From achi@bbn.com Wed Feb 1 14:53:46 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB0021F8871 for ; Wed, 1 Feb 2012 14:53:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, WEIRD_PORT=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIBfW2fM6Bay for ; Wed, 1 Feb 2012 14:53:46 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 16D6021F886A for ; Wed, 1 Feb 2012 14:53:46 -0800 (PST) Received: from dhcp89-089-139.bbn.com ([128.89.89.139]:62458 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Rsj3e-000Fw5-2W for sidr@ietf.org; Wed, 01 Feb 2012 17:53:42 -0500 Message-ID: <4F29C270.9090304@bbn.com> Date: Wed, 01 Feb 2012 17:53:36 -0500 From: Andrew Chi User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: sidr wg Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: [sidr] BBN rtr-server test endpoint X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 22:53:46 -0000 Quick announcement to any RTR client implementers: we just put up a public instance of BBN's RTR server, running synthetic data. rtr-test.bbn.com:12712 (vanilla TCP) Every 5 minutes it replaces its cache with a pseudo-random set of 10,000 valid (asn, prefix, prefix_length, max_length) tuples. Obviously not realistic, but it exercises nominal functionality. Email me and Dave Mandelberg if you get a chance to try it or find anything funny. -Andrew From achi@bbn.com Wed Feb 1 20:08:04 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E286811E8087 for ; Wed, 1 Feb 2012 20:08:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uhcbKLFB1kBl for ; Wed, 1 Feb 2012 20:08:04 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 5421111E807F for ; Wed, 1 Feb 2012 20:08:04 -0800 (PST) Received: from [128.89.254.49] (port=50032 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Rsnxr-000CFk-D7; Wed, 01 Feb 2012 23:08:03 -0500 Message-ID: <4F2A0C1E.5060900@bbn.com> Date: Wed, 01 Feb 2012 23:07:58 -0500 From: Andrew Chi User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Andrew Chi References: <4F29C270.9090304@bbn.com> In-Reply-To: <4F29C270.9090304@bbn.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: sidr wg Subject: Re: [sidr] BBN rtr-server test endpoint X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 04:08:05 -0000 On 2/1/2012 5:53 PM, Andrew Chi wrote: > Quick announcement to any RTR client implementers: we just put up a > public instance of BBN's RTR server Terminology correction: BBN's rpki-rtr cache server. (thanks Randy) From kent@bbn.com Thu Feb 2 07:16:06 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E5B21F85A2 for ; Thu, 2 Feb 2012 07:16:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.516 X-Spam-Level: X-Spam-Status: No, score=-106.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2C6EFsWMJtN for ; Thu, 2 Feb 2012 07:16:06 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 426BE21F8598 for ; Thu, 2 Feb 2012 07:16:06 -0800 (PST) Received: from dhcp89-089-190.bbn.com ([128.89.89.190]:49204) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RsyOK-000FVM-Pq; Thu, 02 Feb 2012 10:16:04 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> Date: Thu, 2 Feb 2012 10:15:59 -0500 To: Brian Dickson From: Stephen Kent Content-Type: text/plain; charset="us-ascii" ; format="flowed" Cc: "sidr@ietf.org list" Subject: Re: [sidr] Key learning procedures in BGPsec? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 15:16:07 -0000 Brian, I see that Richard already commented on part of your DH message, but to close the loop: - DH uses public keys. no need for quotes here, as they are completely analogous to public keys for other asymmetric algorithms. - what you described is ephemeral DH. it is one version of DH, and not the one originally envisioned by Whit and Marty when the invented this alg. (Their initial proposal called for long-lived DH keys, because they wanted to bind the public keys to people, for authentication.) - static DH keys are used in certs. one way to use TLS with DH is based on cert-based DH keys. SMIME supports static-static and static-ephemeral DH modes (RFC 2631), but there is no pure ephemeral mode for SMIME, for obvious reasons. so, in a number of IETF contexts, DH is not used in a purely ephemeral fashion. - not all PKIs use long-lived certs, c.f., RFC 3280 (proxy certs). I am familiar with at least one large PKI-based system where a cert is distributed to each user with a one-time-use limitation, as part of a secure provisioning scheme. so, even when a key is in a cert, that does not imply that it has a long lifetime. - in some PKI contexts, very few certs are published, e.g., the typical TLS context. Here the TAs (which need not be certs) are published via browser distribution, but server certs (and client certs, when employed) are pushed inline. The same can be true for SMIME certs used to verify sigs, i.e., they can be passed inline vs. published. so, I was not able to follow the proposal you outlined in your long message about using hash values and nonces distributed via DNSSEC. However, I would agree with Ross's comment, i.e. any secret value used in the computation of a hash chain is the moral equivalent of a private/secret key. Thus compromise of that per-router secret also will have adverse consequences. I also will note that non-repudiation is not the required security service in this context. One needs broadcast authentication, a service offered by digital signatures. The authentication is "broadcast" in that an AS does not know all of the other ASes that will have to verify a sig (of whatever form) on an update. Steve From brian.peter.dickson@gmail.com Thu Feb 2 10:42:59 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45BBA21F854E for ; Thu, 2 Feb 2012 10:42:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2POFOdJCOGw for ; Thu, 2 Feb 2012 10:42:58 -0800 (PST) Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF9F21F8514 for ; Thu, 2 Feb 2012 10:42:58 -0800 (PST) Received: by wgbdt10 with SMTP id dt10so2219510wgb.13 for ; Thu, 02 Feb 2012 10:42:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5SFtXS4vbo3YzXzJypkyLupSV2cAU5IOysRy1nf6w40=; b=lIR3+IBMYlIDHc2n5I3FZbxVMuWfOPe16wxKZMXfjpD2I1fOhx0xQ/rHDB45q6Wv25 eNinUtJAWbFdo7CBIIJbGOa1DFNpHH8MsDLMcPEPbitlSDTnYjppyLZRJTbUnfnbKo0E t02s8YodaiFO4kdrjXFE1LkE3QidhmjHtzWRI= MIME-Version: 1.0 Received: by 10.180.92.71 with SMTP id ck7mr8373787wib.3.1328208177432; Thu, 02 Feb 2012 10:42:57 -0800 (PST) Received: by 10.223.3.15 with HTTP; Thu, 2 Feb 2012 10:42:57 -0800 (PST) In-Reply-To: References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> Date: Thu, 2 Feb 2012 13:42:57 -0500 Message-ID: From: Brian Dickson To: Stephen Kent Content-Type: text/plain; charset=ISO-8859-1 Cc: "sidr@ietf.org list" Subject: Re: [sidr] Key learning procedures in BGPsec? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 18:42:59 -0000 On Thu, Feb 2, 2012 at 10:15 AM, Stephen Kent wrote: > I was not able to follow the proposal you outlined in your long message > about using hash values and nonces distributed via DNSSEC. Okay, I'll make it short and sweet. All the information used for validating AS paths is stored in DNS with DNSSEC protection. The _only_ information is an _encoding_ of which AS neighbors A has, under a zone controlled by A exclusively. (This would be some kind of encoding of A->B, A->F, A->J, A-W. Who does A send routes to, in other words.) The basic model is out-of-band for validation, on the in-band data (AS_PATH). What is published is per-AS feasible-neighbor-AS information. It does not stop literal forging of AS paths or their signatures. It does, however, limit possible forgeries to actual feasible AS paths, and further limits discoverable path "hops" to those visible and in use. Combined with the origin validation, you get everything you need. (Contrast this with the risk of exposed on-router private keys, where literally _any_ AS-path could be forged via the AS of that router, off-axis.) > However, I would > agree with Ross's comment, i.e. any secret value used in the computation of > a hash chain is the moral equivalent of a private/secret key. Thus > compromise of that per-router secret also will have adverse consequences. I > also will note that non-repudiation is not the required security service in > this context. One needs broadcast authentication, a service offered by > digital signatures. The authentication is "broadcast" in that an AS does not > know all of the other ASes that will have to verify a sig (of whatever form) > on an update. The use of SHA and nonces is to minimize crypto weaknesses (encrypting the same content repeatedly with different keys), and to make significantly less trivial discovery of potential forward paths. SHA over nonce makes guessing futile. Publication of data is necessarily exposed for verification, but only actually used and visible paths can be enumerated this way. Nonce-changing further reduces the window of use or re-use of a given signature. It is not strictly necessary, IMHO, but is available. Exposure of a nonce does not create a security issue as such. At most it affords the ability for adversaries to learn of potential leak vectors. Suitable leak-prevention techniques make this a moot point. Nonce-rolling is a scalable counter-measure. Pre-hashed and pre-signed zone data could be staged for rapid roll of nonces. The DNSSEC zone(s) could easily include two nonces worth of data with no exposure or risk, in fact. The nonce, while used for generating keys for look-up into DNS, does not directly make possible modification to DNS data itself. NB: the nonce is not used for the DNSSEC keying at all. DNSSEC is the broadcast mechanism, and is not constrained by the limitation of "best path only" that in-band signatures suffers from. Now, for a worked example: Consider prefix A.B.C.D/E. Origin validation restricts it to being announcement by N. N has a DNSSEC zone with N->L and N->J (encoded with nonce and hashes). L has a DNSSEC zone with L->W and L->X. J has a DNSSEC zone with J->Y and J->L. X has a DNSSEC zone with X->Z and X->M. Consider AS "Z", peering with X. X is able to announce A.B.C.D/E with AS_PATH of "X L N" or "X L J N" only. Anything else will fail validation. Z will _only_ accept prefixes whose AS_PATH values match published AS-hops (per AS), and whose AS_PATH terminates/starts with matching values of the neighbor_as and origin_as. Contrast this to in-band signatures being used. If the key to a router in L were compromised, then literally any forged AS_PATH could be created. The only restrictions would be that the AS-path would need to be "X .* L N". When combined with leak counter-measures, OOB signatures are as strong as in-band signatures. OOB can consist of both signatures, and signalling. In-band signalling is implicit only, as "beaconing" demonstrates. (OOB signalling, for example, could be "notify" messages with TSIG or SIG protection.) Out-of-band signalling is not possible for in-band methods (without significant cost and possibly new protocol elements). OOB signalling makes possible rapid invalidation of removed neighbor relationships, and removes the need for beaconing. OOB permits pushing invalidation directly to every ASN and every router. Invalidation is crypto-protected (DNSSEC). OOB is not delayed by hop-by-hop validation and signing or other BGP mechanisms. The window for replay is much closer to zero, and achieves this at a reduced, rather than increased, operational performance impact. Of course, this is all _currently_ aimed at demonstrating that an alternative is possible, not to the evaluation of this specific instance of an alternative. It is meant to place the issue of key management risk on the table, as it were. Brian From kent@bbn.com Thu Feb 2 11:01:07 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1309F21F861A for ; Thu, 2 Feb 2012 11:01:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.528 X-Spam-Level: X-Spam-Status: No, score=-106.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utfuqZxdgY7J for ; Thu, 2 Feb 2012 11:01:06 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 8B0A721F8585 for ; Thu, 2 Feb 2012 11:01:06 -0800 (PST) Received: from dhcp89-089-190.bbn.com ([128.89.89.190]:49223) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Rt1u5-000HoK-SG; Thu, 02 Feb 2012 14:01:05 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> Date: Thu, 2 Feb 2012 13:49:42 -0500 To: Brian Dickson From: Stephen Kent Content-Type: text/plain; charset="us-ascii" ; format="flowed" Cc: "sidr@ietf.org list" Subject: Re: [sidr] Key learning procedures in BGPsec? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 19:01:07 -0000 Brian, Thanks, this helps a lot. The fact that the goal of the design you offered is path feasibility, vs. path traversed validation, was a critical missing element. >Combined with the origin validation, you get everything you need. not as per the WG charter and the requirements doc, which state that path feasibility approaches are not adequate. >(Contrast this with the risk of exposed on-router private keys, where >literally _any_ AS-path could be forged via the AS of that router, >off-axis.) Not quite true, as I explained in my analysis of your attack example. Steve From Sandra.Murphy@sparta.com Thu Feb 2 12:11:37 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5BD721F867F for ; Thu, 2 Feb 2012 12:11:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.45 X-Spam-Level: X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuxM7YqvlKtm for ; Thu, 2 Feb 2012 12:11:37 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 20E5C21F867E for ; Thu, 2 Feb 2012 12:11:37 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q12KBQ9P001001; Thu, 2 Feb 2012 14:11:27 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q12KBQOG029781; Thu, 2 Feb 2012 14:11:26 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Thu, 2 Feb 2012 15:11:26 -0500 From: "Murphy, Sandra" To: Brian Dickson , Stephen Kent Thread-Topic: [sidr] Key learning procedures in BGPsec? Thread-Index: AQHM4dp7uc3Eip6I+kepCBOaAHZARZYp+ctI Date: Thu, 2 Feb 2012 20:11:25 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6084028@Hermes.columbia.ads.sparta.com> References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.137] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "sidr@ietf.org list" Subject: Re: [sidr] Key learning procedures in BGPsec? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 20:11:37 -0000 As regular ol' member: On Thursday, February 02, 2012, Brian Dickson said: Comments on two of your statements. >The _only_ information is an _encoding_ of which AS neighbors A has, >under a zone controlled by A exclusively. ... >What is published is per-AS feasible-neighbor-AS information. > >It does not stop literal forging of AS paths or their signatures. This model of security is not what the wg charter calls for. And it would = not meet the requirements in the requirements document. I personally would expect objections to a security solution that claimed it= would not stop forging of AS_PATHs. =20 >(Contrast this with the risk of exposed on-router private keys, where >literally _any_ AS-path could be forged via the AS of that router, >off-axis.) I believe you are wrong here. The holder of the private key for an AS can not produce the signatures for = the ASs that precede it in the AS_PATH, nor the signatures for the ASs that= follow it in the AS_PATH. By example: consider an AS_PATH A-B-C-D-E The holder of the private key for C cannot produce the signature attributes= produced by A, B, D, or E. It can produce an update and a new signature for A-B-C, but *only* if it ha= s a valid bgpsec update that A sent to B and B sent to C. It can not produce the signatures that D and = E would add. (Each bgpsec signature protects all previous signatures.) It is not true that "literally _any_ AS-path could be forged via the AS of = that router, off-axis" --Sandy, speaking as regular ol' member= From brian.peter.dickson@gmail.com Thu Feb 2 12:37:37 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCFB821F8570 for ; Thu, 2 Feb 2012 12:37:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fn7Qx+yQkqt1 for ; Thu, 2 Feb 2012 12:37:37 -0800 (PST) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id AA01421F856C for ; Thu, 2 Feb 2012 12:37:36 -0800 (PST) Received: by wibhm9 with SMTP id hm9so2699393wib.31 for ; Thu, 02 Feb 2012 12:37:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=sBAUw+VrrO6KeLrHHpoGgiqGc14HUK/Xhio5nuO50S4=; b=Z0X/hxdUrO1/7HPJ6x2SqNGfoYbhXHSl1IPazLWWYk9493uqV7d7nymA+V+5x2cbJU xCjHfMCYoPZfav0JhHBkwhJHBqvliYzCSRbTpv8lIebqPonYhQrCWRWdSEYCiFvEBztv cLtyMbhred/q1frWoBAiUHkxk0EINWTh95eRo= MIME-Version: 1.0 Received: by 10.180.92.71 with SMTP id ck7mr9144631wib.3.1328215055783; Thu, 02 Feb 2012 12:37:35 -0800 (PST) Received: by 10.223.3.15 with HTTP; Thu, 2 Feb 2012 12:37:35 -0800 (PST) In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6084028@Hermes.columbia.ads.sparta.com> References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F6084028@Hermes.columbia.ads.sparta.com> Date: Thu, 2 Feb 2012 15:37:35 -0500 Message-ID: From: Brian Dickson To: "Murphy, Sandra" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "sidr@ietf.org list" Subject: Re: [sidr] Key learning procedures in BGPsec? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 20:37:37 -0000 On Thu, Feb 2, 2012 at 3:11 PM, Murphy, Sandra w= rote: >>(Contrast this with the risk of exposed on-router private keys, where >>literally _any_ AS-path could be forged via the AS of that router, >>off-axis.) > > I believe you are wrong here. > > The holder of the private key for an AS can not produce the signatures fo= r the ASs that precede it in the AS_PATH, nor the signatures for the ASs th= at follow it in the AS_PATH. > > By example: =A0consider an AS_PATH A-B-C-D-E > > The holder of the private key for C cannot produce the signature attribut= es produced by A, B, D, or E. > > It can produce an update and a new signature for A-B-C, but *only* if it = has a valid bgpsec update that > A sent to B and B sent to C. =A0It can not produce the signatures that D = and E would add. I think I used too many pronouns and left too much detail to the reader to infer. The fault is entirely mine. What I am saying is, any AS_PATH which can be observed anywhere, which goes through C, can be made to appear via X, if the legitimate holder of keys to X, happens to gain access to the keys to C. Access to any open routing table (route-server, router, etc.) is sufficient, presuming BGPSEC attributes are included in the data. And the ability to forge routes is basically unlimited, even if there is no relationship between C and X. Given a set of sets of prefixes, {P1, P2, P3}, where P1 =3D {A.B.C.0/24, A.D.E.0/22, etc.}, P2 =3D {...}, P3 =3D {...}, and given a set of AS_PATHs for each set of prefixes, A1, A2, A3, which correspond to the announcements of P1, P2, and P3 respectively. And suppose further that all of the AS_PATHs end in "C". Then X, who holds keys to X, and has learned keys to C, can construct announcements P1 A1-X, P2 A2-X, and P3 A3-X, etc... And by "construct" I mean BGPSEC secured announcements which satisfy origin validation and path validation. The restriction over "any" means, "any existing AS-path can be forged via paths that end in stolen-key and key-thief ASNs in sequence." If the stolen key corresponds to someone with the full set of routes for IPv4, e.g. anyone running BGPSEC, and their routes are visible somewhere, like a route-server, then every prefix can have forged routes (maybe with long AS_PATH) announced securely. If the thief is a customer of enough ISPs who do local-pref of customers, the thief can hijack a significant proportion of global traffic. This is why the importance of _universal_ key security cannot be overstated here, at the earliest point in development of BGPSEC. Again, there is no topological proximity required (to the AS from who the keys are stolen) , and the value depends entirely on the ability to have the forged paths preferred. Brian From internet-drafts@ietf.org Thu Feb 2 14:28:33 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639BF21F8691; Thu, 2 Feb 2012 14:28:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.585 X-Spam-Level: X-Spam-Status: No, score=-102.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rx4kRMkZErnm; Thu, 2 Feb 2012 14:28:33 -0800 (PST) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F19B621F8636; Thu, 2 Feb 2012 14:28:32 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.64p1 Message-ID: <20120202222832.8500.78112.idtracker@ietfa.amsl.com> Date: Thu, 02 Feb 2012 14:28:32 -0800 Cc: sidr@ietf.org Subject: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-26.txt X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2012 22:28:33 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Secure Inter-Domain Routing Working G= roup of the IETF. Title : The RPKI/Router Protocol Author(s) : Randy Bush Rob Austein Filename : draft-ietf-sidr-rpki-rtr-26.txt Pages : 27 Date : 2012-02-02 In order to verifiably validate the origin ASs of BGP announcements, routers need a simple but reliable mechanism to receive RPKI [I-D.ietf-sidr-arch] prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-rpki-rtr-26.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-rpki-rtr-26.txt From Sandra.Murphy@sparta.com Fri Feb 3 11:17:52 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E680421F85E9; Fri, 3 Feb 2012 11:17:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.455 X-Spam-Level: X-Spam-Status: No, score=-102.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSjk+Cf3JLMT; Fri, 3 Feb 2012 11:17:52 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id DEF8E21F85E7; Fri, 3 Feb 2012 11:17:51 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q13JHo0E010289; Fri, 3 Feb 2012 13:17:50 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q13JHmuL026203; Fri, 3 Feb 2012 13:17:49 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Fri, 3 Feb 2012 14:17:48 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: interim meeting registration Thread-Index: AczcbTK8ywnaQRvNTx2O3rB9fzjAiwACHS0ZAAGVS+ABiv0svQ== Date: Fri, 3 Feb 2012 19:17:47 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60853E6@Hermes.columbia.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F6076C7A@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F6076D46@Hermes.columbia.ads.sparta.com>, <24B20D14B2CD29478C8D5D6E9CBB29F6076E24@Hermes.columbia.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6076E24@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "sidr-chairs@ietf.org" Subject: Re: [sidr] interim meeting registration X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2012 19:17:53 -0000 Just a reminder. The interim meeting is set for next Thursday, 9 Feb in San Diego. Registration is free. =20 Registration is easy (email interim-sidr@tislabs.com, see below). =20 Registration is open to all. Registration is ongoing. Registration is encouraged (so we know how many to expect). --Sandy, speaking as wg co-chair ________________________________________ From: Murphy, Sandra Sent: Thursday, January 26, 2012 6:22 PM To: Murphy, Sandra; sidr@ietf.org Cc: sidr-chairs@ietf.org Subject: RE: interim meeting registration I should have known that IETF-ers would not be happy with the free format s= pecification I gave below. I have received a couple of requests for clarif= ication. So. The registration request message should have the following: Name: Affiliation: E-mail address: The e-mail address will not be noted on the wiki attendees page. --Sandy, speaking as co-chair > -----Original Message----- > From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf Of > Murphy, Sandra > Sent: Thursday, January 26, 2012 5:00 PM > To: sidr@ietf.org > Cc: sidr-chairs@ietf.org > Subject: Re: [sidr] interim meeting registration > > Forgot to ask: > > In your registration message, please indicate your affiliation, for the > purpose of completing the wiki attendee list. > > Also, the obligatory note that this is > > --Sandy, speaking as wg co-chair > > ________________________________________ > From: Murphy, Sandra > Sent: Thursday, January 26, 2012 4:09 PM > To: sidr@ietf.org > Cc: sidr-chairs@ietf.org > Subject: interim meeting registration > > Logistics are made for the interim meeting. > > To register for the meeting, please send a message to interim- > sidr@tislabs.com. There is NO registration fee for this meeting, but > please do register so room arrangements are suitable for the number of > attendees. Updates on meeting logistics will be sent to those who > register. > > Registration will close if the room is filled to capacity. I honestly > don't think that is likely, unless most of the NANOG attendees decide to > come. > > A wiki page on the tools' site sidr wiki has been created: > http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting20120209. The > agenda at the moment is just as was announced. Updates to the agenda wil= l > be posted to that wiki page. > > A list of those registered will be maintained at > http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting20120209- > attendees. > > --Sandy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr= From internet-drafts@ietf.org Fri Feb 3 15:28:32 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D246A21F8628; Fri, 3 Feb 2012 15:28:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.591 X-Spam-Level: X-Spam-Status: No, score=-102.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WU4eykb0Z3V5; Fri, 3 Feb 2012 15:28:32 -0800 (PST) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F12321F8622; Fri, 3 Feb 2012 15:28:32 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.64p1 Message-ID: <20120203232832.3616.53685.idtracker@ietfa.amsl.com> Date: Fri, 03 Feb 2012 15:28:32 -0800 Cc: sidr@ietf.org Subject: [sidr] I-D Action: draft-ietf-sidr-bgpsec-threats-01.txt X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2012 23:28:33 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Secure Inter-Domain Routing Working G= roup of the IETF. Title : Threat Model for BGP Path Security Author(s) : Stephen Kent Andrew Chi Filename : draft-ietf-sidr-bgpsec-threats-01.txt Pages : 26 Date : 2012-02-03 This document describes a threat model for BGP path security (BGPSEC). It assumes the context established by the SIDR WG charter, as of April 19, 2011. The charter established two goals for the SIDR work: o Enabling an AS to verify the authorization of an origin AS to originate a specified set of prefixes o Enabling an AS to verify that the AS-PATH represented in a route matches the path travelled by the NLRI for the route The charter further mandates that SIDR build upon the Resource Public Key Infrastructure (RPKI), the first product of the WG. Consistent with the charter, this threat model includes an analysis of the RPKI, and focuses on the ability of an AS to verify the authenticity of the AS path info received in a BGP update. The model assumes that BGP path security is achieved through the application of digital signatures to AS_Path Info. The document characterizes classes of potential adversaries that are considered to be threats, and examines classes of attacks that might be launched against BGPSEC. It concludes with brief discussion of residual vulnerabilities. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-01.txt From wwwrun@rfc-editor.org Fri Feb 3 17:20:07 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5ED621F85E4; Fri, 3 Feb 2012 17:20:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.413 X-Spam-Level: X-Spam-Status: No, score=-102.413 tagged_above=-999 required=5 tests=[AWL=0.187, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cCLH1yhPQnlD; Fri, 3 Feb 2012 17:20:07 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 584D321F85DA; Fri, 3 Feb 2012 17:20:07 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id BF4D9B1E002; Fri, 3 Feb 2012 17:16:03 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011603.BF4D9B1E002@rfc-editor.org> Date: Fri, 3 Feb 2012 17:16:03 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6480 on An Infrastructure to Support Secure Internet Routing X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:20:07 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6480 Title: An Infrastructure to Support Secure Internet Routing Author: M. Lepinski, S. Kent Status: Informational Stream: IETF Date: February 2012 Mailbox: mlepinski@bbn.com, kent@bbn.com Pages: 24 Characters: 62127 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-arch-13.txt URL: http://www.rfc-editor.org/rfc/rfc6480.txt This document describes an architecture for an infrastructure to support improved security of Internet routing. The foundation of this architecture is a Resource Public Key Infrastructure (RPKI) that represents the allocation hierarchy of IP address space and Autonomous System (AS) numbers; and a distributed repository system for storing and disseminating the data objects that comprise the RPKI, as well as other signed objects necessary for improved routing security. As an initial application of this architecture, the document describes how a legitimate holder of IP address space can explicitly and verifiably authorize one or more ASes to originate routes to that address space. Such verifiable authorizations could be used, for example, to more securely construct BGP route filters. This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:20:20 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EAEE21F8631; Fri, 3 Feb 2012 17:20:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.115 X-Spam-Level: X-Spam-Status: No, score=-102.115 tagged_above=-999 required=5 tests=[AWL=-0.115, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAU-8B4WWRfv; Fri, 3 Feb 2012 17:20:19 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id DD8D921F8630; Fri, 3 Feb 2012 17:20:19 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 9A308B1E003; Fri, 3 Feb 2012 17:16:16 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011616.9A308B1E003@rfc-editor.org> Date: Fri, 3 Feb 2012 17:16:16 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6481 on A Profile for Resource Certificate Repository Structure X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:20:20 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6481 Title: A Profile for Resource Certificate Repository Structure Author: G. Huston, R. Loomans, G. Michaelson Status: Standards Track Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, robertl@apnic.net, ggm@apnic.net Pages: 15 Characters: 36117 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-repos-struct-09.txt URL: http://www.rfc-editor.org/rfc/rfc6481.txt This document defines a profile for the structure of the Resource Public Key Infrastructure (RPKI) distributed repository. Each individual repository publication point is a directory that contains files that correspond to X.509/PKIX Resource Certificates, Certificate Revocation Lists and signed objects. This profile defines the object (file) naming scheme, the contents of repository publication points (directories), and a suggested internal structure of a local repository cache that is intended to facilitate synchronization across a distributed collection of repository publication points and to facilitate certification path construction. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:20:40 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE62621F8647; Fri, 3 Feb 2012 17:20:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.06 X-Spam-Level: X-Spam-Status: No, score=-104.06 tagged_above=-999 required=5 tests=[AWL=1.017, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSfcZsLGqxZn; Fri, 3 Feb 2012 17:20:39 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id 1E62D21F8645; Fri, 3 Feb 2012 17:20:39 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id BE434B1E003; Fri, 3 Feb 2012 17:16:35 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011635.BE434B1E003@rfc-editor.org> Date: Fri, 3 Feb 2012 17:16:35 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6482 on A Profile for Route Origin Authorizations (ROAs) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:20:40 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6482 Title: A Profile for Route Origin Authorizations (ROAs) Author: M. Lepinski, S. Kent, D. Kong Status: Standards Track Stream: IETF Date: February 2012 Mailbox: mlepinski@bbn.com, skent@bbn.com, dkong@bbn.com Pages: 9 Characters: 15745 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-roa-format-12.txt URL: http://www.rfc-editor.org/rfc/rfc6482.txt This document defines a standard profile for Route Origin Authorizations (ROAs). A ROA is a digitally signed object that provides a means of verifying that an IP address block holder has authorized an Autonomous System (AS) to originate routes to one or more prefixes within the address block. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:20:51 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7327F21F85E4; Fri, 3 Feb 2012 17:20:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.396 X-Spam-Level: X-Spam-Status: No, score=-104.396 tagged_above=-999 required=5 tests=[AWL=1.281, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvN-6Rkwx1fT; Fri, 3 Feb 2012 17:20:51 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id 04CB221F8655; Fri, 3 Feb 2012 17:20:51 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id B3C03B1E002; Fri, 3 Feb 2012 17:16:47 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011647.B3C03B1E002@rfc-editor.org> Date: Fri, 3 Feb 2012 17:16:47 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6483 on Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:20:51 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6483 Title: Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) Author: G. Huston, G. Michaelson Status: Informational Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, ggm@apnic.net Pages: 8 Characters: 19811 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-roa-validation-10.txt URL: http://www.rfc-editor.org/rfc/rfc6483.txt This document defines the semantics of a Route Origin Authorization (ROA) in terms of the context of an application of the Resource Public Key Infrastructure to validate the origination of routes advertised in the Border Gateway Protocol. This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:21:15 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19ECC21F8622; Fri, 3 Feb 2012 17:21:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.113 X-Spam-Level: X-Spam-Status: No, score=-102.113 tagged_above=-999 required=5 tests=[AWL=-0.113, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VS76dM9cVZAs; Fri, 3 Feb 2012 17:21:14 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id B029021F8621; Fri, 3 Feb 2012 17:21:14 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 648C4B1E00A; Fri, 3 Feb 2012 17:17:11 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011711.648C4B1E00A@rfc-editor.org> Date: Fri, 3 Feb 2012 17:17:11 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6485 on The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:21:15 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6485 Title: The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI) Author: G. Huston Status: Standards Track Stream: IETF Date: February 2012 Mailbox: gih@apnic.net Pages: 6 Characters: 11377 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-rpki-algs-05.txt URL: http://www.rfc-editor.org/rfc/rfc6485.txt This document specifies the algorithms, algorithms' parameters, asymmetric key formats, asymmetric key size, and signature format for the Resource Public Key Infrastructure (RPKI) subscribers that generate digital signatures on certificates, Certificate Revocation Lists, and signed objects as well as for the relying parties (RPs) that verify these digital signatures. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:21:26 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EDD921F8677; Fri, 3 Feb 2012 17:21:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.112 X-Spam-Level: X-Spam-Status: No, score=-102.112 tagged_above=-999 required=5 tests=[AWL=-0.112, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0y3ArKatzss; Fri, 3 Feb 2012 17:21:26 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 0E5BB21F8679; Fri, 3 Feb 2012 17:21:23 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id B382FB1E013; Fri, 3 Feb 2012 17:17:19 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011719.B382FB1E013@rfc-editor.org> Date: Fri, 3 Feb 2012 17:17:19 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6486 on Manifests for the Resource Public Key Infrastructure (RPKI) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:21:26 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6486 Title: Manifests for the Resource Public Key Infrastructure (RPKI) Author: R. Austein, G. Huston, S. Kent, M. Lepinski Status: Standards Track Stream: IETF Date: February 2012 Mailbox: sra@isc.org, gih@apnic.net, kent@bbn.com, mlepinski@bbn.com Pages: 19 Characters: 42913 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-rpki-manifests-16.txt URL: http://www.rfc-editor.org/rfc/rfc6486.txt This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed objects issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect "stale" (valid) data and deletion of signed objects. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:21:43 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE6E21F8677; Fri, 3 Feb 2012 17:21:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.14 X-Spam-Level: X-Spam-Status: No, score=-104.14 tagged_above=-999 required=5 tests=[AWL=0.937, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dEZ-BDFjq3+e; Fri, 3 Feb 2012 17:21:42 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id AE91921F8621; Fri, 3 Feb 2012 17:21:42 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 6A67EB1E00E; Fri, 3 Feb 2012 17:17:39 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011739.6A67EB1E00E@rfc-editor.org> Date: Fri, 3 Feb 2012 17:17:39 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6488 on Signed Object Template for the Resource Public Key Infrastructure (RPKI) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:21:43 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6488 Title: Signed Object Template for the Resource Public Key Infrastructure (RPKI) Author: M. Lepinski, A. Chi, S. Kent Status: Standards Track Stream: IETF Date: February 2012 Mailbox: mlepinski@bbn.com, achi@bbn.com, kent@bbn.com Pages: 13 Characters: 25130 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-signed-object-04.txt URL: http://www.rfc-editor.org/rfc/rfc6488.txt This document defines a generic profile for signed objects used in the Resource Public Key Infrastructure (RPKI). These RPKI signed objects make use of Cryptographic Message Syntax (CMS) as a standard encapsulation format. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:22:01 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F94421F8694; Fri, 3 Feb 2012 17:22:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.471 X-Spam-Level: X-Spam-Status: No, score=-104.471 tagged_above=-999 required=5 tests=[AWL=1.206, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zuBvKVobqLtP; Fri, 3 Feb 2012 17:22:00 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9A821F8686; Fri, 3 Feb 2012 17:22:00 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 525F8B1E014; Fri, 3 Feb 2012 17:17:57 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011757.525F8B1E014@rfc-editor.org> Date: Fri, 3 Feb 2012 17:17:57 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] BCP 174, RFC 6489 on Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:22:01 -0000 A new Request for Comments is now available in online RFC libraries. BCP 174 RFC 6489 Title: Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI) Author: G. Huston, G. Michaelson, S. Kent Status: Best Current Practice Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, ggm@apnic.net, kent@bbn.com Pages: 10 Characters: 23060 See Also: BCP0174 I-D Tag: draft-ietf-sidr-keyroll-08.txt URL: http://www.rfc-editor.org/rfc/rfc6489.txt This document describes how a Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI) performs a planned rollover of its key pair. This document also notes the implications of this key rollover procedure for relying parties (RPs). In general, RPs are expected to maintain a local cache of the objects that have been published in the RPKI repository, and thus the way in which a CA performs key rollover impacts RPs. This memo documents an Internet Best Current Practice. This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. BCP: This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:25:31 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646BB21F8656; Fri, 3 Feb 2012 17:25:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.111 X-Spam-Level: X-Spam-Status: No, score=-102.111 tagged_above=-999 required=5 tests=[AWL=-0.111, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TH4yd1mto-qD; Fri, 3 Feb 2012 17:25:31 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2F321F8622; Fri, 3 Feb 2012 17:25:27 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 49013B1E011; Fri, 3 Feb 2012 17:21:24 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204012124.49013B1E011@rfc-editor.org> Date: Fri, 3 Feb 2012 17:21:24 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6491 on Resource Public Key Infrastructure (RPKI) Objects Issued by IANA X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:25:31 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6491 Title: Resource Public Key Infrastructure (RPKI) Objects Issued by IANA Author: T. Manderson, L. Vegoda, S. Kent Status: Standards Track Stream: IETF Date: February 2012 Mailbox: terry.manderson@icann.org, leo.vegoda@icann.org, kent@bbn.com Pages: 12 Characters: 23662 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-iana-objects-03.txt URL: http://www.rfc-editor.org/rfc/rfc6491.txt This document provides specific direction to IANA as to the Resource Public Key Infrastructure (RPKI) objects it should issue. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:25:40 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BE6F21F8653; Fri, 3 Feb 2012 17:25:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.11 X-Spam-Level: X-Spam-Status: No, score=-102.11 tagged_above=-999 required=5 tests=[AWL=-0.110, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2kccleP6GlP; Fri, 3 Feb 2012 17:25:39 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id A9DEB11E809B; Fri, 3 Feb 2012 17:25:36 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 5EA98B1E014; Fri, 3 Feb 2012 17:21:33 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204012133.5EA98B1E014@rfc-editor.org> Date: Fri, 3 Feb 2012 17:21:33 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6492 on A Protocol for Provisioning Resource Certificates X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:25:40 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6492 Title: A Protocol for Provisioning Resource Certificates Author: G. Huston, R. Loomans, B. Ellacott, R. Austein Status: Standards Track Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, robertl@apnic.net, bje@apnic.net, sra@hactrn.net Pages: 32 Characters: 65896 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-rescerts-provisioning-11.txt URL: http://www.rfc-editor.org/rfc/rfc6492.txt This document defines a framework for certificate management interactions between an Internet Number Resource issuer ("issuer") and an Internet Number Resource recipient ("subject") through the specification of a protocol for interaction between the two parties. The protocol supports the transmission of requests from the subject, and corresponding responses from the issuer encompassing the actions of certificate issuance, certificate revocation, and certificate status information reports. This protocol is intended to be limited to the application of Internet Number Resource Certificate management and is not intended to be used as part of a more general certificate management framework. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:25:50 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F32111E80A4; Fri, 3 Feb 2012 17:25:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.21 X-Spam-Level: X-Spam-Status: No, score=-104.21 tagged_above=-999 required=5 tests=[AWL=0.867, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Z-B+iqltpog; Fri, 3 Feb 2012 17:25:50 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id 439DF11E80A3; Fri, 3 Feb 2012 17:25:49 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id F1206B1E014; Fri, 3 Feb 2012 17:21:45 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204012145.F1206B1E014@rfc-editor.org> Date: Fri, 3 Feb 2012 17:21:45 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6493 on The Resource Public Key Infrastructure (RPKI) Ghostbusters Record X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:25:50 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6493 Title: The Resource Public Key Infrastructure (RPKI) Ghostbusters Record Author: R. Bush Status: Standards Track Stream: IETF Date: February 2012 Mailbox: randy@psg.com Pages: 8 Characters: 15491 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-ghostbusters-15.txt URL: http://www.rfc-editor.org/rfc/rfc6493.txt In the Resource Public Key Infrastructure (RPKI), resource certificates completely obscure names or any other information that might be useful for contacting responsible parties to deal with issues of certificate expiration, maintenance, roll-overs, compromises, etc. This document describes the RPKI Ghostbusters Record containing human contact information that may be verified (indirectly) by a Certification Authority (CA) certificate. The data in the record are those of a severely profiled vCard. [STANDARDS- TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:33:21 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573A811E8096; Fri, 3 Feb 2012 17:33:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.111 X-Spam-Level: X-Spam-Status: No, score=-102.111 tagged_above=-999 required=5 tests=[AWL=-0.111, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2278tNn1cwg; Fri, 3 Feb 2012 17:33:20 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id E085411E80A0; Fri, 3 Feb 2012 17:33:20 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id BA708B1E00D; Fri, 3 Feb 2012 17:17:29 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011729.BA708B1E00D@rfc-editor.org> Date: Fri, 3 Feb 2012 17:17:29 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6487 on A Profile for X.509 PKIX Resource Certificates X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:33:21 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6487 Title: A Profile for X.509 PKIX Resource Certificates Author: G. Huston, G. Michaelson, R. Loomans Status: Standards Track Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, ggm@apnic.net, robertl@apnic.net Pages: 32 Characters: 69150 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-res-certs-22.txt URL: http://www.rfc-editor.org/rfc/rfc6487.txt This document defines a standard profile for X.509 certificates for the purpose of supporting validation of assertions of "right-of-use" of Internet Number Resources (INRs). The certificates issued under this profile are used to convey the issuer's authorization of the subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This document contains the normative specification of Certificate and Certificate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (RPKI). This document also specifies profiles for the format of certificate requests and specifies the Relying Party RPKI certificate path validation procedure. [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:33:21 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB6411E80AC; Fri, 3 Feb 2012 17:33:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.409 X-Spam-Level: X-Spam-Status: No, score=-102.409 tagged_above=-999 required=5 tests=[AWL=0.191, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJtxwScgWdfU; Fri, 3 Feb 2012 17:33:20 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id DCB6F11E8098; Fri, 3 Feb 2012 17:33:20 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id B677DB1E009; Fri, 3 Feb 2012 17:16:58 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011658.B677DB1E009@rfc-editor.org> Date: Fri, 3 Feb 2012 17:16:58 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] BCP 173, RFC 6484 on Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:33:21 -0000 A new Request for Comments is now available in online RFC libraries. BCP 173 RFC 6484 Title: Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI) Author: S. Kent, D. Kong, K. Seo, R. Watro Status: Best Current Practice Stream: IETF Date: February 2012 Mailbox: skent@bbn.com, dkong@bbn.com, kseo@bbn.com, rwatro@bbn.com Pages: 35 Characters: 77855 See Also: BCP0173 I-D Tag: draft-ietf-sidr-cp-17.txt URL: http://www.rfc-editor.org/rfc/rfc6484.txt This document describes the certificate policy for a Public Key Infrastructure (PKI) used to support attestations about Internet Number Resource (INR) holdings. Each organization that distributes IP addresses or Autonomous System (AS) numbers to an organization will, in parallel, issue a (public key) certificate reflecting this distribution. These certificates will enable verification that the resources indicated in the certificate have been distributed to the holder of the associated private key and that this organization is the current, unique holder of these resources. This memo documents an Internet Best Current Practice. This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. BCP: This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wwwrun@rfc-editor.org Fri Feb 3 17:33:21 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90DCE11E8098; Fri, 3 Feb 2012 17:33:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.263 X-Spam-Level: X-Spam-Status: No, score=-104.263 tagged_above=-999 required=5 tests=[AWL=0.814, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izAF3CKjXAh7; Fri, 3 Feb 2012 17:33:21 -0800 (PST) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id EAFA911E80A2; Fri, 3 Feb 2012 17:33:20 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 48446B1E00C; Fri, 3 Feb 2012 17:18:09 -0800 (PST) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120204011809.48446B1E00C@rfc-editor.org> Date: Fri, 3 Feb 2012 17:18:09 -0800 (PST) Cc: sidr@ietf.org, rfc-editor@rfc-editor.org Subject: [sidr] RFC 6490 on Resource Public Key Infrastructure (RPKI) Trust Anchor Locator X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 01:33:21 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6490 Title: Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Author: G. Huston, S. Weiler, G. Michaelson, S. Kent Status: Standards Track Stream: IETF Date: February 2012 Mailbox: gih@apnic.net, weiler@sparta.com, ggm@apnic.net, kent@bbn.com Pages: 7 Characters: 15004 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-sidr-ta-07.txt URL: http://www.rfc-editor.org/rfc/rfc6490.txt This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). [STANDARDS-TRACK] This document is a product of the Secure Inter-Domain Routing Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From wjhns1@hardakers.net Sat Feb 4 07:31:19 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A77E21F85A4 for ; Sat, 4 Feb 2012 07:31:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2sYzfHCFKf3 for ; Sat, 4 Feb 2012 07:31:18 -0800 (PST) Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6059B21F854F for ; Sat, 4 Feb 2012 07:31:18 -0800 (PST) Received: from localhost (unknown [IPv6:2001:470:1f00:187:224:7eff:fe6b:2b3e]) by mail.hardakers.net (Postfix) with ESMTPSA id 379284CB; Sat, 4 Feb 2012 07:31:16 -0800 (PST) From: Wes Hardaker To: rfc-editor@rfc-editor.org References: <20120204011603.BF4D9B1E002@rfc-editor.org> Date: Sat, 04 Feb 2012 07:31:16 -0800 In-Reply-To: <20120204011603.BF4D9B1E002@rfc-editor.org> (rfc-editor@rfc-editor.org's message of "Fri, 3 Feb 2012 17:16:03 -0800 (PST)") Message-ID: <0lsjiqlinv.fsf@wjh.hardakers.net> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Cc: sidr@ietf.org Subject: Re: [sidr] sidrRFC 6480 on An Infrastructure to Support Secure Internet Routing X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 15:31:19 -0000 >>>>> On Fri, 3 Feb 2012 17:16:03 -0800 (PST), rfc-editor@rfc-editor.org said: r> A [^h MANY] new Request for Comments is now available in online RFC libraries. r> RFC 6480 r> RFC 6481 r> RFC 6482 r> RFC 6483 r> RFC 6484 (BCP173) r> RFC 6485 r> RFC 6486 r> RFC 6487 r> RFC 6488 r> RFC 6488 (BCP174) r> RFC6490 r> RFC6491 r> RFC6492 r> RFC6493 That's certainly a nice long accomplishment list! Congratulations to all that have put in the time and effort to make that list happen! -- Wes Hardaker My Pictures: http://capturedonearth.com/ My Thoughts: http://pontifications.hardakers.net/ From wjhns1@hardakers.net Sat Feb 4 09:48:36 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C9821F8523 for ; Sat, 4 Feb 2012 09:48:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiHkLARfXJiC for ; Sat, 4 Feb 2012 09:48:35 -0800 (PST) Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id A22F421F84FF for ; Sat, 4 Feb 2012 09:48:35 -0800 (PST) Received: from localhost (unknown [IPv6:2001:470:1f00:187:224:7eff:fe6b:2b3e]) by mail.hardakers.net (Postfix) with ESMTPSA id 18DA657C for ; Sat, 4 Feb 2012 09:48:35 -0800 (PST) From: Wes Hardaker To: sidr@ietf.org Date: Sat, 04 Feb 2012 09:48:34 -0800 Message-ID: <0lvcnmij65.fsf@wjh.hardakers.net> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Subject: [sidr] rpki-rtr-25 notes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 17:48:36 -0000 Just finished (finally) scanning the rpki-rtr document (-25 version) and have a few notes about it. Over all, though, nicely done ID. Thanks! A) It's too early for nit edits, but this one just jumped at me and I couldn't ignore it. 5.1, 3rd paragraph(/sentence): is only -> is *the* only B) 5.9: the 2nd and 4th paragraphs seem to contradict each other. I suspect that the intent is that you can send a generic error after a particular PDU, but the way it's phrased is a bit odd and it jumped out at me too. How about: If the error is generic (e.g. "Internal Error") and not associated with the PDU it is responding to, the Erroneous PDU field ... Note that with this exception rule you could still end up in some state where the generic error isn't fatal and you need to respond with a specific and a generic error, but you can't send 2 error reports. Thus, hopefully generic errors will always be fatal? C) 5.10 seems to indicate rcynic (a very fine tool) is ubiquitous because it's quoting it like everyone knows what it is (and always will). I'd leave the example tool name out. D) 7. Transport.... Multiple issues D.1) "Unfortunately there is no protocol to do so on all currently used platforms". I actually doubt the validity of that statement. I suspect SSH is likely available on them all. Or at least "nearly all" (and I doubt anything will ever reach "all"). I'd bet TLS is nearly ubiquitous as well, though probably less than SSH. D.2) The ordering of the 5th-8th(ish) paragraphs seems weird. I'd group them together by subject such that the sections that talked about unprotected TCP should be next to each other and the ones that talked about the protected ones be together. Thus, I think just moving the 2 unprotected paragraphs ("Caches and routers MUST..." and "If unprotected TCP...") to positions 5 and 6 would solve most of the oddities. D.3) I'm not sure that the whole concept of "MUST implement unprotected" is going to fly through a security review. I know I'd flag it. Generally I'm not sure it's wise to mandate insecurity, though I do agree it may be a nice feature to have (did I really just say that???) D.4) There is some confusion regarding whether routers "use" vs "can be configured to use". EG: "Caches and routers SHOULD use TCP-AO..." IMHO, this indicates they have a choice. "SHOULD be able to use" might be a better wording choice implying its subject to configuration by the operator. If you want a more complete list of places where I think this might be a problem, I can supply one of course. D.5) "If available to the operator...". How would the router know what's available to the operator? Or does this mean that if the device already implements protocol X, it must offer it as a configuration choice for rpki-rtr transport? If so, that's not entirely clear. D.6) I'd order the sub-sections to be in the same order as the list above it. IE, TCP-AO is first in the list, so the TCP-AO sub-section should probably come first. E) 7.1 SSH transport "Client routers SHOULD verify the public key of the cache". Similar to D.4, I'd change this to "Client routers MUST be able to verify the public key of the cache". F) 7.2 TLS transports: the CN field is really being deprecated and I'd suggest using the subject alt name instead (SAN). G) section 8, paragraph 2 implies that the cache needs a list of names for the peer and I'm not sure this is true. In fact much of that paragraph talks about the router/client side only, so I'd split the paragraph in two: one for cache requirements and one for the router requirements. H) section 8: I'd change "Key" to either "TheirKey" or "ItsKey" I) section 8: "it would be prudent for the client"... This seems like a good place for the word SHOULD to sneak in there somewhere. J) section 8: "if data from multiple caches are held, implementations MUST NOT distinguish between data sources when performing validation". This one confuses me. It's unclear, after reading the entire document, why you have a preference ordered list if the data from them all must be treated equally. Is the goal to have a preference order list because you want to really only have, ideally, a single cache and the others are fallbacks? Or is it because you want to have N/M established at any point? Either way, if they're all equal then what happens when popular #1 is overloaded and slower and issues an announcement after #2 has issued a withdrawl, or vice versa. Either way you end up in a race-condition based state. This should probably be discussed and at least mentioned, even if you choose not to solve it by a preference setting somewhere. Though I'd certainly want to leave room in the configuration engine to allow for a preference setting even if implementing it is optional. K) I didn't dive heavily into the security considerations because of some of the above that I suspect may affect it. I'd be happy to if it's ready to be dived into though. Again, nicely done document. Clear and straight forward (though at times I had to predict what was coming ahead to make sense of the current paragraph, I think that's generally hard to avoid). -- Wes Hardaker From wjhns1@hardakers.net Sat Feb 4 10:01:20 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD5A121F851A for ; Sat, 4 Feb 2012 10:01:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id loqV7PYgRXBW for ; Sat, 4 Feb 2012 10:01:20 -0800 (PST) Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE8621F84DA for ; Sat, 4 Feb 2012 10:01:20 -0800 (PST) Received: from localhost (unknown [IPv6:2001:470:1f00:187:224:7eff:fe6b:2b3e]) by mail.hardakers.net (Postfix) with ESMTPSA id 50D7057C; Sat, 4 Feb 2012 10:01:18 -0800 (PST) From: Wes Hardaker To: Randy Bush References: <20111129225106.25323.811.idtracker@ietfa.amsl.com> Date: Sat, 04 Feb 2012 10:01:17 -0800 In-Reply-To: (Randy Bush's message of "Thu, 15 Dec 2011 15:56:44 -0800") Message-ID: <0lehuaiiky.fsf@wjh.hardakers.net> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Cc: sidr wg list Subject: Re: [sidr] Last Call: (The RPKI/Router Protocol) to Proposed Standard X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 18:01:21 -0000 >>>>> On Thu, 15 Dec 2011 15:56:44 -0800, Randy Bush said: RB> As you say, NetConf is for *configuring* routers. RPKI-rtr is not used RB> for router configuration, but rather dynamic data, a la IS-IS or BGP. RB> In fact, the RPKI-rtr payload data go into the same data structure as RB> the BGP data. Having finally read through the rtr-25 document, and having some background in following the Netconf work, I finally am in a position to give my opinion on this thread. The thread is a bit old, but consensus never seemed to be "full there" so I figure one more opinion might be helpful. The short summary: Randy is right (this time; don't let it go to your head Randy :-) ) The longer explanation: Could netconf be used to send this type of data over? Yes. But... Routers, operating in the defacto state of doing what they're supposed to be doing (routing), need to be fast and efficient. And that's an understatement. The rpki-rtr protocol is clearly designed to make sure this is the case. It's a cache-query protocol designed to keep a fairly large, complex and constantly changing data set in sync with the router that actually needs to use it. It's binary in nature (ironically written by some people that used to stamp on the ground about how annoying binary protocols are) because it needs to be in order to be efficient and fast. Especially when the data is large and changing at a rapid rate. Now, lets compare those needs against netconf. Netconf was designed to be a protocol that operated on a data storage full of configuration data. The configuration data is likely to be static, except when rarely manipulated through CLI, netconf or some other actions. But those modifications will be rare, not frequent. The language is verbose (lots of commands/pdus/operations), large (XML encoded) and complex to parse (XML is easy-ish for humans and easy-ish for machines, but not fast for either). And it's designed not for operational data, but for configuration data, which is an entirely separate beast. Could it be used? Yes, but with the drawbacks hinted at above: a reduction in speed and an increase in stealing the memory CPU cycles from what the router really should be doing (routing). Certainly the data isn't the same vein as the normal netconf data, so it would likely need a separate storage container running on a separate port even if the same protocol was used. So if it could be used, should it be used? No.... it's just not a good fit. I can shoe-horn the rpki-rtr protocol into a number of other shoes, but none of them are right either. Consider tftp, snmp, http, or even bgp itself. They all could be used in theory, but none of them really meet the operational needs either (so don't get any ideas!). Could they be used? Yes. Should they be? No. [and I'd argue that at least one of them might be a better choice than netconf itself]. -- Wes Hardaker SPARTA, Inc. From christopher.morrow@gmail.com Sat Feb 4 11:03:13 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A4121F848B for ; Sat, 4 Feb 2012 11:03:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.599 X-Spam-Level: X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmyWsG3NDemv for ; Sat, 4 Feb 2012 11:03:12 -0800 (PST) Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF6E21F8473 for ; Sat, 4 Feb 2012 11:03:12 -0800 (PST) Received: by iagf6 with SMTP id f6so7729961iag.31 for ; Sat, 04 Feb 2012 11:03:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=6eMq6lQn4h7ZTewzh4fR1Jv4NYHyF1FPSqeOFx/O8vQ=; b=TNswDsXpSSBtq16zzRXz0P7N/9LKR9AoPoezS7UeGmKcSOJEIW1LHA+ego6nG8dEYQ SnWagIRmlfF2XEwUBFyjBhT7zURGvnnJ3XlghyrmfMrF1nCvisXc2stuROXu9ey0oQW8 UJ9Lfz57EqNaw2vlck2ITi7+pKCv2BctrDX0A= MIME-Version: 1.0 Received: by 10.43.44.197 with SMTP id uh5mr13488986icb.34.1328382192126; Sat, 04 Feb 2012 11:03:12 -0800 (PST) Sender: christopher.morrow@gmail.com Received: by 10.231.93.141 with HTTP; Sat, 4 Feb 2012 11:03:11 -0800 (PST) In-Reply-To: <0lehuaiiky.fsf@wjh.hardakers.net> References: <20111129225106.25323.811.idtracker@ietfa.amsl.com> <0lehuaiiky.fsf@wjh.hardakers.net> Date: Sat, 4 Feb 2012 14:03:11 -0500 X-Google-Sender-Auth: 0BXNrX-ntPZXngN_DsnhmsZSqu0 Message-ID: From: Christopher Morrow To: Wes Hardaker Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: sidr wg list Subject: Re: [sidr] Last Call: (The RPKI/Router Protocol) to Proposed Standard X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 19:03:13 -0000 On Sat, Feb 4, 2012 at 1:01 PM, Wes Hardaker wrote: >>>>>> On Thu, 15 Dec 2011 15:56:44 -0800, Randy Bush said: > > RB> As you say, NetConf is for *configuring* routers. =A0RPKI-rtr is not = used > RB> for router configuration, but rather dynamic data, a la IS-IS or BGP. > RB> In fact, the RPKI-rtr payload data go into the same data structure as > RB> the BGP data. > > Having finally read through the rtr-25 document, and having some > background in following the Netconf work, I finally am in a position to > give my opinion on this thread. =A0The thread is a bit old, but consensus > never seemed to be "full there" so I figure one more opinion might be > helpful. > > > The short summary: Randy is right (this time; don't let it go to your > head Randy :-) ) > > > The longer explanation: > > Could netconf be used to send this type of data over? =A0Yes. =A0But... > > Routers, operating in the defacto state of doing what they're supposed > to be doing (routing), need to be fast and efficient. =A0And that's an > understatement. =A0The rpki-rtr protocol is clearly designed to make sure > this is the case. =A0It's a cache-query protocol designed to keep a fairl= y > large, complex and constantly changing data set in sync with the router > that actually needs to use it. =A0It's binary in nature (ironically > written by some people that used to stamp on the ground about how > annoying binary protocols are) because it needs to be in order to be > efficient and fast. =A0Especially when the data is large and changing at = a > rapid rate. > > Now, lets compare those needs against netconf. =A0Netconf was designed to > be a protocol that operated on a data storage full of configuration > data. =A0The configuration data is likely to be static, except when rarel= y > manipulated through CLI, netconf or some other actions. =A0But those > modifications will be rare, not frequent. =A0The language is verbose (lot= s > of commands/pdus/operations), large (XML encoded) and complex to parse > (XML is easy-ish for humans and easy-ish for machines, but not fast for > either). =A0And it's designed not for operational data, but for > configuration data, which is an entirely separate beast. > > Could it be used? =A0Yes, but with the drawbacks hinted at above: a > reduction in speed and an increase in stealing the memory CPU cycles > from what the router really should be doing (routing). =A0Certainly the > data isn't the same vein as the normal netconf data, so it would likely > need a separate storage container running on a separate port even if the > same protocol was used. > > So if it could be used, should it be used? =A0No.... =A0it's just not a g= ood > fit. > > I can shoe-horn the rpki-rtr protocol into a number of other shoes, but > none of them are right either. =A0Consider tftp, snmp, http, or even bgp > itself. =A0They all could be used in theory, but none of them really meet > the operational needs either (so don't get any ideas!). =A0Could they be > used? =A0Yes. =A0Should they be? =A0No. > > [and I'd argue that at least one of them might be a better choice than > netconf itself]. part of what you (wes) are getting at, and what terry/shane had pointed at before is that there are other options. the current rpki-rtr protocol is the first of potentially many (like sending config to a router, you can use snmp, scp, tftp, ftp, http, netconf...). Maybe the real answer is, if you don't like rpki-rtr for your deployment/environment, look to your vendor with $$ and requirements and get them to build you a better mousetrap? This worked well for lots of other 'solutions' on routing platforms in the past. -chris From randy@psg.com Sat Feb 4 15:43:06 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D269621F84F3 for ; Sat, 4 Feb 2012 15:43:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.518 X-Spam-Level: X-Spam-Status: No, score=-2.518 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CjObepcQ+ke for ; Sat, 4 Feb 2012 15:43:06 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id E1F4021F845E for ; Sat, 4 Feb 2012 15:43:05 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RtpG5-000KQJ-5n; Sat, 04 Feb 2012 23:43:05 +0000 Date: Sat, 04 Feb 2012 15:43:04 -0800 Message-ID: From: Randy Bush To: Wes Hardaker In-Reply-To: <0lvcnmij65.fsf@wjh.hardakers.net> References: <0lvcnmij65.fsf@wjh.hardakers.