From nobody Mon Apr 3 04:19:05 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B779012871F for ; Mon, 3 Apr 2017 04:19:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.021 X-Spam-Level: X-Spam-Status: No, score=-7.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yf7uFsPWNB_W for ; Mon, 3 Apr 2017 04:19:02 -0700 (PDT) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DE461275AB for ; Mon, 3 Apr 2017 04:19:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1491218342; x=1522754342; h=from:to:subject:date:message-id:mime-version; bh=KfADJb8RwKAKmP5Dt8ljJQ7+n+Psmk2lWTpngagClNk=; b=vu2j2MLwKd/lwV4Ptqn8a9Q+oo9jw2lLPhDZU5QSasECn7EKKAqEXsva N6ki/bnVbc/pW3UKOaTdMyhgxJkiSKM5J5cvA1UjwQ4tEb2Rr8BbidDf2 lEQHgUZil/taTiTMGF9xbwejDRQgIbdItaA2/pl/VhW5CeY2J52k5Vo2Q 0=; X-IronPort-AV: E=Sophos;i="5.36,270,1486454400"; d="scan'208,217";a="275594633" Received: from unknown (HELO ironmsg02-L.qualcomm.com) ([10.53.140.109]) by wolverine01.qualcomm.com with ESMTP; 03 Apr 2017 04:19:01 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8486"; a="897962321" X-MGA-submission: =?us-ascii?q?MDFYSSk8maWPME43aPFpCYNvj3YkwMc/0OvHd3?= =?us-ascii?q?DEMKYCDVdUmgHudmYH/HSVnQpZRZpxD7VebqgNVEXf6TPxOuXsf6QyMc?= =?us-ascii?q?j3qwRAvkgS14ZPY3TRSGICGiMlZlPMJemXQ7iesTBy1iGBH2CyeTNSDf?= =?us-ascii?q?m8?= Received: from nasanexm01h.na.qualcomm.com ([10.85.0.34]) by ironmsg02-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 03 Apr 2017 04:19:01 -0700 Received: from euamsexm01b.eu.qualcomm.com (10.251.127.41) by NASANEXM01H.na.qualcomm.com (10.85.0.34) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 3 Apr 2017 04:19:00 -0700 Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01b.eu.qualcomm.com (10.251.127.41) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 3 Apr 2017 13:18:57 +0200 Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1178.000; Mon, 3 Apr 2017 13:18:57 +0200 From: Jeremy O'Donoghue To: teep Thread-Topic: Meeting materials from the BOF last week Thread-Index: AQHSrGwWpLE2wC/2ZUKEG2Yh52TAqw== Date: Mon, 3 Apr 2017 11:18:57 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [212.136.9.72] Content-Type: multipart/alternative; boundary="_000_C15B33BB80C84EB786911EAC1B4A4ABEqtiqualcommcom_" MIME-Version: 1.0 Archived-At: Subject: [Teep] Meeting materials from the BOF last week X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 11:19:04 -0000 --_000_C15B33BB80C84EB786911EAC1B4A4ABEqtiqualcommcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgbGlzdCwNCg0KQXMgYSBub24tcGFydGljaXBhbnQgYXQgdGhlIEJPRiwgYnV0IGxpc3QgbWVt YmVyLCBJIHdhcyBob3BpbmcgdG8gYmUgYWJsZSB0byBmb2xsb3cgdGhlIG1lZXRpbmcgcHJvY2Vl ZGluZ3MgYmFzZWQgb24gdGhlIG5vdGVzIGFuZCB0aGUgYWNjb21wYW55aW5nIHNsaWRlcy4NCg0K VW5mb3J0dW5hdGVseSBJIGhhdmUgb25seSB0aGUgc2xpZGVzIGZyb20gRGF2ZSBXaGVlbGVyLCB3 aGljaCB3ZXJlIHNoYXJlZCBvbi1saXN0IHByaW9yIHRvIHRoZSBtZWV0aW5nLiBUaGUgYWdlbmRh IGRvd25sb2FkIGlzIGVtcHR5LCB3aGljaCBtZWFucyB0aGF0IEkgaGF2ZSBiZWVuIHVuYWJsZSB0 byByZXZpZXcgSGFubmVzIG9yIE1pbmdsaWFuZ+KAmXMgc2xpZGUgZGVja3MgYWxvbmdzaWRlIHRo ZSBub3Rlcy4NCg0KUGxlYXNlIGxldCBtZSBrbm93IHdoZW4vd2hlcmUgdGhlIG90aGVyIHNpZGVz IHVzZWQgd2lsbCBiZSBhdmFpbGFibGUuDQoNCk1hbnkgdGhhbmtzDQoNCi0tLQ0KSmVyZW15IE/i gJlEb25vZ2h1ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBlbWFpbDogam9kb25vZ2hAcXRp LnF1YWxjb21tLmNvbTxtYWlsdG86am9kb25vZ2hAcXRpLnF1YWxjb21tLmNvbT4NCkVuZ2luZWVy LCBQcmluY2lwYWwvTWFuYWdlciAgICAgICAgICAgICAgICAgIHRlbDogICArNDQgMTI1MiAzNjMx ODkNCk5GQyAmIFNlY3VyZSBTb2Z0d2FyZSBhbmQgU3lzdGVtcw0KDQoNCg0KDQo= --_000_C15B33BB80C84EB786911EAC1B4A4ABEqtiqualcommcom_ Content-Type: text/html; charset="utf-8" Content-ID: <99EB0D9C2BBDED4BB6AB8CA361F9BC2B@qualcomm.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGkgbGlzdCwNCjxkaXYgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkFzIGEgbm9uLXBhcnRpY2lw YW50IGF0IHRoZSBCT0YsIGJ1dCBsaXN0IG1lbWJlciwgSSB3YXMgaG9waW5nIHRvIGJlIGFibGUg dG8gZm9sbG93IHRoZSBtZWV0aW5nIHByb2NlZWRpbmdzIGJhc2VkIG9uIHRoZSBub3RlcyBhbmQg dGhlIGFjY29tcGFueWluZyBzbGlkZXMuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5VbmZvcnR1bmF0ZWx5IEkgaGF2ZSBvbmx5IHRoZSBz bGlkZXMgZnJvbSBEYXZlIFdoZWVsZXIsIHdoaWNoIHdlcmUgc2hhcmVkIG9uLWxpc3QgcHJpb3Ig dG8gdGhlIG1lZXRpbmcuIFRoZSBhZ2VuZGEgZG93bmxvYWQgaXMgZW1wdHksIHdoaWNoIG1lYW5z IHRoYXQgSSBoYXZlIGJlZW4gdW5hYmxlIHRvIHJldmlldyBIYW5uZXMgb3IgTWluZ2xpYW5n4oCZ cyBzbGlkZSBkZWNrcyBhbG9uZ3NpZGUgdGhlIG5vdGVzLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48 YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+UGxlYXNlIGxldCBtZSBrbm93IHdo ZW4vd2hlcmUgdGhlIG90aGVyIHNpZGVzIHVzZWQgd2lsbCBiZSBhdmFpbGFibGUuPC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5NYW55IHRo YW5rczwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+ DQo8ZGl2IGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHg7IGZvbnQtZmFtaWx5 OiAnTHVjaWRhIENvbnNvbGUnOyIgY2xhc3M9IiI+PGZvbnQgY29sb3I9IiMwMDY5ZmYiIGNsYXNz PSIiPi0tLTwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6IDExcHg7IGZvbnQtZmFtaWx5OiAnTHVjaWRhIENvbnNvbGUnOyIgY2xhc3M9IiI+ PGZvbnQgY29sb3I9IiMwMDY5ZmYiIGNsYXNzPSIiPkplcmVteSBP4oCZRG9ub2dodWUgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2VtYWlsOg0KPGEgaHJlZj0ibWFpbHRv OmpvZG9ub2doQHF0aS5xdWFsY29tbS5jb20iIGNsYXNzPSIiPmpvZG9ub2doQHF0aS5xdWFsY29t bS5jb208L2E+PC9mb250Pjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGZvbnQgZmFjZT0i THVjaWRhIENvbnNvbGUiIGNvbG9yPSIjMDA2OWZmIiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOiAxMXB4OyIgY2xhc3M9IiI+RW5naW5lZXIsIFByaW5jaXBhbC9NYW5hZ2VyICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 dGVsOiAmbmJzcDsgJiM0Mzs0NCAxMjUyIDM2MzE4OTwvc3Bhbj48L2ZvbnQ+PC9kaXY+DQo8ZGl2 IGNsYXNzPSIiPjxmb250IGZhY2U9Ikx1Y2lkYSBDb25zb2xlIiBjb2xvcj0iIzAwNjlmZiIgY2xh c3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFweDsiIGNsYXNzPSIiPk5GQyAmYW1wOyBT ZWN1cmUgU29mdHdhcmUgYW5kIFN5c3RlbXM8L3NwYW4+PC9mb250PjwvZGl2Pg0KPC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxmb250IGZhY2U9Ikx1Y2lkYSBDb25zb2xlIiBjb2xvcj0iIzAwNjlmZiIg Y2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFweDsiIGNsYXNzPSIiPjxiciBjbGFz cz0iIj4NCjwvc3Bhbj48L2ZvbnQ+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4NCjwvZGl2Pg0K PGJyIGNsYXNzPSIiPg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_C15B33BB80C84EB786911EAC1B4A4ABEqtiqualcommcom_-- From nobody Mon Apr 3 05:39:36 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75CE1295EE for ; Mon, 3 Apr 2017 05:39:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.121 X-Spam-Level: X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hA31im58F0mu for ; Mon, 3 Apr 2017 05:39:33 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DC7912957C for ; Mon, 3 Apr 2017 05:39:32 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v33CdTFr029094 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 3 Apr 2017 15:39:29 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v33CdSp8000241; Mon, 3 Apr 2017 15:39:28 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <22754.17024.203027.351436@fireball.acr.fi> Date: Mon, 3 Apr 2017 15:39:28 +0300 From: Tero Kivinen To: "Jeremy O'Donoghue" Cc: teep In-Reply-To: References: X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 5 min X-Total-Time: 5 min Archived-At: Subject: [Teep] Meeting materials from the BOF last week X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 12:39:36 -0000 Jeremy O'Donoghue writes: > As a non-participant at the BOF, but list member, I was hoping to be = able to > follow the meeting proceedings based on the notes and the accompanyin= g slides. >=20 > Unfortunately I have only the slides from Dave Wheeler, which were sh= ared > on-list prior to the meeting. The agenda download is empty, which mea= ns that I > have been unable to review Hannes or Mingliang=E2=80=99s slide decks = alongside the > notes. >=20 > Please let me know when/where the other sides used will be available.= All slides were posted to the datatracker meeting material page before the session. The main IETF 98 meeting materials page is: https://datatracker.ietf.org/meeting/98/materials and if you search teep there you can find all the meeting materials. There is also agenda and minutes there. Or you can go to the teep bof page: https://datatracker.ietf.org/group/teep/meetings/ and click Materials there and get to the main page having materials: https://datatracker.ietf.org/meeting/98/session/teep The slides are also available on the https://datatracker.ietf.org/meeting/agenda/ page when you click the first icon on the teep row "Show meeting materials" you will get popup having the agenda and links to all slides. --=20 kivinen@iki.fi From nobody Mon Apr 3 05:48:46 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 516FE128768 for ; Mon, 3 Apr 2017 05:48:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.022 X-Spam-Level: X-Spam-Status: No, score=-7.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H32-jOI_L1tq for ; Mon, 3 Apr 2017 05:48:43 -0700 (PDT) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68141127342 for ; Mon, 3 Apr 2017 05:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1491223723; x=1522759723; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ZZYpSMVAUm5MXHRr9H68hdc+BZX3AgzCMCFLj589rAM=; b=ymsrTW314KISCg1eSUM/Gh/h5diC6HXDQlVQRW3Wxl/cT3SZ5QlBFIFp BV8RlvchrbPZM2gLwxnZpGVjcny9ZYXrqw/OHOB1JEZUCEdDOGaFdCYJl eoZs+tyWfhkYqb/n0koDGkqMwGq1mysZ/DxLhUfnckYapIr1HsBfY03c8 E=; X-IronPort-AV: E=Sophos;i="5.36,270,1486454400"; d="scan'208";a="275604053" Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine01.qualcomm.com with ESMTP; 03 Apr 2017 05:48:42 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8486"; a="1344168842" X-MGA-submission: =?us-ascii?q?MDFeIbDp5obc+ip2LGNdzfVlkfBCQiuUwKQtzP?= =?us-ascii?q?RF3jh5ybwHElaEL17TB4+tU8njZ4yRzbDUTJE/M9dx8mtx6E+lpL9eBE?= =?us-ascii?q?RGm5npI6BvSLpMS60lI0sLzAiQx0TXuduDhOq3OJUVV7jih8VlXdo0PU?= =?us-ascii?q?fW?= Received: from nasanexm02d.na.qualcomm.com ([10.85.0.44]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 03 Apr 2017 05:48:42 -0700 Received: from euamsexm01e.eu.qualcomm.com (10.251.127.42) by NASANEXM02D.na.qualcomm.com (10.85.0.44) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 3 Apr 2017 05:48:41 -0700 Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01e.eu.qualcomm.com (10.251.127.42) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 3 Apr 2017 14:48:38 +0200 Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1178.000; Mon, 3 Apr 2017 14:48:38 +0200 From: Jeremy O'Donoghue To: Tero Kivinen CC: teep Thread-Topic: [Teep] Meeting materials from the BOF last week Thread-Index: AQHSrGwW1R/ge+DEBUG3HH/YgPDtMqGzdEsAgAACjoA= Date: Mon, 3 Apr 2017 12:48:38 +0000 Message-ID: <181D91CE-607A-4A4A-981A-2954F81D85F2@qti.qualcomm.com> References: <22754.17024.203027.351436@fireball.acr.fi> In-Reply-To: <22754.17024.203027.351436@fireball.acr.fi> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [212.136.9.72] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Teep] Meeting materials from the BOF last week X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 12:48:45 -0000 TWFueSB0aGFua3MsIFRlcm8uDQoNClRoaXMgaXMgbXkgZmlyc3QgdGltZSB3b3JraW5nIGluIElF VEYsIGFuZCBJ4oCZbSBzdGlsbCB0cnlpbmcgdG8gZmluZCBteSB3YXkgYXJvdW5kIHRoZSB0b29s cy4gU29ycnkgZm9yIHRoZSBjb25mdXNpb24gb24gbXkgcGFydC4NCg0KQmVzdCByZWdhcmRzDQpK ZXJlbXkNCg0KPiBPbiAzIEFwciAyMDE3LCBhdCAxMzozOSwgVGVybyBLaXZpbmVuIDxraXZpbmVu QGlraS5maT4gd3JvdGU6DQo+IA0KPiBKZXJlbXkgTydEb25vZ2h1ZSB3cml0ZXM6DQo+PiBBcyBh IG5vbi1wYXJ0aWNpcGFudCBhdCB0aGUgQk9GLCBidXQgbGlzdCBtZW1iZXIsIEkgd2FzIGhvcGlu ZyB0byBiZSBhYmxlIHRvDQo+PiBmb2xsb3cgdGhlIG1lZXRpbmcgcHJvY2VlZGluZ3MgYmFzZWQg b24gdGhlIG5vdGVzIGFuZCB0aGUgYWNjb21wYW55aW5nIHNsaWRlcy4NCj4+IA0KPj4gVW5mb3J0 dW5hdGVseSBJIGhhdmUgb25seSB0aGUgc2xpZGVzIGZyb20gRGF2ZSBXaGVlbGVyLCB3aGljaCB3 ZXJlIHNoYXJlZA0KPj4gb24tbGlzdCBwcmlvciB0byB0aGUgbWVldGluZy4gVGhlIGFnZW5kYSBk b3dubG9hZCBpcyBlbXB0eSwgd2hpY2ggbWVhbnMgdGhhdCBJDQo+PiBoYXZlIGJlZW4gdW5hYmxl IHRvIHJldmlldyBIYW5uZXMgb3IgTWluZ2xpYW5n4oCZcyBzbGlkZSBkZWNrcyBhbG9uZ3NpZGUg dGhlDQo+PiBub3Rlcy4NCj4+IA0KPj4gUGxlYXNlIGxldCBtZSBrbm93IHdoZW4vd2hlcmUgdGhl IG90aGVyIHNpZGVzIHVzZWQgd2lsbCBiZSBhdmFpbGFibGUuDQo+IA0KPiBBbGwgc2xpZGVzIHdl cmUgcG9zdGVkIHRvIHRoZSBkYXRhdHJhY2tlciBtZWV0aW5nIG1hdGVyaWFsIHBhZ2UgYmVmb3Jl DQo+IHRoZSBzZXNzaW9uLiBUaGUgbWFpbiBJRVRGIDk4IG1lZXRpbmcgbWF0ZXJpYWxzIHBhZ2Ug aXM6DQo+IA0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcvOTgvbWF0ZXJp YWxzDQo+IA0KPiBhbmQgaWYgeW91IHNlYXJjaCB0ZWVwIHRoZXJlIHlvdSBjYW4gZmluZCBhbGwg dGhlIG1lZXRpbmcgbWF0ZXJpYWxzLg0KPiBUaGVyZSBpcyBhbHNvIGFnZW5kYSBhbmQgbWludXRl cyB0aGVyZS4NCj4gDQo+IE9yIHlvdSBjYW4gZ28gdG8gdGhlIHRlZXAgYm9mIHBhZ2U6DQo+IA0K PiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2dyb3VwL3RlZXAvbWVldGluZ3MvDQo+IA0K PiBhbmQgY2xpY2sgTWF0ZXJpYWxzIHRoZXJlIGFuZCBnZXQgdG8gdGhlIG1haW4gcGFnZSBoYXZp bmcgbWF0ZXJpYWxzOg0KPiANCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9tZWV0aW5n Lzk4L3Nlc3Npb24vdGVlcA0KPiANCj4gVGhlIHNsaWRlcyBhcmUgYWxzbyBhdmFpbGFibGUgb24g dGhlDQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvbWVldGluZy9hZ2VuZGEvIHBhZ2Ug d2hlbiB5b3UgY2xpY2sgdGhlDQo+IGZpcnN0IGljb24gb24gdGhlIHRlZXAgcm93ICJTaG93IG1l ZXRpbmcgbWF0ZXJpYWxzIiB5b3Ugd2lsbCBnZXQgcG9wdXANCj4gaGF2aW5nIHRoZSBhZ2VuZGEg YW5kIGxpbmtzIHRvIGFsbCBzbGlkZXMuDQo+IC0tIA0KPiBraXZpbmVuQGlraS5maQ0KPiANCj4g X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gVEVFUCBt YWlsaW5nIGxpc3QNCj4gVEVFUEBpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3RlZXANCg0K From nobody Mon Apr 3 06:40:06 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 179FA1295EA for ; Mon, 3 Apr 2017 06:39:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.921 X-Spam-Level: X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zaW8H-2iJYJR for ; Mon, 3 Apr 2017 06:39:56 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0063.outbound.protection.outlook.com [104.47.0.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F2251287A7 for ; Mon, 3 Apr 2017 06:39:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6kjM+y+d5oqiPyJr/bKVA8XWLL8RVgEOy46WTmogeqY=; b=aOPULYnSDeMjjO538NLiFPROTEzZfcjYIyZ+imRxk9/XfYxpRLkMuFxDyrORh6LTp+4Q4+vgiujw7DHKhG7KSHjwVWw+T+9YmF0oJ2x5woVsB/j6m45sgbAdQTFa4niMS5LBCVl3eASSzLJa5Q64y4uAnt3lkqYD4xmwLJjmzrw= Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com (10.175.34.148) by HE1PR0802MB2475.eurprd08.prod.outlook.com (10.175.34.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.10; Mon, 3 Apr 2017 13:39:53 +0000 Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) by HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) with mapi id 15.01.1005.017; Mon, 3 Apr 2017 13:39:53 +0000 From: Hannes Tschofenig To: teep Thread-Topic: My BoF impression Thread-Index: AdKsfR5pN/u1b+bUScqch7DKLecY3Q== Date: Mon, 3 Apr 2017 13:39:52 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com; x-originating-ip: [80.92.121.218] x-microsoft-exchange-diagnostics: 1; HE1PR0802MB2475; 7:rp5XGLyc+EmdNR/KsywM7VFabY9JWs1D9b/C0JGTbUqBlppoScS7ykcMbJ83wXhYFG46aQlxFUn7xoXkieXzpkxfxmU5Wi+l7IcqbwwN7MnmD3vxHINN+ZLIaXvjadtvXqRVoHCDK9JZWivoEWDp9xnARK1NddcAgHT+11/h/KnotTBeTTCQ+vSALw7JXg7VRTHv9Idz/6tQoZR6KcicNZT6cD8gCtgQaa0uCyV2eUuqrYycmsJKROBon8zIa/J4GByI3Xm6aP7IwPgFcOcjnazwQr6EudiXzg8yPIoj3vn1nd/CWZOohz7RjUD1ryfVV/u6cpjV9j7a6rXI2vyEkw== x-ms-office365-filtering-correlation-id: 25814075-b18c-4cb4-25f7-08d47a96e87a x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075); SRVR:HE1PR0802MB2475; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(20161123564025)(6072148); SRVR:HE1PR0802MB2475; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0802MB2475; x-forefront-prvs: 0266491E90 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39400400002)(39410400002)(39450400003)(39850400002)(39860400002)(39840400002)(53754006)(40434004)(2900100001)(9686003)(5660300001)(6306002)(54896002)(7116003)(554214002)(53936002)(8936002)(25786009)(6506006)(790700001)(6116002)(77096006)(81166006)(8676002)(3480700004)(7736002)(102836003)(86362001)(3846002)(55016002)(74316002)(99286003)(38730400002)(2906002)(54356999)(50986999)(110136004)(66066001)(5890100001)(33656002)(189998001)(7696004)(122556002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0802MB2475; H:HE1PR0802MB2475.eurprd08.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_HE1PR0802MB2475515770704882F9CFBDBCFA080HE1PR0802MB2475_" MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2017 13:39:52.7442 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2475 Archived-At: Subject: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 13:39:58 -0000 --_000_HE1PR0802MB2475515770704882F9CFBDBCFA080HE1PR0802MB2475_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, we started the meeting with a somewhat surprisingly large audience. Given t= he narrow focus on a protocol for managing software on Trusted Execution En= vironments (TEEs) I expected fewer people to show up. Instead, the room was= full and it was one of the largest. As I had expected the initial presentations providing background about TEEs= was useful. I doubt that most attendees have had a chance to read through = the material shared on the mailing list. After the meeting a few folks appr= oached me and told me that they had learned new concepts during the BoF, wh= ich is good. Following the presentations we had a couple of questions, which I believe, = deserve further discussion on the list. Going fast forward to the end of the meeting, the chairs asked two question= s: Q1: "Does the group understand the work to be done?" A: More people hummed yes than no but it was only by a bit. Not convincing= . Q2: How many people are interested in working on this? A: About 14-15 people. Sitting in the plane going back to Austria I was wondering whether we shoul= d have asked further questions to those who said "no". I am curious what as= pect they didn't understood or whether this group included also those who w= eren't interested to do the work or, like PHB, wanted a different hardware = security solution to begin with. In any case, we will have to figure out what the next steps are and I am lo= oking forward to chat with those who are interested to work on this topic. = Please drop me a message if you care about turning TEEs into a more success= ful technology. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. --_000_HE1PR0802MB2475515770704882F9CFBDBCFA080HE1PR0802MB2475_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

 

we started the meeting with a somewhat surprisingly = large audience. Given the narrow focus on a protocol for managing software = on Trusted Execution Environments (TEEs) I expected fewer people to show up= . Instead, the room was full and it was one of the largest.

 

As I had expected the initial presentations providin= g background about TEEs was useful. I doubt that most attendees have had a = chance to read through the material shared on the mailing list. After the m= eeting a few folks approached me and told me that they had learned new concepts during the BoF, which is good.<= o:p>

 

Following the presentations we had a couple of quest= ions, which I believe, deserve further discussion on the list.

 

Going fast forward to the end of the meeting, the ch= airs asked two questions:

 

Q1: “Does the group understand the work to be = done?”

A: More people hummed yes than no but it was only by= a bit.  Not convincing.

 

Q2: How many people are interested in working on thi= s?

A: About 14-15 people.

 

Sitting in the plane going back to Austria I was won= dering whether we should have asked further questions to those who said = 220;no”. I am curious what aspect they didn’t understood or whe= ther this group included also those who weren’t interested to do the work or, like PHB, wanted a different hardware security solution= to begin with.

 

In any case, we will have to figure out what the nex= t steps are and I am looking forward to chat with those who are interested = to work on this topic. Please drop me a message if you care about turning T= EEs into a more successful technology.

 

Ciao

Hannes

 

IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in any medium. Thank you. --_000_HE1PR0802MB2475515770704882F9CFBDBCFA080HE1PR0802MB2475_-- From nobody Mon Apr 3 07:59:20 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12948128896 for ; Mon, 3 Apr 2017 07:59:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddOnmfsNWNAk for ; Mon, 3 Apr 2017 07:59:16 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D4BF1200C1 for ; Mon, 3 Apr 2017 07:59:16 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id DF5432009E; Mon, 3 Apr 2017 11:23:26 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CAEE5636BB; Mon, 3 Apr 2017 10:59:14 -0400 (EDT) From: Michael Richardson To: Hannes Tschofenig cc: teep In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 14:59:18 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hannes Tschofenig wrote: > Going fast forward to the end of the meeting, the chairs asked two > questions: > Q1: =E2=80=9CDoes the group understand the work to be done?=E2=80=9D > A: More people hummed yes than no but it was only by a bit. Not > convincing. > Q2: How many people are interested in working on this? > A: About 14-15 people. I think that the question: Why do this work at the IETF? was not sufficiently answered. There are many possible answers. I note that after TRILL and some other things, the answer "because the IETF has the right clue" seems to be an acceptable answer to the above question. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAljiY0IACgkQgItw+93Q 3WV/awgAqfeXxOdKnJMYnu2uzQdwmtUpnQo6UapjJZ7rh/hWUr6IDS+nYHXFkzOd 4EJXvTuzoEfnSsvTdtziCayeAdQHoZABRLQUqCiqRrP7UdLIl/Ccgcc09Ghz+5qH VG6eRFOBuiAdvqfKQFIFoh1G9kW3nUdalwvoIZIQ+1qBVp8M0+IBGx1XYPW8qN1S yg2MOKNAZeJrJi3zC/5KSUtSVlKLENzocuQJmDMMLawL9fn7zc3N6KDoM1fRSSyf gdoTZuHfFUFHypbowSwdFMY+aUUyiSzsXAWFMiuUQ7TgTg1D+6m9BZIxWV2JXTj8 s2tCQlD0NX8+OgglREFpVSv8HFJrmw== =lb5D -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Apr 3 08:21:46 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40215126B6E for ; Mon, 3 Apr 2017 08:21:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id io3TdmQoNPo4 for ; Mon, 3 Apr 2017 08:21:42 -0700 (PDT) Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 315731270A0 for ; Mon, 3 Apr 2017 08:21:42 -0700 (PDT) Received: by mail-oi0-x232.google.com with SMTP id b187so129804469oif.0 for ; Mon, 03 Apr 2017 08:21:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=b71qKGw9NsolO792rXB1gRgHqrKLvEDUYnv5VpiUelA=; b=QFyAHZurb0eiwcY8KD7sLwuUjBQ+T7WJphxM2zNwYe/EMJZVrxtFS8dnTjp10mZFef OeIE3TAKuzUEv+2gG7I84PfuyoOz7YY6s2VJu3xTREU010E4dKf9uXoHabiFf8yf7J9f KEeQMrPQKGoyjwWF0wEYzqKDmChkRMXxkwZfNELgn5hK+6JYO4tr2AQ/v88AQtnCIt+Q l7OcXZjJcM1maPO0uS0dw8Q6mFoU1IjXapslYGbJJDZNFLI0fpCP13NO2zMF3IgvIYeU 6/V8Hd6hYQaM8q7cvAHKp6V1+pjBz6af0qKdWSxbO24re03bq6hsehWWfLurHjxw4Fbo +aYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=b71qKGw9NsolO792rXB1gRgHqrKLvEDUYnv5VpiUelA=; b=r36s4GYGftA/PeEQ7FeUU7FV5vHlI4jKL5+1ivqAPurlIHpG1C7rsjNonvW14eByqq kWhXBOyDIWwl92qtE3FX9R6lco99EUzd69q6U3ClpenGG+aALFFgJu2GgL2JFU2pH5cm gZgso+JGQOKQtLrimARqpL3C+vuLLJNurE1UKyFWFIOxzZ7nQtoi2Xdgstmm916wnswF sRNv+WviAYQ5p6FftN6E7mT8HB6dumtc1D3MSvF/jjFdTY92LLxvUU62AtkoYa+SkilC jCJOVW7zw+lNRASwftn97DgvK4lDndrUO0PVpjD1Xv4KhHPK8ybaDjowaPduh3yozJ7O 4DPg== X-Gm-Message-State: AFeK/H2pTvgFvzx1k7yR/HXLkvxbLzwZsChAmeT9MIZDc7E29sk4jW7kG0uLtOmAqLDSP6H8TNqAZbEy9jbccQ== X-Received: by 10.202.192.70 with SMTP id q67mr9072291oif.66.1491232901257; Mon, 03 Apr 2017 08:21:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.34.11 with HTTP; Mon, 3 Apr 2017 08:21:00 -0700 (PDT) In-Reply-To: <28987.1491231554@obiwan.sandelman.ca> References: <28987.1491231554@obiwan.sandelman.ca> From: Kathleen Moriarty Date: Mon, 3 Apr 2017 11:21:00 -0400 Message-ID: To: teep Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 15:21:44 -0000 Hello, Thanks for your summary to the list, Hannes. The helpful feedback I received should provide guidance for those interested to get ready for the next BoF. The concrete work items were discussed on list, but not in the room. These need to be made clear so that attendees understand the type and scope of work. Understanding the protocols and data models that exist and what gaps remain would have been helpful. Is there anything unique about the protocols needed (managing trust applications, etc.). Thank you, Kathleen On Mon, Apr 3, 2017 at 10:59 AM, Michael Richardson wrote: > > Hannes Tschofenig wrote: > > Going fast forward to the end of the meeting, the chairs asked two > > questions: > > > Q1: =E2=80=9CDoes the group understand the work to be done?=E2=80= =9D > > > A: More people hummed yes than no but it was only by a bit. Not > > convincing. > > > Q2: How many people are interested in working on this? > > > A: About 14-15 people. > > I think that the question: > Why do this work at the IETF? > > was not sufficiently answered. There are many possible answers. > > I note that after TRILL and some other things, the answer "because the IE= TF > has the right clue" seems to be an acceptable answer to the above questio= n. > > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep > --=20 Best regards, Kathleen From nobody Tue Apr 4 04:21:19 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0464129648 for ; Tue, 4 Apr 2017 04:21:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.12 X-Spam-Level: X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhb3cSiwNTVI for ; Tue, 4 Apr 2017 04:21:15 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6520B129644 for ; Tue, 4 Apr 2017 04:21:12 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v34BL44K015560 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 4 Apr 2017 14:21:04 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v34BL3gi010127; Tue, 4 Apr 2017 14:21:03 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <22755.33183.740819.743679@fireball.acr.fi> Date: Tue, 4 Apr 2017 14:21:03 +0300 From: Tero Kivinen To: Hannes Tschofenig Cc: teep In-Reply-To: References: X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 15 min X-Total-Time: 15 min Archived-At: Subject: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2017 11:21:18 -0000 Hannes Tschofenig writes: > Going fast forward to the end of the meeting, the chairs asked two qu= estions: >=20 > Q1: =E2=80=9CDoes the group understand the work to be done=3F=E2=80=9D= >=20 > A: More people hummed yes than no but it was only by a bit. Not conv= incing. >=20 > Q2: How many people are interested in working on this=3F >=20 > A: About 14-15 people. >=20 > Sitting in the plane going back to Austria I was wondering whether we= should > have asked further questions to those who said =E2=80=9Cno=E2=80=9D. = I am curious what aspect > they didn=E2=80=99t understood or whether this group included also th= ose who weren=E2=80=99t > interested to do the work or, like PHB, wanted a different hardware s= ecurity > solution to begin with. I would have liked to have bit more time at the end for these type of questions, but the discussion before those were also good, so I did not want to cut it too short. My feeling that the main question what people did not understand was: =09What is the real difference between TEEP and just normal =09application download. I.e., why separate protocol is needed. =09How is this different from just having perhaps encrypted =09signed application blob from the marketplace and installing =09that. At least that was my main question when we discussed this before the BoF. Of course it does not help, that when you ask that question from different people you get different answer, as the idea of what TEEP is different for different people... Trying to make the architecture too generic also confuses things. It might be better to have more concrete example with more limited scope, that would explain things what TEEP should provide. For example: =091) TEEP provides a way to install software from the Secure =09trusted application marketplace to the TEE running inside =09device. =092) The Secure trusted appliation marketplace needs to be able =09to verify that the TEE wanting to install an application is =09actual TEE, and not some fake device, for example using =09signature from the key installed by the manufacturer which is =09used to sign the installation request. =093) The Secure trusted application marketplace can then encrypt =09the trusted application with TEE specific key, so that nobody =09else than TEE can decrypt and install it. This will prevent =09leaking out confidential material inside the application. =09Trusted application instlal package might also be personalized =09for the specific TEE. Secure trusted application marketplace =09will also sign the trusted application install package, so TEE =09can verify it is authentic. =094) TEE will verify the signature of the trusted application =09install package, and check that signer is trusted, and then it =09will decrypt the package, and install it. =095) The application running on the REE side might need to =09verify that the trusted application part of it has been =09properly installed to real TEE, so it can trust it doing its =09job. I am not sure if this will be part of the TEEP or not... Is my understanding of TEEP correct=3F I do not know, and I assume othe= r people have different ideas what should or should not be part of it. --=20 kivinen@iki.fi From nobody Tue Apr 4 06:54:53 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0469D12869B for ; Tue, 4 Apr 2017 06:54:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQWrwcPnKRCQ for ; Tue, 4 Apr 2017 06:54:50 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05F901296BA for ; Tue, 4 Apr 2017 06:54:48 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 43E292009E for ; Tue, 4 Apr 2017 10:19:02 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CEFBD636BB for ; Tue, 4 Apr 2017 09:54:46 -0400 (EDT) From: Michael Richardson To: teep In-Reply-To: <22755.33183.740819.743679@fireball.acr.fi> References: <22755.33183.740819.743679@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2017 13:54:52 -0000 --=-=-= Content-Type: text/plain Tero Kivinen wrote: > 2) The Secure trusted appliation marketplace needs to be able > to verify that the TEE wanting to install an application is > actual TEE, and not some fake device, for example using > signature from the key installed by the manufacturer which is > used to sign the installation request. > 3) The Secure trusted application marketplace can then encrypt > the trusted application with TEE specific key, so that nobody > else than TEE can decrypt and install it. This will prevent > leaking out confidential material inside the application. > Trusted application instlal package might also be personalized > for the specific TEE. Secure trusted application marketplace > will also sign the trusted application install package, so TEE > can verify it is authentic. And yet, this can mean that end-user and even app-writers can not verify what code they are actually running. I think we need to very carefully seperate signed (and auditable) code from encrypted data. And said encrypted data has to be non-executable, and the auditable code has to be verified to not include a Turing machine.... no (encrypted) data driven programming allowed. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAljjpaYACgkQgItw+93Q 3WVPFwgAlc8AJHv7vwcaerETuS3xDBGtJMD0PY6j/vyvrS6KY5iciQSKGppa2TCy 1B9DxpbRG1Lm3fVFvfiu7dZ6aKz8eYqoHFbFniTPzeA+gtWg0H2N7QHdXQYG+xJm 08CL/5YgB3FtfHN2+6JZlRENNEcD/JGvZDUhFCDOEt4+cwcgAy10LpixxGPs1V9f 8Bw0rmZYp8N3K4Ajb6nGFFLQ413+N/KXiTyLc6NKa2eS7vJN6hXzbSHO9o5qArlL SZAZmLELvsCf4j/w0K1NJhHs2NjxpQ7Oea2qhB8I0QEBTF4nT6v8dydjz9HllFfD 1kXGGtX85G6YWANFPVHBCfjG60yXrA== =nK9r -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Apr 4 07:12:48 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882631288B8 for ; Tue, 4 Apr 2017 07:12:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.02 X-Spam-Level: X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g4d2nTak0vKh for ; Tue, 4 Apr 2017 07:12:44 -0700 (PDT) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6672F12762F for ; Tue, 4 Apr 2017 07:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1491315164; x=1522851164; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=H8qoyrrPqjzKVY3pGqYSp3mrUuf7XsqchcOZV07eX/s=; b=opYV2Iytk65IVYWo0PrehHfVeVj2U2VvF7YGB9eKYnDSo63UhLFrXkmH CPxZqu9ChsuwYBwW8UnCaedlZp+vF9dOoqTP6xfkKHSRwtJYGY/p0BSH1 dtwzS9h7dS4erIVqcEg4XYRevJ2574Uq01YRiJvsxgZR7U9FRu1l22FH5 k=; X-IronPort-AV: E=Sophos;i="5.36,275,1486454400"; d="scan'208,217";a="371308843" Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine02.qualcomm.com with ESMTP; 04 Apr 2017 07:12:43 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8487"; a="1344919432" X-MGA-submission: =?us-ascii?q?MDGMU670mf2dt/RDoRKyRkOTxsn+M5Kx5d9yVu?= =?us-ascii?q?+uDk6zszYkhXFrrCufNfPPBq+GA/96D9fx01U5ZLk1tfriAuiY5iu4Sl?= =?us-ascii?q?AH8Vyljxoz1Zy1U3J2KaIoh183LC9XLHyAZenQFb62U63wIAKPsHSNAe?= =?us-ascii?q?dq?= Received: from nasanexm02h.na.qualcomm.com ([10.85.0.89]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 04 Apr 2017 07:12:43 -0700 Received: from euamsexm01b.eu.qualcomm.com (10.251.127.41) by nasanexm02h.na.qualcomm.com (10.85.0.89) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 4 Apr 2017 07:12:42 -0700 Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01b.eu.qualcomm.com (10.251.127.41) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 4 Apr 2017 16:12:39 +0200 Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1178.000; Tue, 4 Apr 2017 16:12:39 +0200 From: Jeremy O'Donoghue To: Tero Kivinen CC: Hannes Tschofenig , teep Thread-Topic: [Teep] My BoF impression Thread-Index: AdKsfR5pN/u1b+bUScqch7DKLecY3QAp6lqAAAX+EwA= Date: Tue, 4 Apr 2017 14:12:39 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> In-Reply-To: <22755.33183.740819.743679@fireball.acr.fi> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [212.136.9.72] Content-Type: multipart/alternative; boundary="_000_CB221FB118D24F7B88D91E9F9828D468qtiqualcommcom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2017 14:12:46 -0000 --_000_CB221FB118D24F7B88D91E9F9828D468qtiqualcommcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQpPbiA0IEFwciAyMDE3LCBhdCAxMjoyMSwgVGVybyBLaXZpbmVuIDxraXZpbmVuQGlraS5maTxt YWlsdG86a2l2aW5lbkBpa2kuZmk+PiB3cm90ZToNCg0KTXkgZmVlbGluZyB0aGF0IHRoZSBtYWlu IHF1ZXN0aW9uIHdoYXQgcGVvcGxlIGRpZCBub3QgdW5kZXJzdGFuZCB3YXM6DQoNCldoYXQgaXMg dGhlIHJlYWwgZGlmZmVyZW5jZSBiZXR3ZWVuIFRFRVAgYW5kIGp1c3Qgbm9ybWFsDQphcHBsaWNh dGlvbiBkb3dubG9hZC4gSS5lLiwgd2h5IHNlcGFyYXRlIHByb3RvY29sIGlzIG5lZWRlZC4NCkhv dyBpcyB0aGlzIGRpZmZlcmVudCBmcm9tIGp1c3QgaGF2aW5nIHBlcmhhcHMgZW5jcnlwdGVkDQpz aWduZWQgYXBwbGljYXRpb24gYmxvYiBmcm9tIHRoZSBtYXJrZXRwbGFjZSBhbmQgaW5zdGFsbGlu Zw0KdGhhdC4NCg0KQXQgbGVhc3QgdGhhdCB3YXMgbXkgbWFpbiBxdWVzdGlvbiB3aGVuIHdlIGRp c2N1c3NlZCB0aGlzIGJlZm9yZSB0aGUNCkJvRi4NCg0KT2YgY291cnNlIGl0IGRvZXMgbm90IGhl bHAsIHRoYXQgd2hlbiB5b3UgYXNrIHRoYXQgcXVlc3Rpb24gZnJvbQ0KZGlmZmVyZW50IHBlb3Bs ZSB5b3UgZ2V0IGRpZmZlcmVudCBhbnN3ZXIsIGFzIHRoZSBpZGVhIG9mIHdoYXQgVEVFUCBpcw0K ZGlmZmVyZW50IGZvciBkaWZmZXJlbnQgcGVvcGxl4oCmDQoNCkkgdGhpbmsgdGhlcmUgaXMgYSBk ZWdyZWUgb2YgdGFsa2luZyBhdCBjcm9zcy1wdXJwb3Nlcy4NCg0KVGhlcmUgaXMgb25lIGdyb3Vw IC0gZXNzZW50aWFsbHkgdGhvc2Ugc3BvbnNvcmluZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBncm91 cCAtIHdoaWNoIGhhcyBhIHZlcnkgY2xlYXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdvdWxk IGxpa2UgVEVFUCB0byBiZSwgd2hpY2ggaXMgZXNzZW50aWFsbHkgdGhyZWUgdGhpbmdzOg0KDQoN CiAgMS4gIEEgbWVjaGFuaXNtIGZvciBtYW5hZ2luZyBUcnVzdGVkIEFwcGxpY2F0aW9ucyBhbmQg dGhlaXIgYXNzb2NpYXRlZCBzZWNyZXRzIGFuZCBrZXkgbWF0ZXJpYWwgaW4gYSBHbG9iYWxQbGF0 Zm9ybSBURUUgb3Igc29tZXRoaW5nIHRoYXQgaXMgY29uY2VwdHVhbGx5IHZlcnkgc2ltaWxhci4N CiAgMi4gIEEgbWVjaGFuaXNtIGZvciBlc3RhYmxpc2hpbmcgYSBjaGFpbiBvZiB0cnVzdCByb290 ZWQgaW4gZmlybXdhcmUgYW5kIGNvdmVyaW5nIHRoZSBURUUgYW5kIHBvc3NpYmx5IG90aGVyIHN5 c3RlbSBjb21wb25lbnRzIHVwIHRvIGFuZCBpbmNsdWRpbmcgdGhlIGV4ZWN1dGluZyBUYXNrIGlu IGEgU2VjdXJpdHkgRG9tYWluLg0KICAzLiAgQSBtZWNoYW5pc20gLSB0YXJnZXRlZCBhdCBwaG9u ZSBhbmQgdGFibGV0IHR5cGUgZGV2aWNlcyAtIHdoaWNoIG9wZXJhdGVzIGluZGVwZW5kZW50bHkg b2YgdGhlIOKAnEFwcCBTdG9yZeKAnSBtZWNoYW5pc20sIGFuZCBpcyBiYXNlZCBvbiBhIFBLSSBp bmZyYXN0cnVjdHVyZSBhbGxvd2luZyBTZXJ2aWNlIFByb3ZpZGVycyB0byBtYW5hZ2UgdGhlIFRy dXN0ZWQgQXBwbGljYXRpb25zIHRoZXkgY29udHJvbCB3aXRob3V0IHRoZSBuZWVkIGZvciB1c2Vy IGludGVydmVudGlvbi4NCg0KVGhlIGRyYWZ0IHNwZWNpZmljYXRpb24gdmVyeSBjbGVhcmx5IGFk ZHJlc3NlcyBzdWNoIGEgc3lzdGVtLiBVbmRlcnN0YW5kaW5nIGl0IGZ1bGx5IHJlcXVpcmVzIGNv bnNpZGVyYWJsZSBmYW1pbGlhcml0eSB3aXRoIHRoZSBHbG9iYWxQbGF0Zm9ybSBURUUgc3BlY2lm aWNhdGlvbnMsIHNpbmNlIG11Y2ggb2YgdGhlIHRlcm1pbm9sb2d5IGFuZCBhcmNoaXRlY3R1cmFs IGFzc3VtcHRpb25zIGFyZSBkZXJpdmVkIGZyb20gdGhlc2UuDQoNClRoZXJlIGlzIGEgc2Vjb25k IGdyb3VwIHdoaWNoIGlzIHN0YXJ0aW5nIGZyb20gYSBtb3JlIGFic3RyYWN0IHBvc2l0aW9uIG9m IHdoYXQgYSBURUUgc2hvdWxkIGxvb2sgbGlrZSBhbmQgd2hhdCBzZWN1cml0eSBzZXJ2aWNlcyBp dCBtaWdodCB0aGVuIHByb3ZpZGUgdG8gYSBzeXN0ZW0gYW5kIGhvdyB0aGUgY29udHJvbCBvZiB0 aGVzZSBjb3VsZCBiZSBzdHJ1Y3R1cmVkLiBUaGlzIGlzIGEgY29tcGxldGVseSBkaWZmZXJlbnQg cHJvYmxlbSwgYW5kIGxpa2VseSBhIG11Y2ggYnJvYWRlciBvbmUgd2hpY2ggaXMgZGlmZmljdWx0 IHRvIGVuY2Fwc3VsYXRlIGluIGEgc21hbGwgc2NvcGUuDQoNClRyeWluZyB0byBtYWtlIHRoZSBh cmNoaXRlY3R1cmUgdG9vIGdlbmVyaWMgYWxzbyBjb25mdXNlcyB0aGluZ3MuIEl0DQptaWdodCBi ZSBiZXR0ZXIgdG8gaGF2ZSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUgd2l0aCBtb3JlIGxpbWl0ZWQg c2NvcGUsDQp0aGF0IHdvdWxkIGV4cGxhaW4gdGhpbmdzIHdoYXQgVEVFUCBzaG91bGQgcHJvdmlk ZS4NCg0KRm9yIGV4YW1wbGU6DQoNCjEpIFRFRVAgcHJvdmlkZXMgYSB3YXkgdG8gaW5zdGFsbCBz b2Z0d2FyZSBmcm9tIHRoZSBTZWN1cmUNCnRydXN0ZWQgYXBwbGljYXRpb24gbWFya2V0cGxhY2Ug dG8gdGhlIFRFRSBydW5uaW5nIGluc2lkZQ0KZGV2aWNlLg0KDQoyKSBUaGUgU2VjdXJlIHRydXN0 ZWQgYXBwbGlhdGlvbiBtYXJrZXRwbGFjZSBuZWVkcyB0byBiZSBhYmxlDQp0byB2ZXJpZnkgdGhh dCB0aGUgVEVFIHdhbnRpbmcgdG8gaW5zdGFsbCBhbiBhcHBsaWNhdGlvbiBpcw0KYWN0dWFsIFRF RSwgYW5kIG5vdCBzb21lIGZha2UgZGV2aWNlLCBmb3IgZXhhbXBsZSB1c2luZw0Kc2lnbmF0dXJl IGZyb20gdGhlIGtleSBpbnN0YWxsZWQgYnkgdGhlIG1hbnVmYWN0dXJlciB3aGljaCBpcw0KdXNl ZCB0byBzaWduIHRoZSBpbnN0YWxsYXRpb24gcmVxdWVzdC4NCg0KMykgVGhlIFNlY3VyZSB0cnVz dGVkIGFwcGxpY2F0aW9uIG1hcmtldHBsYWNlIGNhbiB0aGVuIGVuY3J5cHQNCnRoZSB0cnVzdGVk IGFwcGxpY2F0aW9uIHdpdGggVEVFIHNwZWNpZmljIGtleSwgc28gdGhhdCBub2JvZHkNCmVsc2Ug dGhhbiBURUUgY2FuIGRlY3J5cHQgYW5kIGluc3RhbGwgaXQuIFRoaXMgd2lsbCBwcmV2ZW50DQps ZWFraW5nIG91dCBjb25maWRlbnRpYWwgbWF0ZXJpYWwgaW5zaWRlIHRoZSBhcHBsaWNhdGlvbi4N ClRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGxhbCBwYWNrYWdlIG1pZ2h0IGFsc28gYmUgcGVyc29u YWxpemVkDQpmb3IgdGhlIHNwZWNpZmljIFRFRS4gU2VjdXJlIHRydXN0ZWQgYXBwbGljYXRpb24g bWFya2V0cGxhY2UNCndpbGwgYWxzbyBzaWduIHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIGluc3Rh bGwgcGFja2FnZSwgc28gVEVFDQpjYW4gdmVyaWZ5IGl0IGlzIGF1dGhlbnRpYy4NCg0KNCkgVEVF IHdpbGwgdmVyaWZ5IHRoZSBzaWduYXR1cmUgb2YgdGhlIHRydXN0ZWQgYXBwbGljYXRpb24NCmlu c3RhbGwgcGFja2FnZSwgYW5kIGNoZWNrIHRoYXQgc2lnbmVyIGlzIHRydXN0ZWQsIGFuZCB0aGVu IGl0DQp3aWxsIGRlY3J5cHQgdGhlIHBhY2thZ2UsIGFuZCBpbnN0YWxsIGl0Lg0KDQo1KSBUaGUg YXBwbGljYXRpb24gcnVubmluZyBvbiB0aGUgUkVFIHNpZGUgbWlnaHQgbmVlZCB0bw0KdmVyaWZ5 IHRoYXQgdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gcGFydCBvZiBpdCBoYXMgYmVlbg0KcHJvcGVy bHkgaW5zdGFsbGVkIHRvIHJlYWwgVEVFLCBzbyBpdCBjYW4gdHJ1c3QgaXQgZG9pbmcgaXRzDQpq b2IuIEkgYW0gbm90IHN1cmUgaWYgdGhpcyB3aWxsIGJlIHBhcnQgb2YgdGhlIFRFRVAgb3Igbm90 Li4uDQoNCklzIG15IHVuZGVyc3RhbmRpbmcgb2YgVEVFUCBjb3JyZWN0PyBJIGRvIG5vdCBrbm93 LCBhbmQgSSBhc3N1bWUgb3RoZXINCnBlb3BsZSBoYXZlIGRpZmZlcmVudCBpZGVhcyB3aGF0IHNo b3VsZCBvciBzaG91bGQgbm90IGJlIHBhcnQgb2YgaXQuDQoNCkkgdGhpbmsgdGhpcyBpcyBhIHBy ZXR0eSBnb29kIGV4cGxhbmF0aW9uIG9mIHdoYXQgdGhlIGZpcnN0IGdyb3VwIHdvdWxkIGxpa2Ug dG8gc2VlLg0KDQpCZXN0IHJlZ2FyZHMNCkplcmVteQ0KDQo= --_000_CB221FB118D24F7B88D91E9F9828D468qtiqualcommcom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiA0IEFw ciAyMDE3LCBhdCAxMjoyMSwgVGVybyBLaXZpbmVuICZsdDs8YSBocmVmPSJtYWlsdG86a2l2aW5l bkBpa2kuZmkiIGNsYXNzPSIiPmtpdmluZW5AaWtpLmZpPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpNeSBmZWVsaW5nIHRo YXQgdGhlIG1haW4gcXVlc3Rpb24gd2hhdCBwZW9wbGUgZGlkIG5vdCB1bmRlcnN0YW5kIHdhczo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4i IHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj5XaGF0IGlzIHRoZSByZWFsIGRpZmZlcmVu Y2UgYmV0d2VlbiBURUVQIGFuZCBqdXN0IG5vcm1hbDxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNz PSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPmFwcGxpY2F0 aW9uIGRvd25sb2FkLiBJLmUuLCB3aHkgc2VwYXJhdGUgcHJvdG9jb2wgaXMgbmVlZGVkLjxiciBj bGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNl OnByZSI+PC9zcGFuPkhvdyBpcyB0aGlzIGRpZmZlcmVudCBmcm9tIGp1c3QgaGF2aW5nIHBlcmhh cHMgZW5jcnlwdGVkPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBz dHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+c2lnbmVkIGFwcGxpY2F0aW9uIGJsb2IgZnJv bSB0aGUgbWFya2V0cGxhY2UgYW5kIGluc3RhbGxpbmc8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFz cz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj50aGF0Ljxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkF0IGxlYXN0IHRoYXQgd2FzIG15IG1haW4gcXVl c3Rpb24gd2hlbiB3ZSBkaXNjdXNzZWQgdGhpcyBiZWZvcmUgdGhlPGJyIGNsYXNzPSIiPg0KQm9G LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk9mIGNvdXJzZSBpdCBkb2VzIG5vdCBoZWxw LCB0aGF0IHdoZW4geW91IGFzayB0aGF0IHF1ZXN0aW9uIGZyb208YnIgY2xhc3M9IiI+DQpkaWZm ZXJlbnQgcGVvcGxlIHlvdSBnZXQgZGlmZmVyZW50IGFuc3dlciwgYXMgdGhlIGlkZWEgb2Ygd2hh dCBURUVQIGlzPGJyIGNsYXNzPSIiPg0KZGlmZmVyZW50IGZvciBkaWZmZXJlbnQgcGVvcGxl4oCm PC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQo8ZGl2PkkgdGhpbmsgdGhlcmUgaXMgYSBkZWdyZWUgb2YgdGFsa2luZyBhdCBjcm9zcy1wdXJw b3Nlcy48L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2PlRoZXJlIGlzIG9u ZSBncm91cCAtIGVzc2VudGlhbGx5IHRob3NlIHNwb25zb3JpbmcgdGhlIGNyZWF0aW9uIG9mIHRo aXMgZ3JvdXAgLSB3aGljaCBoYXMgYSB2ZXJ5IGNsZWFyIHVuZGVyc3RhbmRpbmcgb2Ygd2hhdCBp dCB3b3VsZCBsaWtlIFRFRVAgdG8gYmUsIHdoaWNoIGlzIGVzc2VudGlhbGx5IHRocmVlIHRoaW5n czo8L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2Pg0KPG9sIGNsYXNzPSJN YWlsT3V0bGluZSI+DQo8bGkgY2xhc3M9IiI+QSBtZWNoYW5pc20gZm9yIG1hbmFnaW5nIFRydXN0 ZWQgQXBwbGljYXRpb25zIGFuZCB0aGVpciBhc3NvY2lhdGVkIHNlY3JldHMgYW5kIGtleSBtYXRl cmlhbCBpbiBhIEdsb2JhbFBsYXRmb3JtIFRFRSBvciBzb21ldGhpbmcgdGhhdCBpcyBjb25jZXB0 dWFsbHkgdmVyeSBzaW1pbGFyLjwvbGk+PGxpIGNsYXNzPSIiPkEgbWVjaGFuaXNtIGZvciBlc3Rh Ymxpc2hpbmcgYSBjaGFpbiBvZiB0cnVzdCByb290ZWQgaW4gZmlybXdhcmUgYW5kIGNvdmVyaW5n IHRoZSBURUUgYW5kIHBvc3NpYmx5IG90aGVyIHN5c3RlbSBjb21wb25lbnRzIHVwIHRvIGFuZCBp bmNsdWRpbmcgdGhlIGV4ZWN1dGluZyBUYXNrIGluIGEgU2VjdXJpdHkgRG9tYWluLjwvbGk+PGxp IGNsYXNzPSIiPkEgbWVjaGFuaXNtIC0gdGFyZ2V0ZWQgYXQgcGhvbmUgYW5kIHRhYmxldCB0eXBl IGRldmljZXMgLSB3aGljaCBvcGVyYXRlcyBpbmRlcGVuZGVudGx5IG9mIHRoZSDigJxBcHAgU3Rv cmXigJ0gbWVjaGFuaXNtLCBhbmQgaXMgYmFzZWQgb24gYSBQS0kgaW5mcmFzdHJ1Y3R1cmUgYWxs b3dpbmcgU2VydmljZSBQcm92aWRlcnMgdG8gbWFuYWdlIHRoZSBUcnVzdGVkIEFwcGxpY2F0aW9u cyB0aGV5IGNvbnRyb2wgd2l0aG91dCB0aGUgbmVlZA0KIGZvciB1c2VyIGludGVydmVudGlvbi48 L2xpPjwvb2w+DQo8L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2PlRoZSBk cmFmdCBzcGVjaWZpY2F0aW9uIHZlcnkgY2xlYXJseSBhZGRyZXNzZXMgc3VjaCBhIHN5c3RlbS4g VW5kZXJzdGFuZGluZyBpdCBmdWxseSByZXF1aXJlcyBjb25zaWRlcmFibGUgZmFtaWxpYXJpdHkg d2l0aCB0aGUgR2xvYmFsUGxhdGZvcm0gVEVFIHNwZWNpZmljYXRpb25zLCBzaW5jZSBtdWNoIG9m IHRoZSB0ZXJtaW5vbG9neSBhbmQgYXJjaGl0ZWN0dXJhbCBhc3N1bXB0aW9ucyBhcmUgZGVyaXZl ZCBmcm9tIHRoZXNlLjwvZGl2Pg0KPGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXY+VGhl cmUgaXMgYSBzZWNvbmQgZ3JvdXAgd2hpY2ggaXMgc3RhcnRpbmcgZnJvbSBhIG1vcmUgYWJzdHJh Y3QgcG9zaXRpb24gb2Ygd2hhdCBhIFRFRSBzaG91bGQgbG9vayBsaWtlIGFuZCB3aGF0IHNlY3Vy aXR5IHNlcnZpY2VzIGl0IG1pZ2h0IHRoZW4gcHJvdmlkZSB0byBhIHN5c3RlbSBhbmQgaG93IHRo ZSBjb250cm9sIG9mIHRoZXNlIGNvdWxkIGJlIHN0cnVjdHVyZWQuIFRoaXMgaXMgYSBjb21wbGV0 ZWx5IGRpZmZlcmVudCBwcm9ibGVtLA0KIGFuZCBsaWtlbHkgYSBtdWNoIGJyb2FkZXIgb25lIHdo aWNoIGlzIGRpZmZpY3VsdCB0byBlbmNhcHN1bGF0ZSBpbiBhIHNtYWxsIHNjb3BlLjwvZGl2Pg0K PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5UcnlpbmcgdG8gbWFrZSB0aGUgYXJjaGl0ZWN0dXJlIHRv byBnZW5lcmljIGFsc28gY29uZnVzZXMgdGhpbmdzLiBJdDxiciBjbGFzcz0iIj4NCm1pZ2h0IGJl IGJldHRlciB0byBoYXZlIG1vcmUgY29uY3JldGUgZXhhbXBsZSB3aXRoIG1vcmUgbGltaXRlZCBz Y29wZSw8YnIgY2xhc3M9IiI+DQp0aGF0IHdvdWxkIGV4cGxhaW4gdGhpbmdzIHdoYXQgVEVFUCBz aG91bGQgcHJvdmlkZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpGb3IgZXhhbXBsZTo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4i IHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj4xKSBURUVQIHByb3ZpZGVzIGEgd2F5IHRv IGluc3RhbGwgc29mdHdhcmUgZnJvbSB0aGUgU2VjdXJlPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xh c3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+dHJ1c3Rl ZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFjZSB0byB0aGUgVEVFIHJ1bm5pbmcgaW5zaWRlPGJyIGNs YXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6 cHJlIj48L3NwYW4+ZGV2aWNlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxzcGFuIGNs YXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPjIpIFRo ZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWF0aW9uIG1hcmtldHBsYWNlIG5lZWRzIHRvIGJlIGFibGU8 YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1z cGFjZTpwcmUiPjwvc3Bhbj50byB2ZXJpZnkgdGhhdCB0aGUgVEVFIHdhbnRpbmcgdG8gaW5zdGFs bCBhbiBhcHBsaWNhdGlvbiBpczxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10YWIt c3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPmFjdHVhbCBURUUsIGFuZCBub3Qg c29tZSBmYWtlIGRldmljZSwgZm9yIGV4YW1wbGUgdXNpbmc8YnIgY2xhc3M9IiI+DQo8c3BhbiBj bGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj5zaWdu YXR1cmUgZnJvbSB0aGUga2V5IGluc3RhbGxlZCBieSB0aGUgbWFudWZhY3R1cmVyIHdoaWNoIGlz PGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUt c3BhY2U6cHJlIj48L3NwYW4+dXNlZCB0byBzaWduIHRoZSBpbnN0YWxsYXRpb24gcmVxdWVzdC48 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4i IHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj4zKSBUaGUgU2VjdXJlIHRydXN0ZWQgYXBw bGljYXRpb24gbWFya2V0cGxhY2UgY2FuIHRoZW4gZW5jcnlwdDxiciBjbGFzcz0iIj4NCjxzcGFu IGNsYXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPnRo ZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHdpdGggVEVFIHNwZWNpZmljIGtleSwgc28gdGhhdCBub2Jv ZHk8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0 ZS1zcGFjZTpwcmUiPjwvc3Bhbj5lbHNlIHRoYW4gVEVFIGNhbiBkZWNyeXB0IGFuZCBpbnN0YWxs IGl0LiBUaGlzIHdpbGwgcHJldmVudDxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10 YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPmxlYWtpbmcgb3V0IGNvbmZp ZGVudGlhbCBtYXRlcmlhbCBpbnNpZGUgdGhlIGFwcGxpY2F0aW9uLjxiciBjbGFzcz0iIj4NCjxz cGFuIGNsYXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFu PlRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGxhbCBwYWNrYWdlIG1pZ2h0IGFsc28gYmUgcGVyc29u YWxpemVkPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0i d2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+Zm9yIHRoZSBzcGVjaWZpYyBURUUuIFNlY3VyZSB0cnVz dGVkIGFwcGxpY2F0aW9uIG1hcmtldHBsYWNlPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFw cGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+d2lsbCBhbHNvIHNp Z24gdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGFsbCBwYWNrYWdlLCBzbyBURUU8YnIgY2xh c3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFjZTpw cmUiPjwvc3Bhbj5jYW4gdmVyaWZ5IGl0IGlzIGF1dGhlbnRpYy48YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFj ZTpwcmUiPjwvc3Bhbj40KSBURUUgd2lsbCB2ZXJpZnkgdGhlIHNpZ25hdHVyZSBvZiB0aGUgdHJ1 c3RlZCBhcHBsaWNhdGlvbjxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10YWItc3Bh biIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPmluc3RhbGwgcGFja2FnZSwgYW5kIGNo ZWNrIHRoYXQgc2lnbmVyIGlzIHRydXN0ZWQsIGFuZCB0aGVuIGl0PGJyIGNsYXNzPSIiPg0KPHNw YW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+ d2lsbCBkZWNyeXB0IHRoZSBwYWNrYWdlLCBhbmQgaW5zdGFsbCBpdC48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1z cGFjZTpwcmUiPjwvc3Bhbj41KSBUaGUgYXBwbGljYXRpb24gcnVubmluZyBvbiB0aGUgUkVFIHNp ZGUgbWlnaHQgbmVlZCB0bzxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10YWItc3Bh biIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPnZlcmlmeSB0aGF0IHRoZSB0cnVzdGVk IGFwcGxpY2F0aW9uIHBhcnQgb2YgaXQgaGFzIGJlZW48YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFz cz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFjZTpwcmUiPjwvc3Bhbj5wcm9wZXJs eSBpbnN0YWxsZWQgdG8gcmVhbCBURUUsIHNvIGl0IGNhbiB0cnVzdCBpdCBkb2luZyBpdHM8YnIg Y2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iQXBwbGUtdGFiLXNwYW4iIHN0eWxlPSJ3aGl0ZS1zcGFj ZTpwcmUiPjwvc3Bhbj5qb2IuIEkgYW0gbm90IHN1cmUgaWYgdGhpcyB3aWxsIGJlIHBhcnQgb2Yg dGhlIFRFRVAgb3Igbm90Li4uPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSXMgbXkgdW5k ZXJzdGFuZGluZyBvZiBURUVQIGNvcnJlY3Q/IEkgZG8gbm90IGtub3csIGFuZCBJIGFzc3VtZSBv dGhlcjxiciBjbGFzcz0iIj4NCnBlb3BsZSBoYXZlIGRpZmZlcmVudCBpZGVhcyB3aGF0IHNob3Vs ZCBvciBzaG91bGQgbm90IGJlIHBhcnQgb2YgaXQuPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rp dj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2PkkgdGhp bmsgdGhpcyBpcyBhIHByZXR0eSBnb29kIGV4cGxhbmF0aW9uIG9mIHdoYXQgdGhlIGZpcnN0IGdy b3VwIHdvdWxkIGxpa2UgdG8gc2VlLjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2 PkJlc3QgcmVnYXJkczwvZGl2Pg0KPGRpdj5KZXJlbXk8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_CB221FB118D24F7B88D91E9F9828D468qtiqualcommcom_-- From nobody Wed Apr 5 05:01:43 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44A4A124B0A for ; Wed, 5 Apr 2017 05:01:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.121 X-Spam-Level: X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Jsau_AG0a2s for ; Wed, 5 Apr 2017 05:01:38 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB2231242EA for ; Wed, 5 Apr 2017 05:01:37 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v35C1UY5029490 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 5 Apr 2017 15:01:30 +0300 (EEST) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v35C1TgU002489; Wed, 5 Apr 2017 15:01:29 +0300 (EEST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22756.56473.620993.718007@fireball.acr.fi> Date: Wed, 5 Apr 2017 15:01:29 +0300 From: Tero Kivinen To: Michael Richardson Cc: teep In-Reply-To: <12099.1491314086@obiwan.sandelman.ca> References: <22755.33183.740819.743679@fireball.acr.fi> <12099.1491314086@obiwan.sandelman.ca> X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 10 min X-Total-Time: 10 min Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 12:01:41 -0000 Michael Richardson writes: > > 3) The Secure trusted application marketplace can then encrypt > > the trusted application with TEE specific key, so that nobody > > else than TEE can decrypt and install it. This will prevent > > leaking out confidential material inside the application. > > Trusted application instlal package might also be personalized > > for the specific TEE. Secure trusted application marketplace > > will also sign the trusted application install package, so TEE > > can verify it is authentic. > > And yet, this can mean that end-user and even app-writers can not > verify what code they are actually running. The end-user and app-writers already both trust the marketplace provided by the operating system and trusts them. I.e. if marketplace owner decides to add malware to each application they send to the customers who would notice that? The connection between the device and markplace is already encrypted, the software which downloads it from the OS marketplace is provided by the OS, and they do verify that you need to log in with your credentials before you can load anything. And marketplace can provide different versions to different users, so developer migth always get clean copy of their own app, but other users could get modified version. Operating system on different devices sometimes already protects apps from each other, and so on. So if you do not trust the device OS, and marketplace provided by the OS, there is nothing you can do. Have you ever tried to verify for example that the application in your iPhone is really same as what was given to the apple app store? Can you even do that in iOS environment? > I think we need to very carefully seperate signed (and auditable) > code from encrypted data. And said encrypted data has to be > non-executable, and the auditable code has to be verified to not > include a Turing machine.... no (encrypted) data driven programming > allowed. That would be another good option. On the other hand, I do think application developers would like to encrypt the executable also in some cases. Perhaps this just means that we would need two containers we are sending from the trusted marketplace to the TEE, one for code and one for data, and data would always be encrypted, but code only if requested by the trusted app itself. -- kivinen@iki.fi From nobody Wed Apr 5 06:00:48 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317581293E3 for ; Wed, 5 Apr 2017 06:00:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aMseQBq0x7bc for ; Wed, 5 Apr 2017 06:00:43 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C8BE128B38 for ; Wed, 5 Apr 2017 06:00:43 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 60A58203AF for ; Wed, 5 Apr 2017 09:25:01 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A54ED636BB for ; Wed, 5 Apr 2017 09:00:42 -0400 (EDT) From: Michael Richardson To: teep In-Reply-To: <22756.56473.620993.718007@fireball.acr.fi> References: <22755.33183.740819.743679@fireball.acr.fi> <12099.1491314086@obiwan.sandelman.ca> <22756.56473.620993.718007@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 13:00:45 -0000 --=-=-= Content-Type: text/plain Tero Kivinen wrote: > The end-user and app-writers already both trust the marketplace > provided by the operating system and trusts them. I.e. if marketplace In Android, this trust is optional, and isn't locked down by the manufacturer of the device or the supplier of the operating system (at present). We are free to create new marketplaces, and also free to avoid all market places. We (or, our respective enterprises or national security agencies, e.g: NIST, CSE, etc.) are free to create environments where all source code is available for review. So while all of your points about trust for an average user are true, it does not change the point that we (the IETF) should not be creating an environment in which code can not be audited. > Have you ever tried to verify for example that the application in your > iPhone is really same as what was given to the apple app store? Can > you even do that in iOS environment? Well. There is a reason I, and many others, have chosen not to build trust in that vertically integrated environment. >> I think we need to very carefully seperate signed (and auditable) >> code from encrypted data. And said encrypted data has to be >> non-executable, and the auditable code has to be verified to not >> include a Turing machine.... no (encrypted) data driven programming >> allowed. > That would be another good option. On the other hand, I do think > application developers would like to encrypt the executable also in > some cases. Perhaps this just means that we would need two containers > we are sending from the trusted marketplace to the TEE, one for code > and one for data, and data would always be encrypted, but code only if > requested by the trusted app itself. Exactly: it's not hard to do. As for developers who think they need to encrypt their code: it is akin to cryptographers who won't publish their algorithm. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAljk6noACgkQgItw+93Q 3WXKtAf+IMFTHQAj6yVYGXqZf5jEgMqL6Dwdiz5CW7ncfdRVEQ0LlQ4iRuI7SKb2 X6lfEXyAh7wEAuVhHK9zlM+lIyF8su4t9ykZO3epTN3fuAmss2hilqxMbTGY8Xp/ 5diBMGrCNMHzOs8gH8PrSBqn1993sxJ0Xda1nqQvFQVKNupHzeLNFpAAuSxfshCy NxIFT6XFFb74jSvls/G6fkuH8UpnYxXUogdOYFdZc4xpLdwCNEsGv/n/Ey1N8ISl TuTVKISS4RFKedmzJWvSgtvkLPN9vILs2Ojyfr+OA5AL39Jf2Lx3UxjWj4gzLPgk 1BIUkXqMO/Ojasg8yWy9hstgcp82kg== =JSEo -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Apr 5 06:03:48 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0074128616 for ; Wed, 5 Apr 2017 06:03:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fv3juKQAt3_a for ; Wed, 5 Apr 2017 06:03:45 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 079B5127076 for ; Wed, 5 Apr 2017 06:03:45 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id B089F203AF for ; Wed, 5 Apr 2017 09:28:02 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E98B1636BB for ; Wed, 5 Apr 2017 09:03:43 -0400 (EDT) From: Michael Richardson To: teep In-Reply-To: References: <22755.33183.740819.743679@fireball.acr.fi> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 13:03:47 -0000 --=-=-= Content-Type: text/plain Jeremy O'Donoghue wrote: > There is one group - essentially those sponsoring the creation of this > group - which has a very clear understanding of what it would like > TEEP to be, which is essentially three things: ... > There is a second group which is starting from a more abstract > position of what a TEE should look like and what security services it > might then provide to a system and how the control of these could be > structured. This is a completely different problem, and likely a much > broader one which is difficult to encapsulate in a small scope. Do you think the second group, which I perceive as being more of the core IETF security types, is interested/willing to engage with the first group? Is the first group actually willing to turn editorial control over to the IETF? Can we kill both birds with one protocol? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAljk6y8ACgkQgItw+93Q 3WVr4gf+I4Zv4d+NUA6Tdju+czKW/gRX+Pxh68+Gzf0bPG1h0JmQ0FiZFQMWRIQC rSiG6Y+PHgsl4g1gTWbT0+ZlogdQbq842DytjZdVdcc06geaVH/361/tEPVkWUx5 r5dkefVym2+ajom94z+sHu4QnfBULmgwokCI2jUNXxE0nIIiq+FHZBtMd2p3X96U z/TmEDaOLO7dJAYL2+eCB0GNgG5RccUbqSLIrMZaewEtRKW4xUsrYniMZ7c9spi+ on3TVEpD0x8lL0FIwPJ4rK9NECBij5vjQJUHUVm8Z+Qm48sVht1xvtwALH4p9CSj 9YPqumTmq+5MJrELVB2llyrkcwPveQ== =LJgB -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Apr 5 09:36:15 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D94F812420B for ; Wed, 5 Apr 2017 09:36:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.811 X-Spam-Level: X-Spam-Status: No, score=-6.811 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=intel.