Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 10C363A0DCD
 for <dnsop@ietfa.amsl.com>; Thu, 11 Jun 2020 11:48:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level: 
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5,
 USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=google.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rW6bXPqlLW8W for <dnsop@ietfa.amsl.com>;
 Thu, 11 Jun 2020 11:48:33 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com
 [IPv6:2a00:1450:4864:20::32e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 2B68C3A0DB5
 for <dnsop@ietf.org>; Thu, 11 Jun 2020 11:48:33 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id l17so5908751wmj.0
 for <dnsop@ietf.org>; Thu, 11 Jun 2020 11:48:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=qAfEq5qW840YpDGFRMVcBrscrGGSa3XpGj0nh+qcotw=;
 b=XCXLRmrW3E721+nHhFOPVyFKLusNcAYnZzPN1vWQxg+56mAGNeRwxhuan2ANRtn9OO
 Cc/dVeH27lVihFx/lO5SDbxM7SlDUUZ09BtPgsyFFmOMdMdnkdMZjKuwT50BQCYzof/T
 TJV+UGiVzlvbSUSIDgTlxJ1jmzlAXCzU+lqS836qhIMcXKB61BpLq3DZWEwYMeTTGvCm
 LkaLgUObU37ZxtqzZhOohLcHyL1sRKyN7Immk3+t68vreVpl9kxqevkCcjmPlxSR3S+U
 Ys2sfIcaCKSUN/2kaRok2Sum6dvhlYJWXYGDzR5Z7JvcJyqX+1U9Q5hN619iOA/+0+n4
 euTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=qAfEq5qW840YpDGFRMVcBrscrGGSa3XpGj0nh+qcotw=;
 b=KOjBButOpjT3EA8RzaprObjRb1wPbwBFHhWlToUG81NJkVNyK5z+90O1wiFwU8DPS1
 /pj6XnyacmcB+GJ+2jOFIgrNEm7+3y3qvporRGE7dCFljd2HqGD+Huwc3Lp3gh9oao6O
 M8nrXrlFgDvLKHIrdUZscu4SjuVRcUP/DAyxOt5a+eYOB7uYhkkjas8CUqc9YEI87nqf
 TArrwWRvpMTmeuskLvtLeVI0sXreRMLP6S4HwsAOsbFndm+rXEeOUGS9N3Rp4ok3Q8Mu
 VV/AfPyQeuiakwYo8Of1VR6FiHlag9TK0PB6Vsg6qgQYIovv8PB8MMSXAk9Ln+yWrXy0
 SyTA==
X-Gm-Message-State: AOAM531mI9O+YMDS0yUUZkMYd0UemKYLMryaNYEy7ozUnReGEMGGnvyG
 HIXgBy0MgOy1iB0bzQNjTmlE3iH2S+N0z9QP7s5A0A5UPGqJ6Q==
X-Google-Smtp-Source: ABdhPJzCImuq/bovKVHMP66rTDGnXJejNzHM1exhrim1ha/yyRK7e2cNQZr9wK3urb6K98Ea1z1P7YSgthx0knhGdIU=
X-Received: by 2002:a05:600c:2147:: with SMTP id
 v7mr9413650wml.101.1591901311290; 
 Thu, 11 Jun 2020 11:48:31 -0700 (PDT)
MIME-Version: 1.0
References: <20200417101932.GA2035@wakko.flat11.house>
 <CAMOjQcF10Ceh=O1-s58Kw_j_hekbCnfmQ9sMZGZiwvhDdbg2bA@mail.gmail.com>
 <CAHbrMsBCeg+3wDcbAJk=KZC1y0RPtLjznst2NVSDJQVSRL84XA@mail.gmail.com>
 <CAMOjQcHTgsJo4-9O=uZF9PTOGHz0s7BFmOBuCn4nStQ+6YnW1Q@mail.gmail.com>
 <CAHbrMsDTBDuuO27mS9KbeHC042incgPbtozHZZ7tx=X2o6=RiA@mail.gmail.com>
 <20200610224455.GA44302@sokka.flat11.house>
 <5833E55F-A483-4781-BF51-DDDE95FB0677@isc.org>
 <20200611133028.GA30562@wakko.flat11.house>
In-Reply-To: <20200611133028.GA30562@wakko.flat11.house>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 11 Jun 2020 14:48:19 -0400
Message-ID: <CAHbrMsAUNCaftTjKhiVgenKd_PXtm1=XKowWVvzJgLWTRXKTkg@mail.gmail.com>
To: Alessandro Ghedini <alessandro@ghedini.me>
Cc: Mark Andrews <marka@isc.org>, dnsop <dnsop@ietf.org>, 
 Eric Orth <ericorth=40google.com@dmarc.ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg=sha-256; boundary="00000000000036a97805a7d368ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OEbYg3wsukx8HgGxyAgK0V035h0>
Subject: Re: [DNSOP] Comments on draft-ietf-dnsop-svcb-httpssvc-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 18:48:35 -0000

