From nobody Fri Jul 30 13:46:00 2021 Return-Path: X-Original-To: lake@ietfa.amsl.com Delivered-To: lake@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A21F3A1012 for ; Fri, 30 Jul 2021 13:45:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.195 X-Spam-Level: X-Spam-Status: No, score=-4.195 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6o7NGDsql9R for ; Fri, 30 Jul 2021 13:45:46 -0700 (PDT) Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936513A0FE3 for ; Fri, 30 Jul 2021 13:45:45 -0700 (PDT) Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id 16UKjf7q027228; Fri, 30 Jul 2021 16:45:41 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=hXXcFLRJAmmhdHu81rScXsN3jIrRtvQogtzMMaTyt7EwQ3awBuzWcN1vMIivJOUJsd+VhNuT0KYexYEoVAe9I5xy0TmvNR1lrUrUQtYXIGsYIJCr1mqq3Ub+oTh4fiwLyqpSTCZnC6w5n8n6Wj+US5ZtSIZ0ljYGgA0ZYTwLp3c7WtBr6Svick7JErXoIKYmfnAvIycY0S8TKa0b3AJPvEiNFCRvvEbtoxSinDR3n7indK2o7jbxyoOPebe+IDxFf4wLeaxM0U6lSqvffziYRaaZGgeNu4L8WHwOhp2+j+CV6rvoPTDhm2YJYnArqrqg3Hiv/IjBxinoo55YM3hgRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xsZLNgvlCEM0HnzjldLr2jK5snCTEWLyYqil73UK1hE=; b=X3Br/mi9bq3oq+ft3uU0VcOVx7rk2e1NxB+tsKRg0owkvSv4/zF7M6kgyUpztOJTWDvonIk3sUv0TyCUs86hsWZ8zoGH3USjkHQE6NYoINK16xu686/Tza9pUucVAnuuSIICr610nTJGRVD0jWHVxmkTzNbIwlVagSyDi6pTNNyONKLXMglLqMwA83/0vAK1LZ7TjajqJWQ7whIsSUnW9qHsmL6beLpN3mY4F7+9xSpf1+Jpau7ksNBq0TPeCrOW27hiLZgerxy7z5o8Dcpf46NuvswizWPtr50oHVDnQVVNP5nKqFGcxZvzi/wXCaer5OUL91cq70wV+loHWXtqyA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none From: "Blumenthal, Uri - 0553 - MITLL" To: Robert Moskowitz , "Lake@ietf.org" Thread-Topic: [Lake] Review of KMAC in draft-ietf-lake-edhoc-08 Thread-Index: AQHXhXwZKoJ2zkN6okiHR9r7uXutWqtbua4A Date: Fri, 30 Jul 2021 20:45:39 +0000 Message-ID: <8DA1AB98-2204-460D-A56F-FD23099FB9F5@ll.mit.edu> References: <64717eb2-84db-f5a1-2ad1-9d71d8d4f51c@htt-consult.com> In-Reply-To: <64717eb2-84db-f5a1-2ad1-9d71d8d4f51c@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.50.21061301 authentication-results: htt-consult.com; dkim=none (message not signed) header.d=none; htt-consult.com; dmarc=none action=none header.from=ll.mit.edu; x-originating-ip: [129.55.200.20] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a9e2f492-d542-445a-eaee-08d9539afda6 x-ms-traffictypediagnostic: SN5P110MB0382: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: uyrYj92TcfxJBK6kRmPmMgFqKlGXWBCIHhLK1FbQSQi82S0BdpVfGuObYCt9PufMjbkLQuZnDSlGQnq5DJl7a4Bp4NIfZ7SszDtwrs1ADaOuSefFVursQHcpJmrdTVgf6RG/5A2vgFIryGHUHubcK2pmapTPyC8Bvi5rRhjf1psySIxVhtxHJpf4zb7jWBNG1yHjwskiEzmAhXDdHM7GvR68OfjxsRZeI1T2BjVLvVls+Fw/SaUYs+ux7GA72PJiIbpflFUVKzB+EvdyQrw1j7LGlGRqL1oyly4ZEzpEimDH9STbd1glNe8yOgICjaMbjfXu6c6Jb+HWjUSgpk72dKifllAVd4plWaRooLaFaducKfrPKQ9M6wMjshhFus+U93oeGMPWBlzVvnU9corh5oBRm9Qr0HB0cKj2YCA/dWxw1GDekfjqruPjWVK/isPem4qkor2ojuMVOISuRwvwisBePCJjoDWmX3bYhkCyA/PbGhB0IENMkND/aDg2U+/9I7HhG+vU6Sij0o7Mb6sAVaaeojeAQirK/YA8Rmq5G+DoWxCHOUvO1phqS4veGSlTvj8/KMMnz8Zb1NKUzerZL600BdMW1uXyyTQu+BQvx45Z1JDRMLMXD6VlHezW9MNpC3kO2jA2cdoVlEPJiCAakaDpe+1GZiPh2ArpQ45ppB1T0zLL3zm1JA5GCOBBoHTuVm9LfLIMCeSySg/hj0TNMMAa5XT8vUesAZk5xSX0iEs= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(346002)(396003)(39850400004)(8676002)(66446008)(6506007)(316002)(75432002)(38070700005)(64756008)(66946007)(66556008)(66476007)(2906002)(66616009)(5660300002)(2616005)(6512007)(38100700002)(26005)(966005)(86362001)(8936002)(6486002)(71200400001)(99936003)(83380400001)(76116006)(110136005)(122000001)(478600001)(186003)(33656002)(45980500001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: B8hsszg/IHnQ3XJt7vqkG6Y/yGGjsn3WMNO41J8bSRNvSyDM2KynOnK6bNIe/orDzc6QI71Qef6SF/SZ2ijpyFR11jQBn6ozcRrL4tCRzMWQqrnydug58dbJ9TL0Ky4rgj+rawn1JRrnYTjK59BgSpYCwbYkDEqcG7rHwkVnpMet1DHtSb/L1kLNwZHSPYMsG/IaMb/0xaZpMjI/tn7DSObvSmqIsuAE4VOwJo7UI9QBirW4NHDzeThZdq+caWNHHSPPXt1Z7ZfopRRXeQg5EEdhUabyM7z/sLYCRjXCi1Azcg8QihL64bN7LhIEcs3Yii5qoj/PMmkj/xkpbBIuAN07JRWBbt3V9P7SsH/3uzsHBADMLvbzTr1h1siHb0Js9Yk1EwC3ZVzLV0JNyc542SpjuTfYvZUV/YzBuo36+20/yn3Puw9fZXaV/aE0+SNrloY0Cp/HcM+iOPI6dewhd1lQi5FRJ8JtWUz4DLu1Qo8iqOimk3ZgdIAwQpy7zLz/O/PboIrQPTWzL3uAoAETRF9fMkh0YcTtLYiDkZxeUc37kRu5wSCTvwUmoZ3XGUYmo/qGv3G1CQYjJ9G+KXlfgTwqggRInOixuFbLUnOehtxAZd3Eqtw3XSlchOaGLOBOiSgwZUrAjn2M4HFAPL7pVoRnQi1q0P2cxdFyhyfzQn15fs4JYZJsBkT9ep2xK2H96lfSpjKRIzIevRkNk6bmKg== x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3710508339_1998189172" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: a9e2f492-d542-445a-eaee-08d9539afda6 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2021 20:45:39.4070 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN5P110MB0382 X-OriginatorOrg: ll.mit.edu X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_11:2021-07-30, 2021-07-30 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2107300142 Archived-At: Subject: Re: [Lake] Review of KMAC in draft-ietf-lake-edhoc-08 X-BeenThere: lake@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Lightweight Authenticated Key Exchange