLXVzYWJsZS1tYW5uZXItaW90LWRldmljZS1jb25maWd1cmF0aW9uLWFz LWEtc3BlY2lhbC1jYXNlLTAwIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcv MTEyL21hdGVyaWFscy9zbGlkZXMtMTEyLWlvdG9wcy1zdWliLWJyb3dzaW5nLWxvY2FsLXdlYi1y ZXNvdXJjZXMtaW4tYS1zZWN1cmUtdXNhYmxlLW1hbm5lci1pb3QtZGV2aWNlLWNvbmZpZ3VyYXRp b24tYXMtYS1zcGVjaWFsLWNhc2UtMDA8L2E+PGJyPiB2aWRlbzombmJzcDsgPGEgaHJlZj0iaHR0 cHM6Ly95b3V0dS5iZS9PSWxKclV2d0RjST90PTE2NDkiPmh0dHBzOi8veW91dHUuYmUvT0lsSnJV dndEY0k/dD0xNjQ5PC9hPjxicj48YnI+IGFuZCB3ZSBob3BlIHRvIHJldHVybiBhdCBJRVRGMTEz LjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxv OnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21h cmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t Ym90dG9tOjYuMHB0Ij4NCjxwcmU+UmlnaHQsIGxvb2tzIGxpa2UgU1VJQiBpcyB3b3JraW5nIG9u IGEgc2ltaWxhciBwcm9ibGVtLiBUaGFua3MgZm9yPGJyPnBvaW50aW5nIHRoaXMgb3V0LiBJbiBw YXJ0aWN1bGFyLCB0aGUgJnF1b3Q7U29sICM2IERldmljZSBuYW1lIEROUyZxdW90OyBzbGlkZTxi cj5sb29rcyBxdWl0ZSBzaW1pbGFyIHRvIFNOSUYgQ0EgUHJveHkgKFNlY3Rpb24gMykuIEhvd2V2 ZXIsIFNVSUIgcHVyc3Vlczxicj5iaWdnZXIgaW5mcmFzdHJ1Y3R1cmFsIGdvYWxzIHN1Y2ggYXMg Y2hhbmdpbmcgdGhlIGxvY2FsaG9zdCBUTFM8YnI+Y29ubmVjdGlvbiBwb2xpY2llcyAoSSB0b3Rh bGx5IGFncmVlIGFuZCByZWFsbHkgYXBwcmVjaWF0ZSB0aGUgZWZmb3J0KSw8YnI+d2hpbGUgU05J RiBpcyBhIGZ1bmN0aW9uaW5nIHNvbHV0aW9uIHdpdGhpbiB0aGUgZXhpc3Rpbmc8YnI+aW5mcmFz dHJ1Y3R1cmUsIHRlc3RlZCBhbmQgcHJvdmVuIHRvIHdvcmsgaW4gcHJlLXByb2R1Y3Rpb24uPG86 cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PGJyPlRoZSBzbGlkZXMgbWF5IGJl IHRvbyB2YWd1ZS4mbmJzcDsgQ2hhbmdpbmcgdGhlIFRMUyBwb2xpY2llcyBpcyBhIHBvc3NpYmxl PGJyPnNvbHV0aW9uLCBidXQgcHJvYmFibHkgYW4gaW1wcmFjdGljYWwgb25lLiZuYnNwOyBOZXZl cnRoZWxlc3MsIG1hbnkgcGVvcGxlPGJyPihub3Qgc3RlZXBlZCBpbiB0aGUgYXJ0cywgYW5kIG9m dGVuIGZhaWxsaW5nIGludG8gdGhlIFBIQiBjYXRlZ29yeSk8YnI+dGhpbmsgdGhhdCBpdCBpcyBh biBvYnZpb3VzIHNvbHV0aW9uLCBzbyB3ZSBsaXN0IGl0IGluIG9yZGVyIHRvIGV4cGxhaW4gd2h5 IGl0IHdvbid0IHdvcmsuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5 bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48YnI+WWVzLCBzdGlsbCBzYWQgdGhhdCBsb2NhbGhv c3Qgc2xpcHBlZCB0aHJvdWdoIHRoZSBjcmFja3Mgd2hlbiB0aGUgb3JpZ2luYWwgc2VjdXJpdHkg c3RhbmRhcmRzIHdlcmUgd3JpdHRlbi48bzpwPjwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5 bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNBRDdGQTggMS4wcHQ7cGFkZGluZzow aW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdp bi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg IzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4N CjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNF IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2lu LXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT4g VGhlIFNVSUIgcHJvYmxlbSBhZGRyZXNzZXMgdGhlIGNoYWxsZW5nZSBvZiBjb25uZWN0aW5nICps b2NhbGx5KiB0byBhPGJyPiBkZXZpY2UsPGJyPiBhbmQgZG9pbmcgaXQgc2VjdXJlbHkuJm5ic3A7 IEZvciB0aGlzIHRvIGJlIHBvc3NpYmxlIHdpdGggUkZDNjEyNS1ETlMtSUQ8YnI+IHN0YW5kYXJk PGJyPiBicm93c2VyLCB3ZSBuZWVkIGEgbmFtZSBmb3IgdGhlIGRldmljZSwgYW5kIHdlIG5lZWQg YSB3YXkgdG8gdHJhbnNsYXRlPGJyPiB0aGF0PGJyPiBuYW1lIGludG8gYSBsb2NhbGx5IHJlYWNo YWJsZSBJUCBhZGRyZXNzLjxicj48YnI+IFRoZSBTTklGIHByb3Bvc2FsIGRvZXMgbm90IHF1aXRl IHNvbHZlIHRoZSBhYm92ZSBwcm9ibGVtLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRk aW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SW4gZmFjdCwgSSBv cmlnaW5hbGx5IGRlc2lnbmVkIFNOSUYgdG8gc29sdmUgdGhpcyBzcGVjaWZpYyBwcm9ibGVtIC08 YnI+bG9jYWwtdG8tbG9jYWwgdHJ1c3RlZCBUTFMgY29ubmVjdGlvbnMuPG86cD48L286cD48L3By ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48YnI+ QWgsIHZlcnkgbmljZSB0byBrbm93LjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBp biAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2lu LXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+KiBJc3N1ZSBhIHdpbGRjYXJk IGNlcnQgdGhyb3VnaCBTTklGIENBIFByb3h5PGJyPihlLmcuIENOPSouZG9tYWluLnNuaWYueHl6 KSwgc2V0IGEgRE5TIHJlY29yZCBmb3I8YnI+bG9jYWxob3N0LmRvbWFpbi5zbmlmLnh5eiB0byBw b2ludCB0byBsb2NhbGhvc3QncyBJUHY0L3Y2LCBhbmQgdXNlPGJyPjxhIGhyZWY9Imh0dHBzOi8v bG9jYWxob3N0LmRvbWFpbi5zbmlmLnh5eiI+aHR0cHM6Ly9sb2NhbGhvc3QuZG9tYWluLnNuaWYu eHl6PC9hPiAob3Igb3RoZXIgYXBwIHByb3RvY29sIC0gaW1hcHM8YnI+ZXRjKS4gSG93ZXZlciwg bG9va3MgbGlrZSBzb21lIGNsaWVudHMgdHJlYXQgdGhlIGxvY2FsaG9zdCBJUCBhczxicj5pbmhl cmVudGx5IHVuc2VjdXJlLCBhbmQgaXNzdWUgYSB3YXJuaW5nIGV2ZXIgaXMgdGhlIGNlcnQgaXMg cGVyZmVjdGx5PGJyPnZhbGlkLiBUaGUgb3B0aW9uIGlzIHN0aWxsIHBvc3NpYmxlLCBidXQgdGhl IGFwcGxpY2FiaWxpdHkgbWlnaHQgYmU8YnI+bGltaXRlZC48bzpwPjwvbzpwPjwvcHJlPg0KPC9i bG9ja3F1b3RlPg0KPHByZT48YnI+VGhlIHByb2Nlc3Mgd2UgZGVzY3JpYmVkIGF0PGJyPjxicj48 YSBocmVmPSJodHRwczovL3NwZWNzLm1hbnlzZWN1cmVkLm9yZy9zdWliL1NvbHV0aW9ucy9kbnNu YW1lLWVtYmVkZGVkLXNvbHV0aW9uIj5odHRwczovL3NwZWNzLm1hbnlzZWN1cmVkLm9yZy9zdWli L1NvbHV0aW9ucy9kbnNuYW1lLWVtYmVkZGVkLXNvbHV0aW9uPC9hPjxicj48YnI+YWxzbyB1c2Vz IGEgd2lsZGNhcmQgY2VydCwgYnV0IGhhcyBhIG1hZ2ljIGF1dGhvcml0YXRpdmUgRE5TIHNlcnZl cjxicj50aGF0IHRyYW5zbGF0ZXMgdGhlIGxlZnQtbW9zdCBsYWJlbCBpbnRvIGFuIEEgb3IgQUFB QSByZWNvcmQuJm5ic3A7IEl0J3M8YnI+cmF0aGVyIGEgY3V0ZSBoYWNrLCBidXQgYXQgbGVhc3Q6 PGJyPiZuYnNwOyBhKSBpdCdzIGNhY2hhYmxlPGJyPiZuYnNwOyBiKSBpdCBjb3VsZCBldmVuIGJl IGNhbGN1bGF0ZWQgbG9jYWxseSwgaWYgb25lIGlnbm9yZXMgRE5TU0VDLjxvOnA+PC9vOnA+PC9w cmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJy PlllcywgdXNpbmcgYSBsb2NhbCBuZXR3b3JrIElQIGluc3RlYWQgb2YgYSBsb2NhbGhvc3QgSVAg aXMgYWN0dWFsbHkgYSBzbWFydCBpZGVhLjxicj5Ib3dldmVyLCBpbmxpbmluZyB0aGUgbG9jYWwg SVAgaW4gdGhlIGhvc3RuYW1lLCBhcyBTVUlCIGRvZXMsIG1lYW5zIHlvdSdsbCBoYXZlIHRvIGNo YW5nZSB0aGUgaG9zdG5hbWUgaW4geW91ciBjbGllbnQgZXZlcnkgdGltZSB5b3VyIG5ldHdvcmsg aXMgY2hhbmdlZC48YnI+SSBoYXZlIGFuIHRob3VnaHQgZm9yIFNOSUYgaW1wcm92ZW1lbnQgLSBT TklGIGNvbm5lY3RvciBzZW5kcyBhIFNOSUYgRE5TIGNvbW1hbmQgdG8gc2V0IGEgZHluYW1pYyBE TlMgQS9BQUFBIGZvciBhIGNlcnRhaW4gaG9zdG5hbWUgd2l0aGluIHRoZSBDTiB3aWxkY2FyZCwg YW5kIHRoZSBDQSBwcm94eSB1cGRhdGVzIHRoZSBETlMgYWNjb3JkaW5nbHkuIFRoaXMgd2F5IHRo ZSBob3N0bmFtZSBjYW4gYmUgcGVybWFuZW50LCBidXQgd2l0aCBkeW5hbWljIEROUy48YnI+QW5v dGhlciBwcm9ibGVtIC0gbW9zdCBwbGF0Zm9ybXMgd29uJ3QgbGV0IHlvdSBiaW5kIHRvIHBvcnQg Jmx0OyAxMDI0IHVubGVzcyB5b3UncmUgYSByb290LiBNaWdodCBiZSBvayBmb3IgYSBkZXZpY2Ug bWFudWZhY3R1cmVyLCBidXQgaXMgYSBwb3RlbnRpYWwgc2hvdyBzdG9wcGVyIGZvciBhbnkgdXNl ciBzcGFjZSBhcHAuIFJlbGF5ZWQgU05JRiB3b3JrcyBhcm91bmQgdGhpcyBwcm9ibGVtIHNpbmNl IHRoZSBsaXN0ZW5pbmcgcG9ydHMgYXJlIG9uIHRoZSByZWxheS48bzpwPjwvbzpwPjwvcHJlPg0K PGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNBRDdGQTgg MS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4t dG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxv OnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21h cmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t Ym90dG9tOjYuMHB0Ij4NCjxwcmU+KiBBbm90aGVyIG9wdGlvbiBpcyB0byBvdmVycmlkZSB0aGUg SVAgcm91dGluZyBydWxlcy4gSXQgaXMgdG90YWxseTxicj5wb3NzaWJsZSBvbiBpT1MgYW5kIE1h YyB0aHJvdWdoIGEgdXNlcnNwYWNlIFZQTiAob25seSBvbmUgVlBOIHBlcjxicj5kZXZpY2UgdGhv dWdoIC0gYmV3YXJlIG9mIHBvc3NpYmxlIGNvbmZsaWN0cykuIEluIGZhY3QgSSBoYXZlIGE8YnI+ ZnVuY3Rpb25pbmcgc29sdXRpb24gZm9yIGl0LCBpbiBiZXRhIG5vdyAtPG86cD48L286cD48L3By ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PGJyPlRoYXQgZG9lc24ndCByZWFsbHkgc2NhbGUgdG8g bWFueSBkaWZmZXJlbnQgZG9tYWlucy48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0K PHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5Ub3RhbGx5IGFncmVlZCwgSSBq dXN0IG1lbnRpb25lZCB0aGF0IHRoaXMgb3B0aW9uIHdvcmtzIGZvciAqc29tZSogY2FzZXMsIHR1 bi90YXAgYSBpcyBwb3NzaWJsZSBvcHRpb24gdG9vIGlmIHlvdSdyZSBhIHJvb3QuPG86cD48L286 cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xp ZCAjQUQ3RkE4IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44 cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQi Pg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRl cjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBp biA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDow aW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLWxlZnQ6c29saWQgI0ZDQUYzRSAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0 O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJn aW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+U3RpbGwsIGlmIFNOSUYgaXMgcmVwbGFjaW5nIGEgbWFu dWZhY3R1cmVyIHByb3ByaWV0YXJ5IGNhbGwtaG9tZSBwcm90b2NvbCw8YnI+dGhlcmUgY291bGQg YmUgYWR2YW50YWdlcyBmcm9tIGhhdmluZyB3ZWxsIHJldmlld2VkIGNvZGUgYmFzZXMsIGFuZDxi cj5wb3RlbnRpYWxseSBhbiBlY29zeXN0ZW0gb2YgU05JRiBQcm92aWRlcnMgdGhhdCBtYW51ZmFj dHVyZXJzIGNvdWxkPGJyPm91dHNvdXJjZTxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRk aW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNFIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t cmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT50by4mbmJzcDsgQXp1cmUvQW1h em9uLy4uLiBjb3VsZCBlYXNpbHkgcnVuIHN1Y2ggc2VydmljZXMuPG86cD48L286cD48L3ByZT4N CjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3By ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFF MjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHBy ZT5JIHNlZSB0d28gb3B0aW9ucyAtIGEgU05JRiBzZXJ2ZXIgaW1wbGVtZW50ZWQgYnkgZWFjaCB2 ZW5kb3IgZm9yIHRoZWlyPGJyPm93biBkZXZpY2VzL3NlcnZpY2VzLCBvciBhIGJpZ2dlciBTTklG IFNhYVMgaW1wbGVtZW50ZWQgYnkgYSB0cnVzdGVkPGJyPnByb3ZpZGVyLCB1c2VkIGJ5IHZlbmRv cnMuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PGJyPlllcywgYnV0IHdo YXQncyB0aGUgZmluYW5jaWFsIG1vdGl2ZSBmb3IgdGhpcyBwcm92aWRlcj88bzpwPjwvbzpwPjwv cHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxi cj4oMSkgRm9yIGEgdmVuZG9yIHRvIHJ1biB0aGVpciBvd24gU05JRiBzZXJ2ZXI6IG1hcmtldCBh cyBhIHRydWUgYXVkaXRhYmxlIGVuZC10by1lbmQgZm9yIElvVCBkZXZpY2VzIHRoZXkgb2ZmZXIu PGJyPigyKSBGb3IgYSB2ZW5kb3IgdXNpbmcgU05JRiBTYWFTOiBtYXJrZXQgYXMgKDEpIGJhY2tl ZCBieTxicj57VHJ1c3RlZEJpZ05hbWV9PGJyPigzKSBGb3IgYSB7VHJ1c3RlZEJpZ05hbWV9IHRv IHJ1biBTTklGIFNhYVM6IGNvbGxlY3QgZmVlcyBmcm9tICgyKSBmb3IgdXNpbmcgdGhlaXIgc2Vy dmljZSBhbmQgYmlnIG5hbWUuPGJyPjxicj5BcyBhIG1hdHRlciBvZiBmYWN0LCBTTklGIHJlbGF5 IGlzIGxpZ2h0IG9uIHNlcnZlciByZXNvdXJjZXMuIEkndmUgYmVlbiBydW5uaW5nIGl0IG9uIGEg bWluaW11bSBEaWdpdGFsT2NlYW4gdmlydHVhbCBzZXJ2ZXIgZm9yIG1vbnRocyB3aXRoIG1vcmUg dGhhbiBhIGRvemVuIGNvbm5lY3RvcnMsJm5ic3A7Jm5ic3A7IHRoZSBzZXJ2ZXIgbG9hZCBpcyBh IGZyYWN0aW9uIG9mIGEgcGVyY2VudC4gT2YgY291cnNlIGlmIHNvbWVib2R5IGNvbm5lY3RzIElv VCBjYW1lcmFzIHRoZXkgY2FuIGdlbmVyYXRlIHNvbWUgdHJhZmZpYywgYnV0IElvVCB2ZW5kb3Jz IGFscmVhZHkgaGFuZGxlIGl0IHRocm91Z2ggdGhlaXIgcHJvcHJpZXRhcnkgcmVsYXlzLjxvOnA+ PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6 c29saWQgI0FEN0ZBOCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0 OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYu MHB0Ij4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBp biAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmln aHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpu b25lO2JvcmRlci1sZWZ0OnNvbGlkICNGQ0FGM0UgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2 LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47 bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPlNOSUYgc2VlbXMgdmVyeSBtdWNoIElQdjQgTkFU NDQgZm9jdXNlZCwgYW5kIGl0IGNvdWxkIGJlbmVmaXQgZnJvbSBzb21lPGJyPnVuZGVyc3RhbmRp bmcgb2YgSVB2NiBhbmQgSVB2Ni1vdmVyLUlQdjQgdGVjaG5vbG9naWVzLDxvOnA+PC9vOnA+PC9w cmU+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjEyLjBwdCI+IHBhcnRpY3VsYXJseTxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5n OjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxibG9ja3F1b3RlIHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNFIDEuMHB0O3BhZGRpbmc6MGluIDBp biAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmln aHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5UZXJlZG8uPG86cD48L286cD48L3By ZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48 L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAj OEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7 bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0K PHByZT5TTklGIGlzIG5vdCBleGFjdGx5IGZvY3VzZWQgb24gdjQsIGl0IHdvcmtzIGZpbmUgd2l0 aCB2NiBhcyB3ZWxsLiBJdCdzPGJyPmRlc2lnbmVkIHRvIHdvcmsgYXJvdW5kIE5BVCwgdGhhdCdz IHRydWUuIEhvd2V2ZXIsIElQdjYgbmV0d29ya3MgbWF5PGJyPnBvc2UgaXNzdWVzIHRvbyAtIGZp cmV3YWxscyBldGMsIHdoaWNoIHdpbGwgcHJldmVudCB0byBkaXJlY3RseSBhY2NlcHQ8YnI+aW5j b21pbmcgVENQIG9uIElQdjYgYWRkcmVzcy48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3Rl Pg0KPHByZT48YnI+VGVyZWRvIGNvdWxkIGJlIHVzZWQgaW5zdGVhZCBhbmQgYWxsb3dzIHRoZSBy ZWxheSB0byBiZSBzdGF0ZWxlc3MgYW5kPGJyPmRpc3RyaWJ1dGVkLCBhbmQgZGV2b2x2ZXMgdG8g b3JkaW5hcnkgSVB2NiB3aGVuIGl0IGlzIHByZXNlbnQuPG86cD48L286cD48L3ByZT4NCjwvYmxv Y2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48YnI+WWVzLCBidXQg VGVyZWRvIGlzIElQdjYgc3BlY2lmaWMsIHRoZSB3b3JsZCBpcyBub3Qgc3RyaWN0bHkgSVB2NiB5 ZXQuIEFuZCBpdCdzIGEgc3lzdGVtIGxldmVsIHNvbHV0aW9uLCB3aGlsZSBTTklGIHdvcmtzIGZp bmUgaW4gYSB1c2VyIHNwYWNlLjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0i Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZBOCAxLjBwdDtwYWRkaW5nOjBpbiAw aW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJp Z2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3By ZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFF MjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPGJs b2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNGQ0FGM0UgMS4w cHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9w OjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPkl0IGNs ZWFybHkgaGFzIHRvIHNwZWFrIEhUVFBTIG9ubHkuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2tx dW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9j a3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0 O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1 LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5JIHNwZWNp ZmllZCBIVFRQIGJlY2F1c2UgUEtDUyMxMCBhbmQgWC41MDkgYXJlIGluaGVyZW50bHkgc2VjdXJl IHRvIGJlPGJyPnNlbnQgb3ZlciBhIHBsYWluIGNvbm5lY3Rpb24uPG86cD48L286cD48L3ByZT4N CjwvYmxvY2txdW90ZT4NCjxwcmU+PGJyPlllcywgYnV0IHRoZXJlIGFyZSBwcml2YWN5IGNvbmNl cm5zIHdoaWNoIHdpbGwgYmVjb21lIGEgcGFpbiwgc288YnI+YmV0dGVyIHRvIGp1c3Qgc2F5IEhU VFBTIGhlcmUuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1h cmdpbi1ib3R0b206MTIuMHB0Ij48YnI+SSByZXNwZWN0ZnVsbHkgZGlzYWdyZWUsIHN0aWxsIHRo aW5rIEhUVFAgaXMgYW4gZWFzaWVyIGFuc3dlciBmb3IgU05JRi4gVGhlIHByb2JsZW0gd2l0aCBI VFRQUyBpcyAtIFNOSUYgcmVsYXkgKHVzdWFsbHkpIHJvdXRlcyBodHRwcyBwb3J0IHRvIFNOSUYg Y29ubmVjdG9ycywgYW5kIGRvZXMgbm90IHNlcnZlIGl0IHdpdGhpbiB0aGUgc2VydmVyLiBIYXZp bmcgYSBkZWRpY2F0ZWQgaG9zdG5hbWUgb3IgYW4gYWx0ZXJuYXRlIHBvcnQgbWVhbnMgdGhhbiBT TklGIGNvbm5lY3RvcnMgbmVlZCBhZGRpdGlvbmFsIGNvbmZpZ3VyYXRpb24gb3B0aW9ucywgb3Ig YWRkaXRpb25hbCBkaXNjb3ZlcnkgcHJvdG9jb2xzLiBPbiB0aGUgb3RoZXIgaGFuZCwgSFRUUCBh bGxvd3MgdG8gZGVyaXZlIGFsbCBBUEkgVVJMcyBkZXRlcm1pbmlzdGljYWxseSBmcm9tIHRoZSBD Ti48YnI+SSBhZGRyZXNzZWQgdGhlIHBvc3NpYmxlIHNlY3VyaXR5IGNvbmNlcm5zIGluIG1vcmUg ZGV0YWlscyBhbmQgYW1lbmRlZCB0aGUgU2VjdXJpdHkgc2VjdGlvbiBpbiB0aGUgZHJhZnQuPG86 cD48L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQUQ3RkE4IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206 Ni4wcHQiPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9 ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICM4QUUyMzQgMS4wcHQ7cGFkZGluZzowaW4g MGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1y aWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPlRoZSBiZXN0IG9wdGlvbiBpcyB0 aGUgbWFudWZhY3R1cmVyIEkgYmVsaWV2ZS4gVGhlIG1hbnVmYWN0dXJlciBjYW48YnI+aGF2ZSBl aXRoZXIgdGhlaXIgb3duIFNOSUYgc2VydmVyLCBvciB3b3JrIHdpdGggYSB0cnVzdGVkIFNhYVMu IFRoaXM8YnI+d2F5IGl0J3MgemVybyBzZXR1cCBmb3IgdGhlIGVuZCB1c2VyLCBhbmQgZG9lc24n dCBuZWVkIGFueTxicj5pbmZyYXN0cnVjdHVyZSBhZGRpdGlvbnMuPG86cD48L286cD48L3ByZT4N CjwvYmxvY2txdW90ZT4NCjxwcmU+PGJyPkFncmVlZCwgdGhlIG1hbnVmYWN0dXJlciBoYXMgdG8g cHJvdmlzaW9uIGEgY3JlZGVudGlhbC48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0K PHByZSBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5ZZXMgSSBwcm9wb3NlZCBzb21l IG91dGxpbmVzIGluIHRoZSBzZWN1cml0eSBzZWN0aW9uLCBtb3JlIGRldGFpbGVkIHNwZWNzIGFy ZSBwcm9iYWJseSBiZXR0ZXIgdG8gZGVzY3JpYmUgaW4gYSBzZXBhcmF0ZSBkcmFmdC48bzpwPjwv bzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNv bGlkICNBRDdGQTggMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0 LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBw dCI+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9y ZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4g MGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0 OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+U3VyZSwgZWxsaXB0aWMgY3VydmVzIGFy ZSBiZXR0ZXIsIGJ1dCBzb21lIG9sZCBzY2hvb2wgY2xpZW50cyBtYXkgaGF2ZTxicj5wcm9ibGVt cyB3aXRoIHRoZW0uIEl0IG1heSBtYWtlIHNlbnNlIHRvIG5vdCBtZW50aW9uIHRoZSByZWNvbW1l bmRlZDxicj5hbGdvcml0aG0gaW4gdGhlIGRyYWZ0LCBhbmQganVzdCB0byBmb2xsb3cgdGhlIENB J3MgcmVjb21tZW5kYXRpb25zLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJl Pjxicj5FQ0RTQSBhY2NlbGVyYXRpb24gaXMgcHJldHR5IG11Y2ggdWJpcXVpdG91cywgd2hpbGUg UlNBIGlzIG5vdC48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHByZSBzdHlsZT0i bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj5Ib25lc3RseSBJIGRvbid0IHRoaW5rIGFjY2VsZXJh dGlvbiBpcyBzdWNoIGEgYmlnIGRlYWwsIG1vc3Qgb2YgVExTIGpvYiBpcyBzeW1tZXRyaWMgY2lw aGVycyBhbnl3YXkuIEJ1dCBJIGFncmVlIC0gaXQncyBiZXR0ZXIgdG8gZm9sbG93IHRoZSBDQSBz dWdnZXN0aW9ucyBhbmQgaW5kdXN0cnkgcHJhY3RpY2VzLjxvOnA+PC9vOnA+PC9wcmU+DQo8Ymxv Y2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZBOCAxLjBw dDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6 NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+PG86cD4m bmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXIt bGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2lu LWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0 b206Ni4wcHQiPg0KPHByZT5JIGJlbGlldmUgdGhlcmUncyBubyBzZWN1cml0eSBpc3N1ZSwgYXMg bG9uZyBhcyB0aGUgQ04gZW50cm9weSBpcyBzdWZmaWNpZW50LjxvOnA+PC9vOnA+PC9wcmU+DQo8 L2Jsb2NrcXVvdGU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5n OjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFy Z2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SSBzcGVjaWZpZWQgdGhl IFgtU05JRi1DTjogYXMgbWFuZGF0b3J5LCBhbmQgdGV4dC9wbGFpbiBib2R5IGFzIGFuPGJyPm9w dGlvbmFsIGR1cGxpY2F0ZSBvZiBpdC4gVG8gbWFrZSBpdCBjbGVhbmVyLCBJIGNhbiByZW1vdmUg dGhlIGJvZHk8YnI+ZnJvbSB0aGUgc3BlY3MgYW5kIHNheSB0aGUgcmVzcG9uc2UgYm9keSBpcyB0 byBiZSBpZ25vcmVkLjxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJlPjxicj5J ZiBib3RoIGFyZSBwcmVzZW50LCBhbmQgdGhleSBkb24ndCBtYXRjaCwgdGhlbiB0aGVyZSBpcyBj b25mdXNpb24uPGJyPlNvIGp1c3QgZ28gd2l0aCBvbmUuJm5ic3A7IEkgdGhpbmsgdGhhdCBpdCBz aG91bGQgYWN0dWFsbHkgYmUgYSBKU09OIG9yIENCT1IgcGF5bG9hZCByZXR1cm4uPG86cD48L286 cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0 Ij48YnI+QWdyZWVkLCBJIHJlbW92ZWQgdGhlIHJlc3BvbnNlIGJvZHkgZnJvbSB0aGUgZHJhZnQs IGdvaW5nIHdpdGggdGhlIGhlYWRlci48bzpwPjwvbzpwPjwvcHJlPg0KPGJsb2NrcXVvdGUgc3R5 bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNBRDdGQTggMS4wcHQ7cGFkZGluZzow aW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdp bi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo2LjBwdCI+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg IzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4N CjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjRkNBRjNF IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2lu LXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206Ni4wcHQiPg0KPHByZT5U aGV5ICphcmVuJ3QqIHdoYXQgSUFOQSB3b3VsZCBjYWxsICZxdW90O0lQIHByb3RvY29scyZxdW90 Oywgd2hpY2ggd291bGQgYmUgdGhpbmdzPGJyPmxpa2U8YnI+VENQLCBVRFAsIFNDVFAsIEVTUCwg Li4uPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+ PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItbGVmdDpzb2xpZCAjOEFFMjM0IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7 bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdp bi1ib3R0b206Ni4wcHQiPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNGQ0FGM0UgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4t bGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRv bTo2LjBwdCI+DQo8cHJlPkhhcyBJQU5BICphbHJlYWR5KiByZWdpc3RlcmVkIHBvcnQgNzEyMyB0 aGVuPzxvOnA+PC9vOnA+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8cHJl PjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLWxlZnQ6c29saWQgIzhBRTIzNCAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0 O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJn aW4tYm90dG9tOjYuMHB0Ij4NCjxwcmU+SXQncyBub3QgYW4gSVAgcHJvdG9jb2wuIEl0J3MgYSBz ZXJ2aWNlIHRoYXQgbGlzdGVucyBvbiBUQ1AgNzEyMywgSTxicj5yZWdpc3RlcmVkIHdpdGggSUFO QSBiYXNlZCBvbiBhIHByZXZpb3VzIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50LDxicj5iZWZvcmUg SSB0dXJuZWQgaXQgaW50byBhbiBJLUQuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4N CjxwcmU+PGJyPkkgdGhpbmsgeW91IHNob3VsZCBkcm9wIHRoZSAmcXVvdDtzbmlmLSomcXVvdDsg c2VudGVuY2UgYXMgaXQgbWFrZXMgbm8gc2Vuc2UuPGJyPllvdSBoYXZlIGFscmVhZHkgYWxsb2Nh dGVkIFRDUCBwb3J0IDcxMjMgdG8gdGhlIFNOSUYgKnNlcnZpY2UqLCBzbzxicj50aGF0J3MgZ3Jl YXQuPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1i b3R0b206MTIuMHB0Ij48YnI+SXQncyBhY3R1YWxseSBjYWxsZWQgJnF1b3Q7U2VydmljZSBOYW1l cyZxdW90OyBpbiBJQU5BIHRlcm1pbm9sb2d5LCBzb3JyeSBmb3IgdGhlIGNvbmZ1c2lvbi4gSSB1 cGRhdGVkIGluIHRoZSBkcmFmdC48YnI+PGJyPjxvOnA+PC9vOnA+PC9wcmU+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0FEN0ZBOCAxLjBwdDtwYWRk aW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjYuMHB0Ij4NCjxwcmUgc3R5bGU9Im1hcmdp bi1ib3R0b206MTIuMHB0Ij48YnI+LS08YnI+XSZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBO ZXZlciB0ZWxsIG1lIHRoZSBvZGRzISZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyB8IGlwdjYgbWVzaCBuZXR3b3JrcyBbPGJyPl0mbmJzcDsmbmJzcDsgTWljaGFlbCBSaWNo YXJkc29uLCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNwOyBJb1QgYXJjaGl0ZWN0Jm5ic3A7 Jm5ic3A7IFs8YnI+XSZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8YSBocmVmPSJtYWlsdG86bWNy QHNhbmRlbG1hbi5jYSI+bWNyQHNhbmRlbG1hbi5jYTwvYT4mbmJzcDsgPGEgaHJlZj0iaHR0cDov L3d3dy5zYW5kZWxtYW4uY2EvIj5odHRwOi8vd3d3LnNhbmRlbG1hbi5jYS88L2E+Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsgcnVieSBvbiBy YWlscyZuYnNwOyZuYnNwOyZuYnNwOyBbPG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4N CjxwcmUgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyIj48aHIgc2l6ZT0iMiIgd2lkdGg9IjEwMCUi IGFsaWduPSJjZW50ZXIiPjwvcHJlPg0KPHByZT5TZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3Q8YnI+ PGEgaHJlZj0ibWFpbHRvOlNlY2Rpc3BhdGNoQGlldGYub3JnIj5TZWNkaXNwYXRjaEBpZXRmLm9y ZzwvYT48YnI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9z ZWNkaXNwYXRjaCI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNw YXRjaDwvYT48YnI+SU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwg YW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2 aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90 aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVu dHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUg b3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91LjxvOnA+PC9v OnA+PC9wcmU+DQo8cHJlIHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlciI+PGhyIHNpemU9IjIiIHdp ZHRoPSIxMDAlIiBhbGlnbj0iY2VudGVyIj48L3ByZT4NCjxwcmU+U2VjZGlzcGF0Y2ggbWFpbGlu ZyBsaXN0PGJyPjxhIGhyZWY9Im1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZyI+U2VjZGlzcGF0 Y2hAaWV0Zi5vcmc8L2E+PGJyPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vc2VjZGlzcGF0Y2giPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vc2VjZGlzcGF0Y2g8L2E+PG86cD48L286cD48L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxwcmU+ PGJyPi0tPGJyPklvdG9wcyBtYWlsaW5nIGxpc3Q8YnI+PGEgaHJlZj0ibWFpbHRvOklvdG9wc0Bp ZXRmLm9yZyI+SW90b3BzQGlldGYub3JnPC9hPjxicj48YSBocmVmPSJodHRwczovL3d3dy5pZXRm Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lvdG9wcyI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9pb3RvcHM8L2E+PGJyPklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5 IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv c2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r IHlvdS48bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5JTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBh bmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZp bGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3Rp ZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50 cyB0byBhbnkgb3RoZXIgcGVyc29uLA0KIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3Jl IG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjxvOnA+ PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCklNUE9SVEFOVCBOT1RJ Q0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNv bmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhl IGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5 IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVz ZSBpdCBmb3IgYW55IHB1cnBvc2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24g aW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_DBBPR08MB5915AC6A162154A6B53D27B7FA069DBBPR08MB5915eurp_-- From nobody Sat Mar 5 11:03:30 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19E853A0A65 for ; Sat, 5 Mar 2022 11:03:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.109 X-Spam-Level: X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddHJXI1VAVvC for ; Sat, 5 Mar 2022 11:03:23 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E413D3A0A62 for ; Sat, 5 Mar 2022 11:03:22 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 218C338A31; Sat, 5 Mar 2022 14:12:33 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 9IMUEx4Q6QMM; Sat, 5 Mar 2022 14:12:31 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 3ADDD3899B; Sat, 5 Mar 2022 14:12:31 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1646507551; bh=dq/geWyCOU0Mi3Z/UORT5FfFG9u4+eQU0DL9LvuRNb8=; h=From:To:Subject:In-Reply-To:References:Date:From; b=taXruZUCl8bWyxXKkQakZvFMr2ImmcCjfzp7wJlsJhhE/ShY37DeTIoODSpoy+2gQ 7ZGQQW4K9W7E7nqTsvy8M3piZNw3gw+ajN+Zi1df6kBKY6SM6VMJ2dtAPfKRDW/gfn RzhcpYvsW6Y20Yuw9GEo0PuAOwwmSTKnnvFb9u8d/YQH0NSmcwGHExRTR748kDhqqr f2rhmkHjRF/Bw9XICdic8cno806V8wcftwcv4iscki4qQoYc1ahmwpacU5SokWKeOg EHzQNbSUaxbD3/QDIsXCC4ld9s08FFaiDsOlkRZfVXpQqu/6qStJLb7vj7K6RcrNG2 DIdnRHyAANDrQ== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D60D51D3; Sat, 5 Mar 2022 14:03:18 -0500 (EST) From: Michael Richardson To: Christopher Wood , secdispatch@ietf.org In-Reply-To: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> References: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 19:03:28 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Christopher Wood wrote: > There are a number of different protocols that require multiple clien= ts > to discover a common =E2=80=94 or consistent =E2=80=94 cryptographic = public key for > use, including: Privacy Pass [1], Oblivious DoH [2], and Oblivious HT= TP > [3]. Consistency here means that all clients obtain the same view of > the public key. An inconsistent view can lead to privacy attacks. > For example, in Privacy Pass, if an attacker can somehow force a sing= le > (set of) client(s) to use a public key that is distinct from all other > clients, then the key used effectively partitions the set of clients > into two buckets, and the size and number of these partitions influen= ce > the overall privacy posture of the protocol. "somehow" ... such an attacker can substitute any on-path attacker key. I don't see how this is distinct from all the other attacks. > [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ > [5] https://datatracker.ietf.org/doc/slides-110-privacypass-key-consi= stency-and-discovery/ In reviewing the documents, it seems that it's not "somehow", it's that the= proxy has been persuaded to collude with a third party. Perhaps that would be better to s= ay. Perhaps "persuaded" is the wrong term as well, since I think that the goal = is to defend the proxy against NSLs that would force the proxy to collude. What is needed is a kind of canary such that for clients can detect when th= ey are being singled out, and then refuse to operate with that proxy. By existence of such a mechanism, proxies can effectively render themselves useless to such forms of "persuasion". =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iPMEAQEKAB0WIQSk7ZHEG9TCGBNASfm/sjw/rPYc8wUCYiOz9gAKCRC/sjw/rPYc 8wiIBf9+dPQh03g7KD+sNx3OhGBZali+9tv+Ph+EcDQd13eB/OVV6JDY8ow0rI5B yCVy0jpS1wO8Bw4xdBj3vMIOPGwP4iOlA4H+WZm3J2T/JDhW6X172x0uLyG5S5o6 UKZKgsl7LlhIkS2qjzNVVN4qY/KHSDXP1Zuc4kV8x8Fw4pTa5UdDHvYIlhrrCZc+ UrgmAbRoCNspcWw62etGCQ1vKTfD/fSamkLvKiAj9lw0nEILzLKWo5N2wilE6CVl FuCHbRA= =viGq -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Mar 5 11:44:41 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37B663A0B0D; Sat, 5 Mar 2022 11:44:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.109 X-Spam-Level: X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAbYgFYyHTG5; Sat, 5 Mar 2022 11:43:59 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AEA3A0AFE; Sat, 5 Mar 2022 11:43:59 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 94A8538CA9; Sat, 5 Mar 2022 14:53:10 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id j-ph8OPEw8Ps; Sat, 5 Mar 2022 14:53:09 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E3EED38CA8; Sat, 5 Mar 2022 14:53:08 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1646509988; bh=3B6Fj53Lm7D403dvp8pM2fc5zyjWXKpcasOuFBfUa4I=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=xNK9wtrkovnpLkGWfKnHPehl1N6vxoyHXHz5dvDFz5q/ZboCv2v3AoLEYR66HLJVS ioSP/oFIfL6B+ssfEjUNOEzKB24mSKIRX3zurbEXCJVZwDAIpq9vAze+mzTBdBZJb2 QQbeHnYdB/LZobeBEYh0c8h5KG7TeLYryXyM86mkNcOJck9aRVEaFvrvuchFpGPI8U pJFJhtZx4w5i52F2pC378KEqB83ASasbSyoebQzVtV42ie+UF5eUawPTmaTDGh51kb rRfy0aZjwvg0MRIl9nUM5FlOHdaNqQdG+962KWnSgmkMDdij2cIX8ub2N56k5lNwR3 CU1gmAfz15Sig== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 8A2457CD; Sat, 5 Mar 2022 14:43:56 -0500 (EST) From: Michael Richardson To: "secdispatch\@ietf.org" , Jim Zubov cc: Hannes Tschofenig , "iotops\@ietf.org" , "anima\@ietf.org" In-Reply-To: <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 19:44:05 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Jim Zubov wrote: > I just want to emphasize once again that the relay is end to end TLS. > There are some IoT management solutions on the market, both open sour= ce > and proprietary, but as far as I can tell none of them fully follows > the end to end paradigm. I believe it's worth having a universal > cross-vendor solution that handles SNIF device onboarding, maintains > the credentials in a local secure storage, and consolidates https bas= ed > management interface hosted by individual devices through SNIF. Even if SNIF winds up "just" being a standardized way to call-home, I think that has value. I think that some text needs to be added contrasting SNIF to UPnP and RFC6887 (Port Control Protocol). What I haven't heard any comments in on the SECDISPATCH point of view about what to do with this document. Have the SECDISPATCH chairs put it on the agenda, or is there any agreement that maybe IOTOPS should dispatch it? Hannes: what do you think? =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iPMEAQEKAB0WIQSk7ZHEG9TCGBNASfm/sjw/rPYc8wUCYiO9fAAKCRC/sjw/rPYc 88KwBf9sU7BKrkflIFz3rS0mPu+ZyiIHYcWdDkwMMbiqB6tIk2B/5ZUvt/urhXaY 7js3zwkusEdcELV0qVXixUbwxb1As81Y/o4MK2bjkLPGBV5nyfmTkD9EduQS4fim PsJenCqC9JnrA1Vcxbc+mcNWLw+689bVyjhFVhvtbW3xexGx7WwHEBEkAIys9cdm pJ0BmK4ZBKJvSv0vP+kHmyl5V4qBoSI/kM8iq2XcVjRXcnkIohEPv6TzhmkfFh4p mHFibUs= =LA4u -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Mar 5 11:49:18 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6EFE3A0B18 for ; Sat, 5 Mar 2022 11:49:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.906 X-Spam-Level: X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePUxRvjyGjeK for ; Sat, 5 Mar 2022 11:49:12 -0800 (PST) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C52E3A0AFE for ; Sat, 5 Mar 2022 11:49:12 -0800 (PST) Received: by mail-io1-xd2a.google.com with SMTP id r8so13069926ioj.9 for ; Sat, 05 Mar 2022 11:49:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IJfrC52m1u9nkBdZBayL/hU/5Umt8cjuxnhcX5Xv87w=; b=40NJY1W9ry+LtJ94GkPG1A91/9/4euASBqD93YBOKj+cBGUwfOsjAEEvgNfYa6LX5Y hqA4Lyg7Y7AVuD75Me38gMr4wAwWp/sov32My7yThqFl0LuS+pBVbjR1wnJohV7Zhuvw QMNK+qDk17Q6G1y1Fi4NHlv+THsXER8xcS1C57V4fgcTCl79Pfj9AEzRFk7V3bUBRLzg icWy3pC4lT4Vuxc5We3EIk1Njlk5eDJzp51/Lu5MmrG3S6w4uKrgI8cFPWH+XdagAkOH cFyE4XJFz5g5/tg+QXTfS9tUS9LCOH2/3VLvIp0EGhIGGm//fzFr7541QTrFg/Dl7B+4 ewdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IJfrC52m1u9nkBdZBayL/hU/5Umt8cjuxnhcX5Xv87w=; b=L0Uz5/mB4Vxm2lQ4/7Ic/pmev8MNeaE9XXjExjaCM721375joSEoHecBC+t65p6pam OJe1JMY5ZEqEQ+/A782IMX7x2Fq53Tmq6OWATR5uFyYMauJ0eoW52qIqA1KPkckQ3nUy NWail1GwsEccGdfnLtGhluIxEyCYjaXPeO3qQJIvCReEau7BTP3yZagONSHHlvKR5j/y snfbtn/qK7UG6as7NAvRYQP1wkbmJ7QJJPKOE/mzi6O9dY+Y3e5xg353+072i+3hNTDT IagPcfMNEjdYRaNLpmkIwxKJqqgV5r9v+WfZVOGW/bkMRYyMxFJfHbPTOHHAh/xYGXqK GW7Q== X-Gm-Message-State: AOAM533U8j/NarI8oiVqF2RuehyiuRJHAWgPaMacDtjS8x8UW6UcJBZT dn5eEnjaCau17Ef/is7vvhj6wyNtM61aKyk2nSxYnA== X-Google-Smtp-Source: ABdhPJxEVFsd03Rn/BaQvFblPyFHt3OXynNS+3Qo9TLWOaJ9/J0QEN8/Biwq0HRqAuxpSiTz8mMKar5ehd9L72reGmk= X-Received: by 2002:a5e:d60d:0:b0:640:9e90:c1c4 with SMTP id w13-20020a5ed60d000000b006409e90c1c4mr3941293iom.0.1646509751178; Sat, 05 Mar 2022 11:49:11 -0800 (PST) MIME-Version: 1.0 References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> In-Reply-To: <6296.1646509436@localhost> From: Eric Rescorla Date: Sat, 5 Mar 2022 11:48:35 -0800 Message-ID: To: Michael Richardson Cc: "secdispatch@ietf.org" , Jim Zubov , Hannes Tschofenig , "anima@ietf.org" , "iotops@ietf.org" Content-Type: multipart/alternative; boundary="000000000000d6afef05d97dec49" Archived-At: Subject: Re: [Secdispatch] [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 19:49:17 -0000 --000000000000d6afef05d97dec49 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Mar 5, 2022 at 11:44 AM Michael Richardson wrote: > > Jim Zubov wrote: > > I just want to emphasize once again that the relay is end to end TL= S. > > There are some IoT management solutions on the market, both open > source > > and proprietary, but as far as I can tell none of them fully follow= s > > the end to end paradigm. I believe it's worth having a universal > > cross-vendor solution that handles SNIF device onboarding, maintain= s > > the credentials in a local secure storage, and consolidates https > based > > management interface hosted by individual devices through SNIF. > > Even if SNIF winds up "just" being a standardized way to call-home, I thi= nk > that has value. I think that some text needs to be added contrasting > SNIF > to UPnP and RFC6887 (Port Control Protocol). > > What I haven't heard any comments in on the SECDISPATCH point of view abo= ut > what to do with this document. I provided some comments at the end of my review. Briefly, I have doubts that this is the best technical approach and so I think if we are to work on this problem we should start by working out the problem statement and requirements first= . Have the SECDISPATCH chairs put it on the > agenda, I think putting it on the SECDISPATCH agenda would be appropriate > or is there any agreement that maybe IOTOPS should dispatch it? > I think that would be a bad idea. There's nothing really IoT-specific here. -Ekr > Hannes: what do you think? > > > -- > Michael Richardson . o O ( IPv6 I=C3=B8T consul= ting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima > --000000000000d6afef05d97dec49 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Sat, Mar 5, 2022 at 11:44 AM Micha= el Richardson <mcr+ietf@sande= lman.ca> wrote:

Jim Zubov <ietf-list@commercebyte.com> wrote:
=C2=A0 =C2=A0 > I just want to emphasize once again that the relay is en= d to end TLS.
=C2=A0 =C2=A0 > There are some IoT management solutions on the market, b= oth open source
=C2=A0 =C2=A0 > and proprietary, but as far as I can tell none of them f= ully follows
=C2=A0 =C2=A0 > the end to end paradigm. I believe it's worth having= a universal
=C2=A0 =C2=A0 > cross-vendor solution that handles SNIF device onboardin= g, maintains
=C2=A0 =C2=A0 > the credentials in a local secure storage, and consolida= tes https based
=C2=A0 =C2=A0 > management interface hosted by individual devices throug= h SNIF.

Even if SNIF winds up "just" being a standardized way to call-hom= e, I think
that has value.=C2=A0 =C2=A0 I think that some text needs to be added contr= asting SNIF
to UPnP and RFC6887 (Port Control Protocol).

What I haven't heard any comments in on the SECDISPATCH point of view a= bout
what to do with this document.=C2=A0

I prov= ided some comments at the end of my review. Briefly, I have doubts that thi= s
is the best technical approach and so I think if we are to work= on this problem
we should start by working out the problem state= ment and requirements first.


=C2=A0 Have the SECDISPATCH chairs = put it on the
agenda,

I think putting it on the SECDISPAT= CH agenda would be appropriate

=C2=A0
or is there any agreement t= hat maybe IOTOPS should dispatch it?

I = think that would be a bad idea. There's nothing really IoT-specific her= e.

-Ekr



Hannes: what do you think?