--00000000000036a97805a7d368ab
Content-Type: multipart/alternative; boundary="0000000000002dceea05a7d3687d"

--0000000000002dceea05a7d3687d
Content-Type: text/plain; charset="UTF-8"

On Thu, Jun 11, 2020 at 9:30 AM Alessandro Ghedini <alessandro@ghedini.me>
wrote:

>
> > Well firstly if you are going to be using providers, use their domain
> names in
> > the HTTPSSVC records.  The above configuration is more for self hosting.
>
> So, the domain name is always www.example.net for all providers, are you
> saying
> that instead of "HTTPSSVC 1 . ..." it should be "HTTPSSVC 1
> www.example.net ..."?
>

No, the correct configuration is the one you wrote at the start of this
thread, back in April:

    www.example.net <http://www.xample.net/>      3600 IN CNAME
cname.cdn-a.example
    cname.cdn-a.example 3600 IN HTTPSSVC 1 . alpn=h3 echconfig="..."

Here, "." means "cname.cdn-a.example.", so the ECHConfig will be bound to
the A/AAAA for that domain.  To switch providers, www.example.net would
just update its CNAME, and clients will seamlessly transition as caches
update.

> So, what am I missing here?

I think the key point here is that skipping the CNAME is a bad idea, for
exactly the reason you described.

If the customer really wants to skip the CNAME for some reason, it can do

    www.example.net      3600 IN HTTPSSVC 1 cname.cdn-a.example alpn=h3
echconfig="..."

If it also feels the need to short-circuit the A/AAAA lookups, it can add
IP hints here.  With or without IP hints, this is more fragile than a CNAME
if the CDN changes its configuration, but it won't break, or prevent
switching CDNs, so long as it's kept up to date.

--0000000000002dceea05a7d3687d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Thu, Jun 11, 2020 at 9:30 AM Aless=
andro Ghedini &lt;<a href=3D"mailto:alessandro@ghedini.me">alessandro@ghedi=
ni.me</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:=
1ex"><br>
&gt; Well firstly if you are going to be using providers, use their domain =
names in<br>
&gt; the HTTPSSVC records.=C2=A0 The above configuration is more for self h=
osting.<br>
<br>
So, the domain name is always <a href=3D"http://www.example.net" rel=3D"nor=
eferrer" target=3D"_blank">www.example.net</a> for all providers, are you s=
aying<br>
that instead of &quot;HTTPSSVC 1 . ...&quot; it should be &quot;HTTPSSVC 1 =
<a href=3D"http://www.example.net" rel=3D"noreferrer" target=3D"_blank">www=
.example.net</a> ...&quot;?<br></blockquote><div><br></div><div>No, the cor=
rect configuration is the one you wrote at the start of this thread, back i=
n April:</div><div><br></div><div>=C2=A0 =C2=A0=C2=A0<a href=3D"http://www.=
xample.net/" rel=3D"noreferrer" target=3D"_blank">www.example.net</a>=C2=A0=
 =C2=A0 =C2=A0 3600 IN CNAME cname.cdn-a.example<br>=C2=A0 =C2=A0 cname.cdn=
-a.example 3600 IN HTTPSSVC 1 . alpn=3Dh3 echconfig=3D&quot;...&quot;<br></=
div><div><br></div><div>Here, &quot;.&quot; means &quot;cname.cdn-a.example=
.&quot;, so the ECHConfig will be bound to the A/AAAA for that domain.=C2=
=A0 To switch providers, <a href=3D"http://www.example.net">www.example.net=
</a> would just update its CNAME, and clients will seamlessly transition as=
 caches update.</div><div><br></div><div>&gt; So, what am I missing here?</=
div><div><br></div><div>I think the key point here is that skipping=C2=A0th=
e CNAME is a bad idea, for exactly the reason you described.</div><div><br>=
</div><div>If the customer really wants to skip the CNAME for some reason, =
it can do</div><div><br></div><div>=C2=A0 =C2=A0=C2=A0<a href=3D"http://www=
.example.net/" rel=3D"noreferrer" target=3D"_blank">www.example.net</a>=C2=
=A0 =C2=A0 =C2=A0 3600 IN HTTPSSVC 1 cname.cdn-a.example alpn=3Dh3 echconfi=
g=3D&quot;...&quot;<br></div><div><br></div><div>If it also feels the need =
to short-circuit the A/AAAA lookups, it can add IP hints here.=C2=A0 With o=
r without IP hints, this is more fragile than a CNAME if the CDN changes it=
s configuration, but it won&#39;t break, or prevent switching CDNs, so long=
 as it&#39;s kept up to date.</div></div></div>

