Return-Path: X-Original-To: dnsop@ietfa.amsl.com Delivered-To: dnsop@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECD9FC14F700; Fri, 7 Jun 2024 02:14:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.095 X-Spam-Level: X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E2sm-bpXh_xI; Fri, 7 Jun 2024 02:14:40 -0700 (PDT) Received: from mout-b-105.mailbox.org (mout-b-105.mailbox.org [195.10.208.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA919C14F602; Fri, 7 Jun 2024 02:14:38 -0700 (PDT) Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-105.mailbox.org (Postfix) with ESMTPS id 4VwbB122sRz9vfw; Fri, 7 Jun 2024 11:14:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=MBO0001; t=1717751673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=89zKYoSRylKgCtjzqz5Y6Qwv2FJP3CSA+tzzl6Zpwqo=; b=lXTsjvfeTTUcQsHmwefv+8ecrMkND2uSZzqreVu1bTs1kYmQVR3PeAp48DZ19dMIp0rezg MrkB7UUWvggsJVf3bFKxs/kKZazdZWEmZpknm8cVklTxuNH9HzUo2wtNsMuWLijB3K5D2k c3lJvz/Agx6JZNiUecXlHq/LrX0htoJp0/36xjTIOgXp5qUfv3Wr0cxCFTNCGXAenGmmwK eZqAWPdRIRg3AFRA2jFMXCh/WUF5xeMshep9QELuOoAcygLfaFmRMEavJOYtx1BSFJ5Q2+ k8nAdHfYvT8awZrxNDhaJ79OluFmJ6gOKTnSRkbchFfJ5bJFXWhQYruduuKccA== Message-ID: <2a5dae5f-271a-4428-9e8f-6930ef0d5c02@nlnetlabs.nl> Date: Fri, 7 Jun 2024 11:14:31 +0200 MIME-Version: 1.0 To: jabley@strandkip.nl, Tim Wicinski References: <3B172CF5-F76C-4B21-984D-F19CF5B40F48@icann.org> <6B191946-D3AB-46D4-B2CF-599ECC642B26@strandkip.nl> Content-Language: en-US From: Willem Toorop Autocrypt: addr=willem@nlnetlabs.nl; keydata= xsFNBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuB ywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69t kBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr 7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG 6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ai nhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z 8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zr kWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ 45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbh WbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABzSNXaWxsZW0gVG9v cm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPsLBjwQTAQIAOQIbIwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQTcNO5dskF7zBUeUQDl+PghL3ekmAUCXgm/sAAKCRDl+PghL3ekmLEOD/0W 50GFW5OfS/aZ3k7BfoBgSYEpgs3wUPxFCvkw4LsREcSLSdE9jFfIWh7sGiS1yP/kQGZr/yUn R58nAjGr9exyB90VsgEQqUlbks5nCqQZZrMcZRgHCB0IitYZqewBfl/GON/mqApTEQXgTJS7 0wi66828X7AyCA6kPgUfDl5V/zOE0GKm8ejNtKIIEnscNHUwpNpwTF/EegU6Fo6Ih4/bMvpg RytCgIi1tdmWETeyKjL7ASIGZL0kZkTfhQZV+V5NgToDnMFxPyndvv57Fip2mUSPkAAWRhgq ApL797C/KMpc1mCK43g6gD21KP01e5yz1BnSc09NJ7huLHYDFQKRBCfbUZuJe0KSibpRgmNE YaWT1sxByxqPbTmWDgvRXy4TGhkPm21wLqRACVmymd/KiFHdaB5NzWzrC5C0eWSCs2oziDuy Szf8/71sI8pNwjqBIp/8zA8ZI9AZrCkgzeuEeyKBcjW8O83iJkx2S9CC0KBrryvTi2QwitHX +WxJnGlOFNLQG4fp9/6EDuPUEKgmbqaiooCgDyU4aHYPFpUrHTc8aajahJ29wcXkWkIrm6rB mWzT/+05jyrrMl0HoSmZIqhwgtGHrWw+bnCxBZV2JOynDE0n+z4zh8N4rQ1vvCXu36CcR/62 YFTliLVKowkFtqO+om6DO8MBws/FoYnw/M7BTQRNbPNRARAApOziFbP3grro+2weP9wG0eYk InH0Gwc/x6hSN3iIFHtxaBNOC3U8YI0HMI8Yi5SJrzTx2rG7Uvw5aNCnBcMKNeoCJufSYIkx E41WzPEkqSNidkYoY6jxyDs6ZAFnIR3qqt/FV/93Acux1BMlnPP1sY7G5hUAC7Src8dbmAYV z6mnd43jurMYzESOygROP9yVrGOqKyiEbXf+GQ/o+8OgPs4504Z1BA/xvgZEEPqtn8Wowu/g LzTMOfMIfWsuk0ZCmV/VqfLTpZMCwMvh/qAQAsfrZMjE5fhTtbF668fHIpc4C4357H8y8XZr PXbhhtxYLu3V2pVbfKzbTMpp6Z6bJdIrFXpoyfgoFwkXcJ0zWgAFkPK+Iv16XtD/JDKWlkLo SXhCjBo8g4C7M50hzpy4zo9Na8ECtwpWBCFZ8myF94WZ+TGnP+FZz0rjTIKOZv6E9kivdFtd