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d9azjwmbVLoY for ; Wed, 5 Apr 2017 09:36:09 -0700 (PDT) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82918127871 for ; Wed, 5 Apr 2017 09:36:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1491410169; x=1522946169; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sqRbM9frDQ1iEQ6Ggq5WWYni2ApiSsC9DHXWqxMqyV8=; b=gop2WUGbe8DT30pzr7a0RbpzFTIFij2TWk5Kce5+kODautINX2AmnBnQ SzK3GpnYXfgNsliSYmJuyQt25dyGeQ==; Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Apr 2017 09:35:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.36,279,1486454400"; d="scan'208,217"; a="83540801" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga005.jf.intel.com with ESMTP; 05 Apr 2017 09:35:56 -0700 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 09:34:32 -0700 Received: from crsmsx101.amr.corp.intel.com (172.18.63.136) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 09:34:31 -0700 Received: from crsmsx102.amr.corp.intel.com ([169.254.2.201]) by CRSMSX101.amr.corp.intel.com ([169.254.1.38]) with mapi id 14.03.0319.002; Wed, 5 Apr 2017 10:34:30 -0600 From: "Wheeler, David M" To: 'Jeremy O'Donoghue' , Tero Kivinen CC: Hannes Tschofenig , teep Thread-Topic: [Teep] My BoF impression Thread-Index: AQHSrU2OutoLuMZ4AkG1IyV4CnXf16G1Rm1g Date: Wed, 5 Apr 2017 16:34:29 +0000 Message-ID: <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> References: <22755.33183.740819.743679@fireball.acr.fi> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNzBjMWUzZjMtMzQwYS00M2QxLWE5NWUtZmY5MDU3MjU4OTM2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjIuMTEuMCIsIlRydXN0ZWRMYWJlbEhhc2giOiJQTFpDbkVsSXJ4aGpITnhYcWswTHZxbDBURkI3XC9YTWg1a1hRN1wveW8yMHM9In0= x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [172.18.205.10] Content-Type: multipart/alternative; boundary="_000_0627F5240443D2498FAA65332EE46C84366ED746CRSMSX102amrcor_" MIME-Version: 1.0 Archived-At: Subject: Re: [Teep] My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 16:36:13 -0000 --_000_0627F5240443D2498FAA65332EE46C84366ED746CRSMSX102amrcor_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SeKAmW0gYSBiaXQgYmVoaW5kIG9uIHRoZSB0aHJlYWQsIGJ1dCB3YW50IHRvIHJlc3BvbmQgdG8g SmVyZW154oCZcyBvcmlnaW5hbCBjb21tZW50Lg0KDQpGaXJzdCwgSSB0aGlzIGlzIGV4YWN0bHkg dGhlIHR5cGUgb2YgY29udmVyc2F0aW9uIHdlIG5lZWQgdG8gaGF2ZS4gVGhhbmtzIGZvciBraWNr aW5nIHRoaXMgb2ZmIHZlcnkgZGlyZWN0bHkuDQpJIGFncmVlIHdpdGggeW91ciBwZXJjZXB0aW9u IG9mIHRoZSB0d28gZ3JvdXBzLCB0aG91Z2ggSSB0aGluayBpdCBpcyBpbXBvcnRhbnQgdG8gdW5k ZXJzdGFuZCB0aGUgbW90aXZhdGlvbnMgaW4gdGhlIHNlY29uZCBncm91cCwgc2luY2UgdGhleSBt YXkgYmUgdmFyaWVkLg0KDQpJIHdpbGwgcHV0IG15c2VsZiB2b2x1bnRhcmlseSBpbiB0aGUgc2Vj b25kIGJ1Y2tldC4gSSB3aWxsIHByZXNlbnQgbXkgcGVyc29uYWwgcGVyc3BlY3RpdmUsIHdoaWNo IG1heSBiZSBkaWZmZXJlbnQgZnJvbSBvdGhlcnMgaW4gdGhlIOKAnHNlY29uZCBncm91cOKAnS4N Cg0KRm9yIG15c2VsZiwgSSBhbSBsb29raW5nIHRvIGRlZmluZSBhIG1vcmUgYWJzdHJhY3QgZGVm aW5pdGlvbiBvZiBhIFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJvdG9jb2wgdGhhdCBpcyBhcHBsaWNh YmxlIHRvIGEgd2lkZSBzZXQgb2YgVEVFcy4gRnJvbSBteSBwZXJzcGVjdGl2ZSwgbG9va2luZyBh dCBURUVzIHRoYXQgSW50ZWwgaGFzIGluIHRoZSBtYXJrZXRwbGFjZSwgYW5kIGFsc28gaGF2aW5n IHdvcmtlZCBmb3Igc2V2ZXJhbCB5ZWFycyBvbiBJbnRlbOKAmXMgWFNjYWxlIHByb2Nlc3NvcnMg KGFuZCBhbSB0aHVzIGZhbWlsaWFyIHdpdGggVFopLCB0aGUgY3VycmVudCBPVHJQIGRyYWZ0IGFk ZHJlc3NlcyBUcnVzdCBab25lIGNvbmNlcm5zIHdpdGhvdXQgcmVhbGx5IGNvbnNpZGVyaW5nIG90 aGVyIFRFRXMuIFRoaXMgaXMgbXkgcGVyY2VwdGlvbiwgb2YgY291cnNlLg0KDQpJdCBpcyBhbHNv IG15IG9waW5pb24gdGhhdCBhbiBJRVRGIHByb3RvY29sIHNob3VsZCBkbyBtb3JlIHRoYW4gYWRk cmVzcyBpbXBsZW1lbnRhdGlvbiBzcGVjaWZpYyBjb25jZXJucy4NCkkgYW0gbW90aXZhdGVkIHRv IHdvcmsgam9pbnRseSBvbiBkZXZlbG9waW5nIE9UclAgdG8gYWRkcmVzcyBhIHdpZGVyIHNldCBv ZiBjb25jZXJucyBjb21tb24gdG8gVEVFcyBhbmQgdGhlaXIgZW52aXJvbm1lbnRzLCB3aXRoIHRo ZSBwdXJwb3NlIG9mIGV4cGFuZGluZyB0aGUgZWFzZSB3aXRoIHdoaWNoIHRoZSBtYXJrZXRwbGFj ZSBjYW4gdXRpbGl6ZSBURUUgbWVjaGFuaXNtcy4NCg0KUGFydCBvZiB0aGlzIGRldmVsb3BtZW50 IG9mIE9UclAgKGZyb20gbXkgcGVyc3BlY3RpdmUpIGlzIGJlaW5nIGxlc3Mgbm9ybWF0aXZlIGFi b3V0IHRoZSBleGFjdCBsb2NhdGlvbiBhbmQgaW5zdGFudGlhdGlvbiBvZiBjZXJ0YWluIHBhcnRp ZXMgKHBhcnRpY3VsYXJseSB0aGUgVFNNKSBhbmQgYmUgc3BlY2lmaWMgb24gdGhlIG9wZXJhdGlv bnMgYW5kIGFjdGl2aXRpZXMgYXQgcGFydGljdWxhciDigJxzZXJ2aWNlIGFjY2VzcyBwb2ludHPi gJ0gb2YgdGhlIHByb3RvY29sLiBNeSBwb2ludCBoZXJlIGlzIHRoYXQgT1RyUCBpbiBpdHMgY3Vy cmVudCByZW5kaXRpb24gaXMgPGVtcGhhc2lzPiB0b28gPC9lbXBoYXNpcz4gaW1wbGVtZW50YXRp b24gc3BlY2lmaWMgYW5kIHRvbyBub3JtYXRpdmUgaW4gaXRzIGRlc2NyaXB0aW9uIG9mIHRoZSBt YXJrZXRwbGFjZS4gSSBiZWxpZXZlIHRoaXMgaXMgZmluZSBhcyBhbiBleGFtcGxlLCBidXQgbm90 IGFzIHBhcnQgb2YgdGhlIHByb3RvY29sLg0KDQpJIGJlbGlldmUgSUVURiBpcyBleGFjdGx5IHRo ZSBwbGFjZSB0byBoYXZlIHRoaXMgY29udmVyc2F0aW9uIGFuZCBkZWZpbmUgYSB2ZXJ5IG9wZW4g YW5kIGluY2x1c2l2ZSBwcm90b2NvbC4gSSByZWFsaXplIHRoYXQgdGFrZXMgc29tZSB0aW1lLiBJ IGxvb2sgZm9yd2FyZCB0byBoYXZpbmcgdGhpcyBjb252ZXJzYXRpb24gaW4gbW9yZSBkZXRhaWwu DQoNClRoYW5rcywNCkRhdmUgV2hlZWxlcg0KDQpGcm9tOiBURUVQIFttYWlsdG86dGVlcC1ib3Vu Y2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgSmVyZW15IE8nRG9ub2dodWUNClNlbnQ6IFR1ZXNk YXksIEFwcmlsIDQsIDIwMTcgNzoxMyBBTQ0KVG86IFRlcm8gS2l2aW5lbiA8a2l2aW5lbkBpa2ku Zmk+DQpDYzogSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyB0 ZWVwIDx0ZWVwQGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtUZWVwXSBNeSBCb0YgaW1wcmVzc2lv bg0KDQoNCk9uIDQgQXByIDIwMTcsIGF0IDEyOjIxLCBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtp LmZpPG1haWx0bzpraXZpbmVuQGlraS5maT4+IHdyb3RlOg0KDQpNeSBmZWVsaW5nIHRoYXQgdGhl IG1haW4gcXVlc3Rpb24gd2hhdCBwZW9wbGUgZGlkIG5vdCB1bmRlcnN0YW5kIHdhczoNCg0KV2hh dCBpcyB0aGUgcmVhbCBkaWZmZXJlbmNlIGJldHdlZW4gVEVFUCBhbmQganVzdCBub3JtYWwNCmFw cGxpY2F0aW9uIGRvd25sb2FkLiBJLmUuLCB3aHkgc2VwYXJhdGUgcHJvdG9jb2wgaXMgbmVlZGVk Lg0KSG93IGlzIHRoaXMgZGlmZmVyZW50IGZyb20ganVzdCBoYXZpbmcgcGVyaGFwcyBlbmNyeXB0 ZWQNCnNpZ25lZCBhcHBsaWNhdGlvbiBibG9iIGZyb20gdGhlIG1hcmtldHBsYWNlIGFuZCBpbnN0 YWxsaW5nDQp0aGF0Lg0KDQpBdCBsZWFzdCB0aGF0IHdhcyBteSBtYWluIHF1ZXN0aW9uIHdoZW4g d2UgZGlzY3Vzc2VkIHRoaXMgYmVmb3JlIHRoZQ0KQm9GLg0KDQpPZiBjb3Vyc2UgaXQgZG9lcyBu b3QgaGVscCwgdGhhdCB3aGVuIHlvdSBhc2sgdGhhdCBxdWVzdGlvbiBmcm9tDQpkaWZmZXJlbnQg cGVvcGxlIHlvdSBnZXQgZGlmZmVyZW50IGFuc3dlciwgYXMgdGhlIGlkZWEgb2Ygd2hhdCBURUVQ IGlzDQpkaWZmZXJlbnQgZm9yIGRpZmZlcmVudCBwZW9wbGXigKYNCg0KSSB0aGluayB0aGVyZSBp cyBhIGRlZ3JlZSBvZiB0YWxraW5nIGF0IGNyb3NzLXB1cnBvc2VzLg0KDQpUaGVyZSBpcyBvbmUg Z3JvdXAgLSBlc3NlbnRpYWxseSB0aG9zZSBzcG9uc29yaW5nIHRoZSBjcmVhdGlvbiBvZiB0aGlz IGdyb3VwIC0gd2hpY2ggaGFzIGEgdmVyeSBjbGVhciB1bmRlcnN0YW5kaW5nIG9mIHdoYXQgaXQg d291bGQgbGlrZSBURUVQIHRvIGJlLCB3aGljaCBpcyBlc3NlbnRpYWxseSB0aHJlZSB0aGluZ3M6 DQoNCg0KICAxLiAgQSBtZWNoYW5pc20gZm9yIG1hbmFnaW5nIFRydXN0ZWQgQXBwbGljYXRpb25z IGFuZCB0aGVpciBhc3NvY2lhdGVkIHNlY3JldHMgYW5kIGtleSBtYXRlcmlhbCBpbiBhIEdsb2Jh bFBsYXRmb3JtIFRFRSBvciBzb21ldGhpbmcgdGhhdCBpcyBjb25jZXB0dWFsbHkgdmVyeSBzaW1p bGFyLg0KICAyLiAgQSBtZWNoYW5pc20gZm9yIGVzdGFibGlzaGluZyBhIGNoYWluIG9mIHRydXN0 IHJvb3RlZCBpbiBmaXJtd2FyZSBhbmQgY292ZXJpbmcgdGhlIFRFRSBhbmQgcG9zc2libHkgb3Ro ZXIgc3lzdGVtIGNvbXBvbmVudHMgdXAgdG8gYW5kIGluY2x1ZGluZyB0aGUgZXhlY3V0aW5nIFRh c2sgaW4gYSBTZWN1cml0eSBEb21haW4uDQogIDMuICBBIG1lY2hhbmlzbSAtIHRhcmdldGVkIGF0 IHBob25lIGFuZCB0YWJsZXQgdHlwZSBkZXZpY2VzIC0gd2hpY2ggb3BlcmF0ZXMgaW5kZXBlbmRl bnRseSBvZiB0aGUg4oCcQXBwIFN0b3Jl4oCdIG1lY2hhbmlzbSwgYW5kIGlzIGJhc2VkIG9uIGEg UEtJIGluZnJhc3RydWN0dXJlIGFsbG93aW5nIFNlcnZpY2UgUHJvdmlkZXJzIHRvIG1hbmFnZSB0 aGUgVHJ1c3RlZCBBcHBsaWNhdGlvbnMgdGhleSBjb250cm9sIHdpdGhvdXQgdGhlIG5lZWQgZm9y IHVzZXIgaW50ZXJ2ZW50aW9uLg0KDQpUaGUgZHJhZnQgc3BlY2lmaWNhdGlvbiB2ZXJ5IGNsZWFy bHkgYWRkcmVzc2VzIHN1Y2ggYSBzeXN0ZW0uIFVuZGVyc3RhbmRpbmcgaXQgZnVsbHkgcmVxdWly ZXMgY29uc2lkZXJhYmxlIGZhbWlsaWFyaXR5IHdpdGggdGhlIEdsb2JhbFBsYXRmb3JtIFRFRSBz cGVjaWZpY2F0aW9ucywgc2luY2UgbXVjaCBvZiB0aGUgdGVybWlub2xvZ3kgYW5kIGFyY2hpdGVj dHVyYWwgYXNzdW1wdGlvbnMgYXJlIGRlcml2ZWQgZnJvbSB0aGVzZS4NCg0KVGhlcmUgaXMgYSBz ZWNvbmQgZ3JvdXAgd2hpY2ggaXMgc3RhcnRpbmcgZnJvbSBhIG1vcmUgYWJzdHJhY3QgcG9zaXRp b24gb2Ygd2hhdCBhIFRFRSBzaG91bGQgbG9vayBsaWtlIGFuZCB3aGF0IHNlY3VyaXR5IHNlcnZp Y2VzIGl0IG1pZ2h0IHRoZW4gcHJvdmlkZSB0byBhIHN5c3RlbSBhbmQgaG93IHRoZSBjb250cm9s IG9mIHRoZXNlIGNvdWxkIGJlIHN0cnVjdHVyZWQuIFRoaXMgaXMgYSBjb21wbGV0ZWx5IGRpZmZl cmVudCBwcm9ibGVtLCBhbmQgbGlrZWx5IGEgbXVjaCBicm9hZGVyIG9uZSB3aGljaCBpcyBkaWZm aWN1bHQgdG8gZW5jYXBzdWxhdGUgaW4gYSBzbWFsbCBzY29wZS4NCg0KDQpUcnlpbmcgdG8gbWFr ZSB0aGUgYXJjaGl0ZWN0dXJlIHRvbyBnZW5lcmljIGFsc28gY29uZnVzZXMgdGhpbmdzLiBJdA0K bWlnaHQgYmUgYmV0dGVyIHRvIGhhdmUgbW9yZSBjb25jcmV0ZSBleGFtcGxlIHdpdGggbW9yZSBs aW1pdGVkIHNjb3BlLA0KdGhhdCB3b3VsZCBleHBsYWluIHRoaW5ncyB3aGF0IFRFRVAgc2hvdWxk IHByb3ZpZGUuDQoNCkZvciBleGFtcGxlOg0KDQoxKSBURUVQIHByb3ZpZGVzIGEgd2F5IHRvIGlu c3RhbGwgc29mdHdhcmUgZnJvbSB0aGUgU2VjdXJlDQp0cnVzdGVkIGFwcGxpY2F0aW9uIG1hcmtl dHBsYWNlIHRvIHRoZSBURUUgcnVubmluZyBpbnNpZGUNCmRldmljZS4NCg0KMikgVGhlIFNlY3Vy ZSB0cnVzdGVkIGFwcGxpYXRpb24gbWFya2V0cGxhY2UgbmVlZHMgdG8gYmUgYWJsZQ0KdG8gdmVy aWZ5IHRoYXQgdGhlIFRFRSB3YW50aW5nIHRvIGluc3RhbGwgYW4gYXBwbGljYXRpb24gaXMNCmFj dHVhbCBURUUsIGFuZCBub3Qgc29tZSBmYWtlIGRldmljZSwgZm9yIGV4YW1wbGUgdXNpbmcNCnNp Z25hdHVyZSBmcm9tIHRoZSBrZXkgaW5zdGFsbGVkIGJ5IHRoZSBtYW51ZmFjdHVyZXIgd2hpY2gg aXMNCnVzZWQgdG8gc2lnbiB0aGUgaW5zdGFsbGF0aW9uIHJlcXVlc3QuDQoNCjMpIFRoZSBTZWN1 cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFjZSBjYW4gdGhlbiBlbmNyeXB0DQp0aGUg dHJ1c3RlZCBhcHBsaWNhdGlvbiB3aXRoIFRFRSBzcGVjaWZpYyBrZXksIHNvIHRoYXQgbm9ib2R5 DQplbHNlIHRoYW4gVEVFIGNhbiBkZWNyeXB0IGFuZCBpbnN0YWxsIGl0LiBUaGlzIHdpbGwgcHJl dmVudA0KbGVha2luZyBvdXQgY29uZmlkZW50aWFsIG1hdGVyaWFsIGluc2lkZSB0aGUgYXBwbGlj YXRpb24uDQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwgcGFja2FnZSBtaWdodCBhbHNvIGJl IHBlcnNvbmFsaXplZA0KZm9yIHRoZSBzcGVjaWZpYyBURUUuIFNlY3VyZSB0cnVzdGVkIGFwcGxp Y2F0aW9uIG1hcmtldHBsYWNlDQp3aWxsIGFsc28gc2lnbiB0aGUgdHJ1c3RlZCBhcHBsaWNhdGlv biBpbnN0YWxsIHBhY2thZ2UsIHNvIFRFRQ0KY2FuIHZlcmlmeSBpdCBpcyBhdXRoZW50aWMuDQoN CjQpIFRFRSB3aWxsIHZlcmlmeSB0aGUgc2lnbmF0dXJlIG9mIHRoZSB0cnVzdGVkIGFwcGxpY2F0 aW9uDQppbnN0YWxsIHBhY2thZ2UsIGFuZCBjaGVjayB0aGF0IHNpZ25lciBpcyB0cnVzdGVkLCBh bmQgdGhlbiBpdA0Kd2lsbCBkZWNyeXB0IHRoZSBwYWNrYWdlLCBhbmQgaW5zdGFsbCBpdC4NCg0K NSkgVGhlIGFwcGxpY2F0aW9uIHJ1bm5pbmcgb24gdGhlIFJFRSBzaWRlIG1pZ2h0IG5lZWQgdG8N CnZlcmlmeSB0aGF0IHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHBhcnQgb2YgaXQgaGFzIGJlZW4N CnByb3Blcmx5IGluc3RhbGxlZCB0byByZWFsIFRFRSwgc28gaXQgY2FuIHRydXN0IGl0IGRvaW5n IGl0cw0Kam9iLiBJIGFtIG5vdCBzdXJlIGlmIHRoaXMgd2lsbCBiZSBwYXJ0IG9mIHRoZSBURUVQ IG9yIG5vdC4uLg0KDQpJcyBteSB1bmRlcnN0YW5kaW5nIG9mIFRFRVAgY29ycmVjdD8gSSBkbyBu b3Qga25vdywgYW5kIEkgYXNzdW1lIG90aGVyDQpwZW9wbGUgaGF2ZSBkaWZmZXJlbnQgaWRlYXMg d2hhdCBzaG91bGQgb3Igc2hvdWxkIG5vdCBiZSBwYXJ0IG9mIGl0Lg0KDQpJIHRoaW5rIHRoaXMg aXMgYSBwcmV0dHkgZ29vZCBleHBsYW5hdGlvbiBvZiB3aGF0IHRoZSBmaXJzdCBncm91cCB3b3Vs ZCBsaWtlIHRvIHNlZS4NCg0KQmVzdCByZWdhcmRzDQpKZXJlbXkNCg0K --_000_0627F5240443D2498FAA65332EE46C84366ED746CRSMSX102amrcor_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLmFwcGxlLXRhYi1zcGFu DQoJe21zby1zdHlsZS1uYW1lOmFwcGxlLXRhYi1zcGFuO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxl LXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlv bjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGlu O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZp bml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6MTg1OTU0MjIyOTsNCgltc28tbGlz dC10ZW1wbGF0ZS1pZHM6NjA0NjQwNDY2O30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjIwNTgx MTY5ODE7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xMzU5MzM0MTM4O30NCkBsaXN0IGwxOmxl dmVsMQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwxOmxldmVsMg0KCXttc28t bGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLXRhYi1z dG9wOjEuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotLjI1aW47fQ0KQGxpc3QgbDE6bGV2ZWw0DQoJe21zby1sZXZlbC10YWItc3RvcDoyLjBpbjsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30N CkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMTps ZXZlbDYNCgl7bXNvLWxldmVsLXRhYi1zdG9wOjMuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDE6bGV2ZWw3DQoJe21z by1sZXZlbC10YWItc3RvcDozLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtdGFi LXN0b3A6NC4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0uMjVpbjt9DQpAbGlzdCBsMTpsZXZlbDkNCgl7bXNvLWxldmVsLXRhYi1zdG9wOjQuNWlu Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0K LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0 ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6 ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5J4oCZbSBhIGJpdCBiZWhpbmQgb24gdGhlIHRocmVh ZCwgYnV0IHdhbnQgdG8gcmVzcG9uZCB0byBKZXJlbXnigJlzIG9yaWdpbmFsIGNvbW1lbnQuPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5GaXJzdCwgSSB0aGlzIGlz IGV4YWN0bHkgdGhlIHR5cGUgb2YgY29udmVyc2F0aW9uIHdlIG5lZWQgdG8gaGF2ZS4gVGhhbmtz IGZvciBraWNraW5nIHRoaXMgb2ZmIHZlcnkgZGlyZWN0bHkuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkkg YWdyZWUgd2l0aCB5b3VyIHBlcmNlcHRpb24gb2YgdGhlIHR3byBncm91cHMsIHRob3VnaCBJIHRo aW5rIGl0IGlzIGltcG9ydGFudCB0byB1bmRlcnN0YW5kIHRoZSBtb3RpdmF0aW9ucyBpbiB0aGUg c2Vjb25kIGdyb3VwLCBzaW5jZSB0aGV5IG1heSBiZSB2YXJpZWQuDQo8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkkgd2lsbCBwdXQgbXlzZWxmIHZvbHVudGFyaWx5 IGluIHRoZSBzZWNvbmQgYnVja2V0LiBJIHdpbGwgcHJlc2VudCBteSBwZXJzb25hbCBwZXJzcGVj dGl2ZSwgd2hpY2ggbWF5IGJlIGRpZmZlcmVudCBmcm9tIG90aGVycyBpbiB0aGUg4oCcc2Vjb25k IGdyb3Vw4oCdLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+Rm9y IG15c2VsZiwgSSBhbSBsb29raW5nIHRvIGRlZmluZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlv biBvZiBhIFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJvdG9jb2wgdGhhdCBpcyBhcHBsaWNhYmxlIHRv IGEgd2lkZSBzZXQgb2YgVEVFcy4gRnJvbSBteSBwZXJzcGVjdGl2ZSwNCiBsb29raW5nIGF0IFRF RXMgdGhhdCBJbnRlbCBoYXMgaW4gdGhlIG1hcmtldHBsYWNlLCBhbmQgYWxzbyBoYXZpbmcgd29y a2VkIGZvciBzZXZlcmFsIHllYXJzIG9uIEludGVs4oCZcyBYU2NhbGUgcHJvY2Vzc29ycyAoYW5k IGFtIHRodXMgZmFtaWxpYXIgd2l0aCBUWiksIHRoZSBjdXJyZW50IE9UclAgZHJhZnQgYWRkcmVz c2VzIFRydXN0IFpvbmUgY29uY2VybnMgd2l0aG91dCByZWFsbHkgY29uc2lkZXJpbmcgb3RoZXIg VEVFcy4gVGhpcyBpcyBteQ0KIHBlcmNlcHRpb24sIG9mIGNvdXJzZS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkl0IGlzIGFsc28gbXkgb3BpbmlvbiB0aGF0IGFu IElFVEYgcHJvdG9jb2wgc2hvdWxkIGRvIG1vcmUgdGhhbiBhZGRyZXNzIGltcGxlbWVudGF0aW9u IHNwZWNpZmljIGNvbmNlcm5zLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JIGFtIG1vdGl2YXRlZCB0byB3 b3JrIGpvaW50bHkgb24gZGV2ZWxvcGluZyBPVHJQIHRvIGFkZHJlc3MgYSB3aWRlciBzZXQgb2Yg Y29uY2VybnMgY29tbW9uIHRvIFRFRXMgYW5kIHRoZWlyIGVudmlyb25tZW50cywgd2l0aCB0aGUg cHVycG9zZSBvZiBleHBhbmRpbmcgdGhlDQogZWFzZSB3aXRoIHdoaWNoIHRoZSBtYXJrZXRwbGFj ZSBjYW4gdXRpbGl6ZSBURUUgbWVjaGFuaXNtcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOiMxRjQ5N0QiPlBhcnQgb2YgdGhpcyBkZXZlbG9wbWVudCBvZiBPVHJQIChmcm9tIG15 IHBlcnNwZWN0aXZlKSBpcyBiZWluZyBsZXNzIG5vcm1hdGl2ZSBhYm91dCB0aGUgZXhhY3QgbG9j YXRpb24gYW5kIGluc3RhbnRpYXRpb24gb2YgY2VydGFpbiBwYXJ0aWVzIChwYXJ0aWN1bGFybHkg dGhlDQogVFNNKSBhbmQgYmUgc3BlY2lmaWMgb24gdGhlIG9wZXJhdGlvbnMgYW5kIGFjdGl2aXRp ZXMgYXQgcGFydGljdWxhciDigJxzZXJ2aWNlIGFjY2VzcyBwb2ludHPigJ0gb2YgdGhlIHByb3Rv Y29sLiBNeSBwb2ludCBoZXJlIGlzIHRoYXQgT1RyUCBpbiBpdHMgY3VycmVudCByZW5kaXRpb24g aXMgJmx0O2VtcGhhc2lzJmd0OyB0b28gJmx0Oy9lbXBoYXNpcyZndDsgaW1wbGVtZW50YXRpb24g c3BlY2lmaWMgYW5kIHRvbyBub3JtYXRpdmUgaW4gaXRzIGRlc2NyaXB0aW9uIG9mIHRoZQ0KIG1h cmtldHBsYWNlLiBJIGJlbGlldmUgdGhpcyBpcyBmaW5lIGFzIGFuIGV4YW1wbGUsIGJ1dCBub3Qg YXMgcGFydCBvZiB0aGUgcHJvdG9jb2wuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjojMUY0OTdEIj5JIGJlbGlldmUgSUVURiBpcyBleGFjdGx5IHRoZSBwbGFjZSB0byBoYXZlIHRo aXMgY29udmVyc2F0aW9uIGFuZCBkZWZpbmUgYSB2ZXJ5IG9wZW4gYW5kIGluY2x1c2l2ZSBwcm90 b2NvbC4gSSByZWFsaXplIHRoYXQgdGFrZXMgc29tZSB0aW1lLiBJIGxvb2sgZm9yd2FyZCB0bw0K IGhhdmluZyB0aGlzIGNvbnZlcnNhdGlvbiBpbiBtb3JlIGRldGFpbC48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPlRoYW5rcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+RGF2 ZSBXaGVlbGVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEg bmFtZT0iX01haWxFbmRDb21wb3NlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9hPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGlu IDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfX19fX3JlcGx5c2VwYXJhdG9y Ij48L2E+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm Ij4gVEVFUCBbbWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8 L2I+SmVyZW15IE8nRG9ub2dodWU8YnI+DQo8Yj5TZW50OjwvYj4gVHVlc2RheSwgQXByaWwgNCwg MjAxNyA3OjEzIEFNPGJyPg0KPGI+VG86PC9iPiBUZXJvIEtpdmluZW4gJmx0O2tpdmluZW5AaWtp LmZpJmd0Ozxicj4NCjxiPkNjOjwvYj4gSGFubmVzIFRzY2hvZmVuaWcgJmx0O0hhbm5lcy5Uc2No b2ZlbmlnQGFybS5jb20mZ3Q7OyB0ZWVwICZsdDt0ZWVwQGlldGYub3JnJmd0Ozxicj4NCjxiPlN1 YmplY3Q6PC9iPiBSZTogW1RlZXBdIE15IEJvRiBpbXByZXNzaW9uPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2 Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBw dCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gNCBBcHIgMjAxNywgYXQgMTI6MjEs IFRlcm8gS2l2aW5lbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmtpdmluZW5AaWtpLmZpIj5raXZpbmVu QGlraS5maTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxicj4NCk15IGZlZWxpbmcgdGhhdCB0aGUgbWFpbiBx dWVzdGlvbiB3aGF0IHBlb3BsZSBkaWQgbm90IHVuZGVyc3RhbmQgd2FzOjxicj4NCjxicj4NCldo YXQgaXMgdGhlIHJlYWwgZGlmZmVyZW5jZSBiZXR3ZWVuIFRFRVAgYW5kIGp1c3Qgbm9ybWFsPGJy Pg0KYXBwbGljYXRpb24gZG93bmxvYWQuIEkuZS4sIHdoeSBzZXBhcmF0ZSBwcm90b2NvbCBpcyBu ZWVkZWQuPGJyPg0KSG93IGlzIHRoaXMgZGlmZmVyZW50IGZyb20ganVzdCBoYXZpbmcgcGVyaGFw cyBlbmNyeXB0ZWQ8YnI+DQpzaWduZWQgYXBwbGljYXRpb24gYmxvYiBmcm9tIHRoZSBtYXJrZXRw bGFjZSBhbmQgaW5zdGFsbGluZzxicj4NCnRoYXQuPGJyPg0KPGJyPg0KQXQgbGVhc3QgdGhhdCB3 YXMgbXkgbWFpbiBxdWVzdGlvbiB3aGVuIHdlIGRpc2N1c3NlZCB0aGlzIGJlZm9yZSB0aGU8YnI+ DQpCb0YuPGJyPg0KPGJyPg0KT2YgY291cnNlIGl0IGRvZXMgbm90IGhlbHAsIHRoYXQgd2hlbiB5 b3UgYXNrIHRoYXQgcXVlc3Rpb24gZnJvbTxicj4NCmRpZmZlcmVudCBwZW9wbGUgeW91IGdldCBk aWZmZXJlbnQgYW5zd2VyLCBhcyB0aGUgaWRlYSBvZiB3aGF0IFRFRVAgaXM8YnI+DQpkaWZmZXJl bnQgZm9yIGRpZmZlcmVudCBwZW9wbGXigKY8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIHRoaW5rIHRo ZXJlIGlzIGEgZGVncmVlIG9mIHRhbGtpbmcgYXQgY3Jvc3MtcHVycG9zZXMuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZXJlIGlzIG9uZSBn cm91cCAtIGVzc2VudGlhbGx5IHRob3NlIHNwb25zb3JpbmcgdGhlIGNyZWF0aW9uIG9mIHRoaXMg Z3JvdXAgLSB3aGljaCBoYXMgYSB2ZXJ5IGNsZWFyIHVuZGVyc3RhbmRpbmcgb2Ygd2hhdCBpdCB3 b3VsZCBsaWtlIFRFRVAgdG8gYmUsIHdoaWNoIGlzIGVzc2VudGlhbGx5IHRocmVlIHRoaW5nczo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPG9sIHN0YXJ0PSIxIiB0eXBlPSIxIj4N CjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzMiPg0KQSBtZWNo YW5pc20gZm9yIG1hbmFnaW5nIFRydXN0ZWQgQXBwbGljYXRpb25zIGFuZCB0aGVpciBhc3NvY2lh dGVkIHNlY3JldHMgYW5kIGtleSBtYXRlcmlhbCBpbiBhIEdsb2JhbFBsYXRmb3JtIFRFRSBvciBz b21ldGhpbmcgdGhhdCBpcyBjb25jZXB0dWFsbHkgdmVyeSBzaW1pbGFyLjxvOnA+PC9vOnA+PC9s aT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwxIGxldmVsMSBsZm8zIj4NCkEgbWVj aGFuaXNtIGZvciBlc3RhYmxpc2hpbmcgYSBjaGFpbiBvZiB0cnVzdCByb290ZWQgaW4gZmlybXdh cmUgYW5kIGNvdmVyaW5nIHRoZSBURUUgYW5kIHBvc3NpYmx5IG90aGVyIHN5c3RlbSBjb21wb25l bnRzIHVwIHRvIGFuZCBpbmNsdWRpbmcgdGhlIGV4ZWN1dGluZyBUYXNrIGluIGEgU2VjdXJpdHkg RG9tYWluLjxvOnA+PC9vOnA+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0Omwx IGxldmVsMSBsZm8zIj4NCkEgbWVjaGFuaXNtIC0gdGFyZ2V0ZWQgYXQgcGhvbmUgYW5kIHRhYmxl dCB0eXBlIGRldmljZXMgLSB3aGljaCBvcGVyYXRlcyBpbmRlcGVuZGVudGx5IG9mIHRoZSDigJxB cHAgU3RvcmXigJ0gbWVjaGFuaXNtLCBhbmQgaXMgYmFzZWQgb24gYSBQS0kgaW5mcmFzdHJ1Y3R1 cmUgYWxsb3dpbmcgU2VydmljZSBQcm92aWRlcnMgdG8gbWFuYWdlIHRoZSBUcnVzdGVkIEFwcGxp Y2F0aW9ucyB0aGV5IGNvbnRyb2wgd2l0aG91dCB0aGUgbmVlZCBmb3IgdXNlciBpbnRlcnZlbnRp b24uPG86cD48L286cD48L2xpPjwvb2w+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPlRoZSBkcmFmdCBzcGVjaWZpY2F0aW9uIHZlcnkgY2xlYXJseSBhZGRyZXNzZXMgc3Vj aCBhIHN5c3RlbS4gVW5kZXJzdGFuZGluZyBpdCBmdWxseSByZXF1aXJlcyBjb25zaWRlcmFibGUg ZmFtaWxpYXJpdHkgd2l0aCB0aGUgR2xvYmFsUGxhdGZvcm0gVEVFIHNwZWNpZmljYXRpb25zLCBz aW5jZSBtdWNoIG9mIHRoZSB0ZXJtaW5vbG9neSBhbmQgYXJjaGl0ZWN0dXJhbCBhc3N1bXB0aW9u cyBhcmUgZGVyaXZlZCBmcm9tDQogdGhlc2UuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZXJlIGlzIGEgc2Vjb25kIGdyb3VwIHdoaWNoIGlz IHN0YXJ0aW5nIGZyb20gYSBtb3JlIGFic3RyYWN0IHBvc2l0aW9uIG9mIHdoYXQgYSBURUUgc2hv dWxkIGxvb2sgbGlrZSBhbmQgd2hhdCBzZWN1cml0eSBzZXJ2aWNlcyBpdCBtaWdodCB0aGVuIHBy b3ZpZGUgdG8gYSBzeXN0ZW0gYW5kIGhvdyB0aGUgY29udHJvbCBvZiB0aGVzZSBjb3VsZCBiZSBz dHJ1Y3R1cmVkLiBUaGlzIGlzIGEgY29tcGxldGVseSBkaWZmZXJlbnQNCiBwcm9ibGVtLCBhbmQg bGlrZWx5IGEgbXVjaCBicm9hZGVyIG9uZSB3aGljaCBpcyBkaWZmaWN1bHQgdG8gZW5jYXBzdWxh dGUgaW4gYSBzbWFsbCBzY29wZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGJyPg0KPGJyPg0KPG86cD48L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0i bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+VHJ5aW5nIHRvIG1ha2UgdGhlIGFyY2hpdGVjdHVyZSB0b28gZ2Vu ZXJpYyBhbHNvIGNvbmZ1c2VzIHRoaW5ncy4gSXQ8YnI+DQptaWdodCBiZSBiZXR0ZXIgdG8gaGF2 ZSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUgd2l0aCBtb3JlIGxpbWl0ZWQgc2NvcGUsPGJyPg0KdGhh dCB3b3VsZCBleHBsYWluIHRoaW5ncyB3aGF0IFRFRVAgc2hvdWxkIHByb3ZpZGUuPGJyPg0KPGJy Pg0KRm9yIGV4YW1wbGU6PGJyPg0KPGJyPg0KMSkgVEVFUCBwcm92aWRlcyBhIHdheSB0byBpbnN0 YWxsIHNvZnR3YXJlIGZyb20gdGhlIFNlY3VyZTxicj4NCnRydXN0ZWQgYXBwbGljYXRpb24gbWFy a2V0cGxhY2UgdG8gdGhlIFRFRSBydW5uaW5nIGluc2lkZTxicj4NCmRldmljZS48YnI+DQo8YnI+ DQoyKSBUaGUgU2VjdXJlIHRydXN0ZWQgYXBwbGlhdGlvbiBtYXJrZXRwbGFjZSBuZWVkcyB0byBi ZSBhYmxlPGJyPg0KdG8gdmVyaWZ5IHRoYXQgdGhlIFRFRSB3YW50aW5nIHRvIGluc3RhbGwgYW4g YXBwbGljYXRpb24gaXM8YnI+DQphY3R1YWwgVEVFLCBhbmQgbm90IHNvbWUgZmFrZSBkZXZpY2Us IGZvciBleGFtcGxlIHVzaW5nPGJyPg0Kc2lnbmF0dXJlIGZyb20gdGhlIGtleSBpbnN0YWxsZWQg YnkgdGhlIG1hbnVmYWN0dXJlciB3aGljaCBpczxicj4NCnVzZWQgdG8gc2lnbiB0aGUgaW5zdGFs bGF0aW9uIHJlcXVlc3QuPGJyPg0KPGJyPg0KMykgVGhlIFNlY3VyZSB0cnVzdGVkIGFwcGxpY2F0 aW9uIG1hcmtldHBsYWNlIGNhbiB0aGVuIGVuY3J5cHQ8YnI+DQp0aGUgdHJ1c3RlZCBhcHBsaWNh dGlvbiB3aXRoIFRFRSBzcGVjaWZpYyBrZXksIHNvIHRoYXQgbm9ib2R5PGJyPg0KZWxzZSB0aGFu IFRFRSBjYW4gZGVjcnlwdCBhbmQgaW5zdGFsbCBpdC4gVGhpcyB3aWxsIHByZXZlbnQ8YnI+DQps ZWFraW5nIG91dCBjb25maWRlbnRpYWwgbWF0ZXJpYWwgaW5zaWRlIHRoZSBhcHBsaWNhdGlvbi48 YnI+DQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwgcGFja2FnZSBtaWdodCBhbHNvIGJlIHBl cnNvbmFsaXplZDxicj4NCmZvciB0aGUgc3BlY2lmaWMgVEVFLiBTZWN1cmUgdHJ1c3RlZCBhcHBs aWNhdGlvbiBtYXJrZXRwbGFjZTxicj4NCndpbGwgYWxzbyBzaWduIHRoZSB0cnVzdGVkIGFwcGxp Y2F0aW9uIGluc3RhbGwgcGFja2FnZSwgc28gVEVFPGJyPg0KY2FuIHZlcmlmeSBpdCBpcyBhdXRo ZW50aWMuPGJyPg0KPGJyPg0KNCkgVEVFIHdpbGwgdmVyaWZ5IHRoZSBzaWduYXR1cmUgb2YgdGhl IHRydXN0ZWQgYXBwbGljYXRpb248YnI+DQppbnN0YWxsIHBhY2thZ2UsIGFuZCBjaGVjayB0aGF0 IHNpZ25lciBpcyB0cnVzdGVkLCBhbmQgdGhlbiBpdDxicj4NCndpbGwgZGVjcnlwdCB0aGUgcGFj a2FnZSwgYW5kIGluc3RhbGwgaXQuPGJyPg0KPGJyPg0KNSkgVGhlIGFwcGxpY2F0aW9uIHJ1bm5p bmcgb24gdGhlIFJFRSBzaWRlIG1pZ2h0IG5lZWQgdG88YnI+DQp2ZXJpZnkgdGhhdCB0aGUgdHJ1 c3RlZCBhcHBsaWNhdGlvbiBwYXJ0IG9mIGl0IGhhcyBiZWVuPGJyPg0KcHJvcGVybHkgaW5zdGFs bGVkIHRvIHJlYWwgVEVFLCBzbyBpdCBjYW4gdHJ1c3QgaXQgZG9pbmcgaXRzPGJyPg0Kam9iLiBJ IGFtIG5vdCBzdXJlIGlmIHRoaXMgd2lsbCBiZSBwYXJ0IG9mIHRoZSBURUVQIG9yIG5vdC4uLjxi cj4NCjxicj4NCklzIG15IHVuZGVyc3RhbmRpbmcgb2YgVEVFUCBjb3JyZWN0PyBJIGRvIG5vdCBr bm93LCBhbmQgSSBhc3N1bWUgb3RoZXI8YnI+DQpwZW9wbGUgaGF2ZSBkaWZmZXJlbnQgaWRlYXMg d2hhdCBzaG91bGQgb3Igc2hvdWxkIG5vdCBiZSBwYXJ0IG9mIGl0LjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPkkgdGhpbmsgdGhpcyBpcyBhIHByZXR0eSBnb29kIGV4cGxhbmF0aW9uIG9mIHdoYXQgdGhl IGZpcnN0IGdyb3VwIHdvdWxkIGxpa2UgdG8gc2VlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJlc3QgcmVnYXJkczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SmVyZW15PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2JvZHk+DQo8L2h0bWw+DQo= --_000_0627F5240443D2498FAA65332EE46C84366ED746CRSMSX102amrcor_-- From nobody Wed Apr 5 10:02:24 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A906F129489 for ; Wed, 5 Apr 2017 10:02:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.222 X-Spam-Level: X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0sWF0pg0R1N for ; Wed, 5 Apr 2017 10:02:17 -0700 (PDT) Received: from tussmtoutape01.symantec.com (Tussmtoutape01.symantec.com [155.64.38.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AA0612945D for ; Wed, 5 Apr 2017 10:02:17 -0700 (PDT) Received: from tussmtmtaapi02.symc.symantec.com (tus3-f5-symc-ext-prd-snat4.net.symantec.com [10.44.130.4]) by tussmtoutape01.symantec.com (Symantec Messaging Gateway) with SMTP id D4.59.21377.51325E85; Wed, 5 Apr 2017 17:02:17 +0000 (GMT) X-AuditID: 0a2c7e31-109ff70000005381-b2-58e523153284 Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (tus3-f5-symc-ext-prd-snat7.net.symantec.com [10.44.130.7]) by tussmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id 2C.C0.58529.51325E85; Wed, 5 Apr 2017 17:02:13 +0000 (GMT) Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 5 Apr 2017 10:02:12 -0700 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (10.44.128.10) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Wed, 5 Apr 2017 10:02:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3/UGntcH4srOJAec0pR+7MZLkQiRHzemEpFuCeFDKOk=; b=rsXI7zpu1zdOcwdGU8XD/U0TlC/xy/WFy+hDXr4Tl/uLPlh395X8eQChq2QjCNv+PZW/QCfzjIvJOTcVIoHsaHLmC0jJ5vlqPNo1docvCy5YpcMTaU6iY57YknGKp3ghBjex7SlhCSgxqPchd0vs7Nybi6TeQ34cg/aA/pCWQuk= Received: from MWHPR16MB1488.namprd16.prod.outlook.com (10.175.4.146) by MWHPR16MB1486.namprd16.prod.outlook.com (10.175.4.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.10; Wed, 5 Apr 2017 17:02:11 +0000 Received: from MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) by MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) with mapi id 15.01.1005.010; Wed, 5 Apr 2017 17:02:11 +0000 From: Brian Witten To: "Wheeler, David M" , 'Jeremy O'Donoghue' , Tero Kivinen CC: Hannes Tschofenig , teep Thread-Topic: [EXT] Re: [Teep] My BoF impression Thread-Index: AQHSrU2giPFLiSVgmkmb1dFDeX8IQaG2+mKAgAADRmQ= Date: Wed, 5 Apr 2017 17:02:10 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> , <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> In-Reply-To: <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=symantec.com; x-originating-ip: [25.168.201.132] x-microsoft-exchange-diagnostics: 1; MWHPR16MB1486; 7:G80d8d3CM5WbDeGLYbfvdiIyOISkdY2GeI6aWEKyrsAbqZ0SBd0tq3W4cWrCDUN1QO9ywO6flgE0aL8v2zCvfdblKo1G1HWG/LzJAKx4krTyHkMYqwJdjp0WUlu0MJ3HAgGcLc3092X9c5x5wQPYWbzzy5mqq3BY7EaUe1oKAUqZl7b3siElnzu+G/oDj0IuhIE/lg+C78HcVMvdkgZM6e65Qx/8MM+/ejfVVOYELXTP96AAYAYv9E1z1EZMuq6xYol5W6g8sg7U17zQz6njced8MOu+zkelYve+d51AlZrmH95WNTSihvPJsywiIT9nGael9dmVP7YsSXFJpJHBtQ== x-ms-office365-filtering-correlation-id: 739d00fb-b160-4fbf-de2e-08d47c458020 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR16MB1486; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(180628864354917)(278428928389397)(192374486261705)(228905959029699)(17755550239193); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(6072148); SRVR:MWHPR16MB1486; BCL:0; PCL:0; RULEID:; SRVR:MWHPR16MB1486; x-forefront-prvs: 0268246AE7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39850400002)(39450400003)(39840400002)(39410400002)(39400400002)(57704003)(377454003)(24454002)(51414003)(2906002)(189998001)(53546009)(25786009)(3280700002)(38730400002)(93886004)(8676002)(8936002)(74316002)(3660700001)(81166006)(122556002)(305945005)(7736002)(2900100001)(2950100002)(86362001)(102836003)(3846002)(33656002)(6116002)(4326008)(7696004)(6436002)(66066001)(5660300001)(6506006)(6246003)(229853002)(9686003)(55016002)(77096006)(99286003)(54906002)(53936002)(54356999)(50986999)(10290500002)(76176999); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1486; H:MWHPR16MB1488.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2017 17:02:10.8306 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1486 X-OriginatorOrg: symantec.com X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTYRTHfd7Lel3OnqbmyYR0iR9Kp4LFsJBMqEFZfSgaEdTQFx1OJ9uU TBCVVCZW3q94N41SCIkuOixng9JQV4E5DWxq3gLLUktL2953Ul8efuf8z/XhMKS4i/ZhVMl6 VpusVEsEQkoYlEMF7z0wowjNKkeyHMuAQDZWNUDI8kdeUDLz8KxAdvf3KnmclnfUdyB5a+sv Qt6/0kTJW4zzhLy5/DM6T18WHotj1ao0VhsSeU2YsGzuRSmTUdfbXhahLLQSXoBcGcDhUNOZ TRcgISPGywg6N39S20LVt7dOYQ1B1btJkjf6EdS1fUW8MYfAUL7FhVHYQMJK55QzrIyAkeza fzmWBQPhqCzAUjD/meBSPPFNBPd6N0iHQOJTsNjczbEHDoGON7M7HOyJQyGv7zbNcwRYSh7Z CzH2fgFQ1HrU4RbhKzBW/EzANysiwFa9zq3hii/AVv44VxPhPbA20EHwvbzBOt1A8KtiaDUO kzx7wfzUJjccwgYE7dXdzv+QgOHxALc14EISiru7nEIMLH3poXnOhNzSKYFjOsCJ0GM7ve3e +pBD87kWAoZsVmdnX5h71U4XIWnNf0PxHApLQw0kz4egrWmRYxHeDa+rp6lGRN1HfvpUnS5J r0nVK1PY0DCpLj0p1vEo7XcUK43VJHUh7pIyw54i28MzJoQZJHETVXjMKMS0Ms0eaULAkBJP UYmv3SWKU6bfYLWaq9pUNaszoX0MJfEWWeutCjGOV+rZRJZNYbXbKsG4+mQhN1PMuDTjwVzp 2GiUZZc5T3On86RuOih6p8/3Wyr1akv2+2CfyosBH0e9JhQuJ4LZlbNtkvjC2fB6M9N4KVJj G3R1N2UEGiurooy4z1oRMVRQtzzp7y+txWUe4WuaH4Epg5rD6sjcRuORsIQF3w0/osZl3Vul ev7pnHt06ZP9EkqXoAw7SGp1yr9j3LrGRQMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsXCpdPEriuq/DTC4OBlY4umi6fYLG7OOMVk 0X7hAIvF0fPP2SyW/vnG7MDqsWbeGkaPJUt+Mnkc/rqQxWPxnpdMHoumPmMMYI3isklJzcks Sy3St0vgyvh0dB9jwQPHimVHJjA2MH416WLk5JAQMJGY8fESaxcjF4eQwHdGiRmXHzBDOIcZ JeYu+8AI4bxglOic+h+sjEWgk1ni69rHUGVTmCQuNM5G6Ln4qpMJZDKbgJ7E0b93wFpEBFoY JVbs+80MkmAWcJd4vWgXmC0soC+x5sxzdhBbRMBAou1gHyuEbSVxcdIWoEEcQPtUJCYssQYJ 8wrESNycuJMNYtkEJolHM3+xgCQ4BUIk/rffBpvJKCAm8f3UGiaIXeISt57MZ4J4VUBiyZ7z zBC2qMTLx//AjmMU6GSUWD5zFwtEQkmic9spsK8lBHqYJSbu2gSV8JV4/2Y3K4RdJ9E6+TEb yHUSAtkSux95w4T/32hihei9yCRx7tEtqM0yEi9OLIdKbGaVeNc1jRHifSmJu1c6GScwas1C ci2EbSDx/tx8ZghbW2LZwtdgNq+AoMTJmU9YFjCyrGJUKCktLs4tyS1JTCzINDDSK67MTQYR icB0lKyXnJ+7iRGckpwldzAe+uNziFGAg1GJh3fB0ycRQqyJZUCVhxilOViUxHmX/7wVISSQ nliSmp2aWpBaFF9UmpNafIiRiYNTqoHRVVZ4Z63El0JPTVa9O3OXqc7TLFXs/CQRHr4l1/ri Npt/279KnjcqfPl4HecGgdaMrB09ZzXO2jt9j08457O8SGpegePnqapSge42/OkNq78Jis+0 NT7erbLs8iUPL9NdtRLGVbV/HQ+oOeRvyb7ZWhp9hUFu5uGr9gJXAjdNjEx68HWuxF4lluKM REMt5qLiRABkqW6BKgMAAA== X-CFilter-Loop: TUS03 Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 17:02:23 -0000 Thank You Dave! =A0I'd like to echo & agree with many=A0of your points, but= ask for a clarification on one aspect. =A0"First, I (believe) this is exac= tly the type of conversation we need to have. Thanks for kicking this off v= ery directly." =A0Well Said, Thank You Both! =A0"I am motivated to work joi= ntly on developing OTrP to address a wider set of concerns common to TEEs a= nd their environments, with the purpose of expanding the ease with which th= e marketplace can utilize TEE mechanisms." Again, I'm motivated by the same= purpose. =A0"Part of this development of OTrP (from my perspective) is bei= ng less normative about the exact location and instantiation of certain par= ties (particularly the TSM) and be specific on the operations and activitie= s at particular 'service access points' of the protocol." =A0I believe that= is a great suggestion, and I'm fully supportive. =A0Still my clarifying qu= estion relates to the=A0desire=A0"to define a more abstract definition of a= TEE, and desiring a protocol that is applicable to a wide set of TEEs." = =A0I'm eager to support a wide set of TEE, including both SGX and TZ based = TEE. =A0 My question is, "do we need to abandon the Global Platform (GP)=A0= definition of a TEE to support both SGX and TZ based TEE?" =A0I believe tha= t we do Not need to abandon the GP definition of a TEE to support both SGX = and TZ based TEE, but I'd be eager to get your view here as you've framed t= he rest so very well. =A0Last, either way,=A0"I believe IETF is exactly the= place to have this conversation and define a very open and inclusive proto= col." =A0Again, I agree completely. =A0 Thank You Again! Brian From: TEEP on behalf of Wheeler, David M Sent: Wednesday, April 5, 2017 9:34 AM To: 'Jeremy O'Donoghue'; Tero Kivinen Cc: Hannes Tschofenig; teep Subject: [EXT] Re: [Teep] My BoF impression =A0=20 I=92m a bit behind on the thread, but want to respond to Jeremy=92s origina= l comment. =A0 First, I this is exactly the type of conversation we need to have. Thanks f= or kicking this off very directly. I agree with your perception of the two groups, though I think it is import= ant to understand the motivations in the second group, since they may be va= ried.=20 =A0 I will put myself voluntarily in the second bucket. I will present my perso= nal perspective, which may be different from others in the =93second group= =94. =A0 For myself, I am looking to define a more abstract definition of a TEE, and= desiring a protocol that is applicable to a wide set of TEEs. From my pers= pective, looking at TEEs that Intel has in the marketplace, and also havin= g worked for several years on Intel=92s XScale processors (and am thus fami= liar with TZ), the current OTrP draft addresses Trust Zone concerns without= really considering other TEEs. This is my perception, of course. =A0 It is also my opinion that an IETF protocol should do more than address imp= lementation specific concerns. I am motivated to work jointly on developing OTrP to address a wider set of= concerns common to TEEs and their environments, with the purpose of expand= ing the ease with which the marketplace can utilize TEE mechanisms. =A0 Part of this development of OTrP (from my perspective) is being less normat= ive about the exact location and instantiation of certain parties (particul= arly the TSM) and be specific on the operations and activities at particul= ar =93service access points=94 of the protocol. My point here is that OTrP = in its current rendition is too implementation speci= fic and too normative in its description of the marketplace. I believe thi= s is fine as an example, but not as part of the protocol. =A0 I believe IETF is exactly the place to have this conversation and define a = very open and inclusive protocol. I realize that takes some time. I look fo= rward to having this conversation in more detail. =A0 Thanks, Dave Wheeler =A0 From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Jeremy O'Donoghue Sent: Tuesday, April 4, 2017 7:13 AM To: Tero Kivinen Cc: Hannes Tschofenig ; teep Subject: Re: [Teep] My BoF impression =A0 =A0 On 4 Apr 2017, at 12:21, Tero Kivinen wrote: =20 My feeling that the main question what people did not understand was: What is the real difference between TEEP and just normal application download. I.e., why separate protocol is needed. How is this different from just having perhaps encrypted signed application blob from the marketplace and installing that. At least that was my main question when we discussed this before the BoF. Of course it does not help, that when you ask that question from different people you get different answer, as the idea of what TEEP is different for different people=85 =20 =A0 =20 I think there is a degree of talking at cross-purposes. =20 =A0 =20 There is one group - essentially those sponsoring the creation of this grou= p - which has a very clear understanding of what it would like TEEP to be, = which is essentially three things: =20 =A0 =20 A mechanism for managing Trusted Applications and their associated secrets= and key material in a GlobalPlatform TEE or something that is conceptually= very similar. A mechanism for establishing a chain of trust rooted in firmware and coveri= ng the TEE and possibly other system components up to and including the exe= cuting Task in a Security Domain. A mechanism - targeted at phone and tablet type devices - which operates in= dependently of the =93App Store=94 mechanism, and is based on a PKI infrast= ructure allowing Service Providers to manage the Trusted Applications they = control without the need for user intervention. =20 =A0 =20 The draft specification very clearly addresses such a system. Understanding= it fully requires considerable familiarity with the GlobalPlatform TEE spe= cifications, since much of the terminology and architectural assumptions ar= e derived from these. =20 =A0 =20 There is a second group which is starting from a more abstract position of = what a TEE should look like and what security services it might then provid= e to a system and how the control of these could be structured. This is a c= ompletely different problem, and likely a much broader one which is diffic= ult to encapsulate in a small scope. =20 =20 Trying to make the architecture too generic also confuses things. It might be better to have more concrete example with more limited scope, that would explain things what TEEP should provide. For example: 1) TEEP provides a way to install software from the Secure trusted application marketplace to the TEE running inside device. 2) The Secure trusted appliation marketplace needs to be able to verify that the TEE wanting to install an application is actual TEE, and not some fake device, for example using signature from the key installed by the manufacturer which is used to sign the installation request. 3) The Secure trusted application marketplace can then encrypt the trusted application with TEE specific key, so that nobody else than TEE can decrypt and install it. This will prevent leaking out confidential material inside the application. Trusted application instlal package might also be personalized for the specific TEE. Secure trusted application marketplace will also sign the trusted application install package, so TEE can verify it is authentic. 