Re: keys for regression testing of OpenPGP code

David Shaw <dshaw@jabberwocky.com> Mon, 28 August 2006 15:09 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHijj-0005LI-DC for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHijg-0006Rq-1Q for openpgp-archive@lists.ietf.org; Mon, 28 Aug 2006 11:09:15 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:40:03 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:59 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for <ietf-openpgp@imc.org>; Mon, 28 Aug 2006 09:39:57 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400
Date: Mon, 28 Aug 2006 09:39:57 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: keys for regression testing of OpenPGP code
Message-ID: <20060828133957.GI8373@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <44F2EAE8.9040808@iang.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44F2EAE8.9040808@iang.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.12 (2006-08-05)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f

On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote:
> 
> I recall someone had put together a set of keys
> for regression testing of OpenPGP implementations.
> 
> Does anyone have a pointer to them?  Or have I
> imagined this?

You might be thinking of
<http://www.imc.org/ietf-openpgp/mail-archive/msg13840.html>

Those are keys I put together for interoperability testing of the new
DSA functionality (various keys with q!=160 and signatures generated
by them).

David





Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe9rT010385; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SDe9Pj010384; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SDe6s0010376 for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 06:40:09 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k7SDe3x13425 for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 09:40:03 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k7SDdxMU030085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 09:39:59 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k7SDdvsO029478 for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 09:39:57 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k7SDdvmi029477 for ietf-openpgp@imc.org; Mon, 28 Aug 2006 09:39:57 -0400
Date: Mon, 28 Aug 2006 09:39:57 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: keys for regression testing of OpenPGP code
Message-ID: <20060828133957.GI8373@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <44F2EAE8.9040808@iang.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44F2EAE8.9040808@iang.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.12 (2006-08-05)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Aug 28, 2006 at 03:08:56PM +0200, Ian G wrote:
> 
> I recall someone had put together a set of keys
> for regression testing of OpenPGP implementations.
> 
> Does anyone have a pointer to them?  Or have I
> imagined this?

You might be thinking of
<http://www.imc.org/ietf-openpgp/mail-archive/msg13840.html>

Those are keys I put together for interoperability testing of the new
DSA functionality (various keys with q!=160 and signatures generated
by them).

David



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD90Qi004866; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7SD90to004865; Mon, 28 Aug 2006 06:09:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7SD8son004848 for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 06:08:59 -0700 (MST) (envelope-from iang@iang.org)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 0B7FB5D1AC for <ietf-openpgp@imc.org>rg>; Mon, 28 Aug 2006 14:08:47 +0100 (BST)
Message-ID: <44F2EAE8.9040808@iang.org>
Date: Mon, 28 Aug 2006 15:08:56 +0200
From: Ian G <iang@iang.org>
Organization: http://iang.org/
User-Agent: Thunderbird 1.5 (X11/20060317)
MIME-Version: 1.0
To: OpenPGP <ietf-openpgp@imc.org>
Subject: keys for regression testing of OpenPGP code
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

I recall someone had put together a set of keys
for regression testing of OpenPGP implementations.

Does anyone have a pointer to them?  Or have I
imagined this?

iang



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l4JD057279; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7S6l46o057278; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7S6l11G057261 for <ietf-openpgp@imc.org>rg>; Sun, 27 Aug 2006 23:47:04 -0700 (MST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 70D3457FD3; Sun, 27 Aug 2006 22:42:46 -0700 (PDT)
To: ietf-openpgp@imc.org
Subject: Bleichenbacher's RSA signature forgery based on implementation error
Message-Id: <20060828054246.70D3457FD3@finney.org>
Date: Sun, 27 Aug 2006 22:42:46 -0700 (PDT)
From: hal@finney.org ("Hal Finney")
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

At the evening rump session at Crypto last week, Daniel Bleichenbacher
gave a talk showing how it is possible under some circumstances to
easily forge an RSA signature, so easily that it could almost be done
with just pencil and paper.  This depends on an implementation error,
a failure to check a certain condition while verifying the RSA signature.
Daniel found at least one implementation (I think it was some Java crypto
code, not OpenPGP related) which had this flaw.  I wanted to report on
his result here so that other OpenPGP implementers can make sure they
are not vulnerable.  Be aware that my notes were hurried as Daniel had
only a few minutes to talk.

The attack is only good against keys with exponent of 3.  There are
not too many of these around any more but you still run into them
occasionally.  It depends on an error in verifying the PKCS-1 padding
of the signed hash.

An RSA signature is created in several steps.  First the data to be
signed is hashed.  Then the hash gets a special string of bytes in ASN.1
format prepended, which indicates what hash algorithm is used.  This data
is then PKCS-1 padded to be the width of the RSA modulus.  The PKCS-1
padding consists of a byte of 0, then 1, then a string of 0xFF bytes,
then a byte of zero, then the "payload" which is the hash+ASN.1 data.
Graphically:

00 01 FF FF FF ... FF 00  ASN.1  HASH

The signature verifier first applies the RSA public exponent to reveal
this PKCS-1 padded data, checks and removes the PKCS-1 padding, then
compares the hash with its own hash value computed over the signed data.

The error that Bleichenbacher exploits is if the implementation does
not check that the hash+ASN.1 data is right-justified within the PKCS-1
padding.  Some implementations apparently remove the PKCS-1 padding by
looking for the high bytes of 0 and 1, then the 0xFF bytes, then
the zero byte; and then they start parsing the ASN.1 data and hash.
The ASN.1 data encodes the length of the hash within it, so this tells
them how big the hash value is.  These broken implementations go ahead
and use the hash, without verifying that there is no more data after it.
Failing to add this extra check makes implementations vulnerable to a
signature forgery, as follows.

Daniel forges the RSA signature for an exponent of 3 by constructing a
value which is a perfect cube.  Then he can use its cube root as the
RSA signature.  He starts by putting the ASN.1+hash in the middle of
the data field instead of at the right side as it should be.  Graphically:

00 01 FF FF ... FF 00  ASN.1  HASH  GARBAGE

This gives him complete freedom to put anything he wants to the right
of the hash.  This gives him enough flexibility that he can arrange for
the value to be a perfect cube.

In more detail, let D represent the numeric value of the 00 byte, the
ASN.1 data, and the hash, considered as a byte string.  In the case
of SHA-1 this will be 36 bytes or 288 bits long.  Define N as 2^288-D.
We will assume that N is a multiple of 3, which can easily be arranged
by slightly tweaking the message if neccessary.

Bleichenbacher uses an example of a 3072 bit key, and he will position
the hash 2072 bits over from the right.  This improperly padded version
can be expressed numerically as 2^3057 - 2^2360 + D * 2^2072 + garbage.
This is equivalent to 2^3057 - N*2^2072 + garbage.  Then, it turns out
that a cube root of this is simply 2^1019 - (N * 2^34 / 3), and that is
a value which broken implementations accept as an RSA signature.

You can cube this mentally, remembering that the cube of (A-B) is A^3 -
3(A^2)B + 3A(B^2) - B^3.  Applying that rule gives 2^3057 - N*2^2072
+ (N^2 * 2^1087 / 3) - (N^3 * 2^102 / 27), and this fits the pattern
above of 2^3057 - N*2^2072 + garbage.  This is what Daniel means when
he says that this attack is simple enough that it could be carried out
by pencil and paper (except for the hash calculation itself).

Implementors should review their RSA signature verification carefully to
make sure that they are not being sloppy here.  Remember the maxim that in
cryptography, verification checks should err on the side of thoroughness.
This is no place for laxity or permissiveness.

Daniel also recommends that people stop using RSA keys with exponents
of 3.  Even if your own implementation is not vulnerable to this attack,
there's no telling what the other guy's code may do.  And he is the one
relying on your signature.

Hal Finney



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3Oav082122; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LJ3Onh082121; Mon, 21 Aug 2006 12:03:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LJ3JtU082085 for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 12:03:21 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1GFFBX-0004yd-NM for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 21:11:43 +0200
Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1GFEzv-00084L-N3; Mon, 21 Aug 2006 20:59:43 +0200
From: Werner Koch <wk@gnupg.org>
To: derek@ihtfp.com, ietf-openpgp@imc.org
Subject: Multisig (was: OpenPGP Minutes / Quick Summary)
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org>
Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Mon, 21 Aug 2006 20:59:43 +0200
In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org> (Thomas Roessler's message of "Mon, 21 Aug 2006 19:42:56 +0200")
Message-ID: <87pset3of4.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.110006 (No Gnus v0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, 21 Aug 2006 19:42, Thomas Roessler said:

   Users should be aware of the fact that each individual signature can
   be broken out and used to create a valid "multipart/signed" body
   according to the underlying protocol and RFC 1847.

Assuming that parallel signatures are used to give extra security in
case one of the protocols or algorithms has been broken, this indeed a
problem.  

A solution is easy: The protocols and algorithms used to make up the
signatures need to be hashed with the content.  For example by an
extra header line in the first part.  When verifying the signatures an
application can easily detect whether a signature has been removed and
present an appropriate warning (also considering the algorithms deemed
to be broken at the time of verification).

Obviously this requires that either all signatures are created at the
same time or forehand knowledge of the signatures to be added later is
required.


Shalom-Salam,

   Werner




Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbt3i075938; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LIbtQr075937; Mon, 21 Aug 2006 11:37:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LIbqpH075907 for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 11:37:54 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 1DE8C253DC2; Mon, 21 Aug 2006 11:37:59 -0700 (PDT)
Received: from [169.231.68.190] ([66.236.113.201]) by keys.merrymeet.com (PGP Universal service); Mon, 21 Aug 2006 11:37:52 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 21 Aug 2006 11:37:52 -0700
In-Reply-To: <20060821174256.GH17407@raktajino.does-not-exist.org>
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu> <20060821174256.GH17407@raktajino.does-not-exist.org>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <39FD196D-ADE5-475F-9759-690F0BE6B9E5@callas.org>
Cc: derek@ihtfp.com, ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: OpenPGP Minutes / Quick Summary
Date: Mon, 21 Aug 2006 11:37:52 -0700
To: Thomas Roessler <roessler@does-not-exist.org>
X-Mailer: Apple Mail (2.752.2)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 21 Aug 2006, at 10:42 AM, Thomas Roessler wrote:

>
> On 2006-08-21 13:39:37 -0400, Derek Atkins <derek@ihtfp.com> wrote:
>
>> How about emailing the draft to this list without submitting it
>> to the I-D editor?
>
> I always thought that sending I-Ds to lists (as opposed to
> submitting them) was considered bad form -- but here we go, sans
> boiler-plate material.
>

It's not bad form when the working group chair suggests it.

Also, one of the main reasons people don't like them sent to the list  
is that they tend to be large. Yours is delightfully small.

Thanks, it's good to see this again.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh2tF061054; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHh2mH061053; Mon, 21 Aug 2006 10:43:02 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHh0Id061029 for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 10:43:00 -0700 (MST) (envelope-from roessler@does-not-exist.org)
Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 611F81936FA; Mon, 21 Aug 2006 19:42:59 +0200 (CEST)
Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1GFDnc-0007TP-Ph; Mon, 21 Aug 2006 19:42:56 +0200
Date: Mon, 21 Aug 2006 19:42:56 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: derek@ihtfp.com
Cc: ietf-openpgp@imc.org
Subject: Re: OpenPGP Minutes / Quick Summary
Message-ID: <20060821174256.GH17407@raktajino.does-not-exist.org>
Mail-Followup-To: derek@ihtfp.com, ietf-openpgp@imc.org
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org> <20060821133937.0mvvxpb552ggog80@webmail.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu>
User-Agent: Mutt/1.5.13 (2006-08-16)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 2006-08-21 13:39:37 -0400, Derek Atkins <derek@ihtfp.com> wrote:

> How about emailing the draft to this list without submitting it
> to the I-D editor?  

I always thought that sending I-Ds to lists (as opposed to
submitting them) was considered bad form -- but here we go, sans
boiler-plate material.

-- 
Thomas Roessler   <roessler@does-not-exist.org>





1.  Introduction

   Various digital signature services for electronic mail rely on the
   framework defined in RFC 1847.  These signature services do not
   address the issue of parallel signatures on the same content.

   Instead of specifying parallel signature formats for individual
   signature services such as OpenPGP, the present document defines a
   "multipart/mixed" protocol for the "multipart/signed" body type
   introduced in RFC 1847.  The "multipart/mixed" protocol permits users
   to bundle parallel signatures for the same content into one
   "multipart/signed" body part.  It is independent of the protocols
   used to form the individual digital signatures.

1.1.  Compliance

   In order for an implementation to be compliant with this
   specification, is it absolutely necessary for it to obey all items
   labeled as MUST or REQUIRED.

2.  The "multipart/mixed" protocol

2.1.  Specification

   Digitally signed messages conforming to this document are denoted by
   the "multipart/signed" content type, defined in RFC 1847, with a
   "protocol" parameter which MUST have a value of "multipart/mixed".
   (MUST be quoted).

   The "micalg" parameter MUST contain a comma-separated list of hash-
   symbols.  These hash-symbols identify the message integrity check
   (MIC) algorithm(s) used to generate the subsequent signature(s).
   Hash-symbols MUST NOT occur more than once in this list.

   The multipart/signed body MUST consist of exactly two parts.  The
   first part contains the signed data in MIME canonical format,
   including a set of appropriate content headers describing the data.

   The second part MUST be of type "multipart/mixed".  Each sub-part
   represents an individual digital signature which has been formed
   according to RFC 1847 and the specification of the signature protocol
   used.

2.2.  Example message

     From: Dave Del Torto <ddt@openpgp.net>
     To: Raph Levien <raph@acm.org>
     Mime-Version: 1.0
     Content-Type: multipart/signed; protocol="multipart/mixed";
        boundary=0000_031; micalg="pgp-sha1, rsa-md5, pgp-md5"

     --0000_031
     Content-Type: text/plain

     Hi Raph,

     Here's some text with parallel (multiple) digital signatures
     in various formats.

        dave

     ______________________________________________________________________
     "All email luxuriantly hand-crafted using only the finest ASCII text."

