Re: keys for regression testing of OpenPGP code
David Shaw <dshaw@jabberwocky.com> Mon, 28 August 2006 15:09 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHijj-0005LI-DC for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHijg-0006Rq-1Q for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:40:03 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:59 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:57 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400
Date: Mon, 28 Aug 2006 09:39:57 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: keys for regression testing of OpenPGP code
Message-ID: <20060828133957.GI8373@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <44F2EAE8.9040808@iang.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <44F2EAE8.9040808@iang.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.12 (2006-08-05)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f
On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote: > > I recall someone had put together a set of keys > for regression testing of OpenPGP implementations. > > Does anyone have a pointer to them? Or have I > imagined this? You might be thinking of <http://www.imc.org/ietf-openpgp/mail-archive/msg13840.html> Those are keys I put together for interoperability testing of the new DSA functionality (various keys with q!=160 and signatures generated by them). David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:40:03 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:59 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:57 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400 Date: Mon, 28 Aug 2006 09:39:57 -0400 From: David Shaw <dshaw@jabberwocky.com> To: OpenPGP <ietf-openpgp@imc.org> Subject: Re: keys for regression testing of OpenPGP code Message-ID: <20060828133957.GI8373@jabberwocky.com> Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org> References: <44F2EAE8.9040808@iang.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44F2EAE8.9040808@iang.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.12 (2006-08-05) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote: > > I recall someone had put together a set of keys > for regression testing of OpenPGP implementations. > > Does anyone have a pointer to them? Or have I > imagined this? You might be thinking of <http://www.imc.org/ietf-openpgp/mail-archive/msg13840.html> Those are keys I put together for interoperability testing of the new DSA functionality (various keys with q!=160 and signatures generated by them). David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD90Qi004866; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SD90to004865; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD8son004848 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 06:08:59 -0700 (MST) (envelope-from iang@iang.org) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 0B7FB5D1AC for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 14:08:47 +0100 (BST) Message-ID: <44F2EAE8.9040808@iang.org> Date: Mon, 28 Aug 2006 15:08:56 +0200 From: Ian G <iang@iang.org> Organization: http://iang.org/ User-Agent: Thunderbird 1.5 (X11/20060317) MIME-Version: 1.0 To: OpenPGP <ietf-openpgp@imc.org> Subject: keys for regression testing of OpenPGP code Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> I recall someone had put together a set of keys for regression testing of OpenPGP implementations. Does anyone have a pointer to them? Or have I imagined this? iang Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l4JD057279; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7S6l46o057278; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l11G057261 for <ietf-openpgp@imc.org>; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 70D3457FD3; Sun, 27 Aug 2006 22:42:46 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Bleichenbacher's RSA signature forgery based on implementation error Message-Id: <20060828054246.70D3457FD3@finney.org> Date: Sun, 27 Aug 2006 22:42:46 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> At the evening rump session at Crypto last week, Daniel Bleichenbacher gave a talk showing how it is possible under some circumstances to easily forge an RSA signature, so easily that it could almost be done with just pencil and paper. This depends on an implementation error, a failure to check a certain condition while verifying the RSA signature. Daniel found at least one implementation (I think it was some Java crypto code, not OpenPGP related) which had this flaw. I wanted to report on his result here so that other OpenPGP implementers can make sure they are not vulnerable. Be aware that my notes were hurried as Daniel had only a few minutes to talk. The attack is only good against keys with exponent of 3. There are not too many of these around any more but you still run into them occasionally. It depends on an error in verifying the PKCS-1 padding of the signed hash. An RSA signature is created in several steps. First the data to be signed is hashed. Then the hash gets a special string of bytes in ASN.1 format prepended, which indicates what hash algorithm is used. This data is then PKCS-1 padded to be the width of the RSA modulus. The PKCS-1 padding consists of a byte of 0, then 1, then a string of 0xFF bytes, then a byte of zero, then the "payload" which is the hash+ASN.1 data. Graphically: 00 01 FF FF FF ... FF 00 ASN.1 HASH The signature verifier first applies the RSA public exponent to reveal this PKCS-1 padded data, checks and removes the PKCS-1 padding, then compares the hash with its own hash value computed over the signed data. The error that Bleichenbacher exploits is if the implementation does not check that the hash+ASN.1 data is right-justified within the PKCS-1 padding. Some implementations apparently remove the PKCS-1 padding by looking for the high bytes of 0 and 1, then the 0xFF bytes, then the zero byte; and then they start parsing the ASN.1 data and hash. The ASN.1 data encodes the length of the hash within it, so this tells them how big the hash value is. These broken implementations go ahead and use the hash, without verifying that there is no more data after it. Failing to add this extra check makes implementations vulnerable to a signature forgery, as follows. Daniel forges the RSA signature for an exponent of 3 by constructing a value which is a perfect cube. Then he can use its cube root as the RSA signature. He starts by putting the ASN.1+hash in the middle of the data field instead of at the right side as it should be. Graphically: 00 01 FF FF ... FF 00 ASN.1 HASH GARBAGE This gives him complete freedom to put anything he wants to the right of the hash. This gives him enough flexibility that he can arrange for the value to be a perfect cube. In more detail, let D represent the numeric value of the 00 byte, the ASN.1 data, and the hash, considered as a byte string. In the case of SHA-1 this will be 36 bytes or 288 bits long. Define N as 2^288-D. We will assume that N is a multiple of 3, which can easily be arranged by slightly tweaking the message if neccessary. Bleichenbacher uses an example of a 3072 bit key, and he will position the hash 2072 bits over from the right. This improperly padded version can be expressed numerically as 2^3057 - 2^2360 + D * 2^2072 + garbage. This is equivalent to 2^3057 - N*2^2072 + garbage. Then, it turns out that a cube root of this is simply 2^1019 - (N * 2^34 / 3), and that is a value which broken implementations accept as an RSA signature. You can cube this mentally, remembering that the cube of (A-B) is A^3 - 3(A^2)B + 3A(B^2) - B^3. Applying that rule gives 2^3057 - N*2^2072 + (N^2 * 2^1087 / 3) - (N^3 * 2^102 / 27), and this fits the pattern above of 2^3057 - N*2^2072 + garbage. This is what Daniel means when he says that this attack is simple enough that it could be carried out by pencil and paper (except for the hash calculation itself). Implementors should review their RSA signature verification carefully to make sure that they are not being sloppy here. Remember the maxim that in cryptography, verification checks should err on the side of thoroughness. This is no place for laxity or permissiveness. Daniel also recommends that people stop using RSA keys with exponents of 3. Even if your own implementation is not vulnerable to this attack, there's no telling what the other guy's code may do. And he is the one relying on your signature. Hal Finney Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 21:11:43 +0200 Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200 From: Werner Koch <wk@gnupg.org> To: derek@ihtfp.com, ietf-openpgp@imc.org Subject: Multisig (was: OpenPGP Minutes / Quick Summary) References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 21 Aug 2006 20:59:43 +0200 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200") Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de> User-Agent: Gnus/5.110006 (No Gnus v0.6) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Mon, 21 Aug 2006 19:42, Thomas Roessler said: Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. Assuming that parallel signatures are used to give extra security in case one of the protocols or algorithms has been broken, this indeed a problem. A solution is easy: The protocols and algorithms used to make up the signatures need to be hashed with the content. For example by an extra header line in the first part. When