List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2021 20:45:59 -0000 --B_3710508339_1998189172 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable A complete newcomer here, most likely lacking the context. But all that aside - doesn't KMAC require AES-128, as opposed to AES-256? I= s it a concern, and if not - why not? -- Regards, Uri =20 There are two ways to design a system. One is to make is so simple there ar= e obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. = - C. A. R. Hoare =20 =EF=BB=BFOn 7/30/21, 15:50, "Lake on behalf of Robert Moskowitz" wrote: Greetings Lakers. ;) From a Great Lakes person (only one I have not swum in is Ontario and=20 let me tell you, Superior is COLD!). I have looked at your use of KMAC and it is a good start, but not as=20 good as can be done with KMAC. Please see my draft: https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/ Not only do I use KMAC for HMAC replacement, but also as the KDF. I=20 also include Xoodyak, one of the NIST LWC finalists of which only 4=20 include hashing. This draft has been implemented in openHIP and reviewed by Team Keccak. WRT to use as a KDF. In my discussions with NIST and Team Keccak=20 (including F2F at IACR RWC Jan '20) KMAC directly does the=20 extract-and-expand. You do not need to invoke KMAC twice. In SP800-56Cr1 sec 8.3, KMAC is not included in a 2-step KDF as it is=20 waiting SP800-108 update. But in my research I see KMAC doing exactly=20 what it takes the two HMAC steps to accomplish. Team Keccak has=20 confirmed this revaluation. NIST has hedged its position, as one would= =20 expect, but they have not said no (again F2F discussions in Dec '19). Further you should point out that HMAC needs 2 hash operations to KMAC'= s=20 single sponge invocation. This is an important performance=20 consideration in constrained devices. Even if SHA-256 is marginally=20 faster than KMAC-128 (same strength), it is not twice as good. On top of that KMAC as a KDF replaces two or more HMACs (depending on=20 how many key bits needed). Again a performance gain. I would be happy to work with the draft authors on changes in KMAC usag= e. Also NIST is stating that the LWC will conclude by end of 2021. It=20 behoves Lake to look hard at the LWC finalists that do hashing. This=20 could be saved for a separate draft, depending on expected completion=20 and last call of lake-edhoc. thank you for consideration. --=20 Lake mailing list Lake@ietf.org