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: sidr wg list Subject: Re: [sidr] rpki-rtr-25 notes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2012 23:43:07 -0000 > A) It's too early for nit edits not really. as the iesg has approved this one, changes are going to be a process pain. so this message pushes back on some of your suggestions which i would otherwise have gladly taken. perhaps the sponsoring AD will give me/us some guidance in this. also please excuse the roughness of my response. i just hit san diego from a few time zones to the west. > 5.1, 3rd paragraph(/sentence): is only -> is *the* only done > B) 5.9: the 2nd and 4th paragraphs seem to contradict each other. I > suspect that the intent is that you can send a generic error after a > particular PDU, but the way it's phrased is a bit odd and it jumped > out at me too. How about: > > If the error is generic (e.g. "Internal Error") and not associated > with the PDU it is responding to, the Erroneous PDU field ... sure > C) 5.10 seems to indicate rcynic not in -26 > D.1) "Unfortunately there is no protocol to do so on all currently used > platforms". > I actually doubt the validity of that statement. I suspect SSH is > likely available on them all. no it is not. see voluminous discussion on list. to save you the search, very common router platforms provide hard coded ssh client and server, but no ssh library which a protocol such as this can use. > Or at least "nearly all" (and I doubt anything will ever reach > "all"). I'd bet TLS is nearly ubiquitous as well, though > probably less than SSH. about the same mess > D.2) The ordering of the 5th-8th(ish) paragraphs seems weird. I'd group > them together by subject such that the sections that talked about > unprotected TCP should be next to each other and the ones that > talked about the protected ones be together. Thus, I think just > moving the 2 unprotected paragraphs ("Caches and routers MUST..." > and "If unprotected TCP...") to positions 5 and 6 would solve most > of the oddities. not sure this is sufficiently problematic to tempt the $dieties post iesg approval. > D.3) I'm not sure that the whole concept of "MUST implement unprotected" > is going to fly through a security review. it did. after a bit of discussion. > D.4) There is some confusion regarding whether routers "use" vs "can be > configured to use". EG: "Caches and routers SHOULD use TCP-AO..." > IMHO, this indicates they have a choice. "SHOULD be able to use" > might be a better wording choice implying its subject to > configuration by the operator. If you want a more complete list of > places where I think this might be a problem, I can supply one of > course. not sure this is sufficiently problematic to tempt the $dieties post iesg approval. > D.5) "If available to the operator...". How would the router know > what's available to the operator? Or does this mean that if the > device already implements protocol X, it must offer it as a > configuration choice for rpki-rtr transport? If so, that's not > entirely clear. i think the meaning is pretty clear, though i guess it could be better phrased. but it has to be available on *both* router and cache server. > D.6) I'd order the sub-sections to be in the same order as the list > above it. IE, TCP-AO is first in the list, so the TCP-AO > sub-section should probably come first. probably. but it may be safest to let the rfced hack it. > E) 7.1 SSH transport "Client routers SHOULD verify the public key of the > cache". Similar to D.4, I'd change this to "Client routers MUST > be able to verify the public key of the cache". the looser but riskier phrasing was not an accident. > F) 7.2 TLS transports: the CN field is really being deprecated and I'd > suggest using the subject alt name instead (SAN). see -26 for a complete rewrite of the tls section > G) section 8, paragraph 2 implies that the cache needs a list of names > for the peer and I'm not sure this is true. In fact much of that > paragraph talks about the router/client side only, so I'd split the > paragraph in two: one for cache requirements and one for the router > requirements. > > H) section 8: I'd change "Key" to either "TheirKey" or "ItsKey" if so, probably should be CacheKey. but whose key it is seems very clear from the next few words, yes? > I) section 8: "it would be prudent for the client"... This seems like a > good place for the word SHOULD to sneak in there somewhere. eenie meenie. did not see a need to be that strongly prescriptive. > J) section 8: "if data from multiple caches are held, implementations > MUST NOT distinguish between data sources when performing > validation". > > This one confuses me. It's unclear, after reading the entire > document, why you have a preference ordered list if the data from > them all must be treated equally. proximity and security randy From Sandra.Murphy@sparta.com Sun Feb 5 19:53:04 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1975921F8543 for ; Sun, 5 Feb 2012 19:53:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.46 X-Spam-Level: X-Spam-Status: No, score=-102.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8nubPTdBBuLy for ; Sun, 5 Feb 2012 19:53:03 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 6983B21F853A for ; Sun, 5 Feb 2012 19:53:03 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q163r29K021882 for ; Sun, 5 Feb 2012 21:53:02 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q163r27Y028489 for ; Sun, 5 Feb 2012 21:53:02 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Sun, 5 Feb 2012 22:53:01 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: congratulations to working group and authors Thread-Index: AczkgIcjg1XgPTy8SYKZ0Bl+1XZBwg== Date: Mon, 6 Feb 2012 03:53:00 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60856D1@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.137] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] congratulations to working group and authors X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 03:53:04 -0000 Congratulations to the working group and in particular to the authors for t= he=20 publication of the following RFCs. Thanks to the authors for all the hard = work to=20 complete this large set of documents. 1. RFC 6480 on An Infrastructure to Support Secure Internet Routing M. Lepinski, S. Kent 2. RFC 6481 on A Profile for Resource Certificate Repository=20 Structure G. Huston, R. Loomans, G. Michaelson 3. RFC 6482 on A Profile for Route Origin Authorizations (ROAs) M. Lepinski, S. Kent, D. Kong 4. RFC 6483 on Validation of Route Origination Using the Resource=20 Certificate Public Key Infrastructure (PKI) and Route Origin=20 Authorizations (ROAs) G. Huston, G. Michaelson 5. BCP 173, RFC 6484 on Certificate Policy (CP) for the Resource=20 Public Key Infrastructure (RPKI) S. Kent, D. Kong, K. Seo, R. Watro 6. RFC 6485 on The Profile for Algorithms and Key Sizes for Use in=20 the Resource Public Key Infrastructure (RPKI) G. Huston 7. RFC 6486 on Manifests for the Resource Public Key Infrastructure=20 (RPKI) R. Austein, G. Huston, S. Kent, M. Lepinski 8. RFC 6487 on A Profile for X.509 PKIX Resource Certificates G. Huston, G. Michaelson, R. Loomans 9. RFC 6488 on Signed Object Template for the Resource Public Key=20 Infrastructure (RPKI) M. Lepinski, A. Chi, S. Kent 10. BCP 174, RFC 6489 on Certification Authority (CA) Key Rollover in=20 the Resource Public Key Infrastructure (RPKI) G. Huston, G. Michaelson, S. Kent 11. RFC 6490 on Resource Public Key Infrastructure (RPKI) Trust Anchor=20 Locator G. Huston, S. Weiler, G. Michaelson, S. Kent 12. RFC 6491 on Resource Public Key Infrastructure (RPKI) Objects=20 Issued by IANA T. Manderson, L. Vegoda, S. Kent 13. RFC 6492 on A Protocol for Provisioning Resource Certificates G. Huston, R. Loomans, B. Ellacott, R. Austein 14. RFC 6493 on The Resource Public Key Infrastructure (RPKI)=20 Ghostbusters Record R. Bush Congratulations and thanks particularly to Geoff Huston, who started=20 the working group with just the draft-huston-sidr-res-certs-00 draft=20 way back in May 2006. Congratulations are also due to the csi working group for the=20 publication of their drafts, which are in this cluster because=20 they rely on the sidr work: RFC 6494 on Certificate Profile and Certificate Management for=20 SEcure Neighbor Discovery (SEND) R. Gagliano, S. Krishnan, A. Kukec RFC 6495 on Subject Key Identifier (SKI) SEcure Neighbor=20 Discovery (SEND) Name Type Fields R. Gagliano, S. Krishnan, A. Kukec RFC 6496 on Secure Proxy ND Support for SEcure Neighbor=20 Discovery (SEND) S. Krishnan, J. Laganier, M. Bonola, A. Garcia-Martinez= From wjhns1@hardakers.net Sun Feb 5 20:51:17 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B25A421F8597 for ; Sun, 5 Feb 2012 20:51:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umktpglY+4C9 for ; Sun, 5 Feb 2012 20:51:14 -0800 (PST) Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id 07AFA21F8598 for ; Sun, 5 Feb 2012 20:51:13 -0800 (PST) Received: from localhost (unknown [IPv6:2001:470:1f00:187:224:7eff:fe6b:2b3e]) by mail.hardakers.net (Postfix) with ESMTPSA id 682B63C2; Sun, 5 Feb 2012 20:51:12 -0800 (PST) From: Wes Hardaker To: Randy Bush References: <0lvcnmij65.fsf@wjh.hardakers.net> Date: Sun, 05 Feb 2012 20:51:11 -0800 In-Reply-To: (Randy Bush's message of "Sat, 04 Feb 2012 15:43:04 -0800") Message-ID: <0lty34k1j4.fsf@wjh.hardakers.net> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Cc: sidr wg list Subject: Re: [sidr] rpki-rtr-25 notes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 04:51:17 -0000 >>>>> On Sat, 04 Feb 2012 15:43:04 -0800, Randy Bush said: >> A) It's too early for nit edits RB> not really. as the iesg has approved this one, changes are going to be RB> a process pain. so this message pushes back on some of your suggestions RB> which i would otherwise have gladly taken. As I said in a private message to you the other day: I think I probably hold the record for "people that responded with comments about a draft after the very last cut-off date". I'm exceptionally good at being a day or two late about reviewing drafts. RB> if so, probably should be CacheKey. but whose key it is seems very RB> clear from the next few words, yes? I think "CacheKey" is perfect, except that then I'd want to change "MyKey" to "RouterKey". >> I) section 8: "it would be prudent for the client"... This seems like a >> good place for the word SHOULD to sneak in there somewhere. RB> eenie meenie. did not see a need to be that strongly prescriptive. >> J) section 8: "if data from multiple caches are held, implementations >> MUST NOT distinguish between data sources when performing >> validation". >> >> This one confuses me. It's unclear, after reading the entire >> document, why you have a preference ordered list if the data from >> them all must be treated equally. RB> proximity and security The above two issues just made me wonder about the interchangeability of the configuration model. Since the text shys away from describing what actually happens when you have multiple caches available, we'll end up with a case where a configuration set on one machine may not act the same way on another. Though there is no standard configuration model at the moment, so maybe it's all moot until someone creates a YANG follow-up. -- Wes Hardaker SPARTA, Inc. From wjhns1@hardakers.net Sun Feb 5 20:52:30 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C1C821F8473 for ; Sun, 5 Feb 2012 20:52:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zn3MyrSN1i2q for ; Sun, 5 Feb 2012 20:52:30 -0800 (PST) Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id EF5F221F8441 for ; Sun, 5 Feb 2012 20:52:29 -0800 (PST) Received: from localhost (unknown [IPv6:2001:470:1f00:187:224:7eff:fe6b:2b3e]) by mail.hardakers.net (Postfix) with ESMTPSA id 663554AC; Sun, 5 Feb 2012 20:52:29 -0800 (PST) From: Wes Hardaker To: Wes Hardaker References: <0lvcnmij65.fsf@wjh.hardakers.net> <0lty34k1j4.fsf@wjh.hardakers.net> Date: Sun, 05 Feb 2012 20:52:29 -0800 In-Reply-To: <0lty34k1j4.fsf@wjh.hardakers.net> (Wes Hardaker's message of "Sun, 05 Feb 2012 20:51:11 -0800") Message-ID: <0lpqdsk1gy.fsf@wjh.hardakers.net> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Cc: sidr wg list Subject: Re: [sidr] rpki-rtr-25 notes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 04:52:30 -0000 [PPS: I don't expect a response to my just-posted-note since it's really beyond the point of worth in keeping the discussion going] -- Wes Hardaker SPARTA, Inc. From stbryant@cisco.com Mon Feb 6 05:16:39 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FA0E21F863B for ; Mon, 6 Feb 2012 05:16:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.619 X-Spam-Level: X-Spam-Status: No, score=-110.619 tagged_above=-999 required=5 tests=[AWL=-0.020, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQtLhi9OmvTv for ; Mon, 6 Feb 2012 05:16:35 -0800 (PST) Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 353C721F85DD for ; Mon, 6 Feb 2012 05:16:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=stbryant@cisco.com; l=6246; q=dns/txt; s=iport; t=1328534195; x=1329743795; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=KP0tmzYZ2GtbbzHRB6b+Q8yNOp/UBYg7MdIfzOT9tzs=; b=hyJcpB5ZZo6bKzp8caR+cTRYFEYzbQXeflLQzogC9NFZkxeZSm/cVteP 0rHf3WhyY3e1LMPxZThou4hJf7cAtJIbm1Ov4nRIDRZXvqPO1Um5K9+g8 r4yBxKQ4JFmp9gfuBOUCYFNvx7MwYs3fclKfe0rCg8X1GJn9BLvbvRqBV s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAHzSL0+Q/khR/2dsb2JhbABDrzmBBYFyAQEBBAEBAQ8BAgERETYKARALGAkWDwkDAgECARUwBg0BBQIBAR6HY5oXAYMxDwGbH4tcCAEEAgECAgkEAQ0EBgELAQgFAwMJgxEZBAMMAxQFYwMKAQEBAQEBFYM5BJUokls X-IronPort-AV: E=Sophos;i="4.73,370,1325462400"; d="scan'208";a="65466573" Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-2.cisco.com with ESMTP; 06 Feb 2012 13:16:08 +0000 Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q16DG8Bx009625; Mon, 6 Feb 2012 13:16:08 GMT Received: from stbryant-mac2.local (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id q16DG7cq015354; Mon, 6 Feb 2012 13:16:07 GMT Message-ID: <4F2FD296.3090808@cisco.com> Date: Mon, 06 Feb 2012 13:16:06 +0000 From: Stewart Bryant User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Randy Bush References: <0lvcnmij65.fsf@wjh.hardakers.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: sidr wg list Subject: Re: [sidr] rpki-rtr-25 notes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: stbryant@cisco.com List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 13:16:39 -0000 Randy The process: If they are just nits, then just tell the editor either now or in Auth48. If they are technical errors such as those that would be excepted under errata - i.e. the intent of the IETF was clear but the wrong words were put in the draft - I will sign them off in Auth48. If they are real technical changes, then it is too late, a draft updating this RFC needs to be written. ... unless of course the protocol is broken and thus we cannot proceed with publication, in which case the draft has to be withdrawn from the RFC Editor's queue and I need to figure out how far back in the process I need to take the draft. Fortunately I do not think that there are any in the final category. - Stewart On 04/02/2012 23:43, Randy Bush wrote: >> A) It's too early for nit edits > not really. as the iesg has approved this one, changes are going to be > a process pain. so this message pushes back on some of your suggestions > which i would otherwise have gladly taken. > > perhaps the sponsoring AD will give me/us some guidance in this. > > also please excuse the roughness of my response. i just hit san diego > from a few time zones to the west. > >> 5.1, 3rd paragraph(/sentence): is only -> is *the* only > done > >> B) 5.9: the 2nd and 4th paragraphs seem to contradict each other. I >> suspect that the intent is that you can send a generic error after a >> particular PDU, but the way it's phrased is a bit odd and it jumped >> out at me too. How about: >> >> If the error is generic (e.g. "Internal Error") and not associated >> with the PDU it is responding to, the Erroneous PDU field ... > sure > >> C) 5.10 seems to indicate rcynic > not in -26 > >> D.1) "Unfortunately there is no protocol to do so on all currently used >> platforms". >> I actually doubt the validity of that statement. I suspect SSH is >> likely available on them all. > no it is not. see voluminous discussion on list. to save you the > search, very common router platforms provide hard coded ssh client and > server, but no ssh library which a protocol such as this can use. > >> Or at least "nearly all" (and I doubt anything will ever reach >> "all"). I'd bet TLS is nearly ubiquitous as well, though >> probably less than SSH. > about the same mess > >> D.2) The ordering of the 5th-8th(ish) paragraphs seems weird. I'd group >> them together by subject such that the sections that talked about >> unprotected TCP should be next to each other and the ones that >> talked about the protected ones be together. Thus, I think just >> moving the 2 unprotected paragraphs ("Caches and routers MUST..." >> and "If unprotected TCP...") to positions 5 and 6 would solve most >> of the oddities. > not sure this is sufficiently problematic to tempt the $dieties post > iesg approval. > >> D.3) I'm not sure that the whole concept of "MUST implement unprotected" >> is going to fly through a security review. > it did. after a bit of discussion. > >> D.4) There is some confusion regarding whether routers "use" vs "can be >> configured to use". EG: "Caches and routers SHOULD use TCP-AO..." >> IMHO, this indicates they have a choice. "SHOULD be able to use" >> might be a better wording choice implying its subject to >> configuration by the operator. If you want a more complete list of >> places where I think this might be a problem, I can supply one of >> course. > not sure this is sufficiently problematic to tempt the $dieties post > iesg approval. > >> D.5) "If available to the operator...". How would the router know >> what's available to the operator? Or does this mean that if the >> device already implements protocol X, it must offer it as a >> configuration choice for rpki-rtr transport? If so, that's not >> entirely clear. > i think the meaning is pretty clear, though i guess it could be better > phrased. but it has to be available on *both* router and cache server. > >> D.6) I'd order the sub-sections to be in the same order as the list >> above it. IE, TCP-AO is first in the list, so the TCP-AO >> sub-section should probably come first. > probably. but it may be safest to let the rfced hack it. > >> E) 7.1 SSH transport "Client routers SHOULD verify the public key of the >> cache". Similar to D.4, I'd change this to "Client routers MUST >> be able to verify the public key of the cache". > the looser but riskier phrasing was not an accident. > >> F) 7.2 TLS transports: the CN field is really being deprecated and I'd >> suggest using the subject alt name instead (SAN). > see -26 for a complete rewrite of the tls section > >> G) section 8, paragraph 2 implies that the cache needs a list of names >> for the peer and I'm not sure this is true. In fact much of that >> paragraph talks about the router/client side only, so I'd split the >> paragraph in two: one for cache requirements and one for the router >> requirements. >> >> H) section 8: I'd change "Key" to either "TheirKey" or "ItsKey" > if so, probably should be CacheKey. but whose key it is seems very > clear from the next few words, yes? > >> I) section 8: "it would be prudent for the client"... This seems like a >> good place for the word SHOULD to sneak in there somewhere. > eenie meenie. did not see a need to be that strongly prescriptive. > >> J) section 8: "if data from multiple caches are held, implementations >> MUST NOT distinguish between data sources when performing >> validation". >> >> This one confuses me. It's unclear, after reading the entire >> document, why you have a preference ordered list if the data from >> them all must be treated equally. > proximity and security > > randy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > -- For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html From stbryant@cisco.com Mon Feb 6 06:17:38 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6805B21F84D8; Mon, 6 Feb 2012 06:17:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.619 X-Spam-Level: X-Spam-Status: No, score=-110.619 tagged_above=-999 required=5 tests=[AWL=-0.020, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dsLr-nmsE9+n; Mon, 6 Feb 2012 06:17:34 -0800 (PST) Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 2574721F84D4; Mon, 6 Feb 2012 06:17:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=stbryant@cisco.com; l=3554; q=dns/txt; s=iport; t=1328537854; x=1329747454; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=m3mzTKeaOfvCAc895lfGQHwTy313XJfsnMRxkDeBvWs=; b=fZ3tGaN/ISir4AHPImAgcg5Jg9GhZodI60IKFn5TND/Kjgke4936pgse Fctv25leB7wBA+fSlcjezju5ASY8VEa6dqGNekgBARoFQA14cyNvGLGsg /tTemn/F1+0xSM8hhxzjwlcbu/bVwKDzJLUrV1jclX9gqLAMaZAEycyRJ 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAI7gL0+Q/khR/2dsb2JhbABDrzmBBYFyAQEBBAEBAQ8BAgEiNgoBEAsYCRYPCQMCAQIBFTAGDQEFAgEBHodjmkkBgzEPAZsdBItkAQQCAQICCQQBDQQGAQsBCAUDAwmDERkEAwwDFAVjAwoBAQEBAQEDAgoCCgSDLwSVKJJb X-IronPort-AV: E=Sophos;i="4.73,370,1325462400"; d="scan'208";a="65475048" Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-2.cisco.com with ESMTP; 06 Feb 2012 14:17:32 +0000 Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q16EHWK1023724; Mon, 6 Feb 2012 14:17:32 GMT Received: from stbryant-mac2.local (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id q16EHTnq019542; Mon, 6 Feb 2012 14:17:31 GMT Message-ID: <4F2FE0F9.5000600@cisco.com> Date: Mon, 06 Feb 2012 14:17:29 +0000 From: Stewart Bryant User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: "Murphy, Sandra" References: <24B20D14B2CD29478C8D5D6E9CBB29F60856D1@Hermes.columbia.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60856D1@Hermes.columbia.ads.sparta.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: RFC Editor , "iesg@ietf.org" , "sidr@ietf.org" Subject: Re: [sidr] congratulations to working group and authors X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: stbryant@cisco.com List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 14:17:38 -0000 I would also like to extend my congratulations to all, including the chairs, on completing this cluster of 17 RFCs. I would also like to extend my thanks the authors for their professionalism and commitment during the Auth48 process. Finally, I would like to thank the RFC Editor for their work in pulling together the publication of this complex document set. Stewart On 06/02/2012 03:53, Murphy, Sandra wrote: > Congratulations to the working group and in particular to the authors for the > publication of the following RFCs. Thanks to the authors for all the hard work to > complete this large set of documents. > > 1. RFC 6480 on An Infrastructure to Support Secure Internet Routing > M. Lepinski, S. Kent > > 2. RFC 6481 on A Profile for Resource Certificate Repository > Structure > G. Huston, R. Loomans, G. Michaelson > > 3. RFC 6482 on A Profile for Route Origin Authorizations (ROAs) > M. Lepinski, S. Kent, D. Kong > > 4. RFC 6483 on Validation of Route Origination Using the Resource > Certificate Public Key Infrastructure (PKI) and Route Origin > Authorizations (ROAs) > G. Huston, G. Michaelson > > 5. BCP 173, RFC 6484 on Certificate Policy (CP) for the Resource > Public Key Infrastructure (RPKI) > S. Kent, D. Kong, K. Seo, R. Watro > > 6. RFC 6485 on The Profile for Algorithms and Key Sizes for Use in > the Resource Public Key Infrastructure (RPKI) > G. Huston > > 7. RFC 6486 on Manifests for the Resource Public Key Infrastructure > (RPKI) > R. Austein, G. Huston, S. Kent, M. Lepinski > > 8. RFC 6487 on A Profile for X.509 PKIX Resource Certificates > G. Huston, G. Michaelson, R. Loomans > > 9. RFC 6488 on Signed Object Template for the Resource Public Key > Infrastructure (RPKI) > M. Lepinski, A. Chi, S. Kent > > 10. BCP 174, RFC 6489 on Certification Authority (CA) Key Rollover in > the Resource Public Key Infrastructure (RPKI) > G. Huston, G. Michaelson, S. Kent > > 11. RFC 6490 on Resource Public Key Infrastructure (RPKI) Trust Anchor > Locator > G. Huston, S. Weiler, G. Michaelson, S. Kent > > 12. RFC 6491 on Resource Public Key Infrastructure (RPKI) Objects > Issued by IANA > T. Manderson, L. Vegoda, S. Kent > > 13. RFC 6492 on A Protocol for Provisioning Resource Certificates > G. Huston, R. Loomans, B. Ellacott, R. Austein > > 14. RFC 6493 on The Resource Public Key Infrastructure (RPKI) > Ghostbusters Record > R. Bush > > Congratulations and thanks particularly to Geoff Huston, who started > the working group with just the draft-huston-sidr-res-certs-00 draft > way back in May 2006. > > Congratulations are also due to the csi working group for the > publication of their drafts, which are in this cluster because > they rely on the sidr work: > > RFC 6494 on Certificate Profile and Certificate Management for > SEcure Neighbor Discovery (SEND) > R. Gagliano, S. Krishnan, A. Kukec > > RFC 6495 on Subject Key Identifier (SKI) SEcure Neighbor > Discovery (SEND) Name Type Fields > R. Gagliano, S. Krishnan, A. Kukec > > RFC 6496 on Secure Proxy ND Support for SEcure Neighbor > Discovery (SEND) > S. Krishnan, J. Laganier, M. Bonola, A. Garcia-Martinez > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > From iesg-secretary@ietf.org Mon Feb 6 10:14:51 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAF821F86A7; Mon, 6 Feb 2012 10:14:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.546 X-Spam-Level: X-Spam-Status: No, score=-102.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ka995HT7LuEp; Mon, 6 Feb 2012 10:14:51 -0800 (PST) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D5121F86D9; Mon, 6 Feb 2012 10:14:50 -0800 (PST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 3.64p1 Message-ID: <20120206181450.31717.41550.idtracker@ietfa.amsl.com> Date: Mon, 06 Feb 2012 10:14:50 -0800 Cc: sidr mailing list , sidr chair , RFC Editor Subject: [sidr] Protocol Action: 'The RPKI/Router Protocol' to Proposed Standard (draft-ietf-sidr-rpki-rtr-26.txt) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 18:14:51 -0000 The IESG has approved the following document: - 'The RPKI/Router Protocol' (draft-ietf-sidr-rpki-rtr-26.txt) as a Proposed Standard This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Stewart Bryant and Adrian Farrel. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-rtr/ Technical Summary In order to verifiably validate the origin ASs of BGP announcements, routers need a simple but reliable mechanism to receive RPKI [I-D.ietf-sidr-arch] prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. Working Group Summary There was significant discussion on-list about authentication protocols to be used between the 2 parties in play (router/cache), this did wind down to a conclusion though, which is a positive result. There was significant discussion during and after IETF Last Call on the implications of various TCP security models, and the draft has been updated to reflect the conclusion of these discussions. Document Quality There are no concerns over the quality of the document. As observed by reference in the document there are multiple implementations of the protocol. Personnel Chris Morrow is the Document Shepherd. Stewart Bryant is the Responsible Area Director. From andrei.robachevsky@gmail.com Wed Feb 8 02:50:30 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B46D21F86B2; Wed, 8 Feb 2012 02:50:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.642 X-Spam-Level: X-Spam-Status: No, score=-3.642 tagged_above=-999 required=5 tests=[AWL=-0.043, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Jy48SG5FrlB; Wed, 8 Feb 2012 02:50:29 -0800 (PST) Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id EE4BA21F86AD; Wed, 8 Feb 2012 02:50:28 -0800 (PST) Received: by bkuw12 with SMTP id w12so384214bku.31 for ; Wed, 08 Feb 2012 02:50:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=eYeL3ue40yUYlpAZ5BIbjE9KjQwNR4jE9FU4GGl1tGc=; b=KE2N+9gomhkhTrCr0RTKv4Xr9eJc6avOqNqzh5sPSWbtefA0AiXBE2PGwdrhLgj+hg Poc6frJoODYmD6pao210wQ/oeW9hdFyhy9bVETyCeIzVN/QtmMPi6cq9sKKUq29lqSh4 jY3gQjtmwW6LBMdwKHDlTgxfY3eHkEE336coQ= Received: by 10.205.137.136 with SMTP id io8mr4197736bkc.106.1328698228030; Wed, 08 Feb 2012 02:50:28 -0800 (PST) Received: from Andrei-Robachevskys-MacBook-Air.local (d126092.upc-d.chello.nl. [213.46.126.92]) by mx.google.com with ESMTPS id jc4sm3209269bkc.7.2012.02.08.02.50.25 (version=SSLv3 cipher=OTHER); Wed, 08 Feb 2012 02:50:26 -0800 (PST) Message-ID: <4F325370.9040504@gmail.com> Date: Wed, 08 Feb 2012 11:50:24 +0100 From: Andrei Robachevsky User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: "Murphy, Sandra" References: <24B20D14B2CD29478C8D5D6E9CBB29F6076C7A@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F6076D46@Hermes.columbia.ads.sparta.com>, <24B20D14B2CD29478C8D5D6E9CBB29F6076E24@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F60853E6@Hermes.columbia.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60853E6@Hermes.columbia.ads.sparta.com> X-Enigmail-Version: 1.3.