KxAi1RSQGo5Iwc2ugiBf4hpYyrd7vIwd0yqUqvSVTnaV8Ft8QKOV4H807grdIYkE/NOAu3N7 4uxbFIlChAxYq/ohLBCtbeuyZSOqBA2tIZE5fetHLw2+7Otq+zhrcWZ1SkchbDYp9jYzoCxf 0cEW5GyKaCoWNCblVupcDs20ckKcDVG+peWD+InnD4MSUeizHCMdL5Rt6MMaZVD4hOqWHf33 Wiw+NmrUjLUAEQEAAcLBdgQYAQIAIAIbDBYhBNw07l2yQXvMFR5RAOX4+CEvd6SYBQJeCb+w AAoJEOX4+CEvd6SYnQwQAKUN8F1N3G5rRgdyorRjX9+NEvZSn6sFAZZsngkO1fWny3z9PoGS 9n3OrKdqO2U9NdwvdWELyuFIv+3spd6Mn6DSYLSfqjg9i+YGC3AiQNoRR+VX1FWQ/TatFLpq +o1Lby04sWABhKic6pCxeCPXY2CzE7DSfUtMwBsPheK4JhpQNt6U4+7x24QIHbxcivpTq59V 7fZB8JpUgoN1k7DEAes9MEd1iOKM6ZucKgx1Q3elaS8DjRW7nJl+U9eaufa3BVt3+J3eL3Lr Q6ep4IDNEkQJoOwJytBzVQJcGkE0pdkSjO4jEocsNcQRVTahOazuYVUyYezqHDxUltAJqBux jnyyR2zZayDCoX82+UI0jtubwz1rFMqCdzID8n3PPn0AlmcHAsSNnCv4mIhI+tofc6bndNcu tJZMjoYA1MmEhgx1TStQptAQP/ZRNwV2TZFR20gwQWV1p/5R/GTlP3olNdC9Ojy0AmFMBLZb x7PI75HVJ2wtF8aq7vo2iltEM1k1zhl0Su5Ov/TEBq6JhqD5UzpqJPV6tTz76EEXfx58AxFh fVkytieLXCPI0kQTWfenexd9DUANCoa/TfYIEOi7YHJGYx/DpjfSPfThDxTGfWt0WaMILpOq +YTFA468fQW5xgeVvJlBNry4dT1XXgVbe/H+CN7q7C0Y1Ng11VOfO65X In-Reply-To: <6B191946-D3AB-46D4-B2CF-599ECC642B26@strandkip.nl> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------usEcN5mqlSWqtsJbIx6OIrPY" Message-ID-Hash: RSQVCLQKQVUMJKSS42WXAESNCPL7ZARB X-Message-ID-Hash: RSQVCLQKQVUMJKSS42WXAESNCPL7ZARB X-MailFrom: willem@nlnetlabs.nl X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Paul Hoffman , dnsop , dnsop-chairs X-Mailman-Version: 3.3.9rc4 Precedence: list Subject: =?utf-8?q?=5BDNSOP=5D_Re=3A_=5BExt=5D_=5BDNSOP=5DRequesting_final_comments_o?= =?utf-8?q?n_draft-ietf-dnsop-rfc8109bis?= List-Id: IETF DNSOP WG mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------usEcN5mqlSWqtsJbIx6OIrPY Content-Type: multipart/mixed; boundary="------------WZuYiF7nD0zWNXiAtOlf0HlL"; protected-headers="v1" From: Willem Toorop To: jabley@strandkip.nl, Tim Wicinski Cc: Paul Hoffman , dnsop , dnsop-chairs Message-ID: <2a5dae5f-271a-4428-9e8f-6930ef0d5c02@nlnetlabs.nl> Subject: Re: [DNSOP] Re: [Ext] [DNSOP]Requesting final comments on draft-ietf-dnsop-rfc8109bis References: <3B172CF5-F76C-4B21-984D-F19CF5B40F48@icann.org> <6B191946-D3AB-46D4-B2CF-599ECC642B26@strandkip.nl> In-Reply-To: <6B191946-D3AB-46D4-B2CF-599ECC642B26@strandkip.nl> --------------WZuYiF7nD0zWNXiAtOlf0HlL Content-Type: multipart/mixed; boundary="------------tWjhwGG75QqmBZBdAkwko83C" --------------tWjhwGG75QqmBZBdAkwko83C Content-Type: multipart/alternative; boundary="------------zggA0I77Kl9qpNPwUoKAxX0q" --------------zggA0I77Kl9qpNPwUoKAxX0q Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SGkgSm9lLA0KDQpDb21tZW50cyBpbmxpbmUuDQoNCk9wIDA3LTA2LTIwMjQgb20gMTA6MzMg c2NocmVlZiBqYWJsZXlAc3RyYW5ka2lwLm5sOg0KPiBIaSBUaW0sIGFsbCwNCj4NCj4gT24g SnVuIDcsIDIwMjQsIGF0IDAxOjExLCBUaW0gV2ljaW5za2k8dGp3LmlldGZAZ21haWwuY29t PiAgd3JvdGU6DQo+DQo+PiBPbiBXZWQsIEp1biA1LCAyMDI0IGF0IDEyOjI44oCvUE0gUGF1 bCBIb2ZmbWFuPHBhdWwuaG9mZm1hbkBpY2Fubi5vcmc+ICB3cm90ZToNCj4+DQo+Pj4gVGlt IGp1bXBlZCB0aGUgZ3VuIGJ5IGFib3V0IGFuIGhvdXI6IHdlIGp1c3Qgc3VibWl0dGVkIHRo ZSAtMDUuIEl0IGluY29ycG9yYXRlcyB0aGUgc3VnZ2VzdGVkIHRleHQgZnJvbSBiZWxvdzsg eW91IGNhbiBzZWUgdGhlIGRpZmYgYXQ6DQo+Pj4gICAgIGh0dHBzOi8vYXV0aG9yLXRvb2xz LmlldGYub3JnL2lkZGlmZj91cmwyPWRyYWZ0LWlldGYtZG5zb3AtcmZjODEwOWJpcy0wNQ0K Pj4gSSBhbSBndWlsdHkgYXMgY2hhcmdlZC4gIEJ1dCBvdXIgY29tbWVudCBvbiB3ZSB3b3Vs ZCBsaWtlIHBlb3BsZSB0byByZXZpZXcgdGhlIGNoYW5nZXMuDQo+IDMuMyBETlNTRUMgd2l0 aCBQcmltaW5nIFF1ZXJpZXMNCj4NCj4gSSBrbm93IHBlcmZlY3RseSB3ZWxsIHdoYXQgInRo ZSByb290IE5TIFJSc2V0IiBpcywgYnV0IGl0IHNlZW1zIGxpa2UgaXQgY291bGQgYmUgbWFk