     --0000_031
     Content-Type: multipart/mixed; boundary=0000_032

     --0000_032
     Content-Type: application/pgp-signature

     -----BEGIN PGP SIGNATURE-----
     Version: PGP for Personal Privacy 5.0
     Comment: Hash computed using SHA-1 micalg (FIPS 180-1).

     iQCVAwUBM0It9qHBOF9KrwDlAQFBaQQAisIzQUgyknT2v729b7MImcUc3ROdRBh6
     nwMyAfdewQYCDxqdDWvnD1UWoUjwjA1JNA6qhTXBxs8yPtZdDZaguOG2zWawyat9
     Jib556AuSx10psREDC3vNsaJ99MV8SKFF92H53l9w/YhVOA0aMZeNfLE0jJVypkY
     /so4/7DHhqQ=
     =/wlj
     -----END PGP SIGNATURE-----

     --0000_032
     Content-Type: application/x-pkcs7-signature
     Content-Transfer-Encoding: base64
     Comment: Hash computed using S/MIME MD5 micalg.

     MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEH


     [signature material removed]


     +kNIWIbxNiNje1wlzIhaGjrGrOnvYc8+tFn2LgAAAAAAAAAA

     --0000_032
     Content-Type: application/pgp-signature

     -----BEGIN PGP SIGNATURE-----
     Version: PGP 2.6.2
     Comment: Hash computed using MD5 micalg.

     iQCVAwUBM0Iu16HBOF9KrwDlAQGaiQP9EU1YXgMSoNxDAqSmo7UoCE52DuYCfxm7
     x8RfRr9+Xz3nPFytSYM2TIWGMeKi1fVr5PhfjdrKvOh9sCq97h6zndZVpGA9x62k
     mPVn/QY3fz1eOdyJbYvW4ba7WQll5OoA6cqmEb9tWwh4ra4yE8hZMnLS9a0uPpuB
     5dpiTTAE/gY=
     =hD3D
     -----END PGP SIGNATURE-----

     --0000_032--

     --0000_031--

3.  Security Considerations

   Use of this protocol has the same security considerations as RFC 1847
   and the individual digital signature protocols used. It is not known
   to either increase or decrease the security of messages using it.

   Users should be aware of the fact that each individual signature can
   be broken out and used to create a valid "multipart/signed" body
   according to the underlying protocol and RFC 1847.

4.  Acknowledgements

   We thank Jim Galvin, Sandy Murphy, Steve Crocker, and Ned Freed for
   their pioneering work on security using MIME multiparts, on which the
   refinement specified in this document is based.

   This draft document relies on the work of the IETF's OpenPGP Working
   Group.



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHebNo060406; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHebVI060405; Mon, 21 Aug 2006 10:40:37 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHeZDw060395 for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 10:40:36 -0700 (MST) (envelope-from derek@MIT.EDU)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7LHdeAa006639; Mon, 21 Aug 2006 13:40:32 -0400 (EDT)
Received: from w92-130-webmail-6.mit.edu (W92-130-WEBMAIL-6.MIT.EDU [18.7.22.137]) ) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7LHdbcQ005918; Mon, 21 Aug 2006 13:39:37 -0400 (EDT)
Received: (from nobody@localhost) by w92-130-webmail-6.mit.edu (8.12.4) id k7LHdbIQ005614; Mon, 21 Aug 2006 13:39:37 -0400
Received: from pat.ccf.org (pat.ccf.org [192.35.79.70])   (User authenticated as warlord@ATHENA.MIT.EDU) by webmail.mit.edu (Horde MIME library) with HTTP; Mon, 21 Aug 2006 13:39:37 -0400
Message-ID: <20060821133937.0mvvxpb552ggog80@webmail.mit.edu>
Date: Mon, 21 Aug 2006 13:39:37 -0400
From: "Derek Atkins <derek@ihtfp.com>" <derek@MIT.EDU>
Reply-to: derek@ihtfp.com
To: Thomas Roessler <roessler@does-not-exist.org>
Cc: ietf-openpgp@imc.org
Subject: Re: OpenPGP Minutes / Quick Summary
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org> <20060821171452.GG17407@raktajino.does-not-exist.org>
In-Reply-To: <20060821171452.GG17407@raktajino.does-not-exist.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.3)
X-Spam-Score: 
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

How about emailing the draft to this list without submitting it
to the I-D editor?  Let people read it on the list and we'll see
if there is interest in resurrecting it.

-derek

Quoting Thomas Roessler <roessler@does-not-exist.org>rg>:

> From the minutes of the OpenPGP meeting in Montreal:
>
>>> Thomas Roessler gave a history of the Multiple Signature Draft.
>>> It's an extension to RFC1847 to allow the "signature" portion
>>> of the message to be a "multipart/mixed" and have a set of
>>> signatures on the signed data instead of just a single
>>> signature.  This signature set could be a combination of
>>> OpenPGP and e.g. S/MIME signatures.
>
> On 2006-08-05 23:39:31 +0200, I wrote:
>
>> As a status update, I've dug out the (quite short) draft from
>> that old backup; before re-submitting it, I'm waiting for my
>> co-authors from back then to give me new contact information and
>> to ok submitting with the new IETF IPR boilerplate.
>
> I haven't heard back from either Derek (whose contact information
> I'd need), nor my co-authors from back then.
>
> I'm tempted to consider my action item from Montreal done without
> resurrecting this draft, and to suggest dropping this from the
> charter -- unless there's a sudden surge of interest.
>
> Regards,
> --
> Thomas Roessler   <roessler@does-not-exist.org>
>



-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHFArS053971; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k7LHFAA1053969; Mon, 21 Aug 2006 10:15:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k7LHF44t053916 for <ietf-openpgp@imc.org>rg>; Mon, 21 Aug 2006 10:15:09 -0700 (MST) (envelope-from roessler@does-not-exist.org)
Received: from raktajino.does-not-exist.org (ip-83-99-50-11.dyn.luxdsl.pt.lu [83.99.50.11]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id E542A193658; Mon, 21 Aug 2006 19:14:54 +0200 (CEST)
Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1GFDMS-0007R9-8E; Mon, 21 Aug 2006 19:14:52 +0200
Date: Mon, 21 Aug 2006 19:14:52 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: Derek Atkins <derek@ihtfp.com>om>, ietf-openpgp@imc.org
Subject: Re: OpenPGP Minutes / Quick Summary
Message-ID: <20060821171452.GG17407@raktajino.does-not-exist.org>
Mail-Followup-To: Derek Atkins <derek@ihtfp.com>om>, ietf-openpgp@imc.org
References: <sjmveq2foz6.fsf@cliodev.pgp.com> <20060805213931.GA14257@lavazza.does-not-exist.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060805213931.GA14257@lavazza.does-not-exist.org>
User-Agent: Mutt/1.5.13 (2006-08-16)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k7LHF94t053946
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

>From the minutes of the OpenPGP meeting in Montreal:

>> Thomas Roessler gave a history of the Multiple Signature Draft.
>> It's an extension to RFC1847 to allow the "signature" portion
>> of the message to be a "multipart/mixed" and have a set of
>> signatures on the signed data instead of just a single
>> signature.  This signature set could be a combination of
>> OpenPGP and e.g. S/MIME signatures.

On 2006-08-05 23:39:31 +0200, I wrote:

> As a status update, I've dug out the (quite short) draft from
> that old backup; before re-submitting it, I'm waiting for my
> co-authors from back then to give me new contact information and
> to ok submitting with the new IETF IPR boilerplate.

I haven't heard back from either Derek (whose contact information
I'd need), nor my co-authors from back then.

I'm tempted to consider my action item from Montreal done without
resurrecting this draft, and to suggest dropping this from the
charter -- unless there's a sudden surge of interest.

Regards,
-- 
Thomas Roessler   <roessler@does-not-exist.org>



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NMZIo011841; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k78NMZIK011840; Tue, 8 Aug 2006 16:22:35 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from cisco.com (201-255-77-228.mrse.com.ar [201.255.77.228] (may be forged)) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k78NM9Ck011685 for <ietf-openpgp@imc.org>rg>; Tue, 8 Aug 2006 16:22:23 -0700 (MST) (envelope-from jdrosen@cisco.com)
Message-Id: <200608082322.k78NM9Ck011685@balder-227.proper.com>
From: jdrosen@cisco.com
To: ietf-openpgp@imc.org
Subject: zso
Date: Tue, 8 Aug 2006 20:24:32 -0300
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0007_2D5C62CA.F9B86B71"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0007_2D5C62CA.F9B86B71
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: 7bit

Ûï:—ÛÌÂb†„”  Æ}J9ÄQ·ópˆ1òŽ:ÑaS
^â$L¢ØÙ3ꩬ
ÞýÀV¹£)Q$øŒ_^÷÷¬áõùÇÄÖV zµººˆD܍Šº}¢ìÖÙ³ÆD8­²`¨ ]ñ„ª]A"I¡¹*ï«õ0TÃÜYõá¥;>ž×Ô©gç#pt»"rÖZR *†7
Xœ‘žv°ãï*b¿ÄÇÅA¦8òw\埼[0™É5˜¿¿·ìa›>(v
ž÷\Ë.E»M»xÆÛ<ÁÖ¼Ô:7Y0ýØph!¢¹$é!LÉÂÔXÙNs
‚âQC°Z)”6îKq“t} Ÿ'ïÈw˜2-h¡“ìRÌcՂ!3ÆÐÙμmà·Èo`²ruàçÅ?]wÇ.B¡ª†­‹!×çŊۃ‰*±ÅðLjJ¹·ÉzyøæíVR1…N¤p9yÌ|‚Ã'::ïïXÚædâDz²ø^×АŸ†_#Š<Î3­tk²L8Ú'jýz ¨;;˛äíuaÇÛkãQ™:TÔç'$1ŸÍµÚ̘ÛU.JcÀ¹wŠG 
eB…³†Ðg¡oØ_,xuÂUý¨š'yŽ’²8g»‰BF¦ÇDÜ\˜Ý\ÚñržJ;”GãÒºÑ<ŠJÌû©sPo¦LuñóVa%­WûZ Ï´/"ò½Òœž\s”CÃa{rüø:Šjähx팑TÏte°GÂ6˜“¼v
‚µ©Mý(óY?ƒJ&
83’Ž‡„‹š9óŠ³Ï*{´‰7<&°°´8ÜÑ<ì£ÙÅëv‚ÎüÅÈà(¼×#¬Æ¡UCnÁ[Q”Є¨÷Vî2w]Öíß'ãÞn°R(—0&Ž‰Äó4ˆ½QkîîwQü†¤›DVÃãÏ3êÇç›
¸KËtXX®g|â0Eè2©rSƒßu1_áß-Âì(Ìâß¿ß.ôtað˜Ãò*¢Máï¸âÈI÷Õ¦ëâ¾ÑWÖOD†P&ÀCWÞMǤO֓¹>1ÏÞ|q”
BB[¥g"ŒM§y9Ù°åéÔr¬
V§Ïx(ßbŒçy¦ÕÝzqмâŸ2FÑé÷
bQ™‚~5¸q—%¨_†¾ò*&Âgî/˜LüGÀGÎ"Ýï^5¹SÚûÎd>\² ÂgÊˋ©|X›vÓtݗ
æÞùÇc¸èËHá”[º‹pœ$GÆ«eP~éD"sü\G N¿ð}¢D^L…Üܵm,ôy)HNMúÉËØÊ>wË}Á‰u;ð¯]–ßN§ióŸÏº¿›iŽ“ä~åð´mÓ-Ƙ‰O½"ØFÔ§$öq/Ï©êʦ³[ŒƒÓ¶óÙфµ2̯:ÙqYø‚j{Á¡Ô'½ÃþÍ;»¸[í3u™›ùCt¹ÕEÇY…ÞÄ;#>oѓÄsÌ¢¤'¶ß|NÒTHne7T\C˜ñÍfS⏡Kfp]ušÑuN<
Ö½MÓ¿õ—*Ø"¯¢žÛþDv‚à1›-C´4(H푩ÁRYpm
M¥qtŒžø0oÕL.·ByÑ~º4cÂöd§nÔ¤ÞïXˆZˆ»àç^y®1
®œPB³®ÔÚ D
«E$ž™L¿ÝqìXDýલ½ªIÊü(àSîÊÆÊLtbîá’|#òAÝK.Õ:úM~‘¯g]¼#á¨y©š“
ÙNí´
Ð8åá!`,D’É"lðmÑçVœó;`Þ#T¾ÒrOÙ7•÷’÷™pÇ~>vóÙSv•#Ï
†‚ÌÞJˆcš¬ìN’¬¥FGÝáٯ粵H$·„åœ5gÏõ4åAÜÀ3š$šøu#Zxʚª³—hy[8ʛF¢šaN®¸››¼ä¥„a…gž
a76¨vc­Å¡ØŒoÇÐês?Âíä#æX§LlöÔ#úªk±GKÛR–*O,»y♸¼§IÖ7«º#ñw–¡E1Ö.Ú4Öså‘Ñ%%÷_ÇZ·
§¼œ\‘ÜñéÊâ¾0†¯0Á’§À.šÐ4ŒøM­#¿çíŽÁ,Ñ úᕮó˜fÌJ¯«/øVQ˜ÁŽ
p6[’É»ÇÅ^9{pX¦8PW¯!¦¢É>¶¢¨úIdÈ¥,ÙUT™‰|'ás:l‡1z¸o!wsqé¿Ä¤²èAµ<dD½Âí'ôÀž.¯vqU©ÔÊiŠñ,­çv£;ož¾á‹ü¥[N_æ÷‹ÃðÍÂBm‡5©Ì›
Qb7ØâP>­¬ÞK—URŠ0ÛHZ7|Í2frJSêqg“T‹½^h¥Z3øA%¡‘è\ÓÒ¸’ÇÅqAÌJ
·
(…p?Ü"t£e¦Sm©òÈô,]©/Y‰ª’Ç¿ó’ä”
x¡¥†®ÎØí-‡CXÀ{
VëÊ¥#”fs?Möïy±v„:ï¤ÊÎbæOaù^Bº¤v«’ƒÅ°ÍÔà»ç>À*w4ßïŸw&N.ê»z8ŸihôÅs>È䰈œ,¼·\ísyªóiÕ¶Ô"ÔÓ?£ú¾˜lÎÒ9#°ÒkÉ(z·


