Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 96ED0C1CAF41
	for <dnsop@ietfa.amsl.com>; Fri, 26 Jul 2024 04:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level: 
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001,
	SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
	URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
	header.d=aisec.fraunhofer.de header.b="JA46EzXs";
	dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
	header.b="PTO++XK3"
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id m18oJDS1U2rB for <dnsop@ietfa.amsl.com>;
	Fri, 26 Jul 2024 04:41:25 -0700 (PDT)
Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de
 [IPv6:2a03:db80:4420:b000::25:24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 3DF19C1D6FB8
	for <dnsop@ietf.org>; Fri, 26 Jul 2024 04:41:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de;
  q=dns/txt; s=emailbd1; t=1721994084; x=1753530084;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:mime-version;
  bh=esRty0RBUYlOOgtaYP6cm7ODM4CKtR3ftWuBXcVmwrs=;
  b=JA46EzXsHTO7EFp3MVeWVzqCwAw0NICWLPGxBQU0z7d4UrjSgT4/5ugj
   JVy2DIKsuEmDsqfoSs4vizs0Jvqw2QBVqyMvMEyGIn9Wt+XrNpo86Qfom
   xHHmTl3HetBdCkqKbIiEd4uu/xirBJyKlyHLWyVxh/SKImj19GBPePa2S
   auxJNS4rvT8QTarg+PE0w6XAcUsdjxEBQHQ99J/kV/1Vt1BqKepwYFL2J
   KAbAIzTNTSLpkk9YIr3fPDAADA+5UitX/677Lucw+BkNG83+8K3OM+AI4
   U05xD0++d3lbiS8kaFoDd5P9GTC1IGK6GGtnRULtTItuqBeI3TpcSiK8O
   A==;
X-CSE-ConnectionGUID: cMwS4ujpTXa0ViOxnGEndw==
X-CSE-MsgGUID: VLS4didsQwOqiV6xVtv2bQ==
Authentication-Results: mail-edgeka24.fraunhofer.de;
 dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result: =?us-ascii?q?A2HXBgD2iqNm/22jZsBagliCRHoCLoE2hFaRbQOBE4EqA?=
 =?us-ascii?q?ZongSyBJQMuKAgHAQEBAQEBAQEBBAMBATQQBAEBAwEDQ4Q8Aok7JzUIDgECA?=
 =?us-ascii?q?QMBAQEBAwIDAQEBAQEBAQEBBQEBBgEBAQEBAQYHAoEdhS9GDYQFBXQwAgEBA?=
 =?us-ascii?q?QEBAQEBAQEBAR0CDyYMKgEfAQQBIx0BATcBBAsCAQgwEgICAi8lAgQBDROCc?=
 =?us-ascii?q?4IwAw4SERQGrRyBMoEBggwBAQaCZtg+GII9BwkJAYE+gVeCGIEFg0kBgVcGg?=
 =?us-ascii?q?waFcIIMQ4EVNYI9OD6CSoFhaIMLgmmPGoMqhDaDdgODNxYmgTSMGlSBFwNZI?=
 =?us-ascii?q?RMBVRMXCwkCBRCJYAqCfQIFIQQlgUkmgSSCd4E1gR0CglqBawxhhESDMmKBD?=
 =?us-ascii?q?4E+gV8BSYEYgV8wGyQLgjSBBToVgTJsHUADC209NQYOG59qLoERgUCDPzkwQ?=
 =?us-ascii?q?1oEO0U0IAE6AQQHFQkVkn+ycAMEA4IzgWKGWoMvgguVPzOFW5FvknSYbSKNW?=
 =?us-ascii?q?JVMhSECBAIEBQIPCIFpA4IRcYM2CUkZD5IbM8wZeAI5AgcLAQEDCYhwJAmBT?=
 =?us-ascii?q?wEB?=
IronPort-PHdr: A9a23:eGjQDRPlTD5J7c+PwJEl6nZVDBdPi9zP1nM99M9+2PpHJ7649tH5P
 EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG
 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ
 Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y
 KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA13PxjGlRbb+9Rb87NR/xne0AdDcb7EvYCr43
 45lCzXNoxtdKw8cq37Zh5RR2fE+wlqr8iRD5M2XUKLOHqBYeIfzIY9LaWMQA/9jWw5CL4SZa
 9MNBdVRHswArYKto1FTjyGDIifxJuzemzJY11P6+4Nrz9gROhvY4T4NBIJSr3X+gNnPaqEvF
 tizzqXDkGjKStYV6Qv0zKnNIjULiM3RV5R/WtP+6mY9CCDG31KAuanKGxCK3cZQsFC97eg6D
 buth1EitBNTpmbs5JZyhbfxvI0kkAvp+SNHxsEFJfuyUxsoKc7hEYFXsTmdLZczWM45XmV07
 T4z0aZV0XbaVC0DyZBiyhLQZv+OKdTO7AjqSeCRJjl1njRpdeH3ixWz9B24w/bnHomv0VlMp
 zZYiNSEqH0X1hLS58TGAvtw90usw3COgijd8OhZJ0Azm6fBbZknx787jJ0ItkrfWCTxnS3L
X-Talos-CUID: 9a23:QLIUuWAqZLlp6jD6EyJC63VIB8I9Tk3UlEnRBF++JktvRKLAHA==
X-Talos-MUID: 9a23:OE7O8AV/DNsOb8Hq/AHIv21uNctz2ruJEUEzz4U4p9fePxUlbg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.09,238,1716242400";
   d="p7s'346?scan'346,208,346";a="14749588"
Received: from mail-mtabi109.fraunhofer.de ([192.102.163.109])
  by mail-edgeka24.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384;
 26 Jul 2024 13:41:19 +0200
X-CSE-ConnectionGUID: PsKv5Z22T1S0Tq7KnG+0ZA==