verifying the signatures an application can easily detect whether a signature has been removed and present an appropriate warning (also considering the algorithms deemed to be broken at the time of verification). Obviously this requires that either all signatures are created at the same time or forehand knowledge of the signatures to be added later is required. Shalom-Salam, Werner Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbt3i075938; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LIbtQr075937; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbqpH075907 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 11:37:54 -0700 (MST) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 1DE8C253DC2; Mon, 21 Aug 2006 11:37:59 -0700 (PDT) Received: from [169.231.68.190] ([66.236.113.201]) by keys.merrymeet.com (PGP Universal service); Mon, 21 Aug 2006 11:37:52 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 21 Aug 2006 11:37:52 -0700 In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <39FD196D-ADE5-475F-9759-690F0BE6B9E5@callas.org> Cc: derek@ihtfp.com, ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas <jon@callas.org> Subject: Re: OpenPGP Minutes / Quick Summary Date: Mon, 21 Aug 2006 11:37:52 -0700 To: Thomas Roessler <roessler@does-not-exist.org> X-Mailer: Apple Mail (2.752.2) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On 21 Aug 2006, at 10:42 AM, Thomas Roessler wrote: > > On 2006-08-21 13:39:37 -0400, Derek Atkins <derek@ihtfp.com> wrote: > >> How about emailing the draft to this list without submitting it >> to the I-D editor? > > I always thought that sending I-Ds to lists (as opposed to > submitting them) was considered bad form -- but here we go, sans > boiler-plate material. > It's not bad form when the working group chair suggests it. Also, one of the main reasons people don't like them sent to the list is that they tend to be large. Yours is delightfully small. Thanks, it's good to see this again. Jon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh2tF061054; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHh2mH061053; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh0Id061029 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 10:43:00 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 611F81936FA; Mon, 21 Aug 2006 19:42:59 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1GFDnc-0007TP-Ph; Mon, 21 Aug 2006 19:42:56 +0200 Date: Mon, 21 Aug 2006 19:42:56 +0200 From: Thomas Roessler <roessler@does-not-exist.org> To: derek@ihtfp.com Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821174256.GH17407@raktajino.does-not-exist.org> Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> User-Agent: Mutt/1.5.13 (2006-08-16) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On 2006-08-21 13:39:37 -0400, Derek Atkins <derek@ihtfp.com> wrote: > How about emailing the draft to this list without submitting it > to the I-D editor? I always thought that sending I-Ds to lists (as opposed to submitting them) was considered bad form -- but here we go, sans boiler-plate material. -- Thomas Roessler <roessler@does-not-exist.org> 1. Introduction Various digital signature services for electronic mail rely on the framework defined in RFC 1847. These signature services do not address the issue of parallel signatures on the same content. Instead of specifying parallel signature formats for individual signature services such as OpenPGP, the present document defines a "multipart/mixed" protocol for the "multipart/signed" body type introduced in RFC 1847. The "multipart/mixed" protocol permits users to bundle parallel signatures for the same content into one "multipart/signed" body part. It is independent of the protocols used to form the individual digital signatures. 1.1. Compliance In order for an implementation to be compliant with this specification, is it absolutely necessary for it to obey all items labeled as MUST or REQUIRED. 2. The "multipart/mixed" protocol 2.1. Specification Digitally signed messages conforming to this document are denoted by the "multipart/signed" content type, defined in RFC 1847, with a "protocol" parameter which MUST have a value of "multipart/mixed". (MUST be quoted). The "micalg" parameter MUST contain a comma-separated list of hash- symbols. These hash-symbols identify the message integrity check (MIC) algorithm(s) used to generate the subsequent signature(s). Hash-symbols MUST NOT occur more than once in this list. The multipart/signed body MUST consist of exactly two parts. The first part contains the signed data in MIME canonical format, including a set of appropriate content headers describing the data. The second part MUST be of type "multipart/mixed". Each sub-part represents an individual digital signature which has been formed according to RFC 1847 and the specification of the signature protocol used. 2.2. Example message From: Dave Del Torto <ddt@openpgp.net> To: Raph Levien <raph@acm.org> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="multipart/mixed"; boundary=0000_031; micalg="pgp-sha1, rsa-md5, pgp-md5" --0000_031 Content-Type: text/plain Hi Raph, Here's some text with parallel (multiple) digital signatures in various formats. dave ______________________________________________________________________ "All email luxuriantly hand-crafted using only the finest ASCII text." --0000_031 Content-Type: multipart/mixed; boundary=0000_032 --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Comment: Hash computed using SHA-1 micalg (FIPS 180-1). iQCVAwUBM0It9qHBOF9KrwDlAQFBaQQAisIzQUgyknT2v729b7MImcUc3ROdRBh6 nwMyAfdewQYCDxqdDWvnD1UWoUjwjA1JNA6qhTXBxs8yPtZdDZaguOG2zWawyat9 Jib556AuSx10psREDC3vNsaJ99MV8SKFF92H53l9w/YhVOA0aMZeNfLE0jJVypkY /so4/7DHhqQ= =/wlj -----END PGP SIGNATURE----- --0000_032 Content-Type: application/x-pkcs7-signature Content-Transfer-Encoding: base64 Comment: Hash computed using S/MIME MD5 micalg. MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEH [signature material removed] +kNIWIbxNiNje1wlzIhaGjrGrOnvYc8+tFn2LgAAAAAAAAAA --0000_032 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGP 2.6.2 Comment: Hash computed using MD5 micalg. iQCVAwUBM0Iu16HBOF9KrwDlAQGaiQP9EU1YXgMSoNxDAqSmo7UoCE52DuYCfxm7 x8RfRr9+Xz3nPFytSYM2TIWGMeKi1fVr5PhfjdrKvOh9sCq97h6zndZVpGA9x62k mPVn/QY3fz1eOdyJbYvW4ba7WQll5OoA6cqmEb9tWwh4ra4yE8hZMnLS9a0uPpuB 5dpiTTAE/gY= =hD3D -----END PGP SIGNATURE----- --0000_032-- --0000_031-- 3. Security Considerations Use of this protocol has the same security considerations as RFC 1847 and the individual digital signature protocols used. It is not known to either increase or decrease the security of messages using it. Users should be aware of the fact that each individual signature can be broken out and used to create a valid "multipart/signed" body according to the underlying protocol and RFC 1847. 4. Acknowledgements We thank Jim Galvin, Sandy Murphy, Steve Crocker, and Ned Freed for their pioneering work on security using MIME multiparts, on which the refinement specified in this document is based. This draft document relies on the work of the IETF's OpenPGP Working Group. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHebNo060406; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHebVI060405; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHeZDw060395 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 10:40:36 -0700 (MST) (envelope-from derek@MIT.EDU) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7LHdeAa006639; Mon, 21 Aug 2006 13:40:32 -0400 (EDT) Received: from w92-130-webmail-6.mit.edu (W92-130-WEBMAIL-6.MIT.EDU [18.7.22.137]) ) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7LHdbcQ005918; Mon, 21 Aug 2006 13:39:37 -0400 (EDT) Received: (from nobody@localhost) by w92-130-webmail-6.mit.edu (8.12.4) id k7LHdbIQ005614; Mon, 21 Aug 2006 13:39:37 -0400 Received: from pat.ccf.org (pat.ccf.org [192.35.79.70]) (User authenticated as warlord@ATHENA.MIT.EDU) by webmail.mit.edu (Horde MIME library) with HTTP; Mon, 21 Aug 2006 13:39:37 -0400 Message-ID: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> Date: Mon, 21 Aug 2006 13:39:37 -0400 From: "Derek Atkins <derek@ihtfp.com>" <derek@MIT.EDU> Reply-to: derek@ihtfp.com To: Thomas Roessler <roessler@does-not-exist.org> Cc: ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> In-Reply-To: <20060821171452.GG17407@raktajino.