From nobody Thu Sep 10 11:52:07 2020
Return-Path: <mbishop@evequefou.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 9C9693A0C3D
 for <tls@ietfa.amsl.com>; Thu, 10 Sep 2020 11:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0nPnff34pAVM for <tls@ietfa.amsl.com>;
 Thu, 10 Sep 2020 11:52:01 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
 (mail-bn8nam12on2123.outbound.protection.outlook.com [40.107.237.123])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 793073A0DF9
 for <tls@ietf.org>; Thu, 10 Sep 2020 11:52:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GJWFNgwQR4QgA/UDHbay2+Xw0BlwGhcJQSwkfj9s2wy6HWW+MulBd+i0S9dvkq3CEoo9EjJJqURsOZMTJuCvnyAprnppnZ6bPwDxuOemXvDAKXS4EZPlbonO/7DbYbaYQDDgvm5SR1xtlZO83Mx3TrURzLEuc2vMr0X08uKtiU8rVfpNziFX3dIuOMpUOZiRRj/pkulUjaaPTyVvRX9ysUTsl7XkImuIVV6cA29HrV9FXIKWNJe9aEqg+UVJiQ1wffzty4d6FyD4SpW5y2Z/fCrV6T0z5hfNww5/xPnKvrr0l5W7KT2J6Ewc/I1y1bPe+HfwVx7beUkJbbzbeD3o0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=yrrydKgeRZ552SgugcuGBEQiK9GZG8Kqhn6qr4f2OqQ=;
 b=FX7Noqkuu52MKzXeq1mjSMUuhi9bbBN9VFl2e889HD0p9+BkKD9f90uFk3A4/4q3cWPzFQnKzqzi8AJAlXzhr8gSgCsj5qvvfr0uGzsPFRnbRIqacRBey3CDLwTbDybe3olMyYAcgmN4rSXgIcZkcTuYMAzpuniNMlbRv3IPpOZAuC1ZmMzME4IFHJYVislVlHQRzdqdi3DnfCc69E6UyL/DiGzzdaNlmAtjuXINFZnqCF/vPa9Ut2fVZ6z5VQPUxJ2cv4C5UlaEmDQoPL7TtfbuofPgLnTRxoG5kyC+WWo7ZRM1Z6lobWjpbbjILDwvgpryH37nVMNSWKa9PUPSHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be;
 dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=yrrydKgeRZ552SgugcuGBEQiK9GZG8Kqhn6qr4f2OqQ=;
 b=AfkWVZaApz27RFmprsI7qHGZ8PoJReCyPanYLj910CqGQRQHUppDKXr9CDK88L2mmr6CtXP3h58u29AhMD2h6Az2ivvm9Kj2+en+VEXe85mId0VnXL0PC/45b7mQtTb+FiQ/H0sEEiJ+Pu+zKykXoSQHxV21e8WqK3d3uvUbGaI=
Received: from CH2PR22MB2086.namprd22.prod.outlook.com (2603:10b6:610:8c::8)
 by CH2PR22MB1829.namprd22.prod.outlook.com (2603:10b6:610:81::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Thu, 10 Sep
 2020 18:51:59 +0000
Received: from CH2PR22MB2086.namprd22.prod.outlook.com
 ([fe80::2827:5a3c:11db:7a55]) by CH2PR22MB2086.namprd22.prod.outlook.com
 ([fe80::2827:5a3c:11db:7a55%4]) with mapi id 15.20.3370.016; Thu, 10 Sep 2020
 18:51:59 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, Christian
 Huitema <huitema@huitema.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS ECH, how much can the hint stick out?
Thread-Index: AQHWhfPKZCd76N1m6EGBOv8Plhva3qlfDioAgAMq5hA=
Date: Thu, 10 Sep 2020 18:51:59 +0000
Message-ID: <CH2PR22MB2086C4A5232D3605F66D4F1ADA270@CH2PR22MB2086.namprd22.prod.outlook.com>
References: <d33c685c-6bf3-1584-4d95-1fe2cf6695e8@huitema.net>
 <CAG2Zi23NQRPUzHbVKSSSxR_eaNokVF--K9FfCNMagrCKnSHMZQ@mail.gmail.com>
In-Reply-To: <CAG2Zi23NQRPUzHbVKSSSxR_eaNokVF--K9FfCNMagrCKnSHMZQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: dmarc.ietf.org; dkim=none (message not signed)