--
Michael Richardson <mcr+IETF@sandelman.ca>=C2=A0 =C2=A0. o O ( IPv6 I=C3=B8T co= nsulting )
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Sandelman Software Works Inc, Otta= wa and Worldwide




_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
--000000000000d6afef05d97dec49-- From nobody Sat Mar 5 12:16:01 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630CA3A0B55; Sat, 5 Mar 2022 12:15:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.109 X-Spam-Level: X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wER8jOkIJPhU; Sat, 5 Mar 2022 12:15:33 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 822A23A0B5B; Sat, 5 Mar 2022 12:15:32 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 6460E38CD1; Sat, 5 Mar 2022 15:24:42 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zGZmMz4sEb7A; Sat, 5 Mar 2022 15:24:40 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7392338B20; Sat, 5 Mar 2022 15:24:40 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1646511880; bh=3lNcGikwMsQwwZf4tJM0t71t1ZqZGr7taQqQQVLEipA=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=vIHo/xvSOg6++olONzvxBt05ZgzsOPu0wn6teKgnQQTwdVpi5dggk5WT7FP8NBVjf 4ACX2oyNJJLhqTk0vb21DcPEdYcvjySEDWh+Q+5jsk4RmrWVq2kOnMwt70XqWVgisp 39VhAUb+AFhUvqNckLlJ76dzNttsnsqSXTBYTER+uXLW+YZpiKxCdjxRs+Nx5EbzjA bIY2eR4s4SmuyldlB9E+rI3dpegDeKNNBscBvCGIEonLZ5liWGzG3RLMowuqsmNzDF DXuECSHeUjR4nhfg3HMdKbfn5RVkD2wF2h1XQH9Y8bBA/o4hnlKDo5G1hl+RCf24sT gip22JtLN9dSw== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 069207CD; Sat, 5 Mar 2022 15:15:28 -0500 (EST) From: Michael Richardson To: Hannes Tschofenig cc: Jim Zubov , "secdispatch\@ietf.org" , "iotops\@ietf.org" , "anima\@ietf.org" In-Reply-To: References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 20:15:39 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hannes Tschofenig wrote: > Based on what you wrote below I was actually wondering if the use of > TLS or DTLS at the application layer wouldn=E2=80=99t even be a better It took me a few moments to realize you meant ATLAS. There is also, now, oblivious HTTP/TLS. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iPMEAQEKAB0WIQSk7ZHEG9TCGBNASfm/sjw/rPYc8wUCYiPE3wAKCRC/sjw/rPYc 85aIBf0brGXKr6G0JslqJaRcZKbVKotfQEbFY+GDupMZXXLcEEIOrKs4Okj4e8jP /q5otgC8BR+5wjB7cuWsq8LNH81DCdY09sygHKUf6nOi+VNwBATY8OSKGRDy6aIG SoRH1m/FSn4+bZQ9cl/P80IVeBHfShxyBfqYRvhC8eUM+Z3vPy1q5nINh9zHsBG8 HQD+vXt80aNFX8fL+5coZhvCI6Yh0xIWGBx/WdjH/MDnwMOxailT+iwS9QS180Ev 0hFhWlg= =3xG7 -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Mar 5 14:06:33 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DC0B3A0D35; Sat, 5 Mar 2022 14:05:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.108 X-Spam-Level: X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=commercebyte.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIdie205eJbO; Sat, 5 Mar 2022 14:05:47 -0800 (PST) Received: from ocean1.commercebyte.com (ocean1.commercebyte.com [104.131.120.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AF453A0D32; Sat, 5 Mar 2022 14:05:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=commercebyte.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:References:In-Reply-To:Subject:CC:To:From:Date; bh=ywXPKJjpJyWsBL2ELGS7cWGzz3ntmncojLcMaqCFNY4=; b=AVlhfmP0G5UHYYYA4hiTx7SUYwupFHonUSwCzDc5bkEY9XG0f7giX/bZ6iV7m5cWcZUUdefWrCDie0EgIMuNxS1gpoxWK8BwRQRMqOwtn4vXvAtWf6ngb0hHoTQI/I5b8Wp/aXShVPpkbeQLmP38qAPoiNLL+tYulE24fSF3cIE=; Received: from [47.204.174.73] (port=40730 helo=[127.0.0.1]) by ocean1.commercebyte.com with esmtpsa (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1nQcX2-0000EF-HP; Sat, 05 Mar 2022 17:05:44 -0500 Received: from [206.81.2.95]:7120 (helo=[127.0.0.1]) by [192.168.254.152]:49416 (localhost) with VESmail ESMTP Proxy 1.59 (encrypt=FALSE mode=FALLBACK); Sat, 05 Mar 2022 17:05:43 -0500 Date: Sat, 05 Mar 2022 17:04:57 -0500 From: Jim Zubov To: secdispatch@ietf.org, Michael Richardson , Hannes Tschofenig CC: "secdispatch@ietf.org" , "anima@ietf.org" , "iotops@ietf.org" , Jim Zubov User-Agent: K-9 Mail for Android In-Reply-To: <16442.1646511327@localhost> References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>, <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <16442.1646511327@localhost> Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----LI0I12QGORW6V91BMZIZHG09AW0CJ6 Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ocean1.commercebyte.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - commercebyte.com X-Get-Message-Sender-Via: ocean1.commercebyte.com: authenticated_id: jz@nixob.com Archived-At: Subject: Re: [Secdispatch] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 22:05:53 -0000 ------LI0I12QGORW6V91BMZIZHG09AW0CJ6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I agree with Hannes that a pre-existing relay infrastructure can be used to= tunnel TLS in place of SNIF relay=2E The CA proxy is still needed to maint= ain the cert=2E As per Eric Rescorla's arguments, i can also envision a possibility to upg= rade an established SNIF control socket to MASQUE over H2, or to use MASQUE= over QUIC as an alternative=2E However I still don't see any added value i= n doing so, opposed to multiple added complications, as I don't see a pract= ical case with a large number of concurrent SNIF service connections=2E If anybody has a different opinion please chime in=2E On March 5, 2022 3:15:27 PM EST, Michael Richardson wrote: > >Hannes Tschofenig wrote: > > Based on what you wrote below I was actually wondering if the use o= f > > TLS or DTLS at the application layer wouldn=E2=80=99t even be a bet= ter > >It took me a few moments to realize you meant ATLAS=2E >There is also, now, oblivious HTTP/TLS=2E > >-- >Michael Richardson =2E o O ( IPv6 I=C3=B8T co= nsulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > ------LI0I12QGORW6V91BMZIZHG09AW0CJ6 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable I agree with Hannes that a pre-existing relay infr= astructure can be used to tunnel TLS in place of SNIF relay=2E The CA proxy= is still needed to maintain the cert=2E

As per Eric Rescorla's argu= ments, i can also envision a possibility to upgrade an established SNIF con= trol socket to MASQUE over H2, or to use MASQUE over QUIC as an alternative= =2E However I still don't see any added value in doing so, opposed to multi= ple added complications, as I don't see a practical case with a large numbe= r of concurrent SNIF service connections=2E
If anybody has a different o= pinion please chime in=2E

On March 5, 202= 2 3:15:27 PM EST, Michael Richardson <mcr+ietf@sandelman=2Eca> wrote:= 

Hannes Tschofenig <Hannes=2ETsch=
ofenig@arm=2Ecom> wrote:
Based on what you wrote below I was actually wondering if the use ofTLS or DTLS at the application layer wouldn=E2=80=99t even be a better

It took me a few moments to realize you meant ATLAS=2EThere is also, now, oblivious HTTP/TLS=2E

--
Michael Richardson =
<mcr+IETF@sandelman=2Eca>   =2E o O ( IPv6 I=C3=B8T consulting )
 =
          Sandelman Software Works Inc, Ottawa and Worldwide



------LI0I12QGORW6V91BMZIZHG09AW0CJ6-- From nobody Sat Mar 5 14:28:43 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07BC23A0D58; Sat, 5 Mar 2022 14:28:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.109 X-Spam-Level: X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTkd00A7CRPP; Sat, 5 Mar 2022 14:27:55 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8255E3A0D51; Sat, 5 Mar 2022 14:27:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 5466638CC5; Sat, 5 Mar 2022 17:37:04 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id lDQ8XiIamZt2; Sat, 5 Mar 2022 17:37:00 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id D1D3638CC3; Sat, 5 Mar 2022 17:37:00 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1646519820; bh=/NRgkXE8y2KcNRMIgp3e8LwmKBeMWEh8dLr78Lv11aw=; h=From:To:Subject:In-Reply-To:References:Date:From; b=1ntN62jvxcCpFSE5ypFkzTeu2cdL1S0C/K7zWlcnPqAwN7XLmHJZRUzprWeLIr4eY MquZdek5245FlOHz0YhD3PbSxxtJk8RpnoS1f0zyHWpTCpetlCkv1n8r68vGIAfAw1 oMXlbFnuBw6PUgXAh/kmV0lUx+HsNvt3+bMC7g+zxTLr0s7SriCbX6miFdnYTCaM7I JjYlcezrzN+ThCTKgRBrWFytANEbA5CMuUA68mydzUTLmryP6kHn5TD1Y3KZ9WKSPI RRpp+n3KP7j0XDFK7Jul1+G7e0u/mAeBWWWR9kOGvHecF4SO8jvkMp4fuIfr+7qZZU GkCS9aTEZfRRg== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0F8D266A; Sat, 5 Mar 2022 17:27:48 -0500 (EST) From: Michael Richardson To: Eric Rescorla , "secdispatch\@ietf.org" , Jim Zubov , Hannes Tschofenig , "anima\@ietf.org" , "iotops\@ietf.org" In-Reply-To: References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 22:28:00 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Eric Rescorla wrote: > I provided some comments at the end of my review. Briefly, I have dou= bts > that this > is the best technical approach and so I think if we are to work on th= is > problem > we should start by working out the problem statement and requirements= first. I would agree with you. In particular, I think that UPnP or PCP, in combination with some kind of dynamic DNS infrastructure, could do everything SNIF does, and do it in a far more decentralized fashion. So what is it that SNIF does that is truly different? >> Have the SECDISPATCH chairs put it on the >> agenda, > I think putting it on the SECDISPATCH agenda would be appropriate Good. >> or is there any agreement that maybe IOTOPS should dispatch it? > I think that would be a bad idea. There's nothing really IoT-specific= here. There is often nothing IoT specific about many things. There is however a community of people who understand the set of tradeoff in deploying systems at large scale that have no human at the helm. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iPMEAQEKAB0WIQSk7ZHEG9TCGBNASfm/sjw/rPYc8wUCYiPj4wAKCRC/sjw/rPYc 8zW1Bf4y2JnW5465qzZxol3PnKLU4pQ1PofoKw77a8eAUNiNvn3Hob3LFBfjwTBJ 72Gw+pcgfb7Ww50aJmt9fa3RAR+5VpB68YXU561uzwEmN13sHcToqv0FFtThq9M6 SAiWcnmS2zbHXVrrWE0ua0EyQXtidCXD0NrsLeUJ/LpFZiE6qbbJQNbzltpX3Njh TZgkn2uhMv4gChRwkwnA5AiHTeknKFiMX6QBhwiiyjqThNx5qxe7XiYAoqF74gcY 7l34TVQ= =REA/ -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Mar 5 14:46:53 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6EBF3A0DD6 for ; Sat, 5 Mar 2022 14:46:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.906 X-Spam-Level: X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwPFK2XC-7S4 for ; Sat, 5 Mar 2022 14:46:45 -0800 (PST) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 887B03A0DD3 for ; Sat, 5 Mar 2022 14:46:45 -0800 (PST) Received: by mail-io1-xd2a.google.com with SMTP id c18so13304286ioc.6 for ; Sat, 05 Mar 2022 14:46:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EgtbuW9z4EyWSCZ2kgxiH7sG4IRPplCeugl7xSA21YU=; b=qxqtphbw9DB6uwd5z66hzGQnR7pAE85bFl0DU/0T16uHLq9jD/2UJbbGVXfIHwPWOr 8qTWtT+6H20XOn5eTo9ENcbXKLd6dt2CHn6ZJkdFN2mf4hid6OnvWXYp7eIR5jOYVaBz If7i32DkS5XY1Qa7Vb6NHCyqTq7BjS4ZmaCAtJRY9ACC3MchAXmaHKQjM4M/JjXkTenk L7DFjJVR9rFGvT9fr0eXgnqqLA8U8vaDzMO2oz83/5HPsD7QsdhbazDyFAq4/rumr1GG /9derRjNLSB6kKlL4E2GUZZV40miF0K6WaMjnyI/COX0kLtsA/DgE11wJpM/8ktP8MH9 e/tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EgtbuW9z4EyWSCZ2kgxiH7sG4IRPplCeugl7xSA21YU=; b=FAZOwu/DMk/UmAv9uwJUNuTwluF08E38IRKKHoKu/r0zor3sg7U/QdtmrN8GuRNwSg 1/FHcgnVP9J4AEFyI2t7YQxGmoULm7O21uBu6bwWGsCFON4ODy4OAlxjimLxCztzerQQ s1aYI6sKPyOZZvDVhqyv6c5MSGVphojgu7IM3AcyQE6sUeKKtN09Z0vJbDDAYrDtvvfy NktpGSASSsdGhR7/OjKNyJxQiVZtmI5+f4wPjt0UiQa3MakqSAur6qd5FzCefdmp20Lt wbTaEZw0UJxSnC1FlZpn+Q33p2HUbUMe4Q+cWTpluJG1FOPFWfROrdO9hKi/0qU3l+DI eFAA== X-Gm-Message-State: AOAM531cb6UV1PmxkKydlAhS6wg/m7griMgOUd5ssJ45SXC55/O9SyiM jMtHve/t2Wq6JYSfILI+T1Bt2bBJYZDbjw+OYn7GMg== X-Google-Smtp-Source: ABdhPJzt1rirroXpirILwyPlTBvA+sY4XhYbsfH3k8wiMOtaYTAhrDBlJWKMjkJcAJtVWo5yxuR+9NtoFtmyNjNvvAw= X-Received: by 2002:a05:6638:218b:b0:317:9e47:bf43 with SMTP id s11-20020a056638218b00b003179e47bf43mr4432434jaj.20.1646520404553; Sat, 05 Mar 2022 14:46:44 -0800 (PST) MIME-Version: 1.0 References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> <22243.1646519268@localhost> In-Reply-To: <22243.1646519268@localhost> From: Eric Rescorla Date: Sat, 5 Mar 2022 14:46:08 -0800 Message-ID: To: Michael Richardson Cc: "secdispatch@ietf.org" , Jim Zubov , Hannes Tschofenig , "anima@ietf.org" , "iotops@ietf.org" Content-Type: multipart/alternative; boundary="000000000000d44ef205d9806728" Archived-At: Subject: Re: [Secdispatch] [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2022 22:46:51 -0000 --000000000000d44ef205d9806728 Content-Type: text/plain; charset="UTF-8" On Sat, Mar 5, 2022 at 2:27 PM Michael Richardson wrote: > > Eric Rescorla wrote: > > >> or is there any agreement that maybe IOTOPS should dispatch it? > > > I think that would be a bad idea. There's nothing really > IoT-specific here. > > There is often nothing IoT specific about many things. > There is however a community of people who understand the set of tradeoff > in > deploying systems at large scale that have no human at the helm. > I think it would be fine to consult IOTOPs. I'm merely saying that I don't think it's a good idea to have them dispatch something that is so obviously generic. -Ekr --000000000000d44ef205d9806728 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Sat, Mar 5, 2022 at 2:27 PM Michae= l Richardson <mcr+ietf@sandel= man.ca> wrote:

Eric Rescorla <ekr@rtf= m.com> wrote:

=C2=A0 =C2=A0 >> or is there any agreement that maybe IOTOPS should d= ispatch it?

=C2=A0 =C2=A0 > I think that would be a bad idea. There's nothing re= ally IoT-specific here.

There is often nothing IoT specific about many things.
There is however a community of people who understand the set of tradeoff i= n
deploying systems at large scale that have no human at the helm.

I think it would be fine to consult IOTOPs. I'= ;m merely saying that I don't think it's
a good idea to h= ave them dispatch something that is so obviously generic.