4) TEE will verify the signature of the trusted application install package, and check that signer is trusted, and then it will decrypt the package, and install it. 5) The application running on the REE side might need to verify that the trusted application part of it has been properly installed to real TEE, so it can trust it doing its job. I am not sure if this will be part of the TEEP or not... Is my understanding of TEEP correct? I do not know, and I assume other people have different ideas what should or should not be part of it. =20 =A0 =20 I think this is a pretty good explanation of what the first group would lik= e to see. =A0 =20 Best regards =20 Jeremy =A0 = From nobody Tue Apr 11 09:01:08 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4051129BC7 for ; Tue, 11 Apr 2017 09:01:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_dGRT7IJWIy for ; Tue, 11 Apr 2017 09:01:06 -0700 (PDT) Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA93C12EAE7 for ; Tue, 11 Apr 2017 08:55:55 -0700 (PDT) Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id v3BFtrxY047472 for ; Tue, 11 Apr 2017 11:55:54 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu v3BFtrxY047472 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1491926154; bh=vEeb0n5jQB08tkbPhxMC8MeFrktt7kqelilb/ug2H+0=; h=From:To:Subject:Date:From; b=Ld+M+BWmOXfuMxnaWy1hK1tg/MV/AhBik+uX7NSyghzJmB6Y4G3caJfo6KloB8+5I 5C3y9hANxfWhXuS5gffgxfWJpTw+QDHKh6umJByWWlxRDqYPQ5MyNsgdM6xHR5rMH+ ETAiR81BkVqK+26FehuvGaA39ZtzSU29wZeXM2RM= Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id v3BFtqZX047302 for ; Tue, 11 Apr 2017 11:55:52 -0400 Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0319.002; Tue, 11 Apr 2017 11:55:52 -0400 From: Chris Inacio To: "teep@ietf.org" Thread-Topic: TEEP charter, attestation, and HW assurance Thread-Index: AQHSstwYq1dfhGdFZUW4a6HiB0NJyA== Date: Tue, 11 Apr 2017 15:55:51 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.51.97] Content-Type: multipart/alternative; boundary="_000_etPan58ecfc8740760c06aa61certorg_" MIME-Version: 1.0 Archived-At: Subject: [Teep] TEEP charter, attestation, and HW assurance X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2017 16:01:08 -0000 --_000_etPan58ecfc8740760c06aa61certorg_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQpJIGhhdmUgYSBxdWVzdGlvbiB3aXRoIHJlZ2FyZHMgdG8gdGhlIGNoYXJ0ZXJpbmcgZG9jdW1l bnQ6ICBDYW4gd2UgZGVmaW5lIHRoZSBib3VuZHMgb2Ygd2hhdCB3ZSBtZWFuIGJ5IOKAnGF0dGVz dGF0aW9u4oCdIHdpdGhpbiB0aGUgY2hhcnRlcj8NCg0KQXMgYSByZXNlYXJjaGVyIGF0IENhcm5l Z2llLU1lbGxvbiB3ZeKAmXJlIGFsc28gaW50ZXJlc3RlZCBpbiB0aGUgdG9waWMgb2YgdHJ1c3Rp bmcgdGhlIGhhcmR3YXJlIGFuZCB1bmRlcnN0YW5kaW5nIHRoZSBzdXBwbHkgY2hhaW4gZnJvbSBp bmNlcHRpb24gdG8gZGVsaXZlcnkgb2YgcHJvZHVjdCB0byB0aGUgZW5kIHVzZXIuICBUYWtpbmcg aW50byBjb25zaWRlcmF0aW9uIHRoZSBzaW1wbHkgY2FzZSwgYW4gSW50ZWwgcHJvY2Vzc29yLCB0 aGVyZSBhcmUgc3RpbGwgYSBsb3Qgb2YgZGlmZmVyZW50IOKAnGhhbmRz4oCdIHRoYXQgdGhlIGRl dmljZSBtdXN0IHBhc3MgdGhyb3VnaCBiZWZvcmUgSSByZWNlaXZlIGl0IGFuZCBjYW4gbWFrZSB1 c2Ugb2YgaXQuICBBUk0sIGJlaW5nIGZhYmxlc3MsIGlzIGFsbW9zdCB0b28gY29tcGxpY2F0ZWQg dG8gZGlzY3VzcyBoZXJlLiAgU28gdGhlIOKAnGF0dGVzdGF0aW9u4oCdLCB1bmxlc3MgSeKAmW0g cGFydGljdWxhcmx5IGZvb2xpc2ggKHdoaWNoIGlzIGZhaXJseSBsaWtlbHkpIGhhcyBpdHMgbGlt aXRzIHRvIHdoYXQgeW91IGNhbiB0cnVzdC4NCg0KUHJvYmFibHkgb3V0IG9mIHNjb3BlLCBidXQg bWlnaHQgaGVscCByZWZpbmUgdGhlIGNoYXJ0ZXIgc3RhdGVtZW50Og0KQXJlIHRoZXJlIGFueSBo YXJkd2FyZSBkZXZpY2VzIHdpdGggYSBQVUYgdGllZCB0byB0aGVpciBURUUgdGhhdCBjYW4gYmUg c2lnbmVkIGJ5IHRoZSBzaWxpY29uIG1hbnVmYWN0dXJlcj8gIElzIHRoZXJlIGFueSBkZXNpZ24g b2YgYSBQVUYgdGhhdCBjYW4gcHJvdmlkZSBlbm91Z2ggY292ZXJhZ2Ugb2YgdGhlIFRFRSBpbXBs ZW1lbnRhdGlvbiB0byBnZW5lcmF0ZSBhIGdvb2QgbGV2ZWwgb2YgYXNzdXJhbmNlPw0KDQpJZiB0 aG9zZSBhcmVu4oCZdCBvdXQgb2Ygc2NvcGUgLSBob3cgd291bGQgdGhleSBiZSBjb21tdW5pY2F0 ZWQgaW4gdGhlIHByb3RvY29sIHRvIHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVudCBsZXZlbHMgb2Yg YXNzdXJhbmNlIHRoYXQgbWlnaHQgYmUgcHJvdmlkZWQgYnkgdGhlIFRFRT8gIElzIGl0IHBvc3Np YmxlIHRvIGhhdmUgdmFyeWluZyBsZXZlbHMgb2YgVEVFIGFzc3VyYW5jZSBjb21tdW5pY2F0ZWQg aW4gdGhlIHByb3RvY29sIGZvciB0aGUgdmFyaW91cyBwYXJ0aWVzIGxldmVyYWdpbmcgdGhlIFRF RSB0byBtYWtlIHJpc2sgZGVjaXNpb25zIG9uIHRoZWlyIHVzYWdlPw0KDQpSRUFMTFkgT1VUIE9G IFNDT1BFOiAgSWRlYWxseSBmb3IgbWUsIEkgd291bGQgbGlrZSB0byB1bmRlcnN0YW5kIGhvdyB0 byBsZXZlcmFnZSBhIHByb3RvY29sIGxpa2UgdGhpcyB0byBnYWluIHNvbWUgdHlwZSBvZiBhc3N1 cmFuY2Ugb24gYW4gRlBHQS4gIEdyYW50ZWQgdGhlIFRFRSBvbiB0aGF0IGRldmljZSB3b3VsZCBs aWtlIHRyZW1lbmRvdXNseSBkaWZmZXJlbnQsIGJ1dCBJIHdvdWxkIGxpa2UgdG8gYmUgYWJsZSB0 byBuZWdvdGlhdGUgd2hhdCB0aGF0IGFzc3VyYW5jZSBjb3VsZCBiZSB0aGF0IHdheS4gIEVzcGVj aWFsbHkgd2hlbiBpdCBjb21lcyB0byB0aGluZ3MgbGlrZSBoYXZpbmcgcmVjb25maWd1cmFibGUg ZmFicmljIG9uIG15IGRlc2t0b3AgcHJvY2Vzc29yIOKAkyBYZW9uIGFueW9uZT8NCg0KVGhhbmtz LA0KLS0NCkNocmlzIEluYWNpbw0KaW5hY2lvQGNlcnQub3JnPG1haWx0bzppbmFjaW9AY2VydC5v cmc+DQoNCg== --_000_etPan58ecfc8740760c06aa61certorg_ Content-Type: text/html; charset="utf-8" Content-ID: <2411EDF07FADCD499659ACEF0C731C67@sei.cmu.edu> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxzdHlsZT5ib2R5e2ZvbnQtZmFtaWx5OlNvdXJj ZSBTYW5zIFBybyxBcmlhbDtmb250LXNpemU6MTNweH08L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkg c3R5bGU9IndvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAt d2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyI+DQo8ZGl2IGlkPSJibG9vcF9j dXN0b21mb250IiBzdHlsZT0iZm9udC1mYW1pbHk6U291cmNlIFNhbnMgUHJvLEFyaWFsO2ZvbnQt c2l6ZToxM3B4OyBjb2xvcjogcmdiYSgwLDAsMCwxLjApOyBtYXJnaW46IDBweDsgbGluZS1oZWln aHQ6IGF1dG87Ij4NCjxicj4NCjwvZGl2Pg0KSSBoYXZlIGEgcXVlc3Rpb24gd2l0aCByZWdhcmRz IHRvIHRoZSBjaGFydGVyaW5nIGRvY3VtZW50OiAmbmJzcDtDYW4gd2UgZGVmaW5lIHRoZSBib3Vu ZHMgb2Ygd2hhdCB3ZSBtZWFuIGJ5IOKAnGF0dGVzdGF0aW9u4oCdIHdpdGhpbiB0aGUgY2hhcnRl cj8NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PkFzIGEgcmVzZWFyY2hlciBhdCBDYXJuZWdpZS1N ZWxsb24gd2XigJlyZSBhbHNvIGludGVyZXN0ZWQgaW4gdGhlIHRvcGljIG9mIHRydXN0aW5nIHRo ZSBoYXJkd2FyZSBhbmQgdW5kZXJzdGFuZGluZyB0aGUgc3VwcGx5IGNoYWluIGZyb20gaW5jZXB0 aW9uIHRvIGRlbGl2ZXJ5IG9mIHByb2R1Y3QgdG8gdGhlIGVuZCB1c2VyLiAmbmJzcDtUYWtpbmcg aW50byBjb25zaWRlcmF0aW9uIHRoZSBzaW1wbHkgY2FzZSwgYW4gSW50ZWwgcHJvY2Vzc29yLCB0 aGVyZQ0KIGFyZSBzdGlsbCBhIGxvdCBvZiBkaWZmZXJlbnQg4oCcaGFuZHPigJ0gdGhhdCB0aGUg ZGV2aWNlIG11c3QgcGFzcyB0aHJvdWdoIGJlZm9yZSBJIHJlY2VpdmUgaXQgYW5kIGNhbiBtYWtl IHVzZSBvZiBpdC4gJm5ic3A7QVJNLCBiZWluZyBmYWJsZXNzLCBpcyBhbG1vc3QgdG9vIGNvbXBs aWNhdGVkIHRvIGRpc2N1c3MgaGVyZS4gJm5ic3A7U28gdGhlIOKAnGF0dGVzdGF0aW9u4oCdLCB1 bmxlc3MgSeKAmW0gcGFydGljdWxhcmx5IGZvb2xpc2ggKHdoaWNoIGlzIGZhaXJseSBsaWtlbHkp DQogaGFzIGl0cyBsaW1pdHMgdG8gd2hhdCB5b3UgY2FuIHRydXN0LjwvZGl2Pg0KPGRpdj48YnI+ DQo8L2Rpdj4NCjxkaXY+UHJvYmFibHkgb3V0IG9mIHNjb3BlLCBidXQgbWlnaHQgaGVscCByZWZp bmUgdGhlIGNoYXJ0ZXIgc3RhdGVtZW50OjwvZGl2Pg0KPGRpdj5BcmUgdGhlcmUgYW55IGhhcmR3 YXJlIGRldmljZXMgd2l0aCBhIFBVRiB0aWVkIHRvIHRoZWlyIFRFRSB0aGF0IGNhbiBiZSBzaWdu ZWQgYnkgdGhlIHNpbGljb24gbWFudWZhY3R1cmVyPyAmbmJzcDtJcyB0aGVyZSBhbnkgZGVzaWdu IG9mIGEgUFVGIHRoYXQgY2FuIHByb3ZpZGUgZW5vdWdoIGNvdmVyYWdlIG9mIHRoZSBURUUgaW1w bGVtZW50YXRpb24gdG8gZ2VuZXJhdGUgYSBnb29kIGxldmVsIG9mIGFzc3VyYW5jZT8gJm5ic3A7 PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5JZiB0aG9zZSBhcmVu4oCZdCBvdXQgb2Yg c2NvcGUgLSBob3cgd291bGQgdGhleSBiZSBjb21tdW5pY2F0ZWQgaW4gdGhlIHByb3RvY29sIHRv IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVudCBsZXZlbHMgb2YgYXNzdXJhbmNlIHRoYXQgbWlnaHQg YmUgcHJvdmlkZWQgYnkgdGhlIFRFRT8gJm5ic3A7SXMgaXQgcG9zc2libGUgdG8gaGF2ZSB2YXJ5 aW5nIGxldmVscyBvZiBURUUgYXNzdXJhbmNlIGNvbW11bmljYXRlZCBpbiB0aGUgcHJvdG9jb2wg Zm9yIHRoZQ0KIHZhcmlvdXMgcGFydGllcyBsZXZlcmFnaW5nIHRoZSBURUUgdG8gbWFrZSByaXNr IGRlY2lzaW9ucyBvbiB0aGVpciB1c2FnZT88L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2 PlJFQUxMWSBPVVQgT0YgU0NPUEU6ICZuYnNwO0lkZWFsbHkgZm9yIG1lLCBJIHdvdWxkIGxpa2Ug dG8gdW5kZXJzdGFuZCBob3cgdG8gbGV2ZXJhZ2UgYSBwcm90b2NvbCBsaWtlIHRoaXMgdG8gZ2Fp biBzb21lIHR5cGUgb2YgYXNzdXJhbmNlIG9uIGFuIEZQR0EuICZuYnNwO0dyYW50ZWQgdGhlIFRF RSBvbiB0aGF0IGRldmljZSB3b3VsZCBsaWtlIHRyZW1lbmRvdXNseSBkaWZmZXJlbnQsIGJ1dCBJ IHdvdWxkIGxpa2UgdG8gYmUgYWJsZSB0byBuZWdvdGlhdGUNCiB3aGF0IHRoYXQgYXNzdXJhbmNl IGNvdWxkIGJlIHRoYXQgd2F5LiAmbmJzcDtFc3BlY2lhbGx5IHdoZW4gaXQgY29tZXMgdG8gdGhp bmdzIGxpa2UgaGF2aW5nIHJlY29uZmlndXJhYmxlIGZhYnJpYyBvbiBteSBkZXNrdG9wIHByb2Nl c3NvciDigJMgWGVvbiBhbnlvbmU/PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5UaGFu a3MsPC9kaXY+DQo8ZGl2Pg0KPGRpdiBpZD0iYmxvb3Bfc2lnbl8xNDkxOTI1MjY3ODc5MjgwMTI4 IiBjbGFzcz0iYmxvb3Bfc2lnbiI+DQo8ZGl2IGNsYXNzPSJibG9vcF9vcmlnaW5hbF9odG1sIj4N CjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OmhlbHZldGljYSxhcmlhbDtmb250LXNpemU6MTNweCI+ LS0mbmJzcDs8YnI+DQpDaHJpcyBJbmFjaW88YnI+DQo8YSBocmVmPSJtYWlsdG86aW5hY2lvQGNl cnQub3JnIj5pbmFjaW9AY2VydC5vcmc8L2E+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWls eTpoZWx2ZXRpY2EsYXJpYWw7Zm9udC1zaXplOjEzcHgiPjxicj4NCjwvZGl2Pg0KPC9kaXY+DQo8 ZGl2IGNsYXNzPSJibG9vcF9tYXJrZG93biI+DQo8cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_etPan58ecfc8740760c06aa61certorg_-- From nobody Wed Apr 19 03:04:47 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7050D1270A0 for ; Wed, 19 Apr 2017 03:04:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xajO8jNxgPgo for ; Wed, 19 Apr 2017 03:04:43 -0700 (PDT) Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73186120454 for ; Wed, 19 Apr 2017 03:04:43 -0700 (PDT) Received: by mail-qt0-x22f.google.com with SMTP id m36so14828265qtb.0 for ; Wed, 19 Apr 2017 03:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=swxnWUqS84JKRtrf+8WqWrb655Q9tNREDku31oeOfzQ=; b=Z5RpdNumknOrTZdOsU9MnTKnvVVRvnEzOAR1gBNX0RhJlAQg/4YZVQJbs1ZOY82fAB I0xtMEsUcaSo4KPhjUTkhLFvyzm4JjmdYW8gBrSPqZqPPXivcHStJYPjwHF1Fz+MAqko J0Y5bkA+hR3wEacQFVXOJmaCHTMGaFVfGS0VxMuKwB7p3NvJA3sC2RmTN1DknP4cNI9C H1lxd+ua0RG9uwRhGz7616BqP24sLWndYbrjQMLW8Zb4lTAktlsd/DE0JOSLCiVWwx92 jJMlDsjcKgkhgxSK3iNsdRieTKW2S1E47W9NDsw/BjcR0MlJWVffiSSj4Mr8Aa9MAOrx f1nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=swxnWUqS84JKRtrf+8WqWrb655Q9tNREDku31oeOfzQ=; b=s9NHs7hW5f7TyX7yoXyv8KGkL9FMeO5H0G2qbtHdx/rJ31aE5ufXgpNVY1q/EqAONm yGyCRZif5NJv0Yz2Ud5RjMt71Mmhwq5p/ZoWU1cNivODJZLB7Xnv30pRtOSWS84SObtg PhPyW8Y6W24U1exet4nTOCA/2YXbcSYXKsJICMyU4ZXe0nWiaCpYSry8RoNDaCzary7k txmePmVCPDIhFwXgjyEEC0BKbnFbC1PdYjt7JPx0D6vLYHh8AMzsCiVM+OqwlzY/0RFm 9TDkBn7cpYv50ME+ER+yX3SVeL53us2W34+yZPiRrcCRYVvtG+uSk4UYDYU73sK5VWlN q1BA== X-Gm-Message-State: AN3rC/7lHzaBkr6JTlGV0q4zBnMgmYc0aXMBIA9qTpuLd57HzCNh5aOa 0PuLxNfUrfq/H0PxozzDN+fRFUX6oSkM X-Received: by 10.200.56.117 with SMTP id r50mr1796981qtb.278.1492596282372; Wed, 19 Apr 2017 03:04:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.58.102 with HTTP; Wed, 19 Apr 2017 03:04:21 -0700 (PDT) In-Reply-To: <181D91CE-607A-4A4A-981A-2954F81D85F2@qti.qualcomm.com> References: <22754.17024.203027.351436@fireball.acr.fi> <181D91CE-607A-4A4A-981A-2954F81D85F2@qti.qualcomm.com> From: Renzo Navas Date: Wed, 19 Apr 2017 12:04:21 +0200 Message-ID: To: teep Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Teep] Meeting materials from the BOF last week X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 10:04:45 -0000 Hi! Congratulations for this BoF I am trying to watch the meetecho recording, but unfortunately it has no so= und: https://play.conf.meetecho.com/Playout/?session=3DIETF98-TEEP-20170328-1450 However, the audio track works well: https://www.ietf.org/audio/ietf98/ietf98-zuriche_f-20170328-1450.mp3 So it's a matter of synchronizing, the audio should be set around +10 sec compared with the video time (have not finished watching the session) Hope to get back to you, I think I will be very interested to participate on this WG Regards, Renzo On Mon, Apr 3, 2017 at 2:48 PM, Jeremy O'Donoghue wrote: > Many thanks, Tero. > > This is my first time working in IETF, and I=E2=80=99m still trying to fi= nd my way around the tools. Sorry for the confusion on my part. > > Best regards > Jeremy > >> On 3 Apr 2017, at 13:39, Tero Kivinen wrote: >> >> Jeremy O'Donoghue writes: >>> As a non-participant at the BOF, but list member, I was hoping to be ab= le to >>> follow the meeting proceedings based on the notes and the accompanying = slides. >>> >>> Unfortunately I have only the slides from Dave Wheeler, which were shar= ed >>> on-list prior to the meeting. The agenda download is empty, which means= that I >>> have been unable to review Hannes or Mingliang=E2=80=99s slide decks al= ongside the >>> notes. >>> >>> Please let me know when/where the other sides used will be available. >> >> All slides were posted to the datatracker meeting material page before >> the session. The main IETF 98 meeting materials page is: >> >> https://datatracker.ietf.org/meeting/98/materials >> >> and if you search teep there you can find all the meeting materials. >> There is also agenda and minutes there. >> >> Or you can go to the teep bof page: >> >> https://datatracker.ietf.org/group/teep/meetings/ >> >> and click Materials there and get to the main page having materials: >> >> https://datatracker.ietf.org/meeting/98/session/teep >> >> The slides are also available on the >> https://datatracker.ietf.org/meeting/agenda/ page when you click the >> first icon on the teep row "Show meeting materials" you will get popup >> having the agenda and links to all slides. >> -- >> kivinen@iki.fi >> >> _______________________________________________ >> TEEP mailing list >> TEEP@ietf.org >> https://www.ietf.org/mailman/listinfo/teep > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep From nobody Thu Apr 20 02:20:16 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9994512EBBC for ; Thu, 20 Apr 2017 02:20:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intercedeltd.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNVTPhNv3s6e for ; Thu, 20 Apr 2017 02:20:11 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30066.outbound.protection.outlook.com [40.107.3.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 582C212EBBB for ; Thu, 20 Apr 2017 02:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=IntercedeLtd.onmicrosoft.com; s=selector1-intercede-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dOYZ9iqFF6iftGPvaEy8COJdA0+bVXVpq4i4Vw2YqL0=; b=m5FwCvUTLjfJEs1xavIRcihdmpNgcFDLpM6uORCCdtyvkFN9m8M03Kg0V6yCtM/sq87P+Tt+D/P+NL5YNoGq/WxOqQErlQzMfC5VWH2dWHm0yUkiCXuv2l7l3YsTmUchCoFwFkM3WO+XvCmlQYVjPWjU7vxf/ZOCL7akcBwSVfs= Received: from VI1PR06MB3215.eurprd06.prod.outlook.com (10.170.230.150) by VI1PR06MB3214.eurprd06.prod.outlook.com (10.170.230.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Thu, 20 Apr 2017 09:20:08 +0000 Received: from VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) by VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) with mapi id 15.01.1034.018; Thu, 20 Apr 2017 09:20:08 +0000 From: Nick Cook To: Brian Witten , "Wheeler, David M" , 'Jeremy O'Donoghue' , Tero Kivinen CC: Hannes Tschofenig , teep Thread-Topic: [Teep] [EXT] Re: My BoF impression Thread-Index: AQHSrj7kgfMQPCsZ50C+ThMeqevc16HODLIg Date: Thu, 20 Apr 2017 09:20:08 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> , <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: symantec.com; dkim=none (message not signed) header.d=none; symantec.com; dmarc=none action=none header.from=intercede.com; x-originating-ip: [80.2.227.78] x-microsoft-exchange-diagnostics: 1; VI1PR06MB3214; 7:GBaUMNFOMMimsVwZXe0nPuBzaS+FMkebUAQLlFmZFiSsA6csASo+UvW8eBuWmuT9JG5AhyG8cHFspSX7bkyK3wjJtVqfiAve3N8lo57PUNy20MRSktSRWFMV9q/w4WhpHkQ81NT+lLJetYKe7n9AnHrBhMF38CR4ggHT5Kphe5+l4N0nS2GeZZY3Rfv8DAJ4aGAMEvAwE6R5gnmtbrSprw7BHO2M3T3P5UVkORhML435qY2YYrKPOsI6bBd4MaoRbqSGKGxPM29NiL3wAdHjmLqNpgmuv3BFPlD5emAcUYa3Q3X9Zk/rQmGeJI8YyIwqBVrzyTdH8pGRnv8rxQ4yBw== x-ld-processed: 1075719f-f133-43d2-8156-800f80fef316,ExtAddr x-ms-office365-filtering-correlation-id: 50f143ec-871a-4cfd-ca21-08d487ce7070 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:VI1PR06MB3214; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(180628864354917)(278428928389397)(192374486261705)(228905959029699)(17755550239193); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123560025)(20161123564025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:VI1PR06MB3214; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB3214; x-forefront-prvs: 02830F0362 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39830400002)(39410400002)(39400400002)(39450400003)(51414003)(24454002)(57704003)(377454003)(189998001)(93886004)(76176999)(7696004)(54356999)(6436002)(50986999)(6116002)(2900100001)(102836003)(3280700002)(33656002)(3846002)(122556002)(229853002)(2906002)(8676002)(8936002)(3660700001)(81166006)(53936002)(5660300001)(2950100002)(7736002)(305945005)(66066001)(6246003)(54906002)(99286003)(9686003)(4326008)(77096006)(53546009)(86362001)(74316002)(25786009)(55016002)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR06MB3214; H:VI1PR06MB3215.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: intercede.com X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2017 09:20:08.2633 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1075719f-f133-43d2-8156-800f80fef316 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB3214 Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 09:20:15 -0000 Personally speaking, OTrP is about being able to install security applicati= ons into an environment that provides "trusted" hardware backed isolation b= etween the different applications. OTrP does that by establishing it is wor= king against the right device type and right isolation environment type and= then proceeds to install the application in a way that provides protection= for confidentiality and integrity. The term TEE is probably too often asso= ciated with a specific formulation of an isolation environment and therefor= e this is perhaps the first thing we should move forward. As an example, I've been working on a hardware backed hypervisor environmen= t that uses OTrP for the installation of the different containers/domains a= nd the virtual machine contents that goes in them. The trust chain from OTr= P is met and the isolation of applications and key material to those applic= ations is also provided. Based on that work and thinking specifically to my original goals for OTrP = when we started this work a few years back, I would like to support Dave Wh= eeler's comment on needing to formulate a more abstract definition for TEE.= I also agree with Brian that the GP definition doesn't need to be abandone= d to do that - I believe, expressed in the right way, the GP definition of = a TEE covers the hardware hypervisor case I described earlier in the email = also and I'm sure it can cover the other environments too. I do however think it is important that we restrict to isolation environmen= ts that are hardware backed as this is fundamental to the trust model. I also support Dave's suggestion that we can be less normative on exact loc= ations of the functional blocks of OTrP. I would like to have a companion d= ocument that does provide example deployments but the core protocol itself = does not need to be locked down to a specific deployment approach. Nick Cook -----Original Message----- From: Brian Witten [mailto:brian_witten@symantec.com]=20 Sent: 05 April 2017 18:02 To: Wheeler, David M ; 'Jeremy O'Donoghue' ; Tero Kivinen Cc: Hannes Tschofenig ; teep Subject: Re: [Teep] [EXT] Re: My BoF impression Thank You Dave! =A0I'd like to echo & agree with many=A0of your points, but= ask for a clarification on one aspect. =A0"First, I (believe) this is exac= tly the type of conversation we need to have. Thanks for kicking this off v= ery directly." =A0Well Said, Thank You Both! =A0"I am motivated to work joi= ntly on developing OTrP to address a wider set of concerns common to TEEs a= nd their environments, with the purpose of expanding the ease with which th= e marketplace can utilize TEE mechanisms." Again, I'm motivated by the same= purpose. =A0"Part of this development of OTrP (from my perspective) is bei= ng less normative about the exact location and instantiation of certain par= ties (particularly the TSM) and be specific on the operations and activitie= s at particular 'service access points' of the protocol." =A0I believe that= is a great suggestion, and I'm fully supportive. =A0Still my clarifying qu= estion relates to the=A0desire=A0"to define a more abstract definition of a= TEE, and desiring a protocol that is applicable to a wide set of TEEs." = =A0I'm eager to support a wide set of TEE, including both SGX and TZ based = TEE. =A0 My question is, "do we need to abandon the Global Platform (GP)=A0= definition of a TEE to support both SGX and TZ based TEE?" =A0I believe tha= t we do Not need to abandon the GP definition of a TEE to support both SGX = and TZ based TEE, but I'd be eager to get your view here as you've framed t= he rest so very well. =A0Last, either way,=A0"I believe IETF is exactly the= place to have this conversation and define a very open and inclusive proto= col." =A0Again, I agree completely. =A0 Thank You Again! Brian From: TEEP on behalf of Wheeler, David M Sent: Wednesday, April 5, 2017 9:34 AM To: 'Jeremy O'Donoghue'; Tero Kivinen Cc: Hannes Tschofenig; teep Subject: [EXT] Re: [Teep] My BoF impression =A0=20 I'm a bit behind on the thread, but want to respond to Jeremy's original co= mment. =A0 First, I this is exactly the type of conversation we need to have. Thanks f= or kicking this off very directly. I agree with your perception of the two groups, though I think it is import= ant to understand the motivations in the second group, since they may be va= ried.=20 =A0 I will put myself voluntarily in the second bucket. I will present my perso= nal perspective, which may be different from others in the "second group". =A0 For myself, I am looking to define a more abstract definition of a TEE, and= desiring a protocol that is applicable to a wide set of TEEs. From my pers= pective, looking at TEEs that Intel has in the marketplace, and also havin= g worked for several years on Intel's XScale processors (and am thus famili= ar with TZ), the current OTrP draft addresses Trust Zone concerns without r= eally considering other TEEs. This is my perception, of course. =A0 It is also my opinion that an IETF protocol should do more than address imp= lementation specific concerns. I am motivated to work jointly on developing OTrP to address a wider set of= concerns common to TEEs and their environments, with the purpose of expand= ing the ease with which the marketplace can utilize TEE mechanisms. =A0 Part of this development of OTrP (from my perspective) is being less normat= ive about the exact location and instantiation of certain parties (particul= arly the TSM) and be specific on the operations and activities at particul= ar "service access points" of the protocol. My point here is that OTrP in i= ts current rendition is too implementation specific = and too normative in its description of the marketplace. I believe this is= fine as an example, but not as part of the protocol. =A0 I believe IETF is exactly the place to have this conversation and define a = very open and inclusive protocol. I realize that takes some time. I look fo= rward to having this conversation in more detail. =A0 Thanks, Dave Wheeler =A0 From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Jeremy O'Donoghue Sent: Tuesday, April 4, 2017 7:13 AM To: Tero Kivinen Cc: Hannes Tschofenig ; teep Subject: Re: [Teep] My BoF impression =A0 =A0 On 4 Apr 2017, at 12:21, Tero Kivinen wrote: =20 My feeling that the main question what people did not understand was: What is the real difference between TEEP and just normal application downlo= ad. I.e., why separate protocol is needed. How is this different from just having perhaps encrypted signed application= blob from the marketplace and installing that. At least that was my main question when we discussed this before the BoF. Of course it does not help, that when you ask that question from different = people you get different answer, as the idea of what TEEP is different for = different people. =20 =A0 =20 I think there is a degree of talking at cross-purposes. =20 =A0 =20 There is one group - essentially those sponsoring the creation of this grou= p - which has a very clear understanding of what it would like TEEP to be, = which is essentially three things: =20 =A0 =20 A mechanism for managing Trusted Applications and their associated secrets= and key material in a GlobalPlatform TEE or something that is conceptually= very similar. A mechanism for establishing a chain of trust rooted in firmware and coveri= ng the TEE and possibly other system components up to and including the exe= cuting Task in a Security Domain. A mechanism - targeted at phone and tablet type devices - which operates in= dependently of the "App Store" mechanism, and is based on a PKI infrastruct= ure allowing Service Providers to manage the Trusted Applications they cont= rol without the need for user intervention. =20 =A0 =20 The draft specification very clearly addresses such a system. Understanding= it fully requires considerable familiarity with the GlobalPlatform TEE spe= cifications, since much of the terminology and architectural assumptions ar= e derived from these. =20 =A0 =20 There is a second group which is starting from a more abstract position of = what a TEE should look like and what security services it might then provid= e to a system and how the control of these could be structured. This is a c= ompletely different problem, and likely a much broader one which is diffic= ult to encapsulate in a small scope. =20 =20 Trying to make the architecture too generic also confuses things. It might = be better to have more concrete example with more limited scope, that would= explain things what TEEP should provide. For example: 1) TEEP provides a way to install software from the Secure trusted applicat= ion marketplace to the TEE running inside device. 2) The Secure trusted appliation marketplace needs to be able to verify tha= t the TEE wanting to install an application is actual TEE, and not some fak= e device, for example using signature from the key installed by the manufac= turer which is used to sign the installation request. 3) The Secure trusted application marketplace can then encrypt the trusted = application with TEE specific key, so that nobody else than TEE can decrypt= and install it. This will prevent leaking out confidential material inside= the application. Trusted application instlal package might also be personalized for the spec= ific TEE. Secure trusted application marketplace will also sign the trusted= application install package, so TEE can verify it is authentic. 4) TEE will verify the signature of the trusted application install package= , and check that signer is trusted, and then it will decrypt the package, a= nd install it. 5) The application running on the REE side might need to verify that the tr= usted application part of it has been properly installed to real TEE, so it= can trust it doing its job. I am not sure if this will be part of the TEEP= or not... Is my understanding of TEEP correct? I do not know, and I assume other peop= le have different ideas what should or should not be part of it. =20 =A0 =20 I think this is a pretty good explanation of what the first group would lik= e to see. =A0 =20 Best regards =20 Jeremy =A0 =20 From nobody Thu Apr 20 03:01:29 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 612E81294BC for ; Thu, 20 Apr 2017 03:01:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISs80-gvR8e0 for ; Thu, 20 Apr 2017 03:01:23 -0700 (PDT) Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 128B8126C7B for ; Thu, 20 Apr 2017 03:01:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1492682483; x=1524218483; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=e5HKuWwDkeP7So1aPhtlx8zPbhCyD5u4CX8qDsX7css=; b=FD1d9J8AL7z4PWlGjLxotuwhMLYrftrvYh7CQi9W7Mn4eIpGaxPnQOMY M7Ez1OtO8kIdMV/+vGaE3NR7D52pePLtGr0AtBmeBykmBQI/lkAp60UJf hoWNesBf5L56LzsagCTLEn34vOUvLk7j6hBoJa7m7Oejhzuw+z2VPjxND Q=; X-IronPort-AV: E=Sophos;i="5.37,225,1488873600"; d="scan'208,217";a="280196348" Received: from unknown (HELO Ironmsg04-R.qualcomm.com) ([10.53.140.108]) by wolverine01.qualcomm.com with ESMTP; 20 Apr 2017 03:01:22 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8503"; a="1402335968" X-MGA-submission: =?us-ascii?q?MDFy/49M0BG+yKv2d5o7v+7fm3P2MX+/4AtZeP?= =?us-ascii?q?NRfgFj2CCuEIyWlihWuDzmV2BeaM0OmXm9QgjEEa/Rz5diH6Q+CzGdjD?= =?us-ascii?q?Hl0FIowa95+xaVv3Uy/WvIkqgu5tYXfljlFdGr1V0ROX1csdYcrOLUx9?= =?us-ascii?q?JD?= Received: from nasanexm01f.na.qualcomm.com ([10.85.0.32]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 20 Apr 2017 03:01:21 -0700 Received: from euamsexm01b.eu.qualcomm.com (10.251.127.41) by NASANEXM01F.na.qualcomm.com (10.85.0.32) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 20 Apr 2017 03:01:20 -0700 Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01b.eu.qualcomm.com (10.251.127.41) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 20 Apr 2017 12:01:17 +0200 Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1178.000; Thu, 20 Apr 2017 12:01:17 +0200 From: Jeremy O'Donoghue To: Nick Cook CC: Brian Witten , "Wheeler, David M" , Tero Kivinen , Hannes Tschofenig , teep Thread-Topic: [Teep] [EXT] Re: My BoF impression Thread-Index: AQHSri5/s+zvCtv0+U+ECLiK20l/g6HN8LcAgAALfgA= Date: Thu, 20 Apr 2017 10:01:17 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.251.41.145] Content-Type: multipart/alternative; boundary="_000_A7F6BAAB091B4CF69C5D105099F72920qtiqualcommcom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 10:01:27 -0000 --_000_A7F6BAAB091B4CF69C5D105099F72920qtiqualcommcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIEdQIGRlZmluaXRpb24gb2YgYSBURUVbMV0gaXMgbm90IHRpZWQgdG8gVHJ1c3R6b25lIGlu IGFueSB3YXksIGFuZCBJIHNlZSBub3RoaW5nIHRvIHN1Z2dlc3QgdGhhdCBpdCBwcmVjbHVkZXMg dGhlIHR5cGUgb2YgaHlwZXJ2aXNvci1iYXNlZCBlbnZpcm9ubWVudCB5b3UgZGVzY3JpYmUuDQoN CldoYXQgR2xvYmFsUGxhdGZvcm0gc2F5cyAoWzFdLCBTZWN0aW9uIDIuMi4xKSwgaXM6DQoNClRo ZSBwcmltYXJ5IHB1cnBvc2Ugb2YgYSBURUUgaXMgdG8gcHJvdGVjdCBpdHMgYXNzZXRzIGZyb20g dGhlIFJFRQ0KYW5kIG90aGVyIGVudmlyb25tZW50cy4NCi0gVGhpcyBpcyBhY2hpZXZlZCB0aHJv dWdoIGhhcmR3YXJlIG1lY2hhbmlzbXMgdGhhdCB0aG9zZSBvdGhlcg0KICBlbnZpcm9ubWVudHMg Y2Fubm90IGNvbnRyb2wuDQoNClRoaXMgcHJvdGVjdGlvbiBhbHdheXMgaW5jbHVkZXMgcHJvdGVj dGlvbiBhZ2FpbnN0IG90aGVyIGV4ZWN1dGlvbg0KZW52aXJvbm1lbnRzLg0KW+KApl0NClRoZSBU RUUgaXMgaW5zdGFudGlhdGVkIHRocm91Z2ggYSBzZWN1cmUgYm9vdCBwcm9jZXNzIHVzaW5nIGFz c2V0cw0KYm91bmQgdG8gdGhlIFNvQyBvciB0aGUgT2ZmLVNvQyBTZWN1cml0eSBQcm9jZXNzb3Ig YW5kIGlzb2xhdGVkDQpmcm9tIHRoZSBSRUUuDQotIFRoZSBpbnRlZ3JpdHkgYW5kIGF1dGhlbnRp Y2l0eSBnYWluZWQgdGhyb3VnaCBzZWN1cmUgYm9vdDoNCiAgLSBFeHRlbmRzIHRocm91Z2hvdXQg dGhlIGxpZmV0aW1lIG9mIHRoZSBURUUuDQogIC0gSXMgcmV0YWluZWQgdGhyb3VnaCBhbnkgc3Rh dGUgdHJhbnNpdGlvbnMgaW4gdGhlIHN5c3RlbSBzdWNoDQogICAgYXMgcG93ZXIgdHJhbnNpdGlv bnMgb3IgY29yZSBtaWdyYXRpb24uDQoNCkl0IGZ1cnRoZXIgZGVmaW5lcyB0aGUgdHJhbnNpdGlv biBmcm9tIHRoZSBub24tc2VjdXJlIHRvIHNlY3VyZSB3b3JsZCBpbiBhIGZhaXJseSBhYnN0cmFj dCBtYW5uZXIgd2hpY2ggY292ZXJzIHRoZSBoeXBlcnZpc29yIHVzZSBjYXNlIHN1ZmZpY2llbnRs eSwgSSB0aGluayAoWzFdLCBTZWN0aW9uIDIuMi4zKToNCg0KVGhlIG9ubHkgd2F5IGZvciB0aGUg UkVFIHRvIGdldCBhY2Nlc3MgdG8gdHJ1c3RlZCByZXNvdXJjZXMgaXMgdmlhDQphbnkgQVBJIGVu dHJ5IHBvaW50cyBvciBzZXJ2aWNlcyBleHBvc2VkIGJ5IHRoZSBURUUgYW5kIGFjY2Vzc2VkDQp0 aHJvdWdoLCBmb3IgZXhhbXBsZSwgdGhlIFRFRSBDbGllbnQgQVBJLiBUaGlzIGRvZXMgbm90IHBy ZWNsdWRlDQp0aGUgY2FwYWJpbGl0eSBvZiB0aGUgUkVFIHBhc3NpbmcgYnVmZmVycyB0byB0aGUg VEVFIChhbmQgdmljZSB2ZXJzYSkNCmluIGEgY29udHJvbGxlZCBhbmQgcHJvdGVjdGVkIG1hbm5l ci4NCg0KSW4gc2hvcnQsIEkgYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZSBHUCBkZWZpbml0aW9u IG9mIGEgVEVFIGlzIGEgcmVhc29uYWJsZSBzdGFydGluZyBwb2ludCBmb3IgZGlzY3Vzc2lvbiwg YnV0IEkgc3Ryb25nbHkgc3VwcG9ydCBJRVRGIGV4cGxvcmluZyBvdGhlciB1c2UgY2FzZXMgYW5k IHN5c3RlbSBhcmNoaXRlY3R1cmVzIHRoYXQgR1AgaGFzIG5vdCBhZGRyZXNzZWQgLSBpdCBzZWVt cyB0byBtZSB0aGF0IHRoaXMgaXMgd2hlcmUgdGhlIGdyZWF0ZXN0IHZhbHVlIHdvdWxkIGJlIGdl bmVyYXRlZCBmb3IgdGhlIGVjb3N5c3RlbS4NCg0KSSBhbSBjb25jZXJuZWQgdGhhdCBpdCB3aWxs IGJlIGNoYWxsZW5naW5nIHRvIG1vdmUgZm9yd2FyZCBlZmZlY3RpdmVseSB3aGVuIG1hbnkgcGFy dGljaXBhbnRzIGFyZSB1bmZhbWlsaWFyIHdpdGggdGhlIEdQIHN0YW5kYXJkcy1iYXNlIG9uIHdo aWNoIHRoZSBjdXJyZW50IGRyYWZ0IGRyYXdzIGhlYXZpbHkgdW5sZXNzIHdlIGFyZSBhYmxlIHRv IHRha2Ugc3RlcHMgdG8gcmVtZWR5IHRoaXMuIEFyZSB0aGVyZSBhbnkgc3VnZ2VzdGlvbnMgYXMg dG8gaG93IHRoaXMgY291bGQgYmUgbWFuYWdlZD8gSW4gc2hvcnQsIGhvdyBkbyB3ZSBhbGlnbiB0 aGUgdHdvIGRpZmZlcmVudCBncm91cHMgaW4gRGVlcCBtb3JlIGNsb3NlbHk/DQoNCkJlc3QgcmVn YXJkcw0KSmVyZW15DQoNClsxXSBHbG9iYWxQbGF0Zm9ybSBURUUgU3lzdGVtIEFyY2hpdGVjdHVy ZSwgVmVyc2lvbiAxLjEsIEphbnVhcnkgMjAxNy4NCg0KT24gMjAgQXByIDIwMTcsIGF0IDEwOjIw LCBOaWNrIENvb2sgPE5pY2suQ29va0BpbnRlcmNlZGUuY29tPG1haWx0bzpOaWNrLkNvb2tAaW50 ZXJjZWRlLmNvbT4+IHdyb3RlOg0KDQpQZXJzb25hbGx5IHNwZWFraW5nLCBPVHJQIGlzIGFib3V0 IGJlaW5nIGFibGUgdG8gaW5zdGFsbCBzZWN1cml0eSBhcHBsaWNhdGlvbnMgaW50byBhbiBlbnZp cm9ubWVudCB0aGF0IHByb3ZpZGVzICJ0cnVzdGVkIiBoYXJkd2FyZSBiYWNrZWQgaXNvbGF0aW9u IGJldHdlZW4gdGhlIGRpZmZlcmVudCBhcHBsaWNhdGlvbnMuIE9UclAgZG9lcyB0aGF0IGJ5IGVz dGFibGlzaGluZyBpdCBpcyB3b3JraW5nIGFnYWluc3QgdGhlIHJpZ2h0IGRldmljZSB0eXBlIGFu ZCByaWdodCBpc29sYXRpb24gZW52aXJvbm1lbnQgdHlwZSBhbmQgdGhlbiBwcm9jZWVkcyB0byBp bnN0YWxsIHRoZSBhcHBsaWNhdGlvbiBpbiBhIHdheSB0aGF0IHByb3ZpZGVzIHByb3RlY3Rpb24g Zm9yIGNvbmZpZGVudGlhbGl0eSBhbmQgaW50ZWdyaXR5LiBUaGUgdGVybSBURUUgaXMgcHJvYmFi bHkgdG9vIG9mdGVuIGFzc29jaWF0ZWQgd2l0aCBhIHNwZWNpZmljIGZvcm11bGF0aW9uIG9mIGFu IGlzb2xhdGlvbiBlbnZpcm9ubWVudCBhbmQgdGhlcmVmb3JlIHRoaXMgaXMgcGVyaGFwcyB0aGUg Zmlyc3QgdGhpbmcgd2Ugc2hvdWxkIG1vdmUgZm9yd2FyZC4NCg0KQXMgYW4gZXhhbXBsZSwgSSd2 ZSBiZWVuIHdvcmtpbmcgb24gYSBoYXJkd2FyZSBiYWNrZWQgaHlwZXJ2aXNvciBlbnZpcm9ubWVu dCB0aGF0IHVzZXMgT1RyUCBmb3IgdGhlIGluc3RhbGxhdGlvbiBvZiB0aGUgZGlmZmVyZW50IGNv bnRhaW5lcnMvZG9tYWlucyBhbmQgdGhlIHZpcnR1YWwgbWFjaGluZSBjb250ZW50cyB0aGF0IGdv ZXMgaW4gdGhlbS4gVGhlIHRydXN0IGNoYWluIGZyb20gT1RyUCBpcyBtZXQgYW5kIHRoZSBpc29s YXRpb24gb2YgYXBwbGljYXRpb25zIGFuZCBrZXkgbWF0ZXJpYWwgdG8gdGhvc2UgYXBwbGljYXRp b25zIGlzIGFsc28gcHJvdmlkZWQuDQoNCkJhc2VkIG9uIHRoYXQgd29yayBhbmQgdGhpbmtpbmcg c3BlY2lmaWNhbGx5IHRvIG15IG9yaWdpbmFsIGdvYWxzIGZvciBPVHJQIHdoZW4gd2Ugc3RhcnRl ZCB0aGlzIHdvcmsgYSBmZXcgeWVhcnMgYmFjaywgSSB3b3VsZCBsaWtlIHRvIHN1cHBvcnQgRGF2 ZSBXaGVlbGVyJ3MgY29tbWVudCBvbiBuZWVkaW5nIHRvIGZvcm11bGF0ZSBhIG1vcmUgYWJzdHJh Y3QgZGVmaW5pdGlvbiBmb3IgVEVFLiBJIGFsc28gYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZSBH UCBkZWZpbml0aW9uIGRvZXNuJ3QgbmVlZCB0byBiZSBhYmFuZG9uZWQgdG8gZG8gdGhhdCAtIEkg YmVsaWV2ZSwgZXhwcmVzc2VkIGluIHRoZSByaWdodCB3YXksIHRoZSBHUCBkZWZpbml0aW9uIG9m IGEgVEVFIGNvdmVycyB0aGUgaGFyZHdhcmUgaHlwZXJ2aXNvciBjYXNlIEkgZGVzY3JpYmVkIGVh cmxpZXIgaW4gdGhlIGVtYWlsIGFsc28gYW5kIEknbSBzdXJlIGl0IGNhbiBjb3ZlciB0aGUgb3Ro ZXIgZW52aXJvbm1lbnRzIHRvby4NCg0KDQpJIGRvIGhvd2V2ZXIgdGhpbmsgaXQgaXMgaW1wb3J0 YW50IHRoYXQgd2UgcmVzdHJpY3QgdG8gaXNvbGF0aW9uIGVudmlyb25tZW50cyB0aGF0IGFyZSBo YXJkd2FyZSBiYWNrZWQgYXMgdGhpcyBpcyBmdW5kYW1lbnRhbCB0byB0aGUgdHJ1c3QgbW9kZWwu DQoNCkkgYWxzbyBzdXBwb3J0IERhdmUncyBzdWdnZXN0aW9uIHRoYXQgd2UgY2FuIGJlIGxlc3Mg bm9ybWF0aXZlIG9uIGV4YWN0IGxvY2F0aW9ucyBvZiB0aGUgZnVuY3Rpb25hbCBibG9ja3Mgb2Yg T1RyUC4gSSB3b3VsZCBsaWtlIHRvIGhhdmUgYSBjb21wYW5pb24gZG9jdW1lbnQgdGhhdCBkb2Vz IHByb3ZpZGUgZXhhbXBsZSBkZXBsb3ltZW50cyBidXQgdGhlIGNvcmUgcHJvdG9jb2wgaXRzZWxm IGRvZXMgbm90IG5lZWQgdG8gYmUgbG9ja2VkIGRvd24gdG8gYSBzcGVjaWZpYyBkZXBsb3ltZW50 IGFwcHJvYWNoLg0KDQoNCg0KTmljayBDb29rDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0K RnJvbTogQnJpYW4gV2l0dGVuIFttYWlsdG86YnJpYW5fd2l0dGVuQHN5bWFudGVjLmNvbV0NClNl bnQ6IDA1IEFwcmlsIDIwMTcgMTg6MDINClRvOiBXaGVlbGVyLCBEYXZpZCBNIDxkYXZpZC5tLndo ZWVsZXJAaW50ZWwuY29tPG1haWx0bzpkYXZpZC5tLndoZWVsZXJAaW50ZWwuY29tPj47ICdKZXJl bXkgTydEb25vZ2h1ZScgPGpvZG9ub2doQHF0aS5xdWFsY29tbS5jb208bWFpbHRvOmpvZG9ub2do QHF0aS5xdWFsY29tbS5jb20+PjsgVGVybyBLaXZpbmVuIDxraXZpbmVuQGlraS5maTxtYWlsdG86 a2l2aW5lbkBpa2kuZmk+Pg0KQ2M6IEhhbm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5p Z0Bhcm0uY29tPG1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPj47IHRlZXAgPHRlZXBA aWV0Zi5vcmc8bWFpbHRvOnRlZXBAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtUZWVwXSBbRVhU XSBSZTogTXkgQm9GIGltcHJlc3Npb24NCg0KVGhhbmsgWW91IERhdmUhICBJJ2QgbGlrZSB0byBl Y2hvICYgYWdyZWUgd2l0aCBtYW55IG9mIHlvdXIgcG9pbnRzLCBidXQgYXNrIGZvciBhIGNsYXJp ZmljYXRpb24gb24gb25lIGFzcGVjdC4gICJGaXJzdCwgSSAoYmVsaWV2ZSkgdGhpcyBpcyBleGFj dGx5IHRoZSB0eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBmb3Ig a2lja2luZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5LiIgIFdlbGwgU2FpZCwgVGhhbmsgWW91IEJv dGghICAiSSBhbSBtb3RpdmF0ZWQgdG8gd29yayBqb2ludGx5IG9uIGRldmVsb3BpbmcgT1RyUCB0 byBhZGRyZXNzIGEgd2lkZXIgc2V0IG9mIGNvbmNlcm5zIGNvbW1vbiB0byBURUVzIGFuZCB0aGVp ciBlbnZpcm9ubWVudHMsIHdpdGggdGhlIHB1cnBvc2Ugb2YgZXhwYW5kaW5nIHRoZSBlYXNlIHdp dGggd2hpY2ggdGhlIG1hcmtldHBsYWNlIGNhbiB1dGlsaXplIFRFRSBtZWNoYW5pc21zLiIgQWdh aW4sIEknbSBtb3RpdmF0ZWQgYnkgdGhlIHNhbWUgcHVycG9zZS4gICJQYXJ0IG9mIHRoaXMgZGV2 ZWxvcG1lbnQgb2YgT1RyUCAoZnJvbSBteSBwZXJzcGVjdGl2ZSkgaXMgYmVpbmcgbGVzcyBub3Jt YXRpdmUgYWJvdXQgdGhlIGV4YWN0IGxvY2F0aW9uIGFuZCBpbnN0YW50aWF0aW9uIG9mIGNlcnRh aW4gcGFydGllcyAocGFydGljdWxhcmx5IHRoZSBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUg b3BlcmF0aW9ucyBhbmQgYWN0aXZpdGllcyBhdCBwYXJ0aWN1bGFyICdzZXJ2aWNlIGFjY2VzcyBw b2ludHMnIG9mIHRoZSBwcm90b2NvbC4iICBJIGJlbGlldmUgdGhhdCBpcyBhIGdyZWF0IHN1Z2dl c3Rpb24sIGFuZCBJJ20gZnVsbHkgc3VwcG9ydGl2ZS4gIFN0aWxsIG15IGNsYXJpZnlpbmcgcXVl c3Rpb24gcmVsYXRlcyB0byB0aGUgZGVzaXJlICJ0byBkZWZpbmUgYSBtb3JlIGFic3RyYWN0IGRl ZmluaXRpb24gb2YgYSBURUUsIGFuZCBkZXNpcmluZyBhIHByb3RvY29sIHRoYXQgaXMgYXBwbGlj YWJsZSB0byBhIHdpZGUgc2V0IG9mIFRFRXMuIiAgSSdtIGVhZ2VyIHRvIHN1cHBvcnQgYSB3aWRl IHNldCBvZiBURUUsIGluY2x1ZGluZyBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFLiAgIE15IHF1 ZXN0aW9uIGlzLCAiZG8gd2UgbmVlZCB0byBhYmFuZG9uIHRoZSBHbG9iYWwgUGxhdGZvcm0gKEdQ KSBkZWZpbml0aW9uIG9mIGEgVEVFIHRvIHN1cHBvcnQgYm90aCBTR1ggYW5kIFRaIGJhc2VkIFRF RT8iICBJIGJlbGlldmUgdGhhdCB3ZSBkbyBOb3QgbmVlZCB0byBhYmFuZG9uIHRoZSBHUCBkZWZp bml0aW9uIG9mIGEgVEVFIHRvIHN1cHBvcnQgYm90aCBTR1ggYW5kIFRaIGJhc2VkIFRFRSwgYnV0 IEknZCBiZSBlYWdlciB0byBnZXQgeW91ciB2aWV3IGhlcmUgYXMgeW91J3ZlIGZyYW1lZCB0aGUg cmVzdCBzbyB2ZXJ5IHdlbGwuICBMYXN0LCBlaXRoZXIgd2F5LCAiSSBiZWxpZXZlIElFVEYgaXMg ZXhhY3RseSB0aGUgcGxhY2UgdG8gaGF2ZSB0aGlzIGNvbnZlcnNhdGlvbiBhbmQgZGVmaW5lIGEg dmVyeSBvcGVuIGFuZCBpbmNsdXNpdmUgcHJvdG9jb2wuIiAgQWdhaW4sIEkgYWdyZWUgY29tcGxl dGVseS4NCg0KVGhhbmsgWW91IEFnYWluIQ0KQnJpYW4NCg0KDQpGcm9tOiBURUVQIDx0ZWVwLWJv dW5jZXNAaWV0Zi5vcmc8bWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9yZz4+IG9uIGJlaGFsZiBv ZiBXaGVlbGVyLCBEYXZpZCBNIDxkYXZpZC5tLndoZWVsZXJAaW50ZWwuY29tPG1haWx0bzpkYXZp ZC5tLndoZWVsZXJAaW50ZWwuY29tPj4NClNlbnQ6IFdlZG5lc2RheSwgQXByaWwgNSwgMjAxNyA5 OjM0IEFNDQpUbzogJ0plcmVteSBPJ0Rvbm9naHVlJzsgVGVybyBLaXZpbmVuDQpDYzogSGFubmVz IFRzY2hvZmVuaWc7IHRlZXANClN1YmplY3Q6IFtFWFRdIFJlOiBbVGVlcF0gTXkgQm9GIGltcHJl c3Npb24NCg0KDQpJJ20gYSBiaXQgYmVoaW5kIG9uIHRoZSB0aHJlYWQsIGJ1dCB3YW50IHRvIHJl c3BvbmQgdG8gSmVyZW15J3Mgb3JpZ2luYWwgY29tbWVudC4NCg0KRmlyc3QsIEkgdGhpcyBpcyBl eGFjdGx5IHRoZSB0eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBm b3Iga2lja2luZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5Lg0KSSBhZ3JlZSB3aXRoIHlvdXIgcGVy Y2VwdGlvbiBvZiB0aGUgdHdvIGdyb3VwcywgdGhvdWdoIEkgdGhpbmsgaXQgaXMgaW1wb3J0YW50 IHRvIHVuZGVyc3RhbmQgdGhlIG1vdGl2YXRpb25zIGluIHRoZSBzZWNvbmQgZ3JvdXAsIHNpbmNl IHRoZXkgbWF5IGJlIHZhcmllZC4NCg0KSSB3aWxsIHB1dCBteXNlbGYgdm9sdW50YXJpbHkgaW4g dGhlIHNlY29uZCBidWNrZXQuIEkgd2lsbCBwcmVzZW50IG15IHBlcnNvbmFsIHBlcnNwZWN0aXZl LCB3aGljaCBtYXkgYmUgZGlmZmVyZW50IGZyb20gb3RoZXJzIGluIHRoZSAic2Vjb25kIGdyb3Vw Ii4NCg0KRm9yIG15c2VsZiwgSSBhbSBsb29raW5nIHRvIGRlZmluZSBhIG1vcmUgYWJzdHJhY3Qg ZGVmaW5pdGlvbiBvZiBhIFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJvdG9jb2wgdGhhdCBpcyBhcHBs aWNhYmxlIHRvIGEgd2lkZSBzZXQgb2YgVEVFcy4gRnJvbSBteSBwZXJzcGVjdGl2ZSwgIGxvb2tp bmcgYXQgVEVFcyB0aGF0IEludGVsIGhhcyBpbiB0aGUgbWFya2V0cGxhY2UsIGFuZCBhbHNvIGhh dmluZyB3b3JrZWQgZm9yIHNldmVyYWwgeWVhcnMgb24gSW50ZWwncyBYU2NhbGUgcHJvY2Vzc29y cyAoYW5kIGFtIHRodXMgZmFtaWxpYXIgd2l0aCBUWiksIHRoZSBjdXJyZW50IE9UclAgZHJhZnQg YWRkcmVzc2VzIFRydXN0IFpvbmUgY29uY2VybnMgd2l0aG91dCByZWFsbHkgY29uc2lkZXJpbmcg b3RoZXIgVEVFcy4gVGhpcyBpcyBteSAgcGVyY2VwdGlvbiwgb2YgY291cnNlLg0KDQpJdCBpcyBh bHNvIG15IG9waW5pb24gdGhhdCBhbiBJRVRGIHByb3RvY29sIHNob3VsZCBkbyBtb3JlIHRoYW4g YWRkcmVzcyBpbXBsZW1lbnRhdGlvbiBzcGVjaWZpYyBjb25jZXJucy4NCkkgYW0gbW90aXZhdGVk IHRvIHdvcmsgam9pbnRseSBvbiBkZXZlbG9waW5nIE9UclAgdG8gYWRkcmVzcyBhIHdpZGVyIHNl dCBvZiBjb25jZXJucyBjb21tb24gdG8gVEVFcyBhbmQgdGhlaXIgZW52aXJvbm1lbnRzLCB3aXRo IHRoZSBwdXJwb3NlIG9mIGV4cGFuZGluZyB0aGUgIGVhc2Ugd2l0aCB3aGljaCB0aGUgbWFya2V0 cGxhY2UgY2FuIHV0aWxpemUgVEVFIG1lY2hhbmlzbXMuDQoNClBhcnQgb2YgdGhpcyBkZXZlbG9w bWVudCBvZiBPVHJQIChmcm9tIG15IHBlcnNwZWN0aXZlKSBpcyBiZWluZyBsZXNzIG5vcm1hdGl2 ZSBhYm91dCB0aGUgZXhhY3QgbG9jYXRpb24gYW5kIGluc3RhbnRpYXRpb24gb2YgY2VydGFpbiBw YXJ0aWVzIChwYXJ0aWN1bGFybHkgdGhlICBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUgb3Bl cmF0aW9ucyBhbmQgYWN0aXZpdGllcyBhdCBwYXJ0aWN1bGFyICJzZXJ2aWNlIGFjY2VzcyBwb2lu dHMiIG9mIHRoZSBwcm90b2NvbC4gTXkgcG9pbnQgaGVyZSBpcyB0aGF0IE9UclAgaW4gaXRzIGN1 cnJlbnQgcmVuZGl0aW9uIGlzIDxlbXBoYXNpcz4gdG9vIDwvZW1waGFzaXM+IGltcGxlbWVudGF0 aW9uIHNwZWNpZmljIGFuZCB0b28gbm9ybWF0aXZlIGluIGl0cyBkZXNjcmlwdGlvbiBvZiB0aGUg IG1hcmtldHBsYWNlLiBJIGJlbGlldmUgdGhpcyBpcyBmaW5lIGFzIGFuIGV4YW1wbGUsIGJ1dCBu b3QgYXMgcGFydCBvZiB0aGUgcHJvdG9jb2wuDQoNCkkgYmVsaWV2ZSBJRVRGIGlzIGV4YWN0bHkg dGhlIHBsYWNlIHRvIGhhdmUgdGhpcyBjb252ZXJzYXRpb24gYW5kIGRlZmluZSBhIHZlcnkgb3Bl biBhbmQgaW5jbHVzaXZlIHByb3RvY29sLiBJIHJlYWxpemUgdGhhdCB0YWtlcyBzb21lIHRpbWUu IEkgbG9vayBmb3J3YXJkICB0byBoYXZpbmcgdGhpcyBjb252ZXJzYXRpb24gaW4gbW9yZSBkZXRh aWwuDQoNClRoYW5rcywNCkRhdmUgV2hlZWxlcg0KDQoNCg0KRnJvbTogVEVFUCBbbWFpbHRvOnRl ZXAtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIEplcmVteSBPJ0Rvbm9naHVlDQpTZW50 OiBUdWVzZGF5LCBBcHJpbCA0LCAyMDE3IDc6MTMgQU0NClRvOiBUZXJvIEtpdmluZW4gPGtpdmlu ZW5AaWtpLmZpPG1haWx0bzpraXZpbmVuQGlraS5maT4+DQpDYzogSGFubmVzIFRzY2hvZmVuaWcg PEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j b20+PjsgdGVlcCA8dGVlcEBpZXRmLm9yZzxtYWlsdG86dGVlcEBpZXRmLm9yZz4+DQpTdWJqZWN0 OiBSZTogW1RlZXBdIE15IEJvRiBpbXByZXNzaW9uDQoNCg0KDQoNCk9uIDQgQXByIDIwMTcsIGF0 IDEyOjIxLCBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtpLmZpPG1haWx0bzpraXZpbmVuQGlraS5m aT4+IHdyb3RlOg0KDQoNCg0KTXkgZmVlbGluZyB0aGF0IHRoZSBtYWluIHF1ZXN0aW9uIHdoYXQg cGVvcGxlIGRpZCBub3QgdW5kZXJzdGFuZCB3YXM6DQoNCldoYXQgaXMgdGhlIHJlYWwgZGlmZmVy ZW5jZSBiZXR3ZWVuIFRFRVAgYW5kIGp1c3Qgbm9ybWFsIGFwcGxpY2F0aW9uIGRvd25sb2FkLiBJ LmUuLCB3aHkgc2VwYXJhdGUgcHJvdG9jb2wgaXMgbmVlZGVkLg0KSG93IGlzIHRoaXMgZGlmZmVy ZW50IGZyb20ganVzdCBoYXZpbmcgcGVyaGFwcyBlbmNyeXB0ZWQgc2lnbmVkIGFwcGxpY2F0aW9u IGJsb2IgZnJvbSB0aGUgbWFya2V0cGxhY2UgYW5kIGluc3RhbGxpbmcgdGhhdC4NCg0KQXQgbGVh c3QgdGhhdCB3YXMgbXkgbWFpbiBxdWVzdGlvbiB3aGVuIHdlIGRpc2N1c3NlZCB0aGlzIGJlZm9y ZSB0aGUgQm9GLg0KDQpPZiBjb3Vyc2UgaXQgZG9lcyBub3QgaGVscCwgdGhhdCB3aGVuIHlvdSBh c2sgdGhhdCBxdWVzdGlvbiBmcm9tIGRpZmZlcmVudCBwZW9wbGUgeW91IGdldCBkaWZmZXJlbnQg YW5zd2VyLCBhcyB0aGUgaWRlYSBvZiB3aGF0IFRFRVAgaXMgZGlmZmVyZW50IGZvciBkaWZmZXJl bnQgcGVvcGxlLg0KDQoNCg0KSSB0aGluayB0aGVyZSBpcyBhIGRlZ3JlZSBvZiB0YWxraW5nIGF0 IGNyb3NzLXB1cnBvc2VzLg0KDQoNCg0KVGhlcmUgaXMgb25lIGdyb3VwIC0gZXNzZW50aWFsbHkg dGhvc2Ugc3BvbnNvcmluZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBncm91cCAtIHdoaWNoIGhhcyBh IHZlcnkgY2xlYXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdvdWxkIGxpa2UgVEVFUCB0byBi ZSwgd2hpY2ggaXMgZXNzZW50aWFsbHkgdGhyZWUgdGhpbmdzOg0KDQoNCg0KQSBtZWNoYW5pc20g Zm9yIG1hbmFnaW5nIFRydXN0ZWQgQXBwbGljYXRpb25zIGFuZCB0aGVpciBhc3NvY2lhdGVkIHNl Y3JldHMgYW5kIGtleSBtYXRlcmlhbCBpbiBhIEdsb2JhbFBsYXRmb3JtIFRFRSBvciBzb21ldGhp bmcgdGhhdCBpcyBjb25jZXB0dWFsbHkgdmVyeSBzaW1pbGFyLg0KQSBtZWNoYW5pc20gZm9yIGVz dGFibGlzaGluZyBhIGNoYWluIG9mIHRydXN0IHJvb3RlZCBpbiBmaXJtd2FyZSBhbmQgY292ZXJp bmcgdGhlIFRFRSBhbmQgcG9zc2libHkgb3RoZXIgc3lzdGVtIGNvbXBvbmVudHMgdXAgdG8gYW5k IGluY2x1ZGluZyB0aGUgZXhlY3V0aW5nIFRhc2sgaW4gYSBTZWN1cml0eSBEb21haW4uDQpBIG1l Y2hhbmlzbSAtIHRhcmdldGVkIGF0IHBob25lIGFuZCB0YWJsZXQgdHlwZSBkZXZpY2VzIC0gd2hp Y2ggb3BlcmF0ZXMgaW5kZXBlbmRlbnRseSBvZiB0aGUgIkFwcCBTdG9yZSIgbWVjaGFuaXNtLCBh bmQgaXMgYmFzZWQgb24gYSBQS0kgaW5mcmFzdHJ1Y3R1cmUgYWxsb3dpbmcgU2VydmljZSBQcm92 aWRlcnMgdG8gbWFuYWdlIHRoZSBUcnVzdGVkIEFwcGxpY2F0aW9ucyB0aGV5IGNvbnRyb2wgIHdp dGhvdXQgdGhlIG5lZWQgZm9yIHVzZXIgaW50ZXJ2ZW50aW9uLg0KDQoNCg0KVGhlIGRyYWZ0IHNw ZWNpZmljYXRpb24gdmVyeSBjbGVhcmx5IGFkZHJlc3NlcyBzdWNoIGEgc3lzdGVtLiBVbmRlcnN0 YW5kaW5nIGl0IGZ1bGx5IHJlcXVpcmVzIGNvbnNpZGVyYWJsZSBmYW1pbGlhcml0eSB3aXRoIHRo ZSBHbG9iYWxQbGF0Zm9ybSBURUUgc3BlY2lmaWNhdGlvbnMsIHNpbmNlIG11Y2ggb2YgdGhlIHRl cm1pbm9sb2d5IGFuZCBhcmNoaXRlY3R1cmFsIGFzc3VtcHRpb25zIGFyZSBkZXJpdmVkIGZyb20g IHRoZXNlLg0KDQoNCg0KVGhlcmUgaXMgYSBzZWNvbmQgZ3JvdXAgd2hpY2ggaXMgc3RhcnRpbmcg ZnJvbSBhIG1vcmUgYWJzdHJhY3QgcG9zaXRpb24gb2Ygd2hhdCBhIFRFRSBzaG91bGQgbG9vayBs aWtlIGFuZCB3aGF0IHNlY3VyaXR5IHNlcnZpY2VzIGl0IG1pZ2h0IHRoZW4gcHJvdmlkZSB0byBh IHN5c3RlbSBhbmQgaG93IHRoZSBjb250cm9sIG9mIHRoZXNlIGNvdWxkIGJlIHN0cnVjdHVyZWQu IFRoaXMgaXMgYSBjb21wbGV0ZWx5IGRpZmZlcmVudCAgcHJvYmxlbSwgYW5kIGxpa2VseSBhIG11 Y2ggYnJvYWRlciBvbmUgd2hpY2ggaXMgZGlmZmljdWx0IHRvIGVuY2Fwc3VsYXRlIGluIGEgc21h bGwgc2NvcGUuDQoNCg0KDQoNClRyeWluZyB0byBtYWtlIHRoZSBhcmNoaXRlY3R1cmUgdG9vIGdl bmVyaWMgYWxzbyBjb25mdXNlcyB0aGluZ3MuIEl0IG1pZ2h0IGJlIGJldHRlciB0byBoYXZlIG1v cmUgY29uY3JldGUgZXhhbXBsZSB3aXRoIG1vcmUgbGltaXRlZCBzY29wZSwgdGhhdCB3b3VsZCBl eHBsYWluIHRoaW5ncyB3aGF0IFRFRVAgc2hvdWxkIHByb3ZpZGUuDQoNCkZvciBleGFtcGxlOg0K DQoxKSBURUVQIHByb3ZpZGVzIGEgd2F5IHRvIGluc3RhbGwgc29mdHdhcmUgZnJvbSB0aGUgU2Vj dXJlIHRydXN0ZWQgYXBwbGljYXRpb24gbWFya2V0cGxhY2UgdG8gdGhlIFRFRSBydW5uaW5nIGlu c2lkZSBkZXZpY2UuDQoNCjIpIFRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWF0aW9uIG1hcmtldHBs YWNlIG5lZWRzIHRvIGJlIGFibGUgdG8gdmVyaWZ5IHRoYXQgdGhlIFRFRSB3YW50aW5nIHRvIGlu c3RhbGwgYW4gYXBwbGljYXRpb24gaXMgYWN0dWFsIFRFRSwgYW5kIG5vdCBzb21lIGZha2UgZGV2 aWNlLCBmb3IgZXhhbXBsZSB1c2luZyBzaWduYXR1cmUgZnJvbSB0aGUga2V5IGluc3RhbGxlZCBi eSB0aGUgbWFudWZhY3R1cmVyIHdoaWNoIGlzIHVzZWQgdG8gc2lnbiB0aGUgaW5zdGFsbGF0aW9u IHJlcXVlc3QuDQoNCjMpIFRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFj ZSBjYW4gdGhlbiBlbmNyeXB0IHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHdpdGggVEVFIHNwZWNp ZmljIGtleSwgc28gdGhhdCBub2JvZHkgZWxzZSB0aGFuIFRFRSBjYW4gZGVjcnlwdCBhbmQgaW5z dGFsbCBpdC4gVGhpcyB3aWxsIHByZXZlbnQgbGVha2luZyBvdXQgY29uZmlkZW50aWFsIG1hdGVy aWFsIGluc2lkZSB0aGUgYXBwbGljYXRpb24uDQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwg cGFja2FnZSBtaWdodCBhbHNvIGJlIHBlcnNvbmFsaXplZCBmb3IgdGhlIHNwZWNpZmljIFRFRS4g U2VjdXJlIHRydXN0ZWQgYXBwbGljYXRpb24gbWFya2V0cGxhY2Ugd2lsbCBhbHNvIHNpZ24gdGhl IHRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGFsbCBwYWNrYWdlLCBzbyBURUUgY2FuIHZlcmlmeSBp dCBpcyBhdXRoZW50aWMuDQoNCjQpIFRFRSB3aWxsIHZlcmlmeSB0aGUgc2lnbmF0dXJlIG9mIHRo ZSB0cnVzdGVkIGFwcGxpY2F0aW9uIGluc3RhbGwgcGFja2FnZSwgYW5kIGNoZWNrIHRoYXQgc2ln bmVyIGlzIHRydXN0ZWQsIGFuZCB0aGVuIGl0IHdpbGwgZGVjcnlwdCB0aGUgcGFja2FnZSwgYW5k IGluc3RhbGwgaXQuDQoNCjUpIFRoZSBhcHBsaWNhdGlvbiBydW5uaW5nIG9uIHRoZSBSRUUgc2lk ZSBtaWdodCBuZWVkIHRvIHZlcmlmeSB0aGF0IHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHBhcnQg b2YgaXQgaGFzIGJlZW4gcHJvcGVybHkgaW5zdGFsbGVkIHRvIHJlYWwgVEVFLCBzbyBpdCBjYW4g dHJ1c3QgaXQgZG9pbmcgaXRzIGpvYi4gSSBhbSBub3Qgc3VyZSBpZiB0aGlzIHdpbGwgYmUgcGFy dCBvZiB0aGUgVEVFUCBvciBub3QuLi4NCg0KSXMgbXkgdW5kZXJzdGFuZGluZyBvZiBURUVQIGNv cnJlY3Q/IEkgZG8gbm90IGtub3csIGFuZCBJIGFzc3VtZSBvdGhlciBwZW9wbGUgaGF2ZSBkaWZm ZXJlbnQgaWRlYXMgd2hhdCBzaG91bGQgb3Igc2hvdWxkIG5vdCBiZSBwYXJ0IG9mIGl0Lg0KDQoN Cg0KSSB0aGluayB0aGlzIGlzIGEgcHJldHR5IGdvb2QgZXhwbGFuYXRpb24gb2Ygd2hhdCB0aGUg Zmlyc3QgZ3JvdXAgd291bGQgbGlrZSB0byBzZWUuDQoNCg0KQmVzdCByZWdhcmRzDQoNCkplcmVt eQ0KDQoNCg0KDQo= --_000_A7F6BAAB091B4CF69C5D105099F72920qtiqualcommcom_ Content-Type: text/html; charset="utf-8" Content-ID: <93B9585D41A7A3409AFE839C2F119C88@qualcomm.