 header.d=none;dmarc.ietf.org; dmarc=none action=none
 header.from=evequefou.be;
x-originating-ip: [72.49.212.17]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4aab1d2d-1879-49df-8f7d-08d855ba9922
x-ms-traffictypediagnostic: CH2PR22MB1829:
x-microsoft-antispam-prvs: <CH2PR22MB1829CB8654C25A24BCAB543ADA270@CH2PR22MB1829.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7HVB+C3DdOMhGxHaioXEq2vnQcAQumeGuqE5Qo6egw8o26ZIJHaxLV8bue83Ciur9J84NySOoSaRRaLKhTvp35ijxE2nwjM0XM+w4VkSQEY0OFIBnmnMleCodevDcG2qtVY5m36dDjEWioBo8fX59gRz11P9xpeUG5bnwy+MVvtjj4hMEKM/ilSMfA+zjsOulidmrNDwverX9UV7QgKci16mcsYPzsq8pCmv3dt/tKTu8yT0v7s8Pr9aNYguxvU46BgH6sE1Qwu8bY0vJc4w0t+Hn+pOi29FcPOxJ/CrkbOc+4X7JVyhWLUgjYKMrHAr
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; 
 IPV:NLI; SFV:NSPM;
 H:CH2PR22MB2086.namprd22.prod.outlook.com; PTR:; CAT:NONE; 
 SFS:(366004)(396003)(136003)(39830400003)(376002)(346002)(83380400001)(71200400001)(99936003)(33656002)(8676002)(2906002)(76116006)(26005)(7696005)(86362001)(9686003)(110136005)(5660300002)(478600001)(64756008)(6506007)(66946007)(52536014)(53546011)(316002)(55016002)(66556008)(66446008)(66476007)(186003)(4326008)(66616009)(8936002);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata: m9+6ZukYRJsu47zDtdDlsXFSt/fKbC4AL7BXLPCBDAlRTc4L2C3obwcyc2SGJN6Plq6C7g3LEX5UJ8uT8q4rq3JsFzpSsbKqF+xBwC4af9HZJ/Zvfte9RSWUCk8dsGEAM9ATFP8lxivtdm9L/a66jgl/rayx7ZpibZS+wiqUYdqwzDOTzsLiOoadv+ArAf3KHmLA254yXThbIiakjeot96EFXjWtiOSJfPs/EzlVaApHhYNpvqkJRkKdT5KJiYA3mWMyym6JnmlqmIw3R2emwT6TfbMbGok/3lahUs46uDm6yCmI3Xd8x6ByxDydFeURHnDy0DFSE2Dvmw9U+W7cw6y3bXj1rsWmJ7h2T5G6fSe75d5PguajSpCTHr4z71ljDFERS12PaI2jVXXtwWoan8G8mpdMtYXmGNaf0EU+DpEKBcANmfYZzX04q4eHSjjN07Im+BZqiaFIokP+mtUJPJ7/rNUbdPr56mTnBKcN0WpV9zsfE+03v+gSqj02F/hP3od1fgeOCBTi317nyalfqPNn2iQqh5RgPeluBGBdlJCt0NTof8HXc1AQZznqOQXw617VVw1UBYS+NKUOu+6oZK8MJeROEr4aXxF2ZzNstJi69mH6ZClvb8OWEMOVmkbTeSBgKd11WNYW7p/6ZzpxVA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
 micalg=2.16.840.1.101.3.4.2.1;
 boundary="----=_NextPart_000_0104_01D68781.EE44DE30"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR22MB2086.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4aab1d2d-1879-49df-8f7d-08d855ba9922
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2020 18:51:59.3277 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9FkfXLXsbUtvP0jO4HfGeAuOeOs0EmImPCzmkrNyQ/3PdEQCF8hJYnhnOJxK5/S/nZxA+x73TuMNY0H8KuzpQg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR22MB1829
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F8ZOzr7Y_GdoSh99-9DUGqUq3V8>
Subject: Re: [TLS] TLS ECH, how much can the hint stick out?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 18:52:04 -0000