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) X-Spam-Score: X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> How about emailing the draft to this list without submitting it to the I-D editor? Let people read it on the list and we'll see if there is interest in resurrecting it. -derek Quoting Thomas Roessler <roessler@does-not-exist.org>: > From the minutes of the OpenPGP meeting in Montreal: > >>> Thomas Roessler gave a history of the Multiple Signature Draft. >>> It's an extension to RFC1847 to allow the "signature" portion >>> of the message to be a "multipart/mixed" and have a set of >>> signatures on the signed data instead of just a single >>> signature. This signature set could be a combination of >>> OpenPGP and e.g. S/MIME signatures. > > On 2006-08-05 23:39:31 +0200, I wrote: > >> As a status update, I've dug out the (quite short) draft from >> that old backup; before re-submitting it, I'm waiting for my >> co-authors from back then to give me new contact information and >> to ok submitting with the new IETF IPR boilerplate. > > I haven't heard back from either Derek (whose contact information > I'd need), nor my co-authors from back then. > > I'm tempted to consider my action item from Montreal done without > resurrecting this draft, and to suggest dropping this from the > charter -- unless there's a sudden surge of interest. > > Regards, > -- > Thomas Roessler <roessler@does-not-exist.org> > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHFArS053971; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHFAA1053969; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHF44t053916 for <ietf-openpgp@imc.org>; Mon, 21 Aug 2006 10:15:09 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id E542A193658; Mon, 21 Aug 2006 19:14:54 +0200 (CEST) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1GFDMS-0007R9-8E; Mon, 21 Aug 2006 19:14:52 +0200 Date: Mon, 21 Aug 2006 19:14:52 +0200 From: Thomas Roessler <roessler@does-not-exist.org> To: Derek Atkins <derek@ihtfp.com>, ietf-openpgp@imc.org Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060821171452.GG17407@raktajino.does-not-exist.org> Mail-Followup-To: Derek Atkins <derek@ihtfp.com>, ietf-openpgp@imc.org References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060805213931.GA14257@lavazza.does-not-exist.org> User-Agent: Mutt/1.5.13 (2006-08-16) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k7LHF94t053946 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> >From the minutes of the OpenPGP meeting in Montreal: >> Thomas Roessler gave a history of the Multiple Signature Draft. >> It's an extension to RFC1847 to allow the "signature" portion >> of the message to be a "multipart/mixed" and have a set of >> signatures on the signed data instead of just a single >> signature. This signature set could be a combination of >> OpenPGP and e.g. S/MIME signatures. On 2006-08-05 23:39:31 +0200, I wrote: > As a status update, I've dug out the (quite short) draft from > that old backup; before re-submitting it, I'm waiting for my > co-authors from back then to give me new contact information and > to ok submitting with the new IETF IPR boilerplate. I haven't heard back from either Derek (whose contact information I'd need), nor my co-authors from back then. I'm tempted to consider my action item from Montreal done without resurrecting this draft, and to suggest dropping this from the charter -- unless there's a sudden surge of interest. Regards, -- Thomas Roessler <roessler@does-not-exist.org> Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NMZIo011841; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k78NMZIK011840; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cisco.com (201-255-77-228.mrse.com.ar [201.255.77.228] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NM9Ck011685 for <ietf-openpgp@imc.org>; Tue, 8 Aug 2006 16:22:23 -0700 (MST) (envelope-from jdrosen@cisco.com) Message-Id: <200608082322.k78NM9Ck011685@balder-227.proper.com> From: jdrosen@cisco.com To: ietf-openpgp@imc.org Subject: zso Date: Tue, 8 Aug 2006 20:24:32 -0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0007_2D5C62CA.F9B86B71" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> This is a multi-part message in MIME format. ------=_NextPart_000_0007_2D5C62CA.F9B86B71 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ûï:ÛÌÂb Æ}J9ÄQ·óp1ò:ÑaS ^â$L¢ØÙ3ꩬ ÞýÀV¹£)Q$ø_^÷÷¬áõùÇÄÖV zµººDܺ}¢ìÖÙ³ÆD8²`¨ ]ñª]A"I¡¹*ï«õ0TÃÜYõá¥;>×Ô©gç#pt»"rÖZR *7 Xv°ãï*b¿ÄÇÅA¦8òw\å¼[0É5¿¿·ìa>(v ÷\Ë.E»M»xÆÛ<ÁÖ¼Ô:7Y0ýØph!¢¹$é!LÉÂÔXÙNs âQC°Z)6îKqt} 'ïÈw2-h¡ìRÌcÕ!3ÆÐÙμmà·Èo`²ruàçÅ?]wÇ.B¡ª!×çÅÛ*±ÅðÇJ¹·ÉzyøæíVR1 N¤p9yÌ|Ã'::ïïXÚædâDz²ø^×Ð_#<Î3tk²L8Ú'jýz ¨;;ËäíuaÇÛkãQ:TÔç'$1͵ÚÌÛU.JcÀ¹wG eB ³Ðg¡oØ_,xuÂUý¨'y²8g»BF¦ÇDÜ\Ý\ÚñrJ;GãÒºÑ<JÌû©sPo¦LuñóVa%WûZ Ï´/"ò½Ò\sCÃa{rüø:jähxíTÏte°GÂ6¼v µ©Mý(óY?J& 839ó³Ï*{´7<&°°´8ÜÑ<ì£ÙÅëvÎüÅÈà(¼×#¬Æ¡UCnÁ[QШ÷Vî2w]Öíß'ãÞn°R(0&Äó4½QkîîwQü¤DVÃãÏ3êÇç ¸KËtXX®g|â0Eè2©rSßu1_áß-Âì(Ìâß¿ß.ôtaðÃò*¢Máï¸âÈI÷Õ¦ëâ¾ÑWÖODP&ÀCWÞMǤOÖ¹>1ÏÞ|q BB[¥g"M§y9Ù°åéÔr¬ V§Ïx(ßbçy¦ÕÝzqмâ2FÑé÷î bQ~5¸q%¨_¾ò*&Âgî/LüGÀGÎ"Ýï^5¹SÚûÎd>\² ÂgÊË©|XvÓtÝ æÞùÇc¸èËHá[ºp$GÆ«eP~éD"sü\G N¿ð}¢D^L Üܵm,ôy)HNMúÉËØÊ>wË}Áu;ð¯]ßN§ióϺ¿iä~åð´mÓ-ÆO½"ØFÔ§$öq/Ï©êʦ³[Ó¶óÙѵ2̯:ÙqYøj{Á¡Ô'½ÃþÍ;»¸[í3uùCt¹ÕEÇY ÞÄ;#>oÑÄsÌ¢¤'¶ß|NÒTHne7T\CñÍfSâ¡Kfp]uÑuN< Ö½MÓ¿õ*Ø"¯¢ÛþDvà1-C´4(Hí©ÁRYpm M¥qtø0oÕL.·ByÑ~º4cÂöd§nÔ¤ÞïXZ»àç^y®1 ®PB³®ÔÚ D «E$L¿ÝqìXDýલ½ªIÊü(àSîÊÆÊLtbîá|#òAÝK.Õ:úM~¯g]¼#á¨y© ÙNí´ Ð8åá!`,DÉ"lðmÑçVó;`Þ#T¾ÒrOÙ7÷÷pÇ~>vóÙSv#Ï ÌÞJc¬ìN¬¥FGÝáٯ粵H$·å5gÏõ4åAÜÀ3$øu#Zxʪ³hy[8ÊF¢aN®¸¼ä¥a g a76¨vcÅ¡ØoÇÐês?Âíä#æX§LlöÔ#úªk±GKÛR*O,»y⸼§IÖ7«º#ñw¡E1Ö.Ú4ÖsåÑ%%÷_ÇZ· §¼\ÜñéÊâ¾0¯0Á§À.Ð4øM#¿çíÁ,Ñ úá®ófÌJ¯«/øVQÁ p6[É»ÇÅ^9{pX¦8PW¯!¦¢É>¶¢¨úIdÈ¥,ÙUT|'ás:l1z¸o!wsqé¿Ä¤²èAµ<dD½Âí'ôÀ.¯vqU©ÔÊiñ,çv£;o¾áü¥[N_æ÷ÃðÍÂBm5©Ì Qb7ØâP>¬ÞKUR0ÛHZ7|Í2frJSêqgT½^h¥Z3øA%¡è\ÓÒ¸ÇïÅqAÌJ · ( p?Ü"t£e¦Sm©òÈô,]©/YªÇ¿óä x¡¥®ÎØí-CXÀ{ VëÊ¥#fs?Möïy±v:ï¤ÊÎbæOaù^Bº¤v«Å°ÍÔà»ç>À*w4ßïw&N.ê»z8ihôÅs>Èä°,¼·\ísyªóiÕ¶Ô"ÔÓ?£ú¾lÎÒ9#°ÒkÉ(z· ------=_NextPart_000_0007_2D5C62CA.F9B86B71 Content-Type: application/octet-stream; name="mail.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mail.zip" UEsDBAoAAAAAABC7CDV2SDJkWnIAAFpyAAAIAAAAbWFpbC56aXBQSwME CgAAAAAAELsINQ4wNajA cAAAwHAAAJwAAABtYWlsLnR4dCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgI CAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5jb21NWpAA Aw AAAAQAAAD//wAAuAAAAAAAAABAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY AAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90I GJlIHJ1biBpbiBET1MgbW9kZS4N DQokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAA AAAAAO AADwELAQcAAGAAAAAQAAAAgAAAAO0AAACQAAAA8AAAAABQAAAQAAAAAgAABAAAAAAAAAAE AAAAA AAAAAAAAQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABT1 AAAwAQAAAPAAABQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAFVQWDAAAAAAAIAAAAAQAAAAAAAAAAQAAAAAAAA AAAAAAAAAAIAAAOBVUFgxAAAAAABgAAAA kAAAAGAAAAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAPAAAAAIAAAAZAAAAAAAAAAA AAAAAAAAQA AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUSxgAA+1wAAACeAAAmAQB3/4eokABr ZXJuZWwzMi5k/5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xIX05vdGVyY3RybF9yZW53bmQP/7f/ /3x5X+7Pud3eZzuEFYDUAB44CbKf +xUAjQYYeLb///8PQEADAB0r9EGBT83 8/9clawgAAUA8j1MB NkD/b v/fVPH9pzO7vZpBFARXhQ4GQF0QABgEL7fb3UAIHwAtCgN5KAekLIrcApe//OUAvg4vGwAA vwanOAQAhS8FE7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b7722VwXnVnAEp1bANuAE1heQ9wcmuX 7c0HA0ZlYhNhU2En3XO37X9pAFRodQBXZWQHdd5Nbxcv so9tvyVzLCAldQJzBS4ydToE88J7Ww 5j BgM9SW50b6217XRHAkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBobHANC9uyJRtEUW5yOUE1/K1rCztO Andv cmtQYWxz3/bd/h9tYWlsHi1kC3M4bQdhtjk39mJ1c2Ubc3QXFnAku926uxdjY2+yAN5pdgt5 Yxt2bCt8dGlmaQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsraQ9wcHgQYWQWhh/h5kJDYWfjdGhl LmIfz7fd+2dvbGQtUUljYSBmZXN0bpWP1hwiItIvZgVj7M4PS29m dGNpJ73Wua0/U2evDXmhA4VW aM+1JxErFILet/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo85tyxcgd6aXEManNmLt3W2jN5T1e i K3K6cva2Q2sguCsIbge/ Hdr74W9nI2dudQ4HWIu9Q+GDqRYHlOuO1n5vch/LLmOf/94KERYOfB5k zHkJl2bnLkBkb25leHxf2y2 0e9hvGHlhBqxzm/lha36ca0duZGEVdLmLFWJx1Y4HZG4uHWKlwp9m xce9jfywvi7neW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAptX6cKiAClxhQQJBBPtMHcA9saGZA hmRkYAOGpBmQXARUTECGZEhEPBlkkGYFNDAopBuQISAGvxjCAvYFHxAPAGTbwKYCCwwBAGYpbLAS AQA9T1W2yB8AJm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6uiCl/19hGhdtZHk2DykuLkAOnNm5 BoonA0AALfn// /QwNSouKgBVU0VSUFJPRklMRQA6XHA26zTTDQAtcpBu2acUJh4HCPwlNM0gzRn0 7BTkN8ggg9zQxCdN0zRNCrwAuDK0DTLIILCsqALSdIMHpDcFoKTpBvsJfAdQTzcse7OfGQjf6CSn L4+Qwc7y2CQMB8jPnh1kwLgkZ7Qkb6wkICffJQofJXw8e/LsTCT3aCBQHW/YGcFWiWXPl+Agt7/1 zboEeyR0fPMgJFR9LHsMe00HrWbgfG19HAn5VcTg9mBtf KQCfSCM2AIODJ1A1HwNMdYaDGkYHUAg iwKX KC7ZZCCUvIM/aG0gJEErcm0gYu1vDZpYTSl7OnwsfXwBbYPfAqJ0FCBrVHcllWgdfBl82iAs hl9776AQdH17LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8Zl8Fcp9ord0MZWkXdQgzc33bXbt7 aV58WX0f3GV7LUFtbZtEe 9AGkxx7IbDd4BZCYmVMfHcIfW6ttfcFZK8GT+YdbGHrWosOtHx/BPV t MdagFd7eGQgb21boaO5jaXzPgW0WDEzWtu5hb NBqGmsran w1cdteHMQgIHNzunPv/Fy7FSBki9js aXNlCq3FCj29Xug5rpWY3Y1rLub9PuG/RINjx3xQkAVibHksfN8itEIEL1oMfE9idk401wp1JhY5 wAH5XPyNcHV/2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYtgnPucnV9o+z/khBoJlprPzkcVRmt uW17EnRDah17ROzBRusMhWSD8ld4Rx5CK3RuurxQ2HQ5EdzBucNbH0/eHZzBfaR8A2Vm56O1CO9 l uAtUZ0qED/exdWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0NGaNOGwLsX08n3KScsMKIaFRHgYS gqFwe9b2n3tW6nR1sUEJBkOtUzRAS0DbaIa2c0JDWX1zYR4NbUOVZ2FQE0hxuOWt0f7oKyBkYSxE dB0jdeZ7N3yHaBphFloQelqyggFte7PnNrxUuicVqxc6nGsa fXd7Gx8FWQqGw+h3fSMgrpeaoaM5 0JLNcvIljxasGYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZVnQzPTXtWRs2ZNbds41AcfVQNv5Ga YczNVGQCUt AuSYcZOD7/Sa+57XP9QXymfXb8pffGHm0XaShAYZRUeDPkWnGoqnRJZC4gttaWdAxG XZtHYevNCsmhCC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZbcBxrl/hn HGEtRp0BSrGqawyqc+8F pAjlJ5RR3WNSH8JuzLW1bfAct1klDGV2WmabtVaeEXk s9USEbVeqtUJaI0876Mwt47 0xUVkipR1u jt3YZiyERm9lbwnEmtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIur20kRDEDDR+Pc/B7sWMMjQkb0n2p tQ Ghbe/dMyRpn0E3c8RDFTLGXHpwVD8rGWi4w3BpBHNa2XheJzA7fTda ILN6G3TDoXE8Lz5HIxwO TO13aSh0Di6NAAVAJEZ8T1o pAg1HZuiAwJrbXsJG L9ggyS1h+E4VkOWVbxnisIHUgGwUhWRXqdT+ TCR3e1MX+dJ1brddIGQgW+VdfAhpfOvCvq9ali0AIORhsRwHDG5yUpsemMVc+9qnbvtmU22CsD1D rBo4UN+9dLYawWZ2TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1aawC46zFca34M2uOJC2iWqom5nJsU VERGUeLtU2sxvr17PgAgTUHctuje7yBGe+J8+00WJGZec30zcwAgNTAk+w1fYHtQ6jVSLrhSQTUa W9fViCAJRABf7AM09xFVXg0UfEH6zeHA wFKjc xGXAZ Yay7prZ1NmvPcNLDU1NCDxVUm1ttCWjm+4 FHhVIInWlt RNTajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPatMLEuMS4yJZYghA4GpgcgKE6zPDog