ZSBhIGxpdHRsZSBtb3JlIGNsZWFyIHdpdGggb25seSBhIHNtYWxsIGNoYW5nZSBhcyAidGhl IGFwZXggTlMgUlJzZXQgaW4gdGhlIHJvb3Qgem9uZSIsICJyb290IHpvbmUiIGJlaW5nIGEg d2VsbC1kZWZpbmVkIHRlcm0gb2YgYXJ0IHdoZXJlYXMgInJvb3QiIGFzIGFkamVjdGl2ZSBi ZWluZyBhIGJpdCB2YWd1ZS4NCj4NCj4gTW9yZSBzdWJzdGFudGlhbGx5LCB0aGlzIHNlY3Rp b24gZGVzY3JpYmVzIGEgc2VyaWVzIG9mIHZ1bG5lcmFiaWxpdGllcyB0aGF0IHdvdWxkIGJl IG1pdGlnYXRlZCBieSBzaWduaW5nIHRoZSBST09ULVNFUlZFUlMuTkVUPGh0dHA6Ly9yb290 LXNlcnZlcnMubmV0Lz4gIHpvbmUuDQpVbmZvcnR1bmF0ZWx5IG5vdC4gSSB3b3VsZCBzYXkg dGhhdCBoYXZlIHRoZSBwb3RlbnRpYWwgdG8gYmUgbWl0aWdhdGVkIA0KYnkgYSBzaWduZWQg cm9vdC1zZXJ2ZXJzLm5ldCBvbmUsIGJ1dCBhdCB0aGUgdGltZSBvZiB3cml0aW5nLCBhIHNp Z25lZMKgIA0Kcm9vdC1zZXJ2ZXJzLm5ldCB6b25lIHdvdWxkIGhhdmUgaW1wYWN0LiAoc2Vl OiANCmh0dHBzOi8vd3d3LmljYW5uLm9yZy9lbi9zeXN0ZW0vZmlsZXMvZmlsZXMvcmVkdWNl ZC1yaXNrLXJlZGlyZWN0ZWQtcXVlcnktdHJhZmZpYy1zaWduZWQtcm9vdC1uYW1lLXNlcnZl ci1kYXRhLTIybWF5MjQtZW4ucGRmIA0KKQ0KPiBIb3dldmVyLCBpdCBkb2VzIG5vdCBtZW50 aW9uIHRoYXQgYSB2YWxpZGF0aW5nIHJlc29sdmVyIHRoYXQgcmVjZWl2ZWQgYSByb2d1ZSBy ZXNwb25zZSBmcm9tIGFuIGltcG9zdGVyIHJvb3Qgc2VydmVyIGhhcyB0aGUgZXZlbnR1YWwg b3Bwb3J0dW5pdHkgdG8gZGlzY2FyZCBzaWduZWQgUlJTZXRzIHdob3NlIHNpZ25hdHVyZXMg ZG8gbm90IHZhbGlkYXRlOyBieSBub3QgbWVudGlvbmluZyB0aGlzIHRoZXJlIGlzIHBlcmhh cHMgc29tZSBkYW5nZXIgdGhhdCBhIGNhc3VhbCByZWFkZXIgd291bGQgaW5mZXIgYSBncmVh dGVyIG92ZXJhbGwgdnVsbmVyYWJpbGl0eSByZXN1bHRpbmcgZnJvbSBhbiB1bnNpZ25lZCBS T09ULVNFUlZFUlMuTkVUPGh0dHA6Ly9yb290LXNlcnZlcnMubmV0Lz4gIHpvbmUgdGhhbiBp biBmYWN0IGV4aXN0cy4NCkFncmVlLCB3ZSBjb3VsZCBtZW50aW9uIHRoZSBvcHBvcnR1bml0 eS4gQnV0IGl0IHJlcXVpcmVzIGNoYW5nZXMgaW4gDQpyZXNvbHZlciBzb2Z0d2FyZSBiZWhh dmlvciAoc2VlIGFnYWluIHRoZSBhYm92ZSBxdW90ZWQgcmVwb3J0KS4NCj4gSW5jbHVkaW5n IHNpZ25lZCBSUlNldHMgZnJvbSB0aGUgUk9PVC1TRVJWRVJTLk5FVDxodHRwOi8vcm9vdC1z ZXJ2ZXJzLm5ldC8+ICB6b25lIGluIHRoZSBwcmltaW5nIHJlc3BvbnNlIHdvdWxkIHJlc3Vs dCBpbiBsYXJnZXIgcmVzcG9uc2VzLA0KU2lnbmVkIHJvb3Qgc2VydmVyIGFkZHJlc3NlcyBp bmNsdWRlZCB3aXRoIHRoZSBwcmltaW5nIHJlc3BvbnNlIGNhbm5vdCANCmhlbHAuIEEgcmVz b2x2ZXIgY2Fubm90IGRldGVybWluZSB3aGV0aGVyIHRob3NlIGFyZSBhdXRob3JpdGF0aXZl bHkgDQpwcmVzZW50IGluIHRoZSByb290IHpvbmUgb3Igbm90IChhbmQgaWYgdGhleSBhcmUg bm90IHRoZXkgY2FuIGJlIA0KaW5jbHVkZWQgd2l0aG91dCBzaWduYXR1cmVzLCBzbyBhbiBh ZHZlcnNhcnkgY2FuIGFsd2F5cyByZXBsYWNlIHNpZ25lZCANCnJvb3Qgc2VydmVyIGFkZHJl c3NlcyB3aXRoIHNwb29mZWQgYWRkcmVzc2VzIHdpdGhvdXQgc2lnbmF0dXJlczsgc2VlIA0K c2VjdGlvbiAiRE5TU0VDIHNpZ25lZCByb290IHNlcnZlciBhZGRyZXNzZXMgaW4gdGhlIHBy aW1pbmcgcmVzcG9uc2UiIGluIA0KdGhlIGFib3ZlIHF1b3RlZCByZXBvcnQ6IA0KaHR0cHM6 Ly93d3cuaWNhbm4ub3JnL2VuL3N5c3RlbS9maWxlcy9maWxlcy9yZWR1Y2VkLXJpc2stcmVk aXJlY3RlZC1xdWVyeS10cmFmZmljLXNpZ25lZC1yb290LW5hbWUtc2VydmVyLWRhdGEtMjJt YXkyNC1lbi5wZGYjaC50Yjdtd2M3aHJ0MTggDQopDQo+IHRvIHdoaWNoIGluIHRoZSBwYXN0 IHRoZXJlIGhhcyBiZWVuIHNvbWUgc2Vuc2l0aXZpdHkuIFNpbmNlIGEgcHJpbWluZyBxdWVy eSB3aXRoIERPPTEgZGVmaW5pdGVseSBoYXMgRUROUygwKSBhcyBhbiBvcHRpb24gdGhpcyBp cyBub3QgYSBzaG93IHN0b3BwZXIsIGJ1dCBpZiB0aGUgcHJldmlvdXMgc2Vuc2l0aXZpdGVz IGFyb3VuZCBhbGwgb2YgdGhpcyBhcmUgbm8gbG9uZ2VyIGEgY29uY2VybiBJIHRoaW5rIGl0 IHdvdWxkIG1ha2Ugc2Vuc2UgdG8gc2F5IHNvIGV4cGxpY2l0bHkgd2hlbiBzcGVjdWxhdGlu ZyBhYm91dCBmdXR1cmUgc2lnbmF0dXJlcyBpbiB0aGF0IHpvbmUuICBUaGUgY2hhaW4gb2Yg dHJ1c3QgZnJvbSBhIHJvb3Qgem9uZSB0cnVzdCBhbmNob3IgdGhyb3VnaCBhIHNpZ25lZCBk ZWxlZ2F0aW9uIHRvIE5FVCBhbmQgdGhlbmNlIHRvIFJPT1QtU0VSVkVSUy5ORVQ8aHR0cDov L3Jvb3Qtc2VydmVycy5uZXQvPiAgd291bGQgYWxzbyBkZXNlcnZlIHNvbWUgc2NydXRpbnkg ZnJvbSB0aGUgcGVyc3BlY3RpdmUgb2YgYSBwcmltaW5nIHJlc3BvbnNlIHdoaWNoIGlzIHBy ZXN1bWFibHkgb2Z0ZW4gbGFuZGluZyBvbiBhbiBlbXB0eSBjYWNoZTsgdGhlIGFiaWxpdHkg