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KVGhlIEdQIGRlZmluaXRpb24gb2Yg YSBURUVbMV0gaXMgbm90IHRpZWQgdG8gVHJ1c3R6b25lIGluIGFueSB3YXksIGFuZCBJIHNlZSBu b3RoaW5nIHRvIHN1Z2dlc3QgdGhhdCBpdCBwcmVjbHVkZXMgdGhlIHR5cGUgb2YgaHlwZXJ2aXNv ci1iYXNlZCBlbnZpcm9ubWVudCB5b3UgZGVzY3JpYmUuDQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFz cz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5XaGF0IEdsb2JhbFBsYXRmb3JtIHNheXMgKFsx XSwgU2VjdGlvbiAyLjIuMSksIGlzOjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+ DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGZvbnQgZmFjZT0iQ291cmllciBOZXciIGNsYXNzPSIi PlRoZSBwcmltYXJ5IHB1cnBvc2Ugb2YgYSBURUUgaXMgdG8gcHJvdGVjdCBpdHMgYXNzZXRzIGZy b20gdGhlIFJFRTwvZm9udD48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGZvbnQgZmFjZT0iQ291cmll ciBOZXciIGNsYXNzPSIiPmFuZCBvdGhlciBlbnZpcm9ubWVudHMuPC9mb250PjwvZGl2Pg0KPGRp diBjbGFzcz0iIj48Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgY2xhc3M9IiI+LSBUaGlzIGlzIGFj aGlldmVkIHRocm91Z2ggaGFyZHdhcmUgbWVjaGFuaXNtcyB0aGF0IHRob3NlIG90aGVyPC9mb250 PjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgY2xhc3M9IiI+ Jm5ic3A7IGVudmlyb25tZW50cyBjYW5ub3QgY29udHJvbC4mbmJzcDs8L2ZvbnQ+PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxmb250IGZhY2U9IkNvdXJpZXIgTmV3IiBjbGFzcz0iIj48YnIgY2xhc3M9 IiI+DQo8L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgbGluZS1oZWlnaHQ6 IG5vcm1hbDsgbWluLWhlaWdodDogMTFweDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNvdXJpZXIg TmV3IiBjbGFzcz0iIj5UaGlzIHByb3RlY3Rpb24gYWx3YXlzIGluY2x1ZGVzIHByb3RlY3Rpb24g YWdhaW5zdCBvdGhlciBleGVjdXRpb248L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgbWluLWhlaWdodDogMTFweDsiIGNsYXNzPSIiPjxm b250IGZhY2U9IkNvdXJpZXIgTmV3IiBjbGFzcz0iIj5lbnZpcm9ubWVudHMuJm5ic3A7PC9mb250 PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwcHg7IGxpbmUtaGVpZ2h0OiBub3JtYWw7IG1p bi1oZWlnaHQ6IDExcHg7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgY2xhc3M9 IiI+W+KApl08L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgbGluZS1oZWln aHQ6IG5vcm1hbDsgbWluLWhlaWdodDogMTFweDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNvdXJp ZXIgTmV3IiBjbGFzcz0iIj5UaGUgVEVFIGlzIGluc3RhbnRpYXRlZCB0aHJvdWdoIGEgc2VjdXJl IGJvb3QgcHJvY2VzcyB1c2luZyBhc3NldHM8L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgbWluLWhlaWdodDogMTFweDsiIGNsYXNzPSIi Pjxmb250IGZhY2U9IkNvdXJpZXIgTmV3IiBjbGFzcz0iIj5ib3VuZCB0byB0aGUgU29DIG9yIHRo ZSBPZmYtU29DIFNlY3VyaXR5IFByb2Nlc3NvciBhbmQgaXNvbGF0ZWQ8L2ZvbnQ+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgbWluLWhlaWdodDog MTFweDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNvdXJpZXIgTmV3IiBjbGFzcz0iIj5mcm9tIHRo ZSBSRUUuPC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwcHg7IGxpbmUtaGVpZ2h0 OiBub3JtYWw7IG1pbi1oZWlnaHQ6IDExcHg7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDb3VyaWVy IE5ldyIgY2xhc3M9IiI+LSBUaGUgaW50ZWdyaXR5IGFuZCBhdXRoZW50aWNpdHkgZ2FpbmVkIHRo cm91Z2ggc2VjdXJlIGJvb3Q6Jm5ic3A7PC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwcHg7IGxpbmUtaGVpZ2h0OiBub3JtYWw7IG1pbi1oZWlnaHQ6IDExcHg7IiBjbGFzcz0iIj48 Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgY2xhc3M9IiI+Jm5ic3A7IC0gRXh0ZW5kcyB0aHJvdWdo b3V0IHRoZSBsaWZldGltZSBvZiB0aGUgVEVFLiZuYnNwOzwvZm9udD48L2Rpdj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMHB4OyBsaW5lLWhlaWdodDogbm9ybWFsOyIgY2xhc3M9IiI+PGZvbnQgZmFj ZT0iQ291cmllciBOZXciIGNsYXNzPSIiPiZuYnNwOyAtIElzIHJldGFpbmVkIHRocm91Z2ggYW55 IHN0YXRlIHRyYW5zaXRpb25zIGluIHRoZSBzeXN0ZW0gc3VjaDwvZm9udD48L2Rpdj4NCjxkaXYg c3R5bGU9Im1hcmdpbjogMHB4OyBsaW5lLWhlaWdodDogbm9ybWFsOyIgY2xhc3M9IiI+PGZvbnQg ZmFjZT0iQ291cmllciBOZXciIGNsYXNzPSIiPiZuYnNwOyAmbmJzcDsgYXMgcG93ZXIgdHJhbnNp dGlvbnMgb3IgY29yZSBtaWdyYXRpb24uPC9mb250PjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SXQgZnVydGhlciBkZWZpbmVzIHRoZSB0 cmFuc2l0aW9uIGZyb20gdGhlIG5vbi1zZWN1cmUgdG8gc2VjdXJlIHdvcmxkIGluIGEgZmFpcmx5 IGFic3RyYWN0IG1hbm5lciB3aGljaCBjb3ZlcnMgdGhlIGh5cGVydmlzb3IgdXNlIGNhc2Ugc3Vm ZmljaWVudGx5LCBJIHRoaW5rIChbMV0sIFNlY3Rpb24gMi4yLjMpOjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNv dXJpZXIgTmV3IiBjbGFzcz0iIj5UaGUgb25seSB3YXkgZm9yIHRoZSBSRUUgdG8gZ2V0IGFjY2Vz cyB0byB0cnVzdGVkIHJlc291cmNlcyBpcyB2aWE8L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBweDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNv dXJpZXIgTmV3IiBjbGFzcz0iIj5hbnkgQVBJIGVudHJ5IHBvaW50cyBvciBzZXJ2aWNlcyBleHBv c2VkIGJ5IHRoZSBURUUgYW5kIGFjY2Vzc2VkPC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwcHg7IGxpbmUtaGVpZ2h0OiBub3JtYWw7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDb3Vy aWVyIE5ldyIgY2xhc3M9IiI+dGhyb3VnaCwgZm9yIGV4YW1wbGUsIHRoZSBURUUgQ2xpZW50IEFQ SS4gVGhpcyBkb2VzIG5vdCBwcmVjbHVkZTwvZm9udD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdp bjogMHB4OyBsaW5lLWhlaWdodDogbm9ybWFsOyIgY2xhc3M9IiI+PGZvbnQgZmFjZT0iQ291cmll ciBOZXciIGNsYXNzPSIiPnRoZSBjYXBhYmlsaXR5IG9mIHRoZSBSRUUgcGFzc2luZyBidWZmZXJz IHRvIHRoZSBURUUgKGFuZCB2aWNlIHZlcnNhKTwvZm9udD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h cmdpbjogMHB4OyBsaW5lLWhlaWdodDogbm9ybWFsOyIgY2xhc3M9IiI+PGZvbnQgZmFjZT0iQ291 cmllciBOZXciIGNsYXNzPSIiPmluIGEgY29udHJvbGxlZCBhbmQgcHJvdGVjdGVkIG1hbm5lci4m bmJzcDs8L2ZvbnQ+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0K PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkluIHNob3J0LCBJIGFncmVlIHdpdGggQnJpYW4gdGhhdCB0 aGUgR1AgZGVmaW5pdGlvbiBvZiBhIFRFRSBpcyBhIHJlYXNvbmFibGUgc3RhcnRpbmcgcG9pbnQg Zm9yIGRpc2N1c3Npb24sIGJ1dCBJIHN0cm9uZ2x5IHN1cHBvcnQgSUVURiBleHBsb3Jpbmcgb3Ro ZXIgdXNlIGNhc2VzIGFuZCBzeXN0ZW0gYXJjaGl0ZWN0dXJlcyB0aGF0IEdQIGhhcyBub3QgYWRk cmVzc2VkIC0gaXQgc2VlbXMgdG8gbWUgdGhhdCB0aGlzIGlzDQogd2hlcmUgdGhlIGdyZWF0ZXN0 IHZhbHVlIHdvdWxkIGJlIGdlbmVyYXRlZCBmb3IgdGhlIGVjb3N5c3RlbS48L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkkgYW0gY29uY2Vy bmVkIHRoYXQgaXQgd2lsbCBiZSBjaGFsbGVuZ2luZyB0byBtb3ZlIGZvcndhcmQgZWZmZWN0aXZl bHkgd2hlbiBtYW55IHBhcnRpY2lwYW50cyBhcmUgdW5mYW1pbGlhciB3aXRoIHRoZSBHUCBzdGFu ZGFyZHMtYmFzZSBvbiB3aGljaCB0aGUgY3VycmVudCBkcmFmdCBkcmF3cyBoZWF2aWx5IHVubGVz cyB3ZSBhcmUgYWJsZSB0byB0YWtlIHN0ZXBzIHRvIHJlbWVkeSB0aGlzLiBBcmUgdGhlcmUgYW55 IHN1Z2dlc3Rpb25zDQogYXMgdG8gaG93IHRoaXMgY291bGQgYmUgbWFuYWdlZD8gSW4gc2hvcnQs IGhvdyBkbyB3ZSBhbGlnbiB0aGUgdHdvIGRpZmZlcmVudCBncm91cHMgaW4gRGVlcCBtb3JlIGNs b3NlbHk/PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBj bGFzcz0iIj5CZXN0IHJlZ2FyZHM8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SmVyZW15PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5bMV0gR2xv YmFsUGxhdGZvcm0gVEVFIFN5c3RlbSBBcmNoaXRlY3R1cmUsIFZlcnNpb24gMS4xLCBKYW51YXJ5 IDIwMTcuPGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2Pg0K PGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIDIwIEFw ciAyMDE3LCBhdCAxMDoyMCwgTmljayBDb29rICZsdDs8YSBocmVmPSJtYWlsdG86Tmljay5Db29r QGludGVyY2VkZS5jb20iIGNsYXNzPSIiPk5pY2suQ29va0BpbnRlcmNlZGUuY29tPC9hPiZndDsg d3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRp diBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+UGVyc29uYWxseSBzcGVha2luZywgT1RyUCBpcyBh Ym91dCBiZWluZyBhYmxlIHRvIGluc3RhbGwgc2VjdXJpdHkgYXBwbGljYXRpb25zIGludG8gYW4g ZW52aXJvbm1lbnQgdGhhdCBwcm92aWRlcyAmcXVvdDt0cnVzdGVkJnF1b3Q7IGhhcmR3YXJlIGJh Y2tlZCBpc29sYXRpb24gYmV0d2VlbiB0aGUgZGlmZmVyZW50IGFwcGxpY2F0aW9ucy4gT1RyUCBk b2VzIHRoYXQgYnkgZXN0YWJsaXNoaW5nIGl0IGlzIHdvcmtpbmcgYWdhaW5zdCB0aGUgcmlnaHQN CiBkZXZpY2UgdHlwZSBhbmQgcmlnaHQgaXNvbGF0aW9uIGVudmlyb25tZW50IHR5cGUgYW5kIHRo ZW4gcHJvY2VlZHMgdG8gaW5zdGFsbCB0aGUgYXBwbGljYXRpb24gaW4gYSB3YXkgdGhhdCBwcm92 aWRlcyBwcm90ZWN0aW9uIGZvciBjb25maWRlbnRpYWxpdHkgYW5kIGludGVncml0eS4gVGhlIHRl cm0gVEVFIGlzIHByb2JhYmx5IHRvbyBvZnRlbiBhc3NvY2lhdGVkIHdpdGggYSBzcGVjaWZpYyBm b3JtdWxhdGlvbiBvZiBhbiBpc29sYXRpb24gZW52aXJvbm1lbnQNCiBhbmQgdGhlcmVmb3JlIHRo aXMgaXMgcGVyaGFwcyB0aGUgZmlyc3QgdGhpbmcgd2Ugc2hvdWxkIG1vdmUgZm9yd2FyZC48YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpBcyBhbiBleGFtcGxlLCBJJ3ZlIGJlZW4gd29ya2lu ZyBvbiBhIGhhcmR3YXJlIGJhY2tlZCBoeXBlcnZpc29yIGVudmlyb25tZW50IHRoYXQgdXNlcyBP VHJQIGZvciB0aGUgaW5zdGFsbGF0aW9uIG9mIHRoZSBkaWZmZXJlbnQgY29udGFpbmVycy9kb21h aW5zIGFuZCB0aGUgdmlydHVhbCBtYWNoaW5lIGNvbnRlbnRzIHRoYXQgZ29lcyBpbiB0aGVtLiBU aGUgdHJ1c3QgY2hhaW4gZnJvbSBPVHJQIGlzIG1ldCBhbmQgdGhlIGlzb2xhdGlvbiBvZiBhcHBs aWNhdGlvbnMNCiBhbmQga2V5IG1hdGVyaWFsIHRvIHRob3NlIGFwcGxpY2F0aW9ucyBpcyBhbHNv IHByb3ZpZGVkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkJhc2VkIG9uIHRoYXQgd29y ayBhbmQgdGhpbmtpbmcgc3BlY2lmaWNhbGx5IHRvIG15IG9yaWdpbmFsIGdvYWxzIGZvciBPVHJQ IHdoZW4gd2Ugc3RhcnRlZCB0aGlzIHdvcmsgYSBmZXcgeWVhcnMgYmFjaywgSSB3b3VsZCBsaWtl IHRvIHN1cHBvcnQgRGF2ZSBXaGVlbGVyJ3MgY29tbWVudCBvbiBuZWVkaW5nIHRvIGZvcm11bGF0 ZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlvbiBmb3IgVEVFLiBJIGFsc28gYWdyZWUgd2l0aCBC cmlhbiB0aGF0IHRoZQ0KIEdQIGRlZmluaXRpb24gZG9lc24ndCBuZWVkIHRvIGJlIGFiYW5kb25l ZCB0byBkbyB0aGF0IC0gSSBiZWxpZXZlLCBleHByZXNzZWQgaW4gdGhlIHJpZ2h0IHdheSwgdGhl IEdQIGRlZmluaXRpb24gb2YgYSBURUUgY292ZXJzIHRoZSBoYXJkd2FyZSBoeXBlcnZpc29yIGNh c2UgSSBkZXNjcmliZWQgZWFybGllciBpbiB0aGUgZW1haWwgYWxzbyBhbmQgSSdtIHN1cmUgaXQg Y2FuIGNvdmVyIHRoZSBvdGhlciBlbnZpcm9ubWVudHMgdG9vLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkkgZG8gaG93ZXZlciB0aGluayBpdCBpcyBpbXBvcnRh bnQgdGhhdCB3ZSByZXN0cmljdCB0byBpc29sYXRpb24gZW52aXJvbm1lbnRzIHRoYXQgYXJlIGhh cmR3YXJlIGJhY2tlZCBhcyB0aGlzIGlzIGZ1bmRhbWVudGFsIHRvIHRoZSB0cnVzdCBtb2RlbC48 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIGFsc28gc3VwcG9ydCBEYXZlJ3Mgc3VnZ2Vz dGlvbiB0aGF0IHdlIGNhbiBiZSBsZXNzIG5vcm1hdGl2ZSBvbiBleGFjdCBsb2NhdGlvbnMgb2Yg dGhlIGZ1bmN0aW9uYWwgYmxvY2tzIG9mIE9UclAuIEkgd291bGQgbGlrZSB0byBoYXZlIGEgY29t cGFuaW9uIGRvY3VtZW50IHRoYXQgZG9lcyBwcm92aWRlIGV4YW1wbGUgZGVwbG95bWVudHMgYnV0 IHRoZSBjb3JlIHByb3RvY29sIGl0c2VsZiBkb2VzIG5vdCBuZWVkIHRvIGJlIGxvY2tlZCBkb3du DQogdG8gYSBzcGVjaWZpYyBkZXBsb3ltZW50IGFwcHJvYWNoLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk5pY2sgQ29vazxiciBjbGFz cz0iIj4NCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyIGNsYXNzPSIiPg0KRnJvbTogQnJp YW4gV2l0dGVuIFs8YSBocmVmPSJtYWlsdG86YnJpYW5fd2l0dGVuQHN5bWFudGVjLmNvbSIgY2xh c3M9IiI+bWFpbHRvOmJyaWFuX3dpdHRlbkBzeW1hbnRlYy5jb208L2E+XQ0KPGJyIGNsYXNzPSIi Pg0KU2VudDogMDUgQXByaWwgMjAxNyAxODowMjxiciBjbGFzcz0iIj4NClRvOiBXaGVlbGVyLCBE YXZpZCBNICZsdDs8YSBocmVmPSJtYWlsdG86ZGF2aWQubS53aGVlbGVyQGludGVsLmNvbSIgY2xh c3M9IiI+ZGF2aWQubS53aGVlbGVyQGludGVsLmNvbTwvYT4mZ3Q7OyAnSmVyZW15IE8nRG9ub2do dWUnICZsdDs8YSBocmVmPSJtYWlsdG86am9kb25vZ2hAcXRpLnF1YWxjb21tLmNvbSIgY2xhc3M9 IiI+am9kb25vZ2hAcXRpLnF1YWxjb21tLmNvbTwvYT4mZ3Q7OyBUZXJvIEtpdmluZW4gJmx0Ozxh IGhyZWY9Im1haWx0bzpraXZpbmVuQGlraS5maSIgY2xhc3M9IiI+a2l2aW5lbkBpa2kuZmk8L2E+ Jmd0OzxiciBjbGFzcz0iIj4NCkNjOiBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFp bHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20iIGNsYXNzPSIiPkhhbm5lcy5Uc2Nob2Zlbmln QGFybS5jb208L2E+Jmd0OzsgdGVlcCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnRlZXBAaWV0Zi5vcmci IGNsYXNzPSIiPnRlZXBAaWV0Zi5vcmc8L2E+Jmd0OzxiciBjbGFzcz0iIj4NClN1YmplY3Q6IFJl OiBbVGVlcF0gW0VYVF0gUmU6IE15IEJvRiBpbXByZXNzaW9uPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KVGhhbmsgWW91IERhdmUhICZuYnNwO0knZCBsaWtlIHRvIGVjaG8gJmFtcDsgYWdy ZWUgd2l0aCBtYW55Jm5ic3A7b2YgeW91ciBwb2ludHMsIGJ1dCBhc2sgZm9yIGEgY2xhcmlmaWNh dGlvbiBvbiBvbmUgYXNwZWN0LiAmbmJzcDsmcXVvdDtGaXJzdCwgSSAoYmVsaWV2ZSkgdGhpcyBp cyBleGFjdGx5IHRoZSB0eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5r cyBmb3Iga2lja2luZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5LiZxdW90OyAmbmJzcDtXZWxsIFNh aWQsIFRoYW5rIFlvdSBCb3RoIQ0KICZuYnNwOyZxdW90O0kgYW0gbW90aXZhdGVkIHRvIHdvcmsg am9pbnRseSBvbiBkZXZlbG9waW5nIE9UclAgdG8gYWRkcmVzcyBhIHdpZGVyIHNldCBvZiBjb25j ZXJucyBjb21tb24gdG8gVEVFcyBhbmQgdGhlaXIgZW52aXJvbm1lbnRzLCB3aXRoIHRoZSBwdXJw b3NlIG9mIGV4cGFuZGluZyB0aGUgZWFzZSB3aXRoIHdoaWNoIHRoZSBtYXJrZXRwbGFjZSBjYW4g dXRpbGl6ZSBURUUgbWVjaGFuaXNtcy4mcXVvdDsgQWdhaW4sIEknbSBtb3RpdmF0ZWQgYnkgdGhl IHNhbWUgcHVycG9zZS4NCiAmbmJzcDsmcXVvdDtQYXJ0IG9mIHRoaXMgZGV2ZWxvcG1lbnQgb2Yg T1RyUCAoZnJvbSBteSBwZXJzcGVjdGl2ZSkgaXMgYmVpbmcgbGVzcyBub3JtYXRpdmUgYWJvdXQg dGhlIGV4YWN0IGxvY2F0aW9uIGFuZCBpbnN0YW50aWF0aW9uIG9mIGNlcnRhaW4gcGFydGllcyAo cGFydGljdWxhcmx5IHRoZSBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUgb3BlcmF0aW9ucyBh bmQgYWN0aXZpdGllcyBhdCBwYXJ0aWN1bGFyICdzZXJ2aWNlIGFjY2VzcyBwb2ludHMnIG9mDQog dGhlIHByb3RvY29sLiZxdW90OyAmbmJzcDtJIGJlbGlldmUgdGhhdCBpcyBhIGdyZWF0IHN1Z2dl c3Rpb24sIGFuZCBJJ20gZnVsbHkgc3VwcG9ydGl2ZS4gJm5ic3A7U3RpbGwgbXkgY2xhcmlmeWlu ZyBxdWVzdGlvbiByZWxhdGVzIHRvIHRoZSZuYnNwO2Rlc2lyZSZuYnNwOyZxdW90O3RvIGRlZmlu ZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlvbiBvZiBhIFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJv dG9jb2wgdGhhdCBpcyBhcHBsaWNhYmxlIHRvIGEgd2lkZSBzZXQgb2YgVEVFcy4mcXVvdDsgJm5i c3A7SSdtIGVhZ2VyDQogdG8gc3VwcG9ydCBhIHdpZGUgc2V0IG9mIFRFRSwgaW5jbHVkaW5nIGJv dGggU0dYIGFuZCBUWiBiYXNlZCBURUUuICZuYnNwOyBNeSBxdWVzdGlvbiBpcywgJnF1b3Q7ZG8g d2UgbmVlZCB0byBhYmFuZG9uIHRoZSBHbG9iYWwgUGxhdGZvcm0gKEdQKSZuYnNwO2RlZmluaXRp b24gb2YgYSBURUUgdG8gc3VwcG9ydCBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFPyZxdW90OyAm bmJzcDtJIGJlbGlldmUgdGhhdCB3ZSBkbyBOb3QgbmVlZCB0byBhYmFuZG9uIHRoZSBHUCBkZWZp bml0aW9uIG9mIGENCiBURUUgdG8gc3VwcG9ydCBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFLCBi dXQgSSdkIGJlIGVhZ2VyIHRvIGdldCB5b3VyIHZpZXcgaGVyZSBhcyB5b3UndmUgZnJhbWVkIHRo ZSByZXN0IHNvIHZlcnkgd2VsbC4gJm5ic3A7TGFzdCwgZWl0aGVyIHdheSwmbmJzcDsmcXVvdDtJ IGJlbGlldmUgSUVURiBpcyBleGFjdGx5IHRoZSBwbGFjZSB0byBoYXZlIHRoaXMgY29udmVyc2F0 aW9uIGFuZCBkZWZpbmUgYSB2ZXJ5IG9wZW4gYW5kIGluY2x1c2l2ZSBwcm90b2NvbC4mcXVvdDsg Jm5ic3A7QWdhaW4sDQogSSBhZ3JlZSBjb21wbGV0ZWx5LiAmbmJzcDs8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQpUaGFuayBZb3UgQWdhaW4hPGJyIGNsYXNzPSIiPg0KQnJpYW48YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpGcm9tOiBURUVQICZsdDs8YSBo cmVmPSJtYWlsdG86dGVlcC1ib3VuY2VzQGlldGYub3JnIiBjbGFzcz0iIj50ZWVwLWJvdW5jZXNA aWV0Zi5vcmc8L2E+Jmd0OyBvbiBiZWhhbGYgb2YgV2hlZWxlciwgRGF2aWQgTSAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmRhdmlkLm0ud2hlZWxlckBpbnRlbC5jb20iIGNsYXNzPSIiPmRhdmlkLm0ud2hl ZWxlckBpbnRlbC5jb208L2E+Jmd0OzxiciBjbGFzcz0iIj4NClNlbnQ6IFdlZG5lc2RheSwgQXBy aWwgNSwgMjAxNyA5OjM0IEFNPGJyIGNsYXNzPSIiPg0KVG86ICdKZXJlbXkgTydEb25vZ2h1ZSc7 IFRlcm8gS2l2aW5lbjxiciBjbGFzcz0iIj4NCkNjOiBIYW5uZXMgVHNjaG9mZW5pZzsgdGVlcDxi ciBjbGFzcz0iIj4NClN1YmplY3Q6IFtFWFRdIFJlOiBbVGVlcF0gTXkgQm9GIGltcHJlc3Npb248 YnIgY2xhc3M9IiI+DQombmJzcDsgPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSSdtIGEg Yml0IGJlaGluZCBvbiB0aGUgdGhyZWFkLCBidXQgd2FudCB0byByZXNwb25kIHRvIEplcmVteSdz IG9yaWdpbmFsIGNvbW1lbnQuPGJyIGNsYXNzPSIiPg0KJm5ic3A7PGJyIGNsYXNzPSIiPg0KRmly c3QsIEkgdGhpcyBpcyBleGFjdGx5IHRoZSB0eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRv IGhhdmUuIFRoYW5rcyBmb3Iga2lja2luZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5LjxiciBjbGFz cz0iIj4NCkkgYWdyZWUgd2l0aCB5b3VyIHBlcmNlcHRpb24gb2YgdGhlIHR3byBncm91cHMsIHRo b3VnaCBJIHRoaW5rIGl0IGlzIGltcG9ydGFudCB0byB1bmRlcnN0YW5kIHRoZSBtb3RpdmF0aW9u cyBpbiB0aGUgc2Vjb25kIGdyb3VwLCBzaW5jZSB0aGV5IG1heSBiZSB2YXJpZWQuDQo8YnIgY2xh c3M9IiI+DQombmJzcDs8YnIgY2xhc3M9IiI+DQpJIHdpbGwgcHV0IG15c2VsZiB2b2x1bnRhcmls eSBpbiB0aGUgc2Vjb25kIGJ1Y2tldC4gSSB3aWxsIHByZXNlbnQgbXkgcGVyc29uYWwgcGVyc3Bl Y3RpdmUsIHdoaWNoIG1heSBiZSBkaWZmZXJlbnQgZnJvbSBvdGhlcnMgaW4gdGhlICZxdW90O3Nl Y29uZCBncm91cCZxdW90Oy48YnIgY2xhc3M9IiI+DQombmJzcDs8YnIgY2xhc3M9IiI+DQpGb3Ig bXlzZWxmLCBJIGFtIGxvb2tpbmcgdG8gZGVmaW5lIGEgbW9yZSBhYnN0cmFjdCBkZWZpbml0aW9u IG9mIGEgVEVFLCBhbmQgZGVzaXJpbmcgYSBwcm90b2NvbCB0aGF0IGlzIGFwcGxpY2FibGUgdG8g YSB3aWRlIHNldCBvZiBURUVzLiBGcm9tIG15IHBlcnNwZWN0aXZlLCAmbmJzcDtsb29raW5nIGF0 IFRFRXMgdGhhdCBJbnRlbCBoYXMgaW4gdGhlIG1hcmtldHBsYWNlLCBhbmQgYWxzbyBoYXZpbmcg d29ya2VkIGZvciBzZXZlcmFsIHllYXJzIG9uIEludGVsJ3MNCiBYU2NhbGUgcHJvY2Vzc29ycyAo YW5kIGFtIHRodXMgZmFtaWxpYXIgd2l0aCBUWiksIHRoZSBjdXJyZW50IE9UclAgZHJhZnQgYWRk cmVzc2VzIFRydXN0IFpvbmUgY29uY2VybnMgd2l0aG91dCByZWFsbHkgY29uc2lkZXJpbmcgb3Ro ZXIgVEVFcy4gVGhpcyBpcyBteSAmbmJzcDtwZXJjZXB0aW9uLCBvZiBjb3Vyc2UuPGJyIGNsYXNz PSIiPg0KJm5ic3A7PGJyIGNsYXNzPSIiPg0KSXQgaXMgYWxzbyBteSBvcGluaW9uIHRoYXQgYW4g SUVURiBwcm90b2NvbCBzaG91bGQgZG8gbW9yZSB0aGFuIGFkZHJlc3MgaW1wbGVtZW50YXRpb24g c3BlY2lmaWMgY29uY2VybnMuPGJyIGNsYXNzPSIiPg0KSSBhbSBtb3RpdmF0ZWQgdG8gd29yayBq b2ludGx5IG9uIGRldmVsb3BpbmcgT1RyUCB0byBhZGRyZXNzIGEgd2lkZXIgc2V0IG9mIGNvbmNl cm5zIGNvbW1vbiB0byBURUVzIGFuZCB0aGVpciBlbnZpcm9ubWVudHMsIHdpdGggdGhlIHB1cnBv c2Ugb2YgZXhwYW5kaW5nIHRoZSAmbmJzcDtlYXNlIHdpdGggd2hpY2ggdGhlIG1hcmtldHBsYWNl IGNhbiB1dGlsaXplIFRFRSBtZWNoYW5pc21zLjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFz cz0iIj4NClBhcnQgb2YgdGhpcyBkZXZlbG9wbWVudCBvZiBPVHJQIChmcm9tIG15IHBlcnNwZWN0 aXZlKSBpcyBiZWluZyBsZXNzIG5vcm1hdGl2ZSBhYm91dCB0aGUgZXhhY3QgbG9jYXRpb24gYW5k IGluc3RhbnRpYXRpb24gb2YgY2VydGFpbiBwYXJ0aWVzIChwYXJ0aWN1bGFybHkgdGhlICZuYnNw O1RTTSkgYW5kIGJlIHNwZWNpZmljIG9uIHRoZSBvcGVyYXRpb25zIGFuZCBhY3Rpdml0aWVzIGF0 IHBhcnRpY3VsYXIgJnF1b3Q7c2VydmljZSBhY2Nlc3MgcG9pbnRzJnF1b3Q7IG9mIHRoZQ0KIHBy b3RvY29sLiBNeSBwb2ludCBoZXJlIGlzIHRoYXQgT1RyUCBpbiBpdHMgY3VycmVudCByZW5kaXRp b24gaXMgJmx0O2VtcGhhc2lzJmd0OyB0b28gJmx0Oy9lbXBoYXNpcyZndDsgaW1wbGVtZW50YXRp b24gc3BlY2lmaWMgYW5kIHRvbyBub3JtYXRpdmUgaW4gaXRzIGRlc2NyaXB0aW9uIG9mIHRoZSAm bmJzcDttYXJrZXRwbGFjZS4gSSBiZWxpZXZlIHRoaXMgaXMgZmluZSBhcyBhbiBleGFtcGxlLCBi dXQgbm90IGFzIHBhcnQgb2YgdGhlIHByb3RvY29sLjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBj bGFzcz0iIj4NCkkgYmVsaWV2ZSBJRVRGIGlzIGV4YWN0bHkgdGhlIHBsYWNlIHRvIGhhdmUgdGhp cyBjb252ZXJzYXRpb24gYW5kIGRlZmluZSBhIHZlcnkgb3BlbiBhbmQgaW5jbHVzaXZlIHByb3Rv Y29sLiBJIHJlYWxpemUgdGhhdCB0YWtlcyBzb21lIHRpbWUuIEkgbG9vayBmb3J3YXJkICZuYnNw O3RvIGhhdmluZyB0aGlzIGNvbnZlcnNhdGlvbiBpbiBtb3JlIGRldGFpbC48YnIgY2xhc3M9IiI+ DQombmJzcDs8YnIgY2xhc3M9IiI+DQpUaGFua3MsPGJyIGNsYXNzPSIiPg0KRGF2ZSBXaGVlbGVy PGJyIGNsYXNzPSIiPg0KJm5ic3A7PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KRnJvbTogVEVFUCBbPGEgaHJlZj0ibWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9y ZyIgY2xhc3M9IiI+bWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9yZzwvYT5dIE9uIEJlaGFsZiBP ZiBKZXJlbXkgTydEb25vZ2h1ZTxiciBjbGFzcz0iIj4NClNlbnQ6IFR1ZXNkYXksIEFwcmlsIDQs IDIwMTcgNzoxMyBBTTxiciBjbGFzcz0iIj4NClRvOiBUZXJvIEtpdmluZW4gJmx0OzxhIGhyZWY9 Im1haWx0bzpraXZpbmVuQGlraS5maSIgY2xhc3M9IiI+a2l2aW5lbkBpa2kuZmk8L2E+Jmd0Ozxi ciBjbGFzcz0iIj4NCkNjOiBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOkhh bm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20iIGNsYXNzPSIiPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j b208L2E+Jmd0OzsgdGVlcCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnRlZXBAaWV0Zi5vcmciIGNsYXNz PSIiPnRlZXBAaWV0Zi5vcmc8L2E+Jmd0OzxiciBjbGFzcz0iIj4NClN1YmplY3Q6IFJlOiBbVGVl cF0gTXkgQm9GIGltcHJlc3Npb248YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDs8YnIgY2xhc3M9 IiI+DQombmJzcDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpP biA0IEFwciAyMDE3LCBhdCAxMjoyMSwgVGVybyBLaXZpbmVuICZsdDs8YSBocmVmPSJtYWlsdG86 a2l2aW5lbkBpa2kuZmkiIGNsYXNzPSIiPmtpdmluZW5AaWtpLmZpPC9hPiZndDsgd3JvdGU6PGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K TXkgZmVlbGluZyB0aGF0IHRoZSBtYWluIHF1ZXN0aW9uIHdoYXQgcGVvcGxlIGRpZCBub3QgdW5k ZXJzdGFuZCB3YXM6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KV2hhdCBpcyB0aGUgcmVh bCBkaWZmZXJlbmNlIGJldHdlZW4gVEVFUCBhbmQganVzdCBub3JtYWwgYXBwbGljYXRpb24gZG93 bmxvYWQuIEkuZS4sIHdoeSBzZXBhcmF0ZSBwcm90b2NvbCBpcyBuZWVkZWQuPGJyIGNsYXNzPSIi Pg0KSG93IGlzIHRoaXMgZGlmZmVyZW50IGZyb20ganVzdCBoYXZpbmcgcGVyaGFwcyBlbmNyeXB0 ZWQgc2lnbmVkIGFwcGxpY2F0aW9uIGJsb2IgZnJvbSB0aGUgbWFya2V0cGxhY2UgYW5kIGluc3Rh bGxpbmcgdGhhdC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpBdCBsZWFzdCB0aGF0IHdh cyBteSBtYWluIHF1ZXN0aW9uIHdoZW4gd2UgZGlzY3Vzc2VkIHRoaXMgYmVmb3JlIHRoZSBCb0Yu PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KT2YgY291cnNlIGl0IGRvZXMgbm90IGhlbHAs IHRoYXQgd2hlbiB5b3UgYXNrIHRoYXQgcXVlc3Rpb24gZnJvbSBkaWZmZXJlbnQgcGVvcGxlIHlv dSBnZXQgZGlmZmVyZW50IGFuc3dlciwgYXMgdGhlIGlkZWEgb2Ygd2hhdCBURUVQIGlzIGRpZmZl cmVudCBmb3IgZGlmZmVyZW50IHBlb3BsZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQom bmJzcDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIHRoaW5rIHRoZXJlIGlzIGEgZGVn cmVlIG9mIHRhbGtpbmcgYXQgY3Jvc3MtcHVycG9zZXMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KJm5ic3A7PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhlcmUgaXMgb25lIGdy b3VwIC0gZXNzZW50aWFsbHkgdGhvc2Ugc3BvbnNvcmluZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBn cm91cCAtIHdoaWNoIGhhcyBhIHZlcnkgY2xlYXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdv dWxkIGxpa2UgVEVFUCB0byBiZSwgd2hpY2ggaXMgZXNzZW50aWFsbHkgdGhyZWUgdGhpbmdzOjxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCkEgbWVjaGFuaXNtIGZvciBtYW5hZ2luZyBUcnVzdGVkIEFwcGxpY2F0aW9ucyBhbmQg dGhlaXIgYXNzb2NpYXRlZCBzZWNyZXRzIGFuZCBrZXkgbWF0ZXJpYWwgaW4gYSBHbG9iYWxQbGF0 Zm9ybSBURUUgb3Igc29tZXRoaW5nIHRoYXQgaXMgY29uY2VwdHVhbGx5IHZlcnkgc2ltaWxhci48 YnIgY2xhc3M9IiI+DQpBIG1lY2hhbmlzbSBmb3IgZXN0YWJsaXNoaW5nIGEgY2hhaW4gb2YgdHJ1 c3Qgcm9vdGVkIGluIGZpcm13YXJlIGFuZCBjb3ZlcmluZyB0aGUgVEVFIGFuZCBwb3NzaWJseSBv dGhlciBzeXN0ZW0gY29tcG9uZW50cyB1cCB0byBhbmQgaW5jbHVkaW5nIHRoZSBleGVjdXRpbmcg VGFzayBpbiBhIFNlY3VyaXR5IERvbWFpbi48YnIgY2xhc3M9IiI+DQpBIG1lY2hhbmlzbSAtIHRh cmdldGVkIGF0IHBob25lIGFuZCB0YWJsZXQgdHlwZSBkZXZpY2VzIC0gd2hpY2ggb3BlcmF0ZXMg aW5kZXBlbmRlbnRseSBvZiB0aGUgJnF1b3Q7QXBwIFN0b3JlJnF1b3Q7IG1lY2hhbmlzbSwgYW5k IGlzIGJhc2VkIG9uIGEgUEtJIGluZnJhc3RydWN0dXJlIGFsbG93aW5nIFNlcnZpY2UgUHJvdmlk ZXJzIHRvIG1hbmFnZSB0aGUgVHJ1c3RlZCBBcHBsaWNhdGlvbnMgdGhleSBjb250cm9sICZuYnNw O3dpdGhvdXQgdGhlIG5lZWQgZm9yIHVzZXIgaW50ZXJ2ZW50aW9uLjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBkcmFm dCBzcGVjaWZpY2F0aW9uIHZlcnkgY2xlYXJseSBhZGRyZXNzZXMgc3VjaCBhIHN5c3RlbS4gVW5k ZXJzdGFuZGluZyBpdCBmdWxseSByZXF1aXJlcyBjb25zaWRlcmFibGUgZmFtaWxpYXJpdHkgd2l0 aCB0aGUgR2xvYmFsUGxhdGZvcm0gVEVFIHNwZWNpZmljYXRpb25zLCBzaW5jZSBtdWNoIG9mIHRo ZSB0ZXJtaW5vbG9neSBhbmQgYXJjaGl0ZWN0dXJhbCBhc3N1bXB0aW9ucyBhcmUgZGVyaXZlZCBm cm9tICZuYnNwO3RoZXNlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZXJlIGlzIGEgc2Vjb25kIGdyb3VwIHdoaWNoIGlz IHN0YXJ0aW5nIGZyb20gYSBtb3JlIGFic3RyYWN0IHBvc2l0aW9uIG9mIHdoYXQgYSBURUUgc2hv dWxkIGxvb2sgbGlrZSBhbmQgd2hhdCBzZWN1cml0eSBzZXJ2aWNlcyBpdCBtaWdodCB0aGVuIHBy b3ZpZGUgdG8gYSBzeXN0ZW0gYW5kIGhvdyB0aGUgY29udHJvbCBvZiB0aGVzZSBjb3VsZCBiZSBz dHJ1Y3R1cmVkLiBUaGlzIGlzIGEgY29tcGxldGVseSBkaWZmZXJlbnQgJm5ic3A7cHJvYmxlbSwg YW5kDQogbGlrZWx5IGEgbXVjaCBicm9hZGVyIG9uZSB3aGljaCBpcyBkaWZmaWN1bHQgdG8gZW5j YXBzdWxhdGUgaW4gYSBzbWFsbCBzY29wZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUcnlpbmcgdG8gbWFr ZSB0aGUgYXJjaGl0ZWN0dXJlIHRvbyBnZW5lcmljIGFsc28gY29uZnVzZXMgdGhpbmdzLiBJdCBt aWdodCBiZSBiZXR0ZXIgdG8gaGF2ZSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUgd2l0aCBtb3JlIGxp bWl0ZWQgc2NvcGUsIHRoYXQgd291bGQgZXhwbGFpbiB0aGluZ3Mgd2hhdCBURUVQIHNob3VsZCBw cm92aWRlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkZvciBleGFtcGxlOjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjEpIFRFRVAgcHJvdmlkZXMgYSB3YXkgdG8gaW5zdGFsbCBz b2Z0d2FyZSBmcm9tIHRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFjZSB0 byB0aGUgVEVFIHJ1bm5pbmcgaW5zaWRlIGRldmljZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQoyKSBUaGUgU2VjdXJlIHRydXN0ZWQgYXBwbGlhdGlvbiBtYXJrZXRwbGFjZSBuZWVkcyB0 byBiZSBhYmxlIHRvIHZlcmlmeSB0aGF0IHRoZSBURUUgd2FudGluZyB0byBpbnN0YWxsIGFuIGFw cGxpY2F0aW9uIGlzIGFjdHVhbCBURUUsIGFuZCBub3Qgc29tZSBmYWtlIGRldmljZSwgZm9yIGV4 YW1wbGUgdXNpbmcgc2lnbmF0dXJlIGZyb20gdGhlIGtleSBpbnN0YWxsZWQgYnkgdGhlIG1hbnVm YWN0dXJlciB3aGljaCBpcyB1c2VkIHRvIHNpZ24gdGhlDQogaW5zdGFsbGF0aW9uIHJlcXVlc3Qu PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KMykgVGhlIFNlY3VyZSB0cnVzdGVkIGFwcGxp Y2F0aW9uIG1hcmtldHBsYWNlIGNhbiB0aGVuIGVuY3J5cHQgdGhlIHRydXN0ZWQgYXBwbGljYXRp b24gd2l0aCBURUUgc3BlY2lmaWMga2V5LCBzbyB0aGF0IG5vYm9keSBlbHNlIHRoYW4gVEVFIGNh biBkZWNyeXB0IGFuZCBpbnN0YWxsIGl0LiBUaGlzIHdpbGwgcHJldmVudCBsZWFraW5nIG91dCBj b25maWRlbnRpYWwgbWF0ZXJpYWwgaW5zaWRlIHRoZSBhcHBsaWNhdGlvbi48YnIgY2xhc3M9IiI+ DQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwgcGFja2FnZSBtaWdodCBhbHNvIGJlIHBlcnNv bmFsaXplZCBmb3IgdGhlIHNwZWNpZmljIFRFRS4gU2VjdXJlIHRydXN0ZWQgYXBwbGljYXRpb24g bWFya2V0cGxhY2Ugd2lsbCBhbHNvIHNpZ24gdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGFs bCBwYWNrYWdlLCBzbyBURUUgY2FuIHZlcmlmeSBpdCBpcyBhdXRoZW50aWMuPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KNCkgVEVFIHdpbGwgdmVyaWZ5IHRoZSBzaWduYXR1cmUgb2YgdGhl IHRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGFsbCBwYWNrYWdlLCBhbmQgY2hlY2sgdGhhdCBzaWdu ZXIgaXMgdHJ1c3RlZCwgYW5kIHRoZW4gaXQgd2lsbCBkZWNyeXB0IHRoZSBwYWNrYWdlLCBhbmQg aW5zdGFsbCBpdC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo1KSBUaGUgYXBwbGljYXRp b24gcnVubmluZyBvbiB0aGUgUkVFIHNpZGUgbWlnaHQgbmVlZCB0byB2ZXJpZnkgdGhhdCB0aGUg dHJ1c3RlZCBhcHBsaWNhdGlvbiBwYXJ0IG9mIGl0IGhhcyBiZWVuIHByb3Blcmx5IGluc3RhbGxl ZCB0byByZWFsIFRFRSwgc28gaXQgY2FuIHRydXN0IGl0IGRvaW5nIGl0cyBqb2IuIEkgYW0gbm90 IHN1cmUgaWYgdGhpcyB3aWxsIGJlIHBhcnQgb2YgdGhlIFRFRVAgb3Igbm90Li4uPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KSXMgbXkgdW5kZXJzdGFuZGluZyBvZiBURUVQIGNvcnJlY3Q/ IEkgZG8gbm90IGtub3csIGFuZCBJIGFzc3VtZSBvdGhlciBwZW9wbGUgaGF2ZSBkaWZmZXJlbnQg aWRlYXMgd2hhdCBzaG91bGQgb3Igc2hvdWxkIG5vdCBiZSBwYXJ0IG9mIGl0LjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkkg dGhpbmsgdGhpcyBpcyBhIHByZXR0eSBnb29kIGV4cGxhbmF0aW9uIG9mIHdoYXQgdGhlIGZpcnN0 IGdyb3VwIHdvdWxkIGxpa2UgdG8gc2VlLjxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCkJlc3QgcmVnYXJkczxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCkplcmVteTxiciBjbGFzcz0iIj4NCiZuYnNwOzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4N CjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_A7F6BAAB091B4CF69C5D105099F72920qtiqualcommcom_-- From nobody Thu Apr 20 08:09:05 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB503129A9A for ; Thu, 20 Apr 2017 08:09:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.911 X-Spam-Level: X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intercedeltd.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22Od59BTwQIp for ; Thu, 20 Apr 2017 08:08:57 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0047.outbound.protection.outlook.com [104.47.1.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A06C129A92 for ; Thu, 20 Apr 2017 08:08:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=IntercedeLtd.onmicrosoft.com; s=selector1-intercede-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ggwLihZoGiV7kMHhClwgwJ6LvJREwx+eMDhW6fkmvq8=; b=agyLAWOpA/o8h9Ntu6BXXLZx28K9bFhb7kAN6sB3MuBCRzEw3ShnYmlMHlsoWG/mBJCAgwjist3tboj4Qx+N5EcC78bn9wbG9Cojw8r/o22jMnjLVshffpKbXhxJz8oZMow1TemDL1h2ai0b7CcU88lh1FDL3OUG1qN2TY5D7gc= Received: from VI1PR06MB3215.eurprd06.prod.outlook.com (10.170.230.150) by VI1PR06MB3214.eurprd06.prod.outlook.com (10.170.230.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Thu, 20 Apr 2017 15:08:53 +0000 Received: from VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) by VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) with mapi id 15.01.1034.018; Thu, 20 Apr 2017 15:08:53 +0000 From: Nick Cook To: Jeremy O'Donoghue CC: Brian Witten , "Wheeler, David M" , Tero Kivinen , Hannes Tschofenig , teep Thread-Topic: [Teep] [EXT] Re: My BoF impression Thread-Index: AQHSrj7kgfMQPCsZ50C+ThMeqevc16HODLIggAAQ6oCAAFGdEA== Date: Thu, 20 Apr 2017 15:08:53 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: qti.qualcomm.com; dkim=none (message not signed) header.d=none;qti.qualcomm.com; dmarc=none action=none header.from=intercede.com; x-originating-ip: [80.2.227.94] x-microsoft-exchange-diagnostics: 1; VI1PR06MB3214; 7:HLs+qRpEEBxbFOuim7cyCuHeziJwUUK2llacp6EI2BhNkkGOF3eGOqgIR1Wn7YnQHaikeOysndAoarWqSp/VfCxAQRsQQc6+NJuBvFyX1ZeErJcDurkgQ+buexp7hl6o5KlThVkdlHcRh2HobPYMiGYrHFEp+JTl8ney17Bi+0OViEF/JiFmPdYNLg/RhjVXO+QuUIdFkcgfTZD8KgO9cg9J3BL+4j11eaFsfnabridD1+hgRCSNjcCE2/s0FKHK5nBDLoTWyZYftn30mnnDPuOEbdrSPo9ayBjmzCvz0nM5KhR2EOwJyuUr1cqAG4ZFe3ZVbBmwyJLfnLks6QaWXA== x-ld-processed: 1075719f-f133-43d2-8156-800f80fef316,ExtAddr x-ms-office365-filtering-correlation-id: 0ab34300-0fcb-4ff1-2658-08d487ff28c7 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR06MB3214; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(180628864354917)(278428928389397)(192374486261705)(176510541525296)(21748063052155)(228905959029699)(17755550239193); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123560025)(20161123564025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:VI1PR06MB3214; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB3214; x-forefront-prvs: 02830F0362 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39450400003)(39410400002)(39830400002)(39400400002)(377454003)(57704003)(24454002)(51414003)(13464003)(236005)(54906002)(99286003)(4326008)(54896002)(9686003)(6306002)(2950100002)(5660300001)(7736002)(53936002)(6916009)(66066001)(6246003)(110136004)(38730400002)(74316002)(25786009)(6506006)(77096006)(55016002)(86362001)(53546009)(93886004)(54356999)(76176999)(7696004)(50986999)(189998001)(3660700001)(8676002)(8936002)(81166006)(6116002)(3846002)(790700001)(33656002)(102836003)(2900100001)(2906002)(3280700002)(122556002)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR06MB3214; H:VI1PR06MB3215.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_VI1PR06MB32158562AC6F19FE0CFC3C65FF1B0VI1PR06MB3215eurp_" MIME-Version: 1.0 X-OriginatorOrg: intercede.com X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2017 15:08:53.3630 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1075719f-f133-43d2-8156-800f80fef316 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB3214 Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 15:09:03 -0000 --_000_VI1PR06MB32158562AC6F19FE0CFC3C65FF1B0VI1PR06MB3215eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SXQgc2VlbXMgd2UgYXJlIGFsc28gaW4gYWdyZWVtZW50LiBJIHRvbyB3cm90ZSB0aGF0IEkgdGhp bmsgR1AgZGVmaW5pdGlvbiBpcyBhIGdvb2Qgc3RhcnRpbmcgcG9pbnQgZm9yIHRoaXMgaW4gbXkg cHJldmlvdXMgcG9zdC4NCg0KDQpNeSBzdWdnZXN0aW9uIGFzIGEgd2F5IHRvIHN0YXJ0IHRvIGFs aWduIHRoZSBncm91cHMgd291bGQgYmUgZm9yIHVzIHRvIHN0YXRlIGhvdyB0aGUgR1AgZGVmaW5p dGlvbiBtYXBzIG9udG8gdGhlIGRpZmZlcmVudCBjb25jcmV0ZSByZWFsaXphdGlvbnMgb2YgVEVF LiBZb3XigJl2ZSBiZWd1biB0aGF0IHByb2Nlc3MgYmVsb3cgZm9yIHRoZSBoeXBlcnZpc29yIGVu dmlyb25tZW50IEkgbWVudGlvbmVkIGFuZCB3ZSBzaG91bGQgY29tcGxldGUgdGhhdC4gSWYgd2Ug dGhlbiBmaW5kIHRocm91Z2ggdGhpcyBwcm9jZXNzIHRoYXQgd2UgY2Fubm90IG1ha2UgdGhlIG1h cHBpbmcgZm9yIGFuIGVudmlyb25tZW50IHdlIGNhbiByZWxvb2sgYXQgdGhlIGRlZmluaXRpb24u IEFzIGEgc3RhcnRlciBJIHN1Z2dlc3Qgd2UgbmVlZCB0byBjb3ZlciBUcnVzdHpvbmUsIGhhcmR3 YXJlIGJhY2tlZCBoeXBlcnZpc29yLCBTR1guIEFueSBvdGhlcnM/DQoNClRoaXMgc2hvdWxkIHRl YXNlIG91dCB3aGljaCBzcGVjaWZpYyBhc3BlY3RzIG9mIHRoZSBHUCBkZWZpbml0aW9uIGFyZSBu b3QgZ2VuZXJpYyBlbm91Z2gsICoqIGlmIGFueSAqKiwgYW5kIEkgaG9wZSB0aGF0IHRoZW4gcHJv dmlkZXMgYSBiYXNlbGluZSBmb3IgYWxsIHRvIHNlZSBob3cgT1RyUCBpcyByZWxldmFudCB0byBh IHBhcnRpY3VsYXIgY29uZmlndXJhdGlvbiBvciBhcmNoaXRlY3R1cmUuDQoNClRob3VnaHRzPw0K DQpOaWNrIENvb2sNCkZyb206IEplcmVteSBPJ0Rvbm9naHVlIFttYWlsdG86am9kb25vZ2hAcXRp LnF1YWxjb21tLmNvbV0NClNlbnQ6IDIwIEFwcmlsIDIwMTcgMTE6MDENClRvOiBOaWNrIENvb2sg PE5pY2suQ29va0BpbnRlcmNlZGUuY29tPg0KQ2M6IEJyaWFuIFdpdHRlbiA8YnJpYW5fd2l0dGVu QHN5bWFudGVjLmNvbT47IFdoZWVsZXIsIERhdmlkIE0gPGRhdmlkLm0ud2hlZWxlckBpbnRlbC5j b20+OyBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtpLmZpPjsgSGFubmVzIFRzY2hvZmVuaWcgPEhh bm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyB0ZWVwIDx0ZWVwQGlldGYub3JnPg0KU3ViamVjdDog UmU6IFtUZWVwXSBbRVhUXSBSZTogTXkgQm9GIGltcHJlc3Npb24NCg0KVGhlIEdQIGRlZmluaXRp b24gb2YgYSBURUVbMV0gaXMgbm90IHRpZWQgdG8gVHJ1c3R6b25lIGluIGFueSB3YXksIGFuZCBJ IHNlZSBub3RoaW5nIHRvIHN1Z2dlc3QgdGhhdCBpdCBwcmVjbHVkZXMgdGhlIHR5cGUgb2YgaHlw ZXJ2aXNvci1iYXNlZCBlbnZpcm9ubWVudCB5b3UgZGVzY3JpYmUuDQoNCldoYXQgR2xvYmFsUGxh dGZvcm0gc2F5cyAoWzFdLCBTZWN0aW9uIDIuMi4xKSwgaXM6DQoNClRoZSBwcmltYXJ5IHB1cnBv c2Ugb2YgYSBURUUgaXMgdG8gcHJvdGVjdCBpdHMgYXNzZXRzIGZyb20gdGhlIFJFRQ0KYW5kIG90 aGVyIGVudmlyb25tZW50cy4NCi0gVGhpcyBpcyBhY2hpZXZlZCB0aHJvdWdoIGhhcmR3YXJlIG1l Y2hhbmlzbXMgdGhhdCB0aG9zZSBvdGhlcg0KICBlbnZpcm9ubWVudHMgY2Fubm90IGNvbnRyb2wu DQoNClRoaXMgcHJvdGVjdGlvbiBhbHdheXMgaW5jbHVkZXMgcHJvdGVjdGlvbiBhZ2FpbnN0IG90 aGVyIGV4ZWN1dGlvbg0KZW52aXJvbm1lbnRzLg0KW+KApl0NClRoZSBURUUgaXMgaW5zdGFudGlh dGVkIHRocm91Z2ggYSBzZWN1cmUgYm9vdCBwcm9jZXNzIHVzaW5nIGFzc2V0cw0KYm91bmQgdG8g dGhlIFNvQyBvciB0aGUgT2ZmLVNvQyBTZWN1cml0eSBQcm9jZXNzb3IgYW5kIGlzb2xhdGVkDQpm cm9tIHRoZSBSRUUuDQotIFRoZSBpbnRlZ3JpdHkgYW5kIGF1dGhlbnRpY2l0eSBnYWluZWQgdGhy b3VnaCBzZWN1cmUgYm9vdDoNCiAgLSBFeHRlbmRzIHRocm91Z2hvdXQgdGhlIGxpZmV0aW1lIG9m IHRoZSBURUUuDQogIC0gSXMgcmV0YWluZWQgdGhyb3VnaCBhbnkgc3RhdGUgdHJhbnNpdGlvbnMg aW4gdGhlIHN5c3RlbSBzdWNoDQogICAgYXMgcG93ZXIgdHJhbnNpdGlvbnMgb3IgY29yZSBtaWdy YXRpb24uDQoNCkl0IGZ1cnRoZXIgZGVmaW5lcyB0aGUgdHJhbnNpdGlvbiBmcm9tIHRoZSBub24t c2VjdXJlIHRvIHNlY3VyZSB3b3JsZCBpbiBhIGZhaXJseSBhYnN0cmFjdCBtYW5uZXIgd2hpY2gg Y292ZXJzIHRoZSBoeXBlcnZpc29yIHVzZSBjYXNlIHN1ZmZpY2llbnRseSwgSSB0aGluayAoWzFd LCBTZWN0aW9uIDIuMi4zKToNCg0KVGhlIG9ubHkgd2F5IGZvciB0aGUgUkVFIHRvIGdldCBhY2Nl c3MgdG8gdHJ1c3RlZCByZXNvdXJjZXMgaXMgdmlhDQphbnkgQVBJIGVudHJ5IHBvaW50cyBvciBz ZXJ2aWNlcyBleHBvc2VkIGJ5IHRoZSBURUUgYW5kIGFjY2Vzc2VkDQp0aHJvdWdoLCBmb3IgZXhh bXBsZSwgdGhlIFRFRSBDbGllbnQgQVBJLiBUaGlzIGRvZXMgbm90IHByZWNsdWRlDQp0aGUgY2Fw YWJpbGl0eSBvZiB0aGUgUkVFIHBhc3NpbmcgYnVmZmVycyB0byB0aGUgVEVFIChhbmQgdmljZSB2 ZXJzYSkNCmluIGEgY29udHJvbGxlZCBhbmQgcHJvdGVjdGVkIG1hbm5lci4NCg0KSW4gc2hvcnQs IEkgYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZSBHUCBkZWZpbml0aW9uIG9mIGEgVEVFIGlzIGEg cmVhc29uYWJsZSBzdGFydGluZyBwb2ludCBmb3IgZGlzY3Vzc2lvbiwgYnV0IEkgc3Ryb25nbHkg c3VwcG9ydCBJRVRGIGV4cGxvcmluZyBvdGhlciB1c2UgY2FzZXMgYW5kIHN5c3RlbSBhcmNoaXRl Y3R1cmVzIHRoYXQgR1AgaGFzIG5vdCBhZGRyZXNzZWQgLSBpdCBzZWVtcyB0byBtZSB0aGF0IHRo aXMgaXMgd2hlcmUgdGhlIGdyZWF0ZXN0IHZhbHVlIHdvdWxkIGJlIGdlbmVyYXRlZCBmb3IgdGhl IGVjb3N5c3RlbS4NCg0KSSBhbSBjb25jZXJuZWQgdGhhdCBpdCB3aWxsIGJlIGNoYWxsZW5naW5n IHRvIG1vdmUgZm9yd2FyZCBlZmZlY3RpdmVseSB3aGVuIG1hbnkgcGFydGljaXBhbnRzIGFyZSB1 bmZhbWlsaWFyIHdpdGggdGhlIEdQIHN0YW5kYXJkcy1iYXNlIG9uIHdoaWNoIHRoZSBjdXJyZW50 IGRyYWZ0IGRyYXdzIGhlYXZpbHkgdW5sZXNzIHdlIGFyZSBhYmxlIHRvIHRha2Ugc3RlcHMgdG8g cmVtZWR5IHRoaXMuIEFyZSB0aGVyZSBhbnkgc3VnZ2VzdGlvbnMgYXMgdG8gaG93IHRoaXMgY291 bGQgYmUgbWFuYWdlZD8gSW4gc2hvcnQsIGhvdyBkbyB3ZSBhbGlnbiB0aGUgdHdvIGRpZmZlcmVu dCBncm91cHMgaW4gRGVlcCBtb3JlIGNsb3NlbHk/DQoNCkJlc3QgcmVnYXJkcw0KSmVyZW15DQoN ClsxXSBHbG9iYWxQbGF0Zm9ybSBURUUgU3lzdGVtIEFyY2hpdGVjdHVyZSwgVmVyc2lvbiAxLjEs IEphbnVhcnkgMjAxNy4NCg0KT24gMjAgQXByIDIwMTcsIGF0IDEwOjIwLCBOaWNrIENvb2sgPE5p Y2suQ29va0BpbnRlcmNlZGUuY29tPG1haWx0bzpOaWNrLkNvb2tAaW50ZXJjZWRlLmNvbT4+IHdy b3RlOg0KDQpQZXJzb25hbGx5IHNwZWFraW5nLCBPVHJQIGlzIGFib3V0IGJlaW5nIGFibGUgdG8g aW5zdGFsbCBzZWN1cml0eSBhcHBsaWNhdGlvbnMgaW50byBhbiBlbnZpcm9ubWVudCB0aGF0IHBy b3ZpZGVzICJ0cnVzdGVkIiBoYXJkd2FyZSBiYWNrZWQgaXNvbGF0aW9uIGJldHdlZW4gdGhlIGRp ZmZlcmVudCBhcHBsaWNhdGlvbnMuIE9UclAgZG9lcyB0aGF0IGJ5IGVzdGFibGlzaGluZyBpdCBp cyB3b3JraW5nIGFnYWluc3QgdGhlIHJpZ2h0IGRldmljZSB0eXBlIGFuZCByaWdodCBpc29sYXRp b24gZW52aXJvbm1lbnQgdHlwZSBhbmQgdGhlbiBwcm9jZWVkcyB0byBpbnN0YWxsIHRoZSBhcHBs aWNhdGlvbiBpbiBhIHdheSB0aGF0IHByb3ZpZGVzIHByb3RlY3Rpb24gZm9yIGNvbmZpZGVudGlh bGl0eSBhbmQgaW50ZWdyaXR5LiBUaGUgdGVybSBURUUgaXMgcHJvYmFibHkgdG9vIG9mdGVuIGFz c29jaWF0ZWQgd2l0aCBhIHNwZWNpZmljIGZvcm11bGF0aW9uIG9mIGFuIGlzb2xhdGlvbiBlbnZp cm9ubWVudCBhbmQgdGhlcmVmb3JlIHRoaXMgaXMgcGVyaGFwcyB0aGUgZmlyc3QgdGhpbmcgd2Ug c2hvdWxkIG1vdmUgZm9yd2FyZC4NCg0KQXMgYW4gZXhhbXBsZSwgSSd2ZSBiZWVuIHdvcmtpbmcg b24gYSBoYXJkd2FyZSBiYWNrZWQgaHlwZXJ2aXNvciBlbnZpcm9ubWVudCB0aGF0IHVzZXMgT1Ry UCBmb3IgdGhlIGluc3RhbGxhdGlvbiBvZiB0aGUgZGlmZmVyZW50IGNvbnRhaW5lcnMvZG9tYWlu cyBhbmQgdGhlIHZpcnR1YWwgbWFjaGluZSBjb250ZW50cyB0aGF0IGdvZXMgaW4gdGhlbS4gVGhl IHRydXN0IGNoYWluIGZyb20gT1RyUCBpcyBtZXQgYW5kIHRoZSBpc29sYXRpb24gb2YgYXBwbGlj YXRpb25zIGFuZCBrZXkgbWF0ZXJpYWwgdG8gdGhvc2UgYXBwbGljYXRpb25zIGlzIGFsc28gcHJv dmlkZWQuDQoNCkJhc2VkIG9uIHRoYXQgd29yayBhbmQgdGhpbmtpbmcgc3BlY2lmaWNhbGx5IHRv IG15IG9yaWdpbmFsIGdvYWxzIGZvciBPVHJQIHdoZW4gd2Ugc3RhcnRlZCB0aGlzIHdvcmsgYSBm ZXcgeWVhcnMgYmFjaywgSSB3b3VsZCBsaWtlIHRvIHN1cHBvcnQgRGF2ZSBXaGVlbGVyJ3MgY29t bWVudCBvbiBuZWVkaW5nIHRvIGZvcm11bGF0ZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlvbiBm b3IgVEVFLiBJIGFsc28gYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZSBHUCBkZWZpbml0aW9uIGRv ZXNuJ3QgbmVlZCB0byBiZSBhYmFuZG9uZWQgdG8gZG8gdGhhdCAtIEkgYmVsaWV2ZSwgZXhwcmVz c2VkIGluIHRoZSByaWdodCB3YXksIHRoZSBHUCBkZWZpbml0aW9uIG9mIGEgVEVFIGNvdmVycyB0 aGUgaGFyZHdhcmUgaHlwZXJ2aXNvciBjYXNlIEkgZGVzY3JpYmVkIGVhcmxpZXIgaW4gdGhlIGVt YWlsIGFsc28gYW5kIEknbSBzdXJlIGl0IGNhbiBjb3ZlciB0aGUgb3RoZXIgZW52aXJvbm1lbnRz IHRvby4NCg0KDQpJIGRvIGhvd2V2ZXIgdGhpbmsgaXQgaXMgaW1wb3J0YW50IHRoYXQgd2UgcmVz dHJpY3QgdG8gaXNvbGF0aW9uIGVudmlyb25tZW50cyB0aGF0IGFyZSBoYXJkd2FyZSBiYWNrZWQg YXMgdGhpcyBpcyBmdW5kYW1lbnRhbCB0byB0aGUgdHJ1c3QgbW9kZWwuDQoNCkkgYWxzbyBzdXBw b3J0IERhdmUncyBzdWdnZXN0aW9uIHRoYXQgd2UgY2FuIGJlIGxlc3Mgbm9ybWF0aXZlIG9uIGV4 YWN0IGxvY2F0aW9ucyBvZiB0aGUgZnVuY3Rpb25hbCBibG9ja3Mgb2YgT1RyUC4gSSB3b3VsZCBs aWtlIHRvIGhhdmUgYSBjb21wYW5pb24gZG9jdW1lbnQgdGhhdCBkb2VzIHByb3ZpZGUgZXhhbXBs ZSBkZXBsb3ltZW50cyBidXQgdGhlIGNvcmUgcHJvdG9jb2wgaXRzZWxmIGRvZXMgbm90IG5lZWQg dG8gYmUgbG9ja2VkIGRvd24gdG8gYSBzcGVjaWZpYyBkZXBsb3ltZW50IGFwcHJvYWNoLg0KDQoN Cg0KTmljayBDb29rDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogQnJpYW4gV2l0 dGVuIFttYWlsdG86YnJpYW5fd2l0dGVuQHN5bWFudGVjLmNvbV0NClNlbnQ6IDA1IEFwcmlsIDIw MTcgMTg6MDINClRvOiBXaGVlbGVyLCBEYXZpZCBNIDxkYXZpZC5tLndoZWVsZXJAaW50ZWwuY29t PG1haWx0bzpkYXZpZC5tLndoZWVsZXJAaW50ZWwuY29tPj47ICdKZXJlbXkgTydEb25vZ2h1ZScg PGpvZG9ub2doQHF0aS5xdWFsY29tbS5jb208bWFpbHRvOmpvZG9ub2doQHF0aS5xdWFsY29tbS5j b20+PjsgVGVybyBLaXZpbmVuIDxraXZpbmVuQGlraS5maTxtYWlsdG86a2l2aW5lbkBpa2kuZmk+ Pg0KQ2M6IEhhbm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPG1haWx0 bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPj47IHRlZXAgPHRlZXBAaWV0Zi5vcmc8bWFpbHRv OnRlZXBAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtUZWVwXSBbRVhUXSBSZTogTXkgQm9GIGlt cHJlc3Npb24NCg0KVGhhbmsgWW91IERhdmUhICBJJ2QgbGlrZSB0byBlY2hvICYgYWdyZWUgd2l0 aCBtYW55IG9mIHlvdXIgcG9pbnRzLCBidXQgYXNrIGZvciBhIGNsYXJpZmljYXRpb24gb24gb25l IGFzcGVjdC4gICJGaXJzdCwgSSAoYmVsaWV2ZSkgdGhpcyBpcyBleGFjdGx5IHRoZSB0eXBlIG9m IGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBmb3Iga2lja2luZyB0aGlzIG9m ZiB2ZXJ5IGRpcmVjdGx5LiIgIFdlbGwgU2FpZCwgVGhhbmsgWW91IEJvdGghICAiSSBhbSBtb3Rp dmF0ZWQgdG8gd29yayBqb2ludGx5IG9uIGRldmVsb3BpbmcgT1RyUCB0byBhZGRyZXNzIGEgd2lk ZXIgc2V0IG9mIGNvbmNlcm5zIGNvbW1vbiB0byBURUVzIGFuZCB0aGVpciBlbnZpcm9ubWVudHMs IHdpdGggdGhlIHB1cnBvc2Ugb2YgZXhwYW5kaW5nIHRoZSBlYXNlIHdpdGggd2hpY2ggdGhlIG1h cmtldHBsYWNlIGNhbiB1dGlsaXplIFRFRSBtZWNoYW5pc21zLiIgQWdhaW4sIEknbSBtb3RpdmF0 ZWQgYnkgdGhlIHNhbWUgcHVycG9zZS4gICJQYXJ0IG9mIHRoaXMgZGV2ZWxvcG1lbnQgb2YgT1Ry UCAoZnJvbSBteSBwZXJzcGVjdGl2ZSkgaXMgYmVpbmcgbGVzcyBub3JtYXRpdmUgYWJvdXQgdGhl IGV4YWN0IGxvY2F0aW9uIGFuZCBpbnN0YW50aWF0aW9uIG9mIGNlcnRhaW4gcGFydGllcyAocGFy dGljdWxhcmx5IHRoZSBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUgb3BlcmF0aW9ucyBhbmQg YWN0aXZpdGllcyBhdCBwYXJ0aWN1bGFyICdzZXJ2aWNlIGFjY2VzcyBwb2ludHMnIG9mIHRoZSBw cm90b2NvbC4iICBJIGJlbGlldmUgdGhhdCBpcyBhIGdyZWF0IHN1Z2dlc3Rpb24sIGFuZCBJJ20g ZnVsbHkgc3VwcG9ydGl2ZS4gIFN0aWxsIG15IGNsYXJpZnlpbmcgcXVlc3Rpb24gcmVsYXRlcyB0 byB0aGUgZGVzaXJlICJ0byBkZWZpbmUgYSBtb3JlIGFic3RyYWN0IGRlZmluaXRpb24gb2YgYSBU RUUsIGFuZCBkZXNpcmluZyBhIHByb3RvY29sIHRoYXQgaXMgYXBwbGljYWJsZSB0byBhIHdpZGUg c2V0IG9mIFRFRXMuIiAgSSdtIGVhZ2VyIHRvIHN1cHBvcnQgYSB3aWRlIHNldCBvZiBURUUsIGlu Y2x1ZGluZyBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFLiAgIE15IHF1ZXN0aW9uIGlzLCAiZG8g d2UgbmVlZCB0byBhYmFuZG9uIHRoZSBHbG9iYWwgUGxhdGZvcm0gKEdQKSBkZWZpbml0aW9uIG9m IGEgVEVFIHRvIHN1cHBvcnQgYm90aCBTR1ggYW5kIFRaIGJhc2VkIFRFRT8iICBJIGJlbGlldmUg