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "sidr-chairs@ietf.org" , "sidr@ietf.org" Subject: Re: [sidr] interim meeting registration X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 10:50:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Will remote participation be available? Thanks, Andrei Murphy, Sandra wrote on 03/02/2012 20:17: > Just a reminder. > > The interim meeting is set for next Thursday, 9 Feb in San Diego. > > Registration is free. Registration is easy (email > interim-sidr@tislabs.com, see below). Registration is open to all. > Registration is ongoing. Registration is encouraged (so we know how > many to expect). > > --Sandy, speaking as wg co-chair > > ________________________________________ From: Murphy, Sandra Sent: > Thursday, January 26, 2012 6:22 PM To: Murphy, Sandra; > sidr@ietf.org Cc: sidr-chairs@ietf.org Subject: RE: interim meeting > registration > > I should have known that IETF-ers would not be happy with the free > format specification I gave below. I have received a couple of > requests for clarification. > > So. > > The registration request message should have the following: > > Name: Affiliation: E-mail address: > > The e-mail address will not be noted on the wiki attendees page. > > --Sandy, speaking as co-chair > > >> -----Original Message----- From: sidr-bounces@ietf.org >> [mailto:sidr-bounces@ietf.org] On Behalf Of Murphy, Sandra Sent: >> Thursday, January 26, 2012 5:00 PM To: sidr@ietf.org Cc: >> sidr-chairs@ietf.org Subject: Re: [sidr] interim meeting >> registration >> >> Forgot to ask: >> >> In your registration message, please indicate your affiliation, >> for the purpose of completing the wiki attendee list. >> >> Also, the obligatory note that this is >> >> --Sandy, speaking as wg co-chair >> >> ________________________________________ From: Murphy, Sandra >> Sent: Thursday, January 26, 2012 4:09 PM To: sidr@ietf.org Cc: >> sidr-chairs@ietf.org Subject: interim meeting registration >> >> Logistics are made for the interim meeting. >> >> To register for the meeting, please send a message to interim- >> sidr@tislabs.com. There is NO registration fee for this meeting, >> but please do register so room arrangements are suitable for the >> number of attendees. Updates on meeting logistics will be sent >> to those who register. >> >> Registration will close if the room is filled to capacity. I >> honestly don't think that is likely, unless most of the NANOG >> attendees decide to come. >> >> A wiki page on the tools' site sidr wiki has been created: >> http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting20120209. >> The agenda at the moment is just as was announced. Updates to >> the agenda will be posted to that wiki page. >> >> A list of those registered will be maintained at >> http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting20120209- >> >> attendees. >> >> --Sandy _______________________________________________ sidr >> mailing list sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list > sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8yU28ACgkQljz5tZmtij+38wCfZQ7IsKTEzR3Eb33CfI1Svruu sQEAnRLADMsgUMfCn8XCD/uxIdScux+Q =lux9 -----END PGP SIGNATURE----- From Sandra.Murphy@sparta.com Wed Feb 8 05:23:00 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1816A21F85D8 for ; Wed, 8 Feb 2012 05:23:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.72 X-Spam-Level: X-Spam-Status: No, score=-101.72 tagged_above=-999 required=5 tests=[AWL=-0.610, BAYES_05=-1.11, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67pj0Jp0gutb for ; Wed, 8 Feb 2012 05:22:59 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 215B621F85C4 for ; Wed, 8 Feb 2012 05:22:58 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q18DMvaQ012059 for ; Wed, 8 Feb 2012 07:22:57 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q18DMvDH003671 for ; Wed, 8 Feb 2012 07:22:57 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Wed, 8 Feb 2012 08:22:56 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: interim sidr meeting - remote participation - WebEx details Thread-Index: AczmZGWKbSjIrUW8TqG17FU7kWrBTw== Date: Wed, 8 Feb 2012 13:22:55 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6085D20@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] interim sidr meeting - remote participation - WebEx details X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:23:00 -0000 A WebEx session has been arranged by the IETF Secretariat for remote partic= ipation in the interim sidr meeting Thu 9 Mar. Below is the WebEx announcement of the meeting. --Sandy, speaking as wg co-chair =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D The IETF SIDR co-chairs invite you to attend this online meeting.=20 Topic: IETF WebEx=20 Date: Thursday, February 9, 2012=20 Time: 9:00 am, Pacific Standard Time (San Francisco, GMT-08:00)=20 Meeting Number: 969 770 530=20 Meeting Password: (This meeting does not require a password.)=20 -------------------------------------------------------=20 To join the online meeting (Now from mobile devices!)=20 -------------------------------------------------------=20 1. Go to https://workgreen.webex.com/workgreen/j.php?ED=3D190625237&UID=3D0= &RT=3DMiM0=20 2. If requested, enter your name and email address.=20 3. If a password is required, enter the meeting password: (This meeting doe= s not require a password.)=20 4. Click "Join".=20 To view in other time zones or languages, please click the link:=20 https://workgreen.webex.com/workgreen/j.php?ED=3D190625237&UID=3D0&ORT=3DMi= M0=20 -------------------------------------------------------=20 To join the audio conference only=20 -------------------------------------------------------=20 To receive a call back, provide your phone number when you join the meeting= , or call the number below and enter the access code.=20 Call-in toll-free number (US/Canada): 1-877-668-4490=20 Call-in toll number (US/Canada): 1-408-792-6300=20 Global call-in numbers: https://workgreen.webex.com/workgreen/globalcallin.= php?serviceType=3DMC&ED=3D190625237&tollFree=3D1=20 Toll-free dialing restrictions: http://www.webex.com/pdf/tollfree_restricti= ons.pdf=20 Access code:969 770 530=20 -------------------------------------------------------=20 For assistance=20 -------------------------------------------------------=20 1. Go to https://workgreen.webex.com/workgreen/mc=20 2. On the left navigation bar, click "Support".=20 You can contact support at:=20 amorris@amsl.com=20 1-510-492-4081=20 To add this meeting to your calendar program (for example Microsoft Outlook= ), click this link:=20 https://workgreen.webex.com/workgreen/j.php?ED=3D190625237&UID=3D0&ICS=3DMI= &LD=3D1&RD=3D2&ST=3D1&SHA2=3DANsxg25yn/5HHE9KPUeXZtnbWAMNqdqowJxTiz7JHE8=3D= &RT=3DMiM0=20 The playback of UCF (Universal Communications Format) rich media files requ= ires appropriate players. To view this type of rich media files in the meet= ing, please check whether you have the players installed on your computer b= y going to https://workgreen.webex.com/workgreen/systemdiagnosis.php.=20 Sign up for a free trial of WebEx=20 http://www.webex.com/go/mcemfreetrial=20 http://www.webex.com=20 CCP:+14087926300x969770530#=20 IMPORTANT NOTICE: This WebEx service includes a feature that allows audio a= nd any documents and other materials exchanged or viewed during the session= to be recorded. By joining this session, you automatically consent to such= recordings. If you do not consent to the recording, discuss your concerns = with the meeting host prior to the start of the recording or do not join th= e session. Please note that any such recordings may be subject to discovery= in the event of litigation. = From Sandra.Murphy@sparta.com Wed Feb 8 20:52:39 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C155821E801B for ; Wed, 8 Feb 2012 20:52:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.445 X-Spam-Level: X-Spam-Status: No, score=-102.445 tagged_above=-999 required=5 tests=[AWL=0.154, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E61sz6FByEu0 for ; Wed, 8 Feb 2012 20:52:39 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id A057421E8017 for ; Wed, 8 Feb 2012 20:52:35 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q194qYNF020261 for ; Wed, 8 Feb 2012 22:52:34 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q194qXXK030287 for ; Wed, 8 Feb 2012 22:52:33 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Wed, 8 Feb 2012 23:52:33 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: interim sidr meeting location (and room change) Thread-Index: AQHM5uaiqqDgTEHzHUCB5FsTp3/NCQ== Date: Thu, 9 Feb 2012 04:52:32 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6086FDA@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] interim sidr meeting location (and room change) X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 04:52:39 -0000 The interim sidr meeting will be located at Bristol Hotel 1055 First Avenue, San Diego, California 92101 Phone: 800-662-4477 http://www.thebristolsandiego.com/ All those who registered should have received a message with this info. The message also said that we would be in their City Scene room. That has = changed - they moved us into the Starlight ballroom. (They only have two meeting rooms.) = There will be a sign in the lobby. The Starlight Ballroom is located on the 9th floor. --Sandy= From Sandra.Murphy@sparta.com Thu Feb 9 06:08:28 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7890321F862D for ; Thu, 9 Feb 2012 06:08:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.705 X-Spam-Level: X-Spam-Status: No, score=-101.705 tagged_above=-999 required=5 tests=[AWL=-0.595, BAYES_05=-1.11, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbL7oE2RPis7 for ; Thu, 9 Feb 2012 06:08:27 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8EC21F8622 for ; Thu, 9 Feb 2012 06:08:27 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q19E8QHa022364 for ; Thu, 9 Feb 2012 08:08:26 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q19E8NeR004744 for ; Thu, 9 Feb 2012 08:08:26 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Thu, 9 Feb 2012 09:08:23 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: agenda and materials for interim meeting Thu 09 Feb 2012 Thread-Index: AQHM5yioOxLvLbHu9EiOfzBFbA67yA== Date: Thu, 9 Feb 2012 14:08:22 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F608707E@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] agenda and materials for interim meeting Thu 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 14:08:28 -0000 First, I'd like to point to everyone that the IETF Secretariat (happiness a= nd long life to them) now support interim meetings with a proceedings page. The proceedings page for the Thu 09 Feb 2012 interim sidr meeting is here: http://www.ietf.org/proceedings/interim/2012/02/09/sidr/proceedings.html Remote participation via WebEx has been announced. As usual, a jabber scri= be will volunteer (or be drafted). Remote participants can actively participate - including slides, if you sen= d them to the chairs for upload. The final agenda is below. Note that based on experience here in San Diego= , the lunch break has been lengthened. --Sandy Secure Inter-Domain Routing WG (sidr) IETF 82 - Taipei, Taiwan CHAIR(s): Sandra Murphy Chris Morrow =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D THURSDAY, 09 FEBRUARY 2012 0900-1700 AGENDA: 1) Administrivia = 5 minutes = 9:00-9:05 - Mailing list: http://www.ietf.org/mail-archive/web/sidr/index.html - WG Resources: http://tools.ietf.org/wg/sidr/=20 - Minute taker? - Jabber Scribe? - Blue Sheets - Agenda Bashing 2) Freshness/Replay Protection 175 minut= es = 9:05-12:00 (a) Viewpoint framing the problem 10 minute= s Presenter: Sandy Murphy 9:0= 5-9:15 (b) Beaconing Burden 10= minutes Presenter: Sriram Kotikalapudi 9:15-= 9:25 General discussion = 9:25-12:00 =3D=3D=3D=3DLunch Break=3D=3D=3D=3D = 12:00-13:30 3) Route Leaks = 13:30-17:00 (a) Route Leaks = 10 minutes Presenter: Dongting Yu 13:3= 0-13:40 (b) Route Leaks = 10 minutes Presenter: Sandy Murphy (regular ol' member) 13:40-13:50 (c) Viewpoint, framing the problem 10 minute= s Presenter: Sean Turner 13:5= 0-14:00 General Discussion 18= 0 minutes = 14:00-17:00= From randy@psg.com Thu Feb 16 14:23:44 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3F6621E8098 for ; Thu, 16 Feb 2012 14:23:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.477 X-Spam-Level: X-Spam-Status: No, score=-2.477 tagged_above=-999 required=5 tests=[AWL=0.122, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g2wwKPj8ITK8 for ; Thu, 16 Feb 2012 14:23:43 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 7686D21E808D for ; Thu, 16 Feb 2012 14:23:43 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Ry9jp-0006j4-VH; Thu, 16 Feb 2012 22:23:42 +0000 Date: Thu, 16 Feb 2012 14:23:41 -0800 Message-ID: From: Randy Bush To: Jay Borkenhagen User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: sidr wg list Subject: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2012 22:23:44 -0000 jay, i sent you this a couple of months back and you said to wait. but i hear you have raised it again, so here it is, finally leaving my emacs edit buffer randy --- this is absolutely not for now, but for the next generation of the protocols once we have some experience under our belts. i.e. something to think about to keep you from being bored. an ops friend said that they have 10.0.0.0/8 with a lot of bgp customers below it. it will take a long time to get roas out for those customers. in the meantime they would like to protect 10.0.0.0/8 and maybe the two /9s below it. i am not sure i really support this idea as it defeats the basic protections against hole punching which we want. and it really just supports the lazy who are unable to simply run code against their back-end db to gen the roas. and if they don't have the back-end db, wuzza wuzza. but here is a hack which i think could do it. use max-len==0 to denote marking the exact prefix/len as valid, but not invalidating covered prefixes from other asns. i.e. issuing roas for 10.0.0.0/8-0 42 10.0.0.0/9-0 42 10.128.0.0/9-0 42 would cause the marking of the following as valid 10.0.0.0/8 42 10.0.0.0/9 42 10.128.0.0/9 42 and the following as notfound 10.42.0.0/24 42 10.42.0.0/16 666 10.77.0.0/24 666 but would cause the marking of the following as invalid 10.0.0.0/8 666 10.0.0.0/9 666 10.128.0.0/9 666 the friend realizes that 10.x.0.0/10 could be hole-punched to death. if he wants to stop that, he should not use max-len==0. randy From randy@psg.com Thu Feb 16 14:31:41 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AB0F21E803F for ; Thu, 16 Feb 2012 14:31:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.479 X-Spam-Level: X-Spam-Status: No, score=-2.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y4TO1EviBfjR for ; Thu, 16 Feb 2012 14:31:40 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id B17C021E8028 for ; Thu, 16 Feb 2012 14:31:40 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Ry9rY-0006kG-FG; Thu, 16 Feb 2012 22:31:40 +0000 Date: Thu, 16 Feb 2012 14:31:40 -0800 Message-ID: From: Randy Bush To: Jay Borkenhagen In-Reply-To: <20285.33623.837687.585262@oz.mt.att.com> References: <20285.33623.837687.585262@oz.mt.att.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2012 22:31:41 -0000 > My feeling now is that I'd rather not see RPKI-related standards > cluttered with this. If that means that the 10.0.0.0/8 folks have > some homework to do prior to publishing a ROA for 10.0.0.0/8 itself, > then so be it. > > (While this topic did come up just recently in another venue, I have > not been requesting it or even wishing it were so -- just > acknowledging that some of us providers will have some work to do.) i think we are in agreement on this one. after all, that's why we are paid the big bucks and pigs fly. as i said >> i am not sure i really support this idea as it defeats the basic >> protections against hole punching which we want. and it really just >> supports the lazy who are unable to simply run code against their >> back-end db to gen the roas. and if they don't have the back-end db, >> wuzza wuzza. but here is a hack which i think could do it. but hax r us, so i did suggest one :) randy From jayb@oz.mt.att.com Thu Feb 16 14:30:09 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A604C21F887D for ; Thu, 16 Feb 2012 14:30:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oh9Y786MxMjz for ; Thu, 16 Feb 2012 14:30:05 -0800 (PST) Received: from mail120.messagelabs.com (mail120.messagelabs.com [216.82.250.83]) by ietfa.amsl.com (Postfix) with ESMTP id C3CBB21E8028 for ; Thu, 16 Feb 2012 14:30:05 -0800 (PST) X-Env-Sender: jayb@oz.mt.att.com X-Msg-Ref: server-2.tower-120.messagelabs.com!1329431404!64012018!1 X-Originating-IP: [144.160.20.145] X-StarScan-Version: 6.5.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 23116 invoked from network); 16 Feb 2012 22:30:05 -0000 Received: from sbcsmtp6.sbc.com (HELO mlpd192.enaf.sfdc.sbc.com) (144.160.20.145) by server-2.tower-120.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 16 Feb 2012 22:30:05 -0000 Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q1GMUYuE029290 for ; Thu, 16 Feb 2012 17:30:34 -0500 Received: from sflint02.pst.cso.att.com (sflint02.pst.cso.att.com [144.154.234.229]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q1GMUSpN029225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 16 Feb 2012 17:30:28 -0500 Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by sflint02.pst.cso.att.com (RSA Interceptor) for ; Thu, 16 Feb 2012 17:29:54 -0500 Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q1GMTsrt024660 for ; Thu, 16 Feb 2012 17:29:54 -0500 Received: from oz.mt.att.com (oz.mt.att.com [135.16.165.23]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id q1GMToNE024596 for ; Thu, 16 Feb 2012 17:29:50 -0500 Received: by oz.mt.att.com (Postfix, from userid 500) id 0B0C42BF2C; Thu, 16 Feb 2012 17:29:50 -0500 (EST) X-Mailer: emacs 21.2.1 (via feedmail 8 I); VM 7.18 under Emacs 21.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20285.33623.837687.585262@oz.mt.att.com> Date: Thu, 16 Feb 2012 17:29:43 -0500 From: Jay Borkenhagen To: Randy Bush In-Reply-To: References: X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0 Sender: jayb@oz.mt.att.com X-RSA-Inspected: yes X-RSA-Classifications: public X-RSA-Action: allow Cc: sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: Jay Borkenhagen List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2012 22:32:59 -0000 Hi Randy, Thanks for participating in that discussion with me earlier. My feeling now is that I'd rather not see RPKI-related standards cluttered with this. If that means that the 10.0.0.0/8 folks have some homework to do prior to publishing a ROA for 10.0.0.0/8 itself, then so be it. (While this topic did come up just recently in another venue, I have not been requesting it or even wishing it were so -- just acknowledging that some of us providers will have some work to do.) Thanks. Jay B. Randy Bush writes: > jay, i sent you this a couple of months back and you said to wait. but > i hear you have raised it again, so here it is, finally leaving my emacs > edit buffer > > randy > > --- > > this is absolutely not for now, but for the next generation of the > protocols once we have some experience under our belts. i.e. something > to think about to keep you from being bored. > > an ops friend said that they have 10.0.0.0/8 with a lot of bgp customers > below it. it will take a long time to get roas out for those customers. > in the meantime they would like to protect 10.0.0.0/8 and maybe the two > /9s below it. > > i am not sure i really support this idea as it defeats the basic > protections against hole punching which we want. and it really just > supports the lazy who are unable to simply run code against their > back-end db to gen the roas. and if they don't have the back-end db, > wuzza wuzza. but here is a hack which i think could do it. > > use max-len==0 to denote marking the exact prefix/len as valid, but not > invalidating covered prefixes from other asns. i.e. issuing roas for > > 10.0.0.0/8-0 42 > 10.0.0.0/9-0 42 > 10.128.0.0/9-0 42 > > would cause the marking of the following as valid > > 10.0.0.0/8 42 > 10.0.0.0/9 42 > 10.128.0.0/9 42 > > and the following as notfound > > 10.42.0.0/24 42 > 10.42.0.0/16 666 > 10.77.0.0/24 666 > > but would cause the marking of the following as invalid > > 10.0.0.0/8 666 > 10.0.0.0/9 666 > 10.128.0.0/9 666 > > the friend realizes that 10.x.0.0/10 could be hole-punched to death. if > he wants to stop that, he should not use max-len==0. > > randy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr -- Jay Borkenhagen jayb@att.com AT&T Internet Services From Sandra.Murphy@sparta.com Thu Feb 16 17:08:14 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D9FE21F8700 for ; Thu, 16 Feb 2012 17:08:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.432 X-Spam-Level: X-Spam-Status: No, score=-102.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HDbr0lgMNCYM for ; Thu, 16 Feb 2012 17:08:10 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id A4AED21E805C for ; Thu, 16 Feb 2012 17:08:10 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1H1886c023138; Thu, 16 Feb 2012 19:08:08 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1H187ui013472; Thu, 16 Feb 2012 19:08:07 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Thu, 16 Feb 2012 20:08:07 -0500 From: "Murphy, Sandra" To: Randy Bush , Jay Borkenhagen Thread-Topic: [sidr] a hack for the next generation of rpki-based origin validation Thread-Index: AQHM7PmmF2OyLaZM20yGyhfPKpKNE5ZAQ4j9 Date: Fri, 17 Feb 2012 01:08:06 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6089564@Hermes.columbia.ads.sparta.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2012 01:08:14 -0000 Speaking as only a regular ol' member. btw: I agree with the "this is absolutely not for now" part. Your idea authorizes one prefix and says "more specifics are OK". =20 Synopsis: It doesn't buy you much and it makes life much more complicated. First, saying "more specifics are OK" does not buy you much protection. Right now, a hijack of the /8 itself and any more specifics will succeed. = That's=20 2*24 possible hijacks. (Yes, I know the /25-/32 will be rejected many plac= es=20 with prefix length limits.) In a time and place where RPKI was being used in origin validation, if the = /8=20 does not have a ROA, then a hijack of the /8 itself and any more specifics= =20 (not covered themselves by ROAs) will be judged UNKNOWN. That's=20 2*24 hijacks (max) looking UNKNOWN. In a time and place where RPKI was being used in origin validation, if the = /8=20 does have a "more specifics are OK" ROA, then a hijack of the /8 itself wil= l=20 be INVALID and any more specifics (not covered themselves by ROAs) will=20 be judged UNKOWN. That's 1 attack that is INVALID and 2**24-1 attacks=20 that are UNKNOWN. That's a 1/(2**24) improvement in your security. Not that much help. Second, life gets a lot more complicated. NOTE: I am not suggesting opening a discussion of how this idea might be=20 improved. I am pointing to the necessary confusion that results when there= =20 are contradicting sorts of semantics ("more specifics ARE OK" vs "more=20 specifics ARE BAD"). As the /8 ISP starts (or its customers start) to issue ROAs for more specif= ics,=20 it/they will want to issue the strong ROAs, the ones that protect against m= ore=20 specific hijacks as well. If there is a weak ROA for the /8 and a strong ROA for a /16, how do you=20 evaluate a route for a /24? =20 If there is a strong ROA for the /16, and a weak ROA for a /20, how do you= =20 evaluate a route for a /24?=20 Can you change a weak ROA into a strong ROA? When can you do that? =20 How will the change affect routing elsewhere? Etc. This complication of validation states was (imho) part of the dissatisfacti= on=20 with the BOA suggestion (BOA is another case of contradicting sematics). =20 The wg tussled with that for several meetings in a row and eventually gave= =20 up the idea. Been there, done that, burned the t-shirt, etc. --Sandy, regular ol' member ________________________________________ From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Randy Bush= [randy@psg.com] Sent: Thursday, February 16, 2012 5:23 PM To: Jay Borkenhagen Cc: sidr wg list Subject: [sidr] a hack for the next generation of rpki-based origin val= idation jay, i sent you this a couple of months back and you said to wait. but i hear you have raised it again, so here it is, finally leaving my emacs edit buffer randy --- this is absolutely not for now, but for the next generation of the protocols once we have some experience under our belts. i.e. something to think about to keep you from being bored. an ops friend said that they have 10.0.0.0/8 with a lot of bgp customers below it. it will take a long time to get roas out for those customers. in the meantime they would like to protect 10.0.0.0/8 and maybe the two /9s below it. i am not sure i really support this idea as it defeats the basic protections against hole punching which we want. and it really just supports the lazy who are unable to simply run code against their back-end db to gen the roas. and if they don't have the back-end db, wuzza wuzza. but here is a hack which i think could do it. use max-len=3D=3D0 to denote marking the exact prefix/len as valid, but not invalidating covered prefixes from other asns. i.e. issuing roas for 10.0.0.0/8-0 42 10.0.0.0/9-0 42 10.128.0.0/9-0 42 would cause the marking of the following as valid 10.0.0.0/8 42 10.0.0.0/9 42 10.128.0.0/9 42 and the following as notfound 10.42.0.0/24 42 10.42.0.0/16 666 10.77.0.0/24 666 but would cause the marking of the following as invalid 10.0.0.0/8 666 10.0.0.0/9 666 10.128.0.0/9 666 the friend realizes that 10.x.0.0/10 could be hole-punched to death. if he wants to stop that, he should not use max-len=3D=3D0. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr= From dougm.tlist@gmail.com Sat Feb 18 07:05:48 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F6021F859A for ; Sat, 18 Feb 2012 07:05:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YB1D2mllsU5v for ; Sat, 18 Feb 2012 07:05:42 -0800 (PST) Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3A0E721F8599 for ; Sat, 18 Feb 2012 07:05:42 -0800 (PST) Received: by qafi29 with SMTP id i29so1762235qaf.10 for ; Sat, 18 Feb 2012 07:05:41 -0800 (PST) Received-SPF: pass (google.com: domain of dougm.tlist@gmail.com designates 10.229.76.132 as permitted sender) client-ip=10.229.76.132; Authentication-Results: mr.google.com; spf=pass (google.com: domain of dougm.tlist@gmail.com designates 10.229.76.132 as permitted sender) smtp.mail=dougm.tlist@gmail.com; dkim=pass header.i=dougm.tlist@gmail.com Received: from mr.google.com ([10.229.76.132]) by 10.229.76.132 with SMTP id c4mr9283762qck.134.1329577541873 (num_hops = 1); Sat, 18 Feb 2012 07:05:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :in-reply-to:mime-version:content-type:content-transfer-encoding; bh=F7AxQXkyINrLSxZuRDmblTzQCxT8oAYZeIyLAcz6iYs=; b=ZJ1MWqKp8yOyssP2M1fys88+wJSF/8rd8KrI3wuN4h3WbUZ5qFAxKisRsGaoxPGPM6 /s7E/fq/QinE+N52paU6fGHvmsBF6gLD4uOYQDdTFF95wJvSQPjJpKE846h48HEJ7k6T uONlKPv1JypbAia+tq0dSodIxKgVc+Tpk7JOI= Received: by 10.229.76.132 with SMTP id c4mr7900723qck.134.1329577541727; Sat, 18 Feb 2012 07:05:41 -0800 (PST) Received: from [10.10.10.10] (c-69-255-232-152.hsd1.md.comcast.net. [69.255.232.152]) by mx.google.com with ESMTPS id o8sm33821232qan.11.2012.02.18.07.05.37 (version=SSLv3 cipher=OTHER); Sat, 18 Feb 2012 07:05:38 -0800 (PST) User-Agent: Microsoft-MacOutlook/14.10.0.110310 Date: Sat, 18 Feb 2012 10:05:34 -0500 From: Doug Montgomery To: "Murphy, Sandra" , Jay Borkenhagen Message-ID: Thread-Topic: [sidr] a hack for the next generation of rpki-based origin validation In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6089564@Hermes.columbia.ads.sparta.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Cc: sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Feb 2012 15:05:48 -0000 While I won't argue for hacking this, I do think there is a simpler realization. If you flagged a ROA such that it would not be considered in the search for a covering ROA unless it exactly matched the length of the announced prefix (i.e., a "Not aggregate ROA"). That is a simple check on step one of the validation procedure of RFC6483. That would leave the more specifics UNKNOWN. If operative policy is IGNORE INVALID, the stature of the more specifics is no different than if we had not created the not-aggregate ROA for the /8. As ROAs for the more specifics of the /8 are created, they will move the relevant more specifics from UNKNOW to either VALID or INVALID as the case may be. Not sure any of that is worth pursuing, but I do think there is another realization what is less complex/damaging that what is imagined below. dougm On 2/16/12 8:08 PM, "Murphy, Sandra" wrote: >Speaking as only a regular ol' member. > >btw: I agree with the "this is absolutely not for now" part. > >Your idea authorizes one prefix and says "more specifics are OK". > >Synopsis: It doesn't buy you much and it makes life much more complicated. > >First, saying "more specifics are OK" does not buy you much protection. > >Right now, a hijack of the /8 itself and any more specifics will succeed. > That's >2*24 possible hijacks. (Yes, I know the /25-/32 will be rejected many >places >with prefix length limits.) > >In a time and place where RPKI was being used in origin validation, if >the /8 >does not have a ROA, then a hijack of the /8 itself and any more >specifics >(not covered themselves by ROAs) will be judged UNKNOWN. That's >2*24 hijacks (max) looking UNKNOWN. > >In a time and place where RPKI was being used in origin validation, if >the /8 >does have a "more specifics are OK" ROA, then a hijack of the /8 itself >will >be INVALID and any more specifics (not covered themselves by ROAs) will >be judged UNKOWN. That's 1 attack that is INVALID and 2**24-1 attacks >that are UNKNOWN. > >That's a 1/(2**24) improvement in your security. Not that much help. > >Second, life gets a lot more complicated. > >NOTE: I am not suggesting opening a discussion of how this idea might be >improved. I am pointing to the necessary confusion that results when >there >are contradicting sorts of semantics ("more specifics ARE OK" vs "more >specifics ARE BAD"). > >As the /8 ISP starts (or its customers start) to issue ROAs for more >specifics, >it/they will want to issue the strong ROAs, the ones that protect against >more >specific hijacks as well. > >If there is a weak ROA for the /8 and a strong ROA for a /16, how do you >evaluate a route for a /24? > >If there is a strong ROA for the /16, and a weak ROA for a /20, how do >you >evaluate a route for a /24? > >Can you change a weak ROA into a strong ROA? When can you do that? >How will the change affect routing elsewhere? Etc. > >This complication of validation states was (imho) part of the >dissatisfaction >with the BOA suggestion (BOA is another case of contradicting sematics). >The wg tussled with that for several meetings in a row and eventually >gave >up the idea. Been there, done that, burned the t-shirt, etc. > >--Sandy, regular ol' member > > >________________________________________ >From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Randy >Bush [randy@psg.com] >Sent: Thursday, February 16, 2012 5:23 PM >To: Jay Borkenhagen >Cc: sidr wg list >Subject: [sidr] a hack for the next generation of rpki-based origin >validation > >jay, i sent you this a couple of months back and you said to wait. but >i hear you have raised it again, so here it is, finally leaving my emacs >edit buffer > >randy > >--- > >this is absolutely not for now, but for the next generation of the >protocols once we have some experience under our belts. i.e. something >to think about to keep you from being bored. > >an ops friend said that they have 10.0.0.0/8 with a lot of bgp customers >below it. it will take a long time to get roas out for those customers. >in the meantime they would like to protect 10.0.0.0/8 and maybe the two >/9s below it. > >i am not sure i really support this idea as it defeats the basic >protections against hole punching which we want. and it really just >supports the lazy who are unable to simply run code against their >back-end db to gen the roas. and if they don't have the back-end db, >wuzza wuzza. but here is a hack which i think could do it. > >use max-len==0 to denote marking the exact prefix/len as valid, but not >invalidating covered prefixes from other asns. i.e. issuing roas for > > 10.0.0.0/8-0 42 > 10.0.0.0/9-0 42 > 10.128.0.0/9-0 42 > >would cause the marking of the following as valid > > 10.0.0.0/8 42 > 10.0.0.0/9 42 > 10.128.0.0/9 42 > >and the following as notfound > > 10.42.0.0/24 42 > 10.42.0.0/16 