-Ekr
--000000000000d44ef205d9806728-- From nobody Sun Mar 6 19:31:08 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 108773A0CF0; Sun, 6 Mar 2022 19:30:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.109 X-Spam-Level: X-Spam-Status: No, score=-1.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_AFFORDABLE=1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=commercebyte.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oW2P0v6KwtSc; Sun, 6 Mar 2022 19:30:38 -0800 (PST) Received: from ocean1.commercebyte.com (ocean1.commercebyte.com [104.131.120.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 844D93A0D3C; Sun, 6 Mar 2022 19:30:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=commercebyte.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:References:In-Reply-To:Subject:To:From:Date; bh=YkQ5OtXQJZkMUoHqJ9ynomA1Bb1Vt4hsQfCgRUmKUGA=; b=pH43SdXpwygJyXBx2zWBWsvJathkOl29LSjfMeJoFslrw7AwgR2hUxG3F5+f5lKNekHkuE/0y0V2b5veRBPGCV9caFvsVymusikpCXLuN5pvabd5smYUVl1XvqHKhJrc3zsSByrTjuQujrplLEK0hByXisDe9NnCXAKzVJmZe+M=; Received: from [47.204.174.73] (port=45334 helo=[127.0.0.1]) by ocean1.commercebyte.com with esmtpsa (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1nR44w-0007yC-DU; Sun, 06 Mar 2022 22:30:34 -0500 Received: from [206.81.2.95]:7120 (helo=[127.0.0.1]) by [192.168.254.152]:41020 (localhost) with VESmail ESMTP Proxy 1.59 (encrypt=FALSE mode=FALLBACK); Sun, 06 Mar 2022 22:30:33 -0500 Date: Sun, 06 Mar 2022 22:30:24 -0500 From: Jim Zubov To: secdispatch@ietf.org, Michael Richardson , Eric Rescorla , "secdispatch@ietf.org" , Jim Zubov , Hannes Tschofenig , "anima@ietf.org" , "iotops@ietf.org" User-Agent: K-9 Mail for Android In-Reply-To: <22243.1646519268@localhost> References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> <22243.1646519268@localhost> Message-ID: <1075E99A-C00A-455E-97E8-2A29BA175F8F@commercebyte.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ocean1.commercebyte.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - commercebyte.com X-Get-Message-Sender-Via: ocean1.commercebyte.com: authenticated_id: jz@nixob.com Archived-At: Subject: Re: [Secdispatch] [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2022 03:30:52 -0000 On March 5, 2022 5:27:48 PM EST, Michael Richardson wrote: > >Eric Rescorla wrote: > > I provided some comments at the end of my review=2E Briefly, I have= doubts > > that this > > is the best technical approach and so I think if we are to work on = this > > problem > > we should start by working out the problem statement and requiremen= ts first=2E > >I would agree with you=2E > >In particular, I think that UPnP or PCP, in combination with some kind >of dynamic DNS infrastructure, could do everything SNIF does, and do it i= n a >far more decentralized fashion=2E > >So what is it that SNIF does that is truly different? I had a discussion with Eric about it=2E SNIF can work for an IoT device behind NAT or firewall through the relay= =2E For IoT devices that have a clean static IP it's possible to use DDNS t= o directly connect to the device instead of the relay (not described in my = draft but is fairly easy to implement through a peripheral process)=2E Regarding the certs, a CA, for example Let's Encrypt, operates in terms of= a 'Registered Domain', e=2Eg=2E something=2Ecom, that you purchase from a = TLD=2E Registered domains are not free, hence having a unique registered do= main per an IoT device is not affordable - even if it's $2/yr nobody's goin= g to eat that cost, and very few IoT end users will be willing to set up th= eir own additional billing=2E Therefore, hostnames for individual IoT devices should be subdomains of a = certain registered domain=2E Since a CA sets limits on API calls within eac= h registered domain, if you allow IoT devices to randomly interact with the= CA you set yourself on a path to a DoS=2E So, having a CA proxy that maint= ains control over the DNS zone and interacts with the CA (without having ac= cess to anybody's private keys) while enforcing anti-abuse policies sounds = like a good solution=2E As for the security risk, it lies in the CA challenge=2E Having a DDNS ser= ver for a zone poses same risk as a CA proxy that has sole control over a D= NS zone, with additional headaches and risks of DDNS authentication for eac= h IoT device=2E If anybody disagrees or has something to add - please chime in=2E > > >> Have the SECDISPATCH chairs put it on the > >> agenda, > > > I think putting it on the SECDISPATCH agenda would be appropriate > >Good=2E > > >> or is there any agreement that maybe IOTOPS should dispatch it? > > > I think that would be a bad idea=2E There's nothing really IoT-spec= ific here=2E > >There is often nothing IoT specific about many things=2E >There is however a community of people who understand the set of tradeoff= in >deploying systems at large scale that have no human at the helm=2E > >-- >Michael Richardson =2E o O ( IPv6 I=C3=B8T co= nsulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > From nobody Sun Mar 6 19:45:56 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7536E3A0C1C; Sun, 6 Mar 2022 19:45:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.011 X-Spam-Level: X-Spam-Status: No, score=-6.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_AFFORDABLE=1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_gRrps_cJDf; Sun, 6 Mar 2022 19:45:38 -0800 (PST) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0728.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::728]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76B43A0C10; Sun, 6 Mar 2022 19:45:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lr+yb9XJAC1YcHKmK0i39PaN4e3oelRszyrNoNqTS2D/XeFQrLCe2EuDGj9rGytodplgNK5j90QHypCzOWKBaxk/C0oYs3ZyFxymkoTzpHW/V0pUWjidXRoP+XW7jy64HosimsIycWrG9RDGAQCiFSy6Fz7XR7maC/vzylArmVY61H48I2Da6J7zLqvBbrYPuaVqbccW3yERg7Qlnux92ZrXnIIdt4aPNgAKWg4N0xVrAyOoJXUaYfBJeHLAp/qK7+GCuBcamTi6gpOBwD4auBahGxnE0uiSEuZ6w+AgjIERpfenq76pwSeEblvX9oifYhZW9USgJhcKaqGn1v+Ipg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6B2BM1IuBIi4PdRQIcbWUdQBHpPvozDit+DQHVNC2dM=; b=PHmtt5fq6ahF4kCdPxSli6HC0FNv2MrsW6iY4HZxjOMbIcYvWl/pjs+d5i2ypVKcmir08K1/r9pt776BY2oJzx1YKaIwEx7mbCDHDbwGUcCsvSOB/jrlxpkWbgiipWvWOgth72EjvyBONKePFvvQr9epsmHZEEUIrkNDNTdaM6UU0ildSI3+0bNdWbyHyGqw+tG/yfTH2w8F6FDxswLDQV5Onl9o1RWm1bSLbuBwNh9ucDFZ0mr1pbEk/sucfmMUJNeSt/2h/ThtbHKxFe0+0tbgtiZPlmwUQSk025RkVm/iOdTzuf6qmYPG4v9aZ510fdm33xy4bkWwN8mWGpux3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6B2BM1IuBIi4PdRQIcbWUdQBHpPvozDit+DQHVNC2dM=; b=P+S7xdFygYUASwqqVEzuiXErj3Ct6Y/t/wvZ5Lgo5c/tEocGURB5u745neQHLmY5yHdCMFVffMsRp8XpFTwvewV7oWPTrm4JCK98SVymRa93icVByLUtPKOq/dwtDkCHVb5n1wNDAHjQ3CG3a7Tsr23WmHrCVHSnqc2F99MZH1M8Qb8Rauh6d8/vAcfa6uUROqAPx6vvL19VEPDfAOgb+FDVWkEnyJZL1/gN4tdmTTJDiCECbC78GyXaUNS02q1FnBffPWcVgLcgiOkTj0wGAA6K7C9TAC+VotDAzcNywYrLwKoUeuRTGj6AWT1R6gAjv5h7u6AODhuv7VAW24BK4g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie; Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS8PR02MB7176.eurprd02.prod.outlook.com (2603:10a6:20b:3f8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Mon, 7 Mar 2022 03:45:29 +0000 Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::d814:ffb7:9500:d217]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::d814:ffb7:9500:d217%4]) with mapi id 15.20.5038.026; Mon, 7 Mar 2022 03:45:29 +0000 Message-ID: Date: Mon, 7 Mar 2022 03:45:26 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Content-Language: en-US To: Jim Zubov , secdispatch@ietf.org, Michael Richardson , Eric Rescorla , Hannes Tschofenig , "anima@ietf.org" , "iotops@ietf.org" References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> <22243.1646519268@localhost> <1075E99A-C00A-455E-97E8-2A29BA175F8F@commercebyte.com> From: Stephen Farrell In-Reply-To: <1075E99A-C00A-455E-97E8-2A29BA175F8F@commercebyte.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------lpr8kEKEbcaT3HJxYZIsZj6U" X-ClientProxiedBy: DU2PR04CA0284.eurprd04.prod.outlook.com (2603:10a6:10:28c::19) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 66e4133f-bafc-4845-d814-08d9ffecebd4 X-MS-TrafficTypeDiagnostic: AS8PR02MB7176:EE_ X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-Microsoft-Antispam-PRVS: X-TCD-Routed-via-EOP: Routed via EOP X-TCD-ROUTED: Passed-Transport-Routing-Rules X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5T0HOJiwMFhdbhQ1P7fzC98bhAy37IXfGM5EJ+EdoCfEueqLHN5yggSyeX5bI8fC8M4E5sjZ5zuc3aCWs7jxBaasfLJH/TknGuZKxoTkZNBNVCYxIuUV6kLc7qQ4NWwBXeQI3R789TjX0SBYcUS1v/R9mC+4qwC4scJmqN7hNj2OF9HKgn93fQtBZcX5iI62mE0AntnoCZ563DgbNzpkCJ0TK1o3vN3o7z2uBgMZLkB9b5f5V/bNGpfBHhS7qRZpC4x+3LA1xuLN4/JClR4DD6I5obBfSV82ziP0nFosTPMH3GCttjufAvcGqkZQ+Yzon0ScgAcPPUQLSW2t93QBkY+f4g/Ox73ioYluKeKARt51s59F8NQJAUoCA4SJRR3NpnJPqaIFJWXND7MWs7uVt18IAK5/vJoM6Upd0rpz4Fb0T030y8lyrCiSWiLqvDOHRuXd8XKXfVlRHd41gHMQt1ZyMci+N971t8L8DK4mKt/8GTlc8RnJhbTFTE9CjkYB7IhSt9q1PfFEVXPnEc0EOr0fTOj1+p4UxjSE1C5xBvufJ78an22vvEZi6boZFRPUcU9TNiAYUkhvD4qxDrEuCScgvVGR0DyE43zjTOD1TfgMIByL/Qgr1iUy3eGJ6bc5GYCwOzJWuPgtmWF2cwomZBe6veUUMFXxQIVCz04iOVRja9d61HJ5LFDW7tvOLlUI+trRSwTBY4fR/exxuEPR/ugwlpjvxaFsa2DvSgW0ISOQ37WGNjX72lZYYkLybKbJuU8pOyqrcKRzYRzwJIHydqUSQw5nlovi0BO+sSF+Kb7yZL8sj2eLF3kTb824Hu5s X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(31696002)(5660300002)(38100700002)(53546011)(6506007)(83380400001)(86362001)(966005)(45080400002)(8676002)(66556008)(6486002)(31686004)(66476007)(508600001)(316002)(786003)(110136005)(66946007)(6666004)(36756003)(235185007)(186003)(8936002)(66574015)(2616005)(44832011)(2906002)(21480400003)(6512007)(33964004)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VU5ZT2dkeUhHLzJ6U3VUYjhSb0xzNEFLbzBrL0thbXJHclVYRWRoMU9kV0U1?= =?utf-8?B?eC9FNTlsbW9oQnRuVHVOY3hPUHRnQWhnblIzejdvTGRlVEdhMHpYeHpaTlFT?= =?utf-8?B?TW9aWlNiVXJNdUxiNkJBYUcvbE1PbWxCTlJCZVA5SUJsZGo3TERmdTRmcmhr?= =?utf-8?B?a01RM1pSR20vT0xvS2dWcklmS2Q4RUhoZEtkVTFBbjhnaHYydjN0SVYxZ3ZU?= =?utf-8?B?VGtOZVFnRnE0MVNtNWNCUjUrM2YwTDhDQmcvaDQ0SXh5VDY5K3JSTlNMUG9a?= =?utf-8?B?cVMvbStEWEdxSVE2TWpRUUxUOHBYQ2d3QTltcXFkaDhrK1lkZlYyQS8zRDhZ?= =?utf-8?B?ZXAwVnVscVZ4R3pxSmRyd3MxcWFIdUM1aWJVOEhVcWhSNHFDak9RWElnY0JK?= =?utf-8?B?NitHYjIrYVVFbmpWYWpuTHFiWUZhOXZKRXEwVUk3N3JMdFB2WkdoWUVRRDdB?= =?utf-8?B?RzFERFdYMEc4TjhjN1V3ZmhVU0ZDUU5TQy9CVWhjY3NUZ3ZIS1ZrVUhpMEpi?= =?utf-8?B?VTh2eXdvcmdWUENwNXFqUDZXM2c2MjVydmNiRjJ5R2Mza3JyWGl6d3ZxOXZB?= =?utf-8?B?bk93K3huVFVqcnVudStlQzIyV1VDcW5OaTlYNkY4dDVCcDk4R01Hbk1vdFlV?= =?utf-8?B?eHk1T1ozbEFJK3pFYTJxZmVEM3lKcFBvNVErT3VZQWtMUmcyTVFEWUJBd2hF?= =?utf-8?B?N1R0dXVWa0IzTXlZYmtFVWkrMTV5WEpYS0plVStjY0tQM3F0NGtJa2U2cnpE?= =?utf-8?B?RmxqdzVBRGYxY0NCZExzb0dWb3hReks0bklJZDJKTFRlbUFkQVRPNGw2bFhi?= =?utf-8?B?dGN4bkpPdzVZUmwxTHhTaEpiRDFRaDdMUmpLTjRweGJHY3lWbUZpUU90R2Rl?= =?utf-8?B?WDREK0tiRis1Z3VOL3FlMVVYb0hpdVZDY0pZZS9BVDFlMVU0WlVWUnhmOTQx?= =?utf-8?B?a1lmbHlybDBFV1NHWHNPWnh6R1RFRm5MQzRUbXdwTTF1TURYTUFPNXBscDN6?= =?utf-8?B?L3RBTHBoMHlZYi9vMTdjaFNMVzRsK2xXNFp6WWJ4czQ0VUZ6NzJxYmdvNjgz?= =?utf-8?B?bm50VkVwd0ZTdTNNLzFyWkJIKzZOMkthQ0o3UVd1Ymt6UWRuZi83QmtFem1Q?= =?utf-8?B?L0xVRnZhUkMvRnVKbm8wZFM1emtKTFJyaE5hdzhmUTc1S3h3b2dndEN3NWxs?= =?utf-8?B?Mm9ZR054c21tYkROTHQ2dXpwc2lXQm5laHE2VlRJeWVPQk05K2x2Y2VCS2xK?= =?utf-8?B?VmM4NU03OGVQcTBFaVFzTUhMQ1RId3p6dWw0UWE5UGt5THljWlU1RDFERWt0?= =?utf-8?B?Q1ZzN3EzaEFPU05Pc05RWEFNVzJTYllBZmdxckdsY1BFNldwSHlXd09XVGRX?= =?utf-8?B?MVhnRC9aYlNZc2ZhNGlmaERkSDI2ZjVSUUNZWnBrZkY4OVlaUW8rWE9hSkN3?= =?utf-8?B?ZU40MnAwajJ5Y3gwVWdCeFhHb2lWdjJSVmdnUkJ3bERhaWpwWE9DMDVQZ2M1?= =?utf-8?B?K2RNRHVlMkZuSnEzWHFPSFdIK3B3T01pQWwwamU5R1JtUjlGamhCYk01eTlU?= =?utf-8?B?cmVZRlY1MHM3TEgvNGlYN0RHczZycm1jWXRnQW9rYzVwd2hNK21TREpKaGhs?= =?utf-8?B?Z0dZbXRZQ2dDbHNMbDlLcWVjN05QQTMxUG1wWlI0czRTRkg5QTFidTFBOEN1?= =?utf-8?B?eENQaHdCQkkvOHpWcUp3YkNDYm41MjNXQXVmbWVlUWkwVnljanh4bmNtanpJ?= =?utf-8?B?TFBycU9OdGhnRjRLYmNtU1VuN1NjT1RQcjY4djF5aFI3VGRoY1ZKRFdzMXRr?= =?utf-8?B?Z2NiUTZjQUJISjJxNjVhbHVuSDVaQ3R5WDZTbUNGcktaUXFpUnVlMUhBQkdj?= =?utf-8?B?QkNWcDFRN3liMHVid2tzZ2JTd3NNS2dUdlluZHZoa1h2aFpLeWxad1c2M1NX?= =?utf-8?B?Q2ZSeUZZcWpWUng2UFRycFhDaTlYU0g1Q3JYRVFuZnFsN2tUN25RWklNZUNu?= =?utf-8?B?OWwvanhNdUdhcVNkYnpWb3lzY1lZeXFTaTMzVTNjaUlkdVBVOVVJWmxXNHZa?= =?utf-8?B?QWs1RHBTbisraExMQ1p0eDhNbVZUZUpvZzd6OVoxOTF5SW5iaTdWUzVseTFv?= =?utf-8?B?ck5ORUMwU01rUkZqRXNmeEg0T3Z1cmRNQ0ptY3NoT2lmeXRoN0pDblhoZG96?= =?utf-8?Q?IT7rxAFYlKN1nR3huSbFERQ=3D?= X-OriginatorOrg: cs.tcd.ie X-MS-Exchange-CrossTenant-Network-Message-Id: 66e4133f-bafc-4845-d814-08d9ffecebd4 X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2022 03:45:28.8594 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6EHw9MqvBMlaHpn8VnpumaL7ytUiRKG9sCL9aXy0F8rZ/Hyux+vz9OR6qs1Zle73 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB7176 Archived-At: Subject: Re: [Secdispatch] ***SPAM**** Re: [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2022 03:45:45 -0000 --------------lpr8kEKEbcaT3HJxYZIsZj6U Content-Type: multipart/mixed; boundary="------------30Le0bjotYBPvT00EHjebSTf"; protected-headers="v1" From: Stephen Farrell To: Jim Zubov , secdispatch@ietf.org, Michael Richardson , Eric Rescorla , Hannes Tschofenig , "anima@ietf.org" , "iotops@ietf.org" Message-ID: Subject: Re: ***SPAM**** Re: [Secdispatch] [Anima] [Iotops] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF) References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost> <22243.1646519268@localhost> <1075E99A-C00A-455E-97E8-2A29BA175F8F@commercebyte.com> In-Reply-To: <1075E99A-C00A-455E-97E8-2A29BA175F8F@commercebyte.com> --------------30Le0bjotYBPvT00EHjebSTf Content-Type: multipart/mixed; boundary="------------Etq7lIqz2gK915AbJJrIdQRa" --------------Etq7lIqz2gK915AbJJrIdQRa Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQooY2F2ZWF0OiBJJ3ZlIHlldCB0byByZWFkIHRoZSBkcmFmdCBidXQgd2lsbC4uLikNCg0K T24gMDcvMDMvMjAyMiAwMzozMCwgSmltIFp1Ym92IHdyb3RlOg0KPiANCj4gDQo+IE9uIE1h cmNoIDUsIDIwMjIgNToyNzo0OCBQTSBFU1QsIE1pY2hhZWwgUmljaGFyZHNvbg0KPiA8bWNy K2lldGZAc2FuZGVsbWFuLmNhPiB3cm90ZToNCj4+IA0KPj4gRXJpYyBSZXNjb3JsYSA8ZWty QHJ0Zm0uY29tPiB3cm90ZToNCj4+PiBJIHByb3ZpZGVkIHNvbWUgY29tbWVudHMgYXQgdGhl IGVuZCBvZiBteSByZXZpZXcuIEJyaWVmbHksIEkgaGF2ZQ0KPj4+IGRvdWJ0cyB0aGF0IHRo aXMgaXMgdGhlIGJlc3QgdGVjaG5pY2FsIGFwcHJvYWNoIGFuZCBzbyBJIHRoaW5rIGlmDQo+ Pj4gd2UgYXJlIHRvIHdvcmsgb24gdGhpcyBwcm9ibGVtIHdlIHNob3VsZCBzdGFydCBieSB3 b3JraW5nIG91dCB0aGUNCj4+PiBwcm9ibGVtIHN0YXRlbWVudCBhbmQgcmVxdWlyZW1lbnRz IGZpcnN0Lg0KPj4gDQo+PiBJIHdvdWxkIGFncmVlIHdpdGggeW91Lg0KPj4gDQo+PiBJbiBw YXJ0aWN1bGFyLCAgSSB0aGluayB0aGF0IFVQblAgb3IgUENQLCBpbiBjb21iaW5hdGlvbiB3 aXRoIHNvbWUNCj4+IGtpbmQgb2YgZHluYW1pYyBETlMgaW5mcmFzdHJ1Y3R1cmUsIGNvdWxk IGRvIGV2ZXJ5dGhpbmcgU05JRiBkb2VzLA0KPj4gYW5kIGRvIGl0IGluIGEgZmFyIG1vcmUg ZGVjZW50cmFsaXplZCBmYXNoaW9uLg0KPj4gDQo+PiBTbyB3aGF0IGlzIGl0IHRoYXQgU05J RiBkb2VzIHRoYXQgaXMgdHJ1bHkgZGlmZmVyZW50Pw0KPiANCj4gDQo+IEkgaGFkIGEgZGlz Y3Vzc2lvbiB3aXRoIEVyaWMgYWJvdXQgaXQuDQo+IA0KPiBTTklGIGNhbiB3b3JrIGZvciBh biBJb1QgZGV2aWNlIGJlaGluZCBOQVQgb3IgZmlyZXdhbGwgdGhyb3VnaCB0aGUNCj4gcmVs YXkuIEZvciBJb1QgZGV2aWNlcyB0aGF0IGhhdmUgYSBjbGVhbiBzdGF0aWMgSVAgaXQncyBw b3NzaWJsZSB0bw0KPiB1c2UgREROUyB0byBkaXJlY3RseSBjb25uZWN0IHRvIHRoZSBkZXZp Y2UgaW5zdGVhZCBvZiB0aGUgcmVsYXkgKG5vdA0KPiBkZXNjcmliZWQgaW4gbXkgZHJhZnQg YnV0IGlzIGZhaXJseSBlYXN5IHRvIGltcGxlbWVudCB0aHJvdWdoIGENCj4gcGVyaXBoZXJh bCBwcm9jZXNzKS4NCj4gDQo+IFJlZ2FyZGluZyB0aGUgY2VydHMsIGEgQ0EsIGZvciBleGFt cGxlIExldCdzIEVuY3J5cHQsIG9wZXJhdGVzIGluDQo+IHRlcm1zIG9mIGEgJ1JlZ2lzdGVy ZWQgRG9tYWluJywgZS5nLiBzb21ldGhpbmcuY29tLCB0aGF0IHlvdSBwdXJjaGFzZQ0KPiBm cm9tIGEgVExELiBSZWdpc3RlcmVkIGRvbWFpbnMgYXJlIG5vdCBmcmVlLCBoZW5jZSBoYXZp bmcgYSB1bmlxdWUNCj4gcmVnaXN0ZXJlZCBkb21haW4gcGVyIGFuIElvVCBkZXZpY2UgaXMg bm90IGFmZm9yZGFibGUgLSBldmVuIGlmIGl0J3MNCj4gJDIveXIgbm9ib2R5J3MgZ29pbmcg dG8gZWF0IHRoYXQgY29zdCwgYW5kIHZlcnkgZmV3IElvVCBlbmQgdXNlcnMNCj4gd2lsbCBi ZSB3aWxsaW5nIHRvIHNldCB1cCB0aGVpciBvd24gYWRkaXRpb25hbCBiaWxsaW5nLiANCg0K VGhlIGFib3ZlIElNTyByZXByZXNlbnRzIGEgcGVzc2ltYWwgdmlldyBvZiB3aGVyZSB3ZSB3 YW50IHRvDQpnby4gRWl0aGVyIHRoZXNlIGRldmljZXMgKGluIHRoZSBob21lKSB3aWxsIGJl IGEgbG9hZCBvZiBjcmFwDQpvciBub3QgKG15IGd1ZXNzOiBtb3N0LCBidXQgbm90IGFsbCwg d2lsbCBiZSBjcmFwKS4gSWYgdGhlcmUNCmFyZSBsYXN0aW5nIG5vbi1jcmFwIGRldmljZSB0 eXBlcyBmcm9tIGRpZmZlcmVudCB2ZW5kb3JzIHRoZW4NCml0J2xsIGJlIHdheSBiZXR0ZXIg KGFsc28gZm9yIHZlbmRvcnMpIHRoYXQgdGhlIGhvdXNlaG9sZGVyDQpoYXMgdGhlaXIgb3du IHBhcmVudCBkb21haW4gZm9yIHRoZSBjb2xsZWN0aXZlLiBZZXMsIGdldHRpbmcNCnRoZXJl IHNlZW1zIGhhcmQgYnV0IHRoYXQncyB3aGVyZSB3ZSBvdWdodCBnby4gKEluIHJlYWxpdHks DQppdCdzIG5vdCB0aGF0IGhhcmQsIGl0IGp1c3QgcmVxdWlyZXMgYSBiaXQgb2YgZm9jdXMg b24gdGhpbmdzDQpiZXlvbmQgdGhlIGN1cnJlbnQgZmluYW5jaWFsIHF1YXJ0ZXIuKQ0KDQpD aGVlcnMsDQpTLg0KDQo+IFRoZXJlZm9yZSwNCj4gaG9zdG5hbWVzIGZvciBpbmRpdmlkdWFs IElvVCBkZXZpY2VzIHNob3VsZCBiZSBzdWJkb21haW5zIG9mIGENCj4gY2VydGFpbiByZWdp c3RlcmVkIGRvbWFpbi4gU2luY2UgYSBDQSBzZXRzIGxpbWl0cyBvbiBBUEkgY2FsbHMgd2l0 aGluDQo+IGVhY2ggcmVnaXN0ZXJlZCBkb21haW4sIGlmIHlvdSBhbGxvdyBJb1QgZGV2aWNl cyB0byByYW5kb21seSBpbnRlcmFjdA0KPiB3aXRoIHRoZSBDQSB5b3Ugc2V0IHlvdXJzZWxm IG9uIGEgcGF0aCB0byBhIERvUy4gU28sIGhhdmluZyBhIENBDQo+IHByb3h5IHRoYXQgbWFp bnRhaW5zIGNvbnRyb2wgb3ZlciB0aGUgRE5TIHpvbmUgYW5kIGludGVyYWN0cyB3aXRoIHRo ZQ0KPiBDQSAod2l0aG91dCBoYXZpbmcgYWNjZXNzIHRvIGFueWJvZHkncyBwcml2YXRlIGtl eXMpIHdoaWxlIGVuZm9yY2luZw0KPiBhbnRpLWFidXNlIHBvbGljaWVzIHNvdW5kcyBsaWtl IGEgZ29vZCBzb2x1dGlvbi4gQXMgZm9yIHRoZSBzZWN1cml0eQ0KPiByaXNrLCBpdCBsaWVz IGluIHRoZSBDQSBjaGFsbGVuZ2UuIEhhdmluZyBhIERETlMgc2VydmVyIGZvciBhIHpvbmUN Cj4gcG9zZXMgc2FtZSByaXNrIGFzIGEgQ0EgcHJveHkgdGhhdCBoYXMgc29sZSBjb250cm9s IG92ZXIgYSBETlMgem9uZSwNCj4gd2l0aCBhZGRpdGlvbmFsIGhlYWRhY2hlcyBhbmQgcmlz a3Mgb2YgREROUyBhdXRoZW50aWNhdGlvbiBmb3IgZWFjaA0KPiBJb1QgZGV2aWNlLiBJZiBh bnlib2R5IGRpc2FncmVlcyBvciBoYXMgc29tZXRoaW5nIHRvIGFkZCAtIHBsZWFzZQ0KPiBj aGltZSBpbi4NCj4gDQo+IA0KPj4gDQo+Pj4+IEhhdmUgdGhlIFNFQ0RJU1BBVENIIGNoYWly cyBwdXQgaXQgb24gdGhlIGFnZW5kYSwNCj4+IA0KPj4+IEkgdGhpbmsgcHV0dGluZyBpdCBv biB0aGUgU0VDRElTUEFUQ0ggYWdlbmRhIHdvdWxkIGJlDQo+Pj4gYXBwcm9wcmlhdGUNCj4+ IA0KPj4gR29vZC4NCj4+IA0KPj4+PiBvciBpcyB0aGVyZSBhbnkgYWdyZWVtZW50IHRoYXQg bWF5YmUgSU9UT1BTIHNob3VsZCBkaXNwYXRjaA0KPj4+PiBpdD8NCj4+IA0KPj4+IEkgdGhp bmsgdGhhdCB3b3VsZCBiZSBhIGJhZCBpZGVhLiBUaGVyZSdzIG5vdGhpbmcgcmVhbGx5DQo+ Pj4gSW9ULXNwZWNpZmljIGhlcmUuDQo+PiANCj4+IFRoZXJlIGlzIG9mdGVuIG5vdGhpbmcg SW9UIHNwZWNpZmljIGFib3V0IG1hbnkgdGhpbmdzLiBUaGVyZSBpcw0KPj4gaG93ZXZlciBh IGNvbW11bml0eSBvZiBwZW9wbGUgd2hvIHVuZGVyc3RhbmQgdGhlIHNldCBvZiB0cmFkZW9m Zg0KPj4gaW4gZGVwbG95aW5nIHN5c3RlbXMgYXQgbGFyZ2Ugc2NhbGUgdGhhdCBoYXZlIG5v IGh1bWFuIGF0IHRoZQ0KPj4gaGVsbS4NCj4+IA0KPj4gLS0gTWljaGFlbCBSaWNoYXJkc29u IDxtY3IrSUVURkBzYW5kZWxtYW4uY2E+ICAgLiBvIE8gKCBJUHY2IEnDuFQNCj4+IGNvbnN1 bHRpbmcgKSBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MgSW5jLCBPdHRhd2EgYW5kIFdvcmxk d2lkZQ0KPj4gDQo+PiANCj4+IA0KPj4gDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXyBTZWNkaXNwYXRjaCBtYWlsaW5nDQo+IGxpc3Qg U2VjZGlzcGF0Y2hAaWV0Zi5vcmcgDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vc2VjZGlzcGF0Y2gNCg== --------------Etq7lIqz2gK915AbJJrIdQRa Content-Type: application/pgp-keys; name="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Disposition: attachment; filename="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB zSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLvCwFwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1cLBcwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5wsDcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuzsFNBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3D40Nd -----END PGP PUBLIC KEY BLOCK----- --------------Etq7lIqz2gK915AbJJrIdQRa-- --------------30Le0bjotYBPvT00EHjebSTf-- --------------lpr8kEKEbcaT3HJxYZIsZj6U Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAmIlf9YFAwAAAAAACgkQWrL68XsXK+rz lQ//avIMunhhHTI1sjJA65QSyE5tUworRlPNtsqRj87Lc9/pGzln67URxOrU74I3KPHK6i0Ji+V9 DdhfnaZGlOvQtod6UgFQ0pe4QV1Id6ja/fzMxkUfwx10tKYu7l0RrLUZTyy3jex78ksuy9ExCrPl +aLsJjd0F1s3hdt7uLZDu1n6fX7xNEUDEyYt0twJ78CMqNUU7JHYLVCCGq+sjO7Q6J+AcnujPPbt Fe2HjaaZffK524EBFi4i7vg0sLMxNIOrzfG0nc6QvzKNc358znSXnD2PAjchohm1CAmJGDekj99R KDyT3AHo4pSTgz6hOEPZDi2leY7YAry75Lim1S7IO820jIv1DUnEXcxWCNADtVnYtoPqnJARoG11 /TnP8Z90E/uP7vAordAEpZWZOhau5iSW5JxpPQ6VnqEQXzQ84d3yd1edFuRDSVzDdO2FKgKt5AUv K7Ny5/s4QZUUBUfZCFdV/5tnAnU9cke4jSyZs9a2MctdPoRpf2CugUuiU1WQ2MC83sqcQ3dGY2WO cv71qsQbrTwz07MFcXDsBMD/Pf+XYCuVGX9oKeoSupwSmJQHwknNKiEMDppqDqti3G1+xoAD7o4a BRq8cxgzZec2ZlnBXxEv8kMi0l+qO1UoSke2VvaeOTVV4n0SQLC4r0oEvBK3exsMXO7M6c4R0Ec0 qGk= =eQMX -----END PGP SIGNATURE----- --------------lpr8kEKEbcaT3HJxYZIsZj6U-- From nobody Wed Mar 9 14:40:08 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A81D83A10E2; Wed, 9 Mar 2022 14:39:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cdUWkXvBE-gt; Wed, 9 Mar 2022 14:39:39 -0800 (PST) Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515503A10E5; Wed, 9 Mar 2022 14:39:35 -0800 (PST) IronPort-SDR: hJq0STXYpMQsY8JSUW36Sr+74J97vL8ips9AnFFLg7Gw8iFopCwfFSfiumbkWHwbsiWacGKjDO 0O5qk87w8TE8auJEiKWmmfmHfZpy6jGnu3NUpilCjaVZ96aI+/19QrA+CB/iNNkwuFwHTH2F4r 2FoVoNYNnw2mCLOaN0ENwER7D9En9MrLma9GAbSsJbT66N2qA2W0/y0m7ylW8GRfeDDMT5uIx6 3qU/VS02nvBDzh++h8okQMSaJPR+oXntcrw/7EqYWaD4om5qHqCsdho1sDQpnCL235VFRdzEKa aWQ= X-IPAS-Result: =?us-ascii?q?A2GqDgAHLCli/xoBYJlaHgEBCxIMQIFPCwKCJn6BVYRVj?= =?us-ascii?q?haCVC4DmzGBLhSBEQMYMQsLAQEBAQEBAQEBCAEqCwwEAQEDBIQ7RQKEJCY2B?= =?us-ascii?q?w4BAgQBAQEBAwIDAQEBAQUBAQYBAQEBAQEFBAICgRiFLzkNQAEBBAsBgwFNO?= =?us-ascii?q?wEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCQUcMMQEBA?= =?us-ascii?q?QECAQEBIQ8BBQgBASwMBAsJFAYCAiYCAicLFw4GAQwGAgEBgwABgmUDDTCSO?= =?us-ascii?q?JsSeoExgQGCCAEBBgQEgTcBE0FIgjcYXIFbAwYJAYEGLAGDEIoYgR83gVVEg?= =?us-ascii?q?RUnD4JEMIEpGgGBXQEBA4Ejg1SCZZV+gS8nA1MURwsfE4EUCwMDOpFhKo1vn?= =?us-ascii?q?3M0B4ISgToFgTUGC4k/lEwGFC6Dc4wshiiQe3BDkz+CUyCMc5ROAYRuAgQCB?= =?us-ascii?q?AUCDgiBaAiCB00kT4JpURkPjiAXg1uFFIVJAnQCNgIGAQoBAQMJjWItgRotg?= =?us-ascii?q?hkBAQ?= IronPort-PHdr: A9a23:RCfXBRxh5QtOXRjXCzPRngc9DxPP8534PQ8Qv5wgjb8GMqGu5I/rM 0GX4/JxxETIUoPW57Mh6aLWvqnsVHZG7cOHt3YPI5BJXgUO3MMRmQFoCcWZCEr9efjtaSFyH MlLWFJ/uX+hNk0AA8fiIVPIq2C07TkcFw+5OQcmTtk= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.90,168,1643670000"; d="scan'208";a="40306610" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Mar 2022 23:39:32 +0100 IronPort-SDR: KeUaWdiq9e/hX+D3GWn58CWeU6FdlRoreWWPxGX6lfN7oITogY1tkEqO0V9EX7mnapn7w51VxW /jtMJpzFboADR4FKqN+M1z8YhqxleWWvA= X-IPAS-Result: =?us-ascii?q?A0BwAABILClimH+zYZlaHQEBAQEJARIBBQUBQAmBPwYBC?= =?us-ascii?q?wEBgVBWflkmVoRUg0sBAYU5hRBdAYF2LgM4AZp4gS4UgREDVAsBAwEBAQEBC?= =?us-ascii?q?AEqCwwEAQGEQkUChCECJjYHDgECBAEBAQEDAgMBAQEBBQEBBQEBAQIBAQUEF?= =?us-ascii?q?AEBAQEBAQEBCRQHBgwTEDsGXgZogU+BYRMLNA1AAQEECwGFcAEBAQECAQEBE?= =?us-ascii?q?BEPAQUIAQEUGAwECwkUBgICJgICJwsHEA4GAQwGAgEBHoJiAYJlAw0gAQEOk?= =?us-ascii?q?jmPNgGBOgKKH3qBMYEBgggBAQYEBIE3ARNBSII3GFyBWwMGCQGBBiwBgxCKG?= =?us-ascii?q?IEfN4FVRIEVJw+CRDCBKRoBgV0BAQOBI4NUgmWVfoEvJwNTFEcLHxOBFAsDA?= =?us-ascii?q?zqRYSqNb59zNAeCEoE6BYE1BguJP5RMBhQug3OMLIYokHtwQ5M/glMgjHOUT?= =?us-ascii?q?gGEbgIEAgQFAg4BAQaBaAiCBk0kT4JpTgECAQINAQICAwECAQIJAQECjh0XA?= =?us-ascii?q?oNZhRSFSQJCMgI2AgYBCgEBAwmNYi2BGi2CGQEB?= IronPort-PHdr: A9a23:oxC2sBAmGj7v7z3nzo7+UyQVYBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MkbTvju89zcPHBX4OwdvYOj4Sebv IronPort-Data: A9a23:bRO18KtyNrScymCsMJTygygB/OfnVDdYMUV32f8akzHdYApBsoF/q tZmKTzUMveIZ2anft8nbom19RtUvJ7QnIBjSlc6+C4wE3hBgMeUXt7xwmUckM+xwm0vaGo9s q3yv/GZdJhcokf0/0zrb/69xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh2dY52YPR7z6l4 LseneWPYDdJ5BYpagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDf3Zw0/Df2VhNrXSq 9AvbF2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/RPjnRa70o1CBYTQURFtGrOrttf8 8livI73e0BxFYbFld1IBnG0EwkmVUFH0KTCPWD5vNyYzwvIaXLxxfVpAkwse4EVkgp1KTgTr rpJd3ZUMUHF3rjpqF64YrEEasALLMTtP8UVu2tjzTbdH949QIyFTb/D+NlY2zk9nIZCEJ4yY uJAMms0Mk2QOnWjPH86F8hhts2H3EPGdgRHrAO+t6YT3zHqmVkZPL/FaoOOI4faFK25hH2wv W/N82XiGhgGP9y3yDeZ/DSrnOCntTjwWZ4OPLy16vAsh0ecrlH/EzVPCAD+8Kb80xHvHosFd AoK/2wl66Yo/VGtTt7zUgf+rHPsUgMgt8R4EP8Ft0a8wYTv/ymQFC82CWZqQ9UrjZpjLdA17 WOhk9TsDD1plbSaT3OB67uZxQ9e3wBJdgfuggdZFWM4D8nfTJIb00uVH4c4eEKhpoypSGioq 9yfhHJm390uYdg3O7KT0X2vvt5BjsGUFUtkuUCOATPgt1kmIpCgIYfu50LS8PBAK4iUVB+Ns RDoevRyDshTXflhdwTXG43h+Y1FAd7eaFUwZnY0TvEcG8yFoSLLQGypyGgWyL1VGsgFYyT1R 0TYpBlc4pReVFPzM/MpM9/pVZxykfS9fTgAahwyRoQTCnSWXFDelByCmWbKgDiFfLUEzvBkZ s/BLa5A815GUf05nFJauNvxIZdxn3tnnjOCLXwK5xiqzKaFb36YUv8LN0GVZeAk6qyfpgjJ4 b5i2ziilH1ivBnFSnCOqeY7dAlWRVBmVcGeg5EGLYarf1s5cEl/UKW56e16JORYc1F9y72gE oeVABEIkTISRBTvdG23V5yUQOi2DMgl8i5jY3BE0JTB8yFLXLtDJZw3L/MfFYTLPsQ6pRKtZ /VaKciGHNpVTTHLp2YUYZXn9dMwbxW3wwyUNjejYD8xcoQmSwGQoo3oeQ7m9S8vCCurtJJi8 uP6iV6BGcIOF1Z4EcLbSPOz1Ffv73ITr+JFWReaKNdkfkixopNhLDb8j6NsLsxVcUfDyzKW2 hy4GxAdoeWR8YY5/MOQ2vKfrpvvHfF3A0xaGGfW9/C6OHCCrGakxIZBVseOfCzcDT+lpv/9O L8Nl/ylaa8JhldHtYZ4Ao1H96Nm6ou9vaJewyRlAG7PMQahBIRgFX/aj8NBgatAm+1CsgysV 0PTodRXNOnbOM7hF1JNdgMpYv7ZjqMPnyXKq/klK0W86jV+4byHVktfJV+AhXUFfrdyNYokx 8YnudIXslDu1EB1b4ze1i0EpX6RKnEgUrk8ss1ICoHcjAd2mEpJZobRC3Or7ZzTOc9ANFImf m2diKbY3O8OnxeZNitsUCGSjK8E38tIphUMxxkMPV2UnNrCiPItmhFcqGxlQgNQxxRB8uRyJ mkyaxwrf/rTpW8wiZgRRX2oFiFAGAadph77xWwPmTCLVEKvTGHMcDAwNOvlEJr1KI6AkuW3J I2l9Vs= IronPort-HdrOrdr: A9a23:Y4ZIBaNUh00FtsBcTyD155DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjztSWUtN9jYgBHpTnmAtj9fZq8z+8J3WB1B9mftWbdyQ6Vxe1ZnPDfKnjbalfDH41mpN ZdmspFeb/N5DFB5K6QimnIcOrIguP3iJxA7d2usUuFJjsaDJ2IgT0JczpzXncGIDWvUvECZe WhD4d81nKdUEVSSv7+KmgOXuDFqdGOvJX6YSQeDxpizAWVlzun5JPzDhDdh34lInly6IZn1V KAvx3y562lvf3+4hjA11XL55ATvNf60NNMCOGFl8BQADTxjQSDYphnRtS5zXsIidDqzGxvvM jHoh8mMcg2w3TNflutqR+o4AXk2CZG0Q6U9XaoxV/Y5eDpTjMzDMRMwahDdAHC1kYmtNZglI pWwmOwrfNsfFz9tRW4w+KNewBhl0Kyr3Znu/UUlWZjXYwXb6IUhZAD/XlSDIwLEEvBmcwa+d FVfYDhDcttABOnhyizhBgt/DXsZAV/Iv6+eDlNhiTPuAIm3kyQzCMjtbgidzk7hdcAoqJ/lp f525RT5cFzp/AtHNBA7cc6ML2K4z/2MFvx2Fz7GyWTKEhAAQOIl6LK X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.90,168,1643670000"; d="scan'208";a="13936181" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Mar 2022 23:39:22 +0100 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15; Wed, 9 Mar 2022 23:39:22 +0100 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (104.47.13.59) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15 via Frontend Transport; Wed, 9 Mar 2022 23:39:22 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RT6ujmRgT9JVxhxT+MP/7EZIbSKImgeyq7rcSIqYGZybCZlq0rT2X0TX4gq8JTiW75zpaSANuZnhx1wS4Ii0doaRgC62xbPniOSoC+t5qePENYQzFWWcZnsoUwLSsbHKbStNfmzG2H7e9nZN8zrbuIkKte6BkOkfO1RVgS/DZuTVTX/OdwPXnOe3dPrglm9Prja2HNrP7dTNtN5/LuUl7vcNXj3nSq8NWlGHHGvFWKjGscyZ+MpR/0COPwN+UNEyqYWNntWt+nD058RORN3d5zHG/RnC8kNxHaxrQ/8+MgHkB19Qy/Qx8Xu6JgOIOJMWIm14wMnX50jetre++j6I5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=shRKD9HYUmiEBeXpUMZu3LA9uuQ3oR9fWy3D2x9ajx0=; b=bSPCBZ26PSWN88JpKgrd7omTzyYIuRVMuiERBf2Nwp6nj662iFzGL9aMAPDWg+9knRRNb+FiE9Z43r6Z45mFAC846E+NYjs9Uw6LwJSiVyCYv0Fjyehu4ABV7+do2CmTI99xP/KBmLEcsxsU+kjglXa/ZAro0UyXdLZmQIABdIBIm3NMk/8zUf7QHJPEsdwxXnrGnguNqzg+KOreupWtZzPc0Czw2K4yLvThgIzD+ORrMm4UXd4Ycv0BwLktA89PZv9vWQ1wA//G0PLZ29wbbSgcvgHMzmCFYdU4cU61nynr+huFQzSS6GiDDjssZzrDljq45fRRw2amUbInbR3kHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=shRKD9HYUmiEBeXpUMZu3LA9uuQ3oR9fWy3D2x9ajx0=; b=dJz7JH9sAis8lxbfela7UeOVOT5Hdla3jjTsCiF3LI25H6BRUmRYjAEn9U+zs+/63YM5QdayOaHGozl3YrM1Y6k9SUpkRYV68lrTMXfWfUpjPTeziZw+s6c9PFvtyxJ8gh7I4kHWYexbDp1SVLTBSDIR7laC/Ex2dkzvUqzu+2o= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de; Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) by AM0P194MB0291.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:62::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.16; Wed, 9 Mar 2022 22:39:20 +0000 Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421]) by DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421%5]) with mapi id 15.20.5038.027; Wed, 9 Mar 2022 22:39:20 +0000 Message-ID: <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> Date: Wed, 9 Mar 2022 23:39:18 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Content-Language: en-US To: , References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> From: Henk Birkholz In-Reply-To: <164583895227.24617.1939040203283436909@ietfa.amsl.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: AM6P191CA0060.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:7f::37) To DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2faac14b-59ee-4d38-406c-08da021da6fd X-MS-TrafficTypeDiagnostic: AM0P194MB0291:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: H3SZhEVvTjzI/Ebo+DJkx7NEhggsxgr/5DeiCVhwWb5i4pnkInQ6fzKarYsOunju1yxXWyQG1jQ61Fxa/kqCijAMwO8Kqftht+VKFBA1fl1qBWmgmkZpZrrDVjgtXHez/yt6p9Ss7upu+ic88DO1kiIzodY6EaR3vkZiPhLn0eOsWh4zGyH1AZ81Qw4W8yWf/kYwVr2fOOKoWtbIPs19bBlpDwRLk1K3e7J7POnrqtA1Fn3ITsCq94fsXKMGBP3y5jc8sBbaMshI8aBmU7Q5hTVyUunCWTarARP8THn1EGR9rVf9buTwPFNHugAbKVfdLWPWpvOQEZj/+9GTf9dTDXVNC9hA1dJpvR3s/dxetc4eb+7RMlF0nHXeoj/BQ3jSH66JmJ9c9GAxHD073+PibQHutJLzSJz84MvaOBEOyE/3BKUaVExFNORWkkxe2m/gfa3LWJEq5oE8FQROhv4+CQih5dsA27jISk9fmDXCgOqSTVAI8IcifVOehsEEdTZImQhf34GcSfEPwaALfGoYt5IeLp6ZJqB2cfSwGv66WHd1Bys6oHTnG0J+0v3sNDcL/j1fYVkgVY28t9O5fhXYZwaaHkX6/AOYtog8u0IYKQSf+VF6eZjY1uyl+zesclD6vuHwiDlkGYLA3kSeQajHuuMGQiDdU+VVk3anirOs92B7cWKajgoLgTOFHPH59PSCCYJgOaKJH0bFY6fMNqdPPvQBJ6eJabIlrVEEjh1yLLHsRJ6hFCwP2mLQyUgeYDBGMG+fy2nNSNm2ySocl3q9MNXDq/Gjthky3Dsf43QxIPxZ/gXUIuHrabv+T8tfF6CEL+I0d1O+SPdl7eyoycB/CTcJO3Ft2ilSs5ynFcTjbeuFDUtwLcXvx47iuVzwI+1S X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2P194MB1709.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(2616005)(52116002)(6512007)(5660300002)(38350700002)(38100700002)(31686004)(26005)(186003)(86362001)(316002)(6506007)(66574015)(31696002)(44832011)(53546011)(2906002)(66946007)(66476007)(966005)(66556008)(6486002)(83380400001)(8676002)(82960400001)(8936002)(508600001)(450100002)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?M25HMW40SjQxSkdaMWtOTnVoZW5WMkJQMjlVeGdjMXd0VFBsMWlhYTdKdk82?= =?utf-8?B?ckVJN3V0NXZtWlBTRVdVaUFERlF2MGNSWWkwU2dXRmN1NFpBNnU2SkZTYzd4?= =?utf-8?B?clRSMjFLZmI4UVpHZENUYVhOUkVkeFpucnJHanROaW9DbGRxWHJKNHp5aVRL?= =?utf-8?B?bElrN09DMURKOXhTQ295bDMyZEtMWmtHcXJzZWxMRmEwb21aRHFld2Q1TE52?= =?utf-8?B?N3RCdTAyeHZPV3UybDgyYmcxaGtKZ2EzWTZRZGt2VStMeDM5OVJZR1lKMWZS?= =?utf-8?B?L3lFSXE5TDBKQUFGNXNYSzYzcW1hQlN1RnE4K05YRHZwQ2Q0U1BKd1FnQm9u?= =?utf-8?B?eVl1OHRSWHlGMkpCaE1VeTZiRjBJZFg0THNYUHFvYkNRUnpRcSt1V0hVbHlF?= =?utf-8?B?RW9qUnVId0c3bmpRci9HRnNjN2JuNUx5aFp1akZsek9QRFc1VDdqV1VmYXlP?= =?utf-8?B?NTR2dmFnMEhZSktzRWZhT1pBL2NBeDlzd1VZd1FEUXFlU0FKYlMxT0xqSUF3?= =?utf-8?B?YVp4eTRFSVYyVmFZQkRMR0Y3MjNBM2dONFZBa2lqQTUyWk1WeTN1WkRsVDFn?= =?utf-8?B?Mk5leTNtSzFNakJqTGpETXZsalVRU1lkR2dPd2wzVHl4K2RxeGFxZzB5eG5T?= =?utf-8?B?dmxOUVhCVkxDbW0yMmJScGpzSFl2NUJoYkdML25XR3V0UUczelhFNUloNGVn?= =?utf-8?B?WmVEK01hSE04b2E1YmpIeC9UOHVwTDBoeUhOeVlYNENyVDdnWTZBNkNxSEMw?= =?utf-8?B?dUEzM2huYTh2RWxGWVcweFp5VGFsQ2c3RG9WcmF3ckkxbWR6ek9ZY01VNXht?= =?utf-8?B?Q1krVW5BbVhqS0lKSEg1YlMxSjZ6dHRyMjdFWjlWalFuKytDMXk3cFJIK0Nn?= =?utf-8?B?S1lZT0tVTHJ2RVJhcTJZNlg1RytIdzdib3hJTk10UCt0VERnU1FidzN4L25R?= =?utf-8?B?WVR4Yk9FUXVPV2xWdzlWUEU1enFYbWpWbDVUQTMvdnIrTDB3SGI4bnBUMitx?= =?utf-8?B?MGFpQTQrM0NUZmtzRTBwSG1EdGxucHAvOS9nZTBzbkdycDJFNEMrT0lvMGty?= =?utf-8?B?MFE2TzJXTkxvZGQ4enhseG15SW1rclA4d3FTU3ZxTjhOMythdGtkMGJ2MklG?= =?utf-8?B?YnNIK2VYOUgxTisrMElCSTlCd2tyaWJyRWNRL0lla1BSaEhUNXovbytmcVc2?= =?utf-8?B?dEpJM3JGR3YvY05wL0FVVjBzZWtRVUNNZVY2MGVTRTNVaitMRzBnMmxTYitX?= =?utf-8?B?eE1uSEUrS1RyZStuQzB1Zk1wZzBPcXhXNjdwNGQ5UWdIMWN2bENpMWpqQ2o0?= =?utf-8?B?WnFwVTB1MW40Q0pHcFpRMGZzNE5EeWtTR1l6V3lvZzJjR2RSZFZ3RTVZYWtz?= =?utf-8?B?dEhIUU9Yek9FaW9XaWJnVzNkcThiSTdnQ3N3MGI5akJUbVY4QUlSRk1vd3J0?= =?utf-8?B?UmRjajQ3YUZxMWpBYUhlRlF1NVRPbUdjVWViNE5VcXJBbS9jWFV5Qmx6N2xE?= =?utf-8?B?bDNRV1NFZHVzMnRKb2ltdmpXanBoOHd4ZWNrUTN1REQ0N0JaNzdMLzVQTFJL?= =?utf-8?B?MG5DSkh1YW5YeU5JWmRKTUsvWE5IVDh5OS9TWlBYaHBESmgrL2kxM0U2dmQ0?= =?utf-8?B?YXRsY2ZmTXJFVVkramYvN3FPdDloc1hnTVhOUDVXMStuYnZNZ3pZdkJrdlNX?= =?utf-8?B?Tk5yN2lyR0NwbmV0Umc2bkRkK0RqTTh5Q0h1RHZyL05nb2lQZm43Vmo4N0dB?= =?utf-8?B?V3kvN00zZkNXbU10QmFkaDBzN2xsNW14REJqQkQ1Q3RhMWRRYTg5QU01ZXh5?= =?utf-8?B?bmVab3dGVExVbk1ZYVNKUC9ZcWptcFRzT0poZE81TFdQYXJPN2ZkbXlMWmtV?= =?utf-8?B?dE9lWFYvR3QzU3lvQmZjUGFRS1MrVnZGT2pyWTZ2cWFvODRNNnJFOFUzT3Y4?= =?utf-8?B?SW93U3kvSUhxcHhiNmh1aENhYlljeXlRdFAyMTJFMlhuOXNqVlVuT0R5aWMy?= =?utf-8?B?Nmh3UzgyYVNLT2U0RHY4eW4rWHpzM1J3N3dmVzVYUTdoR1NabklsbHZKSFZO?= =?utf-8?B?UjlTaHhwdlpkQmNZWkNYVVhmS1IraHppM1NmOFVCRVVoZHRaM0haWnBNdG1G?= =?utf-8?B?OEVFUStscisyUmJyZU5yM0RJUmFzME54REkyY0NiYWRKZU42bERCTHJFNVc2?= =?utf-8?B?SlBGQmFSTzdZUHg5RGN1Q3J5TzB5bjNGZmIyeVBhdWVXdk1xZWhyNVpYL3h5?= =?utf-8?B?Y3Rvd0FNUU5sUnpMd1ZncEdJNnNRPT0=?= X-MS-Exchange-CrossTenant-Network-Message-Id: 2faac14b-59ee-4d38-406c-08da021da6fd X-MS-Exchange-CrossTenant-AuthSource: DU2P194MB1709.EURP194.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2022 22:39:20.6830 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lIBU62sho3pQggGYuDw0JqwDVNEe7Lt2ZMOUA9FvdBMPXK6zFgNbCbERd3Yr1Fc4PelBVbxp4rpTX7EdWInss6AKy9K+DG85b4jJMEayvl0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P194MB0291 X-OriginatorOrg: sit.fraunhofer.de Archived-At: Subject: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2022 22:39:50 -0000 Hi secdispatch, (hi scitt), emerging work on the topic of Supply Chain Integrity, Transparency, Trust has taken some shape recently. The work combines existing IETF building blocks to facilitate useful Internet-based support of global supply chain interoperability. Current contributions focus on the definition of Transparency Services based on Internet technology (using CBOR/CDDL/COSE) to achieve unambiguous, scaleable, and resilient integration with common devops and secops requirements. I'd like to request secdispatch agenda time for two documents that are currently submitted: > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ and > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ These two contributions are in -00 state. Yet, they already address essential requirements, such as, air-gapped validation when being offline, integration of remote attestation, efficient and crypto-agile signing prescriptions for out-of-the-box interoperability, and - in essence - long-long-term guarantees in support of various types of supply chains requirements. We’d be happy to present this emerging work in secdispatch with the goal of discussing whether it might fit into the IETF space and how to progress it together. Viele Grüße, Henk On 26.02.22 02:29, "IETF Secretariat" wrote: > Dear Mohit Sethi, > > The session(s) that you have requested have been scheduled. > Below is the scheduled session information followed by > the original request. > > > secdispatch Session 1 (2:00 requested) > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > Room Name: Grand Park Hall 3 size: 250 > --------------------------------------------- > > > iCalendar: https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics > > Request Information: > > > --------------------------------------------------------- > Working Group Name: Security Dispatch > Area Name: Security Area > Session Requester: Mohit Sethi > > > Number of Sessions: 1 > Length of Session(s): > Number of Attendees: 200 > Conflicts to Avoid: > > > > > People who must be present: > Benjamin Kaduk > Kathleen Moriarty > Mohit Sethi > Paul Wouters > Richard Barnes > Roman Danyliw > > Resources Requested: > > Special Requests: > Please avoid conflict with any Security related BoF. > --------------------------------------------------------- > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch From nobody Fri Mar 11 14:34:08 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BE73A10A4 for ; Fri, 11 Mar 2022 14:34:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.108 X-Spam-Level: X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=ZIdr6vtf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cnw+jISF Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mB4LJ5cR32SU for ; Fri, 11 Mar 2022 14:34:02 -0800 (PST) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32E3E3A109E for ; Fri, 11 Mar 2022 14:34:01 -0800 (PST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 3B3C75C020E; Fri, 11 Mar 2022 17:34:01 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Fri, 11 Mar 2022 17:34:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; bh=Jd6rbpiQeI7pTy gAtlVddiOCeDLTl6YnxWVaCbfguRs=; b=ZIdr6vtfoC1R/gONpBoaOnKENcTK2r N5mIDKKmAzX5Z7xBu1oXBniio2f+O6aZ1mkoJ1Xkszqo5QrpXWFXpICQaKwWVdfT OUr3CrLtleguHdBpNea3q7oeVF+lcf23+u3+oQAwsvs3gfj1HPJ4oq4iuU/+H2iw D7cxtuSlH3QhqMw53n38HGSAw9mliYOElV+LyhG/PgrfQ8VCPDJ5qXtEh0DiwYTk LBwLLd722JF1k+sGbwtqP2wYnHoNG4VLpo01BOqUgYR5Y9erp4TETN5ShvdBVIKk 0eUIzGnZiyupCxFyucaIIgMaVSNNA3WSIF/prYx8sFEQgxk4EStSynKQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=Jd6rbpiQeI7pTygAtlVddiOCeDLTl6YnxWVaCbfgu Rs=; b=cnw+jISF6V1e/mv4KEs8hLdLn8M0fnqhS4beRiYJnRzbfcQ1w29tmHL20 yabbX5/IeTZ4wzpst8mZHM7XEbK3gRnC1lAmZgNjDEOczmcKLIR1wbX2d5j58PW5 kzs39Vzoc+Qv4jM0VoGT5HuwREyvD75a3esCcKu99MAxwogZ/ww39Fpo2B61mEaA o5sBZ/KYn8iwHjOjgEU6/sVcZ1DQWSS2yhj6Z87sOS7xswi+o/j/3bfyRZbcXDRB VrOclbIJEaC7qbtPJ6k+SAgGhiNB8MkhD5Ue6Lkc+v+VMHqJG0aMe75nNZLWJ5TM 2L9ZEED7ULRT6U2+gn83XAic1MUaw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddvvddgudeitdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffgffkfhfvofesth hqmhdthhdtjeenucfhrhhomhepvehhrhhishhtohhphhgvrhcuhghoohguuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuggftrfgrthhtvghrnhepueehkeeltdefte ffteehvdfhffefvdefudeuieeujeevhfdvgeeitefftddvffejnecuffhomhgrihhnpehi vghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 11 Mar 2022 17:34:00 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\)) From: Christopher Wood In-Reply-To: <24889.1646506998@localhost> Date: Fri, 11 Mar 2022 14:33:58 -0800 Cc: secdispatch@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <1C782443-5FDE-4847-8F47-997DDCD0DDE3@heapingbits.net> References: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> <24889.1646506998@localhost> To: Michael Richardson X-Mailer: Apple Mail (2.3693.60.0.1.1) Archived-At: Subject: Re: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 22:34:08 -0000 Hi Michael, Apologies for the delayed reply. Please see inline below. > On Mar 5, 2022, at 11:03 AM, Michael Richardson = wrote: >=20 >=20 > Christopher Wood wrote: >> There are a number of different protocols that require multiple = clients >> to discover a common =E2=80=94 or consistent =E2=80=94 cryptographic = public key for >> use, including: Privacy Pass [1], Oblivious DoH [2], and Oblivious = HTTP >> [3]. Consistency here means that all clients obtain the same view of >> the public key. An inconsistent view can lead to privacy attacks. >=20 >> For example, in Privacy Pass, if an attacker can somehow force a = single >> (set of) client(s) to use a public key that is distinct from all = other >> clients, then the key used effectively partitions the set of clients >> into two buckets, and the size and number of these partitions = influence >> the overall privacy posture of the protocol. >=20 > "somehow" ... such an attacker can substitute any on-path attacker = key. > I don't see how this is distinct from all the other attacks. The problem here is, say, forcing one single client to use key A and all = other clients to use key B. The attacker would then be able to identify = the individual client whenever key A is used. >=20 >> [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ >> [5] = https://datatracker.ietf.org/doc/slides-110-privacypass-key-consistency-an= d-discovery/ >=20 > In reviewing the documents, it seems that it's not "somehow", it's = that the proxy has been > persuaded to collude with a third party. Perhaps that would be better = to say. It=E2=80=99s not clear to me what you mean by "the proxy=E2=80=9D here. = The document doesn=E2=80=99t make any assumption about a proxy. Indeed, = direct discovery a la section 4.1 = (https://datatracker.ietf.org/doc/html/draft-wood-key-consistency-02#secti= on-4.1) involves only client and server. Would you mind clarifying what = you mean? > Perhaps "persuaded" is the wrong term as well, since I think that the = goal is > to defend the proxy against NSLs that would force the proxy to = collude. >=20 > What is needed is a kind of canary such that for clients can detect = when they > are being singled out, and then refuse to operate with that proxy. By > existence of such a mechanism, proxies can effectively render = themselves > useless to such forms of "persuasion". The purpose of key consistency is to give clients a way to ensure they = are not being singled out, not to tell clients when they are being = singled out. These seem like different sides of the same coin, no? Best, Chris >=20 > -- > Michael Richardson . o O ( IPv6 I=C3=B8T = consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide From nobody Fri Mar 11 15:41:19 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5CFF3A133A for ; Fri, 11 Mar 2022 15:41:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.109 X-Spam-Level: X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaYnSo901M8w for ; Fri, 11 Mar 2022 15:41:12 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27CCB3A07A7 for ; Fri, 11 Mar 2022 15:41:11 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CAA6938A1E; Fri, 11 Mar 2022 18:50:44 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id NnmIHOIlKARe; Fri, 11 Mar 2022 18:50:29 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6A48538A16; Fri, 11 Mar 2022 18:50:29 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1647042629; bh=q+gzYNN4zv9O0+65SgGw6D3CHGmLz4PlTbGT/hNVzZM=; h=From:To:Subject:In-Reply-To:References:Date:From; b=lRMePC+w+cQ13WfiCFabWEXqRNU3BbR++qTFG15whTglTMDgYfaClNlV6og8SeeSJ VEltKmqqiGicC2WY5In2Vv27Jj3iGizu/aQrpI3X57bVYOK9EI30PjweEI+ZE335hg T4W+bABf5+zhBolkhTE/Z3tFZ8mWkoq3deAYIyTfGTdulBQAALLw9VuSfMAJAUexxm xd/4+ovQnH2NVmArJ+CujwR8rxvHYcLG52GJjz3LpPjeVPaLJmanrCF6Ca8+M4LwcN 3U8gzIbWpzPHpeWkF4Gpyd8k0jKvpUWOpjcfF442YPNmaAXgDlr+EaXHOdQqew16MP Bv4pOd7N+ZEIw== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D703265E; Fri, 11 Mar 2022 18:40:53 -0500 (EST) From: Michael Richardson To: Christopher Wood , secdispatch@ietf.org In-Reply-To: <1C782443-5FDE-4847-8F47-997DDCD0DDE3@heapingbits.net> References: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> <24889.1646506998@localhost> <1C782443-5FDE-4847-8F47-997DDCD0DDE3@heapingbits.net> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 23:41:17 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Christopher Wood wrote: >> "somehow" ... such an attacker can substitute any on-path attacker k= ey. >> I don't see how this is distinct from all the other attacks. > The problem here is, say, forcing one single client to use key A and > all other clients to use key B. The attacker would then be able to > identify the individual client whenever key A is used. I understand. >>> [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ >>> [5] https://datatracker.ietf.org/doc/slides-110-privacypass-key-con= sistency-and-discovery/ >> >> In reviewing the documents, it seems that it's not "somehow", it's >> that the proxy has been >> persuaded to collude with a third party. Perhaps that would be bett= er to say. > It=E2=80=99s not clear to me what you mean by "the proxy=E2=80=9D her= e. The document > doesn=E2=80=99t make any assumption about a proxy. Indeed, direct dis= covery a > la section 4.1 > (https://datatracker.ietf.org/doc/html/draft-wood-key-consistency-02#= section-4.1) > involves only client and server. Would you mind clarifying what you > mean? Oblivious DoH and Oblivious HTTP involve some kind of intermediary. Maybe calling it a proxy is incorrect, but there is a third party. >> Perhaps "persuaded" is the wrong term as well, since I think that th= e goal is >> to defend the proxy against NSLs that would force the proxy to collu= de. >> >> What is needed is a kind of canary such that for clients can detect = when they >> are being singled out, and then refuse to operate with that proxy. = By >> existence of such a mechanism, proxies can effectively render themse= lves >> useless to such forms of "persuasion". > The purpose of key consistency is to give clients a way to ensure they > are not being singled out, not to tell clients when they are being > singled out. These seem like different sides of the same coin, no? Hard to prove a negative. Easier to give them a way to recognize a positive, I think. Either way, what does the client do when it figures out it has been singled= out? If the goal is to hide in the crowd, then if there is a spotlight on you, better act "normally" right, and not give away that one has figure out one has been found out? The client probably needs to go ahead and pretend it hasn't been singled ou= t, and do some innoculous transactions anyway, right? =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAmIr3gUACgkQgItw+93Q 3WVPlgf8CfUBvFUtlOF4viFZvrpcp0M2n33hBH/dpSgsTfo/QKWrMCCjHwBgL2ew Ned68ptzDoqieRTcY7DdbPpi730p3ENxtYxtYU7Qsx9MSJquoXdJaK8XI6Oq52RW uCSVbX3l4PdAPXttSHPPJCOQ5RTZnxGp4abJCavKLa9eKNpR8Y6TLdx0A26sWtpj Wlr7hEep9kOPMuxnW+WNpy6vNXvA1h7ShGKgZelLNX5Skyu69jM0lgxPQCTpWZiR ZjofvIhIAo15qVNrGEqbbiCInbwj+50vkHT5FdfiV6VRRcxvuOIyfV/1Q+Et9Ogy YTEKfDT29aAc9zqsGEYFwb//u/FEhA== =9I4E -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Mar 11 18:15:23 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7006A3A0E1D for ; Fri, 11 Mar 2022 18:15:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.108 X-Spam-Level: X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=dyDAF+Q2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=XqSVQLIs Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hzsD_46Z_KP for ; Fri, 11 Mar 2022 18:15:16 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40DAF3A0E1C for ; Fri, 11 Mar 2022 18:15:15 -0800 (PST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 4F4925C019C; Fri, 11 Mar 2022 21:15:15 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Fri, 11 Mar 2022 21:15:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; bh=uqhbZ0itvdKpf3 2j6r9kWAx8129Zeeb9iwIoCzhCvsU=; b=dyDAF+Q2yblsnWGC60UezzGSjG+RXx z+7xjmyxrSuPivwFYUGdyb7pZ40zdayhKcUdHlr5V/0oWZqKTk9ho4tvodAZD+nz y0LTgEwQJv6lhw7xy8pq6f8AtUlpO3LDGDsayDYC35i09XMaqBrFLo8N7g27Jpy3 gMFff3oUYpGrPoVuunc1cBKvu6xvGA5iBQG4wCFuao5IiswSB6DAJR6OzSGIFDXx UlGi+CHi3A1nO8mcZ/qJJOumElKGe41H1DlLtbHwwfuycnd+GbMWwB20dsZUD6Ec iPzX+1mFrt1NFkp3cAt9s5pUm9fJCOpMh2KORiNYybnF8mXsjUVBM7wQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=uqhbZ0itvdKpf32j6r9kWAx8129Zeeb9iwIoCzhCv sU=; b=XqSVQLIsI1O+Fj9NRyhUoaC8QPzucn9tzT6UtNdgxeSPd95Iwiu6OBZtf YAaTzfAiJ9RWbsAaia5af19VefCQxqmrzWrusDk4OYowsA4SXMDW4TN3PLbqbk4p Vb7ThF0hsFfpFEB5H18u5uKHnUpwPzVlpuVZEu/XAow18ppgmD46oCPRV9Rh3mEv X38hiF4uuFatAYkWnLx4elgr0g4wNTnjMmYLfVGOOUOOTSMyuQKiJokAxh0b6KSI 4GXLfhoWNazMRuXl++2ls+FG02frSQydPUjflBiGa+6MgtBKl6tDxrKDW6pKhlWV 0YhknGm/ogiwMRfqWUSXxp7w0ne5w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddvfedggedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtggfuhfgjfffgkfhfvffosehtqh hmtdhhtdejnecuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeeuheekledtfeetff ethedvhffffedvfeduueeiueejvefhvdegieetffdtvdffjeenucffohhmrghinhepihgv thhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 11 Mar 2022 21:15:14 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\)) From: Christopher Wood In-Reply-To: <1699.1647042053@localhost> Date: Fri, 11 Mar 2022 18:15:12 -0800 Cc: secdispatch@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <5BB6763B-1057-47DA-A9A5-47A665B6DA9C@heapingbits.net> References: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> <24889.1646506998@localhost> <1C782443-5FDE-4847-8F47-997DDCD0DDE3@heapingbits.net> <1699.1647042053@localhost> To: Michael Richardson X-Mailer: Apple Mail (2.3693.60.0.1.1) Archived-At: Subject: Re: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2022 02:15:22 -0000 > On Mar 11, 2022, at 3:40 PM, Michael Richardson = wrote: >=20 >=20 > Christopher Wood wrote: >>> "somehow" ... such an attacker can substitute any on-path attacker = key. >>> I don't see how this is distinct from all the other attacks. >=20 >> The problem here is, say, forcing one single client to use key A and >> all other clients to use key B. The attacker would then be able to >> identify the individual client whenever key A is used. >=20 > I understand. >=20 >>>> [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ >>>> [5] = https://datatracker.ietf.org/doc/slides-110-privacypass-key-consistency-an= d-discovery/ >>>=20 >>> In reviewing the documents, it seems that it's not "somehow", it's >>> that the proxy has been >>> persuaded to collude with a third party. Perhaps that would be = better to say. >=20 >> It=E2=80=99s not clear to me what you mean by "the proxy=E2=80=9D = here. The document >> doesn=E2=80=99t make any assumption about a proxy. Indeed, direct = discovery a >> la section 4.1 >> = (https://datatracker.ietf.org/doc/html/draft-wood-key-consistency-02#secti= on-4.1) >> involves only client and server. Would you mind clarifying what you >> mean? >=20 > Oblivious DoH and Oblivious HTTP involve some kind of intermediary. > Maybe calling it a proxy is incorrect, but there is a third party. I think there=E2=80=99s still a misunderstanding here. This draft = discusses key consistency that can be _used_ by things like ODoH and = OHTTP since, at the end of the day, key consistency is a separable = problem. In other words, the draft doesn=E2=80=99t assume any particular = protocol in which the key material is used, though the choice of = consistency mechanism one uses may certainly be influenced by the = protocol for which consistency is required. >=20 >>> Perhaps "persuaded" is the wrong term as well, since I think that = the goal is >>> to defend the proxy against NSLs that would force the proxy to = collude. >>>=20 >>> What is needed is a kind of canary such that for clients can detect = when they >>> are being singled out, and then refuse to operate with that proxy. = By >>> existence of such a mechanism, proxies can effectively render = themselves >>> useless to such forms of "persuasion". >=20 >> The purpose of key consistency is to give clients a way to ensure = they >> are not being singled out, not to tell clients when they are being >> singled out. These seem like different sides of the same coin, no? >=20 > Hard to prove a negative. > Easier to give them a way to recognize a positive, I think. Hmm=E2=80=A6 I=E2=80=99m not sure I=E2=80=99m following you. Ensuring = consistency is proving a positive, i.e., that all clients share the same = view of the keying material. (It=E2=80=99s possible we=E2=80=99re saying = the same thing but with different words.) > Either way, what does the client do when it figures out it has been = singled out? That=E2=80=99s up to the client to decide, I think. It could choose to = not use the key for the corresponding protocol, raise some alarms, or = whatever else makes sense for the given application. > If the goal is to hide in the crowd, then if there is a spotlight on = you, > better act "normally" right, and not give away that one has figure out = one > has been found out? >=20 > The client probably needs to go ahead and pretend it hasn't been = singled out, > and do some innoculous transactions anyway, right? As above, what the client does when it cannot guarantee consistency is a = detail left to the relevant application. That said, I think you=E2=80=99re= right in that the client=E2=80=99s behavior =E2=80=94 reactive or not = =E2=80=94 should not lend itself to further privacy problems.=20 Best, Chris >=20 > -- > Michael Richardson . o O ( IPv6 I=C3=B8T = consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide >=20 >=20 >=20 >=20 From nobody Fri Mar 11 18:23:18 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D48E83A00E0 for ; Fri, 11 Mar 2022 18:23:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.906 X-Spam-Level: X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9U6NgYMb3KIJ for ; Fri, 11 Mar 2022 18:23:11 -0800 (PST) Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3421C3A0033 for ; Fri, 11 Mar 2022 18:23:11 -0800 (PST) Received: by mail-il1-x136.google.com with SMTP id b14so7243875ilf.6 for ; Fri, 11 Mar 2022 18:23:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zZJsZVWdQIvYDryveLRD14u6tel3dQPwMtbeR3UY7v8=; b=m6E2DRdqbMQkn1HBzX8mZV/1yXXUUYFv1TNAaR5BVu1EPnhbDvQLspdXOWwyOeylCa JLWCHP4vnYP2MHI+Qc14PoaIbCb2e8m+rM7fWtjBec+vw60InqutQ/x2j2A1Ok7lXa/f MbZfjdUuLvw2AMwxpCJ0PB8Nl3+gv+wOc8k2m0VsqyMgxZYVboS5bIhpg6TF+oktV4nz xERBP0uOcGnKcgQOC/9yTM93Wg9qVSX7dzN0HDjqNb+r/JUJXrKtuO0V2Wi30S1zPg4P YOAoDGQKxxV1Uds9EmnOG9VfF0LlbPDAR3w3nkaHyqBgA0OPcNxnf6kKn8UIDQQFLTg+ UMCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zZJsZVWdQIvYDryveLRD14u6tel3dQPwMtbeR3UY7v8=; b=H7mjpbTFBsm8ot27NTLS6CvDD/DyBywNG0N5F5i/EU+wexNl6NVFiK2CZ82cqzgQva EvtaZxKvdbKx3irQKDrZTHKF6GpEFyExcwPhJEAKx4lUOyZXvem/+m6uig9WmwxuJ7Aj VdIRGsHHYAh2wNDj5CEYljd5n+0hYRSQzU4IMwSHeXWKVieVsSXPlKSi6w+O6/Nt3/DA inqperZlJ2uErlYpsLJq7LwOSXpAkSn361C7+Nv8i9g11KI35/DFQBRv7wx75BGIfXwM fmBhLOTYYX4mFLh2DOSHfSOxQ6EAHIqvURyxhZRLZ1JAHIbjtDjtHcz4ekH0wLAn8wKl l3UQ== X-Gm-Message-State: AOAM532wVxKywYcoCh4H0o9XcTL966UVoDba04nH59hfx+0qbVXZvPKO l0NqgL7ctFNp6ZCsCfojMzvi1APtKCIVTEcV52hntw== X-Google-Smtp-Source: ABdhPJxY6J2hdnqSAZ/YdzWwcYhOoJKyzd1eoDRV5I1xqIyBUMfW8G8f+Cao5O3xVB7mhTYNmIopcotV7xfaBeD7GkM= X-Received: by 2002:a05:6e02:1887:b0:2c2:4311:cc5a with SMTP id o7-20020a056e02188700b002c24311cc5amr10104648ilu.39.1647051790033; Fri, 11 Mar 2022 18:23:10 -0800 (PST) MIME-Version: 1.0 References: <8BB73374-E38C-40A5-A147-F469B8C24D01@heapingbits.net> <24889.1646506998@localhost> <1C782443-5FDE-4847-8F47-997DDCD0DDE3@heapingbits.net> <1699.1647042053@localhost> <5BB6763B-1057-47DA-A9A5-47A665B6DA9C@heapingbits.net> In-Reply-To: <5BB6763B-1057-47DA-A9A5-47A665B6DA9C@heapingbits.net> From: Eric Rescorla Date: Fri, 11 Mar 2022 18:22:34 -0800 Message-ID: To: Christopher Wood Cc: Michael Richardson , IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000df3a7c05d9fc20e7" Archived-At: Subject: Re: [Secdispatch] Dispatching draft on key consistency X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2022 02:23:16 -0000 --000000000000df3a7c05d9fc20e7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Mar 11, 2022 at 6:15 PM Christopher Wood wrote: > > > > On Mar 11, 2022, at 3:40 PM, Michael Richardson > wrote: > > > > > > Christopher Wood wrote: > >>> "somehow" ... such an attacker can substitute any on-path attacker ke= y. > >>> I don't see how this is distinct from all the other attacks. > > > >> The problem here is, say, forcing one single client to use key A and > >> all other clients to use key B. The attacker would then be able to > >> identify the individual client whenever key A is used. > > > > I understand. > > > >>>> [4] https://datatracker.ietf.org/doc/draft-wood-key-consistency/ > >>>> [5] > https://datatracker.ietf.org/doc/slides-110-privacypass-key-consistency-a= nd-discovery/ > >>> > >>> In reviewing the documents, it seems that it's not "somehow", it's > >>> that the proxy has been > >>> persuaded to collude with a third party. Perhaps that would be bette= r > to say. > > > >> It=E2=80=99s not clear to me what you mean by "the proxy=E2=80=9D here= . The document > >> doesn=E2=80=99t make any assumption about a proxy. Indeed, direct disc= overy a > >> la section 4.1 > >> ( > https://datatracker.ietf.org/doc/html/draft-wood-key-consistency-02#secti= on-4.1 > ) > >> involves only client and server. Would you mind clarifying what you > >> mean? > > > > Oblivious DoH and Oblivious HTTP involve some kind of intermediary. > > Maybe calling it a proxy is incorrect, but there is a third party. > > I think there=E2=80=99s still a misunderstanding here. This draft discuss= es key > consistency that can be _used_ by things like ODoH and OHTTP since, at th= e > end of the day, key consistency is a separable problem. In other words, t= he > draft doesn=E2=80=99t assume any particular protocol in which the key mat= erial is > used, though the choice of consistency mechanism one uses may certainly b= e > influenced by the protocol for which consistency is required. > Just to sharpen this point, there are uses of key consistency other than for proxied protocols. For instance, consider the case where you want to amortize the cost of solving a captcha. In this case, the server would force the user to solve the captcha and then issue some number of signed tokens (with some kind of VOPRF or something so that it didn't see the actual token value) which can then be used to avoid the captcha the next time. For obvious reasons, we'd like the same key to be used to compute the VOPRF for each user. > > > >>> Perhaps "persuaded" is the wrong term as well, since I think that the > goal is > >>> to defend the proxy against NSLs that would force the proxy to collud= e. > >>> > >>> What is needed is a kind of canary such that for clients can detect > when they > >>> are being singled out, and then refuse to operate with that proxy. B= y > >>> existence of such a mechanism, proxies can effectively render > themselves > >>> useless to such forms of "persuasion". > > > >> The purpose of key consistency is to give clients a way to ensure they > >> are not being singled out, not to tell clients when they are being > >> singled out. These seem like different sides of the same coin, no? > > > > Hard to prove a negative. > > Easier to give them a way to recognize a positive, I think. > > Hmm=E2=80=A6 I=E2=80=99m not sure I=E2=80=99m following you. Ensuring con= sistency is proving a > positive, i.e., that all clients share the same view of the keying > material. (It=E2=80=99s possible we=E2=80=99re saying the same thing but = with different > words.) > > > Either way, what does the client do when it figures out it has been > singled out? > > That=E2=80=99s up to the client to decide, I think. It could choose to no= t use the > key for the corresponding protocol, raise some alarms, or whatever else > makes sense for the given application. > > > If the goal is to hide in the crowd, then if there is a spotlight on > you, > > better act "normally" right, and not give away that one has figure out > one > > has been found out? > > > > The client probably needs to go ahead and pretend it hasn't been single= d > out, > > and do some innoculous transactions anyway, right? > > As above, what the client does when it cannot guarantee consistency is a > detail left to the relevant application. That said, I think you=E2=80=99r= e right in > that the client=E2=80=99s behavior =E2=80=94 reactive or not =E2=80=94 sh= ould not lend itself to > further privacy problems. > I think in the case I described above, you wouldn't use the token going forward and maybe warn the user. -Ekr > > Best, > Chris > > > > > -- > > Michael Richardson . o O ( IPv6 I=C3=B8T > consulting ) > > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > > > > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000df3a7c05d9fc20e7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Mar 11, 2022 at 6:15 PM Chris= topher Wood <caw@heapingbits.net<= /a>> wrote:
<= br>
> On Mar 11, 2022, at 3:40 PM, Michael Richardson <mcr+ietf@sandelman.ca> wr= ote:
>
>
> Christopher Wood <caw@heapingbits.net> wrote:
>>> "somehow" ... such an attacker can substitute any on= -path attacker key.
>>> I don't see how this is distinct from all the other attack= s.
>
>> The problem here is, say, forcing one single client to use key A a= nd
>> all other clients to use key B. The attacker would then be able to=
>> identify the individual client whenever key A is used.
>
> I understand.
>
>>>> [4] https://datatracker= .ietf.org/doc/draft-wood-key-consistency/
>>>> [5] https://datatracker.ietf.org/doc/slides-110-privacypass-key-consiste= ncy-and-discovery/
>>>
>>> In reviewing the documents, it seems that it's not "s= omehow", it's
>>> that the proxy has been
>>> persuaded to collude with a third party.=C2=A0 Perhaps that wo= uld be better to say.
>
>> It=E2=80=99s not clear to me what you mean by "the proxy=E2= =80=9D here. The document
>> doesn=E2=80=99t make any assumption about a proxy. Indeed, direct = discovery a
>> la section 4.1
>> (https://dat= atracker.ietf.org/doc/html/draft-wood-key-consistency-02#section-4.1) >> involves only client and server. Would you mind clarifying what yo= u
>> mean?
>
> Oblivious DoH and Oblivious HTTP involve some kind of intermediary. > Maybe calling it a proxy is incorrect, but there is a third party.

I think there=E2=80=99s still a misunderstanding here. This draft discusses= key consistency that can be _used_ by things like ODoH and OHTTP since, at= the end of the day, key consistency is a separable problem. In other words= , the draft doesn=E2=80=99t assume any particular protocol in which the key= material is used, though the choice of consistency mechanism one uses may = certainly be influenced by the protocol for which consistency is required.<= br>

Just to sharpen this point, there are u= ses of key consistency other than for proxied protocols. For instance, cons= ider the case where you want to amortize the cost of solving a captcha. In = this case, the server would force the user to solve the captcha and then is= sue some number of signed tokens (with some kind of VOPRF or something so t= hat it didn't see the actual token value) which can then be used to avo= id the captcha the next time. For obvious reasons, we'd like the same k= ey to be used to compute the VOPRF for each user.


>
>>> Perhaps "persuaded" is the wrong term as well, since= I think that the goal is
>>> to defend the proxy against NSLs that would force the proxy to= collude.
>>>
>>> What is needed is a kind of canary such that for clients can d= etect when they
>>> are being singled out, and then refuse to operate with that pr= oxy.=C2=A0 By
>>> existence of such a mechanism, proxies can effectively render = themselves
>>> useless to such forms of "persuasion".
>
>> The purpose of key consistency is to give clients a way to ensure = they
>> are not being singled out, not to tell clients when they are being=
>> singled out. These seem like different sides of the same coin, no?=
>
> Hard to prove a negative.
> Easier to give them a way to recognize a positive, I think.

Hmm=E2=80=A6 I=E2=80=99m not sure I=E2=80=99m following you. Ensuring consi= stency is proving a positive, i.e., that all clients share the same view of= the keying material. (It=E2=80=99s possible we=E2=80=99re saying the same = thing but with different words.)

> Either way, what does the client do when it figures out it has been si= ngled out?

That=E2=80=99s up to the client to decide, I think. It could choose to not = use the key for the corresponding protocol, raise some alarms, or whatever = else makes sense for the given application.

> If the goal is to hide in the crowd,=C2=A0 then if there is a spotligh= t on you,
> better act "normally" right, and not give away that one has = figure out one
> has been found out?
>
> The client probably needs to go ahead and pretend it hasn't been s= ingled out,
> and do some innoculous transactions anyway, right?

As above, what the client does when it cannot guarantee consistency is a de= tail left to the relevant application. That said, I think you=E2=80=99re ri= ght in that the client=E2=80=99s behavior =E2=80=94 reactive or not =E2=80= =94 should not lend itself to further privacy problems.

I think in the case I described above, you wouldn't u= se the token going forward and maybe warn the user.

-Ekr
=C2=A0

Best,
Chris

>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>=C2=A0 =C2=A0. o O ( IPv6 I=C3= =B8T consulting )
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Sandelman Software Works Inc, = Ottawa and Worldwide
>
>
>
>

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000df3a7c05d9fc20e7-- From nobody Sat Mar 12 15:56:22 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96BB03A0C83 for ; Sat, 12 Mar 2022 15:55:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.905 X-Spam-Level: X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O59EFtogG_eS for ; Sat, 12 Mar 2022 15:54:55 -0800 (PST) Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D00993A0C73 for ; Sat, 12 Mar 2022 15:54:54 -0800 (PST) Received: by mail-il1-x132.google.com with SMTP id b14so8528951ilf.6 for ; Sat, 12 Mar 2022 15:54:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MESXRBy/h1vzeC5GMERGEBwPMw1Ce1/0V0/J3322Ml8=; b=Grj0Hzmu3JPgAhO2V9PJND3jtrTYFm/wYpi/HPSUU/IhVzRye306HxTbIsRNawHN46 DYt05huPWdbWXpGAjnsx6uLX7H10FjDc2/gHu3OdlAHgviS1rmV6h9uiy4xHMOkiIzpV R5tHqMDoZLxbpUuwY8dFTsMlsO04nxcgFZe7fQy/ag69cV15kz746WjrXKCBpQmsTysn reJGqB1G5pRFU/7B5n94advfw5E3IQewkDBOFQjtY6FeJECSYknkPPwxJK2yfAEZp2bZ t/onrHRAY12M4V36IYf5LRPdCnZOaoeM4V1UucxTsKeK0zSBULuQVcwTRUWA702AzrQU 5Yhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MESXRBy/h1vzeC5GMERGEBwPMw1Ce1/0V0/J3322Ml8=; b=PqCSzpyaQyM4m/VPA09IYizxoQnUWqnL/JNvjXUsohq7TSQG7kQHcrVd9nBfqfNpL2 fJwpFDfe3/n1TCioNoXGM8D7JltUliB32KECLxNzu3WP+Ky8eLFRqF7EXbPctBmU2qrs XkNPmZkNImGuWn6rl4vV3aCsvh29bD/YgEEGo5T5SbtO1pYOOWiihl8+9qcMdOuhjRxz mvTPpxDpPksCoBXmn2iXE+07EvZ5KonNYX5lYQunwRYo0HIHsyKSDxAGnkWRoM34BUg2 1j/8qkX7m6EKUL5Lbifad8ZzJQ2aQ3QB0DVTWj0nZ3AQuDRslS72/jx+9gKG3SfsIf0Q YdvA== X-Gm-Message-State: AOAM530/iURsFpynMTkpkWvNwxXA8wecIwH3WUn2ZwDpV5Bz+FTX57Qs Jhv7pTqmdgmiI9qX+zGdOb7tTetEdmKjUwdsGgfSKA== X-Google-Smtp-Source: ABdhPJxU8vwh8GueBLL01eCCyhzWacmmulwGX2cBC2iGOQGevkmhHWHBdUA9ac5FAo/bZ7+23dT7IY7BiLGQiStJWFg= X-Received: by 2002:a92:c547:0:b0:2c6:5f91:e87a with SMTP id a7-20020a92c547000000b002c65f91e87amr13456475ilj.10.1647129293678; Sat, 12 Mar 2022 15:54:53 -0800 (PST) MIME-Version: 1.0 References: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai> In-Reply-To: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai> From: Eric Rescorla Date: Sat, 12 Mar 2022 15:54:17 -0800 Message-ID: To: n.lukianets@openethics.ai Cc: art@ietf.org, IETF SecDispatch , DISPATCH , hrpc@irtf.org Content-Type: multipart/alternative; boundary="00000000000072ff2d05da0e2c22" Archived-At: Subject: Re: [Secdispatch] Open Ethics Transparency Protocol X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2022 23:55:03 -0000 --00000000000072ff2d05da0e2c22 Content-Type: text/plain; charset="UTF-8" Leading with the [SEC]DISPATCH questions, I don't think we should do anything here. I would feel differently if there were a significantly stronger showing of general interest and more evidence that this could be practically achieved. I had a fair amount of trouble figuring out what this document was trying to achieve. My best understanding is that this is intended to be a machine-readable description of the data processing practices of a given entity. The current document seems to mix several things: - A mechanism for retrieving these statements via HTTP - A schema for the contents of these statements - A log-based transparency system The details of all of this are fairly thin and I doubt could be implemented interoperably. For instance, here's the section on Immutable storage: Both the signature integrity hash and the Disclosure SHOULD be stored in the log-centric root database and MAY be mirrored by other distributed databases for redundancy and safety. This doesn't seem to define a specific protocol. My primary question is whether this is a good idea. I have two primary concerns: 1. Is there real demand for this? 2. Is it going to work. On the former front, I'd like to hear whether there is a critical mass of sites which would publish this kind of label. AFAICT nobody has jumped in to say so on the thread. That seems like a prerequisite for any IETF activity here. On the latter piece, the main prior art that I am aware of in attempting to provide machine-readable descriptions of this sort is P3P, and I think it's generally agreed that that didn't work out. It's not clear to me that it's really possible to define a sensible taxonomy of this kind of information processing. The description of what goes in the JSON is quite thin and doesn't seem anywhere near detailed enough to understand the information processing that a given entity performs. The label generator linked to in this draft has a bunch of multiple choice questions, e.g., [ ] Open Source Code [ ] Proprietary Source Code Code development and reuse Please describe choices made for development and for use of existing code libraries. First, it's not clear why they are mutually exclusive, as I could use both. Second, it seems like nearly all the interesting information is going to be in the freeform portion, which badly undercuts the whole enterprise. -Ekr On Mon, Jan 31, 2022 at 8:13 AM wrote: > Hi everyone, > Nikita Lukianets from the Open Ethics initiative here. > > I've been working on the mechanisms to enable transparency for data > collection and data processing practices for autonomous systems and > specifically, those powered by machine learning models. Since 2020 I > have started to draft a guiding document to reflect ways disclosures > could be submitted, verified, and exchanged. Eventually, I would like to > see how this work could result in an open standard. > > I've chosen IETF as a home for this work as AI-powered applications are > becoming ubiquitous. Therefore, we should start looking at them from the > internet standard and supply chain perspectives. > There's an emergent need to bring a legally-agnostic and standardized > way to describe these systems from privacy, security, fairness, > datasets, and explainability stances. > > The idea is simple > * Following the example of the food (construction, pharma, electrical > appliance) industry, we need every application to (voluntary) disclose > the "ingredients", e.g. how data is collected and outputs are produced. > * We need to have a standard way (protocol) to represent each disclosure > in human- and machine-readable formats, validate, verify and process > them. > * Complex apps will involve chaining the disclosures for the components > involved. > > > My motivation is to continue the discussion here and get feedback > allowing us to iterate on the protocol. I'd like to bring this > discussion to a relevant group or/and welcome the creation of the new > one, also potentially bringing the conversation to the IETF meeting in > Vienna. > > Below are the links with more info > Article to bring the context, in plain English > > https://lukianets.medium.com/why-algorithmic-transparency-needs-a-protocol-2b6d5098572f > > The IETF I-D > > https://datatracker.ietf.org/doc/draft-lukianets-open-ethics-transparency-protocol/ > > GitHub repo > https://github.com/OpenEthicsAI/OETP > > Thanks a lot for your help and thoughts > > > Nikita Lukianets > Founder, CTO PocketConfidant > Founder Open Ethics initiative > Twitter: @nikiluk > https://fr.linkedin.com/in/nikiluk > Schedule a 30 min call: https://lukianets.com/meet/ > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --00000000000072ff2d05da0e2c22 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Leading with the [SEC]DISPATCH questions, I don't thin= k we should do
anything here. I would feel differently if there were a s= ignificantly
stronger showing of general interest and more evidence that= this could
be practically achieved.