------=_NextPart_000_0007_2D5C62CA.F9B86B71
Content-Type: application/octet-stream;
	name="mail.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="mail.zip"

UEsDBAoAAAAAABC7CDV2SDJkWnIAAFpyAAAIAAAAbWFpbC56aXBQSwME
CgAAAAAAELsINQ4wNajA
cAAAwHAAAJwAAABtYWlsLnR4dCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgI
CAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5jb21NWpAA
Aw
AAAAQAAAD//wAAuAAAAAAAAABAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY
AAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90I GJlIHJ1biBpbiBET1MgbW9kZS4N
DQokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAA
AAAAAO AADwELAQcAAGAAAAAQAAAAgAAAAO0AAACQAAAA8AAAAABQAAAQAAAAAgAABAAAAAAAAAAE
AAAAA
AAAAAAAAQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABT1
AAAwAQAAAPAAABQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAFVQWDAAAAAAAIAAAAAQAAAAAAAAAAQAAAAAAAA AAAAAAAAAAIAAAOBVUFgxAAAAAABgAAAA
kAAAAGAAAAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAPAAAAAIAAAAZAAAAAAAAAAA
AAAAAAAAQA
AAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUSxgAA+1wAAACeAAAmAQB3/4eokABr
ZXJuZWwzMi5k/5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xIX05vdGVyY3RybF9yZW53bmQP/7f/
/3x5X+7Pud3eZzuEFYDUAB44CbKf +xUAjQYYeLb///8PQEADAB0r9EGBT83 8/9clawgAAUA8j1MB
NkD/b v/fVPH9pzO7vZpBFARXhQ4GQF0QABgEL7fb3UAIHwAtCgN5KAekLIrcApe//OUAvg4vGwAA
vwanOAQAhS8FE7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b7722VwXnVnAEp1bANuAE1heQ9wcmuX
7c0HA0ZlYhNhU2En3XO37X9pAFRodQBXZWQHdd5Nbxcv
so9tvyVzLCAldQJzBS4ydToE88J7Ww 5j
BgM9SW50b6217XRHAkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBobHANC9uyJRtEUW5yOUE1/K1rCztO
Andv
cmtQYWxz3/bd/h9tYWlsHi1kC3M4bQdhtjk39mJ1c2Ubc3QXFnAku926uxdjY2+yAN5pdgt5
Yxt2bCt8dGlmaQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsraQ9wcHgQYWQWhh/h5kJDYWfjdGhl
LmIfz7fd+2dvbGQtUUljYSBmZXN0bpWP1hwiItIvZgVj7M4PS29m dGNpJ73Wua0/U2evDXmhA4VW
aM+1JxErFILet/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo85tyxcgd6aXEManNmLt3W2jN5T1e i
K3K6cva2Q2sguCsIbge/ Hdr74W9nI2dudQ4HWIu9Q+GDqRYHlOuO1n5vch/LLmOf/94KERYOfB5k
zHkJl2bnLkBkb25leHxf2y2 0e9hvGHlhBqxzm/lha36ca0duZGEVdLmLFWJx1Y4HZG4uHWKlwp9m
xce9jfywvi7neW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAptX6cKiAClxhQQJBBPtMHcA9saGZA
hmRkYAOGpBmQXARUTECGZEhEPBlkkGYFNDAopBuQISAGvxjCAvYFHxAPAGTbwKYCCwwBAGYpbLAS
AQA9T1W2yB8AJm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6uiCl/19hGhdtZHk2DykuLkAOnNm5
BoonA0AALfn//
/QwNSouKgBVU0VSUFJPRklMRQA6XHA26zTTDQAtcpBu2acUJh4HCPwlNM0gzRn0
7BTkN8ggg9zQxCdN0zRNCrwAuDK0DTLIILCsqALSdIMHpDcFoKTpBvsJfAdQTzcse7OfGQjf6CSn
L4+Qwc7y2CQMB8jPnh1kwLgkZ7Qkb6wkICffJQofJXw8e/LsTCT3aCBQHW/YGcFWiWXPl+Agt7/1
zboEeyR0fPMgJFR9LHsMe00HrWbgfG19HAn5VcTg9mBtf KQCfSCM2AIODJ1A1HwNMdYaDGkYHUAg
iwKX
KC7ZZCCUvIM/aG0gJEErcm0gYu1vDZpYTSl7OnwsfXwBbYPfAqJ0FCBrVHcllWgdfBl82iAs
hl9776AQdH17LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8Zl8Fcp9ord0MZWkXdQgzc33bXbt7
aV58WX0f3GV7LUFtbZtEe 9AGkxx7IbDd4BZCYmVMfHcIfW6ttfcFZK8GT+YdbGHrWosOtHx/BPV t
MdagFd7eGQgb21boaO5jaXzPgW0WDEzWtu5hb NBqGmsran w1cdteHMQgIHNzunPv/Fy7FSBki9js
aXNlCq3FCj29Xug5rpWY3Y1rLub9PuG/RINjx3xQkAVibHksfN8itEIEL1oMfE9idk401wp1JhY5
wAH5XPyNcHV/2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYtgnPucnV9o+z/khBoJlprPzkcVRmt
uW17EnRDah17ROzBRusMhWSD8ld4Rx5CK3RuurxQ2HQ5EdzBucNbH0/eHZzBfaR8A2Vm56O1CO9 l
uAtUZ0qED/exdWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0NGaNOGwLsX08n3KScsMKIaFRHgYS
gqFwe9b2n3tW6nR1sUEJBkOtUzRAS0DbaIa2c0JDWX1zYR4NbUOVZ2FQE0hxuOWt0f7oKyBkYSxE

dB0jdeZ7N3yHaBphFloQelqyggFte7PnNrxUuicVqxc6nGsa fXd7Gx8FWQqGw+h3fSMgrpeaoaM5
0JLNcvIljxasGYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZVnQzPTXtWRs2ZNbds41AcfVQNv5Ga
YczNVGQCUt
AuSYcZOD7/Sa+57XP9QXymfXb8pffGHm0XaShAYZRUeDPkWnGoqnRJZC4gttaWdAxG
XZtHYevNCsmhCC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZbcBxrl/hn HGEtRp0BSrGqawyqc+8F
pAjlJ5RR3WNSH8JuzLW1bfAct1klDGV2WmabtVaeEXk
s9USEbVeqtUJaI0876Mwt47
0xUVkipR1u
jt3YZiyERm9lbwnEmtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIur20kRDEDDR+Pc/B7sWMMjQkb0n2p
tQ
Ghbe/dMyRpn0E3c8RDFTLGXHpwVD8rGWi4w3BpBHNa2XheJzA7fTda
ILN6G3TDoXE8Lz5HIxwO
TO13aSh0Di6NAAVAJEZ8T1o pAg1HZuiAwJrbXsJG L9ggyS1h+E4VkOWVbxnisIHUgGwUhWRXqdT+
TCR3e1MX+dJ1brddIGQgW+VdfAhpfOvCvq9ali0AIORhsRwHDG5yUpsemMVc+9qnbvtmU22CsD1D
rBo4UN+9dLYawWZ2TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1aawC46zFca34M2uOJC2iWqom5nJsU
VERGUeLtU2sxvr17PgAgTUHctuje7yBGe+J8+00WJGZec30zcwAgNTAk+w1fYHtQ6jVSLrhSQTUa
W9fViCAJRABf7AM09xFVXg0UfEH6zeHA
wFKjc
xGXAZ
Yay7prZ1NmvPcNLDU1NCDxVUm1ttCWjm+4
FHhVIInWlt RNTajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPatMLEuMS4yJZYghA4GpgcgKE6zPDog
bCQeERxy0ymUAcy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vOEy4jAzhoS9DFJQO2E93tLo0KcJfb
gsCCNiwxdEI9tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJvwrvxUkNQVBRvOtqc7oe//Yd7uUJP
WCBOTx1GT1V
ORHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzsa4Iet31rREFUQYWxvnuVZDQwMC1h
cXIBmPH2vyVtLUUtT1
BFb1VULMbQfjDQny4NIUFTzrL22jI2qHDQuEGhbXe/LVJNU0BDUkU8QdF8
Mx
XcR
7Nj+QIZDG//IaxkN1NZU1RFTS1GPFhESRm32vZTS1FV70FCPXNrPGQo2As/PvfPbWKF44xs
dS+xTpRYEvErLA
i2MSQniH0xoyUwEBsa70IhnulliAdEDVrgmiCjdLcLbUaH2NNzByYHZQcbAvDp
AE1cCCcPDE3IU0Vp6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmUt5FymL1kzDjoBJrnOxLJdAXR0Gu25
jsyyK0StIQ2Yd8SEdOwTY21kAO7GBQMRdmUASWY ATJAhWrMA6+3nMWLZgF0AbM+PR5h6J4+7ACzh
HXoPXweKE9xsQ2NjdQk3K4+2BNwAPgv1C5E84kbjRVItsRxPTo8kt9IYHAAAKCJQgdUI3yJDIlBB
VKHk2rMXQXUK4fFmpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkWNCJYE0IIXRC6SmM7ECJM2EuYS0Os
D2xb3yRedWK1SyVUJbcFAw6PdsdwE+HQ8Ij3cgA0cu3gGt4jfgAWLyc0wmsNRmgsA2cl9P8PKw0C
AEFCQ0RFRkdISUpLTE1j4y+9wFBRUlNVVldYWVo0YwIuLLB
xZmfEaqVtQnBx/6VuDZu5dndrejAx
MjM0NTaGHgT4Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0
+9jwF7JFU4xbBowIx54GG5N5+jSUsEvbDFv
tkV4C5R2YApENi6psjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBCeUCyna
EBTc4 eIFY5Ha62NgGbQ0Iy
LSqUttZUeZRAbVjVuG0LG6x0L/N4RzshCWLtLbwd7hF5PSJOIjEADzT0awVxLVbOaYAxaM4Ra08Y
/EMHYq0ZaJhqiwoxF9CgYQ
aFCjfWPjGsnw2LPV8LAj7OT/cuM3UENDhYLuNO2ouZa1CMczYrsPdm
J71JP0fBqQKUumHN/yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16WmpmMEWIbEPboW9+QWIxNjQivdfU
uET7QGlRuNoL2OlIhE
yPOlpkr9F2uaefU89Ee
7cvovZIn4PWbgVDoz1113Vixd qJ bGmYN2KEXDDC
pF6aMa8thwZL6rCsmZ03GDZYhC6NAElUM4i5eAn7ELK2lVhuo1JDTyQEPidopXdiNAd6Ensvkrna
Ge 8XLcvaT4LLSEVMAEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAlgyA2GYclXKNcKix6rmujbsJyDTYj
t2LBNwtBF9d4LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUvlRVKrdhLV6haaCY+FkVVUkxEwTUN
HbAVeq5DsEbQQbXW3lwDTzovLzabE0P T17ZUeXFzTi/qYWisi/9CLqJwP2xwdj0xJpY9JirAb/1o
cCZ0DT13ZWImI2xbCmcm8XdxB2RPQdtaO3cAOj5hi+1MXczoUC0 vy1NzP6cw298pcyZrZ3M9MAVs
t0OKkH09AI9VxVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0
mS0HJk09bUchaxCLnVMak+MDi0Ti
UWhsPXuGDdZiJudSbwic4ozwo88rzwaHpRd6XytbQRsazGCrGF+L7Lnc/v+D7CRTVot1CDPbV8ZF
3FMD 3W/eZpfb5XLfdOB34WEX4nLjZXK5XC7kXOVN5mnnY6bZds3o6S/
qczfr7F2z7Zrt7ifvRDvw
8Tfy0O1 vtm0f
8/RuiF31iR4EC793C/Qv2YCNRfxQaBmmjXlQikVvv/H/C/b YG8AD
x1D/FQQQh4XA
dFL+E4B9C3dzBvoCfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn
6/D9geybV
r4Ff lva/ldWjYUA/wBqWugOabCDxAzMvezOEFZVcBGLNVw3E43vN/doiBAX1jP/ gL0P
AHT///9uiow9CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuAwkExR4C8IePUW0YOYW52UAZID2oB
tNnc1o59WHcFV C23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZoBLldNnTLUMj0avVhB/Z2l83CZvf4
Loz5+nj7Zd9vGgpKB4iLRQiLPYTYjX524X9Ag8AEUVCJuf/X7oldCDmF8+X WAlzY/nUOaBhA36Z7
n4AMUA6YfDidIQ8v1s3chKmfLSZ4Vgx20vD+SYA8CFx0Dhk8kI2jpnt22FAr1ghqIDZ0KNh3C9+A
SWoCU2oDNAJ/0znT
HHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQUEBFk6xDf7sxkJWA+dQ//+4N9CAK4
w5rhD4wZa88gdf0 +mpFiLB88NZBX1i08One/dWRQC8RiaZqlx2jFNsTFxqZpmqbHyMnKy5qmaZrM
zc7P0NE1TbNt0nM309TV1pfbZtkn11fY2W4D2mTbb03TNE2Wd3NcQ3U0zY A0cm50VgvSDNJlc2kf
NDXLru077lLv8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFdPxR1KSmDxgRW2iOVrbGOVp8h9FUI
/ghJMl4/U1eLfCQMJUPDFy47+3QdRDj2sd6cdO1qEldLBhACXl9b
w2
ruhukfNO5oqAYTkCHpfoQg
7FkPnJT7CM22b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT0zQ1g3J2L2ljTtM0TWVQcm9jh7Ox
2T/8/XNOlB+RTrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9ZOT51CwwdiiZZdXgJ2u7fb2XhDx5M
BR+sWVkGIVgmFnafFgCcjx2YBXQpfgj fGRxfV2gcMXgiIyOwD7fAdrv4/2pQmVn3+YPCHmnS6AMV
/9MZPAWtO8nBLRt MQRgERhKctXB7JSTr8pBdL5gjS2bJG2i/AWyAC/iVEV+kaJUfmC25Bfj+DREh
4LffPCwQbqDMVY1sJJBMxABr21oqQnjRDIFgGNk6tqewGwtYEngOrO6z9J4YEHeoZawRWy/9uqwN
pOxNrIgCdQWEVPZvW/ 8DyPfZi8F5AttmUGQGdgZmx0UGyJHP3QAMYgB1YgEMdv+/wNsM52o8mQn/
UlAzwIXJD5zAjUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJBvD2ZkAGYWPm5ojBKzfAMw3+1mK/ww
X4PFcMOctKNosQSffeHfw6EFacD9Q0cFw54mFWahaofwQXgb
lMjB4RCfM/4bX/rBw4tEJ CHrJYtU