https://www.ietf.org/mailman/listinfo/lake --B_3710508339_1998189172 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIUfQYJKoZIhvcNAQcCoIIUbjCCFGoCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGgghJDMIIE8zCCA9ugAwIBAgITWQAE/KGDHCQY5NLn7AAAAAT8oTANBgkqhkiG9w0BAQsF ADBRMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoG A1UECwwDUEtJMRMwEQYDVQQDDApNSVRMTCBDQS01MB4XDTIwMTIxMTAwMDQ0OVoXDTI1MTIx MDAwMDQ0OVowYTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRv cnkxDzANBgNVBAsTBlBlb3BsZTEgMB4GA1UEAxMXQmx1bWVudGhhbC5VcmkuNTAwMTA1ODQw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKE/w5SMRbjqdnzi3xm35MTfqSl/hP NjMbDakZIdbjOM3UKEmPFXc6a6VU/QqOJUi6ndjw0tH7RCVP73bdRPXO/E8WiAaaSYG6Ddqr 02Pv6wThtFuh+ll9IbDRWZCrXdglHg5CdvqpmlsX5UY54/Gb5r+Je3CwHewClS9/KqklAu/M Rj7Cc7g+PM9GcvU63WDVgXiuAplgvA+W5Hvmcnseb97nBuBnZ1kgbFScRNLR8y5QxSrSpXxW YRiH8dlr/LfBSYsgClZ57NhMk6Z4YL3y1Pw6Vq8pXtM7hlSq8/6s/jhxwf6vUDDeBAkoEWxl hqJtjdD+qrucwiRcrt9SNOufAgMBAAGjggGyMIIBrjAdBgNVHQ4EFgQURapIqD1qtfvgIhzU 5deTdhe9DyMwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFC/vu8YNHbvpav6sZ/MHOwh2 9ktZMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXRjcmwvbGxj YTUwZgYIKwYBBQUHAQEEWjBYMC0GCCsGAQUFBzAChiFodHRwOi8vY3JsLmxsLm1pdC5lZHUv Z2V0dG8vbGxjYTUwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmxsLm1pdC5lZHUvb2NzcDA9 BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94yh/+K cwIBZAIBCjAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAZBgNVHREEEjAQ gQ51cmlAbGwubWl0LmVkdTAYBgNVHSAEETAPMA0GCyqGSIb3EgIBAwEIMCcGCSsGAQQBgjcU AgQaHhgATABMAFUAcwBlAHIAUwBpAGcALQBTAFcwDQYJKoZIhvcNAQELBQADggEBABAw2S9N p+Aii+rVwD0uTZSRjpL7QD9sWkH1WB1Yd/88m+R6xZtKiD1PJLKXzcumU1V9FAPYZufhCcPV KRgyGbizPBn+f3t13bDieGHLd0DWM4abQiEgiFDsUDzTJ78WwHt/PFMjFe/oFSgghgKcOiBO QdxA7oWgV0cvJmc0hNxV6aPACboXW4qAXKMaMXPrhAXJTkL81uoemEf54gdROFIdVLYOUdba mGmstwRcTn1RsJhIcu2EDSNpyfwfK1NUNQAe199BaNenGrKW9yTHwEY55c9xusIEEaW+FLAi jseXn2gIvlQ0W2P2NMm7YCir0F6PI3DDH8+XmfcrbSfNt9swggTAMIIDqKADAgECAgEGMA0G CSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJv cmF0b3J5MQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD01JVExMIFJvb3QgQ0EtMjAeFw0xNzAz MDIxMjAwMDBaFw0yNjAzMDIyMzU5NTlaMFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZNSVQg TGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLDANQS0kxEzARBgNVBAMMCk1JVExMIENBLTUw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmoMOvTkfw7nq19mrWazGaa+Q83Uv 0+ATXT3q6kr+WExIMIZ87C74WCcRXpvO7uvx7HvMsYWAFHW93wQwhjytxHIOZgKNJ4VnGVDU