I had a fair amount of t= rouble figuring out what this document was
trying to achieve. My best un= derstanding is that this is intended to
be a machine-readable descriptio= n of the data processing practices of
a given entity. The current docume= nt seems to mix several things:

- A mechanism for retrieving these s= tatements via HTTP
- A schema for the contents of these statements
- = A log-based transparency system

The details of all of this are fairl= y thin and I doubt could be implemented
interoperably. For instance, her= e's the section on Immutable storage:

=C2=A0 =C2=A0Both the sign= ature integrity hash and the Disclosure SHOULD be stored
=C2=A0 =C2=A0in= the log-centric root database and MAY be mirrored by other
=C2=A0 =C2= =A0distributed databases for redundancy and safety.

This doesn't= seem to define a specific protocol.


My primary question is whet= her this is a good idea. I have two primary
concerns:

1. Is there= real demand for this?
2. Is it going to work.

On the former fron= t, I'd like to hear whether there is a critical mass
of sites which = would publish this kind of label. AFAICT nobody has
jumped in to say so = on the thread. That seems like a prerequisite for
any IETF activity here= .


On the latter piece, the main prior art that I am aware of in<= br>attempting to provide machine-readable descriptions of this sort is
P= 3P, and I think it's generally agreed that that didn't work out. It= 's
not clear to me that it's really possible to define a sensibl= e
taxonomy of this kind of information processing.

The descriptio= n of what goes in the JSON is quite thin and doesn't
seem anywhere n= ear detailed enough to understand the information
processing that a give= n entity performs.=C2=A0 The label generator linked
to in this draft has= a bunch of multiple choice questions, e.g.,

=C2=A0 [ ] Open Source = Code
=C2=A0 [ ] Proprietary Source Code

=C2=A0 Code development a= nd reuse

=C2=A0 Please describe choices made for development and for= use of existing code libraries.

First, it's not clear why they = are mutually exclusive, as I could use
both. Second, it seems like nearl= y all the interesting information is
going to be in the freeform portion= , which badly undercuts the whole
enterprise.

-Ekr










On Mon, Jan 31, 2022 at 8:13 AM <n.lukianets@openethics.ai> wro= te:
Hi everyone,=
Nikita Lukianets from the Open Ethics initiative here.

I've been working on the mechanisms to enable transparency for data collection and data processing practices for autonomous systems and
specifically, those powered by machine learning models. Since 2020 I
have started to draft a guiding document to reflect ways disclosures
could be submitted, verified, and exchanged. Eventually, I would like to see how this work could result in an open standard.

I've chosen IETF as a home for this work as AI-powered applications are=
becoming ubiquitous. Therefore, we should start looking at them from the internet standard and supply chain perspectives.
There's an emergent need to bring a legally-agnostic and standardized <= br> way to describe these systems from privacy, security, fairness,
datasets, and explainability stances.

The idea is simple
* Following the example of the food (construction, pharma, electrical
appliance) industry, we need every application to (voluntary) disclose
the "ingredients", e.g. how data is collected and outputs are pro= duced.
* We need to have a standard way (protocol) to represent each disclosure in human- and machine-readable formats, validate, verify and process
them.
* Complex apps will involve chaining the disclosures for the components involved.


My motivation is to continue the discussion here and get feedback
allowing us to iterate on the protocol. I'd like to bring this
discussion to a relevant group or/and welcome the creation of the new
one, also potentially bringing the conversation to the IETF meeting in
Vienna.

Below are the links with more info
Article to bring the context, in plain English
https://lukia= nets.medium.com/why-algorithmic-transparency-needs-a-protocol-2b6d5098572f<= /a>

The IETF I-D
https://datatrack= er.ietf.org/doc/draft-lukianets-open-ethics-transparency-protocol/

GitHub repo
https://github.com/OpenEthicsAI/OETP

Thanks a lot for your help and thoughts


Nikita Lukianets
Founder, CTO PocketConfidant
Founder Open Ethics initiative
Twitter: @nikiluk
https://fr.linkedin.com/in/nikiluk
Schedule a 30 min call: https://lukianets.com/meet/

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--00000000000072ff2d05da0e2c22-- From nobody Sun Mar 13 18:39:08 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E10403A18A3 for ; Sun, 13 Mar 2022 18:38:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.995 X-Spam-Level: X-Spam-Status: No, score=-5.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcastmailservice.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NrlAT3EBiDqE for ; Sun, 13 Mar 2022 18:38:45 -0700 (PDT) Received: from resdmta-c1p-023853.sys.comcast.net (resdmta-c1p-023853.sys.comcast.net [IPv6:2001:558:fd00:56::e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75D163A18A4 for ; Sun, 13 Mar 2022 18:38:44 -0700 (PDT) Received: from resomta-c1p-022589.sys.comcast.net ([96.102.18.236]) by resdmta-c1p-023853.sys.comcast.net with ESMTP id TZc7nL7YiggGOTZfcnNUMX; Mon, 14 Mar 2022 01:38:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20211018a; t=1647221928; bh=ceZb4bYf6mTj2bVaKdtt6wiStJwPhcUQBbh5cQSx4Mo=; h=Received:Received:Received:Received:From:To:Subject:Date: Message-ID; b=ttsGrHuuynuSLKOjuhAsZm5HHZWHv00LPa/hKR3Czj6gKCEEOFOQXWtYqMqbKH375 0U8YMXBvkt6mSxOMFlkmlufQiCmo+IA6T1MRK0iRl6lY6AJwBOKX+o4i6qNEySh8u6 Q+qxx+SRc9opCgg/7GLnSNAb0FaI2D/T8SK7WJQ+f0VjTAHhGKVIgDRqtm795akwyk n3gD4km8muvkgJSTBgM6UC2DuJFGf6lWIv08Sn18U4oJ47djttiA2v8uZIzo1kAEXL r7kcNPBTCiRv94v5uJ+WUG+ioSuo3tKk1jjywjfARsCfq68FwEE0Kqzb5t14mYy4uA oI6ohiqERdV8w== Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4a00:430::c53a]) by resomta-c1p-022589.sys.comcast.net with ESMTPA id TZfTnF2I7GBB2TZfTnhrWx; Mon, 14 Mar 2022 01:38:42 +0000 X-Xfinity-VMeta: sc=0.00;st=legit Received: from hobgoblin.ariadne.com (localhost [127.0.0.1]) by hobgoblin.ariadne.com (8.16.1/8.16.1) with ESMTPS id 22E1ccTK025748 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Sun, 13 Mar 2022 21:38:38 -0400 Received: (from worley@localhost) by hobgoblin.ariadne.com (8.16.1/8.16.1/Submit) id 22E1cbqS025745; Sun, 13 Mar 2022 21:38:37 -0400 X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f From: worley@ariadne.com (Dale R. Worley) To: n.lukianets@openethics.ai Cc: art@ietf.org, secdispatch@ietf.org, dispatch@ietf.org, hrpc@irtf.org In-Reply-To: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai> (n.lukianets@openethics.ai) Sender: worley@ariadne.com (Dale R. Worley) Date: Sun, 13 Mar 2022 21:38:37 -0400 Message-ID: <87fsnlcnz6.fsf@hobgoblin.ariadne.com> Archived-At: Subject: Re: [Secdispatch] [art] Open Ethics Transparency Protocol X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2022 01:38:50 -0000 n.lukianets@openethics.ai writes: > Nikita Lukianets from the Open Ethics initiative here. > > I've been working on the mechanisms to enable transparency for data > collection and data processing practices for autonomous systems and > specifically, those powered by machine learning models. Since 2020 I > have started to draft a guiding document to reflect ways disclosures > could be submitted, verified, and exchanged. Eventually, I would like to > see how this work could result in an open standard. I have feelings which are similar to other respondents. I phrase it that the IETF is not the correct place for this work because the central problem is at the application layer (and possibly above that, at the political layer ... and certainly above that, at the cultural layer): being transparent presupposes a suitable way to describe "data collection and data processing practices" in "disclosures". Once somebody defines a way to represent these disclosures as concrete document objects, then there may be some protocol issues regarding how to "submit, verify, and exchange" them. But that still seems to be more like the presentation layer, how you associate disclosure documents with web sites etc. which they describe, which sounds like a W3C specialty. Dale From nobody Mon Mar 14 10:48:40 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50B043A0EAC; Mon, 14 Mar 2022 10:48:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.107 X-Spam-Level: X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7K_1yiZRLkjP; Mon, 14 Mar 2022 10:48:02 -0700 (PDT) Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 739DE3A0E9A; Mon, 14 Mar 2022 10:48:02 -0700 (PDT) Received: by mail-ua1-x929.google.com with SMTP id 63so6938403uaw.10; Mon, 14 Mar 2022 10:48:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CZbukwNW/dFU1Voju35rVmSlGGkoXR5Wd45xreU5KXE=; b=TMq7RoC6hH1IW8xMKn3ZrihhUHYvxQCvD52ZmZ/o2B5LDRhLSyMJT4dzjigkAnQCcE z1bOsv3cNrQJfhQfiA0nDr8LwaCAvh2PBWas1KlUn0mi4sPOdAJikdWArcXokW5ES9Kp tqwBkWyaMHVfsUFw6rwJtGFmDuOj7ImDHi+IjQcXrEx1GNrmjyu64akMATvEqMJtQYUu 8LQldG0926cRnpjjsiMU4ZAuXQe0BZ2/qRA5boUBeWKgw8lI/cfVnQdj4ahh23cdFrsq b/1Rqn82do5rwGvVb3s/o0kYV6AEb6hCmrILmQyoqCs38MLr8GB6RC+TZvbzzs1jl4ne rYYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CZbukwNW/dFU1Voju35rVmSlGGkoXR5Wd45xreU5KXE=; b=WPleDuoF3RQMxRarbPbJwm70GZQy/igevNaIVclz0i2kNjCG7WekoIqy99UPl+AIb2 8Gh7V3WkNIc3/LblvXXbNAbCMEnbaIhKmb73OgB4BrPnk8746+dKiBcnpb4k6jZGYZ4t CycyrQu27OyzXjwP5pgtlrbyJ8WbS6cQRuep4IR3UDzzWW80iBWrvW3rXkaBj9QjEFP9 W/Y0fJS0yggwPsASXkClb2FOT+HiEh1C2crmVHXfFGponRrw5q4Y4K/4t4g9JtJvZkxG Mo0laqULuNHRK0aod1so9f3VR/A39aS5F6w42ySJVUQ5Jw+3wn0J87oZ/AbPp53w6jn2 Fdqg== X-Gm-Message-State: AOAM53272QQ4PBbmIBGfBZpcA6vCY1o2A1CDU6HksgKcEpiV6WMxbgiz pPuEmBtPtvGWWfRXqnza+t3/UFo8/ADRIS5rx/rsEgIaTvc= X-Google-Smtp-Source: ABdhPJxU6fMyDEVSV6+JNfxlvv3eeEnzicHlfFQyGNEs0oz13Pp8Edj7jb/ATeCSVTyOrdiYftcMjRjqEyaCXdW83NI= X-Received: by 2002:ab0:6192:0:b0:34a:1607:b2fd with SMTP id h18-20020ab06192000000b0034a1607b2fdmr9356467uan.65.1647280081172; Mon, 14 Mar 2022 10:48:01 -0700 (PDT) MIME-Version: 1.0 References: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai> <87fsnlcnz6.fsf@hobgoblin.ariadne.com> In-Reply-To: <87fsnlcnz6.fsf@hobgoblin.ariadne.com> From: Kathleen Moriarty Date: Mon, 14 Mar 2022 13:47:25 -0400 Message-ID: To: "Dale R. Worley" Cc: n.lukianets@openethics.ai, DISPATCH , "gen-art@ietf.org" , IETF SecDispatch , hrpc@irtf.org Content-Type: multipart/alternative; boundary="000000000000157d6905da31483e" Archived-At: Subject: Re: [Secdispatch] [art] Open Ethics Transparency Protocol X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2022 17:48:08 -0000 --000000000000157d6905da31483e Content-Type: text/plain; charset="UTF-8" Greetings! I agree with the prior assessment that this is similar to the Software Bill of Materials work, at least in objectives. That is flexible in terms of what formats will be acceptable (3) to provide a manifest on software and many have selected SPDX, then it's digitally signed (code signing). There's another proposal for this upcoming meeting that will link these for use in supply chain assurance using Remote Attestation. It might be worth reviewing that proposal to look for similarities in addition to reviewing the document from the NTIA on the minimum set of elements for an SBOM. There's a requirement in the US to any organization that sells to the federal government to provide an SBOM related to the US executive order from May 2021. As such, there's traction on this approach already. With that said, EKR also pointed out the proposal in this thread is at the application layer. There may be a possibility for your work to use the standards being adopted that could accelerate your progress. The next part would be to determine if that work requires adoption and further standardization or if the existing formats suffice for what needs to be interoperable. At this point, I don't see a time slot being useful, but please respond with your thoughts if I'm missing something. I hope this is helpful. Thank you, Kathleen co-chair of SecDispatch On Sun, Mar 13, 2022 at 9:39 PM Dale R. Worley wrote: > n.lukianets@openethics.ai writes: > > Nikita Lukianets from the Open Ethics initiative here. > > > > I've been working on the mechanisms to enable transparency for data > > collection and data processing practices for autonomous systems and > > specifically, those powered by machine learning models. Since 2020 I > > have started to draft a guiding document to reflect ways disclosures > > could be submitted, verified, and exchanged. Eventually, I would like to > > see how this work could result in an open standard. > > I have feelings which are similar to other respondents. I phrase it > that the IETF is not the correct place for this work because the central > problem is at the application layer (and possibly above that, at the > political layer ... and certainly above that, at the cultural layer): > being transparent presupposes a suitable way to describe "data > collection and data processing practices" in "disclosures". > > Once somebody defines a way to represent these disclosures as concrete > document objects, then there may be some protocol issues regarding how > to "submit, verify, and exchange" them. But that still seems to be more > like the presentation layer, how you associate disclosure documents with > web sites etc. which they describe, which sounds like a W3C specialty. > > Dale > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > -- Best regards, Kathleen --000000000000157d6905da31483e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Greetings!

I agree with the prior asses= sment that this is similar to the Software Bill of Materials work, at least= in objectives. That is flexible in terms of what formats will be acceptabl= e (3) to provide a manifest on software and many have selected SPDX, then i= t's digitally signed (code signing). There's another proposal for t= his upcoming meeting that will link these for use in supply chain assurance= using Remote Attestation. It might be worth reviewing=C2=A0that proposal t= o look for similarities in addition to reviewing the document from the NTIA= on the minimum=C2=A0set of elements for an SBOM.

= There's a requirement in the US to any organization that sells to the f= ederal government=C2=A0to provide an SBOM related to the US executive order= from May 2021.=C2=A0 As such, there's traction on this approach alread= y. With that=C2=A0said, EKR also pointed out the proposal=C2=A0in this thre= ad is at the application layer. There may be a possibility for your work to= use the standards being adopted that could accelerate your progress. The n= ext part would be to determine if that work requires adoption and further s= tandardization or if the existing formats suffice for what needs to be inte= roperable.

At this point, I don't see a time s= lot being useful, but please respond with your thoughts if I'm missing = something. I hope this is helpful.

Thank you,
Kathleen
co-chair of SecDispatch

On Sun, Mar 13, 2022= at 9:39 PM Dale R. Worley <worley= @ariadne.com> wrote:
= n.lukianets@openethics.ai writes:
> Nikita Lukianets from the Open Ethics initiative here.
>
> I've been working on the mechanisms to enable transparency for dat= a
> collection and data processing practices for autonomous systems and > specifically, those powered by machine learning models. Since 2020 I <= br> > have started to draft a guiding document to reflect ways disclosures <= br> > could be submitted, verified, and exchanged. Eventually, I would like = to
> see how this work could result in an open standard.

I have feelings which are similar to other respondents.=C2=A0 I phrase it that the IETF is not the correct place for this work because the central problem is at the application layer (and possibly above that, at the
political layer ... and certainly above that, at the cultural layer):
being transparent presupposes a suitable way to describe "data
collection and data processing practices" in "disclosures".<= br>
Once somebody defines a way to represent these disclosures as concrete
document objects, then there may be some protocol issues regarding how
to "submit, verify, and exchange" them.=C2=A0 But that still seem= s to be more
like the presentation layer, how you associate disclosure documents with web sites etc. which they describe, which sounds like a W3C specialty.

Dale

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch


--

Best regards,
Kathleen
--000000000000157d6905da31483e-- From nobody Mon Mar 14 11:19:51 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEE63A1C9B; Mon, 14 Mar 2022 11:19:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.964 X-Spam-Level: X-Spam-Status: No, score=-0.964 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=openethics.ai Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9bxlZNNfcmC; Mon, 14 Mar 2022 11:19:31 -0700 (PDT) Received: from nlskm21.hostsila.org (nlskm21.hostsila.org [88.218.28.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEC143A152F; Mon, 14 Mar 2022 11:18:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=openethics.ai; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Cc:To:From:In-Reply-To:Message-ID:Subject:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:References:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=QKAciHHkTAj08qu+SqKhgG/IbKKsy1a3i4o/4jb1PjE=; b=Fq4mRElRf+EnPB4M+Ak/bctlTf LJRWDGAVXXm0lDqh6jwy2U5BiMHDfhxxFxtziK5KW4381ze+Lb2GTabDITT/gbD+fnt9qm/rDppz9 3uMv2CyXH7H+pEXC7CPyiKhcTzUBHKgjXfCVOWIJRlM0cnf73OaCVrMfurbOBmhoEuNqEUsFCGp0P 7gnDYXSAmj3DDsypFp5fZeD/9COWH8UdsCFLUaEaX4yiXvPno6zPUTIl8My+OjCS8HaWD35qpZNbn 79Pay1C+xFRDt6ESPwMz1S7cVw9zBzgjTGdqNCSfv5iq7894/uS0b92/9S1D4JQ7Vi3lR9JChYfq5 mEz9zTzQ==; Received: from [193.93.216.247] (port=41316 helo=[192.168.0.112]) by nlskm21.hostsila.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1nTpGm-005zDH-7P; Mon, 14 Mar 2022 20:18:10 +0200 Date: Mon, 14 Mar 2022 20:18:09 +0200 Message-ID: <6e01731e-1473-4240-843a-5d6b365f1012@email.android.com> X-Android-Message-ID: <6e01731e-1473-4240-843a-5d6b365f1012@email.android.com> In-Reply-To: From: Nikita Lukianets To: Kathleen Moriarty Cc: "Dale R. Worley" , DISPATCH , "gen-art@ietf.org" , IETF SecDispatch , hrpc@irtf.org, Nikita Lukianets Importance: Normal X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - nlskm21.hostsila.org X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - openethics.ai X-Get-Message-Sender-Via: nlskm21.hostsila.org: authenticated_id: n.lukianets@openethics.ai X-Authenticated-Sender: nlskm21.hostsila.org: n.lukianets@openethics.ai X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: Re: [Secdispatch] [art] Open Ethics Transparency Protocol X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2022 18:19:44 -0000 PGRpdiBkaXI9J2F1dG8nPkhpIGV2ZXJ5b25lLDxkaXYgZGlyPSJhdXRvIj5SZWxhdGVkIHRvIHRo ZSBkaXNjbG9zdXJlIGZvcm1hdHMsIHdlIGFyZSBhZG9wdGluZyBNb2RlbCBDYXJkcyBhbmQgRGF0 YSBTaGVldHMgdG8gYSBzaW1wbGUgSlNPTiBmaWxlIGhpZXJhcmNoeSB3aGljaCBjb3VsZCBiZSBw YXJzZWQgYW5kIGNoZWNrZWQgYW5kIGV4dGVuZGVkIHVzaW5nIGFueSBwcm9ncmFtbWluZyBsYW5n dWFnZS4mbmJzcDs8YnI+PC9kaXY+PGRpdiBkaXI9ImF1dG8iPjxicj48L2Rpdj48ZGl2IGRpcj0i YXV0byI+VGhlIGNvcmUgaWRlYSBiZWhpbmQgaXMgbWFraW5nIG1hY2hpbmUtcmVhZGFibGUgYW5k IGh1bWFuLXJlYWRhYmxlIGxhYmVscyBpbnRlcm9wZXJhYmxlIGFuZCB0cnVzdGVkIHRoYW5rcyB0 byBhIGNoYWluZWQgdmFsaWRhdGlvbiBwcm9jZXNzLiBTaW1wbGUgdmlzdWFsIGV4YW1wbGUgZm9y IGl0IGV4aXN0cyBpbiBjcmVhdGl2ZSBjb21tb25zIGdlbmVyYXRvcnMgdGhvdWdoIGhhcyBubyBt YWNoaW5lLXJlYWRhYmxlIGNvbXBvbmVudC4mbmJzcDs8L2Rpdj48ZGl2IGRpcj0iYXV0byI+PGJy PjwvZGl2PjxkaXYgZGlyPSJhdXRvIj5JIGFwb2xvZ2l6ZSBmb3Igbm90IHJlc3BvbmRpbmcgdG8g dGhlIGNvbW1lbnRzLiBTb21lIG9mIHlvdSBtYXkga25vdyB0aGF0IEknbSBjdXJyZW50bHkgaW4g VWtyYWluZSBhbmQgdGhpbmdzIGFyZSwgaG93IGNvdWxkIEkgc2F5IGl0Li4uICJjb21wbGV4Ii4g SSBkb24ndCBoYXZlIHJlbGlhYmxlIGludGVybmV0IGNvbm5lY3Rpb24gdGhlc2UgbGFzdCBkYXlz LCBlc3BlY2lhbGx5IHdoZW4gd2UgaGF2ZSB0byBzdGF5IGF0IHRoZSBib21iIHNoZWx0ZXJzLiZu YnNwOzxicj48L2Rpdj48ZGl2IGRpcj0iYXV0byI+PGJyPjwvZGl2PjxkaXYgZGlyPSJhdXRvIj5J bmRlZWQsIEFwcGxpY2F0aW9uIGxheWVyIHNlZW1zIG1vc3QgdmlhYmxlIG9wdGlvbiBoZXJlIGFu ZCBJIGhvcGUgdGhvc2UgaW50ZXJlc3RlZCBjb3VsZCBqb2luIHRoZSBzZXNzaW9uIGluIGFydC1k aXNwYXRjaCwgd2hpbGUgSSdsbCB0cnkgdG8gbWFrZSBzdXJlIEkgYWRkcmVzcyBwcmV2aW91c2x5 IG1lbnRpb25lZCBjb21tZW50cywgZXNwZWNpYWxseSB0aG9zZSByZWxhdGVkIHRvIGltcGxlbWVu dGF0aW9uIGFuZCBleGFtcGxlcy4mbmJzcDs8L2Rpdj48ZGl2IGRpcj0iYXV0byI+PGJyPjwvZGl2 PjxkaXYgZGlyPSJhdXRvIj5CZXN0LCZuYnNwOzwvZGl2PjxkaXYgZGlyPSJhdXRvIj5OaWtpdGEg THVraWFuZXRzJm5ic3A7PC9kaXY+PGRpdiBkaXI9ImF1dG8iPjxicj48L2Rpdj48ZGl2IGRpcj0i YXV0byI+PGJyPjwvZGl2PjxkaXYgZGlyPSJhdXRvIj48YnI+PC9kaXY+PGJyPjxkaXYgY2xhc3M9 ImdtYWlsX2V4dHJhIiBkaXI9ImF1dG8iPjxicj48ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24g TWFyIDE0LCAyMDIyIDE5OjQ3LCBLYXRobGVlbiBNb3JpYXJ0eSAmbHQ7a2F0aGxlZW4ubW9yaWFy dHkuaWV0ZkBnbWFpbC5jb20mZ3Q7IHdyb3RlOjxiciB0eXBlPSJhdHRyaWJ1dGlvbiI+PGJsb2Nr cXVvdGUgY2xhc3M9InF1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6 MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+PGRpdiBkaXI9Imx0ciI+R3JlZXRpbmdz ITxkaXY+PGJyPjwvZGl2PjxkaXY+SSBhZ3JlZSB3aXRoIHRoZSBwcmlvciBhc3Nlc3NtZW50IHRo YXQgdGhpcyBpcyBzaW1pbGFyIHRvIHRoZSBTb2Z0d2FyZSBCaWxsIG9mIE1hdGVyaWFscyB3b3Jr LCBhdCBsZWFzdCBpbiBvYmplY3RpdmVzLiBUaGF0IGlzIGZsZXhpYmxlIGluIHRlcm1zIG9mIHdo YXQgZm9ybWF0cyB3aWxsIGJlIGFjY2VwdGFibGUgKDMpIHRvIHByb3ZpZGUgYSBtYW5pZmVzdCBv biBzb2Z0d2FyZSBhbmQgbWFueSBoYXZlIHNlbGVjdGVkIFNQRFgsIHRoZW4gaXQncyBkaWdpdGFs bHkgc2lnbmVkIChjb2RlIHNpZ25pbmcpLiBUaGVyZSdzIGFub3RoZXIgcHJvcG9zYWwgZm9yIHRo aXMgdXBjb21pbmcgbWVldGluZyB0aGF0IHdpbGwgbGluayB0aGVzZSBmb3IgdXNlIGluIHN1cHBs eSBjaGFpbiBhc3N1cmFuY2UgdXNpbmcgUmVtb3RlIEF0dGVzdGF0aW9uLiBJdCBtaWdodCBiZSB3 b3J0aCByZXZpZXdpbmcmbmJzcDt0aGF0IHByb3Bvc2FsIHRvIGxvb2sgZm9yIHNpbWlsYXJpdGll cyBpbiBhZGRpdGlvbiB0byByZXZpZXdpbmcgdGhlIGRvY3VtZW50IGZyb20gdGhlIE5USUEgb24g dGhlIG1pbmltdW0mbmJzcDtzZXQgb2YgZWxlbWVudHMgZm9yIGFuIFNCT00uPC9kaXY+PGRpdj48 YnI+PC9kaXY+PGRpdj5UaGVyZSdzIGEgcmVxdWlyZW1lbnQgaW4gdGhlIFVTIHRvIGFueSBvcmdh bml6YXRpb24gdGhhdCBzZWxscyB0byB0aGUgZmVkZXJhbCBnb3Zlcm5tZW50Jm5ic3A7dG8gcHJv dmlkZSBhbiBTQk9NIHJlbGF0ZWQgdG8gdGhlIFVTIGV4ZWN1dGl2ZSBvcmRlciBmcm9tIE1heSAy MDIxLiZuYnNwOyBBcyBzdWNoLCB0aGVyZSdzIHRyYWN0aW9uIG9uIHRoaXMgYXBwcm9hY2ggYWxy ZWFkeS4gV2l0aCB0aGF0Jm5ic3A7c2FpZCwgRUtSIGFsc28gcG9pbnRlZCBvdXQgdGhlIHByb3Bv c2FsJm5ic3A7aW4gdGhpcyB0aHJlYWQgaXMgYXQgdGhlIGFwcGxpY2F0aW9uIGxheWVyLiBUaGVy ZSBtYXkgYmUgYSBwb3NzaWJpbGl0eSBmb3IgeW91ciB3b3JrIHRvIHVzZSB0aGUgc3RhbmRhcmRz IGJlaW5nIGFkb3B0ZWQgdGhhdCBjb3VsZCBhY2NlbGVyYXRlIHlvdXIgcHJvZ3Jlc3MuIFRoZSBu ZXh0IHBhcnQgd291bGQgYmUgdG8gZGV0ZXJtaW5lIGlmIHRoYXQgd29yayByZXF1aXJlcyBhZG9w dGlvbiBhbmQgZnVydGhlciBzdGFuZGFyZGl6YXRpb24gb3IgaWYgdGhlIGV4aXN0aW5nIGZvcm1h dHMgc3VmZmljZSBmb3Igd2hhdCBuZWVkcyB0byBiZSBpbnRlcm9wZXJhYmxlLjwvZGl2PjxkaXY+ PGJyPjwvZGl2PjxkaXY+QXQgdGhpcyBwb2ludCwgSSBkb24ndCBzZWUgYSB0aW1lIHNsb3QgYmVp bmcgdXNlZnVsLCBidXQgcGxlYXNlIHJlc3BvbmQgd2l0aCB5b3VyIHRob3VnaHRzIGlmIEknbSBt aXNzaW5nIHNvbWV0aGluZy4gSSBob3BlIHRoaXMgaXMgaGVscGZ1bC48L2Rpdj48ZGl2Pjxicj48 L2Rpdj48ZGl2PlRoYW5rIHlvdSw8L2Rpdj48ZGl2PkthdGhsZWVuPC9kaXY+PGRpdj5jby1jaGFp ciBvZiBTZWNEaXNwYXRjaDwvZGl2PjwvZGl2Pjxicj48ZGl2IGNsYXNzPSJlbGlkZWQtdGV4dCI+ PGRpdiBkaXI9Imx0ciI+T24gU3VuLCBNYXIgMTMsIDIwMjIgYXQgOTozOSBQTSBEYWxlIFIuIFdv cmxleSAmbHQ7PGEgaHJlZj0ibWFpbHRvOndvcmxleUBhcmlhZG5lLmNvbSI+d29ybGV5QGFyaWFk bmUuY29tPC9hPiZndDsgd3JvdGU6PGJyPjwvZGl2PjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW46 MHB4IDBweCAwcHggMC44ZXg7Ym9yZGVyLWxlZnQ6MXB4IHNvbGlkIHJnYiggMjA0ICwgMjA0ICwg MjA0ICk7cGFkZGluZy1sZWZ0OjFleCI+PGEgaHJlZj0ibWFpbHRvOm4ubHVraWFuZXRzQG9wZW5l dGhpY3MuYWkiPm4ubHVraWFuZXRzQG9wZW5ldGhpY3MuYWk8L2E+IHdyaXRlczo8YnI+CiZndDsg TmlraXRhIEx1a2lhbmV0cyBmcm9tIHRoZSBPcGVuIEV0aGljcyBpbml0aWF0aXZlIGhlcmUuPGJy PgomZ3Q7PGJyPgomZ3Q7IEkndmUgYmVlbiB3b3JraW5nIG9uIHRoZSBtZWNoYW5pc21zIHRvIGVu YWJsZSB0cmFuc3BhcmVuY3kgZm9yIGRhdGEgPGJyPgomZ3Q7IGNvbGxlY3Rpb24gYW5kIGRhdGEg cHJvY2Vzc2luZyBwcmFjdGljZXMgZm9yIGF1dG9ub21vdXMgc3lzdGVtcyBhbmQgPGJyPgomZ3Q7 IHNwZWNpZmljYWxseSwgdGhvc2UgcG93ZXJlZCBieSBtYWNoaW5lIGxlYXJuaW5nIG1vZGVscy4g U2luY2UgMjAyMCBJIDxicj4KJmd0OyBoYXZlIHN0YXJ0ZWQgdG8gZHJhZnQgYSBndWlkaW5nIGRv Y3VtZW50IHRvIHJlZmxlY3Qgd2F5cyBkaXNjbG9zdXJlcyA8YnI+CiZndDsgY291bGQgYmUgc3Vi bWl0dGVkLCB2ZXJpZmllZCwgYW5kIGV4Y2hhbmdlZC4gRXZlbnR1YWxseSwgSSB3b3VsZCBsaWtl IHRvIDxicj4KJmd0OyBzZWUgaG93IHRoaXMgd29yayBjb3VsZCByZXN1bHQgaW4gYW4gb3BlbiBz dGFuZGFyZC48YnI+Cjxicj4KSSBoYXZlIGZlZWxpbmdzIHdoaWNoIGFyZSBzaW1pbGFyIHRvIG90 aGVyIHJlc3BvbmRlbnRzLiZuYnNwOyBJIHBocmFzZSBpdDxicj4KdGhhdCB0aGUgSUVURiBpcyBu b3QgdGhlIGNvcnJlY3QgcGxhY2UgZm9yIHRoaXMgd29yayBiZWNhdXNlIHRoZSBjZW50cmFsPGJy Pgpwcm9ibGVtIGlzIGF0IHRoZSBhcHBsaWNhdGlvbiBsYXllciAoYW5kIHBvc3NpYmx5IGFib3Zl IHRoYXQsIGF0IHRoZTxicj4KcG9saXRpY2FsIGxheWVyIC4uLiBhbmQgY2VydGFpbmx5IGFib3Zl IHRoYXQsIGF0IHRoZSBjdWx0dXJhbCBsYXllcik6PGJyPgpiZWluZyB0cmFuc3BhcmVudCBwcmVz dXBwb3NlcyBhIHN1aXRhYmxlIHdheSB0byBkZXNjcmliZSAiZGF0YTxicj4KY29sbGVjdGlvbiBh bmQgZGF0YSBwcm9jZXNzaW5nIHByYWN0aWNlcyIgaW4gImRpc2Nsb3N1cmVzIi48YnI+Cjxicj4K T25jZSBzb21lYm9keSBkZWZpbmVzIGEgd2F5IHRvIHJlcHJlc2VudCB0aGVzZSBkaXNjbG9zdXJl cyBhcyBjb25jcmV0ZTxicj4KZG9jdW1lbnQgb2JqZWN0cywgdGhlbiB0aGVyZSBtYXkgYmUgc29t ZSBwcm90b2NvbCBpc3N1ZXMgcmVnYXJkaW5nIGhvdzxicj4KdG8gInN1Ym1pdCwgdmVyaWZ5LCBh bmQgZXhjaGFuZ2UiIHRoZW0uJm5ic3A7IEJ1dCB0aGF0IHN0aWxsIHNlZW1zIHRvIGJlIG1vcmU8 YnI+Cmxpa2UgdGhlIHByZXNlbnRhdGlvbiBsYXllciwgaG93IHlvdSBhc3NvY2lhdGUgZGlzY2xv c3VyZSBkb2N1bWVudHMgd2l0aDxicj4Kd2ViIHNpdGVzIGV0Yy4gd2hpY2ggdGhleSBkZXNjcmli ZSwgd2hpY2ggc291bmRzIGxpa2UgYSBXM0Mgc3BlY2lhbHR5Ljxicj4KPGJyPgpEYWxlPGJyPgo8 YnI+Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPgpT ZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3Q8YnI+CjxhIGhyZWY9Im1haWx0bzpTZWNkaXNwYXRjaEBp ZXRmLm9yZyI+U2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+PGJyPgo8YSBocmVmPSJodHRwczovL3d3 dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoIj5odHRwczovL3d3dy5pZXRm Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoPC9hPjxicj4KPC9ibG9ja3F1b3RlPjwv ZGl2PjxiciBjbGVhcj0iYWxsIj48ZGl2Pjxicj48L2Rpdj4tLSA8YnI+PGRpdiBkaXI9Imx0ciI+ PGRpdiBkaXI9Imx0ciI+PGJyPjxkaXY+QmVzdCByZWdhcmRzLDwvZGl2PjxkaXY+S2F0aGxlZW48 L2Rpdj48L2Rpdj48L2Rpdj4KPC9ibG9ja3F1b3RlPjwvZGl2Pjxicj48L2Rpdj48L2Rpdj4= From nobody Wed Mar 16 09:15:41 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D36393A1580 for ; Wed, 16 Mar 2022 09:15:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.129 X-Spam-Level: X-Spam-Status: No, score=-1.129 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TsaG7Txmmx2 for ; Wed, 16 Mar 2022 09:15:34 -0700 (PDT) Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-lo2gbr01on0600.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe15::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 801883A1573 for ; Wed, 16 Mar 2022 09:15:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DGI4T4sljRV4FVXZAd3o31ddA/cscSvonFDQjHpgA/8Uorotnt2kVwHqoPQFZNf29Hp4z0Ii4bW4U2GxMFH1XuEWnrL9SXHaMmh01UnKPBx38vUxESnwT9ZUgXEKlOMPT3J1tLDXj0+exsjSA06ed/r4uDxy+h8uvMvVh3daK5UXOBaupuJUC0Ek2M0UGGqhsLkbklN+cbPhZTGfKO/TAo/ApNxyCihQEnMq1svMhk59dL3z2YIaZzwIF2ZoXI6cfcIY2zZMb+p7dqs9s+GeB8Hdl0Pq8piULqI9BSt2ElktbgOYuug/z13um0ZipeQ7rI12bcspQ56W/t+iHY1Csw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XkS44I88CIWPBDlMaCgtECbwW5YTxkYS3ONgXOTlUuk=; b=NRzejgSPgN8hg4RB3keO4WZuWNfIhbFNeOw+68SA5/cMNoLtjGI7oumqmFGDPk0MZykdEdODpih5Du3eC9qnEQt8c5pkU9iFlKp38lcB2UT3tw/1pPD0sQaYdxozZRZPnrLp6ZLoNqUXmKMPNZPkvBkGuhc/6uIi9D78BZyoNHIXU5GDFQ/xAN5+BrhzxznSlgYS+UAF4sXgfnbi5U8xXoVZaSXJXtYgbbaHBx/DTfDYkKanPXmdAFWDw7+MYN/K1cqfsmgeimQY/qe1B00M1o1Xg7TQsj/8YizAjTGaylkz417wQaA1r46reXqa9GtllJQuY+Px9Akp1tHzOUkK7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XkS44I88CIWPBDlMaCgtECbwW5YTxkYS3ONgXOTlUuk=; b=lSl1MU7SBL7BsrM1viNY0aLl2PdgfDc02kNa7HpgrpkdbilEogG7Is7WdjGKbd+YW4z5iE4BMQj3bec6AMRa52by9YNSS3ztLg8TzxG3tCKyQ2BqQ3exrHBLtBgq3nZ9wXJMjKof6ysIqleJBAlAgRgWVVy6ymy7F8/pntej2x4= Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:103::12) by CWXP265MB2440.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:9d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Wed, 16 Mar 2022 16:15:28 +0000 Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9]) by LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9%5]) with mapi id 15.20.5081.015; Wed, 16 Mar 2022 16:15:28 +0000 From: Andrew Campling To: "secdispatch@ietf.org" Thread-Topic: Request for a slot at the Secdispatch IETF 113 Session Thread-Index: Adg5T/fU+rhG7dE8Srm3FXsRyRsO1A== Date: Wed, 16 Mar 2022 16:15:28 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=419.consulting; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d407d809-b8df-4feb-552d-08da07682fd4 x-ms-traffictypediagnostic: CWXP265MB2440:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OfZLZlvRJ/UAsXjIk2t9L5ZQ8BZn5Qw64lpIYpJl6wBLWQQamBYudALJ0WzdvzGatFeMqCHs7CjHOgniJ53iRNTb/pMdUwsGX40L3jVD5e7RedblFBXeePCoSTe+2sf8pY6BwGK9YWKeepfAaCMTo1FWxzKMSYMep9Yszdv5xQiWdROjIbqWLElLReSOLJRpcKS5JGom0/2nxAqKX4z/sCcZxx9mie2/sbk9xvff2RiAa2ZSDfcBVKOEsVgmrBYBNDjxHJLtigAFjHxSjmct3kQmDlZm7WCyZ/l04qlaM9Me8x4cer5Cqt8ND8x2htw+N+s1GN2TjRR19GL9sSkzKbnV/0APLnHGZKfYSHzZ9lkS0jBIrlsBdfggTfr6gWkVH7sI+6uTiF3Go8PwKdKWwTnWAj/JIn5f11ArI+zFamLzPKkKtzZoRiDnX8lscK1Wb7s+6HgoopcXzPCf4UBCfuxL4DYYB+R6pENDdcBhP9T/CkSfiNoRELTNXralDb5IFp9+3uXo+lfV8NhQJrGaDRtEbZ+Ld1pAhDa9QhP/zdb/9PA/en1kEcCdAaVjGfcgQQTaPZP2WnTd0w45vUOqwGCV8xHVCaxRTKMNltChLFbqIvqa6EGdG1WOnyMOQqguDcQ/qGryWxoNGJWbORKjFH0jxpvlpS+clEZ6GFzFEECar9TsJRYZOKJhvjGktCv5E2q+vhLib8I56vI9n5KFEL4y18zfBkdSJLisPxk0y3U= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(39830400003)(136003)(346002)(376002)(396003)(366004)(38070700005)(30864003)(52536014)(71200400001)(5660300002)(6916009)(8676002)(86362001)(316002)(8936002)(26005)(186003)(66946007)(66556008)(76116006)(66446008)(66476007)(64756008)(7696005)(122000001)(55016003)(9686003)(83380400001)(966005)(33656002)(508600001)(38100700002)(2906002)(44832011)(6506007)(46492015); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?pBm6VfQazUhA1edIRvLjlCVGxaZ9WvwF2OvWGmUVdNN9lwh/iJDAPaNz0QLx?= =?us-ascii?Q?Iq38P5VP0BXAgSlP2VnP3P9XkPE139koMOjEiClLqW942SGbTffcbD+Pi79h?= =?us-ascii?Q?CSfqri6TmMEUSH9qjqXl/ke8H0A0AeeSn4b/mRoLlrUOq0KcnipxTIROXH1m?= =?us-ascii?Q?n9rbR9PgtT/3GMrU3WdT+eotCg0/VgIJWyR/JSQKjQqzLx2p3D7+0iyJs+Hi?= =?us-ascii?Q?Etu1fZi1uLFRbuZlJiYt7Csm88JinDDQoqnD79er5HH9uIHfzqOYyeyPT4VH?= =?us-ascii?Q?0BPlZhk5sAYU8b44GrK9dKdQHjEI5YldeHdbrKgZ8wHJ9UOHecXmdj/uuLPV?= =?us-ascii?Q?FBq/gfAaOo3MdNRG4A+XHHJObHMr4ebEcofcXRM4ccE/YCd8f4xZFozT0lfA?= =?us-ascii?Q?hf0P71rsA1AViuKesF4d7kIrDNxKTppVaYG0fYKP8z4isBD2WWNqVPiRFjWr?= =?us-ascii?Q?OHkoIZo4vtyrP9TbwYAv19GqK89sQ2x7VekbNN0FrDwWQAhGUC47awn5ytt7?= =?us-ascii?Q?duW4wgwCuteA29wnGN9R2BU2nwDGqFdqwiQnixKvK6c8gvIuXXxFv0B3My86?= =?us-ascii?Q?ZyulsJwXLPNEqa38J9gIkEouh+VIRQWoD25RcuvlTsIG9IvTkuw2LbShjVhj?= =?us-ascii?Q?eg1IY6YNBqnSIAkoYvZhXaDpd5zycmExMBSDrQRRqcgtI+YvEbvlHvDazr4h?= =?us-ascii?Q?VVcj0DTB4ovywgLloGSll8xVW1pXRxFwlGVUREiyNoq7Ww1iCQwiYFDIh9X1?= =?us-ascii?Q?zeLD2NSUvGg/S3hG0QebLTdtcBJAFlfzuhIEgOWokKMLHkBwNS4Si5ufHpLS?= =?us-ascii?Q?3PmFn9MxakLrWiTOPHnY5idQ19RwTPBthrTfvhWegN3kxd3x/YSqeolx7/+f?= =?us-ascii?Q?GicxLZxy/SxRvTZ0yIQ49iWqbKoZvXilTMo3Tq2LDVe5cxTunw/SIgC1/Alo?= =?us-ascii?Q?RnGqf2c3J6z1eXXbQ8iHZEp9uZwcq94emssDRR/XRTTtmyXsuQDtYUL3Mlf6?= =?us-ascii?Q?3Arh8qUWbrUKiLXpkY+tHJ05fF2lli1G8KObqarqTAbOF7WqiTT7hIkT1/yy?= =?us-ascii?Q?Zf3TGD2W4opc4tVGC0Hc4fE2Xz5KKjIA6ibpIbVMtCLIZqml2kxNrK/lFqEi?= =?us-ascii?Q?Mq91zgYkKhTQt83OAbI94ocagES7zgCMaur3UPyzvVlXgmDIcxdatGCaan1C?= =?us-ascii?Q?vnOnimqHM2JBN6YFR77fBi9LxBu0sXZYJW+xjaTAsRqhd+jbONwFOOtQzPpT?= =?us-ascii?Q?iT66SOoqwPO594wZvmsXx5gyGJGgnaSpwVZP2pnLItRWjPslz805lYbIYQ6k?= =?us-ascii?Q?lT3cI9wsKuHluyZfdgl9gFQOrk0Agt4O5l6AT5jAyPjL9UbN9eA6k2KVcII+?= =?us-ascii?Q?U6LUaUIeYR3BK8FUbgHq+SBAotRpnqKXTaC9XNHny1qOPtnkOcPSXb4SWx/D?= =?us-ascii?Q?ToLq1OZ2ilN7bmgNBFc5CpwkiTfvVd3MFSHpPAx0wUwux4q174uyBQ=3D=3D?= Content-Type: multipart/alternative; boundary="_000_LO3P265MB209260DA72D1A8383FD64BBAC2119LO3P265MB2092GBRP_" MIME-Version: 1.0 X-OriginatorOrg: 419.consulting X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: d407d809-b8df-4feb-552d-08da07682fd4 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2022 16:15:28.6159 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2Q38FngwiAqIS5WvGLiheWDduwBWuxJVs6F7AFLqD9Z1AqciprIewCS3No1oPJzmkThOGfEwLuory3TiMlg1NIhFKzzffEOixWySQ9f0Tqo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP265MB2440 Archived-At: Subject: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2022 16:15:39 -0000 --_000_LO3P265MB209260DA72D1A8383FD64BBAC2119LO3P265MB2092GBRP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I would like to request some time to dispatch draft-campling-ech-deployment= -considerations at IETF 113. The draft is intended to inject add= itional detail about deployment considerations relating to Encrypted Client= Hello by including observations on current use cases for SNI data in a var= iety of contexts. In the spirit of RFC 8890, we believe that end-user need= s to be taken into account in protocol development and we hope that this do= cument is one small step in that process. Andrew --_000_LO3P265MB209260DA72D1A8383FD64BBAC2119LO3P265MB2092GBRP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
I would like to request some time to dispatch draft-campling-ech-deployment-considerations at IETF 113.  The draft is intended to inject additional detail about deployment considerations relati= ng to Encrypted Client Hello by including observations on current use cases= for SNI data in a variety of contexts.  In the spirit of RFC 8890, we= believe that end-user needs to be taken into account in protocol development and we hope that this document is one = small step in that process. 
 <= /div>
 <= /div>
Andrew
&nb= sp;
 <= /div> --_000_LO3P265MB209260DA72D1A8383FD64BBAC2119LO3P265MB2092GBRP_-- From nobody Wed Mar 16 12:44:32 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 341D93A08C8 for ; Wed, 16 Mar 2022 12:44:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.106 X-Spam-Level: X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9UFld1t0uRZ for ; Wed, 16 Mar 2022 12:44:26 -0700 (PDT) Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A36303A089C for ; Wed, 16 Mar 2022 12:44:25 -0700 (PDT) Received: by mail-qt1-x834.google.com with SMTP id i4so2711230qti.7 for ; Wed, 16 Mar 2022 12:44:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:content-transfer-encoding:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=h/pdDXE6mpdhZl3AMQf0m0Myhg/xz+r/QFd86xKYiC4=; b=lhvSG8jnL8XB85CTaRn8OXzMfG8WqPqPIPTBBNenky2iYsNSDTsPHZ9crsWROF0dpT r05iBGHu59ssXBEjzfku4jmP4eK2Xfp4to6PeYOzG2W1KSuTwS5gSQrLnUU/HbB0duv7 Ti13EI5y1jcfXfQF1jbiYmYgfXW+tD8cXf38AgJDqnzrgT8YI0EcqaHmmfgDauHBd/ca pGD7YsSSdoeiFHKgM31zYQ6q9lNTCQ+zOe0uvInzX7zcZ4XEHkdICGRniCqHcKU11EG6 kG4MN7cMIzpXtgHRMq+Bo5EK6J9M1EcsJTmiPRKj0OQ6Sp4SycS6Vd/DzsG4xF+4SMpH T73g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=h/pdDXE6mpdhZl3AMQf0m0Myhg/xz+r/QFd86xKYiC4=; b=Rs+rF3rmbcZooVEt4rpnztwet5om+hyC9pxjJlqtEzVbuYkPpix2IuHtpTYB6nG0Lw Fc59i927Tqg6e5zVUwZTunTvY0x8RxJ8dol+LWUadHMJt6oV9LhRKuK++33L2Pft6fCB 7BycJpEbVj8tq42e8qv1jOJpsTHzMojvLWByIBlKZYGRM8xEzsfjKEIF21V0Pi1RRMDz sIAks9tiwL8VBv1gnVnyk6X9BN/mruv9JE6BYsqCuDQuAFdFlNsxMMFEL8kG4JwB6pgM Z4Tu/W4X2rOZAuZO93/5Xm4l6eOyOxEm6ioWkmIPQ2tlZO5KGpkEn+qlUco3lu1YufZE jyHw== X-Gm-Message-State: AOAM533wy8fp+OXHrDGTBFNAiEyA82nJD41v/ly5wnow+VmjSB4Xthzh xw/qRV2lpuwRdjukLHCcF1cwYJo/nim4Vw== X-Google-Smtp-Source: ABdhPJwxetW2gwQuJlFSOZHOc0ogDvd0syt6i05yE2Pi1Vf8j6cKA5zGKjh78hdxWC8VT7mw90J/iA== X-Received: by 2002:ac8:58c5:0:b0:2e1:cca9:b3f3 with SMTP id u5-20020ac858c5000000b002e1cca9b3f3mr1272463qta.100.1647459863934; Wed, 16 Mar 2022 12:44:23 -0700 (PDT) Received: from smtpclient.apple (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id k1-20020ac85fc1000000b002e1c6420790sm1966955qta.40.2022.03.16.12.44.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 16 Mar 2022 12:44:23 -0700 (PDT) From: Kathleen Moriarty X-Google-Original-From: Kathleen Moriarty Content-Type: multipart/alternative; boundary=Apple-Mail-367CD0A5-E8E7-4296-90E7-F40839E9BBEA Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) Date: Wed, 16 Mar 2022 15:44:22 -0400 Message-Id: <68004738-4DE5-4D20-8B3D-FE3026FE2F7B@gmail.com> References: Cc: secdispatch@ietf.org In-Reply-To: To: Andrew Campling X-Mailer: iPhone Mail (19D52) Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2022 19:44:31 -0000 --Apple-Mail-367CD0A5-E8E7-4296-90E7-F40839E9BBEA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thank thank, Andrew. Per your message to SecDispatch chairs, I=E2=80=99ll put you on the agenda. I= think we have 3 requests and I=E2=80=99ll try to post an agenda soon (tonig= ht). Best regards, Kathleen=20 Sent from my mobile device > On Mar 16, 2022, at 12:15 PM, Andrew Campling wrote: >=20 > =EF=BB=BF > I would like to request some time to dispatch draft-campling-ech-deploymen= t-considerations at IETF 113. The draft is intended to inject additional de= tail about deployment considerations relating to Encrypted Client Hello by i= ncluding observations on current use cases for SNI data in a variety of cont= exts. In the spirit of RFC 8890, we believe that end-user needs to be taken= into account in protocol development and we hope that this document is one s= mall step in that process.=20 > =20 > =20 > Andrew > =20 > =20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch --Apple-Mail-367CD0A5-E8E7-4296-90E7-F40839E9BBEA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thank thank, Andrew.

Per= your message to SecDispatch chairs, I=E2=80=99ll put you on the agenda. I t= hink we have 3 requests and I=E2=80=99ll try to post an agenda soon (tonight= ).