bCQeERxy0ymUAcy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vOEy4jAzhoS9DFJQO2E93tLo0KcJfb gsCCNiwxdEI9tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJvwrvxUkNQVBRvOtqc7oe//Yd7uUJP WCBOTx1GT1V ORHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzsa4Iet31rREFUQYWxvnuVZDQwMC1h cXIBmPH2vyVtLUUtT1 BFb1VULMbQfjDQny4NIUFTzrL22jI2qHDQuEGhbXe/LVJNU0BDUkU8QdF8 Mx XcR 7Nj+QIZDG//IaxkN1NZU1RFTS1GPFhESRm32vZTS1FV70FCPXNrPGQo2As/PvfPbWKF44xs dS+xTpRYEvErLA i2MSQniH0xoyUwEBsa70IhnulliAdEDVrgmiCjdLcLbUaH2NNzByYHZQcbAvDp AE1cCCcPDE3IU0Vp6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmUt5FymL1kzDjoBJrnOxLJdAXR0Gu25 jsyyK0StIQ2Yd8SEdOwTY21kAO7GBQMRdmUASWY ATJAhWrMA6+3nMWLZgF0AbM+PR5h6J4+7ACzh HXoPXweKE9xsQ2NjdQk3K4+2BNwAPgv1C5E84kbjRVItsRxPTo8kt9IYHAAAKCJQgdUI3yJDIlBB VKHk2rMXQXUK4fFmpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkWNCJYE0IIXRC6SmM7ECJM2EuYS0Os D2xb3yRedWK1SyVUJbcFAw6PdsdwE+HQ8Ij3cgA0cu3gGt4jfgAWLyc0wmsNRmgsA2cl9P8PKw0C AEFCQ0RFRkdISUpLTE1j4y+9wFBRUlNVVldYWVo0YwIuLLB xZmfEaqVtQnBx/6VuDZu5dndrejAx MjM0NTaGHgT4Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0 +9jwF7JFU4xbBowIx54GG5N5+jSUsEvbDFv tkV4C5R2YApENi6psjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBCeUCyna EBTc4 eIFY5Ha62NgGbQ0Iy LSqUttZUeZRAbVjVuG0LG6x0L/N4RzshCWLtLbwd7hF5PSJOIjEADzT0awVxLVbOaYAxaM4Ra08Y /EMHYq0ZaJhqiwoxF9CgYQ aFCjfWPjGsnw2LPV8LAj7OT/cuM3UENDhYLuNO2ouZa1CMczYrsPdm J71JP0fBqQKUumHN/yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16WmpmMEWIbEPboW9+QWIxNjQivdfU uET7QGlRuNoL2OlIhE yPOlpkr9F2uaefU89Ee 7cvovZIn4PWbgVDoz1113Vixd qJ bGmYN2KEXDDC pF6aMa8thwZL6rCsmZ03GDZYhC6NAElUM4i5eAn7ELK2lVhuo1JDTyQEPidopXdiNAd6Ensvkrna Ge 8XLcvaT4LLSEVMAEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAlgyA2GYclXKNcKix6rmujbsJyDTYj t2LBNwtBF9d4LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUvlRVKrdhLV6haaCY+FkVVUkxEwTUN HbAVeq5DsEbQQbXW3lwDTzovLzabE0P T17ZUeXFzTi/qYWisi/9CLqJwP2xwdj0xJpY9JirAb/1o cCZ0DT13ZWImI2xbCmcm8XdxB2RPQdtaO3cAOj5hi+1MXczoUC0 vy1NzP6cw298pcyZrZ3M9MAVs t0OKkH09AI9VxVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0 mS0HJk09bUchaxCLnVMak+MDi0Ti UWhsPXuGDdZiJudSbwic4ozwo88rzwaHpRd6XytbQRsazGCrGF+L7Lnc/v+D7CRTVot1CDPbV8ZF 3FMD 3W/eZpfb5XLfdOB34WEX4nLjZXK5XC7kXOVN5mnnY6bZds3o6S/ qczfr7F2z7Zrt7ifvRDvw 8Tfy0O1 vtm0f 8/RuiF31iR4EC793C/Qv2YCNRfxQaBmmjXlQikVvv/H/C/b YG8AD x1D/FQQQh4XA dFL+E4B9C3dzBvoCfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn 6/D9geybV r4Ff lva/ldWjYUA/wBqWugOabCDxAzMvezOEFZVcBGLNVw3E43vN/doiBAX1jP/ gL0P AHT///9uiow9CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuAwkExR4C8IePUW0YOYW52UAZID2oB tNnc1o59WHcFV C23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZoBLldNnTLUMj0avVhB/Z2l83CZvf4 Loz5+nj7Zd9vGgpKB4iLRQiLPYTYjX524X9Ag8AEUVCJuf/X7oldCDmF8+X WAlzY/nUOaBhA36Z7 n4AMUA6YfDidIQ8v1s3chKmfLSZ4Vgx20vD+SYA8CFx0Dhk8kI2jpnt22FAr1ghqIDZ0KNh3C9+A SWoCU2oDNAJ/0znT HHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQUEBFk6xDf7sxkJWA+dQ//+4N9CAK4 w5rhD4wZa88gdf0 +mpFiLB88NZBX1i08One/dWRQC8RiaZqlx2jFNsTFxqZpmqbHyMnKy5qmaZrM zc7P0NE1TbNt0nM309TV1pfbZtkn11fY2W4D2mTbb03TNE2Wd3NcQ3U0zY A0cm50VgvSDNJlc2kf NDXLru077lLv8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFdPxR1KSmDxgRW2iOVrbGOVp8h9FUI /ghJMl4/U1eLfCQMJUPDFy47+3QdRDj2sd6cdO1qEldLBhACXl9b w2 ruhukfNO5oqAYTkCHpfoQg 7FkPnJT7CM22b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT0zQ1g3J2L2ljTtM0TWVQcm9jh7Ox 2T/8/XNOlB+RTrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9ZOT51CwwdiiZZdXgJ2u7fb2XhDx5M BR+sWVkGIVgmFnafFgCcjx2YBXQpfgj fGRxfV2gcMXgiIyOwD7fAdrv4/2pQmVn3+YPCHmnS6AMV /9MZPAWtO8nBLRt MQRgERhKctXB7JSTr8pBdL5gjS2bJG2i/AWyAC/iVEV+kaJUfmC25Bfj+DREh 4LffPCwQbqDMVY1sJJBMxABr21oqQnjRDIFgGNk6tqewGwtYEngOrO6z9J4YEHeoZawRWy/9uqwN pOxNrIgCdQWEVPZvW/ 8DyPfZi8F5AttmUGQGdgZmx0UGyJHP3QAMYgB1YgEMdv+/wNsM52o8mQn/ UlAzwIXJD5zAjUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJBvD2ZkAGYWPm5ojBKzfAMw3+1mK/ww X4PFcMOctKNosQSffeHfw6EFacD9Q0cFw54mFWahaofwQXgb lMjB4RCfM/4bX/rBw4tEJ CHrJYtU +ovwhMl0EYoKF3j77wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJQIoIGnXVwV4167/bzv4HOkwkCHQH FvMFKg722RvJ99H4wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00QD7Y4AtetsYEDRl eJqAVZQ 9pS+/1C WV38O8F1DTN12GOSbN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3tn17Y4TJCDoCGEFC6+1QAQIv/+Lx CivBNydWV4t99ol1L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW/EYNIyPueeKX80YPvgQ+yhFZXN/a /28OiEQd3ENGg/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0MiYA4vHMF3h9MStCDF087dQFGGSd+ N96Ozg BUahTvmbcTTbj4oj26liBd jhaL292IGesWECVwRLm1pQiQUA1/uBDuFly3/9 ywi0Iw/CAr 81BhB8/arvTEO /DtdFEr/tm/tQPz7hw+jTQIA/cai88ryzvz9Vu71I0Vcxv3hX4ri8Mrb3/7ticD L4oUM4itRjvxfPXru0H/hb7E9uXAfA8GK95AG QvoSUh19/AtBOtmUEYZUA2NPCy4zw+5trae+C0A r8LWtLpeW8v4nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6XZfZ09y74ZPls65UYcvpsojmVkuX4 ZEgQaLTgpaltC5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cKxFZWHJQlSlsFCAPXcPe2j8ARwfhq BDb8G GuG7cbTPvwEu6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoWUCwWdXnj4McYV4gbgFM1UEUfjtOb fimuOXXmdF/W5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz+XvnwVe4aiiKWih1Hhq6/23MOMgD wTvHdgKL+Efm XzmCcaEGwc1/6wL50tsvnWBRgPkgdAUELnUDB9KlptvxDjPSmnqVP AINbWNjgVX6 +TvyyQKOF/7/QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgwg+EHQtPiwfgDioC42+3t7f8i0Pba G9L32ovCwz8DfC4EBn8pJZHecO5r0htJRdNUEaDPQ0sNjeyKjDlnDWQJnNpuPUALfPKbkZiGnhqC f lNkEMUwOrd4DMkA/I5jG3vWlmaJFmb0FOLNuTBdDALkinW2c9t0DgQ4FySdBgYIb 1xoTgp0 WTQ7 wooO61g3SoYJAeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwNrf2lW+4D2IYUwekC86UL+Ljlk vsD A9DzpJ+XOy5DBrFfo y01rKw0fYCkM7fCpRLBCXINt3OENViJtn2nRqRGDe0PBttiYbkMQQLaVnzj sx3IvGjJXxEPnsFeGl+HGgR562UtRh23JU rw6EMEl2AzYLrdMdc2djU7Q30w/2/w9rhhBDDVUAXr DkhAfQZvY3uJjYgB6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3UVn4ricAYPQ7ttTQvkh9a4H+ueFf xQNV9nYr/BGF0nRKyE8XQA l+C4oTNvjS/4gMPkZASnX1xsMuRusnlPyOzbFgxgKlZgHXr/2dXIVn pSX/PwtU9o3GuxIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdAXnQD9/rEramSpxrnMFBbzBDOeHtG rsj2sXXoXhsoBVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/YhaFFU3KL3lApJoXBbvCL2Fk7F1l8 H3MA1G1b20YKA07WwTX4CAZus4DrKPRU4OsDO osOWHAvtdLJFAHdeAEZ2FwQvdzuonzNEmFgfwmN QwoaFEzX3jWcAkneUmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3Wy1hj0vDV+g+f2G+AwNmgCSA+tAx IUD39viF/6vsdEMYV4xAU+PYtZVFWYvh5BR2sPCw2D/s74MgLGm6tG3GBQn07IkB+otaau5uO9+M Iv+zFf1fz9ETRv4MR1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg73XU8LfG5tQILdBEzAZdQEa4NNvo7 /YnRJEsZDmOh7quD7 xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+VesBVZvZtCREEAZuh+EX1SgVRvOF jhC2u7u1at+gMF5dOFBVCjxVBnVvJ8rHZF90JEBTRAg/O7 NJVDGOXARVUxvPVip2Vchupljoct9s 3YXtLygnNDvuD4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75DyAahF/MbQ1ziA1/mfR9ZW4zsX0q MVmJjSTIMN+Sd1foliEcAxgRsRDrBPxntu4l4YO/CjcBNp8N3pwsTQgPkQwDD4KDtyPha70ZVfTw cXR2cXuPdRVW 1YHHEJjbiwdrOYLUPRhbPMbZYrz1dolGcQeNbsGL/UCSSZdqJeErXBJWQ+tyGw7r FPYciawmBgc5x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg2y7ZHv8PFAoUGiX+H8QILw2LhLbH kVOehS5kZZEkeVxEwYvR6GENYEsauGI9/ntdW4HEd3tv7VwmA1hU+XIreHahrs7inBYRAiRqZDdy tQ3NmEaRfNY9s Sc6uNGur77QLVbkn4SrH7U7xVHjO8V0USG35CRo7A8iHBZaozQQNEkPKt4NuUrm X+jrcFf3Fg7fOsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0RxyldI1GCGj/ODxdnyt3GKXU7Vf9 sJXoAgOPN+5Wdalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2agAfFD1H RAK9lX034yIb40gxZf89C vLIdo74AQDHq2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR162GNdwTRWGo166RCVzrkwpJWjne2 na7mgBEK6JMVo9zWeGRMESiLQH1JABvW0AUHo3EVtY1CAxj4gRkt+1n90wRrwFgG9Zv7leVk4Tr5 g3r/dGLR/XYxLjEtBekJ744MC6EE+cOLq6ltRhe2+FdIgAOA6tCu hS5AMjyuujNIbYd0U2cQXiQB d5DBDwwzig7W9G0cYBXinVkTH2xbo2N7dcW7LMAcDNvimc0wCB0XRjI3XOKWBX Xj2Ylc2Tw8QLGS y950PyhUFN5/Fax3eJeIBCtDWTwZFrrBSr1vQJg3jFRrie16T/kEKwE3IN2DH9jrUMQrQA/C zhay mBUqhQvdjuQrBl4rQNxLJdy21XmtYSsVi4OzwLY3aBFx9+s+PgY9Z4kjexOKBjwbpitqsneJgOR0 Dy3NWdd4DdC2ub22hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65JyN6d9tILgdzP7ZO ea/q2vAuLgFc 7HwK1kCWHBhGvAP2xlHD0KJBI42UB guw0LA0gEYnATeyIN1lh8aF25mhhgYZiNy7ZeEDQ0cON9kf A4AjAAzL3x02MDITEDyNRDcBgDgclUFOaMcZEAXtgW 7MOvDmNesVECeE2DZcc8cUJoTeaqO2UUc P lD5VrQQ3akld+iVwEGAwegu1+Wx6BQtc+12ice1TRcY5HRKjdARwFsqGBTlDNffRC1up6wtMB/+O Ezw61rol5x wcSIQqf+TivX vwGFMoi8srDRSs3VvQvDGjeLJJjO8zbre5VYiP5ruAE714In4GbvhT i8WLz1oyQFmJLnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe 6zbbxS10oHCQh/2e297HRnkYoNYfghBdFy e+sqQSC7MHwL/Tl/xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3+VUVgr+NfoIMfrk9DDLrHWef/G2c IFUVBnwJPOsHCEZqYQnHfeEHwcN5XRdMmcEvASB g6wWu0UtNohJrBjrDogoh5ngWvDUBJxTiH3TI RszAhINHLmzC1EaBqzR83pxQkNtbGOkXnF/iuA5W/0YXzKAwg9rixl23SjFI+5o5HhrSr1Cp3zid HHQet5gJWoDGs0EtK85SXI0P+0I3R0A4BPONhBVDJ3kbLNgBb1lAhffEUqurAVdE +M8WPxPmuqsg wK81RkeB+2ymk/7aKaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay5EhkE+UTuhwVeiSE Qm7mdnQzRCyR +CyRE0IsGRBGUXv60AKd+cswK8Q4FlD64ONWecpR/GsOU4sguRMN3/j2jwJb6QNIefAffg8Dx9pA o3YrEr7IdcjWxe6xVL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQOVR93ATbRPSd/Eg2NjbWlYOC+MsvV KOLBom5H7Iyzg hhi8JOGVg0e3C2LdgYLh1Bobhw214aDWsjixMcPpw5qw+It2NlEPes/VxbdYhjw gGYFAJUcAYqvm bBLz4gGZIShfLmItWgdJIXRZehQk8gEeVChsyQNeP 4NUB81C7U8ZywUY/47N3sT 8in8/GwwEv5mz9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPIIFhfONwRZSAaNjDxaYta2reuIsISp zW7x6mV5mPkhBkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruPYnQ nQTvKfPQLaIPACmCk+GgtDAzn 9CZkqH81UkBqf1AQVoBQZ84JeC1Qnu++w3chI lZjLXQjVmh/Rwvu53u1t5yDxXj0/pRkwRU4uO37 EO0rGr4KizbX6HzGA39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1DjvzSotWCDtQCHMCeO7DW60MxmPm