l+KI7g0n9+Zjt3hB3HhHbcvbe9+Y4jz+XzCiLl2OaYvICKbxvbBSCLtPEeZQ6x6Tb6EK0ym0 gvYeHO3kuuY+SJHJMltbrLnIVLxjZrNVS77zXKvu6Q3hSdkRIB7kJgEXfL+p/z/2p94bEEZ2 TnQz0TkOjG+Jq7UlXlFRtvsYcDPEQD3UNkZsWcXgC1hXG8TGknUcAhlGxVhlKlFLmNd7342s eGy2s9YxNDnSE+eXTtb0I5LLAgMBAAGjggGcMIIBmDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G A1UdDgQWBBQv77vGDR276Wr+rGfzBzsIdvZLWTAfBgNVHSMEGDAWgBT/ycllTFOA8akMPCGu girH7vgy+zAOBgNVHQ8BAf8EBAMCAYYwZwYIKwYBBQUHAQEEWzBZMC4GCCsGAQUFBzAChiJo dHRwOi8vY3JsLmxsLm1pdC5lZHUvZ2V0dG8vTExSQ0EyMCcGCCsGAQUFBzABhhtodHRwOi8v b2NzcC5sbC5taXQuZWR1L29jc3AwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5sbC5t aXQuZWR1L2dldGNybC9MTFJDQTIwgZIGA1UdIASBijCBhzANBgsqhkiG9xICAQMBBjANBgsq hkiG9xICAQMBCDANBgsqhkiG9xICAQMBBzANBgsqhkiG9xICAQMBCTANBgsqhkiG9xICAQMB CjANBgsqhkiG9xICAQMBCzANBgsqhkiG9xICAQMBDjANBgsqhkiG9xICAQMBDzANBgsqhkiG 9xICAQMBEDANBgkqhkiG9w0BAQsFAAOCAQEAMJYRwLPJ91K7e2mA2Nj10W0o5JMHYkaa+ctL 8/xY8QzIHFI5Ij+iydpPN9KCYn/4Sy80T3aNoYkFlS0GRQXhf0nsiY7TWJwAKw4AiO/yJ37/ oRKRgtyRicvaJ6RjlHCXBOalFLw9UtpodP4/idC51lxzsolaQZraBjVe7PL95PhS7D+22Nff InzLdIb1DBf54NwOVfPIgABtxH1fhZrja7EhR9RoUw5E1O6iWaAuP/xWhSTQFWlhyA0/kkIi 9/HXaY0hYnhcjcbPPqjpyfIhSFjjXhjqK7t2wPrSrBFLFUbnLiNlgQHrvNYF5IqgIfnSBWIr m3rfLhpZZJ/xJ7Yf6DCCA4owggJyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UE BhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTEY MBYGA1UEAxMPTUlUTEwgUm9vdCBDQS0yMB4XDTE2MDQyMDEyMDAwMFoXDTM1MDQxOTIzNTk1 OVowVjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAK BgNVBAsTA1BLSTEYMBYGA1UEAxMPTUlUTEwgUm9vdCBDQS0yMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAv3WoBEGOOJtm4ucvaf6vKIFPs8watCd6Smwq/XeRNo7P3jPIxNPw F398RGDUmPJIXA7idzD6j0opFIW+kLqYye9e788PV0dqaJlX8818fNDbSE+8B6hieqKTR7Vf OI74UVQEUKVRFuRFw6uVYuvgew2Tj/C2dEee37eruQl5nHkbV2OsWnZ7O+yt+etd6HRcaXLl P9q8WKgA3B7vkOVIMCKoAuaWj+BFq7K+WNkiyi/KdOH9JmOpbyRK4jcA7xbLnF8JFUSNg5c4 Y1BJrFaZtkCeG6Nm9p524GllkRFzPgpj8VicV+AK+9rY07dTx02kYotTnKuy0YxBAwsUXxAQ EwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT/ycllTFOA8akMPCGugirH 7vgy+zAfBgNVHSMEGDAWgBT/ycllTFOA8akMPCGugirH7vgy+zAOBgNVHQ8BAf8EBAMCAYYw DQYJKoZIhvcNAQELBQADggEBAHqYfEf/3J5aMKhlYQ0PnUAbMB8jZSr9/HvjfOF00crFUCfS rqG8JQwo+S/iq66gcp62FEgJ0fQkDgVg6m+C2ETo1LoWiSxhYCfcSIQECljlXwR8wFSayF82 2S69IqvHhdq4d58jU6gYi6ssjU4vwsvsVLRJKk/m/Cg/w8gW6YHM5ahBD6/5Ccel2fI7oSms kO991+otrC11YfDwCFvz7Am0r+K9iVhSWta4hmIuV0YBia07eZKSO02LPgQ8YOz3ku0Yt+mh 8VWRKux2CcYjMpk+WDV0BMp75tqb6pqBFkcKvEBXqxg+8+G/umjii4H0c5kvJhaQyykbmOKm xO9IcJIwggT2MIID3qADAgECAhNZAAUW1xDL1n3IkFBHAAAABRbXMA0GCSqGSIb3DQEBCwUA MFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYD VQQLDANQS0kxEzARBgNVBAMMCk1JVExMIENBLTUwHhcNMjEwNzA2MjM0ODI1WhcNMjYwMzAy MjM1OTU5WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9y eTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQDExdCbHVtZW50aGFsLlVyaS41MDAxMDU4NDCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMRXUPN5Fz28jb9GOca2/6HDq5EE4Hu T1enB0TiMEnOTipW88pgPmSZ/AAFyJF7AWX7PYPw94Ed/Bbs7yCCa6WZS7cQzdHOWppx9gRZ AxkR8+TgosxPcHoCMXmI/hXtVdZ7mwZlpBGJvyBe6YRmxOWLl3WiCRi/gBThwEWsiQZOfhEN 7hC2GhgCKetpNlTRPxslLmkStNlnjNAxhet8Vm/KSYJFVPOx3qytdLwnO6sz4AfIJJQkFX26 6oP0F/4bjRGlIZrZpdUPGiydpJl1r5SRcYs1ZE7JHErULWSyiAIzBDHUCTcN2GnFoR+9fz92 q2VIHvNHx7bV1hd0E0zlC9UCAwEAAaOCAbUwggGxMB0GA1UdDgQWBBSQ5IixU+wo9uUYNUB4 G/ea7vuWEjAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUL++7xg0du+lq/qxn8wc7CHb2 S1kwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9sbGNh NTBmBggrBgEFBQcBAQRaMFgwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9n ZXR0by9sbGNhNTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AubGwubWl0LmVkdS9vY3NwMD0G CSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCIOD5R2H7Kdmhq2HFYPq8EWFtqEfHYXr0HCD6+0g AgFkAgELMCUGA1UdJQQeMBwGBFUdJQAGCCsGAQUFBwMEBgorBgEEAYI3CgMEMBkGA1UdEQQS MBCBDnVyaUBsbC5taXQuZWR1MBgGA1UdIAQRMA8wDQYLKoZIhvcSAgEDAQgwJwYJKwYBBAGC NxQCBBoeGABMAEwAVQBzAGUAcgBFAG4AYwAtAFMAVzANBgkqhkiG9w0BAQsFAAOCAQEAICZO a7qQQMDGZzRUaX+Mm/3meVo0nTEdNby178MGq6uYGUS4keIkljEoI+KiEMbT8rtCOBZwomnO HdJmLuRUEgrVAos27V4yjvoic8QKsz+qEhxslFg/2EYMAbTsyLqg34R+wG5o6K95ohUrgLud fPxAmcLOFBtIZBr/3DUIlzw4xHKiX2ruex7YOrQccgXb2qGtNB7tG6jAaXqFb+NZTJhj+3pd OiZiZanzpZvPLIH6Xe4awqDrok7q9ImwwSSQorNrJxKKtA3vLUW3DGvom3XDiOjDqpzhmqXC u6Wf7JfrSJRaudU2WyvYfPk7NQlkLR/1G6Xz+zKqO/cBt2aNATGCAf4wggH6AgEBMGgwUTEL MAkGA1UEBhMCVVMxHzAdBgNVBAoMFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsM A1BLSTETMBEGA1UEAwwKTUlUTEwgQ0EtNQITWQAE/KGDHCQY5NLn7AAAAAT8oTANBglghkgB ZQMEAgEFAKBpMC8GCSqGSIb3DQEJBDEiBCCTehUO7UEIXLnZ/2u8YJhvq9vD8fNsi9tZSGDo AxByRjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTA3MzAy MDQ1MzlaMA0GCSqGSIb3DQEBAQUABIIBACadWlIDPnj50L0t9SvkLoiNsI82wwM6zmWQygL5 2zw3T0yoSGSw637+S1FP3VrNHYyqest3LbWY5gLDgBSCmgoptai48p/iQG7LZZKHxy85Wvi0 SPRBvKuuA9ahnIx8kUITcFikeMquqKmjNq5cB2hxI5FY3lFcf/p/PKsJnFNAFtSHhXwdAbrm 7Zws+0m5wRGrehAxLNGXIw5kfvNXFvlk7/nWDjAXjTus5RdbzWIi62C1r/4K9P1Bwq4QCQit WJp2I2oDj4izUklmVRBVhjV5dt9eSd7BRjR0bFN1zhTrYXXiqzBv9M1fSSedzpD6rf+t8smz 4rsptn8J2pp2WIw= --B_3710508339_1998189172--