dGhhdCB3ZSBkbyBOb3QgbmVlZCB0byBhYmFuZG9uIHRoZSBHUCBkZWZpbml0aW9uIG9mIGEgVEVF IHRvIHN1cHBvcnQgYm90aCBTR1ggYW5kIFRaIGJhc2VkIFRFRSwgYnV0IEknZCBiZSBlYWdlciB0 byBnZXQgeW91ciB2aWV3IGhlcmUgYXMgeW91J3ZlIGZyYW1lZCB0aGUgcmVzdCBzbyB2ZXJ5IHdl bGwuICBMYXN0LCBlaXRoZXIgd2F5LCAiSSBiZWxpZXZlIElFVEYgaXMgZXhhY3RseSB0aGUgcGxh Y2UgdG8gaGF2ZSB0aGlzIGNvbnZlcnNhdGlvbiBhbmQgZGVmaW5lIGEgdmVyeSBvcGVuIGFuZCBp bmNsdXNpdmUgcHJvdG9jb2wuIiAgQWdhaW4sIEkgYWdyZWUgY29tcGxldGVseS4NCg0KVGhhbmsg WW91IEFnYWluIQ0KQnJpYW4NCg0KDQpGcm9tOiBURUVQIDx0ZWVwLWJvdW5jZXNAaWV0Zi5vcmc8 bWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9yZz4+IG9uIGJlaGFsZiBvZiBXaGVlbGVyLCBEYXZp ZCBNIDxkYXZpZC5tLndoZWVsZXJAaW50ZWwuY29tPG1haWx0bzpkYXZpZC5tLndoZWVsZXJAaW50 ZWwuY29tPj4NClNlbnQ6IFdlZG5lc2RheSwgQXByaWwgNSwgMjAxNyA5OjM0IEFNDQpUbzogJ0pl cmVteSBPJ0Rvbm9naHVlJzsgVGVybyBLaXZpbmVuDQpDYzogSGFubmVzIFRzY2hvZmVuaWc7IHRl ZXANClN1YmplY3Q6IFtFWFRdIFJlOiBbVGVlcF0gTXkgQm9GIGltcHJlc3Npb24NCg0KDQpJJ20g YSBiaXQgYmVoaW5kIG9uIHRoZSB0aHJlYWQsIGJ1dCB3YW50IHRvIHJlc3BvbmQgdG8gSmVyZW15 J3Mgb3JpZ2luYWwgY29tbWVudC4NCg0KRmlyc3QsIEkgdGhpcyBpcyBleGFjdGx5IHRoZSB0eXBl IG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBmb3Iga2lja2luZyB0aGlz IG9mZiB2ZXJ5IGRpcmVjdGx5Lg0KSSBhZ3JlZSB3aXRoIHlvdXIgcGVyY2VwdGlvbiBvZiB0aGUg dHdvIGdyb3VwcywgdGhvdWdoIEkgdGhpbmsgaXQgaXMgaW1wb3J0YW50IHRvIHVuZGVyc3RhbmQg dGhlIG1vdGl2YXRpb25zIGluIHRoZSBzZWNvbmQgZ3JvdXAsIHNpbmNlIHRoZXkgbWF5IGJlIHZh cmllZC4NCg0KSSB3aWxsIHB1dCBteXNlbGYgdm9sdW50YXJpbHkgaW4gdGhlIHNlY29uZCBidWNr ZXQuIEkgd2lsbCBwcmVzZW50IG15IHBlcnNvbmFsIHBlcnNwZWN0aXZlLCB3aGljaCBtYXkgYmUg ZGlmZmVyZW50IGZyb20gb3RoZXJzIGluIHRoZSAic2Vjb25kIGdyb3VwIi4NCg0KRm9yIG15c2Vs ZiwgSSBhbSBsb29raW5nIHRvIGRlZmluZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlvbiBvZiBh IFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJvdG9jb2wgdGhhdCBpcyBhcHBsaWNhYmxlIHRvIGEgd2lk ZSBzZXQgb2YgVEVFcy4gRnJvbSBteSBwZXJzcGVjdGl2ZSwgIGxvb2tpbmcgYXQgVEVFcyB0aGF0 IEludGVsIGhhcyBpbiB0aGUgbWFya2V0cGxhY2UsIGFuZCBhbHNvIGhhdmluZyB3b3JrZWQgZm9y IHNldmVyYWwgeWVhcnMgb24gSW50ZWwncyBYU2NhbGUgcHJvY2Vzc29ycyAoYW5kIGFtIHRodXMg ZmFtaWxpYXIgd2l0aCBUWiksIHRoZSBjdXJyZW50IE9UclAgZHJhZnQgYWRkcmVzc2VzIFRydXN0 IFpvbmUgY29uY2VybnMgd2l0aG91dCByZWFsbHkgY29uc2lkZXJpbmcgb3RoZXIgVEVFcy4gVGhp cyBpcyBteSAgcGVyY2VwdGlvbiwgb2YgY291cnNlLg0KDQpJdCBpcyBhbHNvIG15IG9waW5pb24g dGhhdCBhbiBJRVRGIHByb3RvY29sIHNob3VsZCBkbyBtb3JlIHRoYW4gYWRkcmVzcyBpbXBsZW1l bnRhdGlvbiBzcGVjaWZpYyBjb25jZXJucy4NCkkgYW0gbW90aXZhdGVkIHRvIHdvcmsgam9pbnRs eSBvbiBkZXZlbG9waW5nIE9UclAgdG8gYWRkcmVzcyBhIHdpZGVyIHNldCBvZiBjb25jZXJucyBj b21tb24gdG8gVEVFcyBhbmQgdGhlaXIgZW52aXJvbm1lbnRzLCB3aXRoIHRoZSBwdXJwb3NlIG9m IGV4cGFuZGluZyB0aGUgIGVhc2Ugd2l0aCB3aGljaCB0aGUgbWFya2V0cGxhY2UgY2FuIHV0aWxp emUgVEVFIG1lY2hhbmlzbXMuDQoNClBhcnQgb2YgdGhpcyBkZXZlbG9wbWVudCBvZiBPVHJQIChm cm9tIG15IHBlcnNwZWN0aXZlKSBpcyBiZWluZyBsZXNzIG5vcm1hdGl2ZSBhYm91dCB0aGUgZXhh Y3QgbG9jYXRpb24gYW5kIGluc3RhbnRpYXRpb24gb2YgY2VydGFpbiBwYXJ0aWVzIChwYXJ0aWN1 bGFybHkgdGhlICBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUgb3BlcmF0aW9ucyBhbmQgYWN0 aXZpdGllcyBhdCBwYXJ0aWN1bGFyICJzZXJ2aWNlIGFjY2VzcyBwb2ludHMiIG9mIHRoZSBwcm90 b2NvbC4gTXkgcG9pbnQgaGVyZSBpcyB0aGF0IE9UclAgaW4gaXRzIGN1cnJlbnQgcmVuZGl0aW9u IGlzIDxlbXBoYXNpcz4gdG9vIDwvZW1waGFzaXM+IGltcGxlbWVudGF0aW9uIHNwZWNpZmljIGFu ZCB0b28gbm9ybWF0aXZlIGluIGl0cyBkZXNjcmlwdGlvbiBvZiB0aGUgIG1hcmtldHBsYWNlLiBJ IGJlbGlldmUgdGhpcyBpcyBmaW5lIGFzIGFuIGV4YW1wbGUsIGJ1dCBub3QgYXMgcGFydCBvZiB0 aGUgcHJvdG9jb2wuDQoNCkkgYmVsaWV2ZSBJRVRGIGlzIGV4YWN0bHkgdGhlIHBsYWNlIHRvIGhh dmUgdGhpcyBjb252ZXJzYXRpb24gYW5kIGRlZmluZSBhIHZlcnkgb3BlbiBhbmQgaW5jbHVzaXZl IHByb3RvY29sLiBJIHJlYWxpemUgdGhhdCB0YWtlcyBzb21lIHRpbWUuIEkgbG9vayBmb3J3YXJk ICB0byBoYXZpbmcgdGhpcyBjb252ZXJzYXRpb24gaW4gbW9yZSBkZXRhaWwuDQoNClRoYW5rcywN CkRhdmUgV2hlZWxlcg0KDQoNCg0KRnJvbTogVEVFUCBbbWFpbHRvOnRlZXAtYm91bmNlc0BpZXRm Lm9yZ10gT24gQmVoYWxmIE9mIEplcmVteSBPJ0Rvbm9naHVlDQpTZW50OiBUdWVzZGF5LCBBcHJp bCA0LCAyMDE3IDc6MTMgQU0NClRvOiBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtpLmZpPG1haWx0 bzpraXZpbmVuQGlraS5maT4+DQpDYzogSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2Zl bmlnQGFybS5jb208bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+PjsgdGVlcCA8dGVl cEBpZXRmLm9yZzxtYWlsdG86dGVlcEBpZXRmLm9yZz4+DQpTdWJqZWN0OiBSZTogW1RlZXBdIE15 IEJvRiBpbXByZXNzaW9uDQoNCg0KDQoNCk9uIDQgQXByIDIwMTcsIGF0IDEyOjIxLCBUZXJvIEtp dmluZW4gPGtpdmluZW5AaWtpLmZpPG1haWx0bzpraXZpbmVuQGlraS5maT4+IHdyb3RlOg0KDQoN Cg0KTXkgZmVlbGluZyB0aGF0IHRoZSBtYWluIHF1ZXN0aW9uIHdoYXQgcGVvcGxlIGRpZCBub3Qg dW5kZXJzdGFuZCB3YXM6DQoNCldoYXQgaXMgdGhlIHJlYWwgZGlmZmVyZW5jZSBiZXR3ZWVuIFRF RVAgYW5kIGp1c3Qgbm9ybWFsIGFwcGxpY2F0aW9uIGRvd25sb2FkLiBJLmUuLCB3aHkgc2VwYXJh dGUgcHJvdG9jb2wgaXMgbmVlZGVkLg0KSG93IGlzIHRoaXMgZGlmZmVyZW50IGZyb20ganVzdCBo YXZpbmcgcGVyaGFwcyBlbmNyeXB0ZWQgc2lnbmVkIGFwcGxpY2F0aW9uIGJsb2IgZnJvbSB0aGUg bWFya2V0cGxhY2UgYW5kIGluc3RhbGxpbmcgdGhhdC4NCg0KQXQgbGVhc3QgdGhhdCB3YXMgbXkg bWFpbiBxdWVzdGlvbiB3aGVuIHdlIGRpc2N1c3NlZCB0aGlzIGJlZm9yZSB0aGUgQm9GLg0KDQpP ZiBjb3Vyc2UgaXQgZG9lcyBub3QgaGVscCwgdGhhdCB3aGVuIHlvdSBhc2sgdGhhdCBxdWVzdGlv biBmcm9tIGRpZmZlcmVudCBwZW9wbGUgeW91IGdldCBkaWZmZXJlbnQgYW5zd2VyLCBhcyB0aGUg aWRlYSBvZiB3aGF0IFRFRVAgaXMgZGlmZmVyZW50IGZvciBkaWZmZXJlbnQgcGVvcGxlLg0KDQoN Cg0KSSB0aGluayB0aGVyZSBpcyBhIGRlZ3JlZSBvZiB0YWxraW5nIGF0IGNyb3NzLXB1cnBvc2Vz Lg0KDQoNCg0KVGhlcmUgaXMgb25lIGdyb3VwIC0gZXNzZW50aWFsbHkgdGhvc2Ugc3BvbnNvcmlu ZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBncm91cCAtIHdoaWNoIGhhcyBhIHZlcnkgY2xlYXIgdW5k ZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdvdWxkIGxpa2UgVEVFUCB0byBiZSwgd2hpY2ggaXMgZXNz ZW50aWFsbHkgdGhyZWUgdGhpbmdzOg0KDQoNCg0KQSBtZWNoYW5pc20gZm9yIG1hbmFnaW5nIFRy dXN0ZWQgQXBwbGljYXRpb25zIGFuZCB0aGVpciBhc3NvY2lhdGVkIHNlY3JldHMgYW5kIGtleSBt YXRlcmlhbCBpbiBhIEdsb2JhbFBsYXRmb3JtIFRFRSBvciBzb21ldGhpbmcgdGhhdCBpcyBjb25j ZXB0dWFsbHkgdmVyeSBzaW1pbGFyLg0KQSBtZWNoYW5pc20gZm9yIGVzdGFibGlzaGluZyBhIGNo YWluIG9mIHRydXN0IHJvb3RlZCBpbiBmaXJtd2FyZSBhbmQgY292ZXJpbmcgdGhlIFRFRSBhbmQg cG9zc2libHkgb3RoZXIgc3lzdGVtIGNvbXBvbmVudHMgdXAgdG8gYW5kIGluY2x1ZGluZyB0aGUg ZXhlY3V0aW5nIFRhc2sgaW4gYSBTZWN1cml0eSBEb21haW4uDQpBIG1lY2hhbmlzbSAtIHRhcmdl dGVkIGF0IHBob25lIGFuZCB0YWJsZXQgdHlwZSBkZXZpY2VzIC0gd2hpY2ggb3BlcmF0ZXMgaW5k ZXBlbmRlbnRseSBvZiB0aGUgIkFwcCBTdG9yZSIgbWVjaGFuaXNtLCBhbmQgaXMgYmFzZWQgb24g YSBQS0kgaW5mcmFzdHJ1Y3R1cmUgYWxsb3dpbmcgU2VydmljZSBQcm92aWRlcnMgdG8gbWFuYWdl IHRoZSBUcnVzdGVkIEFwcGxpY2F0aW9ucyB0aGV5IGNvbnRyb2wgIHdpdGhvdXQgdGhlIG5lZWQg Zm9yIHVzZXIgaW50ZXJ2ZW50aW9uLg0KDQoNCg0KVGhlIGRyYWZ0IHNwZWNpZmljYXRpb24gdmVy eSBjbGVhcmx5IGFkZHJlc3NlcyBzdWNoIGEgc3lzdGVtLiBVbmRlcnN0YW5kaW5nIGl0IGZ1bGx5 IHJlcXVpcmVzIGNvbnNpZGVyYWJsZSBmYW1pbGlhcml0eSB3aXRoIHRoZSBHbG9iYWxQbGF0Zm9y bSBURUUgc3BlY2lmaWNhdGlvbnMsIHNpbmNlIG11Y2ggb2YgdGhlIHRlcm1pbm9sb2d5IGFuZCBh cmNoaXRlY3R1cmFsIGFzc3VtcHRpb25zIGFyZSBkZXJpdmVkIGZyb20gIHRoZXNlLg0KDQoNCg0K VGhlcmUgaXMgYSBzZWNvbmQgZ3JvdXAgd2hpY2ggaXMgc3RhcnRpbmcgZnJvbSBhIG1vcmUgYWJz dHJhY3QgcG9zaXRpb24gb2Ygd2hhdCBhIFRFRSBzaG91bGQgbG9vayBsaWtlIGFuZCB3aGF0IHNl Y3VyaXR5IHNlcnZpY2VzIGl0IG1pZ2h0IHRoZW4gcHJvdmlkZSB0byBhIHN5c3RlbSBhbmQgaG93 IHRoZSBjb250cm9sIG9mIHRoZXNlIGNvdWxkIGJlIHN0cnVjdHVyZWQuIFRoaXMgaXMgYSBjb21w bGV0ZWx5IGRpZmZlcmVudCAgcHJvYmxlbSwgYW5kIGxpa2VseSBhIG11Y2ggYnJvYWRlciBvbmUg d2hpY2ggaXMgZGlmZmljdWx0IHRvIGVuY2Fwc3VsYXRlIGluIGEgc21hbGwgc2NvcGUuDQoNCg0K DQoNClRyeWluZyB0byBtYWtlIHRoZSBhcmNoaXRlY3R1cmUgdG9vIGdlbmVyaWMgYWxzbyBjb25m dXNlcyB0aGluZ3MuIEl0IG1pZ2h0IGJlIGJldHRlciB0byBoYXZlIG1vcmUgY29uY3JldGUgZXhh bXBsZSB3aXRoIG1vcmUgbGltaXRlZCBzY29wZSwgdGhhdCB3b3VsZCBleHBsYWluIHRoaW5ncyB3 aGF0IFRFRVAgc2hvdWxkIHByb3ZpZGUuDQoNCkZvciBleGFtcGxlOg0KDQoxKSBURUVQIHByb3Zp ZGVzIGEgd2F5IHRvIGluc3RhbGwgc29mdHdhcmUgZnJvbSB0aGUgU2VjdXJlIHRydXN0ZWQgYXBw bGljYXRpb24gbWFya2V0cGxhY2UgdG8gdGhlIFRFRSBydW5uaW5nIGluc2lkZSBkZXZpY2UuDQoN CjIpIFRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWF0aW9uIG1hcmtldHBsYWNlIG5lZWRzIHRvIGJl IGFibGUgdG8gdmVyaWZ5IHRoYXQgdGhlIFRFRSB3YW50aW5nIHRvIGluc3RhbGwgYW4gYXBwbGlj YXRpb24gaXMgYWN0dWFsIFRFRSwgYW5kIG5vdCBzb21lIGZha2UgZGV2aWNlLCBmb3IgZXhhbXBs ZSB1c2luZyBzaWduYXR1cmUgZnJvbSB0aGUga2V5IGluc3RhbGxlZCBieSB0aGUgbWFudWZhY3R1 cmVyIHdoaWNoIGlzIHVzZWQgdG8gc2lnbiB0aGUgaW5zdGFsbGF0aW9uIHJlcXVlc3QuDQoNCjMp IFRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFjZSBjYW4gdGhlbiBlbmNy eXB0IHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHdpdGggVEVFIHNwZWNpZmljIGtleSwgc28gdGhh dCBub2JvZHkgZWxzZSB0aGFuIFRFRSBjYW4gZGVjcnlwdCBhbmQgaW5zdGFsbCBpdC4gVGhpcyB3 aWxsIHByZXZlbnQgbGVha2luZyBvdXQgY29uZmlkZW50aWFsIG1hdGVyaWFsIGluc2lkZSB0aGUg YXBwbGljYXRpb24uDQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwgcGFja2FnZSBtaWdodCBh bHNvIGJlIHBlcnNvbmFsaXplZCBmb3IgdGhlIHNwZWNpZmljIFRFRS4gU2VjdXJlIHRydXN0ZWQg YXBwbGljYXRpb24gbWFya2V0cGxhY2Ugd2lsbCBhbHNvIHNpZ24gdGhlIHRydXN0ZWQgYXBwbGlj YXRpb24gaW5zdGFsbCBwYWNrYWdlLCBzbyBURUUgY2FuIHZlcmlmeSBpdCBpcyBhdXRoZW50aWMu DQoNCjQpIFRFRSB3aWxsIHZlcmlmeSB0aGUgc2lnbmF0dXJlIG9mIHRoZSB0cnVzdGVkIGFwcGxp Y2F0aW9uIGluc3RhbGwgcGFja2FnZSwgYW5kIGNoZWNrIHRoYXQgc2lnbmVyIGlzIHRydXN0ZWQs IGFuZCB0aGVuIGl0IHdpbGwgZGVjcnlwdCB0aGUgcGFja2FnZSwgYW5kIGluc3RhbGwgaXQuDQoN CjUpIFRoZSBhcHBsaWNhdGlvbiBydW5uaW5nIG9uIHRoZSBSRUUgc2lkZSBtaWdodCBuZWVkIHRv IHZlcmlmeSB0aGF0IHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIHBhcnQgb2YgaXQgaGFzIGJlZW4g cHJvcGVybHkgaW5zdGFsbGVkIHRvIHJlYWwgVEVFLCBzbyBpdCBjYW4gdHJ1c3QgaXQgZG9pbmcg aXRzIGpvYi4gSSBhbSBub3Qgc3VyZSBpZiB0aGlzIHdpbGwgYmUgcGFydCBvZiB0aGUgVEVFUCBv ciBub3QuLi4NCg0KSXMgbXkgdW5kZXJzdGFuZGluZyBvZiBURUVQIGNvcnJlY3Q/IEkgZG8gbm90 IGtub3csIGFuZCBJIGFzc3VtZSBvdGhlciBwZW9wbGUgaGF2ZSBkaWZmZXJlbnQgaWRlYXMgd2hh dCBzaG91bGQgb3Igc2hvdWxkIG5vdCBiZSBwYXJ0IG9mIGl0Lg0KDQoNCg0KSSB0aGluayB0aGlz IGlzIGEgcHJldHR5IGdvb2QgZXhwbGFuYXRpb24gb2Ygd2hhdCB0aGUgZmlyc3QgZ3JvdXAgd291 bGQgbGlrZSB0byBzZWUuDQoNCg0KQmVzdCByZWdhcmRzDQoNCkplcmVteQ0KDQoNCg0K --_000_VI1PR06MB32158562AC6F19FE0CFC3C65FF1B0VI1PR06MB3215eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5bGUxNw0K CXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10 eXBlOnBlcnNvbmFsLWNvbXBvc2U7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpl eHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtz aXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0 O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNw aWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBk YXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0K PGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFz cz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxhIG5hbWU9Il9NYWlsRW5k Q29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3Vh Z2U6RU4tVVMiPkl0IHNlZW1zIHdlIGFyZSBhbHNvIGluIGFncmVlbWVudC4gSSB0b28gd3JvdGUg dGhhdCBJIHRoaW5rIEdQIGRlZmluaXRpb24gaXMgYSBnb29kIHN0YXJ0aW5nIHBvaW50IGZvciB0 aGlzDQogaW4gbXkgcHJldmlvdXMgcG9zdC48bzpwPjwvbzpwPjwvc3Bhbj48L2E+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVh c3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxh bmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFn ZTpFTi1VUyI+TXkgc3VnZ2VzdGlvbiBhcyBhIHdheSB0byBzdGFydCB0byBhbGlnbiB0aGUgZ3Jv dXBzIHdvdWxkIGJlIGZvciB1cyB0byBzdGF0ZSBob3cgdGhlIEdQIGRlZmluaXRpb24gbWFwcyBv bnRvIHRoZSBkaWZmZXJlbnQgY29uY3JldGUNCiByZWFsaXphdGlvbnMgb2YgVEVFLiBZb3XigJl2 ZSBiZWd1biB0aGF0IHByb2Nlc3MgYmVsb3cgZm9yIHRoZSBoeXBlcnZpc29yIGVudmlyb25tZW50 IEkgbWVudGlvbmVkIGFuZCB3ZSBzaG91bGQgY29tcGxldGUgdGhhdC4gSWYgd2UgdGhlbiBmaW5k IHRocm91Z2ggdGhpcyBwcm9jZXNzIHRoYXQgd2UgY2Fubm90IG1ha2UgdGhlIG1hcHBpbmcgZm9y IGFuIGVudmlyb25tZW50IHdlIGNhbiByZWxvb2sgYXQgdGhlIGRlZmluaXRpb24uIEFzIGEgc3Rh cnRlcg0KIEkgc3VnZ2VzdCB3ZSBuZWVkIHRvIGNvdmVyIFRydXN0em9uZSwgaGFyZHdhcmUgYmFj a2VkIGh5cGVydmlzb3IsIFNHWC4gQW55IG90aGVycz88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RDttc28tZmFy ZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPlRoaXMgc2hvdWxkIHRlYXNlIG91dCB3aGljaCBzcGVjaWZpYyBhc3Bl Y3RzIG9mIHRoZSBHUCBkZWZpbml0aW9uIGFyZSBub3QgZ2VuZXJpYyBlbm91Z2gsICoqIGlmIGFu eSAqKiwgYW5kIEkgaG9wZSB0aGF0IHRoZW4gcHJvdmlkZXMNCiBhIGJhc2VsaW5lIGZvciBhbGwg dG8gc2VlIGhvdyBPVHJQIGlzIHJlbGV2YW50IHRvIGEgcGFydGljdWxhciBjb25maWd1cmF0aW9u IG9yIGFyY2hpdGVjdHVyZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RDttc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0Q7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMi PlRob3VnaHRzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMTMxQjREIj5OaWNrIENvb2s8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjojMUY0OTdEO21zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj4NCjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6 c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFu PjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gSmVyZW15IE8nRG9ub2dodWUgW21h aWx0bzpqb2Rvbm9naEBxdGkucXVhbGNvbW0uY29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+IDIwIEFw cmlsIDIwMTcgMTE6MDE8YnI+DQo8Yj5Ubzo8L2I+IE5pY2sgQ29vayAmbHQ7Tmljay5Db29rQGlu dGVyY2VkZS5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBCcmlhbiBXaXR0ZW4gJmx0O2JyaWFuX3dp dHRlbkBzeW1hbnRlYy5jb20mZ3Q7OyBXaGVlbGVyLCBEYXZpZCBNICZsdDtkYXZpZC5tLndoZWVs ZXJAaW50ZWwuY29tJmd0OzsgVGVybyBLaXZpbmVuICZsdDtraXZpbmVuQGlraS5maSZndDs7IEhh bm5lcyBUc2Nob2ZlbmlnICZsdDtIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tJmd0OzsgdGVlcCAm bHQ7dGVlcEBpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtUZWVwXSBbRVhU XSBSZTogTXkgQm9GIGltcHJlc3Npb248bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5UaGUgR1AgZGVmaW5pdGlvbiBvZiBhIFRFRVsxXSBpcyBub3QgdGllZCB0 byBUcnVzdHpvbmUgaW4gYW55IHdheSwgYW5kIEkgc2VlIG5vdGhpbmcgdG8gc3VnZ2VzdCB0aGF0 IGl0IHByZWNsdWRlcyB0aGUgdHlwZSBvZiBoeXBlcnZpc29yLWJhc2VkIGVudmlyb25tZW50IHlv dSBkZXNjcmliZS4NCjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+V2hhdCBHbG9iYWxQbGF0Zm9ybSBzYXlzIChbMV0sIFNlY3Rpb24gMi4yLjEpLCBpczo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij5UaGUgcHJpbWFyeSBw dXJwb3NlIG9mIGEgVEVFIGlzIHRvIHByb3RlY3QgaXRzIGFzc2V0cyBmcm9tIHRoZSBSRUU8L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPmFuZCBvdGhl ciBlbnZpcm9ubWVudHMuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIg TmV3JnF1b3Q7Ij4tIFRoaXMgaXMgYWNoaWV2ZWQgdGhyb3VnaCBoYXJkd2FyZSBtZWNoYW5pc21z IHRoYXQgdGhvc2Ugb3RoZXI8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmll ciBOZXcmcXVvdDsiPiZuYnNwOyBlbnZpcm9ubWVudHMgY2Fubm90IGNvbnRyb2wuJm5ic3A7PC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPlRoaXMg cHJvdGVjdGlvbiBhbHdheXMgaW5jbHVkZXMgcHJvdGVjdGlvbiBhZ2FpbnN0IG90aGVyIGV4ZWN1 dGlvbjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+ ZW52aXJvbm1lbnRzLiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3Vy aWVyIE5ldyZxdW90OyI+W+KApl08L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDsiPlRoZSBURUUgaXMgaW5zdGFudGlhdGVkIHRocm91Z2ggYSBzZWN1cmUg Ym9vdCBwcm9jZXNzIHVzaW5nIGFzc2V0czwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVv dDtDb3VyaWVyIE5ldyZxdW90OyI+Ym91bmQgdG8gdGhlIFNvQyBvciB0aGUgT2ZmLVNvQyBTZWN1 cml0eSBQcm9jZXNzb3IgYW5kIGlzb2xhdGVkPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZx dW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij5mcm9tIHRoZSBSRUUuPC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4tIFRoZSBpbnRlZ3JpdHkgYW5kIGF1dGhl bnRpY2l0eSBnYWluZWQgdGhyb3VnaCBzZWN1cmUgYm9vdDombmJzcDs8L3NwYW4+PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNwOyAtIEV4dGVuZHMgdGhy b3VnaG91dCB0aGUgbGlmZXRpbWUgb2YgdGhlIFRFRS4mbmJzcDs8L3NwYW4+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNwOyAtIElzIHJldGFpbmVkIHRo cm91Z2ggYW55IHN0YXRlIHRyYW5zaXRpb25zIGluIHRoZSBzeXN0ZW0gc3VjaDwvc3Bhbj48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7ICZuYnNwOyBh cyBwb3dlciB0cmFuc2l0aW9ucyBvciBjb3JlIG1pZ3JhdGlvbi48L3NwYW4+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkl0IGZ1cnRoZXIgZGVm aW5lcyB0aGUgdHJhbnNpdGlvbiBmcm9tIHRoZSBub24tc2VjdXJlIHRvIHNlY3VyZSB3b3JsZCBp biBhIGZhaXJseSBhYnN0cmFjdCBtYW5uZXIgd2hpY2ggY292ZXJzIHRoZSBoeXBlcnZpc29yIHVz ZSBjYXNlIHN1ZmZpY2llbnRseSwgSSB0aGluayAoWzFdLCBTZWN0aW9uIDIuMi4zKTo8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+VGhlIG9ubHkg d2F5IGZvciB0aGUgUkVFIHRvIGdldCBhY2Nlc3MgdG8gdHJ1c3RlZCByZXNvdXJjZXMgaXMgdmlh PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij5hbnkg QVBJIGVudHJ5IHBvaW50cyBvciBzZXJ2aWNlcyBleHBvc2VkIGJ5IHRoZSBURUUgYW5kIGFjY2Vz c2VkPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij50 aHJvdWdoLCBmb3IgZXhhbXBsZSwgdGhlIFRFRSBDbGllbnQgQVBJLiBUaGlzIGRvZXMgbm90IHBy ZWNsdWRlPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7 Ij50aGUgY2FwYWJpbGl0eSBvZiB0aGUgUkVFIHBhc3NpbmcgYnVmZmVycyB0byB0aGUgVEVFIChh bmQgdmljZSB2ZXJzYSk8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBO ZXcmcXVvdDsiPmluIGEgY29udHJvbGxlZCBhbmQgcHJvdGVjdGVkIG1hbm5lci4mbmJzcDs8L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+SW4gc2hvcnQsIEkgYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZSBHUCBkZWZpbml0 aW9uIG9mIGEgVEVFIGlzIGEgcmVhc29uYWJsZSBzdGFydGluZyBwb2ludCBmb3IgZGlzY3Vzc2lv biwgYnV0IEkgc3Ryb25nbHkgc3VwcG9ydCBJRVRGIGV4cGxvcmluZyBvdGhlciB1c2UgY2FzZXMg YW5kIHN5c3RlbSBhcmNoaXRlY3R1cmVzIHRoYXQgR1AgaGFzIG5vdCBhZGRyZXNzZWQgLSBpdCBz ZWVtcyB0byBtZSB0aGF0IHRoaXMNCiBpcyB3aGVyZSB0aGUgZ3JlYXRlc3QgdmFsdWUgd291bGQg YmUgZ2VuZXJhdGVkIGZvciB0aGUgZWNvc3lzdGVtLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGFtIGNvbmNlcm5lZCB0aGF0IGl0IHdpbGwg YmUgY2hhbGxlbmdpbmcgdG8gbW92ZSBmb3J3YXJkIGVmZmVjdGl2ZWx5IHdoZW4gbWFueSBwYXJ0 aWNpcGFudHMgYXJlIHVuZmFtaWxpYXIgd2l0aCB0aGUgR1Agc3RhbmRhcmRzLWJhc2Ugb24gd2hp Y2ggdGhlIGN1cnJlbnQgZHJhZnQgZHJhd3MgaGVhdmlseSB1bmxlc3Mgd2UgYXJlIGFibGUgdG8g dGFrZSBzdGVwcyB0byByZW1lZHkgdGhpcy4gQXJlIHRoZXJlDQogYW55IHN1Z2dlc3Rpb25zIGFz IHRvIGhvdyB0aGlzIGNvdWxkIGJlIG1hbmFnZWQ/IEluIHNob3J0LCBob3cgZG8gd2UgYWxpZ24g dGhlIHR3byBkaWZmZXJlbnQgZ3JvdXBzIGluIERlZXAgbW9yZSBjbG9zZWx5PzxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5CZXN0IHJlZ2FyZHM8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkplcmVt eTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5b MV0gR2xvYmFsUGxhdGZvcm0gVEVFIFN5c3RlbSBBcmNoaXRlY3R1cmUsIFZlcnNpb24gMS4xLCBK YW51YXJ5IDIwMTcuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10 b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+T24gMjAgQXByIDIwMTcsIGF0IDEwOjIwLCBOaWNrIENvb2sgJmx0OzxhIGhyZWY9Im1haWx0 bzpOaWNrLkNvb2tAaW50ZXJjZWRlLmNvbSI+Tmljay5Db29rQGludGVyY2VkZS5jb208L2E+Jmd0 OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+UGVyc29uYWxseSBzcGVha2luZywgT1RyUCBpcyBh Ym91dCBiZWluZyBhYmxlIHRvIGluc3RhbGwgc2VjdXJpdHkgYXBwbGljYXRpb25zIGludG8gYW4g ZW52aXJvbm1lbnQgdGhhdCBwcm92aWRlcyAmcXVvdDt0cnVzdGVkJnF1b3Q7IGhhcmR3YXJlIGJh Y2tlZCBpc29sYXRpb24gYmV0d2VlbiB0aGUgZGlmZmVyZW50IGFwcGxpY2F0aW9ucy4gT1RyUCBk b2VzIHRoYXQgYnkgZXN0YWJsaXNoaW5nDQogaXQgaXMgd29ya2luZyBhZ2FpbnN0IHRoZSByaWdo dCBkZXZpY2UgdHlwZSBhbmQgcmlnaHQgaXNvbGF0aW9uIGVudmlyb25tZW50IHR5cGUgYW5kIHRo ZW4gcHJvY2VlZHMgdG8gaW5zdGFsbCB0aGUgYXBwbGljYXRpb24gaW4gYSB3YXkgdGhhdCBwcm92 aWRlcyBwcm90ZWN0aW9uIGZvciBjb25maWRlbnRpYWxpdHkgYW5kIGludGVncml0eS4gVGhlIHRl cm0gVEVFIGlzIHByb2JhYmx5IHRvbyBvZnRlbiBhc3NvY2lhdGVkIHdpdGggYSBzcGVjaWZpYw0K IGZvcm11bGF0aW9uIG9mIGFuIGlzb2xhdGlvbiBlbnZpcm9ubWVudCBhbmQgdGhlcmVmb3JlIHRo aXMgaXMgcGVyaGFwcyB0aGUgZmlyc3QgdGhpbmcgd2Ugc2hvdWxkIG1vdmUgZm9yd2FyZC48YnI+ DQo8YnI+DQpBcyBhbiBleGFtcGxlLCBJJ3ZlIGJlZW4gd29ya2luZyBvbiBhIGhhcmR3YXJlIGJh Y2tlZCBoeXBlcnZpc29yIGVudmlyb25tZW50IHRoYXQgdXNlcyBPVHJQIGZvciB0aGUgaW5zdGFs bGF0aW9uIG9mIHRoZSBkaWZmZXJlbnQgY29udGFpbmVycy9kb21haW5zIGFuZCB0aGUgdmlydHVh bCBtYWNoaW5lIGNvbnRlbnRzIHRoYXQgZ29lcyBpbiB0aGVtLiBUaGUgdHJ1c3QgY2hhaW4gZnJv bSBPVHJQIGlzIG1ldCBhbmQgdGhlIGlzb2xhdGlvbiBvZiBhcHBsaWNhdGlvbnMNCiBhbmQga2V5 IG1hdGVyaWFsIHRvIHRob3NlIGFwcGxpY2F0aW9ucyBpcyBhbHNvIHByb3ZpZGVkLjxicj4NCjxi cj4NCkJhc2VkIG9uIHRoYXQgd29yayBhbmQgdGhpbmtpbmcgc3BlY2lmaWNhbGx5IHRvIG15IG9y aWdpbmFsIGdvYWxzIGZvciBPVHJQIHdoZW4gd2Ugc3RhcnRlZCB0aGlzIHdvcmsgYSBmZXcgeWVh cnMgYmFjaywgSSB3b3VsZCBsaWtlIHRvIHN1cHBvcnQgRGF2ZSBXaGVlbGVyJ3MgY29tbWVudCBv biBuZWVkaW5nIHRvIGZvcm11bGF0ZSBhIG1vcmUgYWJzdHJhY3QgZGVmaW5pdGlvbiBmb3IgVEVF LiBJIGFsc28gYWdyZWUgd2l0aCBCcmlhbiB0aGF0IHRoZQ0KIEdQIGRlZmluaXRpb24gZG9lc24n dCBuZWVkIHRvIGJlIGFiYW5kb25lZCB0byBkbyB0aGF0IC0gSSBiZWxpZXZlLCBleHByZXNzZWQg aW4gdGhlIHJpZ2h0IHdheSwgdGhlIEdQIGRlZmluaXRpb24gb2YgYSBURUUgY292ZXJzIHRoZSBo YXJkd2FyZSBoeXBlcnZpc29yIGNhc2UgSSBkZXNjcmliZWQgZWFybGllciBpbiB0aGUgZW1haWwg YWxzbyBhbmQgSSdtIHN1cmUgaXQgY2FuIGNvdmVyIHRoZSBvdGhlciBlbnZpcm9ubWVudHMgdG9v Ljxicj4NCjxicj4NCjxicj4NCkkgZG8gaG93ZXZlciB0aGluayBpdCBpcyBpbXBvcnRhbnQgdGhh dCB3ZSByZXN0cmljdCB0byBpc29sYXRpb24gZW52aXJvbm1lbnRzIHRoYXQgYXJlIGhhcmR3YXJl IGJhY2tlZCBhcyB0aGlzIGlzIGZ1bmRhbWVudGFsIHRvIHRoZSB0cnVzdCBtb2RlbC48YnI+DQo8 YnI+DQpJIGFsc28gc3VwcG9ydCBEYXZlJ3Mgc3VnZ2VzdGlvbiB0aGF0IHdlIGNhbiBiZSBsZXNz IG5vcm1hdGl2ZSBvbiBleGFjdCBsb2NhdGlvbnMgb2YgdGhlIGZ1bmN0aW9uYWwgYmxvY2tzIG9m IE9UclAuIEkgd291bGQgbGlrZSB0byBoYXZlIGEgY29tcGFuaW9uIGRvY3VtZW50IHRoYXQgZG9l cyBwcm92aWRlIGV4YW1wbGUgZGVwbG95bWVudHMgYnV0IHRoZSBjb3JlIHByb3RvY29sIGl0c2Vs ZiBkb2VzIG5vdCBuZWVkIHRvIGJlIGxvY2tlZCBkb3duDQogdG8gYSBzcGVjaWZpYyBkZXBsb3lt ZW50IGFwcHJvYWNoLjxicj4NCjxicj4NCjxicj4NCjxicj4NCk5pY2sgQ29vazxicj4NCi0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyPg0KRnJvbTogQnJpYW4gV2l0dGVuIFs8YSBocmVmPSJt YWlsdG86YnJpYW5fd2l0dGVuQHN5bWFudGVjLmNvbSI+bWFpbHRvOmJyaWFuX3dpdHRlbkBzeW1h bnRlYy5jb208L2E+XQ0KPGJyPg0KU2VudDogMDUgQXByaWwgMjAxNyAxODowMjxicj4NClRvOiBX aGVlbGVyLCBEYXZpZCBNICZsdDs8YSBocmVmPSJtYWlsdG86ZGF2aWQubS53aGVlbGVyQGludGVs LmNvbSI+ZGF2aWQubS53aGVlbGVyQGludGVsLmNvbTwvYT4mZ3Q7OyAnSmVyZW15IE8nRG9ub2do dWUnICZsdDs8YSBocmVmPSJtYWlsdG86am9kb25vZ2hAcXRpLnF1YWxjb21tLmNvbSI+am9kb25v Z2hAcXRpLnF1YWxjb21tLmNvbTwvYT4mZ3Q7OyBUZXJvIEtpdmluZW4gJmx0OzxhIGhyZWY9Im1h aWx0bzpraXZpbmVuQGlraS5maSI+a2l2aW5lbkBpa2kuZmk8L2E+Jmd0Ozxicj4NCkNjOiBIYW5u ZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j b20iPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208L2E+Jmd0OzsgdGVlcCAmbHQ7PGEgaHJlZj0i bWFpbHRvOnRlZXBAaWV0Zi5vcmciPnRlZXBAaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NClN1YmplY3Q6 IFJlOiBbVGVlcF0gW0VYVF0gUmU6IE15IEJvRiBpbXByZXNzaW9uPGJyPg0KPGJyPg0KVGhhbmsg WW91IERhdmUhICZuYnNwO0knZCBsaWtlIHRvIGVjaG8gJmFtcDsgYWdyZWUgd2l0aCBtYW55Jm5i c3A7b2YgeW91ciBwb2ludHMsIGJ1dCBhc2sgZm9yIGEgY2xhcmlmaWNhdGlvbiBvbiBvbmUgYXNw ZWN0LiAmbmJzcDsmcXVvdDtGaXJzdCwgSSAoYmVsaWV2ZSkgdGhpcyBpcyBleGFjdGx5IHRoZSB0 eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBmb3Iga2lja2luZyB0 aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5LiZxdW90OyAmbmJzcDtXZWxsIFNhaWQsIFRoYW5rIFlvdSBC b3RoIQ0KICZuYnNwOyZxdW90O0kgYW0gbW90aXZhdGVkIHRvIHdvcmsgam9pbnRseSBvbiBkZXZl bG9waW5nIE9UclAgdG8gYWRkcmVzcyBhIHdpZGVyIHNldCBvZiBjb25jZXJucyBjb21tb24gdG8g VEVFcyBhbmQgdGhlaXIgZW52aXJvbm1lbnRzLCB3aXRoIHRoZSBwdXJwb3NlIG9mIGV4cGFuZGlu ZyB0aGUgZWFzZSB3aXRoIHdoaWNoIHRoZSBtYXJrZXRwbGFjZSBjYW4gdXRpbGl6ZSBURUUgbWVj aGFuaXNtcy4mcXVvdDsgQWdhaW4sIEknbSBtb3RpdmF0ZWQgYnkgdGhlIHNhbWUgcHVycG9zZS4N CiAmbmJzcDsmcXVvdDtQYXJ0IG9mIHRoaXMgZGV2ZWxvcG1lbnQgb2YgT1RyUCAoZnJvbSBteSBw ZXJzcGVjdGl2ZSkgaXMgYmVpbmcgbGVzcyBub3JtYXRpdmUgYWJvdXQgdGhlIGV4YWN0IGxvY2F0 aW9uIGFuZCBpbnN0YW50aWF0aW9uIG9mIGNlcnRhaW4gcGFydGllcyAocGFydGljdWxhcmx5IHRo ZSBUU00pIGFuZCBiZSBzcGVjaWZpYyBvbiB0aGUgb3BlcmF0aW9ucyBhbmQgYWN0aXZpdGllcyBh dCBwYXJ0aWN1bGFyICdzZXJ2aWNlIGFjY2VzcyBwb2ludHMnIG9mDQogdGhlIHByb3RvY29sLiZx dW90OyAmbmJzcDtJIGJlbGlldmUgdGhhdCBpcyBhIGdyZWF0IHN1Z2dlc3Rpb24sIGFuZCBJJ20g ZnVsbHkgc3VwcG9ydGl2ZS4gJm5ic3A7U3RpbGwgbXkgY2xhcmlmeWluZyBxdWVzdGlvbiByZWxh dGVzIHRvIHRoZSZuYnNwO2Rlc2lyZSZuYnNwOyZxdW90O3RvIGRlZmluZSBhIG1vcmUgYWJzdHJh Y3QgZGVmaW5pdGlvbiBvZiBhIFRFRSwgYW5kIGRlc2lyaW5nIGEgcHJvdG9jb2wgdGhhdCBpcyBh cHBsaWNhYmxlIHRvIGEgd2lkZSBzZXQgb2YgVEVFcy4mcXVvdDsgJm5ic3A7SSdtIGVhZ2VyDQog dG8gc3VwcG9ydCBhIHdpZGUgc2V0IG9mIFRFRSwgaW5jbHVkaW5nIGJvdGggU0dYIGFuZCBUWiBi YXNlZCBURUUuICZuYnNwOyBNeSBxdWVzdGlvbiBpcywgJnF1b3Q7ZG8gd2UgbmVlZCB0byBhYmFu ZG9uIHRoZSBHbG9iYWwgUGxhdGZvcm0gKEdQKSZuYnNwO2RlZmluaXRpb24gb2YgYSBURUUgdG8g c3VwcG9ydCBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFPyZxdW90OyAmbmJzcDtJIGJlbGlldmUg dGhhdCB3ZSBkbyBOb3QgbmVlZCB0byBhYmFuZG9uIHRoZSBHUCBkZWZpbml0aW9uIG9mIGENCiBU RUUgdG8gc3VwcG9ydCBib3RoIFNHWCBhbmQgVFogYmFzZWQgVEVFLCBidXQgSSdkIGJlIGVhZ2Vy IHRvIGdldCB5b3VyIHZpZXcgaGVyZSBhcyB5b3UndmUgZnJhbWVkIHRoZSByZXN0IHNvIHZlcnkg d2VsbC4gJm5ic3A7TGFzdCwgZWl0aGVyIHdheSwmbmJzcDsmcXVvdDtJIGJlbGlldmUgSUVURiBp cyBleGFjdGx5IHRoZSBwbGFjZSB0byBoYXZlIHRoaXMgY29udmVyc2F0aW9uIGFuZCBkZWZpbmUg YSB2ZXJ5IG9wZW4gYW5kIGluY2x1c2l2ZSBwcm90b2NvbC4mcXVvdDsgJm5ic3A7QWdhaW4sDQog SSBhZ3JlZSBjb21wbGV0ZWx5LiAmbmJzcDs8YnI+DQo8YnI+DQpUaGFuayBZb3UgQWdhaW4hPGJy Pg0KQnJpYW48YnI+DQo8YnI+DQo8YnI+DQpGcm9tOiBURUVQICZsdDs8YSBocmVmPSJtYWlsdG86 dGVlcC1ib3VuY2VzQGlldGYub3JnIj50ZWVwLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBvbiBi ZWhhbGYgb2YgV2hlZWxlciwgRGF2aWQgTSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhdmlkLm0ud2hl ZWxlckBpbnRlbC5jb20iPmRhdmlkLm0ud2hlZWxlckBpbnRlbC5jb208L2E+Jmd0Ozxicj4NClNl bnQ6IFdlZG5lc2RheSwgQXByaWwgNSwgMjAxNyA5OjM0IEFNPGJyPg0KVG86ICdKZXJlbXkgTydE b25vZ2h1ZSc7IFRlcm8gS2l2aW5lbjxicj4NCkNjOiBIYW5uZXMgVHNjaG9mZW5pZzsgdGVlcDxi cj4NClN1YmplY3Q6IFtFWFRdIFJlOiBbVGVlcF0gTXkgQm9GIGltcHJlc3Npb248YnI+DQombmJz cDsgPGJyPg0KPGJyPg0KSSdtIGEgYml0IGJlaGluZCBvbiB0aGUgdGhyZWFkLCBidXQgd2FudCB0 byByZXNwb25kIHRvIEplcmVteSdzIG9yaWdpbmFsIGNvbW1lbnQuPGJyPg0KJm5ic3A7PGJyPg0K Rmlyc3QsIEkgdGhpcyBpcyBleGFjdGx5IHRoZSB0eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVk IHRvIGhhdmUuIFRoYW5rcyBmb3Iga2lja2luZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5Ljxicj4N CkkgYWdyZWUgd2l0aCB5b3VyIHBlcmNlcHRpb24gb2YgdGhlIHR3byBncm91cHMsIHRob3VnaCBJ IHRoaW5rIGl0IGlzIGltcG9ydGFudCB0byB1bmRlcnN0YW5kIHRoZSBtb3RpdmF0aW9ucyBpbiB0 aGUgc2Vjb25kIGdyb3VwLCBzaW5jZSB0aGV5IG1heSBiZSB2YXJpZWQuDQo8YnI+DQombmJzcDs8 YnI+DQpJIHdpbGwgcHV0IG15c2VsZiB2b2x1bnRhcmlseSBpbiB0aGUgc2Vjb25kIGJ1Y2tldC4g SSB3aWxsIHByZXNlbnQgbXkgcGVyc29uYWwgcGVyc3BlY3RpdmUsIHdoaWNoIG1heSBiZSBkaWZm ZXJlbnQgZnJvbSBvdGhlcnMgaW4gdGhlICZxdW90O3NlY29uZCBncm91cCZxdW90Oy48YnI+DQom bmJzcDs8YnI+DQpGb3IgbXlzZWxmLCBJIGFtIGxvb2tpbmcgdG8gZGVmaW5lIGEgbW9yZSBhYnN0 cmFjdCBkZWZpbml0aW9uIG9mIGEgVEVFLCBhbmQgZGVzaXJpbmcgYSBwcm90b2NvbCB0aGF0IGlz IGFwcGxpY2FibGUgdG8gYSB3aWRlIHNldCBvZiBURUVzLiBGcm9tIG15IHBlcnNwZWN0aXZlLCAm bmJzcDtsb29raW5nIGF0IFRFRXMgdGhhdCBJbnRlbCBoYXMgaW4gdGhlIG1hcmtldHBsYWNlLCBh bmQgYWxzbyBoYXZpbmcgd29ya2VkIGZvciBzZXZlcmFsIHllYXJzIG9uIEludGVsJ3MNCiBYU2Nh bGUgcHJvY2Vzc29ycyAoYW5kIGFtIHRodXMgZmFtaWxpYXIgd2l0aCBUWiksIHRoZSBjdXJyZW50 IE9UclAgZHJhZnQgYWRkcmVzc2VzIFRydXN0IFpvbmUgY29uY2VybnMgd2l0aG91dCByZWFsbHkg Y29uc2lkZXJpbmcgb3RoZXIgVEVFcy4gVGhpcyBpcyBteSAmbmJzcDtwZXJjZXB0aW9uLCBvZiBj b3Vyc2UuPGJyPg0KJm5ic3A7PGJyPg0KSXQgaXMgYWxzbyBteSBvcGluaW9uIHRoYXQgYW4gSUVU RiBwcm90b2NvbCBzaG91bGQgZG8gbW9yZSB0aGFuIGFkZHJlc3MgaW1wbGVtZW50YXRpb24gc3Bl Y2lmaWMgY29uY2VybnMuPGJyPg0KSSBhbSBtb3RpdmF0ZWQgdG8gd29yayBqb2ludGx5IG9uIGRl dmVsb3BpbmcgT1RyUCB0byBhZGRyZXNzIGEgd2lkZXIgc2V0IG9mIGNvbmNlcm5zIGNvbW1vbiB0 byBURUVzIGFuZCB0aGVpciBlbnZpcm9ubWVudHMsIHdpdGggdGhlIHB1cnBvc2Ugb2YgZXhwYW5k aW5nIHRoZSAmbmJzcDtlYXNlIHdpdGggd2hpY2ggdGhlIG1hcmtldHBsYWNlIGNhbiB1dGlsaXpl IFRFRSBtZWNoYW5pc21zLjxicj4NCiZuYnNwOzxicj4NClBhcnQgb2YgdGhpcyBkZXZlbG9wbWVu dCBvZiBPVHJQIChmcm9tIG15IHBlcnNwZWN0aXZlKSBpcyBiZWluZyBsZXNzIG5vcm1hdGl2ZSBh Ym91dCB0aGUgZXhhY3QgbG9jYXRpb24gYW5kIGluc3RhbnRpYXRpb24gb2YgY2VydGFpbiBwYXJ0 aWVzIChwYXJ0aWN1bGFybHkgdGhlICZuYnNwO1RTTSkgYW5kIGJlIHNwZWNpZmljIG9uIHRoZSBv cGVyYXRpb25zIGFuZCBhY3Rpdml0aWVzIGF0IHBhcnRpY3VsYXIgJnF1b3Q7c2VydmljZSBhY2Nl c3MgcG9pbnRzJnF1b3Q7IG9mIHRoZQ0KIHByb3RvY29sLiBNeSBwb2ludCBoZXJlIGlzIHRoYXQg T1RyUCBpbiBpdHMgY3VycmVudCByZW5kaXRpb24gaXMgJmx0O2VtcGhhc2lzJmd0OyB0b28gJmx0 Oy9lbXBoYXNpcyZndDsgaW1wbGVtZW50YXRpb24gc3BlY2lmaWMgYW5kIHRvbyBub3JtYXRpdmUg aW4gaXRzIGRlc2NyaXB0aW9uIG9mIHRoZSAmbmJzcDttYXJrZXRwbGFjZS4gSSBiZWxpZXZlIHRo aXMgaXMgZmluZSBhcyBhbiBleGFtcGxlLCBidXQgbm90IGFzIHBhcnQgb2YgdGhlIHByb3RvY29s Ljxicj4NCiZuYnNwOzxicj4NCkkgYmVsaWV2ZSBJRVRGIGlzIGV4YWN0bHkgdGhlIHBsYWNlIHRv IGhhdmUgdGhpcyBjb252ZXJzYXRpb24gYW5kIGRlZmluZSBhIHZlcnkgb3BlbiBhbmQgaW5jbHVz aXZlIHByb3RvY29sLiBJIHJlYWxpemUgdGhhdCB0YWtlcyBzb21lIHRpbWUuIEkgbG9vayBmb3J3 YXJkICZuYnNwO3RvIGhhdmluZyB0aGlzIGNvbnZlcnNhdGlvbiBpbiBtb3JlIGRldGFpbC48YnI+ DQombmJzcDs8YnI+DQpUaGFua3MsPGJyPg0KRGF2ZSBXaGVlbGVyPGJyPg0KJm5ic3A7PGJyPg0K PGJyPg0KPGJyPg0KRnJvbTogVEVFUCBbPGEgaHJlZj0ibWFpbHRvOnRlZXAtYm91bmNlc0BpZXRm Lm9yZyI+bWFpbHRvOnRlZXAtYm91bmNlc0BpZXRmLm9yZzwvYT5dIE9uIEJlaGFsZiBPZiBKZXJl bXkgTydEb25vZ2h1ZTxicj4NClNlbnQ6IFR1ZXNkYXksIEFwcmlsIDQsIDIwMTcgNzoxMyBBTTxi cj4NClRvOiBUZXJvIEtpdmluZW4gJmx0OzxhIGhyZWY9Im1haWx0bzpraXZpbmVuQGlraS5maSI+ a2l2aW5lbkBpa2kuZmk8L2E+Jmd0Ozxicj4NCkNjOiBIYW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEg aHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20iPkhhbm5lcy5Uc2Nob2Zlbmln QGFybS5jb208L2E+Jmd0OzsgdGVlcCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnRlZXBAaWV0Zi5vcmci PnRlZXBAaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NClN1YmplY3Q6IFJlOiBbVGVlcF0gTXkgQm9GIGlt cHJlc3Npb248YnI+DQombmJzcDsmbmJzcDs8YnI+DQombmJzcDs8YnI+DQo8YnI+DQo8YnI+DQpP biA0IEFwciAyMDE3LCBhdCAxMjoyMSwgVGVybyBLaXZpbmVuICZsdDs8YSBocmVmPSJtYWlsdG86 a2l2aW5lbkBpa2kuZmkiPmtpdmluZW5AaWtpLmZpPC9hPiZndDsgd3JvdGU6PGJyPg0KPGJyPg0K PGJyPg0KPGJyPg0KTXkgZmVlbGluZyB0aGF0IHRoZSBtYWluIHF1ZXN0aW9uIHdoYXQgcGVvcGxl IGRpZCBub3QgdW5kZXJzdGFuZCB3YXM6PGJyPg0KPGJyPg0KV2hhdCBpcyB0aGUgcmVhbCBkaWZm ZXJlbmNlIGJldHdlZW4gVEVFUCBhbmQganVzdCBub3JtYWwgYXBwbGljYXRpb24gZG93bmxvYWQu IEkuZS4sIHdoeSBzZXBhcmF0ZSBwcm90b2NvbCBpcyBuZWVkZWQuPGJyPg0KSG93IGlzIHRoaXMg ZGlmZmVyZW50IGZyb20ganVzdCBoYXZpbmcgcGVyaGFwcyBlbmNyeXB0ZWQgc2lnbmVkIGFwcGxp Y2F0aW9uIGJsb2IgZnJvbSB0aGUgbWFya2V0cGxhY2UgYW5kIGluc3RhbGxpbmcgdGhhdC48YnI+ DQo8YnI+DQpBdCBsZWFzdCB0aGF0IHdhcyBteSBtYWluIHF1ZXN0aW9uIHdoZW4gd2UgZGlzY3Vz c2VkIHRoaXMgYmVmb3JlIHRoZSBCb0YuPGJyPg0KPGJyPg0KT2YgY291cnNlIGl0IGRvZXMgbm90 IGhlbHAsIHRoYXQgd2hlbiB5b3UgYXNrIHRoYXQgcXVlc3Rpb24gZnJvbSBkaWZmZXJlbnQgcGVv cGxlIHlvdSBnZXQgZGlmZmVyZW50IGFuc3dlciwgYXMgdGhlIGlkZWEgb2Ygd2hhdCBURUVQIGlz IGRpZmZlcmVudCBmb3IgZGlmZmVyZW50IHBlb3BsZS48YnI+DQo8YnI+DQombmJzcDs8YnI+DQo8 YnI+DQpJIHRoaW5rIHRoZXJlIGlzIGEgZGVncmVlIG9mIHRhbGtpbmcgYXQgY3Jvc3MtcHVycG9z ZXMuPGJyPg0KPGJyPg0KJm5ic3A7PGJyPg0KPGJyPg0KVGhlcmUgaXMgb25lIGdyb3VwIC0gZXNz ZW50aWFsbHkgdGhvc2Ugc3BvbnNvcmluZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBncm91cCAtIHdo aWNoIGhhcyBhIHZlcnkgY2xlYXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdvdWxkIGxpa2Ug VEVFUCB0byBiZSwgd2hpY2ggaXMgZXNzZW50aWFsbHkgdGhyZWUgdGhpbmdzOjxicj4NCjxicj4N CiZuYnNwOzxicj4NCjxicj4NCkEgbWVjaGFuaXNtIGZvciBtYW5hZ2luZyBUcnVzdGVkIEFwcGxp Y2F0aW9ucyBhbmQgdGhlaXIgYXNzb2NpYXRlZCBzZWNyZXRzIGFuZCBrZXkgbWF0ZXJpYWwgaW4g YSBHbG9iYWxQbGF0Zm9ybSBURUUgb3Igc29tZXRoaW5nIHRoYXQgaXMgY29uY2VwdHVhbGx5IHZl cnkgc2ltaWxhci48YnI+DQpBIG1lY2hhbmlzbSBmb3IgZXN0YWJsaXNoaW5nIGEgY2hhaW4gb2Yg dHJ1c3Qgcm9vdGVkIGluIGZpcm13YXJlIGFuZCBjb3ZlcmluZyB0aGUgVEVFIGFuZCBwb3NzaWJs eSBvdGhlciBzeXN0ZW0gY29tcG9uZW50cyB1cCB0byBhbmQgaW5jbHVkaW5nIHRoZSBleGVjdXRp bmcgVGFzayBpbiBhIFNlY3VyaXR5IERvbWFpbi48YnI+DQpBIG1lY2hhbmlzbSAtIHRhcmdldGVk IGF0IHBob25lIGFuZCB0YWJsZXQgdHlwZSBkZXZpY2VzIC0gd2hpY2ggb3BlcmF0ZXMgaW5kZXBl bmRlbnRseSBvZiB0aGUgJnF1b3Q7QXBwIFN0b3JlJnF1b3Q7IG1lY2hhbmlzbSwgYW5kIGlzIGJh c2VkIG9uIGEgUEtJIGluZnJhc3RydWN0dXJlIGFsbG93aW5nIFNlcnZpY2UgUHJvdmlkZXJzIHRv IG1hbmFnZSB0aGUgVHJ1c3RlZCBBcHBsaWNhdGlvbnMgdGhleSBjb250cm9sICZuYnNwO3dpdGhv dXQgdGhlIG5lZWQgZm9yIHVzZXIgaW50ZXJ2ZW50aW9uLjxicj4NCjxicj4NCiZuYnNwOzxicj4N Cjxicj4NClRoZSBkcmFmdCBzcGVjaWZpY2F0aW9uIHZlcnkgY2xlYXJseSBhZGRyZXNzZXMgc3Vj aCBhIHN5c3RlbS4gVW5kZXJzdGFuZGluZyBpdCBmdWxseSByZXF1aXJlcyBjb25zaWRlcmFibGUg ZmFtaWxpYXJpdHkgd2l0aCB0aGUgR2xvYmFsUGxhdGZvcm0gVEVFIHNwZWNpZmljYXRpb25zLCBz aW5jZSBtdWNoIG9mIHRoZSB0ZXJtaW5vbG9neSBhbmQgYXJjaGl0ZWN0dXJhbCBhc3N1bXB0aW9u cyBhcmUgZGVyaXZlZCBmcm9tICZuYnNwO3RoZXNlLjxicj4NCjxicj4NCiZuYnNwOzxicj4NCjxi cj4NClRoZXJlIGlzIGEgc2Vjb25kIGdyb3VwIHdoaWNoIGlzIHN0YXJ0aW5nIGZyb20gYSBtb3Jl IGFic3RyYWN0IHBvc2l0aW9uIG9mIHdoYXQgYSBURUUgc2hvdWxkIGxvb2sgbGlrZSBhbmQgd2hh dCBzZWN1cml0eSBzZXJ2aWNlcyBpdCBtaWdodCB0aGVuIHByb3ZpZGUgdG8gYSBzeXN0ZW0gYW5k IGhvdyB0aGUgY29udHJvbCBvZiB0aGVzZSBjb3VsZCBiZSBzdHJ1Y3R1cmVkLiBUaGlzIGlzIGEg Y29tcGxldGVseSBkaWZmZXJlbnQgJm5ic3A7cHJvYmxlbSwgYW5kDQogbGlrZWx5IGEgbXVjaCBi cm9hZGVyIG9uZSB3aGljaCBpcyBkaWZmaWN1bHQgdG8gZW5jYXBzdWxhdGUgaW4gYSBzbWFsbCBz Y29wZS48YnI+DQo8YnI+DQo8YnI+DQo8YnI+DQo8YnI+DQpUcnlpbmcgdG8gbWFrZSB0aGUgYXJj aGl0ZWN0dXJlIHRvbyBnZW5lcmljIGFsc28gY29uZnVzZXMgdGhpbmdzLiBJdCBtaWdodCBiZSBi ZXR0ZXIgdG8gaGF2ZSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUgd2l0aCBtb3JlIGxpbWl0ZWQgc2Nv cGUsIHRoYXQgd291bGQgZXhwbGFpbiB0aGluZ3Mgd2hhdCBURUVQIHNob3VsZCBwcm92aWRlLjxi cj4NCjxicj4NCkZvciBleGFtcGxlOjxicj4NCjxicj4NCjEpIFRFRVAgcHJvdmlkZXMgYSB3YXkg dG8gaW5zdGFsbCBzb2Z0d2FyZSBmcm9tIHRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBt YXJrZXRwbGFjZSB0byB0aGUgVEVFIHJ1bm5pbmcgaW5zaWRlIGRldmljZS48YnI+DQo8YnI+DQoy KSBUaGUgU2VjdXJlIHRydXN0ZWQgYXBwbGlhdGlvbiBtYXJrZXRwbGFjZSBuZWVkcyB0byBiZSBh YmxlIHRvIHZlcmlmeSB0aGF0IHRoZSBURUUgd2FudGluZyB0byBpbnN0YWxsIGFuIGFwcGxpY2F0 aW9uIGlzIGFjdHVhbCBURUUsIGFuZCBub3Qgc29tZSBmYWtlIGRldmljZSwgZm9yIGV4YW1wbGUg dXNpbmcgc2lnbmF0dXJlIGZyb20gdGhlIGtleSBpbnN0YWxsZWQgYnkgdGhlIG1hbnVmYWN0dXJl ciB3aGljaCBpcyB1c2VkIHRvIHNpZ24gdGhlDQogaW5zdGFsbGF0aW9uIHJlcXVlc3QuPGJyPg0K PGJyPg0KMykgVGhlIFNlY3VyZSB0cnVzdGVkIGFwcGxpY2F0aW9uIG1hcmtldHBsYWNlIGNhbiB0 aGVuIGVuY3J5cHQgdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gd2l0aCBURUUgc3BlY2lmaWMga2V5 LCBzbyB0aGF0IG5vYm9keSBlbHNlIHRoYW4gVEVFIGNhbiBkZWNyeXB0IGFuZCBpbnN0YWxsIGl0 LiBUaGlzIHdpbGwgcHJldmVudCBsZWFraW5nIG91dCBjb25maWRlbnRpYWwgbWF0ZXJpYWwgaW5z aWRlIHRoZSBhcHBsaWNhdGlvbi48YnI+DQpUcnVzdGVkIGFwcGxpY2F0aW9uIGluc3RsYWwgcGFj a2FnZSBtaWdodCBhbHNvIGJlIHBlcnNvbmFsaXplZCBmb3IgdGhlIHNwZWNpZmljIFRFRS4gU2Vj dXJlIHRydXN0ZWQgYXBwbGljYXRpb24gbWFya2V0cGxhY2Ugd2lsbCBhbHNvIHNpZ24gdGhlIHRy dXN0ZWQgYXBwbGljYXRpb24gaW5zdGFsbCBwYWNrYWdlLCBzbyBURUUgY2FuIHZlcmlmeSBpdCBp cyBhdXRoZW50aWMuPGJyPg0KPGJyPg0KNCkgVEVFIHdpbGwgdmVyaWZ5IHRoZSBzaWduYXR1cmUg b2YgdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gaW5zdGFsbCBwYWNrYWdlLCBhbmQgY2hlY2sgdGhh dCBzaWduZXIgaXMgdHJ1c3RlZCwgYW5kIHRoZW4gaXQgd2lsbCBkZWNyeXB0IHRoZSBwYWNrYWdl LCBhbmQgaW5zdGFsbCBpdC48YnI+DQo8YnI+DQo1KSBUaGUgYXBwbGljYXRpb24gcnVubmluZyBv biB0aGUgUkVFIHNpZGUgbWlnaHQgbmVlZCB0byB2ZXJpZnkgdGhhdCB0aGUgdHJ1c3RlZCBhcHBs aWNhdGlvbiBwYXJ0IG9mIGl0IGhhcyBiZWVuIHByb3Blcmx5IGluc3RhbGxlZCB0byByZWFsIFRF RSwgc28gaXQgY2FuIHRydXN0IGl0IGRvaW5nIGl0cyBqb2IuIEkgYW0gbm90IHN1cmUgaWYgdGhp cyB3aWxsIGJlIHBhcnQgb2YgdGhlIFRFRVAgb3Igbm90Li4uPGJyPg0KPGJyPg0KSXMgbXkgdW5k ZXJzdGFuZGluZyBvZiBURUVQIGNvcnJlY3Q/IEkgZG8gbm90IGtub3csIGFuZCBJIGFzc3VtZSBv dGhlciBwZW9wbGUgaGF2ZSBkaWZmZXJlbnQgaWRlYXMgd2hhdCBzaG91bGQgb3Igc2hvdWxkIG5v dCBiZSBwYXJ0IG9mIGl0Ljxicj4NCjxicj4NCiZuYnNwOzxicj4NCjxicj4NCkkgdGhpbmsgdGhp cyBpcyBhIHByZXR0eSBnb29kIGV4cGxhbmF0aW9uIG9mIHdoYXQgdGhlIGZpcnN0IGdyb3VwIHdv dWxkIGxpa2UgdG8gc2VlLjxicj4NCiZuYnNwOzxicj4NCjxicj4NCkJlc3QgcmVnYXJkczxicj4N Cjxicj4NCkplcmVteTxicj4NCiZuYnNwOzxicj4NCjxicj4NCjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8 L2h0bWw+DQo= --_000_VI1PR06MB32158562AC6F19FE0CFC3C65FF1B0VI1PR06MB3215eurp_-- From nobody Thu Apr 20 14:20:58 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5811316C9 for ; Thu, 20 Apr 2017 14:20:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.935 X-Spam-Level: X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ck98GkFR791g for ; Thu, 20 Apr 2017 14:20:54 -0700 (PDT) Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCAFD13167E for ; Thu, 20 Apr 2017 14:20:54 -0700 (PDT) Received: from [192.168.254.146] (72-172-185-194.bayarea.net [72.172.185.194]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id v3KLKfed029072 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 20 Apr 2017 14:20:42 -0700 To: Nick Cook , Brian Witten , "Wheeler, David M" , "'Jeremy O'Donoghue'" , Tero Kivinen References: <22755.33183.740819.743679@fireball.acr.fi> <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> Cc: Hannes Tschofenig , teep From: Erik Nordmark Message-ID: <427579c7-43f0-9040-3ae5-efb7f36e46dc@acm.org> Date: Thu, 20 Apr 2017 14:20:41 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: base64 X-Sonic-CAuth: UmFuZG9tSVbvvNK76FYg8WYYSvDVyJgoEfmtFa6fgMWTMeBtQ9YvHpuzsGg2NDApLUUzvUFC6+v2W9QdLRcopj8DAU+gevWALlFdY/R/fDI= X-Sonic-ID: C;gr5DNQ8m5xGB1Yo9YI2qTQ== M;BEKnNQ8m5xGB1Yo9YI2qTQ== X-Sonic-Spam-Details: 0.0/5.0 by cerberusd Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 21:20:56 -0000 T24gMDQvMjAvMjAxNyAwMjoyMCBBTSwgTmljayBDb29rIHdyb3RlOg0KPiBQZXJzb25hbGx5 IHNwZWFraW5nLCBPVHJQIGlzIGFib3V0IGJlaW5nIGFibGUgdG8gaW5zdGFsbCBzZWN1cml0 eSBhcHBsaWNhdGlvbnMgaW50byBhbiBlbnZpcm9ubWVudCB0aGF0IHByb3ZpZGVzICJ0cnVz dGVkIiBoYXJkd2FyZSBiYWNrZWQgaXNvbGF0aW9uIGJldHdlZW4gdGhlIGRpZmZlcmVudCBh cHBsaWNhdGlvbnMuIE9UclAgZG9lcyB0aGF0IGJ5IGVzdGFibGlzaGluZyBpdCBpcyB3b3Jr aW5nIGFnYWluc3QgdGhlIHJpZ2h0IGRldmljZSB0eXBlIGFuZCByaWdodCBpc29sYXRpb24g ZW52aXJvbm1lbnQgdHlwZSBhbmQgdGhlbiBwcm9jZWVkcyB0byBpbnN0YWxsIHRoZSBhcHBs aWNhdGlvbiBpbiBhIHdheSB0aGF0IHByb3ZpZGVzIHByb3RlY3Rpb24gZm9yIGNvbmZpZGVu dGlhbGl0eSBhbmQgaW50ZWdyaXR5LiBUaGUgdGVybSBURUUgaXMgcHJvYmFibHkgdG9vIG9m dGVuIGFzc29jaWF0ZWQgd2l0aCBhIHNwZWNpZmljIGZvcm11bGF0aW9uIG9mIGFuIGlzb2xh dGlvbiBlbnZpcm9ubWVudCBhbmQgdGhlcmVmb3JlIHRoaXMgaXMgcGVyaGFwcyB0aGUgZmly c3QgdGhpbmcgd2Ugc2hvdWxkIG1vdmUgZm9yd2FyZC4NCj4NCj4gQXMgYW4gZXhhbXBsZSwg SSd2ZSBiZWVuIHdvcmtpbmcgb24gYSBoYXJkd2FyZSBiYWNrZWQgaHlwZXJ2aXNvciBlbnZp cm9ubWVudCB0aGF0IHVzZXMgT1RyUCBmb3IgdGhlIGluc3RhbGxhdGlvbiBvZiB0aGUgZGlm ZmVyZW50IGNvbnRhaW5lcnMvZG9tYWlucyBhbmQgdGhlIHZpcnR1YWwgbWFjaGluZSBjb250 ZW50cyB0aGF0IGdvZXMgaW4gdGhlbS4gVGhlIHRydXN0IGNoYWluIGZyb20gT1RyUCBpcyBt ZXQgYW5kIHRoZSBpc29sYXRpb24gb2YgYXBwbGljYXRpb25zIGFuZCBrZXkgbWF0ZXJpYWwg dG8gdGhvc2UgYXBwbGljYXRpb25zIGlzIGFsc28gcHJvdmlkZWQuDQoNCk5pY2ssDQoNCkJ5 ICJoYXJkd2FyZSBiYWNrZWQgaHlwZXJ2aXNvciIgZG8geW91IG1lYW4gcnVubmluZyBlLmcu IE9LTDQgb3IgWGVuIA0KaHlwZXJ2aXNvciBvbiBlLmcuIGFuIEludGVsIG9yIEFSTSBzeXN0 ZW0gd2l0aCBoYXJkd2FyZSB2aXJ0dWFsaXphdGlvbiANCnN1cHBvcnQ/DQpPciBzb21ldGhp bmcgZWxzZSB3aXRoIGEgZGlmZmVyZW50IGNvdXBsaW5nIGJldHdlZW4gdGhlIGhhcmR3YXJl IGFuZCB0aGUgDQpoeXBlcnZpc29yPw0KDQpKdXN0IHdhbnQgdG8gbWFrZSBzdXJlIEkgdW5k ZXJzdGFuZC4NCg0KSSB0aGluayBpdCB3b3VsZCBiZSB1c2VmdWwgdG8gc2VlIGhvdyB0aGUg aXNvbGF0aW9uIHByb3ZpZGVkIGJ5IA0KaHlwZXJ2aXNvcnMgZml0IHdpdGggdGhlIFRFRS9S RUUgc3BsaXQuDQoNClRoYW5rcywNCiAgICBFcmlrDQoNCg0KPg0KPiBCYXNlZCBvbiB0aGF0 IHdvcmsgYW5kIHRoaW5raW5nIHNwZWNpZmljYWxseSB0byBteSBvcmlnaW5hbCBnb2FscyBm b3IgT1RyUCB3aGVuIHdlIHN0YXJ0ZWQgdGhpcyB3b3JrIGEgZmV3IHllYXJzIGJhY2ssIEkg d291bGQgbGlrZSB0byBzdXBwb3J0IERhdmUgV2hlZWxlcidzIGNvbW1lbnQgb24gbmVlZGlu ZyB0byBmb3JtdWxhdGUgYSBtb3JlIGFic3RyYWN0IGRlZmluaXRpb24gZm9yIFRFRS4gSSBh bHNvIGFncmVlIHdpdGggQnJpYW4gdGhhdCB0aGUgR1AgZGVmaW5pdGlvbiBkb2Vzbid0IG5l ZWQgdG8gYmUgYWJhbmRvbmVkIHRvIGRvIHRoYXQgLSBJIGJlbGlldmUsIGV4cHJlc3NlZCBp biB0aGUgcmlnaHQgd2F5LCB0aGUgR1AgZGVmaW5pdGlvbiBvZiBhIFRFRSBjb3ZlcnMgdGhl IGhhcmR3YXJlIGh5cGVydmlzb3IgY2FzZSBJIGRlc2NyaWJlZCBlYXJsaWVyIGluIHRoZSBl bWFpbCBhbHNvIGFuZCBJJ20gc3VyZSBpdCBjYW4gY292ZXIgdGhlIG90aGVyIGVudmlyb25t ZW50cyB0b28uDQo+DQo+DQo+IEkgZG8gaG93ZXZlciB0aGluayBpdCBpcyBpbXBvcnRhbnQg dGhhdCB3ZSByZXN0cmljdCB0byBpc29sYXRpb24gZW52aXJvbm1lbnRzIHRoYXQgYXJlIGhh cmR3YXJlIGJhY2tlZCBhcyB0aGlzIGlzIGZ1bmRhbWVudGFsIHRvIHRoZSB0cnVzdCBtb2Rl bC4NCj4NCj4gSSBhbHNvIHN1cHBvcnQgRGF2ZSdzIHN1Z2dlc3Rpb24gdGhhdCB3ZSBjYW4g YmUgbGVzcyBub3JtYXRpdmUgb24gZXhhY3QgbG9jYXRpb25zIG9mIHRoZSBmdW5jdGlvbmFs IGJsb2NrcyBvZiBPVHJQLiBJIHdvdWxkIGxpa2UgdG8gaGF2ZSBhIGNvbXBhbmlvbiBkb2N1 bWVudCB0aGF0IGRvZXMgcHJvdmlkZSBleGFtcGxlIGRlcGxveW1lbnRzIGJ1dCB0aGUgY29y ZSBwcm90b2NvbCBpdHNlbGYgZG9lcyBub3QgbmVlZCB0byBiZSBsb2NrZWQgZG93biB0byBh IHNwZWNpZmljIGRlcGxveW1lbnQgYXBwcm9hY2guDQo+DQo+DQo+DQo+IE5pY2sgQ29vaw0K PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBCcmlhbiBXaXR0ZW4gW21h aWx0bzpicmlhbl93aXR0ZW5Ac3ltYW50ZWMuY29tXQ0KPiBTZW50OiAwNSBBcHJpbCAyMDE3 IDE4OjAyDQo+IFRvOiBXaGVlbGVyLCBEYXZpZCBNIDxkYXZpZC5tLndoZWVsZXJAaW50ZWwu Y29tPjsgJ0plcmVteSBPJ0Rvbm9naHVlJyA8am9kb25vZ2hAcXRpLnF1YWxjb21tLmNvbT47 IFRlcm8gS2l2aW5lbiA8a2l2aW5lbkBpa2kuZmk+DQo+IENjOiBIYW5uZXMgVHNjaG9mZW5p ZyA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT47IHRlZXAgPHRlZXBAaWV0Zi5vcmc+DQo+ IFN1YmplY3Q6IFJlOiBbVGVlcF0gW0VYVF0gUmU6IE15IEJvRiBpbXByZXNzaW9uDQo+DQo+ IFRoYW5rIFlvdSBEYXZlISAgSSdkIGxpa2UgdG8gZWNobyAmIGFncmVlIHdpdGggbWFueSBv ZiB5b3VyIHBvaW50cywgYnV0IGFzayBmb3IgYSBjbGFyaWZpY2F0aW9uIG9uIG9uZSBhc3Bl Y3QuICAiRmlyc3QsIEkgKGJlbGlldmUpIHRoaXMgaXMgZXhhY3RseSB0aGUgdHlwZSBvZiBj b252ZXJzYXRpb24gd2UgbmVlZCB0byBoYXZlLiBUaGFua3MgZm9yIGtpY2tpbmcgdGhpcyBv ZmYgdmVyeSBkaXJlY3RseS4iICBXZWxsIFNhaWQsIFRoYW5rIFlvdSBCb3RoISAgIkkgYW0g bW90aXZhdGVkIHRvIHdvcmsgam9pbnRseSBvbiBkZXZlbG9waW5nIE9UclAgdG8gYWRkcmVz cyBhIHdpZGVyIHNldCBvZiBjb25jZXJucyBjb21tb24gdG8gVEVFcyBhbmQgdGhlaXIgZW52 aXJvbm1lbnRzLCB3aXRoIHRoZSBwdXJwb3NlIG9mIGV4cGFuZGluZyB0aGUgZWFzZSB3aXRo IHdoaWNoIHRoZSBtYXJrZXRwbGFjZSBjYW4gdXRpbGl6ZSBURUUgbWVjaGFuaXNtcy4iIEFn YWluLCBJJ20gbW90aXZhdGVkIGJ5IHRoZSBzYW1lIHB1cnBvc2UuICAiUGFydCBvZiB0aGlz