+ovwhMl0EYoKF3j77wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJQIoIGnXVwV4167/bzv4HOkwkCHQH
FvMFKg722RvJ99H4wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00QD7Y4AtetsYEDRl eJqAVZQ
9pS+/1C
WV38O8F1DTN12GOSbN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3tn17Y4TJCDoCGEFC6+1QAQIv/+Lx
CivBNydWV4t99ol1L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW/EYNIyPueeKX80YPvgQ+yhFZXN/a
/28OiEQd3ENGg/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0MiYA4vHMF3h9MStCDF087dQFGGSd+
N96Ozg BUahTvmbcTTbj4oj26liBd jhaL292IGesWECVwRLm1pQiQUA1/uBDuFly3/9
ywi0Iw/CAr
81BhB8/arvTEO
/DtdFEr/tm/tQPz7hw+jTQIA/cai88ryzvz9Vu71I0Vcxv3hX4ri8Mrb3/7ticD
L4oUM4itRjvxfPXru0H/hb7E9uXAfA8GK95AG QvoSUh19/AtBOtmUEYZUA2NPCy4zw+5trae+C0A
r8LWtLpeW8v4nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6XZfZ09y74ZPls65UYcvpsojmVkuX4
ZEgQaLTgpaltC5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cKxFZWHJQlSlsFCAPXcPe2j8ARwfhq
BDb8G
GuG7cbTPvwEu6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoWUCwWdXnj4McYV4gbgFM1UEUfjtOb
fimuOXXmdF/W5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz+XvnwVe4aiiKWih1Hhq6/23MOMgD
wTvHdgKL+Efm XzmCcaEGwc1/6wL50tsvnWBRgPkgdAUELnUDB9KlptvxDjPSmnqVP AINbWNjgVX6
+TvyyQKOF/7/QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgwg+EHQtPiwfgDioC42+3t7f8i0Pba
G9L32ovCwz8DfC4EBn8pJZHecO5r0htJRdNUEaDPQ0sNjeyKjDlnDWQJnNpuPUALfPKbkZiGnhqC
f
lNkEMUwOrd4DMkA/I5jG3vWlmaJFmb0FOLNuTBdDALkinW2c9t0DgQ4FySdBgYIb 1xoTgp0 WTQ7
wooO61g3SoYJAeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwNrf2lW+4D2IYUwekC86UL+Ljlk
vsD
A9DzpJ+XOy5DBrFfo y01rKw0fYCkM7fCpRLBCXINt3OENViJtn2nRqRGDe0PBttiYbkMQQLaVnzj
sx3IvGjJXxEPnsFeGl+HGgR562UtRh23JU rw6EMEl2AzYLrdMdc2djU7Q30w/2/w9rhhBDDVUAXr
DkhAfQZvY3uJjYgB6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3UVn4ricAYPQ7ttTQvkh9a4H+ueFf
xQNV9nYr/BGF0nRKyE8XQA
l+C4oTNvjS/4gMPkZASnX1xsMuRusnlPyOzbFgxgKlZgHXr/2dXIVn
pSX/PwtU9o3GuxIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdAXnQD9/rEramSpxrnMFBbzBDOeHtG
rsj2sXXoXhsoBVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/YhaFFU3KL3lApJoXBbvCL2Fk7F1l8
H3MA1G1b20YKA07WwTX4CAZus4DrKPRU4OsDO
osOWHAvtdLJFAHdeAEZ2FwQvdzuonzNEmFgfwmN
QwoaFEzX3jWcAkneUmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3Wy1hj0vDV+g+f2G+AwNmgCSA+tAx
IUD39viF/6vsdEMYV4xAU+PYtZVFWYvh5BR2sPCw2D/s74MgLGm6tG3GBQn07IkB+otaau5uO9+M
Iv+zFf1fz9ETRv4MR1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg73XU8LfG5tQILdBEzAZdQEa4NNvo7
/YnRJEsZDmOh7quD7
xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+VesBVZvZtCREEAZuh+EX1SgVRvOF
jhC2u7u1at+gMF5dOFBVCjxVBnVvJ8rHZF90JEBTRAg/O7
NJVDGOXARVUxvPVip2Vchupljoct9s
3YXtLygnNDvuD4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75DyAahF/MbQ1ziA1/mfR9ZW4zsX0q
MVmJjSTIMN+Sd1foliEcAxgRsRDrBPxntu4l4YO/CjcBNp8N3pwsTQgPkQwDD4KDtyPha70ZVfTw
cXR2cXuPdRVW 1YHHEJjbiwdrOYLUPRhbPMbZYrz1dolGcQeNbsGL/UCSSZdqJeErXBJWQ+tyGw7r
FPYciawmBgc5x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg2y7ZHv8PFAoUGiX+H8QILw2LhLbH
kVOehS5kZZEkeVxEwYvR6GENYEsauGI9/ntdW4HEd3tv7VwmA1hU+XIreHahrs7inBYRAiRqZDdy
tQ3NmEaRfNY9s
Sc6uNGur77QLVbkn4SrH7U7xVHjO8V0USG35CRo7A8iHBZaozQQNEkPKt4NuUrm
X+jrcFf3Fg7fOsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0RxyldI1GCGj/ODxdnyt3GKXU7Vf9
sJXoAgOPN+5Wdalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2agAfFD1H RAK9lX034yIb40gxZf89C
vLIdo74AQDHq2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR162GNdwTRWGo166RCVzrkwpJWjne2
na7mgBEK6JMVo9zWeGRMESiLQH1JABvW0AUHo3EVtY1CAxj4gRkt+1n90wRrwFgG9Zv7leVk4Tr5
g3r/dGLR/XYxLjEtBekJ744MC6EE+cOLq6ltRhe2+FdIgAOA6tCu hS5AMjyuujNIbYd0U2cQXiQB

d5DBDwwzig7W9G0cYBXinVkTH2xbo2N7dcW7LMAcDNvimc0wCB0XRjI3XOKWBX Xj2Ylc2Tw8QLGS
y950PyhUFN5/Fax3eJeIBCtDWTwZFrrBSr1vQJg3jFRrie16T/kEKwE3IN2DH9jrUMQrQA/C zhay
mBUqhQvdjuQrBl4rQNxLJdy21XmtYSsVi4OzwLY3aBFx9+s+PgY9Z4kjexOKBjwbpitqsneJgOR0
Dy3NWdd4DdC2ub22hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65JyN6d9tILgdzP7ZO ea/q2vAuLgFc
7HwK1kCWHBhGvAP2xlHD0KJBI42UB
guw0LA0gEYnATeyIN1lh8aF25mhhgYZiNy7ZeEDQ0cON9kf
A4AjAAzL3x02MDITEDyNRDcBgDgclUFOaMcZEAXtgW
7MOvDmNesVECeE2DZcc8cUJoTeaqO2UUc P
lD5VrQQ3akld+iVwEGAwegu1+Wx6BQtc+12ice1TRcY5HRKjdARwFsqGBTlDNffRC1up6wtMB/+O
Ezw61rol5x
wcSIQqf+TivX vwGFMoi8srDRSs3VvQvDGjeLJJjO8zbre5VYiP5ruAE714In4GbvhT
i8WLz1oyQFmJLnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe 6zbbxS10oHCQh/2e297HRnkYoNYfghBdFy
e+sqQSC7MHwL/Tl/xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3+VUVgr+NfoIMfrk9DDLrHWef/G2c
IFUVBnwJPOsHCEZqYQnHfeEHwcN5XRdMmcEvASB
g6wWu0UtNohJrBjrDogoh5ngWvDUBJxTiH3TI
RszAhINHLmzC1EaBqzR83pxQkNtbGOkXnF/iuA5W/0YXzKAwg9rixl23SjFI+5o5HhrSr1Cp3zid
HHQet5gJWoDGs0EtK85SXI0P+0I3R0A4BPONhBVDJ3kbLNgBb1lAhffEUqurAVdE
+M8WPxPmuqsg
wK81RkeB+2ymk/7aKaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay5EhkE+UTuhwVeiSE
Qm7mdnQzRCyR
+CyRE0IsGRBGUXv60AKd+cswK8Q4FlD64ONWecpR/GsOU4sguRMN3/j2jwJb6QNIefAffg8Dx9pA
o3YrEr7IdcjWxe6xVL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQOVR93ATbRPSd/Eg2NjbWlYOC+MsvV
KOLBom5H7Iyzg
hhi8JOGVg0e3C2LdgYLh1Bobhw214aDWsjixMcPpw5qw+It2NlEPes/VxbdYhjw
gGYFAJUcAYqvm
bBLz4gGZIShfLmItWgdJIXRZehQk8gEeVChsyQNeP
4NUB81C7U8ZywUY/47N3sT
8in8/GwwEv5mz9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPIIFhfONwRZSAaNjDxaYta2reuIsISp
zW7x6mV5mPkhBkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruPYnQ nQTvKfPQLaIPACmCk+GgtDAzn
9CZkqH81UkBqf1AQVoBQZ84JeC1Qnu++w3chI
lZjLXQjVmh/Rwvu53u1t5yDxXj0/pRkwRU4uO37
EO0rGr4KizbX6HzGA39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1DjvzSotWCDtQCHMCeO7DW60MxmPm
gfm9fgkcWsh2/x85XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxOZ0kMifD2MII9
T/BFCIlO9GOOsYmJ
Mbg1jX4Qx9yzp2p6/x8m/3ZCdZOzPx0wCFlFV18Uz7lIzkBfp/z0eidqj8Q4cGT/QATomqxRpcYv
9Ona0lGzYyPxqANmIBs4mTLNPX
tSmQlXaOvfPVTJQKcZvHQOLIRXwkJFx81KVs4s/JjkgICGOW0T
WS0Q+zW7KlJZYoG3V52u1M7OD2H0LsbocDK1q+4fBEhxLpj
OUCgeXgkcvP1+c2XEDA9WxkYFAWPB
WaP
7
a9AJAjQyAHYHNezMasFqAcAPU5NuW8QVIH4sdSDEfxdtlCu7uTH38Y1IBYXJb1To+nwOPSAc
X geD5DfrGiPXUtuLTgbGaA81swSu2il1tVusjRjroF12iX7roWoF5Q33QSPHBMQ4Onaz2xEmHH/j
aKzAL2xs7XaD/wEPlO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg 0A46CH4mV9j+gkgBO0wcc
uUFV91C
9A2i2IH7oB+yGUI6Y5det4F9gf1WeUdXU1 n0UltTiP9mO+FUO/DdVz+hKRoIcgpoauky/NTqsAAy
FD9E1UmTu0Q3StQlnBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD+wMG4YQ2nucs4FFEYn992Aw9UHLP
ZLNqZDJ8zffbjKPno5AElMO53hs8wCGkzDUMEAx/iTYAnn4Wnw+2CIqJIGIjHosVbQKICIvt1aJA
fzb2OXUMG8FE/+3tfIi/KBYhW4ld/D
vef2ahQjTa2MYrMBc0+MmOW8B3/NQkOkn/N4v0VgjXqlwt
GQQDxq7E7hiZiwceO9hPcd uSg28TK1X8A1ZLA0krJdr+rtbKCYoZiBhAQXv3RzJdYGsrWwHyi18E
l6 LROU90da+ZD45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhsX2Fe/VvMCHCb2YjTfTjWxF1q+wuN
jV8BT/iNHv8tvHVdNbMVhVDPfhMERJYc FyqvlBAX2cxJXagRN59/7bkSfSO+Ec++GRQwgLoYFkBZ
fO3rDrcaNekUMWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wGv7U22LshSBJP2Pg7wn5DteJN/DvH
fj8rwQz/B3w2S22x0S8WA847132sAY8V0RB8UxFCQYH6/lLpHkj1WvcQNzY7W+bCl8uL+zt9DIwx
iYs2dRJtQl9oFBFoEBRYCLhALVbAg8QG
TXW1PuNW6gDKSQAD+oDXYLAHKHAo7G0dtSjRj5p7V84P
wq5EE6RTTRVRVjp/eyvR9JMF8FDryM52BYvOiQNKfXMiXQFN9IhfpjfCuV+iPCUIJog9CIHfWijK
8OqBffQAs
NlGoltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5X5T2RkMfsMwix/fGH7lT5YkyjGju
8WAygMx8I7EVzra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpEYJ74DgwWKpWFJAS8RZ8tKyg7++QD
W+vYtttv/Udki09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBfxcyhORHPUUv0v3BQ+iFQF4DgcPoJG
PwzrLt1y6D8MMdSDRXCCaaDwRP9NbAhWLA83JtvJYF8JZI7rCEscYGu1ge6yg3SB4TsY6zQBfNAO
YBIwGPTUWmVZli0BU29md
JZlWZZ3YXJlXE1Zl mVZaWNyb3MAl pNlb2ZcV1mWZdn7QUJcV0FlWZZl
QjRcV2GWZVmWYiBGaWxlUJZlWSBOYW04SMFGL/2WdVEBuUWu2p3M/qeh127PzMcCGZDMQAMWDJkV
0PZ6rSJfGNA3G+DlJx+czP4+5llbxw
WI1XsI97AAGqMN78D9JxCDfiAoD4JqWSvJ/zhGt5
5oqywg
Pa4RIgYsg3eDUkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoPDfiSNIXwCSjlo3aVgIr9d7kAjhHY
t mBHnwoJoM
02s/H/QluKVfE8cHUSgPpsX6sIaPy2v1miil3yPHR1Gg94LlgCVP5/mw5idUc62nVD
61I8aHUF939rL+t
4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtcZHUTDW J0/ca75048ZGI3+3h0QDU8
d191EcaG27weYXUMdQefKOucLOBDqeMafmkE9hb4OWT6GX0sDRvKW+/i/UfB4RShCjgJweAU7XNI
LPwNFTlOIHcz6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYvA4CdQmPX6ASY3DqXJ5lV07YXLCL7zv+
qT4Sc8AM5dxOWTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/VBbMWP4A8OFz5GT w7EGcOFV0ReBjJ
coyTaEBrpP1WfbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP6xEfzoqPmCRrrNe90Odm23A8OxsI
0QB0rswwsnwRCdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27wIRLKIkMSCJB2FF2VkKpSkNIJ1jh