dG8gdmFsaWRhdGUgdGhvc2Ugc2lnbmF0dXJlcyByZXF1aXJlcyBxdWVyaWVzIHRvIGJlIHNl bnQgdG8gYXMteWV0IHVudHJ1c3RlZCByb290IHNlcnZlcnMuIEl0IHNlZW1zIG9kZCBub3Qg dG8gbWVudGlvbiB0aGlzIGFzIHNvbWV0aGluZyB0aGF0IHdvdWxkIG5lZWQgd29yaywgZ2l2 ZW4gdGhlIGRlcHRoIG9mIHRoZSBvdGhlciB0ZXh0IHRoYXQgaXMgaW5jbHVkZWQuDQpBZ3Jl ZSwgdGhpcyBuZWVkcyB3b3JrLiBJIGFtIHdvcmtpbmcgb24gdGV4dCB3aXRoaW4gdGhlIGRl bGVnYXRpb24gDQpyZXZhbGlkYXRpb24gZHJhZnQgdGhhdCBleHBsaWNpdGx5IGFkZHJlc3Nl cyB0aGlzLiBQZXJoYXBzIGl0IHNob3VsZCBiZSANCnJlZmVyZW5jZWQgZnJvbSBoZXJlIChi dXQgSSBzdGVlbCBuZWVkIHRvIHVwZGF0ZSB0aGUgdGV4dCBhbmQgc3VibWl0IHRoZSANCm5l dyB2ZXJzaW9uKS4NCj4gVGhlIGZpbmFsIHBhcmFncmFwaCBtYWtlcyBhIHJlZmVyZW5jZSB0 byBhIG5hbWluZyBzY2hlbWUsIHByZXN1bWFibHkgcmVmZXJyaW5nIHRvIHRoZSBuYW1lcyBj aG9zZW4gZm9yIHJvb3Qgc2VydmVycyAoYnV0IHRoYXQgY291bGQgYmUgbW9yZSBjbGVhciku IFRoZSBSU1NBQyB3cm90ZSBxdWl0ZSBhIGxhcmdlIGRvY3VtZW50IGFib3V0IHRoaXMgc3R1 ZmYgYW5kIEkgY2VydGFpbmx5IGRvbid0IGhhdmUgYWxsIG9mIHRoZWlyIGNvbmNsdXNpb25z IHN3YXBwZWQgaW4sIGJ1dCB0aGFua3MgdG8gdGhlIGxhdGUgQmlsbCBNYW5uaW5nJ3MgZmxh c2ggb2YgaW5zaWdodCB0aGUgY3VycmVudCBzY2hlbWUgZmVhdHVyZXMgYSBoaWdoIGRlZ3Jl ZSBvZiBuYW1lIGNvbXByZXNzaW9uIGFscmVhZHkgYW5kIHJlZHVjaW5nIHRoZSBzaW5nbGUg bGFiZWwgIlJPT1QtU0VSVkVSUy5ORVQ8aHR0cDovL3Jvb3Qtc2VydmVycy5uZXQvPiIgdG8g c29tZXRoaW5nIHNtYWxsZXIgaXMgbm90IGdvaW5nIHRvIHN1YnN0YW50aWFsbHkgcmVkdWNl IHRoZSBzaXplIG9mIHRoZSBwcmltaW5nIHJlc3BvbnNlLg0KDQpJIGFzc3VtZSB5b3UgYXJl IHJlZmVycmluZyB0byBSU1NBQzAyOC4gTm90ZSB0aGF0IHdlIGFsc28gZGlkIGFuIA0KZXh0 ZW5zaXZlIGV2YWx1YXRpb24gb2YgdGhvc2UgbmFtaW5nIHNjaGVtZXMgYW5kIGhhdmUgd3Jp dHRlbiB0aGF0IGFsbCANCmRvd24gaW4gYW5vdGhlciByZXBvcnQ6IA0KaHR0cHM6Ly93d3cu aWNhbm4ub3JnL2VuL3N5c3RlbS9maWxlcy9maWxlcy9yc3NhYzAyOC1pbXBsZW1lbnRhdGlv bi1zdHVkeS1yZXBvcnQtMjdzZXAyMy1lbi5wZGYNCg0KPiBJdCBmZWVscyBsaWtlIHBhcnQg b2YgdGhlIHNvbHV0aW9uIHNwYWNlIGhlcmUgaXMgdG8gY29uc2lkZXIgcm9vdC1zZXJ2ZXIg bmFtZXMgdGhhdCBsaXZlIGluIHRoZSByb290IHpvbmUgYW5kIG5vdCBpbiBhIGNoaWxkIHpv bmUsIHdoaWNoIGlzIGEgZGlmZmVyZW50IGNvbnNkZXJhdGlvbiBmcm9tIHRoZSBuYW1pbmcg c2NoZW1lLiBNYWlubHkgdGhpcyBwYXJhZ3JhcGggcmVhZHMgbGlrZSBhIHRocm93YXdheSBj b21tZW50IHRoYXQgZG9lc24ndCBpbmNsdWRlIGVub3VnaCBkZXB0aCB0byBiZSB1c2VmdWwu IEl0IHNob3VsZCBhdCBsZWFzdCBzYXkgc29tZXRoaW5nIGFsb25nIHRoZSBsaW5lcyBvZiAi dGhpcyBpcyBjb21wbGljYXRlZCIuDQoNClVuZm9ydHVuYXRlbHksIGFzIEkgbWVudGlvbmVk IGFib3ZlLCBzaWduZWQgcm9vdCBzZXJ2ZXIgYWRkcmVzc2VzIA0KaW5jbHVkZWQgd2l0aCB0 aGUgcHJpbWluZyByZXNwb25zZSBjYW5ub3QgaGVscC4gSG93ZXZlciwgcmV2YWxpZGF0aW5n IA0KdGhlIHJvb3Qgc2VydmVyIGFkZHJlc3NlcyB3b3VsZCBoZWxwLCBzbyBJIGRvIHRoaW5r IGFsdGVybmF0aXZlIHRleHQgZm9yIA0KdGhlIGxhc3QgcGFyYWdyYXBoIGlzIG5lZWRlZC4g SG93IGFib3V0IHRoaXM6DQoNCiDCoMKgwqAgIkROU1NFQyB2YWxpZGF0aW9uIG9mIHRoZSBw cmltaW5nIHF1ZXJ5IGlzIHZhbHVhYmxlIHdoZW4gDQpyb290LXNlcnZlcnMubmV0IHpvbmUg d2lsbCBiZSBETlNTRUMgc2lnbmVkICphbmQqIHJlc29sdmVycyByZXZhbGlkYXRlIA0KdGhl IHJvb3Qgc2VydmVyIGFkZHJlc3NlcywgYnkgZm9sbG93aW5nIHVwIHdpdGggZGlyZWN0IEEg YW5kIEFBQUEgDQpxdWVyaWVzIGZvciB0aGUgbmFtZXMgb2YgdGhlIHJvb3QgTlMgUlJzZXQi DQoNCi0tIFdpbGxlbQ0KDQo+IEkgcmVhbGlzZSB0aGF0IGF0IHRoZSB0aW1lIG9mIHdyaXRp bmcgaXQgaXMgbm90IGJlZm9yZSBKdW5lIDE0Lg0KPg0KPiBIYXBweSB0byBjb250cmlidXRl IHRleHQgaWYgb3RoZXIgcGVvcGxlIHRoaW5rIHRoYXQgaW4gdGhpcyBwYXJ0aWN1bGFyIGNh c2UgSSBhbSBub3QgY29tcGxldGVseSBpbnNhbmUuDQo+DQo+DQo+IEpvZQ0KPiBfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBETlNPUCBtYWls aW5nIGxpc3QgLS1kbnNvcEBpZXRmLm9yZw0KPiBUbyB1bnN1YnNjcmliZSBzZW5kIGFuIGVt YWlsIHRvZG5zb3AtbGVhdmVAaWV0Zi5vcmcNCg== --------------zggA0I77Kl9qpNPwUoKAxX0q Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Joe,