IGRldmVsb3BtZW50IG9mIE9UclAgKGZyb20gbXkgcGVyc3BlY3RpdmUpIGlzIGJlaW5nIGxl c3Mgbm9ybWF0aXZlIGFib3V0IHRoZSBleGFjdCBsb2NhdGlvbiBhbmQgaW5zdGFudGlhdGlv biBvZiBjZXJ0YWluIHBhcnRpZXMgKHBhcnRpY3VsYXJseSB0aGUgVFNNKSBhbmQgYmUgc3Bl Y2lmaWMgb24gdGhlIG9wZXJhdGlvbnMgYW5kIGFjdGl2aXRpZXMgYXQgcGFydGljdWxhciAn c2VydmljZSBhY2Nlc3MgcG9pbnRzJyBvZiB0aGUgcHJvdG9jb2wuIiAgSSBiZWxpZXZlIHRo YXQgaXMgYSBncmVhdCBzdWdnZXN0aW9uLCBhbmQgSSdtIGZ1bGx5IHN1cHBvcnRpdmUuICBT dGlsbCBteSBjbGFyaWZ5aW5nIHF1ZXN0aW9uIHJlbGF0ZXMgdG8gdGhlIGRlc2lyZSAidG8g ZGVmaW5lIGEgbW9yZSBhYnN0cmFjdCBkZWZpbml0aW9uIG9mIGEgVEVFLCBhbmQgZGVzaXJp bmcgYSBwcm90b2NvbCB0aGF0IGlzIGFwcGxpY2FibGUgdG8gYSB3aWRlIHNldCBvZiBURUVz LiIgIEknbSBlYWdlciB0byBzdXBwb3J0IGEgd2lkZSBzZXQgb2YgVEVFLCBpbmNsdWRpbmcg Ym90aCBTR1ggYW5kIFRaIGJhc2VkIFRFRS4gICBNeSBxdWVzdGlvbiBpcywgImRvIHdlIG5l ZWQgdG8gYWJhbmRvbiB0aGUgR2xvYmFsIFBsYXRmb3JtIChHUCkgZGVmaW5pdGlvbiBvZiBh IFRFRSB0byBzdXBwb3J0IGJvdGggU0dYIGFuZCBUWiBiYXNlZCBURUU/IiAgSSBiZWxpZXZl IHRoYXQgd2UgZG8gTm90IG5lZWQgdG8gYWJhbmRvbiB0aGUgR1AgZGVmaW5pdGlvbiBvZiBh IFRFRSB0byBzdXBwb3J0IGJvdGggU0dYIGFuZCBUWiBiYXNlZCBURUUsIGJ1dCBJJ2QgYmUg ZWFnZXIgdG8gZ2V0IHlvdXIgdmlldyBoZXJlIGFzIHlvdSd2ZSBmcmFtZWQgdGhlIHJlc3Qg c28gdmVyeSB3ZWxsLiAgTGFzdCwgZWl0aGVyIHdheSwgIkkgYmVsaWV2ZSBJRVRGIGlzIGV4 YWN0bHkgdGhlIHBsYWNlIHRvIGhhdmUgdGhpcyBjb252ZXJzYXRpb24gYW5kIGRlZmluZSBh IHZlcnkgb3BlbiBhbmQgaW5jbHVzaXZlIHByb3RvY29sLiIgIEFnYWluLCBJIGFncmVlIGNv bXBsZXRlbHkuDQo+DQo+IFRoYW5rIFlvdSBBZ2FpbiENCj4gQnJpYW4NCj4NCj4NCj4gRnJv bTogVEVFUCA8dGVlcC1ib3VuY2VzQGlldGYub3JnPiBvbiBiZWhhbGYgb2YgV2hlZWxlciwg RGF2aWQgTSA8ZGF2aWQubS53aGVlbGVyQGludGVsLmNvbT4NCj4gU2VudDogV2VkbmVzZGF5 LCBBcHJpbCA1LCAyMDE3IDk6MzQgQU0NCj4gVG86ICdKZXJlbXkgTydEb25vZ2h1ZSc7IFRl cm8gS2l2aW5lbg0KPiBDYzogSGFubmVzIFRzY2hvZmVuaWc7IHRlZXANCj4gU3ViamVjdDog W0VYVF0gUmU6IFtUZWVwXSBNeSBCb0YgaW1wcmVzc2lvbg0KPg0KPg0KPiBJJ20gYSBiaXQg YmVoaW5kIG9uIHRoZSB0aHJlYWQsIGJ1dCB3YW50IHRvIHJlc3BvbmQgdG8gSmVyZW15J3Mg b3JpZ2luYWwgY29tbWVudC4NCj4NCj4gRmlyc3QsIEkgdGhpcyBpcyBleGFjdGx5IHRoZSB0 eXBlIG9mIGNvbnZlcnNhdGlvbiB3ZSBuZWVkIHRvIGhhdmUuIFRoYW5rcyBmb3Iga2lja2lu ZyB0aGlzIG9mZiB2ZXJ5IGRpcmVjdGx5Lg0KPiBJIGFncmVlIHdpdGggeW91ciBwZXJjZXB0 aW9uIG9mIHRoZSB0d28gZ3JvdXBzLCB0aG91Z2ggSSB0aGluayBpdCBpcyBpbXBvcnRhbnQg dG8gdW5kZXJzdGFuZCB0aGUgbW90aXZhdGlvbnMgaW4gdGhlIHNlY29uZCBncm91cCwgc2lu Y2UgdGhleSBtYXkgYmUgdmFyaWVkLg0KPg0KPiBJIHdpbGwgcHV0IG15c2VsZiB2b2x1bnRh cmlseSBpbiB0aGUgc2Vjb25kIGJ1Y2tldC4gSSB3aWxsIHByZXNlbnQgbXkgcGVyc29uYWwg cGVyc3BlY3RpdmUsIHdoaWNoIG1heSBiZSBkaWZmZXJlbnQgZnJvbSBvdGhlcnMgaW4gdGhl ICJzZWNvbmQgZ3JvdXAiLg0KPg0KPiBGb3IgbXlzZWxmLCBJIGFtIGxvb2tpbmcgdG8gZGVm aW5lIGEgbW9yZSBhYnN0cmFjdCBkZWZpbml0aW9uIG9mIGEgVEVFLCBhbmQgZGVzaXJpbmcg YSBwcm90b2NvbCB0aGF0IGlzIGFwcGxpY2FibGUgdG8gYSB3aWRlIHNldCBvZiBURUVzLiBG cm9tIG15IHBlcnNwZWN0aXZlLCAgbG9va2luZyBhdCBURUVzIHRoYXQgSW50ZWwgaGFzIGlu IHRoZSBtYXJrZXRwbGFjZSwgYW5kIGFsc28gaGF2aW5nIHdvcmtlZCBmb3Igc2V2ZXJhbCB5 ZWFycyBvbiBJbnRlbCdzIFhTY2FsZSBwcm9jZXNzb3JzIChhbmQgYW0gdGh1cyBmYW1pbGlh ciB3aXRoIFRaKSwgdGhlIGN1cnJlbnQgT1RyUCBkcmFmdCBhZGRyZXNzZXMgVHJ1c3QgWm9u ZSBjb25jZXJucyB3aXRob3V0IHJlYWxseSBjb25zaWRlcmluZyBvdGhlciBURUVzLiBUaGlz IGlzIG15ICBwZXJjZXB0aW9uLCBvZiBjb3Vyc2UuDQo+DQo+IEl0IGlzIGFsc28gbXkgb3Bp bmlvbiB0aGF0IGFuIElFVEYgcHJvdG9jb2wgc2hvdWxkIGRvIG1vcmUgdGhhbiBhZGRyZXNz IGltcGxlbWVudGF0aW9uIHNwZWNpZmljIGNvbmNlcm5zLg0KPiBJIGFtIG1vdGl2YXRlZCB0 byB3b3JrIGpvaW50bHkgb24gZGV2ZWxvcGluZyBPVHJQIHRvIGFkZHJlc3MgYSB3aWRlciBz ZXQgb2YgY29uY2VybnMgY29tbW9uIHRvIFRFRXMgYW5kIHRoZWlyIGVudmlyb25tZW50cywg d2l0aCB0aGUgcHVycG9zZSBvZiBleHBhbmRpbmcgdGhlICBlYXNlIHdpdGggd2hpY2ggdGhl IG1hcmtldHBsYWNlIGNhbiB1dGlsaXplIFRFRSBtZWNoYW5pc21zLg0KPg0KPiBQYXJ0IG9m IHRoaXMgZGV2ZWxvcG1lbnQgb2YgT1RyUCAoZnJvbSBteSBwZXJzcGVjdGl2ZSkgaXMgYmVp bmcgbGVzcyBub3JtYXRpdmUgYWJvdXQgdGhlIGV4YWN0IGxvY2F0aW9uIGFuZCBpbnN0YW50 aWF0aW9uIG9mIGNlcnRhaW4gcGFydGllcyAocGFydGljdWxhcmx5IHRoZSAgVFNNKSBhbmQg YmUgc3BlY2lmaWMgb24gdGhlIG9wZXJhdGlvbnMgYW5kIGFjdGl2aXRpZXMgYXQgcGFydGlj dWxhciAic2VydmljZSBhY2Nlc3MgcG9pbnRzIiBvZiB0aGUgcHJvdG9jb2wuIE15IHBvaW50 IGhlcmUgaXMgdGhhdCBPVHJQIGluIGl0cyBjdXJyZW50IHJlbmRpdGlvbiBpcyA8ZW1waGFz aXM+IHRvbyA8L2VtcGhhc2lzPiBpbXBsZW1lbnRhdGlvbiBzcGVjaWZpYyBhbmQgdG9vIG5v cm1hdGl2ZSBpbiBpdHMgZGVzY3JpcHRpb24gb2YgdGhlICBtYXJrZXRwbGFjZS4gSSBiZWxp ZXZlIHRoaXMgaXMgZmluZSBhcyBhbiBleGFtcGxlLCBidXQgbm90IGFzIHBhcnQgb2YgdGhl IHByb3RvY29sLg0KPg0KPiBJIGJlbGlldmUgSUVURiBpcyBleGFjdGx5IHRoZSBwbGFjZSB0 byBoYXZlIHRoaXMgY29udmVyc2F0aW9uIGFuZCBkZWZpbmUgYSB2ZXJ5IG9wZW4gYW5kIGlu Y2x1c2l2ZSBwcm90b2NvbC4gSSByZWFsaXplIHRoYXQgdGFrZXMgc29tZSB0aW1lLiBJIGxv b2sgZm9yd2FyZCAgdG8gaGF2aW5nIHRoaXMgY29udmVyc2F0aW9uIGluIG1vcmUgZGV0YWls Lg0KPg0KPiBUaGFua3MsDQo+IERhdmUgV2hlZWxlcg0KPg0KPg0KPg0KPiBGcm9tOiBURUVQ IFttYWlsdG86dGVlcC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgSmVyZW15IE8n RG9ub2dodWUNCj4gU2VudDogVHVlc2RheSwgQXByaWwgNCwgMjAxNyA3OjEzIEFNDQo+IFRv OiBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtpLmZpPg0KPiBDYzogSGFubmVzIFRzY2hvZmVu aWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyB0ZWVwIDx0ZWVwQGlldGYub3JnPg0K PiBTdWJqZWN0OiBSZTogW1RlZXBdIE15IEJvRiBpbXByZXNzaW9uDQo+DQo+DQo+DQo+DQo+ IE9uIDQgQXByIDIwMTcsIGF0IDEyOjIxLCBUZXJvIEtpdmluZW4gPGtpdmluZW5AaWtpLmZp PiB3cm90ZToNCj4NCj4NCj4NCj4gTXkgZmVlbGluZyB0aGF0IHRoZSBtYWluIHF1ZXN0aW9u IHdoYXQgcGVvcGxlIGRpZCBub3QgdW5kZXJzdGFuZCB3YXM6DQo+DQo+IFdoYXQgaXMgdGhl IHJlYWwgZGlmZmVyZW5jZSBiZXR3ZWVuIFRFRVAgYW5kIGp1c3Qgbm9ybWFsIGFwcGxpY2F0 aW9uIGRvd25sb2FkLiBJLmUuLCB3aHkgc2VwYXJhdGUgcHJvdG9jb2wgaXMgbmVlZGVkLg0K PiBIb3cgaXMgdGhpcyBkaWZmZXJlbnQgZnJvbSBqdXN0IGhhdmluZyBwZXJoYXBzIGVuY3J5 cHRlZCBzaWduZWQgYXBwbGljYXRpb24gYmxvYiBmcm9tIHRoZSBtYXJrZXRwbGFjZSBhbmQg aW5zdGFsbGluZyB0aGF0Lg0KPg0KPiBBdCBsZWFzdCB0aGF0IHdhcyBteSBtYWluIHF1ZXN0 aW9uIHdoZW4gd2UgZGlzY3Vzc2VkIHRoaXMgYmVmb3JlIHRoZSBCb0YuDQo+DQo+IE9mIGNv dXJzZSBpdCBkb2VzIG5vdCBoZWxwLCB0aGF0IHdoZW4geW91IGFzayB0aGF0IHF1ZXN0aW9u IGZyb20gZGlmZmVyZW50IHBlb3BsZSB5b3UgZ2V0IGRpZmZlcmVudCBhbnN3ZXIsIGFzIHRo ZSBpZGVhIG9mIHdoYXQgVEVFUCBpcyBkaWZmZXJlbnQgZm9yIGRpZmZlcmVudCBwZW9wbGUu DQo+DQo+DQo+DQo+IEkgdGhpbmsgdGhlcmUgaXMgYSBkZWdyZWUgb2YgdGFsa2luZyBhdCBj cm9zcy1wdXJwb3Nlcy4NCj4NCj4NCj4NCj4gVGhlcmUgaXMgb25lIGdyb3VwIC0gZXNzZW50 aWFsbHkgdGhvc2Ugc3BvbnNvcmluZyB0aGUgY3JlYXRpb24gb2YgdGhpcyBncm91cCAtIHdo aWNoIGhhcyBhIHZlcnkgY2xlYXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0IGl0IHdvdWxkIGxp a2UgVEVFUCB0byBiZSwgd2hpY2ggaXMgZXNzZW50aWFsbHkgdGhyZWUgdGhpbmdzOg0KPg0K Pg0KPg0KPiAgQSBtZWNoYW5pc20gZm9yIG1hbmFnaW5nIFRydXN0ZWQgQXBwbGljYXRpb25z IGFuZCB0aGVpciBhc3NvY2lhdGVkIHNlY3JldHMgYW5kIGtleSBtYXRlcmlhbCBpbiBhIEds b2JhbFBsYXRmb3JtIFRFRSBvciBzb21ldGhpbmcgdGhhdCBpcyBjb25jZXB0dWFsbHkgdmVy eSBzaW1pbGFyLg0KPiBBIG1lY2hhbmlzbSBmb3IgZXN0YWJsaXNoaW5nIGEgY2hhaW4gb2Yg dHJ1c3Qgcm9vdGVkIGluIGZpcm13YXJlIGFuZCBjb3ZlcmluZyB0aGUgVEVFIGFuZCBwb3Nz aWJseSBvdGhlciBzeXN0ZW0gY29tcG9uZW50cyB1cCB0byBhbmQgaW5jbHVkaW5nIHRoZSBl eGVjdXRpbmcgVGFzayBpbiBhIFNlY3VyaXR5IERvbWFpbi4NCj4gQSBtZWNoYW5pc20gLSB0 YXJnZXRlZCBhdCBwaG9uZSBhbmQgdGFibGV0IHR5cGUgZGV2aWNlcyAtIHdoaWNoIG9wZXJh dGVzIGluZGVwZW5kZW50bHkgb2YgdGhlICJBcHAgU3RvcmUiIG1lY2hhbmlzbSwgYW5kIGlz IGJhc2VkIG9uIGEgUEtJIGluZnJhc3RydWN0dXJlIGFsbG93aW5nIFNlcnZpY2UgUHJvdmlk ZXJzIHRvIG1hbmFnZSB0aGUgVHJ1c3RlZCBBcHBsaWNhdGlvbnMgdGhleSBjb250cm9sICB3 aXRob3V0IHRoZSBuZWVkIGZvciB1c2VyIGludGVydmVudGlvbi4NCj4NCj4NCj4NCj4gVGhl IGRyYWZ0IHNwZWNpZmljYXRpb24gdmVyeSBjbGVhcmx5IGFkZHJlc3NlcyBzdWNoIGEgc3lz dGVtLiBVbmRlcnN0YW5kaW5nIGl0IGZ1bGx5IHJlcXVpcmVzIGNvbnNpZGVyYWJsZSBmYW1p bGlhcml0eSB3aXRoIHRoZSBHbG9iYWxQbGF0Zm9ybSBURUUgc3BlY2lmaWNhdGlvbnMsIHNp bmNlIG11Y2ggb2YgdGhlIHRlcm1pbm9sb2d5IGFuZCBhcmNoaXRlY3R1cmFsIGFzc3VtcHRp b25zIGFyZSBkZXJpdmVkIGZyb20gIHRoZXNlLg0KPg0KPg0KPg0KPiBUaGVyZSBpcyBhIHNl Y29uZCBncm91cCB3aGljaCBpcyBzdGFydGluZyBmcm9tIGEgbW9yZSBhYnN0cmFjdCBwb3Np dGlvbiBvZiB3aGF0IGEgVEVFIHNob3VsZCBsb29rIGxpa2UgYW5kIHdoYXQgc2VjdXJpdHkg c2VydmljZXMgaXQgbWlnaHQgdGhlbiBwcm92aWRlIHRvIGEgc3lzdGVtIGFuZCBob3cgdGhl IGNvbnRyb2wgb2YgdGhlc2UgY291bGQgYmUgc3RydWN0dXJlZC4gVGhpcyBpcyBhIGNvbXBs ZXRlbHkgZGlmZmVyZW50ICBwcm9ibGVtLCBhbmQgbGlrZWx5IGEgbXVjaCBicm9hZGVyIG9u ZSB3aGljaCBpcyBkaWZmaWN1bHQgdG8gZW5jYXBzdWxhdGUgaW4gYSBzbWFsbCBzY29wZS4N Cj4NCj4NCj4NCj4NCj4gVHJ5aW5nIHRvIG1ha2UgdGhlIGFyY2hpdGVjdHVyZSB0b28gZ2Vu ZXJpYyBhbHNvIGNvbmZ1c2VzIHRoaW5ncy4gSXQgbWlnaHQgYmUgYmV0dGVyIHRvIGhhdmUg bW9yZSBjb25jcmV0ZSBleGFtcGxlIHdpdGggbW9yZSBsaW1pdGVkIHNjb3BlLCB0aGF0IHdv dWxkIGV4cGxhaW4gdGhpbmdzIHdoYXQgVEVFUCBzaG91bGQgcHJvdmlkZS4NCj4NCj4gRm9y IGV4YW1wbGU6DQo+DQo+IDEpIFRFRVAgcHJvdmlkZXMgYSB3YXkgdG8gaW5zdGFsbCBzb2Z0 d2FyZSBmcm9tIHRoZSBTZWN1cmUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBtYXJrZXRwbGFjZSB0 byB0aGUgVEVFIHJ1bm5pbmcgaW5zaWRlIGRldmljZS4NCj4NCj4gMikgVGhlIFNlY3VyZSB0 cnVzdGVkIGFwcGxpYXRpb24gbWFya2V0cGxhY2UgbmVlZHMgdG8gYmUgYWJsZSB0byB2ZXJp ZnkgdGhhdCB0aGUgVEVFIHdhbnRpbmcgdG8gaW5zdGFsbCBhbiBhcHBsaWNhdGlvbiBpcyBh Y3R1YWwgVEVFLCBhbmQgbm90IHNvbWUgZmFrZSBkZXZpY2UsIGZvciBleGFtcGxlIHVzaW5n IHNpZ25hdHVyZSBmcm9tIHRoZSBrZXkgaW5zdGFsbGVkIGJ5IHRoZSBtYW51ZmFjdHVyZXIg d2hpY2ggaXMgdXNlZCB0byBzaWduIHRoZSBpbnN0YWxsYXRpb24gcmVxdWVzdC4NCj4NCj4g MykgVGhlIFNlY3VyZSB0cnVzdGVkIGFwcGxpY2F0aW9uIG1hcmtldHBsYWNlIGNhbiB0aGVu IGVuY3J5cHQgdGhlIHRydXN0ZWQgYXBwbGljYXRpb24gd2l0aCBURUUgc3BlY2lmaWMga2V5 LCBzbyB0aGF0IG5vYm9keSBlbHNlIHRoYW4gVEVFIGNhbiBkZWNyeXB0IGFuZCBpbnN0YWxs IGl0LiBUaGlzIHdpbGwgcHJldmVudCBsZWFraW5nIG91dCBjb25maWRlbnRpYWwgbWF0ZXJp YWwgaW5zaWRlIHRoZSBhcHBsaWNhdGlvbi4NCj4gVHJ1c3RlZCBhcHBsaWNhdGlvbiBpbnN0 bGFsIHBhY2thZ2UgbWlnaHQgYWxzbyBiZSBwZXJzb25hbGl6ZWQgZm9yIHRoZSBzcGVjaWZp YyBURUUuIFNlY3VyZSB0cnVzdGVkIGFwcGxpY2F0aW9uIG1hcmtldHBsYWNlIHdpbGwgYWxz byBzaWduIHRoZSB0cnVzdGVkIGFwcGxpY2F0aW9uIGluc3RhbGwgcGFja2FnZSwgc28gVEVF IGNhbiB2ZXJpZnkgaXQgaXMgYXV0aGVudGljLg0KPg0KPiA0KSBURUUgd2lsbCB2ZXJpZnkg dGhlIHNpZ25hdHVyZSBvZiB0aGUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBpbnN0YWxsIHBhY2th Z2UsIGFuZCBjaGVjayB0aGF0IHNpZ25lciBpcyB0cnVzdGVkLCBhbmQgdGhlbiBpdCB3aWxs IGRlY3J5cHQgdGhlIHBhY2thZ2UsIGFuZCBpbnN0YWxsIGl0Lg0KPg0KPiA1KSBUaGUgYXBw bGljYXRpb24gcnVubmluZyBvbiB0aGUgUkVFIHNpZGUgbWlnaHQgbmVlZCB0byB2ZXJpZnkg dGhhdCB0aGUgdHJ1c3RlZCBhcHBsaWNhdGlvbiBwYXJ0IG9mIGl0IGhhcyBiZWVuIHByb3Bl cmx5IGluc3RhbGxlZCB0byByZWFsIFRFRSwgc28gaXQgY2FuIHRydXN0IGl0IGRvaW5nIGl0 cyBqb2IuIEkgYW0gbm90IHN1cmUgaWYgdGhpcyB3aWxsIGJlIHBhcnQgb2YgdGhlIFRFRVAg b3Igbm90Li4uDQo+DQo+IElzIG15IHVuZGVyc3RhbmRpbmcgb2YgVEVFUCBjb3JyZWN0PyBJ IGRvIG5vdCBrbm93LCBhbmQgSSBhc3N1bWUgb3RoZXIgcGVvcGxlIGhhdmUgZGlmZmVyZW50 IGlkZWFzIHdoYXQgc2hvdWxkIG9yIHNob3VsZCBub3QgYmUgcGFydCBvZiBpdC4NCj4NCj4N Cj4NCj4gSSB0aGluayB0aGlzIGlzIGEgcHJldHR5IGdvb2QgZXhwbGFuYXRpb24gb2Ygd2hh dCB0aGUgZmlyc3QgZ3JvdXAgd291bGQgbGlrZSB0byBzZWUuDQo+DQo+DQo+IEJlc3QgcmVn YXJkcw0KPg0KPiBKZXJlbXkNCj4NCj4NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCj4gVEVFUCBtYWlsaW5nIGxpc3QNCj4gVEVFUEBp ZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3RlZXAN Cj4NCg== From nobody Mon Apr 24 01:47:45 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85B46129B5D for ; Mon, 24 Apr 2017 01:47:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.702 X-Spam-Level: X-Spam-Status: No, score=-4.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intercedeltd.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LhzbX-CVjscN for ; Mon, 24 Apr 2017 01:47:39 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50054.outbound.protection.outlook.com [40.107.5.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34B721294F7 for ; Mon, 24 Apr 2017 01:47:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=IntercedeLtd.onmicrosoft.com; s=selector1-intercede-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9Q28UJR3NpK48U7lZ9DJypbOOnxeFCLRZ6L6IyJ0tKo=; b=Awi7aiTv7NTXanQ+H/luv5MtrWR5GKSVoSBI89f0fcZKrzISemuwqTQ12wm3OaleggqncckrKSQTGzIQXuwNZihj0DtpVRNj1OR+2YjARd+f/avsIqjCKKIYozkPkjiK/eJppZ+XrQzXBtokV5e49/Te+aB769vRATdjz85gC+8= Received: from VI1PR06MB3215.eurprd06.prod.outlook.com (10.170.230.150) by VI1PR06MB3214.eurprd06.prod.outlook.com (10.170.230.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Mon, 24 Apr 2017 08:47:36 +0000 Received: from VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) by VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) with mapi id 15.01.1034.021; Mon, 24 Apr 2017 08:47:36 +0000 From: Nick Cook To: Erik Nordmark , Brian Witten , "Wheeler, David M" , 'Jeremy O'Donoghue' , Tero Kivinen CC: Hannes Tschofenig , teep Thread-Topic: [Teep] [EXT] Re: My BoF impression Thread-Index: AQHSuhwHjvI/hIeojUKU2lmuVxLOZ6HUNbNg Date: Mon, 24 Apr 2017 08:47:36 +0000 Message-ID: References: <22755.33183.740819.743679@fireball.acr.fi> <0627F5240443D2498FAA65332EE46C84366ED746@CRSMSX102.amr.corp.intel.com> <427579c7-43f0-9040-3ae5-efb7f36e46dc@acm.org> In-Reply-To: <427579c7-43f0-9040-3ae5-efb7f36e46dc@acm.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: acm.org; dkim=none (message not signed) header.d=none;acm.org; dmarc=none action=none header.from=intercede.com; x-originating-ip: [80.2.227.78] x-microsoft-exchange-diagnostics: 1; VI1PR06MB3214; 7:BEguPGetk96YyvEG7S+LczzflHBSJbi6VxHNrlvM8Bm7I1jsA5KDr+F0XBgP32l1ovHJQhFqZZKaBVxhd+eYD6lxHD2+mtQPdw77qGAQjNmSXkn1GbsQDZOfRxgjnM0SxBOPXD2WLWShw5nKqCI/E8v4oJAITsaG4dRL3HheXmsJBS36SCVQ5AJ86m8BGWJqTRVnkVaLfKbQ4nVy/pow8WMqJOCL+AkT1DZ+lQ8Hvy7YeJFB8SKj6EH3PdwEip1XCvqhW6LCLjoOF0ILkYVt2kAQFG596qF7d3wx/s0CPt/P7lEwhYKHnaDR8j1DskdrUxgH0YislF7Hyjk3DVWCsA== x-ld-processed: 1075719f-f133-43d2-8156-800f80fef316,ExtAddr x-ms-office365-filtering-correlation-id: b3b70dcb-97eb-419d-df4d-08d48aee8e97 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:VI1PR06MB3214; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(180628864354917)(278428928389397)(192374486261705)(213716511872227)(228905959029699)(17755550239193); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123560025)(20161123564025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:VI1PR06MB3214; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB3214; x-forefront-prvs: 0287BBA78D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(39400400002)(39410400002)(13464003)(51414003)(24454002)(377454003)(57704003)(38730400002)(189998001)(7736002)(74316002)(7696004)(305945005)(3280700002)(54906002)(6306002)(55016002)(93886004)(2906002)(86362001)(8676002)(99286003)(9686003)(76176999)(50986999)(33656002)(53936002)(54356999)(6436002)(25786009)(102836003)(8936002)(3846002)(6116002)(229853002)(122556002)(66066001)(6246003)(81166006)(4326008)(77096006)(3660700001)(6506006)(5660300001)(2950100002)(2900100001)(53546009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR06MB3214; H:VI1PR06MB3215.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: intercede.com X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2017 08:47:36.3498 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1075719f-f133-43d2-8156-800f80fef316 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB3214 Archived-At: Subject: Re: [Teep] [EXT] Re: My BoF impression X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2017 08:47:43 -0000 Before I answer let me just state that my posts make no comparisons between= technologies - that is up to the person selecting a particular type. My po= sts are purely intended to highlight the scope of OTrP as a protocol. So in answer, Intel or ARM hypervisor with hardware support can form the basis. As long a= s the hypervisor software has been started following the correct process an= d provides the other features detailed in the GP definition. The most likely candidate hypervisor type would be a hybrid mode hypervisor= . An REE is simply an environment with a more capable OS and access to a mu= ltitude of peripherals - and can be assigned as such in a VM within the hyb= rid model. A TEE is then the constrained guests. A type 2 hypervisor won't = be sufficient (in my view). I don't want to deflect away from the core conversation thread here - regar= ding ensuring the OTrP spec usage of TEE is clarified to satisfy the target= environments but I do want to highlight that OTrP has broad scope over har= dware isolation technologies. It is important that the term TEE, which is c= ommonly used today to refer to a single environment type (albeit incorrectl= y), is clear within the spec and the coverage that affords. So what we really need to do is to determine if there is anything in the GP= definition that precludes a particular hardware backed isolation technolog= y. Then we can state the definition of TEE in OTrP spec and move the proces= s forward. Thanks, Nick Cook -----Original Message----- From: Erik Nordmark [mailto:nordmark@acm.org]=20 Sent: 20 April 2017 22:21 To: Nick Cook ; Brian Witten ; Wheeler, David M ; 'Jeremy O'Donoghue' <= jodonogh@qti.qualcomm.com>; Tero Kivinen Cc: Hannes Tschofenig ; teep Subject: Re: [Teep] [EXT] Re: My BoF impression On 04/20/2017 02:20 AM, Nick Cook wrote: > Personally speaking, OTrP is about being able to install security applica= tions into an environment that provides "trusted" hardware backed isolation= between the different applications. OTrP does that by establishing it is w= orking against the right device type and right isolation environment type a= nd then proceeds to install the application in a way that provides protecti= on for confidentiality and integrity. The term TEE is probably too often as= sociated with a specific formulation of an isolation environment and theref= ore this is perhaps the first thing we should move forward. > > As an example, I've been working on a hardware backed hypervisor environm= ent that uses OTrP for the installation of the different containers/domains= and the virtual machine contents that goes in them. The trust chain from O= TrP is met and the isolation of applications and key material to those appl= ications is also provided. Nick, By "hardware backed hypervisor" do you mean running e.g. OKL4 or Xen hyperv= isor on e.g. an Intel or ARM system with hardware virtualization support? Or something else with a different coupling between the hardware and the hy= pervisor? Just want to make sure I understand. I think it would be useful to see how the isolation provided by hypervisors= fit with the TEE/REE split. Thanks, Erik > > Based on that work and thinking specifically to my original goals for OTr= P when we started this work a few years back, I would like to support Dave = Wheeler's comment on needing to formulate a more abstract definition for TE= E. I also agree with Brian that the GP definition doesn't need to be abando= ned to do that - I believe, expressed in the right way, the GP definition o= f a TEE covers the hardware hypervisor case I described earlier in the emai= l also and I'm sure it can cover the other environments too. > > > I do however think it is important that we restrict to isolation environm= ents that are hardware backed as this is fundamental to the trust model. > > I also support Dave's suggestion that we can be less normative on exact l= ocations of the functional blocks of OTrP. I would like to have a companion= document that does provide example deployments but the core protocol itsel= f does not need to be locked down to a specific deployment approach. > > > > Nick Cook > -----Original Message----- > From: Brian Witten [mailto:brian_witten@symantec.com] > Sent: 05 April 2017 18:02 > To: Wheeler, David M ; 'Jeremy O'Donoghue'=20 > ; Tero Kivinen > Cc: Hannes Tschofenig ; teep=20 > > Subject: Re: [Teep] [EXT] Re: My BoF impression > > Thank You Dave! I'd like to echo & agree with many of your points, but a= sk for a clarification on one aspect. "First, I (believe) this is exactly = the type of conversation we need to have. Thanks for kicking this off very = directly." Well Said, Thank You Both! "I am motivated to work jointly on = developing OTrP to address a wider set of concerns common to TEEs and their= environments, with the purpose of expanding the ease with which the market= place can utilize TEE mechanisms." Again, I'm motivated by the same purpose= . "Part of this development of OTrP (from my perspective) is being less no= rmative about the exact location and instantiation of certain parties (part= icularly the TSM) and be specific on the operations and activities at parti= cular 'service access points' of the protocol." I believe that is a great = suggestion, and I'm fully supportive. Still my clarifying question relates= to the desire "to define a more abstract definition of a TEE, and desiring= a protocol that is applicable to a wide set of TEEs." I'm eager to suppor= t a wide set of TEE, including both SGX and TZ based TEE. My question is,= "do we need to abandon the Global Platform (GP) definition of a TEE to sup= port both SGX and TZ based TEE?" I believe that we do Not need to abandon = the GP definition of a TEE to support both SGX and TZ based TEE, but I'd be= eager to get your view here as you've framed the rest so very well. Last,= either way, "I believe IETF is exactly the place to have this conversation= and define a very open and inclusive protocol." Again, I agree completely= . > > Thank You Again! > Brian > > > From: TEEP on behalf of Wheeler, David M=20 > > Sent: Wednesday, April 5, 2017 9:34 AM > To: 'Jeremy O'Donoghue'; Tero Kivinen > Cc: Hannes Tschofenig; teep > Subject: [EXT] Re: [Teep] My BoF impression > > > I'm a bit behind on the thread, but want to respond to Jeremy's original = comment. > > First, I this is exactly the type of conversation we need to have. Thanks= for kicking this off very directly. > I agree with your perception of the two groups, though I think it is impo= rtant to understand the motivations in the second group, since they may be = varied. > > I will put myself voluntarily in the second bucket. I will present my per= sonal perspective, which may be different from others in the "second group"= . > > For myself, I am looking to define a more abstract definition of a TEE, a= nd desiring a protocol that is applicable to a wide set of TEEs. From my pe= rspective, looking at TEEs that Intel has in the marketplace, and also hav= ing worked for several years on Intel's XScale processors (and am thus fami= liar with TZ), the current OTrP draft addresses Trust Zone concerns without= really considering other TEEs. This is my perception, of course. > > It is also my opinion that an IETF protocol should do more than address i= mplementation specific concerns. > I am motivated to work jointly on developing OTrP to address a wider set = of concerns common to TEEs and their environments, with the purpose of expa= nding the ease with which the marketplace can utilize TEE mechanisms. > > Part of this development of OTrP (from my perspective) is being less norm= ative about the exact location and instantiation of certain parties (partic= ularly the TSM) and be specific on the operations and activities at partic= ular "service access points" of the protocol. My point here is that OTrP in= its current rendition is too implementation specifi= c and too normative in its description of the marketplace. I believe this = is fine as an example, but not as part of the protocol. > > I believe IETF is exactly the place to have this conversation and define = a very open and inclusive protocol. I realize that takes some time. I look = forward to having this conversation in more detail. > > Thanks, > Dave Wheeler > > > > From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Jeremy=20 > O'Donoghue > Sent: Tuesday, April 4, 2017 7:13 AM > To: Tero Kivinen > Cc: Hannes Tschofenig ; teep=20 > > Subject: Re: [Teep] My BoF impression > > > > > On 4 Apr 2017, at 12:21, Tero Kivinen wrote: > > > > My feeling that the main question what people did not understand was: > > What is the real difference between TEEP and just normal application down= load. I.e., why separate protocol is needed. > How is this different from just having perhaps encrypted signed applicati= on blob from the marketplace and installing that. > > At least that was my main question when we discussed this before the BoF. > > Of course it does not help, that when you ask that question from differen= t people you get different answer, as the idea of what TEEP is different fo= r different people. > > > > I think there is a degree of talking at cross-purposes. > > > > There is one group - essentially those sponsoring the creation of this gr= oup - which has a very clear understanding of what it would like TEEP to be= , which is essentially three things: > > > > A mechanism for managing Trusted Applications and their associated secre= ts and key material in a GlobalPlatform TEE or something that is conceptual= ly very similar. > A mechanism for establishing a chain of trust rooted in firmware and cove= ring the TEE and possibly other system components up to and including the e= xecuting Task in a Security Domain. > A mechanism - targeted at phone and tablet type devices - which operates = independently of the "App Store" mechanism, and is based on a PKI infrastru= cture allowing Service Providers to manage the Trusted Applications they co= ntrol without the need for user intervention. > > > > The draft specification very clearly addresses such a system. Understandi= ng it fully requires considerable familiarity with the GlobalPlatform TEE s= pecifications, since much of the terminology and architectural assumptions = are derived from these. > > > > There is a second group which is starting from a more abstract position o= f what a TEE should look like and what security services it might then prov= ide to a system and how the control of these could be structured. This is a= completely different problem, and likely a much broader one which is diff= icult to encapsulate in a small scope. > > > > > Trying to make the architecture too generic also confuses things. It migh= t be better to have more concrete example with more limited scope, that wou= ld explain things what TEEP should provide. > > For example: > > 1) TEEP provides a way to install software from the Secure trusted applic= ation marketplace to the TEE running inside device. > > 2) The Secure trusted appliation marketplace needs to be able to verify t= hat the TEE wanting to install an application is actual TEE, and not some f= ake device, for example using signature from the key installed by the manuf= acturer which is used to sign the installation request. > > 3) The Secure trusted application marketplace can then encrypt the truste= d application with TEE specific key, so that nobody else than TEE can decry= pt and install it. This will prevent leaking out confidential material insi= de the application. > Trusted application instlal package might also be personalized for the sp= ecific TEE. Secure trusted application marketplace will also sign the trust= ed application install package, so TEE can verify it is authentic. > > 4) TEE will verify the signature of the trusted application install packa= ge, and check that signer is trusted, and then it will decrypt the package,= and install it. > > 5) The application running on the REE side might need to verify that the = trusted application part of it has been properly installed to real TEE, so = it can trust it doing its job. I am not sure if this will be part of the TE= EP or not... > > Is my understanding of TEEP correct? I do not know, and I assume other pe= ople have different ideas what should or should not be part of it. > > > > I think this is a pretty good explanation of what the first group would l= ike to see. > > > Best regards > > Jeremy > > > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep > From nobody Wed Apr 26 06:06:16 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC07A12741D for ; Wed, 26 Apr 2017 06:06:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.922 X-Spam-Level: X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intercedeltd.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7N_FwFuH09V0 for ; Wed, 26 Apr 2017 06:06:12 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0058.outbound.protection.outlook.com [104.47.0.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 410E7129B14 for ; Wed, 26 Apr 2017 06:06:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=IntercedeLtd.onmicrosoft.com; s=selector1-intercede-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=S4thpYQbD8HGii+yXgfIzwCnG3JYKG6N9OQhfcZVt7A=; b=qVOYys4V/KrPtboGkRkc6Ecrh1Tj5XoVj+a/pYEfl3Rb/apz0P/oz6pPloS9ZzliyNqL16e8BUL4NFvoX0lgjXuSvZi9vjOpxlZO3LZnd8Yq19pup8W825OIa6f92lcPa5kxKLjqqs56nvwyYC7C7OCZeEw1bPns7dX6avg+Ao0= Received: from VI1PR06MB3215.eurprd06.prod.outlook.com (10.170.230.150) by VI1PR06MB3216.eurprd06.prod.outlook.com (10.170.230.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Wed, 26 Apr 2017 13:06:08 +0000 Received: from VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) by VI1PR06MB3215.eurprd06.prod.outlook.com ([10.170.230.150]) with mapi id 15.01.1034.021; Wed, 26 Apr 2017 13:06:08 +0000 From: Nick Cook To: "teep@ietf.org" Thread-Topic: [Teep] Charter strawman proposal Thread-Index: AQHSqL68mO89E9JZ4UKv8TzEjiyq5aHXwH6A Date: Wed, 26 Apr 2017 13:06:08 +0000 Message-ID: References: <0627F5240443D2498FAA65332EE46C84366EA50D@CRSMSX102.amr.corp.intel.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=intercede.com; x-originating-ip: [80.2.227.94] x-microsoft-exchange-diagnostics: 1; VI1PR06MB3216; 7:boj+Ec8EOgadIBh1V/Us9U++UP4dfKFomqrPYtOqH6oUyh5gHfs2wU3OU91woAaXUWp2crwckCw1tzpG4o5YSQ+VJXlLvWRNwieJ6hYPtn3EZ98qmSk/32prq7+fXfuFvHV7l0cClNoS+y8+VoGvz25K8LgGkvmc35qRl4X+RN5WKw5XqwG1Sl20JeiV64NJYLwNgTypAA90Rl+SPoe9K7BgdLg+ioBe8u65/jOc3E+Pbp1SjO8DvnAwmARSRQnO209V6+iv2SCYu1iH/WmURJgQ9JJx53ZwsuFTtVz557cxcLVOia+6mjCLx0hiuz5RDJ8H1B+z9imsaoW76ifHQA== x-ms-office365-filtering-correlation-id: c53e89f6-72e2-4caa-0551-08d48ca50138 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:VI1PR06MB3216; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(278428928389397)(192374486261705)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6041248)(20161123560025)(20161123564025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:VI1PR06MB3216; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB3216; x-forefront-prvs: 0289B6431E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(39830400002)(39400400002)(39410400002)(13464003)(51414003)(40434004)(76176999)(122556002)(54356999)(2501003)(5890100001)(189998001)(561944003)(86362001)(50986999)(5660300001)(74316002)(66066001)(33656002)(7736002)(305945005)(55016002)(6916009)(7696004)(2351001)(8936002)(6506006)(6436002)(99286003)(81166006)(6246003)(8676002)(2950100002)(5640700003)(1730700003)(77096006)(2906002)(53546009)(110136004)(102836003)(3846002)(3660700001)(3280700002)(2900100001)(6306002)(9686003)(229853002)(6116002)(53936002)(38730400002)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR06MB3216; H:VI1PR06MB3215.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: intercede.com X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2017 13:06:08.2252 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1075719f-f133-43d2-8156-800f80fef316 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB3216 Archived-At: Subject: Re: [Teep] Charter strawman proposal X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:06:16 -0000 I agree that these modifications all make sense. Rather than making a light= weight definition of TEE in the first paragraph I would prefer to call out = the GP definition and identify any amendments to that which we are includin= g in our usage of the acronym TEE in the TEEP/OTrP specification. This woul= d clearly be a footnote definition to the charter. =20 For the security domain part we should expand this to define what we mean b= y it specifically. I regard the use of security domain in OTrP as a protoco= l level grouping of a service provider's applications for management purpos= es and that there *must* be hardware isolation between security domains so = that one security domain cannot be influenced by another, unless it exposes= an API to allow it. The way that the trusted applications are implemented = will be technology specific - again the protocol has requirements here (e.g= . each TA to be manageable in its own right and to be able to be personaliz= ed) that we need to state but the protocol doesn't dictate the exact implem= entation. We don't have the definitions in the draft spec and we will need to add tha= t as we evolve it in the WG. Nick Cook -----Original Message----- From: Hannes Tschofenig [mailto:Hannes.Tschofenig@arm.com]=20 Sent: 28 March 2017 23:39 To: Wheeler, David M ; teep@ietf.org Subject: Re: [Teep] Charter strawman proposal Thanks, David. Those are indeed useful suggestions. Your presentation today= at the BOF also clarified some of these points and now make much more sens= e to me. Let me try to incorporate your suggestions to see how well the text reads a= nd whether it makes sense to others. Ciao Hannes -----Original Message----- From: Wheeler, David M [mailto:david.m.wheeler@intel.com] Sent: 28 March 2017 14:18 To: Hannes Tschofenig; teep@ietf.org Subject: RE: Charter strawman proposal Hannes, Thanks for drafting this. I look forward to great discussions around this t= opic. I have made some modifications below. I have made the following types of modifications: * a protocol is not required in every case, therefore, a protocol may be ad= vantageous to the marketplace (but not a requirement) a standard protocol w= ill ease portability, create a level playing field/access for different TEE= s, and increase adoption for more secure devices * a relay application on the rich OS side is not required - what is require= d is some service access onto the network stack for communications It is po= ssible for some TEEs to provide trusted stacks - a service access point mus= t be accessible to protocol entities outside the device * the server side architecture interacts with the application, but maintena= nce of the app is optional * discovery of actual TEE capabilities is important as well I think security domains is an area for discussion, so I leave that alone. = But hope to have more discussions and a better understanding of the require= ments around SDs in the future. It might be useful to discuss other potential standards groups that we shou= ld be aligned with, especially in the IoT space. Thanks, Dave Wheeler -------- TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement Cha= rter The Trusted Execution Environment (TEE) is a secure area of the main proces= sor. The TEE, as an isolated execution environment, provides security featu= res, such as isolated execution, integrity of Trusted Applications along wi= th confidentiality of their assets. In general terms, the TEE offers an exe= cution space that provides a higher level of security than a "rich" operati= ng system and more functionality than a secure element. Implementations of = the TEE concept have been developed by ARM, and Intel using the TrustZone a= nd the SGX technology, respectively. [It may be advantageous to build the marketplace to have a protocol that su= pports] programmatically install, update, and delete applications running i= n the TEE. [ This ] protocol runs between a [trusted service] running [with= in] the TEE, a relay application [or service access point on the device's n= etwork stack ] and a server-side infrastructure [ that interacts with and o= ptionally maintains ] the applications. Since [ some tasks ( such as manage= ment tasks) ] are security sensitive where the server side requires informa= tion about the device capabilities (in form of attestation), the client-sid= e demands server-side authentication, and privacy considerations have to be= taken into account. This working group aims to develop an application layer protocol providing = TEEs with the following functionality, * discovery of TEE capabilities * management of trusted applications, * attestation, and * security domain management (which provides a logical space that contains= the service provider's applications). The solution approach must take a wide range of TEE technologies into accou= nt and will focus on the use of public key cryptography. The group will produce the following deliverables. First, an architecture d= ocument describing the involved entities, their relationships, assumptions,= the keying framework and relevant use cases. Second, a solution document t= hat describes the above-described functionality. The use of the best possib= le encoding format will be decided in the working group. The group may docu= ment several attestation technologies considering the different hardware ca= pabilities, performance, privacy and operational properties. The group will maintain a close relationship with the GlobalPlatform to ens= ure proper use of existing TEE-relevant application layer interfaces and ot= her abstractions used by GlobalPlatform-compliant TEE devices. Milestones Aug 2017 Submit "TEEP Architecture" document as WG item. Oct 2017 Submit "TEEP Protocol" document as WG item. Nov 2017 Participation in the IETF #100 Hackathon to work on the TEEP P= rotocol. Dec 2017 Submit "TEEP Architecture" to the IESG for publication as an I= nformational RFC. Mar 2017 Organization of an interoperability event at IETF #101. Apr 2017 Submit "TEEP Protocol" to the IESG for publication as a Propos= ed Standard. [1] Wikipedia, 'Trusted execution environment', URL: https://en.wikipedia.o= rg/wiki/Trusted_execution_environment (March 2017). IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. _______________________________________________ TEEP mailing list TEEP@ietf.org https://www.ietf.org/mailman/listinfo/teep IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. From nobody Wed Apr 26 06:15:34 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42B21127B73 for ; Wed, 26 Apr 2017 06:15:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.222 X-Spam-Level: X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3DH1xaT3N0QK for ; Wed, 26 Apr 2017 06:15:31 -0700 (PDT) Received: from asbsmtoutape01.symantec.com (asbsmtoutape01.symantec.com [155.64.138.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EBE5129B91 for ; Wed, 26 Apr 2017 06:15:29 -0700 (PDT) Received: from asbsmtmtaapi02.symc.symantec.com (asb1-f5-symc-ext-prd-snat1.net.symantec.com [10.90.75.1]) by asbsmtoutape01.symantec.com (Symantec Messaging Gateway) with SMTP id C4.39.06848.F6D90095; Wed, 26 Apr 2017 13:15:27 +0000 (GMT) X-AuditID: 0a5af819-fd9c19a000011ac0-cc-59009d6ff4c6 Received: from TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (asb1-f5-symc-ext-prd-snat4.net.symantec.com [10.90.75.4]) by asbsmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id 9E.8D.09705.F6D90095; Wed, 26 Apr 2017 13:15:27 +0000 (GMT) Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) by TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (10.44.91.33) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 26 Apr 2017 06:15:26 -0700 Received: from NAM01-BN3-obe.outbound.protection.outlook.com (10.44.128.6) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Wed, 26 Apr 2017 06:15:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JfbBfQqkjRg1dvYYyASleH5dENDCbJD72YyLDaqWCR0=; b=c9w7soi/PuNlKCB5sXM2TD2ow5A1YO5GTbb4Tg5EzsaKxKASI1aMBL4cLa7FsM5Mo9mcjoChI53l2DoctFjgWyDjBqVbKfNDo6YDjUNKQ/oTJmqqtXczsMgKTAaDeF/E4pMYjlUz7cvX4AqHwsXsDRFhOOBfDcmAH5hE9T9Pms4= Received: from MWHPR16MB1488.namprd16.prod.outlook.com (10.175.4.146) by MWHPR16MB1488.namprd16.prod.outlook.com (10.175.4.