666 > 10.77.0.0/24 666 > >but would cause the marking of the following as invalid > > 10.0.0.0/8 666 > 10.0.0.0/9 666 > 10.128.0.0/9 666 > >the friend realizes that 10.x.0.0/10 could be hole-punched to death. if >he wants to stop that, he should not use max-len==0. > >randy >_______________________________________________ >sidr mailing list >sidr@ietf.org >https://www.ietf.org/mailman/listinfo/sidr >_______________________________________________ >sidr mailing list >sidr@ietf.org >https://www.ietf.org/mailman/listinfo/sidr From dougm.tlist@gmail.com Sat Feb 18 07:08:51 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3DA421F84B8 for ; Sat, 18 Feb 2012 07:08:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60fST2DkMTF1 for ; Sat, 18 Feb 2012 07:08:50 -0800 (PST) Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 86F8621F84B6 for ; Sat, 18 Feb 2012 07:08:50 -0800 (PST) Received: by qan41 with SMTP id 41so4550772qan.10 for ; Sat, 18 Feb 2012 07:08:50 -0800 (PST) Received-SPF: pass (google.com: domain of dougm.tlist@gmail.com designates 10.229.136.77 as permitted sender) client-ip=10.229.136.77; Authentication-Results: mr.google.com; spf=pass (google.com: domain of dougm.tlist@gmail.com designates 10.229.136.77 as permitted sender) smtp.mail=dougm.tlist@gmail.com; dkim=pass header.i=dougm.tlist@gmail.com Received: from mr.google.com ([10.229.136.77]) by 10.229.136.77 with SMTP id q13mr9349618qct.154.1329577730144 (num_hops = 1); Sat, 18 Feb 2012 07:08:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :in-reply-to:mime-version:content-type:content-transfer-encoding; bh=P7rhITjvRQFUMYohQjlxNAdQMdFmykXohpN1kxMiRn4=; b=gm6ACSAUAYTK4q5HjLaLQMaFcCm3mnOgVaVwqe4DqoOHHxqjGRCjTC9umsX+/tp2in 5sB9BuGAnB1RH+mP8jG9yIq8lsOQeJ7or6Qpr64b2PK/+tdGUSaqBwXxeZU8ENrmbSd+ A4vkh5Xpp7INpe9rv1iqEGHdKbaHf3sdPFDuQ= Received: by 10.229.136.77 with SMTP id q13mr7959685qct.154.1329577729076; Sat, 18 Feb 2012 07:08:49 -0800 (PST) Received: from [10.10.10.10] (c-69-255-232-152.hsd1.md.comcast.net. [69.255.232.152]) by mx.google.com with ESMTPS id el3sm33828734qab.8.2012.02.18.07.08.47 (version=SSLv3 cipher=OTHER); Sat, 18 Feb 2012 07:08:48 -0800 (PST) User-Agent: Microsoft-MacOutlook/14.10.0.110310 Date: Sat, 18 Feb 2012 10:08:44 -0500 From: Doug Montgomery To: "Murphy, Sandra" , Jay Borkenhagen Message-ID: Thread-Topic: [sidr] a hack for the next generation of rpki-based origin validation In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Cc: sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Feb 2012 15:08:51 -0000 Oops ... Sorry, that was Randy's first note/idea ... Somehow that got lost when I read Sandy's description. Seems like we have been down this path. I should catch up from the bottom up of the thread, not top down. dougm On 2/18/12 10:05 AM, "Doug Montgomery" wrote: >While I won't argue for hacking this, I do think there is a simpler >realization. > >If you flagged a ROA such that it would not be considered in the search >for a covering ROA unless it exactly matched the length of the announced >prefix (i.e., a "Not aggregate ROA"). That is a simple check on step one >of the validation procedure of RFC6483. > >That would leave the more specifics UNKNOWN. > >If operative policy is IGNORE INVALID, the stature of the more specifics >is no different than if we had not created the not-aggregate ROA for the >/8. As ROAs for the more specifics of the /8 are created, they will move >the relevant more specifics from UNKNOW to either VALID or INVALID as the >case may be. > >Not sure any of that is worth pursuing, but I do think there is another >realization what is less complex/damaging that what is imagined below. > >dougm > > > > > >On 2/16/12 8:08 PM, "Murphy, Sandra" wrote: > >>Speaking as only a regular ol' member. >> >>btw: I agree with the "this is absolutely not for now" part. >> >>Your idea authorizes one prefix and says "more specifics are OK". >> >>Synopsis: It doesn't buy you much and it makes life much more >>complicated. >> >>First, saying "more specifics are OK" does not buy you much protection. >> >>Right now, a hijack of the /8 itself and any more specifics will succeed. >> That's >>2*24 possible hijacks. (Yes, I know the /25-/32 will be rejected many >>places >>with prefix length limits.) >> >>In a time and place where RPKI was being used in origin validation, if >>the /8 >>does not have a ROA, then a hijack of the /8 itself and any more >>specifics >>(not covered themselves by ROAs) will be judged UNKNOWN. That's >>2*24 hijacks (max) looking UNKNOWN. >> >>In a time and place where RPKI was being used in origin validation, if >>the /8 >>does have a "more specifics are OK" ROA, then a hijack of the /8 itself >>will >>be INVALID and any more specifics (not covered themselves by ROAs) will >>be judged UNKOWN. That's 1 attack that is INVALID and 2**24-1 attacks >>that are UNKNOWN. >> >>That's a 1/(2**24) improvement in your security. Not that much help. >> >>Second, life gets a lot more complicated. >> >>NOTE: I am not suggesting opening a discussion of how this idea might be >>improved. I am pointing to the necessary confusion that results when >>there >>are contradicting sorts of semantics ("more specifics ARE OK" vs "more >>specifics ARE BAD"). >> >>As the /8 ISP starts (or its customers start) to issue ROAs for more >>specifics, >>it/they will want to issue the strong ROAs, the ones that protect against >>more >>specific hijacks as well. >> >>If there is a weak ROA for the /8 and a strong ROA for a /16, how do you >>evaluate a route for a /24? >> >>If there is a strong ROA for the /16, and a weak ROA for a /20, how do >>you >>evaluate a route for a /24? >> >>Can you change a weak ROA into a strong ROA? When can you do that? >>How will the change affect routing elsewhere? Etc. >> >>This complication of validation states was (imho) part of the >>dissatisfaction >>with the BOA suggestion (BOA is another case of contradicting sematics). >>The wg tussled with that for several meetings in a row and eventually >>gave >>up the idea. Been there, done that, burned the t-shirt, etc. >> >>--Sandy, regular ol' member >> >> >>________________________________________ >>From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Randy >>Bush [randy@psg.com] >>Sent: Thursday, February 16, 2012 5:23 PM >>To: Jay Borkenhagen >>Cc: sidr wg list >>Subject: [sidr] a hack for the next generation of rpki-based origin >>validation >> >>jay, i sent you this a couple of months back and you said to wait. but >>i hear you have raised it again, so here it is, finally leaving my emacs >>edit buffer >> >>randy >> >>--- >> >>this is absolutely not for now, but for the next generation of the >>protocols once we have some experience under our belts. i.e. something >>to think about to keep you from being bored. >> >>an ops friend said that they have 10.0.0.0/8 with a lot of bgp customers >>below it. it will take a long time to get roas out for those customers. >>in the meantime they would like to protect 10.0.0.0/8 and maybe the two >>/9s below it. >> >>i am not sure i really support this idea as it defeats the basic >>protections against hole punching which we want. and it really just >>supports the lazy who are unable to simply run code against their >>back-end db to gen the roas. and if they don't have the back-end db, >>wuzza wuzza. but here is a hack which i think could do it. >> >>use max-len==0 to denote marking the exact prefix/len as valid, but not >>invalidating covered prefixes from other asns. i.e. issuing roas for >> >> 10.0.0.0/8-0 42 >> 10.0.0.0/9-0 42 >> 10.128.0.0/9-0 42 >> >>would cause the marking of the following as valid >> >> 10.0.0.0/8 42 >> 10.0.0.0/9 42 >> 10.128.0.0/9 42 >> >>and the following as notfound >> >> 10.42.0.0/24 42 >> 10.42.0.0/16 666 >> 10.77.0.0/24 666 >> >>but would cause the marking of the following as invalid >> >> 10.0.0.0/8 666 >> 10.0.0.0/9 666 >> 10.128.0.0/9 666 >> >>the friend realizes that 10.x.0.0/10 could be hole-punched to death. if >>he wants to stop that, he should not use max-len==0. >> >>randy >>_______________________________________________ >>sidr mailing list >>sidr@ietf.org >>https://www.ietf.org/mailman/listinfo/sidr >>_______________________________________________ >>sidr mailing list >>sidr@ietf.org >>https://www.ietf.org/mailman/listinfo/sidr > > From randy@psg.com Sat Feb 18 15:25:54 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E99B321F8562 for ; Sat, 18 Feb 2012 15:25:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.487 X-Spam-Level: X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qN6+BtKDzd74 for ; Sat, 18 Feb 2012 15:25:54 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 78FED21F855D for ; Sat, 18 Feb 2012 15:25:54 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Rytf4-000FY7-5O; Sat, 18 Feb 2012 23:25:50 +0000 Date: Sat, 18 Feb 2012 18:25:48 -0500 Message-ID: From: Randy Bush To: Doug Montgomery In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: Jay Borkenhagen , "Murphy, Sandra" , sidr wg list Subject: Re: [sidr] a hack for the next generation of rpki-based origin validation X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Feb 2012 23:25:55 -0000 > Oops ... Sorry, that was Randy's first note/idea ... Somehow that got lost > when I read Sandy's description. > > Seems like we have been down this path. > > I should catch up from the bottom up of the thread, not top down. my fault. jay had asked me a couple of months back. i composed the hack, gave to jay and a few others, but did not publish. so you got hit by a submarine job. at least there were no patents :) randy From internet-drafts@ietf.org Wed Feb 22 07:46:14 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0001821F879E; Wed, 22 Feb 2012 07:46:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.573 X-Spam-Level: X-Spam-Status: No, score=-102.573 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vmkja0IEXmea; Wed, 22 Feb 2012 07:46:13 -0800 (PST) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6D0321F8751; Wed, 22 Feb 2012 07:45:45 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.64p2 Message-ID: <20120222154545.12064.14035.idtracker@ietfa.amsl.com> Date: Wed, 22 Feb 2012 07:45:45 -0800 Cc: sidr@ietf.org Subject: [sidr] I-D Action: draft-ietf-sidr-bgpsec-threats-02.txt X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2012 15:46:14 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Secure Inter-Domain Routing Working G= roup of the IETF. Title : Threat Model for BGP Path Security Author(s) : Stephen Kent Andrew Chi Filename : draft-ietf-sidr-bgpsec-threats-02.txt Pages : 25 Date : 2012-02-22 This document describes a threat model for BGP path security (BGPSEC). It assumes the context established by the SIDR WG charter, as of April 19, 2011. The charter established two goals for the SIDR work: o Enabling an AS to verify the authorization of an origin AS to originate a specified set of prefixes o Enabling an AS to verify that the AS-PATH represented in a route matches the path travelled by the NLRI for the route The charter further mandates that SIDR build upon the Resource Public Key Infrastructure (RPKI), the first product of the WG. Consistent with the charter, this threat model includes an analysis of the RPKI, and focuses on the ability of an AS to verify the authenticity of the AS path info received in a BGP update. The model assumes that BGP path security is achieved through the application of digital signatures to AS_Path Info. The document characterizes classes of potential adversaries that are considered to be threats, and examines classes of attacks that might be launched against BGPSEC. It concludes with brief discussion of residual vulnerabilities. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-02.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-02.txt From Sandra.Murphy@sparta.com Thu Feb 23 17:23:44 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0240811E8098 for ; Thu, 23 Feb 2012 17:23:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.446 X-Spam-Level: X-Spam-Status: No, score=-102.446 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T+NNLNJVZcbp for ; Thu, 23 Feb 2012 17:23:43 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id DE87611E808A for ; Thu, 23 Feb 2012 17:23:37 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1O1NaTk013814 for ; Thu, 23 Feb 2012 19:23:36 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1O1NaNv021011 for ; Thu, 23 Feb 2012 19:23:36 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Thu, 23 Feb 2012 20:23:38 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: important upcoming dates for IETF 83 Thread-Index: Aczyku7RNcFJHJqvRQW4ypk//VJL4Q== Date: Fri, 24 Feb 2012 01:23:37 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D10DEC7@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] important upcoming dates for IETF 83 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2012 01:23:44 -0000 Here's the usual reminder of important upcoming dates for IETF 83: =952012-02-27 (Monday): Working Group Chair approval for initial document (= Version -00) submissions appreciated by 17:00 PT (UTC -8). =952012-03-02 (Friday): Final agenda to be published. =952012-03-05 (Monday): Internet Draft Cut-off for initial document (-00) s= ubmission by 17:00 PT (UTC -8), upload using IETF ID Submission Tool. =952012-03-12 (Monday): Internet Draft final submission cut-off by 17:00 PT= (UTC -7), upload using IETF ID Submission Tool. =952012-03-14 (Wednesday): Draft Working Group agendas due by 17:00 PT (UTC= -7), upload using IETF Meeting Materials Management Tool. =952012-03-16 (Friday): Early Bird registration and payment cut-off at 17:0= 0 PT (UTC -7). =952012-03-19 (Monday): Revised Working Group agendas due by 17:00 PT (UTC = -7), upload using IETF Meeting Materials Management Tool. Please send any requests for agenda topics to the list. --Sandy, speaking as wg co-chair= From danny@tcb.net Thu Feb 23 18:02:00 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3E0921F88A2 for ; Thu, 23 Feb 2012 18:02:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.687 X-Spam-Level: X-Spam-Status: No, score=-102.687 tagged_above=-999 required=5 tests=[AWL=-0.087, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UESPgyVDKzJD for ; Thu, 23 Feb 2012 18:02:00 -0800 (PST) Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by ietfa.amsl.com (Postfix) with ESMTP id 4626321F88A0 for ; Thu, 23 Feb 2012 18:02:00 -0800 (PST) Received: by dog.tcb.net (Postfix, from userid 0) id BE252268063; Thu, 23 Feb 2012 19:01:58 -0700 (MST) Received: from new-host-3.home (pool-98-118-240-226.clppva.fios.verizon.net [98.118.240.226]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; for sidr@ietf.org; Thu, 23 Feb 2012 19:01:58 -0700 (MST) (envelope-from danny@tcb.net) X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=98.118.240.226; client-port=59919; syn-fingerprint=65535:48:1:64:M1460,N,W3,N,N,T,S MacOS 10.4.8; data-bytes=0 From: Danny McPherson Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 23 Feb 2012 21:01:48 -0500 Message-Id: To: sidr wg list Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) Subject: [sidr] minutes from interim? X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2012 02:02:00 -0000 Chairs et al., Apologies if I've missed the, otherwise, when are these expected to be = available? Thanks,=20 -danny= From Sandra.Murphy@sparta.com Sat Feb 25 01:06:49 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69BE121F8607 for ; Sat, 25 Feb 2012 01:06:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.802 X-Spam-Level: X-Spam-Status: No, score=-101.802 tagged_above=-999 required=5 tests=[AWL=-0.443, BAYES_00=-2.599, SARE_LWSHORTT=1.24, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rkz7m3oDi5Ym for ; Sat, 25 Feb 2012 01:06:48 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 181DE21F853B for ; Sat, 25 Feb 2012 01:06:47 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1P96lJe024658 for ; Sat, 25 Feb 2012 03:06:47 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1P96kpi021774 for ; Sat, 25 Feb 2012 03:06:46 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Sat, 25 Feb 2012 04:06:28 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: interim meeting minutes Thread-Index: AczzmNl7BvJlM1P4SeWNbwfzJUAo2A== Date: Sat, 25 Feb 2012 09:06:26 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D113236@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] interim meeting minutes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2012 09:06:49 -0000 The interim meeting on Thu 9 Feb was an all day event. The minutes (for th= e 8 hour day) are below. Jabber logs of the meeting are at http://www.ietf.org/jabber/logs/sidr/2012-02-09.html http://www.ietf.org/jabber/logs/sidr/2012-02-10.html (No we did not talk for two days. The jabber logs are archived on UMT day = basis.) The audio archive of the meeting is at https://workgreen.webex.com/workgreen/lsr.php?AT=3Dpb&SP=3DMC&rID=3D1380780= 7&rKey=3De12be7ed72cd54ff=20 Unfortunately, technical problems meant the entire day did not get recorded= . --Sandy, speaking as co-chair Minutes Administrative trivia like minutes, jabber scribes, and volunteers, and agenda discussion 1) Replay and Freshness Sandy Murphy presented an initial set of slides about the problem. Sriram Kotikalapudi presented a set of slides with some measurements of the load to be expected from beacons. Freshness is important, it allows us to eliminate state in the system that has gotten stuck which can cause problems and security issues. However there is a non negligible cost associated with providing freshness that is proportional to how often we provide it (rate). ("We will need to act the fastest when we are hurting the most.") Cost is what router has to do to generate a beacon and what receiver has to do to detect it is a beacon and not do best path. [If a router receives updates from A and B and chooses B, then receives a new beaconed update from A, do not want to do best path decision again, do not want to propagate the beacon update further. And if the router has chosen B and receives a beacon for B, it must propagate even though the best path decision has not changed. Distinguishing beacon from original update requires retention of state.] At low rate (human rate) the cost to the operator is tolerable. Many routes are incredibly stable so having long timers is good. At higher rates (machine rates) the cost to set up, sign and verify can be extremely large depending on the number of prefix and number of upstream neighbors involved. One potential damage could be from routers that beacon too often. One possible amelioration mentioned was to change the units of the time so that even a small beacon time (scalar) would not be a burden. An alternative to beacons is to change the keys on a router, using publication in the RPKI as the means of ensuring old updates are rejected. Propagation of new router keys and revocation of the old keys through the RPKI was a concern, with the possibility of generating a sequence of keys to be pre-published in the RPKI. There exist other mechanisms using certificates validity times to choose the freshest certificate. Another mechanism mentioned was to create a new nlri to alert "please update, I have changed", akin to the DNS Notify. It was suggested that graceful restart right now gives an example of the best timing we can do now, we won't do better with beaconing. There was concern over burstiness if you have to rekey for all 400K routes that have to be reassigned for a given AS. It was pointed out that policy changes can also similarlyicause burstiness, so it's not a new thing. [There was a small segue into considerations of getting keys into router . generate on router or generate elsewhere and inject into router. Even in the generate on router case, wise to export offboard for recovery after failure. This is new conjunction of routing operations and security and may need careful consideration of how it is handled.] Brian Dickson (on jabber) suggested flooding invalidation of revoked signatures (instead of revoking keys) systemwide . not following bgp best path logic. This would make the revocation specific to one update. Reactions in the room were that this would be a brand new security mechanism and so would require special attention. Also, the semantic difference between this and a CRL was not clear, and if none, why invent a special mechanism. Brian hinted that he might create a draft for this. There was some discussion of means to ensure old keys were revoked (other than revocation in the RPKI) such as prepublishing daily keys or specially designated 'emergency keys' were discussed. Discussion considered protections possible in different attack timeframes: - long term low frequency replay attacks -- here rekeying works and is feasible. Post hoc rekeying is fine. - short term high frequency attacks that can be anticipated -- rekeying can work here too (depending on many constraints) but mainly by prepublishing keys. - short term high frequency attacks that cannot be anticipated -- rekeying cannot work. Beaconing might be the only solution but there will be high cost. There were three different levels of opinion about beaconing: For long term, low frequency, human rate protection , rpki rekeying defense is good. Beacons might be more comforting in that case but not worth the additional cost. For short term, high frequency case, beacons are too high cost. Router key change in the RPKI seems adequate in most cases but it would be good to have a second protection mechanism as a backup (eg a link has failed and traffic is being diverted) If human response is days but the automated beacons can respond in hours, may be worth it to beacon. A theme throughout this discussion was a need for understanding the threat, so we do not expend effort on the wrong problem. Threats mentioned included human scale events, like relationship change between peers, damage from immediate neighbors vs replay by intermediate, non-adjacent neighbors on the path and attacks against freshness as well as replay. Etc. The result was to suggest that the protocol document replace the discussion of beacons in the protocol specification with an indication that the working group is still considering the best approach for replay protection. 3) Route Leaks Dongting yu provided an empirical analysis of route leaks that his group followed by observing large IXPs (Internet exchange points). He was unable to explain the definition he used for "route leaks" in this study. It seemed that he was notified of an "event" by a provider and could not characterize it further (by the terms of his agreement). The study presented found that leaked prefixes were generally not originated by the leaker. Most leaks are related to the number of prefixes that passed through the concerned AS the day before and were represented as a ratio of prefixes passed on the event day to the prefixes passed the previous day. IXPs closest to the event were found to be more affected, and resulted in higher number of updates from those IXPs. Sandra Murphy talked about Route Leaks in general, and various example scenarios of potential route leaks. She also opened up the discussion to steer towards a precise definition of route leaks, detection and response actions. There was general agreement in the room that people could label the various scenarios as leak or not leak, but only by assigning semantics to the direction of connecting links. (Embedding gifs of topology graphs in the bgp protocol was easily rejected.) Those semantics are not presently carried in the bgp protocol. The scenarios included the stub customer leak between two providers that was the example in the draft noted in the sidr mailing list. It is not clear if this is the only scenario that needs to be considered. Brian Dickson (on jabber) suggested the "valley free" notion. However, a few of the scenarios were considered "leaks" but appeared "valley free". Brian amplified his suggestion in various ways, suggesting tags or new signatures on each hop, rules for judging lists of tags, stripping signatures, etc. He suggested a trust model for the approach, with both neighbors required to attest to the link tag. The room could not follow all the details and Brian offered to write it down. A couple of definitions of route leaks were discussed, but there was no general consensus in the room regarding a precise definition for a route leak. Using existing communities might catch the stub customer case, but not others. As many of these situations seem to be need an update to be restricted in propagation, use of the as-hop limit was considered. That however did not match the scenarios. Use of RPSL, or something as expressive as RPSL, was mentioned. The following were discussed: - Modify BGP to carry information for the detection of route leaks in the protocol and modify the protocol behavior to respond. Then use BGPSEC signatures to protect the new capability. - Modify BGPSec security mechanisms to include some sort of route=20 leak semantics. - Leave the protocol alone, and encourage mechanisms for detection that will work with peripherals like the routing database. Sean Turner presented some thoughts on Route leaks: He quoted some possible definitions of route leaks. He opened the discussion to whether route leak detection should be solved in BGP or BGPSec. >From the BGP viewpoint, thwarting attacks is BGPSec's problem. From the BGPSec viewpoint, BGPSEC cannot change the semantics of BGP but only secure BGP semantics. General opinion was in agreement with Russ Housley, who stated that in past efforts he found that adding new semantics/features to a security protocol instead of the protocol being secured was the wrong choice. He and many agreed felt that this problem should be presented to the IDR wg, which is where BGP is being maintained. The final consensus was that a statement of the problem should be worked out in the SIDR mailing list and sent to IDR for their consideration. Joint work with IDR to design security protections for any new feature design work they take on is likely.= From Sandra.Murphy@sparta.com Sat Feb 25 07:14:07 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C5921F8567 for ; Sat, 25 Feb 2012 07:14:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.411 X-Spam-Level: X-Spam-Status: No, score=-102.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YPu0HMNG0zto for ; Sat, 25 Feb 2012 07:13:49 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 3592421F8625 for ; Sat, 25 Feb 2012 07:13:49 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1PFDmqg026102 for ; Sat, 25 Feb 2012 09:13:48 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1PFDmsN025754 for ; Sat, 25 Feb 2012 09:13:48 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Sat, 25 Feb 2012 10:13:42 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: chance to amend interim minutes Thread-Index: Aczzz6Oh/+jqFnRFSm6E7HKP2JjFWg== Date: Sat, 25 Feb 2012 15:13:41 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D11329C@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] chance to amend interim minutes X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2012 15:14:07 -0000 For those who attended the meeting, either in person or remotely: Please send any corrections to the list. --Sandy, speaking as wg co-chair= From Sandra.Murphy@sparta.com Sun Feb 26 14:32:35 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AF2C21F8565; Sun, 26 Feb 2012 14:32:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.908 X-Spam-Level: X-Spam-Status: No, score=-100.908 tagged_above=-999 required=5 tests=[AWL=-1.323, BAYES_40=-0.185, J_CHICKENPOX_54=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JbMgv1M1zHe; Sun, 26 Feb 2012 14:32:34 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 31C4E21F8564; Sun, 26 Feb 2012 14:32:34 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1QMWSXp031856; Sun, 26 Feb 2012 16:32:28 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1QMWSdj009055; Sun, 26 Feb 2012 16:32:28 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Sun, 26 Feb 2012 17:32:10 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: attendees at interim sidr meeting 09 Feb 2012 Thread-Index: Acz00Hk2yL35EYsEQ4+azgbJ31irsA== Date: Sun, 26 Feb 2012 22:32:09 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: multipart/mixed; boundary="_002_24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5Hermescolumbiaa_" MIME-Version: 1.0 Cc: "proceedings@ietf.org" Subject: [sidr] attendees at interim sidr meeting 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2012 22:32:35 -0000 --_002_24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5Hermescolumbiaa_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It is a requirement of interim meetings that the attendees be reported to t= he list (over and above sending in the "blue sheets" [this time white in co= lor]). The registered attendees list is: Sandra Murphy Sparta, Inc. =20 Sean Turner IECA =20 Mehmet Akcin ICANN =20 Russ Housley Vigil Security, LLC =20 Douglas Montgomery NIST =20 Matt Lepinski BBN Technologies =20 Keyur Patel Cisco Systems Inc. =20 Stephen Kent BBN =20 Randy Bush internet initiative japan =20 Warren Kumari Google =20 Ed Kern Cisco Systems =20 Jeff Haas Juniper =20 Dongting Yu University of Cambridge =20 Heather Schiller Verizon =20 Eric Osterweil Johns Hopkins Taekwondo Team Instructor, Emeritus =20 Ruediger Volk Deutsche Telekom =20 Sebastian Becker Deutsche Telekom =20 Wesley George Time Warner Cable =20 Kotikalapudi Sriram NIST =20 Sam Weiler Sparta, Inc. =20 Alastair Johnson Alcatel-Lucent =20 Chris White NTT America =20 Karen O'Donoghue Internet Society =20 A scan of the blue sheets is attached. There was one person who signed the= "blue sheet" but is not on the above list: Tomofumi Okubo tomofumi.okubo@icann.org. (My apologies if I've misread the handwriting.) The jabber log reports the following joined the jabber room at some point. Paul Hoffman joins the room ndg joins the room Randy Bush joins the room ejk joins the room Sean Turner joins the room dougm.work joins the room MIchael Sinatra joins the room weiler joins the room lepinski joins the room wkumari@jabber.psg.com joins the room smb joins the room Jeffrey Haas joins the room adrianfarrel joins the room lepinski joins the room Stewart Bryant joins the room dougm.work leaves the room morrowc joins the room Karen O'Donoghue joins the room sandy joins the room Keyur Patel joins the room kvaradhan3 joins the room Jason Schiller joins the room chwhitey joins the room heather.skanks joins the room Sander Steffann joins the room Michael Elkins joins the room brian.peter.dickson joins the room Kannan V joins the room beginner0 joins the room dongtingyu joins the room asonalker joins the room Sebastian Becker joins the room Kannan Varadhan joins the room= --_002_24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5Hermescolumbiaa_ Content-Type: application/pdf; name="interimsidr.09Feb2012.bluesheet.attendeelist.pdf" Content-Description: interimsidr.09Feb2012.bluesheet.attendeelist.pdf Content-Disposition: attachment; filename="interimsidr.09Feb2012.bluesheet.attendeelist.pdf"; size=64557; creation-date="Sun, 26 Feb 2012 22:26:40 GMT"; modification-date="Sun, 26 Feb 2012 22:26:40 GMT" Content-ID: <8bb5101f-9240-4d60-b874-0b5ff349532b> Content-Transfer-Encoding: base64 JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PAovQ3JlYXRpb25EYXRlIChEOjIwMTIwMjI2MTYzMjM4 LTA1JzAwJykKL01vZERhdGUgKEQ6MjAxMjAyMjYxNjMyMzgtMDUnMDAnKQovQ3JlYXRvciAoWGVy b3ggV29ya0NlbnRyZSA3NDM1KQovUHJvZHVjZXIgKFhlcm94IFdvcmtDZW50cmUgNzQzNSkKPj4K ZW5kb2JqCjIzIDAgb2JqCjw8Ci9UeXBlIC9YT2JqZWN0Ci9TdWJ0eXBlIC9JbWFnZQovV2lkdGgg MTEwMAovSGVpZ2h0IDg1MAovQml0c1BlckNvbXBvbmVudCA4Ci9Db2xvclNwYWNlIC9EZXZpY2VH cmF5Ci9GaWx0ZXIgWy9GbGF0ZURlY29kZSAvRENURGVjb2RlXQovTGVuZ3RoIDI0IDAgUgo+Pgpz dHJlYW0KeNr6f+P/bQZnBn5+fgEBAT5+fj4g5gdhsAiYEBYUFBAQFBQWERISFBISERUGAlExERER MQkxMQkpCSlZWdX/RxjkGRgYWRnBgAEKGJmYWVjZ2Dk4ubiBCrYKMDAxMjMzsTCzsrKwAGVrgfIM LIKsQoqGjmzCgYnsSoUiRo0TF3IoO208KBp08YOKcVJREyeXmLiEpJSqmrqGppaJqZm5haWVs4ur m7uHp1dwSGhYeERkVHJKalp6RmZWcUlpWXlFZVVzS2tbe0dn16TJU6ZOmz5j5qxFi5csXbZ8xcpV mzZv2bpt+46duw4dPnL02PETJ09dunzl6rXrN27eevjo8ZOnz56/ePnq46fPX75++/7j56///xh4 0osSK30y81ITi/4fYODmYA5i8WFkFGT4f4uBA+RVe4YvVhqLuoYDWvB8G/uV9F+D36kz5e/aTP58 8srzf1HmL6z4HY/a0cfeWXP5f3+qf5HrRx9/Lpb46/+s2FUkcBSNUCTz/PbX8/mvR0NiFA0P9K8Q RcB16/UpKv0/n/1pfiM9Lc4qXaEqpMuTYcMtj6fFc+QeK6+/Ng1YEPZcpLWrAj1SOHy81hyYvLXP yPiE3L+ZSjNlT+2uzFkv0rzKw/D8xhcH/jNwyjqcjQBVkj1fqVS+szvO2/u7bg4e34UIHZnU3Lsv IbCpoHBC2TsJddmPfyIOnni0WinG9VL47+NPZzof7ZnH6PzMtfHco0irBP5deguLVqUE9P/xki5g n9fObPn60ny6ROxsR8UN5owN1Y8v2827soWmVgVHOjOtMeIzPinLV9Ujv369sx+zBPOCR13DpBE2 