Comments inline.

Op 07-06-2024 om 10:33 schreef jabley@strandkip.nl:
Hi Tim, all,

On Jun 7, 2024, at 01:11, Tim Wicinski <tjw.ietf@gmail.com> wrote:=



On Wed, Jun 5, 2024 at 12:=
28=E2=80=AFPM Paul Hoffman <paul.hoffman@icann.org> wrote:


Tim jumped the gun by ab=
out an hour: we just submitted the -05. It incorporates the suggested tex=
t from below; you can see the diff at:
   https://author-tools.iet=
f.org/iddiff?url2=3Ddraft-ietf-dnsop-rfc8109bis-05

I am guilty as charged.  But our comment on we would like people to revie=
w the changes. =20

3.3 DNSSEC with Priming Queries

I know perfectly well what "the root NS RRset" is, but it seems like it c=
ould be made a little more clear with only a small change as "the apex NS=
 RRset in the root zone", "root zone" being a well-defined term of art wh=
ereas "root" as adjective being a bit vague.

More substantially, this section describes a series of vulnerabilities th=
at would be mitigated by signing the ROOT-SERVERS.NET <http://root-servers=
=2Enet/> zone.
Unfortunately not. I would say that have the potential to be mitigated by a signed root-servers.net one, but at the time of writing, a signed=C2=A0 root-servers.net zone would have impact. (see= : https://www.icann.org/en/system/files/files/reduc= ed-risk-redirected-query-traffic-signed-root-name-server-data-22may24-en.= pdf )
However, it does not mention=
 that a validating resolver that received a rogue response from an impost=
er root server has the eventual opportunity to discard signed RRSets whos=
e signatures do not validate; by not mentioning this there is perhaps som=
e danger that a casual reader would infer a greater overall vulnerability=
 resulting from an unsigned ROOT-SERVERS.NET <http://root-servers.net/>=
 zone than in fact exists.
Agree, we could mention the opportunity. But it requires changes in resolver software behavior (see again the above quoted report). 
Including signed RRSets from=
 the ROOT-SERVERS.NET <http://root-servers.net/> zone in the primin=
g response would result in larger responses,
Signed root server addresses included with the priming response cannot help. A resolver cannot determine whether those are authoritatively present in the root zone or not (and if they are not they can be included without signatures, so an adversary can always replace signed root server addresses with spoofed addresses without signatures; see section "DNSSEC signed root server addresses in the priming response" in the above quoted report: https://www.icann.org/en/system/fi= les/files/reduced-risk-redirected-query-traffic-signed-root-name-server-d= ata-22may24-en.pdf#h.tb7mwc7hrt18 )
to which in the past there h=
as been some sensitivity. Since a priming query with DO=3D1 definitely ha=
s EDNS(0) as an option this is not a show stopper, but if the previous se=
nsitivites around all of this are no longer a concern I think it would ma=
ke sense to say so explicitly when speculating about future signatures in=
 that zone.  The chain of trust from a root zone trust anchor through a s=
igned delegation to NET and thence to ROOT-SERVERS.NET <http://root-server=
s.net/> would also deserve some scrutiny from the perspective of a=
 priming response which is presumably often landing on an empty cache; th=
e ability to validate those signatures requires queries to be sent to as-=
yet untrusted root servers. It seems odd not to mention this as something=
 that would need work, given the depth of the other text that is included=
=2E
Agree, this needs work. I am working on text within the delegation revalidation draft that explicitly addresses this. Perhaps it should be referenced from here (but I steel need to update the text and submit the new version).
The final paragraph makes a =
reference to a naming scheme, presumably referring to the names chosen fo=
r root servers (but that could be more clear). The RSSAC wrote quite a la=
rge document about this stuff and I certainly don't have all of their con=
clusions swapped in, but thanks to the late Bill Manning's flash of insig=
ht the current scheme features a high degree of name compression already =
and reducing the single label "ROOT-SERVERS.NET <http://root-servers.net/&=
gt;" to something smaller is not going to substantially reduce the si=
ze of the priming response.