------=_NextPart_000_0104_01D68781.EE44DE30
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_0105_01D68781.EE44DE30"


------=_NextPart_001_0105_01D68781.EE44DE30
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is primarily an active attack, but not purely so.  Clearly the MITM =
is an active attacker, but there are situations in QUIC (and DTLS, I =
presume) where a ClientHello gets retransmitted.  Depending on server =
infrastructure, the client might get two different responses.  This =
isn=E2=80=99t limited to cases where the observer/attacker is the one =
performing the replay.

=20

So I think we need to decide whether it=E2=80=99s a goal that, given =
that relatively narrow situation, the observer shouldn=E2=80=99t be able =
to identify ECH acceptance by comparing two ServerHellos that both =
respond to the same ClientHello.

=20

From: TLS <tls-bounces@ietf.org> On Behalf Of Christopher Patton
Sent: Tuesday, September 8, 2020 2:23 PM
To: Christian Huitema <huitema@huitema.net>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS ECH, how much can the hint stick out?

=20

Hi Christian, Hi list,=20

=20

The "don't stick out" property is a steganographic security goal: we =
want the "real" protocol, i.e. TLS with ECH acceptance, to be =
indistinguishable from the "cover" protocol, i.e., the handshake pattern =
in which the client sends a "dummy" ECH extension that is ignored or =
rejected by the server. This is a property that TLS was never designed =
to have, but it seems that we need some degree of it in order to deploy =
ECH. The fundamental question that Christian raises is what is the right =
threat model for this property.

=20

The "status quo" threat model considers a distinguisher that is strictly =
passive---it does not interfere with a handshake or probe the =
server---and that does not know the ECH configuration. This seems (to =
me, at least) sufficient to account for middleboxes that might ossify on =
the ECH extension. It also seems achievable, both by the ECH as it is =
and for the proposed change.

=20

The distinguishing attacks described by Christian are much stronger, in =
the sense that they involve an active attacker. I don't believe there is =
any way of implementing ECH---either as it is or with the proposed =
change---that defeats active attacks in general. In particular---and as =
Christian points out---an active attacker can probe the server to learn =
the ECH configuration (via the ECH retry logic), which it can use to =
easily distinguish the real protocol from the cover protocol. This works =
regardless of whether the change is adopted.

=20

In my view, achieving don't-stick-out-security against active attackers =
requires us to revisit the design of ECH altogether. The main difficulty =
is that client-facing servers publish the ECH configuration in a way =
that's easily accessible to an active attacker. Keeping the =
configuration secret may provide a way to achieve security, and some =
deployments might opt to do this; but the vast majority won't. We might =
consider adding support for this deployment scenario, but this can (and =
should, I think) wait for a later draft.

=20

That said, it is worth considering mitigations against known attacks, in =
particualr (1). I think the suggestion for mitigating (2) adds too much =
complexity, and if it doesn't fully address the intended threat model (I =
don't think it does), then we'll likely need to replace it in the =
future. I think it's better to keep things simple until we fully address =
the intended threat model.

=20

Best,

Chris P.