X-CSE-MsgGUID: 8Uo1ioFjRgGfhnBA05J8YA==
IronPort-SDR: 66a38b5f_tRysvvNQ1OLkEup1kr+p2s6cE4brw2m80F2/cQW4moV7bMp
 JQcqGvNSmWv/Mxz4RATsjyXXt+LV5kUnBz9I44A==
X-IPAS-Result: =?us-ascii?q?A0A1BgA+iqNm/3+zYZlaHQEBAQEJARIBBQUBSRyBGAYBC?=
 =?us-ascii?q?wGBcVIHPjUwLoEIhFWDTAOFLYZQgiEDOAFam1KBLIElA1YPAQMBAQEBAQQDA?=
 =?us-ascii?q?QFEBAEBhQYCiTgCJzYHDgECAQECAQEBAQMCAwEBAQEBAQEBAQUBAQUBAQECA?=
 =?us-ascii?q?QEGBYEOE4V1DYZeAQEBAgESER0BARQjAQQLAgEIMBICAgIvBx4CBAENExSCX?=
 =?us-ascii?q?4IwAw4SEQICAqBJAYFAAosigTKBAYIMAQEGBASCXtg+GII9BwkJAYE+AYFWg?=
 =?us-ascii?q?hiBBYNJAYFXBoMGhXCCDEOBFTWCPTg+hCtogwuCaY8agyqENoN2A4M3FiaBN?=
 =?us-ascii?q?IwaVIEXA1khEwFVExcLCQIFEIlgCoJ9AgUhBCWBSSaBJIJ3gTWBHQKCWoFrD?=
 =?us-ascii?q?GGERIMyYoEPgT6BXwFJgRiBXzAbJAuCNIEFOhWBMmwdQAMLbT01Bg4bn2oug?=
 =?us-ascii?q?RGEfzkwQ1oEO0U0IAE6AQQHFQkVkn+ycAMEA4IzgWKGWoMvl0ozl0qSdJhtI?=
 =?us-ascii?q?qMkhSECBAIEBQIPAQEGgW4BNIFZcYM2TwMZD44hg3rMTEUzOwIHCwEBAwmIc?=
 =?us-ascii?q?CQJgU0BAQ?=
IronPort-PHdr: A9a23:tmxpSBeaGn5kgDbtHUeU0mWZlGM+49/LVj580XJao6wbK/fr9sH4J
 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E
 tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK
 xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC
 JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvVL3R7TDbua1A3nOkP9OoY4wpcxaj9
 J51Ei/BhmQtEhUFqn3mr5dvgq8DgUfywn43ydvsXKbWd8pdJYmHW9U+azYdD+pYBnF4MI+eb
 KYIKu5ZP+xn/6rX/1kF/R+0WCuWOcTBlx1Hty77zfwW38IPQB367Cc6Ae88nW+E8Mr0Hosea
 76z8e7wyzfPZK4L0BLYq7j0ezQApKGpd5tMLMD3xmI2OCDqnEqzqt3iLyOw+cAurGO5sulYc
 +Ct0TZ+qQ1Opye95MNyyauY2I0r8mrLxH8i7YozG9v/eE5da8XxQ9NA8iCAMI1uRdk+Bntlo
 zs+1ugesIWgL0Diqbwizh/bLvmbeqKpu0qyEuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt
 StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i
 6r+Sw==
IronPort-Data: A9a23:FLzmYaif7bw6Zy/6ety675pzX161tRUKZh0ujC45NGQN5FlHY01je
 htvWjyEPK7fMGb0edx/b97kphsP7cfdzNY3HVE6pHg9FS1jpJueD7x1DKtf0wB+jiHnZBg6h
 ynLQoCYdKjYdleF+1HwdOGn9SQhvU2xbuKUIPbePSxsThNTRi4kiBZy88Y0mYcAbeKRWmthg
 vus5ZWOULOZ82QsaD5MtPjd8EoHUMna4Vv0gHRuPZing3eDzxH5PLpHTYmtIn3xRJVjH+LSb
 47r0LGj82rFyAwmA9Wjn6yTWhVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0NS+7vw60c+VZk
 72hg3AQpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn3bEm51T4E8K0YIwwv1UHzx8r
 6YkcQtVUgncpOSZg+qJY7w57igjBJGD0II3oXR81XfUHf0mB57ZSrjM5dhW0S12is0m8fT2P
 pdCL2swKk2fMlsWYAh/5JEWxI9EglHjczpdoUnTr6cz52XZxRF0+LHsK9fePNKQTNhTnkGWq
 3iA82mR7hQya4DFlWLaqhpAgMefoCSiWYU8Foe32fBqhne6njExWCw/AA7TTf6RzxTWt8hkA
 0AS4S02hak/6ELtScPyNzWgq37BshgHXMIVTsUnrVjL0qrV6AGZQGMDS1Zpc9cmvckkSDoC2
 VmU2dTzClRSXKa9EC/Gs+bL6GrtaG1MdzBEeypCRk0L+dD+poE0gB/VCNpueEKosuDI9fjL6
 2nihAAwnbwOi84M2aihu1fBhjOnvJ/SSQApoA7QWwqYAslRPeZJvqTxsQaBv8VTZp2UVEeAt
 3Uiks2TprJGR5KUmSDHBK1HELi17rzXeHfRkHx+LakHrj6Nwn+EeZwPwTdcIEwyDN0IVwW0a
 2DuuCRQxqRpAl2UUYFNbbmcMf8alZrbKYy9V9T/TMZ/XZxqRQrWoABsfRGx2k7uomgNkIY+G
 8+SXpewPEY/FJVi8iG8aNkc4I8V2hkR63vYH6756xGVwIuuWmOcZuYAAmuvc9IW0aKgiyfW+
 uZ5KMGl5Uh+Uur/Wyzp6oQ8E1E7HUYnIbvclsV4J/KyEi9nFlo+CvTX/6gTRox9k4lRlcbK5
 nuYWHIE+GHghHbCFxqGWkpjZJzrQ5x7i3AxZg4oAnqFxFkhZtyJwJoEVp5qY4QiyvNv/cR0Q
 9YBZc+EJPZFERbD2jYFaKjCvJ5QTwuqiS2OLhiaTmAGJbA4fDPw+/jgYgfL3wsNBHDutcIB/
 puR5jmCSp8HHwlfHMLabcy09GyIvF8fpflTWnXZKdwCaWTu94lXcxbKtMEVGP1VCxv/xWq97
 T20UDM4vujGprEn/ObZ3Z6kq5ibKMogP054MVSC05OIG3j0wm6Rz7VEct60RhHGdWat+Kydd
 eRflP79F/scnWd1iYl3Epc17KQE4NG1/r9R31llLkrbdGaUKLNsHSCv7PZLpJ9y46Jrvym2V
 n3S/dMAC7GCOZ7mImUwPysgVPyIjtsPqwnR7NM0AUT03zB297y5SndvPwGApSheDbltOqYn/
 LsRg9EX4AmBlRYaCNaKoSRK/WCqLHZbcaEYmrwFIY3s0CwH90pjZMHCNyrI/52/UdVAHU00K
 DuyhqCZpbB9xFLHQkUjB0r2wutRqpQfii9klGZYCQyypePEofsr0Dl60zc9FF1Vxyoa9dNDA
 DFgMkktKJie+zttutN4YFmtPAN8HzycxF36zgoYtW/eTnTwbFf3Ek8GBb+v8nwaokVmRRoK2