Best regards,
Kathleen 

Sent from my mobile device

On Mar 16, 2022, at 12:15 PM, Andrew Campling <andrew.c= ampling@419.consulting> wrote:

=EF=BB=BF =
I would like to request some time to dispatch draft-campling-ech-deployment-considerations at IETF 113.  The draft is intended to inject additional detail about deployment considerations relatin= g to Encrypted Client Hello by including observations on current use cases f= or SNI data in a variety of contexts.  In the spirit of RFC 8890, we be= lieve that end-user needs to be taken into account in protocol development and we hope that this document is one s= mall step in that process. 
 
 
Andrew
&nbs= p;
  _______________________________________________
Secdis= patch mailing list
Secdispatch@ietf.org
http= s://www.ietf.org/mailman/listinfo/secdispatch
<= /div>= --Apple-Mail-367CD0A5-E8E7-4296-90E7-F40839E9BBEA-- From nobody Wed Mar 16 18:02:00 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 688513A152D for ; Wed, 16 Mar 2022 18:01:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.107 X-Spam-Level: X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KR_QK-NV01cl for ; Wed, 16 Mar 2022 18:01:53 -0700 (PDT) Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99F013A0FC0 for ; Wed, 16 Mar 2022 18:01:53 -0700 (PDT) Received: by mail-pl1-x632.google.com with SMTP id e13so3208742plh.3 for ; Wed, 16 Mar 2022 18:01:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AOm8yj3I4AXiGVb6wyeip4Sb5GSwQQSiNjHx2FxdD1s=; b=jpEIdjxGGUaxjIaObWfR5j23MDGR0nmytqU8YzHhVPloOSYF+EWeHnLXFqrmNkxcEH dz+zHtz2lMQpQIByR7/tdOTCO//5yZp4FPFFTTmF+cEroy9aPzWzkJBFe8CACJ9eHFxe HlzKiXUsuKzCDpSq6DNts7n3oHT+/mgapk5MI6GIXWSgciEM2U2S7GU5Nyyo3yZAg9lR e6FrwhMGEWyYI9AO29xDvC6KMaHPNWfWwe49M/fW+dS7hszTnh7kJHJlW2+o2stRH68S Zqt79dTFWBaUPsyDJR7RxRnBuoFqDuusbI+tIL9OSFPO+oBvA2CB8DoXoFMh/W2sUtKB /ISA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AOm8yj3I4AXiGVb6wyeip4Sb5GSwQQSiNjHx2FxdD1s=; b=U+WyTz2ZxMWM5ovkHxSDudTxGj83TQV6Y04prY2hmc3NMI/OlKV0jMqIoJCDuRiFBY MlwR8r5MI85Yw+X8l113IsGl+eRtAXaui4nLgAM5ubaS8JNzPsbG0ZRYjvkHV/9Nf6By TtCHfb6P/CJWQtT01fgd6vsaNzq3QEh5Xhnv9SbzGE7Lr89bwmHZYtk/rTxeDqcfp7n1 CbTJtLgIFYR247HxpbuDfycgw1uWmP9sx6LqVdVUuQcWkWkSU9mSKgovidEmcPL6INXW xxuNvNgc/1SN8QCaixQeBfHckkDeku1uyhaSF965Mlm1XNM1wL0mybz1By/Ofux9Hx1I FH1w== X-Gm-Message-State: AOAM533VE7GkLL7gWU5mT7mUefEdCYaIuryWCHXsKEWPNh66jBsfzwfo TIMRC4ZBRi3qzG6RD4flyQeWxW/p+B5CqwUEINHwoB/loTo= X-Google-Smtp-Source: ABdhPJx1+t4qI2o9gyB7/I9bxci5C5IP53PHO7ohSC2dwI+xaM6kvmcpnjQOQ7tjYwVc4OAZtTYLG/TAQZrrpzKOFpw= X-Received: by 2002:a17:90a:ea83:b0:1bc:2cb6:78e0 with SMTP id h3-20020a17090aea8300b001bc2cb678e0mr2544945pjz.20.1647478912150; Wed, 16 Mar 2022 18:01:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: David Schinazi Date: Wed, 16 Mar 2022 18:01:40 -0700 Message-ID: To: Andrew Campling Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="00000000000055719705da5f9313" Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 01:01:59 -0000 --00000000000055719705da5f9313 Content-Type: text/plain; charset="UTF-8" Hi Andrew, (I'm writing as an IAB member, but not representing the IAB) Your understanding of IAB document RFC 8890 is incorrect. Encrypting the TLS Client Hello is performed to protect end users. In particular, it is an example of Section 4.2 "Creating User-Focused Systems" as it brings control over information sharing closer to the end users. Additionally, ECH was the product of Section 4.3 "Identifying Negative End-User Impact" as we have seen abuse of user information caused by networks observing the SNI. That section additionally references RFCs 7258 and 7624 which clearly lay out the dangers of cleartext information and the user benefit of encryption. If you'd like more information on the IAB's position on this topic, we also released the following statement: < https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/>. You're welcome to raise your concerns about ECH, but they are in the opposite of the spirit of RFC 8890. Let's discuss your draft at secdispatch, but I can't imagine it progressing with such a clear misunderstanding of RFC 8890. Thanks, David On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling wrote: > I would like to request some time to dispatch > *draft-campling-ech-deployment-considerations* > > at IETF 113. The draft is intended to inject additional detail about > deployment considerations relating to Encrypted Client Hello by including > observations on current use cases for SNI data in a variety of contexts. > In the spirit of RFC 8890, we believe that end-user needs to be taken into > account in protocol development and we hope that this document is one small > step in that process. > > > *Andrew* > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --00000000000055719705da5f9313 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Andrew,

(I'm writing as an IAB m= ember, but not representing the IAB)

Your understa= nding of IAB document RFC 8890 is incorrect. Encrypting the TLS Client Hell= o is performed to protect end users. In particular, it is an example of Sec= tion 4.2 "Creating User-Focused Systems" as it brings control ove= r information sharing closer to the end users. Additionally, ECH was the pr= oduct of Section 4.3 "Identifying Negative End-User Impact" as we= have seen abuse of user information caused by networks observing the SNI. = That section additionally references RFCs 7258 and 7624 which clearly lay o= ut the dangers of cleartext information and the user benefit of encryption.= If you'd like more=C2=A0information on the IAB's position=C2=A0on = this topic, we also released the following statement: <https:= //www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/>= .

You're welcome to raise your concerns about = ECH, but they are in the opposite of the spirit of RFC 8890. Let's disc= uss your draft at secdispatch, but I can't imagine it progressing with = such a clear misunderstanding of RFC 8890.

Thanks,=
David

On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling <a= ndrew.campling@419.consulting> wrote:
I would like to request some time to dispatch draft-campling-ech-deployment-con= siderations at IETF 113.=C2=A0 The draft is intended to inject additional detail about deployment considerations relati= ng to Encrypted Client Hello by including observations on current use cases= for SNI data in a variety of contexts.=C2=A0 In the spirit of RFC 8890, we= believe that end-user needs to be taken into account in protocol development and we hope that this document is one = small step in that process.=C2=A0
=C2=A0
=C2=A0
Andrew
=C2= =A0
=C2=A0
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--00000000000055719705da5f9313-- From nobody Thu Mar 17 01:38:51 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E3843A0D42 for ; Thu, 17 Mar 2022 01:38:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.129 X-Spam-Level: X-Spam-Status: No, score=-6.129 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tS3mKY_ooej for ; Thu, 17 Mar 2022 01:38:44 -0700 (PDT) Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-cwlgbr01on0613.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe14::613]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E7A53A0D35 for ; Thu, 17 Mar 2022 01:38:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZTUf+07J/5F3xvwLp0m2LmFzTeZvXYeIZLoinGwjtaLlB8wG6gmfQv9C92oEWgrmvKVRWVrlNOJAL0p9T8N1k40e5wPrLr7JrO+XNoUpS15yCUcFO7cJ6ie1nY82ponY+zt6b9jaNHifoqtIaEJkFJiNRs9Xd3ZMuqVwr2MLuSiEvD/uA85IxkHOr0iEnOQmZU1htk4mDaW5vDEnWed+YdKWjSUF6bP/IOV3gdgIpo6IELX4XTJuvY2deLCfLs64tQ0ezeM4r3bDqwOq3cyNKmFGCcfZBIF6OV6LiWThPekAibZLO3yhXpbH1Y6Rzreb0h/MWQmAMvfv9Yu0EAzN9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kE8d7oRjUb1De9amvks/o3FlnYkVbloRjl1KwM03u68=; b=TAFAEiyqyXvaTY1q0bT917Q17+XnERqh2gLKReUit5judf4JM2FS8mzDxRoz4fGcccwTFnBciqTKojTn+FCisrAznP8pGO1iqPbaIUdTlGGhVlBf8RcIHTkKBneZZs3rsvzFpexlXpxl8BeLbtR2fWCIYKmQohHgr8sleep1g7N4sm2yCw3q0rHHHyZfYK7nNNkxZgahIlFM0E5VDz7JWKntdO12eVIRFZXQqZIzihQdcgFi38c76RLqDlGEK/b+VNfU3kQRcYQsZWyZxSGOvXq0fiqklmWbt26fZK1hk2y87cBbBb1lWk9ZOxGuKNlsLkOBdUjd8r815vOGyE12cQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kE8d7oRjUb1De9amvks/o3FlnYkVbloRjl1KwM03u68=; b=SGg9rfCf5DSGiNFANzX4yidxjR5N2TkRfWb0uhQNQ2xPOa+Iao0Ng7bZDvcARslDj6WGj2RQSc3xKNlDO6NPEJHCgNUV4FIvNNPiWOy5fvuqmhnhHbH15t+oYnFJsA6Q+RHILArhSnSKxZ4NO9PaAKnYg2SDe5muVPVTFyddmO4= Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:103::12) by CWXP265MB4506.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:177::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Thu, 17 Mar 2022 08:38:39 +0000 Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9]) by LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9%5]) with mapi id 15.20.5081.017; Thu, 17 Mar 2022 08:38:39 +0000 From: Andrew Campling To: David Schinazi CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session Thread-Index: Adg5T/fU+rhG7dE8Srm3FXsRyRsO1AASpeAAAA9NInU= Date: Thu, 17 Mar 2022 08:38:39 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=419.consulting; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 172718df-186c-4f57-0b83-08da07f188fa x-ms-traffictypediagnostic: CWXP265MB4506:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /rHMhcHSJjiKD/M+tXxqqLI8oKhVPdQxalHgqtq6HVcBLTDJhsiZDZRZuklK1/heNnHgAlLXCrlp4Z2ufNVLFt85TIktpM3sU4tCxoTAAn0f0d+ZEdhvPiMwZO4uR+tfNG1b/CbwWdjhN81pZTK0f/78gjUK1EQ6S0DhaOqEjOPNHYqr/Dcgr9Amg8dKGPLhSmzKZq3TCciTn8P/x3WYLweAG50rCZYaIR8p3MuTrb5QDilWNm7q5oRkIlWznaj1GN4FB7rcp3Pb/isEhZS+q4XekbU2py+WRqD4fNlctvyiHNikX5/0eu3diyliOalkw9S2GYUD8QrxYhs98aCTx67ZYRHUWw/foAfEffpY+vgf6GyJg6T5B2bM4tT40JEw8ki9UmqPNoT9YYIemhZq6pQg6fj+eRZT6sSxGCcAmfRzTnW7kTj45IWA2iQceTaXngOHYIj1MhQnhSwxmAyRlfMi4SjLrb6NYsMbRQmb8ORRRkthb+zJg53RsUCpcbS6Hp+JyAlWY3cp+I7nbjCY8BxAQTh077Gq77+5EwCRA2EefVNixsweF3DJ8nnF4e5ip61lA7fNuOtp/9hPY0yLWHOzYMBsLem2HM4H4ofQrfLXojKrIcuDecuu8KQH9E9I3+ebeIQ6c6VZSwYLcT7wTUDNktqL+dlCKNZsc7BTmEAgzhkhfySice2nbj2hPkgt4rQ9qkKPwKRWb6HE6oUbQd/TPY2QFx/Ta6wAktvUCL30Dkg1zWGlAIEQx3ZxrmkgsT2DYbT+MKOYndn/97BCTUqJJ0eJicb5iIrYod8Fsr4LFTHK1CIrjxvp3R45TnJ9 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(136003)(396003)(376002)(366004)(346002)(39830400003)(38100700002)(53546011)(7696005)(6506007)(122000001)(186003)(52536014)(86362001)(966005)(9686003)(38070700005)(66574015)(8936002)(26005)(71200400001)(33656002)(166002)(55016003)(44832011)(83380400001)(316002)(2906002)(5660300002)(64756008)(508600001)(66946007)(66476007)(76116006)(66446008)(8676002)(66556008)(6916009)(4326008)(46492015); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?UNt3gXtdPgGV9ZzOFrJoyRpNLN0Vs5WpETirVo7PQzQuHWePpaXlxq0e?= =?Windows-1252?Q?1Kl/4wq4kkzXyyIwVR7qAX5/F3Y4OkHk9pjEMEVqkVQdWqDKHKaNY6bn?= =?Windows-1252?Q?70rbQhb16/XEwDS0NL9QmKjnQoFk0JSnCYeGFA0lDS6k62SeHgactLoz?= =?Windows-1252?Q?6oK6vjT49kqLeZE0Jnw+Sa5oAtlVa8xGg5t4roWGrP0hV2kN7lhT6xqR?= =?Windows-1252?Q?oyNhYTo1mk7JYyoDhUSSnh5v5uZvwtjuEPbRnjH8ib5Z3vAhaTQqezqU?= =?Windows-1252?Q?P+rh/QaOEOf2SSCoJdxq5QB6iB5HA93lefhpK81qJI4/uBkq808CGY16?= =?Windows-1252?Q?GoIaY7e3Lxs3JZhXa/nnzZSuWwodkD0pcI6CMqTvlyG5JCnEdXjPpNtU?= =?Windows-1252?Q?HzoIUkjAQ0LS9kMwNDDl60qB6/KiEEEqIrB60ekeC0O9g/eSidatwg5I?= =?Windows-1252?Q?K16mBbvJzsKMjAfSlvm7zSnlU2v2Q+z1dk3I56KOjFsTUEsdACkCthXd?= =?Windows-1252?Q?zExUA9IEZKe//L2DzwkJVVx79Y9cd9tGxqC/pHLMdjMSteiKJWYQ+GAg?= =?Windows-1252?Q?Jq8LtYlnX2PpQUeq12PLsJGHjkGSbeyHrKvnccDJoypp1BP/bNNUSTP0?= =?Windows-1252?Q?wb3IlDuRNbYTwHfQlOqnVYdpoUCbWmcGgk2bR/6vp9nl2/qxeaeScTrO?= =?Windows-1252?Q?EJ9TWmCBuR3XokAc8zxQ5qcfl1Mj4x5NhNWG9OOGhnnPOaubg2B9Sjio?= =?Windows-1252?Q?v8FFDMsC8fKj4dD4qyV7DcbJUQLXW0weUgtreEiW/QEPfGZTYGdg3H4u?= =?Windows-1252?Q?VHOBryIP5tGXHwNPSAfGFX0BuP1ofdkwe+hKQntoY0mouUbHhBihMblj?= =?Windows-1252?Q?1u/D80tMhC0ayLx+c+KX5gjX9OiVl8oTs03sApE/ziXtgVFH2vvRRmMg?= =?Windows-1252?Q?iM4pAj4LWhQpYABGdGpFBBJHOWnPESs1O3AbV4KE5A5DaHyH1TksjLYn?= =?Windows-1252?Q?tr9ppJY+JvLYY0H4kljN2jY8afbOij0CZtK5lmuTJxO97aOLz9p7U6mS?= =?Windows-1252?Q?tUip3u8jhviNSpEAdEA0WMU6HAPbLFA0dXGyJnPZnp78ZwIcCMTIYLgw?= =?Windows-1252?Q?BWTmm0KaOvhLBzMEwGjCGt2Rr+BXOP4YHUOlTnPxN76Af3nHnD9IoDGo?= =?Windows-1252?Q?u9iyubcmn3vFxHGK22noc2eTegCydmZ8wSVHTXuVeAWw3DUBmJwhs/4v?= =?Windows-1252?Q?33fqOs037MdJECWuI0D+ttsA6b7wYgq/fZ3A9LwYkgIufUwdV8JRPZdM?= =?Windows-1252?Q?eRemac31+cszDgD0gTB7Svz+kgIoBnGyPXcSit3W7JQNZlrx2qEoYXxV?= =?Windows-1252?Q?8LNQL34MevRRSic0A4kTDaBR8CCwOD/P2q+X87Jxl22ALk2b8zxfpY7h?= =?Windows-1252?Q?SIlyq9xJAsOpwCwiGS2WeufGQUU1tkYNcX5FRI8KMsIhhRfSqIXrg7tG?= =?Windows-1252?Q?NE3xsg/Aux95EtenntWaL+EaLeHMHBthaLPljTzGVAqksFneHBnOZ0T6?= =?Windows-1252?Q?MIs2r1hGmXPEcK0RUtIS6CKcVDT2g1Ufn+C6Ltf5d32H4diDg4Q9M9Gk?= =?Windows-1252?Q?DRQ=3D?= Content-Type: multipart/alternative; boundary="_000_LO3P265MB20920BC976D371AFDD3FFA1FC2129LO3P265MB2092GBRP_" MIME-Version: 1.0 X-OriginatorOrg: 419.consulting X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 172718df-186c-4f57-0b83-08da07f188fa X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2022 08:38:39.2010 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: cCCS8IYLtKs01MlKGRRQRO1w+19G4O6xQXqECpU8mNmBqB3mG1F9BiV57dcgGDErl8xOKaZDkycf09NWVjjPG4O0uUKGNCWKMipAkmvmkMA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP265MB4506 Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 08:38:49 -0000 --_000_LO3P265MB20920BC976D371AFDD3FFA1FC2129LO3P265MB2092GBRP_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi David Thank you for your interest in the draft. You=92re right to highlight the = benefit of privacy but, as you will see when you read the draft, we highlig= ht a range of issues that can reasonably be considered as being in the inte= rest of end users such as security, cost and complexity. Focusing specifically on privacy, it is of course more complex than encrypt= ion. For example, as noted in the draft, by removing an indicator of compr= omise (the SNI data), a user may be at greater risk of attack from maliciou= s content or simply by surveillance by badly behaved client software. RFC 8890 highlights the importance of multistakeholder input in order to un= derstand the potential trade-offs between competing factors that may impact= end users. This is an instance where such engagement would be beneficial = as it will no doubt highlight other considerations to take into account. As you conclude, let=92s discuss it at Secdispatch but I believe that debat= e will be more useful if we avoid using such a narrow interpretation of end= users' interests. Andrew ________________________________ From: David Schinazi Sent: Thursday, March 17, 2022 1:01 am To: Andrew Campling Cc: secdispatch@ietf.org Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 S= ession Hi Andrew, (I'm writing as an IAB member, but not representing the IAB) Your understanding of IAB document RFC 8890 is incorrect. Encrypting the TL= S Client Hello is performed to protect end users. In particular, it is an e= xample of Section 4.2 "Creating User-Focused Systems" as it brings control = over information sharing closer to the end users. Additionally, ECH was the= product of Section 4.3 "Identifying Negative End-User Impact" as we have s= een abuse of user information caused by networks observing the SNI. That se= ction additionally references RFCs 7258 and 7624 which clearly lay out the = dangers of cleartext information and the user benefit of encryption. If you= 'd like more information on the IAB's position on this topic, we also relea= sed the following statement: . You're welcome to raise your concerns about ECH, but they are in the opposi= te of the spirit of RFC 8890. Let's discuss your draft at secdispatch, but = I can't imagine it progressing with such a clear misunderstanding of RFC 88= 90. Thanks, David On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling wrote: I would like to request some time to dispatch draft-campling-ech-deployment= -considerations at IETF 113. The draft is intended to inject add= itional detail about deployment considerations relating to Encrypted Client= Hello by including observations on current use cases for SNI data in a var= iety of contexts. In the spirit of RFC 8890, we believe that end-user need= s to be taken into account in protocol development and we hope that this do= cument is one small step in that process. Andrew _______________________________________________ Secdispatch mailing list Secdispatch@ietf.org https://www.ietf.org/mailman/listinfo/secdispatch --_000_LO3P265MB20920BC976D371AFDD3FFA1FC2129LO3P265MB2092GBRP_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Hi David
Thank you for your interest in the draft.  You=92re right to highlight= the benefit of privacy but, as you will see when you read the draft, we hi= ghlight a range of issues that can reasonably be considered as being in the= interest of end users such as security, cost and complexity.

Focusing specifically on privacy, it is of course more complex than encrypt= ion.  For example, as noted in the draft, by removing an indicator of = compromise (the SNI data), a user = may be at greater risk of attack from malicious content or simply by surveillance by badly behaved client software.  =

RFC 8890 highlights the importance of m= ultistakeholder input in order to understand the potential trade-offs betwe= en competing factors that may impact end users.  This is an instance w= here such engagement would be beneficial as it will no doubt highlight other considerations to take into account.

As you conclude, let=92s discuss it at = Secdispatch but I believe that debate will be more useful if we avoid using= such a narrow interpretation of end users' interests.

Andrew
 
From: David Schinazi <dschinazi.ietf@gmail.com>
Sent: Thursday, March 17, 2022 1:01 am
To: Andrew Campling <andrew.campling@419.consulting>
Cc: secdispatch@ietf.org <secdispatch@ietf.org>
Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IET= F 113 Session
 
Hi Andrew,

(I'm writing as an IAB member, but not representing the IAB)

Your understanding of IAB document RFC 8890 is incorrect. Encrypting t= he TLS Client Hello is performed to protect end users. In particular, it is= an example of Section 4.2 "Creating User-Focused Systems" as it = brings control over information sharing closer to the end users. Additionally, ECH was the product of Section 4.3 "I= dentifying Negative End-User Impact" as we have seen abuse of user inf= ormation caused by networks observing the SNI. That section additionally re= ferences RFCs 7258 and 7624 which clearly lay out the dangers of cleartext information and the user benefit of encry= ption. If you'd like more information on the IAB's position on th= is topic, we also released the following statement: <https://= www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/>.<= /div>

You're welcome to raise your concerns about ECH, but they are in the o= pposite of the spirit of RFC 8890. Let's discuss your draft at secdispatch,= but I can't imagine it progressing with such a clear misunderstanding of R= FC 8890.

Thanks,
David

On Wed, Mar 16, 2022 at 9:15 AM Andre= w Campling <andrew.campling@419.consulting> wrote:
I would like to request some time to dispatch draft-campling-ech-deployment-considerations= at IETF 113.  The draft is intended to inject additional d= etail about deployment considerations relating to Encrypted Client Hello by= including observations on current use cases for SNI data in a variety of contexts.  In the spirit of RFC 88= 90, we believe that end-user needs to be taken into account in protocol dev= elopment and we hope that this document is one small step in that process.&= nbsp;
 
 
Andrew
&nbs= p;
 
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--_000_LO3P265MB20920BC976D371AFDD3FFA1FC2129LO3P265MB2092GBRP_-- From nobody Mon Mar 21 16:23:22 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37E9B3A14D0 for ; Mon, 21 Mar 2022 16:23:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.906 X-Spam-Level: X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvJ5Yzq-k8o9 for ; Mon, 21 Mar 2022 16:23:00 -0700 (PDT) Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDCB53A1443 for ; Mon, 21 Mar 2022 16:23:00 -0700 (PDT) Received: by mail-il1-x134.google.com with SMTP id b7so11384810ilm.12 for ; Mon, 21 Mar 2022 16:23:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NPUedg51XI6Y+40GxS7I9E/DyY3bKol17zmLoaUdkSY=; b=7ARU+9nz4ByQWVrcXVWmGAEptytDP/oRLSJL3zmNZ2uk7J1PW5cSWycoEp+YGAtN7i TXd9oPmmIoI1xN0POPnTj2v5YmKGp8IG4HDqvBkumzvb7+M4TuTTPZIxkq70bCXJuPIR ber4ZAI+nyJSGInx0RogXUY+hLKF39hgh1GD0JCoEPg5FYBmRjt/K+KBYyMBNZtIVP77 4Ta3fyWz1cpL3s44z2+xApyj/5nuMeQQzKY5oKQZo+npQ8x1p6cH1AfE2areWHO1mULj RO9h8pUBGSjxLL8AHr3Ue/pwOKZg66h4WfPGNN8GiHu8/6XCgWW3ghN5Priq3hG0PO+B bveA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NPUedg51XI6Y+40GxS7I9E/DyY3bKol17zmLoaUdkSY=; b=v8gv76c/2Cpt+VZ70wCrn8yD/eJEAmLyefyxMrEyJQ5OB1LapGRbD816QlJJS5Kez9 wmFZEpXxdz6eTl7wnXkmV1oYD8E6m++MkLRLR57M1NByOuMTVODxx3Cwx8AxRZzvoApf jubgGKo2ySfKR9t2jbIXyIBgZbHIW3OK0haAt7uYLMJCzJPxsxLpJWi8ImCDFuxSk2nI TxFSTvqudn2bN9wuYqW/9AT6wKbJv+MFOyG7tM4yOTpm1GzWaMYgES/+lewS565Heoav 78NlPN+C/bJA/lOmRn7s2GQPsTT6J7Gl7BsjIaG44Dc1F8hV1O+OXHLiuYMiQJM8hzKZ cS6w== X-Gm-Message-State: AOAM533A8gqSdcJPjk6j5sUyUzobVa+32lZEhwThPMdVhRWguCOMT3D4 eWeJWUWIhWs2PbiBI9AR/LYDI5sRwhKZartpQQWZrxFSNe3raQ== X-Google-Smtp-Source: ABdhPJyj89rb5uCCD0Vd1xZOZGH+yYeQ+VS3VVgyAUSFdodQS2vrIYp+6mfJ0ACiow6SPN5TIo1HQuI1QlswbNdIdUk= X-Received: by 2002:a05:6e02:1c2a:b0:2c7:dcdb:86f3 with SMTP id m10-20020a056e021c2a00b002c7dcdb86f3mr11693414ilh.276.1647904979760; Mon, 21 Mar 2022 16:22:59 -0700 (PDT) MIME-Version: 1.0 References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> From: Eric Rescorla Date: Mon, 21 Mar 2022 16:22:24 -0700 Message-ID: To: Henk Birkholz Cc: IETF SecDispatch , scitt@ietf.org Content-Type: multipart/alternative; boundary="000000000000f14e3905dac2c669" Archived-At: Subject: Re: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2022 23:23:05 -0000 --000000000000f14e3905dac2c669 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable OVERALL This document describes a general structure for providing transparency for software artifacts, effectively a generalization of what's often called "binary transparency". This is a useful kind of service in concept an at least theoretically an appropriate topic for IETF. The answer to the secdispatch questions depends, I think on the level of interest people have in deploying such a service and especially with this as a starting point. Specifically, we'd need to hear from: - Software vendors - Potential transparency service (log) operators. I'd particularly like to hear from people who already are involved with Binary Transparency: https://developers.google.com/android/binary_transparency If there is interest, I would be supportive of moving forward with this. Given the complexity of the topic, a BOF is probably the next step. TECHNICAL I do have a few small technical comments. 1. I'm still working through the semantics of the identities you are using. As I understand it, the signatures are intended to provide evidence that the vendor actually published something, but if you use did:web, then can't the vendor just use a different key for each signature and remove the key from the Web site later. What proof is there that the vendor endorsed a specific key? 2. I understand the appeal of the append only log, but I'd observe that much of the value in CT has been achieved without any real verification by clients of the inclusion proofs but just relying entirely on SCTs. So, perhaps we don't need to try as hard here. This point applies to BT as well, I think. 3. S 6.3 seems to require the claim to be appended to the log prior to issuing the receipt. This is not how CT is architected, as I understand it because of concerns about the latency of that process. Instead, certificates have SCTs. Do similar concerns apply here? I'm sure all of these could be addressed during the standards process, and they certainly don't preclude doing this work, but I noted them as I read the document and thought it would be good to record them. On Wed, Mar 9, 2022 at 2:40 PM Henk Birkholz < henk.birkholz@sit.fraunhofer.de> wrote: > Hi secdispatch, > (hi scitt), > > emerging work on the topic of Supply Chain Integrity, Transparency, > Trust has taken some shape recently. > > The work combines existing IETF building blocks to facilitate useful > Internet-based support of global supply chain interoperability. > > Current contributions focus on the definition of Transparency Services > based on Internet technology (using CBOR/CDDL/COSE) to achieve > unambiguous, scaleable, and resilient integration with common devops and > secops requirements. > > I'd like to request secdispatch agenda time for two documents that are > currently submitted: > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ > > and > > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ > > These two contributions are in -00 state. Yet, they already address > essential requirements, such as, air-gapped validation when being > offline, integration of remote attestation, efficient and crypto-agile > signing prescriptions for out-of-the-box interoperability, and - in > essence - long-long-term guarantees in support of various types of > supply chains requirements. > > We=E2=80=99d be happy to present this emerging work in secdispatch with t= he goal > of discussing whether it might fit into the IETF space and how to > progress it together. > > Viele Gr=C3=BC=C3=9Fe, > > Henk > > > > On 26.02.22 02:29, "IETF Secretariat" wrote: > > Dear Mohit Sethi, > > > > The session(s) that you have requested have been scheduled. > > Below is the scheduled session information followed by > > the original request. > > > > > > secdispatch Session 1 (2:00 requested) > > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > > Room Name: Grand Park Hall 3 size: 250 > > --------------------------------------------- > > > > > > iCalendar: > https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics > > > > Request Information: > > > > > > --------------------------------------------------------- > > Working Group Name: Security Dispatch > > Area Name: Security Area > > Session Requester: Mohit Sethi > > > > > > Number of Sessions: 1 > > Length of Session(s): > > Number of Attendees: 200 > > Conflicts to Avoid: > > > > > > > > > > People who must be present: > > Benjamin Kaduk > > Kathleen Moriarty > > Mohit Sethi > > Paul Wouters > > Richard Barnes > > Roman Danyliw > > > > Resources Requested: > > > > Special Requests: > > Please avoid conflict with any Security related BoF. > > --------------------------------------------------------- > > > > > > _______________________________________________ > > Secdispatch mailing list > > Secdispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/secdispatch > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000f14e3905dac2c669 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

OVERALL
This document describes a general structure= for providing transparency
for =C2=A0software artifacts, effectively a = generalization of what's often
called "binary transparency"= ;. This is a useful kind of service in concept
an at least theoretically= an appropriate topic for IETF.

The answer to the secdispatch questi= ons depends, I think on the level
of interest people have in deploying s= uch a service and especially
with this as a starting point. Specifically= , we'd need to hear from:

- Software vendors
- Potential tran= sparency service (log) operators.

I'd particularly like to hear = from people who already are involved
with Binary Transparency: https://deve= lopers.google.com/android/binary_transparency

If there is intere= st, I would be supportive of moving forward with
this. Given the complex= ity of the topic, a BOF is probably the next
step.


TECHNICAL<= br>I do have a few small technical comments.

1. I'm still workin= g through the semantics of the identities you are
=C2=A0 =C2=A0using. As= I understand it, the signatures are intended to provide
=C2=A0 =C2=A0ev= idence that the vendor actually published something, but if you
=C2=A0 = =C2=A0use did:web, then can't the vendor just use a different key for=C2=A0 =C2=A0each signature and remove the key from the Web site later. W= hat
=C2=A0 =C2=A0proof is there that the vendor endorsed a specific key?=

2. I understand the appeal of the append only log, but I'd obse= rve
=C2=A0 =C2=A0that much of the value in CT has been achieved without = any real
=C2=A0 =C2=A0verification by clients of the inclusion proofs bu= t just relying
=C2=A0 =C2=A0entirely on SCTs. So, perhaps we don't n= eed to try as hard
=C2=A0 =C2=A0here. This point applies to BT as well, = I think.

3. S 6.3 seems to require the claim to be appended to the l= og prior to
=C2=A0 =C2=A0issuing the receipt. This is not how CT is arch= itected, as I
=C2=A0 =C2=A0understand it because of concerns about the l= atency of that
=C2=A0 =C2=A0process. Instead, certificates have SCTs. Do= similar concerns
=C2=A0 =C2=A0apply here?

I'm sure all of th= ese could be addressed during the standards process,
and they certainly = don't preclude doing this work, but I noted them
as I read the docum= ent and thought it would be good to record them.

=C2=A0

=C2= =A0





On Wed, Mar 9, 2022 at 2:40 PM Henk Birkholz <henk.birkholz@sit.fraunhof= er.de> wrote:
Hi secdispatch,
(hi scitt),

emerging work on the topic of Supply Chain Integrity, Transparency,
Trust has taken some shape recently.

The work combines existing IETF building blocks to facilitate useful
Internet-based support of global supply chain interoperability.

Current contributions focus on the definition of Transparency Services
based on Internet technology (using CBOR/CDDL/COSE) to achieve
unambiguous, scaleable, and resilient integration with common devops and secops requirements.

I'd like to request secdispatch agenda time for two documents that are =
currently submitted:
=C2=A0 > https://datatracker.i= etf.org/doc/draft-birkholz-scitt-architecture/

and

> https://datatracker.ietf.org/doc= /draft-birkholz-scitt-receipts/

These two contributions are in -00 state. Yet, they already address
essential requirements, such as, air-gapped validation when being
offline, integration of remote attestation, efficient and crypto-agile
signing prescriptions for out-of-the-box interoperability, and - in
essence - long-long-term guarantees in support of various types of
supply chains requirements.

We=E2=80=99d be happy to present this emerging work in secdispatch with the= goal
of discussing whether it might fit into the IETF space and how to
progress it together.

Viele Gr=C3=BC=C3=9Fe,

Henk



On 26.02.22 02:29, "IETF Secretariat" wrote:
> Dear Mohit Sethi,
>
> The session(s) that you have requested have been scheduled.
> Below is the scheduled session information followed by
> the original request.
>
>
>=C2=A0 =C2=A0 =C2=A0 secdispatch Session 1 (2:00 requested)
>=C2=A0 =C2=A0 =C2=A0 Tuesday, 22 March 2022, Afternoon Session II 1430-= 1630
>=C2=A0 =C2=A0 =C2=A0 Room Name: Grand Park Hall 3 size: 250
>=C2=A0 =C2=A0 =C2=A0 ---------------------------------------------
>
>
> iCalendar: https://datatracker= .ietf.org/meeting/113/sessions/secdispatch.ics
>
> Request Information:
>
>
> ---------------------------------------------------------
> Working Group Name: Security Dispatch
> Area Name: Security Area
> Session Requester: Mohit Sethi
>
>
> Number of Sessions: 1
> Length of Session(s):
> Number of Attendees: 200
> Conflicts to Avoid:
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
>
>
> People who must be present:
>=C2=A0 =C2=A0 Benjamin Kaduk
>=C2=A0 =C2=A0 Kathleen Moriarty
>=C2=A0 =C2=A0 Mohit Sethi
>=C2=A0 =C2=A0 Paul Wouters
>=C2=A0 =C2=A0 Richard Barnes
>=C2=A0 =C2=A0 Roman Danyliw
>
> Resources Requested:
>
> Special Requests:
>=C2=A0 =C2=A0 Please avoid conflict with any Security related BoF.
> ---------------------------------------------------------
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispa= tch

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000f14e3905dac2c669-- From nobody Mon Mar 21 19:17:25 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D1A3A1750 for ; Mon, 21 Mar 2022 19:17:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.107 X-Spam-Level: X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=i6jXoXKW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bg//VElZ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qLHPS5QF-Jx for ; Mon, 21 Mar 2022 19:17:16 -0700 (PDT) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8EA63A1CB6 for ; Mon, 21 Mar 2022 19:17:16 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id B5A2B3200EC0; Mon, 21 Mar 2022 22:17:15 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 21 Mar 2022 22:17:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=UfSVaZvKdLHYR6 Yqy/6yQy0lIxzdkOpNaB5GrXY0UAY=; b=i6jXoXKWZRqeUV7oTd0QhtB1MkCigs UV8yuMseZpkmGMjgfpdCaKDOPREiFGKpNrZjvrQfSrqRU+W6ECOOyty1w7TMJ5EB vzwmDsddCF4JJsNxTOkKBeGLRmN+/dxsJ678uW+mRepVMiwqSWlnWteopz7n/+BU xv9ZBU12HZxjNJaNn/OJxzmHX1DhbUAOoJ7JfNjVNKfZndNxhUmOGhd126EjnmGT XVAqRJX1nnofrzVQrawXRLOwv6jTTqStSckoAOoPVpi5LASM1wrS+sba/CPMcI4K 8uoesXyZjQ618BDsWLpImfulocYa+sCX17Gc4dQkg8zpnMFVF1jjWSiw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=UfSVaZvKdLHYR6Yqy/6yQy0lIxzdkOpNaB5GrXY0U AY=; b=bg//VElZ8dut/4hVEu+a1WkeCDWe4nNTVaWdsSFaVhhB6YT4wem4+lSXo E+MD6T6FIkcUliF3eQ4PljzQnDg/BUr51kVvw1BDqHV757lGM3D4Ni1XR04jqoN8 nwn6b65RPE8YcS23kjh9y/+GiBAle+i0Dkl7TYy7H4uBE92xwcl06cZFrOES01rB kV2RTA88uNsQa0k+zSChQZFzpEYZbBVY3ZRoTXQWI1c9Q1hW1JLiQ8b6WaIEjrlQ +GGkpUGqn9JIEGnxE/RDAQ7k33LtrI3wZT2DiNs4obGTKQzd5oGMxTakP9+4db/p qtypumNHgcJnTyr9IGJEji5S9C/NQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeggedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtjeenucfhrhhomhepofgrrhhk ucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeduhfdtudegfedtfeekveevgefhveevffetjeefkeehteeglefhvdfhffdvfefh gfenucffohhmrghinhepihgrsgdrohhrghdpihgvthhfrdhorhhgpdhmnhhothdrnhgvth enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmnhho thesmhhnohhtrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 21 Mar 2022 22:17:13 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) From: Mark Nottingham In-Reply-To: Date: Tue, 22 Mar 2022 13:17:11 +1100 Cc: David Schinazi , "secdispatch@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> References: To: Andrew Campling X-Mailer: Apple Mail (2.3696.80.82.1.1) Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 02:17:24 -0000 I'm not going to be at SECDISPATCH, so I'll make my comments here. First, a general comment. Andrew, you seem to be forming a habit of = relying on 8890 to get air time for your arguments. That RFC's focus is = on encouraging the IETF community to consider the impacts of its actions = elsewhere. The only place it privileges those already active here is = when it talks about civil society organisations' ability to act as a = channel for engaging the broader Internet community. I don't believe = you're acting in that capacity here.=20 I.e., your arguments should stand on their own -- invoking 8890 doesn't = reinforce them. Now, regarding the draft -- draft-campling-ech-deployment-considerations = seems to assume that the *only* viable way to scan for viruses, impose = parental controls, or control access to resources is by having a network = element impose it without coordination. Your draft supports this by = noting that transparent proxies are used because they're easier to = administer than on-endpoint software -- a viewpoint which privileges = administrator convenience and cost over user safety, and ignores other = options. The underlying problem is that such "transparent proxy" services are = unauthenticated -- they rely on the user understanding that the network = is going to perform these services, and accepting their imposition. = They're also disproportionate, giving complete access to all data flows = and capabilities on the connection. Performing these tasks in this fashion allows not only legitimate = authorities to impose them, but also illegitimate attackers. As such, = they're inappropriate for deployment on the Internet, and that's why = we're seeing efforts like ECH -- use of this data and the associated = control channel without explicit user authorisation is not = "permissionless innovation" (as your draft states), it's an open door to = abuse. Put bluntly, you (as a network operator) don't have a right to = "innovate" with my data (as a user) -- especially without my permission. This doesn't reduce the urgency of meeting those goals for some users, = but it does mean that they need to be met without endangering security = and privacy for all users on the Internet, even if that has historically = been the path of least resistance. It also doesn't mean that the path forward will be easy. What's required = is a discussion and implementation of interfaces for offloading these = functions from operating systems, applications, and IoT devices -- = potentially to somewhere else on the network -- in a way that maintains = users' autonomy, privacy, and security, and in a proportional way (i.e., = only as much access to data as required to fulfil the task). That is = difficult not only because of the inherent user interface subtleties and = potential for abuse/hijacking, but also because there is little current = coordination or convergence at that layer. The IETF has a very clear responsibility to assure that the protocols it = ships are secure -- hence, ECH. It *could* have a role to play in = responsibly offloading these functions, especially where the work = intersects protocol design. There is also other work to be done that's = squarely outside our scope. I'd suggest that you and your co-authors = focus on assisting those positive, forward-looking efforts rather than = trying to stop ECH deployment. Cheers, > On 17 Mar 2022, at 7:38 pm, Andrew Campling = wrote: >=20 > Hi David > Thank you for your interest in the draft. You=E2=80=99re right to = highlight the benefit of privacy but, as you will see when you read the = draft, we highlight a range of issues that can reasonably be considered = as being in the interest of end users such as security, cost and = complexity. >=20 > Focusing specifically on privacy, it is of course more complex than = encryption. For example, as noted in the draft, by removing an = indicator of compromise (the SNI data), a user may be at greater risk of = attack from malicious content or simply by surveillance by badly behaved = client software. =20 >=20 > RFC 8890 highlights the importance of multistakeholder input in order = to understand the potential trade-offs between competing factors that = may impact end users. This is an instance where such engagement would = be beneficial as it will no doubt highlight other considerations to take = into account. >=20 > As you conclude, let=E2=80=99s discuss it at Secdispatch but I believe = that debate will be more useful if we avoid using such a narrow = interpretation of end users' interests. >=20 > Andrew > =20 > From: David Schinazi > Sent: Thursday, March 17, 2022 1:01 am > To: Andrew Campling > Cc: secdispatch@ietf.org > Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF = 113 Session > =20 > Hi Andrew, >=20 > (I'm writing as an IAB member, but not representing the IAB) >=20 > Your understanding of IAB document RFC 8890 is incorrect. Encrypting = the TLS Client Hello is performed to protect end users. In particular, = it is an example of Section 4.2 "Creating User-Focused Systems" as it = brings control over information sharing closer to the end users. = Additionally, ECH was the product of Section 4.3 "Identifying Negative = End-User Impact" as we have seen abuse of user information caused by = networks observing the SNI. That section additionally references RFCs = 7258 and 7624 which clearly lay out the dangers of cleartext information = and the user benefit of encryption. If you'd like more information on = the IAB's position on this topic, we also released the following = statement: = . >=20 > You're welcome to raise your concerns about ECH, but they are in the = opposite of the spirit of RFC 8890. Let's discuss your draft at = secdispatch, but I can't imagine it progressing with such a clear = misunderstanding of RFC 8890. >=20 > Thanks, > David >=20 > On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling = wrote: > I would like to request some time to dispatch = draft-campling-ech-deployment-considerations at IETF 113. The draft is = intended to inject additional detail about deployment considerations = relating to Encrypted Client Hello by including observations on current = use cases for SNI data in a variety of contexts. In the spirit of RFC = 8890, we believe that end-user needs to be taken into account in = protocol development and we hope that this document is one small step in = that process.=20 > =20 > =20 > Andrew > =20 > =20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch -- Mark Nottingham https://www.mnot.net/ From nobody Tue Mar 22 02:24:36 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 672A83A0D1C for ; Tue, 22 Mar 2022 02:24:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.108 X-Spam-Level: X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OW0wUEHjpQ6B for ; Tue, 22 Mar 2022 02:24:28 -0700 (PDT) Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EE433A0E0D for ; Tue, 22 Mar 2022 02:24:08 -0700 (PDT) Received: by mail-qt1-x829.google.com with SMTP id v14so13965826qta.2 for ; Tue, 22 Mar 2022 02:24:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:content-transfer-encoding:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=c5N0NFFON577ABuqthrUTRQ/1wIe9Az19iBTRpFogVw=; b=aQ7N+YBn8HOQeScSWknKX1hA/YxkZojvdVPu3oZ4iBgTJlSmOzzvtnMzKvVcaXyQ27 +ngrS11Kb9rt9TyvF0rD09dIJIgJ2O7zs0iCfrfclYxrmOuezaLHPdGQm/p7LYS4czSC 1gXW+3iSZLhCNj7Y+ry/d+mTk7VlfdE/6dDzbywZGZzY9BTD1qDCoFddUcTL1gXfj3MT GVOEcI4dg3MQq0DnJc6fZdYgBNnL+ukHoygC5ruMmmEKoya1R9/Qyv9e4g7cGZyObdO5 t/i36gSxQgTaiiKXE0KlsJq19Bj8brYLuxSWCLFC0Fo4j3Riwnf2corirxpWTuclkQxW p4ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=c5N0NFFON577ABuqthrUTRQ/1wIe9Az19iBTRpFogVw=; b=JxhwSRJLNmVlit7utD21WyjAxYiqy3fYy5v/SCZKzoFY8fKGZvxupNazYxE9dCel0G 1vmClQLUmAihd2a27qY2WsP1ddNbUCImuo27kSDelO3d56aDQV4LXZO4xElnWJAwhtuo N3RRC6w/qTVh5byADhvmQvZpQYWOuCrfzJYEaZw6FCY4JQrXZE0c4DNqiun7CU8ndBB2 CZ4aWcB2WHhIP8zDXjKCzHwvU7WOYKLT6DkCdxxV4N16Tf/oRefQT7h7ZoiYavaWQo8N FWZaenAb5cL0PV3T5W/QqxuNc6tilAh+ys9Mohp3l/MAM+FMGzsmeYm/0eqRJpkW0sPb oK5g== X-Gm-Message-State: AOAM531nSD1LkQEV7swtNgU4Uo289E9Re6Ln8MtAGjZT6n91B7qlS1x4 r2Qb8jyo993xSyb3cbVTSs4rL92W7WU13A== X-Google-Smtp-Source: ABdhPJxH5LGOummgWWe62bDGAAiQknV2lOSjrLWCR3dyBERBIpbjw9D281GP915jqS1NokT9EonBEg== X-Received: by 2002:ac8:5a4c:0:b0:2e1:ce81:bfde with SMTP id o12-20020ac85a4c000000b002e1ce81bfdemr19670037qta.446.1647941046663; Tue, 22 Mar 2022 02:24:06 -0700 (PDT) Received: from smtpclient.apple (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id g4-20020ac87d04000000b002e06b4674a1sm13556080qtb.61.2022.03.22.02.24.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Mar 2022 02:24:06 -0700 (PDT) From: Kathleen Moriarty X-Google-Original-From: Kathleen Moriarty Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Tue, 22 Mar 2022 05:24:05 -0400 Message-Id: <940DBC69-34CA-41EC-ACEB-E3E562772038@gmail.com> References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> Cc: Andrew Campling , David Schinazi , secdispatch@ietf.org In-Reply-To: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> To: Mark Nottingham X-Mailer: iPhone Mail (19D52) Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 09:24:34 -0000 Mark, Sent from my mobile device > On Mar 21, 2022, at 10:17 PM, Mark Nottingham wrote: >=20 > =EF=BB=BFI'm not going to be at SECDISPATCH, so I'll make my comments here= . >=20 > First, a general comment. Andrew, you seem to be forming a habit of relyin= g on 8890 to get air time for your arguments. That RFC's focus is on encoura= ging the IETF community to consider the impacts of its actions elsewhere. Th= e only place it privileges those already active here is when it talks about c= ivil society organisations' ability to act as a channel for engaging the bro= ader Internet community. I don't believe you're acting in that capacity here= .=20 >=20 > I.e., your arguments should stand on their own -- invoking 8890 doesn't re= inforce them. >=20 > Now, regarding the draft -- draft-campling-ech-deployment-considerations s= eems to assume that the *only* viable way to scan for viruses, impose parent= al controls, or control access to resources is by having a network element i= mpose it without coordination. Your draft supports this by noting that trans= parent proxies are used because they're easier to administer than on-endpoin= t software -- a viewpoint which privileges administrator convenience and cos= t over user safety, and ignores other options. No hat -=20 Are there more options than Safe Browsing and endpoint solutions? There are D= NS based solutions, but if DoH forces you to go to a dedicated DNS server yo= u don=E2=80=99t get that filtering. It=E2=80=99s more helpful if the alterna= tive options are spelled out as well as how solutions are used. Closing a se= curity gap before other solutions are viable or in place will only exacerbat= e the very real problems faced by organizations and their users experiencing= attacks including random ware. Best regards, Kathleen=20 >=20 > The underlying problem is that such "transparent proxy" services are unaut= henticated -- they rely on the user understanding that the network is going t= o perform these services, and accepting their imposition. They're also dispr= oportionate, giving complete access to all data flows and capabilities on th= e connection. >=20 > Performing these tasks in this fashion allows not only legitimate authorit= ies to impose them, but also illegitimate attackers. As such, they're inappr= opriate for deployment on the Internet, and that's why we're seeing efforts l= ike ECH -- use of this data and the associated control channel without expli= cit user authorisation is not "permissionless innovation" (as your draft sta= tes), it's an open door to abuse. Put bluntly, you (as a network operator) d= on't have a right to "innovate" with my data (as a user) -- especially witho= ut my permission. >=20 > This doesn't reduce the urgency of meeting those goals for some users, but= it does mean that they need to be met without endangering security and priv= acy for all users on the Internet, even if that has historically been the pa= th of least resistance. >=20 > It also doesn't mean that the path forward will be easy. What's required i= s a discussion and implementation of interfaces for offloading these functio= ns from operating systems, applications, and IoT devices -- potentially to s= omewhere else on the network -- in a way that maintains users' autonomy, pri= vacy, and security, and in a proportional way (i.e., only as much access to d= ata as required to fulfil the task). That is difficult not only because of t= he inherent user interface subtleties and potential for abuse/hijacking, but= also because there is little current coordination or convergence at that la= yer. >=20 > The IETF has a very clear responsibility to assure that the protocols it s= hips are secure -- hence, ECH. It *could* have a role to play in responsibly= offloading these functions, especially where the work intersects protocol d= esign. There is also other work to be done that's squarely outside our scope= . I'd suggest that you and your co-authors focus on assisting those positive= , forward-looking efforts rather than trying to stop ECH deployment. >=20 > Cheers, >=20 >=20 >> On 17 Mar 2022, at 7:38 pm, Andrew Campling wrote: >>=20 >> Hi David >> Thank you for your interest in the draft. You=E2=80=99re right to highli= ght the benefit of privacy but, as you will see when you read the draft, we h= ighlight a range of issues that can reasonably be considered as being in the= interest of end users such as security, cost and complexity. >>=20 >> Focusing specifically on privacy, it is of course more complex than encry= ption. For example, as noted in the draft, by removing an indicator of comp= romise (the SNI data), a user may be at greater risk of attack from maliciou= s content or simply by surveillance by badly behaved client software. =20 >>=20 >> RFC 8890 highlights the importance of multistakeholder input in order to u= nderstand the potential trade-offs between competing factors that may impact= end users. This is an instance where such engagement would be beneficial a= s it will no doubt highlight other considerations to take into account. >>=20 >> As you conclude, let=E2=80=99s discuss it at Secdispatch but I believe th= at debate will be more useful if we avoid using such a narrow interpretation= of end users' interests. >>=20 >> Andrew >>=20 >> From: David Schinazi >> Sent: Thursday, March 17, 2022 1:01 am >> To: Andrew Campling >> Cc: secdispatch@ietf.org >> Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113= Session >>=20 >> Hi Andrew, >>=20 >> (I'm writing as an IAB member, but not representing the IAB) >>=20 >> Your understanding of IAB document RFC 8890 is incorrect. Encrypting the T= LS Client Hello is performed to protect end users. In particular, it is an e= xample of Section 4.2 "Creating User-Focused Systems" as it brings control o= ver information sharing closer to the end users. Additionally, ECH was the p= roduct of Section 4.3 "Identifying Negative End-User Impact" as we have seen= abuse of user information caused by networks observing the SNI. That sectio= n additionally references RFCs 7258 and 7624 which clearly lay out the dange= rs of cleartext information and the user benefit of encryption. If you'd lik= e more information on the IAB's position on this topic, we also released the= following statement: . >>=20 >> You're welcome to raise your concerns about ECH, but they are in the oppo= site of the spirit of RFC 8890. Let's discuss your draft at secdispatch, but= I can't imagine it progressing with such a clear misunderstanding of RFC 88= 90. >>=20 >> Thanks, >> David >>=20 >> On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling wrote: >> I would like to request some time to dispatch draft-campling-ech-deployme= nt-considerations at IETF 113. The draft is intended to inject additional d= etail about deployment considerations relating to Encrypted Client Hello by i= ncluding observations on current use cases for SNI data in a variety of cont= exts. In the spirit of RFC 8890, we believe that end-user needs to be taken= into account in protocol development and we hope that this document is one s= mall step in that process.=20 >>=20 >>=20 >> Andrew >>=20 >>=20 >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch >=20 > -- > Mark Nottingham https://www.mnot.net/ >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch From nobody Tue Mar 22 02:31:54 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A10D3A09A1 for ; Tue, 22 Mar 2022 02:31:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.108 X-Spam-Level: X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQnZlFkK5d3Y for ; Tue, 22 Mar 2022 02:31:47 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF2C33A0D50 for ; Tue, 22 Mar 2022 02:31:34 -0700 (PDT) Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22M40Y18005440; Tue, 22 Mar 2022 09:31:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=Em4U20hoy/sfRJi/yTPp9ihnCvNty0pB5uPAdFPdKJA=; b=IiWvpigQGZSMMUHC4+bj85FNVWo4l7rT5XO2B6g3ntAIcs9jgWIoZak4vS1Nq8VNKTIH N8l7/3xdS917v1ywInbyiL/W7eHyoShvYGG4TrlsiTNKeGStb77AbFSbxiQR6G9EkKRS sLrnOq9er57fQmjPbYOobwOhjR827/iHsNWvRlpF5d7jB7jwxgVQ8JbSCf/hIgLs7qkw 1QtSldXllL6zOI38Nj9lQ+gBn9ki8HdcaanQw09GSHR6uUs1DOardk+xxX51eeONaON8 MmZxIjJ7h35uolaSV03WvPpsGD7JDr8+1aRw5fAw3FYYZKOYhl1VtjU9nACafsMT9Wv+ gA== Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3ew4x0byth-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Mar 2022 09:31:27 +0000 Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 22M9Jd58031812; Tue, 22 Mar 2022 02:31:26 -0700 Received: from email.msg.corp.akamai.com ([172.27.91.25]) by prod-mail-ppoint5.akamai.com with ESMTP id 3ewd5avcmk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Mar 2022 02:31:26 -0700 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag4mb1.msg.corp.akamai.com (172.27.91.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.922.27; Tue, 22 Mar 2022 05:31:26 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 22 Mar 2022 05:31:26 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.033; Tue, 22 Mar 2022 05:31:26 -0400 From: "Salz, Rich" To: Kathleen Moriarty , Mark Nottingham CC: David Schinazi , Andrew Campling , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session Thread-Index: Adg5T/fU+rhG7dE8Srm3FXsRyRsO1AAbB6UAAA/1v4AA7iJxgAAO6MiA//++/IA= Date: Tue, 22 Mar 2022 09:31:25 +0000 Message-ID: References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> <940DBC69-34CA-41EC-ACEB-E3E562772038@gmail.com> In-Reply-To: <940DBC69-34CA-41EC-ACEB-E3E562772038@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.59.22031300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.164.43] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-22_02:2022-03-18, 2022-03-22 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=739 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203220056 X-Proofpoint-GUID: cEaNOphGsTvtj37fJtcdBrgEZHxI0D_f X-Proofpoint-ORIG-GUID: cEaNOphGsTvtj37fJtcdBrgEZHxI0D_f X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-22_03,2022-03-21_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 impostorscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 mlxscore=0 priorityscore=1501 spamscore=0 clxscore=1011 bulkscore=0 mlxlogscore=742 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203220057 Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 09:31:53 -0000 PiAgVGhlcmUgYXJlIEROUyBiYXNlZCBzb2x1dGlvbnMsIGJ1dCBpZiBEb0ggZm9yY2VzIHlvdSB0 byBnbyB0byBhIGRlZGljYXRlZCBETlMgc2VydmVyIHlvdSBkb27igJl0IGdldCB0aGF0IGZpbHRl cmluZy4NCg0KUGVyaGFwcyB3ZSBjYW4gbG93ZXIgdGhlIHRlbXBlcmF0dXJlIG9mIGRpc2N1c3Np b24gYnkgbm90IHVzaW5nIHN1Y2ggbG9hZGVkIHRlcm1zIGFzICJEb0ggZm9yY2VzIHlvdSINCiAN Cg0K From nobody Tue Mar 22 02:36:44 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27A063A0D32 for ; Tue, 22 Mar 2022 02:36:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.708 X-Spam-Level: X-Spam-Status: No, score=-0.708 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtPa75a5ZHf7 for ; Tue, 22 Mar 2022 02:36:35 -0700 (PDT) Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 939E33A0E31 for ; Tue, 22 Mar 2022 02:36:15 -0700 (PDT) Received: by mail-ua1-x92e.google.com with SMTP id i5so1495737uab.1 for ; Tue, 22 Mar 2022 02:36:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=jfaN50HSgUqr4UTjfeVcbEPIM51WqQ/5Kw6x9kyjAts=; b=CJLVJiuA9sXprqlZR3PV5mlQgSDMwjQOF+ZIjhVLWP27+nYJmO8Tv0wgxYZzd0iULr agzKvigTqp6sQcWzjHVn9vTzZPm2Cwhp/B+14j2/5p7LEzfK+al439llPUSwiN6JKUcc wpb0otyaIPAQPwno+cmU29aUK/BFX+q+iLc1d8QW0gxY3tn7YmBkjQApyOaiFEZqFu+b fZR4RyvyFb5u6s0O74OtD7NLBe+cPab8+ukfdZ/Xpw6g+Ni9a2vwJIBVT12gU9nWsz/K Eys2ileWa0Abns82oE2DXXG4w5PTZp/7WBoZKjfVCV1vohtw5Hi2Lcy3N5g2IZJb8WKD EwJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jfaN50HSgUqr4UTjfeVcbEPIM51WqQ/5Kw6x9kyjAts=; b=T5TIlX4PYjlciAV9uiahP6r6lSLHXl1EN3K9ZNS9sq3DAOh2y4ij/v8dA5RUQo/2gS o9nDW2bdSIKLCY2qnTS9i4Sv443EzQIntoOTAaDcNWG6zlMUBEBQzQpMxJ5kaPduLLyf ImvNyR6feQKuJKUeYHPS2bKk/S9JA0VBQefp9KaLorFFA1N7FnB/BjlBjMY6VKa0Pwx9 fYnJWAVM5uq8BgjVqMhpEfw5Ywk1hCggHRZN17mhpJi6eLbsymbA8Ez8OT2A9We1gzqY FxZSTiB6N6/Ueq49Kkntc8FIPCp1ACMwFUqAL8bpbpgMxrJlnsFanEPjN7KjVwxx9jvO EK8Q== X-Gm-Message-State: AOAM5306qcem3EuFfKVy8+jRAfTEHbg4DdCVw/MwIOApgm6Jwx31+0Vg vD3Hi0AX3iMLHUBxsNOaoQme0Vo/DJDQvUIaLfVg8jwLgEc= X-Google-Smtp-Source: ABdhPJz3Fa9P5yDg9ZUFuIZ7F0V27DnzLzwuFxPJ+H54UBgpjfW/3qT3r0W2MUmXVdLpjz7+GID/4gcYxLZazfIj33s= X-Received: by 2002:ab0:2351:0:b0:347:2121:547a with SMTP id h17-20020ab02351000000b003472121547amr8072384uao.15.1647941774068; Tue, 22 Mar 2022 02:36:14 -0700 (PDT) MIME-Version: 1.0 From: Kathleen Moriarty Date: Tue, 22 Mar 2022 05:35:38 -0400 Message-ID: To: IETF SecDispatch Content-Type: multipart/alternative; boundary="0000000000000dd3fd05dacb5830" Archived-At: Subject: [Secdispatch] Slides X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 09:36:40 -0000 --0000000000000dd3fd05dacb5830 Content-Type: text/plain; charset="UTF-8" Good morning, I only see one set of slides have been uploaded. Please get them in right away if you are presenting. Thank you, Kathleen -- Best regards, Kathleen --0000000000000dd3fd05dacb5830 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Good morning,