------=_NextPart_001_0105_01D68781.EE44DE30
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US =
link=3D"#0563C1" vlink=3D"#954F72"><div class=3DWordSection1><p =
class=3DMsoNormal>This is primarily an active attack, but not purely =
so.=C2=A0 Clearly the MITM is an active attacker, but there are =
situations in QUIC (and DTLS, I presume) where a ClientHello gets =
retransmitted.=C2=A0 Depending on server infrastructure, the client =
might get two different responses.=C2=A0 This isn=E2=80=99t limited to =
cases where the observer/attacker is the one performing the =
replay.<o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal>So I think we need to decide whether it=E2=80=99s a =
goal that, given that relatively narrow situation, the observer =
shouldn=E2=80=99t be able to identify ECH acceptance by comparing two =
ServerHellos that both respond to the same ClientHello.<o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div =
style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in'><p class=3DMsoNormal><b>From:</b> TLS =
&lt;tls-bounces@ietf.org&gt; <b>On Behalf Of </b>Christopher =
Patton<br><b>Sent:</b> Tuesday, September 8, 2020 2:23 PM<br><b>To:</b> =
Christian Huitema &lt;huitema@huitema.net&gt;<br><b>Cc:</b> =
tls@ietf.org<br><b>Subject:</b> Re: [TLS] TLS ECH, how much can the hint =
stick out?<o:p></o:p></p></div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div><div><div><p =
class=3DMsoNormal>Hi Christian, Hi list, <o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>The &quot;don't stick out&quot; property is a =
steganographic security goal: we want the &quot;real&quot; protocol, =
i.e. TLS with ECH acceptance, to be indistinguishable from the =
&quot;cover&quot; protocol, i.e., the handshake pattern in which the =
client sends a &quot;dummy&quot; ECH extension that is ignored or =
rejected by the server. This is a property that TLS was never designed =
to have, but it seems that we need some degree of it in order to deploy =
ECH. The fundamental question that Christian raises is what is the right =
threat model for this property.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>The &quot;status quo&quot; threat model considers a =
distinguisher that is strictly passive---it does not interfere with a =
handshake or probe the server---and that does not know the ECH =
configuration. This seems (to me, at least) sufficient to account for =
middleboxes that might ossify on the ECH extension. It also seems =
achievable, both by the ECH as it is and for the proposed =
change.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>The distinguishing attacks described by Christian are =
much stronger, in the sense that they involve an active attacker. I =
don't believe there is any way of implementing ECH---either as it is or =
with the proposed change---that defeats active attacks in general. In =
particular---and as Christian points out---an active attacker can probe =
the server to learn the ECH configuration (via the ECH retry logic), =
which it can use to easily distinguish the real protocol from the cover =
protocol. This works regardless of whether the change is =
adopted.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>In my view, achieving don't-stick-out-security against =
active attackers requires us to revisit the design of ECH altogether. =
The main difficulty is that client-facing servers publish the ECH =
configuration in a way that's easily accessible to an active attacker. =
Keeping the configuration secret may provide a way to achieve security, =
and some deployments might opt to do this; but the vast majority won't. =
We might consider adding support for this deployment scenario, but this =
can (and should, I think) wait for a later =
draft.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>That said, it is worth considering mitigations against =
known attacks, in particualr (1). I think the suggestion for mitigating =
(2) adds too much complexity, and if it doesn't fully address the =
intended threat model (I don't think it does), then we'll likely need to =
replace it in the future. I think it's better to keep things simple =
until we fully address the intended threat =
model.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>Best,<o:p></o:p></p></div><div><p =
class=3DMsoNormal>Chris =
P.<o:p></o:p></p></div></div></div></div></body></html>
------=_NextPart_001_0105_01D68781.EE44DE30--