 JGDyW3gbyTmQ9Gp4As2RnxeiqLCSf5fy1T8vf6JTuW/IokCQDv6g6WRS3IChDn5DOgQ2kDWh
 +lY09xhSK/8NCVK+vUwINSe2Js2TzSBFn1zcc989YxYGFPsWSyA9gWPD2uTecp9AePA3mHlK
 s5pJ+NJDw+f0gTXpB8lJKc8GZ1Gt99328gjI5TFfXUntZmbpRpX6KPgzDD03jIXco8/gPQDJ
 ZP0XBPcNG6p3F9/uXLH9etAMUqGOeg0XhX2hr2Jwb9YBqA4kb9edG8p2eGJpFSTCgxs+iyUs
 C7lZ6P7y+9Dy5xmr7DzE5dsVhmFFtfuaNumqAyDkcxCTdfqA/f8swk4rlrGPQMPGZAzX99xt
 6qGsf+p/UfjkYs1bVvkmMi6J/EU3fmxYetZDJumZj0S1y6PQ9Tl7BY/6ni1Y84B2s9U4s68A
 RC0co2sfNoSQM1Q32BRdzMYKRsGFqDrde31kEtRdRhX5sQ1imQr9O+ayEI=
IronPort-HdrOrdr: A9a23:UhVAH66SYt7kBr3SwwPXwBjXdLJyesId70hD6qkoc20yTiSZ//
 rBoB1p726MtN9xYgBdpTnuAtjjfZqxz/JICMwqTNCftWrdyRSVxeNZnO7fKlTbckWUnINgPO
 VbAsxD4bbLbGSS+PyKgzVQZOxB/DDoys+VbKzlvgxQpElRGttdxjY8LgqdD01xQxMuP+tAKH
 Oz3Ls7mwad
X-Talos-CUID: 9a23:Uhqoj23x6QKvFtN5BN9cU7xfItsGbCDvli3senTgNX82a7u6Cgei0fYx
X-Talos-MUID: 9a23:L4JVTwqFoGgT03FOY6Mez2FfM55p5IqsMk8in5UAkeDcaA4gCh7I2Q==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.09,238,1716242400";
   d="p7s'346?scan'346,208,346";a="7424070"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO
 smtp.exch.fraunhofer.de) ([153.97.179.127])
  by mail-mtaBI109.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jul 2024 13:41:19 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by
 XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1544.11; Fri, 26 Jul 2024 13:41:19 +0200
Received: from FR5P281CU006.outbound.protection.outlook.com (40.93.78.49) by
 XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1544.11 via Frontend Transport; Fri, 26 Jul 2024 13:41:19 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=a8AK6SYIgNK9TxGOv/ml5ezQY5P5ATM4dqXyUPzpWiD2vz/g7fS/EZWBLTLBJw21vcdh1EEYOWILtCkEzdKzqrmky5z/EzZD2fqe+e8iEls+sZM23wTWRMigMzH3oiS9dT7eVJD7A7B9hB9iDALbIHzpA2rKmvNWUZIA/+6ekOYXMAfMKe5wMNlXByg1XD3jAjzkqCxhF53pH0e2oR2DGWCJzeycvRirrZO3k9JRQ0Jv4EZx1lsB82f10pHXL8JitIDiFhByc7sE4wx3o2IqWFQCoYPi3No48ouEPWcf1DZ26JcORwQVIUxA4NWfupvXnmfzuV5+7meXYEI6PE3viw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=bBH7sIg/Un2Vjv6FTuBJisQv2XAf+BMCT2tYM3wfe0I=;
 b=Zje0lv9fk6C+0EVUDcT3qaBN7qMQ/YuOilAgqF8tIvZtPgO20ytUCYQjQJauxvNZkz2CKTGkE725+t2uNdB+1coZmdwXIJMouRs/6tZKRbHoWs0u5gdcP9f2ImD6xYc4W+RWYdQ0qoxN97FuP/ufRu46DaTfiMscPk0aubAVg2O6d8C8YxNjDTcZwTMVRHzuGLKqTZ2MXGMrt0cETGBcjpKCakHw1jJEt1hIrvPN6sY/oTytQdNmiHXuzDGkvDU2sjOWNoYk+vOgueoWWLg+3zNE6fSJcLdKytiE5Qh3pkq1Zb/wl8lCMWNT9SCqlKYiqOIVMxXCrMnZAP2Wf66SXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none
 header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bBH7sIg/Un2Vjv6FTuBJisQv2XAf+BMCT2tYM3wfe0I=;
 b=PTO++XK3B2NnLF449Da95QZdJkEoMl0jbW8KB0jc8lb5JRUOF5JgY9ex9DdNF9tTXCrvUZEs84wiBDdR6nU/Pnjdc55aMM+XTaLIm8MBAT5bNgCqGKGzwKk9oxxMGLKwcJ5kPNjj201jdWmwzJl6+J96gVPRgY23EdnVn/XhNbs=
Received: from BE1P281MB3137.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:6f::12)
 by FR0P281MB2847.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:57::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.29; Fri, 26 Jul
 2024 11:41:18 +0000
Received: from BE1P281MB3137.DEUP281.PROD.OUTLOOK.COM
 ([fe80::35d2:460f:4be3:4cd1]) by BE1P281MB3137.DEUP281.PROD.OUTLOOK.COM
 ([fe80::35d2:460f:4be3:4cd1%5]) with mapi id 15.20.7784.020; Fri, 26 Jul 2024
 11:41:18 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "dnsop@ietf.org" <dnsop@ietf.org>, "pch-dnsop-5@u-1.phicoh.com"
	<pch-dnsop-5@u-1.phicoh.com>
Thread-Topic: [DNSOP] Re: Potentially interesting DNSSEC library CVE
Thread-Index: 
 AQHa3eeW9kxYTOmrtUmhkRyXxnC6erIHXBbigAAEDICAAAPm5YAAAliAgAAF7AyAAXlXAA==
Date: Fri, 26 Jul 2024 11:41:17 +0000
Message-ID: 
 <a75e064ed50c62587315d42b21eedb60403fc307.camel@aisec.fraunhofer.de>