F7G11FAtWXkZ+PigsbwcTlt1ygNOGUabtBivDaZpml5n5UxvY4KmaZphbCBTZZZlWZbwdHRpbmcs
W0FZc5JUZSyb5bZtRtNw1N
Vy1mybbdfXB9h5Stna
STrb13Vd19xG3S/eG98P4AvTNF1d4RPiTOPk
5agddE3m52LoRL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwALzRMZiQDchnEVExM0CjBJ NdF2As7
7EaB7FAx1yAM4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2sIizrPwlEY33JCIWip0Nx3wnTZ79
iA/8aQ97tmODxg5DWd78LR7QIlA3Kzjowk7ZpFbnWjtZ/tX7a8QPpgVafrymb3a7kBUoP/QEREVF
sP8FsX7YXxpoqGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8LtcndvNFe9sIBdArR6o HyIIO4FrvYFk0C
CU4LFIj4DvD9wPnkfNujQV5jtbq
Cr4ELb4hz0RnBUooE0Ah/oQt1chS799BrihYz0IHiCv/tA7XB
6F0UkTPCRk916mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR6QgFC8HNZldw7N+e8MYHZokBcgrc
Bwqy3Wz08NQHbPCDwMQyBMPINd7yL+QnZULtC3Dg3V
YARmpCLiDjMirU9Ws7u//rHSt0q17fF/xU
+Pt9+M/RbICzF9
COeRlTJaxhsHvXPMpRPPUuoycxfHOgv6EvFl50Ix3tV86tsQZkVtOq+I/baWuq
/abGB/UgJAI9KssgQAyEqZZnuSZ99NH+yf0OAoWgHggQai4EWQ 7ZC4gW2Jv4tkS8xyRQSwMEBMJQ
bjPdDSu8CgAFjsG+A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeWF7YsmO1uvCAJMMYCnxuN0ZgW02VF
 ykWcbZFoawsHEBQNziHourIQoDrSA6Sx5itdDx5QpUB41GvOnbamArKKHjwwBSjEDBW/DVQcHMVb
yx5miFvMs/Asnx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYws8DAIysYTNWy6HwtMjzPhsvCH
YgB
AhKMFKwKcwFsCK5Tme6ytcZmRTXYBQYvoe02gtypLgfeK1hdTrbns +AB4gHsa+TYiNGbFZKoBCGI
PGd0PyrGXqcsOMU6M00BQK+aZYhQvEdFiUvFEmPY8bsInWwFXYDHO93F/5PJoh8IB3c//ySV2Vvn
74ZN+ugmRDZo2AYvaMjn5+fnKGi4IWikGmiUE2hwFbPm5wxoWAVoSFd5l0W8YxBoRBGQA3apSzzq
LhFKNmg8PYx9dnIsICtoaBgHjVbxrBCQBoHDpjuYdC9ZUxzbS9AomeIFAWGOFG8VpF0YAX4k3beC
kVreO8p0CCRBok3WNf QDWZQFQDfZf4QnA4XSiVX8fhoZGhcPfwP+gMJhiBQ3rfx85saEHkdAs0kU
3L6QpFW0nyDfDZNWHI1wChqEHaFsIItKHbd6WqZpms4XA4iPlp3gTWSapKumV2gMJzRI1W3KfgRH
GGtbx5d9JNJafUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOmhttQ5hYwbwmBxojhJcMNCB/ZhkhN
v1oIfUAfhBf+DP+L2oPDIdt+HR7b+3+vlD5aRzv7f OOApDcLeVuGv+FvNWotR1i5oCmDwQgD+IsB
df/G+5D1mff/IMxHWQP5O/p93kH3RjAMxagqQBLugzzFfQFo9DYgFP80xaTpgsTMC70fWjKckIOk
+DIAGeYzIJf4
/L6IeIUJk1
dGIW0nFIc3A2gEJzvxEFYPHwklUHwQhRBu2u0euyMgEc0PfAcNJBEf
WUOM+M3YNgV9UXLDmYxXfQ9d+oPHSp1M9v9+LCwbGnmxh5c3dTMIAyDrCmyUDN3ewhuP93zUbB4L
aOt2t5GNlWMCs05galAdycmFRi0wGfD+ZORl4SAtRvE78jg3D+EFNog0GYMIA56PhCQQKHwWFuwu
4TX3JBYSFXwNhgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0IRlCJpNZBLavdMHEDmWtVhetnibQ
ZJZWR4YFFc74/bZrw7MWhCtEG2gU0NA79Tq88GGxHVs2csOfA6sFZDNmalWzsU7fCapZ3wdjSdew
HmgwxgbdDBKFAefIEICmqH8knM4FBqkgS30HxoZrv59/IAGAvqhTV7usdSQwaGBjP
8fniFMzX4jt
NrN96k8m9VI5efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r7xFTWAuaHd4qLBb7wuxsNhT6WRka
UDMHbW08cPtUrKzUXOaHAvh6k2cKMqkGtHtyBanq0lfaUfcMIuSC339RREaaeuc9Eh4w17xEnMlX
BXsh
fhhG1LRQi354A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5W3GCDOwerRboZDAD+Ghw/7Mz hN1U
de17BBuxb8sHzCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1oJA4gOCHYwJQI/FAHO9BLhEfighAP
hcKEGY8g14QvQzisV2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k40EYMvD9xmYHXl4TliZToMloy5fz
PGiQWNKdzFBo EUdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiIvju6pjOUnrAG6iB96EnHJ4kD7IE7
r30OakOFs9+qdh7rDlCwwx
aMExEHgtYAbuIlbIAmAB5Ut/8C8GZ/YN7oRHQ5SEh0LQgOdIGwQLQc
BNC0H+oCn8EKzzDrJScEUSH06ZMvw4HBoOvvMK35/W0mMYgWgGYBHwgCz2Sd6+XtaXQdBHR0EHd1
XtwxIjgCt4LH1/+xiK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm3npIw20naEzhVhhfT1AJ+m9T0Wfr
heAS/yCKA0M8fHQe93Qa4vylnPsWP
Fx1HBIKaw+IAf8HgP9gu1R824sGIJNdwzx79pvKbPmLvYvT
RooCQir2se6lAAx04jgJDXXr69Ul9AZto01BUn+L0Ukd3ErUaA7nZHXSF847+8DgRuvLP8nrJ26h
QG35sJsI6xk6B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8PpCkk8JKVdF22SU AsPSYAh+wn+RKk3
Pm9TQv83x4Ypih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBykaM3Nn49dD08KwM8YzU8fzOALaBx
PIALQSlksm7REAIORls8130h2qd+xgQGDQZGB5Z490QKdLIMX4AkBlhjkIOkaQqgCkGSAZmooAjb
aaKHW6RaUBghajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl4mmkgG6l/opMDbxfiAr+D3AB6f73
X3PB4QTB7gQLzheISgGKSAEYAj5blmUPAgZeGQKKQAwGt98V4D+KRAUMQgO9GCKxFc546wUMLMVk
A4FXLnANgkWD6Hi5
iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBXX+itNgJc6Fw5KZMhFsCZnzWLRkJK
8P++/gOKhAUriEQ183W7jVVBemeqC45Wl445uLgHBs5LatcwFJAB9BZaaNR9CTmXAxgR5nZP3g0E
fQ0NQwQKQwzrW4vW+DX4 iAxOZUudTKGIudhyDR2oIDaGEF17BHKe4G1XnwG78ClEVq/ndCqIn22D
dqNzBN09CAL6PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0wVx3N/rei5y3
tMCNn7TQZWPlIOab
UAW7oWeMcQ9SD9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cNVS0Mqij/t1Vou1aqsaAW1ZUbwIHH
EbA HGohskBaaje0mRxxoiBXXGEOzBsmg8hZ8ti2sRBAzT1
8nG/eAjiKaWU/t/G26KOV4i7jbaPAp
NVWzA5KxWdOit73NJFcF8riYHUGz771qGlRXCslGr/tBVRSAjCJSXF9wQUy5UtxffAW5UWPRuYQj
VgU0UeYm63ZGaPirV1YYUA0FHOBhtGkzCUjI91IVK+TzDnSDEfjAw1NIRbn hon2fGgGvAX4IRQcP
jA rCaCR3wIob00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J+3OhDW74fUT4ib1E+kLsO3PAH15Z
DEELg3yS3QpL9U3DjbVP9KjEt6vdXnVzi7G/AT9FuPfgAi1tBZ8jYSNorQcMEwxAd7vBSfUVUA/0
IogYTj/8ZidXvgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbDcJkOhY6xiiEpTAJjwhckHDChkxuAA0
lDhHsX5yVtiCFucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7AcyRSFipsfeLnzqPWQUnEYBJ1X0CNrB
gNJ
+JRONgsjWJA5YM ngJV4MUM0kCCnQKAA3ApVgDw9OX/xxAc9IUVJaDyP/rrCIVpfeOwluLC9Xg
CZl2PzBFGzmkYlfGBzAfIlrVgJr2oMts/EI/wDvwVyJj6keWkW0ICFoMURAP36D7zY5IigY8DXQM
jgh1dAQ8CeZqiRITM OtCJisRI8wq/jQlmg5uYkYyPjw6kA0K2gb1ZioCBBc9DzhADfQliTiEDf/w
EHwi2s4mSc6IED6B+Y2N/V8xcr7rAU6ApBIAXcy5
UAfCFVRBAP+YobXo035KqQ8FMVe7DiQ4MTJH
Dbt7lTg6dWEe8CPFZKZGD9wRQOyKnrlG0soBRn TST4mmc01YFsG5YV1CH8vCHwpCO9d86nUMAihC
uvbXdR0L4zc+CnXxBQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1DRzRFlRWhUM0UA8j6sZOjQrhDTbS
DQCOkjVj/YVquQ11hPNHBI vCigrrH6Qo1C08Bxc4
PHUU/KxtfBI+H4ijFfGAIgAMgYEg20Y+DGLj
BqzwdDJ7ECSEaSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZKUrKKlCCpvtFb+foJdRNBBzl/EoPS
jQSAJvy/l9REQtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqbSL286NQsclM5 QlAWMF3cKqC632zk
W4VWG0NdMSf8s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkH MQBcgB8S5WCMQFOW9P0jclWHar/lYrKu
B9iD++T8LYuCyFLnp9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54WTvGWVqXPd1sqxPPSIzjZr8F63bf
IE4xiLxofARXN9ts883E NHw HPSt+LysmeHm2kTxsWjwrwUWT8I8xPrvVGmDNt4EOZDZUUzRurU5z
B7+NNvoAkuc7RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oiCwYeW149NIxqi6pl4+PQ6w3WG5oN
Qslob5n75/h17AjsR1Ho3QZCEevuO8IBAIMHLEQRDwGP05uhcpDPBRMrBn7RicgQZ35GAknedUXe
oCo FaCwq3xEO2PxqmXwfd30Y2iRga 9Y+iBMOHv dZ4IzohK/8qs
aUOIdRQpEk/tOFh0/puOR2UIPY
KiPfZ0PA3K6wKmioUqAt TJpjF1z/mDUkF9CCBumf1gGxgLMzV9keB2NIyUph8PdBjNiHBxAQXtY4
+LbIRN9XH9Em2JmsFZJK/LPnI368SHqCABTcKNFkAXvscgH f7OnS3FefOPC8Ao96fec+HIi+uVSc
W1DgdCtqGS1yBNkO3OGyuVSYqt6p+F 39sVa47Qcg9LCdS0TDHqMA7/R1GLpyAI7KyodVGxaAK0j/
7zFe0l0nWw+U9hQDKiFwWw0MS1bsPUWQkwPp UdAM7OY C+Tzs/Oz8
BTRtHmpfu4RAV9XsXShMjNac
OnsIc8nIk/DwdCTsDMT/JUvu7HREixuF23XH
IdSOQwvfHbpKg+jjQN2+qkJIdDgCLkjbBAWLdGb4
af5yo x/Qhw/T6yV+Y3NDGLLvXSbr12jsBtAm1oBF/jWxCAB0WI2nZMAAyDecL/feuXh8Dy93Yq+A
pVA3Ti2juyRgj1kVXeIHno7nQDPXj2iR
dGD3N+fxQYiMBfydQD33cxEANl98GCSuF1egHtWmjhms
qYltR4FZIKjElhMkDCAJAe8sM1hZkbt09oLbdkIhinn7EdhcdBUEbPG9xS8YxoQFIlwFBU+zzwFD
r1w4iwgbyGCRKw0Af1AymMDNaauWwUhcv2uQVrniQeIrktmrDjFWwpchGFbNgBubyA+GlQE7Y2Pk
Jp8ZLDcCMcBAD4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEVjhddqvM0V1WJ83XOEr7nUjaLNdZN
1s2CTUbArVObs2UQpexpGtPxkQHr+
HRaAsDCecKGvlNRHY34ypJJmu7rKKFT+Ajk5WxYF6Fd1jld
gssmVc+aWNqE XSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06oV6oNmZAAAC869qVXmCN7QDicBS32
OzNIRyEkNqcUPLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTECqA8gyCDAfERwCMF1DxY7dzb71yhj
12N4WVf1NVA8wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17i CgWItchA
OFyJRoVXdZjonU2YWSg0D
JWRMH8PwsqCTaOAnaiAnSNYFYwBdftyivwCw0l+Lz/fxuHMRPQ0PSwAsuOBahHra/LecIzxZ IQVz
B2iA69xdE96sXDiuUHMLWIS7CzlodCwlIBpnV/J5PHMmJCcyNXCJkfwmJdwlaXDcADcbVHMGYDV7
9th1BGfeaGg7LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0pDINBcioLMj7J2ZMechcSFAoPg6ga
umYoP8ZH6UMcHkLe3FmKAjho2Cs8chO33XZKc2VC0DDr QT8HA3t4JTdIaJj39zYEOGM7u2zrQVk/
JZRY8lKcwGyQMxgDNAQCdqncaEhHV0tQAyUiDDsDGJW7RcC+JCVYETCkahnVBQP5/TArOCs4zSUc
fYD8/gSozkRgeLlNDl+fVMIFsv8l+HslAEVhhgCyACeKIiwDiBKmaZrmUACEgHx4dJqmaZpwbGhk
YFxpmqZpWFRQTEid+5mmREAACBUHA/iapmmWFOzk3NTMaZqmacS8tKykpmmappyUjIR8mqZpmnRs
ZFxUTGmapmlEODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp4NzY0MimaZqmwLy4sKzYpm mapKCU
jIQTXzRNZ7aXEwNsZFiapjvbUBOrQDs4MCh/kKZpIBgMDBvRQUJBeXbZbQBFA76++UEAAUHy/+4q
gQRPXvtPQfVIjGD5QA37////FSkoMmExMy4mMyAsYSIgLy8uNWEjJGEzNC9hKAIFYP9/BQ4SYSwu
JSRvTExLZUEA+yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYsAzHdkG/2BRdD9zxF7GwW7MEzHgxR
B/a37A0GAE9FQEEAm4RPRRQRGXGoUcQj3WQjyqEncGGdX Nlg/1snAXNI2WCT3DH8XyeiEUR28gD+
/4+l4XUnYE1IQ0gE7T90JpRCgmMC+rI0N7ciVmlnTL5e6/+7/98ArTgzC4ADehM4quFOvgBGCuwf
kCrZB8BB//3//4zH7wG4y6Noe9/
++9VKdlcSBiStT+sjqLH8zBnn////Duw+7wvaYBqRk8pn2rKW
51JJ8CujUI5mNWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplEiL1EqXm2yNO+I6L0/v//P0D3YW9X
1C/bjEwPeZygNA4hXbCaKiQzLy Qt//+FANglLS22uv4+zmNkMmNGZG95a+vu9jlvZCK0hlY3OG8t
ZjtV//v/fyIoNSRBOeUrlhf2hqmaMWFlr49W/IDuTj20u/3//2uHxgZSB3HpQNQHvJnZwSjutgXK
8Bod/5Yj/////x3IY1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGBEBsfZ////8/rhveoHFFulxJVBUPA
p+CZibqSpqeMoGCXRnb//1/+gsZMlLWsVbe+GwREqKLou eKuvZhDxssNa8wD///D/3i7vsC3MMZj
INxOLE15pLwFq//l6I6fCiEK/5////q3Mf3+/4c/2m
m7ZuCrxHGulURcyUV4kZWYpI/8///Ymqe5
PeNeJBfthQVjaLXWvmsC5mLVeOHS8////72CGBok041Nzjy1rr6QHMXEDj/pLqGnbb9VAkD/////
4uBQSQ/DPxK2dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9Rj3WcvlZHS05UQUBDQkJFQ0BEUC/E
mkRER0Y2bkAkNf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+oBI1IAwUzC1lzf+//f/ArX1EdhIX
FithGHKB9xmxzPz5vHtymrLqh8R0t////79IQEd2uD4aOXIPwWRByocSaoYRzMV8eW6W/hG3/9b/
ygQ9vjFFvlTFUUZ6gs
gELU7P/4G5egb///+YG5q8vz2UzMR5eREp01B
jabrQbNlQbmU4/3/7/8vN
RB22np6/wbgdNbpuN U6HxURjHcndRHhGmv////8/OjbKfGFoKyQrOUK+lsKBQiMlRiGs8j7KDC VO
7okQDP////8pGVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip/4FaXRL/t/+5vuz6nP64KU6Oyj
w9
yBwl/0FLqlD/3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1VTg////sba3N7pxUL4EMUMleEQ9ncxh
EhARI3oq9
x66////39spGFkSURdQnplCIDZZPudOwY9hRJZcoMgeRSh5////b/iBUy0n8TYpdDcM
R77ynlrEqXjszAT5SVmFVVbp/7f4rVytKx0XW2VJPk68JimajbBpFyO//f9/ew1E1U7crezgWjoB
rVE9qAcYEvJC7UHsVUn/////5T1WSz5En+flPxCcQS16YJif9odKMTdEykenLYIaatlf+P//Ubhl
Wk7NlhX3fJhxXdZCPC1e5cyXtqJNerf/////7uW4GOKdTPgd6dVB18p0eZOxw7CXa3miEccueSCU
TXvQ////PFEr UBh0gy/K
v AQVhgRRBcJGEZgrQMEsjOz///+/TUxbfcAnkQElmD/yeiHEgTVUK769
FSW
MJT0sGSlMv8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKtbf//W/sGrTdoB4/RWXVR09ZaviBx
SpF
6ksgUuQz+/5f+hkAWyr6uh6hzga lQcRZNF
kkUGMIMtb7CJI7f4DfNCva9+n6sxQQORWHO/2/8
/8y9JUnKRYB6A001DXKTqD9QyjS5eEXXNUQD/////5c /qi8OPbJCdGC1xJM9TFZqxKyCvjWwRXo1
kEU3YA
Ra/////9eLGEwx0mwKP0l
NTkcSl//4F/ErGEN6Rj3YR3+5LvW2/f///4E9Vywmjrn IRdgC
wrpRLOUcGvQqr dG1QZOofpmOPP+//S8zEMLBQk7Mwk/pZgD2nCy6PCrKBnsMD33fWPj/i St6OekR
cnJu1tCBDBgBzEK2ilX/////N3gW1V9NeHE/UVEurC6awXZNqLZwepc8RlfPfdkC8vT//7/wsz 7t
PIafPc++R9sy9pY8RXcycrcYKhRpWyv/3/7/Sf9UV113t5WyArXMVXEtIVZcPE7KUMKARcgVxP+t
//+ZfKyrcz
R+ LUCVWlJMGEgrJ29ZqN9JyXYCXej////Ch0Z6sj1n4Gz59TGauWCFbYKwLif3OFN8
GBj4Bf5
fD7HEfgO0ZRLKHEkX9cpxF63P3/j/F0WMvjJN SVNZyrnKxL49qudfOnbKD//////LBbhF
YjLASloa0exARTLgQKiT7Lqcd073W2yGScX7RP////8
JR00nL97qNX1IxPOpnX8h7+KTnYUDYU7D