------=_NextPart_000_0104_01D68781.EE44DE30
Content-Type: application/pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCExYw
ggW7MIIDo6ADAgECAghXChGXQsTjzDANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJJVDEOMAwG
A1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQD
DB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJvb3QgQ0EwHhcNMTEwOTIyMTEyMjAyWhcNMzAwOTIy
MTEyMjAyWjBrMQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg
Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJvb3Qg
Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnxsSlKaQs7+UYxbBQo29RO58KWsnC
SDgKwhygGH+RtYe5QD/dHWgfCIPVLR6IoPiPVo9tmQKSkBbVXwhsidfhrLwgwrHgg1GKaU0Allpv
L8BEfqMO5JHNWO7c+8ceRUfdJ7kIAZ+mIR31QS0vTP0oreCKrSK0VmWOhlSPk0Mp3jlGeKMwI7rN
8H0TV8Bd0oNrSEzEq5+AWls6vcmnIj+AJzNbDreKDF0HNwjLbNJ6RyJENcXMzC6O3Srtt31mDV9h
USJVG+NG4+M90DVimtuvFMhbocyJG+EwJvygmx+Bp0cfBOujOZIGn5nTv9PqT1CcGf6Whx48Zfaj
GCSDhhDnVD6oOnYkT4EhxeMPAviTlEcgu/7UDtNoud3EeoSC41NUed3bnNLyB5sutrw+7YVt7yUR
8pcaQmH3Spfoi7EQB/plgbKiOc/3PP8Y+8bxWotZ4gKse5LQThRPWUX2DF4oX7DoP0XPz6+bb/uE
03dalW+slISe7rzASo9Kk/hEIeIxRWFQThDY4zV8TBm03gW/owafyLXN5B/XFwYNepV0VQ1oGvwQ
G2JknW3glaDDlAdXDRTmvQX7uJ/m34vixud+lvZTxYA0UChY8BJQcRcwuuZ4Y7z0sq2bK7L+4TmM
XroLIJTee4O4/+NWjbcR6TuM8rHBXZ2kC0wr2bIY9bWfSwIDAQABo2MwYTAdBgNVHQ4EFgQUUtiI
OsifeGbtifN7OHCUyQICNtAwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRS2Ig6yJ94Zu2J
83s4cJTJAgI20DAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAt7cofAYKZJTIhY
5h2I9xRkSKbYWAoOTxM13zUd1O0GMciBPmrV3TsaMu6QPRHSLvSOw2MuI2awZ75vtsATOWCqojQl
k3VS3qedrQ6HiVJxahY8GR2D+JopZb70P5rZ8PNahyFxgE3L4DibP7v64DBNz4bTZRAZGNGXArEr
ckJorKC9TlraGL9rmIHQ/Zq+XhVIzREVucApXLToiPc+Nq63Yv0eYt5weBAcSFvavKQ4umftVT5e
V9/UA0BMgaTST2OnCUIJFPwAqcKAc08uwEDZEXtI6noCwNPrKAEmWHTBwHMibZOV/Tl9uyrj9oLj
LJdfTh+RlPr+LKPYdhq4TbI4T5v6HUhgeSbi8/2p0JrocI9JetblvQoO2y3zjb/r46R9y8eVceja
o3zFwvh0kgQbhqykIlNAtqz+THbP+5QywDWfdj9u5ZBuoKYmorgsvtErhf2naMi6ASuxbHQduHOV
5+63xyXwAEwAsn62C4sc88BQniW54AjeNmb/N6XRu1RkLMkntUuSfmX/0y3huU68f6RBIZBBd6Y5
H+qe45/QZm8F7Kp2fr9rFqDrtcf8klQvKxEnJTd4TFFqsPPMWF0U8WpIFf/CB7axjQ+OXFBGsz2/
AZhPsllURz40e3htVpMuc+pmKHjNHRS/oI8vLrgujvIUiszptXz7bJ0MpeGWMIIF4jCCA8qgAwIB
AgIQU2KHdBCUQkbZ8mm0Q+SMuTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCSVQxEDAOBgNV
BAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMg
Uy5wLkEuMSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMzAeFw0y
MDA4MDkyMDM5NDhaFw0yMTA4MDkyMDM5NDhaMB8xHTAbBgNVBAMMFG1iaXNob3BAZXZlcXVlZm91
LmJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuRmcNmF2dLUV+MynlLUJ9WUsYEB
RKuf17g1VcciLTTGB4nPspILFflVA10USIlom8JOzrtEu0llwFCQJHGbQNkKTNnhJ5sJY6uP+/HE
SQf+racMbajtrQpeK+zT+0gzH9/OxyFtPJ/bRmv1r4l/vXjTdXQfLbMDXSVu3mK12UM9lzHsa58N