--0000000000002dceea05a7d3687d--

--00000000000036a97805a7d368ab
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIIPBgYJKoZIhvcNAQcCoIIO9zCCDvMCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg
ggxpMIIEkjCCA3qgAwIBAgINAewckktV4F6Q7sAtGDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQL
ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMK
R2xvYmFsU2lnbjAeFw0xODA2MjAwMDAwMDBaFw0yODA2MjAwMDAwMDBaMEsxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSEwHwYDVQQDExhHbG9iYWxTaWduIFNNSU1FIENB
IDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUeobu8FdB5oJg6Fz6SFf8YsPI
dNcq4rBSiSDAwqMNYbeTpRrINMBdWuPqVWaBX7WHYMsKQwCOvAF1b7rkD+ROo+CCTJo76EAY25Pp
jt7TYP/PxoLesLQ+Ld088+BeyZg9pQaf0VK4tn23fOCWbFWoM8hdnF86Mqn6xB6nLsxJcz4CUGJG
qAhC3iedFiCfZfsIp2RNyiUhzPAqalkrtD0bZQvCgi5aSNJseNyCysS1yA58OuxEyn2e9itZJE+O
sUeD8VFgz+nAYI5r/dmFEXu5d9npLvTTrSJjrEmw2/ynKn6r6ONueZnCfo6uLmP1SSglhI/SN7dy
L1rKUCU7R1MjAgMBAAGjggFyMIIBbjAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUH
AwIGCCsGAQUFBwMEBggrBgEFBQcDCTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRMtwWJ
1lPNI0Ci6A94GuRtXEzs0jAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDA+BggrBgEF
BQcBAQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9yb290cjMw
NgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBn
BgNVHSAEYDBeMAsGCSsGAQQBoDIBKDAMBgorBgEEAaAyASgKMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0B
AQsFAAOCAQEAwREs1zjtnFIIWorsx5XejqZtqaq5pomEvpjM98ebexngUmd7hju2FpYvDvzcnoGu
tjm0N3Sqj5vvwEgvDGB5CxDOBkDlmUT+ObRpKbP7eTafq0+BAhEd3z2tHFm3sKE15o9+KjY6O5bb
M30BLgvKlLbLrDDyh8xigCPZDwVI7JVuWMeemVmNca/fidKqOVg7a16ptQUyT5hszqpj18MwD9U0
KHRcR1CfVa+3yjK0ELDS+UvTufoB9wp2BoozsqD0yc2VOcZ7SzcwOzomSFfqv7Vdj88EznDbdy4s
fq6QvuNiUs8yW0Vb0foCVRNnSlb9T8//uJqQLHxrxy2j03cvtTCCA18wggJHoAMCAQICCwQAAAAA
ASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIz
MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5MDMxODEwMDAw
MFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzAR
BgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0EXyTLLkvhYIJG
4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+JJ5U4nwbXPsnL
JlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8unPvQu7/1PQDh
BjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTvriBJ/K1AFUjR
AjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGjQjBAMA4GA1Ud
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5NUPpjmove4t0b
vDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigHM8pr5nS5ugAt
rqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmUY/vcU2hnVj6D