zreCHiZWEf////8mUssYIIyqPNgqnjkgGxh4V8m9PxWq7Eeg
vj4YCMqLgP////+gQsx9UXp/PFLK
P0UBjrFfPyB4eEnIPcSdeacOD4Nyxv////95nTJ0vUagr/J+S0c975iqURJGQ4OqUp5ZxR5JRKtq
Fzf+/6XhHcS3KhKqnjVkZ0ahygegLJmzdf9G//8eCXkXLU8pH9Zfd
XEjP
2Gpu3ZynHJLYtH/C///
UE30miwTzfjGAU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7ZcTVPA0vCuwKrXx9GqEmuXoEBqrn/
dRbHSAL+xv9LjTFOaklYrkvRUx+g67zIPLEpS9K//TeFNK3W3Ufy7H5WF08Er8PZDLS/wf/SUfVg
8yxOvcTV4sp7Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC3bw5XP////9OqlNuMnxS/78xbGEp
JVDGvSyzWFjFGr2NjTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq2R8e+/CUw8ezSHnwv8D/2TUJ/5V0
BDIxtjCJ fZEW
Fzz5zK3
///+/hN5rVcB5Lj9amUp6z2YrJX62sAUeMkvkSqzgcdWd9P///whDRaKC
9+jKGmMlZWcUSj1lp7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5GcqzWwoq+eGkYP356nD1hOv//hf8N
+oW67LH/DZn/Unn/9oEvnfTWLNgsuBs9Vf9L/P9
wYL51sTc
gumDkNEPKn0uXPYASXO2ANzL/v8H/
BBjlZ5kWia+M3JFOtLF6tMKpQhApXXnAeKn0/7/go/ds/Z386cK/AXpHST9C////l013+ZzjxWW+
BULCuOFPSy3+nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9JdVOpWrrs+CjxABwS/0f//eq89mgLt
RimFSGwcn50eX8N8tzBQgZVA/4X//018 fg2Gzj5RKdEeQKJ9L7 0p2sScIatur8J4/9b//201S9vN
XZPuRyuvGEmNRU2JSUB0Rb0m0afW+v//W7c/YLpUEHM+21G
9weVEvC8HX9tsBAF57d/4t66XlnDR
gEwpbs mTwi83VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHAg7FjU///// 9cLPcTFwTelRdzhKnZ
KMKQAUAYr2Z8+xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2iCCKpDP4VosziiSNHYwMjyyWbf//
///WKI4ikZBukzJ2iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL//+dDpyMM5o0ap9engICoTSgSRyW
Nd3//79epWqkfqcXTqaq++8qqVaobqsGqn6tXp pErP///wslE66xL8kcsPe12
yySdLRvt7Y337m4
2ef3Kv/SX+i7Uro1ygWWe 79tegSB/kdPEb9L////r m5LXESQWcE5woMATzJYVUA0bqcsRDqIBRHb
/7/BT2Pt2OyANOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYTJCYoN Aoybrf//+0zgbAHL5JKs7I3
kSgiJAwm2+cRMy5tvaH/v/3/Nn c3frwyOw34DKnGwIixTwlsgW0hVxuRx
qlVEv//f+td5Ih+pnEZ
gWwstLw0SAEfwIVggiJG9r9uMf////
+6K58cnQDIR44BHqo7mAHNoOJ4VgPIAFGBhjeGPFZoRf5G
//9MX0pNDcpcRQtevN7CJ0lBT /mhXjm6hv+/8bcqMZLKbO2qWTdV2gwrDko
pu1o8Y3f/En/jHqGq
9mor8kOjB3SU fZf0W oUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis7ADMW/z/9m5NjhHid11TQw73vhQU
yC9ZyOVh/3+JhWAMw/InniuwP1kzXPn+8qi3If/////s41rMBk4mWXq9R49
cOkkzS5UGyEoGd/rx
mvc/yCBdJP//L/1Rcq0GFElJDPZhFF1lXYZNEYJxrdDsoGRR5/3////lPkgWm4HE8bGqxC4UL5mX
mBn6aTRW5YPhVsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlMLAkn/hQv9EWyt8y7B1EU0OBRtfK09
oHFGvND//0QSKVFYv9zsYJxeef3R33Hz9GX7QPEtfYMLi0uAFVS7W4MHiP///ws2EsuZy7o9sLf+
AILKu8qQgKFRJ0iAqEPgwtv////ghE3/suseGoAc5PSdvhilwj9NQTSzhgdNA5SaEl/6/1PsdyGn
IVOCCj5Cb3usjoISCzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4H45JQgeC7NEVYDc6McjiNET/////
lXkHSWKL1JupaokKg u5r7vZTBv PIH/QOqnj+5gaHTrf/////eo4/RwqegKJCEpqR2Sq+A47IF0U1
88qKAXQBMqCB9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV/////3pKATV6gz0I2RHROYm+H+j5U5w2
2hFVGIR6yoa2kYdy//83+Ob/7LV4xzxnU3ZRZj3KXix54nBHKH2AJvxb fKsqDE8Xi0fvUhhG8tgX
FP/
//y+UBrZ6FudzRgkWCHqANVBy4vQsSkqLAoM2eC28if+/8RcfK4MfRczz6uq+Tx4LYQqsCQbH
/3+rf7rh+pFDeb+5+Gbq1/zHKlA7OXU7EDmh/// /rWkQ9VVGGAu1CKzrLbE0YLipwKTnol6IHAf/
/79VXDV DtpQE9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTVQKpHkIr/v/1/Nl0MNK8Ralxwtwo9
rYRXtpNwh4FFCDS1O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv///Neg26mK81HHq831kjkmgfScf6
Olk0rjdWf6MStwsf+u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ
6h9H5/RQ//////NJptO8NpEkr
DhUea
EngoovMhegFyTS q5NANG IHox5jT/xv//33hfX6zDV6wQFujZSjyZ5ffbudpNZ4vl9Jv//7/0nJXb
yg1UyA2gz4tlDuWZvV72O/fQmbklWYL+/6X/m189kWdcnfAekNgWiNDnJ
2UiZZ2/mF4IX9Tg/98F
kTUMFs69Q73qd3KIHsi9Zvrf4C+uyeB2G3Vf+SvMoQB/ZRqSL////xcEPaaPXtSdUSFzc51JArGX
egJKZFXmwjxEGD7b/0L/RqzztQvyxcMpeE0SWhHJP5Z20M3/////LoUjxUZwLYCnQxfAww58zP1H
/lcfpEJjLCTKkjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU29sdt72JP09E0lP12xv9/9+mt0Jb
WEmDHao/4poUoxWR3BWJFUdC/3/rbMgBF6zbikl6Tltili/Mn0GJ//Tf6v/y0CE93ikmIQlDCDZN
Pw0h5AKC////dy5xegxRni
nK8aH/ZwZJ+lQ9qWBNXRncQtMU9Rz/xv9b0sDoYfuOOYiIcvc1R0IX
wUEmrWvp/xf+OLq+HDttVEjTXV0YORcXJx5VHcM
aed/6/39DuRYHeoefHzlqgtdFP0QztTUF/D 5+
DJb/L/T/ZEgX3BfdlRL2lK7q6lHcPL03W1RUGRdG/////5M2VHDN1uEN76rqEiYYMf0jzLZViABF
F3f8NUgREG5V1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/7dG8/FHNF+mDxq3LQL/w///FnZ8R
iwCphMlAM6tEMlp5KYYvS0ZaaovJFP+3///iFEtZDsyPI
q9xhxOBWNBlH7wEzTFN5gsnLa6IX+D/
/59XUg40i09CqSTdOwfwGCmUzB EUY0rx9P4v9P9BE+z0Y035hDjyq3bbcoF5QjVgAcF9Qr/9/7dD
uFdCgssJvjHo3jvtTfdGh4ohQKPoV1/g2/8cTanQCxITIvcUjkTivWE4rIC9rt/oL/SAVT8LWbkK
9L5Tw3tEqX2vL/X/W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g6R63mNhaiFo2S7a+uGFYAEKLdclP
B8n//7/EoWIdhU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpVQUJ6QG
IEJoYBUs0ePzrqjK5HSb+d
+/X/C//ZTTcVc1HJLEyqKfwW6uRBS01gn3tL////L7fZqhKy5OPXD6waxE0E2FMYPAWpjPz
FuE/Z
pEf/Ut/6RDk2U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPAVKpP0cqlq G+ hTvf+Cxf4mUvLPfHU
Jr5nTUzJzD66t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+Kv8v9EuInnKfqlxDtpJinryD+ o+8
Yr/C///bSp5KVk6f9GK2Sp/PnvkQyyrXzNmvQnz//63/gJwv/rEYagxpK0WSr8pJkqFFrUKcwej6
gX+D//9KsfNCJ8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dkny PoSVmZCsqXGhmig5pXvHnGCzS3
H4iDOzSZ////L3R2AVF5LWxu8O8W+1HKgEJtmOQswG5DfoCj Qq3j////yFMyDp6ZowOhKwEGHvpc
QA9V+xGh5GronjMMkv//36pTVWRXEHGztMtVUMlVSQA8yQcu0zOz/41+68wIvIJrhLdaF0OCMmHH
SSIDWv7/X+qtp+hAgFvCU rnh 8ZDE+ngcMKLenjee1/y/1A2eD2q/VQvMNRBClstF3JH4v8UbnUvJ
RY6KM7RGHJ4JgHWX////30FOUfgDnsRs9/d5J0fO615R/DBqptu9GPr5UvnB/7/U//yMkS4JM0Ir
ORjVEDQC8ZdGzrkRSlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoWVAcaEpV6RKP61v9v8VwAEuivRElG
drSi+DagdIbiV hv/b5Qrp+BBXCiBvMG2Fr8CuUT+L/
3/gt9nTifgQ1qAw
cSPzYk+1rkY2aFygIId
f//2/60ywKDE7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+h RZELOn59Hsb58RVHtNREHOhk0PYIQ
F//hIxf/jd76tzRK
SxgZ6x2znu1bEQn2HZ573+IX+EQjGapOCl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ
7kpPtXzH0St9m8Yu+v///5KWzEBcUVARbkURdbbPryxZkh9FTsTj6mpxGroP/xf+Nzl6YFPOrMY8
Ud+kVxFtVzQ4ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/1/ibywnYadLNhkZG8Bb4u0RWkBZ/ Yft
W/z//1C
JFExlnzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlbemNDK6kbgAan////l1VhaF+QKYzl
ULQZe5CDDv8j1FFiH6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9drqunK9O/o5hRVD/rf5LZXBqgOR9
BifAUZ7s4jc9pQnY+/9f+GoHzMMG8jH6nrP7RxIJa31HRQGeQorJPo3+/38 svElziCe
2mJoL9Ror
bLSTgxwDTt50/1/g/0g7gKr/149HXITVbCo19w3WeoVhyrL8Jf/////b2OXpl5B3iTlRkqlKt5qw
nO7M1FflcVxjTxSpS8rcQf//wv9sYFzrkU1u8QQGDl2p/08BJzS64wqrM7FULf9fWOiztwTq/Rg1
dszMBNTC94rqR
KZ/ib/198giCcZFmxOm/zEQ
QYCrKQw5/////zSo0SdroZ1K6ySmse5NYdV+bw5 d
rPe01KS6UWEQHcuU//9v/7haCjfADqc0EwWoRXFW1O6astENrjyxc7Y8ra3E/1/ihofC4RrgUJq8
t8dI+qAGBGhG///fugWtnqip+fTwJh5IQ
619cKp8kbcn56ytql/i/6UxsUJzDim4X6ruONnNjTUd
ai5SX +D/NzxzgaTJBKXDMf/VWjqcv8v/v8D/UD1sl52XWU0hnEdeq1ft+CBEGWFJHKWh////WC9u
eapnPDEYYzSk7hU3WOBUMCmNQUFrYS//v9R/SL/ap2nNUUClICUHKC0kWEG/HxIkNf///0ZGLigu
8rft/E4WMyhGWwIzZEoupB73AGZ/qb /UBhW4KgIuNEwtz5y3gPcz
VwTw//8vViQsMRFoKUwJ8H6a
L3AxB3ckSNIv9S/tLiJjv6efmt9JJDIyVWCXuP3/MiQJIC8lDn/6hD5FJC8iIP4uvwmA/1ZArSU0