iihDmmxv5jzQT7zze/Kc5AvJfzQzFs060prGsJFh7uKVxy3knm/fq5Fwlz+h8E5KSkqpfK8u7XOH B6fliWN87DseT/yznyuu+HJP6XnLL8e/ngWWOyd5ih6fcThSojA1wZZZk7f5TjrbEmDHSYKBgX2B LD3CS1J5YvPLOf8ZtOgUORNPbGI6PXfhzCJHSa0Cr+ernvf8avaHybpayn9Qk58s+BcYaZSVrE9x xMXd7jlvJb8eOP/82lz0SGKQtfX843nyb2YGjcMgg73Qel/QAtbHbSxPmns+cbCr9LExPIO4J8B+ 5b8S+lTFAfZr6VTp8y+ztD+/dri0YDz7il9Zyu1rf+0N5jc8tzvSf2oahR292/uXX/7PcB1qicTr 9+/qT/xBV/VsgMrUZevqcv4zVG789/Kl32gNM4iR68u+BhmeKr75S3VH+xpkIAWJ8zvVptEnsibI PL8x0Zs+HvPgK+470n+MTj6b6B5fRq9QbHA8Zy1TZ0KfBBLE2PN7Es2bB1Akf41OhQb7j4ujWR8n UlRXZlaY51fY2Lfj/XmJR7iTtavEecvTwl++LaVP8lgS95/hvVQUFY20/GP56/l2+flVuNU0/s0Y 6p3D5QUvGH/NKfwpFTjvAf/C819EUMYq+F/R3IPLmm53TX28IvFCv/Mdgz/9gdAmVZJQ+ZPnfAdq Nb8M4dziVnkUQ8w3sPfOcx3/y7YrrwwNT7jHzQFH1Pu3Lwc0ua+YmMLabSRqsyJEy+F5m+rtwmOW jNUfz3oPRKBcVXl3QpnH4Xzhjb+adIpG5jm/hUZb9OQUcSK5ATvTDhyLnmY30/b8/roti22eX/kX QscmUr1VFO392WR88AnIQr3Ku38f93+vDqJ5K+b8D/pMxc43q849/oj/k8I/CVhjonFe8avCL3RK QRPS5/yaU6uZMayyxQQBYBeo+asIDacmghKE+AvnyFV/lXv8+gUvuAdeHegKbsdPLDxnv6f4+vty mrcOV3TkW5hJ509ztGQtntNn1fz+fr/XNMiwuOXxleev76X9yEADg+dzdcnnly9fAlvM/pXmbWFl heb7l5tsD36VXQlJtY731wdf//OFXm1xdstvKkH06UUFsBl/VaO1lybbPGZfVtxn9eX8+q26VBh9 8JRQlj3x4AM/+/6YWkcSImVBPY0rkuP1hz/D603GcxXHOOVjaJ5HNSWE1jCLqghIMHhNvtig0OQe I+C+VuOF8cl3VWmIvp384Vl0qEW7AAAAAP//AyIHhnPWk/yvXKJPAg4CNeyGW+XCk35nMp0a5g7y 502G1xCL0jrz6o355+g0YtjYV/j6PL3G1kB17jlbOiX2JQFshXc77YPplRDffzUZbjOVxff/0KuX tvr++6KzV57LPO7Ps1hOr3BcSa8CkcG4743nr+/0aoAF8RXe7LCPoleFaTi/TP3z0hE/0qD9//9N AIFMKD0KZW5kc3RyZWFtCmVuZG9iagoyNCAwIG9iagoxNzA5CmVuZG9iagoyNSAwIG9iago8PAov VHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dpZHRoIDE4ODkKL0hlaWdodCAxNTAwCi9C aXRzUGVyQ29tcG9uZW50IDEKL0ltYWdlTWFzayB0cnVlCi9GaWx0ZXIgL0pCSUcyRGVjb2RlCi9M ZW5ndGggMjYgMCBSCj4+CnN0cmVhbQoAAAAAMAEBAAAAEwAAB2EAAAXcAAAewgAAHsIAAAAAAAAB JgEB/////wAAB2EAAAXcAAAAAAAAAAAAAAP//f8C/v7+qw5iLMAVef9//3//ftLLH21QRLsO4hHx Unh4eHTiDciJLPd58tRY3WYWtUt2sy0mJbEaHoY5ShMmoSNrhbZLti2to/9vyvGhGcZyYFNfPOLj dp+QpJtRlK+a5Q+yZM+qu7SqRR6no8vSm+8dAk6yTE9me/9/jMfehf1PRWDENvpm0CJAL+8jWtxh 5pdQ7/N16p8J3FZmzijbLb2wiIHqKrCMrHZdGgIS7UuUTbk9oTNHXCE0huDLSoQ8h0qazK4+gviU g1LzmIVX3vITJj9etApHgpP6Upsbxv55Hy4qbFi6ZCVZH6BnB4WtKhIQ5gVLcGu1h64fVa/HVvxA hZr8yEsUBSUNs1Q3qw2UMflMkzovKlbaXPnl/aaVBE9nBsD8fzHputybxc4ectJVk+uA8FVJkHMR hvCkfZaYnC+7YDddbqQWHv00zw0LIYDeFvj8PgrXSmPNXAQUcOUUngrZuRGPY53bxZCC4XjUEsu+ Lm7QzJqNb0VOMRjtRsYoYYCWUJI707gKhbw+Ll21G/UCF7VfRRHtN741RJW/ZjzjYMxhOmHEesRO Xh4c2U8s9kuYKNxvaBiGy6Jb2qPQ3I9Hz4dt3/EPunwdxkXB3biTLZJcRRLy12mg2q4GJVP3cIXu 5OXZqYKxhzad08/cnuY5d2lYB3aVrZW6Za9Eas9vQb+AIux6cW/oRi1SCd8Whsz978R4EOz7BFvZ gfLTiYvOj/jK3aDtLqhvyVHlqpRDcAAm8nbqFEk/GvhQmfmXiQAhcGcbzJ/8D6FCg+rZQ/1yojSm AYT7Iy1fdyNdPBlgIZ8uSIq71pE2L0DpJnyksZEpOfowExxG/uFgbx/CmjavAsmWGQKeeOuNVpCn jYd51eoEPQwm23/0oHYnR3WjZluj4ROaumy4396s+kmF6Z2Wjm/7mlw+GxFQ3U5hCdmHZ0w4ZM85 pj5yotFDOPLB50iNUstXj6r/C1kTMuNUQignxea5083262yzZfBGF92+rWZkxHSWGgf2yCxgs2IS AZf0LwwEM5Jk7w5TSBCYd1Jci0X0hzV1yxzZaLeffH6XdQHiV1kItG1tl3wgQouapoqXhASDlyCM indhJypuu7hOgAAohV8XRp/1N7cJlxWWQPylKf0Fde3l00t5pDMu1yLci1pax565M+u+Af6ZY6TZ uzNbpQeemr0zVzctt41RdlXr4yWzDZcupL2pynMz0U+NrcdwSm6p3L6S78tzhStP0lVz8XHF6+va 6sS1j3SsJ7wKdWYyaLL6c1uqp4VXFWemX+7kso/RiD8VTWmjWItBbkhw7bEN98aVN9QDXa6KP27l ljJdhs2SnX7qdfp2X6rKecxtm8PyNg5H8eZwszckpYP/bgQ47M8jNSOFiKx2rOWaK0X0bn3Jldvt +XVycZ80kObBttXCB1PjXII6wtZeocSNz2kCfcCa77Y05HGkNGv0lKp2HRrH3NiG9kjfOj8qny7E 7h60wVVN3g3A3PobnE3N4Rj7+aJOTK1V+K5TfDcaQ3dVTG4YFB15pc/mDS/tHFS0BrqiU+GfP562 IVilHE0HjOXx8PfSza7LxiXXrOqxwsWmfuGd/yk001ockb4W0G1JNewW+7/BnZ/JSYT1Ibs7psGX LC6dt/CTCEKTSlacZ5bYRduY8Cx7Kmj3N8GcalZfc67O7BUn4gqflHE6TlRKKXgP32oUBJY1J+Xn PG/03XVHO+177Qgdi9bHFxP6eGacFU4Zx4E4TQbEfM+UJl1ONe4ecjfpKl67UWmq+A5QCHbN45I+ Z24DMCpmyDX3lnvZiRq54A800l3y/qF2ds9jwlbiQDYbjjwZl/fBF+YDcJRWDe56v0VKwfv2UHYd HOHdF4jGlu16AWrVjybVRYwGpHPRgLvSAbfpxzVwvC/oXdpA6dQssEvnOeqQytrNNmJH0zFZrQsK ZdQWLQcisKZqUyLTLd8bFvj0ry8tKJRigalLEeLfuesoFDPcXK6orFtMeiuJ9Ks3F0/oxqSLmcOb xezMd/t9LRLevBw3m42IH2SKQ2ySLH4koeHBRv9S0bGGlEfJRzfda+nku+/wd+obRgbEvnPqtoB/ D/OB17wDjmoF4vkuRx4EDpwYuBg5lLHKN7rSDDR7dxt6yJkkvGzOUTKOw5KbohrkDBZuhps9Hujw PGm0I4G0emUWhlvjkXWG0A4olvlLb6ZbuO4Kwc2He3YGLEah5K2xDj3Q30jMZ8L486lcY+3iEgFV dIaSuvEEeEF40rOjOAbCV8YqF3E3Mau3eGUHdnqnqHLnHekCcn5aL3/AIbRaPLweftE/GACehfR/ r/21ClUZ+DjvlzAoMCHoM4I+Fk7FvlqBTDpgrY3GuYDSjXAiFYIN9kXZZhJOP3+SpZLeBHJF2zje WUlf+o3sjOcvCHolEp/cYZcdMlzcjDjsQNdp9erNfCanFpUuArVudvUsLuz5t2oV+Ai3AtpXrcYk xTxZJZ005saSBcWFF09XjEtdMMWG97oUaCPlEcHQjLfK0FjtIQS4EzqBfoVd05Jl69yBuZ+hNMXS 16drS75D3VOO1OrcoBgHtAJ/BeFlWeUrnkMlNjTJncj6YhVDq8YCxeZ4Wm54rZAh+PAYBqv9RXRF ocEzbp0gX3LQ2r1kk+8jMJ1XgKLS3Ve+ZYTrX14atRWfipMSlCiTS3IeOB5WyFmmRa194gqTc2VB FQJ/rCgkK81HN/nGjvqPHW0/NhAKKgCdVyqqQRjBD0GluAbh1WX8nLMWPtsvck75o4tVErvDslfo U/pWng+6RQ5qU65cgb1XgmIRgtjdTPwgqv6GtEo/W7OsvueU7YzPfZmjINbSORxZi/c7jhyJBESA 3gXGESgtgy9WGUlLTZvvPkbx3NVnJe5bv38QHiK7OlsyZFGV4HhFQ7e8pCjFqlIklnB6zuIBVa63 Ns6tLL+IzjXN3Gs3SlNInbcpj9vH1o7qpw5rFh8v8e8LtK+X2yYM+oklzBqlVs6YjF9MBgkD2/jt egfo46JVuhq4hoA8NmtATQvbi+uX6rLnF46ivd8Yi9UbkXQBBFxv0U6QxaivCPF+VnpNLeC7BuT/ B1PJV8cexdd2gG7ZXAoMLWKet9vtfdUn89BIl+QCo7t8MFJg/QZWi68TooOtYHZD2IH5dRq3GPax S8TSQdBHPIGHuxiyw7qX89zkk+fP/Rn2qQhM7Usc9n1c95uwcvoIQwGm0Pyijsjr4q228547Vbyy nxNVpKNe2QsF5HRJli4uTNxWAUG1Mdw8Wi7+BVFoBrtHxQTMX8t59p8Dy/91l/uv6lISG9Pidoj+ ZAie5JFv4BnCJVwJOvAXiXz1i6nHiCSyEhglR52ceDDfv7s707lxLj2EBnj5d2BmzgoRvV9RRv8u FzoWakqmu32n7t9rh5rY0oJLJt+ZWqukIVay33qC4+OsWmFkCVxTM8A1eH4gUoYHwPqtgYbW3vHX uY/8gyiITzMZj5bOKgHHQvC5kXd/es645RX9ak+gfhtOP6CPGLnz/dt3+95XoPPZtRt8XCdnhew8 Oa58Gc26YHsQqmv3JfdGZ1AFvB56bGvIF0ZE9d4bc7KDrpgq4lZg8JlVCay0iCAzv+rBtquRM0Uv RCelCxXVpMGWdSo/JTnbWeLi7gbM8TGGo3/18vlc/PW+S4dOjgNlfbLLYrcDHb81YTZLOuNf0OBu mWtD/jipr9Hzwex9t7Fr4i8Y1/cYUiLJyPXJD+zL6M3yhIN99aKedjXhhChC8u0ZThxGNxrLmAKH 0bVz6ia1F9tAauPSNSnDO7vqNeiCvTvrKdo9UE0D6KsZBm+F03C60USleHH4fVM1xtwQH5fp2A+4 e5z5W5IS3WUdPkDtyt6R06SyD6sgoyJhMkjL0go7TM+ZIVfxeYzUNwr3kX8pGFyLw0grBnNSRmTO ROaqGcWdcKFpaQBCXjEFFSc7aob7z1GNpTh4OxjHtaDupBZoDIgCaPHB60phSY0YuarCkVn5xsvg zKsARaeazs5fM1Y8l0uTGfaFZAeFI8W3dAf5l/q2p4/ehJZHzYYKHZj1Rv2Tvp9VTc4E+E2hk3Xy UsZZYIVRwjVfAi7AEqHwPO48yUyd5NBzTDd/M/1kmmWof8ylNUzF/p9beA+9YhCrgt81SnNTwYcE 6WHvm0s+JWWGBaGejDdmAy2KMVS8DGZk7rLJ0+xF4aWd+iXVksp+fO1/fQ0PBKEATQKGwLh3kvjn z6XHdCztdn++RuJW2cmUfX6wOQfwLnPcnVUWEmfdrdJZaX2yxT+qybrsGXzL/4OvvtQwNOnE1xjg RPt+BlMmE7I7/l8kShDLjWz96ZoaDwV/vY55Ky+Vqgo4ruAG6ybehj95fCMG5dtC6vbRWUHUrYFx qnDp0g8I/bqo8vNYlpwsoGDT/rObEb3zebI/Uu9MBabmvWkfJ+MDhm51bZNnxjfF77UcyKgQP4H7 staIeFmYWhcsNOVTGbW3AyOMsFaahU4rD6O9+WwchzBr5hMhgaCuoQAnuvWkPPSu3xQFHAmcNTOa azyEki9fy7/uVFR7N0lqkUoqqYlogY2axG97gdRm8HgWNJHpqLRri0Ve3sYewpfJy4YLo5FBRojQ LA3rYnpULThau+cpBpfpifH3208zXs7FqR8mwAbFt5WKhxmHq11ZZsPKtd0LbZO7z5kcMdmzW6za pNzTzFgI22oVCSZzJJCjmUry6QwyDVo2suTLabyPdWgh114kca+Ueb3wBeeRVN4drKxe5PrMEijI i6T5nYYEfPCsneH7NVO/Obb4r+H3tcR3UZuAN2+oFGpNFR1HA4QUITIqNeGnXgWaJ+IiN8gS6WsS v9h3zExOMRHu5vOs4KWdPIvXHOQuXrG8dnJwsl6YScgD9vDsPabKCvC5rFeAXD97mue8jNuKhsEP MzqzWIQSPD2i4JDvzfg+Qv33MooAVn+l30yWoP1Qp/GPNL9L1hYe9Q7/YdMG01UK0/62JH1OBcwS uDdCYBJrS2BrM6Gu2eMh31boplIV5ynhyMXypbeea3JlayZe6g+eIXTSthfsBUMMH9aqnPCwRYNV +G+Ft8H+HRhvnN2Y7UKMHg2pJOGDRS8XV+19nJ15xFmWbGe4TiNXq7Y4mnp2NRgcWPpxqvRTNLME mbZKzWC5RaWMak+bu1tU0s9BNbxyAllvfJON2d+iYwC0aIGfGsILIMXcqEAP/wcLC24VuveuiCYK fovTnxxk9fRKV31KaZdOSz4xgqCFenGeefCL5CsvuFLWWxLG9fv/NVA971e4+vSTOdIoyGz+eq1Z GQtmO74mrb5l3C4KhUANgRTMU8ChH6OdrRnN00Bja4Gx0l/v2Tgick7+IgvxbbvuWn+OvBHqBOtH jRz79+EVPijMdcmNXXMMrWLJkJh4OvYEGKh0Dkl+/Nf09lopQrAWzqqu8NBzB9jlZ60I+ZGNd2EY NueURacnQsuhPxKe9CGL1gGwQvSdVRWbNVTdTu2trrpYCINFoO14CdSo47zLKPSXFlq0uOC79UTE Xpc3qxv6AVsCQodD95atiePuYDE5QOU7OYJxVDrqVkwdTnYiGmDxmogxpZ4AgBEEXE/7geektl9T H2A23pOpu8koDYvS+kArblFjdlawd7r0hDveyWbmc8J34xvO3mj00WH9Nnb/TaTedMyW62BC4fJF q8PZPBSKop69jmGBYsGxCpn1CHmBN7paWRXhtOFTpPxZ8mvFyCGR0toMJYj7lPlUQCEQO7n3Wxr0 DxuqTf8Y4VYGz2UNQ44PA+ug9mc8xWsiLGahm8GeuZMWZXT+JsbRrBSJToG9xYRzwtie1lGTV9Kf xzKeXittlbuPfLbJGRHnID7wVP25hqe5M3bRxDjO/Kzy2Sc6WuKFZRfcDP7tJXJy+eXQu/jHZI48 8qb3pmBQBnz/FiXKuIm49tjvzS/q8d+7spZp7TcqDFdtcI41KJCzdZHz51JWArXpGi0wKzqmu9CJ /EDmXRMU8LUcDuQ912LzQqwAcZ8D+WfKd8Wh06FUEEcSMIw1KxawiUuuxS1ajB1Vniu5W3k9zAiY n66iMc1NbO9qYbCUeK9YYZ/Lf7J6HeE9wLWQ6vwpL1ebmy7r5X6/e8+ohAjHAF1U7P07zLbEu/cH ZB78Xq/VsWM4bT9F3P4Th/2ebtZj4urzNY2UHCCjbTsG1ivhQKEAfSg0gsqqUvA5hjmgy2gNaqTb HzGXZu9upfOmK1ltYMW5TsFHGPJJKZjkex47hAF0614eTL9bB0nrnv0/uGEkAala4vN/PnFE6TPq bRF2mcwctrNnysam8NIFaL+1mOETDJR+73MXAkqPYuFUipn5tjKnDwdwJojtAVwBOEDl9GnkH6LM Re56auIGaA8xd4dp1fJ3UoIZYwBtL1skaqmleS3Tl/S842/YhWn3Gou3WT2359NiDk0Vhnb/I9M8 3IsVEkCyHsrGeHer5V6+NXlltAui1LN/SGZRxyw3IDSF2eO9BAopAB5vge9a2LFwi0sfVdj0Qn+U rVs+0l5OKjlej1md8SR/ufmr1+0cfSzWx0NxH3pJYeEJoo41mjQtD+LNFAIOBFGSpIhZhN+rSNlG QQLkHv9563gIB+bg4/jR9lDsALtfHszFrDoV7zO6uEAv6WMnDt0qPuiiRlEaZlf5LYxVJAdRpVmX foE5yg9hFCv1LaKN1vZVnpkpFjyDVj0qu6JVw0Jo0cdRTE20bJuCbiSsxvDx4dC3jrIQ+aH+RaVq y7qQKjeLFeVW6zd6UatoeWpiFuJBD31091cQOxOcktzqXTlq9nxJ/H5+JdDhfJmlLlf5lfBgtS6K aemCau/L5O4O5nUuw/DiZ2QLnOM3tiEuoXuLvqP6XRpTKy8wbtEfqGDT2qEh7rqeX5itRs0hs7UD Khx3QiHHypLdYQ2pmU6IVKJyK4IcLyfA2fkKSnbEGI39ma6IC5o1WE5DfKu738/ZTO+4qbi/LFUZ KIh6uOkY4VVUJGyx81s/gPVEJi6ZOy4t9SfzDhVtOycWz1twlzCKAqNwq37+fQPf2PEpFityLGud r3ug0AM4RsvfH0LuLVbGAOBC2vjYC5wKDvzoFZGT+F2GR9YRLwhs2x2joELcHy1S84gnOWvpfgXS BOfth20NNmJEK3a8LeTPAv1gqwEsu4u9O3iEg9QfmQPSRBiZDQgz3v87B4YXWHtpLuErPyMJloXK oSHcv6hWddj0KVaEk8xAnsHKzhq4wLziN5eZGAcUt3anxI8Nzu6bHg1dQDo1KaAj8B4mKJKYmOlj Naubqlmxxbv6TkLH+5lQDUnr/unU5cSe/3FDmUwsOXUH3XYFIBSO0+R5OHCrBm59+3smDJx8SPv6 AlIjxSv5/eiMWNbKjq+ocyFAOfX5AwqN1IzFiv2fhAf57EHL3GOlRxGR+SGX/F7fGQt3aYP0y/Dr RnauBO7N75eNNKGIC5FjjHM3tBo3KUoG7LOmBb+pz2aKEfMyGlCljkMENFe8fC+AUNePTY1aS6O1 gQQ6wmV5pCPNSFQNCoWQxyDm2rZREwkSQAPLbjvXfmTqYuTEhcxpANEAidkmfELcz7TJIPsDC8bo bpKaB9Mu9tv1vhKcT83ic97elSart3FjkhtcdeE/0B0adr+jQmmwkJfjeK+t+4XwrSLLqiIljPkj cq9jpxW3OglXJHMQ+NVB5DsZNbyPcZ35QU0dGMZmpGfFclbzMv9ZxxuFx8oxTPHwK6feyQ7nd+bc fu26XkuJ7dF/E7tCZaoAHYoFUTJ+2ATjWT3oH7EJQOwoSzrs4ea51KsAl0jiJJr6Qw5vYZ1ZaH76 CcJIAE3kcrG+9S4W1LBOgZYvY8Zyoq+DtGdzjYwHQtcMRjir8wFh3SVMjwYZsG2Nmn0+vK2BXQgw RJpaQD4JeeBnaZ/aF40+fyfBkftpGmNV/Lo/88pWhHenasXRf4voU2dxaM7RiJNOgMWJRsRdG+Hc FDX4KU/IDhG12DTRhjzN/BXki3bynfapmooM64Q3pvHZ4wk9cUgufFPVodYvirZNa3u2aLXB/Xo5 aOTxlTcf8EbTIlMyQJkqVfuIFjr+D3vzWire66diWywjEIdVmoiTrgb3VyxlP1SIaSIulOuDkZo1 LpEFQRZaV6sTzGFfy/ZFcabUQxeDcCpMn1kq5+KHBR/vyKZ5Mxcm0Mmjf5/+TDN1F0Ijq6xjza99 O4cCitvAS2V6KBHw6/5HjkyhH9LC60Ddbn+U1WrrT+xp7Bt6c29VzNSb5bR5QCf4qN5U9EDoemBi 5F87DSl2W+z/MNEmygyR2nZwnnrWY/ecEjNkhGTdcHUszksgUnuHHrLnxUTTGcR/ZGaiFK4eSNk7 BQKVMNjR82yEkISLgEeTecP4R14msoX6j92FRqG3z85TpZuIJneHKNu+iK7VQzpXWM3K5ZFNbYJu KSOxFEjp0sNrzWT6MgApvAQkUnkrnFrWNTtxdjlwt+oi48P3SunkV4hSi6llPC78RHQ01TK9nwDl 8r6p73I5cTDIEwpaEpT2tPtrH4jw6xLVfBt2z8hA4RuzxTvjJiZetXqHbnYN2ZvcqkgLsNVRq2tq utV/kXKE/QcvL9Ii4g2qtL9Qghkg9GoH7QBM5xOwjLQAgHYMmf314mN8jcOJsU47BrySZH1KbKeg MXp+0DD8uMgzkx0IFElhRIcYSMMKPYjOMhK4VIc/T+y3wZU/Mwxw5Jrn7R2FPoWGrxDh3p0WkDB0 9K+LclkmTZ5Gu9BSaPauFDEMCjplrL8zB17SVJljCLast62+dxOddaTULJj7cSQvfmMp58LKxLNn gMuXBUtqlqKFBKpwvgmbuUOHVJhBT0CHdVN+7WQADcWr6AN5YVbWAW5WI0Tsl2OjAME67f9oeqvH r1gKOl1YpXHuAv79GGseBb6BSHLBZyG+E/nBBlm2ZZxTJTJuhce1lkQCinJh47fLC3Lrzo2jPOzS G6swPMSz+qMPv28NQLuf73HlgcvfwtVRklxBLWASOOLnI42Tkb8c54iwLQuRbZG4m7Aj+Zlm2U2E eiXW3YVyG/ENsX8DHiD2GfVWS8QLexu43NW4pFj6GUgsQ4ISps8SqzguJy65247JAAoQw1iGD80J AToXzlr2gyuaupgh5LrFM9gQapwALhqcgH+cyUy6iikhgiOsfMiDPC1Dd7nGIPs+7/RKBWs2EqlC t4NskbRWdsa18AMu4lScrrPN7Jl7F5hbpQ/1mhF7kw86DTF+tsG98qDaDPSNaRX1zvkhgatwe87u RM8u4/nOdQob1fm2cW7H0bGpNlqPOX7wywC/s7Clw6YXA2iWKVM5Yr39RPYl2yTcUTCW3gU7TDUw Tq0hhyW/aY1emxsJlJIrYjUb2mTqzwX+2zvqhH5EadOkLnrzoEmEmmPTWYFnaGMP/za4IEj16UFd sNUwb/0nc5slybpRMwa0j0ZuSF6THBdsOtKmzFvtTQJdFC0SNo/ZM5NZqWvSpAgMc2O3xfqJ6O06 xPTgxUiK/j6TVh9NH0vxXnwtMmKG6ffTK1EIS2HRLRwG7nUUEFCHPkL7htMaX1QchUKHEz+ejO0y KOMnesunPSo5LOI8GakryPMbrJ2YffHWgnq8pIFHdT5r7k1dEPVsSrUdiVEoJXCTPqcxw+C8A0Qi dD03RSPfw1Aly3hXJDp7dFIi06CN466UuluE0aVhlTNMdRZ11qdADlaehNICfj4dzVjJfjkKV+Rw voH/C2d+/FEPVI1bTBgEWYuLJ+jCj4rG6Cq2QkapZgsmbxLKeRO91Jpn7W1xXCWoPhqlkFtFkGa7 QZnitRD+GdH7+jo0AwMYYBFpsF8Jemq7nsdCZaGAJpiiMdhpeTacLi6Upjgx2xM+mJbOb1BBKQY5 uxv7Lycsruouo2REjWfYPOGHCTtlN7OW4gqitSbI4oWM6Sh2tErBUSQLwuO45xZwx1b5Wzlr1O4Q jv+ElzqepfNboxI4Uk/g6N2GNJIErHoAnhzrpAAWhwMstYvHNeL06NJg3ZgzcAsab0HNFNDiz1Gx 3OgIlAJEOHUlkt53ZwfuLvBtKI6LKRAJXRtIpxBGl2CI0VpJuhmGBfmRXS6kEZ2G80wIO7ZDqSmC w1wuN8ngfW/kELCzQKF8UKMAbNFo9/4IJoCY2ulC30lEUalzrPpYI9DhpOMoT4h5XQE0qWmqInpK QcYBOMo4jhDM1ZhsuTGekJkzKgTg93eQuEzN1gJ3ncWhnp1G5iOrNE0GSxLw5Yh+MzVlEStssuIR Ipizymz1bGiaCpxdny1XhuRECBb1ff9mlGfhXbGiC2sTvTXpYNBZF2DRHXwCT/Wa+WEJywpVrCoe R4xfW3Ca1DHfEeZnRx7R8bUznPYbcbZLbum5YkLm8dpCEp4v1tXKIY6UNzCe+XmFm/miqkqIDLgB d90crv9w+FAXcDU1ZbVXfEplKSLnJlw3HuYbr9ThrmghM0z+Q9VMSRxh5eLjqHqNPLECcJIgvDTw 1FzrsB++LRyTARNt2kdc/JO6w+s6zCBMwAw0BkQ9DbsPy3jsTH+o/2jrODY9D46+NlP0UBTxwXk+ PRamjoRkSYn1jHH+fRcmSMU9gj4Fe1vBFV1uCirQoAIftT2EP+EoFcelDi3eq16YCaObihFYHrFI k7W3vaeNgfO10tYaIikvetPiFNw9qkia6qJW34f2FQ3Q/qU38O9cAtIioe2HIGDB/H2m1MJnCvkP jPZfFVvTWnQmhKYWbCajuxgy3z4zliM+mREkO/BtG74JyiWiusyO5WEYwhNgjO8UC0zlrxSJHOKO iWIH2K9fYqcA/11LyuvYg4v+ofl3xNph0tRHZ0/04WayDdNK+WSs7XRppQTlzJ/U941D0497veMP 6MjTS1K/IgCbtkxjfjRIQVenA8C3yPtVY2p8bIjSCc2f3IpX2EPrN6PDfJL42zT/ERwjMGRAbO/Z PEi0WI5D2ZOWuwsBh2S7ZFVFcDV7c/lwJxmyXbBLFmgY9QdkUvRzQRV+03j4UlCX6qHt3SgtUMTx fEIJwOoltxVnII8YqfCxTCkKPoHE2y+srfkNwTc1Tr+QBSwqUT/VEi9WCPLj9nq+KAeNUxDhQsHQ E+EFA4251IBwg7rZBUcUjIgYyJS+gLsXYBMDAt9US5yHMAE3WFVMpp2fZKuX97uxCmFOsJ2ua6L5 pC5SXyBHNQ4gkCV4fTqWgUlOEAiHFoQVem12rrORewjM5+75rL2Yj1gqT3Z08c7hpssAKsSK1o+V C1jKOhQw0ato1iaP8SGHqJAoJY3xDimcOq3AFeWvKsDqhqsf00NsOIzwp8T0DoTYxR0c645tBqR2 IJd8h6e2AoKcc/LMI3Unht6UKPPYEvLRtbiqtBP1hLHl2IF+ki0mPHDuVgrlwBBk7Eex2+KTcleB BKBrO3DYz20mFrdFt3MCvTAKu7OEUuZZ1zgiBhYe3Sxrv2ORdBdrurfckybSYrw1qpJgMU8+HLVG VhoN9uHN1bmbZmttJKO34VMSAdij6QkTeTgzSq3QErpr8Vo3V1Y8/2s04oMC9UYJGkald66ws93j iCIDDO5e9rzByZvveEPALSsVQKK5YUpTySu86aP3g9GcFwRHTpS5KQtWwU1Cdo/Nm5WvivjTiTJ2 a0zo1qLaIvwK0/ZuAeFRqRXVMUWsu0S5GElGVjtcVJMBO7kWi0AptDbOUMRffAU3HvOwgHwYoC6D q3vtdAkhvPivyWa2oWic9XPLTvbtQ/rU0hIHiRQ7ZavhjTKy6woUBWgMsE5ejdKeXH20Qpcgm/sw ZvXVPrXgj/HGHzBmuVft3wtenZWTvJ+DgMxDBNww1uGU7HJo8ewj8Dz3TVj5FeEWXy4488Tcoodd P1LR8BpjOa2ZZK1rwmbe55N+xLqxVG2VN6Q2WVPXJ+0gLxtADh1J+57mNy+Pg857myYBH/Aou7EB gwJGbmeqVKQHRptKp1BdoBhSCT25y6tzUIs461uG0O1eZh5yGRZJfUydeu9AbThBDYgWv3hmnF/7 Y93OW0CXH42ozu9YyuHHwQqi2L7YPqXBDYMJ6btCQhrdgZvDM1KoYrmn7o1EJaaGkMqEH29fIrtx 2pW+UECb/usCTh/ZsrX3mOANdoS8ufyorgHQgIP/hQBiaWX8d5BXO5oDmXmzIRMY7wjAt/DyOf5D x61hCBI3SaqxKdINau8/r4wvqu8TG+cTe2qm7+ImqoyR5wpln0JsUMwMwK1/yq/isgpCii+rvYjn zTmjyfwJdLOLYBhrSS2Vwwy11GRU6PZixaVGvEXshAMqGj9XEaCmCTbBnMcbjoipu/3sIJkCiFGd tOrMHMrgkL8HD5dWJb1WXbtMibxBrwAvg5oa+7TIxoovgWM7PQsS5g1mRqqR0aEPMhLNGQVMk3JB sHysWoU1CseI+pDHQrGIx5j0LMItrpJB8Sfp0S5z6ZYBazx+/CVaIr/iyAAsnUrpmK8l4yJvSSY+ xMF+VcKJU0ICR5GTDXOzFdwF4E7ydBgTp32Pvec+4ImJ3dMWRltedDmEjQkTGElRQchf+pIG6pG0 dtBmySXeFXb/IKrpTtr6AWSk+6E2Ywh7xkJlQD8ciojNBlSmGl7YGtatokM7CHm9YSBBGohAnyJe BA4FJdhNDXaAmpE3csIPIz0Te+49V8djluk0rXtBJslRN5CDZhv0/HuddfUz6+DKmS8DmV/0j3b+ eEp7fT0LSnkr4mfRQtxJGWYyW6Lh7nuH97JDEaF2H5kla+V7SUJgOtIqES0UaQ9VHxkWQx0lxKz+ JD+ecV/gefOW4IX/SyCJs8DKkII/6cNTLwPsUVd88pFvlxn2CQmJcjYyn0XSmv9UgxgLtazSCH59 503o3TemyETTLH5BPwf1FYB/B1tFeuj4awVA3PXV4/HI91U2JiU3cqPPnF89bywslU70wFtNpsKq SpNd/omYONdWBUlbTen4Sz84s0t12VbsAuBSmrfOFx9OghrY1gV2aHCJWWHZS4u4D3gW9XIsN2Lq 1i6MphDbxuS/KY3lU02zWVEgmN/yhsUA4W3hL89b3jO6Cl/A361Ae5ACtBJVj5EnD45a9Rh/23dS /HcaKOu0vRTrGeokpVaKl88PO4C98c1vLeo6zmIDuc8rlAqZTWksw0uErzQtKyJEkzA8LWMh7HwD LP9Bpf7N6uE57Ol+qgLn2svLWIF5Gt/QxA0oM1w6mIJziW7FQKO2ckbo87dy7pHbylTF8Sy2LeJB FLarODB+IoqQPnT7RjaoRoG2MMNORSw/UNS5Pi94Ho2RwqG/ppuf+h9igFkOVQ2wzms/lkwF2Pa8 pw7EqvLJldS0Urtvi8Ie0g+lRiHUXykp884Ihls+L3cco6tLjMz9PBWhc1V/2P357YMTRyeExFjn tPV+jbd8aIbH3PEWfQoeFotDYqOx5oOIUbOVKGJakqfFh7tGbupLsYFMeRNmzzQ3l2OH3sCLwCMo Hvyg1bI7VIIO0ncjgBLYdQ6fBBpwD8tQB1Zi+LLYA+wN1UgfPtnq+zhSpCnS52ITrfXEVxWOpEiO SnvCmbEtC2CnzD/oxQlc7KoN78dg2osBTBy2FIEDGgQ8wRnJ5EizmVrr/3MEnJQ7z7LOVMKBuaHW VgwPjF4+bMATfOjis4KWq/glH6FbHLw7zQSOykNRVYO8JttK9v2q6jtytFoioN3SQZBPSoH91U66 h2fmm02iMP0oRKBmc5lcffFGZZhK6ZB1kxGEYieRnPxmsCjLdJl21sAy+PMJweuNJAs6uawWf25h dsjyMimjT0jK7f4oR9J2X+eaMIzZ7PXzrgE8emrxZevqBTovm4rmBO3Xoaca61iLdDHZbiopZYqf qKSUfo1XoG704epqYtdW4MixNryRQEV8MQj6M6sLoQP/YlrD8tOAvideWct+dJ5LkXt3D8R8WMOt J1yOyHtrludwdSPTl+P7tb1G4ZG3W7ui0WKvL4Yc+aErgxTcZTpHGSX5ZSsNRHBRo3CbuhdGDveD VZiIhliwk5QdADGr7ovD/Rj5IdlTOXDySclHyZffx4A9LAayhA4usDdx9fAtcnYojM8vV5EEglW5 9h8ep8AMjXSPN/AdJDFGwQxT2FHNCrRJY/1KPhBitLss701vl88UMi3AvmlZXMT0E0jsojLPUAXW 3HgqQ4Y64X6iQMIN+65n+Yz5JRocfwyhmGBaXsyI7kUAkOUPL7ci+OI3XaUOPK9iSgfwRqiDATxl fEDsSbAzSljyy+qdpk4Qu9nPpPkn2h5q1oNF3UbxC1+421GIrQLSTn0C94hWbNaoj75H11MGnUIg EjzFw/jARXiCYFU0hJS+OrzmqOHbFC4BiKTFGo54ebXnjr/Q622/KFOoLyZp5pdTmB2k/jvXcNXf LRkTktre/pj3Kn1eIPi+zJIV9IKD+rOUHK5nHwvQ9zz/HrwRxuycb93+4aLsr2iZuiwFfZIt3ayH QVghdtwWeBdBvLQxVaesMnE/kO0xKA1VmH1Os7ZtoEwm/QxavPdN39bIE+O/ACAFnkmP8R1KitkL tsFDjoy27YYLpy0UH7re9OrrtWG7m3ffQl00I6pNdOaJqEKhM3E7iDFETktLkHd/CIahvJGj2rGv dakx9/LtTH3Lw70fA+KCAQbxtb2xC+QGfvdZSV4ZuLSRImlZeLkkbeUIJhP9g4wIHTt10WK/lH8H HZ4xA2XfWQlJ/spubSTKi9gZ9SNRhQo8WJIxvM8+mNBzAc81TchXqfDQJnAiwhHna47IblwMGMwu HV/xfLXbsLlxvUmClUzfW2yLhsu1709/U2I2B1wUW1eIElZ4oDlO7TuMphBH+u6EwTkRsLLTnjjr PM/GU4SmXmbO6LvdpFzZpxqEDXH9lTBacPdkO3+Z6sFKpshNZcAndzIhJ9yGqV3QH2FyGh+Ln3ZG HaBW+L1Db4eYkYeIQn1BBlL4hpVxTiDK+rNKMFEGl1JOo7/bRcrXbwOt+96PQwBBsB9xajSZPXm2 Gy9uHhr/H6uZMoDcCHnwDOolvrHeQ+jB4mpBHd676/KjvKnUHqzGj3qJAotaE5IGJ3GU4xR2bgaa 6CfKkFo/hiBu9Han5GR1HVLUBrcnqrqMAbgHv9M8b+JFHceh8CMyphYKZ6glXnnL51Czeh16gte/ FKFQiJuwq5K+pgRUpuslHdhnc2NBqGsdJ7Zd+TxlGi0EmAO40O78r/TKgxUI0GiBnZuWBl3FTlaM JD037SnvGARv0/lDbL5gqNLAN+YpB5bPce/IUfCdzy9gO5eY5EjwesAutl/V8hzpkg4g69UHsIwr ia/Y5TzXG3hboeJE1m4J54nSaz/M1uUB5U7WWBkrZ1D4J8WqQp5EuPPStHpWkgj4N5ZoBAHDnwQf qtQJaMUsmtpKISa6GRtrn+NlWXkkOEM1YYAuEZB9KXYQRbl7uMp5fZKfjjW3YjX7fINV8O1s4kFQ X4w4bjpD8GS+6PGm63Zs/0gXrCgeKBThXI6d9cP/ZJ0uHWPlAd18/mOQqBucsWj1893l82mhJ8An WNWzfM1ll3RFeg3+n2qTvQybh4Bw7tWAoKX7dOMdhdKMur1FE0Ler3rZDImnmoiWOyqUgWXnGp7Q xP3jU10Ysbv3R9eKgVmGjDmseL/q/tjOFp9A4PKDB7R9GNWzbMiEhkONIs5NQq/ITZUgPnJozv8r jzKgZUtB6qHs+7cfuA5a88KhmwQKSMJYtJ1rIlvFq2F/rw3udLw2NLF/1GhM24+bK0OeXFGUH5EJ HEEXhuIW6vJ9+TxoYl6GhzfT7RffPcQe50SKFszk27b69htg+H1L+EhF0kuNNidSPLFCQTFESJnx wj61qj+x9joCpiMp2VkNYIlY8HFQ9fXqRW3XRS9VPjWp5bxaI0zx0VK8Sm1OfretNi6uq3fHSBE2 JiuK8xq5Irm8Y9OwFdiI0FVmj4Vto7xZ3fFic5DiOD981qabkEPWlcQrkp188QO9qpZIs7gs7582 BvRkseYIYbgQRCCXHjArxmdO+Xumzo+QYo8rLz5Clg/4uZc30AX82tWsVeAOgph5dYN3Sppds6I4 vIlIh1nA7Ucfv8EezglK8ju1EMCTSXb+eLoiWE8+GgLpeB5tc3xvN7/WTyvEkHBwGgDsZyjaW/vr 8GOpDoLincB7PHhmeLBnNrM6/Ux51e32SiRh1qcx1tf+CuJ1wWPopw8/MXRuqSk8G2gUguk/p7oU aBgHIvMhkkNeYL8N6ro/4swaQsVhWeLvNrDQS2NsUDObceNFsPd+mFpFd8sw33QnDx4yjeTRtHXw Yyn1jv9FDrnFpKshsrPU5yz3mWyur4ZDM0ueKkJ9g3tufAfTsF3FHr7VWmc9Rscz9FmAUq1CZmfY K1RKyFOXWm3LkiFw4SCmr2xXe/yBqeRTUW0kuPnwUO8PECTTh1zEm5liFNmoUUxbGPOEctCvueW6 OKB9Dknmyu9ht5yKC2biuzlrUS0LdfJfnx7HoaR0sAKBzU4ne/xHUfGgTPnwpapZceTkMghTFWTV 7oIv31tr72v4DFMSw9zsXwPTHOfa8qhqBIn6LUCppohZMrp9SGNquFES2n+46e8zRbLCMT6zdVFy l17jBBbUBL+IJImRy7E5HEOf57m1Le8x95xP5I04ntv0DlPNNZKjT2fgDStDIjTGtG0rjDkIhA/V 0JXJnYyt8uP/KsadMPh+Z9MDcITOqYaLXC64+YkzTTrC9OnMoATxYCkFKr8zZ4DxwgBvGYsacg3w x17bccmgaFGTytSRFFZ+cumiWUqT6bt4lpoT3oENJDhQN22mbL/AjqL1TV2GVd9zGOMxDy0Sdbqi 3oSgwzcXP0Iq5MRPECrp5E+QGyHSWfnWfU1MvNZ6AgWdgQwaMnR4x7N048trBVOZTTvF91kMGvYN pejEJmNGoASQXYqsG2m76ZtMxHjL7HGNYIqZndNxQXcnzq+W/GzZXWFfG59i9NgAd2+wTZGpmRox 8PX7gVC33BvvIvYMQKPI/JwOju3N7cq/U9osWJQzUeKZZcF1fMaN+5ZRVn+Sb/1qLu8SAXhU3Syv TRcpufoVfWtg1c4H4QLkLWc8aGXLWRXSCcq4yrS/u4myGIiMzceh4bQULT9r92btf+YPJb8gKG+1 29H7177stozbQFdqsOD2GyjwJvStb3lPjyH551ySSr18RUd1Zoc1bjhHNUp3RTa8M9PctZGJ3MoJ 2rH+18Gp0kEYSJoW20iWnZ38fnrUwZx6dG+ZQtZwRpzssMOnv7C6FykI0gcKNIxNlFw9UBJCSqC4 3fkmAvTWpxh7gNIsv8vOgPqJRsvclb1CMy1NKu3vOLNgbwFEH0w72Hm/6ICmlHrydNjvAv8cw8Ih 7Jo7AwhDUro/EmbLeCAYtFp/0Ww7tODI1/GaqP9ooFBTOo1pLJk09VRX/ObKNRDqv3JQBsPBW57G /PqPj3m64uDTPfcus/krGa7cxE9ycbj37RVwWCB3jvQsK3Rru7nm7Qyvosf6j/Nt/omKeH+4A9Le zkZh17j2pH1RGD27Wb79kiQ+EahNWybfxBQeQt8hZKHePz7GUP6xoOwoIOA3Nfg60MytJB2tc/5G sioRn7+tui5PGsWjlXcxfHuHO0+Q7/xjfNLdtaTQ5GLvkwdsyMfUwP4RkSYZNuUESzdpLF3638Zu 6N9fxGfQgcPESnrS5EtvvcBL6486ttpMINTAH1QRU8HARll4Pco70YeH1D7CTWC2no4n8cjl5zKg KJc02JZBENrUrZUjbpoeyXxdDAVTAkFRmXpdQm1DgBM2XMdXCR1tsA8a5K/1FVn474wNdf9Rq0Mg u9vnjg4D7FUT4QGgWNgM4Y/tWZRRSHjZ9bHD7l+GJle7Cuj1ToYtOGOnfptmBM6LT8/8epoCtr9E ZpMbgupKDohERc1LtFsUqJu0x9HI9NCqLXSk6nA/zlQJzqRKCrD1ID4at/g+WSeLiKg6t6xKp4x9 mSrWRuv5tCGCbpS27bOENK+WZPV9BaiAzq4rZ+WRTTjg6FAiesrIB1Xm2BTPPS4apeIk2bJG7v2t KJCJJUq9USqW2Vn5TvtqlwuXNbI2YGgdVjEgo4Z+A4mMSxE/x+Q31lsy6zZL/zA8TgaUJ2kX+JR1 mX2YsFfaRydjgw+WTGqKWfkhYP1HkmpXt2GJZjCxUVo1+qkx1CLG/DrDLZu2F24W5ea4heNABsMU PtPfsfpOdsRtsWY+GSq0FdyLz8KjYXRHZdwvyGfkz3Z+tfgbBShRppqZqSQLOk/lvmiy0gKKfNL6 7RNL+MWXrcT9YcT+HXrVSkntqejUF7H6i3pCYtjGcW2qSb4TsisZ5fZRNMT2Qu/9+4hgx0G18CgE +QZV0kS4Qx+U5J1iTxlwR17FDoRb9YCtYr7YwnM7BiDqnjU8PRv6EG5Zymh/POjFal9+A8nFr7wo el+I1Wpn6C5kpO/BTT/729lwf4Bt7vLD4HlcvyzPvYEDzBWRYGmRcnGyXyuB2RZd8/qxUg6I6VJS iCEjmtgjzSkiUeCYcikEND3SBZfbUMzC7mGGHHkM/tB6TpOh/gx6ril9BP9alz6aa9J/hSE4WYph s0P+gqBRIIUlv6HCBILit/9mH0h/ORlznvvwZycZORCYuW1wXlw+GJcTnFwB62mRTDGHRl+BAhMb yxPQfvCjXtKE9QRtliZ+8vILCXj16YEj/hyuh9G36qj8Gri40IN32mjTPF7q9p9TY7VceJxTRkWC QThNZF/jdMbU4izv9MylQljLp1adTK1qdIYw8X/xd7A9Gr+nr4+6rVwUCf8IjBjRixvpRqGPDOAu IAq3rqafFj0MuMG0U+74MUtPMCLT3QjRk9CpXHRqBShnsZlxCxmf2M5Ga1+hporg9rtbhittOGof SfjQsjnGcuILfm5+WLDwULuMcP59g2tRdVM70itOYHp2IVRwmOi3mwFNew9zFtOIVYya+qCm8e4s UbIlAI4WR8cw6fk7Eh3vjEelxZd7lzIsVSpJThlni3QUYaFDs3AldbavRCx8HZLxjfIgXA94CJyY 14XP/zmQoVPB75cfu99xGRrvoF+BOV85KFJt/T2REZ/tmCKkLWCZiDf8TkkiDhwswq+rjI1ZB6lo yotoDtgrr9+78ezvU1XdGVqNmFTyw8i2CMrCmZt4My7lFdabu2swE16US+TEHwpDeBqjdkUQ2+Nv AWqaxbCfufufsmilP7VChXDIjuaOsSn045qqOZrBSFtDsyxSctxI8TPXrC+SynqTcVThfxVk+kga ElOsYaMkAWVBC3Jhi5gh685kICuPzGTdQmpIVFwLBZlc3hYVwrqEU6dJ+697E5WXvh3BgCVNk91H I9hkf8jdcbtiUsJQINWBx9qGLKl4G9E46tkaxg03waP9QwSk356aIoUF1HhL/ZJOz4WzGwnpt13v bzcs8CjxBZwDLgdEUMLzc9i/j60LPZqQiaVqOAyBZZe1FdtOR3kLjq6sNiWRhg8RVH/qbLcHDRP1 accisvX2esmb0Y536gHDKlWJd7EjfDtSBg/iQVFwRTDcbAIG3aMkOQHO7Ggo0PCXuE7hLARO+ztw tLCzGI7T/wRIu3clzKyRLbyu1u3HsA2I7OecPAbNxHpwuhO78tRW7vtxKh5PCgNEL0NprVl6Bjov 3UXOhZWadvZOr5mlgFSncc7hFix1TaY4cPAAI3vbvir7ja9L+/hTqXrU6AX678LOCwbIHFmxIDRj VvAuZFdYirm//asRoeToYYoWpZoV1l215ncwt6UU9LjKgWlkRL6CrUgvn+4/Z45+fm8Kne66GUMP A4LB7Mxdd2pTCwkVxIHFuC62ACAG2vJ2iNtbRdKevZ/CRb5azRwGINOZTOYypaQQvbrhMEfMKNXi /y5Eqk0exAhJNq9OUe+GRty7y4iVg6QwlHugjnhG7G5rBX3h4yH8zTZXoHGbzwtVsuyV55/G6vYE eKfAdVzNdzobpjDAksCmgpX7rp8l4RtyZ+2cSU1OZLRtJ8uNO97ApWAip3VF6Iz9D6rf1cH5ZWiF M6Vaxj+MfYRoT1NDcUOkyc87DekwEcAOgIeq4UPmbZObIV4vNq10iNt2HMIJZTIbgf085HyGIzDG OJtPLfO/JWeTg8q7n61YeiPiM+sZRE/vNKE7gNPIMbjEQwwj/0tR9kn3dE8kxbS6uDLs1NX5Igf0 JOT0jq3fMpErwIwgTDBtPDalLtM2GlBvjdjvuDWCMsip6Kbqw9vyYAy9bO31t4UhBc2wZnyelpLT j5k0VenetJ+BmKMYgWC38Phs+b83/gCGsf6pVIUvHAv6ivEpfUZZkZ5ckWHlT2uMnrLuw3fnYXRp sOtKsDFIKfAnS2Hi1WBCmERdlDkVjS1poO6Vv+Ir3omOzuNe6qoeSCXtYpRoYAZqEThmByD+HPy6 MI3+VSDU/aELjtyhyPBVH5xjdXur51r1dTGvomWvXtbqcHbjK8BcXK4sAkESHEeMAKs24w7+onGg FtTgKwDj6sZylv1+7boSgb2UD2Xy6rFCTFOeM1kleDb9RpmCfjbwySJQySz8AqL30e3ZrUMkPU+1 xN6dutm/He4Xi7E1/VmYCydJW15bAbAQirpxYno1W84kx5OOwIlkg/UDCmquelNgd1Mm8lf+ZBCM KFEMJMu+mthyI0MrvD7NAvZ5rTvVxW5euzzSwB9lcf7uOPHnSlxSqcm88MIND9wKh7RbMhXid22b +E/ub6rtkdUztLjnzKvTA6TeCYCUim6FHvCqA8EaH+eg/t2Uc1xMwxo8iLHLe1wn6TV79hJkZu3D 4UjfJa4egFliF1lkOUjk+yNoAZRthEGy+KSAAFGGiQNlGPd6vvb129eHnhXjSAdElESy1R53SgTE jFISozwjspn5zUeaETNDTy6VHwW3RyALF5+NG2Y69Wf+9WTDSghVqNveFSFGB0lKmPTJtIBWYIQW s8BzCjgludERuNQDwdCvZ19VzvUIpMHRkBa5+xjaMnm6FBRmMOPuB4QKG5jXOKDYMD338SKp9jOG 2cHTmA5jrUfgN/copM4zo1ZEkpylktKEI66mpjw2VfCxMJ7S/P9UbzsVZpVkK3MPoh1oY1dB7onu 7EHq+SN0e+K6GjYWaKRwPVhxGxMNFMLjWRpJJFdstpohjdmz/xJ+2nIkDcXUaT+4N/BuUMTwnocp mceVw/ptOKyLVrih9+g/Ut203uRnm1Jx/z0DWmGHFguiFTSL+YWKcfkBHDwHtmo1Htbm5/mQgkZ8 bT6+CWqSvKkaxbmFuJicXgs7ogAL1z1vWMy6yCei2v8xtldQBD1YYZjlOEc2YlUcwKL99FcXYkft t/UbbSR6KqAUEXZyTcg4CZ2VhMuhvBvHSLb6reny3HkKQp8FEb5Kr+SgdMdZWAMg8HbMAV7X62Qy 8iYoFin81iUVAM7a0kCPhDCyOUTjJPgpHxXi2ZNCiF+hQrSekn9M03uw2hFZ7k44JIEmWDkRFasp ZHd38qLXHLkGhUGjf/6+KJ6irDiwp+0NslbOzt9wSEqsVcLPfdu9X0RA0R/8A2k9SAUA6OHGC1pA c6TigxV07sU20wm7ZJmNk3Wjt5bfsJ9IT0BCCfvaOrQbVBocrxsmMLQW+YbAqw0qRRkbzReQKyyS 8FELqVQ/T7cSN7bWf5IeyI7DQczV8TCw8w010u64Qf2vOiOlG7TcuNVeZq+uIBuPPlLrmk0wVeFg xP+Bmg1/OwhPj7uObFHzm1pCzEDvnUkNde0YiYNYduVIwKQowowDbSi0Uzij/W2y5hRbFxy0qz9M 4nWHjpRWFKGVDfA7Ufnzd885KxuOByVmxIvLTgv3jZodpDatDKFFIzdrqGihqpJGp2EMMDCs5vku qoPqqJFtNUIx9fYRPdOyOcsZfEa332r/DKigtgx/stm249g/T4FtwA5VatyPZxOQrs4pikCZnbxH BWdb0sgcb6WKguExOVdrphEBg/8Gt7XueHEy6FkLmSvuFUYxf8lxh0kgcrKfejkx9ufX2LrIcjnI NWgRDeErZczDG1NWRR3pyRnxdPdN9fn52mE3SIhVS1xUrtVD7/NfIGQoaaQYHCTvvzTxEcvH5x/z JKElMdsSV/m0KU99mp7sC0mRMBP0VgwF5xNINF/0vrLrtb+GmwTP7B8FrHkfbWrGtUyNbv4inq83 lsYmFq+n4pdkzBeyHJPPlipyeuM0lGevWTRBaEPkEf9Cggj6KnA2UKzd/Cj+WnVoaDCKB5LWnIYO xQ/qO3Bz61Da8q9hFGvsrWNyZpZzuBZYPj/XIDhnbl7onK0xp3CvI9EmTv+FynF1Gov4OHObKqbu 6NeNG+AVG4bgUHPFKlXoDR3PXSG10EOHg4CiwPuhq7qrVi2TUpH50btPVKkcNX5mc1aJe1hYPQpS NMVlPijzhO51IGyBr0zuNJpRKZPGQ5tPNnPn+y/u/WztdsVOd6vffUWGIwxQFnkUJvu/uKjQoyEJ 0unfFrOHAs46mGL58mQ5XrKtJYLhi/jBkbyM2Q2MUB3CuK420FEBzK908PdLFsHz28UKXklNhGAg SZMKkHuTc2WUTmpUsm7jSpLsc+56TbAMrwUkM/x5SxGCa+PtHlAeVzTLE5nNOBCmsAz9IwSQd5wx j3PKAeelo41wzKltU+X9yTBYnQW9Vxh4pQZqkWQiASBhiozcwdpKHQw0DNRqZTZNFlwKZwT8chjM 6B+OJIZIibmBbkAa3+rOJjcFe2mdrIFG+M0lvk8U4tKt74nf9hpzjW7D3nZ5Xe1ol1qu6VnYeBM4 DuH2BTZkw9j1B+tZqwFRkSDBs2jCR5UArQxlwKuyfq1nMkLF4mNeKRSMmWOduHz2R/XbV6dK+J2y FHMhyd5WUsdj+ek+UmwZqqWBd18W2OUMuSunhbn/iXUmrRkPVHfVv20EbozlxarnkzPg2IY9GBSU r1VadaADVhf7sjSKdcrEB6d5ylYD+6A/CPeGh+gcwvPcn5X2r4tNUxP7vBzJj0WCTADwxy0tLoSz 5KGsyvlfnscdGS+SNamqgucQe4cv4ums1l9DjhBpzCxYOw+v/zAfAXLAv57XuOejz1gc1UghWgQw YWNbY1C+5/oy1AsLuVMNdBN4/u9ineAJzUibFrC/Yalb8wxXtziqVFUi+lKswW8QhMuiSBAw0Nw+ Xw74qbiEzxN+QS4a40hseJpGzt6pzmUTjqOkTGEU51YM2oOHqwjx6nXmEGvj6Z15NG00wSCB1YP7 UKG5zpMkEaDIs/FuHEli+B+pKeXIo52+8NRfvCo8iH8YlVxyNILq0Dt+zPlBrgtCKo5iNqR5AcX1 sR+iMOJ24SKOfosmf7nv2YE3/Vwg6a+ptwEDou3oFhZWWskG/L/fQ7Oxz6P00bEYVkofELJciQ8E M2NYw9ltXh9ivJmPr5p38oBsooIgFm8KeA/S0vS70Se63EWAB7qY7ru99BORYXVYkBUMTnc0WDNo 9kaqPiDGyZ/bAyKUsgoPxN/ybIYk56Qchwrnrz3UxhXZ6F6270Hjvtq6fYpSYb7W4ApjIR3dK0Wm je9AxGiLdRyZaXfxjqClsBA9WLJl9SeLMnkvdDcvWYAtODKSEx1p9apMitaOgmGoXRfoAIlW8Jqe BjgyijeF25bkZG5mzAKEqUGL73Ayecb4l9QiZH8tT7w1FL55Fz6WtH0Vqm6ihAjX7NAwWT0k+fVe cufID9R60m8dTRLt89gmQIA6wqmdklGld0WYcFT80u+v7Ju9HYQONn3mls7mXwxmo7TihDq7omZQ wpCTWMO5hL6FIi/OFo8oDRZyLIZhkP5DWMoa8jPtS1KR6aB3vrTkadgwbXqKiNM6tamYBZrWQZ0p YYFuccFbWRE/+wYuv42JQ+Qn0TPg4dH4lIiV6wdZTyRjMVIX+MP8qVzD0uxyAT9gCcH3Z8pExNtc 3ftiIG72sVhGEWErOrUlNIwk2CStXLmE6nGeQ75w3QLfj5e8BPD7vnTIgoPXEkpF4zZSbFsUXeBv BFhI9+nCEAQPBkKGaVdXpBlimf9pt1I4d0WM9Jv8ywLLCFWRi9PupADhfIjIxzrXu6AUFwIaZb8G iRIqybMEnHCbjAT3T9me7byFrWBX9TBsKodS6xY4xtw1kLMq4jVYIsc9EFVyvszwh884m3EqZkcm xcaVACIPZ697dyPNTbweyKN4/T4gZcF8yV887WijKGJiV5FMFYWosQ/X9+5kWmkZV6htcrOSkA+k xPJZV5O8z3HhVfu3uHO7iPOVEHeJT+sQHLYYaQfb8pox0K/GBBbbKbcBj+hUsWODpxUoICkE1J4l Fe/44M3Df6dlsLlTOYi08cZuA7Agtmi9G7vtf5/ejG5gsbzfQ86lKDN4cyqTclbnmJYrvRrMaSvj K8unf6QjlTdGR5oAO8oNW93Hi48wRt9ZINDXnoJ/tMo1NaCjxCqZtH0k7tp6nzE0nZqONIKZ+yfH JUU8r8F7thMaKNRbprDi+ehjQ9uSwNBqEwqwS2qZPSdziL+Z7oo7OJ64GXsw/oglC/WitGQwVj+6 slk/PHatNUnI3ZB3sad/4/IyRXGdeKcm8jtlktR73kOe/jgV0FiXStF/s7GbhvwvL08g1EO7pRCn fH7XQlWdTmXJJW4ANRTKT+YsDnRa8tf80CMImjoCY6Zu2iuqtIIHVBlL9DfUeSURra8TzwMsabwr B8n5QryjO2iE4SQMX+zX/TzT3w6zJzKZy3WQ/zC9mHq3vTv+WJVyvBAC1wtGLiE4W7ArSkc5eDoi giZ4ZQFeSWCscVrsiHzuKEhycVFbgb+qE/7jCwgvMT8en4MSYKnN4nHaVO8iItaASdjrkEDHhXR3 Vc2k0wCjJy5COvmmLvkJS0+ZEeUOBa9x09VLoy3zA4oAbYJM6RuHJ4U6OIgdbtZlcNndX2fF9wlw RbE6OCNqWh5bjkJbzrrAGWFPYU9HCSms3o01EcYGj7QOeSUyuFzctVf5MQ85/W82WwSq7J2ymkzp EFMLra1gymfB/vhnjpLIsPVgIaBhuP9pJOciWH/GoFUY223FnFKGEpzah13Dtej9rr6ALBELntw0 zzkdL/jiFkl8LecEyynmBwpVvJ7m8i2OiRH7GrpZduE0KCU+3/oe/zWvbDL7hj5hmUg5+ZoeiCJV yYGLiTOYLc4pBtlLfyKFvW0ZpbKAdTHaluP8Q5FWEtpJ+7IpLfRsMri1lu1LP9yK4C+CR0m//zFI RJV844g5fbut/faNgytdgvFBhAC1mIg9rBn1ZAfn5ue1scZ0BWM3+sAF+vgLsdx/F9c310BJdJPz 7Y+tvHYUNf9+BqkdWx94tx7007qT/u/2WUGO6EPlXFMFwHe6aItsAkf+pcoXQyWwUiPLEAktzUBm Vja6CstSgffshw0JUI3yFsAXGQIsit82ueAP1glgZJGEePgoJXBi934hHzedkfTm8J3Y2W6F3qdA gWudwamgd7lB3F50X4seJYcYaCru5lrRg5vvtOinoHeHW5Cee9mPLxUsGrVMdKlLRQ+3ZmjIrauU 8mw7FdvTevolG4gqvJ0Qk78cXXnCQS+aE+H1jYFWoDSTNM5dby2d3Vg7FIdcasVst7iif4XRWybY TfTDKGTahkogDxsz2TnoBwdmNklZP6KFsftkt8zjvC0yUQgLagMQFW8C0Qzp8+/qpkt+YU+PU8W7 HBPFAoATOQ8Hn86Cd4edyx4riDDbqLVCv88AdbY7urTx4OHO3gE7hLsXWp4dXh2AXNCEr65LAnV+ anj5hvvfabrs7vWRCOLVzGVPR2PLptvzZeyvBh1pvCTkLOf5baNxteNz6azEuEmUEFw2tpHUc6WT cojOv1jJFdmAyl2HvLa1cesKIQfATTULDAoYYxnsZaEgx1HjTKDsl+p/rnDSjeAxPo6u1/3ZsH5g pGhGwV9yN9ImvAsYyIKZHrEF0TpV0vMKUs62cqFdDBvBpykEdxx1Zs3v3hVZT3MDhMUs3pp53/Qa YJ+IgWCwWpIjHbV+c3B5pSbpQTsdXcZawYPKGqhkKCHPz3/xP8dL6D/ABc5WxTe/8N5pHdaZvIpl Eopjbb2T8T5rOHF/so3uTC3bL90USVJ+DpdzNMh4SMw81WWzBsdfayaPZuqnDNNWRq3W/toWk8Tb NNv7L1fZHNu9vM27L7BvmD5iYqKqHmQqySKv9+5rjGJdHCA14Sl3yTuTeatArwn/gqDGlw2pmuKw zA5KrNy8iF4vX2mSJpDVPs6/vEwRYlxoUkgl0fnQam4EWx7BPeJHlBBZ2Fqkb26x3lgUwt/Vis9o hJ2AggjLQ7rItkOMakg0o/hWoN8mzFKCjh7lnU63CIM+0hqZerg6ZEO4S1rtdTCn/IAcii77kbW9 anvdb3jHLa1TOqZBWLZt+Ti+IaINJawRqvcLhrFGEyopAc0hCj1X6lZUNaQ4rJUUWMrxsou7NESJ XEw7IcMKiArygV/e7kQD4Bih4qfDLMteWl/6FUtmboMKY8MX1QfxyGWdCgFdz+Nih6xPU65jE4mY xzvkMDssiY9grAqMd8yXNPI4CONBLeqjg5pyDdRV5U5wD/g1uEI6o3XmG+bsU6xHDREBj5mTM/AH b28xBTYSmUDVu/2D5SbZr0FblbQbZA7Ysr4DPMUIxsgA2tyqbGvLFoaVKz3rlvX4us9NO8RC0KC4 vXIxBfPRXFvUcPPfp9qqplFn/1NsDOre0mFBh14ioZz6eQkez1loQ85+1iYPCdgTVnqAQ762xY3K oHjTJeStXgNliIknVXJmOaeZ0S4LXsMGXLqS4CefxFCu3kztbmAQzMECJKaPsHbALdpjmw9RSGCt i7YNQKdpKU/HVoUqPSdWOBchsNI/YOSaoI8yYNc2KVpbdCn99V+tShV9kzk8gH5zBVYDxDC03vCk tzPEH36tngyAwx6ucAz/MWKONQMlNQEXFpfX+epIqGpQrvEgdlqWETSdfb+iieQ3g72+9PoHWlDK jfLfCcFcPkqGGcriTeQHTfXpnJEpDnGvdZQUHFjm/YRST0PC7bCNalbZ0vqqRTyOAsiSDL/OVOhB uKvmvX/2c4adVBM0diC6l8LOtRbFH8kL0mbCi0nItHmTEilB4zcL+d/3aX7qadk8Z1mEzR8NF6Ad XhkFA94od9m66clSEdIKdJ9ztQ1Nh6ySI9nB0T7GDAjPFKumV5xLcVLRB3ukARzx4WRCemo++Rbk akYVBuuXjtVW4IGg0zBjRAVdUwLGBXLfrW3N9gPlVafWPN7YjRjrVBMuEC5xB7imA/ikvptV947e Z1pimqj+h9xt69+Br8Ipy8Qz8PpRk34QsfGoURpaopxhvWWyDNBhGNygWtsWRDFkjPTjlIhIzFUo Cw6PoZPWCGmUfB2cV8DgIGpWgJ1L+PSEcruRfINHG7TSZC62503o1y5sLr29F/QsN4xCZnCEqD2v iIR/l1OX0WNHoG4Mb/w6MtMJuExdJm07FqNfkdMl3vBkCnV/zRT04wdufHMbMjgN9etD/wqKDJ69 EhBxl7i+MTKrgyd0RJb3tBOSRgcOJwZ8gp3WTVxteU0Iia5S4KYusWgwjUnFK8UjAWBqgw02LEwM qqlrJWMZLAeKAbCBg+wI9TQMbRmFYQ6nKBia3ZAiSp523aZ4nnR4fN9b1e9SIYLJaZlu0WXc7nQ/ t5bPZXTFftuOhxLLtNmk+Dj4+06YZYxLG93ByezH0VJqGNaIEMIauoX7SR4tXgPdZGseLZvcj0fC S7wCugKg/PjN/E68jnWK7H1XDuB1L/Qb2y5noV/K+Q2aalD/CDDJV4Ub39gI3uopbd/fb1rajXXS 1nmhpsv46A3PMQ0QYl2iyL2o7FUFDM9SFHIkHERBu4o1WkyCTgpzdgU8a8sGQv9o4hIKt63Bgu0V r0JfJhb4X+Nh1tXuGUGweglWDOALAkOHxyymWR3BKZlgu2aWNbivp01z5SVkWP5OEbBhsHR31sJ2 blOaHTUNeI4yKa2tMc44ZLAYImKjqoIOISJTSzgaRU/FnEsEuAJK+zVSIGp5zxyIq/vBpG9X8gp7 AuIY7pjC2XKXAOdBh6s9TnewXWw1NEGybRgaOwDnCA47c+xgWZbtz62d0A327kHGhqLrNlyGaKCB Z1wLPR8fgiH9TeTDxOqhphVs3UlowqLZWjQ8uLFTeFeBiAy9rJYsiqa3vthK6fQcariLfkjvf97a UV7S3xKpdm3BXLDrG8KaWDXZxyA9dFQfsKEhJs6OR8qSESH2INB4+oJuNfTurmPZiq+jVCBMwqnG rxl9PxApVcfZeqcvh4cUQJuEabOnpXbobgFhlqlw2vg8VoswRD7+QVxE4hkja72Xf5vxvSr/GmNk iftyuw2NsIL4Rpr8QDEX80hwb7PJEO4T8h1FlWAv8lBAhExeqeL9/yevTUkLBlEaC64wMapQJ8yE 18wkteEvvytIyvbMBICM4KKqTNnMxMeDCxiQubxGdo1dM0bGY9Z8kr3flBd7M2dcOmEGGOJkf7O5 Rxiguteo0Sv5nIUCqpiNVjWatJQF00qFygLHF1dDL1QesgC2jJLSdxqlzUzNMBT7ePTQxUs9Tq6y xf3fhBB+xKpseXaZuQbfMhJp+tCMWzesMVIzwJCCatcYHJxLdxgJQusAZXX+a7guBbnJqI6UIYS+ T1HLjJ1FaRTrCH+psT+yL/o45C1g/aY+TIHLHRJ53LmkiWU+9UckezPtGaINgiup6ZOU4oWmYvS3 +YSnA6rvUg9+SdhK88hZZT3s6a2Uy/N3Yv53hlVVt6LmonUzCZRrNy/hvF0sEAXU0Wt2m3+nv41M xiS7lRpyA/anhATAxgyVnhQ7gK6RzDHWX6QN7hTOqM5cD6kDoBCj7Sy5csai/ITaE0zYTo2qfR2Q vDJwDrjZml+OcCEP4ob6Y154mJY8EPeFVVeD6PiZ+Ch6GjYSZOZ1CZ/RlRYgDBcxnKMPRlZh0SCY d6C9RV3xJ4+0OiTazdr0Zhd9nn4vJCFSFw+gBYCcQMU10kFImIpyPzD3HI5/PQERZT82QxfWMZAV 5kV2I4VrlNefb0rkeVRRqqgDwWvmuFTz0pmiJw7V2mz3L6H/dKvHX77feUYTUIWFwXMIH7BLUHq7 HFTg8LI/HoMeJW86ptmDtknADmpb97DEarShzOazZ4dpEGZfFqQ54F5N/Sz+2iASlFjb2i5tw968 aOOTd3oFrcoZhTJcapTMIz8wNCQh8FUP0nuwiPceOlbeE5fA/ZWgBy2kPk4J9E/xKjE/WfaNUN2w ZVeGkEB+9z9U20dvIcqFIKc7uKJxSob2N5dlyqXGANmBvxYh7D8IwRli3oZJ57/qE/kQd99olHKi vTqDh2hHF+0y3R17tFc64SuAOndCNhZcrN7omg2Cj7vcgdb2yGYAErbv8AlwDEKGLZEoNsHdug7n oTI/gToNOA+qQeM1GzM/GF4Rt9eUG/A0Xl1XsroBVyANnJkRRgG2EhvNKUJVCOG2ljMwShDXA+cS M+65eAsQdGkefARTiTyjhLWBf0GK0laMqD8RMxOeMeh8l0N0Bw8qlDJ406a4lb1nqYHNzfgkJS4J PstAE/ZJSWF07UQ8M2c4J9C226ulhuw1t69u2VmyukykR9+SiojcXr8wqGOnMT7BpYGkdaPkksRC nhdxkADjNibWLjR3ccm1od2iRyKpeGfKbmbbEaqe6mMzSfYISk4q8ks/+0zsT+vf6lRBw8LJNd4B Qtkgq4yRMtPycZEH916SbIr6Cqoz7TJ6xpCcnHYMZPVTXpoB6YAK6BvptsMeCBX2M4guapV/fVYp +xjL/wC6ec5MBnxdW5X2qYxBoQboCCRru00YKzvrQ/Nj1GtzXxLdsDjNLUw+m7jcmkLejQYYxZsT pJvat5gIme8gBY/3VGsudNCG2TWN2ezyMGHpQ8okzQRMkX6wxgt99HkFUyJrv78lBj4rdyvjb4S9 2rCiOkc+13YBYDX4IvVRjz1ueQraSjR9zzVpl0wm3gCBYcpDWonE8skC8EUxEqo96tI9Du2Hdxxq RpMqU46wHHMEeDGSEjsWv1OyiUwchLf8B4AZ4p4dr8lm8sRmGnUFuCCf1puqNauzmac9ra9lEZNi 9QVsDWmcD4IkKsuU9EzzE1P1vRwmCmmsLPV6PnR5e7JWtjAxtNalegbCEvAnuN+tChPxP5g7VRt/ uzP6P1tUgHzItp0JvAyJWqNDIi70CRW3Vd4aVbqr8pC4saT0+HDIf4UtH1TBmV6DTwge2kYrLOqQ XdXnmihM1wXiaxx/Plgo/PvR2Hq6TLDM634bhYab+1xaafq/4sqkilYA7k3TgTvlhnR23gszRrcu iH1/gpJ7KWj/L1hCc4JuiDZvV2Xs76GUTSVNXvBzmnW/qAu+TAQa4SxeF+h1FyZPD2gUUkkWkvUT rQh7zz/j7wgoTHrzaZP4w4BbPPOamrLdkGJDSWtuX7HBpROaYkza4+dMfxx2BEAA9INMAIEI1Agg /0MzliRYQFijHXPTAknNOClBGx7Jfl0hzb1xzNB1si65yi/ePZFU2e7WdbLh19IUv/ZbH1+OksbQ yTtM7HlnYIkIiqveaUnMeMJuekfOdPOKRFO+ZSx02Ujw4omA1BHQQKvla6NQR2SxhH6tDcOtea9p MUhCz7+b1xCuZIr9gABLkryEmAWA9PWgxDudXY6RnDRE063G0rTofz1BmCGOhAWtNnNwmWTe36+d uiC0/1fVc6RCYjxogp+baeClAjO5k2pzuythXpnalE6nKWty7IjcNoHwZV/Yb7OFV3mOzjOhs3Ip