I only see one set of sli= des have been uploaded. Please get them in right away if you are presenting= .

Thank you,
Kathleen
<= div>
--

Best regards,
K= athleen
--0000000000000dd3fd05dacb5830-- From nobody Tue Mar 22 02:37:06 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E7C3A0D35 for ; Tue, 22 Mar 2022 02:37:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.108 X-Spam-Level: X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFUBTDMhjYeY for ; Tue, 22 Mar 2022 02:36:58 -0700 (PDT) Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45C73A0D32 for ; Tue, 22 Mar 2022 02:36:54 -0700 (PDT) Received: by mail-vs1-xe2d.google.com with SMTP id t123so393476vst.13 for ; Tue, 22 Mar 2022 02:36:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=sLpsJU+embshMJDIC0pSoNth91d+HPFfNA2Xj1hyfgs=; b=AF9gbavX4iUjTeQ+vKKOuB3UTBDvsvWZr0Um5OfI40sgsRuAr/C7jGFHZuUFK6MQcN r6AJR/0sIr8poL6ns/nVaJ0/HrgLZne/QZBO49CqAQA5CD5ZluSdg1yEOb+mmQCny/O/ 0qPe+VvyX+OSlDVQy11WHOGPlbUnOaeTyt0GuWd+DixoPjKQC2qP3E3tyRJD6EQzFM0E ZUtemNAKmfn1X97oyDsJZTRijrtPvGgbtY1O5XsQ1jKjwYfeI9QkjxzQkxCX9D3GTeAG 7RRQ6oJCbeOAd9z5NeqtQQ7v6imhMBWm5In2XpCdp6SLzV8HbJJZrt/7GJjiaokEJL+P O0dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=sLpsJU+embshMJDIC0pSoNth91d+HPFfNA2Xj1hyfgs=; b=IHzMIFNYGGfLt6qicd/vpArTSFxlA0yAmFgAbtuG73CyNiHv1lPQyMR00a8Z/y2OL/ u7P22juKgbYBSj+eAyti7A9aFnLh6qrOoxCMLwBn/poDSpIrLxRKgoyeOzH1fEk8vdOz HwMniauGo50y1D67/FqXjehvVlLkiFWegHGnI1CUXZp7GYyirXocgZAZovRsttM+8buC xXlPEMrs1BU55MGCby9iOb/xiLFZ9HQ/al+5GHtHy2IGGcHM/Bw0dEitqnEUoH+k5/Em XDg+j164ASDe6d5mpZMj5IKezAbBvwfLlVn2YEjT39tH1RfHZgUYAWPY1f8zPrsx1aTd lYLA== X-Gm-Message-State: AOAM533oCHLQdkCAsdzFNFp1WAtDMS3n5f7DsaGEitz1I28FHbCFVCAK j7BjaMMK8sj2+5tXMhJb+K1HpKSmN9y5czqTTixwaaezb8o= X-Google-Smtp-Source: ABdhPJyXKf3Pwe0GsIS8DDrlqUoaR+gCAy7bOI9SCLUsh1C5s6+TY4i5L3KHJVgOckNtZ4qxKVC2feegaqt4aE5ODbw= X-Received: by 2002:a05:6102:559f:b0:325:97a:dcd9 with SMTP id dc31-20020a056102559f00b00325097adcd9mr3115436vsb.82.1647941813717; Tue, 22 Mar 2022 02:36:53 -0700 (PDT) MIME-Version: 1.0 From: Kathleen Moriarty Date: Tue, 22 Mar 2022 05:36:18 -0400 Message-ID: To: IETF SecDispatch Content-Type: multipart/alternative; boundary="0000000000006acefc05dacb5a08" Archived-At: Subject: [Secdispatch] Note takers X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 09:37:05 -0000 --0000000000006acefc05dacb5a08 Content-Type: text/plain; charset="UTF-8" Greetings! Can we please have 2 volunteers to take minutes for the session? Thank you! -- Best regards, Kathleen --0000000000006acefc05dacb5a08 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Greetings!

Can we please have 2 volunte= ers to take minutes=C2=A0for the session?

Thank yo= u!

--

Best= regards,
Kathleen
--0000000000006acefc05dacb5a08-- From nobody Tue Mar 22 02:55:57 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B6D13A0D79 for ; Tue, 22 Mar 2022 02:55:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.905 X-Spam-Level: X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtzOLc3HVnT2 for ; Tue, 22 Mar 2022 02:55:50 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72B653A0D6F for ; Tue, 22 Mar 2022 02:55:50 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id e22so19541200ioe.11 for ; Tue, 22 Mar 2022 02:55:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dYIikbro8MQONlnUdfqqz1dNDE4j+nLp68aa9oNmfhM=; b=niIzaTeVKPGNIaEh42eq5lM+ALBik7s5h1EQfA47Axxz4cKI2f7Ns4QJ3rh/edHDoY 0JdVXht+Cq9C8dKi5EHKISdYCHI9yKJQpsTnnbx5TJuDnduZDh3qem5QfKK/CHxWANmv Z4XmE4kmcjGpoFUT0j8aoYaFABZxvGWqg9K3DawRv7TC+vgMSjHR4L80ajewH4x7Wtkg DScNQqWQDCi7BKDNZnzsxskE0G99BxhG4V1j10X4mpVrKaSLIIeLMGDiDPKq3nngrvJW 6A3pW0Jigd9yXEycY76Fexkh/zq39P+nXGoWZQE7aAU2ChPuC1QDpZ/1LgjJwqiljkPa Korg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dYIikbro8MQONlnUdfqqz1dNDE4j+nLp68aa9oNmfhM=; b=5BHFBwdBLA2wPrKymFU2nI2FIJpH5E8ZdRVxyOAOUFWn2n9FGDOlz4Nsn3jL0OYuGV iOz9r/HV3TdLAd1b2iVYkRfRzEX4N3o9KeMjDs2znfeJtq+zphCbxZuft7Ap94IQV92c OeeEkhfbuv2CDkTa0j71xVsN/EhmqxRdRMZDWb1h3DuUqllThqch2DQMm6jr5hQkjltm rJyeov2TZL0BeRJRGIMrjwsZxGolVSD5mL0DkhVMZKZqyZ+9IN31Rnf2hOorWOOJTBBn 41HTm0Ntiu2Jo7BO7E93pAVdiuNi6oHO8z2ZuxUiTCBynF1kNfp3Hvp4swenYmrNdH8W R4kQ== X-Gm-Message-State: AOAM5309XVuxTLLlX9kqxEsPMbewscMXPruHkE+qGWjCFimpB+Uz47h5 9dR6W9vpb9S8gFIGQEyWJwoqup/dMvsw9rXqfpKfyg== X-Google-Smtp-Source: ABdhPJxCYW1pgnP7D2b0WPIavxE81dyyK68lk6FwTCbJnYBmS/6ehBdKV8HjImhUAVmwub2TF/AqXuIqOxL2medoDXM= X-Received: by 2002:a05:6602:26cd:b0:649:2bae:a63a with SMTP id g13-20020a05660226cd00b006492baea63amr11981839ioo.148.1647942949484; Tue, 22 Mar 2022 02:55:49 -0700 (PDT) MIME-Version: 1.0 References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> <940DBC69-34CA-41EC-ACEB-E3E562772038@gmail.com> In-Reply-To: <940DBC69-34CA-41EC-ACEB-E3E562772038@gmail.com> From: Eric Rescorla Date: Tue, 22 Mar 2022 02:55:13 -0700 Message-ID: To: Kathleen Moriarty Cc: Mark Nottingham , David Schinazi , Andrew Campling , IETF SecDispatch Content-Type: multipart/alternative; boundary="0000000000001d4c0505dacb9e31" Archived-At: Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 09:55:55 -0000 --0000000000001d4c0505dacb9e31 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Mar 22, 2022 at 2:24 AM Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > Mark, > > Sent from my mobile device > > > On Mar 21, 2022, at 10:17 PM, Mark Nottingham wrote: > > > > =EF=BB=BFI'm not going to be at SECDISPATCH, so I'll make my comments h= ere. > > > > First, a general comment. Andrew, you seem to be forming a habit of > relying on 8890 to get air time for your arguments. That RFC's focus is o= n > encouraging the IETF community to consider the impacts of its actions > elsewhere. The only place it privileges those already active here is when > it talks about civil society organisations' ability to act as a channel f= or > engaging the broader Internet community. I don't believe you're acting in > that capacity here. > > > > I.e., your arguments should stand on their own -- invoking 8890 doesn't > reinforce them. > > > > Now, regarding the draft -- draft-campling-ech-deployment-consideration= s > seems to assume that the *only* viable way to scan for viruses, impose > parental controls, or control access to resources is by having a network > element impose it without coordination. Your draft supports this by notin= g > that transparent proxies are used because they're easier to administer th= an > on-endpoint software -- a viewpoint which privileges administrator > convenience and cost over user safety, and ignores other options. > > No hat - > > Are there more options than Safe Browsing and endpoint solutions? There > are DNS based solutions, but if DoH forces you to go to a dedicated DNS > server you don=E2=80=99t get that filtering. It=E2=80=99s more helpful if= the alternative > options are spelled out as well as how solutions are used. Closing a > security gap before other solutions are viable or in place will only > exacerbate the very real problems faced by organizations and their users > experiencing attacks including random ware. > I think it's a mistake to locate the incompatibility with DNS-based filtering in DoH. Rather, it's a question of resolver selection. Specifically, the case of interest is the one where the client uses a different DNS server (DoH, DoT, or otherwise) than that proposed by the network. And that disagreement happens when the network does not have practical control over the client (because otherwise it can force the client to use its preferred server). IOW, I don't think the question is the technical means by which said filtering happens, but whether the network can unilaterally impose filtering on the client. -Ekr --0000000000001d4c0505dacb9e31 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Mar 22, 2022 at 2:24 AM Kathl= een Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
Mark,

Sent from my mobile device

> On Mar 21, 2022, at 10:17 PM, Mark Nottingham <mnot@mnot.net> wrote:
>
> =EF=BB=BFI'm not going to be at SECDISPATCH, so I'll make my c= omments here.
>
> First, a general comment. Andrew, you seem to be forming a habit of re= lying on 8890 to get air time for your arguments. That RFC's focus is o= n encouraging the IETF community to consider the impacts of its actions els= ewhere. The only place it privileges those already active here is when it t= alks about civil society organisations' ability to act as a channel for= engaging the broader Internet community. I don't believe you're ac= ting in that capacity here.
>
> I.e., your arguments should stand on their own -- invoking 8890 doesn&= #39;t reinforce them.
>
> Now, regarding the draft -- draft-campling-ech-deployment-consideratio= ns seems to assume that the *only* viable way to scan for viruses, impose p= arental controls, or control access to resources is by having a network ele= ment impose it without coordination. Your draft supports this by noting tha= t transparent proxies are used because they're easier to administer tha= n on-endpoint software -- a viewpoint which privileges administrator conven= ience and cost over user safety,=C2=A0 and ignores other options.

No hat -

Are there more options than Safe Browsing and endpoint solutions? There are= DNS based solutions, but if DoH forces you to go to a dedicated DNS server= you don=E2=80=99t get that filtering. It=E2=80=99s more helpful if the alt= ernative options are spelled out as well as how solutions are used. Closing= a security gap before other solutions are viable or in place will only exa= cerbate the very real problems faced by organizations and their users exper= iencing attacks including random ware.

I think it's a mistak= e to locate the incompatibility with DNS-based filtering in DoH. Rather, it= 's a question of resolver selection.
Specifically, the case of interest is th= e one where the client uses a different DNS server (DoH, DoT, or otherwise)= than that proposed by the network. And that disagreement happens when the = network does not have practical control over the client (because otherwise = it can force the client to use its preferred server). IOW, I don't thin= k the question is the technical means by which said filtering happens, but = whether the network can unilaterally impose filtering on the client.

-Ekr

--0000000000001d4c0505dacb9e31-- From nobody Tue Mar 22 03:18:43 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB2183A0DDE for ; Tue, 22 Mar 2022 03:18:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQBrKzlZR2_e for ; Tue, 22 Mar 2022 03:18:33 -0700 (PDT) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20095.outbound.protection.outlook.com [40.107.2.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 481053A11CA for ; Tue, 22 Mar 2022 03:17:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vhi/4fSeHvL7tN3JS0fPCg75PoV/g6i5sY1T8+/MBhDNh+x25oeP0FVSMmGi4bxvtprjj8Fvg62yflLN2jvQ4lN/QGqwtop7XbPr2BsftTIeZKBU15DBcRv7wzvTtaTBrh27phU3al4riMxoxhx/U+LaxbDvxviWjV3JYpRHl5Xus6/yueOFfIUdEH2GgvR7BE1UTV7mtnf8Ly5zPIvZu8ykP/rvZurF6CkBfglLFfr9CnVvnaSJzNqZrNXbqRRDM8zsETpAKoFuZO1Bx+h4u7dxk8ASehLSl4aQNCxwR261rSCp5v0unPQrD4aglYUThzrjI65NsvYvdAjaSpxPNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eX86/5qEiw2WnRTf2oy/Wntr1SgcpC8a6k2Qu6VE6CI=; b=gmGYpPadSNdcJ7QVf1PxQPm8tC5ZkyfXKWLaVGLSRgOPIbk7WrnjB9lYi8bUnAOAZ5xOpfI26HY+WJHlkSVFoRhQWAEBDnE7fPm/ZS1JkM4E0ziL24xAdD75MeD+85hp+rQC4/rgizOqD9mpNs2t3jcXC1GXOHHzEr0hdvTekjm5zTDYT7+e2vXscK8n5VjAAt4BIlxR0JtlJgCATmaJmLOQFsppQ3zLw5BVRTj75w62ktCqG+XqqUPK761cQIKI04lDySZTmZQ7JjQMpl0M992mZrFAE4OZJ32G8z9Tyja/R+TPFPvz03zE19NrAaNKglv28NbHxuDNPAz0pOHvYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eX86/5qEiw2WnRTf2oy/Wntr1SgcpC8a6k2Qu6VE6CI=; b=le1nLJ5nva57Z2ns6RZoZxEDIzsgH7pyf8dRAVhHDVSfZf3jHhQQUneP3MsLFV12uFJ5Ps8HAbd+pT+B/OLIJHNqPx0GBNSAAQVb4EPCeneSofUtF3ap0Q2qHnhQFGREcxV6o0dq0KMzNv6dmkOvzGFR4/gGvKFPWcr+jebGLjfzhha7/4Yriwl9rRdqMdCeyxWsbqlHaw1Bv2tfWTJonkeo8MVhPTcfO/3jzdjccwCY6yYItuNzSAV1QMsrkHaVn5UvBCVi1reAX62XenJGVlx5YvSvULYyRWUvGZ7Lz6hZOMdkc3n+KqS63om2bMXUALP87G0iJYVXtHHQIASHGA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie; Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB5291.eurprd02.prod.outlook.com (2603:10a6:10:7f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Tue, 22 Mar 2022 10:17:23 +0000 Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::e5fd:1d0a:4eac:a711]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::e5fd:1d0a:4eac:a711%5]) with mapi id 15.20.5081.023; Tue, 22 Mar 2022 10:17:23 +0000 Message-ID: <3627e843-712f-f572-8c11-be6afbc3fc73@cs.tcd.ie> Date: Tue, 22 Mar 2022 10:17:19 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Content-Language: en-US To: "secdispatch@ietf.org" References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> From: Stephen Farrell In-Reply-To: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------Ak2PCPU0BSjFZaECtDjr1k50" X-ClientProxiedBy: AS9PR06CA0346.eurprd06.prod.outlook.com (2603:10a6:20b:466::21) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fed56c68-7bae-46d4-6e91-08da0bed2784 X-MS-TrafficTypeDiagnostic: DB7PR02MB5291:EE_ X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-Microsoft-Antispam-PRVS: X-TCD-Routed-via-EOP: Routed via EOP X-TCD-ROUTED: Passed-Transport-Routing-Rules X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iU0tVFAiPACJII0AfxOnvJtFMdw0YH1xKONu3qCJ7t9mM4cN5F7MDNfccwNl9xGJtsLEDsXgL9+8/6uTFS1qKd+M5O96yLz5Q4PKM56MZ7/fTgJ37yvxbWKdF3YdGUi2xyGmLmGMkhVKSN3G+FsbNISIoaka4Hx5sS+tACHhaCf9F7itwM6My31mu8b3h4SJbgHVSo+Ny2h9uQ1UhOemTxkyAjLWkjCzyNWKy1NRUvOGPjcpLpWsam5tKxpbZyOHmpeHM/pX10fzjgq0AqLHnc+WuQzvj40OYE/xi/hgrnrDgbpIdt0OMBtdxKDKNaIraIVgzBy6vr+zfX6lwQfK32Je2RDEjo5eavdeLqKlaCyTvMwV24elY7CIS3UJ1cvGIUdPlm59t5arBXe6knM+eeHYVlreKIhC3idBiwkPjU8KOEBLG3KCI7y9L1IfORQcTq6AXXBEkgNSebaMYa6lpwbPNV9tAhWtrIYq4TS3YbP2xOsBb6rFLlNhdt24ZdVnSeorX/tr1cXZ+zi0zoySlbmGgzYMpmpLxqaN3OBpqkJc68Vgf3L9TGJgc7zsu/kEK3Vvv/ehNYINLPCHyUosMX06mEhZ6ooqBz6/HDT7QNjQ25vzZSRHgRDUWxXqAWNg6Mcp+mi+H41jXA0Q6GD0P8VspyQjwa0Z3oQnYjatNlMS75EFo44Bz/zVGNL9hiUf/siyUqPSwG3hgLtkcEM9Jzi1Kaw7ReU7YJ8x7aAYYVoh8L2ZuPO1z/DPxu0EZz4lZjmwQg+PMPJE90qbrOs2OuBt3jwMbBjw2ETXl6Ciq+bp3puWQWK9RlJhC1jBFAgd X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(6512007)(2616005)(6486002)(966005)(508600001)(44832011)(5660300002)(235185007)(83380400001)(6666004)(8676002)(6916009)(45080400002)(186003)(8936002)(86362001)(786003)(316002)(2906002)(36756003)(31696002)(6506007)(31686004)(53546011)(21480400003)(33964004)(66476007)(66574015)(66556008)(66946007)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZDEyVHhMQldMMXB5R0ZLdEFIdkU5a3JTQ2pTT0h5eDFxM1BCa29MOXMvTlBx?= =?utf-8?B?V1Bpa2NQKzk1ZWk0dDJMN2tUczhhNmtQR1lwVG9nTHdsYTBpRmVVTHhBc0FH?= =?utf-8?B?WWhhREQyVGFPdWZPVTEzd3VnUWl6LzR5YmtiR1VraTE4VUZGeElnSzFrY2dK?= =?utf-8?B?Q2NETE8rczNGeGYxeFBCVDAzWjFKRTVZWEcwNUNmeWtPT3U1K00rREZXSTg1?= =?utf-8?B?M1BuNHI1Q1BaTnE2cnp5WXpVMlBoSnE4Ukd2ekRwZWpjcEszdzJ6a2QwSGV4?= =?utf-8?B?c3pBbWZUMFY2dUlRd2p5Z0VDNVk0STVtTDJDZ3VyelkyN0ZSQ3h6REwrY1h3?= =?utf-8?B?QXZoV1pWOEdpRG5yK1dIa0hlckU4N043NitCdnhYSEpvVFJTckVZZysreTgx?= =?utf-8?B?UWw4OHV0ckt3TGhQamdrck5QSE93ZGFmay9aQm9HTGNETTVLYlVBc205a2Na?= =?utf-8?B?bVQ1VW1HdGdSVnd6Zy9rdTNockt3RFdFMFhvZ1NlazliNUVjQUZaeFY5b3lX?= =?utf-8?B?NmJ1TGxJZGJwaWovQUJIa2RPRVIzNTJqTVQ2N2hmNnluWEVsUm13dkgzOHFP?= =?utf-8?B?YnRHbnk2TnBFOCsyOFh6ODNKRjJwNXhjVXA2bzA0RTR2ZTVpYnRXYzE3YXd2?= =?utf-8?B?bXhBS0hLTWNFbEoydjB5aWhGREFld2pCaVo4K1Y0OGtaVzl1QTZKa2NyNVFT?= =?utf-8?B?T2tuNUs3SFkzNmlVOVMvWjJiaDVzVzVvVTBkdUlhRXFNM3hWbDVnUnBTNGd6?= =?utf-8?B?TXIzQ2FvSzZvQk81Ni9uaGpDcmQwRjhtSlBZTFNMQ01oT2R2Vm9hQ2xoeUly?= =?utf-8?B?NWNvemV4YmpwYStkZTQwSkJPNGVBK3l1WnRYTmhXSFNyTFM5UHhCdlJwN05C?= =?utf-8?B?TFpxS0FuekZlUjB3clJXWUhpRjI1azZYbXE5bTVjMkx6QjVEQmEzY0N0VmY3?= =?utf-8?B?V2FvWU1wbENWcUZ4WFkySnFUZWpid3dDKzR2TG1CR3NvcnN1NWlXMGZjcXVV?= =?utf-8?B?c1E0V3hoTHJrdXdFM2M5NVdlWGd5blpGVUFiQ2dBUElkV3Buemo0NkVGOEF6?= =?utf-8?B?bldWOGRLLzJOY3hubGZPUVNmYUE2b3RUVFdRNjF0Z0VsL0o2alZYN3o4WDJk?= =?utf-8?B?WEdmQVFlYXE5MXB1eFU3YWU4SVZFeFh2YjY0WVI3S0RMY0k5VXBBRXBrZitK?= =?utf-8?B?ZzQ4bHFnV0JkMWN6aXZ0YWJ2NnZabXJ5UEdEa0pscGtpbnR4NFRiSEJabitZ?= =?utf-8?B?RjAxd3Qrek1jZmJob0Y0SVBvZWZoNUF0NjRtN3cwQnI5OHNpVlQyM1BHMmhl?= =?utf-8?B?K3M5VE5Ud1ZHVlRhQlkzdFNQczdpOThlU1lQeDZPM3JsTWJFdTYraHB5RVlW?= =?utf-8?B?Zkh6T1lGcTVkbEtxRVg1Q2dvbGJuUVJvOXZpWFpOdGhPeWRrTkNieFZUdHZn?= =?utf-8?B?eTJ5MUI4akYrY2JHbVVNUnh0L0owWENwVkRjWjJUcDE4S3VuUG5XMEgySmNz?= =?utf-8?B?bUplVDhwK2pWQVk3cWxnWTZSTHNLamRmVnJETWlQUjQ4QldTNW1MSmZxbTgx?= =?utf-8?B?cVVTT1lZTEtOYmJ4dUs1TXlxNUxWTkpqQnhiMk9XY1Vqb3pHRmYwcHh0VEpi?= =?utf-8?B?ZzFwMmhiUzJnVXY2TEN0dG9lMnVGbmtCWktCVHdFTEpLSGJjQW9tQ0pWaHMz?= =?utf-8?B?Z0JOYWt3eWZRSWhVTU8rK0h0cnNJWDUxaVhpTDVTR1JYWDlPSUV3UC9rOXUw?= =?utf-8?B?UG5JQm9hSGJmZjFLczdLMndTdXdtN0I2RXBGdDRQUlFEcDMxTis3Z3FLdFRm?= =?utf-8?B?L3haZWJxeWJZZkdwR1JlKzdlSWZsck82S3ZZb1VxN0IwMWpic1JRS2d6WnZr?= =?utf-8?B?Wk1IUWVkU1pXaVV4cEJ2VTUwbHBiZmVVTVBNUTRCU21uY0I4Z3hxZjkzbFdU?= =?utf-8?B?NjFNakZuTC9UeFBJbGMwalNKdDZhQjFsS25VTTFrZ2lsTmx3ZGlIaUFwdDVF?= =?utf-8?B?aERNUXNEQlhMUmJpYkZWSHc0WE5uRDN5cm13Q0F2UXNjeGsxbnZ4VFVGY3Fu?= =?utf-8?Q?KiRylt?= X-OriginatorOrg: cs.tcd.ie X-MS-Exchange-CrossTenant-Network-Message-Id: fed56c68-7bae-46d4-6e91-08da0bed2784 X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 10:17:22.7772 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XF8uKEwjP22WvWj2Vok3Xw1P0YIFoUClFpEL50ancDr/bI18Zv4SdCiWuEw6cCTi X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB5291 Archived-At: Subject: [Secdispatch] dispatching draft-campling-ech-deployment-considerations (was: Re: Request for a slot at the Secdispatch IETF 113 Session) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 10:18:39 -0000 --------------Ak2PCPU0BSjFZaECtDjr1k50 Content-Type: multipart/mixed; boundary="------------zE5w9OaXqMfyiG9g0i10PSE6"; protected-headers="v1" From: Stephen Farrell To: "secdispatch@ietf.org" Message-ID: <3627e843-712f-f572-8c11-be6afbc3fc73@cs.tcd.ie> Subject: dispatching draft-campling-ech-deployment-considerations (was: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session) References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> In-Reply-To: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> --------------zE5w9OaXqMfyiG9g0i10PSE6 Content-Type: multipart/mixed; boundary="------------9eysWuxwisy5zDp8yTNhuvv0" --------------9eysWuxwisy5zDp8yTNhuvv0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpIaXlhLA0KDQpNeSAocHJvYmFibHkgdW5zdXJwcmlzaW5nKSB0YWtlIG9uIGRyYWZ0LWNh bXBsaW5nLWVjaC0NCmRlcGxveW1lbnQtY29uc2lkZXJhdGlvbnMgaXMgdGhhdCBpdCB3b3Vs ZCBiZSBiZXR0ZXIgaWYNCnRoaXMgZHJhZnQgbm90IHByb2dyZXNzIG5vciBiZSBkaXNwYXRj aGVkIGFueXdoZXJlLg0KDQpJJ2QgbGlrZSB0byBzZWNvbmQgTWFyaydzIHdlbGwtc3RhdGVk IHBvc2l0aW9uIGJlbG93Lg0KDQpJbiBhZGRpdGlvbjoNCg0KLSBhcyBzb21lb25lIHdobyBo YXMgZGVwbG95ZWQgdGVzdCBzZXJ2ZXJzIHRoYXQgc3VwcG9ydCBFQ0gsDQpJIGZpbmQgdGhl IGRvY3VtZW50IHRpdGxlIG1pc2xlYWRpbmcuIFRoZSBpbnRlbnQgc2VlbXMgbW9yZQ0KbGlr ZSAiRUNIIGNvbnNpZGVyZWQgZGFuZ2Vyb3VzIiAtIGlmIHRoYXQgaXMgdGhlIGNhc2UgdGhl biBJDQp0aGluayBpdCdkIGJlIGJldHRlciB0byBiZSBjbGVhciBhYm91dCB0aGF0Lg0KDQot IHRoZSBkcmFmdCBvdmVyYWxsIHNlZW1zIGxpa2UgYW4gYXR0ZW1wdCB0byBzZWNvbmQtZ3Vl c3MNClJGQzg3NDQsIHdoaWNoIGlzIGEgcmVjZW50ICgyMDIwKSBJRVRGIGNvbnNlbnN1cyBk b2N1bWVudC4gSQ0KZG9uJ3QgdGhpbmsgImRpc3BhdGNoIiBwcm9jZXNzZXMgd2VyZSBpbnRl bmRlZCBmb3IsIG5vcg0Kc3VpdCwgaGFuZGxpbmcgc3VjaCBlZmZvcnRzIHRvIG92ZXJ0dXJu IGFuIGV4aXN0aW5nIGNvbnNlbnN1cw0KcG9zaXRpb24uDQoNCi0gaXQgbWlnaHQgYmUgaW50 ZXJlc3RpbmcgdG8gY29uc2lkZXIgd2hldGhlciBvciBub3QgIlRoZQ0KZGF0YSBlbmNhcHN1 bGF0ZWQgYnkgRUNIIGlzIG9mIGxlZ2l0aW1hdGUgaW50ZXJlc3QgdG8gb24tcGF0aA0Kc2Vj dXJpdHkgYWN0b3JzLi4uIiBpcyBhIHJlYXNvbmFibGUgcHJvcG9zaXRpb24uIEdpdmVuIHRo YXQNCnRoZSBTTkkgZXh0ZW5zaW9uIHRvIHRoZSBUTFMgQ2xpZW50SGVsbG8gd2FzIG5vdCBk ZXNpZ25lZA0Kd2l0aCBzdWNoIGFjdG9ycyBpbiBtaW5kLCB0aGF0IHByb3Bvc2l0aW9uIHNl ZW1zIHRvIGltcGx5DQp0aGF0IGFueXRoaW5nIHZpc2libGUgdG8gb24tcGF0aCBhY3RvcnMg aXMgb2YgImxlZ2l0aW1hdGUNCmludGVyZXN0IiB0byBhbnkgb24tcGF0aCBhY3Rvci4gV2hp bGUgSSdtIHVuc3VyZSBpZiB0aGUNCnBocmFzZSAibGVnaXRpbWF0ZSBpbnRlcmVzdCIgaGFz IHNvbWUgc3BlY2lmaWMgbGVnYWwgbWVhbmluZywNCkknZCBiZSB2ZXJ5IHN1cnByaXNlZCBp ZiB0aGF0IHByb3Bvc2l0aW9uIChhcyBhIGdlbmVyYWwNCnRoaW5nKSB3ZXJlIGNvbnNpc3Rl bnQgd2l0aCByZWd1bGF0b3J5IHJlZ2ltZXMgbGlrZSB0aGUgR0RQUi4NCg0KLSBzZWN0aW9u IDM6IEkgd29yayBpbiB0aGUgImVkdWNhdGlvbiBzZWN0b3IiIGFuZCBteSBlbXBsb3llcg0K ZG9lcyBub3Qgc3VmZmVyIGZyb20gYW55IG9mIHRoZSBpc3N1ZXMgbWVudGlvbmVkIGluIHRo aXMNCnNlY3Rpb24uDQoNCkNoZWVycywNClMuDQoNCk9uIDIyLzAzLzIwMjIgMDI6MTcsIE1h cmsgTm90dGluZ2hhbSB3cm90ZToNCj4gSSdtIG5vdCBnb2luZyB0byBiZSBhdCBTRUNESVNQ QVRDSCwgc28gSSdsbCBtYWtlIG15IGNvbW1lbnRzIGhlcmUuDQo+IA0KPiBGaXJzdCwgYSBn ZW5lcmFsIGNvbW1lbnQuIEFuZHJldywgeW91IHNlZW0gdG8gYmUgZm9ybWluZyBhIGhhYml0 IG9mIHJlbHlpbmcgb24gODg5MCB0byBnZXQgYWlyIHRpbWUgZm9yIHlvdXIgYXJndW1lbnRz LiBUaGF0IFJGQydzIGZvY3VzIGlzIG9uIGVuY291cmFnaW5nIHRoZSBJRVRGIGNvbW11bml0 eSB0byBjb25zaWRlciB0aGUgaW1wYWN0cyBvZiBpdHMgYWN0aW9ucyBlbHNld2hlcmUuIFRo ZSBvbmx5IHBsYWNlIGl0IHByaXZpbGVnZXMgdGhvc2UgYWxyZWFkeSBhY3RpdmUgaGVyZSBp cyB3aGVuIGl0IHRhbGtzIGFib3V0IGNpdmlsIHNvY2lldHkgb3JnYW5pc2F0aW9ucycgYWJp bGl0eSB0byBhY3QgYXMgYSBjaGFubmVsIGZvciBlbmdhZ2luZyB0aGUgYnJvYWRlciBJbnRl cm5ldCBjb21tdW5pdHkuIEkgZG9uJ3QgYmVsaWV2ZSB5b3UncmUgYWN0aW5nIGluIHRoYXQg Y2FwYWNpdHkgaGVyZS4NCj4gDQo+IEkuZS4sIHlvdXIgYXJndW1lbnRzIHNob3VsZCBzdGFu ZCBvbiB0aGVpciBvd24gLS0gaW52b2tpbmcgODg5MCBkb2Vzbid0IHJlaW5mb3JjZSB0aGVt Lg0KPiANCj4gTm93LCByZWdhcmRpbmcgdGhlIGRyYWZ0IC0tIGRyYWZ0LWNhbXBsaW5nLWVj aC1kZXBsb3ltZW50LWNvbnNpZGVyYXRpb25zIHNlZW1zIHRvIGFzc3VtZSB0aGF0IHRoZSAq b25seSogdmlhYmxlIHdheSB0byBzY2FuIGZvciB2aXJ1c2VzLCBpbXBvc2UgcGFyZW50YWwg Y29udHJvbHMsIG9yIGNvbnRyb2wgYWNjZXNzIHRvIHJlc291cmNlcyBpcyBieSBoYXZpbmcg YSBuZXR3b3JrIGVsZW1lbnQgaW1wb3NlIGl0IHdpdGhvdXQgY29vcmRpbmF0aW9uLiBZb3Vy IGRyYWZ0IHN1cHBvcnRzIHRoaXMgYnkgbm90aW5nIHRoYXQgdHJhbnNwYXJlbnQgcHJveGll cyBhcmUgdXNlZCBiZWNhdXNlIHRoZXkncmUgZWFzaWVyIHRvIGFkbWluaXN0ZXIgdGhhbiBv bi1lbmRwb2ludCBzb2Z0d2FyZSAtLSBhIHZpZXdwb2ludCB3aGljaCBwcml2aWxlZ2VzIGFk bWluaXN0cmF0b3IgY29udmVuaWVuY2UgYW5kIGNvc3Qgb3ZlciB1c2VyIHNhZmV0eSwgIGFu ZCBpZ25vcmVzIG90aGVyIG9wdGlvbnMuDQo+IA0KPiBUaGUgdW5kZXJseWluZyBwcm9ibGVt IGlzIHRoYXQgc3VjaCAidHJhbnNwYXJlbnQgcHJveHkiIHNlcnZpY2VzIGFyZSB1bmF1dGhl bnRpY2F0ZWQgLS0gdGhleSByZWx5IG9uIHRoZSB1c2VyIHVuZGVyc3RhbmRpbmcgdGhhdCB0 aGUgbmV0d29yayBpcyBnb2luZyB0byBwZXJmb3JtIHRoZXNlIHNlcnZpY2VzLCBhbmQgYWNj ZXB0aW5nIHRoZWlyIGltcG9zaXRpb24uIFRoZXkncmUgYWxzbyBkaXNwcm9wb3J0aW9uYXRl LCBnaXZpbmcgY29tcGxldGUgYWNjZXNzIHRvIGFsbCBkYXRhIGZsb3dzIGFuZCBjYXBhYmls aXRpZXMgb24gdGhlIGNvbm5lY3Rpb24uDQo+IA0KPiBQZXJmb3JtaW5nIHRoZXNlIHRhc2tz IGluIHRoaXMgZmFzaGlvbiBhbGxvd3Mgbm90IG9ubHkgbGVnaXRpbWF0ZSBhdXRob3JpdGll cyB0byBpbXBvc2UgdGhlbSwgYnV0IGFsc28gaWxsZWdpdGltYXRlIGF0dGFja2Vycy4gQXMg c3VjaCwgdGhleSdyZSBpbmFwcHJvcHJpYXRlIGZvciBkZXBsb3ltZW50IG9uIHRoZSBJbnRl cm5ldCwgYW5kIHRoYXQncyB3aHkgd2UncmUgc2VlaW5nIGVmZm9ydHMgbGlrZSBFQ0ggLS0g dXNlIG9mIHRoaXMgZGF0YSBhbmQgdGhlIGFzc29jaWF0ZWQgY29udHJvbCBjaGFubmVsIHdp dGhvdXQgZXhwbGljaXQgdXNlciBhdXRob3Jpc2F0aW9uIGlzIG5vdCAicGVybWlzc2lvbmxl c3MgaW5ub3ZhdGlvbiIgKGFzIHlvdXIgZHJhZnQgc3RhdGVzKSwgaXQncyBhbiBvcGVuIGRv b3IgdG8gYWJ1c2UuIFB1dCBibHVudGx5LCB5b3UgKGFzIGEgbmV0d29yayBvcGVyYXRvcikg ZG9uJ3QgaGF2ZSBhIHJpZ2h0IHRvICJpbm5vdmF0ZSIgd2l0aCBteSBkYXRhIChhcyBhIHVz ZXIpIC0tIGVzcGVjaWFsbHkgd2l0aG91dCBteSBwZXJtaXNzaW9uLg0KPiANCj4gVGhpcyBk b2Vzbid0IHJlZHVjZSB0aGUgdXJnZW5jeSBvZiBtZWV0aW5nIHRob3NlIGdvYWxzIGZvciBz b21lIHVzZXJzLCBidXQgaXQgZG9lcyBtZWFuIHRoYXQgdGhleSBuZWVkIHRvIGJlIG1ldCB3 aXRob3V0IGVuZGFuZ2VyaW5nIHNlY3VyaXR5IGFuZCBwcml2YWN5IGZvciBhbGwgdXNlcnMg b24gdGhlIEludGVybmV0LCBldmVuIGlmIHRoYXQgaGFzIGhpc3RvcmljYWxseSBiZWVuIHRo ZSBwYXRoIG9mIGxlYXN0IHJlc2lzdGFuY2UuDQo+IA0KPiBJdCBhbHNvIGRvZXNuJ3QgbWVh biB0aGF0IHRoZSBwYXRoIGZvcndhcmQgd2lsbCBiZSBlYXN5LiBXaGF0J3MgcmVxdWlyZWQg aXMgYSBkaXNjdXNzaW9uIGFuZCBpbXBsZW1lbnRhdGlvbiBvZiBpbnRlcmZhY2VzIGZvciBv ZmZsb2FkaW5nIHRoZXNlIGZ1bmN0aW9ucyBmcm9tIG9wZXJhdGluZyBzeXN0ZW1zLCBhcHBs aWNhdGlvbnMsIGFuZCBJb1QgZGV2aWNlcyAtLSBwb3RlbnRpYWxseSB0byBzb21ld2hlcmUg ZWxzZSBvbiB0aGUgbmV0d29yayAtLSBpbiBhIHdheSB0aGF0IG1haW50YWlucyB1c2Vycycg YXV0b25vbXksIHByaXZhY3ksIGFuZCBzZWN1cml0eSwgYW5kIGluIGEgcHJvcG9ydGlvbmFs IHdheSAoaS5lLiwgb25seSBhcyBtdWNoIGFjY2VzcyB0byBkYXRhIGFzIHJlcXVpcmVkIHRv IGZ1bGZpbCB0aGUgdGFzaykuIFRoYXQgaXMgZGlmZmljdWx0IG5vdCBvbmx5IGJlY2F1c2Ug b2YgdGhlIGluaGVyZW50IHVzZXIgaW50ZXJmYWNlIHN1YnRsZXRpZXMgYW5kIHBvdGVudGlh bCBmb3IgYWJ1c2UvaGlqYWNraW5nLCBidXQgYWxzbyBiZWNhdXNlIHRoZXJlIGlzIGxpdHRs ZSBjdXJyZW50IGNvb3JkaW5hdGlvbiBvciBjb252ZXJnZW5jZSBhdCB0aGF0IGxheWVyLg0K PiANCj4gVGhlIElFVEYgaGFzIGEgdmVyeSBjbGVhciByZXNwb25zaWJpbGl0eSB0byBhc3N1 cmUgdGhhdCB0aGUgcHJvdG9jb2xzIGl0IHNoaXBzIGFyZSBzZWN1cmUgLS0gaGVuY2UsIEVD SC4gSXQgKmNvdWxkKiBoYXZlIGEgcm9sZSB0byBwbGF5IGluIHJlc3BvbnNpYmx5IG9mZmxv YWRpbmcgdGhlc2UgZnVuY3Rpb25zLCBlc3BlY2lhbGx5IHdoZXJlIHRoZSB3b3JrIGludGVy c2VjdHMgcHJvdG9jb2wgZGVzaWduLiBUaGVyZSBpcyBhbHNvIG90aGVyIHdvcmsgdG8gYmUg ZG9uZSB0aGF0J3Mgc3F1YXJlbHkgb3V0c2lkZSBvdXIgc2NvcGUuIEknZCBzdWdnZXN0IHRo YXQgeW91IGFuZCB5b3VyIGNvLWF1dGhvcnMgZm9jdXMgb24gYXNzaXN0aW5nIHRob3NlIHBv c2l0aXZlLCBmb3J3YXJkLWxvb2tpbmcgZWZmb3J0cyByYXRoZXIgdGhhbiB0cnlpbmcgdG8g c3RvcCBFQ0ggZGVwbG95bWVudC4NCj4gDQo+IENoZWVycywNCj4gDQo+IA0KPj4gT24gMTcg TWFyIDIwMjIsIGF0IDc6MzggcG0sIEFuZHJldyBDYW1wbGluZyA8YW5kcmV3LmNhbXBsaW5n QDQxOS5jb25zdWx0aW5nPiB3cm90ZToNCj4+DQo+PiBIaSBEYXZpZA0KPj4gVGhhbmsgeW91 IGZvciB5b3VyIGludGVyZXN0IGluIHRoZSBkcmFmdC4gIFlvdeKAmXJlIHJpZ2h0IHRvIGhp Z2hsaWdodCB0aGUgYmVuZWZpdCBvZiBwcml2YWN5IGJ1dCwgYXMgeW91IHdpbGwgc2VlIHdo ZW4geW91IHJlYWQgdGhlIGRyYWZ0LCB3ZSBoaWdobGlnaHQgYSByYW5nZSBvZiBpc3N1ZXMg dGhhdCBjYW4gcmVhc29uYWJseSBiZSBjb25zaWRlcmVkIGFzIGJlaW5nIGluIHRoZSBpbnRl cmVzdCBvZiBlbmQgdXNlcnMgc3VjaCBhcyBzZWN1cml0eSwgY29zdCBhbmQgY29tcGxleGl0 eS4NCj4+DQo+PiBGb2N1c2luZyBzcGVjaWZpY2FsbHkgb24gcHJpdmFjeSwgaXQgaXMgb2Yg Y291cnNlIG1vcmUgY29tcGxleCB0aGFuIGVuY3J5cHRpb24uICBGb3IgZXhhbXBsZSwgYXMg bm90ZWQgaW4gdGhlIGRyYWZ0LCBieSByZW1vdmluZyBhbiBpbmRpY2F0b3Igb2YgY29tcHJv bWlzZSAodGhlIFNOSSBkYXRhKSwgYSB1c2VyIG1heSBiZSBhdCBncmVhdGVyIHJpc2sgb2Yg YXR0YWNrIGZyb20gbWFsaWNpb3VzIGNvbnRlbnQgb3Igc2ltcGx5IGJ5IHN1cnZlaWxsYW5j ZSBieSBiYWRseSBiZWhhdmVkIGNsaWVudCBzb2Z0d2FyZS4NCj4+DQo+PiBSRkMgODg5MCBo aWdobGlnaHRzIHRoZSBpbXBvcnRhbmNlIG9mIG11bHRpc3Rha2Vob2xkZXIgaW5wdXQgaW4g b3JkZXIgdG8gdW5kZXJzdGFuZCB0aGUgcG90ZW50aWFsIHRyYWRlLW9mZnMgYmV0d2VlbiBj b21wZXRpbmcgZmFjdG9ycyB0aGF0IG1heSBpbXBhY3QgZW5kIHVzZXJzLiAgVGhpcyBpcyBh biBpbnN0YW5jZSB3aGVyZSBzdWNoIGVuZ2FnZW1lbnQgd291bGQgYmUgYmVuZWZpY2lhbCBh cyBpdCB3aWxsIG5vIGRvdWJ0IGhpZ2hsaWdodCBvdGhlciBjb25zaWRlcmF0aW9ucyB0byB0 YWtlIGludG8gYWNjb3VudC4NCj4+DQo+PiBBcyB5b3UgY29uY2x1ZGUsIGxldOKAmXMgZGlz Y3VzcyBpdCBhdCBTZWNkaXNwYXRjaCBidXQgSSBiZWxpZXZlIHRoYXQgZGViYXRlIHdpbGwg YmUgbW9yZSB1c2VmdWwgaWYgd2UgYXZvaWQgdXNpbmcgc3VjaCBhIG5hcnJvdyBpbnRlcnBy ZXRhdGlvbiBvZiBlbmQgdXNlcnMnIGludGVyZXN0cy4NCj4+DQo+PiBBbmRyZXcNCj4+ICAg DQo+PiBGcm9tOiBEYXZpZCBTY2hpbmF6aSA8ZHNjaGluYXppLmlldGZAZ21haWwuY29tPg0K Pj4gU2VudDogVGh1cnNkYXksIE1hcmNoIDE3LCAyMDIyIDE6MDEgYW0NCj4+IFRvOiBBbmRy ZXcgQ2FtcGxpbmcgPGFuZHJldy5jYW1wbGluZ0A0MTkuY29uc3VsdGluZz4NCj4+IENjOiBz ZWNkaXNwYXRjaEBpZXRmLm9yZyA8c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+DQo+PiBTdWJqZWN0 OiBSZTogW1NlY2Rpc3BhdGNoXSBSZXF1ZXN0IGZvciBhIHNsb3QgYXQgdGhlIFNlY2Rpc3Bh dGNoIElFVEYgMTEzIFNlc3Npb24NCj4+ICAgDQo+PiBIaSBBbmRyZXcsDQo+Pg0KPj4gKEkn bSB3cml0aW5nIGFzIGFuIElBQiBtZW1iZXIsIGJ1dCBub3QgcmVwcmVzZW50aW5nIHRoZSBJ QUIpDQo+Pg0KPj4gWW91ciB1bmRlcnN0YW5kaW5nIG9mIElBQiBkb2N1bWVudCBSRkMgODg5 MCBpcyBpbmNvcnJlY3QuIEVuY3J5cHRpbmcgdGhlIFRMUyBDbGllbnQgSGVsbG8gaXMgcGVy Zm9ybWVkIHRvIHByb3RlY3QgZW5kIHVzZXJzLiBJbiBwYXJ0aWN1bGFyLCBpdCBpcyBhbiBl eGFtcGxlIG9mIFNlY3Rpb24gNC4yICJDcmVhdGluZyBVc2VyLUZvY3VzZWQgU3lzdGVtcyIg YXMgaXQgYnJpbmdzIGNvbnRyb2wgb3ZlciBpbmZvcm1hdGlvbiBzaGFyaW5nIGNsb3NlciB0 byB0aGUgZW5kIHVzZXJzLiBBZGRpdGlvbmFsbHksIEVDSCB3YXMgdGhlIHByb2R1Y3Qgb2Yg U2VjdGlvbiA0LjMgIklkZW50aWZ5aW5nIE5lZ2F0aXZlIEVuZC1Vc2VyIEltcGFjdCIgYXMg d2UgaGF2ZSBzZWVuIGFidXNlIG9mIHVzZXIgaW5mb3JtYXRpb24gY2F1c2VkIGJ5IG5ldHdv cmtzIG9ic2VydmluZyB0aGUgU05JLiBUaGF0IHNlY3Rpb24gYWRkaXRpb25hbGx5IHJlZmVy ZW5jZXMgUkZDcyA3MjU4IGFuZCA3NjI0IHdoaWNoIGNsZWFybHkgbGF5IG91dCB0aGUgZGFu Z2VycyBvZiBjbGVhcnRleHQgaW5mb3JtYXRpb24gYW5kIHRoZSB1c2VyIGJlbmVmaXQgb2Yg ZW5jcnlwdGlvbi4gSWYgeW91J2QgbGlrZSBtb3JlIGluZm9ybWF0aW9uIG9uIHRoZSBJQUIn cyBwb3NpdGlvbiBvbiB0aGlzIHRvcGljLCB3ZSBhbHNvIHJlbGVhc2VkIHRoZSBmb2xsb3dp bmcgc3RhdGVtZW50OiA8aHR0cHM6Ly93d3cuaWFiLm9yZy8yMDE0LzExLzE0L2lhYi1zdGF0 ZW1lbnQtb24taW50ZXJuZXQtY29uZmlkZW50aWFsaXR5Lz4uDQo+Pg0KPj4gWW91J3JlIHdl bGNvbWUgdG8gcmFpc2UgeW91ciBjb25jZXJucyBhYm91dCBFQ0gsIGJ1dCB0aGV5IGFyZSBp biB0aGUgb3Bwb3NpdGUgb2YgdGhlIHNwaXJpdCBvZiBSRkMgODg5MC4gTGV0J3MgZGlzY3Vz cyB5b3VyIGRyYWZ0IGF0IHNlY2Rpc3BhdGNoLCBidXQgSSBjYW4ndCBpbWFnaW5lIGl0IHBy b2dyZXNzaW5nIHdpdGggc3VjaCBhIGNsZWFyIG1pc3VuZGVyc3RhbmRpbmcgb2YgUkZDIDg4 OTAuDQo+Pg0KPj4gVGhhbmtzLA0KPj4gRGF2aWQNCj4+DQo+PiBPbiBXZWQsIE1hciAxNiwg MjAyMiBhdCA5OjE1IEFNIEFuZHJldyBDYW1wbGluZyA8YW5kcmV3LmNhbXBsaW5nQDQxOS5j b25zdWx0aW5nPiB3cm90ZToNCj4+IEkgd291bGQgbGlrZSB0byByZXF1ZXN0IHNvbWUgdGlt ZSB0byBkaXNwYXRjaCBkcmFmdC1jYW1wbGluZy1lY2gtZGVwbG95bWVudC1jb25zaWRlcmF0 aW9ucyBhdCBJRVRGIDExMy4gIFRoZSBkcmFmdCBpcyBpbnRlbmRlZCB0byBpbmplY3QgYWRk aXRpb25hbCBkZXRhaWwgYWJvdXQgZGVwbG95bWVudCBjb25zaWRlcmF0aW9ucyByZWxhdGlu ZyB0byBFbmNyeXB0ZWQgQ2xpZW50IEhlbGxvIGJ5IGluY2x1ZGluZyBvYnNlcnZhdGlvbnMg b24gY3VycmVudCB1c2UgY2FzZXMgZm9yIFNOSSBkYXRhIGluIGEgdmFyaWV0eSBvZiBjb250 ZXh0cy4gIEluIHRoZSBzcGlyaXQgb2YgUkZDIDg4OTAsIHdlIGJlbGlldmUgdGhhdCBlbmQt dXNlciBuZWVkcyB0byBiZSB0YWtlbiBpbnRvIGFjY291bnQgaW4gcHJvdG9jb2wgZGV2ZWxv cG1lbnQgYW5kIHdlIGhvcGUgdGhhdCB0aGlzIGRvY3VtZW50IGlzIG9uZSBzbWFsbCBzdGVw IGluIHRoYXQgcHJvY2Vzcy4NCj4+ICAgDQo+PiAgIA0KPj4gQW5kcmV3DQo+PiAgIA0KPj4g ICANCj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQo+PiBTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNCj4+IFNlY2Rpc3BhdGNoQGlldGYub3Jn DQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNo DQo+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K Pj4gU2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0DQo+PiBTZWNkaXNwYXRjaEBpZXRmLm9yZw0K Pj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaA0K PiANCj4gLS0NCj4gTWFyayBOb3R0aW5naGFtICAgaHR0cHM6Ly93d3cubW5vdC5uZXQvDQo+ IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K PiBTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNCj4gU2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCj4g aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaA0K --------------9eysWuxwisy5zDp8yTNhuvv0 Content-Type: application/pgp-keys; name="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Disposition: attachment; filename="OpenPGP_0x5AB2FAF17B172BEA.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB zSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLvCwFwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1cLBcwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5wsDcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuzsFNBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3D40Nd -----END PGP PUBLIC KEY BLOCK----- --------------9eysWuxwisy5zDp8yTNhuvv0-- --------------zE5w9OaXqMfyiG9g0i10PSE6-- --------------Ak2PCPU0BSjFZaECtDjr1k50 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAmI5oi8FAwAAAAAACgkQWrL68XsXK+qc LQ/+JDYgYcj3oUtDI0I/2/s6gT4tN0FkU7GueSL1HrhQpAM7U2/9Plf/PSVc0ujbmdQ+rNF0bRd1 U6IK2mc+fMIJR0F1lfOFl9sDKTrmKDnMlXzA7fBmPNiF7yq1KYj6uly+98msG6/j+Ui6GzO6DEnv F3iWv0pdm1jNosjZ/Ch3xFoZIluKm+kObTYu2gC4vg11Xq5Nz0Cyj5vHRvvmy1mDa/Ku7aCweOos prBNbr+3iV0PHzkhKvMRdrSRmmqZJGecl6FgNRlsF4fwSbsxGN0dDvA2MCjK83sH9BFB8qKrQ8LT llPjiTZxw5BDBVI4V5L0J07zWMCF3/VNlM2fUlvbPQa9ukdCtYWrjIWHeF1hHPI4qfpAdyQ7ZAX1 2fumMu3tnYIOc6xMWCURS1G5FUoHAV24to45GYi2Dkel/rYVpFnM7kW0pXggwtadcnUhqqDMTxb6 8u7DF3oajOj94W3lSxk9J0Lk9KER8O2X/MKxLGCRCFH5y9y9Lk24p6srLsbu8sw/YlmRPzQzXLOv gZt6MfkdYlnyUMw1dGK7aYU8XxDSoWhmEF+a/mJXpiGPxOlqOAJeiY8lNOKH32ipvJfXnYdUEaMA Y+WKuryb0nSRTR+ooPEvbnVtPeh0nKLXFhZ2VnnOv2otRvElmB4n7JPeyWtbmFi1LZYx04n5Jy3w R48= =kEct -----END PGP SIGNATURE----- --------------Ak2PCPU0BSjFZaECtDjr1k50-- From nobody Tue Mar 22 03:18:57 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A88C3A0DDE for ; Tue, 22 Mar 2022 03:18:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.908 X-Spam-Level: X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBycFxi3fxqD for ; Tue, 22 Mar 2022 03:18:50 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D5853A0E50 for ; Tue, 22 Mar 2022 03:17:44 -0700 (PDT) Received: from dooku.sandelman.ca (dhcp-885d.meeting.ietf.org [31.133.136.93]) by relay.sandelman.ca (Postfix) with ESMTPS id 613BB1F458; Tue, 22 Mar 2022 10:17:41 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 83EB21A01C2; Tue, 22 Mar 2022 06:17:40 -0400 (EDT) From: Michael Richardson To: Mark Nottingham , Andrew Campling , David Schinazi , "secdispatch\@ietf.org" In-reply-to: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> References: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net> Comments: In-reply-to Mark Nottingham message dated "Tue, 22 Mar 2022 13:17:11 +1100." X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Date: Tue, 22 Mar 2022 11:17:40 +0100 Message-ID: <745349.1647944260@dooku> Archived-At: Subject: [Secdispatch] about draft-campling-ech-deployment-considerations (Re: Request for a slot at the Secdispatch IETF 113 Session) X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 10:18:56 -0000 --=-=-= Content-Type: text/plain {I wish the subject had been changed} I found Mark's explanation very very well worded, and so I clipped parts of it out (and top-quoted) below. I think that The Enterprise problem with TLS1.3 falls into this situation. They have, up to now, imposed terminating TLS proxies on their employees, without clearly informing them. The problem that they have is the rise of BYOD (and work from home, using my equipment, not theirs), and again the problem is imposition of an unauthenticated intermediary without permission. The argument against asking permission is that it is confusing for users. While that is partly a UI issue, it's also because many things are occuring which are not explicit. The whole HTTP-Authentication vs HTML-form-POST-authentication debate that we've come back to many times is an example of that. We haven't improved authentication in HTTP in a useful way, so we continue to have authentication occuring at the wrong layer. Mark Nottingham wrote: > The underlying problem is that such "transparent proxy" services are > unauthenticated -- they rely on the user understanding that the network > is going to perform these services, and accepting their > imposition. They're also disproportionate, giving complete access to > all data flows and capabilities on the connection. ... > Performing these tasks in this fashion allows not only legitimate > authorities to impose them, but also illegitimate attackers. As such, > they're inappropriate for deployment on the Internet, and that's why > we're seeing efforts like ECH -- use of this data and the associated > control channel without explicit user authorisation is not > "permissionless innovation" (as your draft states), it's an open door > to abuse. Put bluntly, you (as a network operator) don't have a right > to "innovate" with my data (as a user) -- especially without my > permission. ... > It also doesn't mean that the path forward will be easy. What's > required is a discussion and implementation of interfaces for > offloading these functions from operating systems, applications, and > IoT devices -- potentially to somewhere else on the network -- in a way > that maintains users' autonomy, privacy, and security, and in a > proportional way (i.e., only as much access to data as required to > fulfil the task). That is difficult not only because of the inherent > user interface subtleties and potential for abuse/hijacking, but also > because there is little current coordination or convergence at that > layer. > The IETF has a very clear responsibility to assure that the protocols > it ships are secure -- hence, ECH. It *could* have a role to play in > responsibly offloading these functions, especially where the work > intersects protocol design. There is also other work to be done that's > squarely outside our scope. I'd suggest that you and your co-authors > focus on assisting those positive, forward-looking efforts rather than > trying to stop ECH deployment. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEow/1qDVgAbWL2zxYcAKuwszYgEMFAmI5okQACgkQcAKuwszY gEMxDQv8CZVSlJupSV614IX4s2UouT2lVdQ4Ko7rCXzq32iKqqpYCNn5OhpJ4Ruc fsO+GfQ4h1u2OO/koMDgzfH1CKkcjr5uCWhX7YNVBn8eUPwabX+ORwRsnDA30GBv i3EhijcIU9UeflJfBDQv5vIHyXjeS233lyR2Qpj482IqzcDfMwkf/pvbQd9EQjmx mBvSNOJKYRFKIIPKnFNiI1lN045hP7l5Q5ppc7MZlRwrMK34wDLvqjB4rewi3zWF OfazD7aTcYf9ewhdvsVBHtgnOPaAeuiPB4xu4Izd1AN8cfMUHA5HtrN/41mBwiqX 6nqvBJ5y/NS91smcGuD6y8iimCNdDtjsuHJrEvuVSt6cToU8sEHh1VxV3qDXM7G9 Mh3OkRr6mUt5XJVk1UgsWdLC2VoTaMsZ5pRZYvdKW7AfXJp+ItOaBwGhEH5QoNkJ dwEphWgNSFUemPHbjGAnU/tzrlrhfkKk3Vj4n+4nvhMFvvp9SF/Bjon7euj6zm26 cSaW4zK1 =aHCV -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Mar 22 04:31:52 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EDA33A110C for ; Tue, 22 Mar 2022 04:31:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.906 X-Spam-Level: X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vxZJqUonsob1 for ; Tue, 22 Mar 2022 04:31:37 -0700 (PDT) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69C463A112A for ; Tue, 22 Mar 2022 04:31:16 -0700 (PDT) Received: by mail-qk1-x736.google.com with SMTP id k125so13749037qkf.0 for ; Tue, 22 Mar 2022 04:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dx36XK0Leu4BsDOewduCjJHLYPmbnHANJzqpgIW8ShE=; b=wSA9COxwGFF0tbblv6A6y0mhWat1BXJnvZNPuDeG2oDezVxJNBIMgGNxrd/PST3gej 5eycBuc9NxsDCoe+PQ//f65FiuHYwwJqp2DaXzF0YdrTFIplzLzTJ/V7em5w/Dt6Xzqp xzKo6Wi++63P37g5SSTrUJHphCTxlO9cdpcRSP42QBGRc21iK0MRv1duA2MJ/Vp9JvJh LxFrMYerUSz3O0wEIJ0dHOimSM2bdLl4pAN7HKdgESGGWkbASa8iSi4D6d80Pc0nVMdy d9Uo64lf09w/bsOmt580umwvmg3t6rijEZCMWy4wbPVW3UpD5DZCZuNwqHiSkjjuPH43 W+KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dx36XK0Leu4BsDOewduCjJHLYPmbnHANJzqpgIW8ShE=; b=AedKUJN+E/UfljDLrwnOHutMXVGNRqHkCXNoH4cNj6JaGGiem7gPGnRqQOAhpfKEm/ cLdPMiHDOKBlGlC6ztQWfULwt/Yt9UI24Xe9pglEFmnux/uw8pjMruMto3hSofPTzByY huyt4SN8clYFcDoM0ea+8dZPMrkUFenEX8EMLaQURdI2cGFfjbyXL+yDYBy/PUWpUSOb m438sOphezH3ZKh9u8h1eoD3Qor2YuW71hMP7yb+eVcHijLVTQl6GUnAMXkWg5+SLVxi 6ubnZVAnBzlvODbk6Gg/mW7wTXmAtuJohsYZb1mncI9cIixizfJZp8mmSDIX7Wt6ULc/ M3qw== X-Gm-Message-State: AOAM530e9AncpRu9GlTEyUEXMxa+0C+7IGCrb/TdRULsr9v9GHuQYgz+ 7KV9g8NkkRw+LQVnOjh8Tf/RawCq51dZ3k7H7WKP5A== X-Google-Smtp-Source: ABdhPJx6hfpq/SKk3r7rw/dKITfZPOdmPWjmVTQeQU1dAabiC1oLFge/c5/yJvy9JIXnK84nm7LEEw2sIMS9kxPyQUw= X-Received: by 2002:a37:a0ca:0:b0:67d:b628:6a4e with SMTP id j193-20020a37a0ca000000b0067db6286a4emr15174967qke.35.1647948675151; Tue, 22 Mar 2022 04:31:15 -0700 (PDT) MIME-Version: 1.0 References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> From: Richard Barnes Date: Tue, 22 Mar 2022 07:31:04 -0400 Message-ID: To: Henk Birkholz Cc: secdispatch@ietf.org, scitt@ietf.org Content-Type: multipart/alternative; boundary="000000000000640ced05daccf3d7" Archived-At: Subject: Re: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 11:31:45 -0000 --000000000000640ced05daccf3d7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi folks, It looks like at a high level, the approach here is along the same lines as what has been discussed as "Binary Transparency" elsewhere. There have been several stabs taken at this before. See, for example: https://www.sigstore.dev/ https://unmitigatedrisk.com/?tag=3Dbinary-transparency https://github.com/FreeBSDFoundation/binary-transparency-notes/blob/master/= debian.txt https://wiki.mozilla.org/Security/Binary_Transparency While these existing approaches do help validate that there is some interest in the field for what SCITT does, it's not clear how SCITT is different from / better than this prior art. --RLB On Wed, Mar 9, 2022 at 5:40 PM Henk Birkholz < henk.birkholz@sit.fraunhofer.de> wrote: > Hi secdispatch, > (hi scitt), > > emerging work on the topic of Supply Chain Integrity, Transparency, > Trust has taken some shape recently. > > The work combines existing IETF building blocks to facilitate useful > Internet-based support of global supply chain interoperability. > > Current contributions focus on the definition of Transparency Services > based on Internet technology (using CBOR/CDDL/COSE) to achieve > unambiguous, scaleable, and resilient integration with common devops and > secops requirements. > > I'd like to request secdispatch agenda time for two documents that are > currently submitted: > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ > > and > > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ > > These two contributions are in -00 state. Yet, they already address > essential requirements, such as, air-gapped validation when being > offline, integration of remote attestation, efficient and crypto-agile > signing prescriptions for out-of-the-box interoperability, and - in > essence - long-long-term guarantees in support of various types of > supply chains requirements. > > We=E2=80=99d be happy to present this emerging work in secdispatch with t= he goal > of discussing whether it might fit into the IETF space and how to > progress it together. > > Viele Gr=C3=BC=C3=9Fe, > > Henk > > > > On 26.02.22 02:29, "IETF Secretariat" wrote: > > Dear Mohit Sethi, > > > > The session(s) that you have requested have been scheduled. > > Below is the scheduled session information followed by > > the original request. > > > > > > secdispatch Session 1 (2:00 requested) > > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > > Room Name: Grand Park Hall 3 size: 250 > > --------------------------------------------- > > > > > > iCalendar: > https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics > > > > Request Information: > > > > > > --------------------------------------------------------- > > Working Group Name: Security Dispatch > > Area Name: Security Area > > Session Requester: Mohit Sethi > > > > > > Number of Sessions: 1 > > Length of Session(s): > > Number of Attendees: 200 > > Conflicts to Avoid: > > > > > > > > > > People who must be present: > > Benjamin Kaduk > > Kathleen Moriarty > > Mohit Sethi > > Paul Wouters > > Richard Barnes > > Roman Danyliw > > > > Resources Requested: > > > > Special Requests: > > Please avoid conflict with any Security related BoF. > > --------------------------------------------------------- > > > > > > _______________________________________________ > > Secdispatch mailing list > > Secdispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/secdispatch > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000640ced05daccf3d7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi folks,