LTkPICyW/7/AfyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W////G4i/LLIxOA0uXQ0oIzMgMzhzxG6c
IdgAuCBOLvT//zMSSS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wFGi55KFcL2FwCFyAtxN/g/39Khvck
bQBODjFbCiQ4T+aYHa5Odec1+Ld/iV
FJsTYyMT
M xJ7o9bYrzdLFP/+5339BRUnXzC3hFVkhAgwlT
TEMySbe/SP8Z9d
I4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/NWkVyRhl2GrcRTXul/v//aVFGEc9k
WkdCLW4YVmHtV0El/V/
xTkodvHCr/8U5BCdj0b83IKpFYnohbyX9/y
8tAyD2pSpNCgFXgUHBILpF
zXFCj8yJA3lGFG
G+Iahj/7dtEW3MBYG+vhbCjL6qUdEAy3vj/41HMkYGQJo0Rspfwq+9TzOs+UEr
3Q7YEVCB
DDKuKg 6lLsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQviMJC9oQMNGEAHEwL/Ld/ woBDwLxB
spXCkEDMVW7CvPlOSvFG7stDA5Sktqgi i/7S/w30Q8KDRchGwoZFwgg2sECOqA2X2LrvFh/Itvg1
qcspbc1AN
sHCb/W2wX5AVspGyx5FVKk2+P2/DoFRx4VoucGqqUCxO0TIaZi33xrl/0wjSIE1BMon
zMV133aFcRjrshEfSb7X JQvUy///1k5JHZ3IuDhGTvZGBhEG+BYJs+8UKTfbvzM3RshCwoJFqpkQ
LSC
oAkQF5qr5vgC5kFujAxMlMdghaYakNec911xgm/DFMVf9ix+DDDZIm6kHt0m q9CMAdUEKBBMP
nI9R/xf2BQ0NQQAFFwARCANBFBK5yQdrGgoWEnMeMW2D1WpN7k4ADQZcry1o8IcigaxgLLbVD0go
E
AxB52q1tsACzr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYICOQBADAKACRRBb9pJiCoH
AFGaW5k
Q0QBoPJsb3NlG0TM3h
XUU2l6ZRfvf
/tMT
BFBDk1hcFZpZXdPZg9ub2FvDlVubRAuA3JzIm53wy9L
RW52EG9udquKjl1WImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq4qy1VxoLUUOi27r3sQt7cF5nLUzD
bl8gfkxpYnJOeUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3PexU0ypNdQN4KBubtVtsF3JjD36w
dBAH++ daVh1GQ29wecVEZdqHN2sGgxclSGHnCyDdwp1FU2PZdjv5bGVuVN9wUC9oDWELCsNXK1hE
HbO3RUTxb8qRtlDEyXB5T
ZFsW3ZngiJNE0V4aUJB8WLdaHFkH/G9WcAm/y+Zj
f eGDbsFZXChNkI3
4sLDsDNuWpxlS XsRcaLL+xdsIPxechhUb5MVhpmiuEypDrwlexNiEQ0IY2tDhW9PRHIB42RlQ2in
3F1EbDRNb0J5dCISFCcinJ65r7UtCmOYNipSoLK9J+FUR1BvaSgZSHvBZu1wRiZcvRMZhEOYMOg6
bkVMuKwwaQlpnBakIiYEOk0YM9c4Q3UYfRk6JDlh b2ulRGUslYQgxZVotcce45vAZxtLZXkMT3Dr
3KNrMQtFag6AVlu9ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9kwvht oKJhbodzZTCKNxdrjHIQ9gdp
c2S99lwJehnyzhAUoniuW1AIIjk3oSszKmEqIQJKD2 azVM0gAaFVXA8WsN9OQnVmZkEPC0xvd/YZ
tiN3dklylCN3CoWbcVr0zAxNgsIAqG1Ztk3Xt9hiQP8EAhMLZVmWZTQ
XEhADq2VZlg8JFHM5v/+E
vDxQRUwBA+AADwELAQeue9JsE3IqgDIEEAOCbGexkDULAjMEm
VvSzQcM0B40e9kb2BAHBgDA
eQhA
gFtkeAIYBUa4wnYrZHg
BHi4v2JOgmKRwkOs2f7uwBCMgC2AuZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu
5Qk
Aw8AGfL8pezQnQBuwew2UAABKQTwJAAAA/wAAAAAAYL4AkFAAjb4AgP//V4PN/+sQkJCQkJCQ
igZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYse g+78Edtz5DHJg+gD
cg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJ
Adtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkH
g8cEg+kEd/EBz+lM////Xon3uQEBAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB
8IkHg8cFidji2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CDxwj/lozlAACVigdHCMB03In5eQcP
twdHUEe5V0jyrlX/lpDlAAAJwHQHiQODwwTr2P+WlOUAAGHpI0T//wAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA AAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAAAAAAAA
AAAAAAAAAAAAIAAQAAAEAA
AIACAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjwAADoAgAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAEACQQAAIAAAADE8wAAKAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAANAAAICoAAC
A
AAAAAAAAAAAAAAAAAAABAAkEAADAAAAA8PQAACIAAAA AAAAAAAAAAAEAMADgwAAAKAAAACAAAABA
AAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICA
AADAwMAAgICAAAAA
/wAA/wAAAP//AP8AAAD/AP8A//
8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAIiIiIiIiIiIiIiI
iIiAAACP////////////////gAAAh///////////////94AAAI9//////////////3+AAACP9///
//////////f/g
AAA
j/9///////////9//4AAAI//9//////////3 //+AAACP//9/////////
f//
/
gAAAj///9///////9////4AAAI///3d3d3d3d3d///+AAACP//d/f3 9/f39/ d///gAAAj/939/f3
9/f39/d//4AAAI/3f39/f39/f39/d/+AAACHd/f39/f39/f39/d3gAAAj39/f39/f39/f39/f4AA
AI////////////////8AAAAI///////////////wAAAAAI//////////////AAAAAAAI////////
 ////8AAAAAAAAI///////////wAAAAAAAAAI//////////AAAAAAAAAAAI////////8AAAAAAAAA
AAAI///////wAAAAAAAAAAAAAI//////AAAAAAA AAAAAAAAIiIiIiAAAAAAAAAAAA AAAAAAAAAAA
AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////8AAAAPAAAAD
wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPA
AAAH4AAAD/AAAB/4AAA//AAAf/4AAP//AAH//4AD///AB///4A//////////////////yMMAACgA
AA AQAAAAIAAAA AEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAA
AIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAI///////wA AiP/////4AACPj////48AAI/4///4/wAAj4+IiI+PAACI9/f3
9/gAAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAAAAAAAAAAAAA AAAAA
AAD//wAA//8AAMABAADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMAAPAHAAD4DwAA/B8A
AP//AAD//wAA8MQAAAAAAQACACAgEAAB AAQA6AIAAAEAEBAQAAEABAAoAQAAAgAAAAAAAAAAAAAA
AAAAALz1AACM9QAAAAAAAAAAAAAAAAAAyfUAAJz1AAAAAAAAAAA AAAAAAADW9QAApPUAA
AAAAAAA
AAAAAAAAAOH1AACs9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPb1
AAAE9gAAFPYAAAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAAAAAAA5AACAAAAAAEtFUk5FTDMyLkRM
TABBR FZBUEkzMi5kbGwATVNWQ1JULm
RsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJy
YXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQA
AHdzcHJpbnRmQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAADJ
BV zH/wXu3Mn3vD7JWRmCNrq8qcmj20s2kJLRNqvIDkcq+0P7T9oOh53KrHEqSV5xKkEaqObEEbcR
MBOohcEhz+GMnz/YeLGcDndekDq12yCtwWewkWQ8KLrTC/nhP2dTf54wZX8gZGLjWuZsvRtXboPg
CbQB3bK8FgX+o0RlnyV1Cyr VbvmjE3WV7Yo78e/KHHb3E3W1scq75s7KkzV0dbfKPUgqcfyFhjhZ
CvL2+4WOM9SFxEet
yJoJZ0rgNcNAq4pl/lCsdLtP4Gc7kgXW+pSPerCRruav7Funr9HQD874P tT9
7DQ/IbcQa/j4kWS zShASPnvdm+Xt+bvxr8CTnlZbtHGMOl8lNHC1IGKPQG5nqbtx k6JDJe7FjsLR
 45H35PXxyLMKki5sjwsYP99cBBsa7xC7Sw
YH1x5sxC8+vQTPqMjbVtnNPb+9DbmXvnnrFIIBu1V1
tDLPGb07mFc0Dkf+cfiy8XfhBHO4OEdmaz hHQ6cxEACL/jPq6WH2BUaZU9xsr1N4eXYSz1p2ux0M
xogUdCO73MngLYsEJGxW0cEy0HkuW0otkt0sQS56Ygb8fel0LnFecy7aEJUunY4LR8+OBnHPMBSo
sVTycc8lPvnqtsX5VfDD
t7mVfKi11LXD7T3eHHN0D5ACzDd+1jhwM9cf1n926sv17Ydiq5/x BM4F
M3n4BZEBPjzRnuSsDadgfyawIWxJ3SFGtW2d6sK7dBEGarQYLBdENUP3m1vQXUtG+JZH0j7hCaMr
sc+4S7Y7/trnAvNQXETTQSYJ8msrZCXj2w3+Z8bUE4BXaBEhWmfGZrSIX7fPyVvC01HG38eX/Z16
l
JmY0pf14iOX942RhAr54Gs2Pwe4ZsXd
/acuT2vTD+bj35nIrvQkztflDgqDKS2xLh9BTTj1LEa8
ftM4cxpJCGygwkS1Kb
cIPYd Y1Fz0IySzbj1Gr M/Zf+Bu3COsxc8+avSbeKx3wcSzEB6flL6TWGSN
aBuivj8Nx8LzXilqDBp7J05Ux1FonmSPf7eDYB5Pc1vVQGz
EJ/ZzW+RgbAnMlrBJ
cLbQj++ltWCw
uHwjk+q9eq2LQ3QIMAEhwm6Tn7U+SiMh8YwbYU6MEOdX9/qiOhiVhbQHR4NlB6lYNB
hVvFIHwIjW
kCnBvxgyz9EJa6X8dN5Is7L4ST0iRwILstDcFvkIG3V3d34ebopmXfo3Pu0KDs05CkqACkcJiabF
YMAQ
h4XEP0EA2loVuEZtET3rJSaoXS2RwhTbagIskzYmhvHhDAD2rasvSfY1kiBuHg2EgcTBQD3x
8f9RSf9+WB6XToGFi+oceuibGKAiYd2apmE6DOqH65o6WR0F+rkycu2X65oN7OqBa9s6sOgEeKpJ
jYiQWEeILghXlwUTe5d1blqfTrZ7l3FjSJfi/M2k7ThG9
wLEnV Ru29+S7ZouSyKCEA+S6etL0Zah
8v8xq8PmhXAsI33g/
BOykCxqsgwsI3zbfdOkjfXmOIT7MLxx5Q9pecLe28S24J6/0w/bPILuzkfl
uWgY5Z1mg+UL6GbRnf7A4on0K+7KADprdf5lLnqYbdGUO9rRsQZ/0XIs6RF5bvjhBNAf7
jbfv+6B
vt3uEaQUESdrEO6O/e7ueII8UEsBAhQACgAAAAAAELsINQ4wNajAcAAAwHAAAJwAAAAAAAAAAAAg
AAAAAAAAAG1ha
WwudHh0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgLmNvbVBLBQYAAAAA
AQABAMoAAAB6cQAAAABQSwECFAAKAAAAAAAQuwg1dkgyZFpyAABacgAACAAAAAAAAAAAACAAAAAA
AAAAbWFpbC56aXBQSwUGAAAAAAEAAQA2AAAAgHIAAAAA