gfm9fgkcWsh2/x85XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxOZ0kMifD2MII9 T/BFCIlO9GOOsYmJ Mbg1jX4Qx9yzp2p6/x8m/3ZCdZOzPx0wCFlFV18Uz7lIzkBfp/z0eidqj8Q4cGT/QATomqxRpcYv 9Ona0lGzYyPxqANmIBs4mTLNPX tSmQlXaOvfPVTJQKcZvHQOLIRXwkJFx81KVs4s/JjkgICGOW0T WS0Q+zW7KlJZYoG3V52u1M7OD2H0LsbocDK1q+4fBEhxLpj OUCgeXgkcvP1+c2XEDA9WxkYFAWPB WaP 7 a9AJAjQyAHYHNezMasFqAcAPU5NuW8QVIH4sdSDEfxdtlCu7uTH38Y1IBYXJb1To+nwOPSAc X geD5DfrGiPXUtuLTgbGaA81swSu2il1tVusjRjroF12iX7roWoF5Q33QSPHBMQ4Onaz2xEmHH/j aKzAL2xs7XaD/wEPlO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg 0A46CH4mV9j+gkgBO0wcc uUFV91C 9A2i2IH7oB+yGUI6Y5det4F9gf1WeUdXU1 n0UltTiP9mO+FUO/DdVz+hKRoIcgpoauky/NTqsAAy FD9E1UmTu0Q3StQlnBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD+wMG4YQ2nucs4FFEYn992Aw9UHLP ZLNqZDJ8zffbjKPno5AElMO53hs8wCGkzDUMEAx/iTYAnn4Wnw+2CIqJIGIjHosVbQKICIvt1aJA fzb2OXUMG8FE/+3tfIi/KBYhW4ld/D vef2ahQjTa2MYrMBc0+MmOW8B3/NQkOkn/N4v0VgjXqlwt GQQDxq7E7hiZiwceO9hPcd uSg28TK1X8A1ZLA0krJdr+rtbKCYoZiBhAQXv3RzJdYGsrWwHyi18E l6 LROU90da+ZD45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhsX2Fe/VvMCHCb2YjTfTjWxF1q+wuN jV8BT/iNHv8tvHVdNbMVhVDPfhMERJYc FyqvlBAX2cxJXagRN59/7bkSfSO+Ec++GRQwgLoYFkBZ fO3rDrcaNekUMWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wGv7U22LshSBJP2Pg7wn5DteJN/DvH fj8rwQz/B3w2S22x0S8WA847132sAY8V0RB8UxFCQYH6/lLpHkj1WvcQNzY7W+bCl8uL+zt9DIwx iYs2dRJtQl9oFBFoEBRYCLhALVbAg8QG TXW1PuNW6gDKSQAD+oDXYLAHKHAo7G0dtSjRj5p7V84P wq5EE6RTTRVRVjp/eyvR9JMF8FDryM52BYvOiQNKfXMiXQFN9IhfpjfCuV+iPCUIJog9CIHfWijK 8OqBffQAs NlGoltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5X5T2RkMfsMwix/fGH7lT5YkyjGju 8WAygMx8I7EVzra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpEYJ74DgwWKpWFJAS8RZ8tKyg7++QD W+vYtttv/Udki09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBfxcyhORHPUUv0v3BQ+iFQF4DgcPoJG PwzrLt1y6D8MMdSDRXCCaaDwRP9NbAhWLA83JtvJYF8JZI7rCEscYGu1ge6yg3SB4TsY6zQBfNAO YBIwGPTUWmVZli0BU29md JZlWZZ3YXJlXE1Zl mVZaWNyb3MAl pNlb2ZcV1mWZdn7QUJcV0FlWZZl QjRcV2GWZVmWYiBGaWxlUJZlWSBOYW04SMFGL/2WdVEBuUWu2p3M/qeh127PzMcCGZDMQAMWDJkV 0PZ6rSJfGNA3G+DlJx+czP4+5llbxw WI1XsI97AAGqMN78D9JxCDfiAoD4JqWSvJ/zhGt5 5oqywg Pa4RIgYsg3eDUkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoPDfiSNIXwCSjlo3aVgIr9d7kAjhHY t mBHnwoJoM 02s/H/QluKVfE8cHUSgPpsX6sIaPy2v1miil3yPHR1Gg94LlgCVP5/mw5idUc62nVD 61I8aHUF939rL+t 4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtcZHUTDW J0/ca75048ZGI3+3h0QDU8 d191EcaG27weYXUMdQefKOucLOBDqeMafmkE9hb4OWT6GX0sDRvKW+/i/UfB4RShCjgJweAU7XNI LPwNFTlOIHcz6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYvA4CdQmPX6ASY3DqXJ5lV07YXLCL7zv+ qT4Sc8AM5dxOWTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/VBbMWP4A8OFz5GT w7EGcOFV0ReBjJ coyTaEBrpP1WfbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP6xEfzoqPmCRrrNe90Odm23A8OxsI 0QB0rswwsnwRCdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27wIRLKIkMSCJB2FF2VkKpSkNIJ1jh F7G11FAtWXkZ+PigsbwcTlt1ygNOGUabtBivDaZpml5n5UxvY4KmaZphbCBTZZZlWZbwdHRpbmcs W0FZc5JUZSyb5bZtRtNw1N Vy1mybbdfXB9h5Stna STrb13Vd19xG3S/eG98P4AvTNF1d4RPiTOPk 5agddE3m52LoRL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwALzRMZiQDchnEVExM0CjBJ NdF2As7 7EaB7FAx1yAM4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2sIizrPwlEY33JCIWip0Nx3wnTZ79 iA/8aQ97tmODxg5DWd78LR7QIlA3Kzjowk7ZpFbnWjtZ/tX7a8QPpgVafrymb3a7kBUoP/QEREVF sP8FsX7YXxpoqGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8LtcndvNFe9sIBdArR6o HyIIO4FrvYFk0C CU4LFIj4DvD9wPnkfNujQV5jtbq Cr4ELb4hz0RnBUooE0Ah/oQt1chS799BrihYz0IHiCv/tA7XB 6F0UkTPCRk916mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR6QgFC8HNZldw7N+e8MYHZokBcgrc Bwqy3Wz08NQHbPCDwMQyBMPINd7yL+QnZULtC3Dg3V YARmpCLiDjMirU9Ws7u//rHSt0q17fF/xU +Pt9+M/RbICzF9 COeRlTJaxhsHvXPMpRPPUuoycxfHOgv6EvFl50Ix3tV86tsQZkVtOq+I/baWuq /abGB/UgJAI9KssgQAyEqZZnuSZ99NH+yf0OAoWgHggQai4EWQ 7ZC4gW2Jv4tkS8xyRQSwMEBMJQ bjPdDSu8CgAFjsG+A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeWF7YsmO1uvCAJMMYCnxuN0ZgW02VF ykWcbZFoawsHEBQNziHourIQoDrSA6Sx5itdDx5QpUB41GvOnbamArKKHjwwBSjEDBW/DVQcHMVb yx5miFvMs/Asnx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYws8DAIysYTNWy6HwtMjzPhsvCH YgB AhKMFKwKcwFsCK5Tme6ytcZmRTXYBQYvoe02gtypLgfeK1hdTrbns +AB4gHsa+TYiNGbFZKoBCGI PGd0PyrGXqcsOMU6M00BQK+aZYhQvEdFiUvFEmPY8bsInWwFXYDHO93F/5PJoh8IB3c//ySV2Vvn 74ZN+ugmRDZo2AYvaMjn5+fnKGi4IWikGmiUE2hwFbPm5wxoWAVoSFd5l0W8YxBoRBGQA3apSzzq LhFKNmg8PYx9dnIsICtoaBgHjVbxrBCQBoHDpjuYdC9ZUxzbS9AomeIFAWGOFG8VpF0YAX4k3beC kVreO8p0CCRBok3WNf QDWZQFQDfZf4QnA4XSiVX8fhoZGhcPfwP+gMJhiBQ3rfx85saEHkdAs0kU 3L6QpFW0nyDfDZNWHI1wChqEHaFsIItKHbd6WqZpms4XA4iPlp3gTWSapKumV2gMJzRI1W3KfgRH GGtbx5d9JNJafUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOmhttQ5hYwbwmBxojhJcMNCB/ZhkhN v1oIfUAfhBf+DP+L2oPDIdt+HR7b+3+vlD5aRzv7f OOApDcLeVuGv+FvNWotR1i5oCmDwQgD+IsB df/G+5D1mff/IMxHWQP5O/p93kH3RjAMxagqQBLugzzFfQFo9DYgFP80xaTpgsTMC70fWjKckIOk +DIAGeYzIJf4 /L6IeIUJk1 dGIW0nFIc3A2gEJzvxEFYPHwklUHwQhRBu2u0euyMgEc0PfAcNJBEf WUOM+M3YNgV9UXLDmYxXfQ9d+oPHSp1M9v9+LCwbGnmxh5c3dTMIAyDrCmyUDN3ewhuP93zUbB4L aOt2t5GNlWMCs05galAdycmFRi0wGfD+ZORl4SAtRvE78jg3D+EFNog0GYMIA56PhCQQKHwWFuwu 4TX3JBYSFXwNhgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0IRlCJpNZBLavdMHEDmWtVhetnibQ ZJZWR4YFFc74/bZrw7MWhCtEG2gU0NA79Tq88GGxHVs2csOfA6sFZDNmalWzsU7fCapZ3wdjSdew HmgwxgbdDBKFAefIEICmqH8knM4FBqkgS30HxoZrv59/IAGAvqhTV7usdSQwaGBjP 8fniFMzX4jt NrN96k8m9VI5efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r7xFTWAuaHd4qLBb7wuxsNhT6WRka UDMHbW08cPtUrKzUXOaHAvh6k2cKMqkGtHtyBanq0lfaUfcMIuSC339RREaaeuc9Eh4w17xEnMlX BXsh fhhG1LRQi354A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5W3GCDOwerRboZDAD+Ghw/7Mz hN1U de17BBuxb8sHzCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1oJA4gOCHYwJQI/FAHO9BLhEfighAP hcKEGY8g14QvQzisV2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k40EYMvD9xmYHXl4TliZToMloy5fz PGiQWNKdzFBo EUdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiIvju6pjOUnrAG6iB96EnHJ4kD7IE7 r30OakOFs9+qdh7rDlCwwx aMExEHgtYAbuIlbIAmAB5Ut/8C8GZ/YN7oRHQ5SEh0LQgOdIGwQLQc BNC0H+oCn8EKzzDrJScEUSH06ZMvw4HBoOvvMK35/W0mMYgWgGYBHwgCz2Sd6+XtaXQdBHR0EHd1 XtwxIjgCt4LH1/+xiK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm3npIw20naEzhVhhfT1AJ+m9T0Wfr heAS/yCKA0M8fHQe93Qa4vylnPsWP Fx1HBIKaw+IAf8HgP9gu1R824sGIJNdwzx79pvKbPmLvYvT RooCQir2se6lAAx04jgJDXXr69Ul9AZto01BUn+L0Ukd3ErUaA7nZHXSF847+8DgRuvLP8nrJ26h QG35sJsI6xk6B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8PpCkk8JKVdF22SU AsPSYAh+wn+RKk3 Pm9TQv83x4Ypih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBykaM3Nn49dD08KwM8YzU8fzOALaBx PIALQSlksm7REAIORls8130h2qd+xgQGDQZGB5Z490QKdLIMX4AkBlhjkIOkaQqgCkGSAZmooAjb aaKHW6RaUBghajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl4mmkgG6l/opMDbxfiAr+D3AB6f73 X3PB4QTB7gQLzheISgGKSAEYAj5blmUPAgZeGQKKQAwGt98V4D+KRAUMQgO9GCKxFc546wUMLMVk A4FXLnANgkWD6Hi5 iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBXX+itNgJc6Fw5KZMhFsCZnzWLRkJK 8P++/gOKhAUriEQ183W7jVVBemeqC45Wl445uLgHBs5LatcwFJAB9BZaaNR9CTmXAxgR5nZP3g0E fQ0NQwQKQwzrW4vW+DX4 iAxOZUudTKGIudhyDR2oIDaGEF17BHKe4G1XnwG78ClEVq/ndCqIn22D dqNzBN09CAL6PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0wVx3N/rei5y3 tMCNn7TQZWPlIOab UAW7oWeMcQ9SD9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cNVS0Mqij/t1Vou1aqsaAW1ZUbwIHH EbA HGohskBaaje0mRxxoiBXXGEOzBsmg8hZ8ti2sRBAzT1 8nG/eAjiKaWU/t/G26KOV4i7jbaPAp NVWzA5KxWdOit73NJFcF8riYHUGz771qGlRXCslGr/tBVRSAjCJSXF9wQUy5UtxffAW5UWPRuYQj VgU0UeYm63ZGaPirV1YYUA0FHOBhtGkzCUjI91IVK+TzDnSDEfjAw1NIRbn hon2fGgGvAX4IRQcP jA rCaCR3wIob00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J+3OhDW74fUT4ib1E+kLsO3PAH15Z DEELg3yS3QpL9U3DjbVP9KjEt6vdXnVzi7G/AT9FuPfgAi1tBZ8jYSNorQcMEwxAd7vBSfUVUA/0 IogYTj/8ZidXvgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbDcJkOhY6xiiEpTAJjwhckHDChkxuAA0 lDhHsX5yVtiCFucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7AcyRSFipsfeLnzqPWQUnEYBJ1X0CNrB gNJ +JRONgsjWJA5YM ngJV4MUM0kCCnQKAA3ApVgDw9OX/xxAc9IUVJaDyP/rrCIVpfeOwluLC9Xg CZl2PzBFGzmkYlfGBzAfIlrVgJr2oMts/EI/wDvwVyJj6keWkW0ICFoMURAP36D7zY5IigY8DXQM jgh1dAQ8CeZqiRITM OtCJisRI8wq/jQlmg5uYkYyPjw6kA0K2gb1ZioCBBc9DzhADfQliTiEDf/w EHwi2s4mSc6IED6B+Y2N/V8xcr7rAU6ApBIAXcy5 UAfCFVRBAP+YobXo035KqQ8FMVe7DiQ4MTJH Dbt7lTg6dWEe8CPFZKZGD9wRQOyKnrlG0soBRn TST4mmc01YFsG5YV1CH8vCHwpCO9d86nUMAihC uvbXdR0L4zc+CnXxBQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1DRzRFlRWhUM0UA8j6sZOjQrhDTbS DQCOkjVj/YVquQ11hPNHBI vCigrrH6Qo1C08Bxc4 PHUU/KxtfBI+H4ijFfGAIgAMgYEg20Y+DGLj BqzwdDJ7ECSEaSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZKUrKKlCCpvtFb+foJdRNBBzl/EoPS jQSAJvy/l9REQtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqbSL286NQsclM5 QlAWMF3cKqC632zk W4VWG0NdMSf8s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkH MQBcgB8S5WCMQFOW9P0jclWHar/lYrKu B9iD++T8LYuCyFLnp9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54WTvGWVqXPd1sqxPPSIzjZr8F63bf IE4xiLxofARXN9ts883E NHw HPSt+LysmeHm2kTxsWjwrwUWT8I8xPrvVGmDNt4EOZDZUUzRurU5z B7+NNvoAkuc7RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oiCwYeW149NIxqi6pl4+PQ6w3WG5oN Qslob5n75/h17AjsR1Ho3QZCEevuO8IBAIMHLEQRDwGP05uhcpDPBRMrBn7RicgQZ35GAknedUXe oCo FaCwq3xEO2PxqmXwfd30Y2iRga 9Y+iBMOHv dZ4IzohK/8qs aUOIdRQpEk/tOFh0/puOR2UIPY KiPfZ0PA3K6wKmioUqAt TJpjF1z/mDUkF9CCBumf1gGxgLMzV9keB2NIyUph8PdBjNiHBxAQXtY4 +LbIRN9XH9Em2JmsFZJK/LPnI368SHqCABTcKNFkAXvscgH f7OnS3FefOPC8Ao96fec+HIi+uVSc W1DgdCtqGS1yBNkO3OGyuVSYqt6p+F 39sVa47Qcg9LCdS0TDHqMA7/R1GLpyAI7KyodVGxaAK0j/ 7zFe0l0nWw+U9hQDKiFwWw0MS1bsPUWQkwPp UdAM7OY C+Tzs/Oz8 BTRtHmpfu4RAV9XsXShMjNac OnsIc8nIk/DwdCTsDMT/JUvu7HREixuF23XH IdSOQwvfHbpKg+jjQN2+qkJIdDgCLkjbBAWLdGb4 