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Wed, 26 Apr 2017 13:15:24 +0000 Received: from MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) by MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) with mapi id 15.01.1034.021; Wed, 26 Apr 2017 13:15:24 +0000 From: Brian Witten To: Nick Cook CC: "teep@ietf.org" Thread-Topic: [EXT] Re: [Teep] Charter strawman proposal Thread-Index: AQHSp/gSJxjoMHBk3U2MLauDNBSW9KGq2F4AgCzzbgCAAAKX5g== Date: Wed, 26 Apr 2017 13:15:23 +0000 Message-ID: <57999A96-6EB4-45FF-A646-86353849B8DC@symantec.com> References: <0627F5240443D2498FAA65332EE46C84366EA50D@CRSMSX102.amr.corp.intel.com> , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intercede.com; dkim=none (message not signed) header.d=none; intercede.com; dmarc=none action=none header.from=symantec.com; x-originating-ip: [2605:e000:9394:6500:e553:715a:8260:38f1] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR16MB1488; 7:CwSoaLiJeInU1fbePBzCc+Z17F3hR8JSk+m7TXqIJYS3E920YmCScZcZJ3GFWpr8hxl2mnOpzj0uWzh/b2DD2908QXYk8sYlcouPCC+yWPSZ9LQB+xl9a6uhh/heTi04MrP5HRq/nNQozhvAx3gDbD96RiIwMpyYK6RWTPyzYFZ/FNoUKxyemiE3C/d7Px3/DEZJD2ix1Qf/s+qyJoQAP+gJWIJGPNi07rKyODf7CkIurKjh2L9XnNZ+idBQsseKOLldjfUYeiXbFfsaSojHSD9zajhkrCS6VVl9aIzIaOe+I16W4lj3t7ytHBbM36iQhZf44JbOfm5gHd/XIrXbzQ== x-ms-office365-filtering-correlation-id: 4163fdd9-c31c-4585-6a8f-08d48ca64cc0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR16MB1488; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(278428928389397)(192374486261705)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:MWHPR16MB1488; BCL:0; PCL:0; RULEID:; SRVR:MWHPR16MB1488; x-forefront-prvs: 0289B6431E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39450400003)(39400400002)(39850400002)(39410400002)(40434004)(377454003)(24454002)(51414003)(13464003)(110136004)(38730400002)(6246003)(7736002)(6916009)(2950100002)(2906002)(122556002)(3280700002)(3660700001)(76176999)(229853002)(6506006)(54356999)(6436002)(50986999)(82746002)(8936002)(36756003)(77096006)(25786009)(8676002)(6486002)(53546009)(561944003)(4326008)(5890100001)(305945005)(99286003)(81166006)(33656002)(6306002)(6512007)(6116002)(189998001)(102836003)(53936002)(10290500003)(83716003)(93886004)(5660300001)(2900100001)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1488; H:MWHPR16MB1488.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2017 13:15:23.9685 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1488 X-OriginatorOrg: symantec.com X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAKsWRmVeSWpSXmKPExsXCFeXNqJs/lyHSYNIZU4s3F9ewWiz9843Z gcljyZKfTB4bFjxgCmCK4rJJSc3JLEst0rdL4MrY3jmJueCsTcXz68dZGxg3G3YxcnJICJhI 9O5+zAxiCwl8ZJSY2G0EE582dQdjFyMXUPwbo8S6rdehnCOMEns/zmWFcF4wSry4eocNxGER 6GSWeHlgCRNEZiqTxIWFX9jgeqZO+AK2hU1AT+Lo3zusILaIgLrE7tVb2UBsZgFlifO7joDZ wgLmEleWrWGHqLGQ2HXuCJTtJPHnSA9YDYuAqsS23ZvBZvIK2Et09h9mhlh2iUliw6dXYAlO gViJaffnMILYjAJiEt9PrWGCWCYucevJfCaIVwUkluw5zwxhi0q8fPwP7DlGgamMEge6V7NC JKwlZs04yQZhy0pcmt/NCGH3MEv8++UDYftKPNrfAFTDAWTXAV0EDGJ2IDNbYqUaREG9xPNb m1hApksIXGSSWDB3JusERv1ZSC6CsHUkFuz+xAZha0ssW/iaeRbYm4ISJ2c+YVnAyLKKUSGx OKk4tyS/tCSxINXAUK+4MjcZRCQCU0myXnJ+7iZGcDr5IbmD8cgJn0OMAhyMSjy8alMZIoVY E8uAKg8xSnAwK4nwdk0BCvGmJFZWpRblxxeV5qQWH2KU5mBREue9M+9WhJBAemJJanZqakFq EUyWiYNTqoFxfqi18qauu09d+hm5hY7uTPXNE3ZYMflmXUGqllP4OpH/xkyfr/28dfBRgC9L A+cWHwspdoPGnawF3D+yGTdzBUW+WBNUzcQfHX7//oL98+Luf2VuiK3K+uiVfrk6N+mUo/OG G3259+qdxGa/i2Iv+juhw2+flYfqpVyRi1kNb4xZWg79ilZiKc5INNRiLipOBACYybZUIwMA AA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrKIsWRmVeSWpSXmKPExsXCFeXNops/lyHSYOJqPYs3F9ewWiz9843Z gcljyZKfTB4bFjxgCmCK4rJJSc3JLEst0rdL4MrY3jmJueCsTcXz68dZGxg3G3YxcnJICJhI TJu6g7GLkYtDSOAbo8S6rdehnCOMEns/zmWFcF4wSry4eocNxGER6GSWeHlgCRNEZiqTxIWF X9jgeqZO+MIMMplNQE/i6N87rCC2iIC6xO7VW9lAbGYBZYnzu46A2cIC5hJXlq1hh6ixkNh1 7giU7STx50gPWA2LgKrEtt2bwWbyCthLdPYfZoZYdolJYsOnV2AJToFYiWn35zCC2IwCYhLf T61hglgmLnHryXwmiFcFJJbsOc8MYYtKvHz8D+w5RoGpjBIHulezQiSsJWbNOMkGYctKXJrf zQhh9zBL/PvlA2H7Sjza3wBUwwFk1wFdBAxKdiAzW2KlGkRBvcTzW5tYQKZLCFxkklgwdyYr RLWMxOKzsRDxe6wS+74+YpnAqD0LyaUQto7Egt2f2CBsbYllC18zzwJ7X1Di5MwnLAsYWVYx KiQWJxXnluSWJCYWZBoY6RVX5iaDiERgKknWS87P3cQITie/xXcwnvvjc4hRgINRiYf3YjBD pBBrYhlQ5SFGaQ4WJXHe5T9vRQgJpCeWpGanphakFsUXleakFh9iZOLglGpg5Dn5XFf73guZ C9e+WTydsXRp8czNr42KDe18Oipe8C56bW0rdm3tXZnI+JvfBa9aTdsdk+Ple/LMmcydS0Oe XPz9PiCwfuHM2s65zQ+uXXTYx9DuySXSec2oKq5H15ilf3dmAMshwfl2swO1WZLbPrGnVN6b ufDXm9UbmT685WVnK3wd16mhpsRSnJFoqMVcVJwIAH9/pW8IAwAA X-CFilter-Loop: ASB02 Archived-At: Subject: Re: [Teep] [EXT] Re: Charter strawman proposal X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:15:33 -0000 +1 > On Apr 26, 2017, at 6:06 AM, Nick Cook wrote: >=20 > I agree that these modifications all make sense. Rather than making a lig= htweight definition of TEE in the first paragraph I would prefer to call ou= t the GP definition and identify any amendments to that which we are includ= ing in our usage of the acronym TEE in the TEEP/OTrP specification. This wo= uld clearly be a footnote definition to the charter. >=20 >=20 > For the security domain part we should expand this to define what we mean= by it specifically. I regard the use of security domain in OTrP as a proto= col level grouping of a service provider's applications for management purp= oses and that there *must* be hardware isolation between security domains s= o that one security domain cannot be influenced by another, unless it expos= es an API to allow it. The way that the trusted applications are implemente= d will be technology specific - again the protocol has requirements here (e= .g. each TA to be manageable in its own right and to be able to be personal= ized) that we need to state but the protocol doesn't dictate the exact impl= ementation. >=20 > We don't have the definitions in the draft spec and we will need to add t= hat as we evolve it in the WG. >=20 >=20 >=20 >=20 >=20 > Nick Cook >=20 > -----Original Message----- > From: Hannes Tschofenig [mailto:Hannes.Tschofenig@arm.com]=20 > Sent: 28 March 2017 23:39 > To: Wheeler, David M ; teep@ietf.org > Subject: Re: [Teep] Charter strawman proposal >=20 > Thanks, David. Those are indeed useful suggestions. Your presentation tod= ay at the BOF also clarified some of these points and now make much more se= nse to me. >=20 > Let me try to incorporate your suggestions to see how well the text reads= and whether it makes sense to others. >=20 > Ciao > Hannes >=20 > -----Original Message----- > From: Wheeler, David M [mailto:david.m.wheeler@intel.com] > Sent: 28 March 2017 14:18 > To: Hannes Tschofenig; teep@ietf.org > Subject: RE: Charter strawman proposal >=20 > Hannes, > Thanks for drafting this. I look forward to great discussions around this= topic. I have made some modifications below. >=20 > I have made the following types of modifications: > * a protocol is not required in every case, therefore, a protocol may be = advantageous to the marketplace (but not a requirement) a standard protocol= will ease portability, create a level playing field/access for different T= EEs, and increase adoption for more secure devices > * a relay application on the rich OS side is not required - what is requi= red is some service access onto the network stack for communications It is = possible for some TEEs to provide trusted stacks - a service access point m= ust be accessible to protocol entities outside the device > * the server side architecture interacts with the application, but mainte= nance of the app is optional > * discovery of actual TEE capabilities is important as well >=20 > I think security domains is an area for discussion, so I leave that alone= . But hope to have more discussions and a better understanding of the requi= rements around SDs in the future. >=20 > It might be useful to discuss other potential standards groups that we sh= ould be aligned with, especially in the IoT space. >=20 > Thanks, > Dave Wheeler >=20 > -------- >=20 > TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement C= harter >=20 > The Trusted Execution Environment (TEE) is a secure area of the main proc= essor. The TEE, as an isolated execution environment, provides security fea= tures, such as isolated execution, integrity of Trusted Applications along = with confidentiality of their assets. In general terms, the TEE offers an e= xecution space that provides a higher level of security than a "rich" opera= ting system and more functionality than a secure element. Implementations o= f the TEE concept have been developed by ARM, and Intel using the TrustZone= and the SGX technology, respectively. >=20 > [It may be advantageous to build the marketplace to have a protocol that = supports] programmatically install, update, and delete applications running= in the TEE. [ This ] protocol runs between a [trusted service] running [wi= thin] the TEE, a relay application [or service access point on the device's= network stack ] and a server-side infrastructure [ that interacts with and= optionally maintains ] the applications. Since [ some tasks ( such as mana= gement tasks) ] are security sensitive where the server side requires infor= mation about the device capabilities (in form of attestation), the client-s= ide demands server-side authentication, and privacy considerations have to = be taken into account. >=20 > This working group aims to develop an application layer protocol providin= g TEEs with the following functionality, > * discovery of TEE capabilities > * management of trusted applications, > * attestation, and > * security domain management (which provides a logical space that contain= s the service provider's applications). >=20 > The solution approach must take a wide range of TEE technologies into acc= ount and will focus on the use of public key cryptography. >=20 > The group will produce the following deliverables. First, an architecture= document describing the involved entities, their relationships, assumption= s, the keying framework and relevant use cases. Second, a solution document= that describes the above-described functionality. The use of the best poss= ible encoding format will be decided in the working group. The group may do= cument several attestation technologies considering the different hardware = capabilities, performance, privacy and operational properties. >=20 > The group will maintain a close relationship with the GlobalPlatform to e= nsure proper use of existing TEE-relevant application layer interfaces and = other abstractions used by GlobalPlatform-compliant TEE devices. >=20 > Milestones >=20 > Aug 2017 Submit "TEEP Architecture" document as WG item. >=20 > Oct 2017 Submit "TEEP Protocol" document as WG item. >=20 > Nov 2017 Participation in the IETF #100 Hackathon to work on the TEEP= Protocol. >=20 > Dec 2017 Submit "TEEP Architecture" to the IESG for publication as an= Informational RFC. >=20 > Mar 2017 Organization of an interoperability event at IETF #101. >=20 > Apr 2017 Submit "TEEP Protocol" to the IESG for publication as a Prop= osed Standard. >=20 > [1] Wikipedia, 'Trusted execution environment', URL: https://en.wikipedia= .org/wiki/Trusted_execution_environment (March 2017). > IMPORTANT NOTICE: The contents of this email and any attachments are conf= idential and may also be privileged. If you are not the intended recipient,= please notify the sender immediately and do not disclose the contents to a= ny other person, use it for any purpose, or store or copy the information i= n any medium. Thank you. >=20 > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep > IMPORTANT NOTICE: The contents of this email and any attachments are conf= idential and may also be privileged. If you are not the intended recipient,= please notify the sender immediately and do not disclose the contents to a= ny other person, use it for any purpose, or store or copy the information i= n any medium. Thank you. >=20 >=20 > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep From nobody Wed Apr 26 14:39:16 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB7C51294FE for ; Wed, 26 Apr 2017 14:39:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.222 X-Spam-Level: X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBbvl3Y6VMMP for ; Wed, 26 Apr 2017 14:39:12 -0700 (PDT) Received: from tussmtoutape01.symantec.com (Tussmtoutape01.symantec.com [155.64.38.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ED9C128B91 for ; Wed, 26 Apr 2017 14:39:12 -0700 (PDT) Received: from tussmtmtaapi02.symc.symantec.com (tus3-f5-symc-ext-prd-snat3.net.symantec.com [10.44.130.3]) by tussmtoutape01.symantec.com (Symantec Messaging Gateway) with SMTP id 57.FA.40682.F7311095; Wed, 26 Apr 2017 21:39:11 +0000 (GMT) X-AuditID: 0a2c7e31-dc6d39a000009eea-30-5901137fa21b Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (tus3-f5-symc-ext-prd-snat2.net.symantec.com [10.44.130.2]) by tussmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id B7.8D.58529.A7311095; Wed, 26 Apr 2017 21:39:07 +0000 (GMT) Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 26 Apr 2017 14:39:06 -0700 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.128.8) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Wed, 26 Apr 2017 14:39:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xUPMjFr9VwfdTS4/iznVIegy+R+3C5o07rqKTCAoJns=; b=2iIZrCayzOic7aDS20BTPYV67jjfRZp0OMmGDIdOhxqAybXasvQzRM/DzpdJsAntf4VTUgASxo//XPvQpsnbdE8/YwT32NInr/rXU/1Y5LRyfhS2TZo8e7oqf8J5QArcgv9zcHhiKz2loBrtH7dIO3Y3LdrMbW+zRRNdW9xlEiA= Received: from CY4PR1601MB1126.namprd16.prod.outlook.com (10.172.117.12) by BN6PR16MB1475.namprd16.prod.outlook.com (10.172.207.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Wed, 26 Apr 2017 21:39:03 +0000 Received: from CY4PR1601MB1126.namprd16.prod.outlook.com ([10.172.117.12]) by CY4PR1601MB1126.namprd16.prod.outlook.com ([10.172.117.12]) with mapi id 15.01.1047.019; Wed, 26 Apr 2017 21:39:02 +0000 From: Mingliang Pei To: Brian Witten , Nick Cook CC: "teep@ietf.org" Thread-Topic: [EXT] Re: [Teep] [EXT] Re: Charter strawman proposal Thread-Index: AQHSvo9AaOWfOMpOUkGYiXWum7NGkKHXuJaA Date: Wed, 26 Apr 2017 21:39:02 +0000 Message-ID: References: <0627F5240443D2498FAA65332EE46C84366EA50D@CRSMSX102.amr.corp.intel.com> <57999A96-6EB4-45FF-A646-86353849B8DC@symantec.com> In-Reply-To: <57999A96-6EB4-45FF-A646-86353849B8DC@symantec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.0.161029 authentication-results: symantec.com; dkim=none (message not signed) header.d=none;symantec.com; dmarc=none action=none header.from=symantec.com; x-originating-ip: [155.64.23.3] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BN6PR16MB1475; 7:yh1g/2JdNP02B41YiPobTwbx0eNlcI91I6OU466zAAMk8ZUJxkxahAacEqjPQrz8uuGzGqVa0x5gFhQ2Qxhqsa8VPdCwP/FVWaK1oq4EUKiPq5HA5seEb0Nhg7kiP/T2lw6zP4BzYVXMpztVjADNe3CkfnfeVWeqkb2AQi6EsitCebStcR8qhd81DwgCgt5uf5dt03ZTNSMvS2FeghVtc60ebLKRb4nAIn9SORcKN6HBw39RpUZQ6WZtI7/zw66MVPZMwd1CnHlxycwO+XEBn0mHMQFnC8LSLgQVoJtSLy7WpRTcwY0fImxV++nMKTMyXiqQA/TaMdg7E8i4sFf4mg== x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39450400003)(39410400002)(39400400002)(39850400002)(24454002)(51414003)(13464003)(377454003)(122556002)(66066001)(305945005)(189998001)(80792005)(7736002)(83506001)(81166006)(2906002)(10290500003)(6246003)(38730400002)(4001350100001)(3660700001)(25786009)(2900100001)(53546009)(3280700002)(6512007)(6486002)(4326008)(99286003)(6116002)(102836003)(3846002)(86362001)(77096006)(5660300001)(2950100002)(93886004)(561944003)(54356999)(76176999)(50986999)(8936002)(36756003)(6306002)(53936002)(6506006)(6436002)(5890100001)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1475; H:CY4PR1601MB1126.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; x-ms-office365-filtering-correlation-id: 39ccd0a3-8495-4b5b-ef16-08d48ceca7ec x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:BN6PR16MB1475; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(278428928389397)(192374486261705)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(6072148); SRVR:BN6PR16MB1475; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1475; x-forefront-prvs: 0289B6431E spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <1C3EC0292D37CB48AC1CB7DEFDC9FBAE@namprd16.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2017 21:39:02.1434 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1475 X-OriginatorOrg: symantec.com X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTURjHO+/7bnsdjU5T88EybSJUMy/ZRUPELpJBRmGBJpEv8yXvs21K Fiz1SzYTLC9418qZitkKNG99aKilKd5CchqG+WUYTiwSm1m+OwZ9Ofz+z//h+Z9zeFhaXity Z5PSdbwmnUtViKWM1DePPnTXGcUGNFn8g7+Nt4qCjes/6XAqsqFhjYo01X+hLlJXpaEJfGpS Fq/xD4uXJpa1TaAMW/itrvkuSQ4aO2pALAv4CNT2xhuQlJXjFQTFNS+QATk56qbSJoYYqwg+ mdtoIvoRPP0+KSLCiqD0zS8kCAbfp8G+NiUmTiUF5bZ1ioghBPbhWYmQKMYBMDabLoS44Gho NxkcgTT2htHuPrHAzvgUjD9sF5Ge09BnH6YIH4bCqntIGMNgH7AVhQhlGT4OE035iEQZaJiY +UgLhhMOh4GmHscchHfB6lArRbLcwLJQR5GHYmjoHaUJu4L164aj3xX7QVVJjkQYinAxgj8/ qrZ+xhNGZnIZwh4wUVfgSAb8gIbfBR1iIuZEYDQ+24qIgoLZZhFhPXR0bGzVU2BmugUVocDK /25F2Bfqe1bEhCPhffU0TVgJjY8XHSzDO2GwYoGpR6IW5KXL1GrTdOpMHZfBBwT6abPTVMLB be6Myk+lTnuFHFujD+xE86bzZoRZpNgu65ShWLmIy9rsNCNgaYWLbL91W6xclsBl3+Y16uua zFRea0a7WUbhJrPUWmLk+Aan41N4PoPX/HMp1sk9B8VciX80vM+nD9sve7kumW39ESF3wp6U lxYZkufiB8d3BJ2zbeR5KjNf69++G6i+eUaZvDyQtGdamRsRF+c90ux+ojFqKtQJrbycD3Ib qEs88NlwDBc+ZzqbZfqTlyo8ls/Ody8Fx4Wq81VuZQkfjDUlllXJ3ujQC0pu0npNpV5UMNpE LvAgrdFyfwHXEVtxMQMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA02SfUhTURjGPffebXdL4TQz36w0FlHkZ1JpZiWJIWgRWqAV1FpDzc3GNkUL SisoZ4ErtXIDrTSnqZmkTE2qpWFiqDPCj1ViQkiClZXNTc27sz/65/B73vfhec6Bw9LiKzw/ NiNLK1dnSRUSvogRBV2mgi94o9Qw88SKyOnBel5ktfMPHUPFV1XZqfimynHqMHVMFH1GrsjI katD954SpZc1WpFqJia3baJNkI8GduiQkAW8HZpKTYwOiVgxnkMwbGmkiehG8HB2iEfEFILS znnECQYX0uCwf+CTTTkFd2ecFBG9CBx9NoEOsSwfh8GALYsrWYWToaVJhzim8Ubob+/ic+yN 98OgvoVHPLHQ5eijCIfDTcM1xMUweBPMFO/ixl44Aqym64hU6Wiwjr2nuYUQx8AbU4crB+HV MNdbT5EuXxidrKDIQzFUPe+nCfvA1JdFl98Hh4ChJF/AhSJ8G8HSLwMipgB4N1bAEF4P1ooi VzPgGzQsFLXyifjMg+rqGnfFQSiy1fIIX4TW1kX3PBPGRurcqZfg62izO3WQgsUCWTEKLv/v toSDoLLjJ59wPPQYR2jCgfDo/jcXe+GV8PbeJFOJeHVogzZbo1FqlVqpVJURFh6iyVPKuEO6 /GdkIbJzymbk+jWxa8zI4ky0IMwiiaeXud8jVcyT5iw7LWgty0h8vWrsoylinCbVyjPlcpVc fVKdrZBrLIhihX75KC037cp8zvHCidmw4dl1ttJAxVWHYt9u+sG4UP+6tuPVzpGyhIWzS0c+ JmtC4/Z4ztpiD6WUdJ5PiFIk2nokL7v5DXdqRXF61eZx4wu/aeOBoxH6+WnmxCdnkiRpyMOf evxD4YyqD/DZYjA/ifFvftrwTHDr96Q9Wvc3z3i6/btJwmjSpdu20mqN9B/+6vGzFgMAAA== X-CFilter-Loop: TUS02 Archived-At: Subject: Re: [Teep] [EXT] Re: [EXT] Re: Charter strawman proposal X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 21:39:15 -0000 Agreed too. We implicitly assume it is TEE definition by GP in the spec, and it is good to call this out explicitly, and also Security Domain definitions. Thanks, Ming On 4/26/17, 6:15 AM, "TEEP on behalf of Brian Witten" wrote: >+1 > >> On Apr 26, 2017, at 6:06 AM, Nick Cook wrote: >>=20 >> I agree that these modifications all make sense. Rather than making a >>lightweight definition of TEE in the first paragraph I would prefer to >>call out the GP definition and identify any amendments to that which we >>are including in our usage of the acronym TEE in the TEEP/OTrP >>specification. This would clearly be a footnote definition to the >>charter. >>=20 >>=20 >> For the security domain part we should expand this to define what we >>mean by it specifically. I regard the use of security domain in OTrP as >>a protocol level grouping of a service provider's applications for >>management purposes and that there *must* be hardware isolation between >>security domains so that one security domain cannot be influenced by >>another, unless it exposes an API to allow it. The way that the trusted >>applications are implemented will be technology specific - again the >>protocol has requirements here (e.g. each TA to be manageable in its own >>right and to be able to be personalized) that we need to state but the >>protocol doesn't dictate the exact implementation. >>=20 >> We don't have the definitions in the draft spec and we will need to add >>that as we evolve it in the WG. >>=20 >>=20 >>=20 >>=20 >>=20 >> Nick Cook >>=20 >> -----Original Message----- >> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@arm.com] >> Sent: 28 March 2017 23:39 >> To: Wheeler, David M ; teep@ietf.org >> Subject: Re: [Teep] Charter strawman proposal >>=20 >> Thanks, David. Those are indeed useful suggestions. Your presentation >>today at the BOF also clarified some of these points and now make much >>more sense to me. >>=20 >> Let me try to incorporate your suggestions to see how well the text >>reads and whether it makes sense to others. >>=20 >> Ciao >> Hannes >>=20 >> -----Original Message----- >> From: Wheeler, David M [mailto:david.m.wheeler@intel.com] >> Sent: 28 March 2017 14:18 >> To: Hannes Tschofenig; teep@ietf.org >> Subject: RE: Charter strawman proposal >>=20 >> Hannes, >> Thanks for drafting this. I look forward to great discussions around >>this topic. I have made some modifications below. >>=20 >> I have made the following types of modifications: >> * a protocol is not required in every case, therefore, a protocol may >>be advantageous to the marketplace (but not a requirement) a standard >>protocol will ease portability, create a level playing field/access for >>different TEEs, and increase adoption for more secure devices >> * a relay application on the rich OS side is not required - what is >>required is some service access onto the network stack for >>communications It is possible for some TEEs to provide trusted stacks - >>a service access point must be accessible to protocol entities outside >>the device >> * the server side architecture interacts with the application, but >>maintenance of the app is optional >> * discovery of actual TEE capabilities is important as well >>=20 >> I think security domains is an area for discussion, so I leave that >>alone. But hope to have more discussions and a better understanding of >>the requirements around SDs in the future. >>=20 >> It might be useful to discuss other potential standards groups that we >>should be aligned with, especially in the IoT space. >>=20 >> Thanks, >> Dave Wheeler >>=20 >> -------- >>=20 >> TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement >>Charter >>=20 >> The Trusted Execution Environment (TEE) is a secure area of the main >>processor. The TEE, as an isolated execution environment, provides >>security features, such as isolated execution, integrity of Trusted >>Applications along with confidentiality of their assets. In general >>terms, the TEE offers an execution space that provides a higher level of >>security than a "rich" operating system and more functionality than a >>secure element. Implementations of the TEE concept have been developed >>by ARM, and Intel using the TrustZone and the SGX technology, >>respectively. >>=20 >> [It may be advantageous to build the marketplace to have a protocol >>that supports] programmatically install, update, and delete applications >>running in the TEE. [ This ] protocol runs between a [trusted service] >>running [within] the TEE, a relay application [or service access point >>on the device's network stack ] and a server-side infrastructure [ that >>interacts with and optionally maintains ] the applications. Since [ some >>tasks ( such as management tasks) ] are security sensitive where the >>server side requires information about the device capabilities (in form >>of attestation), the client-side demands server-side authentication, and >>privacy considerations have to be taken into account. >>=20 >> This working group aims to develop an application layer protocol >>providing TEEs with the following functionality, >> * discovery of TEE capabilities >> * management of trusted applications, >> * attestation, and >> * security domain management (which provides a logical space that >>contains the service provider's applications). >>=20 >> The solution approach must take a wide range of TEE technologies into >>account and will focus on the use of public key cryptography. >>=20 >> The group will produce the following deliverables. First, an >>architecture document describing the involved entities, their >>relationships, assumptions, the keying framework and relevant use cases. >>Second, a solution document that describes the above-described >>functionality. The use of the best possible encoding format will be >>decided in the working group. The group may document several attestation >>technologies considering the different hardware capabilities, >>performance, privacy and operational properties. >>=20 >> The group will maintain a close relationship with the GlobalPlatform to >>ensure proper use of existing TEE-relevant application layer interfaces >>and other abstractions used by GlobalPlatform-compliant TEE devices. >>=20 >> Milestones >>=20 >> Aug 2017 Submit "TEEP Architecture" document as WG item. >>=20 >> Oct 2017 Submit "TEEP Protocol" document as WG item. >>=20 >> Nov 2017 Participation in the IETF #100 Hackathon to work on the >>TEEP Protocol. >>=20 >> Dec 2017 Submit "TEEP Architecture" to the IESG for publication as >>an Informational RFC. >>=20 >> Mar 2017 Organization of an interoperability event at IETF #101. >>=20 >> Apr 2017 Submit "TEEP Protocol" to the IESG for publication as a >>Proposed Standard. >>=20 >> [1] Wikipedia, 'Trusted execution environment', URL: >>https://en.wikipedia.org/wiki/Trusted_execution_environment (March 2017). >> IMPORTANT NOTICE: The contents of this email and any attachments are >>confidential and may also be privileged. If you are not the intended >>recipient, please notify the sender immediately and do not disclose the >>contents to any other person, use it for any purpose, or store or copy >>the information in any medium. Thank you. >>=20 >> _______________________________________________ >> TEEP mailing list >> TEEP@ietf.org >> https://www.ietf.org/mailman/listinfo/teep >> IMPORTANT NOTICE: The contents of this email and any attachments are >>confidential and may also be privileged. If you are not the intended >>recipient, please notify the sender immediately and do not disclose the >>contents to any other person, use it for any purpose, or store or copy >>the information in any medium. Thank you. >>=20 >>=20 >> _______________________________________________ >> TEEP mailing list >> TEEP@ietf.org >> https://www.ietf.org/mailman/listinfo/teep > >_______________________________________________ >TEEP mailing list >TEEP@ietf.org >https://www.ietf.org/mailman/listinfo/teep From nobody Wed Apr 26 14:58:52 2017 Return-Path: X-Original-To: teep@ietfa.amsl.com Delivered-To: teep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECD61252BA for ; Wed, 26 Apr 2017 14:58:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.222 X-Spam-Level: X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_huo08etRk6 for ; Wed, 26 Apr 2017 14:58:43 -0700 (PDT) Received: from tussmtoutape01.symantec.com (Tussmtoutape01.symantec.com [155.64.38.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE11112709D for ; Wed, 26 Apr 2017 14:58:43 -0700 (PDT) Received: from tussmtmtaapi02.symc.symantec.com (tus3-f5-symc-ext-prd-snat10.net.symantec.com [10.44.130.10]) by tussmtoutape01.symantec.com (Symantec Messaging Gateway) with SMTP id 84.7B.40682.31811095; Wed, 26 Apr 2017 21:58:43 +0000 (GMT) X-AuditID: 0a2c7e31-dc6d39a000009eea-c0-59011813a523 Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (tus3-f5-symc-ext-prd-snat8.net.symantec.com [10.44.130.8]) by tussmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id D9.DE.58529.21811095; Wed, 26 Apr 2017 21:58:43 +0000 (GMT) Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 26 Apr 2017 14:58:42 -0700 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (10.44.128.9) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Wed, 26 Apr 2017 14:58:42 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sxXDhTuK9e2Fi/HTDsHZCFA1BIBiwDhKp+/qMYtw3Cw=; b=sUgcFaozeiEgdqydmmi5eiylltc6nBJsPixL2znKy2zlczNLR/6gQ0Ruu9+GUi/EswqDQHS1IXyJ08rk84kzC8yGI3bVECMmgtG5d3/Eu5qGRLX//t6TWVFxUH6lmJVPQJ6tA8tZTXKpGx78PfyZj8sTfFQrQyG9j9zMMy+RSmc= Received: from CY4PR1601MB1126.namprd16.prod.outlook.com (10.172.117.12) by CY4PR1601MB1125.namprd16.prod.outlook.com (10.172.117.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Wed, 26 Apr 2017 21:58:41 +0000 Received: from CY4PR1601MB1126.namprd16.prod.outlook.com ([10.172.117.12]) by CY4PR1601MB1126.namprd16.prod.outlook.com ([10.172.117.12]) with mapi id 15.01.1047.019; Wed, 26 Apr 2017 21:58:40 +0000 From: Mingliang Pei To: Mingliang Pei , Brian Witten , Nick Cook CC: "teep@ietf.org" Thread-Topic: [EXT] Re: [Teep] [EXT] Re: [EXT] Re: Charter strawman proposal Thread-Index: AQHSvthDvHrkfstNhkm8ryytlR6aLw== Date: Wed, 26 Apr 2017 21:58:39 +0000 Message-ID: References: <0627F5240443D2498FAA65332EE46C84366EA50D@CRSMSX102.amr.corp.intel.com> <57999A96-6EB4-45FF-A646-86353849B8DC@symantec.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.0.161029 authentication-results: symantec.com; dkim=none (message not signed) header.d=none;symantec.com; dmarc=none action=none header.from=symantec.com; x-originating-ip: [155.64.23.3] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR1601MB1125; 7:6LfKyK/USo+Q/pgOatdxcL4QQVRjm+WxK997uDXEfuUkyCRC06dQ8D09PkgbtqUjRFBQCg2KhHavzWbu0FFUWU6vQ6vdTyWmHi7xKHcbIkd6amd8lZ9uEj7CDdSe7MdRcJsGqnSQr9liuIz03Bno1h36eU+jElhwKwviUlMrcXu439AX5LMMVAsbXnSt4WlP9p/OnLEKsTQv0Jaw/rlF4Ixh2Cxml9kEbSLjslLuorUz37/xzySLc1TBbuiZARhboxNZhiJq9gL+evk6dzbEA8yY4vNzkBiPnKQ5d7OODonOI0b3OCWqH8XBRU/LVj/RUPUEXx1Cbd656doskf4odA== x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39850400002)(39410400002)(39450400003)(39400400002)(51414003)(13464003)(24454002)(377454003)(6436002)(83506001)(5890100001)(2900100001)(81166006)(6116002)(8936002)(36756003)(3846002)(6246003)(10290500003)(86362001)(66066001)(2950100002)(561944003)(3660700001)(3280700002)(6306002)(102836003)(77096006)(6506006)(6486002)(50986999)(76176999)(25786009)(99286003)(54356999)(38730400002)(229853002)(189998001)(53546009)(5660300001)(6512007)(4326008)(93886004)(53936002)(2906002)(80792005)(4001350100001)(122556002)(305945005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1601MB1125; H:CY4PR1601MB1126.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; x-ms-office365-filtering-correlation-id: 3a88848c-de34-4a08-fab6-08d48cef6613 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:CY4PR1601MB1125; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(278428928389397)(192374486261705)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:CY4PR1601MB1125; BCL:0; PCL:0; RULEID:; SRVR:CY4PR1601MB1125; x-forefront-prvs: 0289B6431E spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <481B80A6E4CF7247AA8B067D1EFE5D70@namprd16.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2017 21:58:39.9987 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1601MB1125 X-OriginatorOrg: symantec.com X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTURjHO/fezetocJqaD4oUk0jM1EGQgZUfFIRUMijUohx6SWk63d2s Sdl0QWya5QsOX8otZ5BIiJKo2SrZgtSwWaKpUbZ9SDQQmy9pWLu7E/py+P3P/znneeGhSUm7 IIwuLFYzqmK5QioUUaKYKtHRIEDZ8VvPwxOWnd2ChM4/62QSkWq1/iZSe8zfiLNEjigxn1EU ljGquFO5ogLbciVR8jP5Rsd9Z4AOmU8YUSAN+BiYpgZJIxLREuxB8PB1Pdo1apr1At7YRPCl b8UvHAg8DW6/+IGg9tM0xQkKG0io3RwneKeVgAZbDeLFKIJt17jQiGhaiOPhw3wxlyQY34Zq k92XkMSRMDFkF3IchNNhWv9SyMdkwN32VwTPsTDUtE5w31D4EPSvRnHXYnwc9FVjvhAJHiDB NZHJcSBOgHXLZ4pjhPfDxmg3wacKhVl3O8H3icE6PEHyHAKLrh0BxyHeVK2NugCufIQbEPz1 tPoHcwDez1VSPEfAZHu1r0fAtSTUt5n8YkEAa9Uz/hfpMLNi9xt13uk93fEbSjCMzQkfIFnL f2XxHAPmF6tCnlOh0/WG4vkIPLEskS2+tvfBu2Y3ZUaCLnRQrWHZIrVSo5aXMPGyWFZblMcd cu/S5MXmKYt6kW9tKmQD6HtP2gjCNJLuFQ+IUbZEIC/zRo4goElpsDhqcU+2RJwv15YzKuUV lUbBsCMonKakoeLZR7NZEnxVrmauMUwJo9p1CTowTIes1/VKi3NQ9thWsWDSXu4bXCrtZXMu xV04b40+Xd+UaE8zmg/rk7PYSVZryP3qJutulifdcmRtOCRvPVu69LbGk8THc32usbkM0UWL pnPe1pxinnZG3HMsUW01CYrMSH1ofmnO8PyzHXYqJczS39WxNr992PDrzrgq58xojJRiC+Sy aFLFyv8BVzDsdzIDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTURjHPe/N15VwmqmPWjYmdvGWipRSdCEJiSztU0aky73kyM21TemG uqmUU7S0lLR01pYWBqEQYl5w2YfU2IxEmwWFgkVGMmzNlJXv3n3oy+H3P8//nOfCw5LiSjqc Vah0nEYlK5QyIkoUZ2DjgwDlJE4bAlIXJ7vpVMuaizxEZJjNK0TGc9NnIos4I9ov5woVJZxm 94E8UcHQop5Q/0i//Kh+0r8cmdKMKIAFnAK19ypoIxKxYuxG8Kl3ySdeI1hunPeJrwjq3k9T vKBwNQl17glCiLQS0DhUiwQxhmB1boIxIpZlcCLYP6r4JJtxGdQ0jyKeSRwFtv5RhucgnAnT FYOM4DkBN9qHCYEToL/JRfDfUDgaXjh38teBeC9UGMa9FjHuI2HOls1zAE4FV8cHimeEQ+D3 WDchpAoFx3w7IfSJwTxgIwUOhm9zHprn4PVUrXfK/fnyEW5E8He5FQmmbfB2Vk8JvBXetdd4 ewRcR0LD/Waf+ELDr5oZ34tMmFka9QVur0/viccXKILq8VlG4DJYcPRQgmmKAEvVM+YWim/5 r16B48D00skInAGWuRFK4Fh43PGdbPHOYxO8uTdPmRD9FEl0xVqtUqfUyWRqRWJygvaKMp8/ ZOtLk5+QX6TsQd61ORLWh6xrx60Is0i6MbDP5pcjpmUl604rimApaWhg54rjtBhfkOm4ixyn 5jS5muJCTmtFBBsQXo6qhtpj9T0l5FnTSIz6Z+TdpjyT62p9p06e5HSjU70Hc/8cPqYq7Wq7 drLfs9rr17wFcm867WHyFEkXl2WYssMlxa7r55KHI2oljgfFxu0WOb1vhRw46qhkzK4NlSUP FxrapOdb9IM4Mq0gCr9aEnnce1Kckmx7aciOpOh0KaUtkCXFkBqt7B/jc7uXFwMAAA== X-CFilter-Loop: TUS04 Archived-At: Subject: Re: [Teep] [EXT] Re: [EXT] Re: [EXT] Re: Charter strawman proposal X-BeenThere: teep@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 21:58:51 -0000 I meant that any amendment too if needed. Thanks, Ming On 4/26/17, 2:39 PM, "TEEP on behalf of Mingliang Pei" wrote: >Agreed too. We implicitly assume it is TEE definition by GP in the spec, >and it is good to call this out explicitly, and also Security Domain >definitions. Thanks, Ming > >On 4/26/17, 6:15 AM, "TEEP on behalf of Brian Witten" > wrote: > >>+1 >> >>> On Apr 26, 2017, at 6:06 AM, Nick Cook wrote: >>>=20 >>> I agree that these modifications all make sense. Rather than making a >>>lightweight definition of TEE in the first paragraph I would prefer to >>>call out the GP definition and identify any amendments to that which we >>>are including in our usage of the acronym TEE in the TEEP/OTrP >>>specification. This would clearly be a footnote definition to the >>>charter. >>>=20 >>>=20 >>> For the security domain part we should expand this to define what we >>>mean by it specifically. I regard the use of security domain in OTrP as >>>a protocol level grouping of a service provider's applications for >>>management purposes and that there *must* be hardware isolation between >>>security domains so that one security domain cannot be influenced by >>>another, unless it exposes an API to allow it. The way that the trusted >>>applications are implemented will be technology specific - again the >>>protocol has requirements here (e.g. each TA to be manageable in its own >>>right and to be able to be personalized) that we need to state but the >>>protocol doesn't dictate the exact implementation. >>>=20 >>> We don't have the definitions in the draft spec and we will need to add >>>that as we evolve it in the WG. >>>=20 >>>=20 >>>=20 >>>=20 >>>=20 >>> Nick Cook >>>=20 >>> -----Original Message----- >>> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@arm.com] >>> Sent: 28 March 2017 23:39 >>> To: Wheeler, David M ; teep@ietf.org >>> Subject: Re: [Teep] Charter strawman proposal >>>=20 >>> Thanks, David. Those are indeed useful suggestions. Your presentation >>>today at the BOF also clarified some of these points and now make much >>>more sense to me. >>>=20 >>> Let me try to incorporate your suggestions to see how well the text >>>reads and whether it makes sense to others. >>>=20 >>> Ciao >>> Hannes >>>=20 >>> -----Original Message----- >>> From: Wheeler, David M [mailto:david.m.wheeler@intel.com] >>> Sent: 28 March 2017 14:18 >>> To: Hannes Tschofenig; teep@ietf.org >>> Subject: RE: Charter strawman proposal >>>=20 >>> Hannes, >>> Thanks for drafting this. I look forward to great discussions around >>>this topic. I have made some modifications below. >>>=20 >>> I have made the following types of modifications: >>> * a protocol is not required in every case, therefore, a protocol may >>>be advantageous to the marketplace (but not a requirement) a standard >>>protocol will ease portability, create a level playing field/access for >>>different TEEs, and increase adoption for more secure devices >>> * a relay application on the rich OS side is not required - what is >>>required is some service access onto the network stack for >>>communications It is possible for some TEEs to provide trusted stacks - >>>a service access point must be accessible to protocol entities outside >>>the device >>> * the server side architecture interacts with the application, but >>>maintenance of the app is optional >>> * discovery of actual TEE capabilities is important as well >>>=20 >>> I think security domains is an area for discussion, so I leave that >>>alone. But hope to have more discussions and a better understanding of >>>the requirements around SDs in the future. >>>=20 >>> It might be useful to discuss other potential standards groups that we >>>should be aligned with, especially in the IoT space. >>>=20 >>> Thanks, >>> Dave Wheeler >>>=20 >>> -------- >>>=20 >>> TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement >>>Charter >>>=20 >>> The Trusted Execution Environment (TEE) is a secure area of the main >>>processor. The TEE, as an isolated execution environment, provides >>>security features, such as isolated execution, integrity of Trusted >>>Applications along with confidentiality of their assets. In general >>>terms, the TEE offers an execution space that provides a higher level of >>>security than a "rich" operating system and more functionality than a >>>secure element. Implementations of the TEE concept have been developed >>>by ARM, and Intel using the TrustZone and the SGX technology, >>>respectively. >>>=20 >>> [It may be advantageous to build the marketplace to have a protocol >>>that supports] programmatically install, update, and delete applications >>>running in the TEE. [ This ] protocol runs between a [trusted service] >>>running [within] the TEE, a relay application [or service access point >>>on the device's network stack ] and a server-side infrastructure [ that >>>interacts with and optionally maintains ] the applications. Since [ some >>>tasks ( such as management tasks) ] are security sensitive where the >>>server side requires information about the device capabilities (in form >>>of attestation), the client-side demands server-side authentication, and >>>privacy considerations have to be taken into account. >>>=20 >>> This working group aims to develop an application layer protocol >>>providing TEEs with the following functionality, >>> * discovery of TEE capabilities >>> * management of trusted applications, >>> * attestation, and >>> * security domain management (which provides a logical space that >>>contains the service provider's applications). >>>=20 >>> The solution approach must take a wide range of TEE technologies into >>>account and will focus on the use of public key cryptography. >>>=20 >>> The group will produce the following deliverables. First, an >>>architecture document describing the involved entities, their >>>relationships, assumptions, the keying framework and relevant use cases. >>>Second, a solution document that describes the above-described >>>functionality. The use of the best possible encoding format will be >>>decided in the working group. The group may document several attestation >>>technologies considering the different hardware capabilities, >>>performance, privacy and operational properties. >>>=20 >>> The group will maintain a close relationship with the GlobalPlatform to >>>ensure proper use of existing TEE-relevant application layer interfaces >>>and other abstractions used by GlobalPlatform-compliant TEE devices. >>>=20 >>> Milestones >>>=20 >>> Aug 2017 Submit "TEEP Architecture" document as WG item. >>>=20 >>> Oct 2017 Submit "TEEP Protocol" document as WG item. >>>=20 >>> Nov 2017 Participation in the IETF #100 Hackathon to work on the >>>TEEP Protocol. >>>=20 >>> Dec 2017 Submit "TEEP Architecture" to the IESG for publication as >>>an Informational RFC. >>>=20 >>> Mar 2017 Organization of an interoperability event at IETF #101. >>>=20 >>> Apr 2017 Submit "TEEP Protocol" to the IESG for publication as a >>>Proposed Standard. >>>=20 >>> [1] Wikipedia, 'Trusted execution environment', URL: >>>https://en.wikipedia.org/wiki/Trusted_execution_environment (March >>>2017). >>> IMPORTANT NOTICE: The contents of this email and any attachments are >>>confidential and may also be privileged. If you are not the intended >>>recipient, please notify the sender immediately and do not disclose the >>>contents to any other person, use it for any purpose, or store or copy >>>the information in any medium. Thank you. >>>=20 >>> _______________________________________________ >>> TEEP mailing list >>> TEEP@ietf.org >>> https://www.ietf.org/mailman/listinfo/teep >>> IMPORTANT NOTICE: The contents of this email and any attachments are >>>confidential and may also be privileged. If you are not the intended >>>recipient, please notify the sender immediately and do not disclose the >>>contents to any other person, use it for any purpose, or store or copy >>>the information in any medium. Thank you. >>>=20 >>>=20 >>> _______________________________________________ >>> TEEP mailing list >>> TEEP@ietf.org >>> https://www.ietf.org/mailman/listinfo/teep >> >>_______________________________________________ >>TEEP mailing list >>TEEP@ietf.org >>https://www.ietf.org/mailman/listinfo/teep > >_______________________________________________ >TEEP mailing list >TEEP@ietf.org >https://www.ietf.org/mailman/listinfo/teep