MihPX84FQHePHdexZzZQk1nQcrNFLbi75cldOAkF3azywd5zteV/MJFp29fc2LBziiFipeCOmQOE 8xMl6Dvxwz5nfiVLQu1uBeBpu1NYMybsdSGqyGkOdP7s2UM5RTIZcZEnTKAYQQhwDgNkDj3iZp6k xnVVmruuibu/WwvIYdYBplRpeiVjLYSOQCPur0PPGmJRabnyvlnagOoH8FKLgqbWO3Ig45ozs3mV x2biLVtwXJm2LAqA5OsOw9XYSCxn+h/qtS2oawJ5y5+B+N5G1KJbze1hKC3o3n5y3h3ibsFir97T y46cUD25R+wQWLCHV68RlAvf+yJ9o4QJ+qAjAqUMI3IT5wevHNbOcY1GyhXOlmWU4k8Mq7ViY+0P 8KuDVVh/ea//NzKsRFby05q30ZYsLFRQQBLYW8nRow1emihMheWE+VvyT2Qj2bFevIWrq8W4mvlg 2hrifokRG+DU4xcDUU84FkT2bMzo7i/WqDwB5DdT0KHZ1vA29HHGu/qZ9O6+pufOMG2py70T/Tb0 4qZTnWuT29gQMRwofboqO52+ieFkMyQUHi/CgOIS6a7Fu41Ea/r9+SrfTflg3W0LlpD24Lj5GHj4 Q0dHg5KSUTRZ7stvWrSZNmpjrodiXt6TM5w31b7cfl0UyIox+Fc8xNFy+yruKI7vHYG1QzQSqXhy bbqLiaicGP5Gvf2XLetUthjbMm8trRqpzJX274XX6nDrA5Fk4n6diGffcIksXUH1BBgW1ufwpIva PQFdQlSczp1CSKL7jcGwGl4/Y2TH8P3AH7lppJrkVfUPemG/MFv0/d3llU9cdHY/TPNtHNS/XquX +EMpig+jR62LskdiuJjB2mpqtGlUXZYo9hCy9U3qhHxw7vFFU+O1NHW3lxja87bJKAWzTtWSbrYF J871x5SLpchGKnxb+KoOd/KQLUyW2nRxuXU75iYDVdS7Q8wb6qsQbMdV498HQcTQmtitbiJ1wyfg 8Q2trKfJ+93KKJpU/22TmFm4OfbPOMZTwL2Hc4BcX5UivWCRnoZK4xlZ7CZrI1bOtXLHptlJqy1D DNQQxZhPzthpXtZ5I6QOeAuOPZVyjrBzM+4P9U9VvZNnBehwLFKUS7MGbjIu8Yb07nV34aGMmIh0 mH0zeWTQyURyso3wAhJtxJrmNNFJ0FPpywHnPsXAkppXFPVoIwP5GNbFLGF1XF77D9qp0V8N+dyl 7NrXlGfnvg/CLXIgF80nRHrtCurSpeF4/0YAe0r0SDpI8nuu84+/ciIn/rJSAZhgGzW0/L2HzbC+ chN1bTkai+PA7biKsbHQ/TMzntlgPsxKv5GpzKvMzgwuQU9SUAqTY4HAG8ZIYMqOdNM94I80ui+h QsoVY97H4TyRtP9MuWTguC1+DfHBLc8g75RLi4B3cEIB8fyA1fLYCmKPwN9uzOIR/HvKVOpqOxoi VbzyjJ0fX6jSS/QmtBthJ+xYkWT5Ynhu8kAp3oDbNRS+GhkEcAnyDynQnlzAdCFkYr8r2gMxZZ5D t/UnG7h9kaPwwKxHmVyaSg5wfhG1nbP+PRuqQUL6V3KU4/uzj/xSFtiw9tIPINhKeQeHui1nnNFY p634Em9lHy5f12rT3Fb29XT3gL9RdN1ko21Pd5OT3YCozDIR6jzV1gMhrACuvr9j/uI0jg1dFBiQ QYKOY8QXg19L0bDaZxIWAYhDj8kM3h+sTfhNTELKUNdXwJtx+SBV/OySQWkSh8I79mw70aPL8y9M Rtgbi2RE/JY5cwEO/isEbnRea0vpqGRhDbIKuTtZ+t/fOinObhe+z65y15DPE5fERGR3FGxyOvJw nWiAB/ZwLNck+RVSyOiU7O64gosFycDGkk27vv4wegSU+aUaWKbaaHlUVDYWcL1gvm5xtqM+VNwB wC97WRpShiaUaXLgxU5qofZuMvzGRGImdIxRRW+ZfS5BR+X0wyjLgRLGvtFoqDRGm1DYeYkUkLIN 9hUvLCNeZG5FwKiXzgm66tgVtOFoqute/yNwG83Fnf7sN5rWUuj9l4L4xvCfmpn0h6t8/SVY2AnM 7YSp44RI4r64/0q/ig+WP9NzyI5GlrYherfM1ebqQw1Xu/44sv26MTO0v1XYmtR9EdP1FvilUTz8 iFmIvZIok4REk+hMVDdthqkwuem8UGRqyWlE4n7+VUyeN1pMTvIkz608qhRGLHf18V1qVYVUN/mP pYPDaP8mNalnH8GSNOvwdqskSlZ1Bb9O7oQ2ODnBId+sVwzyZAg+3/FpkCPc3fuX576Dz62B34nj 9byfn6cVok4SeotPj5vkRQ0F2psSD3AVECdZKJEVcAwg5Ap1w+RXLdqmFBUR4/9oV5Yesyd+kTnX qSNeDNxqqxchAEkPI/J8xz15F/ZBR1+mkjsySNL9wtMPXvd4evqal/ERZUCjoXEUwfdUaHbH0Nfx V94gNRd9ZQpLlTMhgl87yX+msyLdWUTqeeL5yGqJlyVLl0gjuNuauIbTJDgOacAb/xFZnke9t4E3 nFtNpATQrHd+kQpzVKKyz5xvV0/z3ib3B65Sw8n7z0usxhDy7ZXWg7IO4zRB1fJYzlFUFDrfRHSB omsmUFiDTYYsredVlyQKAuKrXrBxT3ndYoTZKSEd2yokdvAUxs+54/MNLGzA7WukqHHzZYp5dhJW OT3hevhYSzKJrBffCxzWMW+LsxKHn/r/S4u71NzG0cOt0ApJg7kn/UDrE23RXTK+isbCGrBZtm8t +JJCTJVI8ow4E+Kl+qiBNr1F87RCdvpn1ROrmU1MpQZfX972mg95pJxUFcx4R4CuurVCspkVBkWw iXAeSZpVaPgATJIRhINZWpqjtXob/sar11rHkgkMjdJHz37ar/nCwCl7TGAOO32eIe8Vgl3AGGyf 9v4/v1GDYLdJFajdko/VkQXC8M+z1M1gim8qauWVMCQifAiMQICvjoBLESjwD5nHQ0HBljvRWNma nuFaWg4a+TrSsFHMFUX+zCK0ECqdedsjuIX77GW6LR1ZoMn2vyXMAhB/fdWmsNeSpNoeFKBDKf9G jUTRPjDyXq765NaPsUhxh4bwpKGHpqZJuxba8bjM1/5lJ1Cj1wuTZd/ltrj6vFfF8fE44Z9r56Ly GIkTNvI9F2PfJNAymy3Te55I0Tn7v4v4tHvUosKaWMx1KB1zpxvdRsxQa7RnYg7ih7PylohNI3LY pK9gywVElIibYk2Pr0mhRrktZrNMFNLZs0OXxr7bqkM4gf0jkW+iNeHVmj9j52ryxrbYoHaui8hE SxcYzyOP1YIRS+95CYZQe2Z6GrW06k6xPApJQ2Nqwcx5e21xkVt33OUZTTB9/PejtmLP9tL7IrDw +f88A9Wq0Y/+wenxBMNwudw+/tSYdqDgeYapukNf0Tuq+G5E4jDsz15Cq1vCsVkeRTGULq3gnlJ3 PV8fucAWY0e4tui0D8sz8PIY43q1saNq2S/MNUGgpEmoSzB2tFlA5A08G62gJ/vdXOsSjF9yRmAy LxeTealSi7eW+YpvNIZknyqrBzRqNQ0ycdNv/CgeBl5YL1ql0htXbLWlIqsbaJ27TUOiV0uNNRw6 25k64FxKYv78nzop5c5rcY/HRImB14RBQto0yjXT3IJpZmnkRn8B5CnRR8hRS0liwV0WGLivNEF/ XicDSRDA/Ayly0rkiipRlirJGJO66j6JcokMH2vveLl0+sB3pn1Fz7lGKOQe4bKdtAzwRXcwIQE9 jTroop9hXDk6FAC5pWhT9oFKtV1tKzWmKdORw9cYQqvf5vvnB1mK/xJlSJVy0SSC/psiwcGE4PoV bsRrbOZEHIVrzQ6x9ddzSvhsRvl+6LSRW6LSv2RxluLjdRjOhpbo9Ih40TZxSUPVHvZo/4b9SGd6 lI4r7PxCjYgLhTJ0EP0SGWFA3bcnqJFcnWTn1UqUE3Vbwe+bS5jeGBnw7l1KIlWgoYHIwZqRG8OI UjU4dm+pZci/yShSdFEqYGhB1YgLrsRZ2hugEjxcscZZPQXQcU+9AvCqbhuv9xN7KBkmzb/Q1j4D OQgm6KaaRAqFm04kb3w3EvUFHCNEkLWJvAPalcv/Oh55zVWmsSzM6ifGQUNv62e9q8yo24nvxUM2 pA94t2u69zHoc0lcgYo9e5tVbP+JXq3DWA8yRJhrNX7H7kdhZ9CqvR1IIaATLXdGDlx7b2yeAhwp FCFxrg/jbvxDb5/gYEj1Aw9AROimhrfZmgdZ1W2axLYyAJLE+CqhTA/wNkGUCQ0lMgH3DANbR9JS zZSkqhVLj2sUq2NRdFfEKs6tIlnG2kzdAume918SobI3Ld0UKsZfDqTAPfBHaN8JzaoBj9KD7+G9 etndtBg5KLwf3X2NEFthHtPAlle7Lt8W6QxRcU+PiR8cMNK/lAtkAmnMjgCulXEmsvfjl4caN7Mj 2uDR0ev79I0YVmHdXhxkbJcF8GdX4SrLPHgfmboNBPK3F/XslG9A708NYm2JSeNsScxXWynptLu9 6vpm1VoqNs5ApuvTJOK6BX7Kg1ACnV8TIdGoWK9O6c29LnS/NP91Sb+XSmtmbaeGaIu2aG3Y9GOE T+6r025jVMqQg8z2dHPQcxLNwQxAk+o4QfbusKka5Y7q1NfTqs73aHuq0LnIBVxFresHWlzaWk3j m8i5KAhsxqZlLGgWKXCH1Qs5YBX1gmofLQqmoYARA2yvcxXQDB/4kH3t/jmAjeJeYJFgWvgPWPDO opW+7XWUOGnDwNDwh4nfNicYE1kgXt5X1RJEZX8gU8r9x/Eeqoa2FbbUKO2qKFl8X8Zw19WImSKn G5v3UV1dOaOxpBSwohngQ6KS6y313Rf5+8vwTeESBuuYSN4Z33bjQxiTLNYj/WH/MDN2W40BVmyo toKeaDQ6IIeAb5noNO8sjiDMsErpaOEZcUrP2EtHnYIKAqX5sXmU4pQcbE0x2506p9ZcMWNCqwPN YWAFMYu1lq49wb3FevI88ncVlqzh25qAwNXB+D8WBM6YBUjrjh0oawIIBAXx6QJcfOCTKvye42e1 gcKIjFoKLq3IBtjRqbOb1sESfuUPaYBFaKS8ukdmfLR7S54eI6XWH7DZq36jR5KgAHU/2HyKtgKk N5B2ca7r5l05kSabRH41G4YT9iLJCY8o2NvV7EppVPNPh7mDwM+NsGCV34pujJA5LPZbIrGcyiPa MxPwOQSOheyQvPgQ4uCf7JtiKQpbcp8sE0ul6Oy4ytx915Qf1ac4BciMzzOtOy2ABL8zYcRMZOdQ KhnCNbKAijZgWFE8/l9wXy6svFZZzAS2vaVJlEq03XNXDbgcn5afduEAxOVG4PDeGSl/oXXjScQF oq6SBE8OJQYIeH2k1JHmQeSihJDRX8FOdHAIkrFFlXqo6OygEtLWjNK1/QlZt94QU3nAttoAiYJ5 l0g0/1HLC5wNTvrO8RoH5fTcawxFD8SRHepuuHILBBTHCcvVYd6T0HDEm9HwbgKhb4qAm6mgK/Ne FXKJ+kmLu7VpbnXEF3ex53NMr7AZyfVU8V9j4TkzNaelJHCare5/dHQNm4bziiV0VH/qCOjhAFv7 2IgyCSV28fndpX42/nNtRQO/+4vcMtwoF5pHYdyVy2CJ8xvEqRNS9gHbXg4w0S33CoVoG08oZ9Ce 4Zh87wnAPU4QBq5CxSxcAp9KrOB3dZAUB2Rdpt2uHSIS2ObKYa23WXe0wCvSvNTh+VC+ka4dZZu0 JaHrrFHa5gTMcP7huUG3PEU+Jtw1Y79tc6aFAoX/Gzwcz/oRwY/afURNPA+n2Uy3Tc34870eCApQ ulKy5b5hPKN6wvfOFM5D2ME+43jmAc7Jc4E55ObfVW/cD/Min/EJefEZ9ZwBGZdUJyMRBkivRRBA OJIMn9YupjbRRd9exazUfm0bBLdqe2KGZLrckAjxfeZAnujMSapL2jwitaxr0b5/rf9qdFYMf3PK 71Z1XjAPt+sXzCqSnaHIcO70sRx6QJSvm9/KhpsZenJhPzLXJ/Jm3PMJLRykuDx1HDCoPrP/JJn3 tE3Z1wriTHhao8QYa7XL0BzEUGz7/1hT5O6XUZeBlKznwy0L2q/3jjkcUNs4S3da7Viiy2BziYs4 lRIL470UO0uq/WTOCrNU5mb9t82tfioqVL8QZ/JjOlDBFT/m5HkAPx/2FttJlZpZ8O8x3s0ZJkuu AIG0OSKg+Oe1amtkDiwz+BjBeNOSdGm1Iv7frveBDduiPeLwle9oVBuHD2DRpbQqltlcprefn6xf ruf2+qCNqYAIJMYwPtYMU6nrEa2D6Os1Z1GSSyMQuirVU/is8x7QrARGsTRj39G35o9zWg/AogPv Z89GmUPBnS2velCjOoyK/3Ede8nA5xzFJ4J6fsis2hK76GDLbWajy+mi+v1D3pt5THJVXqgHL0qy h96q3pDxxkhIfohY8la09FUg3SYcZFSsVdwERWW4HvaOqlcX/x0whApU5R7uWgwTULv/Nf1dnj8S CL7l1wvYgKGYFND5xboH6E6TyrpVGTyGfU87Ts4yUvbt8pyeE1A7ppIhSTcHw/87tzDk9WnfNrQw p04YqPvkWLo87KGfaMWfCZ/tfaaTNFfwqL9rUc0Umh8dYaZwtm0f+xpH0bFlSl8CVK9UxECsZI0V tEkULdk9HdHm1nyzFXm3sU433rQzLZLJ83Kan7SMbiel+br+IOI0IUNlpCG0O+z2/PXuVOFsIydh 0hKFQnMTMpVp5qlz0PJt0CoR88I1PkmtUgDH/udtXNFWF1Krw6PB8kx91ZXCAjazjZCoCkQ/CD4X neiF25ZrQ97Arz98Q4GTo+OZzhsQMm6gyf3xvV3Pcs2AinjY7hKmJ4nwyIXr9mxT5soqjXPHgt7w kESLcsIMX+KMDlyvXYatjob5/NK5CsmNArgvyJT4c+f87WZshZiMWch1f6rRmzugT12oPA3oYUTg F5ma7ys79btHJfRB98JD/Dx8YZUhU1b7/NdtlkDYuxpizyboNgtbDTaJBYlE7VcaYAfnIkqi7xXW Zowk38hH4DFtybwpYVf2S+xkpvjH6GF5XMYORv7/GtCzeqhL8E+f6trWJWulXiTcAIEBzWeq+lIM xiDGzUVkSMRStcSDHQIDaEdkhqRJPArudVX5xIpmAj7DJCVlq8CPO86peJVwTUhH8p/O0Qgip6ZO y7WR4KxY/Kq1jkkQSKKg+ZxVPYjrwJk8chMfEqBWDUIOTu3riUzmhF11h3wASNoIa0PzSywBmwZE nszvGRmmNlnZiSeWVPpQRolW1MuOos9dsateQ5lfjtd+ZFUhk/mAzCn1BlnACZAH0MnIaAswWRXK vpuNeM/e7vqbLddE2TDNx7aD6LVj1CJk/efxqD3zoCJ/hoVsZDSKQ2PJDKRNujRA8YEjkmYxnf8r n2m6b+SztAOZ0wt8PZfK3g1fkEwhNdUhQBwItMP4C2YBhbbuayP0NLJeOYaz/6wAAAXcCmVuZHN0 cmVhbQplbmRvYmoKMjYgMCBvYmoKMjg2NDIKZW5kb2JqCjI3IDAgb2JqCjw8Ci9MZW5ndGggMjgg MCBSCj4+CnN0cmVhbQpxCjc5Mi4wMCAwIDAgNjEyLjAwIDAuMDAgMC4wMCBjbQovSW0yMyBEbwpR CnEKMC4yMDAwIGcKNjgwLjA0IDAgMCA1NDAuMDAgNDAuMzIgNDAuMzIgY20KL0ltMjUgRG8KUQoK ZW5kc3RyZWFtCmVuZG9iagoyOCAwIG9iago5OQplbmRvYmoKMjkgMCBvYmoKPDwKL1R5cGUgL1Bh Z2UKL01lZGlhQm94IFsgMC4wMCAwLjAwIDc5Mi4wMCA2MTIuMDAgXQovQ29udGVudHMgWyAyNyAw IFIgXQovUGFyZW50IDMgMCBSCi9Sb3RhdGUgMjcwCi9SZXNvdXJjZXMgPDwKL1Byb2NTZXQgWyAv UERGIC9JbWFnZUIgXQovWE9iamVjdCA8PAovSW0yMyAyMyAwIFIKL0ltMjUgMjUgMCBSCj4+Cj4+ Cj4+CmVuZG9iagozMCAwIG9iago8PAovVHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dp ZHRoIDExMDAKL0hlaWdodCA4NTAKL0JpdHNQZXJDb21wb25lbnQgOAovQ29sb3JTcGFjZSAvRGV2 aWNlUkdCCi9GaWx0ZXIgWy9GbGF0ZURlY29kZSAvRENURGVjb2RlXQovTGVuZ3RoIDMxIDAgUgo+ PgpzdHJlYW0KeNrsWQlYU9e23iGBKKKAAgKKQUVBkEsRFSd6glZAqCJDUOKAFZFJZsEB8TC0tlJk UEFFNIigkICojA40aBWcGGSWoVgDAiJakDCE5Jy7TwIKvX7v9d533333vdd83+Lj5Jyz915rr3/9 /9rBG/AmsA7Iy8srKChMk5efBk2eMPE34j8zFBUVFBQVZyhNn644fbqS8gz4UVZRUlJSUVVRUVVX VdfQWEAMQvovD/IA0AAgSZPEHzD6IUmRKdIy1EmTZafAB/IUgBSJTJaikKWlKRR4NwTeBxRF6elz DU1lZth8Q53np7QkLO7SpPlrb9xTtn3+m5bRbv/wybIqM1XV1Bcs1NZZpLt02XLjFStXrftqvZm5 xQZLO3uGw5atjkznPS57Xd3cPQL2BwYdOHjocMS33x37/ofjkSdPnY5POHP2XGLK5dS0K1fTM9g3 c3Lz8gsKb92+//ODhyWljx4/qaquqa2rb3jR+OsrXlv7647Orje9fR/6+QODQ8MCwi8SIJPGPp/1 SxH6JUWhkClUwi+S1AHiAUWK9FxDmemmNtRv/GbMWxI2SWlt3KUb9ybPN7L9TXm3/3NZFa2lvy7o JVwTe/bHHAv/hzz76NgnvzBAdVy3e50/XgwUJ5FtKV+TSfOAlCKJrEjCG4EcmQQvyIoAAf2rdFJC Zf9fW3Ks4UmZTTKbloRQi4CSzfo/bbwpTFtCuveowrl7vRKw+dP+tP+TNruStF5p85/2p/3vs4Xt zXb+72RVr5m9TI1VjS7UUpD/OsKKLq1ka6S7yNWFYZOwV1NnTupFIKiUei7Odk2XBaEuCyzkSJQM TQXVQEr4pArnRMAk2HCRWryZY3gUu/0HcsAXjNmDe+fS32wAAcRwNtDCIlzdqZSMe1S5VRHR3x5Q yoWjzd0lG05fHJSuJVUqfd1kU+Um6i5rU/oUyfoin7xRU3Pc6uJo4aI5SPE1rwpVidRJlorc+LRw Yfsv9te3n3hoCq5r+E4GF8/NSxCzMUkrFGid9AUaG7ST4WrpK9v85TWjX0UCnZTYJQm6alY60qcV b61zdZ+fTqWqdUdEflr5axeb2CUPSAlz6Y95WrHUDE3bUVxrunjdc9zK8dqnEJRPamzo9DW910FR ZxJDxhKr901OUlmhH/YmKNx3tVTw5tE4zbu+S81i12FlzYimdF4W0BeH4Pyxl7dm/bB45nw/hqYh OQPcDA/e45qlD9nSfJM1CFwKV6wZakpRmKTZpnBYITiC4NENhXvg7pD04mJVYydr0BdYUH+STxsd 79vvKDfAtNQkEn9hgkSRLCJRrlOmX5UjPbYLbfjye3cq9Qa1iJjAwnGL217G4qYtWlPLwoOuHU6S 8l1ZvHA0oouU44+1u3xzckmqYvwCi0c8zXD5S5QxT/7HjZTE7VM5g92LRbu+5l92fIqDue7oWzUq drqMuRQwNGysugaLFeRfpHmbHVy/GJ0uQ3p7iFNrbq/pPvhiN7ezKios6WSqtMBw2Dp5ZfKUGqhM lFmeOKDdztZ8vc2WXkHrvBE1O7po6NG92R3zcvW+rMeQQCf3rGC0OjUkBFUHlSmROlJZHYJUHGTf oYn0j2UxPLn8DThwckAEjlMdYQB1kmXzuX0f4FcB6Ns8D8429GmpKMRKpFsGlC07Y3LdI4LkG9tX H/yZ5Ow/ZX/F09gVmkeaI0r+UmsVN9KzYnBkT5Jon3e6VAuxq3s7cdA39QYOrpGHE6syRVpe1W/r NV8tdjk827DNlUotUCJdgokpbVza1FPY8XbLXV7BBdewi0Md0a0ntrNjoGN1XH57CA4uZ7JbgLJ0 vTC4uZfVbHXvfZ/xbKlDAlqa9eYd1608r66RLjh3fGUJZZ813bpt8kAydRsO0iOwwoc4SJZNSCnA gQ1V5PcjDujK+jBkMkhu4GLXL9cfC+jG4qqbVIUBTGWzhVPTncAXtnUPtwpODm5kofGhHdUaOlJ8 6IhaY4HwEIzSjkwc9N9Uf57Z4oSt2QPdqkNh1NzFFUjG+8Ig33pE1goHKfrdljn7376vNWq1PzOH 9yjUb6guHijbdoiCLsC4Qr9SjRne7O1wgGpudy8c89i7UH0iRRmeBkMDP2JU6LF6Zq0nMjQ4ehG6 GN4mOeKA19eKFXnDV7zSHNnZMEIJOOB3HYLPeOnWAmXlUsFxHHRHcQWkDI9ZMfwZOKhXQ/vJ9Mke k/Lz5ZrObruvdl3m1fzt+VSydtK0eJMtORUv9MkaZQNbjY1phn1ntKNXrul10AFsOAytHuF3uMCh s3Vb7K2HsFswa1YbiDQO0VU6UyJBVjAO5lThoBjp312byBl/xYYlJRJkeGF3bOA7D3BQNYtZwNDn 1nvQ+EMswTpPh06Q2bLufRc6MAPuylfWTMaF9BCREXbfD+083kk2I7Ccsz9mqDcGu7MT7dpTm+bY aC08ZA73IBvpv+kBnsNMBn+XxYb7HZtPmWP4SCPa9OVgifwlpaIK7YvNu0JWVJgcKvtvaRtcDYTf peHg+h6awM7Erc4fB4+YTiMypjhIM6o7AZQvcOA3ywexQtZrPbOcPHSYuhPu1wzhQ+BGZIND4FXh 0Tet/MZ6HGyYn6VenouDmJZtv3g6ibSiQ5e6ESEOxtKQ7r6fcWCVzAm0HRRZovWvWXD8SsZt8R5w YHkwQPiDxthTB3bWVWERWt/WOqLPTJaakH9vsmpnpXA9qu7pFzaX0x830m8WNlt0xcXF7HYTIwBC WdiV78QvRo2YjPOXiWWXYoXyr93IlkTFkGvtNQoLqLa+7VX40rswX63cqLw5sKeSISj3GZ6yHge7 HsNJrsg+h7N60Hp/RXGwcwsiWPCmxb4G4d3HAXb3GtpvVUmpw8EbTbgsQ7RTKi3dCwc1MFbbd+Og UnojXdoVovqRlR28vwrtK4TxgLiOjb4Kn9iHnO4nXSZQGJQF09AWrfdERIuP5XpEp1x0yX/GCymL dFUr6W4w8yvx25JO5INUfKzmLyfNjasVw6Kmpq9EHvhPrrhEztvBTkD7BiFIc3DwNs87VJYTgN2x hjlcCnNYj53H8Ebr3SHihnAgWB9IV0mHIdbNYwmDYaUhw2U2QtR+gvDnUVsxitruAwRqPcp+h1q9 caiVy6UwG8O/WJ+rGdVBMbvrSl7BL65I25ruFe3VU5GpOKeULf91zJMrMKzaQhTuZ/2FM1j0XU6g DcITdGB333L7A9vBNnHRfy8MhqUJ4OD5jw7svA5h8FPxVWVdplgcSFv58BtjREe1sdjG2tsTkGtZ AEPvQUPh69eTnATzDj/P7IHQZY1Cl66+lOChC5BTSk+j/EZIHZav4eZUobwniKAHlqa0gM0yJ8Qs //fbVEqCSwOdZOFvpprUBqaZNct1aBy8+k/G6d7scTh1d/g8Tlf9BzjNHsUpMjSZ1vHQrW4CcJOn qkM9o+sEvokxyd7fZxLTREB15MuvD+KA1YIg1gWmw1i8t1j16DaiT+tFRzfi4GYtOwNmmoETf5jA LqyX3dwhURXSnVePxT1lLjsPs4fWaC46cBvu0UoJDqVyctFhmRdovaKwzK3OGxKNZpOB4BVyLnmq LhzcaBu2thdt+AsqWhSey1nGbTOYKQrvgK+f1bMMlb2aDjfw2CUCmk4Qmu0ENEs+QTO/tfe9D4Ta PDEYbSYQbKisGIoJBBT346Ddj7nsAnx2roY1VtiALpLUc1l1lvAw69wZ0cKnrzdbGQj2rEmnTDff TJpdK6ioVc06/8UKPZNz1MofH1kgYVmyEgIZF4A3aR+L1zaY781o1nWYoHDaqtWJeYxrSF0D3JJq HHRplAFHouCz8516e2YK5XFgtow5/gIwCUBAgJe2c0WHW3DQ2WSZw2BhiD7EYN17+EgjIxHojuEQ 6Sfb1myhvdGGdWcJ2ikTOgXlK6D1qhDNJNsah7GKBYeRSoMLgzvf/BGIDAbCG+jAihZz+73aJfNO gF6tZ+vQ4BmMBAuByt/ikHH70p6HbTWPe9KVu6Kn172gBnTVc7dPiz8K413zJXYOB9+s4PZ/BYVk 4/et1chb7ZnYDxclvKC3GsqVGB3oUF4HlrARpksqWhqF8n+B6LRaKEmHT2d/HQUFOw9WIGn/Frq4 9rL92pgelSPCsl2RZuYkV/9pq/q2YtsZb6BTW2GWeb0X+SHPHE5srrU7yjpyq1Sw9EQlq9A4iF9i 1JTxKtRAgshkHGysLXqdB7dzU1x0CELL+jwqIZAzrAVCmEtVnbotjLs4sGfxB50h8mNHVYyYQZ3G GDRbCB+pb5ZQaA4s6bwRC7j99U4Cc313xup4Gd7GI0eeHtCNqDC7eUvL+eoC83b6TGIYPWNzYvEx Il/as7r4CcoYVMHEIC/7XrgxBeHLFc7BQe8HKo/JSGrAar91Zr19GpXEp7lHkOc0Y4GX6dIfgfkO AhPW6nS09DsciA7B+t95Jnly1njWtPosUMc4E2YOZNy+6TUwT6JZwms6YqDK9WzD1qRK1O2WqW51 RzMi9r5Mkv+yQluteGTPGt5PemvFebPoRezG19R5gl0h5TUrhT8o+2c4uhrfgniiVTuv9juRMehX bsQqKg8QruDkAsa2GH4+jT8g5k0YxwpBD4JxaTiwuJYuVUsUeweIyJiD3JeoYBYjMcsV0ngvWgxB tjx5CkEwDHRIlA8Rb1UhmuXqwIYVubSnQHR4JwrRm0eXXu+HpaACnjYW6sGM5Im+gvxaYi0ClSQf LEVewKNhobrMyFbRVzR+CSIC9nBB9nC6JpagH077vCDQYwy4aSzsxN3kKfbElEXwEXf0JU1g6FHr MO5CohZdt053stM6ieamzk76Tb+nmEYH5Eqi9F0Viayx+5BFOn/QMwuVLYNYPTOG1bTPYNUYZlCM 6kesMsZTKQFW9X+THwl0vqfauA0350/qqJZfHRZz5FLFr1s4y9A2fQNRBKyBVee6IY0Q6XhiUHSo mchGTiCLY7hj1VBExMABWsSR1KOacXR1JXHb6mHeFLidHKd/zT/g1MDW4dlycrucL/oHlOutzcky F3hnvV+W/St2nIhKr0Rh/A6bE5TvfnERcajHdqLd73xECVmMbU7DUHlk3+IOMGF22MPWZccVluDI KZhw3nf2w3UFlfYkWnZEmDyeX5OVVEwrnjFcKfOdROm29sl97FlbZmGm+Qihe+nqRE7sLRB+lwKl AgSbwE7a3cETfbTTYEQaarq0Lxxgk2cNZVPMFHizD/Lyc4Mtulcgo84xhunYHgA7w52hC4hm1Oej qv09Pss+EulSMZEyxESqD4m0CwdPXkky5nKGzPIGp7ve+9b+Jv/MZ1fp1L6LwXNMDnJqWWzeW58k XkVO+SpeT2zHHP4lsYhS1kfauzHuQhy88Gixh13EmWyB8DwOXGDgCGDeRkUhXCxuB4PN8cPyf8Z+ aoVheuc2isub0CM3ApeG7DLGpwsJbJWdMMSL2131QUybbDasXSNQt+88wxIsr8raTLLZjqazsEKo /5PVE1IKoe+IyA/uAn0pGPW8dEKPHjPao48RJ6GZ25nsDFhVChB+FywLl310JDP7oLxGpyEqFsXM Y4z7X+yx0mL7zMSzJnwV75Y5dS++XxtMy06nRnLFLSgibkHd/7YFPQ9bUIOxFtTyD7SgMe2f0ZP2 wdueTaMNHnW0ZfW8oxi3x3pYinlkkfGRJt/WA0FvjxT5RQkGS9P0/3X0mjju2Clt/LFTBXMpcPC+ QQjF94KX6Nks3bI6pG1WCMw/+Q9KpDTi2NBxoHDEmxNu/d4rIC6KdrO0uK3NmbrG36JULUt2tCXF 7jCh8tLaL+7BpFe/ltIJW1PED8/ead00d1+wb+qHri16iM1Iwl1XbOHy2Tg4IJq7EnnKYlZKDpwS XBGPjhVFSUe3mdLCOIGWD9p2XEhDq9+ZTSrxHWrp3+dNLVwJOcTBq1WIutP4jd0wPduzdMvvEJNr Y3d2oF1ap8VzkxxvI8KIfWh3KLY3lzNGuX60Z5Uy8cRBDiTHuQe5b2ci2Ol7TEZia5/Kj9g9mI5d XyunjWPWax+Z9cQfZtay30lgxnkxcu2wQncJcolesaLWaMDs/jvE7eZ93uqYprnFxd0Xz75nKtuO iCydIwbKELU2156x3n2C/J3Qu3O2S+TvVbH8zfkH5O9E/mRMRPHvxC/suD9iGOiPBsFZEgTTT/QK dNloaU+F6LAjIalv5zHsMMQb7a6CtdGspVKaTcitX+C0udzf5EWqeR7sVvTj/xJB0XjSpcb/i6ON l9UqpJ7UkIeiZgeV67a7NqCZNZhXa++So7CkszyPrgTCIpMVvPmJMH1yAmlc2Lo12BqIFImYp4sI CMehnT9GimUVxLg2tuYyIdFYAsdl7g5BcLfnwCJd71khWpwoqac6v7NFN5JPrJV6JnMoaPGDkxsW xGifGto/2y5dnKz/SpNrhymVyx2Qi4A99V7YUzsNT4Fd+K5HSP+Vw88J52OGZVrRerLwoTtEcfn5 ibitY/WOcAhPnUTzI3M9V1VjSCAq6IF6NtVP0pErBcpIrfY1s/JQkb1aKWIvfywk0U7sZK8Kdda4 ZRdaMCBdYtHM9TzhV+p0NiKiVO2NLl9c4yZQSOCmZ6cGMqPQK+WrOkLN5F+tHOCchgK8VXi06yNU 1SVQnS+G6uzcUag2miE5+/ySDk2pr0/C1MpNOGbj+ldxa02CCJ0JERogQajjJ/jGmzLtAcPEHFtj ACXCEzjNV0Xb2YdjhAedoMfxFdjxwyCxFTPpgXe/dRKADPYslK9CqEIDKP9q4AK5wm/zEAHvG+HV 0ZOkT9iVCA77n3Bgy+IPw6+79it7s51Q2CmIIMb6b8sW/Oe86gkFL8Lvh1LAPMDBI69U0EQTCFDR /FsSPavsUIqZQCURBsFSwmE4PP10Nao+xwle93+64I3/JHjPfBK8P40TvBPUr0TwwnqE2hGnQFzB PNnnmSNyPjW/TcLB8dMXNh0aMfnJ2vTemrAGv1N1uQTszAlqVYLUuuGdnuUEmEqUlPKElhQSTxUs vojgPXFgdGqzuFxL/xuYGmc8WzJGmdRXzKR0aVdPWt9UGKhr2sORzzNbnDHTglY+7FoMR3284E78 OsMVBeXBSr0CJrgXwhvZAp8f4ArMlYE7Qc6WovyHgNfBvW6ThIOK5o0lpI4pzWFRH5LIQRlO7/ou lTSH3LFuTerwaZo7Uvj+js9Ow4v8IMlpEfPTadHtP3RaFDThtGi/z7AMwRskYRmsH+LjIprg5R87 LppIjpxAu81jwvcWIXzpMybQ46XxP8Esg3s/pmrF3JjLWd6KrWWyRH4QXfEPJWHZJHxFWaH9VwAA AP//7Ft7OFRr316DiESKitK0wyYqpdgkDdmhVBJDoVREiUpCFEvsCskxKnKuMKitSClNOpgoh2Rk h0ZRhMmOQQ0z3mfNmmGNdNj73e/7vX98f6zrMteMMdY893MffvczI97nXusFe4N7A9mxGxCSvNqw bMg5+bN/0HtrTrAvgMmFSHHJPX3DkH0MzMluczFi1qWCCMSn7Q7wLPjTF72X4VyQW0D6A3CQ/Z8E 1kyqy+jPtZwnxZDxyg0aOl1x7aDyO9BMKPMKodYMbBmOgAknm3KF7pPxSHKMUiCBfRnsaNviYKZW Ty4/Lg+hf7qQ/JGuPiQImHOhDQn7ABVMWr/KemqIKgzqh3tQ3RaeCV+jLTRF1yFFUOAqUW3d56K4 Lmf6gxSFiDwbemele1jSbz2IBbfySh1gVA2Kgo+Rpgz2PEyExOCJJ2OMwAXmR4G9AvwLVwYQ6uR8 K39DfQq1DEM5oiyRZf+9YepXVO0R8I2YjbDjjeSPLIQdj5gh7JitBdixAGZ270HZEdl+ZNTh2gyW /2aYs/1vS26a2w0U2hjDSeYaTlOzz75gcZQBwwnIwakJbNf9UeBWXiEzwm1qchrIn9g8OPL2v3T4 sQZnirJ3LQeKm1Eoost/HObbzROugPnW85ivDWE+W1L8yaHDtBHmi0M3foTqqDJkZjChMwzhwN1g W4A/i7rAfRQztrVM+pYb/OkPZ5azPM6/oiewoj9htoriVP8GYWhuoOgKxynGLsWWmoRPfSuWgB09 7zXyYS+X3A8wWNiuodNt3f4dKGJ9pQvVagwUnb6AYj2iE8fBYtsRZBg8ikVdGkv+q1gs+wYWKeNg 8cMYLJ75MSxu6fVcEEv4uJjgcXllmVsA/FLwxDC0V9P3epeEI7i3XYotKdvi6lpSWj52+Cat3w2W XvxZWg25S20GO6bRKtGpQ6GthlVgEsE2beTSntN7/McWPMv7Dthsy7LB4kj+1MN1obXo6v2xy4Gc sfYLcftPXhVYQVqTQ8XIVedcVUjtF05gO8A6QHhqFevUCbgSKIwrIp952rzT7BOLSu4suMqONrbR 5CfLTHRqcDbFx+TA0v7iFc53JzCExJnEogx/d2lD2Sa/7Usjl7DPi1bp+ToIJnlUy91CNZkbDDTZ 3XeIJqOO0WQ8A/mKayArEFVKx7NvA7QishTdGIoWlybsJLznc5AHvu4gMSjVn2BRC4/OM6nlWchM BRvOIiNNsAJfzCQzcBaWWsNQBzJ04IAzE8ppwIDz0rjgPEvusGCTl4F3XBSYSzWl9c0HKIqH2WcN rP4GBAEk7M2wEByF3Tcw+IN8aMbTp7shvmxntQhnP4I5+xFfsLMPvKfZp6GbyHsSWLO80fFqth+2 WMD/iLMIK5+z2eBtdujAjF/BnlbkTaMSupTV2cGFnCVoPsi0Z/32BgB6Wl0sMsdcx5tjoiWCEZbj GsR9URWY7FX1fyR7XXqWvQr82/Uakqz5Sfl7x6auGH4DK6eIMhS0H+4MYe9EUwc1PutnddrpJUzp B9/m1lyYEa7KwaJAeCqbRGPfl/P3mQ1fetThM6RxhFGWTTXeKPQIh38AZ8RUag86Gla3RWuXM9vC ZtVyCHDTc4QAexACpH6NAD8Aw4QwIFaQcmfGaJHgCftmBI8C68dQICae4VGg7NcocKz5Y60m8wSn ITBFNK4Aix8nqhkvZEUD5l4zdDJkcbcq+lwnoH958lum2K1/wP494bN/lK/aPxr/vAPJVpb/bf/3 JGLcgcft8fzf3e/5P/qKt32EQdHHyx0uFZMzPmumg6+9g8DpCVwE+AKyHgXf8XngHh4ZyWPwCUiq X9zNmXV8cy75fwg3ayzcsnWwcDMaF27kzmPfhRt9FG6JgztVjEQBid1xiGA8tlVOuuAQ1mPscstS E1rn9XC2W+0C0TnpdPMwz7ZoSX9k4jvW7mVj7B5CHai+LKYhdo+YiNi9olG7x+1TwSjApL5q955h 7d5CKSCVHNE5x0acZR/+059ksCDVkllT+w5mdRBGezztAnsx4Qp1Mpl5CizNGWAJukBqfNZuj5Ub kruYMV8D9KmFcu/F54cTNxy+87wKinnEEAnQWNMvqFxgRzpLw3AddziO2WOIWPRBMjYtLLeTnDFG IzU+l2+MUYFoKszkgkT92hijcmAYMt5C5R9jVP57Y4we3hijiX+Msa99nDEGmX+MIVsnouFyciYS sQRl6S3MLfVR7A1jStyTUDO63uXxzgUwccopL8GIaw0Ox1sy/DOyWrGZ6AZ1lpQe+KbTBxjkQbHV wPYtUuGfa7xC5xpFfHONmr9crfvPXIJY1GUbIRWnRrBNLLKygxv2VvodRgQdavJozDeIyavEmrx0 PpOHRqDjmTxpT4FfN27PFB6GzMQlrfB7g1/72WoTPgRZZxM2aYdXb5d/GRvQ6hjBOKMz52SYo5ei 93e7Kdf3VTG9orr1UCiOn7zkR4zt6WCReC6ZvvvEYfbTm9r05PwS8JK9kp8SfoU7ZmgPQ2Xjpi+j Y0du+tLwRfqyH9OkcwJPPzYDhHBFDmnSqVaMzT8RNrAs/iL/jGCTD3Wz1MeFo9soHKkoHCNYfgQU joTvhJ8/yH4+r8ArOpf/U+N+O5iP/Iq/TX6bxVdmPE9ca1giklt8i06r9RQJqthNnTR94c+XzbRr t8ATbhSaNzIE8dWHshkQBnQXBxCKiKABOumaj1g+fpPnNWLyRiH5DZNnwGxBbP5qaShgOy7avbEH lrNRSffT/0+6POx1OYGcv0hYmPb7H60Dk9ua6JCv1G2CgfX8JBtR8dvw4cd5cWVvZc7Huj8PfOrr HO830p3TWxGT1ESpy98T/TDG6OPa1JaotUUXmoMawvDlAfhxphV7Tk1VeDIvU3Kpmknj2/KU1crt KRJLPlcLIsXjytq7b5NZv3URGL51pzVM0s+oRBkKRSnZtb2N1hIPW9K02fl5XfKXCk3T3MKLKugx w9XboTbZYwO2vjMAI/UdCzlF73Aj/W3zKmbNydy6dgmeqIh30JfkqhZeD8DG8nGaifm8EAGjIJd5 DPN2FRyD2wt4M9oLsFiRryF6Qz0+89lJylMFJ6tdVam7ROakJX/hEI1Xezp6iodfkt/sqPH7g/ny JbOl9KUQSink1mAvp3DPGS+G5CH5gLQv1atliZzandDQOfrHGiXPBzrOVb5pd8HXEb1VWX5YEasZ ZQd1zBQ2hoYh318kTnbkpES4b+COYDFeMYpo7UWddOuUlrAGRVa5sSXZxgZSxSjY7GXHiaFTcSoN kcOQZ+g1xyN0J7whetSF6ArYTP0Tnh3mUmBCykwlrspsh+7hW3t24xBNPcKr3mTm8srcTW6bSspP d+SQ6lvVYhfgGEqWySmXUgSw/Kq5UEhg4twpBkJSkQYdEz9MhlZjEK4vEEBaLA2JpAhC/gJomPPZ fSTM2eS28dG9WeeJpg7RpM2ZytXTd668zDklIlZIGw1xLu6ymrDFcH7HTAFJndY5y2s4O5uw38mp LnD/VLjuZeOA4AvwVfjWHZ+XlrWTRNpaeIsI3W5e9I5i9TLFsTdAxMB0rOzNygkenJR2y0ji+Bkt ChTQGdXzu1CAsbaid4oIEl0Chwk87BIkekRGkPlZmSFyXadlpKf/ZL4qc8Gjc83bd52L9luj2Ksv 8T/CxP9/jXeRQupflbm657n9lOhvn+BRoapl671OtdlNr9LYEBlok3yPP2jY0thoJF0mvfqMtpJH pA4U6MusnlDOMRmkyA09drT7JV62ZQKl+rrB0U2KbhRtwtLZ2yVU0OMzMpv6vY+5PT3isZCeMzkq OXpLrP2cwYO4Nhm0KyymOslHzozgtdI0RMFO/Gh2mDMtqUAPkJXlB+Vo3cSVSqVPQpS3HNQwCW9q tZtD0wgbdEeriCppWe97iysSc3rovUrBS+kzZVsdxS84y7ItcQc5k+fLzpEuUg2OPusdFrQ6vOud fjhyNtPNgZJrB55TLW6NkLnU+OzCGpmcnp/mTpGf52QRVFIiGKQ/XSXz9c6Pv9IHkhQdws/vEmIX KCEfJjXJuPjuseCe5tCK9JmywuZLDppZJGa/uKydMikf6csQj2TJaVMjmxMSTKqgoWtNq6eF+5kH V+1Lj89Dh3Ay214ZxVQ1elx7Z/IiYPGpQkHai59zABvKCFU+UUrLuhf3OqoU15j20gdqy6gMPbj4 MGXVbgFfzj3OXLj1YuAvHnG61w4IH+gSgXDVG4UYnJKOeNei1DB8FP3D1rOCZ8NNdxlecNyuKy4Y lOQrloT84rudees6DjyZdi3p5k9rRJKWVwudsTyQdzjVS8cpRDZiXXRKDEWeU+xJsXbwXOE4FLLf tePm7BXRdtkXWpR/mhZ4YAnFQn8a59jZxq26xkLhJ/dOvqktIuspEjix3cUX5VPSjRrdsqNXXj+0 9rc7vFEr9Ubg+gueqpV/KEabpdybjpxTuHRkWZRmwOkbIVdbTmyQ/nA69Xxoj4RGeYaCSPhN7v0z t8x/fzGJqhRbeCvurekO6+APu04bSePuZ8rrlJotw3l9tV9w9dDTSJPHa39vCFweVhTEJP53BATv qrKDXdZ3shL2hydOflR6uLP+UMuLgt1ERXNW6sF62elaLpJHZT+UlTCanSPW3gY7LCY8riHJpc3I KzIIu7PDyHfXef2qAsh+NE5GepRX2dGreXlyIZonm6AtdHHW6uDwWvdeFy2xg7p+l2ZFGEYSxEOr c+gmkXHnurM2CzIGV+HfTdj9XYGbwGex9669fgWIiYGRLjD3ZABG2wOV/WwYap3lAIhbpHcZR+IJ 89cHnX9By4Wo6QafYdR0X+U33fYY030fY7pf85vuA1jTTeA33ex1YriSwV0nJJYG9bfrUI4Sy7OO uotNuzcj3n8NnZ04wfZLYUDCBhCQai6QBJLMQY4kIFqN+O+tGzldH7HsXYDmnnE6vA5EEvYR+gJV 8pB/A5DgbezT+dlEIrh9/Q3sYnUCw+2SzagIOMsRAYZA77fwpqu2aAGfjPTvx0To4+TJLMyxNU6e zHdQ7SvH1jaB36lFD79Yur5wLTpXpkNuimE3JWY7tC891qXaBxYAr2r0Xu/RHj69z5swFhkPHaYA W939V6apOKsBth5w7wFw+6Nsog148Jb7YMwA1cTISMKHoWT2bqJC76X/aA1JjHMW0H7kLKC5FeGl xdUn+fU2eW3vyqsOCQsfNJrZ2tzcEpW0fyPO0lPjicOhxxqvcRuF12zv0KccTWrq6OPgl1uU4A1/ Vvk3ZEu88sui7HN9U9XDO99mj5YJZ1uiB7r8L5qEV0u+qc3BNc9ZWXOaljH3oA69Jl+NsIlydk9M oKba5HTZRv+aIJHnYRd6n8t3rvryHE2GY8nxP0Tm2tupv7k4H39MiFgOqS3vZhMORdiv7Hwfkfck aa8Rxwtg4LvH/K/D1ylvGAq5Y8hO9Ugeig/MB6uRL5K+xRehMXCamJjsBDatxtQj3mPqERlcOPPq EYICgTjhnntTjAyEmRIT9QyyY9cOvZmgXam+rDdAtFI9pQun/KcQU+z2D1WAed18DysSBtaoM5ax qWLrveG5dc1xq0pDhd+tKqljzbr9qFmfgTHr6nxmvfcaMOsvYl34TrelTDr0hVv/oqpkUQCtz4Ig /D6Le5SfS6tj+hSj/cw0D5Js4Su1cGcfgXGiJrcax7PlnDL+V9JqLGj3jJHuaNw7HrvxbSs5YS0r /nSniaQOHYBVK6kOPgucTWgO+AVtUZFKm6wPvPU+1Kgjr69JnGof/0p7oWu01R/uC7x37lkb1r25 Ni1KYaqlrl9jnNrt0MxSlhtLPYFhvVNz6judmardD5aSdCzePrbQDSQYtZvoTRQRqu1bvyOyYkZ5 lK2tZKPRxTgvFYtFy1X0TTZqbPCIv7WmwdSLTcYdlzY3+ef3CbWpRxLyqUkzZZVClt3cJ1fx+xyL /izzVyKKbpGLnp0o13mZY30CmnXIevnLh9YzbkypX7/06QtJeXp6yTwfrc5Z57d5RmvuvhhuIZct jAtR6xVrz/xGFnjdmr2qZxiqX8SJ5zMhtHlF7ns4DC2xISbkwI+1Btk38e94cSevdVWHtK72oOdq wSpETgKZvEEPWCwtUL8FSGOHriRrTkG65dX751IXUvfniHkM2buGwPgzSQQ5FEnSXaUT6ght/c0M imJYv/zgQGdM3ZXx6h8f/t36R/AwVPutw3qcwfJWuP1sduyYYwdo+wqJEKSQCCGTb+wMmCluGOqZ RiV0nkgcuqK24Tp4ulWZBL+YTPhsx01Fu4OnpK7A+WS0MuEMgwo7knfzOWnBwH2MIakwRC60SlFu KtRTy78ThfJ6yoXcnvI+Ql09/KIBbO8yVE4PGSLVjTaTt/ztmjKMPaMH9qWRQ3pkvjN68I8d0eM/ K8v3CD07fKmQSTdlky3A6nFTbbIA8nJrljMbtqCx7dyWMBF64dtKavjKkCMRPIzmfeBmcDJ4Alcs wN/K4AXi0nLqvMVy885bqnm+NL0yS/5j3TX6oi6FfBPF4Py6962NabZr1LvT3lj1EsVdTQV/bmZJ eMRTa8VOrSm8Qb0v4O1W6mg+cEwIv0rCoyYlvNMsvzBcsqBB4/4pKalrutdxBSGhGk+3JCgFCLVe oFJq1jfZxjYwdjrWTbv4Z97p8y3Gk2YtfuC6JP24suL0sLywXqoL3cD1vaLqs1XVj+I2P0vvuRb6 UC3nqIwxXuMEUVvnkZmFesh7N68jQ6VgU577dwZx/wIAAP//xF15PFTr/x+hqRRtYjLipnu5VHSV VGpS2ctIhuxkC9kz2hhab9Yi0012ijBJTIRCqhFFxSQkFSVrX7Kbcb/nzJkx52iU7+8uv1ev/jg1 r+HMPM/n+Xze2/nuX/dHq7EZl1GBHzXfiRgAf7z0f8zkaTH2OG6LcSv48vYTqTw/+2XeQV7Vg+X1 naZ6uKUxSC5A9XhbC1UPELKX65QoTlfik2pcHvBBfZVi44e2Y9h39kOrfDPpoLSfVN8LmvL/wzHl wzYMaCkENgzbUXibiu7vzUt73e9G7u4O89N+nXv5tNVveNsY+iTDN6WEqHBKyHp4CZmBdnrPzgk1 D170eT1In8dzz2Mqz9HCCzlatMJGC3IisSnT28vPxpPvgJc/WgMb1b15IJPK44NgV45x3IwMvlDl +B8MDqC/dyYGh7/m7mXb7GdWOuJunujRk5HqyGxR8z/7nH8k3L8QGLzYdvs6jt2egyfGcml0k7+n MUm6QVtK9lldmXWqyq4o8WFI9XF/f2XCz1G77wi62Qb16h4KVliKz1NWUWH03einaa5l8NVsKsMv /C1koeTV9rtnlgm29ug33Sl9esRIdjiUFqoV7hNMdbvfYKdDcXOjP0hUubIuZcDoRHIs9t1GGb99 1S6tLVaFsq6NLaTkRY5PLYSOaDQpWPT8YljkFfnwzOiOG/KpCqKoxXOxhGC5G+4990SbB5ralJKD RepXtOaXqBmiki/MR81d7a//W0ABKmAH+Z+3OCbiGk3QQnnOQ4E546VXem/xTXSgyMNCJhkxTuM7 2q+33GpwuunT/tattCPUCXfGYooHg5g9SUeybZvImYaQAjKSXJoD+p5S0lVk8jGPe3aUeUXcm4iW sEuTVG5Ks6Ify6XiYD3JD/v4qf6oaeRtG2EGKc3p5W1AlYDL24yQ8rYSkLxImypvo7D7jDnfk7eV c+VtnB6ErW7za1WSHiyupdm9GhOxiHhKqLyWfrPLMymYXHSL73JGlD+qYlhSw5KNS8BzOv4KMAGz GtsZCMawgQnwLmDIBJjfwRuZ4A43kzo3KGdIAzbdoOSTSbTBGubRBtLnrsp8tjOquupPlJaVwbfO qEwr7oUj2xoV++wGqb5TuPVaWFr26FaXj0Z3wK4D+CdSh+A1c4QRShZkdOsCWKZj7ZKBeLb3jOsz vjczn/HChUcGhtbnQT4I8ZhuDUpSrHzC7WYtBTKmSehs8M46O/f/jGLK9j5W0DTPJDiePZq8+8Ft qQ30RckXr/yG+R198dSpxx8HRVekicdUfvilut5o30n1sos+FX+itlHnOW+2LOwdX8W3cLHZAXuC OO0XR9vArUfQ8VQdypL7l/PXMlEnFxx4tig5sk1v1b68uR8VdGulHz8Rc+wpdx69qro6DVNRnbrk SpnX/BeyErsrFyVs1d5NRs33LnXaqppKdfU7s4q6S9vCQUVTRuBX+W0GaKxXT21wjr7+RmKI/ljz xHmFgJXAPSbaTiVYR5wY43THoiAd4Z4V66JWez8ujuW/SzfBfIklxMjxiUaX2js4bMVoO+B2qK6n Gko4nDwas3T/++hFV5bGYsps9ss246MO/hww+lhTc0/h3wqYJiaV5KXhypkJLiLW94ZC4ooPdxRl b4vrZDplM8783AYq6VrCacyVAfiCHpqP2VKUMREmjljOw9eJKEVccYQrVxyBabz8Bthht+LOTUSY vcjqwUus/hr7J8r5tR1aHOesX4wNtbcL197UitaEC5RqePlRwPblBbj22LKIo6AsAsf0K5rekBIG /PpV3zOkrBFjnpKFG1LO/AVJhPmkJMKvv4CymackwrBON8TT+rQYUeJ8d4n7Kdn+TKo+w1EQI7Px 2JGKTmV/tMwmjKSWqPeP3DkZ+VJdh3BdPUDNCe6kILIR2JlClMuM4xqsTKEXYUAjAbuCXjDFaE0w ARETj7GBYuAld3xdAufBgJY6KixgKHEWrLNDeAM42Ckb5oNjpxIzxU7TXNSvGtIYE4kMjbDrJPm7 RllVGN815c7jR1BOOLlc6jzSO71T4Q2PLGdWsJAhJjMVCypTrdUadq9hlCj9MRpFfK726ImE+qox pwhr3fTDdp78LmL1Job+reK2khl3cGcXblkxKnFur5lYb07j7t4yAnHx0+2oo8GbZIN2uCxzFyV/ 2kp5cLfyMV4NbbPEDx3a3pixVm9/C12x8wGx85c4mSdOQptPK3zaNevG3tsYK7kKgaivKzN9y6q1 RIkxwekZ6SgDVVrJJsax2hsbiS3E1w+C5VL/jTzM2S6IDKNoTsKRBSvhCOwCajiaRaALMJ1U6XO0 KQjF4susJvzIBEis3EubuPgI2gr7SlDly7Zv8cjrLz6Mcw+0P4ZdvO108F0C5JkBVvuYJU8KAQ7M AsNENynt4EQtq0GhXjPNJ/UxU0n1x0uYMmTOGtCEx6Yc5GYzoGpZqSklbYoLgY0N6i4Igs7GdqSK A4rjghYkoGFJgxqWcgMeBApbtTgyPD1IMqm/P5vAuKmgy0JJfkagJKKKJeDNdkA3m+H3cI5BVKDi ekZUE3MzUiPsBO/XmAk/iF7gRKLMSLMIj14Y5RG9UIXQLF6GaxZ5xyPCpxozZFGYQfKCKBixYD04 ljCm7gzMdFykZI188z9HmkRRkvy3Gc9fWr5qSeitXR7y9gduPsT+imnPKVObl9GYU7Q/8pVAtPtS mWsP/ST0NjVuPxyWYi/5Olq8veNGuvy91M8j8mX8s/gEMGLSp8rQSaKeKBTKRhglicoIjaTSe467 ulmeNs49q3f8oDRZXebxVb2goLr3RjYnMgoI7zwFgXF0T3N+c8sXceBXCfw3yFOO76bg/+i74exn ajawn4G6ChKljVzjDdSMlyvRahj3O9q7JuLQ1u2PLID1PbrXxmnjHVRsxCX/O0vij/WjWuN9Xt5k VRxBeOLKFG1uHFH5aGq8anybL+ZTtVWzdmvkbDSmU0GTN2fqyD33gWP4u6SLAXB3MOEVYTqhcjqJ DWsgXQHAblkxxGFQ61BILOMlNK8ksOYVaHUKSmqcbHK3jTbPXGYb6C3YLRC6QliLYgXFgdIYw0Cr 9LLCVRc6/YGiWtUy2QwBBUCRBAEd0PEPdBXghLKykDWhuCew3XAmRpAxNdN00g3nmAm8Fa2Y7cRx nOrEcZOnI63iXCeOw/TOVN4ZFukJfUzQDUe0HtvcT6EDDUREF4eGucTnDv7oeq4BzjQDuPjCuYBq PbGli6o4xsQzpfMyow2bmETg1LEGakiqCphwhzjk/1bCJSljh2xujIqT1QGbiu7QeZWp3qlOn72V awzkmYZ11lW5BZ5ZTQRzl9Bc2/ozkk+6t8Rc99iAubKsSd/Vl1hG/iol3XU3OSxIQFH1TYBdfmed ReE1N/dGvT4mqiE5o3HWInpvTKdGNNnEwahBWugP+tITwbPnGO5nNLxRF3U5m9VTEl9yM/EfgTin 8SZwyQ/e3gSo0eflTVB5TkpzmfjayIIjriEF0tBLkMYXjgrYFh4qisAv4cEkUxPRkJAEu2V79qKk DQNt6Q3XWHjEahYeAf34px6jQsB6tAFaz4GMebVZr4BSVmw9JATsEF0boLjJx6cAS0IMTFTyBROV bnJTIFhIJmqPB3xb83YjwIURgwg3Av9GsJXG4LruJUyQd5oR9PYaDL2fU+FaJCjdLr7xOf/zU6ML /Tt7eORgwMxQz/mQQaEsUrUZhzzdocCzP1HfJJ7xhiFM4TCE6YxhiJ2HfDzctaTLFgkclrEBFRIz DPbt5wT7ImN+v1FICOnms1OVxiZTlbSQqUrcI59DqyMFkJlIYALqL3nldBrQV63b/0Y73V4uvUmd P2hlpM7WwAGBsXk0N6vBEAVz6i2FaKVSReyJNw6hfVqxnt5p9di+7Ewly219EepzcelZvx/uKnq+ vNU3LnPwHH+P4ePjOrGjpjSFulmEIIpzf1dNlQP9S2GDaTPj/gG/zy7Oe/h3bjpdXb02Ve96QaOD 6yUjkcjQJ3kLknYsTjxM2Rw8Z2X++Z+Clqk+tyVootUi/XXUoupiyMn6/W5Wzzr8QcZD+18JqEAY 3zcgTPFs3RRbd/ESTnRwKATE0Z+piyQ7IC7ScOSD3Ija29fCW0jXy58M9QyupNAXbHfcYkcWr1st grpAepkibvfaJzb+nfD1bEg4Zc6lQ79pBljCKTw7uPS47zThMN+HKZ/BvYAb/oDDlGlgjhNcY12I TDZl6abY3OA+IxVErCnbGcHKGIY5I+JvcPLY2M4IZDJMuot9iKHROlufA9vxxfgmm1Irkad4fZGt YdbTSqhquEjlZFnIoLNi6oA3rW+FGFJziCEl9X2ZZEhhFywaZDLHlMVz5II8Bwi5cokOWAj4PqON Up1rcRAMMLshx9Vc06HxmRv/b7GM1Mep4Uff9T3bn77G043yu9u7pvJz73pXmDFa5IRqrFArorei ROGhwuYZCE3QQZZgVTSb1PoWmgVyCdmTc0Eudy7gFAnWXKA1UbIEYlCBRcGNXuvSzKWKlFwnQfYl jo5uasVAIAPTV4x9dZhlL4nes+R2PIxFCYRE6nxG++z9JbE28BUxymKXiffT1/nnx1ptL8+v9BqO xptt8BW5/jZJdcFcDEPDvtElqjTT0S2embg92Vw9Ml3iwOqcDLewS/NXbMcK393gGRLdGBydX3Tb ZDT76Z44ARHPpuIRw9V8+fb3HT/4JLwXL6VR8IQ1n+5GR1y1d0tpulCj5v7UX0Ur9nhkeYdxpxVT LKVwvBfYif+MHINHmhQ4JhSXDAmxxwSkef+bNCkYkwGd2iCT0TPJZHBbh+Pc1iHthPLSExdDmtUu rKsZOySDlkkLUPJGq1YArSArmvzjOd5OdfgTBwLnIeoBNcXIPWhcn9yy9oWv0iYplT3RZeKq4wVo zxpZj2soK6hnlJhQJ+M44eQcWQUEKs6H9w+JFHkwkXwXUCmUqsK3AFvnKXbMhwmmdE7hMjKjWYE2 Elz8cHET3JWRjgyDm6ZwcIMc2emRncCQ3irL9GNPCrmDhsbPXvuKLdvllCZ2IYYdh0eEURveN0yx V2tcO859Plc3NkyrvVvETrNMI7GqxAK6ecZlXFfelzEGiflTISSOmiLYMqviXkH+K2OEYMtlpoIt AeJ+FbKDplj3LTd+cf5KC+G5WJEdAdez6Me3G7+i67+h5En3iFv8XieZcmtA8sx+KJbcklQfFzER fg9KJe/6Tir5NEoLbp1gcR7A91T/gdSxgEV6UPnP1aKxnV78F0QYt2L74s+Fp6AxknMpy3nBidNk Iv/I6i/X6XXlkLsdevauufEFbzqVw5Ujdr909sxa5rlr5SLtkNte4WaHR+0P0L7MPnQ7X8ZZIsDC KP9hiKl2V7/dxMSaveQm4wJhSrp5Q6Y9n6uQ7rhX6NFI8Qa8f9XZigppL8LS+HDdre5fPO7Kei3P qYhMjFS+K7xdVd47ixBkzHcpEzK/7OtS3qPj9vCVYcHl7u6bUf3L93oVan4VvfKHqv/DOx/ElWjS r+IWG7vJ+r4YxhNG5gM92oX/h0mEZygBchKBhxKw+Qa2Szqal0v62pexS8AyrRKBx12QpbjQIrxw ZAAzTVUN0/8ZhC3Kxz1fERBD7F/7ka/gnYREVuhgO6qPhh3KjNZvn9i2/kXC6PFLrZJeDj7Vx+22 bmlvDFw7I8mnj9TI1V24ToynV9PENpuaAWCpAf+/5KAWc+daEbz5H1sGwRkFSn1908oUbo9qGlas wYJpkjzIUm4FMYDTEzHTxklyMwrAz7CaXtJaiR/rcQIzcV+FccoLEQ5EKHdvG0opxdRda3P6xKxT i9cXcV9XinWKSjJtJLXUjdAYuz+2x5N80LjaCLzZiynPhegFPvWEwUY/ZgBu4kLzc8FCHvwpQtgd 80NhdxJ8btkAm1tmSYiM9OW0Sn0mvvGh9ZqEH219S6G7Lrm6ZaWQkgq5TWyctk5xzZPRiAD8BkcI qvAFoQrc2OYhNlSRPfY1B4Qq8iCo4gfBPeSWLqrUGAPP/CkPGN6amERgrrQ+D0IVVHdeqc2TStFp ItbjUkNNpQUWyt7DYMr+RO2+evGCsEgBum66Zx8YH76zwOvXo73tB/3szTV37+0plbBIcXf31qlQ e3cgRqe3p98D6A5O2Uim18wn1qLJ62WqKpwMNO13e+7ZH9z51tt4buuloILRQ1g7aXulyotRr185 Jjm7CsZe3yI3Z83yiibNwbCPlj0FJ9sULRPDNx+maLedqjQ5/74f32zvsOjrZ62q+nyKymW9+yEO 2deTV8SbPs2J9tjovJZSoLo3UF3gJGogja4wa57FZuzDYZ9iWam1DzR14ztfethoYfseWabSr1qW ZJfaaiw1/Fes4MjSwlv+CQXvTSP/HP6B/JMTBM+OdzT6EtFr14rrKDwC6h+fAF8yoZLH81QQafDp zXxDcUq9ZWLKgVfGSxssHHImqlE1bm8Hj0E4pw6EiuhMekPCEJWm5FuY00xxfDaebQ25ndCjbY2V VHmv3q1dkL8qACMVd9CAj7ABDna6g09XaeXyG+awQWeKCBJiM4C5pl4SN2oBvL95+7ie4fApvExL SBCD7ZVp5gbBmy5wNkY+W+Ug64AO+73svhqj8fTDtvgiGay9p9IWeyfZmxpWGcaWHkdoYydeq51o WX2ir8Zqm/uRAZD2+x/Ly38BAAD//8xdeTyUbb8fxp7MkzciMiol+5ZCNKq3spQtI0tSWULZo2xN 2pNd0qJBEgapECWGkiHZypplFJItWYYMM851zwyGPO/7vOecz3POH/P5dFfMPXNf1/f6/rbv90/m Rpa0Z/zFwREX7M4KpxzYzioOGBtMM7eMpZvXR5PcEJyWEtW4TVZXoqWVX7dC4s2jKP9oKEv77zMl f2mWZKkFEmrBAmlIO4LsyHbBe0tQSb/m3WpEajlnPwskzcdhc6Cb19lDzJ/61SOo37emdi1DrIgi e6Jqn9LNm3XhhuMVhTVjKMtanIbPyhe7eFc2jPBywDGPa8rXBfVzOsMKF5UEtWuTHtSsLTf4dLti upCrhmc/58Z1/X7z6dOktErRbYcqpVrX+tqHcZfZa6sJS0ZpmJl0OB02Ucr79O21hNvJqy27R30l dEYidPv1Qkuxj+7V13frZKT4KuWc7ipAKrnjdjzTgnVj2c103OTjjqy75/yUTdajdPLj5s5iw41J 0nwqPReaJa7JhaBLkv3bnfAq+iku5nc12o/+8VBLqs4Pse0b15tUTmF0R/FPmHUh+euT3R+fR291 EnFVMwUcQp5DufmoF/bSY2lLqW3YOv0qL5uR0wB+TC8sVxJqcr/58pUruitNvmQ1wrMU0WPw+LnM UFvC0LEB7IdCxJfWsZT//XLrUZtpdgD8yYeWK7cSmMqtCy4WjHLrSUsM4ce8HlMdsyzaXoYW7RIt hsW2FbRQF507C4uNJ0/TkpFoy1ZIC7/fps/MEYZbo3ew8Xabi9WNenJPRu9GotCh+DdZDTsiNClq nXbW5SwEcYgfkUV5KeywI7RlNrQR2dJo3tcdcjI6BDtjFgqJ4i+2q1APnzl4XBR8bOVOUtf9Oxp8 hDDD81oy+9LykZ8Fq4Kibf24CRLcg+VsZFYDLWXnHrp925GZAnzdtymvUGKBq7I7h59DyiLVMJjg oobL+SDL9rcgi+YAJb2sbu9SFpTt7fZrNJpaYAF1Wqsm05NmEPeZqgHcpwuL8uIUpQZ41GQ6NvrE Qx5u3AAtHopnroVJJ9eQh3bQbSpc+9sXxV3tjOzM4i5U1L/oX9f4vQtVJJy0Bknv0WhYWTPj34Zp 4oZ8n/7oI458OQ5w3IxI3iTdc+gTvust5EIlY0Phj/GkkZ9ZmFfNzEsLj1mYS5Y6Kd1bl4Val69V VOKww3azP96FGAmvF1OkTX8u4UHEpTzoBURhEBAR2pCbjjYjUlwBebWBJFLMoGg8MeD+veJesaOJ K+IDCNK2Y6epAudx1oBqZ1HOg+WebURH7WTwFFLdyDP1GivxoxSUbTnZJz3XoPQEhxCcIg+Cz1pM imFxXzHZiDH+vOTF5y/qqVJ2bhzcS71Jqd2KF07H7dVXrjpqmCQjI4M4IZ2+PzVhp3VVBoHTLR4u qZUnFB83Kc7yPeej4dCm7mGqGcu9p9cGTSrUptY7Pq42d7GLdCcqSAr3Vfsdq1tX1VNaJ+SieVMz arTd3iHGXXs0gTPAVk284uIu5JYSgbu4d2n6bmserIy+vlm34qqv9piAnnzPuVHT7B5tTUUTK/gD u0AdgTGXwTtiRejSJCfSpi/VO4MNBXxeYAd8/Css/E6dIl/H74WrCQupCQtXIzywv0gPs4X+X1hK mp3HqaR0hMV//4EZjiwgvXNcJrFTncuwlTsCzq+H+1APHBvnWtznGJI0o0MRZ0iehjCnWbqB2Y7j KeO0y3ShkSOSwni6qmUTHYAotzNqWdDyC9WQPd5m/ckL9i9zXpEnnZCjfNklEr5HBKcJ37QCKaf2 QSo5nBaYplVNl+opmAd0RfCDIGCRCzPY+dZPqYxzeHBK9KRkka4oL0u1K3o/FAPYkEeLQAzQiHZd 0gO1kqB4BGFu/91jhjO/24i1dbkWiDnZpqXzdzvZNxrX6wqtdEuJ2ZlE2eQ1dRHFQzPTXFotupuB IYTEkzrAY9Bfn6lBL9Yz6xMmM/QJpRSo0a3MrpBZkCukt2taG0SPMAMkwHcu/qDHpGgr5LylXCbz xQU5aAEwCNDrYcy49wNL3BKlVJjAyhryzXDyFyib43y1i7KXwOgCYeED7ysmiCT1AE770OQJWmsH VVMWNfAePPR/Jh8BhDYR9fkwHKXQLMeNlFfpbT82C/N/7OcxUC1NMt4DYl6ZK133V6hMPj2HHXQv JGjm/fyJCr6gQJthnWaaYTUBF/aMC4ZuLpECVgolMIUaaQlokxs1D2rRyYEs9mhuLQXgJLMhUy7N whxAZDZMtcYMjCIp9xgemfoKJAVI9fIaNdYQLKVYMvg0WVXghvRT6Omv5RLBpoAkh1vQRwTbT5yK fdPI1Wmq4OErHgbz6kk7vLtGSvSKyDUYv1drppWON0elvj8PP+JH5wv21dhrASEWFybhmoHSL88c zIkuzAp0+X5n7Wq04Xj5BYm3Zzg7eK5yI1BvY89I+K17CReuOsjbp3jiLrtQUhKvhmJ/hvpMifjE 1nsDSdZNJO8xVsstDyP+b8tCDUlLxukzhpjLQjR9pt3N4S+c77RHbko93QWj3EVUUqvbvKmyE+mk eGcvf1z4j0pn1CgakYIPoLvmCIAIp0GSEmhOO2MdcB0YCCqeQVDBmMg0o9MT6GHZL0UHV1Qj2GgL 5lC/10qNPk5QrjZV9mhmP40bvd/q1Iu9M3C4//a9gtOZTeExFueNr3xpdueWQOyKDreEFUAVKAYY jDHAAIeawVhhmh4MU8OywSo0ZRr5SP6PKMihkFlYSvson+ygnw9lqJeTiHflSo/R28CX6B9iZ2l+ 6SK35IcCza7EElExj0u1wbSb4XAFm1JMGdPkT4uc0heDhiltT9xPCaQcor6JAl+gVqGT2YKb7KMJ SGjepMDoY1/CBF6uVszsfd81o/3GTan9XGqqPlCxZF7sjR5ZovWRv0hzeNGgj5i/oG0gFhCPdJHn 8MJqzmaXjheQze5KAoQXXf8CL1wW40XrHF6sn4XdiCku7jXMUS8pb/U4o8indAnrO6h0eEDdcOag PZLEe2G8l7rz5HAjQ2ITEnN9zgiYXi2+okfbblTATqhF0KRVpnMDGsC0FYaZnKSdBaEBnjSFoFYB KCDOvAJxYTdqWpVBzm7b9NtQ8aoIijwWfBFMuEEP35ZrJClvdBH8yvWt+6DThkpBPrh97VaX70g4 thReXp7RkqUq1B2T9c+JZ0n2vEpXX3AReNZ6m8kS6l501f4jmLigGeY0tndlvUnre0Gd1p7IPZ5c 6sLSnhlCdmfZzCIeFG1JkyvIf0xyJtvUH6j+lMviJRshi/WTPepclZNoEycVGgT3KOEVgeeTDRx0 FU5YeT7XyLjpU/H+0XGDdz59+A/TCfb5x9xV9LYWuOBCe3WC9U/7xqU/c3nXDQsdwiZnR8DU058R RPX4JXRqz5ga4VSagsp0u7HfbqhZ56fgcnP0T1lPDp+S22WTSt7y97CUJe5Di/wUTAFDATtMfGCY