I assume you are referring to RSSAC028. Note that we also did an extensive evaluation of those naming schemes and have written that all down in another report: https:= //www.icann.org/en/system/files/files/rssac028-implementation-study-repor= t-27sep23-en.pdf

It feels like part of the so=
lution space here is to consider root-server names that live in the root =
zone and not in a child zone, which is a different consderation from the =
naming scheme. Mainly this paragraph reads like a throwaway comment that =
doesn't include enough depth to be useful. It should at least say somethi=
ng along the lines of "this is complicated".

Unfortunately, as I mentioned above, signed root server addresses included with the priming response cannot help. However, revalidating the root server addresses would help, so I do think alternative text for the last paragraph is needed. How about this:<= /p>

=C2=A0=C2=A0=C2=A0 "DNSSEC validation of the priming query is valu= able when root-servers.net zone will be DNSSEC signed and resolvers revalidate the root server addresses, by following up with direct A and AAAA queries for the names of the root NS RRset"

-- Willem

I realise that at the time of writing it is not before June 14.

Happy to contribute text if other people think that in this particular ca=
se I am not completely insane.


Joe
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-leave@ietf.org
--------------zggA0I77Kl9qpNPwUoKAxX0q-- --------------tWjhwGG75QqmBZBdAkwko83C Content-Type: application/pgp-keys; name="OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc" Content-Disposition: attachment; filename="OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07 WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20 tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ 45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB zSNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPsLBjwQTAQIAOQIb IwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQTcNO5dskF7zBUeUQDl+PghL3ek mAUCXgm/sAAKCRDl+PghL3ekmLEOD/0W50GFW5OfS/aZ3k7BfoBgSYEpgs3wUPxF Cvkw4LsREcSLSdE9jFfIWh7sGiS1yP/kQGZr/yUnR58nAjGr9exyB90VsgEQqUlb ks5nCqQZZrMcZRgHCB0IitYZqewBfl/GON/mqApTEQXgTJS70wi66828X7AyCA6k PgUfDl5V/zOE0GKm8ejNtKIIEnscNHUwpNpwTF/EegU6Fo6Ih4/bMvpgRytCgIi1 tdmWETeyKjL7ASIGZL0kZkTfhQZV+V5NgToDnMFxPyndvv57Fip2mUSPkAAWRhgq ApL797C/KMpc1mCK43g6gD21KP01e5yz1BnSc09NJ7huLHYDFQKRBCfbUZuJe0KS ibpRgmNEYaWT1sxByxqPbTmWDgvRXy4TGhkPm21wLqRACVmymd/KiFHdaB5NzWzr C5C0eWSCs2oziDuySzf8/71sI8pNwjqBIp/8zA8ZI9AZrCkgzeuEeyKBcjW8O83i Jkx2S9CC0KBrryvTi2QwitHX+WxJnGlOFNLQG4fp9/6EDuPUEKgmbqaiooCgDyU4 aHYPFpUrHTc8aajahJ29wcXkWkIrm6rBmWzT/+05jyrrMl0HoSmZIqhwgtGHrWw+ bnCxBZV2JOynDE0n+z4zh8N4rQ1vvCXu36CcR/62YFTliLVKowkFtqO+om6DO8MB ws/FoYnw/MLBfgQTAQIAKAUCTWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQ5fj4IS93pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WY Y4xB6ImupAy+WzAB2UfHGEySnv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907 PdzLA7TWEdx0HZxJw7W4dlSiHfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5 MDpmJyo/5qC5qBPU4knGudrPdIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM 0HW30d/2B6O4c4q/iFp9yVklF4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqd LYTkA+ZzPJCpbsBB0UmUsZ7A0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJ Kh92Yqcq+A+HaEJTJKinM1yAWkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nB