References: <m1sWF8d-0000LsC@stereo.hq.phicoh.net>
	 <1070949df20a6ac1f9c2c2dd401d5953bb362bf2.camel@aisec.fraunhofer.de>
	 <m1sWe2O-0000OKC@stereo.hq.phicoh.net>
	 <fc306ade9816e06e19a1e2c9828c1c9ef2f0e2bb.camel@gnu.org>
	 <m1sWxJi-0000MEC@stereo.hq.phicoh.net>
	 <6c70aa6b316f7650d84a52135a6aa24aab147788.camel@gnu.org>
	 <m1sWxlI-0000MGC@stereo.hq.phicoh.net>
	 <7373aae035616f1689a576117579ca054759c84d.camel@gnu.org>
	  <m1sWyDs-0000SdC@stereo.hq.phicoh.net>
In-Reply-To: <m1sWyDs-0000SdC@stereo.hq.phicoh.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BE1P281MB3137:EE_|FR0P281MB2847:EE_
x-ms-office365-filtering-correlation-id: 3de8e6f0-6171-492a-d183-08dcad67dcef
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: 
 =?utf-8?B?K215aE0ydlMvc0gzNVJsVWV5SlpFQ2RIb0tna2dNL2VpUDZ2SDNBRnQydlEz?=
 =?utf-8?B?dUY4Q3hRMXhJQlFXRXIvVkk5TU1VMS95c3FIOTRKeDNVWXVVZkdmVmY3dVZX?=
 =?utf-8?B?T1lUV2JWZm9JUFFSYU9ObUhiTG92NEt0RlRhSXI3Yk5wbGJOMlJhZzRRWExz?=
 =?utf-8?B?ZnBQcFh5WUowMERKaU9PSElHL2V1eU5SaXE2Q3pINWtRR2dTdkgyM2NnTmVN?=
 =?utf-8?B?OVBuNUNLZGJyWmp3VXVZZnRVcDdhM0hNU1hrUytoNVdMRXFIQzNKODl6Ni9v?=
 =?utf-8?B?aThkYmNBYTZZS25pczB0dkxLcnFoNCsyK2MzbFFHNHZ5dnBNMXl4WGlpL3Y2?=
 =?utf-8?B?S3lCUzRtdld4R1UrdmN6MzNvZ2gyQWxnNVNBMEo3aWZRR21LMGRTaWgzcG5y?=
 =?utf-8?B?azE5Q2Q1ZGhoWlh3MzRzMmtGOGorY3FwQzl3ZmdSTmx1Y1A5MmRVQWVCUWRL?=
 =?utf-8?B?VUxDU01xTHJzczB2WndWN3BpdzlTOTRGUXJKVlB4QWRKbS9HcUk3THIwcVJw?=
 =?utf-8?B?RGEyRm1ncVFMamo3MEF3SUpXbHJpYnRTWVBocko1Y2duWGtoc0hDRTd6UTEx?=
 =?utf-8?B?Z25IU0JDdE9QVnZ1NEVOOXhFMTQxY0ZiL2J1NTJjbmhGb2xubkR4YmdDc1pX?=
 =?utf-8?B?N1VVOEQwdWRDYzVBZ2podUY3UWVIQ3JHTWFZZjBySXNrWVlZSXhZZmMya3Fa?=
 =?utf-8?B?cEoxTDgvbnZuK0k5Ly9WN01RMWZnd1lwR1czcHQ4WXpxQUtGZHFTRHBzc0M0?=
 =?utf-8?B?RHd2dzdvZGROby8xSk15bUVBdlVIaEk1cnpaSFV4ZDVrOGUvQVlvc0hMbFZa?=
 =?utf-8?B?MG1QNFYrV0lmTXRhdWhFR3R3MTBJZjRqZlhZNDVSMDFLcERWOTZJODViYWZO?=
 =?utf-8?B?ZzJMK0FmQ09LWXNpT0dtME1yQWphd1k4TjhpZldraEU4alFveCtFTlFVOWly?=
 =?utf-8?B?WGV1ZnEvelZtcGNNdEdNUmdYMGF6aE9kRnpjUE1RL3NJVlNVWHFLc1J6bEdO?=
 =?utf-8?B?cDVCV25BOFdJSFZMblczVGs3YS81N3N3OVdXZzVuZlV4TWR4enVnTkFSTzgx?=
 =?utf-8?B?N1NGcG5ic1ZNKzdJc2ozNVJzYTRVZ3lXdWtDNkg1S0VEK2JBckFha2tDR2ds?=
 =?utf-8?B?UDR1S29kbmpTNjJUMVdsUkE5d3lUQUx1aG9ScERoQnJyM0t4L2t4WnZaanFS?=
 =?utf-8?B?NVdBRGo0SE52NnduUDNJT0dnRkVmV1V5NnQ2VWM5YlRmV0RaaGFTdEVCMTVt?=
 =?utf-8?B?R3ZucHNzTjYrdjRGQ09KUkVMeVhWQXlMSS9yNnU1cDVobkhaRmFNUERUdGVG?=
 =?utf-8?B?cnB1R2l1RHFyM0sxNGlYa1QxZWU3ZDRRTFllZnZZUktxVXk4cG9TYnAwOVh0?=
 =?utf-8?B?VE83RVZycWhPSHBKdEFjZHdQQ21IaGkrWHRwYVM4TFdUTnVYNmhqWVlzUFJU?=
 =?utf-8?B?aFVlRkVsS3NJamdTVUhKU1piV05tbFNlL2FBMjBIYjNYY0dyUDVXUUZ2UjNG?=
 =?utf-8?B?Y3UyL05aemRpelF4NzVZUGE5b1RKRHpTMHpTQlJiWlJuMDdyTmQ4eWw1VjFz?=
 =?utf-8?B?QjVYRDNhZURQK3lwcUI3MEpKY2RTTjJVMWp6OXY0dmJnS0lzNmpPUFRwdXF2?=
 =?utf-8?B?eXhmeVRnN0Jqb1VTOEtPcW00akM2bVRkK1FKV0dBVFkvN1dwVERxMlorYngw?=
 =?utf-8?B?Vi9MV0w3cEI5TFNXalZrZ2JTVmNYc2hteGhBV3dsSmw0NjVjLzhNU29GQXFD?=
 =?utf-8?B?ek9rSjRCczJXNHA4c2JiQnhISTdad1c4Q0ppbGpVVXpLc3I3eDhTR2tXdHZH?=
 =?utf-8?B?MGova2ZEekYwU2RKZTFQaGJNLytFaXRTdzRlT2pDUjFUV1B2MGIycDB3TWpS?=
 =?utf-8?B?dStQc0hCSkdReXlxMGdDbDcvVlp3Q0FPYWYwN0FPblpxS2c9PQ==?=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BE1P281MB3137.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?utf-8?B?b25jbkRiOXBNdGZNQkEyRUx1OGJ2TlhkZWZuSWVqQXEzTXd6bVNHVXJXc0xL?=
 =?utf-8?B?Y2hmM3hwVFNnQUFmRmJreksyWk9NVjBqWHJ2YTRqZ1RyTW1sMWlsQkxyYXlO?=
 =?utf-8?B?bE1FcGltT2FmQ1I0Z3YzK2ZHSWtocWg4Z0MvWGwyV3NJamc5Q21VMEFhQmh6?=
 =?utf-8?B?aDJqakJRYVRkU3RBS0dGbzN5WEV3N1VjbnhwU0Y5TFpiczdJYXRzMGt4UDM1?=
 =?utf-8?B?T0VTZEYrbmx6TWdXbyt2bVQxVm5zZktjN3BGWG5DSGhOVkpCTmpPaU9iQnRL?=
 =?utf-8?B?NTVyb2tJZkNDZ2dOQndhVWNabzRWbEFaSUpXZWlmaUJCeHYvVWRTaXR0UDR0?=