It looks like at a= high level, the approach here is along the same lines as what has been dis= cussed as "Binary Transparency" elsewhere.=C2=A0 There have been = several stabs taken at this before.=C2=A0 See, for example:
<= br>
https://github.com/FreeBSDFoundation/binary-trans= parency-notes/blob/master/debian.txt
https://wiki.mozilla.org/Security/Binary= _Transparency

While these existing approaches = do help validate that there is some interest in the field for what SCITT do= es, it's not clear how SCITT is different from / better than this prior= art.

--RLB


On Wed, Mar 9,= 2022 at 5:40 PM Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
Hi secdispatch,
(hi scitt),

emerging work on the topic of Supply Chain Integrity, Transparency,
Trust has taken some shape recently.

The work combines existing IETF building blocks to facilitate useful
Internet-based support of global supply chain interoperability.

Current contributions focus on the definition of Transparency Services
based on Internet technology (using CBOR/CDDL/COSE) to achieve
unambiguous, scaleable, and resilient integration with common devops and secops requirements.

I'd like to request secdispatch agenda time for two documents that are =
currently submitted:
=C2=A0 > https://datatracker.i= etf.org/doc/draft-birkholz-scitt-architecture/

and

> https://datatracker.ietf.org/doc= /draft-birkholz-scitt-receipts/

These two contributions are in -00 state. Yet, they already address
essential requirements, such as, air-gapped validation when being
offline, integration of remote attestation, efficient and crypto-agile
signing prescriptions for out-of-the-box interoperability, and - in
essence - long-long-term guarantees in support of various types of
supply chains requirements.

We=E2=80=99d be happy to present this emerging work in secdispatch with the= goal
of discussing whether it might fit into the IETF space and how to
progress it together.

Viele Gr=C3=BC=C3=9Fe,

Henk



On 26.02.22 02:29, "IETF Secretariat" wrote:
> Dear Mohit Sethi,
>
> The session(s) that you have requested have been scheduled.
> Below is the scheduled session information followed by
> the original request.
>
>
>=C2=A0 =C2=A0 =C2=A0 secdispatch Session 1 (2:00 requested)
>=C2=A0 =C2=A0 =C2=A0 Tuesday, 22 March 2022, Afternoon Session II 1430-= 1630
>=C2=A0 =C2=A0 =C2=A0 Room Name: Grand Park Hall 3 size: 250
>=C2=A0 =C2=A0 =C2=A0 ---------------------------------------------
>
>
> iCalendar: https://datatracker= .ietf.org/meeting/113/sessions/secdispatch.ics
>
> Request Information:
>
>
> ---------------------------------------------------------
> Working Group Name: Security Dispatch
> Area Name: Security Area
> Session Requester: Mohit Sethi
>
>
> Number of Sessions: 1
> Length of Session(s):
> Number of Attendees: 200
> Conflicts to Avoid:
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
>
>
> People who must be present:
>=C2=A0 =C2=A0 Benjamin Kaduk
>=C2=A0 =C2=A0 Kathleen Moriarty
>=C2=A0 =C2=A0 Mohit Sethi
>=C2=A0 =C2=A0 Paul Wouters
>=C2=A0 =C2=A0 Richard Barnes
>=C2=A0 =C2=A0 Roman Danyliw
>
> Resources Requested:
>
> Special Requests:
>=C2=A0 =C2=A0 Please avoid conflict with any Security related BoF.
> ---------------------------------------------------------
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispa= tch

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000640ced05daccf3d7-- From nobody Tue Mar 22 06:21:55 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375AF3A12B8; Tue, 22 Mar 2022 06:21:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.107 X-Spam-Level: X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqW-vUvCWJmq; Tue, 22 Mar 2022 06:21:37 -0700 (PDT) Received: from mail-vk1-xa2a.google.com (mail-vk1-xa2a.google.com [IPv6:2607:f8b0:4864:20::a2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE7EA3A12D5; Tue, 22 Mar 2022 06:21:35 -0700 (PDT) Received: by mail-vk1-xa2a.google.com with SMTP id 188so6020869vku.5; Tue, 22 Mar 2022 06:21:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GS+Aemus5tk+4YW1JocTwVIrJVZUNk5FHmYM2lqVxcM=; b=ns430hsnwwi02o4X3s7c7aeMCFpiTt5SkJ4yDtCT6h+HlvAFF5mQ0oWJ49IVvKgBTj CAqcOMGWn+/6eUXoTZNna0i7bdmgRWH7SsU979ThS9D4dUUYBOBiex/f29p7LmDwWp9I pr9N3bXPzmJzK8zNOiMGWJZXJUkdHtT/3iwCsR+fAfDzPuLkTCjB31zPy5frm3A3XdX2 MozO3wfj6ZG0aoZ/jmmHhcLvboKY2dpsBTqlZeKVItwSqjUmroY48xtqK0OHccokGm4E pywqUDfltrlp/pQ6ocH+ahVnSqyM8F+HEhMZxcfXd19H92bAppttdi3J8+KCBpQRjgRT CSLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GS+Aemus5tk+4YW1JocTwVIrJVZUNk5FHmYM2lqVxcM=; b=ZrsCLugfbk/4lbz+jimbRvxrrUOviP2pDN5zsyjKNfGBmmkhWvHIrRKzyUuhBdxyzi grHe0dxAunzreu/JV2csYDeyMUL5zTG8BmtvgXqhNVottPUPZZ8da5sK6yk8YjTILKIk Qo7aw9dWmTL3L4Z/XttGnz4uMWrKALidDgZkblJja4Qbry09OSdQ0eaLOMz6tjnpzVLk Mes/Owi9ctxWUV+aWe4LXF30o7nMRFyodEEQMhnA/Yq0GIYhJ0RqDUaQQ6+nxrBvGe+T 0W4QqEWoqFVDVlNH8qlgDrGghdWsQ0RpelQzVr3TMkQptB4vGBwSuOt2R7Tnf2gtb5G4 vgyA== X-Gm-Message-State: AOAM531d1QPnie+EjeCn7J/XtS29ftb8Nsmd9zdGY/wVQDSvCmAwB52d afyJaDhszlzK1bB6Woy6KRK/62UpE2rfpxU4pqyaN0CGsIA= X-Google-Smtp-Source: ABdhPJw3lYZSKaLvmHHkijwtvPJj1D97quI+I/UPu8btekWUKmPmh1iyvnQcctNwOgN0c+cwIEcfheqIVU+D0jDMEaI= X-Received: by 2002:a1f:ac04:0:b0:32d:710:5930 with SMTP id v4-20020a1fac04000000b0032d07105930mr9726350vke.6.1647955294340; Tue, 22 Mar 2022 06:21:34 -0700 (PDT) MIME-Version: 1.0 References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: From: Kathleen Moriarty Date: Tue, 22 Mar 2022 09:20:58 -0400 Message-ID: To: Richard Barnes Cc: Henk Birkholz , scitt@ietf.org, IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000ecccdb05dace7de9" Archived-At: Subject: Re: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 13:21:46 -0000 --000000000000ecccdb05dace7de9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Greetings, I have some similar questions, and question the hard requirement for a DID. It seems that there will be many use cases that would want a traditional PKI like is used with SigStore for a higher level of assurance. Both a traditional PKI and a distributed can use the distributed ledger. I am aware of vendors looking at this solution, so there's support behind it. They also want to make sure the right thing is done, hence it coming to the IETF to get broad review. I think on the signature part, it would be useful to also support PKI with ACME and to see the client authentication methods supported as sigStore uses a certificate (their flow is a little different from ACME at the moment). I also support this being developed in the IETF as it's an important problem set and now has vendor traction due to requirements. I'd just like to see support for traditional PKI and ACME for the certificates/keys. I have to go through the document more closely as the problem set needs to consider organizations and individuals in terms of scale as well. How will this be managed? Will it be manageable and can it be architected to reduce the distributed burden so that security just works (as opposed to needing another million jobs to be filled that can't be filled). It's an important problem and would benefit from the IETF review process and openness to bring more vendors together than those who are already participating. Best regards, Kathleen On Tue, Mar 22, 2022 at 7:31 AM Richard Barnes wrote: > Hi folks, > > It looks like at a high level, the approach here is along the same lines > as what has been discussed as "Binary Transparency" elsewhere. There hav= e > been several stabs taken at this before. See, for example: > > https://www.sigstore.dev/ > https://unmitigatedrisk.com/?tag=3Dbinary-transparency > > https://github.com/FreeBSDFoundation/binary-transparency-notes/blob/maste= r/debian.txt > https://wiki.mozilla.org/Security/Binary_Transparency > > While these existing approaches do help validate that there is some > interest in the field for what SCITT does, it's not clear how SCITT is > different from / better than this prior art. > > --RLB > > > On Wed, Mar 9, 2022 at 5:40 PM Henk Birkholz < > henk.birkholz@sit.fraunhofer.de> wrote: > >> Hi secdispatch, >> (hi scitt), >> >> emerging work on the topic of Supply Chain Integrity, Transparency, >> Trust has taken some shape recently. >> >> The work combines existing IETF building blocks to facilitate useful >> Internet-based support of global supply chain interoperability. >> >> Current contributions focus on the definition of Transparency Services >> based on Internet technology (using CBOR/CDDL/COSE) to achieve >> unambiguous, scaleable, and resilient integration with common devops and >> secops requirements. >> >> I'd like to request secdispatch agenda time for two documents that are >> currently submitted: >> > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ >> >> and >> >> > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ >> >> These two contributions are in -00 state. Yet, they already address >> essential requirements, such as, air-gapped validation when being >> offline, integration of remote attestation, efficient and crypto-agile >> signing prescriptions for out-of-the-box interoperability, and - in >> essence - long-long-term guarantees in support of various types of >> supply chains requirements. >> >> We=E2=80=99d be happy to present this emerging work in secdispatch with = the goal >> of discussing whether it might fit into the IETF space and how to >> progress it together. >> >> Viele Gr=C3=BC=C3=9Fe, >> >> Henk >> >> >> >> On 26.02.22 02:29, "IETF Secretariat" wrote: >> > Dear Mohit Sethi, >> > >> > The session(s) that you have requested have been scheduled. >> > Below is the scheduled session information followed by >> > the original request. >> > >> > >> > secdispatch Session 1 (2:00 requested) >> > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 >> > Room Name: Grand Park Hall 3 size: 250 >> > --------------------------------------------- >> > >> > >> > iCalendar: >> https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics >> > >> > Request Information: >> > >> > >> > --------------------------------------------------------- >> > Working Group Name: Security Dispatch >> > Area Name: Security Area >> > Session Requester: Mohit Sethi >> > >> > >> > Number of Sessions: 1 >> > Length of Session(s): >> > Number of Attendees: 200 >> > Conflicts to Avoid: >> > >> > >> > >> > >> > People who must be present: >> > Benjamin Kaduk >> > Kathleen Moriarty >> > Mohit Sethi >> > Paul Wouters >> > Richard Barnes >> > Roman Danyliw >> > >> > Resources Requested: >> > >> > Special Requests: >> > Please avoid conflict with any Security related BoF. >> > --------------------------------------------------------- >> > >> > >> > _______________________________________________ >> > Secdispatch mailing list >> > Secdispatch@ietf.org >> > https://www.ietf.org/mailman/listinfo/secdispatch >> >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch >> > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --=20 Best regards, Kathleen --000000000000ecccdb05dace7de9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Greetings,

I have some similar question= s, and question the hard requirement for a DID. It seems that there will be= many use cases that would want a traditional PKI like is used with SigStor= e for a higher level of assurance. Both a traditional PKI and a distributed= can use the distributed ledger.

I am aware of ven= dors looking at this solution, so there's support behind it. They also = want to make sure the right thing is done, hence it coming to the IETF to g= et broad review.

I think on the signature part, it= would be useful to also support PKI with ACME and to see the client authen= tication methods supported as sigStore uses a certificate (their flow is a = little different from ACME at the moment).=C2=A0

I= also support this being developed in the=C2=A0IETF as it's an importan= t problem set and now has vendor traction due to requirements. I'd just= like to see support for traditional PKI and ACME for the certificates/keys= .

I have to go through the document more closely a= s the problem set needs to consider organizations and individuals in terms = of scale as well. How will this be managed? Will it be manageable and can i= t be architected to reduce the distributed burden so that security just wor= ks (as opposed to needing another million jobs to be filled that can't = be filled).

It's an important problem and woul= d benefit from the=C2=A0IETF review process and openness to bring more vend= ors together than those who are already participating.

=
Best regards,
Kathleen

On Tue, Mar 22, 2022 at 7:31 AM = Richard Barnes <rlb@ipv.sx> wrote:<= br>
Hi folks,

It looks like at a high level, the= approach here is along the same lines as what has been discussed as "= Binary Transparency" elsewhere.=C2=A0 There have been several stabs ta= ken at this before.=C2=A0 See, for example:

https://www.sigstore.= dev/
https://git= hub.com/FreeBSDFoundation/binary-transparency-notes/blob/master/debian.txt<= /a>
https://wiki.mozilla.org/Security/Binary_Transparency

While these existing approaches do help validate th= at there is some interest in the field for what SCITT does, it's not cl= ear how SCITT is different from / better than this prior art.
--RLB


On Wed, Mar 9, 2022 at 5:40 PM He= nk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
Hi secdispatch,
(hi scitt),

emerging work on the topic of Supply Chain Integrity, Transparency,
Trust has taken some shape recently.

The work combines existing IETF building blocks to facilitate useful
Internet-based support of global supply chain interoperability.

Current contributions focus on the definition of Transparency Services
based on Internet technology (using CBOR/CDDL/COSE) to achieve
unambiguous, scaleable, and resilient integration with common devops and secops requirements.

I'd like to request secdispatch agenda time for two documents that are =
currently submitted:
=C2=A0 > https://datatracker.i= etf.org/doc/draft-birkholz-scitt-architecture/

and

> https://datatracker.ietf.org/doc= /draft-birkholz-scitt-receipts/

These two contributions are in -00 state. Yet, they already address
essential requirements, such as, air-gapped validation when being
offline, integration of remote attestation, efficient and crypto-agile
signing prescriptions for out-of-the-box interoperability, and - in
essence - long-long-term guarantees in support of various types of
supply chains requirements.

We=E2=80=99d be happy to present this emerging work in secdispatch with the= goal
of discussing whether it might fit into the IETF space and how to
progress it together.

Viele Gr=C3=BC=C3=9Fe,

Henk



On 26.02.22 02:29, "IETF Secretariat" wrote:
> Dear Mohit Sethi,
>
> The session(s) that you have requested have been scheduled.
> Below is the scheduled session information followed by
> the original request.
>
>
>=C2=A0 =C2=A0 =C2=A0 secdispatch Session 1 (2:00 requested)
>=C2=A0 =C2=A0 =C2=A0 Tuesday, 22 March 2022, Afternoon Session II 1430-= 1630
>=C2=A0 =C2=A0 =C2=A0 Room Name: Grand Park Hall 3 size: 250
>=C2=A0 =C2=A0 =C2=A0 ---------------------------------------------
>
>
> iCalendar: https://datatracker= .ietf.org/meeting/113/sessions/secdispatch.ics
>
> Request Information:
>
>
> ---------------------------------------------------------
> Working Group Name: Security Dispatch
> Area Name: Security Area
> Session Requester: Mohit Sethi
>
>
> Number of Sessions: 1
> Length of Session(s):
> Number of Attendees: 200
> Conflicts to Avoid:
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
>
>
> People who must be present:
>=C2=A0 =C2=A0 Benjamin Kaduk
>=C2=A0 =C2=A0 Kathleen Moriarty
>=C2=A0 =C2=A0 Mohit Sethi
>=C2=A0 =C2=A0 Paul Wouters
>=C2=A0 =C2=A0 Richard Barnes
>=C2=A0 =C2=A0 Roman Danyliw
>
> Resources Requested:
>
> Special Requests:
>=C2=A0 =C2=A0 Please avoid conflict with any Security related BoF.
> ---------------------------------------------------------
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispa= tch

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch


--

Best regards,
Kathleen
--000000000000ecccdb05dace7de9-- From nobody Tue Mar 22 06:23:59 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ABD43A13A5; Tue, 22 Mar 2022 06:23:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.01 X-Spam-Level: X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REzx8d_N2Y89; Tue, 22 Mar 2022 06:23:50 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0723.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::723]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74C3D3A12D2; Tue, 22 Mar 2022 06:23:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CBlfGhA5N1JiWU/XL2pvFMm0gaPdnf8W1XPZBJ0h+NtvZbxZHdc6ecj53FYHwaus4et12k2j1O4e/2N+w/dsMw3mpWcwKuZIXPma94xwis2roL5lPlCh95hk+rdgSUCGQTEKwE86swHHNqLj2KUc0luvV+/UX2UobDvyYtrNRyvA/RX9cGMHkgoz7E459UFyvHl4d6Yr29EdUFFmdkVc7PSA4mMm0U7Z45kxTEMtw3riPWJGsTU7kqMshH8AtRBsELEJe3qtYCv8bukfkacVpU0ilrgA9Ojm6lU8KnM0JSMkFYMvZI+rM95yvt5veWsKTw69TbrksU4JPjPYnrIvwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N5xX3PaUdocRikhlzjOQpKo6wiZPnGfHligVU+xREYE=; b=KxqAt0bg+x7WU5okTDFqYKdeqdNtp4feb5aOdP1ZVlN1FT8kh6aVMpclICBCavieC2QYgnhCAhY0dSz3RBKzSyKp+tlU7psGtkgohsqL6dfV7k5/MY3soNzppayBS6lE0VXSNch3ZhMeGujKLWDaEJl9RL8JX9NoyMmKotcBfP8M7kRufwjWluefXqrC9vjTwZ6oMJuKlIL73Z1X0tGTRQpe3cmZMnAgz2rzXSN/XcUl0AK9MXeKxqdIyramlHVClyiZnyb8We3G5cKLio4ql2tTL/egWGe+VPyARaFOfs9fCCh+eHmIhsd5m0bf4jdX4Zo6Fl3vHfenBVEn8kAOPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N5xX3PaUdocRikhlzjOQpKo6wiZPnGfHligVU+xREYE=; b=NL9ghDRdTWzsVmuKZds7i5NjFAQKwqHF+6Y6AVD8Bw9tbQrHgT/7VZWcJ7S55IaC0pxYfisa4o4DB316/tqwALMiXZl4UMbdGlfxRIyCmf90corOMAxY5V56OfqXM67gvVsWwRDtE9GME0KPNBWm7qXcK+igFEjUITDXlPkMmrI= Received: from AM5PR83MB0372.EURPRD83.prod.outlook.com (2603:10a6:206:25::13) by DB6PR83MB0182.EURPRD83.prod.outlook.com (2603:10a6:6:3f::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.8; Tue, 22 Mar 2022 13:23:41 +0000 Received: from AM5PR83MB0372.EURPRD83.prod.outlook.com ([fe80::2522:e346:6a88:d4f]) by AM5PR83MB0372.EURPRD83.prod.outlook.com ([fe80::2522:e346:6a88:d4f%3]) with mapi id 15.20.5102.013; Tue, 22 Mar 2022 13:23:41 +0000 From: Antoine Delignat-Lavaud To: Eric Rescorla , "Birkholz, Henk" CC: "scitt@ietf.org" , IETF SecDispatch Thread-Topic: [EXTERNAL] Re: [SCITT] [Secdispatch] Request for session at IETF 113 Thread-Index: AQHYPXqyioJfvqpnjUmlgOPJi3YBoKzLYVvw Date: Tue, 22 Mar 2022 13:23:41 +0000 Message-ID: References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=ce69a1cf-bf12-41a6-88b0-4a951a3dd9b4; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-03-22T13:10:09Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b9c606d1-a2cc-4b93-3a6d-08da0c072ef3 x-ms-traffictypediagnostic: DB6PR83MB0182:EE_ x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-ms-exchange-atpmessageproperties: SA|SL x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XJCuD5ahLQ17V+UPiZSKltx4howZYssg+iVSM/h2i4jl5G+8opdpJHYX9aVtDxxrq1jS+eWsYj9Og74HAPtPz4xb8ZtFsilteUv8T3niu3JSVkT/3bY586s5XSKDREEDK7aTXlctjChTivZfRlF/atai2ww/ZwvofcluW2O/qk3n6IxK+3D9to08OemhwTaFALJEv7hgem0PeqU5FpI37WZeZH5Kyq+i+NF99kJu3s5Oamp8faexuMy+dW/+CbKjX3bNXFuTYhbAT978DN5GdFvme2ppGuj+zF6hqUCI6rjx/zSFUy79JveTo505Uo1VxgUci8hHPNUIUkeL9otbdfHBOag4A9jEd9qfM7e68jpr5UVOAhS68y8AvuPqnkmsSuA1EXDD6CQ9njOmG8V68lJd2J3mI7MrQ1L9nclnzdxDCuI7MnuR32+0u6yUJmwLd1ta0cYQ79ghEjTIpGioP9j5+2Z1p4UPQn8OnD0Xy1e9i8Uy53mM1gbGYLFF1y7tj2LdLnJx5N/jMD1wavZgye2GDpVh8v3JqnRnKpwwLAsJckRM5QK6As2ZAEZcu8EYZv7Jo05eYb3lVLS1PrDR+ecVyREbk7/LAklGp0AfLxImMkWesvOeoNX8mJ7TjXBGKeNn+RXkYGXg9A8oChuOvMqFsMAdBTeYjTwwOloyR5XBKsM8sPzK0sOcBMT0pN2+PfF6zzvT2vDXqUS3LKdXL2KRY3vDO5vqaX4W8nTZAedRNDCEf1Qn5oWmmrf8OOkrSjMQG0lPQFlcMg/aLWeFOO2VvAz6YEg5Cu2pM9BGEykOQKlXEEXFTE6NwHd/Kv6ZSBUA9HNpS352q6XkFPaFG1WTOb///s+LtbJTJPRNcmMvBltiSR0qKZNxZwv3iH3Q x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5PR83MB0372.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(55016003)(5660300002)(54906003)(110136005)(38070700005)(66574015)(186003)(52536014)(8990500004)(508600001)(966005)(10290500003)(53546011)(8936002)(86362001)(8676002)(2906002)(7696005)(4326008)(6506007)(82960400001)(82950400001)(66556008)(166002)(83380400001)(38100700002)(122000001)(9686003)(66946007)(64756008)(76116006)(66446008)(66476007)(71200400001)(316002)(33656002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?jCAX8xl3czeTUWYyZ4BpIvXC3inkW6jv8Hmx/5g/Jdrj+gLtkHLExtXevU?= =?iso-8859-1?Q?lfxVNn8if/I2JEEarzoFsQ5QGPmjMN5s007mzm+WOyfc7Aj4fFh0MGjRw7?= =?iso-8859-1?Q?9l6rPsWyRMPc7eMvzFKLDlodjvFt8xbYyFsVtLZ8ZZMg4AJ/QVQUmvbnnA?= =?iso-8859-1?Q?yccPFNxK5X6yjJjy1bQLxmN4cFqqA2ZsE3tF+deYboCe5I2aSVTMuq7RdL?= =?iso-8859-1?Q?bg5kqZkDB2pjXYRC7gBGQJiCsL2w/PWb1d1ymySKRnoE5nQVTrRsgEkKb7?= =?iso-8859-1?Q?aDTXGeT9YbRsmeh89ttc/ZJ5fHxOiiV0SwKpLkUeWQm5/UhLZmo4Ud8cw+?= =?iso-8859-1?Q?n5PF6iJq7HmxRn2xVacJrpRojW0Hv+g+VVWn4jYFB05Pm0Mg3S5AFgOtGU?= =?iso-8859-1?Q?NsrvuffLLwfvwpWJsrPDo5P6T5LxoZqX/bK2WFsVibwj1KJaNyAGUzFgy/?= =?iso-8859-1?Q?VD08E7vuXVbGsoJXmR3gdKrdULDEvPQE+wwn2Onc5BDqam/nhlbsIh8K03?= =?iso-8859-1?Q?/DCfR1GzsKWV13QG4fYi0TA0j84fS0AzZlhD6GnQVOXjokk6U7+nBXA776?= =?iso-8859-1?Q?S6UytaBNHdCqMgA2yi/RwRvNEfVWnTABnyRhSf2hQkntUfGrHP1/WGoNkI?= =?iso-8859-1?Q?Qb3ersU8ygvE179VLg9LgAqSDIoH4AUdoN6bnl1g5u8KdwufQEydQonlVs?= =?iso-8859-1?Q?Pb8HGk7JMBU/ZsQE/F1Fm1MRfE4Ewj7wQB3NhhdtF1OYpj3VbQuh5o0cjO?= =?iso-8859-1?Q?mzVT+HtEC0ofullr/T4s3y433WAillNW7SUR/PGUqIk1tSl0LqAq67smif?= =?iso-8859-1?Q?T6GRn1b5se3PXzsDzEOOqJA5RH5oy3kjYVz4RewMJ3N02H97ZDJRSsRhap?= =?iso-8859-1?Q?6R7nXf1BDOr8uftAe9fLxt+t+DfiD0N9yj0dIw5eRxwsyizgixizPgqaNe?= =?iso-8859-1?Q?I+nBEKCZKq7/1xGmeU+8E+0seFuGq3BNIivP63xMyVjEGfYnFedVsG355J?= =?iso-8859-1?Q?8DChBbYLmIatdfZGTalsyH5lMJV67lGThswPwiTY2zM9ZOxGVu3mHaCHYu?= =?iso-8859-1?Q?m0Iq6TVkYztwzCkc/rUZGFx/NOPIApHlbnNhE354iJ1rLsB5K05Ma1GW59?= =?iso-8859-1?Q?FWWY0Xjn6THsYhGftBBQ1eWRLNTQqzFYlFjVOmiycVWzoubn8dFgRZ3MNU?= =?iso-8859-1?Q?mv9zx3i4cOngUPPfn01KrbLSFYtE/NQ1M7yjPIOLXs2yJyAChFNkrU7sd3?= =?iso-8859-1?Q?mkVJwU2ZBJYAtDIceqLuNCK8ODwuVW/GV86kBFAj2wEuKHVkTwTHjI8N/y?= =?iso-8859-1?Q?lJ26N+ayIkSVUrAIucxwaKBSyDVExP4EpGi9cRcKih32LtBRSxE6ZbdLs0?= =?iso-8859-1?Q?eMmoJcR/GJAFYwcchHq/pjihkhOnFZ2gRsTyUSeox6Y8StIOsjdHWWD4kX?= =?iso-8859-1?Q?Ubc+riiw8jdYnzAYDs/zw5OU+YfDN488xPMJ8MFsQkYutsX8jT0JMhVkjF?= =?iso-8859-1?Q?0n/5kyPfy26ufusxOLpXutolXnVZyXwdfvDxLsZJLSTUETSk8M5ayKGkQX?= =?iso-8859-1?Q?lBk9tvE6wnwM3OPI2KheHReaFx11?= Content-Type: multipart/alternative; boundary="_000_AM5PR83MB0372E1023BDDCFD13A0D0B2EB2179AM5PR83MB0372EURP_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM5PR83MB0372.EURPRD83.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b9c606d1-a2cc-4b93-3a6d-08da0c072ef3 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 13:23:41.6793 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sqY/dvihmWVeuhUcKcONonLmGWDPZJmGtdjZbqpikien4EFsBkgh7EOfRm5Opuv0rTzrBvG3YekW8YWgyLeq+A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR83MB0182 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL] Re: [SCITT] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 13:23:56 -0000 --_000_AM5PR83MB0372E1023BDDCFD13A0D0B2EB2179AM5PR83MB0372EURP_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Ekr and thanks for your excellent technical comments. Regarding (1) this is very much something to be aware of in deciding which = DID schemes should be recommended by the standard. Generally you would expe= ct that transparency services should prefer fully replayable/verifiable DID= resolution methods (and it is indeed quite hard to make did:web verifiable= with TLS 1.3 where all cipher suites are AEAD without using advanced verif= iable computation crypto). It is not clear what choice would fit most binar= y transparency users; maybe something based on DNSSEC could fit the bill, b= ut at this point the question is open for comments. (2) is a good argument, though unlike certificates there isn't an obvious u= niversal mechanism to attach SCT to signed binaries. Receipts also have the= benefit to work with unsigned artifacts, which are a legitimate use in non= -software supply chain. More is definitely achievable to integrate transpar= ency into binary signing in the style of today's certs. (3) is up for discussion but we would rather avoid a mess like pre-certs in= CT, such as commitments to artifacts that are not known at claim registrat= ion. Note that related to the previous point the receipt is separate from t= he artifact in SCITT so there should not be as much latency pressure as in = CT, if the receipt is obtained asynchronously. However, getting more feedba= ck from maintainers of existing binary transparency systems would be helpfu= l. Best, Antoine From: SCITT On Behalf Of Eric Rescorla Sent: 21 March 2022 23:22 To: Birkholz, Henk Cc: scitt@ietf.org; IETF SecDispatch Subject: [EXTERNAL] Re: [SCITT] [Secdispatch] Request for session at IETF 1= 13 OVERALL This document describes a general structure for providing transparency for software artifacts, effectively a generalization of what's often called "binary transparency". This is a useful kind of service in concept an at least theoretically an appropriate topic for IETF. The answer to the secdispatch questions depends, I think on the level of interest people have in deploying such a service and especially with this as a starting point. Specifically, we'd need to hear from: - Software vendors - Potential transparency service (log) operators. I'd particularly like to hear from people who already are involved with Binary Transparency: https://developers.google.com/android/binary_tran= sparency If there is interest, I would be supportive of moving forward with this. Given the complexity of the topic, a BOF is probably the next step. TECHNICAL I do have a few small technical comments. 1. I'm still working through the semantics of the identities you are using. As I understand it, the signatures are intended to provide evidence that the vendor actually published something, but if you use did:web, then can't the vendor just use a different key for each signature and remove the key from the Web site later. What proof is there that the vendor endorsed a specific key? 2. I understand the appeal of the append only log, but I'd observe that much of the value in CT has been achieved without any real verification by clients of the inclusion proofs but just relying entirely on SCTs. So, perhaps we don't need to try as hard here. This point applies to BT as well, I think. 3. S 6.3 seems to require the claim to be appended to the log prior to issuing the receipt. This is not how CT is architected, as I understand it because of concerns about the latency of that process. Instead, certificates have SCTs. Do similar concerns apply here? I'm sure all of these could be addressed during the standards process, and they certainly don't preclude doing this work, but I noted them as I read the document and thought it would be good to record them. On Wed, Mar 9, 2022 at 2:40 PM Henk Birkholz > wrote: Hi secdispatch, (hi scitt), emerging work on the topic of Supply Chain Integrity, Transparency, Trust has taken some shape recently. The work combines existing IETF building blocks to facilitate useful Internet-based support of global supply chain interoperability. Current contributions focus on the definition of Transparency Services based on Internet technology (using CBOR/CDDL/COSE) to achieve unambiguous, scaleable, and resilient integration with common devops and secops requirements. I'd like to request secdispatch agenda time for two documents that are currently submitted: > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ and > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ These two contributions are in -00 state. Yet, they already address essential requirements, such as, air-gapped validation when being offline, integration of remote attestation, efficient and crypto-agile signing prescriptions for out-of-the-box interoperability, and - in essence - long-long-term guarantees in support of various types of supply chains requirements. We'd be happy to present this emerging work in secdispatch with the goal of discussing whether it might fit into the IETF space and how to progress it together. Viele Gr=FC=DFe, Henk On 26.02.22 02:29, "IETF Secretariat" wrote: > Dear Mohit Sethi, > > The session(s) that you have requested have been scheduled. > Below is the scheduled session information followed by > the original request. > > > secdispatch Session 1 (2:00 requested) > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > Room Name: Grand Park Hall 3 size: 250 > --------------------------------------------- > > > iCalendar: https://datatracker.ietf.org/meeting/113/sessions/secdispatch.= ics > > Request Information: > > > --------------------------------------------------------- > Working Group Name: Security Dispatch > Area Name: Security Area > Session Requester: Mohit Sethi > > > Number of Sessions: 1 > Length of Session(s): > Number of Attendees: 200 > Conflicts to Avoid: > > > > > People who must be present: > Benjamin Kaduk > Kathleen Moriarty > Mohit Sethi > Paul Wouters > Richard Barnes > Roman Danyliw > > Resources Requested: > > Special Requests: > Please avoid conflict with any Security related BoF. > --------------------------------------------------------- > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch _______________________________________________ Secdispatch mailing list Secdispatch@ietf.org https://www.ietf.org/mailman/listinfo/secdispatch --_000_AM5PR83MB0372E1023BDDCFD13A0D0B2EB2179AM5PR83MB0372EURP_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi Ekr an= d thanks for your excellent technical comments.