l/oxwhuJ5ifzbOgRKX/3B/U+bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhE SNzim7KSx+FQcrAMBPKg9M1wDy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUE bR9zDpvxA7MzX18D10rC7GWBTdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ik Ri15QU0nFwydtChb7HLSSpZUNUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1v pl+Gf6b6E2nCwX4EEwECACgCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW 1BOaBQkQ6+5JAAoJEOX4+CEvd6SYhnwP/AtfvzPhGkCLVc0P4jwm2oAU6ljkorKT MyZ3vYJopicz7PpcYJ61zrmJSAcsB6VgdiZs+OYfgnOPnYuPFkH1fbRxDZ/TFRZM Cs0nXGOr+XqLesUmORUR0ttujD0fVCfP8+T75Ys2VFW2zPjYMYN0cdOOUNBZ0JtK OVWrBCdT6EdwkohCyaGdd7pE5OaUJSslZJ1Ch9RNXbPl7YNY6WQaoi4gc3C5ClmK gb61yOlwBD6/sKEYI98VfD9uFI9t9riu8aHvNo1iHmVl7fwGxwUpjTljyIDHfYtx Y3Xkw5pebGUstwZQ2DK/ISDXp4WC4XS6SZ18D3LGo9Ir3FfsUoy7UodJhOILnXFY ZOV0dTOnpkpQEwuvgap9DPSTU5+Eh4ZDUsqPO2j8CqlhQ5b4wGZUcj8pvZoiQZc3 nIdrjpWEpOhhbnmnezKRgIqX+T8DTUSgzA4t8vh+O2Btos266o93DmXamZhK8K8w lPMVZMc2PxGOsPzDTBTXqpl1RscyGfMvSgIx+iTvejPwMUuJlxyYdaHHx7UpvdAI cvxzySvtvufiIJAMpirL8iG747OxXHDFKPjokj1mIvsTvzVwOKQZVLhpleeSqIO8 ptX5c6PDg/bh3yz61TkQR4J7CE283/b4CdHpsvH8TApMxU99+IAtTlYQ9X39X62z 18lW3BiPADvqzsFNBE1s81EBEACk7OIVs/eCuuj7bB4/3AbR5iQicfQbBz/HqFI3 eIgUe3FoE04LdTxgjQcwjxiLlImvNPHasbtS/Dlo0KcFwwo16gIm59JgiTETjVbM 8SSpI2J2RihjqPHIOzpkAWchHeqq38VX/3cBy7HUEyWc8/WxjsbmFQALtKtzx1uY BhXPqad3jeO6sxjMRI7KBE4/3JWsY6orKIRtd/4ZD+j7w6A+zjnThnUED/G+BkQQ +q2fxajC7+AvNMw58wh9ay6TRkKZX9Wp8tOlkwLAy+H+oBACx+tkyMTl+FO1sXrr x8cilzgLjfnsfzLxdms9duGG3Fgu7dXalVt8rNtMymnpnpsl0isVemjJ+CgXCRdw nTNaAAWQ8r4i/Xpe0P8kMpaWQuhJeEKMGjyDgLsznSHOnLjOj01rwQK3ClYEIVny bIX3hZn5Mac/4VnPSuNMgo5m/oT2SK90W10rECLVFJAajkjBza6CIF/iGljKt3u8 jB3TKpSq9JVOdpXwW3xAo5XgfzTuCt0hiQT804C7c3vi7FsUiUKEDFir+iEsEK1t 67JlI6oEDa0hkTl960cvDb7s62r7OGtxZnVKRyFsNin2NjOgLF/RwRbkbIpoKhY0 JuVW6lwOzbRyQpwNUb6l5YP4iecPgxJR6LMcIx0vlG3owxplUPiE6pYd/fdaLD42 atSMtQARAQABwsF2BBgBAgAgAhsMFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAl4J v7AACgkQ5fj4IS93pJidDBAApQ3wXU3cbmtGB3KitGNf340S9lKfqwUBlmyeCQ7V 9afLfP0+gZL2fc6sp2o7ZT013C91YQvK4Ui/7eyl3oyfoNJgtJ+qOD2L5gYLcCJA 2hFH5VfUVZD9Nq0Uumr6jUtvLTixYAGEqJzqkLF4I9djYLMTsNJ9S0zAGw+F4rgm GlA23pTj7vHbhAgdvFyK+lOrn1Xt9kHwmlSCg3WTsMQB6z0wR3WI4ozpm5wqDHVD d6VpLwONFbucmX5T15q59rcFW3f4nd4vcutDp6nggM0SRAmg7AnK0HNVAlwaQTSl 2RKM7iMShyw1xBFVNqE5rO5hVTJh7OocPFSW0AmoG7GOfLJHbNlrIMKhfzb5QjSO 25vDPWsUyoJ3MgPyfc8+fQCWZwcCxI2cK/iYiEj62h9zpud01y60lkyOhgDUyYSG DHVNK1Cm0BA/9lE3BXZNkVHbSDBBZXWn/lH8ZOU/eiU10L06PLQCYUwEtlvHs8jv kdUnbC0Xxqru+jaKW0QzWTXOGXRK7k6/9MQGromGoPlTOmok9Xq1PPvoQRd/HnwD EWF9WTK2J4tcI8jSRBNZ96d7F30NQA0Khr9N9ggQ6LtgckZjH8OmN9I99OEPFMZ9 a3RZowguk6r5hMUDjrx9BbnGB5W8mUE2vLh1PVdeBVt78f4I3ursLRjU2DXVU587 rlfCwXwEGAECAA8CGwwFAlbUE5oFCRDr7kkAIQkQ5fj4IS93pJgWIQTcNO5dskF7 zBUeUQDl+PghL3ekmMHDEACeSjkJIUNf9mpb3uxq01pwAIdIA44zz+PPWnZC0lLB utsuwlEyk3WZKeNdY8FOZeg/hIYca3FNVnGtgKlIwQcyo5XjIrdCVSdBed/4JK+j ZR3eukKH+UUtUeobZLLkh61/9P4Yayg930Mh1Mc7RoWVbbJFA/FKttim/W/ZoAKB E7jXXiqR7HaPfp2KqUuh385Tg5DnWe5J6yNOtQz0XPqKQEnVQONqSMBd78eJHFSZ 2/gsA0Kayj4afXsKjmVR2mfd9rzNPA00CAubpEGIFJJ1pgTEz2KvqketxYvk36Jk qdWZ8TkIG5/OJmrtXUTcjgVG68M3h5yFt/nxzpjEFAOx31Vkwl4VZjrTDgkRekdB 23Xb0ZLUU3/Y9Dw2YBRdgKRhiTou/W2cYkJIucPc5svJab6yMDnIArYfxZT6e62w MXrfIUm6M0ymYHduL37r31POzJA1Up3Z8ffxyCTWBkVvo1vH36WtMjDMAkmU67xT BtHQeAa5GatanQQibe1zLjGpYXcJq+czbYEA4ooof6qfDHwFGvHnxygdAUyzBbhb sGj6OkptAnhFXZxdQRuYdthShcMdnK/9HM4jjp1cChYVzegKiouqmxlhmy0nhQkd