 =?utf-8?B?V0NNOXBWdmlkaERreVR6S2pzMldQVkpPcmJFMCtwNFlYUzJiUnZQNWF2bitH?=
 =?utf-8?B?dVVUV3pqcUNVRjhveE5VUEsrZHRDTWV2RXAyWFhDQ2FQY2c5dHpNbDB3Z3Np?=
 =?utf-8?B?dUpOUFhDbmNOd3Y2Z05xdDJLQkQwSVp2OHVzd01xV05UWTR4Vk44cjA4dVhx?=
 =?utf-8?B?em9xbEpGdzBzenpkM1NQM2UvYlJsRGtVRDBkWFNuMTFyOE1uRXd2MVN2Z1V3?=
 =?utf-8?B?Y2NpeWNSWFFLR2xwc25ZbWtSV2VPaEVqSDh1dnZOc2NoUzE4OHJ0VDRETGpH?=
 =?utf-8?B?ZlI2T2VGd1VmWlMvWi9ncXJFM28yNzUrRHFuZHhlTDJtZ1E4Q1FORHR6dGVQ?=
 =?utf-8?B?K1F3YXh1bXdXdk56L2ZGeUxEN1FZNTVPNW0zeDRIK2p2bDROUHlUd0wvWGR4?=
 =?utf-8?B?c0x5VEtqb3p0Uk1xS01MeGZZMUh1OU1CeHpmUmQrMmp4NjMwdHYzdy9LUW9C?=
 =?utf-8?B?WTBZSDZXK3FUVFlxYWNGbE5tcUZnbXdMSENzN081a1FoWTM2aDlORmdEalNu?=
 =?utf-8?B?bmFpcDh0UkRBcXBEV1VyN1ZWc1hiSmRkRGRrL1Zja25HLzBKOHpBRmd3c3Vr?=
 =?utf-8?B?MkNJRnlOSkdCMnZ4bG1uTkF3ZmlZRHQySk45T0N3azhXR01yOHBCZjM3VHc1?=
 =?utf-8?B?cTlWdTMyQmdUYWN3dFhsMnVieFdnTzBYTVU5dm5qc2xuWVZxYnlXaDUwTTRS?=
 =?utf-8?B?WnBNMWZLUDJSNDVYWWZyYjkrdFpoZXJkUC9aWUQ0VHgvUlJ3RDZSdklVV0Nj?=
 =?utf-8?B?b3Nhb05oTjRsZUw1WWc3bjJrODRiSldwb2drS1oxMDNhUG1meFMxb3RPcmd0?=
 =?utf-8?B?RkJ1aTRpMjJjd1JTV2xlRXU0cFV3aCt4OFhKczhEUktUVnB6UVM4akxGdU5N?=
 =?utf-8?B?Q3FvRjNQYU5TY0cwaE5Ga3RKT3k5QmhYd0wzSFcrVUlxcmdIY09oOUROYzlq?=
 =?utf-8?B?UmYrVFNqUEtaTkMvbzN3K016M3V4Q3lMcVN6OWZ1YVU5Qm1YNHJBb21yN0Q5?=
 =?utf-8?B?MTZhdndFSk1CR0RHTmo2bUVqNjZieWNvVGJET1QxOW9hc1Myb3JTOEdVK0pO?=
 =?utf-8?B?RlkzQy91WmRCbjBRRlZZb08xeVBrblZkcFRwZytkY1AzaHBhbTl3MDRVaHFN?=
 =?utf-8?B?ODUyUXZMSXEvQk1qYlBKakNETVRCS2xiYmExR2V2ckZHY3Q4elBiUXNRby9a?=
 =?utf-8?B?bXZUMFp3WXFPdXphWWpWaGx2OG1tQWxaNzd6YUZLb2hyUEsvdFN4SjNXMzdX?=
 =?utf-8?B?RTU1eUN5czV2S0p5Z2JzeFhaRlpLMU51U1E5SllRN3B0dmJaMmNsMDQ1L0JK?=
 =?utf-8?B?U0YrNWxrUG45Nzd4NHF3VVVRNzAxOFRPYkg0UGowK051VUhMdXp2emVhemZi?=
 =?utf-8?B?VmRpb2tuQlhCSlpQb0F4emNyUWp4dEYxQXlmRFY1Wkh6YXJQd0t0cnhESkcz?=
 =?utf-8?B?djdlNVVCOHNVY3g1cExwREdvNVBzdmRUVVVBa08xMklpSWdCMEk3Z0dpQ2xC?=
 =?utf-8?B?OFh3UCt0K2crdi9SVC9weERKNXBEenRQRjBRbHE2N3FYcFlpeTc1OThJWmhv?=
 =?utf-8?B?YVF1amZSS1UwdkZiOEJqVWNWR3h3aTFlckVFczFOaXdIRWxVRG1oK2RYbWUr?=
 =?utf-8?B?N0NFR3R6MTJHSGV5SlhpUFAyMXRtcy95Skdoc1AyWGZLTERXUExaQXJ3ckFS?=
 =?utf-8?B?UUszak1DdXhtUXNORGh4SW9jK1U5Zjhya01CcUJaTDdLczMwb1lnT0haY2Vu?=
 =?utf-8?B?Y1E5QjlmcXBZK1JoeEZFSWZUNnh5NklPeWZKQXBzeEcrQU9JTGU4WkptN00w?=
 =?utf-8?Q?XxsUVSA3foL+tZbmkzvHb7c=3D?=
Content-Type: multipart/signed; micalg="sha-256";
 protocol="application/pkcs7-signature";
	boundary="=-vJvef7fmERoMa2uzQLVM"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BE1P281MB3137.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3de8e6f0-6171-492a-d183-08dcad67dcef
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2024 11:41:17.9424
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 hqeSfVDof90X+atMF/na4cIGPjCI1lHczCL1lhkCVNec4ytlwcw+vVxsEtHECYNVKQZ5tRbUxc5w+OEVxlOJLAWMFG0hEoXroPa/2oomtbRb5jZWlIRhNnyRuyNYwYP2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR0P281MB2847
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: W6VJBQQRS4V7TEM5L3EXOL6643NBWCQU
X-Message-ID-Hash: W6VJBQQRS4V7TEM5L3EXOL6643NBWCQU
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: "schanzen@gnu.org" <schanzen@gnu.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: =?utf-8?q?=5BDNSOP=5D_Re=3A_Potentially_interesting_DNSSEC_library_CVE?=
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/dnsop/zcSSBvdE4n1-GdtoN-NE9gRhv-w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

--=-vJvef7fmERoMa2uzQLVM
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

> The IETF does not create standards for APIs. So a validating stub resolve=
r is =20
> not really something that can be defined, because it is not a protocol.