uM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V14qWtNPeTCek
TBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcya5QBqJnnLDMf
Ojsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/XzCCBGwwggNU
oAMCAQICEAH8qNflD4Mi9yKttXfRdHcwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExITAfBgNVBAMTGEdsb2JhbFNpZ24gU01JTUUgQ0EgMjAx
ODAeFw0yMDA2MDUwODIyMjhaFw0yMDEyMDIwODIyMjhaMCIxIDAeBgkqhkiG9w0BCQEWEWJlbWFz
Y0Bnb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kbyV9S0YLplF3kV
6t3GgD7IyHe8L29pJ7l+UR0Sj31uPgXOFdSSdTVwhPfQvxmB2OUDXWDgDtZdL2xu4DgHhrDyyOXT
8uDJqUCPw004ZSuUfUor1vz5u6+oYNfx2OTPTb81vtsQO2/khni3iAeQlKgO/rUI1c9+zvT6k3mR
SZUypAlk/rCyG6NV7NMJMmOaU20/kPBXG297iP8+/F9w4xs+lyb3IkcSfoSUr3fVz7mYqESFato5
JnjRQGT2/f/ehxkc09jATqVGj9nyQMoD2GNPjiNnYyTVBwK5Ol/s9+E2VSL4TSLrgS2R07kY9zPi
VOM3lhDDRnceboNSaqnfMwIDAQABo4IBczCCAW8wHAYDVR0RBBUwE4ERYmVtYXNjQGdvb2dsZS5j
b20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4E
FgQUwJS1fB3cBxoLgZFatdIO9Vp5wOcwTAYDVR0gBEUwQzBBBgkrBgEEAaAyASgwNDAyBggrBgEF
BQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wUQYIKwYBBQUHAQEE
RTBDMEEGCCsGAQUFBzAChjVodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3Nt
aW1lY2EyMDE4LmNydDAfBgNVHSMEGDAWgBRMtwWJ1lPNI0Ci6A94GuRtXEzs0jA/BgNVHR8EODA2
MDSgMqAwhi5odHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2NhL2dzc21pbWVjYTIwMTguY3JsMA0G
CSqGSIb3DQEBCwUAA4IBAQCC91PBn9rMxo8kSo1zNY2mxkTQDTVc0oyYk8s3y72y21IEp/d/+h1H
VTCD2FR30aFUv8hTJkebJ5Z1/zue2L7sx/lLEOIHm9uYxyTkTWbKup3+XrE1vhODTHVx+ktMuOTY
z447/fwjy4praSaFrQsOjTPbAoU6xuC8S2j2K2Yg6XQsctcKHKeAJjN6evZYChDaTBLmtYq9LTSH
KVv3Et795vNK3gWKjhEkJtaBu4FfKLoopb1PENJ/zK6p/3edCLFgCRMSlbQ0SGtdVESSJcgezSwW
WK2VB1Zcj2kyVzcL1pmV8m1xQuz2aBgUMn7peoVxKxYKP12gMtzeMvkzltYBMYICYTCCAl0CAQEw
XzBLMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEhMB8GA1UEAxMYR2xv
YmFsU2lnbiBTTUlNRSBDQSAyMDE4AhAB/KjX5Q+DIvcirbV30XR3MA0GCWCGSAFlAwQCAQUAoIHU
MC8GCSqGSIb3DQEJBDEiBCCKMBnINuYHBNVhbhv/8nkwsbALM1IOiv5LPX0HvKQvTjAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA2MTExODQ4MzFaMGkGCSqGSIb3
DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN
AwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAE
ggEAqANmC4YglKnAI7KCWjTEt4CAADBgm84pPf5o60xivVPRjrnnhOOWQ++D0CxblOBSJpP0IDx8
q1jrxuCoRyOob8EnuCWh2U+4YOLYFsigraUmj4Ex7ofHLUlXwvum3arxbd0IBYJUi9RXJlw7wrG1
jggRDuE8G3gCu9IJ5iL/VYqPB1vcsim529bqRVFySLm+65h8uWPB9lBRIDOwMXTPeYBG8Kr4dzTN
JOo4tuL78TR3YPhuGIMkUfrk9Ie26EniP9mrLmU6N20icXklS2dScBwxqmgbU8FbOowdw/EqQ/xD
qSNTRT7BUSUKD7HpeaD47oYh8FQZjZ+2Q/XPX1/mWA==
--00000000000036a97805a7d368ab--