kzrBPEZTaxf7V53DWbOCbTna77LVv+yIYj2LyarjoFSkyFcOG30bODljaKWgKIOudSrO22j1ZUmu
kFPpOPyWl6CrP3VC8vRhJr3xclKEdmROXIyZ1JcvitFfNz3gTzxozFnZm//ZybcDZKjTZC5rhd5E
+wSXb3YK2wIDAQABo4IBtTCCAbEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBS+l6mqhL+AvxBT
fQky+eEuMhvPdzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0
YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGNsaWczMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcDA5
LmFjdGFsaXMuaXQvVkEvQVVUSENMLUczMB8GA1UdEQQYMBaBFG1iaXNob3BAZXZlcXVlZm91LmJl
MEcGA1UdIARAMD4wPAYGK4EfARgBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMu
aXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0fBEEw
PzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wtRzMvZ2V0
TGFzdENSTDAdBgNVHQ4EFgQUK3sU7JD76+fVmLaG2Zi/KOre3dEwDgYDVR0PAQH/BAQDAgWgMA0G
CSqGSIb3DQEBCwUAA4ICAQDNT0n459eOXEEwEsvqhIetctDvKZ3JvSJ5fEpuRAF16SzncoHPXR39
hhFoQGb++DdGL1/4TtOCtqvMAwzPHzm5IDJmYt6JJGuha/nQo8sag0FjS1oL7aTr+PKNYfh50h+D
/FzspNEq7W4g36ehgllk9dTdmYGP0Zah5wxSrxyCJX+rliWLRojbVvJP8PrHwPAQCbtsmRu+g5FX
RNFKJnkZoIl2Fq3jp4B04mYC3MvUUa+jjH7DYABLA04px7H7ut4nsu3UzsJ7eScKGBeVOtYSlRvV
5s0SomwIpYZupzGdRuomMtOhaC4Rwh2MmdV3jdkTIz0XWNd2LwE+HFbgVy8ceqHqVdyk+AP25SaS
JeVz+J8GvK1c7liOAF6RNcF5NBFX4SWgs9tLQdlpbRR5F7/B/4flr5GuCGm1LBhxatORPEM7QWFA
HkxC9RnxzT0g/AwBns7jbYld+t4yUroPOibl3dkYgx4WwgvKOMKRQeYQ9HFRH2GAztJvtChoEuC5
Z2k7o7LPlsagOibC/OQmSGKfIk38E/2Q9EQVQPLsnMI6P+7neK2jjwuXej2JPSwaFO16ZfGF2Oqa
F7VN1S1Zp9oUmfBcRkpFU3CI5f4lg28iT8qifAaqZrYR0tIhnPWK0e2zT2elhZsIkunZJGuF0ppR
SCHnOXQ4LaidFfAS8OdZOzCCB20wggVVoAMCAQICEBcQPt49ihy1ygZRk+fKQ2swDQYJKoZIhvcN
AQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMu
cC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB
MB4XDTIwMDcwNjA4NDU0N1oXDTMwMDkyMjExMjIwMlowgYExCzAJBgNVBAYTAklUMRAwDgYDVQQI
DAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMu
cC5BLjEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzMwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDt5oeWocGktu3CQlX3Pw8PImBfE+CmQ4iGSZF5HBsv
GlAP3EYB7va6OobMUWHvxA+ACHEpWq0YfNh6rRUlULOGcIpEFtVf4nAiEvdQtiFQBmtWJSn3naoM
HqpMvmwZ4lL0Xr1U9JHmTqkU3DuYcNNO3S+hYWDZpWQbeSGibNVeiJ4kY6JDh0fvqloK1BsuS3n2
OgArPYGfAYtDjCvT2d+6Ym3kArHZjEcrZeBI+yVVnjPwbTSCKax8DtS2NP/CJ6RjpnRvuSwusRy8
4OdwdB71VKs1EDXj1ITcCWRZpkz+OhV6L8Zh+P0rmOSJF6KdHiaozfncURx4s54GFJNRGkx1DnCx
cuL0NJMYG42/hrDYOjNv+oGWSEZO/CT3aaLSMB5wTbZKfcD1R+tTanXD+5Gz5Mi15DTE7QH8naZj
ZxqqhyxL1KyuIgaVDxvQtPSjo5vTsoa09rn+Ui8ybHnvYO/a/68OIQIHLGbUd2COnwm0TiZ3Jg/o
YGxwnJPvU1nDXNcecWTIJvFF5qD2ppJH3HgJVVePUEOY1E4Kp3k0B8hdRdhMV5n+O6RCKCTFcZaE
SF8sELgdrqnCLPP1+rX7DA8pxZoX0/9Jk64EOsbfQyLIJlrrob2YS0Xlku6HisZ8qrHLhnkzF5y7
O34xmatIp8oZ5c54QP+K5flnTYzWjuIxLwIDAQABo4IB9DCCAfAwDwYDVR0TAQH/BAUwAwEB/zAf
BgNVHSMEGDAWgBRS2Ig6yJ94Zu2J83s4cJTJAgI20DBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUH
MAGGJWh0dHA6Ly9vY3NwMDUuYWN0YWxpcy5pdC9WQS9BVVRILVJPT1QwRQYDVR0gBD4wPDA6BgRV
HSAAMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMuaXQvYXJlYS1kb3dubG9hZDAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgeMGA1UdHwSB2zCB2DCBlqCBk6CBkIaBjWxk
YXA6Ly9sZGFwMDUuYWN0YWxpcy5pdC9jbiUzZEFjdGFsaXMlMjBBdXRoZW50aWNhdGlvbiUyMFJv
b3QlMjBDQSxvJTNkQWN0YWxpcyUyMFMucC5BLiUyZjAzMzU4NTIwOTY3LGMlM2RJVD9jZXJ0aWZp
Y2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTA9oDugOYY3aHR0cDovL2NybDA1LmFjdGFsaXMuaXQv
UmVwb3NpdG9yeS9BVVRILVJPT1QvZ2V0TGFzdENSTDAdBgNVHQ4EFgQUvpepqoS/gL8QU30JMvnh
LjIbz3cwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAmm+cbWQ10sxID6edV94SA
hc1CwzthHFfHpuYS30gisWUfWpgp43Dg1XzG2in3VGV7XrzCCGZh4JM/XQWp+4oxmyV42Qjz9vc8
GRksgo6X2nYObPYZzQjda9wxsCB38i4G3H33w8lf9sFvl0xm4ZXZ2s2bF/PdqvrK0ZgvF51+MoIP
nli/wJBw3p72xbk5Sb1MneSO3tZ293WFzDmz7tuGU0PfytYUkG7O6annGqbU1I6CA6QVKUqeFLPo
dSODAFqJ3pimKD0vX9MuuSa0QinH7CkiPtZMD0mpwwzIsnSs3qOOl60tIZQOTc0I6lCe1LLhrz7Q
75J6nNL9N5zVwZ1I3o2Lb8Dt7BA13VFuZvZIzapUGV83R7pmSVaj1Bik1nJ/R393e6mwppsT140K
DVLh4Oenywmp2VpBDuEj9RgICAO0sibv8n379LbO7ARa0kw9y9pggFzN2PAX25b7w0n9m78kpv3z
3vW65rs6wl7E8VEHNfv8+cnb81dxN3C51KElz+l31zchFTurD5HFEpyEhzO/fMS5AkweRJIzwozx
Ns7OL/S/SVTpJLJL1ukZ1lnHHX0d3xCzRy/5HqfK3uiG22LPB5+RjNDobPAjAz2BKMfkF/+v0pzn
8mqqkopQaJzEAbLbMpgQYHRCjvrUxxwjJyUFb2Z+40UNtMF4MTK7zTGCBBswggQXAgEBMIGWMIGB
MQswCQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy
bzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIENBIEczAhBTYod0EJRCRtnyabRD5Iy5MA0GCWCGSAFlAwQCAQUAoIICVTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA5MTAxODUxNTdaMC8GCSqG
SIb3DQEJBDEiBCBIOevXsO+lhbur/Kv33Ai2e0/3vvFSmkbrpDONU0vmcDCBkwYJKoZIhvcNAQkP
MYGFMIGCMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUDBAEC
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDALBglghkgBZQMEAgEwCwYJYIZIAWUDBAID
MAsGCWCGSAFlAwQCAjAHBgUrDgMCGjCBpwYJKwYBBAGCNxAEMYGZMIGWMIGBMQswCQYDVQQGEwJJ
VDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRybzEXMBUGA1UECgwO
QWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENB
IEczAhBTYod0EJRCRtnyabRD5Iy5MIGpBgsqhkiG9w0BCRACCzGBmaCBljCBgTELMAkGA1UEBhMC
SVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoM
DkFjdGFsaXMgUy5wLkEuMSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBD
QSBHMwIQU2KHdBCUQkbZ8mm0Q+SMuTANBgkqhkiG9w0BAQEFAASCAQCto09cJcSs8KMLwEynxTe0
Qjo/3yoePpYj3Nlh1VKsVFmZO/LPOQsnBfOuIP0NvixBnkDYxvmwp8xa38Hu7IH5UPdPKdno47g5
kDZ1TAO5yTJF3Tcs36Gk/0iVEjBPzgI9KAIt9NdDw2uCTUzRprvcWgVAj+tYqdhaSUG6MpUd9Atm
NUWrpuja6eACEfTJ5bUnECqms1NP2Pm+EloGEdvqU1CCbsRfQ2N63LhayCS62m824K5YggndvTk4
aJyNMc9mhgkfks1Bwz2+/1bIhteN7+ZVmuQJJp4DKuWNCwYgfQLoJdxQDZ0Qn+xiQ2j5d1uDZqxu
qXz7b8JMhClJA1OyAAAAAAAA

------=_NextPart_000_0104_01D68781.EE44DE30--