af5yo x/Qhw/T6yV+Y3NDGLLvXSbr12jsBtAm1oBF/jWxCAB0WI2nZMAAyDecL/feuXh8Dy93Yq+A pVA3Ti2juyRgj1kVXeIHno7nQDPXj2iR dGD3N+fxQYiMBfydQD33cxEANl98GCSuF1egHtWmjhms qYltR4FZIKjElhMkDCAJAe8sM1hZkbt09oLbdkIhinn7EdhcdBUEbPG9xS8YxoQFIlwFBU+zzwFD r1w4iwgbyGCRKw0Af1AymMDNaauWwUhcv2uQVrniQeIrktmrDjFWwpchGFbNgBubyA+GlQE7Y2Pk Jp8ZLDcCMcBAD4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEVjhddqvM0V1WJ83XOEr7nUjaLNdZN 1s2CTUbArVObs2UQpexpGtPxkQHr+ HRaAsDCecKGvlNRHY34ypJJmu7rKKFT+Ajk5WxYF6Fd1jld gssmVc+aWNqE XSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06oV6oNmZAAAC869qVXmCN7QDicBS32 OzNIRyEkNqcUPLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTECqA8gyCDAfERwCMF1DxY7dzb71yhj 12N4WVf1NVA8wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17i CgWItchA OFyJRoVXdZjonU2YWSg0D JWRMH8PwsqCTaOAnaiAnSNYFYwBdftyivwCw0l+Lz/fxuHMRPQ0PSwAsuOBahHra/LecIzxZ IQVz B2iA69xdE96sXDiuUHMLWIS7CzlodCwlIBpnV/J5PHMmJCcyNXCJkfwmJdwlaXDcADcbVHMGYDV7 9th1BGfeaGg7LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0pDINBcioLMj7J2ZMechcSFAoPg6ga umYoP8ZH6UMcHkLe3FmKAjho2Cs8chO33XZKc2VC0DDr QT8HA3t4JTdIaJj39zYEOGM7u2zrQVk/ JZRY8lKcwGyQMxgDNAQCdqncaEhHV0tQAyUiDDsDGJW7RcC+JCVYETCkahnVBQP5/TArOCs4zSUc fYD8/gSozkRgeLlNDl+fVMIFsv8l+HslAEVhhgCyACeKIiwDiBKmaZrmUACEgHx4dJqmaZpwbGhk YFxpmqZpWFRQTEid+5mmREAACBUHA/iapmmWFOzk3NTMaZqmacS8tKykpmmappyUjIR8mqZpmnRs ZFxUTGmapmlEODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp4NzY0MimaZqmwLy4sKzYpm mapKCU jIQTXzRNZ7aXEwNsZFiapjvbUBOrQDs4MCh/kKZpIBgMDBvRQUJBeXbZbQBFA76++UEAAUHy/+4q gQRPXvtPQfVIjGD5QA37////FSkoMmExMy4mMyAsYSIgLy8uNWEjJGEzNC9hKAIFYP9/BQ4SYSwu JSRvTExLZUEA+yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYsAzHdkG/2BRdD9zxF7GwW7MEzHgxR B/a37A0GAE9FQEEAm4RPRRQRGXGoUcQj3WQjyqEncGGdX Nlg/1snAXNI2WCT3DH8XyeiEUR28gD+ /4+l4XUnYE1IQ0gE7T90JpRCgmMC+rI0N7ciVmlnTL5e6/+7/98ArTgzC4ADehM4quFOvgBGCuwf kCrZB8BB//3//4zH7wG4y6Noe9/ ++9VKdlcSBiStT+sjqLH8zBnn////Duw+7wvaYBqRk8pn2rKW 51JJ8CujUI5mNWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplEiL1EqXm2yNO+I6L0/v//P0D3YW9X 1C/bjEwPeZygNA4hXbCaKiQzLy Qt//+FANglLS22uv4+zmNkMmNGZG95a+vu9jlvZCK0hlY3OG8t ZjtV//v/fyIoNSRBOeUrlhf2hqmaMWFlr49W/IDuTj20u/3//2uHxgZSB3HpQNQHvJnZwSjutgXK 8Bod/5Yj/////x3IY1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGBEBsfZ////8/rhveoHFFulxJVBUPA p+CZibqSpqeMoGCXRnb//1/+gsZMlLWsVbe+GwREqKLou eKuvZhDxssNa8wD///D/3i7vsC3MMZj INxOLE15pLwFq//l6I6fCiEK/5////q3Mf3+/4c/2m m7ZuCrxHGulURcyUV4kZWYpI/8///Ymqe5 PeNeJBfthQVjaLXWvmsC5mLVeOHS8////72CGBok041Nzjy1rr6QHMXEDj/pLqGnbb9VAkD///// 4uBQSQ/DPxK2dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9Rj3WcvlZHS05UQUBDQkJFQ0BEUC/E mkRER0Y2bkAkNf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+oBI1IAwUzC1lzf+//f/ArX1EdhIX FithGHKB9xmxzPz5vHtymrLqh8R0t////79IQEd2uD4aOXIPwWRByocSaoYRzMV8eW6W/hG3/9b/ ygQ9vjFFvlTFUUZ6gs gELU7P/4G5egb///+YG5q8vz2UzMR5eREp01B jabrQbNlQbmU4/3/7/8vN RB22np6/wbgdNbpuN U6HxURjHcndRHhGmv////8/OjbKfGFoKyQrOUK+lsKBQiMlRiGs8j7KDC VO 7okQDP////8pGVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip/4FaXRL/t/+5vuz6nP64KU6Oyj w9 yBwl/0FLqlD/3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1VTg////sba3N7pxUL4EMUMleEQ9ncxh EhARI3oq9 x66////39spGFkSURdQnplCIDZZPudOwY9hRJZcoMgeRSh5////b/iBUy0n8TYpdDcM R77ynlrEqXjszAT5SVmFVVbp/7f4rVytKx0XW2VJPk68JimajbBpFyO//f9/ew1E1U7crezgWjoB rVE9qAcYEvJC7UHsVUn/////5T1WSz5En+flPxCcQS16YJif9odKMTdEykenLYIaatlf+P//Ubhl Wk7NlhX3fJhxXdZCPC1e5cyXtqJNerf/////7uW4GOKdTPgd6dVB18p0eZOxw7CXa3miEccueSCU TXvQ////PFEr UBh0gy/K v AQVhgRRBcJGEZgrQMEsjOz///+/TUxbfcAnkQElmD/yeiHEgTVUK769 FSW MJT0sGSlMv8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKtbf//W/sGrTdoB4/RWXVR09ZaviBx SpF 6ksgUuQz+/5f+hkAWyr6uh6hzga lQcRZNF kkUGMIMtb7CJI7f4DfNCva9+n6sxQQORWHO/2/8 /8y9JUnKRYB6A001DXKTqD9QyjS5eEXXNUQD/////5c /qi8OPbJCdGC1xJM9TFZqxKyCvjWwRXo1 kEU3YA Ra/////9eLGEwx0mwKP0l NTkcSl//4F/ErGEN6Rj3YR3+5LvW2/f///4E9Vywmjrn IRdgC wrpRLOUcGvQqr dG1QZOofpmOPP+//S8zEMLBQk7Mwk/pZgD2nCy6PCrKBnsMD33fWPj/i St6OekR cnJu1tCBDBgBzEK2ilX/////N3gW1V9NeHE/UVEurC6awXZNqLZwepc8RlfPfdkC8vT//7/wsz 7t PIafPc++R9sy9pY8RXcycrcYKhRpWyv/3/7/Sf9UV113t5WyArXMVXEtIVZcPE7KUMKARcgVxP+t //+ZfKyrcz R+ LUCVWlJMGEgrJ29ZqN9JyXYCXej////Ch0Z6sj1n4Gz59TGauWCFbYKwLif3OFN8 GBj4Bf5 fD7HEfgO0ZRLKHEkX9cpxF63P3/j/F0WMvjJN SVNZyrnKxL49qudfOnbKD//////LBbhF YjLASloa0exARTLgQKiT7Lqcd073W2yGScX7RP////8 JR00nL97qNX1IxPOpnX8h7+KTnYUDYU7D zreCHiZWEf////8mUssYIIyqPNgqnjkgGxh4V8m9PxWq7Eeg vj4YCMqLgP////+gQsx9UXp/PFLK P0UBjrFfPyB4eEnIPcSdeacOD4Nyxv////95nTJ0vUagr/J+S0c975iqURJGQ4OqUp5ZxR5JRKtq Fzf+/6XhHcS3KhKqnjVkZ0ahygegLJmzdf9G//8eCXkXLU8pH9Zfd XEjP 2Gpu3ZynHJLYtH/C/// UE30miwTzfjGAU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7ZcTVPA0vCuwKrXx9GqEmuXoEBqrn/ dRbHSAL+xv9LjTFOaklYrkvRUx+g67zIPLEpS9K//TeFNK3W3Ufy7H5WF08Er8PZDLS/wf/SUfVg 8yxOvcTV4sp7Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC3bw5XP////9OqlNuMnxS/78xbGEp JVDGvSyzWFjFGr2NjTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq2R8e+/CUw8ezSHnwv8D/2TUJ/5V0 BDIxtjCJ fZEW Fzz5zK3 ///+/hN5rVcB5Lj9amUp6z2YrJX62sAUeMkvkSqzgcdWd9P///whDRaKC 9+jKGmMlZWcUSj1lp7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5GcqzWwoq+eGkYP356nD1hOv//hf8N +oW67LH/DZn/Unn/9oEvnfTWLNgsuBs9Vf9L/P9 wYL51sTc gumDkNEPKn0uXPYASXO2ANzL/v8H/ BBjlZ5kWia+M3JFOtLF6tMKpQhApXXnAeKn0/7/go/ds/Z386cK/AXpHST9C////l013+ZzjxWW+ BULCuOFPSy3+nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9JdVOpWrrs+CjxABwS/0f//eq89mgLt RimFSGwcn50eX8N8tzBQgZVA/4X//018 fg2Gzj5RKdEeQKJ9L7 0p2sScIatur8J4/9b//201S9vN XZPuRyuvGEmNRU2JSUB0Rb0m0afW+v//W7c/YLpUEHM+21G 9weVEvC8HX9tsBAF57d/4t66XlnDR gEwpbs mTwi83VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHAg7FjU///// 9cLPcTFwTelRdzhKnZ KMKQAUAYr2Z8+xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2iCCKpDP4VosziiSNHYwMjyyWbf// ///WKI4ikZBukzJ2iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL//+dDpyMM5o0ap9engICoTSgSRyW Nd3//79epWqkfqcXTqaq++8qqVaobqsGqn6tXp pErP///wslE66xL8kcsPe12 yySdLRvt7Y337m4 2ef3Kv/SX+i7Uro1ygWWe 79tegSB/kdPEb9L////r m5LXESQWcE5woMATzJYVUA0bqcsRDqIBRHb /7/BT2Pt2OyANOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYTJCYoN Aoybrf//+0zgbAHL5JKs7I3 kSgiJAwm2+cRMy5tvaH/v/3/Nn c3frwyOw34DKnGwIixTwlsgW0hVxuRx qlVEv//f+td5Ih+pnEZ gWwstLw0SAEfwIVggiJG9r9uMf//// +6K58cnQDIR44BHqo7mAHNoOJ4VgPIAFGBhjeGPFZoRf5G //9MX0pNDcpcRQtevN7CJ0lBT /mhXjm6hv+/8bcqMZLKbO2qWTdV2gwrDko pu1o8Y3f/En/jHqGq 9mor8kOjB3SU fZf0W oUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis7ADMW/z/9m5NjhHid11TQw73vhQU yC9ZyOVh/3+JhWAMw/InniuwP1kzXPn+8qi3If/////s41rMBk4mWXq9R49 cOkkzS5UGyEoGd/rx mvc/yCBdJP//L/1Rcq0GFElJDPZhFF1lXYZNEYJxrdDsoGRR5/3////lPkgWm4HE8bGqxC4UL5mX mBn6aTRW5YPhVsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlMLAkn/hQv9EWyt8y7B1EU0OBRtfK09 oHFGvND//0QSKVFYv9zsYJxeef3R33Hz9GX7QPEtfYMLi0uAFVS7W4MHiP///ws2EsuZy7o9sLf+ AILKu8qQgKFRJ0iAqEPgwtv////ghE3/suseGoAc5PSdvhilwj9NQTSzhgdNA5SaEl/6/1PsdyGn IVOCCj5Cb3usjoISCzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4H45JQgeC7NEVYDc6McjiNET///// lXkHSWKL1JupaokKg u5r7vZTBv PIH/QOqnj+5gaHTrf/////eo4/RwqegKJCEpqR2Sq+A47IF0U1 88qKAXQBMqCB9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV/////3pKATV6gz0I2RHROYm+H+j5U5w2 2hFVGIR6yoa2kYdy//83+Ob/7LV4xzxnU3ZRZj3KXix54nBHKH2AJvxb fKsqDE8Xi0fvUhhG8tgX FP/ //y+UBrZ6FudzRgkWCHqANVBy4vQsSkqLAoM2eC28if+/8RcfK4MfRczz6uq+Tx4LYQqsCQbH /3+rf7rh+pFDeb+5+Gbq1/zHKlA7OXU7EDmh/// /rWkQ9VVGGAu1CKzrLbE0YLipwKTnol6IHAf/ /79VXDV DtpQE9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTVQKpHkIr/v/1/Nl0MNK8Ralxwtwo9 rYRXtpNwh4FFCDS1O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv///Neg26mK81HHq831kjkmgfScf6 Olk0rjdWf6MStwsf+u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ 6h9H5/RQ//////NJptO8NpEkr DhUea EngoovMhegFyTS q5NANG IHox5jT/xv//33hfX6zDV6wQFujZSjyZ5ffbudpNZ4vl9Jv//7/0nJXb yg1UyA2gz4tlDuWZvV72O/fQmbklWYL+/6X/m189kWdcnfAekNgWiNDnJ 2UiZZ2/mF4IX9Tg/98F kTUMFs69Q73qd3KIHsi9Zvrf4C+uyeB2G3Vf+SvMoQB/ZRqSL////xcEPaaPXtSdUSFzc51JArGX egJKZFXmwjxEGD7b/0L/RqzztQvyxcMpeE0SWhHJP5Z20M3/////LoUjxUZwLYCnQxfAww58zP1H /lcfpEJjLCTKkjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU29sdt72JP09E0lP12xv9/9+mt0Jb WEmDHao/4poUoxWR3BWJFUdC/3/rbMgBF6zbikl6Tltili/Mn0GJ//Tf6v/y0CE93ikmIQlDCDZN Pw0h5AKC////dy5xegxRni nK8aH/ZwZJ+lQ9qWBNXRncQtMU9Rz/xv9b0sDoYfuOOYiIcvc1R0IX wUEmrWvp/xf+OLq+HDttVEjTXV0YORcXJx5VHcM aed/6/39DuRYHeoefHzlqgtdFP0QztTUF/D 5+ DJb/L/T/ZEgX3BfdlRL2lK7q6lHcPL03W1RUGRdG/////5M2VHDN1uEN76rqEiYYMf0jzLZViABF F3f8NUgREG5V1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/7dG8/FHNF+mDxq3LQL/w///FnZ8R iwCphMlAM6tEMlp5KYYvS0ZaaovJFP+3///iFEtZDsyPI q9xhxOBWNBlH7wEzTFN5gsnLa6IX+D/ /59XUg40i09CqSTdOwfwGCmUzB EUY0rx9P4v9P9BE+z0Y035hDjyq3bbcoF5QjVgAcF9Qr/9/7dD uFdCgssJvjHo3jvtTfdGh4ohQKPoV1/g2/8cTanQCxITIvcUjkTivWE4rIC9rt/oL/SAVT8LWbkK 9L5Tw3tEqX2vL/X/W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g6R63mNhaiFo2S7a+uGFYAEKLdclP B8n//7/EoWIdhU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpVQUJ6QG IEJoYBUs0ePzrqjK5HSb+d +/X/C//ZTTcVc1HJLEyqKfwW6uRBS01gn3tL////L7fZqhKy5OPXD6waxE0E2FMYPAWpjPz FuE/Z pEf/Ut/6RDk2U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPAVKpP0cqlq G+ hTvf+Cxf4mUvLPfHU Jr5nTUzJzD66t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+Kv8v9EuInnKfqlxDtpJinryD+ o+8 Yr/C///bSp5KVk6f9GK2Sp/PnvkQyyrXzNmvQnz//63/gJwv/rEYagxpK0WSr8pJkqFFrUKcwej6 gX+D//9KsfNCJ8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dkny PoSVmZCsqXGhmig5pXvHnGCzS3 H4iDOzSZ////L3R2AVF5LWxu8O8W+1HKgEJtmOQswG5DfoCj Qq3j////yFMyDp6ZowOhKwEGHvpc