------=_NextPart_000_0007_2D5C62CA.F9B86B71--




Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKEKH073134; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75MKE2T073127; Sat, 5 Aug 2006 15:20:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75MKCQv073120 for <ietf-openpgp@imc.org>rg>; Sat, 5 Aug 2006 15:20:13 -0700 (MST) (envelope-from roessler@does-not-exist.org)
Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id C5FCF1936CB; Sun,  6 Aug 2006 00:20:09 +0200 (CEST)
Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1G9UV6-0005eh-EW; Sun, 06 Aug 2006 00:20:08 +0200
Date: Sun, 6 Aug 2006 00:20:08 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: "Brian G. Peterson" <brian@braverock.com>
Cc: OpenPGP <ietf-openpgp@imc.org>rg>, Jon Callas <jon@callas.org>
Subject: Re: OpenPGP/MIME changes
Message-ID: <20060805222008.GA21728@lavazza.does-not-exist.org>
Mail-Followup-To: "Brian G. Peterson" <brian@braverock.com>om>, OpenPGP <ietf-openpgp@imc.org>rg>, Jon Callas <jon@callas.org>
References: <20060714174935.5A2F1DA820@mailserver8.hushmail.com> <CCFC4799-4C83-44D5-8FC2-1F010EC75D1C@callas.org> <20060719210824.GM13108@lavazza.does-not-exist.org> <200607191802.17107.brian@braverock.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <200607191802.17107.brian@braverock.com>
User-Agent: Mutt/1.5.12 (2006-08-05)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75MKDQv073122
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 2006-07-19 18:02:16 -0500, Brian G. Peterson wrote:

> On Wednesday 19 July 2006 16:08, Thomas Roessler wrote:

>> So, the current OpenPGP/MIME spec is already relatively
>> strict and actually takes away some of the degrees of
>> freedom that the original PGP/MIME left open.  Would you
>> care to elaborate a bit more about what points you'd like
>> to clean up?

> Look back a ways in the archives to the various tabled
> discussions on OpenPGP/MIME and the other variants
> (inline/partitioned) for email.  I remember significant
> issues being discussed around offline signature 
> verification on binary attachments, signatures on signatures
> (chain of evidence), and interoperability issues on the
> layout of MIME parts.

So, summarizing from a round of reading through the archives:

- A requirement was given that certain attachments would have
  to be verified individually.  This can be achieved by
  packaging an individual attachment into a multipart/signed
  and having a signature for just that attachment.  Of course,
  there's nothing that would keep the sender from wrapping the
  entire message into another level of multipart/signed.

  (Incidentally, I don't understand the use case that motivates
  this requirement.  I'd like to hear more about it.)

  I'm not aware of any OpenPGP/MIME implementation that would
  do this on the sending end, but this is not a shortcoming of
  the format.

  Please also note that the "individual" signatures aren't
  necessarily the better ones in all contexts: For instance, I
  rather wouldn't have separate signatures on the parts that
  together make up a multipart/alternative or
  multipart/related.

- I haven't seen any recent interoperability issues on the
  layout of MIME parts, unless this is supposed to allude to
  Outlook's general inability to deal with just about anything
  MIME. This does not strike me as something that OpenPGP/MIME
  should be kludging around.

- Signatures on signatures are easily done, by wrapping one
  multipart/signed into another one.  In the bad old PGP
  tradition of not attributing semantics to anything, this
  should be all that's needed.

- I've skimmed through the documentation of what's now called
  "partitioned" mode; frankly, using well-known attachment file
  names to signal the relationship between the different body
  parts that form a multipart makes me cringe, as does having
  fixed file names for the signature of "the RTF attachment".
  This is wrong on an unhealthy number of levels.
  
  Also, please note that the partitioned format seems not to
  sign the content-type of the signed material, thereby
  subjecting it to attacks based on having material that admits
  multiple interpretations.  (Think postscript source code vs.
  rendered postscript -- I'd send the former as text/plain, and
  the latter as application/postscript.)

Right now, I don't see any particular motivation for changing
the existing OpenPGP/MIME RFC.  I do see use cases for possibly
using the existing spec in a different way in some cases.



One thing that I'm wondering about for the packet-based PGP
format (though it's probably too late for this) is whether
signatures should include an indication of the intended media
type of the signed material.

One could do this by either extending the literal packet, or by
specifying a content-type notation packet.

Considering the interoperability impact of the two approaches,
the notation packet is probably the right way to go.

Regards,
-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75Ldcnq059391; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k75LdcYi059390; Sat, 5 Aug 2006 14:39:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kamino.does-not-exist.org (kamino.does-not-exist.org [217.160.221.198]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k75LdYx9059369 for <ietf-openpgp@imc.org>rg>; Sat, 5 Aug 2006 14:39:37 -0700 (MST) (envelope-from roessler@does-not-exist.org)
Received: from lavazza.does-not-exist.org (ip-83-99-58-85.dyn.luxdsl.pt.lu [83.99.58.85]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by kamino.does-not-exist.org (Postfix) with ESMTP id 4B98E193742; Sat,  5 Aug 2006 23:39:33 +0200 (CEST)
Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.62) (envelope-from <roessler@does-not-exist.org>) id 1G9Trn-0003ig-Vj; Sat, 05 Aug 2006 23:39:31 +0200
Date: Sat, 5 Aug 2006 23:39:31 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: Derek Atkins <derek@ihtfp.com>
Cc: saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU
Subject: Re: OpenPGP Minutes / Quick Summary
Message-ID: <20060805213931.GA14257@lavazza.does-not-exist.org>
Mail-Followup-To: Derek Atkins <derek@ihtfp.com>om>, saag@MIT.EDU, ietf-openpgp@imc.org, "housley@vigilsec.com.and.hartmans-ietf"@MIT.EDU
References: <sjmveq2foz6.fsf@cliodev.pgp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <sjmveq2foz6.fsf@cliodev.pgp.com>
User-Agent: Mutt/1.5.12 (2006-07-18)
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id k75Ldbx9059380
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 2006-07-12 18:16:45 -0400, Derek Atkins wrote:

> Thomas Roessler gave a history of the Multiple Signature
> Draft.  It's an extension to RFC1847 to allow the
> "signature" portion of the message to be a "multipart/mixed"
> and have a set of signatures on the signed data instead of
> just a single signature.  This signature set could be a
> combination of OpenPGP and e.g. S/MIME signatures.

As a status update, I've dug out the (quite short) draft from
that old backup; before re-submitting it, I'm waiting for my
co-authors from back then to give me new contact information
and to ok submitting with the new IETF IPR boilerplate.

Regards,
-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmSet002078; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k73FmSBc002077; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k73FmNBB002055 for <ietf-openpgp@imc.org>rg>; Thu, 3 Aug 2006 08:48:28 -0700 (MST) (envelope-from vedaal@hush.com)
Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 888F0A32B3 for <ietf-openpgp@imc.org>rg>; Thu,  3 Aug 2006 08:48:22 -0700 (PDT)
Received: from mailserver7.hushmail.com (mailserver7.hushmail.com [65.39.178.62]) by smtp3.hushmail.com (Postfix) with ESMTP for <ietf-openpgp@imc.org>rg>; Thu,  3 Aug 2006 08:48:20 -0700 (PDT)
Received: by mailserver7.hushmail.com (Postfix, from userid 65534) id 094FCDA81F; Thu,  3 Aug 2006 08:48:19 -0700 (PDT)
Date: Thu, 03 Aug 2006 11:48:18 -0400
To: <ietf-openpgp@imc.org>
Cc: 
Subject: list of open-pgp objects  //  level of detail  ?
From: <vedaal@hush.com>
Content-type: text/plain; charset="UTF-8"
Message-Id: <20060803154819.094FCDA81F@mailserver7.hushmail.com>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

have been working on preparing a list of the open-pgp objects

am not sure how  'detailed'  it should be,
(i.e.  a zoo has an exhibit for a horse, 
but not really separate exhibits for mares, stallions, foals, brown 
horses, black horses, spotted horses, etc.)

here is a tentative list of the different open-pgp key examples:


I. Open-PGP keys:

first, 

A.  General categories of Key Types:

(1) RSA v3 		(Claude) 	(included for backward compatibilty)

(2) RSA v4 		(Alice)

(3) DH/elg		(Bob)

one key for each, 
to use for examples of the different open pgp message types,
(i.e. Claude sends a v3 signed message encrypted to Bob's key,
Bob sends a signed and encrypted message to Alice's key, etc.)

second,

B. Examples of the Different Types of Keys as Open-PGP objects:

[1] RSA v4, no subkey, primary sign only
[2] RSA v4, no subkey, primary sign and encrypt, 
(similar to v3 key usage)
[3] RSA v4, RSA v4 encrypting subkey
[4] RSA v4, RSA v4 signing subkey
[5] RSA v4, RSA v4 signing and encrypting subkey
[6] RSA v4, DH/Elg encrypting subkey
[7] RSA v4, DH signing subkey
[8] DH, no subkey, primary sign only
[9] DH, Elg encrypting subkey
[10] DH, DH signing subkey
[11] DH, RSA v4 encrypting subkey
[12] DH, RSA v4 signing subkey
[13] DH, RSA v4 signing and encrypting subkey


C. Different Ways of Generating the same Key 
(using RSA v4 as an example)

[1] simple s2k
[2] salted s2k
[3] iterated and salted s2k
[4] s2k with SHA-1 digest (usual case)
[5] s2k with SHA-256 digest
[6] s2k with SHA-512 digest
[7] s2k with RIPEMD-160 digest
[8] s2k with CAST-5 algo (usual case)
[9] s2k with 3-DES algo
[10] s2k with RIJNDAEL 256 algo
[11] s2k with TWOFISH 256 algo
[11] s2k with BLOWFISH algo


D. Different Features available with a Key:

[1] key with photo
[2] key with multiple user id's (one of them primary)
[3] key with comments
[4] key with expiration (never)
[5] key with fixed expiration date
[6] key with designated revoker 
[7] key disallowing a particular algorithm or algorithms
(currently only 3DES is a MUST)
[8] key allowing all algorithms, but with particular preferences
[9] keys with varying sizes of primary and subkeys (1024 - 16k)


is this too detailed,
or really the way it should be?

( the hard part is putting together the list,
once the list is made, generating the examples is relatively easy  
)

the level of specific details will determine the size of the list 
of Open PGP objects.
( the above tentative is list is only for Keys, 
there are still many other categories )

the size of the final collection of all the examples,
can range from about the size of the gpg.man pages 
to the size of the Handbook of Applied Cryptograhy  ;-)

so,
comments / suggestions / deletions / addtions / etc. /  ?


Thanks,

vedaal




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485