I beg to differ here. It may not be strictly part of the DNS protocol, but =
then this logic needs to be a part of every single protocol dependent on DN=
S.

Consider e.g. IMAP, something which clearly is a network protocol. There is=
 a very convenient RFC 6186, specifying how to use DNS to locate an IMAP se=
rvice. Even if you would not call this a network protocol, it clearly is wi=
thin IETF scope (and on Standards Track).
TL;DR: The TLS-secured IMAP server for localpart@domain.tld is whatever the=
 SRV record at _imaps._tcp.domain.tld points at, and you can proceed sendin=
g localpart's password there in an attempt to authenticate.

It should be clear that there are problems which may arise in this protocol=
 if the used SRV records' targets can be influenced by an attacker. To do s=
ome damage control, RFC 6186 thus specifies:

> In the absence of a secure DNS option, MUAs SHOULD
   check that the target FQDN returned in the SRV record matches the
   original service domain that was queried.  If the target FQDN is not
   in the queried domain, MUAs SHOULD verify with the user that the SRV
   target FQDN is suitable for use before executing any connections to
   the host.

What exactly does "secure" mean here? Which SRV records are to be investiga=
ted exactly? Most protocols do not tell, instead referring to the DNS.

If effect, this gap between protocols is what leads to problems, and there =
is no specification that seems to have adequate security considerations add=
ressing these points. Keep in mind, IMAP is only an example here. To ensure=
 the security of network protocols all throughout the IETF (and beyond), th=
ere has to be a clear API. Not for applications, but for other protocols.

As a related example: HKDF defines an API, which most client libraries do n=
ot copy exactly. This is fine, but the clear definition allows e.g. TLS to =
depend on HKDF, and be a verifiably secure protocol. The same should apply =
to DNS and its interaction with the wider internet.

-- Thomas

--=-vJvef7fmERoMa2uzQLVM
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCFpow
ggUSMIID+qADAgECAgkA4wvV+K8l2YEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAkRFMSsw
KQYDVQQKDCJULVN5c3RlbXMgRW50ZXJwcmlzZSBTZXJ2aWNlcyBHbWJIMR8wHQYDVQQLDBZULVN5
c3RlbXMgVHJ1c3QgQ2VudGVyMSUwIwYDVQQDDBxULVRlbGVTZWMgR2xvYmFsUm9vdCBDbGFzcyAy
MB4XDTE2MDIyMjEzMzgyMloXDTMxMDIyMjIzNTk1OVowgZUxCzAJBgNVBAYTAkRFMUUwQwYDVQQK
EzxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNjaGVuIEZvcnNjaHVuZ3NuZXR6ZXMg
ZS4gVi4xEDAOBgNVBAsTB0RGTi1QS0kxLTArBgNVBAMTJERGTi1WZXJlaW4gQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtg1/9moUHN0vqH
l4pzq5lN6mc5WqFggEcVToyVsuXPztNXS43O+FZsFVV2B+pG/cgDRWM+cNSrVICxI5y+NyipCf8F
XRgPxJiZN7Mg9mZ4F4fCnQ7MSjLnFp2uDo0peQcAIFTcFV9Kltd4tjTTwXS1nem/wHdN6r1ZB+Ba
L2w8pQDcNb1lDY9/Mm3yWmpLYgHurDg0WUU2SQXaeMpqbVvAgWsRzNI8qIv4cRrKO+KA3Ra0Z3qL
NupOkSk9s1FcragMvp0049ENF4N1xDkesJQLEvHVaY4l9Lg9K7/AjsMeO6W/VRCrKq4Xl14zzsjz
9AkH4wKGMUZrAcUQDBHHWekCAwEAAaOCAXQwggFwMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
k+PYMiba1fFKpZFK4OpL4qIMz+EwHwYDVR0jBBgwFoAUv1kgNgB5oKAia4zV8mHSuCzLgkowEgYD
VR0TAQH/BAgwBgEB/wIBAjAzBgNVHSAELDAqMA8GDSsGAQQBga0hgiwBAQQwDQYLKwYBBAGBrSGC
LB4wCAYGZ4EMAQICMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kwMzM2LnRlbGVzZWMuZGUv
cmwvVGVsZVNlY19HbG9iYWxSb290X0NsYXNzXzIuY3JsMIGGBggrBgEFBQcBAQR6MHgwLAYIKwYB
BQUHMAGGIGh0dHA6Ly9vY3NwMDMzNi50ZWxlc2VjLmRlL29jc3ByMEgGCCsGAQUFBzAChjxodHRw
Oi8vcGtpMDMzNi50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX0dsb2JhbFJvb3RfQ2xhc3NfMi5jZXIw
DQYJKoZIhvcNAQELBQADggEBAIcL/z4Cm2XIVi3WO5qYi3FP2ropqiH5Ri71sqQPrhE4eTizDnS6
dl2e6BiClmLbTDPo3flq3zK9LExHYFV/53RrtCyD2HlrtrdNUAtmB7Xts5et6u5/MOaZ/SLick0+
hFvu+c+Z6n/XUjkurJgARH5pO7917tALOxrN5fcPImxHhPalR6D90Bo0fa3SPXez7vTXTf/D6OWS