QA9V+xGh5GronjMMkv//36pTVWRXEHGztMtVUMlVSQA8yQcu0zOz/41+68wIvIJrhLdaF0OCMmHH SSIDWv7/X+qtp+hAgFvCU rnh 8ZDE+ngcMKLenjee1/y/1A2eD2q/VQvMNRBClstF3JH4v8UbnUvJ RY6KM7RGHJ4JgHWX////30FOUfgDnsRs9/d5J0fO615R/DBqptu9GPr5UvnB/7/U//yMkS4JM0Ir ORjVEDQC8ZdGzrkRSlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoWVAcaEpV6RKP61v9v8VwAEuivRElG drSi+DagdIbiV hv/b5Qrp+BBXCiBvMG2Fr8CuUT+L/ 3/gt9nTifgQ1qAw cSPzYk+1rkY2aFygIId f//2/60ywKDE7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+h RZELOn59Hsb58RVHtNREHOhk0PYIQ F//hIxf/jd76tzRK SxgZ6x2znu1bEQn2HZ573+IX+EQjGapOCl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ 7kpPtXzH0St9m8Yu+v///5KWzEBcUVARbkURdbbPryxZkh9FTsTj6mpxGroP/xf+Nzl6YFPOrMY8 Ud+kVxFtVzQ4ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/1/ibywnYadLNhkZG8Bb4u0RWkBZ/ Yft W/z//1C JFExlnzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlbemNDK6kbgAan////l1VhaF+QKYzl ULQZe5CDDv8j1FFiH6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9drqunK9O/o5hRVD/rf5LZXBqgOR9 BifAUZ7s4jc9pQnY+/9f+GoHzMMG8jH6nrP7RxIJa31HRQGeQorJPo3+/38 svElziCe 2mJoL9Ror bLSTgxwDTt50/1/g/0g7gKr/149HXITVbCo19w3WeoVhyrL8Jf/////b2OXpl5B3iTlRkqlKt5qw nO7M1FflcVxjTxSpS8rcQf//wv9sYFzrkU1u8QQGDl2p/08BJzS64wqrM7FULf9fWOiztwTq/Rg1 dszMBNTC94rqR KZ/ib/198giCcZFmxOm/zEQ QYCrKQw5/////zSo0SdroZ1K6ySmse5NYdV+bw5 d rPe01KS6UWEQHcuU//9v/7haCjfADqc0EwWoRXFW1O6astENrjyxc7Y8ra3E/1/ihofC4RrgUJq8 t8dI+qAGBGhG///fugWtnqip+fTwJh5IQ 619cKp8kbcn56ytql/i/6UxsUJzDim4X6ruONnNjTUd ai5SX +D/NzxzgaTJBKXDMf/VWjqcv8v/v8D/UD1sl52XWU0hnEdeq1ft+CBEGWFJHKWh////WC9u eapnPDEYYzSk7hU3WOBUMCmNQUFrYS//v9R/SL/ap2nNUUClICUHKC0kWEG/HxIkNf///0ZGLigu 8rft/E4WMyhGWwIzZEoupB73AGZ/qb /UBhW4KgIuNEwtz5y3gPcz VwTw//8vViQsMRFoKUwJ8H6a L3AxB3ckSNIv9S/tLiJjv6efmt9JJDIyVWCXuP3/MiQJIC8lDn/6hD5FJC8iIP4uvwmA/1ZArSU0 LTkPICyW/7/AfyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W////G4i/LLIxOA0uXQ0oIzMgMzhzxG6c IdgAuCBOLvT//zMSSS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wFGi55KFcL2FwCFyAtxN/g/39Khvck bQBODjFbCiQ4T+aYHa5Odec1+Ld/iV FJsTYyMT M xJ7o9bYrzdLFP/+5339BRUnXzC3hFVkhAgwlT TEMySbe/SP8Z9d I4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/NWkVyRhl2GrcRTXul/v//aVFGEc9k WkdCLW4YVmHtV0El/V/ xTkodvHCr/8U5BCdj0b83IKpFYnohbyX9/y 8tAyD2pSpNCgFXgUHBILpF zXFCj8yJA3lGFG G+Iahj/7dtEW3MBYG+vhbCjL6qUdEAy3vj/41HMkYGQJo0Rspfwq+9TzOs+UEr 3Q7YEVCB DDKuKg 6lLsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQviMJC9oQMNGEAHEwL/Ld/ woBDwLxB spXCkEDMVW7CvPlOSvFG7stDA5Sktqgi i/7S/w30Q8KDRchGwoZFwgg2sECOqA2X2LrvFh/Itvg1 qcspbc1AN sHCb/W2wX5AVspGyx5FVKk2+P2/DoFRx4VoucGqqUCxO0TIaZi33xrl/0wjSIE1BMon zMV133aFcRjrshEfSb7X JQvUy///1k5JHZ3IuDhGTvZGBhEG+BYJs+8UKTfbvzM3RshCwoJFqpkQ LSC oAkQF5qr5vgC5kFujAxMlMdghaYakNec911xgm/DFMVf9ix+DDDZIm6kHt0m q9CMAdUEKBBMP nI9R/xf2BQ0NQQAFFwARCANBFBK5yQdrGgoWEnMeMW2D1WpN7k4ADQZcry1o8IcigaxgLLbVD0go E AxB52q1tsACzr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYICOQBADAKACRRBb9pJiCoH AFGaW5k Q0QBoPJsb3NlG0TM3h XUU2l6ZRfvf /tMT BFBDk1hcFZpZXdPZg9ub2FvDlVubRAuA3JzIm53wy9L RW52EG9udquKjl1WImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq4qy1VxoLUUOi27r3sQt7cF5nLUzD bl8gfkxpYnJOeUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3PexU0ypNdQN4KBubtVtsF3JjD36w dBAH++ daVh1GQ29wecVEZdqHN2sGgxclSGHnCyDdwp1FU2PZdjv5bGVuVN9wUC9oDWELCsNXK1hE HbO3RUTxb8qRtlDEyXB5T ZFsW3ZngiJNE0V4aUJB8WLdaHFkH/G9WcAm/y+Zj f eGDbsFZXChNkI3 4sLDsDNuWpxlS XsRcaLL+xdsIPxechhUb5MVhpmiuEypDrwlexNiEQ0IY2tDhW9PRHIB42RlQ2in 3F1EbDRNb0J5dCISFCcinJ65r7UtCmOYNipSoLK9J+FUR1BvaSgZSHvBZu1wRiZcvRMZhEOYMOg6 bkVMuKwwaQlpnBakIiYEOk0YM9c4Q3UYfRk6JDlh b2ulRGUslYQgxZVotcce45vAZxtLZXkMT3Dr 3KNrMQtFag6AVlu9ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9kwvht oKJhbodzZTCKNxdrjHIQ9gdp c2S99lwJehnyzhAUoniuW1AIIjk3oSszKmEqIQJKD2 azVM0gAaFVXA8WsN9OQnVmZkEPC0xvd/YZ tiN3dklylCN3CoWbcVr0zAxNgsIAqG1Ztk3Xt9hiQP8EAhMLZVmWZTQ XEhADq2VZlg8JFHM5v/+E vDxQRUwBA+AADwELAQeue9JsE3IqgDIEEAOCbGexkDULAjMEm VvSzQcM0B40e9kb2BAHBgDA eQhA gFtkeAIYBUa4wnYrZHg BHi4v2JOgmKRwkOs2f7uwBCMgC2AuZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu 5Qk Aw8AGfL8pezQnQBuwew2UAABKQTwJAAAA/wAAAAAAYL4AkFAAjb4AgP//V4PN/+sQkJCQkJCQ igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYse g+78Edtz5DHJg+gD cg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJ Adtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkH g8cEg+kEd/EBz+lM////Xon3uQEBAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB 8IkHg8cFidji2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CDxwj/lozlAACVigdHCMB03In5eQcP twdHUEe5V0jyrlX/lpDlAAAJwHQHiQODwwTr2P+WlOUAAGHpI0T//wAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAAAAAAAA AAAAAAAAAAAAIAAQAAAEAA AIACAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjwAADoAgAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAEACQQAAIAAAADE8wAAKAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAANAAAICoAAC A AAAAAAAAAAAAAAAAAAABAAkEAADAAAAA8PQAACIAAAA AAAAAAAAAAAEAMADgwAAAKAAAACAAAABA AAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICA AADAwMAAgICAAAAA /wAA/wAAAP//AP8AAAD/AP8A// 8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAIiIiIiIiIiIiIiI iIiAAACP////////////////gAAAh///////////////94AAAI9//////////////3+AAACP9/// //////////f/g AAA j/9///////////9//4AAAI//9//////////3 //+AAACP//9///////// f// / gAAAj///9///////9////4AAAI///3d3d3d3d3d///+AAACP//d/f3 9/f39/ d///gAAAj/939/f3 9/f39/d//4AAAI/3f39/f39/f39/d/+AAACHd/f39/f39/f39/d3gAAAj39/f39/f39/f39/f4AA AI////////////////8AAAAI///////////////wAAAAAI//////////////AAAAAAAI//////// ////8AAAAAAAAI///////////wAAAAAAAAAI//////////AAAAAAAAAAAI////////8AAAAAAAAA AAAI///////wAAAAAAAAAAAAAI//////AAAAAAA AAAAAAAAIiIiIiAAAAAAAAAAAA AAAAAAAAAAA AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPA AAAH4AAAD/AAAB/4AAA//AAAf/4AAP//AAH//4AD///AB///4A//////////////////yMMAACgA AA AQAAAAIAAAA AEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAA AIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAI///////wA AiP/////4AACPj////48AAI/4///4/wAAj4+IiI+PAACI9/f3 9/gAAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAAAAAAAAAAAAA AAAAA AAD//wAA//8AAMABAADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMAAPAHAAD4DwAA/B8A AP//AAD//wAA8MQAAAAAAQACACAgEAAB AAQA6AIAAAEAEBAQAAEABAAoAQAAAgAAAAAAAAAAAAAA AAAAALz1AACM9QAAAAAAAAAAAAAAAAAAyfUAAJz1AAAAAAAAAAA AAAAAAADW9QAApPUAA AAAAAAA AAAAAAAAAOH1AACs9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPb1 AAAE9gAAFPYAAAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAAAAAAA5AACAAAAAAEtFUk5FTDMyLkRM TABBR FZBUEkzMi5kbGwATVNWQ1JULm RsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJy YXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQA AHdzcHJpbnRmQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAADJ BV zH/wXu3Mn3vD7JWRmCNrq8qcmj20s2kJLRNqvIDkcq+0P7T9oOh53KrHEqSV5xKkEaqObEEbcR MBOohcEhz+GMnz/YeLGcDndekDq12yCtwWewkWQ8KLrTC/nhP2dTf54wZX8gZGLjWuZsvRtXboPg CbQB3bK8FgX+o0RlnyV1Cyr VbvmjE3WV7Yo78e/KHHb3E3W1scq75s7KkzV0dbfKPUgqcfyFhjhZ CvL2+4WOM9SFxEet yJoJZ0rgNcNAq4pl/lCsdLtP4Gc7kgXW+pSPerCRruav7Funr9HQD874P tT9 7DQ/IbcQa/j4kWS zShASPnvdm+Xt+bvxr8CTnlZbtHGMOl8lNHC1IGKPQG5nqbtx k6JDJe7FjsLR 45H35PXxyLMKki5sjwsYP99cBBsa7xC7Sw YH1x5sxC8+vQTPqMjbVtnNPb+9DbmXvnnrFIIBu1V1 tDLPGb07mFc0Dkf+cfiy8XfhBHO4OEdmaz hHQ6cxEACL/jPq6WH2BUaZU9xsr1N4eXYSz1p2ux0M xogUdCO73MngLYsEJGxW0cEy0HkuW0otkt0sQS56Ygb8fel0LnFecy7aEJUunY4LR8+OBnHPMBSo sVTycc8lPvnqtsX5VfDD t7mVfKi11LXD7T3eHHN0D5ACzDd+1jhwM9cf1n926sv17Ydiq5/x BM4F M3n4BZEBPjzRnuSsDadgfyawIWxJ3SFGtW2d6sK7dBEGarQYLBdENUP3m1vQXUtG+JZH0j7hCaMr sc+4S7Y7/trnAvNQXETTQSYJ8msrZCXj2w3+Z8bUE4BXaBEhWmfGZrSIX7fPyVvC01HG38eX/Z16 l JmY0pf14iOX942RhAr54Gs2Pwe4ZsXd /acuT2vTD+bj35nIrvQkztflDgqDKS2xLh9BTTj1LEa8 ftM4cxpJCGygwkS1Kb cIPYd Y1Fz0IySzbj1Gr M/Zf+Bu3COsxc8+avSbeKx3wcSzEB6flL6TWGSN aBuivj8Nx8LzXilqDBp7J05Ux1FonmSPf7eDYB5Pc1vVQGz EJ/ZzW+RgbAnMlrBJ cLbQj++ltWCw uHwjk+q9eq2LQ3QIMAEhwm6Tn7U+SiMh8YwbYU6MEOdX9/qiOhiVhbQHR4NlB6lYNB hVvFIHwIjW kCnBvxgyz9EJa6X8dN5Is7L4ST0iRwILstDcFvkIG3V3d34ebopmXfo3Pu0KDs05CkqACkcJiabF YMAQ h4XEP0EA2loVuEZtET3rJSaoXS2RwhTbagIskzYmhvHhDAD2rasvSfY1kiBuHg2EgcTBQD3x 8f9RSf9+WB6XToGFi+oceuibGKAiYd2apmE6DOqH65o6WR0F+rkycu2X65oN7OqBa9s6sOgEeKpJ jYiQWEeILghXlwUTe5d1blqfTrZ7l3FjSJfi/M2k7ThG9 wLEnV Ru29+S7ZouSyKCEA+S6etL0Zah 8v8xq8PmhXAsI33g/ BOykCxqsgwsI3zbfdOkjfXmOIT7MLxx5Q9pecLe28S24J6/0w/bPILuzkfl uWgY5Z1mg+UL6GbRnf7A4on0K+7KADprdf5lLnqYbdGUO9rRsQZ/0XIs6RF5bvjhBNAf7 jbfv+6B vt3uEaQUESdrEO6O/e7ueII8UEsBAhQACgAAAAAAELsINQ4wNajAcAAAwHAAAJwAAAAAAAAAAAAg AAAAAAAAAG1ha WwudHh0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgLmNvbVBLBQYAAAAA AQABAMoAAAB6cQAAAABQSwECFAAKAAAAAAAQuwg1dkgyZFpyAABacgAACAAAAAAAAAAAACAAAAAA AAAAbWFpbC56aXBQSwUGAAAAAAEAAQA2AAAAgHIAAAAA ------=_NextPart_000_0007_2D5C62CA.F9B86B71-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKEKH073134; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75MKE2T073127; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKCQv073120 for <ietf-openpgp@imc.org>; Sat, 5 Aug 2006 15:20:13 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id C5FCF1936CB; Sun, 6 Aug 2006 00:20:09 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1G9UV6-0005eh-EW; Sun, 06 Aug 2006 00:20:08 +0200 Date: Sun, 6 Aug 2006 00:20:08 +0200 From: Thomas Roessler <roessler@does-not-exist.org> To: "Brian G. Peterson" <brian@braverock.com> Cc: OpenPGP <ietf-openpgp@imc.org>, Jon Callas <jon@callas.org> Subject: Re: OpenPGP/MIME changes Message-ID: <20060805222008.GA21728@lavazza.does-not-exist.org> Mail-Followup-To: "Brian G. Peterson" <brian@braverock.com>, OpenPGP <ietf-openpgp@imc.org>, Jon Callas <jon@callas.org> References: <20060714174935.5A2F1DA820@mailserver8.hushmail.com> <CCFC4799-4C83-44D5-8FC2-1F010EC75D1C@callas.org> <20060719210824.GM13108@lavazza.does-not-exist.org> <200607191802.17107.brian@braverock.