PHk+n/oaY2Nwane2N/YMXbidwVBqciWHXj3x13fmNOBsMRoLDyD1/szkSXZNdCWxahRYKQ3U714T F793naJWdhXM+nePa6samse1D+RxzSC9jcRRQKFtTGZhetnoTHxPL7UomRrjAFaUF7XAgGH4KoLL W9bw9XbcruwLWe3rR8rUxkREfb4+aZDb6pKdd2TLm6dvQraUhr4JK/aZoMuzmGJ+UReEyvuheID0 PxOyW5TpzHWdK7EsjMb/Hv9gfo2A+KeFOf5ZxEIc+ogYNCRfhScbukHPxCcxXkW/DNMtiTQ0zG47 +ZNg41zH3NbB6H9lNwU3EW5Ob1BtN306f0HndAJIKioTwxDVRL9KBbdFOcUQ/3qfWctiBLgOoZBA caengvd4gf0/iSS9oZWaNM7OnIO+eGZyshWqxoFzpE7qMIhRlylnVs71RDLKB7OwGb+quYpSPzZB O+cO9tJxlKESiEdphxIEKAB2bMDyeOTT4JBuNQvLBNs46xE0duicPc9FZq7RuIgZExcxZuIisVAH sJYVCAb746l48DfjL/xgucsmCwQM+id2mATXtR34wa0z9MXJvKvvCmfz060fXVpknm5oqG7f2VfA ZtJcPXRxLzGPLaBVJaeX5amhwMFh2c+1VhYF+6ptL+/eGLlZ2zpg6EuTT+f9GcLpnue6mx82uGaJ vfkZqv7wcqmXxOSqjODttjv1OCWFRAWPvuZXfyItedouKBYupKXSkZvMXjWsmvwg2uDHtJM/mZ9o W5vzMiTe+YbBr+O3fJVZrrztuac6aKastvEZW0B+pmVicu+g4F3YP3iir6yI360Nlwjh98Om3MNb 1HyNzSwaUvgUWPYCxHCPfhulOXBdLXj9+g8Xt/J5xeUb5/eGjGE9DP92rV4mVVCBJFPvve0pRIS+ xf0ElPeKs1159d6itez90G9KYQ06e37/iMgJX8lIwQ6KGjyIcD7XEwd4JfIwfmIYrMIqetEydx5b ZK9mNJxiwhZGD2TjQlHKYWlRan40DWr8ZNKsraVVTnhSUkIsd2ttJ6nPwm6Hto069yy/qeaVan/f VP9dpVrm4uyy3R3Cr/Az58CvtR4Ey/v52o/0rlfIyoaWHabnwRbTlqWxzr/t/kbLoroakdNODOaC XI65NAHmAm4yxgrniRyfNuCuevBTwraHMhRZUdHXGhIXWUZLNjFlUw6ZbkeNDHuAFbCJRvD2pGAI V+Oh5Ap+2eTK8s3VdJihH0hS/ciRvm0aM3dq4JQTFPCQaMEFfiieGmLJcIYCFKkREur8jOlbl2uJ g3Is0LD1EGo8uDETfFBXfE8rtejLLKwF14AGrCXWjTwNYQxDccWshnII/HQ7ID+3awAjjienQEtu GOqBlfuzc/ZuRte08rQ6IcIrLL9Nw5uKvu906rHhZet93/o8YbqP7fl5fyob817biBO7Q7A9rKm9 Kqcg+WxLQWWzsorExb32IXwZ5mGXsCqfXzptLLwSUPbs5a4S4dDskPETCVckp1NQoS6629qT3w8V Ds3CEL+4sZdpspTHWIphZ2A+rMFJxz7lxmRbS+m2rPmwb2XEik4OxBhHS2jxKN/eoxnY0Ccf/q5i EWvKDB7TGk9tTPc+RLUBO9HAZtrqE9QuQCuPBEKbBUXehGtHQ49NZpg8BjV4yDHO9gzUyJjvLMwV ILosiE3XzAR0YFoRFEFHxugDCgpzmsFRelrVGUdPicwwUiLLpGFNai+6FqvL+CvuJHA1z1xHhS4Z badZyjOPttNFMZjyiH+eVJwjEXPW1Yy04j2YtBSIWRY5MTx2I/fQnBguzTOJ3NXI/uNg9xrPjbYv dpBf5L9Je9ulqY4H6bwtulDOGnG+yR1LpGYdlaFPAaqcGcbjMM0mNhTJPHAsfyqay37sLaSlwuel cK8zxr5iFvdpSCdfm/F7Ozf7NoDSg8qsVBdi4ave+ClybJg2SqF9vCskzBG+G0Jb5ReqK9ZTBqxI mv+oGxL52Vc/0pp5NGOqYm1YnNYxPGcfNQxzRyBRm52ZXiyTbYXa7mKyqDf0XpqOD//6+QnqJ55L hGQvPmFUMd0KCpSLndAJQzcK5fEDt3yw7HwvPI3ylTxyWAaFVvv0o/xE/s0dVz3xilNX1csH3jky 5iQwpDwo2I0n7z0Fdjae3L5nPsABG3+Aao0f+AEYBqCtWVM+YJ3kYyac6WQCfRpE2ShKIBHTdxry qwKrD0OeBnzlYwsjTma8BLrGXrdsty3/jD3q07vjsLgt2xb16sE4LJ8iO1NDGJ9/qU+o1p0H9q0T WqO31N/2OrId+zkQIiX+s+pjViXu8/6tf/jWDd/6tqtQ7w3WaptdhFKojjivq3oNnE11u6U22aVz 09UNbduyFcTDCnTatEx7DD0MA1EHw+QyT56+/u7Eyu40909qobDA5BL5To6ayghPWPpNg/eHnTZH hWZl9aaGrpWWOXOu86K6SEDkW/4d3S96TXmqoisq2LpH/etzEeeptn+X2r80pnISGnUccs5Do3qm qYCXTuT+jhc0mBdZwIvvy+AFgoYXeOpNusHYEsOWhUDEai4Q+fPhuEWSu6qWmAU/CW1BR9qMaPh/ NiN6EjKAwDBmRKFYJxhDUmF2+UybN00C7OkQs2PLnQXHFvAfkLHIOYW9qmUcW9JAiC6WjWFE9fSL VhRFKNeVGR8MbCir3CzR8ccK7OoJmv3ybRd3knJffvf3KvmhLmp25a/Min02rroVYDvZhElua6Nq QQljZqMkmnycC2Hmck4N+UsqRgac5a3hU9xO8SSCEdUMSqosgQSmIVmuM4sxAHcPhCPmmKaYPIAQ kEAHo8BnRyvwmTGX/1QYLcqf5/udck4xlfzMYuj5SOZWtkwrHHMzCuQeEk/b+qn4TAtck80oOHFt 3AFo1s9ZZS3s/ApcAzRIYAogZTKQZp1IZ5LLEWXV2+hPbtuVU5Vc2MM4LC7A66P8WKL8eZID0/Z7 uWhYlGg1o/mFb2+Qq323mfLuTvo2Ye4pFk7RtZp7z01MpPE6r2h7xn6HNTXyllxJ5zMHI2WussGx 4DyBtmCTFbVhEm3xjruecatP2e15cDlMTcI/7h+Wu1SdPDs6Ro80vjI8k+evdbk0pD9PxCYw+dbe PVu4mpRfdHLJRQVzPubaGHepJP2Pz22y6bKfL2fb+pxYRVgtKR40+sRgjTpSSR0u0ZCfZB5pa/LO 6PhZpRMc54Q1IzjhtTCp8bhJ3b1yOcGFhdbErwBcTXn/juE7cJopECd6Z2G5gEKAw54IGYh9bnD+ zfvcDLA3zSzA1aG5lFzG0Q5OfkLVMAWEld+zzXDM6DFnkcucOkUzTd88ReN+l9u6clPQRVvsRqpe +rjSP9uoss4UcIYwWWHg0r2oBYaMfIYMbu4cwc+rdDP9mfaP7EtQIh1F77bIJELdFlthpuDDpt2n vgQ4lnAv6mE85QCR9N6QwlbLWkJ9jCT3IKkXpfXCECRF8DNbAHtYZQLej9kJuAG3yHONXsMwAV+V lgOjSOC96IpeMlgySpYG6WG47yc7h4j6PMsV7sQijImcEQho8v5PZ8zq1szjBrPfRd0yM6Ys9z2g ApAKNb8f+b4jJ31bF3W35UmKez0qBuIwxh9Ygo/pwt6JS6wsZU2J2BHvStq0X2V18OF1ZtuPx3Wt 113HhYrk7Lggs7iMawoApavsLfV1Jn5cD/0KJsNMJJZ0NdGp0J/NcuX8pe5YXDumMo8SCKhUNhqX 7j0LkyeSJhHUqjmJgfmgQg4iGygSWCY2Z4lkKzrNpNHpjZpev/gR39SX9mPdHxHnb80wJsi07TOx t4O/D9vucq3aQVy6iK9j+pYnx6n7r4JHq9FhOibbpV6fH7HW636yh5XTaN9HFpKQasNA7Ip1ObVc Er7yckTlDU+au65H3xWNLHbYcTj+tUcFbLCSTeXYQd5D7NV1ss5fvJpEgsr8v+Zenlrrut1sIJ3o 3Wqs6hkW6Tm5zVin86pJXZTX2OnOP3RE8otlVW5zFml/fATbwqJtpAFT5KzlkzqlvrXVyWJbewEE Ddqr/6Q69L/5AkgcO0yHBNe7PVn3e73wlaPkkTyfH9iXKbUsaBAGdr2fpBbKo8YPoXF2zzLq9Ffw C5p3bJMJLbHWi1LmqkYIc/bRbQdwdRhCFZECMKPOIeOToOrhyLKzunlnNQOS4GJxRvMK/+oEsv21 jXnkM2Kv0a/sIjNwAmNBEia8ogF1Os9TvrzcF7h/NZkuuvx0mhyrpSrlMTR9HZXpaOpRGnlXj1Wz hTcrysA6xjQyyp3LuLhLXXXTQl0yHKpLol3vjKTnHHi7eY3y+gohL5FSQ3z5oGKgVyPdu4EZTw6E qd5gc1RMj+ONDolqN9Q6CNu5zMTq1oexFlxTdesEnp+z4FHhPcm5aU2UshLhkEEC6zykwOpzQhKD zIR5eSL7uUr6avRgTLDCYvJR+gqL6bEtPJwJcHiWltTvXnJbN1xzgk21rxJ+7mte+TzkJJy9NULZ q2YXTVafnhusnMsN9j25ueGWx0sDZfVetlWf2ni8GSqi6vdNOsPHG4TUhuydVUo0xZKKEOJi0j2q xqbl7/OV830RKJXL5iWon2zGhJRMjaXgkxa+VvfpKxmhNp27ws2dfwgHcrGFkPnphhECi9V3Mtfa eTzS499qqm1+xTjo9okP55NvSNZHOdLNJdow5foHoNGCa6MgpHIKXfHoyupXHFzdrOVIkYvYJJ+6 OO93GlC9+7rkzoiKpvhOrXCO5IQLuyDvhIvKXFq71pUk8NzDzJxrnqMwOsGpuOuJxqulcSHsaCEY XzEfLJke6Cw0VqYVWbopD9ooJoQUcXwN1mevsU54ptYXTfv+4ItGzFXr7Mz2o88cv2omzOZ/yeD3 /tozQaaC67XlzyrBWKty5L9tTPuc6OlbDIfcHtKtF1Dq3u5EKOvAq8zylu/yycR1obD/AgAA///T he2URDRwQmc5LHQTderZnMDA9izpTMW7M97Cdyb5mzBswZEjkSc7N+XnurQpF0pMjM7We7/rTorw BcF5jjbF89oWXE35tEZvtvak2WyfDMo3BPfeEePyDLyu3BjDkyM4PfOffuyRdxZ2SyZPjjo032jf tr1bXny5+jJlq3D68kCfjo19Rv8Zao61bp74OVfywefr1+ZH8tDzMPXBjLsywjKedH5vmZAwpczt 9ZzVmizF1ze+cGTpOiulu++62879FTe3V/qX3ItQEShYwPNEJnW7DE/62uyLIcs1VmuabP/5nVvS /qZUisNpHcdtT/ZsPq8o8732nHDPY5Wq8uW3b7/0Vtq76+ZMgd5lloKnNqfwMByffPvLKqkb8WY3 13l3q3oab687tkPHrJMlYfsdloUqRXzWze2ya75X9l27O0fg8LnfE/TE7V9XibH0Tygqfhm94lRg 0FTPm2tj/15Zn2126/qJ+ZOsX2ltnRJ0ODtX5IjJxiMrnsgeVkiWfN/YOD9rc8x7t6vv0/fXGzXR 6VSXoYDZyhaXfTspETF1z3WOtCnC+fzKz6bonym+UXhhzseu1sQdO+/4rbO0/PRmmsKKJSkMN9Mt w1jEbI/HacevZ18aVGt18Xr+pJWfZxqLnyiXW95nf7inZK2yytS16fdOhf+03ee0MU3iSOASxycF zYxLk95Vnj9zfPIL2x0rtdbuXX/zc/fslVN6WOe5lsbNL3/KksCTbPFtdSh/+do/3+h2MMcoHgZ4 Cc+aCOZJy3nf1GpmjF5zM4pH8SgeLJj5PxDcBACHOaBbCmVuZHN0cmVhbQplbmRvYmoKMzEgMCBv YmoKMjI0MjUKZW5kb2JqCjMyIDAgb2JqCjw8Ci9UeXBlIC9YT2JqZWN0Ci9TdWJ0eXBlIC9JbWFn ZQovV2lkdGggNDM2Ci9IZWlnaHQgMTMyMwovQml0c1BlckNvbXBvbmVudCAxCi9JbWFnZU1hc2sg dHJ1ZQovRmlsdGVyIC9KQklHMkRlY29kZQovTGVuZ3RoIDMzIDAgUgo+PgpzdHJlYW0KAAAAADAB AQAAABMAAAG0AAAFKwAAHsIAAB7CAAAAAAAAASYBAf////8AAAG0AAAFKwAAAAAAAAAAAAAD//3/ Av7+/qujuEKNx/4Q/D4sOrabPzXhyKrDJ077jXDZPXuvnnPZYCBDVTUKTgaSDrAayACA9VLQ+/Uy IrHLJuZGl4wepq7vSHHTxrEdZ1x9SfripPy8mVIhNRXONMHcGnsQEjNXgBP5rOuz/yBzwezkIcDF L4lo7cuL9+chEfXh4I0n72hlpIzEYRMJfCFKtQmWOiLZmlab/hXLm2ikWTJteFX6oumlrqos4FFP 1C0TDRW86ZaKhI6x9iwi8qy+Mva4IH5QWzuHwrkZjXsrSAyu9xR4f+q0UQ7PZrUoFV3pY1Rwb4ew Z8d2JwCASc4AlpDE2zSJ22RwSJbcEBYqWf488JNT3AZXg5H68rWccMtnmeyxNQzsIZllx1UEsfVz NUIZYWmnTR1WnaQv44LA9KGY6/ZZW2anhyvGSelHnUVMMm0IJAT4Yb5zblkQDWeust2lrTT/em3I qC7gwPE0G+xsy4s+/3bRIq6qd47iBL793raEenKAkPjOYuxK1uTLP3mGHAreIAiLPVf+UqwEIlvl pWDLFfgKHup64y/lwsCROmwUFWq6FFyOC7F2i+ogxybk8ZZBCghGZnKot2/YTdjL3MBN04W0xVwJ mPNOgrRVc24mlXNyLzd/zym434bDV/hvjeR2Yw5gw8JofpXLgxuGMDMwV3TM8+piEa0sRskoNEsx QkMS7vDPeZpLns36yvaNHxEnvPOMpM++0BGYqDr+tnBew2jS6vOeybqUjMynaVuHm5ZiNvi68VvV VlLv5yGdmiPODskDZF06D32g+QyjxANUCwywk85Wgey9W527xkZ1ZXHXNPVNs+jm3Sk5/xxvYQLP F6bXUbX9tM0x+Img+EW2Swuu8ju5+mOUmUQ0YjuqtRXUQhkdmC588+C2qY3xo+ofVn2NUhvQ1l1X 3GJJPCjr3r9RmvTO/DYfgwPdl8EMqlpBEbvzhgYxTQiAE0bEKPMFHSlYwHYZHtkOn+kqW6Fj3FGC p3nbLtOCI1QQuzbTfBbfooljiuoZVDJt7UUacsBL2V03K/XnJp3l5MZPdDjohPbkRR1IigutQRop Gc4ZYDzNhHgwFOLmq1dQSisJLwE9ukLCr2m7gUxFIPyD2cU2YtXM5vDTWo/wd/tdB+378SNGIAho fHu1egNyJbFpghlYpCMmeBpsDfE0zucFPds+ts11XZEo544zCh9QSo7l27/V+YofcdP5jZ0sHAbJ JzXx85Ya9urjDAKdf32AEjxaw14f+TN1SoknLr15y1B+a1AGL52Biy1Xr89azLOOFwDKFxBUprtn F3C7p9strUsHs2VNXw8GNjiuuc/t4vRGWLB9ldTclBJrARHEShaDBqzZgI79MfJEF7S+iAx+BSDl AEhTqqDFKprCKS11zrVe5qjsKWN0Mg3TUpdL7tPxekzVR0ewid724DLpDXQvfq6wODI+9uzK8CLA zgT0iRJ4n4GkxqruNwzoN1coGCQYZu2H3YBJJiKZoraosAyGQbIL29rD7mHMzij/Ykv0UoK4xfF3 ixNLqu2wx0179nhOwa12yXx36XS2GdfOsyCKQf5lZ/h3yRjEku0qs3dW3qjaGm6E9J8q1Xnz+fOk FmP7sbytbmxF81TA9a1Xe4tdOuz3MEtXGC70Pz1LlN4pKSDWWqroxU17LInXYyyQBnH+Q/IxI0Zv YaFBxCPcdcV15xobU9wrkopcbiVqfhF0Mi1CS0KYt+zjdsZ+HDfAV7/nUoMVV9BFuyh79LjOd71p e0HvDbVu4bHXGZzw/x7NH96DYwX/Wr5Uq8mmihUlto26+1kTwIgwBDnSzmLZeD31TftLRreSFa4v Czb/JXjTWEYJgo69SD+LhFkFyXKsDQNIwv41mVbRb1Vov9QqJA1QEgs9PEn4xiWXEJYuwgwzlF1N k2L+y3or/wVgMY4pT7r3OrbmNHtaDYkgMQle+X1OHi4Q0NVxKGxBA1DlQDRDYO10pAB5ecAhh4hY r5G6HbB4xHdt6ihYgVTFcpb4bP4+QWk/XP3FMehLKgZnY7Nh7poRrCH3A0lSsuIY6ED9H6tUBwd+ h52647DHqL8DvL4uIOe/t4mOy2EWq+FZUvbdlDvgzLq0TCR1+/MQCWyIoqCV3PR3TRzQQxrXXrxt 5A85hWFdfoRK7Kkr1JynaQXJUpQKEUOThtK8T3ARmqj4dJQQ2/GKB3zKs8z090xgDhAmaULbM3CB 6rpYUgF65kywu1dSuAIC0iJfOlT/eNMtvQM9hT2jnct2n+JXBtWo1sYtsT1lcjgiVLXm5WCM+6XE 8mb+VDM5Q9tw0qfAQ4F/j6/4l8hWSQ9nmcSNiCoh+sbtikquwFKwhgo2mhAM+gsVNZhIfeYEjETf TbcwYU827joYmS33JBT/AGO2x0KUBmaTiZqsP0D84z340FtkcBl+MigBvinV5YCSOd1WdUgxvc2z 9xu2m3MAG0upBAG+5denMLZ+o5GycXSgxLsOjV67A1YOUKkIYyb13cEcuQ8he17KBYqnVutWYxVg W5DCHMz04O0WWZ8rZPIrBZazcxdtfyKuHZd6urGePXVbaLBsib/3mHgM4Rm4j8EWtZk7XxudrQZv choIgVED8qV6YrA+rsQLi5ohQsUdTFEDDz+Oz9LY430gh0TdPAEAWZo8g8pq/V/cqqlLlCz7Fu31 1VnSWnuqGU2n6mxrQ94R+jCmDr6i9TVuDG3w7Qn5pWoxzUfAUisVpCOBc5CwedkF4xzijlQe1u4m d1ru2eHh/aXaO32DU0KOi0RjpHKmP6MFuB0/dLRA7fn8wwugNalbt5eh6MY0NFqfiwO61Pc0tF3m o0k323tECtBk4hNoOLqvQWRRrvKAvqt8aXS1gYpLVpF1EkMcLcZ0320Xjwc1XHiXIf8jMhj14Xbu 9KXugmPWh2aB2M1IzQPbhbDXM8ppB02X/tDTwLPbuhTxekc0LRUnP93c/KGGvMYY6tADXUVgwprF axUtResexmHeIni/zIEzgcns+ssihIQf/Ts/2J9iCUVLSf8HIGQxi6SnnuGMmohBXq0nsxUEUuJp nGiN2FsdXKYprjveE6cwchX2VVriJ9oEytxQnvvB/WReCf6Wo6NuZuoErlnxsTVPUjmeBU8PoXll zeZ5wbrwjHFZAUH7dd3hp5CNa3sw4WceX4YsqDbvBrzUJzs4z7i2J3BZRIMyBpsqJJ0mQxyU1/kB DZ7XnJjPjJLydV4vqLyasxwRPDSU5PkWOJVBWdV1EL/1C7RIgYzvO+xOrjKXZprAbzZe41Yx/f8B GI7p/hpQoV54vxYDn6NFHtD7/gwCDaN9khHz8jvYhKW27T//E9TGd8KgTpQJZYObKwSSX0+JfWVA +r+e00uGa9RJfox5A63WBw/KvSe1LhB1z9aQnB216dQSiLoj5UJSu0Hp7XCAS+XnN6EOLjlqMTl/ lRGtLUS0CDyLRd6iZOnqAzGxOyJfEF8lYShj/HYVynug6Id9B6K/1jkTWxkvlT/aR2NCK+5fsI3R 6XidF+eCrnSFGoV+jfO1aYjgDveci/j3MrAB55Zgu3JSwTKjvW8Rhvvb5NJ/Nkwt/dqwhlRKKsNX n/XyI0hEbyEaR/swKWZ2gZqv2RozUCepiQt8DJrGidZSCS8nH9segJNcEdNgWDVwL0AGpzZwQaaA XxDQMTZVwGBJoFRhTqj/BhKweEyd0X+tKB7mC7UmwAfyfYHXX0ZVFZn3bUPkIbjpoz8RG7FGE5/Y zShS5k8yYvgKmXoLuQBCPavPvrfqQhBgEcT0I9RfhhnmcmG/9r3Aixk3aYfGJGDXPZM1U9sqptTx /2pVorpTv2XriTRdCWd0zm3uDXYIlRAtz874lyogJ6j6CBpkviN/tLMPekBU7VIHj7RiOntB2/gO vVtKqqBFi6wKTWb2UcbmiOGWF+dY7wQZH6sRcw3BlpS/cPPxC0nV/0NrWiVuVfmAN4vONjU6tP49 dHVj8/I1Ws+85xP5e1+6cdDKs19GHSwkBc6/lVkCjYpdPwpFJCFccAlCGB9BgU5pvt1+fK3HIJz+ OuwGr9ID0VQDuNTjNg8qfsZeg4c9z6OW6hcWFHN/+h3phoK67kJteML63nnvad7vLPuMINMI2u+T /wB1DP4Tze6OB9rCpRw7UOppXaNhiy7jTtfgmS+Ja9ltELSSxkaapPO8i72ad1FTCvgNk7MN4Wnq 88islr90KeB3c9afaw675WVwl4x6gcDr+tuLo3YbXSlY7yRca+B0vk+h9O8RL9uslvuNt4Yyaten qPhjDh/Mfz0sNydsj61aPpB1OLjDgZ5oDymF33OXOz5C2VOzzIk8Nepf494pxbjKC2oMVi0K+nuT sU11HNJVwYvvXv8xe0g45bpDt9eieI63BIYlfu9FCQVIrckyEFImXSauj2weithQyXVh/zutdd/n Ly488KZb23ij1pTNxKSm5PqIzLagz2RwY1ufax371pfUXTceCH0YBlDy6B9TjKskIufH3PBlShlG EY06FRVztkFG1+l0uogKjOHQijb88kbxjmBh3Tc2JjDfuL/1U49eUWVMGD4HO2CH4dhXrtSmY9Pz F0ASF4rDbYrVvGA2utD+Sx8/oWYb/W8PJbFXqV3p9YnDGKHB+rTL0wM0kRIqNyPR7/HqLbq0BQho fTi9HkoTrTOu/tVrpuU1XMgp1M8jlloQfV/ty6e1kHhR5rMSN3KeRaY+oWiapTs5KB6Uv3ipwj22 CXvLIgksI2IBht9MdxioJE23Y4SqzZ/KhU5ovJ8cRSzuNTmBMP0wASMY4ELn0K3bm82OAq2YtiFm M5mZWF4S1UM1TUtpTRaBoWHeEwDAB43LbwhmlVEOQPPSjADHRwiMyEDOjI6OAZgVE72Mx2Dw8iYY +bbhfeTbPDw5GJWubPpuGHlo/w/9iKJHplrasQq+8RVgvNZzZhixxmn9GvthuMeJ9fF1nDPwql9O Pp1pHXfLQqC90Q2vlptj5817HyOlaKdINQOKj1cXsBYYtqXd4cTLegB0HV9iWQpGA9T3aj55xhls oFD5sM4EMJYkRRpvKKD+tJLyWI5/6d+MzLZe234Tamafs70WJUMyeVCRylToCFBohrnwoqyv469H xp+O87jJxXnqKNqycTZMKDIH2ogKgqB8x25kd6wlnkME4GdvEuP1nsNM6W1ZeIP7pP3EWlCu1hQR T7LqUTkHr1kis/OKMjkRJZwF6Hl43WLwmglv/aBO/Y4fiGEcIUW3clG/UVQXxvs5vGkUEdhkpXiR tXiWLK+SsHFne3rKO9heFvCmeKFIzAM2VrtZ2Hm0wjdAMQ48fGrbIrcMzUrVjIN+mgoSC3uyJZfM ti19xrQ3/zHfOP8FBXHEI0cAEgx5SP4RPYcSU4NoqbtG+S5cviECqKVhqT0l/C+WNOWo+4lI3hKR e+TjLZosgJrCDA+HYejl8Bn5A7kvqTvXboAGchBpi7qf5e5uR6Gt4V3Pno/lfwcksvfZR9Ucp36v iWf2IDwOBp1af7BE5ZtiUkSQMAUlUPC3jQPOe8eZhmoQ4e6pFt1d/OqfQ2Uqby+KLwQvwqcW6S5y /GSi/yaF094AZ1LstGnjYbEgGTxBexnKSIvN3C4y1P9U4bYM/x53Zz7GbA6BNvQHEZydspVY2bW0 AQDH0FMVTNjT2Lr3VJln4o3fgpZP1E4BFU3oNcBgC+Dl3Wltc0DZShK16iNzxLGL+eN2cqdsGWCP Kxpv/LLoAFO5CykAj/GijziGREzjAqjD1EysegRy313ikum/hd34ZMMRBEqZNXSnkisf34/TYdjW x3XqRwEWqKHCt8JaukbvMxXde+Fey2M27dpK60IWW3/YGOVGeZaqOYqybamGtxBxI7RCcsLjET3k Keyz+akCInEG+tRzbhyxWnSkLfYyX5Ygy1akK+/dEJUk22wHgpp7bGH4bHMAonWdyuuTf0xhKNO8 pZx2A5/dqhD6URRtNw2QPCX4DraBFtUi7QygqUXuFpLhtXg4cpn9jAo7sP20A0byWt4wXxxMatGr 16pQgoNNm3b8Hj+NU0kBd4owPyVM2I1gZeLJyKj83/c3OCfLBbTJIjD+hUVG7qqtSTlBUjAPo/eV HMBm9AFFbPcl809srDzicUUPmAymNjNnEgJ8BLcmfWbmHEQdie00XlQlndU8jFxEJh1omlq+mjUD p2l/pswV61+ljhnc0DXDSnRj81Jk1TT7+e32krsnoBoU5KsD5bAF70jPlFS+IYi8BoIJ1RpRVL75 BitkUGTnaNzq5x4/yUZnXx8W41X8pCpHg8X85Z8FyBQ5aPRPwKuFJY3IRKRN5z/iqkynU6j+6hOA 53ElMEtBderPnxH/OLlb27NmpoyJdffboO1nTZt4zVtg3q+UV+mvyIiZYBQPhTUkklX/JhRS412F K+HZ8RH5T3fK8+lUCLiSS/uBRFWnJpOzk46yzqB6BCiu9OImdZqbG6wgzIpFWFGHolmctzSkEBew 0Mk+ULq1blhlF3jTiSw9BOuPVNVGrxmS0dBhvwJybIJ7HFHpgWvaoqfxtldhZKOQK+1oHzD0pFqD BPumDLzJse76YM7gjmTgKsq7ek3fR8Vv995uqyi2IGt/9yIPSWSEwVLFI4SxlUkXIJ4Jul2H2qDv GQdzeKd3TAdxMn3+UnvQnV2bYqmoIV2P7mu+7KZe1P38TDqrMuvphG7CwRGu/NjAuuETLYXlnFAT zP0GkUAnTOQQqX0DthBRhPbr64+tlEXvm+ggym9YiLGPDISDWsJn1G6OPJbK4+EGEBPDuc5cNXW+ jGxTqNwBTykeKHcju4TtEmFk8paZ401xnRQuDrS9rqoi+BrmWdi4ojgpRKEAKjrX1eK6sUQqEteT s5IuR6kuTZ0/vZbpyQLXaexmG7NPXihCcDYTSUfVbutayn8Fo3zNhBfsTOyHPF3w11wLA5wDwwk4 Q4IHev9eOqFiP87ZDmLeCe0ozRsXesDSDoF6e3JQ4I41HNvLcS6v/6wAAAUrCmVuZHN0cmVhbQpl bmRvYmoKMzMgMCBvYmoKNTI5NQplbmRvYmoKMzQgMCBvYmoKPDwKL1R5cGUgL1hPYmplY3QKL1N1 YnR5cGUgL0ltYWdlCi9XaWR0aCAxNDUKL0hlaWdodCA4NDYKL0JpdHNQZXJDb21wb25lbnQgMQov SW1hZ2VNYXNrIHRydWUKL0ZpbHRlciAvSkJJRzJEZWNvZGUKL0xlbmd0aCAzNSAwIFIKPj4Kc3Ry ZWFtCgAAAAAwAQEAAAATAAAAkQAAA04AAB7CAAAewgAAAAAAAAEmAQH/////AAAAkQAAA04AAAAA AAAAAAAAA//9/wL+/v6plm0zntv1MId0tZUxpl0oEwGu3rWKKFiMe4speXXEEIs8a+FwKgHRWxiQ 73EEa+QXgvENf6H1kqS9JV78wA/LPzkMeqrCZgfgAsxpLdWChl+iEtISQjwXkm+f7q5yzhkj+ybT hkxCC6yfKEk/IxPKeYDhzLYE1UprZ8HfARkLCnkmrCcnr73qv3jc16Tg2qR73MvPQP5xOme48ukC Qby8qdiuLsCBy3N7IU1cozPqbbYnZqn5leOAmzk4u1LWIgBmm/HBnnc/bxrmEIayOgvoOf1Ekpq+ oyvvM8x5U4n8WZxj5Lha9e3Ew043xB0KLWQrGM76oELAAxw6BIgMQeTCtna1kcKvyiqRdah1XOFK bolIWdRYlnWNrhIjq+x5J9zgbrpd33+ub3guamNotqwpai6HMJ3/LnujgOapRbHQZ2RCQJlqrQpS VcSrOPXla9xuQTEUAzxPjlACdknrA9hrBfQT9ZxBIzHsHtVtIyMDv1LsTF/j2EcRD0SjzanYJqlY uP6prwz4oh9P8J90mfnaqTXK/VsRpPNTC38eIW+dh3UaT8TweczQU2q38+A5arIjo7ECGJ7jFibI COB49yBm/w0SxKiQ/d5R75jkz/xWy1QC0ah1Il0Un/qDH5z7WVIncZJ789eU/WT5QDnFm4xMF8VH az4c5Kbl11Au9a97XraPj3qzaG8XQ0/J5rMn4POvLWxJsMzEcQWZTw+7aGXjSHU1J17GwUHR4kU2 F1bvESqTJmUThSkDAbBkNZK4Vt/yIZWjnflECtmi9eGS3XkX3iReUVtEuQjZGIAbRxRVUeNkrUc4 4oUDNtfimSC10uaQtULCSmlqoFo9GsEDgrXt1Da8pmkTOA9AB3dIJ9FJ5Cd2eGP7QMOULQESTtX5 egMhEbdAQiJ4SGzCS7oCCVzdaN+9beclbe3DYlRbbpMJRuN6l+ruT2cPt35SI3G/nTrqwYHy014v nKzGGzElvYgZxBEqRdCoUgZevqDN9KdrKZjvmQ/Xx/NtGr0XZHuTVl77uaLCnZBzTu6/51Z5Qvmi DCiWO8R3Q4/gZopgNr+J08XPoJZ4Co5gU67cB0lZMnzMNxt5BupmzHkTmhGqNBkm84R1rfLUsPlg yKR4HQ2EY0TRYQTrYZ5X0NhmA5NUsWG3cAMWSsNOyBDQLUD5pVcC9Rx3WcT7iYNmgGvLHUjNW3Ik agjxjWQTB2V7TQxgvTY6DJBY09QBTqzOpVmyXT0gbXNu9aLOu8YxNBRo5ZSamxIiFBf2pwiMc3ta PEm+ZV2l6QpQj5NORUhPTCk+vYpZ8XVnOPRMeGjeUCNpj9z4qTTEm8mnfXYOGE8/Yb5HSOGStkr9 0gSnFNsypnS9KHEAckdxW4VdbN1PfBy4Edp8qEP98bG+aafDc3aef1YhhfktnQssrrV1nj4ZvSx+ gjkZ9aagDs7VUkdoDmOOCqTgzob/ZH8X6vWO6dfyHF662jk34wlAuw3v5VgCXjtWaFo6v4ScASaI UuENo0bilYvS+KJz4GsYccFhe1ktWgT+SEI4heJSXefg+uJRPGRodLqhGiCteLWnDMUuyf2Ux13A abrQOcXnF57MrEaG0fzeplrs0oIPBM0K1iXo+H8L8x1KcJAmb22yc9XuXHshrKGW2OqG2uKj6DAd iiYoSWDzM1fFt1LrC/NTHPl+oCIUyF5z/DEzFOnc8klxMPwfBRwD7HBaoyHv/6wAAANOCmVuZHN0 cmVhbQplbmRvYmoKMzUgMCBvYmoKMTM1OAplbmRvYmoKMzYgMCBvYmoKPDwKL1R5cGUgL1hPYmpl Y3QKL1N1YnR5cGUgL0ltYWdlCi9XaWR0aCAxMzgKL0hlaWdodCA0NDIKL0JpdHNQZXJDb21wb25l bnQgMQovSW1hZ2VNYXNrIHRydWUKL0ZpbHRlciAvSkJJRzJEZWNvZGUKL0xlbmd0aCAzNyAwIFIK Pj4Kc3RyZWFtCgAAAAAwAQEAAAATAAAAigAAAboAAB7CAAAewgAAAAAAAAEmAQH/////AAAAigAA AboAAAAAAAAAAAAAA//9/wL+/v6q7MAyo8JxzsHR9B//f/8kRRLjEDxI9GcO4xLj0AhV4cZZ0k1h aKuujSZ+CLXZeaPKGGKPeHeUdbqfPr/wyYwTvsAFy9z/QzOQsunkdUUmoApLjMqi251hmKHsyj4Q 3/GCvKGEYVE2qtESJhBQxnBbJAhmcw0yhOGdq2OEsDIvObjWxyP0+BQir4emrulR7iJXppHRNrBV foJgrbZeAcw2jhTiaaU5J3E1zf9lIePZfx6ucWH+RZ03Z4/L2+rtmFiwzv3TkzwEYSiPHpMnT/0k NTzqMc4EFLJ94P4JrxPB7h4Uf0j4gssAjrE/oSp07S4eiERtYpfNkVVBHo2IaZpKemwpZGacy0r7 JbNuI7aZr/AqtReObiUpAxfE4W1dyu6eC1lhx/FWrGE/9iQZtBQb9tZeq4aCb6jriKkW9uUFuWig qc511lqUoa1TkufHe7H6lVjUqv3V+uc3DVTqiWAaI3LzycHBtYJxeH+IVpa+EQJplTrDIqwbqbdP U8ak+RtNfYAESvCESJU37tGKsRb/cP86iNfPUB0l+BnZAzNDHxEYPowtDJk4uKTmaGLBe2Kzs7hg nU49GbLviIS/uAkOgfWsgiM4817xVEBXot2HUA9e4r0mdySCqedGQqEZKUaQtDjlSywhS7H/OTvC 5g68z+j+pgtdI+7wxdAwKQlU2ETDhgY/YGkXlt87UJWPpl8WHwa6JfFd6IQD632tay+NnL6xffgT oPVkFFP3LGI+0TUcx4C98LYGpxXL0H87YU8eJx5FiazIg1a/nYCAE/BShZyaf748edenQdnuVt3U D6wMf07wHEkR/w+OSlnVRr6Wlq9lh78yPIJw26F/ypX4JcZwcfFojx8SgaVdq/Xpa+3KzcuoE+9j DH4ewyow+X0u+/JUGXHlFT7LCvazOtyHWm+E0Snl1v+sAAABugplbmRzdHJlYW0KZW5kb2JqCjM3 IDAgb2JqCjc2OAplbmRvYmoKMzggMCBvYmoKPDwKL1R5cGUgL1hPYmplY3QKL1N1YnR5cGUgL0lt YWdlCi9XaWR0aCAzMQovSGVpZ2h0IDQ5MQovQml0c1BlckNvbXBvbmVudCAxCi9JbWFnZU1hc2sg dHJ1ZQovRmlsdGVyIC9KQklHMkRlY29kZQovTGVuZ3RoIDM5IDAgUgo+PgpzdHJlYW0KAAAAADAB AQAAABMAAAAfAAAB6wAAHsIAAB7CAAAAAAAAASYBAf////8AAAAfAAAB6wAAAAAAAAAAAAAD//3/ Av7+/qUjStmCQV+lqJXDaJl8gYWvebbAe4g7WindyklCV7+R0b97rgjTA2Qj39ra0TCuHcZSeFTV NyRqGfBGDkg/TaTcicNzWj5AF29Jz1+/MY7W9nxWVorB34P4SQs7vkQr9FELpxGD8sdS/ra1G6b8 SzqvdDeKMqPUROpmpS23I875j3SpB9moXiTDl6gCd9vOPJjvISZH0ZN+Gbg7JNck60y2W1jEswwT epE7MdRB7hoEqjt+NYmxuty9/6wAAAHrCmVuZHN0cmVhbQplbmRvYmoKMzkgMCBvYmoKMjU4CmVu ZG9iago0MCAwIG9iago8PAovVHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dpZHRoIDI5 Ci9IZWlnaHQgODcKL0JpdHNQZXJDb21wb25lbnQgMQovSW1hZ2VNYXNrIHRydWUKL0ZpbHRlciAv SkJJRzJEZWNvZGUKL0xlbmd0aCA0MSAwIFIKPj4Kc3RyZWFtCgAAAAAwAQEAAAATAAAAHQAAAFcA AB7CAAAewgAAAAAAAAEmAQH/////AAAAHQAAAFcAAAAAAAAAAAAAA//9/wL+/v6oHp7hfWMeo3gT wOWof/chUhw0tooaJVvJRdkwA9JR+OWjKtstUjtX2vnGJN7V0B2pXrJ1GC9YD6uJrBjdfbJoBgTt 4cjde2XcX0g3d8AEkxeyTjisI+dDcnKXAzl21u8XUDaRac+CfZnYcHf26OnqqbUvhFubxnRyv/+s AAAAVwplbmRzdHJlYW0KZW5kb2JqCjQxIDAgb2JqCjE5NQplbmRvYmoKNDIgMCBvYmoKPDwKL0xl bmd0aCA0MyAwIFIKPj4Kc3RyZWFtCnEKNzkyLjAwIDAgMCA2MTIuMDAgMC4wMCAwLjAwIGNtCi9J bTMwIERvClEKcQowLjMwNTkgZwoxNTYuOTYgMCAwIDQ3Ni4yOCA1MDkuNzYgNDYuNDQgY20KL0lt MzIgRG8KUQpxCjAuMDQzMSAwLjA2NjcgMC4wNTg4IHJnCjUyLjIwIDAgMCAzMDQuNTYgNjY4LjE2 IDE1MS45MiBjbQovSW0zNCBEbwpRCnEKMC4zMDIwIDAuMzA5OCAwLjQ1ODggcmcKNDkuNjggMCAw IDE1OS4xMiA1NTIuOTYgMzYzLjYwIGNtCi9JbTM2IERvClEKcQowLjk5NjEgMC45OTIyIDEuMDAw MCByZwoxMS4xNiAwIDAgMTc2Ljc2IDU2Ny4zNiA2My43MiBjbQovSW0zOCBEbwpRCnEKMC4wNjI3 IDAuMDg2MyAwLjA3ODQgcmcKMTAuNDQgMCAwIDMxLjMyIDY2OC4xNiA0OTEuNDAgY20KL0ltNDAg RG8KUQoKZW5kc3RyZWFtCmVuZG9iago0MyAwIG9iagozODIKZW5kb2JqCjQ0IDAgb2JqCjw8Ci9U eXBlIC9QYWdlCi9NZWRpYUJveCBbIDAuMDAgMC4wMCA3OTIuMDAgNjEyLjAwIF0KL0NvbnRlbnRz IFsgNDIgMCBSIF0KL1BhcmVudCAzIDAgUgovUm90YXRlIDI3MAovUmVzb3VyY2VzIDw8Ci9Qcm9j U2V0IFsgL1BERiAvSW1hZ2VCIC9JbWFnZUMgXQovWE9iamVjdCA8PAovSW0zMCAzMCAwIFIKL0lt MzIgMzIgMCBSCi9JbTM0IDM0IDAgUgovSW0zNiAzNiAwIFIKL0ltMzggMzggMCBSCi9JbTQwIDQw IDAgUgo+Pgo+Pgo+PgplbmRvYmoKMiAwIG9iago8PAovVHlwZSAvQ2F0YWxvZwovUGFnZXMgMyAw IFIKPj4KZW5kb2JqCjMgMCBvYmoKPDwKL1R5cGUgL1BhZ2VzCi9Db3VudCAyCi9LaWRzIFsgMjkg MCBSIDQ0IDAgUiBdCj4+CmVuZG9iagp4cmVmCjAgNDUKMDAwMDAwMDAwMCA2NTUzNSBmDQowMDAw MDAwMDE1IDAwMDAwIG4NCjAwMDAwNjM0NjIgMDAwMDAgbg0KMDAwMDA2MzUxMSAwMDAwMCBuDQow MDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAwMDAwMDAwMCAwMDAwMCBm DQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAwMDAwMDAwMCAwMDAw MCBmDQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAwMDAwMDAwMCAw MDAwMCBmDQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAwMDAwMDAw MCAwMDAwMCBmDQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAwMDAw MDAwMCAwMDAwMCBmDQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAwMDAgMDAwMDAgZg0KMDAw MDAwMDAwMCAwMDAwMCBmDQowMDAwMDAwMDAwIDAwMDAwIGYNCjAwMDAwMDAxNzggMDAwMDAgbg0K MDAwMDAwMjA3NSAwMDAwMCBuDQowMDAwMDAyMDk2IDAwMDAwIG4NCjAwMDAwMzA5MDYgMDAwMDAg bg0KMDAwMDAzMDkyOCAwMDAwMCBuDQowMDAwMDMxMDgyIDAwMDAwIG4NCjAwMDAwMzExMDEgMDAw MDAgbg0KMDAwMDAzMTMwNCAwMDAwMCBuDQowMDAwMDUzOTE2IDAwMDAwIG4NCjAwMDAwNTM5Mzgg MDAwMDAgbg0KMDAwMDA1OTQwMCAwMDAwMCBuDQowMDAwMDU5NDIxIDAwMDAwIG4NCjAwMDAwNjA5 NDUgMDAwMDAgbg0KMDAwMDA2MDk2NiAwMDAwMCBuDQowMDAwMDYxOTAwIDAwMDAwIG4NCjAwMDAw NjE5MjAgMDAwMDAgbg0KMDAwMDA2MjM0MyAwMDAwMCBuDQowMDAwMDYyMzYzIDAwMDAwIG4NCjAw MDAwNjI3MjIgMDAwMDAgbg0KMDAwMDA2Mjc0MiAwMDAwMCBuDQowMDAwMDYzMTc5IDAwMDAwIG4N CjAwMDAwNjMxOTkgMDAwMDAgbg0KdHJhaWxlcgo8PAovU2l6ZSA0NQovUm9vdCAyIDAgUgovSW5m byAxIDAgUgo+PgpzdGFydHhyZWYKNjM1NzgKJSVFT0YK --_002_24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5Hermescolumbiaa_-- From Sandra.Murphy@sparta.com Sun Feb 26 15:03:50 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFDB921F8564; Sun, 26 Feb 2012 15:03:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.742 X-Spam-Level: X-Spam-Status: No, score=-100.742 tagged_above=-999 required=5 tests=[AWL=-1.343, BAYES_50=0.001, J_CHICKENPOX_54=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBDpjymYlGP7; Sun, 26 Feb 2012 15:03:49 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 0DEB621F8559; Sun, 26 Feb 2012 15:03:48 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1QN3kYS031960; Sun, 26 Feb 2012 17:03:46 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1QN3knh009307; Sun, 26 Feb 2012 17:03:46 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Sun, 26 Feb 2012 18:03:24 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: attendees at interim sidr meeting 09 Feb 2012 Thread-Index: Acz00Hk2yL35EYsEQ4+azgbJ31irsAABx0Zg Date: Sun, 26 Feb 2012 23:03:23 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133F3@Hermes.columbia.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "proceedings@ietf.org" Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2012 23:03:50 -0000 In addition, the webex recording reports the webex attendees. (This is tra= nscribed - there doesn't seem to be a way to copy from the WebEx recording.= So if I've mis-typed or missed a name, report the error.) Randy Keyur Andree Toonk Kannan Varadhan Anuja Sonalker Jason Schiller Nishal Goburdhan Randy Bachman Shane Amante Adam Vitkovsky Stewart Brian Dickson Jan Borkenhagen Michael Sinatra Sandra Murphy ________________________________________ From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Murphy, Sa= ndra [Sandra.Murphy@sparta.com] Sent: Sunday, February 26, 2012 5:32 PM To: sidr@ietf.org Cc: proceedings@ietf.org Subject: [sidr] attendees at interim sidr meeting 09 Feb 2012 It is a requirement of interim meetings that the attendees be reported to t= he list (over and above sending in the "blue sheets" [this time white in co= lor]). The registered attendees were: Sandra Murphy Sparta, Inc. Sean Turner IECA Mehmet Akcin ICANN Russ Housley Vigil Security, LLC Douglas Montgomery NIST Matt Lepinski BBN Technologies Keyur Patel Cisco Systems Inc. Stephen Kent BBN Randy Bush internet initiative japan Warren Kumari Google Ed Kern Cisco Systems Jeff Haas Juniper Dongting Yu University of Cambridge Heather Schiller Verizon Eric Osterweil Johns Hopkins Taekwondo Team Instructor, Emeritus Ruediger Volk Deutsche Telekom Sebastian Becker Deutsche Telekom Wesley George Time Warner Cable Kotikalapudi Sriram NIST Sam Weiler Sparta, Inc. Alastair Johnson Alcatel-Lucent Chris White NTT America Karen O'Donoghue Internet Society A scan of the blue sheets is attached. There was one person who signed the= "blue sheet" but is not on the above list: Tomofumi Okubo tomofumi.okubo@icann.org. (My apologies if I've misread the handwriting.) The jabber log reports the following joined the jabber room at some point. Paul Hoffman joins the room ndg joins the room Randy Bush joins the room ejk joins the room Sean Turner joins the room dougm.work joins the room MIchael Sinatra joins the room weiler joins the room lepinski joins the room wkumari@jabber.psg.com joins the room smb joins the room Jeffrey Haas joins the room adrianfarrel joins the room lepinski joins the room Stewart Bryant joins the room dougm.work leaves the room morrowc joins the room Karen O'Donoghue joins the room sandy joins the room Keyur Patel joins the room kvaradhan3 joins the room Jason Schiller joins the room chwhitey joins the room heather.skanks joins the room Sander Steffann joins the room Michael Elkins joins the room brian.peter.dickson joins the room Kannan V joins the room beginner0 joins the room dongtingyu joins the room asonalker joins the room Sebastian Becker joins the room Kannan Varadhan joins the room= From randy@psg.com Sun Feb 26 19:25:07 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A896121F84A2; Sun, 26 Feb 2012 19:25:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.49 X-Spam-Level: X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUh-KVtV7FeJ; Sun, 26 Feb 2012 19:25:07 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 4A85821F84A0; Sun, 26 Feb 2012 19:25:07 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1S1rCz-000HHI-9J; Mon, 27 Feb 2012 03:25:06 +0000 Date: Mon, 27 Feb 2012 08:55:00 +0530 Message-ID: From: Randy Bush To: "Murphy, Sandra" In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133F3@Hermes.columbia.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F60D1133F3@Hermes.columbia.ads.sparta.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: "proceedings@ietf.org" , "sidr@ietf.org" Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2012 03:25:07 -0000 > In addition, the webex recording reports the webex attendees. > ... > Randy this particular randy was not on webex. perhaps it was bachman twice? randy From Sandra.Murphy@sparta.com Mon Feb 27 01:38:08 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F137D21F8608; Mon, 27 Feb 2012 01:38:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.318 X-Spam-Level: X-Spam-Status: No, score=-102.318 tagged_above=-999 required=5 tests=[AWL=0.281, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2BEcEdoi45q; Mon, 27 Feb 2012 01:38:08 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 2731821F8605; Mon, 27 Feb 2012 01:38:07 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1R9c2gv001439; Mon, 27 Feb 2012 03:38:02 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1R9c1kZ014220; Mon, 27 Feb 2012 03:38:02 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Mon, 27 Feb 2012 04:37:49 -0500 From: "Murphy, Sandra" To: Randy Bush Thread-Topic: [sidr] attendees at interim sidr meeting 09 Feb 2012 Thread-Index: Acz00Hk2yL35EYsEQ4+azgbJ31irsAABx0ZgABRtWwAAAmvITg== Date: Mon, 27 Feb 2012 09:37:47 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D113524@Hermes.columbia.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F60D1133F3@Hermes.columbia.ads.sparta.com>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "proceedings@ietf.org" , "sidr@ietf.org" Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2012 09:38:09 -0000 Unfortunately, impossible to tell now. The jabber joiners and webex partic= ipants are self-reported. I have a couple of questions in to the secretariat about the list of attend= ees. It is possible they do not wish the jabber/webex attendees at all, or= more info, who knows. --Sandy ________________________________________ From: Randy Bush [randy@psg.com] Sent: Sunday, February 26, 2012 10:25 PM To: Murphy, Sandra Cc: sidr@ietf.org; proceedings@ietf.org Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 > In addition, the webex recording reports the webex attendees. > ... > Randy this particular randy was not on webex. perhaps it was bachman twice? randy= From Sandra.Murphy@sparta.com Mon Feb 27 02:06:25 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5A121F8600 for ; Mon, 27 Feb 2012 02:06:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.324 X-Spam-Level: X-Spam-Status: No, score=-102.324 tagged_above=-999 required=5 tests=[AWL=0.275, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUL3iTldUrEd for ; Mon, 27 Feb 2012 02:06:24 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id AAFD821F85D0 for ; Mon, 27 Feb 2012 02:06:24 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1RA6NqT001829; Mon, 27 Feb 2012 04:06:23 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1RA6NHA014966; Mon, 27 Feb 2012 04:06:23 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Mon, 27 Feb 2012 05:06:17 -0500 From: "Murphy, Sandra" To: Randy Bush Thread-Topic: [sidr] attendees at interim sidr meeting 09 Feb 2012 Thread-Index: Acz00Hk2yL35EYsEQ4+azgbJ31irsAABx0ZgABRtWwAAAmvITgAAxHWu Date: Mon, 27 Feb 2012 10:06:16 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60D11354A@Hermes.columbia.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F60D1133B5@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F60D1133F3@Hermes.columbia.ads.sparta.com>, , <24B20D14B2CD29478C8D5D6E9CBB29F60D113524@Hermes.columbia.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60D113524@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "sidr@ietf.org" Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2012 10:06:26 -0000 I copied the proceedings@ietf.org on the original message of this chain. T= hose who "reply-all", as Randy and I just did, will find that they are crea= ting a ticket in the IETF system. Please be kind to the IETF folk and remove the proceedings@ietf.org address= from any replies (as I did on this one) to prevent bloat to their system. --Sandy ________________________________________ From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Murphy, Sa= ndra [Sandra.Murphy@sparta.com] Sent: Monday, February 27, 2012 4:37 AM To: Randy Bush Cc: proceedings@ietf.org; sidr@ietf.org Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 Unfortunately, impossible to tell now. The jabber joiners and webex partic= ipants are self-reported. I have a couple of questions in to the secretariat about the list of attend= ees. It is possible they do not wish the jabber/webex attendees at all, or= more info, who knows. --Sandy ________________________________________ From: Randy Bush [randy@psg.com] Sent: Sunday, February 26, 2012 10:25 PM To: Murphy, Sandra Cc: sidr@ietf.org; proceedings@ietf.org Subject: Re: [sidr] attendees at interim sidr meeting 09 Feb 2012 > In addition, the webex recording reports the webex attendees. > ... > Randy this particular randy was not on webex. perhaps it was bachman twice? randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr= From Sandra.Murphy@sparta.com Tue Feb 28 09:19:27 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B7C21F855A for ; Tue, 28 Feb 2012 09:19:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.4 X-Spam-Level: X-Spam-Status: No, score=-101.4 tagged_above=-999 required=5 tests=[AWL=-0.660, BAYES_20=-0.74, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rn37Si5DsX1H for ; Tue, 28 Feb 2012 09:19:27 -0800 (PST) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 3AC9621F8555 for ; Tue, 28 Feb 2012 09:19:27 -0800 (PST) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q1SHJO0r016126 for ; Tue, 28 Feb 2012 11:19:24 -0600 Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q1SHJOXR026521 for ; Tue, 28 Feb 2012 11:19:24 -0600 Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Tue, 28 Feb 2012 12:19:24 -0500 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: agenda requests for IETF 83 Paris Thread-Index: AQHM9j0d1JMoOzSQD0+1bAYtUJtnQw== Date: Tue, 28 Feb 2012 17:19:23 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60F6ABE30@Hermes.columbia.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.185.63.118] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [sidr] agenda requests for IETF 83 Paris X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 17:19:27 -0000 Please send in requests for agenda time for the sidr meeting in Paris. --Sandy, speaking as wg co-chair= From randy@psg.com Wed Feb 29 02:48:06 2012 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1539C21F88FC for ; Wed, 29 Feb 2012 02:48:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.495 X-Spam-Level: X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SBTkT5AaMarl for ; Wed, 29 Feb 2012 02:48:05 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id A3BC621F88F7 for ; Wed, 29 Feb 2012 02:48:05 -0800 (PST) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1S2h4k-000OlQ-GJ for sidr@ietf.org; Wed, 29 Feb 2012 10:48:03 +0000 Date: Wed, 29 Feb 2012 16:18:00 +0530 Message-ID: From: Randy Bush To: sidr wg list User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: [sidr] draft-gersch-grow-revdns-bgp-00.txt X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 10:48:06 -0000 Abstract This draft proposes the creation of two DNS record types for storing BGP routing information in the reverse DNS. The RLOCK record allows prefix owners to indicate whether the DNS is being used to publish routing data. The SRO record allows operators to indicate whether an IPv4 or IPv6 prefix ought to appear in global routing tables and identifies authorized origin Autonomous System Number(s) for that prefix. The published data can be used in a variety of contexts and can be extended to include additional information. This work is part of an on-going effort and is accessible in an active testbed.