T1k+kEcQSrCFWMBvf/iu7QhCnh7U3xQuTY+8npTD5+32GPg8SecmqKc22CzeIs2LgtjZeOJVEqM7
h0S2EQvVDFKvaYwPBt/QolOLV5h7z/0HJPT8vcP9SpIClxvyt7bPZYoaorVyGTkwggWrMIIEk6AD
AgECAgcbY7rGi1JCMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVy
ZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYu
MRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IDIwHhcNMTYwNTI0MTEzODMwWhcNMzEwMjIyMjM1OTU5WjCBjDELMAkGA1UEBhMCREUx
DzANBgNVBAgMBkJheWVybjERMA8GA1UEBwwITXVlbmNoZW4xEzARBgNVBAoMCkZyYXVuaG9mZXIx
ITAfBgNVBAsMGEZyYXVuaG9mZXIgQ29ycG9yYXRlIFBLSTEhMB8GA1UEAwwYRnJhdW5ob2ZlciBV
c2VyIENBIC0gRzAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUXEQz2W/aGWLRm8
MIM29WfaYhwgnhy8pRDfSXlkBGQoS1gqWpKyuh/ZaZYV3HHUM/AW2nfxCBuxs48pIOhiJbD7Jxbj
Td/VkkC+fpzk3TuhPUCPfHNgb9DGBj6qQuEomdXSmvtp8L5UgUH/CY0WG+XJekBXLTs06KSJEWUH
PD+zj8cd0dMvZUoSMKd8PqvMq1M34P7bhRheIy83OY/JZAxCEjG4Mw9PB+ioEUvuV6jffjOAebvy
V5osrnYNPOke+U0c/gOdNFraKlWnKPfJBZw4HD7vmhUTvUBvIU/PDVrQn0/CKxmWNDR5Nvr+2QXz
Vbl/pQPs03gh7aDES9mTKwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8B
Af8EBAMCAQYwKQYDVR0gBCIwIDANBgsrBgEEAYGtIYIsHjAPBg0rBgEEAYGtIYIsAQEEMB0GA1Ud
DgQWBBSjJvWaT9vaO+G1qu5Yi9D8/7VtUTAfBgNVHSMEGDAWgBST49gyJtrV8UqlkUrg6kviogzP
4TCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290
LWcyLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2ds
b2JhbC1yb290LWcyLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHdBggrBgEFBQcBAQSB0DCBzTAzBggr
BgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEoGCCsGAQUF
BzAChj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9jYWNlcnQv
Y2FjZXJ0LmNydDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9iYWwtcm9v
dC1nMi1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAMSSUnm2ESpx
sjKugGuGdaXTSgBRdi5hCpcOkFMLMXTxoGTjUXItlcfnjDs1R5x1NmlqrRKC56iBtK/2+JPwTNDk
G3ptqk6XmlWMRvrIGtXRjd3lVveHxYD78T4NHP+5XkyAp1Ud1rOKa5crUcd/RQdIWISSCJjfFJCv
oJEftTPOK9aP2zoHYZS4/jPN8quADFA3YhoRS29aLCXky2/nmnrCacE6EKcK2PUZ7kO7uNHyjbEC
H/99ni3PlRDtddWh67mK55mneo1vRxO2IYY8nFW0WahoU2W2n7Mj/LnaEX1eCML6YkFVhhqGZpxb
fAykgA5HSWy2aUN+Iq95zITpLi8wggXaMIIEwqADAgECAgwla+RyMjtQxS2PTLwwDQYJKoZIhvcN
AQELBQAwgYwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xETAPBgNVBAcMCE11ZW5jaGVu
MRMwEQYDVQQKDApGcmF1bmhvZmVyMSEwHwYDVQQLDBhGcmF1bmhvZmVyIENvcnBvcmF0ZSBQS0kx
ITAfBgNVBAMMGEZyYXVuaG9mZXIgVXNlciBDQSAtIEcwMjAeFw0yMTA5MjMxMTM3MDdaFw0yNjA5
MjIxMTM3MDdaMF4xCzAJBgNVBAYTAkRFMRMwEQYDVQQKDApGcmF1bmhvZmVyMQ4wDAYDVQQLDAVB
SVNFQzEPMA0GA1UECwwGUGVvcGxlMRkwFwYDVQQDDBBUaG9tYXMgQmVsbGViYXVtMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7h6m+boX4dHSJNDsnXfvZsZJodtbVINCvyp4vEmk0u6b
ns+T67znV6J2eqnI/4t4y8j8LfLCqmqLLxyvF6iX4REmhPLVcQUsDhYjely6CYXkfs2QjbOhuow7
6QCcwi+SpKzLkcFVy359L9VM52d8DjYKazkfQjtKLZ7jUuW+LID7SMlh3S6oDf+Oru1OXqXOgDdf
zpVpH0XJqkci6ORtheJlW4JyKsYjtKYh7VD9ZCY6nzA8Ak3dxvn0NMn8dsGQ8BY5TPvvQYbq9GLD
hJB68w2sACoSMf5B/zrZf/QJ+KCaPNYx0jOaEohkvavI/WSE1BEX+eiSro1rO8nTESunIQIDAQAB
o4ICZzCCAmMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
HQYDVR0OBBYEFOJjno0nn6P+szv7S7lPmZL/OArKMB8GA1UdIwQYMBaAFKMm9ZpP29o74bWq7liL
0Pz/tW1RMC8GA1UdEQQoMCaBJHRob21hcy5iZWxsZWJhdW1AYWlzZWMuZnJhdW5ob2Zlci5kZTCB
lwYDVR0fBIGPMIGMMESgQqBAhj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2ZyYXVuaG9mZXItdXNl
ci1nMi1jYS9wdWIvY3JsL2NhY3JsLmNybDBEoEKgQIY+aHR0cDovL2NkcDIucGNhLmRmbi5kZS9m
cmF1bmhvZmVyLXVzZXItZzItY2EvcHViL2NybC9jYWNybC5jcmwwgeUGCCsGAQUFBwEBBIHYMIHV
MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1AwTgYI
KwYBBQUHMAKGQmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZnJhdW5ob2Zlci11c2VyLWcyLWNhL3B1
Yi9jYWNlcnQvY2FjZXJ0LmNydDBOBggrBgEFBQcwAoZCaHR0cDovL2NkcDIucGNhLmRmbi5kZS9m
cmF1bmhvZmVyLXVzZXItZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MD4GA1UdIAQ3MDUwDwYN
KwYBBAGBrSGCLAEBBDAQBg4rBgEEAYGtIYIsAQEECTAQBg4rBgEEAYGtIYIsAgEECTANBgkqhkiG
9w0BAQsFAAOCAQEAAnbu/JrJapC9Cpu0RfLt4wVhxB3rWwo/YxW8Ic8yjuLo5Gno9vSGonal5crU