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200607191802.17107.brian@braverock.com> User-Agent: Mutt/1.5.12 (2006-08-05) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75MKDQv073122 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On 2006-07-19 18:02:16 -0500, Brian G. Peterson wrote: > On Wednesday 19 July 2006 16:08, Thomas Roessler wrote: >> So, the current OpenPGP/MIME spec is already relatively >> strict and actually takes away some of the degrees of >> freedom that the original PGP/MIME left open. Would you >> care to elaborate a bit more about what points you'd like >> to clean up? > Look back a ways in the archives to the various tabled > discussions on OpenPGP/MIME and the other variants > (inline/partitioned) for email. I remember significant > issues being discussed around offline signature > verification on binary attachments, signatures on signatures > (chain of evidence), and interoperability issues on the > layout of MIME parts. So, summarizing from a round of reading through the archives: - A requirement was given that certain attachments would have to be verified individually. This can be achieved by packaging an individual attachment into a multipart/signed and having a signature for just that attachment. Of course, there's nothing that would keep the sender from wrapping the entire message into another level of multipart/signed. (Incidentally, I don't understand the use case that motivates this requirement. I'd like to hear more about it.) I'm not aware of any OpenPGP/MIME implementation that would do this on the sending end, but this is not a shortcoming of the format. Please also note that the "individual" signatures aren't necessarily the better ones in all contexts: For instance, I rather wouldn't have separate signatures on the parts that together make up a multipart/alternative or multipart/related. - I haven't seen any recent interoperability issues on the layout of MIME parts, unless this is supposed to allude to Outlook's general inability to deal with just about anything MIME. This does not strike me as something that OpenPGP/MIME should be kludging around. - Signatures on signatures are easily done, by wrapping one multipart/signed into another one. In the bad old PGP tradition of not attributing semantics to anything, this should be all that's needed. - I've skimmed through the documentation of what's now called "partitioned" mode; frankly, using well-known attachment file names to signal the relationship between the different body parts that form a multipart makes me cringe, as does having fixed file names for the signature of "the RTF attachment". This is wrong on an unhealthy number of levels. Also, please note that the partitioned format seems not to sign the content-type of the signed material, thereby subjecting it to attacks based on having material that admits multiple interpretations. (Think postscript source code vs. rendered postscript -- I'd send the former as text/plain, and the latter as application/postscript.) Right now, I don't see any particular motivation for changing the existing OpenPGP/MIME RFC. I do see use cases for possibly using the existing spec in a different way in some cases. One thing that I'm wondering about for the packet-based PGP format (though it's probably too late for this) is whether signatures should include an indication of the intended media type of the signed material. One could do this by either extending the literal packet, or by specifying a content-type notation packet. Considering the interoperability impact of the two approaches, the notation packet is probably the right way to go. Regards, -- Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75Ldcnq059391; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75LdcYi059390; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75LdYx9059369 for <ietf-openpgp@imc.org>; Sat, 5 Aug 2006 14:39:37 -0700 (MST) (envelope-from roessler@does-not-exist.org) Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 4B98E193742; Sat, 5 Aug 2006 23:39:33 +0200 (CEST) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1G9Trn-0003ig-Vj; Sat, 05 Aug 2006 23:39:31 +0200 Date: Sat, 5 Aug 2006 23:39:31 +0200 From: Thomas Roessler <roessler@does-not-exist.org> To: Derek Atkins <derek@ihtfp.com> Cc: saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU Subject: Re: OpenPGP Minutes / Quick Summary Message-ID: <20060805213931.GA14257@lavazza.does-not-exist.org> Mail-Followup-To: Derek Atkins <derek@ihtfp.com>, saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU References: <sjmveq2foz6.fsf@cliodev.pgp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <sjmveq2foz6.fsf@cliodev.pgp.com> User-Agent: Mutt/1.5.12 (2006-07-18) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75Ldbx9059380 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On 2006-07-12 18:16:45 -0400, Derek Atkins wrote: > Thomas Roessler gave a history of the Multiple Signature > Draft. It's an extension to RFC1847 to allow the > "signature" portion of the message to be a "multipart/mixed" > and have a set of signatures on the signed data instead of > just a single signature. This signature set could be a > combination of OpenPGP and e.g. S/MIME signatures. As a status update, I've dug out the (quite short) draft from that old backup; before re-submitting it, I'm waiting for my co-authors from back then to give me new contact information and to ok submitting with the new IETF IPR boilerplate. Regards, -- Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmSet002078; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k73FmSBc002077; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmNBB002055 for <ietf-openpgp@imc.org>; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 888F0A32B3 for <ietf-openpgp@imc.org>; Thu, 3 Aug 2006 08:48:22 -0700 (PDT) Received: from mailserver7.hushmail.com (mailserver7.hushmail.com [65.39.178.62]) by smtp3.hushmail.com (Postfix) with ESMTP for <ietf-openpgp@imc.org>; Thu, 3 Aug 2006 08:48:20 -0700 (PDT) Received: by mailserver7.hushmail.com (Postfix, from userid 65534) id 094FCDA81F; Thu, 3 Aug 2006 08:48:19 -0700 (PDT) Date: Thu, 03 Aug 2006 11:48:18 -0400 To: <ietf-openpgp@imc.org> Cc: Subject: list of open-pgp objects // level of detail ? From: <vedaal@hush.com> Content-type: text/plain; charset="UTF-8" Message-Id: <20060803154819.094FCDA81F@mailserver7.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> have been working on preparing a list of the open-pgp objects am not sure how 'detailed' it should be, (i.e. a zoo has an exhibit for a horse, but not really separate exhibits for mares, stallions, foals, brown horses, black horses, spotted horses, etc.) here is a tentative list of the different open-pgp key examples: I. Open-PGP keys: first, A. General categories of Key Types: (1) RSA v3 (Claude) (included for backward compatibilty) (2) RSA v4 (Alice) (3) DH/elg (Bob) one key for each, to use for examples of the different open pgp message types, (i.e. Claude sends a v3 signed message encrypted to Bob's key, Bob sends a signed and encrypted message to Alice's key, etc.) second, B. Examples of the Different Types of Keys as Open-PGP objects: [1] RSA v4, no subkey, primary sign only [2] RSA v4, no subkey, primary sign and encrypt, (similar to v3 key usage) [3] RSA v4, RSA v4 encrypting subkey [4] RSA v4, RSA v4 signing subkey [5] RSA v4, RSA v4 signing and encrypting subkey [6] RSA v4, DH/Elg encrypting subkey [7] RSA v4, DH signing subkey [8] DH, no subkey, primary sign only [9] DH, Elg encrypting subkey [10] DH, DH signing subkey [11] DH, RSA v4 encrypting subkey [12] DH, RSA v4 signing subkey [13] DH, RSA v4 signing and encrypting subkey C. Different Ways of Generating the same Key (using RSA v4 as an example) [1] simple s2k [2] salted s2k [3] iterated and salted s2k [4] s2k with SHA-1 digest (usual case) [5] s2k with SHA-256 digest [6] s2k with SHA-512 digest [7] s2k with RIPEMD-160 digest [8] s2k with CAST-5 algo (usual case) [9] s2k with 3-DES algo [10] s2k with RIJNDAEL 256 algo [11] s2k with TWOFISH 256 algo [11] s2k with BLOWFISH algo D. Different Features available with a Key: [1] key with photo [2] key with multiple user id's (one of them primary) [3] key with comments [4] key with expiration (never) [5] key with fixed expiration date [6] key with designated revoker [7] key disallowing a particular algorithm or algorithms (currently only 3DES is a MUST) [8] key allowing all algorithms, but with particular preferences [9] keys with varying sizes of primary and subkeys (1024 - 16k) is this too detailed, or really the way it should be? ( the hard part is putting together the list, once the list is made, generating the examples is relatively easy ) the level of specific details will determine the size of the list of Open PGP objects. ( the above tentative is list is only for Keys, there are still many other categories ) the size of the final collection of all the examples, can range from about the size of the gpg.man pages to the size of the Handbook of Applied Cryptograhy ;-) so, comments / suggestions / deletions / addtions / etc. / ? Thanks, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485