&nbs= p;

Regarding= (1) this is very much something to be aware of in deciding which DID schem= es should be recommended by the standard. Generally you would expect that t= ransparency services should prefer fully replayable/verifiable DID resolution methods (and it is indeed quite hard = to make did:web verifiable with TLS 1.3 where all cipher suites are AEAD wi= thout using advanced verifiable computation crypto). It is not clear what c= hoice would fit most binary transparency users; maybe something based on DNSSEC could fit the bill, but at this poi= nt the question is open for comments.

&nbs= p;

(2) is a = good argument, though unlike certificates there isn’t an obvious univ= ersal mechanism to attach SCT to signed binaries. Receipts also have the be= nefit to work with unsigned artifacts, which are a legitimate use in non-software supply chain. More is definitely achi= evable to integrate transparency into binary signing in the style of today&= #8217;s certs.

&nbs= p;

(3) is up= for discussion but we would rather avoid a mess like pre-certs in CT, such= as commitments to artifacts that are not known at claim registration. Note= that related to the previous point the receipt is separate from the artifact in SCITT so there should not be = as much latency pressure as in CT, if the receipt is obtained asynchronousl= y. However, getting more feedback from maintainers of existing binary trans= parency systems would be helpful.

&nbs= p;

Best,

Antoine

&nbs= p;

From: SCITT <scitt-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: 21 March 2022 23:22
To: Birkholz, Henk <henk.birkholz@sit.fraunhofer.de>
Cc: scitt@ietf.org; IETF SecDispatch <secdispatch@ietf.org> Subject: [EXTERNAL] Re: [SCITT] [Secdispatch] Request for session at= IETF 113

 


OVERALL
This document describes a general structure for providing transparency
for  software artifacts, effectively a generalization of what's often<= br> called "binary transparency". This is a useful kind of service in= concept
an at least theoretically an appropriate topic for IETF.

The answer to the secdispatch questions depends, I think on the level
of interest people have in deploying such a service and especially
with this as a starting point. Specifically, we'd need to hear from:

- Software vendors
- Potential transparency service (log) operators.

I'd particularly like to hear from people who already are involved
with Binary Transparency: https://developers.google.com/android/binary_transparency

If there is interest, I would be supportive of moving forward with
this. Given the complexity of the topic, a BOF is probably the next
step.


TECHNICAL
I do have a few small technical comments.

1. I'm still working through the semantics of the identities you are
   using. As I understand it, the signatures are intended to prov= ide
   evidence that the vendor actually published something, but if = you
   use did:web, then can't the vendor just use a different key fo= r
   each signature and remove the key from the Web site later. Wha= t
   proof is there that the vendor endorsed a specific key?

2. I understand the appeal of the append only log, but I'd observe
   that much of the value in CT has been achieved without any rea= l
   verification by clients of the inclusion proofs but just relyi= ng
   entirely on SCTs. So, perhaps we don't need to try as hard
   here. This point applies to BT as well, I think.

3. S 6.3 seems to require the claim to be appended to the log prior to
   issuing the receipt. This is not how CT is architected, as I    understand it because of concerns about the latency of that    process. Instead, certificates have SCTs. Do similar concerns<= br>    apply here?

I'm sure all of these could be addressed during the standards process,
and they certainly don't preclude doing this work, but I noted them
as I read the document and thought it would be good to record them.

 

 



 

On Wed, Mar 9, 2022 at 2:40 PM Henk Birkholz <henk.birkholz@sit.fraunhofe= r.de> wrote:

Hi secdispatch,
(hi scitt),

emerging work on the topic of Supply Chain Integrity, Transparency,
Trust has taken some shape recently.

The work combines existing IETF building blocks to facilitate useful
Internet-based support of global supply chain interoperability.

Current contributions focus on the definition of Transparency Services
based on Internet technology (using CBOR/CDDL/COSE) to achieve
unambiguous, scaleable, and resilient integration with common devops and secops requirements.

I'd like to request secdispatch agenda time for two documents that are
currently submitted:
  > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/

and

> https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/

These two contributions are in -00 state. Yet, they already address
essential requirements, such as, air-gapped validation when being
offline, integration of remote attestation, efficient and crypto-agile
signing prescriptions for out-of-the-box interoperability, and - in
essence - long-long-term guarantees in support of various types of
supply chains requirements.

We’d be happy to present this emerging work in secdispatch with the g= oal
of discussing whether it might fit into the IETF space and how to
progress it together.

Viele Gr=FC=DFe,

Henk



On 26.02.22 02:29, "IETF Secretariat" wrote:
> Dear Mohit Sethi,
>
> The session(s) that you have requested have been scheduled.
> Below is the scheduled session information followed by
> the original request.
>
>
>      secdispatch Session 1 (2:00 requested)
>      Tuesday, 22 March 2022, Afternoon Session II 1430-= 1630
>      Room Name: Grand Park Hall 3 size: 250
>      ---------------------------------------------
>
>
> iCalendar: https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics
>
> Request Information:
>
>
> ---------------------------------------------------------
> Working Group Name: Security Dispatch
> Area Name: Security Area
> Session Requester: Mohit Sethi
>
>
> Number of Sessions: 1
> Length of Session(s):
> Number of Attendees: 200
> Conflicts to Avoid:
>
>         
>
>
> People who must be present:
>    Benjamin Kaduk
>    Kathleen Moriarty
>    Mohit Sethi
>    Paul Wouters
>    Richard Barnes
>    Roman Danyliw
>
> Resources Requested:
>
> Special Requests:
>    Please avoid conflict with any Security related BoF.
> ---------------------------------------------------------
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch

--_000_AM5PR83MB0372E1023BDDCFD13A0D0B2EB2179AM5PR83MB0372EURP_-- From nobody Tue Mar 22 06:27:16 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0A0E3A1399; Tue, 22 Mar 2022 06:27:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uK5Tx5Limd7M; Tue, 22 Mar 2022 06:27:01 -0700 (PDT) Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0134.outbound.protection.office365.us [23.103.208.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711D43A1423; Tue, 22 Mar 2022 06:26:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=dLcDPMlaTwGN8x6glaSnNZ7xTDddF8t5a2ou8gbv1jyOGrcR7sPAtjMNpdrzAmYM882ojP80QMYpmgF0JTnLx819Z54BH+bQt9PDABOqbtHdEc6RgNeZtbxQdnYyt8cyaB1TBDY0s7tH4QNoIlzJQl0gAO9T1OOdqLbse0ZtWVN4GbxhlH1mNpG2otIeE6SK0C2L3cEZ42F5b9OwN+zbn5RfCULsLYcierBW0Ed7TZTP+99IlMz9bi7lnjZeaPaz5ypuLvyoX7ZlVs50OeW+6b2T//5KOCthYvFvcURRVzrpmq0aOe2yavCu2+MDS2IZj/RXlepY7X4JhoszmUcK9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H9lKIctZzoKcVgoGSCXVduY7p1Yp6zZdqog/wSkvA9k=; b=l3vB9YIh0JBWdnpcQV7giZ20ipGIG8Zh832MyXf2RmaaIBa1Dj9XYyBFPVocRHXfd8EYUI/x2EHZfnHNAUGvn0cTUIBGnmxgLb2ancDzAMAibsFqwU5Erl75kzsyEm3SsNNdQV8irx1vaTGZFLmAsFxGcV6p47VjiiEFrQrvaVGD8odGqY/PoaclV74+70OxrDryAZybVAULcDlTLv8jynAbLacrzdKJgMfFGBLVIQEZu3P2pm+OnIY0WjXOJCbQm1TjJr4Z91kmCLu+/XYvGVI39J63sK9P2nxbN3JY96r+Uy/QErraSr4uLB7XyZ1WJ1UUZY3g7cwUahiZRei/Kw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H9lKIctZzoKcVgoGSCXVduY7p1Yp6zZdqog/wSkvA9k=; b=JDGA6xgQVCA34vbliaCwpoHQ/5Eni+7XLq/0d5+H/aI/02P5AE6mv2T/xknFeDUeiDRR+sAchJvOCW9ORqKsev763dPBpoKJ7Axoz8DYC8DN6fyAibe0j7eTNjZNG4stADA/7Oo/gPd/k0bcsaN1LqSP8JAEPdZRfoN2iQLBfd4= Received: from PH1P110MB1113.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:175::13) by PH1P110MB1539.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:18b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.24; Tue, 22 Mar 2022 13:26:28 +0000 Received: from PH1P110MB1113.NAMP110.PROD.OUTLOOK.COM ([fe80::c5f4:c8f2:21db:48d7]) by PH1P110MB1113.NAMP110.PROD.OUTLOOK.COM ([fe80::c5f4:c8f2:21db:48d7%5]) with mapi id 15.20.5061.024; Tue, 22 Mar 2022 13:26:28 +0000 From: Chris Inacio To: "secdispatch@ietf.org" , Henk Birkholz , "scitt@ietf.org" Thread-Topic: [Secdispatch] Request for session at IETF 113 Thread-Index: AQHYNAaiJ6edOPtaskuVlnXrwcl3xazLeMoA Date: Tue, 22 Mar 2022 13:26:28 +0000 Message-ID: References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 76547828-af8a-48ad-5be4-08da0c079212 x-ms-traffictypediagnostic: PH1P110MB1539:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9OlwO5NbFKrmx0nkbHaU8ScvwXlXCtE8Ie9ofSRbj1oKPGazu4J4gHd984U/i3OWKDCQ7E/FvlySRM70YYzT1gEphmJ/aewCTqvfCKVcKduv7bATaAF/43OTivoqq7OKpEwV47q94K3NfRdombDd5tRtLiSfJQeMeyOYLb5vr/xfMUtPk5coOheFJlqkG+xfCe333Qc7NQ/83+pRVK17gVtgUCLC1q+T1T0IEj/A4SdHGbDyhFreRFPh8wt/9LX5XdAAjmli5VwoKq5Uz8bhe7HdcMFWRxOIDBDzCdT37lQeWz00skb3d/NMObYFZd/RvHugDf+vhsWF6N0xtioigZM1ydFvK1cuIQxtbC25vc8rnC+Va4qfAm/2i+MN+QlymkE4+nKr/RrTtEVJX44UONfYV+lAL34R470cEar1p8gcrNhzGEvVtDEjkx3lmak6lxe8sBpkopwhF3ARCyEcCwxSJHO2gi8uNpgyXK3Hps5ESAFumqbXdp3emx/hu23RH0lvojKLqRnhcvYJdyLmDj/7+jKGVv1xBi3faSXBKS5c6jx/uFAOZc3E8Ew5WvhVZz7uPR3r4RuDmaZX/4tNJXIUacpmwwnmzKcd3ZgZhVjp9ZYanVp1tFVx+iqC7vbkYeZR7p784zdsw6WxlQyzTLdnSuyTGjYeZvaLMXyXMyZmOiX52vqYfoaeqGoyjeDAr3nEoG27z3wMOK0rR9wQkw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH1P110MB1113.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(110136005)(966005)(508600001)(122000001)(6486002)(5660300002)(38100700002)(71200400001)(66476007)(66556008)(8936002)(2906002)(76116006)(64756008)(66446008)(66946007)(8676002)(66574015)(82960400001)(6506007)(53546011)(86362001)(38070700005)(36756003)(6512007)(83380400001)(2616005)(186003)(26005)(316002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: 5L9HM9pfZnJD7e0XAdcNfpm/bT0BtzLYdvsvEtQgkfzbNKXdHTe8vCbfKfadTKOtMd79L7SCKCPA7CEiPOJ666hC5b5gc2I4AewQi45Q1pe78ksMSvjQTcpjNWO1bf18pd7yOq0RwMjWHMaukWDBDg== Content-Type: text/plain; charset="utf-8" Content-ID: <24C8A3BE7898694CAF98DED70721A912@NAMP110.PROD.OUTLOOK.COM> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: cert.org X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH1P110MB1113.NAMP110.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 76547828-af8a-48ad-5be4-08da0c079212 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 13:26:28.0390 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1539 Archived-At: Subject: Re: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 13:27:15 -0000 SGVuaywNCg0KSnVzdCBhIHF1aWNrIGNvbW1lbnQgYmVmb3JlIHRoZSBzdGFydCBvZiB0aGUgYWN0 dWFsIFNFQ0RJU1BBVENIIHNlc3Npb246IHNpZ25pbmcgYW4gTUwgYWxnb3JpdGhtIGlzbuKAmXQg YWxsIHRoYXQgaW50ZXJlc3RpbmcsIF9tYXliZV8gc2lnbmluZyB0aGUgbW9kZWwgaXMgYSBiaXQg bW9yZSBpbnRlcmVzdGluZy4gwqBXaGF04oCZcyByZWFsbHkgaW50ZXJlc3RpbmcgaXMgdGhlIGRh dGEgdXNlZCB0byBjcmVhdGUgdGhlIG1vZGVsLCBhbmQgdGhhdCBpcyB3aGVyZSBhIGxvdCBvZiB3 b3JrIGluIGFkdmVyc2FyaWFsIEFJIGhhcHBlbnMuIMKgQnV0IHRoZXkgZG9u4oCZdCBjYWxsIGl0 IGJpZyBkYXRhIGZvciBub3RoaW5nLCBhbmQgSeKAmW0gbm90IHN1cmUgdGhlIGxvZ2lzdGljcyBv ZiB0cmFuc3BhcmVudCAoYmlnKSBkYXRhLCBvciB0aGUgcHJpdmFjeSBpbXBhY3Qgb2YgdGhhdCBh cmUgcmVhc29uYWJsZS4NCg0KU28gbWF5YmUgYSBkaWZmZXJlbnQgZXhhbXBsZSBtYXkgYmUgYXBw cm9wcmlhdGUuDQoNCg0KLS0NCkNocmlzIEluYWNpbw0KaW5hY2lvQGNlcnQub3JnDQoNCi0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOsKgSGVuayBCaXJraG9seiA8aGVuay5iaXJraG9s ekBzaXQuZnJhdW5ob2Zlci5kZT4NCkRhdGU6wqBNYXJjaCA5LCAyMDIyIGF0IDU6NDA6MTEgUE0N ClRvOsKgc2VjZGlzcGF0Y2hAaWV0Zi5vcmcgPHNlY2Rpc3BhdGNoQGlldGYub3JnPiwgc2NpdHRA aWV0Zi5vcmcgPHNjaXR0QGlldGYub3JnPg0KU3ViamVjdDrCoCBbU2VjZGlzcGF0Y2hdIFJlcXVl c3QgZm9yIHNlc3Npb24gYXQgSUVURiAxMTMNCg0KPiBIaSBzZWNkaXNwYXRjaCwNCj4gKGhpIHNj aXR0KSwNCj4gIA0KPiBlbWVyZ2luZyB3b3JrIG9uIHRoZSB0b3BpYyBvZiBTdXBwbHkgQ2hhaW4g SW50ZWdyaXR5LCBUcmFuc3BhcmVuY3ksDQo+IFRydXN0IGhhcyB0YWtlbiBzb21lIHNoYXBlIHJl Y2VudGx5Lg0KPiAgDQo+IFRoZSB3b3JrIGNvbWJpbmVzIGV4aXN0aW5nIElFVEYgYnVpbGRpbmcg YmxvY2tzIHRvIGZhY2lsaXRhdGUgdXNlZnVsDQo+IEludGVybmV0LWJhc2VkIHN1cHBvcnQgb2Yg Z2xvYmFsIHN1cHBseSBjaGFpbiBpbnRlcm9wZXJhYmlsaXR5Lg0KPiAgDQo+IEN1cnJlbnQgY29u dHJpYnV0aW9ucyBmb2N1cyBvbiB0aGUgZGVmaW5pdGlvbiBvZiBUcmFuc3BhcmVuY3kgU2Vydmlj ZXMNCj4gYmFzZWQgb24gSW50ZXJuZXQgdGVjaG5vbG9neSAodXNpbmcgQ0JPUi9DRERML0NPU0Up IHRvIGFjaGlldmUNCj4gdW5hbWJpZ3VvdXMsIHNjYWxlYWJsZSwgYW5kIHJlc2lsaWVudCBpbnRl Z3JhdGlvbiB3aXRoIGNvbW1vbiBkZXZvcHMgYW5kDQo+IHNlY29wcyByZXF1aXJlbWVudHMuDQo+ ICANCj4gSSdkIGxpa2UgdG8gcmVxdWVzdCBzZWNkaXNwYXRjaCBhZ2VuZGEgdGltZSBmb3IgdHdv IGRvY3VtZW50cyB0aGF0IGFyZQ0KPiBjdXJyZW50bHkgc3VibWl0dGVkOg0KPiA+IGh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWJpcmtob2x6LXNjaXR0LWFyY2hpdGVjdHVy ZS8NCj4gIA0KPiBhbmQNCj4gIA0KPiA+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9j L2RyYWZ0LWJpcmtob2x6LXNjaXR0LXJlY2VpcHRzLw0KPiAgDQo+IFRoZXNlIHR3byBjb250cmli dXRpb25zIGFyZSBpbiAtMDAgc3RhdGUuIFlldCwgdGhleSBhbHJlYWR5IGFkZHJlc3MNCj4gZXNz ZW50aWFsIHJlcXVpcmVtZW50cywgc3VjaCBhcywgYWlyLWdhcHBlZCB2YWxpZGF0aW9uIHdoZW4g YmVpbmcNCj4gb2ZmbGluZSwgaW50ZWdyYXRpb24gb2YgcmVtb3RlIGF0dGVzdGF0aW9uLCBlZmZp Y2llbnQgYW5kIGNyeXB0by1hZ2lsZQ0KPiBzaWduaW5nIHByZXNjcmlwdGlvbnMgZm9yIG91dC1v Zi10aGUtYm94IGludGVyb3BlcmFiaWxpdHksIGFuZCAtIGluDQo+IGVzc2VuY2UgLSBsb25nLWxv bmctdGVybSBndWFyYW50ZWVzIGluIHN1cHBvcnQgb2YgdmFyaW91cyB0eXBlcyBvZg0KPiBzdXBw bHkgY2hhaW5zIHJlcXVpcmVtZW50cy4NCj4gIA0KPiBXZeKAmWQgYmUgaGFwcHkgdG8gcHJlc2Vu dCB0aGlzIGVtZXJnaW5nIHdvcmsgaW4gc2VjZGlzcGF0Y2ggd2l0aCB0aGUgZ29hbA0KPiBvZiBk aXNjdXNzaW5nIHdoZXRoZXIgaXQgbWlnaHQgZml0IGludG8gdGhlIElFVEYgc3BhY2UgYW5kIGhv dyB0bw0KPiBwcm9ncmVzcyBpdCB0b2dldGhlci4NCj4gIA0KPiBWaWVsZSBHcsO8w59lLA0KPiAg DQo+IEhlbmsNCj4gIA0KPiBPbiAyNi4wMi4yMiAwMjoyOSwgIklFVEYgU2VjcmV0YXJpYXQiIHdy b3RlOg0KPiA+IERlYXIgTW9oaXQgU2V0aGksDQo+ID4NCj4gPiBUaGUgc2Vzc2lvbihzKSB0aGF0 IHlvdSBoYXZlIHJlcXVlc3RlZCBoYXZlIGJlZW4gc2NoZWR1bGVkLg0KPiA+IEJlbG93IGlzIHRo ZSBzY2hlZHVsZWQgc2Vzc2lvbiBpbmZvcm1hdGlvbiBmb2xsb3dlZCBieQ0KPiA+IHRoZSBvcmln aW5hbCByZXF1ZXN0Lg0KPiA+DQo+ID4NCj4gPiBzZWNkaXNwYXRjaCBTZXNzaW9uIDEgKDI6MDAg cmVxdWVzdGVkKQ0KPiA+IFR1ZXNkYXksIDIyIE1hcmNoIDIwMjIsIEFmdGVybm9vbiBTZXNzaW9u IElJIDE0MzAtMTYzMA0KPiA+IFJvb20gTmFtZTogR3JhbmQgUGFyayBIYWxsIDMgc2l6ZTogMjUw DQo+ID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+ID4N Cj4gPg0KPiA+IGlDYWxlbmRhcjogaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9tZWV0aW5n LzExMy9zZXNzaW9ucy9zZWNkaXNwYXRjaC5pY3MgIA0KPiA+DQo+ID4gUmVxdWVzdCBJbmZvcm1h dGlvbjoNCj4gPg0KPiA+DQo+ID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+ID4gV29ya2luZyBHcm91cCBOYW1lOiBTZWN1cml0eSBE aXNwYXRjaA0KPiA+IEFyZWEgTmFtZTogU2VjdXJpdHkgQXJlYQ0KPiA+IFNlc3Npb24gUmVxdWVz dGVyOiBNb2hpdCBTZXRoaQ0KPiA+DQo+ID4NCj4gPiBOdW1iZXIgb2YgU2Vzc2lvbnM6IDENCj4g PiBMZW5ndGggb2YgU2Vzc2lvbihzKToNCj4gPiBOdW1iZXIgb2YgQXR0ZW5kZWVzOiAyMDANCj4g PiBDb25mbGljdHMgdG8gQXZvaWQ6DQo+ID4NCj4gPg0KPiA+DQo+ID4NCj4gPiBQZW9wbGUgd2hv IG11c3QgYmUgcHJlc2VudDoNCj4gPiBCZW5qYW1pbiBLYWR1aw0KPiA+IEthdGhsZWVuIE1vcmlh cnR5DQo+ID4gTW9oaXQgU2V0aGkNCj4gPiBQYXVsIFdvdXRlcnMNCj4gPiBSaWNoYXJkIEJhcm5l cw0KPiA+IFJvbWFuIERhbnlsaXcNCj4gPg0KPiA+IFJlc291cmNlcyBSZXF1ZXN0ZWQ6DQo+ID4N Cj4gPiBTcGVjaWFsIFJlcXVlc3RzOg0KPiA+IFBsZWFzZSBhdm9pZCBjb25mbGljdCB3aXRoIGFu eSBTZWN1cml0eSByZWxhdGVkIEJvRi4NCj4gPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gPg0KPiA+DQo+ID4gX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBTZWNkaXNwYXRjaCBtYWls aW5nIGxpc3QNCj4gPiBTZWNkaXNwYXRjaEBpZXRmLm9yZw0KPiA+IGh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCj4gIA0KPiBfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBTZWNkaXNwYXRjaCBtYWlsaW5nIGxp c3QNCj4gU2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zZWNkaXNwYXRjaA0KPiAgDQo= From nobody Tue Mar 22 07:15:47 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 689EB3A1388; Tue, 22 Mar 2022 07:15:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.107 X-Spam-Level: X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uIx31za7Z-gN; Tue, 22 Mar 2022 07:15:28 -0700 (PDT) Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10D763A12D3; Tue, 22 Mar 2022 07:15:28 -0700 (PDT) Received: by mail-vs1-xe33.google.com with SMTP id g21so19193464vsp.6; Tue, 22 Mar 2022 07:15:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=scZgkZn3ePZRfimdKKhX8qI857IN8s1yssxZra5Usw8=; b=PViipTk8QgHqxVUNBcO1xzov9f2FE1Xpc4uEGe1lsgc/bTCftCs9iiIjIxgiBRopMY 2pGhr9/RnLjJH8RP83/m6SNQ8DW7te8T3B9XRVUDAk4lROUqmGdX+gVnhK/ReqKFTtj/ ueJWSKPXSZg/w+79RQP96YwjOUKG3ASX+2iw32lu9EG0/cA7a6VG9baHEhGccQxDjfwb vK2OU55d4iCWmxvJdtY4FgyXqGQOOZyQVFgwRridIBU3VkjeUXW3PaS/Xa0iPRiewDcK p+lLze0E6H2IfudPgKw4jtNplNh6aNmb2mV6CEmgrOasplh2JnCXysFXxi2267UzRW6p Ovjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=scZgkZn3ePZRfimdKKhX8qI857IN8s1yssxZra5Usw8=; b=5ehF99jor4NP5o0xWQe3X4pZQh51V4JUe7Nelz4jujjVawDXnF63Yzm3J66EJTZXPN varJwL+Tz23Uv2MfDZfNxeMNL7LRiU0mau7XEVc4Hiz33INcjvBDGfCo5wJwFcSJSkMr /rlKAep3yNwzZ1oO9B82I8pm2M/oj1xyzzAgJmvmRFKZwT/cx/QdE1icvtly3irdGf0W 5hccxpUXjCGZSUGzkaS4L4ijtPliJIkSEbcMkXI0eMvsZsc36fZngSO+3frX1XSe7FbF Sg2XhATmHsBhwBwS5mUMpep2lQn51ez2CysanLIkmegbYbyR9/S5sZ9HsKqjFJharhRt 5dFw== X-Gm-Message-State: AOAM532BUtOKgfAXWRh4q1p1yumo48kmfFxbbD06w3Cn+CRvpbbe47rV anKs29/y0RKf4PA2jZANs7y5FRjY6TZI70+Mi6o= X-Google-Smtp-Source: ABdhPJwLQ5v3Swog78KbYDsXOk2WBLMox7cez/3T7nVKMKjwY9K0NUuSqv1I+HUKEIng51Rh3NoViPatWLH5XZ/NWeM= X-Received: by 2002:a05:6102:c0f:b0:324:ce94:67eb with SMTP id x15-20020a0561020c0f00b00324ce9467ebmr8235084vss.49.1647958526480; Tue, 22 Mar 2022 07:15:26 -0700 (PDT) MIME-Version: 1.0 References: <164583895227.24617.1939040203283436909@ietfa.amsl.com> <5b97a678-eba1-09c3-7e70-c71dd98db8a9@sit.fraunhofer.de> In-Reply-To: From: Ira McDonald Date: Tue, 22 Mar 2022 10:15:06 -0400 Message-ID: To: Chris Inacio , Ira McDonald Cc: "secdispatch@ietf.org" , Henk Birkholz , "scitt@ietf.org" Content-Type: multipart/alternative; boundary="00000000000093563705dacf3e13" Archived-At: Subject: Re: [Secdispatch] Request for session at IETF 113 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 14:15:34 -0000 --00000000000093563705dacf3e13 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Please note that ETSI SAI (Security of AI) has been explicitly addressing these issues of algorithm/model/data set integrity and attestation for a couple of years, has already published several excellent documents and is developing more. My co-chair in TCG Trusted Mobility Solutions (Alec Brusilovsky, InterDigital) is a co-editor and rapporteur (liaison) to TCG from ETSI SAI. https://www.etsi.org/committee/sai Interested folks can send me a note (offlist). Cheers, - Ira *Ira McDonald (Musician / Software Architect)* *Chair - SAE Trust Anchors and Authentication TF* *Co-Chair - TCG Trusted Mobility Solutions WG* *Co-Chair - TCG Metadata Access Protocol SG* *Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/hi= ghnorthinc mailto: blueroofmusic@gmail.com (permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434* On Tue, Mar 22, 2022 at 9:30 AM Chris Inacio wrote: > Henk, > > Just a quick comment before the start of the actual SECDISPATCH session: > signing an ML algorithm isn=E2=80=99t all that interesting, _maybe_ signi= ng the > model is a bit more interesting. What=E2=80=99s really interesting is th= e data > used to create the model, and that is where a lot of work in adversarial = AI > happens. But they don=E2=80=99t call it big data for nothing, and I=E2= =80=99m not sure the > logistics of transparent (big) data, or the privacy impact of that are > reasonable. > > So maybe a different example may be appropriate. > > > -- > Chris Inacio > inacio@cert.org > > -----Original Message----- > From: Henk Birkholz > Date: March 9, 2022 at 5:40:11 PM > To: secdispatch@ietf.org , scitt@ietf.org < > scitt@ietf.org> > Subject: [Secdispatch] Request for session at IETF 113 > > > Hi secdispatch, > > (hi scitt), > > > > emerging work on the topic of Supply Chain Integrity, Transparency, > > Trust has taken some shape recently. > > > > The work combines existing IETF building blocks to facilitate useful > > Internet-based support of global supply chain interoperability. > > > > Current contributions focus on the definition of Transparency Services > > based on Internet technology (using CBOR/CDDL/COSE) to achieve > > unambiguous, scaleable, and resilient integration with common devops an= d > > secops requirements. > > > > I'd like to request secdispatch agenda time for two documents that are > > currently submitted: > > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-architecture/ > > > > and > > > > > https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/ > > > > These two contributions are in -00 state. Yet, they already address > > essential requirements, such as, air-gapped validation when being > > offline, integration of remote attestation, efficient and crypto-agile > > signing prescriptions for out-of-the-box interoperability, and - in > > essence - long-long-term guarantees in support of various types of > > supply chains requirements. > > > > We=E2=80=99d be happy to present this emerging work in secdispatch with= the goal > > of discussing whether it might fit into the IETF space and how to > > progress it together. > > > > Viele Gr=C3=BC=C3=9Fe, > > > > Henk > > > > On 26.02.22 02:29, "IETF Secretariat" wrote: > > > Dear Mohit Sethi, > > > > > > The session(s) that you have requested have been scheduled. > > > Below is the scheduled session information followed by > > > the original request. > > > > > > > > > secdispatch Session 1 (2:00 requested) > > > Tuesday, 22 March 2022, Afternoon Session II 1430-1630 > > > Room Name: Grand Park Hall 3 size: 250 > > > --------------------------------------------- > > > > > > > > > iCalendar: > https://datatracker.ietf.org/meeting/113/sessions/secdispatch.ics > > > > > > Request Information: > > > > > > > > > --------------------------------------------------------- > > > Working Group Name: Security Dispatch > > > Area Name: Security Area > > > Session Requester: Mohit Sethi > > > > > > > > > Number of Sessions: 1 > > > Length of Session(s): > > > Number of Attendees: 200 > > > Conflicts to Avoid: > > > > > > > > > > > > > > > People who must be present: > > > Benjamin Kaduk > > > Kathleen Moriarty > > > Mohit Sethi > > > Paul Wouters > > > Richard Barnes > > > Roman Danyliw > > > > > > Resources Requested: > > > > > > Special Requests: > > > Please avoid conflict with any Security related BoF. > > > --------------------------------------------------------- > > > > > > > > > _______________________________________________ > > > Secdispatch mailing list > > > Secdispatch@ietf.org > > > https://www.ietf.org/mailman/listinfo/secdispatch > > > > _______________________________________________ > > Secdispatch mailing list > > Secdispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/secdispatch > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --00000000000093563705dacf3e13 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Please note that ETSI SA= I (Security of AI) has been explicitly addressing these
issues of= algorithm/model/data set integrity and attestation for a couple of years,<= /div>
has already published several excellent documents and is developi= ng more.=C2=A0

My co-chair in TCG Trusted Mob= ility Solutions (Alec Brusilovsky, InterDigital) is a
co-edi= tor and rapporteur (liaison) to TCG from ETSI SAI.

=

Interested folks can send me a not= e (offlist).

Cheers,
- Ira
=
Ira McDonald (Musician / Software Architect)
Chair - SAE Trust Anchors and Authentication TF
Co-Chair - TCG Trusted = Mobility Solutions WG
Co-Chair - T= CG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-= ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Pr= otocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Mu= sic / High North Inc
http://sites.google.co= m/site/blueroofmusic
http://sites.google= .com/site/highnorthinc
mailto: blueroofmusic@gmail.com
(permanent) PO Box 2= 21=C2=A0 Grand Marais, MI 49839=C2=A0 906-494-2434


On Tue, Mar 22, 2022 at 9:30 AM Chris In= acio <inacio@cert.org> wrote:<= br>
Henk,

Just a quick comment before the start of the actual SECDISPATCH session: si= gning an ML algorithm isn=E2=80=99t all that interesting, _maybe_ signing t= he model is a bit more interesting.=C2=A0 What=E2=80=99s really interesting= is the data used to create the model, and that is where a lot of work in a= dversarial AI happens.=C2=A0 But they don=E2=80=99t call it big data for no= thing, and I=E2=80=99m not sure the logistics of transparent (big) data, or= the privacy impact of that are reasonable.

So maybe a different example may be appropriate.


--
Chris Inacio
inacio@cert.org
-----Original Message-----
From:=C2=A0Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Date:=C2=A0March 9, 2022 at 5:40:11 PM
To:=C2=A0secdispa= tch@ietf.org <secdispatch@ietf.org>, scitt@ietf.org <scitt@ietf.org>
Subject:=C2=A0 [Secdispatch] Request for session at IETF 113

> Hi secdispatch,
> (hi scitt),
>=C2=A0
> emerging work on the topic of Supply Chain Integrity, Transparency, > Trust has taken some shape recently.
>=C2=A0
> The work combines existing IETF building blocks to facilitate useful > Internet-based support of global supply chain interoperability.
>=C2=A0
> Current contributions focus on the definition of Transparency Services=
> based on Internet technology (using CBOR/CDDL/COSE) to achieve
> unambiguous, scaleable, and resilient integration with common devops a= nd
> secops requirements.
>=C2=A0
> I'd like to request secdispatch agenda time for two documents that= are
> currently submitted:
> > https://datatracker.iet= f.org/doc/draft-birkholz-scitt-architecture/
>=C2=A0
> and
>=C2=A0
> > https://datatracker.ietf.or= g/doc/draft-birkholz-scitt-receipts/
>=C2=A0
> These two contributions are in -00 state. Yet, they already address > essential requirements, such as, air-gapped validation when being
> offline, integration of remote attestation, efficient and crypto-agile=
> signing prescriptions for out-of-the-box interoperability, and - in > essence - long-long-term guarantees in support of various types of
> supply chains requirements.
>=C2=A0
> We=E2=80=99d be happy to present this emerging work in secdispatch wit= h the goal
> of discussing whether it might fit into the IETF space and how to
> progress it together.
>=C2=A0
> Viele Gr=C3=BC=C3=9Fe,
>=C2=A0
> Henk
>=C2=A0
> On 26.02.22 02:29, "IETF Secretariat" wrote:
> > Dear Mohit Sethi,
> >
> > The session(s) that you have requested have been scheduled.
> > Below is the scheduled session information followed by
> > the original request.
> >
> >
> > secdispatch Session 1 (2:00 requested)
> > Tuesday, 22 March 2022, Afternoon Session II 1430-1630
> > Room Name: Grand Park Hall 3 size: 250
> > ---------------------------------------------
> >
> >
> > iCalendar: https://datatr= acker.ietf.org/meeting/113/sessions/secdispatch.ics=C2=A0
> >
> > Request Information:
> >
> >
> > ---------------------------------------------------------
> > Working Group Name: Security Dispatch
> > Area Name: Security Area
> > Session Requester: Mohit Sethi
> >
> >
> > Number of Sessions: 1
> > Length of Session(s):
> > Number of Attendees: 200
> > Conflicts to Avoid:
> >
> >
> >
> >
> > People who must be present:
> > Benjamin Kaduk
> > Kathleen Moriarty
> > Mohit Sethi
> > Paul Wouters
> > Richard Barnes
> > Roman Danyliw
> >
> > Resources Requested:
> >
> > Special Requests:
> > Please avoid conflict with any Security related BoF.
> > ---------------------------------------------------------
> >
> >
> > _______________________________________________
> > Secdispatch mailing list
> > Secdisp= atch@ietf.org
> > https://www.ietf.org/mailman/listinfo/sec= dispatch
>=C2=A0
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispa= tch
>=C2=A0
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--00000000000093563705dacf3e13-- From nobody Tue Mar 22 12:09:15 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD4913A03FC for ; Tue, 22 Mar 2022 12:09:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.313 X-Spam-Level: X-Spam-Status: No, score=-1.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waZNVevlq3K7 for ; Tue, 22 Mar 2022 12:09:09 -0700 (PDT) Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B91F3A02D0 for ; Tue, 22 Mar 2022 12:09:09 -0700 (PDT) Received: by mail-yb1-f182.google.com with SMTP id z8so35424921ybh.7 for ; Tue, 22 Mar 2022 12:09:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=CdGyRZMTs10B6kfxEazyZP34NfgWURQDawD2gOBHT64=; b=6pdQ/NlwifTTnSMXvx/ku/jl1VRpuMw+5wit3Koo2ns9bH39he+MhHBn8izEUXRNiK i4R6pfv2u5mTvgXyb7hwM6tof1dbGIxL+mkoV2ZmeQ5Xf2YwFNKLUgjCFT+aU3fG4Wke YLz+Mzxzmsj6y6M1pBY4upIDaIS1qHjz+JaApOVl8TfnusMjP5htqLHbffb9TXkGRrjQ Y59pMu8HJBU7/oaso9VxJJRp8AVF6vsKwor2kDaSrUy5+g7kV06Trk9ELI8wxpYoTkuM sImgEHNj5J/1ag/D19EgXdQJ+hSnnqX8ewAhPu0SOGN2wqCOuS4z/vYmpnfw/+b/BxY4 wWyw== X-Gm-Message-State: AOAM531n8kmy0WjVrnvVvh6w34o1Vm+WHtU1h/KvFYipyywCXu2DYP5i ovtx5UBtFGS5m/mtfvgEX/Fd93100cASjlywkQnrlvBrZ7Zn/A== X-Google-Smtp-Source: ABdhPJzgZHH/o0k/7KGRa8dQhbICEQVDMxE2IWEXfih2saXTr5Of2YxqaNklOUgi2J5oSu0RjdMp6cHbONDli1BKg8U= X-Received: by 2002:a05:6902:13c1:b0:61d:969c:109c with SMTP id y1-20020a05690213c100b0061d969c109cmr27736729ybu.133.1647976146747; Tue, 22 Mar 2022 12:09:06 -0700 (PDT) MIME-Version: 1.0 From: Phillip Hallam-Baker Date: Tue, 22 Mar 2022 15:08:55 -0400 Message-ID: To: IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000d3478505dad358c0" Archived-At: Subject: [Secdispatch] Relevant to software lifecycle assurance X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 19:09:12 -0000 --000000000000d3478505dad358c0 Content-Type: text/plain; charset="UTF-8" Let me be clear, a reputation attack is still a serious attack even if those who are knowledgeable understand it to be false. I have not had time to look into whether the latest purported attack is real or not. But given that the hacker group in question specializes in insider threat (bribing employees) and it appears likely they are a nation state actor, I won't rule out of hand. So allegedly Microsoft code signing keys were breached: Soufiane Tahiri on Twitter: "Just successfully signed an assembly using one of the #Microsoft's certificates from the #Lapsus leak. https://t.co/EWtbpGhE6v" / Twitter Maybe what we need here is not a BOF after all. Maybe what we need is for the IAB to arrange a workshop on the topic possibly jointly with other relevant groups and for that to trigger work on multiple fronts. Supply chain is a chain. And there is a need for improvement at multiple points along that chain. But in many cases, the tools required are self contained. Fixing git to provide improved traceability in the code-development and provenance area is needed, so are better code-signing approaches. But those are two independent tools. On the topic of code signing, there are again two separable concerns. The first is the nature of the assurance provided. In the 1990s, we were fully aware of Haber Stornetta hash chains and Merkle Trees and that they were the right approach. Their use was also encumbered by an IPR holder that was too greedy. As a result AuthenticCode and others of its generation sign the ZIP file containing the distribution package. Today we should be signing a manifest of the actual code so that malware scanners can continuously verify the integrity of the executables after installation. A second change that is needed is to make use of threshold signatures to perform the signatures for public consumption. Here, the work in CFRG on FROST is required reading. Production environments should provide audit and accountability. If Alice, Bob and Carol are each authorized to sign a production release, it should be possible for the software provider to determine which of them signed a particular release even if this is not visible to the end users. I do have fully specified, running code that is relevant to these concerns. --000000000000d3478505dad358c0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Let me be clear, a reputation attack is still a serious attac= k even if those who are knowledgeable understand it to be false. I have not= had time to look into whether the latest purported attack is real or not. = But given that the hacker group in question specializes in insider threat (= bribing employees) and it appears likely they are a nation state actor, I w= on't rule out of hand.

So allegedly Microsoft code signing=C2=A0keys were breached:

Soufiane Tahiri on Twitter: "Just succe= ssfully signed an assembly using one of the #Microsoft's certificates f= rom the #Lapsus leak. https://t.co/EWtbpGhE6v" / Twitter
=


Maybe what we need here is not a BOF aft= er all. Maybe what we need is for the IAB to arrange a workshop on the topi= c possibly jointly with other relevant groups and for that to trigger work = on multiple fronts.

Suppl= y chain is a chain. And there is a need for improvement at multiple points = along that chain. But in many cases, the tools required are self contained.= Fixing=C2=A0git to provide improved traceability in the code-development a= nd provenance area is needed, so are better code-signing approaches. But th= ose are two independent tools.


On t= he topic of code signing, there are again two separable concerns. The first= is the nature of the assurance provided. In the 1990s, we were fully aware= of Haber Stornetta hash chains and Merkle Trees and that they were the rig= ht approach. Their use was also encumbered by an IPR holder that was too gr= eedy. As a result AuthenticCode and others of its generation sign the ZIP f= ile containing the distribution package. Today we should be signing a manif= est of the actual code so that malware scanners can continuously verify the= integrity of the executables after installation.

A second change=C2=A0that is needed is to make use= of threshold signatures to perform the signatures for public consumption. = Here, the work in CFRG on FROST is required reading.

Production environments should provide audit an= d accountability. If Alice, Bob and Carol are each authorized to sign a pro= duction release, it should be possible for the=C2=A0software provider to de= termine which of them signed a particular release even if this is not visib= le to the end users.


=
I do have full= y specified, running code that is relevant to these concerns.




--000000000000d3478505dad358c0-- From nobody Tue Mar 22 13:53:11 2022 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38D823A0EAD for ; Tue, 22 Mar 2022 13:53:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.106 X-Spam-Level: X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAPgy5oSAegV for ; Tue, 22 Mar 2022 13:53:04 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58D943A012A for ; Tue, 22 Mar 2022 13:53:04 -0700 (PDT) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.1.2/8.16.1.2) with ESMTP id 22MI1GwZ003458; Tue, 22 Mar 2022 20:53:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=kRyJ6V667gmNMFsbLzmCanymWwCBBf0/6hUyYUO/7aY=; b=IRbrYzRWxIXx/zaLIFjbOpZ2RHnxbuK+/k5L8rgFRFlw2F5hKfXA5dgNI+TvnmFoyu5/ X/CktqL5uRjqNzewcCFkw5uSyI3DYBtb1/bC9AHAOJaQJzf7nAjJb4kDUI9mJxT3yPuI HHNjgjqxWqaOOvHfxVVietOAGkAlN1MaS29FcXu3tnjoxvd+9qIbEb9eZD2r36IDLxvx f/3mO2sc6v+3nj/hJdyRHrfMldLubkDIdO3AOq/QQJXx/fKVkNV3LPYH6i+b8aSVQoHJ M7K0KF/KgAXLLGxEOl+TZtp00rYGDhESA/nUBgJLHbR8lJQdNfGAO2M5xOMDLuqcjaI5 dA== Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3ew54k71wb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Mar 2022 20:53:01 +0000 Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 22MKo571018153; Tue, 22 Mar 2022 16:53:00 -0400 Received: from email.msg.corp.akamai.com ([172.27.91.27]) by prod-mail-ppoint6.akamai.com with ESMTP id 3ewagydcfx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Mar 2022 16:53:00 -0400 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag4mb3.msg.corp.akamai.com (172.27.91.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.986.5; Tue, 22 Mar 2022 16:53:00 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Tue, 22 Mar 2022 16:52:59 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.033; Tue, 22 Mar 2022 16:52:59 -0400 From: "Salz, Rich" To: Phillip Hallam-Baker , IETF SecDispatch Thread-Topic: [Secdispatch] Relevant to software lifecycle assurance Thread-Index: AQHYPiBWswV+PmIjhUK1tirUm0wRo6zL4V4A Date: Tue, 22 Mar 2022 20:52:58 +0000 Message-ID: <872CB5A0-7B30-4C58-8077-298C1B74421D@akamai.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.59.22031300 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.118.139] Content-Type: multipart/alternative; boundary="_000_872CB5A07B304C588077298C1B74421Dakamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-22_07:2022-03-22, 2022-03-22 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 bulkscore=0 spamscore=0 mlxlogscore=999 adultscore=0 mlxscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203220106 X-Proofpoint-GUID: LIUiVl78Hj4iHm-fkNKqcpVfTpoj1vhB X-Proofpoint-ORIG-GUID: LIUiVl78Hj4iHm-fkNKqcpVfTpoj1vhB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-22_07,2022-03-22_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 mlxscore=0 clxscore=1011 mlxlogscore=999 adultscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203220106 Archived-At: Subject: Re: [Secdispatch] Relevant to software lifecycle assurance X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2022 20:53:09 -0000 --_000_872CB5A07B304C588077298C1B74421Dakamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 ICAqICAgTWF5YmUgd2hhdCB3ZSBuZWVkIGhlcmUgaXMgbm90IGEgQk9GIGFmdGVyIGFsbC4gTWF5 YmUgd2hhdCB3ZSBuZWVkIGlzIGZvciB0aGUgSUFCIHRvIGFycmFuZ2UgYSB3b3Jrc2hvcCBvbiB0 aGUgdG9waWMgcG9zc2libHkgam9pbnRseSB3aXRoIG90aGVyIHJlbGV2YW50IGdyb3VwcyBhbmQg Zm9yIHRoYXQgdG8gdHJpZ2dlciB3b3JrIG9uIG11bHRpcGxlIGZyb250cy4NCg0KVGhhdCBpcyBh IFZFUlkgd29ydGh3aGlsZSBpZGVhLiBTb21lIHBvaW50ZXJzIChzb3JyeSwgQWthbWFpIFBS4oCZ cyBbcHJlc3MgcmVsZWFzZV0gd2hlcmUgYWxsIEkgaGFkIG9uIGhhbmQpOg0KDQpVUyBHb3Zlcm5t ZW50IHJlY2VudGx5IGhhZCBhIG1lZXRpbmcgdG8gdGFsayBhYm91dCBvcGVuIHNvdXJjZSBzZWN1 cml0eSwgYW5kIFNCT00gY2FtZSB1cCBhIGxvdDoNCiAgICBodHRwczovL3d3dy5pci5ha2FtYWku Y29tL25ld3MtcmVsZWFzZXMvbmV3cy1yZWxlYXNlLWRldGFpbHMvYWthbWFpLWNvbW1lbnRzLW5h dGlvbmFsLXNlY3VyaXR5LWNvdW5jaWwtYW5kLXdoaXRlLWhvdXNlLW9wZW4NCg0KQWxzbyB0aGUg ZmluYW5jaWFsIGluZHVzdHJ5IGNyZWF0ZWQgYSBncm91cDoNCiAgICBodHRwczovL3d3dy5pci5h a2FtYWkuY29tL25ld3MtcmVsZWFzZXMvbmV3cy1yZWxlYXNlLWRldGFpbHMvZnMtaXNhYy1sYXVu Y2hlcy1wcm9ncmFtLWJvbHN0ZXItZmluYW5jaWFsLXNlY3RvcnMtc3VwcGx5LWNoYWluDQoNCk9u ZSBJIHdhcyBhdCBpcyB0aGUgcmVndWxhciBDRVJUIFZlbmRvciBNZWV0aW5nLiAgQ2hhdGhhbSBI b3VzZSBydWxlcywgbm8gZWFzeSBsaW5rIG9yIHF1b3Rlcy4NCg0KTWF5YmUgdGhlIGF1dGhvcnMg Y291bGQgc3RhcnQgdGhpbmtpbmcgYWJvdXQgdGhhdD8NCg0KDQo= --_000_872CB5A07B304C588077298C1B74421Dakamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <32E48B5B27E15743B503534767A288BA@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29MaXN0UGFy YWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdyYXBoLCBkaXYuTXNvTGlzdFBhcmFncmFwaA0KCXttc28t c3R5bGUtcHJpb3JpdHk6MzQ7DQoJbWFyZ2luLXRvcDowaW47DQoJbWFyZ2luLXJpZ2h0OjBpbjsN CgltYXJnaW4tYm90dG9tOjBpbjsNCgltYXJnaW4tbGVmdDouNWluOw0KCWZvbnQtc2l6ZToxMS4w cHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxl MTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXtt c28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdv cmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4w aW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBM aXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDoxNjM3Njg0MTE2Ow0K CW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMTExNDczMTMw OCAtMTA1NDgzMTU3NCA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5 MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMDpsZXZlbDENCgl7bXNvLWxl dmVsLXN0YXJ0LWF0OjA7DQoJbXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+DmDsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5Oldp bmdkaW5nczsNCgltc28tZmFyZWFzdC1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjsNCglt c28tYmlkaS1mb250LWZhbWlseTpDYWxpYnJpO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2 ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K QGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZl bDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87 DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N CkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 V2luZ2RpbmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGluO30NCnVsDQoJe21hcmdpbi1ib3R0 b206MGluO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0i Ymx1ZSIgdmxpbms9InB1cnBsZSIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYg Y2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8dWwgc3R5bGU9Im1h cmdpbi10b3A6MGluIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjBpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMi4wcHQiPk1heWJlIHdoYXQgd2UgbmVlZCBoZXJlIGlzIG5vdCBhIEJP RiBhZnRlciBhbGwuIE1heWJlIHdoYXQgd2UgbmVlZCBpcyBmb3IgdGhlIElBQiB0byBhcnJhbmdl IGEgd29ya3Nob3Agb24gdGhlIHRvcGljIHBvc3NpYmx5IGpvaW50bHkgd2l0aCBvdGhlciByZWxl dmFudA0KIGdyb3VwcyBhbmQgZm9yIHRoYXQgdG8gdHJpZ2dlciB3b3JrIG9uIG11bHRpcGxlIGZy b250cy48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdCI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhhdCBpcyBhIFZFUlkgd29y dGh3aGlsZSBpZGVhLiBTb21lIHBvaW50ZXJzIChzb3JyeSwgQWthbWFpIFBS4oCZcyBbcHJlc3Mg cmVsZWFzZV0gd2hlcmUgYWxsIEkgaGFkIG9uIGhhbmQpOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5VUyBHb3Zlcm5tZW50IHJlY2VudGx5IGhhZCBhIG1lZXRpbmcgdG8gdGFsayBhYm91dCBvcGVu IHNvdXJjZSBzZWN1cml0eSwgYW5kIFNCT00gY2FtZSB1cCBhIGxvdDo8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyA8YSBocmVmPSJodHRwczov L3d3dy5pci5ha2FtYWkuY29tL25ld3MtcmVsZWFzZXMvbmV3cy1yZWxlYXNlLWRldGFpbHMvYWth bWFpLWNvbW1lbnRzLW5hdGlvbmFsLXNlY3VyaXR5LWNvdW5jaWwtYW5kLXdoaXRlLWhvdXNlLW9w ZW4iPg0KaHR0cHM6Ly93d3cuaXIuYWthbWFpLmNvbS9uZXdzLXJlbGVhc2VzL25ld3MtcmVsZWFz ZS1kZXRhaWxzL2FrYW1haS1jb21tZW50cy1uYXRpb25hbC1zZWN1cml0eS1jb3VuY2lsLWFuZC13 aGl0ZS1ob3VzZS1vcGVuPC9hPg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFsc28gdGhlIGZp bmFuY2lhbCBpbmR1c3RyeSBjcmVhdGVkIGEgZ3JvdXA6PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsgPGEgaHJlZj0iaHR0cHM6Ly93d3cuaXIu YWthbWFpLmNvbS9uZXdzLXJlbGVhc2VzL25ld3MtcmVsZWFzZS1kZXRhaWxzL2ZzLWlzYWMtbGF1 bmNoZXMtcHJvZ3JhbS1ib2xzdGVyLWZpbmFuY2lhbC1zZWN0b3JzLXN1cHBseS1jaGFpbiI+DQpo dHRwczovL3d3dy5pci5ha2FtYWkuY29tL25ld3MtcmVsZWFzZXMvbmV3cy1yZWxlYXNlLWRldGFp bHMvZnMtaXNhYy1sYXVuY2hlcy1wcm9ncmFtLWJvbHN0ZXItZmluYW5jaWFsLXNlY3RvcnMtc3Vw cGx5LWNoYWluPC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbmUgSSB3YXMgYXQgaXMgdGhl IHJlZ3VsYXIgQ0VSVCBWZW5kb3IgTWVldGluZy4mbmJzcDsgQ2hhdGhhbSBIb3VzZSBydWxlcywg bm8gZWFzeSBsaW5rIG9yIHF1b3Rlcy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+TWF5YmUgdGhl IGF1dGhvcnMgY291bGQgc3RhcnQgdGhpbmtpbmcgYWJvdXQgdGhhdD88bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_872CB5A07B304C588077298C1B74421Dakamaicom_--