w4J7ZMAtmB9eHr8z7ufQt7Px/LAWNAMHi0eEuQ/iiTS7V24k31hbN9eNxAsI3JhIc975Sp0RMvhP
eyp78HtCa2Pok/xy1Qhi6GZAZD/Y6ahYGS2UfoKiVWlNZPl+5s0xLbuPvWMbLNevY4eO7TOty3Ui
UD8x2u3wFhzMwJR+1Xacqg1zJ7HI5euTt6LGRfmAGXFKpbDW2bJ5pRg2uJnYwtTVvA1xe/CQG3aW
1THQhaY5o9W6ywrSFw9gQSzAcrwBGbOr0HHErB5zM2H67NudI9oFXjCCBfMwggTboAMCAQICDCVr
5QsToCIyVVgpETANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJheWVy
bjERMA8GA1UEBwwITXVlbmNoZW4xEzARBgNVBAoMCkZyYXVuaG9mZXIxITAfBgNVBAsMGEZyYXVu
aG9mZXIgQ29ycG9yYXRlIFBLSTEhMB8GA1UEAwwYRnJhdW5ob2ZlciBVc2VyIENBIC0gRzAyMB4X
DTIxMDkyMzExMzk0MVoXDTI2MDkyMjExMzk0MVowXjELMAkGA1UEBhMCREUxEzARBgNVBAoMCkZy
YXVuaG9mZXIxDjAMBgNVBAsMBUFJU0VDMQ8wDQYDVQQLDAZQZW9wbGUxGTAXBgNVBAMMEFRob21h
cyBCZWxsZWJhdW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg029Y3F3PcVTc/ThO
NAFU8f4XQyO6GWQpkl/oWA85NafIj8MwT355aaG5f5gbB7IeKpPRnZ4bfjyp643KHP71ggV2dJwu
lb3Ky5yG7Dy4Tk7wpzVj9DaOFbblcq4G6S3SIrwavDR6N86WP+HL9Xmy9B3RrHFw7PSq/VmDY4EW
jArhwuyoTJlfJsnwoKGmg/Jhb42col7xz/3abj7ZH5z8ZnSoWm2WizcudgtJYMZxf8O8ImlqP4A0
cuSKeTiunTWHGhsK7X59EsDvwV8ChCWFFinLowGazl+jqOy3a/5SiXAM1656R8hkUdJf8JSm3pon
cTvVnzEhEjHEEMyvk5pxAgMBAAGjggKAMIICfDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFIDAs
BgNVHSUEJTAjBggrBgEFBQcDBAYKKwYBBAGCNwoDBAYLKwYBBAGCNwoDBAEwHQYDVR0OBBYEFFsX
GFPhlYHjTfHnG7Ws4WrSF+EaMB8GA1UdIwQYMBaAFKMm9ZpP29o74bWq7liL0Pz/tW1RMC8GA1Ud
EQQoMCaBJHRob21hcy5iZWxsZWJhdW1AYWlzZWMuZnJhdW5ob2Zlci5kZTCBlwYDVR0fBIGPMIGM
MESgQqBAhj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2ZyYXVuaG9mZXItdXNlci1nMi1jYS9wdWIv
Y3JsL2NhY3JsLmNybDBEoEKgQIY+aHR0cDovL2NkcDIucGNhLmRmbi5kZS9mcmF1bmhvZmVyLXVz
ZXItZzItY2EvcHViL2NybC9jYWNybC5jcmwwgeUGCCsGAQUFBwEBBIHYMIHVMDMGCCsGAQUFBzAB
hidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1AwTgYIKwYBBQUHMAKGQmh0
dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZnJhdW5ob2Zlci11c2VyLWcyLWNhL3B1Yi9jYWNlcnQvY2Fj
ZXJ0LmNydDBOBggrBgEFBQcwAoZCaHR0cDovL2NkcDIucGNhLmRmbi5kZS9mcmF1bmhvZmVyLXVz
ZXItZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MD4GA1UdIAQ3MDUwDwYNKwYBBAGBrSGCLAEB
BDAQBg4rBgEEAYGtIYIsAQEECTAQBg4rBgEEAYGtIYIsAgEECTANBgkqhkiG9w0BAQsFAAOCAQEA
fR3axB/sF4nurmcMD8bGz35sCs++a++FlWDvV7Yfa5QIXmVBW/vsV7axgURWKnXi5dvptx0jSUSJ
aNI02nZAQuOdhEYy2Kewg48yx2ejrZidQ1Mv2fmwfzMy4w2as40vYs72wZTIhK9Q+G/7+sZCxb22
keOxFVUa4a3U+sLmG5pMSPtuK7bnwXCovkp96gpjKMjQnpOnDOai13ISLjYsC2iEoxGD1Kn+9Dd5
YONUq74odr06Tl0JiEvEFKMTmVq0AHkMUZKcs23sdGrXuNVw1ZmVFyrivFd9k5QA7oMuXRJroWQ+
RjVZcb7DGpPH4OZTvznIUjCJu6Yy6VYuN4snWzGCA5owggOWAgEBMIGdMIGMMQswCQYDVQQGEwJE
RTEPMA0GA1UECAwGQmF5ZXJuMREwDwYDVQQHDAhNdWVuY2hlbjETMBEGA1UECgwKRnJhdW5ob2Zl
cjEhMB8GA1UECwwYRnJhdW5ob2ZlciBDb3Jwb3JhdGUgUEtJMSEwHwYDVQQDDBhGcmF1bmhvZmVy
IFVzZXIgQ0EgLSBHMDICDCVr5HIyO1DFLY9MvDANBglghkgBZQMEAgEFAKCCAc0wGAYJKoZIhvcN
AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQwNzI2MTE0MTE2WjAvBgkqhkiG9w0B
CQQxIgQgiYwidJ4b14wzQOSnbin4W8H0LZI8bzshSFWIiSOACyAwga4GCSsGAQQBgjcQBDGBoDCB
nTCBjDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJheWVybjERMA8GA1UEBwwITXVlbmNoZW4xEzAR
BgNVBAoMCkZyYXVuaG9mZXIxITAfBgNVBAsMGEZyYXVuaG9mZXIgQ29ycG9yYXRlIFBLSTEhMB8G
A1UEAwwYRnJhdW5ob2ZlciBVc2VyIENBIC0gRzAyAgwla+ULE6AiMlVYKREwgbAGCyqGSIb3DQEJ
EAILMYGgoIGdMIGMMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmF5ZXJuMREwDwYDVQQHDAhNdWVu
Y2hlbjETMBEGA1UECgwKRnJhdW5ob2ZlcjEhMB8GA1UECwwYRnJhdW5ob2ZlciBDb3Jwb3JhdGUg
UEtJMSEwHwYDVQQDDBhGcmF1bmhvZmVyIFVzZXIgQ0EgLSBHMDICDCVr5QsToCIyVVgpETANBgkq
hkiG9w0BAQEFAASCAQAVHUvgZzHza60kSdeJSpuMLxw0LVrzRdYaRAH4RiFvqq9y4OUV+OHLSFv1
Q31lX2+0vK+KijmBkTHJIZZlvGMFobB9NlEAiZ0kaxrB3sHns4pPPZj0Tu0x6d8Q0yf5lTNfNDGd
Akmtj6WeZcq2MS16yilihYUjc2O3xfHLEF9hdHRGj9Bov+GjMGVPNFTZssxUXXcF9+Y9I5f/JuB7
AWuM7ZJY07X0iSHhisab7JoeRyEEcxZ4GXSRanEmBx8cUHtQgJGWOLPjSeyMwyJhSsFj/xxbrKDF
9icTi3V6SS+VOeaBzbrLL1IjJMkWw0n6I10o4zZwi9UQ479o5lR8bfP6AAAAAAAA


--=-vJvef7fmERoMa2uzQLVM--