cHloeLXPEkPDMrGx+WZIp8hSveCVFYLL/KVw8wRfM8FvepsYUxRuiKhSOou41XhJ JsLBewQYAQIADwUCTWzzUQIbDAUJCWYBgAAhCRDl+PghL3ekmBYhBNw07l2yQXvM FR5RAOX4+CEvd6SY7XQP+OHNW6pjHXXf8Yoqon3vnEFhGNF4CSocMnw8xkH9dLyX bzobXaUrlc/qaGGLMfKq7m+C8w7ZNOuY3gEFh4pIFPyBETntSzqjVuPJYsQi8L5N PVn46eZJE5ZChygqZRnNCx8/A2Fa6iI7J278vFzUkheHwX9wsJZ679zFRiNEOZtB gO/XXBGFqD1raR5mD4IQ52Yk8ah9mIuvk2fSa4Tctd+McwPClHxMI4c0rdzLeXD2 wZLz9d1fdRJ+KJ8msv2gVitEoDLtRa4fyFXcpn1UElzNNsFvIH5DibD05f9F/mAy ilOzIlNIaP8NPYrKC7B4HuH+YvLA5vxGj1fM95XO2fKyfjy20W/EF71MqWmjZNxk nqXFfwMlIF6qd/2d+EQxw75TKXc4KNDjLAARy7iF5xMbRLH8Umews/8SXnJVwjMj n8boyIRNYT2rdoM+SafZR/rms86zWy3c4qD3HzhPdP7NpSGuB84zMuXrLHnRAK2P ms4qAGfBtZD2HdGKsCHWZgWqdFtZRNgw3kyfYdzIiTVLGmID2RilwjF7bV8YjY0M 9tqxHJV49vQdMImHG7spY7EUWasLTEIg3a+xTCDsusqxzsYKUi7MiDvR1TnKYc3U kzxBL6/WMdA+/yOyOkFkcp4yI2lH9iL+eaF0kxVOmjCyV+P9+X8LLhuMZfyFvZjG wOIESiZrehEEAIm9lv6/dqeg5G4OKrytzqq3bQRBOfu0QINdqyHuG9152N2E5vp1 D/143rITeYV+QjbtmZzP28lcegRVxZ0UlZguwr9XWEa1hVmk45IevYzoe8LFx4Dq sjSuvy0LN2pq9pJg1My58dMKRvGNL4Dh44l2q6h3n3QLaNcAmzijkF7LAKDq0EU/ jfTea8WYQHAo1DYcC59vSwP/UVjblr69AX75phLTb2k9rSMufd7ub/fJ+Kkjz+8U Vbwy9kX9JcIekauvZX38z7J1uZ2lNISDwNXm/ej37eK6jBBpF9zJunMtvppNzKXS /7prp5+u6HLbnCQxN0Nh3BAMI0QHsjl+0oKp1nzgAsik6OXSiUMHfu13Ax+o91rG 5fUEAIMmfK+2vhyx4Esk3nnT2ih+RGUoKbXhrme7M9fMkc0rGCUi88htwkLLR8td JoayBmzR8aT+ICt04wJOuFVV3+JVwM3vl3x5izIw26uAlunQ1SY5KkD97np3xpj7 8TGXkvQ7mfJ4I9S1NRDdj8KB6uu15twjP4nL8x8KKBygmhbQwkkEIBECAAkFAk1s /9oCHQAACgkQPjL8m38P6hFkAgCgycxnsxifCQWePBpw9P4hMlr0ZOAAniCRohlF k4xgoNmlXzNN+/GQk2vEzsFNBEoma3oQCAD1hbFLqOrWJmfS9iGNzjQ+djun3VEp uCpuynezzaOuo47lWnGmew2W0JVJHKhLTKBv7IYfLVHyS9NCeZt7q9T93iyIJ24h 5F/pI4Eq1iaaqYa0JiICOM7gDoqJ4j+h/VQi3XftazRqnIm9FzL2oI/ufDOTf9/e t0RMEI0J/Dhl8vIGKpHrpbjQNimpak0VqeuozwUQqBJ2cBirU/DcPT4hFBPXD5oS i8jLDuM4PIkqBaQ9rpliYrmG92PSiLGKcCdqHsNHbE72ejDuhh8W1PDcahhIcjun IUgoTW6JtUwZcTn8aTjxJmGqUzW/b8onUj6ytaivxpOJtRyJvsrxt2FTAAMFB/9Z 5ihXUU0nPnJaQTEaFunJDjIG+HIQVgIJjLydDj9DAoswrjVXqTDOSklI6o6KX3+y gW/3RLki3MtSVGrSAEg/qQoMyesoTvJlWZI/AAwyws/xwF/EnPHSfhduW3wgVC7K 8vyx8hyoyFhAV3Vp1pq5BvtdP+MgvpdpROrFy6oBvalVn8Eut9cwX8Y0UeYrIm0B Hf3GUHQShOhnUCwBprUc4UzxmfVn1ALrjphaStFLbb9VBovwP5XPmpKK4ODrhbVH 86JsNNaCGIz0kLRzZKYnjvY3vJgai9wUGDw4GYwb74DL+CsZ7wxCBctkNLTmcNj7 6wk7QjlaRw85LT2O9dyPwk8EGBECAA8FAkoma3oCGwwFCQWjmoAACgkQPjL8m38P 6hEgLACgnY8BsUnqIXtxZoCqYy5P/bBbduAAn0WTRfOoiyQPCkoHSro+qw6jQT7O =3DZAQ0 -----END PGP PUBLIC KEY BLOCK----- --------------tWjhwGG75QqmBZBdAkwko83C-- --------------WZuYiF7nD0zWNXiAtOlf0HlL-- --------------usEcN5mqlSWqtsJbIx6OIrPY Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAmZiz3cFAwAAAAAACgkQ5fj4IS93pJiG tw//avH/6JDxFJ56mbP7VMLr7qSexOGf8kWp8I11x5nAi8EWb+em5JwFHe7ve20c9JV1H+EiBwiV rM4Om8Yr+Vb+RIAXcXklc58FL4LMQPIFHTrZOPOaGsbUXuGeF58Z3uRn7H7ZXUUmnY6NB1PiEMzv D9pXM4xQMj0bDBbGVXjBKBByVwZE7hmI2UT5XVKWuU9WT673Qq5yi3/qV/GSbD/nnAKdhkAoCQ8y tccdv5dHaH37LMd/Otw5Mnxu2P4T3SnNBZXnxkiiSImsulzAQE2URjfXjm7AZ4nG5yzVTsO1Ui+y 7iJw3xvx9q8oCCO/tOREc7f9j8a0qvwMIKxkQHSyaOrMHKMNc5GfTfw7BcA3JOr3LQaOpetrhQD0 A+zgr4Iz3bCWINO/c7yP6BBGaxomCu9qJ+StS7PWq0mFzNU0l0cYiGoZ7ElKgm8o/N1Duz2ghEVI bnvmBPf+NgLtgmLpFPxGHZoN3xcAmjfmvR+Jf1arVPueZwoxjDuDiw8V7tjhpJ2h7Dl8DxeMxjAt Yl1Lwl6gcWZhaVSdsSbdKyXlTFa77l/08A4ko6dbVKTOtjiBbDAi+G0YaEZEYOjNN6iCXYuY/BoE ZWD75aAhodv2CWmJi2eibNmBFzTy6uSxtElng55SHY7mkHC+GPUKLMpyUtKveY1pwUeIUq3dJbS0 C/k= =b39f -----END PGP SIGNATURE----- --------------usEcN5mqlSWqtsJbIx6OIrPY--